]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove broken force_lesc_support debugfs option
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236 34
0857dd3b 35#include "hci_request.h"
ac4b7236 36#include "smp.h"
0381101f 37
2da9c55c 38#define MGMT_VERSION 1
854bda19 39#define MGMT_REVISION 8
02d98129 40
e70bb2e8
JH		 41static const u16 mgmt_commands[] = {
42 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_READ_INFO,
44 MGMT_OP_SET_POWERED,
45 MGMT_OP_SET_DISCOVERABLE,
46 MGMT_OP_SET_CONNECTABLE,
47 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 48 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 49 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_SSP,
51 MGMT_OP_SET_HS,
52 MGMT_OP_SET_LE,
53 MGMT_OP_SET_DEV_CLASS,
54 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_ADD_UUID,
56 MGMT_OP_REMOVE_UUID,
57 MGMT_OP_LOAD_LINK_KEYS,
58 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_DISCONNECT,
60 MGMT_OP_GET_CONNECTIONS,
61 MGMT_OP_PIN_CODE_REPLY,
62 MGMT_OP_PIN_CODE_NEG_REPLY,
63 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_PAIR_DEVICE,
65 MGMT_OP_CANCEL_PAIR_DEVICE,
66 MGMT_OP_UNPAIR_DEVICE,
67 MGMT_OP_USER_CONFIRM_REPLY,
68 MGMT_OP_USER_CONFIRM_NEG_REPLY,
69 MGMT_OP_USER_PASSKEY_REPLY,
70 MGMT_OP_USER_PASSKEY_NEG_REPLY,
71 MGMT_OP_READ_LOCAL_OOB_DATA,
72 MGMT_OP_ADD_REMOTE_OOB_DATA,
73 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
74 MGMT_OP_START_DISCOVERY,
75 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_CONFIRM_NAME,
77 MGMT_OP_BLOCK_DEVICE,
78 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 79 MGMT_OP_SET_DEVICE_ID,
4375f103 80 MGMT_OP_SET_ADVERTISING,
0663ca2a 81 MGMT_OP_SET_BREDR,
d13eafce 82 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 83 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 84 MGMT_OP_SET_SECURE_CONN,
4e39ac81 85 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 86 MGMT_OP_SET_PRIVACY,
41edf160 87 MGMT_OP_LOAD_IRKS,
dd983808 88 MGMT_OP_GET_CONN_INFO,
95868426 89 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 90 MGMT_OP_ADD_DEVICE,
91 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 92 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 93 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 94 MGMT_OP_READ_CONFIG_INFO,
dbece37a 95 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 96 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 97 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 98};
99
100static const u16 mgmt_events[] = {
101 MGMT_EV_CONTROLLER_ERROR,
102 MGMT_EV_INDEX_ADDED,
103 MGMT_EV_INDEX_REMOVED,
104 MGMT_EV_NEW_SETTINGS,
105 MGMT_EV_CLASS_OF_DEV_CHANGED,
106 MGMT_EV_LOCAL_NAME_CHANGED,
107 MGMT_EV_NEW_LINK_KEY,
108 MGMT_EV_NEW_LONG_TERM_KEY,
109 MGMT_EV_DEVICE_CONNECTED,
110 MGMT_EV_DEVICE_DISCONNECTED,
111 MGMT_EV_CONNECT_FAILED,
112 MGMT_EV_PIN_CODE_REQUEST,
113 MGMT_EV_USER_CONFIRM_REQUEST,
114 MGMT_EV_USER_PASSKEY_REQUEST,
115 MGMT_EV_AUTH_FAILED,
116 MGMT_EV_DEVICE_FOUND,
117 MGMT_EV_DISCOVERING,
118 MGMT_EV_DEVICE_BLOCKED,
119 MGMT_EV_DEVICE_UNBLOCKED,
120 MGMT_EV_DEVICE_UNPAIRED,
92a25256 121 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 122 MGMT_EV_NEW_IRK,
7ee4ea36 123 MGMT_EV_NEW_CSRK,
8afef092
MH		 124 MGMT_EV_DEVICE_ADDED,
125 MGMT_EV_DEVICE_REMOVED,
ffb5a827 126 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 127 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 128 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 129 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 130};
131
17b02e62 132#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 133
eec8d2bc
JH		 134struct pending_cmd {
135 struct list_head list;
fc2f4b13 136 u16 opcode;
eec8d2bc 137 int index;
c68fb7ff 138 void *param;
323b0b88 139 size_t param_len;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
9df74653 142 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
eec8d2bc
JH		 143};
144
ca69b795
JH		 145/* HCI to MGMT error code conversion table */
146static u8 mgmt_status_table[] = {
147 MGMT_STATUS_SUCCESS,
148 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
149 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
150 MGMT_STATUS_FAILED, /* Hardware Failure */
151 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
152 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 153 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 154 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
155 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
157 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
158 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
159 MGMT_STATUS_BUSY, /* Command Disallowed */
160 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
161 MGMT_STATUS_REJECTED, /* Rejected Security */
162 MGMT_STATUS_REJECTED, /* Rejected Personal */
163 MGMT_STATUS_TIMEOUT, /* Host Timeout */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
166 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
167 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
168 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
169 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
170 MGMT_STATUS_BUSY, /* Repeated Attempts */
171 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
172 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
173 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
174 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
175 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
176 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
177 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
178 MGMT_STATUS_FAILED, /* Unspecified Error */
179 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
180 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
181 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
182 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
183 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
184 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
185 MGMT_STATUS_FAILED, /* Unit Link Key Used */
186 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
187 MGMT_STATUS_TIMEOUT, /* Instant Passed */
188 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
189 MGMT_STATUS_FAILED, /* Transaction Collision */
190 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
191 MGMT_STATUS_REJECTED, /* QoS Rejected */
192 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
193 MGMT_STATUS_REJECTED, /* Insufficient Security */
194 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
195 MGMT_STATUS_BUSY, /* Role Switch Pending */
196 MGMT_STATUS_FAILED, /* Slot Violation */
197 MGMT_STATUS_FAILED, /* Role Switch Failed */
198 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
199 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
200 MGMT_STATUS_BUSY, /* Host Busy Pairing */
201 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
202 MGMT_STATUS_BUSY, /* Controller Busy */
203 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
204 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
205 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
206 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
207 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
208};
209
210static u8 mgmt_status(u8 hci_status)
211{
212 if (hci_status < ARRAY_SIZE(mgmt_status_table))
213 return mgmt_status_table[hci_status];
214
215 return MGMT_STATUS_FAILED;
216}
217
04c60f05
MH		 218static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
219 struct sock *skip_sk)
220{
221 struct sk_buff *skb;
222 struct mgmt_hdr *hdr;
223
224 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
225 if (!skb)
226 return -ENOMEM;
227
228 hdr = (void *) skb_put(skb, sizeof(*hdr));
229 hdr->opcode = cpu_to_le16(event);
230 if (hdev)
231 hdr->index = cpu_to_le16(hdev->id);
232 else
233 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
234 hdr->len = cpu_to_le16(data_len);
235
236 if (data)
237 memcpy(skb_put(skb, data_len), data, data_len);
238
239 /* Time stamp */
240 __net_timestamp(skb);
241
242 hci_send_to_control(skb, skip_sk);
243 kfree_skb(skb);
244
245 return 0;
246}
247
4e51eae9 248static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 249{
250 struct sk_buff *skb;
251 struct mgmt_hdr *hdr;
252 struct mgmt_ev_cmd_status *ev;
56b7d137 253 int err;
f7b64e69 254
34eb525c 255 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 256
790eff44 257 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 258 if (!skb)
259 return -ENOMEM;
260
261 hdr = (void *) skb_put(skb, sizeof(*hdr));
262
dcf4adbf 263 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 264 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 265 hdr->len = cpu_to_le16(sizeof(*ev));
266
267 ev = (void *) skb_put(skb, sizeof(*ev));
268 ev->status = status;
eb55ef07 269 ev->opcode = cpu_to_le16(cmd);
f7b64e69 270
56b7d137
GP		 271 err = sock_queue_rcv_skb(sk, skb);
272 if (err < 0)
f7b64e69
JH		 273 kfree_skb(skb);
274
56b7d137 275 return err;
f7b64e69
JH		 276}
277
aee9b218 278static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 279 void *rp, size_t rp_len)
02d98129
JH		 280{
281 struct sk_buff *skb;
282 struct mgmt_hdr *hdr;
283 struct mgmt_ev_cmd_complete *ev;
56b7d137 284 int err;
02d98129
JH		 285
286 BT_DBG("sock %p", sk);
287
790eff44 288 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 289 if (!skb)
290 return -ENOMEM;
291
292 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 293
dcf4adbf 294 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 295 hdr->index = cpu_to_le16(index);
a38528f1 296 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 297
a38528f1 298 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 299 ev->opcode = cpu_to_le16(cmd);
aee9b218 300 ev->status = status;
8020c16a
SJ		 301
302 if (rp)
303 memcpy(ev->data, rp, rp_len);
02d98129 304
56b7d137
GP		 305 err = sock_queue_rcv_skb(sk, skb);
306 if (err < 0)
02d98129
JH		 307 kfree_skb(skb);
308
e5f0e151 309 return err;
02d98129
JH		 310}
311
04124681
GP		 312static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
a38528f1
JH		 314{
315 struct mgmt_rp_read_version rp;
316
317 BT_DBG("sock %p", sk);
318
319 rp.version = MGMT_VERSION;
dcf4adbf 320 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 321
aee9b218 322 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 323 sizeof(rp));
a38528f1
JH		 324}
325
04124681
GP		 326static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
327 u16 data_len)
e70bb2e8
JH		 328{
329 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 330 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
331 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 332 __le16 *opcode;
e70bb2e8
JH		 333 size_t rp_size;
334 int i, err;
335
336 BT_DBG("sock %p", sk);
337
338 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
339
340 rp = kmalloc(rp_size, GFP_KERNEL);
341 if (!rp)
342 return -ENOMEM;
343
dcf4adbf
JP		 344 rp->num_commands = cpu_to_le16(num_commands);
345 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 346
347 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
348 put_unaligned_le16(mgmt_commands[i], opcode);
349
350 for (i = 0; i < num_events; i++, opcode++)
351 put_unaligned_le16(mgmt_events[i], opcode);
352
aee9b218 353 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 354 rp_size);
e70bb2e8
JH		 355 kfree(rp);
356
357 return err;
358}
359
04124681
GP		 360static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
361 u16 data_len)
faba42eb 362{
faba42eb 363 struct mgmt_rp_read_index_list *rp;
8035ded4 364 struct hci_dev *d;
a38528f1 365 size_t rp_len;
faba42eb 366 u16 count;
476e44cb 367 int err;
faba42eb
JH		 368
369 BT_DBG("sock %p", sk);
370
371 read_lock(&hci_dev_list_lock);
372
373 count = 0;
bb4b2a9a 374 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 375 if (d->dev_type == HCI_BREDR &&
376 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 377 count++;
faba42eb
JH		 378 }
379
a38528f1
JH		 380 rp_len = sizeof(*rp) + (2 * count);
381 rp = kmalloc(rp_len, GFP_ATOMIC);
382 if (!rp) {
b2c60d42 383 read_unlock(&hci_dev_list_lock);
faba42eb 384 return -ENOMEM;
b2c60d42 385 }
faba42eb 386
476e44cb 387 count = 0;
8035ded4 388 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 389 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 390 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 391 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 392 continue;
393
73d1df2a
MH		 394 /* Devices marked as raw-only are neither configured
395 * nor unconfigured controllers.
396 */
397 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 398 continue;
399
73d1df2a
MH		 400 if (d->dev_type == HCI_BREDR &&
401 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 402 rp->index[count++] = cpu_to_le16(d->id);
403 BT_DBG("Added hci%u", d->id);
404 }
faba42eb
JH		 405 }
406
476e44cb
JH		 407 rp->num_controllers = cpu_to_le16(count);
408 rp_len = sizeof(*rp) + (2 * count);
409
faba42eb
JH		 410 read_unlock(&hci_dev_list_lock);
411
aee9b218 412 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 413 rp_len);
faba42eb 414
a38528f1
JH		 415 kfree(rp);
416
417 return err;
faba42eb
JH		 418}
419
73d1df2a
MH		 420static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
421 void *data, u16 data_len)
422{
423 struct mgmt_rp_read_unconf_index_list *rp;
424 struct hci_dev *d;
425 size_t rp_len;
426 u16 count;
427 int err;
428
429 BT_DBG("sock %p", sk);
430
431 read_lock(&hci_dev_list_lock);
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
435 if (d->dev_type == HCI_BREDR &&
436 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
437 count++;
438 }
439
440 rp_len = sizeof(*rp) + (2 * count);
441 rp = kmalloc(rp_len, GFP_ATOMIC);
442 if (!rp) {
443 read_unlock(&hci_dev_list_lock);
444 return -ENOMEM;
445 }
446
447 count = 0;
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 450 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 451 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
452 continue;
453
454 /* Devices marked as raw-only are neither configured
455 * nor unconfigured controllers.
456 */
457 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
458 continue;
459
460 if (d->dev_type == HCI_BREDR &&
461 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
462 rp->index[count++] = cpu_to_le16(d->id);
463 BT_DBG("Added hci%u", d->id);
464 }
465 }
466
467 rp->num_controllers = cpu_to_le16(count);
468 rp_len = sizeof(*rp) + (2 * count);
469
470 read_unlock(&hci_dev_list_lock);
471
472 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
473 0, rp, rp_len);
474
475 kfree(rp);
476
477 return err;
478}
479
dbece37a
MH		 480static bool is_configured(struct hci_dev *hdev)
481{
482 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
483 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
484 return false;
485
486 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
487 !bacmp(&hdev->public_addr, BDADDR_ANY))
488 return false;
489
490 return true;
491}
492
89bc22d2
MH		 493static __le32 get_missing_options(struct hci_dev *hdev)
494{
495 u32 options = 0;
496
dbece37a
MH		 497 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
498 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 499 options |= MGMT_OPTION_EXTERNAL_CONFIG;
500
89bc22d2
MH		 501 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
502 !bacmp(&hdev->public_addr, BDADDR_ANY))
503 options |= MGMT_OPTION_PUBLIC_ADDRESS;
504
505 return cpu_to_le32(options);
506}
507
f4537c04
MH		 508static int new_options(struct hci_dev *hdev, struct sock *skip)
509{
510 __le32 options = get_missing_options(hdev);
511
512 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
513 sizeof(options), skip);
514}
515
dbece37a
MH		 516static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
517{
518 __le32 options = get_missing_options(hdev);
519
520 return cmd_complete(sk, hdev->id, opcode, 0, &options,
521 sizeof(options));
522}
523
9fc3bfb6
MH		 524static int read_config_info(struct sock *sk, struct hci_dev *hdev,
525 void *data, u16 data_len)
526{
527 struct mgmt_rp_read_config_info rp;
89bc22d2 528 u32 options = 0;
9fc3bfb6
MH		 529
530 BT_DBG("sock %p %s", sk, hdev->name);
531
532 hci_dev_lock(hdev);
533
534 memset(&rp, 0, sizeof(rp));
535 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 536
eb1904f4
MH		 537 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
539
9fc3bfb6 540 if (hdev->set_bdaddr)
89bc22d2
MH		 541 options |= MGMT_OPTION_PUBLIC_ADDRESS;
542
543 rp.supported_options = cpu_to_le32(options);
544 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 545
546 hci_dev_unlock(hdev);
547
548 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
549 sizeof(rp));
550}
551
69ab39ea
JH		 552static u32 get_supported_settings(struct hci_dev *hdev)
553{
554 u32 settings = 0;
555
556 settings |= MGMT_SETTING_POWERED;
b2939475 557 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 558 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 559 settings |= MGMT_SETTING_CONNECTABLE;
560 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 561
ed3fa31f 562 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 563 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
564 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 565 settings |= MGMT_SETTING_BREDR;
566 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 567
568 if (lmp_ssp_capable(hdev)) {
569 settings |= MGMT_SETTING_SSP;
570 settings |= MGMT_SETTING_HS;
571 }
e98d2ce2 572
5afeac14 573 if (lmp_sc_capable(hdev) ||
111902f7 574 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 575 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 576 }
d7b7e796 577
eeca6f89 578 if (lmp_le_capable(hdev)) {
9d42820f 579 settings |= MGMT_SETTING_LE;
eeca6f89 580 settings |= MGMT_SETTING_ADVERTISING;
a3209694 581 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 582 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 583 }
69ab39ea 584
eb1904f4
MH		 585 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
586 hdev->set_bdaddr)
9fc3bfb6
MH		 587 settings |= MGMT_SETTING_CONFIGURATION;
588
69ab39ea
JH		 589 return settings;
590}
591
592static u32 get_current_settings(struct hci_dev *hdev)
593{
594 u32 settings = 0;
595
f1f0eb02 596 if (hdev_is_powered(hdev))
f0d4b78a
MH		 597 settings |= MGMT_SETTING_POWERED;
598
5e5282bb 599 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 600 settings |= MGMT_SETTING_CONNECTABLE;
601
1a4d3c4b
JH		 602 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
603 settings |= MGMT_SETTING_FAST_CONNECTABLE;
604
5e5282bb 605 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 606 settings |= MGMT_SETTING_DISCOVERABLE;
607
b6ae8457 608 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 609 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 610
56f87901 611 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 612 settings |= MGMT_SETTING_BREDR;
613
06199cf8 614 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 615 settings |= MGMT_SETTING_LE;
616
47990ea0 617 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 618 settings |= MGMT_SETTING_LINK_SECURITY;
619
84bde9d6 620 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 621 settings |= MGMT_SETTING_SSP;
622
6d80dfd0
JH		 623 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
624 settings |= MGMT_SETTING_HS;
625
f3d3444a 626 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 627 settings |= MGMT_SETTING_ADVERTISING;
628
e98d2ce2
MH		 629 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
630 settings |= MGMT_SETTING_SECURE_CONN;
631
0663b297 632 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 633 settings |= MGMT_SETTING_DEBUG_KEYS;
634
0f4bd942
JH		 635 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
636 settings |= MGMT_SETTING_PRIVACY;
637
69ab39ea
JH		 638 return settings;
639}
640
ef580372
JH		 641#define PNP_INFO_SVCLASS_ID 0x1200
642
213202ed
JH		 643static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
644{
645 u8 *ptr = data, *uuids_start = NULL;
646 struct bt_uuid *uuid;
647
648 if (len < 4)
649 return ptr;
650
651 list_for_each_entry(uuid, &hdev->uuids, list) {
652 u16 uuid16;
653
654 if (uuid->size != 16)
655 continue;
656
657 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
658 if (uuid16 < 0x1100)
659 continue;
660
661 if (uuid16 == PNP_INFO_SVCLASS_ID)
662 continue;
663
664 if (!uuids_start) {
665 uuids_start = ptr;
666 uuids_start[0] = 1;
667 uuids_start[1] = EIR_UUID16_ALL;
668 ptr += 2;
669 }
670
671 /* Stop if not enough space to put next UUID */
672 if ((ptr - data) + sizeof(u16) > len) {
673 uuids_start[1] = EIR_UUID16_SOME;
674 break;
675 }
676
677 *ptr++ = (uuid16 & 0x00ff);
678 *ptr++ = (uuid16 & 0xff00) >> 8;
679 uuids_start[0] += sizeof(uuid16);
680 }
681
682 return ptr;
683}
684
cdf1963f
JH		 685static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
686{
687 u8 *ptr = data, *uuids_start = NULL;
688 struct bt_uuid *uuid;
689
690 if (len < 6)
691 return ptr;
692
693 list_for_each_entry(uuid, &hdev->uuids, list) {
694 if (uuid->size != 32)
695 continue;
696
697 if (!uuids_start) {
698 uuids_start = ptr;
699 uuids_start[0] = 1;
700 uuids_start[1] = EIR_UUID32_ALL;
701 ptr += 2;
702 }
703
704 /* Stop if not enough space to put next UUID */
705 if ((ptr - data) + sizeof(u32) > len) {
706 uuids_start[1] = EIR_UUID32_SOME;
707 break;
708 }
709
710 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
711 ptr += sizeof(u32);
712 uuids_start[0] += sizeof(u32);
713 }
714
715 return ptr;
716}
717
c00d575b
JH		 718static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
719{
720 u8 *ptr = data, *uuids_start = NULL;
721 struct bt_uuid *uuid;
722
723 if (len < 18)
724 return ptr;
725
726 list_for_each_entry(uuid, &hdev->uuids, list) {
727 if (uuid->size != 128)
728 continue;
729
730 if (!uuids_start) {
731 uuids_start = ptr;
732 uuids_start[0] = 1;
733 uuids_start[1] = EIR_UUID128_ALL;
734 ptr += 2;
735 }
736
737 /* Stop if not enough space to put next UUID */
738 if ((ptr - data) + 16 > len) {
739 uuids_start[1] = EIR_UUID128_SOME;
740 break;
741 }
742
743 memcpy(ptr, uuid->uuid, 16);
744 ptr += 16;
745 uuids_start[0] += 16;
746 }
747
748 return ptr;
749}
750
eb2a8d20
JH		 751static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
752{
753 struct pending_cmd *cmd;
754
755 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
756 if (cmd->opcode == opcode)
757 return cmd;
758 }
759
760 return NULL;
761}
762
95868426
JH		 763static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
764 struct hci_dev *hdev,
765 const void *data)
766{
767 struct pending_cmd *cmd;
768
769 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
770 if (cmd->user_data != data)
771 continue;
772 if (cmd->opcode == opcode)
773 return cmd;
774 }
775
776 return NULL;
777}
778
f14d8f64
MH		 779static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
780{
7a5f4990
MH		 781 u8 ad_len = 0;
782 size_t name_len;
783
784 name_len = strlen(hdev->dev_name);
785 if (name_len > 0) {
786 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
787
788 if (name_len > max_len) {
789 name_len = max_len;
790 ptr[1] = EIR_NAME_SHORT;
791 } else
792 ptr[1] = EIR_NAME_COMPLETE;
793
794 ptr[0] = name_len + 1;
795
796 memcpy(ptr + 2, hdev->dev_name, name_len);
797
798 ad_len += (name_len + 2);
799 ptr += (name_len + 2);
800 }
801
802 return ad_len;
f14d8f64
MH		 803}
804
805static void update_scan_rsp_data(struct hci_request *req)
806{
807 struct hci_dev *hdev = req->hdev;
808 struct hci_cp_le_set_scan_rsp_data cp;
809 u8 len;
810
7751ef1b 811 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 812 return;
813
814 memset(&cp, 0, sizeof(cp));
815
816 len = create_scan_rsp_data(hdev, cp.data);
817
eb438b5f
JH		 818 if (hdev->scan_rsp_data_len == len &&
819 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 820 return;
821
eb438b5f
JH		 822 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
823 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 824
825 cp.length = len;
826
827 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
828}
829
9a43e25f
JH		 830static u8 get_adv_discov_flags(struct hci_dev *hdev)
831{
832 struct pending_cmd *cmd;
833
834 /* If there's a pending mgmt command the flags will not yet have
835 * their final values, so check for this first.
836 */
837 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
838 if (cmd) {
839 struct mgmt_mode *cp = cmd->param;
840 if (cp->val == 0x01)
841 return LE_AD_GENERAL;
842 else if (cp->val == 0x02)
843 return LE_AD_LIMITED;
844 } else {
845 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_LIMITED;
847 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
848 return LE_AD_GENERAL;
849 }
850
851 return 0;
852}
853
46cad2ed 854static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 855{
856 u8 ad_len = 0, flags = 0;
441ad2d0 857
9a43e25f 858 flags |= get_adv_discov_flags(hdev);
441ad2d0 859
e834004b 860 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 861 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 862
863 if (flags) {
864 BT_DBG("adv flags 0x%02x", flags);
865
866 ptr[0] = 2;
867 ptr[1] = EIR_FLAGS;
868 ptr[2] = flags;
869
870 ad_len += 3;
871 ptr += 3;
872 }
873
874 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
875 ptr[0] = 2;
876 ptr[1] = EIR_TX_POWER;
877 ptr[2] = (u8) hdev->adv_tx_power;
878
879 ad_len += 3;
880 ptr += 3;
881 }
882
441ad2d0
MH		 883 return ad_len;
884}
885
5947f4bc 886static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 887{
888 struct hci_dev *hdev = req->hdev;
889 struct hci_cp_le_set_adv_data cp;
890 u8 len;
891
10994ce6 892 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 893 return;
894
895 memset(&cp, 0, sizeof(cp));
896
46cad2ed 897 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 898
899 if (hdev->adv_data_len == len &&
900 memcmp(cp.data, hdev->adv_data, len) == 0)
901 return;
902
903 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
904 hdev->adv_data_len = len;
905
906 cp.length = len;
907
908 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
909}
910
bc6d2d04
JH		 911int mgmt_update_adv_data(struct hci_dev *hdev)
912{
913 struct hci_request req;
914
915 hci_req_init(&req, hdev);
916 update_adv_data(&req);
917
918 return hci_req_run(&req, NULL);
919}
920
ef580372
JH		 921static void create_eir(struct hci_dev *hdev, u8 *data)
922{
923 u8 *ptr = data;
ef580372
JH		 924 size_t name_len;
925
926 name_len = strlen(hdev->dev_name);
927
928 if (name_len > 0) {
929 /* EIR Data type */
930 if (name_len > 48) {
931 name_len = 48;
932 ptr[1] = EIR_NAME_SHORT;
933 } else
934 ptr[1] = EIR_NAME_COMPLETE;
935
936 /* EIR Data length */
937 ptr[0] = name_len + 1;
938
939 memcpy(ptr + 2, hdev->dev_name, name_len);
940
ef580372
JH		 941 ptr += (name_len + 2);
942 }
943
bbaf444a 944 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 945 ptr[0] = 2;
946 ptr[1] = EIR_TX_POWER;
947 ptr[2] = (u8) hdev->inq_tx_power;
948
91c4e9b1
MH		 949 ptr += 3;
950 }
951
2b9be137
MH		 952 if (hdev->devid_source > 0) {
953 ptr[0] = 9;
954 ptr[1] = EIR_DEVICE_ID;
955
956 put_unaligned_le16(hdev->devid_source, ptr + 2);
957 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
958 put_unaligned_le16(hdev->devid_product, ptr + 6);
959 put_unaligned_le16(hdev->devid_version, ptr + 8);
960
2b9be137
MH		 961 ptr += 10;
962 }
963
213202ed 964 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 965 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 966 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 967}
968
890ea898 969static void update_eir(struct hci_request *req)
ef580372 970{
890ea898 971 struct hci_dev *hdev = req->hdev;
ef580372
JH		 972 struct hci_cp_write_eir cp;
973
504c8dcd 974 if (!hdev_is_powered(hdev))
890ea898 975 return;
7770c4aa 976
976eb20e 977 if (!lmp_ext_inq_capable(hdev))
890ea898 978 return;
ef580372 979
84bde9d6 980 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 981 return;
ef580372 982
a8b2d5c2 983 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 984 return;
ef580372
JH		 985
986 memset(&cp, 0, sizeof(cp));
987
988 create_eir(hdev, cp.data);
989
990 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 991 return;
ef580372
JH		 992
993 memcpy(hdev->eir, cp.data, sizeof(cp.data));
994
890ea898 995 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 996}
997
998static u8 get_service_classes(struct hci_dev *hdev)
999{
1000 struct bt_uuid *uuid;
1001 u8 val = 0;
1002
1003 list_for_each_entry(uuid, &hdev->uuids, list)
1004 val |= uuid->svc_hint;
1005
1006 return val;
1007}
1008
890ea898 1009static void update_class(struct hci_request *req)
ef580372 1010{
890ea898 1011 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1012 u8 cod[3];
1013
1014 BT_DBG("%s", hdev->name);
1015
504c8dcd 1016 if (!hdev_is_powered(hdev))
890ea898 1017 return;
7770c4aa 1018
f87ea1da
JH		 1019 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1020 return;
1021
a8b2d5c2 1022 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1023 return;
ef580372
JH		 1024
1025 cod[0] = hdev->minor_class;
1026 cod[1] = hdev->major_class;
1027 cod[2] = get_service_classes(hdev);
1028
6acd7db4
MH		 1029 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1030 cod[1] |= 0x20;
1031
ef580372 1032 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1033 return;
ef580372 1034
890ea898 1035 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1036}
1037
a4858cb9 1038static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1039{
1040 struct pending_cmd *cmd;
199a2fb1
JH		 1041
1042 /* If there's a pending mgmt command the flag will not yet have
1043 * it's final value, so check for this first.
