projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: fix sco_exit compile warning
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
854bda19 40#define MGMT_REVISION 8
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 99};
100
101static const u16 mgmt_events[] = {
102 MGMT_EV_CONTROLLER_ERROR,
103 MGMT_EV_INDEX_ADDED,
104 MGMT_EV_INDEX_REMOVED,
105 MGMT_EV_NEW_SETTINGS,
106 MGMT_EV_CLASS_OF_DEV_CHANGED,
107 MGMT_EV_LOCAL_NAME_CHANGED,
108 MGMT_EV_NEW_LINK_KEY,
109 MGMT_EV_NEW_LONG_TERM_KEY,
110 MGMT_EV_DEVICE_CONNECTED,
111 MGMT_EV_DEVICE_DISCONNECTED,
112 MGMT_EV_CONNECT_FAILED,
113 MGMT_EV_PIN_CODE_REQUEST,
114 MGMT_EV_USER_CONFIRM_REQUEST,
115 MGMT_EV_USER_PASSKEY_REQUEST,
116 MGMT_EV_AUTH_FAILED,
117 MGMT_EV_DEVICE_FOUND,
118 MGMT_EV_DISCOVERING,
119 MGMT_EV_DEVICE_BLOCKED,
120 MGMT_EV_DEVICE_UNBLOCKED,
121 MGMT_EV_DEVICE_UNPAIRED,
92a25256 122 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 123 MGMT_EV_NEW_IRK,
7ee4ea36 124 MGMT_EV_NEW_CSRK,
8afef092
MH		 125 MGMT_EV_DEVICE_ADDED,
126 MGMT_EV_DEVICE_REMOVED,
ffb5a827 127 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 128 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 129 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 130 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 131};
132
17b02e62 133#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 134
d25b78e2
JH		 135#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
136 "\x00\x00\x00\x00\x00\x00\x00\x00"
137
3b0602cd 138struct mgmt_pending_cmd {
eec8d2bc 139 struct list_head list;
fc2f4b13 140 u16 opcode;
eec8d2bc 141 int index;
c68fb7ff 142 void *param;
323b0b88 143 size_t param_len;
eec8d2bc 144 struct sock *sk;
e9a416b5 145 void *user_data;
3b0602cd 146 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 147};
148
ca69b795
JH		 149/* HCI to MGMT error code conversion table */
150static u8 mgmt_status_table[] = {
151 MGMT_STATUS_SUCCESS,
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
212};
213
214static u8 mgmt_status(u8 hci_status)
215{
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
218
219 return MGMT_STATUS_FAILED;
220}
221
7a00ff44
JH		 222static int mgmt_send_event(u16 event, struct hci_dev *hdev,
223 unsigned short channel, void *data, u16 data_len,
224 struct sock *skip_sk)
04c60f05
MH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228
229 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
230 if (!skb)
231 return -ENOMEM;
232
233 hdr = (void *) skb_put(skb, sizeof(*hdr));
234 hdr->opcode = cpu_to_le16(event);
235 if (hdev)
236 hdr->index = cpu_to_le16(hdev->id);
237 else
238 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
239 hdr->len = cpu_to_le16(data_len);
240
241 if (data)
242 memcpy(skb_put(skb, data_len), data, data_len);
243
244 /* Time stamp */
245 __net_timestamp(skb);
246
7a00ff44 247 hci_send_to_channel(channel, skb, skip_sk);
04c60f05
MH		 248 kfree_skb(skb);
249
250 return 0;
251}
252
7a00ff44
JH		 253static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
254 struct sock *skip_sk)
255{
256 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 skip_sk);
258}
259
a69e8375 260static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 261{
262 struct sk_buff *skb;
263 struct mgmt_hdr *hdr;
264 struct mgmt_ev_cmd_status *ev;
56b7d137 265 int err;
f7b64e69 266
34eb525c 267 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 268
790eff44 269 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 270 if (!skb)
271 return -ENOMEM;
272
273 hdr = (void *) skb_put(skb, sizeof(*hdr));
274
dcf4adbf 275 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 276 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 277 hdr->len = cpu_to_le16(sizeof(*ev));
278
279 ev = (void *) skb_put(skb, sizeof(*ev));
280 ev->status = status;
eb55ef07 281 ev->opcode = cpu_to_le16(cmd);
f7b64e69 282
56b7d137
GP		 283 err = sock_queue_rcv_skb(sk, skb);
284 if (err < 0)
f7b64e69
JH		 285 kfree_skb(skb);
286
56b7d137 287 return err;
f7b64e69
JH		 288}
289
2a1afb5a
JH		 290static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
291 void *rp, size_t rp_len)
02d98129
JH		 292{
293 struct sk_buff *skb;
294 struct mgmt_hdr *hdr;
295 struct mgmt_ev_cmd_complete *ev;
56b7d137 296 int err;
02d98129
JH		 297
298 BT_DBG("sock %p", sk);
299
790eff44 300 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 301 if (!skb)
302 return -ENOMEM;
303
304 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 305
dcf4adbf 306 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 307 hdr->index = cpu_to_le16(index);
a38528f1 308 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 309
a38528f1 310 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 311 ev->opcode = cpu_to_le16(cmd);
aee9b218 312 ev->status = status;
8020c16a
SJ		 313
314 if (rp)
315 memcpy(ev->data, rp, rp_len);
02d98129 316
56b7d137
GP		 317 err = sock_queue_rcv_skb(sk, skb);
318 if (err < 0)
02d98129
JH		 319 kfree_skb(skb);
320
e5f0e151 321 return err;
02d98129
JH		 322}
323
04124681
GP		 324static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
325 u16 data_len)
a38528f1
JH		 326{
327 struct mgmt_rp_read_version rp;
328
329 BT_DBG("sock %p", sk);
330
331 rp.version = MGMT_VERSION;
dcf4adbf 332 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 333
2a1afb5a
JH		 334 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
335 &rp, sizeof(rp));
a38528f1
JH		 336}
337
04124681
GP		 338static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
339 u16 data_len)
e70bb2e8
JH		 340{
341 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 342 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
343 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 344 __le16 *opcode;
e70bb2e8
JH		 345 size_t rp_size;
346 int i, err;
347
348 BT_DBG("sock %p", sk);
349
350 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
351
352 rp = kmalloc(rp_size, GFP_KERNEL);
353 if (!rp)
354 return -ENOMEM;
355
dcf4adbf
JP		 356 rp->num_commands = cpu_to_le16(num_commands);
357 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 358
359 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
360 put_unaligned_le16(mgmt_commands[i], opcode);
361
362 for (i = 0; i < num_events; i++, opcode++)
363 put_unaligned_le16(mgmt_events[i], opcode);
364
2a1afb5a
JH		 365 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
366 rp, rp_size);
e70bb2e8
JH		 367 kfree(rp);
368
369 return err;
370}
371
04124681
GP		 372static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
373 u16 data_len)
faba42eb 374{
faba42eb 375 struct mgmt_rp_read_index_list *rp;
8035ded4 376 struct hci_dev *d;
a38528f1 377 size_t rp_len;
faba42eb 378 u16 count;
476e44cb 379 int err;
faba42eb
JH		 380
381 BT_DBG("sock %p", sk);
382
383 read_lock(&hci_dev_list_lock);
384
385 count = 0;
bb4b2a9a 386 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 387 if (d->dev_type == HCI_BREDR &&
388 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 389 count++;
faba42eb
JH		 390 }
391
a38528f1
JH		 392 rp_len = sizeof(*rp) + (2 * count);
393 rp = kmalloc(rp_len, GFP_ATOMIC);
394 if (!rp) {
b2c60d42 395 read_unlock(&hci_dev_list_lock);
faba42eb 396 return -ENOMEM;
b2c60d42 397 }
faba42eb 398
476e44cb 399 count = 0;
8035ded4 400 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 401 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 402 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 403 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 404 continue;
405
73d1df2a
MH		 406 /* Devices marked as raw-only are neither configured
407 * nor unconfigured controllers.
408 */
409 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 410 continue;
411
73d1df2a
MH		 412 if (d->dev_type == HCI_BREDR &&
413 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 414 rp->index[count++] = cpu_to_le16(d->id);
415 BT_DBG("Added hci%u", d->id);
416 }
faba42eb
JH		 417 }
418
476e44cb
JH		 419 rp->num_controllers = cpu_to_le16(count);
420 rp_len = sizeof(*rp) + (2 * count);
421
faba42eb
JH		 422 read_unlock(&hci_dev_list_lock);
423
2a1afb5a
JH		 424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
425 0, rp, rp_len);
faba42eb 426
a38528f1
JH		 427 kfree(rp);
428
429 return err;
faba42eb
JH		 430}
431
73d1df2a
MH		 432static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
433 void *data, u16 data_len)
434{
435 struct mgmt_rp_read_unconf_index_list *rp;
436 struct hci_dev *d;
437 size_t rp_len;
438 u16 count;
439 int err;
440
441 BT_DBG("sock %p", sk);
442
443 read_lock(&hci_dev_list_lock);
444
445 count = 0;
446 list_for_each_entry(d, &hci_dev_list, list) {
447 if (d->dev_type == HCI_BREDR &&
448 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
449 count++;
450 }
451
452 rp_len = sizeof(*rp) + (2 * count);
453 rp = kmalloc(rp_len, GFP_ATOMIC);
454 if (!rp) {
455 read_unlock(&hci_dev_list_lock);
456 return -ENOMEM;
457 }
458
459 count = 0;
460 list_for_each_entry(d, &hci_dev_list, list) {
461 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 462 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 463 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
464 continue;
465
466 /* Devices marked as raw-only are neither configured
467 * nor unconfigured controllers.
468 */
469 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
470 continue;
471
472 if (d->dev_type == HCI_BREDR &&
473 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
474 rp->index[count++] = cpu_to_le16(d->id);
475 BT_DBG("Added hci%u", d->id);
476 }
477 }
478
479 rp->num_controllers = cpu_to_le16(count);
480 rp_len = sizeof(*rp) + (2 * count);
481
482 read_unlock(&hci_dev_list_lock);
483
2a1afb5a
JH		 484 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
485 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 486
487 kfree(rp);
488
489 return err;
490}
491
dbece37a
MH		 492static bool is_configured(struct hci_dev *hdev)
493{
494 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
495 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
496 return false;
497
498 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
499 !bacmp(&hdev->public_addr, BDADDR_ANY))
500 return false;
501
502 return true;
503}
504
89bc22d2
MH		 505static __le32 get_missing_options(struct hci_dev *hdev)
506{
507 u32 options = 0;
508
dbece37a
MH		 509 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
510 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 511 options |= MGMT_OPTION_EXTERNAL_CONFIG;
512
89bc22d2
MH		 513 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
514 !bacmp(&hdev->public_addr, BDADDR_ANY))
515 options |= MGMT_OPTION_PUBLIC_ADDRESS;
516
517 return cpu_to_le32(options);
518}
519
f4537c04
MH		 520static int new_options(struct hci_dev *hdev, struct sock *skip)
521{
522 __le32 options = get_missing_options(hdev);
523
524 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
525 sizeof(options), skip);
526}
527
dbece37a
MH		 528static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
529{
530 __le32 options = get_missing_options(hdev);
531
2a1afb5a
JH		 532 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
533 sizeof(options));
dbece37a
MH		 534}
535
9fc3bfb6
MH		 536static int read_config_info(struct sock *sk, struct hci_dev *hdev,
537 void *data, u16 data_len)
538{
539 struct mgmt_rp_read_config_info rp;
89bc22d2 540 u32 options = 0;
9fc3bfb6
MH		 541
542 BT_DBG("sock %p %s", sk, hdev->name);
543
544 hci_dev_lock(hdev);
545
546 memset(&rp, 0, sizeof(rp));
547 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 548
eb1904f4
MH		 549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
550 options |= MGMT_OPTION_EXTERNAL_CONFIG;
551
9fc3bfb6 552 if (hdev->set_bdaddr)
89bc22d2
MH		 553 options |= MGMT_OPTION_PUBLIC_ADDRESS;
554
555 rp.supported_options = cpu_to_le32(options);
556 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 557
558 hci_dev_unlock(hdev);
559
2a1afb5a
JH		 560 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
561 &rp, sizeof(rp));
9fc3bfb6
MH		 562}
563
69ab39ea
JH		 564static u32 get_supported_settings(struct hci_dev *hdev)
565{
566 u32 settings = 0;
567
568 settings |= MGMT_SETTING_POWERED;
b2939475 569 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 570 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 571 settings |= MGMT_SETTING_CONNECTABLE;
572 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 573
ed3fa31f 574 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 575 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
576 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 577 settings |= MGMT_SETTING_BREDR;
578 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 579
580 if (lmp_ssp_capable(hdev)) {
581 settings |= MGMT_SETTING_SSP;
582 settings |= MGMT_SETTING_HS;
583 }
e98d2ce2 584
05b3c3e7 585 if (lmp_sc_capable(hdev))
e98d2ce2 586 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 587 }
d7b7e796 588
eeca6f89 589 if (lmp_le_capable(hdev)) {
9d42820f 590 settings |= MGMT_SETTING_LE;
eeca6f89 591 settings |= MGMT_SETTING_ADVERTISING;
a3209694 592 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 593 settings |= MGMT_SETTING_PRIVACY;
93690c22 594 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 595 }
69ab39ea 596
eb1904f4
MH		 597 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
598 hdev->set_bdaddr)
9fc3bfb6
MH		 599 settings |= MGMT_SETTING_CONFIGURATION;
600
69ab39ea
JH		 601 return settings;
602}
603
604static u32 get_current_settings(struct hci_dev *hdev)
605{
606 u32 settings = 0;
607
f1f0eb02 608 if (hdev_is_powered(hdev))
f0d4b78a
MH		 609 settings |= MGMT_SETTING_POWERED;
610
5e5282bb 611 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 612 settings |= MGMT_SETTING_CONNECTABLE;
613
1a4d3c4b
JH		 614 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
615 settings |= MGMT_SETTING_FAST_CONNECTABLE;
616
5e5282bb 617 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 618 settings |= MGMT_SETTING_DISCOVERABLE;
619
b6ae8457 620 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 621 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 622
56f87901 623 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 624 settings |= MGMT_SETTING_BREDR;
625
06199cf8 626 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 627 settings |= MGMT_SETTING_LE;
628
47990ea0 629 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 630 settings |= MGMT_SETTING_LINK_SECURITY;
631
84bde9d6 632 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 633 settings |= MGMT_SETTING_SSP;
634
6d80dfd0
JH		 635 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
636 settings |= MGMT_SETTING_HS;
637
f3d3444a 638 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 639 settings |= MGMT_SETTING_ADVERTISING;
640
e98d2ce2
MH		 641 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
642 settings |= MGMT_SETTING_SECURE_CONN;
643
0663b297 644 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 645 settings |= MGMT_SETTING_DEBUG_KEYS;
646
0f4bd942
JH		 647 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
648 settings |= MGMT_SETTING_PRIVACY;
649
93690c22
MH		 650 /* The current setting for static address has two purposes. The
651 * first is to indicate if the static address will be used and
652 * the second is to indicate if it is actually set.
653 *
654 * This means if the static address is not configured, this flag
655 * will never bet set. If the address is configured, then if the
656 * address is actually used decides if the flag is set or not.
657 *
658 * For single mode LE only controllers and dual-mode controllers
659 * with BR/EDR disabled, the existence of the static address will
660 * be evaluated.
661 */
662 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
663 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
664 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
665 if (bacmp(&hdev->static_addr, BDADDR_ANY))
666 settings |= MGMT_SETTING_STATIC_ADDRESS;
667 }
668
69ab39ea
JH		 669 return settings;
670}
671
ef580372
JH		 672#define PNP_INFO_SVCLASS_ID 0x1200
673
213202ed
JH		 674static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
675{
676 u8 *ptr = data, *uuids_start = NULL;
677 struct bt_uuid *uuid;
678
679 if (len < 4)
680 return ptr;
681
682 list_for_each_entry(uuid, &hdev->uuids, list) {
683 u16 uuid16;
684
685 if (uuid->size != 16)
686 continue;
687
688 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
689 if (uuid16 < 0x1100)
690 continue;
691
692 if (uuid16 == PNP_INFO_SVCLASS_ID)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID16_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u16) > len) {
704 uuids_start[1] = EIR_UUID16_SOME;
705 break;
706 }
707
708 *ptr++ = (uuid16 & 0x00ff);
709 *ptr++ = (uuid16 & 0xff00) >> 8;
710 uuids_start[0] += sizeof(uuid16);
711 }
712
713 return ptr;
714}
715
cdf1963f
JH		 716static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 6)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 32)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID32_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + sizeof(u32) > len) {
737 uuids_start[1] = EIR_UUID32_SOME;
738 break;
739 }
740
741 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
742 ptr += sizeof(u32);
743 uuids_start[0] += sizeof(u32);
744 }
745
746 return ptr;
747}
748
c00d575b
JH		 749static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
750{
751 u8 *ptr = data, *uuids_start = NULL;
752 struct bt_uuid *uuid;
753
754 if (len < 18)
755 return ptr;
756
757 list_for_each_entry(uuid, &hdev->uuids, list) {
758 if (uuid->size != 128)
759 continue;
760
761 if (!uuids_start) {
762 uuids_start = ptr;
763 uuids_start[0] = 1;
764 uuids_start[1] = EIR_UUID128_ALL;
765 ptr += 2;
766 }
767
768 /* Stop if not enough space to put next UUID */
769 if ((ptr - data) + 16 > len) {
770 uuids_start[1] = EIR_UUID128_SOME;
771 break;
772 }
773
774 memcpy(ptr, uuid->uuid, 16);
775 ptr += 16;
776 uuids_start[0] += 16;
777 }
778
779 return ptr;
780}
781
3b0602cd
JH		 782static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
783 struct hci_dev *hdev)
eb2a8d20 784{
3b0602cd 785 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 786
787 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
788 if (cmd->opcode == opcode)
789 return cmd;
790 }
791
792 return NULL;
793}
794
3b0602cd
JH		 795static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
796 struct hci_dev *hdev,
797 const void *data)
95868426 798{
3b0602cd 799 struct mgmt_pending_cmd *cmd;
95868426
JH		 800
801 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
802 if (cmd->user_data != data)
803 continue;
804 if (cmd->opcode == opcode)
805 return cmd;
806 }
807
808 return NULL;
809}
810
f14d8f64
MH		 811static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
812{
7a5f4990
MH		 813 u8 ad_len = 0;
814 size_t name_len;
815
816 name_len = strlen(hdev->dev_name);
817 if (name_len > 0) {
818 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
819
820 if (name_len > max_len) {
821 name_len = max_len;
822 ptr[1] = EIR_NAME_SHORT;
823 } else
824 ptr[1] = EIR_NAME_COMPLETE;
825
826 ptr[0] = name_len + 1;
827
828 memcpy(ptr + 2, hdev->dev_name, name_len);
829
830 ad_len += (name_len + 2);
831 ptr += (name_len + 2);
832 }
833
834 return ad_len;
f14d8f64
MH		 835}
836
837static void update_scan_rsp_data(struct hci_request *req)
838{
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_scan_rsp_data cp;
841 u8 len;
842
7751ef1b 843 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 844 return;
845
846 memset(&cp, 0, sizeof(cp));
847
848 len = create_scan_rsp_data(hdev, cp.data);
849
eb438b5f
JH		 850 if (hdev->scan_rsp_data_len == len &&
851 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 852 return;
853
eb438b5f
JH		 854 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
855 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 856
857 cp.length = len;
858
859 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
860}
861
9a43e25f
JH		 862static u8 get_adv_discov_flags(struct hci_dev *hdev)
863{
3b0602cd 864 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 865
866 /* If there's a pending mgmt command the flags will not yet have
867 * their final values, so check for this first.
868 */
869 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
870 if (cmd) {
871 struct mgmt_mode *cp = cmd->param;
872 if (cp->val == 0x01)
873 return LE_AD_GENERAL;
874 else if (cp->val == 0x02)
875 return LE_AD_LIMITED;
876 } else {
877 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
878 return LE_AD_LIMITED;
879 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
880 return LE_AD_GENERAL;
881 }
882
883 return 0;
884}
885
46cad2ed 886static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 887{
888 u8 ad_len = 0, flags = 0;
441ad2d0 889
9a43e25f 890 flags |= get_adv_discov_flags(hdev);
441ad2d0 891
e834004b 892 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 893 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 894
895 if (flags) {
896 BT_DBG("adv flags 0x%02x", flags);
897
898 ptr[0] = 2;
899 ptr[1] = EIR_FLAGS;
900 ptr[2] = flags;
901
902 ad_len += 3;
903 ptr += 3;
904 }
905
906 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
907 ptr[0] = 2;
908 ptr[1] = EIR_TX_POWER;
909 ptr[2] = (u8) hdev->adv_tx_power;
910
911 ad_len += 3;
912 ptr += 3;
913 }
914
441ad2d0
MH		 915 return ad_len;
916}
917
5947f4bc 918static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 919{
920 struct hci_dev *hdev = req->hdev;
921 struct hci_cp_le_set_adv_data cp;
922 u8 len;
923
10994ce6 924 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 925 return;
926
927 memset(&cp, 0, sizeof(cp));
928
46cad2ed 929 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 930
931 if (hdev->adv_data_len == len &&
932 memcmp(cp.data, hdev->adv_data, len) == 0)
933 return;
934
935 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
936 hdev->adv_data_len = len;
937
938 cp.length = len;
939
940 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
941}
942
bc6d2d04
JH		 943int mgmt_update_adv_data(struct hci_dev *hdev)
944{
945 struct hci_request req;
946
947 hci_req_init(&req, hdev);
948 update_adv_data(&req);
949
950 return hci_req_run(&req, NULL);
951}
952
ef580372
JH		 953static void create_eir(struct hci_dev *hdev, u8 *data)
954{
955 u8 *ptr = data;
ef580372
JH		 956 size_t name_len;
957
958 name_len = strlen(hdev->dev_name);
959
960 if (name_len > 0) {
961 /* EIR Data type */
962 if (name_len > 48) {
963 name_len = 48;
964 ptr[1] = EIR_NAME_SHORT;
965 } else
966 ptr[1] = EIR_NAME_COMPLETE;
967
968 /* EIR Data length */
969 ptr[0] = name_len + 1;
970
971 memcpy(ptr + 2, hdev->dev_name, name_len);
972
ef580372
JH		 973 ptr += (name_len + 2);
974 }
975
bbaf444a 976 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 977 ptr[0] = 2;
978 ptr[1] = EIR_TX_POWER;
979 ptr[2] = (u8) hdev->inq_tx_power;
980
91c4e9b1
MH		 981 ptr += 3;
982 }
983
2b9be137
MH		 984 if (hdev->devid_source > 0) {
985 ptr[0] = 9;
986 ptr[1] = EIR_DEVICE_ID;
987
988 put_unaligned_le16(hdev->devid_source, ptr + 2);
989 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
990 put_unaligned_le16(hdev->devid_product, ptr + 6);
991 put_unaligned_le16(hdev->devid_version, ptr + 8);
992
2b9be137
MH		 993 ptr += 10;
994 }
995
213202ed 996 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 997 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 998 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 999}
1000
890ea898 1001static void update_eir(struct hci_request *req)
ef580372 1002{
890ea898 1003 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1004 struct hci_cp_write_eir cp;
1005
504c8dcd 1006 if (!hdev_is_powered(hdev))
890ea898 1007 return;
7770c4aa 1008
976eb20e 1009 if (!lmp_ext_inq_capable(hdev))
890ea898 1010 return;
ef580372 1011
84bde9d6 1012 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 1013 return;
ef580372 1014
a8b2d5c2 1015 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1016 return;
ef580372
JH		 1017
1018 memset(&cp, 0, sizeof(cp));
1019
1020 create_eir(hdev, cp.data);
1021
1022 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1023 return;
ef580372
JH		 1024
1025 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1026
890ea898 1027 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1028}
1029
1030static u8 get_service_classes(struct hci_dev *hdev)
1031{
1032 struct bt_uuid *uuid;
1033 u8 val = 0;
1034
1035 list_for_each_entry(uuid, &hdev->uuids, list)
1036 val |= uuid->svc_hint;
1037
1038 return val;
1039}
1040
890ea898 1041static void update_class(struct hci_request *req)
ef580372 1042{
890ea898 1043 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1044 u8 cod[3];
1045
1046 BT_DBG("%s", hdev->name);
1047
504c8dcd 1048 if (!hdev_is_powered(hdev))
890ea898 1049 return;
7770c4aa 1050
f87ea1da
JH		 1051 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1052 return;
1053
a8b2d5c2 1054 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1055 return;
ef580372
JH		 1056
1057 cod[0] = hdev->minor_class;
1058 cod[1] = hdev->major_class;
1059 cod[2] = get_service_classes(hdev);
1060
6acd7db4
MH		 1061 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1062 cod[1] |= 0x20;
1063
ef580372 1064 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1065 return;
ef580372 1066
890ea898 1067 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1068}
1069
a4858cb9 1070static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1071{
3b0602cd 1072 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1073
1074 /* If there's a pending mgmt command the flag will not yet have
1075 * it's final value, so check for this first.
1076 */
1077 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1078 if (cmd) {
1079 struct mgmt_mode *cp = cmd->param;
a4858cb9 1080 return cp->val;
199a2fb1
JH		 1081 }
1082
a4858cb9 1083 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1084}
1085
0ec5ae84
JH		 1086static void disable_advertising(struct hci_request *req)
1087{
1088 u8 enable = 0x00;
1089
1090 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1091}
1092
199a2fb1
JH		 1093static void enable_advertising(struct hci_request *req)
1094{
1095 struct hci_dev *hdev = req->hdev;
1096 struct hci_cp_le_set_adv_param cp;
8f2a0601 1097 u8 own_addr_type, enable = 0x01;
a4858cb9 1098 bool connectable;
199a2fb1 1099
0ec5ae84
JH		 1100 if (hci_conn_num(hdev, LE_LINK) > 0)
1101 return;
1102
1103 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1104 disable_advertising(req);
1105
5ce194c4 1106 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1107 * hci_update_random_address knows that it's safe to go ahead
1108 * and write a new random address. The flag will be set back on
1109 * as soon as the SET_ADV_ENABLE HCI command completes.
