]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Introduce trusted flag for management control sockets
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
beb1c21b 40#define MGMT_REVISION 9
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
96f1474a 99 MGMT_OP_READ_EXT_INDEX_LIST,
e70bb2e8
JH		 100};
101
102static const u16 mgmt_events[] = {
103 MGMT_EV_CONTROLLER_ERROR,
104 MGMT_EV_INDEX_ADDED,
105 MGMT_EV_INDEX_REMOVED,
106 MGMT_EV_NEW_SETTINGS,
107 MGMT_EV_CLASS_OF_DEV_CHANGED,
108 MGMT_EV_LOCAL_NAME_CHANGED,
109 MGMT_EV_NEW_LINK_KEY,
110 MGMT_EV_NEW_LONG_TERM_KEY,
111 MGMT_EV_DEVICE_CONNECTED,
112 MGMT_EV_DEVICE_DISCONNECTED,
113 MGMT_EV_CONNECT_FAILED,
114 MGMT_EV_PIN_CODE_REQUEST,
115 MGMT_EV_USER_CONFIRM_REQUEST,
116 MGMT_EV_USER_PASSKEY_REQUEST,
117 MGMT_EV_AUTH_FAILED,
118 MGMT_EV_DEVICE_FOUND,
119 MGMT_EV_DISCOVERING,
120 MGMT_EV_DEVICE_BLOCKED,
121 MGMT_EV_DEVICE_UNBLOCKED,
122 MGMT_EV_DEVICE_UNPAIRED,
92a25256 123 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 124 MGMT_EV_NEW_IRK,
7ee4ea36 125 MGMT_EV_NEW_CSRK,
8afef092
MH		 126 MGMT_EV_DEVICE_ADDED,
127 MGMT_EV_DEVICE_REMOVED,
ffb5a827 128 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 129 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 130 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 131 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 132 MGMT_EV_EXT_INDEX_ADDED,
133 MGMT_EV_EXT_INDEX_REMOVED,
e70bb2e8
JH		 134};
135
17b02e62 136#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 137
d25b78e2
JH		 138#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
139 "\x00\x00\x00\x00\x00\x00\x00\x00"
140
3b0602cd 141struct mgmt_pending_cmd {
eec8d2bc 142 struct list_head list;
fc2f4b13 143 u16 opcode;
eec8d2bc 144 int index;
c68fb7ff 145 void *param;
323b0b88 146 size_t param_len;
eec8d2bc 147 struct sock *sk;
e9a416b5 148 void *user_data;
3b0602cd 149 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 150};
151
ca69b795
JH		 152/* HCI to MGMT error code conversion table */
153static u8 mgmt_status_table[] = {
154 MGMT_STATUS_SUCCESS,
155 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
156 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
157 MGMT_STATUS_FAILED, /* Hardware Failure */
158 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
159 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 160 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 161 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
162 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
163 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
164 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
165 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
166 MGMT_STATUS_BUSY, /* Command Disallowed */
167 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
168 MGMT_STATUS_REJECTED, /* Rejected Security */
169 MGMT_STATUS_REJECTED, /* Rejected Personal */
170 MGMT_STATUS_TIMEOUT, /* Host Timeout */
171 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
172 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
173 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
174 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
175 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
176 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
177 MGMT_STATUS_BUSY, /* Repeated Attempts */
178 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
179 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
180 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
181 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
182 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
183 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
184 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
185 MGMT_STATUS_FAILED, /* Unspecified Error */
186 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
187 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
188 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
189 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
190 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
191 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
192 MGMT_STATUS_FAILED, /* Unit Link Key Used */
193 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
194 MGMT_STATUS_TIMEOUT, /* Instant Passed */
195 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
196 MGMT_STATUS_FAILED, /* Transaction Collision */
197 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
198 MGMT_STATUS_REJECTED, /* QoS Rejected */
199 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
200 MGMT_STATUS_REJECTED, /* Insufficient Security */
201 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
202 MGMT_STATUS_BUSY, /* Role Switch Pending */
203 MGMT_STATUS_FAILED, /* Slot Violation */
204 MGMT_STATUS_FAILED, /* Role Switch Failed */
205 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
206 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
207 MGMT_STATUS_BUSY, /* Host Busy Pairing */
208 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
209 MGMT_STATUS_BUSY, /* Controller Busy */
210 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
211 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
212 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
213 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
214 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
215};
216
217static u8 mgmt_status(u8 hci_status)
218{
219 if (hci_status < ARRAY_SIZE(mgmt_status_table))
220 return mgmt_status_table[hci_status];
221
222 return MGMT_STATUS_FAILED;
223}
224
7a00ff44
JH		 225static int mgmt_send_event(u16 event, struct hci_dev *hdev,
226 unsigned short channel, void *data, u16 data_len,
227 struct sock *skip_sk)
04c60f05
MH		 228{
229 struct sk_buff *skb;
230 struct mgmt_hdr *hdr;
231
232 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
233 if (!skb)
234 return -ENOMEM;
235
236 hdr = (void *) skb_put(skb, sizeof(*hdr));
237 hdr->opcode = cpu_to_le16(event);
238 if (hdev)
239 hdr->index = cpu_to_le16(hdev->id);
240 else
241 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
242 hdr->len = cpu_to_le16(data_len);
243
244 if (data)
245 memcpy(skb_put(skb, data_len), data, data_len);
246
247 /* Time stamp */
248 __net_timestamp(skb);
249
7a00ff44 250 hci_send_to_channel(channel, skb, skip_sk);
04c60f05
MH		 251 kfree_skb(skb);
252
253 return 0;
254}
255
f9207338
MH		 256static int mgmt_index_event(u16 event, struct hci_dev *hdev,
257 void *data, u16 data_len, int flag)
258{
259 struct sk_buff *skb;
260 struct mgmt_hdr *hdr;
261
262 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
263 if (!skb)
264 return -ENOMEM;
265
266 hdr = (void *) skb_put(skb, sizeof(*hdr));
267 hdr->opcode = cpu_to_le16(event);
268 hdr->index = cpu_to_le16(hdev->id);
269 hdr->len = cpu_to_le16(data_len);
270
271 if (data)
272 memcpy(skb_put(skb, data_len), data, data_len);
273
274 /* Time stamp */
275 __net_timestamp(skb);
276
277 hci_send_to_flagged_channel(HCI_CHANNEL_CONTROL, skb, flag);
278 kfree_skb(skb);
279
280 return 0;
281}
282
7a00ff44
JH		 283static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
284 struct sock *skip_sk)
285{
286 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
287 skip_sk);
288}
289
a69e8375 290static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 291{
292 struct sk_buff *skb;
293 struct mgmt_hdr *hdr;
294 struct mgmt_ev_cmd_status *ev;
56b7d137 295 int err;
f7b64e69 296
34eb525c 297 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 298
790eff44 299 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 300 if (!skb)
301 return -ENOMEM;
302
303 hdr = (void *) skb_put(skb, sizeof(*hdr));
304
dcf4adbf 305 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 306 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 307 hdr->len = cpu_to_le16(sizeof(*ev));
308
309 ev = (void *) skb_put(skb, sizeof(*ev));
310 ev->status = status;
eb55ef07 311 ev->opcode = cpu_to_le16(cmd);
f7b64e69 312
56b7d137
GP		 313 err = sock_queue_rcv_skb(sk, skb);
314 if (err < 0)
f7b64e69
JH		 315 kfree_skb(skb);
316
56b7d137 317 return err;
f7b64e69
JH		 318}
319
2a1afb5a
JH		 320static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
321 void *rp, size_t rp_len)
02d98129
JH		 322{
323 struct sk_buff *skb;
324 struct mgmt_hdr *hdr;
325 struct mgmt_ev_cmd_complete *ev;
56b7d137 326 int err;
02d98129
JH		 327
328 BT_DBG("sock %p", sk);
329
790eff44 330 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 331 if (!skb)
332 return -ENOMEM;
333
334 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 335
dcf4adbf 336 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 337 hdr->index = cpu_to_le16(index);
a38528f1 338 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 339
a38528f1 340 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 341 ev->opcode = cpu_to_le16(cmd);
aee9b218 342 ev->status = status;
8020c16a
SJ		 343
344 if (rp)
345 memcpy(ev->data, rp, rp_len);
02d98129 346
56b7d137
GP		 347 err = sock_queue_rcv_skb(sk, skb);
348 if (err < 0)
02d98129
JH		 349 kfree_skb(skb);
350
e5f0e151 351 return err;
02d98129
JH		 352}
353
04124681
GP		 354static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
355 u16 data_len)
a38528f1
JH		 356{
357 struct mgmt_rp_read_version rp;
358
359 BT_DBG("sock %p", sk);
360
361 rp.version = MGMT_VERSION;
dcf4adbf 362 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 363
2a1afb5a
JH		 364 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
365 &rp, sizeof(rp));
a38528f1
JH		 366}
367
04124681
GP		 368static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
369 u16 data_len)
e70bb2e8
JH		 370{
371 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 372 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
373 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 374 __le16 *opcode;
e70bb2e8
JH		 375 size_t rp_size;
376 int i, err;
377
378 BT_DBG("sock %p", sk);
379
380 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
381
382 rp = kmalloc(rp_size, GFP_KERNEL);
383 if (!rp)
384 return -ENOMEM;
385
dcf4adbf
JP		 386 rp->num_commands = cpu_to_le16(num_commands);
387 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 388
389 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
390 put_unaligned_le16(mgmt_commands[i], opcode);
391
392 for (i = 0; i < num_events; i++, opcode++)
393 put_unaligned_le16(mgmt_events[i], opcode);
394
2a1afb5a
JH		 395 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
396 rp, rp_size);
e70bb2e8
JH		 397 kfree(rp);
398
399 return err;
400}
401
04124681
GP		 402static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
403 u16 data_len)
faba42eb 404{
faba42eb 405 struct mgmt_rp_read_index_list *rp;
8035ded4 406 struct hci_dev *d;
a38528f1 407 size_t rp_len;
faba42eb 408 u16 count;
476e44cb 409 int err;
faba42eb
JH		 410
411 BT_DBG("sock %p", sk);
412
413 read_lock(&hci_dev_list_lock);
414
415 count = 0;
bb4b2a9a 416 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 417 if (d->dev_type == HCI_BREDR &&
d7a5a11d 418 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 419 count++;
faba42eb
JH		 420 }
421
a38528f1
JH		 422 rp_len = sizeof(*rp) + (2 * count);
423 rp = kmalloc(rp_len, GFP_ATOMIC);
424 if (!rp) {
b2c60d42 425 read_unlock(&hci_dev_list_lock);
faba42eb 426 return -ENOMEM;
b2c60d42 427 }
faba42eb 428
476e44cb 429 count = 0;
8035ded4 430 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 431 if (hci_dev_test_flag(d, HCI_SETUP) ||
432 hci_dev_test_flag(d, HCI_CONFIG) ||
433 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 434 continue;
435
73d1df2a
MH		 436 /* Devices marked as raw-only are neither configured
437 * nor unconfigured controllers.
438 */
439 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 440 continue;
441
73d1df2a 442 if (d->dev_type == HCI_BREDR &&
d7a5a11d 443 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 444 rp->index[count++] = cpu_to_le16(d->id);
445 BT_DBG("Added hci%u", d->id);
446 }
faba42eb
JH		 447 }
448
476e44cb
JH		 449 rp->num_controllers = cpu_to_le16(count);
450 rp_len = sizeof(*rp) + (2 * count);
451
faba42eb
JH		 452 read_unlock(&hci_dev_list_lock);
453
2a1afb5a
JH		 454 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
455 0, rp, rp_len);
faba42eb 456
a38528f1
JH		 457 kfree(rp);
458
459 return err;
faba42eb
JH		 460}
461
73d1df2a
MH		 462static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
463 void *data, u16 data_len)
464{
465 struct mgmt_rp_read_unconf_index_list *rp;
466 struct hci_dev *d;
467 size_t rp_len;
468 u16 count;
469 int err;
470
471 BT_DBG("sock %p", sk);
472
473 read_lock(&hci_dev_list_lock);
474
475 count = 0;
476 list_for_each_entry(d, &hci_dev_list, list) {
477 if (d->dev_type == HCI_BREDR &&
d7a5a11d 478 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 479 count++;
480 }
481
482 rp_len = sizeof(*rp) + (2 * count);
483 rp = kmalloc(rp_len, GFP_ATOMIC);
484 if (!rp) {
485 read_unlock(&hci_dev_list_lock);
486 return -ENOMEM;
487 }
488
489 count = 0;
490 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 491 if (hci_dev_test_flag(d, HCI_SETUP) ||
492 hci_dev_test_flag(d, HCI_CONFIG) ||
493 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 494 continue;
495
496 /* Devices marked as raw-only are neither configured
497 * nor unconfigured controllers.
498 */
499 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
500 continue;
501
502 if (d->dev_type == HCI_BREDR &&
d7a5a11d 503 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 504 rp->index[count++] = cpu_to_le16(d->id);
505 BT_DBG("Added hci%u", d->id);
506 }
507 }
508
509 rp->num_controllers = cpu_to_le16(count);
510 rp_len = sizeof(*rp) + (2 * count);
511
512 read_unlock(&hci_dev_list_lock);
513
2a1afb5a
JH		 514 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
515 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 516
517 kfree(rp);
518
519 return err;
520}
521
96f1474a
MH		 522static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
523 void *data, u16 data_len)
524{
525 struct mgmt_rp_read_ext_index_list *rp;
526 struct hci_dev *d;
527 size_t rp_len;
528 u16 count;
529 int err;
530
531 BT_DBG("sock %p", sk);
532
533 read_lock(&hci_dev_list_lock);
534
535 count = 0;
536 list_for_each_entry(d, &hci_dev_list, list) {
537 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
538 count++;
539 }
540
541 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
542 rp = kmalloc(rp_len, GFP_ATOMIC);
543 if (!rp) {
544 read_unlock(&hci_dev_list_lock);
545 return -ENOMEM;
546 }
547
548 count = 0;
549 list_for_each_entry(d, &hci_dev_list, list) {
550 if (hci_dev_test_flag(d, HCI_SETUP) ||
551 hci_dev_test_flag(d, HCI_CONFIG) ||
552 hci_dev_test_flag(d, HCI_USER_CHANNEL))
553 continue;
554
555 /* Devices marked as raw-only are neither configured
556 * nor unconfigured controllers.
557 */
558 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
559 continue;
560
561 if (d->dev_type == HCI_BREDR) {
562 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
563 rp->entry[count].type = 0x01;
564 else
565 rp->entry[count].type = 0x00;
566 } else if (d->dev_type == HCI_AMP) {
567 rp->entry[count].type = 0x02;
568 } else {
569 continue;
570 }
571
572 rp->entry[count].bus = d->bus;
573 rp->entry[count++].index = cpu_to_le16(d->id);
574 BT_DBG("Added hci%u", d->id);
575 }
576
577 rp->num_controllers = cpu_to_le16(count);
578 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
579
580 read_unlock(&hci_dev_list_lock);
581
582 /* If this command is called at least once, then all the
583 * default index and unconfigured index events are disabled
584 * and from now on only extended index events are used.
585 */
586 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
587 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
588 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
589
590 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
591 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
592
593 kfree(rp);
594
595 return err;
596}
597
dbece37a
MH		 598static bool is_configured(struct hci_dev *hdev)
599{
600 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 601 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 602 return false;
603
604 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
605 !bacmp(&hdev->public_addr, BDADDR_ANY))
606 return false;
607
608 return true;
609}
610
89bc22d2
MH		 611static __le32 get_missing_options(struct hci_dev *hdev)
612{
613 u32 options = 0;
614
dbece37a 615 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 616 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 617 options |= MGMT_OPTION_EXTERNAL_CONFIG;
618
89bc22d2
MH		 619 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
620 !bacmp(&hdev->public_addr, BDADDR_ANY))
621 options |= MGMT_OPTION_PUBLIC_ADDRESS;
622
623 return cpu_to_le32(options);
624}
625
f4537c04
MH		 626static int new_options(struct hci_dev *hdev, struct sock *skip)
627{
628 __le32 options = get_missing_options(hdev);
629
630 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
631 sizeof(options), skip);
632}
633
dbece37a
MH		 634static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
635{
636 __le32 options = get_missing_options(hdev);
637
2a1afb5a
JH		 638 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
639 sizeof(options));
dbece37a
MH		 640}
641
9fc3bfb6
MH		 642static int read_config_info(struct sock *sk, struct hci_dev *hdev,
643 void *data, u16 data_len)
644{
645 struct mgmt_rp_read_config_info rp;
89bc22d2 646 u32 options = 0;
9fc3bfb6
MH		 647
648 BT_DBG("sock %p %s", sk, hdev->name);
649
650 hci_dev_lock(hdev);
651
652 memset(&rp, 0, sizeof(rp));
653 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 654
eb1904f4
MH		 655 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
656 options |= MGMT_OPTION_EXTERNAL_CONFIG;
657
9fc3bfb6 658 if (hdev->set_bdaddr)
89bc22d2
MH		 659 options |= MGMT_OPTION_PUBLIC_ADDRESS;
660
661 rp.supported_options = cpu_to_le32(options);
662 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 663
664 hci_dev_unlock(hdev);
665
2a1afb5a
JH		 666 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
667 &rp, sizeof(rp));
9fc3bfb6
MH		 668}
669
69ab39ea
JH		 670static u32 get_supported_settings(struct hci_dev *hdev)
671{
672 u32 settings = 0;
673
674 settings |= MGMT_SETTING_POWERED;
b2939475 675 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 676 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 677 settings |= MGMT_SETTING_CONNECTABLE;
678 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 679
ed3fa31f 680 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 681 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
682 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 683 settings |= MGMT_SETTING_BREDR;
684 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 685
686 if (lmp_ssp_capable(hdev)) {
687 settings |= MGMT_SETTING_SSP;
688 settings |= MGMT_SETTING_HS;
689 }
e98d2ce2 690
05b3c3e7 691 if (lmp_sc_capable(hdev))
e98d2ce2 692 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 693 }
d7b7e796 694
eeca6f89 695 if (lmp_le_capable(hdev)) {
9d42820f 696 settings |= MGMT_SETTING_LE;
eeca6f89 697 settings |= MGMT_SETTING_ADVERTISING;
a3209694 698 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 699 settings |= MGMT_SETTING_PRIVACY;
93690c22 700 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 701 }
69ab39ea 702
eb1904f4
MH		 703 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
704 hdev->set_bdaddr)
9fc3bfb6
MH		 705 settings |= MGMT_SETTING_CONFIGURATION;
706
69ab39ea
JH		 707 return settings;
708}
709
710static u32 get_current_settings(struct hci_dev *hdev)
711{
712 u32 settings = 0;
713
f1f0eb02 714 if (hdev_is_powered(hdev))
f0d4b78a
MH		 715 settings |= MGMT_SETTING_POWERED;
716
d7a5a11d 717 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 718 settings |= MGMT_SETTING_CONNECTABLE;
719
d7a5a11d 720 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 721 settings |= MGMT_SETTING_FAST_CONNECTABLE;
722
d7a5a11d 723 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 724 settings |= MGMT_SETTING_DISCOVERABLE;
725
d7a5a11d 726 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 727 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 728
d7a5a11d 729 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 730 settings |= MGMT_SETTING_BREDR;
731
d7a5a11d 732 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 733 settings |= MGMT_SETTING_LE;
734
d7a5a11d 735 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 736 settings |= MGMT_SETTING_LINK_SECURITY;
737
d7a5a11d 738 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 739 settings |= MGMT_SETTING_SSP;
740
d7a5a11d 741 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 742 settings |= MGMT_SETTING_HS;
743
d7a5a11d 744 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 745 settings |= MGMT_SETTING_ADVERTISING;
746
d7a5a11d 747 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 748 settings |= MGMT_SETTING_SECURE_CONN;
749
d7a5a11d 750 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 751 settings |= MGMT_SETTING_DEBUG_KEYS;
752
d7a5a11d 753 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 754 settings |= MGMT_SETTING_PRIVACY;
755
93690c22
MH		 756 /* The current setting for static address has two purposes. The
757 * first is to indicate if the static address will be used and
758 * the second is to indicate if it is actually set.
759 *
760 * This means if the static address is not configured, this flag
761 * will never bet set. If the address is configured, then if the
762 * address is actually used decides if the flag is set or not.
763 *
764 * For single mode LE only controllers and dual-mode controllers
765 * with BR/EDR disabled, the existence of the static address will
766 * be evaluated.
767 */
b7cb93e5 768 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 769 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 770 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
771 if (bacmp(&hdev->static_addr, BDADDR_ANY))
772 settings |= MGMT_SETTING_STATIC_ADDRESS;
773 }
774
69ab39ea
JH		 775 return settings;
776}
777
ef580372
JH		 778#define PNP_INFO_SVCLASS_ID 0x1200
779
213202ed
JH		 780static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
781{
782 u8 *ptr = data, *uuids_start = NULL;
783 struct bt_uuid *uuid;
784
785 if (len < 4)
786 return ptr;
787
788 list_for_each_entry(uuid, &hdev->uuids, list) {
789 u16 uuid16;
790
791 if (uuid->size != 16)
792 continue;
793
794 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
795 if (uuid16 < 0x1100)
796 continue;
797
798 if (uuid16 == PNP_INFO_SVCLASS_ID)
799 continue;
800
801 if (!uuids_start) {
802 uuids_start = ptr;
803 uuids_start[0] = 1;
804 uuids_start[1] = EIR_UUID16_ALL;
805 ptr += 2;
806 }
807
808 /* Stop if not enough space to put next UUID */
809 if ((ptr - data) + sizeof(u16) > len) {
810 uuids_start[1] = EIR_UUID16_SOME;
811 break;
812 }
813
814 *ptr++ = (uuid16 & 0x00ff);
815 *ptr++ = (uuid16 & 0xff00) >> 8;
816 uuids_start[0] += sizeof(uuid16);
817 }
818
819 return ptr;
820}
821
cdf1963f
JH		 822static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
823{
824 u8 *ptr = data, *uuids_start = NULL;
825 struct bt_uuid *uuid;
826
827 if (len < 6)
828 return ptr;
829
830 list_for_each_entry(uuid, &hdev->uuids, list) {
831 if (uuid->size != 32)
832 continue;
833
834 if (!uuids_start) {
835 uuids_start = ptr;
836 uuids_start[0] = 1;
837 uuids_start[1] = EIR_UUID32_ALL;
838 ptr += 2;
839 }
840
841 /* Stop if not enough space to put next UUID */
842 if ((ptr - data) + sizeof(u32) > len) {
843 uuids_start[1] = EIR_UUID32_SOME;
844 break;
845 }
846
847 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
848 ptr += sizeof(u32);
849 uuids_start[0] += sizeof(u32);
850 }
851
852 return ptr;
853}
854
c00d575b
JH		 855static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
856{
857 u8 *ptr = data, *uuids_start = NULL;
858 struct bt_uuid *uuid;
859
860 if (len < 18)
861 return ptr;
862
863 list_for_each_entry(uuid, &hdev->uuids, list) {
864 if (uuid->size != 128)
865 continue;
866
867 if (!uuids_start) {
868 uuids_start = ptr;
869 uuids_start[0] = 1;
870 uuids_start[1] = EIR_UUID128_ALL;
871 ptr += 2;
872 }
873
874 /* Stop if not enough space to put next UUID */
875 if ((ptr - data) + 16 > len) {
876 uuids_start[1] = EIR_UUID128_SOME;
877 break;
878 }
879
880 memcpy(ptr, uuid->uuid, 16);
881 ptr += 16;
882 uuids_start[0] += 16;
883 }
884
885 return ptr;
886}
887
3b0602cd
JH		 888static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
889 struct hci_dev *hdev)
eb2a8d20 890{
3b0602cd 891 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 892
893 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
894 if (cmd->opcode == opcode)
895 return cmd;
896 }
897
898 return NULL;
899}
900
3b0602cd
JH		 901static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
902 struct hci_dev *hdev,
903 const void *data)
95868426 904{
3b0602cd 905 struct mgmt_pending_cmd *cmd;
95868426
JH		 906
907 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
908 if (cmd->user_data != data)
909 continue;
910 if (cmd->opcode == opcode)
911 return cmd;
912 }
913
914 return NULL;
915}
916
f14d8f64
MH		 917static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
918{
7a5f4990
MH		 919 u8 ad_len = 0;
920 size_t name_len;
921
922 name_len = strlen(hdev->dev_name);
923 if (name_len > 0) {
924 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
925
926 if (name_len > max_len) {
927 name_len = max_len;
928 ptr[1] = EIR_NAME_SHORT;
929 } else
930 ptr[1] = EIR_NAME_COMPLETE;
931
932 ptr[0] = name_len + 1;
933
934 memcpy(ptr + 2, hdev->dev_name, name_len);
935
936 ad_len += (name_len + 2);
937 ptr += (name_len + 2);
938 }
939
940 return ad_len;
f14d8f64
MH		 941}
942
943static void update_scan_rsp_data(struct hci_request *req)
944{
945 struct hci_dev *hdev = req->hdev;
946 struct hci_cp_le_set_scan_rsp_data cp;
947 u8 len;
948
d7a5a11d 949 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 950 return;
951
952 memset(&cp, 0, sizeof(cp));
953
954 len = create_scan_rsp_data(hdev, cp.data);
955
eb438b5f
JH		 956 if (hdev->scan_rsp_data_len == len &&
957 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 958 return;
959
eb438b5f
JH		 960 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
961 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 962
963 cp.length = len;
964
965 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
966}
967
9a43e25f
JH		 968static u8 get_adv_discov_flags(struct hci_dev *hdev)
969{
3b0602cd 970 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 971
972 /* If there's a pending mgmt command the flags will not yet have
973 * their final values, so check for this first.