1044 */
1045 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1046 if (cmd) {
1047 struct mgmt_mode *cp = cmd->param;
a4858cb9 1048 return cp->val;
199a2fb1
JH		 1049 }
1050
a4858cb9 1051 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1052}
1053
0ec5ae84
JH		 1054static void disable_advertising(struct hci_request *req)
1055{
1056 u8 enable = 0x00;
1057
1058 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1059}
1060
199a2fb1
JH		 1061static void enable_advertising(struct hci_request *req)
1062{
1063 struct hci_dev *hdev = req->hdev;
1064 struct hci_cp_le_set_adv_param cp;
8f2a0601 1065 u8 own_addr_type, enable = 0x01;
a4858cb9 1066 bool connectable;
199a2fb1 1067
0ec5ae84
JH		 1068 if (hci_conn_num(hdev, LE_LINK) > 0)
1069 return;
1070
1071 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1072 disable_advertising(req);
1073
5ce194c4 1074 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1075 * hci_update_random_address knows that it's safe to go ahead
1076 * and write a new random address. The flag will be set back on
1077 * as soon as the SET_ADV_ENABLE HCI command completes.
1078 */
5ce194c4 1079 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1080
a4858cb9 1081 connectable = get_connectable(hdev);
8f2a0601 1082
a4858cb9
JH		 1083 /* Set require_privacy to true only when non-connectable
1084 * advertising is used. In that case it is fine to use a
1085 * non-resolvable private address.
1086 */
1087 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1088 return;
1089
41c90c18 1090 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1091 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1092 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1093 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1094 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1095 cp.channel_map = hdev->le_adv_channel_map;
1096
1097 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1098
1099 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1100}
1101
7d78525d
JH		 1102static void service_cache_off(struct work_struct *work)
1103{
1104 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1105 service_cache.work);
890ea898 1106 struct hci_request req;
7d78525d 1107
a8b2d5c2 1108 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1109 return;
1110
890ea898
JH		 1111 hci_req_init(&req, hdev);
1112
7d78525d
JH		 1113 hci_dev_lock(hdev);
1114
890ea898
JH		 1115 update_eir(&req);
1116 update_class(&req);
7d78525d
JH		 1117
1118 hci_dev_unlock(hdev);
890ea898
JH		 1119
1120 hci_req_run(&req, NULL);
7d78525d
JH		 1121}
1122
d6bfd59c
JH		 1123static void rpa_expired(struct work_struct *work)
1124{
1125 struct hci_dev *hdev = container_of(work, struct hci_dev,
1126 rpa_expired.work);
1127 struct hci_request req;
1128
1129 BT_DBG("");
1130
1131 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1132
0ec5ae84 1133 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1134 return;
1135
1136 /* The generation of a new RPA and programming it into the
1137 * controller happens in the enable_advertising() function.
1138 */
d6bfd59c 1139 hci_req_init(&req, hdev);
d6bfd59c 1140 enable_advertising(&req);
d6bfd59c
JH		 1141 hci_req_run(&req, NULL);
1142}
1143
6a919082 1144static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1145{
4f87da80 1146 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1147 return;
1148
4f87da80 1149 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1150 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1151
4f87da80
JH		 1152 /* Non-mgmt controlled devices get this bit set
1153 * implicitly so that pairing works for them, however
1154 * for mgmt we require user-space to explicitly enable
1155 * it
1156 */
b6ae8457 1157 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1158}
1159
0f4e68cf 1160static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1161 void *data, u16 data_len)
0381101f 1162{
a38528f1 1163 struct mgmt_rp_read_info rp;
f7b64e69 1164
bdb6d971 1165 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1166
09fd0de5 1167 hci_dev_lock(hdev);
f7b64e69 1168
dc4fe30b
JH		 1169 memset(&rp, 0, sizeof(rp));
1170
69ab39ea 1171 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1172
69ab39ea 1173 rp.version = hdev->hci_ver;
eb55ef07 1174 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1175
1176 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1177 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1178
a38528f1 1179 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1180
dc4fe30b 1181 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1182 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1183
09fd0de5 1184 hci_dev_unlock(hdev);
0381101f 1185
bdb6d971 1186 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1187 sizeof(rp));
0381101f
JH		 1188}
1189
eec8d2bc
JH		 1190static void mgmt_pending_free(struct pending_cmd *cmd)
1191{
1192 sock_put(cmd->sk);
c68fb7ff 1193 kfree(cmd->param);
eec8d2bc
JH		 1194 kfree(cmd);
1195}
1196
366a0336 1197static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1198 struct hci_dev *hdev, void *data,
1199 u16 len)
eec8d2bc
JH		 1200{
1201 struct pending_cmd *cmd;
1202
fca20018 1203 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1204 if (!cmd)
366a0336 1205 return NULL;
eec8d2bc
JH		 1206
1207 cmd->opcode = opcode;
2e58ef3e 1208 cmd->index = hdev->id;
eec8d2bc 1209
323b0b88 1210 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1211 if (!cmd->param) {
eec8d2bc 1212 kfree(cmd);
366a0336 1213 return NULL;
eec8d2bc
JH		 1214 }
1215
323b0b88 1216 cmd->param_len = len;
eec8d2bc
JH		 1217
1218 cmd->sk = sk;
1219 sock_hold(sk);
1220
2e58ef3e 1221 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1222
366a0336 1223 return cmd;
eec8d2bc
JH		 1224}
1225
744cf19e 1226static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1227 void (*cb)(struct pending_cmd *cmd,
1228 void *data),
04124681 1229 void *data)
eec8d2bc 1230{
a3d09356 1231 struct pending_cmd *cmd, *tmp;
eec8d2bc 1232
a3d09356 1233 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1234 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1235 continue;
1236
eec8d2bc
JH		 1237 cb(cmd, data);
1238 }
1239}
1240
a664b5bc 1241static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1242{
73f22f62
JH		 1243 list_del(&cmd->list);
1244 mgmt_pending_free(cmd);
1245}
1246
69ab39ea 1247static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1248{
69ab39ea 1249 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1250
aee9b218 1251 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1252 sizeof(settings));
8680570b
JH		 1253}
1254
8b064a3a
JH		 1255static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1256{
1257 BT_DBG("%s status 0x%02x", hdev->name, status);
1258
a3172b7e
JH		 1259 if (hci_conn_count(hdev) == 0) {
1260 cancel_delayed_work(&hdev->power_off);
8b064a3a 1261 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1262 }
8b064a3a
JH		 1263}
1264
23a48093 1265static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1266{
1267 struct hci_dev *hdev = req->hdev;
1268 struct hci_cp_remote_name_req_cancel cp;
1269 struct inquiry_entry *e;
1270
1271 switch (hdev->discovery.state) {
1272 case DISCOVERY_FINDING:
1273 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1274 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1275 } else {
1276 cancel_delayed_work(&hdev->le_scan_disable);
1277 hci_req_add_le_scan_disable(req);
1278 }
1279
23a48093 1280 return true;
21a60d30
JH		 1281
1282 case DISCOVERY_RESOLVING:
1283 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1284 NAME_PENDING);
1285 if (!e)
23a48093 1286 break;
21a60d30
JH		 1287
1288 bacpy(&cp.bdaddr, &e->data.bdaddr);
1289 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1290 &cp);
1291
23a48093 1292 return true;
21a60d30
JH		 1293
1294 default:
1295 /* Passive scanning */
23a48093 1296 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1297 hci_req_add_le_scan_disable(req);
23a48093
JH		 1298 return true;
1299 }
1300
21a60d30
JH		 1301 break;
1302 }
23a48093
JH		 1303
1304 return false;
21a60d30
JH		 1305}
1306
8b064a3a
JH		 1307static int clean_up_hci_state(struct hci_dev *hdev)
1308{
1309 struct hci_request req;
1310 struct hci_conn *conn;
23a48093
JH		 1311 bool discov_stopped;
1312 int err;
8b064a3a
JH		 1313
1314 hci_req_init(&req, hdev);
1315
1316 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1317 test_bit(HCI_PSCAN, &hdev->flags)) {
1318 u8 scan = 0x00;
1319 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1320 }
1321
73e082f8 1322 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1323 disable_advertising(&req);
1324
23a48093 1325 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1326
1327 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1328 struct hci_cp_disconnect dc;
c9910d0f
JH		 1329 struct hci_cp_reject_conn_req rej;
1330
1331 switch (conn->state) {
1332 case BT_CONNECTED:
1333 case BT_CONFIG:
1334 dc.handle = cpu_to_le16(conn->handle);
1335 dc.reason = 0x15; /* Terminated due to Power Off */
1336 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1337 break;
1338 case BT_CONNECT:
1339 if (conn->type == LE_LINK)
1340 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1341 0, NULL);
1342 else if (conn->type == ACL_LINK)
1343 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1344 6, &conn->dst);
1345 break;
1346 case BT_CONNECT2:
1347 bacpy(&rej.bdaddr, &conn->dst);
1348 rej.reason = 0x15; /* Terminated due to Power Off */
1349 if (conn->type == ACL_LINK)
1350 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1351 sizeof(rej), &rej);
1352 else if (conn->type == SCO_LINK)
1353 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1354 sizeof(rej), &rej);
1355 break;
1356 }
8b064a3a
JH		 1357 }
1358
23a48093
JH		 1359 err = hci_req_run(&req, clean_up_hci_complete);
1360 if (!err && discov_stopped)
1361 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1362
1363 return err;
8b064a3a
JH		 1364}
1365
bdb6d971 1366static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1367 u16 len)
eec8d2bc 1368{
650f726d 1369 struct mgmt_mode *cp = data;
366a0336 1370 struct pending_cmd *cmd;
4b34ee78 1371 int err;
eec8d2bc 1372
bdb6d971 1373 BT_DBG("request for %s", hdev->name);
eec8d2bc 1374
a7e80f25
JH		 1375 if (cp->val != 0x00 && cp->val != 0x01)
1376 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1377 MGMT_STATUS_INVALID_PARAMS);
1378
09fd0de5 1379 hci_dev_lock(hdev);
eec8d2bc 1380
87b95ba6
JH		 1381 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1382 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1383 MGMT_STATUS_BUSY);
1384 goto failed;
1385 }
1386
f0d4b78a
MH		 1387 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1388 cancel_delayed_work(&hdev->power_off);
1389
1390 if (cp->val) {
a1d70450
JH		 1391 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1392 data, len);
1393 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1394 goto failed;
1395 }
1396 }
1397
4b34ee78 1398 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1399 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1400 goto failed;
1401 }
1402
2e58ef3e 1403 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1404 if (!cmd) {
1405 err = -ENOMEM;
eec8d2bc 1406 goto failed;
366a0336 1407 }
eec8d2bc 1408
8b064a3a 1409 if (cp->val) {
19202573 1410 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1411 err = 0;
1412 } else {
1413 /* Disconnect connections, stop scans, etc */
1414 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1415 if (!err)
1416 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1417 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1418
8b064a3a
JH		 1419 /* ENODATA means there were no HCI commands queued */
1420 if (err == -ENODATA) {
a3172b7e 1421 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1422 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1423 err = 0;
1424 }
1425 }
eec8d2bc
JH		 1426
1427failed:
09fd0de5 1428 hci_dev_unlock(hdev);
366a0336 1429 return err;
eec8d2bc
JH		 1430}
1431
beadb2bd
JH		 1432static int new_settings(struct hci_dev *hdev, struct sock *skip)
1433{
1434 __le32 ev;
1435
1436 ev = cpu_to_le32(get_current_settings(hdev));
1437
1438 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1439}
1440
91a668b0
JH		 1441int mgmt_new_settings(struct hci_dev *hdev)
1442{
1443 return new_settings(hdev, NULL);
1444}
1445
bd99abdd
JH		 1446struct cmd_lookup {
1447 struct sock *sk;
1448 struct hci_dev *hdev;
1449 u8 mgmt_status;
1450};
1451
1452static void settings_rsp(struct pending_cmd *cmd, void *data)
1453{
1454 struct cmd_lookup *match = data;
1455
1456 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1457
1458 list_del(&cmd->list);
1459
1460 if (match->sk == NULL) {
1461 match->sk = cmd->sk;
1462 sock_hold(match->sk);
1463 }
1464
1465 mgmt_pending_free(cmd);
1466}
1467
1468static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1469{
1470 u8 *status = data;
1471
1472 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1473 mgmt_pending_remove(cmd);
1474}
1475
1b9b5ee5
JH		 1476static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1477{
1478 if (cmd->cmd_complete) {
1479 u8 *status = data;
1480
1481 cmd->cmd_complete(cmd, *status);
1482 mgmt_pending_remove(cmd);
1483
1484 return;
1485 }
1486
1487 cmd_status_rsp(cmd, data);
1488}
1489
9df74653 1490static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
f5818c22 1491{
9df74653
JH		 1492 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1493 cmd->param, cmd->param_len);
f5818c22
JH		 1494}
1495
9df74653 1496static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
7776d1d8 1497{
9df74653
JH		 1498 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1499 sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1500}
1501
e6fe7986
JH		 1502static u8 mgmt_bredr_support(struct hci_dev *hdev)
1503{
1504 if (!lmp_bredr_capable(hdev))
1505 return MGMT_STATUS_NOT_SUPPORTED;
1506 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1507 return MGMT_STATUS_REJECTED;
1508 else
1509 return MGMT_STATUS_SUCCESS;
1510}
1511
1512static u8 mgmt_le_support(struct hci_dev *hdev)
1513{
1514 if (!lmp_le_capable(hdev))
1515 return MGMT_STATUS_NOT_SUPPORTED;
1516 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1517 return MGMT_STATUS_REJECTED;
1518 else
1519 return MGMT_STATUS_SUCCESS;
1520}
1521
bfaf8c9f
JH		 1522static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1523{
1524 struct pending_cmd *cmd;
1525 struct mgmt_mode *cp;
970ba524 1526 struct hci_request req;
bfaf8c9f
JH		 1527 bool changed;
1528
1529 BT_DBG("status 0x%02x", status);
1530
1531 hci_dev_lock(hdev);
1532
1533 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1534 if (!cmd)
1535 goto unlock;
1536
1537 if (status) {
1538 u8 mgmt_err = mgmt_status(status);
1539 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1540 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1541 goto remove_cmd;
1542 }
1543
1544 cp = cmd->param;
d4462a07 1545 if (cp->val) {
bfaf8c9f
JH		 1546 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1547 &hdev->dev_flags);
d4462a07
MH		 1548
1549 if (hdev->discov_timeout > 0) {
1550 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1551 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1552 to);
1553 }
1554 } else {
bfaf8c9f
JH		 1555 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1556 &hdev->dev_flags);
d4462a07 1557 }
bfaf8c9f
JH		 1558
1559 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1560
1561 if (changed)
1562 new_settings(hdev, cmd->sk);
1563
970ba524
MH		 1564 /* When the discoverable mode gets changed, make sure
1565 * that class of device has the limited discoverable
432df05e
JH		 1566 * bit correctly set. Also update page scan based on whitelist
1567 * entries.
970ba524
MH		 1568 */
1569 hci_req_init(&req, hdev);
1d2dc5b7 1570 __hci_update_page_scan(&req);
970ba524
MH		 1571 update_class(&req);
1572 hci_req_run(&req, NULL);
1573
bfaf8c9f
JH		 1574remove_cmd:
1575 mgmt_pending_remove(cmd);
1576
1577unlock:
1578 hci_dev_unlock(hdev);
1579}
1580
bdb6d971 1581static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1582 u16 len)
73f22f62 1583{
650f726d 1584 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1585 struct pending_cmd *cmd;
bfaf8c9f 1586 struct hci_request req;
5e5282bb 1587 u16 timeout;
9a43e25f 1588 u8 scan;
73f22f62
JH		 1589 int err;
1590
bdb6d971 1591 BT_DBG("request for %s", hdev->name);
73f22f62 1592
9a43e25f
JH		 1593 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1594 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1595 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1596 MGMT_STATUS_REJECTED);
33c525c0 1597
310a3d48 1598 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1600 MGMT_STATUS_INVALID_PARAMS);
1601
1f350c87 1602 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1603
1604 /* Disabling discoverable requires that no timeout is set,
1605 * and enabling limited discoverable requires a timeout.
1606 */
1607 if ((cp->val == 0x00 && timeout > 0) ||
1608 (cp->val == 0x02 && timeout == 0))
bdb6d971 1609 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1610 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1611
09fd0de5 1612 hci_dev_lock(hdev);
73f22f62 1613
5e5282bb 1614 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1616 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1617 goto failed;
1618 }
1619
2e58ef3e 1620 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1621 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1623 MGMT_STATUS_BUSY);
73f22f62
JH		 1624 goto failed;
1625 }
1626
5e5282bb 1627 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1628 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1629 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1630 goto failed;
1631 }
1632
1633 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1634 bool changed = false;
1635
310a3d48
MH		 1636 /* Setting limited discoverable when powered off is
1637 * not a valid operation since it requires a timeout
1638 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1639 */
0224d2fa
JH		 1640 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1641 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1642 changed = true;
1643 }
1644
5e5282bb 1645 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1646 if (err < 0)
1647 goto failed;
1648
1649 if (changed)
1650 err = new_settings(hdev, sk);
1651
5e5282bb
JH		 1652 goto failed;
1653 }
1654
310a3d48
MH		 1655 /* If the current mode is the same, then just update the timeout
1656 * value with the new value. And if only the timeout gets updated,
1657 * then no need for any HCI transactions.
1658 */
1659 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1660 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1661 &hdev->dev_flags)) {
36261547
MH		 1662 cancel_delayed_work(&hdev->discov_off);
1663 hdev->discov_timeout = timeout;
955638ec 1664
36261547
MH		 1665 if (cp->val && hdev->discov_timeout > 0) {
1666 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1667 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1668 to);
955638ec
MH		 1669 }
1670
69ab39ea 1671 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1672 goto failed;
1673 }
1674
2e58ef3e 1675 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1676 if (!cmd) {
1677 err = -ENOMEM;
73f22f62 1678 goto failed;
366a0336 1679 }
73f22f62 1680
310a3d48
MH		 1681 /* Cancel any potential discoverable timeout that might be
1682 * still active and store new timeout value. The arming of
1683 * the timeout happens in the complete handler.
1684 */
1685 cancel_delayed_work(&hdev->discov_off);
1686 hdev->discov_timeout = timeout;
1687
b456f87c
JH		 1688 /* Limited discoverable mode */
1689 if (cp->val == 0x02)
1690 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1691 else
1692 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1693
bfaf8c9f
JH		 1694 hci_req_init(&req, hdev);
1695
9a43e25f
JH		 1696 /* The procedure for LE-only controllers is much simpler - just
1697 * update the advertising data.
1698 */
1699 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1700 goto update_ad;
1701
73f22f62
JH		 1702 scan = SCAN_PAGE;
1703
310a3d48
MH		 1704 if (cp->val) {
1705 struct hci_cp_write_current_iac_lap hci_cp;
1706
1707 if (cp->val == 0x02) {
1708 /* Limited discoverable mode */
33337dcb 1709 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1710 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1711 hci_cp.iac_lap[1] = 0x8b;
1712 hci_cp.iac_lap[2] = 0x9e;
1713 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1714 hci_cp.iac_lap[4] = 0x8b;
1715 hci_cp.iac_lap[5] = 0x9e;
1716 } else {
1717 /* General discoverable mode */
310a3d48
MH		 1718 hci_cp.num_iac = 1;
1719 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1720 hci_cp.iac_lap[1] = 0x8b;
1721 hci_cp.iac_lap[2] = 0x9e;
1722 }
1723
1724 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1725 (hci_cp.num_iac * 3) + 1, &hci_cp);
1726
73f22f62 1727 scan |= SCAN_INQUIRY;
310a3d48
MH		 1728 } else {
1729 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1730 }
73f22f62 1731
310a3d48 1732 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1733
9a43e25f
JH		 1734update_ad:
1735 update_adv_data(&req);
1736
bfaf8c9f 1737 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1738 if (err < 0)
a664b5bc 1739 mgmt_pending_remove(cmd);
73f22f62
JH		 1740
1741failed:
09fd0de5 1742 hci_dev_unlock(hdev);
73f22f62
JH		 1743 return err;
1744}
1745
406d7804
JH		 1746static void write_fast_connectable(struct hci_request *req, bool enable)
1747{
bd98b996 1748 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1749 struct hci_cp_write_page_scan_activity acp;
1750 u8 type;
1751
547003b1
JH		 1752 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1753 return;
1754
4c01f8b8
JH		 1755 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1756 return;
1757
406d7804
JH		 1758 if (enable) {
1759 type = PAGE_SCAN_TYPE_INTERLACED;
1760
1761 /* 160 msec page scan interval */
dcf4adbf 1762 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1763 } else {
1764 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1765
1766 /* default 1.28 sec page scan */
dcf4adbf 1767 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1768 }
1769
dcf4adbf 1770 acp.window = cpu_to_le16(0x0012);
406d7804 1771
bd98b996
JH		 1772 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1773 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1774 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1775 sizeof(acp), &acp);
1776
1777 if (hdev->page_scan_type != type)
1778 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1779}
1780
2b76f453
JH		 1781static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1782{
1783 struct pending_cmd *cmd;
d7b856f9 1784 struct mgmt_mode *cp;
bc6d2d04 1785 bool conn_changed, discov_changed;
2b76f453
JH		 1786
1787 BT_DBG("status 0x%02x", status);
1788
1789 hci_dev_lock(hdev);
1790
1791 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1792 if (!cmd)
1793 goto unlock;
1794
37438c1f
JH		 1795 if (status) {
1796 u8 mgmt_err = mgmt_status(status);
1797 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1798 goto remove_cmd;
1799 }
1800
d7b856f9 1801 cp = cmd->param;
bc6d2d04
JH		 1802 if (cp->val) {
1803 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1804 &hdev->dev_flags);
1805 discov_changed = false;
1806 } else {
1807 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1808 &hdev->dev_flags);
1809 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1810 &hdev->dev_flags);
1811 }
d7b856f9 1812
2b76f453
JH		 1813 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1814
bc6d2d04 1815 if (conn_changed || discov_changed) {
d7b856f9 1816 new_settings(hdev, cmd->sk);
1d2dc5b7 1817 hci_update_page_scan(hdev);
bc6d2d04
JH		 1818 if (discov_changed)
1819 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1820 hci_update_background_scan(hdev);
1821 }
d7b856f9 1822
37438c1f 1823remove_cmd:
2b76f453
JH		 1824 mgmt_pending_remove(cmd);
1825
1826unlock:
1827 hci_dev_unlock(hdev);
1828}
1829
e8ba3a1f
JH		 1830static int set_connectable_update_settings(struct hci_dev *hdev,
1831 struct sock *sk, u8 val)
1832{
1833 bool changed = false;
1834 int err;
1835
1836 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1837 changed = true;
1838
1839 if (val) {
1840 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1841 } else {
1842 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1843 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1844 }
1845
1846 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1847 if (err < 0)
1848 return err;
1849
562064e6 1850 if (changed) {
1d2dc5b7 1851 hci_update_page_scan(hdev);
562064e6 1852 hci_update_background_scan(hdev);
e8ba3a1f 1853 return new_settings(hdev, sk);
562064e6 1854 }
e8ba3a1f
JH		 1855
1856 return 0;
1857}
1858
bdb6d971 1859static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1860 u16 len)
9fbcbb45 1861{
650f726d 1862 struct mgmt_mode *cp = data;
366a0336 1863 struct pending_cmd *cmd;
2b76f453 1864 struct hci_request req;
1987fdc7 1865 u8 scan;
9fbcbb45
JH		 1866 int err;
1867
bdb6d971 1868 BT_DBG("request for %s", hdev->name);
9fbcbb45 1869
1987fdc7
JH		 1870 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1871 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1872 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1873 MGMT_STATUS_REJECTED);
33c525c0 1874
a7e80f25
JH		 1875 if (cp->val != 0x00 && cp->val != 0x01)
1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1877 MGMT_STATUS_INVALID_PARAMS);
1878
09fd0de5 1879 hci_dev_lock(hdev);
9fbcbb45 1880
4b34ee78 1881 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1882 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1883 goto failed;
1884 }
1885
2e58ef3e 1886 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1887 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1888 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1889 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1890 goto failed;
1891 }
1892
2e58ef3e 1893 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1894 if (!cmd) {
1895 err = -ENOMEM;
9fbcbb45 1896 goto failed;
366a0336 1897 }
9fbcbb45 1898
9b74246f 1899 hci_req_init(&req, hdev);
9fbcbb45 1900
9a43e25f
JH		 1901 /* If BR/EDR is not enabled and we disable advertising as a
1902 * by-product of disabling connectable, we need to update the
1903 * advertising flags.
