projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move mgmt_event helper function to different location
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
e70bb2e8
JH		 95};
96
97static const u16 mgmt_events[] = {
98 MGMT_EV_CONTROLLER_ERROR,
99 MGMT_EV_INDEX_ADDED,
100 MGMT_EV_INDEX_REMOVED,
101 MGMT_EV_NEW_SETTINGS,
102 MGMT_EV_CLASS_OF_DEV_CHANGED,
103 MGMT_EV_LOCAL_NAME_CHANGED,
104 MGMT_EV_NEW_LINK_KEY,
105 MGMT_EV_NEW_LONG_TERM_KEY,
106 MGMT_EV_DEVICE_CONNECTED,
107 MGMT_EV_DEVICE_DISCONNECTED,
108 MGMT_EV_CONNECT_FAILED,
109 MGMT_EV_PIN_CODE_REQUEST,
110 MGMT_EV_USER_CONFIRM_REQUEST,
111 MGMT_EV_USER_PASSKEY_REQUEST,
112 MGMT_EV_AUTH_FAILED,
113 MGMT_EV_DEVICE_FOUND,
114 MGMT_EV_DISCOVERING,
115 MGMT_EV_DEVICE_BLOCKED,
116 MGMT_EV_DEVICE_UNBLOCKED,
117 MGMT_EV_DEVICE_UNPAIRED,
92a25256 118 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 119 MGMT_EV_NEW_IRK,
7ee4ea36 120 MGMT_EV_NEW_CSRK,
8afef092
MH		 121 MGMT_EV_DEVICE_ADDED,
122 MGMT_EV_DEVICE_REMOVED,
ffb5a827 123 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 124 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 125 MGMT_EV_UNCONF_INDEX_REMOVED,
e70bb2e8
JH		 126};
127
17b02e62 128#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 129
4b34ee78
JH		 130#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
131 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
132
eec8d2bc
JH		 133struct pending_cmd {
134 struct list_head list;
fc2f4b13 135 u16 opcode;
eec8d2bc 136 int index;
c68fb7ff 137 void *param;
eec8d2bc 138 struct sock *sk;
e9a416b5 139 void *user_data;
eec8d2bc
JH		 140};
141
ca69b795
JH		 142/* HCI to MGMT error code conversion table */
143static u8 mgmt_status_table[] = {
144 MGMT_STATUS_SUCCESS,
145 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
146 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
147 MGMT_STATUS_FAILED, /* Hardware Failure */
148 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
149 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 150 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 151 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
152 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
154 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
155 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
156 MGMT_STATUS_BUSY, /* Command Disallowed */
157 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
158 MGMT_STATUS_REJECTED, /* Rejected Security */
159 MGMT_STATUS_REJECTED, /* Rejected Personal */
160 MGMT_STATUS_TIMEOUT, /* Host Timeout */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
162 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
163 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
164 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
165 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
166 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
167 MGMT_STATUS_BUSY, /* Repeated Attempts */
168 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
169 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
170 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
171 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
172 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
173 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
174 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
175 MGMT_STATUS_FAILED, /* Unspecified Error */
176 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
177 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
178 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
179 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
180 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
181 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
182 MGMT_STATUS_FAILED, /* Unit Link Key Used */
183 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
184 MGMT_STATUS_TIMEOUT, /* Instant Passed */
185 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
186 MGMT_STATUS_FAILED, /* Transaction Collision */
187 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
188 MGMT_STATUS_REJECTED, /* QoS Rejected */
189 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
190 MGMT_STATUS_REJECTED, /* Insufficient Security */
191 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
192 MGMT_STATUS_BUSY, /* Role Switch Pending */
193 MGMT_STATUS_FAILED, /* Slot Violation */
194 MGMT_STATUS_FAILED, /* Role Switch Failed */
195 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
196 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
197 MGMT_STATUS_BUSY, /* Host Busy Pairing */
198 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
199 MGMT_STATUS_BUSY, /* Controller Busy */
200 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
201 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
202 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
203 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
204 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
205};
206
207static u8 mgmt_status(u8 hci_status)
208{
209 if (hci_status < ARRAY_SIZE(mgmt_status_table))
210 return mgmt_status_table[hci_status];
211
212 return MGMT_STATUS_FAILED;
213}
214
04c60f05
MH		 215static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
216 struct sock *skip_sk)
217{
218 struct sk_buff *skb;
219 struct mgmt_hdr *hdr;
220
221 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
222 if (!skb)
223 return -ENOMEM;
224
225 hdr = (void *) skb_put(skb, sizeof(*hdr));
226 hdr->opcode = cpu_to_le16(event);
227 if (hdev)
228 hdr->index = cpu_to_le16(hdev->id);
229 else
230 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
231 hdr->len = cpu_to_le16(data_len);
232
233 if (data)
234 memcpy(skb_put(skb, data_len), data, data_len);
235
236 /* Time stamp */
237 __net_timestamp(skb);
238
239 hci_send_to_control(skb, skip_sk);
240 kfree_skb(skb);
241
242 return 0;
243}
244
4e51eae9 245static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 246{
247 struct sk_buff *skb;
248 struct mgmt_hdr *hdr;
249 struct mgmt_ev_cmd_status *ev;
56b7d137 250 int err;
f7b64e69 251
34eb525c 252 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 253
790eff44 254 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 255 if (!skb)
256 return -ENOMEM;
257
258 hdr = (void *) skb_put(skb, sizeof(*hdr));
259
dcf4adbf 260 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 261 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 262 hdr->len = cpu_to_le16(sizeof(*ev));
263
264 ev = (void *) skb_put(skb, sizeof(*ev));
265 ev->status = status;
eb55ef07 266 ev->opcode = cpu_to_le16(cmd);
f7b64e69 267
56b7d137
GP		 268 err = sock_queue_rcv_skb(sk, skb);
269 if (err < 0)
f7b64e69
JH		 270 kfree_skb(skb);
271
56b7d137 272 return err;
f7b64e69
JH		 273}
274
aee9b218 275static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 276 void *rp, size_t rp_len)
02d98129
JH		 277{
278 struct sk_buff *skb;
279 struct mgmt_hdr *hdr;
280 struct mgmt_ev_cmd_complete *ev;
56b7d137 281 int err;
02d98129
JH		 282
283 BT_DBG("sock %p", sk);
284
790eff44 285 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 286 if (!skb)
287 return -ENOMEM;
288
289 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 290
dcf4adbf 291 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 292 hdr->index = cpu_to_le16(index);
a38528f1 293 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 294
a38528f1 295 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 296 ev->opcode = cpu_to_le16(cmd);
aee9b218 297 ev->status = status;
8020c16a
SJ		 298
299 if (rp)
300 memcpy(ev->data, rp, rp_len);
02d98129 301
56b7d137
GP		 302 err = sock_queue_rcv_skb(sk, skb);
303 if (err < 0)
02d98129
JH		 304 kfree_skb(skb);
305
e5f0e151 306 return err;
02d98129
JH		 307}
308
04124681
GP		 309static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
310 u16 data_len)
a38528f1
JH		 311{
312 struct mgmt_rp_read_version rp;
313
314 BT_DBG("sock %p", sk);
315
316 rp.version = MGMT_VERSION;
dcf4adbf 317 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 318
aee9b218 319 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 320 sizeof(rp));
a38528f1
JH		 321}
322
04124681
GP		 323static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
324 u16 data_len)
e70bb2e8
JH		 325{
326 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 327 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
328 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 329 __le16 *opcode;
e70bb2e8
JH		 330 size_t rp_size;
331 int i, err;
332
333 BT_DBG("sock %p", sk);
334
335 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
336
337 rp = kmalloc(rp_size, GFP_KERNEL);
338 if (!rp)
339 return -ENOMEM;
340
dcf4adbf
JP		 341 rp->num_commands = cpu_to_le16(num_commands);
342 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 343
344 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
345 put_unaligned_le16(mgmt_commands[i], opcode);
346
347 for (i = 0; i < num_events; i++, opcode++)
348 put_unaligned_le16(mgmt_events[i], opcode);
349
aee9b218 350 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 351 rp_size);
e70bb2e8
JH		 352 kfree(rp);
353
354 return err;
355}
356
04124681
GP		 357static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
358 u16 data_len)
faba42eb 359{
faba42eb 360 struct mgmt_rp_read_index_list *rp;
8035ded4 361 struct hci_dev *d;
a38528f1 362 size_t rp_len;
faba42eb 363 u16 count;
476e44cb 364 int err;
faba42eb
JH		 365
366 BT_DBG("sock %p", sk);
367
368 read_lock(&hci_dev_list_lock);
369
370 count = 0;
bb4b2a9a 371 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 372 if (d->dev_type == HCI_BREDR &&
373 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 374 count++;
faba42eb
JH		 375 }
376
a38528f1
JH		 377 rp_len = sizeof(*rp) + (2 * count);
378 rp = kmalloc(rp_len, GFP_ATOMIC);
379 if (!rp) {
b2c60d42 380 read_unlock(&hci_dev_list_lock);
faba42eb 381 return -ENOMEM;
b2c60d42 382 }
faba42eb 383
476e44cb 384 count = 0;
8035ded4 385 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 386 if (test_bit(HCI_SETUP, &d->dev_flags) ||
387 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 388 continue;
389
73d1df2a
MH		 390 /* Devices marked as raw-only are neither configured
391 * nor unconfigured controllers.
392 */
393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 394 continue;
395
73d1df2a
MH		 396 if (d->dev_type == HCI_BREDR &&
397 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 398 rp->index[count++] = cpu_to_le16(d->id);
399 BT_DBG("Added hci%u", d->id);
400 }
faba42eb
JH		 401 }
402
476e44cb
JH		 403 rp->num_controllers = cpu_to_le16(count);
404 rp_len = sizeof(*rp) + (2 * count);
405
faba42eb
JH		 406 read_unlock(&hci_dev_list_lock);
407
aee9b218 408 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 409 rp_len);
faba42eb 410
a38528f1
JH		 411 kfree(rp);
412
413 return err;
faba42eb
JH		 414}
415
73d1df2a
MH		 416static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
417 void *data, u16 data_len)
418{
419 struct mgmt_rp_read_unconf_index_list *rp;
420 struct hci_dev *d;
421 size_t rp_len;
422 u16 count;
423 int err;
424
425 BT_DBG("sock %p", sk);
426
427 read_lock(&hci_dev_list_lock);
428
429 count = 0;
430 list_for_each_entry(d, &hci_dev_list, list) {
431 if (d->dev_type == HCI_BREDR &&
432 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
433 count++;
434 }
435
436 rp_len = sizeof(*rp) + (2 * count);
437 rp = kmalloc(rp_len, GFP_ATOMIC);
438 if (!rp) {
439 read_unlock(&hci_dev_list_lock);
440 return -ENOMEM;
441 }
442
443 count = 0;
444 list_for_each_entry(d, &hci_dev_list, list) {
445 if (test_bit(HCI_SETUP, &d->dev_flags) ||
446 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
447 continue;
448
449 /* Devices marked as raw-only are neither configured
450 * nor unconfigured controllers.
451 */
452 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
453 continue;
454
455 if (d->dev_type == HCI_BREDR &&
456 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
457 rp->index[count++] = cpu_to_le16(d->id);
458 BT_DBG("Added hci%u", d->id);
459 }
460 }
461
462 rp->num_controllers = cpu_to_le16(count);
463 rp_len = sizeof(*rp) + (2 * count);
464
465 read_unlock(&hci_dev_list_lock);
466
467 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
468 0, rp, rp_len);
469
470 kfree(rp);
471
472 return err;
473}
474
dbece37a
MH		 475static bool is_configured(struct hci_dev *hdev)
476{
477 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
478 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
479 return false;
480
481 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
482 !bacmp(&hdev->public_addr, BDADDR_ANY))
483 return false;
484
485 return true;
486}
487
89bc22d2
MH		 488static __le32 get_missing_options(struct hci_dev *hdev)
489{
490 u32 options = 0;
491
dbece37a
MH		 492 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
493 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 494 options |= MGMT_OPTION_EXTERNAL_CONFIG;
495
89bc22d2
MH		 496 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
497 !bacmp(&hdev->public_addr, BDADDR_ANY))
498 options |= MGMT_OPTION_PUBLIC_ADDRESS;
499
500 return cpu_to_le32(options);
501}
502
dbece37a
MH		 503static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
504{
505 __le32 options = get_missing_options(hdev);
506
507 return cmd_complete(sk, hdev->id, opcode, 0, &options,
508 sizeof(options));
509}
510
9fc3bfb6
MH		 511static int read_config_info(struct sock *sk, struct hci_dev *hdev,
512 void *data, u16 data_len)
513{
514 struct mgmt_rp_read_config_info rp;
89bc22d2 515 u32 options = 0;
9fc3bfb6
MH		 516
517 BT_DBG("sock %p %s", sk, hdev->name);
518
519 hci_dev_lock(hdev);
520
521 memset(&rp, 0, sizeof(rp));
522 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 523
eb1904f4
MH		 524 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
525 options |= MGMT_OPTION_EXTERNAL_CONFIG;
526
9fc3bfb6 527 if (hdev->set_bdaddr)
89bc22d2
MH		 528 options |= MGMT_OPTION_PUBLIC_ADDRESS;
529
530 rp.supported_options = cpu_to_le32(options);
531 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 532
533 hci_dev_unlock(hdev);
534
535 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
536 sizeof(rp));
537}
538
69ab39ea
JH		 539static u32 get_supported_settings(struct hci_dev *hdev)
540{
541 u32 settings = 0;
542
543 settings |= MGMT_SETTING_POWERED;
69ab39ea 544 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 545 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 546
ed3fa31f 547 if (lmp_bredr_capable(hdev)) {
33c525c0 548 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 549 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
550 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 551 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 552 settings |= MGMT_SETTING_BREDR;
553 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 554
555 if (lmp_ssp_capable(hdev)) {
556 settings |= MGMT_SETTING_SSP;
557 settings |= MGMT_SETTING_HS;
558 }
e98d2ce2 559
5afeac14 560 if (lmp_sc_capable(hdev) ||
111902f7 561 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 562 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 563 }
d7b7e796 564
eeca6f89 565 if (lmp_le_capable(hdev)) {
9d42820f 566 settings |= MGMT_SETTING_LE;
eeca6f89 567 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 568 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 569 }
69ab39ea 570
eb1904f4
MH		 571 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
572 hdev->set_bdaddr)
9fc3bfb6
MH		 573 settings |= MGMT_SETTING_CONFIGURATION;
574
69ab39ea
JH		 575 return settings;
576}
577
578static u32 get_current_settings(struct hci_dev *hdev)
579{
580 u32 settings = 0;
581
f1f0eb02 582 if (hdev_is_powered(hdev))
f0d4b78a
MH		 583 settings |= MGMT_SETTING_POWERED;
584
5e5282bb 585 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 586 settings |= MGMT_SETTING_CONNECTABLE;
587
1a4d3c4b
JH		 588 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
589 settings |= MGMT_SETTING_FAST_CONNECTABLE;
590
5e5282bb 591 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 592 settings |= MGMT_SETTING_DISCOVERABLE;
593
a8b2d5c2 594 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 595 settings |= MGMT_SETTING_PAIRABLE;
596
56f87901 597 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 598 settings |= MGMT_SETTING_BREDR;
599
06199cf8 600 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 601 settings |= MGMT_SETTING_LE;
602
47990ea0 603 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_LINK_SECURITY;
605
84bde9d6 606 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_SSP;
608
6d80dfd0
JH		 609 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
610 settings |= MGMT_SETTING_HS;
611
f3d3444a 612 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 613 settings |= MGMT_SETTING_ADVERTISING;
614
e98d2ce2
MH		 615 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
616 settings |= MGMT_SETTING_SECURE_CONN;
617
0663b297 618 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 619 settings |= MGMT_SETTING_DEBUG_KEYS;
620
0f4bd942
JH		 621 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
622 settings |= MGMT_SETTING_PRIVACY;
623
69ab39ea
JH		 624 return settings;
625}
626
ef580372
JH		 627#define PNP_INFO_SVCLASS_ID 0x1200
628
213202ed
JH		 629static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
630{
631 u8 *ptr = data, *uuids_start = NULL;
632 struct bt_uuid *uuid;
633
634 if (len < 4)
635 return ptr;
636
637 list_for_each_entry(uuid, &hdev->uuids, list) {
638 u16 uuid16;
639
640 if (uuid->size != 16)
641 continue;
642
643 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
644 if (uuid16 < 0x1100)
645 continue;
646
647 if (uuid16 == PNP_INFO_SVCLASS_ID)
648 continue;
649
650 if (!uuids_start) {
651 uuids_start = ptr;
652 uuids_start[0] = 1;
653 uuids_start[1] = EIR_UUID16_ALL;
654 ptr += 2;
655 }
656
657 /* Stop if not enough space to put next UUID */
658 if ((ptr - data) + sizeof(u16) > len) {
659 uuids_start[1] = EIR_UUID16_SOME;
660 break;
661 }
662
663 *ptr++ = (uuid16 & 0x00ff);
664 *ptr++ = (uuid16 & 0xff00) >> 8;
665 uuids_start[0] += sizeof(uuid16);
666 }
667
668 return ptr;
669}
670
cdf1963f
JH		 671static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
672{
673 u8 *ptr = data, *uuids_start = NULL;
674 struct bt_uuid *uuid;
675
676 if (len < 6)
677 return ptr;
678
679 list_for_each_entry(uuid, &hdev->uuids, list) {
680 if (uuid->size != 32)
681 continue;
682
683 if (!uuids_start) {
684 uuids_start = ptr;
685 uuids_start[0] = 1;
686 uuids_start[1] = EIR_UUID32_ALL;
687 ptr += 2;
688 }
689
690 /* Stop if not enough space to put next UUID */
691 if ((ptr - data) + sizeof(u32) > len) {
692 uuids_start[1] = EIR_UUID32_SOME;
693 break;
694 }
695
696 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
697 ptr += sizeof(u32);
698 uuids_start[0] += sizeof(u32);
699 }
700
701 return ptr;
702}
703
c00d575b
JH		 704static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
705{
706 u8 *ptr = data, *uuids_start = NULL;
707 struct bt_uuid *uuid;
708
709 if (len < 18)
710 return ptr;
711
712 list_for_each_entry(uuid, &hdev->uuids, list) {
713 if (uuid->size != 128)
714 continue;
715
716 if (!uuids_start) {
717 uuids_start = ptr;
718 uuids_start[0] = 1;
719 uuids_start[1] = EIR_UUID128_ALL;
720 ptr += 2;
721 }
722
723 /* Stop if not enough space to put next UUID */
724 if ((ptr - data) + 16 > len) {
725 uuids_start[1] = EIR_UUID128_SOME;
726 break;
727 }
728
729 memcpy(ptr, uuid->uuid, 16);
730 ptr += 16;
731 uuids_start[0] += 16;
732 }
733
734 return ptr;
735}
736
eb2a8d20
JH		 737static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
738{
739 struct pending_cmd *cmd;
740
741 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
742 if (cmd->opcode == opcode)
743 return cmd;
744 }
745
746 return NULL;
747}
748
95868426
JH		 749static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
750 struct hci_dev *hdev,
751 const void *data)
752{
753 struct pending_cmd *cmd;
754
755 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
756 if (cmd->user_data != data)
757 continue;
758 if (cmd->opcode == opcode)
759 return cmd;
760 }
761
762 return NULL;
763}
764
f14d8f64
MH		 765static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
766{
7a5f4990
MH		 767 u8 ad_len = 0;
768 size_t name_len;
769
770 name_len = strlen(hdev->dev_name);
771 if (name_len > 0) {
772 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
773
774 if (name_len > max_len) {
775 name_len = max_len;
776 ptr[1] = EIR_NAME_SHORT;
777 } else
778 ptr[1] = EIR_NAME_COMPLETE;
779
780 ptr[0] = name_len + 1;
781
782 memcpy(ptr + 2, hdev->dev_name, name_len);
783
784 ad_len += (name_len + 2);
785 ptr += (name_len + 2);
786 }
787
788 return ad_len;
f14d8f64
MH		 789}
790
791static void update_scan_rsp_data(struct hci_request *req)
792{
793 struct hci_dev *hdev = req->hdev;
794 struct hci_cp_le_set_scan_rsp_data cp;
795 u8 len;
796
7751ef1b 797 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 798 return;
799
800 memset(&cp, 0, sizeof(cp));
801
802 len = create_scan_rsp_data(hdev, cp.data);
803
eb438b5f
JH		 804 if (hdev->scan_rsp_data_len == len &&
805 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 806 return;
807
eb438b5f
JH		 808 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
809 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 810
811 cp.length = len;
812
813 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
814}
815
9a43e25f
JH		 816static u8 get_adv_discov_flags(struct hci_dev *hdev)
817{
818 struct pending_cmd *cmd;
819
820 /* If there's a pending mgmt command the flags will not yet have
821 * their final values, so check for this first.