974 */
975 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
976 if (cmd) {
977 struct mgmt_mode *cp = cmd->param;
978 if (cp->val == 0x01)
979 return LE_AD_GENERAL;
980 else if (cp->val == 0x02)
981 return LE_AD_LIMITED;
982 } else {
d7a5a11d 983 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 984 return LE_AD_LIMITED;
d7a5a11d 985 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 986 return LE_AD_GENERAL;
987 }
988
989 return 0;
990}
991
46cad2ed 992static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 993{
994 u8 ad_len = 0, flags = 0;
441ad2d0 995
9a43e25f 996 flags |= get_adv_discov_flags(hdev);
441ad2d0 997
d7a5a11d 998 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 999 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 1000
1001 if (flags) {
1002 BT_DBG("adv flags 0x%02x", flags);
1003
1004 ptr[0] = 2;
1005 ptr[1] = EIR_FLAGS;
1006 ptr[2] = flags;
1007
1008 ad_len += 3;
1009 ptr += 3;
1010 }
1011
1012 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
1013 ptr[0] = 2;
1014 ptr[1] = EIR_TX_POWER;
1015 ptr[2] = (u8) hdev->adv_tx_power;
1016
1017 ad_len += 3;
1018 ptr += 3;
1019 }
1020
441ad2d0
MH		 1021 return ad_len;
1022}
1023
5947f4bc 1024static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 1025{
1026 struct hci_dev *hdev = req->hdev;
1027 struct hci_cp_le_set_adv_data cp;
1028 u8 len;
1029
d7a5a11d 1030 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1031 return;
1032
1033 memset(&cp, 0, sizeof(cp));
1034
46cad2ed 1035 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 1036
1037 if (hdev->adv_data_len == len &&
1038 memcmp(cp.data, hdev->adv_data, len) == 0)
1039 return;
1040
1041 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1042 hdev->adv_data_len = len;
1043
1044 cp.length = len;
1045
1046 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1047}
1048
bc6d2d04
JH		 1049int mgmt_update_adv_data(struct hci_dev *hdev)
1050{
1051 struct hci_request req;
1052
1053 hci_req_init(&req, hdev);
1054 update_adv_data(&req);
1055
1056 return hci_req_run(&req, NULL);
1057}
1058
ef580372
JH		 1059static void create_eir(struct hci_dev *hdev, u8 *data)
1060{
1061 u8 *ptr = data;
ef580372
JH		 1062 size_t name_len;
1063
1064 name_len = strlen(hdev->dev_name);
1065
1066 if (name_len > 0) {
1067 /* EIR Data type */
1068 if (name_len > 48) {
1069 name_len = 48;
1070 ptr[1] = EIR_NAME_SHORT;
1071 } else
1072 ptr[1] = EIR_NAME_COMPLETE;
1073
1074 /* EIR Data length */
1075 ptr[0] = name_len + 1;
1076
1077 memcpy(ptr + 2, hdev->dev_name, name_len);
1078
ef580372
JH		 1079 ptr += (name_len + 2);
1080 }
1081
bbaf444a 1082 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1083 ptr[0] = 2;
1084 ptr[1] = EIR_TX_POWER;
1085 ptr[2] = (u8) hdev->inq_tx_power;
1086
91c4e9b1
MH		 1087 ptr += 3;
1088 }
1089
2b9be137
MH		 1090 if (hdev->devid_source > 0) {
1091 ptr[0] = 9;
1092 ptr[1] = EIR_DEVICE_ID;
1093
1094 put_unaligned_le16(hdev->devid_source, ptr + 2);
1095 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1096 put_unaligned_le16(hdev->devid_product, ptr + 6);
1097 put_unaligned_le16(hdev->devid_version, ptr + 8);
1098
2b9be137
MH		 1099 ptr += 10;
1100 }
1101
213202ed 1102 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1103 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1104 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1105}
1106
890ea898 1107static void update_eir(struct hci_request *req)
ef580372 1108{
890ea898 1109 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1110 struct hci_cp_write_eir cp;
1111
504c8dcd 1112 if (!hdev_is_powered(hdev))
890ea898 1113 return;
7770c4aa 1114
976eb20e 1115 if (!lmp_ext_inq_capable(hdev))
890ea898 1116 return;
ef580372 1117
d7a5a11d 1118 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1119 return;
ef580372 1120
d7a5a11d 1121 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1122 return;
ef580372
JH		 1123
1124 memset(&cp, 0, sizeof(cp));
1125
1126 create_eir(hdev, cp.data);
1127
1128 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1129 return;
ef580372
JH		 1130
1131 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1132
890ea898 1133 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1134}
1135
1136static u8 get_service_classes(struct hci_dev *hdev)
1137{
1138 struct bt_uuid *uuid;
1139 u8 val = 0;
1140
1141 list_for_each_entry(uuid, &hdev->uuids, list)
1142 val |= uuid->svc_hint;
1143
1144 return val;
1145}
1146
890ea898 1147static void update_class(struct hci_request *req)
ef580372 1148{
890ea898 1149 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1150 u8 cod[3];
1151
1152 BT_DBG("%s", hdev->name);
1153
504c8dcd 1154 if (!hdev_is_powered(hdev))
890ea898 1155 return;
7770c4aa 1156
d7a5a11d 1157 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1158 return;
1159
d7a5a11d 1160 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1161 return;
ef580372
JH		 1162
1163 cod[0] = hdev->minor_class;
1164 cod[1] = hdev->major_class;
1165 cod[2] = get_service_classes(hdev);
1166
d7a5a11d 1167 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1168 cod[1] |= 0x20;
1169
ef580372 1170 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1171 return;
ef580372 1172
890ea898 1173 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1174}
1175
a4858cb9 1176static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1177{
3b0602cd 1178 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1179
1180 /* If there's a pending mgmt command the flag will not yet have
1181 * it's final value, so check for this first.
1182 */
1183 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1184 if (cmd) {
1185 struct mgmt_mode *cp = cmd->param;
a4858cb9 1186 return cp->val;
199a2fb1
JH		 1187 }
1188
d7a5a11d 1189 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1190}
1191
0ec5ae84
JH		 1192static void disable_advertising(struct hci_request *req)
1193{
1194 u8 enable = 0x00;
1195
1196 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1197}
1198
199a2fb1
JH		 1199static void enable_advertising(struct hci_request *req)
1200{
1201 struct hci_dev *hdev = req->hdev;
1202 struct hci_cp_le_set_adv_param cp;
8f2a0601 1203 u8 own_addr_type, enable = 0x01;
a4858cb9 1204 bool connectable;
199a2fb1 1205
0ec5ae84
JH		 1206 if (hci_conn_num(hdev, LE_LINK) > 0)
1207 return;
1208
d7a5a11d 1209 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1210 disable_advertising(req);
1211
5ce194c4 1212 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1213 * hci_update_random_address knows that it's safe to go ahead
1214 * and write a new random address. The flag will be set back on
1215 * as soon as the SET_ADV_ENABLE HCI command completes.
1216 */
a358dc11 1217 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1218
d7a5a11d 1219 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1220 connectable = true;
1221 else
1222 connectable = get_connectable(hdev);
8f2a0601 1223
a4858cb9
JH		 1224 /* Set require_privacy to true only when non-connectable
1225 * advertising is used. In that case it is fine to use a
1226 * non-resolvable private address.
1227 */
1228 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1229 return;
1230
41c90c18 1231 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1232 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1233 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1234 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1235 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1236 cp.channel_map = hdev->le_adv_channel_map;
1237
1238 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1239
1240 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1241}
1242
7d78525d
JH		 1243static void service_cache_off(struct work_struct *work)
1244{
1245 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1246 service_cache.work);
890ea898 1247 struct hci_request req;
7d78525d 1248
a69d8927 1249 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1250 return;
1251
890ea898
JH		 1252 hci_req_init(&req, hdev);
1253
7d78525d
JH		 1254 hci_dev_lock(hdev);
1255
890ea898
JH		 1256 update_eir(&req);
1257 update_class(&req);
7d78525d
JH		 1258
1259 hci_dev_unlock(hdev);
890ea898
JH		 1260
1261 hci_req_run(&req, NULL);
7d78525d
JH		 1262}
1263
d6bfd59c
JH		 1264static void rpa_expired(struct work_struct *work)
1265{
1266 struct hci_dev *hdev = container_of(work, struct hci_dev,
1267 rpa_expired.work);
1268 struct hci_request req;
1269
1270 BT_DBG("");
1271
a1536da2 1272 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1273
d7a5a11d 1274 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1275 return;
1276
1277 /* The generation of a new RPA and programming it into the
1278 * controller happens in the enable_advertising() function.
1279 */
d6bfd59c 1280 hci_req_init(&req, hdev);
d6bfd59c 1281 enable_advertising(&req);
d6bfd59c
JH		 1282 hci_req_run(&req, NULL);
1283}
1284
6a919082 1285static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1286{
238be788 1287 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1288 return;
1289
4f87da80 1290 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1291 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1292
4f87da80
JH		 1293 /* Non-mgmt controlled devices get this bit set
1294 * implicitly so that pairing works for them, however
1295 * for mgmt we require user-space to explicitly enable
1296 * it
1297 */
a358dc11 1298 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1299}
1300
0f4e68cf 1301static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1302 void *data, u16 data_len)
0381101f 1303{
a38528f1 1304 struct mgmt_rp_read_info rp;
f7b64e69 1305
bdb6d971 1306 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1307
09fd0de5 1308 hci_dev_lock(hdev);
f7b64e69 1309
dc4fe30b
JH		 1310 memset(&rp, 0, sizeof(rp));
1311
69ab39ea 1312 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1313
69ab39ea 1314 rp.version = hdev->hci_ver;
eb55ef07 1315 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1316
1317 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1318 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1319
a38528f1 1320 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1321
dc4fe30b 1322 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1323 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1324
09fd0de5 1325 hci_dev_unlock(hdev);
0381101f 1326
2a1afb5a
JH		 1327 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1328 sizeof(rp));
0381101f
JH		 1329}
1330
3b0602cd 1331static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1332{
1333 sock_put(cmd->sk);
c68fb7ff 1334 kfree(cmd->param);
eec8d2bc
JH		 1335 kfree(cmd);
1336}
1337
3b0602cd
JH		 1338static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1339 struct hci_dev *hdev,
1340 void *data, u16 len)
eec8d2bc 1341{
3b0602cd 1342 struct mgmt_pending_cmd *cmd;
eec8d2bc 1343
fca20018 1344 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1345 if (!cmd)
366a0336 1346 return NULL;
eec8d2bc
JH		 1347
1348 cmd->opcode = opcode;
2e58ef3e 1349 cmd->index = hdev->id;
eec8d2bc 1350
323b0b88 1351 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1352 if (!cmd->param) {
eec8d2bc 1353 kfree(cmd);
366a0336 1354 return NULL;
eec8d2bc
JH		 1355 }
1356
323b0b88 1357 cmd->param_len = len;
eec8d2bc
JH		 1358
1359 cmd->sk = sk;
1360 sock_hold(sk);
1361
2e58ef3e 1362 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1363
366a0336 1364 return cmd;
eec8d2bc
JH		 1365}
1366
744cf19e 1367static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1368 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1369 void *data),
04124681 1370 void *data)
eec8d2bc 1371{
3b0602cd 1372 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1373
a3d09356 1374 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1375 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1376 continue;
1377
eec8d2bc
JH		 1378 cb(cmd, data);
1379 }
1380}
1381
3b0602cd 1382static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1383{
73f22f62
JH		 1384 list_del(&cmd->list);
1385 mgmt_pending_free(cmd);
1386}
1387
69ab39ea 1388static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1389{
69ab39ea 1390 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1391
2a1afb5a
JH		 1392 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1393 sizeof(settings));
8680570b
JH		 1394}
1395
1904a853 1396static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1397{
1398 BT_DBG("%s status 0x%02x", hdev->name, status);
1399
a3172b7e
JH		 1400 if (hci_conn_count(hdev) == 0) {
1401 cancel_delayed_work(&hdev->power_off);
8b064a3a 1402 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1403 }
8b064a3a
JH		 1404}
1405
23a48093 1406static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1407{
1408 struct hci_dev *hdev = req->hdev;
1409 struct hci_cp_remote_name_req_cancel cp;
1410 struct inquiry_entry *e;
1411
1412 switch (hdev->discovery.state) {
1413 case DISCOVERY_FINDING:
1414 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1415 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1416 } else {
1417 cancel_delayed_work(&hdev->le_scan_disable);
1418 hci_req_add_le_scan_disable(req);
1419 }
1420
23a48093 1421 return true;
21a60d30
JH		 1422
1423 case DISCOVERY_RESOLVING:
1424 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1425 NAME_PENDING);
1426 if (!e)
23a48093 1427 break;
21a60d30
JH		 1428
1429 bacpy(&cp.bdaddr, &e->data.bdaddr);
1430 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1431 &cp);
1432
23a48093 1433 return true;
21a60d30
JH		 1434
1435 default:
1436 /* Passive scanning */
d7a5a11d 1437 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1438 hci_req_add_le_scan_disable(req);
23a48093
JH		 1439 return true;
1440 }
1441
21a60d30
JH		 1442 break;
1443 }
23a48093
JH		 1444
1445 return false;
21a60d30
JH		 1446}
1447
8b064a3a
JH		 1448static int clean_up_hci_state(struct hci_dev *hdev)
1449{
1450 struct hci_request req;
1451 struct hci_conn *conn;
23a48093
JH		 1452 bool discov_stopped;
1453 int err;
8b064a3a
JH		 1454
1455 hci_req_init(&req, hdev);
1456
1457 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1458 test_bit(HCI_PSCAN, &hdev->flags)) {
1459 u8 scan = 0x00;
1460 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1461 }
1462
d7a5a11d 1463 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1464 disable_advertising(&req);
1465
23a48093 1466 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1467
1468 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1469 struct hci_cp_disconnect dc;
c9910d0f
JH		 1470 struct hci_cp_reject_conn_req rej;
1471
1472 switch (conn->state) {
1473 case BT_CONNECTED:
1474 case BT_CONFIG:
1475 dc.handle = cpu_to_le16(conn->handle);
1476 dc.reason = 0x15; /* Terminated due to Power Off */
1477 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1478 break;
1479 case BT_CONNECT:
1480 if (conn->type == LE_LINK)
1481 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1482 0, NULL);
1483 else if (conn->type == ACL_LINK)
1484 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1485 6, &conn->dst);
1486 break;
1487 case BT_CONNECT2:
1488 bacpy(&rej.bdaddr, &conn->dst);
1489 rej.reason = 0x15; /* Terminated due to Power Off */
1490 if (conn->type == ACL_LINK)
1491 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1492 sizeof(rej), &rej);
1493 else if (conn->type == SCO_LINK)
1494 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1495 sizeof(rej), &rej);
1496 break;
1497 }
8b064a3a
JH		 1498 }
1499
23a48093
JH		 1500 err = hci_req_run(&req, clean_up_hci_complete);
1501 if (!err && discov_stopped)
1502 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1503
1504 return err;
8b064a3a
JH		 1505}
1506
bdb6d971 1507static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1508 u16 len)
eec8d2bc 1509{
650f726d 1510 struct mgmt_mode *cp = data;
3b0602cd 1511 struct mgmt_pending_cmd *cmd;
4b34ee78 1512 int err;
eec8d2bc 1513
bdb6d971 1514 BT_DBG("request for %s", hdev->name);
eec8d2bc 1515
a7e80f25 1516 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1517 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1518 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1519
09fd0de5 1520 hci_dev_lock(hdev);
eec8d2bc 1521
87b95ba6 1522 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1523 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1524 MGMT_STATUS_BUSY);
87b95ba6
JH		 1525 goto failed;
1526 }
1527
a69d8927 1528 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1529 cancel_delayed_work(&hdev->power_off);
1530
1531 if (cp->val) {
a1d70450
JH		 1532 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1533 data, len);
1534 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1535 goto failed;
1536 }
1537 }
1538
4b34ee78 1539 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1540 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1541 goto failed;
1542 }
1543
2e58ef3e 1544 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1545 if (!cmd) {
1546 err = -ENOMEM;
eec8d2bc 1547 goto failed;
366a0336 1548 }
eec8d2bc 1549
8b064a3a 1550 if (cp->val) {
19202573 1551 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1552 err = 0;
1553 } else {
1554 /* Disconnect connections, stop scans, etc */
1555 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1556 if (!err)
1557 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1558 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1559
8b064a3a
JH		 1560 /* ENODATA means there were no HCI commands queued */
1561 if (err == -ENODATA) {
a3172b7e 1562 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1563 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1564 err = 0;
1565 }
1566 }
eec8d2bc
JH		 1567
1568failed:
09fd0de5 1569 hci_dev_unlock(hdev);
366a0336 1570 return err;
eec8d2bc
JH		 1571}
1572
beadb2bd
JH		 1573static int new_settings(struct hci_dev *hdev, struct sock *skip)
1574{
1575 __le32 ev;
1576
1577 ev = cpu_to_le32(get_current_settings(hdev));
1578
1579 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1580}
1581
91a668b0
JH		 1582int mgmt_new_settings(struct hci_dev *hdev)
1583{
1584 return new_settings(hdev, NULL);
1585}
1586
bd99abdd
JH		 1587struct cmd_lookup {
1588 struct sock *sk;
1589 struct hci_dev *hdev;
1590 u8 mgmt_status;
1591};
1592
3b0602cd 1593static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1594{
1595 struct cmd_lookup *match = data;
1596
1597 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1598
1599 list_del(&cmd->list);
1600
1601 if (match->sk == NULL) {
1602 match->sk = cmd->sk;
1603 sock_hold(match->sk);
1604 }
1605
1606 mgmt_pending_free(cmd);
1607}
1608
3b0602cd 1609static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1610{
1611 u8 *status = data;
1612
a69e8375 1613 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1614 mgmt_pending_remove(cmd);
1615}
1616
3b0602cd 1617static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1618{
1619 if (cmd->cmd_complete) {
1620 u8 *status = data;
1621
1622 cmd->cmd_complete(cmd, *status);
1623 mgmt_pending_remove(cmd);
1624
1625 return;
1626 }
1627
1628 cmd_status_rsp(cmd, data);
1629}
1630
3b0602cd 1631static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1632{
2a1afb5a
JH		 1633 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1634 cmd->param, cmd->param_len);
f5818c22
JH		 1635}
1636
3b0602cd 1637static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1638{
2a1afb5a
JH		 1639 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1640 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1641}
1642
e6fe7986
JH		 1643static u8 mgmt_bredr_support(struct hci_dev *hdev)
1644{
1645 if (!lmp_bredr_capable(hdev))
1646 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1647 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1648 return MGMT_STATUS_REJECTED;
1649 else
1650 return MGMT_STATUS_SUCCESS;
1651}
1652
1653static u8 mgmt_le_support(struct hci_dev *hdev)
1654{
1655 if (!lmp_le_capable(hdev))
1656 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1657 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1658 return MGMT_STATUS_REJECTED;
1659 else
1660 return MGMT_STATUS_SUCCESS;
1661}
1662
1904a853
MH		 1663static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1664 u16 opcode)
bfaf8c9f 1665{
3b0602cd 1666 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1667 struct mgmt_mode *cp;
970ba524 1668 struct hci_request req;
bfaf8c9f
JH		 1669 bool changed;
1670
1671 BT_DBG("status 0x%02x", status);
1672
1673 hci_dev_lock(hdev);
1674
1675 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1676 if (!cmd)
1677 goto unlock;
1678
1679 if (status) {
1680 u8 mgmt_err = mgmt_status(status);
a69e8375 1681 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1682 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1683 goto remove_cmd;
1684 }
1685
1686 cp = cmd->param;
d4462a07 1687 if (cp->val) {
238be788 1688 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1689
1690 if (hdev->discov_timeout > 0) {
1691 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1692 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1693 to);
1694 }
1695 } else {
a69d8927 1696 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1697 }
bfaf8c9f
JH		 1698
1699 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1700
1701 if (changed)
1702 new_settings(hdev, cmd->sk);
1703
970ba524
MH		 1704 /* When the discoverable mode gets changed, make sure
1705 * that class of device has the limited discoverable
432df05e
JH		 1706 * bit correctly set. Also update page scan based on whitelist
1707 * entries.
970ba524
MH		 1708 */
1709 hci_req_init(&req, hdev);
1d2dc5b7 1710 __hci_update_page_scan(&req);
970ba524
MH		 1711 update_class(&req);
1712 hci_req_run(&req, NULL);
1713
bfaf8c9f
JH		 1714remove_cmd:
1715 mgmt_pending_remove(cmd);
1716
1717unlock:
1718 hci_dev_unlock(hdev);
1719}
1720
bdb6d971 1721static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1722 u16 len)
73f22f62 1723{
650f726d 1724 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1725 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1726 struct hci_request req;
5e5282bb 1727 u16 timeout;
9a43e25f 1728 u8 scan;
73f22f62
JH		 1729 int err;
1730
bdb6d971 1731 BT_DBG("request for %s", hdev->name);
73f22f62 1732
d7a5a11d
MH		 1733 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1734 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1735 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1736 MGMT_STATUS_REJECTED);
33c525c0 1737
310a3d48 1738 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1739 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1740 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1741
1f350c87 1742 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1743
1744 /* Disabling discoverable requires that no timeout is set,
1745 * and enabling limited discoverable requires a timeout.
1746 */
1747 if ((cp->val == 0x00 && timeout > 0) ||
1748 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1749 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1750 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1751
09fd0de5 1752 hci_dev_lock(hdev);
73f22f62 1753
5e5282bb 1754 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1755 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1756 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1757 goto failed;
1758 }
1759
2e58ef3e 1760 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1761 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1762 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1763 MGMT_STATUS_BUSY);
73f22f62
JH		 1764 goto failed;
1765 }
1766
d7a5a11d 1767 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1768 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1769 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1770 goto failed;
1771 }
1772
1773 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1774 bool changed = false;
1775
310a3d48
MH		 1776 /* Setting limited discoverable when powered off is
1777 * not a valid operation since it requires a timeout
1778 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1779 */
d7a5a11d 1780 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1781 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1782 changed = true;
1783 }
1784
5e5282bb 1785 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1786 if (err < 0)
1787 goto failed;
1788
1789 if (changed)
1790 err = new_settings(hdev, sk);
1791
5e5282bb
JH		 1792 goto failed;
1793 }
1794
310a3d48
MH		 1795 /* If the current mode is the same, then just update the timeout
1796 * value with the new value. And if only the timeout gets updated,
1797 * then no need for any HCI transactions.
1798 */
d7a5a11d
MH		 1799 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1800 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1801 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1802 cancel_delayed_work(&hdev->discov_off);
1803 hdev->discov_timeout = timeout;
955638ec 1804
36261547
MH		 1805 if (cp->val && hdev->discov_timeout > 0) {
1806 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1807 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1808 to);
955638ec
MH		 1809 }
1810
69ab39ea 1811 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1812 goto failed;
1813 }
1814
2e58ef3e 1815 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1816 if (!cmd) {
1817 err = -ENOMEM;
73f22f62 1818 goto failed;
366a0336 1819 }
73f22f62 1820
310a3d48
MH		 1821 /* Cancel any potential discoverable timeout that might be
1822 * still active and store new timeout value. The arming of
1823 * the timeout happens in the complete handler.
1824 */
1825 cancel_delayed_work(&hdev->discov_off);
1826 hdev->discov_timeout = timeout;
1827
b456f87c
JH		 1828 /* Limited discoverable mode */
1829 if (cp->val == 0x02)
a1536da2 1830 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1831 else
a358dc11 1832 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1833
bfaf8c9f
JH		 1834 hci_req_init(&req, hdev);
1835
9a43e25f
JH		 1836 /* The procedure for LE-only controllers is much simpler - just
1837 * update the advertising data.
1838 */
d7a5a11d 1839 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1840 goto update_ad;
1841
73f22f62
JH		 1842 scan = SCAN_PAGE;
1843
310a3d48
MH		 1844 if (cp->val) {
1845 struct hci_cp_write_current_iac_lap hci_cp;
1846
1847 if (cp->val == 0x02) {
1848 /* Limited discoverable mode */
33337dcb 1849 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1850 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1851 hci_cp.iac_lap[1] = 0x8b;
1852 hci_cp.iac_lap[2] = 0x9e;
1853 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1854 hci_cp.iac_lap[4] = 0x8b;
1855 hci_cp.iac_lap[5] = 0x9e;
1856 } else {
1857 /* General discoverable mode */
310a3d48
MH		 1858 hci_cp.num_iac = 1;
1859 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1860 hci_cp.iac_lap[1] = 0x8b;
1861 hci_cp.iac_lap[2] = 0x9e;
1862 }
1863
1864 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1865 (hci_cp.num_iac * 3) + 1, &hci_cp);
1866
73f22f62 1867 scan |= SCAN_INQUIRY;
310a3d48 1868 } else {
a358dc11 1869 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1870 }
73f22f62 1871
310a3d48 1872 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1873
9a43e25f
JH		 1874update_ad:
1875 update_adv_data(&req);
1876
bfaf8c9f 1877 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1878 if (err < 0)
a664b5bc 1879 mgmt_pending_remove(cmd);
73f22f62
JH		 1880
1881failed:
09fd0de5 1882 hci_dev_unlock(hdev);
73f22f62
JH		 1883 return err;
1884}
1885
406d7804
JH		 1886static void write_fast_connectable(struct hci_request *req, bool enable)
1887{
bd98b996 1888 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1889 struct hci_cp_write_page_scan_activity acp;
1890 u8 type;
1891
d7a5a11d 1892 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1893 return;
1894
4c01f8b8
JH		 1895 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1896 return;
1897
406d7804
JH		 1898 if (enable) {
1899 type = PAGE_SCAN_TYPE_INTERLACED;
1900
1901 /* 160 msec page scan interval */
dcf4adbf 1902 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1903 } else {
1904 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1905
1906 /* default 1.28 sec page scan */
dcf4adbf 1907 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1908 }
1909
dcf4adbf 1910 acp.window = cpu_to_le16(0x0012);
406d7804 1911
bd98b996
JH		 1912 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1913 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1914 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1915 sizeof(acp), &acp);
1916
1917 if (hdev->page_scan_type != type)
1918 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1919}
1920
1904a853
MH		 1921static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1922 u16 opcode)
2b76f453 1923{
3b0602cd 1924 struct mgmt_pending_cmd *cmd;
d7b856f9 1925 struct mgmt_mode *cp;
bc6d2d04 1926 bool conn_changed, discov_changed;
2b76f453
JH		 1927
1928 BT_DBG("status 0x%02x", status);
1929
1930 hci_dev_lock(hdev);
1931
1932 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1933 if (!cmd)
1934 goto unlock;
1935
37438c1f
JH		 1936 if (status) {
1937 u8 mgmt_err = mgmt_status(status);
a69e8375 1938 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1939 goto remove_cmd;
1940 }
1941
d7b856f9 1942 cp = cmd->param;
bc6d2d04 1943 if (cp->val) {
238be788
MH		 1944 conn_changed = !hci_dev_test_and_set_flag(hdev,
1945 HCI_CONNECTABLE);
bc6d2d04
JH		 1946 discov_changed = false;
1947 } else {
a69d8927
MH		 1948 conn_changed = hci_dev_test_and_clear_flag(hdev,
1949 HCI_CONNECTABLE);
1950 discov_changed = hci_dev_test_and_clear_flag(hdev,
1951 HCI_DISCOVERABLE);
bc6d2d04 1952 }
d7b856f9 1953
2b76f453
JH		 1954 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1955
bc6d2d04 1956 if (conn_changed || discov_changed) {
d7b856f9 1957 new_settings(hdev, cmd->sk);
1d2dc5b7 1958 hci_update_page_scan(hdev);
bc6d2d04
JH		 1959 if (discov_changed)
1960 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1961 hci_update_background_scan(hdev);
1962 }
d7b856f9 1963
37438c1f 1964remove_cmd:
2b76f453
JH		 1965 mgmt_pending_remove(cmd);
1966
1967unlock:
1968 hci_dev_unlock(hdev);
1969}
1970
e8ba3a1f
JH		 1971static int set_connectable_update_settings(struct hci_dev *hdev,
1972 struct sock *sk, u8 val)
1973{
1974 bool changed = false;
1975 int err;
1976
d7a5a11d 1977 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1978 changed = true;
1979
1980 if (val) {
a1536da2 1981 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1982 } else {
a358dc11
MH		 1983 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1984 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1985 }
1986
1987 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1988 if (err < 0)
1989 return err;
1990
562064e6 1991 if (changed) {
1d2dc5b7 1992 hci_update_page_scan(hdev);
562064e6 1993 hci_update_background_scan(hdev);
e8ba3a1f 1994 return new_settings(hdev, sk);
562064e6 1995 }
e8ba3a1f
JH		 1996
1997 return 0;
1998}
1999
bdb6d971 2000static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2001 u16 len)
9fbcbb45 2002{
650f726d 2003 struct mgmt_mode *cp = data;
3b0602cd 2004 struct mgmt_pending_cmd *cmd;
2b76f453 2005 struct hci_request req;
1987fdc7 2006 u8 scan;
9fbcbb45
JH		 2007 int err;
2008
bdb6d971 2009 BT_DBG("request for %s", hdev->name);
9fbcbb45 2010
d7a5a11d
MH		 2011 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2012 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2013 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2014 MGMT_STATUS_REJECTED);
33c525c0 2015
a7e80f25 2016 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2017 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2018 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2019
09fd0de5 2020 hci_dev_lock(hdev);
9fbcbb45 2021
4b34ee78 2022 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2023 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2024 goto failed;
2025 }
2026
2e58ef3e 2027 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 2028 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2029 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2030 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2031 goto failed;
2032 }
2033
2e58ef3e 2034 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2035 if (!cmd) {
2036 err = -ENOMEM;
9fbcbb45 2037 goto failed;
366a0336 2038 }
9fbcbb45 2039
9b74246f 2040 hci_req_init(&req, hdev);
9fbcbb45 2041
9a43e25f
JH		 2042 /* If BR/EDR is not enabled and we disable advertising as a
2043 * by-product of disabling connectable, we need to update the
2044 * advertising flags.
