projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for Unconfigured Index Added events
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
e70bb2e8
JH		 92};
93
94static const u16 mgmt_events[] = {
95 MGMT_EV_CONTROLLER_ERROR,
96 MGMT_EV_INDEX_ADDED,
97 MGMT_EV_INDEX_REMOVED,
98 MGMT_EV_NEW_SETTINGS,
99 MGMT_EV_CLASS_OF_DEV_CHANGED,
100 MGMT_EV_LOCAL_NAME_CHANGED,
101 MGMT_EV_NEW_LINK_KEY,
102 MGMT_EV_NEW_LONG_TERM_KEY,
103 MGMT_EV_DEVICE_CONNECTED,
104 MGMT_EV_DEVICE_DISCONNECTED,
105 MGMT_EV_CONNECT_FAILED,
106 MGMT_EV_PIN_CODE_REQUEST,
107 MGMT_EV_USER_CONFIRM_REQUEST,
108 MGMT_EV_USER_PASSKEY_REQUEST,
109 MGMT_EV_AUTH_FAILED,
110 MGMT_EV_DEVICE_FOUND,
111 MGMT_EV_DISCOVERING,
112 MGMT_EV_DEVICE_BLOCKED,
113 MGMT_EV_DEVICE_UNBLOCKED,
114 MGMT_EV_DEVICE_UNPAIRED,
92a25256 115 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 116 MGMT_EV_NEW_IRK,
7ee4ea36 117 MGMT_EV_NEW_CSRK,
8afef092
MH		 118 MGMT_EV_DEVICE_ADDED,
119 MGMT_EV_DEVICE_REMOVED,
ffb5a827 120 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 121 MGMT_EV_UNCONF_INDEX_ADDED,
e70bb2e8
JH		 122};
123
17b02e62 124#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 125
4b34ee78
JH		 126#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
127 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
128
eec8d2bc
JH		 129struct pending_cmd {
130 struct list_head list;
fc2f4b13 131 u16 opcode;
eec8d2bc 132 int index;
c68fb7ff 133 void *param;
eec8d2bc 134 struct sock *sk;
e9a416b5 135 void *user_data;
eec8d2bc
JH		 136};
137
ca69b795
JH		 138/* HCI to MGMT error code conversion table */
139static u8 mgmt_status_table[] = {
140 MGMT_STATUS_SUCCESS,
141 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
142 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
143 MGMT_STATUS_FAILED, /* Hardware Failure */
144 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
145 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 146 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 147 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
148 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
149 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
150 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
151 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
152 MGMT_STATUS_BUSY, /* Command Disallowed */
153 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
154 MGMT_STATUS_REJECTED, /* Rejected Security */
155 MGMT_STATUS_REJECTED, /* Rejected Personal */
156 MGMT_STATUS_TIMEOUT, /* Host Timeout */
157 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
158 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
159 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
160 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
161 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
162 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
163 MGMT_STATUS_BUSY, /* Repeated Attempts */
164 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
165 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
166 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
167 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
168 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
169 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
170 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
171 MGMT_STATUS_FAILED, /* Unspecified Error */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
173 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
174 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
175 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
176 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
177 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
178 MGMT_STATUS_FAILED, /* Unit Link Key Used */
179 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
180 MGMT_STATUS_TIMEOUT, /* Instant Passed */
181 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
182 MGMT_STATUS_FAILED, /* Transaction Collision */
183 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
184 MGMT_STATUS_REJECTED, /* QoS Rejected */
185 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
186 MGMT_STATUS_REJECTED, /* Insufficient Security */
187 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
188 MGMT_STATUS_BUSY, /* Role Switch Pending */
189 MGMT_STATUS_FAILED, /* Slot Violation */
190 MGMT_STATUS_FAILED, /* Role Switch Failed */
191 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
192 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
193 MGMT_STATUS_BUSY, /* Host Busy Pairing */
194 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
195 MGMT_STATUS_BUSY, /* Controller Busy */
196 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
197 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
198 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
199 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
200 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
201};
202
203static u8 mgmt_status(u8 hci_status)
204{
205 if (hci_status < ARRAY_SIZE(mgmt_status_table))
206 return mgmt_status_table[hci_status];
207
208 return MGMT_STATUS_FAILED;
209}
210
4e51eae9 211static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 212{
213 struct sk_buff *skb;
214 struct mgmt_hdr *hdr;
215 struct mgmt_ev_cmd_status *ev;
56b7d137 216 int err;
f7b64e69 217
34eb525c 218 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 219
790eff44 220 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 221 if (!skb)
222 return -ENOMEM;
223
224 hdr = (void *) skb_put(skb, sizeof(*hdr));
225
dcf4adbf 226 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 227 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 228 hdr->len = cpu_to_le16(sizeof(*ev));
229
230 ev = (void *) skb_put(skb, sizeof(*ev));
231 ev->status = status;
eb55ef07 232 ev->opcode = cpu_to_le16(cmd);
f7b64e69 233
56b7d137
GP		 234 err = sock_queue_rcv_skb(sk, skb);
235 if (err < 0)
f7b64e69
JH		 236 kfree_skb(skb);
237
56b7d137 238 return err;
f7b64e69
JH		 239}
240
aee9b218 241static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 242 void *rp, size_t rp_len)
02d98129
JH		 243{
244 struct sk_buff *skb;
245 struct mgmt_hdr *hdr;
246 struct mgmt_ev_cmd_complete *ev;
56b7d137 247 int err;
02d98129
JH		 248
249 BT_DBG("sock %p", sk);
250
790eff44 251 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 252 if (!skb)
253 return -ENOMEM;
254
255 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 256
dcf4adbf 257 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 258 hdr->index = cpu_to_le16(index);
a38528f1 259 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 260
a38528f1 261 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 262 ev->opcode = cpu_to_le16(cmd);
aee9b218 263 ev->status = status;
8020c16a
SJ		 264
265 if (rp)
266 memcpy(ev->data, rp, rp_len);
02d98129 267
56b7d137
GP		 268 err = sock_queue_rcv_skb(sk, skb);
269 if (err < 0)
02d98129
JH		 270 kfree_skb(skb);
271
e5f0e151 272 return err;
02d98129
JH		 273}
274
04124681
GP		 275static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
276 u16 data_len)
a38528f1
JH		 277{
278 struct mgmt_rp_read_version rp;
279
280 BT_DBG("sock %p", sk);
281
282 rp.version = MGMT_VERSION;
dcf4adbf 283 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 284
aee9b218 285 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 286 sizeof(rp));
a38528f1
JH		 287}
288
04124681
GP		 289static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
290 u16 data_len)
e70bb2e8
JH		 291{
292 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 293 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
294 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 295 __le16 *opcode;
e70bb2e8
JH		 296 size_t rp_size;
297 int i, err;
298
299 BT_DBG("sock %p", sk);
300
301 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
302
303 rp = kmalloc(rp_size, GFP_KERNEL);
304 if (!rp)
305 return -ENOMEM;
306
dcf4adbf
JP		 307 rp->num_commands = cpu_to_le16(num_commands);
308 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 309
310 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
311 put_unaligned_le16(mgmt_commands[i], opcode);
312
313 for (i = 0; i < num_events; i++, opcode++)
314 put_unaligned_le16(mgmt_events[i], opcode);
315
aee9b218 316 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 317 rp_size);
e70bb2e8
JH		 318 kfree(rp);
319
320 return err;
321}
322
04124681
GP		 323static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
324 u16 data_len)
faba42eb 325{
faba42eb 326 struct mgmt_rp_read_index_list *rp;
8035ded4 327 struct hci_dev *d;
a38528f1 328 size_t rp_len;
faba42eb 329 u16 count;
476e44cb 330 int err;
faba42eb
JH		 331
332 BT_DBG("sock %p", sk);
333
334 read_lock(&hci_dev_list_lock);
335
336 count = 0;
bb4b2a9a 337 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 338 if (d->dev_type == HCI_BREDR)
339 count++;
faba42eb
JH		 340 }
341
a38528f1
JH		 342 rp_len = sizeof(*rp) + (2 * count);
343 rp = kmalloc(rp_len, GFP_ATOMIC);
344 if (!rp) {
b2c60d42 345 read_unlock(&hci_dev_list_lock);
faba42eb 346 return -ENOMEM;
b2c60d42 347 }
faba42eb 348
476e44cb 349 count = 0;
8035ded4 350 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 351 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 352 continue;
353
0736cfa8
MH		 354 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
355 continue;
356
4a964404 357 if (test_bit(HCI_UNCONFIGURED, &d->dev_flags))
fee746b0
MH		 358 continue;
359
1514b892
MH		 360 if (d->dev_type == HCI_BREDR) {
361 rp->index[count++] = cpu_to_le16(d->id);
362 BT_DBG("Added hci%u", d->id);
363 }
faba42eb
JH		 364 }
365
476e44cb
JH		 366 rp->num_controllers = cpu_to_le16(count);
367 rp_len = sizeof(*rp) + (2 * count);
368
faba42eb
JH		 369 read_unlock(&hci_dev_list_lock);
370
aee9b218 371 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 372 rp_len);
faba42eb 373
a38528f1
JH		 374 kfree(rp);
375
376 return err;
faba42eb
JH		 377}
378
69ab39ea
JH		 379static u32 get_supported_settings(struct hci_dev *hdev)
380{
381 u32 settings = 0;
382
383 settings |= MGMT_SETTING_POWERED;
69ab39ea 384 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 385 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 386
ed3fa31f 387 if (lmp_bredr_capable(hdev)) {
33c525c0 388 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 389 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
390 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 391 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 392 settings |= MGMT_SETTING_BREDR;
393 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 394
395 if (lmp_ssp_capable(hdev)) {
396 settings |= MGMT_SETTING_SSP;
397 settings |= MGMT_SETTING_HS;
398 }
e98d2ce2 399
5afeac14 400 if (lmp_sc_capable(hdev) ||
111902f7 401 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 402 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 403 }
d7b7e796 404
eeca6f89 405 if (lmp_le_capable(hdev)) {
9d42820f 406 settings |= MGMT_SETTING_LE;
eeca6f89 407 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 408 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 409 }
69ab39ea
JH		 410
411 return settings;
412}
413
414static u32 get_current_settings(struct hci_dev *hdev)
415{
416 u32 settings = 0;
417
f1f0eb02 418 if (hdev_is_powered(hdev))
f0d4b78a
MH		 419 settings |= MGMT_SETTING_POWERED;
420
5e5282bb 421 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 422 settings |= MGMT_SETTING_CONNECTABLE;
423
1a4d3c4b
JH		 424 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
425 settings |= MGMT_SETTING_FAST_CONNECTABLE;
426
5e5282bb 427 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 428 settings |= MGMT_SETTING_DISCOVERABLE;
429
a8b2d5c2 430 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 431 settings |= MGMT_SETTING_PAIRABLE;
432
56f87901 433 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 434 settings |= MGMT_SETTING_BREDR;
435
06199cf8 436 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 437 settings |= MGMT_SETTING_LE;
438
47990ea0 439 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 440 settings |= MGMT_SETTING_LINK_SECURITY;
441
84bde9d6 442 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 443 settings |= MGMT_SETTING_SSP;
444
6d80dfd0
JH		 445 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
446 settings |= MGMT_SETTING_HS;
447
f3d3444a 448 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 449 settings |= MGMT_SETTING_ADVERTISING;
450
e98d2ce2
MH		 451 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
452 settings |= MGMT_SETTING_SECURE_CONN;
453
0663b297 454 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 455 settings |= MGMT_SETTING_DEBUG_KEYS;
456
0f4bd942
JH		 457 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
458 settings |= MGMT_SETTING_PRIVACY;
459
69ab39ea
JH		 460 return settings;
461}
462
ef580372
JH		 463#define PNP_INFO_SVCLASS_ID 0x1200
464
213202ed
JH		 465static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
466{
467 u8 *ptr = data, *uuids_start = NULL;
468 struct bt_uuid *uuid;
469
470 if (len < 4)
471 return ptr;
472
473 list_for_each_entry(uuid, &hdev->uuids, list) {
474 u16 uuid16;
475
476 if (uuid->size != 16)
477 continue;
478
479 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
480 if (uuid16 < 0x1100)
481 continue;
482
483 if (uuid16 == PNP_INFO_SVCLASS_ID)
484 continue;
485
486 if (!uuids_start) {
487 uuids_start = ptr;
488 uuids_start[0] = 1;
489 uuids_start[1] = EIR_UUID16_ALL;
490 ptr += 2;
491 }
492
493 /* Stop if not enough space to put next UUID */
494 if ((ptr - data) + sizeof(u16) > len) {
495 uuids_start[1] = EIR_UUID16_SOME;
496 break;
497 }
498
499 *ptr++ = (uuid16 & 0x00ff);
500 *ptr++ = (uuid16 & 0xff00) >> 8;
501 uuids_start[0] += sizeof(uuid16);
502 }
503
504 return ptr;
505}
506
cdf1963f
JH		 507static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
508{
509 u8 *ptr = data, *uuids_start = NULL;
510 struct bt_uuid *uuid;
511
512 if (len < 6)
513 return ptr;
514
515 list_for_each_entry(uuid, &hdev->uuids, list) {
516 if (uuid->size != 32)
517 continue;
518
519 if (!uuids_start) {
520 uuids_start = ptr;
521 uuids_start[0] = 1;
522 uuids_start[1] = EIR_UUID32_ALL;
523 ptr += 2;
524 }
525
526 /* Stop if not enough space to put next UUID */
527 if ((ptr - data) + sizeof(u32) > len) {
528 uuids_start[1] = EIR_UUID32_SOME;
529 break;
530 }
531
532 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
533 ptr += sizeof(u32);
534 uuids_start[0] += sizeof(u32);
535 }
536
537 return ptr;
538}
539
c00d575b
JH		 540static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
541{
542 u8 *ptr = data, *uuids_start = NULL;
543 struct bt_uuid *uuid;
544
545 if (len < 18)
546 return ptr;
547
548 list_for_each_entry(uuid, &hdev->uuids, list) {
549 if (uuid->size != 128)
550 continue;
551
552 if (!uuids_start) {
553 uuids_start = ptr;
554 uuids_start[0] = 1;
555 uuids_start[1] = EIR_UUID128_ALL;
556 ptr += 2;
557 }
558
559 /* Stop if not enough space to put next UUID */
560 if ((ptr - data) + 16 > len) {
561 uuids_start[1] = EIR_UUID128_SOME;
562 break;
563 }
564
565 memcpy(ptr, uuid->uuid, 16);
566 ptr += 16;
567 uuids_start[0] += 16;
568 }
569
570 return ptr;
571}
572
eb2a8d20
JH		 573static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
574{
575 struct pending_cmd *cmd;
576
577 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
578 if (cmd->opcode == opcode)
579 return cmd;
580 }
581
582 return NULL;
583}
584
95868426
JH		 585static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
586 struct hci_dev *hdev,
587 const void *data)
588{
589 struct pending_cmd *cmd;
590
591 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
592 if (cmd->user_data != data)
593 continue;
594 if (cmd->opcode == opcode)
595 return cmd;
596 }
597
598 return NULL;
599}
600
f14d8f64
MH		 601static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
602{
7a5f4990
MH		 603 u8 ad_len = 0;
604 size_t name_len;
605
606 name_len = strlen(hdev->dev_name);
607 if (name_len > 0) {
608 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
609
610 if (name_len > max_len) {
611 name_len = max_len;
612 ptr[1] = EIR_NAME_SHORT;
613 } else
614 ptr[1] = EIR_NAME_COMPLETE;
615
616 ptr[0] = name_len + 1;
617
618 memcpy(ptr + 2, hdev->dev_name, name_len);
619
620 ad_len += (name_len + 2);
621 ptr += (name_len + 2);
622 }
623
624 return ad_len;
f14d8f64
MH		 625}
626
627static void update_scan_rsp_data(struct hci_request *req)
628{
629 struct hci_dev *hdev = req->hdev;
630 struct hci_cp_le_set_scan_rsp_data cp;
631 u8 len;
632
7751ef1b 633 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 634 return;
635
636 memset(&cp, 0, sizeof(cp));
637
638 len = create_scan_rsp_data(hdev, cp.data);
639
eb438b5f
JH		 640 if (hdev->scan_rsp_data_len == len &&
641 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 642 return;
643
eb438b5f
JH		 644 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
645 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 646
647 cp.length = len;
648
649 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
650}
651
9a43e25f
JH		 652static u8 get_adv_discov_flags(struct hci_dev *hdev)
653{
654 struct pending_cmd *cmd;
655
656 /* If there's a pending mgmt command the flags will not yet have
657 * their final values, so check for this first.
658 */
659 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
660 if (cmd) {
661 struct mgmt_mode *cp = cmd->param;
662 if (cp->val == 0x01)
663 return LE_AD_GENERAL;
664 else if (cp->val == 0x02)
665 return LE_AD_LIMITED;
666 } else {
667 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
668 return LE_AD_LIMITED;
669 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
670 return LE_AD_GENERAL;
671 }
672
673 return 0;
674}
675
46cad2ed 676static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 677{
678 u8 ad_len = 0, flags = 0;
441ad2d0 679
9a43e25f 680 flags |= get_adv_discov_flags(hdev);
441ad2d0 681
e834004b 682 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 683 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 684
685 if (flags) {
686 BT_DBG("adv flags 0x%02x", flags);
687
688 ptr[0] = 2;
689 ptr[1] = EIR_FLAGS;
690 ptr[2] = flags;
691
692 ad_len += 3;
693 ptr += 3;
694 }
695
696 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
697 ptr[0] = 2;
698 ptr[1] = EIR_TX_POWER;
699 ptr[2] = (u8) hdev->adv_tx_power;
700
701 ad_len += 3;
702 ptr += 3;
703 }
704
441ad2d0
MH		 705 return ad_len;
706}
707
5947f4bc 708static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 709{
710 struct hci_dev *hdev = req->hdev;
711 struct hci_cp_le_set_adv_data cp;
712 u8 len;
713
10994ce6 714 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 715 return;
716
717 memset(&cp, 0, sizeof(cp));
718
46cad2ed 719 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 720
721 if (hdev->adv_data_len == len &&
722 memcmp(cp.data, hdev->adv_data, len) == 0)
723 return;
724
725 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
726 hdev->adv_data_len = len;
727
728 cp.length = len;
729
730 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
731}
732
ef580372
JH		 733static void create_eir(struct hci_dev *hdev, u8 *data)
734{
735 u8 *ptr = data;
ef580372
JH		 736 size_t name_len;
737
738 name_len = strlen(hdev->dev_name);
739
740 if (name_len > 0) {
741 /* EIR Data type */
742 if (name_len > 48) {
743 name_len = 48;
744 ptr[1] = EIR_NAME_SHORT;
745 } else
746 ptr[1] = EIR_NAME_COMPLETE;
747
748 /* EIR Data length */
749 ptr[0] = name_len + 1;
750
751 memcpy(ptr + 2, hdev->dev_name, name_len);
752
ef580372
JH		 753 ptr += (name_len + 2);
754 }
755
bbaf444a 756 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 757 ptr[0] = 2;
758 ptr[1] = EIR_TX_POWER;
759 ptr[2] = (u8) hdev->inq_tx_power;
760
91c4e9b1
MH		 761 ptr += 3;
762 }
763
2b9be137
MH		 764 if (hdev->devid_source > 0) {
765 ptr[0] = 9;
766 ptr[1] = EIR_DEVICE_ID;
767
768 put_unaligned_le16(hdev->devid_source, ptr + 2);
769 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
770 put_unaligned_le16(hdev->devid_product, ptr + 6);
771 put_unaligned_le16(hdev->devid_version, ptr + 8);
772
2b9be137
MH		 773 ptr += 10;
774 }
775
213202ed 776 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 777 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 778 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 779}
780
890ea898 781static void update_eir(struct hci_request *req)
ef580372 782{
890ea898 783 struct hci_dev *hdev = req->hdev;
ef580372
JH		 784 struct hci_cp_write_eir cp;
785
504c8dcd 786 if (!hdev_is_powered(hdev))
890ea898 787 return;
7770c4aa 788
976eb20e 789 if (!lmp_ext_inq_capable(hdev))
890ea898 790 return;
ef580372 791
84bde9d6 792 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 793 return;
ef580372 794
a8b2d5c2 795 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 796 return;
ef580372
JH		 797
798 memset(&cp, 0, sizeof(cp));
799
800 create_eir(hdev, cp.data);
801
802 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 803 return;
ef580372
JH		 804
805 memcpy(hdev->eir, cp.data, sizeof(cp.data));
806
890ea898 807 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 808}
809
810static u8 get_service_classes(struct hci_dev *hdev)
811{
812 struct bt_uuid *uuid;
813 u8 val = 0;
814
815 list_for_each_entry(uuid, &hdev->uuids, list)
816 val |= uuid->svc_hint;
817
818 return val;
819}
820
890ea898 821static void update_class(struct hci_request *req)
ef580372 822{
890ea898 823 struct hci_dev *hdev = req->hdev;
ef580372
JH		 824 u8 cod[3];
825
826 BT_DBG("%s", hdev->name);
827
504c8dcd 828 if (!hdev_is_powered(hdev))
890ea898 829 return;
7770c4aa 830
f87ea1da
JH		 831 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
832 return;
833
a8b2d5c2 834 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 835 return;
ef580372
JH		 836
837 cod[0] = hdev->minor_class;
838 cod[1] = hdev->major_class;
839 cod[2] = get_service_classes(hdev);
840
6acd7db4
MH		 841 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
842 cod[1] |= 0x20;
843
ef580372 844 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 845 return;
ef580372 846
890ea898 847 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 848}
849
a4858cb9 850static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 851{
852 struct pending_cmd *cmd;
199a2fb1
JH		 853
854 /* If there's a pending mgmt command the flag will not yet have
855 * it's final value, so check for this first.
856 */
857 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
858 if (cmd) {
859 struct mgmt_mode *cp = cmd->param;
a4858cb9 860 return cp->val;
199a2fb1
JH		 861 }
862
a4858cb9 863 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 864}
865
866static void enable_advertising(struct hci_request *req)
867{
868 struct hci_dev *hdev = req->hdev;
869 struct hci_cp_le_set_adv_param cp;
8f2a0601 870 u8 own_addr_type, enable = 0x01;
a4858cb9 871 bool connectable;
199a2fb1 872
8d97250e
JH		 873 /* Clear the HCI_ADVERTISING bit temporarily so that the
874 * hci_update_random_address knows that it's safe to go ahead
875 * and write a new random address. The flag will be set back on
876 * as soon as the SET_ADV_ENABLE HCI command completes.
