]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Perform Class of Device changes through hdev->req_workqueue
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
dc4270c0 41#define MGMT_REVISION 11
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
e70bb2e8
JH		 106};
107
108static const u16 mgmt_events[] = {
109 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_ADDED,
111 MGMT_EV_INDEX_REMOVED,
112 MGMT_EV_NEW_SETTINGS,
113 MGMT_EV_CLASS_OF_DEV_CHANGED,
114 MGMT_EV_LOCAL_NAME_CHANGED,
115 MGMT_EV_NEW_LINK_KEY,
116 MGMT_EV_NEW_LONG_TERM_KEY,
117 MGMT_EV_DEVICE_CONNECTED,
118 MGMT_EV_DEVICE_DISCONNECTED,
119 MGMT_EV_CONNECT_FAILED,
120 MGMT_EV_PIN_CODE_REQUEST,
121 MGMT_EV_USER_CONFIRM_REQUEST,
122 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_AUTH_FAILED,
124 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DISCOVERING,
126 MGMT_EV_DEVICE_BLOCKED,
127 MGMT_EV_DEVICE_UNBLOCKED,
128 MGMT_EV_DEVICE_UNPAIRED,
92a25256 129 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 130 MGMT_EV_NEW_IRK,
7ee4ea36 131 MGMT_EV_NEW_CSRK,
8afef092
MH		 132 MGMT_EV_DEVICE_ADDED,
133 MGMT_EV_DEVICE_REMOVED,
ffb5a827 134 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 135 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 136 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 137 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 138 MGMT_EV_EXT_INDEX_ADDED,
139 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 140 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 141 MGMT_EV_ADVERTISING_ADDED,
142 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 143};
144
99c679ac
MH		 145static const u16 mgmt_untrusted_commands[] = {
146 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_INFO,
148 MGMT_OP_READ_UNCONF_INDEX_LIST,
149 MGMT_OP_READ_CONFIG_INFO,
150 MGMT_OP_READ_EXT_INDEX_LIST,
151};
152
153static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_ADDED,
155 MGMT_EV_INDEX_REMOVED,
156 MGMT_EV_NEW_SETTINGS,
157 MGMT_EV_CLASS_OF_DEV_CHANGED,
158 MGMT_EV_LOCAL_NAME_CHANGED,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164};
165
17b02e62 166#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 167
d25b78e2
JH		 168#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
169 "\x00\x00\x00\x00\x00\x00\x00\x00"
170
ca69b795
JH		 171/* HCI to MGMT error code conversion table */
172static u8 mgmt_status_table[] = {
173 MGMT_STATUS_SUCCESS,
174 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
175 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
176 MGMT_STATUS_FAILED, /* Hardware Failure */
177 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 179 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 180 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
181 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
183 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
184 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
185 MGMT_STATUS_BUSY, /* Command Disallowed */
186 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
187 MGMT_STATUS_REJECTED, /* Rejected Security */
188 MGMT_STATUS_REJECTED, /* Rejected Personal */
189 MGMT_STATUS_TIMEOUT, /* Host Timeout */
190 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
191 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
192 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
193 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
194 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
195 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
196 MGMT_STATUS_BUSY, /* Repeated Attempts */
197 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
198 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
199 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
200 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
201 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
202 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
203 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
204 MGMT_STATUS_FAILED, /* Unspecified Error */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
206 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
207 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
208 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
209 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
210 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
211 MGMT_STATUS_FAILED, /* Unit Link Key Used */
212 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
213 MGMT_STATUS_TIMEOUT, /* Instant Passed */
214 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
215 MGMT_STATUS_FAILED, /* Transaction Collision */
216 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
217 MGMT_STATUS_REJECTED, /* QoS Rejected */
218 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
219 MGMT_STATUS_REJECTED, /* Insufficient Security */
220 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
221 MGMT_STATUS_BUSY, /* Role Switch Pending */
222 MGMT_STATUS_FAILED, /* Slot Violation */
223 MGMT_STATUS_FAILED, /* Role Switch Failed */
224 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
225 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
226 MGMT_STATUS_BUSY, /* Host Busy Pairing */
227 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
228 MGMT_STATUS_BUSY, /* Controller Busy */
229 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
230 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
231 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
232 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
233 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
234};
235
236static u8 mgmt_status(u8 hci_status)
237{
238 if (hci_status < ARRAY_SIZE(mgmt_status_table))
239 return mgmt_status_table[hci_status];
240
241 return MGMT_STATUS_FAILED;
242}
243
c08b1a1d
MH		 244static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
245 u16 len, int flag)
f9207338 246{
c08b1a1d
MH		 247 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
248 flag, NULL);
f9207338
MH		 249}
250
72000df2
MH		 251static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
252 u16 len, int flag, struct sock *skip_sk)
253{
254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
255 flag, skip_sk);
256}
257
f6b7712e
MH		 258static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, struct sock *skip_sk)
260{
261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 HCI_MGMT_GENERIC_EVENTS, skip_sk);
263}
264
7a00ff44
JH		 265static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
266 struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 269 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 270}
271
85813a7e
JH		 272static u8 le_addr_type(u8 mgmt_addr_type)
273{
274 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
275 return ADDR_LE_DEV_PUBLIC;
276 else
277 return ADDR_LE_DEV_RANDOM;
278}
279
04124681
GP		 280static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
281 u16 data_len)
a38528f1
JH		 282{
283 struct mgmt_rp_read_version rp;
284
285 BT_DBG("sock %p", sk);
286
287 rp.version = MGMT_VERSION;
dcf4adbf 288 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 289
2a1afb5a
JH		 290 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
291 &rp, sizeof(rp));
a38528f1
JH		 292}
293
04124681
GP		 294static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
295 u16 data_len)
e70bb2e8
JH		 296{
297 struct mgmt_rp_read_commands *rp;
99c679ac 298 u16 num_commands, num_events;
e70bb2e8
JH		 299 size_t rp_size;
300 int i, err;
301
302 BT_DBG("sock %p", sk);
303
99c679ac
MH		 304 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
305 num_commands = ARRAY_SIZE(mgmt_commands);
306 num_events = ARRAY_SIZE(mgmt_events);
307 } else {
308 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
309 num_events = ARRAY_SIZE(mgmt_untrusted_events);
310 }
311
e70bb2e8
JH		 312 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313
314 rp = kmalloc(rp_size, GFP_KERNEL);
315 if (!rp)
316 return -ENOMEM;
317
dcf4adbf
JP		 318 rp->num_commands = cpu_to_le16(num_commands);
319 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 320
99c679ac
MH		 321 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
322 __le16 *opcode = rp->opcodes;
323
324 for (i = 0; i < num_commands; i++, opcode++)
325 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 326
99c679ac
MH		 327 for (i = 0; i < num_events; i++, opcode++)
328 put_unaligned_le16(mgmt_events[i], opcode);
329 } else {
330 __le16 *opcode = rp->opcodes;
331
332 for (i = 0; i < num_commands; i++, opcode++)
333 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334
335 for (i = 0; i < num_events; i++, opcode++)
336 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
337 }
e70bb2e8 338
2a1afb5a
JH		 339 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
340 rp, rp_size);
e70bb2e8
JH		 341 kfree(rp);
342
343 return err;
344}
345
04124681
GP		 346static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
347 u16 data_len)
faba42eb 348{
faba42eb 349 struct mgmt_rp_read_index_list *rp;
8035ded4 350 struct hci_dev *d;
a38528f1 351 size_t rp_len;
faba42eb 352 u16 count;
476e44cb 353 int err;
faba42eb
JH		 354
355 BT_DBG("sock %p", sk);
356
357 read_lock(&hci_dev_list_lock);
358
359 count = 0;
bb4b2a9a 360 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 361 if (d->dev_type == HCI_BREDR &&
d7a5a11d 362 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 363 count++;
faba42eb
JH		 364 }
365
a38528f1
JH		 366 rp_len = sizeof(*rp) + (2 * count);
367 rp = kmalloc(rp_len, GFP_ATOMIC);
368 if (!rp) {
b2c60d42 369 read_unlock(&hci_dev_list_lock);
faba42eb 370 return -ENOMEM;
b2c60d42 371 }
faba42eb 372
476e44cb 373 count = 0;
8035ded4 374 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 375 if (hci_dev_test_flag(d, HCI_SETUP) ||
376 hci_dev_test_flag(d, HCI_CONFIG) ||
377 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 378 continue;
379
73d1df2a
MH		 380 /* Devices marked as raw-only are neither configured
381 * nor unconfigured controllers.
382 */
383 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 384 continue;
385
73d1df2a 386 if (d->dev_type == HCI_BREDR &&
d7a5a11d 387 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 388 rp->index[count++] = cpu_to_le16(d->id);
389 BT_DBG("Added hci%u", d->id);
390 }
faba42eb
JH		 391 }
392
476e44cb
JH		 393 rp->num_controllers = cpu_to_le16(count);
394 rp_len = sizeof(*rp) + (2 * count);
395
faba42eb
JH		 396 read_unlock(&hci_dev_list_lock);
397
2a1afb5a
JH		 398 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
399 0, rp, rp_len);
faba42eb 400
a38528f1
JH		 401 kfree(rp);
402
403 return err;
faba42eb
JH		 404}
405
73d1df2a
MH		 406static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
407 void *data, u16 data_len)
408{
409 struct mgmt_rp_read_unconf_index_list *rp;
410 struct hci_dev *d;
411 size_t rp_len;
412 u16 count;
413 int err;
414
415 BT_DBG("sock %p", sk);
416
417 read_lock(&hci_dev_list_lock);
418
419 count = 0;
420 list_for_each_entry(d, &hci_dev_list, list) {
421 if (d->dev_type == HCI_BREDR &&
d7a5a11d 422 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 423 count++;
424 }
425
426 rp_len = sizeof(*rp) + (2 * count);
427 rp = kmalloc(rp_len, GFP_ATOMIC);
428 if (!rp) {
429 read_unlock(&hci_dev_list_lock);
430 return -ENOMEM;
431 }
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 435 if (hci_dev_test_flag(d, HCI_SETUP) ||
436 hci_dev_test_flag(d, HCI_CONFIG) ||
437 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 438 continue;
439
440 /* Devices marked as raw-only are neither configured
441 * nor unconfigured controllers.
442 */
443 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
444 continue;
445
446 if (d->dev_type == HCI_BREDR &&
d7a5a11d 447 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 448 rp->index[count++] = cpu_to_le16(d->id);
449 BT_DBG("Added hci%u", d->id);
450 }
451 }
452
453 rp->num_controllers = cpu_to_le16(count);
454 rp_len = sizeof(*rp) + (2 * count);
455
456 read_unlock(&hci_dev_list_lock);
457
2a1afb5a
JH		 458 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
459 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 460
461 kfree(rp);
462
463 return err;
464}
465
96f1474a
MH		 466static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
467 void *data, u16 data_len)
468{
469 struct mgmt_rp_read_ext_index_list *rp;
470 struct hci_dev *d;
471 size_t rp_len;
472 u16 count;
473 int err;
474
475 BT_DBG("sock %p", sk);
476
477 read_lock(&hci_dev_list_lock);
478
479 count = 0;
480 list_for_each_entry(d, &hci_dev_list, list) {
481 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
482 count++;
483 }
484
485 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
486 rp = kmalloc(rp_len, GFP_ATOMIC);
487 if (!rp) {
488 read_unlock(&hci_dev_list_lock);
489 return -ENOMEM;
490 }
491
492 count = 0;
493 list_for_each_entry(d, &hci_dev_list, list) {
494 if (hci_dev_test_flag(d, HCI_SETUP) ||
495 hci_dev_test_flag(d, HCI_CONFIG) ||
496 hci_dev_test_flag(d, HCI_USER_CHANNEL))
497 continue;
498
499 /* Devices marked as raw-only are neither configured
500 * nor unconfigured controllers.
501 */
502 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
503 continue;
504
505 if (d->dev_type == HCI_BREDR) {
506 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
507 rp->entry[count].type = 0x01;
508 else
509 rp->entry[count].type = 0x00;
510 } else if (d->dev_type == HCI_AMP) {
511 rp->entry[count].type = 0x02;
512 } else {
513 continue;
514 }
515
516 rp->entry[count].bus = d->bus;
517 rp->entry[count++].index = cpu_to_le16(d->id);
518 BT_DBG("Added hci%u", d->id);
519 }
520
521 rp->num_controllers = cpu_to_le16(count);
522 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523
524 read_unlock(&hci_dev_list_lock);
525
526 /* If this command is called at least once, then all the
527 * default index and unconfigured index events are disabled
528 * and from now on only extended index events are used.
529 */
530 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
532 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533
534 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
535 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
536
537 kfree(rp);
538
539 return err;
540}
541
dbece37a
MH		 542static bool is_configured(struct hci_dev *hdev)
543{
544 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 545 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 546 return false;
547
548 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
549 !bacmp(&hdev->public_addr, BDADDR_ANY))
550 return false;
551
552 return true;
553}
554
89bc22d2
MH		 555static __le32 get_missing_options(struct hci_dev *hdev)
556{
557 u32 options = 0;
558
dbece37a 559 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 560 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 561 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562
89bc22d2
MH		 563 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
564 !bacmp(&hdev->public_addr, BDADDR_ANY))
565 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566
567 return cpu_to_le32(options);
568}
569
f4537c04
MH		 570static int new_options(struct hci_dev *hdev, struct sock *skip)
571{
572 __le32 options = get_missing_options(hdev);
573
f6b7712e
MH		 574 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
575 sizeof(options), skip);
f4537c04
MH		 576}
577
dbece37a
MH		 578static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579{
580 __le32 options = get_missing_options(hdev);
581
2a1afb5a
JH		 582 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
583 sizeof(options));
dbece37a
MH		 584}
585
9fc3bfb6
MH		 586static int read_config_info(struct sock *sk, struct hci_dev *hdev,
587 void *data, u16 data_len)
588{
589 struct mgmt_rp_read_config_info rp;
89bc22d2 590 u32 options = 0;
9fc3bfb6
MH		 591
592 BT_DBG("sock %p %s", sk, hdev->name);
593
594 hci_dev_lock(hdev);
595
596 memset(&rp, 0, sizeof(rp));
597 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
600 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601
9fc3bfb6 602 if (hdev->set_bdaddr)
89bc22d2
MH		 603 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604
605 rp.supported_options = cpu_to_le32(options);
606 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 607
608 hci_dev_unlock(hdev);
609
2a1afb5a
JH		 610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
611 &rp, sizeof(rp));
9fc3bfb6
MH		 612}
613
69ab39ea
JH		 614static u32 get_supported_settings(struct hci_dev *hdev)
615{
616 u32 settings = 0;
617
618 settings |= MGMT_SETTING_POWERED;
b2939475 619 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 620 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 621 settings |= MGMT_SETTING_CONNECTABLE;
622 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 623
ed3fa31f 624 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 625 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
626 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 627 settings |= MGMT_SETTING_BREDR;
628 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 629
630 if (lmp_ssp_capable(hdev)) {
631 settings |= MGMT_SETTING_SSP;
632 settings |= MGMT_SETTING_HS;
633 }
e98d2ce2 634
05b3c3e7 635 if (lmp_sc_capable(hdev))
e98d2ce2 636 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 637 }
d7b7e796 638
eeca6f89 639 if (lmp_le_capable(hdev)) {
9d42820f 640 settings |= MGMT_SETTING_LE;
eeca6f89 641 settings |= MGMT_SETTING_ADVERTISING;
a3209694 642 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 643 settings |= MGMT_SETTING_PRIVACY;
93690c22 644 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 645 }
69ab39ea 646
eb1904f4
MH		 647 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 hdev->set_bdaddr)
9fc3bfb6
MH		 649 settings |= MGMT_SETTING_CONFIGURATION;
650
69ab39ea
JH		 651 return settings;
652}
653
654static u32 get_current_settings(struct hci_dev *hdev)
655{
656 u32 settings = 0;
657
f1f0eb02 658 if (hdev_is_powered(hdev))
f0d4b78a
MH		 659 settings |= MGMT_SETTING_POWERED;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 662 settings |= MGMT_SETTING_CONNECTABLE;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 665 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 668 settings |= MGMT_SETTING_DISCOVERABLE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 671 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_BREDR;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 677 settings |= MGMT_SETTING_LE;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 680 settings |= MGMT_SETTING_LINK_SECURITY;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 683 settings |= MGMT_SETTING_SSP;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 686 settings |= MGMT_SETTING_HS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 689 settings |= MGMT_SETTING_ADVERTISING;
690
d7a5a11d 691 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 692 settings |= MGMT_SETTING_SECURE_CONN;
693
d7a5a11d 694 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 695 settings |= MGMT_SETTING_DEBUG_KEYS;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 698 settings |= MGMT_SETTING_PRIVACY;
699
93690c22
MH		 700 /* The current setting for static address has two purposes. The
701 * first is to indicate if the static address will be used and
702 * the second is to indicate if it is actually set.
703 *
704 * This means if the static address is not configured, this flag
08dc0e98 705 * will never be set. If the address is configured, then if the
93690c22
MH		 706 * address is actually used decides if the flag is set or not.
707 *
708 * For single mode LE only controllers and dual-mode controllers
709 * with BR/EDR disabled, the existence of the static address will
710 * be evaluated.
711 */
b7cb93e5 712 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 713 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 714 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
715 if (bacmp(&hdev->static_addr, BDADDR_ANY))
716 settings |= MGMT_SETTING_STATIC_ADDRESS;
717 }
718
69ab39ea
JH		 719 return settings;
720}
721
ef580372
JH		 722#define PNP_INFO_SVCLASS_ID 0x1200
723
213202ed
JH		 724static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
725{
726 u8 *ptr = data, *uuids_start = NULL;
727 struct bt_uuid *uuid;
728
729 if (len < 4)
730 return ptr;
731
732 list_for_each_entry(uuid, &hdev->uuids, list) {
733 u16 uuid16;
734
735 if (uuid->size != 16)
736 continue;
737
738 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
739 if (uuid16 < 0x1100)
740 continue;
741
742 if (uuid16 == PNP_INFO_SVCLASS_ID)
743 continue;
744
745 if (!uuids_start) {
746 uuids_start = ptr;
747 uuids_start[0] = 1;
748 uuids_start[1] = EIR_UUID16_ALL;
749 ptr += 2;
750 }
751
752 /* Stop if not enough space to put next UUID */
753 if ((ptr - data) + sizeof(u16) > len) {
754 uuids_start[1] = EIR_UUID16_SOME;
755 break;
756 }
757
758 *ptr++ = (uuid16 & 0x00ff);
759 *ptr++ = (uuid16 & 0xff00) >> 8;
760 uuids_start[0] += sizeof(uuid16);
761 }
762
763 return ptr;
764}
765
cdf1963f
JH		 766static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
767{
768 u8 *ptr = data, *uuids_start = NULL;
769 struct bt_uuid *uuid;
770
771 if (len < 6)
772 return ptr;
773
774 list_for_each_entry(uuid, &hdev->uuids, list) {
775 if (uuid->size != 32)
776 continue;
777
778 if (!uuids_start) {
779 uuids_start = ptr;
780 uuids_start[0] = 1;
781 uuids_start[1] = EIR_UUID32_ALL;
782 ptr += 2;
783 }
784
785 /* Stop if not enough space to put next UUID */
786 if ((ptr - data) + sizeof(u32) > len) {
787 uuids_start[1] = EIR_UUID32_SOME;
788 break;
789 }
790
791 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
792 ptr += sizeof(u32);
793 uuids_start[0] += sizeof(u32);
794 }
795
796 return ptr;
797}
798
c00d575b
JH		 799static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
800{
801 u8 *ptr = data, *uuids_start = NULL;
802 struct bt_uuid *uuid;
803
804 if (len < 18)
805 return ptr;
806
807 list_for_each_entry(uuid, &hdev->uuids, list) {
808 if (uuid->size != 128)
809 continue;
810
811 if (!uuids_start) {
812 uuids_start = ptr;
813 uuids_start[0] = 1;
814 uuids_start[1] = EIR_UUID128_ALL;
815 ptr += 2;
816 }
817
818 /* Stop if not enough space to put next UUID */
819 if ((ptr - data) + 16 > len) {
820 uuids_start[1] = EIR_UUID128_SOME;
821 break;
822 }
823
824 memcpy(ptr, uuid->uuid, 16);
825 ptr += 16;
826 uuids_start[0] += 16;
827 }
828
829 return ptr;
830}
831
333ae95d
JH		 832static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
833{
834 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
835}
836
333ae95d
JH		 837static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
838 struct hci_dev *hdev,
839 const void *data)
840{
841 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
842}
843
f2252570 844u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 845{
3b0602cd 846 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 847
848 /* If there's a pending mgmt command the flags will not yet have
849 * their final values, so check for this first.
850 */
333ae95d 851 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 852 if (cmd) {
853 struct mgmt_mode *cp = cmd->param;
854 if (cp->val == 0x01)
855 return LE_AD_GENERAL;
856 else if (cp->val == 0x02)
857 return LE_AD_LIMITED;
858 } else {
d7a5a11d 859 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 860 return LE_AD_LIMITED;
d7a5a11d 861 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 862 return LE_AD_GENERAL;
863 }
864
865 return 0;
866}
867
f2252570 868bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 869{
870 struct mgmt_pending_cmd *cmd;
441ad2d0 871
fdf51784
AU		 872 /* If there's a pending mgmt command the flag will not yet have
873 * it's final value, so check for this first.
874 */
875 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
876 if (cmd) {
877 struct mgmt_mode *cp = cmd->param;
441ad2d0 878
fdf51784 879 return cp->val;
441ad2d0
MH		 880 }
881
fdf51784
AU		 882 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
883}
441ad2d0 884
ef580372
JH		 885static void create_eir(struct hci_dev *hdev, u8 *data)
886{
887 u8 *ptr = data;
ef580372
JH		 888 size_t name_len;
889
890 name_len = strlen(hdev->dev_name);
891
892 if (name_len > 0) {
893 /* EIR Data type */
894 if (name_len > 48) {
895 name_len = 48;
896 ptr[1] = EIR_NAME_SHORT;
897 } else
898 ptr[1] = EIR_NAME_COMPLETE;
899
900 /* EIR Data length */
901 ptr[0] = name_len + 1;
902
903 memcpy(ptr + 2, hdev->dev_name, name_len);
904
ef580372
JH		 905 ptr += (name_len + 2);
906 }
907
bbaf444a 908 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 909 ptr[0] = 2;
910 ptr[1] = EIR_TX_POWER;
911 ptr[2] = (u8) hdev->inq_tx_power;
912
91c4e9b1
MH		 913 ptr += 3;
914 }
915
2b9be137
MH		 916 if (hdev->devid_source > 0) {
917 ptr[0] = 9;
918 ptr[1] = EIR_DEVICE_ID;
919
920 put_unaligned_le16(hdev->devid_source, ptr + 2);
921 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
922 put_unaligned_le16(hdev->devid_product, ptr + 6);
923 put_unaligned_le16(hdev->devid_version, ptr + 8);
924
2b9be137
MH		 925 ptr += 10;
926 }
927
213202ed 928 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 929 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 930 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 931}
932
890ea898 933static void update_eir(struct hci_request *req)
ef580372 934{
890ea898 935 struct hci_dev *hdev = req->hdev;
ef580372
JH		 936 struct hci_cp_write_eir cp;
937
504c8dcd 938 if (!hdev_is_powered(hdev))
890ea898 939 return;
7770c4aa 940
976eb20e 941 if (!lmp_ext_inq_capable(hdev))
890ea898 942 return;
ef580372 943
d7a5a11d 944 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 945 return;
ef580372 946
d7a5a11d 947 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 948 return;
ef580372
JH		 949
950 memset(&cp, 0, sizeof(cp));
951
952 create_eir(hdev, cp.data);
953
954 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 955 return;
ef580372
JH		 956
957 memcpy(hdev->eir, cp.data, sizeof(cp.data));
958
890ea898 959 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 960}
961
7d78525d
JH		 962static void service_cache_off(struct work_struct *work)
963{
964 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 965 service_cache.work);
890ea898 966 struct hci_request req;
7d78525d 967
a69d8927 968 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 969 return;
970
890ea898
JH		 971 hci_req_init(&req, hdev);
972
7d78525d
JH		 973 hci_dev_lock(hdev);
974
890ea898 975 update_eir(&req);
14bf5eac 976 __hci_req_update_class(&req);
7d78525d
JH		 977
978 hci_dev_unlock(hdev);
890ea898
JH		 979
980 hci_req_run(&req, NULL);
7d78525d
JH		 981}
982
d6bfd59c
JH		 983static void rpa_expired(struct work_struct *work)
984{
985 struct hci_dev *hdev = container_of(work, struct hci_dev,
986 rpa_expired.work);
987 struct hci_request req;
988
989 BT_DBG("");
990
a1536da2 991 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 992
d7a5a11d 993 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 994 return;
995
996 /* The generation of a new RPA and programming it into the
f2252570
JH		 997 * controller happens in the hci_req_enable_advertising()
998 * function.