1904 */
1905 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1906 if (!cp->val) {
1907 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1908 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1909 }
1910 update_adv_data(&req);
1911 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1912 if (cp->val) {
1913 scan = SCAN_PAGE;
1914 } else {
3bd27240
JH		 1915 /* If we don't have any whitelist entries just
1916 * disable all scanning. If there are entries
1917 * and we had both page and inquiry scanning
1918 * enabled then fall back to only page scanning.
1919 * Otherwise no changes are needed.
1920 */
1921 if (list_empty(&hdev->whitelist))
1922 scan = SCAN_DISABLED;
1923 else if (test_bit(HCI_ISCAN, &hdev->flags))
1924 scan = SCAN_PAGE;
1925 else
1926 goto no_scan_update;
9b74246f
JH		 1927
1928 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1929 hdev->discov_timeout > 0)
9b74246f
JH		 1930 cancel_delayed_work(&hdev->discov_off);
1931 }
2b76f453 1932
9b74246f
JH		 1933 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1934 }
2b76f453 1935
3bd27240 1936no_scan_update:
4c01f8b8
JH		 1937 /* If we're going from non-connectable to connectable or
1938 * vice-versa when fast connectable is enabled ensure that fast
1939 * connectable gets disabled. write_fast_connectable won't do
1940 * anything if the page scan parameters are already what they
1941 * should be.
1942 */
1943 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1944 write_fast_connectable(&req, false);
1945
e8b1202c
JH		 1946 /* Update the advertising parameters if necessary */
1947 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1948 enable_advertising(&req);
1987fdc7 1949
2b76f453 1950 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1951 if (err < 0) {
a664b5bc 1952 mgmt_pending_remove(cmd);
9b74246f 1953 if (err == -ENODATA)
a81070ba
JH		 1954 err = set_connectable_update_settings(hdev, sk,
1955 cp->val);
9b74246f
JH		 1956 goto failed;
1957 }
9fbcbb45
JH		 1958
1959failed:
09fd0de5 1960 hci_dev_unlock(hdev);
9fbcbb45
JH		 1961 return err;
1962}
1963
b2939475 1964static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1965 u16 len)
c542a06c 1966{
650f726d 1967 struct mgmt_mode *cp = data;
55594356 1968 bool changed;
c542a06c
JH		 1969 int err;
1970
bdb6d971 1971 BT_DBG("request for %s", hdev->name);
c542a06c 1972
a7e80f25 1973 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1974 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1975 MGMT_STATUS_INVALID_PARAMS);
1976
09fd0de5 1977 hci_dev_lock(hdev);
c542a06c
JH		 1978
1979 if (cp->val)
b6ae8457 1980 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1981 else
b6ae8457 1982 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1983
b2939475 1984 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1985 if (err < 0)
55594356 1986 goto unlock;
c542a06c 1987
55594356
MH		 1988 if (changed)
1989 err = new_settings(hdev, sk);
c542a06c 1990
55594356 1991unlock:
09fd0de5 1992 hci_dev_unlock(hdev);
c542a06c
JH		 1993 return err;
1994}
1995
04124681
GP		 1996static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1997 u16 len)
33ef95ed
JH		 1998{
1999 struct mgmt_mode *cp = data;
2000 struct pending_cmd *cmd;
e6fe7986 2001 u8 val, status;
33ef95ed
JH		 2002 int err;
2003
bdb6d971 2004 BT_DBG("request for %s", hdev->name);
33ef95ed 2005
e6fe7986
JH		 2006 status = mgmt_bredr_support(hdev);
2007 if (status)
33c525c0 2008 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 2009 status);
33c525c0 2010
a7e80f25
JH		 2011 if (cp->val != 0x00 && cp->val != 0x01)
2012 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2013 MGMT_STATUS_INVALID_PARAMS);
2014
33ef95ed
JH		 2015 hci_dev_lock(hdev);
2016
4b34ee78 2017 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2018 bool changed = false;
2019
2020 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2021 &hdev->dev_flags)) {
47990ea0
JH		 2022 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2023 changed = true;
2024 }
2025
2026 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2027 if (err < 0)
2028 goto failed;
2029
2030 if (changed)
2031 err = new_settings(hdev, sk);
2032
33ef95ed
JH		 2033 goto failed;
2034 }
2035
2036 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2037 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2038 MGMT_STATUS_BUSY);
33ef95ed
JH		 2039 goto failed;
2040 }
2041
2042 val = !!cp->val;
2043
2044 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2045 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2046 goto failed;
2047 }
2048
2049 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2050 if (!cmd) {
2051 err = -ENOMEM;
2052 goto failed;
2053 }
2054
2055 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2056 if (err < 0) {
2057 mgmt_pending_remove(cmd);
2058 goto failed;
2059 }
2060
2061failed:
2062 hci_dev_unlock(hdev);
33ef95ed
JH		 2063 return err;
2064}
2065
bdb6d971 2066static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2067{
2068 struct mgmt_mode *cp = data;
2069 struct pending_cmd *cmd;
72ef0c1a 2070 u8 status;
ed2c4ee3
JH		 2071 int err;
2072
bdb6d971 2073 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2074
cdba5281
MH		 2075 status = mgmt_bredr_support(hdev);
2076 if (status)
2077 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2078
13ecd8b6
JH		 2079 if (!lmp_ssp_capable(hdev))
2080 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2081 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2082
a7e80f25
JH		 2083 if (cp->val != 0x00 && cp->val != 0x01)
2084 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2085 MGMT_STATUS_INVALID_PARAMS);
2086
13ecd8b6 2087 hci_dev_lock(hdev);
6c8f12c1 2088
4b34ee78 2089 if (!hdev_is_powered(hdev)) {
9ecb3e24 2090 bool changed;
c0ecddc2 2091
9ecb3e24
MH		 2092 if (cp->val) {
2093 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2094 &hdev->dev_flags);
2095 } else {
2096 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2097 &hdev->dev_flags);
2098 if (!changed)
2099 changed = test_and_clear_bit(HCI_HS_ENABLED,
2100 &hdev->dev_flags);
2101 else
2102 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2103 }
2104
2105 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2106 if (err < 0)
2107 goto failed;
2108
2109 if (changed)
2110 err = new_settings(hdev, sk);
2111
ed2c4ee3
JH		 2112 goto failed;
2113 }
2114
9ecb3e24
MH		 2115 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2116 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2117 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2118 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2119 goto failed;
2120 }
2121
72ef0c1a 2122 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2123 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2124 goto failed;
2125 }
2126
2127 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2128 if (!cmd) {
2129 err = -ENOMEM;
2130 goto failed;
2131 }
2132
3769972b
JH		 2133 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2134 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2135 sizeof(cp->val), &cp->val);
2136
72ef0c1a 2137 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2138 if (err < 0) {
2139 mgmt_pending_remove(cmd);
2140 goto failed;
2141 }
2142
2143failed:
2144 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2145 return err;
2146}
2147
bdb6d971 2148static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2149{
2150 struct mgmt_mode *cp = data;
ee392693 2151 bool changed;
e6fe7986 2152 u8 status;
ee392693 2153 int err;
6d80dfd0 2154
bdb6d971 2155 BT_DBG("request for %s", hdev->name);
6d80dfd0 2156
e6fe7986
JH		 2157 status = mgmt_bredr_support(hdev);
2158 if (status)
2159 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2160
9ecb3e24
MH		 2161 if (!lmp_ssp_capable(hdev))
2162 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2163 MGMT_STATUS_NOT_SUPPORTED);
2164
2165 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2166 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2167 MGMT_STATUS_REJECTED);
2168
a7e80f25
JH		 2169 if (cp->val != 0x00 && cp->val != 0x01)
2170 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2171 MGMT_STATUS_INVALID_PARAMS);
2172
ee392693
MH		 2173 hci_dev_lock(hdev);
2174
a0cdf960 2175 if (cp->val) {
ee392693 2176 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2177 } else {
2178 if (hdev_is_powered(hdev)) {
2179 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2180 MGMT_STATUS_REJECTED);
2181 goto unlock;
2182 }
2183
ee392693 2184 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2185 }
ee392693
MH		 2186
2187 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2188 if (err < 0)
2189 goto unlock;
2190
2191 if (changed)
2192 err = new_settings(hdev, sk);
6d80dfd0 2193
ee392693
MH		 2194unlock:
2195 hci_dev_unlock(hdev);
2196 return err;
6d80dfd0
JH		 2197}
2198
416a4ae5
JH		 2199static void le_enable_complete(struct hci_dev *hdev, u8 status)
2200{
2201 struct cmd_lookup match = { NULL, hdev };
2202
3ad67582
JK		 2203 hci_dev_lock(hdev);
2204
416a4ae5
JH		 2205 if (status) {
2206 u8 mgmt_err = mgmt_status(status);
2207
2208 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2209 &mgmt_err);
3ad67582 2210 goto unlock;
416a4ae5
JH		 2211 }
2212
2213 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2214
2215 new_settings(hdev, match.sk);
2216
2217 if (match.sk)
2218 sock_put(match.sk);
441ad2d0
MH		 2219
2220 /* Make sure the controller has a good default for
2221 * advertising data. Restrict the update to when LE
2222 * has actually been enabled. During power on, the
2223 * update in powered_update_hci will take care of it.
2224 */
2225 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2226 struct hci_request req;
2227
441ad2d0 2228 hci_req_init(&req, hdev);
5947f4bc 2229 update_adv_data(&req);
f14d8f64 2230 update_scan_rsp_data(&req);
2cf22218 2231 __hci_update_background_scan(&req);
441ad2d0 2232 hci_req_run(&req, NULL);
441ad2d0 2233 }
3ad67582
JK		 2234
2235unlock:
2236 hci_dev_unlock(hdev);
416a4ae5
JH		 2237}
2238
bdb6d971 2239static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2240{
2241 struct mgmt_mode *cp = data;
2242 struct hci_cp_write_le_host_supported hci_cp;
2243 struct pending_cmd *cmd;
416a4ae5 2244 struct hci_request req;
06199cf8 2245 int err;
0b60eba1 2246 u8 val, enabled;
06199cf8 2247
bdb6d971 2248 BT_DBG("request for %s", hdev->name);
06199cf8 2249
13ecd8b6
JH		 2250 if (!lmp_le_capable(hdev))
2251 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2252 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2253
a7e80f25
JH		 2254 if (cp->val != 0x00 && cp->val != 0x01)
2255 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2256 MGMT_STATUS_INVALID_PARAMS);
2257
c73eee91 2258 /* LE-only devices do not allow toggling LE on/off */
56f87901 2259 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2260 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2261 MGMT_STATUS_REJECTED);
2262
13ecd8b6 2263 hci_dev_lock(hdev);
06199cf8
JH		 2264
2265 val = !!cp->val;
ffa88e02 2266 enabled = lmp_host_le_capable(hdev);
06199cf8 2267
0b60eba1 2268 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2269 bool changed = false;
2270
2271 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2272 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2273 changed = true;
2274 }
2275
f3d3444a
JH		 2276 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2277 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2278 changed = true;
2279 }
2280
06199cf8
JH		 2281 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2282 if (err < 0)
1de028ce 2283 goto unlock;
06199cf8
JH		 2284
2285 if (changed)
2286 err = new_settings(hdev, sk);
2287
1de028ce 2288 goto unlock;
06199cf8
JH		 2289 }
2290
4375f103
JH		 2291 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2292 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2293 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2294 MGMT_STATUS_BUSY);
1de028ce 2295 goto unlock;
06199cf8
JH		 2296 }
2297
2298 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2299 if (!cmd) {
2300 err = -ENOMEM;
1de028ce 2301 goto unlock;
06199cf8
JH		 2302 }
2303
441ad2d0
MH		 2304 hci_req_init(&req, hdev);
2305
06199cf8
JH		 2306 memset(&hci_cp, 0, sizeof(hci_cp));
2307
2308 if (val) {
2309 hci_cp.le = val;
32226e4f 2310 hci_cp.simul = 0x00;
441ad2d0 2311 } else {
73e082f8 2312 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2313 disable_advertising(&req);
06199cf8
JH		 2314 }
2315
416a4ae5
JH		 2316 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2317 &hci_cp);
2318
2319 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2320 if (err < 0)
06199cf8 2321 mgmt_pending_remove(cmd);
06199cf8 2322
1de028ce
JH		 2323unlock:
2324 hci_dev_unlock(hdev);
06199cf8
JH		 2325 return err;
2326}
2327
0cab9c80
JH		 2328/* This is a helper function to test for pending mgmt commands that can
2329 * cause CoD or EIR HCI commands. We can only allow one such pending
2330 * mgmt command at a time since otherwise we cannot easily track what
2331 * the current values are, will be, and based on that calculate if a new
2332 * HCI command needs to be sent and if yes with what value.
2333 */
2334static bool pending_eir_or_class(struct hci_dev *hdev)
2335{
2336 struct pending_cmd *cmd;
2337
2338 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2339 switch (cmd->opcode) {
2340 case MGMT_OP_ADD_UUID:
2341 case MGMT_OP_REMOVE_UUID:
2342 case MGMT_OP_SET_DEV_CLASS:
2343 case MGMT_OP_SET_POWERED:
2344 return true;
2345 }
2346 }
2347
2348 return false;
2349}
2350
83be8eca
JH		 2351static const u8 bluetooth_base_uuid[] = {
2352 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2353 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2354};
2355
2356static u8 get_uuid_size(const u8 *uuid)
2357{
2358 u32 val;
2359
2360 if (memcmp(uuid, bluetooth_base_uuid, 12))
2361 return 128;
2362
2363 val = get_unaligned_le32(&uuid[12]);
2364 if (val > 0xffff)
2365 return 32;
2366
2367 return 16;
2368}
2369
92da6097
JH		 2370static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2371{
2372 struct pending_cmd *cmd;
2373
2374 hci_dev_lock(hdev);
2375
2376 cmd = mgmt_pending_find(mgmt_op, hdev);
2377 if (!cmd)
2378 goto unlock;
2379
2380 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2381 hdev->dev_class, 3);
2382
2383 mgmt_pending_remove(cmd);
2384
2385unlock:
2386 hci_dev_unlock(hdev);
2387}
2388
2389static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2390{
2391 BT_DBG("status 0x%02x", status);
2392
2393 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2394}
2395
bdb6d971 2396static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2397{
650f726d 2398 struct mgmt_cp_add_uuid *cp = data;
90e70454 2399 struct pending_cmd *cmd;
890ea898 2400 struct hci_request req;
2aeb9a1a 2401 struct bt_uuid *uuid;
2aeb9a1a
JH		 2402 int err;
2403
bdb6d971 2404 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2405
09fd0de5 2406 hci_dev_lock(hdev);
2aeb9a1a 2407
0cab9c80 2408 if (pending_eir_or_class(hdev)) {
bdb6d971 2409 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2410 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2411 goto failed;
2412 }
2413
92c4c204 2414 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2415 if (!uuid) {
2416 err = -ENOMEM;
2417 goto failed;
2418 }
2419
2420 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2421 uuid->svc_hint = cp->svc_hint;
83be8eca 2422 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2423
de66aa63 2424 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2425
890ea898 2426 hci_req_init(&req, hdev);
1aff6f09 2427
890ea898
JH		 2428 update_class(&req);
2429 update_eir(&req);
2430
92da6097
JH		 2431 err = hci_req_run(&req, add_uuid_complete);
2432 if (err < 0) {
2433 if (err != -ENODATA)
2434 goto failed;
80a1e1db 2435
bdb6d971 2436 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2437 hdev->dev_class, 3);
90e70454
JH		 2438 goto failed;
2439 }
2440
2441 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2442 if (!cmd) {
90e70454 2443 err = -ENOMEM;
890ea898
JH		 2444 goto failed;
2445 }
2446
2447 err = 0;
2aeb9a1a
JH		 2448
2449failed:
09fd0de5 2450 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2451 return err;
2452}
2453
24b78d0f
JH		 2454static bool enable_service_cache(struct hci_dev *hdev)
2455{
2456 if (!hdev_is_powered(hdev))
2457 return false;
2458
2459 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2460 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2461 CACHE_TIMEOUT);
24b78d0f
JH		 2462 return true;
2463 }
2464
2465 return false;
2466}
2467
92da6097
JH		 2468static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2469{
2470 BT_DBG("status 0x%02x", status);
2471
2472 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2473}
2474
bdb6d971 2475static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2476 u16 len)
2aeb9a1a 2477{
650f726d 2478 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2479 struct pending_cmd *cmd;
056341c8 2480 struct bt_uuid *match, *tmp;
2aeb9a1a 2481 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2482 struct hci_request req;
2aeb9a1a
JH		 2483 int err, found;
2484
bdb6d971 2485 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2486
09fd0de5 2487 hci_dev_lock(hdev);
2aeb9a1a 2488
0cab9c80 2489 if (pending_eir_or_class(hdev)) {
bdb6d971 2490 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2491 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2492 goto unlock;
2493 }
2494
2aeb9a1a 2495 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2496 hci_uuids_clear(hdev);
4004b6d9 2497
24b78d0f 2498 if (enable_service_cache(hdev)) {
bdb6d971 2499 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2500 0, hdev->dev_class, 3);
24b78d0f
JH		 2501 goto unlock;
2502 }
4004b6d9 2503
9246a869 2504 goto update_class;
2aeb9a1a
JH		 2505 }
2506
2507 found = 0;
2508
056341c8 2509 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2510 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2511 continue;
2512
2513 list_del(&match->list);
482049f7 2514 kfree(match);
2aeb9a1a
JH		 2515 found++;
2516 }
2517
2518 if (found == 0) {
bdb6d971 2519 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2520 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2521 goto unlock;
2522 }
2523
9246a869 2524update_class:
890ea898 2525 hci_req_init(&req, hdev);
1aff6f09 2526
890ea898
JH		 2527 update_class(&req);
2528 update_eir(&req);
2529
92da6097
JH		 2530 err = hci_req_run(&req, remove_uuid_complete);
2531 if (err < 0) {
2532 if (err != -ENODATA)
2533 goto unlock;
80a1e1db 2534
bdb6d971 2535 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2536 hdev->dev_class, 3);
90e70454
JH		 2537 goto unlock;
2538 }
2539
2540 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2541 if (!cmd) {
90e70454 2542 err = -ENOMEM;
890ea898
JH		 2543 goto unlock;
2544 }
2545
2546 err = 0;
2aeb9a1a
JH		 2547
2548unlock:
09fd0de5 2549 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2550 return err;
2551}
2552
92da6097
JH		 2553static void set_class_complete(struct hci_dev *hdev, u8 status)
2554{
2555 BT_DBG("status 0x%02x", status);
2556
2557 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2558}
2559
bdb6d971 2560static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2561 u16 len)
1aff6f09 2562{
650f726d 2563 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2564 struct pending_cmd *cmd;
890ea898 2565 struct hci_request req;
1aff6f09
JH		 2566 int err;
2567
bdb6d971 2568 BT_DBG("request for %s", hdev->name);
1aff6f09 2569
6203fc98 2570 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2571 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2572 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2573
0cab9c80 2574 hci_dev_lock(hdev);
ee98f473 2575
0cab9c80
JH		 2576 if (pending_eir_or_class(hdev)) {
2577 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2578 MGMT_STATUS_BUSY);
2579 goto unlock;
2580 }
c95f0ba7 2581
0cab9c80
JH		 2582 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2583 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2584 MGMT_STATUS_INVALID_PARAMS);
2585 goto unlock;
2586 }
575b3a02 2587
932f5ff5
JH		 2588 hdev->major_class = cp->major;
2589 hdev->minor_class = cp->minor;
2590
b5235a65 2591 if (!hdev_is_powered(hdev)) {
bdb6d971 2592 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2593 hdev->dev_class, 3);
b5235a65
JH		 2594 goto unlock;
2595 }
2596
890ea898
JH		 2597 hci_req_init(&req, hdev);
2598
a8b2d5c2 2599 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2600 hci_dev_unlock(hdev);
2601 cancel_delayed_work_sync(&hdev->service_cache);
2602 hci_dev_lock(hdev);
890ea898 2603 update_eir(&req);
7d78525d 2604 }
14c0b608 2605
890ea898
JH		 2606 update_class(&req);
2607
92da6097
JH		 2608 err = hci_req_run(&req, set_class_complete);
2609 if (err < 0) {
2610 if (err != -ENODATA)
2611 goto unlock;
1aff6f09 2612
bdb6d971 2613 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2614 hdev->dev_class, 3);
90e70454
JH		 2615 goto unlock;
2616 }
2617
2618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2619 if (!cmd) {
90e70454 2620 err = -ENOMEM;
890ea898
JH		 2621 goto unlock;
2622 }
2623
2624 err = 0;
1aff6f09 2625
b5235a65 2626unlock:
09fd0de5 2627 hci_dev_unlock(hdev);
1aff6f09
JH		 2628 return err;
2629}
2630
bdb6d971 2631static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2632 u16 len)
55ed8ca1 2633{
650f726d 2634 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2635 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2636 sizeof(struct mgmt_link_key_info));
4e51eae9 2637 u16 key_count, expected_len;
b1de97d8 2638 bool changed;
a492cd52 2639 int i;
55ed8ca1 2640
9060d5cf
MH		 2641 BT_DBG("request for %s", hdev->name);
2642
2643 if (!lmp_bredr_capable(hdev))
2644 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2645 MGMT_STATUS_NOT_SUPPORTED);
2646
1f350c87 2647 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2648 if (key_count > max_key_count) {
2649 BT_ERR("load_link_keys: too big key_count value %u",
2650 key_count);
2651 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2652 MGMT_STATUS_INVALID_PARAMS);
2653 }
55ed8ca1 2654
86742e1e
JH		 2655 expected_len = sizeof(*cp) + key_count *
2656 sizeof(struct mgmt_link_key_info);
a492cd52 2657 if (expected_len != len) {
86742e1e 2658 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2659 expected_len, len);
bdb6d971 2660 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2661 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2662 }
2663
4ae14301
JH		 2664 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2665 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2666 MGMT_STATUS_INVALID_PARAMS);
2667
bdb6d971 2668 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2669 key_count);
55ed8ca1 2670
4ee71b20
JH		 2671 for (i = 0; i < key_count; i++) {
2672 struct mgmt_link_key_info *key = &cp->keys[i];
2673
8e991132 2674 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2675 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2676 MGMT_STATUS_INVALID_PARAMS);
2677 }
2678
09fd0de5 2679 hci_dev_lock(hdev);
55ed8ca1
JH		 2680
2681 hci_link_keys_clear(hdev);
2682
55ed8ca1 2683 if (cp->debug_keys)
0663b297
JH		 2684 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2685 &hdev->dev_flags);
55ed8ca1 2686 else
0663b297
JH		 2687 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2688 &hdev->dev_flags);
b1de97d8
MH		 2689
2690 if (changed)
2691 new_settings(hdev, NULL);
55ed8ca1 2692
a492cd52 2693 for (i = 0; i < key_count; i++) {
86742e1e 2694 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2695
58e9293c
JH		 2696 /* Always ignore debug keys and require a new pairing if
2697 * the user wants to use them.
2698 */
2699 if (key->type == HCI_LK_DEBUG_COMBINATION)
2700 continue;
2701
7652ff6a
JH		 2702 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2703 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2704 }
2705
bdb6d971 2706 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2707
09fd0de5 2708 hci_dev_unlock(hdev);
55ed8ca1 2709
a492cd52 2710 return 0;
55ed8ca1
JH		 2711}
2712
b1078ad0 2713static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2714 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2715{
2716 struct mgmt_ev_device_unpaired ev;
2717
2718 bacpy(&ev.addr.bdaddr, bdaddr);
2719 ev.addr.type = addr_type;
2720
2721 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2722 skip_sk);
b1078ad0
JH		 2723}
2724
bdb6d971 2725static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2726 u16 len)
55ed8ca1 2727{
124f6e35
JH		 2728 struct mgmt_cp_unpair_device *cp = data;
2729 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2730 struct hci_cp_disconnect dc;
2731 struct pending_cmd *cmd;
55ed8ca1 2732 struct hci_conn *conn;
55ed8ca1
JH		 2733 int err;
2734
a8a1d19e 2735 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2736 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2737 rp.addr.type = cp->addr.type;
a8a1d19e 2738
4ee71b20
JH		 2739 if (!bdaddr_type_is_valid(cp->addr.type))
2740 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2741 MGMT_STATUS_INVALID_PARAMS,
2742 &rp, sizeof(rp));
2743
118da70b
JH		 2744 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2745 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2746 MGMT_STATUS_INVALID_PARAMS,
2747 &rp, sizeof(rp));
2748
4ee71b20
JH		 2749 hci_dev_lock(hdev);
2750
86a8cfc6 2751 if (!hdev_is_powered(hdev)) {
bdb6d971 2752 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2753 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2754 goto unlock;
2755 }
2756
e0b2b27e 2757 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2758 /* If disconnection is requested, then look up the
2759 * connection. If the remote device is connected, it
2760 * will be later used to terminate the link.
2761 *
2762 * Setting it to NULL explicitly will cause no
2763 * termination of the link.
2764 */
2765 if (cp->disconnect)
2766 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2767 &cp->addr.bdaddr);
2768 else
2769 conn = NULL;
2770
124f6e35 2771 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2772 } else {
2773 u8 addr_type;
2774
89cbb063
AA		 2775 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2776 &cp->addr.bdaddr);
2777 if (conn) {
2778 /* Defer clearing up the connection parameters
2779 * until closing to give a chance of keeping
2780 * them if a repairing happens.
2781 */
2782 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2783
2784 /* If disconnection is not requested, then
2785 * clear the connection variable so that the
2786 * link is not terminated.
2787 */
2788 if (!cp->disconnect)
2789 conn = NULL;
2790 }
2791
e0b2b27e
JH		 2792 if (cp->addr.type == BDADDR_LE_PUBLIC)
2793 addr_type = ADDR_LE_DEV_PUBLIC;
2794 else
2795 addr_type = ADDR_LE_DEV_RANDOM;
2796
a7ec7338
JH		 2797 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2798
e0b2b27e
JH		 2799 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2800 }
b0dbfb46 2801
55ed8ca1 2802 if (err < 0) {
bdb6d971 2803 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2804 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2805 goto unlock;
2806 }
2807
89cbb063
AA		 2808 /* If the connection variable is set, then termination of the
2809 * link is requested.