877 */
878 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
879
a4858cb9 880 connectable = get_connectable(hdev);
8f2a0601 881
a4858cb9
JH		 882 /* Set require_privacy to true only when non-connectable
883 * advertising is used. In that case it is fine to use a
884 * non-resolvable private address.
885 */
886 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 887 return;
888
41c90c18 889 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 890 cp.min_interval = cpu_to_le16(0x0800);
891 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 892 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 893 cp.own_address_type = own_addr_type;
199a2fb1
JH		 894 cp.channel_map = hdev->le_adv_channel_map;
895
896 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
897
898 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
899}
900
901static void disable_advertising(struct hci_request *req)
902{
903 u8 enable = 0x00;
904
905 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
906}
907
7d78525d
JH		 908static void service_cache_off(struct work_struct *work)
909{
910 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 911 service_cache.work);
890ea898 912 struct hci_request req;
7d78525d 913
a8b2d5c2 914 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 915 return;
916
890ea898
JH		 917 hci_req_init(&req, hdev);
918
7d78525d
JH		 919 hci_dev_lock(hdev);
920
890ea898
JH		 921 update_eir(&req);
922 update_class(&req);
7d78525d
JH		 923
924 hci_dev_unlock(hdev);
890ea898
JH		 925
926 hci_req_run(&req, NULL);
7d78525d
JH		 927}
928
d6bfd59c
JH		 929static void rpa_expired(struct work_struct *work)
930{
931 struct hci_dev *hdev = container_of(work, struct hci_dev,
932 rpa_expired.work);
933 struct hci_request req;
934
935 BT_DBG("");
936
937 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
938
939 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
940 hci_conn_num(hdev, LE_LINK) > 0)
941 return;
942
943 /* The generation of a new RPA and programming it into the
944 * controller happens in the enable_advertising() function.
945 */
946
947 hci_req_init(&req, hdev);
948
949 disable_advertising(&req);
950 enable_advertising(&req);
951
952 hci_req_run(&req, NULL);
953}
954
6a919082 955static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 956{
4f87da80 957 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 958 return;
959
4f87da80 960 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 961 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 962
4f87da80
JH		 963 /* Non-mgmt controlled devices get this bit set
964 * implicitly so that pairing works for them, however
965 * for mgmt we require user-space to explicitly enable
966 * it
967 */
968 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 969}
970
0f4e68cf 971static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 972 void *data, u16 data_len)
0381101f 973{
a38528f1 974 struct mgmt_rp_read_info rp;
f7b64e69 975
bdb6d971 976 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 977
09fd0de5 978 hci_dev_lock(hdev);
f7b64e69 979
dc4fe30b
JH		 980 memset(&rp, 0, sizeof(rp));
981
69ab39ea 982 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 983
69ab39ea 984 rp.version = hdev->hci_ver;
eb55ef07 985 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 986
987 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
988 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 989
a38528f1 990 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 991
dc4fe30b 992 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 993 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 994
09fd0de5 995 hci_dev_unlock(hdev);
0381101f 996
bdb6d971 997 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 998 sizeof(rp));
0381101f
JH		 999}
1000
eec8d2bc
JH		 1001static void mgmt_pending_free(struct pending_cmd *cmd)
1002{
1003 sock_put(cmd->sk);
c68fb7ff 1004 kfree(cmd->param);
eec8d2bc
JH		 1005 kfree(cmd);
1006}
1007
366a0336 1008static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1009 struct hci_dev *hdev, void *data,
1010 u16 len)
eec8d2bc
JH		 1011{
1012 struct pending_cmd *cmd;
1013
fca20018 1014 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1015 if (!cmd)
366a0336 1016 return NULL;
eec8d2bc
JH		 1017
1018 cmd->opcode = opcode;
2e58ef3e 1019 cmd->index = hdev->id;
eec8d2bc 1020
12b94565 1021 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1022 if (!cmd->param) {
eec8d2bc 1023 kfree(cmd);
366a0336 1024 return NULL;
eec8d2bc
JH		 1025 }
1026
8fce6357
SJ		 1027 if (data)
1028 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1029
1030 cmd->sk = sk;
1031 sock_hold(sk);
1032
2e58ef3e 1033 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1034
366a0336 1035 return cmd;
eec8d2bc
JH		 1036}
1037
744cf19e 1038static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1039 void (*cb)(struct pending_cmd *cmd,
1040 void *data),
04124681 1041 void *data)
eec8d2bc 1042{
a3d09356 1043 struct pending_cmd *cmd, *tmp;
eec8d2bc 1044
a3d09356 1045 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1046 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1047 continue;
1048
eec8d2bc
JH		 1049 cb(cmd, data);
1050 }
1051}
1052
a664b5bc 1053static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1054{
73f22f62
JH		 1055 list_del(&cmd->list);
1056 mgmt_pending_free(cmd);
1057}
1058
69ab39ea 1059static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1060{
69ab39ea 1061 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1062
aee9b218 1063 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1064 sizeof(settings));
8680570b
JH		 1065}
1066
8b064a3a
JH		 1067static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1068{
1069 BT_DBG("%s status 0x%02x", hdev->name, status);
1070
a3172b7e
JH		 1071 if (hci_conn_count(hdev) == 0) {
1072 cancel_delayed_work(&hdev->power_off);
8b064a3a 1073 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1074 }
8b064a3a
JH		 1075}
1076
21a60d30
JH		 1077static void hci_stop_discovery(struct hci_request *req)
1078{
1079 struct hci_dev *hdev = req->hdev;
1080 struct hci_cp_remote_name_req_cancel cp;
1081 struct inquiry_entry *e;
1082
1083 switch (hdev->discovery.state) {
1084 case DISCOVERY_FINDING:
1085 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1086 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1087 } else {
1088 cancel_delayed_work(&hdev->le_scan_disable);
1089 hci_req_add_le_scan_disable(req);
1090 }
1091
1092 break;
1093
1094 case DISCOVERY_RESOLVING:
1095 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1096 NAME_PENDING);
1097 if (!e)
1098 return;
1099
1100 bacpy(&cp.bdaddr, &e->data.bdaddr);
1101 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1102 &cp);
1103
1104 break;
1105
1106 default:
1107 /* Passive scanning */
1108 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1109 hci_req_add_le_scan_disable(req);
1110 break;
1111 }
1112}
1113
8b064a3a
JH		 1114static int clean_up_hci_state(struct hci_dev *hdev)
1115{
1116 struct hci_request req;
1117 struct hci_conn *conn;
1118
1119 hci_req_init(&req, hdev);
1120
1121 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1122 test_bit(HCI_PSCAN, &hdev->flags)) {
1123 u8 scan = 0x00;
1124 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1125 }
1126
1127 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1128 disable_advertising(&req);
1129
f8680f12 1130 hci_stop_discovery(&req);
8b064a3a
JH		 1131
1132 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1133 struct hci_cp_disconnect dc;
c9910d0f
JH		 1134 struct hci_cp_reject_conn_req rej;
1135
1136 switch (conn->state) {
1137 case BT_CONNECTED:
1138 case BT_CONFIG:
1139 dc.handle = cpu_to_le16(conn->handle);
1140 dc.reason = 0x15; /* Terminated due to Power Off */
1141 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1142 break;
1143 case BT_CONNECT:
1144 if (conn->type == LE_LINK)
1145 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1146 0, NULL);
1147 else if (conn->type == ACL_LINK)
1148 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1149 6, &conn->dst);
1150 break;
1151 case BT_CONNECT2:
1152 bacpy(&rej.bdaddr, &conn->dst);
1153 rej.reason = 0x15; /* Terminated due to Power Off */
1154 if (conn->type == ACL_LINK)
1155 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1156 sizeof(rej), &rej);
1157 else if (conn->type == SCO_LINK)
1158 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1159 sizeof(rej), &rej);
1160 break;
1161 }
8b064a3a
JH		 1162 }
1163
1164 return hci_req_run(&req, clean_up_hci_complete);
1165}
1166
bdb6d971 1167static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1168 u16 len)
eec8d2bc 1169{
650f726d 1170 struct mgmt_mode *cp = data;
366a0336 1171 struct pending_cmd *cmd;
4b34ee78 1172 int err;
eec8d2bc 1173
bdb6d971 1174 BT_DBG("request for %s", hdev->name);
eec8d2bc 1175
a7e80f25
JH		 1176 if (cp->val != 0x00 && cp->val != 0x01)
1177 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1178 MGMT_STATUS_INVALID_PARAMS);
1179
09fd0de5 1180 hci_dev_lock(hdev);
eec8d2bc 1181
87b95ba6
JH		 1182 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1183 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1184 MGMT_STATUS_BUSY);
1185 goto failed;
1186 }
1187
f0d4b78a
MH		 1188 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1189 cancel_delayed_work(&hdev->power_off);
1190
1191 if (cp->val) {
a1d70450
JH		 1192 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1193 data, len);
1194 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1195 goto failed;
1196 }
1197 }
1198
4b34ee78 1199 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1200 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1201 goto failed;
1202 }
1203
2e58ef3e 1204 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1205 if (!cmd) {
1206 err = -ENOMEM;
eec8d2bc 1207 goto failed;
366a0336 1208 }
eec8d2bc 1209
8b064a3a 1210 if (cp->val) {
19202573 1211 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1212 err = 0;
1213 } else {
1214 /* Disconnect connections, stop scans, etc */
1215 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1216 if (!err)
1217 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1218 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1219
8b064a3a
JH		 1220 /* ENODATA means there were no HCI commands queued */
1221 if (err == -ENODATA) {
a3172b7e 1222 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1223 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1224 err = 0;
1225 }
1226 }
eec8d2bc
JH		 1227
1228failed:
09fd0de5 1229 hci_dev_unlock(hdev);
366a0336 1230 return err;
eec8d2bc
JH		 1231}
1232
04124681
GP		 1233static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1234 struct sock *skip_sk)
beadb2bd
JH		 1235{
1236 struct sk_buff *skb;
1237 struct mgmt_hdr *hdr;
1238
790eff44 1239 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1240 if (!skb)
1241 return -ENOMEM;
1242
1243 hdr = (void *) skb_put(skb, sizeof(*hdr));
1244 hdr->opcode = cpu_to_le16(event);
1245 if (hdev)
1246 hdr->index = cpu_to_le16(hdev->id);
1247 else
dcf4adbf 1248 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1249 hdr->len = cpu_to_le16(data_len);
1250
1251 if (data)
1252 memcpy(skb_put(skb, data_len), data, data_len);
1253
97e0bdeb
MH		 1254 /* Time stamp */
1255 __net_timestamp(skb);
1256
beadb2bd
JH		 1257 hci_send_to_control(skb, skip_sk);
1258 kfree_skb(skb);
1259
1260 return 0;
1261}
1262
1263static int new_settings(struct hci_dev *hdev, struct sock *skip)
1264{
1265 __le32 ev;
1266
1267 ev = cpu_to_le32(get_current_settings(hdev));
1268
1269 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1270}
1271
bd99abdd
JH		 1272struct cmd_lookup {
1273 struct sock *sk;
1274 struct hci_dev *hdev;
1275 u8 mgmt_status;
1276};
1277
1278static void settings_rsp(struct pending_cmd *cmd, void *data)
1279{
1280 struct cmd_lookup *match = data;
1281
1282 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1283
1284 list_del(&cmd->list);
1285
1286 if (match->sk == NULL) {
1287 match->sk = cmd->sk;
1288 sock_hold(match->sk);
1289 }
1290
1291 mgmt_pending_free(cmd);
1292}
1293
1294static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1295{
1296 u8 *status = data;
1297
1298 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1299 mgmt_pending_remove(cmd);
1300}
1301
e6fe7986
JH		 1302static u8 mgmt_bredr_support(struct hci_dev *hdev)
1303{
1304 if (!lmp_bredr_capable(hdev))
1305 return MGMT_STATUS_NOT_SUPPORTED;
1306 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1307 return MGMT_STATUS_REJECTED;
1308 else
1309 return MGMT_STATUS_SUCCESS;
1310}
1311
1312static u8 mgmt_le_support(struct hci_dev *hdev)
1313{
1314 if (!lmp_le_capable(hdev))
1315 return MGMT_STATUS_NOT_SUPPORTED;
1316 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1317 return MGMT_STATUS_REJECTED;
1318 else
1319 return MGMT_STATUS_SUCCESS;
1320}
1321
bfaf8c9f
JH		 1322static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1323{
1324 struct pending_cmd *cmd;
1325 struct mgmt_mode *cp;
970ba524 1326 struct hci_request req;
bfaf8c9f
JH		 1327 bool changed;
1328
1329 BT_DBG("status 0x%02x", status);
1330
1331 hci_dev_lock(hdev);
1332
1333 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1334 if (!cmd)
1335 goto unlock;
1336
1337 if (status) {
1338 u8 mgmt_err = mgmt_status(status);
1339 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1340 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1341 goto remove_cmd;
1342 }
1343
1344 cp = cmd->param;
d4462a07 1345 if (cp->val) {
bfaf8c9f
JH		 1346 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1347 &hdev->dev_flags);
d4462a07
MH		 1348
1349 if (hdev->discov_timeout > 0) {
1350 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1351 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1352 to);
1353 }
1354 } else {
bfaf8c9f
JH		 1355 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1356 &hdev->dev_flags);
d4462a07 1357 }
bfaf8c9f
JH		 1358
1359 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1360
1361 if (changed)
1362 new_settings(hdev, cmd->sk);
1363
970ba524
MH		 1364 /* When the discoverable mode gets changed, make sure
1365 * that class of device has the limited discoverable
1366 * bit correctly set.
1367 */
1368 hci_req_init(&req, hdev);
1369 update_class(&req);
1370 hci_req_run(&req, NULL);
1371
bfaf8c9f
JH		 1372remove_cmd:
1373 mgmt_pending_remove(cmd);
1374
1375unlock:
1376 hci_dev_unlock(hdev);
1377}
1378
bdb6d971 1379static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1380 u16 len)
73f22f62 1381{
650f726d 1382 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1383 struct pending_cmd *cmd;
bfaf8c9f 1384 struct hci_request req;
5e5282bb 1385 u16 timeout;
9a43e25f 1386 u8 scan;
73f22f62
JH		 1387 int err;
1388
bdb6d971 1389 BT_DBG("request for %s", hdev->name);
73f22f62 1390
9a43e25f
JH		 1391 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1392 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1393 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1394 MGMT_STATUS_REJECTED);
33c525c0 1395
310a3d48 1396 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1397 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1398 MGMT_STATUS_INVALID_PARAMS);
1399
1f350c87 1400 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1401
1402 /* Disabling discoverable requires that no timeout is set,
1403 * and enabling limited discoverable requires a timeout.
1404 */
1405 if ((cp->val == 0x00 && timeout > 0) ||
1406 (cp->val == 0x02 && timeout == 0))
bdb6d971 1407 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1408 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1409
09fd0de5 1410 hci_dev_lock(hdev);
73f22f62 1411
5e5282bb 1412 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1413 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1414 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1415 goto failed;
1416 }
1417
2e58ef3e 1418 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1419 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1420 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1421 MGMT_STATUS_BUSY);
73f22f62
JH		 1422 goto failed;
1423 }
1424
5e5282bb 1425 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1426 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1427 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1428 goto failed;
1429 }
1430
1431 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1432 bool changed = false;
1433
310a3d48
MH		 1434 /* Setting limited discoverable when powered off is
1435 * not a valid operation since it requires a timeout
1436 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1437 */
0224d2fa
JH		 1438 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1439 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1440 changed = true;
1441 }
1442
5e5282bb 1443 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1444 if (err < 0)
1445 goto failed;
1446
1447 if (changed)
1448 err = new_settings(hdev, sk);
1449
5e5282bb
JH		 1450 goto failed;
1451 }
1452
310a3d48
MH		 1453 /* If the current mode is the same, then just update the timeout
1454 * value with the new value. And if only the timeout gets updated,
1455 * then no need for any HCI transactions.
1456 */
1457 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1458 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1459 &hdev->dev_flags)) {
36261547
MH		 1460 cancel_delayed_work(&hdev->discov_off);
1461 hdev->discov_timeout = timeout;
955638ec 1462
36261547
MH		 1463 if (cp->val && hdev->discov_timeout > 0) {
1464 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1465 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1466 to);
955638ec
MH		 1467 }
1468
69ab39ea 1469 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1470 goto failed;
1471 }
1472
2e58ef3e 1473 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1474 if (!cmd) {
1475 err = -ENOMEM;
73f22f62 1476 goto failed;
366a0336 1477 }
73f22f62 1478
310a3d48
MH		 1479 /* Cancel any potential discoverable timeout that might be
1480 * still active and store new timeout value. The arming of
1481 * the timeout happens in the complete handler.
1482 */
1483 cancel_delayed_work(&hdev->discov_off);
1484 hdev->discov_timeout = timeout;
1485
b456f87c
JH		 1486 /* Limited discoverable mode */
1487 if (cp->val == 0x02)
1488 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1489 else
1490 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1491
bfaf8c9f
JH		 1492 hci_req_init(&req, hdev);
1493
9a43e25f
JH		 1494 /* The procedure for LE-only controllers is much simpler - just
1495 * update the advertising data.
1496 */
1497 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1498 goto update_ad;
1499
73f22f62
JH		 1500 scan = SCAN_PAGE;
1501
310a3d48
MH		 1502 if (cp->val) {
1503 struct hci_cp_write_current_iac_lap hci_cp;
1504
1505 if (cp->val == 0x02) {
1506 /* Limited discoverable mode */
33337dcb 1507 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1508 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1509 hci_cp.iac_lap[1] = 0x8b;
1510 hci_cp.iac_lap[2] = 0x9e;
1511 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1512 hci_cp.iac_lap[4] = 0x8b;
1513 hci_cp.iac_lap[5] = 0x9e;
1514 } else {
1515 /* General discoverable mode */
310a3d48
MH		 1516 hci_cp.num_iac = 1;
1517 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1518 hci_cp.iac_lap[1] = 0x8b;
1519 hci_cp.iac_lap[2] = 0x9e;
1520 }
1521
1522 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1523 (hci_cp.num_iac * 3) + 1, &hci_cp);
1524
73f22f62 1525 scan |= SCAN_INQUIRY;
310a3d48
MH		 1526 } else {
1527 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1528 }
73f22f62 1529
310a3d48 1530 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1531
9a43e25f
JH		 1532update_ad:
1533 update_adv_data(&req);
1534
bfaf8c9f 1535 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1536 if (err < 0)
a664b5bc 1537 mgmt_pending_remove(cmd);
73f22f62
JH		 1538
1539failed:
09fd0de5 1540 hci_dev_unlock(hdev);
73f22f62
JH		 1541 return err;
1542}
1543
406d7804
JH		 1544static void write_fast_connectable(struct hci_request *req, bool enable)
1545{
bd98b996 1546 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1547 struct hci_cp_write_page_scan_activity acp;
1548 u8 type;
1549
547003b1
JH		 1550 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1551 return;
1552
4c01f8b8
JH		 1553 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1554 return;
1555
406d7804
JH		 1556 if (enable) {
1557 type = PAGE_SCAN_TYPE_INTERLACED;
1558
1559 /* 160 msec page scan interval */
dcf4adbf 1560 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1561 } else {
1562 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1563
1564 /* default 1.28 sec page scan */
dcf4adbf 1565 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1566 }
1567
dcf4adbf 1568 acp.window = cpu_to_le16(0x0012);
406d7804 1569
bd98b996
JH		 1570 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1571 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1572 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1573 sizeof(acp), &acp);
1574
1575 if (hdev->page_scan_type != type)
1576 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1577}
1578
2b76f453
JH		 1579static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1580{
1581 struct pending_cmd *cmd;
d7b856f9
JH		 1582 struct mgmt_mode *cp;
1583 bool changed;
2b76f453
JH		 1584
1585 BT_DBG("status 0x%02x", status);
1586
1587 hci_dev_lock(hdev);
1588
1589 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1590 if (!cmd)
1591 goto unlock;
1592
37438c1f
JH		 1593 if (status) {
1594 u8 mgmt_err = mgmt_status(status);
1595 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1596 goto remove_cmd;
1597 }
1598
d7b856f9
JH		 1599 cp = cmd->param;
1600 if (cp->val)
1601 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1602 else
1603 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1604
2b76f453
JH		 1605 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1606
d7b856f9
JH		 1607 if (changed)
1608 new_settings(hdev, cmd->sk);
1609
37438c1f 1610remove_cmd:
2b76f453
JH		 1611 mgmt_pending_remove(cmd);
1612
1613unlock:
1614 hci_dev_unlock(hdev);
1615}
1616
e8ba3a1f
JH		 1617static int set_connectable_update_settings(struct hci_dev *hdev,
1618 struct sock *sk, u8 val)
1619{
1620 bool changed = false;
1621 int err;
1622
1623 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1624 changed = true;
1625
1626 if (val) {
1627 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1628 } else {
1629 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1630 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1631 }
1632
1633 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1634 if (err < 0)
1635 return err;
1636
1637 if (changed)
1638 return new_settings(hdev, sk);
1639
1640 return 0;
1641}
1642
bdb6d971 1643static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1644 u16 len)
9fbcbb45 1645{
650f726d 1646 struct mgmt_mode *cp = data;
366a0336 1647 struct pending_cmd *cmd;
2b76f453 1648 struct hci_request req;
1987fdc7 1649 u8 scan;
9fbcbb45
JH		 1650 int err;
1651
bdb6d971 1652 BT_DBG("request for %s", hdev->name);
9fbcbb45 1653
1987fdc7
JH		 1654 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1655 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1656 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1657 MGMT_STATUS_REJECTED);
33c525c0 1658
a7e80f25
JH		 1659 if (cp->val != 0x00 && cp->val != 0x01)
1660 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1661 MGMT_STATUS_INVALID_PARAMS);
1662
09fd0de5 1663 hci_dev_lock(hdev);
9fbcbb45 1664
4b34ee78 1665 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1666 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1667 goto failed;
1668 }
1669
2e58ef3e 1670 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1671 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1672 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1673 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1674 goto failed;
1675 }
1676
2e58ef3e 1677 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1678 if (!cmd) {
1679 err = -ENOMEM;
9fbcbb45 1680 goto failed;
366a0336 1681 }
9fbcbb45 1682
9b74246f 1683 hci_req_init(&req, hdev);
9fbcbb45 1684
9a43e25f
JH		 1685 /* If BR/EDR is not enabled and we disable advertising as a
1686 * by-product of disabling connectable, we need to update the
1687 * advertising flags.