2045 */
d7a5a11d 2046 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2047 if (!cp->val) {
a358dc11
MH		 2048 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2049 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2050 }
2051 update_adv_data(&req);
2052 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2053 if (cp->val) {
2054 scan = SCAN_PAGE;
2055 } else {
3bd27240
JH		 2056 /* If we don't have any whitelist entries just
2057 * disable all scanning. If there are entries
2058 * and we had both page and inquiry scanning
2059 * enabled then fall back to only page scanning.
2060 * Otherwise no changes are needed.
2061 */
2062 if (list_empty(&hdev->whitelist))
2063 scan = SCAN_DISABLED;
2064 else if (test_bit(HCI_ISCAN, &hdev->flags))
2065 scan = SCAN_PAGE;
2066 else
2067 goto no_scan_update;
9b74246f
JH		 2068
2069 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2070 hdev->discov_timeout > 0)
9b74246f
JH		 2071 cancel_delayed_work(&hdev->discov_off);
2072 }
2b76f453 2073
9b74246f
JH		 2074 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2075 }
2b76f453 2076
3bd27240 2077no_scan_update:
e8b1202c 2078 /* Update the advertising parameters if necessary */
d7a5a11d 2079 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 2080 enable_advertising(&req);
1987fdc7 2081
2b76f453 2082 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2083 if (err < 0) {
a664b5bc 2084 mgmt_pending_remove(cmd);
9b74246f 2085 if (err == -ENODATA)
a81070ba
JH		 2086 err = set_connectable_update_settings(hdev, sk,
2087 cp->val);
9b74246f
JH		 2088 goto failed;
2089 }
9fbcbb45
JH		 2090
2091failed:
09fd0de5 2092 hci_dev_unlock(hdev);
9fbcbb45
JH		 2093 return err;
2094}
2095
b2939475 2096static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2097 u16 len)
c542a06c 2098{
650f726d 2099 struct mgmt_mode *cp = data;
55594356 2100 bool changed;
c542a06c
JH		 2101 int err;
2102
bdb6d971 2103 BT_DBG("request for %s", hdev->name);
c542a06c 2104
a7e80f25 2105 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2107 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2108
09fd0de5 2109 hci_dev_lock(hdev);
c542a06c
JH		 2110
2111 if (cp->val)
238be788 2112 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2113 else
a69d8927 2114 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2115
b2939475 2116 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2117 if (err < 0)
55594356 2118 goto unlock;
c542a06c 2119
55594356
MH		 2120 if (changed)
2121 err = new_settings(hdev, sk);
c542a06c 2122
55594356 2123unlock:
09fd0de5 2124 hci_dev_unlock(hdev);
c542a06c
JH		 2125 return err;
2126}
2127
04124681
GP		 2128static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2129 u16 len)
33ef95ed
JH		 2130{
2131 struct mgmt_mode *cp = data;
3b0602cd 2132 struct mgmt_pending_cmd *cmd;
e6fe7986 2133 u8 val, status;
33ef95ed
JH		 2134 int err;
2135
bdb6d971 2136 BT_DBG("request for %s", hdev->name);
33ef95ed 2137
e6fe7986
JH		 2138 status = mgmt_bredr_support(hdev);
2139 if (status)
a69e8375
JH		 2140 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2141 status);
33c525c0 2142
a7e80f25 2143 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2144 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2145 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2146
33ef95ed
JH		 2147 hci_dev_lock(hdev);
2148
4b34ee78 2149 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2150 bool changed = false;
2151
d7a5a11d 2152 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2153 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2154 changed = true;
2155 }
2156
2157 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2158 if (err < 0)
2159 goto failed;
2160
2161 if (changed)
2162 err = new_settings(hdev, sk);
2163
33ef95ed
JH		 2164 goto failed;
2165 }
2166
2167 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2169 MGMT_STATUS_BUSY);
33ef95ed
JH		 2170 goto failed;
2171 }
2172
2173 val = !!cp->val;
2174
2175 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2176 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2177 goto failed;
2178 }
2179
2180 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2181 if (!cmd) {
2182 err = -ENOMEM;
2183 goto failed;
2184 }
2185
2186 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2187 if (err < 0) {
2188 mgmt_pending_remove(cmd);
2189 goto failed;
2190 }
2191
2192failed:
2193 hci_dev_unlock(hdev);
33ef95ed
JH		 2194 return err;
2195}
2196
bdb6d971 2197static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2198{
2199 struct mgmt_mode *cp = data;
3b0602cd 2200 struct mgmt_pending_cmd *cmd;
72ef0c1a 2201 u8 status;
ed2c4ee3
JH		 2202 int err;
2203
bdb6d971 2204 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2205
cdba5281
MH		 2206 status = mgmt_bredr_support(hdev);
2207 if (status)
a69e8375 2208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2209
13ecd8b6 2210 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2212 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2213
a7e80f25 2214 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2215 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2216 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2217
13ecd8b6 2218 hci_dev_lock(hdev);
6c8f12c1 2219
4b34ee78 2220 if (!hdev_is_powered(hdev)) {
9ecb3e24 2221 bool changed;
c0ecddc2 2222
9ecb3e24 2223 if (cp->val) {
238be788
MH		 2224 changed = !hci_dev_test_and_set_flag(hdev,
2225 HCI_SSP_ENABLED);
9ecb3e24 2226 } else {
a69d8927
MH		 2227 changed = hci_dev_test_and_clear_flag(hdev,
2228 HCI_SSP_ENABLED);
9ecb3e24 2229 if (!changed)
a69d8927
MH		 2230 changed = hci_dev_test_and_clear_flag(hdev,
2231 HCI_HS_ENABLED);
9ecb3e24 2232 else
a358dc11 2233 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2234 }
2235
2236 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2237 if (err < 0)
2238 goto failed;
2239
2240 if (changed)
2241 err = new_settings(hdev, sk);
2242
ed2c4ee3
JH		 2243 goto failed;
2244 }
2245
94d52dad 2246 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2247 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2248 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2249 goto failed;
2250 }
2251
d7a5a11d 2252 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2253 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2254 goto failed;
2255 }
2256
2257 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2258 if (!cmd) {
2259 err = -ENOMEM;
2260 goto failed;
2261 }
2262
d7a5a11d 2263 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2264 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2265 sizeof(cp->val), &cp->val);
2266
72ef0c1a 2267 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2268 if (err < 0) {
2269 mgmt_pending_remove(cmd);
2270 goto failed;
2271 }
2272
2273failed:
2274 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2275 return err;
2276}
2277
bdb6d971 2278static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2279{
2280 struct mgmt_mode *cp = data;
ee392693 2281 bool changed;
e6fe7986 2282 u8 status;
ee392693 2283 int err;
6d80dfd0 2284
bdb6d971 2285 BT_DBG("request for %s", hdev->name);
6d80dfd0 2286
e6fe7986
JH		 2287 status = mgmt_bredr_support(hdev);
2288 if (status)
a69e8375 2289 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2290
9ecb3e24 2291 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2292 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2293 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2294
d7a5a11d 2295 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2296 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2297 MGMT_STATUS_REJECTED);
9ecb3e24 2298
a7e80f25 2299 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2301 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2302
ee392693
MH		 2303 hci_dev_lock(hdev);
2304
a2cb01de 2305 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2306 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2307 MGMT_STATUS_BUSY);
a2cb01de
JH		 2308 goto unlock;
2309 }
2310
a0cdf960 2311 if (cp->val) {
238be788 2312 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2313 } else {
2314 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2315 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2316 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2317 goto unlock;
2318 }
2319
a69d8927 2320 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2321 }
ee392693
MH		 2322
2323 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2324 if (err < 0)
2325 goto unlock;
2326
2327 if (changed)
2328 err = new_settings(hdev, sk);
6d80dfd0 2329
ee392693
MH		 2330unlock:
2331 hci_dev_unlock(hdev);
2332 return err;
6d80dfd0
JH		 2333}
2334
1904a853 2335static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2336{
2337 struct cmd_lookup match = { NULL, hdev };
2338
3ad67582
JK		 2339 hci_dev_lock(hdev);
2340
416a4ae5
JH		 2341 if (status) {
2342 u8 mgmt_err = mgmt_status(status);
2343
2344 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2345 &mgmt_err);
3ad67582 2346 goto unlock;
416a4ae5
JH		 2347 }
2348
2349 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2350
2351 new_settings(hdev, match.sk);
2352
2353 if (match.sk)
2354 sock_put(match.sk);
441ad2d0
MH		 2355
2356 /* Make sure the controller has a good default for
2357 * advertising data. Restrict the update to when LE
2358 * has actually been enabled. During power on, the
2359 * update in powered_update_hci will take care of it.
2360 */
d7a5a11d 2361 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2362 struct hci_request req;
2363
441ad2d0 2364 hci_req_init(&req, hdev);
5947f4bc 2365 update_adv_data(&req);
f14d8f64 2366 update_scan_rsp_data(&req);
2cf22218 2367 __hci_update_background_scan(&req);
441ad2d0 2368 hci_req_run(&req, NULL);
441ad2d0 2369 }
3ad67582
JK		 2370
2371unlock:
2372 hci_dev_unlock(hdev);
416a4ae5
JH		 2373}
2374
bdb6d971 2375static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2376{
2377 struct mgmt_mode *cp = data;
2378 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2379 struct mgmt_pending_cmd *cmd;
416a4ae5 2380 struct hci_request req;
06199cf8 2381 int err;
0b60eba1 2382 u8 val, enabled;
06199cf8 2383
bdb6d971 2384 BT_DBG("request for %s", hdev->name);
06199cf8 2385
13ecd8b6 2386 if (!lmp_le_capable(hdev))
a69e8375
JH		 2387 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2388 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2389
a7e80f25 2390 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2391 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2392 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2393
c73eee91 2394 /* LE-only devices do not allow toggling LE on/off */
d7a5a11d 2395 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2396 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2397 MGMT_STATUS_REJECTED);
c73eee91 2398
13ecd8b6 2399 hci_dev_lock(hdev);
06199cf8
JH		 2400
2401 val = !!cp->val;
ffa88e02 2402 enabled = lmp_host_le_capable(hdev);
06199cf8 2403
0b60eba1 2404 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2405 bool changed = false;
2406
d7a5a11d 2407 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2408 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2409 changed = true;
2410 }
2411
d7a5a11d 2412 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2413 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2414 changed = true;
2415 }
2416
06199cf8
JH		 2417 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2418 if (err < 0)
1de028ce 2419 goto unlock;
06199cf8
JH		 2420
2421 if (changed)
2422 err = new_settings(hdev, sk);
2423
1de028ce 2424 goto unlock;
06199cf8
JH		 2425 }
2426
4375f103
JH		 2427 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2428 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2429 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2430 MGMT_STATUS_BUSY);
1de028ce 2431 goto unlock;
06199cf8
JH		 2432 }
2433
2434 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2435 if (!cmd) {
2436 err = -ENOMEM;
1de028ce 2437 goto unlock;
06199cf8
JH		 2438 }
2439
441ad2d0
MH		 2440 hci_req_init(&req, hdev);
2441
06199cf8
JH		 2442 memset(&hci_cp, 0, sizeof(hci_cp));
2443
2444 if (val) {
2445 hci_cp.le = val;
32226e4f 2446 hci_cp.simul = 0x00;
441ad2d0 2447 } else {
d7a5a11d 2448 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2449 disable_advertising(&req);
06199cf8
JH		 2450 }
2451
416a4ae5
JH		 2452 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2453 &hci_cp);
2454
2455 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2456 if (err < 0)
06199cf8 2457 mgmt_pending_remove(cmd);
06199cf8 2458
1de028ce
JH		 2459unlock:
2460 hci_dev_unlock(hdev);
06199cf8
JH		 2461 return err;
2462}
2463
0cab9c80
JH		 2464/* This is a helper function to test for pending mgmt commands that can
2465 * cause CoD or EIR HCI commands. We can only allow one such pending
2466 * mgmt command at a time since otherwise we cannot easily track what
2467 * the current values are, will be, and based on that calculate if a new
2468 * HCI command needs to be sent and if yes with what value.
2469 */
2470static bool pending_eir_or_class(struct hci_dev *hdev)
2471{
3b0602cd 2472 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2473
2474 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2475 switch (cmd->opcode) {
2476 case MGMT_OP_ADD_UUID:
2477 case MGMT_OP_REMOVE_UUID:
2478 case MGMT_OP_SET_DEV_CLASS:
2479 case MGMT_OP_SET_POWERED:
2480 return true;
2481 }
2482 }
2483
2484 return false;
2485}
2486
83be8eca
JH		 2487static const u8 bluetooth_base_uuid[] = {
2488 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2489 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2490};
2491
2492static u8 get_uuid_size(const u8 *uuid)
2493{
2494 u32 val;
2495
2496 if (memcmp(uuid, bluetooth_base_uuid, 12))
2497 return 128;
2498
2499 val = get_unaligned_le32(&uuid[12]);
2500 if (val > 0xffff)
2501 return 32;
2502
2503 return 16;
2504}
2505
92da6097
JH		 2506static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2507{
3b0602cd 2508 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2509
2510 hci_dev_lock(hdev);
2511
2512 cmd = mgmt_pending_find(mgmt_op, hdev);
2513 if (!cmd)
2514 goto unlock;
2515
2a1afb5a
JH		 2516 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2517 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2518
2519 mgmt_pending_remove(cmd);
2520
2521unlock:
2522 hci_dev_unlock(hdev);
2523}
2524
1904a853 2525static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2526{
2527 BT_DBG("status 0x%02x", status);
2528
2529 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2530}
2531
bdb6d971 2532static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2533{
650f726d 2534 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2535 struct mgmt_pending_cmd *cmd;
890ea898 2536 struct hci_request req;
2aeb9a1a 2537 struct bt_uuid *uuid;
2aeb9a1a
JH		 2538 int err;
2539
bdb6d971 2540 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2541
09fd0de5 2542 hci_dev_lock(hdev);
2aeb9a1a 2543
0cab9c80 2544 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2545 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2546 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2547 goto failed;
2548 }
2549
92c4c204 2550 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2551 if (!uuid) {
2552 err = -ENOMEM;
2553 goto failed;
2554 }
2555
2556 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2557 uuid->svc_hint = cp->svc_hint;
83be8eca 2558 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2559
de66aa63 2560 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2561
890ea898 2562 hci_req_init(&req, hdev);
1aff6f09 2563
890ea898
JH		 2564 update_class(&req);
2565 update_eir(&req);
2566
92da6097
JH		 2567 err = hci_req_run(&req, add_uuid_complete);
2568 if (err < 0) {
2569 if (err != -ENODATA)
2570 goto failed;
80a1e1db 2571
2a1afb5a
JH		 2572 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2573 hdev->dev_class, 3);
90e70454
JH		 2574 goto failed;
2575 }
2576
2577 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2578 if (!cmd) {
90e70454 2579 err = -ENOMEM;
890ea898
JH		 2580 goto failed;
2581 }
2582
2583 err = 0;
2aeb9a1a
JH		 2584
2585failed:
09fd0de5 2586 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2587 return err;
2588}
2589
24b78d0f
JH		 2590static bool enable_service_cache(struct hci_dev *hdev)
2591{
2592 if (!hdev_is_powered(hdev))
2593 return false;
2594
238be788 2595 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2596 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2597 CACHE_TIMEOUT);
24b78d0f
JH		 2598 return true;
2599 }
2600
2601 return false;
2602}
2603
1904a853 2604static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2605{
2606 BT_DBG("status 0x%02x", status);
2607
2608 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2609}
2610
bdb6d971 2611static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2612 u16 len)
2aeb9a1a 2613{
650f726d 2614 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2615 struct mgmt_pending_cmd *cmd;
056341c8 2616 struct bt_uuid *match, *tmp;
2aeb9a1a 2617 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2618 struct hci_request req;
2aeb9a1a
JH		 2619 int err, found;
2620
bdb6d971 2621 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2622
09fd0de5 2623 hci_dev_lock(hdev);
2aeb9a1a 2624
0cab9c80 2625 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2626 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2627 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2628 goto unlock;
2629 }
2630
2aeb9a1a 2631 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2632 hci_uuids_clear(hdev);
4004b6d9 2633
24b78d0f 2634 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2635 err = mgmt_cmd_complete(sk, hdev->id,
2636 MGMT_OP_REMOVE_UUID,
2637 0, hdev->dev_class, 3);
24b78d0f
JH		 2638 goto unlock;
2639 }
4004b6d9 2640
9246a869 2641 goto update_class;
2aeb9a1a
JH		 2642 }
2643
2644 found = 0;
2645
056341c8 2646 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2647 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2648 continue;
2649
2650 list_del(&match->list);
482049f7 2651 kfree(match);
2aeb9a1a
JH		 2652 found++;
2653 }
2654
2655 if (found == 0) {
a69e8375
JH		 2656 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2657 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2658 goto unlock;
2659 }
2660
9246a869 2661update_class:
890ea898 2662 hci_req_init(&req, hdev);
1aff6f09 2663
890ea898
JH		 2664 update_class(&req);
2665 update_eir(&req);
2666
92da6097
JH		 2667 err = hci_req_run(&req, remove_uuid_complete);
2668 if (err < 0) {
2669 if (err != -ENODATA)
2670 goto unlock;
80a1e1db 2671
2a1afb5a
JH		 2672 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2673 hdev->dev_class, 3);
90e70454
JH		 2674 goto unlock;
2675 }
2676
2677 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2678 if (!cmd) {
90e70454 2679 err = -ENOMEM;
890ea898
JH		 2680 goto unlock;
2681 }
2682
2683 err = 0;
2aeb9a1a
JH		 2684
2685unlock:
09fd0de5 2686 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2687 return err;
2688}
2689
1904a853 2690static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2691{
2692 BT_DBG("status 0x%02x", status);
2693
2694 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2695}
2696
bdb6d971 2697static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2698 u16 len)
1aff6f09 2699{
650f726d 2700 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2701 struct mgmt_pending_cmd *cmd;
890ea898 2702 struct hci_request req;
1aff6f09
JH		 2703 int err;
2704
bdb6d971 2705 BT_DBG("request for %s", hdev->name);
1aff6f09 2706
6203fc98 2707 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2708 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2709 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2710
0cab9c80 2711 hci_dev_lock(hdev);
ee98f473 2712
0cab9c80 2713 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2714 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2715 MGMT_STATUS_BUSY);
0cab9c80
JH		 2716 goto unlock;
2717 }
c95f0ba7 2718
0cab9c80 2719 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2720 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2721 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2722 goto unlock;
2723 }
575b3a02 2724
932f5ff5
JH		 2725 hdev->major_class = cp->major;
2726 hdev->minor_class = cp->minor;
2727
b5235a65 2728 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2729 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2730 hdev->dev_class, 3);
b5235a65
JH		 2731 goto unlock;
2732 }
2733
890ea898
JH		 2734 hci_req_init(&req, hdev);
2735
a69d8927 2736 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2737 hci_dev_unlock(hdev);
2738 cancel_delayed_work_sync(&hdev->service_cache);
2739 hci_dev_lock(hdev);
890ea898 2740 update_eir(&req);
7d78525d 2741 }
14c0b608 2742
890ea898
JH		 2743 update_class(&req);
2744
92da6097
JH		 2745 err = hci_req_run(&req, set_class_complete);
2746 if (err < 0) {
2747 if (err != -ENODATA)
2748 goto unlock;
1aff6f09 2749
2a1afb5a
JH		 2750 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2751 hdev->dev_class, 3);
90e70454
JH		 2752 goto unlock;
2753 }
2754
2755 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2756 if (!cmd) {
90e70454 2757 err = -ENOMEM;
890ea898
JH		 2758 goto unlock;
2759 }
2760
2761 err = 0;
1aff6f09 2762
b5235a65 2763unlock:
09fd0de5 2764 hci_dev_unlock(hdev);
1aff6f09
JH		 2765 return err;
2766}
2767
bdb6d971 2768static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2769 u16 len)
55ed8ca1 2770{
650f726d 2771 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2772 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2773 sizeof(struct mgmt_link_key_info));
4e51eae9 2774 u16 key_count, expected_len;
b1de97d8 2775 bool changed;
a492cd52 2776 int i;
55ed8ca1 2777
9060d5cf
MH		 2778 BT_DBG("request for %s", hdev->name);
2779
2780 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2781 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2782 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2783
1f350c87 2784 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2785 if (key_count > max_key_count) {
2786 BT_ERR("load_link_keys: too big key_count value %u",
2787 key_count);
a69e8375
JH		 2788 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2789 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2790 }
55ed8ca1 2791
86742e1e
JH		 2792 expected_len = sizeof(*cp) + key_count *
2793 sizeof(struct mgmt_link_key_info);
a492cd52 2794 if (expected_len != len) {
86742e1e 2795 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2796 expected_len, len);
a69e8375
JH		 2797 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2798 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2799 }
2800
4ae14301 2801 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2802 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2803 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2804
bdb6d971 2805 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2806 key_count);
55ed8ca1 2807
4ee71b20
JH		 2808 for (i = 0; i < key_count; i++) {
2809 struct mgmt_link_key_info *key = &cp->keys[i];
2810
8e991132 2811 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2812 return mgmt_cmd_status(sk, hdev->id,
2813 MGMT_OP_LOAD_LINK_KEYS,
2814 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2815 }
2816
09fd0de5 2817 hci_dev_lock(hdev);
55ed8ca1
JH		 2818
2819 hci_link_keys_clear(hdev);
2820
55ed8ca1 2821 if (cp->debug_keys)
238be788 2822 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2823 else
a69d8927
MH		 2824 changed = hci_dev_test_and_clear_flag(hdev,
2825 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2826
2827 if (changed)
2828 new_settings(hdev, NULL);
55ed8ca1 2829
a492cd52 2830 for (i = 0; i < key_count; i++) {
86742e1e 2831 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2832
58e9293c
JH		 2833 /* Always ignore debug keys and require a new pairing if
2834 * the user wants to use them.
2835 */
2836 if (key->type == HCI_LK_DEBUG_COMBINATION)
2837 continue;
2838
7652ff6a
JH		 2839 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2840 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2841 }
2842
2a1afb5a 2843 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2844
09fd0de5 2845 hci_dev_unlock(hdev);
55ed8ca1 2846
a492cd52 2847 return 0;
55ed8ca1
JH		 2848}
2849
b1078ad0 2850static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2851 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2852{
2853 struct mgmt_ev_device_unpaired ev;
2854
2855 bacpy(&ev.addr.bdaddr, bdaddr);
2856 ev.addr.type = addr_type;
2857
2858 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2859 skip_sk);
b1078ad0
JH		 2860}
2861
bdb6d971 2862static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2863 u16 len)
55ed8ca1 2864{
124f6e35
JH		 2865 struct mgmt_cp_unpair_device *cp = data;
2866 struct mgmt_rp_unpair_device rp;
a8a1d19e 2867 struct hci_cp_disconnect dc;
3b0602cd 2868 struct mgmt_pending_cmd *cmd;
55ed8ca1 2869 struct hci_conn *conn;
55ed8ca1
JH		 2870 int err;
2871
a8a1d19e 2872 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2873 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2874 rp.addr.type = cp->addr.type;
a8a1d19e 2875
4ee71b20 2876 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2877 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2878 MGMT_STATUS_INVALID_PARAMS,
2879 &rp, sizeof(rp));
4ee71b20 2880
118da70b 2881 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2882 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2883 MGMT_STATUS_INVALID_PARAMS,
2884 &rp, sizeof(rp));
118da70b 2885
4ee71b20
JH		 2886 hci_dev_lock(hdev);
2887
86a8cfc6 2888 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2889 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2890 MGMT_STATUS_NOT_POWERED, &rp,
2891 sizeof(rp));
86a8cfc6
JH		 2892 goto unlock;
2893 }
2894
e0b2b27e 2895 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2896 /* If disconnection is requested, then look up the
2897 * connection. If the remote device is connected, it
2898 * will be later used to terminate the link.
2899 *
2900 * Setting it to NULL explicitly will cause no
2901 * termination of the link.
2902 */
2903 if (cp->disconnect)
2904 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2905 &cp->addr.bdaddr);
2906 else
2907 conn = NULL;
2908
124f6e35 2909 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2910 } else {
2911 u8 addr_type;
2912
89cbb063
AA		 2913 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2914 &cp->addr.bdaddr);
2915 if (conn) {
2916 /* Defer clearing up the connection parameters
2917 * until closing to give a chance of keeping
2918 * them if a repairing happens.
2919 */
2920 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2921
2922 /* If disconnection is not requested, then
2923 * clear the connection variable so that the
2924 * link is not terminated.
2925 */
2926 if (!cp->disconnect)
2927 conn = NULL;
2928 }
2929
e0b2b27e
JH		 2930 if (cp->addr.type == BDADDR_LE_PUBLIC)
2931 addr_type = ADDR_LE_DEV_PUBLIC;
2932 else
2933 addr_type = ADDR_LE_DEV_RANDOM;
2934
a7ec7338
JH		 2935 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2936
e0b2b27e
JH		 2937 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2938 }
b0dbfb46 2939
55ed8ca1 2940 if (err < 0) {
2a1afb5a
JH		 2941 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2942 MGMT_STATUS_NOT_PAIRED, &rp,
2943 sizeof(rp));
55ed8ca1
JH		 2944 goto unlock;
2945 }
2946
89cbb063
AA		 2947 /* If the connection variable is set, then termination of the
2948 * link is requested.