2810 */
a8a1d19e 2811 if (!conn) {
bdb6d971 2812 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2813 &rp, sizeof(rp));
b1078ad0 2814 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2815 goto unlock;
2816 }
55ed8ca1 2817
124f6e35 2818 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2819 sizeof(*cp));
a8a1d19e
JH		 2820 if (!cmd) {
2821 err = -ENOMEM;
2822 goto unlock;
55ed8ca1
JH		 2823 }
2824
d8b7b1e4
JH		 2825 cmd->cmd_complete = addr_cmd_complete;
2826
eb55ef07 2827 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2828 dc.reason = 0x13; /* Remote User Terminated Connection */
2829 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2830 if (err < 0)
2831 mgmt_pending_remove(cmd);
2832
55ed8ca1 2833unlock:
09fd0de5 2834 hci_dev_unlock(hdev);
55ed8ca1
JH		 2835 return err;
2836}
2837
bdb6d971 2838static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2839 u16 len)
8962ee74 2840{
650f726d 2841 struct mgmt_cp_disconnect *cp = data;
06a63b19 2842 struct mgmt_rp_disconnect rp;
366a0336 2843 struct pending_cmd *cmd;
8962ee74 2844 struct hci_conn *conn;
8962ee74
JH		 2845 int err;
2846
2847 BT_DBG("");
2848
06a63b19
JH		 2849 memset(&rp, 0, sizeof(rp));
2850 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2851 rp.addr.type = cp->addr.type;
2852
4ee71b20 2853 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2854 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2855 MGMT_STATUS_INVALID_PARAMS,
2856 &rp, sizeof(rp));
4ee71b20 2857
09fd0de5 2858 hci_dev_lock(hdev);
8962ee74
JH		 2859
2860 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2861 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2862 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2863 goto failed;
2864 }
2865
2e58ef3e 2866 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2867 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2868 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2869 goto failed;
2870 }
2871
591f47f3 2872 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2874 &cp->addr.bdaddr);
88c3df13
JH		 2875 else
2876 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2877
f960727e 2878 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2879 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2880 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2881 goto failed;
2882 }
2883
2e58ef3e 2884 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2885 if (!cmd) {
2886 err = -ENOMEM;
8962ee74 2887 goto failed;
366a0336 2888 }
8962ee74 2889
f5818c22
JH		 2890 cmd->cmd_complete = generic_cmd_complete;
2891
e3f2f92a 2892 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2893 if (err < 0)
a664b5bc 2894 mgmt_pending_remove(cmd);
8962ee74
JH		 2895
2896failed:
09fd0de5 2897 hci_dev_unlock(hdev);
8962ee74
JH		 2898 return err;
2899}
2900
57c1477c 2901static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2902{
2903 switch (link_type) {
2904 case LE_LINK:
48264f06
JH		 2905 switch (addr_type) {
2906 case ADDR_LE_DEV_PUBLIC:
591f47f3 2907 return BDADDR_LE_PUBLIC;
0ed09148 2908
48264f06 2909 default:
0ed09148 2910 /* Fallback to LE Random address type */
591f47f3 2911 return BDADDR_LE_RANDOM;
48264f06 2912 }
0ed09148 2913
4c659c39 2914 default:
0ed09148 2915 /* Fallback to BR/EDR type */
591f47f3 2916 return BDADDR_BREDR;
4c659c39
JH		 2917 }
2918}
2919
04124681
GP		 2920static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2921 u16 data_len)
2784eb41 2922{
2784eb41 2923 struct mgmt_rp_get_connections *rp;
8035ded4 2924 struct hci_conn *c;
a38528f1 2925 size_t rp_len;
60fc5fb6
JH		 2926 int err;
2927 u16 i;
2784eb41
JH		 2928
2929 BT_DBG("");
2930
09fd0de5 2931 hci_dev_lock(hdev);
2784eb41 2932
5f97c1df 2933 if (!hdev_is_powered(hdev)) {
bdb6d971 2934 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2935 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2936 goto unlock;
2937 }
2938
60fc5fb6 2939 i = 0;
b644ba33
JH		 2940 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2941 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2942 i++;
2784eb41
JH		 2943 }
2944
60fc5fb6 2945 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2946 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2947 if (!rp) {
2784eb41
JH		 2948 err = -ENOMEM;
2949 goto unlock;
2950 }
2951
2784eb41 2952 i = 0;
4c659c39 2953 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2954 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2955 continue;
4c659c39 2956 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2957 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2958 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2959 continue;
2960 i++;
2961 }
2962
eb55ef07 2963 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2964
4c659c39
JH		 2965 /* Recalculate length in case of filtered SCO connections, etc */
2966 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2967
bdb6d971 2968 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2969 rp_len);
2784eb41 2970
a38528f1 2971 kfree(rp);
5f97c1df
JH		 2972
2973unlock:
09fd0de5 2974 hci_dev_unlock(hdev);
2784eb41
JH		 2975 return err;
2976}
2977
bdb6d971 2978static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2979 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2980{
2981 struct pending_cmd *cmd;
2982 int err;
2983
2e58ef3e 2984 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2985 sizeof(*cp));
96d97a67
WR		 2986 if (!cmd)
2987 return -ENOMEM;
2988
d8457698 2989 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2990 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2991 if (err < 0)
2992 mgmt_pending_remove(cmd);
2993
2994 return err;
2995}
2996
bdb6d971 2997static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2998 u16 len)
980e1a53 2999{
96d97a67 3000 struct hci_conn *conn;
650f726d 3001 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3002 struct hci_cp_pin_code_reply reply;
366a0336 3003 struct pending_cmd *cmd;
980e1a53
JH		 3004 int err;
3005
3006 BT_DBG("");
3007
09fd0de5 3008 hci_dev_lock(hdev);
980e1a53 3009
4b34ee78 3010 if (!hdev_is_powered(hdev)) {
bdb6d971 3011 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3012 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3013 goto failed;
3014 }
3015
d8457698 3016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3017 if (!conn) {
bdb6d971 3018 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3019 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3020 goto failed;
3021 }
3022
3023 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3024 struct mgmt_cp_pin_code_neg_reply ncp;
3025
3026 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3027
3028 BT_ERR("PIN code is not 16 bytes long");
3029
bdb6d971 3030 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3031 if (err >= 0)
bdb6d971 3032 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3033 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3034
3035 goto failed;
3036 }
3037
00abfe44 3038 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3039 if (!cmd) {
3040 err = -ENOMEM;
980e1a53 3041 goto failed;
366a0336 3042 }
980e1a53 3043
7776d1d8
JH		 3044 cmd->cmd_complete = addr_cmd_complete;
3045
d8457698 3046 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3047 reply.pin_len = cp->pin_len;
24718ca5 3048 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3049
3050 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3051 if (err < 0)
a664b5bc 3052 mgmt_pending_remove(cmd);
980e1a53
JH		 3053
3054failed:
09fd0de5 3055 hci_dev_unlock(hdev);
980e1a53
JH		 3056 return err;
3057}
3058
04124681
GP		 3059static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3060 u16 len)
17fa4b9d 3061{
650f726d 3062 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3063
3064 BT_DBG("");
3065
4ec86d4c
JH		 3066 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3067 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3068 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3069
09fd0de5 3070 hci_dev_lock(hdev);
17fa4b9d
JH		 3071
3072 hdev->io_capability = cp->io_capability;
3073
3074 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3075 hdev->io_capability);
17fa4b9d 3076
09fd0de5 3077 hci_dev_unlock(hdev);
17fa4b9d 3078
04124681
GP		 3079 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3080 0);
17fa4b9d
JH		 3081}
3082
6039aa73 3083static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3084{
3085 struct hci_dev *hdev = conn->hdev;
8035ded4 3086 struct pending_cmd *cmd;
e9a416b5 3087
2e58ef3e 3088 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3089 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3090 continue;
3091
e9a416b5
JH		 3092 if (cmd->user_data != conn)
3093 continue;
3094
3095 return cmd;
3096 }
3097
3098 return NULL;
3099}
3100
9df74653 3101static int pairing_complete(struct pending_cmd *cmd, u8 status)
e9a416b5
JH		 3102{
3103 struct mgmt_rp_pair_device rp;
3104 struct hci_conn *conn = cmd->user_data;
9df74653 3105 int err;
e9a416b5 3106
61b1a7fb
JH		 3107 bacpy(&rp.addr.bdaddr, &conn->dst);
3108 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3109
9df74653
JH		 3110 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3111 &rp, sizeof(rp));
e9a416b5
JH		 3112
3113 /* So we don't get further callbacks for this connection */
3114 conn->connect_cfm_cb = NULL;
3115 conn->security_cfm_cb = NULL;
3116 conn->disconn_cfm_cb = NULL;
3117
76a68ba0 3118 hci_conn_drop(conn);
89cbb063
AA		 3119
3120 /* The device is paired so there is no need to remove
3121 * its connection parameters anymore.
3122 */
3123 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3124
3125 hci_conn_put(conn);
9df74653
JH		 3126
3127 return err;
e9a416b5
JH		 3128}
3129
f4a407be
JH		 3130void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3131{
3132 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3133 struct pending_cmd *cmd;
3134
3135 cmd = find_pairing(conn);
a511b35b 3136 if (cmd) {
04ab2749 3137 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3138 mgmt_pending_remove(cmd);
3139 }
f4a407be
JH		 3140}
3141
e9a416b5
JH		 3142static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3143{
3144 struct pending_cmd *cmd;
3145
3146 BT_DBG("status %u", status);
3147
3148 cmd = find_pairing(conn);
a511b35b 3149 if (!cmd) {
e9a416b5 3150 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3151 return;
3152 }
3153
3154 cmd->cmd_complete(cmd, mgmt_status(status));
3155 mgmt_pending_remove(cmd);
e9a416b5
JH		 3156}
3157
f4a407be 3158static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3159{
3160 struct pending_cmd *cmd;
3161
3162 BT_DBG("status %u", status);
3163
3164 if (!status)
3165 return;
3166
3167 cmd = find_pairing(conn);
a511b35b 3168 if (!cmd) {
4c47d739 3169 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3170 return;
3171 }
3172
3173 cmd->cmd_complete(cmd, mgmt_status(status));
3174 mgmt_pending_remove(cmd);
4c47d739
VA		 3175}
3176
bdb6d971 3177static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3178 u16 len)
e9a416b5 3179{
650f726d 3180 struct mgmt_cp_pair_device *cp = data;
1425acb7 3181 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3182 struct pending_cmd *cmd;
3183 u8 sec_level, auth_type;
3184 struct hci_conn *conn;
e9a416b5
JH		 3185 int err;
3186
3187 BT_DBG("");
3188
f950a30e
SJ		 3189 memset(&rp, 0, sizeof(rp));
3190 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3191 rp.addr.type = cp->addr.type;
3192
4ee71b20
JH		 3193 if (!bdaddr_type_is_valid(cp->addr.type))
3194 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3195 MGMT_STATUS_INVALID_PARAMS,
3196 &rp, sizeof(rp));
3197
4ec86d4c
JH		 3198 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3199 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3200 MGMT_STATUS_INVALID_PARAMS,
3201 &rp, sizeof(rp));
3202
09fd0de5 3203 hci_dev_lock(hdev);
e9a416b5 3204
5f97c1df 3205 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3206 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3207 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3208 goto unlock;
3209 }
3210
c908df36 3211 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3212 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3213
6f77d8c7 3214 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3215 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3216 auth_type);
6f77d8c7
AG		 3217 } else {
3218 u8 addr_type;
3219
3220 /* Convert from L2CAP channel address type to HCI address type
3221 */
3222 if (cp->addr.type == BDADDR_LE_PUBLIC)
3223 addr_type = ADDR_LE_DEV_PUBLIC;
3224 else
3225 addr_type = ADDR_LE_DEV_RANDOM;
3226
7c264b10
MH		 3227 /* When pairing a new device, it is expected to remember
3228 * this device for future connections. Adding the connection
3229 * parameter information ahead of time allows tracking
3230 * of the slave preferred values and will speed up any
3231 * further connection establishment.
3232 *
3233 * If connection parameters already exist, then they
3234 * will be kept and this function does nothing.
3235 */
3236 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3237
6f77d8c7 3238 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3239 sec_level, HCI_LE_CONN_TIMEOUT,
3240 HCI_ROLE_MASTER);
6f77d8c7 3241 }
7a512d01 3242
30e76272 3243 if (IS_ERR(conn)) {
489dc48e
AK		 3244 int status;
3245
3246 if (PTR_ERR(conn) == -EBUSY)
3247 status = MGMT_STATUS_BUSY;
3248 else
3249 status = MGMT_STATUS_CONNECT_FAILED;
3250
bdb6d971 3251 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3252 status, &rp,
04124681 3253 sizeof(rp));
e9a416b5
JH		 3254 goto unlock;
3255 }
3256
3257 if (conn->connect_cfm_cb) {
76a68ba0 3258 hci_conn_drop(conn);
bdb6d971 3259 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3260 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3261 goto unlock;
3262 }
3263
2e58ef3e 3264 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3265 if (!cmd) {
3266 err = -ENOMEM;
76a68ba0 3267 hci_conn_drop(conn);
e9a416b5
JH		 3268 goto unlock;
3269 }
3270
04ab2749
JH		 3271 cmd->cmd_complete = pairing_complete;
3272
7a512d01 3273 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3274 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3275 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3276 conn->security_cfm_cb = pairing_complete_cb;
3277 conn->disconn_cfm_cb = pairing_complete_cb;
3278 } else {
3279 conn->connect_cfm_cb = le_pairing_complete_cb;
3280 conn->security_cfm_cb = le_pairing_complete_cb;
3281 conn->disconn_cfm_cb = le_pairing_complete_cb;
3282 }
7a512d01 3283
e9a416b5 3284 conn->io_capability = cp->io_cap;
f8aaf9b6 3285 cmd->user_data = hci_conn_get(conn);
e9a416b5 3286
6f78fd4b 3287 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3288 hci_conn_security(conn, sec_level, auth_type, true)) {
3289 cmd->cmd_complete(cmd, 0);
3290 mgmt_pending_remove(cmd);
3291 }
e9a416b5
JH		 3292
3293 err = 0;
3294
3295unlock:
09fd0de5 3296 hci_dev_unlock(hdev);
e9a416b5
JH		 3297 return err;
3298}
3299
04124681
GP		 3300static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3301 u16 len)
28424707 3302{
0f4e68cf 3303 struct mgmt_addr_info *addr = data;
28424707
JH		 3304 struct pending_cmd *cmd;
3305 struct hci_conn *conn;
3306 int err;
3307
3308 BT_DBG("");
3309
28424707
JH		 3310 hci_dev_lock(hdev);
3311
5f97c1df 3312 if (!hdev_is_powered(hdev)) {
bdb6d971 3313 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3314 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3315 goto unlock;
3316 }
3317
28424707
JH		 3318 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3319 if (!cmd) {
bdb6d971 3320 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3321 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3322 goto unlock;
3323 }
3324
3325 conn = cmd->user_data;
3326
3327 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3328 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3329 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3330 goto unlock;
3331 }
3332
a511b35b
JH		 3333 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3334 mgmt_pending_remove(cmd);
28424707 3335
bdb6d971 3336 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3337 addr, sizeof(*addr));
28424707
JH		 3338unlock:
3339 hci_dev_unlock(hdev);
28424707
JH		 3340 return err;
3341}
3342
bdb6d971 3343static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3344 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3345 u16 hci_op, __le32 passkey)
a5c29683 3346{
a5c29683 3347 struct pending_cmd *cmd;
0df4c185 3348 struct hci_conn *conn;
a5c29683
JH		 3349 int err;
3350
09fd0de5 3351 hci_dev_lock(hdev);
08ba5382 3352
4b34ee78 3353 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3354 err = cmd_complete(sk, hdev->id, mgmt_op,
3355 MGMT_STATUS_NOT_POWERED, addr,
3356 sizeof(*addr));
0df4c185 3357 goto done;
a5c29683
JH		 3358 }
3359
1707c60e
JH		 3360 if (addr->type == BDADDR_BREDR)
3361 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3362 else
1707c60e 3363 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3364
3365 if (!conn) {
feb94d3d
JH		 3366 err = cmd_complete(sk, hdev->id, mgmt_op,
3367 MGMT_STATUS_NOT_CONNECTED, addr,
3368 sizeof(*addr));
272d90df
JH		 3369 goto done;
3370 }
47c15e2b 3371
1707c60e 3372 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3373 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3374 if (!err)
feb94d3d
JH		 3375 err = cmd_complete(sk, hdev->id, mgmt_op,
3376 MGMT_STATUS_SUCCESS, addr,
3377 sizeof(*addr));
5fe57d9e 3378 else
feb94d3d
JH		 3379 err = cmd_complete(sk, hdev->id, mgmt_op,
3380 MGMT_STATUS_FAILED, addr,
3381 sizeof(*addr));
47c15e2b 3382
47c15e2b
BG		 3383 goto done;
3384 }
3385
1707c60e 3386 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3387 if (!cmd) {
3388 err = -ENOMEM;
0df4c185 3389 goto done;
a5c29683
JH		 3390 }
3391
7776d1d8
JH		 3392 cmd->cmd_complete = addr_cmd_complete;
3393
0df4c185 3394 /* Continue with pairing via HCI */
604086b7
BG		 3395 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3396 struct hci_cp_user_passkey_reply cp;
3397
1707c60e 3398 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3399 cp.passkey = passkey;
3400 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3401 } else
1707c60e
JH		 3402 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3403 &addr->bdaddr);
604086b7 3404
a664b5bc
JH		 3405 if (err < 0)
3406 mgmt_pending_remove(cmd);
a5c29683 3407
0df4c185 3408done:
09fd0de5 3409 hci_dev_unlock(hdev);
a5c29683
JH		 3410 return err;
3411}
3412
afeb019d
JK		 3413static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3414 void *data, u16 len)
3415{
3416 struct mgmt_cp_pin_code_neg_reply *cp = data;
3417
3418 BT_DBG("");
3419
1707c60e 3420 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3421 MGMT_OP_PIN_CODE_NEG_REPLY,
3422 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3423}
3424
04124681
GP		 3425static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3426 u16 len)
0df4c185 3427{
650f726d 3428 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3429
3430 BT_DBG("");
3431
3432 if (len != sizeof(*cp))
bdb6d971 3433 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3434 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3435
1707c60e 3436 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3437 MGMT_OP_USER_CONFIRM_REPLY,
3438 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3439}
3440
bdb6d971 3441static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3442 void *data, u16 len)
0df4c185 3443{
c9c2659f 3444 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3445
3446 BT_DBG("");
3447
1707c60e 3448 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3449 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3450 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3451}
3452
04124681
GP		 3453static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3454 u16 len)
604086b7 3455{
650f726d 3456 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3457
3458 BT_DBG("");
3459
1707c60e 3460 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3461 MGMT_OP_USER_PASSKEY_REPLY,
3462 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3463}
3464
bdb6d971 3465static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3466 void *data, u16 len)
604086b7 3467{
650f726d 3468 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3469
3470 BT_DBG("");
3471
1707c60e 3472 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3473 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3474 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3475}
3476
13928971 3477static void update_name(struct hci_request *req)
2b4bf397 3478{
13928971 3479 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3480 struct hci_cp_write_local_name cp;
3481
13928971 3482 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3483
890ea898 3484 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3485}
3486
13928971
JH		 3487static void set_name_complete(struct hci_dev *hdev, u8 status)
3488{
3489 struct mgmt_cp_set_local_name *cp;
3490 struct pending_cmd *cmd;
3491
3492 BT_DBG("status 0x%02x", status);
3493
3494 hci_dev_lock(hdev);
3495
3496 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3497 if (!cmd)
3498 goto unlock;
3499
3500 cp = cmd->param;
3501
3502 if (status)
3503 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3504 mgmt_status(status));
3505 else
3506 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3507 cp, sizeof(*cp));
3508
3509 mgmt_pending_remove(cmd);
3510
3511unlock:
3512 hci_dev_unlock(hdev);
3513}
3514
bdb6d971 3515static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3516 u16 len)
b312b161 3517{
2b4bf397 3518 struct mgmt_cp_set_local_name *cp = data;
b312b161 3519 struct pending_cmd *cmd;
890ea898 3520 struct hci_request req;
b312b161
JH		 3521 int err;
3522
3523 BT_DBG("");
3524
09fd0de5 3525 hci_dev_lock(hdev);
b312b161 3526
b3f2ca94
JH		 3527 /* If the old values are the same as the new ones just return a
3528 * direct command complete event.
3529 */
3530 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3531 !memcmp(hdev->short_name, cp->short_name,
3532 sizeof(hdev->short_name))) {
3533 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3534 data, len);
3535 goto failed;
3536 }
3537
2b4bf397 3538 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3539
b5235a65 3540 if (!hdev_is_powered(hdev)) {
2b4bf397 3541 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3542
3543 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3544 data, len);
28cc7bde
JH		 3545 if (err < 0)
3546 goto failed;
3547
3548 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3549 sk);
28cc7bde 3550
b5235a65
JH		 3551 goto failed;
3552 }
3553
28cc7bde 3554 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3555 if (!cmd) {
3556 err = -ENOMEM;
3557 goto failed;
3558 }
3559
13928971
JH		 3560 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3561
890ea898 3562 hci_req_init(&req, hdev);
3f985050
JH		 3563
3564 if (lmp_bredr_capable(hdev)) {
3565 update_name(&req);
3566 update_eir(&req);
3567 }
3568
7a5f4990
MH		 3569 /* The name is stored in the scan response data and so
3570 * no need to udpate the advertising data here.
3571 */
3f985050 3572 if (lmp_le_capable(hdev))
7a5f4990 3573 update_scan_rsp_data(&req);
3f985050 3574
13928971 3575 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3576 if (err < 0)
3577 mgmt_pending_remove(cmd);
3578
3579failed:
09fd0de5 3580 hci_dev_unlock(hdev);
b312b161
JH		 3581 return err;
3582}
3583
0f4e68cf 3584static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3585 void *data, u16 data_len)
c35938b2 3586{
c35938b2
SJ		 3587 struct pending_cmd *cmd;
3588 int err;
3589
bdb6d971 3590 BT_DBG("%s", hdev->name);
c35938b2 3591
09fd0de5 3592 hci_dev_lock(hdev);
c35938b2 3593
4b34ee78 3594 if (!hdev_is_powered(hdev)) {
bdb6d971 3595 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3596 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3597 goto unlock;
3598 }
3599
9a1a1996 3600 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3601 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3602 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3603 goto unlock;
3604 }
3605
2e58ef3e 3606 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3607 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3608 MGMT_STATUS_BUSY);
c35938b2
SJ		 3609 goto unlock;
3610 }
3611
2e58ef3e 3612 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3613 if (!cmd) {
3614 err = -ENOMEM;
3615 goto unlock;
3616 }
3617
710f11c0 3618 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3619 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3620 0, NULL);
3621 else
3622 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3623
c35938b2
SJ		 3624 if (err < 0)
3625 mgmt_pending_remove(cmd);
3626
3627unlock:
09fd0de5 3628 hci_dev_unlock(hdev);
c35938b2
SJ		 3629 return err;
3630}
3631
bdb6d971 3632static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3633 void *data, u16 len)
2763eda6 3634{
2763eda6
SJ		 3635 int err;
3636
bdb6d971 3637 BT_DBG("%s ", hdev->name);
2763eda6 3638
09fd0de5 3639 hci_dev_lock(hdev);
2763eda6 3640
ec109113
MH		 3641 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3642 struct mgmt_cp_add_remote_oob_data *cp = data;
3643 u8 status;
bf1e3541 3644
c19a495c
JH		 3645 if (cp->addr.type != BDADDR_BREDR) {
3646 err = cmd_complete(sk, hdev->id,
3647 MGMT_OP_ADD_REMOTE_OOB_DATA,
3648 MGMT_STATUS_INVALID_PARAMS,
3649 &cp->addr, sizeof(cp->addr));
3650 goto unlock;
3651 }
3652
ec109113 3653 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3654 cp->addr.type, cp->hash,
3655 cp->rand, NULL, NULL);
ec109113
MH		 3656 if (err < 0)
3657 status = MGMT_STATUS_FAILED;
3658 else
3659 status = MGMT_STATUS_SUCCESS;
3660
3661 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3662 status, &cp->addr, sizeof(cp->addr));
3663 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3664 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
86df9200 3665 u8 *rand192, *hash192;
ec109113
MH		 3666 u8 status;
3667
c19a495c
JH		 3668 if (cp->addr.type != BDADDR_BREDR) {
3669 err = cmd_complete(sk, hdev->id,
3670 MGMT_OP_ADD_REMOTE_OOB_DATA,
3671 MGMT_STATUS_INVALID_PARAMS,
3672 &cp->addr, sizeof(cp->addr));
3673 goto unlock;
3674 }
3675
86df9200
JH		 3676 if (bdaddr_type_is_le(cp->addr.type)) {
3677 rand192 = NULL;
3678 hash192 = NULL;
3679 } else {
3680 rand192 = cp->rand192;
3681 hash192 = cp->hash192;
3682 }
3683
81328d5c 3684 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200
JH		 3685 cp->addr.type, hash192, rand192,
3686 cp->hash256, cp->rand256);
ec109113
MH		 3687 if (err < 0)
3688 status = MGMT_STATUS_FAILED;
3689 else
3690 status = MGMT_STATUS_SUCCESS;
3691
3692 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3693 status, &cp->addr, sizeof(cp->addr));
3694 } else {
3695 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3696 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3697 MGMT_STATUS_INVALID_PARAMS);
3698 }
2763eda6 3699
c19a495c 3700unlock:
09fd0de5 3701 hci_dev_unlock(hdev);
2763eda6
SJ		 3702 return err;
3703}
3704
bdb6d971 3705static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3706 void *data, u16 len)
2763eda6 3707{
650f726d 3708 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3709 u8 status;
2763eda6
SJ		 3710 int err;
3711
bdb6d971 3712 BT_DBG("%s", hdev->name);
2763eda6 3713
c19a495c
JH		 3714 if (cp->addr.type != BDADDR_BREDR)
3715 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3716 MGMT_STATUS_INVALID_PARAMS,
3717 &cp->addr, sizeof(cp->addr));
3718
09fd0de5 3719 hci_dev_lock(hdev);
2763eda6 3720
eedbd581
JH		 3721 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3722 hci_remote_oob_data_clear(hdev);
3723 status = MGMT_STATUS_SUCCESS;
3724 goto done;
3725 }
3726
6928a924 3727 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3728 if (err < 0)
bf1e3541 3729 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3730 else
a6785be2 3731 status = MGMT_STATUS_SUCCESS;
bf1e3541 3732
eedbd581 3733done:
bdb6d971 3734 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3735 status, &cp->addr, sizeof(cp->addr));
2763eda6 3736
09fd0de5 3737 hci_dev_unlock(hdev);
2763eda6
SJ		 3738 return err;
3739}
3740
8019044d 3741static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3742{
8019044d
MH		 3743 struct hci_dev *hdev = req->hdev;
3744 struct hci_cp_le_set_scan_param param_cp;
3745 struct hci_cp_le_set_scan_enable enable_cp;
3746 struct hci_cp_inquiry inq_cp;
3747 /* General inquiry access code (GIAC) */
3748 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3749 u8 own_addr_type;
41dc2bd6
AG		 3750 int err;
3751
8019044d
MH		 3752 switch (hdev->discovery.type) {
3753 case DISCOV_TYPE_BREDR:
3754 *status = mgmt_bredr_support(hdev);
3755 if (*status)
3756 return false;
41dc2bd6 3757
8019044d
MH		 3758 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3759 *status = MGMT_STATUS_BUSY;
3760 return false;
3761 }
41dc2bd6 3762
8019044d 3763 hci_inquiry_cache_flush(hdev);
41dc2bd6 3764
8019044d
MH		 3765 memset(&inq_cp, 0, sizeof(inq_cp));
3766 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3767 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3768 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3769 break;
41dc2bd6 3770
8019044d
MH		 3771 case DISCOV_TYPE_LE:
3772 case DISCOV_TYPE_INTERLEAVED:
3773 *status = mgmt_le_support(hdev);
3774 if (*status)
3775 return false;
3776
3777 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3778 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3779 *status = MGMT_STATUS_NOT_SUPPORTED;
3780 return false;
3781 }
3782
3783 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3784 /* Don't let discovery abort an outgoing
3785 * connection attempt that's using directed
3786 * advertising.
