]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Keep msec in DISCOV_INTERLEAVED_TIMEOUT
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
7ee4ea36 111 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 112};
113
17b02e62 114#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 115
4b34ee78
JH		 116#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
117 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
118
eec8d2bc
JH		 119struct pending_cmd {
120 struct list_head list;
fc2f4b13 121 u16 opcode;
eec8d2bc 122 int index;
c68fb7ff 123 void *param;
eec8d2bc 124 struct sock *sk;
e9a416b5 125 void *user_data;
eec8d2bc
JH		 126};
127
ca69b795
JH		 128/* HCI to MGMT error code conversion table */
129static u8 mgmt_status_table[] = {
130 MGMT_STATUS_SUCCESS,
131 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
132 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
133 MGMT_STATUS_FAILED, /* Hardware Failure */
134 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
135 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 136 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 137 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
138 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
140 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
141 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
142 MGMT_STATUS_BUSY, /* Command Disallowed */
143 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
144 MGMT_STATUS_REJECTED, /* Rejected Security */
145 MGMT_STATUS_REJECTED, /* Rejected Personal */
146 MGMT_STATUS_TIMEOUT, /* Host Timeout */
147 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
148 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
149 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
150 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
151 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
152 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
153 MGMT_STATUS_BUSY, /* Repeated Attempts */
154 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
155 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
156 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
157 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
158 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
159 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
160 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
161 MGMT_STATUS_FAILED, /* Unspecified Error */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
163 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
164 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
165 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
166 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
167 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
168 MGMT_STATUS_FAILED, /* Unit Link Key Used */
169 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
170 MGMT_STATUS_TIMEOUT, /* Instant Passed */
171 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
172 MGMT_STATUS_FAILED, /* Transaction Collision */
173 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
174 MGMT_STATUS_REJECTED, /* QoS Rejected */
175 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
176 MGMT_STATUS_REJECTED, /* Insufficient Security */
177 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
178 MGMT_STATUS_BUSY, /* Role Switch Pending */
179 MGMT_STATUS_FAILED, /* Slot Violation */
180 MGMT_STATUS_FAILED, /* Role Switch Failed */
181 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
182 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
183 MGMT_STATUS_BUSY, /* Host Busy Pairing */
184 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
185 MGMT_STATUS_BUSY, /* Controller Busy */
186 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
187 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
188 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
189 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
190 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
191};
192
193static u8 mgmt_status(u8 hci_status)
194{
195 if (hci_status < ARRAY_SIZE(mgmt_status_table))
196 return mgmt_status_table[hci_status];
197
198 return MGMT_STATUS_FAILED;
199}
200
4e51eae9 201static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 202{
203 struct sk_buff *skb;
204 struct mgmt_hdr *hdr;
205 struct mgmt_ev_cmd_status *ev;
56b7d137 206 int err;
f7b64e69 207
34eb525c 208 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 209
790eff44 210 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 211 if (!skb)
212 return -ENOMEM;
213
214 hdr = (void *) skb_put(skb, sizeof(*hdr));
215
dcf4adbf 216 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 217 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 218 hdr->len = cpu_to_le16(sizeof(*ev));
219
220 ev = (void *) skb_put(skb, sizeof(*ev));
221 ev->status = status;
eb55ef07 222 ev->opcode = cpu_to_le16(cmd);
f7b64e69 223
56b7d137
GP		 224 err = sock_queue_rcv_skb(sk, skb);
225 if (err < 0)
f7b64e69
JH		 226 kfree_skb(skb);
227
56b7d137 228 return err;
f7b64e69
JH		 229}
230
aee9b218 231static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 232 void *rp, size_t rp_len)
02d98129
JH		 233{
234 struct sk_buff *skb;
235 struct mgmt_hdr *hdr;
236 struct mgmt_ev_cmd_complete *ev;
56b7d137 237 int err;
02d98129
JH		 238
239 BT_DBG("sock %p", sk);
240
790eff44 241 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 242 if (!skb)
243 return -ENOMEM;
244
245 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 246
dcf4adbf 247 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 248 hdr->index = cpu_to_le16(index);
a38528f1 249 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 250
a38528f1 251 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 252 ev->opcode = cpu_to_le16(cmd);
aee9b218 253 ev->status = status;
8020c16a
SJ		 254
255 if (rp)
256 memcpy(ev->data, rp, rp_len);
02d98129 257
56b7d137
GP		 258 err = sock_queue_rcv_skb(sk, skb);
259 if (err < 0)
02d98129
JH		 260 kfree_skb(skb);
261
e5f0e151 262 return err;
02d98129
JH		 263}
264
04124681
GP		 265static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
266 u16 data_len)
a38528f1
JH		 267{
268 struct mgmt_rp_read_version rp;
269
270 BT_DBG("sock %p", sk);
271
272 rp.version = MGMT_VERSION;
dcf4adbf 273 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 274
aee9b218 275 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 276 sizeof(rp));
a38528f1
JH		 277}
278
04124681
GP		 279static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
280 u16 data_len)
e70bb2e8
JH		 281{
282 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 283 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
284 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 285 __le16 *opcode;
e70bb2e8
JH		 286 size_t rp_size;
287 int i, err;
288
289 BT_DBG("sock %p", sk);
290
291 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
292
293 rp = kmalloc(rp_size, GFP_KERNEL);
294 if (!rp)
295 return -ENOMEM;
296
dcf4adbf
JP		 297 rp->num_commands = cpu_to_le16(num_commands);
298 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 299
300 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
301 put_unaligned_le16(mgmt_commands[i], opcode);
302
303 for (i = 0; i < num_events; i++, opcode++)
304 put_unaligned_le16(mgmt_events[i], opcode);
305
aee9b218 306 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 307 rp_size);
e70bb2e8
JH		 308 kfree(rp);
309
310 return err;
311}
312
04124681
GP		 313static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
314 u16 data_len)
faba42eb 315{
faba42eb 316 struct mgmt_rp_read_index_list *rp;
8035ded4 317 struct hci_dev *d;
a38528f1 318 size_t rp_len;
faba42eb 319 u16 count;
476e44cb 320 int err;
faba42eb
JH		 321
322 BT_DBG("sock %p", sk);
323
324 read_lock(&hci_dev_list_lock);
325
326 count = 0;
bb4b2a9a 327 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 328 if (d->dev_type == HCI_BREDR)
329 count++;
faba42eb
JH		 330 }
331
a38528f1
JH		 332 rp_len = sizeof(*rp) + (2 * count);
333 rp = kmalloc(rp_len, GFP_ATOMIC);
334 if (!rp) {
b2c60d42 335 read_unlock(&hci_dev_list_lock);
faba42eb 336 return -ENOMEM;
b2c60d42 337 }
faba42eb 338
476e44cb 339 count = 0;
8035ded4 340 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 341 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 342 continue;
343
0736cfa8
MH		 344 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
345 continue;
346
1514b892
MH		 347 if (d->dev_type == HCI_BREDR) {
348 rp->index[count++] = cpu_to_le16(d->id);
349 BT_DBG("Added hci%u", d->id);
350 }
faba42eb
JH		 351 }
352
476e44cb
JH		 353 rp->num_controllers = cpu_to_le16(count);
354 rp_len = sizeof(*rp) + (2 * count);
355
faba42eb
JH		 356 read_unlock(&hci_dev_list_lock);
357
aee9b218 358 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 359 rp_len);
faba42eb 360
a38528f1
JH		 361 kfree(rp);
362
363 return err;
faba42eb
JH		 364}
365
69ab39ea
JH		 366static u32 get_supported_settings(struct hci_dev *hdev)
367{
368 u32 settings = 0;
369
370 settings |= MGMT_SETTING_POWERED;
69ab39ea 371 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 372 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 373
ed3fa31f 374 if (lmp_bredr_capable(hdev)) {
33c525c0 375 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 376 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
377 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 378 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 379 settings |= MGMT_SETTING_BREDR;
380 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 381
382 if (lmp_ssp_capable(hdev)) {
383 settings |= MGMT_SETTING_SSP;
384 settings |= MGMT_SETTING_HS;
385 }
e98d2ce2 386
5afeac14
MH		 387 if (lmp_sc_capable(hdev) ||
388 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 389 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 390 }
d7b7e796 391
eeca6f89 392 if (lmp_le_capable(hdev)) {
9d42820f 393 settings |= MGMT_SETTING_LE;
eeca6f89 394 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 395 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 396 }
69ab39ea
JH		 397
398 return settings;
399}
400
401static u32 get_current_settings(struct hci_dev *hdev)
402{
403 u32 settings = 0;
404
f1f0eb02 405 if (hdev_is_powered(hdev))
f0d4b78a
MH		 406 settings |= MGMT_SETTING_POWERED;
407
5e5282bb 408 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 409 settings |= MGMT_SETTING_CONNECTABLE;
410
1a4d3c4b
JH		 411 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
412 settings |= MGMT_SETTING_FAST_CONNECTABLE;
413
5e5282bb 414 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 415 settings |= MGMT_SETTING_DISCOVERABLE;
416
a8b2d5c2 417 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 418 settings |= MGMT_SETTING_PAIRABLE;
419
56f87901 420 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 421 settings |= MGMT_SETTING_BREDR;
422
06199cf8 423 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 424 settings |= MGMT_SETTING_LE;
425
47990ea0 426 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 427 settings |= MGMT_SETTING_LINK_SECURITY;
428
84bde9d6 429 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 430 settings |= MGMT_SETTING_SSP;
431
6d80dfd0
JH		 432 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
433 settings |= MGMT_SETTING_HS;
434
f3d3444a 435 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 436 settings |= MGMT_SETTING_ADVERTISING;
437
e98d2ce2
MH		 438 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
439 settings |= MGMT_SETTING_SECURE_CONN;
440
b1de97d8
MH		 441 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
442 settings |= MGMT_SETTING_DEBUG_KEYS;
443
0f4bd942
JH		 444 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
445 settings |= MGMT_SETTING_PRIVACY;
446
69ab39ea
JH		 447 return settings;
448}
449
ef580372
JH		 450#define PNP_INFO_SVCLASS_ID 0x1200
451
213202ed
JH		 452static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
453{
454 u8 *ptr = data, *uuids_start = NULL;
455 struct bt_uuid *uuid;
456
457 if (len < 4)
458 return ptr;
459
460 list_for_each_entry(uuid, &hdev->uuids, list) {
461 u16 uuid16;
462
463 if (uuid->size != 16)
464 continue;
465
466 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
467 if (uuid16 < 0x1100)
468 continue;
469
470 if (uuid16 == PNP_INFO_SVCLASS_ID)
471 continue;
472
473 if (!uuids_start) {
474 uuids_start = ptr;
475 uuids_start[0] = 1;
476 uuids_start[1] = EIR_UUID16_ALL;
477 ptr += 2;
478 }
479
480 /* Stop if not enough space to put next UUID */
481 if ((ptr - data) + sizeof(u16) > len) {
482 uuids_start[1] = EIR_UUID16_SOME;
483 break;
484 }
485
486 *ptr++ = (uuid16 & 0x00ff);
487 *ptr++ = (uuid16 & 0xff00) >> 8;
488 uuids_start[0] += sizeof(uuid16);
489 }
490
491 return ptr;
492}
493
cdf1963f
JH		 494static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
495{
496 u8 *ptr = data, *uuids_start = NULL;
497 struct bt_uuid *uuid;
498
499 if (len < 6)
500 return ptr;
501
502 list_for_each_entry(uuid, &hdev->uuids, list) {
503 if (uuid->size != 32)
504 continue;
505
506 if (!uuids_start) {
507 uuids_start = ptr;
508 uuids_start[0] = 1;
509 uuids_start[1] = EIR_UUID32_ALL;
510 ptr += 2;
511 }
512
513 /* Stop if not enough space to put next UUID */
514 if ((ptr - data) + sizeof(u32) > len) {
515 uuids_start[1] = EIR_UUID32_SOME;
516 break;
517 }
518
519 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
520 ptr += sizeof(u32);
521 uuids_start[0] += sizeof(u32);
522 }
523
524 return ptr;
525}
526
c00d575b
JH		 527static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
528{
529 u8 *ptr = data, *uuids_start = NULL;
530 struct bt_uuid *uuid;
531
532 if (len < 18)
533 return ptr;
534
535 list_for_each_entry(uuid, &hdev->uuids, list) {
536 if (uuid->size != 128)
537 continue;
538
539 if (!uuids_start) {
540 uuids_start = ptr;
541 uuids_start[0] = 1;
542 uuids_start[1] = EIR_UUID128_ALL;
543 ptr += 2;
544 }
545
546 /* Stop if not enough space to put next UUID */
547 if ((ptr - data) + 16 > len) {
548 uuids_start[1] = EIR_UUID128_SOME;
549 break;
550 }
551
552 memcpy(ptr, uuid->uuid, 16);
553 ptr += 16;
554 uuids_start[0] += 16;
555 }
556
557 return ptr;
558}
559
eb2a8d20
JH		 560static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
561{
562 struct pending_cmd *cmd;
563
564 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
565 if (cmd->opcode == opcode)
566 return cmd;
567 }
568
569 return NULL;
570}
571
f14d8f64
MH		 572static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
573{
7a5f4990
MH		 574 u8 ad_len = 0;
575 size_t name_len;
576
577 name_len = strlen(hdev->dev_name);
578 if (name_len > 0) {
579 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
580
581 if (name_len > max_len) {
582 name_len = max_len;
583 ptr[1] = EIR_NAME_SHORT;
584 } else
585 ptr[1] = EIR_NAME_COMPLETE;
586
587 ptr[0] = name_len + 1;
588
589 memcpy(ptr + 2, hdev->dev_name, name_len);
590
591 ad_len += (name_len + 2);
592 ptr += (name_len + 2);
593 }
594
595 return ad_len;
f14d8f64
MH		 596}
597
598static void update_scan_rsp_data(struct hci_request *req)
599{
600 struct hci_dev *hdev = req->hdev;
601 struct hci_cp_le_set_scan_rsp_data cp;
602 u8 len;
603
7751ef1b 604 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 605 return;
606
607 memset(&cp, 0, sizeof(cp));
608
609 len = create_scan_rsp_data(hdev, cp.data);
610
eb438b5f
JH		 611 if (hdev->scan_rsp_data_len == len &&
612 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 613 return;
614
eb438b5f
JH		 615 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
616 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 617
618 cp.length = len;
619
620 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
621}
622
9a43e25f
JH		 623static u8 get_adv_discov_flags(struct hci_dev *hdev)
624{
625 struct pending_cmd *cmd;
626
627 /* If there's a pending mgmt command the flags will not yet have
628 * their final values, so check for this first.
629 */
630 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
631 if (cmd) {
632 struct mgmt_mode *cp = cmd->param;
633 if (cp->val == 0x01)
634 return LE_AD_GENERAL;
635 else if (cp->val == 0x02)
636 return LE_AD_LIMITED;
637 } else {
638 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
639 return LE_AD_LIMITED;
640 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_GENERAL;
642 }
643
644 return 0;
645}
646
46cad2ed 647static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 648{
649 u8 ad_len = 0, flags = 0;
441ad2d0 650
9a43e25f 651 flags |= get_adv_discov_flags(hdev);
441ad2d0 652
e834004b 653 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 654 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 655
656 if (flags) {
657 BT_DBG("adv flags 0x%02x", flags);
658
659 ptr[0] = 2;
660 ptr[1] = EIR_FLAGS;
661 ptr[2] = flags;
662
663 ad_len += 3;
664 ptr += 3;
665 }
666
667 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
668 ptr[0] = 2;
669 ptr[1] = EIR_TX_POWER;
670 ptr[2] = (u8) hdev->adv_tx_power;
671
672 ad_len += 3;
673 ptr += 3;
674 }
675
441ad2d0
MH		 676 return ad_len;
677}
678
5947f4bc 679static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 680{
681 struct hci_dev *hdev = req->hdev;
682 struct hci_cp_le_set_adv_data cp;
683 u8 len;
684
10994ce6 685 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 686 return;
687
688 memset(&cp, 0, sizeof(cp));
689
46cad2ed 690 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 691
692 if (hdev->adv_data_len == len &&
693 memcmp(cp.data, hdev->adv_data, len) == 0)
694 return;
695
696 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
697 hdev->adv_data_len = len;
698
699 cp.length = len;
700
701 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
702}
703
ef580372
JH		 704static void create_eir(struct hci_dev *hdev, u8 *data)
705{
706 u8 *ptr = data;
ef580372
JH		 707 size_t name_len;
708
709 name_len = strlen(hdev->dev_name);
710
711 if (name_len > 0) {
712 /* EIR Data type */
713 if (name_len > 48) {
714 name_len = 48;
715 ptr[1] = EIR_NAME_SHORT;
716 } else
717 ptr[1] = EIR_NAME_COMPLETE;
718
719 /* EIR Data length */
720 ptr[0] = name_len + 1;
721
722 memcpy(ptr + 2, hdev->dev_name, name_len);
723
ef580372
JH		 724 ptr += (name_len + 2);
725 }
726
bbaf444a 727 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 728 ptr[0] = 2;
729 ptr[1] = EIR_TX_POWER;
730 ptr[2] = (u8) hdev->inq_tx_power;
731
91c4e9b1
MH		 732 ptr += 3;
733 }
734
2b9be137
MH		 735 if (hdev->devid_source > 0) {
736 ptr[0] = 9;
737 ptr[1] = EIR_DEVICE_ID;
738
739 put_unaligned_le16(hdev->devid_source, ptr + 2);
740 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
741 put_unaligned_le16(hdev->devid_product, ptr + 6);
742 put_unaligned_le16(hdev->devid_version, ptr + 8);
743
2b9be137
MH		 744 ptr += 10;
745 }
746
213202ed 747 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 748 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 749 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 750}
751
890ea898 752static void update_eir(struct hci_request *req)
ef580372 753{
890ea898 754 struct hci_dev *hdev = req->hdev;
ef580372
JH		 755 struct hci_cp_write_eir cp;
756
504c8dcd 757 if (!hdev_is_powered(hdev))
890ea898 758 return;
7770c4aa 759
976eb20e 760 if (!lmp_ext_inq_capable(hdev))
890ea898 761 return;
ef580372 762
84bde9d6 763 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 764 return;
ef580372 765
a8b2d5c2 766 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 767 return;
ef580372
JH		 768
769 memset(&cp, 0, sizeof(cp));
770
771 create_eir(hdev, cp.data);
772
773 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 774 return;
ef580372
JH		 775
776 memcpy(hdev->eir, cp.data, sizeof(cp.data));
777
890ea898 778 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 779}
780
781static u8 get_service_classes(struct hci_dev *hdev)
782{
783 struct bt_uuid *uuid;
784 u8 val = 0;
785
786 list_for_each_entry(uuid, &hdev->uuids, list)
787 val |= uuid->svc_hint;
788
789 return val;
790}
791
890ea898 792static void update_class(struct hci_request *req)
ef580372 793{
890ea898 794 struct hci_dev *hdev = req->hdev;
ef580372
JH		 795 u8 cod[3];
796
797 BT_DBG("%s", hdev->name);
798
504c8dcd 799 if (!hdev_is_powered(hdev))
890ea898 800 return;
7770c4aa 801
f87ea1da
JH		 802 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
803 return;
804
a8b2d5c2 805 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 806 return;
ef580372
JH		 807
808 cod[0] = hdev->minor_class;
809 cod[1] = hdev->major_class;
810 cod[2] = get_service_classes(hdev);
811
6acd7db4
MH		 812 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
813 cod[1] |= 0x20;
814
ef580372 815 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 816 return;
ef580372 817
890ea898 818 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 819}
820
a4858cb9 821static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 822{
823 struct pending_cmd *cmd;
199a2fb1
JH		 824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
a4858cb9 831 return cp->val;
199a2fb1
JH		 832 }
833
a4858cb9 834 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 835}
836
837static void enable_advertising(struct hci_request *req)
838{
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_adv_param cp;
8f2a0601 841 u8 own_addr_type, enable = 0x01;
a4858cb9 842 bool connectable;
199a2fb1 843
8d97250e
JH		 844 /* Clear the HCI_ADVERTISING bit temporarily so that the
845 * hci_update_random_address knows that it's safe to go ahead
846 * and write a new random address. The flag will be set back on
847 * as soon as the SET_ADV_ENABLE HCI command completes.
