]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
at86rf230: cleanup check on trac status
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
854bda19 38#define MGMT_REVISION 8
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 47 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 96 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 97};
98
99static const u16 mgmt_events[] = {
100 MGMT_EV_CONTROLLER_ERROR,
101 MGMT_EV_INDEX_ADDED,
102 MGMT_EV_INDEX_REMOVED,
103 MGMT_EV_NEW_SETTINGS,
104 MGMT_EV_CLASS_OF_DEV_CHANGED,
105 MGMT_EV_LOCAL_NAME_CHANGED,
106 MGMT_EV_NEW_LINK_KEY,
107 MGMT_EV_NEW_LONG_TERM_KEY,
108 MGMT_EV_DEVICE_CONNECTED,
109 MGMT_EV_DEVICE_DISCONNECTED,
110 MGMT_EV_CONNECT_FAILED,
111 MGMT_EV_PIN_CODE_REQUEST,
112 MGMT_EV_USER_CONFIRM_REQUEST,
113 MGMT_EV_USER_PASSKEY_REQUEST,
114 MGMT_EV_AUTH_FAILED,
115 MGMT_EV_DEVICE_FOUND,
116 MGMT_EV_DISCOVERING,
117 MGMT_EV_DEVICE_BLOCKED,
118 MGMT_EV_DEVICE_UNBLOCKED,
119 MGMT_EV_DEVICE_UNPAIRED,
92a25256 120 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 121 MGMT_EV_NEW_IRK,
7ee4ea36 122 MGMT_EV_NEW_CSRK,
8afef092
MH		 123 MGMT_EV_DEVICE_ADDED,
124 MGMT_EV_DEVICE_REMOVED,
ffb5a827 125 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 126 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 127 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 128 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 129};
130
17b02e62 131#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 132
eec8d2bc
JH		 133struct pending_cmd {
134 struct list_head list;
fc2f4b13 135 u16 opcode;
eec8d2bc 136 int index;
c68fb7ff 137 void *param;
323b0b88 138 size_t param_len;
eec8d2bc 139 struct sock *sk;
e9a416b5 140 void *user_data;
1b9b5ee5 141 void (*cmd_complete)(struct pending_cmd *cmd, u8 status);
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
b2939475 556 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 558 settings |= MGMT_SETTING_CONNECTABLE;
559 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 560
ed3fa31f 561 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 562 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
563 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
a3209694 580 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 581 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 582 }
69ab39ea 583
eb1904f4
MH		 584 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
585 hdev->set_bdaddr)
9fc3bfb6
MH		 586 settings |= MGMT_SETTING_CONFIGURATION;
587
69ab39ea
JH		 588 return settings;
589}
590
591static u32 get_current_settings(struct hci_dev *hdev)
592{
593 u32 settings = 0;
594
f1f0eb02 595 if (hdev_is_powered(hdev))
f0d4b78a
MH		 596 settings |= MGMT_SETTING_POWERED;
597
5e5282bb 598 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 599 settings |= MGMT_SETTING_CONNECTABLE;
600
1a4d3c4b
JH		 601 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
602 settings |= MGMT_SETTING_FAST_CONNECTABLE;
603
5e5282bb 604 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 605 settings |= MGMT_SETTING_DISCOVERABLE;
606
b6ae8457 607 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 608 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 609
56f87901 610 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 611 settings |= MGMT_SETTING_BREDR;
612
06199cf8 613 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 614 settings |= MGMT_SETTING_LE;
615
47990ea0 616 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 617 settings |= MGMT_SETTING_LINK_SECURITY;
618
84bde9d6 619 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 620 settings |= MGMT_SETTING_SSP;
621
6d80dfd0
JH		 622 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
623 settings |= MGMT_SETTING_HS;
624
f3d3444a 625 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 626 settings |= MGMT_SETTING_ADVERTISING;
627
e98d2ce2
MH		 628 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
629 settings |= MGMT_SETTING_SECURE_CONN;
630
0663b297 631 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 632 settings |= MGMT_SETTING_DEBUG_KEYS;
633
0f4bd942
JH		 634 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
635 settings |= MGMT_SETTING_PRIVACY;
636
69ab39ea
JH		 637 return settings;
638}
639
ef580372
JH		 640#define PNP_INFO_SVCLASS_ID 0x1200
641
213202ed
JH		 642static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
643{
644 u8 *ptr = data, *uuids_start = NULL;
645 struct bt_uuid *uuid;
646
647 if (len < 4)
648 return ptr;
649
650 list_for_each_entry(uuid, &hdev->uuids, list) {
651 u16 uuid16;
652
653 if (uuid->size != 16)
654 continue;
655
656 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
657 if (uuid16 < 0x1100)
658 continue;
659
660 if (uuid16 == PNP_INFO_SVCLASS_ID)
661 continue;
662
663 if (!uuids_start) {
664 uuids_start = ptr;
665 uuids_start[0] = 1;
666 uuids_start[1] = EIR_UUID16_ALL;
667 ptr += 2;
668 }
669
670 /* Stop if not enough space to put next UUID */
671 if ((ptr - data) + sizeof(u16) > len) {
672 uuids_start[1] = EIR_UUID16_SOME;
673 break;
674 }
675
676 *ptr++ = (uuid16 & 0x00ff);
677 *ptr++ = (uuid16 & 0xff00) >> 8;
678 uuids_start[0] += sizeof(uuid16);
679 }
680
681 return ptr;
682}
683
cdf1963f
JH		 684static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
685{
686 u8 *ptr = data, *uuids_start = NULL;
687 struct bt_uuid *uuid;
688
689 if (len < 6)
690 return ptr;
691
692 list_for_each_entry(uuid, &hdev->uuids, list) {
693 if (uuid->size != 32)
694 continue;
695
696 if (!uuids_start) {
697 uuids_start = ptr;
698 uuids_start[0] = 1;
699 uuids_start[1] = EIR_UUID32_ALL;
700 ptr += 2;
701 }
702
703 /* Stop if not enough space to put next UUID */
704 if ((ptr - data) + sizeof(u32) > len) {
705 uuids_start[1] = EIR_UUID32_SOME;
706 break;
707 }
708
709 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
710 ptr += sizeof(u32);
711 uuids_start[0] += sizeof(u32);
712 }
713
714 return ptr;
715}
716
c00d575b
JH		 717static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
718{
719 u8 *ptr = data, *uuids_start = NULL;
720 struct bt_uuid *uuid;
721
722 if (len < 18)
723 return ptr;
724
725 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 128)
727 continue;
728
729 if (!uuids_start) {
730 uuids_start = ptr;
731 uuids_start[0] = 1;
732 uuids_start[1] = EIR_UUID128_ALL;
733 ptr += 2;
734 }
735
736 /* Stop if not enough space to put next UUID */
737 if ((ptr - data) + 16 > len) {
738 uuids_start[1] = EIR_UUID128_SOME;
739 break;
740 }
741
742 memcpy(ptr, uuid->uuid, 16);
743 ptr += 16;
744 uuids_start[0] += 16;
745 }
746
747 return ptr;
748}
749
eb2a8d20
JH		 750static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
751{
752 struct pending_cmd *cmd;
753
754 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
755 if (cmd->opcode == opcode)
756 return cmd;
757 }
758
759 return NULL;
760}
761
95868426
JH		 762static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
763 struct hci_dev *hdev,
764 const void *data)
765{
766 struct pending_cmd *cmd;
767
768 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
769 if (cmd->user_data != data)
770 continue;
771 if (cmd->opcode == opcode)
772 return cmd;
773 }
774
775 return NULL;
776}
777
f14d8f64
MH		 778static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
779{
7a5f4990
MH		 780 u8 ad_len = 0;
781 size_t name_len;
782
783 name_len = strlen(hdev->dev_name);
784 if (name_len > 0) {
785 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
786
787 if (name_len > max_len) {
788 name_len = max_len;
789 ptr[1] = EIR_NAME_SHORT;
790 } else
791 ptr[1] = EIR_NAME_COMPLETE;
792
793 ptr[0] = name_len + 1;
794
795 memcpy(ptr + 2, hdev->dev_name, name_len);
796
797 ad_len += (name_len + 2);
798 ptr += (name_len + 2);
799 }
800
801 return ad_len;
f14d8f64
MH		 802}
803
804static void update_scan_rsp_data(struct hci_request *req)
805{
806 struct hci_dev *hdev = req->hdev;
807 struct hci_cp_le_set_scan_rsp_data cp;
808 u8 len;
809
7751ef1b 810 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 811 return;
812
813 memset(&cp, 0, sizeof(cp));
814
815 len = create_scan_rsp_data(hdev, cp.data);
816
eb438b5f
JH		 817 if (hdev->scan_rsp_data_len == len &&
818 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 819 return;
820
eb438b5f
JH		 821 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
822 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 823
824 cp.length = len;
825
826 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
827}
828
9a43e25f
JH		 829static u8 get_adv_discov_flags(struct hci_dev *hdev)
830{
831 struct pending_cmd *cmd;
832
833 /* If there's a pending mgmt command the flags will not yet have
834 * their final values, so check for this first.
835 */
836 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
837 if (cmd) {
838 struct mgmt_mode *cp = cmd->param;
839 if (cp->val == 0x01)
840 return LE_AD_GENERAL;
841 else if (cp->val == 0x02)
842 return LE_AD_LIMITED;
843 } else {
844 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
845 return LE_AD_LIMITED;
846 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
847 return LE_AD_GENERAL;
848 }
849
850 return 0;
851}
852
46cad2ed 853static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 854{
855 u8 ad_len = 0, flags = 0;
441ad2d0 856
9a43e25f 857 flags |= get_adv_discov_flags(hdev);
441ad2d0 858
e834004b 859 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 860 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 861
862 if (flags) {
863 BT_DBG("adv flags 0x%02x", flags);
864
865 ptr[0] = 2;
866 ptr[1] = EIR_FLAGS;
867 ptr[2] = flags;
868
869 ad_len += 3;
870 ptr += 3;
871 }
872
873 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
874 ptr[0] = 2;
875 ptr[1] = EIR_TX_POWER;
876 ptr[2] = (u8) hdev->adv_tx_power;
877
878 ad_len += 3;
879 ptr += 3;
880 }
881
441ad2d0
MH		 882 return ad_len;
883}
884
5947f4bc 885static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 886{
887 struct hci_dev *hdev = req->hdev;
888 struct hci_cp_le_set_adv_data cp;
889 u8 len;
890
10994ce6 891 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 892 return;
893
894 memset(&cp, 0, sizeof(cp));
895
46cad2ed 896 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 897
898 if (hdev->adv_data_len == len &&
899 memcmp(cp.data, hdev->adv_data, len) == 0)
900 return;
901
902 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
903 hdev->adv_data_len = len;
904
905 cp.length = len;
906
907 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
908}
909
bc6d2d04
JH		 910int mgmt_update_adv_data(struct hci_dev *hdev)
911{
912 struct hci_request req;
913
914 hci_req_init(&req, hdev);
915 update_adv_data(&req);
916
917 return hci_req_run(&req, NULL);
918}
919
ef580372
JH		 920static void create_eir(struct hci_dev *hdev, u8 *data)
921{
922 u8 *ptr = data;
ef580372
JH		 923 size_t name_len;
924
925 name_len = strlen(hdev->dev_name);
926
927 if (name_len > 0) {
928 /* EIR Data type */
929 if (name_len > 48) {
930 name_len = 48;
931 ptr[1] = EIR_NAME_SHORT;
932 } else
933 ptr[1] = EIR_NAME_COMPLETE;
934
935 /* EIR Data length */
936 ptr[0] = name_len + 1;
937
938 memcpy(ptr + 2, hdev->dev_name, name_len);
939
ef580372
JH		 940 ptr += (name_len + 2);
941 }
942
bbaf444a 943 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 944 ptr[0] = 2;
945 ptr[1] = EIR_TX_POWER;
946 ptr[2] = (u8) hdev->inq_tx_power;
947
91c4e9b1
MH		 948 ptr += 3;
949 }
950
2b9be137
MH		 951 if (hdev->devid_source > 0) {
952 ptr[0] = 9;
953 ptr[1] = EIR_DEVICE_ID;
954
955 put_unaligned_le16(hdev->devid_source, ptr + 2);
956 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
957 put_unaligned_le16(hdev->devid_product, ptr + 6);
958 put_unaligned_le16(hdev->devid_version, ptr + 8);
959
2b9be137
MH		 960 ptr += 10;
961 }
962
213202ed 963 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 964 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 965 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 966}
967
890ea898 968static void update_eir(struct hci_request *req)
ef580372 969{
890ea898 970 struct hci_dev *hdev = req->hdev;
ef580372
JH		 971 struct hci_cp_write_eir cp;
972
504c8dcd 973 if (!hdev_is_powered(hdev))
890ea898 974 return;
7770c4aa 975
976eb20e 976 if (!lmp_ext_inq_capable(hdev))
890ea898 977 return;
ef580372 978
84bde9d6 979 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 980 return;
ef580372 981
a8b2d5c2 982 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 983 return;
ef580372
JH		 984
985 memset(&cp, 0, sizeof(cp));
986
987 create_eir(hdev, cp.data);
988
989 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 990 return;
ef580372
JH		 991
992 memcpy(hdev->eir, cp.data, sizeof(cp.data));
993
890ea898 994 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 995}
996
997static u8 get_service_classes(struct hci_dev *hdev)
998{
999 struct bt_uuid *uuid;
1000 u8 val = 0;
1001
1002 list_for_each_entry(uuid, &hdev->uuids, list)
1003 val |= uuid->svc_hint;
1004
1005 return val;
1006}
1007
890ea898 1008static void update_class(struct hci_request *req)
ef580372 1009{
890ea898 1010 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1011 u8 cod[3];
1012
1013 BT_DBG("%s", hdev->name);
1014
504c8dcd 1015 if (!hdev_is_powered(hdev))
890ea898 1016 return;
7770c4aa 1017
f87ea1da
JH		 1018 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1019 return;
1020
a8b2d5c2 1021 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1022 return;
ef580372
JH		 1023
1024 cod[0] = hdev->minor_class;
1025 cod[1] = hdev->major_class;
1026 cod[2] = get_service_classes(hdev);
1027
6acd7db4
MH		 1028 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1029 cod[1] |= 0x20;
1030
ef580372 1031 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1032 return;
ef580372 1033
890ea898 1034 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1035}
1036
a4858cb9 1037static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1038{
1039 struct pending_cmd *cmd;
199a2fb1
JH		 1040
1041 /* If there's a pending mgmt command the flag will not yet have
1042 * it's final value, so check for this first.
1043 */
1044 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1045 if (cmd) {
1046 struct mgmt_mode *cp = cmd->param;
a4858cb9 1047 return cp->val;
199a2fb1
JH		 1048 }
1049
a4858cb9 1050 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1051}
1052
0ec5ae84
JH		 1053static void disable_advertising(struct hci_request *req)
1054{
1055 u8 enable = 0x00;
1056
1057 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1058}
1059
199a2fb1
JH		 1060static void enable_advertising(struct hci_request *req)
1061{
1062 struct hci_dev *hdev = req->hdev;
1063 struct hci_cp_le_set_adv_param cp;
8f2a0601 1064 u8 own_addr_type, enable = 0x01;
a4858cb9 1065 bool connectable;
199a2fb1 1066
0ec5ae84
JH		 1067 if (hci_conn_num(hdev, LE_LINK) > 0)
1068 return;
1069
1070 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1071 disable_advertising(req);
1072
5ce194c4 1073 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1074 * hci_update_random_address knows that it's safe to go ahead
1075 * and write a new random address. The flag will be set back on
1076 * as soon as the SET_ADV_ENABLE HCI command completes.
1077 */
5ce194c4 1078 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1079
a4858cb9 1080 connectable = get_connectable(hdev);
8f2a0601 1081
a4858cb9
JH		 1082 /* Set require_privacy to true only when non-connectable
1083 * advertising is used. In that case it is fine to use a
1084 * non-resolvable private address.
1085 */
1086 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1087 return;
1088
41c90c18 1089 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1090 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1091 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1092 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1093 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1094 cp.channel_map = hdev->le_adv_channel_map;
1095
1096 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1097
1098 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1099}
1100
7d78525d
JH		 1101static void service_cache_off(struct work_struct *work)
1102{
1103 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1104 service_cache.work);
890ea898 1105 struct hci_request req;
7d78525d 1106
a8b2d5c2 1107 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1108 return;
1109
890ea898
JH		 1110 hci_req_init(&req, hdev);
1111
7d78525d
JH		 1112 hci_dev_lock(hdev);
1113
890ea898
JH		 1114 update_eir(&req);
1115 update_class(&req);
7d78525d
JH		 1116
1117 hci_dev_unlock(hdev);
890ea898
JH		 1118
1119 hci_req_run(&req, NULL);
7d78525d
JH		 1120}
1121
d6bfd59c
JH		 1122static void rpa_expired(struct work_struct *work)
1123{
1124 struct hci_dev *hdev = container_of(work, struct hci_dev,
1125 rpa_expired.work);
1126 struct hci_request req;
1127
1128 BT_DBG("");
1129
1130 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1131
0ec5ae84 1132 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1133 return;
1134
1135 /* The generation of a new RPA and programming it into the
1136 * controller happens in the enable_advertising() function.
1137 */
d6bfd59c 1138 hci_req_init(&req, hdev);
d6bfd59c 1139 enable_advertising(&req);
d6bfd59c
JH		 1140 hci_req_run(&req, NULL);
1141}
1142
6a919082 1143static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1144{
4f87da80 1145 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1146 return;
1147
4f87da80 1148 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1149 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1150
4f87da80
JH		 1151 /* Non-mgmt controlled devices get this bit set
1152 * implicitly so that pairing works for them, however
1153 * for mgmt we require user-space to explicitly enable
1154 * it
1155 */
b6ae8457 1156 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1157}
1158
0f4e68cf 1159static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1160 void *data, u16 data_len)
0381101f 1161{
a38528f1 1162 struct mgmt_rp_read_info rp;
f7b64e69 1163
bdb6d971 1164 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1165
09fd0de5 1166 hci_dev_lock(hdev);
f7b64e69 1167
dc4fe30b
JH		 1168 memset(&rp, 0, sizeof(rp));
1169
69ab39ea 1170 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1171
69ab39ea 1172 rp.version = hdev->hci_ver;
eb55ef07 1173 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1174
1175 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1176 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1177
a38528f1 1178 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1179
dc4fe30b 1180 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1181 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1182
09fd0de5 1183 hci_dev_unlock(hdev);
0381101f 1184
bdb6d971 1185 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1186 sizeof(rp));
0381101f
JH		 1187}
1188
eec8d2bc
JH		 1189static void mgmt_pending_free(struct pending_cmd *cmd)
1190{
1191 sock_put(cmd->sk);
c68fb7ff 1192 kfree(cmd->param);
eec8d2bc
JH		 1193 kfree(cmd);
1194}
1195
366a0336 1196static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1197 struct hci_dev *hdev, void *data,
1198 u16 len)
eec8d2bc
JH		 1199{
1200 struct pending_cmd *cmd;
1201
fca20018 1202 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1203 if (!cmd)
366a0336 1204 return NULL;
eec8d2bc
JH		 1205
1206 cmd->opcode = opcode;
2e58ef3e 1207 cmd->index = hdev->id;
eec8d2bc 1208
323b0b88 1209 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1210 if (!cmd->param) {
eec8d2bc 1211 kfree(cmd);
366a0336 1212 return NULL;
eec8d2bc
JH		 1213 }
1214
323b0b88 1215 cmd->param_len = len;
eec8d2bc
JH		 1216
1217 cmd->sk = sk;
1218 sock_hold(sk);
1219
2e58ef3e 1220 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1221
366a0336 1222 return cmd;
eec8d2bc
JH		 1223}
1224
744cf19e 1225static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1226 void (*cb)(struct pending_cmd *cmd,
1227 void *data),
04124681 1228 void *data)
eec8d2bc 1229{
a3d09356 1230 struct pending_cmd *cmd, *tmp;
eec8d2bc 1231
a3d09356 1232 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1233 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1234 continue;
1235
eec8d2bc
JH		 1236 cb(cmd, data);
1237 }
1238}
1239
a664b5bc 1240static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1241{
73f22f62
JH		 1242 list_del(&cmd->list);
1243 mgmt_pending_free(cmd);
1244}
1245
69ab39ea 1246static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1247{
69ab39ea 1248 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1249
aee9b218 1250 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1251 sizeof(settings));
8680570b
JH		 1252}
1253
8b064a3a
JH		 1254static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1255{
1256 BT_DBG("%s status 0x%02x", hdev->name, status);
1257
a3172b7e
JH		 1258 if (hci_conn_count(hdev) == 0) {
1259 cancel_delayed_work(&hdev->power_off);
8b064a3a 1260 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1261 }
8b064a3a
JH		 1262}
1263
23a48093 1264static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1265{
1266 struct hci_dev *hdev = req->hdev;
1267 struct hci_cp_remote_name_req_cancel cp;
1268 struct inquiry_entry *e;
1269
1270 switch (hdev->discovery.state) {
1271 case DISCOVERY_FINDING:
1272 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1273 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1274 } else {
1275 cancel_delayed_work(&hdev->le_scan_disable);
1276 hci_req_add_le_scan_disable(req);
1277 }
1278
23a48093 1279 return true;
21a60d30
JH		 1280
1281 case DISCOVERY_RESOLVING:
1282 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1283 NAME_PENDING);
1284 if (!e)
23a48093 1285 break;
21a60d30
JH		 1286
1287 bacpy(&cp.bdaddr, &e->data.bdaddr);
1288 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1289 &cp);
1290
23a48093 1291 return true;
21a60d30
JH		 1292
1293 default:
1294 /* Passive scanning */
23a48093 1295 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1296 hci_req_add_le_scan_disable(req);
23a48093
JH		 1297 return true;
1298 }
1299
21a60d30
JH		 1300 break;
1301 }
23a48093
JH		 1302
1303 return false;
21a60d30
JH		 1304}
1305
8b064a3a
JH		 1306static int clean_up_hci_state(struct hci_dev *hdev)
1307{
1308 struct hci_request req;
1309 struct hci_conn *conn;
23a48093
JH		 1310 bool discov_stopped;
1311 int err;
8b064a3a
JH		 1312
1313 hci_req_init(&req, hdev);
1314
1315 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1316 test_bit(HCI_PSCAN, &hdev->flags)) {
1317 u8 scan = 0x00;
1318 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1319 }
1320
73e082f8 1321 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1322 disable_advertising(&req);
1323
23a48093 1324 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1325
1326 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1327 struct hci_cp_disconnect dc;
c9910d0f
JH		 1328 struct hci_cp_reject_conn_req rej;
1329
1330 switch (conn->state) {
1331 case BT_CONNECTED:
1332 case BT_CONFIG:
1333 dc.handle = cpu_to_le16(conn->handle);
1334 dc.reason = 0x15; /* Terminated due to Power Off */
1335 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1336 break;
1337 case BT_CONNECT:
1338 if (conn->type == LE_LINK)
1339 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1340 0, NULL);
1341 else if (conn->type == ACL_LINK)
1342 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 6, &conn->dst);
1344 break;
1345 case BT_CONNECT2:
1346 bacpy(&rej.bdaddr, &conn->dst);
1347 rej.reason = 0x15; /* Terminated due to Power Off */
1348 if (conn->type == ACL_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1350 sizeof(rej), &rej);
1351 else if (conn->type == SCO_LINK)
1352 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1353 sizeof(rej), &rej);
1354 break;
1355 }
8b064a3a
JH		 1356 }
1357
23a48093
JH		 1358 err = hci_req_run(&req, clean_up_hci_complete);
1359 if (!err && discov_stopped)
1360 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1361
1362 return err;
8b064a3a
JH		 1363}
1364
bdb6d971 1365static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1366 u16 len)
eec8d2bc 1367{
650f726d 1368 struct mgmt_mode *cp = data;
366a0336 1369 struct pending_cmd *cmd;
4b34ee78 1370 int err;
eec8d2bc 1371
bdb6d971 1372 BT_DBG("request for %s", hdev->name);
eec8d2bc 1373
a7e80f25
JH		 1374 if (cp->val != 0x00 && cp->val != 0x01)
1375 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1376 MGMT_STATUS_INVALID_PARAMS);
1377
09fd0de5 1378 hci_dev_lock(hdev);
eec8d2bc 1379
87b95ba6
JH		 1380 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1381 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1382 MGMT_STATUS_BUSY);
1383 goto failed;
1384 }
1385
f0d4b78a
MH		 1386 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1387 cancel_delayed_work(&hdev->power_off);
1388
1389 if (cp->val) {
a1d70450
JH		 1390 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1391 data, len);
1392 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1393 goto failed;
1394 }
1395 }
1396
4b34ee78 1397 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1398 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1399 goto failed;
1400 }
1401
2e58ef3e 1402 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1403 if (!cmd) {
1404 err = -ENOMEM;
eec8d2bc 1405 goto failed;
366a0336 1406 }
eec8d2bc 1407
8b064a3a 1408 if (cp->val) {
19202573 1409 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1410 err = 0;
1411 } else {
1412 /* Disconnect connections, stop scans, etc */
1413 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1414 if (!err)
1415 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1416 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1417
8b064a3a
JH		 1418 /* ENODATA means there were no HCI commands queued */
1419 if (err == -ENODATA) {
a3172b7e 1420 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1421 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1422 err = 0;
1423 }
1424 }
eec8d2bc
JH		 1425
1426failed:
09fd0de5 1427 hci_dev_unlock(hdev);
366a0336 1428 return err;
eec8d2bc
JH		 1429}
1430
beadb2bd
JH		 1431static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432{
1433 __le32 ev;
1434
1435 ev = cpu_to_le32(get_current_settings(hdev));
1436
1437 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1438}
1439
91a668b0
JH		 1440int mgmt_new_settings(struct hci_dev *hdev)
1441{
1442 return new_settings(hdev, NULL);
1443}
1444
bd99abdd
JH		 1445struct cmd_lookup {
1446 struct sock *sk;
1447 struct hci_dev *hdev;
1448 u8 mgmt_status;
1449};
1450
1451static void settings_rsp(struct pending_cmd *cmd, void *data)
1452{
1453 struct cmd_lookup *match = data;
1454
1455 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1456
1457 list_del(&cmd->list);
1458
1459 if (match->sk == NULL) {
1460 match->sk = cmd->sk;
1461 sock_hold(match->sk);
1462 }
1463
1464 mgmt_pending_free(cmd);
1465}
1466
1467static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468{
1469 u8 *status = data;
1470
1471 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1472 mgmt_pending_remove(cmd);
1473}
1474
1b9b5ee5
JH		 1475static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1476{
1477 if (cmd->cmd_complete) {
1478 u8 *status = data;
1479
1480 cmd->cmd_complete(cmd, *status);
1481 mgmt_pending_remove(cmd);
1482
1483 return;
1484 }
1485
1486 cmd_status_rsp(cmd, data);
1487}
1488
f5818c22
JH		 1489static void generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1490{
1491 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1492 cmd->param_len);
1493}
1494
7776d1d8
JH		 1495static void addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1496{
1497 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1498 sizeof(struct mgmt_addr_info));
1499}
1500
e6fe7986
JH		 1501static u8 mgmt_bredr_support(struct hci_dev *hdev)
1502{
1503 if (!lmp_bredr_capable(hdev))
1504 return MGMT_STATUS_NOT_SUPPORTED;
1505 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1506 return MGMT_STATUS_REJECTED;
1507 else
1508 return MGMT_STATUS_SUCCESS;
1509}
1510
1511static u8 mgmt_le_support(struct hci_dev *hdev)
1512{
1513 if (!lmp_le_capable(hdev))
1514 return MGMT_STATUS_NOT_SUPPORTED;
1515 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1516 return MGMT_STATUS_REJECTED;
1517 else
1518 return MGMT_STATUS_SUCCESS;
1519}
1520
bfaf8c9f
JH		 1521static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1522{
1523 struct pending_cmd *cmd;
1524 struct mgmt_mode *cp;
970ba524 1525 struct hci_request req;
bfaf8c9f
JH		 1526 bool changed;
1527
1528 BT_DBG("status 0x%02x", status);
1529
1530 hci_dev_lock(hdev);
1531
1532 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1533 if (!cmd)
1534 goto unlock;
1535
1536 if (status) {
1537 u8 mgmt_err = mgmt_status(status);
1538 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1539 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1540 goto remove_cmd;
1541 }
1542
1543 cp = cmd->param;
d4462a07 1544 if (cp->val) {
bfaf8c9f
JH		 1545 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1546 &hdev->dev_flags);
d4462a07
MH		 1547
1548 if (hdev->discov_timeout > 0) {
1549 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1550 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1551 to);
1552 }
1553 } else {
bfaf8c9f
JH		 1554 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1555 &hdev->dev_flags);
d4462a07 1556 }
bfaf8c9f
JH		 1557
1558 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1559
1560 if (changed)
1561 new_settings(hdev, cmd->sk);
1562
970ba524
MH		 1563 /* When the discoverable mode gets changed, make sure
1564 * that class of device has the limited discoverable
432df05e
JH		 1565 * bit correctly set. Also update page scan based on whitelist
1566 * entries.