d6bfd59c 999 */
d6bfd59c 1000 hci_req_init(&req, hdev);
f2252570 1001 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 1002 hci_req_run(&req, NULL);
1003}
1004
6a919082 1005static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1006{
238be788 1007 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1008 return;
1009
4f87da80 1010 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1011 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1012
4f87da80
JH		 1013 /* Non-mgmt controlled devices get this bit set
1014 * implicitly so that pairing works for them, however
1015 * for mgmt we require user-space to explicitly enable
1016 * it
1017 */
a358dc11 1018 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1019}
1020
0f4e68cf 1021static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1022 void *data, u16 data_len)
0381101f 1023{
a38528f1 1024 struct mgmt_rp_read_info rp;
f7b64e69 1025
bdb6d971 1026 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1027
09fd0de5 1028 hci_dev_lock(hdev);
f7b64e69 1029
dc4fe30b
JH		 1030 memset(&rp, 0, sizeof(rp));
1031
69ab39ea 1032 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1033
69ab39ea 1034 rp.version = hdev->hci_ver;
eb55ef07 1035 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1036
1037 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1038 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1039
a38528f1 1040 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1041
dc4fe30b 1042 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1043 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1044
09fd0de5 1045 hci_dev_unlock(hdev);
0381101f 1046
2a1afb5a
JH		 1047 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1048 sizeof(rp));
0381101f
JH		 1049}
1050
69ab39ea 1051static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1052{
69ab39ea 1053 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1054
2a1afb5a
JH		 1055 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1056 sizeof(settings));
8680570b
JH		 1057}
1058
1904a853 1059static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1060{
1061 BT_DBG("%s status 0x%02x", hdev->name, status);
1062
a3172b7e
JH		 1063 if (hci_conn_count(hdev) == 0) {
1064 cancel_delayed_work(&hdev->power_off);
8b064a3a 1065 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1066 }
8b064a3a
JH		 1067}
1068
f2252570 1069void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1070{
1071 struct mgmt_ev_advertising_added ev;
1072
1073 ev.instance = instance;
1074
1075 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1076}
1077
f2252570
JH		 1078void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1079 u8 instance)
912098a6
AU		 1080{
1081 struct mgmt_ev_advertising_removed ev;
1082
1083 ev.instance = instance;
1084
1085 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1086}
1087
7816b820
FG		 1088static void cancel_adv_timeout(struct hci_dev *hdev)
1089{
1090 if (hdev->adv_instance_timeout) {
1091 hdev->adv_instance_timeout = 0;
1092 cancel_delayed_work(&hdev->adv_instance_expire);
1093 }
1094}
1095
8b064a3a
JH		 1096static int clean_up_hci_state(struct hci_dev *hdev)
1097{
1098 struct hci_request req;
1099 struct hci_conn *conn;
23a48093
JH		 1100 bool discov_stopped;
1101 int err;
8b064a3a
JH		 1102
1103 hci_req_init(&req, hdev);
1104
1105 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1106 test_bit(HCI_PSCAN, &hdev->flags)) {
1107 u8 scan = 0x00;
1108 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1109 }
1110
f2252570 1111 hci_req_clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 1112
d7a5a11d 1113 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1114 __hci_req_disable_advertising(&req);
8b064a3a 1115
2154d3f4 1116 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1117
1118 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1119 /* 0x15 == Terminated due to Power Off */
1120 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1121 }
1122
23a48093
JH		 1123 err = hci_req_run(&req, clean_up_hci_complete);
1124 if (!err && discov_stopped)
1125 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1126
1127 return err;
8b064a3a
JH		 1128}
1129
bdb6d971 1130static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1131 u16 len)
eec8d2bc 1132{
650f726d 1133 struct mgmt_mode *cp = data;
3b0602cd 1134 struct mgmt_pending_cmd *cmd;
4b34ee78 1135 int err;
eec8d2bc 1136
bdb6d971 1137 BT_DBG("request for %s", hdev->name);
eec8d2bc 1138
a7e80f25 1139 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1140 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1141 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1142
09fd0de5 1143 hci_dev_lock(hdev);
eec8d2bc 1144
333ae95d 1145 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1146 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1147 MGMT_STATUS_BUSY);
87b95ba6
JH		 1148 goto failed;
1149 }
1150
a69d8927 1151 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1152 cancel_delayed_work(&hdev->power_off);
1153
1154 if (cp->val) {
a1d70450
JH		 1155 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1156 data, len);
1157 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1158 goto failed;
1159 }
1160 }
1161
4b34ee78 1162 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1163 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1164 goto failed;
1165 }
1166
2e58ef3e 1167 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1168 if (!cmd) {
1169 err = -ENOMEM;
eec8d2bc 1170 goto failed;
366a0336 1171 }
eec8d2bc 1172
8b064a3a 1173 if (cp->val) {
19202573 1174 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1175 err = 0;
1176 } else {
1177 /* Disconnect connections, stop scans, etc */
1178 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1179 if (!err)
1180 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1181 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1182
8b064a3a
JH		 1183 /* ENODATA means there were no HCI commands queued */
1184 if (err == -ENODATA) {
a3172b7e 1185 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1186 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1187 err = 0;
1188 }
1189 }
eec8d2bc
JH		 1190
1191failed:
09fd0de5 1192 hci_dev_unlock(hdev);
366a0336 1193 return err;
eec8d2bc
JH		 1194}
1195
beadb2bd
JH		 1196static int new_settings(struct hci_dev *hdev, struct sock *skip)
1197{
f6b7712e 1198 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1199
f6b7712e
MH		 1200 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1201 sizeof(ev), skip);
beadb2bd
JH		 1202}
1203
91a668b0
JH		 1204int mgmt_new_settings(struct hci_dev *hdev)
1205{
1206 return new_settings(hdev, NULL);
1207}
1208
bd99abdd
JH		 1209struct cmd_lookup {
1210 struct sock *sk;
1211 struct hci_dev *hdev;
1212 u8 mgmt_status;
1213};
1214
3b0602cd 1215static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1216{
1217 struct cmd_lookup *match = data;
1218
1219 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1220
1221 list_del(&cmd->list);
1222
1223 if (match->sk == NULL) {
1224 match->sk = cmd->sk;
1225 sock_hold(match->sk);
1226 }
1227
1228 mgmt_pending_free(cmd);
1229}
1230
3b0602cd 1231static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1232{
1233 u8 *status = data;
1234
a69e8375 1235 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1236 mgmt_pending_remove(cmd);
1237}
1238
3b0602cd 1239static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1240{
1241 if (cmd->cmd_complete) {
1242 u8 *status = data;
1243
1244 cmd->cmd_complete(cmd, *status);
1245 mgmt_pending_remove(cmd);
1246
1247 return;
1248 }
1249
1250 cmd_status_rsp(cmd, data);
1251}
1252
3b0602cd 1253static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1254{
2a1afb5a
JH		 1255 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1256 cmd->param, cmd->param_len);
f5818c22
JH		 1257}
1258
3b0602cd 1259static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1260{
2a1afb5a
JH		 1261 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1262 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1263}
1264
e6fe7986
JH		 1265static u8 mgmt_bredr_support(struct hci_dev *hdev)
1266{
1267 if (!lmp_bredr_capable(hdev))
1268 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1269 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1270 return MGMT_STATUS_REJECTED;
1271 else
1272 return MGMT_STATUS_SUCCESS;
1273}
1274
1275static u8 mgmt_le_support(struct hci_dev *hdev)
1276{
1277 if (!lmp_le_capable(hdev))
1278 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1279 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1280 return MGMT_STATUS_REJECTED;
1281 else
1282 return MGMT_STATUS_SUCCESS;
1283}
1284
1904a853
MH		 1285static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1286 u16 opcode)
bfaf8c9f 1287{
3b0602cd 1288 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1289 struct mgmt_mode *cp;
970ba524 1290 struct hci_request req;
bfaf8c9f
JH		 1291 bool changed;
1292
1293 BT_DBG("status 0x%02x", status);
1294
1295 hci_dev_lock(hdev);
1296
333ae95d 1297 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1298 if (!cmd)
1299 goto unlock;
1300
1301 if (status) {
1302 u8 mgmt_err = mgmt_status(status);
a69e8375 1303 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1304 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1305 goto remove_cmd;
1306 }
1307
1308 cp = cmd->param;
d4462a07 1309 if (cp->val) {
238be788 1310 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1311
1312 if (hdev->discov_timeout > 0) {
1313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1315 to);
1316 }
1317 } else {
a69d8927 1318 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1319 }
bfaf8c9f
JH		 1320
1321 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1322
1323 if (changed)
1324 new_settings(hdev, cmd->sk);
1325
970ba524
MH		 1326 /* When the discoverable mode gets changed, make sure
1327 * that class of device has the limited discoverable
432df05e
JH		 1328 * bit correctly set. Also update page scan based on whitelist
1329 * entries.
970ba524
MH		 1330 */
1331 hci_req_init(&req, hdev);
01b1cb87 1332 __hci_req_update_scan(&req);
14bf5eac 1333 __hci_req_update_class(&req);
970ba524
MH		 1334 hci_req_run(&req, NULL);
1335
bfaf8c9f
JH		 1336remove_cmd:
1337 mgmt_pending_remove(cmd);
1338
1339unlock:
1340 hci_dev_unlock(hdev);
1341}
1342
bdb6d971 1343static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1344 u16 len)
73f22f62 1345{
650f726d 1346 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1347 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1348 struct hci_request req;
5e5282bb 1349 u16 timeout;
9a43e25f 1350 u8 scan;
73f22f62
JH		 1351 int err;
1352
bdb6d971 1353 BT_DBG("request for %s", hdev->name);
73f22f62 1354
d7a5a11d
MH		 1355 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1356 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1357 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1358 MGMT_STATUS_REJECTED);
33c525c0 1359
310a3d48 1360 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1361 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1362 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1363
1f350c87 1364 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1365
1366 /* Disabling discoverable requires that no timeout is set,
1367 * and enabling limited discoverable requires a timeout.
1368 */
1369 if ((cp->val == 0x00 && timeout > 0) ||
1370 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1372 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1373
09fd0de5 1374 hci_dev_lock(hdev);
73f22f62 1375
5e5282bb 1376 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1377 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1378 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1379 goto failed;
1380 }
1381
333ae95d
JH		 1382 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1383 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1384 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1385 MGMT_STATUS_BUSY);
73f22f62
JH		 1386 goto failed;
1387 }
1388
d7a5a11d 1389 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1390 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1391 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1392 goto failed;
1393 }
1394
1395 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1396 bool changed = false;
1397
310a3d48
MH		 1398 /* Setting limited discoverable when powered off is
1399 * not a valid operation since it requires a timeout
1400 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1401 */
d7a5a11d 1402 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1403 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1404 changed = true;
1405 }
1406
5e5282bb 1407 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1408 if (err < 0)
1409 goto failed;
1410
1411 if (changed)
1412 err = new_settings(hdev, sk);
1413
5e5282bb
JH		 1414 goto failed;
1415 }
1416
310a3d48
MH		 1417 /* If the current mode is the same, then just update the timeout
1418 * value with the new value. And if only the timeout gets updated,
1419 * then no need for any HCI transactions.
1420 */
d7a5a11d
MH		 1421 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1422 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1423 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1424 cancel_delayed_work(&hdev->discov_off);
1425 hdev->discov_timeout = timeout;
955638ec 1426
36261547
MH		 1427 if (cp->val && hdev->discov_timeout > 0) {
1428 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1429 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1430 to);
955638ec
MH		 1431 }
1432
69ab39ea 1433 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1434 goto failed;
1435 }
1436
2e58ef3e 1437 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1438 if (!cmd) {
1439 err = -ENOMEM;
73f22f62 1440 goto failed;
366a0336 1441 }
73f22f62 1442
310a3d48
MH		 1443 /* Cancel any potential discoverable timeout that might be
1444 * still active and store new timeout value. The arming of
1445 * the timeout happens in the complete handler.
1446 */
1447 cancel_delayed_work(&hdev->discov_off);
1448 hdev->discov_timeout = timeout;
1449
b456f87c
JH		 1450 /* Limited discoverable mode */
1451 if (cp->val == 0x02)
a1536da2 1452 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1453 else
a358dc11 1454 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1455
bfaf8c9f
JH		 1456 hci_req_init(&req, hdev);
1457
9a43e25f
JH		 1458 /* The procedure for LE-only controllers is much simpler - just
1459 * update the advertising data.
1460 */
d7a5a11d 1461 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1462 goto update_ad;
1463
73f22f62
JH		 1464 scan = SCAN_PAGE;
1465
310a3d48
MH		 1466 if (cp->val) {
1467 struct hci_cp_write_current_iac_lap hci_cp;
1468
1469 if (cp->val == 0x02) {
1470 /* Limited discoverable mode */
33337dcb 1471 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1472 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1473 hci_cp.iac_lap[1] = 0x8b;
1474 hci_cp.iac_lap[2] = 0x9e;
1475 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1476 hci_cp.iac_lap[4] = 0x8b;
1477 hci_cp.iac_lap[5] = 0x9e;
1478 } else {
1479 /* General discoverable mode */
310a3d48
MH		 1480 hci_cp.num_iac = 1;
1481 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1482 hci_cp.iac_lap[1] = 0x8b;
1483 hci_cp.iac_lap[2] = 0x9e;
1484 }
1485
1486 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1487 (hci_cp.num_iac * 3) + 1, &hci_cp);
1488
73f22f62 1489 scan |= SCAN_INQUIRY;
310a3d48 1490 } else {
a358dc11 1491 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1492 }
73f22f62 1493
310a3d48 1494 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1495
9a43e25f 1496update_ad:
f2252570 1497 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
9a43e25f 1498
bfaf8c9f 1499 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1500 if (err < 0)
a664b5bc 1501 mgmt_pending_remove(cmd);
73f22f62
JH		 1502
1503failed:
09fd0de5 1504 hci_dev_unlock(hdev);
73f22f62
JH		 1505 return err;
1506}
1507
406d7804
JH		 1508static void write_fast_connectable(struct hci_request *req, bool enable)
1509{
bd98b996 1510 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1511 struct hci_cp_write_page_scan_activity acp;
1512 u8 type;
1513
d7a5a11d 1514 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1515 return;
1516
4c01f8b8
JH		 1517 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1518 return;
1519
406d7804
JH		 1520 if (enable) {
1521 type = PAGE_SCAN_TYPE_INTERLACED;
1522
1523 /* 160 msec page scan interval */
dcf4adbf 1524 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1525 } else {
1526 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1527
1528 /* default 1.28 sec page scan */
dcf4adbf 1529 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1530 }
1531
dcf4adbf 1532 acp.window = cpu_to_le16(0x0012);
406d7804 1533
bd98b996
JH		 1534 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1535 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1536 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1537 sizeof(acp), &acp);
1538
1539 if (hdev->page_scan_type != type)
1540 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1541}
1542
53c0ba74 1543void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1544{
3b0602cd 1545 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1546
1547 BT_DBG("status 0x%02x", status);
1548
1549 hci_dev_lock(hdev);
1550
333ae95d 1551 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1552 if (!cmd)
1553 goto unlock;
1554
37438c1f
JH		 1555 if (status) {
1556 u8 mgmt_err = mgmt_status(status);
a69e8375 1557 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1558 goto remove_cmd;
1559 }
1560
2b76f453 1561 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1562 new_settings(hdev, cmd->sk);
d7b856f9 1563
37438c1f 1564remove_cmd:
2b76f453
JH		 1565 mgmt_pending_remove(cmd);
1566
1567unlock:
1568 hci_dev_unlock(hdev);
1569}
1570
e8ba3a1f
JH		 1571static int set_connectable_update_settings(struct hci_dev *hdev,
1572 struct sock *sk, u8 val)
1573{
1574 bool changed = false;
1575 int err;
1576
d7a5a11d 1577 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1578 changed = true;
1579
1580 if (val) {
a1536da2 1581 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1582 } else {
a358dc11
MH		 1583 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1584 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1585 }
1586
1587 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1588 if (err < 0)
1589 return err;
1590
562064e6 1591 if (changed) {
01b1cb87 1592 hci_req_update_scan(hdev);
562064e6 1593 hci_update_background_scan(hdev);
e8ba3a1f 1594 return new_settings(hdev, sk);
562064e6 1595 }
e8ba3a1f
JH		 1596
1597 return 0;
1598}
1599
bdb6d971 1600static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1601 u16 len)
9fbcbb45 1602{
650f726d 1603 struct mgmt_mode *cp = data;
3b0602cd 1604 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1605 int err;
1606
bdb6d971 1607 BT_DBG("request for %s", hdev->name);
9fbcbb45 1608
d7a5a11d
MH		 1609 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1610 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1611 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1612 MGMT_STATUS_REJECTED);
33c525c0 1613
a7e80f25 1614 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1615 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1616 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1617
09fd0de5 1618 hci_dev_lock(hdev);
9fbcbb45 1619
4b34ee78 1620 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1621 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1622 goto failed;
1623 }
1624
333ae95d
JH		 1625 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1626 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1627 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1628 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1629 goto failed;
1630 }
1631
2e58ef3e 1632 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1633 if (!cmd) {
1634 err = -ENOMEM;
9fbcbb45 1635 goto failed;
366a0336 1636 }
9fbcbb45 1637
53c0ba74
JH		 1638 if (cp->val) {
1639 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1640 } else {
1641 if (hdev->discov_timeout > 0)
1642 cancel_delayed_work(&hdev->discov_off);
2b76f453 1643
53c0ba74
JH		 1644 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1645 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1646 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1647 }
2b76f453 1648
53c0ba74
JH		 1649 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1650 err = 0;
9fbcbb45
JH		 1651
1652failed:
09fd0de5 1653 hci_dev_unlock(hdev);
9fbcbb45
JH		 1654 return err;
1655}
1656
b2939475 1657static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1658 u16 len)
c542a06c 1659{
650f726d 1660 struct mgmt_mode *cp = data;
55594356 1661 bool changed;
c542a06c
JH		 1662 int err;
1663
bdb6d971 1664 BT_DBG("request for %s", hdev->name);
c542a06c 1665
a7e80f25 1666 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1667 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1668 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1669
09fd0de5 1670 hci_dev_lock(hdev);
c542a06c
JH		 1671
1672 if (cp->val)
238be788 1673 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1674 else
a69d8927 1675 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1676
b2939475 1677 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1678 if (err < 0)
55594356 1679 goto unlock;
c542a06c 1680
55594356
MH		 1681 if (changed)
1682 err = new_settings(hdev, sk);
c542a06c 1683
55594356 1684unlock:
09fd0de5 1685 hci_dev_unlock(hdev);
c542a06c
JH		 1686 return err;
1687}
1688
04124681
GP		 1689static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1690 u16 len)
33ef95ed
JH		 1691{
1692 struct mgmt_mode *cp = data;
3b0602cd 1693 struct mgmt_pending_cmd *cmd;
e6fe7986 1694 u8 val, status;
33ef95ed
JH		 1695 int err;
1696
bdb6d971 1697 BT_DBG("request for %s", hdev->name);
33ef95ed 1698
e6fe7986
JH		 1699 status = mgmt_bredr_support(hdev);
1700 if (status)
a69e8375
JH		 1701 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1702 status);
33c525c0 1703
a7e80f25 1704 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1705 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1706 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1707
33ef95ed
JH		 1708 hci_dev_lock(hdev);
1709
4b34ee78 1710 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1711 bool changed = false;
1712
d7a5a11d 1713 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1714 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1715 changed = true;
1716 }
1717
1718 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1719 if (err < 0)
1720 goto failed;
1721
1722 if (changed)
1723 err = new_settings(hdev, sk);
1724
33ef95ed
JH		 1725 goto failed;
1726 }
1727
333ae95d 1728 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1729 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1730 MGMT_STATUS_BUSY);
33ef95ed
JH		 1731 goto failed;
1732 }
1733
1734 val = !!cp->val;
1735
1736 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1737 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1738 goto failed;
1739 }
1740
1741 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1742 if (!cmd) {
1743 err = -ENOMEM;
1744 goto failed;
1745 }
1746
1747 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1748 if (err < 0) {
1749 mgmt_pending_remove(cmd);
1750 goto failed;
1751 }
1752
1753failed:
1754 hci_dev_unlock(hdev);
33ef95ed
JH		 1755 return err;
1756}
1757
bdb6d971 1758static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1759{
1760 struct mgmt_mode *cp = data;
3b0602cd 1761 struct mgmt_pending_cmd *cmd;
72ef0c1a 1762 u8 status;
ed2c4ee3
JH		 1763 int err;
1764
bdb6d971 1765 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1766
cdba5281
MH		 1767 status = mgmt_bredr_support(hdev);
1768 if (status)
a69e8375 1769 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1770
13ecd8b6 1771 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1772 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1773 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1774
a7e80f25 1775 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1777 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1778
13ecd8b6 1779 hci_dev_lock(hdev);
6c8f12c1 1780
4b34ee78 1781 if (!hdev_is_powered(hdev)) {
9ecb3e24 1782 bool changed;
c0ecddc2 1783
9ecb3e24 1784 if (cp->val) {
238be788
MH		 1785 changed = !hci_dev_test_and_set_flag(hdev,
1786 HCI_SSP_ENABLED);
9ecb3e24 1787 } else {
a69d8927
MH		 1788 changed = hci_dev_test_and_clear_flag(hdev,
1789 HCI_SSP_ENABLED);
9ecb3e24 1790 if (!changed)
a69d8927
MH		 1791 changed = hci_dev_test_and_clear_flag(hdev,
1792 HCI_HS_ENABLED);
9ecb3e24 1793 else
a358dc11 1794 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1795 }
1796
1797 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1798 if (err < 0)
1799 goto failed;
1800
1801 if (changed)
1802 err = new_settings(hdev, sk);
1803
ed2c4ee3
JH		 1804 goto failed;
1805 }
1806
333ae95d 1807 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1808 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1809 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1810 goto failed;
1811 }
1812
d7a5a11d 1813 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1814 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1815 goto failed;
1816 }
1817
1818 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1819 if (!cmd) {
1820 err = -ENOMEM;
1821 goto failed;
1822 }
1823
d7a5a11d 1824 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1825 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1826 sizeof(cp->val), &cp->val);
1827
72ef0c1a 1828 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1829 if (err < 0) {
1830 mgmt_pending_remove(cmd);
1831 goto failed;
1832 }
1833
1834failed:
1835 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1836 return err;
1837}
1838
bdb6d971 1839static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1840{
1841 struct mgmt_mode *cp = data;
ee392693 1842 bool changed;
e6fe7986 1843 u8 status;
ee392693 1844 int err;
6d80dfd0 1845
bdb6d971 1846 BT_DBG("request for %s", hdev->name);
6d80dfd0 1847
e6fe7986
JH		 1848 status = mgmt_bredr_support(hdev);
1849 if (status)
a69e8375 1850 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1851
9ecb3e24 1852 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1853 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1854 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1855
d7a5a11d 1856 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1857 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1858 MGMT_STATUS_REJECTED);
9ecb3e24 1859
a7e80f25 1860 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1862 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1863
ee392693
MH		 1864 hci_dev_lock(hdev);
1865
333ae95d 1866 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1867 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1868 MGMT_STATUS_BUSY);
a2cb01de
JH		 1869 goto unlock;
1870 }
1871
a0cdf960 1872 if (cp->val) {
238be788 1873 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1874 } else {
1875 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1876 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1877 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1878 goto unlock;
1879 }
1880
a69d8927 1881 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1882 }
ee392693
MH		 1883
1884 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1885 if (err < 0)
1886 goto unlock;
1887
1888 if (changed)
1889 err = new_settings(hdev, sk);
6d80dfd0 1890
ee392693
MH		 1891unlock:
1892 hci_dev_unlock(hdev);
1893 return err;
6d80dfd0
JH		 1894}
1895
1904a853 1896static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1897{
1898 struct cmd_lookup match = { NULL, hdev };
1899
3ad67582
JK		 1900 hci_dev_lock(hdev);
1901
416a4ae5
JH		 1902 if (status) {
1903 u8 mgmt_err = mgmt_status(status);
1904
1905 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1906 &mgmt_err);
3ad67582 1907 goto unlock;
416a4ae5
JH		 1908 }
1909
1910 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1911
1912 new_settings(hdev, match.sk);
1913
1914 if (match.sk)
1915 sock_put(match.sk);
441ad2d0
MH		 1916
1917 /* Make sure the controller has a good default for
1918 * advertising data. Restrict the update to when LE
1919 * has actually been enabled. During power on, the
1920 * update in powered_update_hci will take care of it.
1921 */
d7a5a11d 1922 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 1923 struct hci_request req;
1924
441ad2d0 1925 hci_req_init(&req, hdev);
f2252570
JH		 1926 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
1927 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
441ad2d0 1928 hci_req_run(&req, NULL);
2e93e53b 1929 hci_update_background_scan(hdev);
441ad2d0 1930 }
3ad67582
JK		 1931
1932unlock:
1933 hci_dev_unlock(hdev);
416a4ae5
JH		 1934}
1935
bdb6d971 1936static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1937{
1938 struct mgmt_mode *cp = data;
1939 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1940 struct mgmt_pending_cmd *cmd;
416a4ae5 1941 struct hci_request req;
06199cf8 1942 int err;
0b60eba1 1943 u8 val, enabled;
06199cf8 1944
bdb6d971 1945 BT_DBG("request for %s", hdev->name);
06199cf8 1946
13ecd8b6 1947 if (!lmp_le_capable(hdev))
a69e8375
JH		 1948 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1949 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1950
a7e80f25 1951 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1952 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1953 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1954
e7844ee5
MH		 1955 /* Bluetooth single mode LE only controllers or dual-mode
1956 * controllers configured as LE only devices, do not allow
1957 * switching LE off. These have either LE enabled explicitly
1958 * or BR/EDR has been previously switched off.
1959 *
1960 * When trying to enable an already enabled LE, then gracefully
1961 * send a positive response. Trying to disable it however will
1962 * result into rejection.
1963 */
1964 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1965 if (cp->val == 0x01)
1966 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1967
a69e8375
JH		 1968 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1969 MGMT_STATUS_REJECTED);
e7844ee5 1970 }
c73eee91 1971
13ecd8b6 1972 hci_dev_lock(hdev);
06199cf8
JH		 1973
1974 val = !!cp->val;
ffa88e02 1975 enabled = lmp_host_le_capable(hdev);
06199cf8 1976
847818d9 1977 if (!val)
f2252570 1978 hci_req_clear_adv_instance(hdev, NULL, 0x00, true);
847818d9 1979
0b60eba1 1980 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1981 bool changed = false;
1982
d7a5a11d 1983 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1984 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1985 changed = true;
1986 }
1987
d7a5a11d 1988 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1989 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1990 changed = true;
1991 }
1992
06199cf8
JH		 1993 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1994 if (err < 0)
1de028ce 1995 goto unlock;
06199cf8
JH		 1996
1997 if (changed)
1998 err = new_settings(hdev, sk);
1999
1de028ce 2000 goto unlock;
06199cf8
JH		 2001 }
2002
333ae95d
JH		 2003 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2004 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2005 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2006 MGMT_STATUS_BUSY);
1de028ce 2007 goto unlock;
06199cf8
JH		 2008 }
2009
2010 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2011 if (!cmd) {
2012 err = -ENOMEM;
1de028ce 2013 goto unlock;
06199cf8
JH		 2014 }
2015
441ad2d0
MH		 2016 hci_req_init(&req, hdev);
2017
06199cf8
JH		 2018 memset(&hci_cp, 0, sizeof(hci_cp));
2019
2020 if (val) {
2021 hci_cp.le = val;
32226e4f 2022 hci_cp.simul = 0x00;
441ad2d0 2023 } else {
d7a5a11d 2024 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 2025 __hci_req_disable_advertising(&req);
06199cf8
JH		 2026 }
2027
416a4ae5
JH		 2028 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2029 &hci_cp);
2030
2031 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2032 if (err < 0)
06199cf8 2033 mgmt_pending_remove(cmd);
06199cf8 2034
1de028ce
JH		 2035unlock:
2036 hci_dev_unlock(hdev);
06199cf8
JH		 2037 return err;
2038}
2039
0cab9c80
JH		 2040/* This is a helper function to test for pending mgmt commands that can
2041 * cause CoD or EIR HCI commands. We can only allow one such pending
2042 * mgmt command at a time since otherwise we cannot easily track what
2043 * the current values are, will be, and based on that calculate if a new
2044 * HCI command needs to be sent and if yes with what value.
