]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Convert disconn_cfm to be triggered through hci_cb
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236 34
0857dd3b 35#include "hci_request.h"
ac4b7236 36#include "smp.h"
0381101f 37
2da9c55c 38#define MGMT_VERSION 1
854bda19 39#define MGMT_REVISION 8
02d98129 40
e70bb2e8
JH		 41static const u16 mgmt_commands[] = {
42 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_READ_INFO,
44 MGMT_OP_SET_POWERED,
45 MGMT_OP_SET_DISCOVERABLE,
46 MGMT_OP_SET_CONNECTABLE,
47 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 48 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 49 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_SSP,
51 MGMT_OP_SET_HS,
52 MGMT_OP_SET_LE,
53 MGMT_OP_SET_DEV_CLASS,
54 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_ADD_UUID,
56 MGMT_OP_REMOVE_UUID,
57 MGMT_OP_LOAD_LINK_KEYS,
58 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_DISCONNECT,
60 MGMT_OP_GET_CONNECTIONS,
61 MGMT_OP_PIN_CODE_REPLY,
62 MGMT_OP_PIN_CODE_NEG_REPLY,
63 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_PAIR_DEVICE,
65 MGMT_OP_CANCEL_PAIR_DEVICE,
66 MGMT_OP_UNPAIR_DEVICE,
67 MGMT_OP_USER_CONFIRM_REPLY,
68 MGMT_OP_USER_CONFIRM_NEG_REPLY,
69 MGMT_OP_USER_PASSKEY_REPLY,
70 MGMT_OP_USER_PASSKEY_NEG_REPLY,
71 MGMT_OP_READ_LOCAL_OOB_DATA,
72 MGMT_OP_ADD_REMOTE_OOB_DATA,
73 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
74 MGMT_OP_START_DISCOVERY,
75 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_CONFIRM_NAME,
77 MGMT_OP_BLOCK_DEVICE,
78 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 79 MGMT_OP_SET_DEVICE_ID,
4375f103 80 MGMT_OP_SET_ADVERTISING,
0663ca2a 81 MGMT_OP_SET_BREDR,
d13eafce 82 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 83 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 84 MGMT_OP_SET_SECURE_CONN,
4e39ac81 85 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 86 MGMT_OP_SET_PRIVACY,
41edf160 87 MGMT_OP_LOAD_IRKS,
dd983808 88 MGMT_OP_GET_CONN_INFO,
95868426 89 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 90 MGMT_OP_ADD_DEVICE,
91 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 92 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 93 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 94 MGMT_OP_READ_CONFIG_INFO,
dbece37a 95 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 96 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 97 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 98};
99
100static const u16 mgmt_events[] = {
101 MGMT_EV_CONTROLLER_ERROR,
102 MGMT_EV_INDEX_ADDED,
103 MGMT_EV_INDEX_REMOVED,
104 MGMT_EV_NEW_SETTINGS,
105 MGMT_EV_CLASS_OF_DEV_CHANGED,
106 MGMT_EV_LOCAL_NAME_CHANGED,
107 MGMT_EV_NEW_LINK_KEY,
108 MGMT_EV_NEW_LONG_TERM_KEY,
109 MGMT_EV_DEVICE_CONNECTED,
110 MGMT_EV_DEVICE_DISCONNECTED,
111 MGMT_EV_CONNECT_FAILED,
112 MGMT_EV_PIN_CODE_REQUEST,
113 MGMT_EV_USER_CONFIRM_REQUEST,
114 MGMT_EV_USER_PASSKEY_REQUEST,
115 MGMT_EV_AUTH_FAILED,
116 MGMT_EV_DEVICE_FOUND,
117 MGMT_EV_DISCOVERING,
118 MGMT_EV_DEVICE_BLOCKED,
119 MGMT_EV_DEVICE_UNBLOCKED,
120 MGMT_EV_DEVICE_UNPAIRED,
92a25256 121 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 122 MGMT_EV_NEW_IRK,
7ee4ea36 123 MGMT_EV_NEW_CSRK,
8afef092
MH		 124 MGMT_EV_DEVICE_ADDED,
125 MGMT_EV_DEVICE_REMOVED,
ffb5a827 126 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 127 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 128 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 129 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 130};
131
17b02e62 132#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 133
d25b78e2
JH		 134#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
135 "\x00\x00\x00\x00\x00\x00\x00\x00"
136
eec8d2bc
JH		 137struct pending_cmd {
138 struct list_head list;
fc2f4b13 139 u16 opcode;
eec8d2bc 140 int index;
c68fb7ff 141 void *param;
323b0b88 142 size_t param_len;
eec8d2bc 143 struct sock *sk;
e9a416b5 144 void *user_data;
9df74653 145 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
eec8d2bc
JH		 146};
147
ca69b795
JH		 148/* HCI to MGMT error code conversion table */
149static u8 mgmt_status_table[] = {
150 MGMT_STATUS_SUCCESS,
151 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
152 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
153 MGMT_STATUS_FAILED, /* Hardware Failure */
154 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
155 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 156 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 157 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
158 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
159 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
161 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
162 MGMT_STATUS_BUSY, /* Command Disallowed */
163 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
164 MGMT_STATUS_REJECTED, /* Rejected Security */
165 MGMT_STATUS_REJECTED, /* Rejected Personal */
166 MGMT_STATUS_TIMEOUT, /* Host Timeout */
167 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
168 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
169 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
170 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
171 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
172 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
173 MGMT_STATUS_BUSY, /* Repeated Attempts */
174 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
175 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
176 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
177 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
178 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
179 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
180 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
181 MGMT_STATUS_FAILED, /* Unspecified Error */
182 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
183 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
184 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
185 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
186 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
187 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
188 MGMT_STATUS_FAILED, /* Unit Link Key Used */
189 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
190 MGMT_STATUS_TIMEOUT, /* Instant Passed */
191 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
192 MGMT_STATUS_FAILED, /* Transaction Collision */
193 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
194 MGMT_STATUS_REJECTED, /* QoS Rejected */
195 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
196 MGMT_STATUS_REJECTED, /* Insufficient Security */
197 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
198 MGMT_STATUS_BUSY, /* Role Switch Pending */
199 MGMT_STATUS_FAILED, /* Slot Violation */
200 MGMT_STATUS_FAILED, /* Role Switch Failed */
201 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
202 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
203 MGMT_STATUS_BUSY, /* Host Busy Pairing */
204 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
205 MGMT_STATUS_BUSY, /* Controller Busy */
206 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
207 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
208 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
209 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
210 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
211};
212
213static u8 mgmt_status(u8 hci_status)
214{
215 if (hci_status < ARRAY_SIZE(mgmt_status_table))
216 return mgmt_status_table[hci_status];
217
218 return MGMT_STATUS_FAILED;
219}
220
04c60f05
MH		 221static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
222 struct sock *skip_sk)
223{
224 struct sk_buff *skb;
225 struct mgmt_hdr *hdr;
226
227 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
228 if (!skb)
229 return -ENOMEM;
230
231 hdr = (void *) skb_put(skb, sizeof(*hdr));
232 hdr->opcode = cpu_to_le16(event);
233 if (hdev)
234 hdr->index = cpu_to_le16(hdev->id);
235 else
236 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
237 hdr->len = cpu_to_le16(data_len);
238
239 if (data)
240 memcpy(skb_put(skb, data_len), data, data_len);
241
242 /* Time stamp */
243 __net_timestamp(skb);
244
245 hci_send_to_control(skb, skip_sk);
246 kfree_skb(skb);
247
248 return 0;
249}
250
4e51eae9 251static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 252{
253 struct sk_buff *skb;
254 struct mgmt_hdr *hdr;
255 struct mgmt_ev_cmd_status *ev;
56b7d137 256 int err;
f7b64e69 257
34eb525c 258 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 259
790eff44 260 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 261 if (!skb)
262 return -ENOMEM;
263
264 hdr = (void *) skb_put(skb, sizeof(*hdr));
265
dcf4adbf 266 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 267 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 268 hdr->len = cpu_to_le16(sizeof(*ev));
269
270 ev = (void *) skb_put(skb, sizeof(*ev));
271 ev->status = status;
eb55ef07 272 ev->opcode = cpu_to_le16(cmd);
f7b64e69 273
56b7d137
GP		 274 err = sock_queue_rcv_skb(sk, skb);
275 if (err < 0)
f7b64e69
JH		 276 kfree_skb(skb);
277
56b7d137 278 return err;
f7b64e69
JH		 279}
280
aee9b218 281static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 282 void *rp, size_t rp_len)
02d98129
JH		 283{
284 struct sk_buff *skb;
285 struct mgmt_hdr *hdr;
286 struct mgmt_ev_cmd_complete *ev;
56b7d137 287 int err;
02d98129
JH		 288
289 BT_DBG("sock %p", sk);
290
790eff44 291 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 292 if (!skb)
293 return -ENOMEM;
294
295 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 296
dcf4adbf 297 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 298 hdr->index = cpu_to_le16(index);
a38528f1 299 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 300
a38528f1 301 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 302 ev->opcode = cpu_to_le16(cmd);
aee9b218 303 ev->status = status;
8020c16a
SJ		 304
305 if (rp)
306 memcpy(ev->data, rp, rp_len);
02d98129 307
56b7d137
GP		 308 err = sock_queue_rcv_skb(sk, skb);
309 if (err < 0)
02d98129
JH		 310 kfree_skb(skb);
311
e5f0e151 312 return err;
02d98129
JH		 313}
314
04124681
GP		 315static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
316 u16 data_len)
a38528f1
JH		 317{
318 struct mgmt_rp_read_version rp;
319
320 BT_DBG("sock %p", sk);
321
322 rp.version = MGMT_VERSION;
dcf4adbf 323 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 324
aee9b218 325 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 326 sizeof(rp));
a38528f1
JH		 327}
328
04124681
GP		 329static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
330 u16 data_len)
e70bb2e8
JH		 331{
332 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 333 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
334 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 335 __le16 *opcode;
e70bb2e8
JH		 336 size_t rp_size;
337 int i, err;
338
339 BT_DBG("sock %p", sk);
340
341 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
342
343 rp = kmalloc(rp_size, GFP_KERNEL);
344 if (!rp)
345 return -ENOMEM;
346
dcf4adbf
JP		 347 rp->num_commands = cpu_to_le16(num_commands);
348 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 349
350 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
351 put_unaligned_le16(mgmt_commands[i], opcode);
352
353 for (i = 0; i < num_events; i++, opcode++)
354 put_unaligned_le16(mgmt_events[i], opcode);
355
aee9b218 356 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 357 rp_size);
e70bb2e8
JH		 358 kfree(rp);
359
360 return err;
361}
362
04124681
GP		 363static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
364 u16 data_len)
faba42eb 365{
faba42eb 366 struct mgmt_rp_read_index_list *rp;
8035ded4 367 struct hci_dev *d;
a38528f1 368 size_t rp_len;
faba42eb 369 u16 count;
476e44cb 370 int err;
faba42eb
JH		 371
372 BT_DBG("sock %p", sk);
373
374 read_lock(&hci_dev_list_lock);
375
376 count = 0;
bb4b2a9a 377 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 378 if (d->dev_type == HCI_BREDR &&
379 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 380 count++;
faba42eb
JH		 381 }
382
a38528f1
JH		 383 rp_len = sizeof(*rp) + (2 * count);
384 rp = kmalloc(rp_len, GFP_ATOMIC);
385 if (!rp) {
b2c60d42 386 read_unlock(&hci_dev_list_lock);
faba42eb 387 return -ENOMEM;
b2c60d42 388 }
faba42eb 389
476e44cb 390 count = 0;
8035ded4 391 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 392 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 393 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 394 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 395 continue;
396
73d1df2a
MH		 397 /* Devices marked as raw-only are neither configured
398 * nor unconfigured controllers.
399 */
400 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 401 continue;
402
73d1df2a
MH		 403 if (d->dev_type == HCI_BREDR &&
404 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 405 rp->index[count++] = cpu_to_le16(d->id);
406 BT_DBG("Added hci%u", d->id);
407 }
faba42eb
JH		 408 }
409
476e44cb
JH		 410 rp->num_controllers = cpu_to_le16(count);
411 rp_len = sizeof(*rp) + (2 * count);
412
faba42eb
JH		 413 read_unlock(&hci_dev_list_lock);
414
aee9b218 415 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 416 rp_len);
faba42eb 417
a38528f1
JH		 418 kfree(rp);
419
420 return err;
faba42eb
JH		 421}
422
73d1df2a
MH		 423static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
424 void *data, u16 data_len)
425{
426 struct mgmt_rp_read_unconf_index_list *rp;
427 struct hci_dev *d;
428 size_t rp_len;
429 u16 count;
430 int err;
431
432 BT_DBG("sock %p", sk);
433
434 read_lock(&hci_dev_list_lock);
435
436 count = 0;
437 list_for_each_entry(d, &hci_dev_list, list) {
438 if (d->dev_type == HCI_BREDR &&
439 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
440 count++;
441 }
442
443 rp_len = sizeof(*rp) + (2 * count);
444 rp = kmalloc(rp_len, GFP_ATOMIC);
445 if (!rp) {
446 read_unlock(&hci_dev_list_lock);
447 return -ENOMEM;
448 }
449
450 count = 0;
451 list_for_each_entry(d, &hci_dev_list, list) {
452 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 453 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 454 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
455 continue;
456
457 /* Devices marked as raw-only are neither configured
458 * nor unconfigured controllers.
459 */
460 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
461 continue;
462
463 if (d->dev_type == HCI_BREDR &&
464 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
465 rp->index[count++] = cpu_to_le16(d->id);
466 BT_DBG("Added hci%u", d->id);
467 }
468 }
469
470 rp->num_controllers = cpu_to_le16(count);
471 rp_len = sizeof(*rp) + (2 * count);
472
473 read_unlock(&hci_dev_list_lock);
474
475 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
476 0, rp, rp_len);
477
478 kfree(rp);
479
480 return err;
481}
482
dbece37a
MH		 483static bool is_configured(struct hci_dev *hdev)
484{
485 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
486 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
487 return false;
488
489 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
490 !bacmp(&hdev->public_addr, BDADDR_ANY))
491 return false;
492
493 return true;
494}
495
89bc22d2
MH		 496static __le32 get_missing_options(struct hci_dev *hdev)
497{
498 u32 options = 0;
499
dbece37a
MH		 500 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
501 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 502 options |= MGMT_OPTION_EXTERNAL_CONFIG;
503
89bc22d2
MH		 504 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
505 !bacmp(&hdev->public_addr, BDADDR_ANY))
506 options |= MGMT_OPTION_PUBLIC_ADDRESS;
507
508 return cpu_to_le32(options);
509}
510
f4537c04
MH		 511static int new_options(struct hci_dev *hdev, struct sock *skip)
512{
513 __le32 options = get_missing_options(hdev);
514
515 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
516 sizeof(options), skip);
517}
518
dbece37a
MH		 519static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
520{
521 __le32 options = get_missing_options(hdev);
522
523 return cmd_complete(sk, hdev->id, opcode, 0, &options,
524 sizeof(options));
525}
526
9fc3bfb6
MH		 527static int read_config_info(struct sock *sk, struct hci_dev *hdev,
528 void *data, u16 data_len)
529{
530 struct mgmt_rp_read_config_info rp;
89bc22d2 531 u32 options = 0;
9fc3bfb6
MH		 532
533 BT_DBG("sock %p %s", sk, hdev->name);
534
535 hci_dev_lock(hdev);
536
537 memset(&rp, 0, sizeof(rp));
538 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 539
eb1904f4
MH		 540 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
541 options |= MGMT_OPTION_EXTERNAL_CONFIG;
542
9fc3bfb6 543 if (hdev->set_bdaddr)
89bc22d2
MH		 544 options |= MGMT_OPTION_PUBLIC_ADDRESS;
545
546 rp.supported_options = cpu_to_le32(options);
547 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 548
549 hci_dev_unlock(hdev);
550
551 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
552 sizeof(rp));
553}
554
69ab39ea
JH		 555static u32 get_supported_settings(struct hci_dev *hdev)
556{
557 u32 settings = 0;
558
559 settings |= MGMT_SETTING_POWERED;
b2939475 560 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 561 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 562 settings |= MGMT_SETTING_CONNECTABLE;
563 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 564
ed3fa31f 565 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 566 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
567 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 568 settings |= MGMT_SETTING_BREDR;
569 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 570
571 if (lmp_ssp_capable(hdev)) {
572 settings |= MGMT_SETTING_SSP;
573 settings |= MGMT_SETTING_HS;
574 }
e98d2ce2 575
05b3c3e7 576 if (lmp_sc_capable(hdev))
e98d2ce2 577 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 578 }
d7b7e796 579
eeca6f89 580 if (lmp_le_capable(hdev)) {
9d42820f 581 settings |= MGMT_SETTING_LE;
eeca6f89 582 settings |= MGMT_SETTING_ADVERTISING;
a3209694 583 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 584 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 585 }
69ab39ea 586
eb1904f4
MH		 587 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
588 hdev->set_bdaddr)
9fc3bfb6
MH		 589 settings |= MGMT_SETTING_CONFIGURATION;
590
69ab39ea
JH		 591 return settings;
592}
593
594static u32 get_current_settings(struct hci_dev *hdev)
595{
596 u32 settings = 0;
597
f1f0eb02 598 if (hdev_is_powered(hdev))
f0d4b78a
MH		 599 settings |= MGMT_SETTING_POWERED;
600
5e5282bb 601 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 602 settings |= MGMT_SETTING_CONNECTABLE;
603
1a4d3c4b
JH		 604 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
605 settings |= MGMT_SETTING_FAST_CONNECTABLE;
606
5e5282bb 607 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 608 settings |= MGMT_SETTING_DISCOVERABLE;
609
b6ae8457 610 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 611 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 612
56f87901 613 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 614 settings |= MGMT_SETTING_BREDR;
615
06199cf8 616 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 617 settings |= MGMT_SETTING_LE;
618
47990ea0 619 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 620 settings |= MGMT_SETTING_LINK_SECURITY;
621
84bde9d6 622 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 623 settings |= MGMT_SETTING_SSP;
624
6d80dfd0
JH		 625 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
626 settings |= MGMT_SETTING_HS;
627
f3d3444a 628 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 629 settings |= MGMT_SETTING_ADVERTISING;
630
e98d2ce2
MH		 631 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
632 settings |= MGMT_SETTING_SECURE_CONN;
633
0663b297 634 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 635 settings |= MGMT_SETTING_DEBUG_KEYS;
636
0f4bd942
JH		 637 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
638 settings |= MGMT_SETTING_PRIVACY;
639
69ab39ea
JH		 640 return settings;
641}
642
ef580372
JH		 643#define PNP_INFO_SVCLASS_ID 0x1200
644
213202ed
JH		 645static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
646{
647 u8 *ptr = data, *uuids_start = NULL;
648 struct bt_uuid *uuid;
649
650 if (len < 4)
651 return ptr;
652
653 list_for_each_entry(uuid, &hdev->uuids, list) {
654 u16 uuid16;
655
656 if (uuid->size != 16)
657 continue;
658
659 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
660 if (uuid16 < 0x1100)
661 continue;
662
663 if (uuid16 == PNP_INFO_SVCLASS_ID)
664 continue;
665
666 if (!uuids_start) {
667 uuids_start = ptr;
668 uuids_start[0] = 1;
669 uuids_start[1] = EIR_UUID16_ALL;
670 ptr += 2;
671 }
672
673 /* Stop if not enough space to put next UUID */
674 if ((ptr - data) + sizeof(u16) > len) {
675 uuids_start[1] = EIR_UUID16_SOME;
676 break;
677 }
678
679 *ptr++ = (uuid16 & 0x00ff);
680 *ptr++ = (uuid16 & 0xff00) >> 8;
681 uuids_start[0] += sizeof(uuid16);
682 }
683
684 return ptr;
685}
686
cdf1963f
JH		 687static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
688{
689 u8 *ptr = data, *uuids_start = NULL;
690 struct bt_uuid *uuid;
691
692 if (len < 6)
693 return ptr;
694
695 list_for_each_entry(uuid, &hdev->uuids, list) {
696 if (uuid->size != 32)
697 continue;
698
699 if (!uuids_start) {
700 uuids_start = ptr;
701 uuids_start[0] = 1;
702 uuids_start[1] = EIR_UUID32_ALL;
703 ptr += 2;
704 }
705
706 /* Stop if not enough space to put next UUID */
707 if ((ptr - data) + sizeof(u32) > len) {
708 uuids_start[1] = EIR_UUID32_SOME;
709 break;
710 }
711
712 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
713 ptr += sizeof(u32);
714 uuids_start[0] += sizeof(u32);
715 }
716
717 return ptr;
718}
719
c00d575b
JH		 720static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
721{
722 u8 *ptr = data, *uuids_start = NULL;
723 struct bt_uuid *uuid;
724
725 if (len < 18)
726 return ptr;
727
728 list_for_each_entry(uuid, &hdev->uuids, list) {
729 if (uuid->size != 128)
730 continue;
731
732 if (!uuids_start) {
733 uuids_start = ptr;
734 uuids_start[0] = 1;
735 uuids_start[1] = EIR_UUID128_ALL;
736 ptr += 2;
737 }
738
739 /* Stop if not enough space to put next UUID */
740 if ((ptr - data) + 16 > len) {
741 uuids_start[1] = EIR_UUID128_SOME;
742 break;
743 }
744
745 memcpy(ptr, uuid->uuid, 16);
746 ptr += 16;
747 uuids_start[0] += 16;
748 }
749
750 return ptr;
751}
752
eb2a8d20
JH		 753static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
754{
755 struct pending_cmd *cmd;
756
757 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
758 if (cmd->opcode == opcode)
759 return cmd;
760 }
761
762 return NULL;
763}
764
95868426
JH		 765static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
766 struct hci_dev *hdev,
767 const void *data)
768{
769 struct pending_cmd *cmd;
770
771 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
772 if (cmd->user_data != data)
773 continue;
774 if (cmd->opcode == opcode)
775 return cmd;
776 }
777
778 return NULL;
779}
780
f14d8f64
MH		 781static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
782{
7a5f4990
MH		 783 u8 ad_len = 0;
784 size_t name_len;
785
786 name_len = strlen(hdev->dev_name);
787 if (name_len > 0) {
788 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
789
790 if (name_len > max_len) {
791 name_len = max_len;
792 ptr[1] = EIR_NAME_SHORT;
793 } else
794 ptr[1] = EIR_NAME_COMPLETE;
795
796 ptr[0] = name_len + 1;
797
798 memcpy(ptr + 2, hdev->dev_name, name_len);
799
800 ad_len += (name_len + 2);
801 ptr += (name_len + 2);
802 }
803
804 return ad_len;
f14d8f64
MH		 805}
806
807static void update_scan_rsp_data(struct hci_request *req)
808{
809 struct hci_dev *hdev = req->hdev;
810 struct hci_cp_le_set_scan_rsp_data cp;
811 u8 len;
812
7751ef1b 813 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 814 return;
815
816 memset(&cp, 0, sizeof(cp));
817
818 len = create_scan_rsp_data(hdev, cp.data);
819
eb438b5f
JH		 820 if (hdev->scan_rsp_data_len == len &&
821 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 822 return;
823
eb438b5f
JH		 824 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
825 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 826
827 cp.length = len;
828
829 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
830}
831
9a43e25f
JH		 832static u8 get_adv_discov_flags(struct hci_dev *hdev)
833{
834 struct pending_cmd *cmd;
835
836 /* If there's a pending mgmt command the flags will not yet have
837 * their final values, so check for this first.
838 */
839 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
840 if (cmd) {
841 struct mgmt_mode *cp = cmd->param;
842 if (cp->val == 0x01)
843 return LE_AD_GENERAL;
844 else if (cp->val == 0x02)
845 return LE_AD_LIMITED;
846 } else {
847 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
848 return LE_AD_LIMITED;
849 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
850 return LE_AD_GENERAL;
851 }
852
853 return 0;
854}
855
46cad2ed 856static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 857{
858 u8 ad_len = 0, flags = 0;
441ad2d0 859
9a43e25f 860 flags |= get_adv_discov_flags(hdev);
441ad2d0 861
e834004b 862 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 863 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 864
865 if (flags) {
866 BT_DBG("adv flags 0x%02x", flags);
867
868 ptr[0] = 2;
869 ptr[1] = EIR_FLAGS;
870 ptr[2] = flags;
871
872 ad_len += 3;
873 ptr += 3;
874 }
875
876 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
877 ptr[0] = 2;
878 ptr[1] = EIR_TX_POWER;
879 ptr[2] = (u8) hdev->adv_tx_power;
880
881 ad_len += 3;
882 ptr += 3;
883 }
884
441ad2d0
MH		 885 return ad_len;
886}
887
5947f4bc 888static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 889{
890 struct hci_dev *hdev = req->hdev;
891 struct hci_cp_le_set_adv_data cp;
892 u8 len;
893
10994ce6 894 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 895 return;
896
897 memset(&cp, 0, sizeof(cp));
898
46cad2ed 899 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 900
901 if (hdev->adv_data_len == len &&
902 memcmp(cp.data, hdev->adv_data, len) == 0)
903 return;
904
905 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
906 hdev->adv_data_len = len;
907
908 cp.length = len;
909
910 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
911}
912
bc6d2d04
JH		 913int mgmt_update_adv_data(struct hci_dev *hdev)
914{
915 struct hci_request req;
916
917 hci_req_init(&req, hdev);
918 update_adv_data(&req);
919
920 return hci_req_run(&req, NULL);
921}
922
ef580372
JH		 923static void create_eir(struct hci_dev *hdev, u8 *data)
924{
925 u8 *ptr = data;
ef580372
JH		 926 size_t name_len;
927
928 name_len = strlen(hdev->dev_name);
929
930 if (name_len > 0) {
931 /* EIR Data type */
932 if (name_len > 48) {
933 name_len = 48;
934 ptr[1] = EIR_NAME_SHORT;
935 } else
936 ptr[1] = EIR_NAME_COMPLETE;
937
938 /* EIR Data length */
939 ptr[0] = name_len + 1;
940
941 memcpy(ptr + 2, hdev->dev_name, name_len);
942
ef580372
JH		 943 ptr += (name_len + 2);
944 }
945
bbaf444a 946 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 947 ptr[0] = 2;
948 ptr[1] = EIR_TX_POWER;
949 ptr[2] = (u8) hdev->inq_tx_power;
950
91c4e9b1
MH		 951 ptr += 3;
952 }
953
2b9be137
MH		 954 if (hdev->devid_source > 0) {
955 ptr[0] = 9;
956 ptr[1] = EIR_DEVICE_ID;
957
958 put_unaligned_le16(hdev->devid_source, ptr + 2);
959 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
960 put_unaligned_le16(hdev->devid_product, ptr + 6);
961 put_unaligned_le16(hdev->devid_version, ptr + 8);
962
2b9be137
MH		 963 ptr += 10;
964 }
965
213202ed 966 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 967 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 968 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 969}
970
890ea898 971static void update_eir(struct hci_request *req)
ef580372 972{
890ea898 973 struct hci_dev *hdev = req->hdev;
ef580372
JH		 974 struct hci_cp_write_eir cp;
975
504c8dcd 976 if (!hdev_is_powered(hdev))
890ea898 977 return;
7770c4aa 978
976eb20e 979 if (!lmp_ext_inq_capable(hdev))
890ea898 980 return;
ef580372 981
84bde9d6 982 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 983 return;
ef580372 984
a8b2d5c2 985 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 986 return;
ef580372
JH		 987
988 memset(&cp, 0, sizeof(cp));
989
990 create_eir(hdev, cp.data);
991
992 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 993 return;
ef580372
JH		 994
995 memcpy(hdev->eir, cp.data, sizeof(cp.data));
996
890ea898 997 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 998}
999
1000static u8 get_service_classes(struct hci_dev *hdev)
1001{
1002 struct bt_uuid *uuid;
1003 u8 val = 0;
1004
1005 list_for_each_entry(uuid, &hdev->uuids, list)
1006 val |= uuid->svc_hint;
1007
1008 return val;
1009}
1010
890ea898 1011static void update_class(struct hci_request *req)
ef580372 1012{
890ea898 1013 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1014 u8 cod[3];
1015
1016 BT_DBG("%s", hdev->name);
1017
504c8dcd 1018 if (!hdev_is_powered(hdev))
890ea898 1019 return;
7770c4aa 1020
f87ea1da
JH		 1021 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1022 return;
1023
a8b2d5c2 1024 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1025 return;
ef580372
JH		 1026
1027 cod[0] = hdev->minor_class;
1028 cod[1] = hdev->major_class;
1029 cod[2] = get_service_classes(hdev);
1030
6acd7db4
MH		 1031 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1032 cod[1] |= 0x20;
1033
ef580372 1034 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1035 return;
ef580372 1036
890ea898 1037 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1038}
1039
a4858cb9 1040static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1041{
1042 struct pending_cmd *cmd;
199a2fb1
JH		 1043
1044 /* If there's a pending mgmt command the flag will not yet have
1045 * it's final value, so check for this first.
