]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/bluetooth/mgmt.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use special function to send filter management index events
[mirror_ubuntu-zesty-kernel.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
beb1c21b 40#define MGMT_REVISION 9
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 99};
100
101static const u16 mgmt_events[] = {
102 MGMT_EV_CONTROLLER_ERROR,
103 MGMT_EV_INDEX_ADDED,
104 MGMT_EV_INDEX_REMOVED,
105 MGMT_EV_NEW_SETTINGS,
106 MGMT_EV_CLASS_OF_DEV_CHANGED,
107 MGMT_EV_LOCAL_NAME_CHANGED,
108 MGMT_EV_NEW_LINK_KEY,
109 MGMT_EV_NEW_LONG_TERM_KEY,
110 MGMT_EV_DEVICE_CONNECTED,
111 MGMT_EV_DEVICE_DISCONNECTED,
112 MGMT_EV_CONNECT_FAILED,
113 MGMT_EV_PIN_CODE_REQUEST,
114 MGMT_EV_USER_CONFIRM_REQUEST,
115 MGMT_EV_USER_PASSKEY_REQUEST,
116 MGMT_EV_AUTH_FAILED,
117 MGMT_EV_DEVICE_FOUND,
118 MGMT_EV_DISCOVERING,
119 MGMT_EV_DEVICE_BLOCKED,
120 MGMT_EV_DEVICE_UNBLOCKED,
121 MGMT_EV_DEVICE_UNPAIRED,
92a25256 122 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 123 MGMT_EV_NEW_IRK,
7ee4ea36 124 MGMT_EV_NEW_CSRK,
8afef092
MH		 125 MGMT_EV_DEVICE_ADDED,
126 MGMT_EV_DEVICE_REMOVED,
ffb5a827 127 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 128 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 129 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 130 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 131};
132
17b02e62 133#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 134
d25b78e2
JH		 135#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
136 "\x00\x00\x00\x00\x00\x00\x00\x00"
137
3b0602cd 138struct mgmt_pending_cmd {
eec8d2bc 139 struct list_head list;
fc2f4b13 140 u16 opcode;
eec8d2bc 141 int index;
c68fb7ff 142 void *param;
323b0b88 143 size_t param_len;
eec8d2bc 144 struct sock *sk;
e9a416b5 145 void *user_data;
3b0602cd 146 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 147};
148
ca69b795
JH		 149/* HCI to MGMT error code conversion table */
150static u8 mgmt_status_table[] = {
151 MGMT_STATUS_SUCCESS,
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
212};
213
214static u8 mgmt_status(u8 hci_status)
215{
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
218
219 return MGMT_STATUS_FAILED;
220}
221
7a00ff44
JH		 222static int mgmt_send_event(u16 event, struct hci_dev *hdev,
223 unsigned short channel, void *data, u16 data_len,
224 struct sock *skip_sk)
04c60f05
MH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228
229 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
230 if (!skb)
231 return -ENOMEM;
232
233 hdr = (void *) skb_put(skb, sizeof(*hdr));
234 hdr->opcode = cpu_to_le16(event);
235 if (hdev)
236 hdr->index = cpu_to_le16(hdev->id);
237 else
238 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
239 hdr->len = cpu_to_le16(data_len);
240
241 if (data)
242 memcpy(skb_put(skb, data_len), data, data_len);
243
244 /* Time stamp */
245 __net_timestamp(skb);
246
7a00ff44 247 hci_send_to_channel(channel, skb, skip_sk);
04c60f05
MH		 248 kfree_skb(skb);
249
250 return 0;
251}
252
f9207338
MH		 253static int mgmt_index_event(u16 event, struct hci_dev *hdev,
254 void *data, u16 data_len, int flag)
255{
256 struct sk_buff *skb;
257 struct mgmt_hdr *hdr;
258
259 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
260 if (!skb)
261 return -ENOMEM;
262
263 hdr = (void *) skb_put(skb, sizeof(*hdr));
264 hdr->opcode = cpu_to_le16(event);
265 hdr->index = cpu_to_le16(hdev->id);
266 hdr->len = cpu_to_le16(data_len);
267
268 if (data)
269 memcpy(skb_put(skb, data_len), data, data_len);
270
271 /* Time stamp */
272 __net_timestamp(skb);
273
274 hci_send_to_flagged_channel(HCI_CHANNEL_CONTROL, skb, flag);
275 kfree_skb(skb);
276
277 return 0;
278}
279
7a00ff44
JH		 280static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
281 struct sock *skip_sk)
282{
283 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
284 skip_sk);
285}
286
a69e8375 287static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 288{
289 struct sk_buff *skb;
290 struct mgmt_hdr *hdr;
291 struct mgmt_ev_cmd_status *ev;
56b7d137 292 int err;
f7b64e69 293
34eb525c 294 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 295
790eff44 296 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 297 if (!skb)
298 return -ENOMEM;
299
300 hdr = (void *) skb_put(skb, sizeof(*hdr));
301
dcf4adbf 302 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 303 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 304 hdr->len = cpu_to_le16(sizeof(*ev));
305
306 ev = (void *) skb_put(skb, sizeof(*ev));
307 ev->status = status;
eb55ef07 308 ev->opcode = cpu_to_le16(cmd);
f7b64e69 309
56b7d137
GP		 310 err = sock_queue_rcv_skb(sk, skb);
311 if (err < 0)
f7b64e69
JH		 312 kfree_skb(skb);
313
56b7d137 314 return err;
f7b64e69
JH		 315}
316
2a1afb5a
JH		 317static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
318 void *rp, size_t rp_len)
02d98129
JH		 319{
320 struct sk_buff *skb;
321 struct mgmt_hdr *hdr;
322 struct mgmt_ev_cmd_complete *ev;
56b7d137 323 int err;
02d98129
JH		 324
325 BT_DBG("sock %p", sk);
326
790eff44 327 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 328 if (!skb)
329 return -ENOMEM;
330
331 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 332
dcf4adbf 333 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 334 hdr->index = cpu_to_le16(index);
a38528f1 335 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 336
a38528f1 337 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 338 ev->opcode = cpu_to_le16(cmd);
aee9b218 339 ev->status = status;
8020c16a
SJ		 340
341 if (rp)
342 memcpy(ev->data, rp, rp_len);
02d98129 343
56b7d137
GP		 344 err = sock_queue_rcv_skb(sk, skb);
345 if (err < 0)
02d98129
JH		 346 kfree_skb(skb);
347
e5f0e151 348 return err;
02d98129
JH		 349}
350
04124681
GP		 351static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
352 u16 data_len)
a38528f1
JH		 353{
354 struct mgmt_rp_read_version rp;
355
356 BT_DBG("sock %p", sk);
357
358 rp.version = MGMT_VERSION;
dcf4adbf 359 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 360
2a1afb5a
JH		 361 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
362 &rp, sizeof(rp));
a38528f1
JH		 363}
364
04124681
GP		 365static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
366 u16 data_len)
e70bb2e8
JH		 367{
368 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 369 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
370 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 371 __le16 *opcode;
e70bb2e8
JH		 372 size_t rp_size;
373 int i, err;
374
375 BT_DBG("sock %p", sk);
376
377 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
378
379 rp = kmalloc(rp_size, GFP_KERNEL);
380 if (!rp)
381 return -ENOMEM;
382
dcf4adbf
JP		 383 rp->num_commands = cpu_to_le16(num_commands);
384 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 385
386 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
387 put_unaligned_le16(mgmt_commands[i], opcode);
388
389 for (i = 0; i < num_events; i++, opcode++)
390 put_unaligned_le16(mgmt_events[i], opcode);
391
2a1afb5a
JH		 392 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
393 rp, rp_size);
e70bb2e8
JH		 394 kfree(rp);
395
396 return err;
397}
398
04124681
GP		 399static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
400 u16 data_len)
faba42eb 401{
faba42eb 402 struct mgmt_rp_read_index_list *rp;
8035ded4 403 struct hci_dev *d;
a38528f1 404 size_t rp_len;
faba42eb 405 u16 count;
476e44cb 406 int err;
faba42eb
JH		 407
408 BT_DBG("sock %p", sk);
409
410 read_lock(&hci_dev_list_lock);
411
412 count = 0;
bb4b2a9a 413 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 414 if (d->dev_type == HCI_BREDR &&
d7a5a11d 415 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 416 count++;
faba42eb
JH		 417 }
418
a38528f1
JH		 419 rp_len = sizeof(*rp) + (2 * count);
420 rp = kmalloc(rp_len, GFP_ATOMIC);
421 if (!rp) {
b2c60d42 422 read_unlock(&hci_dev_list_lock);
faba42eb 423 return -ENOMEM;
b2c60d42 424 }
faba42eb 425
476e44cb 426 count = 0;
8035ded4 427 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 428 if (hci_dev_test_flag(d, HCI_SETUP) ||
429 hci_dev_test_flag(d, HCI_CONFIG) ||
430 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 431 continue;
432
73d1df2a
MH		 433 /* Devices marked as raw-only are neither configured
434 * nor unconfigured controllers.
435 */
436 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 437 continue;
438
73d1df2a 439 if (d->dev_type == HCI_BREDR &&
d7a5a11d 440 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 441 rp->index[count++] = cpu_to_le16(d->id);
442 BT_DBG("Added hci%u", d->id);
443 }
faba42eb
JH		 444 }
445
476e44cb
JH		 446 rp->num_controllers = cpu_to_le16(count);
447 rp_len = sizeof(*rp) + (2 * count);
448
faba42eb
JH		 449 read_unlock(&hci_dev_list_lock);
450
2a1afb5a
JH		 451 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
452 0, rp, rp_len);
faba42eb 453
a38528f1
JH		 454 kfree(rp);
455
456 return err;
faba42eb
JH		 457}
458
73d1df2a
MH		 459static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
460 void *data, u16 data_len)
461{
462 struct mgmt_rp_read_unconf_index_list *rp;
463 struct hci_dev *d;
464 size_t rp_len;
465 u16 count;
466 int err;
467
468 BT_DBG("sock %p", sk);
469
470 read_lock(&hci_dev_list_lock);
471
472 count = 0;
473 list_for_each_entry(d, &hci_dev_list, list) {
474 if (d->dev_type == HCI_BREDR &&
d7a5a11d 475 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 476 count++;
477 }
478
479 rp_len = sizeof(*rp) + (2 * count);
480 rp = kmalloc(rp_len, GFP_ATOMIC);
481 if (!rp) {
482 read_unlock(&hci_dev_list_lock);
483 return -ENOMEM;
484 }
485
486 count = 0;
487 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 488 if (hci_dev_test_flag(d, HCI_SETUP) ||
489 hci_dev_test_flag(d, HCI_CONFIG) ||
490 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 491 continue;
492
493 /* Devices marked as raw-only are neither configured
494 * nor unconfigured controllers.
495 */
496 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
497 continue;
498
499 if (d->dev_type == HCI_BREDR &&
d7a5a11d 500 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 501 rp->index[count++] = cpu_to_le16(d->id);
502 BT_DBG("Added hci%u", d->id);
503 }
504 }
505
506 rp->num_controllers = cpu_to_le16(count);
507 rp_len = sizeof(*rp) + (2 * count);
508
509 read_unlock(&hci_dev_list_lock);
510
2a1afb5a
JH		 511 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
512 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 513
514 kfree(rp);
515
516 return err;
517}
518
dbece37a
MH		 519static bool is_configured(struct hci_dev *hdev)
520{
521 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 522 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 523 return false;
524
525 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
526 !bacmp(&hdev->public_addr, BDADDR_ANY))
527 return false;
528
529 return true;
530}
531
89bc22d2
MH		 532static __le32 get_missing_options(struct hci_dev *hdev)
533{
534 u32 options = 0;
535
dbece37a 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 537 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
539
89bc22d2
MH		 540 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
541 !bacmp(&hdev->public_addr, BDADDR_ANY))
542 options |= MGMT_OPTION_PUBLIC_ADDRESS;
543
544 return cpu_to_le32(options);
545}
546
f4537c04
MH		 547static int new_options(struct hci_dev *hdev, struct sock *skip)
548{
549 __le32 options = get_missing_options(hdev);
550
551 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
552 sizeof(options), skip);
553}
554
dbece37a
MH		 555static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
556{
557 __le32 options = get_missing_options(hdev);
558
2a1afb5a
JH		 559 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
560 sizeof(options));
dbece37a
MH		 561}
562
9fc3bfb6
MH		 563static int read_config_info(struct sock *sk, struct hci_dev *hdev,
564 void *data, u16 data_len)
565{
566 struct mgmt_rp_read_config_info rp;
89bc22d2 567 u32 options = 0;
9fc3bfb6
MH		 568
569 BT_DBG("sock %p %s", sk, hdev->name);
570
571 hci_dev_lock(hdev);
572
573 memset(&rp, 0, sizeof(rp));
574 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 575
eb1904f4
MH		 576 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
577 options |= MGMT_OPTION_EXTERNAL_CONFIG;
578
9fc3bfb6 579 if (hdev->set_bdaddr)
89bc22d2
MH		 580 options |= MGMT_OPTION_PUBLIC_ADDRESS;
581
582 rp.supported_options = cpu_to_le32(options);
583 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 584
585 hci_dev_unlock(hdev);
586
2a1afb5a
JH		 587 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
588 &rp, sizeof(rp));
9fc3bfb6
MH		 589}
590
69ab39ea
JH		 591static u32 get_supported_settings(struct hci_dev *hdev)
592{
593 u32 settings = 0;
594
595 settings |= MGMT_SETTING_POWERED;
b2939475 596 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 597 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 598 settings |= MGMT_SETTING_CONNECTABLE;
599 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 600
ed3fa31f 601 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 602 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
603 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 604 settings |= MGMT_SETTING_BREDR;
605 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 606
607 if (lmp_ssp_capable(hdev)) {
608 settings |= MGMT_SETTING_SSP;
609 settings |= MGMT_SETTING_HS;
610 }
e98d2ce2 611
05b3c3e7 612 if (lmp_sc_capable(hdev))
e98d2ce2 613 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 614 }
d7b7e796 615
eeca6f89 616 if (lmp_le_capable(hdev)) {
9d42820f 617 settings |= MGMT_SETTING_LE;
eeca6f89 618 settings |= MGMT_SETTING_ADVERTISING;
a3209694 619 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 620 settings |= MGMT_SETTING_PRIVACY;
93690c22 621 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 622 }
69ab39ea 623
eb1904f4
MH		 624 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
625 hdev->set_bdaddr)
9fc3bfb6
MH		 626 settings |= MGMT_SETTING_CONFIGURATION;
627
69ab39ea
JH		 628 return settings;
629}
630
631static u32 get_current_settings(struct hci_dev *hdev)
632{
633 u32 settings = 0;
634
f1f0eb02 635 if (hdev_is_powered(hdev))
f0d4b78a
MH		 636 settings |= MGMT_SETTING_POWERED;
637
d7a5a11d 638 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 639 settings |= MGMT_SETTING_CONNECTABLE;
640
d7a5a11d 641 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 642 settings |= MGMT_SETTING_FAST_CONNECTABLE;
643
d7a5a11d 644 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 645 settings |= MGMT_SETTING_DISCOVERABLE;
646
d7a5a11d 647 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 648 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 649
d7a5a11d 650 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 651 settings |= MGMT_SETTING_BREDR;
652
d7a5a11d 653 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 654 settings |= MGMT_SETTING_LE;
655
d7a5a11d 656 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 657 settings |= MGMT_SETTING_LINK_SECURITY;
658
d7a5a11d 659 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 660 settings |= MGMT_SETTING_SSP;
661
d7a5a11d 662 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 663 settings |= MGMT_SETTING_HS;
664
d7a5a11d 665 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 666 settings |= MGMT_SETTING_ADVERTISING;
667
d7a5a11d 668 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 669 settings |= MGMT_SETTING_SECURE_CONN;
670
d7a5a11d 671 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 672 settings |= MGMT_SETTING_DEBUG_KEYS;
673
d7a5a11d 674 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 675 settings |= MGMT_SETTING_PRIVACY;
676
93690c22
MH		 677 /* The current setting for static address has two purposes. The
678 * first is to indicate if the static address will be used and
679 * the second is to indicate if it is actually set.
680 *
681 * This means if the static address is not configured, this flag
682 * will never bet set. If the address is configured, then if the
683 * address is actually used decides if the flag is set or not.
684 *
685 * For single mode LE only controllers and dual-mode controllers
686 * with BR/EDR disabled, the existence of the static address will
687 * be evaluated.
688 */
b7cb93e5 689 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 690 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 691 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
692 if (bacmp(&hdev->static_addr, BDADDR_ANY))
693 settings |= MGMT_SETTING_STATIC_ADDRESS;
694 }
695
69ab39ea
JH		 696 return settings;
697}
698
ef580372
JH		 699#define PNP_INFO_SVCLASS_ID 0x1200
700
213202ed
JH		 701static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
702{
703 u8 *ptr = data, *uuids_start = NULL;
704 struct bt_uuid *uuid;
705
706 if (len < 4)
707 return ptr;
708
709 list_for_each_entry(uuid, &hdev->uuids, list) {
710 u16 uuid16;
711
712 if (uuid->size != 16)
713 continue;
714
715 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
716 if (uuid16 < 0x1100)
717 continue;
718
719 if (uuid16 == PNP_INFO_SVCLASS_ID)
720 continue;
721
722 if (!uuids_start) {
723 uuids_start = ptr;
724 uuids_start[0] = 1;
725 uuids_start[1] = EIR_UUID16_ALL;
726 ptr += 2;
727 }
728
729 /* Stop if not enough space to put next UUID */
730 if ((ptr - data) + sizeof(u16) > len) {
731 uuids_start[1] = EIR_UUID16_SOME;
732 break;
733 }
734
735 *ptr++ = (uuid16 & 0x00ff);
736 *ptr++ = (uuid16 & 0xff00) >> 8;
737 uuids_start[0] += sizeof(uuid16);
738 }
739
740 return ptr;
741}
742
cdf1963f
JH		 743static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
744{
745 u8 *ptr = data, *uuids_start = NULL;
746 struct bt_uuid *uuid;
747
748 if (len < 6)
749 return ptr;
750
751 list_for_each_entry(uuid, &hdev->uuids, list) {
752 if (uuid->size != 32)
753 continue;
754
755 if (!uuids_start) {
756 uuids_start = ptr;
757 uuids_start[0] = 1;
758 uuids_start[1] = EIR_UUID32_ALL;
759 ptr += 2;
760 }
761
762 /* Stop if not enough space to put next UUID */
763 if ((ptr - data) + sizeof(u32) > len) {
764 uuids_start[1] = EIR_UUID32_SOME;
765 break;
766 }
767
768 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
769 ptr += sizeof(u32);
770 uuids_start[0] += sizeof(u32);
771 }
772
773 return ptr;
774}
775
c00d575b
JH		 776static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
777{
778 u8 *ptr = data, *uuids_start = NULL;
779 struct bt_uuid *uuid;
780
781 if (len < 18)
782 return ptr;
783
784 list_for_each_entry(uuid, &hdev->uuids, list) {
785 if (uuid->size != 128)
786 continue;
787
788 if (!uuids_start) {
789 uuids_start = ptr;
790 uuids_start[0] = 1;
791 uuids_start[1] = EIR_UUID128_ALL;
792 ptr += 2;
793 }
794
795 /* Stop if not enough space to put next UUID */
796 if ((ptr - data) + 16 > len) {
797 uuids_start[1] = EIR_UUID128_SOME;
798 break;
799 }
800
801 memcpy(ptr, uuid->uuid, 16);
802 ptr += 16;
803 uuids_start[0] += 16;
804 }
805
806 return ptr;
807}
808
3b0602cd
JH		 809static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
810 struct hci_dev *hdev)
eb2a8d20 811{
3b0602cd 812 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 813
814 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
815 if (cmd->opcode == opcode)
816 return cmd;
817 }
818
819 return NULL;
820}
821
3b0602cd
JH		 822static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
823 struct hci_dev *hdev,
824 const void *data)
95868426 825{
3b0602cd 826 struct mgmt_pending_cmd *cmd;
95868426
JH		 827
828 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
829 if (cmd->user_data != data)
830 continue;
831 if (cmd->opcode == opcode)
832 return cmd;
833 }
834
835 return NULL;
836}
837
f14d8f64
MH		 838static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
839{
7a5f4990
MH		 840 u8 ad_len = 0;
841 size_t name_len;
842
843 name_len = strlen(hdev->dev_name);
844 if (name_len > 0) {
845 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
846
847 if (name_len > max_len) {
848 name_len = max_len;
849 ptr[1] = EIR_NAME_SHORT;
850 } else
851 ptr[1] = EIR_NAME_COMPLETE;
852
853 ptr[0] = name_len + 1;
854
855 memcpy(ptr + 2, hdev->dev_name, name_len);
856
857 ad_len += (name_len + 2);
858 ptr += (name_len + 2);
859 }
860
861 return ad_len;
f14d8f64
MH		 862}
863
864static void update_scan_rsp_data(struct hci_request *req)
865{
866 struct hci_dev *hdev = req->hdev;
867 struct hci_cp_le_set_scan_rsp_data cp;
868 u8 len;
869
d7a5a11d 870 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 871 return;
872
873 memset(&cp, 0, sizeof(cp));
874
875 len = create_scan_rsp_data(hdev, cp.data);
876
eb438b5f
JH		 877 if (hdev->scan_rsp_data_len == len &&
878 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 879 return;
880
eb438b5f
JH		 881 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
882 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 883
884 cp.length = len;
885
886 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
887}
888
9a43e25f
JH		 889static u8 get_adv_discov_flags(struct hci_dev *hdev)
890{
3b0602cd 891 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 892
893 /* If there's a pending mgmt command the flags will not yet have
894 * their final values, so check for this first.
895 */
896 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
897 if (cmd) {
898 struct mgmt_mode *cp = cmd->param;
899 if (cp->val == 0x01)
900 return LE_AD_GENERAL;
901 else if (cp->val == 0x02)
902 return LE_AD_LIMITED;
903 } else {
d7a5a11d 904 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 905 return LE_AD_LIMITED;
d7a5a11d 906 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 907 return LE_AD_GENERAL;
908 }
909
910 return 0;
911}
912
46cad2ed 913static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 914{
915 u8 ad_len = 0, flags = 0;
441ad2d0 916
9a43e25f 917 flags |= get_adv_discov_flags(hdev);
441ad2d0 918
d7a5a11d 919 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 920 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 921
922 if (flags) {
923 BT_DBG("adv flags 0x%02x", flags);
924
925 ptr[0] = 2;
926 ptr[1] = EIR_FLAGS;
927 ptr[2] = flags;
928
929 ad_len += 3;
930 ptr += 3;
931 }
932
933 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
934 ptr[0] = 2;
935 ptr[1] = EIR_TX_POWER;
936 ptr[2] = (u8) hdev->adv_tx_power;
937
938 ad_len += 3;
939 ptr += 3;
940 }
941
441ad2d0
MH		 942 return ad_len;
943}
944
5947f4bc 945static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 946{
947 struct hci_dev *hdev = req->hdev;
948 struct hci_cp_le_set_adv_data cp;
949 u8 len;
950
d7a5a11d 951 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 952 return;
953
954 memset(&cp, 0, sizeof(cp));
955
46cad2ed 956 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 957
958 if (hdev->adv_data_len == len &&
959 memcmp(cp.data, hdev->adv_data, len) == 0)
960 return;
961
962 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
963 hdev->adv_data_len = len;
964
965 cp.length = len;
966
967 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
968}
969
bc6d2d04
JH		 970int mgmt_update_adv_data(struct hci_dev *hdev)
971{
972 struct hci_request req;
973
974 hci_req_init(&req, hdev);
975 update_adv_data(&req);
976
977 return hci_req_run(&req, NULL);
978}
979
ef580372
JH		 980static void create_eir(struct hci_dev *hdev, u8 *data)
981{
982 u8 *ptr = data;
ef580372
JH		 983 size_t name_len;
984
985 name_len = strlen(hdev->dev_name);
986
987 if (name_len > 0) {
988 /* EIR Data type */
989 if (name_len > 48) {
990 name_len = 48;
991 ptr[1] = EIR_NAME_SHORT;
992 } else
993 ptr[1] = EIR_NAME_COMPLETE;
994
995 /* EIR Data length */
996 ptr[0] = name_len + 1;
997
998 memcpy(ptr + 2, hdev->dev_name, name_len);
999
ef580372
JH		 1000 ptr += (name_len + 2);
1001 }
1002
bbaf444a 1003 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1004 ptr[0] = 2;
1005 ptr[1] = EIR_TX_POWER;
1006 ptr[2] = (u8) hdev->inq_tx_power;
1007
91c4e9b1
MH		 1008 ptr += 3;
1009 }
1010
2b9be137
MH		 1011 if (hdev->devid_source > 0) {
1012 ptr[0] = 9;
1013 ptr[1] = EIR_DEVICE_ID;
1014
1015 put_unaligned_le16(hdev->devid_source, ptr + 2);
1016 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1017 put_unaligned_le16(hdev->devid_product, ptr + 6);
1018 put_unaligned_le16(hdev->devid_version, ptr + 8);
1019
2b9be137
MH		 1020 ptr += 10;
1021 }
1022
213202ed 1023 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1024 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1025 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1026}
1027
890ea898 1028static void update_eir(struct hci_request *req)
ef580372 1029{
890ea898 1030 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1031 struct hci_cp_write_eir cp;
1032
504c8dcd 1033 if (!hdev_is_powered(hdev))
890ea898 1034 return;
7770c4aa 1035
976eb20e 1036 if (!lmp_ext_inq_capable(hdev))
890ea898 1037 return;
ef580372 1038
d7a5a11d 1039 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1040 return;
ef580372 1041
d7a5a11d 1042 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1043 return;
ef580372
JH		 1044
1045 memset(&cp, 0, sizeof(cp));
1046
1047 create_eir(hdev, cp.data);
1048
1049 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1050 return;
ef580372
JH		 1051
1052 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1053
890ea898 1054 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1055}
1056
1057static u8 get_service_classes(struct hci_dev *hdev)
1058{
1059 struct bt_uuid *uuid;
1060 u8 val = 0;
1061
1062 list_for_each_entry(uuid, &hdev->uuids, list)
1063 val |= uuid->svc_hint;
1064
1065 return val;
1066}
1067
890ea898 1068static void update_class(struct hci_request *req)
ef580372 1069{
890ea898 1070 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1071 u8 cod[3];
1072
1073 BT_DBG("%s", hdev->name);
1074
504c8dcd 1075 if (!hdev_is_powered(hdev))
890ea898 1076 return;
7770c4aa 1077
d7a5a11d 1078 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1079 return;
1080
d7a5a11d 1081 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1082 return;
ef580372
JH		 1083
1084 cod[0] = hdev->minor_class;
1085 cod[1] = hdev->major_class;
1086 cod[2] = get_service_classes(hdev);
1087
d7a5a11d 1088 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1089 cod[1] |= 0x20;
1090
ef580372 1091 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1092 return;
ef580372 1093
890ea898 1094 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1095}
1096
a4858cb9 1097static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1098{
3b0602cd 1099 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1100
1101 /* If there's a pending mgmt command the flag will not yet have
1102 * it's final value, so check for this first.