848 */
849 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
850
a4858cb9 851 connectable = get_connectable(hdev);
8f2a0601 852
a4858cb9
JH		 853 /* Set require_privacy to true only when non-connectable
854 * advertising is used. In that case it is fine to use a
855 * non-resolvable private address.
856 */
857 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 858 return;
859
41c90c18 860 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 861 cp.min_interval = cpu_to_le16(0x0800);
862 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 863 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 864 cp.own_address_type = own_addr_type;
199a2fb1
JH		 865 cp.channel_map = hdev->le_adv_channel_map;
866
867 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
870}
871
872static void disable_advertising(struct hci_request *req)
873{
874 u8 enable = 0x00;
875
876 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
877}
878
7d78525d
JH		 879static void service_cache_off(struct work_struct *work)
880{
881 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 882 service_cache.work);
890ea898 883 struct hci_request req;
7d78525d 884
a8b2d5c2 885 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 886 return;
887
890ea898
JH		 888 hci_req_init(&req, hdev);
889
7d78525d
JH		 890 hci_dev_lock(hdev);
891
890ea898
JH		 892 update_eir(&req);
893 update_class(&req);
7d78525d
JH		 894
895 hci_dev_unlock(hdev);
890ea898
JH		 896
897 hci_req_run(&req, NULL);
7d78525d
JH		 898}
899
d6bfd59c
JH		 900static void rpa_expired(struct work_struct *work)
901{
902 struct hci_dev *hdev = container_of(work, struct hci_dev,
903 rpa_expired.work);
904 struct hci_request req;
905
906 BT_DBG("");
907
908 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
909
910 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
911 hci_conn_num(hdev, LE_LINK) > 0)
912 return;
913
914 /* The generation of a new RPA and programming it into the
915 * controller happens in the enable_advertising() function.
916 */
917
918 hci_req_init(&req, hdev);
919
920 disable_advertising(&req);
921 enable_advertising(&req);
922
923 hci_req_run(&req, NULL);
924}
925
6a919082 926static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 927{
4f87da80 928 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 929 return;
930
4f87da80 931 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 932 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 933
4f87da80
JH		 934 /* Non-mgmt controlled devices get this bit set
935 * implicitly so that pairing works for them, however
936 * for mgmt we require user-space to explicitly enable
937 * it
938 */
939 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 940}
941
0f4e68cf 942static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 943 void *data, u16 data_len)
0381101f 944{
a38528f1 945 struct mgmt_rp_read_info rp;
f7b64e69 946
bdb6d971 947 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 948
09fd0de5 949 hci_dev_lock(hdev);
f7b64e69 950
dc4fe30b
JH		 951 memset(&rp, 0, sizeof(rp));
952
69ab39ea 953 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 954
69ab39ea 955 rp.version = hdev->hci_ver;
eb55ef07 956 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 957
958 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
959 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 960
a38528f1 961 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 962
dc4fe30b 963 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 964 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 965
09fd0de5 966 hci_dev_unlock(hdev);
0381101f 967
bdb6d971 968 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 969 sizeof(rp));
0381101f
JH		 970}
971
eec8d2bc
JH		 972static void mgmt_pending_free(struct pending_cmd *cmd)
973{
974 sock_put(cmd->sk);
c68fb7ff 975 kfree(cmd->param);
eec8d2bc
JH		 976 kfree(cmd);
977}
978
366a0336 979static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 980 struct hci_dev *hdev, void *data,
981 u16 len)
eec8d2bc
JH		 982{
983 struct pending_cmd *cmd;
984
12b94565 985 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 986 if (!cmd)
366a0336 987 return NULL;
eec8d2bc
JH		 988
989 cmd->opcode = opcode;
2e58ef3e 990 cmd->index = hdev->id;
eec8d2bc 991
12b94565 992 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 993 if (!cmd->param) {
eec8d2bc 994 kfree(cmd);
366a0336 995 return NULL;
eec8d2bc
JH		 996 }
997
8fce6357
SJ		 998 if (data)
999 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1000
1001 cmd->sk = sk;
1002 sock_hold(sk);
1003
2e58ef3e 1004 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1005
366a0336 1006 return cmd;
eec8d2bc
JH		 1007}
1008
744cf19e 1009static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1010 void (*cb)(struct pending_cmd *cmd,
1011 void *data),
04124681 1012 void *data)
eec8d2bc 1013{
a3d09356 1014 struct pending_cmd *cmd, *tmp;
eec8d2bc 1015
a3d09356 1016 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1017 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1018 continue;
1019
eec8d2bc
JH		 1020 cb(cmd, data);
1021 }
1022}
1023
a664b5bc 1024static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1025{
73f22f62
JH		 1026 list_del(&cmd->list);
1027 mgmt_pending_free(cmd);
1028}
1029
69ab39ea 1030static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1031{
69ab39ea 1032 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1033
aee9b218 1034 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1035 sizeof(settings));
8680570b
JH		 1036}
1037
8b064a3a
JH		 1038static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1039{
1040 BT_DBG("%s status 0x%02x", hdev->name, status);
1041
a3172b7e
JH		 1042 if (hci_conn_count(hdev) == 0) {
1043 cancel_delayed_work(&hdev->power_off);
8b064a3a 1044 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1045 }
8b064a3a
JH		 1046}
1047
1048static int clean_up_hci_state(struct hci_dev *hdev)
1049{
1050 struct hci_request req;
1051 struct hci_conn *conn;
1052
1053 hci_req_init(&req, hdev);
1054
1055 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1056 test_bit(HCI_PSCAN, &hdev->flags)) {
1057 u8 scan = 0x00;
1058 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1059 }
1060
1061 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1062 disable_advertising(&req);
1063
1064 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
b1efcc28 1065 hci_req_add_le_scan_disable(&req);
8b064a3a
JH		 1066 }
1067
1068 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1069 struct hci_cp_disconnect dc;
c9910d0f
JH		 1070 struct hci_cp_reject_conn_req rej;
1071
1072 switch (conn->state) {
1073 case BT_CONNECTED:
1074 case BT_CONFIG:
1075 dc.handle = cpu_to_le16(conn->handle);
1076 dc.reason = 0x15; /* Terminated due to Power Off */
1077 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1078 break;
1079 case BT_CONNECT:
1080 if (conn->type == LE_LINK)
1081 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1082 0, NULL);
1083 else if (conn->type == ACL_LINK)
1084 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1085 6, &conn->dst);
1086 break;
1087 case BT_CONNECT2:
1088 bacpy(&rej.bdaddr, &conn->dst);
1089 rej.reason = 0x15; /* Terminated due to Power Off */
1090 if (conn->type == ACL_LINK)
1091 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1092 sizeof(rej), &rej);
1093 else if (conn->type == SCO_LINK)
1094 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1095 sizeof(rej), &rej);
1096 break;
1097 }
8b064a3a
JH		 1098 }
1099
1100 return hci_req_run(&req, clean_up_hci_complete);
1101}
1102
bdb6d971 1103static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1104 u16 len)
eec8d2bc 1105{
650f726d 1106 struct mgmt_mode *cp = data;
366a0336 1107 struct pending_cmd *cmd;
4b34ee78 1108 int err;
eec8d2bc 1109
bdb6d971 1110 BT_DBG("request for %s", hdev->name);
eec8d2bc 1111
a7e80f25
JH		 1112 if (cp->val != 0x00 && cp->val != 0x01)
1113 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1114 MGMT_STATUS_INVALID_PARAMS);
1115
09fd0de5 1116 hci_dev_lock(hdev);
eec8d2bc 1117
87b95ba6
JH		 1118 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1119 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1120 MGMT_STATUS_BUSY);
1121 goto failed;
1122 }
1123
f0d4b78a
MH		 1124 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1125 cancel_delayed_work(&hdev->power_off);
1126
1127 if (cp->val) {
a1d70450
JH		 1128 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1129 data, len);
1130 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1131 goto failed;
1132 }
1133 }
1134
4b34ee78 1135 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1136 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1137 goto failed;
1138 }
1139
2e58ef3e 1140 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1141 if (!cmd) {
1142 err = -ENOMEM;
eec8d2bc 1143 goto failed;
366a0336 1144 }
eec8d2bc 1145
8b064a3a 1146 if (cp->val) {
19202573 1147 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1148 err = 0;
1149 } else {
1150 /* Disconnect connections, stop scans, etc */
1151 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1152 if (!err)
1153 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1154 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1155
8b064a3a
JH		 1156 /* ENODATA means there were no HCI commands queued */
1157 if (err == -ENODATA) {
a3172b7e 1158 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1159 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1160 err = 0;
1161 }
1162 }
eec8d2bc
JH		 1163
1164failed:
09fd0de5 1165 hci_dev_unlock(hdev);
366a0336 1166 return err;
eec8d2bc
JH		 1167}
1168
04124681
GP		 1169static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1170 struct sock *skip_sk)
beadb2bd
JH		 1171{
1172 struct sk_buff *skb;
1173 struct mgmt_hdr *hdr;
1174
790eff44 1175 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1176 if (!skb)
1177 return -ENOMEM;
1178
1179 hdr = (void *) skb_put(skb, sizeof(*hdr));
1180 hdr->opcode = cpu_to_le16(event);
1181 if (hdev)
1182 hdr->index = cpu_to_le16(hdev->id);
1183 else
dcf4adbf 1184 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1185 hdr->len = cpu_to_le16(data_len);
1186
1187 if (data)
1188 memcpy(skb_put(skb, data_len), data, data_len);
1189
97e0bdeb
MH		 1190 /* Time stamp */
1191 __net_timestamp(skb);
1192
beadb2bd
JH		 1193 hci_send_to_control(skb, skip_sk);
1194 kfree_skb(skb);
1195
1196 return 0;
1197}
1198
1199static int new_settings(struct hci_dev *hdev, struct sock *skip)
1200{
1201 __le32 ev;
1202
1203 ev = cpu_to_le32(get_current_settings(hdev));
1204
1205 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1206}
1207
bd99abdd
JH		 1208struct cmd_lookup {
1209 struct sock *sk;
1210 struct hci_dev *hdev;
1211 u8 mgmt_status;
1212};
1213
1214static void settings_rsp(struct pending_cmd *cmd, void *data)
1215{
1216 struct cmd_lookup *match = data;
1217
1218 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1219
1220 list_del(&cmd->list);
1221
1222 if (match->sk == NULL) {
1223 match->sk = cmd->sk;
1224 sock_hold(match->sk);
1225 }
1226
1227 mgmt_pending_free(cmd);
1228}
1229
1230static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1231{
1232 u8 *status = data;
1233
1234 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1235 mgmt_pending_remove(cmd);
1236}
1237
e6fe7986
JH		 1238static u8 mgmt_bredr_support(struct hci_dev *hdev)
1239{
1240 if (!lmp_bredr_capable(hdev))
1241 return MGMT_STATUS_NOT_SUPPORTED;
1242 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1243 return MGMT_STATUS_REJECTED;
1244 else
1245 return MGMT_STATUS_SUCCESS;
1246}
1247
1248static u8 mgmt_le_support(struct hci_dev *hdev)
1249{
1250 if (!lmp_le_capable(hdev))
1251 return MGMT_STATUS_NOT_SUPPORTED;
1252 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1253 return MGMT_STATUS_REJECTED;
1254 else
1255 return MGMT_STATUS_SUCCESS;
1256}
1257
bfaf8c9f
JH		 1258static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1259{
1260 struct pending_cmd *cmd;
1261 struct mgmt_mode *cp;
970ba524 1262 struct hci_request req;
bfaf8c9f
JH		 1263 bool changed;
1264
1265 BT_DBG("status 0x%02x", status);
1266
1267 hci_dev_lock(hdev);
1268
1269 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1270 if (!cmd)
1271 goto unlock;
1272
1273 if (status) {
1274 u8 mgmt_err = mgmt_status(status);
1275 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1276 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1277 goto remove_cmd;
1278 }
1279
1280 cp = cmd->param;
d4462a07 1281 if (cp->val) {
bfaf8c9f
JH		 1282 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1283 &hdev->dev_flags);
d4462a07
MH		 1284
1285 if (hdev->discov_timeout > 0) {
1286 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1287 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1288 to);
1289 }
1290 } else {
bfaf8c9f
JH		 1291 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1292 &hdev->dev_flags);
d4462a07 1293 }
bfaf8c9f
JH		 1294
1295 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1296
1297 if (changed)
1298 new_settings(hdev, cmd->sk);
1299
970ba524
MH		 1300 /* When the discoverable mode gets changed, make sure
1301 * that class of device has the limited discoverable
1302 * bit correctly set.
1303 */
1304 hci_req_init(&req, hdev);
1305 update_class(&req);
1306 hci_req_run(&req, NULL);
1307
bfaf8c9f
JH		 1308remove_cmd:
1309 mgmt_pending_remove(cmd);
1310
1311unlock:
1312 hci_dev_unlock(hdev);
1313}
1314
bdb6d971 1315static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1316 u16 len)
73f22f62 1317{
650f726d 1318 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1319 struct pending_cmd *cmd;
bfaf8c9f 1320 struct hci_request req;
5e5282bb 1321 u16 timeout;
9a43e25f 1322 u8 scan;
73f22f62
JH		 1323 int err;
1324
bdb6d971 1325 BT_DBG("request for %s", hdev->name);
73f22f62 1326
9a43e25f
JH		 1327 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1328 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1329 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1330 MGMT_STATUS_REJECTED);
33c525c0 1331
310a3d48 1332 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1333 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1334 MGMT_STATUS_INVALID_PARAMS);
1335
1f350c87 1336 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1337
1338 /* Disabling discoverable requires that no timeout is set,
1339 * and enabling limited discoverable requires a timeout.
1340 */
1341 if ((cp->val == 0x00 && timeout > 0) ||
1342 (cp->val == 0x02 && timeout == 0))
bdb6d971 1343 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1344 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1345
09fd0de5 1346 hci_dev_lock(hdev);
73f22f62 1347
5e5282bb 1348 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1349 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1350 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1351 goto failed;
1352 }
1353
2e58ef3e 1354 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1355 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1356 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1357 MGMT_STATUS_BUSY);
73f22f62
JH		 1358 goto failed;
1359 }
1360
5e5282bb 1361 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1362 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1363 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1364 goto failed;
1365 }
1366
1367 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1368 bool changed = false;
1369
310a3d48
MH		 1370 /* Setting limited discoverable when powered off is
1371 * not a valid operation since it requires a timeout
1372 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1373 */
0224d2fa
JH		 1374 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1375 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1376 changed = true;
1377 }
1378
5e5282bb 1379 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1380 if (err < 0)
1381 goto failed;
1382
1383 if (changed)
1384 err = new_settings(hdev, sk);
1385
5e5282bb
JH		 1386 goto failed;
1387 }
1388
310a3d48
MH		 1389 /* If the current mode is the same, then just update the timeout
1390 * value with the new value. And if only the timeout gets updated,
1391 * then no need for any HCI transactions.
1392 */
1393 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1394 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1395 &hdev->dev_flags)) {
36261547
MH		 1396 cancel_delayed_work(&hdev->discov_off);
1397 hdev->discov_timeout = timeout;
955638ec 1398
36261547
MH		 1399 if (cp->val && hdev->discov_timeout > 0) {
1400 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1401 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1402 to);
955638ec
MH		 1403 }
1404
69ab39ea 1405 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1406 goto failed;
1407 }
1408
2e58ef3e 1409 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1410 if (!cmd) {
1411 err = -ENOMEM;
73f22f62 1412 goto failed;
366a0336 1413 }
73f22f62 1414
310a3d48
MH		 1415 /* Cancel any potential discoverable timeout that might be
1416 * still active and store new timeout value. The arming of
1417 * the timeout happens in the complete handler.
1418 */
1419 cancel_delayed_work(&hdev->discov_off);
1420 hdev->discov_timeout = timeout;
1421
b456f87c
JH		 1422 /* Limited discoverable mode */
1423 if (cp->val == 0x02)
1424 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1425 else
1426 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1427
bfaf8c9f
JH		 1428 hci_req_init(&req, hdev);
1429
9a43e25f
JH		 1430 /* The procedure for LE-only controllers is much simpler - just
1431 * update the advertising data.
1432 */
1433 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1434 goto update_ad;
1435
73f22f62
JH		 1436 scan = SCAN_PAGE;
1437
310a3d48
MH		 1438 if (cp->val) {
1439 struct hci_cp_write_current_iac_lap hci_cp;
1440
1441 if (cp->val == 0x02) {
1442 /* Limited discoverable mode */
33337dcb 1443 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1444 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1445 hci_cp.iac_lap[1] = 0x8b;
1446 hci_cp.iac_lap[2] = 0x9e;
1447 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1448 hci_cp.iac_lap[4] = 0x8b;
1449 hci_cp.iac_lap[5] = 0x9e;
1450 } else {
1451 /* General discoverable mode */
310a3d48
MH		 1452 hci_cp.num_iac = 1;
1453 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1454 hci_cp.iac_lap[1] = 0x8b;
1455 hci_cp.iac_lap[2] = 0x9e;
1456 }
1457
1458 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1459 (hci_cp.num_iac * 3) + 1, &hci_cp);
1460
73f22f62 1461 scan |= SCAN_INQUIRY;
310a3d48
MH		 1462 } else {
1463 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1464 }
73f22f62 1465
310a3d48 1466 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1467
9a43e25f
JH		 1468update_ad:
1469 update_adv_data(&req);
1470
bfaf8c9f 1471 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1472 if (err < 0)
a664b5bc 1473 mgmt_pending_remove(cmd);
73f22f62
JH		 1474
1475failed:
09fd0de5 1476 hci_dev_unlock(hdev);
73f22f62
JH		 1477 return err;
1478}
1479
406d7804
JH		 1480static void write_fast_connectable(struct hci_request *req, bool enable)
1481{
bd98b996 1482 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1483 struct hci_cp_write_page_scan_activity acp;
1484 u8 type;
1485
547003b1
JH		 1486 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1487 return;
1488
4c01f8b8
JH		 1489 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1490 return;
1491
406d7804
JH		 1492 if (enable) {
1493 type = PAGE_SCAN_TYPE_INTERLACED;
1494
1495 /* 160 msec page scan interval */
dcf4adbf 1496 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1497 } else {
1498 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1499
1500 /* default 1.28 sec page scan */
dcf4adbf 1501 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1502 }
1503
dcf4adbf 1504 acp.window = cpu_to_le16(0x0012);
406d7804 1505
bd98b996
JH		 1506 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1507 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1508 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1509 sizeof(acp), &acp);
1510
1511 if (hdev->page_scan_type != type)
1512 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1513}
1514
2b76f453
JH		 1515static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1516{
1517 struct pending_cmd *cmd;
d7b856f9
JH		 1518 struct mgmt_mode *cp;
1519 bool changed;
2b76f453
JH		 1520
1521 BT_DBG("status 0x%02x", status);
1522
1523 hci_dev_lock(hdev);
1524
1525 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1526 if (!cmd)
1527 goto unlock;
1528
37438c1f
JH		 1529 if (status) {
1530 u8 mgmt_err = mgmt_status(status);
1531 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1532 goto remove_cmd;
1533 }
1534
d7b856f9
JH		 1535 cp = cmd->param;
1536 if (cp->val)
1537 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1538 else
1539 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1540
2b76f453
JH		 1541 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1542
d7b856f9
JH		 1543 if (changed)
1544 new_settings(hdev, cmd->sk);
1545
37438c1f 1546remove_cmd:
2b76f453
JH		 1547 mgmt_pending_remove(cmd);
1548
1549unlock:
1550 hci_dev_unlock(hdev);
1551}
1552
e8ba3a1f
JH		 1553static int set_connectable_update_settings(struct hci_dev *hdev,
1554 struct sock *sk, u8 val)
1555{
1556 bool changed = false;
1557 int err;
1558
1559 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1560 changed = true;
1561
1562 if (val) {
1563 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1564 } else {
1565 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1566 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1567 }
1568
1569 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1570 if (err < 0)
1571 return err;
1572
1573 if (changed)
1574 return new_settings(hdev, sk);
1575
1576 return 0;
1577}
1578
bdb6d971 1579static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1580 u16 len)
9fbcbb45 1581{
650f726d 1582 struct mgmt_mode *cp = data;
366a0336 1583 struct pending_cmd *cmd;
2b76f453 1584 struct hci_request req;
1987fdc7 1585 u8 scan;
9fbcbb45
JH		 1586 int err;
1587
bdb6d971 1588 BT_DBG("request for %s", hdev->name);
9fbcbb45 1589
1987fdc7
JH		 1590 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1591 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1592 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1593 MGMT_STATUS_REJECTED);
33c525c0 1594
a7e80f25
JH		 1595 if (cp->val != 0x00 && cp->val != 0x01)
1596 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1597 MGMT_STATUS_INVALID_PARAMS);
1598
09fd0de5 1599 hci_dev_lock(hdev);
9fbcbb45 1600
4b34ee78 1601 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1602 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1603 goto failed;
1604 }
1605
2e58ef3e 1606 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1607 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1608 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1609 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1610 goto failed;
1611 }
1612
2e58ef3e 1613 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1614 if (!cmd) {
1615 err = -ENOMEM;
9fbcbb45 1616 goto failed;
366a0336 1617 }
9fbcbb45 1618
9b74246f 1619 hci_req_init(&req, hdev);
9fbcbb45 1620
9a43e25f
JH		 1621 /* If BR/EDR is not enabled and we disable advertising as a
1622 * by-product of disabling connectable, we need to update the
1623 * advertising flags.