1046 */
1047 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1048 if (cmd) {
1049 struct mgmt_mode *cp = cmd->param;
a4858cb9 1050 return cp->val;
199a2fb1
JH		 1051 }
1052
a4858cb9 1053 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1054}
1055
0ec5ae84
JH		 1056static void disable_advertising(struct hci_request *req)
1057{
1058 u8 enable = 0x00;
1059
1060 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1061}
1062
199a2fb1
JH		 1063static void enable_advertising(struct hci_request *req)
1064{
1065 struct hci_dev *hdev = req->hdev;
1066 struct hci_cp_le_set_adv_param cp;
8f2a0601 1067 u8 own_addr_type, enable = 0x01;
a4858cb9 1068 bool connectable;
199a2fb1 1069
0ec5ae84
JH		 1070 if (hci_conn_num(hdev, LE_LINK) > 0)
1071 return;
1072
1073 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1074 disable_advertising(req);
1075
5ce194c4 1076 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1077 * hci_update_random_address knows that it's safe to go ahead
1078 * and write a new random address. The flag will be set back on
1079 * as soon as the SET_ADV_ENABLE HCI command completes.
1080 */
5ce194c4 1081 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1082
a4858cb9 1083 connectable = get_connectable(hdev);
8f2a0601 1084
a4858cb9
JH		 1085 /* Set require_privacy to true only when non-connectable
1086 * advertising is used. In that case it is fine to use a
1087 * non-resolvable private address.
1088 */
1089 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1090 return;
1091
41c90c18 1092 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1093 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1094 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1095 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1096 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1097 cp.channel_map = hdev->le_adv_channel_map;
1098
1099 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1100
1101 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1102}
1103
7d78525d
JH		 1104static void service_cache_off(struct work_struct *work)
1105{
1106 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1107 service_cache.work);
890ea898 1108 struct hci_request req;
7d78525d 1109
a8b2d5c2 1110 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1111 return;
1112
890ea898
JH		 1113 hci_req_init(&req, hdev);
1114
7d78525d
JH		 1115 hci_dev_lock(hdev);
1116
890ea898
JH		 1117 update_eir(&req);
1118 update_class(&req);
7d78525d
JH		 1119
1120 hci_dev_unlock(hdev);
890ea898
JH		 1121
1122 hci_req_run(&req, NULL);
7d78525d
JH		 1123}
1124
d6bfd59c
JH		 1125static void rpa_expired(struct work_struct *work)
1126{
1127 struct hci_dev *hdev = container_of(work, struct hci_dev,
1128 rpa_expired.work);
1129 struct hci_request req;
1130
1131 BT_DBG("");
1132
1133 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1134
0ec5ae84 1135 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1136 return;
1137
1138 /* The generation of a new RPA and programming it into the
1139 * controller happens in the enable_advertising() function.
1140 */
d6bfd59c 1141 hci_req_init(&req, hdev);
d6bfd59c 1142 enable_advertising(&req);
d6bfd59c
JH		 1143 hci_req_run(&req, NULL);
1144}
1145
6a919082 1146static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1147{
4f87da80 1148 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1149 return;
1150
4f87da80 1151 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1152 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1153
4f87da80
JH		 1154 /* Non-mgmt controlled devices get this bit set
1155 * implicitly so that pairing works for them, however
1156 * for mgmt we require user-space to explicitly enable
1157 * it
1158 */
b6ae8457 1159 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1160}
1161
0f4e68cf 1162static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1163 void *data, u16 data_len)
0381101f 1164{
a38528f1 1165 struct mgmt_rp_read_info rp;
f7b64e69 1166
bdb6d971 1167 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1168
09fd0de5 1169 hci_dev_lock(hdev);
f7b64e69 1170
dc4fe30b
JH		 1171 memset(&rp, 0, sizeof(rp));
1172
69ab39ea 1173 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1174
69ab39ea 1175 rp.version = hdev->hci_ver;
eb55ef07 1176 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1177
1178 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1179 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1180
a38528f1 1181 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1182
dc4fe30b 1183 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1184 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1185
09fd0de5 1186 hci_dev_unlock(hdev);
0381101f 1187
bdb6d971 1188 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1189 sizeof(rp));
0381101f
JH		 1190}
1191
eec8d2bc
JH		 1192static void mgmt_pending_free(struct pending_cmd *cmd)
1193{
1194 sock_put(cmd->sk);
c68fb7ff 1195 kfree(cmd->param);
eec8d2bc
JH		 1196 kfree(cmd);
1197}
1198
366a0336 1199static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1200 struct hci_dev *hdev, void *data,
1201 u16 len)
eec8d2bc
JH		 1202{
1203 struct pending_cmd *cmd;
1204
fca20018 1205 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1206 if (!cmd)
366a0336 1207 return NULL;
eec8d2bc
JH		 1208
1209 cmd->opcode = opcode;
2e58ef3e 1210 cmd->index = hdev->id;
eec8d2bc 1211
323b0b88 1212 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1213 if (!cmd->param) {
eec8d2bc 1214 kfree(cmd);
366a0336 1215 return NULL;
eec8d2bc
JH		 1216 }
1217
323b0b88 1218 cmd->param_len = len;
eec8d2bc
JH		 1219
1220 cmd->sk = sk;
1221 sock_hold(sk);
1222
2e58ef3e 1223 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1224
366a0336 1225 return cmd;
eec8d2bc
JH		 1226}
1227
744cf19e 1228static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1229 void (*cb)(struct pending_cmd *cmd,
1230 void *data),
04124681 1231 void *data)
eec8d2bc 1232{
a3d09356 1233 struct pending_cmd *cmd, *tmp;
eec8d2bc 1234
a3d09356 1235 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1236 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1237 continue;
1238
eec8d2bc
JH		 1239 cb(cmd, data);
1240 }
1241}
1242
a664b5bc 1243static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1244{
73f22f62
JH		 1245 list_del(&cmd->list);
1246 mgmt_pending_free(cmd);
1247}
1248
69ab39ea 1249static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1250{
69ab39ea 1251 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1252
aee9b218 1253 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1254 sizeof(settings));
8680570b
JH		 1255}
1256
1904a853 1257static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1258{
1259 BT_DBG("%s status 0x%02x", hdev->name, status);
1260
a3172b7e
JH		 1261 if (hci_conn_count(hdev) == 0) {
1262 cancel_delayed_work(&hdev->power_off);
8b064a3a 1263 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1264 }
8b064a3a
JH		 1265}
1266
23a48093 1267static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1268{
1269 struct hci_dev *hdev = req->hdev;
1270 struct hci_cp_remote_name_req_cancel cp;
1271 struct inquiry_entry *e;
1272
1273 switch (hdev->discovery.state) {
1274 case DISCOVERY_FINDING:
1275 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1276 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1277 } else {
1278 cancel_delayed_work(&hdev->le_scan_disable);
1279 hci_req_add_le_scan_disable(req);
1280 }
1281
23a48093 1282 return true;
21a60d30
JH		 1283
1284 case DISCOVERY_RESOLVING:
1285 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1286 NAME_PENDING);
1287 if (!e)
23a48093 1288 break;
21a60d30
JH		 1289
1290 bacpy(&cp.bdaddr, &e->data.bdaddr);
1291 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1292 &cp);
1293
23a48093 1294 return true;
21a60d30
JH		 1295
1296 default:
1297 /* Passive scanning */
23a48093 1298 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1299 hci_req_add_le_scan_disable(req);
23a48093
JH		 1300 return true;
1301 }
1302
21a60d30
JH		 1303 break;
1304 }
23a48093
JH		 1305
1306 return false;
21a60d30
JH		 1307}
1308
8b064a3a
JH		 1309static int clean_up_hci_state(struct hci_dev *hdev)
1310{
1311 struct hci_request req;
1312 struct hci_conn *conn;
23a48093
JH		 1313 bool discov_stopped;
1314 int err;
8b064a3a
JH		 1315
1316 hci_req_init(&req, hdev);
1317
1318 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1319 test_bit(HCI_PSCAN, &hdev->flags)) {
1320 u8 scan = 0x00;
1321 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1322 }
1323
73e082f8 1324 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1325 disable_advertising(&req);
1326
23a48093 1327 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1328
1329 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1330 struct hci_cp_disconnect dc;
c9910d0f
JH		 1331 struct hci_cp_reject_conn_req rej;
1332
1333 switch (conn->state) {
1334 case BT_CONNECTED:
1335 case BT_CONFIG:
1336 dc.handle = cpu_to_le16(conn->handle);
1337 dc.reason = 0x15; /* Terminated due to Power Off */
1338 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1339 break;
1340 case BT_CONNECT:
1341 if (conn->type == LE_LINK)
1342 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1343 0, NULL);
1344 else if (conn->type == ACL_LINK)
1345 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1346 6, &conn->dst);
1347 break;
1348 case BT_CONNECT2:
1349 bacpy(&rej.bdaddr, &conn->dst);
1350 rej.reason = 0x15; /* Terminated due to Power Off */
1351 if (conn->type == ACL_LINK)
1352 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1353 sizeof(rej), &rej);
1354 else if (conn->type == SCO_LINK)
1355 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1356 sizeof(rej), &rej);
1357 break;
1358 }
8b064a3a
JH		 1359 }
1360
23a48093
JH		 1361 err = hci_req_run(&req, clean_up_hci_complete);
1362 if (!err && discov_stopped)
1363 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1364
1365 return err;
8b064a3a
JH		 1366}
1367
bdb6d971 1368static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1369 u16 len)
eec8d2bc 1370{
650f726d 1371 struct mgmt_mode *cp = data;
366a0336 1372 struct pending_cmd *cmd;
4b34ee78 1373 int err;
eec8d2bc 1374
bdb6d971 1375 BT_DBG("request for %s", hdev->name);
eec8d2bc 1376
a7e80f25
JH		 1377 if (cp->val != 0x00 && cp->val != 0x01)
1378 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1379 MGMT_STATUS_INVALID_PARAMS);
1380
09fd0de5 1381 hci_dev_lock(hdev);
eec8d2bc 1382
87b95ba6
JH		 1383 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1384 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1385 MGMT_STATUS_BUSY);
1386 goto failed;
1387 }
1388
f0d4b78a
MH		 1389 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1390 cancel_delayed_work(&hdev->power_off);
1391
1392 if (cp->val) {
a1d70450
JH		 1393 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1394 data, len);
1395 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1396 goto failed;
1397 }
1398 }
1399
4b34ee78 1400 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1401 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1402 goto failed;
1403 }
1404
2e58ef3e 1405 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1406 if (!cmd) {
1407 err = -ENOMEM;
eec8d2bc 1408 goto failed;
366a0336 1409 }
eec8d2bc 1410
8b064a3a 1411 if (cp->val) {
19202573 1412 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1413 err = 0;
1414 } else {
1415 /* Disconnect connections, stop scans, etc */
1416 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1417 if (!err)
1418 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1419 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1420
8b064a3a
JH		 1421 /* ENODATA means there were no HCI commands queued */
1422 if (err == -ENODATA) {
a3172b7e 1423 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1424 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1425 err = 0;
1426 }
1427 }
eec8d2bc
JH		 1428
1429failed:
09fd0de5 1430 hci_dev_unlock(hdev);
366a0336 1431 return err;
eec8d2bc
JH		 1432}
1433
beadb2bd
JH		 1434static int new_settings(struct hci_dev *hdev, struct sock *skip)
1435{
1436 __le32 ev;
1437
1438 ev = cpu_to_le32(get_current_settings(hdev));
1439
1440 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1441}
1442
91a668b0
JH		 1443int mgmt_new_settings(struct hci_dev *hdev)
1444{
1445 return new_settings(hdev, NULL);
1446}
1447
bd99abdd
JH		 1448struct cmd_lookup {
1449 struct sock *sk;
1450 struct hci_dev *hdev;
1451 u8 mgmt_status;
1452};
1453
1454static void settings_rsp(struct pending_cmd *cmd, void *data)
1455{
1456 struct cmd_lookup *match = data;
1457
1458 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1459
1460 list_del(&cmd->list);
1461
1462 if (match->sk == NULL) {
1463 match->sk = cmd->sk;
1464 sock_hold(match->sk);
1465 }
1466
1467 mgmt_pending_free(cmd);
1468}
1469
1470static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1471{
1472 u8 *status = data;
1473
1474 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1475 mgmt_pending_remove(cmd);
1476}
1477
1b9b5ee5
JH		 1478static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1479{
1480 if (cmd->cmd_complete) {
1481 u8 *status = data;
1482
1483 cmd->cmd_complete(cmd, *status);
1484 mgmt_pending_remove(cmd);
1485
1486 return;
1487 }
1488
1489 cmd_status_rsp(cmd, data);
1490}
1491
9df74653 1492static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
f5818c22 1493{
9df74653
JH		 1494 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1495 cmd->param, cmd->param_len);
f5818c22
JH		 1496}
1497
9df74653 1498static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
7776d1d8 1499{
9df74653
JH		 1500 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1501 sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1502}
1503
e6fe7986
JH		 1504static u8 mgmt_bredr_support(struct hci_dev *hdev)
1505{
1506 if (!lmp_bredr_capable(hdev))
1507 return MGMT_STATUS_NOT_SUPPORTED;
1508 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1509 return MGMT_STATUS_REJECTED;
1510 else
1511 return MGMT_STATUS_SUCCESS;
1512}
1513
1514static u8 mgmt_le_support(struct hci_dev *hdev)
1515{
1516 if (!lmp_le_capable(hdev))
1517 return MGMT_STATUS_NOT_SUPPORTED;
1518 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1519 return MGMT_STATUS_REJECTED;
1520 else
1521 return MGMT_STATUS_SUCCESS;
1522}
1523
1904a853
MH		 1524static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1525 u16 opcode)
bfaf8c9f
JH		 1526{
1527 struct pending_cmd *cmd;
1528 struct mgmt_mode *cp;
970ba524 1529 struct hci_request req;
bfaf8c9f
JH		 1530 bool changed;
1531
1532 BT_DBG("status 0x%02x", status);
1533
1534 hci_dev_lock(hdev);
1535
1536 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1537 if (!cmd)
1538 goto unlock;
1539
1540 if (status) {
1541 u8 mgmt_err = mgmt_status(status);
1542 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1543 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1544 goto remove_cmd;
1545 }
1546
1547 cp = cmd->param;
d4462a07 1548 if (cp->val) {
bfaf8c9f
JH		 1549 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1550 &hdev->dev_flags);
d4462a07
MH		 1551
1552 if (hdev->discov_timeout > 0) {
1553 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1554 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1555 to);
1556 }
1557 } else {
bfaf8c9f
JH		 1558 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1559 &hdev->dev_flags);
d4462a07 1560 }
bfaf8c9f
JH		 1561
1562 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1563
1564 if (changed)
1565 new_settings(hdev, cmd->sk);
1566
970ba524
MH		 1567 /* When the discoverable mode gets changed, make sure
1568 * that class of device has the limited discoverable
432df05e
JH		 1569 * bit correctly set. Also update page scan based on whitelist
1570 * entries.
970ba524
MH		 1571 */
1572 hci_req_init(&req, hdev);
1d2dc5b7 1573 __hci_update_page_scan(&req);
970ba524
MH		 1574 update_class(&req);
1575 hci_req_run(&req, NULL);
1576
bfaf8c9f
JH		 1577remove_cmd:
1578 mgmt_pending_remove(cmd);
1579
1580unlock:
1581 hci_dev_unlock(hdev);
1582}
1583
bdb6d971 1584static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1585 u16 len)
73f22f62 1586{
650f726d 1587 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1588 struct pending_cmd *cmd;
bfaf8c9f 1589 struct hci_request req;
5e5282bb 1590 u16 timeout;
9a43e25f 1591 u8 scan;
73f22f62
JH		 1592 int err;
1593
bdb6d971 1594 BT_DBG("request for %s", hdev->name);
73f22f62 1595
9a43e25f
JH		 1596 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1597 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1599 MGMT_STATUS_REJECTED);
33c525c0 1600
310a3d48 1601 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1602 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1603 MGMT_STATUS_INVALID_PARAMS);
1604
1f350c87 1605 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1606
1607 /* Disabling discoverable requires that no timeout is set,
1608 * and enabling limited discoverable requires a timeout.
1609 */
1610 if ((cp->val == 0x00 && timeout > 0) ||
1611 (cp->val == 0x02 && timeout == 0))
bdb6d971 1612 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1613 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1614
09fd0de5 1615 hci_dev_lock(hdev);
73f22f62 1616
5e5282bb 1617 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1618 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1619 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1620 goto failed;
1621 }
1622
2e58ef3e 1623 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1624 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1625 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1626 MGMT_STATUS_BUSY);
73f22f62
JH		 1627 goto failed;
1628 }
1629
5e5282bb 1630 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1631 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1632 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1633 goto failed;
1634 }
1635
1636 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1637 bool changed = false;
1638
310a3d48
MH		 1639 /* Setting limited discoverable when powered off is
1640 * not a valid operation since it requires a timeout
1641 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1642 */
0224d2fa
JH		 1643 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1644 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1645 changed = true;
1646 }
1647
5e5282bb 1648 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1649 if (err < 0)
1650 goto failed;
1651
1652 if (changed)
1653 err = new_settings(hdev, sk);
1654
5e5282bb
JH		 1655 goto failed;
1656 }
1657
310a3d48
MH		 1658 /* If the current mode is the same, then just update the timeout
1659 * value with the new value. And if only the timeout gets updated,
1660 * then no need for any HCI transactions.
1661 */
1662 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1663 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1664 &hdev->dev_flags)) {
36261547
MH		 1665 cancel_delayed_work(&hdev->discov_off);
1666 hdev->discov_timeout = timeout;
955638ec 1667
36261547
MH		 1668 if (cp->val && hdev->discov_timeout > 0) {
1669 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1670 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1671 to);
955638ec
MH		 1672 }
1673
69ab39ea 1674 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1675 goto failed;
1676 }
1677
2e58ef3e 1678 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1679 if (!cmd) {
1680 err = -ENOMEM;
73f22f62 1681 goto failed;
366a0336 1682 }
73f22f62 1683
310a3d48
MH		 1684 /* Cancel any potential discoverable timeout that might be
1685 * still active and store new timeout value. The arming of
1686 * the timeout happens in the complete handler.
1687 */
1688 cancel_delayed_work(&hdev->discov_off);
1689 hdev->discov_timeout = timeout;
1690
b456f87c
JH		 1691 /* Limited discoverable mode */
1692 if (cp->val == 0x02)
1693 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1694 else
1695 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1696
bfaf8c9f
JH		 1697 hci_req_init(&req, hdev);
1698
9a43e25f
JH		 1699 /* The procedure for LE-only controllers is much simpler - just
1700 * update the advertising data.
1701 */
1702 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1703 goto update_ad;
1704
73f22f62
JH		 1705 scan = SCAN_PAGE;
1706
310a3d48
MH		 1707 if (cp->val) {
1708 struct hci_cp_write_current_iac_lap hci_cp;
1709
1710 if (cp->val == 0x02) {
1711 /* Limited discoverable mode */
33337dcb 1712 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1713 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1714 hci_cp.iac_lap[1] = 0x8b;
1715 hci_cp.iac_lap[2] = 0x9e;
1716 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1717 hci_cp.iac_lap[4] = 0x8b;
1718 hci_cp.iac_lap[5] = 0x9e;
1719 } else {
1720 /* General discoverable mode */
310a3d48
MH		 1721 hci_cp.num_iac = 1;
1722 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1723 hci_cp.iac_lap[1] = 0x8b;
1724 hci_cp.iac_lap[2] = 0x9e;
1725 }
1726
1727 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1728 (hci_cp.num_iac * 3) + 1, &hci_cp);
1729
73f22f62 1730 scan |= SCAN_INQUIRY;
310a3d48
MH		 1731 } else {
1732 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1733 }
73f22f62 1734
310a3d48 1735 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1736
9a43e25f
JH		 1737update_ad:
1738 update_adv_data(&req);
1739
bfaf8c9f 1740 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1741 if (err < 0)
a664b5bc 1742 mgmt_pending_remove(cmd);
73f22f62
JH		 1743
1744failed:
09fd0de5 1745 hci_dev_unlock(hdev);
73f22f62
JH		 1746 return err;
1747}
1748
406d7804
JH		 1749static void write_fast_connectable(struct hci_request *req, bool enable)
1750{
bd98b996 1751 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1752 struct hci_cp_write_page_scan_activity acp;
1753 u8 type;
1754
547003b1
JH		 1755 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1756 return;
1757
4c01f8b8
JH		 1758 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1759 return;
1760
406d7804
JH		 1761 if (enable) {
1762 type = PAGE_SCAN_TYPE_INTERLACED;
1763
1764 /* 160 msec page scan interval */
dcf4adbf 1765 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1766 } else {
1767 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1768
1769 /* default 1.28 sec page scan */
dcf4adbf 1770 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1771 }
1772
dcf4adbf 1773 acp.window = cpu_to_le16(0x0012);
406d7804 1774
bd98b996
JH		 1775 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1776 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1777 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1778 sizeof(acp), &acp);
1779
1780 if (hdev->page_scan_type != type)
1781 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1782}
1783
1904a853
MH		 1784static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1785 u16 opcode)
2b76f453
JH		 1786{
1787 struct pending_cmd *cmd;
d7b856f9 1788 struct mgmt_mode *cp;
bc6d2d04 1789 bool conn_changed, discov_changed;
2b76f453
JH		 1790
1791 BT_DBG("status 0x%02x", status);
1792
1793 hci_dev_lock(hdev);
1794
1795 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1796 if (!cmd)
1797 goto unlock;
1798
37438c1f
JH		 1799 if (status) {
1800 u8 mgmt_err = mgmt_status(status);
1801 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1802 goto remove_cmd;
1803 }
1804
d7b856f9 1805 cp = cmd->param;
bc6d2d04
JH		 1806 if (cp->val) {
1807 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1808 &hdev->dev_flags);
1809 discov_changed = false;
1810 } else {
1811 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1812 &hdev->dev_flags);
1813 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1814 &hdev->dev_flags);
1815 }
d7b856f9 1816
2b76f453
JH		 1817 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1818
bc6d2d04 1819 if (conn_changed || discov_changed) {
d7b856f9 1820 new_settings(hdev, cmd->sk);
1d2dc5b7 1821 hci_update_page_scan(hdev);
bc6d2d04
JH		 1822 if (discov_changed)
1823 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1824 hci_update_background_scan(hdev);
1825 }
d7b856f9 1826
37438c1f 1827remove_cmd:
2b76f453
JH		 1828 mgmt_pending_remove(cmd);
1829
1830unlock:
1831 hci_dev_unlock(hdev);
1832}
1833
e8ba3a1f
JH		 1834static int set_connectable_update_settings(struct hci_dev *hdev,
1835 struct sock *sk, u8 val)
1836{
1837 bool changed = false;
1838 int err;
1839
1840 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1841 changed = true;
1842
1843 if (val) {
1844 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1845 } else {
1846 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1847 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1848 }
1849
1850 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1851 if (err < 0)
1852 return err;
1853
562064e6 1854 if (changed) {
1d2dc5b7 1855 hci_update_page_scan(hdev);
562064e6 1856 hci_update_background_scan(hdev);
e8ba3a1f 1857 return new_settings(hdev, sk);
562064e6 1858 }
e8ba3a1f
JH		 1859
1860 return 0;
1861}
1862
bdb6d971 1863static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1864 u16 len)
9fbcbb45 1865{
650f726d 1866 struct mgmt_mode *cp = data;
366a0336 1867 struct pending_cmd *cmd;
2b76f453 1868 struct hci_request req;
1987fdc7 1869 u8 scan;
9fbcbb45
JH		 1870 int err;
1871
bdb6d971 1872 BT_DBG("request for %s", hdev->name);
9fbcbb45 1873
1987fdc7
JH		 1874 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1875 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1877 MGMT_STATUS_REJECTED);
33c525c0 1878
a7e80f25
JH		 1879 if (cp->val != 0x00 && cp->val != 0x01)
1880 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1881 MGMT_STATUS_INVALID_PARAMS);
1882
09fd0de5 1883 hci_dev_lock(hdev);
9fbcbb45 1884
4b34ee78 1885 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1886 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1887 goto failed;
1888 }
1889
2e58ef3e 1890 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1891 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1892 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1893 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1894 goto failed;
1895 }
1896
2e58ef3e 1897 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1898 if (!cmd) {
1899 err = -ENOMEM;
9fbcbb45 1900 goto failed;
366a0336 1901 }
9fbcbb45 1902
9b74246f 1903 hci_req_init(&req, hdev);
9fbcbb45 1904
9a43e25f
JH		 1905 /* If BR/EDR is not enabled and we disable advertising as a
1906 * by-product of disabling connectable, we need to update the
1907 * advertising flags.
1908 */
1909 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1910 if (!cp->val) {
1911 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1912 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1913 }
1914 update_adv_data(&req);
1915 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1916 if (cp->val) {
1917 scan = SCAN_PAGE;
1918 } else {
3bd27240
JH		 1919 /* If we don't have any whitelist entries just
1920 * disable all scanning. If there are entries
1921 * and we had both page and inquiry scanning
1922 * enabled then fall back to only page scanning.
