]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'docs-5.10-3' of git://git.lwn.net/linux
[mirror_ubuntu-jammy-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
17896406 39#include "mgmt_config.h"
e5e1e7fd 40#include "msft.h"
0381101f 41
2da9c55c 42#define MGMT_VERSION 1
79bf1189 43#define MGMT_REVISION 18
02d98129 44
e70bb2e8
JH		 45static const u16 mgmt_commands[] = {
46 MGMT_OP_READ_INDEX_LIST,
47 MGMT_OP_READ_INFO,
48 MGMT_OP_SET_POWERED,
49 MGMT_OP_SET_DISCOVERABLE,
50 MGMT_OP_SET_CONNECTABLE,
51 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 52 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 53 MGMT_OP_SET_LINK_SECURITY,
54 MGMT_OP_SET_SSP,
55 MGMT_OP_SET_HS,
56 MGMT_OP_SET_LE,
57 MGMT_OP_SET_DEV_CLASS,
58 MGMT_OP_SET_LOCAL_NAME,
59 MGMT_OP_ADD_UUID,
60 MGMT_OP_REMOVE_UUID,
61 MGMT_OP_LOAD_LINK_KEYS,
62 MGMT_OP_LOAD_LONG_TERM_KEYS,
63 MGMT_OP_DISCONNECT,
64 MGMT_OP_GET_CONNECTIONS,
65 MGMT_OP_PIN_CODE_REPLY,
66 MGMT_OP_PIN_CODE_NEG_REPLY,
67 MGMT_OP_SET_IO_CAPABILITY,
68 MGMT_OP_PAIR_DEVICE,
69 MGMT_OP_CANCEL_PAIR_DEVICE,
70 MGMT_OP_UNPAIR_DEVICE,
71 MGMT_OP_USER_CONFIRM_REPLY,
72 MGMT_OP_USER_CONFIRM_NEG_REPLY,
73 MGMT_OP_USER_PASSKEY_REPLY,
74 MGMT_OP_USER_PASSKEY_NEG_REPLY,
75 MGMT_OP_READ_LOCAL_OOB_DATA,
76 MGMT_OP_ADD_REMOTE_OOB_DATA,
77 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
78 MGMT_OP_START_DISCOVERY,
79 MGMT_OP_STOP_DISCOVERY,
80 MGMT_OP_CONFIRM_NAME,
81 MGMT_OP_BLOCK_DEVICE,
82 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 83 MGMT_OP_SET_DEVICE_ID,
4375f103 84 MGMT_OP_SET_ADVERTISING,
0663ca2a 85 MGMT_OP_SET_BREDR,
d13eafce 86 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 87 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 88 MGMT_OP_SET_SECURE_CONN,
4e39ac81 89 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 90 MGMT_OP_SET_PRIVACY,
41edf160 91 MGMT_OP_LOAD_IRKS,
dd983808 92 MGMT_OP_GET_CONN_INFO,
95868426 93 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 94 MGMT_OP_ADD_DEVICE,
95 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 96 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 97 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 98 MGMT_OP_READ_CONFIG_INFO,
dbece37a 99 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 100 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 101 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 102 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 103 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 104 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 105 MGMT_OP_ADD_ADVERTISING,
da929335 106 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 107 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 108 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 109 MGMT_OP_READ_EXT_INFO,
c4960ecf 110 MGMT_OP_SET_APPEARANCE,
600a8749 111 MGMT_OP_SET_BLOCKED_KEYS,
00bce3fb 112 MGMT_OP_SET_WIDEBAND_SPEECH,
bc292258 113 MGMT_OP_READ_SECURITY_INFO,
a10c907c
MH		 114 MGMT_OP_READ_EXP_FEATURES_INFO,
115 MGMT_OP_SET_EXP_FEATURE,
17896406
AM		 116 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
117 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
aececa64
MH		 118 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
119 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
4c54bf2b
APS		 120 MGMT_OP_GET_DEVICE_FLAGS,
121 MGMT_OP_SET_DEVICE_FLAGS,
e5e1e7fd 122 MGMT_OP_READ_ADV_MONITOR_FEATURES,
b139553d 123 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
bd2fbc6c 124 MGMT_OP_REMOVE_ADV_MONITOR,
e70bb2e8
JH		 125};
126
127static const u16 mgmt_events[] = {
128 MGMT_EV_CONTROLLER_ERROR,
129 MGMT_EV_INDEX_ADDED,
130 MGMT_EV_INDEX_REMOVED,
131 MGMT_EV_NEW_SETTINGS,
132 MGMT_EV_CLASS_OF_DEV_CHANGED,
133 MGMT_EV_LOCAL_NAME_CHANGED,
134 MGMT_EV_NEW_LINK_KEY,
135 MGMT_EV_NEW_LONG_TERM_KEY,
136 MGMT_EV_DEVICE_CONNECTED,
137 MGMT_EV_DEVICE_DISCONNECTED,
138 MGMT_EV_CONNECT_FAILED,
139 MGMT_EV_PIN_CODE_REQUEST,
140 MGMT_EV_USER_CONFIRM_REQUEST,
141 MGMT_EV_USER_PASSKEY_REQUEST,
142 MGMT_EV_AUTH_FAILED,
143 MGMT_EV_DEVICE_FOUND,
144 MGMT_EV_DISCOVERING,
145 MGMT_EV_DEVICE_BLOCKED,
146 MGMT_EV_DEVICE_UNBLOCKED,
147 MGMT_EV_DEVICE_UNPAIRED,
92a25256 148 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 149 MGMT_EV_NEW_IRK,
7ee4ea36 150 MGMT_EV_NEW_CSRK,
8afef092
MH		 151 MGMT_EV_DEVICE_ADDED,
152 MGMT_EV_DEVICE_REMOVED,
ffb5a827 153 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 154 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 155 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 156 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 157 MGMT_EV_EXT_INDEX_ADDED,
158 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 159 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 160 MGMT_EV_ADVERTISING_ADDED,
161 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 162 MGMT_EV_EXT_INFO_CHANGED,
5f4b9172 163 MGMT_EV_PHY_CONFIGURATION_CHANGED,
a10c907c 164 MGMT_EV_EXP_FEATURE_CHANGED,
4c54bf2b 165 MGMT_EV_DEVICE_FLAGS_CHANGED,
346ce5b7
APS		 166 MGMT_EV_CONTROLLER_SUSPEND,
167 MGMT_EV_CONTROLLER_RESUME,
e70bb2e8
JH		 168};
169
99c679ac
MH		 170static const u16 mgmt_untrusted_commands[] = {
171 MGMT_OP_READ_INDEX_LIST,
172 MGMT_OP_READ_INFO,
173 MGMT_OP_READ_UNCONF_INDEX_LIST,
174 MGMT_OP_READ_CONFIG_INFO,
175 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 176 MGMT_OP_READ_EXT_INFO,
bc292258 177 MGMT_OP_READ_SECURITY_INFO,
a10c907c 178 MGMT_OP_READ_EXP_FEATURES_INFO,
17896406 179 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
aececa64 180 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
99c679ac
MH		 181};
182
183static const u16 mgmt_untrusted_events[] = {
184 MGMT_EV_INDEX_ADDED,
185 MGMT_EV_INDEX_REMOVED,
186 MGMT_EV_NEW_SETTINGS,
187 MGMT_EV_CLASS_OF_DEV_CHANGED,
188 MGMT_EV_LOCAL_NAME_CHANGED,
189 MGMT_EV_UNCONF_INDEX_ADDED,
190 MGMT_EV_UNCONF_INDEX_REMOVED,
191 MGMT_EV_NEW_CONFIG_OPTIONS,
192 MGMT_EV_EXT_INDEX_ADDED,
193 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 194 MGMT_EV_EXT_INFO_CHANGED,
a10c907c 195 MGMT_EV_EXP_FEATURE_CHANGED,
b52729f2 196 MGMT_EV_ADV_MONITOR_ADDED,
cdde92e2 197 MGMT_EV_ADV_MONITOR_REMOVED,
99c679ac
MH		 198};
199
17b02e62 200#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 201
d25b78e2
JH		 202#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
203 "\x00\x00\x00\x00\x00\x00\x00\x00"
204
ca69b795 205/* HCI to MGMT error code conversion table */
bdf2aca7 206static const u8 mgmt_status_table[] = {
ca69b795
JH		 207 MGMT_STATUS_SUCCESS,
208 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
209 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
210 MGMT_STATUS_FAILED, /* Hardware Failure */
211 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
212 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 213 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 214 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
215 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
216 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
217 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
218 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
219 MGMT_STATUS_BUSY, /* Command Disallowed */
220 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
221 MGMT_STATUS_REJECTED, /* Rejected Security */
222 MGMT_STATUS_REJECTED, /* Rejected Personal */
223 MGMT_STATUS_TIMEOUT, /* Host Timeout */
224 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
225 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
226 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
227 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
228 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
229 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
230 MGMT_STATUS_BUSY, /* Repeated Attempts */
231 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
232 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
233 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
234 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
235 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
236 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
237 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
238 MGMT_STATUS_FAILED, /* Unspecified Error */
239 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
240 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
241 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
242 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
243 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
244 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
245 MGMT_STATUS_FAILED, /* Unit Link Key Used */
246 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
247 MGMT_STATUS_TIMEOUT, /* Instant Passed */
248 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
249 MGMT_STATUS_FAILED, /* Transaction Collision */
250 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
251 MGMT_STATUS_REJECTED, /* QoS Rejected */
252 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
253 MGMT_STATUS_REJECTED, /* Insufficient Security */
254 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
255 MGMT_STATUS_BUSY, /* Role Switch Pending */
256 MGMT_STATUS_FAILED, /* Slot Violation */
257 MGMT_STATUS_FAILED, /* Role Switch Failed */
258 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
259 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
260 MGMT_STATUS_BUSY, /* Host Busy Pairing */
261 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
262 MGMT_STATUS_BUSY, /* Controller Busy */
263 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
264 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
265 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
266 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
267 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
268};
269
270static u8 mgmt_status(u8 hci_status)
271{
272 if (hci_status < ARRAY_SIZE(mgmt_status_table))
273 return mgmt_status_table[hci_status];
274
275 return MGMT_STATUS_FAILED;
276}
277
c08b1a1d
MH		 278static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
279 u16 len, int flag)
f9207338 280{
c08b1a1d
MH		 281 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
282 flag, NULL);
f9207338
MH		 283}
284
72000df2
MH		 285static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
286 u16 len, int flag, struct sock *skip_sk)
287{
288 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
289 flag, skip_sk);
290}
291
7a00ff44
JH		 292static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
293 struct sock *skip_sk)
294{
295 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 296 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 297}
298
85813a7e
JH		 299static u8 le_addr_type(u8 mgmt_addr_type)
300{
301 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
302 return ADDR_LE_DEV_PUBLIC;
303 else
304 return ADDR_LE_DEV_RANDOM;
305}
306
03c979c4
MH		 307void mgmt_fill_version_info(void *ver)
308{
309 struct mgmt_rp_read_version *rp = ver;
310
311 rp->version = MGMT_VERSION;
312 rp->revision = cpu_to_le16(MGMT_REVISION);
313}
314
04124681
GP		 315static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
316 u16 data_len)
a38528f1
JH		 317{
318 struct mgmt_rp_read_version rp;
319
181d6953 320 bt_dev_dbg(hdev, "sock %p", sk);
a38528f1 321
03c979c4 322 mgmt_fill_version_info(&rp);
a38528f1 323
2a1afb5a
JH		 324 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
325 &rp, sizeof(rp));
a38528f1
JH		 326}
327
04124681
GP		 328static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
329 u16 data_len)
e70bb2e8
JH		 330{
331 struct mgmt_rp_read_commands *rp;
99c679ac 332 u16 num_commands, num_events;
e70bb2e8
JH		 333 size_t rp_size;
334 int i, err;
335
181d6953 336 bt_dev_dbg(hdev, "sock %p", sk);
e70bb2e8 337
99c679ac
MH		 338 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
339 num_commands = ARRAY_SIZE(mgmt_commands);
340 num_events = ARRAY_SIZE(mgmt_events);
341 } else {
342 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
343 num_events = ARRAY_SIZE(mgmt_untrusted_events);
344 }
345
e70bb2e8
JH		 346 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
347
348 rp = kmalloc(rp_size, GFP_KERNEL);
349 if (!rp)
350 return -ENOMEM;
351
dcf4adbf
JP		 352 rp->num_commands = cpu_to_le16(num_commands);
353 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 354
99c679ac
MH		 355 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
356 __le16 *opcode = rp->opcodes;
357
358 for (i = 0; i < num_commands; i++, opcode++)
359 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 360
99c679ac
MH		 361 for (i = 0; i < num_events; i++, opcode++)
362 put_unaligned_le16(mgmt_events[i], opcode);
363 } else {
364 __le16 *opcode = rp->opcodes;
365
366 for (i = 0; i < num_commands; i++, opcode++)
367 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
368
369 for (i = 0; i < num_events; i++, opcode++)
370 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
371 }
e70bb2e8 372
2a1afb5a
JH		 373 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
374 rp, rp_size);
e70bb2e8
JH		 375 kfree(rp);
376
377 return err;
378}
379
04124681
GP		 380static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
381 u16 data_len)
faba42eb 382{
faba42eb 383 struct mgmt_rp_read_index_list *rp;
8035ded4 384 struct hci_dev *d;
a38528f1 385 size_t rp_len;
faba42eb 386 u16 count;
476e44cb 387 int err;
faba42eb 388
181d6953 389 bt_dev_dbg(hdev, "sock %p", sk);
faba42eb
JH		 390
391 read_lock(&hci_dev_list_lock);
392
393 count = 0;
bb4b2a9a 394 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 395 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 396 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 397 count++;
faba42eb
JH		 398 }
399
a38528f1
JH		 400 rp_len = sizeof(*rp) + (2 * count);
401 rp = kmalloc(rp_len, GFP_ATOMIC);
402 if (!rp) {
b2c60d42 403 read_unlock(&hci_dev_list_lock);
faba42eb 404 return -ENOMEM;
b2c60d42 405 }
faba42eb 406
476e44cb 407 count = 0;
8035ded4 408 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 409 if (hci_dev_test_flag(d, HCI_SETUP) ||
410 hci_dev_test_flag(d, HCI_CONFIG) ||
411 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 412 continue;
413
73d1df2a
MH		 414 /* Devices marked as raw-only are neither configured
415 * nor unconfigured controllers.
416 */
417 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 418 continue;
419
ca8bee5d 420 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 421 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892 422 rp->index[count++] = cpu_to_le16(d->id);
181d6953 423 bt_dev_dbg(hdev, "Added hci%u", d->id);
1514b892 424 }
faba42eb
JH		 425 }
426
476e44cb
JH		 427 rp->num_controllers = cpu_to_le16(count);
428 rp_len = sizeof(*rp) + (2 * count);
429
faba42eb
JH		 430 read_unlock(&hci_dev_list_lock);
431
2a1afb5a
JH		 432 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
433 0, rp, rp_len);
faba42eb 434
a38528f1
JH		 435 kfree(rp);
436
437 return err;
faba42eb
JH		 438}
439
73d1df2a
MH		 440static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
441 void *data, u16 data_len)
442{
443 struct mgmt_rp_read_unconf_index_list *rp;
444 struct hci_dev *d;
445 size_t rp_len;
446 u16 count;
447 int err;
448
181d6953 449 bt_dev_dbg(hdev, "sock %p", sk);
73d1df2a
MH		 450
451 read_lock(&hci_dev_list_lock);
452
453 count = 0;
454 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 455 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 456 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 457 count++;
458 }
459
460 rp_len = sizeof(*rp) + (2 * count);
461 rp = kmalloc(rp_len, GFP_ATOMIC);
462 if (!rp) {
463 read_unlock(&hci_dev_list_lock);
464 return -ENOMEM;
465 }
466
467 count = 0;
468 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 469 if (hci_dev_test_flag(d, HCI_SETUP) ||
470 hci_dev_test_flag(d, HCI_CONFIG) ||
471 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 472 continue;
473
474 /* Devices marked as raw-only are neither configured
475 * nor unconfigured controllers.
476 */
477 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
478 continue;
479
ca8bee5d 480 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 481 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a 482 rp->index[count++] = cpu_to_le16(d->id);
181d6953 483 bt_dev_dbg(hdev, "Added hci%u", d->id);
73d1df2a
MH		 484 }
485 }
486
487 rp->num_controllers = cpu_to_le16(count);
488 rp_len = sizeof(*rp) + (2 * count);
489
490 read_unlock(&hci_dev_list_lock);
491
2a1afb5a
JH		 492 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
493 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 494
495 kfree(rp);
496
497 return err;
498}
499
96f1474a
MH		 500static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
501 void *data, u16 data_len)
502{
503 struct mgmt_rp_read_ext_index_list *rp;
504 struct hci_dev *d;
96f1474a
MH		 505 u16 count;
506 int err;
507
181d6953 508 bt_dev_dbg(hdev, "sock %p", sk);
96f1474a
MH		 509
510 read_lock(&hci_dev_list_lock);
511
512 count = 0;
513 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 514 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 515 count++;
516 }
517
4a67e5d4 518 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
96f1474a
MH		 519 if (!rp) {
520 read_unlock(&hci_dev_list_lock);
521 return -ENOMEM;
522 }
523
524 count = 0;
525 list_for_each_entry(d, &hci_dev_list, list) {
526 if (hci_dev_test_flag(d, HCI_SETUP) ||
527 hci_dev_test_flag(d, HCI_CONFIG) ||
528 hci_dev_test_flag(d, HCI_USER_CHANNEL))
529 continue;
530
531 /* Devices marked as raw-only are neither configured
532 * nor unconfigured controllers.
533 */
534 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
535 continue;
536
ca8bee5d 537 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 538 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
539 rp->entry[count].type = 0x01;
540 else
541 rp->entry[count].type = 0x00;
542 } else if (d->dev_type == HCI_AMP) {
543 rp->entry[count].type = 0x02;
544 } else {
545 continue;
546 }
547
548 rp->entry[count].bus = d->bus;
549 rp->entry[count++].index = cpu_to_le16(d->id);
181d6953 550 bt_dev_dbg(hdev, "Added hci%u", d->id);
96f1474a
MH		 551 }
552
553 rp->num_controllers = cpu_to_le16(count);
96f1474a
MH		 554
555 read_unlock(&hci_dev_list_lock);
556
557 /* If this command is called at least once, then all the
558 * default index and unconfigured index events are disabled
559 * and from now on only extended index events are used.
560 */
561 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
562 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
563 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
564
565 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4a67e5d4
GS		 566 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
567 struct_size(rp, entry, count));
96f1474a
MH		 568
569 kfree(rp);
570
571 return err;
572}
573
dbece37a
MH		 574static bool is_configured(struct hci_dev *hdev)
575{
576 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 577 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 578 return false;
579
7a0e5b15
MK		 580 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
581 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
dbece37a
MH		 582 !bacmp(&hdev->public_addr, BDADDR_ANY))
583 return false;
584
585 return true;
586}
587
89bc22d2
MH		 588static __le32 get_missing_options(struct hci_dev *hdev)
589{
590 u32 options = 0;
591
dbece37a 592 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 593 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 594 options |= MGMT_OPTION_EXTERNAL_CONFIG;
595
7a0e5b15
MK		 596 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
597 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
89bc22d2
MH		 598 !bacmp(&hdev->public_addr, BDADDR_ANY))
599 options |= MGMT_OPTION_PUBLIC_ADDRESS;
600
601 return cpu_to_le32(options);
602}
603
f4537c04
MH		 604static int new_options(struct hci_dev *hdev, struct sock *skip)
605{
606 __le32 options = get_missing_options(hdev);
607
5504c3a3
MH		 608 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
609 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 610}
611
dbece37a
MH		 612static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
613{
614 __le32 options = get_missing_options(hdev);
615
2a1afb5a
JH		 616 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
617 sizeof(options));
dbece37a
MH		 618}
619
9fc3bfb6
MH		 620static int read_config_info(struct sock *sk, struct hci_dev *hdev,
621 void *data, u16 data_len)
622{
623 struct mgmt_rp_read_config_info rp;
89bc22d2 624 u32 options = 0;
9fc3bfb6 625
181d6953 626 bt_dev_dbg(hdev, "sock %p", sk);
9fc3bfb6
MH		 627
628 hci_dev_lock(hdev);
629
630 memset(&rp, 0, sizeof(rp));
631 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 632
eb1904f4
MH		 633 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
634 options |= MGMT_OPTION_EXTERNAL_CONFIG;
635
9fc3bfb6 636 if (hdev->set_bdaddr)
89bc22d2
MH		 637 options |= MGMT_OPTION_PUBLIC_ADDRESS;
638
639 rp.supported_options = cpu_to_le32(options);
640 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 641
642 hci_dev_unlock(hdev);
643
2a1afb5a
JH		 644 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
645 &rp, sizeof(rp));
9fc3bfb6
MH		 646}
647
6244691f
JK		 648static u32 get_supported_phys(struct hci_dev *hdev)
649{
650 u32 supported_phys = 0;
651
652 if (lmp_bredr_capable(hdev)) {
653 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
654
655 if (hdev->features[0][0] & LMP_3SLOT)
656 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
657
658 if (hdev->features[0][0] & LMP_5SLOT)
659 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
660
661 if (lmp_edr_2m_capable(hdev)) {
662 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
663
664 if (lmp_edr_3slot_capable(hdev))
665 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
666
667 if (lmp_edr_5slot_capable(hdev))
668 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
669
670 if (lmp_edr_3m_capable(hdev)) {
671 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
672
673 if (lmp_edr_3slot_capable(hdev))
674 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
675
676 if (lmp_edr_5slot_capable(hdev))
677 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
678 }
679 }
680 }
681
682 if (lmp_le_capable(hdev)) {
683 supported_phys |= MGMT_PHY_LE_1M_TX;
684 supported_phys |= MGMT_PHY_LE_1M_RX;
685
686 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
687 supported_phys |= MGMT_PHY_LE_2M_TX;
688 supported_phys |= MGMT_PHY_LE_2M_RX;
689 }
690
691 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
692 supported_phys |= MGMT_PHY_LE_CODED_TX;
693 supported_phys |= MGMT_PHY_LE_CODED_RX;
694 }
695 }
696
697 return supported_phys;
698}
699
700static u32 get_selected_phys(struct hci_dev *hdev)
701{
702 u32 selected_phys = 0;
703
704 if (lmp_bredr_capable(hdev)) {
705 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
706
707 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
708 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
709
710 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
711 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
712
713 if (lmp_edr_2m_capable(hdev)) {
714 if (!(hdev->pkt_type & HCI_2DH1))
715 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
716
717 if (lmp_edr_3slot_capable(hdev) &&
718 !(hdev->pkt_type & HCI_2DH3))
719 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
720
721 if (lmp_edr_5slot_capable(hdev) &&
722 !(hdev->pkt_type & HCI_2DH5))
723 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
724
725 if (lmp_edr_3m_capable(hdev)) {
726 if (!(hdev->pkt_type & HCI_3DH1))
727 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
728
729 if (lmp_edr_3slot_capable(hdev) &&
730 !(hdev->pkt_type & HCI_3DH3))
731 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
732
733 if (lmp_edr_5slot_capable(hdev) &&
734 !(hdev->pkt_type & HCI_3DH5))
735 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
736 }
737 }
738 }
739
740 if (lmp_le_capable(hdev)) {
741 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
742 selected_phys |= MGMT_PHY_LE_1M_TX;
743
744 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
745 selected_phys |= MGMT_PHY_LE_1M_RX;
746
747 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
748 selected_phys |= MGMT_PHY_LE_2M_TX;
749
750 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
751 selected_phys |= MGMT_PHY_LE_2M_RX;
752
753 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
754 selected_phys |= MGMT_PHY_LE_CODED_TX;
755
756 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
757 selected_phys |= MGMT_PHY_LE_CODED_RX;
758 }
759
760 return selected_phys;
761}
762
763static u32 get_configurable_phys(struct hci_dev *hdev)
764{
765 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
766 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
767}
768
69ab39ea
JH		 769static u32 get_supported_settings(struct hci_dev *hdev)
770{
771 u32 settings = 0;
772
773 settings |= MGMT_SETTING_POWERED;
b2939475 774 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 775 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 776 settings |= MGMT_SETTING_CONNECTABLE;
777 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 778
ed3fa31f 779 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 780 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
781 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 782 settings |= MGMT_SETTING_BREDR;
783 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 784
785 if (lmp_ssp_capable(hdev)) {
786 settings |= MGMT_SETTING_SSP;
b560a208
LAD		 787 if (IS_ENABLED(CONFIG_BT_HS))
788 settings |= MGMT_SETTING_HS;
a82974c9 789 }
e98d2ce2 790
05b3c3e7 791 if (lmp_sc_capable(hdev))
e98d2ce2 792 settings |= MGMT_SETTING_SECURE_CONN;
4b127bd5 793
00bce3fb 794 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
4b127bd5 795 &hdev->quirks))
00bce3fb 796 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
848566b3 797 }
d7b7e796 798
eeca6f89 799 if (lmp_le_capable(hdev)) {
9d42820f 800 settings |= MGMT_SETTING_LE;
a3209694 801 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 802 settings |= MGMT_SETTING_PRIVACY;
93690c22 803 settings |= MGMT_SETTING_STATIC_ADDRESS;
cbbdfa6f
SN		 804
805 /* When the experimental feature for LL Privacy support is
806 * enabled, then advertising is no longer supported.
807 */
808 if (!hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
809 settings |= MGMT_SETTING_ADVERTISING;
eeca6f89 810 }
69ab39ea 811
eb1904f4
MH		 812 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
813 hdev->set_bdaddr)
9fc3bfb6
MH		 814 settings |= MGMT_SETTING_CONFIGURATION;
815
6244691f
JK		 816 settings |= MGMT_SETTING_PHY_CONFIGURATION;
817
69ab39ea
JH		 818 return settings;
819}
820
821static u32 get_current_settings(struct hci_dev *hdev)
822{
823 u32 settings = 0;
824
f1f0eb02 825 if (hdev_is_powered(hdev))
f0d4b78a
MH		 826 settings |= MGMT_SETTING_POWERED;
827
d7a5a11d 828 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 829 settings |= MGMT_SETTING_CONNECTABLE;
830
d7a5a11d 831 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 832 settings |= MGMT_SETTING_FAST_CONNECTABLE;
833
d7a5a11d 834 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 835 settings |= MGMT_SETTING_DISCOVERABLE;
836
d7a5a11d 837 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 838 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 839
d7a5a11d 840 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 841 settings |= MGMT_SETTING_BREDR;
842
d7a5a11d 843 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 844 settings |= MGMT_SETTING_LE;
845
d7a5a11d 846 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 847 settings |= MGMT_SETTING_LINK_SECURITY;
848
d7a5a11d 849 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 850 settings |= MGMT_SETTING_SSP;
851
d7a5a11d 852 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 853 settings |= MGMT_SETTING_HS;
854
d7a5a11d 855 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 856 settings |= MGMT_SETTING_ADVERTISING;
857
d7a5a11d 858 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 859 settings |= MGMT_SETTING_SECURE_CONN;
860
d7a5a11d 861 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 862 settings |= MGMT_SETTING_DEBUG_KEYS;
863
d7a5a11d 864 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 865 settings |= MGMT_SETTING_PRIVACY;
866
93690c22
MH		 867 /* The current setting for static address has two purposes. The
868 * first is to indicate if the static address will be used and
869 * the second is to indicate if it is actually set.
870 *
871 * This means if the static address is not configured, this flag
08dc0e98 872 * will never be set. If the address is configured, then if the
93690c22
MH		 873 * address is actually used decides if the flag is set or not.
874 *
875 * For single mode LE only controllers and dual-mode controllers
876 * with BR/EDR disabled, the existence of the static address will
877 * be evaluated.
878 */
b7cb93e5 879 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 880 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 881 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
882 if (bacmp(&hdev->static_addr, BDADDR_ANY))
883 settings |= MGMT_SETTING_STATIC_ADDRESS;
884 }
885
00bce3fb
AM		 886 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
887 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
888
69ab39ea
JH		 889 return settings;
890}
891
333ae95d
JH		 892static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
893{
894 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
895}
896
333ae95d
JH		 897static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
898 struct hci_dev *hdev,
899 const void *data)
900{
901 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
902}
903
f2252570 904u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 905{
3b0602cd 906 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 907
908 /* If there's a pending mgmt command the flags will not yet have
909 * their final values, so check for this first.
910 */
333ae95d 911 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 912 if (cmd) {
913 struct mgmt_mode *cp = cmd->param;
914 if (cp->val == 0x01)
915 return LE_AD_GENERAL;
916 else if (cp->val == 0x02)
917 return LE_AD_LIMITED;
918 } else {
d7a5a11d 919 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 920 return LE_AD_LIMITED;
d7a5a11d 921 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 922 return LE_AD_GENERAL;
923 }
924
925 return 0;
926}
927
f2252570 928bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 929{
930 struct mgmt_pending_cmd *cmd;
441ad2d0 931
fdf51784
AU		 932 /* If there's a pending mgmt command the flag will not yet have
933 * it's final value, so check for this first.
934 */
935 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
936 if (cmd) {
937 struct mgmt_mode *cp = cmd->param;
441ad2d0 938
fdf51784 939 return cp->val;
441ad2d0
MH		 940 }
941
fdf51784
AU		 942 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
943}
441ad2d0 944
7d78525d
JH		 945static void service_cache_off(struct work_struct *work)
946{
947 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 948 service_cache.work);
890ea898 949 struct hci_request req;
7d78525d 950
a69d8927 951 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 952 return;
953
890ea898
JH		 954 hci_req_init(&req, hdev);
955
7d78525d
JH		 956 hci_dev_lock(hdev);
957
b1a8917c 958 __hci_req_update_eir(&req);
14bf5eac 959 __hci_req_update_class(&req);
7d78525d
JH		 960
961 hci_dev_unlock(hdev);
890ea898
JH		 962
963 hci_req_run(&req, NULL);
7d78525d
JH		 964}
965
d6bfd59c
JH		 966static void rpa_expired(struct work_struct *work)
967{
968 struct hci_dev *hdev = container_of(work, struct hci_dev,
969 rpa_expired.work);
970 struct hci_request req;
971
181d6953 972 bt_dev_dbg(hdev, "");
d6bfd59c 973
a1536da2 974 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 975
d7a5a11d 976 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 977 return;
978
979 /* The generation of a new RPA and programming it into the
f2252570
JH		 980 * controller happens in the hci_req_enable_advertising()
981 * function.
d6bfd59c 982 */
d6bfd59c 983 hci_req_init(&req, hdev);
de181e88
JK		 984 if (ext_adv_capable(hdev))
985 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
986 else
987 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 988 hci_req_run(&req, NULL);
989}
990
6a919082 991static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 992{
238be788 993 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 994 return;
995
4f87da80 996 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 997 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 998
4f87da80
JH		 999 /* Non-mgmt controlled devices get this bit set
1000 * implicitly so that pairing works for them, however
1001 * for mgmt we require user-space to explicitly enable
1002 * it
1003 */
a358dc11 1004 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1005}
1006
0f4e68cf 1007static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1008 void *data, u16 data_len)
0381101f 1009{
a38528f1 1010 struct mgmt_rp_read_info rp;
f7b64e69 1011
181d6953 1012 bt_dev_dbg(hdev, "sock %p", sk);
f7b64e69 1013
09fd0de5 1014 hci_dev_lock(hdev);
f7b64e69 1015
dc4fe30b
JH		 1016 memset(&rp, 0, sizeof(rp));
1017
69ab39ea 1018 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1019
69ab39ea 1020 rp.version = hdev->hci_ver;
eb55ef07 1021 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1022
1023 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1024 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1025
a38528f1 1026 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1027
dc4fe30b 1028 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1029 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1030
09fd0de5 1031 hci_dev_unlock(hdev);
0381101f 1032
2a1afb5a
JH		 1033 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1034 sizeof(rp));
0381101f
JH		 1035}
1036
cde7a863
MN		 1037static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1038{
1039 u16 eir_len = 0;
1040 size_t name_len;
1041
1042 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1043 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1044 hdev->dev_class, 3);
1045
6a9e90bf
SJ		 1046 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1047 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1048 hdev->appearance);
1049
cde7a863
MN		 1050 name_len = strlen(hdev->dev_name);
1051 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1052 hdev->dev_name, name_len);
1053
1054 name_len = strlen(hdev->short_name);
1055 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1056 hdev->short_name, name_len);
1057
1058 return eir_len;
1059}
1060
321c6fee
MH		 1061static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1062 void *data, u16 data_len)
1063{
7d5c11da
SJ		 1064 char buf[512];
1065 struct mgmt_rp_read_ext_info *rp = (void *)buf;
cde7a863 1066 u16 eir_len;
321c6fee 1067
181d6953 1068 bt_dev_dbg(hdev, "sock %p", sk);
321c6fee 1069
7d5c11da
SJ		 1070 memset(&buf, 0, sizeof(buf));
1071
321c6fee
MH		 1072 hci_dev_lock(hdev);
1073
7d5c11da
SJ		 1074 bacpy(&rp->bdaddr, &hdev->bdaddr);
1075
1076 rp->version = hdev->hci_ver;
1077 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1078
1079 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1080 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1081
321c6fee 1082
cde7a863 1083 eir_len = append_eir_data_to_buf(hdev, rp->eir);
8a0c9f49 1084 rp->eir_len = cpu_to_le16(eir_len);
321c6fee
MH		 1085
1086 hci_dev_unlock(hdev);
1087
1088 /* If this command is called at least once, then the events
1089 * for class of device and local name changes are disabled
1090 * and only the new extended controller information event
1091 * is used.