822 */
823 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
824 if (cmd) {
825 struct mgmt_mode *cp = cmd->param;
826 if (cp->val == 0x01)
827 return LE_AD_GENERAL;
828 else if (cp->val == 0x02)
829 return LE_AD_LIMITED;
830 } else {
831 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
832 return LE_AD_LIMITED;
833 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
834 return LE_AD_GENERAL;
835 }
836
837 return 0;
838}
839
46cad2ed 840static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 841{
842 u8 ad_len = 0, flags = 0;
441ad2d0 843
9a43e25f 844 flags |= get_adv_discov_flags(hdev);
441ad2d0 845
e834004b 846 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 847 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 848
849 if (flags) {
850 BT_DBG("adv flags 0x%02x", flags);
851
852 ptr[0] = 2;
853 ptr[1] = EIR_FLAGS;
854 ptr[2] = flags;
855
856 ad_len += 3;
857 ptr += 3;
858 }
859
860 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
861 ptr[0] = 2;
862 ptr[1] = EIR_TX_POWER;
863 ptr[2] = (u8) hdev->adv_tx_power;
864
865 ad_len += 3;
866 ptr += 3;
867 }
868
441ad2d0
MH		 869 return ad_len;
870}
871
5947f4bc 872static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 873{
874 struct hci_dev *hdev = req->hdev;
875 struct hci_cp_le_set_adv_data cp;
876 u8 len;
877
10994ce6 878 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 879 return;
880
881 memset(&cp, 0, sizeof(cp));
882
46cad2ed 883 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 884
885 if (hdev->adv_data_len == len &&
886 memcmp(cp.data, hdev->adv_data, len) == 0)
887 return;
888
889 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
890 hdev->adv_data_len = len;
891
892 cp.length = len;
893
894 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
895}
896
ef580372
JH		 897static void create_eir(struct hci_dev *hdev, u8 *data)
898{
899 u8 *ptr = data;
ef580372
JH		 900 size_t name_len;
901
902 name_len = strlen(hdev->dev_name);
903
904 if (name_len > 0) {
905 /* EIR Data type */
906 if (name_len > 48) {
907 name_len = 48;
908 ptr[1] = EIR_NAME_SHORT;
909 } else
910 ptr[1] = EIR_NAME_COMPLETE;
911
912 /* EIR Data length */
913 ptr[0] = name_len + 1;
914
915 memcpy(ptr + 2, hdev->dev_name, name_len);
916
ef580372
JH		 917 ptr += (name_len + 2);
918 }
919
bbaf444a 920 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 921 ptr[0] = 2;
922 ptr[1] = EIR_TX_POWER;
923 ptr[2] = (u8) hdev->inq_tx_power;
924
91c4e9b1
MH		 925 ptr += 3;
926 }
927
2b9be137
MH		 928 if (hdev->devid_source > 0) {
929 ptr[0] = 9;
930 ptr[1] = EIR_DEVICE_ID;
931
932 put_unaligned_le16(hdev->devid_source, ptr + 2);
933 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
934 put_unaligned_le16(hdev->devid_product, ptr + 6);
935 put_unaligned_le16(hdev->devid_version, ptr + 8);
936
2b9be137
MH		 937 ptr += 10;
938 }
939
213202ed 940 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 941 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 942 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 943}
944
890ea898 945static void update_eir(struct hci_request *req)
ef580372 946{
890ea898 947 struct hci_dev *hdev = req->hdev;
ef580372
JH		 948 struct hci_cp_write_eir cp;
949
504c8dcd 950 if (!hdev_is_powered(hdev))
890ea898 951 return;
7770c4aa 952
976eb20e 953 if (!lmp_ext_inq_capable(hdev))
890ea898 954 return;
ef580372 955
84bde9d6 956 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 957 return;
ef580372 958
a8b2d5c2 959 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 960 return;
ef580372
JH		 961
962 memset(&cp, 0, sizeof(cp));
963
964 create_eir(hdev, cp.data);
965
966 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 967 return;
ef580372
JH		 968
969 memcpy(hdev->eir, cp.data, sizeof(cp.data));
970
890ea898 971 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 972}
973
974static u8 get_service_classes(struct hci_dev *hdev)
975{
976 struct bt_uuid *uuid;
977 u8 val = 0;
978
979 list_for_each_entry(uuid, &hdev->uuids, list)
980 val |= uuid->svc_hint;
981
982 return val;
983}
984
890ea898 985static void update_class(struct hci_request *req)
ef580372 986{
890ea898 987 struct hci_dev *hdev = req->hdev;
ef580372
JH		 988 u8 cod[3];
989
990 BT_DBG("%s", hdev->name);
991
504c8dcd 992 if (!hdev_is_powered(hdev))
890ea898 993 return;
7770c4aa 994
f87ea1da
JH		 995 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
996 return;
997
a8b2d5c2 998 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 999 return;
ef580372
JH		 1000
1001 cod[0] = hdev->minor_class;
1002 cod[1] = hdev->major_class;
1003 cod[2] = get_service_classes(hdev);
1004
6acd7db4
MH		 1005 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1006 cod[1] |= 0x20;
1007
ef580372 1008 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1009 return;
ef580372 1010
890ea898 1011 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1012}
1013
a4858cb9 1014static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1015{
1016 struct pending_cmd *cmd;
199a2fb1
JH		 1017
1018 /* If there's a pending mgmt command the flag will not yet have
1019 * it's final value, so check for this first.
1020 */
1021 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1022 if (cmd) {
1023 struct mgmt_mode *cp = cmd->param;
a4858cb9 1024 return cp->val;
199a2fb1
JH		 1025 }
1026
a4858cb9 1027 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1028}
1029
1030static void enable_advertising(struct hci_request *req)
1031{
1032 struct hci_dev *hdev = req->hdev;
1033 struct hci_cp_le_set_adv_param cp;
8f2a0601 1034 u8 own_addr_type, enable = 0x01;
a4858cb9 1035 bool connectable;
199a2fb1 1036
8d97250e
JH		 1037 /* Clear the HCI_ADVERTISING bit temporarily so that the
1038 * hci_update_random_address knows that it's safe to go ahead
1039 * and write a new random address. The flag will be set back on
1040 * as soon as the SET_ADV_ENABLE HCI command completes.
1041 */
1042 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1043
a4858cb9 1044 connectable = get_connectable(hdev);
8f2a0601 1045
a4858cb9
JH		 1046 /* Set require_privacy to true only when non-connectable
1047 * advertising is used. In that case it is fine to use a
1048 * non-resolvable private address.
1049 */
1050 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1051 return;
1052
41c90c18 1053 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1054 cp.min_interval = cpu_to_le16(0x0800);
1055 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1056 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1057 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1058 cp.channel_map = hdev->le_adv_channel_map;
1059
1060 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1061
1062 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1063}
1064
1065static void disable_advertising(struct hci_request *req)
1066{
1067 u8 enable = 0x00;
1068
1069 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1070}
1071
7d78525d
JH		 1072static void service_cache_off(struct work_struct *work)
1073{
1074 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1075 service_cache.work);
890ea898 1076 struct hci_request req;
7d78525d 1077
a8b2d5c2 1078 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1079 return;
1080
890ea898
JH		 1081 hci_req_init(&req, hdev);
1082
7d78525d
JH		 1083 hci_dev_lock(hdev);
1084
890ea898
JH		 1085 update_eir(&req);
1086 update_class(&req);
7d78525d
JH		 1087
1088 hci_dev_unlock(hdev);
890ea898
JH		 1089
1090 hci_req_run(&req, NULL);
7d78525d
JH		 1091}
1092
d6bfd59c
JH		 1093static void rpa_expired(struct work_struct *work)
1094{
1095 struct hci_dev *hdev = container_of(work, struct hci_dev,
1096 rpa_expired.work);
1097 struct hci_request req;
1098
1099 BT_DBG("");
1100
1101 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1102
1103 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
1104 hci_conn_num(hdev, LE_LINK) > 0)
1105 return;
1106
1107 /* The generation of a new RPA and programming it into the
1108 * controller happens in the enable_advertising() function.
1109 */
1110
1111 hci_req_init(&req, hdev);
1112
1113 disable_advertising(&req);
1114 enable_advertising(&req);
1115
1116 hci_req_run(&req, NULL);
1117}
1118
6a919082 1119static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1120{
4f87da80 1121 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1122 return;
1123
4f87da80 1124 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1125 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1126
4f87da80
JH		 1127 /* Non-mgmt controlled devices get this bit set
1128 * implicitly so that pairing works for them, however
1129 * for mgmt we require user-space to explicitly enable
1130 * it
1131 */
1132 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1133}
1134
0f4e68cf 1135static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1136 void *data, u16 data_len)
0381101f 1137{
a38528f1 1138 struct mgmt_rp_read_info rp;
f7b64e69 1139
bdb6d971 1140 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1141
09fd0de5 1142 hci_dev_lock(hdev);
f7b64e69 1143
dc4fe30b
JH		 1144 memset(&rp, 0, sizeof(rp));
1145
69ab39ea 1146 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1147
69ab39ea 1148 rp.version = hdev->hci_ver;
eb55ef07 1149 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1150
1151 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1152 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1153
a38528f1 1154 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1155
dc4fe30b 1156 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1157 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1158
09fd0de5 1159 hci_dev_unlock(hdev);
0381101f 1160
bdb6d971 1161 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1162 sizeof(rp));
0381101f
JH		 1163}
1164
eec8d2bc
JH		 1165static void mgmt_pending_free(struct pending_cmd *cmd)
1166{
1167 sock_put(cmd->sk);
c68fb7ff 1168 kfree(cmd->param);
eec8d2bc
JH		 1169 kfree(cmd);
1170}
1171
366a0336 1172static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1173 struct hci_dev *hdev, void *data,
1174 u16 len)
eec8d2bc
JH		 1175{
1176 struct pending_cmd *cmd;
1177
fca20018 1178 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1179 if (!cmd)
366a0336 1180 return NULL;
eec8d2bc
JH		 1181
1182 cmd->opcode = opcode;
2e58ef3e 1183 cmd->index = hdev->id;
eec8d2bc 1184
12b94565 1185 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1186 if (!cmd->param) {
eec8d2bc 1187 kfree(cmd);
366a0336 1188 return NULL;
eec8d2bc
JH		 1189 }
1190
8fce6357
SJ		 1191 if (data)
1192 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1193
1194 cmd->sk = sk;
1195 sock_hold(sk);
1196
2e58ef3e 1197 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1198
366a0336 1199 return cmd;
eec8d2bc
JH		 1200}
1201
744cf19e 1202static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1203 void (*cb)(struct pending_cmd *cmd,
1204 void *data),
04124681 1205 void *data)
eec8d2bc 1206{
a3d09356 1207 struct pending_cmd *cmd, *tmp;
eec8d2bc 1208
a3d09356 1209 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1210 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1211 continue;
1212
eec8d2bc
JH		 1213 cb(cmd, data);
1214 }
1215}
1216
a664b5bc 1217static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1218{
73f22f62
JH		 1219 list_del(&cmd->list);
1220 mgmt_pending_free(cmd);
1221}
1222
69ab39ea 1223static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1224{
69ab39ea 1225 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1226
aee9b218 1227 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1228 sizeof(settings));
8680570b
JH		 1229}
1230
8b064a3a
JH		 1231static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1232{
1233 BT_DBG("%s status 0x%02x", hdev->name, status);
1234
a3172b7e
JH		 1235 if (hci_conn_count(hdev) == 0) {
1236 cancel_delayed_work(&hdev->power_off);
8b064a3a 1237 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1238 }
8b064a3a
JH		 1239}
1240
21a60d30
JH		 1241static void hci_stop_discovery(struct hci_request *req)
1242{
1243 struct hci_dev *hdev = req->hdev;
1244 struct hci_cp_remote_name_req_cancel cp;
1245 struct inquiry_entry *e;
1246
1247 switch (hdev->discovery.state) {
1248 case DISCOVERY_FINDING:
1249 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1250 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1251 } else {
1252 cancel_delayed_work(&hdev->le_scan_disable);
1253 hci_req_add_le_scan_disable(req);
1254 }
1255
1256 break;
1257
1258 case DISCOVERY_RESOLVING:
1259 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1260 NAME_PENDING);
1261 if (!e)
1262 return;
1263
1264 bacpy(&cp.bdaddr, &e->data.bdaddr);
1265 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1266 &cp);
1267
1268 break;
1269
1270 default:
1271 /* Passive scanning */
1272 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1273 hci_req_add_le_scan_disable(req);
1274 break;
1275 }
1276}
1277
8b064a3a
JH		 1278static int clean_up_hci_state(struct hci_dev *hdev)
1279{
1280 struct hci_request req;
1281 struct hci_conn *conn;
1282
1283 hci_req_init(&req, hdev);
1284
1285 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1286 test_bit(HCI_PSCAN, &hdev->flags)) {
1287 u8 scan = 0x00;
1288 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1289 }
1290
1291 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1292 disable_advertising(&req);
1293
f8680f12 1294 hci_stop_discovery(&req);
8b064a3a
JH		 1295
1296 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1297 struct hci_cp_disconnect dc;
c9910d0f
JH		 1298 struct hci_cp_reject_conn_req rej;
1299
1300 switch (conn->state) {
1301 case BT_CONNECTED:
1302 case BT_CONFIG:
1303 dc.handle = cpu_to_le16(conn->handle);
1304 dc.reason = 0x15; /* Terminated due to Power Off */
1305 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1306 break;
1307 case BT_CONNECT:
1308 if (conn->type == LE_LINK)
1309 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1310 0, NULL);
1311 else if (conn->type == ACL_LINK)
1312 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1313 6, &conn->dst);
1314 break;
1315 case BT_CONNECT2:
1316 bacpy(&rej.bdaddr, &conn->dst);
1317 rej.reason = 0x15; /* Terminated due to Power Off */
1318 if (conn->type == ACL_LINK)
1319 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1320 sizeof(rej), &rej);
1321 else if (conn->type == SCO_LINK)
1322 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1323 sizeof(rej), &rej);
1324 break;
1325 }
8b064a3a
JH		 1326 }
1327
1328 return hci_req_run(&req, clean_up_hci_complete);
1329}
1330
bdb6d971 1331static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1332 u16 len)
eec8d2bc 1333{
650f726d 1334 struct mgmt_mode *cp = data;
366a0336 1335 struct pending_cmd *cmd;
4b34ee78 1336 int err;
eec8d2bc 1337
bdb6d971 1338 BT_DBG("request for %s", hdev->name);
eec8d2bc 1339
a7e80f25
JH		 1340 if (cp->val != 0x00 && cp->val != 0x01)
1341 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1342 MGMT_STATUS_INVALID_PARAMS);
1343
09fd0de5 1344 hci_dev_lock(hdev);
eec8d2bc 1345
87b95ba6
JH		 1346 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1347 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1348 MGMT_STATUS_BUSY);
1349 goto failed;
1350 }
1351
f0d4b78a
MH		 1352 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1353 cancel_delayed_work(&hdev->power_off);
1354
1355 if (cp->val) {
a1d70450
JH		 1356 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1357 data, len);
1358 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1359 goto failed;
1360 }
1361 }
1362
4b34ee78 1363 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1364 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1365 goto failed;
1366 }
1367
2e58ef3e 1368 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1369 if (!cmd) {
1370 err = -ENOMEM;
eec8d2bc 1371 goto failed;
366a0336 1372 }
eec8d2bc 1373
8b064a3a 1374 if (cp->val) {
19202573 1375 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1376 err = 0;
1377 } else {
1378 /* Disconnect connections, stop scans, etc */
1379 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1380 if (!err)
1381 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1382 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1383
8b064a3a
JH		 1384 /* ENODATA means there were no HCI commands queued */
1385 if (err == -ENODATA) {
a3172b7e 1386 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1387 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1388 err = 0;
1389 }
1390 }
eec8d2bc
JH		 1391
1392failed:
09fd0de5 1393 hci_dev_unlock(hdev);
366a0336 1394 return err;
eec8d2bc
JH		 1395}
1396
beadb2bd
JH		 1397static int new_settings(struct hci_dev *hdev, struct sock *skip)
1398{
1399 __le32 ev;
1400
1401 ev = cpu_to_le32(get_current_settings(hdev));
1402
1403 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1404}
1405
bd99abdd
JH		 1406struct cmd_lookup {
1407 struct sock *sk;
1408 struct hci_dev *hdev;
1409 u8 mgmt_status;
1410};
1411
1412static void settings_rsp(struct pending_cmd *cmd, void *data)
1413{
1414 struct cmd_lookup *match = data;
1415
1416 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1417
1418 list_del(&cmd->list);
1419
1420 if (match->sk == NULL) {
1421 match->sk = cmd->sk;
1422 sock_hold(match->sk);
1423 }
1424
1425 mgmt_pending_free(cmd);
1426}
1427
1428static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1429{
1430 u8 *status = data;
1431
1432 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1433 mgmt_pending_remove(cmd);
1434}
1435
e6fe7986
JH		 1436static u8 mgmt_bredr_support(struct hci_dev *hdev)
1437{
1438 if (!lmp_bredr_capable(hdev))
1439 return MGMT_STATUS_NOT_SUPPORTED;
1440 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1441 return MGMT_STATUS_REJECTED;
1442 else
1443 return MGMT_STATUS_SUCCESS;
1444}
1445
1446static u8 mgmt_le_support(struct hci_dev *hdev)
1447{
1448 if (!lmp_le_capable(hdev))
1449 return MGMT_STATUS_NOT_SUPPORTED;
1450 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1451 return MGMT_STATUS_REJECTED;
1452 else
1453 return MGMT_STATUS_SUCCESS;
1454}
1455
bfaf8c9f
JH		 1456static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1457{
1458 struct pending_cmd *cmd;
1459 struct mgmt_mode *cp;
970ba524 1460 struct hci_request req;
bfaf8c9f
JH		 1461 bool changed;
1462
1463 BT_DBG("status 0x%02x", status);
1464
1465 hci_dev_lock(hdev);
1466
1467 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1468 if (!cmd)
1469 goto unlock;
1470
1471 if (status) {
1472 u8 mgmt_err = mgmt_status(status);
1473 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1474 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1475 goto remove_cmd;
1476 }
1477
1478 cp = cmd->param;
d4462a07 1479 if (cp->val) {
bfaf8c9f
JH		 1480 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1481 &hdev->dev_flags);
d4462a07
MH		 1482
1483 if (hdev->discov_timeout > 0) {
1484 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1485 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1486 to);
1487 }
1488 } else {
bfaf8c9f
JH		 1489 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1490 &hdev->dev_flags);
d4462a07 1491 }
bfaf8c9f
JH		 1492
1493 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1494
1495 if (changed)
1496 new_settings(hdev, cmd->sk);
1497
970ba524
MH		 1498 /* When the discoverable mode gets changed, make sure
1499 * that class of device has the limited discoverable
1500 * bit correctly set.
1501 */
1502 hci_req_init(&req, hdev);
1503 update_class(&req);
1504 hci_req_run(&req, NULL);
1505
bfaf8c9f
JH		 1506remove_cmd:
1507 mgmt_pending_remove(cmd);
1508
1509unlock:
1510 hci_dev_unlock(hdev);
1511}
1512
bdb6d971 1513static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1514 u16 len)
73f22f62 1515{
650f726d 1516 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1517 struct pending_cmd *cmd;
bfaf8c9f 1518 struct hci_request req;
5e5282bb 1519 u16 timeout;
9a43e25f 1520 u8 scan;
73f22f62
JH		 1521 int err;
1522
bdb6d971 1523 BT_DBG("request for %s", hdev->name);
73f22f62 1524
9a43e25f
JH		 1525 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1526 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1527 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1528 MGMT_STATUS_REJECTED);
33c525c0 1529
310a3d48 1530 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1531 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1532 MGMT_STATUS_INVALID_PARAMS);
1533
1f350c87 1534 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1535
1536 /* Disabling discoverable requires that no timeout is set,
1537 * and enabling limited discoverable requires a timeout.
1538 */
1539 if ((cp->val == 0x00 && timeout > 0) ||
1540 (cp->val == 0x02 && timeout == 0))
bdb6d971 1541 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1542 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1543
09fd0de5 1544 hci_dev_lock(hdev);
73f22f62 1545
5e5282bb 1546 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1547 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1548 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1549 goto failed;
1550 }
1551
2e58ef3e 1552 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1553 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1554 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1555 MGMT_STATUS_BUSY);
73f22f62
JH		 1556 goto failed;
1557 }
1558
5e5282bb 1559 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1560 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1561 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1562 goto failed;
1563 }
1564
1565 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1566 bool changed = false;
1567
310a3d48
MH		 1568 /* Setting limited discoverable when powered off is
1569 * not a valid operation since it requires a timeout
1570 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1571 */
0224d2fa
JH		 1572 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1573 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1574 changed = true;
1575 }
1576
5e5282bb 1577 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1578 if (err < 0)
1579 goto failed;
1580
1581 if (changed)
1582 err = new_settings(hdev, sk);
1583
5e5282bb
JH		 1584 goto failed;
1585 }
1586
310a3d48
MH		 1587 /* If the current mode is the same, then just update the timeout
1588 * value with the new value. And if only the timeout gets updated,
1589 * then no need for any HCI transactions.
1590 */
1591 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1592 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1593 &hdev->dev_flags)) {
36261547
MH		 1594 cancel_delayed_work(&hdev->discov_off);
1595 hdev->discov_timeout = timeout;
955638ec 1596
36261547
MH		 1597 if (cp->val && hdev->discov_timeout > 0) {
1598 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1599 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1600 to);
955638ec
MH		 1601 }
1602
69ab39ea 1603 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1604 goto failed;
1605 }
1606
2e58ef3e 1607 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1608 if (!cmd) {
1609 err = -ENOMEM;
73f22f62 1610 goto failed;
366a0336 1611 }
73f22f62 1612
310a3d48
MH		 1613 /* Cancel any potential discoverable timeout that might be
1614 * still active and store new timeout value. The arming of
1615 * the timeout happens in the complete handler.
1616 */
1617 cancel_delayed_work(&hdev->discov_off);
1618 hdev->discov_timeout = timeout;
1619
b456f87c
JH		 1620 /* Limited discoverable mode */
1621 if (cp->val == 0x02)
1622 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1623 else
1624 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1625
bfaf8c9f
JH		 1626 hci_req_init(&req, hdev);
1627
9a43e25f
JH		 1628 /* The procedure for LE-only controllers is much simpler - just
1629 * update the advertising data.
1630 */
1631 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1632 goto update_ad;
1633
73f22f62
JH		 1634 scan = SCAN_PAGE;
1635
310a3d48
MH		 1636 if (cp->val) {
1637 struct hci_cp_write_current_iac_lap hci_cp;
1638
1639 if (cp->val == 0x02) {
1640 /* Limited discoverable mode */
33337dcb 1641 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1642 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1643 hci_cp.iac_lap[1] = 0x8b;
1644 hci_cp.iac_lap[2] = 0x9e;
1645 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1646 hci_cp.iac_lap[4] = 0x8b;
1647 hci_cp.iac_lap[5] = 0x9e;
1648 } else {
1649 /* General discoverable mode */
310a3d48
MH		 1650 hci_cp.num_iac = 1;
1651 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1652 hci_cp.iac_lap[1] = 0x8b;
1653 hci_cp.iac_lap[2] = 0x9e;
1654 }
1655
1656 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1657 (hci_cp.num_iac * 3) + 1, &hci_cp);
1658
73f22f62 1659 scan |= SCAN_INQUIRY;
310a3d48
MH		 1660 } else {
1661 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1662 }
73f22f62 1663
310a3d48 1664 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1665
9a43e25f
JH		 1666update_ad:
1667 update_adv_data(&req);
1668
bfaf8c9f 1669 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1670 if (err < 0)
a664b5bc 1671 mgmt_pending_remove(cmd);
73f22f62
JH		 1672
1673failed:
09fd0de5 1674 hci_dev_unlock(hdev);
73f22f62
JH		 1675 return err;
1676}
1677
406d7804
JH		 1678static void write_fast_connectable(struct hci_request *req, bool enable)
1679{
bd98b996 1680 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1681 struct hci_cp_write_page_scan_activity acp;
1682 u8 type;
1683
547003b1
JH		 1684 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1685 return;
1686
4c01f8b8
JH		 1687 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1688 return;
1689
406d7804
JH		 1690 if (enable) {
1691 type = PAGE_SCAN_TYPE_INTERLACED;
1692
1693 /* 160 msec page scan interval */
dcf4adbf 1694 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1695 } else {
1696 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1697
1698 /* default 1.28 sec page scan */
dcf4adbf 1699 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1700 }
1701
dcf4adbf 1702 acp.window = cpu_to_le16(0x0012);
406d7804 1703
bd98b996
JH		 1704 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1705 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1706 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1707 sizeof(acp), &acp);
1708
1709 if (hdev->page_scan_type != type)
1710 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1711}
1712
2b76f453
JH		 1713static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1714{
1715 struct pending_cmd *cmd;
d7b856f9
JH		 1716 struct mgmt_mode *cp;
1717 bool changed;
2b76f453
JH		 1718
1719 BT_DBG("status 0x%02x", status);
1720
1721 hci_dev_lock(hdev);
1722
1723 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1724 if (!cmd)
1725 goto unlock;
1726
37438c1f
JH		 1727 if (status) {
1728 u8 mgmt_err = mgmt_status(status);
1729 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1730 goto remove_cmd;
1731 }
1732
d7b856f9
JH		 1733 cp = cmd->param;
1734 if (cp->val)
1735 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1736 else
1737 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1738
2b76f453
JH		 1739 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1740
d7b856f9
JH		 1741 if (changed)
1742 new_settings(hdev, cmd->sk);
1743
37438c1f 1744remove_cmd:
2b76f453
JH		 1745 mgmt_pending_remove(cmd);
1746
1747unlock:
1748 hci_dev_unlock(hdev);
1749}
1750
e8ba3a1f
JH		 1751static int set_connectable_update_settings(struct hci_dev *hdev,
1752 struct sock *sk, u8 val)
1753{
1754 bool changed = false;
1755 int err;
1756
1757 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1758 changed = true;
1759
1760 if (val) {
1761 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1762 } else {
1763 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1764 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1765 }
1766
1767 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1768 if (err < 0)
1769 return err;
1770
1771 if (changed)
1772 return new_settings(hdev, sk);
1773
1774 return 0;
1775}
1776
bdb6d971 1777static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1778 u16 len)
9fbcbb45 1779{
650f726d 1780 struct mgmt_mode *cp = data;
366a0336 1781 struct pending_cmd *cmd;
2b76f453 1782 struct hci_request req;
1987fdc7 1783 u8 scan;
9fbcbb45
JH		 1784 int err;
1785
bdb6d971 1786 BT_DBG("request for %s", hdev->name);
9fbcbb45 1787
1987fdc7
JH		 1788 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1789 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1790 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1791 MGMT_STATUS_REJECTED);
33c525c0 1792
a7e80f25
JH		 1793 if (cp->val != 0x00 && cp->val != 0x01)
1794 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1795 MGMT_STATUS_INVALID_PARAMS);
1796
09fd0de5 1797 hci_dev_lock(hdev);
9fbcbb45 1798
4b34ee78 1799 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1800 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1801 goto failed;
1802 }
1803
2e58ef3e 1804 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1805 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1806 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1807 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1808 goto failed;
1809 }
1810
2e58ef3e 1811 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1812 if (!cmd) {
1813 err = -ENOMEM;
9fbcbb45 1814 goto failed;
366a0336 1815 }
9fbcbb45 1816
9b74246f 1817 hci_req_init(&req, hdev);
9fbcbb45 1818
9a43e25f
JH		 1819 /* If BR/EDR is not enabled and we disable advertising as a
1820 * by-product of disabling connectable, we need to update the
1821 * advertising flags.