1624 */
1625 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1626 if (!cp->val) {
1627 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1628 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1629 }
1630 update_adv_data(&req);
1631 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1632 if (cp->val) {
1633 scan = SCAN_PAGE;
1634 } else {
1635 scan = 0;
1636
1637 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1638 hdev->discov_timeout > 0)
9b74246f
JH		 1639 cancel_delayed_work(&hdev->discov_off);
1640 }
2b76f453 1641
9b74246f
JH		 1642 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1643 }
2b76f453 1644
4c01f8b8
JH		 1645 /* If we're going from non-connectable to connectable or
1646 * vice-versa when fast connectable is enabled ensure that fast
1647 * connectable gets disabled. write_fast_connectable won't do
1648 * anything if the page scan parameters are already what they
1649 * should be.
1650 */
1651 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1652 write_fast_connectable(&req, false);
1653
1987fdc7
JH		 1654 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1655 hci_conn_num(hdev, LE_LINK) == 0) {
1656 disable_advertising(&req);
1657 enable_advertising(&req);
1658 }
1659
2b76f453 1660 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1661 if (err < 0) {
a664b5bc 1662 mgmt_pending_remove(cmd);
9b74246f 1663 if (err == -ENODATA)
a81070ba
JH		 1664 err = set_connectable_update_settings(hdev, sk,
1665 cp->val);
9b74246f
JH		 1666 goto failed;
1667 }
9fbcbb45
JH		 1668
1669failed:
09fd0de5 1670 hci_dev_unlock(hdev);
9fbcbb45
JH		 1671 return err;
1672}
1673
bdb6d971 1674static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1675 u16 len)
c542a06c 1676{
650f726d 1677 struct mgmt_mode *cp = data;
55594356 1678 bool changed;
c542a06c
JH		 1679 int err;
1680
bdb6d971 1681 BT_DBG("request for %s", hdev->name);
c542a06c 1682
a7e80f25
JH		 1683 if (cp->val != 0x00 && cp->val != 0x01)
1684 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1685 MGMT_STATUS_INVALID_PARAMS);
1686
09fd0de5 1687 hci_dev_lock(hdev);
c542a06c
JH		 1688
1689 if (cp->val)
55594356 1690 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1691 else
55594356 1692 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1693
69ab39ea 1694 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1695 if (err < 0)
55594356 1696 goto unlock;
c542a06c 1697
55594356
MH		 1698 if (changed)
1699 err = new_settings(hdev, sk);
c542a06c 1700
55594356 1701unlock:
09fd0de5 1702 hci_dev_unlock(hdev);
c542a06c
JH		 1703 return err;
1704}
1705
04124681
GP		 1706static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1707 u16 len)
33ef95ed
JH		 1708{
1709 struct mgmt_mode *cp = data;
1710 struct pending_cmd *cmd;
e6fe7986 1711 u8 val, status;
33ef95ed
JH		 1712 int err;
1713
bdb6d971 1714 BT_DBG("request for %s", hdev->name);
33ef95ed 1715
e6fe7986
JH		 1716 status = mgmt_bredr_support(hdev);
1717 if (status)
33c525c0 1718 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1719 status);
33c525c0 1720
a7e80f25
JH		 1721 if (cp->val != 0x00 && cp->val != 0x01)
1722 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1723 MGMT_STATUS_INVALID_PARAMS);
1724
33ef95ed
JH		 1725 hci_dev_lock(hdev);
1726
4b34ee78 1727 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1728 bool changed = false;
1729
1730 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1731 &hdev->dev_flags)) {
47990ea0
JH		 1732 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1733 changed = true;
1734 }
1735
1736 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1737 if (err < 0)
1738 goto failed;
1739
1740 if (changed)
1741 err = new_settings(hdev, sk);
1742
33ef95ed
JH		 1743 goto failed;
1744 }
1745
1746 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1747 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1748 MGMT_STATUS_BUSY);
33ef95ed
JH		 1749 goto failed;
1750 }
1751
1752 val = !!cp->val;
1753
1754 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1755 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1756 goto failed;
1757 }
1758
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1760 if (!cmd) {
1761 err = -ENOMEM;
1762 goto failed;
1763 }
1764
1765 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1766 if (err < 0) {
1767 mgmt_pending_remove(cmd);
1768 goto failed;
1769 }
1770
1771failed:
1772 hci_dev_unlock(hdev);
33ef95ed
JH		 1773 return err;
1774}
1775
bdb6d971 1776static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1777{
1778 struct mgmt_mode *cp = data;
1779 struct pending_cmd *cmd;
72ef0c1a 1780 u8 status;
ed2c4ee3
JH		 1781 int err;
1782
bdb6d971 1783 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1784
cdba5281
MH		 1785 status = mgmt_bredr_support(hdev);
1786 if (status)
1787 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1788
13ecd8b6
JH		 1789 if (!lmp_ssp_capable(hdev))
1790 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1791 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1792
a7e80f25
JH		 1793 if (cp->val != 0x00 && cp->val != 0x01)
1794 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1795 MGMT_STATUS_INVALID_PARAMS);
1796
13ecd8b6 1797 hci_dev_lock(hdev);
6c8f12c1 1798
4b34ee78 1799 if (!hdev_is_powered(hdev)) {
9ecb3e24 1800 bool changed;
c0ecddc2 1801
9ecb3e24
MH		 1802 if (cp->val) {
1803 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1804 &hdev->dev_flags);
1805 } else {
1806 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1807 &hdev->dev_flags);
1808 if (!changed)
1809 changed = test_and_clear_bit(HCI_HS_ENABLED,
1810 &hdev->dev_flags);
1811 else
1812 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1813 }
1814
1815 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1816 if (err < 0)
1817 goto failed;
1818
1819 if (changed)
1820 err = new_settings(hdev, sk);
1821
ed2c4ee3
JH		 1822 goto failed;
1823 }
1824
9ecb3e24
MH		 1825 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1826 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1827 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1828 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1829 goto failed;
1830 }
1831
72ef0c1a 1832 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1833 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1834 goto failed;
1835 }
1836
1837 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1838 if (!cmd) {
1839 err = -ENOMEM;
1840 goto failed;
1841 }
1842
72ef0c1a 1843 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1844 if (err < 0) {
1845 mgmt_pending_remove(cmd);
1846 goto failed;
1847 }
1848
1849failed:
1850 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1851 return err;
1852}
1853
bdb6d971 1854static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1855{
1856 struct mgmt_mode *cp = data;
ee392693 1857 bool changed;
e6fe7986 1858 u8 status;
ee392693 1859 int err;
6d80dfd0 1860
bdb6d971 1861 BT_DBG("request for %s", hdev->name);
6d80dfd0 1862
e6fe7986
JH		 1863 status = mgmt_bredr_support(hdev);
1864 if (status)
1865 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1866
9ecb3e24
MH		 1867 if (!lmp_ssp_capable(hdev))
1868 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1869 MGMT_STATUS_NOT_SUPPORTED);
1870
1871 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1872 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1873 MGMT_STATUS_REJECTED);
1874
a7e80f25
JH		 1875 if (cp->val != 0x00 && cp->val != 0x01)
1876 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1877 MGMT_STATUS_INVALID_PARAMS);
1878
ee392693
MH		 1879 hci_dev_lock(hdev);
1880
a0cdf960 1881 if (cp->val) {
ee392693 1882 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1883 } else {
1884 if (hdev_is_powered(hdev)) {
1885 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1886 MGMT_STATUS_REJECTED);
1887 goto unlock;
1888 }
1889
ee392693 1890 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1891 }
ee392693
MH		 1892
1893 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1894 if (err < 0)
1895 goto unlock;
1896
1897 if (changed)
1898 err = new_settings(hdev, sk);
6d80dfd0 1899
ee392693
MH		 1900unlock:
1901 hci_dev_unlock(hdev);
1902 return err;
6d80dfd0
JH		 1903}
1904
416a4ae5
JH		 1905static void le_enable_complete(struct hci_dev *hdev, u8 status)
1906{
1907 struct cmd_lookup match = { NULL, hdev };
1908
1909 if (status) {
1910 u8 mgmt_err = mgmt_status(status);
1911
1912 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1913 &mgmt_err);
1914 return;
1915 }
1916
1917 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1918
1919 new_settings(hdev, match.sk);
1920
1921 if (match.sk)
1922 sock_put(match.sk);
441ad2d0
MH		 1923
1924 /* Make sure the controller has a good default for
1925 * advertising data. Restrict the update to when LE
1926 * has actually been enabled. During power on, the
1927 * update in powered_update_hci will take care of it.
1928 */
1929 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1930 struct hci_request req;
1931
1932 hci_dev_lock(hdev);
1933
1934 hci_req_init(&req, hdev);
5947f4bc 1935 update_adv_data(&req);
f14d8f64 1936 update_scan_rsp_data(&req);
441ad2d0
MH		 1937 hci_req_run(&req, NULL);
1938
1939 hci_dev_unlock(hdev);
1940 }
416a4ae5
JH		 1941}
1942
bdb6d971 1943static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1944{
1945 struct mgmt_mode *cp = data;
1946 struct hci_cp_write_le_host_supported hci_cp;
1947 struct pending_cmd *cmd;
416a4ae5 1948 struct hci_request req;
06199cf8 1949 int err;
0b60eba1 1950 u8 val, enabled;
06199cf8 1951
bdb6d971 1952 BT_DBG("request for %s", hdev->name);
06199cf8 1953
13ecd8b6
JH		 1954 if (!lmp_le_capable(hdev))
1955 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1956 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1957
a7e80f25
JH		 1958 if (cp->val != 0x00 && cp->val != 0x01)
1959 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1960 MGMT_STATUS_INVALID_PARAMS);
1961
c73eee91 1962 /* LE-only devices do not allow toggling LE on/off */
56f87901 1963 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1964 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1965 MGMT_STATUS_REJECTED);
1966
13ecd8b6 1967 hci_dev_lock(hdev);
06199cf8
JH		 1968
1969 val = !!cp->val;
ffa88e02 1970 enabled = lmp_host_le_capable(hdev);
06199cf8 1971
0b60eba1 1972 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1973 bool changed = false;
1974
1975 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1976 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1977 changed = true;
1978 }
1979
f3d3444a
JH		 1980 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1981 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1982 changed = true;
1983 }
1984
06199cf8
JH		 1985 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1986 if (err < 0)
1de028ce 1987 goto unlock;
06199cf8
JH		 1988
1989 if (changed)
1990 err = new_settings(hdev, sk);
1991
1de028ce 1992 goto unlock;
06199cf8
JH		 1993 }
1994
4375f103
JH		 1995 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1996 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1997 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1998 MGMT_STATUS_BUSY);
1de028ce 1999 goto unlock;
06199cf8
JH		 2000 }
2001
2002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2003 if (!cmd) {
2004 err = -ENOMEM;
1de028ce 2005 goto unlock;
06199cf8
JH		 2006 }
2007
441ad2d0
MH		 2008 hci_req_init(&req, hdev);
2009
06199cf8
JH		 2010 memset(&hci_cp, 0, sizeof(hci_cp));
2011
2012 if (val) {
2013 hci_cp.le = val;
ffa88e02 2014 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2015 } else {
2016 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2017 disable_advertising(&req);
06199cf8
JH		 2018 }
2019
416a4ae5
JH		 2020 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2021 &hci_cp);
2022
2023 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2024 if (err < 0)
06199cf8 2025 mgmt_pending_remove(cmd);
06199cf8 2026
1de028ce
JH		 2027unlock:
2028 hci_dev_unlock(hdev);
06199cf8
JH		 2029 return err;
2030}
2031
0cab9c80
JH		 2032/* This is a helper function to test for pending mgmt commands that can
2033 * cause CoD or EIR HCI commands. We can only allow one such pending
2034 * mgmt command at a time since otherwise we cannot easily track what
2035 * the current values are, will be, and based on that calculate if a new
2036 * HCI command needs to be sent and if yes with what value.
2037 */
2038static bool pending_eir_or_class(struct hci_dev *hdev)
2039{
2040 struct pending_cmd *cmd;
2041
2042 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2043 switch (cmd->opcode) {
2044 case MGMT_OP_ADD_UUID:
2045 case MGMT_OP_REMOVE_UUID:
2046 case MGMT_OP_SET_DEV_CLASS:
2047 case MGMT_OP_SET_POWERED:
2048 return true;
2049 }
2050 }
2051
2052 return false;
2053}
2054
83be8eca
JH		 2055static const u8 bluetooth_base_uuid[] = {
2056 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2057 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2058};
2059
2060static u8 get_uuid_size(const u8 *uuid)
2061{
2062 u32 val;
2063
2064 if (memcmp(uuid, bluetooth_base_uuid, 12))
2065 return 128;
2066
2067 val = get_unaligned_le32(&uuid[12]);
2068 if (val > 0xffff)
2069 return 32;
2070
2071 return 16;
2072}
2073
92da6097
JH		 2074static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2075{
2076 struct pending_cmd *cmd;
2077
2078 hci_dev_lock(hdev);
2079
2080 cmd = mgmt_pending_find(mgmt_op, hdev);
2081 if (!cmd)
2082 goto unlock;
2083
2084 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2085 hdev->dev_class, 3);
2086
2087 mgmt_pending_remove(cmd);
2088
2089unlock:
2090 hci_dev_unlock(hdev);
2091}
2092
2093static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2094{
2095 BT_DBG("status 0x%02x", status);
2096
2097 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2098}
2099
bdb6d971 2100static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2101{
650f726d 2102 struct mgmt_cp_add_uuid *cp = data;
90e70454 2103 struct pending_cmd *cmd;
890ea898 2104 struct hci_request req;
2aeb9a1a 2105 struct bt_uuid *uuid;
2aeb9a1a
JH		 2106 int err;
2107
bdb6d971 2108 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2109
09fd0de5 2110 hci_dev_lock(hdev);
2aeb9a1a 2111
0cab9c80 2112 if (pending_eir_or_class(hdev)) {
bdb6d971 2113 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2114 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2115 goto failed;
2116 }
2117
92c4c204 2118 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2119 if (!uuid) {
2120 err = -ENOMEM;
2121 goto failed;
2122 }
2123
2124 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2125 uuid->svc_hint = cp->svc_hint;
83be8eca 2126 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2127
de66aa63 2128 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2129
890ea898 2130 hci_req_init(&req, hdev);
1aff6f09 2131
890ea898
JH		 2132 update_class(&req);
2133 update_eir(&req);
2134
92da6097
JH		 2135 err = hci_req_run(&req, add_uuid_complete);
2136 if (err < 0) {
2137 if (err != -ENODATA)
2138 goto failed;
80a1e1db 2139
bdb6d971 2140 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2141 hdev->dev_class, 3);
90e70454
JH		 2142 goto failed;
2143 }
2144
2145 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2146 if (!cmd) {
90e70454 2147 err = -ENOMEM;
890ea898
JH		 2148 goto failed;
2149 }
2150
2151 err = 0;
2aeb9a1a
JH		 2152
2153failed:
09fd0de5 2154 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2155 return err;
2156}
2157
24b78d0f
JH		 2158static bool enable_service_cache(struct hci_dev *hdev)
2159{
2160 if (!hdev_is_powered(hdev))
2161 return false;
2162
2163 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2164 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2165 CACHE_TIMEOUT);
24b78d0f
JH		 2166 return true;
2167 }
2168
2169 return false;
2170}
2171
92da6097
JH		 2172static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2173{
2174 BT_DBG("status 0x%02x", status);
2175
2176 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2177}
2178
bdb6d971 2179static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2180 u16 len)
2aeb9a1a 2181{
650f726d 2182 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2183 struct pending_cmd *cmd;
056341c8 2184 struct bt_uuid *match, *tmp;
2aeb9a1a 2185 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2186 struct hci_request req;
2aeb9a1a
JH		 2187 int err, found;
2188
bdb6d971 2189 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2190
09fd0de5 2191 hci_dev_lock(hdev);
2aeb9a1a 2192
0cab9c80 2193 if (pending_eir_or_class(hdev)) {
bdb6d971 2194 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2195 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2196 goto unlock;
2197 }
2198
2aeb9a1a 2199 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2200 hci_uuids_clear(hdev);
4004b6d9 2201
24b78d0f 2202 if (enable_service_cache(hdev)) {
bdb6d971 2203 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2204 0, hdev->dev_class, 3);
24b78d0f
JH		 2205 goto unlock;
2206 }
4004b6d9 2207
9246a869 2208 goto update_class;
2aeb9a1a
JH		 2209 }
2210
2211 found = 0;
2212
056341c8 2213 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2214 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2215 continue;
2216
2217 list_del(&match->list);
482049f7 2218 kfree(match);
2aeb9a1a
JH		 2219 found++;
2220 }
2221
2222 if (found == 0) {
bdb6d971 2223 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2224 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2225 goto unlock;
2226 }
2227
9246a869 2228update_class:
890ea898 2229 hci_req_init(&req, hdev);
1aff6f09 2230
890ea898
JH		 2231 update_class(&req);
2232 update_eir(&req);
2233
92da6097
JH		 2234 err = hci_req_run(&req, remove_uuid_complete);
2235 if (err < 0) {
2236 if (err != -ENODATA)
2237 goto unlock;
80a1e1db 2238
bdb6d971 2239 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2240 hdev->dev_class, 3);
90e70454
JH		 2241 goto unlock;
2242 }
2243
2244 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2245 if (!cmd) {
90e70454 2246 err = -ENOMEM;
890ea898
JH		 2247 goto unlock;
2248 }
2249
2250 err = 0;
2aeb9a1a
JH		 2251
2252unlock:
09fd0de5 2253 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2254 return err;
2255}
2256
92da6097
JH		 2257static void set_class_complete(struct hci_dev *hdev, u8 status)
2258{
2259 BT_DBG("status 0x%02x", status);
2260
2261 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2262}
2263
bdb6d971 2264static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2265 u16 len)
1aff6f09 2266{
650f726d 2267 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2268 struct pending_cmd *cmd;
890ea898 2269 struct hci_request req;
1aff6f09
JH		 2270 int err;
2271
bdb6d971 2272 BT_DBG("request for %s", hdev->name);
1aff6f09 2273
6203fc98 2274 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2275 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2276 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2277
0cab9c80 2278 hci_dev_lock(hdev);
ee98f473 2279
0cab9c80
JH		 2280 if (pending_eir_or_class(hdev)) {
2281 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2282 MGMT_STATUS_BUSY);
2283 goto unlock;
2284 }
c95f0ba7 2285
0cab9c80
JH		 2286 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2288 MGMT_STATUS_INVALID_PARAMS);
2289 goto unlock;
2290 }
575b3a02 2291
932f5ff5
JH		 2292 hdev->major_class = cp->major;
2293 hdev->minor_class = cp->minor;
2294
b5235a65 2295 if (!hdev_is_powered(hdev)) {
bdb6d971 2296 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2297 hdev->dev_class, 3);
b5235a65
JH		 2298 goto unlock;
2299 }
2300
890ea898
JH		 2301 hci_req_init(&req, hdev);
2302
a8b2d5c2 2303 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2304 hci_dev_unlock(hdev);
2305 cancel_delayed_work_sync(&hdev->service_cache);
2306 hci_dev_lock(hdev);
890ea898 2307 update_eir(&req);
7d78525d 2308 }
14c0b608 2309
890ea898
JH		 2310 update_class(&req);
2311
92da6097
JH		 2312 err = hci_req_run(&req, set_class_complete);
2313 if (err < 0) {
2314 if (err != -ENODATA)
2315 goto unlock;
1aff6f09 2316
bdb6d971 2317 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2318 hdev->dev_class, 3);
90e70454
JH		 2319 goto unlock;
2320 }
2321
2322 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2323 if (!cmd) {
90e70454 2324 err = -ENOMEM;
890ea898
JH		 2325 goto unlock;
2326 }
2327
2328 err = 0;
1aff6f09 2329
b5235a65 2330unlock:
09fd0de5 2331 hci_dev_unlock(hdev);
1aff6f09
JH		 2332 return err;
2333}
2334
bdb6d971 2335static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2336 u16 len)
55ed8ca1 2337{
650f726d 2338 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2339 u16 key_count, expected_len;
b1de97d8 2340 bool changed;
a492cd52 2341 int i;
55ed8ca1 2342
9060d5cf
MH		 2343 BT_DBG("request for %s", hdev->name);
2344
2345 if (!lmp_bredr_capable(hdev))
2346 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2347 MGMT_STATUS_NOT_SUPPORTED);
2348
1f350c87 2349 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2350
86742e1e
JH		 2351 expected_len = sizeof(*cp) + key_count *
2352 sizeof(struct mgmt_link_key_info);
a492cd52 2353 if (expected_len != len) {
86742e1e 2354 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2355 expected_len, len);
bdb6d971 2356 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2357 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2358 }
2359
4ae14301
JH		 2360 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2361 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2362 MGMT_STATUS_INVALID_PARAMS);
2363
bdb6d971 2364 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2365 key_count);
55ed8ca1 2366
4ee71b20
JH		 2367 for (i = 0; i < key_count; i++) {
2368 struct mgmt_link_key_info *key = &cp->keys[i];
2369
8e991132 2370 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2371 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2372 MGMT_STATUS_INVALID_PARAMS);
2373 }
2374
09fd0de5 2375 hci_dev_lock(hdev);
55ed8ca1
JH		 2376
2377 hci_link_keys_clear(hdev);
2378
55ed8ca1 2379 if (cp->debug_keys)
b1de97d8 2380 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2381 else
b1de97d8
MH		 2382 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2383
2384 if (changed)
2385 new_settings(hdev, NULL);
55ed8ca1 2386
a492cd52 2387 for (i = 0; i < key_count; i++) {
86742e1e 2388 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2389
d753fdc4 2390 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2391 key->type, key->pin_len);
55ed8ca1
JH		 2392 }
2393
bdb6d971 2394 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2395
09fd0de5 2396 hci_dev_unlock(hdev);
55ed8ca1 2397
a492cd52 2398 return 0;
55ed8ca1
JH		 2399}
2400
b1078ad0 2401static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2402 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2403{
2404 struct mgmt_ev_device_unpaired ev;