1092 */
1093 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1094 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1095 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1096
8a0c9f49
MN		 1097 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1098 sizeof(*rp) + eir_len);
321c6fee
MH		 1099}
1100
1101static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1102{
5e9fae48
MN		 1103 char buf[512];
1104 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1105 u16 eir_len;
1106
1107 memset(buf, 0, sizeof(buf));
321c6fee 1108
5e9fae48
MN		 1109 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1110 ev->eir_len = cpu_to_le16(eir_len);
321c6fee 1111
5e9fae48
MN		 1112 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1113 sizeof(*ev) + eir_len,
1114 HCI_MGMT_EXT_INFO_EVENTS, skip);
321c6fee
MH		 1115}
1116
69ab39ea 1117static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1118{
69ab39ea 1119 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1120
2a1afb5a
JH		 1121 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1122 sizeof(settings));
8680570b
JH		 1123}
1124
1904a853 1125static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a 1126{
181d6953 1127 bt_dev_dbg(hdev, "status 0x%02x", status);
8b064a3a 1128
a3172b7e
JH		 1129 if (hci_conn_count(hdev) == 0) {
1130 cancel_delayed_work(&hdev->power_off);
8b064a3a 1131 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1132 }
8b064a3a
JH		 1133}
1134
f2252570 1135void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1136{
1137 struct mgmt_ev_advertising_added ev;
1138
1139 ev.instance = instance;
1140
1141 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1142}
1143
f2252570
JH		 1144void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1145 u8 instance)
912098a6
AU		 1146{
1147 struct mgmt_ev_advertising_removed ev;
1148
1149 ev.instance = instance;
1150
1151 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1152}
1153
7816b820
FG		 1154static void cancel_adv_timeout(struct hci_dev *hdev)
1155{
1156 if (hdev->adv_instance_timeout) {
1157 hdev->adv_instance_timeout = 0;
1158 cancel_delayed_work(&hdev->adv_instance_expire);
1159 }
1160}
1161
8b064a3a
JH		 1162static int clean_up_hci_state(struct hci_dev *hdev)
1163{
1164 struct hci_request req;
1165 struct hci_conn *conn;
23a48093
JH		 1166 bool discov_stopped;
1167 int err;
8b064a3a
JH		 1168
1169 hci_req_init(&req, hdev);
1170
1171 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1172 test_bit(HCI_PSCAN, &hdev->flags)) {
1173 u8 scan = 0x00;
1174 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1175 }
1176
37d3a1fa 1177 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
912098a6 1178
d7a5a11d 1179 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1180 __hci_req_disable_advertising(&req);
8b064a3a 1181
2154d3f4 1182 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1183
1184 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1185 /* 0x15 == Terminated due to Power Off */
1186 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1187 }
1188
23a48093
JH		 1189 err = hci_req_run(&req, clean_up_hci_complete);
1190 if (!err && discov_stopped)
1191 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1192
1193 return err;
8b064a3a
JH		 1194}
1195
bdb6d971 1196static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1197 u16 len)
eec8d2bc 1198{
650f726d 1199 struct mgmt_mode *cp = data;
3b0602cd 1200 struct mgmt_pending_cmd *cmd;
4b34ee78 1201 int err;
eec8d2bc 1202
181d6953 1203 bt_dev_dbg(hdev, "sock %p", sk);
eec8d2bc 1204
a7e80f25 1205 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1206 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1207 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1208
09fd0de5 1209 hci_dev_lock(hdev);
eec8d2bc 1210
333ae95d 1211 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1212 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1213 MGMT_STATUS_BUSY);
87b95ba6
JH		 1214 goto failed;
1215 }
1216
4b34ee78 1217 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1218 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1219 goto failed;
1220 }
1221
2e58ef3e 1222 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1223 if (!cmd) {
1224 err = -ENOMEM;
eec8d2bc 1225 goto failed;
366a0336 1226 }
eec8d2bc 1227
8b064a3a 1228 if (cp->val) {
19202573 1229 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1230 err = 0;
1231 } else {
1232 /* Disconnect connections, stop scans, etc */
1233 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1234 if (!err)
1235 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1236 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1237
8b064a3a
JH		 1238 /* ENODATA means there were no HCI commands queued */
1239 if (err == -ENODATA) {
a3172b7e 1240 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1241 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1242 err = 0;
1243 }
1244 }
eec8d2bc
JH		 1245
1246failed:
09fd0de5 1247 hci_dev_unlock(hdev);
366a0336 1248 return err;
eec8d2bc
JH		 1249}
1250
beadb2bd
JH		 1251static int new_settings(struct hci_dev *hdev, struct sock *skip)
1252{
f6b7712e 1253 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1254
5504c3a3
MH		 1255 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1256 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
beadb2bd
JH		 1257}
1258
91a668b0
JH		 1259int mgmt_new_settings(struct hci_dev *hdev)
1260{
1261 return new_settings(hdev, NULL);
1262}
1263
bd99abdd
JH		 1264struct cmd_lookup {
1265 struct sock *sk;
1266 struct hci_dev *hdev;
1267 u8 mgmt_status;
1268};
1269
3b0602cd 1270static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1271{
1272 struct cmd_lookup *match = data;
1273
1274 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1275
1276 list_del(&cmd->list);
1277
1278 if (match->sk == NULL) {
1279 match->sk = cmd->sk;
1280 sock_hold(match->sk);
1281 }
1282
1283 mgmt_pending_free(cmd);
1284}
1285
3b0602cd 1286static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1287{
1288 u8 *status = data;
1289
a69e8375 1290 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1291 mgmt_pending_remove(cmd);
1292}
1293
3b0602cd 1294static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1295{
1296 if (cmd->cmd_complete) {
1297 u8 *status = data;
1298
1299 cmd->cmd_complete(cmd, *status);
1300 mgmt_pending_remove(cmd);
1301
1302 return;
1303 }
1304
1305 cmd_status_rsp(cmd, data);
1306}
1307
3b0602cd 1308static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1309{
2a1afb5a
JH		 1310 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1311 cmd->param, cmd->param_len);
f5818c22
JH		 1312}
1313
3b0602cd 1314static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1315{
2a1afb5a
JH		 1316 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1317 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1318}
1319
e6fe7986
JH		 1320static u8 mgmt_bredr_support(struct hci_dev *hdev)
1321{
1322 if (!lmp_bredr_capable(hdev))
1323 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1324 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1325 return MGMT_STATUS_REJECTED;
1326 else
1327 return MGMT_STATUS_SUCCESS;
1328}
1329
1330static u8 mgmt_le_support(struct hci_dev *hdev)
1331{
1332 if (!lmp_le_capable(hdev))
1333 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1334 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1335 return MGMT_STATUS_REJECTED;
1336 else
1337 return MGMT_STATUS_SUCCESS;
1338}
1339
aed1a885 1340void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1341{
3b0602cd 1342 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1343
181d6953 1344 bt_dev_dbg(hdev, "status 0x%02x", status);
bfaf8c9f
JH		 1345
1346 hci_dev_lock(hdev);
1347
333ae95d 1348 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1349 if (!cmd)
1350 goto unlock;
1351
1352 if (status) {
1353 u8 mgmt_err = mgmt_status(status);
a69e8375 1354 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1355 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1356 goto remove_cmd;
1357 }
1358
aed1a885
JH		 1359 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1360 hdev->discov_timeout > 0) {
1361 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1362 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1363 }
bfaf8c9f
JH		 1364
1365 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1366 new_settings(hdev, cmd->sk);
970ba524 1367
bfaf8c9f
JH		 1368remove_cmd:
1369 mgmt_pending_remove(cmd);
1370
1371unlock:
1372 hci_dev_unlock(hdev);
1373}
1374
bdb6d971 1375static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1376 u16 len)
73f22f62 1377{
650f726d 1378 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1379 struct mgmt_pending_cmd *cmd;
5e5282bb 1380 u16 timeout;
73f22f62
JH		 1381 int err;
1382
181d6953 1383 bt_dev_dbg(hdev, "sock %p", sk);
73f22f62 1384
d7a5a11d
MH		 1385 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1386 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1387 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1388 MGMT_STATUS_REJECTED);
33c525c0 1389
310a3d48 1390 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1391 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1392 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1393
1f350c87 1394 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1395
1396 /* Disabling discoverable requires that no timeout is set,
1397 * and enabling limited discoverable requires a timeout.
1398 */
1399 if ((cp->val == 0x00 && timeout > 0) ||
1400 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1401 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1402 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1403
09fd0de5 1404 hci_dev_lock(hdev);
73f22f62 1405
5e5282bb 1406 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1407 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1408 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1409 goto failed;
1410 }
1411
333ae95d
JH		 1412 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1413 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1414 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1415 MGMT_STATUS_BUSY);
73f22f62
JH		 1416 goto failed;
1417 }
1418
d7a5a11d 1419 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1420 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1421 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1422 goto failed;
1423 }
1424
4867bd00
APS		 1425 if (hdev->advertising_paused) {
1426 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1427 MGMT_STATUS_BUSY);
1428 goto failed;
1429 }
1430
5e5282bb 1431 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1432 bool changed = false;
1433
310a3d48
MH		 1434 /* Setting limited discoverable when powered off is
1435 * not a valid operation since it requires a timeout
1436 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1437 */
d7a5a11d 1438 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1439 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1440 changed = true;
1441 }
1442
5e5282bb 1443 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1444 if (err < 0)
1445 goto failed;
1446
1447 if (changed)
1448 err = new_settings(hdev, sk);
1449
5e5282bb
JH		 1450 goto failed;
1451 }
1452
310a3d48
MH		 1453 /* If the current mode is the same, then just update the timeout
1454 * value with the new value. And if only the timeout gets updated,
1455 * then no need for any HCI transactions.
1456 */
d7a5a11d
MH		 1457 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1458 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1459 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1460 cancel_delayed_work(&hdev->discov_off);
1461 hdev->discov_timeout = timeout;
955638ec 1462
36261547
MH		 1463 if (cp->val && hdev->discov_timeout > 0) {
1464 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1465 queue_delayed_work(hdev->req_workqueue,
1466 &hdev->discov_off, to);
955638ec
MH		 1467 }
1468
69ab39ea 1469 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1470 goto failed;
1471 }
1472
2e58ef3e 1473 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1474 if (!cmd) {
1475 err = -ENOMEM;
73f22f62 1476 goto failed;
366a0336 1477 }
73f22f62 1478
310a3d48
MH		 1479 /* Cancel any potential discoverable timeout that might be
1480 * still active and store new timeout value. The arming of
1481 * the timeout happens in the complete handler.
1482 */
1483 cancel_delayed_work(&hdev->discov_off);
1484 hdev->discov_timeout = timeout;
1485
aed1a885
JH		 1486 if (cp->val)
1487 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1488 else
1489 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1490
b456f87c
JH		 1491 /* Limited discoverable mode */
1492 if (cp->val == 0x02)
a1536da2 1493 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1494 else
a358dc11 1495 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1496
aed1a885
JH		 1497 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1498 err = 0;
73f22f62
JH		 1499
1500failed:
09fd0de5 1501 hci_dev_unlock(hdev);
73f22f62
JH		 1502 return err;
1503}
1504
53c0ba74 1505void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1506{
3b0602cd 1507 struct mgmt_pending_cmd *cmd;
2b76f453 1508
181d6953 1509 bt_dev_dbg(hdev, "status 0x%02x", status);
2b76f453
JH		 1510
1511 hci_dev_lock(hdev);
1512
333ae95d 1513 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1514 if (!cmd)
1515 goto unlock;
1516
37438c1f
JH		 1517 if (status) {
1518 u8 mgmt_err = mgmt_status(status);
a69e8375 1519 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1520 goto remove_cmd;
1521 }
1522
2b76f453 1523 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1524 new_settings(hdev, cmd->sk);
d7b856f9 1525
37438c1f 1526remove_cmd:
2b76f453
JH		 1527 mgmt_pending_remove(cmd);
1528
1529unlock:
1530 hci_dev_unlock(hdev);
1531}
1532
e8ba3a1f
JH		 1533static int set_connectable_update_settings(struct hci_dev *hdev,
1534 struct sock *sk, u8 val)
1535{
1536 bool changed = false;
1537 int err;
1538
d7a5a11d 1539 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1540 changed = true;
1541
1542 if (val) {
a1536da2 1543 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1544 } else {
a358dc11
MH		 1545 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1546 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1547 }
1548
1549 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1550 if (err < 0)
1551 return err;
1552
562064e6 1553 if (changed) {
01b1cb87 1554 hci_req_update_scan(hdev);
562064e6 1555 hci_update_background_scan(hdev);
e8ba3a1f 1556 return new_settings(hdev, sk);
562064e6 1557 }
e8ba3a1f
JH		 1558
1559 return 0;
1560}
1561
bdb6d971 1562static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1563 u16 len)
9fbcbb45 1564{
650f726d 1565 struct mgmt_mode *cp = data;
3b0602cd 1566 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1567 int err;
1568
181d6953 1569 bt_dev_dbg(hdev, "sock %p", sk);
9fbcbb45 1570
d7a5a11d
MH		 1571 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1572 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1574 MGMT_STATUS_REJECTED);
33c525c0 1575
a7e80f25 1576 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1578 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1579
09fd0de5 1580 hci_dev_lock(hdev);
9fbcbb45 1581
4b34ee78 1582 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1583 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1584 goto failed;
1585 }
1586
333ae95d
JH		 1587 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1588 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1589 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1590 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1591 goto failed;
1592 }
1593
2e58ef3e 1594 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1595 if (!cmd) {
1596 err = -ENOMEM;
9fbcbb45 1597 goto failed;
366a0336 1598 }
9fbcbb45 1599
53c0ba74
JH		 1600 if (cp->val) {
1601 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1602 } else {
1603 if (hdev->discov_timeout > 0)
1604 cancel_delayed_work(&hdev->discov_off);
2b76f453 1605
53c0ba74
JH		 1606 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1607 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1608 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1609 }
2b76f453 1610
53c0ba74
JH		 1611 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1612 err = 0;
9fbcbb45
JH		 1613
1614failed:
09fd0de5 1615 hci_dev_unlock(hdev);
9fbcbb45
JH		 1616 return err;
1617}
1618
b2939475 1619static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1620 u16 len)
c542a06c 1621{
650f726d 1622 struct mgmt_mode *cp = data;
55594356 1623 bool changed;
c542a06c
JH		 1624 int err;
1625
181d6953 1626 bt_dev_dbg(hdev, "sock %p", sk);
c542a06c 1627
a7e80f25 1628 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1629 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1630 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1631
09fd0de5 1632 hci_dev_lock(hdev);
c542a06c
JH		 1633
1634 if (cp->val)
238be788 1635 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1636 else
a69d8927 1637 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1638
b2939475 1639 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1640 if (err < 0)
55594356 1641 goto unlock;
c542a06c 1642
82a37ade
JH		 1643 if (changed) {
1644 /* In limited privacy mode the change of bondable mode
1645 * may affect the local advertising address.
1646 */
1647 if (hdev_is_powered(hdev) &&
1648 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1649 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1650 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1651 queue_work(hdev->req_workqueue,
1652 &hdev->discoverable_update);
1653
55594356 1654 err = new_settings(hdev, sk);
82a37ade 1655 }
c542a06c 1656
55594356 1657unlock:
09fd0de5 1658 hci_dev_unlock(hdev);
c542a06c
JH		 1659 return err;
1660}
1661
04124681
GP		 1662static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1663 u16 len)
33ef95ed
JH		 1664{
1665 struct mgmt_mode *cp = data;
3b0602cd 1666 struct mgmt_pending_cmd *cmd;
e6fe7986 1667 u8 val, status;
33ef95ed
JH		 1668 int err;
1669
181d6953 1670 bt_dev_dbg(hdev, "sock %p", sk);
33ef95ed 1671
e6fe7986
JH		 1672 status = mgmt_bredr_support(hdev);
1673 if (status)
a69e8375
JH		 1674 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1675 status);
33c525c0 1676
a7e80f25 1677 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1679 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1680
33ef95ed
JH		 1681 hci_dev_lock(hdev);
1682
4b34ee78 1683 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1684 bool changed = false;
1685
d7a5a11d 1686 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1687 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1688 changed = true;
1689 }
1690
1691 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1692 if (err < 0)
1693 goto failed;
1694
1695 if (changed)
1696 err = new_settings(hdev, sk);
1697
33ef95ed
JH		 1698 goto failed;
1699 }
1700
333ae95d 1701 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1702 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1703 MGMT_STATUS_BUSY);
33ef95ed
JH		 1704 goto failed;
1705 }
1706
1707 val = !!cp->val;
1708
1709 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1710 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1711 goto failed;
1712 }
1713
1714 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1715 if (!cmd) {
1716 err = -ENOMEM;
1717 goto failed;
1718 }
1719
1720 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1721 if (err < 0) {
1722 mgmt_pending_remove(cmd);
1723 goto failed;
1724 }
1725
1726failed:
1727 hci_dev_unlock(hdev);
33ef95ed
JH		 1728 return err;
1729}
1730
bdb6d971 1731static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1732{
1733 struct mgmt_mode *cp = data;
3b0602cd 1734 struct mgmt_pending_cmd *cmd;
72ef0c1a 1735 u8 status;
ed2c4ee3
JH		 1736 int err;
1737
181d6953 1738 bt_dev_dbg(hdev, "sock %p", sk);
ed2c4ee3 1739
cdba5281
MH		 1740 status = mgmt_bredr_support(hdev);
1741 if (status)
a69e8375 1742 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1743
13ecd8b6 1744 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1745 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1746 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1747
a7e80f25 1748 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1749 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1750 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1751
13ecd8b6 1752 hci_dev_lock(hdev);
6c8f12c1 1753
4b34ee78 1754 if (!hdev_is_powered(hdev)) {
9ecb3e24 1755 bool changed;
c0ecddc2 1756
9ecb3e24 1757 if (cp->val) {
238be788
MH		 1758 changed = !hci_dev_test_and_set_flag(hdev,
1759 HCI_SSP_ENABLED);
9ecb3e24 1760 } else {
a69d8927
MH		 1761 changed = hci_dev_test_and_clear_flag(hdev,
1762 HCI_SSP_ENABLED);
9ecb3e24 1763 if (!changed)
a69d8927
MH		 1764 changed = hci_dev_test_and_clear_flag(hdev,
1765 HCI_HS_ENABLED);
9ecb3e24 1766 else
a358dc11 1767 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1768 }
1769
1770 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1771 if (err < 0)
1772 goto failed;
1773
1774 if (changed)
1775 err = new_settings(hdev, sk);
1776
ed2c4ee3
JH		 1777 goto failed;
1778 }
1779
333ae95d 1780 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1781 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1782 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1783 goto failed;
1784 }
1785
d7a5a11d 1786 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1787 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1788 goto failed;
1789 }
1790
1791 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1792 if (!cmd) {
1793 err = -ENOMEM;
1794 goto failed;
1795 }
1796
d7a5a11d 1797 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1798 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1799 sizeof(cp->val), &cp->val);
1800
72ef0c1a 1801 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1802 if (err < 0) {
1803 mgmt_pending_remove(cmd);
1804 goto failed;
1805 }
1806
1807failed:
1808 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1809 return err;
1810}
1811
bdb6d971 1812static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1813{
1814 struct mgmt_mode *cp = data;
ee392693 1815 bool changed;
e6fe7986 1816 u8 status;
ee392693 1817 int err;
6d80dfd0 1818
181d6953 1819 bt_dev_dbg(hdev, "sock %p", sk);
6d80dfd0 1820
b560a208
LAD		 1821 if (!IS_ENABLED(CONFIG_BT_HS))
1822 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1823 MGMT_STATUS_NOT_SUPPORTED);
1824
e6fe7986
JH		 1825 status = mgmt_bredr_support(hdev);
1826 if (status)
a69e8375 1827 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1828
9ecb3e24 1829 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1830 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1831 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1832
d7a5a11d 1833 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1834 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1835 MGMT_STATUS_REJECTED);
9ecb3e24 1836
a7e80f25 1837 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1839 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1840
ee392693
MH		 1841 hci_dev_lock(hdev);
1842
333ae95d 1843 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1844 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1845 MGMT_STATUS_BUSY);
a2cb01de
JH		 1846 goto unlock;
1847 }
1848
a0cdf960 1849 if (cp->val) {
238be788 1850 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1851 } else {
1852 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1853 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1854 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1855 goto unlock;
1856 }
1857
a69d8927 1858 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1859 }
ee392693
MH		 1860
1861 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1862 if (err < 0)
1863 goto unlock;
1864
1865 if (changed)
1866 err = new_settings(hdev, sk);
6d80dfd0 1867
ee392693
MH		 1868unlock:
1869 hci_dev_unlock(hdev);
1870 return err;
6d80dfd0
JH		 1871}
1872
1904a853 1873static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1874{
1875 struct cmd_lookup match = { NULL, hdev };
1876
3ad67582
JK		 1877 hci_dev_lock(hdev);
1878
416a4ae5
JH		 1879 if (status) {
1880 u8 mgmt_err = mgmt_status(status);
1881
1882 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1883 &mgmt_err);
3ad67582 1884 goto unlock;
416a4ae5
JH		 1885 }
1886
1887 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1888
1889 new_settings(hdev, match.sk);
1890
1891 if (match.sk)
1892 sock_put(match.sk);
441ad2d0
MH		 1893
1894 /* Make sure the controller has a good default for
1895 * advertising data. Restrict the update to when LE
1896 * has actually been enabled. During power on, the
1897 * update in powered_update_hci will take care of it.
1898 */
d7a5a11d 1899 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0 1900 struct hci_request req;
441ad2d0 1901 hci_req_init(&req, hdev);
a0fb3726
JK		 1902 if (ext_adv_capable(hdev)) {
1903 int err;
1904
1905 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1906 if (!err)
1907 __hci_req_update_scan_rsp_data(&req, 0x00);
1908 } else {
1909 __hci_req_update_adv_data(&req, 0x00);
1910 __hci_req_update_scan_rsp_data(&req, 0x00);
1911 }
441ad2d0 1912 hci_req_run(&req, NULL);
2e93e53b 1913 hci_update_background_scan(hdev);
441ad2d0 1914 }
3ad67582
JK		 1915
1916unlock:
1917 hci_dev_unlock(hdev);
416a4ae5
JH		 1918}
1919
bdb6d971 1920static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1921{
1922 struct mgmt_mode *cp = data;
1923 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1924 struct mgmt_pending_cmd *cmd;
416a4ae5 1925 struct hci_request req;
06199cf8 1926 int err;
0b60eba1 1927 u8 val, enabled;
06199cf8 1928
181d6953 1929 bt_dev_dbg(hdev, "sock %p", sk);
06199cf8 1930
13ecd8b6 1931 if (!lmp_le_capable(hdev))
a69e8375
JH		 1932 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1933 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1934
a7e80f25 1935 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1936 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1937 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1938
e7844ee5
MH		 1939 /* Bluetooth single mode LE only controllers or dual-mode
1940 * controllers configured as LE only devices, do not allow
1941 * switching LE off. These have either LE enabled explicitly
1942 * or BR/EDR has been previously switched off.
1943 *
1944 * When trying to enable an already enabled LE, then gracefully
1945 * send a positive response. Trying to disable it however will
1946 * result into rejection.
1947 */
1948 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1949 if (cp->val == 0x01)
1950 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1951
a69e8375
JH		 1952 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1953 MGMT_STATUS_REJECTED);
e7844ee5 1954 }
c73eee91 1955
13ecd8b6 1956 hci_dev_lock(hdev);
06199cf8
JH		 1957
1958 val = !!cp->val;
ffa88e02 1959 enabled = lmp_host_le_capable(hdev);
06199cf8 1960
847818d9 1961 if (!val)
37d3a1fa 1962 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
847818d9 1963
0b60eba1 1964 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1965 bool changed = false;
1966
d7a5a11d 1967 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1968 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1969 changed = true;
1970 }
1971
d7a5a11d 1972 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1973 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1974 changed = true;
1975 }
1976
06199cf8
JH		 1977 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1978 if (err < 0)
1de028ce 1979 goto unlock;
06199cf8
JH		 1980
1981 if (changed)
1982 err = new_settings(hdev, sk);
1983
1de028ce 1984 goto unlock;
06199cf8
JH		 1985 }
1986
333ae95d
JH		 1987 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1988 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1989 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1990 MGMT_STATUS_BUSY);
1de028ce 1991 goto unlock;
06199cf8
JH		 1992 }
1993
1994 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1995 if (!cmd) {
1996 err = -ENOMEM;
1de028ce 1997 goto unlock;
06199cf8
JH		 1998 }
1999
441ad2d0
MH		 2000 hci_req_init(&req, hdev);
2001
06199cf8
JH		 2002 memset(&hci_cp, 0, sizeof(hci_cp));
2003
2004 if (val) {
2005 hci_cp.le = val;
32226e4f 2006 hci_cp.simul = 0x00;
441ad2d0 2007 } else {
d7a5a11d 2008 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 2009 __hci_req_disable_advertising(&req);
45b7749f
JK		 2010
2011 if (ext_adv_capable(hdev))
2012 __hci_req_clear_ext_adv_sets(&req);
06199cf8
JH		 2013 }
2014
416a4ae5
JH		 2015 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2016 &hci_cp);
2017
2018 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2019 if (err < 0)
06199cf8 2020 mgmt_pending_remove(cmd);
06199cf8 2021
1de028ce
JH		 2022unlock:
2023 hci_dev_unlock(hdev);
06199cf8
JH		 2024 return err;
2025}
2026
0cab9c80
JH		 2027/* This is a helper function to test for pending mgmt commands that can
2028 * cause CoD or EIR HCI commands. We can only allow one such pending
2029 * mgmt command at a time since otherwise we cannot easily track what
2030 * the current values are, will be, and based on that calculate if a new
2031 * HCI command needs to be sent and if yes with what value.
2032 */
2033static bool pending_eir_or_class(struct hci_dev *hdev)
2034{
3b0602cd 2035 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2036
2037 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2038 switch (cmd->opcode) {
2039 case MGMT_OP_ADD_UUID:
2040 case MGMT_OP_REMOVE_UUID:
2041 case MGMT_OP_SET_DEV_CLASS:
2042 case MGMT_OP_SET_POWERED:
2043 return true;
2044 }
2045 }
2046
2047 return false;
2048}
2049
83be8eca
JH		 2050static const u8 bluetooth_base_uuid[] = {
2051 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2052 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2053};
2054
2055static u8 get_uuid_size(const u8 *uuid)
2056{
2057 u32 val;
2058
2059 if (memcmp(uuid, bluetooth_base_uuid, 12))
2060 return 128;
2061
2062 val = get_unaligned_le32(&uuid[12]);
2063 if (val > 0xffff)
2064 return 32;
2065
2066 return 16;
2067}
2068
92da6097
JH		 2069static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2070{
3b0602cd 2071 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2072
2073 hci_dev_lock(hdev);
2074
333ae95d 2075 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2076 if (!cmd)
2077 goto unlock;
2078
2a1afb5a
JH		 2079 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2080 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2081
2082 mgmt_pending_remove(cmd);
2083
2084unlock:
2085 hci_dev_unlock(hdev);
2086}
2087
1904a853 2088static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097 2089{
181d6953 2090 bt_dev_dbg(hdev, "status 0x%02x", status);
92da6097
JH		 2091
2092 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2093}
2094
bdb6d971 2095static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2096{
650f726d 2097 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2098 struct mgmt_pending_cmd *cmd;
890ea898 2099 struct hci_request req;
2aeb9a1a 2100 struct bt_uuid *uuid;
2aeb9a1a
JH		 2101 int err;
2102
181d6953 2103 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2104
09fd0de5 2105 hci_dev_lock(hdev);
2aeb9a1a 2106
0cab9c80 2107 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2108 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2109 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2110 goto failed;
2111 }
2112
92c4c204 2113 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2114 if (!uuid) {
2115 err = -ENOMEM;
2116 goto failed;
2117 }
2118
2119 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2120 uuid->svc_hint = cp->svc_hint;
83be8eca 2121 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2122
de66aa63 2123 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2124
890ea898 2125 hci_req_init(&req, hdev);
1aff6f09 2126
14bf5eac 2127 __hci_req_update_class(&req);
b1a8917c 2128 __hci_req_update_eir(&req);
890ea898 2129
92da6097
JH		 2130 err = hci_req_run(&req, add_uuid_complete);
2131 if (err < 0) {
2132 if (err != -ENODATA)
2133 goto failed;
80a1e1db 2134
2a1afb5a
JH		 2135 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2136 hdev->dev_class, 3);
90e70454
JH		 2137 goto failed;
2138 }
2139
2140 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2141 if (!cmd) {
90e70454 2142 err = -ENOMEM;
890ea898
JH		 2143 goto failed;
2144 }
2145
2146 err = 0;
2aeb9a1a
JH		 2147
2148failed:
09fd0de5 2149 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2150 return err;
2151}
2152
24b78d0f
JH		 2153static bool enable_service_cache(struct hci_dev *hdev)
2154{
2155 if (!hdev_is_powered(hdev))
2156 return false;
2157
238be788 2158 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2159 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2160 CACHE_TIMEOUT);
24b78d0f
JH		 2161 return true;
2162 }
2163
2164 return false;
2165}
2166
1904a853 2167static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097 2168{
181d6953 2169 bt_dev_dbg(hdev, "status 0x%02x", status);
92da6097
JH		 2170
2171 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2172}
2173
bdb6d971 2174static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2175 u16 len)
2aeb9a1a 2176{
650f726d 2177 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2178 struct mgmt_pending_cmd *cmd;
056341c8 2179 struct bt_uuid *match, *tmp;
2aeb9a1a 2180 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2181 struct hci_request req;
2aeb9a1a
JH		 2182 int err, found;
2183
181d6953 2184 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2185
09fd0de5 2186 hci_dev_lock(hdev);
2aeb9a1a 2187
0cab9c80 2188 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2189 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2190 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2191 goto unlock;
2192 }
2193
2aeb9a1a 2194 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2195 hci_uuids_clear(hdev);
4004b6d9 2196
24b78d0f 2197 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2198 err = mgmt_cmd_complete(sk, hdev->id,
2199 MGMT_OP_REMOVE_UUID,
2200 0, hdev->dev_class, 3);
24b78d0f
JH		 2201 goto unlock;
2202 }
4004b6d9 2203
9246a869 2204 goto update_class;
2aeb9a1a
JH		 2205 }
2206
2207 found = 0;
2208
056341c8 2209 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2210 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2211 continue;
2212
2213 list_del(&match->list);
482049f7 2214 kfree(match);
2aeb9a1a
JH		 2215 found++;
2216 }
2217
2218 if (found == 0) {
a69e8375
JH		 2219 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2220 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2221 goto unlock;
2222 }
2223
9246a869 2224update_class:
890ea898 2225 hci_req_init(&req, hdev);
1aff6f09 2226
14bf5eac 2227 __hci_req_update_class(&req);
b1a8917c 2228 __hci_req_update_eir(&req);
890ea898 2229
92da6097
JH		 2230 err = hci_req_run(&req, remove_uuid_complete);
2231 if (err < 0) {
2232 if (err != -ENODATA)
2233 goto unlock;
80a1e1db 2234
2a1afb5a
JH		 2235 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2236 hdev->dev_class, 3);
90e70454
JH		 2237 goto unlock;
2238 }
2239
2240 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2241 if (!cmd) {
90e70454 2242 err = -ENOMEM;
890ea898
JH		 2243 goto unlock;
2244 }
2245
2246 err = 0;
2aeb9a1a
JH		 2247
2248unlock:
09fd0de5 2249 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2250 return err;
2251}
2252
1904a853 2253static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097 2254{
181d6953 2255 bt_dev_dbg(hdev, "status 0x%02x", status);
92da6097
JH		 2256
2257 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2258}
2259
bdb6d971 2260static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2261 u16 len)
1aff6f09 2262{
650f726d 2263 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2264 struct mgmt_pending_cmd *cmd;
890ea898 2265 struct hci_request req;
1aff6f09
JH		 2266 int err;
2267
181d6953 2268 bt_dev_dbg(hdev, "sock %p", sk);
1aff6f09 2269
6203fc98 2270 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2271 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2272 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2273
0cab9c80 2274 hci_dev_lock(hdev);
ee98f473 2275
0cab9c80 2276 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2277 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2278 MGMT_STATUS_BUSY);
0cab9c80
JH		 2279 goto unlock;
2280 }
c95f0ba7 2281
0cab9c80 2282 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2283 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2284 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2285 goto unlock;
2286 }
575b3a02 2287
932f5ff5
JH		 2288 hdev->major_class = cp->major;
2289 hdev->minor_class = cp->minor;
2290
b5235a65 2291 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2292 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2293 hdev->dev_class, 3);
b5235a65
JH		 2294 goto unlock;
2295 }
2296
890ea898
JH		 2297 hci_req_init(&req, hdev);
2298
a69d8927 2299 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2300 hci_dev_unlock(hdev);
2301 cancel_delayed_work_sync(&hdev->service_cache);
2302 hci_dev_lock(hdev);
b1a8917c 2303 __hci_req_update_eir(&req);
7d78525d 2304 }
14c0b608 2305
14bf5eac 2306 __hci_req_update_class(&req);
890ea898 2307
92da6097
JH		 2308 err = hci_req_run(&req, set_class_complete);
2309 if (err < 0) {
2310 if (err != -ENODATA)
2311 goto unlock;
1aff6f09 2312
2a1afb5a
JH		 2313 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2314 hdev->dev_class, 3);
90e70454
JH		 2315 goto unlock;
2316 }
2317
2318 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2319 if (!cmd) {
90e70454 2320 err = -ENOMEM;
890ea898
JH		 2321 goto unlock;
2322 }
2323
2324 err = 0;
1aff6f09 2325
b5235a65 2326unlock:
09fd0de5 2327 hci_dev_unlock(hdev);
1aff6f09
JH		 2328 return err;
2329}
2330
bdb6d971 2331static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2332 u16 len)
55ed8ca1 2333{
650f726d 2334 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2335 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2336 sizeof(struct mgmt_link_key_info));
4e51eae9 2337 u16 key_count, expected_len;
b1de97d8 2338 bool changed;
a492cd52 2339 int i;
55ed8ca1 2340
181d6953 2341 bt_dev_dbg(hdev, "sock %p", sk);
9060d5cf
MH		 2342
2343 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2344 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2345 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2346
1f350c87 2347 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 2348 if (key_count > max_key_count) {
2064ee33
MH		 2349 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2350 key_count);
a69e8375
JH		 2351 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2352 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2353 }
55ed8ca1 2354
5bec1fb8 2355 expected_len = struct_size(cp, keys, key_count);
a492cd52 2356 if (expected_len != len) {
2064ee33
MH		 2357 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2358 expected_len, len);
a69e8375
JH		 2359 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2360 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2361 }
2362
4ae14301 2363 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2364 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2365 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2366
181d6953
MH		 2367 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2368 key_count);
55ed8ca1 2369
4ee71b20
JH		 2370 for (i = 0; i < key_count; i++) {
2371 struct mgmt_link_key_info *key = &cp->keys[i];
2372
8e991132 2373 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2374 return mgmt_cmd_status(sk, hdev->id,
2375 MGMT_OP_LOAD_LINK_KEYS,
2376 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2377 }
2378
09fd0de5 2379 hci_dev_lock(hdev);
55ed8ca1
JH		 2380
2381 hci_link_keys_clear(hdev);
2382
55ed8ca1 2383 if (cp->debug_keys)
238be788 2384 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2385 else
a69d8927
MH		 2386 changed = hci_dev_test_and_clear_flag(hdev,
2387 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2388
2389 if (changed)
2390 new_settings(hdev, NULL);
55ed8ca1 2391
a492cd52 2392 for (i = 0; i < key_count; i++) {
86742e1e 2393 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2394
600a8749
AM		 2395 if (hci_is_blocked_key(hdev,
2396 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2397 key->val)) {
2398 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2399 &key->addr.bdaddr);
2400 continue;
2401 }
2402
58e9293c
JH		 2403 /* Always ignore debug keys and require a new pairing if
2404 * the user wants to use them.