1822 */
1823 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1824 if (!cp->val) {
1825 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1826 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1827 }
1828 update_adv_data(&req);
1829 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1830 if (cp->val) {
1831 scan = SCAN_PAGE;
1832 } else {
1833 scan = 0;
1834
1835 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1836 hdev->discov_timeout > 0)
9b74246f
JH		 1837 cancel_delayed_work(&hdev->discov_off);
1838 }
2b76f453 1839
9b74246f
JH		 1840 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1841 }
2b76f453 1842
4c01f8b8
JH		 1843 /* If we're going from non-connectable to connectable or
1844 * vice-versa when fast connectable is enabled ensure that fast
1845 * connectable gets disabled. write_fast_connectable won't do
1846 * anything if the page scan parameters are already what they
1847 * should be.
1848 */
1849 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1850 write_fast_connectable(&req, false);
1851
1987fdc7
JH		 1852 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1853 hci_conn_num(hdev, LE_LINK) == 0) {
1854 disable_advertising(&req);
1855 enable_advertising(&req);
1856 }
1857
2b76f453 1858 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1859 if (err < 0) {
a664b5bc 1860 mgmt_pending_remove(cmd);
9b74246f 1861 if (err == -ENODATA)
a81070ba
JH		 1862 err = set_connectable_update_settings(hdev, sk,
1863 cp->val);
9b74246f
JH		 1864 goto failed;
1865 }
9fbcbb45
JH		 1866
1867failed:
09fd0de5 1868 hci_dev_unlock(hdev);
9fbcbb45
JH		 1869 return err;
1870}
1871
bdb6d971 1872static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1873 u16 len)
c542a06c 1874{
650f726d 1875 struct mgmt_mode *cp = data;
55594356 1876 bool changed;
c542a06c
JH		 1877 int err;
1878
bdb6d971 1879 BT_DBG("request for %s", hdev->name);
c542a06c 1880
a7e80f25
JH		 1881 if (cp->val != 0x00 && cp->val != 0x01)
1882 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1883 MGMT_STATUS_INVALID_PARAMS);
1884
09fd0de5 1885 hci_dev_lock(hdev);
c542a06c
JH		 1886
1887 if (cp->val)
55594356 1888 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1889 else
55594356 1890 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1891
69ab39ea 1892 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1893 if (err < 0)
55594356 1894 goto unlock;
c542a06c 1895
55594356
MH		 1896 if (changed)
1897 err = new_settings(hdev, sk);
c542a06c 1898
55594356 1899unlock:
09fd0de5 1900 hci_dev_unlock(hdev);
c542a06c
JH		 1901 return err;
1902}
1903
04124681
GP		 1904static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1905 u16 len)
33ef95ed
JH		 1906{
1907 struct mgmt_mode *cp = data;
1908 struct pending_cmd *cmd;
e6fe7986 1909 u8 val, status;
33ef95ed
JH		 1910 int err;
1911
bdb6d971 1912 BT_DBG("request for %s", hdev->name);
33ef95ed 1913
e6fe7986
JH		 1914 status = mgmt_bredr_support(hdev);
1915 if (status)
33c525c0 1916 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1917 status);
33c525c0 1918
a7e80f25
JH		 1919 if (cp->val != 0x00 && cp->val != 0x01)
1920 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1921 MGMT_STATUS_INVALID_PARAMS);
1922
33ef95ed
JH		 1923 hci_dev_lock(hdev);
1924
4b34ee78 1925 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1926 bool changed = false;
1927
1928 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1929 &hdev->dev_flags)) {
47990ea0
JH		 1930 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1931 changed = true;
1932 }
1933
1934 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1935 if (err < 0)
1936 goto failed;
1937
1938 if (changed)
1939 err = new_settings(hdev, sk);
1940
33ef95ed
JH		 1941 goto failed;
1942 }
1943
1944 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1945 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1946 MGMT_STATUS_BUSY);
33ef95ed
JH		 1947 goto failed;
1948 }
1949
1950 val = !!cp->val;
1951
1952 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1953 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1954 goto failed;
1955 }
1956
1957 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1958 if (!cmd) {
1959 err = -ENOMEM;
1960 goto failed;
1961 }
1962
1963 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1964 if (err < 0) {
1965 mgmt_pending_remove(cmd);
1966 goto failed;
1967 }
1968
1969failed:
1970 hci_dev_unlock(hdev);
33ef95ed
JH		 1971 return err;
1972}
1973
bdb6d971 1974static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1975{
1976 struct mgmt_mode *cp = data;
1977 struct pending_cmd *cmd;
72ef0c1a 1978 u8 status;
ed2c4ee3
JH		 1979 int err;
1980
bdb6d971 1981 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1982
cdba5281
MH		 1983 status = mgmt_bredr_support(hdev);
1984 if (status)
1985 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1986
13ecd8b6
JH		 1987 if (!lmp_ssp_capable(hdev))
1988 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1989 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1990
a7e80f25
JH		 1991 if (cp->val != 0x00 && cp->val != 0x01)
1992 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1993 MGMT_STATUS_INVALID_PARAMS);
1994
13ecd8b6 1995 hci_dev_lock(hdev);
6c8f12c1 1996
4b34ee78 1997 if (!hdev_is_powered(hdev)) {
9ecb3e24 1998 bool changed;
c0ecddc2 1999
9ecb3e24
MH		 2000 if (cp->val) {
2001 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2002 &hdev->dev_flags);
2003 } else {
2004 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2005 &hdev->dev_flags);
2006 if (!changed)
2007 changed = test_and_clear_bit(HCI_HS_ENABLED,
2008 &hdev->dev_flags);
2009 else
2010 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2011 }
2012
2013 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2014 if (err < 0)
2015 goto failed;
2016
2017 if (changed)
2018 err = new_settings(hdev, sk);
2019
ed2c4ee3
JH		 2020 goto failed;
2021 }
2022
9ecb3e24
MH		 2023 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2024 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2025 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2026 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2027 goto failed;
2028 }
2029
72ef0c1a 2030 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2031 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2032 goto failed;
2033 }
2034
2035 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2036 if (!cmd) {
2037 err = -ENOMEM;
2038 goto failed;
2039 }
2040
3769972b
JH		 2041 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2042 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2043 sizeof(cp->val), &cp->val);
2044
72ef0c1a 2045 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2046 if (err < 0) {
2047 mgmt_pending_remove(cmd);
2048 goto failed;
2049 }
2050
2051failed:
2052 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2053 return err;
2054}
2055
bdb6d971 2056static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2057{
2058 struct mgmt_mode *cp = data;
ee392693 2059 bool changed;
e6fe7986 2060 u8 status;
ee392693 2061 int err;
6d80dfd0 2062
bdb6d971 2063 BT_DBG("request for %s", hdev->name);
6d80dfd0 2064
e6fe7986
JH		 2065 status = mgmt_bredr_support(hdev);
2066 if (status)
2067 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2068
9ecb3e24
MH		 2069 if (!lmp_ssp_capable(hdev))
2070 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2071 MGMT_STATUS_NOT_SUPPORTED);
2072
2073 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2074 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2075 MGMT_STATUS_REJECTED);
2076
a7e80f25
JH		 2077 if (cp->val != 0x00 && cp->val != 0x01)
2078 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2079 MGMT_STATUS_INVALID_PARAMS);
2080
ee392693
MH		 2081 hci_dev_lock(hdev);
2082
a0cdf960 2083 if (cp->val) {
ee392693 2084 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2085 } else {
2086 if (hdev_is_powered(hdev)) {
2087 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2088 MGMT_STATUS_REJECTED);
2089 goto unlock;
2090 }
2091
ee392693 2092 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2093 }
ee392693
MH		 2094
2095 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2096 if (err < 0)
2097 goto unlock;
2098
2099 if (changed)
2100 err = new_settings(hdev, sk);
6d80dfd0 2101
ee392693
MH		 2102unlock:
2103 hci_dev_unlock(hdev);
2104 return err;
6d80dfd0
JH		 2105}
2106
416a4ae5
JH		 2107static void le_enable_complete(struct hci_dev *hdev, u8 status)
2108{
2109 struct cmd_lookup match = { NULL, hdev };
2110
2111 if (status) {
2112 u8 mgmt_err = mgmt_status(status);
2113
2114 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2115 &mgmt_err);
2116 return;
2117 }
2118
2119 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2120
2121 new_settings(hdev, match.sk);
2122
2123 if (match.sk)
2124 sock_put(match.sk);
441ad2d0
MH		 2125
2126 /* Make sure the controller has a good default for
2127 * advertising data. Restrict the update to when LE
2128 * has actually been enabled. During power on, the
2129 * update in powered_update_hci will take care of it.
2130 */
2131 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2132 struct hci_request req;
2133
2134 hci_dev_lock(hdev);
2135
2136 hci_req_init(&req, hdev);
5947f4bc 2137 update_adv_data(&req);
f14d8f64 2138 update_scan_rsp_data(&req);
441ad2d0
MH		 2139 hci_req_run(&req, NULL);
2140
2141 hci_dev_unlock(hdev);
2142 }
416a4ae5
JH		 2143}
2144
bdb6d971 2145static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2146{
2147 struct mgmt_mode *cp = data;
2148 struct hci_cp_write_le_host_supported hci_cp;
2149 struct pending_cmd *cmd;
416a4ae5 2150 struct hci_request req;
06199cf8 2151 int err;
0b60eba1 2152 u8 val, enabled;
06199cf8 2153
bdb6d971 2154 BT_DBG("request for %s", hdev->name);
06199cf8 2155
13ecd8b6
JH		 2156 if (!lmp_le_capable(hdev))
2157 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2158 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2159
a7e80f25
JH		 2160 if (cp->val != 0x00 && cp->val != 0x01)
2161 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2162 MGMT_STATUS_INVALID_PARAMS);
2163
c73eee91 2164 /* LE-only devices do not allow toggling LE on/off */
56f87901 2165 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2166 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2167 MGMT_STATUS_REJECTED);
2168
13ecd8b6 2169 hci_dev_lock(hdev);
06199cf8
JH		 2170
2171 val = !!cp->val;
ffa88e02 2172 enabled = lmp_host_le_capable(hdev);
06199cf8 2173
0b60eba1 2174 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2175 bool changed = false;
2176
2177 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2178 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2179 changed = true;
2180 }
2181
f3d3444a
JH		 2182 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2183 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2184 changed = true;
2185 }
2186
06199cf8
JH		 2187 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2188 if (err < 0)
1de028ce 2189 goto unlock;
06199cf8
JH		 2190
2191 if (changed)
2192 err = new_settings(hdev, sk);
2193
1de028ce 2194 goto unlock;
06199cf8
JH		 2195 }
2196
4375f103
JH		 2197 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2198 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2199 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2200 MGMT_STATUS_BUSY);
1de028ce 2201 goto unlock;
06199cf8
JH		 2202 }
2203
2204 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2205 if (!cmd) {
2206 err = -ENOMEM;
1de028ce 2207 goto unlock;
06199cf8
JH		 2208 }
2209
441ad2d0
MH		 2210 hci_req_init(&req, hdev);
2211
06199cf8
JH		 2212 memset(&hci_cp, 0, sizeof(hci_cp));
2213
2214 if (val) {
2215 hci_cp.le = val;
ffa88e02 2216 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2217 } else {
2218 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2219 disable_advertising(&req);
06199cf8
JH		 2220 }
2221
416a4ae5
JH		 2222 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2223 &hci_cp);
2224
2225 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2226 if (err < 0)
06199cf8 2227 mgmt_pending_remove(cmd);
06199cf8 2228
1de028ce
JH		 2229unlock:
2230 hci_dev_unlock(hdev);
06199cf8
JH		 2231 return err;
2232}
2233
0cab9c80
JH		 2234/* This is a helper function to test for pending mgmt commands that can
2235 * cause CoD or EIR HCI commands. We can only allow one such pending
2236 * mgmt command at a time since otherwise we cannot easily track what
2237 * the current values are, will be, and based on that calculate if a new
2238 * HCI command needs to be sent and if yes with what value.
2239 */
2240static bool pending_eir_or_class(struct hci_dev *hdev)
2241{
2242 struct pending_cmd *cmd;
2243
2244 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2245 switch (cmd->opcode) {
2246 case MGMT_OP_ADD_UUID:
2247 case MGMT_OP_REMOVE_UUID:
2248 case MGMT_OP_SET_DEV_CLASS:
2249 case MGMT_OP_SET_POWERED:
2250 return true;
2251 }
2252 }
2253
2254 return false;
2255}
2256
83be8eca
JH		 2257static const u8 bluetooth_base_uuid[] = {
2258 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2259 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2260};
2261
2262static u8 get_uuid_size(const u8 *uuid)
2263{
2264 u32 val;
2265
2266 if (memcmp(uuid, bluetooth_base_uuid, 12))
2267 return 128;
2268
2269 val = get_unaligned_le32(&uuid[12]);
2270 if (val > 0xffff)
2271 return 32;
2272
2273 return 16;
2274}
2275
92da6097
JH		 2276static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2277{
2278 struct pending_cmd *cmd;
2279
2280 hci_dev_lock(hdev);
2281
2282 cmd = mgmt_pending_find(mgmt_op, hdev);
2283 if (!cmd)
2284 goto unlock;
2285
2286 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2287 hdev->dev_class, 3);
2288
2289 mgmt_pending_remove(cmd);
2290
2291unlock:
2292 hci_dev_unlock(hdev);
2293}
2294
2295static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2296{
2297 BT_DBG("status 0x%02x", status);
2298
2299 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2300}
2301
bdb6d971 2302static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2303{
650f726d 2304 struct mgmt_cp_add_uuid *cp = data;
90e70454 2305 struct pending_cmd *cmd;
890ea898 2306 struct hci_request req;
2aeb9a1a 2307 struct bt_uuid *uuid;
2aeb9a1a
JH		 2308 int err;
2309
bdb6d971 2310 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2311
09fd0de5 2312 hci_dev_lock(hdev);
2aeb9a1a 2313
0cab9c80 2314 if (pending_eir_or_class(hdev)) {
bdb6d971 2315 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2316 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2317 goto failed;
2318 }
2319
92c4c204 2320 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2321 if (!uuid) {
2322 err = -ENOMEM;
2323 goto failed;
2324 }
2325
2326 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2327 uuid->svc_hint = cp->svc_hint;
83be8eca 2328 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2329
de66aa63 2330 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2331
890ea898 2332 hci_req_init(&req, hdev);
1aff6f09 2333
890ea898
JH		 2334 update_class(&req);
2335 update_eir(&req);
2336
92da6097
JH		 2337 err = hci_req_run(&req, add_uuid_complete);
2338 if (err < 0) {
2339 if (err != -ENODATA)
2340 goto failed;
80a1e1db 2341
bdb6d971 2342 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2343 hdev->dev_class, 3);
90e70454
JH		 2344 goto failed;
2345 }
2346
2347 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2348 if (!cmd) {
90e70454 2349 err = -ENOMEM;
890ea898
JH		 2350 goto failed;
2351 }
2352
2353 err = 0;
2aeb9a1a
JH		 2354
2355failed:
09fd0de5 2356 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2357 return err;
2358}
2359
24b78d0f
JH		 2360static bool enable_service_cache(struct hci_dev *hdev)
2361{
2362 if (!hdev_is_powered(hdev))
2363 return false;
2364
2365 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2366 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2367 CACHE_TIMEOUT);
24b78d0f
JH		 2368 return true;
2369 }
2370
2371 return false;
2372}
2373
92da6097
JH		 2374static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2375{
2376 BT_DBG("status 0x%02x", status);
2377
2378 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2379}
2380
bdb6d971 2381static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2382 u16 len)
2aeb9a1a 2383{
650f726d 2384 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2385 struct pending_cmd *cmd;
056341c8 2386 struct bt_uuid *match, *tmp;
2aeb9a1a 2387 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2388 struct hci_request req;
2aeb9a1a
JH		 2389 int err, found;
2390
bdb6d971 2391 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2392
09fd0de5 2393 hci_dev_lock(hdev);
2aeb9a1a 2394
0cab9c80 2395 if (pending_eir_or_class(hdev)) {
bdb6d971 2396 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2397 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2398 goto unlock;
2399 }
2400
2aeb9a1a 2401 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2402 hci_uuids_clear(hdev);
4004b6d9 2403
24b78d0f 2404 if (enable_service_cache(hdev)) {
bdb6d971 2405 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2406 0, hdev->dev_class, 3);
24b78d0f
JH		 2407 goto unlock;
2408 }
4004b6d9 2409
9246a869 2410 goto update_class;
2aeb9a1a
JH		 2411 }
2412
2413 found = 0;
2414
056341c8 2415 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2416 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2417 continue;
2418
2419 list_del(&match->list);
482049f7 2420 kfree(match);
2aeb9a1a
JH		 2421 found++;
2422 }
2423
2424 if (found == 0) {
bdb6d971 2425 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2426 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2427 goto unlock;
2428 }
2429
9246a869 2430update_class:
890ea898 2431 hci_req_init(&req, hdev);
1aff6f09 2432
890ea898
JH		 2433 update_class(&req);
2434 update_eir(&req);
2435
92da6097
JH		 2436 err = hci_req_run(&req, remove_uuid_complete);
2437 if (err < 0) {
2438 if (err != -ENODATA)
2439 goto unlock;
80a1e1db 2440
bdb6d971 2441 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2442 hdev->dev_class, 3);
90e70454
JH		 2443 goto unlock;
2444 }
2445
2446 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2447 if (!cmd) {
90e70454 2448 err = -ENOMEM;
890ea898
JH		 2449 goto unlock;
2450 }
2451
2452 err = 0;
2aeb9a1a
JH		 2453
2454unlock:
09fd0de5 2455 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2456 return err;
2457}
2458
92da6097
JH		 2459static void set_class_complete(struct hci_dev *hdev, u8 status)
2460{
2461 BT_DBG("status 0x%02x", status);
2462
2463 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2464}
2465
bdb6d971 2466static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2467 u16 len)
1aff6f09 2468{
650f726d 2469 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2470 struct pending_cmd *cmd;
890ea898 2471 struct hci_request req;
1aff6f09
JH		 2472 int err;
2473
bdb6d971 2474 BT_DBG("request for %s", hdev->name);
1aff6f09 2475
6203fc98 2476 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2477 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2478 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2479
0cab9c80 2480 hci_dev_lock(hdev);
ee98f473 2481
0cab9c80
JH		 2482 if (pending_eir_or_class(hdev)) {
2483 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2484 MGMT_STATUS_BUSY);
2485 goto unlock;
2486 }
c95f0ba7 2487
0cab9c80
JH		 2488 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2489 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2490 MGMT_STATUS_INVALID_PARAMS);
2491 goto unlock;
2492 }
575b3a02 2493
932f5ff5
JH		 2494 hdev->major_class = cp->major;
2495 hdev->minor_class = cp->minor;
2496
b5235a65 2497 if (!hdev_is_powered(hdev)) {
bdb6d971 2498 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2499 hdev->dev_class, 3);
b5235a65
JH		 2500 goto unlock;
2501 }
2502
890ea898
JH		 2503 hci_req_init(&req, hdev);
2504
a8b2d5c2 2505 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2506 hci_dev_unlock(hdev);
2507 cancel_delayed_work_sync(&hdev->service_cache);
2508 hci_dev_lock(hdev);
890ea898 2509 update_eir(&req);
7d78525d 2510 }
14c0b608 2511
890ea898
JH		 2512 update_class(&req);
2513
92da6097
JH		 2514 err = hci_req_run(&req, set_class_complete);
2515 if (err < 0) {
2516 if (err != -ENODATA)
2517 goto unlock;
1aff6f09 2518
bdb6d971 2519 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2520 hdev->dev_class, 3);
90e70454
JH		 2521 goto unlock;
2522 }
2523
2524 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2525 if (!cmd) {
90e70454 2526 err = -ENOMEM;
890ea898
JH		 2527 goto unlock;
2528 }
2529
2530 err = 0;
1aff6f09 2531
b5235a65 2532unlock:
09fd0de5 2533 hci_dev_unlock(hdev);
1aff6f09
JH		 2534 return err;
2535}
2536
bdb6d971 2537static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2538 u16 len)
55ed8ca1 2539{
650f726d 2540 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2541 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2542 sizeof(struct mgmt_link_key_info));
4e51eae9 2543 u16 key_count, expected_len;
b1de97d8 2544 bool changed;
a492cd52 2545 int i;
55ed8ca1 2546
9060d5cf
MH		 2547 BT_DBG("request for %s", hdev->name);
2548
2549 if (!lmp_bredr_capable(hdev))
2550 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2551 MGMT_STATUS_NOT_SUPPORTED);
2552
1f350c87 2553 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2554 if (key_count > max_key_count) {
2555 BT_ERR("load_link_keys: too big key_count value %u",
2556 key_count);
2557 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2558 MGMT_STATUS_INVALID_PARAMS);
2559 }
55ed8ca1 2560
86742e1e
JH		 2561 expected_len = sizeof(*cp) + key_count *
2562 sizeof(struct mgmt_link_key_info);
a492cd52 2563 if (expected_len != len) {
86742e1e 2564 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2565 expected_len, len);
bdb6d971 2566 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2567 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2568 }
2569
4ae14301
JH		 2570 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2571 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2572 MGMT_STATUS_INVALID_PARAMS);
2573
bdb6d971 2574 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2575 key_count);
55ed8ca1 2576
4ee71b20
JH		 2577 for (i = 0; i < key_count; i++) {
2578 struct mgmt_link_key_info *key = &cp->keys[i];
2579
8e991132 2580 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2581 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2582 MGMT_STATUS_INVALID_PARAMS);
2583 }
2584
09fd0de5 2585 hci_dev_lock(hdev);
55ed8ca1
JH		 2586
2587 hci_link_keys_clear(hdev);
2588
55ed8ca1 2589 if (cp->debug_keys)
0663b297
JH		 2590 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2591 &hdev->dev_flags);
55ed8ca1 2592 else
0663b297
JH		 2593 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2594 &hdev->dev_flags);
b1de97d8
MH		 2595
2596 if (changed)
2597 new_settings(hdev, NULL);
55ed8ca1 2598
a492cd52 2599 for (i = 0; i < key_count; i++) {
86742e1e 2600 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2601
58e9293c
JH		 2602 /* Always ignore debug keys and require a new pairing if
2603 * the user wants to use them.