2045 */
2046static bool pending_eir_or_class(struct hci_dev *hdev)
2047{
3b0602cd 2048 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2049
2050 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2051 switch (cmd->opcode) {
2052 case MGMT_OP_ADD_UUID:
2053 case MGMT_OP_REMOVE_UUID:
2054 case MGMT_OP_SET_DEV_CLASS:
2055 case MGMT_OP_SET_POWERED:
2056 return true;
2057 }
2058 }
2059
2060 return false;
2061}
2062
83be8eca
JH		 2063static const u8 bluetooth_base_uuid[] = {
2064 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2065 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2066};
2067
2068static u8 get_uuid_size(const u8 *uuid)
2069{
2070 u32 val;
2071
2072 if (memcmp(uuid, bluetooth_base_uuid, 12))
2073 return 128;
2074
2075 val = get_unaligned_le32(&uuid[12]);
2076 if (val > 0xffff)
2077 return 32;
2078
2079 return 16;
2080}
2081
92da6097
JH		 2082static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2083{
3b0602cd 2084 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2085
2086 hci_dev_lock(hdev);
2087
333ae95d 2088 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2089 if (!cmd)
2090 goto unlock;
2091
2a1afb5a
JH		 2092 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2093 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2094
2095 mgmt_pending_remove(cmd);
2096
2097unlock:
2098 hci_dev_unlock(hdev);
2099}
2100
1904a853 2101static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2102{
2103 BT_DBG("status 0x%02x", status);
2104
2105 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2106}
2107
bdb6d971 2108static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2109{
650f726d 2110 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2111 struct mgmt_pending_cmd *cmd;
890ea898 2112 struct hci_request req;
2aeb9a1a 2113 struct bt_uuid *uuid;
2aeb9a1a
JH		 2114 int err;
2115
bdb6d971 2116 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2117
09fd0de5 2118 hci_dev_lock(hdev);
2aeb9a1a 2119
0cab9c80 2120 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2121 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2122 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2123 goto failed;
2124 }
2125
92c4c204 2126 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2127 if (!uuid) {
2128 err = -ENOMEM;
2129 goto failed;
2130 }
2131
2132 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2133 uuid->svc_hint = cp->svc_hint;
83be8eca 2134 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2135
de66aa63 2136 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2137
890ea898 2138 hci_req_init(&req, hdev);
1aff6f09 2139
14bf5eac 2140 __hci_req_update_class(&req);
890ea898
JH		 2141 update_eir(&req);
2142
92da6097
JH		 2143 err = hci_req_run(&req, add_uuid_complete);
2144 if (err < 0) {
2145 if (err != -ENODATA)
2146 goto failed;
80a1e1db 2147
2a1afb5a
JH		 2148 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2149 hdev->dev_class, 3);
90e70454
JH		 2150 goto failed;
2151 }
2152
2153 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2154 if (!cmd) {
90e70454 2155 err = -ENOMEM;
890ea898
JH		 2156 goto failed;
2157 }
2158
2159 err = 0;
2aeb9a1a
JH		 2160
2161failed:
09fd0de5 2162 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2163 return err;
2164}
2165
24b78d0f
JH		 2166static bool enable_service_cache(struct hci_dev *hdev)
2167{
2168 if (!hdev_is_powered(hdev))
2169 return false;
2170
238be788 2171 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2172 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2173 CACHE_TIMEOUT);
24b78d0f
JH		 2174 return true;
2175 }
2176
2177 return false;
2178}
2179
1904a853 2180static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2181{
2182 BT_DBG("status 0x%02x", status);
2183
2184 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2185}
2186
bdb6d971 2187static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2188 u16 len)
2aeb9a1a 2189{
650f726d 2190 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2191 struct mgmt_pending_cmd *cmd;
056341c8 2192 struct bt_uuid *match, *tmp;
2aeb9a1a 2193 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2194 struct hci_request req;
2aeb9a1a
JH		 2195 int err, found;
2196
bdb6d971 2197 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2198
09fd0de5 2199 hci_dev_lock(hdev);
2aeb9a1a 2200
0cab9c80 2201 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2202 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2203 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2204 goto unlock;
2205 }
2206
2aeb9a1a 2207 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2208 hci_uuids_clear(hdev);
4004b6d9 2209
24b78d0f 2210 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2211 err = mgmt_cmd_complete(sk, hdev->id,
2212 MGMT_OP_REMOVE_UUID,
2213 0, hdev->dev_class, 3);
24b78d0f
JH		 2214 goto unlock;
2215 }
4004b6d9 2216
9246a869 2217 goto update_class;
2aeb9a1a
JH		 2218 }
2219
2220 found = 0;
2221
056341c8 2222 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2223 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2224 continue;
2225
2226 list_del(&match->list);
482049f7 2227 kfree(match);
2aeb9a1a
JH		 2228 found++;
2229 }
2230
2231 if (found == 0) {
a69e8375
JH		 2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2233 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2234 goto unlock;
2235 }
2236
9246a869 2237update_class:
890ea898 2238 hci_req_init(&req, hdev);
1aff6f09 2239
14bf5eac 2240 __hci_req_update_class(&req);
890ea898
JH		 2241 update_eir(&req);
2242
92da6097
JH		 2243 err = hci_req_run(&req, remove_uuid_complete);
2244 if (err < 0) {
2245 if (err != -ENODATA)
2246 goto unlock;
80a1e1db 2247
2a1afb5a
JH		 2248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2249 hdev->dev_class, 3);
90e70454
JH		 2250 goto unlock;
2251 }
2252
2253 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2254 if (!cmd) {
90e70454 2255 err = -ENOMEM;
890ea898
JH		 2256 goto unlock;
2257 }
2258
2259 err = 0;
2aeb9a1a
JH		 2260
2261unlock:
09fd0de5 2262 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2263 return err;
2264}
2265
1904a853 2266static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2267{
2268 BT_DBG("status 0x%02x", status);
2269
2270 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2271}
2272
bdb6d971 2273static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2274 u16 len)
1aff6f09 2275{
650f726d 2276 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2277 struct mgmt_pending_cmd *cmd;
890ea898 2278 struct hci_request req;
1aff6f09
JH		 2279 int err;
2280
bdb6d971 2281 BT_DBG("request for %s", hdev->name);
1aff6f09 2282
6203fc98 2283 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2284 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2285 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2286
0cab9c80 2287 hci_dev_lock(hdev);
ee98f473 2288
0cab9c80 2289 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2290 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2291 MGMT_STATUS_BUSY);
0cab9c80
JH		 2292 goto unlock;
2293 }
c95f0ba7 2294
0cab9c80 2295 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2296 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2297 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2298 goto unlock;
2299 }
575b3a02 2300
932f5ff5
JH		 2301 hdev->major_class = cp->major;
2302 hdev->minor_class = cp->minor;
2303
b5235a65 2304 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2306 hdev->dev_class, 3);
b5235a65
JH		 2307 goto unlock;
2308 }
2309
890ea898
JH		 2310 hci_req_init(&req, hdev);
2311
a69d8927 2312 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2313 hci_dev_unlock(hdev);
2314 cancel_delayed_work_sync(&hdev->service_cache);
2315 hci_dev_lock(hdev);
890ea898 2316 update_eir(&req);
7d78525d 2317 }
14c0b608 2318
14bf5eac 2319 __hci_req_update_class(&req);
890ea898 2320
92da6097
JH		 2321 err = hci_req_run(&req, set_class_complete);
2322 if (err < 0) {
2323 if (err != -ENODATA)
2324 goto unlock;
1aff6f09 2325
2a1afb5a
JH		 2326 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2327 hdev->dev_class, 3);
90e70454
JH		 2328 goto unlock;
2329 }
2330
2331 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2332 if (!cmd) {
90e70454 2333 err = -ENOMEM;
890ea898
JH		 2334 goto unlock;
2335 }
2336
2337 err = 0;
1aff6f09 2338
b5235a65 2339unlock:
09fd0de5 2340 hci_dev_unlock(hdev);
1aff6f09
JH		 2341 return err;
2342}
2343
bdb6d971 2344static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2345 u16 len)
55ed8ca1 2346{
650f726d 2347 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2348 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2349 sizeof(struct mgmt_link_key_info));
4e51eae9 2350 u16 key_count, expected_len;
b1de97d8 2351 bool changed;
a492cd52 2352 int i;
55ed8ca1 2353
9060d5cf
MH		 2354 BT_DBG("request for %s", hdev->name);
2355
2356 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2357 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2358 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2359
1f350c87 2360 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2361 if (key_count > max_key_count) {
2362 BT_ERR("load_link_keys: too big key_count value %u",
2363 key_count);
a69e8375
JH		 2364 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2365 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2366 }
55ed8ca1 2367
86742e1e
JH		 2368 expected_len = sizeof(*cp) + key_count *
2369 sizeof(struct mgmt_link_key_info);
a492cd52 2370 if (expected_len != len) {
86742e1e 2371 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2372 expected_len, len);
a69e8375
JH		 2373 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2374 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2375 }
2376
4ae14301 2377 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2378 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2379 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2380
bdb6d971 2381 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2382 key_count);
55ed8ca1 2383
4ee71b20
JH		 2384 for (i = 0; i < key_count; i++) {
2385 struct mgmt_link_key_info *key = &cp->keys[i];
2386
8e991132 2387 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2388 return mgmt_cmd_status(sk, hdev->id,
2389 MGMT_OP_LOAD_LINK_KEYS,
2390 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2391 }
2392
09fd0de5 2393 hci_dev_lock(hdev);
55ed8ca1
JH		 2394
2395 hci_link_keys_clear(hdev);
2396
55ed8ca1 2397 if (cp->debug_keys)
238be788 2398 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2399 else
a69d8927
MH		 2400 changed = hci_dev_test_and_clear_flag(hdev,
2401 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2402
2403 if (changed)
2404 new_settings(hdev, NULL);
55ed8ca1 2405
a492cd52 2406 for (i = 0; i < key_count; i++) {
86742e1e 2407 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2408
58e9293c
JH		 2409 /* Always ignore debug keys and require a new pairing if
2410 * the user wants to use them.
2411 */
2412 if (key->type == HCI_LK_DEBUG_COMBINATION)
2413 continue;
2414
7652ff6a
JH		 2415 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2416 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2417 }
2418
2a1afb5a 2419 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2420
09fd0de5 2421 hci_dev_unlock(hdev);
55ed8ca1 2422
a492cd52 2423 return 0;
55ed8ca1
JH		 2424}
2425
b1078ad0 2426static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2427 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2428{
2429 struct mgmt_ev_device_unpaired ev;
2430
2431 bacpy(&ev.addr.bdaddr, bdaddr);
2432 ev.addr.type = addr_type;
2433
2434 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2435 skip_sk);
b1078ad0
JH		 2436}
2437
bdb6d971 2438static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2439 u16 len)
55ed8ca1 2440{
124f6e35
JH		 2441 struct mgmt_cp_unpair_device *cp = data;
2442 struct mgmt_rp_unpair_device rp;
fc64361a 2443 struct hci_conn_params *params;
3b0602cd 2444 struct mgmt_pending_cmd *cmd;
55ed8ca1 2445 struct hci_conn *conn;
ec182f03 2446 u8 addr_type;
55ed8ca1
JH		 2447 int err;
2448
a8a1d19e 2449 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2450 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2451 rp.addr.type = cp->addr.type;
a8a1d19e 2452
4ee71b20 2453 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2454 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2455 MGMT_STATUS_INVALID_PARAMS,
2456 &rp, sizeof(rp));
4ee71b20 2457
118da70b 2458 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2459 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2460 MGMT_STATUS_INVALID_PARAMS,
2461 &rp, sizeof(rp));
118da70b 2462
4ee71b20
JH		 2463 hci_dev_lock(hdev);
2464
86a8cfc6 2465 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2466 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2467 MGMT_STATUS_NOT_POWERED, &rp,
2468 sizeof(rp));
86a8cfc6
JH		 2469 goto unlock;
2470 }
2471
e0b2b27e 2472 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2473 /* If disconnection is requested, then look up the
2474 * connection. If the remote device is connected, it
2475 * will be later used to terminate the link.
2476 *
2477 * Setting it to NULL explicitly will cause no
2478 * termination of the link.
2479 */
2480 if (cp->disconnect)
2481 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2482 &cp->addr.bdaddr);
2483 else
2484 conn = NULL;
2485
124f6e35 2486 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2487 if (err < 0) {
2488 err = mgmt_cmd_complete(sk, hdev->id,
2489 MGMT_OP_UNPAIR_DEVICE,
2490 MGMT_STATUS_NOT_PAIRED, &rp,
2491 sizeof(rp));
2492 goto unlock;
89cbb063
AA		 2493 }
2494
ec182f03 2495 goto done;
e0b2b27e 2496 }
b0dbfb46 2497
ec182f03
JH		 2498 /* LE address type */
2499 addr_type = le_addr_type(cp->addr.type);
2500
2501 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2502
2503 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2504 if (err < 0) {
2a1afb5a
JH		 2505 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2506 MGMT_STATUS_NOT_PAIRED, &rp,
2507 sizeof(rp));
55ed8ca1
JH		 2508 goto unlock;
2509 }
2510
ec182f03
JH		 2511 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2512 if (!conn) {
2513 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2514 goto done;
2515 }
2516
c81d555a
JH		 2517 /* Abort any ongoing SMP pairing */
2518 smp_cancel_pairing(conn);
2519
ec182f03
JH		 2520 /* Defer clearing up the connection parameters until closing to
2521 * give a chance of keeping them if a repairing happens.
2522 */
2523 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2524
fc64361a
JH		 2525 /* Disable auto-connection parameters if present */
2526 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2527 if (params) {
2528 if (params->explicit_connect)
2529 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2530 else
2531 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2532 }
2533
ec182f03
JH		 2534 /* If disconnection is not requested, then clear the connection
2535 * variable so that the link is not terminated.
2536 */
2537 if (!cp->disconnect)
2538 conn = NULL;
2539
2540done:
89cbb063
AA		 2541 /* If the connection variable is set, then termination of the
2542 * link is requested.
2543 */
a8a1d19e 2544 if (!conn) {
2a1afb5a
JH		 2545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2546 &rp, sizeof(rp));
b1078ad0 2547 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2548 goto unlock;
2549 }
55ed8ca1 2550
124f6e35 2551 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2552 sizeof(*cp));
a8a1d19e
JH		 2553 if (!cmd) {
2554 err = -ENOMEM;
2555 goto unlock;
55ed8ca1
JH		 2556 }
2557
d8b7b1e4
JH		 2558 cmd->cmd_complete = addr_cmd_complete;
2559
89e0ccc8 2560 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2561 if (err < 0)
2562 mgmt_pending_remove(cmd);
2563
55ed8ca1 2564unlock:
09fd0de5 2565 hci_dev_unlock(hdev);
55ed8ca1
JH		 2566 return err;
2567}
2568
bdb6d971 2569static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2570 u16 len)
8962ee74 2571{
650f726d 2572 struct mgmt_cp_disconnect *cp = data;
06a63b19 2573 struct mgmt_rp_disconnect rp;
3b0602cd 2574 struct mgmt_pending_cmd *cmd;
8962ee74 2575 struct hci_conn *conn;
8962ee74
JH		 2576 int err;
2577
2578 BT_DBG("");
2579
06a63b19
JH		 2580 memset(&rp, 0, sizeof(rp));
2581 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2582 rp.addr.type = cp->addr.type;
2583
4ee71b20 2584 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2585 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2586 MGMT_STATUS_INVALID_PARAMS,
2587 &rp, sizeof(rp));
4ee71b20 2588
09fd0de5 2589 hci_dev_lock(hdev);
8962ee74
JH		 2590
2591 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2592 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2593 MGMT_STATUS_NOT_POWERED, &rp,
2594 sizeof(rp));
8962ee74
JH		 2595 goto failed;
2596 }
2597
333ae95d 2598 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2599 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2600 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2601 goto failed;
2602 }
2603
591f47f3 2604 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2605 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2606 &cp->addr.bdaddr);
88c3df13 2607 else
9d4c1cc1
JH		 2608 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2609 le_addr_type(cp->addr.type));
365227e5 2610
f960727e 2611 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2612 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2613 MGMT_STATUS_NOT_CONNECTED, &rp,
2614 sizeof(rp));
8962ee74
JH		 2615 goto failed;
2616 }
2617
2e58ef3e 2618 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2619 if (!cmd) {
2620 err = -ENOMEM;
8962ee74 2621 goto failed;
366a0336 2622 }
8962ee74 2623
f5818c22
JH		 2624 cmd->cmd_complete = generic_cmd_complete;
2625
e3f2f92a 2626 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2627 if (err < 0)
a664b5bc 2628 mgmt_pending_remove(cmd);
8962ee74
JH		 2629
2630failed:
09fd0de5 2631 hci_dev_unlock(hdev);
8962ee74
JH		 2632 return err;
2633}
2634
57c1477c 2635static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2636{
2637 switch (link_type) {
2638 case LE_LINK:
48264f06
JH		 2639 switch (addr_type) {
2640 case ADDR_LE_DEV_PUBLIC:
591f47f3 2641 return BDADDR_LE_PUBLIC;
0ed09148 2642
48264f06 2643 default:
0ed09148 2644 /* Fallback to LE Random address type */
591f47f3 2645 return BDADDR_LE_RANDOM;
48264f06 2646 }
0ed09148 2647
4c659c39 2648 default:
0ed09148 2649 /* Fallback to BR/EDR type */
591f47f3 2650 return BDADDR_BREDR;
4c659c39
JH		 2651 }
2652}
2653
04124681
GP		 2654static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2655 u16 data_len)
2784eb41 2656{
2784eb41 2657 struct mgmt_rp_get_connections *rp;
8035ded4 2658 struct hci_conn *c;
a38528f1 2659 size_t rp_len;
60fc5fb6
JH		 2660 int err;
2661 u16 i;
2784eb41
JH		 2662
2663 BT_DBG("");
2664
09fd0de5 2665 hci_dev_lock(hdev);
2784eb41 2666
5f97c1df 2667 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2668 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2669 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2670 goto unlock;
2671 }
2672
60fc5fb6 2673 i = 0;
b644ba33
JH		 2674 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2675 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2676 i++;
2784eb41
JH		 2677 }
2678
60fc5fb6 2679 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2680 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2681 if (!rp) {
2784eb41
JH		 2682 err = -ENOMEM;
2683 goto unlock;
2684 }
2685
2784eb41 2686 i = 0;
4c659c39 2687 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2688 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2689 continue;
4c659c39 2690 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2691 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2692 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2693 continue;
2694 i++;
2695 }
2696
eb55ef07 2697 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2698
4c659c39
JH		 2699 /* Recalculate length in case of filtered SCO connections, etc */
2700 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2701
2a1afb5a
JH		 2702 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2703 rp_len);
2784eb41 2704
a38528f1 2705 kfree(rp);
5f97c1df
JH		 2706
2707unlock:
09fd0de5 2708 hci_dev_unlock(hdev);
2784eb41
JH		 2709 return err;
2710}
2711
bdb6d971 2712static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2713 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2714{
3b0602cd 2715 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2716 int err;
2717
2e58ef3e 2718 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2719 sizeof(*cp));
96d97a67
WR		 2720 if (!cmd)
2721 return -ENOMEM;
2722
d8457698 2723 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2724 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2725 if (err < 0)
2726 mgmt_pending_remove(cmd);
2727
2728 return err;
2729}
2730
bdb6d971 2731static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2732 u16 len)
980e1a53 2733{
96d97a67 2734 struct hci_conn *conn;
650f726d 2735 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2736 struct hci_cp_pin_code_reply reply;
3b0602cd 2737 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2738 int err;
2739
2740 BT_DBG("");
2741
09fd0de5 2742 hci_dev_lock(hdev);
980e1a53 2743
4b34ee78 2744 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2745 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2746 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2747 goto failed;
2748 }
2749
d8457698 2750 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2751 if (!conn) {
a69e8375
JH		 2752 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2753 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2754 goto failed;
2755 }
2756
2757 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2758 struct mgmt_cp_pin_code_neg_reply ncp;
2759
2760 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2761
2762 BT_ERR("PIN code is not 16 bytes long");
2763
bdb6d971 2764 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2765 if (err >= 0)
a69e8375
JH		 2766 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2767 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2768
2769 goto failed;
2770 }
2771
00abfe44 2772 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2773 if (!cmd) {
2774 err = -ENOMEM;
980e1a53 2775 goto failed;
366a0336 2776 }
980e1a53 2777
7776d1d8
JH		 2778 cmd->cmd_complete = addr_cmd_complete;
2779
d8457698 2780 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2781 reply.pin_len = cp->pin_len;
24718ca5 2782 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2783
2784 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2785 if (err < 0)
a664b5bc 2786 mgmt_pending_remove(cmd);
980e1a53
JH		 2787
2788failed:
09fd0de5 2789 hci_dev_unlock(hdev);
980e1a53
JH		 2790 return err;
2791}
2792
04124681
GP		 2793static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2794 u16 len)
17fa4b9d 2795{
650f726d 2796 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2797
2798 BT_DBG("");
2799
4ec86d4c 2800 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2801 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2802 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 2803
09fd0de5 2804 hci_dev_lock(hdev);
17fa4b9d
JH		 2805
2806 hdev->io_capability = cp->io_capability;
2807
2808 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2809 hdev->io_capability);
17fa4b9d 2810
09fd0de5 2811 hci_dev_unlock(hdev);
17fa4b9d 2812
2a1afb5a
JH		 2813 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2814 NULL, 0);
17fa4b9d
JH		 2815}
2816
3b0602cd 2817static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2818{
2819 struct hci_dev *hdev = conn->hdev;
3b0602cd 2820 struct mgmt_pending_cmd *cmd;
e9a416b5 2821
2e58ef3e 2822 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2823 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2824 continue;
2825
e9a416b5
JH		 2826 if (cmd->user_data != conn)
2827 continue;
2828
2829 return cmd;
2830 }
2831
2832 return NULL;
2833}
2834
3b0602cd 2835static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2836{
2837 struct mgmt_rp_pair_device rp;
2838 struct hci_conn *conn = cmd->user_data;
9df74653 2839 int err;
e9a416b5 2840
61b1a7fb
JH		 2841 bacpy(&rp.addr.bdaddr, &conn->dst);
2842 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2843
2a1afb5a
JH		 2844 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2845 status, &rp, sizeof(rp));
e9a416b5
JH		 2846
2847 /* So we don't get further callbacks for this connection */
2848 conn->connect_cfm_cb = NULL;
2849 conn->security_cfm_cb = NULL;
2850 conn->disconn_cfm_cb = NULL;
2851
76a68ba0 2852 hci_conn_drop(conn);
89cbb063
AA		 2853
2854 /* The device is paired so there is no need to remove
2855 * its connection parameters anymore.
2856 */
2857 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2858
2859 hci_conn_put(conn);
9df74653
JH		 2860
2861 return err;
e9a416b5
JH		 2862}
2863
f4a407be
JH		 2864void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2865{
2866 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2867 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2868
2869 cmd = find_pairing(conn);
a511b35b 2870 if (cmd) {
04ab2749 2871 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2872 mgmt_pending_remove(cmd);
2873 }
f4a407be
JH		 2874}
2875
e9a416b5
JH		 2876static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2877{
3b0602cd 2878 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2879
2880 BT_DBG("status %u", status);
2881
2882 cmd = find_pairing(conn);
a511b35b 2883 if (!cmd) {
e9a416b5 2884 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2885 return;
2886 }
2887
2888 cmd->cmd_complete(cmd, mgmt_status(status));
2889 mgmt_pending_remove(cmd);
e9a416b5
JH		 2890}
2891
f4a407be 2892static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2893{
3b0602cd 2894 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2895
2896 BT_DBG("status %u", status);
2897
2898 if (!status)
2899 return;
2900
2901 cmd = find_pairing(conn);
a511b35b 2902 if (!cmd) {
4c47d739 2903 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2904 return;
2905 }
2906
2907 cmd->cmd_complete(cmd, mgmt_status(status));
2908 mgmt_pending_remove(cmd);
4c47d739
VA		 2909}
2910
bdb6d971 2911static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2912 u16 len)
e9a416b5 2913{
650f726d 2914 struct mgmt_cp_pair_device *cp = data;
1425acb7 2915 struct mgmt_rp_pair_device rp;
3b0602cd 2916 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2917 u8 sec_level, auth_type;
2918 struct hci_conn *conn;
e9a416b5
JH		 2919 int err;
2920
2921 BT_DBG("");
2922
f950a30e
SJ		 2923 memset(&rp, 0, sizeof(rp));
2924 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2925 rp.addr.type = cp->addr.type;
2926
4ee71b20 2927 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2928 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2929 MGMT_STATUS_INVALID_PARAMS,
2930 &rp, sizeof(rp));
4ee71b20 2931
4ec86d4c 2932 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2933 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2934 MGMT_STATUS_INVALID_PARAMS,
2935 &rp, sizeof(rp));
4ec86d4c 2936
09fd0de5 2937 hci_dev_lock(hdev);
e9a416b5 2938
5f97c1df 2939 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2940 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2941 MGMT_STATUS_NOT_POWERED, &rp,
2942 sizeof(rp));
5f97c1df
JH		 2943 goto unlock;
2944 }
2945
55e76b38
JH		 2946 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2947 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2948 MGMT_STATUS_ALREADY_PAIRED, &rp,
2949 sizeof(rp));
2950 goto unlock;
2951 }
2952
c908df36 2953 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2954 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2955
6f77d8c7 2956 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2957 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2958 auth_type);
6f77d8c7 2959 } else {
85813a7e 2960 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2961 struct hci_conn_params *p;
6f77d8c7 2962
7c264b10
MH		 2963 /* When pairing a new device, it is expected to remember
2964 * this device for future connections. Adding the connection
2965 * parameter information ahead of time allows tracking
2966 * of the slave preferred values and will speed up any
2967 * further connection establishment.
2968 *
2969 * If connection parameters already exist, then they
2970 * will be kept and this function does nothing.