2405 */
2406 if (key->type == HCI_LK_DEBUG_COMBINATION)
2407 continue;
2408
7652ff6a
JH		 2409 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2410 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2411 }
2412
2a1afb5a 2413 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2414
09fd0de5 2415 hci_dev_unlock(hdev);
55ed8ca1 2416
a492cd52 2417 return 0;
55ed8ca1
JH		 2418}
2419
b1078ad0 2420static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2421 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2422{
2423 struct mgmt_ev_device_unpaired ev;
2424
2425 bacpy(&ev.addr.bdaddr, bdaddr);
2426 ev.addr.type = addr_type;
2427
2428 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2429 skip_sk);
b1078ad0
JH		 2430}
2431
bdb6d971 2432static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2433 u16 len)
55ed8ca1 2434{
124f6e35
JH		 2435 struct mgmt_cp_unpair_device *cp = data;
2436 struct mgmt_rp_unpair_device rp;
fc64361a 2437 struct hci_conn_params *params;
3b0602cd 2438 struct mgmt_pending_cmd *cmd;
55ed8ca1 2439 struct hci_conn *conn;
ec182f03 2440 u8 addr_type;
55ed8ca1
JH		 2441 int err;
2442
a8a1d19e 2443 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2444 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2445 rp.addr.type = cp->addr.type;
a8a1d19e 2446
4ee71b20 2447 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2448 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2449 MGMT_STATUS_INVALID_PARAMS,
2450 &rp, sizeof(rp));
4ee71b20 2451
118da70b 2452 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2453 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2454 MGMT_STATUS_INVALID_PARAMS,
2455 &rp, sizeof(rp));
118da70b 2456
4ee71b20
JH		 2457 hci_dev_lock(hdev);
2458
86a8cfc6 2459 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2460 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2461 MGMT_STATUS_NOT_POWERED, &rp,
2462 sizeof(rp));
86a8cfc6
JH		 2463 goto unlock;
2464 }
2465
e0b2b27e 2466 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2467 /* If disconnection is requested, then look up the
2468 * connection. If the remote device is connected, it
2469 * will be later used to terminate the link.
2470 *
2471 * Setting it to NULL explicitly will cause no
2472 * termination of the link.
2473 */
2474 if (cp->disconnect)
2475 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2476 &cp->addr.bdaddr);
2477 else
2478 conn = NULL;
2479
124f6e35 2480 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2481 if (err < 0) {
2482 err = mgmt_cmd_complete(sk, hdev->id,
2483 MGMT_OP_UNPAIR_DEVICE,
2484 MGMT_STATUS_NOT_PAIRED, &rp,
2485 sizeof(rp));
2486 goto unlock;
89cbb063
AA		 2487 }
2488
ec182f03 2489 goto done;
e0b2b27e 2490 }
b0dbfb46 2491
ec182f03
JH		 2492 /* LE address type */
2493 addr_type = le_addr_type(cp->addr.type);
2494
cb28c306
MK		 2495 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2496 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2497 if (err < 0) {
2a1afb5a
JH		 2498 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2499 MGMT_STATUS_NOT_PAIRED, &rp,
2500 sizeof(rp));
55ed8ca1
JH		 2501 goto unlock;
2502 }
2503
ec182f03
JH		 2504 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2505 if (!conn) {
2506 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2507 goto done;
2508 }
2509
c81d555a 2510
ec182f03
JH		 2511 /* Defer clearing up the connection parameters until closing to
2512 * give a chance of keeping them if a repairing happens.
2513 */
2514 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2515
fc64361a
JH		 2516 /* Disable auto-connection parameters if present */
2517 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2518 if (params) {
2519 if (params->explicit_connect)
2520 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2521 else
2522 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2523 }
2524
ec182f03
JH		 2525 /* If disconnection is not requested, then clear the connection
2526 * variable so that the link is not terminated.
2527 */
2528 if (!cp->disconnect)
2529 conn = NULL;
2530
2531done:
89cbb063
AA		 2532 /* If the connection variable is set, then termination of the
2533 * link is requested.
2534 */
a8a1d19e 2535 if (!conn) {
2a1afb5a
JH		 2536 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2537 &rp, sizeof(rp));
b1078ad0 2538 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2539 goto unlock;
2540 }
55ed8ca1 2541
124f6e35 2542 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2543 sizeof(*cp));
a8a1d19e
JH		 2544 if (!cmd) {
2545 err = -ENOMEM;
2546 goto unlock;
55ed8ca1
JH		 2547 }
2548
d8b7b1e4
JH		 2549 cmd->cmd_complete = addr_cmd_complete;
2550
89e0ccc8 2551 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2552 if (err < 0)
2553 mgmt_pending_remove(cmd);
2554
55ed8ca1 2555unlock:
09fd0de5 2556 hci_dev_unlock(hdev);
55ed8ca1
JH		 2557 return err;
2558}
2559
bdb6d971 2560static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2561 u16 len)
8962ee74 2562{
650f726d 2563 struct mgmt_cp_disconnect *cp = data;
06a63b19 2564 struct mgmt_rp_disconnect rp;
3b0602cd 2565 struct mgmt_pending_cmd *cmd;
8962ee74 2566 struct hci_conn *conn;
8962ee74
JH		 2567 int err;
2568
181d6953 2569 bt_dev_dbg(hdev, "sock %p", sk);
8962ee74 2570
06a63b19
JH		 2571 memset(&rp, 0, sizeof(rp));
2572 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2573 rp.addr.type = cp->addr.type;
2574
4ee71b20 2575 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2576 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2577 MGMT_STATUS_INVALID_PARAMS,
2578 &rp, sizeof(rp));
4ee71b20 2579
09fd0de5 2580 hci_dev_lock(hdev);
8962ee74
JH		 2581
2582 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2583 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2584 MGMT_STATUS_NOT_POWERED, &rp,
2585 sizeof(rp));
8962ee74
JH		 2586 goto failed;
2587 }
2588
333ae95d 2589 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2590 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2591 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2592 goto failed;
2593 }
2594
591f47f3 2595 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2596 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2597 &cp->addr.bdaddr);
88c3df13 2598 else
9d4c1cc1
JH		 2599 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2600 le_addr_type(cp->addr.type));
365227e5 2601
f960727e 2602 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2603 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2604 MGMT_STATUS_NOT_CONNECTED, &rp,
2605 sizeof(rp));
8962ee74
JH		 2606 goto failed;
2607 }
2608
2e58ef3e 2609 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2610 if (!cmd) {
2611 err = -ENOMEM;
8962ee74 2612 goto failed;
366a0336 2613 }
8962ee74 2614
f5818c22
JH		 2615 cmd->cmd_complete = generic_cmd_complete;
2616
e3f2f92a 2617 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2618 if (err < 0)
a664b5bc 2619 mgmt_pending_remove(cmd);
8962ee74
JH		 2620
2621failed:
09fd0de5 2622 hci_dev_unlock(hdev);
8962ee74
JH		 2623 return err;
2624}
2625
57c1477c 2626static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2627{
2628 switch (link_type) {
2629 case LE_LINK:
48264f06
JH		 2630 switch (addr_type) {
2631 case ADDR_LE_DEV_PUBLIC:
591f47f3 2632 return BDADDR_LE_PUBLIC;
0ed09148 2633
48264f06 2634 default:
0ed09148 2635 /* Fallback to LE Random address type */
591f47f3 2636 return BDADDR_LE_RANDOM;
48264f06 2637 }
0ed09148 2638
4c659c39 2639 default:
0ed09148 2640 /* Fallback to BR/EDR type */
591f47f3 2641 return BDADDR_BREDR;
4c659c39
JH		 2642 }
2643}
2644
04124681
GP		 2645static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2646 u16 data_len)
2784eb41 2647{
2784eb41 2648 struct mgmt_rp_get_connections *rp;
8035ded4 2649 struct hci_conn *c;
60fc5fb6
JH		 2650 int err;
2651 u16 i;
2784eb41 2652
181d6953 2653 bt_dev_dbg(hdev, "sock %p", sk);
2784eb41 2654
09fd0de5 2655 hci_dev_lock(hdev);
2784eb41 2656
5f97c1df 2657 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2658 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2659 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2660 goto unlock;
2661 }
2662
60fc5fb6 2663 i = 0;
b644ba33
JH		 2664 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2665 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2666 i++;
2784eb41
JH		 2667 }
2668
72bb169e 2669 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
a38528f1 2670 if (!rp) {
2784eb41
JH		 2671 err = -ENOMEM;
2672 goto unlock;
2673 }
2674
2784eb41 2675 i = 0;
4c659c39 2676 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2677 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2678 continue;
4c659c39 2679 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2680 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2681 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2682 continue;
2683 i++;
2684 }
2685
eb55ef07 2686 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2687
4c659c39 2688 /* Recalculate length in case of filtered SCO connections, etc */
2a1afb5a 2689 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
72bb169e 2690 struct_size(rp, addr, i));
2784eb41 2691
a38528f1 2692 kfree(rp);
5f97c1df
JH		 2693
2694unlock:
09fd0de5 2695 hci_dev_unlock(hdev);
2784eb41
JH		 2696 return err;
2697}
2698
bdb6d971 2699static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2700 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2701{
3b0602cd 2702 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2703 int err;
2704
2e58ef3e 2705 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2706 sizeof(*cp));
96d97a67
WR		 2707 if (!cmd)
2708 return -ENOMEM;
2709
dd7e39bb
AL		 2710 cmd->cmd_complete = addr_cmd_complete;
2711
d8457698 2712 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2713 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2714 if (err < 0)
2715 mgmt_pending_remove(cmd);
2716
2717 return err;
2718}
2719
bdb6d971 2720static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2721 u16 len)
980e1a53 2722{
96d97a67 2723 struct hci_conn *conn;
650f726d 2724 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2725 struct hci_cp_pin_code_reply reply;
3b0602cd 2726 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2727 int err;
2728
181d6953 2729 bt_dev_dbg(hdev, "sock %p", sk);
980e1a53 2730
09fd0de5 2731 hci_dev_lock(hdev);
980e1a53 2732
4b34ee78 2733 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2735 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2736 goto failed;
2737 }
2738
d8457698 2739 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2740 if (!conn) {
a69e8375
JH		 2741 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2742 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2743 goto failed;
2744 }
2745
2746 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2747 struct mgmt_cp_pin_code_neg_reply ncp;
2748
2749 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67 2750
2064ee33 2751 bt_dev_err(hdev, "PIN code is not 16 bytes long");
96d97a67 2752
bdb6d971 2753 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2754 if (err >= 0)
a69e8375
JH		 2755 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2756 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2757
2758 goto failed;
2759 }
2760
00abfe44 2761 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2762 if (!cmd) {
2763 err = -ENOMEM;
980e1a53 2764 goto failed;
366a0336 2765 }
980e1a53 2766
7776d1d8
JH		 2767 cmd->cmd_complete = addr_cmd_complete;
2768
d8457698 2769 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2770 reply.pin_len = cp->pin_len;
24718ca5 2771 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2772
2773 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2774 if (err < 0)
a664b5bc 2775 mgmt_pending_remove(cmd);
980e1a53
JH		 2776
2777failed:
09fd0de5 2778 hci_dev_unlock(hdev);
980e1a53
JH		 2779 return err;
2780}
2781
04124681
GP		 2782static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2783 u16 len)
17fa4b9d 2784{
650f726d 2785 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d 2786
181d6953 2787 bt_dev_dbg(hdev, "sock %p", sk);
17fa4b9d 2788
4ec86d4c 2789 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 2790 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2791 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 2792
09fd0de5 2793 hci_dev_lock(hdev);
17fa4b9d
JH		 2794
2795 hdev->io_capability = cp->io_capability;
2796
181d6953 2797 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
17fa4b9d 2798
09fd0de5 2799 hci_dev_unlock(hdev);
17fa4b9d 2800
2a1afb5a
JH		 2801 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2802 NULL, 0);
17fa4b9d
JH		 2803}
2804
3b0602cd 2805static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2806{
2807 struct hci_dev *hdev = conn->hdev;
3b0602cd 2808 struct mgmt_pending_cmd *cmd;
e9a416b5 2809
2e58ef3e 2810 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2811 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2812 continue;
2813
e9a416b5
JH		 2814 if (cmd->user_data != conn)
2815 continue;
2816
2817 return cmd;
2818 }
2819
2820 return NULL;
2821}
2822
3b0602cd 2823static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2824{
2825 struct mgmt_rp_pair_device rp;
2826 struct hci_conn *conn = cmd->user_data;
9df74653 2827 int err;
e9a416b5 2828
61b1a7fb
JH		 2829 bacpy(&rp.addr.bdaddr, &conn->dst);
2830 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2831
2a1afb5a
JH		 2832 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2833 status, &rp, sizeof(rp));
e9a416b5
JH		 2834
2835 /* So we don't get further callbacks for this connection */
2836 conn->connect_cfm_cb = NULL;
2837 conn->security_cfm_cb = NULL;
2838 conn->disconn_cfm_cb = NULL;
2839
76a68ba0 2840 hci_conn_drop(conn);
89cbb063
AA		 2841
2842 /* The device is paired so there is no need to remove
2843 * its connection parameters anymore.
2844 */
2845 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2846
2847 hci_conn_put(conn);
9df74653
JH		 2848
2849 return err;
e9a416b5
JH		 2850}
2851
f4a407be
JH		 2852void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2853{
2854 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2855 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2856
2857 cmd = find_pairing(conn);
a511b35b 2858 if (cmd) {
04ab2749 2859 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2860 mgmt_pending_remove(cmd);
2861 }
f4a407be
JH		 2862}
2863
e9a416b5
JH		 2864static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2865{
3b0602cd 2866 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2867
2868 BT_DBG("status %u", status);
2869
2870 cmd = find_pairing(conn);
a511b35b 2871 if (!cmd) {
e9a416b5 2872 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2873 return;
2874 }
2875
2876 cmd->cmd_complete(cmd, mgmt_status(status));
2877 mgmt_pending_remove(cmd);
e9a416b5
JH		 2878}
2879
f4a407be 2880static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2881{
3b0602cd 2882 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2883
2884 BT_DBG("status %u", status);
2885
2886 if (!status)
2887 return;
2888
2889 cmd = find_pairing(conn);
a511b35b 2890 if (!cmd) {
4c47d739 2891 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2892 return;
2893 }
2894
2895 cmd->cmd_complete(cmd, mgmt_status(status));
2896 mgmt_pending_remove(cmd);
4c47d739
VA		 2897}
2898
bdb6d971 2899static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2900 u16 len)
e9a416b5 2901{
650f726d 2902 struct mgmt_cp_pair_device *cp = data;
1425acb7 2903 struct mgmt_rp_pair_device rp;
3b0602cd 2904 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2905 u8 sec_level, auth_type;
2906 struct hci_conn *conn;
e9a416b5
JH		 2907 int err;
2908
181d6953 2909 bt_dev_dbg(hdev, "sock %p", sk);
e9a416b5 2910
f950a30e
SJ		 2911 memset(&rp, 0, sizeof(rp));
2912 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2913 rp.addr.type = cp->addr.type;
2914
4ee71b20 2915 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2916 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2917 MGMT_STATUS_INVALID_PARAMS,
2918 &rp, sizeof(rp));
4ee71b20 2919
4ec86d4c 2920 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2921 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2922 MGMT_STATUS_INVALID_PARAMS,
2923 &rp, sizeof(rp));
4ec86d4c 2924
09fd0de5 2925 hci_dev_lock(hdev);
e9a416b5 2926
5f97c1df 2927 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2928 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2929 MGMT_STATUS_NOT_POWERED, &rp,
2930 sizeof(rp));
5f97c1df
JH		 2931 goto unlock;
2932 }
2933
55e76b38
JH		 2934 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2935 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2936 MGMT_STATUS_ALREADY_PAIRED, &rp,
2937 sizeof(rp));
2938 goto unlock;
2939 }
2940
c908df36 2941 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2942 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2943
6f77d8c7 2944 if (cp->addr.type == BDADDR_BREDR) {
04a6c589 2945 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
76b13996 2946 auth_type, CONN_REASON_PAIR_DEVICE);
6f77d8c7 2947 } else {
85813a7e 2948 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2949 struct hci_conn_params *p;
6f77d8c7 2950
7c264b10
MH		 2951 /* When pairing a new device, it is expected to remember
2952 * this device for future connections. Adding the connection
2953 * parameter information ahead of time allows tracking
2954 * of the slave preferred values and will speed up any
2955 * further connection establishment.
2956 *
2957 * If connection parameters already exist, then they
2958 * will be kept and this function does nothing.
2959 */
5157b8a5
JP		 2960 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2961
2962 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2963 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2964
76b13996
MM		 2965 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
2966 sec_level, HCI_LE_CONN_TIMEOUT,
2967 CONN_REASON_PAIR_DEVICE);
6f77d8c7 2968 }
7a512d01 2969
30e76272 2970 if (IS_ERR(conn)) {
489dc48e
AK		 2971 int status;
2972
2973 if (PTR_ERR(conn) == -EBUSY)
2974 status = MGMT_STATUS_BUSY;
faa81030
LR		 2975 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2976 status = MGMT_STATUS_NOT_SUPPORTED;
2977 else if (PTR_ERR(conn) == -ECONNREFUSED)
2978 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2979 else
2980 status = MGMT_STATUS_CONNECT_FAILED;
2981
2a1afb5a
JH		 2982 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2983 status, &rp, sizeof(rp));
e9a416b5
JH		 2984 goto unlock;
2985 }
2986
2987 if (conn->connect_cfm_cb) {
76a68ba0 2988 hci_conn_drop(conn);
2a1afb5a
JH		 2989 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2990 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2991 goto unlock;
2992 }
2993
2e58ef3e 2994 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2995 if (!cmd) {
2996 err = -ENOMEM;
76a68ba0 2997 hci_conn_drop(conn);
e9a416b5
JH		 2998 goto unlock;
2999 }
3000
04ab2749
JH		 3001 cmd->cmd_complete = pairing_complete;
3002
7a512d01 3003 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3004 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3005 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3006 conn->security_cfm_cb = pairing_complete_cb;
3007 conn->disconn_cfm_cb = pairing_complete_cb;
3008 } else {
3009 conn->connect_cfm_cb = le_pairing_complete_cb;
3010 conn->security_cfm_cb = le_pairing_complete_cb;
3011 conn->disconn_cfm_cb = le_pairing_complete_cb;
3012 }
7a512d01 3013
e9a416b5 3014 conn->io_capability = cp->io_cap;
f8aaf9b6 3015 cmd->user_data = hci_conn_get(conn);
e9a416b5 3016
6f78fd4b 3017 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3018 hci_conn_security(conn, sec_level, auth_type, true)) {
3019 cmd->cmd_complete(cmd, 0);
3020 mgmt_pending_remove(cmd);
3021 }
e9a416b5
JH		 3022
3023 err = 0;
3024
3025unlock:
09fd0de5 3026 hci_dev_unlock(hdev);
e9a416b5
JH		 3027 return err;
3028}
3029
04124681
GP		 3030static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3031 u16 len)
28424707 3032{
0f4e68cf 3033 struct mgmt_addr_info *addr = data;
3b0602cd 3034 struct mgmt_pending_cmd *cmd;
28424707
JH		 3035 struct hci_conn *conn;
3036 int err;
3037
181d6953 3038 bt_dev_dbg(hdev, "sock %p", sk);
28424707 3039
28424707
JH		 3040 hci_dev_lock(hdev);
3041
5f97c1df 3042 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3043 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3044 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3045 goto unlock;
3046 }
3047
333ae95d 3048 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3049 if (!cmd) {
a69e8375
JH		 3050 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3051 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3052 goto unlock;
3053 }
3054
3055 conn = cmd->user_data;
3056
3057 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3058 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3059 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3060 goto unlock;
3061 }
3062
a511b35b
JH		 3063 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3064 mgmt_pending_remove(cmd);
28424707 3065
2a1afb5a
JH		 3066 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3067 addr, sizeof(*addr));
76b13996
MM		 3068
3069 /* Since user doesn't want to proceed with the connection, abort any
3070 * ongoing pairing and then terminate the link if it was created
3071 * because of the pair device action.
3072 */
3073 if (addr->type == BDADDR_BREDR)
3074 hci_remove_link_key(hdev, &addr->bdaddr);
3075 else
3076 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3077 le_addr_type(addr->type));
3078
3079 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3080 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3081
28424707
JH		 3082unlock:
3083 hci_dev_unlock(hdev);
28424707
JH		 3084 return err;
3085}
3086
bdb6d971 3087static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3088 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3089 u16 hci_op, __le32 passkey)
a5c29683 3090{
3b0602cd 3091 struct mgmt_pending_cmd *cmd;
0df4c185 3092 struct hci_conn *conn;
a5c29683
JH		 3093 int err;
3094
09fd0de5 3095 hci_dev_lock(hdev);
08ba5382 3096
4b34ee78 3097 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3098 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3099 MGMT_STATUS_NOT_POWERED, addr,
3100 sizeof(*addr));
0df4c185 3101 goto done;
a5c29683
JH		 3102 }
3103
1707c60e
JH		 3104 if (addr->type == BDADDR_BREDR)
3105 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3106 else
9d4c1cc1
JH		 3107 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3108 le_addr_type(addr->type));
272d90df
JH		 3109
3110 if (!conn) {
2a1afb5a
JH		 3111 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3112 MGMT_STATUS_NOT_CONNECTED, addr,
3113 sizeof(*addr));
272d90df
JH		 3114 goto done;
3115 }
47c15e2b 3116
1707c60e 3117 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3118 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3119 if (!err)
2a1afb5a
JH		 3120 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3121 MGMT_STATUS_SUCCESS, addr,
3122 sizeof(*addr));
5fe57d9e 3123 else
2a1afb5a
JH		 3124 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3125 MGMT_STATUS_FAILED, addr,
3126 sizeof(*addr));
47c15e2b 3127
47c15e2b
BG		 3128 goto done;
3129 }
3130
1707c60e 3131 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3132 if (!cmd) {
3133 err = -ENOMEM;
0df4c185 3134 goto done;
a5c29683
JH		 3135 }
3136
7776d1d8
JH		 3137 cmd->cmd_complete = addr_cmd_complete;
3138
0df4c185 3139 /* Continue with pairing via HCI */
604086b7
BG		 3140 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3141 struct hci_cp_user_passkey_reply cp;
3142
1707c60e 3143 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3144 cp.passkey = passkey;
3145 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3146 } else
1707c60e
JH		 3147 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3148 &addr->bdaddr);
604086b7 3149
a664b5bc
JH		 3150 if (err < 0)
3151 mgmt_pending_remove(cmd);
a5c29683 3152
0df4c185 3153done:
09fd0de5 3154 hci_dev_unlock(hdev);
a5c29683
JH		 3155 return err;
3156}
3157
afeb019d
JK		 3158static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3159 void *data, u16 len)
3160{
3161 struct mgmt_cp_pin_code_neg_reply *cp = data;
3162
181d6953 3163 bt_dev_dbg(hdev, "sock %p", sk);
afeb019d 3164
1707c60e 3165 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3166 MGMT_OP_PIN_CODE_NEG_REPLY,
3167 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3168}
3169
04124681
GP		 3170static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3171 u16 len)
0df4c185 3172{
650f726d 3173 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185 3174
181d6953 3175 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185
BG		 3176
3177 if (len != sizeof(*cp))
a69e8375
JH		 3178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3179 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3180
1707c60e 3181 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3182 MGMT_OP_USER_CONFIRM_REPLY,
3183 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3184}
3185
bdb6d971 3186static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3187 void *data, u16 len)
0df4c185 3188{
c9c2659f 3189 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185 3190
181d6953 3191 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185 3192
1707c60e 3193 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3194 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3195 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3196}
3197
04124681
GP		 3198static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3199 u16 len)
604086b7 3200{
650f726d 3201 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7 3202
181d6953 3203 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3204
1707c60e 3205 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3206 MGMT_OP_USER_PASSKEY_REPLY,
3207 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3208}
3209
bdb6d971 3210static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3211 void *data, u16 len)
604086b7 3212{
650f726d 3213 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7 3214
181d6953 3215 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3216
1707c60e 3217 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3218 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3219 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3220}
3221
7c295c48
MN		 3222static void adv_expire(struct hci_dev *hdev, u32 flags)
3223{
3224 struct adv_info *adv_instance;
3225 struct hci_request req;
3226 int err;
3227
3228 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3229 if (!adv_instance)
3230 return;
3231
3232 /* stop if current instance doesn't need to be changed */
3233 if (!(adv_instance->flags & flags))
3234 return;
3235
3236 cancel_adv_timeout(hdev);
3237
3238 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3239 if (!adv_instance)
3240 return;
3241
3242 hci_req_init(&req, hdev);
3243 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3244 true);
3245 if (err)
3246 return;
3247
3248 hci_req_run(&req, NULL);
3249}
3250
1904a853 3251static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3252{
3253 struct mgmt_cp_set_local_name *cp;
3b0602cd 3254 struct mgmt_pending_cmd *cmd;
13928971 3255
181d6953 3256 bt_dev_dbg(hdev, "status 0x%02x", status);
13928971
JH		 3257
3258 hci_dev_lock(hdev);
3259
333ae95d 3260 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3261 if (!cmd)
3262 goto unlock;
3263
3264 cp = cmd->param;
3265
7c295c48 3266 if (status) {
a69e8375
JH		 3267 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3268 mgmt_status(status));
7c295c48 3269 } else {
2a1afb5a
JH		 3270 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3271 cp, sizeof(*cp));
13928971 3272
7c295c48
MN		 3273 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3274 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3275 }
3276
13928971
JH		 3277 mgmt_pending_remove(cmd);
3278
3279unlock:
3280 hci_dev_unlock(hdev);
3281}
3282
bdb6d971 3283static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3284 u16 len)
b312b161 3285{
2b4bf397 3286 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3287 struct mgmt_pending_cmd *cmd;
890ea898 3288 struct hci_request req;
b312b161
JH		 3289 int err;
3290
181d6953 3291 bt_dev_dbg(hdev, "sock %p", sk);
b312b161 3292
09fd0de5 3293 hci_dev_lock(hdev);
b312b161 3294
b3f2ca94
JH		 3295 /* If the old values are the same as the new ones just return a
3296 * direct command complete event.
3297 */
3298 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3299 !memcmp(hdev->short_name, cp->short_name,
3300 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3302 data, len);
b3f2ca94
JH		 3303 goto failed;
3304 }
3305
2b4bf397 3306 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3307
b5235a65 3308 if (!hdev_is_powered(hdev)) {
2b4bf397 3309 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3310
2a1afb5a
JH		 3311 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3312 data, len);
28cc7bde
JH		 3313 if (err < 0)
3314 goto failed;
3315
5504c3a3
MH		 3316 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3317 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3318 ext_info_changed(hdev, sk);
28cc7bde 3319
b5235a65
JH		 3320 goto failed;
3321 }
3322
28cc7bde 3323 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3324 if (!cmd) {
3325 err = -ENOMEM;
3326 goto failed;
3327 }
3328
13928971
JH		 3329 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3330
890ea898 3331 hci_req_init(&req, hdev);
3f985050
JH		 3332
3333 if (lmp_bredr_capable(hdev)) {
00cf5040 3334 __hci_req_update_name(&req);
b1a8917c 3335 __hci_req_update_eir(&req);
3f985050
JH		 3336 }
3337
7a5f4990
MH		 3338 /* The name is stored in the scan response data and so
3339 * no need to udpate the advertising data here.