1688 */
1689 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1690 if (!cp->val) {
1691 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1692 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1693 }
1694 update_adv_data(&req);
1695 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1696 if (cp->val) {
1697 scan = SCAN_PAGE;
1698 } else {
1699 scan = 0;
1700
1701 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1702 hdev->discov_timeout > 0)
9b74246f
JH		 1703 cancel_delayed_work(&hdev->discov_off);
1704 }
2b76f453 1705
9b74246f
JH		 1706 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1707 }
2b76f453 1708
4c01f8b8
JH		 1709 /* If we're going from non-connectable to connectable or
1710 * vice-versa when fast connectable is enabled ensure that fast
1711 * connectable gets disabled. write_fast_connectable won't do
1712 * anything if the page scan parameters are already what they
1713 * should be.
1714 */
1715 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1716 write_fast_connectable(&req, false);
1717
1987fdc7
JH		 1718 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1719 hci_conn_num(hdev, LE_LINK) == 0) {
1720 disable_advertising(&req);
1721 enable_advertising(&req);
1722 }
1723
2b76f453 1724 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1725 if (err < 0) {
a664b5bc 1726 mgmt_pending_remove(cmd);
9b74246f 1727 if (err == -ENODATA)
a81070ba
JH		 1728 err = set_connectable_update_settings(hdev, sk,
1729 cp->val);
9b74246f
JH		 1730 goto failed;
1731 }
9fbcbb45
JH		 1732
1733failed:
09fd0de5 1734 hci_dev_unlock(hdev);
9fbcbb45
JH		 1735 return err;
1736}
1737
bdb6d971 1738static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1739 u16 len)
c542a06c 1740{
650f726d 1741 struct mgmt_mode *cp = data;
55594356 1742 bool changed;
c542a06c
JH		 1743 int err;
1744
bdb6d971 1745 BT_DBG("request for %s", hdev->name);
c542a06c 1746
a7e80f25
JH		 1747 if (cp->val != 0x00 && cp->val != 0x01)
1748 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1749 MGMT_STATUS_INVALID_PARAMS);
1750
09fd0de5 1751 hci_dev_lock(hdev);
c542a06c
JH		 1752
1753 if (cp->val)
55594356 1754 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1755 else
55594356 1756 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1757
69ab39ea 1758 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1759 if (err < 0)
55594356 1760 goto unlock;
c542a06c 1761
55594356
MH		 1762 if (changed)
1763 err = new_settings(hdev, sk);
c542a06c 1764
55594356 1765unlock:
09fd0de5 1766 hci_dev_unlock(hdev);
c542a06c
JH		 1767 return err;
1768}
1769
04124681
GP		 1770static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1771 u16 len)
33ef95ed
JH		 1772{
1773 struct mgmt_mode *cp = data;
1774 struct pending_cmd *cmd;
e6fe7986 1775 u8 val, status;
33ef95ed
JH		 1776 int err;
1777
bdb6d971 1778 BT_DBG("request for %s", hdev->name);
33ef95ed 1779
e6fe7986
JH		 1780 status = mgmt_bredr_support(hdev);
1781 if (status)
33c525c0 1782 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1783 status);
33c525c0 1784
a7e80f25
JH		 1785 if (cp->val != 0x00 && cp->val != 0x01)
1786 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1787 MGMT_STATUS_INVALID_PARAMS);
1788
33ef95ed
JH		 1789 hci_dev_lock(hdev);
1790
4b34ee78 1791 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1792 bool changed = false;
1793
1794 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1795 &hdev->dev_flags)) {
47990ea0
JH		 1796 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1797 changed = true;
1798 }
1799
1800 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1801 if (err < 0)
1802 goto failed;
1803
1804 if (changed)
1805 err = new_settings(hdev, sk);
1806
33ef95ed
JH		 1807 goto failed;
1808 }
1809
1810 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1811 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1812 MGMT_STATUS_BUSY);
33ef95ed
JH		 1813 goto failed;
1814 }
1815
1816 val = !!cp->val;
1817
1818 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1819 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1820 goto failed;
1821 }
1822
1823 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1824 if (!cmd) {
1825 err = -ENOMEM;
1826 goto failed;
1827 }
1828
1829 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1830 if (err < 0) {
1831 mgmt_pending_remove(cmd);
1832 goto failed;
1833 }
1834
1835failed:
1836 hci_dev_unlock(hdev);
33ef95ed
JH		 1837 return err;
1838}
1839
bdb6d971 1840static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1841{
1842 struct mgmt_mode *cp = data;
1843 struct pending_cmd *cmd;
72ef0c1a 1844 u8 status;
ed2c4ee3
JH		 1845 int err;
1846
bdb6d971 1847 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1848
cdba5281
MH		 1849 status = mgmt_bredr_support(hdev);
1850 if (status)
1851 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1852
13ecd8b6
JH		 1853 if (!lmp_ssp_capable(hdev))
1854 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1855 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1856
a7e80f25
JH		 1857 if (cp->val != 0x00 && cp->val != 0x01)
1858 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1859 MGMT_STATUS_INVALID_PARAMS);
1860
13ecd8b6 1861 hci_dev_lock(hdev);
6c8f12c1 1862
4b34ee78 1863 if (!hdev_is_powered(hdev)) {
9ecb3e24 1864 bool changed;
c0ecddc2 1865
9ecb3e24
MH		 1866 if (cp->val) {
1867 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1868 &hdev->dev_flags);
1869 } else {
1870 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1871 &hdev->dev_flags);
1872 if (!changed)
1873 changed = test_and_clear_bit(HCI_HS_ENABLED,
1874 &hdev->dev_flags);
1875 else
1876 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1877 }
1878
1879 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1880 if (err < 0)
1881 goto failed;
1882
1883 if (changed)
1884 err = new_settings(hdev, sk);
1885
ed2c4ee3
JH		 1886 goto failed;
1887 }
1888
9ecb3e24
MH		 1889 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1890 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1891 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1892 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1893 goto failed;
1894 }
1895
72ef0c1a 1896 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1897 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1898 goto failed;
1899 }
1900
1901 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1902 if (!cmd) {
1903 err = -ENOMEM;
1904 goto failed;
1905 }
1906
3769972b
JH		 1907 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1908 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1909 sizeof(cp->val), &cp->val);
1910
72ef0c1a 1911 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1912 if (err < 0) {
1913 mgmt_pending_remove(cmd);
1914 goto failed;
1915 }
1916
1917failed:
1918 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1919 return err;
1920}
1921
bdb6d971 1922static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1923{
1924 struct mgmt_mode *cp = data;
ee392693 1925 bool changed;
e6fe7986 1926 u8 status;
ee392693 1927 int err;
6d80dfd0 1928
bdb6d971 1929 BT_DBG("request for %s", hdev->name);
6d80dfd0 1930
e6fe7986
JH		 1931 status = mgmt_bredr_support(hdev);
1932 if (status)
1933 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1934
9ecb3e24
MH		 1935 if (!lmp_ssp_capable(hdev))
1936 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1937 MGMT_STATUS_NOT_SUPPORTED);
1938
1939 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1940 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1941 MGMT_STATUS_REJECTED);
1942
a7e80f25
JH		 1943 if (cp->val != 0x00 && cp->val != 0x01)
1944 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1945 MGMT_STATUS_INVALID_PARAMS);
1946
ee392693
MH		 1947 hci_dev_lock(hdev);
1948
a0cdf960 1949 if (cp->val) {
ee392693 1950 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1951 } else {
1952 if (hdev_is_powered(hdev)) {
1953 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1954 MGMT_STATUS_REJECTED);
1955 goto unlock;
1956 }
1957
ee392693 1958 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1959 }
ee392693
MH		 1960
1961 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1962 if (err < 0)
1963 goto unlock;
1964
1965 if (changed)
1966 err = new_settings(hdev, sk);
6d80dfd0 1967
ee392693
MH		 1968unlock:
1969 hci_dev_unlock(hdev);
1970 return err;
6d80dfd0
JH		 1971}
1972
416a4ae5
JH		 1973static void le_enable_complete(struct hci_dev *hdev, u8 status)
1974{
1975 struct cmd_lookup match = { NULL, hdev };
1976
1977 if (status) {
1978 u8 mgmt_err = mgmt_status(status);
1979
1980 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1981 &mgmt_err);
1982 return;
1983 }
1984
1985 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1986
1987 new_settings(hdev, match.sk);
1988
1989 if (match.sk)
1990 sock_put(match.sk);
441ad2d0
MH		 1991
1992 /* Make sure the controller has a good default for
1993 * advertising data. Restrict the update to when LE
1994 * has actually been enabled. During power on, the
1995 * update in powered_update_hci will take care of it.
1996 */
1997 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1998 struct hci_request req;
1999
2000 hci_dev_lock(hdev);
2001
2002 hci_req_init(&req, hdev);
5947f4bc 2003 update_adv_data(&req);
f14d8f64 2004 update_scan_rsp_data(&req);
441ad2d0
MH		 2005 hci_req_run(&req, NULL);
2006
2007 hci_dev_unlock(hdev);
2008 }
416a4ae5
JH		 2009}
2010
bdb6d971 2011static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2012{
2013 struct mgmt_mode *cp = data;
2014 struct hci_cp_write_le_host_supported hci_cp;
2015 struct pending_cmd *cmd;
416a4ae5 2016 struct hci_request req;
06199cf8 2017 int err;
0b60eba1 2018 u8 val, enabled;
06199cf8 2019
bdb6d971 2020 BT_DBG("request for %s", hdev->name);
06199cf8 2021
13ecd8b6
JH		 2022 if (!lmp_le_capable(hdev))
2023 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2024 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2025
a7e80f25
JH		 2026 if (cp->val != 0x00 && cp->val != 0x01)
2027 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2028 MGMT_STATUS_INVALID_PARAMS);
2029
c73eee91 2030 /* LE-only devices do not allow toggling LE on/off */
56f87901 2031 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2032 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2033 MGMT_STATUS_REJECTED);
2034
13ecd8b6 2035 hci_dev_lock(hdev);
06199cf8
JH		 2036
2037 val = !!cp->val;
ffa88e02 2038 enabled = lmp_host_le_capable(hdev);
06199cf8 2039
0b60eba1 2040 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2041 bool changed = false;
2042
2043 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2044 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2045 changed = true;
2046 }
2047
f3d3444a
JH		 2048 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2049 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2050 changed = true;
2051 }
2052
06199cf8
JH		 2053 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2054 if (err < 0)
1de028ce 2055 goto unlock;
06199cf8
JH		 2056
2057 if (changed)
2058 err = new_settings(hdev, sk);
2059
1de028ce 2060 goto unlock;
06199cf8
JH		 2061 }
2062
4375f103
JH		 2063 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2064 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2065 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2066 MGMT_STATUS_BUSY);
1de028ce 2067 goto unlock;
06199cf8
JH		 2068 }
2069
2070 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2071 if (!cmd) {
2072 err = -ENOMEM;
1de028ce 2073 goto unlock;
06199cf8
JH		 2074 }
2075
441ad2d0
MH		 2076 hci_req_init(&req, hdev);
2077
06199cf8
JH		 2078 memset(&hci_cp, 0, sizeof(hci_cp));
2079
2080 if (val) {
2081 hci_cp.le = val;
ffa88e02 2082 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2083 } else {
2084 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2085 disable_advertising(&req);
06199cf8
JH		 2086 }
2087
416a4ae5
JH		 2088 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2089 &hci_cp);
2090
2091 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2092 if (err < 0)
06199cf8 2093 mgmt_pending_remove(cmd);
06199cf8 2094
1de028ce
JH		 2095unlock:
2096 hci_dev_unlock(hdev);
06199cf8
JH		 2097 return err;
2098}
2099
0cab9c80
JH		 2100/* This is a helper function to test for pending mgmt commands that can
2101 * cause CoD or EIR HCI commands. We can only allow one such pending
2102 * mgmt command at a time since otherwise we cannot easily track what
2103 * the current values are, will be, and based on that calculate if a new
2104 * HCI command needs to be sent and if yes with what value.
2105 */
2106static bool pending_eir_or_class(struct hci_dev *hdev)
2107{
2108 struct pending_cmd *cmd;
2109
2110 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2111 switch (cmd->opcode) {
2112 case MGMT_OP_ADD_UUID:
2113 case MGMT_OP_REMOVE_UUID:
2114 case MGMT_OP_SET_DEV_CLASS:
2115 case MGMT_OP_SET_POWERED:
2116 return true;
2117 }
2118 }
2119
2120 return false;
2121}
2122
83be8eca
JH		 2123static const u8 bluetooth_base_uuid[] = {
2124 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2125 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2126};
2127
2128static u8 get_uuid_size(const u8 *uuid)
2129{
2130 u32 val;
2131
2132 if (memcmp(uuid, bluetooth_base_uuid, 12))
2133 return 128;
2134
2135 val = get_unaligned_le32(&uuid[12]);
2136 if (val > 0xffff)
2137 return 32;
2138
2139 return 16;
2140}
2141
92da6097
JH		 2142static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2143{
2144 struct pending_cmd *cmd;
2145
2146 hci_dev_lock(hdev);
2147
2148 cmd = mgmt_pending_find(mgmt_op, hdev);
2149 if (!cmd)
2150 goto unlock;
2151
2152 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2153 hdev->dev_class, 3);
2154
2155 mgmt_pending_remove(cmd);
2156
2157unlock:
2158 hci_dev_unlock(hdev);
2159}
2160
2161static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2162{
2163 BT_DBG("status 0x%02x", status);
2164
2165 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2166}
2167
bdb6d971 2168static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2169{
650f726d 2170 struct mgmt_cp_add_uuid *cp = data;
90e70454 2171 struct pending_cmd *cmd;
890ea898 2172 struct hci_request req;
2aeb9a1a 2173 struct bt_uuid *uuid;
2aeb9a1a
JH		 2174 int err;
2175
bdb6d971 2176 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2177
09fd0de5 2178 hci_dev_lock(hdev);
2aeb9a1a 2179
0cab9c80 2180 if (pending_eir_or_class(hdev)) {
bdb6d971 2181 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2182 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2183 goto failed;
2184 }
2185
92c4c204 2186 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2187 if (!uuid) {
2188 err = -ENOMEM;
2189 goto failed;
2190 }
2191
2192 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2193 uuid->svc_hint = cp->svc_hint;
83be8eca 2194 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2195
de66aa63 2196 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2197
890ea898 2198 hci_req_init(&req, hdev);
1aff6f09 2199
890ea898
JH		 2200 update_class(&req);
2201 update_eir(&req);
2202
92da6097
JH		 2203 err = hci_req_run(&req, add_uuid_complete);
2204 if (err < 0) {
2205 if (err != -ENODATA)
2206 goto failed;
80a1e1db 2207
bdb6d971 2208 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2209 hdev->dev_class, 3);
90e70454
JH		 2210 goto failed;
2211 }
2212
2213 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2214 if (!cmd) {
90e70454 2215 err = -ENOMEM;
890ea898
JH		 2216 goto failed;
2217 }
2218
2219 err = 0;
2aeb9a1a
JH		 2220
2221failed:
09fd0de5 2222 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2223 return err;
2224}
2225
24b78d0f
JH		 2226static bool enable_service_cache(struct hci_dev *hdev)
2227{
2228 if (!hdev_is_powered(hdev))
2229 return false;
2230
2231 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2232 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2233 CACHE_TIMEOUT);
24b78d0f
JH		 2234 return true;
2235 }
2236
2237 return false;
2238}
2239
92da6097
JH		 2240static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2241{
2242 BT_DBG("status 0x%02x", status);
2243
2244 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2245}
2246
bdb6d971 2247static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2248 u16 len)
2aeb9a1a 2249{
650f726d 2250 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2251 struct pending_cmd *cmd;
056341c8 2252 struct bt_uuid *match, *tmp;
2aeb9a1a 2253 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2254 struct hci_request req;
2aeb9a1a
JH		 2255 int err, found;
2256
bdb6d971 2257 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2258
09fd0de5 2259 hci_dev_lock(hdev);
2aeb9a1a 2260
0cab9c80 2261 if (pending_eir_or_class(hdev)) {
bdb6d971 2262 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2263 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2264 goto unlock;
2265 }
2266
2aeb9a1a 2267 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2268 hci_uuids_clear(hdev);
4004b6d9 2269
24b78d0f 2270 if (enable_service_cache(hdev)) {
bdb6d971 2271 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2272 0, hdev->dev_class, 3);
24b78d0f
JH		 2273 goto unlock;
2274 }
4004b6d9 2275
9246a869 2276 goto update_class;
2aeb9a1a
JH		 2277 }
2278
2279 found = 0;
2280
056341c8 2281 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2282 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2283 continue;
2284
2285 list_del(&match->list);
482049f7 2286 kfree(match);
2aeb9a1a
JH		 2287 found++;
2288 }
2289
2290 if (found == 0) {
bdb6d971 2291 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2292 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2293 goto unlock;
2294 }
2295
9246a869 2296update_class:
890ea898 2297 hci_req_init(&req, hdev);
1aff6f09 2298
890ea898
JH		 2299 update_class(&req);
2300 update_eir(&req);
2301
92da6097
JH		 2302 err = hci_req_run(&req, remove_uuid_complete);
2303 if (err < 0) {
2304 if (err != -ENODATA)
2305 goto unlock;
80a1e1db 2306
bdb6d971 2307 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2308 hdev->dev_class, 3);
90e70454
JH		 2309 goto unlock;
2310 }
2311
2312 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2313 if (!cmd) {
90e70454 2314 err = -ENOMEM;
890ea898
JH		 2315 goto unlock;
2316 }
2317
2318 err = 0;
2aeb9a1a
JH		 2319
2320unlock:
09fd0de5 2321 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2322 return err;
2323}
2324
92da6097
JH		 2325static void set_class_complete(struct hci_dev *hdev, u8 status)
2326{
2327 BT_DBG("status 0x%02x", status);
2328
2329 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2330}
2331
bdb6d971 2332static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2333 u16 len)
1aff6f09 2334{
650f726d 2335 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2336 struct pending_cmd *cmd;
890ea898 2337 struct hci_request req;
1aff6f09
JH		 2338 int err;
2339
bdb6d971 2340 BT_DBG("request for %s", hdev->name);
1aff6f09 2341
6203fc98 2342 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2343 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2344 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2345
0cab9c80 2346 hci_dev_lock(hdev);
ee98f473 2347
0cab9c80
JH		 2348 if (pending_eir_or_class(hdev)) {
2349 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2350 MGMT_STATUS_BUSY);
2351 goto unlock;
2352 }
c95f0ba7 2353
0cab9c80
JH		 2354 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2355 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2356 MGMT_STATUS_INVALID_PARAMS);
2357 goto unlock;
2358 }
575b3a02 2359
932f5ff5
JH		 2360 hdev->major_class = cp->major;
2361 hdev->minor_class = cp->minor;
2362
b5235a65 2363 if (!hdev_is_powered(hdev)) {
bdb6d971 2364 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2365 hdev->dev_class, 3);
b5235a65
JH		 2366 goto unlock;
2367 }
2368
890ea898
JH		 2369 hci_req_init(&req, hdev);
2370
a8b2d5c2 2371 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2372 hci_dev_unlock(hdev);
2373 cancel_delayed_work_sync(&hdev->service_cache);
2374 hci_dev_lock(hdev);
890ea898 2375 update_eir(&req);
7d78525d 2376 }
14c0b608 2377
890ea898
JH		 2378 update_class(&req);
2379
92da6097
JH		 2380 err = hci_req_run(&req, set_class_complete);
2381 if (err < 0) {
2382 if (err != -ENODATA)
2383 goto unlock;
1aff6f09 2384
bdb6d971 2385 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2386 hdev->dev_class, 3);
90e70454
JH		 2387 goto unlock;
2388 }
2389
2390 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2391 if (!cmd) {
90e70454 2392 err = -ENOMEM;
890ea898
JH		 2393 goto unlock;
2394 }
2395
2396 err = 0;
1aff6f09 2397
b5235a65 2398unlock:
09fd0de5 2399 hci_dev_unlock(hdev);
1aff6f09
JH		 2400 return err;
2401}
2402
bdb6d971 2403static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2404 u16 len)
55ed8ca1 2405{
650f726d 2406 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2407 u16 key_count, expected_len;
b1de97d8 2408 bool changed;
a492cd52 2409 int i;
55ed8ca1 2410
9060d5cf
MH		 2411 BT_DBG("request for %s", hdev->name);
2412
2413 if (!lmp_bredr_capable(hdev))
2414 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2415 MGMT_STATUS_NOT_SUPPORTED);
2416
1f350c87 2417 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2418
86742e1e
JH		 2419 expected_len = sizeof(*cp) + key_count *
2420 sizeof(struct mgmt_link_key_info);
a492cd52 2421 if (expected_len != len) {
86742e1e 2422 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2423 expected_len, len);
bdb6d971 2424 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2425 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2426 }
2427
4ae14301
JH		 2428 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2429 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2430 MGMT_STATUS_INVALID_PARAMS);
2431
bdb6d971 2432 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2433 key_count);
55ed8ca1 2434
4ee71b20
JH		 2435 for (i = 0; i < key_count; i++) {
2436 struct mgmt_link_key_info *key = &cp->keys[i];
2437
8e991132 2438 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2439 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2440 MGMT_STATUS_INVALID_PARAMS);
2441 }
2442
09fd0de5 2443 hci_dev_lock(hdev);
55ed8ca1
JH		 2444
2445 hci_link_keys_clear(hdev);
2446
55ed8ca1 2447 if (cp->debug_keys)
0663b297
JH		 2448 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2449 &hdev->dev_flags);
55ed8ca1 2450 else
0663b297
JH		 2451 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2452 &hdev->dev_flags);
b1de97d8
MH		 2453
2454 if (changed)
2455 new_settings(hdev, NULL);
55ed8ca1 2456
a492cd52 2457 for (i = 0; i < key_count; i++) {
86742e1e 2458 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2459
58e9293c
JH		 2460 /* Always ignore debug keys and require a new pairing if
2461 * the user wants to use them.
