]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix clearing remote OOB data through mgmt
[mirror_ubuntu-artful-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 47 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
eec8d2bc
JH		 132struct pending_cmd {
133 struct list_head list;
fc2f4b13 134 u16 opcode;
eec8d2bc 135 int index;
c68fb7ff 136 void *param;
eec8d2bc 137 struct sock *sk;
e9a416b5 138 void *user_data;
eec8d2bc
JH		 139};
140
ca69b795
JH		 141/* HCI to MGMT error code conversion table */
142static u8 mgmt_status_table[] = {
143 MGMT_STATUS_SUCCESS,
144 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
146 MGMT_STATUS_FAILED, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 149 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 150 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
151 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED, /* Rejected Security */
158 MGMT_STATUS_REJECTED, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
166 MGMT_STATUS_BUSY, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY, /* Role Switch Pending */
192 MGMT_STATUS_FAILED, /* Slot Violation */
193 MGMT_STATUS_FAILED, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
204};
205
206static u8 mgmt_status(u8 hci_status)
207{
208 if (hci_status < ARRAY_SIZE(mgmt_status_table))
209 return mgmt_status_table[hci_status];
210
211 return MGMT_STATUS_FAILED;
212}
213
04c60f05
MH		 214static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
215 struct sock *skip_sk)
216{
217 struct sk_buff *skb;
218 struct mgmt_hdr *hdr;
219
220 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
221 if (!skb)
222 return -ENOMEM;
223
224 hdr = (void *) skb_put(skb, sizeof(*hdr));
225 hdr->opcode = cpu_to_le16(event);
226 if (hdev)
227 hdr->index = cpu_to_le16(hdev->id);
228 else
229 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
230 hdr->len = cpu_to_le16(data_len);
231
232 if (data)
233 memcpy(skb_put(skb, data_len), data, data_len);
234
235 /* Time stamp */
236 __net_timestamp(skb);
237
238 hci_send_to_control(skb, skip_sk);
239 kfree_skb(skb);
240
241 return 0;
242}
243
4e51eae9 244static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 245{
246 struct sk_buff *skb;
247 struct mgmt_hdr *hdr;
248 struct mgmt_ev_cmd_status *ev;
56b7d137 249 int err;
f7b64e69 250
34eb525c 251 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 252
790eff44 253 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 254 if (!skb)
255 return -ENOMEM;
256
257 hdr = (void *) skb_put(skb, sizeof(*hdr));
258
dcf4adbf 259 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 260 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 261 hdr->len = cpu_to_le16(sizeof(*ev));
262
263 ev = (void *) skb_put(skb, sizeof(*ev));
264 ev->status = status;
eb55ef07 265 ev->opcode = cpu_to_le16(cmd);
f7b64e69 266
56b7d137
GP		 267 err = sock_queue_rcv_skb(sk, skb);
268 if (err < 0)
f7b64e69
JH		 269 kfree_skb(skb);
270
56b7d137 271 return err;
f7b64e69
JH		 272}
273
aee9b218 274static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 275 void *rp, size_t rp_len)
02d98129
JH		 276{
277 struct sk_buff *skb;
278 struct mgmt_hdr *hdr;
279 struct mgmt_ev_cmd_complete *ev;
56b7d137 280 int err;
02d98129
JH		 281
282 BT_DBG("sock %p", sk);
283
790eff44 284 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 285 if (!skb)
286 return -ENOMEM;
287
288 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 289
dcf4adbf 290 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 291 hdr->index = cpu_to_le16(index);
a38528f1 292 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 293
a38528f1 294 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 295 ev->opcode = cpu_to_le16(cmd);
aee9b218 296 ev->status = status;
8020c16a
SJ		 297
298 if (rp)
299 memcpy(ev->data, rp, rp_len);
02d98129 300
56b7d137
GP		 301 err = sock_queue_rcv_skb(sk, skb);
302 if (err < 0)
02d98129
JH		 303 kfree_skb(skb);
304
e5f0e151 305 return err;
02d98129
JH		 306}
307
04124681
GP		 308static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
309 u16 data_len)
a38528f1
JH		 310{
311 struct mgmt_rp_read_version rp;
312
313 BT_DBG("sock %p", sk);
314
315 rp.version = MGMT_VERSION;
dcf4adbf 316 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 317
aee9b218 318 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 319 sizeof(rp));
a38528f1
JH		 320}
321
04124681
GP		 322static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
323 u16 data_len)
e70bb2e8
JH		 324{
325 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 326 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
327 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 328 __le16 *opcode;
e70bb2e8
JH		 329 size_t rp_size;
330 int i, err;
331
332 BT_DBG("sock %p", sk);
333
334 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
335
336 rp = kmalloc(rp_size, GFP_KERNEL);
337 if (!rp)
338 return -ENOMEM;
339
dcf4adbf
JP		 340 rp->num_commands = cpu_to_le16(num_commands);
341 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 342
343 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
344 put_unaligned_le16(mgmt_commands[i], opcode);
345
346 for (i = 0; i < num_events; i++, opcode++)
347 put_unaligned_le16(mgmt_events[i], opcode);
348
aee9b218 349 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 350 rp_size);
e70bb2e8
JH		 351 kfree(rp);
352
353 return err;
354}
355
04124681
GP		 356static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
357 u16 data_len)
faba42eb 358{
faba42eb 359 struct mgmt_rp_read_index_list *rp;
8035ded4 360 struct hci_dev *d;
a38528f1 361 size_t rp_len;
faba42eb 362 u16 count;
476e44cb 363 int err;
faba42eb
JH		 364
365 BT_DBG("sock %p", sk);
366
367 read_lock(&hci_dev_list_lock);
368
369 count = 0;
bb4b2a9a 370 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 371 if (d->dev_type == HCI_BREDR &&
372 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 373 count++;
faba42eb
JH		 374 }
375
a38528f1
JH		 376 rp_len = sizeof(*rp) + (2 * count);
377 rp = kmalloc(rp_len, GFP_ATOMIC);
378 if (!rp) {
b2c60d42 379 read_unlock(&hci_dev_list_lock);
faba42eb 380 return -ENOMEM;
b2c60d42 381 }
faba42eb 382
476e44cb 383 count = 0;
8035ded4 384 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 385 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 386 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 387 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 388 continue;
389
73d1df2a
MH		 390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
392 */
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 394 continue;
395
73d1df2a
MH		 396 if (d->dev_type == HCI_BREDR &&
397 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
400 }
faba42eb
JH		 401 }
402
476e44cb
JH		 403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
405
faba42eb
JH		 406 read_unlock(&hci_dev_list_lock);
407
aee9b218 408 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 409 rp_len);
faba42eb 410
a38528f1
JH		 411 kfree(rp);
412
413 return err;
faba42eb
JH		 414}
415
73d1df2a
MH		 416static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
418{
419 struct mgmt_rp_read_unconf_index_list *rp;
420 struct hci_dev *d;
421 size_t rp_len;
422 u16 count;
423 int err;
424
425 BT_DBG("sock %p", sk);
426
427 read_lock(&hci_dev_list_lock);
428
429 count = 0;
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_BREDR &&
432 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
433 count++;
434 }
435
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
438 if (!rp) {
439 read_unlock(&hci_dev_list_lock);
440 return -ENOMEM;
441 }
442
443 count = 0;
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 446 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 447 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
448 continue;
449
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
452 */
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
454 continue;
455
456 if (d->dev_type == HCI_BREDR &&
457 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
460 }
461 }
462
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
465
466 read_unlock(&hci_dev_list_lock);
467
468 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
469 0, rp, rp_len);
470
471 kfree(rp);
472
473 return err;
474}
475
dbece37a
MH		 476static bool is_configured(struct hci_dev *hdev)
477{
478 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
479 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
480 return false;
481
482 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
483 !bacmp(&hdev->public_addr, BDADDR_ANY))
484 return false;
485
486 return true;
487}
488
89bc22d2
MH		 489static __le32 get_missing_options(struct hci_dev *hdev)
490{
491 u32 options = 0;
492
dbece37a
MH		 493 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
494 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 495 options |= MGMT_OPTION_EXTERNAL_CONFIG;
496
89bc22d2
MH		 497 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
498 !bacmp(&hdev->public_addr, BDADDR_ANY))
499 options |= MGMT_OPTION_PUBLIC_ADDRESS;
500
501 return cpu_to_le32(options);
502}
503
f4537c04
MH		 504static int new_options(struct hci_dev *hdev, struct sock *skip)
505{
506 __le32 options = get_missing_options(hdev);
507
508 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
509 sizeof(options), skip);
510}
511
dbece37a
MH		 512static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
513{
514 __le32 options = get_missing_options(hdev);
515
516 return cmd_complete(sk, hdev->id, opcode, 0, &options,
517 sizeof(options));
518}
519
9fc3bfb6
MH		 520static int read_config_info(struct sock *sk, struct hci_dev *hdev,
521 void *data, u16 data_len)
522{
523 struct mgmt_rp_read_config_info rp;
89bc22d2 524 u32 options = 0;
9fc3bfb6
MH		 525
526 BT_DBG("sock %p %s", sk, hdev->name);
527
528 hci_dev_lock(hdev);
529
530 memset(&rp, 0, sizeof(rp));
531 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 532
eb1904f4
MH		 533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
534 options |= MGMT_OPTION_EXTERNAL_CONFIG;
535
9fc3bfb6 536 if (hdev->set_bdaddr)
89bc22d2
MH		 537 options |= MGMT_OPTION_PUBLIC_ADDRESS;
538
539 rp.supported_options = cpu_to_le32(options);
540 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 541
542 hci_dev_unlock(hdev);
543
544 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
545 sizeof(rp));
546}
547
69ab39ea
JH		 548static u32 get_supported_settings(struct hci_dev *hdev)
549{
550 u32 settings = 0;
551
552 settings |= MGMT_SETTING_POWERED;
b2939475 553 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 554 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 555 settings |= MGMT_SETTING_CONNECTABLE;
556 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 557
ed3fa31f 558 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 559 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
560 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 561 settings |= MGMT_SETTING_BREDR;
562 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 563
564 if (lmp_ssp_capable(hdev)) {
565 settings |= MGMT_SETTING_SSP;
566 settings |= MGMT_SETTING_HS;
567 }
e98d2ce2 568
5afeac14 569 if (lmp_sc_capable(hdev) ||
111902f7 570 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 571 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 572 }
d7b7e796 573
eeca6f89 574 if (lmp_le_capable(hdev)) {
9d42820f 575 settings |= MGMT_SETTING_LE;
eeca6f89 576 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 577 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 578 }
69ab39ea 579
eb1904f4
MH		 580 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
581 hdev->set_bdaddr)
9fc3bfb6
MH		 582 settings |= MGMT_SETTING_CONFIGURATION;
583
69ab39ea
JH		 584 return settings;
585}
586
587static u32 get_current_settings(struct hci_dev *hdev)
588{
589 u32 settings = 0;
590
f1f0eb02 591 if (hdev_is_powered(hdev))
f0d4b78a
MH		 592 settings |= MGMT_SETTING_POWERED;
593
5e5282bb 594 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 595 settings |= MGMT_SETTING_CONNECTABLE;
596
1a4d3c4b
JH		 597 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
598 settings |= MGMT_SETTING_FAST_CONNECTABLE;
599
5e5282bb 600 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 601 settings |= MGMT_SETTING_DISCOVERABLE;
602
b6ae8457 603 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 604 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 605
56f87901 606 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_BREDR;
608
06199cf8 609 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_LE;
611
47990ea0 612 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LINK_SECURITY;
614
84bde9d6 615 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_SSP;
617
6d80dfd0
JH		 618 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
619 settings |= MGMT_SETTING_HS;
620
f3d3444a 621 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 622 settings |= MGMT_SETTING_ADVERTISING;
623
e98d2ce2
MH		 624 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
625 settings |= MGMT_SETTING_SECURE_CONN;
626
0663b297 627 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 628 settings |= MGMT_SETTING_DEBUG_KEYS;
629
0f4bd942
JH		 630 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
631 settings |= MGMT_SETTING_PRIVACY;
632
69ab39ea
JH		 633 return settings;
634}
635
ef580372
JH		 636#define PNP_INFO_SVCLASS_ID 0x1200
637
213202ed
JH		 638static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
639{
640 u8 *ptr = data, *uuids_start = NULL;
641 struct bt_uuid *uuid;
642
643 if (len < 4)
644 return ptr;
645
646 list_for_each_entry(uuid, &hdev->uuids, list) {
647 u16 uuid16;
648
649 if (uuid->size != 16)
650 continue;
651
652 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
653 if (uuid16 < 0x1100)
654 continue;
655
656 if (uuid16 == PNP_INFO_SVCLASS_ID)
657 continue;
658
659 if (!uuids_start) {
660 uuids_start = ptr;
661 uuids_start[0] = 1;
662 uuids_start[1] = EIR_UUID16_ALL;
663 ptr += 2;
664 }
665
666 /* Stop if not enough space to put next UUID */
667 if ((ptr - data) + sizeof(u16) > len) {
668 uuids_start[1] = EIR_UUID16_SOME;
669 break;
670 }
671
672 *ptr++ = (uuid16 & 0x00ff);
673 *ptr++ = (uuid16 & 0xff00) >> 8;
674 uuids_start[0] += sizeof(uuid16);
675 }
676
677 return ptr;
678}
679
cdf1963f
JH		 680static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
681{
682 u8 *ptr = data, *uuids_start = NULL;
683 struct bt_uuid *uuid;
684
685 if (len < 6)
686 return ptr;
687
688 list_for_each_entry(uuid, &hdev->uuids, list) {
689 if (uuid->size != 32)
690 continue;
691
692 if (!uuids_start) {
693 uuids_start = ptr;
694 uuids_start[0] = 1;
695 uuids_start[1] = EIR_UUID32_ALL;
696 ptr += 2;
697 }
698
699 /* Stop if not enough space to put next UUID */
700 if ((ptr - data) + sizeof(u32) > len) {
701 uuids_start[1] = EIR_UUID32_SOME;
702 break;
703 }
704
705 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
706 ptr += sizeof(u32);
707 uuids_start[0] += sizeof(u32);
708 }
709
710 return ptr;
711}
712
c00d575b
JH		 713static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
714{
715 u8 *ptr = data, *uuids_start = NULL;
716 struct bt_uuid *uuid;
717
718 if (len < 18)
719 return ptr;
720
721 list_for_each_entry(uuid, &hdev->uuids, list) {
722 if (uuid->size != 128)
723 continue;
724
725 if (!uuids_start) {
726 uuids_start = ptr;
727 uuids_start[0] = 1;
728 uuids_start[1] = EIR_UUID128_ALL;
729 ptr += 2;
730 }
731
732 /* Stop if not enough space to put next UUID */
733 if ((ptr - data) + 16 > len) {
734 uuids_start[1] = EIR_UUID128_SOME;
735 break;
736 }
737
738 memcpy(ptr, uuid->uuid, 16);
739 ptr += 16;
740 uuids_start[0] += 16;
741 }
742
743 return ptr;
744}
745
eb2a8d20
JH		 746static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747{
748 struct pending_cmd *cmd;
749
750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
751 if (cmd->opcode == opcode)
752 return cmd;
753 }
754
755 return NULL;
756}
757
95868426
JH		 758static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
759 struct hci_dev *hdev,
760 const void *data)
761{
762 struct pending_cmd *cmd;
763
764 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
765 if (cmd->user_data != data)
766 continue;
767 if (cmd->opcode == opcode)
768 return cmd;
769 }
770
771 return NULL;
772}
773
f14d8f64
MH		 774static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
775{
7a5f4990
MH		 776 u8 ad_len = 0;
777 size_t name_len;
778
779 name_len = strlen(hdev->dev_name);
780 if (name_len > 0) {
781 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
782
783 if (name_len > max_len) {
784 name_len = max_len;
785 ptr[1] = EIR_NAME_SHORT;
786 } else
787 ptr[1] = EIR_NAME_COMPLETE;
788
789 ptr[0] = name_len + 1;
790
791 memcpy(ptr + 2, hdev->dev_name, name_len);
792
793 ad_len += (name_len + 2);
794 ptr += (name_len + 2);
795 }
796
797 return ad_len;
f14d8f64
MH		 798}
799
800static void update_scan_rsp_data(struct hci_request *req)
801{
802 struct hci_dev *hdev = req->hdev;
803 struct hci_cp_le_set_scan_rsp_data cp;
804 u8 len;
805
7751ef1b 806 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 807 return;
808
809 memset(&cp, 0, sizeof(cp));
810
811 len = create_scan_rsp_data(hdev, cp.data);
812
eb438b5f
JH		 813 if (hdev->scan_rsp_data_len == len &&
814 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 815 return;
816
eb438b5f
JH		 817 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
818 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 819
820 cp.length = len;
821
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
823}
824
9a43e25f
JH		 825static u8 get_adv_discov_flags(struct hci_dev *hdev)
826{
827 struct pending_cmd *cmd;
828
829 /* If there's a pending mgmt command the flags will not yet have
830 * their final values, so check for this first.
831 */
832 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
833 if (cmd) {
834 struct mgmt_mode *cp = cmd->param;
835 if (cp->val == 0x01)
836 return LE_AD_GENERAL;
837 else if (cp->val == 0x02)
838 return LE_AD_LIMITED;
839 } else {
840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
841 return LE_AD_LIMITED;
842 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
843 return LE_AD_GENERAL;
844 }
845
846 return 0;
847}
848
46cad2ed 849static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 850{
851 u8 ad_len = 0, flags = 0;
441ad2d0 852
9a43e25f 853 flags |= get_adv_discov_flags(hdev);
441ad2d0 854
e834004b 855 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 856 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 857
858 if (flags) {
859 BT_DBG("adv flags 0x%02x", flags);
860
861 ptr[0] = 2;
862 ptr[1] = EIR_FLAGS;
863 ptr[2] = flags;
864
865 ad_len += 3;
866 ptr += 3;
867 }
868
869 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
870 ptr[0] = 2;
871 ptr[1] = EIR_TX_POWER;
872 ptr[2] = (u8) hdev->adv_tx_power;
873
874 ad_len += 3;
875 ptr += 3;
876 }
877
441ad2d0
MH		 878 return ad_len;
879}
880
5947f4bc 881static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 882{
883 struct hci_dev *hdev = req->hdev;
884 struct hci_cp_le_set_adv_data cp;
885 u8 len;
886
10994ce6 887 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 888 return;
889
890 memset(&cp, 0, sizeof(cp));
891
46cad2ed 892 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 893
894 if (hdev->adv_data_len == len &&
895 memcmp(cp.data, hdev->adv_data, len) == 0)
896 return;
897
898 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
899 hdev->adv_data_len = len;
900
901 cp.length = len;
902
903 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
904}
905
bc6d2d04
JH		 906int mgmt_update_adv_data(struct hci_dev *hdev)
907{
908 struct hci_request req;
909
910 hci_req_init(&req, hdev);
911 update_adv_data(&req);
912
913 return hci_req_run(&req, NULL);
914}
915
ef580372
JH		 916static void create_eir(struct hci_dev *hdev, u8 *data)
917{
918 u8 *ptr = data;
ef580372
JH		 919 size_t name_len;
920
921 name_len = strlen(hdev->dev_name);
922
923 if (name_len > 0) {
924 /* EIR Data type */
925 if (name_len > 48) {
926 name_len = 48;
927 ptr[1] = EIR_NAME_SHORT;
928 } else
929 ptr[1] = EIR_NAME_COMPLETE;
930
931 /* EIR Data length */
932 ptr[0] = name_len + 1;
933
934 memcpy(ptr + 2, hdev->dev_name, name_len);
935
ef580372
JH		 936 ptr += (name_len + 2);
937 }
938
bbaf444a 939 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 940 ptr[0] = 2;
941 ptr[1] = EIR_TX_POWER;
942 ptr[2] = (u8) hdev->inq_tx_power;
943
91c4e9b1
MH		 944 ptr += 3;
945 }
946
2b9be137
MH		 947 if (hdev->devid_source > 0) {
948 ptr[0] = 9;
949 ptr[1] = EIR_DEVICE_ID;
950
951 put_unaligned_le16(hdev->devid_source, ptr + 2);
952 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
953 put_unaligned_le16(hdev->devid_product, ptr + 6);
954 put_unaligned_le16(hdev->devid_version, ptr + 8);
955
2b9be137
MH		 956 ptr += 10;
957 }
958
213202ed 959 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 960 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 961 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 962}
963
890ea898 964static void update_eir(struct hci_request *req)
ef580372 965{
890ea898 966 struct hci_dev *hdev = req->hdev;
ef580372
JH		 967 struct hci_cp_write_eir cp;
968
504c8dcd 969 if (!hdev_is_powered(hdev))
890ea898 970 return;
7770c4aa 971
976eb20e 972 if (!lmp_ext_inq_capable(hdev))
890ea898 973 return;
ef580372 974
84bde9d6 975 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 976 return;
ef580372 977
a8b2d5c2 978 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 979 return;
ef580372
JH		 980
981 memset(&cp, 0, sizeof(cp));
982
983 create_eir(hdev, cp.data);
984
985 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 986 return;
ef580372
JH		 987
988 memcpy(hdev->eir, cp.data, sizeof(cp.data));
989
890ea898 990 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 991}
992
993static u8 get_service_classes(struct hci_dev *hdev)
994{
995 struct bt_uuid *uuid;
996 u8 val = 0;
997
998 list_for_each_entry(uuid, &hdev->uuids, list)
999 val |= uuid->svc_hint;
1000
1001 return val;
1002}
1003
890ea898 1004static void update_class(struct hci_request *req)
ef580372 1005{
890ea898 1006 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1007 u8 cod[3];
1008
1009 BT_DBG("%s", hdev->name);
1010
504c8dcd 1011 if (!hdev_is_powered(hdev))
890ea898 1012 return;
7770c4aa 1013
f87ea1da
JH		 1014 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1015 return;
1016
a8b2d5c2 1017 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1018 return;
ef580372
JH		 1019
1020 cod[0] = hdev->minor_class;
1021 cod[1] = hdev->major_class;
1022 cod[2] = get_service_classes(hdev);
1023
6acd7db4
MH		 1024 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1025 cod[1] |= 0x20;
1026
ef580372 1027 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1028 return;
ef580372 1029
890ea898 1030 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1031}
1032
a4858cb9 1033static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1034{
1035 struct pending_cmd *cmd;
199a2fb1
JH		 1036
1037 /* If there's a pending mgmt command the flag will not yet have
1038 * it's final value, so check for this first.
1039 */
1040 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1041 if (cmd) {
1042 struct mgmt_mode *cp = cmd->param;
a4858cb9 1043 return cp->val;
199a2fb1
JH		 1044 }
1045
a4858cb9 1046 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1047}
1048
0ec5ae84
JH		 1049static void disable_advertising(struct hci_request *req)
1050{
1051 u8 enable = 0x00;
1052
1053 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1054}
1055
199a2fb1
JH		 1056static void enable_advertising(struct hci_request *req)
1057{
1058 struct hci_dev *hdev = req->hdev;
1059 struct hci_cp_le_set_adv_param cp;
8f2a0601 1060 u8 own_addr_type, enable = 0x01;
a4858cb9 1061 bool connectable;
199a2fb1 1062
0ec5ae84
JH		 1063 if (hci_conn_num(hdev, LE_LINK) > 0)
1064 return;
1065
1066 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1067 disable_advertising(req);
1068
5ce194c4 1069 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1070 * hci_update_random_address knows that it's safe to go ahead
1071 * and write a new random address. The flag will be set back on
1072 * as soon as the SET_ADV_ENABLE HCI command completes.