2949 */
a8a1d19e 2950 if (!conn) {
2a1afb5a
JH		 2951 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2952 &rp, sizeof(rp));
b1078ad0 2953 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2954 goto unlock;
2955 }
55ed8ca1 2956
124f6e35 2957 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2958 sizeof(*cp));
a8a1d19e
JH		 2959 if (!cmd) {
2960 err = -ENOMEM;
2961 goto unlock;
55ed8ca1
JH		 2962 }
2963
d8b7b1e4
JH		 2964 cmd->cmd_complete = addr_cmd_complete;
2965
eb55ef07 2966 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2967 dc.reason = 0x13; /* Remote User Terminated Connection */
2968 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2969 if (err < 0)
2970 mgmt_pending_remove(cmd);
2971
55ed8ca1 2972unlock:
09fd0de5 2973 hci_dev_unlock(hdev);
55ed8ca1
JH		 2974 return err;
2975}
2976
bdb6d971 2977static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2978 u16 len)
8962ee74 2979{
650f726d 2980 struct mgmt_cp_disconnect *cp = data;
06a63b19 2981 struct mgmt_rp_disconnect rp;
3b0602cd 2982 struct mgmt_pending_cmd *cmd;
8962ee74 2983 struct hci_conn *conn;
8962ee74
JH		 2984 int err;
2985
2986 BT_DBG("");
2987
06a63b19
JH		 2988 memset(&rp, 0, sizeof(rp));
2989 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2990 rp.addr.type = cp->addr.type;
2991
4ee71b20 2992 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2993 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2994 MGMT_STATUS_INVALID_PARAMS,
2995 &rp, sizeof(rp));
4ee71b20 2996
09fd0de5 2997 hci_dev_lock(hdev);
8962ee74
JH		 2998
2999 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3000 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3001 MGMT_STATUS_NOT_POWERED, &rp,
3002 sizeof(rp));
8962ee74
JH		 3003 goto failed;
3004 }
3005
2e58ef3e 3006 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3007 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3008 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3009 goto failed;
3010 }
3011
591f47f3 3012 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3013 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3014 &cp->addr.bdaddr);
88c3df13
JH		 3015 else
3016 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 3017
f960727e 3018 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3019 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3020 MGMT_STATUS_NOT_CONNECTED, &rp,
3021 sizeof(rp));
8962ee74
JH		 3022 goto failed;
3023 }
3024
2e58ef3e 3025 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3026 if (!cmd) {
3027 err = -ENOMEM;
8962ee74 3028 goto failed;
366a0336 3029 }
8962ee74 3030
f5818c22
JH		 3031 cmd->cmd_complete = generic_cmd_complete;
3032
e3f2f92a 3033 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3034 if (err < 0)
a664b5bc 3035 mgmt_pending_remove(cmd);
8962ee74
JH		 3036
3037failed:
09fd0de5 3038 hci_dev_unlock(hdev);
8962ee74
JH		 3039 return err;
3040}
3041
57c1477c 3042static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3043{
3044 switch (link_type) {
3045 case LE_LINK:
48264f06
JH		 3046 switch (addr_type) {
3047 case ADDR_LE_DEV_PUBLIC:
591f47f3 3048 return BDADDR_LE_PUBLIC;
0ed09148 3049
48264f06 3050 default:
0ed09148 3051 /* Fallback to LE Random address type */
591f47f3 3052 return BDADDR_LE_RANDOM;
48264f06 3053 }
0ed09148 3054
4c659c39 3055 default:
0ed09148 3056 /* Fallback to BR/EDR type */
591f47f3 3057 return BDADDR_BREDR;
4c659c39
JH		 3058 }
3059}
3060
04124681
GP		 3061static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3062 u16 data_len)
2784eb41 3063{
2784eb41 3064 struct mgmt_rp_get_connections *rp;
8035ded4 3065 struct hci_conn *c;
a38528f1 3066 size_t rp_len;
60fc5fb6
JH		 3067 int err;
3068 u16 i;
2784eb41
JH		 3069
3070 BT_DBG("");
3071
09fd0de5 3072 hci_dev_lock(hdev);
2784eb41 3073
5f97c1df 3074 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3075 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3076 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3077 goto unlock;
3078 }
3079
60fc5fb6 3080 i = 0;
b644ba33
JH		 3081 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3082 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3083 i++;
2784eb41
JH		 3084 }
3085
60fc5fb6 3086 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3087 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3088 if (!rp) {
2784eb41
JH		 3089 err = -ENOMEM;
3090 goto unlock;
3091 }
3092
2784eb41 3093 i = 0;
4c659c39 3094 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3095 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3096 continue;
4c659c39 3097 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3098 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3099 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3100 continue;
3101 i++;
3102 }
3103
eb55ef07 3104 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3105
4c659c39
JH		 3106 /* Recalculate length in case of filtered SCO connections, etc */
3107 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3108
2a1afb5a
JH		 3109 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3110 rp_len);
2784eb41 3111
a38528f1 3112 kfree(rp);
5f97c1df
JH		 3113
3114unlock:
09fd0de5 3115 hci_dev_unlock(hdev);
2784eb41
JH		 3116 return err;
3117}
3118
bdb6d971 3119static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3120 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3121{
3b0602cd 3122 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3123 int err;
3124
2e58ef3e 3125 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3126 sizeof(*cp));
96d97a67
WR		 3127 if (!cmd)
3128 return -ENOMEM;
3129
d8457698 3130 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3131 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3132 if (err < 0)
3133 mgmt_pending_remove(cmd);
3134
3135 return err;
3136}
3137
bdb6d971 3138static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3139 u16 len)
980e1a53 3140{
96d97a67 3141 struct hci_conn *conn;
650f726d 3142 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3143 struct hci_cp_pin_code_reply reply;
3b0602cd 3144 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3145 int err;
3146
3147 BT_DBG("");
3148
09fd0de5 3149 hci_dev_lock(hdev);
980e1a53 3150
4b34ee78 3151 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3152 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3153 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3154 goto failed;
3155 }
3156
d8457698 3157 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3158 if (!conn) {
a69e8375
JH		 3159 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3160 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3161 goto failed;
3162 }
3163
3164 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3165 struct mgmt_cp_pin_code_neg_reply ncp;
3166
3167 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3168
3169 BT_ERR("PIN code is not 16 bytes long");
3170
bdb6d971 3171 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3172 if (err >= 0)
a69e8375
JH		 3173 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3174 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3175
3176 goto failed;
3177 }
3178
00abfe44 3179 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3180 if (!cmd) {
3181 err = -ENOMEM;
980e1a53 3182 goto failed;
366a0336 3183 }
980e1a53 3184
7776d1d8
JH		 3185 cmd->cmd_complete = addr_cmd_complete;
3186
d8457698 3187 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3188 reply.pin_len = cp->pin_len;
24718ca5 3189 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3190
3191 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3192 if (err < 0)
a664b5bc 3193 mgmt_pending_remove(cmd);
980e1a53
JH		 3194
3195failed:
09fd0de5 3196 hci_dev_unlock(hdev);
980e1a53
JH		 3197 return err;
3198}
3199
04124681
GP		 3200static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3201 u16 len)
17fa4b9d 3202{
650f726d 3203 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3204
3205 BT_DBG("");
3206
4ec86d4c 3207 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3208 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3209 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3210
09fd0de5 3211 hci_dev_lock(hdev);
17fa4b9d
JH		 3212
3213 hdev->io_capability = cp->io_capability;
3214
3215 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3216 hdev->io_capability);
17fa4b9d 3217
09fd0de5 3218 hci_dev_unlock(hdev);
17fa4b9d 3219
2a1afb5a
JH		 3220 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3221 NULL, 0);
17fa4b9d
JH		 3222}
3223
3b0602cd 3224static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3225{
3226 struct hci_dev *hdev = conn->hdev;
3b0602cd 3227 struct mgmt_pending_cmd *cmd;
e9a416b5 3228
2e58ef3e 3229 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3230 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3231 continue;
3232
e9a416b5
JH		 3233 if (cmd->user_data != conn)
3234 continue;
3235
3236 return cmd;
3237 }
3238
3239 return NULL;
3240}
3241
3b0602cd 3242static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3243{
3244 struct mgmt_rp_pair_device rp;
3245 struct hci_conn *conn = cmd->user_data;
9df74653 3246 int err;
e9a416b5 3247
61b1a7fb
JH		 3248 bacpy(&rp.addr.bdaddr, &conn->dst);
3249 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3250
2a1afb5a
JH		 3251 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3252 status, &rp, sizeof(rp));
e9a416b5
JH		 3253
3254 /* So we don't get further callbacks for this connection */
3255 conn->connect_cfm_cb = NULL;
3256 conn->security_cfm_cb = NULL;
3257 conn->disconn_cfm_cb = NULL;
3258
76a68ba0 3259 hci_conn_drop(conn);
89cbb063
AA		 3260
3261 /* The device is paired so there is no need to remove
3262 * its connection parameters anymore.
3263 */
3264 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3265
3266 hci_conn_put(conn);
9df74653
JH		 3267
3268 return err;
e9a416b5
JH		 3269}
3270
f4a407be
JH		 3271void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3272{
3273 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3274 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3275
3276 cmd = find_pairing(conn);
a511b35b 3277 if (cmd) {
04ab2749 3278 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3279 mgmt_pending_remove(cmd);
3280 }
f4a407be
JH		 3281}
3282
e9a416b5
JH		 3283static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3284{
3b0602cd 3285 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3286
3287 BT_DBG("status %u", status);
3288
3289 cmd = find_pairing(conn);
a511b35b 3290 if (!cmd) {
e9a416b5 3291 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3292 return;
3293 }
3294
3295 cmd->cmd_complete(cmd, mgmt_status(status));
3296 mgmt_pending_remove(cmd);
e9a416b5
JH		 3297}
3298
f4a407be 3299static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3300{
3b0602cd 3301 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3302
3303 BT_DBG("status %u", status);
3304
3305 if (!status)
3306 return;
3307
3308 cmd = find_pairing(conn);
a511b35b 3309 if (!cmd) {
4c47d739 3310 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3311 return;
3312 }
3313
3314 cmd->cmd_complete(cmd, mgmt_status(status));
3315 mgmt_pending_remove(cmd);
4c47d739
VA		 3316}
3317
bdb6d971 3318static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3319 u16 len)
e9a416b5 3320{
650f726d 3321 struct mgmt_cp_pair_device *cp = data;
1425acb7 3322 struct mgmt_rp_pair_device rp;
3b0602cd 3323 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3324 u8 sec_level, auth_type;
3325 struct hci_conn *conn;
e9a416b5
JH		 3326 int err;
3327
3328 BT_DBG("");
3329
f950a30e
SJ		 3330 memset(&rp, 0, sizeof(rp));
3331 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3332 rp.addr.type = cp->addr.type;
3333
4ee71b20 3334 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3335 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3336 MGMT_STATUS_INVALID_PARAMS,
3337 &rp, sizeof(rp));
4ee71b20 3338
4ec86d4c 3339 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3340 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3341 MGMT_STATUS_INVALID_PARAMS,
3342 &rp, sizeof(rp));
4ec86d4c 3343
09fd0de5 3344 hci_dev_lock(hdev);
e9a416b5 3345
5f97c1df 3346 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3347 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3348 MGMT_STATUS_NOT_POWERED, &rp,
3349 sizeof(rp));
5f97c1df
JH		 3350 goto unlock;
3351 }
3352
55e76b38
JH		 3353 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3354 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3355 MGMT_STATUS_ALREADY_PAIRED, &rp,
3356 sizeof(rp));
3357 goto unlock;
3358 }
3359
c908df36 3360 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3361 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3362
6f77d8c7 3363 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3364 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3365 auth_type);
6f77d8c7
AG		 3366 } else {
3367 u8 addr_type;
3368
3369 /* Convert from L2CAP channel address type to HCI address type
3370 */
3371 if (cp->addr.type == BDADDR_LE_PUBLIC)
3372 addr_type = ADDR_LE_DEV_PUBLIC;
3373 else
3374 addr_type = ADDR_LE_DEV_RANDOM;
3375
7c264b10
MH		 3376 /* When pairing a new device, it is expected to remember
3377 * this device for future connections. Adding the connection
3378 * parameter information ahead of time allows tracking
3379 * of the slave preferred values and will speed up any
3380 * further connection establishment.
3381 *
3382 * If connection parameters already exist, then they
3383 * will be kept and this function does nothing.
3384 */
3385 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3386
6f77d8c7 3387 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3388 sec_level, HCI_LE_CONN_TIMEOUT,
3389 HCI_ROLE_MASTER);
6f77d8c7 3390 }
7a512d01 3391
30e76272 3392 if (IS_ERR(conn)) {
489dc48e
AK		 3393 int status;
3394
3395 if (PTR_ERR(conn) == -EBUSY)
3396 status = MGMT_STATUS_BUSY;
faa81030
LR		 3397 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3398 status = MGMT_STATUS_NOT_SUPPORTED;
3399 else if (PTR_ERR(conn) == -ECONNREFUSED)
3400 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3401 else
3402 status = MGMT_STATUS_CONNECT_FAILED;
3403
2a1afb5a
JH		 3404 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3405 status, &rp, sizeof(rp));
e9a416b5
JH		 3406 goto unlock;
3407 }
3408
3409 if (conn->connect_cfm_cb) {
76a68ba0 3410 hci_conn_drop(conn);
2a1afb5a
JH		 3411 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3412 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3413 goto unlock;
3414 }
3415
2e58ef3e 3416 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3417 if (!cmd) {
3418 err = -ENOMEM;
76a68ba0 3419 hci_conn_drop(conn);
e9a416b5
JH		 3420 goto unlock;
3421 }
3422
04ab2749
JH		 3423 cmd->cmd_complete = pairing_complete;
3424
7a512d01 3425 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3426 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3427 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3428 conn->security_cfm_cb = pairing_complete_cb;
3429 conn->disconn_cfm_cb = pairing_complete_cb;
3430 } else {
3431 conn->connect_cfm_cb = le_pairing_complete_cb;
3432 conn->security_cfm_cb = le_pairing_complete_cb;
3433 conn->disconn_cfm_cb = le_pairing_complete_cb;
3434 }
7a512d01 3435
e9a416b5 3436 conn->io_capability = cp->io_cap;
f8aaf9b6 3437 cmd->user_data = hci_conn_get(conn);
e9a416b5 3438
6f78fd4b 3439 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3440 hci_conn_security(conn, sec_level, auth_type, true)) {
3441 cmd->cmd_complete(cmd, 0);
3442 mgmt_pending_remove(cmd);
3443 }
e9a416b5
JH		 3444
3445 err = 0;
3446
3447unlock:
09fd0de5 3448 hci_dev_unlock(hdev);
e9a416b5
JH		 3449 return err;
3450}
3451
04124681
GP		 3452static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3453 u16 len)
28424707 3454{
0f4e68cf 3455 struct mgmt_addr_info *addr = data;
3b0602cd 3456 struct mgmt_pending_cmd *cmd;
28424707
JH		 3457 struct hci_conn *conn;
3458 int err;
3459
3460 BT_DBG("");
3461
28424707
JH		 3462 hci_dev_lock(hdev);
3463
5f97c1df 3464 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3465 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3466 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3467 goto unlock;
3468 }
3469
28424707
JH		 3470 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3471 if (!cmd) {
a69e8375
JH		 3472 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3473 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3474 goto unlock;
3475 }
3476
3477 conn = cmd->user_data;
3478
3479 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3480 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3481 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3482 goto unlock;
3483 }
3484
a511b35b
JH		 3485 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3486 mgmt_pending_remove(cmd);
28424707 3487
2a1afb5a
JH		 3488 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3489 addr, sizeof(*addr));
28424707
JH		 3490unlock:
3491 hci_dev_unlock(hdev);
28424707
JH		 3492 return err;
3493}
3494
bdb6d971 3495static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3496 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3497 u16 hci_op, __le32 passkey)
a5c29683 3498{
3b0602cd 3499 struct mgmt_pending_cmd *cmd;
0df4c185 3500 struct hci_conn *conn;
a5c29683
JH		 3501 int err;
3502
09fd0de5 3503 hci_dev_lock(hdev);
08ba5382 3504
4b34ee78 3505 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3506 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3507 MGMT_STATUS_NOT_POWERED, addr,
3508 sizeof(*addr));
0df4c185 3509 goto done;
a5c29683
JH		 3510 }
3511
1707c60e
JH		 3512 if (addr->type == BDADDR_BREDR)
3513 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3514 else
1707c60e 3515 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3516
3517 if (!conn) {
2a1afb5a
JH		 3518 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3519 MGMT_STATUS_NOT_CONNECTED, addr,
3520 sizeof(*addr));
272d90df
JH		 3521 goto done;
3522 }
47c15e2b 3523
1707c60e 3524 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3525 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3526 if (!err)
2a1afb5a
JH		 3527 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3528 MGMT_STATUS_SUCCESS, addr,
3529 sizeof(*addr));
5fe57d9e 3530 else
2a1afb5a
JH		 3531 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3532 MGMT_STATUS_FAILED, addr,
3533 sizeof(*addr));
47c15e2b 3534
47c15e2b
BG		 3535 goto done;
3536 }
3537
1707c60e 3538 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3539 if (!cmd) {
3540 err = -ENOMEM;
0df4c185 3541 goto done;
a5c29683
JH		 3542 }
3543
7776d1d8
JH		 3544 cmd->cmd_complete = addr_cmd_complete;
3545
0df4c185 3546 /* Continue with pairing via HCI */
604086b7
BG		 3547 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3548 struct hci_cp_user_passkey_reply cp;
3549
1707c60e 3550 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3551 cp.passkey = passkey;
3552 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3553 } else
1707c60e
JH		 3554 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3555 &addr->bdaddr);
604086b7 3556
a664b5bc
JH		 3557 if (err < 0)
3558 mgmt_pending_remove(cmd);
a5c29683 3559
0df4c185 3560done:
09fd0de5 3561 hci_dev_unlock(hdev);
a5c29683
JH		 3562 return err;
3563}
3564
afeb019d
JK		 3565static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3566 void *data, u16 len)
3567{
3568 struct mgmt_cp_pin_code_neg_reply *cp = data;
3569
3570 BT_DBG("");
3571
1707c60e 3572 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3573 MGMT_OP_PIN_CODE_NEG_REPLY,
3574 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3575}
3576
04124681
GP		 3577static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3578 u16 len)
0df4c185 3579{
650f726d 3580 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3581
3582 BT_DBG("");
3583
3584 if (len != sizeof(*cp))
a69e8375
JH		 3585 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3586 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3587
1707c60e 3588 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3589 MGMT_OP_USER_CONFIRM_REPLY,
3590 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3591}
3592
bdb6d971 3593static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3594 void *data, u16 len)
0df4c185 3595{
c9c2659f 3596 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3597
3598 BT_DBG("");
3599
1707c60e 3600 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3601 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3602 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3603}
3604
04124681
GP		 3605static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3606 u16 len)
604086b7 3607{
650f726d 3608 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3609
3610 BT_DBG("");
3611
1707c60e 3612 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3613 MGMT_OP_USER_PASSKEY_REPLY,
3614 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3615}
3616
bdb6d971 3617static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3618 void *data, u16 len)
604086b7 3619{
650f726d 3620 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3621
3622 BT_DBG("");
3623
1707c60e 3624 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3625 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3626 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3627}
3628
13928971 3629static void update_name(struct hci_request *req)
2b4bf397 3630{
13928971 3631 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3632 struct hci_cp_write_local_name cp;
3633
13928971 3634 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3635
890ea898 3636 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3637}
3638
1904a853 3639static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3640{
3641 struct mgmt_cp_set_local_name *cp;
3b0602cd 3642 struct mgmt_pending_cmd *cmd;
13928971
JH		 3643
3644 BT_DBG("status 0x%02x", status);
3645
3646 hci_dev_lock(hdev);
3647
3648 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3649 if (!cmd)
3650 goto unlock;
3651
3652 cp = cmd->param;
3653
3654 if (status)
a69e8375
JH		 3655 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3656 mgmt_status(status));
13928971 3657 else
2a1afb5a
JH		 3658 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3659 cp, sizeof(*cp));
13928971
JH		 3660
3661 mgmt_pending_remove(cmd);
3662
3663unlock:
3664 hci_dev_unlock(hdev);
3665}
3666
bdb6d971 3667static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3668 u16 len)
b312b161 3669{
2b4bf397 3670 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3671 struct mgmt_pending_cmd *cmd;
890ea898 3672 struct hci_request req;
b312b161
JH		 3673 int err;
3674
3675 BT_DBG("");
3676
09fd0de5 3677 hci_dev_lock(hdev);
b312b161 3678
b3f2ca94
JH		 3679 /* If the old values are the same as the new ones just return a
3680 * direct command complete event.
3681 */
3682 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3683 !memcmp(hdev->short_name, cp->short_name,
3684 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3685 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3686 data, len);
b3f2ca94
JH		 3687 goto failed;
3688 }
3689
2b4bf397 3690 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3691
b5235a65 3692 if (!hdev_is_powered(hdev)) {
2b4bf397 3693 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3694
2a1afb5a
JH		 3695 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3696 data, len);
28cc7bde
JH		 3697 if (err < 0)
3698 goto failed;
3699
3700 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3701 sk);
28cc7bde 3702
b5235a65
JH		 3703 goto failed;
3704 }
3705
28cc7bde 3706 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3707 if (!cmd) {
3708 err = -ENOMEM;
3709 goto failed;
3710 }
3711
13928971
JH		 3712 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3713
890ea898 3714 hci_req_init(&req, hdev);
3f985050
JH		 3715
3716 if (lmp_bredr_capable(hdev)) {
3717 update_name(&req);
3718 update_eir(&req);
3719 }
3720
7a5f4990
MH		 3721 /* The name is stored in the scan response data and so
3722 * no need to udpate the advertising data here.
3723 */
3f985050 3724 if (lmp_le_capable(hdev))
7a5f4990 3725 update_scan_rsp_data(&req);
3f985050 3726
13928971 3727 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3728 if (err < 0)
3729 mgmt_pending_remove(cmd);
3730
3731failed:
09fd0de5 3732 hci_dev_unlock(hdev);
b312b161
JH		 3733 return err;
3734}
3735
0f4e68cf 3736static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3737 void *data, u16 data_len)
c35938b2 3738{
3b0602cd 3739 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3740 int err;
3741
bdb6d971 3742 BT_DBG("%s", hdev->name);
c35938b2 3743
09fd0de5 3744 hci_dev_lock(hdev);
c35938b2 3745
4b34ee78 3746 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3748 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3749 goto unlock;
3750 }
3751
9a1a1996 3752 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3753 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3754 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3755 goto unlock;
3756 }
3757
2e58ef3e 3758 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3759 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3760 MGMT_STATUS_BUSY);
c35938b2
SJ		 3761 goto unlock;
3762 }
3763
2e58ef3e 3764 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3765 if (!cmd) {
3766 err = -ENOMEM;
3767 goto unlock;
3768 }
3769
710f11c0 3770 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3771 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3772 0, NULL);
3773 else
3774 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3775
c35938b2
SJ		 3776 if (err < 0)
3777 mgmt_pending_remove(cmd);
3778
3779unlock:
09fd0de5 3780 hci_dev_unlock(hdev);
c35938b2
SJ		 3781 return err;
3782}
3783
bdb6d971 3784static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3785 void *data, u16 len)
2763eda6 3786{
5d57e796 3787 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3788 int err;
3789
bdb6d971 3790 BT_DBG("%s ", hdev->name);
2763eda6 3791
5d57e796 3792 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3793 return mgmt_cmd_complete(sk, hdev->id,
3794 MGMT_OP_ADD_REMOTE_OOB_DATA,
3795 MGMT_STATUS_INVALID_PARAMS,
3796 addr, sizeof(*addr));
5d57e796 3797
09fd0de5 3798 hci_dev_lock(hdev);
2763eda6 3799
ec109113
MH		 3800 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3801 struct mgmt_cp_add_remote_oob_data *cp = data;
3802 u8 status;
bf1e3541 3803
c19a495c 3804 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3805 err = mgmt_cmd_complete(sk, hdev->id,
3806 MGMT_OP_ADD_REMOTE_OOB_DATA,
3807 MGMT_STATUS_INVALID_PARAMS,
3808 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3809 goto unlock;
3810 }
3811
ec109113 3812 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3813 cp->addr.type, cp->hash,
3814 cp->rand, NULL, NULL);
ec109113
MH		 3815 if (err < 0)
3816 status = MGMT_STATUS_FAILED;
3817 else
3818 status = MGMT_STATUS_SUCCESS;
3819
2a1afb5a
JH		 3820 err = mgmt_cmd_complete(sk, hdev->id,
3821 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3822 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3823 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3824 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3825 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3826 u8 status;
3827
86df9200 3828 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3829 /* Enforce zero-valued 192-bit parameters as
3830 * long as legacy SMP OOB isn't implemented.
3831 */
3832 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3833 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3834 err = mgmt_cmd_complete(sk, hdev->id,
3835 MGMT_OP_ADD_REMOTE_OOB_DATA,
3836 MGMT_STATUS_INVALID_PARAMS,
3837 addr, sizeof(*addr));
d25b78e2
JH		 3838 goto unlock;
3839 }
3840
86df9200
JH		 3841 rand192 = NULL;
3842 hash192 = NULL;
3843 } else {
41bcfd50
MH		 3844 /* In case one of the P-192 values is set to zero,
3845 * then just disable OOB data for P-192.
3846 */
3847 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3848 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3849 rand192 = NULL;
3850 hash192 = NULL;
3851 } else {
3852 rand192 = cp->rand192;
3853 hash192 = cp->hash192;
3854 }
3855 }
3856
3857 /* In case one of the P-256 values is set to zero, then just
3858 * disable OOB data for P-256.