2971 */
5157b8a5
JP		 2972 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2973
2974 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2975 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2976
fa142220
JP		 2977 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2978 addr_type, sec_level,
0ad06aa6 2979 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2980 }
7a512d01 2981
30e76272 2982 if (IS_ERR(conn)) {
489dc48e
AK		 2983 int status;
2984
2985 if (PTR_ERR(conn) == -EBUSY)
2986 status = MGMT_STATUS_BUSY;
faa81030
LR		 2987 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2988 status = MGMT_STATUS_NOT_SUPPORTED;
2989 else if (PTR_ERR(conn) == -ECONNREFUSED)
2990 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2991 else
2992 status = MGMT_STATUS_CONNECT_FAILED;
2993
2a1afb5a
JH		 2994 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2995 status, &rp, sizeof(rp));
e9a416b5
JH		 2996 goto unlock;
2997 }
2998
2999 if (conn->connect_cfm_cb) {
76a68ba0 3000 hci_conn_drop(conn);
2a1afb5a
JH		 3001 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3002 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3003 goto unlock;
3004 }
3005
2e58ef3e 3006 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3007 if (!cmd) {
3008 err = -ENOMEM;
76a68ba0 3009 hci_conn_drop(conn);
e9a416b5
JH		 3010 goto unlock;
3011 }
3012
04ab2749
JH		 3013 cmd->cmd_complete = pairing_complete;
3014
7a512d01 3015 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3016 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3017 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3018 conn->security_cfm_cb = pairing_complete_cb;
3019 conn->disconn_cfm_cb = pairing_complete_cb;
3020 } else {
3021 conn->connect_cfm_cb = le_pairing_complete_cb;
3022 conn->security_cfm_cb = le_pairing_complete_cb;
3023 conn->disconn_cfm_cb = le_pairing_complete_cb;
3024 }
7a512d01 3025
e9a416b5 3026 conn->io_capability = cp->io_cap;
f8aaf9b6 3027 cmd->user_data = hci_conn_get(conn);
e9a416b5 3028
6f78fd4b 3029 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3030 hci_conn_security(conn, sec_level, auth_type, true)) {
3031 cmd->cmd_complete(cmd, 0);
3032 mgmt_pending_remove(cmd);
3033 }
e9a416b5
JH		 3034
3035 err = 0;
3036
3037unlock:
09fd0de5 3038 hci_dev_unlock(hdev);
e9a416b5
JH		 3039 return err;
3040}
3041
04124681
GP		 3042static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3043 u16 len)
28424707 3044{
0f4e68cf 3045 struct mgmt_addr_info *addr = data;
3b0602cd 3046 struct mgmt_pending_cmd *cmd;
28424707
JH		 3047 struct hci_conn *conn;
3048 int err;
3049
3050 BT_DBG("");
3051
28424707
JH		 3052 hci_dev_lock(hdev);
3053
5f97c1df 3054 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3055 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3056 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3057 goto unlock;
3058 }
3059
333ae95d 3060 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3061 if (!cmd) {
a69e8375
JH		 3062 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3063 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3064 goto unlock;
3065 }
3066
3067 conn = cmd->user_data;
3068
3069 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3070 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3071 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3072 goto unlock;
3073 }
3074
a511b35b
JH		 3075 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3076 mgmt_pending_remove(cmd);
28424707 3077
2a1afb5a
JH		 3078 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3079 addr, sizeof(*addr));
28424707
JH		 3080unlock:
3081 hci_dev_unlock(hdev);
28424707
JH		 3082 return err;
3083}
3084
bdb6d971 3085static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3086 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3087 u16 hci_op, __le32 passkey)
a5c29683 3088{
3b0602cd 3089 struct mgmt_pending_cmd *cmd;
0df4c185 3090 struct hci_conn *conn;
a5c29683
JH		 3091 int err;
3092
09fd0de5 3093 hci_dev_lock(hdev);
08ba5382 3094
4b34ee78 3095 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3096 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3097 MGMT_STATUS_NOT_POWERED, addr,
3098 sizeof(*addr));
0df4c185 3099 goto done;
a5c29683
JH		 3100 }
3101
1707c60e
JH		 3102 if (addr->type == BDADDR_BREDR)
3103 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3104 else
9d4c1cc1
JH		 3105 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3106 le_addr_type(addr->type));
272d90df
JH		 3107
3108 if (!conn) {
2a1afb5a
JH		 3109 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3110 MGMT_STATUS_NOT_CONNECTED, addr,
3111 sizeof(*addr));
272d90df
JH		 3112 goto done;
3113 }
47c15e2b 3114
1707c60e 3115 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3116 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3117 if (!err)
2a1afb5a
JH		 3118 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3119 MGMT_STATUS_SUCCESS, addr,
3120 sizeof(*addr));
5fe57d9e 3121 else
2a1afb5a
JH		 3122 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3123 MGMT_STATUS_FAILED, addr,
3124 sizeof(*addr));
47c15e2b 3125
47c15e2b
BG		 3126 goto done;
3127 }
3128
1707c60e 3129 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3130 if (!cmd) {
3131 err = -ENOMEM;
0df4c185 3132 goto done;
a5c29683
JH		 3133 }
3134
7776d1d8
JH		 3135 cmd->cmd_complete = addr_cmd_complete;
3136
0df4c185 3137 /* Continue with pairing via HCI */
604086b7
BG		 3138 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3139 struct hci_cp_user_passkey_reply cp;
3140
1707c60e 3141 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3142 cp.passkey = passkey;
3143 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3144 } else
1707c60e
JH		 3145 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3146 &addr->bdaddr);
604086b7 3147
a664b5bc
JH		 3148 if (err < 0)
3149 mgmt_pending_remove(cmd);
a5c29683 3150
0df4c185 3151done:
09fd0de5 3152 hci_dev_unlock(hdev);
a5c29683
JH		 3153 return err;
3154}
3155
afeb019d
JK		 3156static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3157 void *data, u16 len)
3158{
3159 struct mgmt_cp_pin_code_neg_reply *cp = data;
3160
3161 BT_DBG("");
3162
1707c60e 3163 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3164 MGMT_OP_PIN_CODE_NEG_REPLY,
3165 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3166}
3167
04124681
GP		 3168static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3169 u16 len)
0df4c185 3170{
650f726d 3171 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3172
3173 BT_DBG("");
3174
3175 if (len != sizeof(*cp))
a69e8375
JH		 3176 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3177 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3178
1707c60e 3179 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3180 MGMT_OP_USER_CONFIRM_REPLY,
3181 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3182}
3183
bdb6d971 3184static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3185 void *data, u16 len)
0df4c185 3186{
c9c2659f 3187 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3188
3189 BT_DBG("");
3190
1707c60e 3191 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3192 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3193 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3194}
3195
04124681
GP		 3196static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3197 u16 len)
604086b7 3198{
650f726d 3199 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3200
3201 BT_DBG("");
3202
1707c60e 3203 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3204 MGMT_OP_USER_PASSKEY_REPLY,
3205 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3206}
3207
bdb6d971 3208static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3209 void *data, u16 len)
604086b7 3210{
650f726d 3211 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3212
3213 BT_DBG("");
3214
1707c60e 3215 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3216 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3217 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3218}
3219
13928971 3220static void update_name(struct hci_request *req)
2b4bf397 3221{
13928971 3222 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3223 struct hci_cp_write_local_name cp;
3224
13928971 3225 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3226
890ea898 3227 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3228}
3229
1904a853 3230static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3231{
3232 struct mgmt_cp_set_local_name *cp;
3b0602cd 3233 struct mgmt_pending_cmd *cmd;
13928971
JH		 3234
3235 BT_DBG("status 0x%02x", status);
3236
3237 hci_dev_lock(hdev);
3238
333ae95d 3239 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3240 if (!cmd)
3241 goto unlock;
3242
3243 cp = cmd->param;
3244
3245 if (status)
a69e8375
JH		 3246 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3247 mgmt_status(status));
13928971 3248 else
2a1afb5a
JH		 3249 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3250 cp, sizeof(*cp));
13928971
JH		 3251
3252 mgmt_pending_remove(cmd);
3253
3254unlock:
3255 hci_dev_unlock(hdev);
3256}
3257
bdb6d971 3258static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3259 u16 len)
b312b161 3260{
2b4bf397 3261 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3262 struct mgmt_pending_cmd *cmd;
890ea898 3263 struct hci_request req;
b312b161
JH		 3264 int err;
3265
3266 BT_DBG("");
3267
09fd0de5 3268 hci_dev_lock(hdev);
b312b161 3269
b3f2ca94
JH		 3270 /* If the old values are the same as the new ones just return a
3271 * direct command complete event.
3272 */
3273 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3274 !memcmp(hdev->short_name, cp->short_name,
3275 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3276 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3277 data, len);
b3f2ca94
JH		 3278 goto failed;
3279 }
3280
2b4bf397 3281 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3282
b5235a65 3283 if (!hdev_is_powered(hdev)) {
2b4bf397 3284 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3285
2a1afb5a
JH		 3286 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3287 data, len);
28cc7bde
JH		 3288 if (err < 0)
3289 goto failed;
3290
f6b7712e
MH		 3291 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3292 data, len, sk);
28cc7bde 3293
b5235a65
JH		 3294 goto failed;
3295 }
3296
28cc7bde 3297 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3298 if (!cmd) {
3299 err = -ENOMEM;
3300 goto failed;
3301 }
3302
13928971
JH		 3303 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3304
890ea898 3305 hci_req_init(&req, hdev);
3f985050
JH		 3306
3307 if (lmp_bredr_capable(hdev)) {
3308 update_name(&req);
3309 update_eir(&req);
3310 }
3311
7a5f4990
MH		 3312 /* The name is stored in the scan response data and so
3313 * no need to udpate the advertising data here.
3314 */
3f985050 3315 if (lmp_le_capable(hdev))
f2252570 3316 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
3f985050 3317
13928971 3318 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3319 if (err < 0)
3320 mgmt_pending_remove(cmd);
3321
3322failed:
09fd0de5 3323 hci_dev_unlock(hdev);
b312b161
JH		 3324 return err;
3325}
3326
1b9441f8
JH		 3327static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3328 u16 opcode, struct sk_buff *skb)
3329{
3330 struct mgmt_rp_read_local_oob_data mgmt_rp;
3331 size_t rp_size = sizeof(mgmt_rp);
3332 struct mgmt_pending_cmd *cmd;
3333
3334 BT_DBG("%s status %u", hdev->name, status);
3335
3336 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3337 if (!cmd)
3338 return;
3339
3340 if (status || !skb) {
3341 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3342 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3343 goto remove;
3344 }
3345
3346 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3347
3348 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3349 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3350
3351 if (skb->len < sizeof(*rp)) {
3352 mgmt_cmd_status(cmd->sk, hdev->id,
3353 MGMT_OP_READ_LOCAL_OOB_DATA,
3354 MGMT_STATUS_FAILED);
3355 goto remove;
3356 }
3357
3358 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3359 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3360
3361 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3362 } else {
3363 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3364
3365 if (skb->len < sizeof(*rp)) {
3366 mgmt_cmd_status(cmd->sk, hdev->id,
3367 MGMT_OP_READ_LOCAL_OOB_DATA,
3368 MGMT_STATUS_FAILED);
3369 goto remove;
3370 }
3371
3372 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3373 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3374
3375 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3376 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3377 }
3378
3379 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3380 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3381
3382remove:
3383 mgmt_pending_remove(cmd);
3384}
3385
0f4e68cf 3386static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3387 void *data, u16 data_len)
c35938b2 3388{
3b0602cd 3389 struct mgmt_pending_cmd *cmd;
1b9441f8 3390 struct hci_request req;
c35938b2
SJ		 3391 int err;
3392
bdb6d971 3393 BT_DBG("%s", hdev->name);
c35938b2 3394
09fd0de5 3395 hci_dev_lock(hdev);
c35938b2 3396
4b34ee78 3397 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3398 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3399 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3400 goto unlock;
3401 }
3402
9a1a1996 3403 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3404 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3405 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3406 goto unlock;
3407 }
3408
333ae95d 3409 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3410 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3411 MGMT_STATUS_BUSY);
c35938b2
SJ		 3412 goto unlock;
3413 }
3414
2e58ef3e 3415 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3416 if (!cmd) {
3417 err = -ENOMEM;
3418 goto unlock;
3419 }
3420
1b9441f8
JH		 3421 hci_req_init(&req, hdev);
3422
710f11c0 3423 if (bredr_sc_enabled(hdev))
1b9441f8 3424 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3425 else
1b9441f8 3426 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3427
1b9441f8 3428 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3429 if (err < 0)
3430 mgmt_pending_remove(cmd);
3431
3432unlock:
09fd0de5 3433 hci_dev_unlock(hdev);
c35938b2
SJ		 3434 return err;
3435}
3436
bdb6d971 3437static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3438 void *data, u16 len)
2763eda6 3439{
5d57e796 3440 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3441 int err;
3442
bdb6d971 3443 BT_DBG("%s ", hdev->name);
2763eda6 3444
5d57e796 3445 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3446 return mgmt_cmd_complete(sk, hdev->id,
3447 MGMT_OP_ADD_REMOTE_OOB_DATA,
3448 MGMT_STATUS_INVALID_PARAMS,
3449 addr, sizeof(*addr));
5d57e796 3450
09fd0de5 3451 hci_dev_lock(hdev);
2763eda6 3452
ec109113
MH		 3453 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3454 struct mgmt_cp_add_remote_oob_data *cp = data;
3455 u8 status;
bf1e3541 3456
c19a495c 3457 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3458 err = mgmt_cmd_complete(sk, hdev->id,
3459 MGMT_OP_ADD_REMOTE_OOB_DATA,
3460 MGMT_STATUS_INVALID_PARAMS,
3461 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3462 goto unlock;
3463 }
3464
ec109113 3465 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3466 cp->addr.type, cp->hash,
3467 cp->rand, NULL, NULL);
ec109113
MH		 3468 if (err < 0)
3469 status = MGMT_STATUS_FAILED;
3470 else
3471 status = MGMT_STATUS_SUCCESS;
3472
2a1afb5a
JH		 3473 err = mgmt_cmd_complete(sk, hdev->id,
3474 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3475 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3476 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3477 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3478 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3479 u8 status;
3480
86df9200 3481 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3482 /* Enforce zero-valued 192-bit parameters as
3483 * long as legacy SMP OOB isn't implemented.
3484 */
3485 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3486 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3487 err = mgmt_cmd_complete(sk, hdev->id,
3488 MGMT_OP_ADD_REMOTE_OOB_DATA,
3489 MGMT_STATUS_INVALID_PARAMS,
3490 addr, sizeof(*addr));
d25b78e2
JH		 3491 goto unlock;
3492 }
3493
86df9200
JH		 3494 rand192 = NULL;
3495 hash192 = NULL;
3496 } else {
41bcfd50
MH		 3497 /* In case one of the P-192 values is set to zero,
3498 * then just disable OOB data for P-192.
3499 */
3500 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3501 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3502 rand192 = NULL;
3503 hash192 = NULL;
3504 } else {
3505 rand192 = cp->rand192;
3506 hash192 = cp->hash192;
3507 }
3508 }
3509
3510 /* In case one of the P-256 values is set to zero, then just
3511 * disable OOB data for P-256.
3512 */
3513 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3514 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3515 rand256 = NULL;
3516 hash256 = NULL;
3517 } else {
3518 rand256 = cp->rand256;
3519 hash256 = cp->hash256;
86df9200
JH		 3520 }
3521
81328d5c 3522 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3523 cp->addr.type, hash192, rand192,
41bcfd50 3524 hash256, rand256);
ec109113
MH		 3525 if (err < 0)
3526 status = MGMT_STATUS_FAILED;
3527 else
3528 status = MGMT_STATUS_SUCCESS;
3529
2a1afb5a
JH		 3530 err = mgmt_cmd_complete(sk, hdev->id,
3531 MGMT_OP_ADD_REMOTE_OOB_DATA,
3532 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3533 } else {
3534 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3535 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3536 MGMT_STATUS_INVALID_PARAMS);
ec109113 3537 }
2763eda6 3538
c19a495c 3539unlock:
09fd0de5 3540 hci_dev_unlock(hdev);
2763eda6
SJ		 3541 return err;
3542}
3543
bdb6d971 3544static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3545 void *data, u16 len)
2763eda6 3546{
650f726d 3547 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3548 u8 status;
2763eda6
SJ		 3549 int err;
3550
bdb6d971 3551 BT_DBG("%s", hdev->name);
2763eda6 3552
c19a495c 3553 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3554 return mgmt_cmd_complete(sk, hdev->id,
3555 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3556 MGMT_STATUS_INVALID_PARAMS,
3557 &cp->addr, sizeof(cp->addr));
c19a495c 3558
09fd0de5 3559 hci_dev_lock(hdev);
2763eda6 3560
eedbd581
JH		 3561 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3562 hci_remote_oob_data_clear(hdev);
3563 status = MGMT_STATUS_SUCCESS;
3564 goto done;
3565 }
3566
6928a924 3567 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3568 if (err < 0)
bf1e3541 3569 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3570 else
a6785be2 3571 status = MGMT_STATUS_SUCCESS;
bf1e3541 3572
eedbd581 3573done:
2a1afb5a
JH		 3574 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3575 status, &cp->addr, sizeof(cp->addr));
2763eda6 3576
09fd0de5 3577 hci_dev_unlock(hdev);
2763eda6
SJ		 3578 return err;
3579}
3580
e68f072b 3581void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3582{
3b0602cd 3583 struct mgmt_pending_cmd *cmd;
ae55f598 3584
7c307720
AG		 3585 BT_DBG("status %d", status);
3586
11e6e25d 3587 hci_dev_lock(hdev);
41dc2bd6 3588
333ae95d 3589 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3590 if (!cmd)
333ae95d 3591 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3592
11e6e25d 3593 if (cmd) {
2922a94f 3594 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3595 mgmt_pending_remove(cmd);
3596 }
7c307720 3597
11e6e25d 3598 hci_dev_unlock(hdev);
7c307720
AG		 3599}
3600
591752af
JH		 3601static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3602 uint8_t *mgmt_status)
3603{
3604 switch (type) {
3605 case DISCOV_TYPE_LE:
3606 *mgmt_status = mgmt_le_support(hdev);
3607 if (*mgmt_status)
3608 return false;
3609 break;
3610 case DISCOV_TYPE_INTERLEAVED:
3611 *mgmt_status = mgmt_le_support(hdev);
3612 if (*mgmt_status)
3613 return false;
3614 /* Intentional fall-through */
3615 case DISCOV_TYPE_BREDR:
3616 *mgmt_status = mgmt_bredr_support(hdev);
3617 if (*mgmt_status)
3618 return false;
3619 break;
3620 default:
3621 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3622 return false;
3623 }
3624
3625 return true;
3626}
3627
bdb6d971 3628static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3629 void *data, u16 len)
14a53664 3630{
650f726d 3631 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3632 struct mgmt_pending_cmd *cmd;
8019044d 3633 u8 status;
14a53664
JH		 3634 int err;
3635
bdb6d971 3636 BT_DBG("%s", hdev->name);
14a53664 3637
09fd0de5 3638 hci_dev_lock(hdev);
14a53664 3639
4b34ee78 3640 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3641 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3642 MGMT_STATUS_NOT_POWERED,
3643 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3644 goto failed;
3645 }
3646
f5a969f2 3647 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3648 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3649 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3650 MGMT_STATUS_BUSY, &cp->type,
3651 sizeof(cp->type));
642be6c7
AG		 3652 goto failed;
3653 }
3654
591752af
JH		 3655 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3656 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3657 status, &cp->type, sizeof(cp->type));
3658 goto failed;
3659 }
3660
22078800
MH		 3661 /* Clear the discovery filter first to free any previously
3662 * allocated memory for the UUID list.
3663 */
3664 hci_discovery_filter_clear(hdev);
3665
4aab14e5 3666 hdev->discovery.type = cp->type;
da25cf6a 3667 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3668
e68f072b
JH		 3669 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3670 if (!cmd) {
3671 err = -ENOMEM;
04106755 3672 goto failed;
f39799f5 3673 }
04106755 3674
e68f072b 3675 cmd->cmd_complete = generic_cmd_complete;
7c307720 3676
f5a969f2 3677 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3678 queue_work(hdev->req_workqueue, &hdev->discov_update);
3679 err = 0;
7c307720 3680
14a53664 3681failed:
09fd0de5 3682 hci_dev_unlock(hdev);
14a53664
JH		 3683 return err;
3684}
f39799f5 3685
3b0602cd
JH		 3686static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3687 u8 status)
2922a94f 3688{
2a1afb5a
JH		 3689 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3690 cmd->param, 1);
2922a94f 3691}
04106755 3692
66ea9427
JP		 3693static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3694 void *data, u16 len)
3695{
3696 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3697 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3698 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3699 u16 uuid_count, expected_len;
3700 u8 status;
3701 int err;
04106755 3702
66ea9427 3703 BT_DBG("%s", hdev->name);
e8bb6b97 3704
66ea9427 3705 hci_dev_lock(hdev);
7c307720 3706
66ea9427 3707 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3708 err = mgmt_cmd_complete(sk, hdev->id,
3709 MGMT_OP_START_SERVICE_DISCOVERY,
3710 MGMT_STATUS_NOT_POWERED,
3711 &cp->type, sizeof(cp->type));
66ea9427
JP		 3712 goto failed;
3713 }
7c307720 3714
66ea9427 3715 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3716 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3717 err = mgmt_cmd_complete(sk, hdev->id,
3718 MGMT_OP_START_SERVICE_DISCOVERY,
3719 MGMT_STATUS_BUSY, &cp->type,
3720 sizeof(cp->type));
66ea9427
JP		 3721 goto failed;
3722 }
d9483943 3723
66ea9427
JP		 3724 uuid_count = __le16_to_cpu(cp->uuid_count);
3725 if (uuid_count > max_uuid_count) {
3726 BT_ERR("service_discovery: too big uuid_count value %u",
3727 uuid_count);
2a1afb5a
JH		 3728 err = mgmt_cmd_complete(sk, hdev->id,
3729 MGMT_OP_START_SERVICE_DISCOVERY,
3730 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3731 sizeof(cp->type));
66ea9427
JP		 3732 goto failed;
3733 }
3734
3735 expected_len = sizeof(*cp) + uuid_count * 16;
3736 if (expected_len != len) {
3737 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3738 expected_len, len);
2a1afb5a
JH		 3739 err = mgmt_cmd_complete(sk, hdev->id,
3740 MGMT_OP_START_SERVICE_DISCOVERY,
3741 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3742 sizeof(cp->type));
66ea9427
JP		 3743 goto failed;
3744 }
3745
591752af
JH		 3746 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3747 err = mgmt_cmd_complete(sk, hdev->id,
3748 MGMT_OP_START_SERVICE_DISCOVERY,
3749 status, &cp->type, sizeof(cp->type));
3750 goto failed;
3751 }
3752
66ea9427 3753 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3754 hdev, data, len);
66ea9427
JP		 3755 if (!cmd) {
3756 err = -ENOMEM;
3757 goto failed;
3758 }
3759
2922a94f
JH		 3760 cmd->cmd_complete = service_discovery_cmd_complete;
3761
22078800
MH		 3762 /* Clear the discovery filter first to free any previously
3763 * allocated memory for the UUID list.
3764 */
3765 hci_discovery_filter_clear(hdev);
3766
82f8b651 3767 hdev->discovery.result_filtering = true;
66ea9427
JP		 3768 hdev->discovery.type = cp->type;
3769 hdev->discovery.rssi = cp->rssi;
3770 hdev->discovery.uuid_count = uuid_count;
3771
3772 if (uuid_count > 0) {
3773 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3774 GFP_KERNEL);
3775 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 3776 err = mgmt_cmd_complete(sk, hdev->id,
3777 MGMT_OP_START_SERVICE_DISCOVERY,
3778 MGMT_STATUS_FAILED,
3779 &cp->type, sizeof(cp->type));
d9483943
JH		 3780 mgmt_pending_remove(cmd);
3781 goto failed;
3782 }
66ea9427 3783 }
d9483943 3784
66ea9427 3785 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3786 queue_work(hdev->req_workqueue, &hdev->discov_update);
3787 err = 0;
14a53664
JH		 3788
3789failed:
09fd0de5 3790 hci_dev_unlock(hdev);
14a53664
JH		 3791 return err;
3792}
3793
2154d3f4 3794void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 3795{
3b0602cd 3796 struct mgmt_pending_cmd *cmd;
1183fdca 3797
0e05bba6
AG		 3798 BT_DBG("status %d", status);
3799
3800 hci_dev_lock(hdev);
3801
333ae95d 3802 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 3803 if (cmd) {
2922a94f 3804 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 3805 mgmt_pending_remove(cmd);
0e05bba6
AG		 3806 }
3807
0e05bba6
AG		 3808 hci_dev_unlock(hdev);
3809}
3810
bdb6d971 3811static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3812 u16 len)
14a53664 3813{
d930650b 3814 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 3815 struct mgmt_pending_cmd *cmd;
14a53664
JH		 3816 int err;
3817
bdb6d971 3818 BT_DBG("%s", hdev->name);
14a53664 3819
09fd0de5 3820 hci_dev_lock(hdev);
14a53664 3821
30dc78e1 3822 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3823 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3824 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3825 sizeof(mgmt_cp->type));
d930650b
JH		 3826 goto unlock;
3827 }
3828
3829 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 3830 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3831 MGMT_STATUS_INVALID_PARAMS,
3832 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 3833 goto unlock;
ff9ef578
JH		 3834 }
3835
2922a94f 3836 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 3837 if (!cmd) {
3838 err = -ENOMEM;
30dc78e1
JH		 3839 goto unlock;
3840 }
3841
2922a94f
JH		 3842 cmd->cmd_complete = generic_cmd_complete;
3843
2154d3f4
JH		 3844 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3845 queue_work(hdev->req_workqueue, &hdev->discov_update);
3846 err = 0;
14a53664 3847
30dc78e1 3848unlock:
09fd0de5 3849 hci_dev_unlock(hdev);
14a53664
JH		 3850 return err;
3851}
3852
bdb6d971 3853static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3854 u16 len)
561aafbc 3855{
650f726d 3856 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3857 struct inquiry_entry *e;
561aafbc
JH		 3858 int err;
3859
bdb6d971 3860 BT_DBG("%s", hdev->name);
561aafbc 3861
561aafbc
JH		 3862 hci_dev_lock(hdev);
3863
30dc78e1 3864 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3865 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3866 MGMT_STATUS_FAILED, &cp->addr,
3867 sizeof(cp->addr));
30dc78e1
JH		 3868 goto failed;
3869 }
3870
a198e7b1 3871 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3872 if (!e) {
2a1afb5a
JH		 3873 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3874 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3875 sizeof(cp->addr));
561aafbc
JH		 3876 goto failed;
3877 }
3878
3879 if (cp->name_known) {
3880 e->name_state = NAME_KNOWN;
3881 list_del(&e->list);
3882 } else {
3883 e->name_state = NAME_NEEDED;
a3d4e20a 3884 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3885 }
3886
2a1afb5a
JH		 3887 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3888 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 3889
3890failed:
3891 hci_dev_unlock(hdev);
561aafbc
JH		 3892 return err;
3893}
3894
bdb6d971 3895static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3896 u16 len)
7fbec224 3897{
650f726d 3898 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3899 u8 status;
7fbec224
AJ		 3900 int err;
3901
bdb6d971 3902 BT_DBG("%s", hdev->name);
7fbec224 3903
4ee71b20 3904 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3905 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3906 MGMT_STATUS_INVALID_PARAMS,
3907 &cp->addr, sizeof(cp->addr));
4ee71b20 3908
09fd0de5 3909 hci_dev_lock(hdev);
5e762444 3910
dcc36c16
JH		 3911 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3912 cp->addr.type);
2a8357f2 3913 if (err < 0) {
f0eeea8b 3914 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3915 goto done;
3916 }
3917
3918 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3919 sk);
3920 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3921
2a8357f2 3922done:
2a1afb5a
JH		 3923 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3924 &cp->addr, sizeof(cp->addr));
5e762444 3925
09fd0de5 3926 hci_dev_unlock(hdev);
7fbec224
AJ		 3927
3928 return err;
3929}
3930
bdb6d971 3931static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3932 u16 len)
7fbec224 3933{
650f726d 3934 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3935 u8 status;
7fbec224
AJ		 3936 int err;
3937
bdb6d971 3938 BT_DBG("%s", hdev->name);
7fbec224 3939
4ee71b20 3940 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3941 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3942 MGMT_STATUS_INVALID_PARAMS,
3943 &cp->addr, sizeof(cp->addr));
4ee71b20 3944
09fd0de5 3945 hci_dev_lock(hdev);
5e762444 3946
dcc36c16
JH		 3947 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3948 cp->addr.type);
2a8357f2 3949 if (err < 0) {
f0eeea8b 3950 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3951 goto done;
3952 }
3953
3954 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3955 sk);
3956 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3957
2a8357f2 3958done:
2a1afb5a
JH		 3959 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3960 &cp->addr, sizeof(cp->addr));
5e762444 3961
09fd0de5 3962 hci_dev_unlock(hdev);
7fbec224
AJ		 3963
3964 return err;
3965}
3966
cdbaccca
MH		 3967static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3968 u16 len)
3969{
3970 struct mgmt_cp_set_device_id *cp = data;
890ea898 3971 struct hci_request req;
cdbaccca 3972 int err;
c72d4b8a 3973 __u16 source;
cdbaccca
MH		 3974
3975 BT_DBG("%s", hdev->name);
3976
c72d4b8a
SJ		 3977 source = __le16_to_cpu(cp->source);
3978
3979 if (source > 0x0002)
a69e8375
JH		 3980 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3981 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 3982
cdbaccca
MH		 3983 hci_dev_lock(hdev);
3984
c72d4b8a 3985 hdev->devid_source = source;
cdbaccca
MH		 3986 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3987 hdev->devid_product = __le16_to_cpu(cp->product);
3988 hdev->devid_version = __le16_to_cpu(cp->version);
3989
2a1afb5a
JH		 3990 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3991 NULL, 0);
cdbaccca 3992
890ea898
JH		 3993 hci_req_init(&req, hdev);
3994 update_eir(&req);
3995 hci_req_run(&req, NULL);
cdbaccca
MH		 3996
3997 hci_dev_unlock(hdev);
3998
3999 return err;
4000}
4001
24b4f38f
AU		 4002static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4003 u16 opcode)
4004{
4005 BT_DBG("status %d", status);
4006}
4007
1904a853
MH		 4008static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4009 u16 opcode)
4375f103
JH		 4010{
4011 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4012 struct hci_request req;
7816b820
FG		 4013 u8 instance;
4014 struct adv_info *adv_instance;
4015 int err;
4375f103 4016
3ad67582
JK		 4017 hci_dev_lock(hdev);
4018
4375f103
JH		 4019 if (status) {
4020 u8 mgmt_err = mgmt_status(status);
4021
4022 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4023 cmd_status_rsp, &mgmt_err);
3ad67582 4024 goto unlock;
4375f103
JH		 4025 }
4026
d7a5a11d 4027 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4028 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4029 else
a358dc11 4030 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4031
4375f103
JH		 4032 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4033 &match);
4034
4035 new_settings(hdev, match.sk);
4036
4037 if (match.sk)
4038 sock_put(match.sk);
3ad67582 4039
24b4f38f 4040 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 4041 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 4042 */
4043 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820
FG		 4044 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
4045 list_empty(&hdev->adv_instances))
24b4f38f
AU		 4046 goto unlock;
4047
7816b820
FG		 4048 instance = hdev->cur_adv_instance;
4049 if (!instance) {
4050 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4051 struct adv_info, list);
4052 if (!adv_instance)
4053 goto unlock;
4054
4055 instance = adv_instance->instance;
4056 }
4057
24b4f38f
AU		 4058 hci_req_init(&req, hdev);
4059
f2252570 4060 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 4061
4062 if (!err)
4063 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 4064
7816b820 4065 if (err)
24b4f38f
AU		 4066 BT_ERR("Failed to re-configure advertising");
4067
3ad67582
JK		 4068unlock:
4069 hci_dev_unlock(hdev);
4375f103
JH		 4070}
4071
21b5187f
MH		 4072static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4073 u16 len)
4375f103
JH		 4074{
4075 struct mgmt_mode *cp = data;
3b0602cd 4076 struct mgmt_pending_cmd *cmd;
4375f103 4077 struct hci_request req;
cc91cb04 4078 u8 val, status;
4375f103
JH		 4079 int err;
4080
4081 BT_DBG("request for %s", hdev->name);
4082
e6fe7986
JH		 4083 status = mgmt_le_support(hdev);
4084 if (status)
a69e8375
JH		 4085 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4086 status);
4375f103 4087
cc91cb04 4088 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4089 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4090 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4091
4092 hci_dev_lock(hdev);
4093
4094 val = !!cp->val;
4375f103 4095
f74ca9b8
JH		 4096 /* The following conditions are ones which mean that we should
4097 * not do any HCI communication but directly send a mgmt
4098 * response to user space (after toggling the flag if
4099 * necessary).