1923 * Otherwise no changes are needed.
1924 */
1925 if (list_empty(&hdev->whitelist))
1926 scan = SCAN_DISABLED;
1927 else if (test_bit(HCI_ISCAN, &hdev->flags))
1928 scan = SCAN_PAGE;
1929 else
1930 goto no_scan_update;
9b74246f
JH		 1931
1932 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1933 hdev->discov_timeout > 0)
9b74246f
JH		 1934 cancel_delayed_work(&hdev->discov_off);
1935 }
2b76f453 1936
9b74246f
JH		 1937 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1938 }
2b76f453 1939
3bd27240 1940no_scan_update:
4c01f8b8
JH		 1941 /* If we're going from non-connectable to connectable or
1942 * vice-versa when fast connectable is enabled ensure that fast
1943 * connectable gets disabled. write_fast_connectable won't do
1944 * anything if the page scan parameters are already what they
1945 * should be.
1946 */
1947 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1948 write_fast_connectable(&req, false);
1949
e8b1202c
JH		 1950 /* Update the advertising parameters if necessary */
1951 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1952 enable_advertising(&req);
1987fdc7 1953
2b76f453 1954 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1955 if (err < 0) {
a664b5bc 1956 mgmt_pending_remove(cmd);
9b74246f 1957 if (err == -ENODATA)
a81070ba
JH		 1958 err = set_connectable_update_settings(hdev, sk,
1959 cp->val);
9b74246f
JH		 1960 goto failed;
1961 }
9fbcbb45
JH		 1962
1963failed:
09fd0de5 1964 hci_dev_unlock(hdev);
9fbcbb45
JH		 1965 return err;
1966}
1967
b2939475 1968static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1969 u16 len)
c542a06c 1970{
650f726d 1971 struct mgmt_mode *cp = data;
55594356 1972 bool changed;
c542a06c
JH		 1973 int err;
1974
bdb6d971 1975 BT_DBG("request for %s", hdev->name);
c542a06c 1976
a7e80f25 1977 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1978 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1979 MGMT_STATUS_INVALID_PARAMS);
1980
09fd0de5 1981 hci_dev_lock(hdev);
c542a06c
JH		 1982
1983 if (cp->val)
b6ae8457 1984 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1985 else
b6ae8457 1986 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1987
b2939475 1988 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1989 if (err < 0)
55594356 1990 goto unlock;
c542a06c 1991
55594356
MH		 1992 if (changed)
1993 err = new_settings(hdev, sk);
c542a06c 1994
55594356 1995unlock:
09fd0de5 1996 hci_dev_unlock(hdev);
c542a06c
JH		 1997 return err;
1998}
1999
04124681
GP		 2000static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2001 u16 len)
33ef95ed
JH		 2002{
2003 struct mgmt_mode *cp = data;
2004 struct pending_cmd *cmd;
e6fe7986 2005 u8 val, status;
33ef95ed
JH		 2006 int err;
2007
bdb6d971 2008 BT_DBG("request for %s", hdev->name);
33ef95ed 2009
e6fe7986
JH		 2010 status = mgmt_bredr_support(hdev);
2011 if (status)
33c525c0 2012 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 2013 status);
33c525c0 2014
a7e80f25
JH		 2015 if (cp->val != 0x00 && cp->val != 0x01)
2016 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2017 MGMT_STATUS_INVALID_PARAMS);
2018
33ef95ed
JH		 2019 hci_dev_lock(hdev);
2020
4b34ee78 2021 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2022 bool changed = false;
2023
2024 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2025 &hdev->dev_flags)) {
47990ea0
JH		 2026 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2027 changed = true;
2028 }
2029
2030 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2031 if (err < 0)
2032 goto failed;
2033
2034 if (changed)
2035 err = new_settings(hdev, sk);
2036
33ef95ed
JH		 2037 goto failed;
2038 }
2039
2040 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2041 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2042 MGMT_STATUS_BUSY);
33ef95ed
JH		 2043 goto failed;
2044 }
2045
2046 val = !!cp->val;
2047
2048 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2049 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2050 goto failed;
2051 }
2052
2053 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2054 if (!cmd) {
2055 err = -ENOMEM;
2056 goto failed;
2057 }
2058
2059 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2060 if (err < 0) {
2061 mgmt_pending_remove(cmd);
2062 goto failed;
2063 }
2064
2065failed:
2066 hci_dev_unlock(hdev);
33ef95ed
JH		 2067 return err;
2068}
2069
bdb6d971 2070static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2071{
2072 struct mgmt_mode *cp = data;
2073 struct pending_cmd *cmd;
72ef0c1a 2074 u8 status;
ed2c4ee3
JH		 2075 int err;
2076
bdb6d971 2077 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2078
cdba5281
MH		 2079 status = mgmt_bredr_support(hdev);
2080 if (status)
2081 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2082
13ecd8b6
JH		 2083 if (!lmp_ssp_capable(hdev))
2084 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2085 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2086
a7e80f25
JH		 2087 if (cp->val != 0x00 && cp->val != 0x01)
2088 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2089 MGMT_STATUS_INVALID_PARAMS);
2090
13ecd8b6 2091 hci_dev_lock(hdev);
6c8f12c1 2092
4b34ee78 2093 if (!hdev_is_powered(hdev)) {
9ecb3e24 2094 bool changed;
c0ecddc2 2095
9ecb3e24
MH		 2096 if (cp->val) {
2097 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2098 &hdev->dev_flags);
2099 } else {
2100 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2101 &hdev->dev_flags);
2102 if (!changed)
2103 changed = test_and_clear_bit(HCI_HS_ENABLED,
2104 &hdev->dev_flags);
2105 else
2106 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2107 }
2108
2109 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2110 if (err < 0)
2111 goto failed;
2112
2113 if (changed)
2114 err = new_settings(hdev, sk);
2115
ed2c4ee3
JH		 2116 goto failed;
2117 }
2118
9ecb3e24
MH		 2119 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2120 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2121 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2122 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2123 goto failed;
2124 }
2125
72ef0c1a 2126 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2127 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2128 goto failed;
2129 }
2130
2131 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2132 if (!cmd) {
2133 err = -ENOMEM;
2134 goto failed;
2135 }
2136
3769972b
JH		 2137 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2138 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2139 sizeof(cp->val), &cp->val);
2140
72ef0c1a 2141 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2142 if (err < 0) {
2143 mgmt_pending_remove(cmd);
2144 goto failed;
2145 }
2146
2147failed:
2148 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2149 return err;
2150}
2151
bdb6d971 2152static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2153{
2154 struct mgmt_mode *cp = data;
ee392693 2155 bool changed;
e6fe7986 2156 u8 status;
ee392693 2157 int err;
6d80dfd0 2158
bdb6d971 2159 BT_DBG("request for %s", hdev->name);
6d80dfd0 2160
e6fe7986
JH		 2161 status = mgmt_bredr_support(hdev);
2162 if (status)
2163 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2164
9ecb3e24
MH		 2165 if (!lmp_ssp_capable(hdev))
2166 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2167 MGMT_STATUS_NOT_SUPPORTED);
2168
2169 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2170 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2171 MGMT_STATUS_REJECTED);
2172
a7e80f25
JH		 2173 if (cp->val != 0x00 && cp->val != 0x01)
2174 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2175 MGMT_STATUS_INVALID_PARAMS);
2176
ee392693
MH		 2177 hci_dev_lock(hdev);
2178
a0cdf960 2179 if (cp->val) {
ee392693 2180 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2181 } else {
2182 if (hdev_is_powered(hdev)) {
2183 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2184 MGMT_STATUS_REJECTED);
2185 goto unlock;
2186 }
2187
ee392693 2188 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2189 }
ee392693
MH		 2190
2191 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2192 if (err < 0)
2193 goto unlock;
2194
2195 if (changed)
2196 err = new_settings(hdev, sk);
6d80dfd0 2197
ee392693
MH		 2198unlock:
2199 hci_dev_unlock(hdev);
2200 return err;
6d80dfd0
JH		 2201}
2202
1904a853 2203static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2204{
2205 struct cmd_lookup match = { NULL, hdev };
2206
3ad67582
JK		 2207 hci_dev_lock(hdev);
2208
416a4ae5
JH		 2209 if (status) {
2210 u8 mgmt_err = mgmt_status(status);
2211
2212 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2213 &mgmt_err);
3ad67582 2214 goto unlock;
416a4ae5
JH		 2215 }
2216
2217 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2218
2219 new_settings(hdev, match.sk);
2220
2221 if (match.sk)
2222 sock_put(match.sk);
441ad2d0
MH		 2223
2224 /* Make sure the controller has a good default for
2225 * advertising data. Restrict the update to when LE
2226 * has actually been enabled. During power on, the
2227 * update in powered_update_hci will take care of it.
2228 */
2229 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2230 struct hci_request req;
2231
441ad2d0 2232 hci_req_init(&req, hdev);
5947f4bc 2233 update_adv_data(&req);
f14d8f64 2234 update_scan_rsp_data(&req);
2cf22218 2235 __hci_update_background_scan(&req);
441ad2d0 2236 hci_req_run(&req, NULL);
441ad2d0 2237 }
3ad67582
JK		 2238
2239unlock:
2240 hci_dev_unlock(hdev);
416a4ae5
JH		 2241}
2242
bdb6d971 2243static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2244{
2245 struct mgmt_mode *cp = data;
2246 struct hci_cp_write_le_host_supported hci_cp;
2247 struct pending_cmd *cmd;
416a4ae5 2248 struct hci_request req;
06199cf8 2249 int err;
0b60eba1 2250 u8 val, enabled;
06199cf8 2251
bdb6d971 2252 BT_DBG("request for %s", hdev->name);
06199cf8 2253
13ecd8b6
JH		 2254 if (!lmp_le_capable(hdev))
2255 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2256 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2257
a7e80f25
JH		 2258 if (cp->val != 0x00 && cp->val != 0x01)
2259 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2260 MGMT_STATUS_INVALID_PARAMS);
2261
c73eee91 2262 /* LE-only devices do not allow toggling LE on/off */
56f87901 2263 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2264 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2265 MGMT_STATUS_REJECTED);
2266
13ecd8b6 2267 hci_dev_lock(hdev);
06199cf8
JH		 2268
2269 val = !!cp->val;
ffa88e02 2270 enabled = lmp_host_le_capable(hdev);
06199cf8 2271
0b60eba1 2272 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2273 bool changed = false;
2274
2275 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2276 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2277 changed = true;
2278 }
2279
f3d3444a
JH		 2280 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2281 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2282 changed = true;
2283 }
2284
06199cf8
JH		 2285 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2286 if (err < 0)
1de028ce 2287 goto unlock;
06199cf8
JH		 2288
2289 if (changed)
2290 err = new_settings(hdev, sk);
2291
1de028ce 2292 goto unlock;
06199cf8
JH		 2293 }
2294
4375f103
JH		 2295 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2296 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2297 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2298 MGMT_STATUS_BUSY);
1de028ce 2299 goto unlock;
06199cf8
JH		 2300 }
2301
2302 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2303 if (!cmd) {
2304 err = -ENOMEM;
1de028ce 2305 goto unlock;
06199cf8
JH		 2306 }
2307
441ad2d0
MH		 2308 hci_req_init(&req, hdev);
2309
06199cf8
JH		 2310 memset(&hci_cp, 0, sizeof(hci_cp));
2311
2312 if (val) {
2313 hci_cp.le = val;
32226e4f 2314 hci_cp.simul = 0x00;
441ad2d0 2315 } else {
73e082f8 2316 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2317 disable_advertising(&req);
06199cf8
JH		 2318 }
2319
416a4ae5
JH		 2320 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2321 &hci_cp);
2322
2323 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2324 if (err < 0)
06199cf8 2325 mgmt_pending_remove(cmd);
06199cf8 2326
1de028ce
JH		 2327unlock:
2328 hci_dev_unlock(hdev);
06199cf8
JH		 2329 return err;
2330}
2331
0cab9c80
JH		 2332/* This is a helper function to test for pending mgmt commands that can
2333 * cause CoD or EIR HCI commands. We can only allow one such pending
2334 * mgmt command at a time since otherwise we cannot easily track what
2335 * the current values are, will be, and based on that calculate if a new
2336 * HCI command needs to be sent and if yes with what value.
2337 */
2338static bool pending_eir_or_class(struct hci_dev *hdev)
2339{
2340 struct pending_cmd *cmd;
2341
2342 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2343 switch (cmd->opcode) {
2344 case MGMT_OP_ADD_UUID:
2345 case MGMT_OP_REMOVE_UUID:
2346 case MGMT_OP_SET_DEV_CLASS:
2347 case MGMT_OP_SET_POWERED:
2348 return true;
2349 }
2350 }
2351
2352 return false;
2353}
2354
83be8eca
JH		 2355static const u8 bluetooth_base_uuid[] = {
2356 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2357 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2358};
2359
2360static u8 get_uuid_size(const u8 *uuid)
2361{
2362 u32 val;
2363
2364 if (memcmp(uuid, bluetooth_base_uuid, 12))
2365 return 128;
2366
2367 val = get_unaligned_le32(&uuid[12]);
2368 if (val > 0xffff)
2369 return 32;
2370
2371 return 16;
2372}
2373
92da6097
JH		 2374static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2375{
2376 struct pending_cmd *cmd;
2377
2378 hci_dev_lock(hdev);
2379
2380 cmd = mgmt_pending_find(mgmt_op, hdev);
2381 if (!cmd)
2382 goto unlock;
2383
2384 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2385 hdev->dev_class, 3);
2386
2387 mgmt_pending_remove(cmd);
2388
2389unlock:
2390 hci_dev_unlock(hdev);
2391}
2392
1904a853 2393static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2394{
2395 BT_DBG("status 0x%02x", status);
2396
2397 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2398}
2399
bdb6d971 2400static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2401{
650f726d 2402 struct mgmt_cp_add_uuid *cp = data;
90e70454 2403 struct pending_cmd *cmd;
890ea898 2404 struct hci_request req;
2aeb9a1a 2405 struct bt_uuid *uuid;
2aeb9a1a
JH		 2406 int err;
2407
bdb6d971 2408 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2409
09fd0de5 2410 hci_dev_lock(hdev);
2aeb9a1a 2411
0cab9c80 2412 if (pending_eir_or_class(hdev)) {
bdb6d971 2413 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2414 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2415 goto failed;
2416 }
2417
92c4c204 2418 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2419 if (!uuid) {
2420 err = -ENOMEM;
2421 goto failed;
2422 }
2423
2424 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2425 uuid->svc_hint = cp->svc_hint;
83be8eca 2426 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2427
de66aa63 2428 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2429
890ea898 2430 hci_req_init(&req, hdev);
1aff6f09 2431
890ea898
JH		 2432 update_class(&req);
2433 update_eir(&req);
2434
92da6097
JH		 2435 err = hci_req_run(&req, add_uuid_complete);
2436 if (err < 0) {
2437 if (err != -ENODATA)
2438 goto failed;
80a1e1db 2439
bdb6d971 2440 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2441 hdev->dev_class, 3);
90e70454
JH		 2442 goto failed;
2443 }
2444
2445 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2446 if (!cmd) {
90e70454 2447 err = -ENOMEM;
890ea898
JH		 2448 goto failed;
2449 }
2450
2451 err = 0;
2aeb9a1a
JH		 2452
2453failed:
09fd0de5 2454 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2455 return err;
2456}
2457
24b78d0f
JH		 2458static bool enable_service_cache(struct hci_dev *hdev)
2459{
2460 if (!hdev_is_powered(hdev))
2461 return false;
2462
2463 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2464 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2465 CACHE_TIMEOUT);
24b78d0f
JH		 2466 return true;
2467 }
2468
2469 return false;
2470}
2471
1904a853 2472static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2473{
2474 BT_DBG("status 0x%02x", status);
2475
2476 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2477}
2478
bdb6d971 2479static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2480 u16 len)
2aeb9a1a 2481{
650f726d 2482 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2483 struct pending_cmd *cmd;
056341c8 2484 struct bt_uuid *match, *tmp;
2aeb9a1a 2485 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2486 struct hci_request req;
2aeb9a1a
JH		 2487 int err, found;
2488
bdb6d971 2489 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2490
09fd0de5 2491 hci_dev_lock(hdev);
2aeb9a1a 2492
0cab9c80 2493 if (pending_eir_or_class(hdev)) {
bdb6d971 2494 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2495 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2496 goto unlock;
2497 }
2498
2aeb9a1a 2499 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2500 hci_uuids_clear(hdev);
4004b6d9 2501
24b78d0f 2502 if (enable_service_cache(hdev)) {
bdb6d971 2503 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2504 0, hdev->dev_class, 3);
24b78d0f
JH		 2505 goto unlock;
2506 }
4004b6d9 2507
9246a869 2508 goto update_class;
2aeb9a1a
JH		 2509 }
2510
2511 found = 0;
2512
056341c8 2513 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2514 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2515 continue;
2516
2517 list_del(&match->list);
482049f7 2518 kfree(match);
2aeb9a1a
JH		 2519 found++;
2520 }
2521
2522 if (found == 0) {
bdb6d971 2523 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2524 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2525 goto unlock;
2526 }
2527
9246a869 2528update_class:
890ea898 2529 hci_req_init(&req, hdev);
1aff6f09 2530
890ea898
JH		 2531 update_class(&req);
2532 update_eir(&req);
2533
92da6097
JH		 2534 err = hci_req_run(&req, remove_uuid_complete);
2535 if (err < 0) {
2536 if (err != -ENODATA)
2537 goto unlock;
80a1e1db 2538
bdb6d971 2539 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2540 hdev->dev_class, 3);
90e70454
JH		 2541 goto unlock;
2542 }
2543
2544 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2545 if (!cmd) {
90e70454 2546 err = -ENOMEM;
890ea898
JH		 2547 goto unlock;
2548 }
2549
2550 err = 0;
2aeb9a1a
JH		 2551
2552unlock:
09fd0de5 2553 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2554 return err;
2555}
2556
1904a853 2557static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2558{
2559 BT_DBG("status 0x%02x", status);
2560
2561 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2562}
2563
bdb6d971 2564static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2565 u16 len)
1aff6f09 2566{
650f726d 2567 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2568 struct pending_cmd *cmd;
890ea898 2569 struct hci_request req;
1aff6f09
JH		 2570 int err;
2571
bdb6d971 2572 BT_DBG("request for %s", hdev->name);
1aff6f09 2573
6203fc98 2574 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2575 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2576 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2577
0cab9c80 2578 hci_dev_lock(hdev);
ee98f473 2579
0cab9c80
JH		 2580 if (pending_eir_or_class(hdev)) {
2581 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2582 MGMT_STATUS_BUSY);
2583 goto unlock;
2584 }
c95f0ba7 2585
0cab9c80
JH		 2586 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2587 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2588 MGMT_STATUS_INVALID_PARAMS);
2589 goto unlock;
2590 }
575b3a02 2591
932f5ff5
JH		 2592 hdev->major_class = cp->major;
2593 hdev->minor_class = cp->minor;
2594
b5235a65 2595 if (!hdev_is_powered(hdev)) {
bdb6d971 2596 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2597 hdev->dev_class, 3);
b5235a65
JH		 2598 goto unlock;
2599 }
2600
890ea898
JH		 2601 hci_req_init(&req, hdev);
2602
a8b2d5c2 2603 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2604 hci_dev_unlock(hdev);
2605 cancel_delayed_work_sync(&hdev->service_cache);
2606 hci_dev_lock(hdev);
890ea898 2607 update_eir(&req);
7d78525d 2608 }
14c0b608 2609
890ea898
JH		 2610 update_class(&req);
2611
92da6097
JH		 2612 err = hci_req_run(&req, set_class_complete);
2613 if (err < 0) {
2614 if (err != -ENODATA)
2615 goto unlock;
1aff6f09 2616
bdb6d971 2617 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2618 hdev->dev_class, 3);
90e70454
JH		 2619 goto unlock;
2620 }
2621
2622 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2623 if (!cmd) {
90e70454 2624 err = -ENOMEM;
890ea898
JH		 2625 goto unlock;
2626 }
2627
2628 err = 0;
1aff6f09 2629
b5235a65 2630unlock:
09fd0de5 2631 hci_dev_unlock(hdev);
1aff6f09
JH		 2632 return err;
2633}
2634
bdb6d971 2635static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2636 u16 len)
55ed8ca1 2637{
650f726d 2638 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2639 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2640 sizeof(struct mgmt_link_key_info));
4e51eae9 2641 u16 key_count, expected_len;
b1de97d8 2642 bool changed;
a492cd52 2643 int i;
55ed8ca1 2644
9060d5cf
MH		 2645 BT_DBG("request for %s", hdev->name);
2646
2647 if (!lmp_bredr_capable(hdev))
2648 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2649 MGMT_STATUS_NOT_SUPPORTED);
2650
1f350c87 2651 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2652 if (key_count > max_key_count) {
2653 BT_ERR("load_link_keys: too big key_count value %u",
2654 key_count);
2655 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2656 MGMT_STATUS_INVALID_PARAMS);
2657 }
55ed8ca1 2658
86742e1e
JH		 2659 expected_len = sizeof(*cp) + key_count *
2660 sizeof(struct mgmt_link_key_info);
a492cd52 2661 if (expected_len != len) {
86742e1e 2662 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2663 expected_len, len);
bdb6d971 2664 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2665 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2666 }
2667
4ae14301
JH		 2668 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2669 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2670 MGMT_STATUS_INVALID_PARAMS);
2671
bdb6d971 2672 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2673 key_count);
55ed8ca1 2674
4ee71b20
JH		 2675 for (i = 0; i < key_count; i++) {
2676 struct mgmt_link_key_info *key = &cp->keys[i];
2677
8e991132 2678 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2679 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2680 MGMT_STATUS_INVALID_PARAMS);
2681 }
2682
09fd0de5 2683 hci_dev_lock(hdev);
55ed8ca1
JH		 2684
2685 hci_link_keys_clear(hdev);
2686
55ed8ca1 2687 if (cp->debug_keys)
0663b297
JH		 2688 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2689 &hdev->dev_flags);
55ed8ca1 2690 else
0663b297
JH		 2691 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2692 &hdev->dev_flags);
b1de97d8
MH		 2693
2694 if (changed)
2695 new_settings(hdev, NULL);
55ed8ca1 2696
a492cd52 2697 for (i = 0; i < key_count; i++) {
86742e1e 2698 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2699
58e9293c
JH		 2700 /* Always ignore debug keys and require a new pairing if
2701 * the user wants to use them.
2702 */
2703 if (key->type == HCI_LK_DEBUG_COMBINATION)
2704 continue;
2705
7652ff6a
JH		 2706 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2707 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2708 }
2709
bdb6d971 2710 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2711
09fd0de5 2712 hci_dev_unlock(hdev);
55ed8ca1 2713
a492cd52 2714 return 0;
55ed8ca1
JH		 2715}
2716
b1078ad0 2717static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2718 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2719{
2720 struct mgmt_ev_device_unpaired ev;
2721
2722 bacpy(&ev.addr.bdaddr, bdaddr);
2723 ev.addr.type = addr_type;
2724
2725 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2726 skip_sk);
b1078ad0
JH		 2727}
2728
bdb6d971 2729static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2730 u16 len)
55ed8ca1 2731{
124f6e35
JH		 2732 struct mgmt_cp_unpair_device *cp = data;
2733 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2734 struct hci_cp_disconnect dc;
2735 struct pending_cmd *cmd;
55ed8ca1 2736 struct hci_conn *conn;
55ed8ca1
JH		 2737 int err;
2738
a8a1d19e 2739 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2740 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2741 rp.addr.type = cp->addr.type;
a8a1d19e 2742
4ee71b20
JH		 2743 if (!bdaddr_type_is_valid(cp->addr.type))
2744 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2745 MGMT_STATUS_INVALID_PARAMS,
2746 &rp, sizeof(rp));
2747
118da70b
JH		 2748 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2749 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2750 MGMT_STATUS_INVALID_PARAMS,
2751 &rp, sizeof(rp));
2752
4ee71b20
JH		 2753 hci_dev_lock(hdev);
2754
86a8cfc6 2755 if (!hdev_is_powered(hdev)) {
bdb6d971 2756 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2757 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2758 goto unlock;
2759 }
2760
e0b2b27e 2761 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2762 /* If disconnection is requested, then look up the
2763 * connection. If the remote device is connected, it
2764 * will be later used to terminate the link.
2765 *
2766 * Setting it to NULL explicitly will cause no
2767 * termination of the link.
2768 */
2769 if (cp->disconnect)
2770 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2771 &cp->addr.bdaddr);
2772 else
2773 conn = NULL;
2774
124f6e35 2775 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2776 } else {
2777 u8 addr_type;
2778
89cbb063
AA		 2779 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2780 &cp->addr.bdaddr);
2781 if (conn) {
2782 /* Defer clearing up the connection parameters
2783 * until closing to give a chance of keeping
2784 * them if a repairing happens.
2785 */
2786 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2787
2788 /* If disconnection is not requested, then
2789 * clear the connection variable so that the
2790 * link is not terminated.
2791 */
2792 if (!cp->disconnect)
2793 conn = NULL;
2794 }
2795
e0b2b27e
JH		 2796 if (cp->addr.type == BDADDR_LE_PUBLIC)
2797 addr_type = ADDR_LE_DEV_PUBLIC;
2798 else
2799 addr_type = ADDR_LE_DEV_RANDOM;
2800
a7ec7338
JH		 2801 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2802
e0b2b27e
JH		 2803 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2804 }
b0dbfb46 2805
55ed8ca1 2806 if (err < 0) {
bdb6d971 2807 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2808 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2809 goto unlock;
2810 }
2811
89cbb063
AA		 2812 /* If the connection variable is set, then termination of the
2813 * link is requested.