1110 */
5ce194c4 1111 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1112
a4858cb9 1113 connectable = get_connectable(hdev);
8f2a0601 1114
a4858cb9
JH		 1115 /* Set require_privacy to true only when non-connectable
1116 * advertising is used. In that case it is fine to use a
1117 * non-resolvable private address.
1118 */
1119 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1120 return;
1121
41c90c18 1122 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1123 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1124 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1125 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1126 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1127 cp.channel_map = hdev->le_adv_channel_map;
1128
1129 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1130
1131 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1132}
1133
7d78525d
JH		 1134static void service_cache_off(struct work_struct *work)
1135{
1136 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1137 service_cache.work);
890ea898 1138 struct hci_request req;
7d78525d 1139
a8b2d5c2 1140 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1141 return;
1142
890ea898
JH		 1143 hci_req_init(&req, hdev);
1144
7d78525d
JH		 1145 hci_dev_lock(hdev);
1146
890ea898
JH		 1147 update_eir(&req);
1148 update_class(&req);
7d78525d
JH		 1149
1150 hci_dev_unlock(hdev);
890ea898
JH		 1151
1152 hci_req_run(&req, NULL);
7d78525d
JH		 1153}
1154
d6bfd59c
JH		 1155static void rpa_expired(struct work_struct *work)
1156{
1157 struct hci_dev *hdev = container_of(work, struct hci_dev,
1158 rpa_expired.work);
1159 struct hci_request req;
1160
1161 BT_DBG("");
1162
1163 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1164
0ec5ae84 1165 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1166 return;
1167
1168 /* The generation of a new RPA and programming it into the
1169 * controller happens in the enable_advertising() function.
1170 */
d6bfd59c 1171 hci_req_init(&req, hdev);
d6bfd59c 1172 enable_advertising(&req);
d6bfd59c
JH		 1173 hci_req_run(&req, NULL);
1174}
1175
6a919082 1176static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1177{
4f87da80 1178 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1179 return;
1180
4f87da80 1181 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1182 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1183
4f87da80
JH		 1184 /* Non-mgmt controlled devices get this bit set
1185 * implicitly so that pairing works for them, however
1186 * for mgmt we require user-space to explicitly enable
1187 * it
1188 */
b6ae8457 1189 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1190}
1191
0f4e68cf 1192static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1193 void *data, u16 data_len)
0381101f 1194{
a38528f1 1195 struct mgmt_rp_read_info rp;
f7b64e69 1196
bdb6d971 1197 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1198
09fd0de5 1199 hci_dev_lock(hdev);
f7b64e69 1200
dc4fe30b
JH		 1201 memset(&rp, 0, sizeof(rp));
1202
69ab39ea 1203 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1204
69ab39ea 1205 rp.version = hdev->hci_ver;
eb55ef07 1206 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1207
1208 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1209 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1210
a38528f1 1211 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1212
dc4fe30b 1213 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1214 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1215
09fd0de5 1216 hci_dev_unlock(hdev);
0381101f 1217
2a1afb5a
JH		 1218 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1219 sizeof(rp));
0381101f
JH		 1220}
1221
3b0602cd 1222static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1223{
1224 sock_put(cmd->sk);
c68fb7ff 1225 kfree(cmd->param);
eec8d2bc
JH		 1226 kfree(cmd);
1227}
1228
3b0602cd
JH		 1229static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1230 struct hci_dev *hdev,
1231 void *data, u16 len)
eec8d2bc 1232{
3b0602cd 1233 struct mgmt_pending_cmd *cmd;
eec8d2bc 1234
fca20018 1235 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1236 if (!cmd)
366a0336 1237 return NULL;
eec8d2bc
JH		 1238
1239 cmd->opcode = opcode;
2e58ef3e 1240 cmd->index = hdev->id;
eec8d2bc 1241
323b0b88 1242 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1243 if (!cmd->param) {
eec8d2bc 1244 kfree(cmd);
366a0336 1245 return NULL;
eec8d2bc
JH		 1246 }
1247
323b0b88 1248 cmd->param_len = len;
eec8d2bc
JH		 1249
1250 cmd->sk = sk;
1251 sock_hold(sk);
1252
2e58ef3e 1253 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1254
366a0336 1255 return cmd;
eec8d2bc
JH		 1256}
1257
744cf19e 1258static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1259 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1260 void *data),
04124681 1261 void *data)
eec8d2bc 1262{
3b0602cd 1263 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1264
a3d09356 1265 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1266 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1267 continue;
1268
eec8d2bc
JH		 1269 cb(cmd, data);
1270 }
1271}
1272
3b0602cd 1273static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1274{
73f22f62
JH		 1275 list_del(&cmd->list);
1276 mgmt_pending_free(cmd);
1277}
1278
69ab39ea 1279static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1280{
69ab39ea 1281 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1282
2a1afb5a
JH		 1283 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1284 sizeof(settings));
8680570b
JH		 1285}
1286
1904a853 1287static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1288{
1289 BT_DBG("%s status 0x%02x", hdev->name, status);
1290
a3172b7e
JH		 1291 if (hci_conn_count(hdev) == 0) {
1292 cancel_delayed_work(&hdev->power_off);
8b064a3a 1293 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1294 }
8b064a3a
JH		 1295}
1296
23a48093 1297static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1298{
1299 struct hci_dev *hdev = req->hdev;
1300 struct hci_cp_remote_name_req_cancel cp;
1301 struct inquiry_entry *e;
1302
1303 switch (hdev->discovery.state) {
1304 case DISCOVERY_FINDING:
1305 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1306 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1307 } else {
1308 cancel_delayed_work(&hdev->le_scan_disable);
1309 hci_req_add_le_scan_disable(req);
1310 }
1311
23a48093 1312 return true;
21a60d30
JH		 1313
1314 case DISCOVERY_RESOLVING:
1315 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1316 NAME_PENDING);
1317 if (!e)
23a48093 1318 break;
21a60d30
JH		 1319
1320 bacpy(&cp.bdaddr, &e->data.bdaddr);
1321 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1322 &cp);
1323
23a48093 1324 return true;
21a60d30
JH		 1325
1326 default:
1327 /* Passive scanning */
23a48093 1328 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1329 hci_req_add_le_scan_disable(req);
23a48093
JH		 1330 return true;
1331 }
1332
21a60d30
JH		 1333 break;
1334 }
23a48093
JH		 1335
1336 return false;
21a60d30
JH		 1337}
1338
8b064a3a
JH		 1339static int clean_up_hci_state(struct hci_dev *hdev)
1340{
1341 struct hci_request req;
1342 struct hci_conn *conn;
23a48093
JH		 1343 bool discov_stopped;
1344 int err;
8b064a3a
JH		 1345
1346 hci_req_init(&req, hdev);
1347
1348 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1349 test_bit(HCI_PSCAN, &hdev->flags)) {
1350 u8 scan = 0x00;
1351 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1352 }
1353
73e082f8 1354 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1355 disable_advertising(&req);
1356
23a48093 1357 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1358
1359 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1360 struct hci_cp_disconnect dc;
c9910d0f
JH		 1361 struct hci_cp_reject_conn_req rej;
1362
1363 switch (conn->state) {
1364 case BT_CONNECTED:
1365 case BT_CONFIG:
1366 dc.handle = cpu_to_le16(conn->handle);
1367 dc.reason = 0x15; /* Terminated due to Power Off */
1368 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1369 break;
1370 case BT_CONNECT:
1371 if (conn->type == LE_LINK)
1372 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1373 0, NULL);
1374 else if (conn->type == ACL_LINK)
1375 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1376 6, &conn->dst);
1377 break;
1378 case BT_CONNECT2:
1379 bacpy(&rej.bdaddr, &conn->dst);
1380 rej.reason = 0x15; /* Terminated due to Power Off */
1381 if (conn->type == ACL_LINK)
1382 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1383 sizeof(rej), &rej);
1384 else if (conn->type == SCO_LINK)
1385 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1386 sizeof(rej), &rej);
1387 break;
1388 }
8b064a3a
JH		 1389 }
1390
23a48093
JH		 1391 err = hci_req_run(&req, clean_up_hci_complete);
1392 if (!err && discov_stopped)
1393 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1394
1395 return err;
8b064a3a
JH		 1396}
1397
bdb6d971 1398static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1399 u16 len)
eec8d2bc 1400{
650f726d 1401 struct mgmt_mode *cp = data;
3b0602cd 1402 struct mgmt_pending_cmd *cmd;
4b34ee78 1403 int err;
eec8d2bc 1404
bdb6d971 1405 BT_DBG("request for %s", hdev->name);
eec8d2bc 1406
a7e80f25 1407 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1409 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1410
09fd0de5 1411 hci_dev_lock(hdev);
eec8d2bc 1412
87b95ba6 1413 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1414 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1415 MGMT_STATUS_BUSY);
87b95ba6
JH		 1416 goto failed;
1417 }
1418
f0d4b78a
MH		 1419 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1420 cancel_delayed_work(&hdev->power_off);
1421
1422 if (cp->val) {
a1d70450
JH		 1423 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1424 data, len);
1425 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1426 goto failed;
1427 }
1428 }
1429
4b34ee78 1430 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1431 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1432 goto failed;
1433 }
1434
2e58ef3e 1435 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1436 if (!cmd) {
1437 err = -ENOMEM;
eec8d2bc 1438 goto failed;
366a0336 1439 }
eec8d2bc 1440
8b064a3a 1441 if (cp->val) {
19202573 1442 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1443 err = 0;
1444 } else {
1445 /* Disconnect connections, stop scans, etc */
1446 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1447 if (!err)
1448 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1449 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1450
8b064a3a
JH		 1451 /* ENODATA means there were no HCI commands queued */
1452 if (err == -ENODATA) {
a3172b7e 1453 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1454 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1455 err = 0;
1456 }
1457 }
eec8d2bc
JH		 1458
1459failed:
09fd0de5 1460 hci_dev_unlock(hdev);
366a0336 1461 return err;
eec8d2bc
JH		 1462}
1463
beadb2bd
JH		 1464static int new_settings(struct hci_dev *hdev, struct sock *skip)
1465{
1466 __le32 ev;
1467
1468 ev = cpu_to_le32(get_current_settings(hdev));
1469
1470 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1471}
1472
91a668b0
JH		 1473int mgmt_new_settings(struct hci_dev *hdev)
1474{
1475 return new_settings(hdev, NULL);
1476}
1477
bd99abdd
JH		 1478struct cmd_lookup {
1479 struct sock *sk;
1480 struct hci_dev *hdev;
1481 u8 mgmt_status;
1482};
1483
3b0602cd 1484static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1485{
1486 struct cmd_lookup *match = data;
1487
1488 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1489
1490 list_del(&cmd->list);
1491
1492 if (match->sk == NULL) {
1493 match->sk = cmd->sk;
1494 sock_hold(match->sk);
1495 }
1496
1497 mgmt_pending_free(cmd);
1498}
1499
3b0602cd 1500static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1501{
1502 u8 *status = data;
1503
a69e8375 1504 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1505 mgmt_pending_remove(cmd);
1506}
1507
3b0602cd 1508static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1509{
1510 if (cmd->cmd_complete) {
1511 u8 *status = data;
1512
1513 cmd->cmd_complete(cmd, *status);
1514 mgmt_pending_remove(cmd);
1515
1516 return;
1517 }
1518
1519 cmd_status_rsp(cmd, data);
1520}
1521
3b0602cd 1522static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1523{
2a1afb5a
JH		 1524 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1525 cmd->param, cmd->param_len);
f5818c22
JH		 1526}
1527
3b0602cd 1528static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1529{
2a1afb5a
JH		 1530 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1531 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1532}
1533
e6fe7986
JH		 1534static u8 mgmt_bredr_support(struct hci_dev *hdev)
1535{
1536 if (!lmp_bredr_capable(hdev))
1537 return MGMT_STATUS_NOT_SUPPORTED;
1538 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1539 return MGMT_STATUS_REJECTED;
1540 else
1541 return MGMT_STATUS_SUCCESS;
1542}
1543
1544static u8 mgmt_le_support(struct hci_dev *hdev)
1545{
1546 if (!lmp_le_capable(hdev))
1547 return MGMT_STATUS_NOT_SUPPORTED;
1548 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1549 return MGMT_STATUS_REJECTED;
1550 else
1551 return MGMT_STATUS_SUCCESS;
1552}
1553
1904a853
MH		 1554static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1555 u16 opcode)
bfaf8c9f 1556{
3b0602cd 1557 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1558 struct mgmt_mode *cp;
970ba524 1559 struct hci_request req;
bfaf8c9f
JH		 1560 bool changed;
1561
1562 BT_DBG("status 0x%02x", status);
1563
1564 hci_dev_lock(hdev);
1565
1566 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1567 if (!cmd)
1568 goto unlock;
1569
1570 if (status) {
1571 u8 mgmt_err = mgmt_status(status);
a69e8375 1572 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1573 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1574 goto remove_cmd;
1575 }
1576
1577 cp = cmd->param;
d4462a07 1578 if (cp->val) {
bfaf8c9f
JH		 1579 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1580 &hdev->dev_flags);
d4462a07
MH		 1581
1582 if (hdev->discov_timeout > 0) {
1583 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1584 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1585 to);
1586 }
1587 } else {
bfaf8c9f
JH		 1588 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1589 &hdev->dev_flags);
d4462a07 1590 }
bfaf8c9f
JH		 1591
1592 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1593
1594 if (changed)
1595 new_settings(hdev, cmd->sk);
1596
970ba524
MH		 1597 /* When the discoverable mode gets changed, make sure
1598 * that class of device has the limited discoverable
432df05e
JH		 1599 * bit correctly set. Also update page scan based on whitelist
1600 * entries.
970ba524
MH		 1601 */
1602 hci_req_init(&req, hdev);
1d2dc5b7 1603 __hci_update_page_scan(&req);
970ba524
MH		 1604 update_class(&req);
1605 hci_req_run(&req, NULL);
1606
bfaf8c9f
JH		 1607remove_cmd:
1608 mgmt_pending_remove(cmd);
1609
1610unlock:
1611 hci_dev_unlock(hdev);
1612}
1613
bdb6d971 1614static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1615 u16 len)
73f22f62 1616{
650f726d 1617 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1618 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1619 struct hci_request req;
5e5282bb 1620 u16 timeout;
9a43e25f 1621 u8 scan;
73f22f62
JH		 1622 int err;
1623
bdb6d971 1624 BT_DBG("request for %s", hdev->name);
73f22f62 1625
9a43e25f
JH		 1626 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1627 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 1628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1629 MGMT_STATUS_REJECTED);
33c525c0 1630
310a3d48 1631 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1633 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1634
1f350c87 1635 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1636
1637 /* Disabling discoverable requires that no timeout is set,
1638 * and enabling limited discoverable requires a timeout.
1639 */
1640 if ((cp->val == 0x00 && timeout > 0) ||
1641 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1642 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1643 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1644
09fd0de5 1645 hci_dev_lock(hdev);
73f22f62 1646
5e5282bb 1647 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1648 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1649 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1650 goto failed;
1651 }
1652
2e58ef3e 1653 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1654 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1656 MGMT_STATUS_BUSY);
73f22f62
JH		 1657 goto failed;
1658 }
1659
5e5282bb 1660 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
a69e8375
JH		 1661 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1662 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1663 goto failed;
1664 }
1665
1666 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1667 bool changed = false;
1668
310a3d48
MH		 1669 /* Setting limited discoverable when powered off is
1670 * not a valid operation since it requires a timeout
1671 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1672 */
0224d2fa
JH		 1673 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1674 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1675 changed = true;
1676 }
1677
5e5282bb 1678 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1679 if (err < 0)
1680 goto failed;
1681
1682 if (changed)
1683 err = new_settings(hdev, sk);
1684
5e5282bb
JH		 1685 goto failed;
1686 }
1687
310a3d48
MH		 1688 /* If the current mode is the same, then just update the timeout
1689 * value with the new value. And if only the timeout gets updated,
1690 * then no need for any HCI transactions.
1691 */
1692 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1693 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1694 &hdev->dev_flags)) {
36261547
MH		 1695 cancel_delayed_work(&hdev->discov_off);
1696 hdev->discov_timeout = timeout;
955638ec 1697
36261547
MH		 1698 if (cp->val && hdev->discov_timeout > 0) {
1699 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1700 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1701 to);
955638ec
MH		 1702 }
1703
69ab39ea 1704 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1705 goto failed;
1706 }
1707
2e58ef3e 1708 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1709 if (!cmd) {
1710 err = -ENOMEM;
73f22f62 1711 goto failed;
366a0336 1712 }
73f22f62 1713
310a3d48
MH		 1714 /* Cancel any potential discoverable timeout that might be
1715 * still active and store new timeout value. The arming of
1716 * the timeout happens in the complete handler.
1717 */
1718 cancel_delayed_work(&hdev->discov_off);
1719 hdev->discov_timeout = timeout;
1720
b456f87c
JH		 1721 /* Limited discoverable mode */
1722 if (cp->val == 0x02)
1723 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1724 else
1725 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1726
bfaf8c9f
JH		 1727 hci_req_init(&req, hdev);
1728
9a43e25f
JH		 1729 /* The procedure for LE-only controllers is much simpler - just
1730 * update the advertising data.
1731 */
1732 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1733 goto update_ad;
1734
73f22f62
JH		 1735 scan = SCAN_PAGE;
1736
310a3d48
MH		 1737 if (cp->val) {
1738 struct hci_cp_write_current_iac_lap hci_cp;
1739
1740 if (cp->val == 0x02) {
1741 /* Limited discoverable mode */
33337dcb 1742 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1743 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1744 hci_cp.iac_lap[1] = 0x8b;
1745 hci_cp.iac_lap[2] = 0x9e;
1746 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1747 hci_cp.iac_lap[4] = 0x8b;
1748 hci_cp.iac_lap[5] = 0x9e;
1749 } else {
1750 /* General discoverable mode */
310a3d48
MH		 1751 hci_cp.num_iac = 1;
1752 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1753 hci_cp.iac_lap[1] = 0x8b;
1754 hci_cp.iac_lap[2] = 0x9e;
1755 }
1756
1757 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1758 (hci_cp.num_iac * 3) + 1, &hci_cp);
1759
73f22f62 1760 scan |= SCAN_INQUIRY;
310a3d48
MH		 1761 } else {
1762 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1763 }
73f22f62 1764
310a3d48 1765 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1766
9a43e25f
JH		 1767update_ad:
1768 update_adv_data(&req);
1769
bfaf8c9f 1770 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1771 if (err < 0)
a664b5bc 1772 mgmt_pending_remove(cmd);
73f22f62
JH		 1773
1774failed:
09fd0de5 1775 hci_dev_unlock(hdev);
73f22f62
JH		 1776 return err;
1777}
1778
406d7804
JH		 1779static void write_fast_connectable(struct hci_request *req, bool enable)
1780{
bd98b996 1781 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1782 struct hci_cp_write_page_scan_activity acp;
1783 u8 type;
1784
547003b1
JH		 1785 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1786 return;
1787
4c01f8b8
JH		 1788 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1789 return;
1790
406d7804
JH		 1791 if (enable) {
1792 type = PAGE_SCAN_TYPE_INTERLACED;
1793
1794 /* 160 msec page scan interval */
dcf4adbf 1795 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1796 } else {
1797 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1798
1799 /* default 1.28 sec page scan */
dcf4adbf 1800 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1801 }
1802
dcf4adbf 1803 acp.window = cpu_to_le16(0x0012);
406d7804 1804
bd98b996
JH		 1805 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1806 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1807 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1808 sizeof(acp), &acp);
1809
1810 if (hdev->page_scan_type != type)
1811 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1812}
1813
1904a853
MH		 1814static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1815 u16 opcode)
2b76f453 1816{
3b0602cd 1817 struct mgmt_pending_cmd *cmd;
d7b856f9 1818 struct mgmt_mode *cp;
bc6d2d04 1819 bool conn_changed, discov_changed;
2b76f453
JH		 1820
1821 BT_DBG("status 0x%02x", status);
1822
1823 hci_dev_lock(hdev);
1824
1825 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1826 if (!cmd)
1827 goto unlock;
1828
37438c1f
JH		 1829 if (status) {
1830 u8 mgmt_err = mgmt_status(status);
a69e8375 1831 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1832 goto remove_cmd;
1833 }
1834
d7b856f9 1835 cp = cmd->param;
bc6d2d04
JH		 1836 if (cp->val) {
1837 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1838 &hdev->dev_flags);
1839 discov_changed = false;
1840 } else {
1841 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1842 &hdev->dev_flags);
1843 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1844 &hdev->dev_flags);
1845 }
d7b856f9 1846
2b76f453
JH		 1847 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1848
bc6d2d04 1849 if (conn_changed || discov_changed) {
d7b856f9 1850 new_settings(hdev, cmd->sk);
1d2dc5b7 1851 hci_update_page_scan(hdev);
bc6d2d04
JH		 1852 if (discov_changed)
1853 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1854 hci_update_background_scan(hdev);
1855 }
d7b856f9 1856
37438c1f 1857remove_cmd:
2b76f453
JH		 1858 mgmt_pending_remove(cmd);
1859
1860unlock:
1861 hci_dev_unlock(hdev);
1862}
1863
e8ba3a1f
JH		 1864static int set_connectable_update_settings(struct hci_dev *hdev,
1865 struct sock *sk, u8 val)
1866{
1867 bool changed = false;
1868 int err;
1869
1870 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1871 changed = true;
1872
1873 if (val) {
1874 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1875 } else {
1876 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1877 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1878 }
1879
1880 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1881 if (err < 0)
1882 return err;
1883
562064e6 1884 if (changed) {
1d2dc5b7 1885 hci_update_page_scan(hdev);
562064e6 1886 hci_update_background_scan(hdev);
e8ba3a1f 1887 return new_settings(hdev, sk);
562064e6 1888 }
e8ba3a1f
JH		 1889
1890 return 0;
1891}
1892
bdb6d971 1893static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1894 u16 len)
9fbcbb45 1895{
650f726d 1896 struct mgmt_mode *cp = data;
3b0602cd 1897 struct mgmt_pending_cmd *cmd;
2b76f453 1898 struct hci_request req;
1987fdc7 1899 u8 scan;
9fbcbb45
JH		 1900 int err;
1901
bdb6d971 1902 BT_DBG("request for %s", hdev->name);
9fbcbb45 1903
1987fdc7
JH		 1904 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1905 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 1906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1907 MGMT_STATUS_REJECTED);
33c525c0 1908
a7e80f25 1909 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1910 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1911 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1912
09fd0de5 1913 hci_dev_lock(hdev);
9fbcbb45 1914
4b34ee78 1915 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1916 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1917 goto failed;
1918 }
1919
2e58ef3e 1920 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1921 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1922 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1923 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1924 goto failed;
1925 }
1926
2e58ef3e 1927 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1928 if (!cmd) {
1929 err = -ENOMEM;
9fbcbb45 1930 goto failed;
366a0336 1931 }
9fbcbb45 1932
9b74246f 1933 hci_req_init(&req, hdev);
9fbcbb45 1934
9a43e25f
JH		 1935 /* If BR/EDR is not enabled and we disable advertising as a
1936 * by-product of disabling connectable, we need to update the
1937 * advertising flags.
1938 */
1939 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1940 if (!cp->val) {
1941 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1942 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1943 }
1944 update_adv_data(&req);
1945 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1946 if (cp->val) {
1947 scan = SCAN_PAGE;
1948 } else {
3bd27240
JH		 1949 /* If we don't have any whitelist entries just
1950 * disable all scanning. If there are entries
1951 * and we had both page and inquiry scanning
1952 * enabled then fall back to only page scanning.
1953 * Otherwise no changes are needed.
1954 */
1955 if (list_empty(&hdev->whitelist))
1956 scan = SCAN_DISABLED;
1957 else if (test_bit(HCI_ISCAN, &hdev->flags))
1958 scan = SCAN_PAGE;
1959 else
1960 goto no_scan_update;
9b74246f
JH		 1961
1962 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1963 hdev->discov_timeout > 0)
9b74246f
JH		 1964 cancel_delayed_work(&hdev->discov_off);
1965 }
2b76f453 1966
9b74246f
JH		 1967 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1968 }
2b76f453 1969
3bd27240 1970no_scan_update:
4c01f8b8
JH		 1971 /* If we're going from non-connectable to connectable or
1972 * vice-versa when fast connectable is enabled ensure that fast
1973 * connectable gets disabled. write_fast_connectable won't do
1974 * anything if the page scan parameters are already what they
1975 * should be.