3787 */
3788 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3789 BT_CONNECT)) {
3790 *status = MGMT_STATUS_REJECTED;
3791 return false;
3792 }
3793
3794 disable_advertising(req);
3795 }
3796
3797 /* If controller is scanning, it means the background scanning
3798 * is running. Thus, we should temporarily stop it in order to
3799 * set the discovery scanning parameters.
3800 */
3801 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3802 hci_req_add_le_scan_disable(req);
3803
3804 memset(&param_cp, 0, sizeof(param_cp));
3805
3806 /* All active scans will be done with either a resolvable
3807 * private address (when privacy feature has been enabled)
9437d2ed 3808 * or non-resolvable private address.
8019044d
MH		 3809 */
3810 err = hci_update_random_address(req, true, &own_addr_type);
3811 if (err < 0) {
3812 *status = MGMT_STATUS_FAILED;
3813 return false;
3814 }
3815
3816 param_cp.type = LE_SCAN_ACTIVE;
3817 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3818 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3819 param_cp.own_address_type = own_addr_type;
3820 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3821 &param_cp);
3822
3823 memset(&enable_cp, 0, sizeof(enable_cp));
3824 enable_cp.enable = LE_SCAN_ENABLE;
3825 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3826 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3827 &enable_cp);
3828 break;
3829
3830 default:
3831 *status = MGMT_STATUS_INVALID_PARAMS;
3832 return false;
3833 }
3834
3835 return true;
41dc2bd6
AG		 3836}
3837
7c307720
AG		 3838static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3839{
41dc2bd6 3840 struct pending_cmd *cmd;
11e6e25d 3841 unsigned long timeout;
ae55f598 3842
7c307720
AG		 3843 BT_DBG("status %d", status);
3844
11e6e25d 3845 hci_dev_lock(hdev);
41dc2bd6 3846
11e6e25d 3847 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3848 if (!cmd)
3849 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3850
11e6e25d 3851 if (cmd) {
2922a94f 3852 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3853 mgmt_pending_remove(cmd);
3854 }
7c307720
AG		 3855
3856 if (status) {
11e6e25d
MH		 3857 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3858 goto unlock;
7c307720
AG		 3859 }
3860
7c307720 3861 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720
AG		 3862
3863 switch (hdev->discovery.type) {
3864 case DISCOV_TYPE_LE:
3d5a76f0 3865 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3866 break;
7c307720 3867 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3868 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3869 break;
7c307720 3870 case DISCOV_TYPE_BREDR:
11e6e25d 3871 timeout = 0;
7c307720 3872 break;
7c307720
AG		 3873 default:
3874 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3875 timeout = 0;
3876 break;
7c307720 3877 }
ae55f598 3878
11e6e25d
MH		 3879 if (timeout)
3880 queue_delayed_work(hdev->workqueue,
3881 &hdev->le_scan_disable, timeout);
ae55f598 3882
11e6e25d
MH		 3883unlock:
3884 hci_dev_unlock(hdev);
7c307720
AG		 3885}
3886
bdb6d971 3887static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3888 void *data, u16 len)
14a53664 3889{
650f726d 3890 struct mgmt_cp_start_discovery *cp = data;
14a53664 3891 struct pending_cmd *cmd;
7c307720 3892 struct hci_request req;
8019044d 3893 u8 status;
14a53664
JH		 3894 int err;
3895
bdb6d971 3896 BT_DBG("%s", hdev->name);
14a53664 3897
09fd0de5 3898 hci_dev_lock(hdev);
14a53664 3899
4b34ee78 3900 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3901 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3902 MGMT_STATUS_NOT_POWERED,
3903 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3904 goto failed;
3905 }
3906
f5a969f2
MH		 3907 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3908 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3909 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3910 MGMT_STATUS_BUSY, &cp->type,
3911 sizeof(cp->type));
642be6c7
AG		 3912 goto failed;
3913 }
3914
2922a94f 3915 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 3916 if (!cmd) {
3917 err = -ENOMEM;
3918 goto failed;
3919 }
3920
2922a94f
JH		 3921 cmd->cmd_complete = generic_cmd_complete;
3922
22078800
MH		 3923 /* Clear the discovery filter first to free any previously
3924 * allocated memory for the UUID list.
3925 */
3926 hci_discovery_filter_clear(hdev);
3927
4aab14e5 3928 hdev->discovery.type = cp->type;
da25cf6a 3929 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3930
7c307720
AG		 3931 hci_req_init(&req, hdev);
3932
8019044d 3933 if (!trigger_discovery(&req, &status)) {
a736abc1 3934 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
8019044d 3935 status, &cp->type, sizeof(cp->type));
04106755
JH		 3936 mgmt_pending_remove(cmd);
3937 goto failed;
f39799f5 3938 }
04106755 3939
7c307720 3940 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3941 if (err < 0) {
14a53664 3942 mgmt_pending_remove(cmd);
f5a969f2
MH		 3943 goto failed;
3944 }
7c307720 3945
f5a969f2 3946 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 3947
14a53664 3948failed:
09fd0de5 3949 hci_dev_unlock(hdev);
14a53664
JH		 3950 return err;
3951}
f39799f5 3952
9df74653 3953static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
2922a94f 3954{
9df74653
JH		 3955 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3956 cmd->param, 1);
2922a94f 3957}
04106755 3958
66ea9427
JP		 3959static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3960 void *data, u16 len)
3961{
3962 struct mgmt_cp_start_service_discovery *cp = data;
3963 struct pending_cmd *cmd;
3964 struct hci_request req;
3965 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3966 u16 uuid_count, expected_len;
3967 u8 status;
3968 int err;
04106755 3969
66ea9427 3970 BT_DBG("%s", hdev->name);
e8bb6b97 3971
66ea9427 3972 hci_dev_lock(hdev);
7c307720 3973
66ea9427
JP		 3974 if (!hdev_is_powered(hdev)) {
3975 err = cmd_complete(sk, hdev->id,
3976 MGMT_OP_START_SERVICE_DISCOVERY,
3977 MGMT_STATUS_NOT_POWERED,
3978 &cp->type, sizeof(cp->type));
3979 goto failed;
3980 }
7c307720 3981
66ea9427
JP		 3982 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3983 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3984 err = cmd_complete(sk, hdev->id,
3985 MGMT_OP_START_SERVICE_DISCOVERY,
3986 MGMT_STATUS_BUSY, &cp->type,
3987 sizeof(cp->type));
3988 goto failed;
3989 }
d9483943 3990
66ea9427
JP		 3991 uuid_count = __le16_to_cpu(cp->uuid_count);
3992 if (uuid_count > max_uuid_count) {
3993 BT_ERR("service_discovery: too big uuid_count value %u",
3994 uuid_count);
3995 err = cmd_complete(sk, hdev->id,
3996 MGMT_OP_START_SERVICE_DISCOVERY,
3997 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3998 sizeof(cp->type));
3999 goto failed;
4000 }
4001
4002 expected_len = sizeof(*cp) + uuid_count * 16;
4003 if (expected_len != len) {
4004 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4005 expected_len, len);
4006 err = cmd_complete(sk, hdev->id,
4007 MGMT_OP_START_SERVICE_DISCOVERY,
4008 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4009 sizeof(cp->type));
4010 goto failed;
4011 }
4012
4013 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4014 hdev, data, len);
66ea9427
JP		 4015 if (!cmd) {
4016 err = -ENOMEM;
4017 goto failed;
4018 }
4019
2922a94f
JH		 4020 cmd->cmd_complete = service_discovery_cmd_complete;
4021
22078800
MH		 4022 /* Clear the discovery filter first to free any previously
4023 * allocated memory for the UUID list.
4024 */
4025 hci_discovery_filter_clear(hdev);
4026
66ea9427
JP		 4027 hdev->discovery.type = cp->type;
4028 hdev->discovery.rssi = cp->rssi;
4029 hdev->discovery.uuid_count = uuid_count;
4030
4031 if (uuid_count > 0) {
4032 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4033 GFP_KERNEL);
4034 if (!hdev->discovery.uuids) {
a736abc1 4035 err = cmd_complete(sk, hdev->id,
66ea9427 4036 MGMT_OP_START_SERVICE_DISCOVERY,
a736abc1
SJ		 4037 MGMT_STATUS_FAILED,
4038 &cp->type, sizeof(cp->type));
d9483943
JH		 4039 mgmt_pending_remove(cmd);
4040 goto failed;
4041 }
66ea9427 4042 }
d9483943 4043
66ea9427 4044 hci_req_init(&req, hdev);
5e0452c0 4045
66ea9427
JP		 4046 if (!trigger_discovery(&req, &status)) {
4047 err = cmd_complete(sk, hdev->id,
4048 MGMT_OP_START_SERVICE_DISCOVERY,
4049 status, &cp->type, sizeof(cp->type));
04106755
JH		 4050 mgmt_pending_remove(cmd);
4051 goto failed;
f39799f5 4052 }
3fd24153 4053
7c307720 4054 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4055 if (err < 0) {
14a53664 4056 mgmt_pending_remove(cmd);
66ea9427
JP		 4057 goto failed;
4058 }
4059
4060 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4061
4062failed:
09fd0de5 4063 hci_dev_unlock(hdev);
14a53664
JH		 4064 return err;
4065}
4066
11e6e25d 4067static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca
AG		 4068{
4069 struct pending_cmd *cmd;
1183fdca 4070
0e05bba6
AG		 4071 BT_DBG("status %d", status);
4072
4073 hci_dev_lock(hdev);
4074
11e6e25d
MH		 4075 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4076 if (cmd) {
2922a94f 4077 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4078 mgmt_pending_remove(cmd);
0e05bba6
AG		 4079 }
4080
11e6e25d
MH		 4081 if (!status)
4082 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4083
0e05bba6
AG		 4084 hci_dev_unlock(hdev);
4085}
4086
bdb6d971 4087static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4088 u16 len)
14a53664 4089{
d930650b 4090 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 4091 struct pending_cmd *cmd;
0e05bba6 4092 struct hci_request req;
14a53664
JH		 4093 int err;
4094
bdb6d971 4095 BT_DBG("%s", hdev->name);
14a53664 4096
09fd0de5 4097 hci_dev_lock(hdev);
14a53664 4098
30dc78e1 4099 if (!hci_discovery_active(hdev)) {
bdb6d971 4100 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4101 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4102 sizeof(mgmt_cp->type));
d930650b
JH		 4103 goto unlock;
4104 }
4105
4106 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 4107 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4108 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4109 sizeof(mgmt_cp->type));
30dc78e1 4110 goto unlock;
ff9ef578
JH		 4111 }
4112
2922a94f 4113 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4114 if (!cmd) {
4115 err = -ENOMEM;
30dc78e1
JH		 4116 goto unlock;
4117 }
4118
2922a94f
JH		 4119 cmd->cmd_complete = generic_cmd_complete;
4120
0e05bba6
AG		 4121 hci_req_init(&req, hdev);
4122
21a60d30 4123 hci_stop_discovery(&req);
e0d9727e 4124
21a60d30
JH		 4125 err = hci_req_run(&req, stop_discovery_complete);
4126 if (!err) {
4127 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4128 goto unlock;
14a53664
JH		 4129 }
4130
21a60d30
JH		 4131 mgmt_pending_remove(cmd);
4132
4133 /* If no HCI commands were sent we're done */
4134 if (err == -ENODATA) {
4135 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4136 &mgmt_cp->type, sizeof(mgmt_cp->type));
4137 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4138 }
14a53664 4139
30dc78e1 4140unlock:
09fd0de5 4141 hci_dev_unlock(hdev);
14a53664
JH		 4142 return err;
4143}
4144
bdb6d971 4145static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4146 u16 len)
561aafbc 4147{
650f726d 4148 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4149 struct inquiry_entry *e;
561aafbc
JH		 4150 int err;
4151
bdb6d971 4152 BT_DBG("%s", hdev->name);
561aafbc 4153
561aafbc
JH		 4154 hci_dev_lock(hdev);
4155
30dc78e1 4156 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4157 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4158 MGMT_STATUS_FAILED, &cp->addr,
4159 sizeof(cp->addr));
30dc78e1
JH		 4160 goto failed;
4161 }
4162
a198e7b1 4163 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4164 if (!e) {
d3a2541d
LR		 4165 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4166 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4167 sizeof(cp->addr));
561aafbc
JH		 4168 goto failed;
4169 }
4170
4171 if (cp->name_known) {
4172 e->name_state = NAME_KNOWN;
4173 list_del(&e->list);
4174 } else {
4175 e->name_state = NAME_NEEDED;
a3d4e20a 4176 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4177 }
4178
e384662b
JH		 4179 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4180 sizeof(cp->addr));
561aafbc
JH		 4181
4182failed:
4183 hci_dev_unlock(hdev);
561aafbc
JH		 4184 return err;
4185}
4186
bdb6d971 4187static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4188 u16 len)
7fbec224 4189{
650f726d 4190 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4191 u8 status;
7fbec224
AJ		 4192 int err;
4193
bdb6d971 4194 BT_DBG("%s", hdev->name);
7fbec224 4195
4ee71b20 4196 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4197 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4198 MGMT_STATUS_INVALID_PARAMS,
4199 &cp->addr, sizeof(cp->addr));
4ee71b20 4200
09fd0de5 4201 hci_dev_lock(hdev);
5e762444 4202
dcc36c16
JH		 4203 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4204 cp->addr.type);
2a8357f2 4205 if (err < 0) {
f0eeea8b 4206 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4207 goto done;
4208 }
4209
4210 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4211 sk);
4212 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4213
2a8357f2 4214done:
bdb6d971 4215 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4216 &cp->addr, sizeof(cp->addr));
5e762444 4217
09fd0de5 4218 hci_dev_unlock(hdev);
7fbec224
AJ		 4219
4220 return err;
4221}
4222
bdb6d971 4223static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4224 u16 len)
7fbec224 4225{
650f726d 4226 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4227 u8 status;
7fbec224
AJ		 4228 int err;
4229
bdb6d971 4230 BT_DBG("%s", hdev->name);
7fbec224 4231
4ee71b20 4232 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4233 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4234 MGMT_STATUS_INVALID_PARAMS,
4235 &cp->addr, sizeof(cp->addr));
4ee71b20 4236
09fd0de5 4237 hci_dev_lock(hdev);
5e762444 4238
dcc36c16
JH		 4239 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4240 cp->addr.type);
2a8357f2 4241 if (err < 0) {
f0eeea8b 4242 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4243 goto done;
4244 }
4245
4246 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4247 sk);
4248 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4249
2a8357f2 4250done:
bdb6d971 4251 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4252 &cp->addr, sizeof(cp->addr));
5e762444 4253
09fd0de5 4254 hci_dev_unlock(hdev);
7fbec224
AJ		 4255
4256 return err;
4257}
4258
cdbaccca
MH		 4259static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4260 u16 len)
4261{
4262 struct mgmt_cp_set_device_id *cp = data;
890ea898 4263 struct hci_request req;
cdbaccca 4264 int err;
c72d4b8a 4265 __u16 source;
cdbaccca
MH		 4266
4267 BT_DBG("%s", hdev->name);
4268
c72d4b8a
SJ		 4269 source = __le16_to_cpu(cp->source);
4270
4271 if (source > 0x0002)
4272 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4273 MGMT_STATUS_INVALID_PARAMS);
4274
cdbaccca
MH		 4275 hci_dev_lock(hdev);
4276
c72d4b8a 4277 hdev->devid_source = source;
cdbaccca
MH		 4278 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4279 hdev->devid_product = __le16_to_cpu(cp->product);
4280 hdev->devid_version = __le16_to_cpu(cp->version);
4281
4282 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4283
890ea898
JH		 4284 hci_req_init(&req, hdev);
4285 update_eir(&req);
4286 hci_req_run(&req, NULL);
cdbaccca
MH		 4287
4288 hci_dev_unlock(hdev);
4289
4290 return err;
4291}
4292
4375f103
JH		 4293static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4294{
4295 struct cmd_lookup match = { NULL, hdev };
4296
3ad67582
JK		 4297 hci_dev_lock(hdev);
4298
4375f103
JH		 4299 if (status) {
4300 u8 mgmt_err = mgmt_status(status);
4301
4302 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4303 cmd_status_rsp, &mgmt_err);
3ad67582 4304 goto unlock;
4375f103
JH		 4305 }
4306
c93bd150
JH		 4307 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4308 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4309 else
4310 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4311
4375f103
JH		 4312 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4313 &match);
4314
4315 new_settings(hdev, match.sk);
4316
4317 if (match.sk)
4318 sock_put(match.sk);
3ad67582
JK		 4319
4320unlock:
4321 hci_dev_unlock(hdev);
4375f103
JH		 4322}
4323
21b5187f
MH		 4324static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4325 u16 len)
4375f103
JH		 4326{
4327 struct mgmt_mode *cp = data;
4328 struct pending_cmd *cmd;
4329 struct hci_request req;
e6fe7986 4330 u8 val, enabled, status;
4375f103
JH		 4331 int err;
4332
4333 BT_DBG("request for %s", hdev->name);
4334
e6fe7986
JH		 4335 status = mgmt_le_support(hdev);
4336 if (status)
4375f103 4337 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4338 status);
4375f103
JH		 4339
4340 if (cp->val != 0x00 && cp->val != 0x01)
4341 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4342 MGMT_STATUS_INVALID_PARAMS);
4343
4344 hci_dev_lock(hdev);
4345
4346 val = !!cp->val;
f3d3444a 4347 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4348
f74ca9b8
JH		 4349 /* The following conditions are ones which mean that we should
4350 * not do any HCI communication but directly send a mgmt
4351 * response to user space (after toggling the flag if
4352 * necessary).
4353 */
4354 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4355 hci_conn_num(hdev, LE_LINK) > 0 ||
4356 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4357 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4358 bool changed = false;
4359
f3d3444a
JH		 4360 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4361 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4362 changed = true;
4363 }
4364
4365 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4366 if (err < 0)
4367 goto unlock;
4368
4369 if (changed)
4370 err = new_settings(hdev, sk);
4371
4372 goto unlock;
4373 }
4374
4375 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4376 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4377 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4378 MGMT_STATUS_BUSY);
4379 goto unlock;
4380 }
4381
4382 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4383 if (!cmd) {
4384 err = -ENOMEM;
4385 goto unlock;
4386 }
4387
4388 hci_req_init(&req, hdev);
4389
bba3aa55
MH		 4390 if (val)
4391 enable_advertising(&req);
4392 else
4393 disable_advertising(&req);
4375f103
JH		 4394
4395 err = hci_req_run(&req, set_advertising_complete);
4396 if (err < 0)
4397 mgmt_pending_remove(cmd);
4398
4399unlock:
4400 hci_dev_unlock(hdev);
4401 return err;
4402}
4403
d13eafce
MH		 4404static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4405 void *data, u16 len)
4406{
4407 struct mgmt_cp_set_static_address *cp = data;
4408 int err;
4409
4410 BT_DBG("%s", hdev->name);
4411
62af4443 4412 if (!lmp_le_capable(hdev))
d13eafce 4413 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4414 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4415
4416 if (hdev_is_powered(hdev))
4417 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4418 MGMT_STATUS_REJECTED);
4419
4420 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4421 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4422 return cmd_status(sk, hdev->id,
4423 MGMT_OP_SET_STATIC_ADDRESS,
4424 MGMT_STATUS_INVALID_PARAMS);
4425
4426 /* Two most significant bits shall be set */
4427 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4428 return cmd_status(sk, hdev->id,
4429 MGMT_OP_SET_STATIC_ADDRESS,
4430 MGMT_STATUS_INVALID_PARAMS);
4431 }
4432
4433 hci_dev_lock(hdev);
4434
4435 bacpy(&hdev->static_addr, &cp->bdaddr);
4436
4437 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4438
4439 hci_dev_unlock(hdev);
4440
4441 return err;
4442}
4443
14b49b9a
MH		 4444static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4445 void *data, u16 len)
4446{
4447 struct mgmt_cp_set_scan_params *cp = data;
4448 __u16 interval, window;
4449 int err;
4450
4451 BT_DBG("%s", hdev->name);
4452
4453 if (!lmp_le_capable(hdev))
4454 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4455 MGMT_STATUS_NOT_SUPPORTED);
4456
4457 interval = __le16_to_cpu(cp->interval);
4458
4459 if (interval < 0x0004 || interval > 0x4000)
4460 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4461 MGMT_STATUS_INVALID_PARAMS);
4462
4463 window = __le16_to_cpu(cp->window);
4464
4465 if (window < 0x0004 || window > 0x4000)
4466 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4467 MGMT_STATUS_INVALID_PARAMS);
4468
899e1075
MH		 4469 if (window > interval)
4470 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4471 MGMT_STATUS_INVALID_PARAMS);
4472
14b49b9a
MH		 4473 hci_dev_lock(hdev);
4474
4475 hdev->le_scan_interval = interval;
4476 hdev->le_scan_window = window;
4477
4478 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4479
dd2ef8e2
AG		 4480 /* If background scan is running, restart it so new parameters are
4481 * loaded.
4482 */
4483 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4484 hdev->discovery.state == DISCOVERY_STOPPED) {
4485 struct hci_request req;
4486
4487 hci_req_init(&req, hdev);
4488
4489 hci_req_add_le_scan_disable(&req);
4490 hci_req_add_le_passive_scan(&req);
4491
4492 hci_req_run(&req, NULL);
4493 }
4494
14b49b9a
MH		 4495 hci_dev_unlock(hdev);
4496
4497 return err;
4498}
4499
33e38b3e
JH		 4500static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4501{
4502 struct pending_cmd *cmd;
4503
4504 BT_DBG("status 0x%02x", status);
4505
4506 hci_dev_lock(hdev);
4507
4508 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4509 if (!cmd)
4510 goto unlock;
4511
4512 if (status) {
4513 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4514 mgmt_status(status));
4515 } else {
1a4d3c4b
JH		 4516 struct mgmt_mode *cp = cmd->param;
4517
4518 if (cp->val)
4519 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4520 else
4521 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4522
33e38b3e
JH		 4523 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4524 new_settings(hdev, cmd->sk);
4525 }
4526
4527 mgmt_pending_remove(cmd);
4528
4529unlock:
4530 hci_dev_unlock(hdev);
4531}
4532
bdb6d971 4533static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4534 void *data, u16 len)
f6422ec6 4535{
650f726d 4536 struct mgmt_mode *cp = data;
33e38b3e
JH		 4537 struct pending_cmd *cmd;
4538 struct hci_request req;
f6422ec6
AJ		 4539 int err;
4540
bdb6d971 4541 BT_DBG("%s", hdev->name);
f6422ec6 4542
56f87901
JH		 4543 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4544 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4545 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4546 MGMT_STATUS_NOT_SUPPORTED);
4547
a7e80f25
JH		 4548 if (cp->val != 0x00 && cp->val != 0x01)
4549 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4550 MGMT_STATUS_INVALID_PARAMS);
4551
5400c044 4552 if (!hdev_is_powered(hdev))
bdb6d971 4553 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4554 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4555
4556 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4557 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4558 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4559
4560 hci_dev_lock(hdev);
4561
05cbf29f
JH		 4562 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4563 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4564 MGMT_STATUS_BUSY);
4565 goto unlock;
4566 }
4567
1a4d3c4b
JH		 4568 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4569 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4570 hdev);
4571 goto unlock;
4572 }
4573
33e38b3e
JH		 4574 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4575 data, len);
4576 if (!cmd) {
4577 err = -ENOMEM;
4578 goto unlock;
f6422ec6
AJ		 4579 }
4580
33e38b3e
JH		 4581 hci_req_init(&req, hdev);
4582
406d7804 4583 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4584
4585 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4586 if (err < 0) {
bdb6d971 4587 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4588 MGMT_STATUS_FAILED);
33e38b3e 4589 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4590 }
4591
33e38b3e 4592unlock:
f6422ec6 4593 hci_dev_unlock(hdev);
33e38b3e 4594
f6422ec6
AJ		 4595 return err;
4596}
4597
0663ca2a
JH		 4598static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4599{
4600 struct pending_cmd *cmd;
4601
4602 BT_DBG("status 0x%02x", status);
4603
4604 hci_dev_lock(hdev);
4605
4606 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4607 if (!cmd)
4608 goto unlock;
4609
4610 if (status) {
4611 u8 mgmt_err = mgmt_status(status);
4612
4613 /* We need to restore the flag if related HCI commands
4614 * failed.