2462 */
2463 if (key->type == HCI_LK_DEBUG_COMBINATION)
2464 continue;
2465
7652ff6a
JH		 2466 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2467 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2468 }
2469
bdb6d971 2470 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2471
09fd0de5 2472 hci_dev_unlock(hdev);
55ed8ca1 2473
a492cd52 2474 return 0;
55ed8ca1
JH		 2475}
2476
b1078ad0 2477static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2478 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2479{
2480 struct mgmt_ev_device_unpaired ev;
2481
2482 bacpy(&ev.addr.bdaddr, bdaddr);
2483 ev.addr.type = addr_type;
2484
2485 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2486 skip_sk);
b1078ad0
JH		 2487}
2488
bdb6d971 2489static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2490 u16 len)
55ed8ca1 2491{
124f6e35
JH		 2492 struct mgmt_cp_unpair_device *cp = data;
2493 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2494 struct hci_cp_disconnect dc;
2495 struct pending_cmd *cmd;
55ed8ca1 2496 struct hci_conn *conn;
55ed8ca1
JH		 2497 int err;
2498
a8a1d19e 2499 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2500 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2501 rp.addr.type = cp->addr.type;
a8a1d19e 2502
4ee71b20
JH		 2503 if (!bdaddr_type_is_valid(cp->addr.type))
2504 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2505 MGMT_STATUS_INVALID_PARAMS,
2506 &rp, sizeof(rp));
2507
118da70b
JH		 2508 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2509 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2510 MGMT_STATUS_INVALID_PARAMS,
2511 &rp, sizeof(rp));
2512
4ee71b20
JH		 2513 hci_dev_lock(hdev);
2514
86a8cfc6 2515 if (!hdev_is_powered(hdev)) {
bdb6d971 2516 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2517 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2518 goto unlock;
2519 }
2520
e0b2b27e 2521 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2522 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2523 } else {
2524 u8 addr_type;
2525
2526 if (cp->addr.type == BDADDR_LE_PUBLIC)
2527 addr_type = ADDR_LE_DEV_PUBLIC;
2528 else
2529 addr_type = ADDR_LE_DEV_RANDOM;
2530
a7ec7338
JH		 2531 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2532
a9b0a04c
AG		 2533 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2534
e0b2b27e
JH		 2535 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2536 }
b0dbfb46 2537
55ed8ca1 2538 if (err < 0) {
bdb6d971 2539 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2540 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2541 goto unlock;
2542 }
2543
86a8cfc6 2544 if (cp->disconnect) {
591f47f3 2545 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2547 &cp->addr.bdaddr);
86a8cfc6
JH		 2548 else
2549 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2550 &cp->addr.bdaddr);
86a8cfc6
JH		 2551 } else {
2552 conn = NULL;
2553 }
124f6e35 2554
a8a1d19e 2555 if (!conn) {
bdb6d971 2556 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2557 &rp, sizeof(rp));
b1078ad0 2558 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2559 goto unlock;
2560 }
55ed8ca1 2561
124f6e35 2562 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2563 sizeof(*cp));
a8a1d19e
JH		 2564 if (!cmd) {
2565 err = -ENOMEM;
2566 goto unlock;
55ed8ca1
JH		 2567 }
2568
eb55ef07 2569 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2570 dc.reason = 0x13; /* Remote User Terminated Connection */
2571 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2572 if (err < 0)
2573 mgmt_pending_remove(cmd);
2574
55ed8ca1 2575unlock:
09fd0de5 2576 hci_dev_unlock(hdev);
55ed8ca1
JH		 2577 return err;
2578}
2579
bdb6d971 2580static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2581 u16 len)
8962ee74 2582{
650f726d 2583 struct mgmt_cp_disconnect *cp = data;
06a63b19 2584 struct mgmt_rp_disconnect rp;
8962ee74 2585 struct hci_cp_disconnect dc;
366a0336 2586 struct pending_cmd *cmd;
8962ee74 2587 struct hci_conn *conn;
8962ee74
JH		 2588 int err;
2589
2590 BT_DBG("");
2591
06a63b19
JH		 2592 memset(&rp, 0, sizeof(rp));
2593 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2594 rp.addr.type = cp->addr.type;
2595
4ee71b20 2596 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2597 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2598 MGMT_STATUS_INVALID_PARAMS,
2599 &rp, sizeof(rp));
4ee71b20 2600
09fd0de5 2601 hci_dev_lock(hdev);
8962ee74
JH		 2602
2603 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2604 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2605 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2606 goto failed;
2607 }
2608
2e58ef3e 2609 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2610 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2611 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2612 goto failed;
2613 }
2614
591f47f3 2615 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2616 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2617 &cp->addr.bdaddr);
88c3df13
JH		 2618 else
2619 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2620
f960727e 2621 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2622 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2623 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2624 goto failed;
2625 }
2626
2e58ef3e 2627 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2628 if (!cmd) {
2629 err = -ENOMEM;
8962ee74 2630 goto failed;
366a0336 2631 }
8962ee74 2632
eb55ef07 2633 dc.handle = cpu_to_le16(conn->handle);
3701f944 2634 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2635
2636 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2637 if (err < 0)
a664b5bc 2638 mgmt_pending_remove(cmd);
8962ee74
JH		 2639
2640failed:
09fd0de5 2641 hci_dev_unlock(hdev);
8962ee74
JH		 2642 return err;
2643}
2644
57c1477c 2645static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2646{
2647 switch (link_type) {
2648 case LE_LINK:
48264f06
JH		 2649 switch (addr_type) {
2650 case ADDR_LE_DEV_PUBLIC:
591f47f3 2651 return BDADDR_LE_PUBLIC;
0ed09148 2652
48264f06 2653 default:
0ed09148 2654 /* Fallback to LE Random address type */
591f47f3 2655 return BDADDR_LE_RANDOM;
48264f06 2656 }
0ed09148 2657
4c659c39 2658 default:
0ed09148 2659 /* Fallback to BR/EDR type */
591f47f3 2660 return BDADDR_BREDR;
4c659c39
JH		 2661 }
2662}
2663
04124681
GP		 2664static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2665 u16 data_len)
2784eb41 2666{
2784eb41 2667 struct mgmt_rp_get_connections *rp;
8035ded4 2668 struct hci_conn *c;
a38528f1 2669 size_t rp_len;
60fc5fb6
JH		 2670 int err;
2671 u16 i;
2784eb41
JH		 2672
2673 BT_DBG("");
2674
09fd0de5 2675 hci_dev_lock(hdev);
2784eb41 2676
5f97c1df 2677 if (!hdev_is_powered(hdev)) {
bdb6d971 2678 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2679 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2680 goto unlock;
2681 }
2682
60fc5fb6 2683 i = 0;
b644ba33
JH		 2684 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2685 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2686 i++;
2784eb41
JH		 2687 }
2688
60fc5fb6 2689 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2690 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2691 if (!rp) {
2784eb41
JH		 2692 err = -ENOMEM;
2693 goto unlock;
2694 }
2695
2784eb41 2696 i = 0;
4c659c39 2697 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2698 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2699 continue;
4c659c39 2700 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2701 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2702 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2703 continue;
2704 i++;
2705 }
2706
eb55ef07 2707 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2708
4c659c39
JH		 2709 /* Recalculate length in case of filtered SCO connections, etc */
2710 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2711
bdb6d971 2712 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2713 rp_len);
2784eb41 2714
a38528f1 2715 kfree(rp);
5f97c1df
JH		 2716
2717unlock:
09fd0de5 2718 hci_dev_unlock(hdev);
2784eb41
JH		 2719 return err;
2720}
2721
bdb6d971 2722static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2723 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2724{
2725 struct pending_cmd *cmd;
2726 int err;
2727
2e58ef3e 2728 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2729 sizeof(*cp));
96d97a67
WR		 2730 if (!cmd)
2731 return -ENOMEM;
2732
d8457698 2733 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2734 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2735 if (err < 0)
2736 mgmt_pending_remove(cmd);
2737
2738 return err;
2739}
2740
bdb6d971 2741static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2742 u16 len)
980e1a53 2743{
96d97a67 2744 struct hci_conn *conn;
650f726d 2745 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2746 struct hci_cp_pin_code_reply reply;
366a0336 2747 struct pending_cmd *cmd;
980e1a53
JH		 2748 int err;
2749
2750 BT_DBG("");
2751
09fd0de5 2752 hci_dev_lock(hdev);
980e1a53 2753
4b34ee78 2754 if (!hdev_is_powered(hdev)) {
bdb6d971 2755 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2756 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2757 goto failed;
2758 }
2759
d8457698 2760 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2761 if (!conn) {
bdb6d971 2762 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2763 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2764 goto failed;
2765 }
2766
2767 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2768 struct mgmt_cp_pin_code_neg_reply ncp;
2769
2770 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2771
2772 BT_ERR("PIN code is not 16 bytes long");
2773
bdb6d971 2774 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2775 if (err >= 0)
bdb6d971 2776 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2777 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2778
2779 goto failed;
2780 }
2781
00abfe44 2782 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2783 if (!cmd) {
2784 err = -ENOMEM;
980e1a53 2785 goto failed;
366a0336 2786 }
980e1a53 2787
d8457698 2788 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2789 reply.pin_len = cp->pin_len;
24718ca5 2790 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2791
2792 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2793 if (err < 0)
a664b5bc 2794 mgmt_pending_remove(cmd);
980e1a53
JH		 2795
2796failed:
09fd0de5 2797 hci_dev_unlock(hdev);
980e1a53
JH		 2798 return err;
2799}
2800
04124681
GP		 2801static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2802 u16 len)
17fa4b9d 2803{
650f726d 2804 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2805
2806 BT_DBG("");
2807
4ec86d4c
JH		 2808 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2809 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2810 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2811
09fd0de5 2812 hci_dev_lock(hdev);
17fa4b9d
JH		 2813
2814 hdev->io_capability = cp->io_capability;
2815
2816 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2817 hdev->io_capability);
17fa4b9d 2818
09fd0de5 2819 hci_dev_unlock(hdev);
17fa4b9d 2820
04124681
GP		 2821 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2822 0);
17fa4b9d
JH		 2823}
2824
6039aa73 2825static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2826{
2827 struct hci_dev *hdev = conn->hdev;
8035ded4 2828 struct pending_cmd *cmd;
e9a416b5 2829
2e58ef3e 2830 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2831 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2832 continue;
2833
e9a416b5
JH		 2834 if (cmd->user_data != conn)
2835 continue;
2836
2837 return cmd;
2838 }
2839
2840 return NULL;
2841}
2842
2843static void pairing_complete(struct pending_cmd *cmd, u8 status)
2844{
2845 struct mgmt_rp_pair_device rp;
2846 struct hci_conn *conn = cmd->user_data;
2847
61b1a7fb
JH		 2848 bacpy(&rp.addr.bdaddr, &conn->dst);
2849 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2850
aee9b218 2851 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2852 &rp, sizeof(rp));
e9a416b5
JH		 2853
2854 /* So we don't get further callbacks for this connection */
2855 conn->connect_cfm_cb = NULL;
2856 conn->security_cfm_cb = NULL;
2857 conn->disconn_cfm_cb = NULL;
2858
76a68ba0 2859 hci_conn_drop(conn);
e9a416b5 2860
a664b5bc 2861 mgmt_pending_remove(cmd);
e9a416b5
JH		 2862}
2863
f4a407be
JH		 2864void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2865{
2866 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2867 struct pending_cmd *cmd;
2868
2869 cmd = find_pairing(conn);
2870 if (cmd)
2871 pairing_complete(cmd, status);
2872}
2873
e9a416b5
JH		 2874static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2875{
2876 struct pending_cmd *cmd;
2877
2878 BT_DBG("status %u", status);
2879
2880 cmd = find_pairing(conn);
56e5cb86 2881 if (!cmd)
e9a416b5 2882 BT_DBG("Unable to find a pending command");
56e5cb86 2883 else
e211326c 2884 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2885}
2886
f4a407be 2887static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2888{
2889 struct pending_cmd *cmd;
2890
2891 BT_DBG("status %u", status);
2892
2893 if (!status)
2894 return;
2895
2896 cmd = find_pairing(conn);
2897 if (!cmd)
2898 BT_DBG("Unable to find a pending command");
2899 else
2900 pairing_complete(cmd, mgmt_status(status));
2901}
2902
bdb6d971 2903static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2904 u16 len)
e9a416b5 2905{
650f726d 2906 struct mgmt_cp_pair_device *cp = data;
1425acb7 2907 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2908 struct pending_cmd *cmd;
2909 u8 sec_level, auth_type;
2910 struct hci_conn *conn;
e9a416b5
JH		 2911 int err;
2912
2913 BT_DBG("");
2914
f950a30e
SJ		 2915 memset(&rp, 0, sizeof(rp));
2916 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2917 rp.addr.type = cp->addr.type;
2918
4ee71b20
JH		 2919 if (!bdaddr_type_is_valid(cp->addr.type))
2920 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2921 MGMT_STATUS_INVALID_PARAMS,
2922 &rp, sizeof(rp));
2923
4ec86d4c
JH		 2924 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2925 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2926 MGMT_STATUS_INVALID_PARAMS,
2927 &rp, sizeof(rp));
2928
09fd0de5 2929 hci_dev_lock(hdev);
e9a416b5 2930
5f97c1df 2931 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2932 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2933 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2934 goto unlock;
2935 }
2936
c908df36 2937 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2938 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2939
6f77d8c7 2940 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2941 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2942 auth_type);
6f77d8c7
AG		 2943 } else {
2944 u8 addr_type;
2945
2946 /* Convert from L2CAP channel address type to HCI address type
2947 */
2948 if (cp->addr.type == BDADDR_LE_PUBLIC)
2949 addr_type = ADDR_LE_DEV_PUBLIC;
2950 else
2951 addr_type = ADDR_LE_DEV_RANDOM;
2952
7c264b10
MH		 2953 /* When pairing a new device, it is expected to remember
2954 * this device for future connections. Adding the connection
2955 * parameter information ahead of time allows tracking
2956 * of the slave preferred values and will speed up any
2957 * further connection establishment.
2958 *
2959 * If connection parameters already exist, then they
2960 * will be kept and this function does nothing.
2961 */
2962 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2963
6f77d8c7 2964 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2965 sec_level, auth_type);
6f77d8c7 2966 }
7a512d01 2967
30e76272 2968 if (IS_ERR(conn)) {
489dc48e
AK		 2969 int status;
2970
2971 if (PTR_ERR(conn) == -EBUSY)
2972 status = MGMT_STATUS_BUSY;
2973 else
2974 status = MGMT_STATUS_CONNECT_FAILED;
2975
bdb6d971 2976 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2977 status, &rp,
04124681 2978 sizeof(rp));
e9a416b5
JH		 2979 goto unlock;
2980 }
2981
2982 if (conn->connect_cfm_cb) {
76a68ba0 2983 hci_conn_drop(conn);
bdb6d971 2984 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2985 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2986 goto unlock;
2987 }
2988
2e58ef3e 2989 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2990 if (!cmd) {
2991 err = -ENOMEM;
76a68ba0 2992 hci_conn_drop(conn);
e9a416b5
JH		 2993 goto unlock;
2994 }
2995
7a512d01 2996 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2997 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2998 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2999 conn->security_cfm_cb = pairing_complete_cb;
3000 conn->disconn_cfm_cb = pairing_complete_cb;
3001 } else {
3002 conn->connect_cfm_cb = le_pairing_complete_cb;
3003 conn->security_cfm_cb = le_pairing_complete_cb;
3004 conn->disconn_cfm_cb = le_pairing_complete_cb;
3005 }
7a512d01 3006
e9a416b5
JH		 3007 conn->io_capability = cp->io_cap;
3008 cmd->user_data = conn;
3009
3010 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3011 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3012 pairing_complete(cmd, 0);
3013
3014 err = 0;
3015
3016unlock:
09fd0de5 3017 hci_dev_unlock(hdev);
e9a416b5
JH		 3018 return err;
3019}
3020
04124681
GP		 3021static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3022 u16 len)
28424707 3023{
0f4e68cf 3024 struct mgmt_addr_info *addr = data;
28424707
JH		 3025 struct pending_cmd *cmd;
3026 struct hci_conn *conn;
3027 int err;
3028
3029 BT_DBG("");
3030
28424707
JH		 3031 hci_dev_lock(hdev);
3032
5f97c1df 3033 if (!hdev_is_powered(hdev)) {
bdb6d971 3034 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3035 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3036 goto unlock;
3037 }
3038
28424707
JH		 3039 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3040 if (!cmd) {
bdb6d971 3041 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3042 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3043 goto unlock;
3044 }
3045
3046 conn = cmd->user_data;
3047
3048 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3049 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3050 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3051 goto unlock;
3052 }
3053
3054 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3055
bdb6d971 3056 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3057 addr, sizeof(*addr));
28424707
JH		 3058unlock:
3059 hci_dev_unlock(hdev);
28424707
JH		 3060 return err;
3061}
3062
bdb6d971 3063static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3064 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3065 u16 hci_op, __le32 passkey)
a5c29683 3066{
a5c29683 3067 struct pending_cmd *cmd;
0df4c185 3068 struct hci_conn *conn;
a5c29683
JH		 3069 int err;
3070
09fd0de5 3071 hci_dev_lock(hdev);
08ba5382 3072
4b34ee78 3073 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3074 err = cmd_complete(sk, hdev->id, mgmt_op,
3075 MGMT_STATUS_NOT_POWERED, addr,
3076 sizeof(*addr));
0df4c185 3077 goto done;
a5c29683
JH		 3078 }
3079
1707c60e
JH		 3080 if (addr->type == BDADDR_BREDR)
3081 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3082 else
1707c60e 3083 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3084
3085 if (!conn) {
feb94d3d
JH		 3086 err = cmd_complete(sk, hdev->id, mgmt_op,
3087 MGMT_STATUS_NOT_CONNECTED, addr,
3088 sizeof(*addr));
272d90df
JH		 3089 goto done;
3090 }
47c15e2b 3091
1707c60e 3092 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3093 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3094 if (!err)
feb94d3d
JH		 3095 err = cmd_complete(sk, hdev->id, mgmt_op,
3096 MGMT_STATUS_SUCCESS, addr,
3097 sizeof(*addr));
5fe57d9e 3098 else
feb94d3d
JH		 3099 err = cmd_complete(sk, hdev->id, mgmt_op,
3100 MGMT_STATUS_FAILED, addr,
3101 sizeof(*addr));
47c15e2b 3102
47c15e2b
BG		 3103 goto done;
3104 }
3105
1707c60e 3106 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3107 if (!cmd) {
3108 err = -ENOMEM;
0df4c185 3109 goto done;
a5c29683
JH		 3110 }
3111
0df4c185 3112 /* Continue with pairing via HCI */
604086b7
BG		 3113 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3114 struct hci_cp_user_passkey_reply cp;
3115
1707c60e 3116 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3117 cp.passkey = passkey;
3118 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3119 } else
1707c60e
JH		 3120 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3121 &addr->bdaddr);
604086b7 3122
a664b5bc
JH		 3123 if (err < 0)
3124 mgmt_pending_remove(cmd);
a5c29683 3125
0df4c185 3126done:
09fd0de5 3127 hci_dev_unlock(hdev);
a5c29683
JH		 3128 return err;
3129}
3130
afeb019d
JK		 3131static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3132 void *data, u16 len)
3133{
3134 struct mgmt_cp_pin_code_neg_reply *cp = data;
3135
3136 BT_DBG("");
3137
1707c60e 3138 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3139 MGMT_OP_PIN_CODE_NEG_REPLY,
3140 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3141}
3142
04124681
GP		 3143static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3144 u16 len)
0df4c185 3145{
650f726d 3146 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3147
3148 BT_DBG("");
3149
3150 if (len != sizeof(*cp))
bdb6d971 3151 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3152 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3153
1707c60e 3154 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3155 MGMT_OP_USER_CONFIRM_REPLY,
3156 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3157}
3158
bdb6d971 3159static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3160 void *data, u16 len)
0df4c185 3161{
c9c2659f 3162 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3163
3164 BT_DBG("");
3165
1707c60e 3166 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3167 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3168 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3169}
3170
04124681
GP		 3171static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3172 u16 len)
604086b7 3173{
650f726d 3174 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3175
3176 BT_DBG("");
3177
1707c60e 3178 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3179 MGMT_OP_USER_PASSKEY_REPLY,
3180 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3181}
3182
bdb6d971 3183static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3184 void *data, u16 len)
604086b7 3185{
650f726d 3186 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3187
3188 BT_DBG("");
3189
1707c60e 3190 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3191 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3192 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3193}
3194
13928971 3195static void update_name(struct hci_request *req)
2b4bf397 3196{
13928971 3197 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3198 struct hci_cp_write_local_name cp;
3199
13928971 3200 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3201
890ea898 3202 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3203}
3204
13928971
JH		 3205static void set_name_complete(struct hci_dev *hdev, u8 status)
3206{
3207 struct mgmt_cp_set_local_name *cp;
3208 struct pending_cmd *cmd;
3209
3210 BT_DBG("status 0x%02x", status);
3211
3212 hci_dev_lock(hdev);
3213
3214 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3215 if (!cmd)
3216 goto unlock;
3217
3218 cp = cmd->param;
3219
3220 if (status)
3221 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3222 mgmt_status(status));
3223 else
3224 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3225 cp, sizeof(*cp));
3226
3227 mgmt_pending_remove(cmd);
3228
3229unlock:
3230 hci_dev_unlock(hdev);
3231}
3232
bdb6d971 3233static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3234 u16 len)
b312b161 3235{
2b4bf397 3236 struct mgmt_cp_set_local_name *cp = data;
b312b161 3237 struct pending_cmd *cmd;
890ea898 3238 struct hci_request req;
b312b161
JH		 3239 int err;
3240
3241 BT_DBG("");
3242
09fd0de5 3243 hci_dev_lock(hdev);
b312b161 3244
b3f2ca94
JH		 3245 /* If the old values are the same as the new ones just return a
3246 * direct command complete event.
3247 */
3248 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3249 !memcmp(hdev->short_name, cp->short_name,
3250 sizeof(hdev->short_name))) {
3251 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3252 data, len);
3253 goto failed;
3254 }
3255
2b4bf397 3256 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3257
b5235a65 3258 if (!hdev_is_powered(hdev)) {
2b4bf397 3259 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3260
3261 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3262 data, len);
28cc7bde
JH		 3263 if (err < 0)
3264 goto failed;
3265
3266 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3267 sk);
28cc7bde 3268
b5235a65
JH		 3269 goto failed;
3270 }
3271
28cc7bde 3272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3273 if (!cmd) {
3274 err = -ENOMEM;
3275 goto failed;
3276 }
3277
13928971
JH		 3278 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3279
890ea898 3280 hci_req_init(&req, hdev);
3f985050
JH		 3281
3282 if (lmp_bredr_capable(hdev)) {
3283 update_name(&req);
3284 update_eir(&req);
3285 }
3286
7a5f4990
MH		 3287 /* The name is stored in the scan response data and so
3288 * no need to udpate the advertising data here.
