projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Simplify usage of the enable_advertising function
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
4b34ee78
JH		 132#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
133 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
134
eec8d2bc
JH		 135struct pending_cmd {
136 struct list_head list;
fc2f4b13 137 u16 opcode;
eec8d2bc 138 int index;
c68fb7ff 139 void *param;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
69ab39ea 556 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 558
ed3fa31f 559 if (lmp_bredr_capable(hdev)) {
33c525c0 560 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 561 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
562 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 563 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 580 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 581 }
69ab39ea 582
eb1904f4
MH		 583 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
584 hdev->set_bdaddr)
9fc3bfb6
MH		 585 settings |= MGMT_SETTING_CONFIGURATION;
586
69ab39ea
JH		 587 return settings;
588}
589
590static u32 get_current_settings(struct hci_dev *hdev)
591{
592 u32 settings = 0;
593
f1f0eb02 594 if (hdev_is_powered(hdev))
f0d4b78a
MH		 595 settings |= MGMT_SETTING_POWERED;
596
5e5282bb 597 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 598 settings |= MGMT_SETTING_CONNECTABLE;
599
1a4d3c4b
JH		 600 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_FAST_CONNECTABLE;
602
5e5282bb 603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_DISCOVERABLE;
605
a8b2d5c2 606 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_PAIRABLE;
608
56f87901 609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_BREDR;
611
06199cf8 612 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LE;
614
47990ea0 615 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_LINK_SECURITY;
617
84bde9d6 618 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 619 settings |= MGMT_SETTING_SSP;
620
6d80dfd0
JH		 621 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
622 settings |= MGMT_SETTING_HS;
623
f3d3444a 624 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 625 settings |= MGMT_SETTING_ADVERTISING;
626
e98d2ce2
MH		 627 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
628 settings |= MGMT_SETTING_SECURE_CONN;
629
0663b297 630 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 631 settings |= MGMT_SETTING_DEBUG_KEYS;
632
0f4bd942
JH		 633 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
634 settings |= MGMT_SETTING_PRIVACY;
635
69ab39ea
JH		 636 return settings;
637}
638
ef580372
JH		 639#define PNP_INFO_SVCLASS_ID 0x1200
640
213202ed
JH		 641static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
642{
643 u8 *ptr = data, *uuids_start = NULL;
644 struct bt_uuid *uuid;
645
646 if (len < 4)
647 return ptr;
648
649 list_for_each_entry(uuid, &hdev->uuids, list) {
650 u16 uuid16;
651
652 if (uuid->size != 16)
653 continue;
654
655 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 < 0x1100)
657 continue;
658
659 if (uuid16 == PNP_INFO_SVCLASS_ID)
660 continue;
661
662 if (!uuids_start) {
663 uuids_start = ptr;
664 uuids_start[0] = 1;
665 uuids_start[1] = EIR_UUID16_ALL;
666 ptr += 2;
667 }
668
669 /* Stop if not enough space to put next UUID */
670 if ((ptr - data) + sizeof(u16) > len) {
671 uuids_start[1] = EIR_UUID16_SOME;
672 break;
673 }
674
675 *ptr++ = (uuid16 & 0x00ff);
676 *ptr++ = (uuid16 & 0xff00) >> 8;
677 uuids_start[0] += sizeof(uuid16);
678 }
679
680 return ptr;
681}
682
cdf1963f
JH		 683static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
684{
685 u8 *ptr = data, *uuids_start = NULL;
686 struct bt_uuid *uuid;
687
688 if (len < 6)
689 return ptr;
690
691 list_for_each_entry(uuid, &hdev->uuids, list) {
692 if (uuid->size != 32)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID32_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u32) > len) {
704 uuids_start[1] = EIR_UUID32_SOME;
705 break;
706 }
707
708 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
709 ptr += sizeof(u32);
710 uuids_start[0] += sizeof(u32);
711 }
712
713 return ptr;
714}
715
c00d575b
JH		 716static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 18)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 128)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID128_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + 16 > len) {
737 uuids_start[1] = EIR_UUID128_SOME;
738 break;
739 }
740
741 memcpy(ptr, uuid->uuid, 16);
742 ptr += 16;
743 uuids_start[0] += 16;
744 }
745
746 return ptr;
747}
748
eb2a8d20
JH		 749static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
750{
751 struct pending_cmd *cmd;
752
753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
754 if (cmd->opcode == opcode)
755 return cmd;
756 }
757
758 return NULL;
759}
760
95868426
JH		 761static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
762 struct hci_dev *hdev,
763 const void *data)
764{
765 struct pending_cmd *cmd;
766
767 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
768 if (cmd->user_data != data)
769 continue;
770 if (cmd->opcode == opcode)
771 return cmd;
772 }
773
774 return NULL;
775}
776
f14d8f64
MH		 777static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
778{
7a5f4990
MH		 779 u8 ad_len = 0;
780 size_t name_len;
781
782 name_len = strlen(hdev->dev_name);
783 if (name_len > 0) {
784 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
785
786 if (name_len > max_len) {
787 name_len = max_len;
788 ptr[1] = EIR_NAME_SHORT;
789 } else
790 ptr[1] = EIR_NAME_COMPLETE;
791
792 ptr[0] = name_len + 1;
793
794 memcpy(ptr + 2, hdev->dev_name, name_len);
795
796 ad_len += (name_len + 2);
797 ptr += (name_len + 2);
798 }
799
800 return ad_len;
f14d8f64
MH		 801}
802
803static void update_scan_rsp_data(struct hci_request *req)
804{
805 struct hci_dev *hdev = req->hdev;
806 struct hci_cp_le_set_scan_rsp_data cp;
807 u8 len;
808
7751ef1b 809 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 810 return;
811
812 memset(&cp, 0, sizeof(cp));
813
814 len = create_scan_rsp_data(hdev, cp.data);
815
eb438b5f
JH		 816 if (hdev->scan_rsp_data_len == len &&
817 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 818 return;
819
eb438b5f
JH		 820 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
821 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 822
823 cp.length = len;
824
825 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
826}
827
9a43e25f
JH		 828static u8 get_adv_discov_flags(struct hci_dev *hdev)
829{
830 struct pending_cmd *cmd;
831
832 /* If there's a pending mgmt command the flags will not yet have
833 * their final values, so check for this first.
834 */
835 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
836 if (cmd) {
837 struct mgmt_mode *cp = cmd->param;
838 if (cp->val == 0x01)
839 return LE_AD_GENERAL;
840 else if (cp->val == 0x02)
841 return LE_AD_LIMITED;
842 } else {
843 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
844 return LE_AD_LIMITED;
845 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_GENERAL;
847 }
848
849 return 0;
850}
851
46cad2ed 852static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 853{
854 u8 ad_len = 0, flags = 0;
441ad2d0 855
9a43e25f 856 flags |= get_adv_discov_flags(hdev);
441ad2d0 857
e834004b 858 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 859 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 860
861 if (flags) {
862 BT_DBG("adv flags 0x%02x", flags);
863
864 ptr[0] = 2;
865 ptr[1] = EIR_FLAGS;
866 ptr[2] = flags;
867
868 ad_len += 3;
869 ptr += 3;
870 }
871
872 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
873 ptr[0] = 2;
874 ptr[1] = EIR_TX_POWER;
875 ptr[2] = (u8) hdev->adv_tx_power;
876
877 ad_len += 3;
878 ptr += 3;
879 }
880
441ad2d0
MH		 881 return ad_len;
882}
883
5947f4bc 884static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 885{
886 struct hci_dev *hdev = req->hdev;
887 struct hci_cp_le_set_adv_data cp;
888 u8 len;
889
10994ce6 890 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 891 return;
892
893 memset(&cp, 0, sizeof(cp));
894
46cad2ed 895 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 896
897 if (hdev->adv_data_len == len &&
898 memcmp(cp.data, hdev->adv_data, len) == 0)
899 return;
900
901 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
902 hdev->adv_data_len = len;
903
904 cp.length = len;
905
906 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
907}
908
ef580372
JH		 909static void create_eir(struct hci_dev *hdev, u8 *data)
910{
911 u8 *ptr = data;
ef580372
JH		 912 size_t name_len;
913
914 name_len = strlen(hdev->dev_name);
915
916 if (name_len > 0) {
917 /* EIR Data type */
918 if (name_len > 48) {
919 name_len = 48;
920 ptr[1] = EIR_NAME_SHORT;
921 } else
922 ptr[1] = EIR_NAME_COMPLETE;
923
924 /* EIR Data length */
925 ptr[0] = name_len + 1;
926
927 memcpy(ptr + 2, hdev->dev_name, name_len);
928
ef580372
JH		 929 ptr += (name_len + 2);
930 }
931
bbaf444a 932 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 933 ptr[0] = 2;
934 ptr[1] = EIR_TX_POWER;
935 ptr[2] = (u8) hdev->inq_tx_power;
936
91c4e9b1
MH		 937 ptr += 3;
938 }
939
2b9be137
MH		 940 if (hdev->devid_source > 0) {
941 ptr[0] = 9;
942 ptr[1] = EIR_DEVICE_ID;
943
944 put_unaligned_le16(hdev->devid_source, ptr + 2);
945 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
946 put_unaligned_le16(hdev->devid_product, ptr + 6);
947 put_unaligned_le16(hdev->devid_version, ptr + 8);
948
2b9be137
MH		 949 ptr += 10;
950 }
951
213202ed 952 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 953 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 954 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 955}
956
890ea898 957static void update_eir(struct hci_request *req)
ef580372 958{
890ea898 959 struct hci_dev *hdev = req->hdev;
ef580372
JH		 960 struct hci_cp_write_eir cp;
961
504c8dcd 962 if (!hdev_is_powered(hdev))
890ea898 963 return;
7770c4aa 964
976eb20e 965 if (!lmp_ext_inq_capable(hdev))
890ea898 966 return;
ef580372 967
84bde9d6 968 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 969 return;
ef580372 970
a8b2d5c2 971 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 972 return;
ef580372
JH		 973
974 memset(&cp, 0, sizeof(cp));
975
976 create_eir(hdev, cp.data);
977
978 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 979 return;
ef580372
JH		 980
981 memcpy(hdev->eir, cp.data, sizeof(cp.data));
982
890ea898 983 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 984}
985
986static u8 get_service_classes(struct hci_dev *hdev)
987{
988 struct bt_uuid *uuid;
989 u8 val = 0;
990
991 list_for_each_entry(uuid, &hdev->uuids, list)
992 val |= uuid->svc_hint;
993
994 return val;
995}
996
890ea898 997static void update_class(struct hci_request *req)
ef580372 998{
890ea898 999 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1000 u8 cod[3];
1001
1002 BT_DBG("%s", hdev->name);
1003
504c8dcd 1004 if (!hdev_is_powered(hdev))
890ea898 1005 return;
7770c4aa 1006
f87ea1da
JH		 1007 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1008 return;
1009
a8b2d5c2 1010 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1011 return;
ef580372
JH		 1012
1013 cod[0] = hdev->minor_class;
1014 cod[1] = hdev->major_class;
1015 cod[2] = get_service_classes(hdev);
1016
6acd7db4
MH		 1017 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1018 cod[1] |= 0x20;
1019
ef580372 1020 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1021 return;
ef580372 1022
890ea898 1023 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1024}
1025
a4858cb9 1026static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1027{
1028 struct pending_cmd *cmd;
199a2fb1
JH		 1029
1030 /* If there's a pending mgmt command the flag will not yet have
1031 * it's final value, so check for this first.
1032 */
1033 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1034 if (cmd) {
1035 struct mgmt_mode *cp = cmd->param;
a4858cb9 1036 return cp->val;
199a2fb1
JH		 1037 }
1038
a4858cb9 1039 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1040}
1041
0ec5ae84
JH		 1042static void disable_advertising(struct hci_request *req)
1043{
1044 u8 enable = 0x00;
1045
1046 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1047}
1048
199a2fb1
JH		 1049static void enable_advertising(struct hci_request *req)
1050{
1051 struct hci_dev *hdev = req->hdev;
1052 struct hci_cp_le_set_adv_param cp;
8f2a0601 1053 u8 own_addr_type, enable = 0x01;
a4858cb9 1054 bool connectable;
199a2fb1 1055
0ec5ae84
JH		 1056 if (hci_conn_num(hdev, LE_LINK) > 0)
1057 return;
1058
1059 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1060 disable_advertising(req);
1061
5ce194c4 1062 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1063 * hci_update_random_address knows that it's safe to go ahead
1064 * and write a new random address. The flag will be set back on
1065 * as soon as the SET_ADV_ENABLE HCI command completes.
1066 */
5ce194c4 1067 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1068
a4858cb9 1069 connectable = get_connectable(hdev);
8f2a0601 1070
a4858cb9
JH		 1071 /* Set require_privacy to true only when non-connectable
1072 * advertising is used. In that case it is fine to use a
1073 * non-resolvable private address.
1074 */
1075 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1076 return;
1077
41c90c18 1078 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1079 cp.min_interval = cpu_to_le16(0x0800);
1080 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1081 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1082 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1083 cp.channel_map = hdev->le_adv_channel_map;
1084
1085 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1086
1087 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1088}
1089
7d78525d
JH		 1090static void service_cache_off(struct work_struct *work)
1091{
1092 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1093 service_cache.work);
890ea898 1094 struct hci_request req;
7d78525d 1095
a8b2d5c2 1096 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1097 return;
1098
890ea898
JH		 1099 hci_req_init(&req, hdev);
1100
7d78525d
JH		 1101 hci_dev_lock(hdev);
1102
890ea898
JH		 1103 update_eir(&req);
1104 update_class(&req);
7d78525d
JH		 1105
1106 hci_dev_unlock(hdev);
890ea898
JH		 1107
1108 hci_req_run(&req, NULL);
7d78525d
JH		 1109}
1110
d6bfd59c
JH		 1111static void rpa_expired(struct work_struct *work)
1112{
1113 struct hci_dev *hdev = container_of(work, struct hci_dev,
1114 rpa_expired.work);
1115 struct hci_request req;
1116
1117 BT_DBG("");
1118
1119 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1120
0ec5ae84 1121 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1122 return;
1123
1124 /* The generation of a new RPA and programming it into the
1125 * controller happens in the enable_advertising() function.