2814 */
a8a1d19e 2815 if (!conn) {
bdb6d971 2816 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2817 &rp, sizeof(rp));
b1078ad0 2818 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2819 goto unlock;
2820 }
55ed8ca1 2821
124f6e35 2822 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2823 sizeof(*cp));
a8a1d19e
JH		 2824 if (!cmd) {
2825 err = -ENOMEM;
2826 goto unlock;
55ed8ca1
JH		 2827 }
2828
d8b7b1e4
JH		 2829 cmd->cmd_complete = addr_cmd_complete;
2830
eb55ef07 2831 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2832 dc.reason = 0x13; /* Remote User Terminated Connection */
2833 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2834 if (err < 0)
2835 mgmt_pending_remove(cmd);
2836
55ed8ca1 2837unlock:
09fd0de5 2838 hci_dev_unlock(hdev);
55ed8ca1
JH		 2839 return err;
2840}
2841
bdb6d971 2842static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2843 u16 len)
8962ee74 2844{
650f726d 2845 struct mgmt_cp_disconnect *cp = data;
06a63b19 2846 struct mgmt_rp_disconnect rp;
366a0336 2847 struct pending_cmd *cmd;
8962ee74 2848 struct hci_conn *conn;
8962ee74
JH		 2849 int err;
2850
2851 BT_DBG("");
2852
06a63b19
JH		 2853 memset(&rp, 0, sizeof(rp));
2854 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2855 rp.addr.type = cp->addr.type;
2856
4ee71b20 2857 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2858 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2859 MGMT_STATUS_INVALID_PARAMS,
2860 &rp, sizeof(rp));
4ee71b20 2861
09fd0de5 2862 hci_dev_lock(hdev);
8962ee74
JH		 2863
2864 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2865 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2866 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2867 goto failed;
2868 }
2869
2e58ef3e 2870 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2871 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2872 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2873 goto failed;
2874 }
2875
591f47f3 2876 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2877 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2878 &cp->addr.bdaddr);
88c3df13
JH		 2879 else
2880 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2881
f960727e 2882 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2883 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2884 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2885 goto failed;
2886 }
2887
2e58ef3e 2888 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2889 if (!cmd) {
2890 err = -ENOMEM;
8962ee74 2891 goto failed;
366a0336 2892 }
8962ee74 2893
f5818c22
JH		 2894 cmd->cmd_complete = generic_cmd_complete;
2895
e3f2f92a 2896 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2897 if (err < 0)
a664b5bc 2898 mgmt_pending_remove(cmd);
8962ee74
JH		 2899
2900failed:
09fd0de5 2901 hci_dev_unlock(hdev);
8962ee74
JH		 2902 return err;
2903}
2904
57c1477c 2905static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2906{
2907 switch (link_type) {
2908 case LE_LINK:
48264f06
JH		 2909 switch (addr_type) {
2910 case ADDR_LE_DEV_PUBLIC:
591f47f3 2911 return BDADDR_LE_PUBLIC;
0ed09148 2912
48264f06 2913 default:
0ed09148 2914 /* Fallback to LE Random address type */
591f47f3 2915 return BDADDR_LE_RANDOM;
48264f06 2916 }
0ed09148 2917
4c659c39 2918 default:
0ed09148 2919 /* Fallback to BR/EDR type */
591f47f3 2920 return BDADDR_BREDR;
4c659c39
JH		 2921 }
2922}
2923
04124681
GP		 2924static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2925 u16 data_len)
2784eb41 2926{
2784eb41 2927 struct mgmt_rp_get_connections *rp;
8035ded4 2928 struct hci_conn *c;
a38528f1 2929 size_t rp_len;
60fc5fb6
JH		 2930 int err;
2931 u16 i;
2784eb41
JH		 2932
2933 BT_DBG("");
2934
09fd0de5 2935 hci_dev_lock(hdev);
2784eb41 2936
5f97c1df 2937 if (!hdev_is_powered(hdev)) {
bdb6d971 2938 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2939 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2940 goto unlock;
2941 }
2942
60fc5fb6 2943 i = 0;
b644ba33
JH		 2944 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2945 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2946 i++;
2784eb41
JH		 2947 }
2948
60fc5fb6 2949 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2950 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2951 if (!rp) {
2784eb41
JH		 2952 err = -ENOMEM;
2953 goto unlock;
2954 }
2955
2784eb41 2956 i = 0;
4c659c39 2957 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2958 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2959 continue;
4c659c39 2960 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2961 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2962 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2963 continue;
2964 i++;
2965 }
2966
eb55ef07 2967 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2968
4c659c39
JH		 2969 /* Recalculate length in case of filtered SCO connections, etc */
2970 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2971
bdb6d971 2972 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2973 rp_len);
2784eb41 2974
a38528f1 2975 kfree(rp);
5f97c1df
JH		 2976
2977unlock:
09fd0de5 2978 hci_dev_unlock(hdev);
2784eb41
JH		 2979 return err;
2980}
2981
bdb6d971 2982static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2983 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2984{
2985 struct pending_cmd *cmd;
2986 int err;
2987
2e58ef3e 2988 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2989 sizeof(*cp));
96d97a67
WR		 2990 if (!cmd)
2991 return -ENOMEM;
2992
d8457698 2993 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2994 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2995 if (err < 0)
2996 mgmt_pending_remove(cmd);
2997
2998 return err;
2999}
3000
bdb6d971 3001static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3002 u16 len)
980e1a53 3003{
96d97a67 3004 struct hci_conn *conn;
650f726d 3005 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3006 struct hci_cp_pin_code_reply reply;
366a0336 3007 struct pending_cmd *cmd;
980e1a53
JH		 3008 int err;
3009
3010 BT_DBG("");
3011
09fd0de5 3012 hci_dev_lock(hdev);
980e1a53 3013
4b34ee78 3014 if (!hdev_is_powered(hdev)) {
bdb6d971 3015 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3016 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3017 goto failed;
3018 }
3019
d8457698 3020 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3021 if (!conn) {
bdb6d971 3022 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3023 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3024 goto failed;
3025 }
3026
3027 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3028 struct mgmt_cp_pin_code_neg_reply ncp;
3029
3030 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3031
3032 BT_ERR("PIN code is not 16 bytes long");
3033
bdb6d971 3034 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3035 if (err >= 0)
bdb6d971 3036 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3037 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3038
3039 goto failed;
3040 }
3041
00abfe44 3042 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3043 if (!cmd) {
3044 err = -ENOMEM;
980e1a53 3045 goto failed;
366a0336 3046 }
980e1a53 3047
7776d1d8
JH		 3048 cmd->cmd_complete = addr_cmd_complete;
3049
d8457698 3050 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3051 reply.pin_len = cp->pin_len;
24718ca5 3052 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3053
3054 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3055 if (err < 0)
a664b5bc 3056 mgmt_pending_remove(cmd);
980e1a53
JH		 3057
3058failed:
09fd0de5 3059 hci_dev_unlock(hdev);
980e1a53
JH		 3060 return err;
3061}
3062
04124681
GP		 3063static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3064 u16 len)
17fa4b9d 3065{
650f726d 3066 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3067
3068 BT_DBG("");
3069
4ec86d4c
JH		 3070 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3071 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3072 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3073
09fd0de5 3074 hci_dev_lock(hdev);
17fa4b9d
JH		 3075
3076 hdev->io_capability = cp->io_capability;
3077
3078 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3079 hdev->io_capability);
17fa4b9d 3080
09fd0de5 3081 hci_dev_unlock(hdev);
17fa4b9d 3082
04124681
GP		 3083 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3084 0);
17fa4b9d
JH		 3085}
3086
6039aa73 3087static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3088{
3089 struct hci_dev *hdev = conn->hdev;
8035ded4 3090 struct pending_cmd *cmd;
e9a416b5 3091
2e58ef3e 3092 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3093 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3094 continue;
3095
e9a416b5
JH		 3096 if (cmd->user_data != conn)
3097 continue;
3098
3099 return cmd;
3100 }
3101
3102 return NULL;
3103}
3104
9df74653 3105static int pairing_complete(struct pending_cmd *cmd, u8 status)
e9a416b5
JH		 3106{
3107 struct mgmt_rp_pair_device rp;
3108 struct hci_conn *conn = cmd->user_data;
9df74653 3109 int err;
e9a416b5 3110
61b1a7fb
JH		 3111 bacpy(&rp.addr.bdaddr, &conn->dst);
3112 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3113
9df74653
JH		 3114 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3115 &rp, sizeof(rp));
e9a416b5
JH		 3116
3117 /* So we don't get further callbacks for this connection */
3118 conn->connect_cfm_cb = NULL;
3119 conn->security_cfm_cb = NULL;
3120 conn->disconn_cfm_cb = NULL;
3121
76a68ba0 3122 hci_conn_drop(conn);
89cbb063
AA		 3123
3124 /* The device is paired so there is no need to remove
3125 * its connection parameters anymore.
3126 */
3127 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3128
3129 hci_conn_put(conn);
9df74653
JH		 3130
3131 return err;
e9a416b5
JH		 3132}
3133
f4a407be
JH		 3134void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3135{
3136 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3137 struct pending_cmd *cmd;
3138
3139 cmd = find_pairing(conn);
a511b35b 3140 if (cmd) {
04ab2749 3141 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3142 mgmt_pending_remove(cmd);
3143 }
f4a407be
JH		 3144}
3145
e9a416b5
JH		 3146static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3147{
3148 struct pending_cmd *cmd;
3149
3150 BT_DBG("status %u", status);
3151
3152 cmd = find_pairing(conn);
a511b35b 3153 if (!cmd) {
e9a416b5 3154 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3155 return;
3156 }
3157
3158 cmd->cmd_complete(cmd, mgmt_status(status));
3159 mgmt_pending_remove(cmd);
e9a416b5
JH		 3160}
3161
f4a407be 3162static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3163{
3164 struct pending_cmd *cmd;
3165
3166 BT_DBG("status %u", status);
3167
3168 if (!status)
3169 return;
3170
3171 cmd = find_pairing(conn);
a511b35b 3172 if (!cmd) {
4c47d739 3173 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3174 return;
3175 }
3176
3177 cmd->cmd_complete(cmd, mgmt_status(status));
3178 mgmt_pending_remove(cmd);
4c47d739
VA		 3179}
3180
bdb6d971 3181static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3182 u16 len)
e9a416b5 3183{
650f726d 3184 struct mgmt_cp_pair_device *cp = data;
1425acb7 3185 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3186 struct pending_cmd *cmd;
3187 u8 sec_level, auth_type;
3188 struct hci_conn *conn;
e9a416b5
JH		 3189 int err;
3190
3191 BT_DBG("");
3192
f950a30e
SJ		 3193 memset(&rp, 0, sizeof(rp));
3194 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3195 rp.addr.type = cp->addr.type;
3196
4ee71b20
JH		 3197 if (!bdaddr_type_is_valid(cp->addr.type))
3198 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3199 MGMT_STATUS_INVALID_PARAMS,
3200 &rp, sizeof(rp));
3201
4ec86d4c
JH		 3202 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3203 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3204 MGMT_STATUS_INVALID_PARAMS,
3205 &rp, sizeof(rp));
3206
09fd0de5 3207 hci_dev_lock(hdev);
e9a416b5 3208
5f97c1df 3209 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3210 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3211 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3212 goto unlock;
3213 }
3214
c908df36 3215 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3216 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3217
6f77d8c7 3218 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3219 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3220 auth_type);
6f77d8c7
AG		 3221 } else {
3222 u8 addr_type;
3223
3224 /* Convert from L2CAP channel address type to HCI address type
3225 */
3226 if (cp->addr.type == BDADDR_LE_PUBLIC)
3227 addr_type = ADDR_LE_DEV_PUBLIC;
3228 else
3229 addr_type = ADDR_LE_DEV_RANDOM;
3230
7c264b10
MH		 3231 /* When pairing a new device, it is expected to remember
3232 * this device for future connections. Adding the connection
3233 * parameter information ahead of time allows tracking
3234 * of the slave preferred values and will speed up any
3235 * further connection establishment.
3236 *
3237 * If connection parameters already exist, then they
3238 * will be kept and this function does nothing.
3239 */
3240 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3241
6f77d8c7 3242 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3243 sec_level, HCI_LE_CONN_TIMEOUT,
3244 HCI_ROLE_MASTER);
6f77d8c7 3245 }
7a512d01 3246
30e76272 3247 if (IS_ERR(conn)) {
489dc48e
AK		 3248 int status;
3249
3250 if (PTR_ERR(conn) == -EBUSY)
3251 status = MGMT_STATUS_BUSY;
faa81030
LR		 3252 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3253 status = MGMT_STATUS_NOT_SUPPORTED;
3254 else if (PTR_ERR(conn) == -ECONNREFUSED)
3255 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3256 else
3257 status = MGMT_STATUS_CONNECT_FAILED;
3258
bdb6d971 3259 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3260 status, &rp,
04124681 3261 sizeof(rp));
e9a416b5
JH		 3262 goto unlock;
3263 }
3264
3265 if (conn->connect_cfm_cb) {
76a68ba0 3266 hci_conn_drop(conn);
bdb6d971 3267 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3268 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3269 goto unlock;
3270 }
3271
2e58ef3e 3272 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3273 if (!cmd) {
3274 err = -ENOMEM;
76a68ba0 3275 hci_conn_drop(conn);
e9a416b5
JH		 3276 goto unlock;
3277 }
3278
04ab2749
JH		 3279 cmd->cmd_complete = pairing_complete;
3280
7a512d01 3281 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3282 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3283 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3284 conn->security_cfm_cb = pairing_complete_cb;
3285 conn->disconn_cfm_cb = pairing_complete_cb;
3286 } else {
3287 conn->connect_cfm_cb = le_pairing_complete_cb;
3288 conn->security_cfm_cb = le_pairing_complete_cb;
3289 conn->disconn_cfm_cb = le_pairing_complete_cb;
3290 }
7a512d01 3291
e9a416b5 3292 conn->io_capability = cp->io_cap;
f8aaf9b6 3293 cmd->user_data = hci_conn_get(conn);
e9a416b5 3294
6f78fd4b 3295 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3296 hci_conn_security(conn, sec_level, auth_type, true)) {
3297 cmd->cmd_complete(cmd, 0);
3298 mgmt_pending_remove(cmd);
3299 }
e9a416b5
JH		 3300
3301 err = 0;
3302
3303unlock:
09fd0de5 3304 hci_dev_unlock(hdev);
e9a416b5
JH		 3305 return err;
3306}
3307
04124681
GP		 3308static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3309 u16 len)
28424707 3310{
0f4e68cf 3311 struct mgmt_addr_info *addr = data;
28424707
JH		 3312 struct pending_cmd *cmd;
3313 struct hci_conn *conn;
3314 int err;
3315
3316 BT_DBG("");
3317
28424707
JH		 3318 hci_dev_lock(hdev);
3319
5f97c1df 3320 if (!hdev_is_powered(hdev)) {
bdb6d971 3321 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3322 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3323 goto unlock;
3324 }
3325
28424707
JH		 3326 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3327 if (!cmd) {
bdb6d971 3328 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3329 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3330 goto unlock;
3331 }
3332
3333 conn = cmd->user_data;
3334
3335 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3336 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3337 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3338 goto unlock;
3339 }
3340
a511b35b
JH		 3341 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3342 mgmt_pending_remove(cmd);
28424707 3343
bdb6d971 3344 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3345 addr, sizeof(*addr));
28424707
JH		 3346unlock:
3347 hci_dev_unlock(hdev);
28424707
JH		 3348 return err;
3349}
3350
bdb6d971 3351static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3352 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3353 u16 hci_op, __le32 passkey)
a5c29683 3354{
a5c29683 3355 struct pending_cmd *cmd;
0df4c185 3356 struct hci_conn *conn;
a5c29683
JH		 3357 int err;
3358
09fd0de5 3359 hci_dev_lock(hdev);
08ba5382 3360
4b34ee78 3361 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3362 err = cmd_complete(sk, hdev->id, mgmt_op,
3363 MGMT_STATUS_NOT_POWERED, addr,
3364 sizeof(*addr));
0df4c185 3365 goto done;
a5c29683
JH		 3366 }
3367
1707c60e
JH		 3368 if (addr->type == BDADDR_BREDR)
3369 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3370 else
1707c60e 3371 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3372
3373 if (!conn) {
feb94d3d
JH		 3374 err = cmd_complete(sk, hdev->id, mgmt_op,
3375 MGMT_STATUS_NOT_CONNECTED, addr,
3376 sizeof(*addr));
272d90df
JH		 3377 goto done;
3378 }
47c15e2b 3379
1707c60e 3380 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3381 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3382 if (!err)
feb94d3d
JH		 3383 err = cmd_complete(sk, hdev->id, mgmt_op,
3384 MGMT_STATUS_SUCCESS, addr,
3385 sizeof(*addr));
5fe57d9e 3386 else
feb94d3d
JH		 3387 err = cmd_complete(sk, hdev->id, mgmt_op,
3388 MGMT_STATUS_FAILED, addr,
3389 sizeof(*addr));
47c15e2b 3390
47c15e2b
BG		 3391 goto done;
3392 }
3393
1707c60e 3394 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3395 if (!cmd) {
3396 err = -ENOMEM;
0df4c185 3397 goto done;
a5c29683
JH		 3398 }
3399
7776d1d8
JH		 3400 cmd->cmd_complete = addr_cmd_complete;
3401
0df4c185 3402 /* Continue with pairing via HCI */
604086b7
BG		 3403 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3404 struct hci_cp_user_passkey_reply cp;
3405
1707c60e 3406 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3407 cp.passkey = passkey;
3408 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3409 } else
1707c60e
JH		 3410 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3411 &addr->bdaddr);
604086b7 3412
a664b5bc
JH		 3413 if (err < 0)
3414 mgmt_pending_remove(cmd);
a5c29683 3415
0df4c185 3416done:
09fd0de5 3417 hci_dev_unlock(hdev);
a5c29683
JH		 3418 return err;
3419}
3420
afeb019d
JK		 3421static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3422 void *data, u16 len)
3423{
3424 struct mgmt_cp_pin_code_neg_reply *cp = data;
3425
3426 BT_DBG("");
3427
1707c60e 3428 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3429 MGMT_OP_PIN_CODE_NEG_REPLY,
3430 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3431}
3432
04124681
GP		 3433static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3434 u16 len)
0df4c185 3435{
650f726d 3436 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3437
3438 BT_DBG("");
3439
3440 if (len != sizeof(*cp))
bdb6d971 3441 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3442 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3443
1707c60e 3444 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3445 MGMT_OP_USER_CONFIRM_REPLY,
3446 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3447}
3448
bdb6d971 3449static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3450 void *data, u16 len)
0df4c185 3451{
c9c2659f 3452 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3453
3454 BT_DBG("");
3455
1707c60e 3456 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3457 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3458 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3459}
3460
04124681
GP		 3461static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3462 u16 len)
604086b7 3463{
650f726d 3464 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3465
3466 BT_DBG("");
3467
1707c60e 3468 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3469 MGMT_OP_USER_PASSKEY_REPLY,
3470 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3471}
3472
bdb6d971 3473static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3474 void *data, u16 len)
604086b7 3475{
650f726d 3476 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3477
3478 BT_DBG("");
3479
1707c60e 3480 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3481 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3482 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3483}
3484
13928971 3485static void update_name(struct hci_request *req)
2b4bf397 3486{
13928971 3487 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3488 struct hci_cp_write_local_name cp;
3489
13928971 3490 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3491
890ea898 3492 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3493}
3494
1904a853 3495static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3496{
3497 struct mgmt_cp_set_local_name *cp;
3498 struct pending_cmd *cmd;
3499
3500 BT_DBG("status 0x%02x", status);
3501
3502 hci_dev_lock(hdev);
3503
3504 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3505 if (!cmd)
3506 goto unlock;
3507
3508 cp = cmd->param;
3509
3510 if (status)
3511 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3512 mgmt_status(status));
3513 else
3514 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3515 cp, sizeof(*cp));
3516
3517 mgmt_pending_remove(cmd);
3518
3519unlock:
3520 hci_dev_unlock(hdev);
3521}
3522
bdb6d971 3523static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3524 u16 len)
b312b161 3525{
2b4bf397 3526 struct mgmt_cp_set_local_name *cp = data;
b312b161 3527 struct pending_cmd *cmd;
890ea898 3528 struct hci_request req;
b312b161
JH		 3529 int err;
3530
3531 BT_DBG("");
3532
09fd0de5 3533 hci_dev_lock(hdev);
b312b161 3534
b3f2ca94
JH		 3535 /* If the old values are the same as the new ones just return a
3536 * direct command complete event.
3537 */
3538 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3539 !memcmp(hdev->short_name, cp->short_name,
3540 sizeof(hdev->short_name))) {
3541 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3542 data, len);
3543 goto failed;
3544 }
3545
2b4bf397 3546 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3547
b5235a65 3548 if (!hdev_is_powered(hdev)) {
2b4bf397 3549 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3550
3551 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3552 data, len);
28cc7bde
JH		 3553 if (err < 0)
3554 goto failed;
3555
3556 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3557 sk);
28cc7bde 3558
b5235a65
JH		 3559 goto failed;
3560 }
3561
28cc7bde 3562 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3563 if (!cmd) {
3564 err = -ENOMEM;
3565 goto failed;
3566 }
3567
13928971
JH		 3568 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3569
890ea898 3570 hci_req_init(&req, hdev);
3f985050
JH		 3571
3572 if (lmp_bredr_capable(hdev)) {
3573 update_name(&req);
3574 update_eir(&req);
3575 }
3576
7a5f4990
MH		 3577 /* The name is stored in the scan response data and so
3578 * no need to udpate the advertising data here.
3579 */
3f985050 3580 if (lmp_le_capable(hdev))
7a5f4990 3581 update_scan_rsp_data(&req);
3f985050 3582
13928971 3583 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3584 if (err < 0)
3585 mgmt_pending_remove(cmd);
3586
3587failed:
09fd0de5 3588 hci_dev_unlock(hdev);
b312b161
JH		 3589 return err;
3590}
3591
0f4e68cf 3592static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3593 void *data, u16 data_len)
c35938b2 3594{
c35938b2
SJ		 3595 struct pending_cmd *cmd;
3596 int err;
3597
bdb6d971 3598 BT_DBG("%s", hdev->name);
c35938b2 3599
09fd0de5 3600 hci_dev_lock(hdev);
c35938b2 3601
4b34ee78 3602 if (!hdev_is_powered(hdev)) {
bdb6d971 3603 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3604 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3605 goto unlock;
3606 }
3607
9a1a1996 3608 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3609 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3610 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3611 goto unlock;
3612 }
3613
2e58ef3e 3614 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3615 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3616 MGMT_STATUS_BUSY);
c35938b2
SJ		 3617 goto unlock;
3618 }
3619
2e58ef3e 3620 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3621 if (!cmd) {
3622 err = -ENOMEM;
3623 goto unlock;
3624 }
3625
710f11c0 3626 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3627 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3628 0, NULL);
3629 else
3630 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3631
c35938b2
SJ		 3632 if (err < 0)
3633 mgmt_pending_remove(cmd);
3634
3635unlock:
09fd0de5 3636 hci_dev_unlock(hdev);
c35938b2
SJ		 3637 return err;
3638}
3639
bdb6d971 3640static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3641 void *data, u16 len)
2763eda6 3642{
5d57e796 3643 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3644 int err;
3645
bdb6d971 3646 BT_DBG("%s ", hdev->name);
2763eda6 3647
5d57e796
JH		 3648 if (!bdaddr_type_is_valid(addr->type))
3649 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3650 MGMT_STATUS_INVALID_PARAMS, addr,
3651 sizeof(*addr));
3652
09fd0de5 3653 hci_dev_lock(hdev);
2763eda6 3654
ec109113
MH		 3655 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3656 struct mgmt_cp_add_remote_oob_data *cp = data;
3657 u8 status;
bf1e3541 3658
c19a495c
JH		 3659 if (cp->addr.type != BDADDR_BREDR) {
3660 err = cmd_complete(sk, hdev->id,
3661 MGMT_OP_ADD_REMOTE_OOB_DATA,
3662 MGMT_STATUS_INVALID_PARAMS,
3663 &cp->addr, sizeof(cp->addr));
3664 goto unlock;
3665 }
3666
ec109113 3667 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3668 cp->addr.type, cp->hash,
3669 cp->rand, NULL, NULL);
ec109113
MH		 3670 if (err < 0)
3671 status = MGMT_STATUS_FAILED;
3672 else
3673 status = MGMT_STATUS_SUCCESS;
3674
3675 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3676 status, &cp->addr, sizeof(cp->addr));
3677 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3678 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3679 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3680 u8 status;
3681
86df9200 3682 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3683 /* Enforce zero-valued 192-bit parameters as
3684 * long as legacy SMP OOB isn't implemented.
3685 */
3686 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3687 memcmp(cp->hash192, ZERO_KEY, 16)) {
3688 err = cmd_complete(sk, hdev->id,
3689 MGMT_OP_ADD_REMOTE_OOB_DATA,
3690 MGMT_STATUS_INVALID_PARAMS,
3691 addr, sizeof(*addr));
3692 goto unlock;
3693 }
3694
86df9200
JH		 3695 rand192 = NULL;
3696 hash192 = NULL;
3697 } else {
41bcfd50
MH		 3698 /* In case one of the P-192 values is set to zero,
3699 * then just disable OOB data for P-192.
3700 */
3701 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3702 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3703 rand192 = NULL;
3704 hash192 = NULL;
3705 } else {
3706 rand192 = cp->rand192;
3707 hash192 = cp->hash192;
3708 }
3709 }
3710
3711 /* In case one of the P-256 values is set to zero, then just
3712 * disable OOB data for P-256.
3713 */
3714 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3715 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3716 rand256 = NULL;
3717 hash256 = NULL;
3718 } else {
3719 rand256 = cp->rand256;
3720 hash256 = cp->hash256;
86df9200
JH		 3721 }
3722
81328d5c 3723 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3724 cp->addr.type, hash192, rand192,
41bcfd50 3725 hash256, rand256);
ec109113
MH		 3726 if (err < 0)
3727 status = MGMT_STATUS_FAILED;
3728 else
3729 status = MGMT_STATUS_SUCCESS;
3730
3731 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3732 status, &cp->addr, sizeof(cp->addr));
3733 } else {
3734 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3735 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3736 MGMT_STATUS_INVALID_PARAMS);
3737 }
2763eda6 3738
c19a495c 3739unlock:
09fd0de5 3740 hci_dev_unlock(hdev);
2763eda6
SJ		 3741 return err;
3742}
3743
bdb6d971 3744static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3745 void *data, u16 len)
2763eda6 3746{
650f726d 3747 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3748 u8 status;
2763eda6
SJ		 3749 int err;
3750
bdb6d971 3751 BT_DBG("%s", hdev->name);
2763eda6 3752
c19a495c
JH		 3753 if (cp->addr.type != BDADDR_BREDR)
3754 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3755 MGMT_STATUS_INVALID_PARAMS,
3756 &cp->addr, sizeof(cp->addr));
3757
09fd0de5 3758 hci_dev_lock(hdev);
2763eda6 3759
eedbd581
JH		 3760 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3761 hci_remote_oob_data_clear(hdev);
3762 status = MGMT_STATUS_SUCCESS;
3763 goto done;
3764 }
3765
6928a924 3766 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3767 if (err < 0)
bf1e3541 3768 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3769 else
a6785be2 3770 status = MGMT_STATUS_SUCCESS;
bf1e3541 3771
eedbd581 3772done:
bdb6d971 3773 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3774 status, &cp->addr, sizeof(cp->addr));
2763eda6 3775
09fd0de5 3776 hci_dev_unlock(hdev);
2763eda6
SJ		 3777 return err;
3778}
3779
8019044d 3780static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3781{
8019044d
MH		 3782 struct hci_dev *hdev = req->hdev;
3783 struct hci_cp_le_set_scan_param param_cp;
3784 struct hci_cp_le_set_scan_enable enable_cp;
3785 struct hci_cp_inquiry inq_cp;
3786 /* General inquiry access code (GIAC) */
3787 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3788 u8 own_addr_type;
41dc2bd6
AG		 3789 int err;
3790
8019044d
MH		 3791 switch (hdev->discovery.type) {
3792 case DISCOV_TYPE_BREDR:
3793 *status = mgmt_bredr_support(hdev);
3794 if (*status)
3795 return false;
41dc2bd6 3796
8019044d
MH		 3797 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3798 *status = MGMT_STATUS_BUSY;
3799 return false;
3800 }
41dc2bd6 3801
8019044d 3802 hci_inquiry_cache_flush(hdev);
41dc2bd6 3803
8019044d
MH		 3804 memset(&inq_cp, 0, sizeof(inq_cp));
3805 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3806 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3807 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3808 break;
41dc2bd6 3809
8019044d
MH		 3810 case DISCOV_TYPE_LE:
3811 case DISCOV_TYPE_INTERLEAVED:
3812 *status = mgmt_le_support(hdev);
3813 if (*status)
3814 return false;
3815
3816 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3817 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3818 *status = MGMT_STATUS_NOT_SUPPORTED;
3819 return false;
3820 }
3821
3822 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3823 /* Don't let discovery abort an outgoing
3824 * connection attempt that's using directed
3825 * advertising.