970ba524
MH		 1567 */
1568 hci_req_init(&req, hdev);
432df05e 1569 hci_update_page_scan(hdev, &req);
970ba524
MH		 1570 update_class(&req);
1571 hci_req_run(&req, NULL);
1572
bfaf8c9f
JH		 1573remove_cmd:
1574 mgmt_pending_remove(cmd);
1575
1576unlock:
1577 hci_dev_unlock(hdev);
1578}
1579
bdb6d971 1580static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1581 u16 len)
73f22f62 1582{
650f726d 1583 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1584 struct pending_cmd *cmd;
bfaf8c9f 1585 struct hci_request req;
5e5282bb 1586 u16 timeout;
9a43e25f 1587 u8 scan;
73f22f62
JH		 1588 int err;
1589
bdb6d971 1590 BT_DBG("request for %s", hdev->name);
73f22f62 1591
9a43e25f
JH		 1592 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1593 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1594 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1595 MGMT_STATUS_REJECTED);
33c525c0 1596
310a3d48 1597 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1599 MGMT_STATUS_INVALID_PARAMS);
1600
1f350c87 1601 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1602
1603 /* Disabling discoverable requires that no timeout is set,
1604 * and enabling limited discoverable requires a timeout.
1605 */
1606 if ((cp->val == 0x00 && timeout > 0) ||
1607 (cp->val == 0x02 && timeout == 0))
bdb6d971 1608 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1609 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1610
09fd0de5 1611 hci_dev_lock(hdev);
73f22f62 1612
5e5282bb 1613 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1614 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1615 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1616 goto failed;
1617 }
1618
2e58ef3e 1619 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1620 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1621 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1622 MGMT_STATUS_BUSY);
73f22f62
JH		 1623 goto failed;
1624 }
1625
5e5282bb 1626 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1627 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1628 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1629 goto failed;
1630 }
1631
1632 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1633 bool changed = false;
1634
310a3d48
MH		 1635 /* Setting limited discoverable when powered off is
1636 * not a valid operation since it requires a timeout
1637 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1638 */
0224d2fa
JH		 1639 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1640 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1641 changed = true;
1642 }
1643
5e5282bb 1644 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1645 if (err < 0)
1646 goto failed;
1647
1648 if (changed)
1649 err = new_settings(hdev, sk);
1650
5e5282bb
JH		 1651 goto failed;
1652 }
1653
310a3d48
MH		 1654 /* If the current mode is the same, then just update the timeout
1655 * value with the new value. And if only the timeout gets updated,
1656 * then no need for any HCI transactions.
1657 */
1658 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1659 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1660 &hdev->dev_flags)) {
36261547
MH		 1661 cancel_delayed_work(&hdev->discov_off);
1662 hdev->discov_timeout = timeout;
955638ec 1663
36261547
MH		 1664 if (cp->val && hdev->discov_timeout > 0) {
1665 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1666 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1667 to);
955638ec
MH		 1668 }
1669
69ab39ea 1670 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1671 goto failed;
1672 }
1673
2e58ef3e 1674 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1675 if (!cmd) {
1676 err = -ENOMEM;
73f22f62 1677 goto failed;
366a0336 1678 }
73f22f62 1679
310a3d48
MH		 1680 /* Cancel any potential discoverable timeout that might be
1681 * still active and store new timeout value. The arming of
1682 * the timeout happens in the complete handler.
1683 */
1684 cancel_delayed_work(&hdev->discov_off);
1685 hdev->discov_timeout = timeout;
1686
b456f87c
JH		 1687 /* Limited discoverable mode */
1688 if (cp->val == 0x02)
1689 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1690 else
1691 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1692
bfaf8c9f
JH		 1693 hci_req_init(&req, hdev);
1694
9a43e25f
JH		 1695 /* The procedure for LE-only controllers is much simpler - just
1696 * update the advertising data.
1697 */
1698 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1699 goto update_ad;
1700
73f22f62
JH		 1701 scan = SCAN_PAGE;
1702
310a3d48
MH		 1703 if (cp->val) {
1704 struct hci_cp_write_current_iac_lap hci_cp;
1705
1706 if (cp->val == 0x02) {
1707 /* Limited discoverable mode */
33337dcb 1708 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1709 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1710 hci_cp.iac_lap[1] = 0x8b;
1711 hci_cp.iac_lap[2] = 0x9e;
1712 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1713 hci_cp.iac_lap[4] = 0x8b;
1714 hci_cp.iac_lap[5] = 0x9e;
1715 } else {
1716 /* General discoverable mode */
310a3d48
MH		 1717 hci_cp.num_iac = 1;
1718 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1719 hci_cp.iac_lap[1] = 0x8b;
1720 hci_cp.iac_lap[2] = 0x9e;
1721 }
1722
1723 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1724 (hci_cp.num_iac * 3) + 1, &hci_cp);
1725
73f22f62 1726 scan |= SCAN_INQUIRY;
310a3d48
MH		 1727 } else {
1728 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1729 }
73f22f62 1730
310a3d48 1731 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1732
9a43e25f
JH		 1733update_ad:
1734 update_adv_data(&req);
1735
bfaf8c9f 1736 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1737 if (err < 0)
a664b5bc 1738 mgmt_pending_remove(cmd);
73f22f62
JH		 1739
1740failed:
09fd0de5 1741 hci_dev_unlock(hdev);
73f22f62
JH		 1742 return err;
1743}
1744
406d7804
JH		 1745static void write_fast_connectable(struct hci_request *req, bool enable)
1746{
bd98b996 1747 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1748 struct hci_cp_write_page_scan_activity acp;
1749 u8 type;
1750
547003b1
JH		 1751 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1752 return;
1753
4c01f8b8
JH		 1754 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1755 return;
1756
406d7804
JH		 1757 if (enable) {
1758 type = PAGE_SCAN_TYPE_INTERLACED;
1759
1760 /* 160 msec page scan interval */
dcf4adbf 1761 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1762 } else {
1763 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1764
1765 /* default 1.28 sec page scan */
dcf4adbf 1766 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1767 }
1768
dcf4adbf 1769 acp.window = cpu_to_le16(0x0012);
406d7804 1770
bd98b996
JH		 1771 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1772 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1773 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1774 sizeof(acp), &acp);
1775
1776 if (hdev->page_scan_type != type)
1777 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1778}
1779
2b76f453
JH		 1780static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1781{
1782 struct pending_cmd *cmd;
d7b856f9 1783 struct mgmt_mode *cp;
bc6d2d04 1784 bool conn_changed, discov_changed;
2b76f453
JH		 1785
1786 BT_DBG("status 0x%02x", status);
1787
1788 hci_dev_lock(hdev);
1789
1790 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1791 if (!cmd)
1792 goto unlock;
1793
37438c1f
JH		 1794 if (status) {
1795 u8 mgmt_err = mgmt_status(status);
1796 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1797 goto remove_cmd;
1798 }
1799
d7b856f9 1800 cp = cmd->param;
bc6d2d04
JH		 1801 if (cp->val) {
1802 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1803 &hdev->dev_flags);
1804 discov_changed = false;
1805 } else {
1806 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1807 &hdev->dev_flags);
1808 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1809 &hdev->dev_flags);
1810 }
d7b856f9 1811
2b76f453
JH		 1812 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1813
bc6d2d04 1814 if (conn_changed || discov_changed) {
d7b856f9 1815 new_settings(hdev, cmd->sk);
432df05e 1816 hci_update_page_scan(hdev, NULL);
bc6d2d04
JH		 1817 if (discov_changed)
1818 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1819 hci_update_background_scan(hdev);
1820 }
d7b856f9 1821
37438c1f 1822remove_cmd:
2b76f453
JH		 1823 mgmt_pending_remove(cmd);
1824
1825unlock:
1826 hci_dev_unlock(hdev);
1827}
1828
e8ba3a1f
JH		 1829static int set_connectable_update_settings(struct hci_dev *hdev,
1830 struct sock *sk, u8 val)
1831{
1832 bool changed = false;
1833 int err;
1834
1835 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1836 changed = true;
1837
1838 if (val) {
1839 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1840 } else {
1841 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1842 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1843 }
1844
1845 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1846 if (err < 0)
1847 return err;
1848
562064e6 1849 if (changed) {
432df05e 1850 hci_update_page_scan(hdev, NULL);
562064e6 1851 hci_update_background_scan(hdev);
e8ba3a1f 1852 return new_settings(hdev, sk);
562064e6 1853 }
e8ba3a1f
JH		 1854
1855 return 0;
1856}
1857
bdb6d971 1858static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1859 u16 len)
9fbcbb45 1860{
650f726d 1861 struct mgmt_mode *cp = data;
366a0336 1862 struct pending_cmd *cmd;
2b76f453 1863 struct hci_request req;
1987fdc7 1864 u8 scan;
9fbcbb45
JH		 1865 int err;
1866
bdb6d971 1867 BT_DBG("request for %s", hdev->name);
9fbcbb45 1868
1987fdc7
JH		 1869 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1870 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1871 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1872 MGMT_STATUS_REJECTED);
33c525c0 1873
a7e80f25
JH		 1874 if (cp->val != 0x00 && cp->val != 0x01)
1875 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1876 MGMT_STATUS_INVALID_PARAMS);
1877
09fd0de5 1878 hci_dev_lock(hdev);
9fbcbb45 1879
4b34ee78 1880 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1881 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1882 goto failed;
1883 }
1884
2e58ef3e 1885 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1886 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1887 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1888 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1889 goto failed;
1890 }
1891
2e58ef3e 1892 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1893 if (!cmd) {
1894 err = -ENOMEM;
9fbcbb45 1895 goto failed;
366a0336 1896 }
9fbcbb45 1897
9b74246f 1898 hci_req_init(&req, hdev);
9fbcbb45 1899
9a43e25f
JH		 1900 /* If BR/EDR is not enabled and we disable advertising as a
1901 * by-product of disabling connectable, we need to update the
1902 * advertising flags.
1903 */
1904 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1905 if (!cp->val) {
1906 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1907 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1908 }
1909 update_adv_data(&req);
1910 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1911 if (cp->val) {
1912 scan = SCAN_PAGE;
1913 } else {
3bd27240
JH		 1914 /* If we don't have any whitelist entries just
1915 * disable all scanning. If there are entries
1916 * and we had both page and inquiry scanning
1917 * enabled then fall back to only page scanning.
1918 * Otherwise no changes are needed.
1919 */
1920 if (list_empty(&hdev->whitelist))
1921 scan = SCAN_DISABLED;
1922 else if (test_bit(HCI_ISCAN, &hdev->flags))
1923 scan = SCAN_PAGE;
1924 else
1925 goto no_scan_update;
9b74246f
JH		 1926
1927 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1928 hdev->discov_timeout > 0)
9b74246f
JH		 1929 cancel_delayed_work(&hdev->discov_off);
1930 }
2b76f453 1931
9b74246f
JH		 1932 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1933 }
2b76f453 1934
3bd27240 1935no_scan_update:
4c01f8b8
JH		 1936 /* If we're going from non-connectable to connectable or
1937 * vice-versa when fast connectable is enabled ensure that fast
1938 * connectable gets disabled. write_fast_connectable won't do
1939 * anything if the page scan parameters are already what they
1940 * should be.
1941 */
1942 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1943 write_fast_connectable(&req, false);
1944
e8b1202c
JH		 1945 /* Update the advertising parameters if necessary */
1946 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1947 enable_advertising(&req);
1987fdc7 1948
2b76f453 1949 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1950 if (err < 0) {
a664b5bc 1951 mgmt_pending_remove(cmd);
9b74246f 1952 if (err == -ENODATA)
a81070ba
JH		 1953 err = set_connectable_update_settings(hdev, sk,
1954 cp->val);
9b74246f
JH		 1955 goto failed;
1956 }
9fbcbb45
JH		 1957
1958failed:
09fd0de5 1959 hci_dev_unlock(hdev);
9fbcbb45
JH		 1960 return err;
1961}
1962
b2939475 1963static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1964 u16 len)
c542a06c 1965{
650f726d 1966 struct mgmt_mode *cp = data;
55594356 1967 bool changed;
c542a06c
JH		 1968 int err;
1969
bdb6d971 1970 BT_DBG("request for %s", hdev->name);
c542a06c 1971
a7e80f25 1972 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1973 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1974 MGMT_STATUS_INVALID_PARAMS);
1975
09fd0de5 1976 hci_dev_lock(hdev);
c542a06c
JH		 1977
1978 if (cp->val)
b6ae8457 1979 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1980 else
b6ae8457 1981 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1982
b2939475 1983 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1984 if (err < 0)
55594356 1985 goto unlock;
c542a06c 1986
55594356
MH		 1987 if (changed)
1988 err = new_settings(hdev, sk);
c542a06c 1989
55594356 1990unlock:
09fd0de5 1991 hci_dev_unlock(hdev);
c542a06c
JH		 1992 return err;
1993}
1994
04124681
GP		 1995static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1996 u16 len)
33ef95ed
JH		 1997{
1998 struct mgmt_mode *cp = data;
1999 struct pending_cmd *cmd;
e6fe7986 2000 u8 val, status;
33ef95ed
JH		 2001 int err;
2002
bdb6d971 2003 BT_DBG("request for %s", hdev->name);
33ef95ed 2004
e6fe7986
JH		 2005 status = mgmt_bredr_support(hdev);
2006 if (status)
33c525c0 2007 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 2008 status);
33c525c0 2009
a7e80f25
JH		 2010 if (cp->val != 0x00 && cp->val != 0x01)
2011 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2012 MGMT_STATUS_INVALID_PARAMS);
2013
33ef95ed
JH		 2014 hci_dev_lock(hdev);
2015
4b34ee78 2016 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2017 bool changed = false;
2018
2019 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2020 &hdev->dev_flags)) {
47990ea0
JH		 2021 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2022 changed = true;
2023 }
2024
2025 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2026 if (err < 0)
2027 goto failed;
2028
2029 if (changed)
2030 err = new_settings(hdev, sk);
2031
33ef95ed
JH		 2032 goto failed;
2033 }
2034
2035 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2036 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2037 MGMT_STATUS_BUSY);
33ef95ed
JH		 2038 goto failed;
2039 }
2040
2041 val = !!cp->val;
2042
2043 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2044 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2045 goto failed;
2046 }
2047
2048 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2049 if (!cmd) {
2050 err = -ENOMEM;
2051 goto failed;
2052 }
2053
2054 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2055 if (err < 0) {
2056 mgmt_pending_remove(cmd);
2057 goto failed;
2058 }
2059
2060failed:
2061 hci_dev_unlock(hdev);
33ef95ed
JH		 2062 return err;
2063}
2064
bdb6d971 2065static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2066{
2067 struct mgmt_mode *cp = data;
2068 struct pending_cmd *cmd;
72ef0c1a 2069 u8 status;
ed2c4ee3
JH		 2070 int err;
2071
bdb6d971 2072 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2073
cdba5281
MH		 2074 status = mgmt_bredr_support(hdev);
2075 if (status)
2076 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2077
13ecd8b6
JH		 2078 if (!lmp_ssp_capable(hdev))
2079 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2080 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2081
a7e80f25
JH		 2082 if (cp->val != 0x00 && cp->val != 0x01)
2083 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2084 MGMT_STATUS_INVALID_PARAMS);
2085
13ecd8b6 2086 hci_dev_lock(hdev);
6c8f12c1 2087
4b34ee78 2088 if (!hdev_is_powered(hdev)) {
9ecb3e24 2089 bool changed;
c0ecddc2 2090
9ecb3e24
MH		 2091 if (cp->val) {
2092 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2093 &hdev->dev_flags);
2094 } else {
2095 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2096 &hdev->dev_flags);
2097 if (!changed)
2098 changed = test_and_clear_bit(HCI_HS_ENABLED,
2099 &hdev->dev_flags);
2100 else
2101 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2102 }
2103
2104 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2105 if (err < 0)
2106 goto failed;
2107
2108 if (changed)
2109 err = new_settings(hdev, sk);
2110
ed2c4ee3
JH		 2111 goto failed;
2112 }
2113
9ecb3e24
MH		 2114 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2115 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2116 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2117 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2118 goto failed;
2119 }
2120
72ef0c1a 2121 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2122 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2123 goto failed;
2124 }
2125
2126 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2127 if (!cmd) {
2128 err = -ENOMEM;
2129 goto failed;
2130 }
2131
3769972b
JH		 2132 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2133 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2134 sizeof(cp->val), &cp->val);
2135
72ef0c1a 2136 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2137 if (err < 0) {
2138 mgmt_pending_remove(cmd);
2139 goto failed;
2140 }
2141
2142failed:
2143 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2144 return err;
2145}
2146
bdb6d971 2147static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2148{
2149 struct mgmt_mode *cp = data;
ee392693 2150 bool changed;
e6fe7986 2151 u8 status;
ee392693 2152 int err;
6d80dfd0 2153
bdb6d971 2154 BT_DBG("request for %s", hdev->name);
6d80dfd0 2155
e6fe7986
JH		 2156 status = mgmt_bredr_support(hdev);
2157 if (status)
2158 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2159
9ecb3e24
MH		 2160 if (!lmp_ssp_capable(hdev))
2161 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2162 MGMT_STATUS_NOT_SUPPORTED);
2163
2164 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2165 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2166 MGMT_STATUS_REJECTED);
2167
a7e80f25
JH		 2168 if (cp->val != 0x00 && cp->val != 0x01)
2169 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2170 MGMT_STATUS_INVALID_PARAMS);
2171
ee392693
MH		 2172 hci_dev_lock(hdev);
2173
a0cdf960 2174 if (cp->val) {
ee392693 2175 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2176 } else {
2177 if (hdev_is_powered(hdev)) {
2178 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2179 MGMT_STATUS_REJECTED);
2180 goto unlock;
2181 }
2182
ee392693 2183 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2184 }
ee392693
MH		 2185
2186 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2187 if (err < 0)
2188 goto unlock;
2189
2190 if (changed)
2191 err = new_settings(hdev, sk);
6d80dfd0 2192
ee392693
MH		 2193unlock:
2194 hci_dev_unlock(hdev);
2195 return err;
6d80dfd0
JH		 2196}
2197
416a4ae5
JH		 2198static void le_enable_complete(struct hci_dev *hdev, u8 status)
2199{
2200 struct cmd_lookup match = { NULL, hdev };
2201
3ad67582
JK		 2202 hci_dev_lock(hdev);
2203
416a4ae5
JH		 2204 if (status) {
2205 u8 mgmt_err = mgmt_status(status);
2206
2207 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2208 &mgmt_err);
3ad67582 2209 goto unlock;
416a4ae5
JH		 2210 }
2211
2212 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2213
2214 new_settings(hdev, match.sk);
2215
2216 if (match.sk)
2217 sock_put(match.sk);
441ad2d0
MH		 2218
2219 /* Make sure the controller has a good default for
2220 * advertising data. Restrict the update to when LE
2221 * has actually been enabled. During power on, the
2222 * update in powered_update_hci will take care of it.