3340 */
7dc6f16c 3341 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
cab054ab 3342 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3f985050 3343
13928971 3344 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3345 if (err < 0)
3346 mgmt_pending_remove(cmd);
3347
3348failed:
09fd0de5 3349 hci_dev_unlock(hdev);
b312b161
JH		 3350 return err;
3351}
3352
c4960ecf
MN		 3353static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3354 u16 len)
3355{
3356 struct mgmt_cp_set_appearance *cp = data;
6613baba 3357 u16 appearance;
c4960ecf
MN		 3358 int err;
3359
181d6953 3360 bt_dev_dbg(hdev, "sock %p", sk);
c4960ecf 3361
af4168c5
MN		 3362 if (!lmp_le_capable(hdev))
3363 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3364 MGMT_STATUS_NOT_SUPPORTED);
3365
6613baba 3366 appearance = le16_to_cpu(cp->appearance);
c4960ecf
MN		 3367
3368 hci_dev_lock(hdev);
3369
6613baba
AM		 3370 if (hdev->appearance != appearance) {
3371 hdev->appearance = appearance;
c4960ecf
MN		 3372
3373 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3374 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
e74317f4
MN		 3375
3376 ext_info_changed(hdev, sk);
c4960ecf
MN		 3377 }
3378
3379 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3380 0);
3381
3382 hci_dev_unlock(hdev);
3383
3384 return err;
3385}
3386
6244691f
JK		 3387static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3388 void *data, u16 len)
3389{
3390 struct mgmt_rp_get_phy_confguration rp;
3391
181d6953 3392 bt_dev_dbg(hdev, "sock %p", sk);
6244691f
JK		 3393
3394 hci_dev_lock(hdev);
3395
3396 memset(&rp, 0, sizeof(rp));
3397
3398 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3399 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3400 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3401
3402 hci_dev_unlock(hdev);
3403
3404 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3405 &rp, sizeof(rp));
3406}
3407
b7c23df8
JK		 3408int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3409{
3410 struct mgmt_ev_phy_configuration_changed ev;
3411
3412 memset(&ev, 0, sizeof(ev));
3413
3414 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3415
3416 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3417 sizeof(ev), skip);
3418}
3419
0314f286
JK		 3420static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3421 u16 opcode, struct sk_buff *skb)
3422{
0314f286
JK		 3423 struct mgmt_pending_cmd *cmd;
3424
181d6953 3425 bt_dev_dbg(hdev, "status 0x%02x", status);
0314f286
JK		 3426
3427 hci_dev_lock(hdev);
3428
3429 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3430 if (!cmd)
3431 goto unlock;
3432
0314f286
JK		 3433 if (status) {
3434 mgmt_cmd_status(cmd->sk, hdev->id,
3435 MGMT_OP_SET_PHY_CONFIGURATION,
3436 mgmt_status(status));
3437 } else {
3438 mgmt_cmd_complete(cmd->sk, hdev->id,
3439 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3440 NULL, 0);
b7c23df8
JK		 3441
3442 mgmt_phy_configuration_changed(hdev, cmd->sk);
0314f286
JK		 3443 }
3444
3445 mgmt_pending_remove(cmd);
3446
3447unlock:
3448 hci_dev_unlock(hdev);
3449}
3450
3451static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3452 void *data, u16 len)
3453{
3454 struct mgmt_cp_set_phy_confguration *cp = data;
3455 struct hci_cp_le_set_default_phy cp_phy;
3456 struct mgmt_pending_cmd *cmd;
3457 struct hci_request req;
3458 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3459 u16 pkt_type = (HCI_DH1 | HCI_DM1);
b7c23df8 3460 bool changed = false;
0314f286
JK		 3461 int err;
3462
181d6953 3463 bt_dev_dbg(hdev, "sock %p", sk);
0314f286
JK		 3464
3465 configurable_phys = get_configurable_phys(hdev);
3466 supported_phys = get_supported_phys(hdev);
3467 selected_phys = __le32_to_cpu(cp->selected_phys);
3468
3469 if (selected_phys & ~supported_phys)
3470 return mgmt_cmd_status(sk, hdev->id,
3471 MGMT_OP_SET_PHY_CONFIGURATION,
3472 MGMT_STATUS_INVALID_PARAMS);
3473
3474 unconfigure_phys = supported_phys & ~configurable_phys;
3475
3476 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3477 return mgmt_cmd_status(sk, hdev->id,
3478 MGMT_OP_SET_PHY_CONFIGURATION,
3479 MGMT_STATUS_INVALID_PARAMS);
3480
3481 if (selected_phys == get_selected_phys(hdev))
3482 return mgmt_cmd_complete(sk, hdev->id,
3483 MGMT_OP_SET_PHY_CONFIGURATION,
3484 0, NULL, 0);
3485
3486 hci_dev_lock(hdev);
3487
3488 if (!hdev_is_powered(hdev)) {
3489 err = mgmt_cmd_status(sk, hdev->id,
3490 MGMT_OP_SET_PHY_CONFIGURATION,
3491 MGMT_STATUS_REJECTED);
3492 goto unlock;
3493 }
3494
3495 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3496 err = mgmt_cmd_status(sk, hdev->id,
3497 MGMT_OP_SET_PHY_CONFIGURATION,
3498 MGMT_STATUS_BUSY);
3499 goto unlock;
3500 }
3501
3502 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3503 pkt_type |= (HCI_DH3 | HCI_DM3);
3504 else
3505 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3506
3507 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3508 pkt_type |= (HCI_DH5 | HCI_DM5);
3509 else
3510 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3511
3512 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3513 pkt_type &= ~HCI_2DH1;
3514 else
3515 pkt_type |= HCI_2DH1;
3516
3517 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3518 pkt_type &= ~HCI_2DH3;
3519 else
3520 pkt_type |= HCI_2DH3;
3521
3522 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3523 pkt_type &= ~HCI_2DH5;
3524 else
3525 pkt_type |= HCI_2DH5;
3526
3527 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3528 pkt_type &= ~HCI_3DH1;
3529 else
3530 pkt_type |= HCI_3DH1;
3531
3532 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3533 pkt_type &= ~HCI_3DH3;
3534 else
3535 pkt_type |= HCI_3DH3;
3536
3537 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3538 pkt_type &= ~HCI_3DH5;
3539 else
3540 pkt_type |= HCI_3DH5;
3541
b7c23df8 3542 if (pkt_type != hdev->pkt_type) {
0314f286 3543 hdev->pkt_type = pkt_type;
b7c23df8
JK		 3544 changed = true;
3545 }
0314f286
JK		 3546
3547 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3548 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
b7c23df8
JK		 3549 if (changed)
3550 mgmt_phy_configuration_changed(hdev, sk);
3551
0314f286
JK		 3552 err = mgmt_cmd_complete(sk, hdev->id,
3553 MGMT_OP_SET_PHY_CONFIGURATION,
3554 0, NULL, 0);
3555
3556 goto unlock;
3557 }
3558
3559 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3560 len);
3561 if (!cmd) {
3562 err = -ENOMEM;
3563 goto unlock;
3564 }
3565
3566 hci_req_init(&req, hdev);
3567
3568 memset(&cp_phy, 0, sizeof(cp_phy));
3569
3570 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3571 cp_phy.all_phys |= 0x01;
3572
3573 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3574 cp_phy.all_phys |= 0x02;
3575
3576 if (selected_phys & MGMT_PHY_LE_1M_TX)
3577 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3578
3579 if (selected_phys & MGMT_PHY_LE_2M_TX)
3580 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3581
3582 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3583 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3584
3585 if (selected_phys & MGMT_PHY_LE_1M_RX)
3586 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3587
3588 if (selected_phys & MGMT_PHY_LE_2M_RX)
3589 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3590
3591 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3592 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3593
3594 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3595
3596 err = hci_req_run_skb(&req, set_default_phy_complete);
3597 if (err < 0)
3598 mgmt_pending_remove(cmd);
3599
3600unlock:
3601 hci_dev_unlock(hdev);
3602
3603 return err;
3604}
3605
600a8749
AM		 3606static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3607 u16 len)
3608{
3609 int err = MGMT_STATUS_SUCCESS;
3610 struct mgmt_cp_set_blocked_keys *keys = data;
3611 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3612 sizeof(struct mgmt_blocked_key_info));
3613 u16 key_count, expected_len;
3614 int i;
3615
181d6953 3616 bt_dev_dbg(hdev, "sock %p", sk);
600a8749
AM		 3617
3618 key_count = __le16_to_cpu(keys->key_count);
3619 if (key_count > max_key_count) {
3620 bt_dev_err(hdev, "too big key_count value %u", key_count);
3621 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3622 MGMT_STATUS_INVALID_PARAMS);
3623 }
3624
3625 expected_len = struct_size(keys, keys, key_count);
3626 if (expected_len != len) {
3627 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3628 expected_len, len);
3629 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3630 MGMT_STATUS_INVALID_PARAMS);
3631 }
3632
3633 hci_dev_lock(hdev);
3634
3635 hci_blocked_keys_clear(hdev);
3636
3637 for (i = 0; i < keys->key_count; ++i) {
3638 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3639
3640 if (!b) {
3641 err = MGMT_STATUS_NO_RESOURCES;
3642 break;
3643 }
3644
3645 b->type = keys->keys[i].type;
3646 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3647 list_add_rcu(&b->list, &hdev->blocked_keys);
3648 }
3649 hci_dev_unlock(hdev);
3650
3651 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3652 err, NULL, 0);
3653}
3654
00bce3fb
AM		 3655static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3656 void *data, u16 len)
3657{
3658 struct mgmt_mode *cp = data;
3659 int err;
3660 bool changed = false;
3661
181d6953 3662 bt_dev_dbg(hdev, "sock %p", sk);
00bce3fb
AM		 3663
3664 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3665 return mgmt_cmd_status(sk, hdev->id,
3666 MGMT_OP_SET_WIDEBAND_SPEECH,
3667 MGMT_STATUS_NOT_SUPPORTED);
3668
3669 if (cp->val != 0x00 && cp->val != 0x01)
3670 return mgmt_cmd_status(sk, hdev->id,
3671 MGMT_OP_SET_WIDEBAND_SPEECH,
3672 MGMT_STATUS_INVALID_PARAMS);
3673
3674 hci_dev_lock(hdev);
3675
3676 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3677 err = mgmt_cmd_status(sk, hdev->id,
3678 MGMT_OP_SET_WIDEBAND_SPEECH,
3679 MGMT_STATUS_BUSY);
3680 goto unlock;
3681 }
3682
3683 if (hdev_is_powered(hdev) &&
3684 !!cp->val != hci_dev_test_flag(hdev,
3685 HCI_WIDEBAND_SPEECH_ENABLED)) {
3686 err = mgmt_cmd_status(sk, hdev->id,
3687 MGMT_OP_SET_WIDEBAND_SPEECH,
3688 MGMT_STATUS_REJECTED);
3689 goto unlock;
3690 }
3691
3692 if (cp->val)
3693 changed = !hci_dev_test_and_set_flag(hdev,
3694 HCI_WIDEBAND_SPEECH_ENABLED);
3695 else
3696 changed = hci_dev_test_and_clear_flag(hdev,
3697 HCI_WIDEBAND_SPEECH_ENABLED);
3698
3699 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3700 if (err < 0)
3701 goto unlock;
3702
3703 if (changed)
3704 err = new_settings(hdev, sk);
3705
3706unlock:
3707 hci_dev_unlock(hdev);
3708 return err;
3709}
3710
bc292258
MH		 3711static int read_security_info(struct sock *sk, struct hci_dev *hdev,
3712 void *data, u16 data_len)
3713{
3714 char buf[16];
3715 struct mgmt_rp_read_security_info *rp = (void *)buf;
3716 u16 sec_len = 0;
3717 u8 flags = 0;
3718
3719 bt_dev_dbg(hdev, "sock %p", sk);
3720
3721 memset(&buf, 0, sizeof(buf));
3722
3723 hci_dev_lock(hdev);
3724
3725 /* When the Read Simple Pairing Options command is supported, then
3726 * the remote public key validation is supported.
3727 */
3728 if (hdev->commands[41] & 0x08)
3729 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3730
3731 flags |= 0x02; /* Remote public key validation (LE) */
3732
3733 /* When the Read Encryption Key Size command is supported, then the
3734 * encryption key size is enforced.
3735 */
3736 if (hdev->commands[20] & 0x10)
3737 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3738
3739 flags |= 0x08; /* Encryption key size enforcement (LE) */
3740
3741 sec_len = eir_append_data(rp->sec, sec_len, 0x01, &flags, 1);
3742
3743 /* When the Read Simple Pairing Options command is supported, then
3744 * also max encryption key size information is provided.
3745 */
3746 if (hdev->commands[41] & 0x08)
3747 sec_len = eir_append_le16(rp->sec, sec_len, 0x02,
3748 hdev->max_enc_key_size);
3749
3750 sec_len = eir_append_le16(rp->sec, sec_len, 0x03, SMP_MAX_ENC_KEY_SIZE);
3751
3752 rp->sec_len = cpu_to_le16(sec_len);
3753
3754 hci_dev_unlock(hdev);
3755
3756 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_SECURITY_INFO, 0,
3757 rp, sizeof(*rp) + sec_len);
3758}
3759
e625e50c
MH		 3760#ifdef CONFIG_BT_FEATURE_DEBUG
3761/* d4992530-b9ec-469f-ab01-6c481c47da1c */
3762static const u8 debug_uuid[16] = {
3763 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3764 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3765};
3766#endif
3767
15d8ce05
AM		 3768/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
3769static const u8 simult_central_periph_uuid[16] = {
3770 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
3771 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
3772};
3773
cbbdfa6f
SN		 3774/* 15c0a148-c273-11ea-b3de-0242ac130004 */
3775static const u8 rpa_resolution_uuid[16] = {
3776 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
3777 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
3778};
3779
a10c907c
MH		 3780static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3781 void *data, u16 data_len)
3782{
cbbdfa6f 3783 char buf[62]; /* Enough space for 3 features */
a10c907c
MH		 3784 struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
3785 u16 idx = 0;
15d8ce05 3786 u32 flags;
a10c907c
MH		 3787
3788 bt_dev_dbg(hdev, "sock %p", sk);
3789
3790 memset(&buf, 0, sizeof(buf));
3791
e625e50c
MH		 3792#ifdef CONFIG_BT_FEATURE_DEBUG
3793 if (!hdev) {
15d8ce05 3794 flags = bt_dbg_get() ? BIT(0) : 0;
e625e50c
MH		 3795
3796 memcpy(rp->features[idx].uuid, debug_uuid, 16);
3797 rp->features[idx].flags = cpu_to_le32(flags);
3798 idx++;
3799 }
3800#endif
3801
15d8ce05
AM		 3802 if (hdev) {
3803 if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) &&
3804 (hdev->le_states[4] & 0x08) && /* Central */
3805 (hdev->le_states[4] & 0x40) && /* Peripheral */
3806 (hdev->le_states[3] & 0x10)) /* Simultaneous */
3807 flags = BIT(0);
3808 else
3809 flags = 0;
3810
3811 memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16);
3812 rp->features[idx].flags = cpu_to_le32(flags);
3813 idx++;
3814 }
3815
cbbdfa6f
SN		 3816 if (hdev && use_ll_privacy(hdev)) {
3817 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
3818 flags = BIT(0) | BIT(1);
3819 else
3820 flags = BIT(1);
3821
3822 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
3823 rp->features[idx].flags = cpu_to_le32(flags);
3824 idx++;
3825 }
3826
a10c907c
MH		 3827 rp->feature_count = cpu_to_le16(idx);
3828
3829 /* After reading the experimental features information, enable
3830 * the events to update client on any future change.
3831 */
3832 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3833
3834 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3835 MGMT_OP_READ_EXP_FEATURES_INFO,
3836 0, rp, sizeof(*rp) + (20 * idx));
3837}
3838
cbbdfa6f
SN		 3839static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
3840 struct sock *skip)
3841{
3842 struct mgmt_ev_exp_feature_changed ev;
3843
3844 memset(&ev, 0, sizeof(ev));
3845 memcpy(ev.uuid, rpa_resolution_uuid, 16);
3846 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
3847
3848 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
3849 &ev, sizeof(ev),
3850 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3851
3852}
3853
e625e50c
MH		 3854#ifdef CONFIG_BT_FEATURE_DEBUG
3855static int exp_debug_feature_changed(bool enabled, struct sock *skip)
3856{
3857 struct mgmt_ev_exp_feature_changed ev;
3858
3859 memset(&ev, 0, sizeof(ev));
3860 memcpy(ev.uuid, debug_uuid, 16);
3861 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3862
3863 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL,
3864 &ev, sizeof(ev),
3865 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3866}
3867#endif
3868
a10c907c
MH		 3869static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
3870 void *data, u16 data_len)
3871{
3872 struct mgmt_cp_set_exp_feature *cp = data;
3873 struct mgmt_rp_set_exp_feature rp;
3874
3875 bt_dev_dbg(hdev, "sock %p", sk);
3876
3877 if (!memcmp(cp->uuid, ZERO_KEY, 16)) {
3878 memset(rp.uuid, 0, 16);
3879 rp.flags = cpu_to_le32(0);
3880
e625e50c
MH		 3881#ifdef CONFIG_BT_FEATURE_DEBUG
3882 if (!hdev) {
3883 bool changed = bt_dbg_get();
3884
3885 bt_dbg_set(false);
3886
3887 if (changed)
3888 exp_debug_feature_changed(false, sk);
3889 }
3890#endif
3891
cbbdfa6f
SN		 3892 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
3893 bool changed = hci_dev_test_flag(hdev,
3894 HCI_ENABLE_LL_PRIVACY);
3895
3896 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3897
3898 if (changed)
3899 exp_ll_privacy_feature_changed(false, hdev, sk);
3900 }
3901
a10c907c
MH		 3902 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3903
3904 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3905 MGMT_OP_SET_EXP_FEATURE, 0,
3906 &rp, sizeof(rp));
3907 }
3908
e625e50c
MH		 3909#ifdef CONFIG_BT_FEATURE_DEBUG
3910 if (!memcmp(cp->uuid, debug_uuid, 16)) {
3911 bool val, changed;
3912 int err;
3913
3914 /* Command requires to use the non-controller index */
3915 if (hdev)
3916 return mgmt_cmd_status(sk, hdev->id,
3917 MGMT_OP_SET_EXP_FEATURE,
3918 MGMT_STATUS_INVALID_INDEX);
3919
3920 /* Parameters are limited to a single octet */
3921 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3922 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3923 MGMT_OP_SET_EXP_FEATURE,
3924 MGMT_STATUS_INVALID_PARAMS);
3925
3926 /* Only boolean on/off is supported */
3927 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3928 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3929 MGMT_OP_SET_EXP_FEATURE,
3930 MGMT_STATUS_INVALID_PARAMS);
3931
3932 val = !!cp->param[0];
3933 changed = val ? !bt_dbg_get() : bt_dbg_get();
3934 bt_dbg_set(val);
3935
3936 memcpy(rp.uuid, debug_uuid, 16);
3937 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
3938
3939 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3940
3941 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
3942 MGMT_OP_SET_EXP_FEATURE, 0,
3943 &rp, sizeof(rp));
3944
3945 if (changed)
3946 exp_debug_feature_changed(val, sk);
3947
3948 return err;
3949 }
3950#endif
3951
cbbdfa6f
SN		 3952 if (!memcmp(cp->uuid, rpa_resolution_uuid, 16)) {
3953 bool val, changed;
3954 int err;
3955 u32 flags;
3956
3957 /* Command requires to use the controller index */
3958 if (!hdev)
3959 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
3960 MGMT_OP_SET_EXP_FEATURE,
3961 MGMT_STATUS_INVALID_INDEX);
3962
3963 /* Changes can only be made when controller is powered down */
3964 if (hdev_is_powered(hdev))
3965 return mgmt_cmd_status(sk, hdev->id,
3966 MGMT_OP_SET_EXP_FEATURE,
3967 MGMT_STATUS_NOT_POWERED);
3968
3969 /* Parameters are limited to a single octet */
3970 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3971 return mgmt_cmd_status(sk, hdev->id,
3972 MGMT_OP_SET_EXP_FEATURE,
3973 MGMT_STATUS_INVALID_PARAMS);
3974
3975 /* Only boolean on/off is supported */
3976 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
3977 return mgmt_cmd_status(sk, hdev->id,
3978 MGMT_OP_SET_EXP_FEATURE,
3979 MGMT_STATUS_INVALID_PARAMS);
3980
3981 val = !!cp->param[0];
3982
3983 if (val) {
3984 changed = !hci_dev_test_flag(hdev,
3985 HCI_ENABLE_LL_PRIVACY);
3986 hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3987 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
3988
3989 /* Enable LL privacy + supported settings changed */
3990 flags = BIT(0) | BIT(1);
3991 } else {
3992 changed = hci_dev_test_flag(hdev,
3993 HCI_ENABLE_LL_PRIVACY);
3994 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
3995
3996 /* Disable LL privacy + supported settings changed */
3997 flags = BIT(1);
3998 }
3999
4000 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4001 rp.flags = cpu_to_le32(flags);
4002
4003 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4004
4005 err = mgmt_cmd_complete(sk, hdev->id,
4006 MGMT_OP_SET_EXP_FEATURE, 0,
4007 &rp, sizeof(rp));
4008
4009 if (changed)
4010 exp_ll_privacy_feature_changed(val, hdev, sk);
4011
4012 return err;
4013 }
4014
a10c907c
MH		 4015 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4016 MGMT_OP_SET_EXP_FEATURE,
4017 MGMT_STATUS_NOT_SUPPORTED);
4018}
4019
4c54bf2b
APS		 4020#define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1)
4021
4022static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4023 u16 data_len)
4024{
4025 struct mgmt_cp_get_device_flags *cp = data;
4026 struct mgmt_rp_get_device_flags rp;
4027 struct bdaddr_list_with_flags *br_params;
4028 struct hci_conn_params *params;
4029 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4030 u32 current_flags = 0;
4031 u8 status = MGMT_STATUS_INVALID_PARAMS;
4032
4033 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
4034 &cp->addr.bdaddr, cp->addr.type);
4035
3ca33e3f
APS		 4036 hci_dev_lock(hdev);
4037
4c54bf2b
APS		 4038 if (cp->addr.type == BDADDR_BREDR) {
4039 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
4040 &cp->addr.bdaddr,
4041 cp->addr.type);
4042 if (!br_params)
4043 goto done;
4044
4045 current_flags = br_params->current_flags;
4046 } else {
4047 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4048 le_addr_type(cp->addr.type));
4049
4050 if (!params)
4051 goto done;
4052
4053 current_flags = params->current_flags;
4054 }
4055
4056 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4057 rp.addr.type = cp->addr.type;
4058 rp.supported_flags = cpu_to_le32(supported_flags);
4059 rp.current_flags = cpu_to_le32(current_flags);
4060
4061 status = MGMT_STATUS_SUCCESS;
4062
4063done:
3ca33e3f
APS		 4064 hci_dev_unlock(hdev);
4065
4c54bf2b
APS		 4066 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
4067 &rp, sizeof(rp));
4068}
4069
4070static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
4071 bdaddr_t *bdaddr, u8 bdaddr_type,
4072 u32 supported_flags, u32 current_flags)
4073{
4074 struct mgmt_ev_device_flags_changed ev;
4075
4076 bacpy(&ev.addr.bdaddr, bdaddr);
4077 ev.addr.type = bdaddr_type;
4078 ev.supported_flags = cpu_to_le32(supported_flags);
4079 ev.current_flags = cpu_to_le32(current_flags);
4080
4081 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
4082}
4083
4084static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4085 u16 len)
4086{
4087 struct mgmt_cp_set_device_flags *cp = data;
4088 struct bdaddr_list_with_flags *br_params;
4089 struct hci_conn_params *params;
4090 u8 status = MGMT_STATUS_INVALID_PARAMS;
4091 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4092 u32 current_flags = __le32_to_cpu(cp->current_flags);
4093
4094 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
4095 &cp->addr.bdaddr, cp->addr.type,
4096 __le32_to_cpu(current_flags));
4097
4098 if ((supported_flags | current_flags) != supported_flags) {
4099 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4100 current_flags, supported_flags);
4101 goto done;
4102 }
4103
3ca33e3f
APS		 4104 hci_dev_lock(hdev);
4105
4c54bf2b
APS		 4106 if (cp->addr.type == BDADDR_BREDR) {
4107 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->whitelist,
4108 &cp->addr.bdaddr,
4109 cp->addr.type);
4110
4111 if (br_params) {
4112 br_params->current_flags = current_flags;
4113 status = MGMT_STATUS_SUCCESS;
4114 } else {
4115 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
4116 &cp->addr.bdaddr, cp->addr.type);
4117 }
4118 } else {
4119 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4120 le_addr_type(cp->addr.type));
4121 if (params) {
4122 params->current_flags = current_flags;
4123 status = MGMT_STATUS_SUCCESS;
4124 } else {
4125 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
4126 &cp->addr.bdaddr,
4127 le_addr_type(cp->addr.type));
4128 }
4129 }
4130
4131done:
3ca33e3f
APS		 4132 hci_dev_unlock(hdev);
4133
4c54bf2b
APS		 4134 if (status == MGMT_STATUS_SUCCESS)
4135 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
4136 supported_flags, current_flags);
4137
4138 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
4139 &cp->addr, sizeof(cp->addr));
4140}
4141
b52729f2
MC		 4142static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
4143 u16 handle)
4144{
4145 struct mgmt_ev_adv_monitor_added ev;
4146
4147 ev.monitor_handle = cpu_to_le16(handle);
4148
4149 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
4150}
4151
cdde92e2
MC		 4152static void mgmt_adv_monitor_removed(struct sock *sk, struct hci_dev *hdev,
4153 u16 handle)
4154{
4155 struct mgmt_ev_adv_monitor_added ev;
4156
4157 ev.monitor_handle = cpu_to_le16(handle);
4158
4159 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk);
4160}
4161
e5e1e7fd
MC		 4162static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
4163 void *data, u16 len)
4164{
4165 struct adv_monitor *monitor = NULL;
4166 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
cafd472a 4167 int handle, err;
e5e1e7fd
MC		 4168 size_t rp_size = 0;
4169 __u32 supported = 0;
4170 __u16 num_handles = 0;
4171 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
4172
4173 BT_DBG("request for %s", hdev->name);
4174
4175 hci_dev_lock(hdev);
4176
4177 if (msft_get_features(hdev) & MSFT_FEATURE_MASK_LE_ADV_MONITOR)
4178 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
4179
4180 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle) {
4181 handles[num_handles++] = monitor->handle;
4182 }
4183
4184 hci_dev_unlock(hdev);
4185
4186 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
4187 rp = kmalloc(rp_size, GFP_KERNEL);
4188 if (!rp)
4189 return -ENOMEM;
4190
4191 /* Once controller-based monitoring is in place, the enabled_features
4192 * should reflect the use.
4193 */
4194 rp->supported_features = cpu_to_le32(supported);
4195 rp->enabled_features = 0;
4196 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
4197 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
4198 rp->num_handles = cpu_to_le16(num_handles);
4199 if (num_handles)
4200 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4201
cafd472a
PY		 4202 err = mgmt_cmd_complete(sk, hdev->id,
4203 MGMT_OP_READ_ADV_MONITOR_FEATURES,
4204 MGMT_STATUS_SUCCESS, rp, rp_size);
4205
4206 kfree(rp);
4207
4208 return err;
e5e1e7fd
MC		 4209}
4210
b139553d
MC		 4211static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4212 void *data, u16 len)
4213{
4214 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
4215 struct mgmt_rp_add_adv_patterns_monitor rp;
4216 struct adv_monitor *m = NULL;
4217 struct adv_pattern *p = NULL;
b52729f2 4218 unsigned int mp_cnt = 0, prev_adv_monitors_cnt;
b139553d 4219 __u8 cp_ofst = 0, cp_len = 0;
b139553d
MC		 4220 int err, i;
4221
4222 BT_DBG("request for %s", hdev->name);
4223
4224 if (len <= sizeof(*cp) || cp->pattern_count == 0) {
4225 err = mgmt_cmd_status(sk, hdev->id,
4226 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4227 MGMT_STATUS_INVALID_PARAMS);
4228 goto failed;
4229 }
4230
4231 m = kmalloc(sizeof(*m), GFP_KERNEL);
4232 if (!m) {
4233 err = -ENOMEM;
4234 goto failed;
4235 }
4236
4237 INIT_LIST_HEAD(&m->patterns);
4238 m->active = false;
4239
4240 for (i = 0; i < cp->pattern_count; i++) {
4241 if (++mp_cnt > HCI_MAX_ADV_MONITOR_NUM_PATTERNS) {
4242 err = mgmt_cmd_status(sk, hdev->id,
4243 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4244 MGMT_STATUS_INVALID_PARAMS);
4245 goto failed;
4246 }
4247
4248 cp_ofst = cp->patterns[i].offset;
4249 cp_len = cp->patterns[i].length;
4250 if (cp_ofst >= HCI_MAX_AD_LENGTH ||
4251 cp_len > HCI_MAX_AD_LENGTH ||
4252 (cp_ofst + cp_len) > HCI_MAX_AD_LENGTH) {
4253 err = mgmt_cmd_status(sk, hdev->id,
4254 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4255 MGMT_STATUS_INVALID_PARAMS);
4256 goto failed;
4257 }
4258
4259 p = kmalloc(sizeof(*p), GFP_KERNEL);
4260 if (!p) {
4261 err = -ENOMEM;
4262 goto failed;
4263 }
4264
4265 p->ad_type = cp->patterns[i].ad_type;
4266 p->offset = cp->patterns[i].offset;
4267 p->length = cp->patterns[i].length;
4268 memcpy(p->value, cp->patterns[i].value, p->length);
4269
4270 INIT_LIST_HEAD(&p->list);
4271 list_add(&p->list, &m->patterns);
4272 }
4273
4274 if (mp_cnt != cp->pattern_count) {
4275 err = mgmt_cmd_status(sk, hdev->id,
4276 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4277 MGMT_STATUS_INVALID_PARAMS);
4278 goto failed;
4279 }
4280
4281 hci_dev_lock(hdev);
4282
b52729f2
MC		 4283 prev_adv_monitors_cnt = hdev->adv_monitors_cnt;
4284
b139553d
MC		 4285 err = hci_add_adv_monitor(hdev, m);
4286 if (err) {
4287 if (err == -ENOSPC) {
4288 mgmt_cmd_status(sk, hdev->id,
4289 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4290 MGMT_STATUS_NO_RESOURCES);
4291 }
4292 goto unlock;
4293 }
4294
b52729f2
MC		 4295 if (hdev->adv_monitors_cnt > prev_adv_monitors_cnt)
4296 mgmt_adv_monitor_added(sk, hdev, m->handle);
4297
b139553d
MC		 4298 hci_dev_unlock(hdev);
4299
4300 rp.monitor_handle = cpu_to_le16(m->handle);
4301
4302 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
4303 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4304
4305unlock:
4306 hci_dev_unlock(hdev);
4307
4308failed:
4309 hci_free_adv_monitor(m);
4310 return err;
4311}
4312
bd2fbc6c
MC		 4313static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
4314 void *data, u16 len)
4315{
4316 struct mgmt_cp_remove_adv_monitor *cp = data;
4317 struct mgmt_rp_remove_adv_monitor rp;
cdde92e2 4318 unsigned int prev_adv_monitors_cnt;
bd2fbc6c
MC		 4319 u16 handle;
4320 int err;
4321
4322 BT_DBG("request for %s", hdev->name);
4323
4324 hci_dev_lock(hdev);
4325
4326 handle = __le16_to_cpu(cp->monitor_handle);
cdde92e2 4327 prev_adv_monitors_cnt = hdev->adv_monitors_cnt;
bd2fbc6c
MC		 4328
4329 err = hci_remove_adv_monitor(hdev, handle);
4330 if (err == -ENOENT) {
4331 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4332 MGMT_STATUS_INVALID_INDEX);
4333 goto unlock;
4334 }
4335
cdde92e2
MC		 4336 if (hdev->adv_monitors_cnt < prev_adv_monitors_cnt)
4337 mgmt_adv_monitor_removed(sk, hdev, handle);
4338
bd2fbc6c
MC		 4339 hci_dev_unlock(hdev);
4340
4341 rp.monitor_handle = cp->monitor_handle;
4342
4343 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4344 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4345
4346unlock:
4347 hci_dev_unlock(hdev);
4348 return err;
4349}
4350
1b9441f8
JH		 4351static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
4352 u16 opcode, struct sk_buff *skb)
4353{
4354 struct mgmt_rp_read_local_oob_data mgmt_rp;
4355 size_t rp_size = sizeof(mgmt_rp);
4356 struct mgmt_pending_cmd *cmd;
4357
181d6953 4358 bt_dev_dbg(hdev, "status %u", status);
1b9441f8
JH		 4359
4360 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4361 if (!cmd)
4362 return;
4363
4364 if (status || !skb) {
4365 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4366 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
4367 goto remove;
4368 }
4369
4370 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
4371
4372 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
4373 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
4374
4375 if (skb->len < sizeof(*rp)) {
4376 mgmt_cmd_status(cmd->sk, hdev->id,
4377 MGMT_OP_READ_LOCAL_OOB_DATA,
4378 MGMT_STATUS_FAILED);
4379 goto remove;
4380 }
4381
4382 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
4383 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
4384
4385 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
4386 } else {
4387 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
4388
4389 if (skb->len < sizeof(*rp)) {
4390 mgmt_cmd_status(cmd->sk, hdev->id,
4391 MGMT_OP_READ_LOCAL_OOB_DATA,
4392 MGMT_STATUS_FAILED);
4393 goto remove;
4394 }
4395
4396 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
4397 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
4398
4399 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
4400 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
4401 }
4402
4403 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4404 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
4405
4406remove:
4407 mgmt_pending_remove(cmd);
4408}
4409
0f4e68cf 4410static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 4411 void *data, u16 data_len)
c35938b2 4412{
3b0602cd 4413 struct mgmt_pending_cmd *cmd;
1b9441f8 4414 struct hci_request req;
c35938b2
SJ		 4415 int err;
4416
181d6953 4417 bt_dev_dbg(hdev, "sock %p", sk);
c35938b2 4418
09fd0de5 4419 hci_dev_lock(hdev);
c35938b2 4420
4b34ee78 4421 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 4422 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4423 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 4424 goto unlock;
4425 }
4426
9a1a1996 4427 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 4428 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4429 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 4430 goto unlock;
4431 }
4432
333ae95d 4433 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 4434 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4435 MGMT_STATUS_BUSY);
c35938b2
SJ		 4436 goto unlock;
4437 }
4438
2e58ef3e 4439 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 4440 if (!cmd) {
4441 err = -ENOMEM;
4442 goto unlock;
4443 }
4444
1b9441f8
JH		 4445 hci_req_init(&req, hdev);
4446
710f11c0 4447 if (bredr_sc_enabled(hdev))
1b9441f8 4448 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 4449 else
1b9441f8 4450 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 4451
1b9441f8 4452 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 4453 if (err < 0)
4454 mgmt_pending_remove(cmd);
4455
4456unlock:
09fd0de5 4457 hci_dev_unlock(hdev);
c35938b2
SJ		 4458 return err;
4459}
4460
bdb6d971 4461static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 4462 void *data, u16 len)
2763eda6 4463{
5d57e796 4464 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 4465 int err;
4466
181d6953 4467 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 4468
5d57e796 4469 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 4470 return mgmt_cmd_complete(sk, hdev->id,
4471 MGMT_OP_ADD_REMOTE_OOB_DATA,
4472 MGMT_STATUS_INVALID_PARAMS,
4473 addr, sizeof(*addr));
5d57e796 4474
09fd0de5 4475 hci_dev_lock(hdev);
2763eda6 4476
ec109113
MH		 4477 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4478 struct mgmt_cp_add_remote_oob_data *cp = data;
4479 u8 status;
bf1e3541 4480
c19a495c 4481 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 4482 err = mgmt_cmd_complete(sk, hdev->id,
4483 MGMT_OP_ADD_REMOTE_OOB_DATA,
4484 MGMT_STATUS_INVALID_PARAMS,
4485 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 4486 goto unlock;
4487 }
4488
ec109113 4489 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 4490 cp->addr.type, cp->hash,
4491 cp->rand, NULL, NULL);
ec109113
MH		 4492 if (err < 0)
4493 status = MGMT_STATUS_FAILED;
4494 else
4495 status = MGMT_STATUS_SUCCESS;
4496
2a1afb5a
JH		 4497 err = mgmt_cmd_complete(sk, hdev->id,
4498 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4499 &cp->addr, sizeof(cp->addr));
ec109113
MH		 4500 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4501 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 4502 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 4503 u8 status;
4504
86df9200 4505 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 4506 /* Enforce zero-valued 192-bit parameters as
4507 * long as legacy SMP OOB isn't implemented.