1126 */
d6bfd59c 1127 hci_req_init(&req, hdev);
d6bfd59c 1128 enable_advertising(&req);
d6bfd59c
JH		 1129 hci_req_run(&req, NULL);
1130}
1131
6a919082 1132static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1133{
4f87da80 1134 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1135 return;
1136
4f87da80 1137 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1138 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1139
4f87da80
JH		 1140 /* Non-mgmt controlled devices get this bit set
1141 * implicitly so that pairing works for them, however
1142 * for mgmt we require user-space to explicitly enable
1143 * it
1144 */
1145 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1146}
1147
0f4e68cf 1148static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1149 void *data, u16 data_len)
0381101f 1150{
a38528f1 1151 struct mgmt_rp_read_info rp;
f7b64e69 1152
bdb6d971 1153 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1154
09fd0de5 1155 hci_dev_lock(hdev);
f7b64e69 1156
dc4fe30b
JH		 1157 memset(&rp, 0, sizeof(rp));
1158
69ab39ea 1159 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1160
69ab39ea 1161 rp.version = hdev->hci_ver;
eb55ef07 1162 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1163
1164 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1165 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1166
a38528f1 1167 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1168
dc4fe30b 1169 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1170 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1171
09fd0de5 1172 hci_dev_unlock(hdev);
0381101f 1173
bdb6d971 1174 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1175 sizeof(rp));
0381101f
JH		 1176}
1177
eec8d2bc
JH		 1178static void mgmt_pending_free(struct pending_cmd *cmd)
1179{
1180 sock_put(cmd->sk);
c68fb7ff 1181 kfree(cmd->param);
eec8d2bc
JH		 1182 kfree(cmd);
1183}
1184
366a0336 1185static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1186 struct hci_dev *hdev, void *data,
1187 u16 len)
eec8d2bc
JH		 1188{
1189 struct pending_cmd *cmd;
1190
fca20018 1191 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1192 if (!cmd)
366a0336 1193 return NULL;
eec8d2bc
JH		 1194
1195 cmd->opcode = opcode;
2e58ef3e 1196 cmd->index = hdev->id;
eec8d2bc 1197
12b94565 1198 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1199 if (!cmd->param) {
eec8d2bc 1200 kfree(cmd);
366a0336 1201 return NULL;
eec8d2bc
JH		 1202 }
1203
8fce6357
SJ		 1204 if (data)
1205 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1206
1207 cmd->sk = sk;
1208 sock_hold(sk);
1209
2e58ef3e 1210 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1211
366a0336 1212 return cmd;
eec8d2bc
JH		 1213}
1214
744cf19e 1215static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1216 void (*cb)(struct pending_cmd *cmd,
1217 void *data),
04124681 1218 void *data)
eec8d2bc 1219{
a3d09356 1220 struct pending_cmd *cmd, *tmp;
eec8d2bc 1221
a3d09356 1222 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1223 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1224 continue;
1225
eec8d2bc
JH		 1226 cb(cmd, data);
1227 }
1228}
1229
a664b5bc 1230static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1231{
73f22f62
JH		 1232 list_del(&cmd->list);
1233 mgmt_pending_free(cmd);
1234}
1235
69ab39ea 1236static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1237{
69ab39ea 1238 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1239
aee9b218 1240 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1241 sizeof(settings));
8680570b
JH		 1242}
1243
8b064a3a
JH		 1244static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1245{
1246 BT_DBG("%s status 0x%02x", hdev->name, status);
1247
a3172b7e
JH		 1248 if (hci_conn_count(hdev) == 0) {
1249 cancel_delayed_work(&hdev->power_off);
8b064a3a 1250 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1251 }
8b064a3a
JH		 1252}
1253
21a60d30
JH		 1254static void hci_stop_discovery(struct hci_request *req)
1255{
1256 struct hci_dev *hdev = req->hdev;
1257 struct hci_cp_remote_name_req_cancel cp;
1258 struct inquiry_entry *e;
1259
1260 switch (hdev->discovery.state) {
1261 case DISCOVERY_FINDING:
1262 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1263 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1264 } else {
1265 cancel_delayed_work(&hdev->le_scan_disable);
1266 hci_req_add_le_scan_disable(req);
1267 }
1268
1269 break;
1270
1271 case DISCOVERY_RESOLVING:
1272 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1273 NAME_PENDING);
1274 if (!e)
1275 return;
1276
1277 bacpy(&cp.bdaddr, &e->data.bdaddr);
1278 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1279 &cp);
1280
1281 break;
1282
1283 default:
1284 /* Passive scanning */
1285 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1286 hci_req_add_le_scan_disable(req);
1287 break;
1288 }
1289}
1290
8b064a3a
JH		 1291static int clean_up_hci_state(struct hci_dev *hdev)
1292{
1293 struct hci_request req;
1294 struct hci_conn *conn;
1295
1296 hci_req_init(&req, hdev);
1297
1298 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1299 test_bit(HCI_PSCAN, &hdev->flags)) {
1300 u8 scan = 0x00;
1301 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1302 }
1303
1304 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1305 disable_advertising(&req);
1306
f8680f12 1307 hci_stop_discovery(&req);
8b064a3a
JH		 1308
1309 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1310 struct hci_cp_disconnect dc;
c9910d0f
JH		 1311 struct hci_cp_reject_conn_req rej;
1312
1313 switch (conn->state) {
1314 case BT_CONNECTED:
1315 case BT_CONFIG:
1316 dc.handle = cpu_to_le16(conn->handle);
1317 dc.reason = 0x15; /* Terminated due to Power Off */
1318 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1319 break;
1320 case BT_CONNECT:
1321 if (conn->type == LE_LINK)
1322 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1323 0, NULL);
1324 else if (conn->type == ACL_LINK)
1325 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1326 6, &conn->dst);
1327 break;
1328 case BT_CONNECT2:
1329 bacpy(&rej.bdaddr, &conn->dst);
1330 rej.reason = 0x15; /* Terminated due to Power Off */
1331 if (conn->type == ACL_LINK)
1332 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1333 sizeof(rej), &rej);
1334 else if (conn->type == SCO_LINK)
1335 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1336 sizeof(rej), &rej);
1337 break;
1338 }
8b064a3a
JH		 1339 }
1340
1341 return hci_req_run(&req, clean_up_hci_complete);
1342}
1343
bdb6d971 1344static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1345 u16 len)
eec8d2bc 1346{
650f726d 1347 struct mgmt_mode *cp = data;
366a0336 1348 struct pending_cmd *cmd;
4b34ee78 1349 int err;
eec8d2bc 1350
bdb6d971 1351 BT_DBG("request for %s", hdev->name);
eec8d2bc 1352
a7e80f25
JH		 1353 if (cp->val != 0x00 && cp->val != 0x01)
1354 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1355 MGMT_STATUS_INVALID_PARAMS);
1356
09fd0de5 1357 hci_dev_lock(hdev);
eec8d2bc 1358
87b95ba6
JH		 1359 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1360 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1361 MGMT_STATUS_BUSY);
1362 goto failed;
1363 }
1364
f0d4b78a
MH		 1365 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1366 cancel_delayed_work(&hdev->power_off);
1367
1368 if (cp->val) {
a1d70450
JH		 1369 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1370 data, len);
1371 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1372 goto failed;
1373 }
1374 }
1375
4b34ee78 1376 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1377 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1378 goto failed;
1379 }
1380
2e58ef3e 1381 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1382 if (!cmd) {
1383 err = -ENOMEM;
eec8d2bc 1384 goto failed;
366a0336 1385 }
eec8d2bc 1386
8b064a3a 1387 if (cp->val) {
19202573 1388 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1389 err = 0;
1390 } else {
1391 /* Disconnect connections, stop scans, etc */
1392 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1393 if (!err)
1394 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1395 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1396
8b064a3a
JH		 1397 /* ENODATA means there were no HCI commands queued */
1398 if (err == -ENODATA) {
a3172b7e 1399 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1400 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1401 err = 0;
1402 }
1403 }
eec8d2bc
JH		 1404
1405failed:
09fd0de5 1406 hci_dev_unlock(hdev);
366a0336 1407 return err;
eec8d2bc
JH		 1408}
1409
beadb2bd
JH		 1410static int new_settings(struct hci_dev *hdev, struct sock *skip)
1411{
1412 __le32 ev;
1413
1414 ev = cpu_to_le32(get_current_settings(hdev));
1415
1416 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1417}
1418
bd99abdd
JH		 1419struct cmd_lookup {
1420 struct sock *sk;
1421 struct hci_dev *hdev;
1422 u8 mgmt_status;
1423};
1424
1425static void settings_rsp(struct pending_cmd *cmd, void *data)
1426{
1427 struct cmd_lookup *match = data;
1428
1429 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1430
1431 list_del(&cmd->list);
1432
1433 if (match->sk == NULL) {
1434 match->sk = cmd->sk;
1435 sock_hold(match->sk);
1436 }
1437
1438 mgmt_pending_free(cmd);
1439}
1440
1441static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1442{
1443 u8 *status = data;
1444
1445 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1446 mgmt_pending_remove(cmd);
1447}
1448
e6fe7986
JH		 1449static u8 mgmt_bredr_support(struct hci_dev *hdev)
1450{
1451 if (!lmp_bredr_capable(hdev))
1452 return MGMT_STATUS_NOT_SUPPORTED;
1453 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1454 return MGMT_STATUS_REJECTED;
1455 else
1456 return MGMT_STATUS_SUCCESS;
1457}
1458
1459static u8 mgmt_le_support(struct hci_dev *hdev)
1460{
1461 if (!lmp_le_capable(hdev))
1462 return MGMT_STATUS_NOT_SUPPORTED;
1463 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1464 return MGMT_STATUS_REJECTED;
1465 else
1466 return MGMT_STATUS_SUCCESS;
1467}
1468
bfaf8c9f
JH		 1469static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1470{
1471 struct pending_cmd *cmd;
1472 struct mgmt_mode *cp;
970ba524 1473 struct hci_request req;
bfaf8c9f
JH		 1474 bool changed;
1475
1476 BT_DBG("status 0x%02x", status);
1477
1478 hci_dev_lock(hdev);
1479
1480 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1481 if (!cmd)
1482 goto unlock;
1483
1484 if (status) {
1485 u8 mgmt_err = mgmt_status(status);
1486 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1487 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1488 goto remove_cmd;
1489 }
1490
1491 cp = cmd->param;
d4462a07 1492 if (cp->val) {
bfaf8c9f
JH		 1493 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1494 &hdev->dev_flags);
d4462a07
MH		 1495
1496 if (hdev->discov_timeout > 0) {
1497 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1498 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1499 to);
1500 }
1501 } else {
bfaf8c9f
JH		 1502 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1503 &hdev->dev_flags);
d4462a07 1504 }
bfaf8c9f
JH		 1505
1506 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1507
1508 if (changed)
1509 new_settings(hdev, cmd->sk);
1510
970ba524
MH		 1511 /* When the discoverable mode gets changed, make sure
1512 * that class of device has the limited discoverable
1513 * bit correctly set.
1514 */
1515 hci_req_init(&req, hdev);
1516 update_class(&req);
1517 hci_req_run(&req, NULL);
1518
bfaf8c9f
JH		 1519remove_cmd:
1520 mgmt_pending_remove(cmd);
1521
1522unlock:
1523 hci_dev_unlock(hdev);
1524}
1525
bdb6d971 1526static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1527 u16 len)
73f22f62 1528{
650f726d 1529 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1530 struct pending_cmd *cmd;
bfaf8c9f 1531 struct hci_request req;
5e5282bb 1532 u16 timeout;
9a43e25f 1533 u8 scan;
73f22f62
JH		 1534 int err;
1535
bdb6d971 1536 BT_DBG("request for %s", hdev->name);
73f22f62 1537
9a43e25f
JH		 1538 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1539 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1540 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1541 MGMT_STATUS_REJECTED);
33c525c0 1542
310a3d48 1543 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1544 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1545 MGMT_STATUS_INVALID_PARAMS);
1546
1f350c87 1547 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1548
1549 /* Disabling discoverable requires that no timeout is set,
1550 * and enabling limited discoverable requires a timeout.
1551 */
1552 if ((cp->val == 0x00 && timeout > 0) ||
1553 (cp->val == 0x02 && timeout == 0))
bdb6d971 1554 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1555 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1556
09fd0de5 1557 hci_dev_lock(hdev);
73f22f62 1558
5e5282bb 1559 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1560 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1561 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1562 goto failed;
1563 }
1564
2e58ef3e 1565 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1566 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1567 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1568 MGMT_STATUS_BUSY);
73f22f62
JH		 1569 goto failed;
1570 }
1571
5e5282bb 1572 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1573 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1574 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1575 goto failed;
1576 }
1577
1578 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1579 bool changed = false;
1580
310a3d48
MH		 1581 /* Setting limited discoverable when powered off is
1582 * not a valid operation since it requires a timeout
1583 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1584 */
0224d2fa
JH		 1585 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1586 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1587 changed = true;
1588 }
1589
5e5282bb 1590 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1591 if (err < 0)
1592 goto failed;
1593
1594 if (changed)
1595 err = new_settings(hdev, sk);
1596
5e5282bb
JH		 1597 goto failed;
1598 }
1599
310a3d48
MH		 1600 /* If the current mode is the same, then just update the timeout
1601 * value with the new value. And if only the timeout gets updated,
1602 * then no need for any HCI transactions.
1603 */
1604 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1605 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1606 &hdev->dev_flags)) {
36261547
MH		 1607 cancel_delayed_work(&hdev->discov_off);
1608 hdev->discov_timeout = timeout;
955638ec 1609
36261547
MH		 1610 if (cp->val && hdev->discov_timeout > 0) {
1611 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1612 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1613 to);
955638ec
MH		 1614 }
1615
69ab39ea 1616 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1617 goto failed;
1618 }
1619
2e58ef3e 1620 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1621 if (!cmd) {
1622 err = -ENOMEM;
73f22f62 1623 goto failed;
366a0336 1624 }
73f22f62 1625
310a3d48
MH		 1626 /* Cancel any potential discoverable timeout that might be
1627 * still active and store new timeout value. The arming of
1628 * the timeout happens in the complete handler.
1629 */
1630 cancel_delayed_work(&hdev->discov_off);
1631 hdev->discov_timeout = timeout;
1632
b456f87c
JH		 1633 /* Limited discoverable mode */
1634 if (cp->val == 0x02)
1635 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1636 else
1637 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1638
bfaf8c9f
JH		 1639 hci_req_init(&req, hdev);
1640
9a43e25f
JH		 1641 /* The procedure for LE-only controllers is much simpler - just
1642 * update the advertising data.
1643 */
1644 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1645 goto update_ad;
1646
73f22f62
JH		 1647 scan = SCAN_PAGE;
1648
310a3d48
MH		 1649 if (cp->val) {
1650 struct hci_cp_write_current_iac_lap hci_cp;
1651
1652 if (cp->val == 0x02) {
1653 /* Limited discoverable mode */
33337dcb 1654 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1655 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1656 hci_cp.iac_lap[1] = 0x8b;
1657 hci_cp.iac_lap[2] = 0x9e;
1658 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1659 hci_cp.iac_lap[4] = 0x8b;
1660 hci_cp.iac_lap[5] = 0x9e;
1661 } else {
1662 /* General discoverable mode */
310a3d48
MH		 1663 hci_cp.num_iac = 1;
1664 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1665 hci_cp.iac_lap[1] = 0x8b;
1666 hci_cp.iac_lap[2] = 0x9e;
1667 }
1668
1669 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1670 (hci_cp.num_iac * 3) + 1, &hci_cp);
1671
73f22f62 1672 scan |= SCAN_INQUIRY;
310a3d48
MH		 1673 } else {
1674 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1675 }
73f22f62 1676
310a3d48 1677 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1678
9a43e25f
JH		 1679update_ad:
1680 update_adv_data(&req);
1681
bfaf8c9f 1682 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1683 if (err < 0)
a664b5bc 1684 mgmt_pending_remove(cmd);
73f22f62
JH		 1685
1686failed:
09fd0de5 1687 hci_dev_unlock(hdev);
73f22f62
JH		 1688 return err;
1689}
1690
406d7804
JH		 1691static void write_fast_connectable(struct hci_request *req, bool enable)
1692{
bd98b996 1693 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1694 struct hci_cp_write_page_scan_activity acp;
1695 u8 type;
1696
547003b1
JH		 1697 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1698 return;
1699
4c01f8b8
JH		 1700 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1701 return;
1702
406d7804
JH		 1703 if (enable) {
1704 type = PAGE_SCAN_TYPE_INTERLACED;
1705
1706 /* 160 msec page scan interval */
dcf4adbf 1707 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1708 } else {
1709 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1710
1711 /* default 1.28 sec page scan */
dcf4adbf 1712 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1713 }
1714
dcf4adbf 1715 acp.window = cpu_to_le16(0x0012);
406d7804 1716
bd98b996
JH		 1717 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1718 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1719 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1720 sizeof(acp), &acp);
1721
1722 if (hdev->page_scan_type != type)
1723 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1724}
1725
2b76f453
JH		 1726static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1727{
1728 struct pending_cmd *cmd;
d7b856f9
JH		 1729 struct mgmt_mode *cp;
1730 bool changed;
2b76f453
JH		 1731
1732 BT_DBG("status 0x%02x", status);
1733
1734 hci_dev_lock(hdev);
1735
1736 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1737 if (!cmd)
1738 goto unlock;
1739
37438c1f
JH		 1740 if (status) {
1741 u8 mgmt_err = mgmt_status(status);
1742 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1743 goto remove_cmd;
1744 }
1745
d7b856f9
JH		 1746 cp = cmd->param;
1747 if (cp->val)
1748 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1749 else
1750 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1751
2b76f453
JH		 1752 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1753
2b7be33e 1754 if (changed) {
d7b856f9 1755 new_settings(hdev, cmd->sk);
2b7be33e
JH		 1756 hci_update_background_scan(hdev);
1757 }
d7b856f9 1758
37438c1f 1759remove_cmd:
2b76f453
JH		 1760 mgmt_pending_remove(cmd);
1761
1762unlock:
1763 hci_dev_unlock(hdev);
1764}
1765
e8ba3a1f
JH		 1766static int set_connectable_update_settings(struct hci_dev *hdev,
1767 struct sock *sk, u8 val)
1768{
1769 bool changed = false;
1770 int err;
1771
1772 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1773 changed = true;
1774
1775 if (val) {
1776 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1777 } else {
1778 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1779 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1780 }
1781
1782 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1783 if (err < 0)
1784 return err;
1785
1786 if (changed)
1787 return new_settings(hdev, sk);
1788
1789 return 0;
1790}
1791
bdb6d971 1792static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1793 u16 len)
9fbcbb45 1794{
650f726d 1795 struct mgmt_mode *cp = data;
366a0336 1796 struct pending_cmd *cmd;
2b76f453 1797 struct hci_request req;
1987fdc7 1798 u8 scan;
9fbcbb45
JH		 1799 int err;
1800
bdb6d971 1801 BT_DBG("request for %s", hdev->name);
9fbcbb45 1802
1987fdc7
JH		 1803 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1804 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1805 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1806 MGMT_STATUS_REJECTED);
33c525c0 1807
a7e80f25
JH		 1808 if (cp->val != 0x00 && cp->val != 0x01)
1809 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1810 MGMT_STATUS_INVALID_PARAMS);
1811
09fd0de5 1812 hci_dev_lock(hdev);
9fbcbb45 1813
4b34ee78 1814 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1815 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1816 goto failed;
1817 }
1818
2e58ef3e 1819 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1820 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1821 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1822 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1823 goto failed;
1824 }
1825
2e58ef3e 1826 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1827 if (!cmd) {
1828 err = -ENOMEM;
9fbcbb45 1829 goto failed;
366a0336 1830 }
9fbcbb45 1831
9b74246f 1832 hci_req_init(&req, hdev);
9fbcbb45 1833
9a43e25f
JH		 1834 /* If BR/EDR is not enabled and we disable advertising as a
1835 * by-product of disabling connectable, we need to update the
1836 * advertising flags.
1837 */
1838 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1839 if (!cp->val) {
1840 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1841 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1842 }
1843 update_adv_data(&req);
1844 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1845 if (cp->val) {
1846 scan = SCAN_PAGE;
1847 } else {
1848 scan = 0;
1849
1850 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1851 hdev->discov_timeout > 0)
9b74246f
JH		 1852 cancel_delayed_work(&hdev->discov_off);
1853 }
2b76f453 1854
9b74246f
JH		 1855 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1856 }
2b76f453 1857
4c01f8b8
JH		 1858 /* If we're going from non-connectable to connectable or
1859 * vice-versa when fast connectable is enabled ensure that fast
1860 * connectable gets disabled. write_fast_connectable won't do
1861 * anything if the page scan parameters are already what they
1862 * should be.