2223 */
2224 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2225 struct hci_request req;
2226
441ad2d0 2227 hci_req_init(&req, hdev);
5947f4bc 2228 update_adv_data(&req);
f14d8f64 2229 update_scan_rsp_data(&req);
441ad2d0
MH		 2230 hci_req_run(&req, NULL);
2231
a70f4b5f 2232 hci_update_background_scan(hdev);
441ad2d0 2233 }
3ad67582
JK		 2234
2235unlock:
2236 hci_dev_unlock(hdev);
416a4ae5
JH		 2237}
2238
bdb6d971 2239static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2240{
2241 struct mgmt_mode *cp = data;
2242 struct hci_cp_write_le_host_supported hci_cp;
2243 struct pending_cmd *cmd;
416a4ae5 2244 struct hci_request req;
06199cf8 2245 int err;
0b60eba1 2246 u8 val, enabled;
06199cf8 2247
bdb6d971 2248 BT_DBG("request for %s", hdev->name);
06199cf8 2249
13ecd8b6
JH		 2250 if (!lmp_le_capable(hdev))
2251 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2252 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2253
a7e80f25
JH		 2254 if (cp->val != 0x00 && cp->val != 0x01)
2255 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2256 MGMT_STATUS_INVALID_PARAMS);
2257
c73eee91 2258 /* LE-only devices do not allow toggling LE on/off */
56f87901 2259 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2260 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2261 MGMT_STATUS_REJECTED);
2262
13ecd8b6 2263 hci_dev_lock(hdev);
06199cf8
JH		 2264
2265 val = !!cp->val;
ffa88e02 2266 enabled = lmp_host_le_capable(hdev);
06199cf8 2267
0b60eba1 2268 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2269 bool changed = false;
2270
2271 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2272 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2273 changed = true;
2274 }
2275
f3d3444a
JH		 2276 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2277 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2278 changed = true;
2279 }
2280
06199cf8
JH		 2281 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2282 if (err < 0)
1de028ce 2283 goto unlock;
06199cf8
JH		 2284
2285 if (changed)
2286 err = new_settings(hdev, sk);
2287
1de028ce 2288 goto unlock;
06199cf8
JH		 2289 }
2290
4375f103
JH		 2291 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2292 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2293 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2294 MGMT_STATUS_BUSY);
1de028ce 2295 goto unlock;
06199cf8
JH		 2296 }
2297
2298 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2299 if (!cmd) {
2300 err = -ENOMEM;
1de028ce 2301 goto unlock;
06199cf8
JH		 2302 }
2303
441ad2d0
MH		 2304 hci_req_init(&req, hdev);
2305
06199cf8
JH		 2306 memset(&hci_cp, 0, sizeof(hci_cp));
2307
2308 if (val) {
2309 hci_cp.le = val;
32226e4f 2310 hci_cp.simul = 0x00;
441ad2d0 2311 } else {
73e082f8 2312 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2313 disable_advertising(&req);
06199cf8
JH		 2314 }
2315
416a4ae5
JH		 2316 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2317 &hci_cp);
2318
2319 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2320 if (err < 0)
06199cf8 2321 mgmt_pending_remove(cmd);
06199cf8 2322
1de028ce
JH		 2323unlock:
2324 hci_dev_unlock(hdev);
06199cf8
JH		 2325 return err;
2326}
2327
0cab9c80
JH		 2328/* This is a helper function to test for pending mgmt commands that can
2329 * cause CoD or EIR HCI commands. We can only allow one such pending
2330 * mgmt command at a time since otherwise we cannot easily track what
2331 * the current values are, will be, and based on that calculate if a new
2332 * HCI command needs to be sent and if yes with what value.
2333 */
2334static bool pending_eir_or_class(struct hci_dev *hdev)
2335{
2336 struct pending_cmd *cmd;
2337
2338 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2339 switch (cmd->opcode) {
2340 case MGMT_OP_ADD_UUID:
2341 case MGMT_OP_REMOVE_UUID:
2342 case MGMT_OP_SET_DEV_CLASS:
2343 case MGMT_OP_SET_POWERED:
2344 return true;
2345 }
2346 }
2347
2348 return false;
2349}
2350
83be8eca
JH		 2351static const u8 bluetooth_base_uuid[] = {
2352 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2353 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2354};
2355
2356static u8 get_uuid_size(const u8 *uuid)
2357{
2358 u32 val;
2359
2360 if (memcmp(uuid, bluetooth_base_uuid, 12))
2361 return 128;
2362
2363 val = get_unaligned_le32(&uuid[12]);
2364 if (val > 0xffff)
2365 return 32;
2366
2367 return 16;
2368}
2369
92da6097
JH		 2370static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2371{
2372 struct pending_cmd *cmd;
2373
2374 hci_dev_lock(hdev);
2375
2376 cmd = mgmt_pending_find(mgmt_op, hdev);
2377 if (!cmd)
2378 goto unlock;
2379
2380 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2381 hdev->dev_class, 3);
2382
2383 mgmt_pending_remove(cmd);
2384
2385unlock:
2386 hci_dev_unlock(hdev);
2387}
2388
2389static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2390{
2391 BT_DBG("status 0x%02x", status);
2392
2393 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2394}
2395
bdb6d971 2396static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2397{
650f726d 2398 struct mgmt_cp_add_uuid *cp = data;
90e70454 2399 struct pending_cmd *cmd;
890ea898 2400 struct hci_request req;
2aeb9a1a 2401 struct bt_uuid *uuid;
2aeb9a1a
JH		 2402 int err;
2403
bdb6d971 2404 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2405
09fd0de5 2406 hci_dev_lock(hdev);
2aeb9a1a 2407
0cab9c80 2408 if (pending_eir_or_class(hdev)) {
bdb6d971 2409 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2410 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2411 goto failed;
2412 }
2413
92c4c204 2414 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2415 if (!uuid) {
2416 err = -ENOMEM;
2417 goto failed;
2418 }
2419
2420 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2421 uuid->svc_hint = cp->svc_hint;
83be8eca 2422 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2423
de66aa63 2424 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2425
890ea898 2426 hci_req_init(&req, hdev);
1aff6f09 2427
890ea898
JH		 2428 update_class(&req);
2429 update_eir(&req);
2430
92da6097
JH		 2431 err = hci_req_run(&req, add_uuid_complete);
2432 if (err < 0) {
2433 if (err != -ENODATA)
2434 goto failed;
80a1e1db 2435
bdb6d971 2436 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2437 hdev->dev_class, 3);
90e70454
JH		 2438 goto failed;
2439 }
2440
2441 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2442 if (!cmd) {
90e70454 2443 err = -ENOMEM;
890ea898
JH		 2444 goto failed;
2445 }
2446
2447 err = 0;
2aeb9a1a
JH		 2448
2449failed:
09fd0de5 2450 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2451 return err;
2452}
2453
24b78d0f
JH		 2454static bool enable_service_cache(struct hci_dev *hdev)
2455{
2456 if (!hdev_is_powered(hdev))
2457 return false;
2458
2459 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2460 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2461 CACHE_TIMEOUT);
24b78d0f
JH		 2462 return true;
2463 }
2464
2465 return false;
2466}
2467
92da6097
JH		 2468static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2469{
2470 BT_DBG("status 0x%02x", status);
2471
2472 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2473}
2474
bdb6d971 2475static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2476 u16 len)
2aeb9a1a 2477{
650f726d 2478 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2479 struct pending_cmd *cmd;
056341c8 2480 struct bt_uuid *match, *tmp;
2aeb9a1a 2481 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2482 struct hci_request req;
2aeb9a1a
JH		 2483 int err, found;
2484
bdb6d971 2485 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2486
09fd0de5 2487 hci_dev_lock(hdev);
2aeb9a1a 2488
0cab9c80 2489 if (pending_eir_or_class(hdev)) {
bdb6d971 2490 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2491 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2492 goto unlock;
2493 }
2494
2aeb9a1a 2495 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2496 hci_uuids_clear(hdev);
4004b6d9 2497
24b78d0f 2498 if (enable_service_cache(hdev)) {
bdb6d971 2499 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2500 0, hdev->dev_class, 3);
24b78d0f
JH		 2501 goto unlock;
2502 }
4004b6d9 2503
9246a869 2504 goto update_class;
2aeb9a1a
JH		 2505 }
2506
2507 found = 0;
2508
056341c8 2509 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2510 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2511 continue;
2512
2513 list_del(&match->list);
482049f7 2514 kfree(match);
2aeb9a1a
JH		 2515 found++;
2516 }
2517
2518 if (found == 0) {
bdb6d971 2519 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2520 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2521 goto unlock;
2522 }
2523
9246a869 2524update_class:
890ea898 2525 hci_req_init(&req, hdev);
1aff6f09 2526
890ea898
JH		 2527 update_class(&req);
2528 update_eir(&req);
2529
92da6097
JH		 2530 err = hci_req_run(&req, remove_uuid_complete);
2531 if (err < 0) {
2532 if (err != -ENODATA)
2533 goto unlock;
80a1e1db 2534
bdb6d971 2535 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2536 hdev->dev_class, 3);
90e70454
JH		 2537 goto unlock;
2538 }
2539
2540 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2541 if (!cmd) {
90e70454 2542 err = -ENOMEM;
890ea898
JH		 2543 goto unlock;
2544 }
2545
2546 err = 0;
2aeb9a1a
JH		 2547
2548unlock:
09fd0de5 2549 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2550 return err;
2551}
2552
92da6097
JH		 2553static void set_class_complete(struct hci_dev *hdev, u8 status)
2554{
2555 BT_DBG("status 0x%02x", status);
2556
2557 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2558}
2559
bdb6d971 2560static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2561 u16 len)
1aff6f09 2562{
650f726d 2563 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2564 struct pending_cmd *cmd;
890ea898 2565 struct hci_request req;
1aff6f09
JH		 2566 int err;
2567
bdb6d971 2568 BT_DBG("request for %s", hdev->name);
1aff6f09 2569
6203fc98 2570 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2571 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2572 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2573
0cab9c80 2574 hci_dev_lock(hdev);
ee98f473 2575
0cab9c80
JH		 2576 if (pending_eir_or_class(hdev)) {
2577 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2578 MGMT_STATUS_BUSY);
2579 goto unlock;
2580 }
c95f0ba7 2581
0cab9c80
JH		 2582 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2583 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2584 MGMT_STATUS_INVALID_PARAMS);
2585 goto unlock;
2586 }
575b3a02 2587
932f5ff5
JH		 2588 hdev->major_class = cp->major;
2589 hdev->minor_class = cp->minor;
2590
b5235a65 2591 if (!hdev_is_powered(hdev)) {
bdb6d971 2592 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2593 hdev->dev_class, 3);
b5235a65
JH		 2594 goto unlock;
2595 }
2596
890ea898
JH		 2597 hci_req_init(&req, hdev);
2598
a8b2d5c2 2599 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2600 hci_dev_unlock(hdev);
2601 cancel_delayed_work_sync(&hdev->service_cache);
2602 hci_dev_lock(hdev);
890ea898 2603 update_eir(&req);
7d78525d 2604 }
14c0b608 2605
890ea898
JH		 2606 update_class(&req);
2607
92da6097
JH		 2608 err = hci_req_run(&req, set_class_complete);
2609 if (err < 0) {
2610 if (err != -ENODATA)
2611 goto unlock;
1aff6f09 2612
bdb6d971 2613 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2614 hdev->dev_class, 3);
90e70454
JH		 2615 goto unlock;
2616 }
2617
2618 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2619 if (!cmd) {
90e70454 2620 err = -ENOMEM;
890ea898
JH		 2621 goto unlock;
2622 }
2623
2624 err = 0;
1aff6f09 2625
b5235a65 2626unlock:
09fd0de5 2627 hci_dev_unlock(hdev);
1aff6f09
JH		 2628 return err;
2629}
2630
bdb6d971 2631static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2632 u16 len)
55ed8ca1 2633{
650f726d 2634 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2635 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2636 sizeof(struct mgmt_link_key_info));
4e51eae9 2637 u16 key_count, expected_len;
b1de97d8 2638 bool changed;
a492cd52 2639 int i;
55ed8ca1 2640
9060d5cf
MH		 2641 BT_DBG("request for %s", hdev->name);
2642
2643 if (!lmp_bredr_capable(hdev))
2644 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2645 MGMT_STATUS_NOT_SUPPORTED);
2646
1f350c87 2647 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2648 if (key_count > max_key_count) {
2649 BT_ERR("load_link_keys: too big key_count value %u",
2650 key_count);
2651 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2652 MGMT_STATUS_INVALID_PARAMS);
2653 }
55ed8ca1 2654
86742e1e
JH		 2655 expected_len = sizeof(*cp) + key_count *
2656 sizeof(struct mgmt_link_key_info);
a492cd52 2657 if (expected_len != len) {
86742e1e 2658 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2659 expected_len, len);
bdb6d971 2660 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2661 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2662 }
2663
4ae14301
JH		 2664 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2665 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2666 MGMT_STATUS_INVALID_PARAMS);
2667
bdb6d971 2668 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2669 key_count);
55ed8ca1 2670
4ee71b20
JH		 2671 for (i = 0; i < key_count; i++) {
2672 struct mgmt_link_key_info *key = &cp->keys[i];
2673
8e991132 2674 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2675 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2676 MGMT_STATUS_INVALID_PARAMS);
2677 }
2678
09fd0de5 2679 hci_dev_lock(hdev);
55ed8ca1
JH		 2680
2681 hci_link_keys_clear(hdev);
2682
55ed8ca1 2683 if (cp->debug_keys)
0663b297
JH		 2684 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2685 &hdev->dev_flags);
55ed8ca1 2686 else
0663b297
JH		 2687 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2688 &hdev->dev_flags);
b1de97d8
MH		 2689
2690 if (changed)
2691 new_settings(hdev, NULL);
55ed8ca1 2692
a492cd52 2693 for (i = 0; i < key_count; i++) {
86742e1e 2694 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2695
58e9293c
JH		 2696 /* Always ignore debug keys and require a new pairing if
2697 * the user wants to use them.
2698 */
2699 if (key->type == HCI_LK_DEBUG_COMBINATION)
2700 continue;
2701
7652ff6a
JH		 2702 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2703 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2704 }
2705
bdb6d971 2706 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2707
09fd0de5 2708 hci_dev_unlock(hdev);
55ed8ca1 2709
a492cd52 2710 return 0;
55ed8ca1
JH		 2711}
2712
b1078ad0 2713static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2714 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2715{
2716 struct mgmt_ev_device_unpaired ev;
2717
2718 bacpy(&ev.addr.bdaddr, bdaddr);
2719 ev.addr.type = addr_type;
2720
2721 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2722 skip_sk);
b1078ad0
JH		 2723}
2724
bdb6d971 2725static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2726 u16 len)
55ed8ca1 2727{
124f6e35
JH		 2728 struct mgmt_cp_unpair_device *cp = data;
2729 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2730 struct hci_cp_disconnect dc;
2731 struct pending_cmd *cmd;
55ed8ca1 2732 struct hci_conn *conn;
55ed8ca1
JH		 2733 int err;
2734
a8a1d19e 2735 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2736 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2737 rp.addr.type = cp->addr.type;
a8a1d19e 2738
4ee71b20
JH		 2739 if (!bdaddr_type_is_valid(cp->addr.type))
2740 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2741 MGMT_STATUS_INVALID_PARAMS,
2742 &rp, sizeof(rp));
2743
118da70b
JH		 2744 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2745 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2746 MGMT_STATUS_INVALID_PARAMS,
2747 &rp, sizeof(rp));
2748
4ee71b20
JH		 2749 hci_dev_lock(hdev);
2750
86a8cfc6 2751 if (!hdev_is_powered(hdev)) {
bdb6d971 2752 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2753 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2754 goto unlock;
2755 }
2756
e0b2b27e 2757 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2758 /* If disconnection is requested, then look up the
2759 * connection. If the remote device is connected, it
2760 * will be later used to terminate the link.
2761 *
2762 * Setting it to NULL explicitly will cause no
2763 * termination of the link.
2764 */
2765 if (cp->disconnect)
2766 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2767 &cp->addr.bdaddr);
2768 else
2769 conn = NULL;
2770
124f6e35 2771 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2772 } else {
2773 u8 addr_type;
2774
89cbb063
AA		 2775 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2776 &cp->addr.bdaddr);
2777 if (conn) {
2778 /* Defer clearing up the connection parameters
2779 * until closing to give a chance of keeping
2780 * them if a repairing happens.
2781 */
2782 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2783
2784 /* If disconnection is not requested, then
2785 * clear the connection variable so that the
2786 * link is not terminated.
2787 */
2788 if (!cp->disconnect)
2789 conn = NULL;
2790 }
2791
e0b2b27e
JH		 2792 if (cp->addr.type == BDADDR_LE_PUBLIC)
2793 addr_type = ADDR_LE_DEV_PUBLIC;
2794 else
2795 addr_type = ADDR_LE_DEV_RANDOM;
2796
a7ec7338
JH		 2797 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2798
e0b2b27e
JH		 2799 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2800 }
b0dbfb46 2801
55ed8ca1 2802 if (err < 0) {
bdb6d971 2803 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2804 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2805 goto unlock;
2806 }
2807
89cbb063
AA		 2808 /* If the connection variable is set, then termination of the
2809 * link is requested.
2810 */
a8a1d19e 2811 if (!conn) {
bdb6d971 2812 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2813 &rp, sizeof(rp));
b1078ad0 2814 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2815 goto unlock;
2816 }
55ed8ca1 2817
124f6e35 2818 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2819 sizeof(*cp));
a8a1d19e
JH		 2820 if (!cmd) {
2821 err = -ENOMEM;
2822 goto unlock;
55ed8ca1
JH		 2823 }
2824
d8b7b1e4
JH		 2825 cmd->cmd_complete = addr_cmd_complete;
2826
eb55ef07 2827 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2828 dc.reason = 0x13; /* Remote User Terminated Connection */
2829 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2830 if (err < 0)
2831 mgmt_pending_remove(cmd);
2832
55ed8ca1 2833unlock:
09fd0de5 2834 hci_dev_unlock(hdev);
55ed8ca1
JH		 2835 return err;
2836}
2837
bdb6d971 2838static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2839 u16 len)
8962ee74 2840{
650f726d 2841 struct mgmt_cp_disconnect *cp = data;
06a63b19 2842 struct mgmt_rp_disconnect rp;
366a0336 2843 struct pending_cmd *cmd;
8962ee74 2844 struct hci_conn *conn;
8962ee74
JH		 2845 int err;
2846
2847 BT_DBG("");
2848
06a63b19
JH		 2849 memset(&rp, 0, sizeof(rp));
2850 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2851 rp.addr.type = cp->addr.type;
2852
4ee71b20 2853 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2854 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2855 MGMT_STATUS_INVALID_PARAMS,
2856 &rp, sizeof(rp));
4ee71b20 2857
09fd0de5 2858 hci_dev_lock(hdev);
8962ee74
JH		 2859
2860 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2861 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2862 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2863 goto failed;
2864 }
2865
2e58ef3e 2866 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2867 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2868 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2869 goto failed;
2870 }
2871
591f47f3 2872 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2873 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2874 &cp->addr.bdaddr);
88c3df13
JH		 2875 else
2876 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2877
f960727e 2878 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2879 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2880 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2881 goto failed;
2882 }
2883
2e58ef3e 2884 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2885 if (!cmd) {
2886 err = -ENOMEM;
8962ee74 2887 goto failed;
366a0336 2888 }
8962ee74 2889
f5818c22
JH		 2890 cmd->cmd_complete = generic_cmd_complete;
2891
e3f2f92a 2892 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2893 if (err < 0)
a664b5bc 2894 mgmt_pending_remove(cmd);
8962ee74
JH		 2895
2896failed:
09fd0de5 2897 hci_dev_unlock(hdev);
8962ee74
JH		 2898 return err;
2899}
2900
57c1477c 2901static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2902{
2903 switch (link_type) {
2904 case LE_LINK:
48264f06
JH		 2905 switch (addr_type) {
2906 case ADDR_LE_DEV_PUBLIC:
591f47f3 2907 return BDADDR_LE_PUBLIC;
0ed09148 2908
48264f06 2909 default:
0ed09148 2910 /* Fallback to LE Random address type */
591f47f3 2911 return BDADDR_LE_RANDOM;
48264f06 2912 }
0ed09148 2913
4c659c39 2914 default:
0ed09148 2915 /* Fallback to BR/EDR type */
591f47f3 2916 return BDADDR_BREDR;
4c659c39
JH		 2917 }
2918}
2919
04124681
GP		 2920static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2921 u16 data_len)
2784eb41 2922{
2784eb41 2923 struct mgmt_rp_get_connections *rp;
8035ded4 2924 struct hci_conn *c;
a38528f1 2925 size_t rp_len;
60fc5fb6
JH		 2926 int err;
2927 u16 i;
2784eb41
JH		 2928
2929 BT_DBG("");
2930
09fd0de5 2931 hci_dev_lock(hdev);
2784eb41 2932
5f97c1df 2933 if (!hdev_is_powered(hdev)) {
bdb6d971 2934 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2935 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2936 goto unlock;
2937 }
2938
60fc5fb6 2939 i = 0;
b644ba33
JH		 2940 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2941 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2942 i++;
2784eb41
JH		 2943 }
2944
60fc5fb6 2945 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2946 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2947 if (!rp) {
2784eb41
JH		 2948 err = -ENOMEM;
2949 goto unlock;
2950 }
2951
2784eb41 2952 i = 0;
4c659c39 2953 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2954 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2955 continue;
4c659c39 2956 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2957 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2958 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2959 continue;
2960 i++;
2961 }
2962
eb55ef07 2963 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2964
4c659c39
JH		 2965 /* Recalculate length in case of filtered SCO connections, etc */
2966 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2967
bdb6d971 2968 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2969 rp_len);
2784eb41 2970
a38528f1 2971 kfree(rp);
5f97c1df
JH		 2972
2973unlock:
09fd0de5 2974 hci_dev_unlock(hdev);
2784eb41
JH		 2975 return err;
2976}
2977
bdb6d971 2978static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2979 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2980{
2981 struct pending_cmd *cmd;
2982 int err;
2983
2e58ef3e 2984 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2985 sizeof(*cp));
96d97a67
WR		 2986 if (!cmd)
2987 return -ENOMEM;
2988
d8457698 2989 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2990 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2991 if (err < 0)
2992 mgmt_pending_remove(cmd);
2993
2994 return err;
2995}
2996
bdb6d971 2997static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2998 u16 len)
980e1a53 2999{
96d97a67 3000 struct hci_conn *conn;
650f726d 3001 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3002 struct hci_cp_pin_code_reply reply;
366a0336 3003 struct pending_cmd *cmd;
980e1a53
JH		 3004 int err;
3005
3006 BT_DBG("");
3007
09fd0de5 3008 hci_dev_lock(hdev);
980e1a53 3009
4b34ee78 3010 if (!hdev_is_powered(hdev)) {
bdb6d971 3011 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3012 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3013 goto failed;
3014 }
3015
d8457698 3016 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3017 if (!conn) {
bdb6d971 3018 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3019 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3020 goto failed;
3021 }
3022
3023 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3024 struct mgmt_cp_pin_code_neg_reply ncp;
3025
3026 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3027
3028 BT_ERR("PIN code is not 16 bytes long");
3029
bdb6d971 3030 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3031 if (err >= 0)
bdb6d971 3032 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3033 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3034
3035 goto failed;
3036 }
3037
00abfe44 3038 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3039 if (!cmd) {
3040 err = -ENOMEM;
980e1a53 3041 goto failed;
366a0336 3042 }
980e1a53 3043
7776d1d8
JH		 3044 cmd->cmd_complete = addr_cmd_complete;
3045
d8457698 3046 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3047 reply.pin_len = cp->pin_len;
24718ca5 3048 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3049
3050 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3051 if (err < 0)
a664b5bc 3052 mgmt_pending_remove(cmd);
980e1a53
JH		 3053
3054failed:
09fd0de5 3055 hci_dev_unlock(hdev);
980e1a53
JH		 3056 return err;
3057}
3058
04124681
GP		 3059static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3060 u16 len)
17fa4b9d 3061{
650f726d 3062 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3063
3064 BT_DBG("");
3065
4ec86d4c
JH		 3066 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3067 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3068 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3069
09fd0de5 3070 hci_dev_lock(hdev);
17fa4b9d
JH		 3071
3072 hdev->io_capability = cp->io_capability;
3073
3074 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3075 hdev->io_capability);
17fa4b9d 3076
09fd0de5 3077 hci_dev_unlock(hdev);
17fa4b9d 3078
04124681
GP		 3079 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3080 0);
17fa4b9d
JH		 3081}
3082
6039aa73 3083static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3084{
3085 struct hci_dev *hdev = conn->hdev;
8035ded4 3086 struct pending_cmd *cmd;
e9a416b5 3087
2e58ef3e 3088 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3089 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3090 continue;
3091
e9a416b5
JH		 3092 if (cmd->user_data != conn)
3093 continue;
3094
3095 return cmd;
3096 }
3097
3098 return NULL;
3099}
3100
3101static void pairing_complete(struct pending_cmd *cmd, u8 status)
3102{
3103 struct mgmt_rp_pair_device rp;
3104 struct hci_conn *conn = cmd->user_data;
3105
61b1a7fb
JH		 3106 bacpy(&rp.addr.bdaddr, &conn->dst);
3107 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3108
aee9b218 3109 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3110 &rp, sizeof(rp));
e9a416b5
JH		 3111
3112 /* So we don't get further callbacks for this connection */
3113 conn->connect_cfm_cb = NULL;
3114 conn->security_cfm_cb = NULL;
3115 conn->disconn_cfm_cb = NULL;
3116
76a68ba0 3117 hci_conn_drop(conn);
89cbb063
AA		 3118
3119 /* The device is paired so there is no need to remove
3120 * its connection parameters anymore.