4508 */
4509 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4510 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 4511 err = mgmt_cmd_complete(sk, hdev->id,
4512 MGMT_OP_ADD_REMOTE_OOB_DATA,
4513 MGMT_STATUS_INVALID_PARAMS,
4514 addr, sizeof(*addr));
d25b78e2
JH		 4515 goto unlock;
4516 }
4517
86df9200
JH		 4518 rand192 = NULL;
4519 hash192 = NULL;
4520 } else {
41bcfd50
MH		 4521 /* In case one of the P-192 values is set to zero,
4522 * then just disable OOB data for P-192.
4523 */
4524 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4525 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4526 rand192 = NULL;
4527 hash192 = NULL;
4528 } else {
4529 rand192 = cp->rand192;
4530 hash192 = cp->hash192;
4531 }
4532 }
4533
4534 /* In case one of the P-256 values is set to zero, then just
4535 * disable OOB data for P-256.
4536 */
4537 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4538 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4539 rand256 = NULL;
4540 hash256 = NULL;
4541 } else {
4542 rand256 = cp->rand256;
4543 hash256 = cp->hash256;
86df9200
JH		 4544 }
4545
81328d5c 4546 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 4547 cp->addr.type, hash192, rand192,
41bcfd50 4548 hash256, rand256);
ec109113
MH		 4549 if (err < 0)
4550 status = MGMT_STATUS_FAILED;
4551 else
4552 status = MGMT_STATUS_SUCCESS;
4553
2a1afb5a
JH		 4554 err = mgmt_cmd_complete(sk, hdev->id,
4555 MGMT_OP_ADD_REMOTE_OOB_DATA,
4556 status, &cp->addr, sizeof(cp->addr));
ec109113 4557 } else {
2064ee33
MH		 4558 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
4559 len);
a69e8375
JH		 4560 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4561 MGMT_STATUS_INVALID_PARAMS);
ec109113 4562 }
2763eda6 4563
c19a495c 4564unlock:
09fd0de5 4565 hci_dev_unlock(hdev);
2763eda6
SJ		 4566 return err;
4567}
4568
bdb6d971 4569static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 4570 void *data, u16 len)
2763eda6 4571{
650f726d 4572 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 4573 u8 status;
2763eda6
SJ		 4574 int err;
4575
181d6953 4576 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 4577
c19a495c 4578 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4579 return mgmt_cmd_complete(sk, hdev->id,
4580 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4581 MGMT_STATUS_INVALID_PARAMS,
4582 &cp->addr, sizeof(cp->addr));
c19a495c 4583
09fd0de5 4584 hci_dev_lock(hdev);
2763eda6 4585
eedbd581
JH		 4586 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4587 hci_remote_oob_data_clear(hdev);
4588 status = MGMT_STATUS_SUCCESS;
4589 goto done;
4590 }
4591
6928a924 4592 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 4593 if (err < 0)
bf1e3541 4594 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 4595 else
a6785be2 4596 status = MGMT_STATUS_SUCCESS;
bf1e3541 4597
eedbd581 4598done:
2a1afb5a
JH		 4599 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4600 status, &cp->addr, sizeof(cp->addr));
2763eda6 4601
09fd0de5 4602 hci_dev_unlock(hdev);
2763eda6
SJ		 4603 return err;
4604}
4605
e68f072b 4606void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 4607{
3b0602cd 4608 struct mgmt_pending_cmd *cmd;
ae55f598 4609
181d6953 4610 bt_dev_dbg(hdev, "status %d", status);
7c307720 4611
11e6e25d 4612 hci_dev_lock(hdev);
41dc2bd6 4613
333ae95d 4614 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 4615 if (!cmd)
333ae95d 4616 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 4617
78b781ca
JH		 4618 if (!cmd)
4619 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
4620
11e6e25d 4621 if (cmd) {
2922a94f 4622 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4623 mgmt_pending_remove(cmd);
4624 }
7c307720 4625
11e6e25d 4626 hci_dev_unlock(hdev);
4867bd00
APS		 4627
4628 /* Handle suspend notifier */
4629 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
4630 hdev->suspend_tasks)) {
4631 bt_dev_dbg(hdev, "Unpaused discovery");
4632 wake_up(&hdev->suspend_wait_q);
4633 }
7c307720
AG		 4634}
4635
591752af
JH		 4636static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
4637 uint8_t *mgmt_status)
4638{
4639 switch (type) {
4640 case DISCOV_TYPE_LE:
4641 *mgmt_status = mgmt_le_support(hdev);
4642 if (*mgmt_status)
4643 return false;
4644 break;
4645 case DISCOV_TYPE_INTERLEAVED:
4646 *mgmt_status = mgmt_le_support(hdev);
4647 if (*mgmt_status)
4648 return false;
19186c7b 4649 fallthrough;
591752af
JH		 4650 case DISCOV_TYPE_BREDR:
4651 *mgmt_status = mgmt_bredr_support(hdev);
4652 if (*mgmt_status)
4653 return false;
4654 break;
4655 default:
4656 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
4657 return false;
4658 }
4659
4660 return true;
4661}
4662
78b781ca
JH		 4663static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
4664 u16 op, void *data, u16 len)
14a53664 4665{
650f726d 4666 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4667 struct mgmt_pending_cmd *cmd;
8019044d 4668 u8 status;
14a53664
JH		 4669 int err;
4670
181d6953 4671 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 4672
09fd0de5 4673 hci_dev_lock(hdev);
14a53664 4674
4b34ee78 4675 if (!hdev_is_powered(hdev)) {
78b781ca 4676 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 4677 MGMT_STATUS_NOT_POWERED,
4678 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4679 goto failed;
4680 }
4681
f5a969f2 4682 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4683 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 4684 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4685 &cp->type, sizeof(cp->type));
642be6c7
AG		 4686 goto failed;
4687 }
4688
591752af 4689 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 4690 err = mgmt_cmd_complete(sk, hdev->id, op, status,
4691 &cp->type, sizeof(cp->type));
591752af
JH		 4692 goto failed;
4693 }
4694
4867bd00
APS		 4695 /* Can't start discovery when it is paused */
4696 if (hdev->discovery_paused) {
4697 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
4698 &cp->type, sizeof(cp->type));
4699 goto failed;
4700 }
4701
22078800
MH		 4702 /* Clear the discovery filter first to free any previously
4703 * allocated memory for the UUID list.
4704 */
4705 hci_discovery_filter_clear(hdev);
4706
4aab14e5 4707 hdev->discovery.type = cp->type;
da25cf6a 4708 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 4709 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
4710 hdev->discovery.limited = true;
4711 else
4712 hdev->discovery.limited = false;
4aab14e5 4713
78b781ca 4714 cmd = mgmt_pending_add(sk, op, hdev, data, len);
e68f072b
JH		 4715 if (!cmd) {
4716 err = -ENOMEM;
04106755 4717 goto failed;
f39799f5 4718 }
04106755 4719
e68f072b 4720 cmd->cmd_complete = generic_cmd_complete;
7c307720 4721
f5a969f2 4722 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4723 queue_work(hdev->req_workqueue, &hdev->discov_update);
4724 err = 0;
7c307720 4725
14a53664 4726failed:
09fd0de5 4727 hci_dev_unlock(hdev);
14a53664
JH		 4728 return err;
4729}
f39799f5 4730
78b781ca
JH		 4731static int start_discovery(struct sock *sk, struct hci_dev *hdev,
4732 void *data, u16 len)
4733{
4734 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
4735 data, len);
4736}
4737
4738static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
4739 void *data, u16 len)
4740{
4741 return start_discovery_internal(sk, hdev,
4742 MGMT_OP_START_LIMITED_DISCOVERY,
4743 data, len);
4744}
4745
3b0602cd
JH		 4746static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4747 u8 status)
2922a94f 4748{
2a1afb5a
JH		 4749 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4750 cmd->param, 1);
2922a94f 4751}
04106755 4752
66ea9427
JP		 4753static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4754 void *data, u16 len)
4755{
4756 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4757 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4758 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4759 u16 uuid_count, expected_len;
4760 u8 status;
4761 int err;
04106755 4762
181d6953 4763 bt_dev_dbg(hdev, "sock %p", sk);
e8bb6b97 4764
66ea9427 4765 hci_dev_lock(hdev);
7c307720 4766
66ea9427 4767 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4768 err = mgmt_cmd_complete(sk, hdev->id,
4769 MGMT_OP_START_SERVICE_DISCOVERY,
4770 MGMT_STATUS_NOT_POWERED,
4771 &cp->type, sizeof(cp->type));
66ea9427
JP		 4772 goto failed;
4773 }
7c307720 4774
66ea9427 4775 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4776 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4777 err = mgmt_cmd_complete(sk, hdev->id,
4778 MGMT_OP_START_SERVICE_DISCOVERY,
4779 MGMT_STATUS_BUSY, &cp->type,
4780 sizeof(cp->type));
66ea9427
JP		 4781 goto failed;
4782 }
d9483943 4783
66ea9427
JP		 4784 uuid_count = __le16_to_cpu(cp->uuid_count);
4785 if (uuid_count > max_uuid_count) {
2064ee33
MH		 4786 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
4787 uuid_count);
2a1afb5a
JH		 4788 err = mgmt_cmd_complete(sk, hdev->id,
4789 MGMT_OP_START_SERVICE_DISCOVERY,
4790 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4791 sizeof(cp->type));
66ea9427
JP		 4792 goto failed;
4793 }
4794
4795 expected_len = sizeof(*cp) + uuid_count * 16;
4796 if (expected_len != len) {
2064ee33
MH		 4797 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
4798 expected_len, len);
2a1afb5a
JH		 4799 err = mgmt_cmd_complete(sk, hdev->id,
4800 MGMT_OP_START_SERVICE_DISCOVERY,
4801 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4802 sizeof(cp->type));
66ea9427
JP		 4803 goto failed;
4804 }
4805
591752af
JH		 4806 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
4807 err = mgmt_cmd_complete(sk, hdev->id,
4808 MGMT_OP_START_SERVICE_DISCOVERY,
4809 status, &cp->type, sizeof(cp->type));
4810 goto failed;
4811 }
4812
66ea9427 4813 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4814 hdev, data, len);
66ea9427
JP		 4815 if (!cmd) {
4816 err = -ENOMEM;
4817 goto failed;
4818 }
4819
2922a94f
JH		 4820 cmd->cmd_complete = service_discovery_cmd_complete;
4821
22078800
MH		 4822 /* Clear the discovery filter first to free any previously
4823 * allocated memory for the UUID list.
4824 */
4825 hci_discovery_filter_clear(hdev);
4826
82f8b651 4827 hdev->discovery.result_filtering = true;
66ea9427
JP		 4828 hdev->discovery.type = cp->type;
4829 hdev->discovery.rssi = cp->rssi;
4830 hdev->discovery.uuid_count = uuid_count;
4831
4832 if (uuid_count > 0) {
4833 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4834 GFP_KERNEL);
4835 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4836 err = mgmt_cmd_complete(sk, hdev->id,
4837 MGMT_OP_START_SERVICE_DISCOVERY,
4838 MGMT_STATUS_FAILED,
4839 &cp->type, sizeof(cp->type));
d9483943
JH		 4840 mgmt_pending_remove(cmd);
4841 goto failed;
4842 }
66ea9427 4843 }
d9483943 4844
66ea9427 4845 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4846 queue_work(hdev->req_workqueue, &hdev->discov_update);
4847 err = 0;
14a53664
JH		 4848
4849failed:
09fd0de5 4850 hci_dev_unlock(hdev);
14a53664
JH		 4851 return err;
4852}
4853
2154d3f4 4854void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 4855{
3b0602cd 4856 struct mgmt_pending_cmd *cmd;
1183fdca 4857
181d6953 4858 bt_dev_dbg(hdev, "status %d", status);
0e05bba6
AG		 4859
4860 hci_dev_lock(hdev);
4861
333ae95d 4862 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4863 if (cmd) {
2922a94f 4864 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4865 mgmt_pending_remove(cmd);
0e05bba6
AG		 4866 }
4867
0e05bba6 4868 hci_dev_unlock(hdev);
4867bd00
APS		 4869
4870 /* Handle suspend notifier */
4871 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
4872 bt_dev_dbg(hdev, "Paused discovery");
4873 wake_up(&hdev->suspend_wait_q);
4874 }
0e05bba6
AG		 4875}
4876
bdb6d971 4877static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4878 u16 len)
14a53664 4879{
d930650b 4880 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4881 struct mgmt_pending_cmd *cmd;
14a53664
JH		 4882 int err;
4883
181d6953 4884 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 4885
09fd0de5 4886 hci_dev_lock(hdev);
14a53664 4887
30dc78e1 4888 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4889 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4890 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4891 sizeof(mgmt_cp->type));
d930650b
JH		 4892 goto unlock;
4893 }
4894
4895 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4896 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4897 MGMT_STATUS_INVALID_PARAMS,
4898 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4899 goto unlock;
ff9ef578
JH		 4900 }
4901
2922a94f 4902 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4903 if (!cmd) {
4904 err = -ENOMEM;
30dc78e1
JH		 4905 goto unlock;
4906 }
4907
2922a94f
JH		 4908 cmd->cmd_complete = generic_cmd_complete;
4909
2154d3f4
JH		 4910 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4911 queue_work(hdev->req_workqueue, &hdev->discov_update);
4912 err = 0;
14a53664 4913
30dc78e1 4914unlock:
09fd0de5 4915 hci_dev_unlock(hdev);
14a53664
JH		 4916 return err;
4917}
4918
bdb6d971 4919static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4920 u16 len)
561aafbc 4921{
650f726d 4922 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4923 struct inquiry_entry *e;
561aafbc
JH		 4924 int err;
4925
181d6953 4926 bt_dev_dbg(hdev, "sock %p", sk);
561aafbc 4927
561aafbc
JH		 4928 hci_dev_lock(hdev);
4929
30dc78e1 4930 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4931 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4932 MGMT_STATUS_FAILED, &cp->addr,
4933 sizeof(cp->addr));
30dc78e1
JH		 4934 goto failed;
4935 }
4936
a198e7b1 4937 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4938 if (!e) {
2a1afb5a
JH		 4939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4940 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4941 sizeof(cp->addr));
561aafbc
JH		 4942 goto failed;
4943 }
4944
4945 if (cp->name_known) {
4946 e->name_state = NAME_KNOWN;
4947 list_del(&e->list);
4948 } else {
4949 e->name_state = NAME_NEEDED;
a3d4e20a 4950 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4951 }
4952
2a1afb5a
JH		 4953 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4954 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4955
4956failed:
4957 hci_dev_unlock(hdev);
561aafbc
JH		 4958 return err;
4959}
4960
bdb6d971 4961static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4962 u16 len)
7fbec224 4963{
650f726d 4964 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4965 u8 status;
7fbec224
AJ		 4966 int err;
4967
181d6953 4968 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 4969
4ee71b20 4970 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4971 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4972 MGMT_STATUS_INVALID_PARAMS,
4973 &cp->addr, sizeof(cp->addr));
4ee71b20 4974
09fd0de5 4975 hci_dev_lock(hdev);
5e762444 4976
dcc36c16
JH		 4977 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4978 cp->addr.type);
2a8357f2 4979 if (err < 0) {
f0eeea8b 4980 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4981 goto done;
4982 }
4983
4984 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4985 sk);
4986 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4987
2a8357f2 4988done:
2a1afb5a
JH		 4989 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4990 &cp->addr, sizeof(cp->addr));
5e762444 4991
09fd0de5 4992 hci_dev_unlock(hdev);
7fbec224
AJ		 4993
4994 return err;
4995}
4996
bdb6d971 4997static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4998 u16 len)
7fbec224 4999{
650f726d 5000 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 5001 u8 status;
7fbec224
AJ		 5002 int err;
5003
181d6953 5004 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 5005
4ee71b20 5006 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5007 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
5008 MGMT_STATUS_INVALID_PARAMS,
5009 &cp->addr, sizeof(cp->addr));
4ee71b20 5010
09fd0de5 5011 hci_dev_lock(hdev);
5e762444 5012
dcc36c16
JH		 5013 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
5014 cp->addr.type);
2a8357f2 5015 if (err < 0) {
f0eeea8b 5016 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 5017 goto done;
5018 }
5019
5020 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5021 sk);
5022 status = MGMT_STATUS_SUCCESS;
f0eeea8b 5023
2a8357f2 5024done:
2a1afb5a
JH		 5025 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
5026 &cp->addr, sizeof(cp->addr));
5e762444 5027
09fd0de5 5028 hci_dev_unlock(hdev);
7fbec224
AJ		 5029
5030 return err;
5031}
5032
cdbaccca
MH		 5033static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
5034 u16 len)
5035{
5036 struct mgmt_cp_set_device_id *cp = data;
890ea898 5037 struct hci_request req;
cdbaccca 5038 int err;
c72d4b8a 5039 __u16 source;
cdbaccca 5040
181d6953 5041 bt_dev_dbg(hdev, "sock %p", sk);
cdbaccca 5042
c72d4b8a
SJ		 5043 source = __le16_to_cpu(cp->source);
5044
5045 if (source > 0x0002)
a69e8375
JH		 5046 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
5047 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 5048
cdbaccca
MH		 5049 hci_dev_lock(hdev);
5050
c72d4b8a 5051 hdev->devid_source = source;
cdbaccca
MH		 5052 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
5053 hdev->devid_product = __le16_to_cpu(cp->product);
5054 hdev->devid_version = __le16_to_cpu(cp->version);
5055
2a1afb5a
JH		 5056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
5057 NULL, 0);
cdbaccca 5058
890ea898 5059 hci_req_init(&req, hdev);
b1a8917c 5060 __hci_req_update_eir(&req);
890ea898 5061 hci_req_run(&req, NULL);
cdbaccca
MH		 5062
5063 hci_dev_unlock(hdev);
5064
5065 return err;
5066}
5067
24b4f38f
AU		 5068static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
5069 u16 opcode)
5070{
181d6953 5071 bt_dev_dbg(hdev, "status %d", status);
24b4f38f
AU		 5072}
5073
1904a853
MH		 5074static void set_advertising_complete(struct hci_dev *hdev, u8 status,
5075 u16 opcode)
4375f103
JH		 5076{
5077 struct cmd_lookup match = { NULL, hdev };
24b4f38f 5078 struct hci_request req;
7816b820
FG		 5079 u8 instance;
5080 struct adv_info *adv_instance;
5081 int err;
4375f103 5082
3ad67582
JK		 5083 hci_dev_lock(hdev);
5084
4375f103
JH		 5085 if (status) {
5086 u8 mgmt_err = mgmt_status(status);
5087
5088 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
5089 cmd_status_rsp, &mgmt_err);
3ad67582 5090 goto unlock;
4375f103
JH		 5091 }
5092
d7a5a11d 5093 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 5094 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 5095 else
a358dc11 5096 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 5097
4375f103
JH		 5098 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
5099 &match);
5100
5101 new_settings(hdev, match.sk);
5102
5103 if (match.sk)
5104 sock_put(match.sk);
3ad67582 5105
4867bd00
APS		 5106 /* Handle suspend notifier */
5107 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
5108 hdev->suspend_tasks)) {
5109 bt_dev_dbg(hdev, "Paused advertising");
5110 wake_up(&hdev->suspend_wait_q);
5111 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
5112 hdev->suspend_tasks)) {
5113 bt_dev_dbg(hdev, "Unpaused advertising");
5114 wake_up(&hdev->suspend_wait_q);
5115 }
5116
24b4f38f 5117 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 5118 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 5119 */
5120 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 5121 list_empty(&hdev->adv_instances))
24b4f38f
AU		 5122 goto unlock;
5123
7816b820
FG		 5124 instance = hdev->cur_adv_instance;
5125 if (!instance) {
5126 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
5127 struct adv_info, list);
5128 if (!adv_instance)
5129 goto unlock;
5130
5131 instance = adv_instance->instance;
5132 }
5133
24b4f38f
AU		 5134 hci_req_init(&req, hdev);
5135
f2252570 5136 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 5137
5138 if (!err)
5139 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 5140
7816b820 5141 if (err)
2064ee33 5142 bt_dev_err(hdev, "failed to re-configure advertising");
24b4f38f 5143
3ad67582
JK		 5144unlock:
5145 hci_dev_unlock(hdev);
4375f103
JH		 5146}
5147
21b5187f
MH		 5148static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
5149 u16 len)
4375f103
JH		 5150{
5151 struct mgmt_mode *cp = data;
3b0602cd 5152 struct mgmt_pending_cmd *cmd;
4375f103 5153 struct hci_request req;
cc91cb04 5154 u8 val, status;
4375f103
JH		 5155 int err;
5156
181d6953 5157 bt_dev_dbg(hdev, "sock %p", sk);
4375f103 5158
e6fe7986
JH		 5159 status = mgmt_le_support(hdev);
5160 if (status)
a69e8375
JH		 5161 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5162 status);
4375f103 5163
cbbdfa6f
SN		 5164 /* Enabling the experimental LL Privay support disables support for
5165 * advertising.
5166 */
5167 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
5168 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5169 MGMT_STATUS_NOT_SUPPORTED);
5170
cc91cb04 5171 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5172 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5173 MGMT_STATUS_INVALID_PARAMS);
4375f103 5174
4867bd00
APS		 5175 if (hdev->advertising_paused)
5176 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5177 MGMT_STATUS_BUSY);
5178
4375f103
JH		 5179 hci_dev_lock(hdev);
5180
5181 val = !!cp->val;
4375f103 5182
f74ca9b8
JH		 5183 /* The following conditions are ones which mean that we should
5184 * not do any HCI communication but directly send a mgmt
5185 * response to user space (after toggling the flag if
5186 * necessary).
5187 */
cc91cb04 5188 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 5189 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5190 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 5191 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 5192 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 5193 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 5194 bool changed;
4375f103 5195
cc91cb04 5196 if (cp->val) {
cab054ab 5197 hdev->cur_adv_instance = 0x00;
238be788 5198 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 5199 if (cp->val == 0x02)
a1536da2 5200 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5201 else
a358dc11 5202 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5203 } else {
a69d8927 5204 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 5205 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 5206 }
5207
5208 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
5209 if (err < 0)
5210 goto unlock;
5211
5212 if (changed)
5213 err = new_settings(hdev, sk);
5214
5215 goto unlock;
5216 }
5217
333ae95d
JH		 5218 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
5219 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 5220 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5221 MGMT_STATUS_BUSY);
4375f103
JH		 5222 goto unlock;
5223 }
5224
5225 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
5226 if (!cmd) {
5227 err = -ENOMEM;
5228 goto unlock;
5229 }
5230
5231 hci_req_init(&req, hdev);
5232
cc91cb04 5233 if (cp->val == 0x02)
a1536da2 5234 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5235 else
a358dc11 5236 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5237
7816b820
FG		 5238 cancel_adv_timeout(hdev);
5239
24b4f38f 5240 if (val) {
7816b820
FG		 5241 /* Switch to instance "0" for the Set Advertising setting.
5242 * We cannot use update_[adv|scan_rsp]_data() here as the
5243 * HCI_ADVERTISING flag is not yet set.
5244 */
cab054ab 5245 hdev->cur_adv_instance = 0x00;
de181e88
JK		 5246
5247 if (ext_adv_capable(hdev)) {
5248 __hci_req_start_ext_adv(&req, 0x00);
5249 } else {
5250 __hci_req_update_adv_data(&req, 0x00);
5251 __hci_req_update_scan_rsp_data(&req, 0x00);
5252 __hci_req_enable_advertising(&req);
5253 }
24b4f38f 5254 } else {
f2252570 5255 __hci_req_disable_advertising(&req);
24b4f38f 5256 }
4375f103
JH		 5257
5258 err = hci_req_run(&req, set_advertising_complete);
5259 if (err < 0)
5260 mgmt_pending_remove(cmd);
5261
5262unlock:
5263 hci_dev_unlock(hdev);
5264 return err;
5265}
5266
d13eafce
MH		 5267static int set_static_address(struct sock *sk, struct hci_dev *hdev,
5268 void *data, u16 len)
5269{
5270 struct mgmt_cp_set_static_address *cp = data;
5271 int err;
5272
181d6953 5273 bt_dev_dbg(hdev, "sock %p", sk);
d13eafce 5274
62af4443 5275 if (!lmp_le_capable(hdev))
a69e8375
JH		 5276 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5277 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 5278
5279 if (hdev_is_powered(hdev))
a69e8375
JH		 5280 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5281 MGMT_STATUS_REJECTED);
d13eafce
MH		 5282
5283 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
5284 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 5285 return mgmt_cmd_status(sk, hdev->id,
5286 MGMT_OP_SET_STATIC_ADDRESS,
5287 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 5288
5289 /* Two most significant bits shall be set */
5290 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 5291 return mgmt_cmd_status(sk, hdev->id,
5292 MGMT_OP_SET_STATIC_ADDRESS,
5293 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 5294 }
5295
5296 hci_dev_lock(hdev);
5297
5298 bacpy(&hdev->static_addr, &cp->bdaddr);
5299
93690c22
MH		 5300 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5301 if (err < 0)
5302 goto unlock;
5303
5304 err = new_settings(hdev, sk);
d13eafce 5305
93690c22 5306unlock:
d13eafce 5307 hci_dev_unlock(hdev);
d13eafce
MH		 5308 return err;
5309}
5310
14b49b9a
MH		 5311static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5312 void *data, u16 len)
5313{
5314 struct mgmt_cp_set_scan_params *cp = data;
5315 __u16 interval, window;
5316 int err;
5317
181d6953 5318 bt_dev_dbg(hdev, "sock %p", sk);
14b49b9a
MH		 5319
5320 if (!lmp_le_capable(hdev))
a69e8375
JH		 5321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5322 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 5323
5324 interval = __le16_to_cpu(cp->interval);
5325
5326 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 5327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5328 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 5329
5330 window = __le16_to_cpu(cp->window);
5331
5332 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 5333 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5334 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 5335
899e1075 5336 if (window > interval)
a69e8375
JH		 5337 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5338 MGMT_STATUS_INVALID_PARAMS);
899e1075 5339
14b49b9a
MH		 5340 hci_dev_lock(hdev);
5341
5342 hdev->le_scan_interval = interval;
5343 hdev->le_scan_window = window;
5344
2a1afb5a
JH		 5345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5346 NULL, 0);
14b49b9a 5347
dd2ef8e2
AG		 5348 /* If background scan is running, restart it so new parameters are
5349 * loaded.
5350 */
d7a5a11d 5351 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 5352 hdev->discovery.state == DISCOVERY_STOPPED) {
5353 struct hci_request req;
5354
5355 hci_req_init(&req, hdev);
5356
5c49bcce 5357 hci_req_add_le_scan_disable(&req, false);
dd2ef8e2
AG		 5358 hci_req_add_le_passive_scan(&req);
5359
5360 hci_req_run(&req, NULL);
5361 }
5362
14b49b9a
MH		 5363 hci_dev_unlock(hdev);
5364
5365 return err;
5366}
5367
1904a853
MH		 5368static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5369 u16 opcode)
33e38b3e 5370{
3b0602cd 5371 struct mgmt_pending_cmd *cmd;
33e38b3e 5372
181d6953 5373 bt_dev_dbg(hdev, "status 0x%02x", status);
33e38b3e
JH		 5374
5375 hci_dev_lock(hdev);
5376
333ae95d 5377 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 5378 if (!cmd)
5379 goto unlock;
5380
5381 if (status) {
a69e8375
JH		 5382 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5383 mgmt_status(status));
33e38b3e 5384 } else {
1a4d3c4b
JH		 5385 struct mgmt_mode *cp = cmd->param;
5386
5387 if (cp->val)
a1536da2 5388 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 5389 else
a358dc11 5390 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 5391
33e38b3e
JH		 5392 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5393 new_settings(hdev, cmd->sk);
5394 }
5395
5396 mgmt_pending_remove(cmd);
5397
5398unlock:
5399 hci_dev_unlock(hdev);
5400}
5401
bdb6d971 5402static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 5403 void *data, u16 len)
f6422ec6 5404{
650f726d 5405 struct mgmt_mode *cp = data;
3b0602cd 5406 struct mgmt_pending_cmd *cmd;
33e38b3e 5407 struct hci_request req;
f6422ec6
AJ		 5408 int err;
5409
181d6953 5410 bt_dev_dbg(hdev, "sock %p", sk);
f6422ec6 5411
d7a5a11d 5412 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 5413 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 5414 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5415 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 5416
a7e80f25 5417 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 5418 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5419 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 5420
f6422ec6
AJ		 5421 hci_dev_lock(hdev);
5422
333ae95d 5423 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 5424 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5425 MGMT_STATUS_BUSY);
05cbf29f
JH		 5426 goto unlock;
5427 }
5428
d7a5a11d 5429 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 5430 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5431 hdev);
5432 goto unlock;
5433 }
5434
406ef2a6 5435 if (!hdev_is_powered(hdev)) {
ce05d603 5436 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 5437 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5438 hdev);
5439 new_settings(hdev, sk);
5440 goto unlock;
5441 }
5442
33e38b3e
JH		 5443 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5444 data, len);
5445 if (!cmd) {
5446 err = -ENOMEM;
5447 goto unlock;
f6422ec6
AJ		 5448 }
5449
33e38b3e
JH		 5450 hci_req_init(&req, hdev);
5451
bf943cbf 5452 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 5453
5454 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 5455 if (err < 0) {
a69e8375
JH		 5456 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5457 MGMT_STATUS_FAILED);
33e38b3e 5458 mgmt_pending_remove(cmd);
f6422ec6
AJ		 5459 }
5460
33e38b3e 5461unlock:
f6422ec6 5462 hci_dev_unlock(hdev);
33e38b3e 5463
f6422ec6
AJ		 5464 return err;
5465}
5466
1904a853 5467static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 5468{
3b0602cd 5469 struct mgmt_pending_cmd *cmd;
0663ca2a 5470
181d6953 5471 bt_dev_dbg(hdev, "status 0x%02x", status);
0663ca2a
JH		 5472
5473 hci_dev_lock(hdev);
5474
333ae95d 5475 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 5476 if (!cmd)
5477 goto unlock;
5478
5479 if (status) {
5480 u8 mgmt_err = mgmt_status(status);
5481
5482 /* We need to restore the flag if related HCI commands
5483 * failed.
5484 */
a358dc11 5485 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 5486
a69e8375 5487 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 5488 } else {
5489 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5490 new_settings(hdev, cmd->sk);
5491 }
5492
5493 mgmt_pending_remove(cmd);
5494
5495unlock:
5496 hci_dev_unlock(hdev);
5497}
5498
5499static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5500{
5501 struct mgmt_mode *cp = data;
3b0602cd 5502 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 5503 struct hci_request req;
5504 int err;
5505
181d6953 5506 bt_dev_dbg(hdev, "sock %p", sk);
0663ca2a
JH		 5507
5508 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 5509 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5510 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 5511
d7a5a11d 5512 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5513 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5514 MGMT_STATUS_REJECTED);
0663ca2a
JH		 5515
5516 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 5517 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5518 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 5519
5520 hci_dev_lock(hdev);
5521
d7a5a11d 5522 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 5523 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5524 goto unlock;
5525 }
5526
5527 if (!hdev_is_powered(hdev)) {
5528 if (!cp->val) {
a358dc11
MH		 5529 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5530 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5531 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5532 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5533 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 5534 }
5535
ce05d603 5536 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5537
5538 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5539 if (err < 0)
5540 goto unlock;
5541
5542 err = new_settings(hdev, sk);
5543 goto unlock;
5544 }
5545
5546 /* Reject disabling when powered on */
5547 if (!cp->val) {
a69e8375
JH		 5548 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5549 MGMT_STATUS_REJECTED);
0663ca2a 5550 goto unlock;
111e4bcc
MH		 5551 } else {
5552 /* When configuring a dual-mode controller to operate
5553 * with LE only and using a static address, then switching
5554 * BR/EDR back on is not allowed.
5555 *
5556 * Dual-mode controllers shall operate with the public
5557 * address as its identity address for BR/EDR and LE. So
5558 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 5559 *
5560 * The same restrictions applies when secure connections
5561 * has been enabled. For BR/EDR this is a controller feature
5562 * while for LE it is a host stack feature. This means that
5563 * switching BR/EDR back on when secure connections has been
5564 * enabled is not a supported transaction.
111e4bcc 5565 */
d7a5a11d 5566 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 5567 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 5568 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 5569 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5570 MGMT_STATUS_REJECTED);
111e4bcc
MH		 5571 goto unlock;
5572 }
0663ca2a
JH		 5573 }
5574
333ae95d 5575 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 5576 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5577 MGMT_STATUS_BUSY);
0663ca2a
JH		 5578 goto unlock;
5579 }
5580
5581 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5582 if (!cmd) {
5583 err = -ENOMEM;
5584 goto unlock;
5585 }
5586
f2252570
JH		 5587 /* We need to flip the bit already here so that
5588 * hci_req_update_adv_data generates the correct flags.
0663ca2a 5589 */
a1536da2 5590 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5591
5592 hci_req_init(&req, hdev);
aa8af46e 5593
bf943cbf 5594 __hci_req_write_fast_connectable(&req, false);
01b1cb87 5595 __hci_req_update_scan(&req);
aa8af46e 5596
f14d8f64
MH		 5597 /* Since only the advertising data flags will change, there
5598 * is no need to update the scan response data.