4615 */
4616 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4617
4618 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4619 } else {
4620 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4621 new_settings(hdev, cmd->sk);
4622 }
4623
4624 mgmt_pending_remove(cmd);
4625
4626unlock:
4627 hci_dev_unlock(hdev);
4628}
4629
4630static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4631{
4632 struct mgmt_mode *cp = data;
4633 struct pending_cmd *cmd;
4634 struct hci_request req;
4635 int err;
4636
4637 BT_DBG("request for %s", hdev->name);
4638
4639 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4640 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4641 MGMT_STATUS_NOT_SUPPORTED);
4642
4643 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4644 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4645 MGMT_STATUS_REJECTED);
4646
4647 if (cp->val != 0x00 && cp->val != 0x01)
4648 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4649 MGMT_STATUS_INVALID_PARAMS);
4650
4651 hci_dev_lock(hdev);
4652
4653 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4654 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4655 goto unlock;
4656 }
4657
4658 if (!hdev_is_powered(hdev)) {
4659 if (!cp->val) {
0663ca2a
JH		 4660 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4661 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4662 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4663 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4664 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4665 }
4666
4667 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4668
4669 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4670 if (err < 0)
4671 goto unlock;
4672
4673 err = new_settings(hdev, sk);
4674 goto unlock;
4675 }
4676
4677 /* Reject disabling when powered on */
4678 if (!cp->val) {
4679 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4680 MGMT_STATUS_REJECTED);
4681 goto unlock;
4682 }
4683
4684 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4685 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4686 MGMT_STATUS_BUSY);
4687 goto unlock;
4688 }
4689
4690 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4691 if (!cmd) {
4692 err = -ENOMEM;
4693 goto unlock;
4694 }
4695
5947f4bc 4696 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4697 * generates the correct flags.
4698 */
4699 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4700
4701 hci_req_init(&req, hdev);
aa8af46e 4702
432df05e 4703 write_fast_connectable(&req, false);
1d2dc5b7 4704 __hci_update_page_scan(&req);
aa8af46e 4705
f14d8f64
MH		 4706 /* Since only the advertising data flags will change, there
4707 * is no need to update the scan response data.
4708 */
5947f4bc 4709 update_adv_data(&req);
aa8af46e 4710
0663ca2a
JH		 4711 err = hci_req_run(&req, set_bredr_complete);
4712 if (err < 0)
4713 mgmt_pending_remove(cmd);
4714
4715unlock:
4716 hci_dev_unlock(hdev);
4717 return err;
4718}
4719
eac83dc6
MH		 4720static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4721 void *data, u16 len)
4722{
4723 struct mgmt_mode *cp = data;
4724 struct pending_cmd *cmd;
a3209694 4725 u8 val;
eac83dc6
MH		 4726 int err;
4727
4728 BT_DBG("request for %s", hdev->name);
4729
a3209694
JH		 4730 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4731 !lmp_sc_capable(hdev) && !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4732 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4733 MGMT_STATUS_NOT_SUPPORTED);
4734
0ab04a9c 4735 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4736 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4737 MGMT_STATUS_INVALID_PARAMS);
4738
4739 hci_dev_lock(hdev);
4740
a3209694
JH		 4741 if (!hdev_is_powered(hdev) ||
4742 (!lmp_sc_capable(hdev) &&
4743 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) ||
4744 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4745 bool changed;
4746
0ab04a9c 4747 if (cp->val) {
eac83dc6
MH		 4748 changed = !test_and_set_bit(HCI_SC_ENABLED,
4749 &hdev->dev_flags);
0ab04a9c
MH		 4750 if (cp->val == 0x02)
4751 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4752 else
4753 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4754 } else {
eac83dc6
MH		 4755 changed = test_and_clear_bit(HCI_SC_ENABLED,
4756 &hdev->dev_flags);
0ab04a9c
MH		 4757 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4758 }
eac83dc6
MH		 4759
4760 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4761 if (err < 0)
4762 goto failed;
4763
4764 if (changed)
4765 err = new_settings(hdev, sk);
4766
4767 goto failed;
4768 }
4769
4770 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4771 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4772 MGMT_STATUS_BUSY);
4773 goto failed;
4774 }
4775
0ab04a9c
MH		 4776 val = !!cp->val;
4777
4778 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4779 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4780 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4781 goto failed;
4782 }
4783
4784 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4785 if (!cmd) {
4786 err = -ENOMEM;
4787 goto failed;
4788 }
4789
0ab04a9c 4790 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4791 if (err < 0) {
4792 mgmt_pending_remove(cmd);
4793 goto failed;
4794 }
4795
0ab04a9c
MH		 4796 if (cp->val == 0x02)
4797 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4798 else
4799 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4800
eac83dc6
MH		 4801failed:
4802 hci_dev_unlock(hdev);
4803 return err;
4804}
4805
4e39ac81
MH		 4806static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4807 void *data, u16 len)
4808{
4809 struct mgmt_mode *cp = data;
b9710979 4810 bool changed, use_changed;
4e39ac81
MH		 4811 int err;
4812
4813 BT_DBG("request for %s", hdev->name);
4814
b9710979 4815 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4816 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4817 MGMT_STATUS_INVALID_PARAMS);
4818
4819 hci_dev_lock(hdev);
4820
4821 if (cp->val)
0663b297
JH		 4822 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4823 &hdev->dev_flags);
4e39ac81 4824 else
0663b297
JH		 4825 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4826 &hdev->dev_flags);
4e39ac81 4827
b9710979
JH		 4828 if (cp->val == 0x02)
4829 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4830 &hdev->dev_flags);
4831 else
4832 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4833 &hdev->dev_flags);
4834
4835 if (hdev_is_powered(hdev) && use_changed &&
4836 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4837 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4838 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4839 sizeof(mode), &mode);
4840 }
4841
4e39ac81
MH		 4842 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4843 if (err < 0)
4844 goto unlock;
4845
4846 if (changed)
4847 err = new_settings(hdev, sk);
4848
4849unlock:
4850 hci_dev_unlock(hdev);
4851 return err;
4852}
4853
62b04cd1
JH		 4854static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4855 u16 len)
4856{
4857 struct mgmt_cp_set_privacy *cp = cp_data;
4858 bool changed;
4859 int err;
4860
4861 BT_DBG("request for %s", hdev->name);
4862
4863 if (!lmp_le_capable(hdev))
4864 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4865 MGMT_STATUS_NOT_SUPPORTED);
4866
4867 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4868 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4869 MGMT_STATUS_INVALID_PARAMS);
4870
4871 if (hdev_is_powered(hdev))
4872 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4873 MGMT_STATUS_REJECTED);
4874
4875 hci_dev_lock(hdev);
4876
c21c0ea0
JH		 4877 /* If user space supports this command it is also expected to
4878 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4879 */
4880 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4881
62b04cd1
JH		 4882 if (cp->privacy) {
4883 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4884 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4885 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4886 } else {
4887 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4888 memset(hdev->irk, 0, sizeof(hdev->irk));
4889 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4890 }
4891
4892 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4893 if (err < 0)
4894 goto unlock;
4895
4896 if (changed)
4897 err = new_settings(hdev, sk);
4898
4899unlock:
4900 hci_dev_unlock(hdev);
4901 return err;
4902}
4903
41edf160
JH		 4904static bool irk_is_valid(struct mgmt_irk_info *irk)
4905{
4906 switch (irk->addr.type) {
4907 case BDADDR_LE_PUBLIC:
4908 return true;
4909
4910 case BDADDR_LE_RANDOM:
4911 /* Two most significant bits shall be set */
4912 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4913 return false;
4914 return true;
4915 }
4916
4917 return false;
4918}
4919
4920static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4921 u16 len)
4922{
4923 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4924 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4925 sizeof(struct mgmt_irk_info));
41edf160
JH		 4926 u16 irk_count, expected_len;
4927 int i, err;
4928
4929 BT_DBG("request for %s", hdev->name);
4930
4931 if (!lmp_le_capable(hdev))
4932 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4933 MGMT_STATUS_NOT_SUPPORTED);
4934
4935 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4936 if (irk_count > max_irk_count) {
4937 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4938 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4939 MGMT_STATUS_INVALID_PARAMS);
4940 }
41edf160
JH		 4941
4942 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4943 if (expected_len != len) {
4944 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4945 expected_len, len);
41edf160
JH		 4946 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4947 MGMT_STATUS_INVALID_PARAMS);
4948 }
4949
4950 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4951
4952 for (i = 0; i < irk_count; i++) {
4953 struct mgmt_irk_info *key = &cp->irks[i];
4954
4955 if (!irk_is_valid(key))
4956 return cmd_status(sk, hdev->id,
4957 MGMT_OP_LOAD_IRKS,
4958 MGMT_STATUS_INVALID_PARAMS);
4959 }
4960
4961 hci_dev_lock(hdev);
4962
4963 hci_smp_irks_clear(hdev);
4964
4965 for (i = 0; i < irk_count; i++) {
4966 struct mgmt_irk_info *irk = &cp->irks[i];
4967 u8 addr_type;
4968
4969 if (irk->addr.type == BDADDR_LE_PUBLIC)
4970 addr_type = ADDR_LE_DEV_PUBLIC;
4971 else
4972 addr_type = ADDR_LE_DEV_RANDOM;
4973
4974 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4975 BDADDR_ANY);
4976 }
4977
4978 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4979
4980 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4981
4982 hci_dev_unlock(hdev);
4983
4984 return err;
4985}
4986
3f706b72
JH		 4987static bool ltk_is_valid(struct mgmt_ltk_info *key)
4988{
4989 if (key->master != 0x00 && key->master != 0x01)
4990 return false;
490cb0b3
MH		 4991
4992 switch (key->addr.type) {
4993 case BDADDR_LE_PUBLIC:
4994 return true;
4995
4996 case BDADDR_LE_RANDOM:
4997 /* Two most significant bits shall be set */
4998 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4999 return false;
5000 return true;
5001 }
5002
5003 return false;
3f706b72
JH		 5004}
5005
bdb6d971 5006static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5007 void *cp_data, u16 len)
346af67b 5008{
346af67b 5009 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5010 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5011 sizeof(struct mgmt_ltk_info));
346af67b 5012 u16 key_count, expected_len;
715a5bf2 5013 int i, err;
346af67b 5014
cf99ba13
MH		 5015 BT_DBG("request for %s", hdev->name);
5016
5017 if (!lmp_le_capable(hdev))
5018 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5019 MGMT_STATUS_NOT_SUPPORTED);
5020
1f350c87 5021 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5022 if (key_count > max_key_count) {
5023 BT_ERR("load_ltks: too big key_count value %u", key_count);
5024 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5025 MGMT_STATUS_INVALID_PARAMS);
5026 }
346af67b
VCG		 5027
5028 expected_len = sizeof(*cp) + key_count *
5029 sizeof(struct mgmt_ltk_info);
5030 if (expected_len != len) {
5031 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5032 expected_len, len);
bdb6d971 5033 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 5034 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5035 }
5036
bdb6d971 5037 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5038
54ad6d8a
JH		 5039 for (i = 0; i < key_count; i++) {
5040 struct mgmt_ltk_info *key = &cp->keys[i];
5041
3f706b72 5042 if (!ltk_is_valid(key))
54ad6d8a
JH		 5043 return cmd_status(sk, hdev->id,
5044 MGMT_OP_LOAD_LONG_TERM_KEYS,
5045 MGMT_STATUS_INVALID_PARAMS);
5046 }
5047
346af67b
VCG		 5048 hci_dev_lock(hdev);
5049
5050 hci_smp_ltks_clear(hdev);
5051
5052 for (i = 0; i < key_count; i++) {
5053 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5054 u8 type, addr_type, authenticated;
79d95a19
MH		 5055
5056 if (key->addr.type == BDADDR_LE_PUBLIC)
5057 addr_type = ADDR_LE_DEV_PUBLIC;
5058 else
5059 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5060
61b43357
JH		 5061 switch (key->type) {
5062 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5063 authenticated = 0x00;
23fb8de3 5064 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5065 break;
5066 case MGMT_LTK_AUTHENTICATED:
d7b25450 5067 authenticated = 0x01;
23fb8de3
JH		 5068 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5069 break;
5070 case MGMT_LTK_P256_UNAUTH:
5071 authenticated = 0x00;
5072 type = SMP_LTK_P256;
61b43357 5073 break;
23fb8de3
JH		 5074 case MGMT_LTK_P256_AUTH:
5075 authenticated = 0x01;
5076 type = SMP_LTK_P256;
61b43357 5077 break;
23fb8de3
JH		 5078 case MGMT_LTK_P256_DEBUG:
5079 authenticated = 0x00;
5080 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5081 default:
5082 continue;
5083 }
d7b25450 5084
35d70271 5085 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5086 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5087 key->rand);
346af67b
VCG		 5088 }
5089
715a5bf2
JH		 5090 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5091 NULL, 0);
5092
346af67b 5093 hci_dev_unlock(hdev);
346af67b 5094
715a5bf2 5095 return err;
346af67b
VCG		 5096}
5097
9df74653 5098static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
dd983808 5099{
dd983808 5100 struct hci_conn *conn = cmd->user_data;
9981bdb0 5101 struct mgmt_rp_get_conn_info rp;
9df74653 5102 int err;
dd983808 5103
9981bdb0 5104 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5105
9981bdb0 5106 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5107 rp.rssi = conn->rssi;
9981bdb0
JH		 5108 rp.tx_power = conn->tx_power;
5109 rp.max_tx_power = conn->max_tx_power;
5110 } else {
5111 rp.rssi = HCI_RSSI_INVALID;
5112 rp.tx_power = HCI_TX_POWER_INVALID;
5113 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5114 }
5115
9df74653
JH		 5116 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5117 &rp, sizeof(rp));
dd983808
AK		 5118
5119 hci_conn_drop(conn);
f8aaf9b6 5120 hci_conn_put(conn);
9df74653
JH		 5121
5122 return err;
dd983808
AK		 5123}
5124
9981bdb0 5125static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status)
dd983808
AK		 5126{
5127 struct hci_cp_read_rssi *cp;
9981bdb0 5128 struct pending_cmd *cmd;
dd983808 5129 struct hci_conn *conn;
dd983808 5130 u16 handle;
9981bdb0 5131 u8 status;
dd983808 5132
9981bdb0 5133 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5134
5135 hci_dev_lock(hdev);
5136
dd983808
AK		 5137 /* Commands sent in request are either Read RSSI or Read Transmit Power
5138 * Level so we check which one was last sent to retrieve connection
5139 * handle. Both commands have handle as first parameter so it's safe to
5140 * cast data on the same command struct.
5141 *
5142 * First command sent is always Read RSSI and we fail only if it fails.
5143 * In other case we simply override error to indicate success as we
5144 * already remembered if TX power value is actually valid.
5145 */
5146 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5147 if (!cp) {
5148 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5149 status = MGMT_STATUS_SUCCESS;
5150 } else {
5151 status = mgmt_status(hci_status);
dd983808
AK		 5152 }
5153
5154 if (!cp) {
9981bdb0 5155 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5156 goto unlock;
5157 }
5158
5159 handle = __le16_to_cpu(cp->handle);
5160 conn = hci_conn_hash_lookup_handle(hdev, handle);
5161 if (!conn) {
9981bdb0 5162 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5163 goto unlock;
5164 }
5165
9981bdb0
JH		 5166 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5167 if (!cmd)
5168 goto unlock;
dd983808 5169
9981bdb0
JH		 5170 cmd->cmd_complete(cmd, status);
5171 mgmt_pending_remove(cmd);
dd983808
AK		 5172
5173unlock:
5174 hci_dev_unlock(hdev);
5175}
5176
5177static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5178 u16 len)
5179{
5180 struct mgmt_cp_get_conn_info *cp = data;
5181 struct mgmt_rp_get_conn_info rp;
5182 struct hci_conn *conn;
5183 unsigned long conn_info_age;
5184 int err = 0;
5185
5186 BT_DBG("%s", hdev->name);
5187
5188 memset(&rp, 0, sizeof(rp));
5189 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5190 rp.addr.type = cp->addr.type;
5191
5192 if (!bdaddr_type_is_valid(cp->addr.type))
5193 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5194 MGMT_STATUS_INVALID_PARAMS,
5195 &rp, sizeof(rp));
5196
5197 hci_dev_lock(hdev);
5198
5199 if (!hdev_is_powered(hdev)) {
5200 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5201 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5202 goto unlock;
5203 }
5204
5205 if (cp->addr.type == BDADDR_BREDR)
5206 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5207 &cp->addr.bdaddr);
5208 else
5209 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5210
5211 if (!conn || conn->state != BT_CONNECTED) {
5212 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5213 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5214 goto unlock;
5215 }
5216
9981bdb0
JH		 5217 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5218 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5219 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5220 goto unlock;
5221 }
5222
dd983808
AK		 5223 /* To avoid client trying to guess when to poll again for information we
5224 * calculate conn info age as random value between min/max set in hdev.
5225 */
5226 conn_info_age = hdev->conn_info_min_age +
5227 prandom_u32_max(hdev->conn_info_max_age -
5228 hdev->conn_info_min_age);
5229
5230 /* Query controller to refresh cached values if they are too old or were
5231 * never read.
5232 */
f4e2dd53
AK		 5233 if (time_after(jiffies, conn->conn_info_timestamp +
5234 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5235 !conn->conn_info_timestamp) {
5236 struct hci_request req;
5237 struct hci_cp_read_tx_power req_txp_cp;
5238 struct hci_cp_read_rssi req_rssi_cp;
5239 struct pending_cmd *cmd;
5240
5241 hci_req_init(&req, hdev);
5242 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5243 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5244 &req_rssi_cp);
5245
f7faab0c
AK		 5246 /* For LE links TX power does not change thus we don't need to
5247 * query for it once value is known.
5248 */
5249 if (!bdaddr_type_is_le(cp->addr.type) ||
5250 conn->tx_power == HCI_TX_POWER_INVALID) {
5251 req_txp_cp.handle = cpu_to_le16(conn->handle);
5252 req_txp_cp.type = 0x00;
5253 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5254 sizeof(req_txp_cp), &req_txp_cp);
5255 }
dd983808 5256
eed5daf3
AK		 5257 /* Max TX power needs to be read only once per connection */
5258 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5259 req_txp_cp.handle = cpu_to_le16(conn->handle);
5260 req_txp_cp.type = 0x01;
5261 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5262 sizeof(req_txp_cp), &req_txp_cp);
5263 }
5264
dd983808
AK		 5265 err = hci_req_run(&req, conn_info_refresh_complete);
5266 if (err < 0)
5267 goto unlock;
5268
5269 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5270 data, len);
5271 if (!cmd) {
5272 err = -ENOMEM;
5273 goto unlock;
5274 }
5275
5276 hci_conn_hold(conn);
f8aaf9b6 5277 cmd->user_data = hci_conn_get(conn);
9981bdb0 5278 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5279
5280 conn->conn_info_timestamp = jiffies;
5281 } else {
5282 /* Cache is valid, just reply with values cached in hci_conn */
5283 rp.rssi = conn->rssi;
5284 rp.tx_power = conn->tx_power;
eed5daf3 5285 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5286
5287 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5288 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5289 }
5290
5291unlock:
5292 hci_dev_unlock(hdev);
5293 return err;
5294}
5295
9df74653 5296static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
95868426 5297{
69487371 5298 struct hci_conn *conn = cmd->user_data;
95868426 5299 struct mgmt_rp_get_clock_info rp;
69487371 5300 struct hci_dev *hdev;
9df74653 5301 int err;
69487371
JH		 5302
5303 memset(&rp, 0, sizeof(rp));
5304 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5305
5306 if (status)
5307 goto complete;
5308
5309 hdev = hci_dev_get(cmd->index);
5310 if (hdev) {
5311 rp.local_clock = cpu_to_le32(hdev->clock);
5312 hci_dev_put(hdev);
5313 }
5314
5315 if (conn) {
5316 rp.piconet_clock = cpu_to_le32(conn->clock);
5317 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5318 }
5319
5320complete:
9df74653
JH		 5321 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5322 sizeof(rp));
69487371
JH		 5323
5324 if (conn) {
5325 hci_conn_drop(conn);
5326 hci_conn_put(conn);
5327 }
9df74653
JH		 5328
5329 return err;
69487371
JH		 5330}
5331
5332static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5333{
95868426
JH		 5334 struct hci_cp_read_clock *hci_cp;
5335 struct pending_cmd *cmd;
5336 struct hci_conn *conn;
5337
5338 BT_DBG("%s status %u", hdev->name, status);
5339
5340 hci_dev_lock(hdev);
5341
5342 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5343 if (!hci_cp)
5344 goto unlock;
5345
5346 if (hci_cp->which) {
5347 u16 handle = __le16_to_cpu(hci_cp->handle);
5348 conn = hci_conn_hash_lookup_handle(hdev, handle);
5349 } else {
5350 conn = NULL;
5351 }
5352
5353 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5354 if (!cmd)
5355 goto unlock;
5356
69487371 5357 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5358 mgmt_pending_remove(cmd);
95868426
JH		 5359
5360unlock:
5361 hci_dev_unlock(hdev);
5362}
5363
5364static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5365 u16 len)
5366{
5367 struct mgmt_cp_get_clock_info *cp = data;
5368 struct mgmt_rp_get_clock_info rp;
5369 struct hci_cp_read_clock hci_cp;
5370 struct pending_cmd *cmd;
5371 struct hci_request req;
5372 struct hci_conn *conn;
5373 int err;
5374
5375 BT_DBG("%s", hdev->name);
5376
5377 memset(&rp, 0, sizeof(rp));
5378 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5379 rp.addr.type = cp->addr.type;
5380
5381 if (cp->addr.type != BDADDR_BREDR)
5382 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5383 MGMT_STATUS_INVALID_PARAMS,
5384 &rp, sizeof(rp));
5385
5386 hci_dev_lock(hdev);
5387
5388 if (!hdev_is_powered(hdev)) {
5389 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5390 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5391 goto unlock;
5392 }
5393
5394 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5395 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5396 &cp->addr.bdaddr);
5397 if (!conn || conn->state != BT_CONNECTED) {
5398 err = cmd_complete(sk, hdev->id,
5399 MGMT_OP_GET_CLOCK_INFO,
5400 MGMT_STATUS_NOT_CONNECTED,
5401 &rp, sizeof(rp));
5402 goto unlock;
5403 }
5404 } else {
5405 conn = NULL;
5406 }
5407
5408 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5409 if (!cmd) {
5410 err = -ENOMEM;
5411 goto unlock;
5412 }
5413
69487371
JH		 5414 cmd->cmd_complete = clock_info_cmd_complete;
5415
95868426
JH		 5416 hci_req_init(&req, hdev);
5417
5418 memset(&hci_cp, 0, sizeof(hci_cp));
5419 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5420
5421 if (conn) {
5422 hci_conn_hold(conn);
f8aaf9b6 5423 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5424
5425 hci_cp.handle = cpu_to_le16(conn->handle);
5426 hci_cp.which = 0x01; /* Piconet clock */
5427 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5428 }
5429
5430 err = hci_req_run(&req, get_clock_info_complete);
5431 if (err < 0)
5432 mgmt_pending_remove(cmd);
5433
5434unlock:
5435 hci_dev_unlock(hdev);
5436 return err;
5437}
5438
5a154e6f
JH		 5439static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5440{
5441 struct hci_conn *conn;
5442
5443 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5444 if (!conn)
5445 return false;
5446
5447 if (conn->dst_type != type)
5448 return false;
5449
5450 if (conn->state != BT_CONNECTED)
5451 return false;
5452
5453 return true;
5454}
5455
5456/* This function requires the caller holds hdev->lock */
5457static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5458 u8 addr_type, u8 auto_connect)
5459{
5460 struct hci_dev *hdev = req->hdev;
5461 struct hci_conn_params *params;
5462
5463 params = hci_conn_params_add(hdev, addr, addr_type);
5464 if (!params)
5465 return -EIO;
5466
5467 if (params->auto_connect == auto_connect)
5468 return 0;
5469
5470 list_del_init(&params->action);
5471
5472 switch (auto_connect) {
5473 case HCI_AUTO_CONN_DISABLED:
5474 case HCI_AUTO_CONN_LINK_LOSS:
5475 __hci_update_background_scan(req);
5476 break;
5477 case HCI_AUTO_CONN_REPORT:
5478 list_add(&params->action, &hdev->pend_le_reports);
5479 __hci_update_background_scan(req);
5480 break;
5481 case HCI_AUTO_CONN_DIRECT:
5482 case HCI_AUTO_CONN_ALWAYS:
5483 if (!is_connected(hdev, addr, addr_type)) {
5484 list_add(&params->action, &hdev->pend_le_conns);
5485 __hci_update_background_scan(req);
5486 }
5487 break;
5488 }
5489
5490 params->auto_connect = auto_connect;
5491
5492 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5493 auto_connect);
5494
5495 return 0;
5496}
5497
8afef092
MH		 5498static void device_added(struct sock *sk, struct hci_dev *hdev,
5499 bdaddr_t *bdaddr, u8 type, u8 action)
5500{
5501 struct mgmt_ev_device_added ev;
5502
5503 bacpy(&ev.addr.bdaddr, bdaddr);
5504 ev.addr.type = type;
5505 ev.action = action;
5506
5507 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5508}
5509
5a154e6f
JH		 5510static void add_device_complete(struct hci_dev *hdev, u8 status)
5511{
5512 struct pending_cmd *cmd;
5513
5514 BT_DBG("status 0x%02x", status);
5515
5516 hci_dev_lock(hdev);
5517
5518 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5519 if (!cmd)
5520 goto unlock;
5521
5522 cmd->cmd_complete(cmd, mgmt_status(status));
5523 mgmt_pending_remove(cmd);
5524
5525unlock:
5526 hci_dev_unlock(hdev);
5527}
5528
2faade53
MH		 5529static int add_device(struct sock *sk, struct hci_dev *hdev,
5530 void *data, u16 len)
5531{
5532 struct mgmt_cp_add_device *cp = data;
5a154e6f
JH		 5533 struct pending_cmd *cmd;
5534 struct hci_request req;
2faade53
MH		 5535 u8 auto_conn, addr_type;
5536 int err;
5537
5538 BT_DBG("%s", hdev->name);
5539
6659358e 5540 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5541 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5542 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5543 MGMT_STATUS_INVALID_PARAMS,
5544 &cp->addr, sizeof(cp->addr));
5545
4b9e7e75 5546 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5547 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5548 MGMT_STATUS_INVALID_PARAMS,
5549 &cp->addr, sizeof(cp->addr));
5550
5a154e6f
JH		 5551 hci_req_init(&req, hdev);
5552
2faade53
MH		 5553 hci_dev_lock(hdev);
5554
5a154e6f
JH		 5555 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5556 if (!cmd) {
5557 err = -ENOMEM;
5558 goto unlock;
5559 }
5560
5561 cmd->cmd_complete = addr_cmd_complete;
5562
6659358e 5563 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5564 /* Only incoming connections action is supported for now */
6659358e 5565 if (cp->action != 0x01) {
9df74653
JH		 5566 err = cmd->cmd_complete(cmd,
5567 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5568 mgmt_pending_remove(cmd);
6659358e
JH		 5569 goto unlock;
5570 }
5571
5572 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5573 cp->addr.type);
5574 if (err)
5575 goto unlock;
a397407f 5576
5a154e6f 5577 __hci_update_page_scan(&req);
a397407f 5578
6659358e
JH		 5579 goto added;
5580 }
5581
2faade53
MH		 5582 if (cp->addr.type == BDADDR_LE_PUBLIC)
5583 addr_type = ADDR_LE_DEV_PUBLIC;
5584 else
5585 addr_type = ADDR_LE_DEV_RANDOM;
5586
4b9e7e75 5587 if (cp->action == 0x02)
2faade53 5588 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5589 else if (cp->action == 0x01)
5590 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5591 else
a3451d27 5592 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5593
bf5b3c8b
MH		 5594 /* If the connection parameters don't exist for this device,
5595 * they will be created and configured with defaults.