3289 */
3f985050 3290 if (lmp_le_capable(hdev))
7a5f4990 3291 update_scan_rsp_data(&req);
3f985050 3292
13928971 3293 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3294 if (err < 0)
3295 mgmt_pending_remove(cmd);
3296
3297failed:
09fd0de5 3298 hci_dev_unlock(hdev);
b312b161
JH		 3299 return err;
3300}
3301
0f4e68cf 3302static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3303 void *data, u16 data_len)
c35938b2 3304{
c35938b2
SJ		 3305 struct pending_cmd *cmd;
3306 int err;
3307
bdb6d971 3308 BT_DBG("%s", hdev->name);
c35938b2 3309
09fd0de5 3310 hci_dev_lock(hdev);
c35938b2 3311
4b34ee78 3312 if (!hdev_is_powered(hdev)) {
bdb6d971 3313 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3314 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3315 goto unlock;
3316 }
3317
9a1a1996 3318 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3319 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3320 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3321 goto unlock;
3322 }
3323
2e58ef3e 3324 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3325 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3326 MGMT_STATUS_BUSY);
c35938b2
SJ		 3327 goto unlock;
3328 }
3329
2e58ef3e 3330 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3331 if (!cmd) {
3332 err = -ENOMEM;
3333 goto unlock;
3334 }
3335
4d2d2796
MH		 3336 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3337 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3338 0, NULL);
3339 else
3340 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3341
c35938b2
SJ		 3342 if (err < 0)
3343 mgmt_pending_remove(cmd);
3344
3345unlock:
09fd0de5 3346 hci_dev_unlock(hdev);
c35938b2
SJ		 3347 return err;
3348}
3349
bdb6d971 3350static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3351 void *data, u16 len)
2763eda6 3352{
2763eda6
SJ		 3353 int err;
3354
bdb6d971 3355 BT_DBG("%s ", hdev->name);
2763eda6 3356
09fd0de5 3357 hci_dev_lock(hdev);
2763eda6 3358
ec109113
MH		 3359 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3360 struct mgmt_cp_add_remote_oob_data *cp = data;
3361 u8 status;
bf1e3541 3362
ec109113
MH		 3363 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3364 cp->hash, cp->randomizer);
3365 if (err < 0)
3366 status = MGMT_STATUS_FAILED;
3367 else
3368 status = MGMT_STATUS_SUCCESS;
3369
3370 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3371 status, &cp->addr, sizeof(cp->addr));
3372 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3373 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3374 u8 status;
3375
3376 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3377 cp->hash192,
3378 cp->randomizer192,
3379 cp->hash256,
3380 cp->randomizer256);
3381 if (err < 0)
3382 status = MGMT_STATUS_FAILED;
3383 else
3384 status = MGMT_STATUS_SUCCESS;
3385
3386 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3387 status, &cp->addr, sizeof(cp->addr));
3388 } else {
3389 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3390 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3391 MGMT_STATUS_INVALID_PARAMS);
3392 }
2763eda6 3393
09fd0de5 3394 hci_dev_unlock(hdev);
2763eda6
SJ		 3395 return err;
3396}
3397
bdb6d971 3398static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3399 void *data, u16 len)
2763eda6 3400{
650f726d 3401 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3402 u8 status;
2763eda6
SJ		 3403 int err;
3404
bdb6d971 3405 BT_DBG("%s", hdev->name);
2763eda6 3406
09fd0de5 3407 hci_dev_lock(hdev);
2763eda6 3408
664ce4cc 3409 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3410 if (err < 0)
bf1e3541 3411 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3412 else
a6785be2 3413 status = MGMT_STATUS_SUCCESS;
bf1e3541 3414
bdb6d971 3415 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3416 status, &cp->addr, sizeof(cp->addr));
2763eda6 3417
09fd0de5 3418 hci_dev_unlock(hdev);
2763eda6
SJ		 3419 return err;
3420}
3421
41dc2bd6
AG		 3422static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3423{
3424 struct pending_cmd *cmd;
3425 u8 type;
3426 int err;
3427
3428 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3429
3430 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3431 if (!cmd)
3432 return -ENOENT;
3433
3434 type = hdev->discovery.type;
3435
3436 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3437 &type, sizeof(type));
3438 mgmt_pending_remove(cmd);
3439
3440 return err;
3441}
3442
7c307720
AG		 3443static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3444{
ae55f598
LR		 3445 unsigned long timeout = 0;
3446
7c307720
AG		 3447 BT_DBG("status %d", status);
3448
3449 if (status) {
3450 hci_dev_lock(hdev);
3451 mgmt_start_discovery_failed(hdev, status);
3452 hci_dev_unlock(hdev);
3453 return;
3454 }
3455
3456 hci_dev_lock(hdev);
3457 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3458 hci_dev_unlock(hdev);
3459
3460 switch (hdev->discovery.type) {
3461 case DISCOV_TYPE_LE:
3d5a76f0 3462 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3463 break;
3464
3465 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3466 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3467 break;
3468
3469 case DISCOV_TYPE_BREDR:
3470 break;
3471
3472 default:
3473 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3474 }
ae55f598
LR		 3475
3476 if (!timeout)
3477 return;
3478
3479 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3480}
3481
bdb6d971 3482static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3483 void *data, u16 len)
14a53664 3484{
650f726d 3485 struct mgmt_cp_start_discovery *cp = data;
14a53664 3486 struct pending_cmd *cmd;
7c307720
AG		 3487 struct hci_cp_le_set_scan_param param_cp;
3488 struct hci_cp_le_set_scan_enable enable_cp;
3489 struct hci_cp_inquiry inq_cp;
3490 struct hci_request req;
3491 /* General inquiry access code (GIAC) */
3492 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3493 u8 status, own_addr_type;
14a53664
JH		 3494 int err;
3495
bdb6d971 3496 BT_DBG("%s", hdev->name);
14a53664 3497
09fd0de5 3498 hci_dev_lock(hdev);
14a53664 3499
4b34ee78 3500 if (!hdev_is_powered(hdev)) {
bdb6d971 3501 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3502 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3503 goto failed;
3504 }
3505
642be6c7
AG		 3506 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3507 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3508 MGMT_STATUS_BUSY);
3509 goto failed;
3510 }
3511
ff9ef578 3512 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3513 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3514 MGMT_STATUS_BUSY);
ff9ef578
JH		 3515 goto failed;
3516 }
3517
2e58ef3e 3518 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3519 if (!cmd) {
3520 err = -ENOMEM;
3521 goto failed;
3522 }
3523
4aab14e5
AG		 3524 hdev->discovery.type = cp->type;
3525
7c307720
AG		 3526 hci_req_init(&req, hdev);
3527
4aab14e5 3528 switch (hdev->discovery.type) {
f39799f5 3529 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3530 status = mgmt_bredr_support(hdev);
3531 if (status) {
04106755 3532 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3533 status);
04106755
JH		 3534 mgmt_pending_remove(cmd);
3535 goto failed;
3536 }
3537
7c307720
AG		 3538 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3539 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3540 MGMT_STATUS_BUSY);
3541 mgmt_pending_remove(cmd);
3542 goto failed;
3543 }
3544
3545 hci_inquiry_cache_flush(hdev);
3546
3547 memset(&inq_cp, 0, sizeof(inq_cp));
3548 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3549 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3550 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3551 break;
3552
3553 case DISCOV_TYPE_LE:
7c307720 3554 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3555 status = mgmt_le_support(hdev);
3556 if (status) {
04106755 3557 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3558 status);
04106755
JH		 3559 mgmt_pending_remove(cmd);
3560 goto failed;
3561 }
3562
7c307720 3563 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3564 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3565 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3566 MGMT_STATUS_NOT_SUPPORTED);
3567 mgmt_pending_remove(cmd);
3568 goto failed;
3569 }
3570
f3d3444a 3571 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3572 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3573 MGMT_STATUS_REJECTED);
3574 mgmt_pending_remove(cmd);
3575 goto failed;
3576 }
3577
c54c3860
AG		 3578 /* If controller is scanning, it means the background scanning
3579 * is running. Thus, we should temporarily stop it in order to
3580 * set the discovery scanning parameters.
3581 */
3582 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3583 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3584
3585 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3586
94b1fc92
MH		 3587 /* All active scans will be done with either a resolvable
3588 * private address (when privacy feature has been enabled)
3589 * or unresolvable private address.
3590 */
3591 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3592 if (err < 0) {
3593 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3594 MGMT_STATUS_FAILED);
3595 mgmt_pending_remove(cmd);
3596 goto failed;
3597 }
3598
7c307720 3599 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3600 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3601 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3602 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3603 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3604 &param_cp);
3605
3606 memset(&enable_cp, 0, sizeof(enable_cp));
3607 enable_cp.enable = LE_SCAN_ENABLE;
3608 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3609 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3610 &enable_cp);
5e0452c0
AG		 3611 break;
3612
f39799f5 3613 default:
04106755
JH		 3614 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3615 MGMT_STATUS_INVALID_PARAMS);
3616 mgmt_pending_remove(cmd);
3617 goto failed;
f39799f5 3618 }
3fd24153 3619
7c307720 3620 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3621 if (err < 0)
3622 mgmt_pending_remove(cmd);
ff9ef578
JH		 3623 else
3624 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3625
3626failed:
09fd0de5 3627 hci_dev_unlock(hdev);
14a53664
JH		 3628 return err;
3629}
3630
1183fdca
AG		 3631static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3632{
3633 struct pending_cmd *cmd;
3634 int err;
3635
3636 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3637 if (!cmd)
3638 return -ENOENT;
3639
3640 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3641 &hdev->discovery.type, sizeof(hdev->discovery.type));
3642 mgmt_pending_remove(cmd);
3643
3644 return err;
3645}
3646
0e05bba6
AG		 3647static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3648{
3649 BT_DBG("status %d", status);
3650
3651 hci_dev_lock(hdev);
3652
3653 if (status) {
3654 mgmt_stop_discovery_failed(hdev, status);
3655 goto unlock;
3656 }
3657
3658 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3659
3660unlock:
3661 hci_dev_unlock(hdev);
3662}
3663
bdb6d971 3664static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3665 u16 len)
14a53664 3666{
d930650b 3667 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3668 struct pending_cmd *cmd;
0e05bba6 3669 struct hci_request req;
14a53664
JH		 3670 int err;
3671
bdb6d971 3672 BT_DBG("%s", hdev->name);
14a53664 3673
09fd0de5 3674 hci_dev_lock(hdev);
14a53664 3675
30dc78e1 3676 if (!hci_discovery_active(hdev)) {
bdb6d971 3677 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3678 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3679 sizeof(mgmt_cp->type));
d930650b
JH		 3680 goto unlock;
3681 }
3682
3683 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3684 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3685 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3686 sizeof(mgmt_cp->type));
30dc78e1 3687 goto unlock;
ff9ef578
JH		 3688 }
3689
2e58ef3e 3690 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3691 if (!cmd) {
3692 err = -ENOMEM;
30dc78e1
JH		 3693 goto unlock;
3694 }
3695
0e05bba6
AG		 3696 hci_req_init(&req, hdev);
3697
21a60d30 3698 hci_stop_discovery(&req);
e0d9727e 3699
21a60d30
JH		 3700 err = hci_req_run(&req, stop_discovery_complete);
3701 if (!err) {
3702 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3703 goto unlock;
14a53664
JH		 3704 }
3705
21a60d30
JH		 3706 mgmt_pending_remove(cmd);
3707
3708 /* If no HCI commands were sent we're done */
3709 if (err == -ENODATA) {
3710 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3711 &mgmt_cp->type, sizeof(mgmt_cp->type));
3712 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3713 }
14a53664 3714
30dc78e1 3715unlock:
09fd0de5 3716 hci_dev_unlock(hdev);
14a53664
JH		 3717 return err;
3718}
3719
bdb6d971 3720static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3721 u16 len)
561aafbc 3722{
650f726d 3723 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3724 struct inquiry_entry *e;
561aafbc
JH		 3725 int err;
3726
bdb6d971 3727 BT_DBG("%s", hdev->name);
561aafbc 3728
561aafbc
JH		 3729 hci_dev_lock(hdev);
3730
30dc78e1 3731 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3732 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3733 MGMT_STATUS_FAILED, &cp->addr,
3734 sizeof(cp->addr));
30dc78e1
JH		 3735 goto failed;
3736 }
3737
a198e7b1 3738 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3739 if (!e) {
d3a2541d
LR		 3740 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3741 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3742 sizeof(cp->addr));
561aafbc
JH		 3743 goto failed;
3744 }
3745
3746 if (cp->name_known) {
3747 e->name_state = NAME_KNOWN;
3748 list_del(&e->list);
3749 } else {
3750 e->name_state = NAME_NEEDED;
a3d4e20a 3751 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3752 }
3753
e384662b
JH		 3754 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3755 sizeof(cp->addr));
561aafbc
JH		 3756
3757failed:
3758 hci_dev_unlock(hdev);
561aafbc
JH		 3759 return err;
3760}
3761
bdb6d971 3762static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3763 u16 len)
7fbec224 3764{
650f726d 3765 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3766 u8 status;
7fbec224
AJ		 3767 int err;
3768
bdb6d971 3769 BT_DBG("%s", hdev->name);
7fbec224 3770
4ee71b20 3771 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3772 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3773 MGMT_STATUS_INVALID_PARAMS,
3774 &cp->addr, sizeof(cp->addr));
4ee71b20 3775
09fd0de5 3776 hci_dev_lock(hdev);
5e762444 3777
88c1fe4b 3778 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3779 if (err < 0) {
f0eeea8b 3780 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3781 goto done;
3782 }
3783
3784 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3785 sk);
3786 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3787
2a8357f2 3788done:
bdb6d971 3789 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3790 &cp->addr, sizeof(cp->addr));
5e762444 3791
09fd0de5 3792 hci_dev_unlock(hdev);
7fbec224
AJ		 3793
3794 return err;
3795}
3796
bdb6d971 3797static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3798 u16 len)
7fbec224 3799{
650f726d 3800 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3801 u8 status;
7fbec224
AJ		 3802 int err;
3803
bdb6d971 3804 BT_DBG("%s", hdev->name);
7fbec224 3805
4ee71b20 3806 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3807 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3808 MGMT_STATUS_INVALID_PARAMS,
3809 &cp->addr, sizeof(cp->addr));
4ee71b20 3810
09fd0de5 3811 hci_dev_lock(hdev);
5e762444 3812
88c1fe4b 3813 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3814 if (err < 0) {
f0eeea8b 3815 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3816 goto done;
3817 }
3818
3819 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3820 sk);
3821 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3822
2a8357f2 3823done:
bdb6d971 3824 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3825 &cp->addr, sizeof(cp->addr));
5e762444 3826
09fd0de5 3827 hci_dev_unlock(hdev);
7fbec224
AJ		 3828
3829 return err;
3830}
3831
cdbaccca
MH		 3832static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3833 u16 len)
3834{
3835 struct mgmt_cp_set_device_id *cp = data;
890ea898 3836 struct hci_request req;
cdbaccca 3837 int err;
c72d4b8a 3838 __u16 source;
cdbaccca
MH		 3839
3840 BT_DBG("%s", hdev->name);
3841
c72d4b8a
SJ		 3842 source = __le16_to_cpu(cp->source);
3843
3844 if (source > 0x0002)
3845 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3846 MGMT_STATUS_INVALID_PARAMS);
3847
cdbaccca
MH		 3848 hci_dev_lock(hdev);
3849
c72d4b8a 3850 hdev->devid_source = source;
cdbaccca
MH		 3851 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3852 hdev->devid_product = __le16_to_cpu(cp->product);
3853 hdev->devid_version = __le16_to_cpu(cp->version);
3854
3855 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3856
890ea898
JH		 3857 hci_req_init(&req, hdev);
3858 update_eir(&req);
3859 hci_req_run(&req, NULL);
cdbaccca
MH		 3860
3861 hci_dev_unlock(hdev);
3862
3863 return err;
3864}
3865
4375f103
JH		 3866static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3867{
3868 struct cmd_lookup match = { NULL, hdev };
3869
3870 if (status) {
3871 u8 mgmt_err = mgmt_status(status);
3872
3873 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3874 cmd_status_rsp, &mgmt_err);
3875 return;
3876 }
3877
3878 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3879 &match);
3880
3881 new_settings(hdev, match.sk);
3882
3883 if (match.sk)
3884 sock_put(match.sk);
3885}
3886
21b5187f
MH		 3887static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3888 u16 len)
4375f103
JH		 3889{
3890 struct mgmt_mode *cp = data;
3891 struct pending_cmd *cmd;
3892 struct hci_request req;
e6fe7986 3893 u8 val, enabled, status;
4375f103
JH		 3894 int err;
3895
3896 BT_DBG("request for %s", hdev->name);
3897
e6fe7986
JH		 3898 status = mgmt_le_support(hdev);
3899 if (status)
4375f103 3900 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3901 status);
4375f103
JH		 3902
3903 if (cp->val != 0x00 && cp->val != 0x01)
3904 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3905 MGMT_STATUS_INVALID_PARAMS);
3906
3907 hci_dev_lock(hdev);
3908
3909 val = !!cp->val;
f3d3444a 3910 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3911
f74ca9b8
JH		 3912 /* The following conditions are ones which mean that we should
3913 * not do any HCI communication but directly send a mgmt
3914 * response to user space (after toggling the flag if
3915 * necessary).
3916 */
3917 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3918 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3919 bool changed = false;
3920
f3d3444a
JH		 3921 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3922 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3923 changed = true;
3924 }
3925
3926 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3927 if (err < 0)
3928 goto unlock;
3929
3930 if (changed)
3931 err = new_settings(hdev, sk);
3932
3933 goto unlock;
3934 }
3935
3936 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3937 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3938 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3939 MGMT_STATUS_BUSY);
3940 goto unlock;
3941 }
3942
3943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3944 if (!cmd) {
3945 err = -ENOMEM;
3946 goto unlock;
3947 }
3948
3949 hci_req_init(&req, hdev);
3950
bba3aa55
MH		 3951 if (val)
3952 enable_advertising(&req);
3953 else
3954 disable_advertising(&req);
4375f103
JH		 3955
3956 err = hci_req_run(&req, set_advertising_complete);
3957 if (err < 0)
3958 mgmt_pending_remove(cmd);
3959
3960unlock:
3961 hci_dev_unlock(hdev);
3962 return err;
3963}
3964
d13eafce
MH		 3965static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3966 void *data, u16 len)
3967{
3968 struct mgmt_cp_set_static_address *cp = data;
3969 int err;
3970
3971 BT_DBG("%s", hdev->name);
3972
62af4443 3973 if (!lmp_le_capable(hdev))
d13eafce 3974 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3975 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3976
3977 if (hdev_is_powered(hdev))
3978 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3979 MGMT_STATUS_REJECTED);
3980
3981 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3982 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3983 return cmd_status(sk, hdev->id,
3984 MGMT_OP_SET_STATIC_ADDRESS,
3985 MGMT_STATUS_INVALID_PARAMS);
3986
3987 /* Two most significant bits shall be set */
3988 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3989 return cmd_status(sk, hdev->id,
3990 MGMT_OP_SET_STATIC_ADDRESS,
3991 MGMT_STATUS_INVALID_PARAMS);
3992 }
3993
3994 hci_dev_lock(hdev);
3995
3996 bacpy(&hdev->static_addr, &cp->bdaddr);
3997
3998 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3999
4000 hci_dev_unlock(hdev);
4001
4002 return err;
4003}
4004
14b49b9a
MH		 4005static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4006 void *data, u16 len)
4007{
4008 struct mgmt_cp_set_scan_params *cp = data;
4009 __u16 interval, window;
4010 int err;
4011
4012 BT_DBG("%s", hdev->name);
4013
4014 if (!lmp_le_capable(hdev))
4015 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4016 MGMT_STATUS_NOT_SUPPORTED);
4017
4018 interval = __le16_to_cpu(cp->interval);
4019
4020 if (interval < 0x0004 || interval > 0x4000)
4021 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4022 MGMT_STATUS_INVALID_PARAMS);
4023
4024 window = __le16_to_cpu(cp->window);
4025
4026 if (window < 0x0004 || window > 0x4000)
4027 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4028 MGMT_STATUS_INVALID_PARAMS);
4029
899e1075
MH		 4030 if (window > interval)
4031 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4032 MGMT_STATUS_INVALID_PARAMS);
4033
14b49b9a
MH		 4034 hci_dev_lock(hdev);
4035
4036 hdev->le_scan_interval = interval;
4037 hdev->le_scan_window = window;
4038
4039 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4040
dd2ef8e2
AG		 4041 /* If background scan is running, restart it so new parameters are
4042 * loaded.
4043 */
4044 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4045 hdev->discovery.state == DISCOVERY_STOPPED) {
4046 struct hci_request req;
4047
4048 hci_req_init(&req, hdev);
4049
4050 hci_req_add_le_scan_disable(&req);
4051 hci_req_add_le_passive_scan(&req);
4052
4053 hci_req_run(&req, NULL);
4054 }
4055
14b49b9a
MH		 4056 hci_dev_unlock(hdev);
4057
4058 return err;
4059}
4060
33e38b3e
JH		 4061static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4062{
4063 struct pending_cmd *cmd;
4064
4065 BT_DBG("status 0x%02x", status);
4066
4067 hci_dev_lock(hdev);
4068
4069 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4070 if (!cmd)
4071 goto unlock;
4072
4073 if (status) {
4074 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4075 mgmt_status(status));
4076 } else {
1a4d3c4b
JH		 4077 struct mgmt_mode *cp = cmd->param;
4078
4079 if (cp->val)
4080 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4081 else
4082 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4083
33e38b3e
JH		 4084 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4085 new_settings(hdev, cmd->sk);
4086 }
4087
4088 mgmt_pending_remove(cmd);
4089
4090unlock:
4091 hci_dev_unlock(hdev);
4092}
4093
bdb6d971 4094static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4095 void *data, u16 len)
f6422ec6 4096{
650f726d 4097 struct mgmt_mode *cp = data;
33e38b3e
JH		 4098 struct pending_cmd *cmd;
4099 struct hci_request req;
f6422ec6
AJ		 4100 int err;
4101
bdb6d971 4102 BT_DBG("%s", hdev->name);
f6422ec6 4103
56f87901
JH		 4104 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4105 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4106 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4107 MGMT_STATUS_NOT_SUPPORTED);
4108
a7e80f25
JH		 4109 if (cp->val != 0x00 && cp->val != 0x01)
4110 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4111 MGMT_STATUS_INVALID_PARAMS);
4112
5400c044 4113 if (!hdev_is_powered(hdev))
bdb6d971 4114 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4115 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4116
4117 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4118 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4119 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4120
4121 hci_dev_lock(hdev);
4122
05cbf29f
JH		 4123 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4124 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4125 MGMT_STATUS_BUSY);
4126 goto unlock;
4127 }
4128
1a4d3c4b
JH		 4129 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4130 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4131 hdev);
4132 goto unlock;
4133 }
4134
33e38b3e
JH		 4135 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4136 data, len);
4137 if (!cmd) {
4138 err = -ENOMEM;
4139 goto unlock;
f6422ec6
AJ		 4140 }
4141
33e38b3e
JH		 4142 hci_req_init(&req, hdev);
4143
406d7804 4144 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4145
4146 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4147 if (err < 0) {
bdb6d971 4148 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4149 MGMT_STATUS_FAILED);
33e38b3e 4150 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4151 }
4152
33e38b3e 4153unlock:
f6422ec6 4154 hci_dev_unlock(hdev);
33e38b3e 4155
f6422ec6
AJ		 4156 return err;
4157}
4158
67e5a7a3
JH		 4159static void set_bredr_scan(struct hci_request *req)
4160{
4161 struct hci_dev *hdev = req->hdev;
4162 u8 scan = 0;
4163
4164 /* Ensure that fast connectable is disabled. This function will
4165 * not do anything if the page scan parameters are already what
4166 * they should be.