5599 */
cab054ab 5600 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
aa8af46e 5601
0663ca2a
JH		 5602 err = hci_req_run(&req, set_bredr_complete);
5603 if (err < 0)
5604 mgmt_pending_remove(cmd);
5605
5606unlock:
5607 hci_dev_unlock(hdev);
5608 return err;
5609}
5610
a1443f5a
JH		 5611static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5612{
3b0602cd 5613 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 5614 struct mgmt_mode *cp;
5615
181d6953 5616 bt_dev_dbg(hdev, "status %u", status);
a1443f5a
JH		 5617
5618 hci_dev_lock(hdev);
5619
333ae95d 5620 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 5621 if (!cmd)
5622 goto unlock;
5623
5624 if (status) {
a69e8375
JH		 5625 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5626 mgmt_status(status));
a1443f5a
JH		 5627 goto remove;
5628 }
5629
5630 cp = cmd->param;
5631
5632 switch (cp->val) {
5633 case 0x00:
a358dc11
MH		 5634 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5635 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5636 break;
5637 case 0x01:
a1536da2 5638 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5639 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5640 break;
5641 case 0x02:
a1536da2
MH		 5642 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5643 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5644 break;
5645 }
5646
5647 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5648 new_settings(hdev, cmd->sk);
5649
5650remove:
5651 mgmt_pending_remove(cmd);
5652unlock:
5653 hci_dev_unlock(hdev);
5654}
5655
eac83dc6
MH		 5656static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5657 void *data, u16 len)
5658{
5659 struct mgmt_mode *cp = data;
3b0602cd 5660 struct mgmt_pending_cmd *cmd;
a1443f5a 5661 struct hci_request req;
a3209694 5662 u8 val;
eac83dc6
MH		 5663 int err;
5664
181d6953 5665 bt_dev_dbg(hdev, "sock %p", sk);
eac83dc6 5666
05b3c3e7 5667 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5668 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5669 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5670 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5671
d7a5a11d 5672 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5673 lmp_sc_capable(hdev) &&
d7a5a11d 5674 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5675 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5676 MGMT_STATUS_REJECTED);
ed93ec69 5677
0ab04a9c 5678 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5679 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5680 MGMT_STATUS_INVALID_PARAMS);
5681
5682 hci_dev_lock(hdev);
5683
05b3c3e7 5684 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5685 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5686 bool changed;
5687
0ab04a9c 5688 if (cp->val) {
238be788
MH		 5689 changed = !hci_dev_test_and_set_flag(hdev,
5690 HCI_SC_ENABLED);
0ab04a9c 5691 if (cp->val == 0x02)
a1536da2 5692 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5693 else
a358dc11 5694 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5695 } else {
a69d8927
MH		 5696 changed = hci_dev_test_and_clear_flag(hdev,
5697 HCI_SC_ENABLED);
a358dc11 5698 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5699 }
eac83dc6
MH		 5700
5701 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5702 if (err < 0)
5703 goto failed;
5704
5705 if (changed)
5706 err = new_settings(hdev, sk);
5707
5708 goto failed;
5709 }
5710
333ae95d 5711 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5712 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5713 MGMT_STATUS_BUSY);
eac83dc6
MH		 5714 goto failed;
5715 }
5716
0ab04a9c
MH		 5717 val = !!cp->val;
5718
d7a5a11d
MH		 5719 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5720 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5721 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5722 goto failed;
5723 }
5724
5725 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5726 if (!cmd) {
5727 err = -ENOMEM;
5728 goto failed;
5729 }
5730
a1443f5a
JH		 5731 hci_req_init(&req, hdev);
5732 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5733 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5734 if (err < 0) {
5735 mgmt_pending_remove(cmd);
5736 goto failed;
5737 }
5738
5739failed:
5740 hci_dev_unlock(hdev);
5741 return err;
5742}
5743
4e39ac81
MH		 5744static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5745 void *data, u16 len)
5746{
5747 struct mgmt_mode *cp = data;
b9710979 5748 bool changed, use_changed;
4e39ac81
MH		 5749 int err;
5750
181d6953 5751 bt_dev_dbg(hdev, "sock %p", sk);
4e39ac81 5752
b9710979 5753 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5754 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5755 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5756
5757 hci_dev_lock(hdev);
5758
5759 if (cp->val)
238be788 5760 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5761 else
a69d8927
MH		 5762 changed = hci_dev_test_and_clear_flag(hdev,
5763 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5764
b9710979 5765 if (cp->val == 0x02)
238be788
MH		 5766 use_changed = !hci_dev_test_and_set_flag(hdev,
5767 HCI_USE_DEBUG_KEYS);
b9710979 5768 else
a69d8927
MH		 5769 use_changed = hci_dev_test_and_clear_flag(hdev,
5770 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5771
5772 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5773 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5774 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5775 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5776 sizeof(mode), &mode);
5777 }
5778
4e39ac81
MH		 5779 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5780 if (err < 0)
5781 goto unlock;
5782
5783 if (changed)
5784 err = new_settings(hdev, sk);
5785
5786unlock:
5787 hci_dev_unlock(hdev);
5788 return err;
5789}
5790
62b04cd1
JH		 5791static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5792 u16 len)
5793{
5794 struct mgmt_cp_set_privacy *cp = cp_data;
5795 bool changed;
5796 int err;
5797
181d6953 5798 bt_dev_dbg(hdev, "sock %p", sk);
62b04cd1
JH		 5799
5800 if (!lmp_le_capable(hdev))
a69e8375
JH		 5801 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5802 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 5803
82a37ade 5804 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 5805 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5806 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5807
5808 if (hdev_is_powered(hdev))
a69e8375
JH		 5809 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5810 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5811
5812 hci_dev_lock(hdev);
5813
c21c0ea0
JH		 5814 /* If user space supports this command it is also expected to
5815 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5816 */
a1536da2 5817 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5818
62b04cd1 5819 if (cp->privacy) {
238be788 5820 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5821 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5822 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 5823 hci_adv_instances_set_rpa_expired(hdev, true);
82a37ade
JH		 5824 if (cp->privacy == 0x02)
5825 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
5826 else
5827 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 5828 } else {
a69d8927 5829 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5830 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5831 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 5832 hci_adv_instances_set_rpa_expired(hdev, false);
82a37ade 5833 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 5834 }
5835
5836 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5837 if (err < 0)
5838 goto unlock;
5839
5840 if (changed)
5841 err = new_settings(hdev, sk);
5842
5843unlock:
5844 hci_dev_unlock(hdev);
5845 return err;
5846}
5847
41edf160
JH		 5848static bool irk_is_valid(struct mgmt_irk_info *irk)
5849{
5850 switch (irk->addr.type) {
5851 case BDADDR_LE_PUBLIC:
5852 return true;
5853
5854 case BDADDR_LE_RANDOM:
5855 /* Two most significant bits shall be set */
5856 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5857 return false;
5858 return true;
5859 }
5860
5861 return false;
5862}
5863
5864static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5865 u16 len)
5866{
5867 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5868 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5869 sizeof(struct mgmt_irk_info));
41edf160
JH		 5870 u16 irk_count, expected_len;
5871 int i, err;
5872
181d6953 5873 bt_dev_dbg(hdev, "sock %p", sk);
41edf160
JH		 5874
5875 if (!lmp_le_capable(hdev))
a69e8375
JH		 5876 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5877 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5878
5879 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936 5880 if (irk_count > max_irk_count) {
2064ee33
MH		 5881 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5882 irk_count);
a69e8375
JH		 5883 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5884 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5885 }
41edf160 5886
5bec1fb8 5887 expected_len = struct_size(cp, irks, irk_count);
41edf160 5888 if (expected_len != len) {
2064ee33
MH		 5889 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5890 expected_len, len);
a69e8375
JH		 5891 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5892 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5893 }
5894
181d6953 5895 bt_dev_dbg(hdev, "irk_count %u", irk_count);
41edf160
JH		 5896
5897 for (i = 0; i < irk_count; i++) {
5898 struct mgmt_irk_info *key = &cp->irks[i];
5899
5900 if (!irk_is_valid(key))
a69e8375
JH		 5901 return mgmt_cmd_status(sk, hdev->id,
5902 MGMT_OP_LOAD_IRKS,
5903 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5904 }
5905
5906 hci_dev_lock(hdev);
5907
5908 hci_smp_irks_clear(hdev);
5909
5910 for (i = 0; i < irk_count; i++) {
5911 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 5912
600a8749
AM		 5913 if (hci_is_blocked_key(hdev,
5914 HCI_BLOCKED_KEY_TYPE_IRK,
5915 irk->val)) {
5916 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
5917 &irk->addr.bdaddr);
5918 continue;
5919 }
5920
85813a7e
JH		 5921 hci_add_irk(hdev, &irk->addr.bdaddr,
5922 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 5923 BDADDR_ANY);
5924 }
5925
a1536da2 5926 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5927
2a1afb5a 5928 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5929
5930 hci_dev_unlock(hdev);
5931
5932 return err;
5933}
5934
3f706b72
JH		 5935static bool ltk_is_valid(struct mgmt_ltk_info *key)
5936{
5937 if (key->master != 0x00 && key->master != 0x01)
5938 return false;
490cb0b3
MH		 5939
5940 switch (key->addr.type) {
5941 case BDADDR_LE_PUBLIC:
5942 return true;
5943
5944 case BDADDR_LE_RANDOM:
5945 /* Two most significant bits shall be set */
5946 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5947 return false;
5948 return true;
5949 }
5950
5951 return false;
3f706b72
JH		 5952}
5953
bdb6d971 5954static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5955 void *cp_data, u16 len)
346af67b 5956{
346af67b 5957 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5958 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5959 sizeof(struct mgmt_ltk_info));
346af67b 5960 u16 key_count, expected_len;
715a5bf2 5961 int i, err;
346af67b 5962
181d6953 5963 bt_dev_dbg(hdev, "sock %p", sk);
cf99ba13
MH		 5964
5965 if (!lmp_le_capable(hdev))
a69e8375
JH		 5966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5967 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5968
1f350c87 5969 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 5970 if (key_count > max_key_count) {
2064ee33
MH		 5971 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5972 key_count);
a69e8375
JH		 5973 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5974 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5975 }
346af67b 5976
5bec1fb8 5977 expected_len = struct_size(cp, keys, key_count);
346af67b 5978 if (expected_len != len) {
2064ee33
MH		 5979 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5980 expected_len, len);
a69e8375
JH		 5981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5982 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5983 }
5984
181d6953 5985 bt_dev_dbg(hdev, "key_count %u", key_count);
346af67b 5986
54ad6d8a
JH		 5987 for (i = 0; i < key_count; i++) {
5988 struct mgmt_ltk_info *key = &cp->keys[i];
5989
3f706b72 5990 if (!ltk_is_valid(key))
a69e8375
JH		 5991 return mgmt_cmd_status(sk, hdev->id,
5992 MGMT_OP_LOAD_LONG_TERM_KEYS,
5993 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5994 }
5995
346af67b
VCG		 5996 hci_dev_lock(hdev);
5997
5998 hci_smp_ltks_clear(hdev);
5999
6000 for (i = 0; i < key_count; i++) {
6001 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 6002 u8 type, authenticated;
346af67b 6003
600a8749
AM		 6004 if (hci_is_blocked_key(hdev,
6005 HCI_BLOCKED_KEY_TYPE_LTK,
6006 key->val)) {
6007 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
6008 &key->addr.bdaddr);
6009 continue;
6010 }
6011
61b43357
JH		 6012 switch (key->type) {
6013 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 6014 authenticated = 0x00;
23fb8de3 6015 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 6016 break;
6017 case MGMT_LTK_AUTHENTICATED:
d7b25450 6018 authenticated = 0x01;
23fb8de3
JH		 6019 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
6020 break;
6021 case MGMT_LTK_P256_UNAUTH:
6022 authenticated = 0x00;
6023 type = SMP_LTK_P256;
61b43357 6024 break;
23fb8de3
JH		 6025 case MGMT_LTK_P256_AUTH:
6026 authenticated = 0x01;
6027 type = SMP_LTK_P256;
61b43357 6028 break;
23fb8de3
JH		 6029 case MGMT_LTK_P256_DEBUG:
6030 authenticated = 0x00;
6031 type = SMP_LTK_P256_DEBUG;
19186c7b 6032 fallthrough;
61b43357
JH		 6033 default:
6034 continue;
6035 }
d7b25450 6036
85813a7e
JH		 6037 hci_add_ltk(hdev, &key->addr.bdaddr,
6038 le_addr_type(key->addr.type), type, authenticated,
6039 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 6040 }
6041
2a1afb5a 6042 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 6043 NULL, 0);
6044
346af67b 6045 hci_dev_unlock(hdev);
346af67b 6046
715a5bf2 6047 return err;
346af67b
VCG		 6048}
6049
3b0602cd 6050static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 6051{
dd983808 6052 struct hci_conn *conn = cmd->user_data;
9981bdb0 6053 struct mgmt_rp_get_conn_info rp;
9df74653 6054 int err;
dd983808 6055
9981bdb0 6056 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 6057
9981bdb0 6058 if (status == MGMT_STATUS_SUCCESS) {
dd983808 6059 rp.rssi = conn->rssi;
9981bdb0
JH		 6060 rp.tx_power = conn->tx_power;
6061 rp.max_tx_power = conn->max_tx_power;
6062 } else {
6063 rp.rssi = HCI_RSSI_INVALID;
6064 rp.tx_power = HCI_TX_POWER_INVALID;
6065 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 6066 }
6067
2a1afb5a
JH		 6068 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
6069 status, &rp, sizeof(rp));
dd983808
AK		 6070
6071 hci_conn_drop(conn);
f8aaf9b6 6072 hci_conn_put(conn);
9df74653
JH		 6073
6074 return err;
dd983808
AK		 6075}
6076
1904a853
MH		 6077static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
6078 u16 opcode)
dd983808
AK		 6079{
6080 struct hci_cp_read_rssi *cp;
3b0602cd 6081 struct mgmt_pending_cmd *cmd;
dd983808 6082 struct hci_conn *conn;
dd983808 6083 u16 handle;
9981bdb0 6084 u8 status;
dd983808 6085
181d6953 6086 bt_dev_dbg(hdev, "status 0x%02x", hci_status);
dd983808
AK		 6087
6088 hci_dev_lock(hdev);
6089
dd983808
AK		 6090 /* Commands sent in request are either Read RSSI or Read Transmit Power
6091 * Level so we check which one was last sent to retrieve connection
6092 * handle. Both commands have handle as first parameter so it's safe to
6093 * cast data on the same command struct.
6094 *
6095 * First command sent is always Read RSSI and we fail only if it fails.
6096 * In other case we simply override error to indicate success as we
6097 * already remembered if TX power value is actually valid.
6098 */
6099 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
6100 if (!cp) {
6101 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 6102 status = MGMT_STATUS_SUCCESS;
6103 } else {
6104 status = mgmt_status(hci_status);
dd983808
AK		 6105 }
6106
6107 if (!cp) {
2064ee33 6108 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
dd983808
AK		 6109 goto unlock;
6110 }
6111
6112 handle = __le16_to_cpu(cp->handle);
6113 conn = hci_conn_hash_lookup_handle(hdev, handle);
6114 if (!conn) {
2064ee33
MH		 6115 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
6116 handle);
dd983808
AK		 6117 goto unlock;
6118 }
6119
333ae95d 6120 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 6121 if (!cmd)
6122 goto unlock;
dd983808 6123
9981bdb0
JH		 6124 cmd->cmd_complete(cmd, status);
6125 mgmt_pending_remove(cmd);
dd983808
AK		 6126
6127unlock:
6128 hci_dev_unlock(hdev);
6129}
6130
6131static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
6132 u16 len)
6133{
6134 struct mgmt_cp_get_conn_info *cp = data;
6135 struct mgmt_rp_get_conn_info rp;
6136 struct hci_conn *conn;
6137 unsigned long conn_info_age;
6138 int err = 0;
6139
181d6953 6140 bt_dev_dbg(hdev, "sock %p", sk);
dd983808
AK		 6141
6142 memset(&rp, 0, sizeof(rp));
6143 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6144 rp.addr.type = cp->addr.type;
6145
6146 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 6147 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6148 MGMT_STATUS_INVALID_PARAMS,
6149 &rp, sizeof(rp));
dd983808
AK		 6150
6151 hci_dev_lock(hdev);
6152
6153 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 6154 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6155 MGMT_STATUS_NOT_POWERED, &rp,
6156 sizeof(rp));
dd983808
AK		 6157 goto unlock;
6158 }
6159
6160 if (cp->addr.type == BDADDR_BREDR)
6161 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6162 &cp->addr.bdaddr);
6163 else
6164 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6165
6166 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 6167 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6168 MGMT_STATUS_NOT_CONNECTED, &rp,
6169 sizeof(rp));
dd983808
AK		 6170 goto unlock;
6171 }
6172
333ae95d 6173 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 6174 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6175 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 6176 goto unlock;
6177 }
6178
dd983808
AK		 6179 /* To avoid client trying to guess when to poll again for information we
6180 * calculate conn info age as random value between min/max set in hdev.
6181 */
6182 conn_info_age = hdev->conn_info_min_age +
6183 prandom_u32_max(hdev->conn_info_max_age -
6184 hdev->conn_info_min_age);
6185
6186 /* Query controller to refresh cached values if they are too old or were
6187 * never read.
6188 */
f4e2dd53
AK		 6189 if (time_after(jiffies, conn->conn_info_timestamp +
6190 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 6191 !conn->conn_info_timestamp) {
6192 struct hci_request req;
6193 struct hci_cp_read_tx_power req_txp_cp;
6194 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 6195 struct mgmt_pending_cmd *cmd;
dd983808
AK		 6196
6197 hci_req_init(&req, hdev);
6198 req_rssi_cp.handle = cpu_to_le16(conn->handle);
6199 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
6200 &req_rssi_cp);
6201
f7faab0c
AK		 6202 /* For LE links TX power does not change thus we don't need to
6203 * query for it once value is known.
6204 */
6205 if (!bdaddr_type_is_le(cp->addr.type) ||
6206 conn->tx_power == HCI_TX_POWER_INVALID) {
6207 req_txp_cp.handle = cpu_to_le16(conn->handle);
6208 req_txp_cp.type = 0x00;
6209 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6210 sizeof(req_txp_cp), &req_txp_cp);
6211 }
dd983808 6212
eed5daf3
AK		 6213 /* Max TX power needs to be read only once per connection */
6214 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
6215 req_txp_cp.handle = cpu_to_le16(conn->handle);
6216 req_txp_cp.type = 0x01;
6217 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6218 sizeof(req_txp_cp), &req_txp_cp);
6219 }
6220
dd983808
AK		 6221 err = hci_req_run(&req, conn_info_refresh_complete);
6222 if (err < 0)
6223 goto unlock;
6224
6225 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
6226 data, len);
6227 if (!cmd) {
6228 err = -ENOMEM;
6229 goto unlock;
6230 }
6231
6232 hci_conn_hold(conn);
f8aaf9b6 6233 cmd->user_data = hci_conn_get(conn);
9981bdb0 6234 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 6235
6236 conn->conn_info_timestamp = jiffies;
6237 } else {
6238 /* Cache is valid, just reply with values cached in hci_conn */
6239 rp.rssi = conn->rssi;
6240 rp.tx_power = conn->tx_power;
eed5daf3 6241 rp.max_tx_power = conn->max_tx_power;
dd983808 6242
2a1afb5a
JH		 6243 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6244 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 6245 }
6246
6247unlock:
6248 hci_dev_unlock(hdev);
6249 return err;
6250}
6251
3b0602cd 6252static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 6253{
69487371 6254 struct hci_conn *conn = cmd->user_data;
95868426 6255 struct mgmt_rp_get_clock_info rp;
69487371 6256 struct hci_dev *hdev;
9df74653 6257 int err;
69487371
JH		 6258
6259 memset(&rp, 0, sizeof(rp));
56f787c5 6260 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
69487371
JH		 6261
6262 if (status)
6263 goto complete;
6264
6265 hdev = hci_dev_get(cmd->index);
6266 if (hdev) {
6267 rp.local_clock = cpu_to_le32(hdev->clock);
6268 hci_dev_put(hdev);
6269 }
6270
6271 if (conn) {
6272 rp.piconet_clock = cpu_to_le32(conn->clock);
6273 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
6274 }
6275
6276complete:
2a1afb5a
JH		 6277 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
6278 sizeof(rp));
69487371
JH		 6279
6280 if (conn) {
6281 hci_conn_drop(conn);
6282 hci_conn_put(conn);
6283 }
9df74653
JH		 6284
6285 return err;
69487371
JH		 6286}
6287
1904a853 6288static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 6289{
95868426 6290 struct hci_cp_read_clock *hci_cp;
3b0602cd 6291 struct mgmt_pending_cmd *cmd;
95868426
JH		 6292 struct hci_conn *conn;
6293
181d6953 6294 bt_dev_dbg(hdev, "status %u", status);
95868426
JH		 6295
6296 hci_dev_lock(hdev);
6297
6298 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
6299 if (!hci_cp)
6300 goto unlock;
6301
6302 if (hci_cp->which) {
6303 u16 handle = __le16_to_cpu(hci_cp->handle);
6304 conn = hci_conn_hash_lookup_handle(hdev, handle);
6305 } else {
6306 conn = NULL;
6307 }
6308
333ae95d 6309 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 6310 if (!cmd)
6311 goto unlock;
6312
69487371 6313 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 6314 mgmt_pending_remove(cmd);
95868426
JH		 6315
6316unlock:
6317 hci_dev_unlock(hdev);
6318}
6319
6320static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
6321 u16 len)
6322{
6323 struct mgmt_cp_get_clock_info *cp = data;
6324 struct mgmt_rp_get_clock_info rp;
6325 struct hci_cp_read_clock hci_cp;
3b0602cd 6326 struct mgmt_pending_cmd *cmd;
95868426
JH		 6327 struct hci_request req;
6328 struct hci_conn *conn;
6329 int err;
6330
181d6953 6331 bt_dev_dbg(hdev, "sock %p", sk);
95868426
JH		 6332
6333 memset(&rp, 0, sizeof(rp));
6334 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6335 rp.addr.type = cp->addr.type;
6336
6337 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 6338 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6339 MGMT_STATUS_INVALID_PARAMS,
6340 &rp, sizeof(rp));
95868426
JH		 6341
6342 hci_dev_lock(hdev);
6343
6344 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 6345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6346 MGMT_STATUS_NOT_POWERED, &rp,
6347 sizeof(rp));
95868426
JH		 6348 goto unlock;
6349 }
6350
6351 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6352 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6353 &cp->addr.bdaddr);
6354 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 6355 err = mgmt_cmd_complete(sk, hdev->id,
6356 MGMT_OP_GET_CLOCK_INFO,
6357 MGMT_STATUS_NOT_CONNECTED,
6358 &rp, sizeof(rp));
95868426
JH		 6359 goto unlock;
6360 }
6361 } else {
6362 conn = NULL;
6363 }
6364
6365 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6366 if (!cmd) {
6367 err = -ENOMEM;
6368 goto unlock;
6369 }
6370
69487371
JH		 6371 cmd->cmd_complete = clock_info_cmd_complete;
6372
95868426
JH		 6373 hci_req_init(&req, hdev);
6374
6375 memset(&hci_cp, 0, sizeof(hci_cp));
6376 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6377
6378 if (conn) {
6379 hci_conn_hold(conn);
f8aaf9b6 6380 cmd->user_data = hci_conn_get(conn);
95868426
JH		 6381
6382 hci_cp.handle = cpu_to_le16(conn->handle);
6383 hci_cp.which = 0x01; /* Piconet clock */
6384 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6385 }
6386
6387 err = hci_req_run(&req, get_clock_info_complete);
6388 if (err < 0)
6389 mgmt_pending_remove(cmd);
6390
6391unlock:
6392 hci_dev_unlock(hdev);
6393 return err;
6394}
6395
5a154e6f
JH		 6396static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6397{
6398 struct hci_conn *conn;
6399
6400 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6401 if (!conn)
6402 return false;
6403
6404 if (conn->dst_type != type)
6405 return false;
6406
6407 if (conn->state != BT_CONNECTED)
6408 return false;
6409
6410 return true;
6411}
6412
6413/* This function requires the caller holds hdev->lock */
51d7a94d 6414static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 6415 u8 addr_type, u8 auto_connect)
6416{
5a154e6f
JH		 6417 struct hci_conn_params *params;
6418
6419 params = hci_conn_params_add(hdev, addr, addr_type);
6420 if (!params)
6421 return -EIO;
6422
6423 if (params->auto_connect == auto_connect)
6424 return 0;
6425
6426 list_del_init(&params->action);
6427
6428 switch (auto_connect) {
6429 case HCI_AUTO_CONN_DISABLED:
6430 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 6431 /* If auto connect is being disabled when we're trying to
6432 * connect to device, keep connecting.
6433 */
6434 if (params->explicit_connect)
6435 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 6436 break;
6437 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 6438 if (params->explicit_connect)
6439 list_add(&params->action, &hdev->pend_le_conns);
6440 else
6441 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 6442 break;
6443 case HCI_AUTO_CONN_DIRECT:
6444 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 6445 if (!is_connected(hdev, addr, addr_type))
5a154e6f 6446 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 6447 break;
6448 }
6449
6450 params->auto_connect = auto_connect;
6451
181d6953
MH		 6452 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
6453 addr, addr_type, auto_connect);
5a154e6f
JH		 6454
6455 return 0;
6456}
6457
8afef092
MH		 6458static void device_added(struct sock *sk, struct hci_dev *hdev,
6459 bdaddr_t *bdaddr, u8 type, u8 action)
6460{
6461 struct mgmt_ev_device_added ev;
6462
6463 bacpy(&ev.addr.bdaddr, bdaddr);
6464 ev.addr.type = type;
6465 ev.action = action;
6466
6467 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6468}
6469
2faade53
MH		 6470static int add_device(struct sock *sk, struct hci_dev *hdev,
6471 void *data, u16 len)
6472{
6473 struct mgmt_cp_add_device *cp = data;
6474 u8 auto_conn, addr_type;
4c54bf2b 6475 struct hci_conn_params *params;
2faade53 6476 int err;
4c54bf2b 6477 u32 current_flags = 0;
2faade53 6478
181d6953 6479 bt_dev_dbg(hdev, "sock %p", sk);
2faade53 6480
6659358e 6481 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 6482 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 6483 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6484 MGMT_STATUS_INVALID_PARAMS,
6485 &cp->addr, sizeof(cp->addr));
2faade53 6486
4b9e7e75 6487 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 6488 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6489 MGMT_STATUS_INVALID_PARAMS,
6490 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6491
6492 hci_dev_lock(hdev);
6493
6659358e 6494 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 6495 /* Only incoming connections action is supported for now */
6659358e 6496 if (cp->action != 0x01) {
51d7a94d
JH		 6497 err = mgmt_cmd_complete(sk, hdev->id,
6498 MGMT_OP_ADD_DEVICE,
6499 MGMT_STATUS_INVALID_PARAMS,
6500 &cp->addr, sizeof(cp->addr));
6659358e
JH		 6501 goto unlock;
6502 }
6503
8baaa403
APS		 6504 err = hci_bdaddr_list_add_with_flags(&hdev->whitelist,
6505 &cp->addr.bdaddr,
6506 cp->addr.type, 0);
6659358e
JH		 6507 if (err)
6508 goto unlock;
a397407f 6509
01b1cb87 6510 hci_req_update_scan(hdev);
a397407f 6511
6659358e
JH		 6512 goto added;
6513 }
6514
85813a7e 6515 addr_type = le_addr_type(cp->addr.type);
2faade53 6516
4b9e7e75 6517 if (cp->action == 0x02)
2faade53 6518 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 6519 else if (cp->action == 0x01)
6520 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 6521 else
a3451d27 6522 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 6523
9a0a8a8e
JP		 6524 /* Kernel internally uses conn_params with resolvable private
6525 * address, but Add Device allows only identity addresses.
6526 * Make sure it is enforced before calling
6527 * hci_conn_params_lookup.
6528 */
6529 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 6530 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6531 MGMT_STATUS_INVALID_PARAMS,
6532 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 6533 goto unlock;
6534 }
6535
bf5b3c8b
MH		 6536 /* If the connection parameters don't exist for this device,
6537 * they will be created and configured with defaults.
6538 */
51d7a94d 6539 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 6540 auto_conn) < 0) {
51d7a94d
JH		 6541 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6542 MGMT_STATUS_FAILED, &cp->addr,
6543 sizeof(cp->addr));
2faade53 6544 goto unlock;
4c54bf2b
APS		 6545 } else {
6546 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6547 addr_type);
6548 if (params)
6549 current_flags = params->current_flags;
2faade53
MH		 6550 }
6551
51d7a94d
JH		 6552 hci_update_background_scan(hdev);
6553
6659358e 6554added:
8afef092 6555 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
4c54bf2b
APS		 6556 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
6557 SUPPORTED_DEVICE_FLAGS(), current_flags);
8afef092 6558
51d7a94d
JH		 6559 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6560 MGMT_STATUS_SUCCESS, &cp->addr,
6561 sizeof(cp->addr));
2faade53
MH		 6562
6563unlock:
6564 hci_dev_unlock(hdev);
6565 return err;
6566}
6567
8afef092
MH		 6568static void device_removed(struct sock *sk, struct hci_dev *hdev,
6569 bdaddr_t *bdaddr, u8 type)
6570{
6571 struct mgmt_ev_device_removed ev;
6572
6573 bacpy(&ev.addr.bdaddr, bdaddr);
6574 ev.addr.type = type;
6575
6576 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6577}
6578
2faade53
MH		 6579static int remove_device(struct sock *sk, struct hci_dev *hdev,
6580 void *data, u16 len)
6581{
6582 struct mgmt_cp_remove_device *cp = data;
6583 int err;
6584
181d6953 6585 bt_dev_dbg(hdev, "sock %p", sk);
2faade53
MH		 6586
6587 hci_dev_lock(hdev);
6588
6589 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 6590 struct hci_conn_params *params;
2faade53
MH		 6591 u8 addr_type;
6592
6659358e 6593 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 6594 err = mgmt_cmd_complete(sk, hdev->id,
6595 MGMT_OP_REMOVE_DEVICE,
6596 MGMT_STATUS_INVALID_PARAMS,
6597 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6598 goto unlock;
6599 }
6600
6659358e
JH		 6601 if (cp->addr.type == BDADDR_BREDR) {
6602 err = hci_bdaddr_list_del(&hdev->whitelist,
6603 &cp->addr.bdaddr,
6604 cp->addr.type);
6605 if (err) {
51d7a94d
JH		 6606 err = mgmt_cmd_complete(sk, hdev->id,
6607 MGMT_OP_REMOVE_DEVICE,
6608 MGMT_STATUS_INVALID_PARAMS,
6609 &cp->addr,
6610 sizeof(cp->addr));
6659358e
JH		 6611 goto unlock;
6612 }
6613
01b1cb87 6614 hci_req_update_scan(hdev);
a397407f 6615
6659358e
JH		 6616 device_removed(sk, hdev, &cp->addr.bdaddr,
6617 cp->addr.type);
6618 goto complete;
6619 }
6620
85813a7e 6621 addr_type = le_addr_type(cp->addr.type);
2faade53 6622
9a0a8a8e
JP		 6623 /* Kernel internally uses conn_params with resolvable private
6624 * address, but Remove Device allows only identity addresses.
6625 * Make sure it is enforced before calling
6626 * hci_conn_params_lookup.