1103 */
1104 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1105 if (cmd) {
1106 struct mgmt_mode *cp = cmd->param;
a4858cb9 1107 return cp->val;
199a2fb1
JH		 1108 }
1109
d7a5a11d 1110 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1111}
1112
0ec5ae84
JH		 1113static void disable_advertising(struct hci_request *req)
1114{
1115 u8 enable = 0x00;
1116
1117 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1118}
1119
199a2fb1
JH		 1120static void enable_advertising(struct hci_request *req)
1121{
1122 struct hci_dev *hdev = req->hdev;
1123 struct hci_cp_le_set_adv_param cp;
8f2a0601 1124 u8 own_addr_type, enable = 0x01;
a4858cb9 1125 bool connectable;
199a2fb1 1126
0ec5ae84
JH		 1127 if (hci_conn_num(hdev, LE_LINK) > 0)
1128 return;
1129
d7a5a11d 1130 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1131 disable_advertising(req);
1132
5ce194c4 1133 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1134 * hci_update_random_address knows that it's safe to go ahead
1135 * and write a new random address. The flag will be set back on
1136 * as soon as the SET_ADV_ENABLE HCI command completes.
1137 */
a358dc11 1138 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1139
d7a5a11d 1140 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1141 connectable = true;
1142 else
1143 connectable = get_connectable(hdev);
8f2a0601 1144
a4858cb9
JH		 1145 /* Set require_privacy to true only when non-connectable
1146 * advertising is used. In that case it is fine to use a
1147 * non-resolvable private address.
1148 */
1149 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1150 return;
1151
41c90c18 1152 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1153 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1154 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1155 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1156 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1157 cp.channel_map = hdev->le_adv_channel_map;
1158
1159 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1160
1161 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1162}
1163
7d78525d
JH		 1164static void service_cache_off(struct work_struct *work)
1165{
1166 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1167 service_cache.work);
890ea898 1168 struct hci_request req;
7d78525d 1169
a69d8927 1170 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1171 return;
1172
890ea898
JH		 1173 hci_req_init(&req, hdev);
1174
7d78525d
JH		 1175 hci_dev_lock(hdev);
1176
890ea898
JH		 1177 update_eir(&req);
1178 update_class(&req);
7d78525d
JH		 1179
1180 hci_dev_unlock(hdev);
890ea898
JH		 1181
1182 hci_req_run(&req, NULL);
7d78525d
JH		 1183}
1184
d6bfd59c
JH		 1185static void rpa_expired(struct work_struct *work)
1186{
1187 struct hci_dev *hdev = container_of(work, struct hci_dev,
1188 rpa_expired.work);
1189 struct hci_request req;
1190
1191 BT_DBG("");
1192
a1536da2 1193 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1194
d7a5a11d 1195 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1196 return;
1197
1198 /* The generation of a new RPA and programming it into the
1199 * controller happens in the enable_advertising() function.
1200 */
d6bfd59c 1201 hci_req_init(&req, hdev);
d6bfd59c 1202 enable_advertising(&req);
d6bfd59c
JH		 1203 hci_req_run(&req, NULL);
1204}
1205
6a919082 1206static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1207{
238be788 1208 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1209 return;
1210
4f87da80 1211 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1212 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1213
4f87da80
JH		 1214 /* Non-mgmt controlled devices get this bit set
1215 * implicitly so that pairing works for them, however
1216 * for mgmt we require user-space to explicitly enable
1217 * it
1218 */
a358dc11 1219 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1220}
1221
0f4e68cf 1222static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1223 void *data, u16 data_len)
0381101f 1224{
a38528f1 1225 struct mgmt_rp_read_info rp;
f7b64e69 1226
bdb6d971 1227 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1228
09fd0de5 1229 hci_dev_lock(hdev);
f7b64e69 1230
dc4fe30b
JH		 1231 memset(&rp, 0, sizeof(rp));
1232
69ab39ea 1233 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1234
69ab39ea 1235 rp.version = hdev->hci_ver;
eb55ef07 1236 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1237
1238 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1239 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1240
a38528f1 1241 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1242
dc4fe30b 1243 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1244 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1245
09fd0de5 1246 hci_dev_unlock(hdev);
0381101f 1247
2a1afb5a
JH		 1248 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1249 sizeof(rp));
0381101f
JH		 1250}
1251
3b0602cd 1252static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1253{
1254 sock_put(cmd->sk);
c68fb7ff 1255 kfree(cmd->param);
eec8d2bc
JH		 1256 kfree(cmd);
1257}
1258
3b0602cd
JH		 1259static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1260 struct hci_dev *hdev,
1261 void *data, u16 len)
eec8d2bc 1262{
3b0602cd 1263 struct mgmt_pending_cmd *cmd;
eec8d2bc 1264
fca20018 1265 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1266 if (!cmd)
366a0336 1267 return NULL;
eec8d2bc
JH		 1268
1269 cmd->opcode = opcode;
2e58ef3e 1270 cmd->index = hdev->id;
eec8d2bc 1271
323b0b88 1272 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1273 if (!cmd->param) {
eec8d2bc 1274 kfree(cmd);
366a0336 1275 return NULL;
eec8d2bc
JH		 1276 }
1277
323b0b88 1278 cmd->param_len = len;
eec8d2bc
JH		 1279
1280 cmd->sk = sk;
1281 sock_hold(sk);
1282
2e58ef3e 1283 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1284
366a0336 1285 return cmd;
eec8d2bc
JH		 1286}
1287
744cf19e 1288static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1289 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1290 void *data),
04124681 1291 void *data)
eec8d2bc 1292{
3b0602cd 1293 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1294
a3d09356 1295 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1296 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1297 continue;
1298
eec8d2bc
JH		 1299 cb(cmd, data);
1300 }
1301}
1302
3b0602cd 1303static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1304{
73f22f62
JH		 1305 list_del(&cmd->list);
1306 mgmt_pending_free(cmd);
1307}
1308
69ab39ea 1309static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1310{
69ab39ea 1311 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1312
2a1afb5a
JH		 1313 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1314 sizeof(settings));
8680570b
JH		 1315}
1316
1904a853 1317static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1318{
1319 BT_DBG("%s status 0x%02x", hdev->name, status);
1320
a3172b7e
JH		 1321 if (hci_conn_count(hdev) == 0) {
1322 cancel_delayed_work(&hdev->power_off);
8b064a3a 1323 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1324 }
8b064a3a
JH		 1325}
1326
23a48093 1327static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1328{
1329 struct hci_dev *hdev = req->hdev;
1330 struct hci_cp_remote_name_req_cancel cp;
1331 struct inquiry_entry *e;
1332
1333 switch (hdev->discovery.state) {
1334 case DISCOVERY_FINDING:
1335 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1336 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1337 } else {
1338 cancel_delayed_work(&hdev->le_scan_disable);
1339 hci_req_add_le_scan_disable(req);
1340 }
1341
23a48093 1342 return true;
21a60d30
JH		 1343
1344 case DISCOVERY_RESOLVING:
1345 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1346 NAME_PENDING);
1347 if (!e)
23a48093 1348 break;
21a60d30
JH		 1349
1350 bacpy(&cp.bdaddr, &e->data.bdaddr);
1351 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1352 &cp);
1353
23a48093 1354 return true;
21a60d30
JH		 1355
1356 default:
1357 /* Passive scanning */
d7a5a11d 1358 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1359 hci_req_add_le_scan_disable(req);
23a48093
JH		 1360 return true;
1361 }
1362
21a60d30
JH		 1363 break;
1364 }
23a48093
JH		 1365
1366 return false;
21a60d30
JH		 1367}
1368
8b064a3a
JH		 1369static int clean_up_hci_state(struct hci_dev *hdev)
1370{
1371 struct hci_request req;
1372 struct hci_conn *conn;
23a48093
JH		 1373 bool discov_stopped;
1374 int err;
8b064a3a
JH		 1375
1376 hci_req_init(&req, hdev);
1377
1378 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1379 test_bit(HCI_PSCAN, &hdev->flags)) {
1380 u8 scan = 0x00;
1381 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1382 }
1383
d7a5a11d 1384 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1385 disable_advertising(&req);
1386
23a48093 1387 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1388
1389 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1390 struct hci_cp_disconnect dc;
c9910d0f
JH		 1391 struct hci_cp_reject_conn_req rej;
1392
1393 switch (conn->state) {
1394 case BT_CONNECTED:
1395 case BT_CONFIG:
1396 dc.handle = cpu_to_le16(conn->handle);
1397 dc.reason = 0x15; /* Terminated due to Power Off */
1398 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1399 break;
1400 case BT_CONNECT:
1401 if (conn->type == LE_LINK)
1402 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1403 0, NULL);
1404 else if (conn->type == ACL_LINK)
1405 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1406 6, &conn->dst);
1407 break;
1408 case BT_CONNECT2:
1409 bacpy(&rej.bdaddr, &conn->dst);
1410 rej.reason = 0x15; /* Terminated due to Power Off */
1411 if (conn->type == ACL_LINK)
1412 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1413 sizeof(rej), &rej);
1414 else if (conn->type == SCO_LINK)
1415 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1416 sizeof(rej), &rej);
1417 break;
1418 }
8b064a3a
JH		 1419 }
1420
23a48093
JH		 1421 err = hci_req_run(&req, clean_up_hci_complete);
1422 if (!err && discov_stopped)
1423 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1424
1425 return err;
8b064a3a
JH		 1426}
1427
bdb6d971 1428static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1429 u16 len)
eec8d2bc 1430{
650f726d 1431 struct mgmt_mode *cp = data;
3b0602cd 1432 struct mgmt_pending_cmd *cmd;
4b34ee78 1433 int err;
eec8d2bc 1434
bdb6d971 1435 BT_DBG("request for %s", hdev->name);
eec8d2bc 1436
a7e80f25 1437 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1439 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1440
09fd0de5 1441 hci_dev_lock(hdev);
eec8d2bc 1442
87b95ba6 1443 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1444 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1445 MGMT_STATUS_BUSY);
87b95ba6
JH		 1446 goto failed;
1447 }
1448
a69d8927 1449 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1450 cancel_delayed_work(&hdev->power_off);
1451
1452 if (cp->val) {
a1d70450
JH		 1453 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1454 data, len);
1455 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1456 goto failed;
1457 }
1458 }
1459
4b34ee78 1460 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1461 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1462 goto failed;
1463 }
1464
2e58ef3e 1465 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1466 if (!cmd) {
1467 err = -ENOMEM;
eec8d2bc 1468 goto failed;
366a0336 1469 }
eec8d2bc 1470
8b064a3a 1471 if (cp->val) {
19202573 1472 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1473 err = 0;
1474 } else {
1475 /* Disconnect connections, stop scans, etc */
1476 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1477 if (!err)
1478 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1479 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1480
8b064a3a
JH		 1481 /* ENODATA means there were no HCI commands queued */
1482 if (err == -ENODATA) {
a3172b7e 1483 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1484 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1485 err = 0;
1486 }
1487 }
eec8d2bc
JH		 1488
1489failed:
09fd0de5 1490 hci_dev_unlock(hdev);
366a0336 1491 return err;
eec8d2bc
JH		 1492}
1493
beadb2bd
JH		 1494static int new_settings(struct hci_dev *hdev, struct sock *skip)
1495{
1496 __le32 ev;
1497
1498 ev = cpu_to_le32(get_current_settings(hdev));
1499
1500 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1501}
1502
91a668b0
JH		 1503int mgmt_new_settings(struct hci_dev *hdev)
1504{
1505 return new_settings(hdev, NULL);
1506}
1507
bd99abdd
JH		 1508struct cmd_lookup {
1509 struct sock *sk;
1510 struct hci_dev *hdev;
1511 u8 mgmt_status;
1512};
1513
3b0602cd 1514static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1515{
1516 struct cmd_lookup *match = data;
1517
1518 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1519
1520 list_del(&cmd->list);
1521
1522 if (match->sk == NULL) {
1523 match->sk = cmd->sk;
1524 sock_hold(match->sk);
1525 }
1526
1527 mgmt_pending_free(cmd);
1528}
1529
3b0602cd 1530static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1531{
1532 u8 *status = data;
1533
a69e8375 1534 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1535 mgmt_pending_remove(cmd);
1536}
1537
3b0602cd 1538static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1539{
1540 if (cmd->cmd_complete) {
1541 u8 *status = data;
1542
1543 cmd->cmd_complete(cmd, *status);
1544 mgmt_pending_remove(cmd);
1545
1546 return;
1547 }
1548
1549 cmd_status_rsp(cmd, data);
1550}
1551
3b0602cd 1552static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1553{
2a1afb5a
JH		 1554 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1555 cmd->param, cmd->param_len);
f5818c22
JH		 1556}
1557
3b0602cd 1558static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1559{
2a1afb5a
JH		 1560 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1561 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1562}
1563
e6fe7986
JH		 1564static u8 mgmt_bredr_support(struct hci_dev *hdev)
1565{
1566 if (!lmp_bredr_capable(hdev))
1567 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1568 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1569 return MGMT_STATUS_REJECTED;
1570 else
1571 return MGMT_STATUS_SUCCESS;
1572}
1573
1574static u8 mgmt_le_support(struct hci_dev *hdev)
1575{
1576 if (!lmp_le_capable(hdev))
1577 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1578 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1579 return MGMT_STATUS_REJECTED;
1580 else
1581 return MGMT_STATUS_SUCCESS;
1582}
1583
1904a853
MH		 1584static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1585 u16 opcode)
bfaf8c9f 1586{
3b0602cd 1587 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1588 struct mgmt_mode *cp;
970ba524 1589 struct hci_request req;
bfaf8c9f
JH		 1590 bool changed;
1591
1592 BT_DBG("status 0x%02x", status);
1593
1594 hci_dev_lock(hdev);
1595
1596 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1597 if (!cmd)
1598 goto unlock;
1599
1600 if (status) {
1601 u8 mgmt_err = mgmt_status(status);
a69e8375 1602 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1603 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1604 goto remove_cmd;
1605 }
1606
1607 cp = cmd->param;
d4462a07 1608 if (cp->val) {
238be788 1609 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1610
1611 if (hdev->discov_timeout > 0) {
1612 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1613 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1614 to);
1615 }
1616 } else {
a69d8927 1617 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1618 }
bfaf8c9f
JH		 1619
1620 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1621
1622 if (changed)
1623 new_settings(hdev, cmd->sk);
1624
970ba524
MH		 1625 /* When the discoverable mode gets changed, make sure
1626 * that class of device has the limited discoverable
432df05e
JH		 1627 * bit correctly set. Also update page scan based on whitelist
1628 * entries.
970ba524
MH		 1629 */
1630 hci_req_init(&req, hdev);
1d2dc5b7 1631 __hci_update_page_scan(&req);
970ba524
MH		 1632 update_class(&req);
1633 hci_req_run(&req, NULL);
1634
bfaf8c9f
JH		 1635remove_cmd:
1636 mgmt_pending_remove(cmd);
1637
1638unlock:
1639 hci_dev_unlock(hdev);
1640}
1641
bdb6d971 1642static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1643 u16 len)
73f22f62 1644{
650f726d 1645 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1646 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1647 struct hci_request req;
5e5282bb 1648 u16 timeout;
9a43e25f 1649 u8 scan;
73f22f62
JH		 1650 int err;
1651
bdb6d971 1652 BT_DBG("request for %s", hdev->name);
73f22f62 1653
d7a5a11d
MH		 1654 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1655 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1657 MGMT_STATUS_REJECTED);
33c525c0 1658
310a3d48 1659 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1660 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1661 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1662
1f350c87 1663 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1664
1665 /* Disabling discoverable requires that no timeout is set,
1666 * and enabling limited discoverable requires a timeout.
1667 */
1668 if ((cp->val == 0x00 && timeout > 0) ||
1669 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1671 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1672
09fd0de5 1673 hci_dev_lock(hdev);
73f22f62 1674
5e5282bb 1675 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1677 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1678 goto failed;
1679 }
1680
2e58ef3e 1681 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1682 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1683 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1684 MGMT_STATUS_BUSY);
73f22f62
JH		 1685 goto failed;
1686 }
1687
d7a5a11d 1688 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1689 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1690 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1691 goto failed;
1692 }
1693
1694 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1695 bool changed = false;
1696
310a3d48
MH		 1697 /* Setting limited discoverable when powered off is
1698 * not a valid operation since it requires a timeout
1699 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1700 */
d7a5a11d 1701 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1702 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1703 changed = true;
1704 }
1705
5e5282bb 1706 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1707 if (err < 0)
1708 goto failed;
1709
1710 if (changed)
1711 err = new_settings(hdev, sk);
1712
5e5282bb
JH		 1713 goto failed;
1714 }
1715
310a3d48
MH		 1716 /* If the current mode is the same, then just update the timeout
1717 * value with the new value. And if only the timeout gets updated,
1718 * then no need for any HCI transactions.
1719 */
d7a5a11d
MH		 1720 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1721 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1722 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1723 cancel_delayed_work(&hdev->discov_off);
1724 hdev->discov_timeout = timeout;
955638ec 1725
36261547
MH		 1726 if (cp->val && hdev->discov_timeout > 0) {
1727 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1728 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1729 to);
955638ec
MH		 1730 }
1731
69ab39ea 1732 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1733 goto failed;
1734 }
1735
2e58ef3e 1736 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1737 if (!cmd) {
1738 err = -ENOMEM;
73f22f62 1739 goto failed;
366a0336 1740 }
73f22f62 1741
310a3d48
MH		 1742 /* Cancel any potential discoverable timeout that might be
1743 * still active and store new timeout value. The arming of
1744 * the timeout happens in the complete handler.
1745 */
1746 cancel_delayed_work(&hdev->discov_off);
1747 hdev->discov_timeout = timeout;
1748
b456f87c
JH		 1749 /* Limited discoverable mode */
1750 if (cp->val == 0x02)
a1536da2 1751 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1752 else
a358dc11 1753 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1754
bfaf8c9f
JH		 1755 hci_req_init(&req, hdev);
1756
9a43e25f
JH		 1757 /* The procedure for LE-only controllers is much simpler - just
1758 * update the advertising data.
1759 */
d7a5a11d 1760 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1761 goto update_ad;
1762
73f22f62
JH		 1763 scan = SCAN_PAGE;
1764
310a3d48
MH		 1765 if (cp->val) {
1766 struct hci_cp_write_current_iac_lap hci_cp;
1767
1768 if (cp->val == 0x02) {
1769 /* Limited discoverable mode */
33337dcb 1770 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1771 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1772 hci_cp.iac_lap[1] = 0x8b;
1773 hci_cp.iac_lap[2] = 0x9e;
1774 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1775 hci_cp.iac_lap[4] = 0x8b;
1776 hci_cp.iac_lap[5] = 0x9e;
1777 } else {
1778 /* General discoverable mode */
310a3d48
MH		 1779 hci_cp.num_iac = 1;
1780 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1781 hci_cp.iac_lap[1] = 0x8b;
1782 hci_cp.iac_lap[2] = 0x9e;
1783 }
1784
1785 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1786 (hci_cp.num_iac * 3) + 1, &hci_cp);
1787
73f22f62 1788 scan |= SCAN_INQUIRY;
310a3d48 1789 } else {
a358dc11 1790 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1791 }
73f22f62 1792
310a3d48 1793 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1794
9a43e25f
JH		 1795update_ad:
1796 update_adv_data(&req);
1797
bfaf8c9f 1798 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1799 if (err < 0)
a664b5bc 1800 mgmt_pending_remove(cmd);
73f22f62
JH		 1801
1802failed:
09fd0de5 1803 hci_dev_unlock(hdev);
73f22f62
JH		 1804 return err;
1805}
1806
406d7804
JH		 1807static void write_fast_connectable(struct hci_request *req, bool enable)
1808{
bd98b996 1809 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1810 struct hci_cp_write_page_scan_activity acp;
1811 u8 type;
1812
d7a5a11d 1813 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1814 return;
1815
4c01f8b8
JH		 1816 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1817 return;
1818
406d7804
JH		 1819 if (enable) {
1820 type = PAGE_SCAN_TYPE_INTERLACED;
1821
1822 /* 160 msec page scan interval */
dcf4adbf 1823 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1824 } else {
1825 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1826
1827 /* default 1.28 sec page scan */
dcf4adbf 1828 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1829 }
1830
dcf4adbf 1831 acp.window = cpu_to_le16(0x0012);
406d7804 1832
bd98b996
JH		 1833 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1834 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1835 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1836 sizeof(acp), &acp);
1837
1838 if (hdev->page_scan_type != type)
1839 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1840}
1841
1904a853
MH		 1842static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1843 u16 opcode)
2b76f453 1844{
3b0602cd 1845 struct mgmt_pending_cmd *cmd;
d7b856f9 1846 struct mgmt_mode *cp;
bc6d2d04 1847 bool conn_changed, discov_changed;
2b76f453
JH		 1848
1849 BT_DBG("status 0x%02x", status);
1850
1851 hci_dev_lock(hdev);
1852
1853 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1854 if (!cmd)
1855 goto unlock;
1856
37438c1f
JH		 1857 if (status) {
1858 u8 mgmt_err = mgmt_status(status);
a69e8375 1859 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1860 goto remove_cmd;
1861 }
1862
d7b856f9 1863 cp = cmd->param;
bc6d2d04 1864 if (cp->val) {
238be788
MH		 1865 conn_changed = !hci_dev_test_and_set_flag(hdev,
1866 HCI_CONNECTABLE);
bc6d2d04
JH		 1867 discov_changed = false;
1868 } else {
a69d8927
MH		 1869 conn_changed = hci_dev_test_and_clear_flag(hdev,
1870 HCI_CONNECTABLE);
1871 discov_changed = hci_dev_test_and_clear_flag(hdev,
1872 HCI_DISCOVERABLE);
bc6d2d04 1873 }
d7b856f9 1874
2b76f453
JH		 1875 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1876
bc6d2d04 1877 if (conn_changed || discov_changed) {
d7b856f9 1878 new_settings(hdev, cmd->sk);
1d2dc5b7 1879 hci_update_page_scan(hdev);
bc6d2d04
JH		 1880 if (discov_changed)
1881 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1882 hci_update_background_scan(hdev);
1883 }
d7b856f9 1884
37438c1f 1885remove_cmd:
2b76f453
JH		 1886 mgmt_pending_remove(cmd);
1887
1888unlock:
1889 hci_dev_unlock(hdev);
1890}
1891
e8ba3a1f
JH		 1892static int set_connectable_update_settings(struct hci_dev *hdev,
1893 struct sock *sk, u8 val)
1894{
1895 bool changed = false;
1896 int err;
1897
d7a5a11d 1898 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1899 changed = true;
1900
1901 if (val) {
a1536da2 1902 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1903 } else {
a358dc11
MH		 1904 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1905 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1906 }
1907
1908 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1909 if (err < 0)
1910 return err;
1911
562064e6 1912 if (changed) {
1d2dc5b7 1913 hci_update_page_scan(hdev);
562064e6 1914 hci_update_background_scan(hdev);
e8ba3a1f 1915 return new_settings(hdev, sk);
562064e6 1916 }
e8ba3a1f
JH		 1917
1918 return 0;
1919}
1920
bdb6d971 1921static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1922 u16 len)
9fbcbb45 1923{
650f726d 1924 struct mgmt_mode *cp = data;
3b0602cd 1925 struct mgmt_pending_cmd *cmd;
2b76f453 1926 struct hci_request req;
1987fdc7 1927 u8 scan;
9fbcbb45
JH		 1928 int err;
1929
bdb6d971 1930 BT_DBG("request for %s", hdev->name);
9fbcbb45 1931
d7a5a11d
MH		 1932 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1933 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1934 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1935 MGMT_STATUS_REJECTED);
33c525c0 1936
a7e80f25 1937 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1938 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1939 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1940
09fd0de5 1941 hci_dev_lock(hdev);
9fbcbb45 1942
4b34ee78 1943 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1944 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1945 goto failed;
1946 }
1947
2e58ef3e 1948 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1949 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1950 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1951 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1952 goto failed;
1953 }
1954
2e58ef3e 1955 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1956 if (!cmd) {
1957 err = -ENOMEM;
9fbcbb45 1958 goto failed;
366a0336 1959 }
9fbcbb45 1960
9b74246f 1961 hci_req_init(&req, hdev);
9fbcbb45 1962
9a43e25f
JH		 1963 /* If BR/EDR is not enabled and we disable advertising as a
1964 * by-product of disabling connectable, we need to update the
1965 * advertising flags.
1966 */
d7a5a11d 1967 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 1968 if (!cp->val) {
a358dc11
MH		 1969 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1970 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 1971 }
1972 update_adv_data(&req);
1973 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1974 if (cp->val) {
1975 scan = SCAN_PAGE;
1976 } else {
3bd27240
JH		 1977 /* If we don't have any whitelist entries just
1978 * disable all scanning. If there are entries
1979 * and we had both page and inquiry scanning
1980 * enabled then fall back to only page scanning.
1981 * Otherwise no changes are needed.