4167 */
4168 write_fast_connectable(req, false);
4169
4170 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4171 scan |= SCAN_PAGE;
4172 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4173 scan |= SCAN_INQUIRY;
4174
4175 if (scan)
4176 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4177}
4178
0663ca2a
JH		 4179static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4180{
4181 struct pending_cmd *cmd;
4182
4183 BT_DBG("status 0x%02x", status);
4184
4185 hci_dev_lock(hdev);
4186
4187 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4188 if (!cmd)
4189 goto unlock;
4190
4191 if (status) {
4192 u8 mgmt_err = mgmt_status(status);
4193
4194 /* We need to restore the flag if related HCI commands
4195 * failed.
4196 */
4197 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4198
4199 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4200 } else {
4201 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4202 new_settings(hdev, cmd->sk);
4203 }
4204
4205 mgmt_pending_remove(cmd);
4206
4207unlock:
4208 hci_dev_unlock(hdev);
4209}
4210
4211static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4212{
4213 struct mgmt_mode *cp = data;
4214 struct pending_cmd *cmd;
4215 struct hci_request req;
4216 int err;
4217
4218 BT_DBG("request for %s", hdev->name);
4219
4220 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4221 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4222 MGMT_STATUS_NOT_SUPPORTED);
4223
4224 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4225 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4226 MGMT_STATUS_REJECTED);
4227
4228 if (cp->val != 0x00 && cp->val != 0x01)
4229 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4230 MGMT_STATUS_INVALID_PARAMS);
4231
4232 hci_dev_lock(hdev);
4233
4234 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4235 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4236 goto unlock;
4237 }
4238
4239 if (!hdev_is_powered(hdev)) {
4240 if (!cp->val) {
0663ca2a
JH		 4241 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4242 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4243 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4244 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4245 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4246 }
4247
4248 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4249
4250 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4251 if (err < 0)
4252 goto unlock;
4253
4254 err = new_settings(hdev, sk);
4255 goto unlock;
4256 }
4257
4258 /* Reject disabling when powered on */
4259 if (!cp->val) {
4260 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4261 MGMT_STATUS_REJECTED);
4262 goto unlock;
4263 }
4264
4265 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4266 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4267 MGMT_STATUS_BUSY);
4268 goto unlock;
4269 }
4270
4271 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4272 if (!cmd) {
4273 err = -ENOMEM;
4274 goto unlock;
4275 }
4276
5947f4bc 4277 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4278 * generates the correct flags.
4279 */
4280 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4281
4282 hci_req_init(&req, hdev);
aa8af46e
JH		 4283
4284 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4285 set_bredr_scan(&req);
4286
f14d8f64
MH		 4287 /* Since only the advertising data flags will change, there
4288 * is no need to update the scan response data.
4289 */
5947f4bc 4290 update_adv_data(&req);
aa8af46e 4291
0663ca2a
JH		 4292 err = hci_req_run(&req, set_bredr_complete);
4293 if (err < 0)
4294 mgmt_pending_remove(cmd);
4295
4296unlock:
4297 hci_dev_unlock(hdev);
4298 return err;
4299}
4300
eac83dc6
MH		 4301static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4302 void *data, u16 len)
4303{
4304 struct mgmt_mode *cp = data;
4305 struct pending_cmd *cmd;
0ab04a9c 4306 u8 val, status;
eac83dc6
MH		 4307 int err;
4308
4309 BT_DBG("request for %s", hdev->name);
4310
4311 status = mgmt_bredr_support(hdev);
4312 if (status)
4313 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4314 status);
4315
5afeac14 4316 if (!lmp_sc_capable(hdev) &&
111902f7 4317 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4318 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4319 MGMT_STATUS_NOT_SUPPORTED);
4320
0ab04a9c 4321 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4322 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4323 MGMT_STATUS_INVALID_PARAMS);
4324
4325 hci_dev_lock(hdev);
4326
4327 if (!hdev_is_powered(hdev)) {
4328 bool changed;
4329
0ab04a9c 4330 if (cp->val) {
eac83dc6
MH		 4331 changed = !test_and_set_bit(HCI_SC_ENABLED,
4332 &hdev->dev_flags);
0ab04a9c
MH		 4333 if (cp->val == 0x02)
4334 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4335 else
4336 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4337 } else {
eac83dc6
MH		 4338 changed = test_and_clear_bit(HCI_SC_ENABLED,
4339 &hdev->dev_flags);
0ab04a9c
MH		 4340 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4341 }
eac83dc6
MH		 4342
4343 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4344 if (err < 0)
4345 goto failed;
4346
4347 if (changed)
4348 err = new_settings(hdev, sk);
4349
4350 goto failed;
4351 }
4352
4353 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4354 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4355 MGMT_STATUS_BUSY);
4356 goto failed;
4357 }
4358
0ab04a9c
MH		 4359 val = !!cp->val;
4360
4361 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4362 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4363 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4364 goto failed;
4365 }
4366
4367 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4368 if (!cmd) {
4369 err = -ENOMEM;
4370 goto failed;
4371 }
4372
0ab04a9c 4373 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4374 if (err < 0) {
4375 mgmt_pending_remove(cmd);
4376 goto failed;
4377 }
4378
0ab04a9c
MH		 4379 if (cp->val == 0x02)
4380 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4381 else
4382 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4383
eac83dc6
MH		 4384failed:
4385 hci_dev_unlock(hdev);
4386 return err;
4387}
4388
4e39ac81
MH		 4389static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4390 void *data, u16 len)
4391{
4392 struct mgmt_mode *cp = data;
b9710979 4393 bool changed, use_changed;
4e39ac81
MH		 4394 int err;
4395
4396 BT_DBG("request for %s", hdev->name);
4397
b9710979 4398 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4399 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4400 MGMT_STATUS_INVALID_PARAMS);
4401
4402 hci_dev_lock(hdev);
4403
4404 if (cp->val)
0663b297
JH		 4405 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4406 &hdev->dev_flags);
4e39ac81 4407 else
0663b297
JH		 4408 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4409 &hdev->dev_flags);
4e39ac81 4410
b9710979
JH		 4411 if (cp->val == 0x02)
4412 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4413 &hdev->dev_flags);
4414 else
4415 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4416 &hdev->dev_flags);
4417
4418 if (hdev_is_powered(hdev) && use_changed &&
4419 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4420 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4421 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4422 sizeof(mode), &mode);
4423 }
4424
4e39ac81
MH		 4425 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4426 if (err < 0)
4427 goto unlock;
4428
4429 if (changed)
4430 err = new_settings(hdev, sk);
4431
4432unlock:
4433 hci_dev_unlock(hdev);
4434 return err;
4435}
4436
62b04cd1
JH		 4437static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4438 u16 len)
4439{
4440 struct mgmt_cp_set_privacy *cp = cp_data;
4441 bool changed;
4442 int err;
4443
4444 BT_DBG("request for %s", hdev->name);
4445
4446 if (!lmp_le_capable(hdev))
4447 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4448 MGMT_STATUS_NOT_SUPPORTED);
4449
4450 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4451 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4452 MGMT_STATUS_INVALID_PARAMS);
4453
4454 if (hdev_is_powered(hdev))
4455 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4456 MGMT_STATUS_REJECTED);
4457
4458 hci_dev_lock(hdev);
4459
c21c0ea0
JH		 4460 /* If user space supports this command it is also expected to
4461 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4462 */
4463 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4464
62b04cd1
JH		 4465 if (cp->privacy) {
4466 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4467 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4468 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4469 } else {
4470 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4471 memset(hdev->irk, 0, sizeof(hdev->irk));
4472 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4473 }
4474
4475 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4476 if (err < 0)
4477 goto unlock;
4478
4479 if (changed)
4480 err = new_settings(hdev, sk);
4481
4482unlock:
4483 hci_dev_unlock(hdev);
4484 return err;
4485}
4486
41edf160
JH		 4487static bool irk_is_valid(struct mgmt_irk_info *irk)
4488{
4489 switch (irk->addr.type) {
4490 case BDADDR_LE_PUBLIC:
4491 return true;
4492
4493 case BDADDR_LE_RANDOM:
4494 /* Two most significant bits shall be set */
4495 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4496 return false;
4497 return true;
4498 }
4499
4500 return false;
4501}
4502
4503static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4504 u16 len)
4505{
4506 struct mgmt_cp_load_irks *cp = cp_data;
4507 u16 irk_count, expected_len;
4508 int i, err;
4509
4510 BT_DBG("request for %s", hdev->name);
4511
4512 if (!lmp_le_capable(hdev))
4513 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4514 MGMT_STATUS_NOT_SUPPORTED);
4515
4516 irk_count = __le16_to_cpu(cp->irk_count);
4517
4518 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4519 if (expected_len != len) {
4520 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4521 expected_len, len);
41edf160
JH		 4522 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4523 MGMT_STATUS_INVALID_PARAMS);
4524 }
4525
4526 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4527
4528 for (i = 0; i < irk_count; i++) {
4529 struct mgmt_irk_info *key = &cp->irks[i];
4530
4531 if (!irk_is_valid(key))
4532 return cmd_status(sk, hdev->id,
4533 MGMT_OP_LOAD_IRKS,
4534 MGMT_STATUS_INVALID_PARAMS);
4535 }
4536
4537 hci_dev_lock(hdev);
4538
4539 hci_smp_irks_clear(hdev);
4540
4541 for (i = 0; i < irk_count; i++) {
4542 struct mgmt_irk_info *irk = &cp->irks[i];
4543 u8 addr_type;
4544
4545 if (irk->addr.type == BDADDR_LE_PUBLIC)
4546 addr_type = ADDR_LE_DEV_PUBLIC;
4547 else
4548 addr_type = ADDR_LE_DEV_RANDOM;
4549
4550 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4551 BDADDR_ANY);
4552 }
4553
4554 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4555
4556 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4557
4558 hci_dev_unlock(hdev);
4559
4560 return err;
4561}
4562
3f706b72
JH		 4563static bool ltk_is_valid(struct mgmt_ltk_info *key)
4564{
4565 if (key->master != 0x00 && key->master != 0x01)
4566 return false;
490cb0b3
MH		 4567
4568 switch (key->addr.type) {
4569 case BDADDR_LE_PUBLIC:
4570 return true;
4571
4572 case BDADDR_LE_RANDOM:
4573 /* Two most significant bits shall be set */
4574 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4575 return false;
4576 return true;
4577 }
4578
4579 return false;
3f706b72
JH		 4580}
4581
bdb6d971 4582static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4583 void *cp_data, u16 len)
346af67b 4584{
346af67b
VCG		 4585 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4586 u16 key_count, expected_len;
715a5bf2 4587 int i, err;
346af67b 4588
cf99ba13
MH		 4589 BT_DBG("request for %s", hdev->name);
4590
4591 if (!lmp_le_capable(hdev))
4592 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4593 MGMT_STATUS_NOT_SUPPORTED);
4594
1f350c87 4595 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4596
4597 expected_len = sizeof(*cp) + key_count *
4598 sizeof(struct mgmt_ltk_info);
4599 if (expected_len != len) {
4600 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4601 expected_len, len);
bdb6d971 4602 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4603 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4604 }
4605
bdb6d971 4606 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4607
54ad6d8a
JH		 4608 for (i = 0; i < key_count; i++) {
4609 struct mgmt_ltk_info *key = &cp->keys[i];
4610
3f706b72 4611 if (!ltk_is_valid(key))
54ad6d8a
JH		 4612 return cmd_status(sk, hdev->id,
4613 MGMT_OP_LOAD_LONG_TERM_KEYS,
4614 MGMT_STATUS_INVALID_PARAMS);
4615 }
4616
346af67b
VCG		 4617 hci_dev_lock(hdev);
4618
4619 hci_smp_ltks_clear(hdev);
4620
4621 for (i = 0; i < key_count; i++) {
4622 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4623 u8 type, addr_type, authenticated;
79d95a19
MH		 4624
4625 if (key->addr.type == BDADDR_LE_PUBLIC)
4626 addr_type = ADDR_LE_DEV_PUBLIC;
4627 else
4628 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4629
4630 if (key->master)
2ceba539 4631 type = SMP_LTK;
346af67b 4632 else
2ceba539 4633 type = SMP_LTK_SLAVE;
346af67b 4634
61b43357
JH		 4635 switch (key->type) {
4636 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4637 authenticated = 0x00;
61b43357
JH		 4638 break;
4639 case MGMT_LTK_AUTHENTICATED:
d7b25450 4640 authenticated = 0x01;
61b43357
JH		 4641 break;
4642 default:
4643 continue;
4644 }
d7b25450 4645
35d70271 4646 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4647 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4648 key->rand);
346af67b
VCG		 4649 }
4650
715a5bf2
JH		 4651 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4652 NULL, 0);
4653
346af67b 4654 hci_dev_unlock(hdev);
346af67b 4655
715a5bf2 4656 return err;
346af67b
VCG		 4657}
4658
dd983808
AK		 4659struct cmd_conn_lookup {
4660 struct hci_conn *conn;
4661 bool valid_tx_power;
4662 u8 mgmt_status;
4663};
4664
4665static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4666{
4667 struct cmd_conn_lookup *match = data;
4668 struct mgmt_cp_get_conn_info *cp;
4669 struct mgmt_rp_get_conn_info rp;
4670 struct hci_conn *conn = cmd->user_data;
4671
4672 if (conn != match->conn)
4673 return;
4674
4675 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4676
4677 memset(&rp, 0, sizeof(rp));
4678 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4679 rp.addr.type = cp->addr.type;
4680
4681 if (!match->mgmt_status) {
4682 rp.rssi = conn->rssi;
4683
eed5daf3 4684 if (match->valid_tx_power) {
dd983808 4685 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4686 rp.max_tx_power = conn->max_tx_power;
4687 } else {
dd983808 4688 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4689 rp.max_tx_power = HCI_TX_POWER_INVALID;
4690 }
dd983808
AK		 4691 }
4692
4693 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4694 match->mgmt_status, &rp, sizeof(rp));
4695
4696 hci_conn_drop(conn);
4697
4698 mgmt_pending_remove(cmd);
4699}
4700
4701static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4702{
4703 struct hci_cp_read_rssi *cp;
4704 struct hci_conn *conn;
4705 struct cmd_conn_lookup match;
4706 u16 handle;
4707
4708 BT_DBG("status 0x%02x", status);
4709
4710 hci_dev_lock(hdev);
4711
4712 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4713 * otherwise we assume it's not valid. At the moment we assume that
4714 * either both or none of current and max values are valid to keep code
4715 * simple.
dd983808
AK		 4716 */
4717 match.valid_tx_power = !status;
4718
4719 /* Commands sent in request are either Read RSSI or Read Transmit Power
4720 * Level so we check which one was last sent to retrieve connection
4721 * handle. Both commands have handle as first parameter so it's safe to
4722 * cast data on the same command struct.
4723 *
4724 * First command sent is always Read RSSI and we fail only if it fails.
4725 * In other case we simply override error to indicate success as we
4726 * already remembered if TX power value is actually valid.
4727 */
4728 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4729 if (!cp) {
4730 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4731 status = 0;
4732 }
4733
4734 if (!cp) {
4735 BT_ERR("invalid sent_cmd in response");
4736 goto unlock;
4737 }
4738
4739 handle = __le16_to_cpu(cp->handle);
4740 conn = hci_conn_hash_lookup_handle(hdev, handle);
4741 if (!conn) {
4742 BT_ERR("unknown handle (%d) in response", handle);
4743 goto unlock;
4744 }
4745
4746 match.conn = conn;
4747 match.mgmt_status = mgmt_status(status);
4748
4749 /* Cache refresh is complete, now reply for mgmt request for given
4750 * connection only.
4751 */
4752 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4753 get_conn_info_complete, &match);
4754
4755unlock:
4756 hci_dev_unlock(hdev);
4757}
4758
4759static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4760 u16 len)
4761{
4762 struct mgmt_cp_get_conn_info *cp = data;
4763 struct mgmt_rp_get_conn_info rp;
4764 struct hci_conn *conn;
4765 unsigned long conn_info_age;
4766 int err = 0;
4767
4768 BT_DBG("%s", hdev->name);
4769
4770 memset(&rp, 0, sizeof(rp));
4771 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4772 rp.addr.type = cp->addr.type;
4773
4774 if (!bdaddr_type_is_valid(cp->addr.type))
4775 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4776 MGMT_STATUS_INVALID_PARAMS,
4777 &rp, sizeof(rp));
4778
4779 hci_dev_lock(hdev);
4780
4781 if (!hdev_is_powered(hdev)) {
4782 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4783 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4784 goto unlock;
4785 }
4786
4787 if (cp->addr.type == BDADDR_BREDR)
4788 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4789 &cp->addr.bdaddr);
4790 else
4791 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4792
4793 if (!conn || conn->state != BT_CONNECTED) {
4794 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4795 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4796 goto unlock;
4797 }
4798
4799 /* To avoid client trying to guess when to poll again for information we
4800 * calculate conn info age as random value between min/max set in hdev.
4801 */
4802 conn_info_age = hdev->conn_info_min_age +
4803 prandom_u32_max(hdev->conn_info_max_age -
4804 hdev->conn_info_min_age);
4805
4806 /* Query controller to refresh cached values if they are too old or were
4807 * never read.
4808 */
f4e2dd53
AK		 4809 if (time_after(jiffies, conn->conn_info_timestamp +
4810 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4811 !conn->conn_info_timestamp) {
4812 struct hci_request req;
4813 struct hci_cp_read_tx_power req_txp_cp;
4814 struct hci_cp_read_rssi req_rssi_cp;
4815 struct pending_cmd *cmd;
4816
4817 hci_req_init(&req, hdev);
4818 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4819 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4820 &req_rssi_cp);
4821
f7faab0c
AK		 4822 /* For LE links TX power does not change thus we don't need to
4823 * query for it once value is known.
4824 */
4825 if (!bdaddr_type_is_le(cp->addr.type) ||
4826 conn->tx_power == HCI_TX_POWER_INVALID) {
4827 req_txp_cp.handle = cpu_to_le16(conn->handle);
4828 req_txp_cp.type = 0x00;
4829 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4830 sizeof(req_txp_cp), &req_txp_cp);
4831 }
dd983808 4832
eed5daf3
AK		 4833 /* Max TX power needs to be read only once per connection */
4834 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4835 req_txp_cp.handle = cpu_to_le16(conn->handle);
4836 req_txp_cp.type = 0x01;
4837 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4838 sizeof(req_txp_cp), &req_txp_cp);
4839 }
4840
dd983808
AK		 4841 err = hci_req_run(&req, conn_info_refresh_complete);
4842 if (err < 0)
4843 goto unlock;
4844
4845 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4846 data, len);
4847 if (!cmd) {
4848 err = -ENOMEM;
4849 goto unlock;
4850 }
4851
4852 hci_conn_hold(conn);
4853 cmd->user_data = conn;
4854
4855 conn->conn_info_timestamp = jiffies;
4856 } else {
4857 /* Cache is valid, just reply with values cached in hci_conn */
4858 rp.rssi = conn->rssi;
4859 rp.tx_power = conn->tx_power;
eed5daf3 4860 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4861
4862 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4863 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4864 }
4865
4866unlock:
4867 hci_dev_unlock(hdev);
4868 return err;
4869}
4870
95868426
JH		 4871static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
4872{
4873 struct mgmt_cp_get_clock_info *cp;
4874 struct mgmt_rp_get_clock_info rp;
4875 struct hci_cp_read_clock *hci_cp;
4876 struct pending_cmd *cmd;
4877 struct hci_conn *conn;
4878
4879 BT_DBG("%s status %u", hdev->name, status);
4880
4881 hci_dev_lock(hdev);
4882
4883 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4884 if (!hci_cp)
4885 goto unlock;
4886
4887 if (hci_cp->which) {
4888 u16 handle = __le16_to_cpu(hci_cp->handle);
4889 conn = hci_conn_hash_lookup_handle(hdev, handle);
4890 } else {
4891 conn = NULL;
4892 }
4893
4894 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
4895 if (!cmd)
4896 goto unlock;
4897
4898 cp = cmd->param;
4899
4900 memset(&rp, 0, sizeof(rp));
4901 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
4902
4903 if (status)
4904 goto send_rsp;
4905
4906 rp.local_clock = cpu_to_le32(hdev->clock);
4907
4908 if (conn) {
4909 rp.piconet_clock = cpu_to_le32(conn->clock);
4910 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4911 }
4912
4913send_rsp:
4914 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
4915 &rp, sizeof(rp));
4916 mgmt_pending_remove(cmd);
4917 if (conn)
4918 hci_conn_drop(conn);
4919
4920unlock:
4921 hci_dev_unlock(hdev);
4922}
4923
4924static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4925 u16 len)
4926{
4927 struct mgmt_cp_get_clock_info *cp = data;
4928 struct mgmt_rp_get_clock_info rp;
4929 struct hci_cp_read_clock hci_cp;
4930 struct pending_cmd *cmd;
4931 struct hci_request req;
4932 struct hci_conn *conn;
4933 int err;
4934
4935 BT_DBG("%s", hdev->name);
4936
4937 memset(&rp, 0, sizeof(rp));
4938 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4939 rp.addr.type = cp->addr.type;
4940
4941 if (cp->addr.type != BDADDR_BREDR)
4942 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4943 MGMT_STATUS_INVALID_PARAMS,
4944 &rp, sizeof(rp));
4945
4946 hci_dev_lock(hdev);
4947
4948 if (!hdev_is_powered(hdev)) {
4949 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4950 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4951 goto unlock;
4952 }
4953
4954 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4955 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4956 &cp->addr.bdaddr);
4957 if (!conn || conn->state != BT_CONNECTED) {
4958 err = cmd_complete(sk, hdev->id,
4959 MGMT_OP_GET_CLOCK_INFO,
4960 MGMT_STATUS_NOT_CONNECTED,
4961 &rp, sizeof(rp));
4962 goto unlock;
4963 }
4964 } else {
4965 conn = NULL;
4966 }
4967
4968 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4969 if (!cmd) {
4970 err = -ENOMEM;
4971 goto unlock;
4972 }
4973
4974 hci_req_init(&req, hdev);
4975
4976 memset(&hci_cp, 0, sizeof(hci_cp));
4977 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4978
4979 if (conn) {
4980 hci_conn_hold(conn);
4981 cmd->user_data = conn;
4982
4983 hci_cp.handle = cpu_to_le16(conn->handle);
4984 hci_cp.which = 0x01; /* Piconet clock */
4985 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4986 }
4987
4988 err = hci_req_run(&req, get_clock_info_complete);
4989 if (err < 0)
4990 mgmt_pending_remove(cmd);
4991
4992unlock:
4993 hci_dev_unlock(hdev);
4994 return err;
4995}
4996
8afef092
MH		 4997static void device_added(struct sock *sk, struct hci_dev *hdev,
4998 bdaddr_t *bdaddr, u8 type, u8 action)
4999{
5000 struct mgmt_ev_device_added ev;
5001
5002 bacpy(&ev.addr.bdaddr, bdaddr);
5003 ev.addr.type = type;
5004 ev.action = action;
5005
5006 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5007}
5008
2faade53
MH		 5009static int add_device(struct sock *sk, struct hci_dev *hdev,
5010 void *data, u16 len)
5011{
5012 struct mgmt_cp_add_device *cp = data;
5013 u8 auto_conn, addr_type;
5014 int err;
5015
5016 BT_DBG("%s", hdev->name);
5017
5018 if (!bdaddr_type_is_le(cp->addr.type) ||
5019 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5020 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5021 MGMT_STATUS_INVALID_PARAMS,
5022 &cp->addr, sizeof(cp->addr));
5023
5024 if (cp->action != 0x00 && cp->action != 0x01)
5025 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5026 MGMT_STATUS_INVALID_PARAMS,
5027 &cp->addr, sizeof(cp->addr));
5028
5029 hci_dev_lock(hdev);
5030
5031 if (cp->addr.type == BDADDR_LE_PUBLIC)
5032 addr_type = ADDR_LE_DEV_PUBLIC;
5033 else
5034 addr_type = ADDR_LE_DEV_RANDOM;
5035
5036 if (cp->action)
5037 auto_conn = HCI_AUTO_CONN_ALWAYS;
5038 else
a3451d27 5039 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5040
bf5b3c8b
MH		 5041 /* If the connection parameters don't exist for this device,
5042 * they will be created and configured with defaults.