2405
2406 bacpy(&ev.addr.bdaddr, bdaddr);
2407 ev.addr.type = addr_type;
2408
2409 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2410 skip_sk);
b1078ad0
JH		 2411}
2412
bdb6d971 2413static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2414 u16 len)
55ed8ca1 2415{
124f6e35
JH		 2416 struct mgmt_cp_unpair_device *cp = data;
2417 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2418 struct hci_cp_disconnect dc;
2419 struct pending_cmd *cmd;
55ed8ca1 2420 struct hci_conn *conn;
55ed8ca1
JH		 2421 int err;
2422
a8a1d19e 2423 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2424 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2425 rp.addr.type = cp->addr.type;
a8a1d19e 2426
4ee71b20
JH		 2427 if (!bdaddr_type_is_valid(cp->addr.type))
2428 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2429 MGMT_STATUS_INVALID_PARAMS,
2430 &rp, sizeof(rp));
2431
118da70b
JH		 2432 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2433 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2434 MGMT_STATUS_INVALID_PARAMS,
2435 &rp, sizeof(rp));
2436
4ee71b20
JH		 2437 hci_dev_lock(hdev);
2438
86a8cfc6 2439 if (!hdev_is_powered(hdev)) {
bdb6d971 2440 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2441 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2442 goto unlock;
2443 }
2444
e0b2b27e 2445 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2446 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2447 } else {
2448 u8 addr_type;
2449
2450 if (cp->addr.type == BDADDR_LE_PUBLIC)
2451 addr_type = ADDR_LE_DEV_PUBLIC;
2452 else
2453 addr_type = ADDR_LE_DEV_RANDOM;
2454
a7ec7338
JH		 2455 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2456
a9b0a04c
AG		 2457 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2458
e0b2b27e
JH		 2459 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2460 }
b0dbfb46 2461
55ed8ca1 2462 if (err < 0) {
bdb6d971 2463 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2464 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2465 goto unlock;
2466 }
2467
86a8cfc6 2468 if (cp->disconnect) {
591f47f3 2469 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2470 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2471 &cp->addr.bdaddr);
86a8cfc6
JH		 2472 else
2473 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2474 &cp->addr.bdaddr);
86a8cfc6
JH		 2475 } else {
2476 conn = NULL;
2477 }
124f6e35 2478
a8a1d19e 2479 if (!conn) {
bdb6d971 2480 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2481 &rp, sizeof(rp));
b1078ad0 2482 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2483 goto unlock;
2484 }
55ed8ca1 2485
124f6e35 2486 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2487 sizeof(*cp));
a8a1d19e
JH		 2488 if (!cmd) {
2489 err = -ENOMEM;
2490 goto unlock;
55ed8ca1
JH		 2491 }
2492
eb55ef07 2493 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2494 dc.reason = 0x13; /* Remote User Terminated Connection */
2495 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2496 if (err < 0)
2497 mgmt_pending_remove(cmd);
2498
55ed8ca1 2499unlock:
09fd0de5 2500 hci_dev_unlock(hdev);
55ed8ca1
JH		 2501 return err;
2502}
2503
bdb6d971 2504static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2505 u16 len)
8962ee74 2506{
650f726d 2507 struct mgmt_cp_disconnect *cp = data;
06a63b19 2508 struct mgmt_rp_disconnect rp;
8962ee74 2509 struct hci_cp_disconnect dc;
366a0336 2510 struct pending_cmd *cmd;
8962ee74 2511 struct hci_conn *conn;
8962ee74
JH		 2512 int err;
2513
2514 BT_DBG("");
2515
06a63b19
JH		 2516 memset(&rp, 0, sizeof(rp));
2517 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2518 rp.addr.type = cp->addr.type;
2519
4ee71b20 2520 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2521 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2522 MGMT_STATUS_INVALID_PARAMS,
2523 &rp, sizeof(rp));
4ee71b20 2524
09fd0de5 2525 hci_dev_lock(hdev);
8962ee74
JH		 2526
2527 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2528 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2529 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2530 goto failed;
2531 }
2532
2e58ef3e 2533 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2534 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2535 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2536 goto failed;
2537 }
2538
591f47f3 2539 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2540 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2541 &cp->addr.bdaddr);
88c3df13
JH		 2542 else
2543 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2544
f960727e 2545 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2546 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2547 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2548 goto failed;
2549 }
2550
2e58ef3e 2551 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2552 if (!cmd) {
2553 err = -ENOMEM;
8962ee74 2554 goto failed;
366a0336 2555 }
8962ee74 2556
eb55ef07 2557 dc.handle = cpu_to_le16(conn->handle);
3701f944 2558 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2559
2560 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2561 if (err < 0)
a664b5bc 2562 mgmt_pending_remove(cmd);
8962ee74
JH		 2563
2564failed:
09fd0de5 2565 hci_dev_unlock(hdev);
8962ee74
JH		 2566 return err;
2567}
2568
57c1477c 2569static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2570{
2571 switch (link_type) {
2572 case LE_LINK:
48264f06
JH		 2573 switch (addr_type) {
2574 case ADDR_LE_DEV_PUBLIC:
591f47f3 2575 return BDADDR_LE_PUBLIC;
0ed09148 2576
48264f06 2577 default:
0ed09148 2578 /* Fallback to LE Random address type */
591f47f3 2579 return BDADDR_LE_RANDOM;
48264f06 2580 }
0ed09148 2581
4c659c39 2582 default:
0ed09148 2583 /* Fallback to BR/EDR type */
591f47f3 2584 return BDADDR_BREDR;
4c659c39
JH		 2585 }
2586}
2587
04124681
GP		 2588static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2589 u16 data_len)
2784eb41 2590{
2784eb41 2591 struct mgmt_rp_get_connections *rp;
8035ded4 2592 struct hci_conn *c;
a38528f1 2593 size_t rp_len;
60fc5fb6
JH		 2594 int err;
2595 u16 i;
2784eb41
JH		 2596
2597 BT_DBG("");
2598
09fd0de5 2599 hci_dev_lock(hdev);
2784eb41 2600
5f97c1df 2601 if (!hdev_is_powered(hdev)) {
bdb6d971 2602 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2603 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2604 goto unlock;
2605 }
2606
60fc5fb6 2607 i = 0;
b644ba33
JH		 2608 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2609 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2610 i++;
2784eb41
JH		 2611 }
2612
60fc5fb6 2613 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2614 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2615 if (!rp) {
2784eb41
JH		 2616 err = -ENOMEM;
2617 goto unlock;
2618 }
2619
2784eb41 2620 i = 0;
4c659c39 2621 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2622 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2623 continue;
4c659c39 2624 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2625 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2626 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2627 continue;
2628 i++;
2629 }
2630
eb55ef07 2631 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2632
4c659c39
JH		 2633 /* Recalculate length in case of filtered SCO connections, etc */
2634 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2635
bdb6d971 2636 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2637 rp_len);
2784eb41 2638
a38528f1 2639 kfree(rp);
5f97c1df
JH		 2640
2641unlock:
09fd0de5 2642 hci_dev_unlock(hdev);
2784eb41
JH		 2643 return err;
2644}
2645
bdb6d971 2646static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2647 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2648{
2649 struct pending_cmd *cmd;
2650 int err;
2651
2e58ef3e 2652 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2653 sizeof(*cp));
96d97a67
WR		 2654 if (!cmd)
2655 return -ENOMEM;
2656
d8457698 2657 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2658 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2659 if (err < 0)
2660 mgmt_pending_remove(cmd);
2661
2662 return err;
2663}
2664
bdb6d971 2665static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2666 u16 len)
980e1a53 2667{
96d97a67 2668 struct hci_conn *conn;
650f726d 2669 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2670 struct hci_cp_pin_code_reply reply;
366a0336 2671 struct pending_cmd *cmd;
980e1a53
JH		 2672 int err;
2673
2674 BT_DBG("");
2675
09fd0de5 2676 hci_dev_lock(hdev);
980e1a53 2677
4b34ee78 2678 if (!hdev_is_powered(hdev)) {
bdb6d971 2679 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2680 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2681 goto failed;
2682 }
2683
d8457698 2684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2685 if (!conn) {
bdb6d971 2686 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2687 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2688 goto failed;
2689 }
2690
2691 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2692 struct mgmt_cp_pin_code_neg_reply ncp;
2693
2694 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2695
2696 BT_ERR("PIN code is not 16 bytes long");
2697
bdb6d971 2698 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2699 if (err >= 0)
bdb6d971 2700 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2701 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2702
2703 goto failed;
2704 }
2705
00abfe44 2706 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2707 if (!cmd) {
2708 err = -ENOMEM;
980e1a53 2709 goto failed;
366a0336 2710 }
980e1a53 2711
d8457698 2712 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2713 reply.pin_len = cp->pin_len;
24718ca5 2714 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2715
2716 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2717 if (err < 0)
a664b5bc 2718 mgmt_pending_remove(cmd);
980e1a53
JH		 2719
2720failed:
09fd0de5 2721 hci_dev_unlock(hdev);
980e1a53
JH		 2722 return err;
2723}
2724
04124681
GP		 2725static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2726 u16 len)
17fa4b9d 2727{
650f726d 2728 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2729
2730 BT_DBG("");
2731
09fd0de5 2732 hci_dev_lock(hdev);
17fa4b9d
JH		 2733
2734 hdev->io_capability = cp->io_capability;
2735
2736 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2737 hdev->io_capability);
17fa4b9d 2738
09fd0de5 2739 hci_dev_unlock(hdev);
17fa4b9d 2740
04124681
GP		 2741 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2742 0);
17fa4b9d
JH		 2743}
2744
6039aa73 2745static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2746{
2747 struct hci_dev *hdev = conn->hdev;
8035ded4 2748 struct pending_cmd *cmd;
e9a416b5 2749
2e58ef3e 2750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2751 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2752 continue;
2753
e9a416b5
JH		 2754 if (cmd->user_data != conn)
2755 continue;
2756
2757 return cmd;
2758 }
2759
2760 return NULL;
2761}
2762
2763static void pairing_complete(struct pending_cmd *cmd, u8 status)
2764{
2765 struct mgmt_rp_pair_device rp;
2766 struct hci_conn *conn = cmd->user_data;
2767
61b1a7fb
JH		 2768 bacpy(&rp.addr.bdaddr, &conn->dst);
2769 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2770
aee9b218 2771 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2772 &rp, sizeof(rp));
e9a416b5
JH		 2773
2774 /* So we don't get further callbacks for this connection */
2775 conn->connect_cfm_cb = NULL;
2776 conn->security_cfm_cb = NULL;
2777 conn->disconn_cfm_cb = NULL;
2778
76a68ba0 2779 hci_conn_drop(conn);
e9a416b5 2780
a664b5bc 2781 mgmt_pending_remove(cmd);
e9a416b5
JH		 2782}
2783
f4a407be
JH		 2784void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2785{
2786 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2787 struct pending_cmd *cmd;
2788
2789 cmd = find_pairing(conn);
2790 if (cmd)
2791 pairing_complete(cmd, status);
2792}
2793
e9a416b5
JH		 2794static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2795{
2796 struct pending_cmd *cmd;
2797
2798 BT_DBG("status %u", status);
2799
2800 cmd = find_pairing(conn);
56e5cb86 2801 if (!cmd)
e9a416b5 2802 BT_DBG("Unable to find a pending command");
56e5cb86 2803 else
e211326c 2804 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2805}
2806
f4a407be 2807static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2808{
2809 struct pending_cmd *cmd;
2810
2811 BT_DBG("status %u", status);
2812
2813 if (!status)
2814 return;
2815
2816 cmd = find_pairing(conn);
2817 if (!cmd)
2818 BT_DBG("Unable to find a pending command");
2819 else
2820 pairing_complete(cmd, mgmt_status(status));
2821}
2822
bdb6d971 2823static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2824 u16 len)
e9a416b5 2825{
650f726d 2826 struct mgmt_cp_pair_device *cp = data;
1425acb7 2827 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2828 struct pending_cmd *cmd;
2829 u8 sec_level, auth_type;
2830 struct hci_conn *conn;
e9a416b5
JH		 2831 int err;
2832
2833 BT_DBG("");
2834
f950a30e
SJ		 2835 memset(&rp, 0, sizeof(rp));
2836 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2837 rp.addr.type = cp->addr.type;
2838
4ee71b20
JH		 2839 if (!bdaddr_type_is_valid(cp->addr.type))
2840 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2841 MGMT_STATUS_INVALID_PARAMS,
2842 &rp, sizeof(rp));
2843
09fd0de5 2844 hci_dev_lock(hdev);
e9a416b5 2845
5f97c1df 2846 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2847 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2848 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2849 goto unlock;
2850 }
2851
c908df36
VCG		 2852 sec_level = BT_SECURITY_MEDIUM;
2853 if (cp->io_cap == 0x03)
e9a416b5 2854 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2855 else
e9a416b5 2856 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2857
6f77d8c7 2858 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2859 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2860 auth_type);
6f77d8c7
AG		 2861 } else {
2862 u8 addr_type;
2863
2864 /* Convert from L2CAP channel address type to HCI address type
2865 */
2866 if (cp->addr.type == BDADDR_LE_PUBLIC)
2867 addr_type = ADDR_LE_DEV_PUBLIC;
2868 else
2869 addr_type = ADDR_LE_DEV_RANDOM;
2870
2871 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2872 sec_level, auth_type);
6f77d8c7 2873 }
7a512d01 2874
30e76272 2875 if (IS_ERR(conn)) {
489dc48e
AK		 2876 int status;
2877
2878 if (PTR_ERR(conn) == -EBUSY)
2879 status = MGMT_STATUS_BUSY;
2880 else
2881 status = MGMT_STATUS_CONNECT_FAILED;
2882
bdb6d971 2883 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2884 status, &rp,
04124681 2885 sizeof(rp));
e9a416b5
JH		 2886 goto unlock;
2887 }
2888
2889 if (conn->connect_cfm_cb) {
76a68ba0 2890 hci_conn_drop(conn);
bdb6d971 2891 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2892 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2893 goto unlock;
2894 }
2895
2e58ef3e 2896 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2897 if (!cmd) {
2898 err = -ENOMEM;
76a68ba0 2899 hci_conn_drop(conn);
e9a416b5
JH		 2900 goto unlock;
2901 }
2902
7a512d01 2903 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2904 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2905 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2906 conn->security_cfm_cb = pairing_complete_cb;
2907 conn->disconn_cfm_cb = pairing_complete_cb;
2908 } else {
2909 conn->connect_cfm_cb = le_pairing_complete_cb;
2910 conn->security_cfm_cb = le_pairing_complete_cb;
2911 conn->disconn_cfm_cb = le_pairing_complete_cb;
2912 }
7a512d01 2913
e9a416b5
JH		 2914 conn->io_capability = cp->io_cap;
2915 cmd->user_data = conn;
2916
2917 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2918 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2919 pairing_complete(cmd, 0);
2920
2921 err = 0;
2922
2923unlock:
09fd0de5 2924 hci_dev_unlock(hdev);
e9a416b5
JH		 2925 return err;
2926}
2927
04124681
GP		 2928static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2929 u16 len)
28424707 2930{
0f4e68cf 2931 struct mgmt_addr_info *addr = data;
28424707
JH		 2932 struct pending_cmd *cmd;
2933 struct hci_conn *conn;
2934 int err;
2935
2936 BT_DBG("");
2937
28424707
JH		 2938 hci_dev_lock(hdev);
2939
5f97c1df 2940 if (!hdev_is_powered(hdev)) {
bdb6d971 2941 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2942 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2943 goto unlock;
2944 }
2945
28424707
JH		 2946 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2947 if (!cmd) {
bdb6d971 2948 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2949 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2950 goto unlock;
2951 }
2952
2953 conn = cmd->user_data;
2954
2955 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2956 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2957 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2958 goto unlock;
2959 }
2960
2961 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2962
bdb6d971 2963 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2964 addr, sizeof(*addr));
28424707
JH		 2965unlock:
2966 hci_dev_unlock(hdev);
28424707
JH		 2967 return err;
2968}
2969
bdb6d971 2970static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2971 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2972 u16 hci_op, __le32 passkey)
a5c29683 2973{
a5c29683 2974 struct pending_cmd *cmd;
0df4c185 2975 struct hci_conn *conn;
a5c29683
JH		 2976 int err;
2977
09fd0de5 2978 hci_dev_lock(hdev);
08ba5382 2979
4b34ee78 2980 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2981 err = cmd_complete(sk, hdev->id, mgmt_op,
2982 MGMT_STATUS_NOT_POWERED, addr,
2983 sizeof(*addr));
0df4c185 2984 goto done;
a5c29683
JH		 2985 }
2986
1707c60e
JH		 2987 if (addr->type == BDADDR_BREDR)
2988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2989 else
1707c60e 2990 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2991
2992 if (!conn) {
feb94d3d
JH		 2993 err = cmd_complete(sk, hdev->id, mgmt_op,
2994 MGMT_STATUS_NOT_CONNECTED, addr,
2995 sizeof(*addr));
272d90df
JH		 2996 goto done;
2997 }
47c15e2b 2998
1707c60e 2999 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 3000 /* Continue with pairing via SMP */
5fe57d9e
BG		 3001 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
3002
3003 if (!err)
feb94d3d
JH		 3004 err = cmd_complete(sk, hdev->id, mgmt_op,
3005 MGMT_STATUS_SUCCESS, addr,
3006 sizeof(*addr));
5fe57d9e 3007 else
feb94d3d
JH		 3008 err = cmd_complete(sk, hdev->id, mgmt_op,
3009 MGMT_STATUS_FAILED, addr,
3010 sizeof(*addr));
47c15e2b 3011
47c15e2b
BG		 3012 goto done;
3013 }
3014
1707c60e 3015 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3016 if (!cmd) {
3017 err = -ENOMEM;
0df4c185 3018 goto done;
a5c29683
JH		 3019 }
3020
0df4c185 3021 /* Continue with pairing via HCI */
604086b7
BG		 3022 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3023 struct hci_cp_user_passkey_reply cp;
3024
1707c60e 3025 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3026 cp.passkey = passkey;
3027 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3028 } else
1707c60e
JH		 3029 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3030 &addr->bdaddr);
604086b7 3031
a664b5bc
JH		 3032 if (err < 0)
3033 mgmt_pending_remove(cmd);
a5c29683 3034
0df4c185 3035done:
09fd0de5 3036 hci_dev_unlock(hdev);
a5c29683
JH		 3037 return err;
3038}
3039
afeb019d
JK		 3040static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3041 void *data, u16 len)
3042{
3043 struct mgmt_cp_pin_code_neg_reply *cp = data;
3044
3045 BT_DBG("");
3046
1707c60e 3047 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3048 MGMT_OP_PIN_CODE_NEG_REPLY,
3049 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3050}
3051
04124681
GP		 3052static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3053 u16 len)
0df4c185 3054{
650f726d 3055 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3056
3057 BT_DBG("");
3058
3059 if (len != sizeof(*cp))
bdb6d971 3060 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3061 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3062
1707c60e 3063 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3064 MGMT_OP_USER_CONFIRM_REPLY,
3065 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3066}
3067
bdb6d971 3068static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3069 void *data, u16 len)
0df4c185 3070{
c9c2659f 3071 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3072
3073 BT_DBG("");
3074
1707c60e 3075 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3076 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3077 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3078}
3079
04124681
GP		 3080static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3081 u16 len)
604086b7 3082{
650f726d 3083 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3084
3085 BT_DBG("");
3086
1707c60e 3087 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3088 MGMT_OP_USER_PASSKEY_REPLY,
3089 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3090}
3091
bdb6d971 3092static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3093 void *data, u16 len)
604086b7 3094{
650f726d 3095 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3096
3097 BT_DBG("");
3098
1707c60e 3099 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3100 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3101 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3102}
3103
13928971 3104static void update_name(struct hci_request *req)
2b4bf397 3105{
13928971 3106 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3107 struct hci_cp_write_local_name cp;
3108
13928971 3109 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3110
890ea898 3111 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3112}
3113
13928971
JH		 3114static void set_name_complete(struct hci_dev *hdev, u8 status)
3115{
3116 struct mgmt_cp_set_local_name *cp;
3117 struct pending_cmd *cmd;
3118
3119 BT_DBG("status 0x%02x", status);
3120
3121 hci_dev_lock(hdev);
3122
3123 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3124 if (!cmd)
3125 goto unlock;
3126
3127 cp = cmd->param;
3128
3129 if (status)
3130 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3131 mgmt_status(status));
3132 else
3133 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3134 cp, sizeof(*cp));
3135
3136 mgmt_pending_remove(cmd);
3137
3138unlock:
3139 hci_dev_unlock(hdev);
3140}
3141
bdb6d971 3142static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3143 u16 len)
b312b161 3144{
2b4bf397 3145 struct mgmt_cp_set_local_name *cp = data;
b312b161 3146 struct pending_cmd *cmd;
890ea898 3147 struct hci_request req;
b312b161
JH		 3148 int err;
3149
3150 BT_DBG("");
3151
09fd0de5 3152 hci_dev_lock(hdev);
b312b161 3153
b3f2ca94
JH		 3154 /* If the old values are the same as the new ones just return a
3155 * direct command complete event.