1863 */
1864 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1865 write_fast_connectable(&req, false);
1866
1987fdc7 1867 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
0ec5ae84 1868 !test_bit(HCI_LE_ADV, &hdev->dev_flags))
1987fdc7 1869 enable_advertising(&req);
1987fdc7 1870
2b76f453 1871 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1872 if (err < 0) {
a664b5bc 1873 mgmt_pending_remove(cmd);
9b74246f 1874 if (err == -ENODATA)
a81070ba
JH		 1875 err = set_connectable_update_settings(hdev, sk,
1876 cp->val);
9b74246f
JH		 1877 goto failed;
1878 }
9fbcbb45
JH		 1879
1880failed:
09fd0de5 1881 hci_dev_unlock(hdev);
9fbcbb45
JH		 1882 return err;
1883}
1884
bdb6d971 1885static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1886 u16 len)
c542a06c 1887{
650f726d 1888 struct mgmt_mode *cp = data;
55594356 1889 bool changed;
c542a06c
JH		 1890 int err;
1891
bdb6d971 1892 BT_DBG("request for %s", hdev->name);
c542a06c 1893
a7e80f25
JH		 1894 if (cp->val != 0x00 && cp->val != 0x01)
1895 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1896 MGMT_STATUS_INVALID_PARAMS);
1897
09fd0de5 1898 hci_dev_lock(hdev);
c542a06c
JH		 1899
1900 if (cp->val)
55594356 1901 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1902 else
55594356 1903 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1904
69ab39ea 1905 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1906 if (err < 0)
55594356 1907 goto unlock;
c542a06c 1908
55594356
MH		 1909 if (changed)
1910 err = new_settings(hdev, sk);
c542a06c 1911
55594356 1912unlock:
09fd0de5 1913 hci_dev_unlock(hdev);
c542a06c
JH		 1914 return err;
1915}
1916
04124681
GP		 1917static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1918 u16 len)
33ef95ed
JH		 1919{
1920 struct mgmt_mode *cp = data;
1921 struct pending_cmd *cmd;
e6fe7986 1922 u8 val, status;
33ef95ed
JH		 1923 int err;
1924
bdb6d971 1925 BT_DBG("request for %s", hdev->name);
33ef95ed 1926
e6fe7986
JH		 1927 status = mgmt_bredr_support(hdev);
1928 if (status)
33c525c0 1929 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1930 status);
33c525c0 1931
a7e80f25
JH		 1932 if (cp->val != 0x00 && cp->val != 0x01)
1933 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1934 MGMT_STATUS_INVALID_PARAMS);
1935
33ef95ed
JH		 1936 hci_dev_lock(hdev);
1937
4b34ee78 1938 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1939 bool changed = false;
1940
1941 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1942 &hdev->dev_flags)) {
47990ea0
JH		 1943 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1944 changed = true;
1945 }
1946
1947 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1948 if (err < 0)
1949 goto failed;
1950
1951 if (changed)
1952 err = new_settings(hdev, sk);
1953
33ef95ed
JH		 1954 goto failed;
1955 }
1956
1957 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1958 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1959 MGMT_STATUS_BUSY);
33ef95ed
JH		 1960 goto failed;
1961 }
1962
1963 val = !!cp->val;
1964
1965 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1966 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1967 goto failed;
1968 }
1969
1970 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1971 if (!cmd) {
1972 err = -ENOMEM;
1973 goto failed;
1974 }
1975
1976 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1977 if (err < 0) {
1978 mgmt_pending_remove(cmd);
1979 goto failed;
1980 }
1981
1982failed:
1983 hci_dev_unlock(hdev);
33ef95ed
JH		 1984 return err;
1985}
1986
bdb6d971 1987static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1988{
1989 struct mgmt_mode *cp = data;
1990 struct pending_cmd *cmd;
72ef0c1a 1991 u8 status;
ed2c4ee3
JH		 1992 int err;
1993
bdb6d971 1994 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1995
cdba5281
MH		 1996 status = mgmt_bredr_support(hdev);
1997 if (status)
1998 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1999
13ecd8b6
JH		 2000 if (!lmp_ssp_capable(hdev))
2001 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2002 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2003
a7e80f25
JH		 2004 if (cp->val != 0x00 && cp->val != 0x01)
2005 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2006 MGMT_STATUS_INVALID_PARAMS);
2007
13ecd8b6 2008 hci_dev_lock(hdev);
6c8f12c1 2009
4b34ee78 2010 if (!hdev_is_powered(hdev)) {
9ecb3e24 2011 bool changed;
c0ecddc2 2012
9ecb3e24
MH		 2013 if (cp->val) {
2014 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2015 &hdev->dev_flags);
2016 } else {
2017 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2018 &hdev->dev_flags);
2019 if (!changed)
2020 changed = test_and_clear_bit(HCI_HS_ENABLED,
2021 &hdev->dev_flags);
2022 else
2023 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2024 }
2025
2026 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2027 if (err < 0)
2028 goto failed;
2029
2030 if (changed)
2031 err = new_settings(hdev, sk);
2032
ed2c4ee3
JH		 2033 goto failed;
2034 }
2035
9ecb3e24
MH		 2036 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2037 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2038 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2039 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2040 goto failed;
2041 }
2042
72ef0c1a 2043 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2044 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2045 goto failed;
2046 }
2047
2048 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2049 if (!cmd) {
2050 err = -ENOMEM;
2051 goto failed;
2052 }
2053
3769972b
JH		 2054 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2055 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2056 sizeof(cp->val), &cp->val);
2057
72ef0c1a 2058 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2059 if (err < 0) {
2060 mgmt_pending_remove(cmd);
2061 goto failed;
2062 }
2063
2064failed:
2065 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2066 return err;
2067}
2068
bdb6d971 2069static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2070{
2071 struct mgmt_mode *cp = data;
ee392693 2072 bool changed;
e6fe7986 2073 u8 status;
ee392693 2074 int err;
6d80dfd0 2075
bdb6d971 2076 BT_DBG("request for %s", hdev->name);
6d80dfd0 2077
e6fe7986
JH		 2078 status = mgmt_bredr_support(hdev);
2079 if (status)
2080 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2081
9ecb3e24
MH		 2082 if (!lmp_ssp_capable(hdev))
2083 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2084 MGMT_STATUS_NOT_SUPPORTED);
2085
2086 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2087 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2088 MGMT_STATUS_REJECTED);
2089
a7e80f25
JH		 2090 if (cp->val != 0x00 && cp->val != 0x01)
2091 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2092 MGMT_STATUS_INVALID_PARAMS);
2093
ee392693
MH		 2094 hci_dev_lock(hdev);
2095
a0cdf960 2096 if (cp->val) {
ee392693 2097 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2098 } else {
2099 if (hdev_is_powered(hdev)) {
2100 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2101 MGMT_STATUS_REJECTED);
2102 goto unlock;
2103 }
2104
ee392693 2105 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2106 }
ee392693
MH		 2107
2108 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2109 if (err < 0)
2110 goto unlock;
2111
2112 if (changed)
2113 err = new_settings(hdev, sk);
6d80dfd0 2114
ee392693
MH		 2115unlock:
2116 hci_dev_unlock(hdev);
2117 return err;
6d80dfd0
JH		 2118}
2119
416a4ae5
JH		 2120static void le_enable_complete(struct hci_dev *hdev, u8 status)
2121{
2122 struct cmd_lookup match = { NULL, hdev };
2123
2124 if (status) {
2125 u8 mgmt_err = mgmt_status(status);
2126
2127 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2128 &mgmt_err);
2129 return;
2130 }
2131
2132 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2133
2134 new_settings(hdev, match.sk);
2135
2136 if (match.sk)
2137 sock_put(match.sk);
441ad2d0
MH		 2138
2139 /* Make sure the controller has a good default for
2140 * advertising data. Restrict the update to when LE
2141 * has actually been enabled. During power on, the
2142 * update in powered_update_hci will take care of it.
2143 */
2144 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2145 struct hci_request req;
2146
2147 hci_dev_lock(hdev);
2148
2149 hci_req_init(&req, hdev);
5947f4bc 2150 update_adv_data(&req);
f14d8f64 2151 update_scan_rsp_data(&req);
441ad2d0
MH		 2152 hci_req_run(&req, NULL);
2153
a70f4b5f
JH		 2154 hci_update_background_scan(hdev);
2155
441ad2d0
MH		 2156 hci_dev_unlock(hdev);
2157 }
416a4ae5
JH		 2158}
2159
bdb6d971 2160static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2161{
2162 struct mgmt_mode *cp = data;
2163 struct hci_cp_write_le_host_supported hci_cp;
2164 struct pending_cmd *cmd;
416a4ae5 2165 struct hci_request req;
06199cf8 2166 int err;
0b60eba1 2167 u8 val, enabled;
06199cf8 2168
bdb6d971 2169 BT_DBG("request for %s", hdev->name);
06199cf8 2170
13ecd8b6
JH		 2171 if (!lmp_le_capable(hdev))
2172 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2173 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2174
a7e80f25
JH		 2175 if (cp->val != 0x00 && cp->val != 0x01)
2176 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2177 MGMT_STATUS_INVALID_PARAMS);
2178
c73eee91 2179 /* LE-only devices do not allow toggling LE on/off */
56f87901 2180 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2181 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2182 MGMT_STATUS_REJECTED);
2183
13ecd8b6 2184 hci_dev_lock(hdev);
06199cf8
JH		 2185
2186 val = !!cp->val;
ffa88e02 2187 enabled = lmp_host_le_capable(hdev);
06199cf8 2188
0b60eba1 2189 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2190 bool changed = false;
2191
2192 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2193 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2194 changed = true;
2195 }
2196
f3d3444a
JH		 2197 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2198 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2199 changed = true;
2200 }
2201
06199cf8
JH		 2202 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2203 if (err < 0)
1de028ce 2204 goto unlock;
06199cf8
JH		 2205
2206 if (changed)
2207 err = new_settings(hdev, sk);
2208
1de028ce 2209 goto unlock;
06199cf8
JH		 2210 }
2211
4375f103
JH		 2212 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2213 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2214 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2215 MGMT_STATUS_BUSY);
1de028ce 2216 goto unlock;
06199cf8
JH		 2217 }
2218
2219 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2220 if (!cmd) {
2221 err = -ENOMEM;
1de028ce 2222 goto unlock;
06199cf8
JH		 2223 }
2224
441ad2d0
MH		 2225 hci_req_init(&req, hdev);
2226
06199cf8
JH		 2227 memset(&hci_cp, 0, sizeof(hci_cp));
2228
2229 if (val) {
2230 hci_cp.le = val;
ffa88e02 2231 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2232 } else {
2233 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2234 disable_advertising(&req);
06199cf8
JH		 2235 }
2236
416a4ae5
JH		 2237 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2238 &hci_cp);
2239
2240 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2241 if (err < 0)
06199cf8 2242 mgmt_pending_remove(cmd);
06199cf8 2243
1de028ce
JH		 2244unlock:
2245 hci_dev_unlock(hdev);
06199cf8
JH		 2246 return err;
2247}
2248
0cab9c80
JH		 2249/* This is a helper function to test for pending mgmt commands that can
2250 * cause CoD or EIR HCI commands. We can only allow one such pending
2251 * mgmt command at a time since otherwise we cannot easily track what
2252 * the current values are, will be, and based on that calculate if a new
2253 * HCI command needs to be sent and if yes with what value.
2254 */
2255static bool pending_eir_or_class(struct hci_dev *hdev)
2256{
2257 struct pending_cmd *cmd;
2258
2259 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2260 switch (cmd->opcode) {
2261 case MGMT_OP_ADD_UUID:
2262 case MGMT_OP_REMOVE_UUID:
2263 case MGMT_OP_SET_DEV_CLASS:
2264 case MGMT_OP_SET_POWERED:
2265 return true;
2266 }
2267 }
2268
2269 return false;
2270}
2271
83be8eca
JH		 2272static const u8 bluetooth_base_uuid[] = {
2273 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2274 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2275};
2276
2277static u8 get_uuid_size(const u8 *uuid)
2278{
2279 u32 val;
2280
2281 if (memcmp(uuid, bluetooth_base_uuid, 12))
2282 return 128;
2283
2284 val = get_unaligned_le32(&uuid[12]);
2285 if (val > 0xffff)
2286 return 32;
2287
2288 return 16;
2289}
2290
92da6097
JH		 2291static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2292{
2293 struct pending_cmd *cmd;
2294
2295 hci_dev_lock(hdev);
2296
2297 cmd = mgmt_pending_find(mgmt_op, hdev);
2298 if (!cmd)
2299 goto unlock;
2300
2301 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2302 hdev->dev_class, 3);
2303
2304 mgmt_pending_remove(cmd);
2305
2306unlock:
2307 hci_dev_unlock(hdev);
2308}
2309
2310static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2311{
2312 BT_DBG("status 0x%02x", status);
2313
2314 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2315}
2316
bdb6d971 2317static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2318{
650f726d 2319 struct mgmt_cp_add_uuid *cp = data;
90e70454 2320 struct pending_cmd *cmd;
890ea898 2321 struct hci_request req;
2aeb9a1a 2322 struct bt_uuid *uuid;
2aeb9a1a
JH		 2323 int err;
2324
bdb6d971 2325 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2326
09fd0de5 2327 hci_dev_lock(hdev);
2aeb9a1a 2328
0cab9c80 2329 if (pending_eir_or_class(hdev)) {
bdb6d971 2330 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2331 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2332 goto failed;
2333 }
2334
92c4c204 2335 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2336 if (!uuid) {
2337 err = -ENOMEM;
2338 goto failed;
2339 }
2340
2341 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2342 uuid->svc_hint = cp->svc_hint;
83be8eca 2343 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2344
de66aa63 2345 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2346
890ea898 2347 hci_req_init(&req, hdev);
1aff6f09 2348
890ea898
JH		 2349 update_class(&req);
2350 update_eir(&req);
2351
92da6097
JH		 2352 err = hci_req_run(&req, add_uuid_complete);
2353 if (err < 0) {
2354 if (err != -ENODATA)
2355 goto failed;
80a1e1db 2356
bdb6d971 2357 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2358 hdev->dev_class, 3);
90e70454
JH		 2359 goto failed;
2360 }
2361
2362 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2363 if (!cmd) {
90e70454 2364 err = -ENOMEM;
890ea898
JH		 2365 goto failed;
2366 }
2367
2368 err = 0;
2aeb9a1a
JH		 2369
2370failed:
09fd0de5 2371 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2372 return err;
2373}
2374
24b78d0f
JH		 2375static bool enable_service_cache(struct hci_dev *hdev)
2376{
2377 if (!hdev_is_powered(hdev))
2378 return false;
2379
2380 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2381 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2382 CACHE_TIMEOUT);
24b78d0f
JH		 2383 return true;
2384 }
2385
2386 return false;
2387}
2388
92da6097
JH		 2389static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2390{
2391 BT_DBG("status 0x%02x", status);
2392
2393 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2394}
2395
bdb6d971 2396static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2397 u16 len)
2aeb9a1a 2398{
650f726d 2399 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2400 struct pending_cmd *cmd;
056341c8 2401 struct bt_uuid *match, *tmp;
2aeb9a1a 2402 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2403 struct hci_request req;
2aeb9a1a
JH		 2404 int err, found;
2405
bdb6d971 2406 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2407
09fd0de5 2408 hci_dev_lock(hdev);
2aeb9a1a 2409
0cab9c80 2410 if (pending_eir_or_class(hdev)) {
bdb6d971 2411 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2412 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2413 goto unlock;
2414 }
2415
2aeb9a1a 2416 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2417 hci_uuids_clear(hdev);
4004b6d9 2418
24b78d0f 2419 if (enable_service_cache(hdev)) {
bdb6d971 2420 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2421 0, hdev->dev_class, 3);
24b78d0f
JH		 2422 goto unlock;
2423 }
4004b6d9 2424
9246a869 2425 goto update_class;
2aeb9a1a
JH		 2426 }
2427
2428 found = 0;
2429
056341c8 2430 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2431 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2432 continue;
2433
2434 list_del(&match->list);
482049f7 2435 kfree(match);
2aeb9a1a
JH		 2436 found++;
2437 }
2438
2439 if (found == 0) {
bdb6d971 2440 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2441 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2442 goto unlock;
2443 }
2444
9246a869 2445update_class:
890ea898 2446 hci_req_init(&req, hdev);
1aff6f09 2447
890ea898
JH		 2448 update_class(&req);
2449 update_eir(&req);
2450
92da6097
JH		 2451 err = hci_req_run(&req, remove_uuid_complete);
2452 if (err < 0) {
2453 if (err != -ENODATA)
2454 goto unlock;
80a1e1db 2455
bdb6d971 2456 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2457 hdev->dev_class, 3);
90e70454
JH		 2458 goto unlock;
2459 }
2460
2461 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2462 if (!cmd) {
90e70454 2463 err = -ENOMEM;
890ea898
JH		 2464 goto unlock;
2465 }
2466
2467 err = 0;
2aeb9a1a
JH		 2468
2469unlock:
09fd0de5 2470 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2471 return err;
2472}
2473
92da6097
JH		 2474static void set_class_complete(struct hci_dev *hdev, u8 status)
2475{
2476 BT_DBG("status 0x%02x", status);
2477
2478 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2479}
2480
bdb6d971 2481static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2482 u16 len)
1aff6f09 2483{
650f726d 2484 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2485 struct pending_cmd *cmd;
890ea898 2486 struct hci_request req;
1aff6f09
JH		 2487 int err;
2488
bdb6d971 2489 BT_DBG("request for %s", hdev->name);
1aff6f09 2490
6203fc98 2491 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2492 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2493 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2494
0cab9c80 2495 hci_dev_lock(hdev);
ee98f473 2496
0cab9c80
JH		 2497 if (pending_eir_or_class(hdev)) {
2498 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2499 MGMT_STATUS_BUSY);
2500 goto unlock;
2501 }
c95f0ba7 2502
0cab9c80
JH		 2503 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2504 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2505 MGMT_STATUS_INVALID_PARAMS);
2506 goto unlock;
2507 }
575b3a02 2508
932f5ff5
JH		 2509 hdev->major_class = cp->major;
2510 hdev->minor_class = cp->minor;
2511
b5235a65 2512 if (!hdev_is_powered(hdev)) {
bdb6d971 2513 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2514 hdev->dev_class, 3);
b5235a65
JH		 2515 goto unlock;
2516 }
2517
890ea898
JH		 2518 hci_req_init(&req, hdev);
2519
a8b2d5c2 2520 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2521 hci_dev_unlock(hdev);
2522 cancel_delayed_work_sync(&hdev->service_cache);
2523 hci_dev_lock(hdev);
890ea898 2524 update_eir(&req);
7d78525d 2525 }
14c0b608 2526
890ea898
JH		 2527 update_class(&req);
2528
92da6097
JH		 2529 err = hci_req_run(&req, set_class_complete);
2530 if (err < 0) {
2531 if (err != -ENODATA)
2532 goto unlock;
1aff6f09 2533
bdb6d971 2534 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2535 hdev->dev_class, 3);
90e70454
JH		 2536 goto unlock;
2537 }
2538
2539 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2540 if (!cmd) {
90e70454 2541 err = -ENOMEM;
890ea898
JH		 2542 goto unlock;
2543 }
2544
2545 err = 0;
1aff6f09 2546
b5235a65 2547unlock:
09fd0de5 2548 hci_dev_unlock(hdev);
1aff6f09
JH		 2549 return err;
2550}
2551
bdb6d971 2552static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2553 u16 len)
55ed8ca1 2554{
650f726d 2555 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2556 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2557 sizeof(struct mgmt_link_key_info));
4e51eae9 2558 u16 key_count, expected_len;
b1de97d8 2559 bool changed;
a492cd52 2560 int i;
55ed8ca1 2561
9060d5cf
MH		 2562 BT_DBG("request for %s", hdev->name);
2563
2564 if (!lmp_bredr_capable(hdev))
2565 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2566 MGMT_STATUS_NOT_SUPPORTED);
2567
1f350c87 2568 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2569 if (key_count > max_key_count) {
2570 BT_ERR("load_link_keys: too big key_count value %u",
2571 key_count);
2572 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2573 MGMT_STATUS_INVALID_PARAMS);
2574 }
55ed8ca1 2575
86742e1e
JH		 2576 expected_len = sizeof(*cp) + key_count *
2577 sizeof(struct mgmt_link_key_info);
a492cd52 2578 if (expected_len != len) {
86742e1e 2579 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2580 expected_len, len);
bdb6d971 2581 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2582 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2583 }
2584
4ae14301
JH		 2585 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2586 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2587 MGMT_STATUS_INVALID_PARAMS);
2588
bdb6d971 2589 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2590 key_count);
55ed8ca1 2591
4ee71b20
JH		 2592 for (i = 0; i < key_count; i++) {
2593 struct mgmt_link_key_info *key = &cp->keys[i];
2594
8e991132 2595 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2596 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2597 MGMT_STATUS_INVALID_PARAMS);
2598 }
2599
09fd0de5 2600 hci_dev_lock(hdev);
55ed8ca1
JH		 2601
2602 hci_link_keys_clear(hdev);
2603
55ed8ca1 2604 if (cp->debug_keys)
0663b297
JH		 2605 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2606 &hdev->dev_flags);
55ed8ca1 2607 else
0663b297
JH		 2608 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2609 &hdev->dev_flags);
b1de97d8
MH		 2610
2611 if (changed)
2612 new_settings(hdev, NULL);
55ed8ca1 2613
a492cd52 2614 for (i = 0; i < key_count; i++) {
86742e1e 2615 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2616
58e9293c
JH		 2617 /* Always ignore debug keys and require a new pairing if
2618 * the user wants to use them.