3121 */
3122 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3123
3124 hci_conn_put(conn);
e9a416b5
JH		 3125}
3126
f4a407be
JH		 3127void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3128{
3129 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3130 struct pending_cmd *cmd;
3131
3132 cmd = find_pairing(conn);
a511b35b 3133 if (cmd) {
04ab2749 3134 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3135 mgmt_pending_remove(cmd);
3136 }
f4a407be
JH		 3137}
3138
e9a416b5
JH		 3139static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3140{
3141 struct pending_cmd *cmd;
3142
3143 BT_DBG("status %u", status);
3144
3145 cmd = find_pairing(conn);
a511b35b 3146 if (!cmd) {
e9a416b5 3147 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3148 return;
3149 }
3150
3151 cmd->cmd_complete(cmd, mgmt_status(status));
3152 mgmt_pending_remove(cmd);
e9a416b5
JH		 3153}
3154
f4a407be 3155static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3156{
3157 struct pending_cmd *cmd;
3158
3159 BT_DBG("status %u", status);
3160
3161 if (!status)
3162 return;
3163
3164 cmd = find_pairing(conn);
a511b35b 3165 if (!cmd) {
4c47d739 3166 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3167 return;
3168 }
3169
3170 cmd->cmd_complete(cmd, mgmt_status(status));
3171 mgmt_pending_remove(cmd);
4c47d739
VA		 3172}
3173
bdb6d971 3174static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3175 u16 len)
e9a416b5 3176{
650f726d 3177 struct mgmt_cp_pair_device *cp = data;
1425acb7 3178 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3179 struct pending_cmd *cmd;
3180 u8 sec_level, auth_type;
3181 struct hci_conn *conn;
e9a416b5
JH		 3182 int err;
3183
3184 BT_DBG("");
3185
f950a30e
SJ		 3186 memset(&rp, 0, sizeof(rp));
3187 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3188 rp.addr.type = cp->addr.type;
3189
4ee71b20
JH		 3190 if (!bdaddr_type_is_valid(cp->addr.type))
3191 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3192 MGMT_STATUS_INVALID_PARAMS,
3193 &rp, sizeof(rp));
3194
4ec86d4c
JH		 3195 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3196 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3197 MGMT_STATUS_INVALID_PARAMS,
3198 &rp, sizeof(rp));
3199
09fd0de5 3200 hci_dev_lock(hdev);
e9a416b5 3201
5f97c1df 3202 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3203 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3204 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3205 goto unlock;
3206 }
3207
c908df36 3208 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3209 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3210
6f77d8c7 3211 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3212 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3213 auth_type);
6f77d8c7
AG		 3214 } else {
3215 u8 addr_type;
3216
3217 /* Convert from L2CAP channel address type to HCI address type
3218 */
3219 if (cp->addr.type == BDADDR_LE_PUBLIC)
3220 addr_type = ADDR_LE_DEV_PUBLIC;
3221 else
3222 addr_type = ADDR_LE_DEV_RANDOM;
3223
7c264b10
MH		 3224 /* When pairing a new device, it is expected to remember
3225 * this device for future connections. Adding the connection
3226 * parameter information ahead of time allows tracking
3227 * of the slave preferred values and will speed up any
3228 * further connection establishment.
3229 *
3230 * If connection parameters already exist, then they
3231 * will be kept and this function does nothing.
3232 */
3233 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3234
6f77d8c7 3235 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3236 sec_level, HCI_LE_CONN_TIMEOUT,
3237 HCI_ROLE_MASTER);
6f77d8c7 3238 }
7a512d01 3239
30e76272 3240 if (IS_ERR(conn)) {
489dc48e
AK		 3241 int status;
3242
3243 if (PTR_ERR(conn) == -EBUSY)
3244 status = MGMT_STATUS_BUSY;
3245 else
3246 status = MGMT_STATUS_CONNECT_FAILED;
3247
bdb6d971 3248 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3249 status, &rp,
04124681 3250 sizeof(rp));
e9a416b5
JH		 3251 goto unlock;
3252 }
3253
3254 if (conn->connect_cfm_cb) {
76a68ba0 3255 hci_conn_drop(conn);
bdb6d971 3256 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3257 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3258 goto unlock;
3259 }
3260
2e58ef3e 3261 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3262 if (!cmd) {
3263 err = -ENOMEM;
76a68ba0 3264 hci_conn_drop(conn);
e9a416b5
JH		 3265 goto unlock;
3266 }
3267
04ab2749
JH		 3268 cmd->cmd_complete = pairing_complete;
3269
7a512d01 3270 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3271 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3272 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3273 conn->security_cfm_cb = pairing_complete_cb;
3274 conn->disconn_cfm_cb = pairing_complete_cb;
3275 } else {
3276 conn->connect_cfm_cb = le_pairing_complete_cb;
3277 conn->security_cfm_cb = le_pairing_complete_cb;
3278 conn->disconn_cfm_cb = le_pairing_complete_cb;
3279 }
7a512d01 3280
e9a416b5 3281 conn->io_capability = cp->io_cap;
f8aaf9b6 3282 cmd->user_data = hci_conn_get(conn);
e9a416b5 3283
6f78fd4b 3284 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3285 hci_conn_security(conn, sec_level, auth_type, true)) {
3286 cmd->cmd_complete(cmd, 0);
3287 mgmt_pending_remove(cmd);
3288 }
e9a416b5
JH		 3289
3290 err = 0;
3291
3292unlock:
09fd0de5 3293 hci_dev_unlock(hdev);
e9a416b5
JH		 3294 return err;
3295}
3296
04124681
GP		 3297static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3298 u16 len)
28424707 3299{
0f4e68cf 3300 struct mgmt_addr_info *addr = data;
28424707
JH		 3301 struct pending_cmd *cmd;
3302 struct hci_conn *conn;
3303 int err;
3304
3305 BT_DBG("");
3306
28424707
JH		 3307 hci_dev_lock(hdev);
3308
5f97c1df 3309 if (!hdev_is_powered(hdev)) {
bdb6d971 3310 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3311 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3312 goto unlock;
3313 }
3314
28424707
JH		 3315 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3316 if (!cmd) {
bdb6d971 3317 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3318 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3319 goto unlock;
3320 }
3321
3322 conn = cmd->user_data;
3323
3324 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3325 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3326 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3327 goto unlock;
3328 }
3329
a511b35b
JH		 3330 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3331 mgmt_pending_remove(cmd);
28424707 3332
bdb6d971 3333 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3334 addr, sizeof(*addr));
28424707
JH		 3335unlock:
3336 hci_dev_unlock(hdev);
28424707
JH		 3337 return err;
3338}
3339
bdb6d971 3340static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3341 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3342 u16 hci_op, __le32 passkey)
a5c29683 3343{
a5c29683 3344 struct pending_cmd *cmd;
0df4c185 3345 struct hci_conn *conn;
a5c29683
JH		 3346 int err;
3347
09fd0de5 3348 hci_dev_lock(hdev);
08ba5382 3349
4b34ee78 3350 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3351 err = cmd_complete(sk, hdev->id, mgmt_op,
3352 MGMT_STATUS_NOT_POWERED, addr,
3353 sizeof(*addr));
0df4c185 3354 goto done;
a5c29683
JH		 3355 }
3356
1707c60e
JH		 3357 if (addr->type == BDADDR_BREDR)
3358 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3359 else
1707c60e 3360 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3361
3362 if (!conn) {
feb94d3d
JH		 3363 err = cmd_complete(sk, hdev->id, mgmt_op,
3364 MGMT_STATUS_NOT_CONNECTED, addr,
3365 sizeof(*addr));
272d90df
JH		 3366 goto done;
3367 }
47c15e2b 3368
1707c60e 3369 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3370 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3371 if (!err)
feb94d3d
JH		 3372 err = cmd_complete(sk, hdev->id, mgmt_op,
3373 MGMT_STATUS_SUCCESS, addr,
3374 sizeof(*addr));
5fe57d9e 3375 else
feb94d3d
JH		 3376 err = cmd_complete(sk, hdev->id, mgmt_op,
3377 MGMT_STATUS_FAILED, addr,
3378 sizeof(*addr));
47c15e2b 3379
47c15e2b
BG		 3380 goto done;
3381 }
3382
1707c60e 3383 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3384 if (!cmd) {
3385 err = -ENOMEM;
0df4c185 3386 goto done;
a5c29683
JH		 3387 }
3388
7776d1d8
JH		 3389 cmd->cmd_complete = addr_cmd_complete;
3390
0df4c185 3391 /* Continue with pairing via HCI */
604086b7
BG		 3392 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3393 struct hci_cp_user_passkey_reply cp;
3394
1707c60e 3395 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3396 cp.passkey = passkey;
3397 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3398 } else
1707c60e
JH		 3399 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3400 &addr->bdaddr);
604086b7 3401
a664b5bc
JH		 3402 if (err < 0)
3403 mgmt_pending_remove(cmd);
a5c29683 3404
0df4c185 3405done:
09fd0de5 3406 hci_dev_unlock(hdev);
a5c29683
JH		 3407 return err;
3408}
3409
afeb019d
JK		 3410static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3411 void *data, u16 len)
3412{
3413 struct mgmt_cp_pin_code_neg_reply *cp = data;
3414
3415 BT_DBG("");
3416
1707c60e 3417 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3418 MGMT_OP_PIN_CODE_NEG_REPLY,
3419 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3420}
3421
04124681
GP		 3422static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3423 u16 len)
0df4c185 3424{
650f726d 3425 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3426
3427 BT_DBG("");
3428
3429 if (len != sizeof(*cp))
bdb6d971 3430 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3431 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3432
1707c60e 3433 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3434 MGMT_OP_USER_CONFIRM_REPLY,
3435 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3436}
3437
bdb6d971 3438static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3439 void *data, u16 len)
0df4c185 3440{
c9c2659f 3441 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3442
3443 BT_DBG("");
3444
1707c60e 3445 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3446 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3447 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3448}
3449
04124681
GP		 3450static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3451 u16 len)
604086b7 3452{
650f726d 3453 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3454
3455 BT_DBG("");
3456
1707c60e 3457 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3458 MGMT_OP_USER_PASSKEY_REPLY,
3459 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3460}
3461
bdb6d971 3462static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3463 void *data, u16 len)
604086b7 3464{
650f726d 3465 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3466
3467 BT_DBG("");
3468
1707c60e 3469 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3470 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3471 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3472}
3473
13928971 3474static void update_name(struct hci_request *req)
2b4bf397 3475{
13928971 3476 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3477 struct hci_cp_write_local_name cp;
3478
13928971 3479 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3480
890ea898 3481 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3482}
3483
13928971
JH		 3484static void set_name_complete(struct hci_dev *hdev, u8 status)
3485{
3486 struct mgmt_cp_set_local_name *cp;
3487 struct pending_cmd *cmd;
3488
3489 BT_DBG("status 0x%02x", status);
3490
3491 hci_dev_lock(hdev);
3492
3493 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3494 if (!cmd)
3495 goto unlock;
3496
3497 cp = cmd->param;
3498
3499 if (status)
3500 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3501 mgmt_status(status));
3502 else
3503 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3504 cp, sizeof(*cp));
3505
3506 mgmt_pending_remove(cmd);
3507
3508unlock:
3509 hci_dev_unlock(hdev);
3510}
3511
bdb6d971 3512static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3513 u16 len)
b312b161 3514{
2b4bf397 3515 struct mgmt_cp_set_local_name *cp = data;
b312b161 3516 struct pending_cmd *cmd;
890ea898 3517 struct hci_request req;
b312b161
JH		 3518 int err;
3519
3520 BT_DBG("");
3521
09fd0de5 3522 hci_dev_lock(hdev);
b312b161 3523
b3f2ca94
JH		 3524 /* If the old values are the same as the new ones just return a
3525 * direct command complete event.
3526 */
3527 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3528 !memcmp(hdev->short_name, cp->short_name,
3529 sizeof(hdev->short_name))) {
3530 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3531 data, len);
3532 goto failed;
3533 }
3534
2b4bf397 3535 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3536
b5235a65 3537 if (!hdev_is_powered(hdev)) {
2b4bf397 3538 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3539
3540 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3541 data, len);
28cc7bde
JH		 3542 if (err < 0)
3543 goto failed;
3544
3545 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3546 sk);
28cc7bde 3547
b5235a65
JH		 3548 goto failed;
3549 }
3550
28cc7bde 3551 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3552 if (!cmd) {
3553 err = -ENOMEM;
3554 goto failed;
3555 }
3556
13928971
JH		 3557 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3558
890ea898 3559 hci_req_init(&req, hdev);
3f985050
JH		 3560
3561 if (lmp_bredr_capable(hdev)) {
3562 update_name(&req);
3563 update_eir(&req);
3564 }
3565
7a5f4990
MH		 3566 /* The name is stored in the scan response data and so
3567 * no need to udpate the advertising data here.
3568 */
3f985050 3569 if (lmp_le_capable(hdev))
7a5f4990 3570 update_scan_rsp_data(&req);
3f985050 3571
13928971 3572 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3573 if (err < 0)
3574 mgmt_pending_remove(cmd);
3575
3576failed:
09fd0de5 3577 hci_dev_unlock(hdev);
b312b161
JH		 3578 return err;
3579}
3580
0f4e68cf 3581static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3582 void *data, u16 data_len)
c35938b2 3583{
c35938b2
SJ		 3584 struct pending_cmd *cmd;
3585 int err;
3586
bdb6d971 3587 BT_DBG("%s", hdev->name);
c35938b2 3588
09fd0de5 3589 hci_dev_lock(hdev);
c35938b2 3590
4b34ee78 3591 if (!hdev_is_powered(hdev)) {
bdb6d971 3592 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3593 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3594 goto unlock;
3595 }
3596
9a1a1996 3597 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3598 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3599 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3600 goto unlock;
3601 }
3602
2e58ef3e 3603 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3604 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3605 MGMT_STATUS_BUSY);
c35938b2
SJ		 3606 goto unlock;
3607 }
3608
2e58ef3e 3609 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3610 if (!cmd) {
3611 err = -ENOMEM;
3612 goto unlock;
3613 }
3614
710f11c0 3615 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3616 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3617 0, NULL);
3618 else
3619 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3620
c35938b2
SJ		 3621 if (err < 0)
3622 mgmt_pending_remove(cmd);
3623
3624unlock:
09fd0de5 3625 hci_dev_unlock(hdev);
c35938b2
SJ		 3626 return err;
3627}
3628
bdb6d971 3629static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3630 void *data, u16 len)
2763eda6 3631{
2763eda6
SJ		 3632 int err;
3633
bdb6d971 3634 BT_DBG("%s ", hdev->name);
2763eda6 3635
09fd0de5 3636 hci_dev_lock(hdev);
2763eda6 3637
ec109113
MH		 3638 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3639 struct mgmt_cp_add_remote_oob_data *cp = data;
3640 u8 status;
bf1e3541 3641
c19a495c
JH		 3642 if (cp->addr.type != BDADDR_BREDR) {
3643 err = cmd_complete(sk, hdev->id,
3644 MGMT_OP_ADD_REMOTE_OOB_DATA,
3645 MGMT_STATUS_INVALID_PARAMS,
3646 &cp->addr, sizeof(cp->addr));
3647 goto unlock;
3648 }
3649
ec109113 3650 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3651 cp->addr.type, cp->hash,
3652 cp->rand, NULL, NULL);
ec109113
MH		 3653 if (err < 0)
3654 status = MGMT_STATUS_FAILED;
3655 else
3656 status = MGMT_STATUS_SUCCESS;
3657
3658 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3659 status, &cp->addr, sizeof(cp->addr));
3660 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3661 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
86df9200 3662 u8 *rand192, *hash192;
ec109113
MH		 3663 u8 status;
3664
c19a495c
JH		 3665 if (cp->addr.type != BDADDR_BREDR) {
3666 err = cmd_complete(sk, hdev->id,
3667 MGMT_OP_ADD_REMOTE_OOB_DATA,
3668 MGMT_STATUS_INVALID_PARAMS,
3669 &cp->addr, sizeof(cp->addr));
3670 goto unlock;
3671 }
3672
86df9200
JH		 3673 if (bdaddr_type_is_le(cp->addr.type)) {
3674 rand192 = NULL;
3675 hash192 = NULL;
3676 } else {
3677 rand192 = cp->rand192;
3678 hash192 = cp->hash192;
3679 }
3680
81328d5c 3681 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200
JH		 3682 cp->addr.type, hash192, rand192,
3683 cp->hash256, cp->rand256);
ec109113
MH		 3684 if (err < 0)
3685 status = MGMT_STATUS_FAILED;
3686 else
3687 status = MGMT_STATUS_SUCCESS;
3688
3689 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3690 status, &cp->addr, sizeof(cp->addr));
3691 } else {
3692 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3693 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3694 MGMT_STATUS_INVALID_PARAMS);
3695 }
2763eda6 3696
c19a495c 3697unlock:
09fd0de5 3698 hci_dev_unlock(hdev);
2763eda6
SJ		 3699 return err;
3700}
3701
bdb6d971 3702static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3703 void *data, u16 len)
2763eda6 3704{
650f726d 3705 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3706 u8 status;
2763eda6
SJ		 3707 int err;
3708
bdb6d971 3709 BT_DBG("%s", hdev->name);
2763eda6 3710
c19a495c
JH		 3711 if (cp->addr.type != BDADDR_BREDR)
3712 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3713 MGMT_STATUS_INVALID_PARAMS,
3714 &cp->addr, sizeof(cp->addr));
3715
09fd0de5 3716 hci_dev_lock(hdev);
2763eda6 3717
eedbd581
JH		 3718 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3719 hci_remote_oob_data_clear(hdev);
3720 status = MGMT_STATUS_SUCCESS;
3721 goto done;
3722 }
3723
6928a924 3724 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3725 if (err < 0)
bf1e3541 3726 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3727 else
a6785be2 3728 status = MGMT_STATUS_SUCCESS;
bf1e3541 3729
eedbd581 3730done:
bdb6d971 3731 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3732 status, &cp->addr, sizeof(cp->addr));
2763eda6 3733
09fd0de5 3734 hci_dev_unlock(hdev);
2763eda6
SJ		 3735 return err;
3736}
3737
8019044d 3738static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3739{
8019044d
MH		 3740 struct hci_dev *hdev = req->hdev;
3741 struct hci_cp_le_set_scan_param param_cp;
3742 struct hci_cp_le_set_scan_enable enable_cp;
3743 struct hci_cp_inquiry inq_cp;
3744 /* General inquiry access code (GIAC) */
3745 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3746 u8 own_addr_type;
41dc2bd6
AG		 3747 int err;
3748
8019044d
MH		 3749 switch (hdev->discovery.type) {
3750 case DISCOV_TYPE_BREDR:
3751 *status = mgmt_bredr_support(hdev);
3752 if (*status)
3753 return false;
41dc2bd6 3754
8019044d
MH		 3755 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3756 *status = MGMT_STATUS_BUSY;
3757 return false;
3758 }
41dc2bd6 3759
8019044d 3760 hci_inquiry_cache_flush(hdev);
41dc2bd6 3761
8019044d
MH		 3762 memset(&inq_cp, 0, sizeof(inq_cp));
3763 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3764 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3765 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3766 break;
41dc2bd6 3767
8019044d
MH		 3768 case DISCOV_TYPE_LE:
3769 case DISCOV_TYPE_INTERLEAVED:
3770 *status = mgmt_le_support(hdev);
3771 if (*status)
3772 return false;
3773
3774 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3775 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3776 *status = MGMT_STATUS_NOT_SUPPORTED;
3777 return false;
3778 }
3779
3780 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3781 /* Don't let discovery abort an outgoing
3782 * connection attempt that's using directed
3783 * advertising.
3784 */
3785 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3786 BT_CONNECT)) {
3787 *status = MGMT_STATUS_REJECTED;
3788 return false;
3789 }
3790
3791 disable_advertising(req);
3792 }
3793
3794 /* If controller is scanning, it means the background scanning
3795 * is running. Thus, we should temporarily stop it in order to
3796 * set the discovery scanning parameters.
3797 */
3798 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3799 hci_req_add_le_scan_disable(req);
3800
3801 memset(&param_cp, 0, sizeof(param_cp));
3802
3803 /* All active scans will be done with either a resolvable
3804 * private address (when privacy feature has been enabled)
9437d2ed 3805 * or non-resolvable private address.
8019044d
MH		 3806 */
3807 err = hci_update_random_address(req, true, &own_addr_type);
3808 if (err < 0) {
3809 *status = MGMT_STATUS_FAILED;
3810 return false;
3811 }
3812
3813 param_cp.type = LE_SCAN_ACTIVE;
3814 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3815 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3816 param_cp.own_address_type = own_addr_type;
3817 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3818 &param_cp);
3819
3820 memset(&enable_cp, 0, sizeof(enable_cp));
3821 enable_cp.enable = LE_SCAN_ENABLE;
3822 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3823 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3824 &enable_cp);
3825 break;
3826
3827 default:
3828 *status = MGMT_STATUS_INVALID_PARAMS;
3829 return false;
3830 }
3831
3832 return true;
41dc2bd6
AG		 3833}
3834
7c307720
AG		 3835static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3836{
41dc2bd6 3837 struct pending_cmd *cmd;
11e6e25d 3838 unsigned long timeout;
ae55f598 3839
7c307720
AG		 3840 BT_DBG("status %d", status);
3841
11e6e25d 3842 hci_dev_lock(hdev);
41dc2bd6 3843
11e6e25d 3844 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3845 if (!cmd)
3846 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3847
11e6e25d 3848 if (cmd) {
2922a94f 3849 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3850 mgmt_pending_remove(cmd);
3851 }
7c307720
AG		 3852
3853 if (status) {
11e6e25d
MH		 3854 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3855 goto unlock;
7c307720
AG		 3856 }
3857
7c307720 3858 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720
AG		 3859
3860 switch (hdev->discovery.type) {
3861 case DISCOV_TYPE_LE:
3d5a76f0 3862 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3863 break;
7c307720 3864 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3865 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3866 break;
7c307720 3867 case DISCOV_TYPE_BREDR:
11e6e25d 3868 timeout = 0;
7c307720 3869 break;
7c307720
AG		 3870 default:
3871 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3872 timeout = 0;
3873 break;
7c307720 3874 }
ae55f598 3875
11e6e25d
MH		 3876 if (timeout)
3877 queue_delayed_work(hdev->workqueue,
3878 &hdev->le_scan_disable, timeout);
ae55f598 3879
11e6e25d
MH		 3880unlock:
3881 hci_dev_unlock(hdev);
7c307720
AG		 3882}
3883
bdb6d971 3884static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3885 void *data, u16 len)
14a53664 3886{
650f726d 3887 struct mgmt_cp_start_discovery *cp = data;
14a53664 3888 struct pending_cmd *cmd;
7c307720 3889 struct hci_request req;
8019044d 3890 u8 status;
14a53664
JH		 3891 int err;
3892
bdb6d971 3893 BT_DBG("%s", hdev->name);
14a53664 3894
09fd0de5 3895 hci_dev_lock(hdev);
14a53664 3896
4b34ee78 3897 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3898 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3899 MGMT_STATUS_NOT_POWERED,
3900 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3901 goto failed;
3902 }
3903
f5a969f2
MH		 3904 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3905 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3906 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3907 MGMT_STATUS_BUSY, &cp->type,
3908 sizeof(cp->type));
642be6c7
AG		 3909 goto failed;
3910 }
3911
2922a94f 3912 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 3913 if (!cmd) {
3914 err = -ENOMEM;
3915 goto failed;
3916 }
3917
2922a94f
JH		 3918 cmd->cmd_complete = generic_cmd_complete;
3919
22078800
MH		 3920 /* Clear the discovery filter first to free any previously
3921 * allocated memory for the UUID list.