3156 */
3157 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3158 !memcmp(hdev->short_name, cp->short_name,
3159 sizeof(hdev->short_name))) {
3160 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3161 data, len);
3162 goto failed;
3163 }
3164
2b4bf397 3165 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3166
b5235a65 3167 if (!hdev_is_powered(hdev)) {
2b4bf397 3168 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3169
3170 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3171 data, len);
28cc7bde
JH		 3172 if (err < 0)
3173 goto failed;
3174
3175 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3176 sk);
28cc7bde 3177
b5235a65
JH		 3178 goto failed;
3179 }
3180
28cc7bde 3181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3182 if (!cmd) {
3183 err = -ENOMEM;
3184 goto failed;
3185 }
3186
13928971
JH		 3187 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3188
890ea898 3189 hci_req_init(&req, hdev);
3f985050
JH		 3190
3191 if (lmp_bredr_capable(hdev)) {
3192 update_name(&req);
3193 update_eir(&req);
3194 }
3195
7a5f4990
MH		 3196 /* The name is stored in the scan response data and so
3197 * no need to udpate the advertising data here.
3198 */
3f985050 3199 if (lmp_le_capable(hdev))
7a5f4990 3200 update_scan_rsp_data(&req);
3f985050 3201
13928971 3202 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3203 if (err < 0)
3204 mgmt_pending_remove(cmd);
3205
3206failed:
09fd0de5 3207 hci_dev_unlock(hdev);
b312b161
JH		 3208 return err;
3209}
3210
0f4e68cf 3211static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3212 void *data, u16 data_len)
c35938b2 3213{
c35938b2
SJ		 3214 struct pending_cmd *cmd;
3215 int err;
3216
bdb6d971 3217 BT_DBG("%s", hdev->name);
c35938b2 3218
09fd0de5 3219 hci_dev_lock(hdev);
c35938b2 3220
4b34ee78 3221 if (!hdev_is_powered(hdev)) {
bdb6d971 3222 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3223 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3224 goto unlock;
3225 }
3226
9a1a1996 3227 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3228 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3229 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3230 goto unlock;
3231 }
3232
2e58ef3e 3233 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3234 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3235 MGMT_STATUS_BUSY);
c35938b2
SJ		 3236 goto unlock;
3237 }
3238
2e58ef3e 3239 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3240 if (!cmd) {
3241 err = -ENOMEM;
3242 goto unlock;
3243 }
3244
4d2d2796
MH		 3245 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3246 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3247 0, NULL);
3248 else
3249 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3250
c35938b2
SJ		 3251 if (err < 0)
3252 mgmt_pending_remove(cmd);
3253
3254unlock:
09fd0de5 3255 hci_dev_unlock(hdev);
c35938b2
SJ		 3256 return err;
3257}
3258
bdb6d971 3259static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3260 void *data, u16 len)
2763eda6 3261{
2763eda6
SJ		 3262 int err;
3263
bdb6d971 3264 BT_DBG("%s ", hdev->name);
2763eda6 3265
09fd0de5 3266 hci_dev_lock(hdev);
2763eda6 3267
ec109113
MH		 3268 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3269 struct mgmt_cp_add_remote_oob_data *cp = data;
3270 u8 status;
bf1e3541 3271
ec109113
MH		 3272 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3273 cp->hash, cp->randomizer);
3274 if (err < 0)
3275 status = MGMT_STATUS_FAILED;
3276 else
3277 status = MGMT_STATUS_SUCCESS;
3278
3279 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3280 status, &cp->addr, sizeof(cp->addr));
3281 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3282 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3283 u8 status;
3284
3285 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3286 cp->hash192,
3287 cp->randomizer192,
3288 cp->hash256,
3289 cp->randomizer256);
3290 if (err < 0)
3291 status = MGMT_STATUS_FAILED;
3292 else
3293 status = MGMT_STATUS_SUCCESS;
3294
3295 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3296 status, &cp->addr, sizeof(cp->addr));
3297 } else {
3298 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3299 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3300 MGMT_STATUS_INVALID_PARAMS);
3301 }
2763eda6 3302
09fd0de5 3303 hci_dev_unlock(hdev);
2763eda6
SJ		 3304 return err;
3305}
3306
bdb6d971 3307static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3308 void *data, u16 len)
2763eda6 3309{
650f726d 3310 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3311 u8 status;
2763eda6
SJ		 3312 int err;
3313
bdb6d971 3314 BT_DBG("%s", hdev->name);
2763eda6 3315
09fd0de5 3316 hci_dev_lock(hdev);
2763eda6 3317
664ce4cc 3318 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3319 if (err < 0)
bf1e3541 3320 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3321 else
a6785be2 3322 status = MGMT_STATUS_SUCCESS;
bf1e3541 3323
bdb6d971 3324 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3325 status, &cp->addr, sizeof(cp->addr));
2763eda6 3326
09fd0de5 3327 hci_dev_unlock(hdev);
2763eda6
SJ		 3328 return err;
3329}
3330
41dc2bd6
AG		 3331static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3332{
3333 struct pending_cmd *cmd;
3334 u8 type;
3335 int err;
3336
3337 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3338
3339 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3340 if (!cmd)
3341 return -ENOENT;
3342
3343 type = hdev->discovery.type;
3344
3345 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3346 &type, sizeof(type));
3347 mgmt_pending_remove(cmd);
3348
3349 return err;
3350}
3351
7c307720
AG		 3352static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3353{
ae55f598
LR		 3354 unsigned long timeout = 0;
3355
7c307720
AG		 3356 BT_DBG("status %d", status);
3357
3358 if (status) {
3359 hci_dev_lock(hdev);
3360 mgmt_start_discovery_failed(hdev, status);
3361 hci_dev_unlock(hdev);
3362 return;
3363 }
3364
3365 hci_dev_lock(hdev);
3366 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3367 hci_dev_unlock(hdev);
3368
3369 switch (hdev->discovery.type) {
3370 case DISCOV_TYPE_LE:
ae55f598 3371 timeout = DISCOV_LE_TIMEOUT;
7c307720
AG		 3372 break;
3373
3374 case DISCOV_TYPE_INTERLEAVED:
ae55f598 3375 timeout = msecs_to_jiffies(DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3376 break;
3377
3378 case DISCOV_TYPE_BREDR:
3379 break;
3380
3381 default:
3382 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3383 }
ae55f598
LR		 3384
3385 if (!timeout)
3386 return;
3387
3388 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3389}
3390
bdb6d971 3391static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3392 void *data, u16 len)
14a53664 3393{
650f726d 3394 struct mgmt_cp_start_discovery *cp = data;
14a53664 3395 struct pending_cmd *cmd;
7c307720
AG		 3396 struct hci_cp_le_set_scan_param param_cp;
3397 struct hci_cp_le_set_scan_enable enable_cp;
3398 struct hci_cp_inquiry inq_cp;
3399 struct hci_request req;
3400 /* General inquiry access code (GIAC) */
3401 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3402 u8 status, own_addr_type;
14a53664
JH		 3403 int err;
3404
bdb6d971 3405 BT_DBG("%s", hdev->name);
14a53664 3406
09fd0de5 3407 hci_dev_lock(hdev);
14a53664 3408
4b34ee78 3409 if (!hdev_is_powered(hdev)) {
bdb6d971 3410 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3411 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3412 goto failed;
3413 }
3414
642be6c7
AG		 3415 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3416 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3417 MGMT_STATUS_BUSY);
3418 goto failed;
3419 }
3420
ff9ef578 3421 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3422 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3423 MGMT_STATUS_BUSY);
ff9ef578
JH		 3424 goto failed;
3425 }
3426
2e58ef3e 3427 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3428 if (!cmd) {
3429 err = -ENOMEM;
3430 goto failed;
3431 }
3432
4aab14e5
AG		 3433 hdev->discovery.type = cp->type;
3434
7c307720
AG		 3435 hci_req_init(&req, hdev);
3436
4aab14e5 3437 switch (hdev->discovery.type) {
f39799f5 3438 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3439 status = mgmt_bredr_support(hdev);
3440 if (status) {
04106755 3441 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3442 status);
04106755
JH		 3443 mgmt_pending_remove(cmd);
3444 goto failed;
3445 }
3446
7c307720
AG		 3447 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3448 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3449 MGMT_STATUS_BUSY);
3450 mgmt_pending_remove(cmd);
3451 goto failed;
3452 }
3453
3454 hci_inquiry_cache_flush(hdev);
3455
3456 memset(&inq_cp, 0, sizeof(inq_cp));
3457 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3458 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3459 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3460 break;
3461
3462 case DISCOV_TYPE_LE:
7c307720 3463 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3464 status = mgmt_le_support(hdev);
3465 if (status) {
04106755 3466 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3467 status);
04106755
JH		 3468 mgmt_pending_remove(cmd);
3469 goto failed;
3470 }
3471
7c307720 3472 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3473 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3474 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3475 MGMT_STATUS_NOT_SUPPORTED);
3476 mgmt_pending_remove(cmd);
3477 goto failed;
3478 }
3479
f3d3444a 3480 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3481 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3482 MGMT_STATUS_REJECTED);
3483 mgmt_pending_remove(cmd);
3484 goto failed;
3485 }
3486
c54c3860
AG		 3487 /* If controller is scanning, it means the background scanning
3488 * is running. Thus, we should temporarily stop it in order to
3489 * set the discovery scanning parameters.
3490 */
3491 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3492 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3493
3494 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3495
94b1fc92
MH		 3496 /* All active scans will be done with either a resolvable
3497 * private address (when privacy feature has been enabled)
3498 * or unresolvable private address.
3499 */
3500 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3501 if (err < 0) {
3502 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3503 MGMT_STATUS_FAILED);
3504 mgmt_pending_remove(cmd);
3505 goto failed;
3506 }
3507
7c307720 3508 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3509 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3510 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3511 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3512 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3513 &param_cp);
3514
3515 memset(&enable_cp, 0, sizeof(enable_cp));
3516 enable_cp.enable = LE_SCAN_ENABLE;
3517 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3518 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3519 &enable_cp);
5e0452c0
AG		 3520 break;
3521
f39799f5 3522 default:
04106755
JH		 3523 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3524 MGMT_STATUS_INVALID_PARAMS);
3525 mgmt_pending_remove(cmd);
3526 goto failed;
f39799f5 3527 }
3fd24153 3528
7c307720 3529 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3530 if (err < 0)
3531 mgmt_pending_remove(cmd);
ff9ef578
JH		 3532 else
3533 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3534
3535failed:
09fd0de5 3536 hci_dev_unlock(hdev);
14a53664
JH		 3537 return err;
3538}
3539
1183fdca
AG		 3540static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3541{
3542 struct pending_cmd *cmd;
3543 int err;
3544
3545 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3546 if (!cmd)
3547 return -ENOENT;
3548
3549 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3550 &hdev->discovery.type, sizeof(hdev->discovery.type));
3551 mgmt_pending_remove(cmd);
3552
3553 return err;
3554}
3555
0e05bba6
AG		 3556static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3557{
3558 BT_DBG("status %d", status);
3559
3560 hci_dev_lock(hdev);
3561
3562 if (status) {
3563 mgmt_stop_discovery_failed(hdev, status);
3564 goto unlock;
3565 }
3566
3567 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3568
3569unlock:
3570 hci_dev_unlock(hdev);
3571}
3572
bdb6d971 3573static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3574 u16 len)
14a53664 3575{
d930650b 3576 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3577 struct pending_cmd *cmd;
30dc78e1
JH		 3578 struct hci_cp_remote_name_req_cancel cp;
3579 struct inquiry_entry *e;
0e05bba6 3580 struct hci_request req;
14a53664
JH		 3581 int err;
3582
bdb6d971 3583 BT_DBG("%s", hdev->name);
14a53664 3584
09fd0de5 3585 hci_dev_lock(hdev);
14a53664 3586
30dc78e1 3587 if (!hci_discovery_active(hdev)) {
bdb6d971 3588 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3589 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3590 sizeof(mgmt_cp->type));
d930650b
JH		 3591 goto unlock;
3592 }
3593
3594 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3595 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3596 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3597 sizeof(mgmt_cp->type));
30dc78e1 3598 goto unlock;
ff9ef578
JH		 3599 }
3600
2e58ef3e 3601 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3602 if (!cmd) {
3603 err = -ENOMEM;
30dc78e1
JH		 3604 goto unlock;
3605 }
3606
0e05bba6
AG		 3607 hci_req_init(&req, hdev);
3608
e0d9727e
AG		 3609 switch (hdev->discovery.state) {
3610 case DISCOVERY_FINDING:
0e05bba6
AG		 3611 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3612 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3613 } else {
3614 cancel_delayed_work(&hdev->le_scan_disable);
3615
b1efcc28 3616 hci_req_add_le_scan_disable(&req);
0e05bba6 3617 }
c9ecc48e 3618
e0d9727e
AG		 3619 break;
3620
3621 case DISCOVERY_RESOLVING:
3622 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3623 NAME_PENDING);
e0d9727e 3624 if (!e) {
30dc78e1 3625 mgmt_pending_remove(cmd);
e0d9727e
AG		 3626 err = cmd_complete(sk, hdev->id,
3627 MGMT_OP_STOP_DISCOVERY, 0,
3628 &mgmt_cp->type,
3629 sizeof(mgmt_cp->type));
3630 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3631 goto unlock;
3632 }
30dc78e1 3633
e0d9727e 3634 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3635 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3636 &cp);
e0d9727e
AG		 3637
3638 break;
3639
3640 default:
3641 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3642
3643 mgmt_pending_remove(cmd);
3644 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3645 MGMT_STATUS_FAILED, &mgmt_cp->type,
3646 sizeof(mgmt_cp->type));
3647 goto unlock;
14a53664
JH		 3648 }
3649
0e05bba6 3650 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3651 if (err < 0)
3652 mgmt_pending_remove(cmd);
ff9ef578
JH		 3653 else
3654 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3655
30dc78e1 3656unlock:
09fd0de5 3657 hci_dev_unlock(hdev);
14a53664
JH		 3658 return err;
3659}
3660
bdb6d971 3661static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3662 u16 len)
561aafbc 3663{
650f726d 3664 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3665 struct inquiry_entry *e;
561aafbc
JH		 3666 int err;
3667
bdb6d971 3668 BT_DBG("%s", hdev->name);
561aafbc 3669
561aafbc
JH		 3670 hci_dev_lock(hdev);
3671
30dc78e1 3672 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3673 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3674 MGMT_STATUS_FAILED, &cp->addr,
3675 sizeof(cp->addr));
30dc78e1
JH		 3676 goto failed;
3677 }
3678
a198e7b1 3679 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3680 if (!e) {
d3a2541d
LR		 3681 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3682 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3683 sizeof(cp->addr));
561aafbc
JH		 3684 goto failed;
3685 }
3686
3687 if (cp->name_known) {
3688 e->name_state = NAME_KNOWN;
3689 list_del(&e->list);
3690 } else {
3691 e->name_state = NAME_NEEDED;
a3d4e20a 3692 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3693 }
3694
e384662b
JH		 3695 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3696 sizeof(cp->addr));
561aafbc
JH		 3697
3698failed:
3699 hci_dev_unlock(hdev);
561aafbc
JH		 3700 return err;
3701}
3702
bdb6d971 3703static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3704 u16 len)
7fbec224 3705{
650f726d 3706 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3707 u8 status;
7fbec224
AJ		 3708 int err;
3709
bdb6d971 3710 BT_DBG("%s", hdev->name);
7fbec224 3711
4ee71b20 3712 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3713 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3714 MGMT_STATUS_INVALID_PARAMS,
3715 &cp->addr, sizeof(cp->addr));
4ee71b20 3716
09fd0de5 3717 hci_dev_lock(hdev);
5e762444 3718
88c1fe4b 3719 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3720 if (err < 0)
f0eeea8b 3721 status = MGMT_STATUS_FAILED;
7fbec224 3722 else
a6785be2 3723 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3724
bdb6d971 3725 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3726 &cp->addr, sizeof(cp->addr));
5e762444 3727
09fd0de5 3728 hci_dev_unlock(hdev);
7fbec224
AJ		 3729
3730 return err;
3731}
3732
bdb6d971 3733static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3734 u16 len)
7fbec224 3735{
650f726d 3736 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3737 u8 status;
7fbec224
AJ		 3738 int err;
3739
bdb6d971 3740 BT_DBG("%s", hdev->name);
7fbec224 3741
4ee71b20 3742 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3743 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3744 MGMT_STATUS_INVALID_PARAMS,
3745 &cp->addr, sizeof(cp->addr));
4ee71b20 3746
09fd0de5 3747 hci_dev_lock(hdev);
5e762444 3748
88c1fe4b 3749 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3750 if (err < 0)
f0eeea8b 3751 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3752 else
a6785be2 3753 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3754
bdb6d971 3755 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3756 &cp->addr, sizeof(cp->addr));
5e762444 3757
09fd0de5 3758 hci_dev_unlock(hdev);
7fbec224
AJ		 3759
3760 return err;
3761}
3762
cdbaccca
MH		 3763static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3764 u16 len)
3765{
3766 struct mgmt_cp_set_device_id *cp = data;
890ea898 3767 struct hci_request req;
cdbaccca 3768 int err;
c72d4b8a 3769 __u16 source;
cdbaccca
MH		 3770
3771 BT_DBG("%s", hdev->name);
3772
c72d4b8a
SJ		 3773 source = __le16_to_cpu(cp->source);
3774
3775 if (source > 0x0002)
3776 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3777 MGMT_STATUS_INVALID_PARAMS);
3778
cdbaccca
MH		 3779 hci_dev_lock(hdev);
3780
c72d4b8a 3781 hdev->devid_source = source;
cdbaccca
MH		 3782 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3783 hdev->devid_product = __le16_to_cpu(cp->product);
3784 hdev->devid_version = __le16_to_cpu(cp->version);
3785
3786 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3787
890ea898
JH		 3788 hci_req_init(&req, hdev);
3789 update_eir(&req);
3790 hci_req_run(&req, NULL);
cdbaccca
MH		 3791
3792 hci_dev_unlock(hdev);
3793
3794 return err;
3795}
3796
4375f103
JH		 3797static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3798{
3799 struct cmd_lookup match = { NULL, hdev };
3800
3801 if (status) {
3802 u8 mgmt_err = mgmt_status(status);
3803
3804 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3805 cmd_status_rsp, &mgmt_err);
3806 return;
3807 }
3808
3809 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3810 &match);
3811
3812 new_settings(hdev, match.sk);
3813
3814 if (match.sk)
3815 sock_put(match.sk);
3816}
3817
21b5187f
MH		 3818static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3819 u16 len)
4375f103
JH		 3820{
3821 struct mgmt_mode *cp = data;
3822 struct pending_cmd *cmd;
3823 struct hci_request req;
e6fe7986 3824 u8 val, enabled, status;
4375f103
JH		 3825 int err;
3826
3827 BT_DBG("request for %s", hdev->name);
3828
e6fe7986
JH		 3829 status = mgmt_le_support(hdev);
3830 if (status)
4375f103 3831 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3832 status);
4375f103
JH		 3833
3834 if (cp->val != 0x00 && cp->val != 0x01)
3835 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3836 MGMT_STATUS_INVALID_PARAMS);
3837
3838 hci_dev_lock(hdev);
3839
3840 val = !!cp->val;
f3d3444a 3841 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3842
f74ca9b8
JH		 3843 /* The following conditions are ones which mean that we should
3844 * not do any HCI communication but directly send a mgmt
3845 * response to user space (after toggling the flag if
3846 * necessary).