1976 */
1977 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1978 write_fast_connectable(&req, false);
1979
e8b1202c
JH		 1980 /* Update the advertising parameters if necessary */
1981 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1982 enable_advertising(&req);
1987fdc7 1983
2b76f453 1984 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1985 if (err < 0) {
a664b5bc 1986 mgmt_pending_remove(cmd);
9b74246f 1987 if (err == -ENODATA)
a81070ba
JH		 1988 err = set_connectable_update_settings(hdev, sk,
1989 cp->val);
9b74246f
JH		 1990 goto failed;
1991 }
9fbcbb45
JH		 1992
1993failed:
09fd0de5 1994 hci_dev_unlock(hdev);
9fbcbb45
JH		 1995 return err;
1996}
1997
b2939475 1998static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1999 u16 len)
c542a06c 2000{
650f726d 2001 struct mgmt_mode *cp = data;
55594356 2002 bool changed;
c542a06c
JH		 2003 int err;
2004
bdb6d971 2005 BT_DBG("request for %s", hdev->name);
c542a06c 2006
a7e80f25 2007 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2008 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2009 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2010
09fd0de5 2011 hci_dev_lock(hdev);
c542a06c
JH		 2012
2013 if (cp->val)
b6ae8457 2014 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2015 else
b6ae8457 2016 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2017
b2939475 2018 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2019 if (err < 0)
55594356 2020 goto unlock;
c542a06c 2021
55594356
MH		 2022 if (changed)
2023 err = new_settings(hdev, sk);
c542a06c 2024
55594356 2025unlock:
09fd0de5 2026 hci_dev_unlock(hdev);
c542a06c
JH		 2027 return err;
2028}
2029
04124681
GP		 2030static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2031 u16 len)
33ef95ed
JH		 2032{
2033 struct mgmt_mode *cp = data;
3b0602cd 2034 struct mgmt_pending_cmd *cmd;
e6fe7986 2035 u8 val, status;
33ef95ed
JH		 2036 int err;
2037
bdb6d971 2038 BT_DBG("request for %s", hdev->name);
33ef95ed 2039
e6fe7986
JH		 2040 status = mgmt_bredr_support(hdev);
2041 if (status)
a69e8375
JH		 2042 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2043 status);
33c525c0 2044
a7e80f25 2045 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2046 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2047 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2048
33ef95ed
JH		 2049 hci_dev_lock(hdev);
2050
4b34ee78 2051 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2052 bool changed = false;
2053
2054 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2055 &hdev->dev_flags)) {
47990ea0
JH		 2056 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2057 changed = true;
2058 }
2059
2060 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2061 if (err < 0)
2062 goto failed;
2063
2064 if (changed)
2065 err = new_settings(hdev, sk);
2066
33ef95ed
JH		 2067 goto failed;
2068 }
2069
2070 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2071 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2072 MGMT_STATUS_BUSY);
33ef95ed
JH		 2073 goto failed;
2074 }
2075
2076 val = !!cp->val;
2077
2078 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2079 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2080 goto failed;
2081 }
2082
2083 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2084 if (!cmd) {
2085 err = -ENOMEM;
2086 goto failed;
2087 }
2088
2089 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2090 if (err < 0) {
2091 mgmt_pending_remove(cmd);
2092 goto failed;
2093 }
2094
2095failed:
2096 hci_dev_unlock(hdev);
33ef95ed
JH		 2097 return err;
2098}
2099
bdb6d971 2100static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2101{
2102 struct mgmt_mode *cp = data;
3b0602cd 2103 struct mgmt_pending_cmd *cmd;
72ef0c1a 2104 u8 status;
ed2c4ee3
JH		 2105 int err;
2106
bdb6d971 2107 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2108
cdba5281
MH		 2109 status = mgmt_bredr_support(hdev);
2110 if (status)
a69e8375 2111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2112
13ecd8b6 2113 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2114 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2115 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2116
a7e80f25 2117 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2119 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2120
13ecd8b6 2121 hci_dev_lock(hdev);
6c8f12c1 2122
4b34ee78 2123 if (!hdev_is_powered(hdev)) {
9ecb3e24 2124 bool changed;
c0ecddc2 2125
9ecb3e24
MH		 2126 if (cp->val) {
2127 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2128 &hdev->dev_flags);
2129 } else {
2130 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2131 &hdev->dev_flags);
2132 if (!changed)
2133 changed = test_and_clear_bit(HCI_HS_ENABLED,
2134 &hdev->dev_flags);
2135 else
2136 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2137 }
2138
2139 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2140 if (err < 0)
2141 goto failed;
2142
2143 if (changed)
2144 err = new_settings(hdev, sk);
2145
ed2c4ee3
JH		 2146 goto failed;
2147 }
2148
94d52dad 2149 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2150 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2151 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2152 goto failed;
2153 }
2154
72ef0c1a 2155 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2156 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2157 goto failed;
2158 }
2159
2160 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2161 if (!cmd) {
2162 err = -ENOMEM;
2163 goto failed;
2164 }
2165
3769972b
JH		 2166 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2167 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2168 sizeof(cp->val), &cp->val);
2169
72ef0c1a 2170 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2171 if (err < 0) {
2172 mgmt_pending_remove(cmd);
2173 goto failed;
2174 }
2175
2176failed:
2177 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2178 return err;
2179}
2180
bdb6d971 2181static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2182{
2183 struct mgmt_mode *cp = data;
ee392693 2184 bool changed;
e6fe7986 2185 u8 status;
ee392693 2186 int err;
6d80dfd0 2187
bdb6d971 2188 BT_DBG("request for %s", hdev->name);
6d80dfd0 2189
e6fe7986
JH		 2190 status = mgmt_bredr_support(hdev);
2191 if (status)
a69e8375 2192 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2193
9ecb3e24 2194 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2196 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24
MH		 2197
2198 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
a69e8375
JH		 2199 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2200 MGMT_STATUS_REJECTED);
9ecb3e24 2201
a7e80f25 2202 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2204 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2205
ee392693
MH		 2206 hci_dev_lock(hdev);
2207
a2cb01de 2208 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2210 MGMT_STATUS_BUSY);
a2cb01de
JH		 2211 goto unlock;
2212 }
2213
a0cdf960 2214 if (cp->val) {
ee392693 2215 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2216 } else {
2217 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2218 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2219 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2220 goto unlock;
2221 }
2222
ee392693 2223 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2224 }
ee392693
MH		 2225
2226 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2227 if (err < 0)
2228 goto unlock;
2229
2230 if (changed)
2231 err = new_settings(hdev, sk);
6d80dfd0 2232
ee392693
MH		 2233unlock:
2234 hci_dev_unlock(hdev);
2235 return err;
6d80dfd0
JH		 2236}
2237
1904a853 2238static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2239{
2240 struct cmd_lookup match = { NULL, hdev };
2241
3ad67582
JK		 2242 hci_dev_lock(hdev);
2243
416a4ae5
JH		 2244 if (status) {
2245 u8 mgmt_err = mgmt_status(status);
2246
2247 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2248 &mgmt_err);
3ad67582 2249 goto unlock;
416a4ae5
JH		 2250 }
2251
2252 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2253
2254 new_settings(hdev, match.sk);
2255
2256 if (match.sk)
2257 sock_put(match.sk);
441ad2d0
MH		 2258
2259 /* Make sure the controller has a good default for
2260 * advertising data. Restrict the update to when LE
2261 * has actually been enabled. During power on, the
2262 * update in powered_update_hci will take care of it.
2263 */
2264 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2265 struct hci_request req;
2266
441ad2d0 2267 hci_req_init(&req, hdev);
5947f4bc 2268 update_adv_data(&req);
f14d8f64 2269 update_scan_rsp_data(&req);
2cf22218 2270 __hci_update_background_scan(&req);
441ad2d0 2271 hci_req_run(&req, NULL);
441ad2d0 2272 }
3ad67582
JK		 2273
2274unlock:
2275 hci_dev_unlock(hdev);
416a4ae5
JH		 2276}
2277
bdb6d971 2278static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2279{
2280 struct mgmt_mode *cp = data;
2281 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2282 struct mgmt_pending_cmd *cmd;
416a4ae5 2283 struct hci_request req;
06199cf8 2284 int err;
0b60eba1 2285 u8 val, enabled;
06199cf8 2286
bdb6d971 2287 BT_DBG("request for %s", hdev->name);
06199cf8 2288
13ecd8b6 2289 if (!lmp_le_capable(hdev))
a69e8375
JH		 2290 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2291 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2292
a7e80f25 2293 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2294 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2295 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2296
c73eee91 2297 /* LE-only devices do not allow toggling LE on/off */
56f87901 2298 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 2299 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2300 MGMT_STATUS_REJECTED);
c73eee91 2301
13ecd8b6 2302 hci_dev_lock(hdev);
06199cf8
JH		 2303
2304 val = !!cp->val;
ffa88e02 2305 enabled = lmp_host_le_capable(hdev);
06199cf8 2306
0b60eba1 2307 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2308 bool changed = false;
2309
2310 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2311 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2312 changed = true;
2313 }
2314
f3d3444a
JH		 2315 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2316 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2317 changed = true;
2318 }
2319
06199cf8
JH		 2320 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2321 if (err < 0)
1de028ce 2322 goto unlock;
06199cf8
JH		 2323
2324 if (changed)
2325 err = new_settings(hdev, sk);
2326
1de028ce 2327 goto unlock;
06199cf8
JH		 2328 }
2329
4375f103
JH		 2330 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2331 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2332 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2333 MGMT_STATUS_BUSY);
1de028ce 2334 goto unlock;
06199cf8
JH		 2335 }
2336
2337 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2338 if (!cmd) {
2339 err = -ENOMEM;
1de028ce 2340 goto unlock;
06199cf8
JH		 2341 }
2342
441ad2d0
MH		 2343 hci_req_init(&req, hdev);
2344
06199cf8
JH		 2345 memset(&hci_cp, 0, sizeof(hci_cp));
2346
2347 if (val) {
2348 hci_cp.le = val;
32226e4f 2349 hci_cp.simul = 0x00;
441ad2d0 2350 } else {
73e082f8 2351 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2352 disable_advertising(&req);
06199cf8
JH		 2353 }
2354
416a4ae5
JH		 2355 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2356 &hci_cp);
2357
2358 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2359 if (err < 0)
06199cf8 2360 mgmt_pending_remove(cmd);
06199cf8 2361
1de028ce
JH		 2362unlock:
2363 hci_dev_unlock(hdev);
06199cf8
JH		 2364 return err;
2365}
2366
0cab9c80
JH		 2367/* This is a helper function to test for pending mgmt commands that can
2368 * cause CoD or EIR HCI commands. We can only allow one such pending
2369 * mgmt command at a time since otherwise we cannot easily track what
2370 * the current values are, will be, and based on that calculate if a new
2371 * HCI command needs to be sent and if yes with what value.
2372 */
2373static bool pending_eir_or_class(struct hci_dev *hdev)
2374{
3b0602cd 2375 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2376
2377 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2378 switch (cmd->opcode) {
2379 case MGMT_OP_ADD_UUID:
2380 case MGMT_OP_REMOVE_UUID:
2381 case MGMT_OP_SET_DEV_CLASS:
2382 case MGMT_OP_SET_POWERED:
2383 return true;
2384 }
2385 }
2386
2387 return false;
2388}
2389
83be8eca
JH		 2390static const u8 bluetooth_base_uuid[] = {
2391 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2392 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2393};
2394
2395static u8 get_uuid_size(const u8 *uuid)
2396{
2397 u32 val;
2398
2399 if (memcmp(uuid, bluetooth_base_uuid, 12))
2400 return 128;
2401
2402 val = get_unaligned_le32(&uuid[12]);
2403 if (val > 0xffff)
2404 return 32;
2405
2406 return 16;
2407}
2408
92da6097
JH		 2409static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2410{
3b0602cd 2411 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2412
2413 hci_dev_lock(hdev);
2414
2415 cmd = mgmt_pending_find(mgmt_op, hdev);
2416 if (!cmd)
2417 goto unlock;
2418
2a1afb5a
JH		 2419 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2420 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2421
2422 mgmt_pending_remove(cmd);
2423
2424unlock:
2425 hci_dev_unlock(hdev);
2426}
2427
1904a853 2428static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2429{
2430 BT_DBG("status 0x%02x", status);
2431
2432 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2433}
2434
bdb6d971 2435static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2436{
650f726d 2437 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2438 struct mgmt_pending_cmd *cmd;
890ea898 2439 struct hci_request req;
2aeb9a1a 2440 struct bt_uuid *uuid;
2aeb9a1a
JH		 2441 int err;
2442
bdb6d971 2443 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2444
09fd0de5 2445 hci_dev_lock(hdev);
2aeb9a1a 2446
0cab9c80 2447 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2448 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2449 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2450 goto failed;
2451 }
2452
92c4c204 2453 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2454 if (!uuid) {
2455 err = -ENOMEM;
2456 goto failed;
2457 }
2458
2459 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2460 uuid->svc_hint = cp->svc_hint;
83be8eca 2461 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2462
de66aa63 2463 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2464
890ea898 2465 hci_req_init(&req, hdev);
1aff6f09 2466
890ea898
JH		 2467 update_class(&req);
2468 update_eir(&req);
2469
92da6097
JH		 2470 err = hci_req_run(&req, add_uuid_complete);
2471 if (err < 0) {
2472 if (err != -ENODATA)
2473 goto failed;
80a1e1db 2474
2a1afb5a
JH		 2475 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2476 hdev->dev_class, 3);
90e70454
JH		 2477 goto failed;
2478 }
2479
2480 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2481 if (!cmd) {
90e70454 2482 err = -ENOMEM;
890ea898
JH		 2483 goto failed;
2484 }
2485
2486 err = 0;
2aeb9a1a
JH		 2487
2488failed:
09fd0de5 2489 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2490 return err;
2491}
2492
24b78d0f
JH		 2493static bool enable_service_cache(struct hci_dev *hdev)
2494{
2495 if (!hdev_is_powered(hdev))
2496 return false;
2497
2498 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2499 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2500 CACHE_TIMEOUT);
24b78d0f
JH		 2501 return true;
2502 }
2503
2504 return false;
2505}
2506
1904a853 2507static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2508{
2509 BT_DBG("status 0x%02x", status);
2510
2511 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2512}
2513
bdb6d971 2514static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2515 u16 len)
2aeb9a1a 2516{
650f726d 2517 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2518 struct mgmt_pending_cmd *cmd;
056341c8 2519 struct bt_uuid *match, *tmp;
2aeb9a1a 2520 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2521 struct hci_request req;
2aeb9a1a
JH		 2522 int err, found;
2523
bdb6d971 2524 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2525
09fd0de5 2526 hci_dev_lock(hdev);
2aeb9a1a 2527
0cab9c80 2528 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2529 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2530 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2531 goto unlock;
2532 }
2533
2aeb9a1a 2534 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2535 hci_uuids_clear(hdev);
4004b6d9 2536
24b78d0f 2537 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2538 err = mgmt_cmd_complete(sk, hdev->id,
2539 MGMT_OP_REMOVE_UUID,
2540 0, hdev->dev_class, 3);
24b78d0f
JH		 2541 goto unlock;
2542 }
4004b6d9 2543
9246a869 2544 goto update_class;
2aeb9a1a
JH		 2545 }
2546
2547 found = 0;
2548
056341c8 2549 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2550 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2551 continue;
2552
2553 list_del(&match->list);
482049f7 2554 kfree(match);
2aeb9a1a
JH		 2555 found++;
2556 }
2557
2558 if (found == 0) {
a69e8375
JH		 2559 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2560 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2561 goto unlock;
2562 }
2563
9246a869 2564update_class:
890ea898 2565 hci_req_init(&req, hdev);
1aff6f09 2566
890ea898
JH		 2567 update_class(&req);
2568 update_eir(&req);
2569
92da6097
JH		 2570 err = hci_req_run(&req, remove_uuid_complete);
2571 if (err < 0) {
2572 if (err != -ENODATA)
2573 goto unlock;
80a1e1db 2574
2a1afb5a
JH		 2575 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2576 hdev->dev_class, 3);
90e70454
JH		 2577 goto unlock;
2578 }
2579
2580 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2581 if (!cmd) {
90e70454 2582 err = -ENOMEM;
890ea898
JH		 2583 goto unlock;
2584 }
2585
2586 err = 0;
2aeb9a1a
JH		 2587
2588unlock:
09fd0de5 2589 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2590 return err;
2591}
2592
1904a853 2593static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2594{
2595 BT_DBG("status 0x%02x", status);
2596
2597 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2598}
2599
bdb6d971 2600static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2601 u16 len)
1aff6f09 2602{
650f726d 2603 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2604 struct mgmt_pending_cmd *cmd;
890ea898 2605 struct hci_request req;
1aff6f09
JH		 2606 int err;
2607
bdb6d971 2608 BT_DBG("request for %s", hdev->name);
1aff6f09 2609
6203fc98 2610 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2611 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2612 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2613
0cab9c80 2614 hci_dev_lock(hdev);
ee98f473 2615
0cab9c80 2616 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2618 MGMT_STATUS_BUSY);
0cab9c80
JH		 2619 goto unlock;
2620 }
c95f0ba7 2621
0cab9c80 2622 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2623 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2624 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2625 goto unlock;
2626 }
575b3a02 2627
932f5ff5
JH		 2628 hdev->major_class = cp->major;
2629 hdev->minor_class = cp->minor;
2630
b5235a65 2631 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2632 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2633 hdev->dev_class, 3);
b5235a65
JH		 2634 goto unlock;
2635 }
2636
890ea898
JH		 2637 hci_req_init(&req, hdev);
2638
a8b2d5c2 2639 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2640 hci_dev_unlock(hdev);
2641 cancel_delayed_work_sync(&hdev->service_cache);
2642 hci_dev_lock(hdev);
890ea898 2643 update_eir(&req);
7d78525d 2644 }
14c0b608 2645
890ea898
JH		 2646 update_class(&req);
2647
92da6097
JH		 2648 err = hci_req_run(&req, set_class_complete);
2649 if (err < 0) {
2650 if (err != -ENODATA)
2651 goto unlock;
1aff6f09 2652
2a1afb5a
JH		 2653 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2654 hdev->dev_class, 3);
90e70454
JH		 2655 goto unlock;
2656 }
2657
2658 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2659 if (!cmd) {
90e70454 2660 err = -ENOMEM;
890ea898
JH		 2661 goto unlock;
2662 }
2663
2664 err = 0;
1aff6f09 2665
b5235a65 2666unlock:
09fd0de5 2667 hci_dev_unlock(hdev);
1aff6f09
JH		 2668 return err;
2669}
2670
bdb6d971 2671static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2672 u16 len)
55ed8ca1 2673{
650f726d 2674 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2675 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2676 sizeof(struct mgmt_link_key_info));
4e51eae9 2677 u16 key_count, expected_len;
b1de97d8 2678 bool changed;
a492cd52 2679 int i;
55ed8ca1 2680
9060d5cf
MH		 2681 BT_DBG("request for %s", hdev->name);
2682
2683 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2684 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2685 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2686
1f350c87 2687 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2688 if (key_count > max_key_count) {
2689 BT_ERR("load_link_keys: too big key_count value %u",
2690 key_count);
a69e8375
JH		 2691 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2692 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2693 }
55ed8ca1 2694
86742e1e
JH		 2695 expected_len = sizeof(*cp) + key_count *
2696 sizeof(struct mgmt_link_key_info);
a492cd52 2697 if (expected_len != len) {
86742e1e 2698 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2699 expected_len, len);
a69e8375
JH		 2700 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2701 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2702 }
2703
4ae14301 2704 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2705 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2706 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2707
bdb6d971 2708 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2709 key_count);
55ed8ca1 2710
4ee71b20
JH		 2711 for (i = 0; i < key_count; i++) {
2712 struct mgmt_link_key_info *key = &cp->keys[i];
2713
8e991132 2714 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2715 return mgmt_cmd_status(sk, hdev->id,
2716 MGMT_OP_LOAD_LINK_KEYS,
2717 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2718 }
2719
09fd0de5 2720 hci_dev_lock(hdev);
55ed8ca1
JH		 2721
2722 hci_link_keys_clear(hdev);
2723
55ed8ca1 2724 if (cp->debug_keys)
0663b297
JH		 2725 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2726 &hdev->dev_flags);
55ed8ca1 2727 else
0663b297
JH		 2728 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2729 &hdev->dev_flags);
b1de97d8
MH		 2730
2731 if (changed)
2732 new_settings(hdev, NULL);
55ed8ca1 2733
a492cd52 2734 for (i = 0; i < key_count; i++) {
86742e1e 2735 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2736
58e9293c
JH		 2737 /* Always ignore debug keys and require a new pairing if
2738 * the user wants to use them.
2739 */
2740 if (key->type == HCI_LK_DEBUG_COMBINATION)
2741 continue;
2742
7652ff6a
JH		 2743 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2744 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2745 }
2746
2a1afb5a 2747 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2748
09fd0de5 2749 hci_dev_unlock(hdev);
55ed8ca1 2750
a492cd52 2751 return 0;
55ed8ca1
JH		 2752}
2753
b1078ad0 2754static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2755 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2756{
2757 struct mgmt_ev_device_unpaired ev;
2758
2759 bacpy(&ev.addr.bdaddr, bdaddr);
2760 ev.addr.type = addr_type;
2761
2762 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2763 skip_sk);
b1078ad0
JH		 2764}
2765
bdb6d971 2766static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2767 u16 len)
55ed8ca1 2768{
124f6e35
JH		 2769 struct mgmt_cp_unpair_device *cp = data;
2770 struct mgmt_rp_unpair_device rp;
a8a1d19e 2771 struct hci_cp_disconnect dc;
3b0602cd 2772 struct mgmt_pending_cmd *cmd;
55ed8ca1 2773 struct hci_conn *conn;
55ed8ca1
JH		 2774 int err;
2775
a8a1d19e 2776 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2777 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2778 rp.addr.type = cp->addr.type;
a8a1d19e 2779
4ee71b20 2780 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2781 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2782 MGMT_STATUS_INVALID_PARAMS,
2783 &rp, sizeof(rp));
4ee71b20 2784
118da70b 2785 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2786 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2787 MGMT_STATUS_INVALID_PARAMS,
2788 &rp, sizeof(rp));
118da70b 2789
4ee71b20
JH		 2790 hci_dev_lock(hdev);
2791
86a8cfc6 2792 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2793 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2794 MGMT_STATUS_NOT_POWERED, &rp,
2795 sizeof(rp));
86a8cfc6
JH		 2796 goto unlock;
2797 }
2798
e0b2b27e 2799 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2800 /* If disconnection is requested, then look up the
2801 * connection. If the remote device is connected, it
2802 * will be later used to terminate the link.
2803 *
2804 * Setting it to NULL explicitly will cause no
2805 * termination of the link.
2806 */
2807 if (cp->disconnect)
2808 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2809 &cp->addr.bdaddr);
2810 else
2811 conn = NULL;
2812
124f6e35 2813 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2814 } else {
2815 u8 addr_type;
2816
89cbb063
AA		 2817 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2818 &cp->addr.bdaddr);
2819 if (conn) {
2820 /* Defer clearing up the connection parameters
2821 * until closing to give a chance of keeping
2822 * them if a repairing happens.
2823 */
2824 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2825
2826 /* If disconnection is not requested, then
2827 * clear the connection variable so that the
2828 * link is not terminated.
2829 */
2830 if (!cp->disconnect)
2831 conn = NULL;
2832 }
2833
e0b2b27e
JH		 2834 if (cp->addr.type == BDADDR_LE_PUBLIC)
2835 addr_type = ADDR_LE_DEV_PUBLIC;
2836 else
2837 addr_type = ADDR_LE_DEV_RANDOM;
2838
a7ec7338
JH		 2839 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2840
e0b2b27e
JH		 2841 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2842 }
b0dbfb46 2843
55ed8ca1 2844 if (err < 0) {
2a1afb5a
JH		 2845 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2846 MGMT_STATUS_NOT_PAIRED, &rp,
2847 sizeof(rp));
55ed8ca1
JH		 2848 goto unlock;
2849 }
2850
89cbb063
AA		 2851 /* If the connection variable is set, then termination of the
2852 * link is requested.