4100 */
cc91cb04 4101 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4102 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4103 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4104 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4105 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4106 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4107 bool changed;
4375f103 4108
cc91cb04 4109 if (cp->val) {
238be788 4110 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4111 if (cp->val == 0x02)
a1536da2 4112 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4113 else
a358dc11 4114 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4115 } else {
a69d8927 4116 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4117 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4118 }
4119
4120 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4121 if (err < 0)
4122 goto unlock;
4123
4124 if (changed)
4125 err = new_settings(hdev, sk);
4126
4127 goto unlock;
4128 }
4129
333ae95d
JH		 4130 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4131 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4132 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4133 MGMT_STATUS_BUSY);
4375f103
JH		 4134 goto unlock;
4135 }
4136
4137 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4138 if (!cmd) {
4139 err = -ENOMEM;
4140 goto unlock;
4141 }
4142
4143 hci_req_init(&req, hdev);
4144
cc91cb04 4145 if (cp->val == 0x02)
a1536da2 4146 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4147 else
a358dc11 4148 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4149
7816b820
FG		 4150 cancel_adv_timeout(hdev);
4151
24b4f38f 4152 if (val) {
7816b820
FG		 4153 /* Switch to instance "0" for the Set Advertising setting.
4154 * We cannot use update_[adv|scan_rsp]_data() here as the
4155 * HCI_ADVERTISING flag is not yet set.
4156 */
f2252570
JH		 4157 __hci_req_update_adv_data(&req, 0x00);
4158 __hci_req_update_scan_rsp_data(&req, 0x00);
4159 __hci_req_enable_advertising(&req);
24b4f38f 4160 } else {
f2252570 4161 __hci_req_disable_advertising(&req);
24b4f38f 4162 }
4375f103
JH		 4163
4164 err = hci_req_run(&req, set_advertising_complete);
4165 if (err < 0)
4166 mgmt_pending_remove(cmd);
4167
4168unlock:
4169 hci_dev_unlock(hdev);
4170 return err;
4171}
4172
d13eafce
MH		 4173static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4174 void *data, u16 len)
4175{
4176 struct mgmt_cp_set_static_address *cp = data;
4177 int err;
4178
4179 BT_DBG("%s", hdev->name);
4180
62af4443 4181 if (!lmp_le_capable(hdev))
a69e8375
JH		 4182 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4183 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4184
4185 if (hdev_is_powered(hdev))
a69e8375
JH		 4186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4187 MGMT_STATUS_REJECTED);
d13eafce
MH		 4188
4189 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4190 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4191 return mgmt_cmd_status(sk, hdev->id,
4192 MGMT_OP_SET_STATIC_ADDRESS,
4193 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4194
4195 /* Two most significant bits shall be set */
4196 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4197 return mgmt_cmd_status(sk, hdev->id,
4198 MGMT_OP_SET_STATIC_ADDRESS,
4199 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4200 }
4201
4202 hci_dev_lock(hdev);
4203
4204 bacpy(&hdev->static_addr, &cp->bdaddr);
4205
93690c22
MH		 4206 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4207 if (err < 0)
4208 goto unlock;
4209
4210 err = new_settings(hdev, sk);
d13eafce 4211
93690c22 4212unlock:
d13eafce 4213 hci_dev_unlock(hdev);
d13eafce
MH		 4214 return err;
4215}
4216
14b49b9a
MH		 4217static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4218 void *data, u16 len)
4219{
4220 struct mgmt_cp_set_scan_params *cp = data;
4221 __u16 interval, window;
4222 int err;
4223
4224 BT_DBG("%s", hdev->name);
4225
4226 if (!lmp_le_capable(hdev))
a69e8375
JH		 4227 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4228 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4229
4230 interval = __le16_to_cpu(cp->interval);
4231
4232 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4233 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4234 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4235
4236 window = __le16_to_cpu(cp->window);
4237
4238 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4239 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4240 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4241
899e1075 4242 if (window > interval)
a69e8375
JH		 4243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4244 MGMT_STATUS_INVALID_PARAMS);
899e1075 4245
14b49b9a
MH		 4246 hci_dev_lock(hdev);
4247
4248 hdev->le_scan_interval = interval;
4249 hdev->le_scan_window = window;
4250
2a1afb5a
JH		 4251 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4252 NULL, 0);
14b49b9a 4253
dd2ef8e2
AG		 4254 /* If background scan is running, restart it so new parameters are
4255 * loaded.
4256 */
d7a5a11d 4257 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4258 hdev->discovery.state == DISCOVERY_STOPPED) {
4259 struct hci_request req;
4260
4261 hci_req_init(&req, hdev);
4262
4263 hci_req_add_le_scan_disable(&req);
4264 hci_req_add_le_passive_scan(&req);
4265
4266 hci_req_run(&req, NULL);
4267 }
4268
14b49b9a
MH		 4269 hci_dev_unlock(hdev);
4270
4271 return err;
4272}
4273
1904a853
MH		 4274static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4275 u16 opcode)
33e38b3e 4276{
3b0602cd 4277 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4278
4279 BT_DBG("status 0x%02x", status);
4280
4281 hci_dev_lock(hdev);
4282
333ae95d 4283 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4284 if (!cmd)
4285 goto unlock;
4286
4287 if (status) {
a69e8375
JH		 4288 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4289 mgmt_status(status));
33e38b3e 4290 } else {
1a4d3c4b
JH		 4291 struct mgmt_mode *cp = cmd->param;
4292
4293 if (cp->val)
a1536da2 4294 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4295 else
a358dc11 4296 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4297
33e38b3e
JH		 4298 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4299 new_settings(hdev, cmd->sk);
4300 }
4301
4302 mgmt_pending_remove(cmd);
4303
4304unlock:
4305 hci_dev_unlock(hdev);
4306}
4307
bdb6d971 4308static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4309 void *data, u16 len)
f6422ec6 4310{
650f726d 4311 struct mgmt_mode *cp = data;
3b0602cd 4312 struct mgmt_pending_cmd *cmd;
33e38b3e 4313 struct hci_request req;
f6422ec6
AJ		 4314 int err;
4315
bdb6d971 4316 BT_DBG("%s", hdev->name);
f6422ec6 4317
d7a5a11d 4318 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4319 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4321 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4322
a7e80f25 4323 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4324 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4325 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4326
f6422ec6
AJ		 4327 hci_dev_lock(hdev);
4328
333ae95d 4329 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4330 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4331 MGMT_STATUS_BUSY);
05cbf29f
JH		 4332 goto unlock;
4333 }
4334
d7a5a11d 4335 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4336 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4337 hdev);
4338 goto unlock;
4339 }
4340
406ef2a6 4341 if (!hdev_is_powered(hdev)) {
ce05d603 4342 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4343 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4344 hdev);
4345 new_settings(hdev, sk);
4346 goto unlock;
4347 }
4348
33e38b3e
JH		 4349 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4350 data, len);
4351 if (!cmd) {
4352 err = -ENOMEM;
4353 goto unlock;
f6422ec6
AJ		 4354 }
4355
33e38b3e
JH		 4356 hci_req_init(&req, hdev);
4357
406d7804 4358 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4359
4360 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4361 if (err < 0) {
a69e8375
JH		 4362 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4363 MGMT_STATUS_FAILED);
33e38b3e 4364 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4365 }
4366
33e38b3e 4367unlock:
f6422ec6 4368 hci_dev_unlock(hdev);
33e38b3e 4369
f6422ec6
AJ		 4370 return err;
4371}
4372
1904a853 4373static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4374{
3b0602cd 4375 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4376
4377 BT_DBG("status 0x%02x", status);
4378
4379 hci_dev_lock(hdev);
4380
333ae95d 4381 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4382 if (!cmd)
4383 goto unlock;
4384
4385 if (status) {
4386 u8 mgmt_err = mgmt_status(status);
4387
4388 /* We need to restore the flag if related HCI commands
4389 * failed.
4390 */
a358dc11 4391 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4392
a69e8375 4393 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4394 } else {
4395 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4396 new_settings(hdev, cmd->sk);
4397 }
4398
4399 mgmt_pending_remove(cmd);
4400
4401unlock:
4402 hci_dev_unlock(hdev);
4403}
4404
4405static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4406{
4407 struct mgmt_mode *cp = data;
3b0602cd 4408 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4409 struct hci_request req;
4410 int err;
4411
4412 BT_DBG("request for %s", hdev->name);
4413
4414 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4415 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4416 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4417
d7a5a11d 4418 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4420 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4421
4422 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4423 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4424 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4425
4426 hci_dev_lock(hdev);
4427
d7a5a11d 4428 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4429 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4430 goto unlock;
4431 }
4432
4433 if (!hdev_is_powered(hdev)) {
4434 if (!cp->val) {
a358dc11
MH		 4435 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4436 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4437 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4438 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4439 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4440 }
4441
ce05d603 4442 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4443
4444 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4445 if (err < 0)
4446 goto unlock;
4447
4448 err = new_settings(hdev, sk);
4449 goto unlock;
4450 }
4451
4452 /* Reject disabling when powered on */
4453 if (!cp->val) {
a69e8375
JH		 4454 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4455 MGMT_STATUS_REJECTED);
0663ca2a 4456 goto unlock;
111e4bcc
MH		 4457 } else {
4458 /* When configuring a dual-mode controller to operate
4459 * with LE only and using a static address, then switching
4460 * BR/EDR back on is not allowed.
4461 *
4462 * Dual-mode controllers shall operate with the public
4463 * address as its identity address for BR/EDR and LE. So
4464 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4465 *
4466 * The same restrictions applies when secure connections
4467 * has been enabled. For BR/EDR this is a controller feature
4468 * while for LE it is a host stack feature. This means that
4469 * switching BR/EDR back on when secure connections has been
4470 * enabled is not a supported transaction.
111e4bcc 4471 */
d7a5a11d 4472 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4473 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4474 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4475 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4476 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4477 goto unlock;
4478 }
0663ca2a
JH		 4479 }
4480
333ae95d 4481 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4482 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4483 MGMT_STATUS_BUSY);
0663ca2a
JH		 4484 goto unlock;
4485 }
4486
4487 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4488 if (!cmd) {
4489 err = -ENOMEM;
4490 goto unlock;
4491 }
4492
f2252570
JH		 4493 /* We need to flip the bit already here so that
4494 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4495 */
a1536da2 4496 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4497
4498 hci_req_init(&req, hdev);
aa8af46e 4499
432df05e 4500 write_fast_connectable(&req, false);
01b1cb87 4501 __hci_req_update_scan(&req);
aa8af46e 4502
f14d8f64
MH		 4503 /* Since only the advertising data flags will change, there
4504 * is no need to update the scan response data.
4505 */
f2252570 4506 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
aa8af46e 4507
0663ca2a
JH		 4508 err = hci_req_run(&req, set_bredr_complete);
4509 if (err < 0)
4510 mgmt_pending_remove(cmd);
4511
4512unlock:
4513 hci_dev_unlock(hdev);
4514 return err;
4515}
4516
a1443f5a
JH		 4517static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4518{
3b0602cd 4519 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4520 struct mgmt_mode *cp;
4521
4522 BT_DBG("%s status %u", hdev->name, status);
4523
4524 hci_dev_lock(hdev);
4525
333ae95d 4526 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4527 if (!cmd)
4528 goto unlock;
4529
4530 if (status) {
a69e8375
JH		 4531 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4532 mgmt_status(status));
a1443f5a
JH		 4533 goto remove;
4534 }
4535
4536 cp = cmd->param;
4537
4538 switch (cp->val) {
4539 case 0x00:
a358dc11
MH		 4540 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4541 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4542 break;
4543 case 0x01:
a1536da2 4544 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4545 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4546 break;
4547 case 0x02:
a1536da2
MH		 4548 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4549 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4550 break;
4551 }
4552
4553 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4554 new_settings(hdev, cmd->sk);
4555
4556remove:
4557 mgmt_pending_remove(cmd);
4558unlock:
4559 hci_dev_unlock(hdev);
4560}
4561
eac83dc6
MH		 4562static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4563 void *data, u16 len)
4564{
4565 struct mgmt_mode *cp = data;
3b0602cd 4566 struct mgmt_pending_cmd *cmd;
a1443f5a 4567 struct hci_request req;
a3209694 4568 u8 val;
eac83dc6
MH		 4569 int err;
4570
4571 BT_DBG("request for %s", hdev->name);
4572
05b3c3e7 4573 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4574 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4576 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4577
d7a5a11d 4578 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4579 lmp_sc_capable(hdev) &&
d7a5a11d 4580 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4582 MGMT_STATUS_REJECTED);
ed93ec69 4583
0ab04a9c 4584 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4586 MGMT_STATUS_INVALID_PARAMS);
4587
4588 hci_dev_lock(hdev);
4589
05b3c3e7 4590 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4591 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4592 bool changed;
4593
0ab04a9c 4594 if (cp->val) {
238be788
MH		 4595 changed = !hci_dev_test_and_set_flag(hdev,
4596 HCI_SC_ENABLED);
0ab04a9c 4597 if (cp->val == 0x02)
a1536da2 4598 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4599 else
a358dc11 4600 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4601 } else {
a69d8927
MH		 4602 changed = hci_dev_test_and_clear_flag(hdev,
4603 HCI_SC_ENABLED);
a358dc11 4604 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4605 }
eac83dc6
MH		 4606
4607 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4608 if (err < 0)
4609 goto failed;
4610
4611 if (changed)
4612 err = new_settings(hdev, sk);
4613
4614 goto failed;
4615 }
4616
333ae95d 4617 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4618 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4619 MGMT_STATUS_BUSY);
eac83dc6
MH		 4620 goto failed;
4621 }
4622
0ab04a9c
MH		 4623 val = !!cp->val;
4624
d7a5a11d
MH		 4625 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4626 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4627 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4628 goto failed;
4629 }
4630
4631 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4632 if (!cmd) {
4633 err = -ENOMEM;
4634 goto failed;
4635 }
4636
a1443f5a
JH		 4637 hci_req_init(&req, hdev);
4638 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4639 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4640 if (err < 0) {
4641 mgmt_pending_remove(cmd);
4642 goto failed;
4643 }
4644
4645failed:
4646 hci_dev_unlock(hdev);
4647 return err;
4648}
4649
4e39ac81
MH		 4650static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4651 void *data, u16 len)
4652{
4653 struct mgmt_mode *cp = data;
b9710979 4654 bool changed, use_changed;
4e39ac81
MH		 4655 int err;
4656
4657 BT_DBG("request for %s", hdev->name);
4658
b9710979 4659 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4660 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4661 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4662
4663 hci_dev_lock(hdev);
4664
4665 if (cp->val)
238be788 4666 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4667 else
a69d8927
MH		 4668 changed = hci_dev_test_and_clear_flag(hdev,
4669 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4670
b9710979 4671 if (cp->val == 0x02)
238be788
MH		 4672 use_changed = !hci_dev_test_and_set_flag(hdev,
4673 HCI_USE_DEBUG_KEYS);
b9710979 4674 else
a69d8927
MH		 4675 use_changed = hci_dev_test_and_clear_flag(hdev,
4676 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4677
4678 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4679 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4680 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4681 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4682 sizeof(mode), &mode);
4683 }
4684
4e39ac81
MH		 4685 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4686 if (err < 0)
4687 goto unlock;
4688
4689 if (changed)
4690 err = new_settings(hdev, sk);
4691
4692unlock:
4693 hci_dev_unlock(hdev);
4694 return err;
4695}
4696
62b04cd1
JH		 4697static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4698 u16 len)
4699{
4700 struct mgmt_cp_set_privacy *cp = cp_data;
4701 bool changed;
4702 int err;
4703
4704 BT_DBG("request for %s", hdev->name);
4705
4706 if (!lmp_le_capable(hdev))
a69e8375
JH		 4707 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4708 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 4709
4710 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 4711 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4712 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4713
4714 if (hdev_is_powered(hdev))
a69e8375
JH		 4715 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4716 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4717
4718 hci_dev_lock(hdev);
4719
c21c0ea0
JH		 4720 /* If user space supports this command it is also expected to
4721 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4722 */
a1536da2 4723 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4724
62b04cd1 4725 if (cp->privacy) {
238be788 4726 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4727 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4728 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 4729 } else {
a69d8927 4730 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4731 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4732 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 4733 }
4734
4735 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4736 if (err < 0)
4737 goto unlock;
4738
4739 if (changed)
4740 err = new_settings(hdev, sk);
4741
4742unlock:
4743 hci_dev_unlock(hdev);
4744 return err;
4745}
4746
41edf160
JH		 4747static bool irk_is_valid(struct mgmt_irk_info *irk)
4748{
4749 switch (irk->addr.type) {
4750 case BDADDR_LE_PUBLIC:
4751 return true;
4752
4753 case BDADDR_LE_RANDOM:
4754 /* Two most significant bits shall be set */
4755 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4756 return false;
4757 return true;
4758 }
4759
4760 return false;
4761}
4762
4763static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4764 u16 len)
4765{
4766 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4767 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4768 sizeof(struct mgmt_irk_info));
41edf160
JH		 4769 u16 irk_count, expected_len;
4770 int i, err;
4771
4772 BT_DBG("request for %s", hdev->name);
4773
4774 if (!lmp_le_capable(hdev))
a69e8375
JH		 4775 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4776 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 4777
4778 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4779 if (irk_count > max_irk_count) {
4780 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 4781 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4782 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4783 }
41edf160
JH		 4784
4785 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4786 if (expected_len != len) {
4787 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4788 expected_len, len);
a69e8375
JH		 4789 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4790 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4791 }
4792
4793 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4794
4795 for (i = 0; i < irk_count; i++) {
4796 struct mgmt_irk_info *key = &cp->irks[i];
4797
4798 if (!irk_is_valid(key))
a69e8375
JH		 4799 return mgmt_cmd_status(sk, hdev->id,
4800 MGMT_OP_LOAD_IRKS,
4801 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4802 }
4803
4804 hci_dev_lock(hdev);
4805
4806 hci_smp_irks_clear(hdev);
4807
4808 for (i = 0; i < irk_count; i++) {
4809 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 4810
85813a7e
JH		 4811 hci_add_irk(hdev, &irk->addr.bdaddr,
4812 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 4813 BDADDR_ANY);
4814 }
4815
a1536da2 4816 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 4817
2a1afb5a 4818 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 4819
4820 hci_dev_unlock(hdev);
4821
4822 return err;
4823}
4824
3f706b72
JH		 4825static bool ltk_is_valid(struct mgmt_ltk_info *key)
4826{
4827 if (key->master != 0x00 && key->master != 0x01)
4828 return false;
490cb0b3
MH		 4829
4830 switch (key->addr.type) {
4831 case BDADDR_LE_PUBLIC:
4832 return true;
4833
4834 case BDADDR_LE_RANDOM:
4835 /* Two most significant bits shall be set */
4836 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4837 return false;
4838 return true;
4839 }
4840
4841 return false;
3f706b72
JH		 4842}
4843
bdb6d971 4844static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4845 void *cp_data, u16 len)
346af67b 4846{
346af67b 4847 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4848 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4849 sizeof(struct mgmt_ltk_info));
346af67b 4850 u16 key_count, expected_len;
715a5bf2 4851 int i, err;
346af67b 4852
cf99ba13
MH		 4853 BT_DBG("request for %s", hdev->name);
4854
4855 if (!lmp_le_capable(hdev))
a69e8375
JH		 4856 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4857 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 4858
1f350c87 4859 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4860 if (key_count > max_key_count) {
4861 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 4862 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4863 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4864 }
346af67b
VCG		 4865
4866 expected_len = sizeof(*cp) + key_count *
4867 sizeof(struct mgmt_ltk_info);
4868 if (expected_len != len) {
4869 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4870 expected_len, len);
a69e8375
JH		 4871 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4872 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4873 }
4874
bdb6d971 4875 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4876
54ad6d8a
JH		 4877 for (i = 0; i < key_count; i++) {
4878 struct mgmt_ltk_info *key = &cp->keys[i];
4879
3f706b72 4880 if (!ltk_is_valid(key))
a69e8375
JH		 4881 return mgmt_cmd_status(sk, hdev->id,
4882 MGMT_OP_LOAD_LONG_TERM_KEYS,
4883 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 4884 }
4885
346af67b
VCG		 4886 hci_dev_lock(hdev);
4887
4888 hci_smp_ltks_clear(hdev);
4889
4890 for (i = 0; i < key_count; i++) {
4891 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 4892 u8 type, authenticated;
346af67b 4893
61b43357
JH		 4894 switch (key->type) {
4895 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4896 authenticated = 0x00;
23fb8de3 4897 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4898 break;
4899 case MGMT_LTK_AUTHENTICATED:
d7b25450 4900 authenticated = 0x01;
23fb8de3
JH		 4901 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4902 break;
4903 case MGMT_LTK_P256_UNAUTH:
4904 authenticated = 0x00;
4905 type = SMP_LTK_P256;
61b43357 4906 break;
23fb8de3
JH		 4907 case MGMT_LTK_P256_AUTH:
4908 authenticated = 0x01;
4909 type = SMP_LTK_P256;
61b43357 4910 break;
23fb8de3
JH		 4911 case MGMT_LTK_P256_DEBUG:
4912 authenticated = 0x00;
4913 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4914 default:
4915 continue;
4916 }
d7b25450 4917
85813a7e
JH		 4918 hci_add_ltk(hdev, &key->addr.bdaddr,
4919 le_addr_type(key->addr.type), type, authenticated,
4920 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4921 }
4922
2a1afb5a 4923 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 4924 NULL, 0);
4925
346af67b 4926 hci_dev_unlock(hdev);
346af67b 4927
715a5bf2 4928 return err;
346af67b
VCG		 4929}
4930
3b0602cd 4931static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 4932{
dd983808 4933 struct hci_conn *conn = cmd->user_data;
9981bdb0 4934 struct mgmt_rp_get_conn_info rp;
9df74653 4935 int err;
dd983808 4936
9981bdb0 4937 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 4938
9981bdb0 4939 if (status == MGMT_STATUS_SUCCESS) {
dd983808 4940 rp.rssi = conn->rssi;
9981bdb0
JH		 4941 rp.tx_power = conn->tx_power;
4942 rp.max_tx_power = conn->max_tx_power;
4943 } else {
4944 rp.rssi = HCI_RSSI_INVALID;
4945 rp.tx_power = HCI_TX_POWER_INVALID;
4946 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 4947 }
4948
2a1afb5a
JH		 4949 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4950 status, &rp, sizeof(rp));
dd983808
AK		 4951
4952 hci_conn_drop(conn);
f8aaf9b6 4953 hci_conn_put(conn);
9df74653
JH		 4954
4955 return err;
dd983808
AK		 4956}
4957
1904a853
MH		 4958static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4959 u16 opcode)
dd983808
AK		 4960{
4961 struct hci_cp_read_rssi *cp;
3b0602cd 4962 struct mgmt_pending_cmd *cmd;
dd983808 4963 struct hci_conn *conn;
dd983808 4964 u16 handle;
9981bdb0 4965 u8 status;
dd983808 4966
9981bdb0 4967 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 4968
4969 hci_dev_lock(hdev);
4970
dd983808
AK		 4971 /* Commands sent in request are either Read RSSI or Read Transmit Power
4972 * Level so we check which one was last sent to retrieve connection
4973 * handle. Both commands have handle as first parameter so it's safe to
4974 * cast data on the same command struct.
4975 *
4976 * First command sent is always Read RSSI and we fail only if it fails.
4977 * In other case we simply override error to indicate success as we
4978 * already remembered if TX power value is actually valid.