1982 */
1983 if (list_empty(&hdev->whitelist))
1984 scan = SCAN_DISABLED;
1985 else if (test_bit(HCI_ISCAN, &hdev->flags))
1986 scan = SCAN_PAGE;
1987 else
1988 goto no_scan_update;
9b74246f
JH		 1989
1990 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1991 hdev->discov_timeout > 0)
9b74246f
JH		 1992 cancel_delayed_work(&hdev->discov_off);
1993 }
2b76f453 1994
9b74246f
JH		 1995 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1996 }
2b76f453 1997
3bd27240 1998no_scan_update:
e8b1202c 1999 /* Update the advertising parameters if necessary */
d7a5a11d 2000 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 2001 enable_advertising(&req);
1987fdc7 2002
2b76f453 2003 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2004 if (err < 0) {
a664b5bc 2005 mgmt_pending_remove(cmd);
9b74246f 2006 if (err == -ENODATA)
a81070ba
JH		 2007 err = set_connectable_update_settings(hdev, sk,
2008 cp->val);
9b74246f
JH		 2009 goto failed;
2010 }
9fbcbb45
JH		 2011
2012failed:
09fd0de5 2013 hci_dev_unlock(hdev);
9fbcbb45
JH		 2014 return err;
2015}
2016
b2939475 2017static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2018 u16 len)
c542a06c 2019{
650f726d 2020 struct mgmt_mode *cp = data;
55594356 2021 bool changed;
c542a06c
JH		 2022 int err;
2023
bdb6d971 2024 BT_DBG("request for %s", hdev->name);
c542a06c 2025
a7e80f25 2026 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2027 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2028 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2029
09fd0de5 2030 hci_dev_lock(hdev);
c542a06c
JH		 2031
2032 if (cp->val)
238be788 2033 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2034 else
a69d8927 2035 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2036
b2939475 2037 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2038 if (err < 0)
55594356 2039 goto unlock;
c542a06c 2040
55594356
MH		 2041 if (changed)
2042 err = new_settings(hdev, sk);
c542a06c 2043
55594356 2044unlock:
09fd0de5 2045 hci_dev_unlock(hdev);
c542a06c
JH		 2046 return err;
2047}
2048
04124681
GP		 2049static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2050 u16 len)
33ef95ed
JH		 2051{
2052 struct mgmt_mode *cp = data;
3b0602cd 2053 struct mgmt_pending_cmd *cmd;
e6fe7986 2054 u8 val, status;
33ef95ed
JH		 2055 int err;
2056
bdb6d971 2057 BT_DBG("request for %s", hdev->name);
33ef95ed 2058
e6fe7986
JH		 2059 status = mgmt_bredr_support(hdev);
2060 if (status)
a69e8375
JH		 2061 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2062 status);
33c525c0 2063
a7e80f25 2064 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2065 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2066 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2067
33ef95ed
JH		 2068 hci_dev_lock(hdev);
2069
4b34ee78 2070 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2071 bool changed = false;
2072
d7a5a11d 2073 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2074 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2075 changed = true;
2076 }
2077
2078 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2079 if (err < 0)
2080 goto failed;
2081
2082 if (changed)
2083 err = new_settings(hdev, sk);
2084
33ef95ed
JH		 2085 goto failed;
2086 }
2087
2088 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2089 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2090 MGMT_STATUS_BUSY);
33ef95ed
JH		 2091 goto failed;
2092 }
2093
2094 val = !!cp->val;
2095
2096 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2097 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2098 goto failed;
2099 }
2100
2101 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2102 if (!cmd) {
2103 err = -ENOMEM;
2104 goto failed;
2105 }
2106
2107 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2108 if (err < 0) {
2109 mgmt_pending_remove(cmd);
2110 goto failed;
2111 }
2112
2113failed:
2114 hci_dev_unlock(hdev);
33ef95ed
JH		 2115 return err;
2116}
2117
bdb6d971 2118static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2119{
2120 struct mgmt_mode *cp = data;
3b0602cd 2121 struct mgmt_pending_cmd *cmd;
72ef0c1a 2122 u8 status;
ed2c4ee3
JH		 2123 int err;
2124
bdb6d971 2125 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2126
cdba5281
MH		 2127 status = mgmt_bredr_support(hdev);
2128 if (status)
a69e8375 2129 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2130
13ecd8b6 2131 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2132 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2133 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2134
a7e80f25 2135 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2136 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2137 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2138
13ecd8b6 2139 hci_dev_lock(hdev);
6c8f12c1 2140
4b34ee78 2141 if (!hdev_is_powered(hdev)) {
9ecb3e24 2142 bool changed;
c0ecddc2 2143
9ecb3e24 2144 if (cp->val) {
238be788
MH		 2145 changed = !hci_dev_test_and_set_flag(hdev,
2146 HCI_SSP_ENABLED);
9ecb3e24 2147 } else {
a69d8927
MH		 2148 changed = hci_dev_test_and_clear_flag(hdev,
2149 HCI_SSP_ENABLED);
9ecb3e24 2150 if (!changed)
a69d8927
MH		 2151 changed = hci_dev_test_and_clear_flag(hdev,
2152 HCI_HS_ENABLED);
9ecb3e24 2153 else
a358dc11 2154 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2155 }
2156
2157 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2158 if (err < 0)
2159 goto failed;
2160
2161 if (changed)
2162 err = new_settings(hdev, sk);
2163
ed2c4ee3
JH		 2164 goto failed;
2165 }
2166
94d52dad 2167 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2169 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2170 goto failed;
2171 }
2172
d7a5a11d 2173 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2174 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2175 goto failed;
2176 }
2177
2178 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2179 if (!cmd) {
2180 err = -ENOMEM;
2181 goto failed;
2182 }
2183
d7a5a11d 2184 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2185 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2186 sizeof(cp->val), &cp->val);
2187
72ef0c1a 2188 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2189 if (err < 0) {
2190 mgmt_pending_remove(cmd);
2191 goto failed;
2192 }
2193
2194failed:
2195 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2196 return err;
2197}
2198
bdb6d971 2199static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2200{
2201 struct mgmt_mode *cp = data;
ee392693 2202 bool changed;
e6fe7986 2203 u8 status;
ee392693 2204 int err;
6d80dfd0 2205
bdb6d971 2206 BT_DBG("request for %s", hdev->name);
6d80dfd0 2207
e6fe7986
JH		 2208 status = mgmt_bredr_support(hdev);
2209 if (status)
a69e8375 2210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2211
9ecb3e24 2212 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2214 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2215
d7a5a11d 2216 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2218 MGMT_STATUS_REJECTED);
9ecb3e24 2219
a7e80f25 2220 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2222 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2223
ee392693
MH		 2224 hci_dev_lock(hdev);
2225
a2cb01de 2226 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2227 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2228 MGMT_STATUS_BUSY);
a2cb01de
JH		 2229 goto unlock;
2230 }
2231
a0cdf960 2232 if (cp->val) {
238be788 2233 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2234 } else {
2235 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2236 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2237 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2238 goto unlock;
2239 }
2240
a69d8927 2241 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2242 }
ee392693
MH		 2243
2244 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2245 if (err < 0)
2246 goto unlock;
2247
2248 if (changed)
2249 err = new_settings(hdev, sk);
6d80dfd0 2250
ee392693
MH		 2251unlock:
2252 hci_dev_unlock(hdev);
2253 return err;
6d80dfd0
JH		 2254}
2255
1904a853 2256static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2257{
2258 struct cmd_lookup match = { NULL, hdev };
2259
3ad67582
JK		 2260 hci_dev_lock(hdev);
2261
416a4ae5
JH		 2262 if (status) {
2263 u8 mgmt_err = mgmt_status(status);
2264
2265 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2266 &mgmt_err);
3ad67582 2267 goto unlock;
416a4ae5
JH		 2268 }
2269
2270 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2271
2272 new_settings(hdev, match.sk);
2273
2274 if (match.sk)
2275 sock_put(match.sk);
441ad2d0
MH		 2276
2277 /* Make sure the controller has a good default for
2278 * advertising data. Restrict the update to when LE
2279 * has actually been enabled. During power on, the
2280 * update in powered_update_hci will take care of it.
2281 */
d7a5a11d 2282 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2283 struct hci_request req;
2284
441ad2d0 2285 hci_req_init(&req, hdev);
5947f4bc 2286 update_adv_data(&req);
f14d8f64 2287 update_scan_rsp_data(&req);
2cf22218 2288 __hci_update_background_scan(&req);
441ad2d0 2289 hci_req_run(&req, NULL);
441ad2d0 2290 }
3ad67582
JK		 2291
2292unlock:
2293 hci_dev_unlock(hdev);
416a4ae5
JH		 2294}
2295
bdb6d971 2296static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2297{
2298 struct mgmt_mode *cp = data;
2299 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2300 struct mgmt_pending_cmd *cmd;
416a4ae5 2301 struct hci_request req;
06199cf8 2302 int err;
0b60eba1 2303 u8 val, enabled;
06199cf8 2304
bdb6d971 2305 BT_DBG("request for %s", hdev->name);
06199cf8 2306
13ecd8b6 2307 if (!lmp_le_capable(hdev))
a69e8375
JH		 2308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2309 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2310
a7e80f25 2311 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2312 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2313 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2314
c73eee91 2315 /* LE-only devices do not allow toggling LE on/off */
d7a5a11d 2316 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2318 MGMT_STATUS_REJECTED);
c73eee91 2319
13ecd8b6 2320 hci_dev_lock(hdev);
06199cf8
JH		 2321
2322 val = !!cp->val;
ffa88e02 2323 enabled = lmp_host_le_capable(hdev);
06199cf8 2324
0b60eba1 2325 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2326 bool changed = false;
2327
d7a5a11d 2328 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2329 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2330 changed = true;
2331 }
2332
d7a5a11d 2333 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2334 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2335 changed = true;
2336 }
2337
06199cf8
JH		 2338 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2339 if (err < 0)
1de028ce 2340 goto unlock;
06199cf8
JH		 2341
2342 if (changed)
2343 err = new_settings(hdev, sk);
2344
1de028ce 2345 goto unlock;
06199cf8
JH		 2346 }
2347
4375f103
JH		 2348 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2349 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2350 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2351 MGMT_STATUS_BUSY);
1de028ce 2352 goto unlock;
06199cf8
JH		 2353 }
2354
2355 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2356 if (!cmd) {
2357 err = -ENOMEM;
1de028ce 2358 goto unlock;
06199cf8
JH		 2359 }
2360
441ad2d0
MH		 2361 hci_req_init(&req, hdev);
2362
06199cf8
JH		 2363 memset(&hci_cp, 0, sizeof(hci_cp));
2364
2365 if (val) {
2366 hci_cp.le = val;
32226e4f 2367 hci_cp.simul = 0x00;
441ad2d0 2368 } else {
d7a5a11d 2369 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2370 disable_advertising(&req);
06199cf8
JH		 2371 }
2372
416a4ae5
JH		 2373 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2374 &hci_cp);
2375
2376 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2377 if (err < 0)
06199cf8 2378 mgmt_pending_remove(cmd);
06199cf8 2379
1de028ce
JH		 2380unlock:
2381 hci_dev_unlock(hdev);
06199cf8
JH		 2382 return err;
2383}
2384
0cab9c80
JH		 2385/* This is a helper function to test for pending mgmt commands that can
2386 * cause CoD or EIR HCI commands. We can only allow one such pending
2387 * mgmt command at a time since otherwise we cannot easily track what
2388 * the current values are, will be, and based on that calculate if a new
2389 * HCI command needs to be sent and if yes with what value.
2390 */
2391static bool pending_eir_or_class(struct hci_dev *hdev)
2392{
3b0602cd 2393 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2394
2395 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2396 switch (cmd->opcode) {
2397 case MGMT_OP_ADD_UUID:
2398 case MGMT_OP_REMOVE_UUID:
2399 case MGMT_OP_SET_DEV_CLASS:
2400 case MGMT_OP_SET_POWERED:
2401 return true;
2402 }
2403 }
2404
2405 return false;
2406}
2407
83be8eca
JH		 2408static const u8 bluetooth_base_uuid[] = {
2409 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2410 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2411};
2412
2413static u8 get_uuid_size(const u8 *uuid)
2414{
2415 u32 val;
2416
2417 if (memcmp(uuid, bluetooth_base_uuid, 12))
2418 return 128;
2419
2420 val = get_unaligned_le32(&uuid[12]);
2421 if (val > 0xffff)
2422 return 32;
2423
2424 return 16;
2425}
2426
92da6097
JH		 2427static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2428{
3b0602cd 2429 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2430
2431 hci_dev_lock(hdev);
2432
2433 cmd = mgmt_pending_find(mgmt_op, hdev);
2434 if (!cmd)
2435 goto unlock;
2436
2a1afb5a
JH		 2437 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2438 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2439
2440 mgmt_pending_remove(cmd);
2441
2442unlock:
2443 hci_dev_unlock(hdev);
2444}
2445
1904a853 2446static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2447{
2448 BT_DBG("status 0x%02x", status);
2449
2450 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2451}
2452
bdb6d971 2453static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2454{
650f726d 2455 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2456 struct mgmt_pending_cmd *cmd;
890ea898 2457 struct hci_request req;
2aeb9a1a 2458 struct bt_uuid *uuid;
2aeb9a1a
JH		 2459 int err;
2460
bdb6d971 2461 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2462
09fd0de5 2463 hci_dev_lock(hdev);
2aeb9a1a 2464
0cab9c80 2465 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2466 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2467 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2468 goto failed;
2469 }
2470
92c4c204 2471 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2472 if (!uuid) {
2473 err = -ENOMEM;
2474 goto failed;
2475 }
2476
2477 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2478 uuid->svc_hint = cp->svc_hint;
83be8eca 2479 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2480
de66aa63 2481 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2482
890ea898 2483 hci_req_init(&req, hdev);
1aff6f09 2484
890ea898
JH		 2485 update_class(&req);
2486 update_eir(&req);
2487
92da6097
JH		 2488 err = hci_req_run(&req, add_uuid_complete);
2489 if (err < 0) {
2490 if (err != -ENODATA)
2491 goto failed;
80a1e1db 2492
2a1afb5a
JH		 2493 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2494 hdev->dev_class, 3);
90e70454
JH		 2495 goto failed;
2496 }
2497
2498 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2499 if (!cmd) {
90e70454 2500 err = -ENOMEM;
890ea898
JH		 2501 goto failed;
2502 }
2503
2504 err = 0;
2aeb9a1a
JH		 2505
2506failed:
09fd0de5 2507 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2508 return err;
2509}
2510
24b78d0f
JH		 2511static bool enable_service_cache(struct hci_dev *hdev)
2512{
2513 if (!hdev_is_powered(hdev))
2514 return false;
2515
238be788 2516 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2517 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2518 CACHE_TIMEOUT);
24b78d0f
JH		 2519 return true;
2520 }
2521
2522 return false;
2523}
2524
1904a853 2525static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2526{
2527 BT_DBG("status 0x%02x", status);
2528
2529 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2530}
2531
bdb6d971 2532static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2533 u16 len)
2aeb9a1a 2534{
650f726d 2535 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2536 struct mgmt_pending_cmd *cmd;
056341c8 2537 struct bt_uuid *match, *tmp;
2aeb9a1a 2538 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2539 struct hci_request req;
2aeb9a1a
JH		 2540 int err, found;
2541
bdb6d971 2542 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2543
09fd0de5 2544 hci_dev_lock(hdev);
2aeb9a1a 2545
0cab9c80 2546 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2548 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2549 goto unlock;
2550 }
2551
2aeb9a1a 2552 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2553 hci_uuids_clear(hdev);
4004b6d9 2554
24b78d0f 2555 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2556 err = mgmt_cmd_complete(sk, hdev->id,
2557 MGMT_OP_REMOVE_UUID,
2558 0, hdev->dev_class, 3);
24b78d0f
JH		 2559 goto unlock;
2560 }
4004b6d9 2561
9246a869 2562 goto update_class;
2aeb9a1a
JH		 2563 }
2564
2565 found = 0;
2566
056341c8 2567 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2568 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2569 continue;
2570
2571 list_del(&match->list);
482049f7 2572 kfree(match);
2aeb9a1a
JH		 2573 found++;
2574 }
2575
2576 if (found == 0) {
a69e8375
JH		 2577 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2578 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2579 goto unlock;
2580 }
2581
9246a869 2582update_class:
890ea898 2583 hci_req_init(&req, hdev);
1aff6f09 2584
890ea898
JH		 2585 update_class(&req);
2586 update_eir(&req);
2587
92da6097
JH		 2588 err = hci_req_run(&req, remove_uuid_complete);
2589 if (err < 0) {
2590 if (err != -ENODATA)
2591 goto unlock;
80a1e1db 2592
2a1afb5a
JH		 2593 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2594 hdev->dev_class, 3);
90e70454
JH		 2595 goto unlock;
2596 }
2597
2598 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2599 if (!cmd) {
90e70454 2600 err = -ENOMEM;
890ea898
JH		 2601 goto unlock;
2602 }
2603
2604 err = 0;
2aeb9a1a
JH		 2605
2606unlock:
09fd0de5 2607 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2608 return err;
2609}
2610
1904a853 2611static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2612{
2613 BT_DBG("status 0x%02x", status);
2614
2615 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2616}
2617
bdb6d971 2618static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2619 u16 len)
1aff6f09 2620{
650f726d 2621 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2622 struct mgmt_pending_cmd *cmd;
890ea898 2623 struct hci_request req;
1aff6f09
JH		 2624 int err;
2625
bdb6d971 2626 BT_DBG("request for %s", hdev->name);
1aff6f09 2627
6203fc98 2628 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2629 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2630 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2631
0cab9c80 2632 hci_dev_lock(hdev);
ee98f473 2633
0cab9c80 2634 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2635 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2636 MGMT_STATUS_BUSY);
0cab9c80
JH		 2637 goto unlock;
2638 }
c95f0ba7 2639
0cab9c80 2640 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2641 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2642 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2643 goto unlock;
2644 }
575b3a02 2645
932f5ff5
JH		 2646 hdev->major_class = cp->major;
2647 hdev->minor_class = cp->minor;
2648
b5235a65 2649 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2650 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2651 hdev->dev_class, 3);
b5235a65
JH		 2652 goto unlock;
2653 }
2654
890ea898
JH		 2655 hci_req_init(&req, hdev);
2656
a69d8927 2657 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2658 hci_dev_unlock(hdev);
2659 cancel_delayed_work_sync(&hdev->service_cache);
2660 hci_dev_lock(hdev);
890ea898 2661 update_eir(&req);
7d78525d 2662 }
14c0b608 2663
890ea898
JH		 2664 update_class(&req);
2665
92da6097
JH		 2666 err = hci_req_run(&req, set_class_complete);
2667 if (err < 0) {
2668 if (err != -ENODATA)
2669 goto unlock;
1aff6f09 2670
2a1afb5a
JH		 2671 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2672 hdev->dev_class, 3);
90e70454
JH		 2673 goto unlock;
2674 }
2675
2676 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2677 if (!cmd) {
90e70454 2678 err = -ENOMEM;
890ea898
JH		 2679 goto unlock;
2680 }
2681
2682 err = 0;
1aff6f09 2683
b5235a65 2684unlock:
09fd0de5 2685 hci_dev_unlock(hdev);
1aff6f09
JH		 2686 return err;
2687}
2688
bdb6d971 2689static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2690 u16 len)
55ed8ca1 2691{
650f726d 2692 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2693 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2694 sizeof(struct mgmt_link_key_info));
4e51eae9 2695 u16 key_count, expected_len;
b1de97d8 2696 bool changed;
a492cd52 2697 int i;
55ed8ca1 2698
9060d5cf
MH		 2699 BT_DBG("request for %s", hdev->name);
2700
2701 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2703 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2704
1f350c87 2705 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2706 if (key_count > max_key_count) {
2707 BT_ERR("load_link_keys: too big key_count value %u",
2708 key_count);
a69e8375
JH		 2709 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2710 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2711 }
55ed8ca1 2712
86742e1e
JH		 2713 expected_len = sizeof(*cp) + key_count *
2714 sizeof(struct mgmt_link_key_info);
a492cd52 2715 if (expected_len != len) {
86742e1e 2716 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2717 expected_len, len);
a69e8375
JH		 2718 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2719 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2720 }
2721
4ae14301 2722 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2723 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2724 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2725
bdb6d971 2726 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2727 key_count);
55ed8ca1 2728
4ee71b20
JH		 2729 for (i = 0; i < key_count; i++) {
2730 struct mgmt_link_key_info *key = &cp->keys[i];
2731
8e991132 2732 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2733 return mgmt_cmd_status(sk, hdev->id,
2734 MGMT_OP_LOAD_LINK_KEYS,
2735 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2736 }
2737
09fd0de5 2738 hci_dev_lock(hdev);
55ed8ca1
JH		 2739
2740 hci_link_keys_clear(hdev);
2741
55ed8ca1 2742 if (cp->debug_keys)
238be788 2743 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2744 else
a69d8927
MH		 2745 changed = hci_dev_test_and_clear_flag(hdev,
2746 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2747
2748 if (changed)
2749 new_settings(hdev, NULL);
55ed8ca1 2750
a492cd52 2751 for (i = 0; i < key_count; i++) {
86742e1e 2752 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2753
58e9293c
JH		 2754 /* Always ignore debug keys and require a new pairing if
2755 * the user wants to use them.
2756 */
2757 if (key->type == HCI_LK_DEBUG_COMBINATION)
2758 continue;
2759
7652ff6a
JH		 2760 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2761 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2762 }
2763
2a1afb5a 2764 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2765
09fd0de5 2766 hci_dev_unlock(hdev);
55ed8ca1 2767
a492cd52 2768 return 0;
55ed8ca1
JH		 2769}
2770
b1078ad0 2771static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2772 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2773{
2774 struct mgmt_ev_device_unpaired ev;
2775
2776 bacpy(&ev.addr.bdaddr, bdaddr);
2777 ev.addr.type = addr_type;
2778
2779 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2780 skip_sk);
b1078ad0
JH		 2781}
2782
bdb6d971 2783static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2784 u16 len)
55ed8ca1 2785{
124f6e35
JH		 2786 struct mgmt_cp_unpair_device *cp = data;
2787 struct mgmt_rp_unpair_device rp;
a8a1d19e 2788 struct hci_cp_disconnect dc;
3b0602cd 2789 struct mgmt_pending_cmd *cmd;
55ed8ca1 2790 struct hci_conn *conn;
55ed8ca1
JH		 2791 int err;
2792
a8a1d19e 2793 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2794 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2795 rp.addr.type = cp->addr.type;
a8a1d19e 2796
4ee71b20 2797 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2798 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2799 MGMT_STATUS_INVALID_PARAMS,
2800 &rp, sizeof(rp));
4ee71b20 2801
118da70b 2802 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2803 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2804 MGMT_STATUS_INVALID_PARAMS,
2805 &rp, sizeof(rp));
118da70b 2806
4ee71b20
JH		 2807 hci_dev_lock(hdev);
2808
86a8cfc6 2809 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2810 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2811 MGMT_STATUS_NOT_POWERED, &rp,
2812 sizeof(rp));
86a8cfc6
JH		 2813 goto unlock;
2814 }
2815
e0b2b27e 2816 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2817 /* If disconnection is requested, then look up the
2818 * connection. If the remote device is connected, it
2819 * will be later used to terminate the link.
2820 *
2821 * Setting it to NULL explicitly will cause no
2822 * termination of the link.
2823 */
2824 if (cp->disconnect)
2825 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2826 &cp->addr.bdaddr);
2827 else
2828 conn = NULL;
2829
124f6e35 2830 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2831 } else {
2832 u8 addr_type;
2833
89cbb063
AA		 2834 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2835 &cp->addr.bdaddr);
2836 if (conn) {
2837 /* Defer clearing up the connection parameters
2838 * until closing to give a chance of keeping
2839 * them if a repairing happens.
2840 */
2841 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2842
2843 /* If disconnection is not requested, then
2844 * clear the connection variable so that the
2845 * link is not terminated.
2846 */
2847 if (!cp->disconnect)
2848 conn = NULL;
2849 }
2850
e0b2b27e
JH		 2851 if (cp->addr.type == BDADDR_LE_PUBLIC)
2852 addr_type = ADDR_LE_DEV_PUBLIC;
2853 else
2854 addr_type = ADDR_LE_DEV_RANDOM;
2855
a7ec7338
JH		 2856 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2857
e0b2b27e
JH		 2858 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2859 }
b0dbfb46 2860
55ed8ca1 2861 if (err < 0) {
2a1afb5a
JH		 2862 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2863 MGMT_STATUS_NOT_PAIRED, &rp,
2864 sizeof(rp));
55ed8ca1
JH		 2865 goto unlock;
2866 }
2867
89cbb063
AA		 2868 /* If the connection variable is set, then termination of the
2869 * link is requested.