2619 */
2620 if (key->type == HCI_LK_DEBUG_COMBINATION)
2621 continue;
2622
7652ff6a
JH		 2623 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2624 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2625 }
2626
bdb6d971 2627 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2628
09fd0de5 2629 hci_dev_unlock(hdev);
55ed8ca1 2630
a492cd52 2631 return 0;
55ed8ca1
JH		 2632}
2633
b1078ad0 2634static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2635 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2636{
2637 struct mgmt_ev_device_unpaired ev;
2638
2639 bacpy(&ev.addr.bdaddr, bdaddr);
2640 ev.addr.type = addr_type;
2641
2642 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2643 skip_sk);
b1078ad0
JH		 2644}
2645
bdb6d971 2646static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2647 u16 len)
55ed8ca1 2648{
124f6e35
JH		 2649 struct mgmt_cp_unpair_device *cp = data;
2650 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2651 struct hci_cp_disconnect dc;
2652 struct pending_cmd *cmd;
55ed8ca1 2653 struct hci_conn *conn;
55ed8ca1
JH		 2654 int err;
2655
a8a1d19e 2656 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2657 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2658 rp.addr.type = cp->addr.type;
a8a1d19e 2659
4ee71b20
JH		 2660 if (!bdaddr_type_is_valid(cp->addr.type))
2661 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2662 MGMT_STATUS_INVALID_PARAMS,
2663 &rp, sizeof(rp));
2664
118da70b
JH		 2665 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2666 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2667 MGMT_STATUS_INVALID_PARAMS,
2668 &rp, sizeof(rp));
2669
4ee71b20
JH		 2670 hci_dev_lock(hdev);
2671
86a8cfc6 2672 if (!hdev_is_powered(hdev)) {
bdb6d971 2673 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2674 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2675 goto unlock;
2676 }
2677
e0b2b27e 2678 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2679 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2680 } else {
2681 u8 addr_type;
2682
2683 if (cp->addr.type == BDADDR_LE_PUBLIC)
2684 addr_type = ADDR_LE_DEV_PUBLIC;
2685 else
2686 addr_type = ADDR_LE_DEV_RANDOM;
2687
a7ec7338
JH		 2688 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2689
a9b0a04c
AG		 2690 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2691
e0b2b27e
JH		 2692 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2693 }
b0dbfb46 2694
55ed8ca1 2695 if (err < 0) {
bdb6d971 2696 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2697 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2698 goto unlock;
2699 }
2700
86a8cfc6 2701 if (cp->disconnect) {
591f47f3 2702 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2703 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2704 &cp->addr.bdaddr);
86a8cfc6
JH		 2705 else
2706 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2707 &cp->addr.bdaddr);
86a8cfc6
JH		 2708 } else {
2709 conn = NULL;
2710 }
124f6e35 2711
a8a1d19e 2712 if (!conn) {
bdb6d971 2713 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2714 &rp, sizeof(rp));
b1078ad0 2715 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2716 goto unlock;
2717 }
55ed8ca1 2718
124f6e35 2719 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2720 sizeof(*cp));
a8a1d19e
JH		 2721 if (!cmd) {
2722 err = -ENOMEM;
2723 goto unlock;
55ed8ca1
JH		 2724 }
2725
eb55ef07 2726 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2727 dc.reason = 0x13; /* Remote User Terminated Connection */
2728 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2729 if (err < 0)
2730 mgmt_pending_remove(cmd);
2731
55ed8ca1 2732unlock:
09fd0de5 2733 hci_dev_unlock(hdev);
55ed8ca1
JH		 2734 return err;
2735}
2736
bdb6d971 2737static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2738 u16 len)
8962ee74 2739{
650f726d 2740 struct mgmt_cp_disconnect *cp = data;
06a63b19 2741 struct mgmt_rp_disconnect rp;
8962ee74 2742 struct hci_cp_disconnect dc;
366a0336 2743 struct pending_cmd *cmd;
8962ee74 2744 struct hci_conn *conn;
8962ee74
JH		 2745 int err;
2746
2747 BT_DBG("");
2748
06a63b19
JH		 2749 memset(&rp, 0, sizeof(rp));
2750 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2751 rp.addr.type = cp->addr.type;
2752
4ee71b20 2753 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2754 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2755 MGMT_STATUS_INVALID_PARAMS,
2756 &rp, sizeof(rp));
4ee71b20 2757
09fd0de5 2758 hci_dev_lock(hdev);
8962ee74
JH		 2759
2760 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2761 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2762 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2763 goto failed;
2764 }
2765
2e58ef3e 2766 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2767 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2768 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2769 goto failed;
2770 }
2771
591f47f3 2772 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2773 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2774 &cp->addr.bdaddr);
88c3df13
JH		 2775 else
2776 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2777
f960727e 2778 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2779 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2780 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2781 goto failed;
2782 }
2783
2e58ef3e 2784 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2785 if (!cmd) {
2786 err = -ENOMEM;
8962ee74 2787 goto failed;
366a0336 2788 }
8962ee74 2789
eb55ef07 2790 dc.handle = cpu_to_le16(conn->handle);
3701f944 2791 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2792
2793 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2794 if (err < 0)
a664b5bc 2795 mgmt_pending_remove(cmd);
8962ee74
JH		 2796
2797failed:
09fd0de5 2798 hci_dev_unlock(hdev);
8962ee74
JH		 2799 return err;
2800}
2801
57c1477c 2802static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2803{
2804 switch (link_type) {
2805 case LE_LINK:
48264f06
JH		 2806 switch (addr_type) {
2807 case ADDR_LE_DEV_PUBLIC:
591f47f3 2808 return BDADDR_LE_PUBLIC;
0ed09148 2809
48264f06 2810 default:
0ed09148 2811 /* Fallback to LE Random address type */
591f47f3 2812 return BDADDR_LE_RANDOM;
48264f06 2813 }
0ed09148 2814
4c659c39 2815 default:
0ed09148 2816 /* Fallback to BR/EDR type */
591f47f3 2817 return BDADDR_BREDR;
4c659c39
JH		 2818 }
2819}
2820
04124681
GP		 2821static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2822 u16 data_len)
2784eb41 2823{
2784eb41 2824 struct mgmt_rp_get_connections *rp;
8035ded4 2825 struct hci_conn *c;
a38528f1 2826 size_t rp_len;
60fc5fb6
JH		 2827 int err;
2828 u16 i;
2784eb41
JH		 2829
2830 BT_DBG("");
2831
09fd0de5 2832 hci_dev_lock(hdev);
2784eb41 2833
5f97c1df 2834 if (!hdev_is_powered(hdev)) {
bdb6d971 2835 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2836 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2837 goto unlock;
2838 }
2839
60fc5fb6 2840 i = 0;
b644ba33
JH		 2841 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2842 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2843 i++;
2784eb41
JH		 2844 }
2845
60fc5fb6 2846 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2847 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2848 if (!rp) {
2784eb41
JH		 2849 err = -ENOMEM;
2850 goto unlock;
2851 }
2852
2784eb41 2853 i = 0;
4c659c39 2854 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2855 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2856 continue;
4c659c39 2857 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2858 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2859 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2860 continue;
2861 i++;
2862 }
2863
eb55ef07 2864 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2865
4c659c39
JH		 2866 /* Recalculate length in case of filtered SCO connections, etc */
2867 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2868
bdb6d971 2869 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2870 rp_len);
2784eb41 2871
a38528f1 2872 kfree(rp);
5f97c1df
JH		 2873
2874unlock:
09fd0de5 2875 hci_dev_unlock(hdev);
2784eb41
JH		 2876 return err;
2877}
2878
bdb6d971 2879static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2880 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2881{
2882 struct pending_cmd *cmd;
2883 int err;
2884
2e58ef3e 2885 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2886 sizeof(*cp));
96d97a67
WR		 2887 if (!cmd)
2888 return -ENOMEM;
2889
d8457698 2890 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2891 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2892 if (err < 0)
2893 mgmt_pending_remove(cmd);
2894
2895 return err;
2896}
2897
bdb6d971 2898static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2899 u16 len)
980e1a53 2900{
96d97a67 2901 struct hci_conn *conn;
650f726d 2902 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2903 struct hci_cp_pin_code_reply reply;
366a0336 2904 struct pending_cmd *cmd;
980e1a53
JH		 2905 int err;
2906
2907 BT_DBG("");
2908
09fd0de5 2909 hci_dev_lock(hdev);
980e1a53 2910
4b34ee78 2911 if (!hdev_is_powered(hdev)) {
bdb6d971 2912 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2913 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2914 goto failed;
2915 }
2916
d8457698 2917 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2918 if (!conn) {
bdb6d971 2919 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2920 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2921 goto failed;
2922 }
2923
2924 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2925 struct mgmt_cp_pin_code_neg_reply ncp;
2926
2927 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2928
2929 BT_ERR("PIN code is not 16 bytes long");
2930
bdb6d971 2931 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2932 if (err >= 0)
bdb6d971 2933 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2934 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2935
2936 goto failed;
2937 }
2938
00abfe44 2939 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2940 if (!cmd) {
2941 err = -ENOMEM;
980e1a53 2942 goto failed;
366a0336 2943 }
980e1a53 2944
d8457698 2945 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2946 reply.pin_len = cp->pin_len;
24718ca5 2947 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2948
2949 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2950 if (err < 0)
a664b5bc 2951 mgmt_pending_remove(cmd);
980e1a53
JH		 2952
2953failed:
09fd0de5 2954 hci_dev_unlock(hdev);
980e1a53
JH		 2955 return err;
2956}
2957
04124681
GP		 2958static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2959 u16 len)
17fa4b9d 2960{
650f726d 2961 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2962
2963 BT_DBG("");
2964
4ec86d4c
JH		 2965 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2966 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2967 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2968
09fd0de5 2969 hci_dev_lock(hdev);
17fa4b9d
JH		 2970
2971 hdev->io_capability = cp->io_capability;
2972
2973 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2974 hdev->io_capability);
17fa4b9d 2975
09fd0de5 2976 hci_dev_unlock(hdev);
17fa4b9d 2977
04124681
GP		 2978 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2979 0);
17fa4b9d
JH		 2980}
2981
6039aa73 2982static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2983{
2984 struct hci_dev *hdev = conn->hdev;
8035ded4 2985 struct pending_cmd *cmd;
e9a416b5 2986
2e58ef3e 2987 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2988 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2989 continue;
2990
e9a416b5
JH		 2991 if (cmd->user_data != conn)
2992 continue;
2993
2994 return cmd;
2995 }
2996
2997 return NULL;
2998}
2999
3000static void pairing_complete(struct pending_cmd *cmd, u8 status)
3001{
3002 struct mgmt_rp_pair_device rp;
3003 struct hci_conn *conn = cmd->user_data;
3004
61b1a7fb
JH		 3005 bacpy(&rp.addr.bdaddr, &conn->dst);
3006 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3007
aee9b218 3008 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3009 &rp, sizeof(rp));
e9a416b5
JH		 3010
3011 /* So we don't get further callbacks for this connection */
3012 conn->connect_cfm_cb = NULL;
3013 conn->security_cfm_cb = NULL;
3014 conn->disconn_cfm_cb = NULL;
3015
76a68ba0 3016 hci_conn_drop(conn);
e9a416b5 3017
a664b5bc 3018 mgmt_pending_remove(cmd);
e9a416b5
JH		 3019}
3020
f4a407be
JH		 3021void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3022{
3023 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3024 struct pending_cmd *cmd;
3025
3026 cmd = find_pairing(conn);
3027 if (cmd)
3028 pairing_complete(cmd, status);
3029}
3030
e9a416b5
JH		 3031static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3032{
3033 struct pending_cmd *cmd;
3034
3035 BT_DBG("status %u", status);
3036
3037 cmd = find_pairing(conn);
56e5cb86 3038 if (!cmd)
e9a416b5 3039 BT_DBG("Unable to find a pending command");
56e5cb86 3040 else
e211326c 3041 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3042}
3043
f4a407be 3044static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3045{
3046 struct pending_cmd *cmd;
3047
3048 BT_DBG("status %u", status);
3049
3050 if (!status)
3051 return;
3052
3053 cmd = find_pairing(conn);
3054 if (!cmd)
3055 BT_DBG("Unable to find a pending command");
3056 else
3057 pairing_complete(cmd, mgmt_status(status));
3058}
3059
bdb6d971 3060static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3061 u16 len)
e9a416b5 3062{
650f726d 3063 struct mgmt_cp_pair_device *cp = data;
1425acb7 3064 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3065 struct pending_cmd *cmd;
3066 u8 sec_level, auth_type;
3067 struct hci_conn *conn;
e9a416b5
JH		 3068 int err;
3069
3070 BT_DBG("");
3071
f950a30e
SJ		 3072 memset(&rp, 0, sizeof(rp));
3073 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3074 rp.addr.type = cp->addr.type;
3075
4ee71b20
JH		 3076 if (!bdaddr_type_is_valid(cp->addr.type))
3077 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3078 MGMT_STATUS_INVALID_PARAMS,
3079 &rp, sizeof(rp));
3080
4ec86d4c
JH		 3081 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3082 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3083 MGMT_STATUS_INVALID_PARAMS,
3084 &rp, sizeof(rp));
3085
09fd0de5 3086 hci_dev_lock(hdev);
e9a416b5 3087
5f97c1df 3088 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3089 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3090 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3091 goto unlock;
3092 }
3093
c908df36 3094 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3095 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3096
6f77d8c7 3097 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3098 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3099 auth_type);
6f77d8c7
AG		 3100 } else {
3101 u8 addr_type;
3102
3103 /* Convert from L2CAP channel address type to HCI address type
3104 */
3105 if (cp->addr.type == BDADDR_LE_PUBLIC)
3106 addr_type = ADDR_LE_DEV_PUBLIC;
3107 else
3108 addr_type = ADDR_LE_DEV_RANDOM;
3109
7c264b10
MH		 3110 /* When pairing a new device, it is expected to remember
3111 * this device for future connections. Adding the connection
3112 * parameter information ahead of time allows tracking
3113 * of the slave preferred values and will speed up any
3114 * further connection establishment.
3115 *
3116 * If connection parameters already exist, then they
3117 * will be kept and this function does nothing.
3118 */
3119 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3120
cdd6275e 3121 /* Request a connection with master = true role */
6f77d8c7 3122 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
cdd6275e 3123 sec_level, HCI_LE_CONN_TIMEOUT, true);
6f77d8c7 3124 }
7a512d01 3125
30e76272 3126 if (IS_ERR(conn)) {
489dc48e
AK		 3127 int status;
3128
3129 if (PTR_ERR(conn) == -EBUSY)
3130 status = MGMT_STATUS_BUSY;
3131 else
3132 status = MGMT_STATUS_CONNECT_FAILED;
3133
bdb6d971 3134 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3135 status, &rp,
04124681 3136 sizeof(rp));
e9a416b5
JH		 3137 goto unlock;
3138 }
3139
3140 if (conn->connect_cfm_cb) {
76a68ba0 3141 hci_conn_drop(conn);
bdb6d971 3142 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3143 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3144 goto unlock;
3145 }
3146
2e58ef3e 3147 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3148 if (!cmd) {
3149 err = -ENOMEM;
76a68ba0 3150 hci_conn_drop(conn);
e9a416b5
JH		 3151 goto unlock;
3152 }
3153
7a512d01 3154 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3155 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3156 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3157 conn->security_cfm_cb = pairing_complete_cb;
3158 conn->disconn_cfm_cb = pairing_complete_cb;
3159 } else {
3160 conn->connect_cfm_cb = le_pairing_complete_cb;
3161 conn->security_cfm_cb = le_pairing_complete_cb;
3162 conn->disconn_cfm_cb = le_pairing_complete_cb;
3163 }
7a512d01 3164
e9a416b5
JH		 3165 conn->io_capability = cp->io_cap;
3166 cmd->user_data = conn;
3167
3168 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3169 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3170 pairing_complete(cmd, 0);
3171
3172 err = 0;
3173
3174unlock:
09fd0de5 3175 hci_dev_unlock(hdev);
e9a416b5
JH		 3176 return err;
3177}
3178
04124681
GP		 3179static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3180 u16 len)
28424707 3181{
0f4e68cf 3182 struct mgmt_addr_info *addr = data;
28424707
JH		 3183 struct pending_cmd *cmd;
3184 struct hci_conn *conn;
3185 int err;
3186
3187 BT_DBG("");
3188
28424707
JH		 3189 hci_dev_lock(hdev);
3190
5f97c1df 3191 if (!hdev_is_powered(hdev)) {
bdb6d971 3192 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3193 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3194 goto unlock;
3195 }
3196
28424707
JH		 3197 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3198 if (!cmd) {
bdb6d971 3199 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3200 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3201 goto unlock;
3202 }
3203
3204 conn = cmd->user_data;
3205
3206 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3207 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3208 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3209 goto unlock;
3210 }
3211
3212 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3213
bdb6d971 3214 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3215 addr, sizeof(*addr));
28424707
JH		 3216unlock:
3217 hci_dev_unlock(hdev);
28424707
JH		 3218 return err;
3219}
3220
bdb6d971 3221static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3222 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3223 u16 hci_op, __le32 passkey)
a5c29683 3224{
a5c29683 3225 struct pending_cmd *cmd;
0df4c185 3226 struct hci_conn *conn;
a5c29683
JH		 3227 int err;
3228
09fd0de5 3229 hci_dev_lock(hdev);
08ba5382 3230
4b34ee78 3231 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3232 err = cmd_complete(sk, hdev->id, mgmt_op,
3233 MGMT_STATUS_NOT_POWERED, addr,
3234 sizeof(*addr));
0df4c185 3235 goto done;
a5c29683
JH		 3236 }
3237
1707c60e
JH		 3238 if (addr->type == BDADDR_BREDR)
3239 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3240 else
1707c60e 3241 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3242
3243 if (!conn) {
feb94d3d
JH		 3244 err = cmd_complete(sk, hdev->id, mgmt_op,
3245 MGMT_STATUS_NOT_CONNECTED, addr,
3246 sizeof(*addr));
272d90df
JH		 3247 goto done;
3248 }
47c15e2b 3249
1707c60e 3250 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3251 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3252 if (!err)
feb94d3d
JH		 3253 err = cmd_complete(sk, hdev->id, mgmt_op,
3254 MGMT_STATUS_SUCCESS, addr,
3255 sizeof(*addr));
5fe57d9e 3256 else
feb94d3d
JH		 3257 err = cmd_complete(sk, hdev->id, mgmt_op,
3258 MGMT_STATUS_FAILED, addr,
3259 sizeof(*addr));
47c15e2b 3260
47c15e2b
BG		 3261 goto done;
3262 }
3263
1707c60e 3264 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3265 if (!cmd) {
3266 err = -ENOMEM;
0df4c185 3267 goto done;
a5c29683
JH		 3268 }
3269
0df4c185 3270 /* Continue with pairing via HCI */
604086b7
BG		 3271 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3272 struct hci_cp_user_passkey_reply cp;
3273
1707c60e 3274 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3275 cp.passkey = passkey;
3276 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3277 } else
1707c60e
JH		 3278 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3279 &addr->bdaddr);
604086b7 3280
a664b5bc
JH		 3281 if (err < 0)
3282 mgmt_pending_remove(cmd);
a5c29683 3283
0df4c185 3284done:
09fd0de5 3285 hci_dev_unlock(hdev);
a5c29683
JH		 3286 return err;
3287}
3288
afeb019d
JK		 3289static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3290 void *data, u16 len)
3291{
3292 struct mgmt_cp_pin_code_neg_reply *cp = data;
3293
3294 BT_DBG("");
3295
1707c60e 3296 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3297 MGMT_OP_PIN_CODE_NEG_REPLY,
3298 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3299}
3300
04124681
GP		 3301static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3302 u16 len)
0df4c185 3303{
650f726d 3304 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3305
3306 BT_DBG("");
3307
3308 if (len != sizeof(*cp))
bdb6d971 3309 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3310 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3311
1707c60e 3312 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3313 MGMT_OP_USER_CONFIRM_REPLY,
3314 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3315}
3316
bdb6d971 3317static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3318 void *data, u16 len)
0df4c185 3319{
c9c2659f 3320 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3321
3322 BT_DBG("");
3323
1707c60e 3324 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3325 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3326 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3327}
3328
04124681
GP		 3329static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3330 u16 len)
604086b7 3331{
650f726d 3332 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3333
3334 BT_DBG("");
3335
1707c60e 3336 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3337 MGMT_OP_USER_PASSKEY_REPLY,
3338 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3339}
3340
bdb6d971 3341static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3342 void *data, u16 len)
604086b7 3343{
650f726d 3344 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3345
3346 BT_DBG("");
3347
1707c60e 3348 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3349 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3350 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3351}
3352
13928971 3353static void update_name(struct hci_request *req)
2b4bf397 3354{
13928971 3355 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3356 struct hci_cp_write_local_name cp;
3357
13928971 3358 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3359
890ea898 3360 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3361}
3362
13928971
JH		 3363static void set_name_complete(struct hci_dev *hdev, u8 status)
3364{
3365 struct mgmt_cp_set_local_name *cp;
3366 struct pending_cmd *cmd;
3367
3368 BT_DBG("status 0x%02x", status);
3369
3370 hci_dev_lock(hdev);
3371
3372 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3373 if (!cmd)
3374 goto unlock;
3375
3376 cp = cmd->param;
3377
3378 if (status)
3379 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3380 mgmt_status(status));
3381 else
3382 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3383 cp, sizeof(*cp));
3384
3385 mgmt_pending_remove(cmd);
3386
3387unlock:
3388 hci_dev_unlock(hdev);
3389}
3390
bdb6d971 3391static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3392 u16 len)
b312b161 3393{
2b4bf397 3394 struct mgmt_cp_set_local_name *cp = data;
b312b161 3395 struct pending_cmd *cmd;
890ea898 3396 struct hci_request req;
b312b161
JH		 3397 int err;
3398
3399 BT_DBG("");
3400
09fd0de5 3401 hci_dev_lock(hdev);
b312b161 3402
b3f2ca94
JH		 3403 /* If the old values are the same as the new ones just return a
3404 * direct command complete event.