3922 */
3923 hci_discovery_filter_clear(hdev);
3924
4aab14e5 3925 hdev->discovery.type = cp->type;
da25cf6a 3926 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3927
7c307720
AG		 3928 hci_req_init(&req, hdev);
3929
8019044d 3930 if (!trigger_discovery(&req, &status)) {
a736abc1 3931 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
8019044d 3932 status, &cp->type, sizeof(cp->type));
04106755
JH		 3933 mgmt_pending_remove(cmd);
3934 goto failed;
f39799f5 3935 }
04106755 3936
7c307720 3937 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3938 if (err < 0) {
14a53664 3939 mgmt_pending_remove(cmd);
f5a969f2
MH		 3940 goto failed;
3941 }
7c307720 3942
f5a969f2 3943 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 3944
14a53664 3945failed:
09fd0de5 3946 hci_dev_unlock(hdev);
14a53664
JH		 3947 return err;
3948}
f39799f5 3949
2922a94f
JH		 3950static void service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
3951{
3952 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param, 1);
3953}
04106755 3954
66ea9427
JP		 3955static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3956 void *data, u16 len)
3957{
3958 struct mgmt_cp_start_service_discovery *cp = data;
3959 struct pending_cmd *cmd;
3960 struct hci_request req;
3961 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3962 u16 uuid_count, expected_len;
3963 u8 status;
3964 int err;
04106755 3965
66ea9427 3966 BT_DBG("%s", hdev->name);
e8bb6b97 3967
66ea9427 3968 hci_dev_lock(hdev);
7c307720 3969
66ea9427
JP		 3970 if (!hdev_is_powered(hdev)) {
3971 err = cmd_complete(sk, hdev->id,
3972 MGMT_OP_START_SERVICE_DISCOVERY,
3973 MGMT_STATUS_NOT_POWERED,
3974 &cp->type, sizeof(cp->type));
3975 goto failed;
3976 }
7c307720 3977
66ea9427
JP		 3978 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3979 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3980 err = cmd_complete(sk, hdev->id,
3981 MGMT_OP_START_SERVICE_DISCOVERY,
3982 MGMT_STATUS_BUSY, &cp->type,
3983 sizeof(cp->type));
3984 goto failed;
3985 }
d9483943 3986
66ea9427
JP		 3987 uuid_count = __le16_to_cpu(cp->uuid_count);
3988 if (uuid_count > max_uuid_count) {
3989 BT_ERR("service_discovery: too big uuid_count value %u",
3990 uuid_count);
3991 err = cmd_complete(sk, hdev->id,
3992 MGMT_OP_START_SERVICE_DISCOVERY,
3993 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3994 sizeof(cp->type));
3995 goto failed;
3996 }
3997
3998 expected_len = sizeof(*cp) + uuid_count * 16;
3999 if (expected_len != len) {
4000 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4001 expected_len, len);
4002 err = cmd_complete(sk, hdev->id,
4003 MGMT_OP_START_SERVICE_DISCOVERY,
4004 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4005 sizeof(cp->type));
4006 goto failed;
4007 }
4008
4009 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4010 hdev, data, len);
66ea9427
JP		 4011 if (!cmd) {
4012 err = -ENOMEM;
4013 goto failed;
4014 }
4015
2922a94f
JH		 4016 cmd->cmd_complete = service_discovery_cmd_complete;
4017
22078800
MH		 4018 /* Clear the discovery filter first to free any previously
4019 * allocated memory for the UUID list.
4020 */
4021 hci_discovery_filter_clear(hdev);
4022
66ea9427
JP		 4023 hdev->discovery.type = cp->type;
4024 hdev->discovery.rssi = cp->rssi;
4025 hdev->discovery.uuid_count = uuid_count;
4026
4027 if (uuid_count > 0) {
4028 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4029 GFP_KERNEL);
4030 if (!hdev->discovery.uuids) {
a736abc1 4031 err = cmd_complete(sk, hdev->id,
66ea9427 4032 MGMT_OP_START_SERVICE_DISCOVERY,
a736abc1
SJ		 4033 MGMT_STATUS_FAILED,
4034 &cp->type, sizeof(cp->type));
d9483943
JH		 4035 mgmt_pending_remove(cmd);
4036 goto failed;
4037 }
66ea9427 4038 }
d9483943 4039
66ea9427 4040 hci_req_init(&req, hdev);
5e0452c0 4041
66ea9427
JP		 4042 if (!trigger_discovery(&req, &status)) {
4043 err = cmd_complete(sk, hdev->id,
4044 MGMT_OP_START_SERVICE_DISCOVERY,
4045 status, &cp->type, sizeof(cp->type));
04106755
JH		 4046 mgmt_pending_remove(cmd);
4047 goto failed;
f39799f5 4048 }
3fd24153 4049
7c307720 4050 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4051 if (err < 0) {
14a53664 4052 mgmt_pending_remove(cmd);
66ea9427
JP		 4053 goto failed;
4054 }
4055
4056 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4057
4058failed:
09fd0de5 4059 hci_dev_unlock(hdev);
14a53664
JH		 4060 return err;
4061}
4062
11e6e25d 4063static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca
AG		 4064{
4065 struct pending_cmd *cmd;
1183fdca 4066
0e05bba6
AG		 4067 BT_DBG("status %d", status);
4068
4069 hci_dev_lock(hdev);
4070
11e6e25d
MH		 4071 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4072 if (cmd) {
2922a94f 4073 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4074 mgmt_pending_remove(cmd);
0e05bba6
AG		 4075 }
4076
11e6e25d
MH		 4077 if (!status)
4078 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4079
0e05bba6
AG		 4080 hci_dev_unlock(hdev);
4081}
4082
bdb6d971 4083static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4084 u16 len)
14a53664 4085{
d930650b 4086 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 4087 struct pending_cmd *cmd;
0e05bba6 4088 struct hci_request req;
14a53664
JH		 4089 int err;
4090
bdb6d971 4091 BT_DBG("%s", hdev->name);
14a53664 4092
09fd0de5 4093 hci_dev_lock(hdev);
14a53664 4094
30dc78e1 4095 if (!hci_discovery_active(hdev)) {
bdb6d971 4096 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4097 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4098 sizeof(mgmt_cp->type));
d930650b
JH		 4099 goto unlock;
4100 }
4101
4102 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 4103 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4104 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4105 sizeof(mgmt_cp->type));
30dc78e1 4106 goto unlock;
ff9ef578
JH		 4107 }
4108
2922a94f 4109 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4110 if (!cmd) {
4111 err = -ENOMEM;
30dc78e1
JH		 4112 goto unlock;
4113 }
4114
2922a94f
JH		 4115 cmd->cmd_complete = generic_cmd_complete;
4116
0e05bba6
AG		 4117 hci_req_init(&req, hdev);
4118
21a60d30 4119 hci_stop_discovery(&req);
e0d9727e 4120
21a60d30
JH		 4121 err = hci_req_run(&req, stop_discovery_complete);
4122 if (!err) {
4123 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4124 goto unlock;
14a53664
JH		 4125 }
4126
21a60d30
JH		 4127 mgmt_pending_remove(cmd);
4128
4129 /* If no HCI commands were sent we're done */
4130 if (err == -ENODATA) {
4131 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4132 &mgmt_cp->type, sizeof(mgmt_cp->type));
4133 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4134 }
14a53664 4135
30dc78e1 4136unlock:
09fd0de5 4137 hci_dev_unlock(hdev);
14a53664
JH		 4138 return err;
4139}
4140
bdb6d971 4141static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4142 u16 len)
561aafbc 4143{
650f726d 4144 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4145 struct inquiry_entry *e;
561aafbc
JH		 4146 int err;
4147
bdb6d971 4148 BT_DBG("%s", hdev->name);
561aafbc 4149
561aafbc
JH		 4150 hci_dev_lock(hdev);
4151
30dc78e1 4152 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4153 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4154 MGMT_STATUS_FAILED, &cp->addr,
4155 sizeof(cp->addr));
30dc78e1
JH		 4156 goto failed;
4157 }
4158
a198e7b1 4159 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4160 if (!e) {
d3a2541d
LR		 4161 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4162 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4163 sizeof(cp->addr));
561aafbc
JH		 4164 goto failed;
4165 }
4166
4167 if (cp->name_known) {
4168 e->name_state = NAME_KNOWN;
4169 list_del(&e->list);
4170 } else {
4171 e->name_state = NAME_NEEDED;
a3d4e20a 4172 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4173 }
4174
e384662b
JH		 4175 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4176 sizeof(cp->addr));
561aafbc
JH		 4177
4178failed:
4179 hci_dev_unlock(hdev);
561aafbc
JH		 4180 return err;
4181}
4182
bdb6d971 4183static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4184 u16 len)
7fbec224 4185{
650f726d 4186 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4187 u8 status;
7fbec224
AJ		 4188 int err;
4189
bdb6d971 4190 BT_DBG("%s", hdev->name);
7fbec224 4191
4ee71b20 4192 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4193 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4194 MGMT_STATUS_INVALID_PARAMS,
4195 &cp->addr, sizeof(cp->addr));
4ee71b20 4196
09fd0de5 4197 hci_dev_lock(hdev);
5e762444 4198
dcc36c16
JH		 4199 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4200 cp->addr.type);
2a8357f2 4201 if (err < 0) {
f0eeea8b 4202 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4203 goto done;
4204 }
4205
4206 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4207 sk);
4208 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4209
2a8357f2 4210done:
bdb6d971 4211 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4212 &cp->addr, sizeof(cp->addr));
5e762444 4213
09fd0de5 4214 hci_dev_unlock(hdev);
7fbec224
AJ		 4215
4216 return err;
4217}
4218
bdb6d971 4219static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4220 u16 len)
7fbec224 4221{
650f726d 4222 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4223 u8 status;
7fbec224
AJ		 4224 int err;
4225
bdb6d971 4226 BT_DBG("%s", hdev->name);
7fbec224 4227
4ee71b20 4228 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4229 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4230 MGMT_STATUS_INVALID_PARAMS,
4231 &cp->addr, sizeof(cp->addr));
4ee71b20 4232
09fd0de5 4233 hci_dev_lock(hdev);
5e762444 4234
dcc36c16
JH		 4235 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4236 cp->addr.type);
2a8357f2 4237 if (err < 0) {
f0eeea8b 4238 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4239 goto done;
4240 }
4241
4242 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4243 sk);
4244 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4245
2a8357f2 4246done:
bdb6d971 4247 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4248 &cp->addr, sizeof(cp->addr));
5e762444 4249
09fd0de5 4250 hci_dev_unlock(hdev);
7fbec224
AJ		 4251
4252 return err;
4253}
4254
cdbaccca
MH		 4255static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4256 u16 len)
4257{
4258 struct mgmt_cp_set_device_id *cp = data;
890ea898 4259 struct hci_request req;
cdbaccca 4260 int err;
c72d4b8a 4261 __u16 source;
cdbaccca
MH		 4262
4263 BT_DBG("%s", hdev->name);
4264
c72d4b8a
SJ		 4265 source = __le16_to_cpu(cp->source);
4266
4267 if (source > 0x0002)
4268 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4269 MGMT_STATUS_INVALID_PARAMS);
4270
cdbaccca
MH		 4271 hci_dev_lock(hdev);
4272
c72d4b8a 4273 hdev->devid_source = source;
cdbaccca
MH		 4274 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4275 hdev->devid_product = __le16_to_cpu(cp->product);
4276 hdev->devid_version = __le16_to_cpu(cp->version);
4277
4278 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4279
890ea898
JH		 4280 hci_req_init(&req, hdev);
4281 update_eir(&req);
4282 hci_req_run(&req, NULL);
cdbaccca
MH		 4283
4284 hci_dev_unlock(hdev);
4285
4286 return err;
4287}
4288
4375f103
JH		 4289static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4290{
4291 struct cmd_lookup match = { NULL, hdev };
4292
3ad67582
JK		 4293 hci_dev_lock(hdev);
4294
4375f103
JH		 4295 if (status) {
4296 u8 mgmt_err = mgmt_status(status);
4297
4298 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4299 cmd_status_rsp, &mgmt_err);
3ad67582 4300 goto unlock;
4375f103
JH		 4301 }
4302
c93bd150
JH		 4303 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4304 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4305 else
4306 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4307
4375f103
JH		 4308 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4309 &match);
4310
4311 new_settings(hdev, match.sk);
4312
4313 if (match.sk)
4314 sock_put(match.sk);
3ad67582
JK		 4315
4316unlock:
4317 hci_dev_unlock(hdev);
4375f103
JH		 4318}
4319
21b5187f
MH		 4320static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4321 u16 len)
4375f103
JH		 4322{
4323 struct mgmt_mode *cp = data;
4324 struct pending_cmd *cmd;
4325 struct hci_request req;
e6fe7986 4326 u8 val, enabled, status;
4375f103
JH		 4327 int err;
4328
4329 BT_DBG("request for %s", hdev->name);
4330
e6fe7986
JH		 4331 status = mgmt_le_support(hdev);
4332 if (status)
4375f103 4333 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4334 status);
4375f103
JH		 4335
4336 if (cp->val != 0x00 && cp->val != 0x01)
4337 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4338 MGMT_STATUS_INVALID_PARAMS);
4339
4340 hci_dev_lock(hdev);
4341
4342 val = !!cp->val;
f3d3444a 4343 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4344
f74ca9b8
JH		 4345 /* The following conditions are ones which mean that we should
4346 * not do any HCI communication but directly send a mgmt
4347 * response to user space (after toggling the flag if
4348 * necessary).
4349 */
4350 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4351 hci_conn_num(hdev, LE_LINK) > 0 ||
4352 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4353 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4354 bool changed = false;
4355
f3d3444a
JH		 4356 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4357 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4358 changed = true;
4359 }
4360
4361 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4362 if (err < 0)
4363 goto unlock;
4364
4365 if (changed)
4366 err = new_settings(hdev, sk);
4367
4368 goto unlock;
4369 }
4370
4371 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4372 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4373 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4374 MGMT_STATUS_BUSY);
4375 goto unlock;
4376 }
4377
4378 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4379 if (!cmd) {
4380 err = -ENOMEM;
4381 goto unlock;
4382 }
4383
4384 hci_req_init(&req, hdev);
4385
bba3aa55
MH		 4386 if (val)
4387 enable_advertising(&req);
4388 else
4389 disable_advertising(&req);
4375f103
JH		 4390
4391 err = hci_req_run(&req, set_advertising_complete);
4392 if (err < 0)
4393 mgmt_pending_remove(cmd);
4394
4395unlock:
4396 hci_dev_unlock(hdev);
4397 return err;
4398}
4399
d13eafce
MH		 4400static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4401 void *data, u16 len)
4402{
4403 struct mgmt_cp_set_static_address *cp = data;
4404 int err;
4405
4406 BT_DBG("%s", hdev->name);
4407
62af4443 4408 if (!lmp_le_capable(hdev))
d13eafce 4409 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4410 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4411
4412 if (hdev_is_powered(hdev))
4413 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4414 MGMT_STATUS_REJECTED);
4415
4416 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4417 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4418 return cmd_status(sk, hdev->id,
4419 MGMT_OP_SET_STATIC_ADDRESS,
4420 MGMT_STATUS_INVALID_PARAMS);
4421
4422 /* Two most significant bits shall be set */
4423 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4424 return cmd_status(sk, hdev->id,
4425 MGMT_OP_SET_STATIC_ADDRESS,
4426 MGMT_STATUS_INVALID_PARAMS);
4427 }
4428
4429 hci_dev_lock(hdev);
4430
4431 bacpy(&hdev->static_addr, &cp->bdaddr);
4432
4433 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4434
4435 hci_dev_unlock(hdev);
4436
4437 return err;
4438}
4439
14b49b9a
MH		 4440static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4441 void *data, u16 len)
4442{
4443 struct mgmt_cp_set_scan_params *cp = data;
4444 __u16 interval, window;
4445 int err;
4446
4447 BT_DBG("%s", hdev->name);
4448
4449 if (!lmp_le_capable(hdev))
4450 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4451 MGMT_STATUS_NOT_SUPPORTED);
4452
4453 interval = __le16_to_cpu(cp->interval);
4454
4455 if (interval < 0x0004 || interval > 0x4000)
4456 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4457 MGMT_STATUS_INVALID_PARAMS);
4458
4459 window = __le16_to_cpu(cp->window);
4460
4461 if (window < 0x0004 || window > 0x4000)
4462 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4463 MGMT_STATUS_INVALID_PARAMS);
4464
899e1075
MH		 4465 if (window > interval)
4466 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4467 MGMT_STATUS_INVALID_PARAMS);
4468
14b49b9a
MH		 4469 hci_dev_lock(hdev);
4470
4471 hdev->le_scan_interval = interval;
4472 hdev->le_scan_window = window;
4473
4474 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4475
dd2ef8e2
AG		 4476 /* If background scan is running, restart it so new parameters are
4477 * loaded.
4478 */
4479 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4480 hdev->discovery.state == DISCOVERY_STOPPED) {
4481 struct hci_request req;
4482
4483 hci_req_init(&req, hdev);
4484
4485 hci_req_add_le_scan_disable(&req);
4486 hci_req_add_le_passive_scan(&req);
4487
4488 hci_req_run(&req, NULL);
4489 }
4490
14b49b9a
MH		 4491 hci_dev_unlock(hdev);
4492
4493 return err;
4494}
4495
33e38b3e
JH		 4496static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4497{
4498 struct pending_cmd *cmd;
4499
4500 BT_DBG("status 0x%02x", status);
4501
4502 hci_dev_lock(hdev);
4503
4504 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4505 if (!cmd)
4506 goto unlock;
4507
4508 if (status) {
4509 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4510 mgmt_status(status));
4511 } else {
1a4d3c4b
JH		 4512 struct mgmt_mode *cp = cmd->param;
4513
4514 if (cp->val)
4515 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4516 else
4517 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4518
33e38b3e
JH		 4519 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4520 new_settings(hdev, cmd->sk);
4521 }
4522
4523 mgmt_pending_remove(cmd);
4524
4525unlock:
4526 hci_dev_unlock(hdev);
4527}
4528
bdb6d971 4529static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4530 void *data, u16 len)
f6422ec6 4531{
650f726d 4532 struct mgmt_mode *cp = data;
33e38b3e
JH		 4533 struct pending_cmd *cmd;
4534 struct hci_request req;
f6422ec6
AJ		 4535 int err;
4536
bdb6d971 4537 BT_DBG("%s", hdev->name);
f6422ec6 4538
56f87901
JH		 4539 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4540 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4541 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4542 MGMT_STATUS_NOT_SUPPORTED);
4543
a7e80f25
JH		 4544 if (cp->val != 0x00 && cp->val != 0x01)
4545 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4546 MGMT_STATUS_INVALID_PARAMS);
4547
5400c044 4548 if (!hdev_is_powered(hdev))
bdb6d971 4549 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4550 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4551
4552 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4553 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4554 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4555
4556 hci_dev_lock(hdev);
4557
05cbf29f
JH		 4558 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4559 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4560 MGMT_STATUS_BUSY);
4561 goto unlock;
4562 }
4563
1a4d3c4b
JH		 4564 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4565 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4566 hdev);
4567 goto unlock;
4568 }
4569
33e38b3e
JH		 4570 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4571 data, len);
4572 if (!cmd) {
4573 err = -ENOMEM;
4574 goto unlock;
f6422ec6
AJ		 4575 }
4576
33e38b3e
JH		 4577 hci_req_init(&req, hdev);
4578
406d7804 4579 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4580
4581 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4582 if (err < 0) {
bdb6d971 4583 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4584 MGMT_STATUS_FAILED);
33e38b3e 4585 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4586 }
4587
33e38b3e 4588unlock:
f6422ec6 4589 hci_dev_unlock(hdev);
33e38b3e 4590
f6422ec6
AJ		 4591 return err;
4592}
4593
0663ca2a
JH		 4594static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4595{
4596 struct pending_cmd *cmd;
4597
4598 BT_DBG("status 0x%02x", status);
4599
4600 hci_dev_lock(hdev);
4601
4602 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4603 if (!cmd)
4604 goto unlock;
4605
4606 if (status) {
4607 u8 mgmt_err = mgmt_status(status);
4608
4609 /* We need to restore the flag if related HCI commands
4610 * failed.
4611 */
4612 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4613
4614 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4615 } else {
4616 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4617 new_settings(hdev, cmd->sk);
4618 }
4619
4620 mgmt_pending_remove(cmd);
4621
4622unlock:
4623 hci_dev_unlock(hdev);
4624}
4625
4626static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4627{
4628 struct mgmt_mode *cp = data;
4629 struct pending_cmd *cmd;
4630 struct hci_request req;
4631 int err;
4632
4633 BT_DBG("request for %s", hdev->name);
4634
4635 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4636 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4637 MGMT_STATUS_NOT_SUPPORTED);
4638
4639 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4640 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4641 MGMT_STATUS_REJECTED);
4642
4643 if (cp->val != 0x00 && cp->val != 0x01)
4644 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4645 MGMT_STATUS_INVALID_PARAMS);
4646
4647 hci_dev_lock(hdev);
4648
4649 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4650 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4651 goto unlock;
4652 }
4653
4654 if (!hdev_is_powered(hdev)) {
4655 if (!cp->val) {
0663ca2a
JH		 4656 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4657 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4658 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4659 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4660 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4661 }
4662
4663 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4664
4665 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4666 if (err < 0)
4667 goto unlock;
4668
4669 err = new_settings(hdev, sk);
4670 goto unlock;
4671 }
4672
4673 /* Reject disabling when powered on */
4674 if (!cp->val) {
4675 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4676 MGMT_STATUS_REJECTED);
4677 goto unlock;
4678 }
4679
4680 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4681 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4682 MGMT_STATUS_BUSY);
4683 goto unlock;
4684 }
4685
4686 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4687 if (!cmd) {
4688 err = -ENOMEM;
4689 goto unlock;
4690 }
4691
5947f4bc 4692 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4693 * generates the correct flags.
4694 */
4695 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4696
4697 hci_req_init(&req, hdev);
aa8af46e 4698
432df05e
JH		 4699 write_fast_connectable(&req, false);
4700 hci_update_page_scan(hdev, &req);
aa8af46e 4701
f14d8f64
MH		 4702 /* Since only the advertising data flags will change, there
4703 * is no need to update the scan response data.