2870 */
a8a1d19e 2871 if (!conn) {
2a1afb5a
JH		 2872 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2873 &rp, sizeof(rp));
b1078ad0 2874 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2875 goto unlock;
2876 }
55ed8ca1 2877
124f6e35 2878 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2879 sizeof(*cp));
a8a1d19e
JH		 2880 if (!cmd) {
2881 err = -ENOMEM;
2882 goto unlock;
55ed8ca1
JH		 2883 }
2884
d8b7b1e4
JH		 2885 cmd->cmd_complete = addr_cmd_complete;
2886
eb55ef07 2887 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2888 dc.reason = 0x13; /* Remote User Terminated Connection */
2889 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2890 if (err < 0)
2891 mgmt_pending_remove(cmd);
2892
55ed8ca1 2893unlock:
09fd0de5 2894 hci_dev_unlock(hdev);
55ed8ca1
JH		 2895 return err;
2896}
2897
bdb6d971 2898static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2899 u16 len)
8962ee74 2900{
650f726d 2901 struct mgmt_cp_disconnect *cp = data;
06a63b19 2902 struct mgmt_rp_disconnect rp;
3b0602cd 2903 struct mgmt_pending_cmd *cmd;
8962ee74 2904 struct hci_conn *conn;
8962ee74
JH		 2905 int err;
2906
2907 BT_DBG("");
2908
06a63b19
JH		 2909 memset(&rp, 0, sizeof(rp));
2910 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2911 rp.addr.type = cp->addr.type;
2912
4ee71b20 2913 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2914 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2915 MGMT_STATUS_INVALID_PARAMS,
2916 &rp, sizeof(rp));
4ee71b20 2917
09fd0de5 2918 hci_dev_lock(hdev);
8962ee74
JH		 2919
2920 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2921 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2922 MGMT_STATUS_NOT_POWERED, &rp,
2923 sizeof(rp));
8962ee74
JH		 2924 goto failed;
2925 }
2926
2e58ef3e 2927 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2928 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2929 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2930 goto failed;
2931 }
2932
591f47f3 2933 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2934 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2935 &cp->addr.bdaddr);
88c3df13
JH		 2936 else
2937 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2938
f960727e 2939 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2940 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2941 MGMT_STATUS_NOT_CONNECTED, &rp,
2942 sizeof(rp));
8962ee74
JH		 2943 goto failed;
2944 }
2945
2e58ef3e 2946 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2947 if (!cmd) {
2948 err = -ENOMEM;
8962ee74 2949 goto failed;
366a0336 2950 }
8962ee74 2951
f5818c22
JH		 2952 cmd->cmd_complete = generic_cmd_complete;
2953
e3f2f92a 2954 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2955 if (err < 0)
a664b5bc 2956 mgmt_pending_remove(cmd);
8962ee74
JH		 2957
2958failed:
09fd0de5 2959 hci_dev_unlock(hdev);
8962ee74
JH		 2960 return err;
2961}
2962
57c1477c 2963static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2964{
2965 switch (link_type) {
2966 case LE_LINK:
48264f06
JH		 2967 switch (addr_type) {
2968 case ADDR_LE_DEV_PUBLIC:
591f47f3 2969 return BDADDR_LE_PUBLIC;
0ed09148 2970
48264f06 2971 default:
0ed09148 2972 /* Fallback to LE Random address type */
591f47f3 2973 return BDADDR_LE_RANDOM;
48264f06 2974 }
0ed09148 2975
4c659c39 2976 default:
0ed09148 2977 /* Fallback to BR/EDR type */
591f47f3 2978 return BDADDR_BREDR;
4c659c39
JH		 2979 }
2980}
2981
04124681
GP		 2982static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2983 u16 data_len)
2784eb41 2984{
2784eb41 2985 struct mgmt_rp_get_connections *rp;
8035ded4 2986 struct hci_conn *c;
a38528f1 2987 size_t rp_len;
60fc5fb6
JH		 2988 int err;
2989 u16 i;
2784eb41
JH		 2990
2991 BT_DBG("");
2992
09fd0de5 2993 hci_dev_lock(hdev);
2784eb41 2994
5f97c1df 2995 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2996 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2997 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2998 goto unlock;
2999 }
3000
60fc5fb6 3001 i = 0;
b644ba33
JH		 3002 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3003 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3004 i++;
2784eb41
JH		 3005 }
3006
60fc5fb6 3007 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3008 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3009 if (!rp) {
2784eb41
JH		 3010 err = -ENOMEM;
3011 goto unlock;
3012 }
3013
2784eb41 3014 i = 0;
4c659c39 3015 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3016 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3017 continue;
4c659c39 3018 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3019 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3020 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3021 continue;
3022 i++;
3023 }
3024
eb55ef07 3025 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3026
4c659c39
JH		 3027 /* Recalculate length in case of filtered SCO connections, etc */
3028 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3029
2a1afb5a
JH		 3030 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3031 rp_len);
2784eb41 3032
a38528f1 3033 kfree(rp);
5f97c1df
JH		 3034
3035unlock:
09fd0de5 3036 hci_dev_unlock(hdev);
2784eb41
JH		 3037 return err;
3038}
3039
bdb6d971 3040static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3041 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3042{
3b0602cd 3043 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3044 int err;
3045
2e58ef3e 3046 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3047 sizeof(*cp));
96d97a67
WR		 3048 if (!cmd)
3049 return -ENOMEM;
3050
d8457698 3051 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3052 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3053 if (err < 0)
3054 mgmt_pending_remove(cmd);
3055
3056 return err;
3057}
3058
bdb6d971 3059static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3060 u16 len)
980e1a53 3061{
96d97a67 3062 struct hci_conn *conn;
650f726d 3063 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3064 struct hci_cp_pin_code_reply reply;
3b0602cd 3065 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3066 int err;
3067
3068 BT_DBG("");
3069
09fd0de5 3070 hci_dev_lock(hdev);
980e1a53 3071
4b34ee78 3072 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3073 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3074 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3075 goto failed;
3076 }
3077
d8457698 3078 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3079 if (!conn) {
a69e8375
JH		 3080 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3081 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3082 goto failed;
3083 }
3084
3085 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3086 struct mgmt_cp_pin_code_neg_reply ncp;
3087
3088 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3089
3090 BT_ERR("PIN code is not 16 bytes long");
3091
bdb6d971 3092 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3093 if (err >= 0)
a69e8375
JH		 3094 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3095 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3096
3097 goto failed;
3098 }
3099
00abfe44 3100 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3101 if (!cmd) {
3102 err = -ENOMEM;
980e1a53 3103 goto failed;
366a0336 3104 }
980e1a53 3105
7776d1d8
JH		 3106 cmd->cmd_complete = addr_cmd_complete;
3107
d8457698 3108 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3109 reply.pin_len = cp->pin_len;
24718ca5 3110 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3111
3112 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3113 if (err < 0)
a664b5bc 3114 mgmt_pending_remove(cmd);
980e1a53
JH		 3115
3116failed:
09fd0de5 3117 hci_dev_unlock(hdev);
980e1a53
JH		 3118 return err;
3119}
3120
04124681
GP		 3121static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3122 u16 len)
17fa4b9d 3123{
650f726d 3124 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3125
3126 BT_DBG("");
3127
4ec86d4c 3128 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3129 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3130 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3131
09fd0de5 3132 hci_dev_lock(hdev);
17fa4b9d
JH		 3133
3134 hdev->io_capability = cp->io_capability;
3135
3136 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3137 hdev->io_capability);
17fa4b9d 3138
09fd0de5 3139 hci_dev_unlock(hdev);
17fa4b9d 3140
2a1afb5a
JH		 3141 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3142 NULL, 0);
17fa4b9d
JH		 3143}
3144
3b0602cd 3145static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3146{
3147 struct hci_dev *hdev = conn->hdev;
3b0602cd 3148 struct mgmt_pending_cmd *cmd;
e9a416b5 3149
2e58ef3e 3150 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3151 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3152 continue;
3153
e9a416b5
JH		 3154 if (cmd->user_data != conn)
3155 continue;
3156
3157 return cmd;
3158 }
3159
3160 return NULL;
3161}
3162
3b0602cd 3163static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3164{
3165 struct mgmt_rp_pair_device rp;
3166 struct hci_conn *conn = cmd->user_data;
9df74653 3167 int err;
e9a416b5 3168
61b1a7fb
JH		 3169 bacpy(&rp.addr.bdaddr, &conn->dst);
3170 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3171
2a1afb5a
JH		 3172 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3173 status, &rp, sizeof(rp));
e9a416b5
JH		 3174
3175 /* So we don't get further callbacks for this connection */
3176 conn->connect_cfm_cb = NULL;
3177 conn->security_cfm_cb = NULL;
3178 conn->disconn_cfm_cb = NULL;
3179
76a68ba0 3180 hci_conn_drop(conn);
89cbb063
AA		 3181
3182 /* The device is paired so there is no need to remove
3183 * its connection parameters anymore.
3184 */
3185 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3186
3187 hci_conn_put(conn);
9df74653
JH		 3188
3189 return err;
e9a416b5
JH		 3190}
3191
f4a407be
JH		 3192void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3193{
3194 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3195 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3196
3197 cmd = find_pairing(conn);
a511b35b 3198 if (cmd) {
04ab2749 3199 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3200 mgmt_pending_remove(cmd);
3201 }
f4a407be
JH		 3202}
3203
e9a416b5
JH		 3204static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3205{
3b0602cd 3206 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3207
3208 BT_DBG("status %u", status);
3209
3210 cmd = find_pairing(conn);
a511b35b 3211 if (!cmd) {
e9a416b5 3212 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3213 return;
3214 }
3215
3216 cmd->cmd_complete(cmd, mgmt_status(status));
3217 mgmt_pending_remove(cmd);
e9a416b5
JH		 3218}
3219
f4a407be 3220static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3221{
3b0602cd 3222 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3223
3224 BT_DBG("status %u", status);
3225
3226 if (!status)
3227 return;
3228
3229 cmd = find_pairing(conn);
a511b35b 3230 if (!cmd) {
4c47d739 3231 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3232 return;
3233 }
3234
3235 cmd->cmd_complete(cmd, mgmt_status(status));
3236 mgmt_pending_remove(cmd);
4c47d739
VA		 3237}
3238
bdb6d971 3239static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3240 u16 len)
e9a416b5 3241{
650f726d 3242 struct mgmt_cp_pair_device *cp = data;
1425acb7 3243 struct mgmt_rp_pair_device rp;
3b0602cd 3244 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3245 u8 sec_level, auth_type;
3246 struct hci_conn *conn;
e9a416b5
JH		 3247 int err;
3248
3249 BT_DBG("");
3250
f950a30e
SJ		 3251 memset(&rp, 0, sizeof(rp));
3252 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3253 rp.addr.type = cp->addr.type;
3254
4ee71b20 3255 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3256 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3257 MGMT_STATUS_INVALID_PARAMS,
3258 &rp, sizeof(rp));
4ee71b20 3259
4ec86d4c 3260 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3261 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3262 MGMT_STATUS_INVALID_PARAMS,
3263 &rp, sizeof(rp));
4ec86d4c 3264
09fd0de5 3265 hci_dev_lock(hdev);
e9a416b5 3266
5f97c1df 3267 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3268 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3269 MGMT_STATUS_NOT_POWERED, &rp,
3270 sizeof(rp));
5f97c1df
JH		 3271 goto unlock;
3272 }
3273
55e76b38
JH		 3274 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3275 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3276 MGMT_STATUS_ALREADY_PAIRED, &rp,
3277 sizeof(rp));
3278 goto unlock;
3279 }
3280
c908df36 3281 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3282 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3283
6f77d8c7 3284 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3285 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3286 auth_type);
6f77d8c7
AG		 3287 } else {
3288 u8 addr_type;
3289
3290 /* Convert from L2CAP channel address type to HCI address type
3291 */
3292 if (cp->addr.type == BDADDR_LE_PUBLIC)
3293 addr_type = ADDR_LE_DEV_PUBLIC;
3294 else
3295 addr_type = ADDR_LE_DEV_RANDOM;
3296
7c264b10
MH		 3297 /* When pairing a new device, it is expected to remember
3298 * this device for future connections. Adding the connection
3299 * parameter information ahead of time allows tracking
3300 * of the slave preferred values and will speed up any
3301 * further connection establishment.
3302 *
3303 * If connection parameters already exist, then they
3304 * will be kept and this function does nothing.
3305 */
3306 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3307
6f77d8c7 3308 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3309 sec_level, HCI_LE_CONN_TIMEOUT,
3310 HCI_ROLE_MASTER);
6f77d8c7 3311 }
7a512d01 3312
30e76272 3313 if (IS_ERR(conn)) {
489dc48e
AK		 3314 int status;
3315
3316 if (PTR_ERR(conn) == -EBUSY)
3317 status = MGMT_STATUS_BUSY;
faa81030
LR		 3318 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3319 status = MGMT_STATUS_NOT_SUPPORTED;
3320 else if (PTR_ERR(conn) == -ECONNREFUSED)
3321 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3322 else
3323 status = MGMT_STATUS_CONNECT_FAILED;
3324
2a1afb5a
JH		 3325 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3326 status, &rp, sizeof(rp));
e9a416b5
JH		 3327 goto unlock;
3328 }
3329
3330 if (conn->connect_cfm_cb) {
76a68ba0 3331 hci_conn_drop(conn);
2a1afb5a
JH		 3332 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3333 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3334 goto unlock;
3335 }
3336
2e58ef3e 3337 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3338 if (!cmd) {
3339 err = -ENOMEM;
76a68ba0 3340 hci_conn_drop(conn);
e9a416b5
JH		 3341 goto unlock;
3342 }
3343
04ab2749
JH		 3344 cmd->cmd_complete = pairing_complete;
3345
7a512d01 3346 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3347 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3348 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3349 conn->security_cfm_cb = pairing_complete_cb;
3350 conn->disconn_cfm_cb = pairing_complete_cb;
3351 } else {
3352 conn->connect_cfm_cb = le_pairing_complete_cb;
3353 conn->security_cfm_cb = le_pairing_complete_cb;
3354 conn->disconn_cfm_cb = le_pairing_complete_cb;
3355 }
7a512d01 3356
e9a416b5 3357 conn->io_capability = cp->io_cap;
f8aaf9b6 3358 cmd->user_data = hci_conn_get(conn);
e9a416b5 3359
6f78fd4b 3360 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3361 hci_conn_security(conn, sec_level, auth_type, true)) {
3362 cmd->cmd_complete(cmd, 0);
3363 mgmt_pending_remove(cmd);
3364 }
e9a416b5
JH		 3365
3366 err = 0;
3367
3368unlock:
09fd0de5 3369 hci_dev_unlock(hdev);
e9a416b5
JH		 3370 return err;
3371}
3372
04124681
GP		 3373static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3374 u16 len)
28424707 3375{
0f4e68cf 3376 struct mgmt_addr_info *addr = data;
3b0602cd 3377 struct mgmt_pending_cmd *cmd;
28424707
JH		 3378 struct hci_conn *conn;
3379 int err;
3380
3381 BT_DBG("");
3382
28424707
JH		 3383 hci_dev_lock(hdev);
3384
5f97c1df 3385 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3386 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3387 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3388 goto unlock;
3389 }
3390
28424707
JH		 3391 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3392 if (!cmd) {
a69e8375
JH		 3393 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3394 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3395 goto unlock;
3396 }
3397
3398 conn = cmd->user_data;
3399
3400 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3401 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3402 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3403 goto unlock;
3404 }
3405
a511b35b
JH		 3406 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3407 mgmt_pending_remove(cmd);
28424707 3408
2a1afb5a
JH		 3409 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3410 addr, sizeof(*addr));
28424707
JH		 3411unlock:
3412 hci_dev_unlock(hdev);
28424707
JH		 3413 return err;
3414}
3415
bdb6d971 3416static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3417 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3418 u16 hci_op, __le32 passkey)
a5c29683 3419{
3b0602cd 3420 struct mgmt_pending_cmd *cmd;
0df4c185 3421 struct hci_conn *conn;
a5c29683
JH		 3422 int err;
3423
09fd0de5 3424 hci_dev_lock(hdev);
08ba5382 3425
4b34ee78 3426 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3427 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3428 MGMT_STATUS_NOT_POWERED, addr,
3429 sizeof(*addr));
0df4c185 3430 goto done;
a5c29683
JH		 3431 }
3432
1707c60e
JH		 3433 if (addr->type == BDADDR_BREDR)
3434 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3435 else
1707c60e 3436 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3437
3438 if (!conn) {
2a1afb5a
JH		 3439 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3440 MGMT_STATUS_NOT_CONNECTED, addr,
3441 sizeof(*addr));
272d90df
JH		 3442 goto done;
3443 }
47c15e2b 3444
1707c60e 3445 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3446 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3447 if (!err)
2a1afb5a
JH		 3448 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3449 MGMT_STATUS_SUCCESS, addr,
3450 sizeof(*addr));
5fe57d9e 3451 else
2a1afb5a
JH		 3452 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3453 MGMT_STATUS_FAILED, addr,
3454 sizeof(*addr));
47c15e2b 3455
47c15e2b
BG		 3456 goto done;
3457 }
3458
1707c60e 3459 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3460 if (!cmd) {
3461 err = -ENOMEM;
0df4c185 3462 goto done;
a5c29683
JH		 3463 }
3464
7776d1d8
JH		 3465 cmd->cmd_complete = addr_cmd_complete;
3466
0df4c185 3467 /* Continue with pairing via HCI */
604086b7
BG		 3468 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3469 struct hci_cp_user_passkey_reply cp;
3470
1707c60e 3471 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3472 cp.passkey = passkey;
3473 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3474 } else
1707c60e
JH		 3475 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3476 &addr->bdaddr);
604086b7 3477
a664b5bc
JH		 3478 if (err < 0)
3479 mgmt_pending_remove(cmd);
a5c29683 3480
0df4c185 3481done:
09fd0de5 3482 hci_dev_unlock(hdev);
a5c29683
JH		 3483 return err;
3484}
3485
afeb019d
JK		 3486static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3487 void *data, u16 len)
3488{
3489 struct mgmt_cp_pin_code_neg_reply *cp = data;
3490
3491 BT_DBG("");
3492
1707c60e 3493 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3494 MGMT_OP_PIN_CODE_NEG_REPLY,
3495 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3496}
3497
04124681
GP		 3498static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3499 u16 len)
0df4c185 3500{
650f726d 3501 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3502
3503 BT_DBG("");
3504
3505 if (len != sizeof(*cp))
a69e8375
JH		 3506 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3507 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3508
1707c60e 3509 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3510 MGMT_OP_USER_CONFIRM_REPLY,
3511 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3512}
3513
bdb6d971 3514static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3515 void *data, u16 len)
0df4c185 3516{
c9c2659f 3517 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3518
3519 BT_DBG("");
3520
1707c60e 3521 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3522 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3523 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3524}
3525
04124681
GP		 3526static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3527 u16 len)
604086b7 3528{
650f726d 3529 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3530
3531 BT_DBG("");
3532
1707c60e 3533 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3534 MGMT_OP_USER_PASSKEY_REPLY,
3535 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3536}
3537
bdb6d971 3538static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3539 void *data, u16 len)
604086b7 3540{
650f726d 3541 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3542
3543 BT_DBG("");
3544
1707c60e 3545 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3546 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3547 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3548}
3549
13928971 3550static void update_name(struct hci_request *req)
2b4bf397 3551{
13928971 3552 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3553 struct hci_cp_write_local_name cp;
3554
13928971 3555 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3556
890ea898 3557 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3558}
3559
1904a853 3560static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3561{
3562 struct mgmt_cp_set_local_name *cp;
3b0602cd 3563 struct mgmt_pending_cmd *cmd;
13928971
JH		 3564
3565 BT_DBG("status 0x%02x", status);
3566
3567 hci_dev_lock(hdev);
3568
3569 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3570 if (!cmd)
3571 goto unlock;
3572
3573 cp = cmd->param;
3574
3575 if (status)
a69e8375
JH		 3576 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3577 mgmt_status(status));
13928971 3578 else
2a1afb5a
JH		 3579 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3580 cp, sizeof(*cp));
13928971
JH		 3581
3582 mgmt_pending_remove(cmd);
3583
3584unlock:
3585 hci_dev_unlock(hdev);
3586}
3587
bdb6d971 3588static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3589 u16 len)
b312b161 3590{
2b4bf397 3591 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3592 struct mgmt_pending_cmd *cmd;
890ea898 3593 struct hci_request req;
b312b161
JH		 3594 int err;
3595
3596 BT_DBG("");
3597
09fd0de5 3598 hci_dev_lock(hdev);
b312b161 3599
b3f2ca94
JH		 3600 /* If the old values are the same as the new ones just return a
3601 * direct command complete event.
3602 */
3603 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3604 !memcmp(hdev->short_name, cp->short_name,
3605 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3606 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3607 data, len);
b3f2ca94
JH		 3608 goto failed;
3609 }
3610
2b4bf397 3611 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3612
b5235a65 3613 if (!hdev_is_powered(hdev)) {
2b4bf397 3614 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3615
2a1afb5a
JH		 3616 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3617 data, len);
28cc7bde
JH		 3618 if (err < 0)
3619 goto failed;
3620
3621 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3622 sk);
28cc7bde 3623
b5235a65
JH		 3624 goto failed;
3625 }
3626
28cc7bde 3627 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3628 if (!cmd) {
3629 err = -ENOMEM;
3630 goto failed;
3631 }
3632
13928971
JH		 3633 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3634
890ea898 3635 hci_req_init(&req, hdev);
3f985050
JH		 3636
3637 if (lmp_bredr_capable(hdev)) {
3638 update_name(&req);
3639 update_eir(&req);
3640 }
3641
7a5f4990
MH		 3642 /* The name is stored in the scan response data and so
3643 * no need to udpate the advertising data here.
3644 */
3f985050 3645 if (lmp_le_capable(hdev))
7a5f4990 3646 update_scan_rsp_data(&req);
3f985050 3647
13928971 3648 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3649 if (err < 0)
3650 mgmt_pending_remove(cmd);
3651
3652failed:
09fd0de5 3653 hci_dev_unlock(hdev);
b312b161
JH		 3654 return err;
3655}
3656
0f4e68cf 3657static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3658 void *data, u16 data_len)
c35938b2 3659{
3b0602cd 3660 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3661 int err;
3662
bdb6d971 3663 BT_DBG("%s", hdev->name);
c35938b2 3664
09fd0de5 3665 hci_dev_lock(hdev);
c35938b2 3666
4b34ee78 3667 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3668 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3669 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3670 goto unlock;
3671 }
3672
9a1a1996 3673 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3674 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3675 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3676 goto unlock;
3677 }
3678
2e58ef3e 3679 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3680 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3681 MGMT_STATUS_BUSY);
c35938b2
SJ		 3682 goto unlock;
3683 }
3684
2e58ef3e 3685 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3686 if (!cmd) {
3687 err = -ENOMEM;
3688 goto unlock;
3689 }
3690
710f11c0 3691 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3692 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3693 0, NULL);
3694 else
3695 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3696
c35938b2
SJ		 3697 if (err < 0)
3698 mgmt_pending_remove(cmd);
3699
3700unlock:
09fd0de5 3701 hci_dev_unlock(hdev);
c35938b2
SJ		 3702 return err;
3703}
3704
bdb6d971 3705static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3706 void *data, u16 len)
2763eda6 3707{
5d57e796 3708 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3709 int err;
3710
bdb6d971 3711 BT_DBG("%s ", hdev->name);
2763eda6 3712
5d57e796 3713 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3714 return mgmt_cmd_complete(sk, hdev->id,
3715 MGMT_OP_ADD_REMOTE_OOB_DATA,
3716 MGMT_STATUS_INVALID_PARAMS,
3717 addr, sizeof(*addr));
5d57e796 3718
09fd0de5 3719 hci_dev_lock(hdev);
2763eda6 3720
ec109113
MH		 3721 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3722 struct mgmt_cp_add_remote_oob_data *cp = data;
3723 u8 status;
bf1e3541 3724
c19a495c 3725 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3726 err = mgmt_cmd_complete(sk, hdev->id,
3727 MGMT_OP_ADD_REMOTE_OOB_DATA,
3728 MGMT_STATUS_INVALID_PARAMS,
3729 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3730 goto unlock;
3731 }
3732
ec109113 3733 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3734 cp->addr.type, cp->hash,
3735 cp->rand, NULL, NULL);
ec109113
MH		 3736 if (err < 0)
3737 status = MGMT_STATUS_FAILED;
3738 else
3739 status = MGMT_STATUS_SUCCESS;
3740
2a1afb5a
JH		 3741 err = mgmt_cmd_complete(sk, hdev->id,
3742 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3743 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3744 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3745 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3746 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3747 u8 status;
3748
86df9200 3749 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3750 /* Enforce zero-valued 192-bit parameters as
3751 * long as legacy SMP OOB isn't implemented.
3752 */
3753 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3754 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3755 err = mgmt_cmd_complete(sk, hdev->id,
3756 MGMT_OP_ADD_REMOTE_OOB_DATA,
3757 MGMT_STATUS_INVALID_PARAMS,
3758 addr, sizeof(*addr));
d25b78e2
JH		 3759 goto unlock;
3760 }
3761
86df9200
JH		 3762 rand192 = NULL;
3763 hash192 = NULL;
3764 } else {
41bcfd50
MH		 3765 /* In case one of the P-192 values is set to zero,
3766 * then just disable OOB data for P-192.
3767 */
3768 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3769 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3770 rand192 = NULL;
3771 hash192 = NULL;
3772 } else {
3773 rand192 = cp->rand192;
3774 hash192 = cp->hash192;
3775 }
3776 }
3777
3778 /* In case one of the P-256 values is set to zero, then just
3779 * disable OOB data for P-256.
3780 */
3781 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3782 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3783 rand256 = NULL;
3784 hash256 = NULL;
3785 } else {
3786 rand256 = cp->rand256;
3787 hash256 = cp->hash256;
86df9200
JH		 3788 }
3789
81328d5c 3790 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3791 cp->addr.type, hash192, rand192,
41bcfd50 3792 hash256, rand256);
ec109113
MH		 3793 if (err < 0)
3794 status = MGMT_STATUS_FAILED;
3795 else
3796 status = MGMT_STATUS_SUCCESS;
3797
2a1afb5a
JH		 3798 err = mgmt_cmd_complete(sk, hdev->id,
3799 MGMT_OP_ADD_REMOTE_OOB_DATA,
3800 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3801 } else {
3802 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3803 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3804 MGMT_STATUS_INVALID_PARAMS);
ec109113 3805 }
2763eda6 3806
c19a495c 3807unlock:
09fd0de5 3808 hci_dev_unlock(hdev);
2763eda6
SJ		 3809 return err;
3810}
3811
bdb6d971 3812static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3813 void *data, u16 len)
2763eda6 3814{
650f726d 3815 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3816 u8 status;
2763eda6
SJ		 3817 int err;
3818
bdb6d971 3819 BT_DBG("%s", hdev->name);
2763eda6 3820
c19a495c 3821 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3822 return mgmt_cmd_complete(sk, hdev->id,
3823 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3824 MGMT_STATUS_INVALID_PARAMS,
3825 &cp->addr, sizeof(cp->addr));
c19a495c 3826
09fd0de5 3827 hci_dev_lock(hdev);
2763eda6 3828
eedbd581
JH		 3829 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3830 hci_remote_oob_data_clear(hdev);
3831 status = MGMT_STATUS_SUCCESS;
3832 goto done;
3833 }
3834
6928a924 3835 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3836 if (err < 0)
bf1e3541 3837 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3838 else
a6785be2 3839 status = MGMT_STATUS_SUCCESS;
bf1e3541 3840
eedbd581 3841done:
2a1afb5a
JH		 3842 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3843 status, &cp->addr, sizeof(cp->addr));
2763eda6 3844
09fd0de5 3845 hci_dev_unlock(hdev);
2763eda6
SJ		 3846 return err;
3847}
3848
8019044d 3849static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3850{
8019044d
MH		 3851 struct hci_dev *hdev = req->hdev;
3852 struct hci_cp_le_set_scan_param param_cp;
3853 struct hci_cp_le_set_scan_enable enable_cp;
3854 struct hci_cp_inquiry inq_cp;
3855 /* General inquiry access code (GIAC) */
3856 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3857 u8 own_addr_type;
41dc2bd6
AG		 3858 int err;
3859
8019044d
MH		 3860 switch (hdev->discovery.type) {
3861 case DISCOV_TYPE_BREDR:
3862 *status = mgmt_bredr_support(hdev);
3863 if (*status)
3864 return false;
41dc2bd6 3865
8019044d
MH		 3866 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3867 *status = MGMT_STATUS_BUSY;
3868 return false;
3869 }
41dc2bd6 3870
8019044d 3871 hci_inquiry_cache_flush(hdev);
41dc2bd6 3872
8019044d
MH		 3873 memset(&inq_cp, 0, sizeof(inq_cp));
3874 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3875 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3876 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3877 break;
41dc2bd6 3878
8019044d
MH		 3879 case DISCOV_TYPE_LE:
3880 case DISCOV_TYPE_INTERLEAVED:
3881 *status = mgmt_le_support(hdev);
3882 if (*status)
3883 return false;
3884
3885 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
d7a5a11d 3886 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
8019044d
MH		 3887 *status = MGMT_STATUS_NOT_SUPPORTED;
3888 return false;
3889 }
3890
d7a5a11d 3891 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
8019044d
MH		 3892 /* Don't let discovery abort an outgoing
3893 * connection attempt that's using directed
3894 * advertising.