1073 */
5ce194c4 1074 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1075
a4858cb9 1076 connectable = get_connectable(hdev);
8f2a0601 1077
a4858cb9
JH		 1078 /* Set require_privacy to true only when non-connectable
1079 * advertising is used. In that case it is fine to use a
1080 * non-resolvable private address.
1081 */
1082 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1083 return;
1084
41c90c18 1085 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1086 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1087 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1088 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1089 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1090 cp.channel_map = hdev->le_adv_channel_map;
1091
1092 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1093
1094 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1095}
1096
7d78525d
JH		 1097static void service_cache_off(struct work_struct *work)
1098{
1099 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1100 service_cache.work);
890ea898 1101 struct hci_request req;
7d78525d 1102
a8b2d5c2 1103 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1104 return;
1105
890ea898
JH		 1106 hci_req_init(&req, hdev);
1107
7d78525d
JH		 1108 hci_dev_lock(hdev);
1109
890ea898
JH		 1110 update_eir(&req);
1111 update_class(&req);
7d78525d
JH		 1112
1113 hci_dev_unlock(hdev);
890ea898
JH		 1114
1115 hci_req_run(&req, NULL);
7d78525d
JH		 1116}
1117
d6bfd59c
JH		 1118static void rpa_expired(struct work_struct *work)
1119{
1120 struct hci_dev *hdev = container_of(work, struct hci_dev,
1121 rpa_expired.work);
1122 struct hci_request req;
1123
1124 BT_DBG("");
1125
1126 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1127
0ec5ae84 1128 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1129 return;
1130
1131 /* The generation of a new RPA and programming it into the
1132 * controller happens in the enable_advertising() function.
1133 */
d6bfd59c 1134 hci_req_init(&req, hdev);
d6bfd59c 1135 enable_advertising(&req);
d6bfd59c
JH		 1136 hci_req_run(&req, NULL);
1137}
1138
6a919082 1139static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1140{
4f87da80 1141 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1142 return;
1143
4f87da80 1144 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1145 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1146
4f87da80
JH		 1147 /* Non-mgmt controlled devices get this bit set
1148 * implicitly so that pairing works for them, however
1149 * for mgmt we require user-space to explicitly enable
1150 * it
1151 */
b6ae8457 1152 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1153}
1154
0f4e68cf 1155static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1156 void *data, u16 data_len)
0381101f 1157{
a38528f1 1158 struct mgmt_rp_read_info rp;
f7b64e69 1159
bdb6d971 1160 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1161
09fd0de5 1162 hci_dev_lock(hdev);
f7b64e69 1163
dc4fe30b
JH		 1164 memset(&rp, 0, sizeof(rp));
1165
69ab39ea 1166 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1167
69ab39ea 1168 rp.version = hdev->hci_ver;
eb55ef07 1169 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1170
1171 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1172 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1173
a38528f1 1174 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1175
dc4fe30b 1176 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1177 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1178
09fd0de5 1179 hci_dev_unlock(hdev);
0381101f 1180
bdb6d971 1181 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1182 sizeof(rp));
0381101f
JH		 1183}
1184
eec8d2bc
JH		 1185static void mgmt_pending_free(struct pending_cmd *cmd)
1186{
1187 sock_put(cmd->sk);
c68fb7ff 1188 kfree(cmd->param);
eec8d2bc
JH		 1189 kfree(cmd);
1190}
1191
366a0336 1192static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1193 struct hci_dev *hdev, void *data,
1194 u16 len)
eec8d2bc
JH		 1195{
1196 struct pending_cmd *cmd;
1197
fca20018 1198 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1199 if (!cmd)
366a0336 1200 return NULL;
eec8d2bc
JH		 1201
1202 cmd->opcode = opcode;
2e58ef3e 1203 cmd->index = hdev->id;
eec8d2bc 1204
12b94565 1205 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1206 if (!cmd->param) {
eec8d2bc 1207 kfree(cmd);
366a0336 1208 return NULL;
eec8d2bc
JH		 1209 }
1210
8fce6357
SJ		 1211 if (data)
1212 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1213
1214 cmd->sk = sk;
1215 sock_hold(sk);
1216
2e58ef3e 1217 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1218
366a0336 1219 return cmd;
eec8d2bc
JH		 1220}
1221
744cf19e 1222static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1223 void (*cb)(struct pending_cmd *cmd,
1224 void *data),
04124681 1225 void *data)
eec8d2bc 1226{
a3d09356 1227 struct pending_cmd *cmd, *tmp;
eec8d2bc 1228
a3d09356 1229 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1230 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1231 continue;
1232
eec8d2bc
JH		 1233 cb(cmd, data);
1234 }
1235}
1236
a664b5bc 1237static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1238{
73f22f62
JH		 1239 list_del(&cmd->list);
1240 mgmt_pending_free(cmd);
1241}
1242
69ab39ea 1243static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1244{
69ab39ea 1245 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1246
aee9b218 1247 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1248 sizeof(settings));
8680570b
JH		 1249}
1250
8b064a3a
JH		 1251static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1252{
1253 BT_DBG("%s status 0x%02x", hdev->name, status);
1254
a3172b7e
JH		 1255 if (hci_conn_count(hdev) == 0) {
1256 cancel_delayed_work(&hdev->power_off);
8b064a3a 1257 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1258 }
8b064a3a
JH		 1259}
1260
23a48093 1261static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1262{
1263 struct hci_dev *hdev = req->hdev;
1264 struct hci_cp_remote_name_req_cancel cp;
1265 struct inquiry_entry *e;
1266
1267 switch (hdev->discovery.state) {
1268 case DISCOVERY_FINDING:
1269 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1270 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1271 } else {
1272 cancel_delayed_work(&hdev->le_scan_disable);
1273 hci_req_add_le_scan_disable(req);
1274 }
1275
23a48093 1276 return true;
21a60d30
JH		 1277
1278 case DISCOVERY_RESOLVING:
1279 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1280 NAME_PENDING);
1281 if (!e)
23a48093 1282 break;
21a60d30
JH		 1283
1284 bacpy(&cp.bdaddr, &e->data.bdaddr);
1285 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1286 &cp);
1287
23a48093 1288 return true;
21a60d30
JH		 1289
1290 default:
1291 /* Passive scanning */
23a48093 1292 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1293 hci_req_add_le_scan_disable(req);
23a48093
JH		 1294 return true;
1295 }
1296
21a60d30
JH		 1297 break;
1298 }
23a48093
JH		 1299
1300 return false;
21a60d30
JH		 1301}
1302
8b064a3a
JH		 1303static int clean_up_hci_state(struct hci_dev *hdev)
1304{
1305 struct hci_request req;
1306 struct hci_conn *conn;
23a48093
JH		 1307 bool discov_stopped;
1308 int err;
8b064a3a
JH		 1309
1310 hci_req_init(&req, hdev);
1311
1312 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1313 test_bit(HCI_PSCAN, &hdev->flags)) {
1314 u8 scan = 0x00;
1315 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1316 }
1317
73e082f8 1318 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1319 disable_advertising(&req);
1320
23a48093 1321 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1322
1323 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1324 struct hci_cp_disconnect dc;
c9910d0f
JH		 1325 struct hci_cp_reject_conn_req rej;
1326
1327 switch (conn->state) {
1328 case BT_CONNECTED:
1329 case BT_CONFIG:
1330 dc.handle = cpu_to_le16(conn->handle);
1331 dc.reason = 0x15; /* Terminated due to Power Off */
1332 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1333 break;
1334 case BT_CONNECT:
1335 if (conn->type == LE_LINK)
1336 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1337 0, NULL);
1338 else if (conn->type == ACL_LINK)
1339 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1340 6, &conn->dst);
1341 break;
1342 case BT_CONNECT2:
1343 bacpy(&rej.bdaddr, &conn->dst);
1344 rej.reason = 0x15; /* Terminated due to Power Off */
1345 if (conn->type == ACL_LINK)
1346 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1347 sizeof(rej), &rej);
1348 else if (conn->type == SCO_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1350 sizeof(rej), &rej);
1351 break;
1352 }
8b064a3a
JH		 1353 }
1354
23a48093
JH		 1355 err = hci_req_run(&req, clean_up_hci_complete);
1356 if (!err && discov_stopped)
1357 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1358
1359 return err;
8b064a3a
JH		 1360}
1361
bdb6d971 1362static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1363 u16 len)
eec8d2bc 1364{
650f726d 1365 struct mgmt_mode *cp = data;
366a0336 1366 struct pending_cmd *cmd;
4b34ee78 1367 int err;
eec8d2bc 1368
bdb6d971 1369 BT_DBG("request for %s", hdev->name);
eec8d2bc 1370
a7e80f25
JH		 1371 if (cp->val != 0x00 && cp->val != 0x01)
1372 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1373 MGMT_STATUS_INVALID_PARAMS);
1374
09fd0de5 1375 hci_dev_lock(hdev);
eec8d2bc 1376
87b95ba6
JH		 1377 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1378 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1379 MGMT_STATUS_BUSY);
1380 goto failed;
1381 }
1382
f0d4b78a
MH		 1383 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1384 cancel_delayed_work(&hdev->power_off);
1385
1386 if (cp->val) {
a1d70450
JH		 1387 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1388 data, len);
1389 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1390 goto failed;
1391 }
1392 }
1393
4b34ee78 1394 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1395 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1396 goto failed;
1397 }
1398
2e58ef3e 1399 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1400 if (!cmd) {
1401 err = -ENOMEM;
eec8d2bc 1402 goto failed;
366a0336 1403 }
eec8d2bc 1404
8b064a3a 1405 if (cp->val) {
19202573 1406 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1407 err = 0;
1408 } else {
1409 /* Disconnect connections, stop scans, etc */
1410 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1411 if (!err)
1412 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1413 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1414
8b064a3a
JH		 1415 /* ENODATA means there were no HCI commands queued */
1416 if (err == -ENODATA) {
a3172b7e 1417 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1418 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1419 err = 0;
1420 }
1421 }
eec8d2bc
JH		 1422
1423failed:
09fd0de5 1424 hci_dev_unlock(hdev);
366a0336 1425 return err;
eec8d2bc
JH		 1426}
1427
beadb2bd
JH		 1428static int new_settings(struct hci_dev *hdev, struct sock *skip)
1429{
1430 __le32 ev;
1431
1432 ev = cpu_to_le32(get_current_settings(hdev));
1433
1434 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1435}
1436
91a668b0
JH		 1437int mgmt_new_settings(struct hci_dev *hdev)
1438{
1439 return new_settings(hdev, NULL);
1440}
1441
bd99abdd
JH		 1442struct cmd_lookup {
1443 struct sock *sk;
1444 struct hci_dev *hdev;
1445 u8 mgmt_status;
1446};
1447
1448static void settings_rsp(struct pending_cmd *cmd, void *data)
1449{
1450 struct cmd_lookup *match = data;
1451
1452 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1453
1454 list_del(&cmd->list);
1455
1456 if (match->sk == NULL) {
1457 match->sk = cmd->sk;
1458 sock_hold(match->sk);
1459 }
1460
1461 mgmt_pending_free(cmd);
1462}
1463
1464static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1465{
1466 u8 *status = data;
1467
1468 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1469 mgmt_pending_remove(cmd);
1470}
1471
e6fe7986
JH		 1472static u8 mgmt_bredr_support(struct hci_dev *hdev)
1473{
1474 if (!lmp_bredr_capable(hdev))
1475 return MGMT_STATUS_NOT_SUPPORTED;
1476 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1477 return MGMT_STATUS_REJECTED;
1478 else
1479 return MGMT_STATUS_SUCCESS;
1480}
1481
1482static u8 mgmt_le_support(struct hci_dev *hdev)
1483{
1484 if (!lmp_le_capable(hdev))
1485 return MGMT_STATUS_NOT_SUPPORTED;
1486 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1487 return MGMT_STATUS_REJECTED;
1488 else
1489 return MGMT_STATUS_SUCCESS;
1490}
1491
bfaf8c9f
JH		 1492static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1493{
1494 struct pending_cmd *cmd;
1495 struct mgmt_mode *cp;
970ba524 1496 struct hci_request req;
bfaf8c9f
JH		 1497 bool changed;
1498
1499 BT_DBG("status 0x%02x", status);
1500
1501 hci_dev_lock(hdev);
1502
1503 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1504 if (!cmd)
1505 goto unlock;
1506
1507 if (status) {
1508 u8 mgmt_err = mgmt_status(status);
1509 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1510 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1511 goto remove_cmd;
1512 }
1513
1514 cp = cmd->param;
d4462a07 1515 if (cp->val) {
bfaf8c9f
JH		 1516 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1517 &hdev->dev_flags);
d4462a07
MH		 1518
1519 if (hdev->discov_timeout > 0) {
1520 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1521 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1522 to);
1523 }
1524 } else {
bfaf8c9f
JH		 1525 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1526 &hdev->dev_flags);
d4462a07 1527 }
bfaf8c9f
JH		 1528
1529 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1530
1531 if (changed)
1532 new_settings(hdev, cmd->sk);
1533
970ba524
MH		 1534 /* When the discoverable mode gets changed, make sure
1535 * that class of device has the limited discoverable
432df05e
JH		 1536 * bit correctly set. Also update page scan based on whitelist
1537 * entries.
970ba524
MH		 1538 */
1539 hci_req_init(&req, hdev);
432df05e 1540 hci_update_page_scan(hdev, &req);
970ba524
MH		 1541 update_class(&req);
1542 hci_req_run(&req, NULL);
1543
bfaf8c9f
JH		 1544remove_cmd:
1545 mgmt_pending_remove(cmd);
1546
1547unlock:
1548 hci_dev_unlock(hdev);
1549}
1550
bdb6d971 1551static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1552 u16 len)
73f22f62 1553{
650f726d 1554 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1555 struct pending_cmd *cmd;
bfaf8c9f 1556 struct hci_request req;
5e5282bb 1557 u16 timeout;
9a43e25f 1558 u8 scan;
73f22f62
JH		 1559 int err;
1560
bdb6d971 1561 BT_DBG("request for %s", hdev->name);
73f22f62 1562
9a43e25f
JH		 1563 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1564 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1566 MGMT_STATUS_REJECTED);
33c525c0 1567
310a3d48 1568 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1569 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1570 MGMT_STATUS_INVALID_PARAMS);
1571
1f350c87 1572 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1573
1574 /* Disabling discoverable requires that no timeout is set,
1575 * and enabling limited discoverable requires a timeout.
1576 */
1577 if ((cp->val == 0x00 && timeout > 0) ||
1578 (cp->val == 0x02 && timeout == 0))
bdb6d971 1579 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1580 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1581
09fd0de5 1582 hci_dev_lock(hdev);
73f22f62 1583
5e5282bb 1584 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1585 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1586 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1587 goto failed;
1588 }
1589
2e58ef3e 1590 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1591 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1592 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1593 MGMT_STATUS_BUSY);
73f22f62
JH		 1594 goto failed;
1595 }
1596
5e5282bb 1597 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1598 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1599 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1600 goto failed;
1601 }
1602
1603 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1604 bool changed = false;
1605
310a3d48
MH		 1606 /* Setting limited discoverable when powered off is
1607 * not a valid operation since it requires a timeout
1608 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1609 */
0224d2fa
JH		 1610 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1611 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1612 changed = true;
1613 }
1614
5e5282bb 1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1616 if (err < 0)
1617 goto failed;
1618
1619 if (changed)
1620 err = new_settings(hdev, sk);
1621
5e5282bb
JH		 1622 goto failed;
1623 }
1624
310a3d48
MH		 1625 /* If the current mode is the same, then just update the timeout
1626 * value with the new value. And if only the timeout gets updated,
1627 * then no need for any HCI transactions.
1628 */
1629 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1630 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1631 &hdev->dev_flags)) {
36261547
MH		 1632 cancel_delayed_work(&hdev->discov_off);
1633 hdev->discov_timeout = timeout;
955638ec 1634
36261547
MH		 1635 if (cp->val && hdev->discov_timeout > 0) {
1636 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1637 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1638 to);
955638ec
MH		 1639 }
1640
69ab39ea 1641 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1642 goto failed;
1643 }
1644
2e58ef3e 1645 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1646 if (!cmd) {
1647 err = -ENOMEM;
73f22f62 1648 goto failed;
366a0336 1649 }
73f22f62 1650
310a3d48
MH		 1651 /* Cancel any potential discoverable timeout that might be
1652 * still active and store new timeout value. The arming of
1653 * the timeout happens in the complete handler.
1654 */
1655 cancel_delayed_work(&hdev->discov_off);
1656 hdev->discov_timeout = timeout;
1657
b456f87c
JH		 1658 /* Limited discoverable mode */
1659 if (cp->val == 0x02)
1660 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1661 else
1662 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1663
bfaf8c9f
JH		 1664 hci_req_init(&req, hdev);
1665
9a43e25f
JH		 1666 /* The procedure for LE-only controllers is much simpler - just
1667 * update the advertising data.
1668 */
1669 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1670 goto update_ad;
1671
73f22f62
JH		 1672 scan = SCAN_PAGE;
1673
310a3d48
MH		 1674 if (cp->val) {
1675 struct hci_cp_write_current_iac_lap hci_cp;
1676
1677 if (cp->val == 0x02) {
1678 /* Limited discoverable mode */
33337dcb 1679 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1680 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1681 hci_cp.iac_lap[1] = 0x8b;
1682 hci_cp.iac_lap[2] = 0x9e;
1683 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1684 hci_cp.iac_lap[4] = 0x8b;
1685 hci_cp.iac_lap[5] = 0x9e;
1686 } else {
1687 /* General discoverable mode */
310a3d48
MH		 1688 hci_cp.num_iac = 1;
1689 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1690 hci_cp.iac_lap[1] = 0x8b;
1691 hci_cp.iac_lap[2] = 0x9e;
1692 }
1693
1694 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1695 (hci_cp.num_iac * 3) + 1, &hci_cp);
1696
73f22f62 1697 scan |= SCAN_INQUIRY;
310a3d48
MH		 1698 } else {
1699 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1700 }
73f22f62 1701
310a3d48 1702 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1703
9a43e25f
JH		 1704update_ad:
1705 update_adv_data(&req);
1706
bfaf8c9f 1707 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1708 if (err < 0)
a664b5bc 1709 mgmt_pending_remove(cmd);
73f22f62
JH		 1710
1711failed:
09fd0de5 1712 hci_dev_unlock(hdev);
73f22f62
JH		 1713 return err;
1714}
1715
406d7804
JH		 1716static void write_fast_connectable(struct hci_request *req, bool enable)
1717{
bd98b996 1718 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1719 struct hci_cp_write_page_scan_activity acp;
1720 u8 type;
1721
547003b1
JH		 1722 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1723 return;
1724
4c01f8b8
JH		 1725 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1726 return;
1727
406d7804
JH		 1728 if (enable) {
1729 type = PAGE_SCAN_TYPE_INTERLACED;
1730
1731 /* 160 msec page scan interval */
dcf4adbf 1732 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1733 } else {
1734 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1735
1736 /* default 1.28 sec page scan */
dcf4adbf 1737 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1738 }
1739
dcf4adbf 1740 acp.window = cpu_to_le16(0x0012);
406d7804 1741
bd98b996
JH		 1742 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1743 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1744 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1745 sizeof(acp), &acp);
1746
1747 if (hdev->page_scan_type != type)
1748 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1749}
1750
2b76f453
JH		 1751static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1752{
1753 struct pending_cmd *cmd;
d7b856f9 1754 struct mgmt_mode *cp;
bc6d2d04 1755 bool conn_changed, discov_changed;
2b76f453
JH		 1756
1757 BT_DBG("status 0x%02x", status);
1758
1759 hci_dev_lock(hdev);
1760
1761 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1762 if (!cmd)
1763 goto unlock;
1764
37438c1f
JH		 1765 if (status) {
1766 u8 mgmt_err = mgmt_status(status);
1767 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1768 goto remove_cmd;
1769 }
1770
d7b856f9 1771 cp = cmd->param;
bc6d2d04
JH		 1772 if (cp->val) {
1773 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1774 &hdev->dev_flags);
1775 discov_changed = false;
1776 } else {
1777 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1778 &hdev->dev_flags);
1779 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1780 &hdev->dev_flags);
1781 }
d7b856f9 1782
2b76f453
JH		 1783 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1784
bc6d2d04 1785 if (conn_changed || discov_changed) {
d7b856f9 1786 new_settings(hdev, cmd->sk);
432df05e 1787 hci_update_page_scan(hdev, NULL);
bc6d2d04
JH		 1788 if (discov_changed)
1789 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1790 hci_update_background_scan(hdev);
1791 }
d7b856f9 1792
37438c1f 1793remove_cmd:
2b76f453
JH		 1794 mgmt_pending_remove(cmd);
1795
1796unlock:
1797 hci_dev_unlock(hdev);
1798}
1799
e8ba3a1f
JH		 1800static int set_connectable_update_settings(struct hci_dev *hdev,
1801 struct sock *sk, u8 val)
1802{
1803 bool changed = false;
1804 int err;
1805
1806 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1807 changed = true;
1808
1809 if (val) {
1810 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1811 } else {
1812 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1813 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1814 }
1815
1816 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1817 if (err < 0)
1818 return err;
1819
562064e6 1820 if (changed) {
432df05e 1821 hci_update_page_scan(hdev, NULL);
562064e6 1822 hci_update_background_scan(hdev);
e8ba3a1f 1823 return new_settings(hdev, sk);
562064e6 1824 }
e8ba3a1f
JH		 1825
1826 return 0;
1827}
1828
bdb6d971 1829static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1830 u16 len)
9fbcbb45 1831{
650f726d 1832 struct mgmt_mode *cp = data;
366a0336 1833 struct pending_cmd *cmd;
2b76f453 1834 struct hci_request req;
1987fdc7 1835 u8 scan;
9fbcbb45
JH		 1836 int err;
1837
bdb6d971 1838 BT_DBG("request for %s", hdev->name);
9fbcbb45 1839
1987fdc7
JH		 1840 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1841 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1842 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1843 MGMT_STATUS_REJECTED);
33c525c0 1844
a7e80f25
JH		 1845 if (cp->val != 0x00 && cp->val != 0x01)
1846 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1847 MGMT_STATUS_INVALID_PARAMS);
1848
09fd0de5 1849 hci_dev_lock(hdev);
9fbcbb45 1850
4b34ee78 1851 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1852 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1853 goto failed;
1854 }
1855
2e58ef3e 1856 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1857 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1858 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1859 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1860 goto failed;
1861 }
1862
2e58ef3e 1863 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1864 if (!cmd) {
1865 err = -ENOMEM;
9fbcbb45 1866 goto failed;
366a0336 1867 }
9fbcbb45 1868
9b74246f 1869 hci_req_init(&req, hdev);
9fbcbb45 1870
9a43e25f
JH		 1871 /* If BR/EDR is not enabled and we disable advertising as a
1872 * by-product of disabling connectable, we need to update the
1873 * advertising flags.
1874 */
1875 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1876 if (!cp->val) {
1877 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1878 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1879 }
1880 update_adv_data(&req);
1881 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1882 if (cp->val) {
1883 scan = SCAN_PAGE;
1884 } else {
3bd27240
JH		 1885 /* If we don't have any whitelist entries just
1886 * disable all scanning. If there are entries
1887 * and we had both page and inquiry scanning
1888 * enabled then fall back to only page scanning.
1889 * Otherwise no changes are needed.
1890 */
1891 if (list_empty(&hdev->whitelist))
1892 scan = SCAN_DISABLED;
1893 else if (test_bit(HCI_ISCAN, &hdev->flags))
1894 scan = SCAN_PAGE;
1895 else
1896 goto no_scan_update;
9b74246f
JH		 1897
1898 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1899 hdev->discov_timeout > 0)
9b74246f
JH		 1900 cancel_delayed_work(&hdev->discov_off);
1901 }
2b76f453 1902
9b74246f
JH		 1903 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1904 }
2b76f453 1905
3bd27240 1906no_scan_update:
4c01f8b8
JH		 1907 /* If we're going from non-connectable to connectable or
1908 * vice-versa when fast connectable is enabled ensure that fast
1909 * connectable gets disabled. write_fast_connectable won't do
1910 * anything if the page scan parameters are already what they
1911 * should be.