4704 */
5947f4bc 4705 update_adv_data(&req);
aa8af46e 4706
0663ca2a
JH		 4707 err = hci_req_run(&req, set_bredr_complete);
4708 if (err < 0)
4709 mgmt_pending_remove(cmd);
4710
4711unlock:
4712 hci_dev_unlock(hdev);
4713 return err;
4714}
4715
eac83dc6
MH		 4716static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4717 void *data, u16 len)
4718{
4719 struct mgmt_mode *cp = data;
4720 struct pending_cmd *cmd;
a3209694 4721 u8 val;
eac83dc6
MH		 4722 int err;
4723
4724 BT_DBG("request for %s", hdev->name);
4725
a3209694
JH		 4726 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4727 !lmp_sc_capable(hdev) && !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4728 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4729 MGMT_STATUS_NOT_SUPPORTED);
4730
0ab04a9c 4731 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4732 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4733 MGMT_STATUS_INVALID_PARAMS);
4734
4735 hci_dev_lock(hdev);
4736
a3209694
JH		 4737 if (!hdev_is_powered(hdev) ||
4738 (!lmp_sc_capable(hdev) &&
4739 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) ||
4740 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4741 bool changed;
4742
0ab04a9c 4743 if (cp->val) {
eac83dc6
MH		 4744 changed = !test_and_set_bit(HCI_SC_ENABLED,
4745 &hdev->dev_flags);
0ab04a9c
MH		 4746 if (cp->val == 0x02)
4747 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4748 else
4749 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4750 } else {
eac83dc6
MH		 4751 changed = test_and_clear_bit(HCI_SC_ENABLED,
4752 &hdev->dev_flags);
0ab04a9c
MH		 4753 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4754 }
eac83dc6
MH		 4755
4756 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4757 if (err < 0)
4758 goto failed;
4759
4760 if (changed)
4761 err = new_settings(hdev, sk);
4762
4763 goto failed;
4764 }
4765
4766 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4767 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4768 MGMT_STATUS_BUSY);
4769 goto failed;
4770 }
4771
0ab04a9c
MH		 4772 val = !!cp->val;
4773
4774 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4775 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4776 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4777 goto failed;
4778 }
4779
4780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4781 if (!cmd) {
4782 err = -ENOMEM;
4783 goto failed;
4784 }
4785
0ab04a9c 4786 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4787 if (err < 0) {
4788 mgmt_pending_remove(cmd);
4789 goto failed;
4790 }
4791
0ab04a9c
MH		 4792 if (cp->val == 0x02)
4793 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4794 else
4795 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4796
eac83dc6
MH		 4797failed:
4798 hci_dev_unlock(hdev);
4799 return err;
4800}
4801
4e39ac81
MH		 4802static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4803 void *data, u16 len)
4804{
4805 struct mgmt_mode *cp = data;
b9710979 4806 bool changed, use_changed;
4e39ac81
MH		 4807 int err;
4808
4809 BT_DBG("request for %s", hdev->name);
4810
b9710979 4811 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4812 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4813 MGMT_STATUS_INVALID_PARAMS);
4814
4815 hci_dev_lock(hdev);
4816
4817 if (cp->val)
0663b297
JH		 4818 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4819 &hdev->dev_flags);
4e39ac81 4820 else
0663b297
JH		 4821 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4822 &hdev->dev_flags);
4e39ac81 4823
b9710979
JH		 4824 if (cp->val == 0x02)
4825 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4826 &hdev->dev_flags);
4827 else
4828 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4829 &hdev->dev_flags);
4830
4831 if (hdev_is_powered(hdev) && use_changed &&
4832 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4833 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4834 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4835 sizeof(mode), &mode);
4836 }
4837
4e39ac81
MH		 4838 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4839 if (err < 0)
4840 goto unlock;
4841
4842 if (changed)
4843 err = new_settings(hdev, sk);
4844
4845unlock:
4846 hci_dev_unlock(hdev);
4847 return err;
4848}
4849
62b04cd1
JH		 4850static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4851 u16 len)
4852{
4853 struct mgmt_cp_set_privacy *cp = cp_data;
4854 bool changed;
4855 int err;
4856
4857 BT_DBG("request for %s", hdev->name);
4858
4859 if (!lmp_le_capable(hdev))
4860 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4861 MGMT_STATUS_NOT_SUPPORTED);
4862
4863 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4864 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4865 MGMT_STATUS_INVALID_PARAMS);
4866
4867 if (hdev_is_powered(hdev))
4868 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4869 MGMT_STATUS_REJECTED);
4870
4871 hci_dev_lock(hdev);
4872
c21c0ea0
JH		 4873 /* If user space supports this command it is also expected to
4874 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4875 */
4876 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4877
62b04cd1
JH		 4878 if (cp->privacy) {
4879 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4880 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4881 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4882 } else {
4883 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4884 memset(hdev->irk, 0, sizeof(hdev->irk));
4885 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4886 }
4887
4888 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4889 if (err < 0)
4890 goto unlock;
4891
4892 if (changed)
4893 err = new_settings(hdev, sk);
4894
4895unlock:
4896 hci_dev_unlock(hdev);
4897 return err;
4898}
4899
41edf160
JH		 4900static bool irk_is_valid(struct mgmt_irk_info *irk)
4901{
4902 switch (irk->addr.type) {
4903 case BDADDR_LE_PUBLIC:
4904 return true;
4905
4906 case BDADDR_LE_RANDOM:
4907 /* Two most significant bits shall be set */
4908 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4909 return false;
4910 return true;
4911 }
4912
4913 return false;
4914}
4915
4916static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4917 u16 len)
4918{
4919 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4920 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4921 sizeof(struct mgmt_irk_info));
41edf160
JH		 4922 u16 irk_count, expected_len;
4923 int i, err;
4924
4925 BT_DBG("request for %s", hdev->name);
4926
4927 if (!lmp_le_capable(hdev))
4928 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4929 MGMT_STATUS_NOT_SUPPORTED);
4930
4931 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4932 if (irk_count > max_irk_count) {
4933 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4934 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4935 MGMT_STATUS_INVALID_PARAMS);
4936 }
41edf160
JH		 4937
4938 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4939 if (expected_len != len) {
4940 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4941 expected_len, len);
41edf160
JH		 4942 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4943 MGMT_STATUS_INVALID_PARAMS);
4944 }
4945
4946 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4947
4948 for (i = 0; i < irk_count; i++) {
4949 struct mgmt_irk_info *key = &cp->irks[i];
4950
4951 if (!irk_is_valid(key))
4952 return cmd_status(sk, hdev->id,
4953 MGMT_OP_LOAD_IRKS,
4954 MGMT_STATUS_INVALID_PARAMS);
4955 }
4956
4957 hci_dev_lock(hdev);
4958
4959 hci_smp_irks_clear(hdev);
4960
4961 for (i = 0; i < irk_count; i++) {
4962 struct mgmt_irk_info *irk = &cp->irks[i];
4963 u8 addr_type;
4964
4965 if (irk->addr.type == BDADDR_LE_PUBLIC)
4966 addr_type = ADDR_LE_DEV_PUBLIC;
4967 else
4968 addr_type = ADDR_LE_DEV_RANDOM;
4969
4970 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4971 BDADDR_ANY);
4972 }
4973
4974 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4975
4976 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4977
4978 hci_dev_unlock(hdev);
4979
4980 return err;
4981}
4982
3f706b72
JH		 4983static bool ltk_is_valid(struct mgmt_ltk_info *key)
4984{
4985 if (key->master != 0x00 && key->master != 0x01)
4986 return false;
490cb0b3
MH		 4987
4988 switch (key->addr.type) {
4989 case BDADDR_LE_PUBLIC:
4990 return true;
4991
4992 case BDADDR_LE_RANDOM:
4993 /* Two most significant bits shall be set */
4994 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4995 return false;
4996 return true;
4997 }
4998
4999 return false;
3f706b72
JH		 5000}
5001
bdb6d971 5002static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5003 void *cp_data, u16 len)
346af67b 5004{
346af67b 5005 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5006 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5007 sizeof(struct mgmt_ltk_info));
346af67b 5008 u16 key_count, expected_len;
715a5bf2 5009 int i, err;
346af67b 5010
cf99ba13
MH		 5011 BT_DBG("request for %s", hdev->name);
5012
5013 if (!lmp_le_capable(hdev))
5014 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5015 MGMT_STATUS_NOT_SUPPORTED);
5016
1f350c87 5017 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5018 if (key_count > max_key_count) {
5019 BT_ERR("load_ltks: too big key_count value %u", key_count);
5020 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5021 MGMT_STATUS_INVALID_PARAMS);
5022 }
346af67b
VCG		 5023
5024 expected_len = sizeof(*cp) + key_count *
5025 sizeof(struct mgmt_ltk_info);
5026 if (expected_len != len) {
5027 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5028 expected_len, len);
bdb6d971 5029 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 5030 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5031 }
5032
bdb6d971 5033 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5034
54ad6d8a
JH		 5035 for (i = 0; i < key_count; i++) {
5036 struct mgmt_ltk_info *key = &cp->keys[i];
5037
3f706b72 5038 if (!ltk_is_valid(key))
54ad6d8a
JH		 5039 return cmd_status(sk, hdev->id,
5040 MGMT_OP_LOAD_LONG_TERM_KEYS,
5041 MGMT_STATUS_INVALID_PARAMS);
5042 }
5043
346af67b
VCG		 5044 hci_dev_lock(hdev);
5045
5046 hci_smp_ltks_clear(hdev);
5047
5048 for (i = 0; i < key_count; i++) {
5049 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5050 u8 type, addr_type, authenticated;
79d95a19
MH		 5051
5052 if (key->addr.type == BDADDR_LE_PUBLIC)
5053 addr_type = ADDR_LE_DEV_PUBLIC;
5054 else
5055 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5056
61b43357
JH		 5057 switch (key->type) {
5058 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5059 authenticated = 0x00;
23fb8de3 5060 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5061 break;
5062 case MGMT_LTK_AUTHENTICATED:
d7b25450 5063 authenticated = 0x01;
23fb8de3
JH		 5064 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5065 break;
5066 case MGMT_LTK_P256_UNAUTH:
5067 authenticated = 0x00;
5068 type = SMP_LTK_P256;
61b43357 5069 break;
23fb8de3
JH		 5070 case MGMT_LTK_P256_AUTH:
5071 authenticated = 0x01;
5072 type = SMP_LTK_P256;
61b43357 5073 break;
23fb8de3
JH		 5074 case MGMT_LTK_P256_DEBUG:
5075 authenticated = 0x00;
5076 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5077 default:
5078 continue;
5079 }
d7b25450 5080
35d70271 5081 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5082 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5083 key->rand);
346af67b
VCG		 5084 }
5085
715a5bf2
JH		 5086 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5087 NULL, 0);
5088
346af67b 5089 hci_dev_unlock(hdev);
346af67b 5090
715a5bf2 5091 return err;
346af67b
VCG		 5092}
5093
9981bdb0 5094static void conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
dd983808 5095{
dd983808 5096 struct hci_conn *conn = cmd->user_data;
9981bdb0 5097 struct mgmt_rp_get_conn_info rp;
dd983808 5098
9981bdb0 5099 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5100
9981bdb0 5101 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5102 rp.rssi = conn->rssi;
9981bdb0
JH		 5103 rp.tx_power = conn->tx_power;
5104 rp.max_tx_power = conn->max_tx_power;
5105 } else {
5106 rp.rssi = HCI_RSSI_INVALID;
5107 rp.tx_power = HCI_TX_POWER_INVALID;
5108 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5109 }
5110
9981bdb0
JH		 5111 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5112 &rp, sizeof(rp));
dd983808
AK		 5113
5114 hci_conn_drop(conn);
f8aaf9b6 5115 hci_conn_put(conn);
dd983808
AK		 5116}
5117
9981bdb0 5118static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status)
dd983808
AK		 5119{
5120 struct hci_cp_read_rssi *cp;
9981bdb0 5121 struct pending_cmd *cmd;
dd983808 5122 struct hci_conn *conn;
dd983808 5123 u16 handle;
9981bdb0 5124 u8 status;
dd983808 5125
9981bdb0 5126 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5127
5128 hci_dev_lock(hdev);
5129
dd983808
AK		 5130 /* Commands sent in request are either Read RSSI or Read Transmit Power
5131 * Level so we check which one was last sent to retrieve connection
5132 * handle. Both commands have handle as first parameter so it's safe to
5133 * cast data on the same command struct.
5134 *
5135 * First command sent is always Read RSSI and we fail only if it fails.
5136 * In other case we simply override error to indicate success as we
5137 * already remembered if TX power value is actually valid.
5138 */
5139 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5140 if (!cp) {
5141 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5142 status = MGMT_STATUS_SUCCESS;
5143 } else {
5144 status = mgmt_status(hci_status);
dd983808
AK		 5145 }
5146
5147 if (!cp) {
9981bdb0 5148 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5149 goto unlock;
5150 }
5151
5152 handle = __le16_to_cpu(cp->handle);
5153 conn = hci_conn_hash_lookup_handle(hdev, handle);
5154 if (!conn) {
9981bdb0 5155 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5156 goto unlock;
5157 }
5158
9981bdb0
JH		 5159 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5160 if (!cmd)
5161 goto unlock;
dd983808 5162
9981bdb0
JH		 5163 cmd->cmd_complete(cmd, status);
5164 mgmt_pending_remove(cmd);
dd983808
AK		 5165
5166unlock:
5167 hci_dev_unlock(hdev);
5168}
5169
5170static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5171 u16 len)
5172{
5173 struct mgmt_cp_get_conn_info *cp = data;
5174 struct mgmt_rp_get_conn_info rp;
5175 struct hci_conn *conn;
5176 unsigned long conn_info_age;
5177 int err = 0;
5178
5179 BT_DBG("%s", hdev->name);
5180
5181 memset(&rp, 0, sizeof(rp));
5182 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5183 rp.addr.type = cp->addr.type;
5184
5185 if (!bdaddr_type_is_valid(cp->addr.type))
5186 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5187 MGMT_STATUS_INVALID_PARAMS,
5188 &rp, sizeof(rp));
5189
5190 hci_dev_lock(hdev);
5191
5192 if (!hdev_is_powered(hdev)) {
5193 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5194 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5195 goto unlock;
5196 }
5197
5198 if (cp->addr.type == BDADDR_BREDR)
5199 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5200 &cp->addr.bdaddr);
5201 else
5202 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5203
5204 if (!conn || conn->state != BT_CONNECTED) {
5205 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5206 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5207 goto unlock;
5208 }
5209
9981bdb0
JH		 5210 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5211 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5212 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5213 goto unlock;
5214 }
5215
dd983808
AK		 5216 /* To avoid client trying to guess when to poll again for information we
5217 * calculate conn info age as random value between min/max set in hdev.
5218 */
5219 conn_info_age = hdev->conn_info_min_age +
5220 prandom_u32_max(hdev->conn_info_max_age -
5221 hdev->conn_info_min_age);
5222
5223 /* Query controller to refresh cached values if they are too old or were
5224 * never read.
5225 */
f4e2dd53
AK		 5226 if (time_after(jiffies, conn->conn_info_timestamp +
5227 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5228 !conn->conn_info_timestamp) {
5229 struct hci_request req;
5230 struct hci_cp_read_tx_power req_txp_cp;
5231 struct hci_cp_read_rssi req_rssi_cp;
5232 struct pending_cmd *cmd;
5233
5234 hci_req_init(&req, hdev);
5235 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5236 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5237 &req_rssi_cp);
5238
f7faab0c
AK		 5239 /* For LE links TX power does not change thus we don't need to
5240 * query for it once value is known.
5241 */
5242 if (!bdaddr_type_is_le(cp->addr.type) ||
5243 conn->tx_power == HCI_TX_POWER_INVALID) {
5244 req_txp_cp.handle = cpu_to_le16(conn->handle);
5245 req_txp_cp.type = 0x00;
5246 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5247 sizeof(req_txp_cp), &req_txp_cp);
5248 }
dd983808 5249
eed5daf3
AK		 5250 /* Max TX power needs to be read only once per connection */
5251 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5252 req_txp_cp.handle = cpu_to_le16(conn->handle);
5253 req_txp_cp.type = 0x01;
5254 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5255 sizeof(req_txp_cp), &req_txp_cp);
5256 }
5257
dd983808
AK		 5258 err = hci_req_run(&req, conn_info_refresh_complete);
5259 if (err < 0)
5260 goto unlock;
5261
5262 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5263 data, len);
5264 if (!cmd) {
5265 err = -ENOMEM;
5266 goto unlock;
5267 }
5268
5269 hci_conn_hold(conn);
f8aaf9b6 5270 cmd->user_data = hci_conn_get(conn);
9981bdb0 5271 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5272
5273 conn->conn_info_timestamp = jiffies;
5274 } else {
5275 /* Cache is valid, just reply with values cached in hci_conn */
5276 rp.rssi = conn->rssi;
5277 rp.tx_power = conn->tx_power;
eed5daf3 5278 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5279
5280 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5281 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5282 }
5283
5284unlock:
5285 hci_dev_unlock(hdev);
5286 return err;
5287}
5288
69487371 5289static void clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
95868426 5290{
69487371 5291 struct hci_conn *conn = cmd->user_data;
95868426 5292 struct mgmt_rp_get_clock_info rp;
69487371
JH		 5293 struct hci_dev *hdev;
5294
5295 memset(&rp, 0, sizeof(rp));
5296 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5297
5298 if (status)
5299 goto complete;
5300
5301 hdev = hci_dev_get(cmd->index);
5302 if (hdev) {
5303 rp.local_clock = cpu_to_le32(hdev->clock);
5304 hci_dev_put(hdev);
5305 }
5306
5307 if (conn) {
5308 rp.piconet_clock = cpu_to_le32(conn->clock);
5309 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5310 }
5311
5312complete:
5313 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, sizeof(rp));
5314
5315 if (conn) {
5316 hci_conn_drop(conn);
5317 hci_conn_put(conn);
5318 }
5319}
5320
5321static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5322{
95868426
JH		 5323 struct hci_cp_read_clock *hci_cp;
5324 struct pending_cmd *cmd;
5325 struct hci_conn *conn;
5326
5327 BT_DBG("%s status %u", hdev->name, status);
5328
5329 hci_dev_lock(hdev);
5330
5331 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5332 if (!hci_cp)
5333 goto unlock;
5334
5335 if (hci_cp->which) {
5336 u16 handle = __le16_to_cpu(hci_cp->handle);
5337 conn = hci_conn_hash_lookup_handle(hdev, handle);
5338 } else {
5339 conn = NULL;
5340 }
5341
5342 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5343 if (!cmd)
5344 goto unlock;
5345
69487371 5346 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5347 mgmt_pending_remove(cmd);
95868426
JH		 5348
5349unlock:
5350 hci_dev_unlock(hdev);
5351}
5352
5353static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5354 u16 len)
5355{
5356 struct mgmt_cp_get_clock_info *cp = data;
5357 struct mgmt_rp_get_clock_info rp;
5358 struct hci_cp_read_clock hci_cp;
5359 struct pending_cmd *cmd;
5360 struct hci_request req;
5361 struct hci_conn *conn;
5362 int err;
5363
5364 BT_DBG("%s", hdev->name);
5365
5366 memset(&rp, 0, sizeof(rp));
5367 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5368 rp.addr.type = cp->addr.type;
5369
5370 if (cp->addr.type != BDADDR_BREDR)
5371 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5372 MGMT_STATUS_INVALID_PARAMS,
5373 &rp, sizeof(rp));
5374
5375 hci_dev_lock(hdev);
5376
5377 if (!hdev_is_powered(hdev)) {
5378 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5379 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5380 goto unlock;
5381 }
5382
5383 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5384 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5385 &cp->addr.bdaddr);
5386 if (!conn || conn->state != BT_CONNECTED) {
5387 err = cmd_complete(sk, hdev->id,
5388 MGMT_OP_GET_CLOCK_INFO,
5389 MGMT_STATUS_NOT_CONNECTED,
5390 &rp, sizeof(rp));
5391 goto unlock;
5392 }
5393 } else {
5394 conn = NULL;
5395 }
5396
5397 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5398 if (!cmd) {
5399 err = -ENOMEM;
5400 goto unlock;
5401 }
5402
69487371
JH		 5403 cmd->cmd_complete = clock_info_cmd_complete;
5404
95868426
JH		 5405 hci_req_init(&req, hdev);
5406
5407 memset(&hci_cp, 0, sizeof(hci_cp));
5408 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5409
5410 if (conn) {
5411 hci_conn_hold(conn);
f8aaf9b6 5412 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5413
5414 hci_cp.handle = cpu_to_le16(conn->handle);
5415 hci_cp.which = 0x01; /* Piconet clock */
5416 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5417 }
5418
5419 err = hci_req_run(&req, get_clock_info_complete);
5420 if (err < 0)
5421 mgmt_pending_remove(cmd);
5422
5423unlock:
5424 hci_dev_unlock(hdev);
5425 return err;
5426}
5427
8afef092
MH		 5428static void device_added(struct sock *sk, struct hci_dev *hdev,
5429 bdaddr_t *bdaddr, u8 type, u8 action)
5430{
5431 struct mgmt_ev_device_added ev;
5432
5433 bacpy(&ev.addr.bdaddr, bdaddr);
5434 ev.addr.type = type;
5435 ev.action = action;
5436
5437 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5438}
5439
2faade53
MH		 5440static int add_device(struct sock *sk, struct hci_dev *hdev,
5441 void *data, u16 len)
5442{
5443 struct mgmt_cp_add_device *cp = data;
5444 u8 auto_conn, addr_type;
5445 int err;
5446
5447 BT_DBG("%s", hdev->name);
5448
6659358e 5449 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5450 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5451 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5452 MGMT_STATUS_INVALID_PARAMS,
5453 &cp->addr, sizeof(cp->addr));
5454
4b9e7e75 5455 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5456 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5457 MGMT_STATUS_INVALID_PARAMS,
5458 &cp->addr, sizeof(cp->addr));
5459
5460 hci_dev_lock(hdev);
5461
6659358e 5462 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5463 /* Only incoming connections action is supported for now */
6659358e
JH		 5464 if (cp->action != 0x01) {
5465 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5466 MGMT_STATUS_INVALID_PARAMS,
5467 &cp->addr, sizeof(cp->addr));
5468 goto unlock;
5469 }
5470
5471 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5472 cp->addr.type);
5473 if (err)
5474 goto unlock;
a397407f 5475
432df05e 5476 hci_update_page_scan(hdev, NULL);
a397407f 5477
6659358e
JH		 5478 goto added;
5479 }
5480
2faade53
MH		 5481 if (cp->addr.type == BDADDR_LE_PUBLIC)
5482 addr_type = ADDR_LE_DEV_PUBLIC;
5483 else
5484 addr_type = ADDR_LE_DEV_RANDOM;
5485
4b9e7e75 5486 if (cp->action == 0x02)
2faade53 5487 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5488 else if (cp->action == 0x01)
5489 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5490 else
a3451d27 5491 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5492
bf5b3c8b
MH		 5493 /* If the connection parameters don't exist for this device,
5494 * they will be created and configured with defaults.