3405 */
3406 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3407 !memcmp(hdev->short_name, cp->short_name,
3408 sizeof(hdev->short_name))) {
3409 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3410 data, len);
3411 goto failed;
3412 }
3413
2b4bf397 3414 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3415
b5235a65 3416 if (!hdev_is_powered(hdev)) {
2b4bf397 3417 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3418
3419 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3420 data, len);
28cc7bde
JH		 3421 if (err < 0)
3422 goto failed;
3423
3424 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3425 sk);
28cc7bde 3426
b5235a65
JH		 3427 goto failed;
3428 }
3429
28cc7bde 3430 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3431 if (!cmd) {
3432 err = -ENOMEM;
3433 goto failed;
3434 }
3435
13928971
JH		 3436 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3437
890ea898 3438 hci_req_init(&req, hdev);
3f985050
JH		 3439
3440 if (lmp_bredr_capable(hdev)) {
3441 update_name(&req);
3442 update_eir(&req);
3443 }
3444
7a5f4990
MH		 3445 /* The name is stored in the scan response data and so
3446 * no need to udpate the advertising data here.
3447 */
3f985050 3448 if (lmp_le_capable(hdev))
7a5f4990 3449 update_scan_rsp_data(&req);
3f985050 3450
13928971 3451 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3452 if (err < 0)
3453 mgmt_pending_remove(cmd);
3454
3455failed:
09fd0de5 3456 hci_dev_unlock(hdev);
b312b161
JH		 3457 return err;
3458}
3459
0f4e68cf 3460static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3461 void *data, u16 data_len)
c35938b2 3462{
c35938b2
SJ		 3463 struct pending_cmd *cmd;
3464 int err;
3465
bdb6d971 3466 BT_DBG("%s", hdev->name);
c35938b2 3467
09fd0de5 3468 hci_dev_lock(hdev);
c35938b2 3469
4b34ee78 3470 if (!hdev_is_powered(hdev)) {
bdb6d971 3471 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3472 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3473 goto unlock;
3474 }
3475
9a1a1996 3476 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3477 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3478 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3479 goto unlock;
3480 }
3481
2e58ef3e 3482 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3483 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3484 MGMT_STATUS_BUSY);
c35938b2
SJ		 3485 goto unlock;
3486 }
3487
2e58ef3e 3488 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3489 if (!cmd) {
3490 err = -ENOMEM;
3491 goto unlock;
3492 }
3493
4d2d2796
MH		 3494 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3495 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3496 0, NULL);
3497 else
3498 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3499
c35938b2
SJ		 3500 if (err < 0)
3501 mgmt_pending_remove(cmd);
3502
3503unlock:
09fd0de5 3504 hci_dev_unlock(hdev);
c35938b2
SJ		 3505 return err;
3506}
3507
bdb6d971 3508static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3509 void *data, u16 len)
2763eda6 3510{
2763eda6
SJ		 3511 int err;
3512
bdb6d971 3513 BT_DBG("%s ", hdev->name);
2763eda6 3514
09fd0de5 3515 hci_dev_lock(hdev);
2763eda6 3516
ec109113
MH		 3517 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3518 struct mgmt_cp_add_remote_oob_data *cp = data;
3519 u8 status;
bf1e3541 3520
ec109113
MH		 3521 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3522 cp->hash, cp->randomizer);
3523 if (err < 0)
3524 status = MGMT_STATUS_FAILED;
3525 else
3526 status = MGMT_STATUS_SUCCESS;
3527
3528 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3529 status, &cp->addr, sizeof(cp->addr));
3530 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3531 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3532 u8 status;
3533
3534 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3535 cp->hash192,
3536 cp->randomizer192,
3537 cp->hash256,
3538 cp->randomizer256);
3539 if (err < 0)
3540 status = MGMT_STATUS_FAILED;
3541 else
3542 status = MGMT_STATUS_SUCCESS;
3543
3544 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3545 status, &cp->addr, sizeof(cp->addr));
3546 } else {
3547 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3548 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3549 MGMT_STATUS_INVALID_PARAMS);
3550 }
2763eda6 3551
09fd0de5 3552 hci_dev_unlock(hdev);
2763eda6
SJ		 3553 return err;
3554}
3555
bdb6d971 3556static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3557 void *data, u16 len)
2763eda6 3558{
650f726d 3559 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3560 u8 status;
2763eda6
SJ		 3561 int err;
3562
bdb6d971 3563 BT_DBG("%s", hdev->name);
2763eda6 3564
09fd0de5 3565 hci_dev_lock(hdev);
2763eda6 3566
664ce4cc 3567 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3568 if (err < 0)
bf1e3541 3569 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3570 else
a6785be2 3571 status = MGMT_STATUS_SUCCESS;
bf1e3541 3572
bdb6d971 3573 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3574 status, &cp->addr, sizeof(cp->addr));
2763eda6 3575
09fd0de5 3576 hci_dev_unlock(hdev);
2763eda6
SJ		 3577 return err;
3578}
3579
41dc2bd6
AG		 3580static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3581{
3582 struct pending_cmd *cmd;
3583 u8 type;
3584 int err;
3585
3586 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3587
3588 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3589 if (!cmd)
3590 return -ENOENT;
3591
3592 type = hdev->discovery.type;
3593
3594 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3595 &type, sizeof(type));
3596 mgmt_pending_remove(cmd);
3597
3598 return err;
3599}
3600
7c307720
AG		 3601static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3602{
ae55f598
LR		 3603 unsigned long timeout = 0;
3604
7c307720
AG		 3605 BT_DBG("status %d", status);
3606
3607 if (status) {
3608 hci_dev_lock(hdev);
3609 mgmt_start_discovery_failed(hdev, status);
3610 hci_dev_unlock(hdev);
3611 return;
3612 }
3613
3614 hci_dev_lock(hdev);
3615 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3616 hci_dev_unlock(hdev);
3617
3618 switch (hdev->discovery.type) {
3619 case DISCOV_TYPE_LE:
3d5a76f0 3620 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3621 break;
3622
3623 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3624 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3625 break;
3626
3627 case DISCOV_TYPE_BREDR:
3628 break;
3629
3630 default:
3631 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3632 }
ae55f598
LR		 3633
3634 if (!timeout)
3635 return;
3636
3637 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3638}
3639
bdb6d971 3640static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3641 void *data, u16 len)
14a53664 3642{
650f726d 3643 struct mgmt_cp_start_discovery *cp = data;
14a53664 3644 struct pending_cmd *cmd;
7c307720
AG		 3645 struct hci_cp_le_set_scan_param param_cp;
3646 struct hci_cp_le_set_scan_enable enable_cp;
3647 struct hci_cp_inquiry inq_cp;
3648 struct hci_request req;
3649 /* General inquiry access code (GIAC) */
3650 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3651 u8 status, own_addr_type;
14a53664
JH		 3652 int err;
3653
bdb6d971 3654 BT_DBG("%s", hdev->name);
14a53664 3655
09fd0de5 3656 hci_dev_lock(hdev);
14a53664 3657
4b34ee78 3658 if (!hdev_is_powered(hdev)) {
bdb6d971 3659 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3660 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3661 goto failed;
3662 }
3663
642be6c7
AG		 3664 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3665 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3666 MGMT_STATUS_BUSY);
3667 goto failed;
3668 }
3669
ff9ef578 3670 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3671 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3672 MGMT_STATUS_BUSY);
ff9ef578
JH		 3673 goto failed;
3674 }
3675
2e58ef3e 3676 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3677 if (!cmd) {
3678 err = -ENOMEM;
3679 goto failed;
3680 }
3681
4aab14e5
AG		 3682 hdev->discovery.type = cp->type;
3683
7c307720
AG		 3684 hci_req_init(&req, hdev);
3685
4aab14e5 3686 switch (hdev->discovery.type) {
f39799f5 3687 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3688 status = mgmt_bredr_support(hdev);
3689 if (status) {
04106755 3690 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3691 status);
04106755
JH		 3692 mgmt_pending_remove(cmd);
3693 goto failed;
3694 }
3695
7c307720
AG		 3696 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3697 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3698 MGMT_STATUS_BUSY);
3699 mgmt_pending_remove(cmd);
3700 goto failed;
3701 }
3702
3703 hci_inquiry_cache_flush(hdev);
3704
3705 memset(&inq_cp, 0, sizeof(inq_cp));
3706 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3707 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3708 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3709 break;
3710
3711 case DISCOV_TYPE_LE:
7c307720 3712 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3713 status = mgmt_le_support(hdev);
3714 if (status) {
04106755 3715 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3716 status);
04106755
JH		 3717 mgmt_pending_remove(cmd);
3718 goto failed;
3719 }
3720
7c307720 3721 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3722 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3723 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3724 MGMT_STATUS_NOT_SUPPORTED);
3725 mgmt_pending_remove(cmd);
3726 goto failed;
3727 }
3728
f3d3444a 3729 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3730 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3731 MGMT_STATUS_REJECTED);
3732 mgmt_pending_remove(cmd);
3733 goto failed;
3734 }
3735
c54c3860
AG		 3736 /* If controller is scanning, it means the background scanning
3737 * is running. Thus, we should temporarily stop it in order to
3738 * set the discovery scanning parameters.
3739 */
3740 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3741 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3742
3743 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3744
94b1fc92
MH		 3745 /* All active scans will be done with either a resolvable
3746 * private address (when privacy feature has been enabled)
3747 * or unresolvable private address.
3748 */
3749 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3750 if (err < 0) {
3751 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3752 MGMT_STATUS_FAILED);
3753 mgmt_pending_remove(cmd);
3754 goto failed;
3755 }
3756
7c307720 3757 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3758 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3759 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3760 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3761 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3762 &param_cp);
3763
3764 memset(&enable_cp, 0, sizeof(enable_cp));
3765 enable_cp.enable = LE_SCAN_ENABLE;
3766 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3767 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3768 &enable_cp);
5e0452c0
AG		 3769 break;
3770
f39799f5 3771 default:
04106755
JH		 3772 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3773 MGMT_STATUS_INVALID_PARAMS);
3774 mgmt_pending_remove(cmd);
3775 goto failed;
f39799f5 3776 }
3fd24153 3777
7c307720 3778 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3779 if (err < 0)
3780 mgmt_pending_remove(cmd);
ff9ef578
JH		 3781 else
3782 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3783
3784failed:
09fd0de5 3785 hci_dev_unlock(hdev);
14a53664
JH		 3786 return err;
3787}
3788
1183fdca
AG		 3789static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3790{
3791 struct pending_cmd *cmd;
3792 int err;
3793
3794 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3795 if (!cmd)
3796 return -ENOENT;
3797
3798 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3799 &hdev->discovery.type, sizeof(hdev->discovery.type));
3800 mgmt_pending_remove(cmd);
3801
3802 return err;
3803}
3804
0e05bba6
AG		 3805static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3806{
3807 BT_DBG("status %d", status);
3808
3809 hci_dev_lock(hdev);
3810
3811 if (status) {
3812 mgmt_stop_discovery_failed(hdev, status);
3813 goto unlock;
3814 }
3815
3816 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3817
3818unlock:
3819 hci_dev_unlock(hdev);
3820}
3821
bdb6d971 3822static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3823 u16 len)
14a53664 3824{
d930650b 3825 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3826 struct pending_cmd *cmd;
0e05bba6 3827 struct hci_request req;
14a53664
JH		 3828 int err;
3829
bdb6d971 3830 BT_DBG("%s", hdev->name);
14a53664 3831
09fd0de5 3832 hci_dev_lock(hdev);
14a53664 3833
30dc78e1 3834 if (!hci_discovery_active(hdev)) {
bdb6d971 3835 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3836 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3837 sizeof(mgmt_cp->type));
d930650b
JH		 3838 goto unlock;
3839 }
3840
3841 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3842 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3843 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3844 sizeof(mgmt_cp->type));
30dc78e1 3845 goto unlock;
ff9ef578
JH		 3846 }
3847
2e58ef3e 3848 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3849 if (!cmd) {
3850 err = -ENOMEM;
30dc78e1
JH		 3851 goto unlock;
3852 }
3853
0e05bba6
AG		 3854 hci_req_init(&req, hdev);
3855
21a60d30 3856 hci_stop_discovery(&req);
e0d9727e 3857
21a60d30
JH		 3858 err = hci_req_run(&req, stop_discovery_complete);
3859 if (!err) {
3860 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3861 goto unlock;
14a53664
JH		 3862 }
3863
21a60d30
JH		 3864 mgmt_pending_remove(cmd);
3865
3866 /* If no HCI commands were sent we're done */
3867 if (err == -ENODATA) {
3868 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3869 &mgmt_cp->type, sizeof(mgmt_cp->type));
3870 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3871 }
14a53664 3872
30dc78e1 3873unlock:
09fd0de5 3874 hci_dev_unlock(hdev);
14a53664
JH		 3875 return err;
3876}
3877
bdb6d971 3878static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3879 u16 len)
561aafbc 3880{
650f726d 3881 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3882 struct inquiry_entry *e;
561aafbc
JH		 3883 int err;
3884
bdb6d971 3885 BT_DBG("%s", hdev->name);
561aafbc 3886
561aafbc
JH		 3887 hci_dev_lock(hdev);
3888
30dc78e1 3889 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3890 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3891 MGMT_STATUS_FAILED, &cp->addr,
3892 sizeof(cp->addr));
30dc78e1
JH		 3893 goto failed;
3894 }
3895
a198e7b1 3896 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3897 if (!e) {
d3a2541d
LR		 3898 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3899 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3900 sizeof(cp->addr));
561aafbc
JH		 3901 goto failed;
3902 }
3903
3904 if (cp->name_known) {
3905 e->name_state = NAME_KNOWN;
3906 list_del(&e->list);
3907 } else {
3908 e->name_state = NAME_NEEDED;
a3d4e20a 3909 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3910 }
3911
e384662b
JH		 3912 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3913 sizeof(cp->addr));
561aafbc
JH		 3914
3915failed:
3916 hci_dev_unlock(hdev);
561aafbc
JH		 3917 return err;
3918}
3919
bdb6d971 3920static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3921 u16 len)
7fbec224 3922{
650f726d 3923 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3924 u8 status;
7fbec224
AJ		 3925 int err;
3926
bdb6d971 3927 BT_DBG("%s", hdev->name);
7fbec224 3928
4ee71b20 3929 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3930 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3931 MGMT_STATUS_INVALID_PARAMS,
3932 &cp->addr, sizeof(cp->addr));
4ee71b20 3933
09fd0de5 3934 hci_dev_lock(hdev);
5e762444 3935
88c1fe4b 3936 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3937 if (err < 0) {
f0eeea8b 3938 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3939 goto done;
3940 }
3941
3942 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3943 sk);
3944 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3945
2a8357f2 3946done:
bdb6d971 3947 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3948 &cp->addr, sizeof(cp->addr));
5e762444 3949
09fd0de5 3950 hci_dev_unlock(hdev);
7fbec224
AJ		 3951
3952 return err;
3953}
3954
bdb6d971 3955static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3956 u16 len)
7fbec224 3957{
650f726d 3958 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3959 u8 status;
7fbec224
AJ		 3960 int err;
3961
bdb6d971 3962 BT_DBG("%s", hdev->name);
7fbec224 3963
4ee71b20 3964 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3965 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3966 MGMT_STATUS_INVALID_PARAMS,
3967 &cp->addr, sizeof(cp->addr));
4ee71b20 3968
09fd0de5 3969 hci_dev_lock(hdev);
5e762444 3970
88c1fe4b 3971 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3972 if (err < 0) {
f0eeea8b 3973 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3974 goto done;
3975 }
3976
3977 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3978 sk);
3979 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3980
2a8357f2 3981done:
bdb6d971 3982 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3983 &cp->addr, sizeof(cp->addr));
5e762444 3984
09fd0de5 3985 hci_dev_unlock(hdev);
7fbec224
AJ		 3986
3987 return err;
3988}
3989
cdbaccca
MH		 3990static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3991 u16 len)
3992{
3993 struct mgmt_cp_set_device_id *cp = data;
890ea898 3994 struct hci_request req;
cdbaccca 3995 int err;
c72d4b8a 3996 __u16 source;
cdbaccca
MH		 3997
3998 BT_DBG("%s", hdev->name);
3999
c72d4b8a
SJ		 4000 source = __le16_to_cpu(cp->source);
4001
4002 if (source > 0x0002)
4003 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4004 MGMT_STATUS_INVALID_PARAMS);
4005
cdbaccca
MH		 4006 hci_dev_lock(hdev);
4007
c72d4b8a 4008 hdev->devid_source = source;
cdbaccca
MH		 4009 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4010 hdev->devid_product = __le16_to_cpu(cp->product);
4011 hdev->devid_version = __le16_to_cpu(cp->version);
4012
4013 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4014
890ea898
JH		 4015 hci_req_init(&req, hdev);
4016 update_eir(&req);
4017 hci_req_run(&req, NULL);
cdbaccca
MH		 4018
4019 hci_dev_unlock(hdev);
4020
4021 return err;
4022}
4023
4375f103
JH		 4024static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4025{
4026 struct cmd_lookup match = { NULL, hdev };
4027
4028 if (status) {
4029 u8 mgmt_err = mgmt_status(status);
4030
4031 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4032 cmd_status_rsp, &mgmt_err);
4033 return;
4034 }
4035
c93bd150
JH		 4036 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4037 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4038 else
4039 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4040
4375f103
JH		 4041 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4042 &match);
4043
4044 new_settings(hdev, match.sk);
4045
4046 if (match.sk)
4047 sock_put(match.sk);
4048}
4049
21b5187f
MH		 4050static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4051 u16 len)
4375f103
JH		 4052{
4053 struct mgmt_mode *cp = data;
4054 struct pending_cmd *cmd;
4055 struct hci_request req;
e6fe7986 4056 u8 val, enabled, status;
4375f103
JH		 4057 int err;
4058
4059 BT_DBG("request for %s", hdev->name);
4060
e6fe7986
JH		 4061 status = mgmt_le_support(hdev);
4062 if (status)
4375f103 4063 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4064 status);
4375f103
JH		 4065
4066 if (cp->val != 0x00 && cp->val != 0x01)
4067 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4068 MGMT_STATUS_INVALID_PARAMS);
4069
4070 hci_dev_lock(hdev);
4071
4072 val = !!cp->val;
f3d3444a 4073 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4074
f74ca9b8
JH		 4075 /* The following conditions are ones which mean that we should
4076 * not do any HCI communication but directly send a mgmt
4077 * response to user space (after toggling the flag if
4078 * necessary).