3859 */
3860 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3861 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3862 rand256 = NULL;
3863 hash256 = NULL;
3864 } else {
3865 rand256 = cp->rand256;
3866 hash256 = cp->hash256;
86df9200
JH		 3867 }
3868
81328d5c 3869 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3870 cp->addr.type, hash192, rand192,
41bcfd50 3871 hash256, rand256);
ec109113
MH		 3872 if (err < 0)
3873 status = MGMT_STATUS_FAILED;
3874 else
3875 status = MGMT_STATUS_SUCCESS;
3876
2a1afb5a
JH		 3877 err = mgmt_cmd_complete(sk, hdev->id,
3878 MGMT_OP_ADD_REMOTE_OOB_DATA,
3879 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3880 } else {
3881 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3882 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3883 MGMT_STATUS_INVALID_PARAMS);
ec109113 3884 }
2763eda6 3885
c19a495c 3886unlock:
09fd0de5 3887 hci_dev_unlock(hdev);
2763eda6
SJ		 3888 return err;
3889}
3890
bdb6d971 3891static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3892 void *data, u16 len)
2763eda6 3893{
650f726d 3894 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3895 u8 status;
2763eda6
SJ		 3896 int err;
3897
bdb6d971 3898 BT_DBG("%s", hdev->name);
2763eda6 3899
c19a495c 3900 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3901 return mgmt_cmd_complete(sk, hdev->id,
3902 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3903 MGMT_STATUS_INVALID_PARAMS,
3904 &cp->addr, sizeof(cp->addr));
c19a495c 3905
09fd0de5 3906 hci_dev_lock(hdev);
2763eda6 3907
eedbd581
JH		 3908 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3909 hci_remote_oob_data_clear(hdev);
3910 status = MGMT_STATUS_SUCCESS;
3911 goto done;
3912 }
3913
6928a924 3914 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3915 if (err < 0)
bf1e3541 3916 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3917 else
a6785be2 3918 status = MGMT_STATUS_SUCCESS;
bf1e3541 3919
eedbd581 3920done:
2a1afb5a
JH		 3921 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3922 status, &cp->addr, sizeof(cp->addr));
2763eda6 3923
09fd0de5 3924 hci_dev_unlock(hdev);
2763eda6
SJ		 3925 return err;
3926}
3927
8019044d 3928static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3929{
8019044d
MH		 3930 struct hci_dev *hdev = req->hdev;
3931 struct hci_cp_le_set_scan_param param_cp;
3932 struct hci_cp_le_set_scan_enable enable_cp;
3933 struct hci_cp_inquiry inq_cp;
3934 /* General inquiry access code (GIAC) */
3935 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3936 u8 own_addr_type;
41dc2bd6
AG		 3937 int err;
3938
8019044d
MH		 3939 switch (hdev->discovery.type) {
3940 case DISCOV_TYPE_BREDR:
3941 *status = mgmt_bredr_support(hdev);
3942 if (*status)
3943 return false;
41dc2bd6 3944
8019044d
MH		 3945 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3946 *status = MGMT_STATUS_BUSY;
3947 return false;
3948 }
41dc2bd6 3949
8019044d 3950 hci_inquiry_cache_flush(hdev);
41dc2bd6 3951
8019044d
MH		 3952 memset(&inq_cp, 0, sizeof(inq_cp));
3953 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3954 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3955 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3956 break;
41dc2bd6 3957
8019044d
MH		 3958 case DISCOV_TYPE_LE:
3959 case DISCOV_TYPE_INTERLEAVED:
3960 *status = mgmt_le_support(hdev);
3961 if (*status)
3962 return false;
3963
3964 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
d7a5a11d 3965 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
8019044d
MH		 3966 *status = MGMT_STATUS_NOT_SUPPORTED;
3967 return false;
3968 }
3969
d7a5a11d 3970 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
8019044d
MH		 3971 /* Don't let discovery abort an outgoing
3972 * connection attempt that's using directed
3973 * advertising.
3974 */
3975 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3976 BT_CONNECT)) {
3977 *status = MGMT_STATUS_REJECTED;
3978 return false;
3979 }
3980
3981 disable_advertising(req);
3982 }
3983
3984 /* If controller is scanning, it means the background scanning
3985 * is running. Thus, we should temporarily stop it in order to
3986 * set the discovery scanning parameters.
3987 */
d7a5a11d 3988 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8019044d
MH		 3989 hci_req_add_le_scan_disable(req);
3990
3991 memset(&param_cp, 0, sizeof(param_cp));
3992
3993 /* All active scans will be done with either a resolvable
3994 * private address (when privacy feature has been enabled)
9437d2ed 3995 * or non-resolvable private address.
8019044d
MH		 3996 */
3997 err = hci_update_random_address(req, true, &own_addr_type);
3998 if (err < 0) {
3999 *status = MGMT_STATUS_FAILED;
4000 return false;
4001 }
4002
4003 param_cp.type = LE_SCAN_ACTIVE;
4004 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
4005 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4006 param_cp.own_address_type = own_addr_type;
4007 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4008 &param_cp);
4009
4010 memset(&enable_cp, 0, sizeof(enable_cp));
4011 enable_cp.enable = LE_SCAN_ENABLE;
4012 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
4013 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4014 &enable_cp);
4015 break;
4016
4017 default:
4018 *status = MGMT_STATUS_INVALID_PARAMS;
4019 return false;
4020 }
4021
4022 return true;
41dc2bd6
AG		 4023}
4024
1904a853
MH		 4025static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4026 u16 opcode)
7c307720 4027{
3b0602cd 4028 struct mgmt_pending_cmd *cmd;
11e6e25d 4029 unsigned long timeout;
ae55f598 4030
7c307720
AG		 4031 BT_DBG("status %d", status);
4032
11e6e25d 4033 hci_dev_lock(hdev);
41dc2bd6 4034
11e6e25d 4035 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 4036 if (!cmd)
4037 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4038
11e6e25d 4039 if (cmd) {
2922a94f 4040 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4041 mgmt_pending_remove(cmd);
4042 }
7c307720
AG		 4043
4044 if (status) {
11e6e25d
MH		 4045 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4046 goto unlock;
7c307720
AG		 4047 }
4048
7c307720 4049 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 4050
2d28cfe7
JP		 4051 /* If the scan involves LE scan, pick proper timeout to schedule
4052 * hdev->le_scan_disable that will stop it.
4053 */
7c307720
AG		 4054 switch (hdev->discovery.type) {
4055 case DISCOV_TYPE_LE:
3d5a76f0 4056 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 4057 break;
7c307720 4058 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 4059 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 4060 break;
7c307720 4061 case DISCOV_TYPE_BREDR:
11e6e25d 4062 timeout = 0;
7c307720 4063 break;
7c307720
AG		 4064 default:
4065 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 4066 timeout = 0;
4067 break;
7c307720 4068 }
ae55f598 4069
2d28cfe7
JP		 4070 if (timeout) {
4071 /* When service discovery is used and the controller has
4072 * a strict duplicate filter, it is important to remember
4073 * the start and duration of the scan. This is required
4074 * for restarting scanning during the discovery phase.
4075 */
4076 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4077 &hdev->quirks) &&
82f8b651 4078 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4079 hdev->discovery.scan_start = jiffies;
4080 hdev->discovery.scan_duration = timeout;
4081 }
4082
11e6e25d
MH		 4083 queue_delayed_work(hdev->workqueue,
4084 &hdev->le_scan_disable, timeout);
2d28cfe7 4085 }
ae55f598 4086
11e6e25d
MH		 4087unlock:
4088 hci_dev_unlock(hdev);
7c307720
AG		 4089}
4090
bdb6d971 4091static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4092 void *data, u16 len)
14a53664 4093{
650f726d 4094 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4095 struct mgmt_pending_cmd *cmd;
7c307720 4096 struct hci_request req;
8019044d 4097 u8 status;
14a53664
JH		 4098 int err;
4099
bdb6d971 4100 BT_DBG("%s", hdev->name);
14a53664 4101
09fd0de5 4102 hci_dev_lock(hdev);
14a53664 4103
4b34ee78 4104 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4105 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4106 MGMT_STATUS_NOT_POWERED,
4107 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4108 goto failed;
4109 }
4110
f5a969f2 4111 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4112 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4113 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4114 MGMT_STATUS_BUSY, &cp->type,
4115 sizeof(cp->type));
642be6c7
AG		 4116 goto failed;
4117 }
4118
2922a94f 4119 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4120 if (!cmd) {
4121 err = -ENOMEM;
4122 goto failed;
4123 }
4124
2922a94f
JH		 4125 cmd->cmd_complete = generic_cmd_complete;
4126
22078800
MH		 4127 /* Clear the discovery filter first to free any previously
4128 * allocated memory for the UUID list.
4129 */
4130 hci_discovery_filter_clear(hdev);
4131
4aab14e5 4132 hdev->discovery.type = cp->type;
da25cf6a 4133 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4134
7c307720
AG		 4135 hci_req_init(&req, hdev);
4136
8019044d 4137 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4138 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4139 status, &cp->type, sizeof(cp->type));
04106755
JH		 4140 mgmt_pending_remove(cmd);
4141 goto failed;
f39799f5 4142 }
04106755 4143
7c307720 4144 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4145 if (err < 0) {
14a53664 4146 mgmt_pending_remove(cmd);
f5a969f2
MH		 4147 goto failed;
4148 }
7c307720 4149
f5a969f2 4150 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4151
14a53664 4152failed:
09fd0de5 4153 hci_dev_unlock(hdev);
14a53664
JH		 4154 return err;
4155}
f39799f5 4156
3b0602cd
JH		 4157static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4158 u8 status)
2922a94f 4159{
2a1afb5a
JH		 4160 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4161 cmd->param, 1);
2922a94f 4162}
04106755 4163
66ea9427
JP		 4164static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4165 void *data, u16 len)
4166{
4167 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4168 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4169 struct hci_request req;
4170 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4171 u16 uuid_count, expected_len;
4172 u8 status;
4173 int err;
04106755 4174
66ea9427 4175 BT_DBG("%s", hdev->name);
e8bb6b97 4176
66ea9427 4177 hci_dev_lock(hdev);
7c307720 4178
66ea9427 4179 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4180 err = mgmt_cmd_complete(sk, hdev->id,
4181 MGMT_OP_START_SERVICE_DISCOVERY,
4182 MGMT_STATUS_NOT_POWERED,
4183 &cp->type, sizeof(cp->type));
66ea9427
JP		 4184 goto failed;
4185 }
7c307720 4186
66ea9427 4187 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4188 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4189 err = mgmt_cmd_complete(sk, hdev->id,
4190 MGMT_OP_START_SERVICE_DISCOVERY,
4191 MGMT_STATUS_BUSY, &cp->type,
4192 sizeof(cp->type));
66ea9427
JP		 4193 goto failed;
4194 }
d9483943 4195
66ea9427
JP		 4196 uuid_count = __le16_to_cpu(cp->uuid_count);
4197 if (uuid_count > max_uuid_count) {
4198 BT_ERR("service_discovery: too big uuid_count value %u",
4199 uuid_count);
2a1afb5a
JH		 4200 err = mgmt_cmd_complete(sk, hdev->id,
4201 MGMT_OP_START_SERVICE_DISCOVERY,
4202 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4203 sizeof(cp->type));
66ea9427
JP		 4204 goto failed;
4205 }
4206
4207 expected_len = sizeof(*cp) + uuid_count * 16;
4208 if (expected_len != len) {
4209 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4210 expected_len, len);
2a1afb5a
JH		 4211 err = mgmt_cmd_complete(sk, hdev->id,
4212 MGMT_OP_START_SERVICE_DISCOVERY,
4213 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4214 sizeof(cp->type));
66ea9427
JP		 4215 goto failed;
4216 }
4217
4218 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4219 hdev, data, len);
66ea9427
JP		 4220 if (!cmd) {
4221 err = -ENOMEM;
4222 goto failed;
4223 }
4224
2922a94f
JH		 4225 cmd->cmd_complete = service_discovery_cmd_complete;
4226
22078800
MH		 4227 /* Clear the discovery filter first to free any previously
4228 * allocated memory for the UUID list.
4229 */
4230 hci_discovery_filter_clear(hdev);
4231
82f8b651 4232 hdev->discovery.result_filtering = true;
66ea9427
JP		 4233 hdev->discovery.type = cp->type;
4234 hdev->discovery.rssi = cp->rssi;
4235 hdev->discovery.uuid_count = uuid_count;
4236
4237 if (uuid_count > 0) {
4238 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4239 GFP_KERNEL);
4240 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4241 err = mgmt_cmd_complete(sk, hdev->id,
4242 MGMT_OP_START_SERVICE_DISCOVERY,
4243 MGMT_STATUS_FAILED,
4244 &cp->type, sizeof(cp->type));
d9483943
JH		 4245 mgmt_pending_remove(cmd);
4246 goto failed;
4247 }
66ea9427 4248 }
d9483943 4249
66ea9427 4250 hci_req_init(&req, hdev);
5e0452c0 4251
66ea9427 4252 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4253 err = mgmt_cmd_complete(sk, hdev->id,
4254 MGMT_OP_START_SERVICE_DISCOVERY,
4255 status, &cp->type, sizeof(cp->type));
04106755
JH		 4256 mgmt_pending_remove(cmd);
4257 goto failed;
f39799f5 4258 }
3fd24153 4259
7c307720 4260 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4261 if (err < 0) {
14a53664 4262 mgmt_pending_remove(cmd);
66ea9427
JP		 4263 goto failed;
4264 }
4265
4266 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4267
4268failed:
09fd0de5 4269 hci_dev_unlock(hdev);
14a53664
JH		 4270 return err;
4271}
4272
1904a853 4273static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4274{
3b0602cd 4275 struct mgmt_pending_cmd *cmd;
1183fdca 4276
0e05bba6
AG		 4277 BT_DBG("status %d", status);
4278
4279 hci_dev_lock(hdev);
4280
11e6e25d
MH		 4281 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4282 if (cmd) {
2922a94f 4283 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4284 mgmt_pending_remove(cmd);
0e05bba6
AG		 4285 }
4286
11e6e25d
MH		 4287 if (!status)
4288 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4289
0e05bba6
AG		 4290 hci_dev_unlock(hdev);
4291}
4292
bdb6d971 4293static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4294 u16 len)
14a53664 4295{
d930650b 4296 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4297 struct mgmt_pending_cmd *cmd;
0e05bba6 4298 struct hci_request req;
14a53664
JH		 4299 int err;
4300
bdb6d971 4301 BT_DBG("%s", hdev->name);
14a53664 4302
09fd0de5 4303 hci_dev_lock(hdev);
14a53664 4304
30dc78e1 4305 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4306 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4307 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4308 sizeof(mgmt_cp->type));
d930650b
JH		 4309 goto unlock;
4310 }
4311
4312 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4313 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4314 MGMT_STATUS_INVALID_PARAMS,
4315 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4316 goto unlock;
ff9ef578
JH		 4317 }
4318
2922a94f 4319 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4320 if (!cmd) {
4321 err = -ENOMEM;
30dc78e1
JH		 4322 goto unlock;
4323 }
4324
2922a94f
JH		 4325 cmd->cmd_complete = generic_cmd_complete;
4326
0e05bba6
AG		 4327 hci_req_init(&req, hdev);
4328
21a60d30 4329 hci_stop_discovery(&req);
e0d9727e 4330
21a60d30
JH		 4331 err = hci_req_run(&req, stop_discovery_complete);
4332 if (!err) {
4333 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4334 goto unlock;
14a53664
JH		 4335 }
4336
21a60d30
JH		 4337 mgmt_pending_remove(cmd);
4338
4339 /* If no HCI commands were sent we're done */
4340 if (err == -ENODATA) {
2a1afb5a
JH		 4341 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4342 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4343 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4344 }
14a53664 4345
30dc78e1 4346unlock:
09fd0de5 4347 hci_dev_unlock(hdev);
14a53664
JH		 4348 return err;
4349}
4350
bdb6d971 4351static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4352 u16 len)
561aafbc 4353{
650f726d 4354 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4355 struct inquiry_entry *e;
561aafbc
JH		 4356 int err;
4357
bdb6d971 4358 BT_DBG("%s", hdev->name);
561aafbc 4359
561aafbc
JH		 4360 hci_dev_lock(hdev);
4361
30dc78e1 4362 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4363 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4364 MGMT_STATUS_FAILED, &cp->addr,
4365 sizeof(cp->addr));
30dc78e1
JH		 4366 goto failed;
4367 }
4368
a198e7b1 4369 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4370 if (!e) {
2a1afb5a
JH		 4371 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4372 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4373 sizeof(cp->addr));
561aafbc
JH		 4374 goto failed;
4375 }
4376
4377 if (cp->name_known) {
4378 e->name_state = NAME_KNOWN;
4379 list_del(&e->list);
4380 } else {
4381 e->name_state = NAME_NEEDED;
a3d4e20a 4382 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4383 }
4384
2a1afb5a
JH		 4385 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4386 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4387
4388failed:
4389 hci_dev_unlock(hdev);
561aafbc
JH		 4390 return err;
4391}
4392
bdb6d971 4393static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4394 u16 len)
7fbec224 4395{
650f726d 4396 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4397 u8 status;
7fbec224
AJ		 4398 int err;
4399
bdb6d971 4400 BT_DBG("%s", hdev->name);
7fbec224 4401
4ee71b20 4402 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4403 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4404 MGMT_STATUS_INVALID_PARAMS,
4405 &cp->addr, sizeof(cp->addr));
4ee71b20 4406
09fd0de5 4407 hci_dev_lock(hdev);
5e762444 4408
dcc36c16
JH		 4409 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4410 cp->addr.type);
2a8357f2 4411 if (err < 0) {
f0eeea8b 4412 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4413 goto done;
4414 }
4415
4416 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4417 sk);
4418 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4419
2a8357f2 4420done:
2a1afb5a
JH		 4421 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4422 &cp->addr, sizeof(cp->addr));
5e762444 4423
09fd0de5 4424 hci_dev_unlock(hdev);
7fbec224
AJ		 4425
4426 return err;
4427}
4428
bdb6d971 4429static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4430 u16 len)
7fbec224 4431{
650f726d 4432 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4433 u8 status;
7fbec224
AJ		 4434 int err;
4435
bdb6d971 4436 BT_DBG("%s", hdev->name);
7fbec224 4437
4ee71b20 4438 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4439 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4440 MGMT_STATUS_INVALID_PARAMS,
4441 &cp->addr, sizeof(cp->addr));
4ee71b20 4442
09fd0de5 4443 hci_dev_lock(hdev);
5e762444 4444
dcc36c16
JH		 4445 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4446 cp->addr.type);
2a8357f2 4447 if (err < 0) {
f0eeea8b 4448 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4449 goto done;
4450 }
4451
4452 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4453 sk);
4454 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4455
2a8357f2 4456done:
2a1afb5a
JH		 4457 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4458 &cp->addr, sizeof(cp->addr));
5e762444 4459
09fd0de5 4460 hci_dev_unlock(hdev);
7fbec224
AJ		 4461
4462 return err;
4463}
4464
cdbaccca
MH		 4465static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4466 u16 len)
4467{
4468 struct mgmt_cp_set_device_id *cp = data;
890ea898 4469 struct hci_request req;
cdbaccca 4470 int err;
c72d4b8a 4471 __u16 source;
cdbaccca
MH		 4472
4473 BT_DBG("%s", hdev->name);
4474
c72d4b8a
SJ		 4475 source = __le16_to_cpu(cp->source);
4476
4477 if (source > 0x0002)
a69e8375
JH		 4478 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4479 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4480
cdbaccca
MH		 4481 hci_dev_lock(hdev);
4482
c72d4b8a 4483 hdev->devid_source = source;
cdbaccca
MH		 4484 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4485 hdev->devid_product = __le16_to_cpu(cp->product);
4486 hdev->devid_version = __le16_to_cpu(cp->version);
4487
2a1afb5a
JH		 4488 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4489 NULL, 0);
cdbaccca 4490
890ea898
JH		 4491 hci_req_init(&req, hdev);
4492 update_eir(&req);
4493 hci_req_run(&req, NULL);
cdbaccca
MH		 4494
4495 hci_dev_unlock(hdev);
4496
4497 return err;
4498}
4499
1904a853
MH		 4500static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4501 u16 opcode)
4375f103
JH		 4502{
4503 struct cmd_lookup match = { NULL, hdev };
4504
3ad67582
JK		 4505 hci_dev_lock(hdev);
4506
4375f103
JH		 4507 if (status) {
4508 u8 mgmt_err = mgmt_status(status);
4509
4510 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4511 cmd_status_rsp, &mgmt_err);
3ad67582 4512 goto unlock;
4375f103
JH		 4513 }
4514
d7a5a11d 4515 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4516 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4517 else
a358dc11 4518 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4519
4375f103
JH		 4520 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4521 &match);
4522
4523 new_settings(hdev, match.sk);
4524
4525 if (match.sk)
4526 sock_put(match.sk);
3ad67582
JK		 4527
4528unlock:
4529 hci_dev_unlock(hdev);
4375f103
JH		 4530}
4531
21b5187f
MH		 4532static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4533 u16 len)
4375f103
JH		 4534{
4535 struct mgmt_mode *cp = data;
3b0602cd 4536 struct mgmt_pending_cmd *cmd;
4375f103 4537 struct hci_request req;
cc91cb04 4538 u8 val, status;
4375f103
JH		 4539 int err;
4540
4541 BT_DBG("request for %s", hdev->name);
4542
e6fe7986
JH		 4543 status = mgmt_le_support(hdev);
4544 if (status)
a69e8375
JH		 4545 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4546 status);
4375f103 4547
cc91cb04 4548 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4549 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4550 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4551
4552 hci_dev_lock(hdev);
4553
4554 val = !!cp->val;
4375f103 4555
f74ca9b8
JH		 4556 /* The following conditions are ones which mean that we should
4557 * not do any HCI communication but directly send a mgmt
4558 * response to user space (after toggling the flag if
4559 * necessary).
4560 */
cc91cb04 4561 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4562 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4563 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4564 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4565 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4566 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4567 bool changed;
4375f103 4568
cc91cb04 4569 if (cp->val) {
238be788 4570 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4571 if (cp->val == 0x02)
a1536da2 4572 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4573 else
a358dc11 4574 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4575 } else {
a69d8927 4576 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4577 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4578 }
4579
4580 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4581 if (err < 0)
4582 goto unlock;
4583
4584 if (changed)
4585 err = new_settings(hdev, sk);
4586
4587 goto unlock;
4588 }
4589
4590 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4591 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4592 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4593 MGMT_STATUS_BUSY);
4375f103
JH		 4594 goto unlock;
4595 }
4596
4597 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4598 if (!cmd) {
4599 err = -ENOMEM;
4600 goto unlock;
4601 }
4602
4603 hci_req_init(&req, hdev);
4604
cc91cb04 4605 if (cp->val == 0x02)
a1536da2 4606 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4607 else
a358dc11 4608 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4609
bba3aa55
MH		 4610 if (val)
4611 enable_advertising(&req);
4612 else
4613 disable_advertising(&req);
4375f103
JH		 4614
4615 err = hci_req_run(&req, set_advertising_complete);
4616 if (err < 0)
4617 mgmt_pending_remove(cmd);
4618
4619unlock:
4620 hci_dev_unlock(hdev);
4621 return err;
4622}
4623
d13eafce
MH		 4624static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4625 void *data, u16 len)
4626{
4627 struct mgmt_cp_set_static_address *cp = data;
4628 int err;
4629
4630 BT_DBG("%s", hdev->name);
4631
62af4443 4632 if (!lmp_le_capable(hdev))
a69e8375
JH		 4633 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4634 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4635
4636 if (hdev_is_powered(hdev))
a69e8375
JH		 4637 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4638 MGMT_STATUS_REJECTED);
d13eafce
MH		 4639
4640 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4641 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4642 return mgmt_cmd_status(sk, hdev->id,
4643 MGMT_OP_SET_STATIC_ADDRESS,
4644 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4645
4646 /* Two most significant bits shall be set */
4647 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4648 return mgmt_cmd_status(sk, hdev->id,
4649 MGMT_OP_SET_STATIC_ADDRESS,
4650 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4651 }
4652
4653 hci_dev_lock(hdev);
4654
4655 bacpy(&hdev->static_addr, &cp->bdaddr);
4656
93690c22
MH		 4657 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4658 if (err < 0)
4659 goto unlock;
4660
4661 err = new_settings(hdev, sk);
d13eafce 4662
93690c22 4663unlock:
d13eafce 4664 hci_dev_unlock(hdev);
d13eafce
MH		 4665 return err;
4666}
4667
14b49b9a
MH		 4668static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4669 void *data, u16 len)
4670{
4671 struct mgmt_cp_set_scan_params *cp = data;
4672 __u16 interval, window;
4673 int err;
4674
4675 BT_DBG("%s", hdev->name);
4676
4677 if (!lmp_le_capable(hdev))
a69e8375
JH		 4678 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4679 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4680
4681 interval = __le16_to_cpu(cp->interval);
4682
4683 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4684 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4685 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4686
4687 window = __le16_to_cpu(cp->window);
4688
4689 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4690 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4691 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4692
899e1075 4693 if (window > interval)
a69e8375
JH		 4694 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4695 MGMT_STATUS_INVALID_PARAMS);
899e1075 4696
14b49b9a
MH		 4697 hci_dev_lock(hdev);
4698
4699 hdev->le_scan_interval = interval;
4700 hdev->le_scan_window = window;
4701
2a1afb5a
JH		 4702 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4703 NULL, 0);
14b49b9a 4704
dd2ef8e2
AG		 4705 /* If background scan is running, restart it so new parameters are
4706 * loaded.
4707 */
d7a5a11d 4708 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4709 hdev->discovery.state == DISCOVERY_STOPPED) {
4710 struct hci_request req;
4711
4712 hci_req_init(&req, hdev);
4713
4714 hci_req_add_le_scan_disable(&req);
4715 hci_req_add_le_passive_scan(&req);
4716
4717 hci_req_run(&req, NULL);
4718 }
4719
14b49b9a
MH		 4720 hci_dev_unlock(hdev);
4721
4722 return err;
4723}
4724
1904a853
MH		 4725static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4726 u16 opcode)
33e38b3e 4727{
3b0602cd 4728 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4729
4730 BT_DBG("status 0x%02x", status);
4731
4732 hci_dev_lock(hdev);
4733
4734 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4735 if (!cmd)
4736 goto unlock;
4737
4738 if (status) {
a69e8375
JH		 4739 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4740 mgmt_status(status));
33e38b3e 4741 } else {
1a4d3c4b
JH		 4742 struct mgmt_mode *cp = cmd->param;
4743
4744 if (cp->val)
a1536da2 4745 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4746 else
a358dc11 4747 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4748
33e38b3e
JH		 4749 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4750 new_settings(hdev, cmd->sk);
4751 }
4752
4753 mgmt_pending_remove(cmd);
4754
4755unlock:
4756 hci_dev_unlock(hdev);
4757}
4758
bdb6d971 4759static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4760 void *data, u16 len)
f6422ec6 4761{
650f726d 4762 struct mgmt_mode *cp = data;
3b0602cd 4763 struct mgmt_pending_cmd *cmd;
33e38b3e 4764 struct hci_request req;
f6422ec6
AJ		 4765 int err;
4766
bdb6d971 4767 BT_DBG("%s", hdev->name);
f6422ec6 4768
d7a5a11d 4769 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4770 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4771 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4772 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4773
a7e80f25 4774 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4775 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4776 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4777
f6422ec6
AJ		 4778 hci_dev_lock(hdev);
4779
05cbf29f 4780 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4781 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4782 MGMT_STATUS_BUSY);
05cbf29f
JH		 4783 goto unlock;
4784 }
4785
d7a5a11d 4786 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4787 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4788 hdev);
4789 goto unlock;
4790 }
4791
406ef2a6 4792 if (!hdev_is_powered(hdev)) {
ce05d603 4793 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4794 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4795 hdev);
4796 new_settings(hdev, sk);
4797 goto unlock;
4798 }
4799
33e38b3e
JH		 4800 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4801 data, len);
4802 if (!cmd) {
4803 err = -ENOMEM;
4804 goto unlock;
f6422ec6
AJ		 4805 }
4806
33e38b3e
JH		 4807 hci_req_init(&req, hdev);
4808
406d7804 4809 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4810
4811 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4812 if (err < 0) {
a69e8375
JH		 4813 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4814 MGMT_STATUS_FAILED);
33e38b3e 4815 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4816 }
4817
33e38b3e 4818unlock:
f6422ec6 4819 hci_dev_unlock(hdev);
33e38b3e 4820
f6422ec6
AJ		 4821 return err;
4822}
4823
1904a853 4824static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4825{
3b0602cd 4826 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4827
4828 BT_DBG("status 0x%02x", status);
4829
4830 hci_dev_lock(hdev);
4831
4832 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4833 if (!cmd)
4834 goto unlock;
4835
4836 if (status) {
4837 u8 mgmt_err = mgmt_status(status);
4838
4839 /* We need to restore the flag if related HCI commands
4840 * failed.