3847 */
3848 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3849 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3850 bool changed = false;
3851
f3d3444a
JH		 3852 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3853 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3854 changed = true;
3855 }
3856
3857 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3858 if (err < 0)
3859 goto unlock;
3860
3861 if (changed)
3862 err = new_settings(hdev, sk);
3863
3864 goto unlock;
3865 }
3866
3867 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3868 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3869 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3870 MGMT_STATUS_BUSY);
3871 goto unlock;
3872 }
3873
3874 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3875 if (!cmd) {
3876 err = -ENOMEM;
3877 goto unlock;
3878 }
3879
3880 hci_req_init(&req, hdev);
3881
bba3aa55
MH		 3882 if (val)
3883 enable_advertising(&req);
3884 else
3885 disable_advertising(&req);
4375f103
JH		 3886
3887 err = hci_req_run(&req, set_advertising_complete);
3888 if (err < 0)
3889 mgmt_pending_remove(cmd);
3890
3891unlock:
3892 hci_dev_unlock(hdev);
3893 return err;
3894}
3895
d13eafce
MH		 3896static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3897 void *data, u16 len)
3898{
3899 struct mgmt_cp_set_static_address *cp = data;
3900 int err;
3901
3902 BT_DBG("%s", hdev->name);
3903
62af4443 3904 if (!lmp_le_capable(hdev))
d13eafce 3905 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3906 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3907
3908 if (hdev_is_powered(hdev))
3909 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3910 MGMT_STATUS_REJECTED);
3911
3912 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3913 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3914 return cmd_status(sk, hdev->id,
3915 MGMT_OP_SET_STATIC_ADDRESS,
3916 MGMT_STATUS_INVALID_PARAMS);
3917
3918 /* Two most significant bits shall be set */
3919 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3920 return cmd_status(sk, hdev->id,
3921 MGMT_OP_SET_STATIC_ADDRESS,
3922 MGMT_STATUS_INVALID_PARAMS);
3923 }
3924
3925 hci_dev_lock(hdev);
3926
3927 bacpy(&hdev->static_addr, &cp->bdaddr);
3928
3929 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3930
3931 hci_dev_unlock(hdev);
3932
3933 return err;
3934}
3935
14b49b9a
MH		 3936static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3937 void *data, u16 len)
3938{
3939 struct mgmt_cp_set_scan_params *cp = data;
3940 __u16 interval, window;
3941 int err;
3942
3943 BT_DBG("%s", hdev->name);
3944
3945 if (!lmp_le_capable(hdev))
3946 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3947 MGMT_STATUS_NOT_SUPPORTED);
3948
3949 interval = __le16_to_cpu(cp->interval);
3950
3951 if (interval < 0x0004 || interval > 0x4000)
3952 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3953 MGMT_STATUS_INVALID_PARAMS);
3954
3955 window = __le16_to_cpu(cp->window);
3956
3957 if (window < 0x0004 || window > 0x4000)
3958 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3959 MGMT_STATUS_INVALID_PARAMS);
3960
899e1075
MH		 3961 if (window > interval)
3962 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3963 MGMT_STATUS_INVALID_PARAMS);
3964
14b49b9a
MH		 3965 hci_dev_lock(hdev);
3966
3967 hdev->le_scan_interval = interval;
3968 hdev->le_scan_window = window;
3969
3970 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3971
dd2ef8e2
AG		 3972 /* If background scan is running, restart it so new parameters are
3973 * loaded.
3974 */
3975 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3976 hdev->discovery.state == DISCOVERY_STOPPED) {
3977 struct hci_request req;
3978
3979 hci_req_init(&req, hdev);
3980
3981 hci_req_add_le_scan_disable(&req);
3982 hci_req_add_le_passive_scan(&req);
3983
3984 hci_req_run(&req, NULL);
3985 }
3986
14b49b9a
MH		 3987 hci_dev_unlock(hdev);
3988
3989 return err;
3990}
3991
33e38b3e
JH		 3992static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3993{
3994 struct pending_cmd *cmd;
3995
3996 BT_DBG("status 0x%02x", status);
3997
3998 hci_dev_lock(hdev);
3999
4000 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4001 if (!cmd)
4002 goto unlock;
4003
4004 if (status) {
4005 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4006 mgmt_status(status));
4007 } else {
1a4d3c4b
JH		 4008 struct mgmt_mode *cp = cmd->param;
4009
4010 if (cp->val)
4011 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4012 else
4013 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4014
33e38b3e
JH		 4015 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4016 new_settings(hdev, cmd->sk);
4017 }
4018
4019 mgmt_pending_remove(cmd);
4020
4021unlock:
4022 hci_dev_unlock(hdev);
4023}
4024
bdb6d971 4025static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4026 void *data, u16 len)
f6422ec6 4027{
650f726d 4028 struct mgmt_mode *cp = data;
33e38b3e
JH		 4029 struct pending_cmd *cmd;
4030 struct hci_request req;
f6422ec6
AJ		 4031 int err;
4032
bdb6d971 4033 BT_DBG("%s", hdev->name);
f6422ec6 4034
56f87901
JH		 4035 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4036 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4037 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4038 MGMT_STATUS_NOT_SUPPORTED);
4039
a7e80f25
JH		 4040 if (cp->val != 0x00 && cp->val != 0x01)
4041 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4042 MGMT_STATUS_INVALID_PARAMS);
4043
5400c044 4044 if (!hdev_is_powered(hdev))
bdb6d971 4045 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4046 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4047
4048 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4049 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4050 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4051
4052 hci_dev_lock(hdev);
4053
05cbf29f
JH		 4054 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4055 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4056 MGMT_STATUS_BUSY);
4057 goto unlock;
4058 }
4059
1a4d3c4b
JH		 4060 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4061 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4062 hdev);
4063 goto unlock;
4064 }
4065
33e38b3e
JH		 4066 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4067 data, len);
4068 if (!cmd) {
4069 err = -ENOMEM;
4070 goto unlock;
f6422ec6
AJ		 4071 }
4072
33e38b3e
JH		 4073 hci_req_init(&req, hdev);
4074
406d7804 4075 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4076
4077 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4078 if (err < 0) {
bdb6d971 4079 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4080 MGMT_STATUS_FAILED);
33e38b3e 4081 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4082 }
4083
33e38b3e 4084unlock:
f6422ec6 4085 hci_dev_unlock(hdev);
33e38b3e 4086
f6422ec6
AJ		 4087 return err;
4088}
4089
67e5a7a3
JH		 4090static void set_bredr_scan(struct hci_request *req)
4091{
4092 struct hci_dev *hdev = req->hdev;
4093 u8 scan = 0;
4094
4095 /* Ensure that fast connectable is disabled. This function will
4096 * not do anything if the page scan parameters are already what
4097 * they should be.
4098 */
4099 write_fast_connectable(req, false);
4100
4101 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4102 scan |= SCAN_PAGE;
4103 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4104 scan |= SCAN_INQUIRY;
4105
4106 if (scan)
4107 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4108}
4109
0663ca2a
JH		 4110static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4111{
4112 struct pending_cmd *cmd;
4113
4114 BT_DBG("status 0x%02x", status);
4115
4116 hci_dev_lock(hdev);
4117
4118 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4119 if (!cmd)
4120 goto unlock;
4121
4122 if (status) {
4123 u8 mgmt_err = mgmt_status(status);
4124
4125 /* We need to restore the flag if related HCI commands
4126 * failed.
4127 */
4128 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4129
4130 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4131 } else {
4132 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4133 new_settings(hdev, cmd->sk);
4134 }
4135
4136 mgmt_pending_remove(cmd);
4137
4138unlock:
4139 hci_dev_unlock(hdev);
4140}
4141
4142static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4143{
4144 struct mgmt_mode *cp = data;
4145 struct pending_cmd *cmd;
4146 struct hci_request req;
4147 int err;
4148
4149 BT_DBG("request for %s", hdev->name);
4150
4151 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4152 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4153 MGMT_STATUS_NOT_SUPPORTED);
4154
4155 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4156 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4157 MGMT_STATUS_REJECTED);
4158
4159 if (cp->val != 0x00 && cp->val != 0x01)
4160 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4161 MGMT_STATUS_INVALID_PARAMS);
4162
4163 hci_dev_lock(hdev);
4164
4165 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4166 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4167 goto unlock;
4168 }
4169
4170 if (!hdev_is_powered(hdev)) {
4171 if (!cp->val) {
0663ca2a
JH		 4172 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4173 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4174 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4175 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4176 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4177 }
4178
4179 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4180
4181 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4182 if (err < 0)
4183 goto unlock;
4184
4185 err = new_settings(hdev, sk);
4186 goto unlock;
4187 }
4188
4189 /* Reject disabling when powered on */
4190 if (!cp->val) {
4191 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4192 MGMT_STATUS_REJECTED);
4193 goto unlock;
4194 }
4195
4196 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4197 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4198 MGMT_STATUS_BUSY);
4199 goto unlock;
4200 }
4201
4202 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4203 if (!cmd) {
4204 err = -ENOMEM;
4205 goto unlock;
4206 }
4207
5947f4bc 4208 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4209 * generates the correct flags.
4210 */
4211 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4212
4213 hci_req_init(&req, hdev);
aa8af46e
JH		 4214
4215 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4216 set_bredr_scan(&req);
4217
f14d8f64
MH		 4218 /* Since only the advertising data flags will change, there
4219 * is no need to update the scan response data.