3826 */
3827 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3828 BT_CONNECT)) {
3829 *status = MGMT_STATUS_REJECTED;
3830 return false;
3831 }
3832
3833 disable_advertising(req);
3834 }
3835
3836 /* If controller is scanning, it means the background scanning
3837 * is running. Thus, we should temporarily stop it in order to
3838 * set the discovery scanning parameters.
3839 */
3840 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3841 hci_req_add_le_scan_disable(req);
3842
3843 memset(&param_cp, 0, sizeof(param_cp));
3844
3845 /* All active scans will be done with either a resolvable
3846 * private address (when privacy feature has been enabled)
9437d2ed 3847 * or non-resolvable private address.
8019044d
MH		 3848 */
3849 err = hci_update_random_address(req, true, &own_addr_type);
3850 if (err < 0) {
3851 *status = MGMT_STATUS_FAILED;
3852 return false;
3853 }
3854
3855 param_cp.type = LE_SCAN_ACTIVE;
3856 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3857 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3858 param_cp.own_address_type = own_addr_type;
3859 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3860 &param_cp);
3861
3862 memset(&enable_cp, 0, sizeof(enable_cp));
3863 enable_cp.enable = LE_SCAN_ENABLE;
3864 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3865 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3866 &enable_cp);
3867 break;
3868
3869 default:
3870 *status = MGMT_STATUS_INVALID_PARAMS;
3871 return false;
3872 }
3873
3874 return true;
41dc2bd6
AG		 3875}
3876
1904a853
MH		 3877static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3878 u16 opcode)
7c307720 3879{
41dc2bd6 3880 struct pending_cmd *cmd;
11e6e25d 3881 unsigned long timeout;
ae55f598 3882
7c307720
AG		 3883 BT_DBG("status %d", status);
3884
11e6e25d 3885 hci_dev_lock(hdev);
41dc2bd6 3886
11e6e25d 3887 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3888 if (!cmd)
3889 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3890
11e6e25d 3891 if (cmd) {
2922a94f 3892 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3893 mgmt_pending_remove(cmd);
3894 }
7c307720
AG		 3895
3896 if (status) {
11e6e25d
MH		 3897 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3898 goto unlock;
7c307720
AG		 3899 }
3900
7c307720 3901 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3902
2d28cfe7
JP		 3903 /* If the scan involves LE scan, pick proper timeout to schedule
3904 * hdev->le_scan_disable that will stop it.
3905 */
7c307720
AG		 3906 switch (hdev->discovery.type) {
3907 case DISCOV_TYPE_LE:
3d5a76f0 3908 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3909 break;
7c307720 3910 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3911 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3912 break;
7c307720 3913 case DISCOV_TYPE_BREDR:
11e6e25d 3914 timeout = 0;
7c307720 3915 break;
7c307720
AG		 3916 default:
3917 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3918 timeout = 0;
3919 break;
7c307720 3920 }
ae55f598 3921
2d28cfe7
JP		 3922 if (timeout) {
3923 /* When service discovery is used and the controller has
3924 * a strict duplicate filter, it is important to remember
3925 * the start and duration of the scan. This is required
3926 * for restarting scanning during the discovery phase.
3927 */
3928 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3929 &hdev->quirks) &&
3930 (hdev->discovery.uuid_count > 0 ||
3931 hdev->discovery.rssi != HCI_RSSI_INVALID)) {
3932 hdev->discovery.scan_start = jiffies;
3933 hdev->discovery.scan_duration = timeout;
3934 }
3935
11e6e25d
MH		 3936 queue_delayed_work(hdev->workqueue,
3937 &hdev->le_scan_disable, timeout);
2d28cfe7 3938 }
ae55f598 3939
11e6e25d
MH		 3940unlock:
3941 hci_dev_unlock(hdev);
7c307720
AG		 3942}
3943
bdb6d971 3944static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3945 void *data, u16 len)
14a53664 3946{
650f726d 3947 struct mgmt_cp_start_discovery *cp = data;
14a53664 3948 struct pending_cmd *cmd;
7c307720 3949 struct hci_request req;
8019044d 3950 u8 status;
14a53664
JH		 3951 int err;
3952
bdb6d971 3953 BT_DBG("%s", hdev->name);
14a53664 3954
09fd0de5 3955 hci_dev_lock(hdev);
14a53664 3956
4b34ee78 3957 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3958 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3959 MGMT_STATUS_NOT_POWERED,
3960 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3961 goto failed;
3962 }
3963
f5a969f2
MH		 3964 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3965 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3966 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3967 MGMT_STATUS_BUSY, &cp->type,
3968 sizeof(cp->type));
642be6c7
AG		 3969 goto failed;
3970 }
3971
2922a94f 3972 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 3973 if (!cmd) {
3974 err = -ENOMEM;
3975 goto failed;
3976 }
3977
2922a94f
JH		 3978 cmd->cmd_complete = generic_cmd_complete;
3979
22078800
MH		 3980 /* Clear the discovery filter first to free any previously
3981 * allocated memory for the UUID list.
3982 */
3983 hci_discovery_filter_clear(hdev);
3984
4aab14e5 3985 hdev->discovery.type = cp->type;
da25cf6a 3986 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3987
7c307720
AG		 3988 hci_req_init(&req, hdev);
3989
8019044d 3990 if (!trigger_discovery(&req, &status)) {
a736abc1 3991 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
8019044d 3992 status, &cp->type, sizeof(cp->type));
04106755
JH		 3993 mgmt_pending_remove(cmd);
3994 goto failed;
f39799f5 3995 }
04106755 3996
7c307720 3997 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3998 if (err < 0) {
14a53664 3999 mgmt_pending_remove(cmd);
f5a969f2
MH		 4000 goto failed;
4001 }
7c307720 4002
f5a969f2 4003 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4004
14a53664 4005failed:
09fd0de5 4006 hci_dev_unlock(hdev);
14a53664
JH		 4007 return err;
4008}
f39799f5 4009
9df74653 4010static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
2922a94f 4011{
9df74653
JH		 4012 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4013 cmd->param, 1);
2922a94f 4014}
04106755 4015
66ea9427
JP		 4016static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4017 void *data, u16 len)
4018{
4019 struct mgmt_cp_start_service_discovery *cp = data;
4020 struct pending_cmd *cmd;
4021 struct hci_request req;
4022 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4023 u16 uuid_count, expected_len;
4024 u8 status;
4025 int err;
04106755 4026
66ea9427 4027 BT_DBG("%s", hdev->name);
e8bb6b97 4028
66ea9427 4029 hci_dev_lock(hdev);
7c307720 4030
66ea9427
JP		 4031 if (!hdev_is_powered(hdev)) {
4032 err = cmd_complete(sk, hdev->id,
4033 MGMT_OP_START_SERVICE_DISCOVERY,
4034 MGMT_STATUS_NOT_POWERED,
4035 &cp->type, sizeof(cp->type));
4036 goto failed;
4037 }
7c307720 4038
66ea9427
JP		 4039 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4040 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
4041 err = cmd_complete(sk, hdev->id,
4042 MGMT_OP_START_SERVICE_DISCOVERY,
4043 MGMT_STATUS_BUSY, &cp->type,
4044 sizeof(cp->type));
4045 goto failed;
4046 }
d9483943 4047
66ea9427
JP		 4048 uuid_count = __le16_to_cpu(cp->uuid_count);
4049 if (uuid_count > max_uuid_count) {
4050 BT_ERR("service_discovery: too big uuid_count value %u",
4051 uuid_count);
4052 err = cmd_complete(sk, hdev->id,
4053 MGMT_OP_START_SERVICE_DISCOVERY,
4054 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4055 sizeof(cp->type));
4056 goto failed;
4057 }
4058
4059 expected_len = sizeof(*cp) + uuid_count * 16;
4060 if (expected_len != len) {
4061 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4062 expected_len, len);
4063 err = cmd_complete(sk, hdev->id,
4064 MGMT_OP_START_SERVICE_DISCOVERY,
4065 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4066 sizeof(cp->type));
4067 goto failed;
4068 }
4069
4070 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4071 hdev, data, len);
66ea9427
JP		 4072 if (!cmd) {
4073 err = -ENOMEM;
4074 goto failed;
4075 }
4076
2922a94f
JH		 4077 cmd->cmd_complete = service_discovery_cmd_complete;
4078
22078800
MH		 4079 /* Clear the discovery filter first to free any previously
4080 * allocated memory for the UUID list.
4081 */
4082 hci_discovery_filter_clear(hdev);
4083
66ea9427
JP		 4084 hdev->discovery.type = cp->type;
4085 hdev->discovery.rssi = cp->rssi;
4086 hdev->discovery.uuid_count = uuid_count;
4087
4088 if (uuid_count > 0) {
4089 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4090 GFP_KERNEL);
4091 if (!hdev->discovery.uuids) {
a736abc1 4092 err = cmd_complete(sk, hdev->id,
66ea9427 4093 MGMT_OP_START_SERVICE_DISCOVERY,
a736abc1
SJ		 4094 MGMT_STATUS_FAILED,
4095 &cp->type, sizeof(cp->type));
d9483943
JH		 4096 mgmt_pending_remove(cmd);
4097 goto failed;
4098 }
66ea9427 4099 }
d9483943 4100
66ea9427 4101 hci_req_init(&req, hdev);
5e0452c0 4102
66ea9427
JP		 4103 if (!trigger_discovery(&req, &status)) {
4104 err = cmd_complete(sk, hdev->id,
4105 MGMT_OP_START_SERVICE_DISCOVERY,
4106 status, &cp->type, sizeof(cp->type));
04106755
JH		 4107 mgmt_pending_remove(cmd);
4108 goto failed;
f39799f5 4109 }
3fd24153 4110
7c307720 4111 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4112 if (err < 0) {
14a53664 4113 mgmt_pending_remove(cmd);
66ea9427
JP		 4114 goto failed;
4115 }
4116
4117 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4118
4119failed:
09fd0de5 4120 hci_dev_unlock(hdev);
14a53664
JH		 4121 return err;
4122}
4123
1904a853 4124static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca
AG		 4125{
4126 struct pending_cmd *cmd;
1183fdca 4127
0e05bba6
AG		 4128 BT_DBG("status %d", status);
4129
4130 hci_dev_lock(hdev);
4131
11e6e25d
MH		 4132 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4133 if (cmd) {
2922a94f 4134 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4135 mgmt_pending_remove(cmd);
0e05bba6
AG		 4136 }
4137
11e6e25d
MH		 4138 if (!status)
4139 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4140
0e05bba6
AG		 4141 hci_dev_unlock(hdev);
4142}
4143
bdb6d971 4144static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4145 u16 len)
14a53664 4146{
d930650b 4147 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 4148 struct pending_cmd *cmd;
0e05bba6 4149 struct hci_request req;
14a53664
JH		 4150 int err;
4151
bdb6d971 4152 BT_DBG("%s", hdev->name);
14a53664 4153
09fd0de5 4154 hci_dev_lock(hdev);
14a53664 4155
30dc78e1 4156 if (!hci_discovery_active(hdev)) {
bdb6d971 4157 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4158 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4159 sizeof(mgmt_cp->type));
d930650b
JH		 4160 goto unlock;
4161 }
4162
4163 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 4164 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4165 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4166 sizeof(mgmt_cp->type));
30dc78e1 4167 goto unlock;
ff9ef578
JH		 4168 }
4169
2922a94f 4170 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4171 if (!cmd) {
4172 err = -ENOMEM;
30dc78e1
JH		 4173 goto unlock;
4174 }
4175
2922a94f
JH		 4176 cmd->cmd_complete = generic_cmd_complete;
4177
0e05bba6
AG		 4178 hci_req_init(&req, hdev);
4179
21a60d30 4180 hci_stop_discovery(&req);
e0d9727e 4181
21a60d30
JH		 4182 err = hci_req_run(&req, stop_discovery_complete);
4183 if (!err) {
4184 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4185 goto unlock;
14a53664
JH		 4186 }
4187
21a60d30
JH		 4188 mgmt_pending_remove(cmd);
4189
4190 /* If no HCI commands were sent we're done */
4191 if (err == -ENODATA) {
4192 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4193 &mgmt_cp->type, sizeof(mgmt_cp->type));
4194 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4195 }
14a53664 4196
30dc78e1 4197unlock:
09fd0de5 4198 hci_dev_unlock(hdev);
14a53664
JH		 4199 return err;
4200}
4201
bdb6d971 4202static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4203 u16 len)
561aafbc 4204{
650f726d 4205 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4206 struct inquiry_entry *e;
561aafbc
JH		 4207 int err;
4208
bdb6d971 4209 BT_DBG("%s", hdev->name);
561aafbc 4210
561aafbc
JH		 4211 hci_dev_lock(hdev);
4212
30dc78e1 4213 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4214 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4215 MGMT_STATUS_FAILED, &cp->addr,
4216 sizeof(cp->addr));
30dc78e1
JH		 4217 goto failed;
4218 }
4219
a198e7b1 4220 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4221 if (!e) {
d3a2541d
LR		 4222 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4223 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4224 sizeof(cp->addr));
561aafbc
JH		 4225 goto failed;
4226 }
4227
4228 if (cp->name_known) {
4229 e->name_state = NAME_KNOWN;
4230 list_del(&e->list);
4231 } else {
4232 e->name_state = NAME_NEEDED;
a3d4e20a 4233 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4234 }
4235
e384662b
JH		 4236 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4237 sizeof(cp->addr));
561aafbc
JH		 4238
4239failed:
4240 hci_dev_unlock(hdev);
561aafbc
JH		 4241 return err;
4242}
4243
bdb6d971 4244static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4245 u16 len)
7fbec224 4246{
650f726d 4247 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4248 u8 status;
7fbec224
AJ		 4249 int err;
4250
bdb6d971 4251 BT_DBG("%s", hdev->name);
7fbec224 4252
4ee71b20 4253 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4254 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4255 MGMT_STATUS_INVALID_PARAMS,
4256 &cp->addr, sizeof(cp->addr));
4ee71b20 4257
09fd0de5 4258 hci_dev_lock(hdev);
5e762444 4259
dcc36c16
JH		 4260 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4261 cp->addr.type);
2a8357f2 4262 if (err < 0) {
f0eeea8b 4263 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4264 goto done;
4265 }
4266
4267 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4268 sk);
4269 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4270
2a8357f2 4271done:
bdb6d971 4272 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4273 &cp->addr, sizeof(cp->addr));
5e762444 4274
09fd0de5 4275 hci_dev_unlock(hdev);
7fbec224
AJ		 4276
4277 return err;
4278}
4279
bdb6d971 4280static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4281 u16 len)
7fbec224 4282{
650f726d 4283 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4284 u8 status;
7fbec224
AJ		 4285 int err;
4286
bdb6d971 4287 BT_DBG("%s", hdev->name);
7fbec224 4288
4ee71b20 4289 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4290 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4291 MGMT_STATUS_INVALID_PARAMS,
4292 &cp->addr, sizeof(cp->addr));
4ee71b20 4293
09fd0de5 4294 hci_dev_lock(hdev);
5e762444 4295
dcc36c16
JH		 4296 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4297 cp->addr.type);
2a8357f2 4298 if (err < 0) {
f0eeea8b 4299 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4300 goto done;
4301 }
4302
4303 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4304 sk);
4305 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4306
2a8357f2 4307done:
bdb6d971 4308 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4309 &cp->addr, sizeof(cp->addr));
5e762444 4310
09fd0de5 4311 hci_dev_unlock(hdev);
7fbec224
AJ		 4312
4313 return err;
4314}
4315
cdbaccca
MH		 4316static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4317 u16 len)
4318{
4319 struct mgmt_cp_set_device_id *cp = data;
890ea898 4320 struct hci_request req;
cdbaccca 4321 int err;
c72d4b8a 4322 __u16 source;
cdbaccca
MH		 4323
4324 BT_DBG("%s", hdev->name);
4325
c72d4b8a
SJ		 4326 source = __le16_to_cpu(cp->source);
4327
4328 if (source > 0x0002)
4329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4330 MGMT_STATUS_INVALID_PARAMS);
4331
cdbaccca
MH		 4332 hci_dev_lock(hdev);
4333
c72d4b8a 4334 hdev->devid_source = source;
cdbaccca
MH		 4335 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4336 hdev->devid_product = __le16_to_cpu(cp->product);
4337 hdev->devid_version = __le16_to_cpu(cp->version);
4338
4339 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4340
890ea898
JH		 4341 hci_req_init(&req, hdev);
4342 update_eir(&req);
4343 hci_req_run(&req, NULL);
cdbaccca
MH		 4344
4345 hci_dev_unlock(hdev);
4346
4347 return err;
4348}
4349
1904a853
MH		 4350static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4351 u16 opcode)
4375f103
JH		 4352{
4353 struct cmd_lookup match = { NULL, hdev };
4354
3ad67582
JK		 4355 hci_dev_lock(hdev);
4356
4375f103
JH		 4357 if (status) {
4358 u8 mgmt_err = mgmt_status(status);
4359
4360 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4361 cmd_status_rsp, &mgmt_err);
3ad67582 4362 goto unlock;
4375f103
JH		 4363 }
4364
c93bd150
JH		 4365 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4366 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4367 else
4368 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4369
4375f103
JH		 4370 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4371 &match);
4372
4373 new_settings(hdev, match.sk);
4374
4375 if (match.sk)
4376 sock_put(match.sk);
3ad67582
JK		 4377
4378unlock:
4379 hci_dev_unlock(hdev);
4375f103
JH		 4380}
4381
21b5187f
MH		 4382static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4383 u16 len)
4375f103
JH		 4384{
4385 struct mgmt_mode *cp = data;
4386 struct pending_cmd *cmd;
4387 struct hci_request req;
e6fe7986 4388 u8 val, enabled, status;
4375f103
JH		 4389 int err;
4390
4391 BT_DBG("request for %s", hdev->name);
4392
e6fe7986
JH		 4393 status = mgmt_le_support(hdev);
4394 if (status)
4375f103 4395 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4396 status);
4375f103
JH		 4397
4398 if (cp->val != 0x00 && cp->val != 0x01)
4399 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4400 MGMT_STATUS_INVALID_PARAMS);
4401
4402 hci_dev_lock(hdev);
4403
4404 val = !!cp->val;
f3d3444a 4405 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4406
f74ca9b8
JH		 4407 /* The following conditions are ones which mean that we should
4408 * not do any HCI communication but directly send a mgmt
4409 * response to user space (after toggling the flag if
4410 * necessary).
4411 */
4412 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4413 hci_conn_num(hdev, LE_LINK) > 0 ||
4414 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4415 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4416 bool changed = false;
4417
f3d3444a
JH		 4418 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4419 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4420 changed = true;
4421 }
4422
4423 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4424 if (err < 0)
4425 goto unlock;
4426
4427 if (changed)
4428 err = new_settings(hdev, sk);
4429
4430 goto unlock;
4431 }
4432
4433 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4434 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4435 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4436 MGMT_STATUS_BUSY);
4437 goto unlock;
4438 }
4439
4440 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4441 if (!cmd) {
4442 err = -ENOMEM;
4443 goto unlock;
4444 }
4445
4446 hci_req_init(&req, hdev);
4447
bba3aa55
MH		 4448 if (val)
4449 enable_advertising(&req);
4450 else
4451 disable_advertising(&req);
4375f103
JH		 4452
4453 err = hci_req_run(&req, set_advertising_complete);
4454 if (err < 0)
4455 mgmt_pending_remove(cmd);
4456
4457unlock:
4458 hci_dev_unlock(hdev);
4459 return err;
4460}
4461
d13eafce
MH		 4462static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4463 void *data, u16 len)
4464{
4465 struct mgmt_cp_set_static_address *cp = data;
4466 int err;
4467
4468 BT_DBG("%s", hdev->name);
4469
62af4443 4470 if (!lmp_le_capable(hdev))
d13eafce 4471 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4472 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4473
4474 if (hdev_is_powered(hdev))
4475 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4476 MGMT_STATUS_REJECTED);
4477
4478 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4479 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4480 return cmd_status(sk, hdev->id,
4481 MGMT_OP_SET_STATIC_ADDRESS,
4482 MGMT_STATUS_INVALID_PARAMS);
4483
4484 /* Two most significant bits shall be set */
4485 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4486 return cmd_status(sk, hdev->id,
4487 MGMT_OP_SET_STATIC_ADDRESS,
4488 MGMT_STATUS_INVALID_PARAMS);
4489 }
4490
4491 hci_dev_lock(hdev);
4492
4493 bacpy(&hdev->static_addr, &cp->bdaddr);
4494
4495 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4496
4497 hci_dev_unlock(hdev);
4498
4499 return err;
4500}
4501
14b49b9a
MH		 4502static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4503 void *data, u16 len)
4504{
4505 struct mgmt_cp_set_scan_params *cp = data;
4506 __u16 interval, window;
4507 int err;
4508
4509 BT_DBG("%s", hdev->name);
4510
4511 if (!lmp_le_capable(hdev))
4512 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4513 MGMT_STATUS_NOT_SUPPORTED);
4514
4515 interval = __le16_to_cpu(cp->interval);
4516
4517 if (interval < 0x0004 || interval > 0x4000)
4518 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4519 MGMT_STATUS_INVALID_PARAMS);
4520
4521 window = __le16_to_cpu(cp->window);
4522
4523 if (window < 0x0004 || window > 0x4000)
4524 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4525 MGMT_STATUS_INVALID_PARAMS);
4526
899e1075
MH		 4527 if (window > interval)
4528 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4529 MGMT_STATUS_INVALID_PARAMS);
4530
14b49b9a
MH		 4531 hci_dev_lock(hdev);
4532
4533 hdev->le_scan_interval = interval;
4534 hdev->le_scan_window = window;
4535
4536 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4537
dd2ef8e2
AG		 4538 /* If background scan is running, restart it so new parameters are
4539 * loaded.
4540 */
4541 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4542 hdev->discovery.state == DISCOVERY_STOPPED) {
4543 struct hci_request req;
4544
4545 hci_req_init(&req, hdev);
4546
4547 hci_req_add_le_scan_disable(&req);
4548 hci_req_add_le_passive_scan(&req);
4549
4550 hci_req_run(&req, NULL);
4551 }
4552
14b49b9a
MH		 4553 hci_dev_unlock(hdev);
4554
4555 return err;
4556}
4557
1904a853
MH		 4558static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4559 u16 opcode)
33e38b3e
JH		 4560{
4561 struct pending_cmd *cmd;
4562
4563 BT_DBG("status 0x%02x", status);
4564
4565 hci_dev_lock(hdev);
4566
4567 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4568 if (!cmd)
4569 goto unlock;
4570
4571 if (status) {
4572 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4573 mgmt_status(status));
4574 } else {
1a4d3c4b
JH		 4575 struct mgmt_mode *cp = cmd->param;
4576
4577 if (cp->val)
4578 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4579 else
4580 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4581
33e38b3e
JH		 4582 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4583 new_settings(hdev, cmd->sk);
4584 }
4585
4586 mgmt_pending_remove(cmd);
4587
4588unlock:
4589 hci_dev_unlock(hdev);
4590}
4591
bdb6d971 4592static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4593 void *data, u16 len)
f6422ec6 4594{
650f726d 4595 struct mgmt_mode *cp = data;
33e38b3e
JH		 4596 struct pending_cmd *cmd;
4597 struct hci_request req;
f6422ec6
AJ		 4598 int err;
4599
bdb6d971 4600 BT_DBG("%s", hdev->name);
f6422ec6 4601
56f87901
JH		 4602 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4603 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4604 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4605 MGMT_STATUS_NOT_SUPPORTED);
4606
a7e80f25
JH		 4607 if (cp->val != 0x00 && cp->val != 0x01)
4608 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4609 MGMT_STATUS_INVALID_PARAMS);
4610
5400c044 4611 if (!hdev_is_powered(hdev))
bdb6d971 4612 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4613 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4614
4615 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4616 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4617 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4618
4619 hci_dev_lock(hdev);
4620
05cbf29f
JH		 4621 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4623 MGMT_STATUS_BUSY);
4624 goto unlock;
4625 }
4626
1a4d3c4b
JH		 4627 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4628 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4629 hdev);
4630 goto unlock;
4631 }
4632
33e38b3e
JH		 4633 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4634 data, len);
4635 if (!cmd) {
4636 err = -ENOMEM;
4637 goto unlock;
f6422ec6
AJ		 4638 }
4639
33e38b3e
JH		 4640 hci_req_init(&req, hdev);
4641
406d7804 4642 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4643
4644 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4645 if (err < 0) {
bdb6d971 4646 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4647 MGMT_STATUS_FAILED);
33e38b3e 4648 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4649 }
4650
33e38b3e 4651unlock:
f6422ec6 4652 hci_dev_unlock(hdev);
33e38b3e 4653
f6422ec6
AJ		 4654 return err;
4655}
4656
1904a853 4657static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a
JH		 4658{
4659 struct pending_cmd *cmd;
4660
4661 BT_DBG("status 0x%02x", status);
4662
4663 hci_dev_lock(hdev);
4664
4665 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4666 if (!cmd)
4667 goto unlock;
4668
4669 if (status) {
4670 u8 mgmt_err = mgmt_status(status);
4671
4672 /* We need to restore the flag if related HCI commands
4673 * failed.