2604 */
2605 if (key->type == HCI_LK_DEBUG_COMBINATION)
2606 continue;
2607
7652ff6a
JH		 2608 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2609 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2610 }
2611
bdb6d971 2612 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2613
09fd0de5 2614 hci_dev_unlock(hdev);
55ed8ca1 2615
a492cd52 2616 return 0;
55ed8ca1
JH		 2617}
2618
b1078ad0 2619static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2620 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2621{
2622 struct mgmt_ev_device_unpaired ev;
2623
2624 bacpy(&ev.addr.bdaddr, bdaddr);
2625 ev.addr.type = addr_type;
2626
2627 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2628 skip_sk);
b1078ad0
JH		 2629}
2630
bdb6d971 2631static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2632 u16 len)
55ed8ca1 2633{
124f6e35
JH		 2634 struct mgmt_cp_unpair_device *cp = data;
2635 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2636 struct hci_cp_disconnect dc;
2637 struct pending_cmd *cmd;
55ed8ca1 2638 struct hci_conn *conn;
55ed8ca1
JH		 2639 int err;
2640
a8a1d19e 2641 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2642 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2643 rp.addr.type = cp->addr.type;
a8a1d19e 2644
4ee71b20
JH		 2645 if (!bdaddr_type_is_valid(cp->addr.type))
2646 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2647 MGMT_STATUS_INVALID_PARAMS,
2648 &rp, sizeof(rp));
2649
118da70b
JH		 2650 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2651 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2652 MGMT_STATUS_INVALID_PARAMS,
2653 &rp, sizeof(rp));
2654
4ee71b20
JH		 2655 hci_dev_lock(hdev);
2656
86a8cfc6 2657 if (!hdev_is_powered(hdev)) {
bdb6d971 2658 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2659 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2660 goto unlock;
2661 }
2662
e0b2b27e 2663 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2664 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2665 } else {
2666 u8 addr_type;
2667
2668 if (cp->addr.type == BDADDR_LE_PUBLIC)
2669 addr_type = ADDR_LE_DEV_PUBLIC;
2670 else
2671 addr_type = ADDR_LE_DEV_RANDOM;
2672
a7ec7338
JH		 2673 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2674
a9b0a04c
AG		 2675 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2676
e0b2b27e
JH		 2677 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2678 }
b0dbfb46 2679
55ed8ca1 2680 if (err < 0) {
bdb6d971 2681 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2682 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2683 goto unlock;
2684 }
2685
86a8cfc6 2686 if (cp->disconnect) {
591f47f3 2687 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2688 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2689 &cp->addr.bdaddr);
86a8cfc6
JH		 2690 else
2691 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2692 &cp->addr.bdaddr);
86a8cfc6
JH		 2693 } else {
2694 conn = NULL;
2695 }
124f6e35 2696
a8a1d19e 2697 if (!conn) {
bdb6d971 2698 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2699 &rp, sizeof(rp));
b1078ad0 2700 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2701 goto unlock;
2702 }
55ed8ca1 2703
124f6e35 2704 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2705 sizeof(*cp));
a8a1d19e
JH		 2706 if (!cmd) {
2707 err = -ENOMEM;
2708 goto unlock;
55ed8ca1
JH		 2709 }
2710
eb55ef07 2711 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2712 dc.reason = 0x13; /* Remote User Terminated Connection */
2713 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2714 if (err < 0)
2715 mgmt_pending_remove(cmd);
2716
55ed8ca1 2717unlock:
09fd0de5 2718 hci_dev_unlock(hdev);
55ed8ca1
JH		 2719 return err;
2720}
2721
bdb6d971 2722static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2723 u16 len)
8962ee74 2724{
650f726d 2725 struct mgmt_cp_disconnect *cp = data;
06a63b19 2726 struct mgmt_rp_disconnect rp;
8962ee74 2727 struct hci_cp_disconnect dc;
366a0336 2728 struct pending_cmd *cmd;
8962ee74 2729 struct hci_conn *conn;
8962ee74
JH		 2730 int err;
2731
2732 BT_DBG("");
2733
06a63b19
JH		 2734 memset(&rp, 0, sizeof(rp));
2735 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2736 rp.addr.type = cp->addr.type;
2737
4ee71b20 2738 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2739 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2740 MGMT_STATUS_INVALID_PARAMS,
2741 &rp, sizeof(rp));
4ee71b20 2742
09fd0de5 2743 hci_dev_lock(hdev);
8962ee74
JH		 2744
2745 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2746 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2747 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2748 goto failed;
2749 }
2750
2e58ef3e 2751 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2752 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2753 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2754 goto failed;
2755 }
2756
591f47f3 2757 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2758 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2759 &cp->addr.bdaddr);
88c3df13
JH		 2760 else
2761 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2762
f960727e 2763 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2764 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2765 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2766 goto failed;
2767 }
2768
2e58ef3e 2769 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2770 if (!cmd) {
2771 err = -ENOMEM;
8962ee74 2772 goto failed;
366a0336 2773 }
8962ee74 2774
eb55ef07 2775 dc.handle = cpu_to_le16(conn->handle);
3701f944 2776 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2777
2778 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2779 if (err < 0)
a664b5bc 2780 mgmt_pending_remove(cmd);
8962ee74
JH		 2781
2782failed:
09fd0de5 2783 hci_dev_unlock(hdev);
8962ee74
JH		 2784 return err;
2785}
2786
57c1477c 2787static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2788{
2789 switch (link_type) {
2790 case LE_LINK:
48264f06
JH		 2791 switch (addr_type) {
2792 case ADDR_LE_DEV_PUBLIC:
591f47f3 2793 return BDADDR_LE_PUBLIC;
0ed09148 2794
48264f06 2795 default:
0ed09148 2796 /* Fallback to LE Random address type */
591f47f3 2797 return BDADDR_LE_RANDOM;
48264f06 2798 }
0ed09148 2799
4c659c39 2800 default:
0ed09148 2801 /* Fallback to BR/EDR type */
591f47f3 2802 return BDADDR_BREDR;
4c659c39
JH		 2803 }
2804}
2805
04124681
GP		 2806static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2807 u16 data_len)
2784eb41 2808{
2784eb41 2809 struct mgmt_rp_get_connections *rp;
8035ded4 2810 struct hci_conn *c;
a38528f1 2811 size_t rp_len;
60fc5fb6
JH		 2812 int err;
2813 u16 i;
2784eb41
JH		 2814
2815 BT_DBG("");
2816
09fd0de5 2817 hci_dev_lock(hdev);
2784eb41 2818
5f97c1df 2819 if (!hdev_is_powered(hdev)) {
bdb6d971 2820 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2821 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2822 goto unlock;
2823 }
2824
60fc5fb6 2825 i = 0;
b644ba33
JH		 2826 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2827 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2828 i++;
2784eb41
JH		 2829 }
2830
60fc5fb6 2831 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2832 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2833 if (!rp) {
2784eb41
JH		 2834 err = -ENOMEM;
2835 goto unlock;
2836 }
2837
2784eb41 2838 i = 0;
4c659c39 2839 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2840 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2841 continue;
4c659c39 2842 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2843 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2844 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2845 continue;
2846 i++;
2847 }
2848
eb55ef07 2849 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2850
4c659c39
JH		 2851 /* Recalculate length in case of filtered SCO connections, etc */
2852 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2853
bdb6d971 2854 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2855 rp_len);
2784eb41 2856
a38528f1 2857 kfree(rp);
5f97c1df
JH		 2858
2859unlock:
09fd0de5 2860 hci_dev_unlock(hdev);
2784eb41
JH		 2861 return err;
2862}
2863
bdb6d971 2864static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2865 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2866{
2867 struct pending_cmd *cmd;
2868 int err;
2869
2e58ef3e 2870 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2871 sizeof(*cp));
96d97a67
WR		 2872 if (!cmd)
2873 return -ENOMEM;
2874
d8457698 2875 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2876 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2877 if (err < 0)
2878 mgmt_pending_remove(cmd);
2879
2880 return err;
2881}
2882
bdb6d971 2883static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2884 u16 len)
980e1a53 2885{
96d97a67 2886 struct hci_conn *conn;
650f726d 2887 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2888 struct hci_cp_pin_code_reply reply;
366a0336 2889 struct pending_cmd *cmd;
980e1a53
JH		 2890 int err;
2891
2892 BT_DBG("");
2893
09fd0de5 2894 hci_dev_lock(hdev);
980e1a53 2895
4b34ee78 2896 if (!hdev_is_powered(hdev)) {
bdb6d971 2897 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2898 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2899 goto failed;
2900 }
2901
d8457698 2902 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2903 if (!conn) {
bdb6d971 2904 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2905 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2906 goto failed;
2907 }
2908
2909 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2910 struct mgmt_cp_pin_code_neg_reply ncp;
2911
2912 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2913
2914 BT_ERR("PIN code is not 16 bytes long");
2915
bdb6d971 2916 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2917 if (err >= 0)
bdb6d971 2918 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2919 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2920
2921 goto failed;
2922 }
2923
00abfe44 2924 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2925 if (!cmd) {
2926 err = -ENOMEM;
980e1a53 2927 goto failed;
366a0336 2928 }
980e1a53 2929
d8457698 2930 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2931 reply.pin_len = cp->pin_len;
24718ca5 2932 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2933
2934 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2935 if (err < 0)
a664b5bc 2936 mgmt_pending_remove(cmd);
980e1a53
JH		 2937
2938failed:
09fd0de5 2939 hci_dev_unlock(hdev);
980e1a53
JH		 2940 return err;
2941}
2942
04124681
GP		 2943static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2944 u16 len)
17fa4b9d 2945{
650f726d 2946 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2947
2948 BT_DBG("");
2949
4ec86d4c
JH		 2950 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2951 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2952 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2953
09fd0de5 2954 hci_dev_lock(hdev);
17fa4b9d
JH		 2955
2956 hdev->io_capability = cp->io_capability;
2957
2958 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2959 hdev->io_capability);
17fa4b9d 2960
09fd0de5 2961 hci_dev_unlock(hdev);
17fa4b9d 2962
04124681
GP		 2963 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2964 0);
17fa4b9d
JH		 2965}
2966
6039aa73 2967static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2968{
2969 struct hci_dev *hdev = conn->hdev;
8035ded4 2970 struct pending_cmd *cmd;
e9a416b5 2971
2e58ef3e 2972 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2973 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2974 continue;
2975
e9a416b5
JH		 2976 if (cmd->user_data != conn)
2977 continue;
2978
2979 return cmd;
2980 }
2981
2982 return NULL;
2983}
2984
2985static void pairing_complete(struct pending_cmd *cmd, u8 status)
2986{
2987 struct mgmt_rp_pair_device rp;
2988 struct hci_conn *conn = cmd->user_data;
2989
61b1a7fb
JH		 2990 bacpy(&rp.addr.bdaddr, &conn->dst);
2991 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2992
aee9b218 2993 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2994 &rp, sizeof(rp));
e9a416b5
JH		 2995
2996 /* So we don't get further callbacks for this connection */
2997 conn->connect_cfm_cb = NULL;
2998 conn->security_cfm_cb = NULL;
2999 conn->disconn_cfm_cb = NULL;
3000
76a68ba0 3001 hci_conn_drop(conn);
e9a416b5 3002
a664b5bc 3003 mgmt_pending_remove(cmd);
e9a416b5
JH		 3004}
3005
f4a407be
JH		 3006void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3007{
3008 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3009 struct pending_cmd *cmd;
3010
3011 cmd = find_pairing(conn);
3012 if (cmd)
3013 pairing_complete(cmd, status);
3014}
3015
e9a416b5
JH		 3016static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3017{
3018 struct pending_cmd *cmd;
3019
3020 BT_DBG("status %u", status);
3021
3022 cmd = find_pairing(conn);
56e5cb86 3023 if (!cmd)
e9a416b5 3024 BT_DBG("Unable to find a pending command");
56e5cb86 3025 else
e211326c 3026 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3027}
3028
f4a407be 3029static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3030{
3031 struct pending_cmd *cmd;
3032
3033 BT_DBG("status %u", status);
3034
3035 if (!status)
3036 return;
3037
3038 cmd = find_pairing(conn);
3039 if (!cmd)
3040 BT_DBG("Unable to find a pending command");
3041 else
3042 pairing_complete(cmd, mgmt_status(status));
3043}
3044
bdb6d971 3045static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3046 u16 len)
e9a416b5 3047{
650f726d 3048 struct mgmt_cp_pair_device *cp = data;
1425acb7 3049 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3050 struct pending_cmd *cmd;
3051 u8 sec_level, auth_type;
3052 struct hci_conn *conn;
e9a416b5
JH		 3053 int err;
3054
3055 BT_DBG("");
3056
f950a30e
SJ		 3057 memset(&rp, 0, sizeof(rp));
3058 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3059 rp.addr.type = cp->addr.type;
3060
4ee71b20
JH		 3061 if (!bdaddr_type_is_valid(cp->addr.type))
3062 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3063 MGMT_STATUS_INVALID_PARAMS,
3064 &rp, sizeof(rp));
3065
4ec86d4c
JH		 3066 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3067 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3068 MGMT_STATUS_INVALID_PARAMS,
3069 &rp, sizeof(rp));
3070
09fd0de5 3071 hci_dev_lock(hdev);
e9a416b5 3072
5f97c1df 3073 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3074 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3075 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3076 goto unlock;
3077 }
3078
c908df36 3079 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3080 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3081
6f77d8c7 3082 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3083 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3084 auth_type);
6f77d8c7
AG		 3085 } else {
3086 u8 addr_type;
3087
3088 /* Convert from L2CAP channel address type to HCI address type
3089 */
3090 if (cp->addr.type == BDADDR_LE_PUBLIC)
3091 addr_type = ADDR_LE_DEV_PUBLIC;
3092 else
3093 addr_type = ADDR_LE_DEV_RANDOM;
3094
7c264b10
MH		 3095 /* When pairing a new device, it is expected to remember
3096 * this device for future connections. Adding the connection
3097 * parameter information ahead of time allows tracking
3098 * of the slave preferred values and will speed up any
3099 * further connection establishment.
3100 *
3101 * If connection parameters already exist, then they
3102 * will be kept and this function does nothing.
3103 */
3104 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3105
6f77d8c7 3106 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 3107 sec_level, auth_type);
6f77d8c7 3108 }
7a512d01 3109
30e76272 3110 if (IS_ERR(conn)) {
489dc48e
AK		 3111 int status;
3112
3113 if (PTR_ERR(conn) == -EBUSY)
3114 status = MGMT_STATUS_BUSY;
3115 else
3116 status = MGMT_STATUS_CONNECT_FAILED;
3117
bdb6d971 3118 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3119 status, &rp,
04124681 3120 sizeof(rp));
e9a416b5
JH		 3121 goto unlock;
3122 }
3123
3124 if (conn->connect_cfm_cb) {
76a68ba0 3125 hci_conn_drop(conn);
bdb6d971 3126 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3127 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3128 goto unlock;
3129 }
3130
2e58ef3e 3131 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3132 if (!cmd) {
3133 err = -ENOMEM;
76a68ba0 3134 hci_conn_drop(conn);
e9a416b5
JH		 3135 goto unlock;
3136 }
3137
7a512d01 3138 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3139 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3140 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3141 conn->security_cfm_cb = pairing_complete_cb;
3142 conn->disconn_cfm_cb = pairing_complete_cb;
3143 } else {
3144 conn->connect_cfm_cb = le_pairing_complete_cb;
3145 conn->security_cfm_cb = le_pairing_complete_cb;
3146 conn->disconn_cfm_cb = le_pairing_complete_cb;
3147 }
7a512d01 3148
e9a416b5
JH		 3149 conn->io_capability = cp->io_cap;
3150 cmd->user_data = conn;
3151
3152 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3153 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3154 pairing_complete(cmd, 0);
3155
3156 err = 0;
3157
3158unlock:
09fd0de5 3159 hci_dev_unlock(hdev);
e9a416b5
JH		 3160 return err;
3161}
3162
04124681
GP		 3163static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3164 u16 len)
28424707 3165{
0f4e68cf 3166 struct mgmt_addr_info *addr = data;
28424707
JH		 3167 struct pending_cmd *cmd;
3168 struct hci_conn *conn;
3169 int err;
3170
3171 BT_DBG("");
3172
28424707
JH		 3173 hci_dev_lock(hdev);
3174
5f97c1df 3175 if (!hdev_is_powered(hdev)) {
bdb6d971 3176 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3177 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3178 goto unlock;
3179 }
3180
28424707
JH		 3181 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3182 if (!cmd) {
bdb6d971 3183 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3184 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3185 goto unlock;
3186 }
3187
3188 conn = cmd->user_data;
3189
3190 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3191 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3192 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3193 goto unlock;
3194 }
3195
3196 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3197
bdb6d971 3198 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3199 addr, sizeof(*addr));
28424707
JH		 3200unlock:
3201 hci_dev_unlock(hdev);
28424707
JH		 3202 return err;
3203}
3204
bdb6d971 3205static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3206 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3207 u16 hci_op, __le32 passkey)
a5c29683 3208{
a5c29683 3209 struct pending_cmd *cmd;
0df4c185 3210 struct hci_conn *conn;
a5c29683
JH		 3211 int err;
3212
09fd0de5 3213 hci_dev_lock(hdev);
08ba5382 3214
4b34ee78 3215 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3216 err = cmd_complete(sk, hdev->id, mgmt_op,
3217 MGMT_STATUS_NOT_POWERED, addr,
3218 sizeof(*addr));
0df4c185 3219 goto done;
a5c29683
JH		 3220 }
3221
1707c60e
JH		 3222 if (addr->type == BDADDR_BREDR)
3223 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3224 else
1707c60e 3225 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3226
3227 if (!conn) {
feb94d3d
JH		 3228 err = cmd_complete(sk, hdev->id, mgmt_op,
3229 MGMT_STATUS_NOT_CONNECTED, addr,
3230 sizeof(*addr));
272d90df
JH		 3231 goto done;
3232 }
47c15e2b 3233
1707c60e 3234 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3235 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3236 if (!err)
feb94d3d
JH		 3237 err = cmd_complete(sk, hdev->id, mgmt_op,
3238 MGMT_STATUS_SUCCESS, addr,
3239 sizeof(*addr));
5fe57d9e 3240 else
feb94d3d
JH		 3241 err = cmd_complete(sk, hdev->id, mgmt_op,
3242 MGMT_STATUS_FAILED, addr,
3243 sizeof(*addr));
47c15e2b 3244
47c15e2b
BG		 3245 goto done;
3246 }
3247
1707c60e 3248 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3249 if (!cmd) {
3250 err = -ENOMEM;
0df4c185 3251 goto done;
a5c29683
JH		 3252 }
3253
0df4c185 3254 /* Continue with pairing via HCI */
604086b7
BG		 3255 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3256 struct hci_cp_user_passkey_reply cp;
3257
1707c60e 3258 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3259 cp.passkey = passkey;
3260 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3261 } else
1707c60e
JH		 3262 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3263 &addr->bdaddr);
604086b7 3264
a664b5bc
JH		 3265 if (err < 0)
3266 mgmt_pending_remove(cmd);
a5c29683 3267
0df4c185 3268done:
09fd0de5 3269 hci_dev_unlock(hdev);
a5c29683
JH		 3270 return err;
3271}
3272
afeb019d
JK		 3273static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3274 void *data, u16 len)
3275{
3276 struct mgmt_cp_pin_code_neg_reply *cp = data;
3277
3278 BT_DBG("");
3279
1707c60e 3280 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3281 MGMT_OP_PIN_CODE_NEG_REPLY,
3282 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3283}
3284
04124681
GP		 3285static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3286 u16 len)
0df4c185 3287{
650f726d 3288 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3289
3290 BT_DBG("");
3291
3292 if (len != sizeof(*cp))
bdb6d971 3293 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3294 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3295
1707c60e 3296 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3297 MGMT_OP_USER_CONFIRM_REPLY,
3298 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3299}
3300
bdb6d971 3301static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3302 void *data, u16 len)
0df4c185 3303{
c9c2659f 3304 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3305
3306 BT_DBG("");
3307
1707c60e 3308 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3309 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3310 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3311}
3312
04124681
GP		 3313static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3314 u16 len)
604086b7 3315{
650f726d 3316 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3317
3318 BT_DBG("");
3319
1707c60e 3320 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3321 MGMT_OP_USER_PASSKEY_REPLY,
3322 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3323}
3324
bdb6d971 3325static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3326 void *data, u16 len)
604086b7 3327{
650f726d 3328 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3329
3330 BT_DBG("");
3331
1707c60e 3332 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3333 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3334 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3335}
3336
13928971 3337static void update_name(struct hci_request *req)
2b4bf397 3338{
13928971 3339 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3340 struct hci_cp_write_local_name cp;
3341
13928971 3342 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3343
890ea898 3344 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3345}
3346
13928971
JH		 3347static void set_name_complete(struct hci_dev *hdev, u8 status)
3348{
3349 struct mgmt_cp_set_local_name *cp;
3350 struct pending_cmd *cmd;
3351
3352 BT_DBG("status 0x%02x", status);
3353
3354 hci_dev_lock(hdev);
3355
3356 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3357 if (!cmd)
3358 goto unlock;
3359
3360 cp = cmd->param;
3361
3362 if (status)
3363 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3364 mgmt_status(status));
3365 else
3366 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3367 cp, sizeof(*cp));
3368
3369 mgmt_pending_remove(cmd);
3370
3371unlock:
3372 hci_dev_unlock(hdev);
3373}
3374
bdb6d971 3375static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3376 u16 len)
b312b161 3377{
2b4bf397 3378 struct mgmt_cp_set_local_name *cp = data;
b312b161 3379 struct pending_cmd *cmd;
890ea898 3380 struct hci_request req;
b312b161
JH		 3381 int err;
3382
3383 BT_DBG("");
3384
09fd0de5 3385 hci_dev_lock(hdev);
b312b161 3386
b3f2ca94
JH		 3387 /* If the old values are the same as the new ones just return a
3388 * direct command complete event.
3389 */
3390 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3391 !memcmp(hdev->short_name, cp->short_name,
3392 sizeof(hdev->short_name))) {
3393 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3394 data, len);
3395 goto failed;
3396 }
3397
2b4bf397 3398 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3399
b5235a65 3400 if (!hdev_is_powered(hdev)) {
2b4bf397 3401 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3402
3403 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3404 data, len);
28cc7bde
JH		 3405 if (err < 0)
3406 goto failed;
3407
3408 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3409 sk);
28cc7bde 3410
b5235a65
JH		 3411 goto failed;
3412 }
3413
28cc7bde 3414 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3415 if (!cmd) {
3416 err = -ENOMEM;
3417 goto failed;
3418 }
3419
13928971
JH		 3420 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3421
890ea898 3422 hci_req_init(&req, hdev);
3f985050
JH		 3423
3424 if (lmp_bredr_capable(hdev)) {
3425 update_name(&req);
3426 update_eir(&req);
3427 }
3428
7a5f4990
MH		 3429 /* The name is stored in the scan response data and so
3430 * no need to udpate the advertising data here.