4220 */
5947f4bc 4221 update_adv_data(&req);
aa8af46e 4222
0663ca2a
JH		 4223 err = hci_req_run(&req, set_bredr_complete);
4224 if (err < 0)
4225 mgmt_pending_remove(cmd);
4226
4227unlock:
4228 hci_dev_unlock(hdev);
4229 return err;
4230}
4231
eac83dc6
MH		 4232static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4233 void *data, u16 len)
4234{
4235 struct mgmt_mode *cp = data;
4236 struct pending_cmd *cmd;
0ab04a9c 4237 u8 val, status;
eac83dc6
MH		 4238 int err;
4239
4240 BT_DBG("request for %s", hdev->name);
4241
4242 status = mgmt_bredr_support(hdev);
4243 if (status)
4244 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4245 status);
4246
5afeac14
MH		 4247 if (!lmp_sc_capable(hdev) &&
4248 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4249 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4250 MGMT_STATUS_NOT_SUPPORTED);
4251
0ab04a9c 4252 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4253 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4254 MGMT_STATUS_INVALID_PARAMS);
4255
4256 hci_dev_lock(hdev);
4257
4258 if (!hdev_is_powered(hdev)) {
4259 bool changed;
4260
0ab04a9c 4261 if (cp->val) {
eac83dc6
MH		 4262 changed = !test_and_set_bit(HCI_SC_ENABLED,
4263 &hdev->dev_flags);
0ab04a9c
MH		 4264 if (cp->val == 0x02)
4265 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4266 else
4267 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4268 } else {
eac83dc6
MH		 4269 changed = test_and_clear_bit(HCI_SC_ENABLED,
4270 &hdev->dev_flags);
0ab04a9c
MH		 4271 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4272 }
eac83dc6
MH		 4273
4274 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4275 if (err < 0)
4276 goto failed;
4277
4278 if (changed)
4279 err = new_settings(hdev, sk);
4280
4281 goto failed;
4282 }
4283
4284 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4285 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4286 MGMT_STATUS_BUSY);
4287 goto failed;
4288 }
4289
0ab04a9c
MH		 4290 val = !!cp->val;
4291
4292 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4293 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4294 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4295 goto failed;
4296 }
4297
4298 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4299 if (!cmd) {
4300 err = -ENOMEM;
4301 goto failed;
4302 }
4303
0ab04a9c 4304 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4305 if (err < 0) {
4306 mgmt_pending_remove(cmd);
4307 goto failed;
4308 }
4309
0ab04a9c
MH		 4310 if (cp->val == 0x02)
4311 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4312 else
4313 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4314
eac83dc6
MH		 4315failed:
4316 hci_dev_unlock(hdev);
4317 return err;
4318}
4319
4e39ac81
MH		 4320static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4321 void *data, u16 len)
4322{
4323 struct mgmt_mode *cp = data;
4324 bool changed;
4325 int err;
4326
4327 BT_DBG("request for %s", hdev->name);
4328
4329 if (cp->val != 0x00 && cp->val != 0x01)
4330 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4331 MGMT_STATUS_INVALID_PARAMS);
4332
4333 hci_dev_lock(hdev);
4334
4335 if (cp->val)
4336 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4337 else
4338 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4339
4340 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4341 if (err < 0)
4342 goto unlock;
4343
4344 if (changed)
4345 err = new_settings(hdev, sk);
4346
4347unlock:
4348 hci_dev_unlock(hdev);
4349 return err;
4350}
4351
62b04cd1
JH		 4352static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4353 u16 len)
4354{
4355 struct mgmt_cp_set_privacy *cp = cp_data;
4356 bool changed;
4357 int err;
4358
4359 BT_DBG("request for %s", hdev->name);
4360
4361 if (!lmp_le_capable(hdev))
4362 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4363 MGMT_STATUS_NOT_SUPPORTED);
4364
4365 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4366 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4367 MGMT_STATUS_INVALID_PARAMS);
4368
4369 if (hdev_is_powered(hdev))
4370 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4371 MGMT_STATUS_REJECTED);
4372
4373 hci_dev_lock(hdev);
4374
c21c0ea0
JH		 4375 /* If user space supports this command it is also expected to
4376 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4377 */
4378 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4379
62b04cd1
JH		 4380 if (cp->privacy) {
4381 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4382 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4383 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4384 } else {
4385 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4386 memset(hdev->irk, 0, sizeof(hdev->irk));
4387 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4388 }
4389
4390 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4391 if (err < 0)
4392 goto unlock;
4393
4394 if (changed)
4395 err = new_settings(hdev, sk);
4396
4397unlock:
4398 hci_dev_unlock(hdev);
4399 return err;
4400}
4401
41edf160
JH		 4402static bool irk_is_valid(struct mgmt_irk_info *irk)
4403{
4404 switch (irk->addr.type) {
4405 case BDADDR_LE_PUBLIC:
4406 return true;
4407
4408 case BDADDR_LE_RANDOM:
4409 /* Two most significant bits shall be set */
4410 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4411 return false;
4412 return true;
4413 }
4414
4415 return false;
4416}
4417
4418static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4419 u16 len)
4420{
4421 struct mgmt_cp_load_irks *cp = cp_data;
4422 u16 irk_count, expected_len;
4423 int i, err;
4424
4425 BT_DBG("request for %s", hdev->name);
4426
4427 if (!lmp_le_capable(hdev))
4428 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4429 MGMT_STATUS_NOT_SUPPORTED);
4430
4431 irk_count = __le16_to_cpu(cp->irk_count);
4432
4433 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4434 if (expected_len != len) {
4435 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4436 expected_len, len);
41edf160
JH		 4437 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4438 MGMT_STATUS_INVALID_PARAMS);
4439 }
4440
4441 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4442
4443 for (i = 0; i < irk_count; i++) {
4444 struct mgmt_irk_info *key = &cp->irks[i];
4445
4446 if (!irk_is_valid(key))
4447 return cmd_status(sk, hdev->id,
4448 MGMT_OP_LOAD_IRKS,
4449 MGMT_STATUS_INVALID_PARAMS);
4450 }
4451
4452 hci_dev_lock(hdev);
4453
4454 hci_smp_irks_clear(hdev);
4455
4456 for (i = 0; i < irk_count; i++) {
4457 struct mgmt_irk_info *irk = &cp->irks[i];
4458 u8 addr_type;
4459
4460 if (irk->addr.type == BDADDR_LE_PUBLIC)
4461 addr_type = ADDR_LE_DEV_PUBLIC;
4462 else
4463 addr_type = ADDR_LE_DEV_RANDOM;
4464
4465 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4466 BDADDR_ANY);
4467 }
4468
4469 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4470
4471 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4472
4473 hci_dev_unlock(hdev);
4474
4475 return err;
4476}
4477
3f706b72
JH		 4478static bool ltk_is_valid(struct mgmt_ltk_info *key)
4479{
4480 if (key->master != 0x00 && key->master != 0x01)
4481 return false;
490cb0b3
MH		 4482
4483 switch (key->addr.type) {
4484 case BDADDR_LE_PUBLIC:
4485 return true;
4486
4487 case BDADDR_LE_RANDOM:
4488 /* Two most significant bits shall be set */
4489 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4490 return false;
4491 return true;
4492 }
4493
4494 return false;
3f706b72
JH		 4495}
4496
bdb6d971 4497static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4498 void *cp_data, u16 len)
346af67b 4499{
346af67b
VCG		 4500 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4501 u16 key_count, expected_len;
715a5bf2 4502 int i, err;
346af67b 4503
cf99ba13
MH		 4504 BT_DBG("request for %s", hdev->name);
4505
4506 if (!lmp_le_capable(hdev))
4507 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4508 MGMT_STATUS_NOT_SUPPORTED);
4509
1f350c87 4510 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4511
4512 expected_len = sizeof(*cp) + key_count *
4513 sizeof(struct mgmt_ltk_info);
4514 if (expected_len != len) {
4515 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4516 expected_len, len);
bdb6d971 4517 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4518 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4519 }
4520
bdb6d971 4521 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4522
54ad6d8a
JH		 4523 for (i = 0; i < key_count; i++) {
4524 struct mgmt_ltk_info *key = &cp->keys[i];
4525
3f706b72 4526 if (!ltk_is_valid(key))
54ad6d8a
JH		 4527 return cmd_status(sk, hdev->id,
4528 MGMT_OP_LOAD_LONG_TERM_KEYS,
4529 MGMT_STATUS_INVALID_PARAMS);
4530 }
4531
346af67b
VCG		 4532 hci_dev_lock(hdev);
4533
4534 hci_smp_ltks_clear(hdev);
4535
4536 for (i = 0; i < key_count; i++) {
4537 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4538 u8 type, addr_type;
4539
4540 if (key->addr.type == BDADDR_LE_PUBLIC)
4541 addr_type = ADDR_LE_DEV_PUBLIC;
4542 else
4543 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4544
4545 if (key->master)
4546 type = HCI_SMP_LTK;
4547 else
4548 type = HCI_SMP_LTK_SLAVE;
4549
35d70271
JH		 4550 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4551 key->type, key->val, key->enc_size, key->ediv,
4552 key->rand);
346af67b
VCG		 4553 }
4554
715a5bf2
JH		 4555 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4556 NULL, 0);
4557
346af67b 4558 hci_dev_unlock(hdev);
346af67b 4559
715a5bf2 4560 return err;
346af67b
VCG		 4561}
4562
2e3c35ea 4563static const struct mgmt_handler {
04124681
GP		 4564 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4565 u16 data_len);
be22b54e
JH		 4566 bool var_len;
4567 size_t data_len;
0f4e68cf
JH		 4568} mgmt_handlers[] = {
4569 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4570 { read_version, false, MGMT_READ_VERSION_SIZE },
4571 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4572 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4573 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4574 { set_powered, false, MGMT_SETTING_SIZE },
4575 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4576 { set_connectable, false, MGMT_SETTING_SIZE },
4577 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4578 { set_pairable, false, MGMT_SETTING_SIZE },
4579 { set_link_security, false, MGMT_SETTING_SIZE },
4580 { set_ssp, false, MGMT_SETTING_SIZE },
4581 { set_hs, false, MGMT_SETTING_SIZE },
4582 { set_le, false, MGMT_SETTING_SIZE },
4583 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4584 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4585 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4586 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4587 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4588 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4589 { disconnect, false, MGMT_DISCONNECT_SIZE },
4590 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4591 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4592 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4593 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4594 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4595 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4596 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4597 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4598 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4599 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4600 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4601 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4602 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4603 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4604 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4605 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4606 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4607 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4608 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4609 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4610 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4611 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4612 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4613 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4614 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4615 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4616 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4617 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4618};
4619
4620
0381101f
JH		 4621int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4622{
650f726d
VCG		 4623 void *buf;
4624 u8 *cp;
0381101f 4625 struct mgmt_hdr *hdr;
4e51eae9 4626 u16 opcode, index, len;
bdb6d971 4627 struct hci_dev *hdev = NULL;
2e3c35ea 4628 const struct mgmt_handler *handler;
0381101f
JH		 4629 int err;
4630
4631 BT_DBG("got %zu bytes", msglen);
4632
4633 if (msglen < sizeof(*hdr))
4634 return -EINVAL;
4635
e63a15ec 4636 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4637 if (!buf)
4638 return -ENOMEM;
4639
4640 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4641 err = -EFAULT;
4642 goto done;
4643 }
4644
650f726d 4645 hdr = buf;
1f350c87
MH		 4646 opcode = __le16_to_cpu(hdr->opcode);
4647 index = __le16_to_cpu(hdr->index);
4648 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4649
4650 if (len != msglen - sizeof(*hdr)) {
4651 err = -EINVAL;
4652 goto done;
4653 }
4654
0f4e68cf 4655 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4656 hdev = hci_dev_get(index);
4657 if (!hdev) {
4658 err = cmd_status(sk, index, opcode,
04124681 4659 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4660 goto done;
4661 }
0736cfa8 4662
cebf4cfd
JH		 4663 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4664 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4665 err = cmd_status(sk, index, opcode,
4666 MGMT_STATUS_INVALID_INDEX);
4667 goto done;
4668 }
bdb6d971
JH		 4669 }
4670
0f4e68cf 4671 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4672 mgmt_handlers[opcode].func == NULL) {
0381101f 4673 BT_DBG("Unknown op %u", opcode);
ca69b795 4674 err = cmd_status(sk, index, opcode,
04124681 4675 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4676 goto done;
4677 }
4678
4679 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4680 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4681 err = cmd_status(sk, index, opcode,
04124681 4682 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4683 goto done;
0381101f
JH		 4684 }
4685
be22b54e
JH		 4686 handler = &mgmt_handlers[opcode];
4687
4688 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4689 (!handler->var_len && len != handler->data_len)) {
be22b54e 4690 err = cmd_status(sk, index, opcode,
04124681 4691 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4692 goto done;
4693 }
4694
0f4e68cf
JH		 4695 if (hdev)
4696 mgmt_init_hdev(sk, hdev);
4697
4698 cp = buf + sizeof(*hdr);
4699
be22b54e 4700 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4701 if (err < 0)
4702 goto done;
4703
0381101f
JH		 4704 err = msglen;
4705
4706done:
bdb6d971
JH		 4707 if (hdev)
4708 hci_dev_put(hdev);
4709
0381101f
JH		 4710 kfree(buf);
4711 return err;
4712}
c71e97bf 4713
bf6b56db 4714void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4715{
1514b892 4716 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4717 return;
bb4b2a9a 4718
bf6b56db 4719 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4720}
4721
bf6b56db 4722void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4723{
5f159032 4724 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4725
1514b892 4726 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4727 return;
bb4b2a9a 4728
744cf19e 4729 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4730
bf6b56db 4731 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4732}
4733
6046dc3e
AG		 4734/* This function requires the caller holds hdev->lock */
4735static void restart_le_auto_conns(struct hci_dev *hdev)
4736{
4737 struct hci_conn_params *p;
4738
4739 list_for_each_entry(p, &hdev->le_conn_params, list) {
4740 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4741 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4742 }
4743}
4744
229ab39c
JH		 4745static void powered_complete(struct hci_dev *hdev, u8 status)
4746{
4747 struct cmd_lookup match = { NULL, hdev };
4748
4749 BT_DBG("status 0x%02x", status);
4750
4751 hci_dev_lock(hdev);
4752
6046dc3e
AG		 4753 restart_le_auto_conns(hdev);
4754
229ab39c
JH		 4755 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4756
4757 new_settings(hdev, match.sk);
4758
4759 hci_dev_unlock(hdev);
4760
4761 if (match.sk)
4762 sock_put(match.sk);
4763}
4764
70da6243 4765static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4766{
890ea898 4767 struct hci_request req;
70da6243 4768 u8 link_sec;
5add6af8 4769
890ea898
JH		 4770 hci_req_init(&req, hdev);
4771
70da6243
JH		 4772 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4773 !lmp_host_ssp_capable(hdev)) {
4774 u8 ssp = 1;
5e5282bb 4775
890ea898 4776 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4777 }
5add6af8 4778
c73eee91
JH		 4779 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4780 lmp_bredr_capable(hdev)) {
70da6243 4781 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4782
70da6243
JH		 4783 cp.le = 1;
4784 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4785
70da6243
JH		 4786 /* Check first if we already have the right
4787 * host state (host features set)
4788 */
4789 if (cp.le != lmp_host_le_capable(hdev) ||
4790 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4791 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4792 sizeof(cp), &cp);
70da6243 4793 }
3d1cbdd6 4794
d13eafce 4795 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4796 /* Make sure the controller has a good default for
4797 * advertising data. This also applies to the case
4798 * where BR/EDR was toggled during the AUTO_OFF phase.
4799 */
f14d8f64 4800 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4801 update_adv_data(&req);
f14d8f64
MH		 4802 update_scan_rsp_data(&req);
4803 }
441ad2d0 4804
bba3aa55
MH		 4805 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4806 enable_advertising(&req);
eeca6f89
JH		 4807 }
4808
70da6243
JH		 4809 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4810 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4811 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4812 sizeof(link_sec), &link_sec);
562fcc24 4813
70da6243 4814 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4815 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4816 set_bredr_scan(&req);
890ea898 4817 update_class(&req);
13928971 4818 update_name(&req);
890ea898 4819 update_eir(&req);
70da6243 4820 }
562fcc24 4821
229ab39c 4822 return hci_req_run(&req, powered_complete);
70da6243 4823}
562fcc24 4824
70da6243
JH		 4825int mgmt_powered(struct hci_dev *hdev, u8 powered)
4826{
4827 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4828 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4829 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4830 int err;
f0ff92fb 4831
70da6243
JH		 4832 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4833 return 0;
4834
70da6243 4835 if (powered) {
229ab39c
JH		 4836 if (powered_update_hci(hdev) == 0)
4837 return 0;
fe038884 4838
229ab39c
JH		 4839 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4840 &match);
4841 goto new_settings;
b24752fe
JH		 4842 }
4843
229ab39c
JH		 4844 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4845 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4846
4847 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4848 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4849 zero_cod, sizeof(zero_cod), NULL);
4850
4851new_settings:
beadb2bd 4852 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4853
4854 if (match.sk)
4855 sock_put(match.sk);
4856
7bb895d6 4857 return err;
5add6af8 4858}
73f22f62 4859
3eec705e 4860void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4861{
4862 struct pending_cmd *cmd;
4863 u8 status;
4864
4865 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4866 if (!cmd)
3eec705e 4867 return;
96570ffc
JH		 4868
4869 if (err == -ERFKILL)
4870 status = MGMT_STATUS_RFKILLED;
4871 else
4872 status = MGMT_STATUS_FAILED;
4873
3eec705e 4874 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4875
4876 mgmt_pending_remove(cmd);
96570ffc
JH		 4877}
4878
d1967ff8
MH		 4879void mgmt_discoverable_timeout(struct hci_dev *hdev)
4880{
4881 struct hci_request req;
d1967ff8
MH		 4882
4883 hci_dev_lock(hdev);
4884
4885 /* When discoverable timeout triggers, then just make sure
4886 * the limited discoverable flag is cleared. Even in the case
4887 * of a timeout triggered from general discoverable, it is
4888 * safe to unconditionally clear the flag.
4889 */
4890 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4891 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4892
4893 hci_req_init(&req, hdev);
4b580614
JH		 4894 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4895 u8 scan = SCAN_PAGE;
4896 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4897 sizeof(scan), &scan);
4898 }
d1967ff8 4899 update_class(&req);
9a43e25f 4900 update_adv_data(&req);
d1967ff8
MH		 4901 hci_req_run(&req, NULL);
4902
4903 hdev->discov_timeout = 0;
4904
9a43e25f
JH		 4905 new_settings(hdev, NULL);
4906
d1967ff8
MH		 4907 hci_dev_unlock(hdev);
4908}
4909
86a75645 4910void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4911{
86a75645 4912 bool changed;
73f22f62 4913
bfaf8c9f
JH		 4914 /* Nothing needed here if there's a pending command since that
4915 * commands request completion callback takes care of everything
4916 * necessary.
4917 */
4918 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4919 return;
bfaf8c9f 4920
bd107999
JH		 4921 /* Powering off may clear the scan mode - don't let that interfere */
4922 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4923 return;
4924
9a43e25f 4925 if (discoverable) {
86a75645 4926 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4927 } else {
4928 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4929 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4930 }
4931
4932 if (changed) {
4933 struct hci_request req;
4934
4935 /* In case this change in discoverable was triggered by
4936 * a disabling of connectable there could be a need to
4937 * update the advertising flags.
4938 */
4939 hci_req_init(&req, hdev);
4940 update_adv_data(&req);
4941 hci_req_run(&req, NULL);
73f22f62 4942
86a75645 4943 new_settings(hdev, NULL);
9a43e25f 4944 }
73f22f62 4945}
9fbcbb45 4946
a330916c 4947void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4948{
a330916c 4949 bool changed;
9fbcbb45 4950
d7b856f9
JH		 4951 /* Nothing needed here if there's a pending command since that
4952 * commands request completion callback takes care of everything
4953 * necessary.
4954 */
4955 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4956 return;
d7b856f9 4957
ce3f24cf
JH		 4958 /* Powering off may clear the scan mode - don't let that interfere */
4959 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4960 return;
4961
a330916c
MH		 4962 if (connectable)
4963 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4964 else
4965 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4966
beadb2bd 4967 if (changed)
a330916c 4968 new_settings(hdev, NULL);
9fbcbb45 4969}
55ed8ca1 4970
778b235a
JH		 4971void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
4972{
7c4cfab8
JH		 4973 /* Powering off may stop advertising - don't let that interfere */
4974 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
4975 return;
4976
778b235a
JH		 4977 if (advertising)
4978 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4979 else
4980 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4981}
4982
4796e8af 4983void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4984{
ca69b795
JH		 4985 u8 mgmt_err = mgmt_status(status);
4986
2d7cee58 4987 if (scan & SCAN_PAGE)
744cf19e 4988 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4989 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4990
4991 if (scan & SCAN_INQUIRY)
744cf19e 4992 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4993 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4994}
4995
dc4a5ee2
MH		 4996void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4997 bool persistent)
55ed8ca1 4998{
86742e1e 4999 struct mgmt_ev_new_link_key ev;
55ed8ca1 5000
a492cd52 5001 memset(&ev, 0, sizeof(ev));
55ed8ca1 5002
a492cd52 5003 ev.store_hint = persistent;
d753fdc4 5004 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5005 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5006 ev.key.type = key->type;
9b3b4460 5007 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5008 ev.key.pin_len = key->pin_len;
55ed8ca1 5009
dc4a5ee2 5010 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5011}
f7520543 5012
53ac6ab6 5013void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5014{
5015 struct mgmt_ev_new_long_term_key ev;
5016
5017 memset(&ev, 0, sizeof(ev));
5018
5192d301
MH		 5019 /* Devices using resolvable or non-resolvable random addresses
5020 * without providing an indentity resolving key don't require
5021 * to store long term keys. Their addresses will change the
5022 * next time around.
5023 *
5024 * Only when a remote device provides an identity address
5025 * make sure the long term key is stored. If the remote
5026 * identity is known, the long term keys are internally
5027 * mapped to the identity address. So allow static random
5028 * and public addresses here.
5029 */
ba74b666
JH		 5030 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5031 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5032 ev.store_hint = 0x00;
5033 else
53ac6ab6 5034 ev.store_hint = persistent;
ba74b666 5035
346af67b 5036 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5037 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 5038 ev.key.type = key->authenticated;
346af67b
VCG		 5039 ev.key.enc_size = key->enc_size;
5040 ev.key.ediv = key->ediv;
fe39c7b2 5041 ev.key.rand = key->rand;
346af67b
VCG		 5042
5043 if (key->type == HCI_SMP_LTK)
5044 ev.key.master = 1;
5045
346af67b
VCG		 5046 memcpy(ev.key.val, key->val, sizeof(key->val));
5047
083368f7 5048 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5049}
5050
95fbac8a
JH		 5051void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5052{
5053 struct mgmt_ev_new_irk ev;
5054
5055 memset(&ev, 0, sizeof(ev));
5056
bab6d1e5
MH		 5057 /* For identity resolving keys from devices that are already
5058 * using a public address or static random address, do not
5059 * ask for storing this key. The identity resolving key really
5060 * is only mandatory for devices using resovlable random
5061 * addresses.
5062 *
5063 * Storing all identity resolving keys has the downside that
5064 * they will be also loaded on next boot of they system. More
5065 * identity resolving keys, means more time during scanning is
5066 * needed to actually resolve these addresses.
5067 */
5068 if (bacmp(&irk->rpa, BDADDR_ANY))
5069 ev.store_hint = 0x01;
5070 else
5071 ev.store_hint = 0x00;
5072
95fbac8a
JH		 5073 bacpy(&ev.rpa, &irk->rpa);
5074 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5075 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5076 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5077
5078 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5079}
5080
53ac6ab6
MH		 5081void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5082 bool persistent)
7ee4ea36
MH		 5083{
5084 struct mgmt_ev_new_csrk ev;
5085
5086 memset(&ev, 0, sizeof(ev));
5087
5088 /* Devices using resolvable or non-resolvable random addresses
5089 * without providing an indentity resolving key don't require
5090 * to store signature resolving keys. Their addresses will change
5091 * the next time around.
5092 *
5093 * Only when a remote device provides an identity address
5094 * make sure the signature resolving key is stored. So allow
5095 * static random and public addresses here.