3895 */
3896 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3897 BT_CONNECT)) {
3898 *status = MGMT_STATUS_REJECTED;
3899 return false;
3900 }
3901
3902 disable_advertising(req);
3903 }
3904
3905 /* If controller is scanning, it means the background scanning
3906 * is running. Thus, we should temporarily stop it in order to
3907 * set the discovery scanning parameters.
3908 */
d7a5a11d 3909 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8019044d
MH		 3910 hci_req_add_le_scan_disable(req);
3911
3912 memset(&param_cp, 0, sizeof(param_cp));
3913
3914 /* All active scans will be done with either a resolvable
3915 * private address (when privacy feature has been enabled)
9437d2ed 3916 * or non-resolvable private address.
8019044d
MH		 3917 */
3918 err = hci_update_random_address(req, true, &own_addr_type);
3919 if (err < 0) {
3920 *status = MGMT_STATUS_FAILED;
3921 return false;
3922 }
3923
3924 param_cp.type = LE_SCAN_ACTIVE;
3925 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3926 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3927 param_cp.own_address_type = own_addr_type;
3928 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3929 &param_cp);
3930
3931 memset(&enable_cp, 0, sizeof(enable_cp));
3932 enable_cp.enable = LE_SCAN_ENABLE;
3933 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3934 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3935 &enable_cp);
3936 break;
3937
3938 default:
3939 *status = MGMT_STATUS_INVALID_PARAMS;
3940 return false;
3941 }
3942
3943 return true;
41dc2bd6
AG		 3944}
3945
1904a853
MH		 3946static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3947 u16 opcode)
7c307720 3948{
3b0602cd 3949 struct mgmt_pending_cmd *cmd;
11e6e25d 3950 unsigned long timeout;
ae55f598 3951
7c307720
AG		 3952 BT_DBG("status %d", status);
3953
11e6e25d 3954 hci_dev_lock(hdev);
41dc2bd6 3955
11e6e25d 3956 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3957 if (!cmd)
3958 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3959
11e6e25d 3960 if (cmd) {
2922a94f 3961 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3962 mgmt_pending_remove(cmd);
3963 }
7c307720
AG		 3964
3965 if (status) {
11e6e25d
MH		 3966 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3967 goto unlock;
7c307720
AG		 3968 }
3969
7c307720 3970 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3971
2d28cfe7
JP		 3972 /* If the scan involves LE scan, pick proper timeout to schedule
3973 * hdev->le_scan_disable that will stop it.
3974 */
7c307720
AG		 3975 switch (hdev->discovery.type) {
3976 case DISCOV_TYPE_LE:
3d5a76f0 3977 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3978 break;
7c307720 3979 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3980 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3981 break;
7c307720 3982 case DISCOV_TYPE_BREDR:
11e6e25d 3983 timeout = 0;
7c307720 3984 break;
7c307720
AG		 3985 default:
3986 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3987 timeout = 0;
3988 break;
7c307720 3989 }
ae55f598 3990
2d28cfe7
JP		 3991 if (timeout) {
3992 /* When service discovery is used and the controller has
3993 * a strict duplicate filter, it is important to remember
3994 * the start and duration of the scan. This is required
3995 * for restarting scanning during the discovery phase.
3996 */
3997 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3998 &hdev->quirks) &&
82f8b651 3999 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4000 hdev->discovery.scan_start = jiffies;
4001 hdev->discovery.scan_duration = timeout;
4002 }
4003
11e6e25d
MH		 4004 queue_delayed_work(hdev->workqueue,
4005 &hdev->le_scan_disable, timeout);
2d28cfe7 4006 }
ae55f598 4007
11e6e25d
MH		 4008unlock:
4009 hci_dev_unlock(hdev);
7c307720
AG		 4010}
4011
bdb6d971 4012static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4013 void *data, u16 len)
14a53664 4014{
650f726d 4015 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4016 struct mgmt_pending_cmd *cmd;
7c307720 4017 struct hci_request req;
8019044d 4018 u8 status;
14a53664
JH		 4019 int err;
4020
bdb6d971 4021 BT_DBG("%s", hdev->name);
14a53664 4022
09fd0de5 4023 hci_dev_lock(hdev);
14a53664 4024
4b34ee78 4025 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4026 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4027 MGMT_STATUS_NOT_POWERED,
4028 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4029 goto failed;
4030 }
4031
f5a969f2 4032 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4033 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4034 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4035 MGMT_STATUS_BUSY, &cp->type,
4036 sizeof(cp->type));
642be6c7
AG		 4037 goto failed;
4038 }
4039
2922a94f 4040 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4041 if (!cmd) {
4042 err = -ENOMEM;
4043 goto failed;
4044 }
4045
2922a94f
JH		 4046 cmd->cmd_complete = generic_cmd_complete;
4047
22078800
MH		 4048 /* Clear the discovery filter first to free any previously
4049 * allocated memory for the UUID list.
4050 */
4051 hci_discovery_filter_clear(hdev);
4052
4aab14e5 4053 hdev->discovery.type = cp->type;
da25cf6a 4054 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4055
7c307720
AG		 4056 hci_req_init(&req, hdev);
4057
8019044d 4058 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4059 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4060 status, &cp->type, sizeof(cp->type));
04106755
JH		 4061 mgmt_pending_remove(cmd);
4062 goto failed;
f39799f5 4063 }
04106755 4064
7c307720 4065 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4066 if (err < 0) {
14a53664 4067 mgmt_pending_remove(cmd);
f5a969f2
MH		 4068 goto failed;
4069 }
7c307720 4070
f5a969f2 4071 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4072
14a53664 4073failed:
09fd0de5 4074 hci_dev_unlock(hdev);
14a53664
JH		 4075 return err;
4076}
f39799f5 4077
3b0602cd
JH		 4078static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4079 u8 status)
2922a94f 4080{
2a1afb5a
JH		 4081 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4082 cmd->param, 1);
2922a94f 4083}
04106755 4084
66ea9427
JP		 4085static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4086 void *data, u16 len)
4087{
4088 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4089 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4090 struct hci_request req;
4091 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4092 u16 uuid_count, expected_len;
4093 u8 status;
4094 int err;
04106755 4095
66ea9427 4096 BT_DBG("%s", hdev->name);
e8bb6b97 4097
66ea9427 4098 hci_dev_lock(hdev);
7c307720 4099
66ea9427 4100 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4101 err = mgmt_cmd_complete(sk, hdev->id,
4102 MGMT_OP_START_SERVICE_DISCOVERY,
4103 MGMT_STATUS_NOT_POWERED,
4104 &cp->type, sizeof(cp->type));
66ea9427
JP		 4105 goto failed;
4106 }
7c307720 4107
66ea9427 4108 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4109 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4110 err = mgmt_cmd_complete(sk, hdev->id,
4111 MGMT_OP_START_SERVICE_DISCOVERY,
4112 MGMT_STATUS_BUSY, &cp->type,
4113 sizeof(cp->type));
66ea9427
JP		 4114 goto failed;
4115 }
d9483943 4116
66ea9427
JP		 4117 uuid_count = __le16_to_cpu(cp->uuid_count);
4118 if (uuid_count > max_uuid_count) {
4119 BT_ERR("service_discovery: too big uuid_count value %u",
4120 uuid_count);
2a1afb5a
JH		 4121 err = mgmt_cmd_complete(sk, hdev->id,
4122 MGMT_OP_START_SERVICE_DISCOVERY,
4123 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4124 sizeof(cp->type));
66ea9427
JP		 4125 goto failed;
4126 }
4127
4128 expected_len = sizeof(*cp) + uuid_count * 16;
4129 if (expected_len != len) {
4130 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4131 expected_len, len);
2a1afb5a
JH		 4132 err = mgmt_cmd_complete(sk, hdev->id,
4133 MGMT_OP_START_SERVICE_DISCOVERY,
4134 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4135 sizeof(cp->type));
66ea9427
JP		 4136 goto failed;
4137 }
4138
4139 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4140 hdev, data, len);
66ea9427
JP		 4141 if (!cmd) {
4142 err = -ENOMEM;
4143 goto failed;
4144 }
4145
2922a94f
JH		 4146 cmd->cmd_complete = service_discovery_cmd_complete;
4147
22078800
MH		 4148 /* Clear the discovery filter first to free any previously
4149 * allocated memory for the UUID list.
4150 */
4151 hci_discovery_filter_clear(hdev);
4152
82f8b651 4153 hdev->discovery.result_filtering = true;
66ea9427
JP		 4154 hdev->discovery.type = cp->type;
4155 hdev->discovery.rssi = cp->rssi;
4156 hdev->discovery.uuid_count = uuid_count;
4157
4158 if (uuid_count > 0) {
4159 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4160 GFP_KERNEL);
4161 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4162 err = mgmt_cmd_complete(sk, hdev->id,
4163 MGMT_OP_START_SERVICE_DISCOVERY,
4164 MGMT_STATUS_FAILED,
4165 &cp->type, sizeof(cp->type));
d9483943
JH		 4166 mgmt_pending_remove(cmd);
4167 goto failed;
4168 }
66ea9427 4169 }
d9483943 4170
66ea9427 4171 hci_req_init(&req, hdev);
5e0452c0 4172
66ea9427 4173 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4174 err = mgmt_cmd_complete(sk, hdev->id,
4175 MGMT_OP_START_SERVICE_DISCOVERY,
4176 status, &cp->type, sizeof(cp->type));
04106755
JH		 4177 mgmt_pending_remove(cmd);
4178 goto failed;
f39799f5 4179 }
3fd24153 4180
7c307720 4181 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4182 if (err < 0) {
14a53664 4183 mgmt_pending_remove(cmd);
66ea9427
JP		 4184 goto failed;
4185 }
4186
4187 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4188
4189failed:
09fd0de5 4190 hci_dev_unlock(hdev);
14a53664
JH		 4191 return err;
4192}
4193
1904a853 4194static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4195{
3b0602cd 4196 struct mgmt_pending_cmd *cmd;
1183fdca 4197
0e05bba6
AG		 4198 BT_DBG("status %d", status);
4199
4200 hci_dev_lock(hdev);
4201
11e6e25d
MH		 4202 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4203 if (cmd) {
2922a94f 4204 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4205 mgmt_pending_remove(cmd);
0e05bba6
AG		 4206 }
4207
11e6e25d
MH		 4208 if (!status)
4209 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4210
0e05bba6
AG		 4211 hci_dev_unlock(hdev);
4212}
4213
bdb6d971 4214static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4215 u16 len)
14a53664 4216{
d930650b 4217 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4218 struct mgmt_pending_cmd *cmd;
0e05bba6 4219 struct hci_request req;
14a53664
JH		 4220 int err;
4221
bdb6d971 4222 BT_DBG("%s", hdev->name);
14a53664 4223
09fd0de5 4224 hci_dev_lock(hdev);
14a53664 4225
30dc78e1 4226 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4227 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4228 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4229 sizeof(mgmt_cp->type));
d930650b
JH		 4230 goto unlock;
4231 }
4232
4233 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4234 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4235 MGMT_STATUS_INVALID_PARAMS,
4236 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4237 goto unlock;
ff9ef578
JH		 4238 }
4239
2922a94f 4240 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4241 if (!cmd) {
4242 err = -ENOMEM;
30dc78e1
JH		 4243 goto unlock;
4244 }
4245
2922a94f
JH		 4246 cmd->cmd_complete = generic_cmd_complete;
4247
0e05bba6
AG		 4248 hci_req_init(&req, hdev);
4249
21a60d30 4250 hci_stop_discovery(&req);
e0d9727e 4251
21a60d30
JH		 4252 err = hci_req_run(&req, stop_discovery_complete);
4253 if (!err) {
4254 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4255 goto unlock;
14a53664
JH		 4256 }
4257
21a60d30
JH		 4258 mgmt_pending_remove(cmd);
4259
4260 /* If no HCI commands were sent we're done */
4261 if (err == -ENODATA) {
2a1afb5a
JH		 4262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4263 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4264 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4265 }
14a53664 4266
30dc78e1 4267unlock:
09fd0de5 4268 hci_dev_unlock(hdev);
14a53664
JH		 4269 return err;
4270}
4271
bdb6d971 4272static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4273 u16 len)
561aafbc 4274{
650f726d 4275 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4276 struct inquiry_entry *e;
561aafbc
JH		 4277 int err;
4278
bdb6d971 4279 BT_DBG("%s", hdev->name);
561aafbc 4280
561aafbc
JH		 4281 hci_dev_lock(hdev);
4282
30dc78e1 4283 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4284 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4285 MGMT_STATUS_FAILED, &cp->addr,
4286 sizeof(cp->addr));
30dc78e1
JH		 4287 goto failed;
4288 }
4289
a198e7b1 4290 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4291 if (!e) {
2a1afb5a
JH		 4292 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4293 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4294 sizeof(cp->addr));
561aafbc
JH		 4295 goto failed;
4296 }
4297
4298 if (cp->name_known) {
4299 e->name_state = NAME_KNOWN;
4300 list_del(&e->list);
4301 } else {
4302 e->name_state = NAME_NEEDED;
a3d4e20a 4303 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4304 }
4305
2a1afb5a
JH		 4306 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4307 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4308
4309failed:
4310 hci_dev_unlock(hdev);
561aafbc
JH		 4311 return err;
4312}
4313
bdb6d971 4314static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4315 u16 len)
7fbec224 4316{
650f726d 4317 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4318 u8 status;
7fbec224
AJ		 4319 int err;
4320
bdb6d971 4321 BT_DBG("%s", hdev->name);
7fbec224 4322
4ee71b20 4323 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4324 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4325 MGMT_STATUS_INVALID_PARAMS,
4326 &cp->addr, sizeof(cp->addr));
4ee71b20 4327
09fd0de5 4328 hci_dev_lock(hdev);
5e762444 4329
dcc36c16
JH		 4330 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4331 cp->addr.type);
2a8357f2 4332 if (err < 0) {
f0eeea8b 4333 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4334 goto done;
4335 }
4336
4337 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4338 sk);
4339 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4340
2a8357f2 4341done:
2a1afb5a
JH		 4342 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4343 &cp->addr, sizeof(cp->addr));
5e762444 4344
09fd0de5 4345 hci_dev_unlock(hdev);
7fbec224
AJ		 4346
4347 return err;
4348}
4349
bdb6d971 4350static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4351 u16 len)
7fbec224 4352{
650f726d 4353 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4354 u8 status;
7fbec224
AJ		 4355 int err;
4356
bdb6d971 4357 BT_DBG("%s", hdev->name);
7fbec224 4358
4ee71b20 4359 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4360 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4361 MGMT_STATUS_INVALID_PARAMS,
4362 &cp->addr, sizeof(cp->addr));
4ee71b20 4363
09fd0de5 4364 hci_dev_lock(hdev);
5e762444 4365
dcc36c16
JH		 4366 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4367 cp->addr.type);
2a8357f2 4368 if (err < 0) {
f0eeea8b 4369 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4370 goto done;
4371 }
4372
4373 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4374 sk);
4375 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4376
2a8357f2 4377done:
2a1afb5a
JH		 4378 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4379 &cp->addr, sizeof(cp->addr));
5e762444 4380
09fd0de5 4381 hci_dev_unlock(hdev);
7fbec224
AJ		 4382
4383 return err;
4384}
4385
cdbaccca
MH		 4386static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4387 u16 len)
4388{
4389 struct mgmt_cp_set_device_id *cp = data;
890ea898 4390 struct hci_request req;
cdbaccca 4391 int err;
c72d4b8a 4392 __u16 source;
cdbaccca
MH		 4393
4394 BT_DBG("%s", hdev->name);
4395
c72d4b8a
SJ		 4396 source = __le16_to_cpu(cp->source);
4397
4398 if (source > 0x0002)
a69e8375
JH		 4399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4400 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4401
cdbaccca
MH		 4402 hci_dev_lock(hdev);
4403
c72d4b8a 4404 hdev->devid_source = source;
cdbaccca
MH		 4405 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4406 hdev->devid_product = __le16_to_cpu(cp->product);
4407 hdev->devid_version = __le16_to_cpu(cp->version);
4408
2a1afb5a
JH		 4409 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4410 NULL, 0);
cdbaccca 4411
890ea898
JH		 4412 hci_req_init(&req, hdev);
4413 update_eir(&req);
4414 hci_req_run(&req, NULL);
cdbaccca
MH		 4415
4416 hci_dev_unlock(hdev);
4417
4418 return err;
4419}
4420
1904a853
MH		 4421static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4422 u16 opcode)
4375f103
JH		 4423{
4424 struct cmd_lookup match = { NULL, hdev };
4425
3ad67582
JK		 4426 hci_dev_lock(hdev);
4427
4375f103
JH		 4428 if (status) {
4429 u8 mgmt_err = mgmt_status(status);
4430
4431 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4432 cmd_status_rsp, &mgmt_err);
3ad67582 4433 goto unlock;
4375f103
JH		 4434 }
4435
d7a5a11d 4436 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4437 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4438 else
a358dc11 4439 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4440
4375f103
JH		 4441 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4442 &match);
4443
4444 new_settings(hdev, match.sk);
4445
4446 if (match.sk)
4447 sock_put(match.sk);
3ad67582
JK		 4448
4449unlock:
4450 hci_dev_unlock(hdev);
4375f103
JH		 4451}
4452
21b5187f
MH		 4453static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4454 u16 len)
4375f103
JH		 4455{
4456 struct mgmt_mode *cp = data;
3b0602cd 4457 struct mgmt_pending_cmd *cmd;
4375f103 4458 struct hci_request req;
cc91cb04 4459 u8 val, status;
4375f103
JH		 4460 int err;
4461
4462 BT_DBG("request for %s", hdev->name);
4463
e6fe7986
JH		 4464 status = mgmt_le_support(hdev);
4465 if (status)
a69e8375
JH		 4466 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4467 status);
4375f103 4468
cc91cb04 4469 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4470 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4471 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4472
4473 hci_dev_lock(hdev);
4474
4475 val = !!cp->val;
4375f103 4476
f74ca9b8
JH		 4477 /* The following conditions are ones which mean that we should
4478 * not do any HCI communication but directly send a mgmt
4479 * response to user space (after toggling the flag if
4480 * necessary).
4481 */
cc91cb04 4482 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4483 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4484 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4485 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4486 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4487 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4488 bool changed;
4375f103 4489
cc91cb04 4490 if (cp->val) {
238be788 4491 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4492 if (cp->val == 0x02)
a1536da2 4493 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4494 else
a358dc11 4495 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4496 } else {
a69d8927 4497 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4498 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4499 }
4500
4501 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4502 if (err < 0)
4503 goto unlock;
4504
4505 if (changed)
4506 err = new_settings(hdev, sk);
4507
4508 goto unlock;
4509 }
4510
4511 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4512 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4513 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4514 MGMT_STATUS_BUSY);
4375f103
JH		 4515 goto unlock;
4516 }
4517
4518 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4519 if (!cmd) {
4520 err = -ENOMEM;
4521 goto unlock;
4522 }
4523
4524 hci_req_init(&req, hdev);
4525
cc91cb04 4526 if (cp->val == 0x02)
a1536da2 4527 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4528 else
a358dc11 4529 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4530
bba3aa55
MH		 4531 if (val)
4532 enable_advertising(&req);
4533 else
4534 disable_advertising(&req);
4375f103
JH		 4535
4536 err = hci_req_run(&req, set_advertising_complete);
4537 if (err < 0)
4538 mgmt_pending_remove(cmd);
4539
4540unlock:
4541 hci_dev_unlock(hdev);
4542 return err;
4543}
4544
d13eafce
MH		 4545static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4546 void *data, u16 len)
4547{
4548 struct mgmt_cp_set_static_address *cp = data;
4549 int err;
4550
4551 BT_DBG("%s", hdev->name);
4552
62af4443 4553 if (!lmp_le_capable(hdev))
a69e8375
JH		 4554 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4555 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4556
4557 if (hdev_is_powered(hdev))
a69e8375
JH		 4558 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4559 MGMT_STATUS_REJECTED);
d13eafce
MH		 4560
4561 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4562 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4563 return mgmt_cmd_status(sk, hdev->id,
4564 MGMT_OP_SET_STATIC_ADDRESS,
4565 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4566
4567 /* Two most significant bits shall be set */
4568 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4569 return mgmt_cmd_status(sk, hdev->id,
4570 MGMT_OP_SET_STATIC_ADDRESS,
4571 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4572 }
4573
4574 hci_dev_lock(hdev);
4575
4576 bacpy(&hdev->static_addr, &cp->bdaddr);
4577
93690c22
MH		 4578 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4579 if (err < 0)
4580 goto unlock;
4581
4582 err = new_settings(hdev, sk);
d13eafce 4583
93690c22 4584unlock:
d13eafce 4585 hci_dev_unlock(hdev);
d13eafce
MH		 4586 return err;
4587}
4588
14b49b9a
MH		 4589static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4590 void *data, u16 len)
4591{
4592 struct mgmt_cp_set_scan_params *cp = data;
4593 __u16 interval, window;
4594 int err;
4595
4596 BT_DBG("%s", hdev->name);
4597
4598 if (!lmp_le_capable(hdev))
a69e8375
JH		 4599 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4600 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4601
4602 interval = __le16_to_cpu(cp->interval);
4603
4604 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4605 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4606 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4607
4608 window = __le16_to_cpu(cp->window);
4609
4610 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4611 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4612 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4613
899e1075 4614 if (window > interval)
a69e8375
JH		 4615 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4616 MGMT_STATUS_INVALID_PARAMS);
899e1075 4617
14b49b9a
MH		 4618 hci_dev_lock(hdev);
4619
4620 hdev->le_scan_interval = interval;
4621 hdev->le_scan_window = window;
4622
2a1afb5a
JH		 4623 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4624 NULL, 0);
14b49b9a 4625
dd2ef8e2
AG		 4626 /* If background scan is running, restart it so new parameters are
4627 * loaded.
4628 */
d7a5a11d 4629 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4630 hdev->discovery.state == DISCOVERY_STOPPED) {
4631 struct hci_request req;
4632
4633 hci_req_init(&req, hdev);
4634
4635 hci_req_add_le_scan_disable(&req);
4636 hci_req_add_le_passive_scan(&req);
4637
4638 hci_req_run(&req, NULL);
4639 }
4640
14b49b9a
MH		 4641 hci_dev_unlock(hdev);
4642
4643 return err;
4644}
4645
1904a853
MH		 4646static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4647 u16 opcode)
33e38b3e 4648{
3b0602cd 4649 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4650
4651 BT_DBG("status 0x%02x", status);
4652
4653 hci_dev_lock(hdev);
4654
4655 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4656 if (!cmd)
4657 goto unlock;
4658
4659 if (status) {
a69e8375
JH		 4660 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4661 mgmt_status(status));
33e38b3e 4662 } else {
1a4d3c4b
JH		 4663 struct mgmt_mode *cp = cmd->param;
4664
4665 if (cp->val)
a1536da2 4666 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4667 else
a358dc11 4668 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4669
33e38b3e
JH		 4670 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4671 new_settings(hdev, cmd->sk);
4672 }
4673
4674 mgmt_pending_remove(cmd);
4675
4676unlock:
4677 hci_dev_unlock(hdev);
4678}
4679
bdb6d971 4680static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4681 void *data, u16 len)
f6422ec6 4682{
650f726d 4683 struct mgmt_mode *cp = data;
3b0602cd 4684 struct mgmt_pending_cmd *cmd;
33e38b3e 4685 struct hci_request req;
f6422ec6
AJ		 4686 int err;
4687
bdb6d971 4688 BT_DBG("%s", hdev->name);
f6422ec6 4689
d7a5a11d 4690 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4691 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4692 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4693 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4694
a7e80f25 4695 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4696 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4697 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4698
f6422ec6
AJ		 4699 hci_dev_lock(hdev);
4700
05cbf29f 4701 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4702 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4703 MGMT_STATUS_BUSY);
05cbf29f
JH		 4704 goto unlock;
4705 }
4706
d7a5a11d 4707 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4708 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4709 hdev);
4710 goto unlock;
4711 }
4712
406ef2a6 4713 if (!hdev_is_powered(hdev)) {
ce05d603 4714 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4715 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4716 hdev);
4717 new_settings(hdev, sk);
4718 goto unlock;
4719 }
4720
33e38b3e
JH		 4721 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4722 data, len);
4723 if (!cmd) {
4724 err = -ENOMEM;
4725 goto unlock;
f6422ec6
AJ		 4726 }
4727
33e38b3e
JH		 4728 hci_req_init(&req, hdev);
4729
406d7804 4730 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4731
4732 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4733 if (err < 0) {
a69e8375
JH		 4734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4735 MGMT_STATUS_FAILED);
33e38b3e 4736 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4737 }
4738
33e38b3e 4739unlock:
f6422ec6 4740 hci_dev_unlock(hdev);
33e38b3e 4741
f6422ec6
AJ		 4742 return err;
4743}
4744
1904a853 4745static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4746{
3b0602cd 4747 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4748
4749 BT_DBG("status 0x%02x", status);
4750
4751 hci_dev_lock(hdev);
4752
4753 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4754 if (!cmd)
4755 goto unlock;
4756
4757 if (status) {
4758 u8 mgmt_err = mgmt_status(status);
4759
4760 /* We need to restore the flag if related HCI commands
4761 * failed.
4762 */
a358dc11 4763 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4764
a69e8375 4765 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4766 } else {
4767 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4768 new_settings(hdev, cmd->sk);
4769 }
4770
4771 mgmt_pending_remove(cmd);
4772
4773unlock:
4774 hci_dev_unlock(hdev);
4775}
4776
4777static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4778{
4779 struct mgmt_mode *cp = data;
3b0602cd 4780 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4781 struct hci_request req;
4782 int err;
4783
4784 BT_DBG("request for %s", hdev->name);
4785
4786 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4788 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4789
d7a5a11d 4790 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4791 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4792 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4793
4794 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4795 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4796 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4797
4798 hci_dev_lock(hdev);
4799
d7a5a11d 4800 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4801 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4802 goto unlock;
4803 }
4804
4805 if (!hdev_is_powered(hdev)) {
4806 if (!cp->val) {
a358dc11
MH		 4807 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4808 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4809 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4810 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4811 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4812 }
4813
ce05d603 4814 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4815
4816 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4817 if (err < 0)
4818 goto unlock;
4819
4820 err = new_settings(hdev, sk);
4821 goto unlock;
4822 }
4823
4824 /* Reject disabling when powered on */
4825 if (!cp->val) {
a69e8375
JH		 4826 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4827 MGMT_STATUS_REJECTED);
0663ca2a 4828 goto unlock;
111e4bcc
MH		 4829 } else {
4830 /* When configuring a dual-mode controller to operate
4831 * with LE only and using a static address, then switching
4832 * BR/EDR back on is not allowed.