2853 */
a8a1d19e 2854 if (!conn) {
2a1afb5a
JH		 2855 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2856 &rp, sizeof(rp));
b1078ad0 2857 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2858 goto unlock;
2859 }
55ed8ca1 2860
124f6e35 2861 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2862 sizeof(*cp));
a8a1d19e
JH		 2863 if (!cmd) {
2864 err = -ENOMEM;
2865 goto unlock;
55ed8ca1
JH		 2866 }
2867
d8b7b1e4
JH		 2868 cmd->cmd_complete = addr_cmd_complete;
2869
eb55ef07 2870 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2871 dc.reason = 0x13; /* Remote User Terminated Connection */
2872 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2873 if (err < 0)
2874 mgmt_pending_remove(cmd);
2875
55ed8ca1 2876unlock:
09fd0de5 2877 hci_dev_unlock(hdev);
55ed8ca1
JH		 2878 return err;
2879}
2880
bdb6d971 2881static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2882 u16 len)
8962ee74 2883{
650f726d 2884 struct mgmt_cp_disconnect *cp = data;
06a63b19 2885 struct mgmt_rp_disconnect rp;
3b0602cd 2886 struct mgmt_pending_cmd *cmd;
8962ee74 2887 struct hci_conn *conn;
8962ee74
JH		 2888 int err;
2889
2890 BT_DBG("");
2891
06a63b19
JH		 2892 memset(&rp, 0, sizeof(rp));
2893 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2894 rp.addr.type = cp->addr.type;
2895
4ee71b20 2896 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2897 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2898 MGMT_STATUS_INVALID_PARAMS,
2899 &rp, sizeof(rp));
4ee71b20 2900
09fd0de5 2901 hci_dev_lock(hdev);
8962ee74
JH		 2902
2903 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2904 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2905 MGMT_STATUS_NOT_POWERED, &rp,
2906 sizeof(rp));
8962ee74
JH		 2907 goto failed;
2908 }
2909
2e58ef3e 2910 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2911 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2912 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2913 goto failed;
2914 }
2915
591f47f3 2916 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2917 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2918 &cp->addr.bdaddr);
88c3df13
JH		 2919 else
2920 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2921
f960727e 2922 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2923 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2924 MGMT_STATUS_NOT_CONNECTED, &rp,
2925 sizeof(rp));
8962ee74
JH		 2926 goto failed;
2927 }
2928
2e58ef3e 2929 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2930 if (!cmd) {
2931 err = -ENOMEM;
8962ee74 2932 goto failed;
366a0336 2933 }
8962ee74 2934
f5818c22
JH		 2935 cmd->cmd_complete = generic_cmd_complete;
2936
e3f2f92a 2937 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2938 if (err < 0)
a664b5bc 2939 mgmt_pending_remove(cmd);
8962ee74
JH		 2940
2941failed:
09fd0de5 2942 hci_dev_unlock(hdev);
8962ee74
JH		 2943 return err;
2944}
2945
57c1477c 2946static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2947{
2948 switch (link_type) {
2949 case LE_LINK:
48264f06
JH		 2950 switch (addr_type) {
2951 case ADDR_LE_DEV_PUBLIC:
591f47f3 2952 return BDADDR_LE_PUBLIC;
0ed09148 2953
48264f06 2954 default:
0ed09148 2955 /* Fallback to LE Random address type */
591f47f3 2956 return BDADDR_LE_RANDOM;
48264f06 2957 }
0ed09148 2958
4c659c39 2959 default:
0ed09148 2960 /* Fallback to BR/EDR type */
591f47f3 2961 return BDADDR_BREDR;
4c659c39
JH		 2962 }
2963}
2964
04124681
GP		 2965static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2966 u16 data_len)
2784eb41 2967{
2784eb41 2968 struct mgmt_rp_get_connections *rp;
8035ded4 2969 struct hci_conn *c;
a38528f1 2970 size_t rp_len;
60fc5fb6
JH		 2971 int err;
2972 u16 i;
2784eb41
JH		 2973
2974 BT_DBG("");
2975
09fd0de5 2976 hci_dev_lock(hdev);
2784eb41 2977
5f97c1df 2978 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2979 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2980 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2981 goto unlock;
2982 }
2983
60fc5fb6 2984 i = 0;
b644ba33
JH		 2985 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2986 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2987 i++;
2784eb41
JH		 2988 }
2989
60fc5fb6 2990 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2991 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2992 if (!rp) {
2784eb41
JH		 2993 err = -ENOMEM;
2994 goto unlock;
2995 }
2996
2784eb41 2997 i = 0;
4c659c39 2998 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2999 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3000 continue;
4c659c39 3001 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3002 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3003 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3004 continue;
3005 i++;
3006 }
3007
eb55ef07 3008 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3009
4c659c39
JH		 3010 /* Recalculate length in case of filtered SCO connections, etc */
3011 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3012
2a1afb5a
JH		 3013 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3014 rp_len);
2784eb41 3015
a38528f1 3016 kfree(rp);
5f97c1df
JH		 3017
3018unlock:
09fd0de5 3019 hci_dev_unlock(hdev);
2784eb41
JH		 3020 return err;
3021}
3022
bdb6d971 3023static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3024 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3025{
3b0602cd 3026 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3027 int err;
3028
2e58ef3e 3029 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3030 sizeof(*cp));
96d97a67
WR		 3031 if (!cmd)
3032 return -ENOMEM;
3033
d8457698 3034 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3035 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3036 if (err < 0)
3037 mgmt_pending_remove(cmd);
3038
3039 return err;
3040}
3041
bdb6d971 3042static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3043 u16 len)
980e1a53 3044{
96d97a67 3045 struct hci_conn *conn;
650f726d 3046 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3047 struct hci_cp_pin_code_reply reply;
3b0602cd 3048 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3049 int err;
3050
3051 BT_DBG("");
3052
09fd0de5 3053 hci_dev_lock(hdev);
980e1a53 3054
4b34ee78 3055 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3056 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3057 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3058 goto failed;
3059 }
3060
d8457698 3061 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3062 if (!conn) {
a69e8375
JH		 3063 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3064 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3065 goto failed;
3066 }
3067
3068 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3069 struct mgmt_cp_pin_code_neg_reply ncp;
3070
3071 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3072
3073 BT_ERR("PIN code is not 16 bytes long");
3074
bdb6d971 3075 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3076 if (err >= 0)
a69e8375
JH		 3077 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3078 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3079
3080 goto failed;
3081 }
3082
00abfe44 3083 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3084 if (!cmd) {
3085 err = -ENOMEM;
980e1a53 3086 goto failed;
366a0336 3087 }
980e1a53 3088
7776d1d8
JH		 3089 cmd->cmd_complete = addr_cmd_complete;
3090
d8457698 3091 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3092 reply.pin_len = cp->pin_len;
24718ca5 3093 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3094
3095 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3096 if (err < 0)
a664b5bc 3097 mgmt_pending_remove(cmd);
980e1a53
JH		 3098
3099failed:
09fd0de5 3100 hci_dev_unlock(hdev);
980e1a53
JH		 3101 return err;
3102}
3103
04124681
GP		 3104static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3105 u16 len)
17fa4b9d 3106{
650f726d 3107 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3108
3109 BT_DBG("");
3110
4ec86d4c 3111 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3112 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3113 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3114
09fd0de5 3115 hci_dev_lock(hdev);
17fa4b9d
JH		 3116
3117 hdev->io_capability = cp->io_capability;
3118
3119 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3120 hdev->io_capability);
17fa4b9d 3121
09fd0de5 3122 hci_dev_unlock(hdev);
17fa4b9d 3123
2a1afb5a
JH		 3124 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3125 NULL, 0);
17fa4b9d
JH		 3126}
3127
3b0602cd 3128static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3129{
3130 struct hci_dev *hdev = conn->hdev;
3b0602cd 3131 struct mgmt_pending_cmd *cmd;
e9a416b5 3132
2e58ef3e 3133 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3134 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3135 continue;
3136
e9a416b5
JH		 3137 if (cmd->user_data != conn)
3138 continue;
3139
3140 return cmd;
3141 }
3142
3143 return NULL;
3144}
3145
3b0602cd 3146static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3147{
3148 struct mgmt_rp_pair_device rp;
3149 struct hci_conn *conn = cmd->user_data;
9df74653 3150 int err;
e9a416b5 3151
61b1a7fb
JH		 3152 bacpy(&rp.addr.bdaddr, &conn->dst);
3153 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3154
2a1afb5a
JH		 3155 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3156 status, &rp, sizeof(rp));
e9a416b5
JH		 3157
3158 /* So we don't get further callbacks for this connection */
3159 conn->connect_cfm_cb = NULL;
3160 conn->security_cfm_cb = NULL;
3161 conn->disconn_cfm_cb = NULL;
3162
76a68ba0 3163 hci_conn_drop(conn);
89cbb063
AA		 3164
3165 /* The device is paired so there is no need to remove
3166 * its connection parameters anymore.
3167 */
3168 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3169
3170 hci_conn_put(conn);
9df74653
JH		 3171
3172 return err;
e9a416b5
JH		 3173}
3174
f4a407be
JH		 3175void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3176{
3177 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3178 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3179
3180 cmd = find_pairing(conn);
a511b35b 3181 if (cmd) {
04ab2749 3182 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3183 mgmt_pending_remove(cmd);
3184 }
f4a407be
JH		 3185}
3186
e9a416b5
JH		 3187static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3188{
3b0602cd 3189 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3190
3191 BT_DBG("status %u", status);
3192
3193 cmd = find_pairing(conn);
a511b35b 3194 if (!cmd) {
e9a416b5 3195 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3196 return;
3197 }
3198
3199 cmd->cmd_complete(cmd, mgmt_status(status));
3200 mgmt_pending_remove(cmd);
e9a416b5
JH		 3201}
3202
f4a407be 3203static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3204{
3b0602cd 3205 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3206
3207 BT_DBG("status %u", status);
3208
3209 if (!status)
3210 return;
3211
3212 cmd = find_pairing(conn);
a511b35b 3213 if (!cmd) {
4c47d739 3214 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3215 return;
3216 }
3217
3218 cmd->cmd_complete(cmd, mgmt_status(status));
3219 mgmt_pending_remove(cmd);
4c47d739
VA		 3220}
3221
bdb6d971 3222static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3223 u16 len)
e9a416b5 3224{
650f726d 3225 struct mgmt_cp_pair_device *cp = data;
1425acb7 3226 struct mgmt_rp_pair_device rp;
3b0602cd 3227 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3228 u8 sec_level, auth_type;
3229 struct hci_conn *conn;
e9a416b5
JH		 3230 int err;
3231
3232 BT_DBG("");
3233
f950a30e
SJ		 3234 memset(&rp, 0, sizeof(rp));
3235 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3236 rp.addr.type = cp->addr.type;
3237
4ee71b20 3238 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3239 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3240 MGMT_STATUS_INVALID_PARAMS,
3241 &rp, sizeof(rp));
4ee71b20 3242
4ec86d4c 3243 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3244 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3245 MGMT_STATUS_INVALID_PARAMS,
3246 &rp, sizeof(rp));
4ec86d4c 3247
09fd0de5 3248 hci_dev_lock(hdev);
e9a416b5 3249
5f97c1df 3250 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3251 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3252 MGMT_STATUS_NOT_POWERED, &rp,
3253 sizeof(rp));
5f97c1df
JH		 3254 goto unlock;
3255 }
3256
c908df36 3257 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3258 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3259
6f77d8c7 3260 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3261 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3262 auth_type);
6f77d8c7
AG		 3263 } else {
3264 u8 addr_type;
3265
3266 /* Convert from L2CAP channel address type to HCI address type
3267 */
3268 if (cp->addr.type == BDADDR_LE_PUBLIC)
3269 addr_type = ADDR_LE_DEV_PUBLIC;
3270 else
3271 addr_type = ADDR_LE_DEV_RANDOM;
3272
7c264b10
MH		 3273 /* When pairing a new device, it is expected to remember
3274 * this device for future connections. Adding the connection
3275 * parameter information ahead of time allows tracking
3276 * of the slave preferred values and will speed up any
3277 * further connection establishment.
3278 *
3279 * If connection parameters already exist, then they
3280 * will be kept and this function does nothing.
3281 */
3282 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3283
6f77d8c7 3284 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3285 sec_level, HCI_LE_CONN_TIMEOUT,
3286 HCI_ROLE_MASTER);
6f77d8c7 3287 }
7a512d01 3288
30e76272 3289 if (IS_ERR(conn)) {
489dc48e
AK		 3290 int status;
3291
3292 if (PTR_ERR(conn) == -EBUSY)
3293 status = MGMT_STATUS_BUSY;
faa81030
LR		 3294 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3295 status = MGMT_STATUS_NOT_SUPPORTED;
3296 else if (PTR_ERR(conn) == -ECONNREFUSED)
3297 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3298 else
3299 status = MGMT_STATUS_CONNECT_FAILED;
3300
2a1afb5a
JH		 3301 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3302 status, &rp, sizeof(rp));
e9a416b5
JH		 3303 goto unlock;
3304 }
3305
3306 if (conn->connect_cfm_cb) {
76a68ba0 3307 hci_conn_drop(conn);
2a1afb5a
JH		 3308 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3309 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3310 goto unlock;
3311 }
3312
2e58ef3e 3313 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3314 if (!cmd) {
3315 err = -ENOMEM;
76a68ba0 3316 hci_conn_drop(conn);
e9a416b5
JH		 3317 goto unlock;
3318 }
3319
04ab2749
JH		 3320 cmd->cmd_complete = pairing_complete;
3321
7a512d01 3322 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3323 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3324 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3325 conn->security_cfm_cb = pairing_complete_cb;
3326 conn->disconn_cfm_cb = pairing_complete_cb;
3327 } else {
3328 conn->connect_cfm_cb = le_pairing_complete_cb;
3329 conn->security_cfm_cb = le_pairing_complete_cb;
3330 conn->disconn_cfm_cb = le_pairing_complete_cb;
3331 }
7a512d01 3332
e9a416b5 3333 conn->io_capability = cp->io_cap;
f8aaf9b6 3334 cmd->user_data = hci_conn_get(conn);
e9a416b5 3335
6f78fd4b 3336 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3337 hci_conn_security(conn, sec_level, auth_type, true)) {
3338 cmd->cmd_complete(cmd, 0);
3339 mgmt_pending_remove(cmd);
3340 }
e9a416b5
JH		 3341
3342 err = 0;
3343
3344unlock:
09fd0de5 3345 hci_dev_unlock(hdev);
e9a416b5
JH		 3346 return err;
3347}
3348
04124681
GP		 3349static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3350 u16 len)
28424707 3351{
0f4e68cf 3352 struct mgmt_addr_info *addr = data;
3b0602cd 3353 struct mgmt_pending_cmd *cmd;
28424707
JH		 3354 struct hci_conn *conn;
3355 int err;
3356
3357 BT_DBG("");
3358
28424707
JH		 3359 hci_dev_lock(hdev);
3360
5f97c1df 3361 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3362 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3363 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3364 goto unlock;
3365 }
3366
28424707
JH		 3367 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3368 if (!cmd) {
a69e8375
JH		 3369 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3370 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3371 goto unlock;
3372 }
3373
3374 conn = cmd->user_data;
3375
3376 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3377 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3378 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3379 goto unlock;
3380 }
3381
a511b35b
JH		 3382 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3383 mgmt_pending_remove(cmd);
28424707 3384
2a1afb5a
JH		 3385 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3386 addr, sizeof(*addr));
28424707
JH		 3387unlock:
3388 hci_dev_unlock(hdev);
28424707
JH		 3389 return err;
3390}
3391
bdb6d971 3392static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3393 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3394 u16 hci_op, __le32 passkey)
a5c29683 3395{
3b0602cd 3396 struct mgmt_pending_cmd *cmd;
0df4c185 3397 struct hci_conn *conn;
a5c29683
JH		 3398 int err;
3399
09fd0de5 3400 hci_dev_lock(hdev);
08ba5382 3401
4b34ee78 3402 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3403 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3404 MGMT_STATUS_NOT_POWERED, addr,
3405 sizeof(*addr));
0df4c185 3406 goto done;
a5c29683
JH		 3407 }
3408
1707c60e
JH		 3409 if (addr->type == BDADDR_BREDR)
3410 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3411 else
1707c60e 3412 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3413
3414 if (!conn) {
2a1afb5a
JH		 3415 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3416 MGMT_STATUS_NOT_CONNECTED, addr,
3417 sizeof(*addr));
272d90df
JH		 3418 goto done;
3419 }
47c15e2b 3420
1707c60e 3421 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3422 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3423 if (!err)
2a1afb5a
JH		 3424 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3425 MGMT_STATUS_SUCCESS, addr,
3426 sizeof(*addr));
5fe57d9e 3427 else
2a1afb5a
JH		 3428 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3429 MGMT_STATUS_FAILED, addr,
3430 sizeof(*addr));
47c15e2b 3431
47c15e2b
BG		 3432 goto done;
3433 }
3434
1707c60e 3435 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3436 if (!cmd) {
3437 err = -ENOMEM;
0df4c185 3438 goto done;
a5c29683
JH		 3439 }
3440
7776d1d8
JH		 3441 cmd->cmd_complete = addr_cmd_complete;
3442
0df4c185 3443 /* Continue with pairing via HCI */
604086b7
BG		 3444 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3445 struct hci_cp_user_passkey_reply cp;
3446
1707c60e 3447 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3448 cp.passkey = passkey;
3449 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3450 } else
1707c60e
JH		 3451 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3452 &addr->bdaddr);
604086b7 3453
a664b5bc
JH		 3454 if (err < 0)
3455 mgmt_pending_remove(cmd);
a5c29683 3456
0df4c185 3457done:
09fd0de5 3458 hci_dev_unlock(hdev);
a5c29683
JH		 3459 return err;
3460}
3461
afeb019d
JK		 3462static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3463 void *data, u16 len)
3464{
3465 struct mgmt_cp_pin_code_neg_reply *cp = data;
3466
3467 BT_DBG("");
3468
1707c60e 3469 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3470 MGMT_OP_PIN_CODE_NEG_REPLY,
3471 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3472}
3473
04124681
GP		 3474static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3475 u16 len)
0df4c185 3476{
650f726d 3477 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3478
3479 BT_DBG("");
3480
3481 if (len != sizeof(*cp))
a69e8375
JH		 3482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3483 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3484
1707c60e 3485 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3486 MGMT_OP_USER_CONFIRM_REPLY,
3487 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3488}
3489
bdb6d971 3490static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3491 void *data, u16 len)
0df4c185 3492{
c9c2659f 3493 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3494
3495 BT_DBG("");
3496
1707c60e 3497 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3498 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3499 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3500}
3501
04124681
GP		 3502static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3503 u16 len)
604086b7 3504{
650f726d 3505 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3506
3507 BT_DBG("");
3508
1707c60e 3509 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3510 MGMT_OP_USER_PASSKEY_REPLY,
3511 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3512}
3513
bdb6d971 3514static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3515 void *data, u16 len)
604086b7 3516{
650f726d 3517 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3518
3519 BT_DBG("");
3520
1707c60e 3521 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3522 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3523 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3524}
3525
13928971 3526static void update_name(struct hci_request *req)
2b4bf397 3527{
13928971 3528 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3529 struct hci_cp_write_local_name cp;
3530
13928971 3531 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3532
890ea898 3533 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3534}
3535
1904a853 3536static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3537{
3538 struct mgmt_cp_set_local_name *cp;
3b0602cd 3539 struct mgmt_pending_cmd *cmd;
13928971
JH		 3540
3541 BT_DBG("status 0x%02x", status);
3542
3543 hci_dev_lock(hdev);
3544
3545 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3546 if (!cmd)
3547 goto unlock;
3548
3549 cp = cmd->param;
3550
3551 if (status)
a69e8375
JH		 3552 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3553 mgmt_status(status));
13928971 3554 else
2a1afb5a
JH		 3555 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3556 cp, sizeof(*cp));
13928971
JH		 3557
3558 mgmt_pending_remove(cmd);
3559
3560unlock:
3561 hci_dev_unlock(hdev);
3562}
3563
bdb6d971 3564static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3565 u16 len)
b312b161 3566{
2b4bf397 3567 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3568 struct mgmt_pending_cmd *cmd;
890ea898 3569 struct hci_request req;
b312b161
JH		 3570 int err;
3571
3572 BT_DBG("");
3573
09fd0de5 3574 hci_dev_lock(hdev);
b312b161 3575
b3f2ca94
JH		 3576 /* If the old values are the same as the new ones just return a
3577 * direct command complete event.
3578 */
3579 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3580 !memcmp(hdev->short_name, cp->short_name,
3581 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3582 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3583 data, len);
b3f2ca94
JH		 3584 goto failed;
3585 }
3586
2b4bf397 3587 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3588
b5235a65 3589 if (!hdev_is_powered(hdev)) {
2b4bf397 3590 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3591
2a1afb5a
JH		 3592 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3593 data, len);
28cc7bde
JH		 3594 if (err < 0)
3595 goto failed;
3596
3597 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3598 sk);
28cc7bde 3599
b5235a65
JH		 3600 goto failed;
3601 }
3602
28cc7bde 3603 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3604 if (!cmd) {
3605 err = -ENOMEM;
3606 goto failed;
3607 }
3608
13928971
JH		 3609 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3610
890ea898 3611 hci_req_init(&req, hdev);
3f985050
JH		 3612
3613 if (lmp_bredr_capable(hdev)) {
3614 update_name(&req);
3615 update_eir(&req);
3616 }
3617
7a5f4990
MH		 3618 /* The name is stored in the scan response data and so
3619 * no need to udpate the advertising data here.
3620 */
3f985050 3621 if (lmp_le_capable(hdev))
7a5f4990 3622 update_scan_rsp_data(&req);
3f985050 3623
13928971 3624 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3625 if (err < 0)
3626 mgmt_pending_remove(cmd);
3627
3628failed:
09fd0de5 3629 hci_dev_unlock(hdev);
b312b161
JH		 3630 return err;
3631}
3632
0f4e68cf 3633static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3634 void *data, u16 data_len)
c35938b2 3635{
3b0602cd 3636 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3637 int err;
3638
bdb6d971 3639 BT_DBG("%s", hdev->name);
c35938b2 3640
09fd0de5 3641 hci_dev_lock(hdev);
c35938b2 3642
4b34ee78 3643 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3644 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3645 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3646 goto unlock;
3647 }
3648
9a1a1996 3649 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3650 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3651 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3652 goto unlock;
3653 }
3654
2e58ef3e 3655 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3656 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3657 MGMT_STATUS_BUSY);
c35938b2
SJ		 3658 goto unlock;
3659 }
3660
2e58ef3e 3661 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3662 if (!cmd) {
3663 err = -ENOMEM;
3664 goto unlock;
3665 }
3666
710f11c0 3667 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3668 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3669 0, NULL);
3670 else
3671 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3672
c35938b2
SJ		 3673 if (err < 0)
3674 mgmt_pending_remove(cmd);
3675
3676unlock:
09fd0de5 3677 hci_dev_unlock(hdev);
c35938b2
SJ		 3678 return err;
3679}
3680
bdb6d971 3681static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3682 void *data, u16 len)
2763eda6 3683{
5d57e796 3684 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3685 int err;
3686
bdb6d971 3687 BT_DBG("%s ", hdev->name);
2763eda6 3688
5d57e796 3689 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3690 return mgmt_cmd_complete(sk, hdev->id,
3691 MGMT_OP_ADD_REMOTE_OOB_DATA,
3692 MGMT_STATUS_INVALID_PARAMS,
3693 addr, sizeof(*addr));
5d57e796 3694
09fd0de5 3695 hci_dev_lock(hdev);
2763eda6 3696
ec109113
MH		 3697 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3698 struct mgmt_cp_add_remote_oob_data *cp = data;
3699 u8 status;
bf1e3541 3700
c19a495c 3701 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3702 err = mgmt_cmd_complete(sk, hdev->id,
3703 MGMT_OP_ADD_REMOTE_OOB_DATA,
3704 MGMT_STATUS_INVALID_PARAMS,
3705 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3706 goto unlock;
3707 }
3708
ec109113 3709 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3710 cp->addr.type, cp->hash,
3711 cp->rand, NULL, NULL);
ec109113
MH		 3712 if (err < 0)
3713 status = MGMT_STATUS_FAILED;
3714 else
3715 status = MGMT_STATUS_SUCCESS;
3716
2a1afb5a
JH		 3717 err = mgmt_cmd_complete(sk, hdev->id,
3718 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3719 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3720 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3721 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3722 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3723 u8 status;
3724
86df9200 3725 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3726 /* Enforce zero-valued 192-bit parameters as
3727 * long as legacy SMP OOB isn't implemented.
3728 */
3729 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3730 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3731 err = mgmt_cmd_complete(sk, hdev->id,
3732 MGMT_OP_ADD_REMOTE_OOB_DATA,
3733 MGMT_STATUS_INVALID_PARAMS,
3734 addr, sizeof(*addr));
d25b78e2
JH		 3735 goto unlock;
3736 }
3737
86df9200
JH		 3738 rand192 = NULL;
3739 hash192 = NULL;
3740 } else {
41bcfd50
MH		 3741 /* In case one of the P-192 values is set to zero,
3742 * then just disable OOB data for P-192.
3743 */
3744 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3745 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3746 rand192 = NULL;
3747 hash192 = NULL;
3748 } else {
3749 rand192 = cp->rand192;
3750 hash192 = cp->hash192;
3751 }
3752 }
3753
3754 /* In case one of the P-256 values is set to zero, then just
3755 * disable OOB data for P-256.
3756 */
3757 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3758 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3759 rand256 = NULL;
3760 hash256 = NULL;
3761 } else {
3762 rand256 = cp->rand256;
3763 hash256 = cp->hash256;
86df9200
JH		 3764 }
3765
81328d5c 3766 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3767 cp->addr.type, hash192, rand192,
41bcfd50 3768 hash256, rand256);
ec109113
MH		 3769 if (err < 0)
3770 status = MGMT_STATUS_FAILED;
3771 else
3772 status = MGMT_STATUS_SUCCESS;
3773
2a1afb5a
JH		 3774 err = mgmt_cmd_complete(sk, hdev->id,
3775 MGMT_OP_ADD_REMOTE_OOB_DATA,
3776 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3777 } else {
3778 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3779 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3780 MGMT_STATUS_INVALID_PARAMS);
ec109113 3781 }
2763eda6 3782
c19a495c 3783unlock:
09fd0de5 3784 hci_dev_unlock(hdev);
2763eda6
SJ		 3785 return err;
3786}
3787
bdb6d971 3788static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3789 void *data, u16 len)
2763eda6 3790{
650f726d 3791 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3792 u8 status;
2763eda6
SJ		 3793 int err;
3794
bdb6d971 3795 BT_DBG("%s", hdev->name);
2763eda6 3796
c19a495c 3797 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3798 return mgmt_cmd_complete(sk, hdev->id,
3799 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3800 MGMT_STATUS_INVALID_PARAMS,
3801 &cp->addr, sizeof(cp->addr));
c19a495c 3802
09fd0de5 3803 hci_dev_lock(hdev);
2763eda6 3804
eedbd581
JH		 3805 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3806 hci_remote_oob_data_clear(hdev);
3807 status = MGMT_STATUS_SUCCESS;
3808 goto done;
3809 }
3810
6928a924 3811 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3812 if (err < 0)
bf1e3541 3813 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3814 else
a6785be2 3815 status = MGMT_STATUS_SUCCESS;
bf1e3541 3816
eedbd581 3817done:
2a1afb5a
JH		 3818 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3819 status, &cp->addr, sizeof(cp->addr));
2763eda6 3820
09fd0de5 3821 hci_dev_unlock(hdev);
2763eda6
SJ		 3822 return err;
3823}
3824
8019044d 3825static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3826{
8019044d
MH		 3827 struct hci_dev *hdev = req->hdev;
3828 struct hci_cp_le_set_scan_param param_cp;
3829 struct hci_cp_le_set_scan_enable enable_cp;
3830 struct hci_cp_inquiry inq_cp;
3831 /* General inquiry access code (GIAC) */
3832 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3833 u8 own_addr_type;
41dc2bd6
AG		 3834 int err;
3835
8019044d
MH		 3836 switch (hdev->discovery.type) {
3837 case DISCOV_TYPE_BREDR:
3838 *status = mgmt_bredr_support(hdev);
3839 if (*status)
3840 return false;
41dc2bd6 3841
8019044d
MH		 3842 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3843 *status = MGMT_STATUS_BUSY;
3844 return false;
3845 }
41dc2bd6 3846
8019044d 3847 hci_inquiry_cache_flush(hdev);
41dc2bd6 3848
8019044d
MH		 3849 memset(&inq_cp, 0, sizeof(inq_cp));
3850 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3851 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3852 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3853 break;
41dc2bd6 3854
8019044d
MH		 3855 case DISCOV_TYPE_LE:
3856 case DISCOV_TYPE_INTERLEAVED:
3857 *status = mgmt_le_support(hdev);
3858 if (*status)
3859 return false;
3860
3861 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3862 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3863 *status = MGMT_STATUS_NOT_SUPPORTED;
3864 return false;
3865 }
3866
3867 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3868 /* Don't let discovery abort an outgoing
3869 * connection attempt that's using directed
3870 * advertising.
3871 */
3872 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3873 BT_CONNECT)) {
3874 *status = MGMT_STATUS_REJECTED;
3875 return false;
3876 }
3877
3878 disable_advertising(req);
3879 }
3880
3881 /* If controller is scanning, it means the background scanning
3882 * is running. Thus, we should temporarily stop it in order to
3883 * set the discovery scanning parameters.