4979 */
4980 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4981 if (!cp) {
4982 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 4983 status = MGMT_STATUS_SUCCESS;
4984 } else {
4985 status = mgmt_status(hci_status);
dd983808
AK		 4986 }
4987
4988 if (!cp) {
9981bdb0 4989 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 4990 goto unlock;
4991 }
4992
4993 handle = __le16_to_cpu(cp->handle);
4994 conn = hci_conn_hash_lookup_handle(hdev, handle);
4995 if (!conn) {
9981bdb0 4996 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 4997 goto unlock;
4998 }
4999
333ae95d 5000 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5001 if (!cmd)
5002 goto unlock;
dd983808 5003
9981bdb0
JH		 5004 cmd->cmd_complete(cmd, status);
5005 mgmt_pending_remove(cmd);
dd983808
AK		 5006
5007unlock:
5008 hci_dev_unlock(hdev);
5009}
5010
5011static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5012 u16 len)
5013{
5014 struct mgmt_cp_get_conn_info *cp = data;
5015 struct mgmt_rp_get_conn_info rp;
5016 struct hci_conn *conn;
5017 unsigned long conn_info_age;
5018 int err = 0;
5019
5020 BT_DBG("%s", hdev->name);
5021
5022 memset(&rp, 0, sizeof(rp));
5023 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5024 rp.addr.type = cp->addr.type;
5025
5026 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5027 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5028 MGMT_STATUS_INVALID_PARAMS,
5029 &rp, sizeof(rp));
dd983808
AK		 5030
5031 hci_dev_lock(hdev);
5032
5033 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5034 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5035 MGMT_STATUS_NOT_POWERED, &rp,
5036 sizeof(rp));
dd983808
AK		 5037 goto unlock;
5038 }
5039
5040 if (cp->addr.type == BDADDR_BREDR)
5041 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5042 &cp->addr.bdaddr);
5043 else
5044 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5045
5046 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5047 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5048 MGMT_STATUS_NOT_CONNECTED, &rp,
5049 sizeof(rp));
dd983808
AK		 5050 goto unlock;
5051 }
5052
333ae95d 5053 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5054 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5055 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5056 goto unlock;
5057 }
5058
dd983808
AK		 5059 /* To avoid client trying to guess when to poll again for information we
5060 * calculate conn info age as random value between min/max set in hdev.
5061 */
5062 conn_info_age = hdev->conn_info_min_age +
5063 prandom_u32_max(hdev->conn_info_max_age -
5064 hdev->conn_info_min_age);
5065
5066 /* Query controller to refresh cached values if they are too old or were
5067 * never read.
5068 */
f4e2dd53
AK		 5069 if (time_after(jiffies, conn->conn_info_timestamp +
5070 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5071 !conn->conn_info_timestamp) {
5072 struct hci_request req;
5073 struct hci_cp_read_tx_power req_txp_cp;
5074 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5075 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5076
5077 hci_req_init(&req, hdev);
5078 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5079 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5080 &req_rssi_cp);
5081
f7faab0c
AK		 5082 /* For LE links TX power does not change thus we don't need to
5083 * query for it once value is known.
5084 */
5085 if (!bdaddr_type_is_le(cp->addr.type) ||
5086 conn->tx_power == HCI_TX_POWER_INVALID) {
5087 req_txp_cp.handle = cpu_to_le16(conn->handle);
5088 req_txp_cp.type = 0x00;
5089 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5090 sizeof(req_txp_cp), &req_txp_cp);
5091 }
dd983808 5092
eed5daf3
AK		 5093 /* Max TX power needs to be read only once per connection */
5094 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5095 req_txp_cp.handle = cpu_to_le16(conn->handle);
5096 req_txp_cp.type = 0x01;
5097 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5098 sizeof(req_txp_cp), &req_txp_cp);
5099 }
5100
dd983808
AK		 5101 err = hci_req_run(&req, conn_info_refresh_complete);
5102 if (err < 0)
5103 goto unlock;
5104
5105 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5106 data, len);
5107 if (!cmd) {
5108 err = -ENOMEM;
5109 goto unlock;
5110 }
5111
5112 hci_conn_hold(conn);
f8aaf9b6 5113 cmd->user_data = hci_conn_get(conn);
9981bdb0 5114 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5115
5116 conn->conn_info_timestamp = jiffies;
5117 } else {
5118 /* Cache is valid, just reply with values cached in hci_conn */
5119 rp.rssi = conn->rssi;
5120 rp.tx_power = conn->tx_power;
eed5daf3 5121 rp.max_tx_power = conn->max_tx_power;
dd983808 5122
2a1afb5a
JH		 5123 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5124 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5125 }
5126
5127unlock:
5128 hci_dev_unlock(hdev);
5129 return err;
5130}
5131
3b0602cd 5132static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5133{
69487371 5134 struct hci_conn *conn = cmd->user_data;
95868426 5135 struct mgmt_rp_get_clock_info rp;
69487371 5136 struct hci_dev *hdev;
9df74653 5137 int err;
69487371
JH		 5138
5139 memset(&rp, 0, sizeof(rp));
5140 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5141
5142 if (status)
5143 goto complete;
5144
5145 hdev = hci_dev_get(cmd->index);
5146 if (hdev) {
5147 rp.local_clock = cpu_to_le32(hdev->clock);
5148 hci_dev_put(hdev);
5149 }
5150
5151 if (conn) {
5152 rp.piconet_clock = cpu_to_le32(conn->clock);
5153 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5154 }
5155
5156complete:
2a1afb5a
JH		 5157 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5158 sizeof(rp));
69487371
JH		 5159
5160 if (conn) {
5161 hci_conn_drop(conn);
5162 hci_conn_put(conn);
5163 }
9df74653
JH		 5164
5165 return err;
69487371
JH		 5166}
5167
1904a853 5168static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5169{
95868426 5170 struct hci_cp_read_clock *hci_cp;
3b0602cd 5171 struct mgmt_pending_cmd *cmd;
95868426
JH		 5172 struct hci_conn *conn;
5173
5174 BT_DBG("%s status %u", hdev->name, status);
5175
5176 hci_dev_lock(hdev);
5177
5178 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5179 if (!hci_cp)
5180 goto unlock;
5181
5182 if (hci_cp->which) {
5183 u16 handle = __le16_to_cpu(hci_cp->handle);
5184 conn = hci_conn_hash_lookup_handle(hdev, handle);
5185 } else {
5186 conn = NULL;
5187 }
5188
333ae95d 5189 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5190 if (!cmd)
5191 goto unlock;
5192
69487371 5193 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5194 mgmt_pending_remove(cmd);
95868426
JH		 5195
5196unlock:
5197 hci_dev_unlock(hdev);
5198}
5199
5200static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5201 u16 len)
5202{
5203 struct mgmt_cp_get_clock_info *cp = data;
5204 struct mgmt_rp_get_clock_info rp;
5205 struct hci_cp_read_clock hci_cp;
3b0602cd 5206 struct mgmt_pending_cmd *cmd;
95868426
JH		 5207 struct hci_request req;
5208 struct hci_conn *conn;
5209 int err;
5210
5211 BT_DBG("%s", hdev->name);
5212
5213 memset(&rp, 0, sizeof(rp));
5214 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5215 rp.addr.type = cp->addr.type;
5216
5217 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5218 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5219 MGMT_STATUS_INVALID_PARAMS,
5220 &rp, sizeof(rp));
95868426
JH		 5221
5222 hci_dev_lock(hdev);
5223
5224 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5225 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5226 MGMT_STATUS_NOT_POWERED, &rp,
5227 sizeof(rp));
95868426
JH		 5228 goto unlock;
5229 }
5230
5231 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5232 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5233 &cp->addr.bdaddr);
5234 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5235 err = mgmt_cmd_complete(sk, hdev->id,
5236 MGMT_OP_GET_CLOCK_INFO,
5237 MGMT_STATUS_NOT_CONNECTED,
5238 &rp, sizeof(rp));
95868426
JH		 5239 goto unlock;
5240 }
5241 } else {
5242 conn = NULL;
5243 }
5244
5245 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5246 if (!cmd) {
5247 err = -ENOMEM;
5248 goto unlock;
5249 }
5250
69487371
JH		 5251 cmd->cmd_complete = clock_info_cmd_complete;
5252
95868426
JH		 5253 hci_req_init(&req, hdev);
5254
5255 memset(&hci_cp, 0, sizeof(hci_cp));
5256 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5257
5258 if (conn) {
5259 hci_conn_hold(conn);
f8aaf9b6 5260 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5261
5262 hci_cp.handle = cpu_to_le16(conn->handle);
5263 hci_cp.which = 0x01; /* Piconet clock */
5264 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5265 }
5266
5267 err = hci_req_run(&req, get_clock_info_complete);
5268 if (err < 0)
5269 mgmt_pending_remove(cmd);
5270
5271unlock:
5272 hci_dev_unlock(hdev);
5273 return err;
5274}
5275
5a154e6f
JH		 5276static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5277{
5278 struct hci_conn *conn;
5279
5280 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5281 if (!conn)
5282 return false;
5283
5284 if (conn->dst_type != type)
5285 return false;
5286
5287 if (conn->state != BT_CONNECTED)
5288 return false;
5289
5290 return true;
5291}
5292
5293/* This function requires the caller holds hdev->lock */
51d7a94d 5294static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5295 u8 addr_type, u8 auto_connect)
5296{
5a154e6f
JH		 5297 struct hci_conn_params *params;
5298
5299 params = hci_conn_params_add(hdev, addr, addr_type);
5300 if (!params)
5301 return -EIO;
5302
5303 if (params->auto_connect == auto_connect)
5304 return 0;
5305
5306 list_del_init(&params->action);
5307
5308 switch (auto_connect) {
5309 case HCI_AUTO_CONN_DISABLED:
5310 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5311 /* If auto connect is being disabled when we're trying to
5312 * connect to device, keep connecting.
5313 */
5314 if (params->explicit_connect)
5315 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5316 break;
5317 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5318 if (params->explicit_connect)
5319 list_add(&params->action, &hdev->pend_le_conns);
5320 else
5321 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5322 break;
5323 case HCI_AUTO_CONN_DIRECT:
5324 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5325 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5326 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5327 break;
5328 }
5329
5330 params->auto_connect = auto_connect;
5331
5332 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5333 auto_connect);
5334
5335 return 0;
5336}
5337
8afef092
MH		 5338static void device_added(struct sock *sk, struct hci_dev *hdev,
5339 bdaddr_t *bdaddr, u8 type, u8 action)
5340{
5341 struct mgmt_ev_device_added ev;
5342
5343 bacpy(&ev.addr.bdaddr, bdaddr);
5344 ev.addr.type = type;
5345 ev.action = action;
5346
5347 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5348}
5349
2faade53
MH		 5350static int add_device(struct sock *sk, struct hci_dev *hdev,
5351 void *data, u16 len)
5352{
5353 struct mgmt_cp_add_device *cp = data;
5354 u8 auto_conn, addr_type;
5355 int err;
5356
5357 BT_DBG("%s", hdev->name);
5358
6659358e 5359 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5360 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5361 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5362 MGMT_STATUS_INVALID_PARAMS,
5363 &cp->addr, sizeof(cp->addr));
2faade53 5364
4b9e7e75 5365 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5366 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5367 MGMT_STATUS_INVALID_PARAMS,
5368 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5369
5370 hci_dev_lock(hdev);
5371
6659358e 5372 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5373 /* Only incoming connections action is supported for now */
6659358e 5374 if (cp->action != 0x01) {
51d7a94d
JH		 5375 err = mgmt_cmd_complete(sk, hdev->id,
5376 MGMT_OP_ADD_DEVICE,
5377 MGMT_STATUS_INVALID_PARAMS,
5378 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5379 goto unlock;
5380 }
5381
5382 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5383 cp->addr.type);
5384 if (err)
5385 goto unlock;
a397407f 5386
01b1cb87 5387 hci_req_update_scan(hdev);
a397407f 5388
6659358e
JH		 5389 goto added;
5390 }
5391
85813a7e 5392 addr_type = le_addr_type(cp->addr.type);
2faade53 5393
4b9e7e75 5394 if (cp->action == 0x02)
2faade53 5395 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5396 else if (cp->action == 0x01)
5397 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5398 else
a3451d27 5399 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5400
9a0a8a8e
JP		 5401 /* Kernel internally uses conn_params with resolvable private
5402 * address, but Add Device allows only identity addresses.
5403 * Make sure it is enforced before calling
5404 * hci_conn_params_lookup.
5405 */
5406 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5407 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5408 MGMT_STATUS_INVALID_PARAMS,
5409 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5410 goto unlock;
5411 }
5412
bf5b3c8b
MH		 5413 /* If the connection parameters don't exist for this device,
5414 * they will be created and configured with defaults.
5415 */
51d7a94d 5416 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5417 auto_conn) < 0) {
51d7a94d
JH		 5418 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5419 MGMT_STATUS_FAILED, &cp->addr,
5420 sizeof(cp->addr));
2faade53
MH		 5421 goto unlock;
5422 }
5423
51d7a94d
JH		 5424 hci_update_background_scan(hdev);
5425
6659358e 5426added:
8afef092
MH		 5427 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5428
51d7a94d
JH		 5429 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5430 MGMT_STATUS_SUCCESS, &cp->addr,
5431 sizeof(cp->addr));
2faade53
MH		 5432
5433unlock:
5434 hci_dev_unlock(hdev);
5435 return err;
5436}
5437
8afef092
MH		 5438static void device_removed(struct sock *sk, struct hci_dev *hdev,
5439 bdaddr_t *bdaddr, u8 type)
5440{
5441 struct mgmt_ev_device_removed ev;
5442
5443 bacpy(&ev.addr.bdaddr, bdaddr);
5444 ev.addr.type = type;
5445
5446 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5447}
5448
2faade53
MH		 5449static int remove_device(struct sock *sk, struct hci_dev *hdev,
5450 void *data, u16 len)
5451{
5452 struct mgmt_cp_remove_device *cp = data;
5453 int err;
5454
5455 BT_DBG("%s", hdev->name);
5456
5457 hci_dev_lock(hdev);
5458
5459 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5460 struct hci_conn_params *params;
2faade53
MH		 5461 u8 addr_type;
5462
6659358e 5463 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5464 err = mgmt_cmd_complete(sk, hdev->id,
5465 MGMT_OP_REMOVE_DEVICE,
5466 MGMT_STATUS_INVALID_PARAMS,
5467 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5468 goto unlock;
5469 }
5470
6659358e
JH		 5471 if (cp->addr.type == BDADDR_BREDR) {
5472 err = hci_bdaddr_list_del(&hdev->whitelist,
5473 &cp->addr.bdaddr,
5474 cp->addr.type);
5475 if (err) {
51d7a94d
JH		 5476 err = mgmt_cmd_complete(sk, hdev->id,
5477 MGMT_OP_REMOVE_DEVICE,
5478 MGMT_STATUS_INVALID_PARAMS,
5479 &cp->addr,
5480 sizeof(cp->addr));
6659358e
JH		 5481 goto unlock;
5482 }
5483
01b1cb87 5484 hci_req_update_scan(hdev);
a397407f 5485
6659358e
JH		 5486 device_removed(sk, hdev, &cp->addr.bdaddr,
5487 cp->addr.type);
5488 goto complete;
5489 }
5490
85813a7e 5491 addr_type = le_addr_type(cp->addr.type);
2faade53 5492
9a0a8a8e
JP		 5493 /* Kernel internally uses conn_params with resolvable private
5494 * address, but Remove Device allows only identity addresses.
5495 * Make sure it is enforced before calling
5496 * hci_conn_params_lookup.
5497 */
5498 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5499 err = mgmt_cmd_complete(sk, hdev->id,
5500 MGMT_OP_REMOVE_DEVICE,
5501 MGMT_STATUS_INVALID_PARAMS,
5502 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5503 goto unlock;
5504 }
5505
c71593dd
JH		 5506 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5507 addr_type);
5508 if (!params) {
51d7a94d
JH		 5509 err = mgmt_cmd_complete(sk, hdev->id,
5510 MGMT_OP_REMOVE_DEVICE,
5511 MGMT_STATUS_INVALID_PARAMS,
5512 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5513 goto unlock;
5514 }
5515
679d2b6f
JH		 5516 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5517 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5518 err = mgmt_cmd_complete(sk, hdev->id,
5519 MGMT_OP_REMOVE_DEVICE,
5520 MGMT_STATUS_INVALID_PARAMS,
5521 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5522 goto unlock;
5523 }
5524
d1dbf12e 5525 list_del(&params->action);
c71593dd
JH		 5526 list_del(&params->list);
5527 kfree(params);
51d7a94d 5528 hci_update_background_scan(hdev);
8afef092
MH		 5529
5530 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5531 } else {
19de0825 5532 struct hci_conn_params *p, *tmp;
6659358e 5533 struct bdaddr_list *b, *btmp;
19de0825 5534
2faade53 5535 if (cp->addr.type) {
51d7a94d
JH		 5536 err = mgmt_cmd_complete(sk, hdev->id,
5537 MGMT_OP_REMOVE_DEVICE,
5538 MGMT_STATUS_INVALID_PARAMS,
5539 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5540 goto unlock;
5541 }
5542
6659358e
JH		 5543 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5544 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5545 list_del(&b->list);
5546 kfree(b);
5547 }
5548
01b1cb87 5549 hci_req_update_scan(hdev);
a397407f 5550
19de0825
JH		 5551 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5552 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5553 continue;
5554 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5555 if (p->explicit_connect) {
5556 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5557 continue;
5558 }
19de0825
JH		 5559 list_del(&p->action);
5560 list_del(&p->list);
5561 kfree(p);
5562 }
5563
5564 BT_DBG("All LE connection parameters were removed");
5565
51d7a94d 5566 hci_update_background_scan(hdev);
2faade53
MH		 5567 }
5568
6659358e 5569complete:
51d7a94d
JH		 5570 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5571 MGMT_STATUS_SUCCESS, &cp->addr,
5572 sizeof(cp->addr));
2faade53
MH		 5573unlock:
5574 hci_dev_unlock(hdev);
5575 return err;
5576}
5577
a26f3dcf
JH		 5578static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5579 u16 len)
5580{
5581 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5582 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5583 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5584 u16 param_count, expected_len;
5585 int i;
5586
5587 if (!lmp_le_capable(hdev))
a69e8375
JH		 5588 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5589 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5590
5591 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5592 if (param_count > max_param_count) {
5593 BT_ERR("load_conn_param: too big param_count value %u",
5594 param_count);
a69e8375
JH		 5595 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5596 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5597 }
a26f3dcf
JH		 5598
5599 expected_len = sizeof(*cp) + param_count *
5600 sizeof(struct mgmt_conn_param);
5601 if (expected_len != len) {
5602 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5603 expected_len, len);
a69e8375
JH		 5604 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5605 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5606 }
5607
5608 BT_DBG("%s param_count %u", hdev->name, param_count);
5609
5610 hci_dev_lock(hdev);
5611
5612 hci_conn_params_clear_disabled(hdev);
5613
5614 for (i = 0; i < param_count; i++) {
5615 struct mgmt_conn_param *param = &cp->params[i];
5616 struct hci_conn_params *hci_param;
5617 u16 min, max, latency, timeout;
5618 u8 addr_type;
5619
5620 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5621 param->addr.type);
5622
5623 if (param->addr.type == BDADDR_LE_PUBLIC) {
5624 addr_type = ADDR_LE_DEV_PUBLIC;
5625 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5626 addr_type = ADDR_LE_DEV_RANDOM;
5627 } else {
5628 BT_ERR("Ignoring invalid connection parameters");
5629 continue;
5630 }
5631
5632 min = le16_to_cpu(param->min_interval);
5633 max = le16_to_cpu(param->max_interval);
5634 latency = le16_to_cpu(param->latency);
5635 timeout = le16_to_cpu(param->timeout);
5636
5637 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5638 min, max, latency, timeout);
5639
5640 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5641 BT_ERR("Ignoring invalid connection parameters");
5642 continue;
5643 }
5644
5645 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5646 addr_type);
5647 if (!hci_param) {
5648 BT_ERR("Failed to add connection parameters");
5649 continue;
5650 }
5651
5652 hci_param->conn_min_interval = min;
5653 hci_param->conn_max_interval = max;
5654 hci_param->conn_latency = latency;
5655 hci_param->supervision_timeout = timeout;
5656 }
5657
5658 hci_dev_unlock(hdev);
5659
2a1afb5a
JH		 5660 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5661 NULL, 0);
a26f3dcf
JH		 5662}
5663
dbece37a
MH		 5664static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5665 void *data, u16 len)
5666{
5667 struct mgmt_cp_set_external_config *cp = data;
5668 bool changed;
5669 int err;
5670
5671 BT_DBG("%s", hdev->name);
5672
5673 if (hdev_is_powered(hdev))
a69e8375
JH		 5674 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5675 MGMT_STATUS_REJECTED);
dbece37a
MH		 5676
5677 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5679 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5680
5681 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5683 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5684
5685 hci_dev_lock(hdev);
5686
5687 if (cp->config)
238be788 5688 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5689 else
a69d8927 5690 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5691
5692 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5693 if (err < 0)
5694 goto unlock;
5695
5696 if (!changed)
5697 goto unlock;
5698
f4537c04
MH		 5699 err = new_options(hdev, sk);
5700
d7a5a11d 5701 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5702 mgmt_index_removed(hdev);
d603b76b 5703
516018a9 5704 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5705 hci_dev_set_flag(hdev, HCI_CONFIG);
5706 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5707
5708 queue_work(hdev->req_workqueue, &hdev->power_on);
5709 } else {
5ea234d3 5710 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5711 mgmt_index_added(hdev);
5712 }
dbece37a
MH		 5713 }
5714
5715unlock:
5716 hci_dev_unlock(hdev);
5717 return err;
5718}
5719
9713c17b
MH		 5720static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5721 void *data, u16 len)
5722{
5723 struct mgmt_cp_set_public_address *cp = data;
5724 bool changed;
5725 int err;
5726
5727 BT_DBG("%s", hdev->name);
5728
5729 if (hdev_is_powered(hdev))
a69e8375
JH		 5730 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5731 MGMT_STATUS_REJECTED);
9713c17b
MH		 5732
5733 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5734 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5735 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5736
5737 if (!hdev->set_bdaddr)
a69e8375
JH		 5738 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5739 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5740
5741 hci_dev_lock(hdev);
5742
5743 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5744 bacpy(&hdev->public_addr, &cp->bdaddr);
5745
5746 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5747 if (err < 0)
5748 goto unlock;
5749
5750 if (!changed)
5751 goto unlock;
5752
d7a5a11d 5753 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 5754 err = new_options(hdev, sk);
5755
5756 if (is_configured(hdev)) {
5757 mgmt_index_removed(hdev);
5758
a358dc11 5759 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 5760
a1536da2
MH		 5761 hci_dev_set_flag(hdev, HCI_CONFIG);
5762 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 5763
5764 queue_work(hdev->req_workqueue, &hdev->power_on);
5765 }
5766
5767unlock:
5768 hci_dev_unlock(hdev);
5769 return err;
5770}
5771
bea41609
MH		 5772static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5773 u8 data_len)
5774{
5775 eir[eir_len++] = sizeof(type) + data_len;
5776 eir[eir_len++] = type;
5777 memcpy(&eir[eir_len], data, data_len);
5778 eir_len += data_len;
5779
5780 return eir_len;
5781}
5782
40f66c05
JH		 5783static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5784 u16 opcode, struct sk_buff *skb)
5785{
5786 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5787 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5788 u8 *h192, *r192, *h256, *r256;
5789 struct mgmt_pending_cmd *cmd;
5790 u16 eir_len;
5791 int err;
5792
5793 BT_DBG("%s status %u", hdev->name, status);
5794
5795 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5796 if (!cmd)
5797 return;
5798
5799 mgmt_cp = cmd->param;
5800
5801 if (status) {
5802 status = mgmt_status(status);
5803 eir_len = 0;
5804
5805 h192 = NULL;
5806 r192 = NULL;
5807 h256 = NULL;
5808 r256 = NULL;
5809 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5810 struct hci_rp_read_local_oob_data *rp;
5811
5812 if (skb->len != sizeof(*rp)) {
5813 status = MGMT_STATUS_FAILED;
5814 eir_len = 0;
5815 } else {
5816 status = MGMT_STATUS_SUCCESS;
5817 rp = (void *)skb->data;
5818
5819 eir_len = 5 + 18 + 18;
5820 h192 = rp->hash;
5821 r192 = rp->rand;
5822 h256 = NULL;
5823 r256 = NULL;
5824 }
5825 } else {
5826 struct hci_rp_read_local_oob_ext_data *rp;
5827
5828 if (skb->len != sizeof(*rp)) {
5829 status = MGMT_STATUS_FAILED;
5830 eir_len = 0;
5831 } else {
5832 status = MGMT_STATUS_SUCCESS;
5833 rp = (void *)skb->data;
5834
5835 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5836 eir_len = 5 + 18 + 18;
5837 h192 = NULL;
5838 r192 = NULL;
5839 } else {
5840 eir_len = 5 + 18 + 18 + 18 + 18;
5841 h192 = rp->hash192;
5842 r192 = rp->rand192;
5843 }
5844
5845 h256 = rp->hash256;
5846 r256 = rp->rand256;
5847 }
5848 }
5849
5850 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5851 if (!mgmt_rp)
5852 goto done;
5853
5854 if (status)
5855 goto send_rsp;
5856
5857 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5858 hdev->dev_class, 3);
5859
5860 if (h192 && r192) {
5861 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5862 EIR_SSP_HASH_C192, h192, 16);
5863 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5864 EIR_SSP_RAND_R192, r192, 16);
5865 }
5866
5867 if (h256 && r256) {
5868 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5869 EIR_SSP_HASH_C256, h256, 16);
5870 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5871 EIR_SSP_RAND_R256, r256, 16);
5872 }
5873
5874send_rsp:
5875 mgmt_rp->type = mgmt_cp->type;
5876 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5877
5878 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5879 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5880 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5881 if (err < 0 || status)
5882 goto done;
5883
5884 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5885
5886 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5887 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5888 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5889done:
5890 kfree(mgmt_rp);
5891 mgmt_pending_remove(cmd);
5892}
5893
5894static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5895 struct mgmt_cp_read_local_oob_ext_data *cp)
5896{
5897 struct mgmt_pending_cmd *cmd;
5898 struct hci_request req;
5899 int err;
5900
5901 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5902 cp, sizeof(*cp));
5903 if (!cmd)
5904 return -ENOMEM;
5905
5906 hci_req_init(&req, hdev);
5907
5908 if (bredr_sc_enabled(hdev))
5909 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5910 else
5911 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5912
5913 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5914 if (err < 0) {
5915 mgmt_pending_remove(cmd);
5916 return err;
5917 }
5918
5919 return 0;
5920}
5921
4f0f155c
MH		 5922static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5923 void *data, u16 data_len)
5924{
5925 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5926 struct mgmt_rp_read_local_oob_ext_data *rp;
5927 size_t rp_len;
5928 u16 eir_len;
0821a2c5 5929 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 5930 int err;
5931
5932 BT_DBG("%s", hdev->name);
5933
57b0d3e8
MH		 5934 if (hdev_is_powered(hdev)) {
5935 switch (cp->type) {
5936 case BIT(BDADDR_BREDR):
5937 status = mgmt_bredr_support(hdev);
5938 if (status)
5939 eir_len = 0;
5940 else
5941 eir_len = 5;
5942 break;
5943 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5944 status = mgmt_le_support(hdev);
5945 if (status)
5946 eir_len = 0;
5947 else
5948 eir_len = 9 + 3 + 18 + 18 + 3;
5949 break;
5950 default:
5951 status = MGMT_STATUS_INVALID_PARAMS;
5952 eir_len = 0;
5953 break;
5954 }
5955 } else {
5956 status = MGMT_STATUS_NOT_POWERED;
5957 eir_len = 0;
4f0f155c
MH		 5958 }
5959
4f0f155c
MH		 5960 rp_len = sizeof(*rp) + eir_len;
5961 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 5962 if (!rp)
4f0f155c 5963 return -ENOMEM;
efcd8c98 5964
57b0d3e8
MH		 5965 if (status)
5966 goto complete;
5967
efcd8c98 5968 hci_dev_lock(hdev);
4f0f155c
MH		 5969
5970 eir_len = 0;
5971 switch (cp->type) {
5972 case BIT(BDADDR_BREDR):
40f66c05
JH		 5973 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5974 err = read_local_ssp_oob_req(hdev, sk, cp);
5975 hci_dev_unlock(hdev);
5976 if (!err)
5977 goto done;
5978
5979 status = MGMT_STATUS_FAILED;
5980 goto complete;
5981 } else {
5982 eir_len = eir_append_data(rp->eir, eir_len,
5983 EIR_CLASS_OF_DEV,
5984 hdev->dev_class, 3);
5985 }
4f0f155c
MH		 5986 break;
5987 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 5988 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5989 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 5990 hci_dev_unlock(hdev);
57b0d3e8
MH		 5991 status = MGMT_STATUS_FAILED;
5992 goto complete;
0821a2c5
MH		 5993 }
5994
e213568a
MH		 5995 /* This should return the active RPA, but since the RPA
5996 * is only programmed on demand, it is really hard to fill
5997 * this in at the moment. For now disallow retrieving
5998 * local out-of-band data when privacy is in use.