4674 */
4675 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4676
4677 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4678 } else {
4679 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4680 new_settings(hdev, cmd->sk);
4681 }
4682
4683 mgmt_pending_remove(cmd);
4684
4685unlock:
4686 hci_dev_unlock(hdev);
4687}
4688
4689static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4690{
4691 struct mgmt_mode *cp = data;
4692 struct pending_cmd *cmd;
4693 struct hci_request req;
4694 int err;
4695
4696 BT_DBG("request for %s", hdev->name);
4697
4698 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4699 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4700 MGMT_STATUS_NOT_SUPPORTED);
4701
4702 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4703 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4704 MGMT_STATUS_REJECTED);
4705
4706 if (cp->val != 0x00 && cp->val != 0x01)
4707 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4708 MGMT_STATUS_INVALID_PARAMS);
4709
4710 hci_dev_lock(hdev);
4711
4712 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4713 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4714 goto unlock;
4715 }
4716
4717 if (!hdev_is_powered(hdev)) {
4718 if (!cp->val) {
0663ca2a
JH		 4719 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4720 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4721 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4722 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4723 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4724 }
4725
4726 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4727
4728 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4729 if (err < 0)
4730 goto unlock;
4731
4732 err = new_settings(hdev, sk);
4733 goto unlock;
4734 }
4735
4736 /* Reject disabling when powered on */
4737 if (!cp->val) {
4738 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4739 MGMT_STATUS_REJECTED);
4740 goto unlock;
111e4bcc
MH		 4741 } else {
4742 /* When configuring a dual-mode controller to operate
4743 * with LE only and using a static address, then switching
4744 * BR/EDR back on is not allowed.
4745 *
4746 * Dual-mode controllers shall operate with the public
4747 * address as its identity address for BR/EDR and LE. So
4748 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4749 *
4750 * The same restrictions applies when secure connections
4751 * has been enabled. For BR/EDR this is a controller feature
4752 * while for LE it is a host stack feature. This means that
4753 * switching BR/EDR back on when secure connections has been
4754 * enabled is not a supported transaction.
111e4bcc
MH		 4755 */
4756 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
3a5486e1
MH		 4757 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4758 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
111e4bcc
MH		 4759 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4760 MGMT_STATUS_REJECTED);
4761 goto unlock;
4762 }
0663ca2a
JH		 4763 }
4764
4765 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4766 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4767 MGMT_STATUS_BUSY);
4768 goto unlock;
4769 }
4770
4771 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4772 if (!cmd) {
4773 err = -ENOMEM;
4774 goto unlock;
4775 }
4776
5947f4bc 4777 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4778 * generates the correct flags.
4779 */
4780 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4781
4782 hci_req_init(&req, hdev);
aa8af46e 4783
432df05e 4784 write_fast_connectable(&req, false);
1d2dc5b7 4785 __hci_update_page_scan(&req);
aa8af46e 4786
f14d8f64
MH		 4787 /* Since only the advertising data flags will change, there
4788 * is no need to update the scan response data.
4789 */
5947f4bc 4790 update_adv_data(&req);
aa8af46e 4791
0663ca2a
JH		 4792 err = hci_req_run(&req, set_bredr_complete);
4793 if (err < 0)
4794 mgmt_pending_remove(cmd);
4795
4796unlock:
4797 hci_dev_unlock(hdev);
4798 return err;
4799}
4800
a1443f5a
JH		 4801static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4802{
4803 struct pending_cmd *cmd;
4804 struct mgmt_mode *cp;
4805
4806 BT_DBG("%s status %u", hdev->name, status);
4807
4808 hci_dev_lock(hdev);
4809
4810 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4811 if (!cmd)
4812 goto unlock;
4813
4814 if (status) {
4815 cmd_status(cmd->sk, cmd->index, cmd->opcode,
4816 mgmt_status(status));
4817 goto remove;
4818 }
4819
4820 cp = cmd->param;
4821
4822 switch (cp->val) {
4823 case 0x00:
4824 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4825 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4826 break;
4827 case 0x01:
4828 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4829 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4830 break;
4831 case 0x02:
4832 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4833 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4834 break;
4835 }
4836
4837 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4838 new_settings(hdev, cmd->sk);
4839
4840remove:
4841 mgmt_pending_remove(cmd);
4842unlock:
4843 hci_dev_unlock(hdev);
4844}
4845
eac83dc6
MH		 4846static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4847 void *data, u16 len)
4848{
4849 struct mgmt_mode *cp = data;
4850 struct pending_cmd *cmd;
a1443f5a 4851 struct hci_request req;
a3209694 4852 u8 val;
eac83dc6
MH		 4853 int err;
4854
4855 BT_DBG("request for %s", hdev->name);
4856
05b3c3e7
MH		 4857 if (!lmp_sc_capable(hdev) &&
4858 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
eac83dc6
MH		 4859 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4860 MGMT_STATUS_NOT_SUPPORTED);
4861
ed93ec69 4862 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
59200286 4863 lmp_sc_capable(hdev) &&
ed93ec69
MH		 4864 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
4865 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4866 MGMT_STATUS_REJECTED);
4867
0ab04a9c 4868 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4869 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4870 MGMT_STATUS_INVALID_PARAMS);
4871
4872 hci_dev_lock(hdev);
4873
05b3c3e7 4874 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
a3209694 4875 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4876 bool changed;
4877
0ab04a9c 4878 if (cp->val) {
eac83dc6
MH		 4879 changed = !test_and_set_bit(HCI_SC_ENABLED,
4880 &hdev->dev_flags);
0ab04a9c
MH		 4881 if (cp->val == 0x02)
4882 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4883 else
4884 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4885 } else {
eac83dc6
MH		 4886 changed = test_and_clear_bit(HCI_SC_ENABLED,
4887 &hdev->dev_flags);
0ab04a9c
MH		 4888 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4889 }
eac83dc6
MH		 4890
4891 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4892 if (err < 0)
4893 goto failed;
4894
4895 if (changed)
4896 err = new_settings(hdev, sk);
4897
4898 goto failed;
4899 }
4900
4901 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4902 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4903 MGMT_STATUS_BUSY);
4904 goto failed;
4905 }
4906
0ab04a9c
MH		 4907 val = !!cp->val;
4908
4909 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4910 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4911 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4912 goto failed;
4913 }
4914
4915 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4916 if (!cmd) {
4917 err = -ENOMEM;
4918 goto failed;
4919 }
4920
a1443f5a
JH		 4921 hci_req_init(&req, hdev);
4922 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4923 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4924 if (err < 0) {
4925 mgmt_pending_remove(cmd);
4926 goto failed;
4927 }
4928
4929failed:
4930 hci_dev_unlock(hdev);
4931 return err;
4932}
4933
4e39ac81
MH		 4934static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4935 void *data, u16 len)
4936{
4937 struct mgmt_mode *cp = data;
b9710979 4938 bool changed, use_changed;
4e39ac81
MH		 4939 int err;
4940
4941 BT_DBG("request for %s", hdev->name);
4942
b9710979 4943 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4944 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4945 MGMT_STATUS_INVALID_PARAMS);
4946
4947 hci_dev_lock(hdev);
4948
4949 if (cp->val)
0663b297
JH		 4950 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4951 &hdev->dev_flags);
4e39ac81 4952 else
0663b297
JH		 4953 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4954 &hdev->dev_flags);
4e39ac81 4955
b9710979
JH		 4956 if (cp->val == 0x02)
4957 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4958 &hdev->dev_flags);
4959 else
4960 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4961 &hdev->dev_flags);
4962
4963 if (hdev_is_powered(hdev) && use_changed &&
4964 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4965 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4966 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4967 sizeof(mode), &mode);
4968 }
4969
4e39ac81
MH		 4970 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4971 if (err < 0)
4972 goto unlock;
4973
4974 if (changed)
4975 err = new_settings(hdev, sk);
4976
4977unlock:
4978 hci_dev_unlock(hdev);
4979 return err;
4980}
4981
62b04cd1
JH		 4982static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4983 u16 len)
4984{
4985 struct mgmt_cp_set_privacy *cp = cp_data;
4986 bool changed;
4987 int err;
4988
4989 BT_DBG("request for %s", hdev->name);
4990
4991 if (!lmp_le_capable(hdev))
4992 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4993 MGMT_STATUS_NOT_SUPPORTED);
4994
4995 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4996 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4997 MGMT_STATUS_INVALID_PARAMS);
4998
4999 if (hdev_is_powered(hdev))
5000 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5001 MGMT_STATUS_REJECTED);
5002
5003 hci_dev_lock(hdev);
5004
c21c0ea0
JH		 5005 /* If user space supports this command it is also expected to
5006 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5007 */
5008 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5009
62b04cd1
JH		 5010 if (cp->privacy) {
5011 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5012 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5013 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5014 } else {
5015 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5016 memset(hdev->irk, 0, sizeof(hdev->irk));
5017 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5018 }
5019
5020 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5021 if (err < 0)
5022 goto unlock;
5023
5024 if (changed)
5025 err = new_settings(hdev, sk);
5026
5027unlock:
5028 hci_dev_unlock(hdev);
5029 return err;
5030}
5031
41edf160
JH		 5032static bool irk_is_valid(struct mgmt_irk_info *irk)
5033{
5034 switch (irk->addr.type) {
5035 case BDADDR_LE_PUBLIC:
5036 return true;
5037
5038 case BDADDR_LE_RANDOM:
5039 /* Two most significant bits shall be set */
5040 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5041 return false;
5042 return true;
5043 }
5044
5045 return false;
5046}
5047
5048static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5049 u16 len)
5050{
5051 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5052 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5053 sizeof(struct mgmt_irk_info));
41edf160
JH		 5054 u16 irk_count, expected_len;
5055 int i, err;
5056
5057 BT_DBG("request for %s", hdev->name);
5058
5059 if (!lmp_le_capable(hdev))
5060 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5061 MGMT_STATUS_NOT_SUPPORTED);
5062
5063 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5064 if (irk_count > max_irk_count) {
5065 BT_ERR("load_irks: too big irk_count value %u", irk_count);
5066 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5067 MGMT_STATUS_INVALID_PARAMS);
5068 }
41edf160
JH		 5069
5070 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5071 if (expected_len != len) {
5072 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5073 expected_len, len);
41edf160
JH		 5074 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5075 MGMT_STATUS_INVALID_PARAMS);
5076 }
5077
5078 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5079
5080 for (i = 0; i < irk_count; i++) {
5081 struct mgmt_irk_info *key = &cp->irks[i];
5082
5083 if (!irk_is_valid(key))
5084 return cmd_status(sk, hdev->id,
5085 MGMT_OP_LOAD_IRKS,
5086 MGMT_STATUS_INVALID_PARAMS);
5087 }
5088
5089 hci_dev_lock(hdev);
5090
5091 hci_smp_irks_clear(hdev);
5092
5093 for (i = 0; i < irk_count; i++) {
5094 struct mgmt_irk_info *irk = &cp->irks[i];
5095 u8 addr_type;
5096
5097 if (irk->addr.type == BDADDR_LE_PUBLIC)
5098 addr_type = ADDR_LE_DEV_PUBLIC;
5099 else
5100 addr_type = ADDR_LE_DEV_RANDOM;
5101
5102 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5103 BDADDR_ANY);
5104 }
5105
5106 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5107
5108 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5109
5110 hci_dev_unlock(hdev);
5111
5112 return err;
5113}
5114
3f706b72
JH		 5115static bool ltk_is_valid(struct mgmt_ltk_info *key)
5116{
5117 if (key->master != 0x00 && key->master != 0x01)
5118 return false;
490cb0b3
MH		 5119
5120 switch (key->addr.type) {
5121 case BDADDR_LE_PUBLIC:
5122 return true;
5123
5124 case BDADDR_LE_RANDOM:
5125 /* Two most significant bits shall be set */
5126 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5127 return false;
5128 return true;
5129 }
5130
5131 return false;
3f706b72
JH		 5132}
5133
bdb6d971 5134static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5135 void *cp_data, u16 len)
346af67b 5136{
346af67b 5137 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5138 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5139 sizeof(struct mgmt_ltk_info));
346af67b 5140 u16 key_count, expected_len;
715a5bf2 5141 int i, err;
346af67b 5142
cf99ba13
MH		 5143 BT_DBG("request for %s", hdev->name);
5144
5145 if (!lmp_le_capable(hdev))
5146 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5147 MGMT_STATUS_NOT_SUPPORTED);
5148
1f350c87 5149 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5150 if (key_count > max_key_count) {
5151 BT_ERR("load_ltks: too big key_count value %u", key_count);
5152 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5153 MGMT_STATUS_INVALID_PARAMS);
5154 }
346af67b
VCG		 5155
5156 expected_len = sizeof(*cp) + key_count *
5157 sizeof(struct mgmt_ltk_info);
5158 if (expected_len != len) {
5159 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5160 expected_len, len);
bdb6d971 5161 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 5162 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5163 }
5164
bdb6d971 5165 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5166
54ad6d8a
JH		 5167 for (i = 0; i < key_count; i++) {
5168 struct mgmt_ltk_info *key = &cp->keys[i];
5169
3f706b72 5170 if (!ltk_is_valid(key))
54ad6d8a
JH		 5171 return cmd_status(sk, hdev->id,
5172 MGMT_OP_LOAD_LONG_TERM_KEYS,
5173 MGMT_STATUS_INVALID_PARAMS);
5174 }
5175
346af67b
VCG		 5176 hci_dev_lock(hdev);
5177
5178 hci_smp_ltks_clear(hdev);
5179
5180 for (i = 0; i < key_count; i++) {
5181 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5182 u8 type, addr_type, authenticated;
79d95a19
MH		 5183
5184 if (key->addr.type == BDADDR_LE_PUBLIC)
5185 addr_type = ADDR_LE_DEV_PUBLIC;
5186 else
5187 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5188
61b43357
JH		 5189 switch (key->type) {
5190 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5191 authenticated = 0x00;
23fb8de3 5192 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5193 break;
5194 case MGMT_LTK_AUTHENTICATED:
d7b25450 5195 authenticated = 0x01;
23fb8de3
JH		 5196 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5197 break;
5198 case MGMT_LTK_P256_UNAUTH:
5199 authenticated = 0x00;
5200 type = SMP_LTK_P256;
61b43357 5201 break;
23fb8de3
JH		 5202 case MGMT_LTK_P256_AUTH:
5203 authenticated = 0x01;
5204 type = SMP_LTK_P256;
61b43357 5205 break;
23fb8de3
JH		 5206 case MGMT_LTK_P256_DEBUG:
5207 authenticated = 0x00;
5208 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5209 default:
5210 continue;
5211 }
d7b25450 5212
35d70271 5213 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5214 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5215 key->rand);
346af67b
VCG		 5216 }
5217
715a5bf2
JH		 5218 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5219 NULL, 0);
5220
346af67b 5221 hci_dev_unlock(hdev);
346af67b 5222
715a5bf2 5223 return err;
346af67b
VCG		 5224}
5225
9df74653 5226static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
dd983808 5227{
dd983808 5228 struct hci_conn *conn = cmd->user_data;
9981bdb0 5229 struct mgmt_rp_get_conn_info rp;
9df74653 5230 int err;
dd983808 5231
9981bdb0 5232 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5233
9981bdb0 5234 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5235 rp.rssi = conn->rssi;
9981bdb0
JH		 5236 rp.tx_power = conn->tx_power;
5237 rp.max_tx_power = conn->max_tx_power;
5238 } else {
5239 rp.rssi = HCI_RSSI_INVALID;
5240 rp.tx_power = HCI_TX_POWER_INVALID;
5241 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5242 }
5243
9df74653
JH		 5244 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5245 &rp, sizeof(rp));
dd983808
AK		 5246
5247 hci_conn_drop(conn);
f8aaf9b6 5248 hci_conn_put(conn);
9df74653
JH		 5249
5250 return err;
dd983808
AK		 5251}
5252
1904a853
MH		 5253static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5254 u16 opcode)
dd983808
AK		 5255{
5256 struct hci_cp_read_rssi *cp;
9981bdb0 5257 struct pending_cmd *cmd;
dd983808 5258 struct hci_conn *conn;
dd983808 5259 u16 handle;
9981bdb0 5260 u8 status;
dd983808 5261
9981bdb0 5262 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5263
5264 hci_dev_lock(hdev);
5265
dd983808
AK		 5266 /* Commands sent in request are either Read RSSI or Read Transmit Power
5267 * Level so we check which one was last sent to retrieve connection
5268 * handle. Both commands have handle as first parameter so it's safe to
5269 * cast data on the same command struct.
5270 *
5271 * First command sent is always Read RSSI and we fail only if it fails.
5272 * In other case we simply override error to indicate success as we
5273 * already remembered if TX power value is actually valid.
5274 */
5275 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5276 if (!cp) {
5277 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5278 status = MGMT_STATUS_SUCCESS;
5279 } else {
5280 status = mgmt_status(hci_status);
dd983808
AK		 5281 }
5282
5283 if (!cp) {
9981bdb0 5284 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5285 goto unlock;
5286 }
5287
5288 handle = __le16_to_cpu(cp->handle);
5289 conn = hci_conn_hash_lookup_handle(hdev, handle);
5290 if (!conn) {
9981bdb0 5291 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5292 goto unlock;
5293 }
5294
9981bdb0
JH		 5295 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5296 if (!cmd)
5297 goto unlock;
dd983808 5298
9981bdb0
JH		 5299 cmd->cmd_complete(cmd, status);
5300 mgmt_pending_remove(cmd);
dd983808
AK		 5301
5302unlock:
5303 hci_dev_unlock(hdev);
5304}
5305
5306static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5307 u16 len)
5308{
5309 struct mgmt_cp_get_conn_info *cp = data;
5310 struct mgmt_rp_get_conn_info rp;
5311 struct hci_conn *conn;
5312 unsigned long conn_info_age;
5313 int err = 0;
5314
5315 BT_DBG("%s", hdev->name);
5316
5317 memset(&rp, 0, sizeof(rp));
5318 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5319 rp.addr.type = cp->addr.type;
5320
5321 if (!bdaddr_type_is_valid(cp->addr.type))
5322 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5323 MGMT_STATUS_INVALID_PARAMS,
5324 &rp, sizeof(rp));
5325
5326 hci_dev_lock(hdev);
5327
5328 if (!hdev_is_powered(hdev)) {
5329 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5330 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5331 goto unlock;
5332 }
5333
5334 if (cp->addr.type == BDADDR_BREDR)
5335 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5336 &cp->addr.bdaddr);
5337 else
5338 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5339
5340 if (!conn || conn->state != BT_CONNECTED) {
5341 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5342 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5343 goto unlock;
5344 }
5345
9981bdb0
JH		 5346 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5347 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5348 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5349 goto unlock;
5350 }
5351
dd983808
AK		 5352 /* To avoid client trying to guess when to poll again for information we
5353 * calculate conn info age as random value between min/max set in hdev.
5354 */
5355 conn_info_age = hdev->conn_info_min_age +
5356 prandom_u32_max(hdev->conn_info_max_age -
5357 hdev->conn_info_min_age);
5358
5359 /* Query controller to refresh cached values if they are too old or were
5360 * never read.
5361 */
f4e2dd53
AK		 5362 if (time_after(jiffies, conn->conn_info_timestamp +
5363 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5364 !conn->conn_info_timestamp) {
5365 struct hci_request req;
5366 struct hci_cp_read_tx_power req_txp_cp;
5367 struct hci_cp_read_rssi req_rssi_cp;
5368 struct pending_cmd *cmd;
5369
5370 hci_req_init(&req, hdev);
5371 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5372 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5373 &req_rssi_cp);
5374
f7faab0c
AK		 5375 /* For LE links TX power does not change thus we don't need to
5376 * query for it once value is known.
5377 */
5378 if (!bdaddr_type_is_le(cp->addr.type) ||
5379 conn->tx_power == HCI_TX_POWER_INVALID) {
5380 req_txp_cp.handle = cpu_to_le16(conn->handle);
5381 req_txp_cp.type = 0x00;
5382 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5383 sizeof(req_txp_cp), &req_txp_cp);
5384 }
dd983808 5385
eed5daf3
AK		 5386 /* Max TX power needs to be read only once per connection */
5387 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5388 req_txp_cp.handle = cpu_to_le16(conn->handle);
5389 req_txp_cp.type = 0x01;
5390 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5391 sizeof(req_txp_cp), &req_txp_cp);
5392 }
5393
dd983808
AK		 5394 err = hci_req_run(&req, conn_info_refresh_complete);
5395 if (err < 0)
5396 goto unlock;
5397
5398 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5399 data, len);
5400 if (!cmd) {
5401 err = -ENOMEM;
5402 goto unlock;
5403 }
5404
5405 hci_conn_hold(conn);
f8aaf9b6 5406 cmd->user_data = hci_conn_get(conn);
9981bdb0 5407 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5408
5409 conn->conn_info_timestamp = jiffies;
5410 } else {
5411 /* Cache is valid, just reply with values cached in hci_conn */
5412 rp.rssi = conn->rssi;
5413 rp.tx_power = conn->tx_power;
eed5daf3 5414 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5415
5416 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5417 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5418 }
5419
5420unlock:
5421 hci_dev_unlock(hdev);
5422 return err;
5423}
5424
9df74653 5425static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
95868426 5426{
69487371 5427 struct hci_conn *conn = cmd->user_data;
95868426 5428 struct mgmt_rp_get_clock_info rp;
69487371 5429 struct hci_dev *hdev;
9df74653 5430 int err;
69487371
JH		 5431
5432 memset(&rp, 0, sizeof(rp));
5433 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5434
5435 if (status)
5436 goto complete;
5437
5438 hdev = hci_dev_get(cmd->index);
5439 if (hdev) {
5440 rp.local_clock = cpu_to_le32(hdev->clock);
5441 hci_dev_put(hdev);
5442 }
5443
5444 if (conn) {
5445 rp.piconet_clock = cpu_to_le32(conn->clock);
5446 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5447 }
5448
5449complete:
9df74653
JH		 5450 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5451 sizeof(rp));
69487371
JH		 5452
5453 if (conn) {
5454 hci_conn_drop(conn);
5455 hci_conn_put(conn);
5456 }
9df74653
JH		 5457
5458 return err;
69487371
JH		 5459}
5460
1904a853 5461static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5462{
95868426
JH		 5463 struct hci_cp_read_clock *hci_cp;
5464 struct pending_cmd *cmd;
5465 struct hci_conn *conn;
5466
5467 BT_DBG("%s status %u", hdev->name, status);
5468
5469 hci_dev_lock(hdev);
5470
5471 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5472 if (!hci_cp)
5473 goto unlock;
5474
5475 if (hci_cp->which) {
5476 u16 handle = __le16_to_cpu(hci_cp->handle);
5477 conn = hci_conn_hash_lookup_handle(hdev, handle);
5478 } else {
5479 conn = NULL;
5480 }
5481
5482 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5483 if (!cmd)
5484 goto unlock;
5485
69487371 5486 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5487 mgmt_pending_remove(cmd);
95868426
JH		 5488
5489unlock:
5490 hci_dev_unlock(hdev);
5491}
5492
5493static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5494 u16 len)
5495{
5496 struct mgmt_cp_get_clock_info *cp = data;
5497 struct mgmt_rp_get_clock_info rp;
5498 struct hci_cp_read_clock hci_cp;
5499 struct pending_cmd *cmd;
5500 struct hci_request req;
5501 struct hci_conn *conn;
5502 int err;
5503
5504 BT_DBG("%s", hdev->name);
5505
5506 memset(&rp, 0, sizeof(rp));
5507 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5508 rp.addr.type = cp->addr.type;
5509
5510 if (cp->addr.type != BDADDR_BREDR)
5511 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5512 MGMT_STATUS_INVALID_PARAMS,
5513 &rp, sizeof(rp));
5514
5515 hci_dev_lock(hdev);
5516
5517 if (!hdev_is_powered(hdev)) {
5518 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5519 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5520 goto unlock;
5521 }
5522
5523 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5524 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5525 &cp->addr.bdaddr);
5526 if (!conn || conn->state != BT_CONNECTED) {
5527 err = cmd_complete(sk, hdev->id,
5528 MGMT_OP_GET_CLOCK_INFO,
5529 MGMT_STATUS_NOT_CONNECTED,
5530 &rp, sizeof(rp));
5531 goto unlock;
5532 }
5533 } else {
5534 conn = NULL;
5535 }
5536
5537 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5538 if (!cmd) {
5539 err = -ENOMEM;
5540 goto unlock;
5541 }
5542
69487371
JH		 5543 cmd->cmd_complete = clock_info_cmd_complete;
5544
95868426
JH		 5545 hci_req_init(&req, hdev);
5546
5547 memset(&hci_cp, 0, sizeof(hci_cp));
5548 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5549
5550 if (conn) {
5551 hci_conn_hold(conn);
f8aaf9b6 5552 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5553
5554 hci_cp.handle = cpu_to_le16(conn->handle);
5555 hci_cp.which = 0x01; /* Piconet clock */
5556 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5557 }
5558
5559 err = hci_req_run(&req, get_clock_info_complete);
5560 if (err < 0)
5561 mgmt_pending_remove(cmd);
5562
5563unlock:
5564 hci_dev_unlock(hdev);
5565 return err;
5566}
5567
5a154e6f
JH		 5568static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5569{
5570 struct hci_conn *conn;
5571
5572 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5573 if (!conn)
5574 return false;
5575
5576 if (conn->dst_type != type)
5577 return false;
5578
5579 if (conn->state != BT_CONNECTED)
5580 return false;
5581
5582 return true;
5583}
5584
5585/* This function requires the caller holds hdev->lock */
5586static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5587 u8 addr_type, u8 auto_connect)
5588{
5589 struct hci_dev *hdev = req->hdev;
5590 struct hci_conn_params *params;
5591
5592 params = hci_conn_params_add(hdev, addr, addr_type);
5593 if (!params)
5594 return -EIO;
5595
5596 if (params->auto_connect == auto_connect)
5597 return 0;
5598
5599 list_del_init(&params->action);
5600
5601 switch (auto_connect) {
5602 case HCI_AUTO_CONN_DISABLED:
5603 case HCI_AUTO_CONN_LINK_LOSS:
5604 __hci_update_background_scan(req);
5605 break;
5606 case HCI_AUTO_CONN_REPORT:
5607 list_add(&params->action, &hdev->pend_le_reports);
5608 __hci_update_background_scan(req);
5609 break;
5610 case HCI_AUTO_CONN_DIRECT:
5611 case HCI_AUTO_CONN_ALWAYS:
5612 if (!is_connected(hdev, addr, addr_type)) {
5613 list_add(&params->action, &hdev->pend_le_conns);
5614 __hci_update_background_scan(req);
5615 }
5616 break;
5617 }
5618
5619 params->auto_connect = auto_connect;
5620
5621 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5622 auto_connect);
5623
5624 return 0;
5625}
5626
8afef092
MH		 5627static void device_added(struct sock *sk, struct hci_dev *hdev,
5628 bdaddr_t *bdaddr, u8 type, u8 action)
5629{
5630 struct mgmt_ev_device_added ev;
5631
5632 bacpy(&ev.addr.bdaddr, bdaddr);
5633 ev.addr.type = type;
5634 ev.action = action;
5635
5636 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5637}
5638
1904a853 5639static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f
JH		 5640{
5641 struct pending_cmd *cmd;
5642
5643 BT_DBG("status 0x%02x", status);
5644
5645 hci_dev_lock(hdev);
5646
5647 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5648 if (!cmd)
5649 goto unlock;
5650
5651 cmd->cmd_complete(cmd, mgmt_status(status));
5652 mgmt_pending_remove(cmd);
5653
5654unlock:
5655 hci_dev_unlock(hdev);
5656}
5657
2faade53
MH		 5658static int add_device(struct sock *sk, struct hci_dev *hdev,
5659 void *data, u16 len)
5660{
5661 struct mgmt_cp_add_device *cp = data;
5a154e6f
JH		 5662 struct pending_cmd *cmd;
5663 struct hci_request req;
2faade53
MH		 5664 u8 auto_conn, addr_type;
5665 int err;
5666
5667 BT_DBG("%s", hdev->name);
5668
6659358e 5669 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5670 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5671 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5672 MGMT_STATUS_INVALID_PARAMS,
5673 &cp->addr, sizeof(cp->addr));
5674
4b9e7e75 5675 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5676 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5677 MGMT_STATUS_INVALID_PARAMS,
5678 &cp->addr, sizeof(cp->addr));
5679
5a154e6f
JH		 5680 hci_req_init(&req, hdev);
5681
2faade53
MH		 5682 hci_dev_lock(hdev);
5683
5a154e6f
JH		 5684 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5685 if (!cmd) {
5686 err = -ENOMEM;
5687 goto unlock;
5688 }
5689
5690 cmd->cmd_complete = addr_cmd_complete;
5691
6659358e 5692 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5693 /* Only incoming connections action is supported for now */
6659358e 5694 if (cp->action != 0x01) {
9df74653
JH		 5695 err = cmd->cmd_complete(cmd,
5696 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5697 mgmt_pending_remove(cmd);
6659358e
JH		 5698 goto unlock;
5699 }
5700
5701 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5702 cp->addr.type);
5703 if (err)
5704 goto unlock;
a397407f 5705
5a154e6f 5706 __hci_update_page_scan(&req);
a397407f 5707
6659358e
JH		 5708 goto added;
5709 }
5710
2faade53
MH		 5711 if (cp->addr.type == BDADDR_LE_PUBLIC)
5712 addr_type = ADDR_LE_DEV_PUBLIC;
5713 else
5714 addr_type = ADDR_LE_DEV_RANDOM;
5715
4b9e7e75 5716 if (cp->action == 0x02)
2faade53 5717 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5718 else if (cp->action == 0x01)
5719 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5720 else
a3451d27 5721 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5722
bf5b3c8b
MH		 5723 /* If the connection parameters don't exist for this device,
5724 * they will be created and configured with defaults.