3884 */
3885 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3886 hci_req_add_le_scan_disable(req);
3887
3888 memset(&param_cp, 0, sizeof(param_cp));
3889
3890 /* All active scans will be done with either a resolvable
3891 * private address (when privacy feature has been enabled)
9437d2ed 3892 * or non-resolvable private address.
8019044d
MH		 3893 */
3894 err = hci_update_random_address(req, true, &own_addr_type);
3895 if (err < 0) {
3896 *status = MGMT_STATUS_FAILED;
3897 return false;
3898 }
3899
3900 param_cp.type = LE_SCAN_ACTIVE;
3901 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3902 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3903 param_cp.own_address_type = own_addr_type;
3904 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3905 &param_cp);
3906
3907 memset(&enable_cp, 0, sizeof(enable_cp));
3908 enable_cp.enable = LE_SCAN_ENABLE;
3909 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3910 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3911 &enable_cp);
3912 break;
3913
3914 default:
3915 *status = MGMT_STATUS_INVALID_PARAMS;
3916 return false;
3917 }
3918
3919 return true;
41dc2bd6
AG		 3920}
3921
1904a853
MH		 3922static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3923 u16 opcode)
7c307720 3924{
3b0602cd 3925 struct mgmt_pending_cmd *cmd;
11e6e25d 3926 unsigned long timeout;
ae55f598 3927
7c307720
AG		 3928 BT_DBG("status %d", status);
3929
11e6e25d 3930 hci_dev_lock(hdev);
41dc2bd6 3931
11e6e25d 3932 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3933 if (!cmd)
3934 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3935
11e6e25d 3936 if (cmd) {
2922a94f 3937 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3938 mgmt_pending_remove(cmd);
3939 }
7c307720
AG		 3940
3941 if (status) {
11e6e25d
MH		 3942 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3943 goto unlock;
7c307720
AG		 3944 }
3945
7c307720 3946 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3947
2d28cfe7
JP		 3948 /* If the scan involves LE scan, pick proper timeout to schedule
3949 * hdev->le_scan_disable that will stop it.
3950 */
7c307720
AG		 3951 switch (hdev->discovery.type) {
3952 case DISCOV_TYPE_LE:
3d5a76f0 3953 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3954 break;
7c307720 3955 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3956 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3957 break;
7c307720 3958 case DISCOV_TYPE_BREDR:
11e6e25d 3959 timeout = 0;
7c307720 3960 break;
7c307720
AG		 3961 default:
3962 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3963 timeout = 0;
3964 break;
7c307720 3965 }
ae55f598 3966
2d28cfe7
JP		 3967 if (timeout) {
3968 /* When service discovery is used and the controller has
3969 * a strict duplicate filter, it is important to remember
3970 * the start and duration of the scan. This is required
3971 * for restarting scanning during the discovery phase.
3972 */
3973 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3974 &hdev->quirks) &&
82f8b651 3975 hdev->discovery.result_filtering) {
2d28cfe7
JP		 3976 hdev->discovery.scan_start = jiffies;
3977 hdev->discovery.scan_duration = timeout;
3978 }
3979
11e6e25d
MH		 3980 queue_delayed_work(hdev->workqueue,
3981 &hdev->le_scan_disable, timeout);
2d28cfe7 3982 }
ae55f598 3983
11e6e25d
MH		 3984unlock:
3985 hci_dev_unlock(hdev);
7c307720
AG		 3986}
3987
bdb6d971 3988static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3989 void *data, u16 len)
14a53664 3990{
650f726d 3991 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3992 struct mgmt_pending_cmd *cmd;
7c307720 3993 struct hci_request req;
8019044d 3994 u8 status;
14a53664
JH		 3995 int err;
3996
bdb6d971 3997 BT_DBG("%s", hdev->name);
14a53664 3998
09fd0de5 3999 hci_dev_lock(hdev);
14a53664 4000
4b34ee78 4001 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4002 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4003 MGMT_STATUS_NOT_POWERED,
4004 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4005 goto failed;
4006 }
4007
f5a969f2
MH		 4008 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4009 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2a1afb5a
JH		 4010 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4011 MGMT_STATUS_BUSY, &cp->type,
4012 sizeof(cp->type));
642be6c7
AG		 4013 goto failed;
4014 }
4015
2922a94f 4016 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4017 if (!cmd) {
4018 err = -ENOMEM;
4019 goto failed;
4020 }
4021
2922a94f
JH		 4022 cmd->cmd_complete = generic_cmd_complete;
4023
22078800
MH		 4024 /* Clear the discovery filter first to free any previously
4025 * allocated memory for the UUID list.
4026 */
4027 hci_discovery_filter_clear(hdev);
4028
4aab14e5 4029 hdev->discovery.type = cp->type;
da25cf6a 4030 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4031
7c307720
AG		 4032 hci_req_init(&req, hdev);
4033
8019044d 4034 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4035 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4036 status, &cp->type, sizeof(cp->type));
04106755
JH		 4037 mgmt_pending_remove(cmd);
4038 goto failed;
f39799f5 4039 }
04106755 4040
7c307720 4041 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4042 if (err < 0) {
14a53664 4043 mgmt_pending_remove(cmd);
f5a969f2
MH		 4044 goto failed;
4045 }
7c307720 4046
f5a969f2 4047 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4048
14a53664 4049failed:
09fd0de5 4050 hci_dev_unlock(hdev);
14a53664
JH		 4051 return err;
4052}
f39799f5 4053
3b0602cd
JH		 4054static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4055 u8 status)
2922a94f 4056{
2a1afb5a
JH		 4057 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4058 cmd->param, 1);
2922a94f 4059}
04106755 4060
66ea9427
JP		 4061static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4062 void *data, u16 len)
4063{
4064 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4065 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4066 struct hci_request req;
4067 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4068 u16 uuid_count, expected_len;
4069 u8 status;
4070 int err;
04106755 4071
66ea9427 4072 BT_DBG("%s", hdev->name);
e8bb6b97 4073
66ea9427 4074 hci_dev_lock(hdev);
7c307720 4075
66ea9427 4076 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4077 err = mgmt_cmd_complete(sk, hdev->id,
4078 MGMT_OP_START_SERVICE_DISCOVERY,
4079 MGMT_STATUS_NOT_POWERED,
4080 &cp->type, sizeof(cp->type));
66ea9427
JP		 4081 goto failed;
4082 }
7c307720 4083
66ea9427
JP		 4084 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4085 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2a1afb5a
JH		 4086 err = mgmt_cmd_complete(sk, hdev->id,
4087 MGMT_OP_START_SERVICE_DISCOVERY,
4088 MGMT_STATUS_BUSY, &cp->type,
4089 sizeof(cp->type));
66ea9427
JP		 4090 goto failed;
4091 }
d9483943 4092
66ea9427
JP		 4093 uuid_count = __le16_to_cpu(cp->uuid_count);
4094 if (uuid_count > max_uuid_count) {
4095 BT_ERR("service_discovery: too big uuid_count value %u",
4096 uuid_count);
2a1afb5a
JH		 4097 err = mgmt_cmd_complete(sk, hdev->id,
4098 MGMT_OP_START_SERVICE_DISCOVERY,
4099 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4100 sizeof(cp->type));
66ea9427
JP		 4101 goto failed;
4102 }
4103
4104 expected_len = sizeof(*cp) + uuid_count * 16;
4105 if (expected_len != len) {
4106 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4107 expected_len, len);
2a1afb5a
JH		 4108 err = mgmt_cmd_complete(sk, hdev->id,
4109 MGMT_OP_START_SERVICE_DISCOVERY,
4110 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4111 sizeof(cp->type));
66ea9427
JP		 4112 goto failed;
4113 }
4114
4115 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4116 hdev, data, len);
66ea9427
JP		 4117 if (!cmd) {
4118 err = -ENOMEM;
4119 goto failed;
4120 }
4121
2922a94f
JH		 4122 cmd->cmd_complete = service_discovery_cmd_complete;
4123
22078800
MH		 4124 /* Clear the discovery filter first to free any previously
4125 * allocated memory for the UUID list.
4126 */
4127 hci_discovery_filter_clear(hdev);
4128
82f8b651 4129 hdev->discovery.result_filtering = true;
66ea9427
JP		 4130 hdev->discovery.type = cp->type;
4131 hdev->discovery.rssi = cp->rssi;
4132 hdev->discovery.uuid_count = uuid_count;
4133
4134 if (uuid_count > 0) {
4135 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4136 GFP_KERNEL);
4137 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4138 err = mgmt_cmd_complete(sk, hdev->id,
4139 MGMT_OP_START_SERVICE_DISCOVERY,
4140 MGMT_STATUS_FAILED,
4141 &cp->type, sizeof(cp->type));
d9483943
JH		 4142 mgmt_pending_remove(cmd);
4143 goto failed;
4144 }
66ea9427 4145 }
d9483943 4146
66ea9427 4147 hci_req_init(&req, hdev);
5e0452c0 4148
66ea9427 4149 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4150 err = mgmt_cmd_complete(sk, hdev->id,
4151 MGMT_OP_START_SERVICE_DISCOVERY,
4152 status, &cp->type, sizeof(cp->type));
04106755
JH		 4153 mgmt_pending_remove(cmd);
4154 goto failed;
f39799f5 4155 }
3fd24153 4156
7c307720 4157 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4158 if (err < 0) {
14a53664 4159 mgmt_pending_remove(cmd);
66ea9427
JP		 4160 goto failed;
4161 }
4162
4163 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4164
4165failed:
09fd0de5 4166 hci_dev_unlock(hdev);
14a53664
JH		 4167 return err;
4168}
4169
1904a853 4170static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4171{
3b0602cd 4172 struct mgmt_pending_cmd *cmd;
1183fdca 4173
0e05bba6
AG		 4174 BT_DBG("status %d", status);
4175
4176 hci_dev_lock(hdev);
4177
11e6e25d
MH		 4178 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4179 if (cmd) {
2922a94f 4180 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4181 mgmt_pending_remove(cmd);
0e05bba6
AG		 4182 }
4183
11e6e25d
MH		 4184 if (!status)
4185 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4186
0e05bba6
AG		 4187 hci_dev_unlock(hdev);
4188}
4189
bdb6d971 4190static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4191 u16 len)
14a53664 4192{
d930650b 4193 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4194 struct mgmt_pending_cmd *cmd;
0e05bba6 4195 struct hci_request req;
14a53664
JH		 4196 int err;
4197
bdb6d971 4198 BT_DBG("%s", hdev->name);
14a53664 4199
09fd0de5 4200 hci_dev_lock(hdev);
14a53664 4201
30dc78e1 4202 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4203 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4204 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4205 sizeof(mgmt_cp->type));
d930650b
JH		 4206 goto unlock;
4207 }
4208
4209 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4210 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4211 MGMT_STATUS_INVALID_PARAMS,
4212 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4213 goto unlock;
ff9ef578
JH		 4214 }
4215
2922a94f 4216 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4217 if (!cmd) {
4218 err = -ENOMEM;
30dc78e1
JH		 4219 goto unlock;
4220 }
4221
2922a94f
JH		 4222 cmd->cmd_complete = generic_cmd_complete;
4223
0e05bba6
AG		 4224 hci_req_init(&req, hdev);
4225
21a60d30 4226 hci_stop_discovery(&req);
e0d9727e 4227
21a60d30
JH		 4228 err = hci_req_run(&req, stop_discovery_complete);
4229 if (!err) {
4230 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4231 goto unlock;
14a53664
JH		 4232 }
4233
21a60d30
JH		 4234 mgmt_pending_remove(cmd);
4235
4236 /* If no HCI commands were sent we're done */
4237 if (err == -ENODATA) {
2a1afb5a
JH		 4238 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4239 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4240 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4241 }
14a53664 4242
30dc78e1 4243unlock:
09fd0de5 4244 hci_dev_unlock(hdev);
14a53664
JH		 4245 return err;
4246}
4247
bdb6d971 4248static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4249 u16 len)
561aafbc 4250{
650f726d 4251 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4252 struct inquiry_entry *e;
561aafbc
JH		 4253 int err;
4254
bdb6d971 4255 BT_DBG("%s", hdev->name);
561aafbc 4256
561aafbc
JH		 4257 hci_dev_lock(hdev);
4258
30dc78e1 4259 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4260 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4261 MGMT_STATUS_FAILED, &cp->addr,
4262 sizeof(cp->addr));
30dc78e1
JH		 4263 goto failed;
4264 }
4265
a198e7b1 4266 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4267 if (!e) {
2a1afb5a
JH		 4268 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4269 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4270 sizeof(cp->addr));
561aafbc
JH		 4271 goto failed;
4272 }
4273
4274 if (cp->name_known) {
4275 e->name_state = NAME_KNOWN;
4276 list_del(&e->list);
4277 } else {
4278 e->name_state = NAME_NEEDED;
a3d4e20a 4279 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4280 }
4281
2a1afb5a
JH		 4282 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4283 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4284
4285failed:
4286 hci_dev_unlock(hdev);
561aafbc
JH		 4287 return err;
4288}
4289
bdb6d971 4290static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4291 u16 len)
7fbec224 4292{
650f726d 4293 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4294 u8 status;
7fbec224
AJ		 4295 int err;
4296
bdb6d971 4297 BT_DBG("%s", hdev->name);
7fbec224 4298
4ee71b20 4299 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4300 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4301 MGMT_STATUS_INVALID_PARAMS,
4302 &cp->addr, sizeof(cp->addr));
4ee71b20 4303
09fd0de5 4304 hci_dev_lock(hdev);
5e762444 4305
dcc36c16
JH		 4306 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4307 cp->addr.type);
2a8357f2 4308 if (err < 0) {
f0eeea8b 4309 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4310 goto done;
4311 }
4312
4313 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4314 sk);
4315 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4316
2a8357f2 4317done:
2a1afb5a
JH		 4318 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4319 &cp->addr, sizeof(cp->addr));
5e762444 4320
09fd0de5 4321 hci_dev_unlock(hdev);
7fbec224
AJ		 4322
4323 return err;
4324}
4325
bdb6d971 4326static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4327 u16 len)
7fbec224 4328{
650f726d 4329 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4330 u8 status;
7fbec224
AJ		 4331 int err;
4332
bdb6d971 4333 BT_DBG("%s", hdev->name);
7fbec224 4334
4ee71b20 4335 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4336 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4337 MGMT_STATUS_INVALID_PARAMS,
4338 &cp->addr, sizeof(cp->addr));
4ee71b20 4339
09fd0de5 4340 hci_dev_lock(hdev);
5e762444 4341
dcc36c16
JH		 4342 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4343 cp->addr.type);
2a8357f2 4344 if (err < 0) {
f0eeea8b 4345 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4346 goto done;
4347 }
4348
4349 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4350 sk);
4351 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4352
2a8357f2 4353done:
2a1afb5a
JH		 4354 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4355 &cp->addr, sizeof(cp->addr));
5e762444 4356
09fd0de5 4357 hci_dev_unlock(hdev);
7fbec224
AJ		 4358
4359 return err;
4360}
4361
cdbaccca
MH		 4362static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4363 u16 len)
4364{
4365 struct mgmt_cp_set_device_id *cp = data;
890ea898 4366 struct hci_request req;
cdbaccca 4367 int err;
c72d4b8a 4368 __u16 source;
cdbaccca
MH		 4369
4370 BT_DBG("%s", hdev->name);
4371
c72d4b8a
SJ		 4372 source = __le16_to_cpu(cp->source);
4373
4374 if (source > 0x0002)
a69e8375
JH		 4375 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4376 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4377
cdbaccca
MH		 4378 hci_dev_lock(hdev);
4379
c72d4b8a 4380 hdev->devid_source = source;
cdbaccca
MH		 4381 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4382 hdev->devid_product = __le16_to_cpu(cp->product);
4383 hdev->devid_version = __le16_to_cpu(cp->version);
4384
2a1afb5a
JH		 4385 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4386 NULL, 0);
cdbaccca 4387
890ea898
JH		 4388 hci_req_init(&req, hdev);
4389 update_eir(&req);
4390 hci_req_run(&req, NULL);
cdbaccca
MH		 4391
4392 hci_dev_unlock(hdev);
4393
4394 return err;
4395}
4396
1904a853
MH		 4397static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4398 u16 opcode)
4375f103
JH		 4399{
4400 struct cmd_lookup match = { NULL, hdev };
4401
3ad67582
JK		 4402 hci_dev_lock(hdev);
4403
4375f103
JH		 4404 if (status) {
4405 u8 mgmt_err = mgmt_status(status);
4406
4407 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4408 cmd_status_rsp, &mgmt_err);
3ad67582 4409 goto unlock;
4375f103
JH		 4410 }
4411
c93bd150
JH		 4412 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4413 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4414 else
4415 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4416
4375f103
JH		 4417 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4418 &match);
4419
4420 new_settings(hdev, match.sk);
4421
4422 if (match.sk)
4423 sock_put(match.sk);
3ad67582
JK		 4424
4425unlock:
4426 hci_dev_unlock(hdev);
4375f103
JH		 4427}
4428
21b5187f
MH		 4429static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4430 u16 len)
4375f103
JH		 4431{
4432 struct mgmt_mode *cp = data;
3b0602cd 4433 struct mgmt_pending_cmd *cmd;
4375f103 4434 struct hci_request req;
e6fe7986 4435 u8 val, enabled, status;
4375f103
JH		 4436 int err;
4437
4438 BT_DBG("request for %s", hdev->name);
4439
e6fe7986
JH		 4440 status = mgmt_le_support(hdev);
4441 if (status)
a69e8375
JH		 4442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4443 status);
4375f103
JH		 4444
4445 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4447 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4448
4449 hci_dev_lock(hdev);
4450
4451 val = !!cp->val;
f3d3444a 4452 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4453
f74ca9b8
JH		 4454 /* The following conditions are ones which mean that we should
4455 * not do any HCI communication but directly send a mgmt
4456 * response to user space (after toggling the flag if
4457 * necessary).
4458 */
4459 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4460 hci_conn_num(hdev, LE_LINK) > 0 ||
4461 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4462 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4463 bool changed = false;
4464
f3d3444a
JH		 4465 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4466 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4467 changed = true;
4468 }
4469
4470 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4471 if (err < 0)
4472 goto unlock;
4473
4474 if (changed)
4475 err = new_settings(hdev, sk);
4476
4477 goto unlock;
4478 }
4479
4480 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4481 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4482 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4483 MGMT_STATUS_BUSY);
4375f103
JH		 4484 goto unlock;
4485 }
4486
4487 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4488 if (!cmd) {
4489 err = -ENOMEM;
4490 goto unlock;
4491 }
4492
4493 hci_req_init(&req, hdev);
4494
bba3aa55
MH		 4495 if (val)
4496 enable_advertising(&req);
4497 else
4498 disable_advertising(&req);
4375f103
JH		 4499
4500 err = hci_req_run(&req, set_advertising_complete);
4501 if (err < 0)
4502 mgmt_pending_remove(cmd);
4503
4504unlock:
4505 hci_dev_unlock(hdev);
4506 return err;
4507}
4508
d13eafce
MH		 4509static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4510 void *data, u16 len)
4511{
4512 struct mgmt_cp_set_static_address *cp = data;
4513 int err;
4514
4515 BT_DBG("%s", hdev->name);
4516
62af4443 4517 if (!lmp_le_capable(hdev))
a69e8375
JH		 4518 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4519 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4520
4521 if (hdev_is_powered(hdev))
a69e8375
JH		 4522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4523 MGMT_STATUS_REJECTED);
d13eafce
MH		 4524
4525 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4526 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4527 return mgmt_cmd_status(sk, hdev->id,
4528 MGMT_OP_SET_STATIC_ADDRESS,
4529 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4530
4531 /* Two most significant bits shall be set */
4532 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4533 return mgmt_cmd_status(sk, hdev->id,
4534 MGMT_OP_SET_STATIC_ADDRESS,
4535 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4536 }
4537
4538 hci_dev_lock(hdev);
4539
4540 bacpy(&hdev->static_addr, &cp->bdaddr);
4541
93690c22
MH		 4542 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4543 if (err < 0)
4544 goto unlock;
4545
4546 err = new_settings(hdev, sk);
d13eafce 4547
93690c22 4548unlock:
d13eafce 4549 hci_dev_unlock(hdev);
d13eafce
MH		 4550 return err;
4551}
4552
14b49b9a
MH		 4553static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4554 void *data, u16 len)
4555{
4556 struct mgmt_cp_set_scan_params *cp = data;
4557 __u16 interval, window;
4558 int err;
4559
4560 BT_DBG("%s", hdev->name);
4561
4562 if (!lmp_le_capable(hdev))
a69e8375
JH		 4563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4564 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4565
4566 interval = __le16_to_cpu(cp->interval);
4567
4568 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4570 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4571
4572 window = __le16_to_cpu(cp->window);
4573
4574 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4576 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4577
899e1075 4578 if (window > interval)
a69e8375
JH		 4579 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4580 MGMT_STATUS_INVALID_PARAMS);
899e1075 4581
14b49b9a
MH		 4582 hci_dev_lock(hdev);
4583
4584 hdev->le_scan_interval = interval;
4585 hdev->le_scan_window = window;
4586
2a1afb5a
JH		 4587 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4588 NULL, 0);
14b49b9a 4589
dd2ef8e2
AG		 4590 /* If background scan is running, restart it so new parameters are
4591 * loaded.
4592 */
4593 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4594 hdev->discovery.state == DISCOVERY_STOPPED) {
4595 struct hci_request req;
4596
4597 hci_req_init(&req, hdev);
4598
4599 hci_req_add_le_scan_disable(&req);
4600 hci_req_add_le_passive_scan(&req);
4601
4602 hci_req_run(&req, NULL);
4603 }
4604
14b49b9a
MH		 4605 hci_dev_unlock(hdev);
4606
4607 return err;
4608}
4609
1904a853
MH		 4610static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4611 u16 opcode)
33e38b3e 4612{
3b0602cd 4613 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4614
4615 BT_DBG("status 0x%02x", status);
4616
4617 hci_dev_lock(hdev);
4618
4619 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4620 if (!cmd)
4621 goto unlock;
4622
4623 if (status) {
a69e8375
JH		 4624 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4625 mgmt_status(status));
33e38b3e 4626 } else {
1a4d3c4b
JH		 4627 struct mgmt_mode *cp = cmd->param;
4628
4629 if (cp->val)
4630 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4631 else
4632 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4633
33e38b3e
JH		 4634 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4635 new_settings(hdev, cmd->sk);
4636 }
4637
4638 mgmt_pending_remove(cmd);
4639
4640unlock:
4641 hci_dev_unlock(hdev);
4642}
4643
bdb6d971 4644static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4645 void *data, u16 len)
f6422ec6 4646{
650f726d 4647 struct mgmt_mode *cp = data;
3b0602cd 4648 struct mgmt_pending_cmd *cmd;
33e38b3e 4649 struct hci_request req;
f6422ec6
AJ		 4650 int err;
4651
bdb6d971 4652 BT_DBG("%s", hdev->name);
f6422ec6 4653
56f87901
JH		 4654 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4655 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4657 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4658
a7e80f25 4659 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4660 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4661 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4662
5400c044 4663 if (!hdev_is_powered(hdev))
a69e8375
JH		 4664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4665 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4666
4667 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
a69e8375
JH		 4668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4669 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4670
4671 hci_dev_lock(hdev);
4672
05cbf29f 4673 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4674 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4675 MGMT_STATUS_BUSY);
05cbf29f
JH		 4676 goto unlock;
4677 }
4678
1a4d3c4b
JH		 4679 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4680 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4681 hdev);
4682 goto unlock;
4683 }
4684
33e38b3e
JH		 4685 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4686 data, len);
4687 if (!cmd) {
4688 err = -ENOMEM;
4689 goto unlock;
f6422ec6
AJ		 4690 }
4691
33e38b3e
JH		 4692 hci_req_init(&req, hdev);
4693
406d7804 4694 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4695
4696 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4697 if (err < 0) {
a69e8375
JH		 4698 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4699 MGMT_STATUS_FAILED);
33e38b3e 4700 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4701 }
4702
33e38b3e 4703unlock:
f6422ec6 4704 hci_dev_unlock(hdev);
33e38b3e 4705
f6422ec6
AJ		 4706 return err;
4707}
4708
1904a853 4709static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4710{
3b0602cd 4711 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4712
4713 BT_DBG("status 0x%02x", status);
4714
4715 hci_dev_lock(hdev);
4716
4717 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4718 if (!cmd)
4719 goto unlock;
4720
4721 if (status) {
4722 u8 mgmt_err = mgmt_status(status);
4723
4724 /* We need to restore the flag if related HCI commands
4725 * failed.
4726 */
4727 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4728
a69e8375 4729 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4730 } else {
4731 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4732 new_settings(hdev, cmd->sk);
4733 }
4734
4735 mgmt_pending_remove(cmd);
4736
4737unlock:
4738 hci_dev_unlock(hdev);
4739}
4740
4741static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4742{
4743 struct mgmt_mode *cp = data;
3b0602cd 4744 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4745 struct hci_request req;
4746 int err;
4747
4748 BT_DBG("request for %s", hdev->name);
4749
4750 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4751 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4752 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a
JH		 4753
4754 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4755 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4756 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4757
4758 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4759 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4760 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4761
4762 hci_dev_lock(hdev);
4763
4764 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4765 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4766 goto unlock;
4767 }
4768
4769 if (!hdev_is_powered(hdev)) {
4770 if (!cp->val) {
0663ca2a
JH		 4771 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4772 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4773 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4774 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4775 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4776 }
4777
4778 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4779
4780 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4781 if (err < 0)
4782 goto unlock;
4783
4784 err = new_settings(hdev, sk);
4785 goto unlock;
4786 }
4787
4788 /* Reject disabling when powered on */
4789 if (!cp->val) {
a69e8375
JH		 4790 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4791 MGMT_STATUS_REJECTED);
0663ca2a 4792 goto unlock;
111e4bcc
MH		 4793 } else {
4794 /* When configuring a dual-mode controller to operate
4795 * with LE only and using a static address, then switching
4796 * BR/EDR back on is not allowed.
4797 *
4798 * Dual-mode controllers shall operate with the public
4799 * address as its identity address for BR/EDR and LE. So
4800 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4801 *
4802 * The same restrictions applies when secure connections
4803 * has been enabled. For BR/EDR this is a controller feature
4804 * while for LE it is a host stack feature. This means that
4805 * switching BR/EDR back on when secure connections has been
4806 * enabled is not a supported transaction.