5495 */
d06b50ce
MH		 5496 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5497 auto_conn) < 0) {
2faade53
MH		 5498 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5499 MGMT_STATUS_FAILED,
5500 &cp->addr, sizeof(cp->addr));
5501 goto unlock;
5502 }
5503
6659358e 5504added:
8afef092
MH		 5505 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5506
2faade53
MH		 5507 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5508 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5509
5510unlock:
5511 hci_dev_unlock(hdev);
5512 return err;
5513}
5514
8afef092
MH		 5515static void device_removed(struct sock *sk, struct hci_dev *hdev,
5516 bdaddr_t *bdaddr, u8 type)
5517{
5518 struct mgmt_ev_device_removed ev;
5519
5520 bacpy(&ev.addr.bdaddr, bdaddr);
5521 ev.addr.type = type;
5522
5523 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5524}
5525
2faade53
MH		 5526static int remove_device(struct sock *sk, struct hci_dev *hdev,
5527 void *data, u16 len)
5528{
5529 struct mgmt_cp_remove_device *cp = data;
5530 int err;
5531
5532 BT_DBG("%s", hdev->name);
5533
5534 hci_dev_lock(hdev);
5535
5536 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5537 struct hci_conn_params *params;
2faade53
MH		 5538 u8 addr_type;
5539
6659358e 5540 if (!bdaddr_type_is_valid(cp->addr.type)) {
2faade53
MH		 5541 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5542 MGMT_STATUS_INVALID_PARAMS,
5543 &cp->addr, sizeof(cp->addr));
5544 goto unlock;
5545 }
5546
6659358e
JH		 5547 if (cp->addr.type == BDADDR_BREDR) {
5548 err = hci_bdaddr_list_del(&hdev->whitelist,
5549 &cp->addr.bdaddr,
5550 cp->addr.type);
5551 if (err) {
5552 err = cmd_complete(sk, hdev->id,
5553 MGMT_OP_REMOVE_DEVICE,
5554 MGMT_STATUS_INVALID_PARAMS,
5555 &cp->addr, sizeof(cp->addr));
5556 goto unlock;
5557 }
5558
432df05e 5559 hci_update_page_scan(hdev, NULL);
a397407f 5560
6659358e
JH		 5561 device_removed(sk, hdev, &cp->addr.bdaddr,
5562 cp->addr.type);
5563 goto complete;
5564 }
5565
2faade53
MH		 5566 if (cp->addr.type == BDADDR_LE_PUBLIC)
5567 addr_type = ADDR_LE_DEV_PUBLIC;
5568 else
5569 addr_type = ADDR_LE_DEV_RANDOM;
5570
c71593dd
JH		 5571 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5572 addr_type);
5573 if (!params) {
5574 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5575 MGMT_STATUS_INVALID_PARAMS,
5576 &cp->addr, sizeof(cp->addr));
5577 goto unlock;
5578 }
5579
5580 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5581 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5582 MGMT_STATUS_INVALID_PARAMS,
5583 &cp->addr, sizeof(cp->addr));
5584 goto unlock;
5585 }
5586
d1dbf12e 5587 list_del(&params->action);
c71593dd
JH		 5588 list_del(&params->list);
5589 kfree(params);
95305baa 5590 hci_update_background_scan(hdev);
8afef092
MH		 5591
5592 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5593 } else {
19de0825 5594 struct hci_conn_params *p, *tmp;
6659358e 5595 struct bdaddr_list *b, *btmp;
19de0825 5596
2faade53
MH		 5597 if (cp->addr.type) {
5598 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5599 MGMT_STATUS_INVALID_PARAMS,
5600 &cp->addr, sizeof(cp->addr));
5601 goto unlock;
5602 }
5603
6659358e
JH		 5604 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5605 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5606 list_del(&b->list);
5607 kfree(b);
5608 }
5609
432df05e 5610 hci_update_page_scan(hdev, NULL);
a397407f 5611
19de0825
JH		 5612 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5613 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5614 continue;
5615 device_removed(sk, hdev, &p->addr, p->addr_type);
5616 list_del(&p->action);
5617 list_del(&p->list);
5618 kfree(p);
5619 }
5620
5621 BT_DBG("All LE connection parameters were removed");
5622
5623 hci_update_background_scan(hdev);
2faade53
MH		 5624 }
5625
6659358e 5626complete:
2faade53
MH		 5627 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5628 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5629
5630unlock:
5631 hci_dev_unlock(hdev);
5632 return err;
5633}
5634
a26f3dcf
JH		 5635static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5636 u16 len)
5637{
5638 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5639 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5640 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5641 u16 param_count, expected_len;
5642 int i;
5643
5644 if (!lmp_le_capable(hdev))
5645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5646 MGMT_STATUS_NOT_SUPPORTED);
5647
5648 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5649 if (param_count > max_param_count) {
5650 BT_ERR("load_conn_param: too big param_count value %u",
5651 param_count);
5652 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5653 MGMT_STATUS_INVALID_PARAMS);
5654 }
a26f3dcf
JH		 5655
5656 expected_len = sizeof(*cp) + param_count *
5657 sizeof(struct mgmt_conn_param);
5658 if (expected_len != len) {
5659 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5660 expected_len, len);
5661 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5662 MGMT_STATUS_INVALID_PARAMS);
5663 }
5664
5665 BT_DBG("%s param_count %u", hdev->name, param_count);
5666
5667 hci_dev_lock(hdev);
5668
5669 hci_conn_params_clear_disabled(hdev);
5670
5671 for (i = 0; i < param_count; i++) {
5672 struct mgmt_conn_param *param = &cp->params[i];
5673 struct hci_conn_params *hci_param;
5674 u16 min, max, latency, timeout;
5675 u8 addr_type;
5676
5677 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5678 param->addr.type);
5679
5680 if (param->addr.type == BDADDR_LE_PUBLIC) {
5681 addr_type = ADDR_LE_DEV_PUBLIC;
5682 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5683 addr_type = ADDR_LE_DEV_RANDOM;
5684 } else {
5685 BT_ERR("Ignoring invalid connection parameters");
5686 continue;
5687 }
5688
5689 min = le16_to_cpu(param->min_interval);
5690 max = le16_to_cpu(param->max_interval);
5691 latency = le16_to_cpu(param->latency);
5692 timeout = le16_to_cpu(param->timeout);
5693
5694 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5695 min, max, latency, timeout);
5696
5697 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5698 BT_ERR("Ignoring invalid connection parameters");
5699 continue;
5700 }
5701
5702 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5703 addr_type);
5704 if (!hci_param) {
5705 BT_ERR("Failed to add connection parameters");
5706 continue;
5707 }
5708
5709 hci_param->conn_min_interval = min;
5710 hci_param->conn_max_interval = max;
5711 hci_param->conn_latency = latency;
5712 hci_param->supervision_timeout = timeout;
5713 }
5714
5715 hci_dev_unlock(hdev);
5716
5717 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5718}
5719
dbece37a
MH		 5720static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5721 void *data, u16 len)
5722{
5723 struct mgmt_cp_set_external_config *cp = data;
5724 bool changed;
5725 int err;
5726
5727 BT_DBG("%s", hdev->name);
5728
5729 if (hdev_is_powered(hdev))
5730 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5731 MGMT_STATUS_REJECTED);
5732
5733 if (cp->config != 0x00 && cp->config != 0x01)
5734 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5735 MGMT_STATUS_INVALID_PARAMS);
5736
5737 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5738 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5739 MGMT_STATUS_NOT_SUPPORTED);
5740
5741 hci_dev_lock(hdev);
5742
5743 if (cp->config)
5744 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5745 &hdev->dev_flags);
5746 else
5747 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5748 &hdev->dev_flags);
5749
5750 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5751 if (err < 0)
5752 goto unlock;
5753
5754 if (!changed)
5755 goto unlock;
5756
f4537c04
MH		 5757 err = new_options(hdev, sk);
5758
dbece37a
MH		 5759 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5760 mgmt_index_removed(hdev);
d603b76b
MH		 5761
5762 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5763 set_bit(HCI_CONFIG, &hdev->dev_flags);
5764 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5765
5766 queue_work(hdev->req_workqueue, &hdev->power_on);
5767 } else {
5ea234d3 5768 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5769 mgmt_index_added(hdev);
5770 }
dbece37a
MH		 5771 }
5772
5773unlock:
5774 hci_dev_unlock(hdev);
5775 return err;
5776}
5777
9713c17b
MH		 5778static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5779 void *data, u16 len)
5780{
5781 struct mgmt_cp_set_public_address *cp = data;
5782 bool changed;
5783 int err;
5784
5785 BT_DBG("%s", hdev->name);
5786
5787 if (hdev_is_powered(hdev))
5788 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5789 MGMT_STATUS_REJECTED);
5790
5791 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5792 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5793 MGMT_STATUS_INVALID_PARAMS);
5794
5795 if (!hdev->set_bdaddr)
5796 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5797 MGMT_STATUS_NOT_SUPPORTED);
5798
5799 hci_dev_lock(hdev);
5800
5801 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5802 bacpy(&hdev->public_addr, &cp->bdaddr);
5803
5804 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5805 if (err < 0)
5806 goto unlock;
5807
5808 if (!changed)
5809 goto unlock;
5810
5811 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5812 err = new_options(hdev, sk);
5813
5814 if (is_configured(hdev)) {
5815 mgmt_index_removed(hdev);
5816
5817 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5818
5819 set_bit(HCI_CONFIG, &hdev->dev_flags);
5820 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5821
5822 queue_work(hdev->req_workqueue, &hdev->power_on);
5823 }
5824
5825unlock:
5826 hci_dev_unlock(hdev);
5827 return err;
5828}
5829
2e3c35ea 5830static const struct mgmt_handler {
04124681
GP		 5831 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5832 u16 data_len);
be22b54e
JH		 5833 bool var_len;
5834 size_t data_len;
0f4e68cf
JH		 5835} mgmt_handlers[] = {
5836 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5837 { read_version, false, MGMT_READ_VERSION_SIZE },
5838 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5839 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5840 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5841 { set_powered, false, MGMT_SETTING_SIZE },
5842 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5843 { set_connectable, false, MGMT_SETTING_SIZE },
5844 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 5845 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 5846 { set_link_security, false, MGMT_SETTING_SIZE },
5847 { set_ssp, false, MGMT_SETTING_SIZE },
5848 { set_hs, false, MGMT_SETTING_SIZE },
5849 { set_le, false, MGMT_SETTING_SIZE },
5850 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5851 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5852 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5853 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5854 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5855 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5856 { disconnect, false, MGMT_DISCONNECT_SIZE },
5857 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5858 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5859 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5860 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5861 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5862 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5863 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5864 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5865 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5866 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5867 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5868 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5869 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5870 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5871 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5872 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5873 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5874 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5875 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5876 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5877 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5878 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5879 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5880 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5881 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5882 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5883 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5884 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5885 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5886 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5887 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5888 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5889 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5890 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5891 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5892 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5893 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
66ea9427 5894 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
0f4e68cf
JH		 5895};
5896
0381101f
JH		 5897int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5898{
650f726d
VCG		 5899 void *buf;
5900 u8 *cp;
0381101f 5901 struct mgmt_hdr *hdr;
4e51eae9 5902 u16 opcode, index, len;
bdb6d971 5903 struct hci_dev *hdev = NULL;
2e3c35ea 5904 const struct mgmt_handler *handler;
0381101f
JH		 5905 int err;
5906
5907 BT_DBG("got %zu bytes", msglen);
5908
5909 if (msglen < sizeof(*hdr))
5910 return -EINVAL;
5911
e63a15ec 5912 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5913 if (!buf)
5914 return -ENOMEM;
5915
6ce8e9ce 5916 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 5917 err = -EFAULT;
5918 goto done;
5919 }
5920
650f726d 5921 hdr = buf;
1f350c87
MH		 5922 opcode = __le16_to_cpu(hdr->opcode);
5923 index = __le16_to_cpu(hdr->index);
5924 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5925
5926 if (len != msglen - sizeof(*hdr)) {
5927 err = -EINVAL;
5928 goto done;
5929 }
5930
0f4e68cf 5931 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5932 hdev = hci_dev_get(index);
5933 if (!hdev) {
5934 err = cmd_status(sk, index, opcode,
04124681 5935 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5936 goto done;
5937 }
0736cfa8 5938
cebf4cfd 5939 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5940 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5941 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5942 err = cmd_status(sk, index, opcode,
5943 MGMT_STATUS_INVALID_INDEX);
5944 goto done;
5945 }
42a9bc14
MH		 5946
5947 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5948 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5949 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5950 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5951 err = cmd_status(sk, index, opcode,
5952 MGMT_STATUS_INVALID_INDEX);
5953 goto done;
5954 }
bdb6d971
JH		 5955 }
5956
0f4e68cf 5957 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5958 mgmt_handlers[opcode].func == NULL) {
0381101f 5959 BT_DBG("Unknown op %u", opcode);
ca69b795 5960 err = cmd_status(sk, index, opcode,
04124681 5961 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5962 goto done;
5963 }
5964
73d1df2a
MH		 5965 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5966 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5967 err = cmd_status(sk, index, opcode,
5968 MGMT_STATUS_INVALID_INDEX);
5969 goto done;
5970 }
5971
5972 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5973 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5974 err = cmd_status(sk, index, opcode,
04124681 5975 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5976 goto done;
0381101f
JH		 5977 }
5978
be22b54e
JH		 5979 handler = &mgmt_handlers[opcode];
5980
5981 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5982 (!handler->var_len && len != handler->data_len)) {
be22b54e 5983 err = cmd_status(sk, index, opcode,
04124681 5984 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5985 goto done;
5986 }
5987
0f4e68cf
JH		 5988 if (hdev)
5989 mgmt_init_hdev(sk, hdev);
5990
5991 cp = buf + sizeof(*hdr);
5992
be22b54e 5993 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5994 if (err < 0)
5995 goto done;
5996
0381101f
JH		 5997 err = msglen;
5998
5999done:
bdb6d971
JH		 6000 if (hdev)
6001 hci_dev_put(hdev);
6002
0381101f
JH		 6003 kfree(buf);
6004 return err;
6005}
c71e97bf 6006
bf6b56db 6007void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6008{
1514b892 6009 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6010 return;
bb4b2a9a 6011
0602a8ad
MH		 6012 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6013 return;
6014
6015 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6016 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6017 else
6018 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6019}
6020
bf6b56db 6021void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6022{
5f159032 6023 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6024
1514b892 6025 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6026 return;
bb4b2a9a 6027
0602a8ad
MH		 6028 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6029 return;
6030
1b9b5ee5 6031 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6032
edd3896b
MH		 6033 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6034 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6035 else
6036 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6037}
6038
6046dc3e 6039/* This function requires the caller holds hdev->lock */
d7347f3c 6040static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6041{
6042 struct hci_conn_params *p;
6043
6044 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6045 /* Needed for AUTO_OFF case where might not "really"
6046 * have been powered off.
6047 */
6048 list_del_init(&p->action);
6049
6050 switch (p->auto_connect) {
4b9e7e75 6051 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6052 case HCI_AUTO_CONN_ALWAYS:
6053 list_add(&p->action, &hdev->pend_le_conns);
6054 break;
6055 case HCI_AUTO_CONN_REPORT:
6056 list_add(&p->action, &hdev->pend_le_reports);
6057 break;
6058 default:
6059 break;
c83ed19d 6060 }
6046dc3e 6061 }
c83ed19d 6062
c83ed19d 6063 hci_update_background_scan(hdev);
6046dc3e
AG		 6064}
6065
229ab39c
JH		 6066static void powered_complete(struct hci_dev *hdev, u8 status)
6067{
6068 struct cmd_lookup match = { NULL, hdev };
6069
6070 BT_DBG("status 0x%02x", status);
6071
6072 hci_dev_lock(hdev);
6073
d7347f3c 6074 restart_le_actions(hdev);
6046dc3e 6075
229ab39c
JH		 6076 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6077
6078 new_settings(hdev, match.sk);
6079
6080 hci_dev_unlock(hdev);
6081
6082 if (match.sk)
6083 sock_put(match.sk);
6084}
6085
70da6243 6086static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6087{
890ea898 6088 struct hci_request req;
70da6243 6089 u8 link_sec;
5add6af8 6090
890ea898
JH		 6091 hci_req_init(&req, hdev);
6092
70da6243
JH		 6093 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6094 !lmp_host_ssp_capable(hdev)) {
6095 u8 ssp = 1;
5e5282bb 6096
890ea898 6097 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 6098 }
5add6af8 6099
ec6f99b8
JH		 6100 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6101 u8 sc = 0x01;
6102 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, sizeof(sc), &sc);
6103 }
6104
c73eee91
JH		 6105 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6106 lmp_bredr_capable(hdev)) {
70da6243 6107 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6108
32226e4f
MH		 6109 cp.le = 0x01;
6110 cp.simul = 0x00;
3d1cbdd6 6111
70da6243
JH		 6112 /* Check first if we already have the right
6113 * host state (host features set)
6114 */
6115 if (cp.le != lmp_host_le_capable(hdev) ||
6116 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6117 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6118 sizeof(cp), &cp);
70da6243 6119 }
3d1cbdd6 6120
d13eafce 6121 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6122 /* Make sure the controller has a good default for
6123 * advertising data. This also applies to the case
6124 * where BR/EDR was toggled during the AUTO_OFF phase.
6125 */
f14d8f64 6126 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6127 update_adv_data(&req);
f14d8f64
MH		 6128 update_scan_rsp_data(&req);
6129 }
441ad2d0 6130
bba3aa55
MH		 6131 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6132 enable_advertising(&req);
eeca6f89
JH		 6133 }
6134
70da6243
JH		 6135 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6136 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6137 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6138 sizeof(link_sec), &link_sec);
562fcc24 6139
70da6243 6140 if (lmp_bredr_capable(hdev)) {
432df05e
JH		 6141 write_fast_connectable(&req, false);
6142 hci_update_page_scan(hdev, &req);
890ea898 6143 update_class(&req);
13928971 6144 update_name(&req);
890ea898 6145 update_eir(&req);
70da6243 6146 }
562fcc24 6147
229ab39c 6148 return hci_req_run(&req, powered_complete);
70da6243 6149}
562fcc24 6150
70da6243
JH		 6151int mgmt_powered(struct hci_dev *hdev, u8 powered)
6152{
6153 struct cmd_lookup match = { NULL, hdev };
9845904f 6154 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6155 int err;
f0ff92fb 6156
70da6243
JH		 6157 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6158 return 0;
6159
70da6243 6160 if (powered) {
229ab39c
JH		 6161 if (powered_update_hci(hdev) == 0)
6162 return 0;
fe038884 6163
229ab39c
JH		 6164 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6165 &match);
6166 goto new_settings;
b24752fe
JH		 6167 }
6168
229ab39c 6169 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6170
6171 /* If the power off is because of hdev unregistration let
6172 * use the appropriate INVALID_INDEX status. Otherwise use
6173 * NOT_POWERED. We cover both scenarios here since later in
6174 * mgmt_index_removed() any hci_conn callbacks will have already
6175 * been triggered, potentially causing misleading DISCONNECTED
6176 * status responses.
6177 */
6178 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6179 status = MGMT_STATUS_INVALID_INDEX;
6180 else
6181 status = MGMT_STATUS_NOT_POWERED;
6182
6183 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6184
6185 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6186 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6187 zero_cod, sizeof(zero_cod), NULL);
6188
6189new_settings:
beadb2bd 6190 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6191
6192 if (match.sk)
6193 sock_put(match.sk);
6194
7bb895d6 6195 return err;
5add6af8 6196}
73f22f62 6197
3eec705e 6198void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6199{
6200 struct pending_cmd *cmd;
6201 u8 status;
6202
6203 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6204 if (!cmd)
3eec705e 6205 return;
96570ffc
JH		 6206
6207 if (err == -ERFKILL)
6208 status = MGMT_STATUS_RFKILLED;
6209 else
6210 status = MGMT_STATUS_FAILED;
6211
3eec705e 6212 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6213
6214 mgmt_pending_remove(cmd);
96570ffc
JH		 6215}
6216
d1967ff8
MH		 6217void mgmt_discoverable_timeout(struct hci_dev *hdev)
6218{
6219 struct hci_request req;
d1967ff8
MH		 6220
6221 hci_dev_lock(hdev);
6222
6223 /* When discoverable timeout triggers, then just make sure
6224 * the limited discoverable flag is cleared. Even in the case
6225 * of a timeout triggered from general discoverable, it is
6226 * safe to unconditionally clear the flag.
6227 */
6228 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6229 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6230
6231 hci_req_init(&req, hdev);
4b580614
JH		 6232 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6233 u8 scan = SCAN_PAGE;
6234 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6235 sizeof(scan), &scan);
6236 }
d1967ff8 6237 update_class(&req);
9a43e25f 6238 update_adv_data(&req);
d1967ff8
MH		 6239 hci_req_run(&req, NULL);
6240
6241 hdev->discov_timeout = 0;
6242
9a43e25f
JH		 6243 new_settings(hdev, NULL);
6244
d1967ff8
MH		 6245 hci_dev_unlock(hdev);
6246}
6247
dc4a5ee2
MH		 6248void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6249 bool persistent)
55ed8ca1 6250{
86742e1e 6251 struct mgmt_ev_new_link_key ev;
55ed8ca1 6252
a492cd52 6253 memset(&ev, 0, sizeof(ev));
55ed8ca1 6254
a492cd52 6255 ev.store_hint = persistent;
d753fdc4 6256 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6257 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6258 ev.key.type = key->type;
9b3b4460 6259 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6260 ev.key.pin_len = key->pin_len;
55ed8ca1 6261
dc4a5ee2 6262 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6263}
f7520543 6264
d7b25450
JH		 6265static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6266{
23fb8de3
JH		 6267 switch (ltk->type) {
6268 case SMP_LTK:
6269 case SMP_LTK_SLAVE:
6270 if (ltk->authenticated)
6271 return MGMT_LTK_AUTHENTICATED;
6272 return MGMT_LTK_UNAUTHENTICATED;
6273 case SMP_LTK_P256:
6274 if (ltk->authenticated)
6275 return MGMT_LTK_P256_AUTH;
6276 return MGMT_LTK_P256_UNAUTH;
6277 case SMP_LTK_P256_DEBUG:
6278 return MGMT_LTK_P256_DEBUG;
6279 }
d7b25450
JH		 6280
6281 return MGMT_LTK_UNAUTHENTICATED;
6282}
6283
53ac6ab6 6284void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6285{
6286 struct mgmt_ev_new_long_term_key ev;
6287
6288 memset(&ev, 0, sizeof(ev));
6289
5192d301
MH		 6290 /* Devices using resolvable or non-resolvable random addresses
6291 * without providing an indentity resolving key don't require
6292 * to store long term keys. Their addresses will change the
6293 * next time around.
6294 *
6295 * Only when a remote device provides an identity address
6296 * make sure the long term key is stored. If the remote
6297 * identity is known, the long term keys are internally
6298 * mapped to the identity address. So allow static random
6299 * and public addresses here.
6300 */
ba74b666
JH		 6301 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6302 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6303 ev.store_hint = 0x00;
6304 else
53ac6ab6 6305 ev.store_hint = persistent;
ba74b666 6306
346af67b 6307 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6308 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6309 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6310 ev.key.enc_size = key->enc_size;
6311 ev.key.ediv = key->ediv;
fe39c7b2 6312 ev.key.rand = key->rand;
346af67b 6313
2ceba539 6314 if (key->type == SMP_LTK)
346af67b
VCG		 6315 ev.key.master = 1;
6316
346af67b
VCG		 6317 memcpy(ev.key.val, key->val, sizeof(key->val));
6318
083368f7 6319 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6320}
6321
95fbac8a
JH		 6322void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6323{
6324 struct mgmt_ev_new_irk ev;
6325
6326 memset(&ev, 0, sizeof(ev));
6327
bab6d1e5
MH		 6328 /* For identity resolving keys from devices that are already
6329 * using a public address or static random address, do not
6330 * ask for storing this key. The identity resolving key really
6331 * is only mandatory for devices using resovlable random
6332 * addresses.
6333 *
6334 * Storing all identity resolving keys has the downside that
6335 * they will be also loaded on next boot of they system. More
6336 * identity resolving keys, means more time during scanning is
6337 * needed to actually resolve these addresses.
6338 */
6339 if (bacmp(&irk->rpa, BDADDR_ANY))
6340 ev.store_hint = 0x01;
6341 else
6342 ev.store_hint = 0x00;
6343
95fbac8a
JH		 6344 bacpy(&ev.rpa, &irk->rpa);
6345 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6346 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6347 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6348
6349 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6350}
6351
53ac6ab6
MH		 6352void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6353 bool persistent)
7ee4ea36
MH		 6354{
6355 struct mgmt_ev_new_csrk ev;
6356
6357 memset(&ev, 0, sizeof(ev));
6358
6359 /* Devices using resolvable or non-resolvable random addresses
6360 * without providing an indentity resolving key don't require
6361 * to store signature resolving keys. Their addresses will change
6362 * the next time around.
6363 *
6364 * Only when a remote device provides an identity address
6365 * make sure the signature resolving key is stored. So allow
6366 * static random and public addresses here.