5725 */
5a154e6f 5726 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5727 auto_conn) < 0) {
9df74653 5728 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5729 mgmt_pending_remove(cmd);
2faade53
MH		 5730 goto unlock;
5731 }
5732
6659358e 5733added:
8afef092
MH		 5734 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5735
5a154e6f
JH		 5736 err = hci_req_run(&req, add_device_complete);
5737 if (err < 0) {
5738 /* ENODATA means no HCI commands were needed (e.g. if
5739 * the adapter is powered off).
5740 */
9df74653
JH		 5741 if (err == -ENODATA)
5742 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5743 mgmt_pending_remove(cmd);
5744 }
2faade53
MH		 5745
5746unlock:
5747 hci_dev_unlock(hdev);
5748 return err;
5749}
5750
8afef092
MH		 5751static void device_removed(struct sock *sk, struct hci_dev *hdev,
5752 bdaddr_t *bdaddr, u8 type)
5753{
5754 struct mgmt_ev_device_removed ev;
5755
5756 bacpy(&ev.addr.bdaddr, bdaddr);
5757 ev.addr.type = type;
5758
5759 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5760}
5761
1904a853 5762static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe
JH		 5763{
5764 struct pending_cmd *cmd;
5765
5766 BT_DBG("status 0x%02x", status);
5767
5768 hci_dev_lock(hdev);
5769
5770 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5771 if (!cmd)
5772 goto unlock;
5773
5774 cmd->cmd_complete(cmd, mgmt_status(status));
5775 mgmt_pending_remove(cmd);
5776
5777unlock:
5778 hci_dev_unlock(hdev);
5779}
5780
2faade53
MH		 5781static int remove_device(struct sock *sk, struct hci_dev *hdev,
5782 void *data, u16 len)
5783{
5784 struct mgmt_cp_remove_device *cp = data;
51ef3ebe
JH		 5785 struct pending_cmd *cmd;
5786 struct hci_request req;
2faade53
MH		 5787 int err;
5788
5789 BT_DBG("%s", hdev->name);
5790
51ef3ebe
JH		 5791 hci_req_init(&req, hdev);
5792
2faade53
MH		 5793 hci_dev_lock(hdev);
5794
51ef3ebe
JH		 5795 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5796 if (!cmd) {
5797 err = -ENOMEM;
5798 goto unlock;
5799 }
5800
5801 cmd->cmd_complete = addr_cmd_complete;
5802
2faade53 5803 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5804 struct hci_conn_params *params;
2faade53
MH		 5805 u8 addr_type;
5806
6659358e 5807 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5808 err = cmd->cmd_complete(cmd,
5809 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5810 mgmt_pending_remove(cmd);
2faade53
MH		 5811 goto unlock;
5812 }
5813
6659358e
JH		 5814 if (cp->addr.type == BDADDR_BREDR) {
5815 err = hci_bdaddr_list_del(&hdev->whitelist,
5816 &cp->addr.bdaddr,
5817 cp->addr.type);
5818 if (err) {
9df74653
JH		 5819 err = cmd->cmd_complete(cmd,
5820 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5821 mgmt_pending_remove(cmd);
6659358e
JH		 5822 goto unlock;
5823 }
5824
51ef3ebe 5825 __hci_update_page_scan(&req);
a397407f 5826
6659358e
JH		 5827 device_removed(sk, hdev, &cp->addr.bdaddr,
5828 cp->addr.type);
5829 goto complete;
5830 }
5831
2faade53
MH		 5832 if (cp->addr.type == BDADDR_LE_PUBLIC)
5833 addr_type = ADDR_LE_DEV_PUBLIC;
5834 else
5835 addr_type = ADDR_LE_DEV_RANDOM;
5836
c71593dd
JH		 5837 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5838 addr_type);
5839 if (!params) {
9df74653
JH		 5840 err = cmd->cmd_complete(cmd,
5841 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5842 mgmt_pending_remove(cmd);
c71593dd
JH		 5843 goto unlock;
5844 }
5845
5846 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5847 err = cmd->cmd_complete(cmd,
5848 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5849 mgmt_pending_remove(cmd);
c71593dd
JH		 5850 goto unlock;
5851 }
5852
d1dbf12e 5853 list_del(&params->action);
c71593dd
JH		 5854 list_del(&params->list);
5855 kfree(params);
51ef3ebe 5856 __hci_update_background_scan(&req);
8afef092
MH		 5857
5858 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5859 } else {
19de0825 5860 struct hci_conn_params *p, *tmp;
6659358e 5861 struct bdaddr_list *b, *btmp;
19de0825 5862
2faade53 5863 if (cp->addr.type) {
9df74653
JH		 5864 err = cmd->cmd_complete(cmd,
5865 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5866 mgmt_pending_remove(cmd);
2faade53
MH		 5867 goto unlock;
5868 }
5869
6659358e
JH		 5870 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5871 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5872 list_del(&b->list);
5873 kfree(b);
5874 }
5875
51ef3ebe 5876 __hci_update_page_scan(&req);
a397407f 5877
19de0825
JH		 5878 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5879 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5880 continue;
5881 device_removed(sk, hdev, &p->addr, p->addr_type);
5882 list_del(&p->action);
5883 list_del(&p->list);
5884 kfree(p);
5885 }
5886
5887 BT_DBG("All LE connection parameters were removed");
5888
51ef3ebe 5889 __hci_update_background_scan(&req);
2faade53
MH		 5890 }
5891
6659358e 5892complete:
51ef3ebe
JH		 5893 err = hci_req_run(&req, remove_device_complete);
5894 if (err < 0) {
5895 /* ENODATA means no HCI commands were needed (e.g. if
5896 * the adapter is powered off).
5897 */
9df74653
JH		 5898 if (err == -ENODATA)
5899 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5900 mgmt_pending_remove(cmd);
5901 }
2faade53
MH		 5902
5903unlock:
5904 hci_dev_unlock(hdev);
5905 return err;
5906}
5907
a26f3dcf
JH		 5908static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5909 u16 len)
5910{
5911 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5912 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5913 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5914 u16 param_count, expected_len;
5915 int i;
5916
5917 if (!lmp_le_capable(hdev))
5918 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5919 MGMT_STATUS_NOT_SUPPORTED);
5920
5921 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5922 if (param_count > max_param_count) {
5923 BT_ERR("load_conn_param: too big param_count value %u",
5924 param_count);
5925 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5926 MGMT_STATUS_INVALID_PARAMS);
5927 }
a26f3dcf
JH		 5928
5929 expected_len = sizeof(*cp) + param_count *
5930 sizeof(struct mgmt_conn_param);
5931 if (expected_len != len) {
5932 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5933 expected_len, len);
5934 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5935 MGMT_STATUS_INVALID_PARAMS);
5936 }
5937
5938 BT_DBG("%s param_count %u", hdev->name, param_count);
5939
5940 hci_dev_lock(hdev);
5941
5942 hci_conn_params_clear_disabled(hdev);
5943
5944 for (i = 0; i < param_count; i++) {
5945 struct mgmt_conn_param *param = &cp->params[i];
5946 struct hci_conn_params *hci_param;
5947 u16 min, max, latency, timeout;
5948 u8 addr_type;
5949
5950 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5951 param->addr.type);
5952
5953 if (param->addr.type == BDADDR_LE_PUBLIC) {
5954 addr_type = ADDR_LE_DEV_PUBLIC;
5955 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5956 addr_type = ADDR_LE_DEV_RANDOM;
5957 } else {
5958 BT_ERR("Ignoring invalid connection parameters");
5959 continue;
5960 }
5961
5962 min = le16_to_cpu(param->min_interval);
5963 max = le16_to_cpu(param->max_interval);
5964 latency = le16_to_cpu(param->latency);
5965 timeout = le16_to_cpu(param->timeout);
5966
5967 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5968 min, max, latency, timeout);
5969
5970 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5971 BT_ERR("Ignoring invalid connection parameters");
5972 continue;
5973 }
5974
5975 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5976 addr_type);
5977 if (!hci_param) {
5978 BT_ERR("Failed to add connection parameters");
5979 continue;
5980 }
5981
5982 hci_param->conn_min_interval = min;
5983 hci_param->conn_max_interval = max;
5984 hci_param->conn_latency = latency;
5985 hci_param->supervision_timeout = timeout;
5986 }
5987
5988 hci_dev_unlock(hdev);
5989
5990 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5991}
5992
dbece37a
MH		 5993static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5994 void *data, u16 len)
5995{
5996 struct mgmt_cp_set_external_config *cp = data;
5997 bool changed;
5998 int err;
5999
6000 BT_DBG("%s", hdev->name);
6001
6002 if (hdev_is_powered(hdev))
6003 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6004 MGMT_STATUS_REJECTED);
6005
6006 if (cp->config != 0x00 && cp->config != 0x01)
6007 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6008 MGMT_STATUS_INVALID_PARAMS);
6009
6010 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
6011 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6012 MGMT_STATUS_NOT_SUPPORTED);
6013
6014 hci_dev_lock(hdev);
6015
6016 if (cp->config)
6017 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
6018 &hdev->dev_flags);
6019 else
6020 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
6021 &hdev->dev_flags);
6022
6023 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6024 if (err < 0)
6025 goto unlock;
6026
6027 if (!changed)
6028 goto unlock;
6029
f4537c04
MH		 6030 err = new_options(hdev, sk);
6031
dbece37a
MH		 6032 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
6033 mgmt_index_removed(hdev);
d603b76b
MH		 6034
6035 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
6036 set_bit(HCI_CONFIG, &hdev->dev_flags);
6037 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6038
6039 queue_work(hdev->req_workqueue, &hdev->power_on);
6040 } else {
5ea234d3 6041 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6042 mgmt_index_added(hdev);
6043 }
dbece37a
MH		 6044 }
6045
6046unlock:
6047 hci_dev_unlock(hdev);
6048 return err;
6049}
6050
9713c17b
MH		 6051static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6052 void *data, u16 len)
6053{
6054 struct mgmt_cp_set_public_address *cp = data;
6055 bool changed;
6056 int err;
6057
6058 BT_DBG("%s", hdev->name);
6059
6060 if (hdev_is_powered(hdev))
6061 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6062 MGMT_STATUS_REJECTED);
6063
6064 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
6065 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6066 MGMT_STATUS_INVALID_PARAMS);
6067
6068 if (!hdev->set_bdaddr)
6069 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6070 MGMT_STATUS_NOT_SUPPORTED);
6071
6072 hci_dev_lock(hdev);
6073
6074 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6075 bacpy(&hdev->public_addr, &cp->bdaddr);
6076
6077 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6078 if (err < 0)
6079 goto unlock;
6080
6081 if (!changed)
6082 goto unlock;
6083
6084 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6085 err = new_options(hdev, sk);
6086
6087 if (is_configured(hdev)) {
6088 mgmt_index_removed(hdev);
6089
6090 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
6091
6092 set_bit(HCI_CONFIG, &hdev->dev_flags);
6093 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6094
6095 queue_work(hdev->req_workqueue, &hdev->power_on);
6096 }
6097
6098unlock:
6099 hci_dev_unlock(hdev);
6100 return err;
6101}
6102
2e3c35ea 6103static const struct mgmt_handler {
04124681
GP		 6104 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
6105 u16 data_len);
be22b54e
JH		 6106 bool var_len;
6107 size_t data_len;
0f4e68cf
JH		 6108} mgmt_handlers[] = {
6109 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 6110 { read_version, false, MGMT_READ_VERSION_SIZE },
6111 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
6112 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
6113 { read_controller_info, false, MGMT_READ_INFO_SIZE },
6114 { set_powered, false, MGMT_SETTING_SIZE },
6115 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
6116 { set_connectable, false, MGMT_SETTING_SIZE },
6117 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 6118 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 6119 { set_link_security, false, MGMT_SETTING_SIZE },
6120 { set_ssp, false, MGMT_SETTING_SIZE },
6121 { set_hs, false, MGMT_SETTING_SIZE },
6122 { set_le, false, MGMT_SETTING_SIZE },
6123 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
6124 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
6125 { add_uuid, false, MGMT_ADD_UUID_SIZE },
6126 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
6127 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
6128 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
6129 { disconnect, false, MGMT_DISCONNECT_SIZE },
6130 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
6131 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
6132 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6133 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
6134 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
6135 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6136 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
6137 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
6138 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6139 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
6140 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6141 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 6142 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 6143 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6144 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
6145 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
6146 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
6147 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
6148 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 6149 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 6150 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 6151 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 6152 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 6153 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 6154 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 6155 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 6156 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 6157 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 6158 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 6159 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 6160 { add_device, false, MGMT_ADD_DEVICE_SIZE },
6161 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 6162 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
6163 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 6164 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 6165 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 6166 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
66ea9427 6167 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
0f4e68cf
JH		 6168};
6169
0381101f
JH		 6170int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
6171{
650f726d
VCG		 6172 void *buf;
6173 u8 *cp;
0381101f 6174 struct mgmt_hdr *hdr;
4e51eae9 6175 u16 opcode, index, len;
bdb6d971 6176 struct hci_dev *hdev = NULL;
2e3c35ea 6177 const struct mgmt_handler *handler;
0381101f
JH		 6178 int err;
6179
6180 BT_DBG("got %zu bytes", msglen);
6181
6182 if (msglen < sizeof(*hdr))
6183 return -EINVAL;
6184
e63a15ec 6185 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6186 if (!buf)
6187 return -ENOMEM;
6188
6ce8e9ce 6189 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6190 err = -EFAULT;
6191 goto done;
6192 }
6193
650f726d 6194 hdr = buf;
1f350c87
MH		 6195 opcode = __le16_to_cpu(hdr->opcode);
6196 index = __le16_to_cpu(hdr->index);
6197 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6198
6199 if (len != msglen - sizeof(*hdr)) {
6200 err = -EINVAL;
6201 goto done;
6202 }
6203
0f4e68cf 6204 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6205 hdev = hci_dev_get(index);
6206 if (!hdev) {
6207 err = cmd_status(sk, index, opcode,
04124681 6208 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6209 goto done;
6210 }
0736cfa8 6211
cebf4cfd 6212 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 6213 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 6214 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 6215 err = cmd_status(sk, index, opcode,
6216 MGMT_STATUS_INVALID_INDEX);
6217 goto done;
6218 }
42a9bc14
MH		 6219
6220 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 6221 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 6222 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
6223 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 6224 err = cmd_status(sk, index, opcode,
6225 MGMT_STATUS_INVALID_INDEX);
6226 goto done;
6227 }
bdb6d971
JH		 6228 }
6229
0f4e68cf 6230 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 6231 mgmt_handlers[opcode].func == NULL) {
0381101f 6232 BT_DBG("Unknown op %u", opcode);
ca69b795 6233 err = cmd_status(sk, index, opcode,
04124681 6234 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 6235 goto done;
6236 }
6237
73d1df2a
MH		 6238 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
6239 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6240 err = cmd_status(sk, index, opcode,
6241 MGMT_STATUS_INVALID_INDEX);
6242 goto done;
6243 }
6244
6245 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
6246 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 6247 err = cmd_status(sk, index, opcode,
04124681 6248 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6249 goto done;
0381101f
JH		 6250 }
6251
be22b54e
JH		 6252 handler = &mgmt_handlers[opcode];
6253
6254 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 6255 (!handler->var_len && len != handler->data_len)) {
be22b54e 6256 err = cmd_status(sk, index, opcode,
04124681 6257 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6258 goto done;
6259 }
6260
0f4e68cf
JH		 6261 if (hdev)
6262 mgmt_init_hdev(sk, hdev);
6263
6264 cp = buf + sizeof(*hdr);
6265
be22b54e 6266 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6267 if (err < 0)
6268 goto done;
6269
0381101f
JH		 6270 err = msglen;
6271
6272done:
bdb6d971
JH		 6273 if (hdev)
6274 hci_dev_put(hdev);
6275
0381101f
JH		 6276 kfree(buf);
6277 return err;
6278}
c71e97bf 6279
bf6b56db 6280void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6281{
1514b892 6282 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6283 return;
bb4b2a9a 6284
0602a8ad
MH		 6285 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6286 return;
6287
6288 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6289 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6290 else
6291 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6292}
6293
bf6b56db 6294void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6295{
5f159032 6296 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6297
1514b892 6298 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6299 return;
bb4b2a9a 6300
0602a8ad
MH		 6301 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6302 return;
6303
1b9b5ee5 6304 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6305
edd3896b
MH		 6306 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6307 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6308 else
6309 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6310}
6311
6046dc3e 6312/* This function requires the caller holds hdev->lock */
2cf22218 6313static void restart_le_actions(struct hci_request *req)
6046dc3e 6314{
2cf22218 6315 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6316 struct hci_conn_params *p;
6317
6318 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6319 /* Needed for AUTO_OFF case where might not "really"
6320 * have been powered off.
6321 */
6322 list_del_init(&p->action);
6323
6324 switch (p->auto_connect) {
4b9e7e75 6325 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6326 case HCI_AUTO_CONN_ALWAYS:
6327 list_add(&p->action, &hdev->pend_le_conns);
6328 break;
6329 case HCI_AUTO_CONN_REPORT:
6330 list_add(&p->action, &hdev->pend_le_reports);
6331 break;
6332 default:
6333 break;
c83ed19d 6334 }
6046dc3e 6335 }
c83ed19d 6336
2cf22218 6337 __hci_update_background_scan(req);
6046dc3e
AG		 6338}
6339
1904a853 6340static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6341{
6342 struct cmd_lookup match = { NULL, hdev };
6343
6344 BT_DBG("status 0x%02x", status);
6345
162a3bac
MH		 6346 if (!status) {
6347 /* Register the available SMP channels (BR/EDR and LE) only
6348 * when successfully powering on the controller. This late
6349 * registration is required so that LE SMP can clearly
6350 * decide if the public address or static address is used.
6351 */
6352 smp_register(hdev);
6353 }
6354
229ab39c
JH		 6355 hci_dev_lock(hdev);
6356
6357 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6358
6359 new_settings(hdev, match.sk);
6360
6361 hci_dev_unlock(hdev);
6362
6363 if (match.sk)
6364 sock_put(match.sk);
6365}
6366
70da6243 6367static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6368{
890ea898 6369 struct hci_request req;
70da6243 6370 u8 link_sec;
5add6af8 6371
890ea898
JH		 6372 hci_req_init(&req, hdev);
6373
70da6243
JH		 6374 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6375 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6376 u8 mode = 0x01;
5e5282bb 6377
574ea3c7
MH		 6378 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6379
6380 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6381 u8 support = 0x01;
5add6af8 6382
574ea3c7
MH		 6383 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6384 sizeof(support), &support);
6385 }
ec6f99b8
JH		 6386 }
6387
c73eee91
JH		 6388 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6389 lmp_bredr_capable(hdev)) {
70da6243 6390 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6391
32226e4f
MH		 6392 cp.le = 0x01;
6393 cp.simul = 0x00;
3d1cbdd6 6394
70da6243
JH		 6395 /* Check first if we already have the right
6396 * host state (host features set)
6397 */
6398 if (cp.le != lmp_host_le_capable(hdev) ||
6399 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6400 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6401 sizeof(cp), &cp);
70da6243 6402 }
3d1cbdd6 6403
d13eafce 6404 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6405 /* Make sure the controller has a good default for
6406 * advertising data. This also applies to the case
6407 * where BR/EDR was toggled during the AUTO_OFF phase.
6408 */
f14d8f64 6409 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6410 update_adv_data(&req);
f14d8f64
MH		 6411 update_scan_rsp_data(&req);
6412 }
441ad2d0 6413
bba3aa55
MH		 6414 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6415 enable_advertising(&req);
2cf22218
JH		 6416
6417 restart_le_actions(&req);
eeca6f89
JH		 6418 }
6419
70da6243
JH		 6420 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6421 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6422 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6423 sizeof(link_sec), &link_sec);
562fcc24 6424
70da6243 6425 if (lmp_bredr_capable(hdev)) {
432df05e 6426 write_fast_connectable(&req, false);
1d2dc5b7 6427 __hci_update_page_scan(&req);
890ea898 6428 update_class(&req);
13928971 6429 update_name(&req);
890ea898 6430 update_eir(&req);
70da6243 6431 }
562fcc24 6432
229ab39c 6433 return hci_req_run(&req, powered_complete);
70da6243 6434}
562fcc24 6435
70da6243
JH		 6436int mgmt_powered(struct hci_dev *hdev, u8 powered)
6437{
6438 struct cmd_lookup match = { NULL, hdev };
9845904f 6439 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6440 int err;
f0ff92fb 6441
70da6243
JH		 6442 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6443 return 0;
6444
70da6243 6445 if (powered) {
229ab39c
JH		 6446 if (powered_update_hci(hdev) == 0)
6447 return 0;
fe038884 6448
229ab39c
JH		 6449 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6450 &match);
6451 goto new_settings;
b24752fe
JH		 6452 }
6453
229ab39c 6454 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6455
6456 /* If the power off is because of hdev unregistration let
6457 * use the appropriate INVALID_INDEX status. Otherwise use
6458 * NOT_POWERED. We cover both scenarios here since later in
6459 * mgmt_index_removed() any hci_conn callbacks will have already
6460 * been triggered, potentially causing misleading DISCONNECTED
6461 * status responses.
6462 */
6463 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6464 status = MGMT_STATUS_INVALID_INDEX;
6465 else
6466 status = MGMT_STATUS_NOT_POWERED;
6467
6468 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6469
6470 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6471 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6472 zero_cod, sizeof(zero_cod), NULL);
6473
6474new_settings:
beadb2bd 6475 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6476
6477 if (match.sk)
6478 sock_put(match.sk);
6479
7bb895d6 6480 return err;
5add6af8 6481}
73f22f62 6482
3eec705e 6483void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6484{
6485 struct pending_cmd *cmd;
6486 u8 status;
6487
6488 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6489 if (!cmd)
3eec705e 6490 return;
96570ffc
JH		 6491
6492 if (err == -ERFKILL)
6493 status = MGMT_STATUS_RFKILLED;
6494 else
6495 status = MGMT_STATUS_FAILED;
6496
3eec705e 6497 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6498
6499 mgmt_pending_remove(cmd);
96570ffc
JH		 6500}
6501
d1967ff8
MH		 6502void mgmt_discoverable_timeout(struct hci_dev *hdev)
6503{
6504 struct hci_request req;
d1967ff8
MH		 6505
6506 hci_dev_lock(hdev);
6507
6508 /* When discoverable timeout triggers, then just make sure
6509 * the limited discoverable flag is cleared. Even in the case
6510 * of a timeout triggered from general discoverable, it is
6511 * safe to unconditionally clear the flag.
6512 */
6513 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6514 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6515
6516 hci_req_init(&req, hdev);
4b580614
JH		 6517 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6518 u8 scan = SCAN_PAGE;
6519 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6520 sizeof(scan), &scan);
6521 }
d1967ff8 6522 update_class(&req);
9a43e25f 6523 update_adv_data(&req);
d1967ff8
MH		 6524 hci_req_run(&req, NULL);
6525
6526 hdev->discov_timeout = 0;
6527
9a43e25f
JH		 6528 new_settings(hdev, NULL);
6529
d1967ff8
MH		 6530 hci_dev_unlock(hdev);
6531}
6532
dc4a5ee2
MH		 6533void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6534 bool persistent)
55ed8ca1 6535{
86742e1e 6536 struct mgmt_ev_new_link_key ev;
55ed8ca1 6537
a492cd52 6538 memset(&ev, 0, sizeof(ev));
55ed8ca1 6539
a492cd52 6540 ev.store_hint = persistent;
d753fdc4 6541 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6542 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6543 ev.key.type = key->type;
9b3b4460 6544 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6545 ev.key.pin_len = key->pin_len;
55ed8ca1 6546
dc4a5ee2 6547 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6548}
f7520543 6549
d7b25450
JH		 6550static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6551{
23fb8de3
JH		 6552 switch (ltk->type) {
6553 case SMP_LTK:
6554 case SMP_LTK_SLAVE:
6555 if (ltk->authenticated)
6556 return MGMT_LTK_AUTHENTICATED;
6557 return MGMT_LTK_UNAUTHENTICATED;
6558 case SMP_LTK_P256:
6559 if (ltk->authenticated)
6560 return MGMT_LTK_P256_AUTH;
6561 return MGMT_LTK_P256_UNAUTH;
6562 case SMP_LTK_P256_DEBUG:
6563 return MGMT_LTK_P256_DEBUG;
6564 }
d7b25450
JH		 6565
6566 return MGMT_LTK_UNAUTHENTICATED;
6567}
6568
53ac6ab6 6569void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6570{
6571 struct mgmt_ev_new_long_term_key ev;
6572
6573 memset(&ev, 0, sizeof(ev));
6574
5192d301
MH		 6575 /* Devices using resolvable or non-resolvable random addresses
6576 * without providing an indentity resolving key don't require
6577 * to store long term keys. Their addresses will change the
6578 * next time around.