4841 */
a358dc11 4842 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4843
a69e8375 4844 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4845 } else {
4846 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4847 new_settings(hdev, cmd->sk);
4848 }
4849
4850 mgmt_pending_remove(cmd);
4851
4852unlock:
4853 hci_dev_unlock(hdev);
4854}
4855
4856static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4857{
4858 struct mgmt_mode *cp = data;
3b0602cd 4859 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4860 struct hci_request req;
4861 int err;
4862
4863 BT_DBG("request for %s", hdev->name);
4864
4865 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4866 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4867 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4868
d7a5a11d 4869 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4870 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4871 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4872
4873 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4874 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4875 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4876
4877 hci_dev_lock(hdev);
4878
d7a5a11d 4879 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4880 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4881 goto unlock;
4882 }
4883
4884 if (!hdev_is_powered(hdev)) {
4885 if (!cp->val) {
a358dc11
MH		 4886 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4887 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4888 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4889 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4890 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4891 }
4892
ce05d603 4893 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4894
4895 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4896 if (err < 0)
4897 goto unlock;
4898
4899 err = new_settings(hdev, sk);
4900 goto unlock;
4901 }
4902
4903 /* Reject disabling when powered on */
4904 if (!cp->val) {
a69e8375
JH		 4905 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4906 MGMT_STATUS_REJECTED);
0663ca2a 4907 goto unlock;
111e4bcc
MH		 4908 } else {
4909 /* When configuring a dual-mode controller to operate
4910 * with LE only and using a static address, then switching
4911 * BR/EDR back on is not allowed.
4912 *
4913 * Dual-mode controllers shall operate with the public
4914 * address as its identity address for BR/EDR and LE. So
4915 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4916 *
4917 * The same restrictions applies when secure connections
4918 * has been enabled. For BR/EDR this is a controller feature
4919 * while for LE it is a host stack feature. This means that
4920 * switching BR/EDR back on when secure connections has been
4921 * enabled is not a supported transaction.
111e4bcc 4922 */
d7a5a11d 4923 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4924 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4925 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4926 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4927 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4928 goto unlock;
4929 }
0663ca2a
JH		 4930 }
4931
4932 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4933 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4934 MGMT_STATUS_BUSY);
0663ca2a
JH		 4935 goto unlock;
4936 }
4937
4938 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4939 if (!cmd) {
4940 err = -ENOMEM;
4941 goto unlock;
4942 }
4943
5947f4bc 4944 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4945 * generates the correct flags.
4946 */
a1536da2 4947 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4948
4949 hci_req_init(&req, hdev);
aa8af46e 4950
432df05e 4951 write_fast_connectable(&req, false);
1d2dc5b7 4952 __hci_update_page_scan(&req);
aa8af46e 4953
f14d8f64
MH		 4954 /* Since only the advertising data flags will change, there
4955 * is no need to update the scan response data.
4956 */
5947f4bc 4957 update_adv_data(&req);
aa8af46e 4958
0663ca2a
JH		 4959 err = hci_req_run(&req, set_bredr_complete);
4960 if (err < 0)
4961 mgmt_pending_remove(cmd);
4962
4963unlock:
4964 hci_dev_unlock(hdev);
4965 return err;
4966}
4967
a1443f5a
JH		 4968static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4969{
3b0602cd 4970 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4971 struct mgmt_mode *cp;
4972
4973 BT_DBG("%s status %u", hdev->name, status);
4974
4975 hci_dev_lock(hdev);
4976
4977 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4978 if (!cmd)
4979 goto unlock;
4980
4981 if (status) {
a69e8375
JH		 4982 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4983 mgmt_status(status));
a1443f5a
JH		 4984 goto remove;
4985 }
4986
4987 cp = cmd->param;
4988
4989 switch (cp->val) {
4990 case 0x00:
a358dc11
MH		 4991 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4992 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4993 break;
4994 case 0x01:
a1536da2 4995 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4996 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4997 break;
4998 case 0x02:
a1536da2
MH		 4999 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5000 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5001 break;
5002 }
5003
5004 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5005 new_settings(hdev, cmd->sk);
5006
5007remove:
5008 mgmt_pending_remove(cmd);
5009unlock:
5010 hci_dev_unlock(hdev);
5011}
5012
eac83dc6
MH		 5013static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5014 void *data, u16 len)
5015{
5016 struct mgmt_mode *cp = data;
3b0602cd 5017 struct mgmt_pending_cmd *cmd;
a1443f5a 5018 struct hci_request req;
a3209694 5019 u8 val;
eac83dc6
MH		 5020 int err;
5021
5022 BT_DBG("request for %s", hdev->name);
5023
05b3c3e7 5024 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5025 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5027 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5028
d7a5a11d 5029 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5030 lmp_sc_capable(hdev) &&
d7a5a11d 5031 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5033 MGMT_STATUS_REJECTED);
ed93ec69 5034
0ab04a9c 5035 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5037 MGMT_STATUS_INVALID_PARAMS);
5038
5039 hci_dev_lock(hdev);
5040
05b3c3e7 5041 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5042 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5043 bool changed;
5044
0ab04a9c 5045 if (cp->val) {
238be788
MH		 5046 changed = !hci_dev_test_and_set_flag(hdev,
5047 HCI_SC_ENABLED);
0ab04a9c 5048 if (cp->val == 0x02)
a1536da2 5049 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5050 else
a358dc11 5051 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5052 } else {
a69d8927
MH		 5053 changed = hci_dev_test_and_clear_flag(hdev,
5054 HCI_SC_ENABLED);
a358dc11 5055 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5056 }
eac83dc6
MH		 5057
5058 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5059 if (err < 0)
5060 goto failed;
5061
5062 if (changed)
5063 err = new_settings(hdev, sk);
5064
5065 goto failed;
5066 }
5067
5068 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5069 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5070 MGMT_STATUS_BUSY);
eac83dc6
MH		 5071 goto failed;
5072 }
5073
0ab04a9c
MH		 5074 val = !!cp->val;
5075
d7a5a11d
MH		 5076 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5077 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5078 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5079 goto failed;
5080 }
5081
5082 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5083 if (!cmd) {
5084 err = -ENOMEM;
5085 goto failed;
5086 }
5087
a1443f5a
JH		 5088 hci_req_init(&req, hdev);
5089 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5090 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5091 if (err < 0) {
5092 mgmt_pending_remove(cmd);
5093 goto failed;
5094 }
5095
5096failed:
5097 hci_dev_unlock(hdev);
5098 return err;
5099}
5100
4e39ac81
MH		 5101static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5102 void *data, u16 len)
5103{
5104 struct mgmt_mode *cp = data;
b9710979 5105 bool changed, use_changed;
4e39ac81
MH		 5106 int err;
5107
5108 BT_DBG("request for %s", hdev->name);
5109
b9710979 5110 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5112 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5113
5114 hci_dev_lock(hdev);
5115
5116 if (cp->val)
238be788 5117 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5118 else
a69d8927
MH		 5119 changed = hci_dev_test_and_clear_flag(hdev,
5120 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5121
b9710979 5122 if (cp->val == 0x02)
238be788
MH		 5123 use_changed = !hci_dev_test_and_set_flag(hdev,
5124 HCI_USE_DEBUG_KEYS);
b9710979 5125 else
a69d8927
MH		 5126 use_changed = hci_dev_test_and_clear_flag(hdev,
5127 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5128
5129 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5130 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5131 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5132 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5133 sizeof(mode), &mode);
5134 }
5135
4e39ac81
MH		 5136 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5137 if (err < 0)
5138 goto unlock;
5139
5140 if (changed)
5141 err = new_settings(hdev, sk);
5142
5143unlock:
5144 hci_dev_unlock(hdev);
5145 return err;
5146}
5147
62b04cd1
JH		 5148static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5149 u16 len)
5150{
5151 struct mgmt_cp_set_privacy *cp = cp_data;
5152 bool changed;
5153 int err;
5154
5155 BT_DBG("request for %s", hdev->name);
5156
5157 if (!lmp_le_capable(hdev))
a69e8375
JH		 5158 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5159 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5160
5161 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5162 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5163 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5164
5165 if (hdev_is_powered(hdev))
a69e8375
JH		 5166 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5167 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5168
5169 hci_dev_lock(hdev);
5170
c21c0ea0
JH		 5171 /* If user space supports this command it is also expected to
5172 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5173 */
a1536da2 5174 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5175
62b04cd1 5176 if (cp->privacy) {
238be788 5177 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5178 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5179 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5180 } else {
a69d8927 5181 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5182 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5183 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5184 }
5185
5186 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5187 if (err < 0)
5188 goto unlock;
5189
5190 if (changed)
5191 err = new_settings(hdev, sk);
5192
5193unlock:
5194 hci_dev_unlock(hdev);
5195 return err;
5196}
5197
41edf160
JH		 5198static bool irk_is_valid(struct mgmt_irk_info *irk)
5199{
5200 switch (irk->addr.type) {
5201 case BDADDR_LE_PUBLIC:
5202 return true;
5203
5204 case BDADDR_LE_RANDOM:
5205 /* Two most significant bits shall be set */
5206 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5207 return false;
5208 return true;
5209 }
5210
5211 return false;
5212}
5213
5214static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5215 u16 len)
5216{
5217 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5218 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5219 sizeof(struct mgmt_irk_info));
41edf160
JH		 5220 u16 irk_count, expected_len;
5221 int i, err;
5222
5223 BT_DBG("request for %s", hdev->name);
5224
5225 if (!lmp_le_capable(hdev))
a69e8375
JH		 5226 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5227 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5228
5229 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5230 if (irk_count > max_irk_count) {
5231 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5232 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5233 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5234 }
41edf160
JH		 5235
5236 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5237 if (expected_len != len) {
5238 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5239 expected_len, len);
a69e8375
JH		 5240 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5241 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5242 }
5243
5244 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5245
5246 for (i = 0; i < irk_count; i++) {
5247 struct mgmt_irk_info *key = &cp->irks[i];
5248
5249 if (!irk_is_valid(key))
a69e8375
JH		 5250 return mgmt_cmd_status(sk, hdev->id,
5251 MGMT_OP_LOAD_IRKS,
5252 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5253 }
5254
5255 hci_dev_lock(hdev);
5256
5257 hci_smp_irks_clear(hdev);
5258
5259 for (i = 0; i < irk_count; i++) {
5260 struct mgmt_irk_info *irk = &cp->irks[i];
5261 u8 addr_type;
5262
5263 if (irk->addr.type == BDADDR_LE_PUBLIC)
5264 addr_type = ADDR_LE_DEV_PUBLIC;
5265 else
5266 addr_type = ADDR_LE_DEV_RANDOM;
5267
5268 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5269 BDADDR_ANY);
5270 }
5271
a1536da2 5272 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5273
2a1afb5a 5274 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5275
5276 hci_dev_unlock(hdev);
5277
5278 return err;
5279}
5280
3f706b72
JH		 5281static bool ltk_is_valid(struct mgmt_ltk_info *key)
5282{
5283 if (key->master != 0x00 && key->master != 0x01)
5284 return false;
490cb0b3
MH		 5285
5286 switch (key->addr.type) {
5287 case BDADDR_LE_PUBLIC:
5288 return true;
5289
5290 case BDADDR_LE_RANDOM:
5291 /* Two most significant bits shall be set */
5292 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5293 return false;
5294 return true;
5295 }
5296
5297 return false;
3f706b72
JH		 5298}
5299
bdb6d971 5300static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5301 void *cp_data, u16 len)
346af67b 5302{
346af67b 5303 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5304 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5305 sizeof(struct mgmt_ltk_info));
346af67b 5306 u16 key_count, expected_len;
715a5bf2 5307 int i, err;
346af67b 5308
cf99ba13
MH		 5309 BT_DBG("request for %s", hdev->name);
5310
5311 if (!lmp_le_capable(hdev))
a69e8375
JH		 5312 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5313 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5314
1f350c87 5315 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5316 if (key_count > max_key_count) {
5317 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5319 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5320 }
346af67b
VCG		 5321
5322 expected_len = sizeof(*cp) + key_count *
5323 sizeof(struct mgmt_ltk_info);
5324 if (expected_len != len) {
5325 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5326 expected_len, len);
a69e8375
JH		 5327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5328 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5329 }
5330
bdb6d971 5331 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5332
54ad6d8a
JH		 5333 for (i = 0; i < key_count; i++) {
5334 struct mgmt_ltk_info *key = &cp->keys[i];
5335
3f706b72 5336 if (!ltk_is_valid(key))
a69e8375
JH		 5337 return mgmt_cmd_status(sk, hdev->id,
5338 MGMT_OP_LOAD_LONG_TERM_KEYS,
5339 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5340 }
5341
346af67b
VCG		 5342 hci_dev_lock(hdev);
5343
5344 hci_smp_ltks_clear(hdev);
5345
5346 for (i = 0; i < key_count; i++) {
5347 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5348 u8 type, addr_type, authenticated;
79d95a19
MH		 5349
5350 if (key->addr.type == BDADDR_LE_PUBLIC)
5351 addr_type = ADDR_LE_DEV_PUBLIC;
5352 else
5353 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5354
61b43357
JH		 5355 switch (key->type) {
5356 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5357 authenticated = 0x00;
23fb8de3 5358 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5359 break;
5360 case MGMT_LTK_AUTHENTICATED:
d7b25450 5361 authenticated = 0x01;
23fb8de3
JH		 5362 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5363 break;
5364 case MGMT_LTK_P256_UNAUTH:
5365 authenticated = 0x00;
5366 type = SMP_LTK_P256;
61b43357 5367 break;
23fb8de3
JH		 5368 case MGMT_LTK_P256_AUTH:
5369 authenticated = 0x01;
5370 type = SMP_LTK_P256;
61b43357 5371 break;
23fb8de3
JH		 5372 case MGMT_LTK_P256_DEBUG:
5373 authenticated = 0x00;
5374 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5375 default:
5376 continue;
5377 }
d7b25450 5378
35d70271 5379 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5380 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5381 key->rand);
346af67b
VCG		 5382 }
5383
2a1afb5a 5384 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5385 NULL, 0);
5386
346af67b 5387 hci_dev_unlock(hdev);
346af67b 5388
715a5bf2 5389 return err;
346af67b
VCG		 5390}
5391
3b0602cd 5392static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5393{
dd983808 5394 struct hci_conn *conn = cmd->user_data;
9981bdb0 5395 struct mgmt_rp_get_conn_info rp;
9df74653 5396 int err;
dd983808 5397
9981bdb0 5398 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5399
9981bdb0 5400 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5401 rp.rssi = conn->rssi;
9981bdb0
JH		 5402 rp.tx_power = conn->tx_power;
5403 rp.max_tx_power = conn->max_tx_power;
5404 } else {
5405 rp.rssi = HCI_RSSI_INVALID;
5406 rp.tx_power = HCI_TX_POWER_INVALID;
5407 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5408 }
5409
2a1afb5a
JH		 5410 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5411 status, &rp, sizeof(rp));
dd983808
AK		 5412
5413 hci_conn_drop(conn);
f8aaf9b6 5414 hci_conn_put(conn);
9df74653
JH		 5415
5416 return err;
dd983808
AK		 5417}
5418
1904a853
MH		 5419static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5420 u16 opcode)
dd983808
AK		 5421{
5422 struct hci_cp_read_rssi *cp;
3b0602cd 5423 struct mgmt_pending_cmd *cmd;
dd983808 5424 struct hci_conn *conn;
dd983808 5425 u16 handle;
9981bdb0 5426 u8 status;
dd983808 5427
9981bdb0 5428 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5429
5430 hci_dev_lock(hdev);
5431
dd983808
AK		 5432 /* Commands sent in request are either Read RSSI or Read Transmit Power
5433 * Level so we check which one was last sent to retrieve connection
5434 * handle. Both commands have handle as first parameter so it's safe to
5435 * cast data on the same command struct.
5436 *
5437 * First command sent is always Read RSSI and we fail only if it fails.
5438 * In other case we simply override error to indicate success as we
5439 * already remembered if TX power value is actually valid.
5440 */
5441 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5442 if (!cp) {
5443 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5444 status = MGMT_STATUS_SUCCESS;
5445 } else {
5446 status = mgmt_status(hci_status);
dd983808
AK		 5447 }
5448
5449 if (!cp) {
9981bdb0 5450 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5451 goto unlock;
5452 }
5453
5454 handle = __le16_to_cpu(cp->handle);
5455 conn = hci_conn_hash_lookup_handle(hdev, handle);
5456 if (!conn) {
9981bdb0 5457 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5458 goto unlock;
5459 }
5460
9981bdb0
JH		 5461 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5462 if (!cmd)
5463 goto unlock;
dd983808 5464
9981bdb0
JH		 5465 cmd->cmd_complete(cmd, status);
5466 mgmt_pending_remove(cmd);
dd983808
AK		 5467
5468unlock:
5469 hci_dev_unlock(hdev);
5470}
5471
5472static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5473 u16 len)
5474{
5475 struct mgmt_cp_get_conn_info *cp = data;
5476 struct mgmt_rp_get_conn_info rp;
5477 struct hci_conn *conn;
5478 unsigned long conn_info_age;
5479 int err = 0;
5480
5481 BT_DBG("%s", hdev->name);
5482
5483 memset(&rp, 0, sizeof(rp));
5484 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5485 rp.addr.type = cp->addr.type;
5486
5487 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5488 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5489 MGMT_STATUS_INVALID_PARAMS,
5490 &rp, sizeof(rp));
dd983808
AK		 5491
5492 hci_dev_lock(hdev);
5493
5494 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5495 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5496 MGMT_STATUS_NOT_POWERED, &rp,
5497 sizeof(rp));
dd983808
AK		 5498 goto unlock;
5499 }
5500
5501 if (cp->addr.type == BDADDR_BREDR)
5502 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5503 &cp->addr.bdaddr);
5504 else
5505 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5506
5507 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5508 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5509 MGMT_STATUS_NOT_CONNECTED, &rp,
5510 sizeof(rp));
dd983808
AK		 5511 goto unlock;
5512 }
5513
9981bdb0 5514 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5515 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5516 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5517 goto unlock;
5518 }
5519
dd983808
AK		 5520 /* To avoid client trying to guess when to poll again for information we
5521 * calculate conn info age as random value between min/max set in hdev.
5522 */
5523 conn_info_age = hdev->conn_info_min_age +
5524 prandom_u32_max(hdev->conn_info_max_age -
5525 hdev->conn_info_min_age);
5526
5527 /* Query controller to refresh cached values if they are too old or were
5528 * never read.
5529 */
f4e2dd53
AK		 5530 if (time_after(jiffies, conn->conn_info_timestamp +
5531 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5532 !conn->conn_info_timestamp) {
5533 struct hci_request req;
5534 struct hci_cp_read_tx_power req_txp_cp;
5535 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5536 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5537
5538 hci_req_init(&req, hdev);
5539 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5540 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5541 &req_rssi_cp);
5542
f7faab0c
AK		 5543 /* For LE links TX power does not change thus we don't need to
5544 * query for it once value is known.
5545 */
5546 if (!bdaddr_type_is_le(cp->addr.type) ||
5547 conn->tx_power == HCI_TX_POWER_INVALID) {
5548 req_txp_cp.handle = cpu_to_le16(conn->handle);
5549 req_txp_cp.type = 0x00;
5550 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5551 sizeof(req_txp_cp), &req_txp_cp);
5552 }
dd983808 5553
eed5daf3
AK		 5554 /* Max TX power needs to be read only once per connection */
5555 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5556 req_txp_cp.handle = cpu_to_le16(conn->handle);
5557 req_txp_cp.type = 0x01;
5558 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5559 sizeof(req_txp_cp), &req_txp_cp);
5560 }
5561
dd983808
AK		 5562 err = hci_req_run(&req, conn_info_refresh_complete);
5563 if (err < 0)
5564 goto unlock;
5565
5566 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5567 data, len);
5568 if (!cmd) {
5569 err = -ENOMEM;
5570 goto unlock;
5571 }
5572
5573 hci_conn_hold(conn);
f8aaf9b6 5574 cmd->user_data = hci_conn_get(conn);
9981bdb0 5575 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5576
5577 conn->conn_info_timestamp = jiffies;
5578 } else {
5579 /* Cache is valid, just reply with values cached in hci_conn */
5580 rp.rssi = conn->rssi;
5581 rp.tx_power = conn->tx_power;
eed5daf3 5582 rp.max_tx_power = conn->max_tx_power;
dd983808 5583
2a1afb5a
JH		 5584 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5585 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5586 }
5587
5588unlock:
5589 hci_dev_unlock(hdev);
5590 return err;
5591}
5592
3b0602cd 5593static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5594{
69487371 5595 struct hci_conn *conn = cmd->user_data;
95868426 5596 struct mgmt_rp_get_clock_info rp;
69487371 5597 struct hci_dev *hdev;
9df74653 5598 int err;
69487371
JH		 5599
5600 memset(&rp, 0, sizeof(rp));
5601 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5602
5603 if (status)
5604 goto complete;
5605
5606 hdev = hci_dev_get(cmd->index);
5607 if (hdev) {
5608 rp.local_clock = cpu_to_le32(hdev->clock);
5609 hci_dev_put(hdev);
5610 }
5611
5612 if (conn) {
5613 rp.piconet_clock = cpu_to_le32(conn->clock);
5614 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5615 }
5616
5617complete:
2a1afb5a
JH		 5618 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5619 sizeof(rp));
69487371
JH		 5620
5621 if (conn) {
5622 hci_conn_drop(conn);
5623 hci_conn_put(conn);
5624 }
9df74653
JH		 5625
5626 return err;
69487371
JH		 5627}
5628
1904a853 5629static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5630{
95868426 5631 struct hci_cp_read_clock *hci_cp;
3b0602cd 5632 struct mgmt_pending_cmd *cmd;
95868426
JH		 5633 struct hci_conn *conn;
5634
5635 BT_DBG("%s status %u", hdev->name, status);
5636
5637 hci_dev_lock(hdev);
5638
5639 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5640 if (!hci_cp)
5641 goto unlock;
5642
5643 if (hci_cp->which) {
5644 u16 handle = __le16_to_cpu(hci_cp->handle);
5645 conn = hci_conn_hash_lookup_handle(hdev, handle);
5646 } else {
5647 conn = NULL;
5648 }
5649
5650 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5651 if (!cmd)
5652 goto unlock;
5653
69487371 5654 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5655 mgmt_pending_remove(cmd);
95868426
JH		 5656
5657unlock:
5658 hci_dev_unlock(hdev);
5659}
5660
5661static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5662 u16 len)
5663{
5664 struct mgmt_cp_get_clock_info *cp = data;
5665 struct mgmt_rp_get_clock_info rp;
5666 struct hci_cp_read_clock hci_cp;
3b0602cd 5667 struct mgmt_pending_cmd *cmd;
95868426
JH		 5668 struct hci_request req;
5669 struct hci_conn *conn;
5670 int err;
5671
5672 BT_DBG("%s", hdev->name);
5673
5674 memset(&rp, 0, sizeof(rp));
5675 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5676 rp.addr.type = cp->addr.type;
5677
5678 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5679 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5680 MGMT_STATUS_INVALID_PARAMS,
5681 &rp, sizeof(rp));
95868426
JH		 5682
5683 hci_dev_lock(hdev);
5684
5685 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5686 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5687 MGMT_STATUS_NOT_POWERED, &rp,
5688 sizeof(rp));
95868426
JH		 5689 goto unlock;
5690 }
5691
5692 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5693 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5694 &cp->addr.bdaddr);
5695 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5696 err = mgmt_cmd_complete(sk, hdev->id,
5697 MGMT_OP_GET_CLOCK_INFO,
5698 MGMT_STATUS_NOT_CONNECTED,
5699 &rp, sizeof(rp));
95868426
JH		 5700 goto unlock;
5701 }
5702 } else {
5703 conn = NULL;
5704 }
5705
5706 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5707 if (!cmd) {
5708 err = -ENOMEM;
5709 goto unlock;
5710 }
5711
69487371
JH		 5712 cmd->cmd_complete = clock_info_cmd_complete;
5713
95868426
JH		 5714 hci_req_init(&req, hdev);
5715
5716 memset(&hci_cp, 0, sizeof(hci_cp));
5717 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5718
5719 if (conn) {
5720 hci_conn_hold(conn);
f8aaf9b6 5721 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5722
5723 hci_cp.handle = cpu_to_le16(conn->handle);
5724 hci_cp.which = 0x01; /* Piconet clock */
5725 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5726 }
5727
5728 err = hci_req_run(&req, get_clock_info_complete);
5729 if (err < 0)
5730 mgmt_pending_remove(cmd);
5731
5732unlock:
5733 hci_dev_unlock(hdev);
5734 return err;
5735}
5736
5a154e6f
JH		 5737static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5738{
5739 struct hci_conn *conn;
5740
5741 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5742 if (!conn)
5743 return false;
5744
5745 if (conn->dst_type != type)
5746 return false;
5747
5748 if (conn->state != BT_CONNECTED)
5749 return false;
5750
5751 return true;
5752}
5753
5754/* This function requires the caller holds hdev->lock */
5755static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5756 u8 addr_type, u8 auto_connect)
5757{
5758 struct hci_dev *hdev = req->hdev;
5759 struct hci_conn_params *params;
5760
5761 params = hci_conn_params_add(hdev, addr, addr_type);
5762 if (!params)
5763 return -EIO;
5764
5765 if (params->auto_connect == auto_connect)
5766 return 0;
5767
5768 list_del_init(&params->action);
5769
5770 switch (auto_connect) {
5771 case HCI_AUTO_CONN_DISABLED:
5772 case HCI_AUTO_CONN_LINK_LOSS:
5773 __hci_update_background_scan(req);
5774 break;
5775 case HCI_AUTO_CONN_REPORT:
5776 list_add(&params->action, &hdev->pend_le_reports);
5777 __hci_update_background_scan(req);
5778 break;
5779 case HCI_AUTO_CONN_DIRECT:
5780 case HCI_AUTO_CONN_ALWAYS:
5781 if (!is_connected(hdev, addr, addr_type)) {
5782 list_add(&params->action, &hdev->pend_le_conns);
5783 __hci_update_background_scan(req);
5784 }
5785 break;
5786 }
5787
5788 params->auto_connect = auto_connect;
5789
5790 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5791 auto_connect);
5792
5793 return 0;
5794}
5795
8afef092
MH		 5796static void device_added(struct sock *sk, struct hci_dev *hdev,
5797 bdaddr_t *bdaddr, u8 type, u8 action)
5798{
5799 struct mgmt_ev_device_added ev;
5800
5801 bacpy(&ev.addr.bdaddr, bdaddr);
5802 ev.addr.type = type;
5803 ev.action = action;
5804
5805 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5806}
5807
1904a853 5808static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5809{
3b0602cd 5810 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5811
5812 BT_DBG("status 0x%02x", status);
5813
5814 hci_dev_lock(hdev);
5815
5816 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5817 if (!cmd)
5818 goto unlock;
5819
5820 cmd->cmd_complete(cmd, mgmt_status(status));
5821 mgmt_pending_remove(cmd);
5822
5823unlock:
5824 hci_dev_unlock(hdev);
5825}
5826
2faade53
MH		 5827static int add_device(struct sock *sk, struct hci_dev *hdev,
5828 void *data, u16 len)
5829{
5830 struct mgmt_cp_add_device *cp = data;
3b0602cd 5831 struct mgmt_pending_cmd *cmd;
5a154e6f 5832 struct hci_request req;
2faade53
MH		 5833 u8 auto_conn, addr_type;
5834 int err;
5835
5836 BT_DBG("%s", hdev->name);
5837
6659358e 5838 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5839 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5840 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5841 MGMT_STATUS_INVALID_PARAMS,
5842 &cp->addr, sizeof(cp->addr));
2faade53 5843
4b9e7e75 5844 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5845 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5846 MGMT_STATUS_INVALID_PARAMS,
5847 &cp->addr, sizeof(cp->addr));
2faade53 5848
5a154e6f
JH		 5849 hci_req_init(&req, hdev);
5850
2faade53
MH		 5851 hci_dev_lock(hdev);
5852
5a154e6f
JH		 5853 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5854 if (!cmd) {
5855 err = -ENOMEM;
5856 goto unlock;
5857 }
5858
5859 cmd->cmd_complete = addr_cmd_complete;
5860
6659358e 5861 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5862 /* Only incoming connections action is supported for now */
6659358e 5863 if (cp->action != 0x01) {
9df74653
JH		 5864 err = cmd->cmd_complete(cmd,
5865 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5866 mgmt_pending_remove(cmd);
6659358e
JH		 5867 goto unlock;
5868 }
5869
5870 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5871 cp->addr.type);
5872 if (err)
5873 goto unlock;
a397407f 5874
5a154e6f 5875 __hci_update_page_scan(&req);
a397407f 5876
6659358e
JH		 5877 goto added;
5878 }
5879
2faade53
MH		 5880 if (cp->addr.type == BDADDR_LE_PUBLIC)
5881 addr_type = ADDR_LE_DEV_PUBLIC;
5882 else
5883 addr_type = ADDR_LE_DEV_RANDOM;
5884
4b9e7e75 5885 if (cp->action == 0x02)
2faade53 5886 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5887 else if (cp->action == 0x01)
5888 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5889 else
a3451d27 5890 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5891
bf5b3c8b
MH		 5892 /* If the connection parameters don't exist for this device,
5893 * they will be created and configured with defaults.