5043 */
d06b50ce
MH		 5044 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5045 auto_conn) < 0) {
2faade53
MH		 5046 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5047 MGMT_STATUS_FAILED,
5048 &cp->addr, sizeof(cp->addr));
5049 goto unlock;
5050 }
5051
8afef092
MH		 5052 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5053
2faade53
MH		 5054 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5055 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5056
5057unlock:
5058 hci_dev_unlock(hdev);
5059 return err;
5060}
5061
8afef092
MH		 5062static void device_removed(struct sock *sk, struct hci_dev *hdev,
5063 bdaddr_t *bdaddr, u8 type)
5064{
5065 struct mgmt_ev_device_removed ev;
5066
5067 bacpy(&ev.addr.bdaddr, bdaddr);
5068 ev.addr.type = type;
5069
5070 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5071}
5072
2faade53
MH		 5073static int remove_device(struct sock *sk, struct hci_dev *hdev,
5074 void *data, u16 len)
5075{
5076 struct mgmt_cp_remove_device *cp = data;
5077 int err;
5078
5079 BT_DBG("%s", hdev->name);
5080
5081 hci_dev_lock(hdev);
5082
5083 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5084 struct hci_conn_params *params;
2faade53
MH		 5085 u8 addr_type;
5086
5087 if (!bdaddr_type_is_le(cp->addr.type)) {
5088 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5089 MGMT_STATUS_INVALID_PARAMS,
5090 &cp->addr, sizeof(cp->addr));
5091 goto unlock;
5092 }
5093
5094 if (cp->addr.type == BDADDR_LE_PUBLIC)
5095 addr_type = ADDR_LE_DEV_PUBLIC;
5096 else
5097 addr_type = ADDR_LE_DEV_RANDOM;
5098
c71593dd
JH		 5099 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5100 addr_type);
5101 if (!params) {
5102 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5103 MGMT_STATUS_INVALID_PARAMS,
5104 &cp->addr, sizeof(cp->addr));
5105 goto unlock;
5106 }
5107
5108 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5109 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5110 MGMT_STATUS_INVALID_PARAMS,
5111 &cp->addr, sizeof(cp->addr));
5112 goto unlock;
5113 }
5114
5115 hci_pend_le_conn_del(hdev, &cp->addr.bdaddr, addr_type);
5116 list_del(&params->list);
5117 kfree(params);
8afef092
MH		 5118
5119 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53
MH		 5120 } else {
5121 if (cp->addr.type) {
5122 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5123 MGMT_STATUS_INVALID_PARAMS,
5124 &cp->addr, sizeof(cp->addr));
5125 goto unlock;
5126 }
5127
c71593dd 5128 hci_conn_params_clear_enabled(hdev);
2faade53
MH		 5129 }
5130
5131 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5132 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5133
5134unlock:
5135 hci_dev_unlock(hdev);
5136 return err;
5137}
5138
a26f3dcf
JH		 5139static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5140 u16 len)
5141{
5142 struct mgmt_cp_load_conn_param *cp = data;
5143 u16 param_count, expected_len;
5144 int i;
5145
5146 if (!lmp_le_capable(hdev))
5147 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5148 MGMT_STATUS_NOT_SUPPORTED);
5149
5150 param_count = __le16_to_cpu(cp->param_count);
5151
5152 expected_len = sizeof(*cp) + param_count *
5153 sizeof(struct mgmt_conn_param);
5154 if (expected_len != len) {
5155 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5156 expected_len, len);
5157 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5158 MGMT_STATUS_INVALID_PARAMS);
5159 }
5160
5161 BT_DBG("%s param_count %u", hdev->name, param_count);
5162
5163 hci_dev_lock(hdev);
5164
5165 hci_conn_params_clear_disabled(hdev);
5166
5167 for (i = 0; i < param_count; i++) {
5168 struct mgmt_conn_param *param = &cp->params[i];
5169 struct hci_conn_params *hci_param;
5170 u16 min, max, latency, timeout;
5171 u8 addr_type;
5172
5173 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5174 param->addr.type);
5175
5176 if (param->addr.type == BDADDR_LE_PUBLIC) {
5177 addr_type = ADDR_LE_DEV_PUBLIC;
5178 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5179 addr_type = ADDR_LE_DEV_RANDOM;
5180 } else {
5181 BT_ERR("Ignoring invalid connection parameters");
5182 continue;
5183 }
5184
5185 min = le16_to_cpu(param->min_interval);
5186 max = le16_to_cpu(param->max_interval);
5187 latency = le16_to_cpu(param->latency);
5188 timeout = le16_to_cpu(param->timeout);
5189
5190 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5191 min, max, latency, timeout);
5192
5193 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5194 BT_ERR("Ignoring invalid connection parameters");
5195 continue;
5196 }
5197
5198 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5199 addr_type);
5200 if (!hci_param) {
5201 BT_ERR("Failed to add connection parameters");
5202 continue;
5203 }
5204
5205 hci_param->conn_min_interval = min;
5206 hci_param->conn_max_interval = max;
5207 hci_param->conn_latency = latency;
5208 hci_param->supervision_timeout = timeout;
5209 }
5210
5211 hci_dev_unlock(hdev);
5212
5213 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5214}
5215
2e3c35ea 5216static const struct mgmt_handler {
04124681
GP		 5217 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5218 u16 data_len);
be22b54e
JH		 5219 bool var_len;
5220 size_t data_len;
0f4e68cf
JH		 5221} mgmt_handlers[] = {
5222 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5223 { read_version, false, MGMT_READ_VERSION_SIZE },
5224 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5225 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5226 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5227 { set_powered, false, MGMT_SETTING_SIZE },
5228 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5229 { set_connectable, false, MGMT_SETTING_SIZE },
5230 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5231 { set_pairable, false, MGMT_SETTING_SIZE },
5232 { set_link_security, false, MGMT_SETTING_SIZE },
5233 { set_ssp, false, MGMT_SETTING_SIZE },
5234 { set_hs, false, MGMT_SETTING_SIZE },
5235 { set_le, false, MGMT_SETTING_SIZE },
5236 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5237 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5238 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5239 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5240 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5241 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5242 { disconnect, false, MGMT_DISCONNECT_SIZE },
5243 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5244 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5245 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5246 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5247 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5248 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5249 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5250 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5251 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5252 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5253 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5254 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5255 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5256 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5257 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5258 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5259 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5260 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5261 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5262 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5263 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5264 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5265 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5266 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5267 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5268 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5269 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5270 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5271 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5272 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5273 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5274 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
a26f3dcf 5275 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
0f4e68cf
JH		 5276};
5277
0381101f
JH		 5278int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5279{
650f726d
VCG		 5280 void *buf;
5281 u8 *cp;
0381101f 5282 struct mgmt_hdr *hdr;
4e51eae9 5283 u16 opcode, index, len;
bdb6d971 5284 struct hci_dev *hdev = NULL;
2e3c35ea 5285 const struct mgmt_handler *handler;
0381101f
JH		 5286 int err;
5287
5288 BT_DBG("got %zu bytes", msglen);
5289
5290 if (msglen < sizeof(*hdr))
5291 return -EINVAL;
5292
e63a15ec 5293 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5294 if (!buf)
5295 return -ENOMEM;
5296
5297 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5298 err = -EFAULT;
5299 goto done;
5300 }
5301
650f726d 5302 hdr = buf;
1f350c87
MH		 5303 opcode = __le16_to_cpu(hdr->opcode);
5304 index = __le16_to_cpu(hdr->index);
5305 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5306
5307 if (len != msglen - sizeof(*hdr)) {
5308 err = -EINVAL;
5309 goto done;
5310 }
5311
0f4e68cf 5312 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5313 hdev = hci_dev_get(index);
5314 if (!hdev) {
5315 err = cmd_status(sk, index, opcode,
04124681 5316 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5317 goto done;
5318 }
0736cfa8 5319
cebf4cfd 5320 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4a964404
MH		 5321 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
5322 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5323 err = cmd_status(sk, index, opcode,
5324 MGMT_STATUS_INVALID_INDEX);
5325 goto done;
5326 }
bdb6d971
JH		 5327 }
5328
0f4e68cf 5329 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5330 mgmt_handlers[opcode].func == NULL) {
0381101f 5331 BT_DBG("Unknown op %u", opcode);
ca69b795 5332 err = cmd_status(sk, index, opcode,
04124681 5333 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5334 goto done;
5335 }
5336
5337 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 5338 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 5339 err = cmd_status(sk, index, opcode,
04124681 5340 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5341 goto done;
0381101f
JH		 5342 }
5343
be22b54e
JH		 5344 handler = &mgmt_handlers[opcode];
5345
5346 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5347 (!handler->var_len && len != handler->data_len)) {
be22b54e 5348 err = cmd_status(sk, index, opcode,
04124681 5349 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5350 goto done;
5351 }
5352
0f4e68cf
JH		 5353 if (hdev)
5354 mgmt_init_hdev(sk, hdev);
5355
5356 cp = buf + sizeof(*hdr);
5357
be22b54e 5358 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5359 if (err < 0)
5360 goto done;
5361
0381101f
JH		 5362 err = msglen;
5363
5364done:
bdb6d971
JH		 5365 if (hdev)
5366 hci_dev_put(hdev);
5367
0381101f
JH		 5368 kfree(buf);
5369 return err;
5370}
c71e97bf 5371
bf6b56db 5372void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5373{
1514b892 5374 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5375 return;
bb4b2a9a 5376
0602a8ad
MH		 5377 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5378 return;
5379
5380 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5381 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5382 else
5383 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5384}
5385
bf6b56db 5386void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5387{
5f159032 5388 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5389
1514b892 5390 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5391 return;
bb4b2a9a 5392
0602a8ad
MH		 5393 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5394 return;
5395
744cf19e 5396 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5397
bf6b56db 5398 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5399}
5400
6046dc3e
AG		 5401/* This function requires the caller holds hdev->lock */
5402static void restart_le_auto_conns(struct hci_dev *hdev)
5403{
5404 struct hci_conn_params *p;
c83ed19d 5405 bool added = false;
6046dc3e
AG		 5406
5407 list_for_each_entry(p, &hdev->le_conn_params, list) {
c83ed19d 5408 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS) {
6046dc3e 5409 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
c83ed19d
MH		 5410 added = true;
5411 }
6046dc3e 5412 }
c83ed19d
MH		 5413
5414 /* Calling hci_pend_le_conn_add will actually already trigger
5415 * background scanning when needed. So no need to trigger it
5416 * just another time.
5417 *
5418 * This check is here to avoid an unneeded restart of the
5419 * passive scanning. Since this is during the controller
5420 * power up phase the duplicate filtering is not an issue.
5421 */
5422 if (added)
5423 return;
5424
5425 hci_update_background_scan(hdev);
6046dc3e
AG		 5426}
5427
229ab39c
JH		 5428static void powered_complete(struct hci_dev *hdev, u8 status)
5429{
5430 struct cmd_lookup match = { NULL, hdev };
5431
5432 BT_DBG("status 0x%02x", status);
5433
5434 hci_dev_lock(hdev);
5435
6046dc3e
AG		 5436 restart_le_auto_conns(hdev);
5437
229ab39c
JH		 5438 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5439
5440 new_settings(hdev, match.sk);
5441
5442 hci_dev_unlock(hdev);
5443
5444 if (match.sk)
5445 sock_put(match.sk);
5446}
5447
70da6243 5448static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5449{
890ea898 5450 struct hci_request req;
70da6243 5451 u8 link_sec;
5add6af8 5452
890ea898
JH		 5453 hci_req_init(&req, hdev);
5454
70da6243
JH		 5455 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5456 !lmp_host_ssp_capable(hdev)) {
5457 u8 ssp = 1;
5e5282bb 5458
890ea898 5459 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5460 }
5add6af8 5461
c73eee91
JH		 5462 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5463 lmp_bredr_capable(hdev)) {
70da6243 5464 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5465
70da6243
JH		 5466 cp.le = 1;
5467 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5468
70da6243
JH		 5469 /* Check first if we already have the right
5470 * host state (host features set)
5471 */
5472 if (cp.le != lmp_host_le_capable(hdev) ||
5473 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5474 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5475 sizeof(cp), &cp);
70da6243 5476 }
3d1cbdd6 5477
d13eafce 5478 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5479 /* Make sure the controller has a good default for
5480 * advertising data. This also applies to the case
5481 * where BR/EDR was toggled during the AUTO_OFF phase.
5482 */
f14d8f64 5483 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5484 update_adv_data(&req);
f14d8f64
MH		 5485 update_scan_rsp_data(&req);
5486 }
441ad2d0 5487
bba3aa55
MH		 5488 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5489 enable_advertising(&req);
eeca6f89
JH		 5490 }
5491
70da6243
JH		 5492 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5493 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5494 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5495 sizeof(link_sec), &link_sec);
562fcc24 5496
70da6243 5497 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5498 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5499 set_bredr_scan(&req);
890ea898 5500 update_class(&req);
13928971 5501 update_name(&req);
890ea898 5502 update_eir(&req);
70da6243 5503 }
562fcc24 5504
229ab39c 5505 return hci_req_run(&req, powered_complete);
70da6243 5506}
562fcc24 5507
70da6243
JH		 5508int mgmt_powered(struct hci_dev *hdev, u8 powered)
5509{
5510 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5511 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5512 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5513 int err;
f0ff92fb 5514
70da6243
JH		 5515 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5516 return 0;
5517
70da6243 5518 if (powered) {
229ab39c
JH		 5519 if (powered_update_hci(hdev) == 0)
5520 return 0;
fe038884 5521
229ab39c
JH		 5522 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5523 &match);
5524 goto new_settings;
b24752fe
JH		 5525 }
5526
229ab39c
JH		 5527 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5528 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5529
5530 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5531 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5532 zero_cod, sizeof(zero_cod), NULL);
5533
5534new_settings:
beadb2bd 5535 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5536
5537 if (match.sk)
5538 sock_put(match.sk);
5539
7bb895d6 5540 return err;
5add6af8 5541}
73f22f62 5542
3eec705e 5543void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5544{
5545 struct pending_cmd *cmd;
5546 u8 status;
5547
5548 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5549 if (!cmd)
3eec705e 5550 return;
96570ffc
JH		 5551
5552 if (err == -ERFKILL)
5553 status = MGMT_STATUS_RFKILLED;
5554 else
5555 status = MGMT_STATUS_FAILED;
5556
3eec705e 5557 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5558
5559 mgmt_pending_remove(cmd);
96570ffc
JH		 5560}
5561
d1967ff8
MH		 5562void mgmt_discoverable_timeout(struct hci_dev *hdev)
5563{
5564 struct hci_request req;
d1967ff8
MH		 5565
5566 hci_dev_lock(hdev);
5567
5568 /* When discoverable timeout triggers, then just make sure
5569 * the limited discoverable flag is cleared. Even in the case
5570 * of a timeout triggered from general discoverable, it is
5571 * safe to unconditionally clear the flag.
5572 */
5573 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5574 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5575
5576 hci_req_init(&req, hdev);
4b580614
JH		 5577 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5578 u8 scan = SCAN_PAGE;
5579 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5580 sizeof(scan), &scan);
5581 }
d1967ff8 5582 update_class(&req);
9a43e25f 5583 update_adv_data(&req);
d1967ff8
MH		 5584 hci_req_run(&req, NULL);
5585
5586 hdev->discov_timeout = 0;
5587
9a43e25f
JH		 5588 new_settings(hdev, NULL);
5589
d1967ff8
MH		 5590 hci_dev_unlock(hdev);
5591}
5592
86a75645 5593void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5594{
86a75645 5595 bool changed;
73f22f62 5596
bfaf8c9f
JH		 5597 /* Nothing needed here if there's a pending command since that
5598 * commands request completion callback takes care of everything
5599 * necessary.
5600 */
5601 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5602 return;
bfaf8c9f 5603
bd107999
JH		 5604 /* Powering off may clear the scan mode - don't let that interfere */
5605 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5606 return;
5607
9a43e25f 5608 if (discoverable) {
86a75645 5609 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5610 } else {
5611 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5612 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5613 }
5614
5615 if (changed) {
5616 struct hci_request req;
5617
5618 /* In case this change in discoverable was triggered by
5619 * a disabling of connectable there could be a need to
5620 * update the advertising flags.
5621 */
5622 hci_req_init(&req, hdev);
5623 update_adv_data(&req);
5624 hci_req_run(&req, NULL);
73f22f62 5625
86a75645 5626 new_settings(hdev, NULL);
9a43e25f 5627 }
73f22f62 5628}
9fbcbb45 5629
a330916c 5630void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5631{
a330916c 5632 bool changed;
9fbcbb45 5633
d7b856f9
JH		 5634 /* Nothing needed here if there's a pending command since that
5635 * commands request completion callback takes care of everything
5636 * necessary.
5637 */
5638 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5639 return;
d7b856f9 5640
ce3f24cf
JH		 5641 /* Powering off may clear the scan mode - don't let that interfere */
5642 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5643 return;
5644
a330916c
MH		 5645 if (connectable)
5646 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5647 else
5648 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5649
beadb2bd 5650 if (changed)
a330916c 5651 new_settings(hdev, NULL);
9fbcbb45 5652}
55ed8ca1 5653
778b235a
JH		 5654void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5655{
7c4cfab8
JH		 5656 /* Powering off may stop advertising - don't let that interfere */
5657 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5658 return;
5659
778b235a
JH		 5660 if (advertising)
5661 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5662 else
5663 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5664}
5665
4796e8af 5666void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5667{
ca69b795
JH		 5668 u8 mgmt_err = mgmt_status(status);
5669
2d7cee58 5670 if (scan & SCAN_PAGE)
744cf19e 5671 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5672 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5673
5674 if (scan & SCAN_INQUIRY)
744cf19e 5675 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5676 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5677}
5678
dc4a5ee2
MH		 5679void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5680 bool persistent)
55ed8ca1 5681{
86742e1e 5682 struct mgmt_ev_new_link_key ev;
55ed8ca1 5683
a492cd52 5684 memset(&ev, 0, sizeof(ev));
55ed8ca1 5685
a492cd52 5686 ev.store_hint = persistent;
d753fdc4 5687 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5688 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5689 ev.key.type = key->type;
9b3b4460 5690 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5691 ev.key.pin_len = key->pin_len;
55ed8ca1 5692
dc4a5ee2 5693 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5694}
f7520543 5695
d7b25450
JH		 5696static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5697{
5698 if (ltk->authenticated)
5699 return MGMT_LTK_AUTHENTICATED;
5700
5701 return MGMT_LTK_UNAUTHENTICATED;
5702}
5703
53ac6ab6 5704void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5705{
5706 struct mgmt_ev_new_long_term_key ev;
5707
5708 memset(&ev, 0, sizeof(ev));
5709
5192d301
MH		 5710 /* Devices using resolvable or non-resolvable random addresses
5711 * without providing an indentity resolving key don't require
5712 * to store long term keys. Their addresses will change the
5713 * next time around.
5714 *
5715 * Only when a remote device provides an identity address
5716 * make sure the long term key is stored. If the remote
5717 * identity is known, the long term keys are internally
5718 * mapped to the identity address. So allow static random
5719 * and public addresses here.
5720 */
ba74b666
JH		 5721 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5722 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5723 ev.store_hint = 0x00;
5724 else
53ac6ab6 5725 ev.store_hint = persistent;
ba74b666 5726
346af67b 5727 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5728 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5729 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5730 ev.key.enc_size = key->enc_size;
5731 ev.key.ediv = key->ediv;
fe39c7b2 5732 ev.key.rand = key->rand;
346af67b 5733
2ceba539 5734 if (key->type == SMP_LTK)
346af67b
VCG		 5735 ev.key.master = 1;
5736
346af67b
VCG		 5737 memcpy(ev.key.val, key->val, sizeof(key->val));
5738
083368f7 5739 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5740}
5741
95fbac8a
JH		 5742void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5743{
5744 struct mgmt_ev_new_irk ev;
5745
5746 memset(&ev, 0, sizeof(ev));
5747
bab6d1e5
MH		 5748 /* For identity resolving keys from devices that are already
5749 * using a public address or static random address, do not
5750 * ask for storing this key. The identity resolving key really
5751 * is only mandatory for devices using resovlable random
5752 * addresses.