1912 */
1913 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1914 write_fast_connectable(&req, false);
1915
e8b1202c
JH		 1916 /* Update the advertising parameters if necessary */
1917 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1918 enable_advertising(&req);
1987fdc7 1919
2b76f453 1920 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1921 if (err < 0) {
a664b5bc 1922 mgmt_pending_remove(cmd);
9b74246f 1923 if (err == -ENODATA)
a81070ba
JH		 1924 err = set_connectable_update_settings(hdev, sk,
1925 cp->val);
9b74246f
JH		 1926 goto failed;
1927 }
9fbcbb45
JH		 1928
1929failed:
09fd0de5 1930 hci_dev_unlock(hdev);
9fbcbb45
JH		 1931 return err;
1932}
1933
b2939475 1934static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1935 u16 len)
c542a06c 1936{
650f726d 1937 struct mgmt_mode *cp = data;
55594356 1938 bool changed;
c542a06c
JH		 1939 int err;
1940
bdb6d971 1941 BT_DBG("request for %s", hdev->name);
c542a06c 1942
a7e80f25 1943 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1944 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1945 MGMT_STATUS_INVALID_PARAMS);
1946
09fd0de5 1947 hci_dev_lock(hdev);
c542a06c
JH		 1948
1949 if (cp->val)
b6ae8457 1950 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1951 else
b6ae8457 1952 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1953
b2939475 1954 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1955 if (err < 0)
55594356 1956 goto unlock;
c542a06c 1957
55594356
MH		 1958 if (changed)
1959 err = new_settings(hdev, sk);
c542a06c 1960
55594356 1961unlock:
09fd0de5 1962 hci_dev_unlock(hdev);
c542a06c
JH		 1963 return err;
1964}
1965
04124681
GP		 1966static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1967 u16 len)
33ef95ed
JH		 1968{
1969 struct mgmt_mode *cp = data;
1970 struct pending_cmd *cmd;
e6fe7986 1971 u8 val, status;
33ef95ed
JH		 1972 int err;
1973
bdb6d971 1974 BT_DBG("request for %s", hdev->name);
33ef95ed 1975
e6fe7986
JH		 1976 status = mgmt_bredr_support(hdev);
1977 if (status)
33c525c0 1978 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1979 status);
33c525c0 1980
a7e80f25
JH		 1981 if (cp->val != 0x00 && cp->val != 0x01)
1982 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1983 MGMT_STATUS_INVALID_PARAMS);
1984
33ef95ed
JH		 1985 hci_dev_lock(hdev);
1986
4b34ee78 1987 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1988 bool changed = false;
1989
1990 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1991 &hdev->dev_flags)) {
47990ea0
JH		 1992 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1993 changed = true;
1994 }
1995
1996 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1997 if (err < 0)
1998 goto failed;
1999
2000 if (changed)
2001 err = new_settings(hdev, sk);
2002
33ef95ed
JH		 2003 goto failed;
2004 }
2005
2006 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2007 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2008 MGMT_STATUS_BUSY);
33ef95ed
JH		 2009 goto failed;
2010 }
2011
2012 val = !!cp->val;
2013
2014 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2015 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2016 goto failed;
2017 }
2018
2019 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2020 if (!cmd) {
2021 err = -ENOMEM;
2022 goto failed;
2023 }
2024
2025 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2026 if (err < 0) {
2027 mgmt_pending_remove(cmd);
2028 goto failed;
2029 }
2030
2031failed:
2032 hci_dev_unlock(hdev);
33ef95ed
JH		 2033 return err;
2034}
2035
bdb6d971 2036static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2037{
2038 struct mgmt_mode *cp = data;
2039 struct pending_cmd *cmd;
72ef0c1a 2040 u8 status;
ed2c4ee3
JH		 2041 int err;
2042
bdb6d971 2043 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2044
cdba5281
MH		 2045 status = mgmt_bredr_support(hdev);
2046 if (status)
2047 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2048
13ecd8b6
JH		 2049 if (!lmp_ssp_capable(hdev))
2050 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2051 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2052
a7e80f25
JH		 2053 if (cp->val != 0x00 && cp->val != 0x01)
2054 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2055 MGMT_STATUS_INVALID_PARAMS);
2056
13ecd8b6 2057 hci_dev_lock(hdev);
6c8f12c1 2058
4b34ee78 2059 if (!hdev_is_powered(hdev)) {
9ecb3e24 2060 bool changed;
c0ecddc2 2061
9ecb3e24
MH		 2062 if (cp->val) {
2063 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2064 &hdev->dev_flags);
2065 } else {
2066 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2067 &hdev->dev_flags);
2068 if (!changed)
2069 changed = test_and_clear_bit(HCI_HS_ENABLED,
2070 &hdev->dev_flags);
2071 else
2072 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2073 }
2074
2075 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2076 if (err < 0)
2077 goto failed;
2078
2079 if (changed)
2080 err = new_settings(hdev, sk);
2081
ed2c4ee3
JH		 2082 goto failed;
2083 }
2084
9ecb3e24
MH		 2085 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2086 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2087 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2088 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2089 goto failed;
2090 }
2091
72ef0c1a 2092 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2093 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2094 goto failed;
2095 }
2096
2097 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2098 if (!cmd) {
2099 err = -ENOMEM;
2100 goto failed;
2101 }
2102
3769972b
JH		 2103 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2104 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2105 sizeof(cp->val), &cp->val);
2106
72ef0c1a 2107 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2108 if (err < 0) {
2109 mgmt_pending_remove(cmd);
2110 goto failed;
2111 }
2112
2113failed:
2114 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2115 return err;
2116}
2117
bdb6d971 2118static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2119{
2120 struct mgmt_mode *cp = data;
ee392693 2121 bool changed;
e6fe7986 2122 u8 status;
ee392693 2123 int err;
6d80dfd0 2124
bdb6d971 2125 BT_DBG("request for %s", hdev->name);
6d80dfd0 2126
e6fe7986
JH		 2127 status = mgmt_bredr_support(hdev);
2128 if (status)
2129 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2130
9ecb3e24
MH		 2131 if (!lmp_ssp_capable(hdev))
2132 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2133 MGMT_STATUS_NOT_SUPPORTED);
2134
2135 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2136 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2137 MGMT_STATUS_REJECTED);
2138
a7e80f25
JH		 2139 if (cp->val != 0x00 && cp->val != 0x01)
2140 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2141 MGMT_STATUS_INVALID_PARAMS);
2142
ee392693
MH		 2143 hci_dev_lock(hdev);
2144
a0cdf960 2145 if (cp->val) {
ee392693 2146 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2147 } else {
2148 if (hdev_is_powered(hdev)) {
2149 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2150 MGMT_STATUS_REJECTED);
2151 goto unlock;
2152 }
2153
ee392693 2154 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2155 }
ee392693
MH		 2156
2157 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2158 if (err < 0)
2159 goto unlock;
2160
2161 if (changed)
2162 err = new_settings(hdev, sk);
6d80dfd0 2163
ee392693
MH		 2164unlock:
2165 hci_dev_unlock(hdev);
2166 return err;
6d80dfd0
JH		 2167}
2168
416a4ae5
JH		 2169static void le_enable_complete(struct hci_dev *hdev, u8 status)
2170{
2171 struct cmd_lookup match = { NULL, hdev };
2172
2173 if (status) {
2174 u8 mgmt_err = mgmt_status(status);
2175
2176 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2177 &mgmt_err);
2178 return;
2179 }
2180
2181 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2182
2183 new_settings(hdev, match.sk);
2184
2185 if (match.sk)
2186 sock_put(match.sk);
441ad2d0
MH		 2187
2188 /* Make sure the controller has a good default for
2189 * advertising data. Restrict the update to when LE
2190 * has actually been enabled. During power on, the
2191 * update in powered_update_hci will take care of it.
2192 */
2193 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2194 struct hci_request req;
2195
2196 hci_dev_lock(hdev);
2197
2198 hci_req_init(&req, hdev);
5947f4bc 2199 update_adv_data(&req);
f14d8f64 2200 update_scan_rsp_data(&req);
441ad2d0
MH		 2201 hci_req_run(&req, NULL);
2202
a70f4b5f
JH		 2203 hci_update_background_scan(hdev);
2204
441ad2d0
MH		 2205 hci_dev_unlock(hdev);
2206 }
416a4ae5
JH		 2207}
2208
bdb6d971 2209static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2210{
2211 struct mgmt_mode *cp = data;
2212 struct hci_cp_write_le_host_supported hci_cp;
2213 struct pending_cmd *cmd;
416a4ae5 2214 struct hci_request req;
06199cf8 2215 int err;
0b60eba1 2216 u8 val, enabled;
06199cf8 2217
bdb6d971 2218 BT_DBG("request for %s", hdev->name);
06199cf8 2219
13ecd8b6
JH		 2220 if (!lmp_le_capable(hdev))
2221 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2222 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2223
a7e80f25
JH		 2224 if (cp->val != 0x00 && cp->val != 0x01)
2225 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2226 MGMT_STATUS_INVALID_PARAMS);
2227
c73eee91 2228 /* LE-only devices do not allow toggling LE on/off */
56f87901 2229 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2230 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2231 MGMT_STATUS_REJECTED);
2232
13ecd8b6 2233 hci_dev_lock(hdev);
06199cf8
JH		 2234
2235 val = !!cp->val;
ffa88e02 2236 enabled = lmp_host_le_capable(hdev);
06199cf8 2237
0b60eba1 2238 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2239 bool changed = false;
2240
2241 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2242 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2243 changed = true;
2244 }
2245
f3d3444a
JH		 2246 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2247 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2248 changed = true;
2249 }
2250
06199cf8
JH		 2251 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2252 if (err < 0)
1de028ce 2253 goto unlock;
06199cf8
JH		 2254
2255 if (changed)
2256 err = new_settings(hdev, sk);
2257
1de028ce 2258 goto unlock;
06199cf8
JH		 2259 }
2260
4375f103
JH		 2261 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2262 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2263 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2264 MGMT_STATUS_BUSY);
1de028ce 2265 goto unlock;
06199cf8
JH		 2266 }
2267
2268 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2269 if (!cmd) {
2270 err = -ENOMEM;
1de028ce 2271 goto unlock;
06199cf8
JH		 2272 }
2273
441ad2d0
MH		 2274 hci_req_init(&req, hdev);
2275
06199cf8
JH		 2276 memset(&hci_cp, 0, sizeof(hci_cp));
2277
2278 if (val) {
2279 hci_cp.le = val;
32226e4f 2280 hci_cp.simul = 0x00;
441ad2d0 2281 } else {
73e082f8 2282 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2283 disable_advertising(&req);
06199cf8
JH		 2284 }
2285
416a4ae5
JH		 2286 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2287 &hci_cp);
2288
2289 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2290 if (err < 0)
06199cf8 2291 mgmt_pending_remove(cmd);
06199cf8 2292
1de028ce
JH		 2293unlock:
2294 hci_dev_unlock(hdev);
06199cf8
JH		 2295 return err;
2296}
2297
0cab9c80
JH		 2298/* This is a helper function to test for pending mgmt commands that can
2299 * cause CoD or EIR HCI commands. We can only allow one such pending
2300 * mgmt command at a time since otherwise we cannot easily track what
2301 * the current values are, will be, and based on that calculate if a new
2302 * HCI command needs to be sent and if yes with what value.
2303 */
2304static bool pending_eir_or_class(struct hci_dev *hdev)
2305{
2306 struct pending_cmd *cmd;
2307
2308 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2309 switch (cmd->opcode) {
2310 case MGMT_OP_ADD_UUID:
2311 case MGMT_OP_REMOVE_UUID:
2312 case MGMT_OP_SET_DEV_CLASS:
2313 case MGMT_OP_SET_POWERED:
2314 return true;
2315 }
2316 }
2317
2318 return false;
2319}
2320
83be8eca
JH		 2321static const u8 bluetooth_base_uuid[] = {
2322 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2323 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2324};
2325
2326static u8 get_uuid_size(const u8 *uuid)
2327{
2328 u32 val;
2329
2330 if (memcmp(uuid, bluetooth_base_uuid, 12))
2331 return 128;
2332
2333 val = get_unaligned_le32(&uuid[12]);
2334 if (val > 0xffff)
2335 return 32;
2336
2337 return 16;
2338}
2339
92da6097
JH		 2340static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2341{
2342 struct pending_cmd *cmd;
2343
2344 hci_dev_lock(hdev);
2345
2346 cmd = mgmt_pending_find(mgmt_op, hdev);
2347 if (!cmd)
2348 goto unlock;
2349
2350 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2351 hdev->dev_class, 3);
2352
2353 mgmt_pending_remove(cmd);
2354
2355unlock:
2356 hci_dev_unlock(hdev);
2357}
2358
2359static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2360{
2361 BT_DBG("status 0x%02x", status);
2362
2363 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2364}
2365
bdb6d971 2366static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2367{
650f726d 2368 struct mgmt_cp_add_uuid *cp = data;
90e70454 2369 struct pending_cmd *cmd;
890ea898 2370 struct hci_request req;
2aeb9a1a 2371 struct bt_uuid *uuid;
2aeb9a1a
JH		 2372 int err;
2373
bdb6d971 2374 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2375
09fd0de5 2376 hci_dev_lock(hdev);
2aeb9a1a 2377
0cab9c80 2378 if (pending_eir_or_class(hdev)) {
bdb6d971 2379 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2380 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2381 goto failed;
2382 }
2383
92c4c204 2384 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2385 if (!uuid) {
2386 err = -ENOMEM;
2387 goto failed;
2388 }
2389
2390 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2391 uuid->svc_hint = cp->svc_hint;
83be8eca 2392 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2393
de66aa63 2394 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2395
890ea898 2396 hci_req_init(&req, hdev);
1aff6f09 2397
890ea898
JH		 2398 update_class(&req);
2399 update_eir(&req);
2400
92da6097
JH		 2401 err = hci_req_run(&req, add_uuid_complete);
2402 if (err < 0) {
2403 if (err != -ENODATA)
2404 goto failed;
80a1e1db 2405
bdb6d971 2406 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2407 hdev->dev_class, 3);
90e70454
JH		 2408 goto failed;
2409 }
2410
2411 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2412 if (!cmd) {
90e70454 2413 err = -ENOMEM;
890ea898
JH		 2414 goto failed;
2415 }
2416
2417 err = 0;
2aeb9a1a
JH		 2418
2419failed:
09fd0de5 2420 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2421 return err;
2422}
2423
24b78d0f
JH		 2424static bool enable_service_cache(struct hci_dev *hdev)
2425{
2426 if (!hdev_is_powered(hdev))
2427 return false;
2428
2429 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2430 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2431 CACHE_TIMEOUT);
24b78d0f
JH		 2432 return true;
2433 }
2434
2435 return false;
2436}
2437
92da6097
JH		 2438static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2439{
2440 BT_DBG("status 0x%02x", status);
2441
2442 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2443}
2444
bdb6d971 2445static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2446 u16 len)
2aeb9a1a 2447{
650f726d 2448 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2449 struct pending_cmd *cmd;
056341c8 2450 struct bt_uuid *match, *tmp;
2aeb9a1a 2451 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2452 struct hci_request req;
2aeb9a1a
JH		 2453 int err, found;
2454
bdb6d971 2455 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2456
09fd0de5 2457 hci_dev_lock(hdev);
2aeb9a1a 2458
0cab9c80 2459 if (pending_eir_or_class(hdev)) {
bdb6d971 2460 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2461 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2462 goto unlock;
2463 }
2464
2aeb9a1a 2465 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2466 hci_uuids_clear(hdev);
4004b6d9 2467
24b78d0f 2468 if (enable_service_cache(hdev)) {
bdb6d971 2469 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2470 0, hdev->dev_class, 3);
24b78d0f
JH		 2471 goto unlock;
2472 }
4004b6d9 2473
9246a869 2474 goto update_class;
2aeb9a1a
JH		 2475 }
2476
2477 found = 0;
2478
056341c8 2479 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2480 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2481 continue;
2482
2483 list_del(&match->list);
482049f7 2484 kfree(match);
2aeb9a1a
JH		 2485 found++;
2486 }
2487
2488 if (found == 0) {
bdb6d971 2489 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2490 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2491 goto unlock;
2492 }
2493
9246a869 2494update_class:
890ea898 2495 hci_req_init(&req, hdev);
1aff6f09 2496
890ea898
JH		 2497 update_class(&req);
2498 update_eir(&req);
2499
92da6097
JH		 2500 err = hci_req_run(&req, remove_uuid_complete);
2501 if (err < 0) {
2502 if (err != -ENODATA)
2503 goto unlock;
80a1e1db 2504
bdb6d971 2505 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2506 hdev->dev_class, 3);
90e70454
JH		 2507 goto unlock;
2508 }
2509
2510 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2511 if (!cmd) {
90e70454 2512 err = -ENOMEM;
890ea898
JH		 2513 goto unlock;
2514 }
2515
2516 err = 0;
2aeb9a1a
JH		 2517
2518unlock:
09fd0de5 2519 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2520 return err;
2521}
2522
92da6097
JH		 2523static void set_class_complete(struct hci_dev *hdev, u8 status)
2524{
2525 BT_DBG("status 0x%02x", status);
2526
2527 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2528}
2529
bdb6d971 2530static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2531 u16 len)
1aff6f09 2532{
650f726d 2533 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2534 struct pending_cmd *cmd;
890ea898 2535 struct hci_request req;
1aff6f09
JH		 2536 int err;
2537
bdb6d971 2538 BT_DBG("request for %s", hdev->name);
1aff6f09 2539
6203fc98 2540 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2541 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2542 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2543
0cab9c80 2544 hci_dev_lock(hdev);
ee98f473 2545
0cab9c80
JH		 2546 if (pending_eir_or_class(hdev)) {
2547 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2548 MGMT_STATUS_BUSY);
2549 goto unlock;
2550 }
c95f0ba7 2551
0cab9c80
JH		 2552 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2553 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2554 MGMT_STATUS_INVALID_PARAMS);
2555 goto unlock;
2556 }
575b3a02 2557
932f5ff5
JH		 2558 hdev->major_class = cp->major;
2559 hdev->minor_class = cp->minor;
2560
b5235a65 2561 if (!hdev_is_powered(hdev)) {
bdb6d971 2562 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2563 hdev->dev_class, 3);
b5235a65
JH		 2564 goto unlock;
2565 }
2566
890ea898
JH		 2567 hci_req_init(&req, hdev);
2568
a8b2d5c2 2569 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2570 hci_dev_unlock(hdev);
2571 cancel_delayed_work_sync(&hdev->service_cache);
2572 hci_dev_lock(hdev);
890ea898 2573 update_eir(&req);
7d78525d 2574 }
14c0b608 2575
890ea898
JH		 2576 update_class(&req);
2577
92da6097
JH		 2578 err = hci_req_run(&req, set_class_complete);
2579 if (err < 0) {
2580 if (err != -ENODATA)
2581 goto unlock;
1aff6f09 2582
bdb6d971 2583 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2584 hdev->dev_class, 3);
90e70454
JH		 2585 goto unlock;
2586 }
2587
2588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2589 if (!cmd) {
90e70454 2590 err = -ENOMEM;
890ea898
JH		 2591 goto unlock;
2592 }
2593
2594 err = 0;
1aff6f09 2595
b5235a65 2596unlock:
09fd0de5 2597 hci_dev_unlock(hdev);
1aff6f09
JH		 2598 return err;
2599}
2600
bdb6d971 2601static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2602 u16 len)
55ed8ca1 2603{
650f726d 2604 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2605 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2606 sizeof(struct mgmt_link_key_info));
4e51eae9 2607 u16 key_count, expected_len;
b1de97d8 2608 bool changed;
a492cd52 2609 int i;
55ed8ca1 2610
9060d5cf
MH		 2611 BT_DBG("request for %s", hdev->name);
2612
2613 if (!lmp_bredr_capable(hdev))
2614 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2615 MGMT_STATUS_NOT_SUPPORTED);
2616
1f350c87 2617 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2618 if (key_count > max_key_count) {
2619 BT_ERR("load_link_keys: too big key_count value %u",
2620 key_count);
2621 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2622 MGMT_STATUS_INVALID_PARAMS);
2623 }
55ed8ca1 2624
86742e1e
JH		 2625 expected_len = sizeof(*cp) + key_count *
2626 sizeof(struct mgmt_link_key_info);
a492cd52 2627 if (expected_len != len) {
86742e1e 2628 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2629 expected_len, len);
bdb6d971 2630 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2631 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2632 }
2633
4ae14301
JH		 2634 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2635 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2636 MGMT_STATUS_INVALID_PARAMS);
2637
bdb6d971 2638 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2639 key_count);
55ed8ca1 2640
4ee71b20
JH		 2641 for (i = 0; i < key_count; i++) {
2642 struct mgmt_link_key_info *key = &cp->keys[i];
2643
8e991132 2644 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2646 MGMT_STATUS_INVALID_PARAMS);
2647 }
2648
09fd0de5 2649 hci_dev_lock(hdev);
55ed8ca1
JH		 2650
2651 hci_link_keys_clear(hdev);
2652
55ed8ca1 2653 if (cp->debug_keys)
0663b297
JH		 2654 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2655 &hdev->dev_flags);
55ed8ca1 2656 else
0663b297
JH		 2657 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2658 &hdev->dev_flags);
b1de97d8
MH		 2659
2660 if (changed)
2661 new_settings(hdev, NULL);
55ed8ca1 2662
a492cd52 2663 for (i = 0; i < key_count; i++) {
86742e1e 2664 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2665
58e9293c
JH		 2666 /* Always ignore debug keys and require a new pairing if
2667 * the user wants to use them.
2668 */
2669 if (key->type == HCI_LK_DEBUG_COMBINATION)
2670 continue;
2671
7652ff6a
JH		 2672 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2673 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2674 }
2675
bdb6d971 2676 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2677
09fd0de5 2678 hci_dev_unlock(hdev);
55ed8ca1 2679
a492cd52 2680 return 0;
55ed8ca1
JH		 2681}
2682
b1078ad0 2683static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2684 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2685{
2686 struct mgmt_ev_device_unpaired ev;
2687
2688 bacpy(&ev.addr.bdaddr, bdaddr);
2689 ev.addr.type = addr_type;
2690
2691 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2692 skip_sk);
b1078ad0
JH		 2693}
2694
bdb6d971 2695static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2696 u16 len)
55ed8ca1 2697{
124f6e35
JH		 2698 struct mgmt_cp_unpair_device *cp = data;
2699 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2700 struct hci_cp_disconnect dc;
2701 struct pending_cmd *cmd;
55ed8ca1 2702 struct hci_conn *conn;
55ed8ca1
JH		 2703 int err;
2704
a8a1d19e 2705 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2706 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2707 rp.addr.type = cp->addr.type;
a8a1d19e 2708
4ee71b20
JH		 2709 if (!bdaddr_type_is_valid(cp->addr.type))
2710 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2711 MGMT_STATUS_INVALID_PARAMS,
2712 &rp, sizeof(rp));
2713
118da70b
JH		 2714 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2715 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2716 MGMT_STATUS_INVALID_PARAMS,
2717 &rp, sizeof(rp));
2718
4ee71b20
JH		 2719 hci_dev_lock(hdev);
2720
86a8cfc6 2721 if (!hdev_is_powered(hdev)) {
bdb6d971 2722 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2723 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2724 goto unlock;
2725 }
2726
e0b2b27e 2727 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2728 /* If disconnection is requested, then look up the
2729 * connection. If the remote device is connected, it
2730 * will be later used to terminate the link.