5894 */
5a154e6f 5895 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5896 auto_conn) < 0) {
9df74653 5897 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5898 mgmt_pending_remove(cmd);
2faade53
MH		 5899 goto unlock;
5900 }
5901
6659358e 5902added:
8afef092
MH		 5903 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5904
5a154e6f
JH		 5905 err = hci_req_run(&req, add_device_complete);
5906 if (err < 0) {
5907 /* ENODATA means no HCI commands were needed (e.g. if
5908 * the adapter is powered off).
5909 */
9df74653
JH		 5910 if (err == -ENODATA)
5911 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5912 mgmt_pending_remove(cmd);
5913 }
2faade53
MH		 5914
5915unlock:
5916 hci_dev_unlock(hdev);
5917 return err;
5918}
5919
8afef092
MH		 5920static void device_removed(struct sock *sk, struct hci_dev *hdev,
5921 bdaddr_t *bdaddr, u8 type)
5922{
5923 struct mgmt_ev_device_removed ev;
5924
5925 bacpy(&ev.addr.bdaddr, bdaddr);
5926 ev.addr.type = type;
5927
5928 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5929}
5930
1904a853 5931static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5932{
3b0602cd 5933 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5934
5935 BT_DBG("status 0x%02x", status);
5936
5937 hci_dev_lock(hdev);
5938
5939 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5940 if (!cmd)
5941 goto unlock;
5942
5943 cmd->cmd_complete(cmd, mgmt_status(status));
5944 mgmt_pending_remove(cmd);
5945
5946unlock:
5947 hci_dev_unlock(hdev);
5948}
5949
2faade53
MH		 5950static int remove_device(struct sock *sk, struct hci_dev *hdev,
5951 void *data, u16 len)
5952{
5953 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5954 struct mgmt_pending_cmd *cmd;
51ef3ebe 5955 struct hci_request req;
2faade53
MH		 5956 int err;
5957
5958 BT_DBG("%s", hdev->name);
5959
51ef3ebe
JH		 5960 hci_req_init(&req, hdev);
5961
2faade53
MH		 5962 hci_dev_lock(hdev);
5963
51ef3ebe
JH		 5964 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5965 if (!cmd) {
5966 err = -ENOMEM;
5967 goto unlock;
5968 }
5969
5970 cmd->cmd_complete = addr_cmd_complete;
5971
2faade53 5972 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5973 struct hci_conn_params *params;
2faade53
MH		 5974 u8 addr_type;
5975
6659358e 5976 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5977 err = cmd->cmd_complete(cmd,
5978 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5979 mgmt_pending_remove(cmd);
2faade53
MH		 5980 goto unlock;
5981 }
5982
6659358e
JH		 5983 if (cp->addr.type == BDADDR_BREDR) {
5984 err = hci_bdaddr_list_del(&hdev->whitelist,
5985 &cp->addr.bdaddr,
5986 cp->addr.type);
5987 if (err) {
9df74653
JH		 5988 err = cmd->cmd_complete(cmd,
5989 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5990 mgmt_pending_remove(cmd);
6659358e
JH		 5991 goto unlock;
5992 }
5993
51ef3ebe 5994 __hci_update_page_scan(&req);
a397407f 5995
6659358e
JH		 5996 device_removed(sk, hdev, &cp->addr.bdaddr,
5997 cp->addr.type);
5998 goto complete;
5999 }
6000
2faade53
MH		 6001 if (cp->addr.type == BDADDR_LE_PUBLIC)
6002 addr_type = ADDR_LE_DEV_PUBLIC;
6003 else
6004 addr_type = ADDR_LE_DEV_RANDOM;
6005
c71593dd
JH		 6006 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6007 addr_type);
6008 if (!params) {
9df74653
JH		 6009 err = cmd->cmd_complete(cmd,
6010 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6011 mgmt_pending_remove(cmd);
c71593dd
JH		 6012 goto unlock;
6013 }
6014
6015 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 6016 err = cmd->cmd_complete(cmd,
6017 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6018 mgmt_pending_remove(cmd);
c71593dd
JH		 6019 goto unlock;
6020 }
6021
d1dbf12e 6022 list_del(&params->action);
c71593dd
JH		 6023 list_del(&params->list);
6024 kfree(params);
51ef3ebe 6025 __hci_update_background_scan(&req);
8afef092
MH		 6026
6027 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6028 } else {
19de0825 6029 struct hci_conn_params *p, *tmp;
6659358e 6030 struct bdaddr_list *b, *btmp;
19de0825 6031
2faade53 6032 if (cp->addr.type) {
9df74653
JH		 6033 err = cmd->cmd_complete(cmd,
6034 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6035 mgmt_pending_remove(cmd);
2faade53
MH		 6036 goto unlock;
6037 }
6038
6659358e
JH		 6039 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6040 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6041 list_del(&b->list);
6042 kfree(b);
6043 }
6044
51ef3ebe 6045 __hci_update_page_scan(&req);
a397407f 6046
19de0825
JH		 6047 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6048 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6049 continue;
6050 device_removed(sk, hdev, &p->addr, p->addr_type);
6051 list_del(&p->action);
6052 list_del(&p->list);
6053 kfree(p);
6054 }
6055
6056 BT_DBG("All LE connection parameters were removed");
6057
51ef3ebe 6058 __hci_update_background_scan(&req);
2faade53
MH		 6059 }
6060
6659358e 6061complete:
51ef3ebe
JH		 6062 err = hci_req_run(&req, remove_device_complete);
6063 if (err < 0) {
6064 /* ENODATA means no HCI commands were needed (e.g. if
6065 * the adapter is powered off).
6066 */
9df74653
JH		 6067 if (err == -ENODATA)
6068 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6069 mgmt_pending_remove(cmd);
6070 }
2faade53
MH		 6071
6072unlock:
6073 hci_dev_unlock(hdev);
6074 return err;
6075}
6076
a26f3dcf
JH		 6077static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6078 u16 len)
6079{
6080 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6081 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6082 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6083 u16 param_count, expected_len;
6084 int i;
6085
6086 if (!lmp_le_capable(hdev))
a69e8375
JH		 6087 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6088 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6089
6090 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6091 if (param_count > max_param_count) {
6092 BT_ERR("load_conn_param: too big param_count value %u",
6093 param_count);
a69e8375
JH		 6094 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6095 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6096 }
a26f3dcf
JH		 6097
6098 expected_len = sizeof(*cp) + param_count *
6099 sizeof(struct mgmt_conn_param);
6100 if (expected_len != len) {
6101 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6102 expected_len, len);
a69e8375
JH		 6103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6104 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6105 }
6106
6107 BT_DBG("%s param_count %u", hdev->name, param_count);
6108
6109 hci_dev_lock(hdev);
6110
6111 hci_conn_params_clear_disabled(hdev);
6112
6113 for (i = 0; i < param_count; i++) {
6114 struct mgmt_conn_param *param = &cp->params[i];
6115 struct hci_conn_params *hci_param;
6116 u16 min, max, latency, timeout;
6117 u8 addr_type;
6118
6119 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6120 param->addr.type);
6121
6122 if (param->addr.type == BDADDR_LE_PUBLIC) {
6123 addr_type = ADDR_LE_DEV_PUBLIC;
6124 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6125 addr_type = ADDR_LE_DEV_RANDOM;
6126 } else {
6127 BT_ERR("Ignoring invalid connection parameters");
6128 continue;
6129 }
6130
6131 min = le16_to_cpu(param->min_interval);
6132 max = le16_to_cpu(param->max_interval);
6133 latency = le16_to_cpu(param->latency);
6134 timeout = le16_to_cpu(param->timeout);
6135
6136 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6137 min, max, latency, timeout);
6138
6139 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6140 BT_ERR("Ignoring invalid connection parameters");
6141 continue;
6142 }
6143
6144 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6145 addr_type);
6146 if (!hci_param) {
6147 BT_ERR("Failed to add connection parameters");
6148 continue;
6149 }
6150
6151 hci_param->conn_min_interval = min;
6152 hci_param->conn_max_interval = max;
6153 hci_param->conn_latency = latency;
6154 hci_param->supervision_timeout = timeout;
6155 }
6156
6157 hci_dev_unlock(hdev);
6158
2a1afb5a
JH		 6159 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6160 NULL, 0);
a26f3dcf
JH		 6161}
6162
dbece37a
MH		 6163static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6164 void *data, u16 len)
6165{
6166 struct mgmt_cp_set_external_config *cp = data;
6167 bool changed;
6168 int err;
6169
6170 BT_DBG("%s", hdev->name);
6171
6172 if (hdev_is_powered(hdev))
a69e8375
JH		 6173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6174 MGMT_STATUS_REJECTED);
dbece37a
MH		 6175
6176 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6177 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6178 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6179
6180 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6181 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6182 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6183
6184 hci_dev_lock(hdev);
6185
6186 if (cp->config)
238be788 6187 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6188 else
a69d8927 6189 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6190
6191 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6192 if (err < 0)
6193 goto unlock;
6194
6195 if (!changed)
6196 goto unlock;
6197
f4537c04
MH		 6198 err = new_options(hdev, sk);
6199
d7a5a11d 6200 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6201 mgmt_index_removed(hdev);
d603b76b 6202
516018a9 6203 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6204 hci_dev_set_flag(hdev, HCI_CONFIG);
6205 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6206
6207 queue_work(hdev->req_workqueue, &hdev->power_on);
6208 } else {
5ea234d3 6209 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6210 mgmt_index_added(hdev);
6211 }
dbece37a
MH		 6212 }
6213
6214unlock:
6215 hci_dev_unlock(hdev);
6216 return err;
6217}
6218
9713c17b
MH		 6219static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6220 void *data, u16 len)
6221{
6222 struct mgmt_cp_set_public_address *cp = data;
6223 bool changed;
6224 int err;
6225
6226 BT_DBG("%s", hdev->name);
6227
6228 if (hdev_is_powered(hdev))
a69e8375
JH		 6229 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6230 MGMT_STATUS_REJECTED);
9713c17b
MH		 6231
6232 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6233 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6234 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6235
6236 if (!hdev->set_bdaddr)
a69e8375
JH		 6237 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6238 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6239
6240 hci_dev_lock(hdev);
6241
6242 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6243 bacpy(&hdev->public_addr, &cp->bdaddr);
6244
6245 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6246 if (err < 0)
6247 goto unlock;
6248
6249 if (!changed)
6250 goto unlock;
6251
d7a5a11d 6252 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6253 err = new_options(hdev, sk);
6254
6255 if (is_configured(hdev)) {
6256 mgmt_index_removed(hdev);
6257
a358dc11 6258 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6259
a1536da2
MH		 6260 hci_dev_set_flag(hdev, HCI_CONFIG);
6261 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6262
6263 queue_work(hdev->req_workqueue, &hdev->power_on);
6264 }
6265
6266unlock:
6267 hci_dev_unlock(hdev);
6268 return err;
6269}
6270
6d785aa3 6271static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6272 { NULL }, /* 0x0000 (no command) */
b9a245fb
JH		 6273 { read_version, MGMT_READ_VERSION_SIZE,
6274 HCI_MGMT_NO_HDEV },
6275 { read_commands, MGMT_READ_COMMANDS_SIZE,
6276 HCI_MGMT_NO_HDEV },
6277 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6278 HCI_MGMT_NO_HDEV },
6279 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6280 { set_powered, MGMT_SETTING_SIZE, 0 },
6281 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6282 { set_connectable, MGMT_SETTING_SIZE, 0 },
6283 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6284 { set_bondable, MGMT_SETTING_SIZE, 0 },
6285 { set_link_security, MGMT_SETTING_SIZE, 0 },
6286 { set_ssp, MGMT_SETTING_SIZE, 0 },
6287 { set_hs, MGMT_SETTING_SIZE, 0 },
6288 { set_le, MGMT_SETTING_SIZE, 0 },
6289 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6290 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6291 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6292 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6293 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6294 HCI_MGMT_VAR_LEN },
6295 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6296 HCI_MGMT_VAR_LEN },
6297 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6298 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6299 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6300 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6301 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6302 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6303 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6304 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6305 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6306 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6307 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6308 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6309 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6310 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6311 HCI_MGMT_VAR_LEN },
6312 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6313 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6314 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6315 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6316 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6317 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6318 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6319 { set_advertising, MGMT_SETTING_SIZE, 0 },
6320 { set_bredr, MGMT_SETTING_SIZE, 0 },
6321 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6322 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6323 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6324 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6325 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6326 { load_irks, MGMT_LOAD_IRKS_SIZE,
6327 HCI_MGMT_VAR_LEN },
6328 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6329 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6330 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6331 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6332 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6333 HCI_MGMT_VAR_LEN },
6334 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6335 HCI_MGMT_NO_HDEV },
6336 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6337 HCI_MGMT_UNCONFIGURED },
6338 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6339 HCI_MGMT_UNCONFIGURED },
6340 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6341 HCI_MGMT_UNCONFIGURED },
6342 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6343 HCI_MGMT_VAR_LEN },
96f1474a
MH		 6344 { NULL },
6345 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
6346 HCI_MGMT_NO_HDEV },
0f4e68cf
JH		 6347};
6348
6d785aa3
JH		 6349int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6350 struct msghdr *msg, size_t msglen)
0381101f 6351{
650f726d
VCG		 6352 void *buf;
6353 u8 *cp;
0381101f 6354 struct mgmt_hdr *hdr;
4e51eae9 6355 u16 opcode, index, len;
bdb6d971 6356 struct hci_dev *hdev = NULL;
6d785aa3 6357 const struct hci_mgmt_handler *handler;
b9a245fb 6358 bool var_len, no_hdev;
0381101f
JH		 6359 int err;
6360
6361 BT_DBG("got %zu bytes", msglen);
6362
6363 if (msglen < sizeof(*hdr))
6364 return -EINVAL;
6365
e63a15ec 6366 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6367 if (!buf)
6368 return -ENOMEM;
6369
6ce8e9ce 6370 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6371 err = -EFAULT;
6372 goto done;
6373 }
6374
650f726d 6375 hdr = buf;
1f350c87
MH		 6376 opcode = __le16_to_cpu(hdr->opcode);
6377 index = __le16_to_cpu(hdr->index);
6378 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6379
6380 if (len != msglen - sizeof(*hdr)) {
6381 err = -EINVAL;
6382 goto done;
6383 }
6384
b9a245fb
JH		 6385 if (opcode >= chan->handler_count ||
6386 chan->handlers[opcode].func == NULL) {
6387 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6388 err = mgmt_cmd_status(sk, index, opcode,
6389 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6390 goto done;
6391 }
6392
6393 handler = &chan->handlers[opcode];
6394
0f4e68cf 6395 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6396 hdev = hci_dev_get(index);
6397 if (!hdev) {
a69e8375
JH		 6398 err = mgmt_cmd_status(sk, index, opcode,
6399 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6400 goto done;
6401 }
0736cfa8 6402
d7a5a11d
MH		 6403 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
6404 hci_dev_test_flag(hdev, HCI_CONFIG) ||
6405 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
a69e8375
JH		 6406 err = mgmt_cmd_status(sk, index, opcode,
6407 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6408 goto done;
6409 }
42a9bc14 6410
d7a5a11d 6411 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
b9a245fb 6412 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6413 err = mgmt_cmd_status(sk, index, opcode,
6414 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6415 goto done;
6416 }
bdb6d971
JH		 6417 }
6418
b9a245fb
JH		 6419 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6420 if (no_hdev != !hdev) {
a69e8375
JH		 6421 err = mgmt_cmd_status(sk, index, opcode,
6422 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6423 goto done;
0381101f
JH		 6424 }
6425
b9a245fb
JH		 6426 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6427 if ((var_len && len < handler->data_len) ||
6428 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6429 err = mgmt_cmd_status(sk, index, opcode,
6430 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6431 goto done;
6432 }
6433
0f4e68cf
JH		 6434 if (hdev)
6435 mgmt_init_hdev(sk, hdev);
6436
6437 cp = buf + sizeof(*hdr);
6438
be22b54e 6439 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6440 if (err < 0)
6441 goto done;
6442
0381101f
JH		 6443 err = msglen;
6444
6445done:
bdb6d971
JH		 6446 if (hdev)
6447 hci_dev_put(hdev);
6448
0381101f
JH		 6449 kfree(buf);
6450 return err;
6451}
c71e97bf 6452
bf6b56db 6453void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6454{
ced85549 6455 struct mgmt_ev_ext_index ev;
bb4b2a9a 6456
0602a8ad
MH		 6457 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6458 return;
6459
f9207338
MH		 6460 switch (hdev->dev_type) {
6461 case HCI_BREDR:
6462 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6463 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6464 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6465 ev.type = 0x01;
f9207338
MH		 6466 } else {
6467 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6468 HCI_MGMT_INDEX_EVENTS);
ced85549 6469 ev.type = 0x00;
f9207338
MH		 6470 }
6471 break;
ced85549
MH		 6472 case HCI_AMP:
6473 ev.type = 0x02;
6474 break;
6475 default:
6476 return;
f9207338 6477 }
ced85549
MH		 6478
6479 ev.bus = hdev->bus;
6480
6481 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6482 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6483}
6484
bf6b56db 6485void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6486{
ced85549 6487 struct mgmt_ev_ext_index ev;
5f159032 6488 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6489
0602a8ad
MH		 6490 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6491 return;
6492
f9207338
MH		 6493 switch (hdev->dev_type) {
6494 case HCI_BREDR:
6495 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6496
f9207338
MH		 6497 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6498 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6499 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6500 ev.type = 0x01;
f9207338
MH		 6501 } else {
6502 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6503 HCI_MGMT_INDEX_EVENTS);
ced85549 6504 ev.type = 0x00;
f9207338
MH		 6505 }
6506 break;
ced85549
MH		 6507 case HCI_AMP:
6508 ev.type = 0x02;
6509 break;
6510 default:
6511 return;
f9207338 6512 }
ced85549
MH		 6513
6514 ev.bus = hdev->bus;
6515
6516 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6517 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6518}
6519
6046dc3e 6520/* This function requires the caller holds hdev->lock */
2cf22218 6521static void restart_le_actions(struct hci_request *req)
6046dc3e 6522{
2cf22218 6523 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6524 struct hci_conn_params *p;
6525
6526 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6527 /* Needed for AUTO_OFF case where might not "really"
6528 * have been powered off.
6529 */
6530 list_del_init(&p->action);
6531
6532 switch (p->auto_connect) {
4b9e7e75 6533 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6534 case HCI_AUTO_CONN_ALWAYS:
6535 list_add(&p->action, &hdev->pend_le_conns);
6536 break;
6537 case HCI_AUTO_CONN_REPORT:
6538 list_add(&p->action, &hdev->pend_le_reports);
6539 break;
6540 default:
6541 break;
c83ed19d 6542 }
6046dc3e 6543 }
c83ed19d 6544
2cf22218 6545 __hci_update_background_scan(req);
6046dc3e
AG		 6546}
6547
1904a853 6548static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6549{
6550 struct cmd_lookup match = { NULL, hdev };
6551
6552 BT_DBG("status 0x%02x", status);
6553
162a3bac
MH		 6554 if (!status) {
6555 /* Register the available SMP channels (BR/EDR and LE) only
6556 * when successfully powering on the controller. This late
6557 * registration is required so that LE SMP can clearly
6558 * decide if the public address or static address is used.
6559 */
6560 smp_register(hdev);
6561 }
6562
229ab39c
JH		 6563 hci_dev_lock(hdev);
6564
6565 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6566
6567 new_settings(hdev, match.sk);
6568
6569 hci_dev_unlock(hdev);
6570
6571 if (match.sk)
6572 sock_put(match.sk);
6573}
6574
70da6243 6575static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6576{
890ea898 6577 struct hci_request req;
70da6243 6578 u8 link_sec;
5add6af8 6579
890ea898
JH		 6580 hci_req_init(&req, hdev);
6581
d7a5a11d 6582 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6583 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6584 u8 mode = 0x01;
5e5282bb 6585
574ea3c7
MH		 6586 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6587
6588 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6589 u8 support = 0x01;
5add6af8 6590
574ea3c7
MH		 6591 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6592 sizeof(support), &support);
6593 }
ec6f99b8
JH		 6594 }
6595
d7a5a11d 6596 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6597 lmp_bredr_capable(hdev)) {
70da6243 6598 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6599
32226e4f
MH		 6600 cp.le = 0x01;
6601 cp.simul = 0x00;
3d1cbdd6 6602
70da6243
JH		 6603 /* Check first if we already have the right
6604 * host state (host features set)
6605 */
6606 if (cp.le != lmp_host_le_capable(hdev) ||
6607 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6608 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6609 sizeof(cp), &cp);
70da6243 6610 }
3d1cbdd6 6611
d13eafce 6612 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6613 /* Make sure the controller has a good default for
6614 * advertising data. This also applies to the case
6615 * where BR/EDR was toggled during the AUTO_OFF phase.
6616 */
d7a5a11d 6617 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6618 update_adv_data(&req);
f14d8f64
MH		 6619 update_scan_rsp_data(&req);
6620 }
441ad2d0 6621
d7a5a11d 6622 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 6623 enable_advertising(&req);
2cf22218
JH		 6624
6625 restart_le_actions(&req);
eeca6f89
JH		 6626 }
6627
d7a5a11d 6628 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6629 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6630 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6631 sizeof(link_sec), &link_sec);
562fcc24 6632
70da6243 6633 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6634 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6635 write_fast_connectable(&req, true);
6636 else
6637 write_fast_connectable(&req, false);
1d2dc5b7 6638 __hci_update_page_scan(&req);
890ea898 6639 update_class(&req);
13928971 6640 update_name(&req);
890ea898 6641 update_eir(&req);
70da6243 6642 }
562fcc24 6643
229ab39c 6644 return hci_req_run(&req, powered_complete);
70da6243 6645}
562fcc24 6646
70da6243
JH		 6647int mgmt_powered(struct hci_dev *hdev, u8 powered)
6648{
6649 struct cmd_lookup match = { NULL, hdev };
9845904f 6650 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6651 int err;
f0ff92fb 6652
d7a5a11d 6653 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6654 return 0;
6655
70da6243 6656 if (powered) {
229ab39c
JH		 6657 if (powered_update_hci(hdev) == 0)
6658 return 0;
fe038884 6659
229ab39c
JH		 6660 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6661 &match);
6662 goto new_settings;
b24752fe
JH		 6663 }
6664
229ab39c 6665 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6666
6667 /* If the power off is because of hdev unregistration let
6668 * use the appropriate INVALID_INDEX status. Otherwise use
6669 * NOT_POWERED. We cover both scenarios here since later in
6670 * mgmt_index_removed() any hci_conn callbacks will have already
6671 * been triggered, potentially causing misleading DISCONNECTED
6672 * status responses.
6673 */
d7a5a11d 6674 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6675 status = MGMT_STATUS_INVALID_INDEX;
6676 else
6677 status = MGMT_STATUS_NOT_POWERED;
6678
6679 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6680
6681 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6682 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6683 zero_cod, sizeof(zero_cod), NULL);
6684
6685new_settings:
beadb2bd 6686 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6687
6688 if (match.sk)
6689 sock_put(match.sk);
6690
7bb895d6 6691 return err;
5add6af8 6692}
73f22f62 6693
3eec705e 6694void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6695{
3b0602cd 6696 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6697 u8 status;
6698
6699 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6700 if (!cmd)
3eec705e 6701 return;
96570ffc
JH		 6702
6703 if (err == -ERFKILL)
6704 status = MGMT_STATUS_RFKILLED;
6705 else
6706 status = MGMT_STATUS_FAILED;
6707
a69e8375 6708 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6709
6710 mgmt_pending_remove(cmd);
96570ffc
JH		 6711}
6712
d1967ff8
MH		 6713void mgmt_discoverable_timeout(struct hci_dev *hdev)
6714{
6715 struct hci_request req;
d1967ff8
MH		 6716
6717 hci_dev_lock(hdev);
6718
6719 /* When discoverable timeout triggers, then just make sure
6720 * the limited discoverable flag is cleared. Even in the case
6721 * of a timeout triggered from general discoverable, it is
6722 * safe to unconditionally clear the flag.