3431 */
3f985050 3432 if (lmp_le_capable(hdev))
7a5f4990 3433 update_scan_rsp_data(&req);
3f985050 3434
13928971 3435 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3436 if (err < 0)
3437 mgmt_pending_remove(cmd);
3438
3439failed:
09fd0de5 3440 hci_dev_unlock(hdev);
b312b161
JH		 3441 return err;
3442}
3443
0f4e68cf 3444static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3445 void *data, u16 data_len)
c35938b2 3446{
c35938b2
SJ		 3447 struct pending_cmd *cmd;
3448 int err;
3449
bdb6d971 3450 BT_DBG("%s", hdev->name);
c35938b2 3451
09fd0de5 3452 hci_dev_lock(hdev);
c35938b2 3453
4b34ee78 3454 if (!hdev_is_powered(hdev)) {
bdb6d971 3455 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3456 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3457 goto unlock;
3458 }
3459
9a1a1996 3460 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3461 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3462 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3463 goto unlock;
3464 }
3465
2e58ef3e 3466 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3467 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3468 MGMT_STATUS_BUSY);
c35938b2
SJ		 3469 goto unlock;
3470 }
3471
2e58ef3e 3472 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3473 if (!cmd) {
3474 err = -ENOMEM;
3475 goto unlock;
3476 }
3477
4d2d2796
MH		 3478 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3479 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3480 0, NULL);
3481 else
3482 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3483
c35938b2
SJ		 3484 if (err < 0)
3485 mgmt_pending_remove(cmd);
3486
3487unlock:
09fd0de5 3488 hci_dev_unlock(hdev);
c35938b2
SJ		 3489 return err;
3490}
3491
bdb6d971 3492static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3493 void *data, u16 len)
2763eda6 3494{
2763eda6
SJ		 3495 int err;
3496
bdb6d971 3497 BT_DBG("%s ", hdev->name);
2763eda6 3498
09fd0de5 3499 hci_dev_lock(hdev);
2763eda6 3500
ec109113
MH		 3501 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3502 struct mgmt_cp_add_remote_oob_data *cp = data;
3503 u8 status;
bf1e3541 3504
ec109113
MH		 3505 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3506 cp->hash, cp->randomizer);
3507 if (err < 0)
3508 status = MGMT_STATUS_FAILED;
3509 else
3510 status = MGMT_STATUS_SUCCESS;
3511
3512 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3513 status, &cp->addr, sizeof(cp->addr));
3514 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3515 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3516 u8 status;
3517
3518 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3519 cp->hash192,
3520 cp->randomizer192,
3521 cp->hash256,
3522 cp->randomizer256);
3523 if (err < 0)
3524 status = MGMT_STATUS_FAILED;
3525 else
3526 status = MGMT_STATUS_SUCCESS;
3527
3528 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3529 status, &cp->addr, sizeof(cp->addr));
3530 } else {
3531 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3532 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3533 MGMT_STATUS_INVALID_PARAMS);
3534 }
2763eda6 3535
09fd0de5 3536 hci_dev_unlock(hdev);
2763eda6
SJ		 3537 return err;
3538}
3539
bdb6d971 3540static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3541 void *data, u16 len)
2763eda6 3542{
650f726d 3543 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3544 u8 status;
2763eda6
SJ		 3545 int err;
3546
bdb6d971 3547 BT_DBG("%s", hdev->name);
2763eda6 3548
09fd0de5 3549 hci_dev_lock(hdev);
2763eda6 3550
664ce4cc 3551 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3552 if (err < 0)
bf1e3541 3553 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3554 else
a6785be2 3555 status = MGMT_STATUS_SUCCESS;
bf1e3541 3556
bdb6d971 3557 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3558 status, &cp->addr, sizeof(cp->addr));
2763eda6 3559
09fd0de5 3560 hci_dev_unlock(hdev);
2763eda6
SJ		 3561 return err;
3562}
3563
41dc2bd6
AG		 3564static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3565{
3566 struct pending_cmd *cmd;
3567 u8 type;
3568 int err;
3569
3570 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3571
3572 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3573 if (!cmd)
3574 return -ENOENT;
3575
3576 type = hdev->discovery.type;
3577
3578 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3579 &type, sizeof(type));
3580 mgmt_pending_remove(cmd);
3581
3582 return err;
3583}
3584
7c307720
AG		 3585static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3586{
ae55f598
LR		 3587 unsigned long timeout = 0;
3588
7c307720
AG		 3589 BT_DBG("status %d", status);
3590
3591 if (status) {
3592 hci_dev_lock(hdev);
3593 mgmt_start_discovery_failed(hdev, status);
3594 hci_dev_unlock(hdev);
3595 return;
3596 }
3597
3598 hci_dev_lock(hdev);
3599 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3600 hci_dev_unlock(hdev);
3601
3602 switch (hdev->discovery.type) {
3603 case DISCOV_TYPE_LE:
3d5a76f0 3604 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3605 break;
3606
3607 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3608 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3609 break;
3610
3611 case DISCOV_TYPE_BREDR:
3612 break;
3613
3614 default:
3615 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3616 }
ae55f598
LR		 3617
3618 if (!timeout)
3619 return;
3620
3621 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3622}
3623
bdb6d971 3624static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3625 void *data, u16 len)
14a53664 3626{
650f726d 3627 struct mgmt_cp_start_discovery *cp = data;
14a53664 3628 struct pending_cmd *cmd;
7c307720
AG		 3629 struct hci_cp_le_set_scan_param param_cp;
3630 struct hci_cp_le_set_scan_enable enable_cp;
3631 struct hci_cp_inquiry inq_cp;
3632 struct hci_request req;
3633 /* General inquiry access code (GIAC) */
3634 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3635 u8 status, own_addr_type;
14a53664
JH		 3636 int err;
3637
bdb6d971 3638 BT_DBG("%s", hdev->name);
14a53664 3639
09fd0de5 3640 hci_dev_lock(hdev);
14a53664 3641
4b34ee78 3642 if (!hdev_is_powered(hdev)) {
bdb6d971 3643 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3644 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3645 goto failed;
3646 }
3647
642be6c7
AG		 3648 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3649 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3650 MGMT_STATUS_BUSY);
3651 goto failed;
3652 }
3653
ff9ef578 3654 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3655 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3656 MGMT_STATUS_BUSY);
ff9ef578
JH		 3657 goto failed;
3658 }
3659
2e58ef3e 3660 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3661 if (!cmd) {
3662 err = -ENOMEM;
3663 goto failed;
3664 }
3665
4aab14e5
AG		 3666 hdev->discovery.type = cp->type;
3667
7c307720
AG		 3668 hci_req_init(&req, hdev);
3669
4aab14e5 3670 switch (hdev->discovery.type) {
f39799f5 3671 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3672 status = mgmt_bredr_support(hdev);
3673 if (status) {
04106755 3674 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3675 status);
04106755
JH		 3676 mgmt_pending_remove(cmd);
3677 goto failed;
3678 }
3679
7c307720
AG		 3680 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3681 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3682 MGMT_STATUS_BUSY);
3683 mgmt_pending_remove(cmd);
3684 goto failed;
3685 }
3686
3687 hci_inquiry_cache_flush(hdev);
3688
3689 memset(&inq_cp, 0, sizeof(inq_cp));
3690 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3691 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3692 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3693 break;
3694
3695 case DISCOV_TYPE_LE:
7c307720 3696 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3697 status = mgmt_le_support(hdev);
3698 if (status) {
04106755 3699 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3700 status);
04106755
JH		 3701 mgmt_pending_remove(cmd);
3702 goto failed;
3703 }
3704
7c307720 3705 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3706 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3707 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3708 MGMT_STATUS_NOT_SUPPORTED);
3709 mgmt_pending_remove(cmd);
3710 goto failed;
3711 }
3712
f3d3444a 3713 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3714 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3715 MGMT_STATUS_REJECTED);
3716 mgmt_pending_remove(cmd);
3717 goto failed;
3718 }
3719
c54c3860
AG		 3720 /* If controller is scanning, it means the background scanning
3721 * is running. Thus, we should temporarily stop it in order to
3722 * set the discovery scanning parameters.
3723 */
3724 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3725 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3726
3727 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3728
94b1fc92
MH		 3729 /* All active scans will be done with either a resolvable
3730 * private address (when privacy feature has been enabled)
3731 * or unresolvable private address.
3732 */
3733 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3734 if (err < 0) {
3735 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3736 MGMT_STATUS_FAILED);
3737 mgmt_pending_remove(cmd);
3738 goto failed;
3739 }
3740
7c307720 3741 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3742 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3743 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3744 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3745 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3746 &param_cp);
3747
3748 memset(&enable_cp, 0, sizeof(enable_cp));
3749 enable_cp.enable = LE_SCAN_ENABLE;
3750 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3751 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3752 &enable_cp);
5e0452c0
AG		 3753 break;
3754
f39799f5 3755 default:
04106755
JH		 3756 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3757 MGMT_STATUS_INVALID_PARAMS);
3758 mgmt_pending_remove(cmd);
3759 goto failed;
f39799f5 3760 }
3fd24153 3761
7c307720 3762 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3763 if (err < 0)
3764 mgmt_pending_remove(cmd);
ff9ef578
JH		 3765 else
3766 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3767
3768failed:
09fd0de5 3769 hci_dev_unlock(hdev);
14a53664
JH		 3770 return err;
3771}
3772
1183fdca
AG		 3773static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3774{
3775 struct pending_cmd *cmd;
3776 int err;
3777
3778 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3779 if (!cmd)
3780 return -ENOENT;
3781
3782 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3783 &hdev->discovery.type, sizeof(hdev->discovery.type));
3784 mgmt_pending_remove(cmd);
3785
3786 return err;
3787}
3788
0e05bba6
AG		 3789static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3790{
3791 BT_DBG("status %d", status);
3792
3793 hci_dev_lock(hdev);
3794
3795 if (status) {
3796 mgmt_stop_discovery_failed(hdev, status);
3797 goto unlock;
3798 }
3799
3800 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3801
3802unlock:
3803 hci_dev_unlock(hdev);
3804}
3805
bdb6d971 3806static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3807 u16 len)
14a53664 3808{
d930650b 3809 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3810 struct pending_cmd *cmd;
0e05bba6 3811 struct hci_request req;
14a53664
JH		 3812 int err;
3813
bdb6d971 3814 BT_DBG("%s", hdev->name);
14a53664 3815
09fd0de5 3816 hci_dev_lock(hdev);
14a53664 3817
30dc78e1 3818 if (!hci_discovery_active(hdev)) {
bdb6d971 3819 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3820 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3821 sizeof(mgmt_cp->type));
d930650b
JH		 3822 goto unlock;
3823 }
3824
3825 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3826 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3827 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3828 sizeof(mgmt_cp->type));
30dc78e1 3829 goto unlock;
ff9ef578
JH		 3830 }
3831
2e58ef3e 3832 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3833 if (!cmd) {
3834 err = -ENOMEM;
30dc78e1
JH		 3835 goto unlock;
3836 }
3837
0e05bba6
AG		 3838 hci_req_init(&req, hdev);
3839
21a60d30 3840 hci_stop_discovery(&req);
e0d9727e 3841
21a60d30
JH		 3842 err = hci_req_run(&req, stop_discovery_complete);
3843 if (!err) {
3844 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3845 goto unlock;
14a53664
JH		 3846 }
3847
21a60d30
JH		 3848 mgmt_pending_remove(cmd);
3849
3850 /* If no HCI commands were sent we're done */
3851 if (err == -ENODATA) {
3852 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3853 &mgmt_cp->type, sizeof(mgmt_cp->type));
3854 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3855 }
14a53664 3856
30dc78e1 3857unlock:
09fd0de5 3858 hci_dev_unlock(hdev);
14a53664
JH		 3859 return err;
3860}
3861
bdb6d971 3862static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3863 u16 len)
561aafbc 3864{
650f726d 3865 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3866 struct inquiry_entry *e;
561aafbc
JH		 3867 int err;
3868
bdb6d971 3869 BT_DBG("%s", hdev->name);
561aafbc 3870
561aafbc
JH		 3871 hci_dev_lock(hdev);
3872
30dc78e1 3873 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3874 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3875 MGMT_STATUS_FAILED, &cp->addr,
3876 sizeof(cp->addr));
30dc78e1
JH		 3877 goto failed;
3878 }
3879
a198e7b1 3880 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3881 if (!e) {
d3a2541d
LR		 3882 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3883 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3884 sizeof(cp->addr));
561aafbc
JH		 3885 goto failed;
3886 }
3887
3888 if (cp->name_known) {
3889 e->name_state = NAME_KNOWN;
3890 list_del(&e->list);
3891 } else {
3892 e->name_state = NAME_NEEDED;
a3d4e20a 3893 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3894 }
3895
e384662b
JH		 3896 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3897 sizeof(cp->addr));
561aafbc
JH		 3898
3899failed:
3900 hci_dev_unlock(hdev);
561aafbc
JH		 3901 return err;
3902}
3903
bdb6d971 3904static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3905 u16 len)
7fbec224 3906{
650f726d 3907 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3908 u8 status;
7fbec224
AJ		 3909 int err;
3910
bdb6d971 3911 BT_DBG("%s", hdev->name);
7fbec224 3912
4ee71b20 3913 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3914 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3915 MGMT_STATUS_INVALID_PARAMS,
3916 &cp->addr, sizeof(cp->addr));
4ee71b20 3917
09fd0de5 3918 hci_dev_lock(hdev);
5e762444 3919
88c1fe4b 3920 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3921 if (err < 0) {
f0eeea8b 3922 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3923 goto done;
3924 }
3925
3926 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3927 sk);
3928 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3929
2a8357f2 3930done:
bdb6d971 3931 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3932 &cp->addr, sizeof(cp->addr));
5e762444 3933
09fd0de5 3934 hci_dev_unlock(hdev);
7fbec224
AJ		 3935
3936 return err;
3937}
3938
bdb6d971 3939static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3940 u16 len)
7fbec224 3941{
650f726d 3942 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3943 u8 status;
7fbec224
AJ		 3944 int err;
3945
bdb6d971 3946 BT_DBG("%s", hdev->name);
7fbec224 3947
4ee71b20 3948 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3949 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3950 MGMT_STATUS_INVALID_PARAMS,
3951 &cp->addr, sizeof(cp->addr));
4ee71b20 3952
09fd0de5 3953 hci_dev_lock(hdev);
5e762444 3954
88c1fe4b 3955 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3956 if (err < 0) {
f0eeea8b 3957 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3958 goto done;
3959 }
3960
3961 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3962 sk);
3963 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3964
2a8357f2 3965done:
bdb6d971 3966 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3967 &cp->addr, sizeof(cp->addr));
5e762444 3968
09fd0de5 3969 hci_dev_unlock(hdev);
7fbec224
AJ		 3970
3971 return err;
3972}
3973
cdbaccca
MH		 3974static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3975 u16 len)
3976{
3977 struct mgmt_cp_set_device_id *cp = data;
890ea898 3978 struct hci_request req;
cdbaccca 3979 int err;
c72d4b8a 3980 __u16 source;
cdbaccca
MH		 3981
3982 BT_DBG("%s", hdev->name);
3983
c72d4b8a
SJ		 3984 source = __le16_to_cpu(cp->source);
3985
3986 if (source > 0x0002)
3987 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3988 MGMT_STATUS_INVALID_PARAMS);
3989
cdbaccca
MH		 3990 hci_dev_lock(hdev);
3991
c72d4b8a 3992 hdev->devid_source = source;
cdbaccca
MH		 3993 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3994 hdev->devid_product = __le16_to_cpu(cp->product);
3995 hdev->devid_version = __le16_to_cpu(cp->version);
3996
3997 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3998
890ea898
JH		 3999 hci_req_init(&req, hdev);
4000 update_eir(&req);
4001 hci_req_run(&req, NULL);
cdbaccca
MH		 4002
4003 hci_dev_unlock(hdev);
4004
4005 return err;
4006}
4007
4375f103
JH		 4008static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4009{
4010 struct cmd_lookup match = { NULL, hdev };
4011
4012 if (status) {
4013 u8 mgmt_err = mgmt_status(status);
4014
4015 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4016 cmd_status_rsp, &mgmt_err);
4017 return;
4018 }
4019
4020 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4021 &match);
4022
4023 new_settings(hdev, match.sk);
4024
4025 if (match.sk)
4026 sock_put(match.sk);
4027}
4028
21b5187f
MH		 4029static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4030 u16 len)
4375f103
JH		 4031{
4032 struct mgmt_mode *cp = data;
4033 struct pending_cmd *cmd;
4034 struct hci_request req;
e6fe7986 4035 u8 val, enabled, status;
4375f103
JH		 4036 int err;
4037
4038 BT_DBG("request for %s", hdev->name);
4039
e6fe7986
JH		 4040 status = mgmt_le_support(hdev);
4041 if (status)
4375f103 4042 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4043 status);
4375f103
JH		 4044
4045 if (cp->val != 0x00 && cp->val != 0x01)
4046 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4047 MGMT_STATUS_INVALID_PARAMS);
4048
4049 hci_dev_lock(hdev);
4050
4051 val = !!cp->val;
f3d3444a 4052 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4053
f74ca9b8
JH		 4054 /* The following conditions are ones which mean that we should
4055 * not do any HCI communication but directly send a mgmt
4056 * response to user space (after toggling the flag if
4057 * necessary).
4058 */
4059 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 4060 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 4061 bool changed = false;
4062
f3d3444a
JH		 4063 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4064 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4065 changed = true;
4066 }
4067
4068 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4069 if (err < 0)
4070 goto unlock;
4071
4072 if (changed)
4073 err = new_settings(hdev, sk);
4074
4075 goto unlock;
4076 }
4077
4078 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4079 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4080 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4081 MGMT_STATUS_BUSY);
4082 goto unlock;
4083 }
4084
4085 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4086 if (!cmd) {
4087 err = -ENOMEM;
4088 goto unlock;
4089 }
4090
4091 hci_req_init(&req, hdev);
4092
bba3aa55
MH		 4093 if (val)
4094 enable_advertising(&req);
4095 else
4096 disable_advertising(&req);
4375f103
JH		 4097
4098 err = hci_req_run(&req, set_advertising_complete);
4099 if (err < 0)
4100 mgmt_pending_remove(cmd);
4101
4102unlock:
4103 hci_dev_unlock(hdev);
4104 return err;
4105}
4106
d13eafce
MH		 4107static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4108 void *data, u16 len)
4109{
4110 struct mgmt_cp_set_static_address *cp = data;
4111 int err;
4112
4113 BT_DBG("%s", hdev->name);
4114
62af4443 4115 if (!lmp_le_capable(hdev))
d13eafce 4116 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4117 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4118
4119 if (hdev_is_powered(hdev))
4120 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4121 MGMT_STATUS_REJECTED);
4122
4123 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4124 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4125 return cmd_status(sk, hdev->id,
4126 MGMT_OP_SET_STATIC_ADDRESS,
4127 MGMT_STATUS_INVALID_PARAMS);
4128
4129 /* Two most significant bits shall be set */
4130 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4131 return cmd_status(sk, hdev->id,
4132 MGMT_OP_SET_STATIC_ADDRESS,
4133 MGMT_STATUS_INVALID_PARAMS);
4134 }
4135
4136 hci_dev_lock(hdev);
4137
4138 bacpy(&hdev->static_addr, &cp->bdaddr);
4139
4140 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4141
4142 hci_dev_unlock(hdev);
4143
4144 return err;
4145}
4146
14b49b9a
MH		 4147static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4148 void *data, u16 len)
4149{
4150 struct mgmt_cp_set_scan_params *cp = data;
4151 __u16 interval, window;
4152 int err;
4153
4154 BT_DBG("%s", hdev->name);
4155
4156 if (!lmp_le_capable(hdev))
4157 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4158 MGMT_STATUS_NOT_SUPPORTED);
4159
4160 interval = __le16_to_cpu(cp->interval);
4161
4162 if (interval < 0x0004 || interval > 0x4000)
4163 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4164 MGMT_STATUS_INVALID_PARAMS);
4165
4166 window = __le16_to_cpu(cp->window);
4167
4168 if (window < 0x0004 || window > 0x4000)
4169 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4170 MGMT_STATUS_INVALID_PARAMS);
4171
899e1075
MH		 4172 if (window > interval)
4173 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4174 MGMT_STATUS_INVALID_PARAMS);
4175
14b49b9a
MH		 4176 hci_dev_lock(hdev);
4177
4178 hdev->le_scan_interval = interval;
4179 hdev->le_scan_window = window;
4180
4181 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4182
dd2ef8e2
AG		 4183 /* If background scan is running, restart it so new parameters are
4184 * loaded.
4185 */
4186 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4187 hdev->discovery.state == DISCOVERY_STOPPED) {
4188 struct hci_request req;
4189
4190 hci_req_init(&req, hdev);
4191
4192 hci_req_add_le_scan_disable(&req);
4193 hci_req_add_le_passive_scan(&req);
4194
4195 hci_req_run(&req, NULL);
4196 }
4197
14b49b9a
MH		 4198 hci_dev_unlock(hdev);
4199
4200 return err;
4201}
4202
33e38b3e
JH		 4203static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4204{
4205 struct pending_cmd *cmd;
4206
4207 BT_DBG("status 0x%02x", status);
4208
4209 hci_dev_lock(hdev);
4210
4211 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4212 if (!cmd)
4213 goto unlock;
4214
4215 if (status) {
4216 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4217 mgmt_status(status));
4218 } else {
1a4d3c4b
JH		 4219 struct mgmt_mode *cp = cmd->param;
4220
4221 if (cp->val)
4222 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4223 else
4224 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4225
33e38b3e
JH		 4226 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4227 new_settings(hdev, cmd->sk);
4228 }
4229
4230 mgmt_pending_remove(cmd);
4231
4232unlock:
4233 hci_dev_unlock(hdev);
4234}
4235
bdb6d971 4236static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4237 void *data, u16 len)
f6422ec6 4238{
650f726d 4239 struct mgmt_mode *cp = data;
33e38b3e
JH		 4240 struct pending_cmd *cmd;
4241 struct hci_request req;
f6422ec6
AJ		 4242 int err;
4243
bdb6d971 4244 BT_DBG("%s", hdev->name);
f6422ec6 4245
56f87901
JH		 4246 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4247 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4248 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4249 MGMT_STATUS_NOT_SUPPORTED);
4250
a7e80f25
JH		 4251 if (cp->val != 0x00 && cp->val != 0x01)
4252 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4253 MGMT_STATUS_INVALID_PARAMS);
4254
5400c044 4255 if (!hdev_is_powered(hdev))
bdb6d971 4256 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4257 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4258
4259 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4260 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4261 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4262
4263 hci_dev_lock(hdev);
4264
05cbf29f
JH		 4265 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4267 MGMT_STATUS_BUSY);
4268 goto unlock;
4269 }
4270
1a4d3c4b
JH		 4271 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4272 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4273 hdev);
4274 goto unlock;
4275 }
4276
33e38b3e
JH		 4277 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4278 data, len);
4279 if (!cmd) {
4280 err = -ENOMEM;
4281 goto unlock;
f6422ec6
AJ		 4282 }
4283
33e38b3e
JH		 4284 hci_req_init(&req, hdev);
4285
406d7804 4286 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4287
4288 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4289 if (err < 0) {
bdb6d971 4290 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4291 MGMT_STATUS_FAILED);
33e38b3e 4292 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4293 }
4294
33e38b3e 4295unlock:
f6422ec6 4296 hci_dev_unlock(hdev);
33e38b3e 4297
f6422ec6
AJ		 4298 return err;
4299}
4300
67e5a7a3
JH		 4301static void set_bredr_scan(struct hci_request *req)
4302{
4303 struct hci_dev *hdev = req->hdev;
4304 u8 scan = 0;
4305
4306 /* Ensure that fast connectable is disabled. This function will
4307 * not do anything if the page scan parameters are already what
4308 * they should be.