6627 */
6628 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 6629 err = mgmt_cmd_complete(sk, hdev->id,
6630 MGMT_OP_REMOVE_DEVICE,
6631 MGMT_STATUS_INVALID_PARAMS,
6632 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 6633 goto unlock;
6634 }
6635
c71593dd
JH		 6636 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6637 addr_type);
6638 if (!params) {
51d7a94d
JH		 6639 err = mgmt_cmd_complete(sk, hdev->id,
6640 MGMT_OP_REMOVE_DEVICE,
6641 MGMT_STATUS_INVALID_PARAMS,
6642 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 6643 goto unlock;
6644 }
6645
679d2b6f
JH		 6646 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
6647 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 6648 err = mgmt_cmd_complete(sk, hdev->id,
6649 MGMT_OP_REMOVE_DEVICE,
6650 MGMT_STATUS_INVALID_PARAMS,
6651 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 6652 goto unlock;
6653 }
6654
d1dbf12e 6655 list_del(&params->action);
c71593dd
JH		 6656 list_del(&params->list);
6657 kfree(params);
51d7a94d 6658 hci_update_background_scan(hdev);
8afef092
MH		 6659
6660 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6661 } else {
19de0825 6662 struct hci_conn_params *p, *tmp;
6659358e 6663 struct bdaddr_list *b, *btmp;
19de0825 6664
2faade53 6665 if (cp->addr.type) {
51d7a94d
JH		 6666 err = mgmt_cmd_complete(sk, hdev->id,
6667 MGMT_OP_REMOVE_DEVICE,
6668 MGMT_STATUS_INVALID_PARAMS,
6669 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6670 goto unlock;
6671 }
6672
6659358e
JH		 6673 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6674 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6675 list_del(&b->list);
6676 kfree(b);
6677 }
6678
01b1cb87 6679 hci_req_update_scan(hdev);
a397407f 6680
19de0825
JH		 6681 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6682 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6683 continue;
6684 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 6685 if (p->explicit_connect) {
6686 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
6687 continue;
6688 }
19de0825
JH		 6689 list_del(&p->action);
6690 list_del(&p->list);
6691 kfree(p);
6692 }
6693
181d6953 6694 bt_dev_dbg(hdev, "All LE connection parameters were removed");
19de0825 6695
51d7a94d 6696 hci_update_background_scan(hdev);
2faade53
MH		 6697 }
6698
6659358e 6699complete:
51d7a94d
JH		 6700 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
6701 MGMT_STATUS_SUCCESS, &cp->addr,
6702 sizeof(cp->addr));
2faade53
MH		 6703unlock:
6704 hci_dev_unlock(hdev);
6705 return err;
6706}
6707
a26f3dcf
JH		 6708static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6709 u16 len)
6710{
6711 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6712 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6713 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6714 u16 param_count, expected_len;
6715 int i;
6716
6717 if (!lmp_le_capable(hdev))
a69e8375
JH		 6718 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6719 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6720
6721 param_count = __le16_to_cpu(cp->param_count);
ba1d6936 6722 if (param_count > max_param_count) {
2064ee33
MH		 6723 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
6724 param_count);
a69e8375
JH		 6725 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6726 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6727 }
a26f3dcf 6728
5bec1fb8 6729 expected_len = struct_size(cp, params, param_count);
a26f3dcf 6730 if (expected_len != len) {
2064ee33
MH		 6731 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
6732 expected_len, len);
a69e8375
JH		 6733 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6734 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6735 }
6736
181d6953 6737 bt_dev_dbg(hdev, "param_count %u", param_count);
a26f3dcf
JH		 6738
6739 hci_dev_lock(hdev);
6740
6741 hci_conn_params_clear_disabled(hdev);
6742
6743 for (i = 0; i < param_count; i++) {
6744 struct mgmt_conn_param *param = &cp->params[i];
6745 struct hci_conn_params *hci_param;
6746 u16 min, max, latency, timeout;
6747 u8 addr_type;
6748
181d6953
MH		 6749 bt_dev_dbg(hdev, "Adding %pMR (type %u)", &param->addr.bdaddr,
6750 param->addr.type);
a26f3dcf
JH		 6751
6752 if (param->addr.type == BDADDR_LE_PUBLIC) {
6753 addr_type = ADDR_LE_DEV_PUBLIC;
6754 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6755 addr_type = ADDR_LE_DEV_RANDOM;
6756 } else {
2064ee33 6757 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 6758 continue;
6759 }
6760
6761 min = le16_to_cpu(param->min_interval);
6762 max = le16_to_cpu(param->max_interval);
6763 latency = le16_to_cpu(param->latency);
6764 timeout = le16_to_cpu(param->timeout);
6765
181d6953
MH		 6766 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6767 min, max, latency, timeout);
a26f3dcf
JH		 6768
6769 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
2064ee33 6770 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 6771 continue;
6772 }
6773
6774 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6775 addr_type);
6776 if (!hci_param) {
2064ee33 6777 bt_dev_err(hdev, "failed to add connection parameters");
a26f3dcf
JH		 6778 continue;
6779 }
6780
6781 hci_param->conn_min_interval = min;
6782 hci_param->conn_max_interval = max;
6783 hci_param->conn_latency = latency;
6784 hci_param->supervision_timeout = timeout;
6785 }
6786
6787 hci_dev_unlock(hdev);
6788
2a1afb5a
JH		 6789 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6790 NULL, 0);
a26f3dcf
JH		 6791}
6792
dbece37a
MH		 6793static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6794 void *data, u16 len)
6795{
6796 struct mgmt_cp_set_external_config *cp = data;
6797 bool changed;
6798 int err;
6799
181d6953 6800 bt_dev_dbg(hdev, "sock %p", sk);
dbece37a
MH		 6801
6802 if (hdev_is_powered(hdev))
a69e8375
JH		 6803 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6804 MGMT_STATUS_REJECTED);
dbece37a
MH		 6805
6806 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6807 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6808 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6809
6810 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6811 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6812 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6813
6814 hci_dev_lock(hdev);
6815
6816 if (cp->config)
238be788 6817 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6818 else
a69d8927 6819 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6820
6821 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6822 if (err < 0)
6823 goto unlock;
6824
6825 if (!changed)
6826 goto unlock;
6827
f4537c04
MH		 6828 err = new_options(hdev, sk);
6829
d7a5a11d 6830 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6831 mgmt_index_removed(hdev);
d603b76b 6832
516018a9 6833 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6834 hci_dev_set_flag(hdev, HCI_CONFIG);
6835 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6836
6837 queue_work(hdev->req_workqueue, &hdev->power_on);
6838 } else {
5ea234d3 6839 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6840 mgmt_index_added(hdev);
6841 }
dbece37a
MH		 6842 }
6843
6844unlock:
6845 hci_dev_unlock(hdev);
6846 return err;
6847}
6848
9713c17b
MH		 6849static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6850 void *data, u16 len)
6851{
6852 struct mgmt_cp_set_public_address *cp = data;
6853 bool changed;
6854 int err;
6855
181d6953 6856 bt_dev_dbg(hdev, "sock %p", sk);
9713c17b
MH		 6857
6858 if (hdev_is_powered(hdev))
a69e8375
JH		 6859 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6860 MGMT_STATUS_REJECTED);
9713c17b
MH		 6861
6862 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6863 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6864 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6865
6866 if (!hdev->set_bdaddr)
a69e8375
JH		 6867 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6868 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6869
6870 hci_dev_lock(hdev);
6871
6872 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6873 bacpy(&hdev->public_addr, &cp->bdaddr);
6874
6875 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6876 if (err < 0)
6877 goto unlock;
6878
6879 if (!changed)
6880 goto unlock;
6881
d7a5a11d 6882 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6883 err = new_options(hdev, sk);
6884
6885 if (is_configured(hdev)) {
6886 mgmt_index_removed(hdev);
6887
a358dc11 6888 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6889
a1536da2
MH		 6890 hci_dev_set_flag(hdev, HCI_CONFIG);
6891 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6892
6893 queue_work(hdev->req_workqueue, &hdev->power_on);
6894 }
6895
6896unlock:
6897 hci_dev_unlock(hdev);
6898 return err;
6899}
6900
40f66c05
JH		 6901static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6902 u16 opcode, struct sk_buff *skb)
6903{
6904 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6905 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6906 u8 *h192, *r192, *h256, *r256;
6907 struct mgmt_pending_cmd *cmd;
6908 u16 eir_len;
6909 int err;
6910
181d6953 6911 bt_dev_dbg(hdev, "status %u", status);
40f66c05
JH		 6912
6913 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6914 if (!cmd)
6915 return;
6916
6917 mgmt_cp = cmd->param;
6918
6919 if (status) {
6920 status = mgmt_status(status);
6921 eir_len = 0;
6922
6923 h192 = NULL;
6924 r192 = NULL;
6925 h256 = NULL;
6926 r256 = NULL;
6927 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6928 struct hci_rp_read_local_oob_data *rp;
6929
6930 if (skb->len != sizeof(*rp)) {
6931 status = MGMT_STATUS_FAILED;
6932 eir_len = 0;
6933 } else {
6934 status = MGMT_STATUS_SUCCESS;
6935 rp = (void *)skb->data;
6936
6937 eir_len = 5 + 18 + 18;
6938 h192 = rp->hash;
6939 r192 = rp->rand;
6940 h256 = NULL;
6941 r256 = NULL;
6942 }
6943 } else {
6944 struct hci_rp_read_local_oob_ext_data *rp;
6945
6946 if (skb->len != sizeof(*rp)) {
6947 status = MGMT_STATUS_FAILED;
6948 eir_len = 0;
6949 } else {
6950 status = MGMT_STATUS_SUCCESS;
6951 rp = (void *)skb->data;
6952
6953 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6954 eir_len = 5 + 18 + 18;
6955 h192 = NULL;
6956 r192 = NULL;
6957 } else {
6958 eir_len = 5 + 18 + 18 + 18 + 18;
6959 h192 = rp->hash192;
6960 r192 = rp->rand192;
6961 }
6962
6963 h256 = rp->hash256;
6964 r256 = rp->rand256;
6965 }
6966 }
6967
6968 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6969 if (!mgmt_rp)
6970 goto done;
6971
6972 if (status)
6973 goto send_rsp;
6974
6975 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6976 hdev->dev_class, 3);
6977
6978 if (h192 && r192) {
6979 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6980 EIR_SSP_HASH_C192, h192, 16);
6981 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6982 EIR_SSP_RAND_R192, r192, 16);
6983 }
6984
6985 if (h256 && r256) {
6986 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6987 EIR_SSP_HASH_C256, h256, 16);
6988 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6989 EIR_SSP_RAND_R256, r256, 16);
6990 }
6991
6992send_rsp:
6993 mgmt_rp->type = mgmt_cp->type;
6994 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6995
6996 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6997 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6998 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6999 if (err < 0 || status)
7000 goto done;
7001
7002 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
7003
7004 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7005 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
7006 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
7007done:
7008 kfree(mgmt_rp);
7009 mgmt_pending_remove(cmd);
7010}
7011
7012static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
7013 struct mgmt_cp_read_local_oob_ext_data *cp)
7014{
7015 struct mgmt_pending_cmd *cmd;
7016 struct hci_request req;
7017 int err;
7018
7019 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
7020 cp, sizeof(*cp));
7021 if (!cmd)
7022 return -ENOMEM;
7023
7024 hci_req_init(&req, hdev);
7025
7026 if (bredr_sc_enabled(hdev))
7027 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
7028 else
7029 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
7030
7031 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
7032 if (err < 0) {
7033 mgmt_pending_remove(cmd);
7034 return err;
7035 }
7036
7037 return 0;
7038}
7039
4f0f155c
MH		 7040static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
7041 void *data, u16 data_len)
7042{
7043 struct mgmt_cp_read_local_oob_ext_data *cp = data;
7044 struct mgmt_rp_read_local_oob_ext_data *rp;
7045 size_t rp_len;
7046 u16 eir_len;
0821a2c5 7047 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 7048 int err;
7049
181d6953 7050 bt_dev_dbg(hdev, "sock %p", sk);
4f0f155c 7051
57b0d3e8
MH		 7052 if (hdev_is_powered(hdev)) {
7053 switch (cp->type) {
7054 case BIT(BDADDR_BREDR):
7055 status = mgmt_bredr_support(hdev);
7056 if (status)
7057 eir_len = 0;
7058 else
7059 eir_len = 5;
7060 break;
7061 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7062 status = mgmt_le_support(hdev);
7063 if (status)
7064 eir_len = 0;
7065 else
7066 eir_len = 9 + 3 + 18 + 18 + 3;
7067 break;
7068 default:
7069 status = MGMT_STATUS_INVALID_PARAMS;
7070 eir_len = 0;
7071 break;
7072 }
7073 } else {
7074 status = MGMT_STATUS_NOT_POWERED;
7075 eir_len = 0;
4f0f155c
MH		 7076 }
7077
4f0f155c
MH		 7078 rp_len = sizeof(*rp) + eir_len;
7079 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 7080 if (!rp)
4f0f155c 7081 return -ENOMEM;
efcd8c98 7082
57b0d3e8
MH		 7083 if (status)
7084 goto complete;
7085
efcd8c98 7086 hci_dev_lock(hdev);
4f0f155c
MH		 7087
7088 eir_len = 0;
7089 switch (cp->type) {
7090 case BIT(BDADDR_BREDR):
40f66c05
JH		 7091 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7092 err = read_local_ssp_oob_req(hdev, sk, cp);
7093 hci_dev_unlock(hdev);
7094 if (!err)
7095 goto done;
7096
7097 status = MGMT_STATUS_FAILED;
7098 goto complete;
7099 } else {
7100 eir_len = eir_append_data(rp->eir, eir_len,
7101 EIR_CLASS_OF_DEV,
7102 hdev->dev_class, 3);
7103 }
4f0f155c
MH		 7104 break;
7105 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 7106 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
7107 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 7108 hci_dev_unlock(hdev);
57b0d3e8
MH		 7109 status = MGMT_STATUS_FAILED;
7110 goto complete;
0821a2c5
MH		 7111 }
7112
e213568a
MH		 7113 /* This should return the active RPA, but since the RPA
7114 * is only programmed on demand, it is really hard to fill
7115 * this in at the moment. For now disallow retrieving
7116 * local out-of-band data when privacy is in use.
7117 *
7118 * Returning the identity address will not help here since
7119 * pairing happens before the identity resolving key is
7120 * known and thus the connection establishment happens
7121 * based on the RPA and not the identity address.
7122 */
4f0f155c 7123 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 7124 hci_dev_unlock(hdev);
7125 status = MGMT_STATUS_REJECTED;
7126 goto complete;
7127 }
7128
7129 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
7130 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
7131 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
7132 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 7133 memcpy(addr, &hdev->static_addr, 6);
7134 addr[6] = 0x01;
7135 } else {
7136 memcpy(addr, &hdev->bdaddr, 6);
7137 addr[6] = 0x00;
7138 }
7139
7140 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
7141 addr, sizeof(addr));
7142
7143 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7144 role = 0x02;
7145 else
7146 role = 0x01;
7147
7148 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
7149 &role, sizeof(role));
7150
5082a599
MH		 7151 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
7152 eir_len = eir_append_data(rp->eir, eir_len,
7153 EIR_LE_SC_CONFIRM,
7154 hash, sizeof(hash));
0821a2c5 7155
5082a599
MH		 7156 eir_len = eir_append_data(rp->eir, eir_len,
7157 EIR_LE_SC_RANDOM,
7158 rand, sizeof(rand));
7159 }
0821a2c5 7160
f2252570 7161 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 7162
7163 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7164 flags |= LE_AD_NO_BREDR;
7165
7166 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
7167 &flags, sizeof(flags));
7168 break;
7169 }
7170
4f0f155c
MH		 7171 hci_dev_unlock(hdev);
7172
72000df2
MH		 7173 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
7174
57b0d3e8
MH		 7175 status = MGMT_STATUS_SUCCESS;
7176
7177complete:
efcd8c98
MH		 7178 rp->type = cp->type;
7179 rp->eir_len = cpu_to_le16(eir_len);
7180
4f0f155c 7181 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 7182 status, rp, sizeof(*rp) + eir_len);
7183 if (err < 0 || status)
72000df2
MH		 7184 goto done;
7185
7186 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7187 rp, sizeof(*rp) + eir_len,
7188 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 7189
0821a2c5 7190done:
4f0f155c
MH		 7191 kfree(rp);
7192
7193 return err;
7194}
7195
089fa8c0
AU		 7196static u32 get_supported_adv_flags(struct hci_dev *hdev)
7197{
7198 u32 flags = 0;
7199
7200 flags |= MGMT_ADV_FLAG_CONNECTABLE;
7201 flags |= MGMT_ADV_FLAG_DISCOV;
7202 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
7203 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
c4960ecf 7204 flags |= MGMT_ADV_FLAG_APPEARANCE;
7c295c48 7205 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
089fa8c0 7206
de181e88
JK		 7207 /* In extended adv TX_POWER returned from Set Adv Param
7208 * will be always valid.
7209 */
7210 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
7211 ext_adv_capable(hdev))
089fa8c0
AU		 7212 flags |= MGMT_ADV_FLAG_TX_POWER;
7213
85a721a8
JK		 7214 if (ext_adv_capable(hdev)) {
7215 flags |= MGMT_ADV_FLAG_SEC_1M;
d5ea32da
DW		 7216 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
7217 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
85a721a8
JK		 7218
7219 if (hdev->le_features[1] & HCI_LE_PHY_2M)
7220 flags |= MGMT_ADV_FLAG_SEC_2M;
7221
7222 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
7223 flags |= MGMT_ADV_FLAG_SEC_CODED;
7224 }
7225
089fa8c0
AU		 7226 return flags;
7227}
7228
d3d5305b
MH		 7229static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
7230 void *data, u16 data_len)
7231{
7232 struct mgmt_rp_read_adv_features *rp;
7233 size_t rp_len;
02c04afe 7234 int err;
286e0c83 7235 struct adv_info *adv_instance;
089fa8c0 7236 u32 supported_flags;
02c04afe 7237 u8 *instance;
d3d5305b 7238
181d6953 7239 bt_dev_dbg(hdev, "sock %p", sk);
d3d5305b 7240
089fa8c0
AU		 7241 if (!lmp_le_capable(hdev))
7242 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7243 MGMT_STATUS_REJECTED);
7244
cbbdfa6f
SN		 7245 /* Enabling the experimental LL Privay support disables support for
7246 * advertising.
7247 */
7248 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7249 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
7250 MGMT_STATUS_NOT_SUPPORTED);
7251
d3d5305b
MH		 7252 hci_dev_lock(hdev);
7253
02c04afe 7254 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 7255 rp = kmalloc(rp_len, GFP_ATOMIC);
7256 if (!rp) {
7257 hci_dev_unlock(hdev);
7258 return -ENOMEM;
7259 }
7260
089fa8c0
AU		 7261 supported_flags = get_supported_adv_flags(hdev);
7262
7263 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 7264 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7265 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
87597482 7266 rp->max_instances = hdev->le_num_of_adv_sets;
02c04afe 7267 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 7268
02c04afe
JH		 7269 instance = rp->instance;
7270 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7271 *instance = adv_instance->instance;
7272 instance++;
24b4f38f 7273 }
d3d5305b
MH		 7274
7275 hci_dev_unlock(hdev);
7276
7277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7278 MGMT_STATUS_SUCCESS, rp, rp_len);
7279
7280 kfree(rp);
7281
7282 return err;
7283}
7284
f61851f6
MN		 7285static u8 calculate_name_len(struct hci_dev *hdev)
7286{
7287 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
7288
7289 return append_local_name(hdev, buf, 0);
7290}
7291
7292static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
7293 bool is_adv_data)
24b4f38f 7294{
4117ed70 7295 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 7296
31a3248d
MH		 7297 if (is_adv_data) {
7298 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7299 MGMT_ADV_FLAG_LIMITED_DISCOV |
2bb36870 7300 MGMT_ADV_FLAG_MANAGED_FLAGS))
31a3248d 7301 max_len -= 3;
24b4f38f 7302
2bb36870 7303 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
31a3248d 7304 max_len -= 3;
7c295c48 7305 } else {
7c295c48 7306 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
f61851f6 7307 max_len -= calculate_name_len(hdev);
c4960ecf 7308
2bb36870 7309 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
c4960ecf 7310 max_len -= 4;
5507e358
AU		 7311 }
7312
2bb36870
SJ		 7313 return max_len;
7314}
7315
7316static bool flags_managed(u32 adv_flags)
7317{
7318 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
7319 MGMT_ADV_FLAG_LIMITED_DISCOV |
7320 MGMT_ADV_FLAG_MANAGED_FLAGS);
7321}
7322
7323static bool tx_power_managed(u32 adv_flags)
7324{
7325 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
7326}
7327
7328static bool name_managed(u32 adv_flags)
7329{
7330 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
7331}
7332
7333static bool appearance_managed(u32 adv_flags)
7334{
7335 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
7336}
7337
f61851f6
MN		 7338static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7339 u8 len, bool is_adv_data)
2bb36870
SJ		 7340{
7341 int i, cur_len;
7342 u8 max_len;
7343
f61851f6 7344 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
2bb36870 7345
4117ed70 7346 if (len > max_len)
24b4f38f
AU		 7347 return false;
7348
4117ed70
AU		 7349 /* Make sure that the data is correctly formatted. */
7350 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7351 cur_len = data[i];
24b4f38f 7352
9c9db78d
SJ		 7353 if (data[i + 1] == EIR_FLAGS &&
7354 (!is_adv_data || flags_managed(adv_flags)))
2bb36870
SJ		 7355 return false;
7356
7357 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
7358 return false;
7359
7360 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
7361 return false;
7362
7363 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
b44133ff
AU		 7364 return false;
7365
2bb36870
SJ		 7366 if (data[i + 1] == EIR_APPEARANCE &&
7367 appearance_managed(adv_flags))
5507e358
AU		 7368 return false;
7369
24b4f38f
AU		 7370 /* If the current field length would exceed the total data
7371 * length, then it's invalid.
7372 */
4117ed70 7373 if (i + cur_len >= len)
24b4f38f
AU		 7374 return false;
7375 }
7376
7377 return true;
7378}
7379
24b4f38f
AU		 7380static void add_advertising_complete(struct hci_dev *hdev, u8 status,
7381 u16 opcode)
7382{
7383 struct mgmt_pending_cmd *cmd;
fffd38bc 7384 struct mgmt_cp_add_advertising *cp;
24b4f38f 7385 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 7386 struct adv_info *adv_instance, *n;
7387 u8 instance;
24b4f38f 7388
181d6953 7389 bt_dev_dbg(hdev, "status %d", status);
24b4f38f
AU		 7390
7391 hci_dev_lock(hdev);
7392
7393 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
7394
fffd38bc
FG		 7395 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
7396 if (!adv_instance->pending)
7397 continue;
7398
7399 if (!status) {
7400 adv_instance->pending = false;
7401 continue;
7402 }
7403
7404 instance = adv_instance->instance;
7405
7406 if (hdev->cur_adv_instance == instance)
7407 cancel_adv_timeout(hdev);
7408
7409 hci_remove_adv_instance(hdev, instance);
f2252570 7410 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 7411 }
7412
7413 if (!cmd)
7414 goto unlock;
7415
fffd38bc
FG		 7416 cp = cmd->param;
7417 rp.instance = cp->instance;
24b4f38f
AU		 7418
7419 if (status)
7420 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
7421 mgmt_status(status));
7422 else
7423 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
7424 mgmt_status(status), &rp, sizeof(rp));
7425
7426 mgmt_pending_remove(cmd);
7427
7428unlock:
7429 hci_dev_unlock(hdev);
7430}
7431
7432static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7433 void *data, u16 data_len)
7434{
7435 struct mgmt_cp_add_advertising *cp = data;
7436 struct mgmt_rp_add_advertising rp;
7437 u32 flags;
85a721a8 7438 u32 supported_flags, phy_flags;
24b4f38f 7439 u8 status;
fffd38bc
FG		 7440 u16 timeout, duration;
7441 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7442 u8 schedule_instance = 0;
7443 struct adv_info *next_instance;
24b4f38f
AU		 7444 int err;
7445 struct mgmt_pending_cmd *cmd;
7446 struct hci_request req;
7447
181d6953 7448 bt_dev_dbg(hdev, "sock %p", sk);
24b4f38f
AU		 7449
7450 status = mgmt_le_support(hdev);
7451 if (status)
7452 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7453 status);
7454
cbbdfa6f
SN		 7455 /* Enabling the experimental LL Privay support disables support for
7456 * advertising.
7457 */
7458 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7459 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
7460 MGMT_STATUS_NOT_SUPPORTED);
7461
87597482 7462 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
6a0e7807
JH		 7463 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7464 MGMT_STATUS_INVALID_PARAMS);
7465
7466 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 7467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7468 MGMT_STATUS_INVALID_PARAMS);
7469
24b4f38f 7470 flags = __le32_to_cpu(cp->flags);
912098a6 7471 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 7472 duration = __le16_to_cpu(cp->duration);
24b4f38f 7473
fffd38bc 7474 /* The current implementation only supports a subset of the specified
85a721a8 7475 * flags. Also need to check mutual exclusiveness of sec flags.
089fa8c0
AU		 7476 */
7477 supported_flags = get_supported_adv_flags(hdev);
85a721a8
JK		 7478 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
7479 if (flags & ~supported_flags ||
7480 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
24b4f38f
AU		 7481 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7482 MGMT_STATUS_INVALID_PARAMS);
7483
7484 hci_dev_lock(hdev);
7485
912098a6
AU		 7486 if (timeout && !hdev_is_powered(hdev)) {
7487 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7488 MGMT_STATUS_REJECTED);
7489 goto unlock;
7490 }
7491
24b4f38f 7492 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 7493 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 7494 pending_find(MGMT_OP_SET_LE, hdev)) {
7495 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7496 MGMT_STATUS_BUSY);
7497 goto unlock;
7498 }
7499
f61851f6
MN		 7500 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
7501 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 7502 cp->scan_rsp_len, false)) {
24b4f38f
AU		 7503 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7504 MGMT_STATUS_INVALID_PARAMS);
7505 goto unlock;
7506 }
7507
fffd38bc
FG		 7508 err = hci_add_adv_instance(hdev, cp->instance, flags,
7509 cp->adv_data_len, cp->data,
7510 cp->scan_rsp_len,
7511 cp->data + cp->adv_data_len,
7512 timeout, duration);
7513 if (err < 0) {
7514 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7515 MGMT_STATUS_FAILED);
7516 goto unlock;
7517 }
24b4f38f 7518
fffd38bc
FG		 7519 /* Only trigger an advertising added event if a new instance was
7520 * actually added.
7521 */
7522 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 7523 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 7524
fffd38bc
FG		 7525 if (hdev->cur_adv_instance == cp->instance) {
7526 /* If the currently advertised instance is being changed then
7527 * cancel the current advertising and schedule the next
7528 * instance. If there is only one instance then the overridden
7529 * advertising data will be visible right away.
7530 */
7531 cancel_adv_timeout(hdev);
912098a6 7532
fffd38bc
FG		 7533 next_instance = hci_get_next_instance(hdev, cp->instance);
7534 if (next_instance)
7535 schedule_instance = next_instance->instance;
7536 } else if (!hdev->adv_instance_timeout) {
7537 /* Immediately advertise the new instance if no other
7538 * instance is currently being advertised.
7539 */
7540 schedule_instance = cp->instance;
7541 }
24b4f38f 7542
fffd38bc
FG		 7543 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
7544 * there is no instance to be advertised then we have no HCI
7545 * communication to make. Simply return.
24b4f38f
AU		 7546 */
7547 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 7548 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7549 !schedule_instance) {
7550 rp.instance = cp->instance;
24b4f38f
AU		 7551 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7552 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7553 goto unlock;
7554 }
7555
7556 /* We're good to go, update advertising data, parameters, and start
7557 * advertising.
7558 */
7559 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7560 data_len);
7561 if (!cmd) {
7562 err = -ENOMEM;
7563 goto unlock;
7564 }
7565
7566 hci_req_init(&req, hdev);
7567
f2252570 7568 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 7569
7570 if (!err)
7571 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 7572
72da7b2c
JH		 7573 if (err < 0) {
7574 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7575 MGMT_STATUS_FAILED);
24b4f38f 7576 mgmt_pending_remove(cmd);
72da7b2c 7577 }
24b4f38f
AU		 7578
7579unlock:
7580 hci_dev_unlock(hdev);
7581
7582 return err;
7583}
7584
da929335
AU		 7585static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7586 u16 opcode)
7587{
7588 struct mgmt_pending_cmd *cmd;
01948331 7589 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 7590 struct mgmt_rp_remove_advertising rp;
7591
181d6953 7592 bt_dev_dbg(hdev, "status %d", status);
da929335
AU		 7593
7594 hci_dev_lock(hdev);
7595
7596 /* A failure status here only means that we failed to disable
7597 * advertising. Otherwise, the advertising instance has been removed,
7598 * so report success.
7599 */
7600 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7601 if (!cmd)
7602 goto unlock;
7603
01948331
FG		 7604 cp = cmd->param;
7605 rp.instance = cp->instance;
da929335
AU		 7606
7607 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7608 &rp, sizeof(rp));
7609 mgmt_pending_remove(cmd);
7610
7611unlock:
7612 hci_dev_unlock(hdev);
7613}
7614
7615static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7616 void *data, u16 data_len)
7617{
7618 struct mgmt_cp_remove_advertising *cp = data;
7619 struct mgmt_rp_remove_advertising rp;
da929335
AU		 7620 struct mgmt_pending_cmd *cmd;
7621 struct hci_request req;
952497b1 7622 int err;
da929335 7623
181d6953 7624 bt_dev_dbg(hdev, "sock %p", sk);
da929335 7625
cbbdfa6f
SN		 7626 /* Enabling the experimental LL Privay support disables support for
7627 * advertising.
7628 */
7629 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
7630 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
7631 MGMT_STATUS_NOT_SUPPORTED);
7632
da929335
AU		 7633 hci_dev_lock(hdev);
7634
952497b1 7635 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 7636 err = mgmt_cmd_status(sk, hdev->id,
7637 MGMT_OP_REMOVE_ADVERTISING,
7638 MGMT_STATUS_INVALID_PARAMS);
7639 goto unlock;
7640 }
7641
da929335
AU		 7642 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7643 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7644 pending_find(MGMT_OP_SET_LE, hdev)) {
7645 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7646 MGMT_STATUS_BUSY);
7647 goto unlock;
7648 }
7649
17fd08ff 7650 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 7651 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7652 MGMT_STATUS_INVALID_PARAMS);
7653 goto unlock;
7654 }
7655
01948331 7656 hci_req_init(&req, hdev);
da929335 7657
37adf701
DW		 7658 /* If we use extended advertising, instance is disabled and removed */
7659 if (ext_adv_capable(hdev)) {
7660 __hci_req_disable_ext_adv_instance(&req, cp->instance);
7661 __hci_req_remove_ext_adv_instance(&req, cp->instance);
7662 }
7663
37d3a1fa 7664 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
da929335 7665
01948331 7666 if (list_empty(&hdev->adv_instances))
f2252570 7667 __hci_req_disable_advertising(&req);
da929335 7668
01948331
FG		 7669 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
7670 * flag is set or the device isn't powered then we have no HCI
7671 * communication to make. Simply return.
da929335 7672 */
01948331
FG		 7673 if (skb_queue_empty(&req.cmd_q) ||
7674 !hdev_is_powered(hdev) ||
da929335 7675 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
f17d858e 7676 hci_req_purge(&req);
01948331 7677 rp.instance = cp->instance;
da929335
AU		 7678 err = mgmt_cmd_complete(sk, hdev->id,
7679 MGMT_OP_REMOVE_ADVERTISING,
7680 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7681 goto unlock;
7682 }
7683
7684 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7685 data_len);
7686 if (!cmd) {
7687 err = -ENOMEM;
7688 goto unlock;
7689 }
7690
da929335
AU		 7691 err = hci_req_run(&req, remove_advertising_complete);
7692 if (err < 0)
7693 mgmt_pending_remove(cmd);
7694
7695unlock:
7696 hci_dev_unlock(hdev);
7697
7698 return err;
7699}
7700
40b25fe5
MH		 7701static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
7702 void *data, u16 data_len)
7703{
7704 struct mgmt_cp_get_adv_size_info *cp = data;
7705 struct mgmt_rp_get_adv_size_info rp;
7706 u32 flags, supported_flags;
7707 int err;
7708
181d6953 7709 bt_dev_dbg(hdev, "sock %p", sk);
40b25fe5
MH		 7710
7711 if (!lmp_le_capable(hdev))
7712 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7713 MGMT_STATUS_REJECTED);
7714
87597482 7715 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
40b25fe5
MH		 7716 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7717 MGMT_STATUS_INVALID_PARAMS);
7718
7719 flags = __le32_to_cpu(cp->flags);
7720
7721 /* The current implementation only supports a subset of the specified
7722 * flags.