2731 *
2732 * Setting it to NULL explicitly will cause no
2733 * termination of the link.
2734 */
2735 if (cp->disconnect)
2736 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2737 &cp->addr.bdaddr);
2738 else
2739 conn = NULL;
2740
124f6e35 2741 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2742 } else {
2743 u8 addr_type;
2744
89cbb063
AA		 2745 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2746 &cp->addr.bdaddr);
2747 if (conn) {
2748 /* Defer clearing up the connection parameters
2749 * until closing to give a chance of keeping
2750 * them if a repairing happens.
2751 */
2752 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2753
2754 /* If disconnection is not requested, then
2755 * clear the connection variable so that the
2756 * link is not terminated.
2757 */
2758 if (!cp->disconnect)
2759 conn = NULL;
2760 }
2761
e0b2b27e
JH		 2762 if (cp->addr.type == BDADDR_LE_PUBLIC)
2763 addr_type = ADDR_LE_DEV_PUBLIC;
2764 else
2765 addr_type = ADDR_LE_DEV_RANDOM;
2766
a7ec7338
JH		 2767 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2768
e0b2b27e
JH		 2769 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2770 }
b0dbfb46 2771
55ed8ca1 2772 if (err < 0) {
bdb6d971 2773 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2774 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2775 goto unlock;
2776 }
2777
89cbb063
AA		 2778 /* If the connection variable is set, then termination of the
2779 * link is requested.
2780 */
a8a1d19e 2781 if (!conn) {
bdb6d971 2782 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2783 &rp, sizeof(rp));
b1078ad0 2784 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2785 goto unlock;
2786 }
55ed8ca1 2787
124f6e35 2788 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2789 sizeof(*cp));
a8a1d19e
JH		 2790 if (!cmd) {
2791 err = -ENOMEM;
2792 goto unlock;
55ed8ca1
JH		 2793 }
2794
eb55ef07 2795 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2796 dc.reason = 0x13; /* Remote User Terminated Connection */
2797 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2798 if (err < 0)
2799 mgmt_pending_remove(cmd);
2800
55ed8ca1 2801unlock:
09fd0de5 2802 hci_dev_unlock(hdev);
55ed8ca1
JH		 2803 return err;
2804}
2805
bdb6d971 2806static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2807 u16 len)
8962ee74 2808{
650f726d 2809 struct mgmt_cp_disconnect *cp = data;
06a63b19 2810 struct mgmt_rp_disconnect rp;
366a0336 2811 struct pending_cmd *cmd;
8962ee74 2812 struct hci_conn *conn;
8962ee74
JH		 2813 int err;
2814
2815 BT_DBG("");
2816
06a63b19
JH		 2817 memset(&rp, 0, sizeof(rp));
2818 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2819 rp.addr.type = cp->addr.type;
2820
4ee71b20 2821 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2822 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2823 MGMT_STATUS_INVALID_PARAMS,
2824 &rp, sizeof(rp));
4ee71b20 2825
09fd0de5 2826 hci_dev_lock(hdev);
8962ee74
JH		 2827
2828 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2829 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2830 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2831 goto failed;
2832 }
2833
2e58ef3e 2834 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2835 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2836 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2837 goto failed;
2838 }
2839
591f47f3 2840 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2841 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2842 &cp->addr.bdaddr);
88c3df13
JH		 2843 else
2844 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2845
f960727e 2846 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2847 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2848 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2849 goto failed;
2850 }
2851
2e58ef3e 2852 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2853 if (!cmd) {
2854 err = -ENOMEM;
8962ee74 2855 goto failed;
366a0336 2856 }
8962ee74 2857
e3f2f92a 2858 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2859 if (err < 0)
a664b5bc 2860 mgmt_pending_remove(cmd);
8962ee74
JH		 2861
2862failed:
09fd0de5 2863 hci_dev_unlock(hdev);
8962ee74
JH		 2864 return err;
2865}
2866
57c1477c 2867static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2868{
2869 switch (link_type) {
2870 case LE_LINK:
48264f06
JH		 2871 switch (addr_type) {
2872 case ADDR_LE_DEV_PUBLIC:
591f47f3 2873 return BDADDR_LE_PUBLIC;
0ed09148 2874
48264f06 2875 default:
0ed09148 2876 /* Fallback to LE Random address type */
591f47f3 2877 return BDADDR_LE_RANDOM;
48264f06 2878 }
0ed09148 2879
4c659c39 2880 default:
0ed09148 2881 /* Fallback to BR/EDR type */
591f47f3 2882 return BDADDR_BREDR;
4c659c39
JH		 2883 }
2884}
2885
04124681
GP		 2886static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2887 u16 data_len)
2784eb41 2888{
2784eb41 2889 struct mgmt_rp_get_connections *rp;
8035ded4 2890 struct hci_conn *c;
a38528f1 2891 size_t rp_len;
60fc5fb6
JH		 2892 int err;
2893 u16 i;
2784eb41
JH		 2894
2895 BT_DBG("");
2896
09fd0de5 2897 hci_dev_lock(hdev);
2784eb41 2898
5f97c1df 2899 if (!hdev_is_powered(hdev)) {
bdb6d971 2900 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2901 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2902 goto unlock;
2903 }
2904
60fc5fb6 2905 i = 0;
b644ba33
JH		 2906 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2907 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2908 i++;
2784eb41
JH		 2909 }
2910
60fc5fb6 2911 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2912 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2913 if (!rp) {
2784eb41
JH		 2914 err = -ENOMEM;
2915 goto unlock;
2916 }
2917
2784eb41 2918 i = 0;
4c659c39 2919 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2920 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2921 continue;
4c659c39 2922 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2923 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2924 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2925 continue;
2926 i++;
2927 }
2928
eb55ef07 2929 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2930
4c659c39
JH		 2931 /* Recalculate length in case of filtered SCO connections, etc */
2932 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2933
bdb6d971 2934 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2935 rp_len);
2784eb41 2936
a38528f1 2937 kfree(rp);
5f97c1df
JH		 2938
2939unlock:
09fd0de5 2940 hci_dev_unlock(hdev);
2784eb41
JH		 2941 return err;
2942}
2943
bdb6d971 2944static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2945 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2946{
2947 struct pending_cmd *cmd;
2948 int err;
2949
2e58ef3e 2950 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2951 sizeof(*cp));
96d97a67
WR		 2952 if (!cmd)
2953 return -ENOMEM;
2954
d8457698 2955 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2956 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2957 if (err < 0)
2958 mgmt_pending_remove(cmd);
2959
2960 return err;
2961}
2962
bdb6d971 2963static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2964 u16 len)
980e1a53 2965{
96d97a67 2966 struct hci_conn *conn;
650f726d 2967 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2968 struct hci_cp_pin_code_reply reply;
366a0336 2969 struct pending_cmd *cmd;
980e1a53
JH		 2970 int err;
2971
2972 BT_DBG("");
2973
09fd0de5 2974 hci_dev_lock(hdev);
980e1a53 2975
4b34ee78 2976 if (!hdev_is_powered(hdev)) {
bdb6d971 2977 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2978 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2979 goto failed;
2980 }
2981
d8457698 2982 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2983 if (!conn) {
bdb6d971 2984 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2985 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2986 goto failed;
2987 }
2988
2989 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2990 struct mgmt_cp_pin_code_neg_reply ncp;
2991
2992 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2993
2994 BT_ERR("PIN code is not 16 bytes long");
2995
bdb6d971 2996 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2997 if (err >= 0)
bdb6d971 2998 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2999 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3000
3001 goto failed;
3002 }
3003
00abfe44 3004 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3005 if (!cmd) {
3006 err = -ENOMEM;
980e1a53 3007 goto failed;
366a0336 3008 }
980e1a53 3009
d8457698 3010 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3011 reply.pin_len = cp->pin_len;
24718ca5 3012 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3013
3014 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3015 if (err < 0)
a664b5bc 3016 mgmt_pending_remove(cmd);
980e1a53
JH		 3017
3018failed:
09fd0de5 3019 hci_dev_unlock(hdev);
980e1a53
JH		 3020 return err;
3021}
3022
04124681
GP		 3023static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3024 u16 len)
17fa4b9d 3025{
650f726d 3026 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3027
3028 BT_DBG("");
3029
4ec86d4c
JH		 3030 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3031 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3032 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3033
09fd0de5 3034 hci_dev_lock(hdev);
17fa4b9d
JH		 3035
3036 hdev->io_capability = cp->io_capability;
3037
3038 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3039 hdev->io_capability);
17fa4b9d 3040
09fd0de5 3041 hci_dev_unlock(hdev);
17fa4b9d 3042
04124681
GP		 3043 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3044 0);
17fa4b9d
JH		 3045}
3046
6039aa73 3047static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3048{
3049 struct hci_dev *hdev = conn->hdev;
8035ded4 3050 struct pending_cmd *cmd;
e9a416b5 3051
2e58ef3e 3052 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3053 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3054 continue;
3055
e9a416b5
JH		 3056 if (cmd->user_data != conn)
3057 continue;
3058
3059 return cmd;
3060 }
3061
3062 return NULL;
3063}
3064
3065static void pairing_complete(struct pending_cmd *cmd, u8 status)
3066{
3067 struct mgmt_rp_pair_device rp;
3068 struct hci_conn *conn = cmd->user_data;
3069
61b1a7fb
JH		 3070 bacpy(&rp.addr.bdaddr, &conn->dst);
3071 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3072
aee9b218 3073 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3074 &rp, sizeof(rp));
e9a416b5
JH		 3075
3076 /* So we don't get further callbacks for this connection */
3077 conn->connect_cfm_cb = NULL;
3078 conn->security_cfm_cb = NULL;
3079 conn->disconn_cfm_cb = NULL;
3080
76a68ba0 3081 hci_conn_drop(conn);
f8aaf9b6 3082 hci_conn_put(conn);
e9a416b5 3083
a664b5bc 3084 mgmt_pending_remove(cmd);
89cbb063
AA		 3085
3086 /* The device is paired so there is no need to remove
3087 * its connection parameters anymore.
3088 */
3089 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
e9a416b5
JH		 3090}
3091
f4a407be
JH		 3092void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3093{
3094 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3095 struct pending_cmd *cmd;
3096
3097 cmd = find_pairing(conn);
3098 if (cmd)
3099 pairing_complete(cmd, status);
3100}
3101
e9a416b5
JH		 3102static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3103{
3104 struct pending_cmd *cmd;
3105
3106 BT_DBG("status %u", status);
3107
3108 cmd = find_pairing(conn);
56e5cb86 3109 if (!cmd)
e9a416b5 3110 BT_DBG("Unable to find a pending command");
56e5cb86 3111 else
e211326c 3112 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3113}
3114
f4a407be 3115static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3116{
3117 struct pending_cmd *cmd;
3118
3119 BT_DBG("status %u", status);
3120
3121 if (!status)
3122 return;
3123
3124 cmd = find_pairing(conn);
3125 if (!cmd)
3126 BT_DBG("Unable to find a pending command");
3127 else
3128 pairing_complete(cmd, mgmt_status(status));
3129}
3130
bdb6d971 3131static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3132 u16 len)
e9a416b5 3133{
650f726d 3134 struct mgmt_cp_pair_device *cp = data;
1425acb7 3135 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3136 struct pending_cmd *cmd;
3137 u8 sec_level, auth_type;
3138 struct hci_conn *conn;
e9a416b5
JH		 3139 int err;
3140
3141 BT_DBG("");
3142
f950a30e
SJ		 3143 memset(&rp, 0, sizeof(rp));
3144 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3145 rp.addr.type = cp->addr.type;
3146
4ee71b20
JH		 3147 if (!bdaddr_type_is_valid(cp->addr.type))
3148 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3149 MGMT_STATUS_INVALID_PARAMS,
3150 &rp, sizeof(rp));
3151
4ec86d4c
JH		 3152 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3153 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3154 MGMT_STATUS_INVALID_PARAMS,
3155 &rp, sizeof(rp));
3156
09fd0de5 3157 hci_dev_lock(hdev);
e9a416b5 3158
5f97c1df 3159 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3160 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3161 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3162 goto unlock;
3163 }
3164
c908df36 3165 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3166 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3167
6f77d8c7 3168 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3169 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3170 auth_type);
6f77d8c7
AG		 3171 } else {
3172 u8 addr_type;
3173
3174 /* Convert from L2CAP channel address type to HCI address type
3175 */
3176 if (cp->addr.type == BDADDR_LE_PUBLIC)
3177 addr_type = ADDR_LE_DEV_PUBLIC;
3178 else
3179 addr_type = ADDR_LE_DEV_RANDOM;
3180
7c264b10
MH		 3181 /* When pairing a new device, it is expected to remember
3182 * this device for future connections. Adding the connection
3183 * parameter information ahead of time allows tracking
3184 * of the slave preferred values and will speed up any
3185 * further connection establishment.
3186 *
3187 * If connection parameters already exist, then they
3188 * will be kept and this function does nothing.
3189 */
3190 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3191
6f77d8c7 3192 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3193 sec_level, HCI_LE_CONN_TIMEOUT,
3194 HCI_ROLE_MASTER);
6f77d8c7 3195 }
7a512d01 3196
30e76272 3197 if (IS_ERR(conn)) {
489dc48e
AK		 3198 int status;
3199
3200 if (PTR_ERR(conn) == -EBUSY)
3201 status = MGMT_STATUS_BUSY;
3202 else
3203 status = MGMT_STATUS_CONNECT_FAILED;
3204
bdb6d971 3205 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3206 status, &rp,
04124681 3207 sizeof(rp));
e9a416b5
JH		 3208 goto unlock;
3209 }
3210
3211 if (conn->connect_cfm_cb) {
76a68ba0 3212 hci_conn_drop(conn);
bdb6d971 3213 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3214 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3215 goto unlock;
3216 }
3217
2e58ef3e 3218 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3219 if (!cmd) {
3220 err = -ENOMEM;
76a68ba0 3221 hci_conn_drop(conn);
e9a416b5
JH		 3222 goto unlock;
3223 }
3224
7a512d01 3225 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3226 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3227 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3228 conn->security_cfm_cb = pairing_complete_cb;
3229 conn->disconn_cfm_cb = pairing_complete_cb;
3230 } else {
3231 conn->connect_cfm_cb = le_pairing_complete_cb;
3232 conn->security_cfm_cb = le_pairing_complete_cb;
3233 conn->disconn_cfm_cb = le_pairing_complete_cb;
3234 }
7a512d01 3235
e9a416b5 3236 conn->io_capability = cp->io_cap;
f8aaf9b6 3237 cmd->user_data = hci_conn_get(conn);
e9a416b5 3238
6f78fd4b 3239 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
e7cafc45 3240 hci_conn_security(conn, sec_level, auth_type, true))
e9a416b5
JH		 3241 pairing_complete(cmd, 0);
3242
3243 err = 0;
3244
3245unlock:
09fd0de5 3246 hci_dev_unlock(hdev);
e9a416b5
JH		 3247 return err;
3248}
3249
04124681
GP		 3250static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3251 u16 len)
28424707 3252{
0f4e68cf 3253 struct mgmt_addr_info *addr = data;
28424707
JH		 3254 struct pending_cmd *cmd;
3255 struct hci_conn *conn;
3256 int err;
3257
3258 BT_DBG("");
3259
28424707
JH		 3260 hci_dev_lock(hdev);
3261
5f97c1df 3262 if (!hdev_is_powered(hdev)) {
bdb6d971 3263 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3264 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3265 goto unlock;
3266 }
3267
28424707
JH		 3268 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3269 if (!cmd) {
bdb6d971 3270 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3271 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3272 goto unlock;
3273 }
3274
3275 conn = cmd->user_data;
3276
3277 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3278 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3279 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3280 goto unlock;
3281 }
3282
3283 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3284
bdb6d971 3285 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3286 addr, sizeof(*addr));
28424707
JH		 3287unlock:
3288 hci_dev_unlock(hdev);
28424707
JH		 3289 return err;
3290}
3291
bdb6d971 3292static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3293 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3294 u16 hci_op, __le32 passkey)
a5c29683 3295{
a5c29683 3296 struct pending_cmd *cmd;
0df4c185 3297 struct hci_conn *conn;
a5c29683
JH		 3298 int err;
3299
09fd0de5 3300 hci_dev_lock(hdev);
08ba5382 3301
4b34ee78 3302 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3303 err = cmd_complete(sk, hdev->id, mgmt_op,
3304 MGMT_STATUS_NOT_POWERED, addr,
3305 sizeof(*addr));
0df4c185 3306 goto done;
a5c29683
JH		 3307 }
3308
1707c60e
JH		 3309 if (addr->type == BDADDR_BREDR)
3310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3311 else
1707c60e 3312 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3313
3314 if (!conn) {
feb94d3d
JH		 3315 err = cmd_complete(sk, hdev->id, mgmt_op,
3316 MGMT_STATUS_NOT_CONNECTED, addr,
3317 sizeof(*addr));
272d90df
JH		 3318 goto done;
3319 }
47c15e2b 3320
1707c60e 3321 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3322 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3323 if (!err)
feb94d3d
JH		 3324 err = cmd_complete(sk, hdev->id, mgmt_op,
3325 MGMT_STATUS_SUCCESS, addr,
3326 sizeof(*addr));
5fe57d9e 3327 else
feb94d3d
JH		 3328 err = cmd_complete(sk, hdev->id, mgmt_op,
3329 MGMT_STATUS_FAILED, addr,
3330 sizeof(*addr));
47c15e2b 3331
47c15e2b
BG		 3332 goto done;
3333 }
3334
1707c60e 3335 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3336 if (!cmd) {
3337 err = -ENOMEM;
0df4c185 3338 goto done;
a5c29683
JH		 3339 }
3340
0df4c185 3341 /* Continue with pairing via HCI */
604086b7
BG		 3342 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3343 struct hci_cp_user_passkey_reply cp;
3344
1707c60e 3345 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3346 cp.passkey = passkey;
3347 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3348 } else
1707c60e
JH		 3349 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3350 &addr->bdaddr);
604086b7 3351
a664b5bc
JH		 3352 if (err < 0)
3353 mgmt_pending_remove(cmd);
a5c29683 3354
0df4c185 3355done:
09fd0de5 3356 hci_dev_unlock(hdev);
a5c29683
JH		 3357 return err;
3358}
3359
afeb019d
JK		 3360static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3361 void *data, u16 len)
3362{
3363 struct mgmt_cp_pin_code_neg_reply *cp = data;
3364
3365 BT_DBG("");
3366
1707c60e 3367 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3368 MGMT_OP_PIN_CODE_NEG_REPLY,
3369 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3370}
3371
04124681
GP		 3372static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3373 u16 len)
0df4c185 3374{
650f726d 3375 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3376
3377 BT_DBG("");
3378
3379 if (len != sizeof(*cp))
bdb6d971 3380 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3381 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3382
1707c60e 3383 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3384 MGMT_OP_USER_CONFIRM_REPLY,
3385 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3386}
3387
bdb6d971 3388static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3389 void *data, u16 len)
0df4c185 3390{
c9c2659f 3391 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3392
3393 BT_DBG("");
3394
1707c60e 3395 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3396 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3397 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3398}
3399
04124681
GP		 3400static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3401 u16 len)
604086b7 3402{
650f726d 3403 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3404
3405 BT_DBG("");
3406
1707c60e 3407 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3408 MGMT_OP_USER_PASSKEY_REPLY,
3409 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3410}
3411
bdb6d971 3412static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3413 void *data, u16 len)
604086b7 3414{
650f726d 3415 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3416
3417 BT_DBG("");
3418
1707c60e 3419 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3420 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3421 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3422}
3423
13928971 3424static void update_name(struct hci_request *req)
2b4bf397 3425{
13928971 3426 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3427 struct hci_cp_write_local_name cp;
3428
13928971 3429 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3430
890ea898 3431 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3432}
3433
13928971
JH		 3434static void set_name_complete(struct hci_dev *hdev, u8 status)
3435{
3436 struct mgmt_cp_set_local_name *cp;
3437 struct pending_cmd *cmd;
3438
3439 BT_DBG("status 0x%02x", status);
3440
3441 hci_dev_lock(hdev);
3442
3443 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3444 if (!cmd)
3445 goto unlock;
3446
3447 cp = cmd->param;
3448
3449 if (status)
3450 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3451 mgmt_status(status));
3452 else
3453 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3454 cp, sizeof(*cp));
3455
3456 mgmt_pending_remove(cmd);
3457
3458unlock:
3459 hci_dev_unlock(hdev);
3460}
3461
bdb6d971 3462static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3463 u16 len)
b312b161 3464{
2b4bf397 3465 struct mgmt_cp_set_local_name *cp = data;
b312b161 3466 struct pending_cmd *cmd;
890ea898 3467 struct hci_request req;
b312b161
JH		 3468 int err;
3469
3470 BT_DBG("");
3471
09fd0de5 3472 hci_dev_lock(hdev);
b312b161 3473
b3f2ca94
JH		 3474 /* If the old values are the same as the new ones just return a
3475 * direct command complete event.
3476 */
3477 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3478 !memcmp(hdev->short_name, cp->short_name,
3479 sizeof(hdev->short_name))) {
3480 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3481 data, len);
3482 goto failed;
3483 }
3484
2b4bf397 3485 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3486
b5235a65 3487 if (!hdev_is_powered(hdev)) {
2b4bf397 3488 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3489
3490 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3491 data, len);
28cc7bde
JH		 3492 if (err < 0)
3493 goto failed;
3494
3495 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3496 sk);
28cc7bde 3497
b5235a65
JH		 3498 goto failed;
3499 }
3500
28cc7bde 3501 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3502 if (!cmd) {
3503 err = -ENOMEM;
3504 goto failed;
3505 }
3506
13928971
JH		 3507 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3508
890ea898 3509 hci_req_init(&req, hdev);
3f985050
JH		 3510
3511 if (lmp_bredr_capable(hdev)) {
3512 update_name(&req);
3513 update_eir(&req);
3514 }
3515
7a5f4990
MH		 3516 /* The name is stored in the scan response data and so
3517 * no need to udpate the advertising data here.