6579 *
6580 * Only when a remote device provides an identity address
6581 * make sure the long term key is stored. If the remote
6582 * identity is known, the long term keys are internally
6583 * mapped to the identity address. So allow static random
6584 * and public addresses here.
6585 */
ba74b666
JH		 6586 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6587 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6588 ev.store_hint = 0x00;
6589 else
53ac6ab6 6590 ev.store_hint = persistent;
ba74b666 6591
346af67b 6592 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6593 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6594 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6595 ev.key.enc_size = key->enc_size;
6596 ev.key.ediv = key->ediv;
fe39c7b2 6597 ev.key.rand = key->rand;
346af67b 6598
2ceba539 6599 if (key->type == SMP_LTK)
346af67b
VCG		 6600 ev.key.master = 1;
6601
346af67b
VCG		 6602 memcpy(ev.key.val, key->val, sizeof(key->val));
6603
083368f7 6604 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6605}
6606
95fbac8a
JH		 6607void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6608{
6609 struct mgmt_ev_new_irk ev;
6610
6611 memset(&ev, 0, sizeof(ev));
6612
bab6d1e5
MH		 6613 /* For identity resolving keys from devices that are already
6614 * using a public address or static random address, do not
6615 * ask for storing this key. The identity resolving key really
6616 * is only mandatory for devices using resovlable random
6617 * addresses.
6618 *
6619 * Storing all identity resolving keys has the downside that
6620 * they will be also loaded on next boot of they system. More
6621 * identity resolving keys, means more time during scanning is
6622 * needed to actually resolve these addresses.
6623 */
6624 if (bacmp(&irk->rpa, BDADDR_ANY))
6625 ev.store_hint = 0x01;
6626 else
6627 ev.store_hint = 0x00;
6628
95fbac8a
JH		 6629 bacpy(&ev.rpa, &irk->rpa);
6630 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6631 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6632 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6633
6634 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6635}
6636
53ac6ab6
MH		 6637void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6638 bool persistent)
7ee4ea36
MH		 6639{
6640 struct mgmt_ev_new_csrk ev;
6641
6642 memset(&ev, 0, sizeof(ev));
6643
6644 /* Devices using resolvable or non-resolvable random addresses
6645 * without providing an indentity resolving key don't require
6646 * to store signature resolving keys. Their addresses will change
6647 * the next time around.
6648 *
6649 * Only when a remote device provides an identity address
6650 * make sure the signature resolving key is stored. So allow
6651 * static random and public addresses here.
6652 */
6653 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6654 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6655 ev.store_hint = 0x00;
6656 else
53ac6ab6 6657 ev.store_hint = persistent;
7ee4ea36
MH		 6658
6659 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6660 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6661 ev.key.master = csrk->master;
6662 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6663
6664 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6665}
6666
ffb5a827 6667void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6668 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6669 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6670{
6671 struct mgmt_ev_new_conn_param ev;
6672
c103aea6
JH		 6673 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6674 return;
6675
ffb5a827
AG		 6676 memset(&ev, 0, sizeof(ev));
6677 bacpy(&ev.addr.bdaddr, bdaddr);
6678 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6679 ev.store_hint = store_hint;
ffb5a827
AG		 6680 ev.min_interval = cpu_to_le16(min_interval);
6681 ev.max_interval = cpu_to_le16(max_interval);
6682 ev.latency = cpu_to_le16(latency);
6683 ev.timeout = cpu_to_le16(timeout);
6684
6685 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6686}
6687
94933991
MH		 6688static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6689 u8 data_len)
6690{
6691 eir[eir_len++] = sizeof(type) + data_len;
6692 eir[eir_len++] = type;
6693 memcpy(&eir[eir_len], data, data_len);
6694 eir_len += data_len;
6695
6696 return eir_len;
6697}
6698
48ec92fa
AA		 6699void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6700 u32 flags, u8 *name, u8 name_len)
f7520543 6701{
b644ba33
JH		 6702 char buf[512];
6703 struct mgmt_ev_device_connected *ev = (void *) buf;
6704 u16 eir_len = 0;
f7520543 6705
48ec92fa
AA		 6706 bacpy(&ev->addr.bdaddr, &conn->dst);
6707 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6708
c95f0ba7 6709 ev->flags = __cpu_to_le32(flags);
08c79b61 6710
fd45ada9
AA		 6711 /* We must ensure that the EIR Data fields are ordered and
6712 * unique. Keep it simple for now and avoid the problem by not
6713 * adding any BR/EDR data to the LE adv.
6714 */
6715 if (conn->le_adv_data_len > 0) {
6716 memcpy(&ev->eir[eir_len],
6717 conn->le_adv_data, conn->le_adv_data_len);
6718 eir_len = conn->le_adv_data_len;
6719 } else {
6720 if (name_len > 0)
6721 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6722 name, name_len);
b644ba33 6723
ddbea5cf 6724 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6725 eir_len = eir_append_data(ev->eir, eir_len,
6726 EIR_CLASS_OF_DEV,
6727 conn->dev_class, 3);
6728 }
b644ba33 6729
eb55ef07 6730 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6731
ecd90ae7
MH		 6732 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6733 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6734}
6735
8962ee74
JH		 6736static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6737{
8962ee74 6738 struct sock **sk = data;
8962ee74 6739
f5818c22 6740 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6741
6742 *sk = cmd->sk;
6743 sock_hold(*sk);
6744
a664b5bc 6745 mgmt_pending_remove(cmd);
8962ee74
JH		 6746}
6747
124f6e35 6748static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6749{
b1078ad0 6750 struct hci_dev *hdev = data;
124f6e35 6751 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6752
b1078ad0
JH		 6753 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6754
d8b7b1e4 6755 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6756 mgmt_pending_remove(cmd);
6757}
6758
84c61d92
JH		 6759bool mgmt_powering_down(struct hci_dev *hdev)
6760{
6761 struct pending_cmd *cmd;
6762 struct mgmt_mode *cp;
6763
6764 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6765 if (!cmd)
6766 return false;
6767
6768 cp = cmd->param;
6769 if (!cp->val)
6770 return true;
6771
6772 return false;
6773}
6774
9b80ec5e 6775void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6776 u8 link_type, u8 addr_type, u8 reason,
6777 bool mgmt_connected)
f7520543 6778{
f0d6a0ea 6779 struct mgmt_ev_device_disconnected ev;
8962ee74 6780 struct sock *sk = NULL;
8962ee74 6781
84c61d92
JH		 6782 /* The connection is still in hci_conn_hash so test for 1
6783 * instead of 0 to know if this is the last one.
6784 */
6785 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6786 cancel_delayed_work(&hdev->power_off);
6787 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6788 }
6789
12d4a3b2
JH		 6790 if (!mgmt_connected)
6791 return;
6792
57eb776f
AG		 6793 if (link_type != ACL_LINK && link_type != LE_LINK)
6794 return;
6795
744cf19e 6796 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6797
f0d6a0ea
MA		 6798 bacpy(&ev.addr.bdaddr, bdaddr);
6799 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6800 ev.reason = reason;
f7520543 6801
9b80ec5e 6802 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6803
6804 if (sk)
d97dcb66 6805 sock_put(sk);
8962ee74 6806
124f6e35 6807 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6808 hdev);
8962ee74
JH		 6809}
6810
7892924c
MH		 6811void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6812 u8 link_type, u8 addr_type, u8 status)
8962ee74 6813{
3655bba8
AG		 6814 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6815 struct mgmt_cp_disconnect *cp;
8962ee74 6816 struct pending_cmd *cmd;
8962ee74 6817
36a75f1b
JD		 6818 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6819 hdev);
6820
2e58ef3e 6821 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6822 if (!cmd)
7892924c 6823 return;
8962ee74 6824
3655bba8
AG		 6825 cp = cmd->param;
6826
6827 if (bacmp(bdaddr, &cp->addr.bdaddr))
6828 return;
6829
6830 if (cp->addr.type != bdaddr_type)
6831 return;
6832
f5818c22 6833 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6834 mgmt_pending_remove(cmd);
f7520543 6835}
17d5c04c 6836
445608d0
MH		 6837void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6838 u8 addr_type, u8 status)
17d5c04c
JH		 6839{
6840 struct mgmt_ev_connect_failed ev;
c9910d0f 6841
84c61d92
JH		 6842 /* The connection is still in hci_conn_hash so test for 1
6843 * instead of 0 to know if this is the last one.
6844 */
6845 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6846 cancel_delayed_work(&hdev->power_off);
6847 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6848 }
17d5c04c 6849
4c659c39 6850 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6851 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6852 ev.status = mgmt_status(status);
17d5c04c 6853
445608d0 6854 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6855}
980e1a53 6856
ce0e4a0d 6857void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6858{
6859 struct mgmt_ev_pin_code_request ev;
6860
d8457698 6861 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6862 ev.addr.type = BDADDR_BREDR;
a770bb5a 6863 ev.secure = secure;
980e1a53 6864
ce0e4a0d 6865 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6866}
6867
e669cf80
MH		 6868void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6869 u8 status)
980e1a53
JH		 6870{
6871 struct pending_cmd *cmd;
980e1a53 6872
2e58ef3e 6873 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6874 if (!cmd)
e669cf80 6875 return;
980e1a53 6876
7776d1d8 6877 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6878 mgmt_pending_remove(cmd);
980e1a53
JH		 6879}
6880
3eb38528
MH		 6881void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6882 u8 status)
980e1a53
JH		 6883{
6884 struct pending_cmd *cmd;
980e1a53 6885
2e58ef3e 6886 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6887 if (!cmd)
3eb38528 6888 return;
980e1a53 6889
7776d1d8 6890 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6891 mgmt_pending_remove(cmd);
980e1a53 6892}
a5c29683 6893
744cf19e 6894int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6895 u8 link_type, u8 addr_type, u32 value,
04124681 6896 u8 confirm_hint)
a5c29683
JH		 6897{
6898 struct mgmt_ev_user_confirm_request ev;
6899
744cf19e 6900 BT_DBG("%s", hdev->name);
a5c29683 6901
272d90df 6902 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6903 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6904 ev.confirm_hint = confirm_hint;
39adbffe 6905 ev.value = cpu_to_le32(value);
a5c29683 6906
744cf19e 6907 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6908 NULL);
a5c29683
JH		 6909}
6910
272d90df 6911int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6912 u8 link_type, u8 addr_type)
604086b7
BG		 6913{
6914 struct mgmt_ev_user_passkey_request ev;
6915
6916 BT_DBG("%s", hdev->name);
6917
272d90df 6918 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6919 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6920
6921 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6922 NULL);
604086b7
BG		 6923}
6924
0df4c185 6925static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6926 u8 link_type, u8 addr_type, u8 status,
6927 u8 opcode)
a5c29683
JH		 6928{
6929 struct pending_cmd *cmd;
a5c29683 6930
2e58ef3e 6931 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6932 if (!cmd)
6933 return -ENOENT;
6934
7776d1d8 6935 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6936 mgmt_pending_remove(cmd);
a5c29683 6937
7776d1d8 6938 return 0;
a5c29683
JH		 6939}
6940
744cf19e 6941int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6942 u8 link_type, u8 addr_type, u8 status)
a5c29683 6943{
272d90df 6944 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6945 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6946}
6947
272d90df 6948int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6949 u8 link_type, u8 addr_type, u8 status)
a5c29683 6950{
272d90df 6951 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6952 status,
6953 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6954}
2a611692 6955
604086b7 6956int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6957 u8 link_type, u8 addr_type, u8 status)
604086b7 6958{
272d90df 6959 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6960 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6961}
6962
272d90df 6963int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6964 u8 link_type, u8 addr_type, u8 status)
604086b7 6965{
272d90df 6966 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6967 status,
6968 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6969}
6970
92a25256
JH		 6971int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6972 u8 link_type, u8 addr_type, u32 passkey,
6973 u8 entered)
6974{
6975 struct mgmt_ev_passkey_notify ev;
6976
6977 BT_DBG("%s", hdev->name);
6978
6979 bacpy(&ev.addr.bdaddr, bdaddr);
6980 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6981 ev.passkey = __cpu_to_le32(passkey);
6982 ev.entered = entered;
6983
6984 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6985}
6986
e1e930f5 6987void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6988{
6989 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6990 struct pending_cmd *cmd;
6991 u8 status = mgmt_status(hci_status);
2a611692 6992
e1e930f5
JH		 6993 bacpy(&ev.addr.bdaddr, &conn->dst);
6994 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6995 ev.status = status;
2a611692 6996
e1e930f5
JH		 6997 cmd = find_pairing(conn);
6998
6999 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7000 cmd ? cmd->sk : NULL);
7001
a511b35b
JH		 7002 if (cmd) {
7003 cmd->cmd_complete(cmd, status);
7004 mgmt_pending_remove(cmd);
7005 }
2a611692 7006}
b312b161 7007
464996ae 7008void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7009{
7010 struct cmd_lookup match = { NULL, hdev };
464996ae 7011 bool changed;
33ef95ed
JH		 7012
7013 if (status) {
7014 u8 mgmt_err = mgmt_status(status);
7015 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7016 cmd_status_rsp, &mgmt_err);
464996ae 7017 return;
33ef95ed
JH		 7018 }
7019
464996ae
MH		 7020 if (test_bit(HCI_AUTH, &hdev->flags))
7021 changed = !test_and_set_bit(HCI_LINK_SECURITY,
7022 &hdev->dev_flags);
7023 else
7024 changed = test_and_clear_bit(HCI_LINK_SECURITY,
7025 &hdev->dev_flags);
47990ea0 7026
33ef95ed 7027 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7028 &match);
33ef95ed 7029
47990ea0 7030 if (changed)
464996ae 7031 new_settings(hdev, match.sk);
33ef95ed
JH		 7032
7033 if (match.sk)
7034 sock_put(match.sk);
33ef95ed
JH		 7035}
7036
890ea898 7037static void clear_eir(struct hci_request *req)
cacaf52f 7038{
890ea898 7039 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7040 struct hci_cp_write_eir cp;
7041
976eb20e 7042 if (!lmp_ext_inq_capable(hdev))
890ea898 7043 return;
cacaf52f 7044
c80da27e
JH		 7045 memset(hdev->eir, 0, sizeof(hdev->eir));
7046
cacaf52f
JH		 7047 memset(&cp, 0, sizeof(cp));
7048
890ea898 7049 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7050}
7051
3e248560 7052void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7053{
7054 struct cmd_lookup match = { NULL, hdev };
890ea898 7055 struct hci_request req;
c0ecddc2 7056 bool changed = false;
ed2c4ee3
JH		 7057
7058 if (status) {
7059 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 7060
7061 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 7062 &hdev->dev_flags)) {
7063 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 7064 new_settings(hdev, NULL);
9ecb3e24 7065 }
c0ecddc2 7066
04124681
GP		 7067 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7068 &mgmt_err);
3e248560 7069 return;
c0ecddc2
JH		 7070 }
7071
7072 if (enable) {
9ecb3e24 7073 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 7074 } else {
9ecb3e24
MH		 7075 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
7076 if (!changed)
7077 changed = test_and_clear_bit(HCI_HS_ENABLED,
7078 &hdev->dev_flags);
7079 else
7080 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 7081 }
7082
7083 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7084
c0ecddc2 7085 if (changed)
3e248560 7086 new_settings(hdev, match.sk);
ed2c4ee3 7087
5fc6ebb1 7088 if (match.sk)
ed2c4ee3
JH		 7089 sock_put(match.sk);
7090
890ea898
JH		 7091 hci_req_init(&req, hdev);
7092
3769972b
JH		 7093 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
7094 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
7095 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7096 sizeof(enable), &enable);
890ea898 7097 update_eir(&req);
3769972b 7098 } else {
890ea898 7099 clear_eir(&req);
3769972b 7100 }
890ea898
JH		 7101
7102 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7103}
7104
92da6097 7105static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 7106{
7107 struct cmd_lookup *match = data;
7108
90e70454
JH		 7109 if (match->sk == NULL) {
7110 match->sk = cmd->sk;
7111 sock_hold(match->sk);
7112 }
90e70454
JH		 7113}
7114
4e1b0245
MH		 7115void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7116 u8 status)
7f9a903c 7117{
90e70454 7118 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7119
92da6097
JH		 7120 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7121 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7122 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7123
7124 if (!status)
4e1b0245
MH		 7125 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7126 NULL);
90e70454
JH		 7127
7128 if (match.sk)
7129 sock_put(match.sk);
7f9a903c
MH		 7130}
7131
7667da34 7132void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7133{
b312b161 7134 struct mgmt_cp_set_local_name ev;
13928971 7135 struct pending_cmd *cmd;
28cc7bde 7136
13928971 7137 if (status)
7667da34 7138 return;
b312b161
JH		 7139
7140 memset(&ev, 0, sizeof(ev));
7141 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7142 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7143
2e58ef3e 7144 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7145 if (!cmd) {
7146 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7147
13928971
JH		 7148 /* If this is a HCI command related to powering on the
7149 * HCI dev don't send any mgmt signals.
7150 */
7151 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7152 return;
890ea898 7153 }
b312b161 7154
7667da34
MH		 7155 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7156 cmd ? cmd->sk : NULL);
b312b161 7157}
c35938b2 7158
4d2d2796 7159void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7160 u8 *rand192, u8 *hash256, u8 *rand256,
7161 u8 status)
c35938b2
SJ		 7162{
7163 struct pending_cmd *cmd;
c35938b2 7164
744cf19e 7165 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7166
2e58ef3e 7167 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7168 if (!cmd)
3edaf092 7169 return;
c35938b2
SJ		 7170
7171 if (status) {
3edaf092
MH		 7172 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7173 mgmt_status(status));
c35938b2 7174 } else {
66f096f7
JH		 7175 struct mgmt_rp_read_local_oob_data rp;
7176 size_t rp_size = sizeof(rp);
4d2d2796 7177
66f096f7
JH		 7178 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7179 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7180
66f096f7 7181 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7182 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7183 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7184 } else {
66f096f7 7185 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7186 }
66f096f7
JH		 7187
7188 cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7189 &rp, rp_size);
c35938b2
SJ		 7190 }
7191
7192 mgmt_pending_remove(cmd);
c35938b2 7193}
e17acd40 7194
799ce93d
JP		 7195static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7196{
7197 int i;
7198
7199 for (i = 0; i < uuid_count; i++) {
7200 if (!memcmp(uuid, uuids[i], 16))
7201 return true;
7202 }
7203
7204 return false;
7205}
7206
b487b9ce
MH		 7207static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7208{
799ce93d
JP		 7209 u16 parsed = 0;
7210
7211 while (parsed < eir_len) {
7212 u8 field_len = eir[0];
7213 u8 uuid[16];
7214 int i;
7215
7216 if (field_len == 0)
7217 break;
7218
7219 if (eir_len - parsed < field_len + 1)
7220 break;
7221
7222 switch (eir[1]) {
7223 case EIR_UUID16_ALL:
7224 case EIR_UUID16_SOME:
7225 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7226 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7227 uuid[13] = eir[i + 3];
7228 uuid[12] = eir[i + 2];
7229 if (has_uuid(uuid, uuid_count, uuids))
7230 return true;
7231 }
7232 break;
7233 case EIR_UUID32_ALL:
7234 case EIR_UUID32_SOME:
7235 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7236 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7237 uuid[15] = eir[i + 5];
7238 uuid[14] = eir[i + 4];
7239 uuid[13] = eir[i + 3];
7240 uuid[12] = eir[i + 2];
7241 if (has_uuid(uuid, uuid_count, uuids))
7242 return true;
7243 }
7244 break;
7245 case EIR_UUID128_ALL:
7246 case EIR_UUID128_SOME:
7247 for (i = 0; i + 17 <= field_len; i += 16) {
7248 memcpy(uuid, eir + i + 2, 16);
7249 if (has_uuid(uuid, uuid_count, uuids))
7250 return true;
7251 }
7252 break;
7253 }
7254
7255 parsed += field_len + 1;
7256 eir += field_len + 1;
7257 }
7258
b487b9ce
MH		 7259 return false;
7260}
7261
4b0e0ced
JP		 7262static void restart_le_scan(struct hci_dev *hdev)
7263{
7264 /* If controller is not scanning we are done. */
7265 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
7266 return;
7267
7268 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7269 hdev->discovery.scan_start +
7270 hdev->discovery.scan_duration))
7271 return;
7272
7273 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7274 DISCOV_LE_RESTART_DELAY);
7275}
7276
901801b9 7277void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 7278 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7279 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7280{
e319d2e7
JH		 7281 char buf[512];
7282 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 7283 size_t ev_size;
b487b9ce 7284 bool match;
e17acd40 7285
75ce208c
JH		 7286 /* Don't send events for a non-kernel initiated discovery. With
7287 * LE one exception is if we have pend_le_reports > 0 in which
7288 * case we're doing passive scanning and want these events.
7289 */
7290 if (!hci_discovery_active(hdev)) {
7291 if (link_type == ACL_LINK)
7292 return;
66f8455a 7293 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 7294 return;
7295 }
12602d0c 7296
bda157a4
MH		 7297 /* When using service discovery with a RSSI threshold, then check
7298 * if such a RSSI threshold is specified. If a RSSI threshold has
4b0e0ced
JP		 7299 * been specified, and HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set,
7300 * then all results with a RSSI smaller than the RSSI threshold will be
7301 * dropped. If the quirk is set, let it through for further processing,
7302 * as we might need to restart the scan.
efb2513f
MH		 7303 *
7304 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7305 * the results are also dropped.
bda157a4
MH		 7306 */
7307 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7308 (rssi == HCI_RSSI_INVALID ||
7309 (rssi < hdev->discovery.rssi &&
7310 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
bda157a4
MH		 7311 return;
7312
5d2e9fad
JH		 7313 /* Make sure that the buffer is big enough. The 5 extra bytes
7314 * are for the potential CoD field.
7315 */
7316 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 7317 return;
7d262f86 7318
1dc06093
JH		 7319 memset(buf, 0, sizeof(buf));
7320
da25cf6a
MH		 7321 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7322 * RSSI value was reported as 0 when not available. This behavior
7323 * is kept when using device discovery. This is required for full
7324 * backwards compatibility with the API.
7325 *
7326 * However when using service discovery, the value 127 will be
7327 * returned when the RSSI is not available.
7328 */
91200e9f
SJ		 7329 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7330 link_type == ACL_LINK)
efb2513f
MH		 7331 rssi = 0;
7332
841c5644
JH		 7333 bacpy(&ev->addr.bdaddr, bdaddr);
7334 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 7335 ev->rssi = rssi;
af58925c 7336 ev->flags = cpu_to_le32(flags);
e17acd40 7337
b487b9ce
MH		 7338 if (eir_len > 0) {
7339 /* When using service discovery and a list of UUID is
7340 * provided, results with no matching UUID should be
7341 * dropped. In case there is a match the result is
7342 * kept and checking possible scan response data
7343 * will be skipped.
7344 */
4b0e0ced 7345 if (hdev->discovery.uuid_count > 0) {
b487b9ce
MH		 7346 match = eir_has_uuids(eir, eir_len,
7347 hdev->discovery.uuid_count,
7348 hdev->discovery.uuids);
4b0e0ced
JP		 7349 /* If duplicate filtering does not report RSSI changes,
7350 * then restart scanning to ensure updated result with
7351 * updated RSSI values.
7352 */
7353 if (match && test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
7354 &hdev->quirks))
7355 restart_le_scan(hdev);
7356 } else {
ea8ae251 7357 match = true;
4b0e0ced 7358 }
ea8ae251
MH		 7359
7360 if (!match && !scan_rsp_len)
7361 return;
b487b9ce
MH		 7362
7363 /* Copy EIR or advertising data into event */
e319d2e7 7364 memcpy(ev->eir, eir, eir_len);
b487b9ce
MH		 7365 } else {
7366 /* When using service discovery and a list of UUID is
7367 * provided, results with empty EIR or advertising data
7368 * should be dropped since they do not match any UUID.
7369 */
ea8ae251 7370 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
b487b9ce 7371 return;
ea8ae251
MH		 7372
7373 match = false;
b487b9ce 7374 }
e17acd40 7375
1dc06093
JH		 7376 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7377 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 7378 dev_class, 3);
1dc06093 7379
b487b9ce
MH		 7380 if (scan_rsp_len > 0) {
7381 /* When using service discovery and a list of UUID is
7382 * provided, results with no matching UUID should be
7383 * dropped if there is no previous match from the
7384 * advertising data.
7385 */
7386 if (hdev->discovery.uuid_count > 0) {
7387 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7388 hdev->discovery.uuid_count,
7389 hdev->discovery.uuids))
7390 return;
4b0e0ced
JP		 7391
7392 /* If duplicate filtering does not report RSSI changes,
7393 * then restart scanning to ensure updated result with
7394 * updated RSSI values.
7395 */
7396 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
7397 &hdev->quirks))
7398 restart_le_scan(hdev);
b487b9ce
MH		 7399 }
7400
7401 /* Append scan response data to event */
5d2e9fad 7402 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
b487b9ce
MH		 7403 } else {
7404 /* When using service discovery and a list of UUID is
7405 * provided, results with empty scan response and no
7406 * previous matched advertising data should be dropped.
7407 */
7408 if (hdev->discovery.uuid_count > 0 && !match)
7409 return;
7410 }
5d2e9fad 7411
4b0e0ced
JP		 7412 /* Validate the reported RSSI value against the RSSI threshold once more
7413 * incase HCI_QUIRK_STRICT_DUPLICATE_FILTER forced a restart of LE
7414 * scanning.
7415 */
7416 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7417 rssi < hdev->discovery.rssi)
7418 return;
7419
5d2e9fad
JH		 7420 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7421 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7422
901801b9 7423 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7424}
a88a9652 7425
9cf12aee
MH		 7426void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7427 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7428{
b644ba33
JH		 7429 struct mgmt_ev_device_found *ev;
7430 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7431 u16 eir_len;
a88a9652 7432
b644ba33 7433 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7434
b644ba33
JH		 7435 memset(buf, 0, sizeof(buf));
7436
7437 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7438 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7439 ev->rssi = rssi;
7440
7441 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7442 name_len);
b644ba33 7443
eb55ef07 7444 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7445
9cf12aee 7446 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7447}
314b2381 7448
2f1e063b 7449void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7450{
f963e8e9 7451 struct mgmt_ev_discovering ev;
164a6e78 7452
343fb145
AG		 7453 BT_DBG("%s discovering %u", hdev->name, discovering);
7454
f963e8e9
JH		 7455 memset(&ev, 0, sizeof(ev));
7456 ev.type = hdev->discovery.type;
7457 ev.discovering = discovering;
7458
2f1e063b 7459 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7460}
5e762444 7461
1904a853 7462static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7463{
7464 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7465}
7466
7467void mgmt_reenable_advertising(struct hci_dev *hdev)
7468{
7469 struct hci_request req;
7470
5976e608
MH		 7471 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7472 return;
7473
7474 hci_req_init(&req, hdev);
7475 enable_advertising(&req);
0ec5ae84 7476 hci_req_run(&req, adv_enable_complete);
5976e608 7477}
ubuntu-zesty-kernel mirror