4079 */
4080 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 4081 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 4082 bool changed = false;
4083
f3d3444a
JH		 4084 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4085 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4086 changed = true;
4087 }
4088
4089 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4090 if (err < 0)
4091 goto unlock;
4092
4093 if (changed)
4094 err = new_settings(hdev, sk);
4095
4096 goto unlock;
4097 }
4098
4099 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4100 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4101 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4102 MGMT_STATUS_BUSY);
4103 goto unlock;
4104 }
4105
4106 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4107 if (!cmd) {
4108 err = -ENOMEM;
4109 goto unlock;
4110 }
4111
4112 hci_req_init(&req, hdev);
4113
bba3aa55
MH		 4114 if (val)
4115 enable_advertising(&req);
4116 else
4117 disable_advertising(&req);
4375f103
JH		 4118
4119 err = hci_req_run(&req, set_advertising_complete);
4120 if (err < 0)
4121 mgmt_pending_remove(cmd);
4122
4123unlock:
4124 hci_dev_unlock(hdev);
4125 return err;
4126}
4127
d13eafce
MH		 4128static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4129 void *data, u16 len)
4130{
4131 struct mgmt_cp_set_static_address *cp = data;
4132 int err;
4133
4134 BT_DBG("%s", hdev->name);
4135
62af4443 4136 if (!lmp_le_capable(hdev))
d13eafce 4137 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4138 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4139
4140 if (hdev_is_powered(hdev))
4141 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4142 MGMT_STATUS_REJECTED);
4143
4144 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4145 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4146 return cmd_status(sk, hdev->id,
4147 MGMT_OP_SET_STATIC_ADDRESS,
4148 MGMT_STATUS_INVALID_PARAMS);
4149
4150 /* Two most significant bits shall be set */
4151 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4152 return cmd_status(sk, hdev->id,
4153 MGMT_OP_SET_STATIC_ADDRESS,
4154 MGMT_STATUS_INVALID_PARAMS);
4155 }
4156
4157 hci_dev_lock(hdev);
4158
4159 bacpy(&hdev->static_addr, &cp->bdaddr);
4160
4161 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4162
4163 hci_dev_unlock(hdev);
4164
4165 return err;
4166}
4167
14b49b9a
MH		 4168static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4169 void *data, u16 len)
4170{
4171 struct mgmt_cp_set_scan_params *cp = data;
4172 __u16 interval, window;
4173 int err;
4174
4175 BT_DBG("%s", hdev->name);
4176
4177 if (!lmp_le_capable(hdev))
4178 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4179 MGMT_STATUS_NOT_SUPPORTED);
4180
4181 interval = __le16_to_cpu(cp->interval);
4182
4183 if (interval < 0x0004 || interval > 0x4000)
4184 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4185 MGMT_STATUS_INVALID_PARAMS);
4186
4187 window = __le16_to_cpu(cp->window);
4188
4189 if (window < 0x0004 || window > 0x4000)
4190 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4191 MGMT_STATUS_INVALID_PARAMS);
4192
899e1075
MH		 4193 if (window > interval)
4194 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4195 MGMT_STATUS_INVALID_PARAMS);
4196
14b49b9a
MH		 4197 hci_dev_lock(hdev);
4198
4199 hdev->le_scan_interval = interval;
4200 hdev->le_scan_window = window;
4201
4202 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4203
dd2ef8e2
AG		 4204 /* If background scan is running, restart it so new parameters are
4205 * loaded.
4206 */
4207 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4208 hdev->discovery.state == DISCOVERY_STOPPED) {
4209 struct hci_request req;
4210
4211 hci_req_init(&req, hdev);
4212
4213 hci_req_add_le_scan_disable(&req);
4214 hci_req_add_le_passive_scan(&req);
4215
4216 hci_req_run(&req, NULL);
4217 }
4218
14b49b9a
MH		 4219 hci_dev_unlock(hdev);
4220
4221 return err;
4222}
4223
33e38b3e
JH		 4224static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4225{
4226 struct pending_cmd *cmd;
4227
4228 BT_DBG("status 0x%02x", status);
4229
4230 hci_dev_lock(hdev);
4231
4232 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4233 if (!cmd)
4234 goto unlock;
4235
4236 if (status) {
4237 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4238 mgmt_status(status));
4239 } else {
1a4d3c4b
JH		 4240 struct mgmt_mode *cp = cmd->param;
4241
4242 if (cp->val)
4243 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4244 else
4245 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4246
33e38b3e
JH		 4247 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4248 new_settings(hdev, cmd->sk);
4249 }
4250
4251 mgmt_pending_remove(cmd);
4252
4253unlock:
4254 hci_dev_unlock(hdev);
4255}
4256
bdb6d971 4257static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4258 void *data, u16 len)
f6422ec6 4259{
650f726d 4260 struct mgmt_mode *cp = data;
33e38b3e
JH		 4261 struct pending_cmd *cmd;
4262 struct hci_request req;
f6422ec6
AJ		 4263 int err;
4264
bdb6d971 4265 BT_DBG("%s", hdev->name);
f6422ec6 4266
56f87901
JH		 4267 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4268 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4269 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4270 MGMT_STATUS_NOT_SUPPORTED);
4271
a7e80f25
JH		 4272 if (cp->val != 0x00 && cp->val != 0x01)
4273 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4274 MGMT_STATUS_INVALID_PARAMS);
4275
5400c044 4276 if (!hdev_is_powered(hdev))
bdb6d971 4277 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4278 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4279
4280 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4281 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4282 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4283
4284 hci_dev_lock(hdev);
4285
05cbf29f
JH		 4286 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4287 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4288 MGMT_STATUS_BUSY);
4289 goto unlock;
4290 }
4291
1a4d3c4b
JH		 4292 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4293 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4294 hdev);
4295 goto unlock;
4296 }
4297
33e38b3e
JH		 4298 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4299 data, len);
4300 if (!cmd) {
4301 err = -ENOMEM;
4302 goto unlock;
f6422ec6
AJ		 4303 }
4304
33e38b3e
JH		 4305 hci_req_init(&req, hdev);
4306
406d7804 4307 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4308
4309 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4310 if (err < 0) {
bdb6d971 4311 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4312 MGMT_STATUS_FAILED);
33e38b3e 4313 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4314 }
4315
33e38b3e 4316unlock:
f6422ec6 4317 hci_dev_unlock(hdev);
33e38b3e 4318
f6422ec6
AJ		 4319 return err;
4320}
4321
67e5a7a3
JH		 4322static void set_bredr_scan(struct hci_request *req)
4323{
4324 struct hci_dev *hdev = req->hdev;
4325 u8 scan = 0;
4326
4327 /* Ensure that fast connectable is disabled. This function will
4328 * not do anything if the page scan parameters are already what
4329 * they should be.
4330 */
4331 write_fast_connectable(req, false);
4332
4333 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4334 scan |= SCAN_PAGE;
4335 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4336 scan |= SCAN_INQUIRY;
4337
4338 if (scan)
4339 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4340}
4341
0663ca2a
JH		 4342static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4343{
4344 struct pending_cmd *cmd;
4345
4346 BT_DBG("status 0x%02x", status);
4347
4348 hci_dev_lock(hdev);
4349
4350 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4351 if (!cmd)
4352 goto unlock;
4353
4354 if (status) {
4355 u8 mgmt_err = mgmt_status(status);
4356
4357 /* We need to restore the flag if related HCI commands
4358 * failed.
4359 */
4360 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4361
4362 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4363 } else {
4364 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4365 new_settings(hdev, cmd->sk);
4366 }
4367
4368 mgmt_pending_remove(cmd);
4369
4370unlock:
4371 hci_dev_unlock(hdev);
4372}
4373
4374static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4375{
4376 struct mgmt_mode *cp = data;
4377 struct pending_cmd *cmd;
4378 struct hci_request req;
4379 int err;
4380
4381 BT_DBG("request for %s", hdev->name);
4382
4383 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4384 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4385 MGMT_STATUS_NOT_SUPPORTED);
4386
4387 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4388 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4389 MGMT_STATUS_REJECTED);
4390
4391 if (cp->val != 0x00 && cp->val != 0x01)
4392 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4393 MGMT_STATUS_INVALID_PARAMS);
4394
4395 hci_dev_lock(hdev);
4396
4397 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4398 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4399 goto unlock;
4400 }
4401
4402 if (!hdev_is_powered(hdev)) {
4403 if (!cp->val) {
0663ca2a
JH		 4404 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4405 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4406 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4407 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4408 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4409 }
4410
4411 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4412
4413 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4414 if (err < 0)
4415 goto unlock;
4416
4417 err = new_settings(hdev, sk);
4418 goto unlock;
4419 }
4420
4421 /* Reject disabling when powered on */
4422 if (!cp->val) {
4423 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4424 MGMT_STATUS_REJECTED);
4425 goto unlock;
4426 }
4427
4428 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4429 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4430 MGMT_STATUS_BUSY);
4431 goto unlock;
4432 }
4433
4434 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4435 if (!cmd) {
4436 err = -ENOMEM;
4437 goto unlock;
4438 }
4439
5947f4bc 4440 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4441 * generates the correct flags.
4442 */
4443 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4444
4445 hci_req_init(&req, hdev);
aa8af46e
JH		 4446
4447 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4448 set_bredr_scan(&req);
4449
f14d8f64
MH		 4450 /* Since only the advertising data flags will change, there
4451 * is no need to update the scan response data.
4452 */
5947f4bc 4453 update_adv_data(&req);
aa8af46e 4454
0663ca2a
JH		 4455 err = hci_req_run(&req, set_bredr_complete);
4456 if (err < 0)
4457 mgmt_pending_remove(cmd);
4458
4459unlock:
4460 hci_dev_unlock(hdev);
4461 return err;
4462}
4463
eac83dc6
MH		 4464static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4465 void *data, u16 len)
4466{
4467 struct mgmt_mode *cp = data;
4468 struct pending_cmd *cmd;
0ab04a9c 4469 u8 val, status;
eac83dc6
MH		 4470 int err;
4471
4472 BT_DBG("request for %s", hdev->name);
4473
4474 status = mgmt_bredr_support(hdev);
4475 if (status)
4476 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4477 status);
4478
5afeac14 4479 if (!lmp_sc_capable(hdev) &&
111902f7 4480 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4481 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4482 MGMT_STATUS_NOT_SUPPORTED);
4483
0ab04a9c 4484 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4485 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4486 MGMT_STATUS_INVALID_PARAMS);
4487
4488 hci_dev_lock(hdev);
4489
4490 if (!hdev_is_powered(hdev)) {
4491 bool changed;
4492
0ab04a9c 4493 if (cp->val) {
eac83dc6
MH		 4494 changed = !test_and_set_bit(HCI_SC_ENABLED,
4495 &hdev->dev_flags);
0ab04a9c
MH		 4496 if (cp->val == 0x02)
4497 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4498 else
4499 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4500 } else {
eac83dc6
MH		 4501 changed = test_and_clear_bit(HCI_SC_ENABLED,
4502 &hdev->dev_flags);
0ab04a9c
MH		 4503 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4504 }
eac83dc6
MH		 4505
4506 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4507 if (err < 0)
4508 goto failed;
4509
4510 if (changed)
4511 err = new_settings(hdev, sk);
4512
4513 goto failed;
4514 }
4515
4516 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4517 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4518 MGMT_STATUS_BUSY);
4519 goto failed;
4520 }
4521
0ab04a9c
MH		 4522 val = !!cp->val;
4523
4524 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4525 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4526 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4527 goto failed;
4528 }
4529
4530 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4531 if (!cmd) {
4532 err = -ENOMEM;
4533 goto failed;
4534 }
4535
0ab04a9c 4536 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4537 if (err < 0) {
4538 mgmt_pending_remove(cmd);
4539 goto failed;
4540 }
4541
0ab04a9c
MH		 4542 if (cp->val == 0x02)
4543 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4544 else
4545 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4546
eac83dc6
MH		 4547failed:
4548 hci_dev_unlock(hdev);
4549 return err;
4550}
4551
4e39ac81
MH		 4552static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4553 void *data, u16 len)
4554{
4555 struct mgmt_mode *cp = data;
b9710979 4556 bool changed, use_changed;
4e39ac81
MH		 4557 int err;
4558
4559 BT_DBG("request for %s", hdev->name);
4560
b9710979 4561 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4562 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4563 MGMT_STATUS_INVALID_PARAMS);
4564
4565 hci_dev_lock(hdev);
4566
4567 if (cp->val)
0663b297
JH		 4568 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4569 &hdev->dev_flags);
4e39ac81 4570 else
0663b297
JH		 4571 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4572 &hdev->dev_flags);
4e39ac81 4573
b9710979
JH		 4574 if (cp->val == 0x02)
4575 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4576 &hdev->dev_flags);
4577 else
4578 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4579 &hdev->dev_flags);
4580
4581 if (hdev_is_powered(hdev) && use_changed &&
4582 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4583 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4584 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4585 sizeof(mode), &mode);
4586 }
4587
4e39ac81
MH		 4588 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4589 if (err < 0)
4590 goto unlock;
4591
4592 if (changed)
4593 err = new_settings(hdev, sk);
4594
4595unlock:
4596 hci_dev_unlock(hdev);
4597 return err;
4598}
4599
62b04cd1
JH		 4600static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4601 u16 len)
4602{
4603 struct mgmt_cp_set_privacy *cp = cp_data;
4604 bool changed;
4605 int err;
4606
4607 BT_DBG("request for %s", hdev->name);
4608
4609 if (!lmp_le_capable(hdev))
4610 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4611 MGMT_STATUS_NOT_SUPPORTED);
4612
4613 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4614 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4615 MGMT_STATUS_INVALID_PARAMS);
4616
4617 if (hdev_is_powered(hdev))
4618 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4619 MGMT_STATUS_REJECTED);
4620
4621 hci_dev_lock(hdev);
4622
c21c0ea0
JH		 4623 /* If user space supports this command it is also expected to
4624 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4625 */
4626 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4627
62b04cd1
JH		 4628 if (cp->privacy) {
4629 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4630 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4631 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4632 } else {
4633 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4634 memset(hdev->irk, 0, sizeof(hdev->irk));
4635 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4636 }
4637
4638 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4639 if (err < 0)
4640 goto unlock;
4641
4642 if (changed)
4643 err = new_settings(hdev, sk);
4644
4645unlock:
4646 hci_dev_unlock(hdev);
4647 return err;
4648}
4649
41edf160
JH		 4650static bool irk_is_valid(struct mgmt_irk_info *irk)
4651{
4652 switch (irk->addr.type) {
4653 case BDADDR_LE_PUBLIC:
4654 return true;
4655
4656 case BDADDR_LE_RANDOM:
4657 /* Two most significant bits shall be set */