3518 */
3f985050 3519 if (lmp_le_capable(hdev))
7a5f4990 3520 update_scan_rsp_data(&req);
3f985050 3521
13928971 3522 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3523 if (err < 0)
3524 mgmt_pending_remove(cmd);
3525
3526failed:
09fd0de5 3527 hci_dev_unlock(hdev);
b312b161
JH		 3528 return err;
3529}
3530
0f4e68cf 3531static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3532 void *data, u16 data_len)
c35938b2 3533{
c35938b2
SJ		 3534 struct pending_cmd *cmd;
3535 int err;
3536
bdb6d971 3537 BT_DBG("%s", hdev->name);
c35938b2 3538
09fd0de5 3539 hci_dev_lock(hdev);
c35938b2 3540
4b34ee78 3541 if (!hdev_is_powered(hdev)) {
bdb6d971 3542 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3543 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3544 goto unlock;
3545 }
3546
9a1a1996 3547 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3548 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3549 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3550 goto unlock;
3551 }
3552
2e58ef3e 3553 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3554 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3555 MGMT_STATUS_BUSY);
c35938b2
SJ		 3556 goto unlock;
3557 }
3558
2e58ef3e 3559 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3560 if (!cmd) {
3561 err = -ENOMEM;
3562 goto unlock;
3563 }
3564
4d2d2796
MH		 3565 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3566 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3567 0, NULL);
3568 else
3569 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3570
c35938b2
SJ		 3571 if (err < 0)
3572 mgmt_pending_remove(cmd);
3573
3574unlock:
09fd0de5 3575 hci_dev_unlock(hdev);
c35938b2
SJ		 3576 return err;
3577}
3578
bdb6d971 3579static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3580 void *data, u16 len)
2763eda6 3581{
2763eda6
SJ		 3582 int err;
3583
bdb6d971 3584 BT_DBG("%s ", hdev->name);
2763eda6 3585
09fd0de5 3586 hci_dev_lock(hdev);
2763eda6 3587
ec109113
MH		 3588 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3589 struct mgmt_cp_add_remote_oob_data *cp = data;
3590 u8 status;
bf1e3541 3591
ec109113
MH		 3592 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3593 cp->hash, cp->randomizer);
3594 if (err < 0)
3595 status = MGMT_STATUS_FAILED;
3596 else
3597 status = MGMT_STATUS_SUCCESS;
3598
3599 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3600 status, &cp->addr, sizeof(cp->addr));
3601 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3602 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3603 u8 status;
3604
3605 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3606 cp->hash192,
3607 cp->randomizer192,
3608 cp->hash256,
3609 cp->randomizer256);
3610 if (err < 0)
3611 status = MGMT_STATUS_FAILED;
3612 else
3613 status = MGMT_STATUS_SUCCESS;
3614
3615 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3616 status, &cp->addr, sizeof(cp->addr));
3617 } else {
3618 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3619 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3620 MGMT_STATUS_INVALID_PARAMS);
3621 }
2763eda6 3622
09fd0de5 3623 hci_dev_unlock(hdev);
2763eda6
SJ		 3624 return err;
3625}
3626
bdb6d971 3627static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3628 void *data, u16 len)
2763eda6 3629{
650f726d 3630 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3631 u8 status;
2763eda6
SJ		 3632 int err;
3633
bdb6d971 3634 BT_DBG("%s", hdev->name);
2763eda6 3635
09fd0de5 3636 hci_dev_lock(hdev);
2763eda6 3637
eedbd581
JH		 3638 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3639 hci_remote_oob_data_clear(hdev);
3640 status = MGMT_STATUS_SUCCESS;
3641 goto done;
3642 }
3643
664ce4cc 3644 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3645 if (err < 0)
bf1e3541 3646 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3647 else
a6785be2 3648 status = MGMT_STATUS_SUCCESS;
bf1e3541 3649
eedbd581 3650done:
bdb6d971 3651 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3652 status, &cp->addr, sizeof(cp->addr));
2763eda6 3653
09fd0de5 3654 hci_dev_unlock(hdev);
2763eda6
SJ		 3655 return err;
3656}
3657
41dc2bd6
AG		 3658static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3659{
3660 struct pending_cmd *cmd;
3661 u8 type;
3662 int err;
3663
3664 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3665
3666 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3667 if (!cmd)
3668 return -ENOENT;
3669
3670 type = hdev->discovery.type;
3671
3672 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3673 &type, sizeof(type));
3674 mgmt_pending_remove(cmd);
3675
3676 return err;
3677}
3678
7c307720
AG		 3679static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3680{
ae55f598
LR		 3681 unsigned long timeout = 0;
3682
7c307720
AG		 3683 BT_DBG("status %d", status);
3684
3685 if (status) {
3686 hci_dev_lock(hdev);
3687 mgmt_start_discovery_failed(hdev, status);
3688 hci_dev_unlock(hdev);
3689 return;
3690 }
3691
3692 hci_dev_lock(hdev);
3693 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3694 hci_dev_unlock(hdev);
3695
3696 switch (hdev->discovery.type) {
3697 case DISCOV_TYPE_LE:
3d5a76f0 3698 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3699 break;
3700
3701 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3702 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3703 break;
3704
3705 case DISCOV_TYPE_BREDR:
3706 break;
3707
3708 default:
3709 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3710 }
ae55f598
LR		 3711
3712 if (!timeout)
3713 return;
3714
3715 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3716}
3717
bdb6d971 3718static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3719 void *data, u16 len)
14a53664 3720{
650f726d 3721 struct mgmt_cp_start_discovery *cp = data;
14a53664 3722 struct pending_cmd *cmd;
7c307720
AG		 3723 struct hci_cp_le_set_scan_param param_cp;
3724 struct hci_cp_le_set_scan_enable enable_cp;
3725 struct hci_cp_inquiry inq_cp;
3726 struct hci_request req;
3727 /* General inquiry access code (GIAC) */
3728 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3729 u8 status, own_addr_type;
14a53664
JH		 3730 int err;
3731
bdb6d971 3732 BT_DBG("%s", hdev->name);
14a53664 3733
09fd0de5 3734 hci_dev_lock(hdev);
14a53664 3735
4b34ee78 3736 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3737 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3738 MGMT_STATUS_NOT_POWERED,
3739 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3740 goto failed;
3741 }
3742
642be6c7 3743 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3744 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3745 MGMT_STATUS_BUSY, &cp->type,
3746 sizeof(cp->type));
642be6c7
AG		 3747 goto failed;
3748 }
3749
ff9ef578 3750 if (hdev->discovery.state != DISCOVERY_STOPPED) {
a736abc1
SJ		 3751 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3752 MGMT_STATUS_BUSY, &cp->type,
3753 sizeof(cp->type));
ff9ef578
JH		 3754 goto failed;
3755 }
3756
2e58ef3e 3757 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3758 if (!cmd) {
3759 err = -ENOMEM;
3760 goto failed;
3761 }
3762
4aab14e5
AG		 3763 hdev->discovery.type = cp->type;
3764
7c307720
AG		 3765 hci_req_init(&req, hdev);
3766
4aab14e5 3767 switch (hdev->discovery.type) {
f39799f5 3768 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3769 status = mgmt_bredr_support(hdev);
3770 if (status) {
a736abc1
SJ		 3771 err = cmd_complete(sk, hdev->id,
3772 MGMT_OP_START_DISCOVERY, status,
3773 &cp->type, sizeof(cp->type));
04106755
JH		 3774 mgmt_pending_remove(cmd);
3775 goto failed;
3776 }
3777
7c307720 3778 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
a736abc1
SJ		 3779 err = cmd_complete(sk, hdev->id,
3780 MGMT_OP_START_DISCOVERY,
3781 MGMT_STATUS_BUSY, &cp->type,
3782 sizeof(cp->type));
7c307720
AG		 3783 mgmt_pending_remove(cmd);
3784 goto failed;
3785 }
3786
3787 hci_inquiry_cache_flush(hdev);
3788
3789 memset(&inq_cp, 0, sizeof(inq_cp));
3790 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3791 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3792 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3793 break;
3794
3795 case DISCOV_TYPE_LE:
7c307720 3796 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3797 status = mgmt_le_support(hdev);
3798 if (status) {
a736abc1
SJ		 3799 err = cmd_complete(sk, hdev->id,
3800 MGMT_OP_START_DISCOVERY, status,
3801 &cp->type, sizeof(cp->type));
04106755
JH		 3802 mgmt_pending_remove(cmd);
3803 goto failed;
3804 }
3805
7c307720 3806 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3807 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
a736abc1
SJ		 3808 err = cmd_complete(sk, hdev->id,
3809 MGMT_OP_START_DISCOVERY,
3810 MGMT_STATUS_NOT_SUPPORTED,
3811 &cp->type, sizeof(cp->type));
04106755
JH		 3812 mgmt_pending_remove(cmd);
3813 goto failed;
3814 }
3815
e8bb6b97
JH		 3816 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3817 /* Don't let discovery abort an outgoing
3818 * connection attempt that's using directed
3819 * advertising.
3820 */
3821 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3822 BT_CONNECT)) {
a736abc1
SJ		 3823 err = cmd_complete(sk, hdev->id,
3824 MGMT_OP_START_DISCOVERY,
3825 MGMT_STATUS_REJECTED,
3826 &cp->type,
3827 sizeof(cp->type));
e8bb6b97
JH		 3828 mgmt_pending_remove(cmd);
3829 goto failed;
3830 }
3831
3832 disable_advertising(&req);
7c307720
AG		 3833 }
3834
c54c3860
AG		 3835 /* If controller is scanning, it means the background scanning
3836 * is running. Thus, we should temporarily stop it in order to
3837 * set the discovery scanning parameters.
3838 */
3839 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3840 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3841
3842 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3843
94b1fc92
MH		 3844 /* All active scans will be done with either a resolvable
3845 * private address (when privacy feature has been enabled)
3846 * or unresolvable private address.
3847 */
3848 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943 3849 if (err < 0) {
a736abc1
SJ		 3850 err = cmd_complete(sk, hdev->id,
3851 MGMT_OP_START_DISCOVERY,
3852 MGMT_STATUS_FAILED,
3853 &cp->type, sizeof(cp->type));
d9483943
JH		 3854 mgmt_pending_remove(cmd);
3855 goto failed;
3856 }
3857
7c307720 3858 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3859 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3860 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3861 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3862 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3863 &param_cp);
3864
3865 memset(&enable_cp, 0, sizeof(enable_cp));
3866 enable_cp.enable = LE_SCAN_ENABLE;
3867 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3868 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3869 &enable_cp);
5e0452c0
AG		 3870 break;
3871
f39799f5 3872 default:
a736abc1
SJ		 3873 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3874 MGMT_STATUS_INVALID_PARAMS,
3875 &cp->type, sizeof(cp->type));
04106755
JH		 3876 mgmt_pending_remove(cmd);
3877 goto failed;
f39799f5 3878 }
3fd24153 3879
7c307720 3880 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3881 if (err < 0)
3882 mgmt_pending_remove(cmd);
ff9ef578
JH		 3883 else
3884 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3885
3886failed:
09fd0de5 3887 hci_dev_unlock(hdev);
14a53664
JH		 3888 return err;
3889}
3890
1183fdca
AG		 3891static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3892{
3893 struct pending_cmd *cmd;
3894 int err;
3895
3896 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3897 if (!cmd)
3898 return -ENOENT;
3899
3900 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3901 &hdev->discovery.type, sizeof(hdev->discovery.type));
3902 mgmt_pending_remove(cmd);
3903
3904 return err;
3905}
3906
0e05bba6
AG		 3907static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3908{
3909 BT_DBG("status %d", status);
3910
3911 hci_dev_lock(hdev);
3912
3913 if (status) {
3914 mgmt_stop_discovery_failed(hdev, status);
3915 goto unlock;
3916 }
3917
3918 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3919
3920unlock:
3921 hci_dev_unlock(hdev);
3922}
3923
bdb6d971 3924static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3925 u16 len)
14a53664 3926{
d930650b 3927 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3928 struct pending_cmd *cmd;
0e05bba6 3929 struct hci_request req;
14a53664
JH		 3930 int err;
3931
bdb6d971 3932 BT_DBG("%s", hdev->name);
14a53664 3933
09fd0de5 3934 hci_dev_lock(hdev);
14a53664 3935
30dc78e1 3936 if (!hci_discovery_active(hdev)) {
bdb6d971 3937 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3938 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3939 sizeof(mgmt_cp->type));
d930650b
JH		 3940 goto unlock;
3941 }
3942
3943 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3944 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3945 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3946 sizeof(mgmt_cp->type));
30dc78e1 3947 goto unlock;
ff9ef578
JH		 3948 }
3949
2e58ef3e 3950 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3951 if (!cmd) {
3952 err = -ENOMEM;
30dc78e1
JH		 3953 goto unlock;
3954 }
3955
0e05bba6
AG		 3956 hci_req_init(&req, hdev);
3957
21a60d30 3958 hci_stop_discovery(&req);
e0d9727e 3959
21a60d30
JH		 3960 err = hci_req_run(&req, stop_discovery_complete);
3961 if (!err) {
3962 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3963 goto unlock;
14a53664
JH		 3964 }
3965
21a60d30
JH		 3966 mgmt_pending_remove(cmd);
3967
3968 /* If no HCI commands were sent we're done */
3969 if (err == -ENODATA) {
3970 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3971 &mgmt_cp->type, sizeof(mgmt_cp->type));
3972 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3973 }
14a53664 3974
30dc78e1 3975unlock:
09fd0de5 3976 hci_dev_unlock(hdev);
14a53664
JH		 3977 return err;
3978}
3979
bdb6d971 3980static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3981 u16 len)
561aafbc 3982{
650f726d 3983 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3984 struct inquiry_entry *e;
561aafbc
JH		 3985 int err;
3986
bdb6d971 3987 BT_DBG("%s", hdev->name);
561aafbc 3988
561aafbc
JH		 3989 hci_dev_lock(hdev);
3990
30dc78e1 3991 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3992 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3993 MGMT_STATUS_FAILED, &cp->addr,
3994 sizeof(cp->addr));
30dc78e1
JH		 3995 goto failed;
3996 }
3997
a198e7b1 3998 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3999 if (!e) {
d3a2541d
LR		 4000 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4001 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4002 sizeof(cp->addr));
561aafbc
JH		 4003 goto failed;
4004 }
4005
4006 if (cp->name_known) {
4007 e->name_state = NAME_KNOWN;
4008 list_del(&e->list);
4009 } else {
4010 e->name_state = NAME_NEEDED;
a3d4e20a 4011 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4012 }
4013
e384662b
JH		 4014 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4015 sizeof(cp->addr));
561aafbc
JH		 4016
4017failed:
4018 hci_dev_unlock(hdev);
561aafbc
JH		 4019 return err;
4020}
4021
bdb6d971 4022static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4023 u16 len)
7fbec224 4024{
650f726d 4025 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4026 u8 status;
7fbec224
AJ		 4027 int err;
4028
bdb6d971 4029 BT_DBG("%s", hdev->name);
7fbec224 4030
4ee71b20 4031 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4032 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4033 MGMT_STATUS_INVALID_PARAMS,
4034 &cp->addr, sizeof(cp->addr));
4ee71b20 4035
09fd0de5 4036 hci_dev_lock(hdev);
5e762444 4037
dcc36c16
JH		 4038 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4039 cp->addr.type);
2a8357f2 4040 if (err < 0) {
f0eeea8b 4041 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4042 goto done;
4043 }
4044
4045 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4046 sk);
4047 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4048
2a8357f2 4049done:
bdb6d971 4050 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4051 &cp->addr, sizeof(cp->addr));
5e762444 4052
09fd0de5 4053 hci_dev_unlock(hdev);
7fbec224
AJ		 4054
4055 return err;
4056}
4057
bdb6d971 4058static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4059 u16 len)
7fbec224 4060{
650f726d 4061 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4062 u8 status;
7fbec224
AJ		 4063 int err;
4064
bdb6d971 4065 BT_DBG("%s", hdev->name);
7fbec224 4066
4ee71b20 4067 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4068 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4069 MGMT_STATUS_INVALID_PARAMS,
4070 &cp->addr, sizeof(cp->addr));
4ee71b20 4071
09fd0de5 4072 hci_dev_lock(hdev);
5e762444 4073
dcc36c16
JH		 4074 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4075 cp->addr.type);
2a8357f2 4076 if (err < 0) {
f0eeea8b 4077 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4078 goto done;
4079 }
4080
4081 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4082 sk);
4083 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4084
2a8357f2 4085done:
bdb6d971 4086 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4087 &cp->addr, sizeof(cp->addr));
5e762444 4088
09fd0de5 4089 hci_dev_unlock(hdev);
7fbec224
AJ		 4090
4091 return err;
4092}
4093
cdbaccca
MH		 4094static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4095 u16 len)
4096{
4097 struct mgmt_cp_set_device_id *cp = data;
890ea898 4098 struct hci_request req;
cdbaccca 4099 int err;
c72d4b8a 4100 __u16 source;
cdbaccca
MH		 4101
4102 BT_DBG("%s", hdev->name);
4103
c72d4b8a
SJ		 4104 source = __le16_to_cpu(cp->source);
4105
4106 if (source > 0x0002)
4107 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4108 MGMT_STATUS_INVALID_PARAMS);
4109
cdbaccca
MH		 4110 hci_dev_lock(hdev);
4111
c72d4b8a 4112 hdev->devid_source = source;
cdbaccca
MH		 4113 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4114 hdev->devid_product = __le16_to_cpu(cp->product);
4115 hdev->devid_version = __le16_to_cpu(cp->version);
4116
4117 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4118
890ea898
JH		 4119 hci_req_init(&req, hdev);
4120 update_eir(&req);
4121 hci_req_run(&req, NULL);
cdbaccca
MH		 4122
4123 hci_dev_unlock(hdev);
4124
4125 return err;
4126}
4127
4375f103
JH		 4128static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4129{
4130 struct cmd_lookup match = { NULL, hdev };
4131
4132 if (status) {
4133 u8 mgmt_err = mgmt_status(status);
4134
4135 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4136 cmd_status_rsp, &mgmt_err);
4137 return;
4138 }
4139
c93bd150
JH		 4140 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4141 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4142 else
4143 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4144
4375f103
JH		 4145 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4146 &match);
4147
4148 new_settings(hdev, match.sk);
4149
4150 if (match.sk)
4151 sock_put(match.sk);
4152}
4153
21b5187f
MH		 4154static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4155 u16 len)
4375f103
JH		 4156{
4157 struct mgmt_mode *cp = data;
4158 struct pending_cmd *cmd;
4159 struct hci_request req;
e6fe7986 4160 u8 val, enabled, status;
4375f103
JH		 4161 int err;
4162
4163 BT_DBG("request for %s", hdev->name);
4164
e6fe7986
JH		 4165 status = mgmt_le_support(hdev);
4166 if (status)
4375f103 4167 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4168 status);
4375f103
JH		 4169
4170 if (cp->val != 0x00 && cp->val != 0x01)
4171 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4172 MGMT_STATUS_INVALID_PARAMS);
4173
4174 hci_dev_lock(hdev);
4175
4176 val = !!cp->val;
f3d3444a 4177 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4178
f74ca9b8
JH		 4179 /* The following conditions are ones which mean that we should
4180 * not do any HCI communication but directly send a mgmt
4181 * response to user space (after toggling the flag if
4182 * necessary).
4183 */
4184 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4185 hci_conn_num(hdev, LE_LINK) > 0 ||
4186 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4187 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4188 bool changed = false;
4189
f3d3444a
JH		 4190 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4191 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4192 changed = true;
4193 }
4194
4195 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4196 if (err < 0)
4197 goto unlock;
4198
4199 if (changed)
4200 err = new_settings(hdev, sk);
4201
4202 goto unlock;
4203 }
4204
4205 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4206 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4207 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4208 MGMT_STATUS_BUSY);
4209 goto unlock;
4210 }
4211
4212 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4213 if (!cmd) {
4214 err = -ENOMEM;
4215 goto unlock;
4216 }
4217
4218 hci_req_init(&req, hdev);
4219
bba3aa55
MH		 4220 if (val)
4221 enable_advertising(&req);
4222 else
4223 disable_advertising(&req);
4375f103
JH		 4224
4225 err = hci_req_run(&req, set_advertising_complete);
4226 if (err < 0)
4227 mgmt_pending_remove(cmd);
4228
4229unlock:
4230 hci_dev_unlock(hdev);
4231 return err;
4232}
4233
d13eafce
MH		 4234static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4235 void *data, u16 len)
4236{
4237 struct mgmt_cp_set_static_address *cp = data;
4238 int err;
4239
4240 BT_DBG("%s", hdev->name);
4241
62af4443 4242 if (!lmp_le_capable(hdev))
d13eafce 4243 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4244 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4245
4246 if (hdev_is_powered(hdev))
4247 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4248 MGMT_STATUS_REJECTED);
4249
4250 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4251 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4252 return cmd_status(sk, hdev->id,
4253 MGMT_OP_SET_STATIC_ADDRESS,
4254 MGMT_STATUS_INVALID_PARAMS);
4255
4256 /* Two most significant bits shall be set */
4257 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4258 return cmd_status(sk, hdev->id,
4259 MGMT_OP_SET_STATIC_ADDRESS,
4260 MGMT_STATUS_INVALID_PARAMS);
4261 }
4262
4263 hci_dev_lock(hdev);
4264
4265 bacpy(&hdev->static_addr, &cp->bdaddr);
4266
4267 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4268
4269 hci_dev_unlock(hdev);
4270
4271 return err;
4272}
4273
14b49b9a
MH		 4274static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4275 void *data, u16 len)
4276{
4277 struct mgmt_cp_set_scan_params *cp = data;
4278 __u16 interval, window;
4279 int err;
4280
4281 BT_DBG("%s", hdev->name);
4282
4283 if (!lmp_le_capable(hdev))
4284 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4285 MGMT_STATUS_NOT_SUPPORTED);
4286
4287 interval = __le16_to_cpu(cp->interval);
4288
4289 if (interval < 0x0004 || interval > 0x4000)
4290 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4291 MGMT_STATUS_INVALID_PARAMS);
4292
4293 window = __le16_to_cpu(cp->window);
4294
4295 if (window < 0x0004 || window > 0x4000)
4296 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4297 MGMT_STATUS_INVALID_PARAMS);
4298
899e1075
MH		 4299 if (window > interval)
4300 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4301 MGMT_STATUS_INVALID_PARAMS);
4302
14b49b9a
MH		 4303 hci_dev_lock(hdev);
4304
4305 hdev->le_scan_interval = interval;
4306 hdev->le_scan_window = window;
4307
4308 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4309
dd2ef8e2
AG		 4310 /* If background scan is running, restart it so new parameters are
4311 * loaded.
4312 */
4313 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4314 hdev->discovery.state == DISCOVERY_STOPPED) {
4315 struct hci_request req;
4316
4317 hci_req_init(&req, hdev);
4318
4319 hci_req_add_le_scan_disable(&req);
4320 hci_req_add_le_passive_scan(&req);
4321
4322 hci_req_run(&req, NULL);
4323 }
4324
14b49b9a
MH		 4325 hci_dev_unlock(hdev);
4326
4327 return err;
4328}
4329
33e38b3e
JH		 4330static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4331{
4332 struct pending_cmd *cmd;
4333
4334 BT_DBG("status 0x%02x", status);
4335
4336 hci_dev_lock(hdev);
4337
4338 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4339 if (!cmd)
4340 goto unlock;
4341
4342 if (status) {
4343 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4344 mgmt_status(status));
4345 } else {
1a4d3c4b
JH		 4346 struct mgmt_mode *cp = cmd->param;
4347
4348 if (cp->val)
4349 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4350 else
4351 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4352
33e38b3e
JH		 4353 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4354 new_settings(hdev, cmd->sk);
4355 }
4356
4357 mgmt_pending_remove(cmd);
4358
4359unlock:
4360 hci_dev_unlock(hdev);
4361}
4362
bdb6d971 4363static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4364 void *data, u16 len)
f6422ec6 4365{
650f726d 4366 struct mgmt_mode *cp = data;
33e38b3e
JH		 4367 struct pending_cmd *cmd;
4368 struct hci_request req;
f6422ec6
AJ		 4369 int err;
4370
bdb6d971 4371 BT_DBG("%s", hdev->name);
f6422ec6 4372
56f87901
JH		 4373 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4374 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4375 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4376 MGMT_STATUS_NOT_SUPPORTED);
4377
a7e80f25
JH		 4378 if (cp->val != 0x00 && cp->val != 0x01)
4379 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4380 MGMT_STATUS_INVALID_PARAMS);
4381
5400c044 4382 if (!hdev_is_powered(hdev))
bdb6d971 4383 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4384 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4385
4386 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4387 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4388 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4389
4390 hci_dev_lock(hdev);
4391
05cbf29f
JH		 4392 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4394 MGMT_STATUS_BUSY);
4395 goto unlock;
4396 }
4397
1a4d3c4b
JH		 4398 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4399 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4400 hdev);
4401 goto unlock;
4402 }
4403
33e38b3e
JH		 4404 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4405 data, len);
4406 if (!cmd) {
4407 err = -ENOMEM;
4408 goto unlock;
f6422ec6
AJ		 4409 }
4410
33e38b3e
JH		 4411 hci_req_init(&req, hdev);
4412
406d7804 4413 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4414
4415 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4416 if (err < 0) {
bdb6d971 4417 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4418 MGMT_STATUS_FAILED);
33e38b3e 4419 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4420 }
4421
33e38b3e 4422unlock:
f6422ec6 4423 hci_dev_unlock(hdev);
33e38b3e 4424
f6422ec6
AJ		 4425 return err;
4426}
4427
0663ca2a
JH		 4428static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4429{
4430 struct pending_cmd *cmd;
4431
4432 BT_DBG("status 0x%02x", status);
4433
4434 hci_dev_lock(hdev);
4435
4436 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4437 if (!cmd)
4438 goto unlock;
4439
4440 if (status) {
4441 u8 mgmt_err = mgmt_status(status);
4442
4443 /* We need to restore the flag if related HCI commands
4444 * failed.