5999 *
6000 * Returning the identity address will not help here since
6001 * pairing happens before the identity resolving key is
6002 * known and thus the connection establishment happens
6003 * based on the RPA and not the identity address.
6004 */
4f0f155c 6005 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 6006 hci_dev_unlock(hdev);
6007 status = MGMT_STATUS_REJECTED;
6008 goto complete;
6009 }
6010
6011 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6012 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6013 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6014 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 6015 memcpy(addr, &hdev->static_addr, 6);
6016 addr[6] = 0x01;
6017 } else {
6018 memcpy(addr, &hdev->bdaddr, 6);
6019 addr[6] = 0x00;
6020 }
6021
6022 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6023 addr, sizeof(addr));
6024
6025 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6026 role = 0x02;
6027 else
6028 role = 0x01;
6029
6030 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6031 &role, sizeof(role));
6032
5082a599
MH		 6033 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6034 eir_len = eir_append_data(rp->eir, eir_len,
6035 EIR_LE_SC_CONFIRM,
6036 hash, sizeof(hash));
0821a2c5 6037
5082a599
MH		 6038 eir_len = eir_append_data(rp->eir, eir_len,
6039 EIR_LE_SC_RANDOM,
6040 rand, sizeof(rand));
6041 }
0821a2c5 6042
f2252570 6043 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 6044
6045 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6046 flags |= LE_AD_NO_BREDR;
6047
6048 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6049 &flags, sizeof(flags));
6050 break;
6051 }
6052
4f0f155c
MH		 6053 hci_dev_unlock(hdev);
6054
72000df2
MH		 6055 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6056
57b0d3e8
MH		 6057 status = MGMT_STATUS_SUCCESS;
6058
6059complete:
efcd8c98
MH		 6060 rp->type = cp->type;
6061 rp->eir_len = cpu_to_le16(eir_len);
6062
4f0f155c 6063 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6064 status, rp, sizeof(*rp) + eir_len);
6065 if (err < 0 || status)
72000df2
MH		 6066 goto done;
6067
6068 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6069 rp, sizeof(*rp) + eir_len,
6070 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6071
0821a2c5 6072done:
4f0f155c
MH		 6073 kfree(rp);
6074
6075 return err;
6076}
6077
089fa8c0
AU		 6078static u32 get_supported_adv_flags(struct hci_dev *hdev)
6079{
6080 u32 flags = 0;
6081
6082 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6083 flags |= MGMT_ADV_FLAG_DISCOV;
6084 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6085 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6086
6087 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6088 flags |= MGMT_ADV_FLAG_TX_POWER;
6089
6090 return flags;
6091}
6092
d3d5305b
MH		 6093static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6094 void *data, u16 data_len)
6095{
6096 struct mgmt_rp_read_adv_features *rp;
6097 size_t rp_len;
286e0c83 6098 int err, i;
24b4f38f 6099 bool instance;
286e0c83 6100 struct adv_info *adv_instance;
089fa8c0 6101 u32 supported_flags;
d3d5305b
MH		 6102
6103 BT_DBG("%s", hdev->name);
6104
089fa8c0
AU		 6105 if (!lmp_le_capable(hdev))
6106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6107 MGMT_STATUS_REJECTED);
6108
d3d5305b
MH		 6109 hci_dev_lock(hdev);
6110
6111 rp_len = sizeof(*rp);
24b4f38f 6112
24b4f38f
AU		 6113 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6114 if (instance)
286e0c83 6115 rp_len += hdev->adv_instance_cnt;
24b4f38f 6116
d3d5305b
MH		 6117 rp = kmalloc(rp_len, GFP_ATOMIC);
6118 if (!rp) {
6119 hci_dev_unlock(hdev);
6120 return -ENOMEM;
6121 }
6122
089fa8c0
AU		 6123 supported_flags = get_supported_adv_flags(hdev);
6124
6125 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6126 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6127 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6128 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f 6129
24b4f38f 6130 if (instance) {
286e0c83
FG		 6131 i = 0;
6132 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6133 if (i >= hdev->adv_instance_cnt)
6134 break;
6135
6136 rp->instance[i] = adv_instance->instance;
6137 i++;
6138 }
6139 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f
AU		 6140 } else {
6141 rp->num_instances = 0;
6142 }
d3d5305b
MH		 6143
6144 hci_dev_unlock(hdev);
6145
6146 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6147 MGMT_STATUS_SUCCESS, rp, rp_len);
6148
6149 kfree(rp);
6150
6151 return err;
6152}
6153
4117ed70 6154static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 6155 u8 len, bool is_adv_data)
24b4f38f 6156{
4117ed70 6157 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6158 int i, cur_len;
b44133ff 6159 bool flags_managed = false;
5507e358 6160 bool tx_power_managed = false;
24b4f38f 6161
31a3248d
MH		 6162 if (is_adv_data) {
6163 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6164 MGMT_ADV_FLAG_LIMITED_DISCOV |
6165 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
6166 flags_managed = true;
6167 max_len -= 3;
6168 }
24b4f38f 6169
31a3248d
MH		 6170 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
6171 tx_power_managed = true;
6172 max_len -= 3;
6173 }
5507e358
AU		 6174 }
6175
4117ed70 6176 if (len > max_len)
24b4f38f
AU		 6177 return false;
6178
4117ed70
AU		 6179 /* Make sure that the data is correctly formatted. */
6180 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6181 cur_len = data[i];
24b4f38f 6182
b44133ff
AU		 6183 if (flags_managed && data[i + 1] == EIR_FLAGS)
6184 return false;
6185
5507e358
AU		 6186 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6187 return false;
6188
24b4f38f
AU		 6189 /* If the current field length would exceed the total data
6190 * length, then it's invalid.
6191 */
4117ed70 6192 if (i + cur_len >= len)
24b4f38f
AU		 6193 return false;
6194 }
6195
6196 return true;
6197}
6198
24b4f38f
AU		 6199static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6200 u16 opcode)
6201{
6202 struct mgmt_pending_cmd *cmd;
fffd38bc 6203 struct mgmt_cp_add_advertising *cp;
24b4f38f 6204 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6205 struct adv_info *adv_instance, *n;
6206 u8 instance;
24b4f38f
AU		 6207
6208 BT_DBG("status %d", status);
6209
6210 hci_dev_lock(hdev);
6211
6212 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6213
fffd38bc 6214 if (status)
24b4f38f 6215 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
fffd38bc
FG		 6216
6217 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6218 if (!adv_instance->pending)
6219 continue;
6220
6221 if (!status) {
6222 adv_instance->pending = false;
6223 continue;
6224 }
6225
6226 instance = adv_instance->instance;
6227
6228 if (hdev->cur_adv_instance == instance)
6229 cancel_adv_timeout(hdev);
6230
6231 hci_remove_adv_instance(hdev, instance);
f2252570 6232 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6233 }
6234
6235 if (!cmd)
6236 goto unlock;
6237
fffd38bc
FG		 6238 cp = cmd->param;
6239 rp.instance = cp->instance;
24b4f38f
AU		 6240
6241 if (status)
6242 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6243 mgmt_status(status));
6244 else
6245 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6246 mgmt_status(status), &rp, sizeof(rp));
6247
6248 mgmt_pending_remove(cmd);
6249
6250unlock:
6251 hci_dev_unlock(hdev);
6252}
6253
6254static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6255 void *data, u16 data_len)
6256{
6257 struct mgmt_cp_add_advertising *cp = data;
6258 struct mgmt_rp_add_advertising rp;
6259 u32 flags;
089fa8c0 6260 u32 supported_flags;
24b4f38f 6261 u8 status;
fffd38bc
FG		 6262 u16 timeout, duration;
6263 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6264 u8 schedule_instance = 0;
6265 struct adv_info *next_instance;
24b4f38f
AU		 6266 int err;
6267 struct mgmt_pending_cmd *cmd;
6268 struct hci_request req;
6269
6270 BT_DBG("%s", hdev->name);
6271
6272 status = mgmt_le_support(hdev);
6273 if (status)
6274 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6275 status);
6276
ceff86af
MH		 6277 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6278 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6279 MGMT_STATUS_INVALID_PARAMS);
6280
24b4f38f 6281 flags = __le32_to_cpu(cp->flags);
912098a6 6282 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6283 duration = __le16_to_cpu(cp->duration);
24b4f38f 6284
fffd38bc
FG		 6285 /* The current implementation only supports a subset of the specified
6286 * flags.
089fa8c0
AU		 6287 */
6288 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 6289 if (flags & ~supported_flags)
24b4f38f
AU		 6290 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6291 MGMT_STATUS_INVALID_PARAMS);
6292
6293 hci_dev_lock(hdev);
6294
912098a6
AU		 6295 if (timeout && !hdev_is_powered(hdev)) {
6296 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6297 MGMT_STATUS_REJECTED);
6298 goto unlock;
6299 }
6300
24b4f38f 6301 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6302 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6303 pending_find(MGMT_OP_SET_LE, hdev)) {
6304 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6305 MGMT_STATUS_BUSY);
6306 goto unlock;
6307 }
6308
b44133ff 6309 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6310 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6311 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6312 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6313 MGMT_STATUS_INVALID_PARAMS);
6314 goto unlock;
6315 }
6316
fffd38bc
FG		 6317 err = hci_add_adv_instance(hdev, cp->instance, flags,
6318 cp->adv_data_len, cp->data,
6319 cp->scan_rsp_len,
6320 cp->data + cp->adv_data_len,
6321 timeout, duration);
6322 if (err < 0) {
6323 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6324 MGMT_STATUS_FAILED);
6325 goto unlock;
6326 }
24b4f38f 6327
fffd38bc
FG		 6328 /* Only trigger an advertising added event if a new instance was
6329 * actually added.
6330 */
6331 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6332 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6333
fffd38bc 6334 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
912098a6 6335
fffd38bc
FG		 6336 if (hdev->cur_adv_instance == cp->instance) {
6337 /* If the currently advertised instance is being changed then
6338 * cancel the current advertising and schedule the next
6339 * instance. If there is only one instance then the overridden
6340 * advertising data will be visible right away.
6341 */
6342 cancel_adv_timeout(hdev);
912098a6 6343
fffd38bc
FG		 6344 next_instance = hci_get_next_instance(hdev, cp->instance);
6345 if (next_instance)
6346 schedule_instance = next_instance->instance;
6347 } else if (!hdev->adv_instance_timeout) {
6348 /* Immediately advertise the new instance if no other
6349 * instance is currently being advertised.
6350 */
6351 schedule_instance = cp->instance;
6352 }
24b4f38f 6353
fffd38bc
FG		 6354 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6355 * there is no instance to be advertised then we have no HCI
6356 * communication to make. Simply return.
24b4f38f
AU		 6357 */
6358 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6359 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6360 !schedule_instance) {
6361 rp.instance = cp->instance;
24b4f38f
AU		 6362 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6363 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6364 goto unlock;
6365 }
6366
6367 /* We're good to go, update advertising data, parameters, and start
6368 * advertising.
6369 */
6370 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6371 data_len);
6372 if (!cmd) {
6373 err = -ENOMEM;
6374 goto unlock;
6375 }
6376
6377 hci_req_init(&req, hdev);
6378
f2252570 6379 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6380
6381 if (!err)
6382 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6383
24b4f38f
AU		 6384 if (err < 0)
6385 mgmt_pending_remove(cmd);
6386
6387unlock:
6388 hci_dev_unlock(hdev);
6389
6390 return err;
6391}
6392
da929335
AU		 6393static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6394 u16 opcode)
6395{
6396 struct mgmt_pending_cmd *cmd;
01948331 6397 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6398 struct mgmt_rp_remove_advertising rp;
6399
6400 BT_DBG("status %d", status);
6401
6402 hci_dev_lock(hdev);
6403
6404 /* A failure status here only means that we failed to disable
6405 * advertising. Otherwise, the advertising instance has been removed,
6406 * so report success.
6407 */
6408 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6409 if (!cmd)
6410 goto unlock;
6411
01948331
FG		 6412 cp = cmd->param;
6413 rp.instance = cp->instance;
da929335
AU		 6414
6415 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6416 &rp, sizeof(rp));
6417 mgmt_pending_remove(cmd);
6418
6419unlock:
6420 hci_dev_unlock(hdev);
6421}
6422
6423static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6424 void *data, u16 data_len)
6425{
6426 struct mgmt_cp_remove_advertising *cp = data;
6427 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6428 struct mgmt_pending_cmd *cmd;
6429 struct hci_request req;
952497b1 6430 int err;
da929335
AU		 6431
6432 BT_DBG("%s", hdev->name);
6433
da929335
AU		 6434 hci_dev_lock(hdev);
6435
952497b1 6436 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6437 err = mgmt_cmd_status(sk, hdev->id,
6438 MGMT_OP_REMOVE_ADVERTISING,
6439 MGMT_STATUS_INVALID_PARAMS);
6440 goto unlock;
6441 }
6442
da929335
AU		 6443 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6444 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6445 pending_find(MGMT_OP_SET_LE, hdev)) {
6446 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6447 MGMT_STATUS_BUSY);
6448 goto unlock;
6449 }
6450
6451 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6452 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6453 MGMT_STATUS_INVALID_PARAMS);
6454 goto unlock;
6455 }
6456
01948331 6457 hci_req_init(&req, hdev);
da929335 6458
f2252570 6459 hci_req_clear_adv_instance(hdev, &req, cp->instance, true);
da929335 6460
01948331 6461 if (list_empty(&hdev->adv_instances))
f2252570 6462 __hci_req_disable_advertising(&req);
da929335 6463
01948331
FG		 6464 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6465 * flag is set or the device isn't powered then we have no HCI
6466 * communication to make. Simply return.
da929335 6467 */
01948331
FG		 6468 if (skb_queue_empty(&req.cmd_q) ||
6469 !hdev_is_powered(hdev) ||
da929335 6470 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 6471 rp.instance = cp->instance;
da929335
AU		 6472 err = mgmt_cmd_complete(sk, hdev->id,
6473 MGMT_OP_REMOVE_ADVERTISING,
6474 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6475 goto unlock;
6476 }
6477
6478 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6479 data_len);
6480 if (!cmd) {
6481 err = -ENOMEM;
6482 goto unlock;
6483 }
6484
da929335
AU		 6485 err = hci_req_run(&req, remove_advertising_complete);
6486 if (err < 0)
6487 mgmt_pending_remove(cmd);
6488
6489unlock:
6490 hci_dev_unlock(hdev);
6491
6492 return err;
6493}
6494
40b25fe5
MH		 6495static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6496{
6497 u8 max_len = HCI_MAX_AD_LENGTH;
6498
6499 if (is_adv_data) {
6500 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6501 MGMT_ADV_FLAG_LIMITED_DISCOV |
6502 MGMT_ADV_FLAG_MANAGED_FLAGS))
6503 max_len -= 3;
6504
6505 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6506 max_len -= 3;
6507 }
6508
6509 return max_len;
6510}
6511
6512static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6513 void *data, u16 data_len)
6514{
6515 struct mgmt_cp_get_adv_size_info *cp = data;
6516 struct mgmt_rp_get_adv_size_info rp;
6517 u32 flags, supported_flags;
6518 int err;
6519
6520 BT_DBG("%s", hdev->name);
6521
6522 if (!lmp_le_capable(hdev))
6523 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6524 MGMT_STATUS_REJECTED);
6525
6526 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6527 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6528 MGMT_STATUS_INVALID_PARAMS);
6529
6530 flags = __le32_to_cpu(cp->flags);
6531
6532 /* The current implementation only supports a subset of the specified
6533 * flags.
6534 */
6535 supported_flags = get_supported_adv_flags(hdev);
6536 if (flags & ~supported_flags)
6537 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6538 MGMT_STATUS_INVALID_PARAMS);
6539
6540 rp.instance = cp->instance;
6541 rp.flags = cp->flags;
6542 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6543 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6544
6545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6546 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6547
6548 return err;
6549}
6550
6d785aa3 6551static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6552 { NULL }, /* 0x0000 (no command) */
b9a245fb 6553 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6554 HCI_MGMT_NO_HDEV |
6555 HCI_MGMT_UNTRUSTED },
b9a245fb 6556 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6557 HCI_MGMT_NO_HDEV |
6558 HCI_MGMT_UNTRUSTED },
b9a245fb 6559 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6560 HCI_MGMT_NO_HDEV |
6561 HCI_MGMT_UNTRUSTED },
6562 { read_controller_info, MGMT_READ_INFO_SIZE,
6563 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6564 { set_powered, MGMT_SETTING_SIZE },
6565 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6566 { set_connectable, MGMT_SETTING_SIZE },
6567 { set_fast_connectable, MGMT_SETTING_SIZE },
6568 { set_bondable, MGMT_SETTING_SIZE },
6569 { set_link_security, MGMT_SETTING_SIZE },
6570 { set_ssp, MGMT_SETTING_SIZE },
6571 { set_hs, MGMT_SETTING_SIZE },
6572 { set_le, MGMT_SETTING_SIZE },
6573 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6574 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6575 { add_uuid, MGMT_ADD_UUID_SIZE },
6576 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6577 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6578 HCI_MGMT_VAR_LEN },
6579 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6580 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6581 { disconnect, MGMT_DISCONNECT_SIZE },
6582 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6583 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6584 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6585 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6586 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6587 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6588 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6589 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6590 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6591 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6592 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6593 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6594 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6595 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6596 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6597 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6598 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6599 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6600 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6601 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6602 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6603 { set_advertising, MGMT_SETTING_SIZE },
6604 { set_bredr, MGMT_SETTING_SIZE },
6605 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6606 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6607 { set_secure_conn, MGMT_SETTING_SIZE },
6608 { set_debug_keys, MGMT_SETTING_SIZE },
6609 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6610 { load_irks, MGMT_LOAD_IRKS_SIZE,
6611 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6612 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6613 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6614 { add_device, MGMT_ADD_DEVICE_SIZE },
6615 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6616 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6617 HCI_MGMT_VAR_LEN },
6618 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6619 HCI_MGMT_NO_HDEV |
6620 HCI_MGMT_UNTRUSTED },
b9a245fb 6621 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6622 HCI_MGMT_UNCONFIGURED |
6623 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6624 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6625 HCI_MGMT_UNCONFIGURED },
6626 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6627 HCI_MGMT_UNCONFIGURED },
6628 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6629 HCI_MGMT_VAR_LEN },
4f0f155c 6630 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6631 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6632 HCI_MGMT_NO_HDEV |
6633 HCI_MGMT_UNTRUSTED },
d3d5305b 6634 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6635 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6636 HCI_MGMT_VAR_LEN },
da929335 6637 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6638 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
0f4e68cf
JH		 6639};
6640
bf6b56db 6641void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6642{
ced85549 6643 struct mgmt_ev_ext_index ev;
bb4b2a9a 6644
0602a8ad
MH		 6645 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6646 return;
6647
f9207338
MH		 6648 switch (hdev->dev_type) {
6649 case HCI_BREDR:
6650 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6651 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6652 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6653 ev.type = 0x01;
f9207338
MH		 6654 } else {
6655 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6656 HCI_MGMT_INDEX_EVENTS);
ced85549 6657 ev.type = 0x00;
f9207338
MH		 6658 }
6659 break;
ced85549
MH		 6660 case HCI_AMP:
6661 ev.type = 0x02;
6662 break;
6663 default:
6664 return;
f9207338 6665 }
ced85549
MH		 6666
6667 ev.bus = hdev->bus;
6668
6669 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6670 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6671}
6672
bf6b56db 6673void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6674{
ced85549 6675 struct mgmt_ev_ext_index ev;
5f159032 6676 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6677
0602a8ad
MH		 6678 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6679 return;
6680
f9207338
MH		 6681 switch (hdev->dev_type) {
6682 case HCI_BREDR:
6683 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6684
f9207338
MH		 6685 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6686 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6687 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6688 ev.type = 0x01;
f9207338
MH		 6689 } else {
6690 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6691 HCI_MGMT_INDEX_EVENTS);
ced85549 6692 ev.type = 0x00;
f9207338
MH		 6693 }
6694 break;
ced85549
MH		 6695 case HCI_AMP:
6696 ev.type = 0x02;
6697 break;
6698 default:
6699 return;
f9207338 6700 }
ced85549
MH		 6701
6702 ev.bus = hdev->bus;
6703
6704 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6705 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6706}
6707
6046dc3e 6708/* This function requires the caller holds hdev->lock */
af02dd44 6709static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6710{
6711 struct hci_conn_params *p;
6712
6713 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6714 /* Needed for AUTO_OFF case where might not "really"
6715 * have been powered off.
6716 */
6717 list_del_init(&p->action);
6718
6719 switch (p->auto_connect) {
4b9e7e75 6720 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6721 case HCI_AUTO_CONN_ALWAYS:
6722 list_add(&p->action, &hdev->pend_le_conns);
6723 break;
6724 case HCI_AUTO_CONN_REPORT:
6725 list_add(&p->action, &hdev->pend_le_reports);
6726 break;
6727 default:
6728 break;
c83ed19d 6729 }
6046dc3e
AG		 6730 }
6731}
6732
1904a853 6733static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6734{
6735 struct cmd_lookup match = { NULL, hdev };
6736
6737 BT_DBG("status 0x%02x", status);
6738
162a3bac 6739 if (!status) {
af02dd44
JH		 6740 restart_le_actions(hdev);
6741 hci_update_background_scan(hdev);
162a3bac
MH		 6742 }
6743
229ab39c
JH		 6744 hci_dev_lock(hdev);
6745
6746 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6747
6748 new_settings(hdev, match.sk);
6749
6750 hci_dev_unlock(hdev);
6751
6752 if (match.sk)
6753 sock_put(match.sk);
6754}
6755
70da6243 6756static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6757{
890ea898 6758 struct hci_request req;
320b3bf7 6759 struct adv_info *adv_instance;
70da6243 6760 u8 link_sec;
5add6af8 6761
890ea898
JH		 6762 hci_req_init(&req, hdev);
6763
d7a5a11d 6764 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6765 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6766 u8 mode = 0x01;
5e5282bb 6767
574ea3c7
MH		 6768 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6769
6770 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6771 u8 support = 0x01;
5add6af8 6772
574ea3c7
MH		 6773 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6774 sizeof(support), &support);
6775 }
ec6f99b8
JH		 6776 }
6777
d7a5a11d 6778 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6779 lmp_bredr_capable(hdev)) {
70da6243 6780 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6781
32226e4f
MH		 6782 cp.le = 0x01;
6783 cp.simul = 0x00;
3d1cbdd6 6784
70da6243
JH		 6785 /* Check first if we already have the right
6786 * host state (host features set)
6787 */
6788 if (cp.le != lmp_host_le_capable(hdev) ||
6789 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6790 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6791 sizeof(cp), &cp);
70da6243 6792 }
3d1cbdd6 6793
d13eafce 6794 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6795 /* Make sure the controller has a good default for
6796 * advertising data. This also applies to the case
6797 * where BR/EDR was toggled during the AUTO_OFF phase.
6798 */
320b3bf7
FG		 6799 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
6800 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6801 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
f2252570
JH		 6802 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
6803 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
f14d8f64 6804 }
441ad2d0 6805
320b3bf7
FG		 6806 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
6807 hdev->cur_adv_instance == 0x00 &&
6808 !list_empty(&hdev->adv_instances)) {
6809 adv_instance = list_first_entry(&hdev->adv_instances,
6810 struct adv_info, list);
6811 hdev->cur_adv_instance = adv_instance->instance;
6812 }
6813
6814 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
f2252570 6815 __hci_req_enable_advertising(&req);
320b3bf7
FG		 6816 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
6817 hdev->cur_adv_instance)
f2252570
JH		 6818 __hci_req_schedule_adv_instance(&req,
6819 hdev->cur_adv_instance,
6820 true);
eeca6f89
JH		 6821 }
6822
d7a5a11d 6823 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6824 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6825 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6826 sizeof(link_sec), &link_sec);
562fcc24 6827
70da6243 6828 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6829 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6830 write_fast_connectable(&req, true);
6831 else
6832 write_fast_connectable(&req, false);
01b1cb87 6833 __hci_req_update_scan(&req);
14bf5eac 6834 __hci_req_update_class(&req);
13928971 6835 update_name(&req);
890ea898 6836 update_eir(&req);
70da6243 6837 }
562fcc24 6838
229ab39c 6839 return hci_req_run(&req, powered_complete);
70da6243 6840}
562fcc24 6841
70da6243
JH		 6842int mgmt_powered(struct hci_dev *hdev, u8 powered)
6843{
6844 struct cmd_lookup match = { NULL, hdev };
9845904f 6845 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6846 int err;
f0ff92fb 6847
d7a5a11d 6848 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6849 return 0;
6850
70da6243 6851 if (powered) {
e59a5542
AK		 6852 /* Register the available SMP channels (BR/EDR and LE) only
6853 * when successfully powering on the controller. This late
6854 * registration is required so that LE SMP can clearly
6855 * decide if the public address or static address is used.
6856 */
6857 smp_register(hdev);
6858
229ab39c
JH		 6859 if (powered_update_hci(hdev) == 0)
6860 return 0;
fe038884 6861
229ab39c
JH		 6862 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6863 &match);
6864 goto new_settings;
b24752fe
JH		 6865 }
6866
229ab39c 6867 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6868
6869 /* If the power off is because of hdev unregistration let
6870 * use the appropriate INVALID_INDEX status. Otherwise use
6871 * NOT_POWERED. We cover both scenarios here since later in
6872 * mgmt_index_removed() any hci_conn callbacks will have already
6873 * been triggered, potentially causing misleading DISCONNECTED
6874 * status responses.