5596 */
5a154e6f 5597 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5598 auto_conn) < 0) {
9df74653 5599 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5600 mgmt_pending_remove(cmd);
2faade53
MH		 5601 goto unlock;
5602 }
5603
6659358e 5604added:
8afef092
MH		 5605 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5606
5a154e6f
JH		 5607 err = hci_req_run(&req, add_device_complete);
5608 if (err < 0) {
5609 /* ENODATA means no HCI commands were needed (e.g. if
5610 * the adapter is powered off).
5611 */
9df74653
JH		 5612 if (err == -ENODATA)
5613 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5614 mgmt_pending_remove(cmd);
5615 }
2faade53
MH		 5616
5617unlock:
5618 hci_dev_unlock(hdev);
5619 return err;
5620}
5621
8afef092
MH		 5622static void device_removed(struct sock *sk, struct hci_dev *hdev,
5623 bdaddr_t *bdaddr, u8 type)
5624{
5625 struct mgmt_ev_device_removed ev;
5626
5627 bacpy(&ev.addr.bdaddr, bdaddr);
5628 ev.addr.type = type;
5629
5630 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5631}
5632
51ef3ebe
JH		 5633static void remove_device_complete(struct hci_dev *hdev, u8 status)
5634{
5635 struct pending_cmd *cmd;
5636
5637 BT_DBG("status 0x%02x", status);
5638
5639 hci_dev_lock(hdev);
5640
5641 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5642 if (!cmd)
5643 goto unlock;
5644
5645 cmd->cmd_complete(cmd, mgmt_status(status));
5646 mgmt_pending_remove(cmd);
5647
5648unlock:
5649 hci_dev_unlock(hdev);
5650}
5651
2faade53
MH		 5652static int remove_device(struct sock *sk, struct hci_dev *hdev,
5653 void *data, u16 len)
5654{
5655 struct mgmt_cp_remove_device *cp = data;
51ef3ebe
JH		 5656 struct pending_cmd *cmd;
5657 struct hci_request req;
2faade53
MH		 5658 int err;
5659
5660 BT_DBG("%s", hdev->name);
5661
51ef3ebe
JH		 5662 hci_req_init(&req, hdev);
5663
2faade53
MH		 5664 hci_dev_lock(hdev);
5665
51ef3ebe
JH		 5666 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5667 if (!cmd) {
5668 err = -ENOMEM;
5669 goto unlock;
5670 }
5671
5672 cmd->cmd_complete = addr_cmd_complete;
5673
2faade53 5674 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5675 struct hci_conn_params *params;
2faade53
MH		 5676 u8 addr_type;
5677
6659358e 5678 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5679 err = cmd->cmd_complete(cmd,
5680 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5681 mgmt_pending_remove(cmd);
2faade53
MH		 5682 goto unlock;
5683 }
5684
6659358e
JH		 5685 if (cp->addr.type == BDADDR_BREDR) {
5686 err = hci_bdaddr_list_del(&hdev->whitelist,
5687 &cp->addr.bdaddr,
5688 cp->addr.type);
5689 if (err) {
9df74653
JH		 5690 err = cmd->cmd_complete(cmd,
5691 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5692 mgmt_pending_remove(cmd);
6659358e
JH		 5693 goto unlock;
5694 }
5695
51ef3ebe 5696 __hci_update_page_scan(&req);
a397407f 5697
6659358e
JH		 5698 device_removed(sk, hdev, &cp->addr.bdaddr,
5699 cp->addr.type);
5700 goto complete;
5701 }
5702
2faade53
MH		 5703 if (cp->addr.type == BDADDR_LE_PUBLIC)
5704 addr_type = ADDR_LE_DEV_PUBLIC;
5705 else
5706 addr_type = ADDR_LE_DEV_RANDOM;
5707
c71593dd
JH		 5708 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5709 addr_type);
5710 if (!params) {
9df74653
JH		 5711 err = cmd->cmd_complete(cmd,
5712 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5713 mgmt_pending_remove(cmd);
c71593dd
JH		 5714 goto unlock;
5715 }
5716
5717 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5718 err = cmd->cmd_complete(cmd,
5719 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5720 mgmt_pending_remove(cmd);
c71593dd
JH		 5721 goto unlock;
5722 }
5723
d1dbf12e 5724 list_del(&params->action);
c71593dd
JH		 5725 list_del(&params->list);
5726 kfree(params);
51ef3ebe 5727 __hci_update_background_scan(&req);
8afef092
MH		 5728
5729 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5730 } else {
19de0825 5731 struct hci_conn_params *p, *tmp;
6659358e 5732 struct bdaddr_list *b, *btmp;
19de0825 5733
2faade53 5734 if (cp->addr.type) {
9df74653
JH		 5735 err = cmd->cmd_complete(cmd,
5736 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5737 mgmt_pending_remove(cmd);
2faade53
MH		 5738 goto unlock;
5739 }
5740
6659358e
JH		 5741 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5742 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5743 list_del(&b->list);
5744 kfree(b);
5745 }
5746
51ef3ebe 5747 __hci_update_page_scan(&req);
a397407f 5748
19de0825
JH		 5749 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5750 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5751 continue;
5752 device_removed(sk, hdev, &p->addr, p->addr_type);
5753 list_del(&p->action);
5754 list_del(&p->list);
5755 kfree(p);
5756 }
5757
5758 BT_DBG("All LE connection parameters were removed");
5759
51ef3ebe 5760 __hci_update_background_scan(&req);
2faade53
MH		 5761 }
5762
6659358e 5763complete:
51ef3ebe
JH		 5764 err = hci_req_run(&req, remove_device_complete);
5765 if (err < 0) {
5766 /* ENODATA means no HCI commands were needed (e.g. if
5767 * the adapter is powered off).
5768 */
9df74653
JH		 5769 if (err == -ENODATA)
5770 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5771 mgmt_pending_remove(cmd);
5772 }
2faade53
MH		 5773
5774unlock:
5775 hci_dev_unlock(hdev);
5776 return err;
5777}
5778
a26f3dcf
JH		 5779static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5780 u16 len)
5781{
5782 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5783 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5784 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5785 u16 param_count, expected_len;
5786 int i;
5787
5788 if (!lmp_le_capable(hdev))
5789 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5790 MGMT_STATUS_NOT_SUPPORTED);
5791
5792 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5793 if (param_count > max_param_count) {
5794 BT_ERR("load_conn_param: too big param_count value %u",
5795 param_count);
5796 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5797 MGMT_STATUS_INVALID_PARAMS);
5798 }
a26f3dcf
JH		 5799
5800 expected_len = sizeof(*cp) + param_count *
5801 sizeof(struct mgmt_conn_param);
5802 if (expected_len != len) {
5803 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5804 expected_len, len);
5805 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5806 MGMT_STATUS_INVALID_PARAMS);
5807 }
5808
5809 BT_DBG("%s param_count %u", hdev->name, param_count);
5810
5811 hci_dev_lock(hdev);
5812
5813 hci_conn_params_clear_disabled(hdev);
5814
5815 for (i = 0; i < param_count; i++) {
5816 struct mgmt_conn_param *param = &cp->params[i];
5817 struct hci_conn_params *hci_param;
5818 u16 min, max, latency, timeout;
5819 u8 addr_type;
5820
5821 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5822 param->addr.type);
5823
5824 if (param->addr.type == BDADDR_LE_PUBLIC) {
5825 addr_type = ADDR_LE_DEV_PUBLIC;
5826 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5827 addr_type = ADDR_LE_DEV_RANDOM;
5828 } else {
5829 BT_ERR("Ignoring invalid connection parameters");
5830 continue;
5831 }
5832
5833 min = le16_to_cpu(param->min_interval);
5834 max = le16_to_cpu(param->max_interval);
5835 latency = le16_to_cpu(param->latency);
5836 timeout = le16_to_cpu(param->timeout);
5837
5838 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5839 min, max, latency, timeout);
5840
5841 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5842 BT_ERR("Ignoring invalid connection parameters");
5843 continue;
5844 }
5845
5846 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5847 addr_type);
5848 if (!hci_param) {
5849 BT_ERR("Failed to add connection parameters");
5850 continue;
5851 }
5852
5853 hci_param->conn_min_interval = min;
5854 hci_param->conn_max_interval = max;
5855 hci_param->conn_latency = latency;
5856 hci_param->supervision_timeout = timeout;
5857 }
5858
5859 hci_dev_unlock(hdev);
5860
5861 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5862}
5863
dbece37a
MH		 5864static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5865 void *data, u16 len)
5866{
5867 struct mgmt_cp_set_external_config *cp = data;
5868 bool changed;
5869 int err;
5870
5871 BT_DBG("%s", hdev->name);
5872
5873 if (hdev_is_powered(hdev))
5874 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5875 MGMT_STATUS_REJECTED);
5876
5877 if (cp->config != 0x00 && cp->config != 0x01)
5878 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5879 MGMT_STATUS_INVALID_PARAMS);
5880
5881 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5882 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5883 MGMT_STATUS_NOT_SUPPORTED);
5884
5885 hci_dev_lock(hdev);
5886
5887 if (cp->config)
5888 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5889 &hdev->dev_flags);
5890 else
5891 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5892 &hdev->dev_flags);
5893
5894 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5895 if (err < 0)
5896 goto unlock;
5897
5898 if (!changed)
5899 goto unlock;
5900
f4537c04
MH		 5901 err = new_options(hdev, sk);
5902
dbece37a
MH		 5903 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5904 mgmt_index_removed(hdev);
d603b76b
MH		 5905
5906 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5907 set_bit(HCI_CONFIG, &hdev->dev_flags);
5908 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5909
5910 queue_work(hdev->req_workqueue, &hdev->power_on);
5911 } else {
5ea234d3 5912 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5913 mgmt_index_added(hdev);
5914 }
dbece37a
MH		 5915 }
5916
5917unlock:
5918 hci_dev_unlock(hdev);
5919 return err;
5920}
5921
9713c17b
MH		 5922static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5923 void *data, u16 len)
5924{
5925 struct mgmt_cp_set_public_address *cp = data;
5926 bool changed;
5927 int err;
5928
5929 BT_DBG("%s", hdev->name);
5930
5931 if (hdev_is_powered(hdev))
5932 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5933 MGMT_STATUS_REJECTED);
5934
5935 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5936 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5937 MGMT_STATUS_INVALID_PARAMS);
5938
5939 if (!hdev->set_bdaddr)
5940 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5941 MGMT_STATUS_NOT_SUPPORTED);
5942
5943 hci_dev_lock(hdev);
5944
5945 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5946 bacpy(&hdev->public_addr, &cp->bdaddr);
5947
5948 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5949 if (err < 0)
5950 goto unlock;
5951
5952 if (!changed)
5953 goto unlock;
5954
5955 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5956 err = new_options(hdev, sk);
5957
5958 if (is_configured(hdev)) {
5959 mgmt_index_removed(hdev);
5960
5961 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5962
5963 set_bit(HCI_CONFIG, &hdev->dev_flags);
5964 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5965
5966 queue_work(hdev->req_workqueue, &hdev->power_on);
5967 }
5968
5969unlock:
5970 hci_dev_unlock(hdev);
5971 return err;
5972}
5973
2e3c35ea 5974static const struct mgmt_handler {
04124681
GP		 5975 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5976 u16 data_len);
be22b54e
JH		 5977 bool var_len;
5978 size_t data_len;
0f4e68cf
JH		 5979} mgmt_handlers[] = {
5980 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5981 { read_version, false, MGMT_READ_VERSION_SIZE },
5982 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5983 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5984 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5985 { set_powered, false, MGMT_SETTING_SIZE },
5986 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5987 { set_connectable, false, MGMT_SETTING_SIZE },
5988 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 5989 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 5990 { set_link_security, false, MGMT_SETTING_SIZE },
5991 { set_ssp, false, MGMT_SETTING_SIZE },
5992 { set_hs, false, MGMT_SETTING_SIZE },
5993 { set_le, false, MGMT_SETTING_SIZE },
5994 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5995 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5996 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5997 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5998 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5999 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
6000 { disconnect, false, MGMT_DISCONNECT_SIZE },
6001 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
6002 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
6003 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6004 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
6005 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
6006 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6007 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
6008 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
6009 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6010 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
6011 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6012 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 6013 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 6014 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6015 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
6016 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
6017 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
6018 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
6019 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 6020 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 6021 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 6022 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 6023 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 6024 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 6025 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 6026 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 6027 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 6028 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 6029 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 6030 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 6031 { add_device, false, MGMT_ADD_DEVICE_SIZE },
6032 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 6033 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
6034 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 6035 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 6036 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 6037 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
66ea9427 6038 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
0f4e68cf
JH		 6039};
6040
0381101f
JH		 6041int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
6042{
650f726d
VCG		 6043 void *buf;
6044 u8 *cp;
0381101f 6045 struct mgmt_hdr *hdr;
4e51eae9 6046 u16 opcode, index, len;
bdb6d971 6047 struct hci_dev *hdev = NULL;
2e3c35ea 6048 const struct mgmt_handler *handler;
0381101f
JH		 6049 int err;
6050
6051 BT_DBG("got %zu bytes", msglen);
6052
6053 if (msglen < sizeof(*hdr))
6054 return -EINVAL;
6055
e63a15ec 6056 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6057 if (!buf)
6058 return -ENOMEM;
6059
6ce8e9ce 6060 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6061 err = -EFAULT;
6062 goto done;
6063 }
6064
650f726d 6065 hdr = buf;
1f350c87
MH		 6066 opcode = __le16_to_cpu(hdr->opcode);
6067 index = __le16_to_cpu(hdr->index);
6068 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6069
6070 if (len != msglen - sizeof(*hdr)) {
6071 err = -EINVAL;
6072 goto done;
6073 }
6074
0f4e68cf 6075 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6076 hdev = hci_dev_get(index);
6077 if (!hdev) {
6078 err = cmd_status(sk, index, opcode,
04124681 6079 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6080 goto done;
6081 }
0736cfa8 6082
cebf4cfd 6083 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 6084 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 6085 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 6086 err = cmd_status(sk, index, opcode,
6087 MGMT_STATUS_INVALID_INDEX);
6088 goto done;
6089 }
42a9bc14
MH		 6090
6091 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 6092 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 6093 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
6094 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 6095 err = cmd_status(sk, index, opcode,
6096 MGMT_STATUS_INVALID_INDEX);
6097 goto done;
6098 }
bdb6d971
JH		 6099 }
6100
0f4e68cf 6101 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 6102 mgmt_handlers[opcode].func == NULL) {
0381101f 6103 BT_DBG("Unknown op %u", opcode);
ca69b795 6104 err = cmd_status(sk, index, opcode,
04124681 6105 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 6106 goto done;
6107 }
6108
73d1df2a
MH		 6109 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
6110 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6111 err = cmd_status(sk, index, opcode,
6112 MGMT_STATUS_INVALID_INDEX);
6113 goto done;
6114 }
6115
6116 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
6117 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 6118 err = cmd_status(sk, index, opcode,
04124681 6119 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6120 goto done;
0381101f
JH		 6121 }
6122
be22b54e
JH		 6123 handler = &mgmt_handlers[opcode];
6124
6125 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 6126 (!handler->var_len && len != handler->data_len)) {
be22b54e 6127 err = cmd_status(sk, index, opcode,
04124681 6128 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6129 goto done;
6130 }
6131
0f4e68cf
JH		 6132 if (hdev)
6133 mgmt_init_hdev(sk, hdev);
6134
6135 cp = buf + sizeof(*hdr);
6136
be22b54e 6137 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6138 if (err < 0)
6139 goto done;
6140
0381101f
JH		 6141 err = msglen;
6142
6143done:
bdb6d971
JH		 6144 if (hdev)
6145 hci_dev_put(hdev);
6146
0381101f
JH		 6147 kfree(buf);
6148 return err;
6149}
c71e97bf 6150
bf6b56db 6151void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6152{
1514b892 6153 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6154 return;
bb4b2a9a 6155
0602a8ad
MH		 6156 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6157 return;
6158
6159 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6160 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6161 else
6162 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6163}
6164
bf6b56db 6165void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6166{
5f159032 6167 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6168
1514b892 6169 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6170 return;
bb4b2a9a 6171
0602a8ad
MH		 6172 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6173 return;
6174
1b9b5ee5 6175 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6176
edd3896b
MH		 6177 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6178 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6179 else
6180 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6181}
6182
6046dc3e 6183/* This function requires the caller holds hdev->lock */
2cf22218 6184static void restart_le_actions(struct hci_request *req)
6046dc3e 6185{
2cf22218 6186 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6187 struct hci_conn_params *p;
6188
6189 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6190 /* Needed for AUTO_OFF case where might not "really"
6191 * have been powered off.
6192 */
6193 list_del_init(&p->action);
6194
6195 switch (p->auto_connect) {
4b9e7e75 6196 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6197 case HCI_AUTO_CONN_ALWAYS:
6198 list_add(&p->action, &hdev->pend_le_conns);
6199 break;
6200 case HCI_AUTO_CONN_REPORT:
6201 list_add(&p->action, &hdev->pend_le_reports);
6202 break;
6203 default:
6204 break;
c83ed19d 6205 }
6046dc3e 6206 }
c83ed19d 6207
2cf22218 6208 __hci_update_background_scan(req);
6046dc3e
AG		 6209}
6210
229ab39c
JH		 6211static void powered_complete(struct hci_dev *hdev, u8 status)
6212{
6213 struct cmd_lookup match = { NULL, hdev };
6214
6215 BT_DBG("status 0x%02x", status);
6216
6217 hci_dev_lock(hdev);
6218
6219 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6220
6221 new_settings(hdev, match.sk);
6222
6223 hci_dev_unlock(hdev);
6224
6225 if (match.sk)
6226 sock_put(match.sk);
6227}
6228
70da6243 6229static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6230{
890ea898 6231 struct hci_request req;
70da6243 6232 u8 link_sec;
5add6af8 6233
890ea898
JH		 6234 hci_req_init(&req, hdev);
6235
70da6243
JH		 6236 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6237 !lmp_host_ssp_capable(hdev)) {
6238 u8 ssp = 1;
5e5282bb 6239
890ea898 6240 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 6241 }
5add6af8 6242
ec6f99b8
JH		 6243 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6244 u8 sc = 0x01;
6245 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, sizeof(sc), &sc);
6246 }
6247
c73eee91
JH		 6248 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6249 lmp_bredr_capable(hdev)) {
70da6243 6250 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6251
32226e4f
MH		 6252 cp.le = 0x01;
6253 cp.simul = 0x00;
3d1cbdd6 6254
70da6243
JH		 6255 /* Check first if we already have the right
6256 * host state (host features set)
6257 */
6258 if (cp.le != lmp_host_le_capable(hdev) ||
6259 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6260 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6261 sizeof(cp), &cp);
70da6243 6262 }
3d1cbdd6 6263
d13eafce 6264 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6265 /* Make sure the controller has a good default for
6266 * advertising data. This also applies to the case
6267 * where BR/EDR was toggled during the AUTO_OFF phase.
6268 */
f14d8f64 6269 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6270 update_adv_data(&req);
f14d8f64
MH		 6271 update_scan_rsp_data(&req);
6272 }
441ad2d0 6273
bba3aa55
MH		 6274 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6275 enable_advertising(&req);
2cf22218
JH		 6276
6277 restart_le_actions(&req);
eeca6f89
JH		 6278 }
6279
70da6243
JH		 6280 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6281 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6282 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6283 sizeof(link_sec), &link_sec);
562fcc24 6284
70da6243 6285 if (lmp_bredr_capable(hdev)) {
432df05e 6286 write_fast_connectable(&req, false);
1d2dc5b7 6287 __hci_update_page_scan(&req);
890ea898 6288 update_class(&req);
13928971 6289 update_name(&req);
890ea898 6290 update_eir(&req);
70da6243 6291 }
562fcc24 6292
229ab39c 6293 return hci_req_run(&req, powered_complete);
70da6243 6294}
562fcc24 6295
70da6243
JH		 6296int mgmt_powered(struct hci_dev *hdev, u8 powered)
6297{
6298 struct cmd_lookup match = { NULL, hdev };
9845904f 6299 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6300 int err;
f0ff92fb 6301
70da6243
JH		 6302 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6303 return 0;
6304
70da6243 6305 if (powered) {
229ab39c
JH		 6306 if (powered_update_hci(hdev) == 0)
6307 return 0;
fe038884 6308
229ab39c
JH		 6309 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6310 &match);
6311 goto new_settings;
b24752fe
JH		 6312 }
6313
229ab39c 6314 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6315
6316 /* If the power off is because of hdev unregistration let
6317 * use the appropriate INVALID_INDEX status. Otherwise use
6318 * NOT_POWERED. We cover both scenarios here since later in
6319 * mgmt_index_removed() any hci_conn callbacks will have already
6320 * been triggered, potentially causing misleading DISCONNECTED
6321 * status responses.
6322 */
6323 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6324 status = MGMT_STATUS_INVALID_INDEX;
6325 else
6326 status = MGMT_STATUS_NOT_POWERED;
6327
6328 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6329
6330 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6331 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6332 zero_cod, sizeof(zero_cod), NULL);
6333
6334new_settings:
beadb2bd 6335 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6336
6337 if (match.sk)
6338 sock_put(match.sk);
6339
7bb895d6 6340 return err;
5add6af8 6341}
73f22f62 6342
3eec705e 6343void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6344{
6345 struct pending_cmd *cmd;
6346 u8 status;
6347
6348 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6349 if (!cmd)
3eec705e 6350 return;
96570ffc
JH		 6351
6352 if (err == -ERFKILL)
6353 status = MGMT_STATUS_RFKILLED;
6354 else
6355 status = MGMT_STATUS_FAILED;
6356
3eec705e 6357 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6358
6359 mgmt_pending_remove(cmd);
96570ffc
JH		 6360}
6361
d1967ff8
MH		 6362void mgmt_discoverable_timeout(struct hci_dev *hdev)
6363{
6364 struct hci_request req;
d1967ff8
MH		 6365
6366 hci_dev_lock(hdev);
6367
6368 /* When discoverable timeout triggers, then just make sure
6369 * the limited discoverable flag is cleared. Even in the case
6370 * of a timeout triggered from general discoverable, it is
6371 * safe to unconditionally clear the flag.
6372 */
6373 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6374 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6375
6376 hci_req_init(&req, hdev);
4b580614
JH		 6377 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6378 u8 scan = SCAN_PAGE;
6379 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6380 sizeof(scan), &scan);
6381 }
d1967ff8 6382 update_class(&req);
9a43e25f 6383 update_adv_data(&req);
d1967ff8
MH		 6384 hci_req_run(&req, NULL);
6385
6386 hdev->discov_timeout = 0;
6387
9a43e25f
JH		 6388 new_settings(hdev, NULL);
6389
d1967ff8
MH		 6390 hci_dev_unlock(hdev);
6391}
6392
dc4a5ee2
MH		 6393void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6394 bool persistent)
55ed8ca1 6395{
86742e1e 6396 struct mgmt_ev_new_link_key ev;
55ed8ca1 6397
a492cd52 6398 memset(&ev, 0, sizeof(ev));
55ed8ca1 6399
a492cd52 6400 ev.store_hint = persistent;
d753fdc4 6401 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6402 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6403 ev.key.type = key->type;
9b3b4460 6404 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6405 ev.key.pin_len = key->pin_len;
55ed8ca1 6406
dc4a5ee2 6407 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6408}
f7520543 6409
d7b25450
JH		 6410static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6411{
23fb8de3
JH		 6412 switch (ltk->type) {
6413 case SMP_LTK:
6414 case SMP_LTK_SLAVE:
6415 if (ltk->authenticated)
6416 return MGMT_LTK_AUTHENTICATED;
6417 return MGMT_LTK_UNAUTHENTICATED;
6418 case SMP_LTK_P256:
6419 if (ltk->authenticated)
6420 return MGMT_LTK_P256_AUTH;
6421 return MGMT_LTK_P256_UNAUTH;
6422 case SMP_LTK_P256_DEBUG:
6423 return MGMT_LTK_P256_DEBUG;
6424 }
d7b25450
JH		 6425
6426 return MGMT_LTK_UNAUTHENTICATED;
6427}
6428
53ac6ab6 6429void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6430{
6431 struct mgmt_ev_new_long_term_key ev;
6432
6433 memset(&ev, 0, sizeof(ev));
6434
5192d301
MH		 6435 /* Devices using resolvable or non-resolvable random addresses
6436 * without providing an indentity resolving key don't require
6437 * to store long term keys. Their addresses will change the
6438 * next time around.
6439 *
6440 * Only when a remote device provides an identity address
6441 * make sure the long term key is stored. If the remote
6442 * identity is known, the long term keys are internally
6443 * mapped to the identity address. So allow static random
6444 * and public addresses here.