4445 */
4446 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4447
4448 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4449 } else {
4450 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4451 new_settings(hdev, cmd->sk);
4452 }
4453
4454 mgmt_pending_remove(cmd);
4455
4456unlock:
4457 hci_dev_unlock(hdev);
4458}
4459
4460static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4461{
4462 struct mgmt_mode *cp = data;
4463 struct pending_cmd *cmd;
4464 struct hci_request req;
4465 int err;
4466
4467 BT_DBG("request for %s", hdev->name);
4468
4469 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4470 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4471 MGMT_STATUS_NOT_SUPPORTED);
4472
4473 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4474 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4475 MGMT_STATUS_REJECTED);
4476
4477 if (cp->val != 0x00 && cp->val != 0x01)
4478 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4479 MGMT_STATUS_INVALID_PARAMS);
4480
4481 hci_dev_lock(hdev);
4482
4483 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4484 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4485 goto unlock;
4486 }
4487
4488 if (!hdev_is_powered(hdev)) {
4489 if (!cp->val) {
0663ca2a
JH		 4490 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4491 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4492 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4493 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4494 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4495 }
4496
4497 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4498
4499 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4500 if (err < 0)
4501 goto unlock;
4502
4503 err = new_settings(hdev, sk);
4504 goto unlock;
4505 }
4506
4507 /* Reject disabling when powered on */
4508 if (!cp->val) {
4509 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4510 MGMT_STATUS_REJECTED);
4511 goto unlock;
4512 }
4513
4514 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4515 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4516 MGMT_STATUS_BUSY);
4517 goto unlock;
4518 }
4519
4520 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4521 if (!cmd) {
4522 err = -ENOMEM;
4523 goto unlock;
4524 }
4525
5947f4bc 4526 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4527 * generates the correct flags.
4528 */
4529 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4530
4531 hci_req_init(&req, hdev);
aa8af46e 4532
432df05e
JH		 4533 write_fast_connectable(&req, false);
4534 hci_update_page_scan(hdev, &req);
aa8af46e 4535
f14d8f64
MH		 4536 /* Since only the advertising data flags will change, there
4537 * is no need to update the scan response data.
4538 */
5947f4bc 4539 update_adv_data(&req);
aa8af46e 4540
0663ca2a
JH		 4541 err = hci_req_run(&req, set_bredr_complete);
4542 if (err < 0)
4543 mgmt_pending_remove(cmd);
4544
4545unlock:
4546 hci_dev_unlock(hdev);
4547 return err;
4548}
4549
eac83dc6
MH		 4550static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4551 void *data, u16 len)
4552{
4553 struct mgmt_mode *cp = data;
4554 struct pending_cmd *cmd;
0ab04a9c 4555 u8 val, status;
eac83dc6
MH		 4556 int err;
4557
4558 BT_DBG("request for %s", hdev->name);
4559
4560 status = mgmt_bredr_support(hdev);
4561 if (status)
4562 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4563 status);
4564
5afeac14 4565 if (!lmp_sc_capable(hdev) &&
111902f7 4566 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4567 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4568 MGMT_STATUS_NOT_SUPPORTED);
4569
0ab04a9c 4570 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4571 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4572 MGMT_STATUS_INVALID_PARAMS);
4573
4574 hci_dev_lock(hdev);
4575
4576 if (!hdev_is_powered(hdev)) {
4577 bool changed;
4578
0ab04a9c 4579 if (cp->val) {
eac83dc6
MH		 4580 changed = !test_and_set_bit(HCI_SC_ENABLED,
4581 &hdev->dev_flags);
0ab04a9c
MH		 4582 if (cp->val == 0x02)
4583 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4584 else
4585 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4586 } else {
eac83dc6
MH		 4587 changed = test_and_clear_bit(HCI_SC_ENABLED,
4588 &hdev->dev_flags);
0ab04a9c
MH		 4589 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4590 }
eac83dc6
MH		 4591
4592 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4593 if (err < 0)
4594 goto failed;
4595
4596 if (changed)
4597 err = new_settings(hdev, sk);
4598
4599 goto failed;
4600 }
4601
4602 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4603 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4604 MGMT_STATUS_BUSY);
4605 goto failed;
4606 }
4607
0ab04a9c
MH		 4608 val = !!cp->val;
4609
4610 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4611 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4612 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4613 goto failed;
4614 }
4615
4616 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4617 if (!cmd) {
4618 err = -ENOMEM;
4619 goto failed;
4620 }
4621
0ab04a9c 4622 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4623 if (err < 0) {
4624 mgmt_pending_remove(cmd);
4625 goto failed;
4626 }
4627
0ab04a9c
MH		 4628 if (cp->val == 0x02)
4629 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4630 else
4631 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4632
eac83dc6
MH		 4633failed:
4634 hci_dev_unlock(hdev);
4635 return err;
4636}
4637
4e39ac81
MH		 4638static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4639 void *data, u16 len)
4640{
4641 struct mgmt_mode *cp = data;
b9710979 4642 bool changed, use_changed;
4e39ac81
MH		 4643 int err;
4644
4645 BT_DBG("request for %s", hdev->name);
4646
b9710979 4647 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4648 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4649 MGMT_STATUS_INVALID_PARAMS);
4650
4651 hci_dev_lock(hdev);
4652
4653 if (cp->val)
0663b297
JH		 4654 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4655 &hdev->dev_flags);
4e39ac81 4656 else
0663b297
JH		 4657 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4658 &hdev->dev_flags);
4e39ac81 4659
b9710979
JH		 4660 if (cp->val == 0x02)
4661 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4662 &hdev->dev_flags);
4663 else
4664 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4665 &hdev->dev_flags);
4666
4667 if (hdev_is_powered(hdev) && use_changed &&
4668 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4669 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4670 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4671 sizeof(mode), &mode);
4672 }
4673
4e39ac81
MH		 4674 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4675 if (err < 0)
4676 goto unlock;
4677
4678 if (changed)
4679 err = new_settings(hdev, sk);
4680
4681unlock:
4682 hci_dev_unlock(hdev);
4683 return err;
4684}
4685
62b04cd1
JH		 4686static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4687 u16 len)
4688{
4689 struct mgmt_cp_set_privacy *cp = cp_data;
4690 bool changed;
4691 int err;
4692
4693 BT_DBG("request for %s", hdev->name);
4694
4695 if (!lmp_le_capable(hdev))
4696 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4697 MGMT_STATUS_NOT_SUPPORTED);
4698
4699 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4700 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4701 MGMT_STATUS_INVALID_PARAMS);
4702
4703 if (hdev_is_powered(hdev))
4704 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4705 MGMT_STATUS_REJECTED);
4706
4707 hci_dev_lock(hdev);
4708
c21c0ea0
JH		 4709 /* If user space supports this command it is also expected to
4710 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4711 */
4712 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4713
62b04cd1
JH		 4714 if (cp->privacy) {
4715 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4716 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4717 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4718 } else {
4719 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4720 memset(hdev->irk, 0, sizeof(hdev->irk));
4721 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4722 }
4723
4724 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4725 if (err < 0)
4726 goto unlock;
4727
4728 if (changed)
4729 err = new_settings(hdev, sk);
4730
4731unlock:
4732 hci_dev_unlock(hdev);
4733 return err;
4734}
4735
41edf160
JH		 4736static bool irk_is_valid(struct mgmt_irk_info *irk)
4737{
4738 switch (irk->addr.type) {
4739 case BDADDR_LE_PUBLIC:
4740 return true;
4741
4742 case BDADDR_LE_RANDOM:
4743 /* Two most significant bits shall be set */
4744 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4745 return false;
4746 return true;
4747 }
4748
4749 return false;
4750}
4751
4752static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4753 u16 len)
4754{
4755 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4756 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4757 sizeof(struct mgmt_irk_info));
41edf160
JH		 4758 u16 irk_count, expected_len;
4759 int i, err;
4760
4761 BT_DBG("request for %s", hdev->name);
4762
4763 if (!lmp_le_capable(hdev))
4764 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4765 MGMT_STATUS_NOT_SUPPORTED);
4766
4767 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4768 if (irk_count > max_irk_count) {
4769 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4770 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4771 MGMT_STATUS_INVALID_PARAMS);
4772 }
41edf160
JH		 4773
4774 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4775 if (expected_len != len) {
4776 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4777 expected_len, len);
41edf160
JH		 4778 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4779 MGMT_STATUS_INVALID_PARAMS);
4780 }
4781
4782 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4783
4784 for (i = 0; i < irk_count; i++) {
4785 struct mgmt_irk_info *key = &cp->irks[i];
4786
4787 if (!irk_is_valid(key))
4788 return cmd_status(sk, hdev->id,
4789 MGMT_OP_LOAD_IRKS,
4790 MGMT_STATUS_INVALID_PARAMS);
4791 }
4792
4793 hci_dev_lock(hdev);
4794
4795 hci_smp_irks_clear(hdev);
4796
4797 for (i = 0; i < irk_count; i++) {
4798 struct mgmt_irk_info *irk = &cp->irks[i];
4799 u8 addr_type;
4800
4801 if (irk->addr.type == BDADDR_LE_PUBLIC)
4802 addr_type = ADDR_LE_DEV_PUBLIC;
4803 else
4804 addr_type = ADDR_LE_DEV_RANDOM;
4805
4806 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4807 BDADDR_ANY);
4808 }
4809
4810 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4811
4812 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4813
4814 hci_dev_unlock(hdev);
4815
4816 return err;
4817}
4818
3f706b72
JH		 4819static bool ltk_is_valid(struct mgmt_ltk_info *key)
4820{
4821 if (key->master != 0x00 && key->master != 0x01)
4822 return false;
490cb0b3
MH		 4823
4824 switch (key->addr.type) {
4825 case BDADDR_LE_PUBLIC:
4826 return true;
4827
4828 case BDADDR_LE_RANDOM:
4829 /* Two most significant bits shall be set */
4830 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4831 return false;
4832 return true;
4833 }
4834
4835 return false;
3f706b72
JH		 4836}
4837
bdb6d971 4838static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4839 void *cp_data, u16 len)
346af67b 4840{
346af67b 4841 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4842 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4843 sizeof(struct mgmt_ltk_info));
346af67b 4844 u16 key_count, expected_len;
715a5bf2 4845 int i, err;
346af67b 4846
cf99ba13
MH		 4847 BT_DBG("request for %s", hdev->name);
4848
4849 if (!lmp_le_capable(hdev))
4850 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4851 MGMT_STATUS_NOT_SUPPORTED);
4852
1f350c87 4853 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4854 if (key_count > max_key_count) {
4855 BT_ERR("load_ltks: too big key_count value %u", key_count);
4856 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4857 MGMT_STATUS_INVALID_PARAMS);
4858 }
346af67b
VCG		 4859
4860 expected_len = sizeof(*cp) + key_count *
4861 sizeof(struct mgmt_ltk_info);
4862 if (expected_len != len) {
4863 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4864 expected_len, len);
bdb6d971 4865 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4866 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4867 }
4868
bdb6d971 4869 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4870
54ad6d8a
JH		 4871 for (i = 0; i < key_count; i++) {
4872 struct mgmt_ltk_info *key = &cp->keys[i];
4873
3f706b72 4874 if (!ltk_is_valid(key))
54ad6d8a
JH		 4875 return cmd_status(sk, hdev->id,
4876 MGMT_OP_LOAD_LONG_TERM_KEYS,
4877 MGMT_STATUS_INVALID_PARAMS);
4878 }
4879
346af67b
VCG		 4880 hci_dev_lock(hdev);
4881
4882 hci_smp_ltks_clear(hdev);
4883
4884 for (i = 0; i < key_count; i++) {
4885 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4886 u8 type, addr_type, authenticated;
79d95a19
MH		 4887
4888 if (key->addr.type == BDADDR_LE_PUBLIC)
4889 addr_type = ADDR_LE_DEV_PUBLIC;
4890 else
4891 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4892
4893 if (key->master)
2ceba539 4894 type = SMP_LTK;
346af67b 4895 else
2ceba539 4896 type = SMP_LTK_SLAVE;
346af67b 4897
61b43357
JH		 4898 switch (key->type) {
4899 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4900 authenticated = 0x00;
61b43357
JH		 4901 break;
4902 case MGMT_LTK_AUTHENTICATED:
d7b25450 4903 authenticated = 0x01;
61b43357
JH		 4904 break;
4905 default:
4906 continue;
4907 }
d7b25450 4908
35d70271 4909 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4910 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4911 key->rand);
346af67b
VCG		 4912 }
4913
715a5bf2
JH		 4914 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4915 NULL, 0);
4916
346af67b 4917 hci_dev_unlock(hdev);
346af67b 4918
715a5bf2 4919 return err;
346af67b
VCG		 4920}
4921
dd983808
AK		 4922struct cmd_conn_lookup {
4923 struct hci_conn *conn;
4924 bool valid_tx_power;
4925 u8 mgmt_status;
4926};
4927
4928static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4929{
4930 struct cmd_conn_lookup *match = data;
4931 struct mgmt_cp_get_conn_info *cp;
4932 struct mgmt_rp_get_conn_info rp;
4933 struct hci_conn *conn = cmd->user_data;
4934
4935 if (conn != match->conn)
4936 return;
4937
4938 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4939
4940 memset(&rp, 0, sizeof(rp));
4941 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4942 rp.addr.type = cp->addr.type;
4943
4944 if (!match->mgmt_status) {
4945 rp.rssi = conn->rssi;
4946
eed5daf3 4947 if (match->valid_tx_power) {
dd983808 4948 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4949 rp.max_tx_power = conn->max_tx_power;
4950 } else {
dd983808 4951 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4952 rp.max_tx_power = HCI_TX_POWER_INVALID;
4953 }
dd983808
AK		 4954 }
4955
4956 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4957 match->mgmt_status, &rp, sizeof(rp));
4958
4959 hci_conn_drop(conn);
f8aaf9b6 4960 hci_conn_put(conn);
dd983808
AK		 4961
4962 mgmt_pending_remove(cmd);
4963}
4964
4965static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4966{
4967 struct hci_cp_read_rssi *cp;
4968 struct hci_conn *conn;
4969 struct cmd_conn_lookup match;
4970 u16 handle;
4971
4972 BT_DBG("status 0x%02x", status);
4973
4974 hci_dev_lock(hdev);
4975
4976 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4977 * otherwise we assume it's not valid. At the moment we assume that
4978 * either both or none of current and max values are valid to keep code
4979 * simple.
dd983808
AK		 4980 */
4981 match.valid_tx_power = !status;
4982
4983 /* Commands sent in request are either Read RSSI or Read Transmit Power
4984 * Level so we check which one was last sent to retrieve connection
4985 * handle. Both commands have handle as first parameter so it's safe to
4986 * cast data on the same command struct.
4987 *
4988 * First command sent is always Read RSSI and we fail only if it fails.
4989 * In other case we simply override error to indicate success as we
4990 * already remembered if TX power value is actually valid.
4991 */
4992 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4993 if (!cp) {
4994 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4995 status = 0;
4996 }
4997
4998 if (!cp) {
4999 BT_ERR("invalid sent_cmd in response");
5000 goto unlock;
5001 }
5002
5003 handle = __le16_to_cpu(cp->handle);
5004 conn = hci_conn_hash_lookup_handle(hdev, handle);
5005 if (!conn) {
5006 BT_ERR("unknown handle (%d) in response", handle);
5007 goto unlock;
5008 }
5009
5010 match.conn = conn;
5011 match.mgmt_status = mgmt_status(status);
5012
5013 /* Cache refresh is complete, now reply for mgmt request for given
5014 * connection only.
5015 */
5016 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
5017 get_conn_info_complete, &match);
5018
5019unlock:
5020 hci_dev_unlock(hdev);
5021}
5022
5023static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5024 u16 len)
5025{
5026 struct mgmt_cp_get_conn_info *cp = data;
5027 struct mgmt_rp_get_conn_info rp;
5028 struct hci_conn *conn;
5029 unsigned long conn_info_age;
5030 int err = 0;
5031
5032 BT_DBG("%s", hdev->name);
5033
5034 memset(&rp, 0, sizeof(rp));
5035 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5036 rp.addr.type = cp->addr.type;
5037
5038 if (!bdaddr_type_is_valid(cp->addr.type))
5039 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5040 MGMT_STATUS_INVALID_PARAMS,
5041 &rp, sizeof(rp));
5042
5043 hci_dev_lock(hdev);
5044
5045 if (!hdev_is_powered(hdev)) {
5046 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5047 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5048 goto unlock;
5049 }
5050
5051 if (cp->addr.type == BDADDR_BREDR)
5052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5053 &cp->addr.bdaddr);
5054 else
5055 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5056
5057 if (!conn || conn->state != BT_CONNECTED) {
5058 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5059 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5060 goto unlock;
5061 }
5062
5063 /* To avoid client trying to guess when to poll again for information we
5064 * calculate conn info age as random value between min/max set in hdev.
5065 */
5066 conn_info_age = hdev->conn_info_min_age +
5067 prandom_u32_max(hdev->conn_info_max_age -
5068 hdev->conn_info_min_age);
5069
5070 /* Query controller to refresh cached values if they are too old or were
5071 * never read.
5072 */
f4e2dd53
AK		 5073 if (time_after(jiffies, conn->conn_info_timestamp +
5074 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5075 !conn->conn_info_timestamp) {
5076 struct hci_request req;
5077 struct hci_cp_read_tx_power req_txp_cp;
5078 struct hci_cp_read_rssi req_rssi_cp;
5079 struct pending_cmd *cmd;
5080
5081 hci_req_init(&req, hdev);
5082 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5083 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5084 &req_rssi_cp);
5085
f7faab0c
AK		 5086 /* For LE links TX power does not change thus we don't need to
5087 * query for it once value is known.
5088 */
5089 if (!bdaddr_type_is_le(cp->addr.type) ||
5090 conn->tx_power == HCI_TX_POWER_INVALID) {
5091 req_txp_cp.handle = cpu_to_le16(conn->handle);
5092 req_txp_cp.type = 0x00;
5093 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5094 sizeof(req_txp_cp), &req_txp_cp);
5095 }
dd983808 5096
eed5daf3
AK		 5097 /* Max TX power needs to be read only once per connection */
5098 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5099 req_txp_cp.handle = cpu_to_le16(conn->handle);
5100 req_txp_cp.type = 0x01;
5101 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5102 sizeof(req_txp_cp), &req_txp_cp);
5103 }
5104
dd983808
AK		 5105 err = hci_req_run(&req, conn_info_refresh_complete);
5106 if (err < 0)
5107 goto unlock;
5108
5109 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5110 data, len);
5111 if (!cmd) {
5112 err = -ENOMEM;
5113 goto unlock;
5114 }
5115
5116 hci_conn_hold(conn);
f8aaf9b6 5117 cmd->user_data = hci_conn_get(conn);
dd983808
AK		 5118
5119 conn->conn_info_timestamp = jiffies;
5120 } else {
5121 /* Cache is valid, just reply with values cached in hci_conn */
5122 rp.rssi = conn->rssi;
5123 rp.tx_power = conn->tx_power;
eed5daf3 5124 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5125
5126 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5127 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5128 }
5129
5130unlock:
5131 hci_dev_unlock(hdev);
5132 return err;
5133}
5134
95868426
JH		 5135static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5136{
5137 struct mgmt_cp_get_clock_info *cp;
5138 struct mgmt_rp_get_clock_info rp;
5139 struct hci_cp_read_clock *hci_cp;
5140 struct pending_cmd *cmd;
5141 struct hci_conn *conn;
5142
5143 BT_DBG("%s status %u", hdev->name, status);
5144
5145 hci_dev_lock(hdev);
5146
5147 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5148 if (!hci_cp)
5149 goto unlock;
5150
5151 if (hci_cp->which) {
5152 u16 handle = __le16_to_cpu(hci_cp->handle);
5153 conn = hci_conn_hash_lookup_handle(hdev, handle);
5154 } else {
5155 conn = NULL;
5156 }
5157
5158 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5159 if (!cmd)
5160 goto unlock;
5161
5162 cp = cmd->param;
5163
5164 memset(&rp, 0, sizeof(rp));
5165 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5166
5167 if (status)
5168 goto send_rsp;
5169
5170 rp.local_clock = cpu_to_le32(hdev->clock);
5171
5172 if (conn) {
5173 rp.piconet_clock = cpu_to_le32(conn->clock);
5174 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5175 }
5176
5177send_rsp:
5178 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5179 &rp, sizeof(rp));
5180 mgmt_pending_remove(cmd);
f8aaf9b6 5181 if (conn) {
95868426 5182 hci_conn_drop(conn);
f8aaf9b6
JH		 5183 hci_conn_put(conn);
5184 }
95868426
JH		 5185
5186unlock:
5187 hci_dev_unlock(hdev);
5188}
5189
5190static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5191 u16 len)
5192{
5193 struct mgmt_cp_get_clock_info *cp = data;
5194 struct mgmt_rp_get_clock_info rp;
5195 struct hci_cp_read_clock hci_cp;
5196 struct pending_cmd *cmd;
5197 struct hci_request req;
5198 struct hci_conn *conn;
5199 int err;
5200
5201 BT_DBG("%s", hdev->name);
5202
5203 memset(&rp, 0, sizeof(rp));
5204 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5205 rp.addr.type = cp->addr.type;
5206
5207 if (cp->addr.type != BDADDR_BREDR)
5208 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5209 MGMT_STATUS_INVALID_PARAMS,
5210 &rp, sizeof(rp));
5211
5212 hci_dev_lock(hdev);
5213
5214 if (!hdev_is_powered(hdev)) {
5215 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5216 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5217 goto unlock;
5218 }
5219
5220 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5221 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5222 &cp->addr.bdaddr);
5223 if (!conn || conn->state != BT_CONNECTED) {
5224 err = cmd_complete(sk, hdev->id,
5225 MGMT_OP_GET_CLOCK_INFO,
5226 MGMT_STATUS_NOT_CONNECTED,
5227 &rp, sizeof(rp));
5228 goto unlock;
5229 }
5230 } else {
5231 conn = NULL;
5232 }
5233
5234 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5235 if (!cmd) {
5236 err = -ENOMEM;
5237 goto unlock;
5238 }
5239
5240 hci_req_init(&req, hdev);
5241
5242 memset(&hci_cp, 0, sizeof(hci_cp));
5243 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5244
5245 if (conn) {
5246 hci_conn_hold(conn);
f8aaf9b6 5247 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5248
5249 hci_cp.handle = cpu_to_le16(conn->handle);
5250 hci_cp.which = 0x01; /* Piconet clock */
5251 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5252 }
5253
5254 err = hci_req_run(&req, get_clock_info_complete);
5255 if (err < 0)
5256 mgmt_pending_remove(cmd);
5257
5258unlock:
5259 hci_dev_unlock(hdev);
5260 return err;
5261}
5262
8afef092
MH		 5263static void device_added(struct sock *sk, struct hci_dev *hdev,
5264 bdaddr_t *bdaddr, u8 type, u8 action)
5265{
5266 struct mgmt_ev_device_added ev;
5267
5268 bacpy(&ev.addr.bdaddr, bdaddr);
5269 ev.addr.type = type;
5270 ev.action = action;
5271
5272 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5273}
5274
2faade53
MH		 5275static int add_device(struct sock *sk, struct hci_dev *hdev,
5276 void *data, u16 len)
5277{
5278 struct mgmt_cp_add_device *cp = data;
5279 u8 auto_conn, addr_type;
5280 int err;
5281
5282 BT_DBG("%s", hdev->name);
5283
6659358e 5284 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5285 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5286 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5287 MGMT_STATUS_INVALID_PARAMS,
5288 &cp->addr, sizeof(cp->addr));
5289
4b9e7e75 5290 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5291 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5292 MGMT_STATUS_INVALID_PARAMS,
5293 &cp->addr, sizeof(cp->addr));
5294
5295 hci_dev_lock(hdev);
5296
6659358e 5297 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5298 /* Only incoming connections action is supported for now */
6659358e
JH		 5299 if (cp->action != 0x01) {
5300 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5301 MGMT_STATUS_INVALID_PARAMS,
5302 &cp->addr, sizeof(cp->addr));
5303 goto unlock;
5304 }
5305
5306 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5307 cp->addr.type);
5308 if (err)
5309 goto unlock;
a397407f 5310
432df05e 5311 hci_update_page_scan(hdev, NULL);
a397407f 5312
6659358e
JH		 5313 goto added;
5314 }
5315
2faade53
MH		 5316 if (cp->addr.type == BDADDR_LE_PUBLIC)
5317 addr_type = ADDR_LE_DEV_PUBLIC;
5318 else
5319 addr_type = ADDR_LE_DEV_RANDOM;
5320
4b9e7e75 5321 if (cp->action == 0x02)
2faade53 5322 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5323 else if (cp->action == 0x01)
5324 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5325 else
a3451d27 5326 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5327
bf5b3c8b
MH		 5328 /* If the connection parameters don't exist for this device,
5329 * they will be created and configured with defaults.