4309 */
4310 write_fast_connectable(req, false);
4311
4312 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4313 scan |= SCAN_PAGE;
4314 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4315 scan |= SCAN_INQUIRY;
4316
4317 if (scan)
4318 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4319}
4320
0663ca2a
JH		 4321static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4322{
4323 struct pending_cmd *cmd;
4324
4325 BT_DBG("status 0x%02x", status);
4326
4327 hci_dev_lock(hdev);
4328
4329 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4330 if (!cmd)
4331 goto unlock;
4332
4333 if (status) {
4334 u8 mgmt_err = mgmt_status(status);
4335
4336 /* We need to restore the flag if related HCI commands
4337 * failed.
4338 */
4339 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4340
4341 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4342 } else {
4343 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4344 new_settings(hdev, cmd->sk);
4345 }
4346
4347 mgmt_pending_remove(cmd);
4348
4349unlock:
4350 hci_dev_unlock(hdev);
4351}
4352
4353static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4354{
4355 struct mgmt_mode *cp = data;
4356 struct pending_cmd *cmd;
4357 struct hci_request req;
4358 int err;
4359
4360 BT_DBG("request for %s", hdev->name);
4361
4362 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4363 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4364 MGMT_STATUS_NOT_SUPPORTED);
4365
4366 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4367 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4368 MGMT_STATUS_REJECTED);
4369
4370 if (cp->val != 0x00 && cp->val != 0x01)
4371 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4372 MGMT_STATUS_INVALID_PARAMS);
4373
4374 hci_dev_lock(hdev);
4375
4376 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4377 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4378 goto unlock;
4379 }
4380
4381 if (!hdev_is_powered(hdev)) {
4382 if (!cp->val) {
0663ca2a
JH		 4383 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4384 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4385 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4386 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4387 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4388 }
4389
4390 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4391
4392 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4393 if (err < 0)
4394 goto unlock;
4395
4396 err = new_settings(hdev, sk);
4397 goto unlock;
4398 }
4399
4400 /* Reject disabling when powered on */
4401 if (!cp->val) {
4402 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4403 MGMT_STATUS_REJECTED);
4404 goto unlock;
4405 }
4406
4407 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4408 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4409 MGMT_STATUS_BUSY);
4410 goto unlock;
4411 }
4412
4413 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4414 if (!cmd) {
4415 err = -ENOMEM;
4416 goto unlock;
4417 }
4418
5947f4bc 4419 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4420 * generates the correct flags.
4421 */
4422 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4423
4424 hci_req_init(&req, hdev);
aa8af46e
JH		 4425
4426 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4427 set_bredr_scan(&req);
4428
f14d8f64
MH		 4429 /* Since only the advertising data flags will change, there
4430 * is no need to update the scan response data.
4431 */
5947f4bc 4432 update_adv_data(&req);
aa8af46e 4433
0663ca2a
JH		 4434 err = hci_req_run(&req, set_bredr_complete);
4435 if (err < 0)
4436 mgmt_pending_remove(cmd);
4437
4438unlock:
4439 hci_dev_unlock(hdev);
4440 return err;
4441}
4442
eac83dc6
MH		 4443static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4444 void *data, u16 len)
4445{
4446 struct mgmt_mode *cp = data;
4447 struct pending_cmd *cmd;
0ab04a9c 4448 u8 val, status;
eac83dc6
MH		 4449 int err;
4450
4451 BT_DBG("request for %s", hdev->name);
4452
4453 status = mgmt_bredr_support(hdev);
4454 if (status)
4455 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4456 status);
4457
5afeac14 4458 if (!lmp_sc_capable(hdev) &&
111902f7 4459 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4460 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4461 MGMT_STATUS_NOT_SUPPORTED);
4462
0ab04a9c 4463 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4464 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4465 MGMT_STATUS_INVALID_PARAMS);
4466
4467 hci_dev_lock(hdev);
4468
4469 if (!hdev_is_powered(hdev)) {
4470 bool changed;
4471
0ab04a9c 4472 if (cp->val) {
eac83dc6
MH		 4473 changed = !test_and_set_bit(HCI_SC_ENABLED,
4474 &hdev->dev_flags);
0ab04a9c
MH		 4475 if (cp->val == 0x02)
4476 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4477 else
4478 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4479 } else {
eac83dc6
MH		 4480 changed = test_and_clear_bit(HCI_SC_ENABLED,
4481 &hdev->dev_flags);
0ab04a9c
MH		 4482 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4483 }
eac83dc6
MH		 4484
4485 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4486 if (err < 0)
4487 goto failed;
4488
4489 if (changed)
4490 err = new_settings(hdev, sk);
4491
4492 goto failed;
4493 }
4494
4495 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4496 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4497 MGMT_STATUS_BUSY);
4498 goto failed;
4499 }
4500
0ab04a9c
MH		 4501 val = !!cp->val;
4502
4503 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4504 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4505 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4506 goto failed;
4507 }
4508
4509 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4510 if (!cmd) {
4511 err = -ENOMEM;
4512 goto failed;
4513 }
4514
0ab04a9c 4515 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4516 if (err < 0) {
4517 mgmt_pending_remove(cmd);
4518 goto failed;
4519 }
4520
0ab04a9c
MH		 4521 if (cp->val == 0x02)
4522 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4523 else
4524 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4525
eac83dc6
MH		 4526failed:
4527 hci_dev_unlock(hdev);
4528 return err;
4529}
4530
4e39ac81
MH		 4531static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4532 void *data, u16 len)
4533{
4534 struct mgmt_mode *cp = data;
b9710979 4535 bool changed, use_changed;
4e39ac81
MH		 4536 int err;
4537
4538 BT_DBG("request for %s", hdev->name);
4539
b9710979 4540 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4541 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4542 MGMT_STATUS_INVALID_PARAMS);
4543
4544 hci_dev_lock(hdev);
4545
4546 if (cp->val)
0663b297
JH		 4547 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4548 &hdev->dev_flags);
4e39ac81 4549 else
0663b297
JH		 4550 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4551 &hdev->dev_flags);
4e39ac81 4552
b9710979
JH		 4553 if (cp->val == 0x02)
4554 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4555 &hdev->dev_flags);
4556 else
4557 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4558 &hdev->dev_flags);
4559
4560 if (hdev_is_powered(hdev) && use_changed &&
4561 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4562 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4563 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4564 sizeof(mode), &mode);
4565 }
4566
4e39ac81
MH		 4567 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4568 if (err < 0)
4569 goto unlock;
4570
4571 if (changed)
4572 err = new_settings(hdev, sk);
4573
4574unlock:
4575 hci_dev_unlock(hdev);
4576 return err;
4577}
4578
62b04cd1
JH		 4579static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4580 u16 len)
4581{
4582 struct mgmt_cp_set_privacy *cp = cp_data;
4583 bool changed;
4584 int err;
4585
4586 BT_DBG("request for %s", hdev->name);
4587
4588 if (!lmp_le_capable(hdev))
4589 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4590 MGMT_STATUS_NOT_SUPPORTED);
4591
4592 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4593 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4594 MGMT_STATUS_INVALID_PARAMS);
4595
4596 if (hdev_is_powered(hdev))
4597 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4598 MGMT_STATUS_REJECTED);
4599
4600 hci_dev_lock(hdev);
4601
c21c0ea0
JH		 4602 /* If user space supports this command it is also expected to
4603 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4604 */
4605 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4606
62b04cd1
JH		 4607 if (cp->privacy) {
4608 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4609 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4610 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4611 } else {
4612 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4613 memset(hdev->irk, 0, sizeof(hdev->irk));
4614 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4615 }
4616
4617 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4618 if (err < 0)
4619 goto unlock;
4620
4621 if (changed)
4622 err = new_settings(hdev, sk);
4623
4624unlock:
4625 hci_dev_unlock(hdev);
4626 return err;
4627}
4628
41edf160
JH		 4629static bool irk_is_valid(struct mgmt_irk_info *irk)
4630{
4631 switch (irk->addr.type) {
4632 case BDADDR_LE_PUBLIC:
4633 return true;
4634
4635 case BDADDR_LE_RANDOM:
4636 /* Two most significant bits shall be set */
4637 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4638 return false;
4639 return true;
4640 }
4641
4642 return false;
4643}
4644
4645static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4646 u16 len)
4647{
4648 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4649 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4650 sizeof(struct mgmt_irk_info));
41edf160
JH		 4651 u16 irk_count, expected_len;
4652 int i, err;
4653
4654 BT_DBG("request for %s", hdev->name);
4655
4656 if (!lmp_le_capable(hdev))
4657 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4658 MGMT_STATUS_NOT_SUPPORTED);
4659
4660 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4661 if (irk_count > max_irk_count) {
4662 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4663 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4664 MGMT_STATUS_INVALID_PARAMS);
4665 }
41edf160
JH		 4666
4667 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4668 if (expected_len != len) {
4669 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4670 expected_len, len);
41edf160
JH		 4671 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4672 MGMT_STATUS_INVALID_PARAMS);
4673 }
4674
4675 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4676
4677 for (i = 0; i < irk_count; i++) {
4678 struct mgmt_irk_info *key = &cp->irks[i];
4679
4680 if (!irk_is_valid(key))
4681 return cmd_status(sk, hdev->id,
4682 MGMT_OP_LOAD_IRKS,
4683 MGMT_STATUS_INVALID_PARAMS);
4684 }
4685
4686 hci_dev_lock(hdev);
4687
4688 hci_smp_irks_clear(hdev);
4689
4690 for (i = 0; i < irk_count; i++) {
4691 struct mgmt_irk_info *irk = &cp->irks[i];
4692 u8 addr_type;
4693
4694 if (irk->addr.type == BDADDR_LE_PUBLIC)
4695 addr_type = ADDR_LE_DEV_PUBLIC;
4696 else
4697 addr_type = ADDR_LE_DEV_RANDOM;
4698
4699 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4700 BDADDR_ANY);
4701 }
4702
4703 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4704
4705 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4706
4707 hci_dev_unlock(hdev);
4708
4709 return err;
4710}
4711
3f706b72
JH		 4712static bool ltk_is_valid(struct mgmt_ltk_info *key)
4713{
4714 if (key->master != 0x00 && key->master != 0x01)
4715 return false;
490cb0b3
MH		 4716
4717 switch (key->addr.type) {
4718 case BDADDR_LE_PUBLIC:
4719 return true;
4720
4721 case BDADDR_LE_RANDOM:
4722 /* Two most significant bits shall be set */
4723 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4724 return false;
4725 return true;
4726 }
4727
4728 return false;
3f706b72
JH		 4729}
4730
bdb6d971 4731static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4732 void *cp_data, u16 len)
346af67b 4733{
346af67b 4734 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4735 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4736 sizeof(struct mgmt_ltk_info));
346af67b 4737 u16 key_count, expected_len;
715a5bf2 4738 int i, err;
346af67b 4739
cf99ba13
MH		 4740 BT_DBG("request for %s", hdev->name);
4741
4742 if (!lmp_le_capable(hdev))
4743 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4744 MGMT_STATUS_NOT_SUPPORTED);
4745
1f350c87 4746 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4747 if (key_count > max_key_count) {
4748 BT_ERR("load_ltks: too big key_count value %u", key_count);
4749 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4750 MGMT_STATUS_INVALID_PARAMS);
4751 }
346af67b
VCG		 4752
4753 expected_len = sizeof(*cp) + key_count *
4754 sizeof(struct mgmt_ltk_info);
4755 if (expected_len != len) {
4756 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4757 expected_len, len);
bdb6d971 4758 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4759 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4760 }
4761
bdb6d971 4762 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4763
54ad6d8a
JH		 4764 for (i = 0; i < key_count; i++) {
4765 struct mgmt_ltk_info *key = &cp->keys[i];
4766
3f706b72 4767 if (!ltk_is_valid(key))
54ad6d8a
JH		 4768 return cmd_status(sk, hdev->id,
4769 MGMT_OP_LOAD_LONG_TERM_KEYS,
4770 MGMT_STATUS_INVALID_PARAMS);
4771 }
4772
346af67b
VCG		 4773 hci_dev_lock(hdev);
4774
4775 hci_smp_ltks_clear(hdev);
4776
4777 for (i = 0; i < key_count; i++) {
4778 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4779 u8 type, addr_type, authenticated;
79d95a19
MH		 4780
4781 if (key->addr.type == BDADDR_LE_PUBLIC)
4782 addr_type = ADDR_LE_DEV_PUBLIC;
4783 else
4784 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4785
4786 if (key->master)
2ceba539 4787 type = SMP_LTK;
346af67b 4788 else
2ceba539 4789 type = SMP_LTK_SLAVE;
346af67b 4790
61b43357
JH		 4791 switch (key->type) {
4792 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4793 authenticated = 0x00;
61b43357
JH		 4794 break;
4795 case MGMT_LTK_AUTHENTICATED:
d7b25450 4796 authenticated = 0x01;
61b43357
JH		 4797 break;
4798 default:
4799 continue;
4800 }
d7b25450 4801
35d70271 4802 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4803 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4804 key->rand);
346af67b
VCG		 4805 }
4806
715a5bf2
JH		 4807 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4808 NULL, 0);
4809
346af67b 4810 hci_dev_unlock(hdev);
346af67b 4811
715a5bf2 4812 return err;
346af67b
VCG		 4813}
4814
dd983808
AK		 4815struct cmd_conn_lookup {
4816 struct hci_conn *conn;
4817 bool valid_tx_power;
4818 u8 mgmt_status;
4819};
4820
4821static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4822{
4823 struct cmd_conn_lookup *match = data;
4824 struct mgmt_cp_get_conn_info *cp;
4825 struct mgmt_rp_get_conn_info rp;
4826 struct hci_conn *conn = cmd->user_data;
4827
4828 if (conn != match->conn)
4829 return;
4830
4831 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4832
4833 memset(&rp, 0, sizeof(rp));
4834 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4835 rp.addr.type = cp->addr.type;
4836
4837 if (!match->mgmt_status) {
4838 rp.rssi = conn->rssi;
4839
eed5daf3 4840 if (match->valid_tx_power) {
dd983808 4841 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4842 rp.max_tx_power = conn->max_tx_power;
4843 } else {
dd983808 4844 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4845 rp.max_tx_power = HCI_TX_POWER_INVALID;
4846 }
dd983808
AK		 4847 }
4848
4849 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4850 match->mgmt_status, &rp, sizeof(rp));
4851
4852 hci_conn_drop(conn);
4853
4854 mgmt_pending_remove(cmd);
4855}
4856
4857static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4858{
4859 struct hci_cp_read_rssi *cp;
4860 struct hci_conn *conn;
4861 struct cmd_conn_lookup match;
4862 u16 handle;
4863
4864 BT_DBG("status 0x%02x", status);
4865
4866 hci_dev_lock(hdev);
4867
4868 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4869 * otherwise we assume it's not valid. At the moment we assume that
4870 * either both or none of current and max values are valid to keep code
4871 * simple.
dd983808
AK		 4872 */
4873 match.valid_tx_power = !status;
4874
4875 /* Commands sent in request are either Read RSSI or Read Transmit Power
4876 * Level so we check which one was last sent to retrieve connection
4877 * handle. Both commands have handle as first parameter so it's safe to
4878 * cast data on the same command struct.
4879 *
4880 * First command sent is always Read RSSI and we fail only if it fails.
4881 * In other case we simply override error to indicate success as we
4882 * already remembered if TX power value is actually valid.
4883 */
4884 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4885 if (!cp) {
4886 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4887 status = 0;
4888 }
4889
4890 if (!cp) {
4891 BT_ERR("invalid sent_cmd in response");
4892 goto unlock;
4893 }
4894
4895 handle = __le16_to_cpu(cp->handle);
4896 conn = hci_conn_hash_lookup_handle(hdev, handle);
4897 if (!conn) {
4898 BT_ERR("unknown handle (%d) in response", handle);
4899 goto unlock;
4900 }
4901
4902 match.conn = conn;
4903 match.mgmt_status = mgmt_status(status);
4904
4905 /* Cache refresh is complete, now reply for mgmt request for given
4906 * connection only.
4907 */
4908 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4909 get_conn_info_complete, &match);
4910
4911unlock:
4912 hci_dev_unlock(hdev);
4913}
4914
4915static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4916 u16 len)
4917{
4918 struct mgmt_cp_get_conn_info *cp = data;
4919 struct mgmt_rp_get_conn_info rp;
4920 struct hci_conn *conn;
4921 unsigned long conn_info_age;
4922 int err = 0;
4923
4924 BT_DBG("%s", hdev->name);
4925
4926 memset(&rp, 0, sizeof(rp));
4927 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4928 rp.addr.type = cp->addr.type;
4929
4930 if (!bdaddr_type_is_valid(cp->addr.type))
4931 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4932 MGMT_STATUS_INVALID_PARAMS,
4933 &rp, sizeof(rp));
4934
4935 hci_dev_lock(hdev);
4936
4937 if (!hdev_is_powered(hdev)) {
4938 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4939 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4940 goto unlock;
4941 }
4942
4943 if (cp->addr.type == BDADDR_BREDR)
4944 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4945 &cp->addr.bdaddr);
4946 else
4947 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4948
4949 if (!conn || conn->state != BT_CONNECTED) {
4950 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4951 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4952 goto unlock;
4953 }
4954
4955 /* To avoid client trying to guess when to poll again for information we
4956 * calculate conn info age as random value between min/max set in hdev.
4957 */
4958 conn_info_age = hdev->conn_info_min_age +
4959 prandom_u32_max(hdev->conn_info_max_age -
4960 hdev->conn_info_min_age);
4961
4962 /* Query controller to refresh cached values if they are too old or were
4963 * never read.
4964 */
f4e2dd53
AK		 4965 if (time_after(jiffies, conn->conn_info_timestamp +
4966 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4967 !conn->conn_info_timestamp) {
4968 struct hci_request req;
4969 struct hci_cp_read_tx_power req_txp_cp;
4970 struct hci_cp_read_rssi req_rssi_cp;
4971 struct pending_cmd *cmd;
4972
4973 hci_req_init(&req, hdev);
4974 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4975 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4976 &req_rssi_cp);
4977
f7faab0c
AK		 4978 /* For LE links TX power does not change thus we don't need to
4979 * query for it once value is known.
4980 */
4981 if (!bdaddr_type_is_le(cp->addr.type) ||
4982 conn->tx_power == HCI_TX_POWER_INVALID) {
4983 req_txp_cp.handle = cpu_to_le16(conn->handle);
4984 req_txp_cp.type = 0x00;
4985 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4986 sizeof(req_txp_cp), &req_txp_cp);
4987 }
dd983808 4988
eed5daf3
AK		 4989 /* Max TX power needs to be read only once per connection */
4990 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4991 req_txp_cp.handle = cpu_to_le16(conn->handle);
4992 req_txp_cp.type = 0x01;
4993 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4994 sizeof(req_txp_cp), &req_txp_cp);
4995 }
4996
dd983808
AK		 4997 err = hci_req_run(&req, conn_info_refresh_complete);
4998 if (err < 0)
4999 goto unlock;
5000
5001 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5002 data, len);
5003 if (!cmd) {
5004 err = -ENOMEM;
5005 goto unlock;
5006 }
5007
5008 hci_conn_hold(conn);
5009 cmd->user_data = conn;
5010
5011 conn->conn_info_timestamp = jiffies;
5012 } else {
5013 /* Cache is valid, just reply with values cached in hci_conn */
5014 rp.rssi = conn->rssi;
5015 rp.tx_power = conn->tx_power;
eed5daf3 5016 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5017
5018 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5019 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5020 }
5021
5022unlock:
5023 hci_dev_unlock(hdev);
5024 return err;
5025}
5026
95868426
JH		 5027static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5028{
5029 struct mgmt_cp_get_clock_info *cp;
5030 struct mgmt_rp_get_clock_info rp;
5031 struct hci_cp_read_clock *hci_cp;
5032 struct pending_cmd *cmd;
5033 struct hci_conn *conn;
5034
5035 BT_DBG("%s status %u", hdev->name, status);
5036
5037 hci_dev_lock(hdev);
5038
5039 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5040 if (!hci_cp)
5041 goto unlock;
5042
5043 if (hci_cp->which) {
5044 u16 handle = __le16_to_cpu(hci_cp->handle);
5045 conn = hci_conn_hash_lookup_handle(hdev, handle);
5046 } else {
5047 conn = NULL;
5048 }
5049
5050 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5051 if (!cmd)
5052 goto unlock;
5053
5054 cp = cmd->param;
5055
5056 memset(&rp, 0, sizeof(rp));
5057 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5058
5059 if (status)
5060 goto send_rsp;
5061
5062 rp.local_clock = cpu_to_le32(hdev->clock);
5063
5064 if (conn) {
5065 rp.piconet_clock = cpu_to_le32(conn->clock);
5066 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5067 }
5068
5069send_rsp:
5070 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5071 &rp, sizeof(rp));
5072 mgmt_pending_remove(cmd);
5073 if (conn)
5074 hci_conn_drop(conn);
5075
5076unlock:
5077 hci_dev_unlock(hdev);
5078}
5079
5080static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5081 u16 len)
5082{
5083 struct mgmt_cp_get_clock_info *cp = data;
5084 struct mgmt_rp_get_clock_info rp;
5085 struct hci_cp_read_clock hci_cp;
5086 struct pending_cmd *cmd;
5087 struct hci_request req;
5088 struct hci_conn *conn;
5089 int err;
5090
5091 BT_DBG("%s", hdev->name);
5092
5093 memset(&rp, 0, sizeof(rp));
5094 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5095 rp.addr.type = cp->addr.type;
5096
5097 if (cp->addr.type != BDADDR_BREDR)
5098 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5099 MGMT_STATUS_INVALID_PARAMS,
5100 &rp, sizeof(rp));
5101
5102 hci_dev_lock(hdev);
5103
5104 if (!hdev_is_powered(hdev)) {
5105 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5106 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5107 goto unlock;
5108 }
5109
5110 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5111 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5112 &cp->addr.bdaddr);
5113 if (!conn || conn->state != BT_CONNECTED) {
5114 err = cmd_complete(sk, hdev->id,
5115 MGMT_OP_GET_CLOCK_INFO,
5116 MGMT_STATUS_NOT_CONNECTED,
5117 &rp, sizeof(rp));
5118 goto unlock;
5119 }
5120 } else {
5121 conn = NULL;
5122 }
5123
5124 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5125 if (!cmd) {
5126 err = -ENOMEM;
5127 goto unlock;
5128 }
5129
5130 hci_req_init(&req, hdev);
5131
5132 memset(&hci_cp, 0, sizeof(hci_cp));
5133 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5134
5135 if (conn) {
5136 hci_conn_hold(conn);
5137 cmd->user_data = conn;
5138
5139 hci_cp.handle = cpu_to_le16(conn->handle);
5140 hci_cp.which = 0x01; /* Piconet clock */
5141 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5142 }
5143
5144 err = hci_req_run(&req, get_clock_info_complete);
5145 if (err < 0)
5146 mgmt_pending_remove(cmd);
5147
5148unlock:
5149 hci_dev_unlock(hdev);
5150 return err;
5151}
5152
8afef092
MH		 5153static void device_added(struct sock *sk, struct hci_dev *hdev,
5154 bdaddr_t *bdaddr, u8 type, u8 action)
5155{
5156 struct mgmt_ev_device_added ev;
5157
5158 bacpy(&ev.addr.bdaddr, bdaddr);
5159 ev.addr.type = type;
5160 ev.action = action;
5161
5162 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5163}
5164
2faade53
MH		 5165static int add_device(struct sock *sk, struct hci_dev *hdev,
5166 void *data, u16 len)
5167{
5168 struct mgmt_cp_add_device *cp = data;
5169 u8 auto_conn, addr_type;
5170 int err;
5171
5172 BT_DBG("%s", hdev->name);
5173
5174 if (!bdaddr_type_is_le(cp->addr.type) ||
5175 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5176 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5177 MGMT_STATUS_INVALID_PARAMS,
5178 &cp->addr, sizeof(cp->addr));
5179
5180 if (cp->action != 0x00 && cp->action != 0x01)
5181 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5182 MGMT_STATUS_INVALID_PARAMS,
5183 &cp->addr, sizeof(cp->addr));
5184
5185 hci_dev_lock(hdev);
5186
5187 if (cp->addr.type == BDADDR_LE_PUBLIC)
5188 addr_type = ADDR_LE_DEV_PUBLIC;
5189 else
5190 addr_type = ADDR_LE_DEV_RANDOM;
5191
5192 if (cp->action)
5193 auto_conn = HCI_AUTO_CONN_ALWAYS;
5194 else
a3451d27 5195 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5196
bf5b3c8b
MH		 5197 /* If the connection parameters don't exist for this device,
5198 * they will be created and configured with defaults.