6723 */
a358dc11
MH		 6724 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6725 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6726
6727 hci_req_init(&req, hdev);
d7a5a11d 6728 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6729 u8 scan = SCAN_PAGE;
6730 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6731 sizeof(scan), &scan);
6732 }
d1967ff8 6733 update_class(&req);
9a43e25f 6734 update_adv_data(&req);
d1967ff8
MH		 6735 hci_req_run(&req, NULL);
6736
6737 hdev->discov_timeout = 0;
6738
9a43e25f
JH		 6739 new_settings(hdev, NULL);
6740
d1967ff8
MH		 6741 hci_dev_unlock(hdev);
6742}
6743
dc4a5ee2
MH		 6744void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6745 bool persistent)
55ed8ca1 6746{
86742e1e 6747 struct mgmt_ev_new_link_key ev;
55ed8ca1 6748
a492cd52 6749 memset(&ev, 0, sizeof(ev));
55ed8ca1 6750
a492cd52 6751 ev.store_hint = persistent;
d753fdc4 6752 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6753 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6754 ev.key.type = key->type;
9b3b4460 6755 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6756 ev.key.pin_len = key->pin_len;
55ed8ca1 6757
dc4a5ee2 6758 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6759}
f7520543 6760
d7b25450
JH		 6761static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6762{
23fb8de3
JH		 6763 switch (ltk->type) {
6764 case SMP_LTK:
6765 case SMP_LTK_SLAVE:
6766 if (ltk->authenticated)
6767 return MGMT_LTK_AUTHENTICATED;
6768 return MGMT_LTK_UNAUTHENTICATED;
6769 case SMP_LTK_P256:
6770 if (ltk->authenticated)
6771 return MGMT_LTK_P256_AUTH;
6772 return MGMT_LTK_P256_UNAUTH;
6773 case SMP_LTK_P256_DEBUG:
6774 return MGMT_LTK_P256_DEBUG;
6775 }
d7b25450
JH		 6776
6777 return MGMT_LTK_UNAUTHENTICATED;
6778}
6779
53ac6ab6 6780void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6781{
6782 struct mgmt_ev_new_long_term_key ev;
6783
6784 memset(&ev, 0, sizeof(ev));
6785
5192d301
MH		 6786 /* Devices using resolvable or non-resolvable random addresses
6787 * without providing an indentity resolving key don't require
6788 * to store long term keys. Their addresses will change the
6789 * next time around.
6790 *
6791 * Only when a remote device provides an identity address
6792 * make sure the long term key is stored. If the remote
6793 * identity is known, the long term keys are internally
6794 * mapped to the identity address. So allow static random
6795 * and public addresses here.
6796 */
ba74b666
JH		 6797 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6798 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6799 ev.store_hint = 0x00;
6800 else
53ac6ab6 6801 ev.store_hint = persistent;
ba74b666 6802
346af67b 6803 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6804 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6805 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6806 ev.key.enc_size = key->enc_size;
6807 ev.key.ediv = key->ediv;
fe39c7b2 6808 ev.key.rand = key->rand;
346af67b 6809
2ceba539 6810 if (key->type == SMP_LTK)
346af67b
VCG		 6811 ev.key.master = 1;
6812
346af67b
VCG		 6813 memcpy(ev.key.val, key->val, sizeof(key->val));
6814
083368f7 6815 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6816}
6817
95fbac8a
JH		 6818void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6819{
6820 struct mgmt_ev_new_irk ev;
6821
6822 memset(&ev, 0, sizeof(ev));
6823
bab6d1e5
MH		 6824 /* For identity resolving keys from devices that are already
6825 * using a public address or static random address, do not
6826 * ask for storing this key. The identity resolving key really
6827 * is only mandatory for devices using resovlable random
6828 * addresses.
6829 *
6830 * Storing all identity resolving keys has the downside that
6831 * they will be also loaded on next boot of they system. More
6832 * identity resolving keys, means more time during scanning is
6833 * needed to actually resolve these addresses.
6834 */
6835 if (bacmp(&irk->rpa, BDADDR_ANY))
6836 ev.store_hint = 0x01;
6837 else
6838 ev.store_hint = 0x00;
6839
95fbac8a
JH		 6840 bacpy(&ev.rpa, &irk->rpa);
6841 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6842 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6843 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6844
6845 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6846}
6847
53ac6ab6
MH		 6848void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6849 bool persistent)
7ee4ea36
MH		 6850{
6851 struct mgmt_ev_new_csrk ev;
6852
6853 memset(&ev, 0, sizeof(ev));
6854
6855 /* Devices using resolvable or non-resolvable random addresses
6856 * without providing an indentity resolving key don't require
6857 * to store signature resolving keys. Their addresses will change
6858 * the next time around.
6859 *
6860 * Only when a remote device provides an identity address
6861 * make sure the signature resolving key is stored. So allow
6862 * static random and public addresses here.
6863 */
6864 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6865 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6866 ev.store_hint = 0x00;
6867 else
53ac6ab6 6868 ev.store_hint = persistent;
7ee4ea36
MH		 6869
6870 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6871 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6872 ev.key.type = csrk->type;
7ee4ea36
MH		 6873 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6874
6875 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6876}
6877
ffb5a827 6878void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6879 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6880 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6881{
6882 struct mgmt_ev_new_conn_param ev;
6883
c103aea6
JH		 6884 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6885 return;
6886
ffb5a827
AG		 6887 memset(&ev, 0, sizeof(ev));
6888 bacpy(&ev.addr.bdaddr, bdaddr);
6889 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6890 ev.store_hint = store_hint;
ffb5a827
AG		 6891 ev.min_interval = cpu_to_le16(min_interval);
6892 ev.max_interval = cpu_to_le16(max_interval);
6893 ev.latency = cpu_to_le16(latency);
6894 ev.timeout = cpu_to_le16(timeout);
6895
6896 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6897}
6898
94933991
MH		 6899static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6900 u8 data_len)
6901{
6902 eir[eir_len++] = sizeof(type) + data_len;
6903 eir[eir_len++] = type;
6904 memcpy(&eir[eir_len], data, data_len);
6905 eir_len += data_len;
6906
6907 return eir_len;
6908}
6909
48ec92fa
AA		 6910void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6911 u32 flags, u8 *name, u8 name_len)
f7520543 6912{
b644ba33
JH		 6913 char buf[512];
6914 struct mgmt_ev_device_connected *ev = (void *) buf;
6915 u16 eir_len = 0;
f7520543 6916
48ec92fa
AA		 6917 bacpy(&ev->addr.bdaddr, &conn->dst);
6918 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6919
c95f0ba7 6920 ev->flags = __cpu_to_le32(flags);
08c79b61 6921
fd45ada9
AA		 6922 /* We must ensure that the EIR Data fields are ordered and
6923 * unique. Keep it simple for now and avoid the problem by not
6924 * adding any BR/EDR data to the LE adv.
6925 */
6926 if (conn->le_adv_data_len > 0) {
6927 memcpy(&ev->eir[eir_len],
6928 conn->le_adv_data, conn->le_adv_data_len);
6929 eir_len = conn->le_adv_data_len;
6930 } else {
6931 if (name_len > 0)
6932 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6933 name, name_len);
b644ba33 6934
ddbea5cf 6935 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6936 eir_len = eir_append_data(ev->eir, eir_len,
6937 EIR_CLASS_OF_DEV,
6938 conn->dev_class, 3);
6939 }
b644ba33 6940
eb55ef07 6941 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6942
ecd90ae7
MH		 6943 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6944 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6945}
6946
3b0602cd 6947static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6948{
8962ee74 6949 struct sock **sk = data;
8962ee74 6950
f5818c22 6951 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6952
6953 *sk = cmd->sk;
6954 sock_hold(*sk);
6955
a664b5bc 6956 mgmt_pending_remove(cmd);
8962ee74
JH		 6957}
6958
3b0602cd 6959static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6960{
b1078ad0 6961 struct hci_dev *hdev = data;
124f6e35 6962 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6963
b1078ad0
JH		 6964 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6965
d8b7b1e4 6966 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6967 mgmt_pending_remove(cmd);
6968}
6969
84c61d92
JH		 6970bool mgmt_powering_down(struct hci_dev *hdev)
6971{
3b0602cd 6972 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6973 struct mgmt_mode *cp;
6974
6975 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6976 if (!cmd)
6977 return false;
6978
6979 cp = cmd->param;
6980 if (!cp->val)
6981 return true;
6982
6983 return false;
6984}
6985
9b80ec5e 6986void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6987 u8 link_type, u8 addr_type, u8 reason,
6988 bool mgmt_connected)
f7520543 6989{
f0d6a0ea 6990 struct mgmt_ev_device_disconnected ev;
8962ee74 6991 struct sock *sk = NULL;
8962ee74 6992
84c61d92
JH		 6993 /* The connection is still in hci_conn_hash so test for 1
6994 * instead of 0 to know if this is the last one.
6995 */
6996 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6997 cancel_delayed_work(&hdev->power_off);
6998 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6999 }
7000
12d4a3b2
JH		 7001 if (!mgmt_connected)
7002 return;
7003
57eb776f
AG		 7004 if (link_type != ACL_LINK && link_type != LE_LINK)
7005 return;
7006
744cf19e 7007 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7008
f0d6a0ea
MA		 7009 bacpy(&ev.addr.bdaddr, bdaddr);
7010 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7011 ev.reason = reason;
f7520543 7012
9b80ec5e 7013 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7014
7015 if (sk)
d97dcb66 7016 sock_put(sk);
8962ee74 7017
124f6e35 7018 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7019 hdev);
8962ee74
JH		 7020}
7021
7892924c
MH		 7022void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7023 u8 link_type, u8 addr_type, u8 status)
8962ee74 7024{
3655bba8
AG		 7025 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7026 struct mgmt_cp_disconnect *cp;
3b0602cd 7027 struct mgmt_pending_cmd *cmd;
8962ee74 7028
36a75f1b
JD		 7029 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7030 hdev);
7031
2e58ef3e 7032 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7033 if (!cmd)
7892924c 7034 return;
8962ee74 7035
3655bba8
AG		 7036 cp = cmd->param;
7037
7038 if (bacmp(bdaddr, &cp->addr.bdaddr))
7039 return;
7040
7041 if (cp->addr.type != bdaddr_type)
7042 return;
7043
f5818c22 7044 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7045 mgmt_pending_remove(cmd);
f7520543 7046}
17d5c04c 7047
445608d0
MH		 7048void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7049 u8 addr_type, u8 status)
17d5c04c
JH		 7050{
7051 struct mgmt_ev_connect_failed ev;
c9910d0f 7052
84c61d92
JH		 7053 /* The connection is still in hci_conn_hash so test for 1
7054 * instead of 0 to know if this is the last one.
7055 */
7056 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7057 cancel_delayed_work(&hdev->power_off);
7058 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7059 }
17d5c04c 7060
4c659c39 7061 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7062 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7063 ev.status = mgmt_status(status);
17d5c04c 7064
445608d0 7065 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7066}
980e1a53 7067
ce0e4a0d 7068void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7069{
7070 struct mgmt_ev_pin_code_request ev;
7071
d8457698 7072 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7073 ev.addr.type = BDADDR_BREDR;
a770bb5a 7074 ev.secure = secure;
980e1a53 7075
ce0e4a0d 7076 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7077}
7078
e669cf80
MH		 7079void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7080 u8 status)
980e1a53 7081{
3b0602cd 7082 struct mgmt_pending_cmd *cmd;
980e1a53 7083
2e58ef3e 7084 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7085 if (!cmd)
e669cf80 7086 return;
980e1a53 7087
7776d1d8 7088 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7089 mgmt_pending_remove(cmd);
980e1a53
JH		 7090}
7091
3eb38528
MH		 7092void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7093 u8 status)
980e1a53 7094{
3b0602cd 7095 struct mgmt_pending_cmd *cmd;
980e1a53 7096
2e58ef3e 7097 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7098 if (!cmd)
3eb38528 7099 return;
980e1a53 7100
7776d1d8 7101 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7102 mgmt_pending_remove(cmd);
980e1a53 7103}
a5c29683 7104
744cf19e 7105int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7106 u8 link_type, u8 addr_type, u32 value,
04124681 7107 u8 confirm_hint)
a5c29683
JH		 7108{
7109 struct mgmt_ev_user_confirm_request ev;
7110
744cf19e 7111 BT_DBG("%s", hdev->name);
a5c29683 7112
272d90df 7113 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7114 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7115 ev.confirm_hint = confirm_hint;
39adbffe 7116 ev.value = cpu_to_le32(value);
a5c29683 7117
744cf19e 7118 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7119 NULL);
a5c29683
JH		 7120}
7121
272d90df 7122int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7123 u8 link_type, u8 addr_type)
604086b7
BG		 7124{
7125 struct mgmt_ev_user_passkey_request ev;
7126
7127 BT_DBG("%s", hdev->name);
7128
272d90df 7129 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7130 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7131
7132 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7133 NULL);
604086b7
BG		 7134}
7135
0df4c185 7136static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7137 u8 link_type, u8 addr_type, u8 status,
7138 u8 opcode)
a5c29683 7139{
3b0602cd 7140 struct mgmt_pending_cmd *cmd;
a5c29683 7141
2e58ef3e 7142 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 7143 if (!cmd)
7144 return -ENOENT;
7145
7776d1d8 7146 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7147 mgmt_pending_remove(cmd);
a5c29683 7148
7776d1d8 7149 return 0;
a5c29683
JH		 7150}
7151
744cf19e 7152int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7153 u8 link_type, u8 addr_type, u8 status)
a5c29683 7154{
272d90df 7155 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7156 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7157}
7158
272d90df 7159int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7160 u8 link_type, u8 addr_type, u8 status)
a5c29683 7161{
272d90df 7162 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7163 status,
7164 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7165}
2a611692 7166
604086b7 7167int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7168 u8 link_type, u8 addr_type, u8 status)
604086b7 7169{
272d90df 7170 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7171 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7172}
7173
272d90df 7174int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7175 u8 link_type, u8 addr_type, u8 status)
604086b7 7176{
272d90df 7177 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7178 status,
7179 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7180}
7181
92a25256
JH		 7182int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7183 u8 link_type, u8 addr_type, u32 passkey,
7184 u8 entered)
7185{
7186 struct mgmt_ev_passkey_notify ev;
7187
7188 BT_DBG("%s", hdev->name);
7189
7190 bacpy(&ev.addr.bdaddr, bdaddr);
7191 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7192 ev.passkey = __cpu_to_le32(passkey);
7193 ev.entered = entered;
7194
7195 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7196}
7197
e1e930f5 7198void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7199{
7200 struct mgmt_ev_auth_failed ev;
3b0602cd 7201 struct mgmt_pending_cmd *cmd;
e1e930f5 7202 u8 status = mgmt_status(hci_status);
2a611692 7203
e1e930f5
JH		 7204 bacpy(&ev.addr.bdaddr, &conn->dst);
7205 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7206 ev.status = status;
2a611692 7207
e1e930f5
JH		 7208 cmd = find_pairing(conn);
7209
7210 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7211 cmd ? cmd->sk : NULL);
7212
a511b35b
JH		 7213 if (cmd) {
7214 cmd->cmd_complete(cmd, status);
7215 mgmt_pending_remove(cmd);
7216 }
2a611692 7217}
b312b161 7218
464996ae 7219void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7220{
7221 struct cmd_lookup match = { NULL, hdev };
464996ae 7222 bool changed;
33ef95ed
JH		 7223
7224 if (status) {
7225 u8 mgmt_err = mgmt_status(status);
7226 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7227 cmd_status_rsp, &mgmt_err);
464996ae 7228 return;
33ef95ed
JH		 7229 }
7230
464996ae 7231 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7232 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7233 else
a69d8927 7234 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7235
33ef95ed 7236 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7237 &match);
33ef95ed 7238
47990ea0 7239 if (changed)
464996ae 7240 new_settings(hdev, match.sk);
33ef95ed
JH		 7241
7242 if (match.sk)
7243 sock_put(match.sk);
33ef95ed
JH		 7244}
7245
890ea898 7246static void clear_eir(struct hci_request *req)
cacaf52f 7247{
890ea898 7248 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7249 struct hci_cp_write_eir cp;
7250
976eb20e 7251 if (!lmp_ext_inq_capable(hdev))
890ea898 7252 return;
cacaf52f 7253
c80da27e
JH		 7254 memset(hdev->eir, 0, sizeof(hdev->eir));
7255
cacaf52f
JH		 7256 memset(&cp, 0, sizeof(cp));
7257
890ea898 7258 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7259}
7260
3e248560 7261void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7262{
7263 struct cmd_lookup match = { NULL, hdev };
890ea898 7264 struct hci_request req;
c0ecddc2 7265 bool changed = false;
ed2c4ee3
JH		 7266
7267 if (status) {
7268 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7269
a69d8927
MH		 7270 if (enable && hci_dev_test_and_clear_flag(hdev,
7271 HCI_SSP_ENABLED)) {
a358dc11 7272 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7273 new_settings(hdev, NULL);
9ecb3e24 7274 }
c0ecddc2 7275
04124681
GP		 7276 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7277 &mgmt_err);
3e248560 7278 return;
c0ecddc2
JH		 7279 }
7280
7281 if (enable) {
238be788 7282 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7283 } else {
a69d8927 7284 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7285 if (!changed)
a69d8927
MH		 7286 changed = hci_dev_test_and_clear_flag(hdev,
7287 HCI_HS_ENABLED);
9ecb3e24 7288 else
a358dc11 7289 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7290 }
7291
7292 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7293
c0ecddc2 7294 if (changed)
3e248560 7295 new_settings(hdev, match.sk);
ed2c4ee3 7296
5fc6ebb1 7297 if (match.sk)
ed2c4ee3
JH		 7298 sock_put(match.sk);
7299
890ea898
JH		 7300 hci_req_init(&req, hdev);
7301
d7a5a11d
MH		 7302 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7303 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7304 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7305 sizeof(enable), &enable);
890ea898 7306 update_eir(&req);
3769972b 7307 } else {
890ea898 7308 clear_eir(&req);
3769972b 7309 }
890ea898
JH		 7310
7311 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7312}
7313
3b0602cd 7314static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7315{
7316 struct cmd_lookup *match = data;
7317
90e70454
JH		 7318 if (match->sk == NULL) {
7319 match->sk = cmd->sk;
7320 sock_hold(match->sk);
7321 }
90e70454
JH		 7322}
7323
4e1b0245
MH		 7324void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7325 u8 status)
7f9a903c 7326{
90e70454 7327 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7328
92da6097
JH		 7329 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7330 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7331 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7332
7333 if (!status)
4e1b0245
MH		 7334 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7335 NULL);
90e70454
JH		 7336
7337 if (match.sk)
7338 sock_put(match.sk);
7f9a903c
MH		 7339}
7340
7667da34 7341void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7342{
b312b161 7343 struct mgmt_cp_set_local_name ev;
3b0602cd 7344 struct mgmt_pending_cmd *cmd;
28cc7bde 7345
13928971 7346 if (status)
7667da34 7347 return;
b312b161
JH		 7348
7349 memset(&ev, 0, sizeof(ev));
7350 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7351 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7352
2e58ef3e 7353 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7354 if (!cmd) {
7355 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7356
13928971
JH		 7357 /* If this is a HCI command related to powering on the
7358 * HCI dev don't send any mgmt signals.
7359 */
7360 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7361 return;
890ea898 7362 }
b312b161 7363
7667da34
MH		 7364 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7365 cmd ? cmd->sk : NULL);
b312b161 7366}
c35938b2 7367
4d2d2796 7368void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7369 u8 *rand192, u8 *hash256, u8 *rand256,
7370 u8 status)
c35938b2 7371{
3b0602cd 7372 struct mgmt_pending_cmd *cmd;
c35938b2 7373
744cf19e 7374 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7375
2e58ef3e 7376 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7377 if (!cmd)
3edaf092 7378 return;
c35938b2
SJ		 7379
7380 if (status) {
a69e8375
JH		 7381 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7382 mgmt_status(status));
c35938b2 7383 } else {
66f096f7
JH		 7384 struct mgmt_rp_read_local_oob_data rp;
7385 size_t rp_size = sizeof(rp);
4d2d2796 7386
66f096f7
JH		 7387 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7388 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7389
66f096f7 7390 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7391 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7392 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7393 } else {
66f096f7 7394 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7395 }
66f096f7 7396
2a1afb5a
JH		 7397 mgmt_cmd_complete(cmd->sk, hdev->id,
7398 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7399 &rp, rp_size);
c35938b2
SJ		 7400 }
7401
7402 mgmt_pending_remove(cmd);
c35938b2 7403}
e17acd40 7404
799ce93d
JP		 7405static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7406{
7407 int i;
7408
7409 for (i = 0; i < uuid_count; i++) {
7410 if (!memcmp(uuid, uuids[i], 16))
7411 return true;
7412 }
7413
7414 return false;
7415}
7416
b487b9ce
MH		 7417static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7418{
799ce93d
JP		 7419 u16 parsed = 0;
7420
7421 while (parsed < eir_len) {
7422 u8 field_len = eir[0];
7423 u8 uuid[16];
7424 int i;
7425
7426 if (field_len == 0)
7427 break;
7428
7429 if (eir_len - parsed < field_len + 1)
7430 break;
7431
7432 switch (eir[1]) {
7433 case EIR_UUID16_ALL:
7434 case EIR_UUID16_SOME:
7435 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7436 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7437 uuid[13] = eir[i + 3];
7438 uuid[12] = eir[i + 2];
7439 if (has_uuid(uuid, uuid_count, uuids))
7440 return true;
7441 }
7442 break;
7443 case EIR_UUID32_ALL:
7444 case EIR_UUID32_SOME:
7445 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7446 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7447 uuid[15] = eir[i + 5];
7448 uuid[14] = eir[i + 4];
7449 uuid[13] = eir[i + 3];
7450 uuid[12] = eir[i + 2];
7451 if (has_uuid(uuid, uuid_count, uuids))
7452 return true;
7453 }
7454 break;
7455 case EIR_UUID128_ALL:
7456 case EIR_UUID128_SOME:
7457 for (i = 0; i + 17 <= field_len; i += 16) {
7458 memcpy(uuid, eir + i + 2, 16);
7459 if (has_uuid(uuid, uuid_count, uuids))
7460 return true;
7461 }
7462 break;
7463 }
7464
7465 parsed += field_len + 1;
7466 eir += field_len + 1;
7467 }
7468
b487b9ce
MH		 7469 return false;
7470}
7471
4b0e0ced
JP		 7472static void restart_le_scan(struct hci_dev *hdev)
7473{
7474 /* If controller is not scanning we are done. */
d7a5a11d 7475 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7476 return;
7477
7478 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7479 hdev->discovery.scan_start +
7480 hdev->discovery.scan_duration))
7481 return;
7482
7483 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7484 DISCOV_LE_RESTART_DELAY);
7485}
7486
48f86b7f
JP		 7487static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7488 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7489{
48f86b7f
JP		 7490 /* If a RSSI threshold has been specified, and
7491 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7492 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7493 * is set, let it through for further processing, as we might need to
7494 * restart the scan.
efb2513f
MH		 7495 *
7496 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7497 * the results are also dropped.
bda157a4
MH		 7498 */
7499 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7500 (rssi == HCI_RSSI_INVALID ||
7501 (rssi < hdev->discovery.rssi &&
7502 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7503 return false;
efb2513f 7504
2976cdeb
JP		 7505 if (hdev->discovery.uuid_count != 0) {
7506 /* If a list of UUIDs is provided in filter, results with no
7507 * matching UUID should be dropped.
b487b9ce 7508 */
2976cdeb
JP		 7509 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7510 hdev->discovery.uuids) &&
7511 !eir_has_uuids(scan_rsp, scan_rsp_len,
7512 hdev->discovery.uuid_count,
7513 hdev->discovery.uuids))
7514 return false;
b487b9ce 7515 }
5d2e9fad 7516
2976cdeb
JP		 7517 /* If duplicate filtering does not report RSSI changes, then restart
7518 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7519 */
2976cdeb
JP		 7520 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7521 restart_le_scan(hdev);
7522
7523 /* Validate RSSI value against the RSSI threshold once more. */
7524 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7525 rssi < hdev->discovery.rssi)
7526 return false;
7527 }
48f86b7f
JP		 7528
7529 return true;
7530}
7531
7532void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7533 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7534 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7535{
7536 char buf[512];
7537 struct mgmt_ev_device_found *ev = (void *)buf;
7538 size_t ev_size;
7539
7540 /* Don't send events for a non-kernel initiated discovery. With
7541 * LE one exception is if we have pend_le_reports > 0 in which
7542 * case we're doing passive scanning and want these events.
7543 */
7544 if (!hci_discovery_active(hdev)) {
7545 if (link_type == ACL_LINK)
7546 return;
7547 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7548 return;
7549 }
7550
82f8b651 7551 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7552 /* We are using service discovery */
7553 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7554 scan_rsp_len))
7555 return;
7556 }
7557
7558 /* Make sure that the buffer is big enough. The 5 extra bytes
7559 * are for the potential CoD field.
7560 */
7561 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7562 return;
7563
48f86b7f
JP		 7564 memset(buf, 0, sizeof(buf));
7565
7566 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7567 * RSSI value was reported as 0 when not available. This behavior
7568 * is kept when using device discovery. This is required for full
7569 * backwards compatibility with the API.
7570 *
7571 * However when using service discovery, the value 127 will be
7572 * returned when the RSSI is not available.
7573 */
7574 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7575 link_type == ACL_LINK)
7576 rssi = 0;
7577
7578 bacpy(&ev->addr.bdaddr, bdaddr);
7579 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7580 ev->rssi = rssi;
7581 ev->flags = cpu_to_le32(flags);
7582
7583 if (eir_len > 0)
7584 /* Copy EIR or advertising data into event */
7585 memcpy(ev->eir, eir, eir_len);
7586
7587 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7588 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7589 dev_class, 3);
7590
7591 if (scan_rsp_len > 0)
7592 /* Append scan response data to event */
7593 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7594
5d2e9fad
JH		 7595 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7596 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7597
901801b9 7598 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7599}
a88a9652 7600
9cf12aee
MH		 7601void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7602 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7603{
b644ba33
JH		 7604 struct mgmt_ev_device_found *ev;
7605 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7606 u16 eir_len;
a88a9652 7607
b644ba33 7608 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7609
b644ba33
JH		 7610 memset(buf, 0, sizeof(buf));
7611
7612 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7613 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7614 ev->rssi = rssi;
7615
7616 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7617 name_len);
b644ba33 7618
eb55ef07 7619 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7620
9cf12aee 7621 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7622}
314b2381 7623
2f1e063b 7624void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7625{
f963e8e9 7626 struct mgmt_ev_discovering ev;
164a6e78 7627
343fb145
AG		 7628 BT_DBG("%s discovering %u", hdev->name, discovering);
7629
f963e8e9
JH		 7630 memset(&ev, 0, sizeof(ev));
7631 ev.type = hdev->discovery.type;
7632 ev.discovering = discovering;
7633
2f1e063b 7634 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7635}
5e762444 7636
1904a853 7637static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7638{
7639 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7640}
7641
7642void mgmt_reenable_advertising(struct hci_dev *hdev)
7643{
7644 struct hci_request req;
7645
d7a5a11d 7646 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
5976e608
MH		 7647 return;
7648
7649 hci_req_init(&req, hdev);
7650 enable_advertising(&req);
0ec5ae84 7651 hci_req_run(&req, adv_enable_complete);
5976e608 7652}
6d785aa3
JH		 7653
7654static struct hci_mgmt_chan chan = {
7655 .channel = HCI_CHANNEL_CONTROL,
7656 .handler_count = ARRAY_SIZE(mgmt_handlers),
7657 .handlers = mgmt_handlers,
7658};
7659
7660int mgmt_init(void)
7661{
7662 return hci_mgmt_chan_register(&chan);
7663}
7664
7665void mgmt_exit(void)
7666{
7667 hci_mgmt_chan_unregister(&chan);
7668}
ubuntu-zesty-kernel mirror