5330 */
d06b50ce
MH		 5331 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5332 auto_conn) < 0) {
2faade53
MH		 5333 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5334 MGMT_STATUS_FAILED,
5335 &cp->addr, sizeof(cp->addr));
5336 goto unlock;
5337 }
5338
6659358e 5339added:
8afef092
MH		 5340 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5341
2faade53
MH		 5342 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5343 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5344
5345unlock:
5346 hci_dev_unlock(hdev);
5347 return err;
5348}
5349
8afef092
MH		 5350static void device_removed(struct sock *sk, struct hci_dev *hdev,
5351 bdaddr_t *bdaddr, u8 type)
5352{
5353 struct mgmt_ev_device_removed ev;
5354
5355 bacpy(&ev.addr.bdaddr, bdaddr);
5356 ev.addr.type = type;
5357
5358 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5359}
5360
2faade53
MH		 5361static int remove_device(struct sock *sk, struct hci_dev *hdev,
5362 void *data, u16 len)
5363{
5364 struct mgmt_cp_remove_device *cp = data;
5365 int err;
5366
5367 BT_DBG("%s", hdev->name);
5368
5369 hci_dev_lock(hdev);
5370
5371 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5372 struct hci_conn_params *params;
2faade53
MH		 5373 u8 addr_type;
5374
6659358e 5375 if (!bdaddr_type_is_valid(cp->addr.type)) {
2faade53
MH		 5376 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5377 MGMT_STATUS_INVALID_PARAMS,
5378 &cp->addr, sizeof(cp->addr));
5379 goto unlock;
5380 }
5381
6659358e
JH		 5382 if (cp->addr.type == BDADDR_BREDR) {
5383 err = hci_bdaddr_list_del(&hdev->whitelist,
5384 &cp->addr.bdaddr,
5385 cp->addr.type);
5386 if (err) {
5387 err = cmd_complete(sk, hdev->id,
5388 MGMT_OP_REMOVE_DEVICE,
5389 MGMT_STATUS_INVALID_PARAMS,
5390 &cp->addr, sizeof(cp->addr));
5391 goto unlock;
5392 }
5393
432df05e 5394 hci_update_page_scan(hdev, NULL);
a397407f 5395
6659358e
JH		 5396 device_removed(sk, hdev, &cp->addr.bdaddr,
5397 cp->addr.type);
5398 goto complete;
5399 }
5400
2faade53
MH		 5401 if (cp->addr.type == BDADDR_LE_PUBLIC)
5402 addr_type = ADDR_LE_DEV_PUBLIC;
5403 else
5404 addr_type = ADDR_LE_DEV_RANDOM;
5405
c71593dd
JH		 5406 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5407 addr_type);
5408 if (!params) {
5409 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5410 MGMT_STATUS_INVALID_PARAMS,
5411 &cp->addr, sizeof(cp->addr));
5412 goto unlock;
5413 }
5414
5415 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5416 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5417 MGMT_STATUS_INVALID_PARAMS,
5418 &cp->addr, sizeof(cp->addr));
5419 goto unlock;
5420 }
5421
d1dbf12e 5422 list_del(&params->action);
c71593dd
JH		 5423 list_del(&params->list);
5424 kfree(params);
95305baa 5425 hci_update_background_scan(hdev);
8afef092
MH		 5426
5427 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5428 } else {
19de0825 5429 struct hci_conn_params *p, *tmp;
6659358e 5430 struct bdaddr_list *b, *btmp;
19de0825 5431
2faade53
MH		 5432 if (cp->addr.type) {
5433 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5434 MGMT_STATUS_INVALID_PARAMS,
5435 &cp->addr, sizeof(cp->addr));
5436 goto unlock;
5437 }
5438
6659358e
JH		 5439 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5440 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5441 list_del(&b->list);
5442 kfree(b);
5443 }
5444
432df05e 5445 hci_update_page_scan(hdev, NULL);
a397407f 5446
19de0825
JH		 5447 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5448 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5449 continue;
5450 device_removed(sk, hdev, &p->addr, p->addr_type);
5451 list_del(&p->action);
5452 list_del(&p->list);
5453 kfree(p);
5454 }
5455
5456 BT_DBG("All LE connection parameters were removed");
5457
5458 hci_update_background_scan(hdev);
2faade53
MH		 5459 }
5460
6659358e 5461complete:
2faade53
MH		 5462 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5463 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5464
5465unlock:
5466 hci_dev_unlock(hdev);
5467 return err;
5468}
5469
a26f3dcf
JH		 5470static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5471 u16 len)
5472{
5473 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5474 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5475 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5476 u16 param_count, expected_len;
5477 int i;
5478
5479 if (!lmp_le_capable(hdev))
5480 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5481 MGMT_STATUS_NOT_SUPPORTED);
5482
5483 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5484 if (param_count > max_param_count) {
5485 BT_ERR("load_conn_param: too big param_count value %u",
5486 param_count);
5487 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5488 MGMT_STATUS_INVALID_PARAMS);
5489 }
a26f3dcf
JH		 5490
5491 expected_len = sizeof(*cp) + param_count *
5492 sizeof(struct mgmt_conn_param);
5493 if (expected_len != len) {
5494 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5495 expected_len, len);
5496 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5497 MGMT_STATUS_INVALID_PARAMS);
5498 }
5499
5500 BT_DBG("%s param_count %u", hdev->name, param_count);
5501
5502 hci_dev_lock(hdev);
5503
5504 hci_conn_params_clear_disabled(hdev);
5505
5506 for (i = 0; i < param_count; i++) {
5507 struct mgmt_conn_param *param = &cp->params[i];
5508 struct hci_conn_params *hci_param;
5509 u16 min, max, latency, timeout;
5510 u8 addr_type;
5511
5512 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5513 param->addr.type);
5514
5515 if (param->addr.type == BDADDR_LE_PUBLIC) {
5516 addr_type = ADDR_LE_DEV_PUBLIC;
5517 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5518 addr_type = ADDR_LE_DEV_RANDOM;
5519 } else {
5520 BT_ERR("Ignoring invalid connection parameters");
5521 continue;
5522 }
5523
5524 min = le16_to_cpu(param->min_interval);
5525 max = le16_to_cpu(param->max_interval);
5526 latency = le16_to_cpu(param->latency);
5527 timeout = le16_to_cpu(param->timeout);
5528
5529 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5530 min, max, latency, timeout);
5531
5532 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5533 BT_ERR("Ignoring invalid connection parameters");
5534 continue;
5535 }
5536
5537 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5538 addr_type);
5539 if (!hci_param) {
5540 BT_ERR("Failed to add connection parameters");
5541 continue;
5542 }
5543
5544 hci_param->conn_min_interval = min;
5545 hci_param->conn_max_interval = max;
5546 hci_param->conn_latency = latency;
5547 hci_param->supervision_timeout = timeout;
5548 }
5549
5550 hci_dev_unlock(hdev);
5551
5552 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5553}
5554
dbece37a
MH		 5555static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5556 void *data, u16 len)
5557{
5558 struct mgmt_cp_set_external_config *cp = data;
5559 bool changed;
5560 int err;
5561
5562 BT_DBG("%s", hdev->name);
5563
5564 if (hdev_is_powered(hdev))
5565 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5566 MGMT_STATUS_REJECTED);
5567
5568 if (cp->config != 0x00 && cp->config != 0x01)
5569 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5570 MGMT_STATUS_INVALID_PARAMS);
5571
5572 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5573 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5574 MGMT_STATUS_NOT_SUPPORTED);
5575
5576 hci_dev_lock(hdev);
5577
5578 if (cp->config)
5579 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5580 &hdev->dev_flags);
5581 else
5582 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5583 &hdev->dev_flags);
5584
5585 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5586 if (err < 0)
5587 goto unlock;
5588
5589 if (!changed)
5590 goto unlock;
5591
f4537c04
MH		 5592 err = new_options(hdev, sk);
5593
dbece37a
MH		 5594 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5595 mgmt_index_removed(hdev);
d603b76b
MH		 5596
5597 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5598 set_bit(HCI_CONFIG, &hdev->dev_flags);
5599 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5600
5601 queue_work(hdev->req_workqueue, &hdev->power_on);
5602 } else {
5ea234d3 5603 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5604 mgmt_index_added(hdev);
5605 }
dbece37a
MH		 5606 }
5607
5608unlock:
5609 hci_dev_unlock(hdev);
5610 return err;
5611}
5612
9713c17b
MH		 5613static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5614 void *data, u16 len)
5615{
5616 struct mgmt_cp_set_public_address *cp = data;
5617 bool changed;
5618 int err;
5619
5620 BT_DBG("%s", hdev->name);
5621
5622 if (hdev_is_powered(hdev))
5623 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5624 MGMT_STATUS_REJECTED);
5625
5626 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5627 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5628 MGMT_STATUS_INVALID_PARAMS);
5629
5630 if (!hdev->set_bdaddr)
5631 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5632 MGMT_STATUS_NOT_SUPPORTED);
5633
5634 hci_dev_lock(hdev);
5635
5636 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5637 bacpy(&hdev->public_addr, &cp->bdaddr);
5638
5639 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5640 if (err < 0)
5641 goto unlock;
5642
5643 if (!changed)
5644 goto unlock;
5645
5646 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5647 err = new_options(hdev, sk);
5648
5649 if (is_configured(hdev)) {
5650 mgmt_index_removed(hdev);
5651
5652 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5653
5654 set_bit(HCI_CONFIG, &hdev->dev_flags);
5655 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5656
5657 queue_work(hdev->req_workqueue, &hdev->power_on);
5658 }
5659
5660unlock:
5661 hci_dev_unlock(hdev);
5662 return err;
5663}
5664
2e3c35ea 5665static const struct mgmt_handler {
04124681
GP		 5666 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5667 u16 data_len);
be22b54e
JH		 5668 bool var_len;
5669 size_t data_len;
0f4e68cf
JH		 5670} mgmt_handlers[] = {
5671 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5672 { read_version, false, MGMT_READ_VERSION_SIZE },
5673 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5674 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5675 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5676 { set_powered, false, MGMT_SETTING_SIZE },
5677 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5678 { set_connectable, false, MGMT_SETTING_SIZE },
5679 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 5680 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 5681 { set_link_security, false, MGMT_SETTING_SIZE },
5682 { set_ssp, false, MGMT_SETTING_SIZE },
5683 { set_hs, false, MGMT_SETTING_SIZE },
5684 { set_le, false, MGMT_SETTING_SIZE },
5685 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5686 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5687 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5688 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5689 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5690 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5691 { disconnect, false, MGMT_DISCONNECT_SIZE },
5692 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5693 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5694 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5695 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5696 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5697 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5698 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5699 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5700 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5701 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5702 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5703 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5704 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5705 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5706 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5707 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5708 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5709 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5710 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5711 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5712 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5713 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5714 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5715 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5716 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5717 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5718 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5719 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5720 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5721 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5722 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5723 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5724 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5725 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5726 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5727 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5728 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5729};
5730
0381101f
JH		 5731int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5732{
650f726d
VCG		 5733 void *buf;
5734 u8 *cp;
0381101f 5735 struct mgmt_hdr *hdr;
4e51eae9 5736 u16 opcode, index, len;
bdb6d971 5737 struct hci_dev *hdev = NULL;
2e3c35ea 5738 const struct mgmt_handler *handler;
0381101f
JH		 5739 int err;
5740
5741 BT_DBG("got %zu bytes", msglen);
5742
5743 if (msglen < sizeof(*hdr))
5744 return -EINVAL;
5745
e63a15ec 5746 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5747 if (!buf)
5748 return -ENOMEM;
5749
5750 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5751 err = -EFAULT;
5752 goto done;
5753 }
5754
650f726d 5755 hdr = buf;
1f350c87
MH		 5756 opcode = __le16_to_cpu(hdr->opcode);
5757 index = __le16_to_cpu(hdr->index);
5758 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5759
5760 if (len != msglen - sizeof(*hdr)) {
5761 err = -EINVAL;
5762 goto done;
5763 }
5764
0f4e68cf 5765 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5766 hdev = hci_dev_get(index);
5767 if (!hdev) {
5768 err = cmd_status(sk, index, opcode,
04124681 5769 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5770 goto done;
5771 }
0736cfa8 5772
cebf4cfd 5773 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5774 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5775 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5776 err = cmd_status(sk, index, opcode,
5777 MGMT_STATUS_INVALID_INDEX);
5778 goto done;
5779 }
42a9bc14
MH		 5780
5781 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5782 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5783 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5784 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5785 err = cmd_status(sk, index, opcode,
5786 MGMT_STATUS_INVALID_INDEX);
5787 goto done;
5788 }
bdb6d971
JH		 5789 }
5790
0f4e68cf 5791 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5792 mgmt_handlers[opcode].func == NULL) {
0381101f 5793 BT_DBG("Unknown op %u", opcode);
ca69b795 5794 err = cmd_status(sk, index, opcode,
04124681 5795 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5796 goto done;
5797 }
5798
73d1df2a
MH		 5799 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5800 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5801 err = cmd_status(sk, index, opcode,
5802 MGMT_STATUS_INVALID_INDEX);
5803 goto done;
5804 }
5805
5806 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5807 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5808 err = cmd_status(sk, index, opcode,
04124681 5809 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5810 goto done;
0381101f
JH		 5811 }
5812
be22b54e
JH		 5813 handler = &mgmt_handlers[opcode];
5814
5815 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5816 (!handler->var_len && len != handler->data_len)) {
be22b54e 5817 err = cmd_status(sk, index, opcode,
04124681 5818 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5819 goto done;
5820 }
5821
0f4e68cf
JH		 5822 if (hdev)
5823 mgmt_init_hdev(sk, hdev);
5824
5825 cp = buf + sizeof(*hdr);
5826
be22b54e 5827 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5828 if (err < 0)
5829 goto done;
5830
0381101f
JH		 5831 err = msglen;
5832
5833done:
bdb6d971
JH		 5834 if (hdev)
5835 hci_dev_put(hdev);
5836
0381101f
JH		 5837 kfree(buf);
5838 return err;
5839}
c71e97bf 5840
bf6b56db 5841void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5842{
1514b892 5843 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5844 return;
bb4b2a9a 5845
0602a8ad
MH		 5846 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5847 return;
5848
5849 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5850 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5851 else
5852 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5853}
5854
bf6b56db 5855void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5856{
5f159032 5857 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5858
1514b892 5859 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5860 return;
bb4b2a9a 5861
0602a8ad
MH		 5862 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5863 return;
5864
744cf19e 5865 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5866
edd3896b
MH		 5867 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5868 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5869 else
5870 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5871}
5872
6046dc3e 5873/* This function requires the caller holds hdev->lock */
d7347f3c 5874static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5875{
5876 struct hci_conn_params *p;
5877
5878 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5879 /* Needed for AUTO_OFF case where might not "really"
5880 * have been powered off.
5881 */
5882 list_del_init(&p->action);
5883
5884 switch (p->auto_connect) {
4b9e7e75 5885 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 5886 case HCI_AUTO_CONN_ALWAYS:
5887 list_add(&p->action, &hdev->pend_le_conns);
5888 break;
5889 case HCI_AUTO_CONN_REPORT:
5890 list_add(&p->action, &hdev->pend_le_reports);
5891 break;
5892 default:
5893 break;
c83ed19d 5894 }
6046dc3e 5895 }
c83ed19d 5896
c83ed19d 5897 hci_update_background_scan(hdev);
6046dc3e
AG		 5898}
5899
229ab39c
JH		 5900static void powered_complete(struct hci_dev *hdev, u8 status)
5901{
5902 struct cmd_lookup match = { NULL, hdev };
5903
5904 BT_DBG("status 0x%02x", status);
5905
5906 hci_dev_lock(hdev);
5907
d7347f3c 5908 restart_le_actions(hdev);
6046dc3e 5909
229ab39c
JH		 5910 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5911
5912 new_settings(hdev, match.sk);
5913
5914 hci_dev_unlock(hdev);
5915
5916 if (match.sk)
5917 sock_put(match.sk);
5918}
5919
70da6243 5920static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5921{
890ea898 5922 struct hci_request req;
70da6243 5923 u8 link_sec;
5add6af8 5924
890ea898
JH		 5925 hci_req_init(&req, hdev);
5926
70da6243
JH		 5927 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5928 !lmp_host_ssp_capable(hdev)) {
5929 u8 ssp = 1;
5e5282bb 5930
890ea898 5931 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5932 }
5add6af8 5933
c73eee91
JH		 5934 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5935 lmp_bredr_capable(hdev)) {
70da6243 5936 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5937
32226e4f
MH		 5938 cp.le = 0x01;
5939 cp.simul = 0x00;
3d1cbdd6 5940
70da6243
JH		 5941 /* Check first if we already have the right
5942 * host state (host features set)
5943 */
5944 if (cp.le != lmp_host_le_capable(hdev) ||
5945 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5946 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5947 sizeof(cp), &cp);
70da6243 5948 }
3d1cbdd6 5949
d13eafce 5950 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5951 /* Make sure the controller has a good default for
5952 * advertising data. This also applies to the case
5953 * where BR/EDR was toggled during the AUTO_OFF phase.
5954 */
f14d8f64 5955 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5956 update_adv_data(&req);
f14d8f64
MH		 5957 update_scan_rsp_data(&req);
5958 }
441ad2d0 5959
bba3aa55
MH		 5960 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5961 enable_advertising(&req);
eeca6f89
JH		 5962 }
5963
70da6243
JH		 5964 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5965 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5966 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5967 sizeof(link_sec), &link_sec);
562fcc24 5968
70da6243 5969 if (lmp_bredr_capable(hdev)) {
432df05e
JH		 5970 write_fast_connectable(&req, false);
5971 hci_update_page_scan(hdev, &req);
890ea898 5972 update_class(&req);
13928971 5973 update_name(&req);
890ea898 5974 update_eir(&req);
70da6243 5975 }
562fcc24 5976
229ab39c 5977 return hci_req_run(&req, powered_complete);
70da6243 5978}
562fcc24 5979
70da6243
JH		 5980int mgmt_powered(struct hci_dev *hdev, u8 powered)
5981{
5982 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5983 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5984 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5985 int err;
f0ff92fb 5986
70da6243
JH		 5987 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5988 return 0;
5989
70da6243 5990 if (powered) {
229ab39c
JH		 5991 if (powered_update_hci(hdev) == 0)
5992 return 0;
fe038884 5993
229ab39c
JH		 5994 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5995 &match);
5996 goto new_settings;
b24752fe
JH		 5997 }
5998
229ab39c
JH		 5999 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6000 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
6001
6002 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6003 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6004 zero_cod, sizeof(zero_cod), NULL);
6005
6006new_settings:
beadb2bd 6007 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6008
6009 if (match.sk)
6010 sock_put(match.sk);
6011
7bb895d6 6012 return err;
5add6af8 6013}
73f22f62 6014
3eec705e 6015void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6016{
6017 struct pending_cmd *cmd;
6018 u8 status;
6019
6020 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6021 if (!cmd)
3eec705e 6022 return;
96570ffc
JH		 6023
6024 if (err == -ERFKILL)
6025 status = MGMT_STATUS_RFKILLED;
6026 else
6027 status = MGMT_STATUS_FAILED;
6028
3eec705e 6029 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6030
6031 mgmt_pending_remove(cmd);
96570ffc
JH		 6032}
6033
d1967ff8
MH		 6034void mgmt_discoverable_timeout(struct hci_dev *hdev)
6035{
6036 struct hci_request req;
d1967ff8
MH		 6037
6038 hci_dev_lock(hdev);
6039
6040 /* When discoverable timeout triggers, then just make sure
6041 * the limited discoverable flag is cleared. Even in the case
6042 * of a timeout triggered from general discoverable, it is
6043 * safe to unconditionally clear the flag.
6044 */
6045 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6046 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6047
6048 hci_req_init(&req, hdev);
4b580614
JH		 6049 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6050 u8 scan = SCAN_PAGE;
6051 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6052 sizeof(scan), &scan);
6053 }
d1967ff8 6054 update_class(&req);
9a43e25f 6055 update_adv_data(&req);
d1967ff8
MH		 6056 hci_req_run(&req, NULL);
6057
6058 hdev->discov_timeout = 0;
6059
9a43e25f
JH		 6060 new_settings(hdev, NULL);
6061
d1967ff8
MH		 6062 hci_dev_unlock(hdev);
6063}
6064
dc4a5ee2
MH		 6065void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6066 bool persistent)
55ed8ca1 6067{
86742e1e 6068 struct mgmt_ev_new_link_key ev;
55ed8ca1 6069
a492cd52 6070 memset(&ev, 0, sizeof(ev));
55ed8ca1 6071
a492cd52 6072 ev.store_hint = persistent;
d753fdc4 6073 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6074 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6075 ev.key.type = key->type;
9b3b4460 6076 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6077 ev.key.pin_len = key->pin_len;
55ed8ca1 6078
dc4a5ee2 6079 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6080}
f7520543 6081
d7b25450
JH		 6082static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6083{
6084 if (ltk->authenticated)
6085 return MGMT_LTK_AUTHENTICATED;
6086
6087 return MGMT_LTK_UNAUTHENTICATED;
6088}
6089
53ac6ab6 6090void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6091{
6092 struct mgmt_ev_new_long_term_key ev;
6093
6094 memset(&ev, 0, sizeof(ev));
6095
5192d301
MH		 6096 /* Devices using resolvable or non-resolvable random addresses
6097 * without providing an indentity resolving key don't require
6098 * to store long term keys. Their addresses will change the
6099 * next time around.
6100 *
6101 * Only when a remote device provides an identity address
6102 * make sure the long term key is stored. If the remote
6103 * identity is known, the long term keys are internally
6104 * mapped to the identity address. So allow static random
6105 * and public addresses here.