7723 */
7724 supported_flags = get_supported_adv_flags(hdev);
7725 if (flags & ~supported_flags)
7726 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7727 MGMT_STATUS_INVALID_PARAMS);
7728
7729 rp.instance = cp->instance;
7730 rp.flags = cp->flags;
f61851f6
MN		 7731 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
7732 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
40b25fe5
MH		 7733
7734 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
7735 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7736
7737 return err;
7738}
7739
6d785aa3 7740static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 7741 { NULL }, /* 0x0000 (no command) */
b9a245fb 7742 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 7743 HCI_MGMT_NO_HDEV |
7744 HCI_MGMT_UNTRUSTED },
b9a245fb 7745 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 7746 HCI_MGMT_NO_HDEV |
7747 HCI_MGMT_UNTRUSTED },
b9a245fb 7748 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 7749 HCI_MGMT_NO_HDEV |
7750 HCI_MGMT_UNTRUSTED },
7751 { read_controller_info, MGMT_READ_INFO_SIZE,
7752 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 7753 { set_powered, MGMT_SETTING_SIZE },
7754 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7755 { set_connectable, MGMT_SETTING_SIZE },
7756 { set_fast_connectable, MGMT_SETTING_SIZE },
7757 { set_bondable, MGMT_SETTING_SIZE },
7758 { set_link_security, MGMT_SETTING_SIZE },
7759 { set_ssp, MGMT_SETTING_SIZE },
7760 { set_hs, MGMT_SETTING_SIZE },
7761 { set_le, MGMT_SETTING_SIZE },
7762 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7763 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7764 { add_uuid, MGMT_ADD_UUID_SIZE },
7765 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 7766 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7767 HCI_MGMT_VAR_LEN },
7768 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7769 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7770 { disconnect, MGMT_DISCONNECT_SIZE },
7771 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7772 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7773 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7774 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7775 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7776 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7777 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7778 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7779 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7780 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7781 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 7782 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7783 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7784 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7785 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7786 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7787 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7788 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7789 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7790 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7791 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7792 { set_advertising, MGMT_SETTING_SIZE },
7793 { set_bredr, MGMT_SETTING_SIZE },
7794 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7795 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7796 { set_secure_conn, MGMT_SETTING_SIZE },
7797 { set_debug_keys, MGMT_SETTING_SIZE },
7798 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 7799 { load_irks, MGMT_LOAD_IRKS_SIZE,
7800 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7801 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7802 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7803 { add_device, MGMT_ADD_DEVICE_SIZE },
7804 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 7805 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7806 HCI_MGMT_VAR_LEN },
7807 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 7808 HCI_MGMT_NO_HDEV |
7809 HCI_MGMT_UNTRUSTED },
b9a245fb 7810 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 7811 HCI_MGMT_UNCONFIGURED |
7812 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 7813 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7814 HCI_MGMT_UNCONFIGURED },
7815 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7816 HCI_MGMT_UNCONFIGURED },
7817 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7818 HCI_MGMT_VAR_LEN },
4f0f155c 7819 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 7820 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 7821 HCI_MGMT_NO_HDEV |
7822 HCI_MGMT_UNTRUSTED },
d3d5305b 7823 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 7824 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7825 HCI_MGMT_VAR_LEN },
da929335 7826 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 7827 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 7828 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 7829 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
7830 HCI_MGMT_UNTRUSTED },
c4960ecf 7831 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6244691f 7832 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
0314f286 7833 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
600a8749
AM		 7834 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
7835 HCI_MGMT_VAR_LEN },
00bce3fb 7836 { set_wideband_speech, MGMT_SETTING_SIZE },
bc292258
MH		 7837 { read_security_info, MGMT_READ_SECURITY_INFO_SIZE,
7838 HCI_MGMT_UNTRUSTED },
a10c907c
MH		 7839 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
7840 HCI_MGMT_UNTRUSTED |
7841 HCI_MGMT_HDEV_OPTIONAL },
7842 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
7843 HCI_MGMT_VAR_LEN |
7844 HCI_MGMT_HDEV_OPTIONAL },
17896406
AM		 7845 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
7846 HCI_MGMT_UNTRUSTED },
7847 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
7848 HCI_MGMT_VAR_LEN },
aececa64
MH		 7849 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
7850 HCI_MGMT_UNTRUSTED },
7851 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
7852 HCI_MGMT_VAR_LEN },
4c54bf2b
APS		 7853 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
7854 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
e5e1e7fd 7855 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
b139553d
MC		 7856 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
7857 HCI_MGMT_VAR_LEN },
bd2fbc6c 7858 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
0f4e68cf
JH		 7859};
7860
bf6b56db 7861void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 7862{
ced85549 7863 struct mgmt_ev_ext_index ev;
bb4b2a9a 7864
0602a8ad
MH		 7865 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7866 return;
7867
f9207338 7868 switch (hdev->dev_type) {
ca8bee5d 7869 case HCI_PRIMARY:
f9207338
MH		 7870 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7871 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7872 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7873 ev.type = 0x01;
f9207338
MH		 7874 } else {
7875 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7876 HCI_MGMT_INDEX_EVENTS);
ced85549 7877 ev.type = 0x00;
f9207338
MH		 7878 }
7879 break;
ced85549
MH		 7880 case HCI_AMP:
7881 ev.type = 0x02;
7882 break;
7883 default:
7884 return;
f9207338 7885 }
ced85549
MH		 7886
7887 ev.bus = hdev->bus;
7888
7889 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7890 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 7891}
7892
bf6b56db 7893void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 7894{
ced85549 7895 struct mgmt_ev_ext_index ev;
5f159032 7896 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 7897
0602a8ad
MH		 7898 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7899 return;
7900
f9207338 7901 switch (hdev->dev_type) {
ca8bee5d 7902 case HCI_PRIMARY:
f9207338 7903 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 7904
f9207338
MH		 7905 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7906 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7907 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7908 ev.type = 0x01;
f9207338
MH		 7909 } else {
7910 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7911 HCI_MGMT_INDEX_EVENTS);
ced85549 7912 ev.type = 0x00;
f9207338
MH		 7913 }
7914 break;
ced85549
MH		 7915 case HCI_AMP:
7916 ev.type = 0x02;
7917 break;
7918 default:
7919 return;
f9207338 7920 }
ced85549
MH		 7921
7922 ev.bus = hdev->bus;
7923
7924 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7925 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 7926}
7927
6046dc3e 7928/* This function requires the caller holds hdev->lock */
af02dd44 7929static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 7930{
7931 struct hci_conn_params *p;
7932
7933 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 7934 /* Needed for AUTO_OFF case where might not "really"
7935 * have been powered off.
7936 */
7937 list_del_init(&p->action);
7938
7939 switch (p->auto_connect) {
4b9e7e75 7940 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7941 case HCI_AUTO_CONN_ALWAYS:
7942 list_add(&p->action, &hdev->pend_le_conns);
7943 break;
7944 case HCI_AUTO_CONN_REPORT:
7945 list_add(&p->action, &hdev->pend_le_reports);
7946 break;
7947 default:
7948 break;
c83ed19d 7949 }
6046dc3e
AG		 7950 }
7951}
7952
2ff13894 7953void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 7954{
7955 struct cmd_lookup match = { NULL, hdev };
7956
181d6953 7957 bt_dev_dbg(hdev, "err %d", err);
229ab39c 7958
2ff13894
JH		 7959 hci_dev_lock(hdev);
7960
7961 if (!err) {
af02dd44
JH		 7962 restart_le_actions(hdev);
7963 hci_update_background_scan(hdev);
162a3bac
MH		 7964 }
7965
229ab39c
JH		 7966 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7967
7968 new_settings(hdev, match.sk);
7969
229ab39c
JH		 7970 if (match.sk)
7971 sock_put(match.sk);
229ab39c 7972
2ff13894 7973 hci_dev_unlock(hdev);
70da6243 7974}
562fcc24 7975
2ff13894 7976void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 7977{
7978 struct cmd_lookup match = { NULL, hdev };
9845904f 7979 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 7980
229ab39c 7981 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7982
7983 /* If the power off is because of hdev unregistration let
7984 * use the appropriate INVALID_INDEX status. Otherwise use
7985 * NOT_POWERED. We cover both scenarios here since later in
7986 * mgmt_index_removed() any hci_conn callbacks will have already
7987 * been triggered, potentially causing misleading DISCONNECTED
7988 * status responses.
7989 */
d7a5a11d 7990 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7991 status = MGMT_STATUS_INVALID_INDEX;
7992 else
7993 status = MGMT_STATUS_NOT_POWERED;
7994
7995 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 7996
321c6fee 7997 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 7998 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7999 zero_cod, sizeof(zero_cod),
8000 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 8001 ext_info_changed(hdev, NULL);
8002 }
229ab39c 8003
2ff13894 8004 new_settings(hdev, match.sk);
eec8d2bc
JH		 8005
8006 if (match.sk)
8007 sock_put(match.sk);
5add6af8 8008}
73f22f62 8009
3eec705e 8010void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 8011{
3b0602cd 8012 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 8013 u8 status;
8014
333ae95d 8015 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 8016 if (!cmd)
3eec705e 8017 return;
96570ffc
JH		 8018
8019 if (err == -ERFKILL)
8020 status = MGMT_STATUS_RFKILLED;
8021 else
8022 status = MGMT_STATUS_FAILED;
8023
a69e8375 8024 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 8025
8026 mgmt_pending_remove(cmd);
96570ffc
JH		 8027}
8028
dc4a5ee2
MH		 8029void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8030 bool persistent)
55ed8ca1 8031{
86742e1e 8032 struct mgmt_ev_new_link_key ev;
55ed8ca1 8033
a492cd52 8034 memset(&ev, 0, sizeof(ev));
55ed8ca1 8035
a492cd52 8036 ev.store_hint = persistent;
d753fdc4 8037 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 8038 ev.key.addr.type = BDADDR_BREDR;
a492cd52 8039 ev.key.type = key->type;
9b3b4460 8040 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 8041 ev.key.pin_len = key->pin_len;
55ed8ca1 8042
dc4a5ee2 8043 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 8044}
f7520543 8045
d7b25450
JH		 8046static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8047{
23fb8de3
JH		 8048 switch (ltk->type) {
8049 case SMP_LTK:
8050 case SMP_LTK_SLAVE:
8051 if (ltk->authenticated)
8052 return MGMT_LTK_AUTHENTICATED;
8053 return MGMT_LTK_UNAUTHENTICATED;
8054 case SMP_LTK_P256:
8055 if (ltk->authenticated)
8056 return MGMT_LTK_P256_AUTH;
8057 return MGMT_LTK_P256_UNAUTH;
8058 case SMP_LTK_P256_DEBUG:
8059 return MGMT_LTK_P256_DEBUG;
8060 }
d7b25450
JH		 8061
8062 return MGMT_LTK_UNAUTHENTICATED;
8063}
8064
53ac6ab6 8065void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 8066{
8067 struct mgmt_ev_new_long_term_key ev;
8068
8069 memset(&ev, 0, sizeof(ev));
8070
5192d301 8071 /* Devices using resolvable or non-resolvable random addresses
f72186d2 8072 * without providing an identity resolving key don't require
5192d301
MH		 8073 * to store long term keys. Their addresses will change the
8074 * next time around.
8075 *
8076 * Only when a remote device provides an identity address
8077 * make sure the long term key is stored. If the remote
8078 * identity is known, the long term keys are internally
8079 * mapped to the identity address. So allow static random
8080 * and public addresses here.
8081 */
ba74b666
JH		 8082 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8083 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8084 ev.store_hint = 0x00;
8085 else
53ac6ab6 8086 ev.store_hint = persistent;
ba74b666 8087
346af67b 8088 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 8089 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 8090 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 8091 ev.key.enc_size = key->enc_size;
8092 ev.key.ediv = key->ediv;
fe39c7b2 8093 ev.key.rand = key->rand;
346af67b 8094
2ceba539 8095 if (key->type == SMP_LTK)
346af67b
VCG		 8096 ev.key.master = 1;
8097
1fc62c52
JH		 8098 /* Make sure we copy only the significant bytes based on the
8099 * encryption key size, and set the rest of the value to zeroes.
8100 */
cb92205b 8101 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 8102 memset(ev.key.val + key->enc_size, 0,
8103 sizeof(ev.key.val) - key->enc_size);
346af67b 8104
083368f7 8105 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 8106}
8107
cad20c27 8108void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 8109{
8110 struct mgmt_ev_new_irk ev;
8111
8112 memset(&ev, 0, sizeof(ev));
8113
cad20c27 8114 ev.store_hint = persistent;
bab6d1e5 8115
95fbac8a
JH		 8116 bacpy(&ev.rpa, &irk->rpa);
8117 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8118 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8119 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8120
8121 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8122}
8123
53ac6ab6
MH		 8124void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8125 bool persistent)
7ee4ea36
MH		 8126{
8127 struct mgmt_ev_new_csrk ev;
8128
8129 memset(&ev, 0, sizeof(ev));
8130
8131 /* Devices using resolvable or non-resolvable random addresses
f72186d2 8132 * without providing an identity resolving key don't require
7ee4ea36
MH		 8133 * to store signature resolving keys. Their addresses will change
8134 * the next time around.
8135 *
8136 * Only when a remote device provides an identity address
8137 * make sure the signature resolving key is stored. So allow
8138 * static random and public addresses here.
8139 */
8140 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8141 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8142 ev.store_hint = 0x00;
8143 else
53ac6ab6 8144 ev.store_hint = persistent;
7ee4ea36
MH		 8145
8146 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8147 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 8148 ev.key.type = csrk->type;
7ee4ea36
MH		 8149 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8150
8151 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8152}
8153
ffb5a827 8154void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 8155 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8156 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 8157{
8158 struct mgmt_ev_new_conn_param ev;
8159
c103aea6
JH		 8160 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8161 return;
8162
ffb5a827
AG		 8163 memset(&ev, 0, sizeof(ev));
8164 bacpy(&ev.addr.bdaddr, bdaddr);
8165 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 8166 ev.store_hint = store_hint;
ffb5a827
AG		 8167 ev.min_interval = cpu_to_le16(min_interval);
8168 ev.max_interval = cpu_to_le16(max_interval);
8169 ev.latency = cpu_to_le16(latency);
8170 ev.timeout = cpu_to_le16(timeout);
8171
8172 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8173}
8174
48ec92fa
AA		 8175void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
8176 u32 flags, u8 *name, u8 name_len)
f7520543 8177{
b644ba33
JH		 8178 char buf[512];
8179 struct mgmt_ev_device_connected *ev = (void *) buf;
8180 u16 eir_len = 0;
f7520543 8181
48ec92fa
AA		 8182 bacpy(&ev->addr.bdaddr, &conn->dst);
8183 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 8184
c95f0ba7 8185 ev->flags = __cpu_to_le32(flags);
08c79b61 8186
fd45ada9
AA		 8187 /* We must ensure that the EIR Data fields are ordered and
8188 * unique. Keep it simple for now and avoid the problem by not
8189 * adding any BR/EDR data to the LE adv.
8190 */
8191 if (conn->le_adv_data_len > 0) {
8192 memcpy(&ev->eir[eir_len],
8193 conn->le_adv_data, conn->le_adv_data_len);
8194 eir_len = conn->le_adv_data_len;
8195 } else {
8196 if (name_len > 0)
8197 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
8198 name, name_len);
b644ba33 8199
ddbea5cf 8200 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 8201 eir_len = eir_append_data(ev->eir, eir_len,
8202 EIR_CLASS_OF_DEV,
8203 conn->dev_class, 3);
8204 }
b644ba33 8205
eb55ef07 8206 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 8207
ecd90ae7
MH		 8208 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
8209 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 8210}
8211
3b0602cd 8212static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 8213{
8962ee74 8214 struct sock **sk = data;
8962ee74 8215
f5818c22 8216 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 8217
8218 *sk = cmd->sk;
8219 sock_hold(*sk);
8220
a664b5bc 8221 mgmt_pending_remove(cmd);
8962ee74
JH		 8222}
8223
3b0602cd 8224static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 8225{
b1078ad0 8226 struct hci_dev *hdev = data;
124f6e35 8227 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 8228
b1078ad0
JH		 8229 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
8230
d8b7b1e4 8231 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 8232 mgmt_pending_remove(cmd);
8233}
8234
84c61d92
JH		 8235bool mgmt_powering_down(struct hci_dev *hdev)
8236{
3b0602cd 8237 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 8238 struct mgmt_mode *cp;
8239
333ae95d 8240 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 8241 if (!cmd)
8242 return false;
8243
8244 cp = cmd->param;
8245 if (!cp->val)
8246 return true;
8247
8248 return false;
8249}
8250
9b80ec5e 8251void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 8252 u8 link_type, u8 addr_type, u8 reason,
8253 bool mgmt_connected)
f7520543 8254{
f0d6a0ea 8255 struct mgmt_ev_device_disconnected ev;
8962ee74 8256 struct sock *sk = NULL;
8962ee74 8257
84c61d92
JH		 8258 /* The connection is still in hci_conn_hash so test for 1
8259 * instead of 0 to know if this is the last one.
8260 */
8261 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8262 cancel_delayed_work(&hdev->power_off);
8263 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 8264 }
8265
12d4a3b2
JH		 8266 if (!mgmt_connected)
8267 return;
8268
57eb776f
AG		 8269 if (link_type != ACL_LINK && link_type != LE_LINK)
8270 return;
8271
744cf19e 8272 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 8273
f0d6a0ea
MA		 8274 bacpy(&ev.addr.bdaddr, bdaddr);
8275 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8276 ev.reason = reason;
f7520543 8277
f0cfc486
APS		 8278 /* Report disconnects due to suspend */
8279 if (hdev->suspended)
8280 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
8281
9b80ec5e 8282 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 8283
8284 if (sk)
d97dcb66 8285 sock_put(sk);
8962ee74 8286
124f6e35 8287 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 8288 hdev);
8962ee74
JH		 8289}
8290
7892924c
MH		 8291void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
8292 u8 link_type, u8 addr_type, u8 status)
8962ee74 8293{
3655bba8
AG		 8294 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
8295 struct mgmt_cp_disconnect *cp;
3b0602cd 8296 struct mgmt_pending_cmd *cmd;
8962ee74 8297
36a75f1b
JD		 8298 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
8299 hdev);
8300
333ae95d 8301 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 8302 if (!cmd)
7892924c 8303 return;
8962ee74 8304
3655bba8
AG		 8305 cp = cmd->param;
8306
8307 if (bacmp(bdaddr, &cp->addr.bdaddr))
8308 return;
8309
8310 if (cp->addr.type != bdaddr_type)
8311 return;
8312
f5818c22 8313 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 8314 mgmt_pending_remove(cmd);
f7520543 8315}
17d5c04c 8316
445608d0
MH		 8317void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8318 u8 addr_type, u8 status)
17d5c04c
JH		 8319{
8320 struct mgmt_ev_connect_failed ev;
c9910d0f 8321
84c61d92
JH		 8322 /* The connection is still in hci_conn_hash so test for 1
8323 * instead of 0 to know if this is the last one.
8324 */
8325 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
8326 cancel_delayed_work(&hdev->power_off);
8327 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 8328 }
17d5c04c 8329
4c659c39 8330 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 8331 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 8332 ev.status = mgmt_status(status);
17d5c04c 8333
445608d0 8334 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 8335}
980e1a53 8336
ce0e4a0d 8337void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 8338{
8339 struct mgmt_ev_pin_code_request ev;
8340
d8457698 8341 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 8342 ev.addr.type = BDADDR_BREDR;
a770bb5a 8343 ev.secure = secure;
980e1a53 8344
ce0e4a0d 8345 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 8346}
8347
e669cf80
MH		 8348void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8349 u8 status)
980e1a53 8350{
3b0602cd 8351 struct mgmt_pending_cmd *cmd;
980e1a53 8352
333ae95d 8353 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 8354 if (!cmd)
e669cf80 8355 return;
980e1a53 8356
7776d1d8 8357 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 8358 mgmt_pending_remove(cmd);
980e1a53
JH		 8359}
8360
3eb38528
MH		 8361void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8362 u8 status)
980e1a53 8363{
3b0602cd 8364 struct mgmt_pending_cmd *cmd;
980e1a53 8365
333ae95d 8366 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 8367 if (!cmd)
3eb38528 8368 return;
980e1a53 8369
7776d1d8 8370 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 8371 mgmt_pending_remove(cmd);
980e1a53 8372}
a5c29683 8373
744cf19e 8374int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 8375 u8 link_type, u8 addr_type, u32 value,
04124681 8376 u8 confirm_hint)
a5c29683
JH		 8377{
8378 struct mgmt_ev_user_confirm_request ev;
8379
181d6953 8380 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
a5c29683 8381
272d90df 8382 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 8383 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 8384 ev.confirm_hint = confirm_hint;
39adbffe 8385 ev.value = cpu_to_le32(value);
a5c29683 8386
744cf19e 8387 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 8388 NULL);
a5c29683
JH		 8389}
8390
272d90df 8391int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 8392 u8 link_type, u8 addr_type)
604086b7
BG		 8393{
8394 struct mgmt_ev_user_passkey_request ev;
8395
181d6953 8396 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
604086b7 8397
272d90df 8398 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 8399 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 8400
8401 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 8402 NULL);
604086b7
BG		 8403}
8404
0df4c185 8405static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 8406 u8 link_type, u8 addr_type, u8 status,
8407 u8 opcode)
a5c29683 8408{
3b0602cd 8409 struct mgmt_pending_cmd *cmd;
a5c29683 8410
333ae95d 8411 cmd = pending_find(opcode, hdev);
a5c29683
JH		 8412 if (!cmd)
8413 return -ENOENT;
8414
7776d1d8 8415 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 8416 mgmt_pending_remove(cmd);
a5c29683 8417
7776d1d8 8418 return 0;
a5c29683
JH		 8419}
8420
744cf19e 8421int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 8422 u8 link_type, u8 addr_type, u8 status)
a5c29683 8423{
272d90df 8424 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 8425 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 8426}
8427
272d90df 8428int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 8429 u8 link_type, u8 addr_type, u8 status)
a5c29683 8430{
272d90df 8431 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 8432 status,
8433 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 8434}
2a611692 8435
604086b7 8436int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 8437 u8 link_type, u8 addr_type, u8 status)
604086b7 8438{
272d90df 8439 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 8440 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 8441}
8442
272d90df 8443int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 8444 u8 link_type, u8 addr_type, u8 status)
604086b7 8445{
272d90df 8446 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 8447 status,
8448 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 8449}
8450
92a25256
JH		 8451int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
8452 u8 link_type, u8 addr_type, u32 passkey,
8453 u8 entered)
8454{
8455 struct mgmt_ev_passkey_notify ev;
8456
181d6953 8457 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
92a25256
JH		 8458
8459 bacpy(&ev.addr.bdaddr, bdaddr);
8460 ev.addr.type = link_to_bdaddr(link_type, addr_type);
8461 ev.passkey = __cpu_to_le32(passkey);
8462 ev.entered = entered;
8463
8464 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
8465}
8466
e1e930f5 8467void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 8468{
8469 struct mgmt_ev_auth_failed ev;
3b0602cd 8470 struct mgmt_pending_cmd *cmd;
e1e930f5 8471 u8 status = mgmt_status(hci_status);
2a611692 8472
e1e930f5
JH		 8473 bacpy(&ev.addr.bdaddr, &conn->dst);
8474 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
8475 ev.status = status;
2a611692 8476
e1e930f5
JH		 8477 cmd = find_pairing(conn);
8478
8479 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
8480 cmd ? cmd->sk : NULL);
8481
a511b35b
JH		 8482 if (cmd) {
8483 cmd->cmd_complete(cmd, status);
8484 mgmt_pending_remove(cmd);
8485 }
2a611692 8486}
b312b161 8487
464996ae 8488void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 8489{
8490 struct cmd_lookup match = { NULL, hdev };
464996ae 8491 bool changed;
33ef95ed
JH		 8492
8493 if (status) {
8494 u8 mgmt_err = mgmt_status(status);
8495 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 8496 cmd_status_rsp, &mgmt_err);
464996ae 8497 return;
33ef95ed
JH		 8498 }
8499
464996ae 8500 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 8501 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 8502 else
a69d8927 8503 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 8504
33ef95ed 8505 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 8506 &match);
33ef95ed 8507
47990ea0 8508 if (changed)
464996ae 8509 new_settings(hdev, match.sk);
33ef95ed
JH		 8510
8511 if (match.sk)
8512 sock_put(match.sk);
33ef95ed
JH		 8513}
8514
890ea898 8515static void clear_eir(struct hci_request *req)
cacaf52f 8516{
890ea898 8517 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 8518 struct hci_cp_write_eir cp;
8519
976eb20e 8520 if (!lmp_ext_inq_capable(hdev))
890ea898 8521 return;
cacaf52f 8522
c80da27e
JH		 8523 memset(hdev->eir, 0, sizeof(hdev->eir));
8524
cacaf52f
JH		 8525 memset(&cp, 0, sizeof(cp));
8526
890ea898 8527 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 8528}
8529
3e248560 8530void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 8531{
8532 struct cmd_lookup match = { NULL, hdev };
890ea898 8533 struct hci_request req;
c0ecddc2 8534 bool changed = false;
ed2c4ee3
JH		 8535
8536 if (status) {
8537 u8 mgmt_err = mgmt_status(status);
c0ecddc2 8538
a69d8927
MH		 8539 if (enable && hci_dev_test_and_clear_flag(hdev,
8540 HCI_SSP_ENABLED)) {
a358dc11 8541 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 8542 new_settings(hdev, NULL);
9ecb3e24 8543 }
c0ecddc2 8544
04124681
GP		 8545 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8546 &mgmt_err);
3e248560 8547 return;
c0ecddc2
JH		 8548 }
8549
8550 if (enable) {
238be788 8551 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 8552 } else {
a69d8927 8553 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 8554 if (!changed)
a69d8927
MH		 8555 changed = hci_dev_test_and_clear_flag(hdev,
8556 HCI_HS_ENABLED);
9ecb3e24 8557 else
a358dc11 8558 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 8559 }
8560
8561 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8562
c0ecddc2 8563 if (changed)
3e248560 8564 new_settings(hdev, match.sk);
ed2c4ee3 8565
5fc6ebb1 8566 if (match.sk)
ed2c4ee3
JH		 8567 sock_put(match.sk);
8568
890ea898
JH		 8569 hci_req_init(&req, hdev);
8570
d7a5a11d
MH		 8571 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8572 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 8573 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8574 sizeof(enable), &enable);
b1a8917c 8575 __hci_req_update_eir(&req);
3769972b 8576 } else {
890ea898 8577 clear_eir(&req);
3769972b 8578 }
890ea898
JH		 8579
8580 hci_req_run(&req, NULL);
ed2c4ee3
JH		 8581}
8582
3b0602cd 8583static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 8584{
8585 struct cmd_lookup *match = data;
8586
90e70454
JH		 8587 if (match->sk == NULL) {
8588 match->sk = cmd->sk;
8589 sock_hold(match->sk);
8590 }
90e70454
JH		 8591}
8592
4e1b0245
MH		 8593void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8594 u8 status)
7f9a903c 8595{
90e70454 8596 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 8597
92da6097
JH		 8598 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8599 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8600 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 8601
321c6fee 8602 if (!status) {
5504c3a3
MH		 8603 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
8604 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 8605 ext_info_changed(hdev, NULL);
8606 }
90e70454
JH		 8607
8608 if (match.sk)
8609 sock_put(match.sk);
7f9a903c
MH		 8610}
8611
7667da34 8612void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 8613{
b312b161 8614 struct mgmt_cp_set_local_name ev;
3b0602cd 8615 struct mgmt_pending_cmd *cmd;
28cc7bde 8616
13928971 8617 if (status)
7667da34 8618 return;
b312b161
JH		 8619
8620 memset(&ev, 0, sizeof(ev));
8621 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 8622 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 8623
333ae95d 8624 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 8625 if (!cmd) {
8626 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 8627
13928971
JH		 8628 /* If this is a HCI command related to powering on the
8629 * HCI dev don't send any mgmt signals.
8630 */
333ae95d 8631 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 8632 return;
890ea898 8633 }
b312b161 8634
5504c3a3
MH		 8635 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8636 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 8637 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 8638}
c35938b2 8639
799ce93d
JP		 8640static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8641{
8642 int i;
8643
8644 for (i = 0; i < uuid_count; i++) {
8645 if (!memcmp(uuid, uuids[i], 16))
8646 return true;
8647 }
8648
8649 return false;
8650}
8651
b487b9ce
MH		 8652static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8653{
799ce93d
JP		 8654 u16 parsed = 0;
8655
8656 while (parsed < eir_len) {
8657 u8 field_len = eir[0];
8658 u8 uuid[16];
8659 int i;
8660
8661 if (field_len == 0)
8662 break;
8663
8664 if (eir_len - parsed < field_len + 1)
8665 break;
8666
8667 switch (eir[1]) {
8668 case EIR_UUID16_ALL:
8669 case EIR_UUID16_SOME:
8670 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 8671 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8672 uuid[13] = eir[i + 3];
8673 uuid[12] = eir[i + 2];
8674 if (has_uuid(uuid, uuid_count, uuids))
8675 return true;
8676 }
8677 break;
8678 case EIR_UUID32_ALL:
8679 case EIR_UUID32_SOME:
8680 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 8681 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8682 uuid[15] = eir[i + 5];
8683 uuid[14] = eir[i + 4];
8684 uuid[13] = eir[i + 3];
8685 uuid[12] = eir[i + 2];
8686 if (has_uuid(uuid, uuid_count, uuids))
8687 return true;
8688 }
8689 break;
8690 case EIR_UUID128_ALL:
8691 case EIR_UUID128_SOME:
8692 for (i = 0; i + 17 <= field_len; i += 16) {
8693 memcpy(uuid, eir + i + 2, 16);
8694 if (has_uuid(uuid, uuid_count, uuids))
8695 return true;
8696 }
8697 break;
8698 }
8699
8700 parsed += field_len + 1;
8701 eir += field_len + 1;
8702 }
8703
b487b9ce
MH		 8704 return false;
8705}
8706
4b0e0ced
JP		 8707static void restart_le_scan(struct hci_dev *hdev)
8708{
8709 /* If controller is not scanning we are done. */
d7a5a11d 8710 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 8711 return;
8712
8713 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8714 hdev->discovery.scan_start +
8715 hdev->discovery.scan_duration))
8716 return;
8717
7c1fbed2 8718 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 8719 DISCOV_LE_RESTART_DELAY);
8720}
8721
48f86b7f
JP		 8722static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8723 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 8724{
48f86b7f
JP		 8725 /* If a RSSI threshold has been specified, and
8726 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8727 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8728 * is set, let it through for further processing, as we might need to
8729 * restart the scan.
efb2513f
MH		 8730 *
8731 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8732 * the results are also dropped.
bda157a4
MH		 8733 */
8734 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 8735 (rssi == HCI_RSSI_INVALID ||
8736 (rssi < hdev->discovery.rssi &&
8737 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 8738 return false;
efb2513f 8739
2976cdeb
JP		 8740 if (hdev->discovery.uuid_count != 0) {
8741 /* If a list of UUIDs is provided in filter, results with no
8742 * matching UUID should be dropped.
b487b9ce 8743 */
2976cdeb
JP		 8744 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8745 hdev->discovery.uuids) &&
8746 !eir_has_uuids(scan_rsp, scan_rsp_len,
8747 hdev->discovery.uuid_count,
8748 hdev->discovery.uuids))
8749 return false;
b487b9ce 8750 }
5d2e9fad 8751
2976cdeb
JP		 8752 /* If duplicate filtering does not report RSSI changes, then restart
8753 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 8754 */
2976cdeb
JP		 8755 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8756 restart_le_scan(hdev);
8757
8758 /* Validate RSSI value against the RSSI threshold once more. */
8759 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8760 rssi < hdev->discovery.rssi)
8761 return false;
8762 }
48f86b7f
JP		 8763
8764 return true;
8765}
8766
8767void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8768 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8769 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8770{
8771 char buf[512];
8772 struct mgmt_ev_device_found *ev = (void *)buf;
8773 size_t ev_size;
8774
8775 /* Don't send events for a non-kernel initiated discovery. With
8776 * LE one exception is if we have pend_le_reports > 0 in which
8777 * case we're doing passive scanning and want these events.
8778 */
8779 if (!hci_discovery_active(hdev)) {
8780 if (link_type == ACL_LINK)
8781 return;
8208f5a9
MC		 8782 if (link_type == LE_LINK &&
8783 list_empty(&hdev->pend_le_reports) &&
8784 !hci_is_adv_monitoring(hdev)) {
48f86b7f 8785 return;
8208f5a9 8786 }
48f86b7f
JP		 8787 }
8788
82f8b651 8789 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 8790 /* We are using service discovery */
8791 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8792 scan_rsp_len))
8793 return;
8794 }
8795
78b781ca
JH		 8796 if (hdev->discovery.limited) {
8797 /* Check for limited discoverable bit */
8798 if (dev_class) {
8799 if (!(dev_class[1] & 0x20))
8800 return;
8801 } else {
8802 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
8803 if (!flags || !(flags[0] & LE_AD_LIMITED))
8804 return;
8805 }
8806 }
8807
48f86b7f
JP		 8808 /* Make sure that the buffer is big enough. The 5 extra bytes
8809 * are for the potential CoD field.
8810 */
8811 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 8812 return;
8813
48f86b7f
JP		 8814 memset(buf, 0, sizeof(buf));
8815
8816 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8817 * RSSI value was reported as 0 when not available. This behavior
8818 * is kept when using device discovery. This is required for full
8819 * backwards compatibility with the API.
8820 *
8821 * However when using service discovery, the value 127 will be
8822 * returned when the RSSI is not available.
8823 */
8824 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8825 link_type == ACL_LINK)
8826 rssi = 0;
8827
8828 bacpy(&ev->addr.bdaddr, bdaddr);
8829 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8830 ev->rssi = rssi;
8831 ev->flags = cpu_to_le32(flags);
8832
8833 if (eir_len > 0)
8834 /* Copy EIR or advertising data into event */
8835 memcpy(ev->eir, eir, eir_len);
8836
0d3b7f64
JH		 8837 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8838 NULL))
48f86b7f
JP		 8839 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8840 dev_class, 3);
8841
8842 if (scan_rsp_len > 0)
8843 /* Append scan response data to event */
8844 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8845
5d2e9fad
JH		 8846 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8847 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 8848
901801b9 8849 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 8850}
a88a9652 8851
9cf12aee
MH		 8852void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8853 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 8854{
b644ba33
JH		 8855 struct mgmt_ev_device_found *ev;
8856 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8857 u16 eir_len;
a88a9652 8858
b644ba33 8859 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 8860
b644ba33
JH		 8861 memset(buf, 0, sizeof(buf));
8862
8863 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 8864 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 8865 ev->rssi = rssi;
8866
8867 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 8868 name_len);
b644ba33 8869
eb55ef07 8870 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 8871
9cf12aee 8872 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 8873}
314b2381 8874
2f1e063b 8875void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 8876{
f963e8e9 8877 struct mgmt_ev_discovering ev;
164a6e78 8878
181d6953 8879 bt_dev_dbg(hdev, "discovering %u", discovering);
343fb145 8880
f963e8e9
JH		 8881 memset(&ev, 0, sizeof(ev));
8882 ev.type = hdev->discovery.type;
8883 ev.discovering = discovering;
8884
2f1e063b 8885 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 8886}
5e762444 8887
346ce5b7
APS		 8888void mgmt_suspending(struct hci_dev *hdev, u8 state)
8889{
8890 struct mgmt_ev_controller_suspend ev;
8891
8892 ev.suspend_state = state;
8893 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
8894}
8895
8896void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
8897 u8 addr_type)
8898{
8899 struct mgmt_ev_controller_resume ev;
8900
8901 ev.wake_reason = reason;
8902 if (bdaddr) {
8903 bacpy(&ev.addr.bdaddr, bdaddr);
8904 ev.addr.type = addr_type;
8905 } else {
8906 memset(&ev.addr, 0, sizeof(ev.addr));
8907 }
8908
8909 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
8910}
8911
6d785aa3
JH		 8912static struct hci_mgmt_chan chan = {
8913 .channel = HCI_CHANNEL_CONTROL,
8914 .handler_count = ARRAY_SIZE(mgmt_handlers),
8915 .handlers = mgmt_handlers,
88b94ce9 8916 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 8917};
8918
8919int mgmt_init(void)
8920{
8921 return hci_mgmt_chan_register(&chan);
8922}
8923
8924void mgmt_exit(void)
8925{
8926 hci_mgmt_chan_unregister(&chan);
8927}
Ubuntu Jammy Linux kernel mirror