4658 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4659 return false;
4660 return true;
4661 }
4662
4663 return false;
4664}
4665
4666static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4667 u16 len)
4668{
4669 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4670 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4671 sizeof(struct mgmt_irk_info));
41edf160
JH		 4672 u16 irk_count, expected_len;
4673 int i, err;
4674
4675 BT_DBG("request for %s", hdev->name);
4676
4677 if (!lmp_le_capable(hdev))
4678 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4679 MGMT_STATUS_NOT_SUPPORTED);
4680
4681 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4682 if (irk_count > max_irk_count) {
4683 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4684 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4685 MGMT_STATUS_INVALID_PARAMS);
4686 }
41edf160
JH		 4687
4688 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4689 if (expected_len != len) {
4690 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4691 expected_len, len);
41edf160
JH		 4692 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4693 MGMT_STATUS_INVALID_PARAMS);
4694 }
4695
4696 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4697
4698 for (i = 0; i < irk_count; i++) {
4699 struct mgmt_irk_info *key = &cp->irks[i];
4700
4701 if (!irk_is_valid(key))
4702 return cmd_status(sk, hdev->id,
4703 MGMT_OP_LOAD_IRKS,
4704 MGMT_STATUS_INVALID_PARAMS);
4705 }
4706
4707 hci_dev_lock(hdev);
4708
4709 hci_smp_irks_clear(hdev);
4710
4711 for (i = 0; i < irk_count; i++) {
4712 struct mgmt_irk_info *irk = &cp->irks[i];
4713 u8 addr_type;
4714
4715 if (irk->addr.type == BDADDR_LE_PUBLIC)
4716 addr_type = ADDR_LE_DEV_PUBLIC;
4717 else
4718 addr_type = ADDR_LE_DEV_RANDOM;
4719
4720 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4721 BDADDR_ANY);
4722 }
4723
4724 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4725
4726 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4727
4728 hci_dev_unlock(hdev);
4729
4730 return err;
4731}
4732
3f706b72
JH		 4733static bool ltk_is_valid(struct mgmt_ltk_info *key)
4734{
4735 if (key->master != 0x00 && key->master != 0x01)
4736 return false;
490cb0b3
MH		 4737
4738 switch (key->addr.type) {
4739 case BDADDR_LE_PUBLIC:
4740 return true;
4741
4742 case BDADDR_LE_RANDOM:
4743 /* Two most significant bits shall be set */
4744 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4745 return false;
4746 return true;
4747 }
4748
4749 return false;
3f706b72
JH		 4750}
4751
bdb6d971 4752static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4753 void *cp_data, u16 len)
346af67b 4754{
346af67b 4755 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4756 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4757 sizeof(struct mgmt_ltk_info));
346af67b 4758 u16 key_count, expected_len;
715a5bf2 4759 int i, err;
346af67b 4760
cf99ba13
MH		 4761 BT_DBG("request for %s", hdev->name);
4762
4763 if (!lmp_le_capable(hdev))
4764 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4765 MGMT_STATUS_NOT_SUPPORTED);
4766
1f350c87 4767 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4768 if (key_count > max_key_count) {
4769 BT_ERR("load_ltks: too big key_count value %u", key_count);
4770 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4771 MGMT_STATUS_INVALID_PARAMS);
4772 }
346af67b
VCG		 4773
4774 expected_len = sizeof(*cp) + key_count *
4775 sizeof(struct mgmt_ltk_info);
4776 if (expected_len != len) {
4777 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4778 expected_len, len);
bdb6d971 4779 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4780 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4781 }
4782
bdb6d971 4783 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4784
54ad6d8a
JH		 4785 for (i = 0; i < key_count; i++) {
4786 struct mgmt_ltk_info *key = &cp->keys[i];
4787
3f706b72 4788 if (!ltk_is_valid(key))
54ad6d8a
JH		 4789 return cmd_status(sk, hdev->id,
4790 MGMT_OP_LOAD_LONG_TERM_KEYS,
4791 MGMT_STATUS_INVALID_PARAMS);
4792 }
4793
346af67b
VCG		 4794 hci_dev_lock(hdev);
4795
4796 hci_smp_ltks_clear(hdev);
4797
4798 for (i = 0; i < key_count; i++) {
4799 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4800 u8 type, addr_type, authenticated;
79d95a19
MH		 4801
4802 if (key->addr.type == BDADDR_LE_PUBLIC)
4803 addr_type = ADDR_LE_DEV_PUBLIC;
4804 else
4805 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4806
4807 if (key->master)
2ceba539 4808 type = SMP_LTK;
346af67b 4809 else
2ceba539 4810 type = SMP_LTK_SLAVE;
346af67b 4811
61b43357
JH		 4812 switch (key->type) {
4813 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4814 authenticated = 0x00;
61b43357
JH		 4815 break;
4816 case MGMT_LTK_AUTHENTICATED:
d7b25450 4817 authenticated = 0x01;
61b43357
JH		 4818 break;
4819 default:
4820 continue;
4821 }
d7b25450 4822
35d70271 4823 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4824 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4825 key->rand);
346af67b
VCG		 4826 }
4827
715a5bf2
JH		 4828 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4829 NULL, 0);
4830
346af67b 4831 hci_dev_unlock(hdev);
346af67b 4832
715a5bf2 4833 return err;
346af67b
VCG		 4834}
4835
dd983808
AK		 4836struct cmd_conn_lookup {
4837 struct hci_conn *conn;
4838 bool valid_tx_power;
4839 u8 mgmt_status;
4840};
4841
4842static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4843{
4844 struct cmd_conn_lookup *match = data;
4845 struct mgmt_cp_get_conn_info *cp;
4846 struct mgmt_rp_get_conn_info rp;
4847 struct hci_conn *conn = cmd->user_data;
4848
4849 if (conn != match->conn)
4850 return;
4851
4852 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4853
4854 memset(&rp, 0, sizeof(rp));
4855 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4856 rp.addr.type = cp->addr.type;
4857
4858 if (!match->mgmt_status) {
4859 rp.rssi = conn->rssi;
4860
eed5daf3 4861 if (match->valid_tx_power) {
dd983808 4862 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4863 rp.max_tx_power = conn->max_tx_power;
4864 } else {
dd983808 4865 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4866 rp.max_tx_power = HCI_TX_POWER_INVALID;
4867 }
dd983808
AK		 4868 }
4869
4870 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4871 match->mgmt_status, &rp, sizeof(rp));
4872
4873 hci_conn_drop(conn);
4874
4875 mgmt_pending_remove(cmd);
4876}
4877
4878static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4879{
4880 struct hci_cp_read_rssi *cp;
4881 struct hci_conn *conn;
4882 struct cmd_conn_lookup match;
4883 u16 handle;
4884
4885 BT_DBG("status 0x%02x", status);
4886
4887 hci_dev_lock(hdev);
4888
4889 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4890 * otherwise we assume it's not valid. At the moment we assume that
4891 * either both or none of current and max values are valid to keep code
4892 * simple.
dd983808
AK		 4893 */
4894 match.valid_tx_power = !status;
4895
4896 /* Commands sent in request are either Read RSSI or Read Transmit Power
4897 * Level so we check which one was last sent to retrieve connection
4898 * handle. Both commands have handle as first parameter so it's safe to
4899 * cast data on the same command struct.
4900 *
4901 * First command sent is always Read RSSI and we fail only if it fails.
4902 * In other case we simply override error to indicate success as we
4903 * already remembered if TX power value is actually valid.
4904 */
4905 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4906 if (!cp) {
4907 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4908 status = 0;
4909 }
4910
4911 if (!cp) {
4912 BT_ERR("invalid sent_cmd in response");
4913 goto unlock;
4914 }
4915
4916 handle = __le16_to_cpu(cp->handle);
4917 conn = hci_conn_hash_lookup_handle(hdev, handle);
4918 if (!conn) {
4919 BT_ERR("unknown handle (%d) in response", handle);
4920 goto unlock;
4921 }
4922
4923 match.conn = conn;
4924 match.mgmt_status = mgmt_status(status);
4925
4926 /* Cache refresh is complete, now reply for mgmt request for given
4927 * connection only.
4928 */
4929 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4930 get_conn_info_complete, &match);
4931
4932unlock:
4933 hci_dev_unlock(hdev);
4934}
4935
4936static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4937 u16 len)
4938{
4939 struct mgmt_cp_get_conn_info *cp = data;
4940 struct mgmt_rp_get_conn_info rp;
4941 struct hci_conn *conn;
4942 unsigned long conn_info_age;
4943 int err = 0;
4944
4945 BT_DBG("%s", hdev->name);
4946
4947 memset(&rp, 0, sizeof(rp));
4948 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4949 rp.addr.type = cp->addr.type;
4950
4951 if (!bdaddr_type_is_valid(cp->addr.type))
4952 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4953 MGMT_STATUS_INVALID_PARAMS,
4954 &rp, sizeof(rp));
4955
4956 hci_dev_lock(hdev);
4957
4958 if (!hdev_is_powered(hdev)) {
4959 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4960 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4961 goto unlock;
4962 }
4963
4964 if (cp->addr.type == BDADDR_BREDR)
4965 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4966 &cp->addr.bdaddr);
4967 else
4968 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4969
4970 if (!conn || conn->state != BT_CONNECTED) {
4971 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4972 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4973 goto unlock;
4974 }
4975
4976 /* To avoid client trying to guess when to poll again for information we
4977 * calculate conn info age as random value between min/max set in hdev.
4978 */
4979 conn_info_age = hdev->conn_info_min_age +
4980 prandom_u32_max(hdev->conn_info_max_age -
4981 hdev->conn_info_min_age);
4982
4983 /* Query controller to refresh cached values if they are too old or were
4984 * never read.
4985 */
f4e2dd53
AK		 4986 if (time_after(jiffies, conn->conn_info_timestamp +
4987 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4988 !conn->conn_info_timestamp) {
4989 struct hci_request req;
4990 struct hci_cp_read_tx_power req_txp_cp;
4991 struct hci_cp_read_rssi req_rssi_cp;
4992 struct pending_cmd *cmd;
4993
4994 hci_req_init(&req, hdev);
4995 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4996 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4997 &req_rssi_cp);
4998
f7faab0c
AK		 4999 /* For LE links TX power does not change thus we don't need to
5000 * query for it once value is known.
5001 */
5002 if (!bdaddr_type_is_le(cp->addr.type) ||
5003 conn->tx_power == HCI_TX_POWER_INVALID) {
5004 req_txp_cp.handle = cpu_to_le16(conn->handle);
5005 req_txp_cp.type = 0x00;
5006 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5007 sizeof(req_txp_cp), &req_txp_cp);
5008 }
dd983808 5009
eed5daf3
AK		 5010 /* Max TX power needs to be read only once per connection */
5011 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5012 req_txp_cp.handle = cpu_to_le16(conn->handle);
5013 req_txp_cp.type = 0x01;
5014 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5015 sizeof(req_txp_cp), &req_txp_cp);
5016 }
5017
dd983808
AK		 5018 err = hci_req_run(&req, conn_info_refresh_complete);
5019 if (err < 0)
5020 goto unlock;
5021
5022 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5023 data, len);
5024 if (!cmd) {
5025 err = -ENOMEM;
5026 goto unlock;
5027 }
5028
5029 hci_conn_hold(conn);
5030 cmd->user_data = conn;
5031
5032 conn->conn_info_timestamp = jiffies;
5033 } else {
5034 /* Cache is valid, just reply with values cached in hci_conn */
5035 rp.rssi = conn->rssi;
5036 rp.tx_power = conn->tx_power;
eed5daf3 5037 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5038
5039 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5040 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5041 }
5042
5043unlock:
5044 hci_dev_unlock(hdev);
5045 return err;
5046}
5047
95868426
JH		 5048static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5049{
5050 struct mgmt_cp_get_clock_info *cp;
5051 struct mgmt_rp_get_clock_info rp;
5052 struct hci_cp_read_clock *hci_cp;
5053 struct pending_cmd *cmd;
5054 struct hci_conn *conn;
5055
5056 BT_DBG("%s status %u", hdev->name, status);
5057
5058 hci_dev_lock(hdev);
5059
5060 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5061 if (!hci_cp)
5062 goto unlock;
5063
5064 if (hci_cp->which) {
5065 u16 handle = __le16_to_cpu(hci_cp->handle);
5066 conn = hci_conn_hash_lookup_handle(hdev, handle);
5067 } else {
5068 conn = NULL;
5069 }
5070
5071 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5072 if (!cmd)
5073 goto unlock;
5074
5075 cp = cmd->param;
5076
5077 memset(&rp, 0, sizeof(rp));
5078 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5079
5080 if (status)
5081 goto send_rsp;
5082
5083 rp.local_clock = cpu_to_le32(hdev->clock);
5084
5085 if (conn) {
5086 rp.piconet_clock = cpu_to_le32(conn->clock);
5087 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5088 }
5089
5090send_rsp:
5091 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5092 &rp, sizeof(rp));
5093 mgmt_pending_remove(cmd);
5094 if (conn)
5095 hci_conn_drop(conn);
5096
5097unlock:
5098 hci_dev_unlock(hdev);
5099}
5100
5101static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5102 u16 len)
5103{
5104 struct mgmt_cp_get_clock_info *cp = data;
5105 struct mgmt_rp_get_clock_info rp;
5106 struct hci_cp_read_clock hci_cp;
5107 struct pending_cmd *cmd;
5108 struct hci_request req;
5109 struct hci_conn *conn;
5110 int err;
5111
5112 BT_DBG("%s", hdev->name);
5113
5114 memset(&rp, 0, sizeof(rp));
5115 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5116 rp.addr.type = cp->addr.type;
5117
5118 if (cp->addr.type != BDADDR_BREDR)
5119 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5120 MGMT_STATUS_INVALID_PARAMS,
5121 &rp, sizeof(rp));
5122
5123 hci_dev_lock(hdev);
5124
5125 if (!hdev_is_powered(hdev)) {
5126 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5127 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5128 goto unlock;
5129 }
5130
5131 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5132 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5133 &cp->addr.bdaddr);
5134 if (!conn || conn->state != BT_CONNECTED) {
5135 err = cmd_complete(sk, hdev->id,
5136 MGMT_OP_GET_CLOCK_INFO,
5137 MGMT_STATUS_NOT_CONNECTED,
5138 &rp, sizeof(rp));
5139 goto unlock;
5140 }
5141 } else {
5142 conn = NULL;
5143 }
5144
5145 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5146 if (!cmd) {
5147 err = -ENOMEM;
5148 goto unlock;
5149 }
5150
5151 hci_req_init(&req, hdev);
5152
5153 memset(&hci_cp, 0, sizeof(hci_cp));
5154 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5155
5156 if (conn) {
5157 hci_conn_hold(conn);
5158 cmd->user_data = conn;
5159
5160 hci_cp.handle = cpu_to_le16(conn->handle);
5161 hci_cp.which = 0x01; /* Piconet clock */
5162 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5163 }
5164
5165 err = hci_req_run(&req, get_clock_info_complete);
5166 if (err < 0)
5167 mgmt_pending_remove(cmd);
5168
5169unlock:
5170 hci_dev_unlock(hdev);
5171 return err;
5172}
5173
8afef092
MH		 5174static void device_added(struct sock *sk, struct hci_dev *hdev,
5175 bdaddr_t *bdaddr, u8 type, u8 action)
5176{
5177 struct mgmt_ev_device_added ev;
5178
5179 bacpy(&ev.addr.bdaddr, bdaddr);
5180 ev.addr.type = type;
5181 ev.action = action;
5182
5183 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5184}
5185
2faade53
MH		 5186static int add_device(struct sock *sk, struct hci_dev *hdev,
5187 void *data, u16 len)
5188{
5189 struct mgmt_cp_add_device *cp = data;
5190 u8 auto_conn, addr_type;
5191 int err;
5192
5193 BT_DBG("%s", hdev->name);
5194
5195 if (!bdaddr_type_is_le(cp->addr.type) ||
5196 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5197 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5198 MGMT_STATUS_INVALID_PARAMS,
5199 &cp->addr, sizeof(cp->addr));
5200
5201 if (cp->action != 0x00 && cp->action != 0x01)
5202 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5203 MGMT_STATUS_INVALID_PARAMS,
5204 &cp->addr, sizeof(cp->addr));
5205
5206 hci_dev_lock(hdev);
5207
5208 if (cp->addr.type == BDADDR_LE_PUBLIC)
5209 addr_type = ADDR_LE_DEV_PUBLIC;
5210 else
5211 addr_type = ADDR_LE_DEV_RANDOM;
5212
5213 if (cp->action)
5214 auto_conn = HCI_AUTO_CONN_ALWAYS;
5215 else
a3451d27 5216 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5217
bf5b3c8b
MH		 5218 /* If the connection parameters don't exist for this device,
5219 * they will be created and configured with defaults.