5753 *
5754 * Storing all identity resolving keys has the downside that
5755 * they will be also loaded on next boot of they system. More
5756 * identity resolving keys, means more time during scanning is
5757 * needed to actually resolve these addresses.
5758 */
5759 if (bacmp(&irk->rpa, BDADDR_ANY))
5760 ev.store_hint = 0x01;
5761 else
5762 ev.store_hint = 0x00;
5763
95fbac8a
JH		 5764 bacpy(&ev.rpa, &irk->rpa);
5765 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5766 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5767 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5768
5769 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5770}
5771
53ac6ab6
MH		 5772void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5773 bool persistent)
7ee4ea36
MH		 5774{
5775 struct mgmt_ev_new_csrk ev;
5776
5777 memset(&ev, 0, sizeof(ev));
5778
5779 /* Devices using resolvable or non-resolvable random addresses
5780 * without providing an indentity resolving key don't require
5781 * to store signature resolving keys. Their addresses will change
5782 * the next time around.
5783 *
5784 * Only when a remote device provides an identity address
5785 * make sure the signature resolving key is stored. So allow
5786 * static random and public addresses here.
5787 */
5788 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5789 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5790 ev.store_hint = 0x00;
5791 else
53ac6ab6 5792 ev.store_hint = persistent;
7ee4ea36
MH		 5793
5794 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5795 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5796 ev.key.master = csrk->master;
5797 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5798
5799 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5800}
5801
ffb5a827 5802void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 5803 u8 bdaddr_type, u8 store_hint, u16 min_interval,
5804 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 5805{
5806 struct mgmt_ev_new_conn_param ev;
5807
c103aea6
JH		 5808 if (!hci_is_identity_address(bdaddr, bdaddr_type))
5809 return;
5810
ffb5a827
AG		 5811 memset(&ev, 0, sizeof(ev));
5812 bacpy(&ev.addr.bdaddr, bdaddr);
5813 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 5814 ev.store_hint = store_hint;
ffb5a827
AG		 5815 ev.min_interval = cpu_to_le16(min_interval);
5816 ev.max_interval = cpu_to_le16(max_interval);
5817 ev.latency = cpu_to_le16(latency);
5818 ev.timeout = cpu_to_le16(timeout);
5819
5820 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
5821}
5822
94933991
MH		 5823static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5824 u8 data_len)
5825{
5826 eir[eir_len++] = sizeof(type) + data_len;
5827 eir[eir_len++] = type;
5828 memcpy(&eir[eir_len], data, data_len);
5829 eir_len += data_len;
5830
5831 return eir_len;
5832}
5833
ecd90ae7
MH		 5834void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5835 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5836 u8 *dev_class)
f7520543 5837{
b644ba33
JH		 5838 char buf[512];
5839 struct mgmt_ev_device_connected *ev = (void *) buf;
5840 u16 eir_len = 0;
f7520543 5841
b644ba33 5842 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5843 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5844
c95f0ba7 5845 ev->flags = __cpu_to_le32(flags);
08c79b61 5846
b644ba33
JH		 5847 if (name_len > 0)
5848 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5849 name, name_len);
b644ba33
JH		 5850
5851 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5852 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5853 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5854
eb55ef07 5855 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5856
ecd90ae7
MH		 5857 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5858 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5859}
5860
8962ee74
JH		 5861static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5862{
c68fb7ff 5863 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5864 struct sock **sk = data;
a38528f1 5865 struct mgmt_rp_disconnect rp;
8962ee74 5866
88c3df13
JH		 5867 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5868 rp.addr.type = cp->addr.type;
8962ee74 5869
aee9b218 5870 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5871 sizeof(rp));
8962ee74
JH		 5872
5873 *sk = cmd->sk;
5874 sock_hold(*sk);
5875
a664b5bc 5876 mgmt_pending_remove(cmd);
8962ee74
JH		 5877}
5878
124f6e35 5879static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5880{
b1078ad0 5881 struct hci_dev *hdev = data;
124f6e35
JH		 5882 struct mgmt_cp_unpair_device *cp = cmd->param;
5883 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5884
5885 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5886 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5887 rp.addr.type = cp->addr.type;
a8a1d19e 5888
b1078ad0
JH		 5889 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5890
aee9b218 5891 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5892
5893 mgmt_pending_remove(cmd);
5894}
5895
9b80ec5e 5896void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5897 u8 link_type, u8 addr_type, u8 reason,
5898 bool mgmt_connected)
f7520543 5899{
f0d6a0ea 5900 struct mgmt_ev_device_disconnected ev;
8b064a3a 5901 struct pending_cmd *power_off;
8962ee74 5902 struct sock *sk = NULL;
8962ee74 5903
8b064a3a
JH		 5904 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5905 if (power_off) {
5906 struct mgmt_mode *cp = power_off->param;
5907
5908 /* The connection is still in hci_conn_hash so test for 1
5909 * instead of 0 to know if this is the last one.
5910 */
a3172b7e
JH		 5911 if (!cp->val && hci_conn_count(hdev) == 1) {
5912 cancel_delayed_work(&hdev->power_off);
8b064a3a 5913 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5914 }
8b064a3a
JH		 5915 }
5916
12d4a3b2
JH		 5917 if (!mgmt_connected)
5918 return;
5919
57eb776f
AG		 5920 if (link_type != ACL_LINK && link_type != LE_LINK)
5921 return;
5922
744cf19e 5923 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5924
f0d6a0ea
MA		 5925 bacpy(&ev.addr.bdaddr, bdaddr);
5926 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5927 ev.reason = reason;
f7520543 5928
9b80ec5e 5929 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5930
5931 if (sk)
d97dcb66 5932 sock_put(sk);
8962ee74 5933
124f6e35 5934 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5935 hdev);
8962ee74
JH		 5936}
5937
7892924c
MH		 5938void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5939 u8 link_type, u8 addr_type, u8 status)
8962ee74 5940{
3655bba8
AG		 5941 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5942 struct mgmt_cp_disconnect *cp;
88c3df13 5943 struct mgmt_rp_disconnect rp;
8962ee74 5944 struct pending_cmd *cmd;
8962ee74 5945
36a75f1b
JD		 5946 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5947 hdev);
5948
2e58ef3e 5949 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5950 if (!cmd)
7892924c 5951 return;
8962ee74 5952
3655bba8
AG		 5953 cp = cmd->param;
5954
5955 if (bacmp(bdaddr, &cp->addr.bdaddr))
5956 return;
5957
5958 if (cp->addr.type != bdaddr_type)
5959 return;
5960
88c3df13 5961 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5962 rp.addr.type = bdaddr_type;
37d9ef76 5963
7892924c
MH		 5964 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5965 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5966
a664b5bc 5967 mgmt_pending_remove(cmd);
f7520543 5968}
17d5c04c 5969
445608d0
MH		 5970void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5971 u8 addr_type, u8 status)
17d5c04c
JH		 5972{
5973 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5974 struct pending_cmd *power_off;
5975
5976 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5977 if (power_off) {
5978 struct mgmt_mode *cp = power_off->param;
5979
5980 /* The connection is still in hci_conn_hash so test for 1
5981 * instead of 0 to know if this is the last one.
5982 */
a3172b7e
JH		 5983 if (!cp->val && hci_conn_count(hdev) == 1) {
5984 cancel_delayed_work(&hdev->power_off);
c9910d0f 5985 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5986 }
c9910d0f 5987 }
17d5c04c 5988
4c659c39 5989 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5990 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5991 ev.status = mgmt_status(status);
17d5c04c 5992
445608d0 5993 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5994}
980e1a53 5995
ce0e4a0d 5996void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5997{
5998 struct mgmt_ev_pin_code_request ev;
5999
d8457698 6000 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6001 ev.addr.type = BDADDR_BREDR;
a770bb5a 6002 ev.secure = secure;
980e1a53 6003
ce0e4a0d 6004 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6005}
6006
e669cf80
MH		 6007void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6008 u8 status)
980e1a53
JH		 6009{
6010 struct pending_cmd *cmd;
ac56fb13 6011 struct mgmt_rp_pin_code_reply rp;
980e1a53 6012
2e58ef3e 6013 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6014 if (!cmd)
e669cf80 6015 return;
980e1a53 6016
d8457698 6017 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6018 rp.addr.type = BDADDR_BREDR;
ac56fb13 6019
e669cf80
MH		 6020 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6021 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6022
a664b5bc 6023 mgmt_pending_remove(cmd);
980e1a53
JH		 6024}
6025
3eb38528
MH		 6026void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6027 u8 status)
980e1a53
JH		 6028{
6029 struct pending_cmd *cmd;
ac56fb13 6030 struct mgmt_rp_pin_code_reply rp;
980e1a53 6031
2e58ef3e 6032 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6033 if (!cmd)
3eb38528 6034 return;
980e1a53 6035
d8457698 6036 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6037 rp.addr.type = BDADDR_BREDR;
ac56fb13 6038
3eb38528
MH		 6039 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6040 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6041
a664b5bc 6042 mgmt_pending_remove(cmd);
980e1a53 6043}
a5c29683 6044
744cf19e 6045int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6046 u8 link_type, u8 addr_type, u32 value,
04124681 6047 u8 confirm_hint)
a5c29683
JH		 6048{
6049 struct mgmt_ev_user_confirm_request ev;
6050
744cf19e 6051 BT_DBG("%s", hdev->name);
a5c29683 6052
272d90df 6053 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6054 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6055 ev.confirm_hint = confirm_hint;
39adbffe 6056 ev.value = cpu_to_le32(value);
a5c29683 6057
744cf19e 6058 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6059 NULL);
a5c29683
JH		 6060}
6061
272d90df 6062int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6063 u8 link_type, u8 addr_type)
604086b7
BG		 6064{
6065 struct mgmt_ev_user_passkey_request ev;
6066
6067 BT_DBG("%s", hdev->name);
6068
272d90df 6069 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6070 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6071
6072 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6073 NULL);
604086b7
BG		 6074}
6075
0df4c185 6076static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6077 u8 link_type, u8 addr_type, u8 status,
6078 u8 opcode)
a5c29683
JH		 6079{
6080 struct pending_cmd *cmd;
6081 struct mgmt_rp_user_confirm_reply rp;
6082 int err;
6083
2e58ef3e 6084 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6085 if (!cmd)
6086 return -ENOENT;
6087
272d90df 6088 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6089 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6090 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6091 &rp, sizeof(rp));
a5c29683 6092
a664b5bc 6093 mgmt_pending_remove(cmd);
a5c29683
JH		 6094
6095 return err;
6096}
6097
744cf19e 6098int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6099 u8 link_type, u8 addr_type, u8 status)
a5c29683 6100{
272d90df 6101 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6102 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6103}
6104
272d90df 6105int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6106 u8 link_type, u8 addr_type, u8 status)
a5c29683 6107{
272d90df 6108 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6109 status,
6110 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6111}
2a611692 6112
604086b7 6113int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6114 u8 link_type, u8 addr_type, u8 status)
604086b7 6115{
272d90df 6116 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6117 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6118}
6119
272d90df 6120int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6121 u8 link_type, u8 addr_type, u8 status)
604086b7 6122{
272d90df 6123 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6124 status,
6125 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6126}
6127
92a25256
JH		 6128int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6129 u8 link_type, u8 addr_type, u32 passkey,
6130 u8 entered)
6131{
6132 struct mgmt_ev_passkey_notify ev;
6133
6134 BT_DBG("%s", hdev->name);
6135
6136 bacpy(&ev.addr.bdaddr, bdaddr);
6137 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6138 ev.passkey = __cpu_to_le32(passkey);
6139 ev.entered = entered;
6140
6141 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6142}
6143
e546099c
MH		 6144void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6145 u8 addr_type, u8 status)
2a611692
JH		 6146{
6147 struct mgmt_ev_auth_failed ev;
6148
bab73cb6 6149 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6150 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6151 ev.status = mgmt_status(status);
2a611692 6152
e546099c 6153 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6154}
b312b161 6155
464996ae 6156void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6157{
6158 struct cmd_lookup match = { NULL, hdev };
464996ae 6159 bool changed;
33ef95ed
JH		 6160
6161 if (status) {
6162 u8 mgmt_err = mgmt_status(status);
6163 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6164 cmd_status_rsp, &mgmt_err);
464996ae 6165 return;
33ef95ed
JH		 6166 }
6167
464996ae
MH		 6168 if (test_bit(HCI_AUTH, &hdev->flags))
6169 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6170 &hdev->dev_flags);
6171 else
6172 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6173 &hdev->dev_flags);
47990ea0 6174
33ef95ed 6175 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6176 &match);
33ef95ed 6177
47990ea0 6178 if (changed)
464996ae 6179 new_settings(hdev, match.sk);
33ef95ed
JH		 6180
6181 if (match.sk)
6182 sock_put(match.sk);
33ef95ed
JH		 6183}
6184
890ea898 6185static void clear_eir(struct hci_request *req)
cacaf52f 6186{
890ea898 6187 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6188 struct hci_cp_write_eir cp;
6189
976eb20e 6190 if (!lmp_ext_inq_capable(hdev))
890ea898 6191 return;
cacaf52f 6192
c80da27e
JH		 6193 memset(hdev->eir, 0, sizeof(hdev->eir));
6194
cacaf52f
JH		 6195 memset(&cp, 0, sizeof(cp));
6196
890ea898 6197 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6198}
6199
3e248560 6200void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6201{
6202 struct cmd_lookup match = { NULL, hdev };
890ea898 6203 struct hci_request req;
c0ecddc2 6204 bool changed = false;
ed2c4ee3
JH		 6205
6206 if (status) {
6207 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6208
6209 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6210 &hdev->dev_flags)) {
6211 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6212 new_settings(hdev, NULL);
9ecb3e24 6213 }
c0ecddc2 6214
04124681
GP		 6215 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6216 &mgmt_err);
3e248560 6217 return;
c0ecddc2
JH		 6218 }
6219
6220 if (enable) {
9ecb3e24 6221 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6222 } else {
9ecb3e24
MH		 6223 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6224 if (!changed)
6225 changed = test_and_clear_bit(HCI_HS_ENABLED,
6226 &hdev->dev_flags);
6227 else
6228 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6229 }
6230
6231 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6232
c0ecddc2 6233 if (changed)
3e248560 6234 new_settings(hdev, match.sk);
ed2c4ee3 6235
5fc6ebb1 6236 if (match.sk)
ed2c4ee3
JH		 6237 sock_put(match.sk);
6238
890ea898
JH		 6239 hci_req_init(&req, hdev);
6240
3769972b
JH		 6241 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6242 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6243 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6244 sizeof(enable), &enable);
890ea898 6245 update_eir(&req);
3769972b 6246 } else {
890ea898 6247 clear_eir(&req);
3769972b 6248 }
890ea898
JH		 6249
6250 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6251}
6252
eac83dc6
MH		 6253void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6254{
6255 struct cmd_lookup match = { NULL, hdev };
6256 bool changed = false;
6257
6258 if (status) {
6259 u8 mgmt_err = mgmt_status(status);
6260
0ab04a9c
MH		 6261 if (enable) {
6262 if (test_and_clear_bit(HCI_SC_ENABLED,
6263 &hdev->dev_flags))
6264 new_settings(hdev, NULL);
6265 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6266 }
eac83dc6
MH		 6267
6268 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6269 cmd_status_rsp, &mgmt_err);
6270 return;
6271 }
6272
0ab04a9c 6273 if (enable) {
eac83dc6 6274 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6275 } else {
eac83dc6 6276 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6277 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6278 }
eac83dc6
MH		 6279
6280 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6281 settings_rsp, &match);
6282
6283 if (changed)
6284 new_settings(hdev, match.sk);
6285
6286 if (match.sk)
6287 sock_put(match.sk);
6288}
6289
92da6097 6290static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6291{
6292 struct cmd_lookup *match = data;
6293
90e70454
JH		 6294 if (match->sk == NULL) {
6295 match->sk = cmd->sk;
6296 sock_hold(match->sk);
6297 }
90e70454
JH		 6298}
6299
4e1b0245
MH		 6300void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6301 u8 status)
7f9a903c 6302{
90e70454 6303 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6304
92da6097
JH		 6305 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6306 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6307 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6308
6309 if (!status)
4e1b0245
MH		 6310 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6311 NULL);
90e70454
JH		 6312
6313 if (match.sk)
6314 sock_put(match.sk);
7f9a903c
MH		 6315}
6316
7667da34 6317void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6318{
b312b161 6319 struct mgmt_cp_set_local_name ev;
13928971 6320 struct pending_cmd *cmd;
28cc7bde 6321
13928971 6322 if (status)
7667da34 6323 return;
b312b161
JH		 6324
6325 memset(&ev, 0, sizeof(ev));
6326 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6327 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6328
2e58ef3e 6329 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6330 if (!cmd) {
6331 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6332
13928971
JH		 6333 /* If this is a HCI command related to powering on the
6334 * HCI dev don't send any mgmt signals.
6335 */
6336 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6337 return;
890ea898 6338 }
b312b161 6339
7667da34
MH		 6340 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6341 cmd ? cmd->sk : NULL);
b312b161 6342}
c35938b2 6343
4d2d2796
MH		 6344void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6345 u8 *randomizer192, u8 *hash256,
6346 u8 *randomizer256, u8 status)
c35938b2
SJ		 6347{
6348 struct pending_cmd *cmd;
c35938b2 6349
744cf19e 6350 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6351
2e58ef3e 6352 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6353 if (!cmd)
3edaf092 6354 return;
c35938b2
SJ		 6355
6356 if (status) {
3edaf092
MH		 6357 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6358 mgmt_status(status));
c35938b2 6359 } else {
4d2d2796
MH		 6360 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6361 hash256 && randomizer256) {
6362 struct mgmt_rp_read_local_oob_ext_data rp;
6363
6364 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6365 memcpy(rp.randomizer192, randomizer192,
6366 sizeof(rp.randomizer192));
c35938b2 6367
4d2d2796
MH		 6368 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6369 memcpy(rp.randomizer256, randomizer256,
6370 sizeof(rp.randomizer256));
c35938b2 6371
4d2d2796
MH		 6372 cmd_complete(cmd->sk, hdev->id,
6373 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6374 &rp, sizeof(rp));
6375 } else {
6376 struct mgmt_rp_read_local_oob_data rp;
6377
6378 memcpy(rp.hash, hash192, sizeof(rp.hash));
6379 memcpy(rp.randomizer, randomizer192,
6380 sizeof(rp.randomizer));
6381
6382 cmd_complete(cmd->sk, hdev->id,
6383 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6384 &rp, sizeof(rp));
6385 }
c35938b2
SJ		 6386 }
6387
6388 mgmt_pending_remove(cmd);
c35938b2 6389}
e17acd40 6390
901801b9 6391void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6392 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6393 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6394{
e319d2e7
JH		 6395 char buf[512];
6396 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6397 struct smp_irk *irk;
1dc06093 6398 size_t ev_size;
e17acd40 6399
12602d0c 6400 if (!hci_discovery_active(hdev))
901801b9 6401 return;
12602d0c 6402
5d2e9fad
JH		 6403 /* Make sure that the buffer is big enough. The 5 extra bytes
6404 * are for the potential CoD field.
6405 */
6406 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6407 return;
7d262f86 6408
1dc06093
JH		 6409 memset(buf, 0, sizeof(buf));
6410
5cedbb8d
JH		 6411 irk = hci_get_irk(hdev, bdaddr, addr_type);
6412 if (irk) {
6413 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6414 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6415 } else {
6416 bacpy(&ev->addr.bdaddr, bdaddr);
6417 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6418 }
6419
e319d2e7 6420 ev->rssi = rssi;
af58925c 6421 ev->flags = cpu_to_le32(flags);
e17acd40 6422
1dc06093 6423 if (eir_len > 0)
e319d2e7 6424 memcpy(ev->eir, eir, eir_len);
e17acd40 6425
1dc06093
JH		 6426 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6427 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6428 dev_class, 3);
1dc06093 6429
5d2e9fad
JH		 6430 if (scan_rsp_len > 0)
6431 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6432
6433 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6434 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6435
901801b9 6436 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6437}
a88a9652 6438
9cf12aee
MH		 6439void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6440 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6441{
b644ba33
JH		 6442 struct mgmt_ev_device_found *ev;
6443 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6444 u16 eir_len;
a88a9652 6445
b644ba33 6446 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6447
b644ba33
JH		 6448 memset(buf, 0, sizeof(buf));
6449
6450 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6451 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6452 ev->rssi = rssi;
6453
6454 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6455 name_len);
b644ba33 6456
eb55ef07 6457 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6458
9cf12aee 6459 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6460}
314b2381 6461
2f1e063b 6462void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6463{
f963e8e9 6464 struct mgmt_ev_discovering ev;
164a6e78
JH		 6465 struct pending_cmd *cmd;
6466
343fb145
AG		 6467 BT_DBG("%s discovering %u", hdev->name, discovering);
6468
164a6e78 6469 if (discovering)
2e58ef3e 6470 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6471 else
2e58ef3e 6472 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6473
6474 if (cmd != NULL) {
f808e166
JH		 6475 u8 type = hdev->discovery.type;
6476
04124681
GP		 6477 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6478 sizeof(type));
164a6e78
JH		 6479 mgmt_pending_remove(cmd);
6480 }
6481
f963e8e9
JH		 6482 memset(&ev, 0, sizeof(ev));
6483 ev.type = hdev->discovery.type;
6484 ev.discovering = discovering;
6485
2f1e063b 6486 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6487}
5e762444 6488
5976e608
MH		 6489static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6490{
6491 BT_DBG("%s status %u", hdev->name, status);
6492
6493 /* Clear the advertising mgmt setting if we failed to re-enable it */
6494 if (status) {
6495 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6496 new_settings(hdev, NULL);
5976e608
MH		 6497 }
6498}
6499
6500void mgmt_reenable_advertising(struct hci_dev *hdev)
6501{
6502 struct hci_request req;
6503
b145edcd 6504 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6505 return;
6506
6507 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6508 return;
6509
6510 hci_req_init(&req, hdev);
6511 enable_advertising(&req);
6512
6513 /* If this fails we have no option but to let user space know
6514 * that we've disabled advertising.
6515 */
6516 if (hci_req_run(&req, adv_enable_complete) < 0) {
6517 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6518 new_settings(hdev, NULL);
5976e608
MH		 6519 }
6520}
Linux kernel - Deliverables
This page took 0.715233 seconds and 5 git commands to generate.