5199 */
d06b50ce
MH		 5200 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5201 auto_conn) < 0) {
2faade53
MH		 5202 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5203 MGMT_STATUS_FAILED,
5204 &cp->addr, sizeof(cp->addr));
5205 goto unlock;
5206 }
5207
8afef092
MH		 5208 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5209
2faade53
MH		 5210 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5211 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5212
5213unlock:
5214 hci_dev_unlock(hdev);
5215 return err;
5216}
5217
8afef092
MH		 5218static void device_removed(struct sock *sk, struct hci_dev *hdev,
5219 bdaddr_t *bdaddr, u8 type)
5220{
5221 struct mgmt_ev_device_removed ev;
5222
5223 bacpy(&ev.addr.bdaddr, bdaddr);
5224 ev.addr.type = type;
5225
5226 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5227}
5228
2faade53
MH		 5229static int remove_device(struct sock *sk, struct hci_dev *hdev,
5230 void *data, u16 len)
5231{
5232 struct mgmt_cp_remove_device *cp = data;
5233 int err;
5234
5235 BT_DBG("%s", hdev->name);
5236
5237 hci_dev_lock(hdev);
5238
5239 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5240 struct hci_conn_params *params;
2faade53
MH		 5241 u8 addr_type;
5242
5243 if (!bdaddr_type_is_le(cp->addr.type)) {
5244 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5245 MGMT_STATUS_INVALID_PARAMS,
5246 &cp->addr, sizeof(cp->addr));
5247 goto unlock;
5248 }
5249
5250 if (cp->addr.type == BDADDR_LE_PUBLIC)
5251 addr_type = ADDR_LE_DEV_PUBLIC;
5252 else
5253 addr_type = ADDR_LE_DEV_RANDOM;
5254
c71593dd
JH		 5255 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5256 addr_type);
5257 if (!params) {
5258 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5259 MGMT_STATUS_INVALID_PARAMS,
5260 &cp->addr, sizeof(cp->addr));
5261 goto unlock;
5262 }
5263
5264 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5265 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5266 MGMT_STATUS_INVALID_PARAMS,
5267 &cp->addr, sizeof(cp->addr));
5268 goto unlock;
5269 }
5270
d1dbf12e 5271 list_del(&params->action);
c71593dd
JH		 5272 list_del(&params->list);
5273 kfree(params);
95305baa 5274 hci_update_background_scan(hdev);
8afef092
MH		 5275
5276 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53
MH		 5277 } else {
5278 if (cp->addr.type) {
5279 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5280 MGMT_STATUS_INVALID_PARAMS,
5281 &cp->addr, sizeof(cp->addr));
5282 goto unlock;
5283 }
5284
c71593dd 5285 hci_conn_params_clear_enabled(hdev);
2faade53
MH		 5286 }
5287
5288 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5289 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5290
5291unlock:
5292 hci_dev_unlock(hdev);
5293 return err;
5294}
5295
a26f3dcf
JH		 5296static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5297 u16 len)
5298{
5299 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5300 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5301 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5302 u16 param_count, expected_len;
5303 int i;
5304
5305 if (!lmp_le_capable(hdev))
5306 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5307 MGMT_STATUS_NOT_SUPPORTED);
5308
5309 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5310 if (param_count > max_param_count) {
5311 BT_ERR("load_conn_param: too big param_count value %u",
5312 param_count);
5313 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5314 MGMT_STATUS_INVALID_PARAMS);
5315 }
a26f3dcf
JH		 5316
5317 expected_len = sizeof(*cp) + param_count *
5318 sizeof(struct mgmt_conn_param);
5319 if (expected_len != len) {
5320 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5321 expected_len, len);
5322 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5323 MGMT_STATUS_INVALID_PARAMS);
5324 }
5325
5326 BT_DBG("%s param_count %u", hdev->name, param_count);
5327
5328 hci_dev_lock(hdev);
5329
5330 hci_conn_params_clear_disabled(hdev);
5331
5332 for (i = 0; i < param_count; i++) {
5333 struct mgmt_conn_param *param = &cp->params[i];
5334 struct hci_conn_params *hci_param;
5335 u16 min, max, latency, timeout;
5336 u8 addr_type;
5337
5338 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5339 param->addr.type);
5340
5341 if (param->addr.type == BDADDR_LE_PUBLIC) {
5342 addr_type = ADDR_LE_DEV_PUBLIC;
5343 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5344 addr_type = ADDR_LE_DEV_RANDOM;
5345 } else {
5346 BT_ERR("Ignoring invalid connection parameters");
5347 continue;
5348 }
5349
5350 min = le16_to_cpu(param->min_interval);
5351 max = le16_to_cpu(param->max_interval);
5352 latency = le16_to_cpu(param->latency);
5353 timeout = le16_to_cpu(param->timeout);
5354
5355 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5356 min, max, latency, timeout);
5357
5358 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5359 BT_ERR("Ignoring invalid connection parameters");
5360 continue;
5361 }
5362
5363 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5364 addr_type);
5365 if (!hci_param) {
5366 BT_ERR("Failed to add connection parameters");
5367 continue;
5368 }
5369
5370 hci_param->conn_min_interval = min;
5371 hci_param->conn_max_interval = max;
5372 hci_param->conn_latency = latency;
5373 hci_param->supervision_timeout = timeout;
5374 }
5375
5376 hci_dev_unlock(hdev);
5377
5378 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5379}
5380
dbece37a
MH		 5381static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5382 void *data, u16 len)
5383{
5384 struct mgmt_cp_set_external_config *cp = data;
5385 bool changed;
5386 int err;
5387
5388 BT_DBG("%s", hdev->name);
5389
5390 if (hdev_is_powered(hdev))
5391 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5392 MGMT_STATUS_REJECTED);
5393
5394 if (cp->config != 0x00 && cp->config != 0x01)
5395 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5396 MGMT_STATUS_INVALID_PARAMS);
5397
5398 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5399 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5400 MGMT_STATUS_NOT_SUPPORTED);
5401
5402 hci_dev_lock(hdev);
5403
5404 if (cp->config)
5405 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5406 &hdev->dev_flags);
5407 else
5408 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5409 &hdev->dev_flags);
5410
5411 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5412 if (err < 0)
5413 goto unlock;
5414
5415 if (!changed)
5416 goto unlock;
5417
5418 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5419 mgmt_index_removed(hdev);
5420 change_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5421 mgmt_index_added(hdev);
5422 }
5423
5424unlock:
5425 hci_dev_unlock(hdev);
5426 return err;
5427}
5428
2e3c35ea 5429static const struct mgmt_handler {
04124681
GP		 5430 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5431 u16 data_len);
be22b54e
JH		 5432 bool var_len;
5433 size_t data_len;
0f4e68cf
JH		 5434} mgmt_handlers[] = {
5435 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5436 { read_version, false, MGMT_READ_VERSION_SIZE },
5437 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5438 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5439 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5440 { set_powered, false, MGMT_SETTING_SIZE },
5441 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5442 { set_connectable, false, MGMT_SETTING_SIZE },
5443 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5444 { set_pairable, false, MGMT_SETTING_SIZE },
5445 { set_link_security, false, MGMT_SETTING_SIZE },
5446 { set_ssp, false, MGMT_SETTING_SIZE },
5447 { set_hs, false, MGMT_SETTING_SIZE },
5448 { set_le, false, MGMT_SETTING_SIZE },
5449 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5450 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5451 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5452 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5453 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5454 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5455 { disconnect, false, MGMT_DISCONNECT_SIZE },
5456 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5457 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5458 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5459 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5460 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5461 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5462 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5463 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5464 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5465 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5466 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5467 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5468 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5469 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5470 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5471 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5472 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5473 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5474 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5475 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5476 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5477 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5478 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5479 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5480 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5481 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5482 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5483 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5484 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5485 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5486 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5487 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5488 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5489 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5490 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5491 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
0f4e68cf
JH		 5492};
5493
0381101f
JH		 5494int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5495{
650f726d
VCG		 5496 void *buf;
5497 u8 *cp;
0381101f 5498 struct mgmt_hdr *hdr;
4e51eae9 5499 u16 opcode, index, len;
bdb6d971 5500 struct hci_dev *hdev = NULL;
2e3c35ea 5501 const struct mgmt_handler *handler;
0381101f
JH		 5502 int err;
5503
5504 BT_DBG("got %zu bytes", msglen);
5505
5506 if (msglen < sizeof(*hdr))
5507 return -EINVAL;
5508
e63a15ec 5509 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5510 if (!buf)
5511 return -ENOMEM;
5512
5513 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5514 err = -EFAULT;
5515 goto done;
5516 }
5517
650f726d 5518 hdr = buf;
1f350c87
MH		 5519 opcode = __le16_to_cpu(hdr->opcode);
5520 index = __le16_to_cpu(hdr->index);
5521 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5522
5523 if (len != msglen - sizeof(*hdr)) {
5524 err = -EINVAL;
5525 goto done;
5526 }
5527
0f4e68cf 5528 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5529 hdev = hci_dev_get(index);
5530 if (!hdev) {
5531 err = cmd_status(sk, index, opcode,
04124681 5532 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5533 goto done;
5534 }
0736cfa8 5535
cebf4cfd 5536 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4a964404 5537 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5538 err = cmd_status(sk, index, opcode,
5539 MGMT_STATUS_INVALID_INDEX);
5540 goto done;
5541 }
42a9bc14
MH		 5542
5543 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a
MH		 5544 opcode != MGMT_OP_READ_CONFIG_INFO &&
5545 opcode != MGMT_OP_SET_EXTERNAL_CONFIG) {
42a9bc14
MH		 5546 err = cmd_status(sk, index, opcode,
5547 MGMT_STATUS_INVALID_INDEX);
5548 goto done;
5549 }
bdb6d971
JH		 5550 }
5551
0f4e68cf 5552 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5553 mgmt_handlers[opcode].func == NULL) {
0381101f 5554 BT_DBG("Unknown op %u", opcode);
ca69b795 5555 err = cmd_status(sk, index, opcode,
04124681 5556 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5557 goto done;
5558 }
5559
73d1df2a
MH		 5560 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5561 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5562 err = cmd_status(sk, index, opcode,
5563 MGMT_STATUS_INVALID_INDEX);
5564 goto done;
5565 }
5566
5567 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5568 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5569 err = cmd_status(sk, index, opcode,
04124681 5570 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5571 goto done;
0381101f
JH		 5572 }
5573
be22b54e
JH		 5574 handler = &mgmt_handlers[opcode];
5575
5576 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5577 (!handler->var_len && len != handler->data_len)) {
be22b54e 5578 err = cmd_status(sk, index, opcode,
04124681 5579 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5580 goto done;
5581 }
5582
0f4e68cf
JH		 5583 if (hdev)
5584 mgmt_init_hdev(sk, hdev);
5585
5586 cp = buf + sizeof(*hdr);
5587
be22b54e 5588 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5589 if (err < 0)
5590 goto done;
5591
0381101f
JH		 5592 err = msglen;
5593
5594done:
bdb6d971
JH		 5595 if (hdev)
5596 hci_dev_put(hdev);
5597
0381101f
JH		 5598 kfree(buf);
5599 return err;
5600}
c71e97bf 5601
bf6b56db 5602void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5603{
1514b892 5604 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5605 return;
bb4b2a9a 5606
0602a8ad
MH		 5607 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5608 return;
5609
5610 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5611 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5612 else
5613 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5614}
5615
bf6b56db 5616void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5617{
5f159032 5618 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5619
1514b892 5620 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5621 return;
bb4b2a9a 5622
0602a8ad
MH		 5623 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5624 return;
5625
744cf19e 5626 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5627
edd3896b
MH		 5628 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5629 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5630 else
5631 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5632}
5633
6046dc3e 5634/* This function requires the caller holds hdev->lock */
d7347f3c 5635static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5636{
5637 struct hci_conn_params *p;
5638
5639 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5640 /* Needed for AUTO_OFF case where might not "really"
5641 * have been powered off.
5642 */
5643 list_del_init(&p->action);
5644
5645 switch (p->auto_connect) {
5646 case HCI_AUTO_CONN_ALWAYS:
5647 list_add(&p->action, &hdev->pend_le_conns);
5648 break;
5649 case HCI_AUTO_CONN_REPORT:
5650 list_add(&p->action, &hdev->pend_le_reports);
5651 break;
5652 default:
5653 break;
c83ed19d 5654 }
6046dc3e 5655 }
c83ed19d 5656
c83ed19d 5657 hci_update_background_scan(hdev);
6046dc3e
AG		 5658}
5659
229ab39c
JH		 5660static void powered_complete(struct hci_dev *hdev, u8 status)
5661{
5662 struct cmd_lookup match = { NULL, hdev };
5663
5664 BT_DBG("status 0x%02x", status);
5665
5666 hci_dev_lock(hdev);
5667
d7347f3c 5668 restart_le_actions(hdev);
6046dc3e 5669
229ab39c
JH		 5670 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5671
5672 new_settings(hdev, match.sk);
5673
5674 hci_dev_unlock(hdev);
5675
5676 if (match.sk)
5677 sock_put(match.sk);
5678}
5679
70da6243 5680static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5681{
890ea898 5682 struct hci_request req;
70da6243 5683 u8 link_sec;
5add6af8 5684
890ea898
JH		 5685 hci_req_init(&req, hdev);
5686
70da6243
JH		 5687 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5688 !lmp_host_ssp_capable(hdev)) {
5689 u8 ssp = 1;
5e5282bb 5690
890ea898 5691 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5692 }
5add6af8 5693
c73eee91
JH		 5694 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5695 lmp_bredr_capable(hdev)) {
70da6243 5696 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5697
70da6243
JH		 5698 cp.le = 1;
5699 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5700
70da6243
JH		 5701 /* Check first if we already have the right
5702 * host state (host features set)
5703 */
5704 if (cp.le != lmp_host_le_capable(hdev) ||
5705 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5706 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5707 sizeof(cp), &cp);
70da6243 5708 }
3d1cbdd6 5709
d13eafce 5710 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5711 /* Make sure the controller has a good default for
5712 * advertising data. This also applies to the case
5713 * where BR/EDR was toggled during the AUTO_OFF phase.
5714 */
f14d8f64 5715 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5716 update_adv_data(&req);
f14d8f64
MH		 5717 update_scan_rsp_data(&req);
5718 }
441ad2d0 5719
bba3aa55
MH		 5720 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5721 enable_advertising(&req);
eeca6f89
JH		 5722 }
5723
70da6243
JH		 5724 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5725 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5726 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5727 sizeof(link_sec), &link_sec);
562fcc24 5728
70da6243 5729 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5730 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5731 set_bredr_scan(&req);
890ea898 5732 update_class(&req);
13928971 5733 update_name(&req);
890ea898 5734 update_eir(&req);
70da6243 5735 }
562fcc24 5736
229ab39c 5737 return hci_req_run(&req, powered_complete);
70da6243 5738}
562fcc24 5739
70da6243
JH		 5740int mgmt_powered(struct hci_dev *hdev, u8 powered)
5741{
5742 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5743 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5744 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5745 int err;
f0ff92fb 5746
70da6243
JH		 5747 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5748 return 0;
5749
70da6243 5750 if (powered) {
229ab39c
JH		 5751 if (powered_update_hci(hdev) == 0)
5752 return 0;
fe038884 5753
229ab39c
JH		 5754 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5755 &match);
5756 goto new_settings;
b24752fe
JH		 5757 }
5758
229ab39c
JH		 5759 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5760 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5761
5762 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5763 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5764 zero_cod, sizeof(zero_cod), NULL);
5765
5766new_settings:
beadb2bd 5767 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5768
5769 if (match.sk)
5770 sock_put(match.sk);
5771
7bb895d6 5772 return err;
5add6af8 5773}
73f22f62 5774
3eec705e 5775void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5776{
5777 struct pending_cmd *cmd;
5778 u8 status;
5779
5780 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5781 if (!cmd)
3eec705e 5782 return;
96570ffc
JH		 5783
5784 if (err == -ERFKILL)
5785 status = MGMT_STATUS_RFKILLED;
5786 else
5787 status = MGMT_STATUS_FAILED;
5788
3eec705e 5789 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5790
5791 mgmt_pending_remove(cmd);
96570ffc
JH		 5792}
5793
d1967ff8
MH		 5794void mgmt_discoverable_timeout(struct hci_dev *hdev)
5795{
5796 struct hci_request req;
d1967ff8
MH		 5797
5798 hci_dev_lock(hdev);
5799
5800 /* When discoverable timeout triggers, then just make sure
5801 * the limited discoverable flag is cleared. Even in the case
5802 * of a timeout triggered from general discoverable, it is
5803 * safe to unconditionally clear the flag.
5804 */
5805 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5806 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5807
5808 hci_req_init(&req, hdev);
4b580614
JH		 5809 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5810 u8 scan = SCAN_PAGE;
5811 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5812 sizeof(scan), &scan);
5813 }
d1967ff8 5814 update_class(&req);
9a43e25f 5815 update_adv_data(&req);
d1967ff8
MH		 5816 hci_req_run(&req, NULL);
5817
5818 hdev->discov_timeout = 0;
5819
9a43e25f
JH		 5820 new_settings(hdev, NULL);
5821
d1967ff8
MH		 5822 hci_dev_unlock(hdev);
5823}
5824
86a75645 5825void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5826{
86a75645 5827 bool changed;
73f22f62 5828
bfaf8c9f
JH		 5829 /* Nothing needed here if there's a pending command since that
5830 * commands request completion callback takes care of everything
5831 * necessary.
5832 */
5833 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5834 return;
bfaf8c9f 5835
bd107999
JH		 5836 /* Powering off may clear the scan mode - don't let that interfere */
5837 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5838 return;
5839
9a43e25f 5840 if (discoverable) {
86a75645 5841 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5842 } else {
5843 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5844 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5845 }
5846
5847 if (changed) {
5848 struct hci_request req;
5849
5850 /* In case this change in discoverable was triggered by
5851 * a disabling of connectable there could be a need to
5852 * update the advertising flags.
5853 */
5854 hci_req_init(&req, hdev);
5855 update_adv_data(&req);
5856 hci_req_run(&req, NULL);
73f22f62 5857
86a75645 5858 new_settings(hdev, NULL);
9a43e25f 5859 }
73f22f62 5860}
9fbcbb45 5861
a330916c 5862void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5863{
a330916c 5864 bool changed;
9fbcbb45 5865
d7b856f9
JH		 5866 /* Nothing needed here if there's a pending command since that
5867 * commands request completion callback takes care of everything
5868 * necessary.
5869 */
5870 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5871 return;
d7b856f9 5872
ce3f24cf
JH		 5873 /* Powering off may clear the scan mode - don't let that interfere */
5874 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5875 return;
5876
a330916c
MH		 5877 if (connectable)
5878 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5879 else
5880 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5881
beadb2bd 5882 if (changed)
a330916c 5883 new_settings(hdev, NULL);
9fbcbb45 5884}
55ed8ca1 5885
778b235a
JH		 5886void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5887{
7c4cfab8
JH		 5888 /* Powering off may stop advertising - don't let that interfere */
5889 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5890 return;
5891
778b235a
JH		 5892 if (advertising)
5893 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5894 else
5895 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5896}
5897
4796e8af 5898void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5899{
ca69b795
JH		 5900 u8 mgmt_err = mgmt_status(status);
5901
2d7cee58 5902 if (scan & SCAN_PAGE)
744cf19e 5903 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5904 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5905
5906 if (scan & SCAN_INQUIRY)
744cf19e 5907 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5908 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5909}
5910
dc4a5ee2
MH		 5911void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5912 bool persistent)
55ed8ca1 5913{
86742e1e 5914 struct mgmt_ev_new_link_key ev;
55ed8ca1 5915
a492cd52 5916 memset(&ev, 0, sizeof(ev));
55ed8ca1 5917
a492cd52 5918 ev.store_hint = persistent;
d753fdc4 5919 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5920 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5921 ev.key.type = key->type;
9b3b4460 5922 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5923 ev.key.pin_len = key->pin_len;
55ed8ca1 5924
dc4a5ee2 5925 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5926}
f7520543 5927
d7b25450
JH		 5928static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5929{
5930 if (ltk->authenticated)
5931 return MGMT_LTK_AUTHENTICATED;
5932
5933 return MGMT_LTK_UNAUTHENTICATED;
5934}
5935
53ac6ab6 5936void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5937{
5938 struct mgmt_ev_new_long_term_key ev;
5939
5940 memset(&ev, 0, sizeof(ev));
5941
5192d301
MH		 5942 /* Devices using resolvable or non-resolvable random addresses
5943 * without providing an indentity resolving key don't require
5944 * to store long term keys. Their addresses will change the
5945 * next time around.
5946 *
5947 * Only when a remote device provides an identity address
5948 * make sure the long term key is stored. If the remote
5949 * identity is known, the long term keys are internally
5950 * mapped to the identity address. So allow static random
5951 * and public addresses here.