111e4bcc
MH		 4807 */
4808 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
3a5486e1
MH		 4809 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4810 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
a69e8375
JH		 4811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4812 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4813 goto unlock;
4814 }
0663ca2a
JH		 4815 }
4816
4817 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4818 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4819 MGMT_STATUS_BUSY);
0663ca2a
JH		 4820 goto unlock;
4821 }
4822
4823 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4824 if (!cmd) {
4825 err = -ENOMEM;
4826 goto unlock;
4827 }
4828
5947f4bc 4829 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4830 * generates the correct flags.
4831 */
4832 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4833
4834 hci_req_init(&req, hdev);
aa8af46e 4835
432df05e 4836 write_fast_connectable(&req, false);
1d2dc5b7 4837 __hci_update_page_scan(&req);
aa8af46e 4838
f14d8f64
MH		 4839 /* Since only the advertising data flags will change, there
4840 * is no need to update the scan response data.
4841 */
5947f4bc 4842 update_adv_data(&req);
aa8af46e 4843
0663ca2a
JH		 4844 err = hci_req_run(&req, set_bredr_complete);
4845 if (err < 0)
4846 mgmt_pending_remove(cmd);
4847
4848unlock:
4849 hci_dev_unlock(hdev);
4850 return err;
4851}
4852
a1443f5a
JH		 4853static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4854{
3b0602cd 4855 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4856 struct mgmt_mode *cp;
4857
4858 BT_DBG("%s status %u", hdev->name, status);
4859
4860 hci_dev_lock(hdev);
4861
4862 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4863 if (!cmd)
4864 goto unlock;
4865
4866 if (status) {
a69e8375
JH		 4867 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4868 mgmt_status(status));
a1443f5a
JH		 4869 goto remove;
4870 }
4871
4872 cp = cmd->param;
4873
4874 switch (cp->val) {
4875 case 0x00:
4876 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4877 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4878 break;
4879 case 0x01:
4880 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4881 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4882 break;
4883 case 0x02:
4884 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4885 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4886 break;
4887 }
4888
4889 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4890 new_settings(hdev, cmd->sk);
4891
4892remove:
4893 mgmt_pending_remove(cmd);
4894unlock:
4895 hci_dev_unlock(hdev);
4896}
4897
eac83dc6
MH		 4898static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4899 void *data, u16 len)
4900{
4901 struct mgmt_mode *cp = data;
3b0602cd 4902 struct mgmt_pending_cmd *cmd;
a1443f5a 4903 struct hci_request req;
a3209694 4904 u8 val;
eac83dc6
MH		 4905 int err;
4906
4907 BT_DBG("request for %s", hdev->name);
4908
05b3c3e7
MH		 4909 if (!lmp_sc_capable(hdev) &&
4910 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4911 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4912 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4913
ed93ec69 4914 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
59200286 4915 lmp_sc_capable(hdev) &&
ed93ec69 4916 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4917 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4918 MGMT_STATUS_REJECTED);
ed93ec69 4919
0ab04a9c 4920 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4921 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4922 MGMT_STATUS_INVALID_PARAMS);
4923
4924 hci_dev_lock(hdev);
4925
05b3c3e7 4926 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
a3209694 4927 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4928 bool changed;
4929
0ab04a9c 4930 if (cp->val) {
eac83dc6
MH		 4931 changed = !test_and_set_bit(HCI_SC_ENABLED,
4932 &hdev->dev_flags);
0ab04a9c
MH		 4933 if (cp->val == 0x02)
4934 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4935 else
4936 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4937 } else {
eac83dc6
MH		 4938 changed = test_and_clear_bit(HCI_SC_ENABLED,
4939 &hdev->dev_flags);
0ab04a9c
MH		 4940 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4941 }
eac83dc6
MH		 4942
4943 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4944 if (err < 0)
4945 goto failed;
4946
4947 if (changed)
4948 err = new_settings(hdev, sk);
4949
4950 goto failed;
4951 }
4952
4953 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4954 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4955 MGMT_STATUS_BUSY);
eac83dc6
MH		 4956 goto failed;
4957 }
4958
0ab04a9c
MH		 4959 val = !!cp->val;
4960
4961 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4962 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4963 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4964 goto failed;
4965 }
4966
4967 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4968 if (!cmd) {
4969 err = -ENOMEM;
4970 goto failed;
4971 }
4972
a1443f5a
JH		 4973 hci_req_init(&req, hdev);
4974 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4975 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4976 if (err < 0) {
4977 mgmt_pending_remove(cmd);
4978 goto failed;
4979 }
4980
4981failed:
4982 hci_dev_unlock(hdev);
4983 return err;
4984}
4985
4e39ac81
MH		 4986static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4987 void *data, u16 len)
4988{
4989 struct mgmt_mode *cp = data;
b9710979 4990 bool changed, use_changed;
4e39ac81
MH		 4991 int err;
4992
4993 BT_DBG("request for %s", hdev->name);
4994
b9710979 4995 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4996 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4997 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4998
4999 hci_dev_lock(hdev);
5000
5001 if (cp->val)
0663b297
JH		 5002 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
5003 &hdev->dev_flags);
4e39ac81 5004 else
0663b297
JH		 5005 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
5006 &hdev->dev_flags);
4e39ac81 5007
b9710979
JH		 5008 if (cp->val == 0x02)
5009 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5010 &hdev->dev_flags);
5011 else
5012 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5013 &hdev->dev_flags);
5014
5015 if (hdev_is_powered(hdev) && use_changed &&
5016 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5017 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5018 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5019 sizeof(mode), &mode);
5020 }
5021
4e39ac81
MH		 5022 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5023 if (err < 0)
5024 goto unlock;
5025
5026 if (changed)
5027 err = new_settings(hdev, sk);
5028
5029unlock:
5030 hci_dev_unlock(hdev);
5031 return err;
5032}
5033
62b04cd1
JH		 5034static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5035 u16 len)
5036{
5037 struct mgmt_cp_set_privacy *cp = cp_data;
5038 bool changed;
5039 int err;
5040
5041 BT_DBG("request for %s", hdev->name);
5042
5043 if (!lmp_le_capable(hdev))
a69e8375
JH		 5044 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5045 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5046
5047 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5048 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5049 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5050
5051 if (hdev_is_powered(hdev))
a69e8375
JH		 5052 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5053 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5054
5055 hci_dev_lock(hdev);
5056
c21c0ea0
JH		 5057 /* If user space supports this command it is also expected to
5058 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5059 */
5060 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5061
62b04cd1
JH		 5062 if (cp->privacy) {
5063 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5064 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5065 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5066 } else {
5067 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5068 memset(hdev->irk, 0, sizeof(hdev->irk));
5069 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5070 }
5071
5072 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5073 if (err < 0)
5074 goto unlock;
5075
5076 if (changed)
5077 err = new_settings(hdev, sk);
5078
5079unlock:
5080 hci_dev_unlock(hdev);
5081 return err;
5082}
5083
41edf160
JH		 5084static bool irk_is_valid(struct mgmt_irk_info *irk)
5085{
5086 switch (irk->addr.type) {
5087 case BDADDR_LE_PUBLIC:
5088 return true;
5089
5090 case BDADDR_LE_RANDOM:
5091 /* Two most significant bits shall be set */
5092 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5093 return false;
5094 return true;
5095 }
5096
5097 return false;
5098}
5099
5100static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5101 u16 len)
5102{
5103 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5104 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5105 sizeof(struct mgmt_irk_info));
41edf160
JH		 5106 u16 irk_count, expected_len;
5107 int i, err;
5108
5109 BT_DBG("request for %s", hdev->name);
5110
5111 if (!lmp_le_capable(hdev))
a69e8375
JH		 5112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5113 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5114
5115 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5116 if (irk_count > max_irk_count) {
5117 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5119 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5120 }
41edf160
JH		 5121
5122 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5123 if (expected_len != len) {
5124 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5125 expected_len, len);
a69e8375
JH		 5126 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5127 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5128 }
5129
5130 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5131
5132 for (i = 0; i < irk_count; i++) {
5133 struct mgmt_irk_info *key = &cp->irks[i];
5134
5135 if (!irk_is_valid(key))
a69e8375
JH		 5136 return mgmt_cmd_status(sk, hdev->id,
5137 MGMT_OP_LOAD_IRKS,
5138 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5139 }
5140
5141 hci_dev_lock(hdev);
5142
5143 hci_smp_irks_clear(hdev);
5144
5145 for (i = 0; i < irk_count; i++) {
5146 struct mgmt_irk_info *irk = &cp->irks[i];
5147 u8 addr_type;
5148
5149 if (irk->addr.type == BDADDR_LE_PUBLIC)
5150 addr_type = ADDR_LE_DEV_PUBLIC;
5151 else
5152 addr_type = ADDR_LE_DEV_RANDOM;
5153
5154 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5155 BDADDR_ANY);
5156 }
5157
5158 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5159
2a1afb5a 5160 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5161
5162 hci_dev_unlock(hdev);
5163
5164 return err;
5165}
5166
3f706b72
JH		 5167static bool ltk_is_valid(struct mgmt_ltk_info *key)
5168{
5169 if (key->master != 0x00 && key->master != 0x01)
5170 return false;
490cb0b3
MH		 5171
5172 switch (key->addr.type) {
5173 case BDADDR_LE_PUBLIC:
5174 return true;
5175
5176 case BDADDR_LE_RANDOM:
5177 /* Two most significant bits shall be set */
5178 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5179 return false;
5180 return true;
5181 }
5182
5183 return false;
3f706b72
JH		 5184}
5185
bdb6d971 5186static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5187 void *cp_data, u16 len)
346af67b 5188{
346af67b 5189 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5190 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5191 sizeof(struct mgmt_ltk_info));
346af67b 5192 u16 key_count, expected_len;
715a5bf2 5193 int i, err;
346af67b 5194
cf99ba13
MH		 5195 BT_DBG("request for %s", hdev->name);
5196
5197 if (!lmp_le_capable(hdev))
a69e8375
JH		 5198 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5199 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5200
1f350c87 5201 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5202 if (key_count > max_key_count) {
5203 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5205 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5206 }
346af67b
VCG		 5207
5208 expected_len = sizeof(*cp) + key_count *
5209 sizeof(struct mgmt_ltk_info);
5210 if (expected_len != len) {
5211 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5212 expected_len, len);
a69e8375
JH		 5213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5214 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5215 }
5216
bdb6d971 5217 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5218
54ad6d8a
JH		 5219 for (i = 0; i < key_count; i++) {
5220 struct mgmt_ltk_info *key = &cp->keys[i];
5221
3f706b72 5222 if (!ltk_is_valid(key))
a69e8375
JH		 5223 return mgmt_cmd_status(sk, hdev->id,
5224 MGMT_OP_LOAD_LONG_TERM_KEYS,
5225 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5226 }
5227
346af67b
VCG		 5228 hci_dev_lock(hdev);
5229
5230 hci_smp_ltks_clear(hdev);
5231
5232 for (i = 0; i < key_count; i++) {
5233 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5234 u8 type, addr_type, authenticated;
79d95a19
MH		 5235
5236 if (key->addr.type == BDADDR_LE_PUBLIC)
5237 addr_type = ADDR_LE_DEV_PUBLIC;
5238 else
5239 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5240
61b43357
JH		 5241 switch (key->type) {
5242 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5243 authenticated = 0x00;
23fb8de3 5244 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5245 break;
5246 case MGMT_LTK_AUTHENTICATED:
d7b25450 5247 authenticated = 0x01;
23fb8de3
JH		 5248 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5249 break;
5250 case MGMT_LTK_P256_UNAUTH:
5251 authenticated = 0x00;
5252 type = SMP_LTK_P256;
61b43357 5253 break;
23fb8de3
JH		 5254 case MGMT_LTK_P256_AUTH:
5255 authenticated = 0x01;
5256 type = SMP_LTK_P256;
61b43357 5257 break;
23fb8de3
JH		 5258 case MGMT_LTK_P256_DEBUG:
5259 authenticated = 0x00;
5260 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5261 default:
5262 continue;
5263 }
d7b25450 5264
35d70271 5265 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5266 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5267 key->rand);
346af67b
VCG		 5268 }
5269
2a1afb5a 5270 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5271 NULL, 0);
5272
346af67b 5273 hci_dev_unlock(hdev);
346af67b 5274
715a5bf2 5275 return err;
346af67b
VCG		 5276}
5277
3b0602cd 5278static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5279{
dd983808 5280 struct hci_conn *conn = cmd->user_data;
9981bdb0 5281 struct mgmt_rp_get_conn_info rp;
9df74653 5282 int err;
dd983808 5283
9981bdb0 5284 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5285
9981bdb0 5286 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5287 rp.rssi = conn->rssi;
9981bdb0
JH		 5288 rp.tx_power = conn->tx_power;
5289 rp.max_tx_power = conn->max_tx_power;
5290 } else {
5291 rp.rssi = HCI_RSSI_INVALID;
5292 rp.tx_power = HCI_TX_POWER_INVALID;
5293 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5294 }
5295
2a1afb5a
JH		 5296 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5297 status, &rp, sizeof(rp));
dd983808
AK		 5298
5299 hci_conn_drop(conn);
f8aaf9b6 5300 hci_conn_put(conn);
9df74653
JH		 5301
5302 return err;
dd983808
AK		 5303}
5304
1904a853
MH		 5305static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5306 u16 opcode)
dd983808
AK		 5307{
5308 struct hci_cp_read_rssi *cp;
3b0602cd 5309 struct mgmt_pending_cmd *cmd;
dd983808 5310 struct hci_conn *conn;
dd983808 5311 u16 handle;
9981bdb0 5312 u8 status;
dd983808 5313
9981bdb0 5314 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5315
5316 hci_dev_lock(hdev);
5317
dd983808
AK		 5318 /* Commands sent in request are either Read RSSI or Read Transmit Power
5319 * Level so we check which one was last sent to retrieve connection
5320 * handle. Both commands have handle as first parameter so it's safe to
5321 * cast data on the same command struct.
5322 *
5323 * First command sent is always Read RSSI and we fail only if it fails.
5324 * In other case we simply override error to indicate success as we
5325 * already remembered if TX power value is actually valid.
5326 */
5327 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5328 if (!cp) {
5329 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5330 status = MGMT_STATUS_SUCCESS;
5331 } else {
5332 status = mgmt_status(hci_status);
dd983808
AK		 5333 }
5334
5335 if (!cp) {
9981bdb0 5336 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5337 goto unlock;
5338 }
5339
5340 handle = __le16_to_cpu(cp->handle);
5341 conn = hci_conn_hash_lookup_handle(hdev, handle);
5342 if (!conn) {
9981bdb0 5343 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5344 goto unlock;
5345 }
5346
9981bdb0
JH		 5347 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5348 if (!cmd)
5349 goto unlock;
dd983808 5350
9981bdb0
JH		 5351 cmd->cmd_complete(cmd, status);
5352 mgmt_pending_remove(cmd);
dd983808
AK		 5353
5354unlock:
5355 hci_dev_unlock(hdev);
5356}
5357
5358static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5359 u16 len)
5360{
5361 struct mgmt_cp_get_conn_info *cp = data;
5362 struct mgmt_rp_get_conn_info rp;
5363 struct hci_conn *conn;
5364 unsigned long conn_info_age;
5365 int err = 0;
5366
5367 BT_DBG("%s", hdev->name);
5368
5369 memset(&rp, 0, sizeof(rp));
5370 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5371 rp.addr.type = cp->addr.type;
5372
5373 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5374 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5375 MGMT_STATUS_INVALID_PARAMS,
5376 &rp, sizeof(rp));
dd983808
AK		 5377
5378 hci_dev_lock(hdev);
5379
5380 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5381 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5382 MGMT_STATUS_NOT_POWERED, &rp,
5383 sizeof(rp));
dd983808
AK		 5384 goto unlock;
5385 }
5386
5387 if (cp->addr.type == BDADDR_BREDR)
5388 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5389 &cp->addr.bdaddr);
5390 else
5391 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5392
5393 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5394 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5395 MGMT_STATUS_NOT_CONNECTED, &rp,
5396 sizeof(rp));
dd983808
AK		 5397 goto unlock;
5398 }
5399
9981bdb0 5400 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5402 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5403 goto unlock;
5404 }
5405
dd983808
AK		 5406 /* To avoid client trying to guess when to poll again for information we
5407 * calculate conn info age as random value between min/max set in hdev.
5408 */
5409 conn_info_age = hdev->conn_info_min_age +
5410 prandom_u32_max(hdev->conn_info_max_age -
5411 hdev->conn_info_min_age);
5412
5413 /* Query controller to refresh cached values if they are too old or were
5414 * never read.
5415 */
f4e2dd53
AK		 5416 if (time_after(jiffies, conn->conn_info_timestamp +
5417 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5418 !conn->conn_info_timestamp) {
5419 struct hci_request req;
5420 struct hci_cp_read_tx_power req_txp_cp;
5421 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5422 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5423
5424 hci_req_init(&req, hdev);
5425 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5426 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5427 &req_rssi_cp);
5428
f7faab0c
AK		 5429 /* For LE links TX power does not change thus we don't need to
5430 * query for it once value is known.
5431 */
5432 if (!bdaddr_type_is_le(cp->addr.type) ||
5433 conn->tx_power == HCI_TX_POWER_INVALID) {
5434 req_txp_cp.handle = cpu_to_le16(conn->handle);
5435 req_txp_cp.type = 0x00;
5436 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5437 sizeof(req_txp_cp), &req_txp_cp);
5438 }
dd983808 5439
eed5daf3
AK		 5440 /* Max TX power needs to be read only once per connection */
5441 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5442 req_txp_cp.handle = cpu_to_le16(conn->handle);
5443 req_txp_cp.type = 0x01;
5444 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5445 sizeof(req_txp_cp), &req_txp_cp);
5446 }
5447
dd983808
AK		 5448 err = hci_req_run(&req, conn_info_refresh_complete);
5449 if (err < 0)
5450 goto unlock;
5451
5452 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5453 data, len);
5454 if (!cmd) {
5455 err = -ENOMEM;
5456 goto unlock;
5457 }
5458
5459 hci_conn_hold(conn);
f8aaf9b6 5460 cmd->user_data = hci_conn_get(conn);
9981bdb0 5461 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5462
5463 conn->conn_info_timestamp = jiffies;
5464 } else {
5465 /* Cache is valid, just reply with values cached in hci_conn */
5466 rp.rssi = conn->rssi;
5467 rp.tx_power = conn->tx_power;
eed5daf3 5468 rp.max_tx_power = conn->max_tx_power;
dd983808 5469
2a1afb5a
JH		 5470 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5471 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5472 }
5473
5474unlock:
5475 hci_dev_unlock(hdev);
5476 return err;
5477}
5478
3b0602cd 5479static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5480{
69487371 5481 struct hci_conn *conn = cmd->user_data;
95868426 5482 struct mgmt_rp_get_clock_info rp;
69487371 5483 struct hci_dev *hdev;
9df74653 5484 int err;
69487371
JH		 5485
5486 memset(&rp, 0, sizeof(rp));
5487 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5488
5489 if (status)
5490 goto complete;
5491
5492 hdev = hci_dev_get(cmd->index);
5493 if (hdev) {
5494 rp.local_clock = cpu_to_le32(hdev->clock);
5495 hci_dev_put(hdev);
5496 }
5497
5498 if (conn) {
5499 rp.piconet_clock = cpu_to_le32(conn->clock);
5500 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5501 }
5502
5503complete:
2a1afb5a
JH		 5504 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5505 sizeof(rp));
69487371
JH		 5506
5507 if (conn) {
5508 hci_conn_drop(conn);
5509 hci_conn_put(conn);
5510 }
9df74653
JH		 5511
5512 return err;
69487371
JH		 5513}
5514
1904a853 5515static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5516{
95868426 5517 struct hci_cp_read_clock *hci_cp;
3b0602cd 5518 struct mgmt_pending_cmd *cmd;
95868426
JH		 5519 struct hci_conn *conn;
5520
5521 BT_DBG("%s status %u", hdev->name, status);
5522
5523 hci_dev_lock(hdev);
5524
5525 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5526 if (!hci_cp)
5527 goto unlock;
5528
5529 if (hci_cp->which) {
5530 u16 handle = __le16_to_cpu(hci_cp->handle);
5531 conn = hci_conn_hash_lookup_handle(hdev, handle);
5532 } else {
5533 conn = NULL;
5534 }
5535
5536 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5537 if (!cmd)
5538 goto unlock;
5539
69487371 5540 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5541 mgmt_pending_remove(cmd);
95868426
JH		 5542
5543unlock:
5544 hci_dev_unlock(hdev);
5545}
5546
5547static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5548 u16 len)
5549{
5550 struct mgmt_cp_get_clock_info *cp = data;
5551 struct mgmt_rp_get_clock_info rp;
5552 struct hci_cp_read_clock hci_cp;
3b0602cd 5553 struct mgmt_pending_cmd *cmd;
95868426
JH		 5554 struct hci_request req;
5555 struct hci_conn *conn;
5556 int err;
5557
5558 BT_DBG("%s", hdev->name);
5559
5560 memset(&rp, 0, sizeof(rp));
5561 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5562 rp.addr.type = cp->addr.type;
5563
5564 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5565 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5566 MGMT_STATUS_INVALID_PARAMS,
5567 &rp, sizeof(rp));
95868426
JH		 5568
5569 hci_dev_lock(hdev);
5570
5571 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5572 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5573 MGMT_STATUS_NOT_POWERED, &rp,
5574 sizeof(rp));
95868426
JH		 5575 goto unlock;
5576 }
5577
5578 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5579 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5580 &cp->addr.bdaddr);
5581 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5582 err = mgmt_cmd_complete(sk, hdev->id,
5583 MGMT_OP_GET_CLOCK_INFO,
5584 MGMT_STATUS_NOT_CONNECTED,
5585 &rp, sizeof(rp));
95868426
JH		 5586 goto unlock;
5587 }
5588 } else {
5589 conn = NULL;
5590 }
5591
5592 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5593 if (!cmd) {
5594 err = -ENOMEM;
5595 goto unlock;
5596 }
5597
69487371
JH		 5598 cmd->cmd_complete = clock_info_cmd_complete;
5599
95868426
JH		 5600 hci_req_init(&req, hdev);
5601
5602 memset(&hci_cp, 0, sizeof(hci_cp));
5603 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5604
5605 if (conn) {
5606 hci_conn_hold(conn);
f8aaf9b6 5607 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5608
5609 hci_cp.handle = cpu_to_le16(conn->handle);
5610 hci_cp.which = 0x01; /* Piconet clock */
5611 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5612 }
5613
5614 err = hci_req_run(&req, get_clock_info_complete);
5615 if (err < 0)
5616 mgmt_pending_remove(cmd);
5617
5618unlock:
5619 hci_dev_unlock(hdev);
5620 return err;
5621}
5622
5a154e6f
JH		 5623static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5624{
5625 struct hci_conn *conn;
5626
5627 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5628 if (!conn)
5629 return false;
5630
5631 if (conn->dst_type != type)
5632 return false;
5633
5634 if (conn->state != BT_CONNECTED)
5635 return false;
5636
5637 return true;
5638}
5639
5640/* This function requires the caller holds hdev->lock */
5641static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5642 u8 addr_type, u8 auto_connect)
5643{
5644 struct hci_dev *hdev = req->hdev;
5645 struct hci_conn_params *params;
5646
5647 params = hci_conn_params_add(hdev, addr, addr_type);
5648 if (!params)
5649 return -EIO;
5650
5651 if (params->auto_connect == auto_connect)
5652 return 0;
5653
5654 list_del_init(&params->action);
5655
5656 switch (auto_connect) {
5657 case HCI_AUTO_CONN_DISABLED:
5658 case HCI_AUTO_CONN_LINK_LOSS:
5659 __hci_update_background_scan(req);
5660 break;
5661 case HCI_AUTO_CONN_REPORT:
5662 list_add(&params->action, &hdev->pend_le_reports);
5663 __hci_update_background_scan(req);
5664 break;
5665 case HCI_AUTO_CONN_DIRECT:
5666 case HCI_AUTO_CONN_ALWAYS:
5667 if (!is_connected(hdev, addr, addr_type)) {
5668 list_add(&params->action, &hdev->pend_le_conns);
5669 __hci_update_background_scan(req);
5670 }
5671 break;
5672 }
5673
5674 params->auto_connect = auto_connect;
5675
5676 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5677 auto_connect);
5678
5679 return 0;
5680}
5681
8afef092
MH		 5682static void device_added(struct sock *sk, struct hci_dev *hdev,
5683 bdaddr_t *bdaddr, u8 type, u8 action)
5684{
5685 struct mgmt_ev_device_added ev;
5686
5687 bacpy(&ev.addr.bdaddr, bdaddr);
5688 ev.addr.type = type;
5689 ev.action = action;
5690
5691 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5692}
5693
1904a853 5694static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5695{
3b0602cd 5696 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5697
5698 BT_DBG("status 0x%02x", status);
5699
5700 hci_dev_lock(hdev);
5701
5702 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5703 if (!cmd)
5704 goto unlock;
5705
5706 cmd->cmd_complete(cmd, mgmt_status(status));
5707 mgmt_pending_remove(cmd);
5708
5709unlock:
5710 hci_dev_unlock(hdev);
5711}
5712
2faade53
MH		 5713static int add_device(struct sock *sk, struct hci_dev *hdev,
5714 void *data, u16 len)
5715{
5716 struct mgmt_cp_add_device *cp = data;
3b0602cd 5717 struct mgmt_pending_cmd *cmd;
5a154e6f 5718 struct hci_request req;
2faade53
MH		 5719 u8 auto_conn, addr_type;
5720 int err;
5721
5722 BT_DBG("%s", hdev->name);
5723
6659358e 5724 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5725 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5726 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5727 MGMT_STATUS_INVALID_PARAMS,
5728 &cp->addr, sizeof(cp->addr));
2faade53 5729
4b9e7e75 5730 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5731 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5732 MGMT_STATUS_INVALID_PARAMS,
5733 &cp->addr, sizeof(cp->addr));
2faade53 5734
5a154e6f
JH		 5735 hci_req_init(&req, hdev);
5736
2faade53
MH		 5737 hci_dev_lock(hdev);
5738
5a154e6f
JH		 5739 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5740 if (!cmd) {
5741 err = -ENOMEM;
5742 goto unlock;
5743 }
5744
5745 cmd->cmd_complete = addr_cmd_complete;
5746
6659358e 5747 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5748 /* Only incoming connections action is supported for now */
6659358e 5749 if (cp->action != 0x01) {
9df74653
JH		 5750 err = cmd->cmd_complete(cmd,
5751 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5752 mgmt_pending_remove(cmd);
6659358e
JH		 5753 goto unlock;
5754 }
5755
5756 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5757 cp->addr.type);
5758 if (err)
5759 goto unlock;
a397407f 5760
5a154e6f 5761 __hci_update_page_scan(&req);
a397407f 5762
6659358e
JH		 5763 goto added;
5764 }
5765
2faade53
MH		 5766 if (cp->addr.type == BDADDR_LE_PUBLIC)
5767 addr_type = ADDR_LE_DEV_PUBLIC;
5768 else
5769 addr_type = ADDR_LE_DEV_RANDOM;
5770
4b9e7e75 5771 if (cp->action == 0x02)
2faade53 5772 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5773 else if (cp->action == 0x01)
5774 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5775 else
a3451d27 5776 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5777
bf5b3c8b
MH		 5778 /* If the connection parameters don't exist for this device,
5779 * they will be created and configured with defaults.