6875 */
d7a5a11d 6876 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6877 status = MGMT_STATUS_INVALID_INDEX;
6878 else
6879 status = MGMT_STATUS_NOT_POWERED;
6880
6881 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6882
6883 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6884 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6885 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 6886
6887new_settings:
beadb2bd 6888 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6889
6890 if (match.sk)
6891 sock_put(match.sk);
6892
7bb895d6 6893 return err;
5add6af8 6894}
73f22f62 6895
3eec705e 6896void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6897{
3b0602cd 6898 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6899 u8 status;
6900
333ae95d 6901 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6902 if (!cmd)
3eec705e 6903 return;
96570ffc
JH		 6904
6905 if (err == -ERFKILL)
6906 status = MGMT_STATUS_RFKILLED;
6907 else
6908 status = MGMT_STATUS_FAILED;
6909
a69e8375 6910 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6911
6912 mgmt_pending_remove(cmd);
96570ffc
JH		 6913}
6914
d1967ff8
MH		 6915void mgmt_discoverable_timeout(struct hci_dev *hdev)
6916{
6917 struct hci_request req;
d1967ff8
MH		 6918
6919 hci_dev_lock(hdev);
6920
6921 /* When discoverable timeout triggers, then just make sure
6922 * the limited discoverable flag is cleared. Even in the case
6923 * of a timeout triggered from general discoverable, it is
6924 * safe to unconditionally clear the flag.
6925 */
a358dc11
MH		 6926 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6927 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6928
6929 hci_req_init(&req, hdev);
d7a5a11d 6930 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6931 u8 scan = SCAN_PAGE;
6932 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6933 sizeof(scan), &scan);
6934 }
14bf5eac 6935 __hci_req_update_class(&req);
24b4f38f
AU		 6936
6937 /* Advertising instances don't use the global discoverable setting, so
6938 * only update AD if advertising was enabled using Set Advertising.
6939 */
6940 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
f2252570 6941 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
24b4f38f 6942
d1967ff8
MH		 6943 hci_req_run(&req, NULL);
6944
6945 hdev->discov_timeout = 0;
6946
9a43e25f
JH		 6947 new_settings(hdev, NULL);
6948
d1967ff8
MH		 6949 hci_dev_unlock(hdev);
6950}
6951
dc4a5ee2
MH		 6952void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6953 bool persistent)
55ed8ca1 6954{
86742e1e 6955 struct mgmt_ev_new_link_key ev;
55ed8ca1 6956
a492cd52 6957 memset(&ev, 0, sizeof(ev));
55ed8ca1 6958
a492cd52 6959 ev.store_hint = persistent;
d753fdc4 6960 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6961 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6962 ev.key.type = key->type;
9b3b4460 6963 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6964 ev.key.pin_len = key->pin_len;
55ed8ca1 6965
dc4a5ee2 6966 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6967}
f7520543 6968
d7b25450
JH		 6969static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6970{
23fb8de3
JH		 6971 switch (ltk->type) {
6972 case SMP_LTK:
6973 case SMP_LTK_SLAVE:
6974 if (ltk->authenticated)
6975 return MGMT_LTK_AUTHENTICATED;
6976 return MGMT_LTK_UNAUTHENTICATED;
6977 case SMP_LTK_P256:
6978 if (ltk->authenticated)
6979 return MGMT_LTK_P256_AUTH;
6980 return MGMT_LTK_P256_UNAUTH;
6981 case SMP_LTK_P256_DEBUG:
6982 return MGMT_LTK_P256_DEBUG;
6983 }
d7b25450
JH		 6984
6985 return MGMT_LTK_UNAUTHENTICATED;
6986}
6987
53ac6ab6 6988void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6989{
6990 struct mgmt_ev_new_long_term_key ev;
6991
6992 memset(&ev, 0, sizeof(ev));
6993
5192d301 6994 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6995 * without providing an identity resolving key don't require
5192d301
MH		 6996 * to store long term keys. Their addresses will change the
6997 * next time around.
6998 *
6999 * Only when a remote device provides an identity address
7000 * make sure the long term key is stored. If the remote
7001 * identity is known, the long term keys are internally
7002 * mapped to the identity address. So allow static random
7003 * and public addresses here.
7004 */
ba74b666
JH		 7005 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7006 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7007 ev.store_hint = 0x00;
7008 else
53ac6ab6 7009 ev.store_hint = persistent;
ba74b666 7010
346af67b 7011 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7012 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7013 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7014 ev.key.enc_size = key->enc_size;
7015 ev.key.ediv = key->ediv;
fe39c7b2 7016 ev.key.rand = key->rand;
346af67b 7017
2ceba539 7018 if (key->type == SMP_LTK)
346af67b
VCG		 7019 ev.key.master = 1;
7020
1fc62c52
JH		 7021 /* Make sure we copy only the significant bytes based on the
7022 * encryption key size, and set the rest of the value to zeroes.
7023 */
cb92205b 7024 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 7025 memset(ev.key.val + key->enc_size, 0,
7026 sizeof(ev.key.val) - key->enc_size);
346af67b 7027
083368f7 7028 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7029}
7030
cad20c27 7031void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 7032{
7033 struct mgmt_ev_new_irk ev;
7034
7035 memset(&ev, 0, sizeof(ev));
7036
cad20c27 7037 ev.store_hint = persistent;
bab6d1e5 7038
95fbac8a
JH		 7039 bacpy(&ev.rpa, &irk->rpa);
7040 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7041 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7042 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7043
7044 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7045}
7046
53ac6ab6
MH		 7047void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7048 bool persistent)
7ee4ea36
MH		 7049{
7050 struct mgmt_ev_new_csrk ev;
7051
7052 memset(&ev, 0, sizeof(ev));
7053
7054 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7055 * without providing an identity resolving key don't require
7ee4ea36
MH		 7056 * to store signature resolving keys. Their addresses will change
7057 * the next time around.
7058 *
7059 * Only when a remote device provides an identity address
7060 * make sure the signature resolving key is stored. So allow
7061 * static random and public addresses here.
7062 */
7063 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7064 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7065 ev.store_hint = 0x00;
7066 else
53ac6ab6 7067 ev.store_hint = persistent;
7ee4ea36
MH		 7068
7069 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7070 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7071 ev.key.type = csrk->type;
7ee4ea36
MH		 7072 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7073
7074 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7075}
7076
ffb5a827 7077void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7078 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7079 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7080{
7081 struct mgmt_ev_new_conn_param ev;
7082
c103aea6
JH		 7083 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7084 return;
7085
ffb5a827
AG		 7086 memset(&ev, 0, sizeof(ev));
7087 bacpy(&ev.addr.bdaddr, bdaddr);
7088 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7089 ev.store_hint = store_hint;
ffb5a827
AG		 7090 ev.min_interval = cpu_to_le16(min_interval);
7091 ev.max_interval = cpu_to_le16(max_interval);
7092 ev.latency = cpu_to_le16(latency);
7093 ev.timeout = cpu_to_le16(timeout);
7094
7095 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7096}
7097
48ec92fa
AA		 7098void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7099 u32 flags, u8 *name, u8 name_len)
f7520543 7100{
b644ba33
JH		 7101 char buf[512];
7102 struct mgmt_ev_device_connected *ev = (void *) buf;
7103 u16 eir_len = 0;
f7520543 7104
48ec92fa
AA		 7105 bacpy(&ev->addr.bdaddr, &conn->dst);
7106 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7107
c95f0ba7 7108 ev->flags = __cpu_to_le32(flags);
08c79b61 7109
fd45ada9
AA		 7110 /* We must ensure that the EIR Data fields are ordered and
7111 * unique. Keep it simple for now and avoid the problem by not
7112 * adding any BR/EDR data to the LE adv.
7113 */
7114 if (conn->le_adv_data_len > 0) {
7115 memcpy(&ev->eir[eir_len],
7116 conn->le_adv_data, conn->le_adv_data_len);
7117 eir_len = conn->le_adv_data_len;
7118 } else {
7119 if (name_len > 0)
7120 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7121 name, name_len);
b644ba33 7122
ddbea5cf 7123 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7124 eir_len = eir_append_data(ev->eir, eir_len,
7125 EIR_CLASS_OF_DEV,
7126 conn->dev_class, 3);
7127 }
b644ba33 7128
eb55ef07 7129 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7130
ecd90ae7
MH		 7131 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7132 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7133}
7134
3b0602cd 7135static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7136{
8962ee74 7137 struct sock **sk = data;
8962ee74 7138
f5818c22 7139 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7140
7141 *sk = cmd->sk;
7142 sock_hold(*sk);
7143
a664b5bc 7144 mgmt_pending_remove(cmd);
8962ee74
JH		 7145}
7146
3b0602cd 7147static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7148{
b1078ad0 7149 struct hci_dev *hdev = data;
124f6e35 7150 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7151
b1078ad0
JH		 7152 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7153
d8b7b1e4 7154 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7155 mgmt_pending_remove(cmd);
7156}
7157
84c61d92
JH		 7158bool mgmt_powering_down(struct hci_dev *hdev)
7159{
3b0602cd 7160 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7161 struct mgmt_mode *cp;
7162
333ae95d 7163 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7164 if (!cmd)
7165 return false;
7166
7167 cp = cmd->param;
7168 if (!cp->val)
7169 return true;
7170
7171 return false;
7172}
7173
9b80ec5e 7174void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7175 u8 link_type, u8 addr_type, u8 reason,
7176 bool mgmt_connected)
f7520543 7177{
f0d6a0ea 7178 struct mgmt_ev_device_disconnected ev;
8962ee74 7179 struct sock *sk = NULL;
8962ee74 7180
84c61d92
JH		 7181 /* The connection is still in hci_conn_hash so test for 1
7182 * instead of 0 to know if this is the last one.
7183 */
7184 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7185 cancel_delayed_work(&hdev->power_off);
7186 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7187 }
7188
12d4a3b2
JH		 7189 if (!mgmt_connected)
7190 return;
7191
57eb776f
AG		 7192 if (link_type != ACL_LINK && link_type != LE_LINK)
7193 return;
7194
744cf19e 7195 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7196
f0d6a0ea
MA		 7197 bacpy(&ev.addr.bdaddr, bdaddr);
7198 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7199 ev.reason = reason;
f7520543 7200
9b80ec5e 7201 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7202
7203 if (sk)
d97dcb66 7204 sock_put(sk);
8962ee74 7205
124f6e35 7206 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7207 hdev);
8962ee74
JH		 7208}
7209
7892924c
MH		 7210void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7211 u8 link_type, u8 addr_type, u8 status)
8962ee74 7212{
3655bba8
AG		 7213 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7214 struct mgmt_cp_disconnect *cp;
3b0602cd 7215 struct mgmt_pending_cmd *cmd;
8962ee74 7216
36a75f1b
JD		 7217 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7218 hdev);
7219
333ae95d 7220 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7221 if (!cmd)
7892924c 7222 return;
8962ee74 7223
3655bba8
AG		 7224 cp = cmd->param;
7225
7226 if (bacmp(bdaddr, &cp->addr.bdaddr))
7227 return;
7228
7229 if (cp->addr.type != bdaddr_type)
7230 return;
7231
f5818c22 7232 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7233 mgmt_pending_remove(cmd);
f7520543 7234}
17d5c04c 7235
445608d0
MH		 7236void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7237 u8 addr_type, u8 status)
17d5c04c
JH		 7238{
7239 struct mgmt_ev_connect_failed ev;
c9910d0f 7240
84c61d92
JH		 7241 /* The connection is still in hci_conn_hash so test for 1
7242 * instead of 0 to know if this is the last one.
7243 */
7244 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7245 cancel_delayed_work(&hdev->power_off);
7246 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7247 }
17d5c04c 7248
4c659c39 7249 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7250 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7251 ev.status = mgmt_status(status);
17d5c04c 7252
445608d0 7253 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7254}
980e1a53 7255
ce0e4a0d 7256void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7257{
7258 struct mgmt_ev_pin_code_request ev;
7259
d8457698 7260 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7261 ev.addr.type = BDADDR_BREDR;
a770bb5a 7262 ev.secure = secure;
980e1a53 7263
ce0e4a0d 7264 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7265}
7266
e669cf80
MH		 7267void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7268 u8 status)
980e1a53 7269{
3b0602cd 7270 struct mgmt_pending_cmd *cmd;
980e1a53 7271
333ae95d 7272 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7273 if (!cmd)
e669cf80 7274 return;
980e1a53 7275
7776d1d8 7276 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7277 mgmt_pending_remove(cmd);
980e1a53
JH		 7278}
7279
3eb38528
MH		 7280void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7281 u8 status)
980e1a53 7282{
3b0602cd 7283 struct mgmt_pending_cmd *cmd;
980e1a53 7284
333ae95d 7285 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7286 if (!cmd)
3eb38528 7287 return;
980e1a53 7288
7776d1d8 7289 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7290 mgmt_pending_remove(cmd);
980e1a53 7291}
a5c29683 7292
744cf19e 7293int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7294 u8 link_type, u8 addr_type, u32 value,
04124681 7295 u8 confirm_hint)
a5c29683
JH		 7296{
7297 struct mgmt_ev_user_confirm_request ev;
7298
744cf19e 7299 BT_DBG("%s", hdev->name);
a5c29683 7300
272d90df 7301 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7302 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7303 ev.confirm_hint = confirm_hint;
39adbffe 7304 ev.value = cpu_to_le32(value);
a5c29683 7305
744cf19e 7306 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7307 NULL);
a5c29683
JH		 7308}
7309
272d90df 7310int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7311 u8 link_type, u8 addr_type)
604086b7
BG		 7312{
7313 struct mgmt_ev_user_passkey_request ev;
7314
7315 BT_DBG("%s", hdev->name);
7316
272d90df 7317 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7318 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7319
7320 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7321 NULL);
604086b7
BG		 7322}
7323
0df4c185 7324static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7325 u8 link_type, u8 addr_type, u8 status,
7326 u8 opcode)
a5c29683 7327{
3b0602cd 7328 struct mgmt_pending_cmd *cmd;
a5c29683 7329
333ae95d 7330 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7331 if (!cmd)
7332 return -ENOENT;
7333
7776d1d8 7334 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7335 mgmt_pending_remove(cmd);
a5c29683 7336
7776d1d8 7337 return 0;
a5c29683
JH		 7338}
7339
744cf19e 7340int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7341 u8 link_type, u8 addr_type, u8 status)
a5c29683 7342{
272d90df 7343 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7344 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7345}
7346
272d90df 7347int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7348 u8 link_type, u8 addr_type, u8 status)
a5c29683 7349{
272d90df 7350 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7351 status,
7352 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7353}
2a611692 7354
604086b7 7355int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7356 u8 link_type, u8 addr_type, u8 status)
604086b7 7357{
272d90df 7358 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7359 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7360}
7361
272d90df 7362int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7363 u8 link_type, u8 addr_type, u8 status)
604086b7 7364{
272d90df 7365 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7366 status,
7367 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7368}
7369
92a25256
JH		 7370int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7371 u8 link_type, u8 addr_type, u32 passkey,
7372 u8 entered)
7373{
7374 struct mgmt_ev_passkey_notify ev;
7375
7376 BT_DBG("%s", hdev->name);
7377
7378 bacpy(&ev.addr.bdaddr, bdaddr);
7379 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7380 ev.passkey = __cpu_to_le32(passkey);
7381 ev.entered = entered;
7382
7383 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7384}
7385
e1e930f5 7386void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7387{
7388 struct mgmt_ev_auth_failed ev;
3b0602cd 7389 struct mgmt_pending_cmd *cmd;
e1e930f5 7390 u8 status = mgmt_status(hci_status);
2a611692 7391
e1e930f5
JH		 7392 bacpy(&ev.addr.bdaddr, &conn->dst);
7393 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7394 ev.status = status;
2a611692 7395
e1e930f5
JH		 7396 cmd = find_pairing(conn);
7397
7398 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7399 cmd ? cmd->sk : NULL);
7400
a511b35b
JH		 7401 if (cmd) {
7402 cmd->cmd_complete(cmd, status);
7403 mgmt_pending_remove(cmd);
7404 }
2a611692 7405}
b312b161 7406
464996ae 7407void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7408{
7409 struct cmd_lookup match = { NULL, hdev };
464996ae 7410 bool changed;
33ef95ed
JH		 7411
7412 if (status) {
7413 u8 mgmt_err = mgmt_status(status);
7414 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7415 cmd_status_rsp, &mgmt_err);
464996ae 7416 return;
33ef95ed
JH		 7417 }
7418
464996ae 7419 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7420 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7421 else
a69d8927 7422 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7423
33ef95ed 7424 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7425 &match);
33ef95ed 7426
47990ea0 7427 if (changed)
464996ae 7428 new_settings(hdev, match.sk);
33ef95ed
JH		 7429
7430 if (match.sk)
7431 sock_put(match.sk);
33ef95ed
JH		 7432}
7433
890ea898 7434static void clear_eir(struct hci_request *req)
cacaf52f 7435{
890ea898 7436 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7437 struct hci_cp_write_eir cp;
7438
976eb20e 7439 if (!lmp_ext_inq_capable(hdev))
890ea898 7440 return;
cacaf52f 7441
c80da27e
JH		 7442 memset(hdev->eir, 0, sizeof(hdev->eir));
7443
cacaf52f
JH		 7444 memset(&cp, 0, sizeof(cp));
7445
890ea898 7446 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7447}
7448
3e248560 7449void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7450{
7451 struct cmd_lookup match = { NULL, hdev };
890ea898 7452 struct hci_request req;
c0ecddc2 7453 bool changed = false;
ed2c4ee3
JH		 7454
7455 if (status) {
7456 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7457
a69d8927
MH		 7458 if (enable && hci_dev_test_and_clear_flag(hdev,
7459 HCI_SSP_ENABLED)) {
a358dc11 7460 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7461 new_settings(hdev, NULL);
9ecb3e24 7462 }
c0ecddc2 7463
04124681
GP		 7464 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7465 &mgmt_err);
3e248560 7466 return;
c0ecddc2
JH		 7467 }
7468
7469 if (enable) {
238be788 7470 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7471 } else {
a69d8927 7472 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7473 if (!changed)
a69d8927
MH		 7474 changed = hci_dev_test_and_clear_flag(hdev,
7475 HCI_HS_ENABLED);
9ecb3e24 7476 else
a358dc11 7477 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7478 }
7479
7480 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7481
c0ecddc2 7482 if (changed)
3e248560 7483 new_settings(hdev, match.sk);
ed2c4ee3 7484
5fc6ebb1 7485 if (match.sk)
ed2c4ee3
JH		 7486 sock_put(match.sk);
7487
890ea898
JH		 7488 hci_req_init(&req, hdev);
7489
d7a5a11d
MH		 7490 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7491 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7492 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7493 sizeof(enable), &enable);
890ea898 7494 update_eir(&req);
3769972b 7495 } else {
890ea898 7496 clear_eir(&req);
3769972b 7497 }
890ea898
JH		 7498
7499 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7500}
7501
3b0602cd 7502static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7503{
7504 struct cmd_lookup *match = data;
7505
90e70454
JH		 7506 if (match->sk == NULL) {
7507 match->sk = cmd->sk;
7508 sock_hold(match->sk);
7509 }
90e70454
JH		 7510}
7511
4e1b0245
MH		 7512void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7513 u8 status)
7f9a903c 7514{
90e70454 7515 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7516
92da6097
JH		 7517 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7518 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7519 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7520
7521 if (!status)
f6b7712e
MH		 7522 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7523 dev_class, 3, NULL);
90e70454
JH		 7524
7525 if (match.sk)
7526 sock_put(match.sk);
7f9a903c
MH		 7527}
7528
7667da34 7529void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7530{
b312b161 7531 struct mgmt_cp_set_local_name ev;
3b0602cd 7532 struct mgmt_pending_cmd *cmd;
28cc7bde 7533
13928971 7534 if (status)
7667da34 7535 return;
b312b161
JH		 7536
7537 memset(&ev, 0, sizeof(ev));
7538 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7539 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7540
333ae95d 7541 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7542 if (!cmd) {
7543 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7544
13928971
JH		 7545 /* If this is a HCI command related to powering on the
7546 * HCI dev don't send any mgmt signals.
7547 */
333ae95d 7548 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7549 return;
890ea898 7550 }
b312b161 7551
f6b7712e
MH		 7552 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7553 cmd ? cmd->sk : NULL);
b312b161 7554}
c35938b2 7555
799ce93d
JP		 7556static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7557{
7558 int i;
7559
7560 for (i = 0; i < uuid_count; i++) {
7561 if (!memcmp(uuid, uuids[i], 16))
7562 return true;
7563 }
7564
7565 return false;
7566}
7567
b487b9ce
MH		 7568static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7569{
799ce93d
JP		 7570 u16 parsed = 0;
7571
7572 while (parsed < eir_len) {
7573 u8 field_len = eir[0];
7574 u8 uuid[16];
7575 int i;
7576
7577 if (field_len == 0)
7578 break;
7579
7580 if (eir_len - parsed < field_len + 1)
7581 break;
7582
7583 switch (eir[1]) {
7584 case EIR_UUID16_ALL:
7585 case EIR_UUID16_SOME:
7586 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7587 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7588 uuid[13] = eir[i + 3];
7589 uuid[12] = eir[i + 2];
7590 if (has_uuid(uuid, uuid_count, uuids))
7591 return true;
7592 }
7593 break;
7594 case EIR_UUID32_ALL:
7595 case EIR_UUID32_SOME:
7596 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7597 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7598 uuid[15] = eir[i + 5];
7599 uuid[14] = eir[i + 4];
7600 uuid[13] = eir[i + 3];
7601 uuid[12] = eir[i + 2];
7602 if (has_uuid(uuid, uuid_count, uuids))
7603 return true;
7604 }
7605 break;
7606 case EIR_UUID128_ALL:
7607 case EIR_UUID128_SOME:
7608 for (i = 0; i + 17 <= field_len; i += 16) {
7609 memcpy(uuid, eir + i + 2, 16);
7610 if (has_uuid(uuid, uuid_count, uuids))
7611 return true;
7612 }
7613 break;
7614 }
7615
7616 parsed += field_len + 1;
7617 eir += field_len + 1;
7618 }
7619
b487b9ce
MH		 7620 return false;
7621}
7622
4b0e0ced
JP		 7623static void restart_le_scan(struct hci_dev *hdev)
7624{
7625 /* If controller is not scanning we are done. */
d7a5a11d 7626 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7627 return;
7628
7629 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7630 hdev->discovery.scan_start +
7631 hdev->discovery.scan_duration))
7632 return;
7633
7c1fbed2 7634 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7635 DISCOV_LE_RESTART_DELAY);
7636}
7637
48f86b7f
JP		 7638static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7639 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7640{
48f86b7f
JP		 7641 /* If a RSSI threshold has been specified, and
7642 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7643 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7644 * is set, let it through for further processing, as we might need to
7645 * restart the scan.
efb2513f
MH		 7646 *
7647 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7648 * the results are also dropped.
bda157a4
MH		 7649 */
7650 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7651 (rssi == HCI_RSSI_INVALID ||
7652 (rssi < hdev->discovery.rssi &&
7653 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7654 return false;
efb2513f 7655
2976cdeb
JP		 7656 if (hdev->discovery.uuid_count != 0) {
7657 /* If a list of UUIDs is provided in filter, results with no
7658 * matching UUID should be dropped.
b487b9ce 7659 */
2976cdeb
JP		 7660 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7661 hdev->discovery.uuids) &&
7662 !eir_has_uuids(scan_rsp, scan_rsp_len,
7663 hdev->discovery.uuid_count,
7664 hdev->discovery.uuids))
7665 return false;
b487b9ce 7666 }
5d2e9fad 7667
2976cdeb
JP		 7668 /* If duplicate filtering does not report RSSI changes, then restart
7669 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7670 */
2976cdeb
JP		 7671 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7672 restart_le_scan(hdev);
7673
7674 /* Validate RSSI value against the RSSI threshold once more. */
7675 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7676 rssi < hdev->discovery.rssi)
7677 return false;
7678 }
48f86b7f
JP		 7679
7680 return true;
7681}
7682
7683void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7684 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7685 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7686{
7687 char buf[512];
7688 struct mgmt_ev_device_found *ev = (void *)buf;
7689 size_t ev_size;
7690
7691 /* Don't send events for a non-kernel initiated discovery. With
7692 * LE one exception is if we have pend_le_reports > 0 in which
7693 * case we're doing passive scanning and want these events.
7694 */
7695 if (!hci_discovery_active(hdev)) {
7696 if (link_type == ACL_LINK)
7697 return;
7698 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7699 return;
7700 }
7701
82f8b651 7702 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7703 /* We are using service discovery */
7704 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7705 scan_rsp_len))
7706 return;
7707 }
7708
7709 /* Make sure that the buffer is big enough. The 5 extra bytes
7710 * are for the potential CoD field.
7711 */
7712 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7713 return;
7714
48f86b7f
JP		 7715 memset(buf, 0, sizeof(buf));
7716
7717 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7718 * RSSI value was reported as 0 when not available. This behavior
7719 * is kept when using device discovery. This is required for full
7720 * backwards compatibility with the API.
7721 *
7722 * However when using service discovery, the value 127 will be
7723 * returned when the RSSI is not available.
7724 */
7725 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7726 link_type == ACL_LINK)
7727 rssi = 0;
7728
7729 bacpy(&ev->addr.bdaddr, bdaddr);
7730 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7731 ev->rssi = rssi;
7732 ev->flags = cpu_to_le32(flags);
7733
7734 if (eir_len > 0)
7735 /* Copy EIR or advertising data into event */
7736 memcpy(ev->eir, eir, eir_len);
7737
7738 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7739 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7740 dev_class, 3);
7741
7742 if (scan_rsp_len > 0)
7743 /* Append scan response data to event */
7744 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7745
5d2e9fad
JH		 7746 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7747 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7748
901801b9 7749 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7750}
a88a9652 7751
9cf12aee
MH		 7752void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7753 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7754{
b644ba33
JH		 7755 struct mgmt_ev_device_found *ev;
7756 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7757 u16 eir_len;
a88a9652 7758
b644ba33 7759 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7760
b644ba33
JH		 7761 memset(buf, 0, sizeof(buf));
7762
7763 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7764 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7765 ev->rssi = rssi;
7766
7767 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7768 name_len);
b644ba33 7769
eb55ef07 7770 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7771
9cf12aee 7772 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7773}
314b2381 7774
2f1e063b 7775void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7776{
f963e8e9 7777 struct mgmt_ev_discovering ev;
164a6e78 7778
343fb145
AG		 7779 BT_DBG("%s discovering %u", hdev->name, discovering);
7780
f963e8e9
JH		 7781 memset(&ev, 0, sizeof(ev));
7782 ev.type = hdev->discovery.type;
7783 ev.discovering = discovering;
7784
2f1e063b 7785 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7786}
5e762444 7787
6d785aa3
JH		 7788static struct hci_mgmt_chan chan = {
7789 .channel = HCI_CHANNEL_CONTROL,
7790 .handler_count = ARRAY_SIZE(mgmt_handlers),
7791 .handlers = mgmt_handlers,
88b94ce9 7792 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7793};
7794
7795int mgmt_init(void)
7796{
7797 return hci_mgmt_chan_register(&chan);
7798}
7799
7800void mgmt_exit(void)
7801{
7802 hci_mgmt_chan_unregister(&chan);
7803}
ubuntu-zesty-kernel mirror