5096 */
5097 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5098 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5099 ev.store_hint = 0x00;
5100 else
53ac6ab6 5101 ev.store_hint = persistent;
7ee4ea36
MH		 5102
5103 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5104 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5105 ev.key.master = csrk->master;
5106 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5107
5108 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5109}
5110
94933991
MH		 5111static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5112 u8 data_len)
5113{
5114 eir[eir_len++] = sizeof(type) + data_len;
5115 eir[eir_len++] = type;
5116 memcpy(&eir[eir_len], data, data_len);
5117 eir_len += data_len;
5118
5119 return eir_len;
5120}
5121
ecd90ae7
MH		 5122void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5123 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5124 u8 *dev_class)
f7520543 5125{
b644ba33
JH		 5126 char buf[512];
5127 struct mgmt_ev_device_connected *ev = (void *) buf;
5128 u16 eir_len = 0;
f7520543 5129
b644ba33 5130 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5131 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5132
c95f0ba7 5133 ev->flags = __cpu_to_le32(flags);
08c79b61 5134
b644ba33
JH		 5135 if (name_len > 0)
5136 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5137 name, name_len);
b644ba33
JH		 5138
5139 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5140 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5141 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5142
eb55ef07 5143 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5144
ecd90ae7
MH		 5145 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5146 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5147}
5148
8962ee74
JH		 5149static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5150{
c68fb7ff 5151 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5152 struct sock **sk = data;
a38528f1 5153 struct mgmt_rp_disconnect rp;
8962ee74 5154
88c3df13
JH		 5155 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5156 rp.addr.type = cp->addr.type;
8962ee74 5157
aee9b218 5158 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5159 sizeof(rp));
8962ee74
JH		 5160
5161 *sk = cmd->sk;
5162 sock_hold(*sk);
5163
a664b5bc 5164 mgmt_pending_remove(cmd);
8962ee74
JH		 5165}
5166
124f6e35 5167static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5168{
b1078ad0 5169 struct hci_dev *hdev = data;
124f6e35
JH		 5170 struct mgmt_cp_unpair_device *cp = cmd->param;
5171 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5172
5173 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5174 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5175 rp.addr.type = cp->addr.type;
a8a1d19e 5176
b1078ad0
JH		 5177 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5178
aee9b218 5179 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5180
5181 mgmt_pending_remove(cmd);
5182}
5183
9b80ec5e 5184void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5185 u8 link_type, u8 addr_type, u8 reason,
5186 bool mgmt_connected)
f7520543 5187{
f0d6a0ea 5188 struct mgmt_ev_device_disconnected ev;
8b064a3a 5189 struct pending_cmd *power_off;
8962ee74 5190 struct sock *sk = NULL;
8962ee74 5191
8b064a3a
JH		 5192 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5193 if (power_off) {
5194 struct mgmt_mode *cp = power_off->param;
5195
5196 /* The connection is still in hci_conn_hash so test for 1
5197 * instead of 0 to know if this is the last one.
5198 */
a3172b7e
JH		 5199 if (!cp->val && hci_conn_count(hdev) == 1) {
5200 cancel_delayed_work(&hdev->power_off);
8b064a3a 5201 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5202 }
8b064a3a
JH		 5203 }
5204
12d4a3b2
JH		 5205 if (!mgmt_connected)
5206 return;
5207
57eb776f
AG		 5208 if (link_type != ACL_LINK && link_type != LE_LINK)
5209 return;
5210
744cf19e 5211 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5212
f0d6a0ea
MA		 5213 bacpy(&ev.addr.bdaddr, bdaddr);
5214 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5215 ev.reason = reason;
f7520543 5216
9b80ec5e 5217 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5218
5219 if (sk)
d97dcb66 5220 sock_put(sk);
8962ee74 5221
124f6e35 5222 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5223 hdev);
8962ee74
JH		 5224}
5225
7892924c
MH		 5226void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5227 u8 link_type, u8 addr_type, u8 status)
8962ee74 5228{
3655bba8
AG		 5229 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5230 struct mgmt_cp_disconnect *cp;
88c3df13 5231 struct mgmt_rp_disconnect rp;
8962ee74 5232 struct pending_cmd *cmd;
8962ee74 5233
36a75f1b
JD		 5234 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5235 hdev);
5236
2e58ef3e 5237 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5238 if (!cmd)
7892924c 5239 return;
8962ee74 5240
3655bba8
AG		 5241 cp = cmd->param;
5242
5243 if (bacmp(bdaddr, &cp->addr.bdaddr))
5244 return;
5245
5246 if (cp->addr.type != bdaddr_type)
5247 return;
5248
88c3df13 5249 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5250 rp.addr.type = bdaddr_type;
37d9ef76 5251
7892924c
MH		 5252 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5253 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5254
a664b5bc 5255 mgmt_pending_remove(cmd);
f7520543 5256}
17d5c04c 5257
445608d0
MH		 5258void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5259 u8 addr_type, u8 status)
17d5c04c
JH		 5260{
5261 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5262 struct pending_cmd *power_off;
5263
5264 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5265 if (power_off) {
5266 struct mgmt_mode *cp = power_off->param;
5267
5268 /* The connection is still in hci_conn_hash so test for 1
5269 * instead of 0 to know if this is the last one.
5270 */
a3172b7e
JH		 5271 if (!cp->val && hci_conn_count(hdev) == 1) {
5272 cancel_delayed_work(&hdev->power_off);
c9910d0f 5273 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5274 }
c9910d0f 5275 }
17d5c04c 5276
4c659c39 5277 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5278 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5279 ev.status = mgmt_status(status);
17d5c04c 5280
445608d0 5281 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5282}
980e1a53 5283
ce0e4a0d 5284void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5285{
5286 struct mgmt_ev_pin_code_request ev;
5287
d8457698 5288 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5289 ev.addr.type = BDADDR_BREDR;
a770bb5a 5290 ev.secure = secure;
980e1a53 5291
ce0e4a0d 5292 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5293}
5294
e669cf80
MH		 5295void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5296 u8 status)
980e1a53
JH		 5297{
5298 struct pending_cmd *cmd;
ac56fb13 5299 struct mgmt_rp_pin_code_reply rp;
980e1a53 5300
2e58ef3e 5301 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5302 if (!cmd)
e669cf80 5303 return;
980e1a53 5304
d8457698 5305 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5306 rp.addr.type = BDADDR_BREDR;
ac56fb13 5307
e669cf80
MH		 5308 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5309 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5310
a664b5bc 5311 mgmt_pending_remove(cmd);
980e1a53
JH		 5312}
5313
3eb38528
MH		 5314void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5315 u8 status)
980e1a53
JH		 5316{
5317 struct pending_cmd *cmd;
ac56fb13 5318 struct mgmt_rp_pin_code_reply rp;
980e1a53 5319
2e58ef3e 5320 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5321 if (!cmd)
3eb38528 5322 return;
980e1a53 5323
d8457698 5324 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5325 rp.addr.type = BDADDR_BREDR;
ac56fb13 5326
3eb38528
MH		 5327 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5328 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5329
a664b5bc 5330 mgmt_pending_remove(cmd);
980e1a53 5331}
a5c29683 5332
744cf19e 5333int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5334 u8 link_type, u8 addr_type, u32 value,
04124681 5335 u8 confirm_hint)
a5c29683
JH		 5336{
5337 struct mgmt_ev_user_confirm_request ev;
5338
744cf19e 5339 BT_DBG("%s", hdev->name);
a5c29683 5340
272d90df 5341 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5342 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5343 ev.confirm_hint = confirm_hint;
39adbffe 5344 ev.value = cpu_to_le32(value);
a5c29683 5345
744cf19e 5346 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5347 NULL);
a5c29683
JH		 5348}
5349
272d90df 5350int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5351 u8 link_type, u8 addr_type)
604086b7
BG		 5352{
5353 struct mgmt_ev_user_passkey_request ev;
5354
5355 BT_DBG("%s", hdev->name);
5356
272d90df 5357 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5358 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5359
5360 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5361 NULL);
604086b7
BG		 5362}
5363
0df4c185 5364static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5365 u8 link_type, u8 addr_type, u8 status,
5366 u8 opcode)
a5c29683
JH		 5367{
5368 struct pending_cmd *cmd;
5369 struct mgmt_rp_user_confirm_reply rp;
5370 int err;
5371
2e58ef3e 5372 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5373 if (!cmd)
5374 return -ENOENT;
5375
272d90df 5376 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5377 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5378 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5379 &rp, sizeof(rp));
a5c29683 5380
a664b5bc 5381 mgmt_pending_remove(cmd);
a5c29683
JH		 5382
5383 return err;
5384}
5385
744cf19e 5386int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5387 u8 link_type, u8 addr_type, u8 status)
a5c29683 5388{
272d90df 5389 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5390 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5391}
5392
272d90df 5393int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5394 u8 link_type, u8 addr_type, u8 status)
a5c29683 5395{
272d90df 5396 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5397 status,
5398 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5399}
2a611692 5400
604086b7 5401int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5402 u8 link_type, u8 addr_type, u8 status)
604086b7 5403{
272d90df 5404 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5405 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5406}
5407
272d90df 5408int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5409 u8 link_type, u8 addr_type, u8 status)
604086b7 5410{
272d90df 5411 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5412 status,
5413 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5414}
5415
92a25256
JH		 5416int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5417 u8 link_type, u8 addr_type, u32 passkey,
5418 u8 entered)
5419{
5420 struct mgmt_ev_passkey_notify ev;
5421
5422 BT_DBG("%s", hdev->name);
5423
5424 bacpy(&ev.addr.bdaddr, bdaddr);
5425 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5426 ev.passkey = __cpu_to_le32(passkey);
5427 ev.entered = entered;
5428
5429 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5430}
5431
e546099c
MH		 5432void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5433 u8 addr_type, u8 status)
2a611692
JH		 5434{
5435 struct mgmt_ev_auth_failed ev;
5436
bab73cb6 5437 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5438 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5439 ev.status = mgmt_status(status);
2a611692 5440
e546099c 5441 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5442}
b312b161 5443
464996ae 5444void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5445{
5446 struct cmd_lookup match = { NULL, hdev };
464996ae 5447 bool changed;
33ef95ed
JH		 5448
5449 if (status) {
5450 u8 mgmt_err = mgmt_status(status);
5451 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5452 cmd_status_rsp, &mgmt_err);
464996ae 5453 return;
33ef95ed
JH		 5454 }
5455
464996ae
MH		 5456 if (test_bit(HCI_AUTH, &hdev->flags))
5457 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5458 &hdev->dev_flags);
5459 else
5460 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5461 &hdev->dev_flags);
47990ea0 5462
33ef95ed 5463 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5464 &match);
33ef95ed 5465
47990ea0 5466 if (changed)
464996ae 5467 new_settings(hdev, match.sk);
33ef95ed
JH		 5468
5469 if (match.sk)
5470 sock_put(match.sk);
33ef95ed
JH		 5471}
5472
890ea898 5473static void clear_eir(struct hci_request *req)
cacaf52f 5474{
890ea898 5475 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5476 struct hci_cp_write_eir cp;
5477
976eb20e 5478 if (!lmp_ext_inq_capable(hdev))
890ea898 5479 return;
cacaf52f 5480
c80da27e
JH		 5481 memset(hdev->eir, 0, sizeof(hdev->eir));
5482
cacaf52f
JH		 5483 memset(&cp, 0, sizeof(cp));
5484
890ea898 5485 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5486}
5487
3e248560 5488void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5489{
5490 struct cmd_lookup match = { NULL, hdev };
890ea898 5491 struct hci_request req;
c0ecddc2 5492 bool changed = false;
ed2c4ee3
JH		 5493
5494 if (status) {
5495 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5496
5497 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5498 &hdev->dev_flags)) {
5499 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5500 new_settings(hdev, NULL);
9ecb3e24 5501 }
c0ecddc2 5502
04124681
GP		 5503 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5504 &mgmt_err);
3e248560 5505 return;
c0ecddc2
JH		 5506 }
5507
5508 if (enable) {
9ecb3e24 5509 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5510 } else {
9ecb3e24
MH		 5511 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5512 if (!changed)
5513 changed = test_and_clear_bit(HCI_HS_ENABLED,
5514 &hdev->dev_flags);
5515 else
5516 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5517 }
5518
5519 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5520
c0ecddc2 5521 if (changed)
3e248560 5522 new_settings(hdev, match.sk);
ed2c4ee3 5523
5fc6ebb1 5524 if (match.sk)
ed2c4ee3
JH		 5525 sock_put(match.sk);
5526
890ea898
JH		 5527 hci_req_init(&req, hdev);
5528
5fc6ebb1 5529 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5530 update_eir(&req);
5fc6ebb1 5531 else
890ea898
JH		 5532 clear_eir(&req);
5533
5534 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5535}
5536
eac83dc6
MH		 5537void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5538{
5539 struct cmd_lookup match = { NULL, hdev };
5540 bool changed = false;
5541
5542 if (status) {
5543 u8 mgmt_err = mgmt_status(status);
5544
0ab04a9c
MH		 5545 if (enable) {
5546 if (test_and_clear_bit(HCI_SC_ENABLED,
5547 &hdev->dev_flags))
5548 new_settings(hdev, NULL);
5549 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5550 }
eac83dc6
MH		 5551
5552 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5553 cmd_status_rsp, &mgmt_err);
5554 return;
5555 }
5556
0ab04a9c 5557 if (enable) {
eac83dc6 5558 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5559 } else {
eac83dc6 5560 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5561 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5562 }
eac83dc6
MH		 5563
5564 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5565 settings_rsp, &match);
5566
5567 if (changed)
5568 new_settings(hdev, match.sk);
5569
5570 if (match.sk)
5571 sock_put(match.sk);
5572}
5573
92da6097 5574static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5575{
5576 struct cmd_lookup *match = data;
5577
90e70454
JH		 5578 if (match->sk == NULL) {
5579 match->sk = cmd->sk;
5580 sock_hold(match->sk);
5581 }
90e70454
JH		 5582}
5583
4e1b0245
MH		 5584void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5585 u8 status)
7f9a903c 5586{
90e70454 5587 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5588
92da6097
JH		 5589 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5590 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5591 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5592
5593 if (!status)
4e1b0245
MH		 5594 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5595 NULL);
90e70454
JH		 5596
5597 if (match.sk)
5598 sock_put(match.sk);
7f9a903c
MH		 5599}
5600
7667da34 5601void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5602{
b312b161 5603 struct mgmt_cp_set_local_name ev;
13928971 5604 struct pending_cmd *cmd;
28cc7bde 5605
13928971 5606 if (status)
7667da34 5607 return;
b312b161
JH		 5608
5609 memset(&ev, 0, sizeof(ev));
5610 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5611 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5612
2e58ef3e 5613 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5614 if (!cmd) {
5615 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5616
13928971
JH		 5617 /* If this is a HCI command related to powering on the
5618 * HCI dev don't send any mgmt signals.
5619 */
5620 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5621 return;
890ea898 5622 }
b312b161 5623
7667da34
MH		 5624 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5625 cmd ? cmd->sk : NULL);
b312b161 5626}
c35938b2 5627
4d2d2796
MH		 5628void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5629 u8 *randomizer192, u8 *hash256,
5630 u8 *randomizer256, u8 status)
c35938b2
SJ		 5631{
5632 struct pending_cmd *cmd;
c35938b2 5633
744cf19e 5634 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5635
2e58ef3e 5636 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5637 if (!cmd)
3edaf092 5638 return;
c35938b2
SJ		 5639
5640 if (status) {
3edaf092
MH		 5641 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5642 mgmt_status(status));
c35938b2 5643 } else {
4d2d2796
MH		 5644 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5645 hash256 && randomizer256) {
5646 struct mgmt_rp_read_local_oob_ext_data rp;
5647
5648 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5649 memcpy(rp.randomizer192, randomizer192,
5650 sizeof(rp.randomizer192));
c35938b2 5651
4d2d2796
MH		 5652 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5653 memcpy(rp.randomizer256, randomizer256,
5654 sizeof(rp.randomizer256));
c35938b2 5655
4d2d2796
MH		 5656 cmd_complete(cmd->sk, hdev->id,
5657 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5658 &rp, sizeof(rp));
5659 } else {
5660 struct mgmt_rp_read_local_oob_data rp;
5661
5662 memcpy(rp.hash, hash192, sizeof(rp.hash));
5663 memcpy(rp.randomizer, randomizer192,
5664 sizeof(rp.randomizer));
5665
5666 cmd_complete(cmd->sk, hdev->id,
5667 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5668 &rp, sizeof(rp));
5669 }
c35938b2
SJ		 5670 }
5671
5672 mgmt_pending_remove(cmd);
c35938b2 5673}
e17acd40 5674
901801b9 5675void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 5676 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5677 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 5678 u8 scan_rsp_len)
e17acd40 5679{
e319d2e7
JH		 5680 char buf[512];
5681 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5682 struct smp_irk *irk;
1dc06093 5683 size_t ev_size;
e17acd40 5684
12602d0c 5685 if (!hci_discovery_active(hdev))
901801b9 5686 return;
12602d0c 5687
5d2e9fad
JH		 5688 /* Make sure that the buffer is big enough. The 5 extra bytes
5689 * are for the potential CoD field.
5690 */
5691 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 5692 return;
7d262f86 5693
1dc06093
JH		 5694 memset(buf, 0, sizeof(buf));
5695
5cedbb8d
JH		 5696 irk = hci_get_irk(hdev, bdaddr, addr_type);
5697 if (irk) {
5698 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5699 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5700 } else {
5701 bacpy(&ev->addr.bdaddr, bdaddr);
5702 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5703 }
5704
e319d2e7 5705 ev->rssi = rssi;
9a395a80 5706 if (cfm_name)
dcf4adbf 5707 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5708 if (!ssp)
dcf4adbf 5709 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5710
1dc06093 5711 if (eir_len > 0)
e319d2e7 5712 memcpy(ev->eir, eir, eir_len);
e17acd40 5713
1dc06093
JH		 5714 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5715 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5716 dev_class, 3);
1dc06093 5717
5d2e9fad
JH		 5718 if (scan_rsp_len > 0)
5719 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5720
5721 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5722 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 5723
901801b9 5724 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5725}
a88a9652 5726
9cf12aee
MH		 5727void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5728 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5729{
b644ba33
JH		 5730 struct mgmt_ev_device_found *ev;
5731 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5732 u16 eir_len;
a88a9652 5733
b644ba33 5734 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5735
b644ba33
JH		 5736 memset(buf, 0, sizeof(buf));
5737
5738 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5739 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5740 ev->rssi = rssi;
5741
5742 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5743 name_len);
b644ba33 5744
eb55ef07 5745 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5746
9cf12aee 5747 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5748}
314b2381 5749
2f1e063b 5750void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5751{
f963e8e9 5752 struct mgmt_ev_discovering ev;
164a6e78
JH		 5753 struct pending_cmd *cmd;
5754
343fb145
AG		 5755 BT_DBG("%s discovering %u", hdev->name, discovering);
5756
164a6e78 5757 if (discovering)
2e58ef3e 5758 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5759 else
2e58ef3e 5760 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5761
5762 if (cmd != NULL) {
f808e166
JH		 5763 u8 type = hdev->discovery.type;
5764
04124681
GP		 5765 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5766 sizeof(type));
164a6e78
JH		 5767 mgmt_pending_remove(cmd);
5768 }
5769
f963e8e9
JH		 5770 memset(&ev, 0, sizeof(ev));
5771 ev.type = hdev->discovery.type;
5772 ev.discovering = discovering;
5773
2f1e063b 5774 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5775}
5e762444 5776
88c1fe4b 5777int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5778{
5779 struct pending_cmd *cmd;
5780 struct mgmt_ev_device_blocked ev;
5781
2e58ef3e 5782 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5783
88c1fe4b
JH		 5784 bacpy(&ev.addr.bdaddr, bdaddr);
5785 ev.addr.type = type;
5e762444 5786
744cf19e 5787 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5788 cmd ? cmd->sk : NULL);
5e762444
AJ		 5789}
5790
88c1fe4b 5791int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5792{
5793 struct pending_cmd *cmd;
5794 struct mgmt_ev_device_unblocked ev;
5795
2e58ef3e 5796 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5797
88c1fe4b
JH		 5798 bacpy(&ev.addr.bdaddr, bdaddr);
5799 ev.addr.type = type;
5e762444 5800
744cf19e 5801 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5802 cmd ? cmd->sk : NULL);
5e762444 5803}
5976e608
MH		 5804
5805static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5806{
5807 BT_DBG("%s status %u", hdev->name, status);
5808
5809 /* Clear the advertising mgmt setting if we failed to re-enable it */
5810 if (status) {
5811 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5812 new_settings(hdev, NULL);
5976e608
MH		 5813 }
5814}
5815
5816void mgmt_reenable_advertising(struct hci_dev *hdev)
5817{
5818 struct hci_request req;
5819
b145edcd 5820 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5821 return;
5822
5823 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5824 return;
5825
5826 hci_req_init(&req, hdev);
5827 enable_advertising(&req);
5828
5829 /* If this fails we have no option but to let user space know
5830 * that we've disabled advertising.
5831 */
5832 if (hci_req_run(&req, adv_enable_complete) < 0) {
5833 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5834 new_settings(hdev, NULL);
5976e608
MH		 5835 }
5836}
ubuntu-zesty-kernel mirror