4833 *
4834 * Dual-mode controllers shall operate with the public
4835 * address as its identity address for BR/EDR and LE. So
4836 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4837 *
4838 * The same restrictions applies when secure connections
4839 * has been enabled. For BR/EDR this is a controller feature
4840 * while for LE it is a host stack feature. This means that
4841 * switching BR/EDR back on when secure connections has been
4842 * enabled is not a supported transaction.
111e4bcc 4843 */
d7a5a11d 4844 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4845 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4846 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4847 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4848 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4849 goto unlock;
4850 }
0663ca2a
JH		 4851 }
4852
4853 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4854 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4855 MGMT_STATUS_BUSY);
0663ca2a
JH		 4856 goto unlock;
4857 }
4858
4859 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4860 if (!cmd) {
4861 err = -ENOMEM;
4862 goto unlock;
4863 }
4864
5947f4bc 4865 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4866 * generates the correct flags.
4867 */
a1536da2 4868 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4869
4870 hci_req_init(&req, hdev);
aa8af46e 4871
432df05e 4872 write_fast_connectable(&req, false);
1d2dc5b7 4873 __hci_update_page_scan(&req);
aa8af46e 4874
f14d8f64
MH		 4875 /* Since only the advertising data flags will change, there
4876 * is no need to update the scan response data.
4877 */
5947f4bc 4878 update_adv_data(&req);
aa8af46e 4879
0663ca2a
JH		 4880 err = hci_req_run(&req, set_bredr_complete);
4881 if (err < 0)
4882 mgmt_pending_remove(cmd);
4883
4884unlock:
4885 hci_dev_unlock(hdev);
4886 return err;
4887}
4888
a1443f5a
JH		 4889static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4890{
3b0602cd 4891 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4892 struct mgmt_mode *cp;
4893
4894 BT_DBG("%s status %u", hdev->name, status);
4895
4896 hci_dev_lock(hdev);
4897
4898 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4899 if (!cmd)
4900 goto unlock;
4901
4902 if (status) {
a69e8375
JH		 4903 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4904 mgmt_status(status));
a1443f5a
JH		 4905 goto remove;
4906 }
4907
4908 cp = cmd->param;
4909
4910 switch (cp->val) {
4911 case 0x00:
a358dc11
MH		 4912 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4913 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4914 break;
4915 case 0x01:
a1536da2 4916 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4917 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4918 break;
4919 case 0x02:
a1536da2
MH		 4920 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4921 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4922 break;
4923 }
4924
4925 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4926 new_settings(hdev, cmd->sk);
4927
4928remove:
4929 mgmt_pending_remove(cmd);
4930unlock:
4931 hci_dev_unlock(hdev);
4932}
4933
eac83dc6
MH		 4934static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4935 void *data, u16 len)
4936{
4937 struct mgmt_mode *cp = data;
3b0602cd 4938 struct mgmt_pending_cmd *cmd;
a1443f5a 4939 struct hci_request req;
a3209694 4940 u8 val;
eac83dc6
MH		 4941 int err;
4942
4943 BT_DBG("request for %s", hdev->name);
4944
05b3c3e7 4945 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4946 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4947 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4948 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4949
d7a5a11d 4950 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4951 lmp_sc_capable(hdev) &&
d7a5a11d 4952 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4954 MGMT_STATUS_REJECTED);
ed93ec69 4955
0ab04a9c 4956 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4957 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4958 MGMT_STATUS_INVALID_PARAMS);
4959
4960 hci_dev_lock(hdev);
4961
05b3c3e7 4962 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4963 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4964 bool changed;
4965
0ab04a9c 4966 if (cp->val) {
238be788
MH		 4967 changed = !hci_dev_test_and_set_flag(hdev,
4968 HCI_SC_ENABLED);
0ab04a9c 4969 if (cp->val == 0x02)
a1536da2 4970 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4971 else
a358dc11 4972 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4973 } else {
a69d8927
MH		 4974 changed = hci_dev_test_and_clear_flag(hdev,
4975 HCI_SC_ENABLED);
a358dc11 4976 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4977 }
eac83dc6
MH		 4978
4979 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4980 if (err < 0)
4981 goto failed;
4982
4983 if (changed)
4984 err = new_settings(hdev, sk);
4985
4986 goto failed;
4987 }
4988
4989 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4990 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4991 MGMT_STATUS_BUSY);
eac83dc6
MH		 4992 goto failed;
4993 }
4994
0ab04a9c
MH		 4995 val = !!cp->val;
4996
d7a5a11d
MH		 4997 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4998 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4999 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5000 goto failed;
5001 }
5002
5003 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5004 if (!cmd) {
5005 err = -ENOMEM;
5006 goto failed;
5007 }
5008
a1443f5a
JH		 5009 hci_req_init(&req, hdev);
5010 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5011 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5012 if (err < 0) {
5013 mgmt_pending_remove(cmd);
5014 goto failed;
5015 }
5016
5017failed:
5018 hci_dev_unlock(hdev);
5019 return err;
5020}
5021
4e39ac81
MH		 5022static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5023 void *data, u16 len)
5024{
5025 struct mgmt_mode *cp = data;
b9710979 5026 bool changed, use_changed;
4e39ac81
MH		 5027 int err;
5028
5029 BT_DBG("request for %s", hdev->name);
5030
b9710979 5031 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5032 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5033 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5034
5035 hci_dev_lock(hdev);
5036
5037 if (cp->val)
238be788 5038 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5039 else
a69d8927
MH		 5040 changed = hci_dev_test_and_clear_flag(hdev,
5041 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5042
b9710979 5043 if (cp->val == 0x02)
238be788
MH		 5044 use_changed = !hci_dev_test_and_set_flag(hdev,
5045 HCI_USE_DEBUG_KEYS);
b9710979 5046 else
a69d8927
MH		 5047 use_changed = hci_dev_test_and_clear_flag(hdev,
5048 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5049
5050 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5051 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5052 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5053 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5054 sizeof(mode), &mode);
5055 }
5056
4e39ac81
MH		 5057 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5058 if (err < 0)
5059 goto unlock;
5060
5061 if (changed)
5062 err = new_settings(hdev, sk);
5063
5064unlock:
5065 hci_dev_unlock(hdev);
5066 return err;
5067}
5068
62b04cd1
JH		 5069static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5070 u16 len)
5071{
5072 struct mgmt_cp_set_privacy *cp = cp_data;
5073 bool changed;
5074 int err;
5075
5076 BT_DBG("request for %s", hdev->name);
5077
5078 if (!lmp_le_capable(hdev))
a69e8375
JH		 5079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5080 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5081
5082 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5083 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5084 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5085
5086 if (hdev_is_powered(hdev))
a69e8375
JH		 5087 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5088 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5089
5090 hci_dev_lock(hdev);
5091
c21c0ea0
JH		 5092 /* If user space supports this command it is also expected to
5093 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5094 */
a1536da2 5095 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5096
62b04cd1 5097 if (cp->privacy) {
238be788 5098 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5099 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5100 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5101 } else {
a69d8927 5102 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5103 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5104 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5105 }
5106
5107 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5108 if (err < 0)
5109 goto unlock;
5110
5111 if (changed)
5112 err = new_settings(hdev, sk);
5113
5114unlock:
5115 hci_dev_unlock(hdev);
5116 return err;
5117}
5118
41edf160
JH		 5119static bool irk_is_valid(struct mgmt_irk_info *irk)
5120{
5121 switch (irk->addr.type) {
5122 case BDADDR_LE_PUBLIC:
5123 return true;
5124
5125 case BDADDR_LE_RANDOM:
5126 /* Two most significant bits shall be set */
5127 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5128 return false;
5129 return true;
5130 }
5131
5132 return false;
5133}
5134
5135static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5136 u16 len)
5137{
5138 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5139 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5140 sizeof(struct mgmt_irk_info));
41edf160
JH		 5141 u16 irk_count, expected_len;
5142 int i, err;
5143
5144 BT_DBG("request for %s", hdev->name);
5145
5146 if (!lmp_le_capable(hdev))
a69e8375
JH		 5147 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5148 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5149
5150 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5151 if (irk_count > max_irk_count) {
5152 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5153 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5154 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5155 }
41edf160
JH		 5156
5157 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5158 if (expected_len != len) {
5159 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5160 expected_len, len);
a69e8375
JH		 5161 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5162 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5163 }
5164
5165 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5166
5167 for (i = 0; i < irk_count; i++) {
5168 struct mgmt_irk_info *key = &cp->irks[i];
5169
5170 if (!irk_is_valid(key))
a69e8375
JH		 5171 return mgmt_cmd_status(sk, hdev->id,
5172 MGMT_OP_LOAD_IRKS,
5173 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5174 }
5175
5176 hci_dev_lock(hdev);
5177
5178 hci_smp_irks_clear(hdev);
5179
5180 for (i = 0; i < irk_count; i++) {
5181 struct mgmt_irk_info *irk = &cp->irks[i];
5182 u8 addr_type;
5183
5184 if (irk->addr.type == BDADDR_LE_PUBLIC)
5185 addr_type = ADDR_LE_DEV_PUBLIC;
5186 else
5187 addr_type = ADDR_LE_DEV_RANDOM;
5188
5189 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5190 BDADDR_ANY);
5191 }
5192
a1536da2 5193 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5194
2a1afb5a 5195 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5196
5197 hci_dev_unlock(hdev);
5198
5199 return err;
5200}
5201
3f706b72
JH		 5202static bool ltk_is_valid(struct mgmt_ltk_info *key)
5203{
5204 if (key->master != 0x00 && key->master != 0x01)
5205 return false;
490cb0b3
MH		 5206
5207 switch (key->addr.type) {
5208 case BDADDR_LE_PUBLIC:
5209 return true;
5210
5211 case BDADDR_LE_RANDOM:
5212 /* Two most significant bits shall be set */
5213 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5214 return false;
5215 return true;
5216 }
5217
5218 return false;
3f706b72
JH		 5219}
5220
bdb6d971 5221static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5222 void *cp_data, u16 len)
346af67b 5223{
346af67b 5224 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5225 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5226 sizeof(struct mgmt_ltk_info));
346af67b 5227 u16 key_count, expected_len;
715a5bf2 5228 int i, err;
346af67b 5229
cf99ba13
MH		 5230 BT_DBG("request for %s", hdev->name);
5231
5232 if (!lmp_le_capable(hdev))
a69e8375
JH		 5233 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5234 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5235
1f350c87 5236 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5237 if (key_count > max_key_count) {
5238 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5239 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5240 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5241 }
346af67b
VCG		 5242
5243 expected_len = sizeof(*cp) + key_count *
5244 sizeof(struct mgmt_ltk_info);
5245 if (expected_len != len) {
5246 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5247 expected_len, len);
a69e8375
JH		 5248 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5249 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5250 }
5251
bdb6d971 5252 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5253
54ad6d8a
JH		 5254 for (i = 0; i < key_count; i++) {
5255 struct mgmt_ltk_info *key = &cp->keys[i];
5256
3f706b72 5257 if (!ltk_is_valid(key))
a69e8375
JH		 5258 return mgmt_cmd_status(sk, hdev->id,
5259 MGMT_OP_LOAD_LONG_TERM_KEYS,
5260 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5261 }
5262
346af67b
VCG		 5263 hci_dev_lock(hdev);
5264
5265 hci_smp_ltks_clear(hdev);
5266
5267 for (i = 0; i < key_count; i++) {
5268 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5269 u8 type, addr_type, authenticated;
79d95a19
MH		 5270
5271 if (key->addr.type == BDADDR_LE_PUBLIC)
5272 addr_type = ADDR_LE_DEV_PUBLIC;
5273 else
5274 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5275
61b43357
JH		 5276 switch (key->type) {
5277 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5278 authenticated = 0x00;
23fb8de3 5279 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5280 break;
5281 case MGMT_LTK_AUTHENTICATED:
d7b25450 5282 authenticated = 0x01;
23fb8de3
JH		 5283 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5284 break;
5285 case MGMT_LTK_P256_UNAUTH:
5286 authenticated = 0x00;
5287 type = SMP_LTK_P256;
61b43357 5288 break;
23fb8de3
JH		 5289 case MGMT_LTK_P256_AUTH:
5290 authenticated = 0x01;
5291 type = SMP_LTK_P256;
61b43357 5292 break;
23fb8de3
JH		 5293 case MGMT_LTK_P256_DEBUG:
5294 authenticated = 0x00;
5295 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5296 default:
5297 continue;
5298 }
d7b25450 5299
35d70271 5300 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5301 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5302 key->rand);
346af67b
VCG		 5303 }
5304
2a1afb5a 5305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5306 NULL, 0);
5307
346af67b 5308 hci_dev_unlock(hdev);
346af67b 5309
715a5bf2 5310 return err;
346af67b
VCG		 5311}
5312
3b0602cd 5313static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5314{
dd983808 5315 struct hci_conn *conn = cmd->user_data;
9981bdb0 5316 struct mgmt_rp_get_conn_info rp;
9df74653 5317 int err;
dd983808 5318
9981bdb0 5319 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5320
9981bdb0 5321 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5322 rp.rssi = conn->rssi;
9981bdb0
JH		 5323 rp.tx_power = conn->tx_power;
5324 rp.max_tx_power = conn->max_tx_power;
5325 } else {
5326 rp.rssi = HCI_RSSI_INVALID;
5327 rp.tx_power = HCI_TX_POWER_INVALID;
5328 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5329 }
5330
2a1afb5a
JH		 5331 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5332 status, &rp, sizeof(rp));
dd983808
AK		 5333
5334 hci_conn_drop(conn);
f8aaf9b6 5335 hci_conn_put(conn);
9df74653
JH		 5336
5337 return err;
dd983808
AK		 5338}
5339
1904a853
MH		 5340static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5341 u16 opcode)
dd983808
AK		 5342{
5343 struct hci_cp_read_rssi *cp;
3b0602cd 5344 struct mgmt_pending_cmd *cmd;
dd983808 5345 struct hci_conn *conn;
dd983808 5346 u16 handle;
9981bdb0 5347 u8 status;
dd983808 5348
9981bdb0 5349 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5350
5351 hci_dev_lock(hdev);
5352
dd983808
AK		 5353 /* Commands sent in request are either Read RSSI or Read Transmit Power
5354 * Level so we check which one was last sent to retrieve connection
5355 * handle. Both commands have handle as first parameter so it's safe to
5356 * cast data on the same command struct.
5357 *
5358 * First command sent is always Read RSSI and we fail only if it fails.
5359 * In other case we simply override error to indicate success as we
5360 * already remembered if TX power value is actually valid.
5361 */
5362 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5363 if (!cp) {
5364 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5365 status = MGMT_STATUS_SUCCESS;
5366 } else {
5367 status = mgmt_status(hci_status);
dd983808
AK		 5368 }
5369
5370 if (!cp) {
9981bdb0 5371 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5372 goto unlock;
5373 }
5374
5375 handle = __le16_to_cpu(cp->handle);
5376 conn = hci_conn_hash_lookup_handle(hdev, handle);
5377 if (!conn) {
9981bdb0 5378 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5379 goto unlock;
5380 }
5381
9981bdb0
JH		 5382 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5383 if (!cmd)
5384 goto unlock;
dd983808 5385
9981bdb0
JH		 5386 cmd->cmd_complete(cmd, status);
5387 mgmt_pending_remove(cmd);
dd983808
AK		 5388
5389unlock:
5390 hci_dev_unlock(hdev);
5391}
5392
5393static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5394 u16 len)
5395{
5396 struct mgmt_cp_get_conn_info *cp = data;
5397 struct mgmt_rp_get_conn_info rp;
5398 struct hci_conn *conn;
5399 unsigned long conn_info_age;
5400 int err = 0;
5401
5402 BT_DBG("%s", hdev->name);
5403
5404 memset(&rp, 0, sizeof(rp));
5405 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5406 rp.addr.type = cp->addr.type;
5407
5408 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5409 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5410 MGMT_STATUS_INVALID_PARAMS,
5411 &rp, sizeof(rp));
dd983808
AK		 5412
5413 hci_dev_lock(hdev);
5414
5415 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5416 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5417 MGMT_STATUS_NOT_POWERED, &rp,
5418 sizeof(rp));
dd983808
AK		 5419 goto unlock;
5420 }
5421
5422 if (cp->addr.type == BDADDR_BREDR)
5423 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5424 &cp->addr.bdaddr);
5425 else
5426 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5427
5428 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5429 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5430 MGMT_STATUS_NOT_CONNECTED, &rp,
5431 sizeof(rp));
dd983808
AK		 5432 goto unlock;
5433 }
5434
9981bdb0 5435 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5436 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5437 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5438 goto unlock;
5439 }
5440
dd983808
AK		 5441 /* To avoid client trying to guess when to poll again for information we
5442 * calculate conn info age as random value between min/max set in hdev.
5443 */
5444 conn_info_age = hdev->conn_info_min_age +
5445 prandom_u32_max(hdev->conn_info_max_age -
5446 hdev->conn_info_min_age);
5447
5448 /* Query controller to refresh cached values if they are too old or were
5449 * never read.
5450 */
f4e2dd53
AK		 5451 if (time_after(jiffies, conn->conn_info_timestamp +
5452 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5453 !conn->conn_info_timestamp) {
5454 struct hci_request req;
5455 struct hci_cp_read_tx_power req_txp_cp;
5456 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5457 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5458
5459 hci_req_init(&req, hdev);
5460 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5461 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5462 &req_rssi_cp);
5463
f7faab0c
AK		 5464 /* For LE links TX power does not change thus we don't need to
5465 * query for it once value is known.
5466 */
5467 if (!bdaddr_type_is_le(cp->addr.type) ||
5468 conn->tx_power == HCI_TX_POWER_INVALID) {
5469 req_txp_cp.handle = cpu_to_le16(conn->handle);
5470 req_txp_cp.type = 0x00;
5471 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5472 sizeof(req_txp_cp), &req_txp_cp);
5473 }
dd983808 5474
eed5daf3
AK		 5475 /* Max TX power needs to be read only once per connection */
5476 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5477 req_txp_cp.handle = cpu_to_le16(conn->handle);
5478 req_txp_cp.type = 0x01;
5479 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5480 sizeof(req_txp_cp), &req_txp_cp);
5481 }
5482
dd983808
AK		 5483 err = hci_req_run(&req, conn_info_refresh_complete);
5484 if (err < 0)
5485 goto unlock;
5486
5487 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5488 data, len);
5489 if (!cmd) {
5490 err = -ENOMEM;
5491 goto unlock;
5492 }
5493
5494 hci_conn_hold(conn);
f8aaf9b6 5495 cmd->user_data = hci_conn_get(conn);
9981bdb0 5496 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5497
5498 conn->conn_info_timestamp = jiffies;
5499 } else {
5500 /* Cache is valid, just reply with values cached in hci_conn */
5501 rp.rssi = conn->rssi;
5502 rp.tx_power = conn->tx_power;
eed5daf3 5503 rp.max_tx_power = conn->max_tx_power;
dd983808 5504
2a1afb5a
JH		 5505 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5506 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5507 }
5508
5509unlock:
5510 hci_dev_unlock(hdev);
5511 return err;
5512}
5513
3b0602cd 5514static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5515{
69487371 5516 struct hci_conn *conn = cmd->user_data;
95868426 5517 struct mgmt_rp_get_clock_info rp;
69487371 5518 struct hci_dev *hdev;
9df74653 5519 int err;
69487371
JH		 5520
5521 memset(&rp, 0, sizeof(rp));
5522 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5523
5524 if (status)
5525 goto complete;
5526
5527 hdev = hci_dev_get(cmd->index);
5528 if (hdev) {
5529 rp.local_clock = cpu_to_le32(hdev->clock);
5530 hci_dev_put(hdev);
5531 }
5532
5533 if (conn) {
5534 rp.piconet_clock = cpu_to_le32(conn->clock);
5535 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5536 }
5537
5538complete:
2a1afb5a
JH		 5539 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5540 sizeof(rp));
69487371
JH		 5541
5542 if (conn) {
5543 hci_conn_drop(conn);
5544 hci_conn_put(conn);
5545 }
9df74653
JH		 5546
5547 return err;
69487371
JH		 5548}
5549
1904a853 5550static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5551{
95868426 5552 struct hci_cp_read_clock *hci_cp;
3b0602cd 5553 struct mgmt_pending_cmd *cmd;
95868426
JH		 5554 struct hci_conn *conn;
5555
5556 BT_DBG("%s status %u", hdev->name, status);
5557
5558 hci_dev_lock(hdev);
5559
5560 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5561 if (!hci_cp)
5562 goto unlock;
5563
5564 if (hci_cp->which) {
5565 u16 handle = __le16_to_cpu(hci_cp->handle);
5566 conn = hci_conn_hash_lookup_handle(hdev, handle);
5567 } else {
5568 conn = NULL;
5569 }
5570
5571 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5572 if (!cmd)
5573 goto unlock;
5574
69487371 5575 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5576 mgmt_pending_remove(cmd);
95868426
JH		 5577
5578unlock:
5579 hci_dev_unlock(hdev);
5580}
5581
5582static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5583 u16 len)
5584{
5585 struct mgmt_cp_get_clock_info *cp = data;
5586 struct mgmt_rp_get_clock_info rp;
5587 struct hci_cp_read_clock hci_cp;
3b0602cd 5588 struct mgmt_pending_cmd *cmd;
95868426
JH		 5589 struct hci_request req;
5590 struct hci_conn *conn;
5591 int err;
5592
5593 BT_DBG("%s", hdev->name);
5594
5595 memset(&rp, 0, sizeof(rp));
5596 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5597 rp.addr.type = cp->addr.type;
5598
5599 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5600 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5601 MGMT_STATUS_INVALID_PARAMS,
5602 &rp, sizeof(rp));
95868426
JH		 5603
5604 hci_dev_lock(hdev);
5605
5606 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5607 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5608 MGMT_STATUS_NOT_POWERED, &rp,
5609 sizeof(rp));
95868426
JH		 5610 goto unlock;
5611 }
5612
5613 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5614 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5615 &cp->addr.bdaddr);
5616 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5617 err = mgmt_cmd_complete(sk, hdev->id,
5618 MGMT_OP_GET_CLOCK_INFO,
5619 MGMT_STATUS_NOT_CONNECTED,
5620 &rp, sizeof(rp));
95868426
JH		 5621 goto unlock;
5622 }
5623 } else {
5624 conn = NULL;
5625 }
5626
5627 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5628 if (!cmd) {
5629 err = -ENOMEM;
5630 goto unlock;
5631 }
5632
69487371
JH		 5633 cmd->cmd_complete = clock_info_cmd_complete;
5634
95868426
JH		 5635 hci_req_init(&req, hdev);
5636
5637 memset(&hci_cp, 0, sizeof(hci_cp));
5638 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5639
5640 if (conn) {
5641 hci_conn_hold(conn);
f8aaf9b6 5642 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5643
5644 hci_cp.handle = cpu_to_le16(conn->handle);
5645 hci_cp.which = 0x01; /* Piconet clock */
5646 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5647 }
5648
5649 err = hci_req_run(&req, get_clock_info_complete);
5650 if (err < 0)
5651 mgmt_pending_remove(cmd);
5652
5653unlock:
5654 hci_dev_unlock(hdev);
5655 return err;
5656}
5657
5a154e6f
JH		 5658static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5659{
5660 struct hci_conn *conn;
5661
5662 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5663 if (!conn)
5664 return false;
5665
5666 if (conn->dst_type != type)
5667 return false;
5668
5669 if (conn->state != BT_CONNECTED)
5670 return false;
5671
5672 return true;
5673}
5674
5675/* This function requires the caller holds hdev->lock */
5676static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5677 u8 addr_type, u8 auto_connect)
5678{
5679 struct hci_dev *hdev = req->hdev;
5680 struct hci_conn_params *params;
5681
5682 params = hci_conn_params_add(hdev, addr, addr_type);
5683 if (!params)
5684 return -EIO;
5685
5686 if (params->auto_connect == auto_connect)
5687 return 0;
5688
5689 list_del_init(&params->action);
5690
5691 switch (auto_connect) {
5692 case HCI_AUTO_CONN_DISABLED:
5693 case HCI_AUTO_CONN_LINK_LOSS:
5694 __hci_update_background_scan(req);
5695 break;
5696 case HCI_AUTO_CONN_REPORT:
5697 list_add(&params->action, &hdev->pend_le_reports);
5698 __hci_update_background_scan(req);
5699 break;
5700 case HCI_AUTO_CONN_DIRECT:
5701 case HCI_AUTO_CONN_ALWAYS:
5702 if (!is_connected(hdev, addr, addr_type)) {
5703 list_add(&params->action, &hdev->pend_le_conns);
5704 __hci_update_background_scan(req);
5705 }
5706 break;
5707 }
5708
5709 params->auto_connect = auto_connect;
5710
5711 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5712 auto_connect);
5713
5714 return 0;
5715}
5716
8afef092
MH		 5717static void device_added(struct sock *sk, struct hci_dev *hdev,
5718 bdaddr_t *bdaddr, u8 type, u8 action)
5719{
5720 struct mgmt_ev_device_added ev;
5721
5722 bacpy(&ev.addr.bdaddr, bdaddr);
5723 ev.addr.type = type;
5724 ev.action = action;
5725
5726 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5727}
5728
1904a853 5729static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5730{
3b0602cd 5731 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5732
5733 BT_DBG("status 0x%02x", status);
5734
5735 hci_dev_lock(hdev);
5736
5737 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5738 if (!cmd)
5739 goto unlock;
5740
5741 cmd->cmd_complete(cmd, mgmt_status(status));
5742 mgmt_pending_remove(cmd);
5743
5744unlock:
5745 hci_dev_unlock(hdev);
5746}
5747
2faade53
MH		 5748static int add_device(struct sock *sk, struct hci_dev *hdev,
5749 void *data, u16 len)
5750{
5751 struct mgmt_cp_add_device *cp = data;
3b0602cd 5752 struct mgmt_pending_cmd *cmd;
5a154e6f 5753 struct hci_request req;
2faade53
MH		 5754 u8 auto_conn, addr_type;
5755 int err;
5756
5757 BT_DBG("%s", hdev->name);
5758
6659358e 5759 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5760 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5761 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5762 MGMT_STATUS_INVALID_PARAMS,
5763 &cp->addr, sizeof(cp->addr));
2faade53 5764
4b9e7e75 5765 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5766 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5767 MGMT_STATUS_INVALID_PARAMS,
5768 &cp->addr, sizeof(cp->addr));
2faade53 5769
5a154e6f
JH		 5770 hci_req_init(&req, hdev);
5771
2faade53
MH		 5772 hci_dev_lock(hdev);
5773
5a154e6f
JH		 5774 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5775 if (!cmd) {
5776 err = -ENOMEM;
5777 goto unlock;
5778 }
5779
5780 cmd->cmd_complete = addr_cmd_complete;
5781
6659358e 5782 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5783 /* Only incoming connections action is supported for now */
6659358e 5784 if (cp->action != 0x01) {
9df74653
JH		 5785 err = cmd->cmd_complete(cmd,
5786 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5787 mgmt_pending_remove(cmd);
6659358e
JH		 5788 goto unlock;
5789 }
5790
5791 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5792 cp->addr.type);
5793 if (err)
5794 goto unlock;
a397407f 5795
5a154e6f 5796 __hci_update_page_scan(&req);
a397407f 5797
6659358e
JH		 5798 goto added;
5799 }
5800
2faade53
MH		 5801 if (cp->addr.type == BDADDR_LE_PUBLIC)
5802 addr_type = ADDR_LE_DEV_PUBLIC;
5803 else
5804 addr_type = ADDR_LE_DEV_RANDOM;
5805
4b9e7e75 5806 if (cp->action == 0x02)
2faade53 5807 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5808 else if (cp->action == 0x01)
5809 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5810 else
a3451d27 5811 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5812
bf5b3c8b
MH		 5813 /* If the connection parameters don't exist for this device,
5814 * they will be created and configured with defaults.