6445 */
ba74b666
JH		 6446 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6447 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6448 ev.store_hint = 0x00;
6449 else
53ac6ab6 6450 ev.store_hint = persistent;
ba74b666 6451
346af67b 6452 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6453 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6454 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6455 ev.key.enc_size = key->enc_size;
6456 ev.key.ediv = key->ediv;
fe39c7b2 6457 ev.key.rand = key->rand;
346af67b 6458
2ceba539 6459 if (key->type == SMP_LTK)
346af67b
VCG		 6460 ev.key.master = 1;
6461
346af67b
VCG		 6462 memcpy(ev.key.val, key->val, sizeof(key->val));
6463
083368f7 6464 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6465}
6466
95fbac8a
JH		 6467void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6468{
6469 struct mgmt_ev_new_irk ev;
6470
6471 memset(&ev, 0, sizeof(ev));
6472
bab6d1e5
MH		 6473 /* For identity resolving keys from devices that are already
6474 * using a public address or static random address, do not
6475 * ask for storing this key. The identity resolving key really
6476 * is only mandatory for devices using resovlable random
6477 * addresses.
6478 *
6479 * Storing all identity resolving keys has the downside that
6480 * they will be also loaded on next boot of they system. More
6481 * identity resolving keys, means more time during scanning is
6482 * needed to actually resolve these addresses.
6483 */
6484 if (bacmp(&irk->rpa, BDADDR_ANY))
6485 ev.store_hint = 0x01;
6486 else
6487 ev.store_hint = 0x00;
6488
95fbac8a
JH		 6489 bacpy(&ev.rpa, &irk->rpa);
6490 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6491 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6492 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6493
6494 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6495}
6496
53ac6ab6
MH		 6497void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6498 bool persistent)
7ee4ea36
MH		 6499{
6500 struct mgmt_ev_new_csrk ev;
6501
6502 memset(&ev, 0, sizeof(ev));
6503
6504 /* Devices using resolvable or non-resolvable random addresses
6505 * without providing an indentity resolving key don't require
6506 * to store signature resolving keys. Their addresses will change
6507 * the next time around.
6508 *
6509 * Only when a remote device provides an identity address
6510 * make sure the signature resolving key is stored. So allow
6511 * static random and public addresses here.
6512 */
6513 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6514 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6515 ev.store_hint = 0x00;
6516 else
53ac6ab6 6517 ev.store_hint = persistent;
7ee4ea36
MH		 6518
6519 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6520 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6521 ev.key.master = csrk->master;
6522 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6523
6524 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6525}
6526
ffb5a827 6527void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6528 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6529 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6530{
6531 struct mgmt_ev_new_conn_param ev;
6532
c103aea6
JH		 6533 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6534 return;
6535
ffb5a827
AG		 6536 memset(&ev, 0, sizeof(ev));
6537 bacpy(&ev.addr.bdaddr, bdaddr);
6538 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6539 ev.store_hint = store_hint;
ffb5a827
AG		 6540 ev.min_interval = cpu_to_le16(min_interval);
6541 ev.max_interval = cpu_to_le16(max_interval);
6542 ev.latency = cpu_to_le16(latency);
6543 ev.timeout = cpu_to_le16(timeout);
6544
6545 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6546}
6547
94933991
MH		 6548static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6549 u8 data_len)
6550{
6551 eir[eir_len++] = sizeof(type) + data_len;
6552 eir[eir_len++] = type;
6553 memcpy(&eir[eir_len], data, data_len);
6554 eir_len += data_len;
6555
6556 return eir_len;
6557}
6558
48ec92fa
AA		 6559void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6560 u32 flags, u8 *name, u8 name_len)
f7520543 6561{
b644ba33
JH		 6562 char buf[512];
6563 struct mgmt_ev_device_connected *ev = (void *) buf;
6564 u16 eir_len = 0;
f7520543 6565
48ec92fa
AA		 6566 bacpy(&ev->addr.bdaddr, &conn->dst);
6567 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6568
c95f0ba7 6569 ev->flags = __cpu_to_le32(flags);
08c79b61 6570
fd45ada9
AA		 6571 /* We must ensure that the EIR Data fields are ordered and
6572 * unique. Keep it simple for now and avoid the problem by not
6573 * adding any BR/EDR data to the LE adv.
6574 */
6575 if (conn->le_adv_data_len > 0) {
6576 memcpy(&ev->eir[eir_len],
6577 conn->le_adv_data, conn->le_adv_data_len);
6578 eir_len = conn->le_adv_data_len;
6579 } else {
6580 if (name_len > 0)
6581 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6582 name, name_len);
b644ba33 6583
ddbea5cf 6584 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6585 eir_len = eir_append_data(ev->eir, eir_len,
6586 EIR_CLASS_OF_DEV,
6587 conn->dev_class, 3);
6588 }
b644ba33 6589
eb55ef07 6590 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6591
ecd90ae7
MH		 6592 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6593 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6594}
6595
8962ee74
JH		 6596static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6597{
8962ee74 6598 struct sock **sk = data;
8962ee74 6599
f5818c22 6600 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6601
6602 *sk = cmd->sk;
6603 sock_hold(*sk);
6604
a664b5bc 6605 mgmt_pending_remove(cmd);
8962ee74
JH		 6606}
6607
124f6e35 6608static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6609{
b1078ad0 6610 struct hci_dev *hdev = data;
124f6e35 6611 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6612
b1078ad0
JH		 6613 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6614
d8b7b1e4 6615 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6616 mgmt_pending_remove(cmd);
6617}
6618
84c61d92
JH		 6619bool mgmt_powering_down(struct hci_dev *hdev)
6620{
6621 struct pending_cmd *cmd;
6622 struct mgmt_mode *cp;
6623
6624 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6625 if (!cmd)
6626 return false;
6627
6628 cp = cmd->param;
6629 if (!cp->val)
6630 return true;
6631
6632 return false;
6633}
6634
9b80ec5e 6635void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6636 u8 link_type, u8 addr_type, u8 reason,
6637 bool mgmt_connected)
f7520543 6638{
f0d6a0ea 6639 struct mgmt_ev_device_disconnected ev;
8962ee74 6640 struct sock *sk = NULL;
8962ee74 6641
84c61d92
JH		 6642 /* The connection is still in hci_conn_hash so test for 1
6643 * instead of 0 to know if this is the last one.
6644 */
6645 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6646 cancel_delayed_work(&hdev->power_off);
6647 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6648 }
6649
12d4a3b2
JH		 6650 if (!mgmt_connected)
6651 return;
6652
57eb776f
AG		 6653 if (link_type != ACL_LINK && link_type != LE_LINK)
6654 return;
6655
744cf19e 6656 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6657
f0d6a0ea
MA		 6658 bacpy(&ev.addr.bdaddr, bdaddr);
6659 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6660 ev.reason = reason;
f7520543 6661
9b80ec5e 6662 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6663
6664 if (sk)
d97dcb66 6665 sock_put(sk);
8962ee74 6666
124f6e35 6667 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6668 hdev);
8962ee74
JH		 6669}
6670
7892924c
MH		 6671void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6672 u8 link_type, u8 addr_type, u8 status)
8962ee74 6673{
3655bba8
AG		 6674 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6675 struct mgmt_cp_disconnect *cp;
8962ee74 6676 struct pending_cmd *cmd;
8962ee74 6677
36a75f1b
JD		 6678 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6679 hdev);
6680
2e58ef3e 6681 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6682 if (!cmd)
7892924c 6683 return;
8962ee74 6684
3655bba8
AG		 6685 cp = cmd->param;
6686
6687 if (bacmp(bdaddr, &cp->addr.bdaddr))
6688 return;
6689
6690 if (cp->addr.type != bdaddr_type)
6691 return;
6692
f5818c22 6693 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6694 mgmt_pending_remove(cmd);
f7520543 6695}
17d5c04c 6696
445608d0
MH		 6697void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6698 u8 addr_type, u8 status)
17d5c04c
JH		 6699{
6700 struct mgmt_ev_connect_failed ev;
c9910d0f 6701
84c61d92
JH		 6702 /* The connection is still in hci_conn_hash so test for 1
6703 * instead of 0 to know if this is the last one.
6704 */
6705 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6706 cancel_delayed_work(&hdev->power_off);
6707 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6708 }
17d5c04c 6709
4c659c39 6710 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6711 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6712 ev.status = mgmt_status(status);
17d5c04c 6713
445608d0 6714 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6715}
980e1a53 6716
ce0e4a0d 6717void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6718{
6719 struct mgmt_ev_pin_code_request ev;
6720
d8457698 6721 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6722 ev.addr.type = BDADDR_BREDR;
a770bb5a 6723 ev.secure = secure;
980e1a53 6724
ce0e4a0d 6725 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6726}
6727
e669cf80
MH		 6728void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6729 u8 status)
980e1a53
JH		 6730{
6731 struct pending_cmd *cmd;
980e1a53 6732
2e58ef3e 6733 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6734 if (!cmd)
e669cf80 6735 return;
980e1a53 6736
7776d1d8 6737 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6738 mgmt_pending_remove(cmd);
980e1a53
JH		 6739}
6740
3eb38528
MH		 6741void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6742 u8 status)
980e1a53
JH		 6743{
6744 struct pending_cmd *cmd;
980e1a53 6745
2e58ef3e 6746 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6747 if (!cmd)
3eb38528 6748 return;
980e1a53 6749
7776d1d8 6750 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6751 mgmt_pending_remove(cmd);
980e1a53 6752}
a5c29683 6753
744cf19e 6754int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6755 u8 link_type, u8 addr_type, u32 value,
04124681 6756 u8 confirm_hint)
a5c29683
JH		 6757{
6758 struct mgmt_ev_user_confirm_request ev;
6759
744cf19e 6760 BT_DBG("%s", hdev->name);
a5c29683 6761
272d90df 6762 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6763 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6764 ev.confirm_hint = confirm_hint;
39adbffe 6765 ev.value = cpu_to_le32(value);
a5c29683 6766
744cf19e 6767 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6768 NULL);
a5c29683
JH		 6769}
6770
272d90df 6771int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6772 u8 link_type, u8 addr_type)
604086b7
BG		 6773{
6774 struct mgmt_ev_user_passkey_request ev;
6775
6776 BT_DBG("%s", hdev->name);
6777
272d90df 6778 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6779 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6780
6781 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6782 NULL);
604086b7
BG		 6783}
6784
0df4c185 6785static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6786 u8 link_type, u8 addr_type, u8 status,
6787 u8 opcode)
a5c29683
JH		 6788{
6789 struct pending_cmd *cmd;
a5c29683 6790
2e58ef3e 6791 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6792 if (!cmd)
6793 return -ENOENT;
6794
7776d1d8 6795 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6796 mgmt_pending_remove(cmd);
a5c29683 6797
7776d1d8 6798 return 0;
a5c29683
JH		 6799}
6800
744cf19e 6801int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6802 u8 link_type, u8 addr_type, u8 status)
a5c29683 6803{
272d90df 6804 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6805 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6806}
6807
272d90df 6808int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6809 u8 link_type, u8 addr_type, u8 status)
a5c29683 6810{
272d90df 6811 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6812 status,
6813 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6814}
2a611692 6815
604086b7 6816int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6817 u8 link_type, u8 addr_type, u8 status)
604086b7 6818{
272d90df 6819 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6820 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6821}
6822
272d90df 6823int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6824 u8 link_type, u8 addr_type, u8 status)
604086b7 6825{
272d90df 6826 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6827 status,
6828 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6829}
6830
92a25256
JH		 6831int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6832 u8 link_type, u8 addr_type, u32 passkey,
6833 u8 entered)
6834{
6835 struct mgmt_ev_passkey_notify ev;
6836
6837 BT_DBG("%s", hdev->name);
6838
6839 bacpy(&ev.addr.bdaddr, bdaddr);
6840 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6841 ev.passkey = __cpu_to_le32(passkey);
6842 ev.entered = entered;
6843
6844 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6845}
6846
e1e930f5 6847void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6848{
6849 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6850 struct pending_cmd *cmd;
6851 u8 status = mgmt_status(hci_status);
2a611692 6852
e1e930f5
JH		 6853 bacpy(&ev.addr.bdaddr, &conn->dst);
6854 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6855 ev.status = status;
2a611692 6856
e1e930f5
JH		 6857 cmd = find_pairing(conn);
6858
6859 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6860 cmd ? cmd->sk : NULL);
6861
a511b35b
JH		 6862 if (cmd) {
6863 cmd->cmd_complete(cmd, status);
6864 mgmt_pending_remove(cmd);
6865 }
2a611692 6866}
b312b161 6867
464996ae 6868void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6869{
6870 struct cmd_lookup match = { NULL, hdev };
464996ae 6871 bool changed;
33ef95ed
JH		 6872
6873 if (status) {
6874 u8 mgmt_err = mgmt_status(status);
6875 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6876 cmd_status_rsp, &mgmt_err);
464996ae 6877 return;
33ef95ed
JH		 6878 }
6879
464996ae
MH		 6880 if (test_bit(HCI_AUTH, &hdev->flags))
6881 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6882 &hdev->dev_flags);
6883 else
6884 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6885 &hdev->dev_flags);
47990ea0 6886
33ef95ed 6887 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6888 &match);
33ef95ed 6889
47990ea0 6890 if (changed)
464996ae 6891 new_settings(hdev, match.sk);
33ef95ed
JH		 6892
6893 if (match.sk)
6894 sock_put(match.sk);
33ef95ed
JH		 6895}
6896
890ea898 6897static void clear_eir(struct hci_request *req)
cacaf52f 6898{
890ea898 6899 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6900 struct hci_cp_write_eir cp;
6901
976eb20e 6902 if (!lmp_ext_inq_capable(hdev))
890ea898 6903 return;
cacaf52f 6904
c80da27e
JH		 6905 memset(hdev->eir, 0, sizeof(hdev->eir));
6906
cacaf52f
JH		 6907 memset(&cp, 0, sizeof(cp));
6908
890ea898 6909 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6910}
6911
3e248560 6912void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6913{
6914 struct cmd_lookup match = { NULL, hdev };
890ea898 6915 struct hci_request req;
c0ecddc2 6916 bool changed = false;
ed2c4ee3
JH		 6917
6918 if (status) {
6919 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6920
6921 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6922 &hdev->dev_flags)) {
6923 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6924 new_settings(hdev, NULL);
9ecb3e24 6925 }
c0ecddc2 6926
04124681
GP		 6927 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6928 &mgmt_err);
3e248560 6929 return;
c0ecddc2
JH		 6930 }
6931
6932 if (enable) {
9ecb3e24 6933 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6934 } else {
9ecb3e24
MH		 6935 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6936 if (!changed)
6937 changed = test_and_clear_bit(HCI_HS_ENABLED,
6938 &hdev->dev_flags);
6939 else
6940 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6941 }
6942
6943 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6944
c0ecddc2 6945 if (changed)
3e248560 6946 new_settings(hdev, match.sk);
ed2c4ee3 6947
5fc6ebb1 6948 if (match.sk)
ed2c4ee3
JH		 6949 sock_put(match.sk);
6950
890ea898
JH		 6951 hci_req_init(&req, hdev);
6952
3769972b
JH		 6953 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6954 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6955 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6956 sizeof(enable), &enable);
890ea898 6957 update_eir(&req);
3769972b 6958 } else {
890ea898 6959 clear_eir(&req);
3769972b 6960 }
890ea898
JH		 6961
6962 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6963}
6964
eac83dc6
MH		 6965void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6966{
6967 struct cmd_lookup match = { NULL, hdev };
6968 bool changed = false;
6969
6970 if (status) {
6971 u8 mgmt_err = mgmt_status(status);
6972
0ab04a9c
MH		 6973 if (enable) {
6974 if (test_and_clear_bit(HCI_SC_ENABLED,
6975 &hdev->dev_flags))
6976 new_settings(hdev, NULL);
6977 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6978 }
eac83dc6
MH		 6979
6980 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6981 cmd_status_rsp, &mgmt_err);
6982 return;
6983 }
6984
0ab04a9c 6985 if (enable) {
eac83dc6 6986 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6987 } else {
eac83dc6 6988 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6989 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6990 }
eac83dc6
MH		 6991
6992 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6993 settings_rsp, &match);
6994
6995 if (changed)
6996 new_settings(hdev, match.sk);
6997
6998 if (match.sk)
6999 sock_put(match.sk);
7000}
7001
92da6097 7002static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 7003{
7004 struct cmd_lookup *match = data;
7005
90e70454
JH		 7006 if (match->sk == NULL) {
7007 match->sk = cmd->sk;
7008 sock_hold(match->sk);
7009 }
90e70454
JH		 7010}
7011
4e1b0245
MH		 7012void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7013 u8 status)
7f9a903c 7014{
90e70454 7015 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7016
92da6097
JH		 7017 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7018 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7019 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7020
7021 if (!status)
4e1b0245
MH		 7022 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7023 NULL);
90e70454
JH		 7024
7025 if (match.sk)
7026 sock_put(match.sk);
7f9a903c
MH		 7027}
7028
7667da34 7029void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7030{
b312b161 7031 struct mgmt_cp_set_local_name ev;
13928971 7032 struct pending_cmd *cmd;
28cc7bde 7033
13928971 7034 if (status)
7667da34 7035 return;
b312b161
JH		 7036
7037 memset(&ev, 0, sizeof(ev));
7038 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7039 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7040
2e58ef3e 7041 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7042 if (!cmd) {
7043 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7044
13928971
JH		 7045 /* If this is a HCI command related to powering on the
7046 * HCI dev don't send any mgmt signals.
7047 */
7048 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7049 return;
890ea898 7050 }
b312b161 7051
7667da34
MH		 7052 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7053 cmd ? cmd->sk : NULL);
b312b161 7054}
c35938b2 7055
4d2d2796 7056void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7057 u8 *rand192, u8 *hash256, u8 *rand256,
7058 u8 status)
c35938b2
SJ		 7059{
7060 struct pending_cmd *cmd;
c35938b2 7061
744cf19e 7062 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7063
2e58ef3e 7064 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7065 if (!cmd)
3edaf092 7066 return;
c35938b2
SJ		 7067
7068 if (status) {
3edaf092
MH		 7069 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7070 mgmt_status(status));
c35938b2 7071 } else {
710f11c0 7072 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796
MH		 7073 struct mgmt_rp_read_local_oob_ext_data rp;
7074
7075 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
38da1703 7076 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7077
4d2d2796 7078 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7079 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
c35938b2 7080
4d2d2796
MH		 7081 cmd_complete(cmd->sk, hdev->id,
7082 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7083 &rp, sizeof(rp));
7084 } else {
7085 struct mgmt_rp_read_local_oob_data rp;
7086
7087 memcpy(rp.hash, hash192, sizeof(rp.hash));
38da1703 7088 memcpy(rp.rand, rand192, sizeof(rp.rand));
4d2d2796
MH		 7089
7090 cmd_complete(cmd->sk, hdev->id,
7091 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7092 &rp, sizeof(rp));
7093 }
c35938b2
SJ		 7094 }
7095
7096 mgmt_pending_remove(cmd);
c35938b2 7097}
e17acd40 7098
799ce93d
JP		 7099static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7100{
7101 int i;
7102
7103 for (i = 0; i < uuid_count; i++) {
7104 if (!memcmp(uuid, uuids[i], 16))
7105 return true;
7106 }
7107
7108 return false;
7109}
7110
b487b9ce
MH		 7111static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7112{
799ce93d
JP		 7113 u16 parsed = 0;
7114
7115 while (parsed < eir_len) {
7116 u8 field_len = eir[0];
7117 u8 uuid[16];
7118 int i;
7119
7120 if (field_len == 0)
7121 break;
7122
7123 if (eir_len - parsed < field_len + 1)
7124 break;
7125
7126 switch (eir[1]) {
7127 case EIR_UUID16_ALL:
7128 case EIR_UUID16_SOME:
7129 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7130 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7131 uuid[13] = eir[i + 3];
7132 uuid[12] = eir[i + 2];
7133 if (has_uuid(uuid, uuid_count, uuids))
7134 return true;
7135 }
7136 break;
7137 case EIR_UUID32_ALL:
7138 case EIR_UUID32_SOME:
7139 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7140 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7141 uuid[15] = eir[i + 5];
7142 uuid[14] = eir[i + 4];
7143 uuid[13] = eir[i + 3];
7144 uuid[12] = eir[i + 2];
7145 if (has_uuid(uuid, uuid_count, uuids))
7146 return true;
7147 }
7148 break;
7149 case EIR_UUID128_ALL:
7150 case EIR_UUID128_SOME:
7151 for (i = 0; i + 17 <= field_len; i += 16) {
7152 memcpy(uuid, eir + i + 2, 16);
7153 if (has_uuid(uuid, uuid_count, uuids))
7154 return true;
7155 }
7156 break;
7157 }
7158
7159 parsed += field_len + 1;
7160 eir += field_len + 1;
7161 }
7162
b487b9ce
MH		 7163 return false;
7164}
7165
901801b9 7166void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 7167 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7168 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7169{
e319d2e7
JH		 7170 char buf[512];
7171 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 7172 size_t ev_size;
b487b9ce 7173 bool match;
e17acd40 7174
75ce208c
JH		 7175 /* Don't send events for a non-kernel initiated discovery. With
7176 * LE one exception is if we have pend_le_reports > 0 in which
7177 * case we're doing passive scanning and want these events.
7178 */
7179 if (!hci_discovery_active(hdev)) {
7180 if (link_type == ACL_LINK)
7181 return;
66f8455a 7182 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 7183 return;
7184 }
12602d0c 7185
bda157a4
MH		 7186 /* When using service discovery with a RSSI threshold, then check
7187 * if such a RSSI threshold is specified. If a RSSI threshold has
7188 * been specified, then all results with a RSSI smaller than the
7189 * RSSI threshold will be dropped.
efb2513f
MH		 7190 *
7191 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7192 * the results are also dropped.
bda157a4
MH		 7193 */
7194 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
efb2513f 7195 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
bda157a4
MH		 7196 return;
7197
5d2e9fad
JH		 7198 /* Make sure that the buffer is big enough. The 5 extra bytes
7199 * are for the potential CoD field.
7200 */
7201 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 7202 return;
7d262f86 7203
1dc06093
JH		 7204 memset(buf, 0, sizeof(buf));
7205
da25cf6a
MH		 7206 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7207 * RSSI value was reported as 0 when not available. This behavior
7208 * is kept when using device discovery. This is required for full
7209 * backwards compatibility with the API.
7210 *
7211 * However when using service discovery, the value 127 will be
7212 * returned when the RSSI is not available.
7213 */
7214 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi)
efb2513f
MH		 7215 rssi = 0;
7216
841c5644
JH		 7217 bacpy(&ev->addr.bdaddr, bdaddr);
7218 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 7219 ev->rssi = rssi;
af58925c 7220 ev->flags = cpu_to_le32(flags);
e17acd40 7221
b487b9ce
MH		 7222 if (eir_len > 0) {
7223 /* When using service discovery and a list of UUID is
7224 * provided, results with no matching UUID should be
7225 * dropped. In case there is a match the result is
7226 * kept and checking possible scan response data
7227 * will be skipped.
7228 */
ea8ae251 7229 if (hdev->discovery.uuid_count > 0)
b487b9ce
MH		 7230 match = eir_has_uuids(eir, eir_len,
7231 hdev->discovery.uuid_count,
7232 hdev->discovery.uuids);
ea8ae251
MH		 7233 else
7234 match = true;
7235
7236 if (!match && !scan_rsp_len)
7237 return;
b487b9ce
MH		 7238
7239 /* Copy EIR or advertising data into event */
e319d2e7 7240 memcpy(ev->eir, eir, eir_len);
b487b9ce
MH		 7241 } else {
7242 /* When using service discovery and a list of UUID is
7243 * provided, results with empty EIR or advertising data
7244 * should be dropped since they do not match any UUID.
7245 */
ea8ae251 7246 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
b487b9ce 7247 return;
ea8ae251
MH		 7248
7249 match = false;
b487b9ce 7250 }
e17acd40 7251
1dc06093
JH		 7252 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7253 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 7254 dev_class, 3);
1dc06093 7255
b487b9ce
MH		 7256 if (scan_rsp_len > 0) {
7257 /* When using service discovery and a list of UUID is
7258 * provided, results with no matching UUID should be
7259 * dropped if there is no previous match from the
7260 * advertising data.
7261 */
7262 if (hdev->discovery.uuid_count > 0) {
7263 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7264 hdev->discovery.uuid_count,
7265 hdev->discovery.uuids))
7266 return;
7267 }
7268
7269 /* Append scan response data to event */
5d2e9fad 7270 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
b487b9ce
MH		 7271 } else {
7272 /* When using service discovery and a list of UUID is
7273 * provided, results with empty scan response and no
7274 * previous matched advertising data should be dropped.
7275 */
7276 if (hdev->discovery.uuid_count > 0 && !match)
7277 return;
7278 }
5d2e9fad
JH		 7279
7280 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7281 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7282
901801b9 7283 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7284}
a88a9652 7285
9cf12aee
MH		 7286void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7287 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7288{
b644ba33
JH		 7289 struct mgmt_ev_device_found *ev;
7290 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7291 u16 eir_len;
a88a9652 7292
b644ba33 7293 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7294
b644ba33
JH		 7295 memset(buf, 0, sizeof(buf));
7296
7297 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7298 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7299 ev->rssi = rssi;
7300
7301 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7302 name_len);
b644ba33 7303
eb55ef07 7304 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7305
9cf12aee 7306 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7307}
314b2381 7308
2f1e063b 7309void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7310{
f963e8e9 7311 struct mgmt_ev_discovering ev;
164a6e78 7312
343fb145
AG		 7313 BT_DBG("%s discovering %u", hdev->name, discovering);
7314
f963e8e9
JH		 7315 memset(&ev, 0, sizeof(ev));
7316 ev.type = hdev->discovery.type;
7317 ev.discovering = discovering;
7318
2f1e063b 7319 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7320}
5e762444 7321
5976e608
MH		 7322static void adv_enable_complete(struct hci_dev *hdev, u8 status)
7323{
7324 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7325}
7326
7327void mgmt_reenable_advertising(struct hci_dev *hdev)
7328{
7329 struct hci_request req;
7330
5976e608
MH		 7331 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7332 return;
7333
7334 hci_req_init(&req, hdev);
7335 enable_advertising(&req);
0ec5ae84 7336 hci_req_run(&req, adv_enable_complete);
5976e608 7337}
ubuntu-zesty-kernel mirror