5780 */
5a154e6f 5781 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5782 auto_conn) < 0) {
9df74653 5783 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5784 mgmt_pending_remove(cmd);
2faade53
MH		 5785 goto unlock;
5786 }
5787
6659358e 5788added:
8afef092
MH		 5789 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5790
5a154e6f
JH		 5791 err = hci_req_run(&req, add_device_complete);
5792 if (err < 0) {
5793 /* ENODATA means no HCI commands were needed (e.g. if
5794 * the adapter is powered off).
5795 */
9df74653
JH		 5796 if (err == -ENODATA)
5797 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5798 mgmt_pending_remove(cmd);
5799 }
2faade53
MH		 5800
5801unlock:
5802 hci_dev_unlock(hdev);
5803 return err;
5804}
5805
8afef092
MH		 5806static void device_removed(struct sock *sk, struct hci_dev *hdev,
5807 bdaddr_t *bdaddr, u8 type)
5808{
5809 struct mgmt_ev_device_removed ev;
5810
5811 bacpy(&ev.addr.bdaddr, bdaddr);
5812 ev.addr.type = type;
5813
5814 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5815}
5816
1904a853 5817static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5818{
3b0602cd 5819 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5820
5821 BT_DBG("status 0x%02x", status);
5822
5823 hci_dev_lock(hdev);
5824
5825 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5826 if (!cmd)
5827 goto unlock;
5828
5829 cmd->cmd_complete(cmd, mgmt_status(status));
5830 mgmt_pending_remove(cmd);
5831
5832unlock:
5833 hci_dev_unlock(hdev);
5834}
5835
2faade53
MH		 5836static int remove_device(struct sock *sk, struct hci_dev *hdev,
5837 void *data, u16 len)
5838{
5839 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5840 struct mgmt_pending_cmd *cmd;
51ef3ebe 5841 struct hci_request req;
2faade53
MH		 5842 int err;
5843
5844 BT_DBG("%s", hdev->name);
5845
51ef3ebe
JH		 5846 hci_req_init(&req, hdev);
5847
2faade53
MH		 5848 hci_dev_lock(hdev);
5849
51ef3ebe
JH		 5850 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5851 if (!cmd) {
5852 err = -ENOMEM;
5853 goto unlock;
5854 }
5855
5856 cmd->cmd_complete = addr_cmd_complete;
5857
2faade53 5858 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5859 struct hci_conn_params *params;
2faade53
MH		 5860 u8 addr_type;
5861
6659358e 5862 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5863 err = cmd->cmd_complete(cmd,
5864 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5865 mgmt_pending_remove(cmd);
2faade53
MH		 5866 goto unlock;
5867 }
5868
6659358e
JH		 5869 if (cp->addr.type == BDADDR_BREDR) {
5870 err = hci_bdaddr_list_del(&hdev->whitelist,
5871 &cp->addr.bdaddr,
5872 cp->addr.type);
5873 if (err) {
9df74653
JH		 5874 err = cmd->cmd_complete(cmd,
5875 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5876 mgmt_pending_remove(cmd);
6659358e
JH		 5877 goto unlock;
5878 }
5879
51ef3ebe 5880 __hci_update_page_scan(&req);
a397407f 5881
6659358e
JH		 5882 device_removed(sk, hdev, &cp->addr.bdaddr,
5883 cp->addr.type);
5884 goto complete;
5885 }
5886
2faade53
MH		 5887 if (cp->addr.type == BDADDR_LE_PUBLIC)
5888 addr_type = ADDR_LE_DEV_PUBLIC;
5889 else
5890 addr_type = ADDR_LE_DEV_RANDOM;
5891
c71593dd
JH		 5892 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5893 addr_type);
5894 if (!params) {
9df74653
JH		 5895 err = cmd->cmd_complete(cmd,
5896 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5897 mgmt_pending_remove(cmd);
c71593dd
JH		 5898 goto unlock;
5899 }
5900
5901 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5902 err = cmd->cmd_complete(cmd,
5903 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5904 mgmt_pending_remove(cmd);
c71593dd
JH		 5905 goto unlock;
5906 }
5907
d1dbf12e 5908 list_del(&params->action);
c71593dd
JH		 5909 list_del(&params->list);
5910 kfree(params);
51ef3ebe 5911 __hci_update_background_scan(&req);
8afef092
MH		 5912
5913 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5914 } else {
19de0825 5915 struct hci_conn_params *p, *tmp;
6659358e 5916 struct bdaddr_list *b, *btmp;
19de0825 5917
2faade53 5918 if (cp->addr.type) {
9df74653
JH		 5919 err = cmd->cmd_complete(cmd,
5920 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5921 mgmt_pending_remove(cmd);
2faade53
MH		 5922 goto unlock;
5923 }
5924
6659358e
JH		 5925 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5926 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5927 list_del(&b->list);
5928 kfree(b);
5929 }
5930
51ef3ebe 5931 __hci_update_page_scan(&req);
a397407f 5932
19de0825
JH		 5933 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5934 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5935 continue;
5936 device_removed(sk, hdev, &p->addr, p->addr_type);
5937 list_del(&p->action);
5938 list_del(&p->list);
5939 kfree(p);
5940 }
5941
5942 BT_DBG("All LE connection parameters were removed");
5943
51ef3ebe 5944 __hci_update_background_scan(&req);
2faade53
MH		 5945 }
5946
6659358e 5947complete:
51ef3ebe
JH		 5948 err = hci_req_run(&req, remove_device_complete);
5949 if (err < 0) {
5950 /* ENODATA means no HCI commands were needed (e.g. if
5951 * the adapter is powered off).
5952 */
9df74653
JH		 5953 if (err == -ENODATA)
5954 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5955 mgmt_pending_remove(cmd);
5956 }
2faade53
MH		 5957
5958unlock:
5959 hci_dev_unlock(hdev);
5960 return err;
5961}
5962
a26f3dcf
JH		 5963static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5964 u16 len)
5965{
5966 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5967 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5968 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5969 u16 param_count, expected_len;
5970 int i;
5971
5972 if (!lmp_le_capable(hdev))
a69e8375
JH		 5973 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5974 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5975
5976 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5977 if (param_count > max_param_count) {
5978 BT_ERR("load_conn_param: too big param_count value %u",
5979 param_count);
a69e8375
JH		 5980 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5981 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5982 }
a26f3dcf
JH		 5983
5984 expected_len = sizeof(*cp) + param_count *
5985 sizeof(struct mgmt_conn_param);
5986 if (expected_len != len) {
5987 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5988 expected_len, len);
a69e8375
JH		 5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5990 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5991 }
5992
5993 BT_DBG("%s param_count %u", hdev->name, param_count);
5994
5995 hci_dev_lock(hdev);
5996
5997 hci_conn_params_clear_disabled(hdev);
5998
5999 for (i = 0; i < param_count; i++) {
6000 struct mgmt_conn_param *param = &cp->params[i];
6001 struct hci_conn_params *hci_param;
6002 u16 min, max, latency, timeout;
6003 u8 addr_type;
6004
6005 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6006 param->addr.type);
6007
6008 if (param->addr.type == BDADDR_LE_PUBLIC) {
6009 addr_type = ADDR_LE_DEV_PUBLIC;
6010 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6011 addr_type = ADDR_LE_DEV_RANDOM;
6012 } else {
6013 BT_ERR("Ignoring invalid connection parameters");
6014 continue;
6015 }
6016
6017 min = le16_to_cpu(param->min_interval);
6018 max = le16_to_cpu(param->max_interval);
6019 latency = le16_to_cpu(param->latency);
6020 timeout = le16_to_cpu(param->timeout);
6021
6022 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6023 min, max, latency, timeout);
6024
6025 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6026 BT_ERR("Ignoring invalid connection parameters");
6027 continue;
6028 }
6029
6030 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6031 addr_type);
6032 if (!hci_param) {
6033 BT_ERR("Failed to add connection parameters");
6034 continue;
6035 }
6036
6037 hci_param->conn_min_interval = min;
6038 hci_param->conn_max_interval = max;
6039 hci_param->conn_latency = latency;
6040 hci_param->supervision_timeout = timeout;
6041 }
6042
6043 hci_dev_unlock(hdev);
6044
2a1afb5a
JH		 6045 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6046 NULL, 0);
a26f3dcf
JH		 6047}
6048
dbece37a
MH		 6049static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6050 void *data, u16 len)
6051{
6052 struct mgmt_cp_set_external_config *cp = data;
6053 bool changed;
6054 int err;
6055
6056 BT_DBG("%s", hdev->name);
6057
6058 if (hdev_is_powered(hdev))
a69e8375
JH		 6059 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6060 MGMT_STATUS_REJECTED);
dbece37a
MH		 6061
6062 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6063 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6064 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6065
6066 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6068 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6069
6070 hci_dev_lock(hdev);
6071
6072 if (cp->config)
6073 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
6074 &hdev->dev_flags);
6075 else
6076 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
6077 &hdev->dev_flags);
6078
6079 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6080 if (err < 0)
6081 goto unlock;
6082
6083 if (!changed)
6084 goto unlock;
6085
f4537c04
MH		 6086 err = new_options(hdev, sk);
6087
dbece37a
MH		 6088 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
6089 mgmt_index_removed(hdev);
d603b76b
MH		 6090
6091 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
6092 set_bit(HCI_CONFIG, &hdev->dev_flags);
6093 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6094
6095 queue_work(hdev->req_workqueue, &hdev->power_on);
6096 } else {
5ea234d3 6097 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6098 mgmt_index_added(hdev);
6099 }
dbece37a
MH		 6100 }
6101
6102unlock:
6103 hci_dev_unlock(hdev);
6104 return err;
6105}
6106
9713c17b
MH		 6107static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6108 void *data, u16 len)
6109{
6110 struct mgmt_cp_set_public_address *cp = data;
6111 bool changed;
6112 int err;
6113
6114 BT_DBG("%s", hdev->name);
6115
6116 if (hdev_is_powered(hdev))
a69e8375
JH		 6117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6118 MGMT_STATUS_REJECTED);
9713c17b
MH		 6119
6120 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6121 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6122 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6123
6124 if (!hdev->set_bdaddr)
a69e8375
JH		 6125 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6126 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6127
6128 hci_dev_lock(hdev);
6129
6130 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6131 bacpy(&hdev->public_addr, &cp->bdaddr);
6132
6133 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6134 if (err < 0)
6135 goto unlock;
6136
6137 if (!changed)
6138 goto unlock;
6139
6140 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6141 err = new_options(hdev, sk);
6142
6143 if (is_configured(hdev)) {
6144 mgmt_index_removed(hdev);
6145
6146 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
6147
6148 set_bit(HCI_CONFIG, &hdev->dev_flags);
6149 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6150
6151 queue_work(hdev->req_workqueue, &hdev->power_on);
6152 }
6153
6154unlock:
6155 hci_dev_unlock(hdev);
6156 return err;
6157}
6158
6d785aa3 6159static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6160 { NULL }, /* 0x0000 (no command) */
b9a245fb
JH		 6161 { read_version, MGMT_READ_VERSION_SIZE,
6162 HCI_MGMT_NO_HDEV },
6163 { read_commands, MGMT_READ_COMMANDS_SIZE,
6164 HCI_MGMT_NO_HDEV },
6165 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6166 HCI_MGMT_NO_HDEV },
6167 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6168 { set_powered, MGMT_SETTING_SIZE, 0 },
6169 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6170 { set_connectable, MGMT_SETTING_SIZE, 0 },
6171 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6172 { set_bondable, MGMT_SETTING_SIZE, 0 },
6173 { set_link_security, MGMT_SETTING_SIZE, 0 },
6174 { set_ssp, MGMT_SETTING_SIZE, 0 },
6175 { set_hs, MGMT_SETTING_SIZE, 0 },
6176 { set_le, MGMT_SETTING_SIZE, 0 },
6177 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6178 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6179 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6180 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6181 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6182 HCI_MGMT_VAR_LEN },
6183 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6184 HCI_MGMT_VAR_LEN },
6185 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6186 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6187 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6188 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6189 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6190 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6191 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6192 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6193 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6194 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6195 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6196 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6197 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6198 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6199 HCI_MGMT_VAR_LEN },
6200 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6201 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6202 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6203 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6204 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6205 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6206 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6207 { set_advertising, MGMT_SETTING_SIZE, 0 },
6208 { set_bredr, MGMT_SETTING_SIZE, 0 },
6209 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6210 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6211 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6212 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6213 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6214 { load_irks, MGMT_LOAD_IRKS_SIZE,
6215 HCI_MGMT_VAR_LEN },
6216 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6217 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6218 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6219 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6220 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6221 HCI_MGMT_VAR_LEN },
6222 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6223 HCI_MGMT_NO_HDEV },
6224 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6225 HCI_MGMT_UNCONFIGURED },
6226 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6227 HCI_MGMT_UNCONFIGURED },
6228 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6229 HCI_MGMT_UNCONFIGURED },
6230 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6231 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 6232};
6233
6d785aa3
JH		 6234int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6235 struct msghdr *msg, size_t msglen)
0381101f 6236{
650f726d
VCG		 6237 void *buf;
6238 u8 *cp;
0381101f 6239 struct mgmt_hdr *hdr;
4e51eae9 6240 u16 opcode, index, len;
bdb6d971 6241 struct hci_dev *hdev = NULL;
6d785aa3 6242 const struct hci_mgmt_handler *handler;
b9a245fb 6243 bool var_len, no_hdev;
0381101f
JH		 6244 int err;
6245
6246 BT_DBG("got %zu bytes", msglen);
6247
6248 if (msglen < sizeof(*hdr))
6249 return -EINVAL;
6250
e63a15ec 6251 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6252 if (!buf)
6253 return -ENOMEM;
6254
6ce8e9ce 6255 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6256 err = -EFAULT;
6257 goto done;
6258 }
6259
650f726d 6260 hdr = buf;
1f350c87
MH		 6261 opcode = __le16_to_cpu(hdr->opcode);
6262 index = __le16_to_cpu(hdr->index);
6263 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6264
6265 if (len != msglen - sizeof(*hdr)) {
6266 err = -EINVAL;
6267 goto done;
6268 }
6269
b9a245fb
JH		 6270 if (opcode >= chan->handler_count ||
6271 chan->handlers[opcode].func == NULL) {
6272 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6273 err = mgmt_cmd_status(sk, index, opcode,
6274 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6275 goto done;
6276 }
6277
6278 handler = &chan->handlers[opcode];
6279
0f4e68cf 6280 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6281 hdev = hci_dev_get(index);
6282 if (!hdev) {
a69e8375
JH		 6283 err = mgmt_cmd_status(sk, index, opcode,
6284 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6285 goto done;
6286 }
0736cfa8 6287
cebf4cfd 6288 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 6289 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 6290 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
a69e8375
JH		 6291 err = mgmt_cmd_status(sk, index, opcode,
6292 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6293 goto done;
6294 }
42a9bc14
MH		 6295
6296 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
b9a245fb 6297 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6298 err = mgmt_cmd_status(sk, index, opcode,
6299 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6300 goto done;
6301 }
bdb6d971
JH		 6302 }
6303
b9a245fb
JH		 6304 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6305 if (no_hdev != !hdev) {
a69e8375
JH		 6306 err = mgmt_cmd_status(sk, index, opcode,
6307 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6308 goto done;
0381101f
JH		 6309 }
6310
b9a245fb
JH		 6311 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6312 if ((var_len && len < handler->data_len) ||
6313 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6314 err = mgmt_cmd_status(sk, index, opcode,
6315 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6316 goto done;
6317 }
6318
0f4e68cf
JH		 6319 if (hdev)
6320 mgmt_init_hdev(sk, hdev);
6321
6322 cp = buf + sizeof(*hdr);
6323
be22b54e 6324 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6325 if (err < 0)
6326 goto done;
6327
0381101f
JH		 6328 err = msglen;
6329
6330done:
bdb6d971
JH		 6331 if (hdev)
6332 hci_dev_put(hdev);
6333
0381101f
JH		 6334 kfree(buf);
6335 return err;
6336}
c71e97bf 6337
bf6b56db 6338void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6339{
1514b892 6340 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6341 return;
bb4b2a9a 6342
0602a8ad
MH		 6343 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6344 return;
6345
6346 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6347 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6348 else
6349 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6350}
6351
bf6b56db 6352void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6353{
5f159032 6354 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6355
1514b892 6356 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6357 return;
bb4b2a9a 6358
0602a8ad
MH		 6359 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6360 return;
6361
1b9b5ee5 6362 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6363
edd3896b
MH		 6364 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6365 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6366 else
6367 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6368}
6369
6046dc3e 6370/* This function requires the caller holds hdev->lock */
2cf22218 6371static void restart_le_actions(struct hci_request *req)
6046dc3e 6372{
2cf22218 6373 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6374 struct hci_conn_params *p;
6375
6376 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6377 /* Needed for AUTO_OFF case where might not "really"
6378 * have been powered off.
6379 */
6380 list_del_init(&p->action);
6381
6382 switch (p->auto_connect) {
4b9e7e75 6383 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6384 case HCI_AUTO_CONN_ALWAYS:
6385 list_add(&p->action, &hdev->pend_le_conns);
6386 break;
6387 case HCI_AUTO_CONN_REPORT:
6388 list_add(&p->action, &hdev->pend_le_reports);
6389 break;
6390 default:
6391 break;
c83ed19d 6392 }
6046dc3e 6393 }
c83ed19d 6394
2cf22218 6395 __hci_update_background_scan(req);
6046dc3e
AG		 6396}
6397
1904a853 6398static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6399{
6400 struct cmd_lookup match = { NULL, hdev };
6401
6402 BT_DBG("status 0x%02x", status);
6403
162a3bac
MH		 6404 if (!status) {
6405 /* Register the available SMP channels (BR/EDR and LE) only
6406 * when successfully powering on the controller. This late
6407 * registration is required so that LE SMP can clearly
6408 * decide if the public address or static address is used.
6409 */
6410 smp_register(hdev);
6411 }
6412
229ab39c
JH		 6413 hci_dev_lock(hdev);
6414
6415 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6416
6417 new_settings(hdev, match.sk);
6418
6419 hci_dev_unlock(hdev);
6420
6421 if (match.sk)
6422 sock_put(match.sk);
6423}
6424
70da6243 6425static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6426{
890ea898 6427 struct hci_request req;
70da6243 6428 u8 link_sec;
5add6af8 6429
890ea898
JH		 6430 hci_req_init(&req, hdev);
6431
70da6243
JH		 6432 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6433 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6434 u8 mode = 0x01;
5e5282bb 6435
574ea3c7
MH		 6436 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6437
6438 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6439 u8 support = 0x01;
5add6af8 6440
574ea3c7
MH		 6441 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6442 sizeof(support), &support);
6443 }
ec6f99b8
JH		 6444 }
6445
c73eee91
JH		 6446 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6447 lmp_bredr_capable(hdev)) {
70da6243 6448 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6449
32226e4f
MH		 6450 cp.le = 0x01;
6451 cp.simul = 0x00;
3d1cbdd6 6452
70da6243
JH		 6453 /* Check first if we already have the right
6454 * host state (host features set)
6455 */
6456 if (cp.le != lmp_host_le_capable(hdev) ||
6457 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6458 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6459 sizeof(cp), &cp);
70da6243 6460 }
3d1cbdd6 6461
d13eafce 6462 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6463 /* Make sure the controller has a good default for
6464 * advertising data. This also applies to the case
6465 * where BR/EDR was toggled during the AUTO_OFF phase.
6466 */
f14d8f64 6467 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6468 update_adv_data(&req);
f14d8f64
MH		 6469 update_scan_rsp_data(&req);
6470 }
441ad2d0 6471
bba3aa55
MH		 6472 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6473 enable_advertising(&req);
2cf22218
JH		 6474
6475 restart_le_actions(&req);
eeca6f89
JH		 6476 }
6477
70da6243
JH		 6478 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6479 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6480 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6481 sizeof(link_sec), &link_sec);
562fcc24 6482
70da6243 6483 if (lmp_bredr_capable(hdev)) {
432df05e 6484 write_fast_connectable(&req, false);
1d2dc5b7 6485 __hci_update_page_scan(&req);
890ea898 6486 update_class(&req);
13928971 6487 update_name(&req);
890ea898 6488 update_eir(&req);
70da6243 6489 }
562fcc24 6490
229ab39c 6491 return hci_req_run(&req, powered_complete);
70da6243 6492}
562fcc24 6493
70da6243
JH		 6494int mgmt_powered(struct hci_dev *hdev, u8 powered)
6495{
6496 struct cmd_lookup match = { NULL, hdev };
9845904f 6497 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6498 int err;
f0ff92fb 6499
70da6243
JH		 6500 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6501 return 0;
6502
70da6243 6503 if (powered) {
229ab39c
JH		 6504 if (powered_update_hci(hdev) == 0)
6505 return 0;
fe038884 6506
229ab39c
JH		 6507 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6508 &match);
6509 goto new_settings;
b24752fe
JH		 6510 }
6511
229ab39c 6512 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6513
6514 /* If the power off is because of hdev unregistration let
6515 * use the appropriate INVALID_INDEX status. Otherwise use
6516 * NOT_POWERED. We cover both scenarios here since later in
6517 * mgmt_index_removed() any hci_conn callbacks will have already
6518 * been triggered, potentially causing misleading DISCONNECTED
6519 * status responses.
6520 */
6521 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6522 status = MGMT_STATUS_INVALID_INDEX;
6523 else
6524 status = MGMT_STATUS_NOT_POWERED;
6525
6526 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6527
6528 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6529 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6530 zero_cod, sizeof(zero_cod), NULL);
6531
6532new_settings:
beadb2bd 6533 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6534
6535 if (match.sk)
6536 sock_put(match.sk);
6537
7bb895d6 6538 return err;
5add6af8 6539}
73f22f62 6540
3eec705e 6541void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6542{
3b0602cd 6543 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6544 u8 status;
6545
6546 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6547 if (!cmd)
3eec705e 6548 return;
96570ffc
JH		 6549
6550 if (err == -ERFKILL)
6551 status = MGMT_STATUS_RFKILLED;
6552 else
6553 status = MGMT_STATUS_FAILED;
6554
a69e8375 6555 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6556
6557 mgmt_pending_remove(cmd);
96570ffc
JH		 6558}
6559
d1967ff8
MH		 6560void mgmt_discoverable_timeout(struct hci_dev *hdev)
6561{
6562 struct hci_request req;
d1967ff8
MH		 6563
6564 hci_dev_lock(hdev);
6565
6566 /* When discoverable timeout triggers, then just make sure
6567 * the limited discoverable flag is cleared. Even in the case
6568 * of a timeout triggered from general discoverable, it is
6569 * safe to unconditionally clear the flag.
6570 */
6571 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6572 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6573
6574 hci_req_init(&req, hdev);
4b580614
JH		 6575 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6576 u8 scan = SCAN_PAGE;
6577 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6578 sizeof(scan), &scan);
6579 }
d1967ff8 6580 update_class(&req);
9a43e25f 6581 update_adv_data(&req);
d1967ff8
MH		 6582 hci_req_run(&req, NULL);
6583
6584 hdev->discov_timeout = 0;
6585
9a43e25f
JH		 6586 new_settings(hdev, NULL);
6587
d1967ff8
MH		 6588 hci_dev_unlock(hdev);
6589}
6590
dc4a5ee2
MH		 6591void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6592 bool persistent)
55ed8ca1 6593{
86742e1e 6594 struct mgmt_ev_new_link_key ev;
55ed8ca1 6595
a492cd52 6596 memset(&ev, 0, sizeof(ev));
55ed8ca1 6597
a492cd52 6598 ev.store_hint = persistent;
d753fdc4 6599 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6600 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6601 ev.key.type = key->type;
9b3b4460 6602 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6603 ev.key.pin_len = key->pin_len;
55ed8ca1 6604
dc4a5ee2 6605 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6606}
f7520543 6607
d7b25450
JH		 6608static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6609{
23fb8de3
JH		 6610 switch (ltk->type) {
6611 case SMP_LTK:
6612 case SMP_LTK_SLAVE:
6613 if (ltk->authenticated)
6614 return MGMT_LTK_AUTHENTICATED;
6615 return MGMT_LTK_UNAUTHENTICATED;
6616 case SMP_LTK_P256:
6617 if (ltk->authenticated)
6618 return MGMT_LTK_P256_AUTH;
6619 return MGMT_LTK_P256_UNAUTH;
6620 case SMP_LTK_P256_DEBUG:
6621 return MGMT_LTK_P256_DEBUG;
6622 }
d7b25450
JH		 6623
6624 return MGMT_LTK_UNAUTHENTICATED;
6625}
6626
53ac6ab6 6627void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6628{
6629 struct mgmt_ev_new_long_term_key ev;
6630
6631 memset(&ev, 0, sizeof(ev));
6632
5192d301
MH		 6633 /* Devices using resolvable or non-resolvable random addresses
6634 * without providing an indentity resolving key don't require
6635 * to store long term keys. Their addresses will change the
6636 * next time around.