5815 */
5a154e6f 5816 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5817 auto_conn) < 0) {
9df74653 5818 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5819 mgmt_pending_remove(cmd);
2faade53
MH		 5820 goto unlock;
5821 }
5822
6659358e 5823added:
8afef092
MH		 5824 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5825
5a154e6f
JH		 5826 err = hci_req_run(&req, add_device_complete);
5827 if (err < 0) {
5828 /* ENODATA means no HCI commands were needed (e.g. if
5829 * the adapter is powered off).
5830 */
9df74653
JH		 5831 if (err == -ENODATA)
5832 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5833 mgmt_pending_remove(cmd);
5834 }
2faade53
MH		 5835
5836unlock:
5837 hci_dev_unlock(hdev);
5838 return err;
5839}
5840
8afef092
MH		 5841static void device_removed(struct sock *sk, struct hci_dev *hdev,
5842 bdaddr_t *bdaddr, u8 type)
5843{
5844 struct mgmt_ev_device_removed ev;
5845
5846 bacpy(&ev.addr.bdaddr, bdaddr);
5847 ev.addr.type = type;
5848
5849 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5850}
5851
1904a853 5852static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5853{
3b0602cd 5854 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5855
5856 BT_DBG("status 0x%02x", status);
5857
5858 hci_dev_lock(hdev);
5859
5860 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5861 if (!cmd)
5862 goto unlock;
5863
5864 cmd->cmd_complete(cmd, mgmt_status(status));
5865 mgmt_pending_remove(cmd);
5866
5867unlock:
5868 hci_dev_unlock(hdev);
5869}
5870
2faade53
MH		 5871static int remove_device(struct sock *sk, struct hci_dev *hdev,
5872 void *data, u16 len)
5873{
5874 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5875 struct mgmt_pending_cmd *cmd;
51ef3ebe 5876 struct hci_request req;
2faade53
MH		 5877 int err;
5878
5879 BT_DBG("%s", hdev->name);
5880
51ef3ebe
JH		 5881 hci_req_init(&req, hdev);
5882
2faade53
MH		 5883 hci_dev_lock(hdev);
5884
51ef3ebe
JH		 5885 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5886 if (!cmd) {
5887 err = -ENOMEM;
5888 goto unlock;
5889 }
5890
5891 cmd->cmd_complete = addr_cmd_complete;
5892
2faade53 5893 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5894 struct hci_conn_params *params;
2faade53
MH		 5895 u8 addr_type;
5896
6659358e 5897 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5898 err = cmd->cmd_complete(cmd,
5899 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5900 mgmt_pending_remove(cmd);
2faade53
MH		 5901 goto unlock;
5902 }
5903
6659358e
JH		 5904 if (cp->addr.type == BDADDR_BREDR) {
5905 err = hci_bdaddr_list_del(&hdev->whitelist,
5906 &cp->addr.bdaddr,
5907 cp->addr.type);
5908 if (err) {
9df74653
JH		 5909 err = cmd->cmd_complete(cmd,
5910 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5911 mgmt_pending_remove(cmd);
6659358e
JH		 5912 goto unlock;
5913 }
5914
51ef3ebe 5915 __hci_update_page_scan(&req);
a397407f 5916
6659358e
JH		 5917 device_removed(sk, hdev, &cp->addr.bdaddr,
5918 cp->addr.type);
5919 goto complete;
5920 }
5921
2faade53
MH		 5922 if (cp->addr.type == BDADDR_LE_PUBLIC)
5923 addr_type = ADDR_LE_DEV_PUBLIC;
5924 else
5925 addr_type = ADDR_LE_DEV_RANDOM;
5926
c71593dd
JH		 5927 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5928 addr_type);
5929 if (!params) {
9df74653
JH		 5930 err = cmd->cmd_complete(cmd,
5931 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5932 mgmt_pending_remove(cmd);
c71593dd
JH		 5933 goto unlock;
5934 }
5935
5936 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5937 err = cmd->cmd_complete(cmd,
5938 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5939 mgmt_pending_remove(cmd);
c71593dd
JH		 5940 goto unlock;
5941 }
5942
d1dbf12e 5943 list_del(&params->action);
c71593dd
JH		 5944 list_del(&params->list);
5945 kfree(params);
51ef3ebe 5946 __hci_update_background_scan(&req);
8afef092
MH		 5947
5948 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5949 } else {
19de0825 5950 struct hci_conn_params *p, *tmp;
6659358e 5951 struct bdaddr_list *b, *btmp;
19de0825 5952
2faade53 5953 if (cp->addr.type) {
9df74653
JH		 5954 err = cmd->cmd_complete(cmd,
5955 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5956 mgmt_pending_remove(cmd);
2faade53
MH		 5957 goto unlock;
5958 }
5959
6659358e
JH		 5960 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5961 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5962 list_del(&b->list);
5963 kfree(b);
5964 }
5965
51ef3ebe 5966 __hci_update_page_scan(&req);
a397407f 5967
19de0825
JH		 5968 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5969 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5970 continue;
5971 device_removed(sk, hdev, &p->addr, p->addr_type);
5972 list_del(&p->action);
5973 list_del(&p->list);
5974 kfree(p);
5975 }
5976
5977 BT_DBG("All LE connection parameters were removed");
5978
51ef3ebe 5979 __hci_update_background_scan(&req);
2faade53
MH		 5980 }
5981
6659358e 5982complete:
51ef3ebe
JH		 5983 err = hci_req_run(&req, remove_device_complete);
5984 if (err < 0) {
5985 /* ENODATA means no HCI commands were needed (e.g. if
5986 * the adapter is powered off).
5987 */
9df74653
JH		 5988 if (err == -ENODATA)
5989 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5990 mgmt_pending_remove(cmd);
5991 }
2faade53
MH		 5992
5993unlock:
5994 hci_dev_unlock(hdev);
5995 return err;
5996}
5997
a26f3dcf
JH		 5998static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5999 u16 len)
6000{
6001 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6002 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6003 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6004 u16 param_count, expected_len;
6005 int i;
6006
6007 if (!lmp_le_capable(hdev))
a69e8375
JH		 6008 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6009 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6010
6011 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6012 if (param_count > max_param_count) {
6013 BT_ERR("load_conn_param: too big param_count value %u",
6014 param_count);
a69e8375
JH		 6015 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6016 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6017 }
a26f3dcf
JH		 6018
6019 expected_len = sizeof(*cp) + param_count *
6020 sizeof(struct mgmt_conn_param);
6021 if (expected_len != len) {
6022 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6023 expected_len, len);
a69e8375
JH		 6024 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6025 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6026 }
6027
6028 BT_DBG("%s param_count %u", hdev->name, param_count);
6029
6030 hci_dev_lock(hdev);
6031
6032 hci_conn_params_clear_disabled(hdev);
6033
6034 for (i = 0; i < param_count; i++) {
6035 struct mgmt_conn_param *param = &cp->params[i];
6036 struct hci_conn_params *hci_param;
6037 u16 min, max, latency, timeout;
6038 u8 addr_type;
6039
6040 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6041 param->addr.type);
6042
6043 if (param->addr.type == BDADDR_LE_PUBLIC) {
6044 addr_type = ADDR_LE_DEV_PUBLIC;
6045 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6046 addr_type = ADDR_LE_DEV_RANDOM;
6047 } else {
6048 BT_ERR("Ignoring invalid connection parameters");
6049 continue;
6050 }
6051
6052 min = le16_to_cpu(param->min_interval);
6053 max = le16_to_cpu(param->max_interval);
6054 latency = le16_to_cpu(param->latency);
6055 timeout = le16_to_cpu(param->timeout);
6056
6057 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6058 min, max, latency, timeout);
6059
6060 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6061 BT_ERR("Ignoring invalid connection parameters");
6062 continue;
6063 }
6064
6065 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6066 addr_type);
6067 if (!hci_param) {
6068 BT_ERR("Failed to add connection parameters");
6069 continue;
6070 }
6071
6072 hci_param->conn_min_interval = min;
6073 hci_param->conn_max_interval = max;
6074 hci_param->conn_latency = latency;
6075 hci_param->supervision_timeout = timeout;
6076 }
6077
6078 hci_dev_unlock(hdev);
6079
2a1afb5a
JH		 6080 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6081 NULL, 0);
a26f3dcf
JH		 6082}
6083
dbece37a
MH		 6084static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6085 void *data, u16 len)
6086{
6087 struct mgmt_cp_set_external_config *cp = data;
6088 bool changed;
6089 int err;
6090
6091 BT_DBG("%s", hdev->name);
6092
6093 if (hdev_is_powered(hdev))
a69e8375
JH		 6094 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6095 MGMT_STATUS_REJECTED);
dbece37a
MH		 6096
6097 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6098 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6099 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6100
6101 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6102 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6103 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6104
6105 hci_dev_lock(hdev);
6106
6107 if (cp->config)
238be788 6108 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6109 else
a69d8927 6110 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6111
6112 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6113 if (err < 0)
6114 goto unlock;
6115
6116 if (!changed)
6117 goto unlock;
6118
f4537c04
MH		 6119 err = new_options(hdev, sk);
6120
d7a5a11d 6121 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6122 mgmt_index_removed(hdev);
d603b76b 6123
516018a9 6124 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6125 hci_dev_set_flag(hdev, HCI_CONFIG);
6126 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6127
6128 queue_work(hdev->req_workqueue, &hdev->power_on);
6129 } else {
5ea234d3 6130 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6131 mgmt_index_added(hdev);
6132 }
dbece37a
MH		 6133 }
6134
6135unlock:
6136 hci_dev_unlock(hdev);
6137 return err;
6138}
6139
9713c17b
MH		 6140static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6141 void *data, u16 len)
6142{
6143 struct mgmt_cp_set_public_address *cp = data;
6144 bool changed;
6145 int err;
6146
6147 BT_DBG("%s", hdev->name);
6148
6149 if (hdev_is_powered(hdev))
a69e8375
JH		 6150 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6151 MGMT_STATUS_REJECTED);
9713c17b
MH		 6152
6153 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6154 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6155 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6156
6157 if (!hdev->set_bdaddr)
a69e8375
JH		 6158 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6159 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6160
6161 hci_dev_lock(hdev);
6162
6163 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6164 bacpy(&hdev->public_addr, &cp->bdaddr);
6165
6166 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6167 if (err < 0)
6168 goto unlock;
6169
6170 if (!changed)
6171 goto unlock;
6172
d7a5a11d 6173 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6174 err = new_options(hdev, sk);
6175
6176 if (is_configured(hdev)) {
6177 mgmt_index_removed(hdev);
6178
a358dc11 6179 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6180
a1536da2
MH		 6181 hci_dev_set_flag(hdev, HCI_CONFIG);
6182 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6183
6184 queue_work(hdev->req_workqueue, &hdev->power_on);
6185 }
6186
6187unlock:
6188 hci_dev_unlock(hdev);
6189 return err;
6190}
6191
6d785aa3 6192static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6193 { NULL }, /* 0x0000 (no command) */
b9a245fb
JH		 6194 { read_version, MGMT_READ_VERSION_SIZE,
6195 HCI_MGMT_NO_HDEV },
6196 { read_commands, MGMT_READ_COMMANDS_SIZE,
6197 HCI_MGMT_NO_HDEV },
6198 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6199 HCI_MGMT_NO_HDEV },
6200 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6201 { set_powered, MGMT_SETTING_SIZE, 0 },
6202 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6203 { set_connectable, MGMT_SETTING_SIZE, 0 },
6204 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6205 { set_bondable, MGMT_SETTING_SIZE, 0 },
6206 { set_link_security, MGMT_SETTING_SIZE, 0 },
6207 { set_ssp, MGMT_SETTING_SIZE, 0 },
6208 { set_hs, MGMT_SETTING_SIZE, 0 },
6209 { set_le, MGMT_SETTING_SIZE, 0 },
6210 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6211 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6212 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6213 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6214 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6215 HCI_MGMT_VAR_LEN },
6216 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6217 HCI_MGMT_VAR_LEN },
6218 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6219 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6220 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6221 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6222 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6223 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6224 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6225 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6226 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6227 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6228 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6229 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6230 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6231 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6232 HCI_MGMT_VAR_LEN },
6233 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6234 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6235 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6236 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6237 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6238 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6239 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6240 { set_advertising, MGMT_SETTING_SIZE, 0 },
6241 { set_bredr, MGMT_SETTING_SIZE, 0 },
6242 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6243 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6244 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6245 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6246 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6247 { load_irks, MGMT_LOAD_IRKS_SIZE,
6248 HCI_MGMT_VAR_LEN },
6249 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6250 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6251 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6252 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6253 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6254 HCI_MGMT_VAR_LEN },
6255 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6256 HCI_MGMT_NO_HDEV },
6257 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6258 HCI_MGMT_UNCONFIGURED },
6259 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6260 HCI_MGMT_UNCONFIGURED },
6261 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6262 HCI_MGMT_UNCONFIGURED },
6263 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6264 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 6265};
6266
6d785aa3
JH		 6267int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6268 struct msghdr *msg, size_t msglen)
0381101f 6269{
650f726d
VCG		 6270 void *buf;
6271 u8 *cp;
0381101f 6272 struct mgmt_hdr *hdr;
4e51eae9 6273 u16 opcode, index, len;
bdb6d971 6274 struct hci_dev *hdev = NULL;
6d785aa3 6275 const struct hci_mgmt_handler *handler;
b9a245fb 6276 bool var_len, no_hdev;
0381101f
JH		 6277 int err;
6278
6279 BT_DBG("got %zu bytes", msglen);
6280
6281 if (msglen < sizeof(*hdr))
6282 return -EINVAL;
6283
e63a15ec 6284 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6285 if (!buf)
6286 return -ENOMEM;
6287
6ce8e9ce 6288 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6289 err = -EFAULT;
6290 goto done;
6291 }
6292
650f726d 6293 hdr = buf;
1f350c87
MH		 6294 opcode = __le16_to_cpu(hdr->opcode);
6295 index = __le16_to_cpu(hdr->index);
6296 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6297
6298 if (len != msglen - sizeof(*hdr)) {
6299 err = -EINVAL;
6300 goto done;
6301 }
6302
b9a245fb
JH		 6303 if (opcode >= chan->handler_count ||
6304 chan->handlers[opcode].func == NULL) {
6305 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6306 err = mgmt_cmd_status(sk, index, opcode,
6307 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6308 goto done;
6309 }
6310
6311 handler = &chan->handlers[opcode];
6312
0f4e68cf 6313 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6314 hdev = hci_dev_get(index);
6315 if (!hdev) {
a69e8375
JH		 6316 err = mgmt_cmd_status(sk, index, opcode,
6317 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6318 goto done;
6319 }
0736cfa8 6320
d7a5a11d
MH		 6321 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
6322 hci_dev_test_flag(hdev, HCI_CONFIG) ||
6323 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
a69e8375
JH		 6324 err = mgmt_cmd_status(sk, index, opcode,
6325 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6326 goto done;
6327 }
42a9bc14 6328
d7a5a11d 6329 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
b9a245fb 6330 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6331 err = mgmt_cmd_status(sk, index, opcode,
6332 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6333 goto done;
6334 }
bdb6d971
JH		 6335 }
6336
b9a245fb
JH		 6337 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6338 if (no_hdev != !hdev) {
a69e8375
JH		 6339 err = mgmt_cmd_status(sk, index, opcode,
6340 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6341 goto done;
0381101f
JH		 6342 }
6343
b9a245fb
JH		 6344 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6345 if ((var_len && len < handler->data_len) ||
6346 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6347 err = mgmt_cmd_status(sk, index, opcode,
6348 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6349 goto done;
6350 }
6351
0f4e68cf
JH		 6352 if (hdev)
6353 mgmt_init_hdev(sk, hdev);
6354
6355 cp = buf + sizeof(*hdr);
6356
be22b54e 6357 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6358 if (err < 0)
6359 goto done;
6360
0381101f
JH		 6361 err = msglen;
6362
6363done:
bdb6d971
JH		 6364 if (hdev)
6365 hci_dev_put(hdev);
6366
0381101f
JH		 6367 kfree(buf);
6368 return err;
6369}
c71e97bf 6370
bf6b56db 6371void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6372{
bb4b2a9a 6373
0602a8ad
MH		 6374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6375 return;
6376
f9207338
MH		 6377 switch (hdev->dev_type) {
6378 case HCI_BREDR:
6379 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6380 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6381 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6382 } else {
6383 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6384 HCI_MGMT_INDEX_EVENTS);
6385 }
6386 break;
6387 }
c71e97bf
JH		 6388}
6389
bf6b56db 6390void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6391{
5f159032 6392 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6393
0602a8ad
MH		 6394 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6395 return;
6396
f9207338
MH		 6397 switch (hdev->dev_type) {
6398 case HCI_BREDR:
6399 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6400
f9207338
MH		 6401 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6402 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6403 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
6404 } else {
6405 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6406 HCI_MGMT_INDEX_EVENTS);
6407 }
6408 break;
6409 }
eec8d2bc
JH		 6410}
6411
6046dc3e 6412/* This function requires the caller holds hdev->lock */
2cf22218 6413static void restart_le_actions(struct hci_request *req)
6046dc3e 6414{
2cf22218 6415 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6416 struct hci_conn_params *p;
6417
6418 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6419 /* Needed for AUTO_OFF case where might not "really"
6420 * have been powered off.
6421 */
6422 list_del_init(&p->action);
6423
6424 switch (p->auto_connect) {
4b9e7e75 6425 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6426 case HCI_AUTO_CONN_ALWAYS:
6427 list_add(&p->action, &hdev->pend_le_conns);
6428 break;
6429 case HCI_AUTO_CONN_REPORT:
6430 list_add(&p->action, &hdev->pend_le_reports);
6431 break;
6432 default:
6433 break;
c83ed19d 6434 }
6046dc3e 6435 }
c83ed19d 6436
2cf22218 6437 __hci_update_background_scan(req);
6046dc3e
AG		 6438}
6439
1904a853 6440static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6441{
6442 struct cmd_lookup match = { NULL, hdev };
6443
6444 BT_DBG("status 0x%02x", status);
6445
162a3bac
MH		 6446 if (!status) {
6447 /* Register the available SMP channels (BR/EDR and LE) only
6448 * when successfully powering on the controller. This late
6449 * registration is required so that LE SMP can clearly
6450 * decide if the public address or static address is used.
6451 */
6452 smp_register(hdev);
6453 }
6454
229ab39c
JH		 6455 hci_dev_lock(hdev);
6456
6457 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6458
6459 new_settings(hdev, match.sk);
6460
6461 hci_dev_unlock(hdev);
6462
6463 if (match.sk)
6464 sock_put(match.sk);
6465}
6466
70da6243 6467static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6468{
890ea898 6469 struct hci_request req;
70da6243 6470 u8 link_sec;
5add6af8 6471
890ea898
JH		 6472 hci_req_init(&req, hdev);
6473
d7a5a11d 6474 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6475 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6476 u8 mode = 0x01;
5e5282bb 6477
574ea3c7
MH		 6478 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6479
6480 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6481 u8 support = 0x01;
5add6af8 6482
574ea3c7
MH		 6483 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6484 sizeof(support), &support);
6485 }
ec6f99b8
JH		 6486 }
6487
d7a5a11d 6488 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6489 lmp_bredr_capable(hdev)) {
70da6243 6490 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6491
32226e4f
MH		 6492 cp.le = 0x01;
6493 cp.simul = 0x00;
3d1cbdd6 6494
70da6243
JH		 6495 /* Check first if we already have the right
6496 * host state (host features set)
6497 */
6498 if (cp.le != lmp_host_le_capable(hdev) ||
6499 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6500 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6501 sizeof(cp), &cp);
70da6243 6502 }
3d1cbdd6 6503
d13eafce 6504 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6505 /* Make sure the controller has a good default for
6506 * advertising data. This also applies to the case
6507 * where BR/EDR was toggled during the AUTO_OFF phase.
6508 */
d7a5a11d 6509 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6510 update_adv_data(&req);
f14d8f64
MH		 6511 update_scan_rsp_data(&req);
6512 }
441ad2d0 6513
d7a5a11d 6514 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 6515 enable_advertising(&req);
2cf22218
JH		 6516
6517 restart_le_actions(&req);
eeca6f89
JH		 6518 }
6519
d7a5a11d 6520 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6521 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6522 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6523 sizeof(link_sec), &link_sec);
562fcc24 6524
70da6243 6525 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6526 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6527 write_fast_connectable(&req, true);
6528 else
6529 write_fast_connectable(&req, false);
1d2dc5b7 6530 __hci_update_page_scan(&req);
890ea898 6531 update_class(&req);
13928971 6532 update_name(&req);
890ea898 6533 update_eir(&req);
70da6243 6534 }
562fcc24 6535
229ab39c 6536 return hci_req_run(&req, powered_complete);
70da6243 6537}
562fcc24 6538
70da6243
JH		 6539int mgmt_powered(struct hci_dev *hdev, u8 powered)
6540{
6541 struct cmd_lookup match = { NULL, hdev };
9845904f 6542 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6543 int err;
f0ff92fb 6544
d7a5a11d 6545 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6546 return 0;
6547
70da6243 6548 if (powered) {
229ab39c
JH		 6549 if (powered_update_hci(hdev) == 0)
6550 return 0;
fe038884 6551
229ab39c
JH		 6552 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6553 &match);
6554 goto new_settings;
b24752fe
JH		 6555 }
6556
229ab39c 6557 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6558
6559 /* If the power off is because of hdev unregistration let
6560 * use the appropriate INVALID_INDEX status. Otherwise use
6561 * NOT_POWERED. We cover both scenarios here since later in
6562 * mgmt_index_removed() any hci_conn callbacks will have already
6563 * been triggered, potentially causing misleading DISCONNECTED
6564 * status responses.
6565 */
d7a5a11d 6566 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6567 status = MGMT_STATUS_INVALID_INDEX;
6568 else
6569 status = MGMT_STATUS_NOT_POWERED;
6570
6571 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6572
6573 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6574 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6575 zero_cod, sizeof(zero_cod), NULL);
6576
6577new_settings:
beadb2bd 6578 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6579
6580 if (match.sk)
6581 sock_put(match.sk);
6582
7bb895d6 6583 return err;
5add6af8 6584}
73f22f62 6585
3eec705e 6586void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6587{
3b0602cd 6588 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6589 u8 status;
6590
6591 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6592 if (!cmd)
3eec705e 6593 return;
96570ffc
JH		 6594
6595 if (err == -ERFKILL)
6596 status = MGMT_STATUS_RFKILLED;
6597 else
6598 status = MGMT_STATUS_FAILED;
6599
a69e8375 6600 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6601
6602 mgmt_pending_remove(cmd);
96570ffc
JH		 6603}
6604
d1967ff8
MH		 6605void mgmt_discoverable_timeout(struct hci_dev *hdev)
6606{
6607 struct hci_request req;
d1967ff8
MH		 6608
6609 hci_dev_lock(hdev);
6610
6611 /* When discoverable timeout triggers, then just make sure
6612 * the limited discoverable flag is cleared. Even in the case
6613 * of a timeout triggered from general discoverable, it is
6614 * safe to unconditionally clear the flag.
6615 */
a358dc11
MH		 6616 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6617 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6618
6619 hci_req_init(&req, hdev);
d7a5a11d 6620 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6621 u8 scan = SCAN_PAGE;
6622 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6623 sizeof(scan), &scan);
6624 }
d1967ff8 6625 update_class(&req);
9a43e25f 6626 update_adv_data(&req);
d1967ff8
MH		 6627 hci_req_run(&req, NULL);
6628
6629 hdev->discov_timeout = 0;
6630
9a43e25f
JH		 6631 new_settings(hdev, NULL);
6632
d1967ff8
MH		 6633 hci_dev_unlock(hdev);
6634}
6635
dc4a5ee2
MH		 6636void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6637 bool persistent)
55ed8ca1 6638{
86742e1e 6639 struct mgmt_ev_new_link_key ev;
55ed8ca1 6640
a492cd52 6641 memset(&ev, 0, sizeof(ev));
55ed8ca1 6642
a492cd52 6643 ev.store_hint = persistent;
d753fdc4 6644 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6645 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6646 ev.key.type = key->type;
9b3b4460 6647 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6648 ev.key.pin_len = key->pin_len;
55ed8ca1 6649
dc4a5ee2 6650 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6651}
f7520543 6652
d7b25450
JH		 6653static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6654{
23fb8de3
JH		 6655 switch (ltk->type) {
6656 case SMP_LTK:
6657 case SMP_LTK_SLAVE:
6658 if (ltk->authenticated)
6659 return MGMT_LTK_AUTHENTICATED;
6660 return MGMT_LTK_UNAUTHENTICATED;
6661 case SMP_LTK_P256:
6662 if (ltk->authenticated)
6663 return MGMT_LTK_P256_AUTH;
6664 return MGMT_LTK_P256_UNAUTH;
6665 case SMP_LTK_P256_DEBUG:
6666 return MGMT_LTK_P256_DEBUG;
6667 }
d7b25450
JH		 6668
6669 return MGMT_LTK_UNAUTHENTICATED;
6670}
6671
53ac6ab6 6672void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6673{
6674 struct mgmt_ev_new_long_term_key ev;
6675
6676 memset(&ev, 0, sizeof(ev));
6677
5192d301
MH		 6678 /* Devices using resolvable or non-resolvable random addresses
6679 * without providing an indentity resolving key don't require
6680 * to store long term keys. Their addresses will change the
6681 * next time around.