6106 */
ba74b666
JH		 6107 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6108 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6109 ev.store_hint = 0x00;
6110 else
53ac6ab6 6111 ev.store_hint = persistent;
ba74b666 6112
346af67b 6113 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6114 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6115 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6116 ev.key.enc_size = key->enc_size;
6117 ev.key.ediv = key->ediv;
fe39c7b2 6118 ev.key.rand = key->rand;
346af67b 6119
2ceba539 6120 if (key->type == SMP_LTK)
346af67b
VCG		 6121 ev.key.master = 1;
6122
346af67b
VCG		 6123 memcpy(ev.key.val, key->val, sizeof(key->val));
6124
083368f7 6125 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6126}
6127
95fbac8a
JH		 6128void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6129{
6130 struct mgmt_ev_new_irk ev;
6131
6132 memset(&ev, 0, sizeof(ev));
6133
bab6d1e5
MH		 6134 /* For identity resolving keys from devices that are already
6135 * using a public address or static random address, do not
6136 * ask for storing this key. The identity resolving key really
6137 * is only mandatory for devices using resovlable random
6138 * addresses.
6139 *
6140 * Storing all identity resolving keys has the downside that
6141 * they will be also loaded on next boot of they system. More
6142 * identity resolving keys, means more time during scanning is
6143 * needed to actually resolve these addresses.
6144 */
6145 if (bacmp(&irk->rpa, BDADDR_ANY))
6146 ev.store_hint = 0x01;
6147 else
6148 ev.store_hint = 0x00;
6149
95fbac8a
JH		 6150 bacpy(&ev.rpa, &irk->rpa);
6151 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6152 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6153 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6154
6155 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6156}
6157
53ac6ab6
MH		 6158void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6159 bool persistent)
7ee4ea36
MH		 6160{
6161 struct mgmt_ev_new_csrk ev;
6162
6163 memset(&ev, 0, sizeof(ev));
6164
6165 /* Devices using resolvable or non-resolvable random addresses
6166 * without providing an indentity resolving key don't require
6167 * to store signature resolving keys. Their addresses will change
6168 * the next time around.
6169 *
6170 * Only when a remote device provides an identity address
6171 * make sure the signature resolving key is stored. So allow
6172 * static random and public addresses here.
6173 */
6174 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6175 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6176 ev.store_hint = 0x00;
6177 else
53ac6ab6 6178 ev.store_hint = persistent;
7ee4ea36
MH		 6179
6180 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6181 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6182 ev.key.master = csrk->master;
6183 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6184
6185 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6186}
6187
ffb5a827 6188void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6189 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6190 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6191{
6192 struct mgmt_ev_new_conn_param ev;
6193
c103aea6
JH		 6194 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6195 return;
6196
ffb5a827
AG		 6197 memset(&ev, 0, sizeof(ev));
6198 bacpy(&ev.addr.bdaddr, bdaddr);
6199 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6200 ev.store_hint = store_hint;
ffb5a827
AG		 6201 ev.min_interval = cpu_to_le16(min_interval);
6202 ev.max_interval = cpu_to_le16(max_interval);
6203 ev.latency = cpu_to_le16(latency);
6204 ev.timeout = cpu_to_le16(timeout);
6205
6206 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6207}
6208
94933991
MH		 6209static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6210 u8 data_len)
6211{
6212 eir[eir_len++] = sizeof(type) + data_len;
6213 eir[eir_len++] = type;
6214 memcpy(&eir[eir_len], data, data_len);
6215 eir_len += data_len;
6216
6217 return eir_len;
6218}
6219
48ec92fa
AA		 6220void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6221 u32 flags, u8 *name, u8 name_len)
f7520543 6222{
b644ba33
JH		 6223 char buf[512];
6224 struct mgmt_ev_device_connected *ev = (void *) buf;
6225 u16 eir_len = 0;
f7520543 6226
48ec92fa
AA		 6227 bacpy(&ev->addr.bdaddr, &conn->dst);
6228 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6229
c95f0ba7 6230 ev->flags = __cpu_to_le32(flags);
08c79b61 6231
fd45ada9
AA		 6232 /* We must ensure that the EIR Data fields are ordered and
6233 * unique. Keep it simple for now and avoid the problem by not
6234 * adding any BR/EDR data to the LE adv.
6235 */
6236 if (conn->le_adv_data_len > 0) {
6237 memcpy(&ev->eir[eir_len],
6238 conn->le_adv_data, conn->le_adv_data_len);
6239 eir_len = conn->le_adv_data_len;
6240 } else {
6241 if (name_len > 0)
6242 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6243 name, name_len);
b644ba33 6244
ddbea5cf 6245 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6246 eir_len = eir_append_data(ev->eir, eir_len,
6247 EIR_CLASS_OF_DEV,
6248 conn->dev_class, 3);
6249 }
b644ba33 6250
eb55ef07 6251 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6252
ecd90ae7
MH		 6253 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6254 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6255}
6256
8962ee74
JH		 6257static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6258{
c68fb7ff 6259 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6260 struct sock **sk = data;
a38528f1 6261 struct mgmt_rp_disconnect rp;
8962ee74 6262
88c3df13
JH		 6263 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6264 rp.addr.type = cp->addr.type;
8962ee74 6265
aee9b218 6266 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6267 sizeof(rp));
8962ee74
JH		 6268
6269 *sk = cmd->sk;
6270 sock_hold(*sk);
6271
a664b5bc 6272 mgmt_pending_remove(cmd);
8962ee74
JH		 6273}
6274
124f6e35 6275static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6276{
b1078ad0 6277 struct hci_dev *hdev = data;
124f6e35
JH		 6278 struct mgmt_cp_unpair_device *cp = cmd->param;
6279 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6280
6281 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6282 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6283 rp.addr.type = cp->addr.type;
a8a1d19e 6284
b1078ad0
JH		 6285 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6286
aee9b218 6287 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6288
6289 mgmt_pending_remove(cmd);
6290}
6291
84c61d92
JH		 6292bool mgmt_powering_down(struct hci_dev *hdev)
6293{
6294 struct pending_cmd *cmd;
6295 struct mgmt_mode *cp;
6296
6297 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6298 if (!cmd)
6299 return false;
6300
6301 cp = cmd->param;
6302 if (!cp->val)
6303 return true;
6304
6305 return false;
6306}
6307
9b80ec5e 6308void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6309 u8 link_type, u8 addr_type, u8 reason,
6310 bool mgmt_connected)
f7520543 6311{
f0d6a0ea 6312 struct mgmt_ev_device_disconnected ev;
8962ee74 6313 struct sock *sk = NULL;
8962ee74 6314
84c61d92
JH		 6315 /* The connection is still in hci_conn_hash so test for 1
6316 * instead of 0 to know if this is the last one.
6317 */
6318 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6319 cancel_delayed_work(&hdev->power_off);
6320 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6321 }
6322
12d4a3b2
JH		 6323 if (!mgmt_connected)
6324 return;
6325
57eb776f
AG		 6326 if (link_type != ACL_LINK && link_type != LE_LINK)
6327 return;
6328
744cf19e 6329 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6330
f0d6a0ea
MA		 6331 bacpy(&ev.addr.bdaddr, bdaddr);
6332 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6333 ev.reason = reason;
f7520543 6334
9b80ec5e 6335 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6336
6337 if (sk)
d97dcb66 6338 sock_put(sk);
8962ee74 6339
124f6e35 6340 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6341 hdev);
8962ee74
JH		 6342}
6343
7892924c
MH		 6344void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6345 u8 link_type, u8 addr_type, u8 status)
8962ee74 6346{
3655bba8
AG		 6347 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6348 struct mgmt_cp_disconnect *cp;
88c3df13 6349 struct mgmt_rp_disconnect rp;
8962ee74 6350 struct pending_cmd *cmd;
8962ee74 6351
36a75f1b
JD		 6352 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6353 hdev);
6354
2e58ef3e 6355 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6356 if (!cmd)
7892924c 6357 return;
8962ee74 6358
3655bba8
AG		 6359 cp = cmd->param;
6360
6361 if (bacmp(bdaddr, &cp->addr.bdaddr))
6362 return;
6363
6364 if (cp->addr.type != bdaddr_type)
6365 return;
6366
88c3df13 6367 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6368 rp.addr.type = bdaddr_type;
37d9ef76 6369
7892924c
MH		 6370 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6371 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6372
a664b5bc 6373 mgmt_pending_remove(cmd);
f7520543 6374}
17d5c04c 6375
445608d0
MH		 6376void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6377 u8 addr_type, u8 status)
17d5c04c
JH		 6378{
6379 struct mgmt_ev_connect_failed ev;
c9910d0f 6380
84c61d92
JH		 6381 /* The connection is still in hci_conn_hash so test for 1
6382 * instead of 0 to know if this is the last one.
6383 */
6384 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6385 cancel_delayed_work(&hdev->power_off);
6386 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6387 }
17d5c04c 6388
4c659c39 6389 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6390 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6391 ev.status = mgmt_status(status);
17d5c04c 6392
445608d0 6393 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6394}
980e1a53 6395
ce0e4a0d 6396void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6397{
6398 struct mgmt_ev_pin_code_request ev;
6399
d8457698 6400 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6401 ev.addr.type = BDADDR_BREDR;
a770bb5a 6402 ev.secure = secure;
980e1a53 6403
ce0e4a0d 6404 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6405}
6406
e669cf80
MH		 6407void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6408 u8 status)
980e1a53
JH		 6409{
6410 struct pending_cmd *cmd;
ac56fb13 6411 struct mgmt_rp_pin_code_reply rp;
980e1a53 6412
2e58ef3e 6413 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6414 if (!cmd)
e669cf80 6415 return;
980e1a53 6416
d8457698 6417 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6418 rp.addr.type = BDADDR_BREDR;
ac56fb13 6419
e669cf80
MH		 6420 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6421 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6422
a664b5bc 6423 mgmt_pending_remove(cmd);
980e1a53
JH		 6424}
6425
3eb38528
MH		 6426void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6427 u8 status)
980e1a53
JH		 6428{
6429 struct pending_cmd *cmd;
ac56fb13 6430 struct mgmt_rp_pin_code_reply rp;
980e1a53 6431
2e58ef3e 6432 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6433 if (!cmd)
3eb38528 6434 return;
980e1a53 6435
d8457698 6436 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6437 rp.addr.type = BDADDR_BREDR;
ac56fb13 6438
3eb38528
MH		 6439 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6440 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6441
a664b5bc 6442 mgmt_pending_remove(cmd);
980e1a53 6443}
a5c29683 6444
744cf19e 6445int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6446 u8 link_type, u8 addr_type, u32 value,
04124681 6447 u8 confirm_hint)
a5c29683
JH		 6448{
6449 struct mgmt_ev_user_confirm_request ev;
6450
744cf19e 6451 BT_DBG("%s", hdev->name);
a5c29683 6452
272d90df 6453 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6454 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6455 ev.confirm_hint = confirm_hint;
39adbffe 6456 ev.value = cpu_to_le32(value);
a5c29683 6457
744cf19e 6458 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6459 NULL);
a5c29683
JH		 6460}
6461
272d90df 6462int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6463 u8 link_type, u8 addr_type)
604086b7
BG		 6464{
6465 struct mgmt_ev_user_passkey_request ev;
6466
6467 BT_DBG("%s", hdev->name);
6468
272d90df 6469 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6470 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6471
6472 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6473 NULL);
604086b7
BG		 6474}
6475
0df4c185 6476static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6477 u8 link_type, u8 addr_type, u8 status,
6478 u8 opcode)
a5c29683
JH		 6479{
6480 struct pending_cmd *cmd;
6481 struct mgmt_rp_user_confirm_reply rp;
6482 int err;
6483
2e58ef3e 6484 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6485 if (!cmd)
6486 return -ENOENT;
6487
272d90df 6488 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6489 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6490 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6491 &rp, sizeof(rp));
a5c29683 6492
a664b5bc 6493 mgmt_pending_remove(cmd);
a5c29683
JH		 6494
6495 return err;
6496}
6497
744cf19e 6498int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6499 u8 link_type, u8 addr_type, u8 status)
a5c29683 6500{
272d90df 6501 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6502 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6503}
6504
272d90df 6505int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6506 u8 link_type, u8 addr_type, u8 status)
a5c29683 6507{
272d90df 6508 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6509 status,
6510 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6511}
2a611692 6512
604086b7 6513int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6514 u8 link_type, u8 addr_type, u8 status)
604086b7 6515{
272d90df 6516 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6517 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6518}
6519
272d90df 6520int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6521 u8 link_type, u8 addr_type, u8 status)
604086b7 6522{
272d90df 6523 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6524 status,
6525 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6526}
6527
92a25256
JH		 6528int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6529 u8 link_type, u8 addr_type, u32 passkey,
6530 u8 entered)
6531{
6532 struct mgmt_ev_passkey_notify ev;
6533
6534 BT_DBG("%s", hdev->name);
6535
6536 bacpy(&ev.addr.bdaddr, bdaddr);
6537 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6538 ev.passkey = __cpu_to_le32(passkey);
6539 ev.entered = entered;
6540
6541 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6542}
6543
e1e930f5 6544void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6545{
6546 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6547 struct pending_cmd *cmd;
6548 u8 status = mgmt_status(hci_status);
2a611692 6549
e1e930f5
JH		 6550 bacpy(&ev.addr.bdaddr, &conn->dst);
6551 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6552 ev.status = status;
2a611692 6553
e1e930f5
JH		 6554 cmd = find_pairing(conn);
6555
6556 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6557 cmd ? cmd->sk : NULL);
6558
6559 if (cmd)
6560 pairing_complete(cmd, status);
2a611692 6561}
b312b161 6562
464996ae 6563void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6564{
6565 struct cmd_lookup match = { NULL, hdev };
464996ae 6566 bool changed;
33ef95ed
JH		 6567
6568 if (status) {
6569 u8 mgmt_err = mgmt_status(status);
6570 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6571 cmd_status_rsp, &mgmt_err);
464996ae 6572 return;
33ef95ed
JH		 6573 }
6574
464996ae
MH		 6575 if (test_bit(HCI_AUTH, &hdev->flags))
6576 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6577 &hdev->dev_flags);
6578 else
6579 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6580 &hdev->dev_flags);
47990ea0 6581
33ef95ed 6582 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6583 &match);
33ef95ed 6584
47990ea0 6585 if (changed)
464996ae 6586 new_settings(hdev, match.sk);
33ef95ed
JH		 6587
6588 if (match.sk)
6589 sock_put(match.sk);
33ef95ed
JH		 6590}
6591
890ea898 6592static void clear_eir(struct hci_request *req)
cacaf52f 6593{
890ea898 6594 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6595 struct hci_cp_write_eir cp;
6596
976eb20e 6597 if (!lmp_ext_inq_capable(hdev))
890ea898 6598 return;
cacaf52f 6599
c80da27e
JH		 6600 memset(hdev->eir, 0, sizeof(hdev->eir));
6601
cacaf52f
JH		 6602 memset(&cp, 0, sizeof(cp));
6603
890ea898 6604 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6605}
6606
3e248560 6607void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6608{
6609 struct cmd_lookup match = { NULL, hdev };
890ea898 6610 struct hci_request req;
c0ecddc2 6611 bool changed = false;
ed2c4ee3
JH		 6612
6613 if (status) {
6614 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6615
6616 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6617 &hdev->dev_flags)) {
6618 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6619 new_settings(hdev, NULL);
9ecb3e24 6620 }
c0ecddc2 6621
04124681
GP		 6622 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6623 &mgmt_err);
3e248560 6624 return;
c0ecddc2
JH		 6625 }
6626
6627 if (enable) {
9ecb3e24 6628 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6629 } else {
9ecb3e24
MH		 6630 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6631 if (!changed)
6632 changed = test_and_clear_bit(HCI_HS_ENABLED,
6633 &hdev->dev_flags);
6634 else
6635 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6636 }
6637
6638 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6639
c0ecddc2 6640 if (changed)
3e248560 6641 new_settings(hdev, match.sk);
ed2c4ee3 6642
5fc6ebb1 6643 if (match.sk)
ed2c4ee3
JH		 6644 sock_put(match.sk);
6645
890ea898
JH		 6646 hci_req_init(&req, hdev);
6647
3769972b
JH		 6648 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6649 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6650 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6651 sizeof(enable), &enable);
890ea898 6652 update_eir(&req);
3769972b 6653 } else {
890ea898 6654 clear_eir(&req);
3769972b 6655 }
890ea898
JH		 6656
6657 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6658}
6659
eac83dc6
MH		 6660void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6661{
6662 struct cmd_lookup match = { NULL, hdev };
6663 bool changed = false;
6664
6665 if (status) {
6666 u8 mgmt_err = mgmt_status(status);
6667
0ab04a9c
MH		 6668 if (enable) {
6669 if (test_and_clear_bit(HCI_SC_ENABLED,
6670 &hdev->dev_flags))
6671 new_settings(hdev, NULL);
6672 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6673 }
eac83dc6
MH		 6674
6675 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6676 cmd_status_rsp, &mgmt_err);
6677 return;
6678 }
6679
0ab04a9c 6680 if (enable) {
eac83dc6 6681 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6682 } else {
eac83dc6 6683 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6684 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6685 }
eac83dc6
MH		 6686
6687 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6688 settings_rsp, &match);
6689
6690 if (changed)
6691 new_settings(hdev, match.sk);
6692
6693 if (match.sk)
6694 sock_put(match.sk);
6695}
6696
92da6097 6697static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6698{
6699 struct cmd_lookup *match = data;
6700
90e70454
JH		 6701 if (match->sk == NULL) {
6702 match->sk = cmd->sk;
6703 sock_hold(match->sk);
6704 }
90e70454
JH		 6705}
6706
4e1b0245
MH		 6707void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6708 u8 status)
7f9a903c 6709{
90e70454 6710 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6711
92da6097
JH		 6712 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6713 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6714 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6715
6716 if (!status)
4e1b0245
MH		 6717 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6718 NULL);
90e70454
JH		 6719
6720 if (match.sk)
6721 sock_put(match.sk);
7f9a903c
MH		 6722}
6723
7667da34 6724void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6725{
b312b161 6726 struct mgmt_cp_set_local_name ev;
13928971 6727 struct pending_cmd *cmd;
28cc7bde 6728
13928971 6729 if (status)
7667da34 6730 return;
b312b161
JH		 6731
6732 memset(&ev, 0, sizeof(ev));
6733 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6734 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6735
2e58ef3e 6736 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6737 if (!cmd) {
6738 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6739
13928971
JH		 6740 /* If this is a HCI command related to powering on the
6741 * HCI dev don't send any mgmt signals.
6742 */
6743 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6744 return;
890ea898 6745 }
b312b161 6746
7667da34
MH		 6747 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6748 cmd ? cmd->sk : NULL);
b312b161 6749}
c35938b2 6750
4d2d2796
MH		 6751void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6752 u8 *randomizer192, u8 *hash256,
6753 u8 *randomizer256, u8 status)
c35938b2
SJ		 6754{
6755 struct pending_cmd *cmd;
c35938b2 6756
744cf19e 6757 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6758
2e58ef3e 6759 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6760 if (!cmd)
3edaf092 6761 return;
c35938b2
SJ		 6762
6763 if (status) {
3edaf092
MH		 6764 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6765 mgmt_status(status));
c35938b2 6766 } else {
4d2d2796
MH		 6767 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6768 hash256 && randomizer256) {
6769 struct mgmt_rp_read_local_oob_ext_data rp;
6770
6771 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6772 memcpy(rp.randomizer192, randomizer192,
6773 sizeof(rp.randomizer192));
c35938b2 6774
4d2d2796
MH		 6775 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6776 memcpy(rp.randomizer256, randomizer256,
6777 sizeof(rp.randomizer256));
c35938b2 6778
4d2d2796
MH		 6779 cmd_complete(cmd->sk, hdev->id,
6780 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6781 &rp, sizeof(rp));
6782 } else {
6783 struct mgmt_rp_read_local_oob_data rp;
6784
6785 memcpy(rp.hash, hash192, sizeof(rp.hash));
6786 memcpy(rp.randomizer, randomizer192,
6787 sizeof(rp.randomizer));
6788
6789 cmd_complete(cmd->sk, hdev->id,
6790 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6791 &rp, sizeof(rp));
6792 }
c35938b2
SJ		 6793 }
6794
6795 mgmt_pending_remove(cmd);
c35938b2 6796}
e17acd40 6797
901801b9 6798void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6799 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6800 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6801{
e319d2e7
JH		 6802 char buf[512];
6803 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6804 size_t ev_size;
e17acd40 6805
75ce208c
JH		 6806 /* Don't send events for a non-kernel initiated discovery. With
6807 * LE one exception is if we have pend_le_reports > 0 in which
6808 * case we're doing passive scanning and want these events.
6809 */
6810 if (!hci_discovery_active(hdev)) {
6811 if (link_type == ACL_LINK)
6812 return;
66f8455a 6813 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6814 return;
6815 }
12602d0c 6816
5d2e9fad
JH		 6817 /* Make sure that the buffer is big enough. The 5 extra bytes
6818 * are for the potential CoD field.
6819 */
6820 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6821 return;
7d262f86 6822
1dc06093
JH		 6823 memset(buf, 0, sizeof(buf));
6824
841c5644
JH		 6825 bacpy(&ev->addr.bdaddr, bdaddr);
6826 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6827 ev->rssi = rssi;
af58925c 6828 ev->flags = cpu_to_le32(flags);
e17acd40 6829
1dc06093 6830 if (eir_len > 0)
e319d2e7 6831 memcpy(ev->eir, eir, eir_len);
e17acd40 6832
1dc06093
JH		 6833 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6834 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6835 dev_class, 3);
1dc06093 6836
5d2e9fad
JH		 6837 if (scan_rsp_len > 0)
6838 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6839
6840 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6841 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6842
901801b9 6843 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6844}
a88a9652 6845
9cf12aee
MH		 6846void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6847 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6848{
b644ba33
JH		 6849 struct mgmt_ev_device_found *ev;
6850 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6851 u16 eir_len;
a88a9652 6852
b644ba33 6853 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6854
b644ba33
JH		 6855 memset(buf, 0, sizeof(buf));
6856
6857 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6858 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6859 ev->rssi = rssi;
6860
6861 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6862 name_len);
b644ba33 6863
eb55ef07 6864 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6865
9cf12aee 6866 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6867}
314b2381 6868
2f1e063b 6869void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6870{
f963e8e9 6871 struct mgmt_ev_discovering ev;
164a6e78
JH		 6872 struct pending_cmd *cmd;
6873
343fb145
AG		 6874 BT_DBG("%s discovering %u", hdev->name, discovering);
6875
164a6e78 6876 if (discovering)
2e58ef3e 6877 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6878 else
2e58ef3e 6879 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6880
6881 if (cmd != NULL) {
f808e166
JH		 6882 u8 type = hdev->discovery.type;
6883
04124681
GP		 6884 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6885 sizeof(type));
164a6e78
JH		 6886 mgmt_pending_remove(cmd);
6887 }
6888
f963e8e9
JH		 6889 memset(&ev, 0, sizeof(ev));
6890 ev.type = hdev->discovery.type;
6891 ev.discovering = discovering;
6892
2f1e063b 6893 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6894}
5e762444 6895
5976e608
MH		 6896static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6897{
6898 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 6899}
6900
6901void mgmt_reenable_advertising(struct hci_dev *hdev)
6902{
6903 struct hci_request req;
6904
5976e608
MH		 6905 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6906 return;
6907
6908 hci_req_init(&req, hdev);
6909 enable_advertising(&req);
0ec5ae84 6910 hci_req_run(&req, adv_enable_complete);
5976e608 6911}
Ubuntu Artful kernel mirror