6637 *
6638 * Only when a remote device provides an identity address
6639 * make sure the long term key is stored. If the remote
6640 * identity is known, the long term keys are internally
6641 * mapped to the identity address. So allow static random
6642 * and public addresses here.
6643 */
ba74b666
JH		 6644 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6645 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6646 ev.store_hint = 0x00;
6647 else
53ac6ab6 6648 ev.store_hint = persistent;
ba74b666 6649
346af67b 6650 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6651 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6652 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6653 ev.key.enc_size = key->enc_size;
6654 ev.key.ediv = key->ediv;
fe39c7b2 6655 ev.key.rand = key->rand;
346af67b 6656
2ceba539 6657 if (key->type == SMP_LTK)
346af67b
VCG		 6658 ev.key.master = 1;
6659
346af67b
VCG		 6660 memcpy(ev.key.val, key->val, sizeof(key->val));
6661
083368f7 6662 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6663}
6664
95fbac8a
JH		 6665void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6666{
6667 struct mgmt_ev_new_irk ev;
6668
6669 memset(&ev, 0, sizeof(ev));
6670
bab6d1e5
MH		 6671 /* For identity resolving keys from devices that are already
6672 * using a public address or static random address, do not
6673 * ask for storing this key. The identity resolving key really
6674 * is only mandatory for devices using resovlable random
6675 * addresses.
6676 *
6677 * Storing all identity resolving keys has the downside that
6678 * they will be also loaded on next boot of they system. More
6679 * identity resolving keys, means more time during scanning is
6680 * needed to actually resolve these addresses.
6681 */
6682 if (bacmp(&irk->rpa, BDADDR_ANY))
6683 ev.store_hint = 0x01;
6684 else
6685 ev.store_hint = 0x00;
6686
95fbac8a
JH		 6687 bacpy(&ev.rpa, &irk->rpa);
6688 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6689 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6690 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6691
6692 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6693}
6694
53ac6ab6
MH		 6695void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6696 bool persistent)
7ee4ea36
MH		 6697{
6698 struct mgmt_ev_new_csrk ev;
6699
6700 memset(&ev, 0, sizeof(ev));
6701
6702 /* Devices using resolvable or non-resolvable random addresses
6703 * without providing an indentity resolving key don't require
6704 * to store signature resolving keys. Their addresses will change
6705 * the next time around.
6706 *
6707 * Only when a remote device provides an identity address
6708 * make sure the signature resolving key is stored. So allow
6709 * static random and public addresses here.
6710 */
6711 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6712 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6713 ev.store_hint = 0x00;
6714 else
53ac6ab6 6715 ev.store_hint = persistent;
7ee4ea36
MH		 6716
6717 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6718 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6719 ev.key.type = csrk->type;
7ee4ea36
MH		 6720 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6721
6722 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6723}
6724
ffb5a827 6725void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6726 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6727 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6728{
6729 struct mgmt_ev_new_conn_param ev;
6730
c103aea6
JH		 6731 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6732 return;
6733
ffb5a827
AG		 6734 memset(&ev, 0, sizeof(ev));
6735 bacpy(&ev.addr.bdaddr, bdaddr);
6736 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6737 ev.store_hint = store_hint;
ffb5a827
AG		 6738 ev.min_interval = cpu_to_le16(min_interval);
6739 ev.max_interval = cpu_to_le16(max_interval);
6740 ev.latency = cpu_to_le16(latency);
6741 ev.timeout = cpu_to_le16(timeout);
6742
6743 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6744}
6745
94933991
MH		 6746static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6747 u8 data_len)
6748{
6749 eir[eir_len++] = sizeof(type) + data_len;
6750 eir[eir_len++] = type;
6751 memcpy(&eir[eir_len], data, data_len);
6752 eir_len += data_len;
6753
6754 return eir_len;
6755}
6756
48ec92fa
AA		 6757void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6758 u32 flags, u8 *name, u8 name_len)
f7520543 6759{
b644ba33
JH		 6760 char buf[512];
6761 struct mgmt_ev_device_connected *ev = (void *) buf;
6762 u16 eir_len = 0;
f7520543 6763
48ec92fa
AA		 6764 bacpy(&ev->addr.bdaddr, &conn->dst);
6765 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6766
c95f0ba7 6767 ev->flags = __cpu_to_le32(flags);
08c79b61 6768
fd45ada9
AA		 6769 /* We must ensure that the EIR Data fields are ordered and
6770 * unique. Keep it simple for now and avoid the problem by not
6771 * adding any BR/EDR data to the LE adv.
6772 */
6773 if (conn->le_adv_data_len > 0) {
6774 memcpy(&ev->eir[eir_len],
6775 conn->le_adv_data, conn->le_adv_data_len);
6776 eir_len = conn->le_adv_data_len;
6777 } else {
6778 if (name_len > 0)
6779 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6780 name, name_len);
b644ba33 6781
ddbea5cf 6782 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6783 eir_len = eir_append_data(ev->eir, eir_len,
6784 EIR_CLASS_OF_DEV,
6785 conn->dev_class, 3);
6786 }
b644ba33 6787
eb55ef07 6788 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6789
ecd90ae7
MH		 6790 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6791 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6792}
6793
3b0602cd 6794static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6795{
8962ee74 6796 struct sock **sk = data;
8962ee74 6797
f5818c22 6798 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6799
6800 *sk = cmd->sk;
6801 sock_hold(*sk);
6802
a664b5bc 6803 mgmt_pending_remove(cmd);
8962ee74
JH		 6804}
6805
3b0602cd 6806static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6807{
b1078ad0 6808 struct hci_dev *hdev = data;
124f6e35 6809 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6810
b1078ad0
JH		 6811 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6812
d8b7b1e4 6813 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6814 mgmt_pending_remove(cmd);
6815}
6816
84c61d92
JH		 6817bool mgmt_powering_down(struct hci_dev *hdev)
6818{
3b0602cd 6819 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6820 struct mgmt_mode *cp;
6821
6822 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6823 if (!cmd)
6824 return false;
6825
6826 cp = cmd->param;
6827 if (!cp->val)
6828 return true;
6829
6830 return false;
6831}
6832
9b80ec5e 6833void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6834 u8 link_type, u8 addr_type, u8 reason,
6835 bool mgmt_connected)
f7520543 6836{
f0d6a0ea 6837 struct mgmt_ev_device_disconnected ev;
8962ee74 6838 struct sock *sk = NULL;
8962ee74 6839
84c61d92
JH		 6840 /* The connection is still in hci_conn_hash so test for 1
6841 * instead of 0 to know if this is the last one.
6842 */
6843 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6844 cancel_delayed_work(&hdev->power_off);
6845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6846 }
6847
12d4a3b2
JH		 6848 if (!mgmt_connected)
6849 return;
6850
57eb776f
AG		 6851 if (link_type != ACL_LINK && link_type != LE_LINK)
6852 return;
6853
744cf19e 6854 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6855
f0d6a0ea
MA		 6856 bacpy(&ev.addr.bdaddr, bdaddr);
6857 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6858 ev.reason = reason;
f7520543 6859
9b80ec5e 6860 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6861
6862 if (sk)
d97dcb66 6863 sock_put(sk);
8962ee74 6864
124f6e35 6865 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6866 hdev);
8962ee74
JH		 6867}
6868
7892924c
MH		 6869void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6870 u8 link_type, u8 addr_type, u8 status)
8962ee74 6871{
3655bba8
AG		 6872 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6873 struct mgmt_cp_disconnect *cp;
3b0602cd 6874 struct mgmt_pending_cmd *cmd;
8962ee74 6875
36a75f1b
JD		 6876 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6877 hdev);
6878
2e58ef3e 6879 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6880 if (!cmd)
7892924c 6881 return;
8962ee74 6882
3655bba8
AG		 6883 cp = cmd->param;
6884
6885 if (bacmp(bdaddr, &cp->addr.bdaddr))
6886 return;
6887
6888 if (cp->addr.type != bdaddr_type)
6889 return;
6890
f5818c22 6891 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6892 mgmt_pending_remove(cmd);
f7520543 6893}
17d5c04c 6894
445608d0
MH		 6895void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6896 u8 addr_type, u8 status)
17d5c04c
JH		 6897{
6898 struct mgmt_ev_connect_failed ev;
c9910d0f 6899
84c61d92
JH		 6900 /* The connection is still in hci_conn_hash so test for 1
6901 * instead of 0 to know if this is the last one.
6902 */
6903 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6904 cancel_delayed_work(&hdev->power_off);
6905 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6906 }
17d5c04c 6907
4c659c39 6908 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6909 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6910 ev.status = mgmt_status(status);
17d5c04c 6911
445608d0 6912 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6913}
980e1a53 6914
ce0e4a0d 6915void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6916{
6917 struct mgmt_ev_pin_code_request ev;
6918
d8457698 6919 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6920 ev.addr.type = BDADDR_BREDR;
a770bb5a 6921 ev.secure = secure;
980e1a53 6922
ce0e4a0d 6923 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6924}
6925
e669cf80
MH		 6926void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6927 u8 status)
980e1a53 6928{
3b0602cd 6929 struct mgmt_pending_cmd *cmd;
980e1a53 6930
2e58ef3e 6931 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6932 if (!cmd)
e669cf80 6933 return;
980e1a53 6934
7776d1d8 6935 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6936 mgmt_pending_remove(cmd);
980e1a53
JH		 6937}
6938
3eb38528
MH		 6939void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6940 u8 status)
980e1a53 6941{
3b0602cd 6942 struct mgmt_pending_cmd *cmd;
980e1a53 6943
2e58ef3e 6944 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6945 if (!cmd)
3eb38528 6946 return;
980e1a53 6947
7776d1d8 6948 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6949 mgmt_pending_remove(cmd);
980e1a53 6950}
a5c29683 6951
744cf19e 6952int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6953 u8 link_type, u8 addr_type, u32 value,
04124681 6954 u8 confirm_hint)
a5c29683
JH		 6955{
6956 struct mgmt_ev_user_confirm_request ev;
6957
744cf19e 6958 BT_DBG("%s", hdev->name);
a5c29683 6959
272d90df 6960 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6961 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6962 ev.confirm_hint = confirm_hint;
39adbffe 6963 ev.value = cpu_to_le32(value);
a5c29683 6964
744cf19e 6965 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6966 NULL);
a5c29683
JH		 6967}
6968
272d90df 6969int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6970 u8 link_type, u8 addr_type)
604086b7
BG		 6971{
6972 struct mgmt_ev_user_passkey_request ev;
6973
6974 BT_DBG("%s", hdev->name);
6975
272d90df 6976 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6977 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6978
6979 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6980 NULL);
604086b7
BG		 6981}
6982
0df4c185 6983static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6984 u8 link_type, u8 addr_type, u8 status,
6985 u8 opcode)
a5c29683 6986{
3b0602cd 6987 struct mgmt_pending_cmd *cmd;
a5c29683 6988
2e58ef3e 6989 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6990 if (!cmd)
6991 return -ENOENT;
6992
7776d1d8 6993 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6994 mgmt_pending_remove(cmd);
a5c29683 6995
7776d1d8 6996 return 0;
a5c29683
JH		 6997}
6998
744cf19e 6999int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7000 u8 link_type, u8 addr_type, u8 status)
a5c29683 7001{
272d90df 7002 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7003 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7004}
7005
272d90df 7006int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7007 u8 link_type, u8 addr_type, u8 status)
a5c29683 7008{
272d90df 7009 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7010 status,
7011 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7012}
2a611692 7013
604086b7 7014int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7015 u8 link_type, u8 addr_type, u8 status)
604086b7 7016{
272d90df 7017 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7018 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7019}
7020
272d90df 7021int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7022 u8 link_type, u8 addr_type, u8 status)
604086b7 7023{
272d90df 7024 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7025 status,
7026 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7027}
7028
92a25256
JH		 7029int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7030 u8 link_type, u8 addr_type, u32 passkey,
7031 u8 entered)
7032{
7033 struct mgmt_ev_passkey_notify ev;
7034
7035 BT_DBG("%s", hdev->name);
7036
7037 bacpy(&ev.addr.bdaddr, bdaddr);
7038 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7039 ev.passkey = __cpu_to_le32(passkey);
7040 ev.entered = entered;
7041
7042 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7043}
7044
e1e930f5 7045void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7046{
7047 struct mgmt_ev_auth_failed ev;
3b0602cd 7048 struct mgmt_pending_cmd *cmd;
e1e930f5 7049 u8 status = mgmt_status(hci_status);
2a611692 7050
e1e930f5
JH		 7051 bacpy(&ev.addr.bdaddr, &conn->dst);
7052 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7053 ev.status = status;
2a611692 7054
e1e930f5
JH		 7055 cmd = find_pairing(conn);
7056
7057 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7058 cmd ? cmd->sk : NULL);
7059
a511b35b
JH		 7060 if (cmd) {
7061 cmd->cmd_complete(cmd, status);
7062 mgmt_pending_remove(cmd);
7063 }
2a611692 7064}
b312b161 7065
464996ae 7066void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7067{
7068 struct cmd_lookup match = { NULL, hdev };
464996ae 7069 bool changed;
33ef95ed
JH		 7070
7071 if (status) {
7072 u8 mgmt_err = mgmt_status(status);
7073 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7074 cmd_status_rsp, &mgmt_err);
464996ae 7075 return;
33ef95ed
JH		 7076 }
7077
464996ae
MH		 7078 if (test_bit(HCI_AUTH, &hdev->flags))
7079 changed = !test_and_set_bit(HCI_LINK_SECURITY,
7080 &hdev->dev_flags);
7081 else
7082 changed = test_and_clear_bit(HCI_LINK_SECURITY,
7083 &hdev->dev_flags);
47990ea0 7084
33ef95ed 7085 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7086 &match);
33ef95ed 7087
47990ea0 7088 if (changed)
464996ae 7089 new_settings(hdev, match.sk);
33ef95ed
JH		 7090
7091 if (match.sk)
7092 sock_put(match.sk);
33ef95ed
JH		 7093}
7094
890ea898 7095static void clear_eir(struct hci_request *req)
cacaf52f 7096{
890ea898 7097 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7098 struct hci_cp_write_eir cp;
7099
976eb20e 7100 if (!lmp_ext_inq_capable(hdev))
890ea898 7101 return;
cacaf52f 7102
c80da27e
JH		 7103 memset(hdev->eir, 0, sizeof(hdev->eir));
7104
cacaf52f
JH		 7105 memset(&cp, 0, sizeof(cp));
7106
890ea898 7107 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7108}
7109
3e248560 7110void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7111{
7112 struct cmd_lookup match = { NULL, hdev };
890ea898 7113 struct hci_request req;
c0ecddc2 7114 bool changed = false;
ed2c4ee3
JH		 7115
7116 if (status) {
7117 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 7118
7119 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 7120 &hdev->dev_flags)) {
7121 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 7122 new_settings(hdev, NULL);
9ecb3e24 7123 }
c0ecddc2 7124
04124681
GP		 7125 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7126 &mgmt_err);
3e248560 7127 return;
c0ecddc2
JH		 7128 }
7129
7130 if (enable) {
9ecb3e24 7131 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 7132 } else {
9ecb3e24
MH		 7133 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
7134 if (!changed)
7135 changed = test_and_clear_bit(HCI_HS_ENABLED,
7136 &hdev->dev_flags);
7137 else
7138 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 7139 }
7140
7141 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7142
c0ecddc2 7143 if (changed)
3e248560 7144 new_settings(hdev, match.sk);
ed2c4ee3 7145
5fc6ebb1 7146 if (match.sk)
ed2c4ee3
JH		 7147 sock_put(match.sk);
7148
890ea898
JH		 7149 hci_req_init(&req, hdev);
7150
3769972b
JH		 7151 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
7152 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
7153 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7154 sizeof(enable), &enable);
890ea898 7155 update_eir(&req);
3769972b 7156 } else {
890ea898 7157 clear_eir(&req);
3769972b 7158 }
890ea898
JH		 7159
7160 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7161}
7162
3b0602cd 7163static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7164{
7165 struct cmd_lookup *match = data;
7166
90e70454
JH		 7167 if (match->sk == NULL) {
7168 match->sk = cmd->sk;
7169 sock_hold(match->sk);
7170 }
90e70454
JH		 7171}
7172
4e1b0245
MH		 7173void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7174 u8 status)
7f9a903c 7175{
90e70454 7176 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7177
92da6097
JH		 7178 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7179 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7180 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7181
7182 if (!status)
4e1b0245
MH		 7183 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7184 NULL);
90e70454
JH		 7185
7186 if (match.sk)
7187 sock_put(match.sk);
7f9a903c
MH		 7188}
7189
7667da34 7190void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7191{
b312b161 7192 struct mgmt_cp_set_local_name ev;
3b0602cd 7193 struct mgmt_pending_cmd *cmd;
28cc7bde 7194
13928971 7195 if (status)
7667da34 7196 return;
b312b161
JH		 7197
7198 memset(&ev, 0, sizeof(ev));
7199 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7200 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7201
2e58ef3e 7202 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7203 if (!cmd) {
7204 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7205
13928971
JH		 7206 /* If this is a HCI command related to powering on the
7207 * HCI dev don't send any mgmt signals.
7208 */
7209 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7210 return;
890ea898 7211 }
b312b161 7212
7667da34
MH		 7213 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7214 cmd ? cmd->sk : NULL);
b312b161 7215}
c35938b2 7216
4d2d2796 7217void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7218 u8 *rand192, u8 *hash256, u8 *rand256,
7219 u8 status)
c35938b2 7220{
3b0602cd 7221 struct mgmt_pending_cmd *cmd;
c35938b2 7222
744cf19e 7223 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7224
2e58ef3e 7225 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7226 if (!cmd)
3edaf092 7227 return;
c35938b2
SJ		 7228
7229 if (status) {
a69e8375
JH		 7230 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7231 mgmt_status(status));
c35938b2 7232 } else {
66f096f7
JH		 7233 struct mgmt_rp_read_local_oob_data rp;
7234 size_t rp_size = sizeof(rp);
4d2d2796 7235
66f096f7
JH		 7236 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7237 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7238
66f096f7 7239 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7240 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7241 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7242 } else {
66f096f7 7243 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7244 }
66f096f7 7245
2a1afb5a
JH		 7246 mgmt_cmd_complete(cmd->sk, hdev->id,
7247 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7248 &rp, rp_size);
c35938b2
SJ		 7249 }
7250
7251 mgmt_pending_remove(cmd);
c35938b2 7252}
e17acd40 7253
799ce93d
JP		 7254static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7255{
7256 int i;
7257
7258 for (i = 0; i < uuid_count; i++) {
7259 if (!memcmp(uuid, uuids[i], 16))
7260 return true;
7261 }
7262
7263 return false;
7264}
7265
b487b9ce
MH		 7266static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7267{
799ce93d
JP		 7268 u16 parsed = 0;
7269
7270 while (parsed < eir_len) {
7271 u8 field_len = eir[0];
7272 u8 uuid[16];
7273 int i;
7274
7275 if (field_len == 0)
7276 break;
7277
7278 if (eir_len - parsed < field_len + 1)
7279 break;
7280
7281 switch (eir[1]) {
7282 case EIR_UUID16_ALL:
7283 case EIR_UUID16_SOME:
7284 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7285 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7286 uuid[13] = eir[i + 3];
7287 uuid[12] = eir[i + 2];
7288 if (has_uuid(uuid, uuid_count, uuids))
7289 return true;
7290 }
7291 break;
7292 case EIR_UUID32_ALL:
7293 case EIR_UUID32_SOME:
7294 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7295 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7296 uuid[15] = eir[i + 5];
7297 uuid[14] = eir[i + 4];
7298 uuid[13] = eir[i + 3];
7299 uuid[12] = eir[i + 2];
7300 if (has_uuid(uuid, uuid_count, uuids))
7301 return true;
7302 }
7303 break;
7304 case EIR_UUID128_ALL:
7305 case EIR_UUID128_SOME:
7306 for (i = 0; i + 17 <= field_len; i += 16) {
7307 memcpy(uuid, eir + i + 2, 16);
7308 if (has_uuid(uuid, uuid_count, uuids))
7309 return true;
7310 }
7311 break;
7312 }
7313
7314 parsed += field_len + 1;
7315 eir += field_len + 1;
7316 }
7317
b487b9ce
MH		 7318 return false;
7319}
7320
4b0e0ced
JP		 7321static void restart_le_scan(struct hci_dev *hdev)
7322{
7323 /* If controller is not scanning we are done. */
7324 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
7325 return;
7326
7327 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7328 hdev->discovery.scan_start +
7329 hdev->discovery.scan_duration))
7330 return;
7331
7332 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7333 DISCOV_LE_RESTART_DELAY);
7334}
7335
48f86b7f
JP		 7336static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7337 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7338{
48f86b7f
JP		 7339 /* If a RSSI threshold has been specified, and
7340 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7341 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7342 * is set, let it through for further processing, as we might need to
7343 * restart the scan.
efb2513f
MH		 7344 *
7345 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7346 * the results are also dropped.
bda157a4
MH		 7347 */
7348 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7349 (rssi == HCI_RSSI_INVALID ||
7350 (rssi < hdev->discovery.rssi &&
7351 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7352 return false;
efb2513f 7353
2976cdeb
JP		 7354 if (hdev->discovery.uuid_count != 0) {
7355 /* If a list of UUIDs is provided in filter, results with no
7356 * matching UUID should be dropped.
b487b9ce 7357 */
2976cdeb
JP		 7358 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7359 hdev->discovery.uuids) &&
7360 !eir_has_uuids(scan_rsp, scan_rsp_len,
7361 hdev->discovery.uuid_count,
7362 hdev->discovery.uuids))
7363 return false;
b487b9ce 7364 }
5d2e9fad 7365
2976cdeb
JP		 7366 /* If duplicate filtering does not report RSSI changes, then restart
7367 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7368 */
2976cdeb
JP		 7369 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7370 restart_le_scan(hdev);
7371
7372 /* Validate RSSI value against the RSSI threshold once more. */
7373 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7374 rssi < hdev->discovery.rssi)
7375 return false;
7376 }
48f86b7f
JP		 7377
7378 return true;
7379}
7380
7381void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7382 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7383 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7384{
7385 char buf[512];
7386 struct mgmt_ev_device_found *ev = (void *)buf;
7387 size_t ev_size;
7388
7389 /* Don't send events for a non-kernel initiated discovery. With
7390 * LE one exception is if we have pend_le_reports > 0 in which
7391 * case we're doing passive scanning and want these events.
7392 */
7393 if (!hci_discovery_active(hdev)) {
7394 if (link_type == ACL_LINK)
7395 return;
7396 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7397 return;
7398 }
7399
82f8b651 7400 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7401 /* We are using service discovery */
7402 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7403 scan_rsp_len))
7404 return;
7405 }
7406
7407 /* Make sure that the buffer is big enough. The 5 extra bytes
7408 * are for the potential CoD field.
7409 */
7410 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7411 return;
7412
48f86b7f
JP		 7413 memset(buf, 0, sizeof(buf));
7414
7415 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7416 * RSSI value was reported as 0 when not available. This behavior
7417 * is kept when using device discovery. This is required for full
7418 * backwards compatibility with the API.
7419 *
7420 * However when using service discovery, the value 127 will be
7421 * returned when the RSSI is not available.
7422 */
7423 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7424 link_type == ACL_LINK)
7425 rssi = 0;
7426
7427 bacpy(&ev->addr.bdaddr, bdaddr);
7428 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7429 ev->rssi = rssi;
7430 ev->flags = cpu_to_le32(flags);
7431
7432 if (eir_len > 0)
7433 /* Copy EIR or advertising data into event */
7434 memcpy(ev->eir, eir, eir_len);
7435
7436 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7437 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7438 dev_class, 3);
7439
7440 if (scan_rsp_len > 0)
7441 /* Append scan response data to event */
7442 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7443
5d2e9fad
JH		 7444 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7445 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7446
901801b9 7447 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7448}
a88a9652 7449
9cf12aee
MH		 7450void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7451 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7452{
b644ba33
JH		 7453 struct mgmt_ev_device_found *ev;
7454 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7455 u16 eir_len;
a88a9652 7456
b644ba33 7457 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7458
b644ba33
JH		 7459 memset(buf, 0, sizeof(buf));
7460
7461 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7462 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7463 ev->rssi = rssi;
7464
7465 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7466 name_len);
b644ba33 7467
eb55ef07 7468 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7469
9cf12aee 7470 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7471}
314b2381 7472
2f1e063b 7473void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7474{
f963e8e9 7475 struct mgmt_ev_discovering ev;
164a6e78 7476
343fb145
AG		 7477 BT_DBG("%s discovering %u", hdev->name, discovering);
7478
f963e8e9
JH		 7479 memset(&ev, 0, sizeof(ev));
7480 ev.type = hdev->discovery.type;
7481 ev.discovering = discovering;
7482
2f1e063b 7483 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7484}
5e762444 7485
1904a853 7486static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7487{
7488 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7489}
7490
7491void mgmt_reenable_advertising(struct hci_dev *hdev)
7492{
7493 struct hci_request req;
7494
5976e608
MH		 7495 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7496 return;
7497
7498 hci_req_init(&req, hdev);
7499 enable_advertising(&req);
0ec5ae84 7500 hci_req_run(&req, adv_enable_complete);
5976e608 7501}
6d785aa3
JH		 7502
7503static struct hci_mgmt_chan chan = {
7504 .channel = HCI_CHANNEL_CONTROL,
7505 .handler_count = ARRAY_SIZE(mgmt_handlers),
7506 .handlers = mgmt_handlers,
7507};
7508
7509int mgmt_init(void)
7510{
7511 return hci_mgmt_chan_register(&chan);
7512}
7513
7514void mgmt_exit(void)
7515{
7516 hci_mgmt_chan_unregister(&chan);
7517}
Linux kernel - Deliverables
This page took 0.915499 seconds and 5 git commands to generate.