6682 *
6683 * Only when a remote device provides an identity address
6684 * make sure the long term key is stored. If the remote
6685 * identity is known, the long term keys are internally
6686 * mapped to the identity address. So allow static random
6687 * and public addresses here.
6688 */
ba74b666
JH		 6689 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6690 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6691 ev.store_hint = 0x00;
6692 else
53ac6ab6 6693 ev.store_hint = persistent;
ba74b666 6694
346af67b 6695 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6696 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6697 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6698 ev.key.enc_size = key->enc_size;
6699 ev.key.ediv = key->ediv;
fe39c7b2 6700 ev.key.rand = key->rand;
346af67b 6701
2ceba539 6702 if (key->type == SMP_LTK)
346af67b
VCG		 6703 ev.key.master = 1;
6704
346af67b
VCG		 6705 memcpy(ev.key.val, key->val, sizeof(key->val));
6706
083368f7 6707 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6708}
6709
95fbac8a
JH		 6710void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6711{
6712 struct mgmt_ev_new_irk ev;
6713
6714 memset(&ev, 0, sizeof(ev));
6715
bab6d1e5
MH		 6716 /* For identity resolving keys from devices that are already
6717 * using a public address or static random address, do not
6718 * ask for storing this key. The identity resolving key really
6719 * is only mandatory for devices using resovlable random
6720 * addresses.
6721 *
6722 * Storing all identity resolving keys has the downside that
6723 * they will be also loaded on next boot of they system. More
6724 * identity resolving keys, means more time during scanning is
6725 * needed to actually resolve these addresses.
6726 */
6727 if (bacmp(&irk->rpa, BDADDR_ANY))
6728 ev.store_hint = 0x01;
6729 else
6730 ev.store_hint = 0x00;
6731
95fbac8a
JH		 6732 bacpy(&ev.rpa, &irk->rpa);
6733 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6734 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6735 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6736
6737 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6738}
6739
53ac6ab6
MH		 6740void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6741 bool persistent)
7ee4ea36
MH		 6742{
6743 struct mgmt_ev_new_csrk ev;
6744
6745 memset(&ev, 0, sizeof(ev));
6746
6747 /* Devices using resolvable or non-resolvable random addresses
6748 * without providing an indentity resolving key don't require
6749 * to store signature resolving keys. Their addresses will change
6750 * the next time around.
6751 *
6752 * Only when a remote device provides an identity address
6753 * make sure the signature resolving key is stored. So allow
6754 * static random and public addresses here.
6755 */
6756 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6757 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6758 ev.store_hint = 0x00;
6759 else
53ac6ab6 6760 ev.store_hint = persistent;
7ee4ea36
MH		 6761
6762 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6763 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6764 ev.key.type = csrk->type;
7ee4ea36
MH		 6765 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6766
6767 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6768}
6769
ffb5a827 6770void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6771 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6772 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6773{
6774 struct mgmt_ev_new_conn_param ev;
6775
c103aea6
JH		 6776 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6777 return;
6778
ffb5a827
AG		 6779 memset(&ev, 0, sizeof(ev));
6780 bacpy(&ev.addr.bdaddr, bdaddr);
6781 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6782 ev.store_hint = store_hint;
ffb5a827
AG		 6783 ev.min_interval = cpu_to_le16(min_interval);
6784 ev.max_interval = cpu_to_le16(max_interval);
6785 ev.latency = cpu_to_le16(latency);
6786 ev.timeout = cpu_to_le16(timeout);
6787
6788 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6789}
6790
94933991
MH		 6791static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6792 u8 data_len)
6793{
6794 eir[eir_len++] = sizeof(type) + data_len;
6795 eir[eir_len++] = type;
6796 memcpy(&eir[eir_len], data, data_len);
6797 eir_len += data_len;
6798
6799 return eir_len;
6800}
6801
48ec92fa
AA		 6802void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6803 u32 flags, u8 *name, u8 name_len)
f7520543 6804{
b644ba33
JH		 6805 char buf[512];
6806 struct mgmt_ev_device_connected *ev = (void *) buf;
6807 u16 eir_len = 0;
f7520543 6808
48ec92fa
AA		 6809 bacpy(&ev->addr.bdaddr, &conn->dst);
6810 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6811
c95f0ba7 6812 ev->flags = __cpu_to_le32(flags);
08c79b61 6813
fd45ada9
AA		 6814 /* We must ensure that the EIR Data fields are ordered and
6815 * unique. Keep it simple for now and avoid the problem by not
6816 * adding any BR/EDR data to the LE adv.
6817 */
6818 if (conn->le_adv_data_len > 0) {
6819 memcpy(&ev->eir[eir_len],
6820 conn->le_adv_data, conn->le_adv_data_len);
6821 eir_len = conn->le_adv_data_len;
6822 } else {
6823 if (name_len > 0)
6824 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6825 name, name_len);
b644ba33 6826
ddbea5cf 6827 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6828 eir_len = eir_append_data(ev->eir, eir_len,
6829 EIR_CLASS_OF_DEV,
6830 conn->dev_class, 3);
6831 }
b644ba33 6832
eb55ef07 6833 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6834
ecd90ae7
MH		 6835 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6836 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6837}
6838
3b0602cd 6839static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6840{
8962ee74 6841 struct sock **sk = data;
8962ee74 6842
f5818c22 6843 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6844
6845 *sk = cmd->sk;
6846 sock_hold(*sk);
6847
a664b5bc 6848 mgmt_pending_remove(cmd);
8962ee74
JH		 6849}
6850
3b0602cd 6851static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6852{
b1078ad0 6853 struct hci_dev *hdev = data;
124f6e35 6854 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6855
b1078ad0
JH		 6856 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6857
d8b7b1e4 6858 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6859 mgmt_pending_remove(cmd);
6860}
6861
84c61d92
JH		 6862bool mgmt_powering_down(struct hci_dev *hdev)
6863{
3b0602cd 6864 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6865 struct mgmt_mode *cp;
6866
6867 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6868 if (!cmd)
6869 return false;
6870
6871 cp = cmd->param;
6872 if (!cp->val)
6873 return true;
6874
6875 return false;
6876}
6877
9b80ec5e 6878void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6879 u8 link_type, u8 addr_type, u8 reason,
6880 bool mgmt_connected)
f7520543 6881{
f0d6a0ea 6882 struct mgmt_ev_device_disconnected ev;
8962ee74 6883 struct sock *sk = NULL;
8962ee74 6884
84c61d92
JH		 6885 /* The connection is still in hci_conn_hash so test for 1
6886 * instead of 0 to know if this is the last one.
6887 */
6888 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6889 cancel_delayed_work(&hdev->power_off);
6890 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6891 }
6892
12d4a3b2
JH		 6893 if (!mgmt_connected)
6894 return;
6895
57eb776f
AG		 6896 if (link_type != ACL_LINK && link_type != LE_LINK)
6897 return;
6898
744cf19e 6899 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6900
f0d6a0ea
MA		 6901 bacpy(&ev.addr.bdaddr, bdaddr);
6902 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6903 ev.reason = reason;
f7520543 6904
9b80ec5e 6905 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6906
6907 if (sk)
d97dcb66 6908 sock_put(sk);
8962ee74 6909
124f6e35 6910 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6911 hdev);
8962ee74
JH		 6912}
6913
7892924c
MH		 6914void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6915 u8 link_type, u8 addr_type, u8 status)
8962ee74 6916{
3655bba8
AG		 6917 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6918 struct mgmt_cp_disconnect *cp;
3b0602cd 6919 struct mgmt_pending_cmd *cmd;
8962ee74 6920
36a75f1b
JD		 6921 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6922 hdev);
6923
2e58ef3e 6924 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6925 if (!cmd)
7892924c 6926 return;
8962ee74 6927
3655bba8
AG		 6928 cp = cmd->param;
6929
6930 if (bacmp(bdaddr, &cp->addr.bdaddr))
6931 return;
6932
6933 if (cp->addr.type != bdaddr_type)
6934 return;
6935
f5818c22 6936 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6937 mgmt_pending_remove(cmd);
f7520543 6938}
17d5c04c 6939
445608d0
MH		 6940void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6941 u8 addr_type, u8 status)
17d5c04c
JH		 6942{
6943 struct mgmt_ev_connect_failed ev;
c9910d0f 6944
84c61d92
JH		 6945 /* The connection is still in hci_conn_hash so test for 1
6946 * instead of 0 to know if this is the last one.
6947 */
6948 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6949 cancel_delayed_work(&hdev->power_off);
6950 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6951 }
17d5c04c 6952
4c659c39 6953 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6954 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6955 ev.status = mgmt_status(status);
17d5c04c 6956
445608d0 6957 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6958}
980e1a53 6959
ce0e4a0d 6960void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6961{
6962 struct mgmt_ev_pin_code_request ev;
6963
d8457698 6964 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6965 ev.addr.type = BDADDR_BREDR;
a770bb5a 6966 ev.secure = secure;
980e1a53 6967
ce0e4a0d 6968 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6969}
6970
e669cf80
MH		 6971void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6972 u8 status)
980e1a53 6973{
3b0602cd 6974 struct mgmt_pending_cmd *cmd;
980e1a53 6975
2e58ef3e 6976 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6977 if (!cmd)
e669cf80 6978 return;
980e1a53 6979
7776d1d8 6980 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6981 mgmt_pending_remove(cmd);
980e1a53
JH		 6982}
6983
3eb38528
MH		 6984void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6985 u8 status)
980e1a53 6986{
3b0602cd 6987 struct mgmt_pending_cmd *cmd;
980e1a53 6988
2e58ef3e 6989 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6990 if (!cmd)
3eb38528 6991 return;
980e1a53 6992
7776d1d8 6993 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6994 mgmt_pending_remove(cmd);
980e1a53 6995}
a5c29683 6996
744cf19e 6997int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6998 u8 link_type, u8 addr_type, u32 value,
04124681 6999 u8 confirm_hint)
a5c29683
JH		 7000{
7001 struct mgmt_ev_user_confirm_request ev;
7002
744cf19e 7003 BT_DBG("%s", hdev->name);
a5c29683 7004
272d90df 7005 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7006 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7007 ev.confirm_hint = confirm_hint;
39adbffe 7008 ev.value = cpu_to_le32(value);
a5c29683 7009
744cf19e 7010 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7011 NULL);
a5c29683
JH		 7012}
7013
272d90df 7014int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7015 u8 link_type, u8 addr_type)
604086b7
BG		 7016{
7017 struct mgmt_ev_user_passkey_request ev;
7018
7019 BT_DBG("%s", hdev->name);
7020
272d90df 7021 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7022 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7023
7024 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7025 NULL);
604086b7
BG		 7026}
7027
0df4c185 7028static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7029 u8 link_type, u8 addr_type, u8 status,
7030 u8 opcode)
a5c29683 7031{
3b0602cd 7032 struct mgmt_pending_cmd *cmd;
a5c29683 7033
2e58ef3e 7034 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 7035 if (!cmd)
7036 return -ENOENT;
7037
7776d1d8 7038 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7039 mgmt_pending_remove(cmd);
a5c29683 7040
7776d1d8 7041 return 0;
a5c29683
JH		 7042}
7043
744cf19e 7044int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7045 u8 link_type, u8 addr_type, u8 status)
a5c29683 7046{
272d90df 7047 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7048 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7049}
7050
272d90df 7051int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7052 u8 link_type, u8 addr_type, u8 status)
a5c29683 7053{
272d90df 7054 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7055 status,
7056 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7057}
2a611692 7058
604086b7 7059int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7060 u8 link_type, u8 addr_type, u8 status)
604086b7 7061{
272d90df 7062 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7063 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7064}
7065
272d90df 7066int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7067 u8 link_type, u8 addr_type, u8 status)
604086b7 7068{
272d90df 7069 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7070 status,
7071 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7072}
7073
92a25256
JH		 7074int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7075 u8 link_type, u8 addr_type, u32 passkey,
7076 u8 entered)
7077{
7078 struct mgmt_ev_passkey_notify ev;
7079
7080 BT_DBG("%s", hdev->name);
7081
7082 bacpy(&ev.addr.bdaddr, bdaddr);
7083 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7084 ev.passkey = __cpu_to_le32(passkey);
7085 ev.entered = entered;
7086
7087 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7088}
7089
e1e930f5 7090void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7091{
7092 struct mgmt_ev_auth_failed ev;
3b0602cd 7093 struct mgmt_pending_cmd *cmd;
e1e930f5 7094 u8 status = mgmt_status(hci_status);
2a611692 7095
e1e930f5
JH		 7096 bacpy(&ev.addr.bdaddr, &conn->dst);
7097 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7098 ev.status = status;
2a611692 7099
e1e930f5
JH		 7100 cmd = find_pairing(conn);
7101
7102 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7103 cmd ? cmd->sk : NULL);
7104
a511b35b
JH		 7105 if (cmd) {
7106 cmd->cmd_complete(cmd, status);
7107 mgmt_pending_remove(cmd);
7108 }
2a611692 7109}
b312b161 7110
464996ae 7111void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7112{
7113 struct cmd_lookup match = { NULL, hdev };
464996ae 7114 bool changed;
33ef95ed
JH		 7115
7116 if (status) {
7117 u8 mgmt_err = mgmt_status(status);
7118 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7119 cmd_status_rsp, &mgmt_err);
464996ae 7120 return;
33ef95ed
JH		 7121 }
7122
464996ae 7123 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7124 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7125 else
a69d8927 7126 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7127
33ef95ed 7128 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7129 &match);
33ef95ed 7130
47990ea0 7131 if (changed)
464996ae 7132 new_settings(hdev, match.sk);
33ef95ed
JH		 7133
7134 if (match.sk)
7135 sock_put(match.sk);
33ef95ed
JH		 7136}
7137
890ea898 7138static void clear_eir(struct hci_request *req)
cacaf52f 7139{
890ea898 7140 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7141 struct hci_cp_write_eir cp;
7142
976eb20e 7143 if (!lmp_ext_inq_capable(hdev))
890ea898 7144 return;
cacaf52f 7145
c80da27e
JH		 7146 memset(hdev->eir, 0, sizeof(hdev->eir));
7147
cacaf52f
JH		 7148 memset(&cp, 0, sizeof(cp));
7149
890ea898 7150 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7151}
7152
3e248560 7153void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7154{
7155 struct cmd_lookup match = { NULL, hdev };
890ea898 7156 struct hci_request req;
c0ecddc2 7157 bool changed = false;
ed2c4ee3
JH		 7158
7159 if (status) {
7160 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7161
a69d8927
MH		 7162 if (enable && hci_dev_test_and_clear_flag(hdev,
7163 HCI_SSP_ENABLED)) {
a358dc11 7164 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7165 new_settings(hdev, NULL);
9ecb3e24 7166 }
c0ecddc2 7167
04124681
GP		 7168 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7169 &mgmt_err);
3e248560 7170 return;
c0ecddc2
JH		 7171 }
7172
7173 if (enable) {
238be788 7174 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7175 } else {
a69d8927 7176 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7177 if (!changed)
a69d8927
MH		 7178 changed = hci_dev_test_and_clear_flag(hdev,
7179 HCI_HS_ENABLED);
9ecb3e24 7180 else
a358dc11 7181 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7182 }
7183
7184 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7185
c0ecddc2 7186 if (changed)
3e248560 7187 new_settings(hdev, match.sk);
ed2c4ee3 7188
5fc6ebb1 7189 if (match.sk)
ed2c4ee3
JH		 7190 sock_put(match.sk);
7191
890ea898
JH		 7192 hci_req_init(&req, hdev);
7193
d7a5a11d
MH		 7194 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7195 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7196 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7197 sizeof(enable), &enable);
890ea898 7198 update_eir(&req);
3769972b 7199 } else {
890ea898 7200 clear_eir(&req);
3769972b 7201 }
890ea898
JH		 7202
7203 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7204}
7205
3b0602cd 7206static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7207{
7208 struct cmd_lookup *match = data;
7209
90e70454
JH		 7210 if (match->sk == NULL) {
7211 match->sk = cmd->sk;
7212 sock_hold(match->sk);
7213 }
90e70454
JH		 7214}
7215
4e1b0245
MH		 7216void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7217 u8 status)
7f9a903c 7218{
90e70454 7219 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7220
92da6097
JH		 7221 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7222 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7223 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7224
7225 if (!status)
4e1b0245
MH		 7226 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7227 NULL);
90e70454
JH		 7228
7229 if (match.sk)
7230 sock_put(match.sk);
7f9a903c
MH		 7231}
7232
7667da34 7233void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7234{
b312b161 7235 struct mgmt_cp_set_local_name ev;
3b0602cd 7236 struct mgmt_pending_cmd *cmd;
28cc7bde 7237
13928971 7238 if (status)
7667da34 7239 return;
b312b161
JH		 7240
7241 memset(&ev, 0, sizeof(ev));
7242 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7243 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7244
2e58ef3e 7245 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7246 if (!cmd) {
7247 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7248
13928971
JH		 7249 /* If this is a HCI command related to powering on the
7250 * HCI dev don't send any mgmt signals.
7251 */
7252 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7253 return;
890ea898 7254 }
b312b161 7255
7667da34
MH		 7256 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7257 cmd ? cmd->sk : NULL);
b312b161 7258}
c35938b2 7259
4d2d2796 7260void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7261 u8 *rand192, u8 *hash256, u8 *rand256,
7262 u8 status)
c35938b2 7263{
3b0602cd 7264 struct mgmt_pending_cmd *cmd;
c35938b2 7265
744cf19e 7266 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7267
2e58ef3e 7268 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7269 if (!cmd)
3edaf092 7270 return;
c35938b2
SJ		 7271
7272 if (status) {
a69e8375
JH		 7273 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7274 mgmt_status(status));
c35938b2 7275 } else {
66f096f7
JH		 7276 struct mgmt_rp_read_local_oob_data rp;
7277 size_t rp_size = sizeof(rp);
4d2d2796 7278
66f096f7
JH		 7279 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7280 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7281
66f096f7 7282 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7283 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7284 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7285 } else {
66f096f7 7286 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7287 }
66f096f7 7288
2a1afb5a
JH		 7289 mgmt_cmd_complete(cmd->sk, hdev->id,
7290 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7291 &rp, rp_size);
c35938b2
SJ		 7292 }
7293
7294 mgmt_pending_remove(cmd);
c35938b2 7295}
e17acd40 7296
799ce93d
JP		 7297static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7298{
7299 int i;
7300
7301 for (i = 0; i < uuid_count; i++) {
7302 if (!memcmp(uuid, uuids[i], 16))
7303 return true;
7304 }
7305
7306 return false;
7307}
7308
b487b9ce
MH		 7309static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7310{
799ce93d
JP		 7311 u16 parsed = 0;
7312
7313 while (parsed < eir_len) {
7314 u8 field_len = eir[0];
7315 u8 uuid[16];
7316 int i;
7317
7318 if (field_len == 0)
7319 break;
7320
7321 if (eir_len - parsed < field_len + 1)
7322 break;
7323
7324 switch (eir[1]) {
7325 case EIR_UUID16_ALL:
7326 case EIR_UUID16_SOME:
7327 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7328 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7329 uuid[13] = eir[i + 3];
7330 uuid[12] = eir[i + 2];
7331 if (has_uuid(uuid, uuid_count, uuids))
7332 return true;
7333 }
7334 break;
7335 case EIR_UUID32_ALL:
7336 case EIR_UUID32_SOME:
7337 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7338 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7339 uuid[15] = eir[i + 5];
7340 uuid[14] = eir[i + 4];
7341 uuid[13] = eir[i + 3];
7342 uuid[12] = eir[i + 2];
7343 if (has_uuid(uuid, uuid_count, uuids))
7344 return true;
7345 }
7346 break;
7347 case EIR_UUID128_ALL:
7348 case EIR_UUID128_SOME:
7349 for (i = 0; i + 17 <= field_len; i += 16) {
7350 memcpy(uuid, eir + i + 2, 16);
7351 if (has_uuid(uuid, uuid_count, uuids))
7352 return true;
7353 }
7354 break;
7355 }
7356
7357 parsed += field_len + 1;
7358 eir += field_len + 1;
7359 }
7360
b487b9ce
MH		 7361 return false;
7362}
7363
4b0e0ced
JP		 7364static void restart_le_scan(struct hci_dev *hdev)
7365{
7366 /* If controller is not scanning we are done. */
d7a5a11d 7367 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7368 return;
7369
7370 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7371 hdev->discovery.scan_start +
7372 hdev->discovery.scan_duration))
7373 return;
7374
7375 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7376 DISCOV_LE_RESTART_DELAY);
7377}
7378
48f86b7f
JP		 7379static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7380 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7381{
48f86b7f
JP		 7382 /* If a RSSI threshold has been specified, and
7383 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7384 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7385 * is set, let it through for further processing, as we might need to
7386 * restart the scan.
efb2513f
MH		 7387 *
7388 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7389 * the results are also dropped.
bda157a4
MH		 7390 */
7391 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7392 (rssi == HCI_RSSI_INVALID ||
7393 (rssi < hdev->discovery.rssi &&
7394 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7395 return false;
efb2513f 7396
2976cdeb
JP		 7397 if (hdev->discovery.uuid_count != 0) {
7398 /* If a list of UUIDs is provided in filter, results with no
7399 * matching UUID should be dropped.
b487b9ce 7400 */
2976cdeb
JP		 7401 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7402 hdev->discovery.uuids) &&
7403 !eir_has_uuids(scan_rsp, scan_rsp_len,
7404 hdev->discovery.uuid_count,
7405 hdev->discovery.uuids))
7406 return false;
b487b9ce 7407 }
5d2e9fad 7408
2976cdeb
JP		 7409 /* If duplicate filtering does not report RSSI changes, then restart
7410 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7411 */
2976cdeb
JP		 7412 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7413 restart_le_scan(hdev);
7414
7415 /* Validate RSSI value against the RSSI threshold once more. */
7416 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7417 rssi < hdev->discovery.rssi)
7418 return false;
7419 }
48f86b7f
JP		 7420
7421 return true;
7422}
7423
7424void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7425 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7426 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7427{
7428 char buf[512];
7429 struct mgmt_ev_device_found *ev = (void *)buf;
7430 size_t ev_size;
7431
7432 /* Don't send events for a non-kernel initiated discovery. With
7433 * LE one exception is if we have pend_le_reports > 0 in which
7434 * case we're doing passive scanning and want these events.
7435 */
7436 if (!hci_discovery_active(hdev)) {
7437 if (link_type == ACL_LINK)
7438 return;
7439 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7440 return;
7441 }
7442
82f8b651 7443 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7444 /* We are using service discovery */
7445 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7446 scan_rsp_len))
7447 return;
7448 }
7449
7450 /* Make sure that the buffer is big enough. The 5 extra bytes
7451 * are for the potential CoD field.
7452 */
7453 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7454 return;
7455
48f86b7f
JP		 7456 memset(buf, 0, sizeof(buf));
7457
7458 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7459 * RSSI value was reported as 0 when not available. This behavior
7460 * is kept when using device discovery. This is required for full
7461 * backwards compatibility with the API.
7462 *
7463 * However when using service discovery, the value 127 will be
7464 * returned when the RSSI is not available.
7465 */
7466 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7467 link_type == ACL_LINK)
7468 rssi = 0;
7469
7470 bacpy(&ev->addr.bdaddr, bdaddr);
7471 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7472 ev->rssi = rssi;
7473 ev->flags = cpu_to_le32(flags);
7474
7475 if (eir_len > 0)
7476 /* Copy EIR or advertising data into event */
7477 memcpy(ev->eir, eir, eir_len);
7478
7479 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7480 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7481 dev_class, 3);
7482
7483 if (scan_rsp_len > 0)
7484 /* Append scan response data to event */
7485 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7486
5d2e9fad
JH		 7487 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7488 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7489
901801b9 7490 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7491}
a88a9652 7492
9cf12aee
MH		 7493void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7494 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7495{
b644ba33
JH		 7496 struct mgmt_ev_device_found *ev;
7497 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7498 u16 eir_len;
a88a9652 7499
b644ba33 7500 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7501
b644ba33
JH		 7502 memset(buf, 0, sizeof(buf));
7503
7504 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7505 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7506 ev->rssi = rssi;
7507
7508 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7509 name_len);
b644ba33 7510
eb55ef07 7511 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7512
9cf12aee 7513 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7514}
314b2381 7515
2f1e063b 7516void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7517{
f963e8e9 7518 struct mgmt_ev_discovering ev;
164a6e78 7519
343fb145
AG		 7520 BT_DBG("%s discovering %u", hdev->name, discovering);
7521
f963e8e9
JH		 7522 memset(&ev, 0, sizeof(ev));
7523 ev.type = hdev->discovery.type;
7524 ev.discovering = discovering;
7525
2f1e063b 7526 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7527}
5e762444 7528
1904a853 7529static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7530{
7531 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7532}
7533
7534void mgmt_reenable_advertising(struct hci_dev *hdev)
7535{
7536 struct hci_request req;
7537
d7a5a11d 7538 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
5976e608
MH		 7539 return;
7540
7541 hci_req_init(&req, hdev);
7542 enable_advertising(&req);
0ec5ae84 7543 hci_req_run(&req, adv_enable_complete);
5976e608 7544}
6d785aa3
JH		 7545
7546static struct hci_mgmt_chan chan = {
7547 .channel = HCI_CHANNEL_CONTROL,
7548 .handler_count = ARRAY_SIZE(mgmt_handlers),
7549 .handlers = mgmt_handlers,
7550};
7551
7552int mgmt_init(void)
7553{
7554 return hci_mgmt_chan_register(&chan);
7555}
7556
7557void mgmt_exit(void)
7558{
7559 hci_mgmt_chan_unregister(&chan);
7560}
ubuntu-zesty-kernel mirror