5952 */
ba74b666
JH		 5953 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5954 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5955 ev.store_hint = 0x00;
5956 else
53ac6ab6 5957 ev.store_hint = persistent;
ba74b666 5958
346af67b 5959 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5960 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5961 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5962 ev.key.enc_size = key->enc_size;
5963 ev.key.ediv = key->ediv;
fe39c7b2 5964 ev.key.rand = key->rand;
346af67b 5965
2ceba539 5966 if (key->type == SMP_LTK)
346af67b
VCG		 5967 ev.key.master = 1;
5968
346af67b
VCG		 5969 memcpy(ev.key.val, key->val, sizeof(key->val));
5970
083368f7 5971 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5972}
5973
95fbac8a
JH		 5974void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5975{
5976 struct mgmt_ev_new_irk ev;
5977
5978 memset(&ev, 0, sizeof(ev));
5979
bab6d1e5
MH		 5980 /* For identity resolving keys from devices that are already
5981 * using a public address or static random address, do not
5982 * ask for storing this key. The identity resolving key really
5983 * is only mandatory for devices using resovlable random
5984 * addresses.
5985 *
5986 * Storing all identity resolving keys has the downside that
5987 * they will be also loaded on next boot of they system. More
5988 * identity resolving keys, means more time during scanning is
5989 * needed to actually resolve these addresses.
5990 */
5991 if (bacmp(&irk->rpa, BDADDR_ANY))
5992 ev.store_hint = 0x01;
5993 else
5994 ev.store_hint = 0x00;
5995
95fbac8a
JH		 5996 bacpy(&ev.rpa, &irk->rpa);
5997 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5998 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5999 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6000
6001 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6002}
6003
53ac6ab6
MH		 6004void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6005 bool persistent)
7ee4ea36
MH		 6006{
6007 struct mgmt_ev_new_csrk ev;
6008
6009 memset(&ev, 0, sizeof(ev));
6010
6011 /* Devices using resolvable or non-resolvable random addresses
6012 * without providing an indentity resolving key don't require
6013 * to store signature resolving keys. Their addresses will change
6014 * the next time around.
6015 *
6016 * Only when a remote device provides an identity address
6017 * make sure the signature resolving key is stored. So allow
6018 * static random and public addresses here.
6019 */
6020 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6021 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6022 ev.store_hint = 0x00;
6023 else
53ac6ab6 6024 ev.store_hint = persistent;
7ee4ea36
MH		 6025
6026 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6027 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6028 ev.key.master = csrk->master;
6029 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6030
6031 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6032}
6033
ffb5a827 6034void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6035 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6036 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6037{
6038 struct mgmt_ev_new_conn_param ev;
6039
c103aea6
JH		 6040 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6041 return;
6042
ffb5a827
AG		 6043 memset(&ev, 0, sizeof(ev));
6044 bacpy(&ev.addr.bdaddr, bdaddr);
6045 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6046 ev.store_hint = store_hint;
ffb5a827
AG		 6047 ev.min_interval = cpu_to_le16(min_interval);
6048 ev.max_interval = cpu_to_le16(max_interval);
6049 ev.latency = cpu_to_le16(latency);
6050 ev.timeout = cpu_to_le16(timeout);
6051
6052 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6053}
6054
94933991
MH		 6055static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6056 u8 data_len)
6057{
6058 eir[eir_len++] = sizeof(type) + data_len;
6059 eir[eir_len++] = type;
6060 memcpy(&eir[eir_len], data, data_len);
6061 eir_len += data_len;
6062
6063 return eir_len;
6064}
6065
ecd90ae7
MH		 6066void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6067 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6068 u8 *dev_class)
f7520543 6069{
b644ba33
JH		 6070 char buf[512];
6071 struct mgmt_ev_device_connected *ev = (void *) buf;
6072 u16 eir_len = 0;
f7520543 6073
b644ba33 6074 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6075 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6076
c95f0ba7 6077 ev->flags = __cpu_to_le32(flags);
08c79b61 6078
b644ba33
JH		 6079 if (name_len > 0)
6080 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6081 name, name_len);
b644ba33
JH		 6082
6083 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6084 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6085 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6086
eb55ef07 6087 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6088
ecd90ae7
MH		 6089 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6090 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6091}
6092
8962ee74
JH		 6093static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6094{
c68fb7ff 6095 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6096 struct sock **sk = data;
a38528f1 6097 struct mgmt_rp_disconnect rp;
8962ee74 6098
88c3df13
JH		 6099 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6100 rp.addr.type = cp->addr.type;
8962ee74 6101
aee9b218 6102 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6103 sizeof(rp));
8962ee74
JH		 6104
6105 *sk = cmd->sk;
6106 sock_hold(*sk);
6107
a664b5bc 6108 mgmt_pending_remove(cmd);
8962ee74
JH		 6109}
6110
124f6e35 6111static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6112{
b1078ad0 6113 struct hci_dev *hdev = data;
124f6e35
JH		 6114 struct mgmt_cp_unpair_device *cp = cmd->param;
6115 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6116
6117 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6118 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6119 rp.addr.type = cp->addr.type;
a8a1d19e 6120
b1078ad0
JH		 6121 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6122
aee9b218 6123 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6124
6125 mgmt_pending_remove(cmd);
6126}
6127
9b80ec5e 6128void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6129 u8 link_type, u8 addr_type, u8 reason,
6130 bool mgmt_connected)
f7520543 6131{
f0d6a0ea 6132 struct mgmt_ev_device_disconnected ev;
8b064a3a 6133 struct pending_cmd *power_off;
8962ee74 6134 struct sock *sk = NULL;
8962ee74 6135
8b064a3a
JH		 6136 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6137 if (power_off) {
6138 struct mgmt_mode *cp = power_off->param;
6139
6140 /* The connection is still in hci_conn_hash so test for 1
6141 * instead of 0 to know if this is the last one.
6142 */
a3172b7e
JH		 6143 if (!cp->val && hci_conn_count(hdev) == 1) {
6144 cancel_delayed_work(&hdev->power_off);
8b064a3a 6145 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6146 }
8b064a3a
JH		 6147 }
6148
12d4a3b2
JH		 6149 if (!mgmt_connected)
6150 return;
6151
57eb776f
AG		 6152 if (link_type != ACL_LINK && link_type != LE_LINK)
6153 return;
6154
744cf19e 6155 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6156
f0d6a0ea
MA		 6157 bacpy(&ev.addr.bdaddr, bdaddr);
6158 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6159 ev.reason = reason;
f7520543 6160
9b80ec5e 6161 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6162
6163 if (sk)
d97dcb66 6164 sock_put(sk);
8962ee74 6165
124f6e35 6166 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6167 hdev);
8962ee74
JH		 6168}
6169
7892924c
MH		 6170void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6171 u8 link_type, u8 addr_type, u8 status)
8962ee74 6172{
3655bba8
AG		 6173 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6174 struct mgmt_cp_disconnect *cp;
88c3df13 6175 struct mgmt_rp_disconnect rp;
8962ee74 6176 struct pending_cmd *cmd;
8962ee74 6177
36a75f1b
JD		 6178 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6179 hdev);
6180
2e58ef3e 6181 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6182 if (!cmd)
7892924c 6183 return;
8962ee74 6184
3655bba8
AG		 6185 cp = cmd->param;
6186
6187 if (bacmp(bdaddr, &cp->addr.bdaddr))
6188 return;
6189
6190 if (cp->addr.type != bdaddr_type)
6191 return;
6192
88c3df13 6193 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6194 rp.addr.type = bdaddr_type;
37d9ef76 6195
7892924c
MH		 6196 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6197 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6198
a664b5bc 6199 mgmt_pending_remove(cmd);
f7520543 6200}
17d5c04c 6201
445608d0
MH		 6202void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6203 u8 addr_type, u8 status)
17d5c04c
JH		 6204{
6205 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6206 struct pending_cmd *power_off;
6207
6208 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6209 if (power_off) {
6210 struct mgmt_mode *cp = power_off->param;
6211
6212 /* The connection is still in hci_conn_hash so test for 1
6213 * instead of 0 to know if this is the last one.
6214 */
a3172b7e
JH		 6215 if (!cp->val && hci_conn_count(hdev) == 1) {
6216 cancel_delayed_work(&hdev->power_off);
c9910d0f 6217 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6218 }
c9910d0f 6219 }
17d5c04c 6220
4c659c39 6221 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6222 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6223 ev.status = mgmt_status(status);
17d5c04c 6224
445608d0 6225 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6226}
980e1a53 6227
ce0e4a0d 6228void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6229{
6230 struct mgmt_ev_pin_code_request ev;
6231
d8457698 6232 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6233 ev.addr.type = BDADDR_BREDR;
a770bb5a 6234 ev.secure = secure;
980e1a53 6235
ce0e4a0d 6236 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6237}
6238
e669cf80
MH		 6239void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6240 u8 status)
980e1a53
JH		 6241{
6242 struct pending_cmd *cmd;
ac56fb13 6243 struct mgmt_rp_pin_code_reply rp;
980e1a53 6244
2e58ef3e 6245 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6246 if (!cmd)
e669cf80 6247 return;
980e1a53 6248
d8457698 6249 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6250 rp.addr.type = BDADDR_BREDR;
ac56fb13 6251
e669cf80
MH		 6252 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6253 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6254
a664b5bc 6255 mgmt_pending_remove(cmd);
980e1a53
JH		 6256}
6257
3eb38528
MH		 6258void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6259 u8 status)
980e1a53
JH		 6260{
6261 struct pending_cmd *cmd;
ac56fb13 6262 struct mgmt_rp_pin_code_reply rp;
980e1a53 6263
2e58ef3e 6264 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6265 if (!cmd)
3eb38528 6266 return;
980e1a53 6267
d8457698 6268 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6269 rp.addr.type = BDADDR_BREDR;
ac56fb13 6270
3eb38528
MH		 6271 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6272 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6273
a664b5bc 6274 mgmt_pending_remove(cmd);
980e1a53 6275}
a5c29683 6276
744cf19e 6277int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6278 u8 link_type, u8 addr_type, u32 value,
04124681 6279 u8 confirm_hint)
a5c29683
JH		 6280{
6281 struct mgmt_ev_user_confirm_request ev;
6282
744cf19e 6283 BT_DBG("%s", hdev->name);
a5c29683 6284
272d90df 6285 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6286 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6287 ev.confirm_hint = confirm_hint;
39adbffe 6288 ev.value = cpu_to_le32(value);
a5c29683 6289
744cf19e 6290 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6291 NULL);
a5c29683
JH		 6292}
6293
272d90df 6294int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6295 u8 link_type, u8 addr_type)
604086b7
BG		 6296{
6297 struct mgmt_ev_user_passkey_request ev;
6298
6299 BT_DBG("%s", hdev->name);
6300
272d90df 6301 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6302 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6303
6304 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6305 NULL);
604086b7
BG		 6306}
6307
0df4c185 6308static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6309 u8 link_type, u8 addr_type, u8 status,
6310 u8 opcode)
a5c29683
JH		 6311{
6312 struct pending_cmd *cmd;
6313 struct mgmt_rp_user_confirm_reply rp;
6314 int err;
6315
2e58ef3e 6316 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6317 if (!cmd)
6318 return -ENOENT;
6319
272d90df 6320 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6321 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6322 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6323 &rp, sizeof(rp));
a5c29683 6324
a664b5bc 6325 mgmt_pending_remove(cmd);
a5c29683
JH		 6326
6327 return err;
6328}
6329
744cf19e 6330int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6331 u8 link_type, u8 addr_type, u8 status)
a5c29683 6332{
272d90df 6333 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6334 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6335}
6336
272d90df 6337int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6338 u8 link_type, u8 addr_type, u8 status)
a5c29683 6339{
272d90df 6340 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6341 status,
6342 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6343}
2a611692 6344
604086b7 6345int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6346 u8 link_type, u8 addr_type, u8 status)
604086b7 6347{
272d90df 6348 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6349 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6350}
6351
272d90df 6352int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6353 u8 link_type, u8 addr_type, u8 status)
604086b7 6354{
272d90df 6355 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6356 status,
6357 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6358}
6359
92a25256
JH		 6360int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6361 u8 link_type, u8 addr_type, u32 passkey,
6362 u8 entered)
6363{
6364 struct mgmt_ev_passkey_notify ev;
6365
6366 BT_DBG("%s", hdev->name);
6367
6368 bacpy(&ev.addr.bdaddr, bdaddr);
6369 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6370 ev.passkey = __cpu_to_le32(passkey);
6371 ev.entered = entered;
6372
6373 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6374}
6375
e546099c
MH		 6376void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6377 u8 addr_type, u8 status)
2a611692
JH		 6378{
6379 struct mgmt_ev_auth_failed ev;
6380
bab73cb6 6381 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6382 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6383 ev.status = mgmt_status(status);
2a611692 6384
e546099c 6385 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6386}
b312b161 6387
464996ae 6388void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6389{
6390 struct cmd_lookup match = { NULL, hdev };
464996ae 6391 bool changed;
33ef95ed
JH		 6392
6393 if (status) {
6394 u8 mgmt_err = mgmt_status(status);
6395 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6396 cmd_status_rsp, &mgmt_err);
464996ae 6397 return;
33ef95ed
JH		 6398 }
6399
464996ae
MH		 6400 if (test_bit(HCI_AUTH, &hdev->flags))
6401 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6402 &hdev->dev_flags);
6403 else
6404 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6405 &hdev->dev_flags);
47990ea0 6406
33ef95ed 6407 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6408 &match);
33ef95ed 6409
47990ea0 6410 if (changed)
464996ae 6411 new_settings(hdev, match.sk);
33ef95ed
JH		 6412
6413 if (match.sk)
6414 sock_put(match.sk);
33ef95ed
JH		 6415}
6416
890ea898 6417static void clear_eir(struct hci_request *req)
cacaf52f 6418{
890ea898 6419 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6420 struct hci_cp_write_eir cp;
6421
976eb20e 6422 if (!lmp_ext_inq_capable(hdev))
890ea898 6423 return;
cacaf52f 6424
c80da27e
JH		 6425 memset(hdev->eir, 0, sizeof(hdev->eir));
6426
cacaf52f
JH		 6427 memset(&cp, 0, sizeof(cp));
6428
890ea898 6429 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6430}
6431
3e248560 6432void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6433{
6434 struct cmd_lookup match = { NULL, hdev };
890ea898 6435 struct hci_request req;
c0ecddc2 6436 bool changed = false;
ed2c4ee3
JH		 6437
6438 if (status) {
6439 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6440
6441 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6442 &hdev->dev_flags)) {
6443 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6444 new_settings(hdev, NULL);
9ecb3e24 6445 }
c0ecddc2 6446
04124681
GP		 6447 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6448 &mgmt_err);
3e248560 6449 return;
c0ecddc2
JH		 6450 }
6451
6452 if (enable) {
9ecb3e24 6453 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6454 } else {
9ecb3e24
MH		 6455 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6456 if (!changed)
6457 changed = test_and_clear_bit(HCI_HS_ENABLED,
6458 &hdev->dev_flags);
6459 else
6460 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6461 }
6462
6463 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6464
c0ecddc2 6465 if (changed)
3e248560 6466 new_settings(hdev, match.sk);
ed2c4ee3 6467
5fc6ebb1 6468 if (match.sk)
ed2c4ee3
JH		 6469 sock_put(match.sk);
6470
890ea898
JH		 6471 hci_req_init(&req, hdev);
6472
3769972b
JH		 6473 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6474 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6475 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6476 sizeof(enable), &enable);
890ea898 6477 update_eir(&req);
3769972b 6478 } else {
890ea898 6479 clear_eir(&req);
3769972b 6480 }
890ea898
JH		 6481
6482 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6483}
6484
eac83dc6
MH		 6485void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6486{
6487 struct cmd_lookup match = { NULL, hdev };
6488 bool changed = false;
6489
6490 if (status) {
6491 u8 mgmt_err = mgmt_status(status);
6492
0ab04a9c
MH		 6493 if (enable) {
6494 if (test_and_clear_bit(HCI_SC_ENABLED,
6495 &hdev->dev_flags))
6496 new_settings(hdev, NULL);
6497 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6498 }
eac83dc6
MH		 6499
6500 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6501 cmd_status_rsp, &mgmt_err);
6502 return;
6503 }
6504
0ab04a9c 6505 if (enable) {
eac83dc6 6506 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6507 } else {
eac83dc6 6508 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6509 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6510 }
eac83dc6
MH		 6511
6512 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6513 settings_rsp, &match);
6514
6515 if (changed)
6516 new_settings(hdev, match.sk);
6517
6518 if (match.sk)
6519 sock_put(match.sk);
6520}
6521
92da6097 6522static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6523{
6524 struct cmd_lookup *match = data;
6525
90e70454
JH		 6526 if (match->sk == NULL) {
6527 match->sk = cmd->sk;
6528 sock_hold(match->sk);
6529 }
90e70454
JH		 6530}
6531
4e1b0245
MH		 6532void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6533 u8 status)
7f9a903c 6534{
90e70454 6535 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6536
92da6097
JH		 6537 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6538 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6539 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6540
6541 if (!status)
4e1b0245
MH		 6542 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6543 NULL);
90e70454
JH		 6544
6545 if (match.sk)
6546 sock_put(match.sk);
7f9a903c
MH		 6547}
6548
7667da34 6549void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6550{
b312b161 6551 struct mgmt_cp_set_local_name ev;
13928971 6552 struct pending_cmd *cmd;
28cc7bde 6553
13928971 6554 if (status)
7667da34 6555 return;
b312b161
JH		 6556
6557 memset(&ev, 0, sizeof(ev));
6558 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6559 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6560
2e58ef3e 6561 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6562 if (!cmd) {
6563 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6564
13928971
JH		 6565 /* If this is a HCI command related to powering on the
6566 * HCI dev don't send any mgmt signals.
6567 */
6568 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6569 return;
890ea898 6570 }
b312b161 6571
7667da34
MH		 6572 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6573 cmd ? cmd->sk : NULL);
b312b161 6574}
c35938b2 6575
4d2d2796
MH		 6576void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6577 u8 *randomizer192, u8 *hash256,
6578 u8 *randomizer256, u8 status)
c35938b2
SJ		 6579{
6580 struct pending_cmd *cmd;
c35938b2 6581
744cf19e 6582 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6583
2e58ef3e 6584 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6585 if (!cmd)
3edaf092 6586 return;
c35938b2
SJ		 6587
6588 if (status) {
3edaf092
MH		 6589 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6590 mgmt_status(status));
c35938b2 6591 } else {
4d2d2796
MH		 6592 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6593 hash256 && randomizer256) {
6594 struct mgmt_rp_read_local_oob_ext_data rp;
6595
6596 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6597 memcpy(rp.randomizer192, randomizer192,
6598 sizeof(rp.randomizer192));
c35938b2 6599
4d2d2796
MH		 6600 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6601 memcpy(rp.randomizer256, randomizer256,
6602 sizeof(rp.randomizer256));
c35938b2 6603
4d2d2796
MH		 6604 cmd_complete(cmd->sk, hdev->id,
6605 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6606 &rp, sizeof(rp));
6607 } else {
6608 struct mgmt_rp_read_local_oob_data rp;
6609
6610 memcpy(rp.hash, hash192, sizeof(rp.hash));
6611 memcpy(rp.randomizer, randomizer192,
6612 sizeof(rp.randomizer));
6613
6614 cmd_complete(cmd->sk, hdev->id,
6615 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6616 &rp, sizeof(rp));
6617 }
c35938b2
SJ		 6618 }
6619
6620 mgmt_pending_remove(cmd);
c35938b2 6621}
e17acd40 6622
901801b9 6623void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6624 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6625 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6626{
e319d2e7
JH		 6627 char buf[512];
6628 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6629 struct smp_irk *irk;
1dc06093 6630 size_t ev_size;
e17acd40 6631
75ce208c
JH		 6632 /* Don't send events for a non-kernel initiated discovery. With
6633 * LE one exception is if we have pend_le_reports > 0 in which
6634 * case we're doing passive scanning and want these events.
6635 */
6636 if (!hci_discovery_active(hdev)) {
6637 if (link_type == ACL_LINK)
6638 return;
66f8455a 6639 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6640 return;
6641 }
12602d0c 6642
5d2e9fad
JH		 6643 /* Make sure that the buffer is big enough. The 5 extra bytes
6644 * are for the potential CoD field.
6645 */
6646 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6647 return;
7d262f86 6648
1dc06093
JH		 6649 memset(buf, 0, sizeof(buf));
6650
5cedbb8d
JH		 6651 irk = hci_get_irk(hdev, bdaddr, addr_type);
6652 if (irk) {
6653 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6654 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6655 } else {
6656 bacpy(&ev->addr.bdaddr, bdaddr);
6657 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6658 }
6659
e319d2e7 6660 ev->rssi = rssi;
af58925c 6661 ev->flags = cpu_to_le32(flags);
e17acd40 6662
1dc06093 6663 if (eir_len > 0)
e319d2e7 6664 memcpy(ev->eir, eir, eir_len);
e17acd40 6665
1dc06093
JH		 6666 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6667 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6668 dev_class, 3);
1dc06093 6669
5d2e9fad
JH		 6670 if (scan_rsp_len > 0)
6671 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6672
6673 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6674 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6675
901801b9 6676 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6677}
a88a9652 6678
9cf12aee
MH		 6679void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6680 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6681{
b644ba33
JH		 6682 struct mgmt_ev_device_found *ev;
6683 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6684 u16 eir_len;
a88a9652 6685
b644ba33 6686 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6687
b644ba33
JH		 6688 memset(buf, 0, sizeof(buf));
6689
6690 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6691 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6692 ev->rssi = rssi;
6693
6694 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6695 name_len);
b644ba33 6696
eb55ef07 6697 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6698
9cf12aee 6699 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6700}
314b2381 6701
2f1e063b 6702void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6703{
f963e8e9 6704 struct mgmt_ev_discovering ev;
164a6e78
JH		 6705 struct pending_cmd *cmd;
6706
343fb145
AG		 6707 BT_DBG("%s discovering %u", hdev->name, discovering);
6708
164a6e78 6709 if (discovering)
2e58ef3e 6710 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6711 else
2e58ef3e 6712 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6713
6714 if (cmd != NULL) {
f808e166
JH		 6715 u8 type = hdev->discovery.type;
6716
04124681
GP		 6717 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6718 sizeof(type));
164a6e78
JH		 6719 mgmt_pending_remove(cmd);
6720 }
6721
f963e8e9
JH		 6722 memset(&ev, 0, sizeof(ev));
6723 ev.type = hdev->discovery.type;
6724 ev.discovering = discovering;
6725
2f1e063b 6726 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6727}
5e762444 6728
5976e608
MH		 6729static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6730{
6731 BT_DBG("%s status %u", hdev->name, status);
6732
6733 /* Clear the advertising mgmt setting if we failed to re-enable it */
6734 if (status) {
6735 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6736 new_settings(hdev, NULL);
5976e608
MH		 6737 }
6738}
6739
6740void mgmt_reenable_advertising(struct hci_dev *hdev)
6741{
6742 struct hci_request req;
6743
b145edcd 6744 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6745 return;
6746
6747 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6748 return;
6749
6750 hci_req_init(&req, hdev);
6751 enable_advertising(&req);
6752
6753 /* If this fails we have no option but to let user space know
6754 * that we've disabled advertising.
6755 */
6756 if (hci_req_run(&req, adv_enable_complete) < 0) {
6757 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6758 new_settings(hdev, NULL);
5976e608
MH		 6759 }
6760}
Linux kernel - Deliverables
This page took 0.958129 seconds and 5 git commands to generate.