6367 */
6368 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6369 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6370 ev.store_hint = 0x00;
6371 else
53ac6ab6 6372 ev.store_hint = persistent;
7ee4ea36
MH		 6373
6374 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6375 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6376 ev.key.master = csrk->master;
6377 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6378
6379 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6380}
6381
ffb5a827 6382void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6383 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6384 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6385{
6386 struct mgmt_ev_new_conn_param ev;
6387
c103aea6
JH		 6388 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6389 return;
6390
ffb5a827
AG		 6391 memset(&ev, 0, sizeof(ev));
6392 bacpy(&ev.addr.bdaddr, bdaddr);
6393 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6394 ev.store_hint = store_hint;
ffb5a827
AG		 6395 ev.min_interval = cpu_to_le16(min_interval);
6396 ev.max_interval = cpu_to_le16(max_interval);
6397 ev.latency = cpu_to_le16(latency);
6398 ev.timeout = cpu_to_le16(timeout);
6399
6400 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6401}
6402
94933991
MH		 6403static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6404 u8 data_len)
6405{
6406 eir[eir_len++] = sizeof(type) + data_len;
6407 eir[eir_len++] = type;
6408 memcpy(&eir[eir_len], data, data_len);
6409 eir_len += data_len;
6410
6411 return eir_len;
6412}
6413
48ec92fa
AA		 6414void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6415 u32 flags, u8 *name, u8 name_len)
f7520543 6416{
b644ba33
JH		 6417 char buf[512];
6418 struct mgmt_ev_device_connected *ev = (void *) buf;
6419 u16 eir_len = 0;
f7520543 6420
48ec92fa
AA		 6421 bacpy(&ev->addr.bdaddr, &conn->dst);
6422 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6423
c95f0ba7 6424 ev->flags = __cpu_to_le32(flags);
08c79b61 6425
fd45ada9
AA		 6426 /* We must ensure that the EIR Data fields are ordered and
6427 * unique. Keep it simple for now and avoid the problem by not
6428 * adding any BR/EDR data to the LE adv.
6429 */
6430 if (conn->le_adv_data_len > 0) {
6431 memcpy(&ev->eir[eir_len],
6432 conn->le_adv_data, conn->le_adv_data_len);
6433 eir_len = conn->le_adv_data_len;
6434 } else {
6435 if (name_len > 0)
6436 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6437 name, name_len);
b644ba33 6438
ddbea5cf 6439 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6440 eir_len = eir_append_data(ev->eir, eir_len,
6441 EIR_CLASS_OF_DEV,
6442 conn->dev_class, 3);
6443 }
b644ba33 6444
eb55ef07 6445 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6446
ecd90ae7
MH		 6447 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6448 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6449}
6450
8962ee74
JH		 6451static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6452{
8962ee74 6453 struct sock **sk = data;
8962ee74 6454
f5818c22 6455 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6456
6457 *sk = cmd->sk;
6458 sock_hold(*sk);
6459
a664b5bc 6460 mgmt_pending_remove(cmd);
8962ee74
JH		 6461}
6462
124f6e35 6463static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6464{
b1078ad0 6465 struct hci_dev *hdev = data;
124f6e35 6466 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6467
b1078ad0
JH		 6468 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6469
d8b7b1e4 6470 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6471 mgmt_pending_remove(cmd);
6472}
6473
84c61d92
JH		 6474bool mgmt_powering_down(struct hci_dev *hdev)
6475{
6476 struct pending_cmd *cmd;
6477 struct mgmt_mode *cp;
6478
6479 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6480 if (!cmd)
6481 return false;
6482
6483 cp = cmd->param;
6484 if (!cp->val)
6485 return true;
6486
6487 return false;
6488}
6489
9b80ec5e 6490void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6491 u8 link_type, u8 addr_type, u8 reason,
6492 bool mgmt_connected)
f7520543 6493{
f0d6a0ea 6494 struct mgmt_ev_device_disconnected ev;
8962ee74 6495 struct sock *sk = NULL;
8962ee74 6496
84c61d92
JH		 6497 /* The connection is still in hci_conn_hash so test for 1
6498 * instead of 0 to know if this is the last one.
6499 */
6500 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6501 cancel_delayed_work(&hdev->power_off);
6502 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6503 }
6504
12d4a3b2
JH		 6505 if (!mgmt_connected)
6506 return;
6507
57eb776f
AG		 6508 if (link_type != ACL_LINK && link_type != LE_LINK)
6509 return;
6510
744cf19e 6511 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6512
f0d6a0ea
MA		 6513 bacpy(&ev.addr.bdaddr, bdaddr);
6514 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6515 ev.reason = reason;
f7520543 6516
9b80ec5e 6517 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6518
6519 if (sk)
d97dcb66 6520 sock_put(sk);
8962ee74 6521
124f6e35 6522 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6523 hdev);
8962ee74
JH		 6524}
6525
7892924c
MH		 6526void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6527 u8 link_type, u8 addr_type, u8 status)
8962ee74 6528{
3655bba8
AG		 6529 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6530 struct mgmt_cp_disconnect *cp;
8962ee74 6531 struct pending_cmd *cmd;
8962ee74 6532
36a75f1b
JD		 6533 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6534 hdev);
6535
2e58ef3e 6536 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6537 if (!cmd)
7892924c 6538 return;
8962ee74 6539
3655bba8
AG		 6540 cp = cmd->param;
6541
6542 if (bacmp(bdaddr, &cp->addr.bdaddr))
6543 return;
6544
6545 if (cp->addr.type != bdaddr_type)
6546 return;
6547
f5818c22 6548 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6549 mgmt_pending_remove(cmd);
f7520543 6550}
17d5c04c 6551
445608d0
MH		 6552void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6553 u8 addr_type, u8 status)
17d5c04c
JH		 6554{
6555 struct mgmt_ev_connect_failed ev;
c9910d0f 6556
84c61d92
JH		 6557 /* The connection is still in hci_conn_hash so test for 1
6558 * instead of 0 to know if this is the last one.
6559 */
6560 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6561 cancel_delayed_work(&hdev->power_off);
6562 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6563 }
17d5c04c 6564
4c659c39 6565 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6566 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6567 ev.status = mgmt_status(status);
17d5c04c 6568
445608d0 6569 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6570}
980e1a53 6571
ce0e4a0d 6572void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6573{
6574 struct mgmt_ev_pin_code_request ev;
6575
d8457698 6576 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6577 ev.addr.type = BDADDR_BREDR;
a770bb5a 6578 ev.secure = secure;
980e1a53 6579
ce0e4a0d 6580 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6581}
6582
e669cf80
MH		 6583void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6584 u8 status)
980e1a53
JH		 6585{
6586 struct pending_cmd *cmd;
980e1a53 6587
2e58ef3e 6588 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6589 if (!cmd)
e669cf80 6590 return;
980e1a53 6591
7776d1d8 6592 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6593 mgmt_pending_remove(cmd);
980e1a53
JH		 6594}
6595
3eb38528
MH		 6596void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6597 u8 status)
980e1a53
JH		 6598{
6599 struct pending_cmd *cmd;
980e1a53 6600
2e58ef3e 6601 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6602 if (!cmd)
3eb38528 6603 return;
980e1a53 6604
7776d1d8 6605 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6606 mgmt_pending_remove(cmd);
980e1a53 6607}
a5c29683 6608
744cf19e 6609int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6610 u8 link_type, u8 addr_type, u32 value,
04124681 6611 u8 confirm_hint)
a5c29683
JH		 6612{
6613 struct mgmt_ev_user_confirm_request ev;
6614
744cf19e 6615 BT_DBG("%s", hdev->name);
a5c29683 6616
272d90df 6617 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6618 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6619 ev.confirm_hint = confirm_hint;
39adbffe 6620 ev.value = cpu_to_le32(value);
a5c29683 6621
744cf19e 6622 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6623 NULL);
a5c29683
JH		 6624}
6625
272d90df 6626int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6627 u8 link_type, u8 addr_type)
604086b7
BG		 6628{
6629 struct mgmt_ev_user_passkey_request ev;
6630
6631 BT_DBG("%s", hdev->name);
6632
272d90df 6633 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6634 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6635
6636 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6637 NULL);
604086b7
BG		 6638}
6639
0df4c185 6640static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6641 u8 link_type, u8 addr_type, u8 status,
6642 u8 opcode)
a5c29683
JH		 6643{
6644 struct pending_cmd *cmd;
a5c29683 6645
2e58ef3e 6646 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6647 if (!cmd)
6648 return -ENOENT;
6649
7776d1d8 6650 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6651 mgmt_pending_remove(cmd);
a5c29683 6652
7776d1d8 6653 return 0;
a5c29683
JH		 6654}
6655
744cf19e 6656int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6657 u8 link_type, u8 addr_type, u8 status)
a5c29683 6658{
272d90df 6659 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6660 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6661}
6662
272d90df 6663int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6664 u8 link_type, u8 addr_type, u8 status)
a5c29683 6665{
272d90df 6666 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6667 status,
6668 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6669}
2a611692 6670
604086b7 6671int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6672 u8 link_type, u8 addr_type, u8 status)
604086b7 6673{
272d90df 6674 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6675 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6676}
6677
272d90df 6678int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6679 u8 link_type, u8 addr_type, u8 status)
604086b7 6680{
272d90df 6681 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6682 status,
6683 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6684}
6685
92a25256
JH		 6686int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6687 u8 link_type, u8 addr_type, u32 passkey,
6688 u8 entered)
6689{
6690 struct mgmt_ev_passkey_notify ev;
6691
6692 BT_DBG("%s", hdev->name);
6693
6694 bacpy(&ev.addr.bdaddr, bdaddr);
6695 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6696 ev.passkey = __cpu_to_le32(passkey);
6697 ev.entered = entered;
6698
6699 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6700}
6701
e1e930f5 6702void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6703{
6704 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6705 struct pending_cmd *cmd;
6706 u8 status = mgmt_status(hci_status);
2a611692 6707
e1e930f5
JH		 6708 bacpy(&ev.addr.bdaddr, &conn->dst);
6709 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6710 ev.status = status;
2a611692 6711
e1e930f5
JH		 6712 cmd = find_pairing(conn);
6713
6714 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6715 cmd ? cmd->sk : NULL);
6716
a511b35b
JH		 6717 if (cmd) {
6718 cmd->cmd_complete(cmd, status);
6719 mgmt_pending_remove(cmd);
6720 }
2a611692 6721}
b312b161 6722
464996ae 6723void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6724{
6725 struct cmd_lookup match = { NULL, hdev };
464996ae 6726 bool changed;
33ef95ed
JH		 6727
6728 if (status) {
6729 u8 mgmt_err = mgmt_status(status);
6730 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6731 cmd_status_rsp, &mgmt_err);
464996ae 6732 return;
33ef95ed
JH		 6733 }
6734
464996ae
MH		 6735 if (test_bit(HCI_AUTH, &hdev->flags))
6736 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6737 &hdev->dev_flags);
6738 else
6739 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6740 &hdev->dev_flags);
47990ea0 6741
33ef95ed 6742 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6743 &match);
33ef95ed 6744
47990ea0 6745 if (changed)
464996ae 6746 new_settings(hdev, match.sk);
33ef95ed
JH		 6747
6748 if (match.sk)
6749 sock_put(match.sk);
33ef95ed
JH		 6750}
6751
890ea898 6752static void clear_eir(struct hci_request *req)
cacaf52f 6753{
890ea898 6754 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6755 struct hci_cp_write_eir cp;
6756
976eb20e 6757 if (!lmp_ext_inq_capable(hdev))
890ea898 6758 return;
cacaf52f 6759
c80da27e
JH		 6760 memset(hdev->eir, 0, sizeof(hdev->eir));
6761
cacaf52f
JH		 6762 memset(&cp, 0, sizeof(cp));
6763
890ea898 6764 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6765}
6766
3e248560 6767void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6768{
6769 struct cmd_lookup match = { NULL, hdev };
890ea898 6770 struct hci_request req;
c0ecddc2 6771 bool changed = false;
ed2c4ee3
JH		 6772
6773 if (status) {
6774 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6775
6776 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6777 &hdev->dev_flags)) {
6778 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6779 new_settings(hdev, NULL);
9ecb3e24 6780 }
c0ecddc2 6781
04124681
GP		 6782 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6783 &mgmt_err);
3e248560 6784 return;
c0ecddc2
JH		 6785 }
6786
6787 if (enable) {
9ecb3e24 6788 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6789 } else {
9ecb3e24
MH		 6790 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6791 if (!changed)
6792 changed = test_and_clear_bit(HCI_HS_ENABLED,
6793 &hdev->dev_flags);
6794 else
6795 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6796 }
6797
6798 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6799
c0ecddc2 6800 if (changed)
3e248560 6801 new_settings(hdev, match.sk);
ed2c4ee3 6802
5fc6ebb1 6803 if (match.sk)
ed2c4ee3
JH		 6804 sock_put(match.sk);
6805
890ea898
JH		 6806 hci_req_init(&req, hdev);
6807
3769972b
JH		 6808 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6809 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6810 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6811 sizeof(enable), &enable);
890ea898 6812 update_eir(&req);
3769972b 6813 } else {
890ea898 6814 clear_eir(&req);
3769972b 6815 }
890ea898
JH		 6816
6817 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6818}
6819
eac83dc6
MH		 6820void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6821{
6822 struct cmd_lookup match = { NULL, hdev };
6823 bool changed = false;
6824
6825 if (status) {
6826 u8 mgmt_err = mgmt_status(status);
6827
0ab04a9c
MH		 6828 if (enable) {
6829 if (test_and_clear_bit(HCI_SC_ENABLED,
6830 &hdev->dev_flags))
6831 new_settings(hdev, NULL);
6832 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6833 }
eac83dc6
MH		 6834
6835 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6836 cmd_status_rsp, &mgmt_err);
6837 return;
6838 }
6839
0ab04a9c 6840 if (enable) {
eac83dc6 6841 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6842 } else {
eac83dc6 6843 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6844 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6845 }
eac83dc6
MH		 6846
6847 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6848 settings_rsp, &match);
6849
6850 if (changed)
6851 new_settings(hdev, match.sk);
6852
6853 if (match.sk)
6854 sock_put(match.sk);
6855}
6856
92da6097 6857static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6858{
6859 struct cmd_lookup *match = data;
6860
90e70454
JH		 6861 if (match->sk == NULL) {
6862 match->sk = cmd->sk;
6863 sock_hold(match->sk);
6864 }
90e70454
JH		 6865}
6866
4e1b0245
MH		 6867void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6868 u8 status)
7f9a903c 6869{
90e70454 6870 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6871
92da6097
JH		 6872 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6873 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6874 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6875
6876 if (!status)
4e1b0245
MH		 6877 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6878 NULL);
90e70454
JH		 6879
6880 if (match.sk)
6881 sock_put(match.sk);
7f9a903c
MH		 6882}
6883
7667da34 6884void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6885{
b312b161 6886 struct mgmt_cp_set_local_name ev;
13928971 6887 struct pending_cmd *cmd;
28cc7bde 6888
13928971 6889 if (status)
7667da34 6890 return;
b312b161
JH		 6891
6892 memset(&ev, 0, sizeof(ev));
6893 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6894 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6895
2e58ef3e 6896 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6897 if (!cmd) {
6898 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6899
13928971
JH		 6900 /* If this is a HCI command related to powering on the
6901 * HCI dev don't send any mgmt signals.
6902 */
6903 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6904 return;
890ea898 6905 }
b312b161 6906
7667da34
MH		 6907 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6908 cmd ? cmd->sk : NULL);
b312b161 6909}
c35938b2 6910
4d2d2796 6911void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 6912 u8 *rand192, u8 *hash256, u8 *rand256,
6913 u8 status)
c35938b2
SJ		 6914{
6915 struct pending_cmd *cmd;
c35938b2 6916
744cf19e 6917 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6918
2e58ef3e 6919 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6920 if (!cmd)
3edaf092 6921 return;
c35938b2
SJ		 6922
6923 if (status) {
3edaf092
MH		 6924 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6925 mgmt_status(status));
c35938b2 6926 } else {
710f11c0 6927 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796
MH		 6928 struct mgmt_rp_read_local_oob_ext_data rp;
6929
6930 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
38da1703 6931 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 6932
4d2d2796 6933 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 6934 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
c35938b2 6935
4d2d2796
MH		 6936 cmd_complete(cmd->sk, hdev->id,
6937 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6938 &rp, sizeof(rp));
6939 } else {
6940 struct mgmt_rp_read_local_oob_data rp;
6941
6942 memcpy(rp.hash, hash192, sizeof(rp.hash));
38da1703 6943 memcpy(rp.rand, rand192, sizeof(rp.rand));
4d2d2796
MH		 6944
6945 cmd_complete(cmd->sk, hdev->id,
6946 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6947 &rp, sizeof(rp));
6948 }
c35938b2
SJ		 6949 }
6950
6951 mgmt_pending_remove(cmd);
c35938b2 6952}
e17acd40 6953
799ce93d
JP		 6954static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
6955{
6956 int i;
6957
6958 for (i = 0; i < uuid_count; i++) {
6959 if (!memcmp(uuid, uuids[i], 16))
6960 return true;
6961 }
6962
6963 return false;
6964}
6965
b487b9ce
MH		 6966static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
6967{
799ce93d
JP		 6968 u16 parsed = 0;
6969
6970 while (parsed < eir_len) {
6971 u8 field_len = eir[0];
6972 u8 uuid[16];
6973 int i;
6974
6975 if (field_len == 0)
6976 break;
6977
6978 if (eir_len - parsed < field_len + 1)
6979 break;
6980
6981 switch (eir[1]) {
6982 case EIR_UUID16_ALL:
6983 case EIR_UUID16_SOME:
6984 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 6985 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 6986 uuid[13] = eir[i + 3];
6987 uuid[12] = eir[i + 2];
6988 if (has_uuid(uuid, uuid_count, uuids))
6989 return true;
6990 }
6991 break;
6992 case EIR_UUID32_ALL:
6993 case EIR_UUID32_SOME:
6994 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 6995 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 6996 uuid[15] = eir[i + 5];
6997 uuid[14] = eir[i + 4];
6998 uuid[13] = eir[i + 3];
6999 uuid[12] = eir[i + 2];
7000 if (has_uuid(uuid, uuid_count, uuids))
7001 return true;
7002 }
7003 break;
7004 case EIR_UUID128_ALL:
7005 case EIR_UUID128_SOME:
7006 for (i = 0; i + 17 <= field_len; i += 16) {
7007 memcpy(uuid, eir + i + 2, 16);
7008 if (has_uuid(uuid, uuid_count, uuids))
7009 return true;
7010 }
7011 break;
7012 }
7013
7014 parsed += field_len + 1;
7015 eir += field_len + 1;
7016 }
7017
b487b9ce
MH		 7018 return false;
7019}
7020
901801b9 7021void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 7022 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7023 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7024{
e319d2e7
JH		 7025 char buf[512];
7026 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 7027 size_t ev_size;
b487b9ce 7028 bool match;
e17acd40 7029
75ce208c
JH		 7030 /* Don't send events for a non-kernel initiated discovery. With
7031 * LE one exception is if we have pend_le_reports > 0 in which
7032 * case we're doing passive scanning and want these events.
7033 */
7034 if (!hci_discovery_active(hdev)) {
7035 if (link_type == ACL_LINK)
7036 return;
66f8455a 7037 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 7038 return;
7039 }
12602d0c 7040
bda157a4
MH		 7041 /* When using service discovery with a RSSI threshold, then check
7042 * if such a RSSI threshold is specified. If a RSSI threshold has
7043 * been specified, then all results with a RSSI smaller than the
7044 * RSSI threshold will be dropped.
efb2513f
MH		 7045 *
7046 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7047 * the results are also dropped.
bda157a4
MH		 7048 */
7049 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
efb2513f 7050 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
bda157a4
MH		 7051 return;
7052
5d2e9fad
JH		 7053 /* Make sure that the buffer is big enough. The 5 extra bytes
7054 * are for the potential CoD field.
7055 */
7056 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 7057 return;
7d262f86 7058
1dc06093
JH		 7059 memset(buf, 0, sizeof(buf));
7060
da25cf6a
MH		 7061 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7062 * RSSI value was reported as 0 when not available. This behavior
7063 * is kept when using device discovery. This is required for full
7064 * backwards compatibility with the API.
7065 *
7066 * However when using service discovery, the value 127 will be
7067 * returned when the RSSI is not available.
7068 */
7069 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi)
efb2513f
MH		 7070 rssi = 0;
7071
841c5644
JH		 7072 bacpy(&ev->addr.bdaddr, bdaddr);
7073 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 7074 ev->rssi = rssi;
af58925c 7075 ev->flags = cpu_to_le32(flags);
e17acd40 7076
b487b9ce
MH		 7077 if (eir_len > 0) {
7078 /* When using service discovery and a list of UUID is
7079 * provided, results with no matching UUID should be
7080 * dropped. In case there is a match the result is
7081 * kept and checking possible scan response data
7082 * will be skipped.
7083 */
ea8ae251 7084 if (hdev->discovery.uuid_count > 0)
b487b9ce
MH		 7085 match = eir_has_uuids(eir, eir_len,
7086 hdev->discovery.uuid_count,
7087 hdev->discovery.uuids);
ea8ae251
MH		 7088 else
7089 match = true;
7090
7091 if (!match && !scan_rsp_len)
7092 return;
b487b9ce
MH		 7093
7094 /* Copy EIR or advertising data into event */
e319d2e7 7095 memcpy(ev->eir, eir, eir_len);
b487b9ce
MH		 7096 } else {
7097 /* When using service discovery and a list of UUID is
7098 * provided, results with empty EIR or advertising data
7099 * should be dropped since they do not match any UUID.
7100 */
ea8ae251 7101 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
b487b9ce 7102 return;
ea8ae251
MH		 7103
7104 match = false;
b487b9ce 7105 }
e17acd40 7106
1dc06093
JH		 7107 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7108 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 7109 dev_class, 3);
1dc06093 7110
b487b9ce
MH		 7111 if (scan_rsp_len > 0) {
7112 /* When using service discovery and a list of UUID is
7113 * provided, results with no matching UUID should be
7114 * dropped if there is no previous match from the
7115 * advertising data.
7116 */
7117 if (hdev->discovery.uuid_count > 0) {
7118 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7119 hdev->discovery.uuid_count,
7120 hdev->discovery.uuids))
7121 return;
7122 }
7123
7124 /* Append scan response data to event */
5d2e9fad 7125 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
b487b9ce
MH		 7126 } else {
7127 /* When using service discovery and a list of UUID is
7128 * provided, results with empty scan response and no
7129 * previous matched advertising data should be dropped.
7130 */
7131 if (hdev->discovery.uuid_count > 0 && !match)
7132 return;
7133 }
5d2e9fad
JH		 7134
7135 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7136 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7137
901801b9 7138 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7139}
a88a9652 7140
9cf12aee
MH		 7141void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7142 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7143{
b644ba33
JH		 7144 struct mgmt_ev_device_found *ev;
7145 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7146 u16 eir_len;
a88a9652 7147
b644ba33 7148 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7149
b644ba33
JH		 7150 memset(buf, 0, sizeof(buf));
7151
7152 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7153 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7154 ev->rssi = rssi;
7155
7156 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7157 name_len);
b644ba33 7158
eb55ef07 7159 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7160
9cf12aee 7161 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7162}
314b2381 7163
2f1e063b 7164void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7165{
f963e8e9 7166 struct mgmt_ev_discovering ev;
164a6e78 7167
343fb145
AG		 7168 BT_DBG("%s discovering %u", hdev->name, discovering);
7169
f963e8e9
JH		 7170 memset(&ev, 0, sizeof(ev));
7171 ev.type = hdev->discovery.type;
7172 ev.discovering = discovering;
7173
2f1e063b 7174 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7175}
5e762444 7176
5976e608
MH		 7177static void adv_enable_complete(struct hci_dev *hdev, u8 status)
7178{
7179 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7180}
7181
7182void mgmt_reenable_advertising(struct hci_dev *hdev)
7183{
7184 struct hci_request req;
7185
5976e608
MH		 7186 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7187 return;
7188
7189 hci_req_init(&req, hdev);
7190 enable_advertising(&req);
0ec5ae84 7191 hci_req_run(&req, adv_enable_complete);
5976e608 7192}
ubuntu-zesty-kernel mirror