5220 */
d06b50ce
MH		 5221 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5222 auto_conn) < 0) {
2faade53
MH		 5223 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5224 MGMT_STATUS_FAILED,
5225 &cp->addr, sizeof(cp->addr));
5226 goto unlock;
5227 }
5228
8afef092
MH		 5229 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5230
2faade53
MH		 5231 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5232 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5233
5234unlock:
5235 hci_dev_unlock(hdev);
5236 return err;
5237}
5238
8afef092
MH		 5239static void device_removed(struct sock *sk, struct hci_dev *hdev,
5240 bdaddr_t *bdaddr, u8 type)
5241{
5242 struct mgmt_ev_device_removed ev;
5243
5244 bacpy(&ev.addr.bdaddr, bdaddr);
5245 ev.addr.type = type;
5246
5247 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5248}
5249
2faade53
MH		 5250static int remove_device(struct sock *sk, struct hci_dev *hdev,
5251 void *data, u16 len)
5252{
5253 struct mgmt_cp_remove_device *cp = data;
5254 int err;
5255
5256 BT_DBG("%s", hdev->name);
5257
5258 hci_dev_lock(hdev);
5259
5260 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5261 struct hci_conn_params *params;
2faade53
MH		 5262 u8 addr_type;
5263
5264 if (!bdaddr_type_is_le(cp->addr.type)) {
5265 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5266 MGMT_STATUS_INVALID_PARAMS,
5267 &cp->addr, sizeof(cp->addr));
5268 goto unlock;
5269 }
5270
5271 if (cp->addr.type == BDADDR_LE_PUBLIC)
5272 addr_type = ADDR_LE_DEV_PUBLIC;
5273 else
5274 addr_type = ADDR_LE_DEV_RANDOM;
5275
c71593dd
JH		 5276 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5277 addr_type);
5278 if (!params) {
5279 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5280 MGMT_STATUS_INVALID_PARAMS,
5281 &cp->addr, sizeof(cp->addr));
5282 goto unlock;
5283 }
5284
5285 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5286 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5287 MGMT_STATUS_INVALID_PARAMS,
5288 &cp->addr, sizeof(cp->addr));
5289 goto unlock;
5290 }
5291
d1dbf12e 5292 list_del(&params->action);
c71593dd
JH		 5293 list_del(&params->list);
5294 kfree(params);
95305baa 5295 hci_update_background_scan(hdev);
8afef092
MH		 5296
5297 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5298 } else {
19de0825
JH		 5299 struct hci_conn_params *p, *tmp;
5300
2faade53
MH		 5301 if (cp->addr.type) {
5302 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5303 MGMT_STATUS_INVALID_PARAMS,
5304 &cp->addr, sizeof(cp->addr));
5305 goto unlock;
5306 }
5307
19de0825
JH		 5308 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5309 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5310 continue;
5311 device_removed(sk, hdev, &p->addr, p->addr_type);
5312 list_del(&p->action);
5313 list_del(&p->list);
5314 kfree(p);
5315 }
5316
5317 BT_DBG("All LE connection parameters were removed");
5318
5319 hci_update_background_scan(hdev);
2faade53
MH		 5320 }
5321
5322 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5323 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5324
5325unlock:
5326 hci_dev_unlock(hdev);
5327 return err;
5328}
5329
a26f3dcf
JH		 5330static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5331 u16 len)
5332{
5333 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5334 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5335 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5336 u16 param_count, expected_len;
5337 int i;
5338
5339 if (!lmp_le_capable(hdev))
5340 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5341 MGMT_STATUS_NOT_SUPPORTED);
5342
5343 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5344 if (param_count > max_param_count) {
5345 BT_ERR("load_conn_param: too big param_count value %u",
5346 param_count);
5347 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5348 MGMT_STATUS_INVALID_PARAMS);
5349 }
a26f3dcf
JH		 5350
5351 expected_len = sizeof(*cp) + param_count *
5352 sizeof(struct mgmt_conn_param);
5353 if (expected_len != len) {
5354 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5355 expected_len, len);
5356 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5357 MGMT_STATUS_INVALID_PARAMS);
5358 }
5359
5360 BT_DBG("%s param_count %u", hdev->name, param_count);
5361
5362 hci_dev_lock(hdev);
5363
5364 hci_conn_params_clear_disabled(hdev);
5365
5366 for (i = 0; i < param_count; i++) {
5367 struct mgmt_conn_param *param = &cp->params[i];
5368 struct hci_conn_params *hci_param;
5369 u16 min, max, latency, timeout;
5370 u8 addr_type;
5371
5372 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5373 param->addr.type);
5374
5375 if (param->addr.type == BDADDR_LE_PUBLIC) {
5376 addr_type = ADDR_LE_DEV_PUBLIC;
5377 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5378 addr_type = ADDR_LE_DEV_RANDOM;
5379 } else {
5380 BT_ERR("Ignoring invalid connection parameters");
5381 continue;
5382 }
5383
5384 min = le16_to_cpu(param->min_interval);
5385 max = le16_to_cpu(param->max_interval);
5386 latency = le16_to_cpu(param->latency);
5387 timeout = le16_to_cpu(param->timeout);
5388
5389 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5390 min, max, latency, timeout);
5391
5392 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5393 BT_ERR("Ignoring invalid connection parameters");
5394 continue;
5395 }
5396
5397 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5398 addr_type);
5399 if (!hci_param) {
5400 BT_ERR("Failed to add connection parameters");
5401 continue;
5402 }
5403
5404 hci_param->conn_min_interval = min;
5405 hci_param->conn_max_interval = max;
5406 hci_param->conn_latency = latency;
5407 hci_param->supervision_timeout = timeout;
5408 }
5409
5410 hci_dev_unlock(hdev);
5411
5412 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5413}
5414
dbece37a
MH		 5415static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5416 void *data, u16 len)
5417{
5418 struct mgmt_cp_set_external_config *cp = data;
5419 bool changed;
5420 int err;
5421
5422 BT_DBG("%s", hdev->name);
5423
5424 if (hdev_is_powered(hdev))
5425 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5426 MGMT_STATUS_REJECTED);
5427
5428 if (cp->config != 0x00 && cp->config != 0x01)
5429 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5430 MGMT_STATUS_INVALID_PARAMS);
5431
5432 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5433 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5434 MGMT_STATUS_NOT_SUPPORTED);
5435
5436 hci_dev_lock(hdev);
5437
5438 if (cp->config)
5439 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5440 &hdev->dev_flags);
5441 else
5442 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5443 &hdev->dev_flags);
5444
5445 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5446 if (err < 0)
5447 goto unlock;
5448
5449 if (!changed)
5450 goto unlock;
5451
f4537c04
MH		 5452 err = new_options(hdev, sk);
5453
dbece37a
MH		 5454 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5455 mgmt_index_removed(hdev);
d603b76b
MH		 5456
5457 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5458 set_bit(HCI_CONFIG, &hdev->dev_flags);
5459 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5460
5461 queue_work(hdev->req_workqueue, &hdev->power_on);
5462 } else {
5ea234d3 5463 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5464 mgmt_index_added(hdev);
5465 }
dbece37a
MH		 5466 }
5467
5468unlock:
5469 hci_dev_unlock(hdev);
5470 return err;
5471}
5472
9713c17b
MH		 5473static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5474 void *data, u16 len)
5475{
5476 struct mgmt_cp_set_public_address *cp = data;
5477 bool changed;
5478 int err;
5479
5480 BT_DBG("%s", hdev->name);
5481
5482 if (hdev_is_powered(hdev))
5483 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5484 MGMT_STATUS_REJECTED);
5485
5486 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5487 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5488 MGMT_STATUS_INVALID_PARAMS);
5489
5490 if (!hdev->set_bdaddr)
5491 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5492 MGMT_STATUS_NOT_SUPPORTED);
5493
5494 hci_dev_lock(hdev);
5495
5496 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5497 bacpy(&hdev->public_addr, &cp->bdaddr);
5498
5499 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5500 if (err < 0)
5501 goto unlock;
5502
5503 if (!changed)
5504 goto unlock;
5505
5506 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5507 err = new_options(hdev, sk);
5508
5509 if (is_configured(hdev)) {
5510 mgmt_index_removed(hdev);
5511
5512 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5513
5514 set_bit(HCI_CONFIG, &hdev->dev_flags);
5515 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5516
5517 queue_work(hdev->req_workqueue, &hdev->power_on);
5518 }
5519
5520unlock:
5521 hci_dev_unlock(hdev);
5522 return err;
5523}
5524
2e3c35ea 5525static const struct mgmt_handler {
04124681
GP		 5526 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5527 u16 data_len);
be22b54e
JH		 5528 bool var_len;
5529 size_t data_len;
0f4e68cf
JH		 5530} mgmt_handlers[] = {
5531 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5532 { read_version, false, MGMT_READ_VERSION_SIZE },
5533 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5534 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5535 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5536 { set_powered, false, MGMT_SETTING_SIZE },
5537 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5538 { set_connectable, false, MGMT_SETTING_SIZE },
5539 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5540 { set_pairable, false, MGMT_SETTING_SIZE },
5541 { set_link_security, false, MGMT_SETTING_SIZE },
5542 { set_ssp, false, MGMT_SETTING_SIZE },
5543 { set_hs, false, MGMT_SETTING_SIZE },
5544 { set_le, false, MGMT_SETTING_SIZE },
5545 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5546 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5547 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5548 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5549 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5550 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5551 { disconnect, false, MGMT_DISCONNECT_SIZE },
5552 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5553 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5554 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5555 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5556 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5557 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5558 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5559 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5560 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5561 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5562 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5563 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5564 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5565 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5566 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5567 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5568 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5569 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5570 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5571 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5572 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5573 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5574 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5575 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5576 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5577 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5578 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5579 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5580 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5581 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5582 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5583 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5584 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5585 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5586 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5587 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5588 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5589};
5590
0381101f
JH		 5591int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5592{
650f726d
VCG		 5593 void *buf;
5594 u8 *cp;
0381101f 5595 struct mgmt_hdr *hdr;
4e51eae9 5596 u16 opcode, index, len;
bdb6d971 5597 struct hci_dev *hdev = NULL;
2e3c35ea 5598 const struct mgmt_handler *handler;
0381101f
JH		 5599 int err;
5600
5601 BT_DBG("got %zu bytes", msglen);
5602
5603 if (msglen < sizeof(*hdr))
5604 return -EINVAL;
5605
e63a15ec 5606 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5607 if (!buf)
5608 return -ENOMEM;
5609
5610 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5611 err = -EFAULT;
5612 goto done;
5613 }
5614
650f726d 5615 hdr = buf;
1f350c87
MH		 5616 opcode = __le16_to_cpu(hdr->opcode);
5617 index = __le16_to_cpu(hdr->index);
5618 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5619
5620 if (len != msglen - sizeof(*hdr)) {
5621 err = -EINVAL;
5622 goto done;
5623 }
5624
0f4e68cf 5625 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5626 hdev = hci_dev_get(index);
5627 if (!hdev) {
5628 err = cmd_status(sk, index, opcode,
04124681 5629 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5630 goto done;
5631 }
0736cfa8 5632
cebf4cfd 5633 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5634 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5635 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5636 err = cmd_status(sk, index, opcode,
5637 MGMT_STATUS_INVALID_INDEX);
5638 goto done;
5639 }
42a9bc14
MH		 5640
5641 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5642 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5643 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5644 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5645 err = cmd_status(sk, index, opcode,
5646 MGMT_STATUS_INVALID_INDEX);
5647 goto done;
5648 }
bdb6d971
JH		 5649 }
5650
0f4e68cf 5651 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5652 mgmt_handlers[opcode].func == NULL) {
0381101f 5653 BT_DBG("Unknown op %u", opcode);
ca69b795 5654 err = cmd_status(sk, index, opcode,
04124681 5655 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5656 goto done;
5657 }
5658
73d1df2a
MH		 5659 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5660 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5661 err = cmd_status(sk, index, opcode,
5662 MGMT_STATUS_INVALID_INDEX);
5663 goto done;
5664 }
5665
5666 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5667 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5668 err = cmd_status(sk, index, opcode,
04124681 5669 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5670 goto done;
0381101f
JH		 5671 }
5672
be22b54e
JH		 5673 handler = &mgmt_handlers[opcode];
5674
5675 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5676 (!handler->var_len && len != handler->data_len)) {
be22b54e 5677 err = cmd_status(sk, index, opcode,
04124681 5678 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5679 goto done;
5680 }
5681
0f4e68cf
JH		 5682 if (hdev)
5683 mgmt_init_hdev(sk, hdev);
5684
5685 cp = buf + sizeof(*hdr);
5686
be22b54e 5687 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5688 if (err < 0)
5689 goto done;
5690
0381101f
JH		 5691 err = msglen;
5692
5693done:
bdb6d971
JH		 5694 if (hdev)
5695 hci_dev_put(hdev);
5696
0381101f
JH		 5697 kfree(buf);
5698 return err;
5699}
c71e97bf 5700
bf6b56db 5701void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5702{
1514b892 5703 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5704 return;
bb4b2a9a 5705
0602a8ad
MH		 5706 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5707 return;
5708
5709 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5710 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5711 else
5712 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5713}
5714
bf6b56db 5715void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5716{
5f159032 5717 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5718
1514b892 5719 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5720 return;
bb4b2a9a 5721
0602a8ad
MH		 5722 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5723 return;
5724
744cf19e 5725 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5726
edd3896b
MH		 5727 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5728 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5729 else
5730 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5731}
5732
6046dc3e 5733/* This function requires the caller holds hdev->lock */
d7347f3c 5734static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5735{
5736 struct hci_conn_params *p;
5737
5738 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5739 /* Needed for AUTO_OFF case where might not "really"
5740 * have been powered off.
5741 */
5742 list_del_init(&p->action);
5743
5744 switch (p->auto_connect) {
5745 case HCI_AUTO_CONN_ALWAYS:
5746 list_add(&p->action, &hdev->pend_le_conns);
5747 break;
5748 case HCI_AUTO_CONN_REPORT:
5749 list_add(&p->action, &hdev->pend_le_reports);
5750 break;
5751 default:
5752 break;
c83ed19d 5753 }
6046dc3e 5754 }
c83ed19d 5755
c83ed19d 5756 hci_update_background_scan(hdev);
6046dc3e
AG		 5757}
5758
229ab39c
JH		 5759static void powered_complete(struct hci_dev *hdev, u8 status)
5760{
5761 struct cmd_lookup match = { NULL, hdev };
5762
5763 BT_DBG("status 0x%02x", status);
5764
5765 hci_dev_lock(hdev);
5766
d7347f3c 5767 restart_le_actions(hdev);
6046dc3e 5768
229ab39c
JH		 5769 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5770
5771 new_settings(hdev, match.sk);
5772
5773 hci_dev_unlock(hdev);
5774
5775 if (match.sk)
5776 sock_put(match.sk);
5777}
5778
70da6243 5779static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5780{
890ea898 5781 struct hci_request req;
70da6243 5782 u8 link_sec;
5add6af8 5783
890ea898
JH		 5784 hci_req_init(&req, hdev);
5785
70da6243
JH		 5786 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5787 !lmp_host_ssp_capable(hdev)) {
5788 u8 ssp = 1;
5e5282bb 5789
890ea898 5790 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5791 }
5add6af8 5792
c73eee91
JH		 5793 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5794 lmp_bredr_capable(hdev)) {
70da6243 5795 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5796
70da6243
JH		 5797 cp.le = 1;
5798 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5799
70da6243
JH		 5800 /* Check first if we already have the right
5801 * host state (host features set)
5802 */
5803 if (cp.le != lmp_host_le_capable(hdev) ||
5804 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5805 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5806 sizeof(cp), &cp);
70da6243 5807 }
3d1cbdd6 5808
d13eafce 5809 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5810 /* Make sure the controller has a good default for
5811 * advertising data. This also applies to the case
5812 * where BR/EDR was toggled during the AUTO_OFF phase.
5813 */
f14d8f64 5814 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5815 update_adv_data(&req);
f14d8f64
MH		 5816 update_scan_rsp_data(&req);
5817 }
441ad2d0 5818
bba3aa55
MH		 5819 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5820 enable_advertising(&req);
eeca6f89
JH		 5821 }
5822
70da6243
JH		 5823 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5824 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5825 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5826 sizeof(link_sec), &link_sec);
562fcc24 5827
70da6243 5828 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5829 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5830 set_bredr_scan(&req);
890ea898 5831 update_class(&req);
13928971 5832 update_name(&req);
890ea898 5833 update_eir(&req);
70da6243 5834 }
562fcc24 5835
229ab39c 5836 return hci_req_run(&req, powered_complete);
70da6243 5837}
562fcc24 5838
70da6243
JH		 5839int mgmt_powered(struct hci_dev *hdev, u8 powered)
5840{
5841 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5842 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5843 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5844 int err;
f0ff92fb 5845
70da6243
JH		 5846 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5847 return 0;
5848
70da6243 5849 if (powered) {
229ab39c
JH		 5850 if (powered_update_hci(hdev) == 0)
5851 return 0;
fe038884 5852
229ab39c
JH		 5853 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5854 &match);
5855 goto new_settings;
b24752fe
JH		 5856 }
5857
229ab39c
JH		 5858 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5859 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5860
5861 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5862 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5863 zero_cod, sizeof(zero_cod), NULL);
5864
5865new_settings:
beadb2bd 5866 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5867
5868 if (match.sk)
5869 sock_put(match.sk);
5870
7bb895d6 5871 return err;
5add6af8 5872}
73f22f62 5873
3eec705e 5874void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5875{
5876 struct pending_cmd *cmd;
5877 u8 status;
5878
5879 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5880 if (!cmd)
3eec705e 5881 return;
96570ffc
JH		 5882
5883 if (err == -ERFKILL)
5884 status = MGMT_STATUS_RFKILLED;
5885 else
5886 status = MGMT_STATUS_FAILED;
5887
3eec705e 5888 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5889
5890 mgmt_pending_remove(cmd);
96570ffc
JH		 5891}
5892
d1967ff8
MH		 5893void mgmt_discoverable_timeout(struct hci_dev *hdev)
5894{
5895 struct hci_request req;
d1967ff8
MH		 5896
5897 hci_dev_lock(hdev);
5898
5899 /* When discoverable timeout triggers, then just make sure
5900 * the limited discoverable flag is cleared. Even in the case
5901 * of a timeout triggered from general discoverable, it is
5902 * safe to unconditionally clear the flag.
5903 */
5904 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5905 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5906
5907 hci_req_init(&req, hdev);
4b580614
JH		 5908 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5909 u8 scan = SCAN_PAGE;
5910 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5911 sizeof(scan), &scan);
5912 }
d1967ff8 5913 update_class(&req);
9a43e25f 5914 update_adv_data(&req);
d1967ff8
MH		 5915 hci_req_run(&req, NULL);
5916
5917 hdev->discov_timeout = 0;
5918
9a43e25f
JH		 5919 new_settings(hdev, NULL);
5920
d1967ff8
MH		 5921 hci_dev_unlock(hdev);
5922}
5923
86a75645 5924void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5925{
86a75645 5926 bool changed;
73f22f62 5927
bfaf8c9f
JH		 5928 /* Nothing needed here if there's a pending command since that
5929 * commands request completion callback takes care of everything
5930 * necessary.
5931 */
5932 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5933 return;
bfaf8c9f 5934
bd107999
JH		 5935 /* Powering off may clear the scan mode - don't let that interfere */
5936 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5937 return;
5938
9a43e25f 5939 if (discoverable) {
86a75645 5940 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5941 } else {
5942 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5943 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5944 }
5945
5946 if (changed) {
5947 struct hci_request req;
5948
5949 /* In case this change in discoverable was triggered by
5950 * a disabling of connectable there could be a need to
5951 * update the advertising flags.
5952 */
5953 hci_req_init(&req, hdev);
5954 update_adv_data(&req);
5955 hci_req_run(&req, NULL);
73f22f62 5956
86a75645 5957 new_settings(hdev, NULL);
9a43e25f 5958 }
73f22f62 5959}
9fbcbb45 5960
a330916c 5961void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5962{
a330916c 5963 bool changed;
9fbcbb45 5964
d7b856f9
JH		 5965 /* Nothing needed here if there's a pending command since that
5966 * commands request completion callback takes care of everything
5967 * necessary.
5968 */
5969 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5970 return;
d7b856f9 5971
ce3f24cf
JH		 5972 /* Powering off may clear the scan mode - don't let that interfere */
5973 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5974 return;
5975
a330916c
MH		 5976 if (connectable)
5977 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5978 else
5979 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5980
beadb2bd 5981 if (changed)
a330916c 5982 new_settings(hdev, NULL);
9fbcbb45 5983}
55ed8ca1 5984
4796e8af 5985void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5986{
ca69b795
JH		 5987 u8 mgmt_err = mgmt_status(status);
5988
2d7cee58 5989 if (scan & SCAN_PAGE)
744cf19e 5990 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5991 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5992
5993 if (scan & SCAN_INQUIRY)
744cf19e 5994 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5995 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5996}
5997
dc4a5ee2
MH		 5998void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5999 bool persistent)
55ed8ca1 6000{
86742e1e 6001 struct mgmt_ev_new_link_key ev;
55ed8ca1 6002
a492cd52 6003 memset(&ev, 0, sizeof(ev));
55ed8ca1 6004
a492cd52 6005 ev.store_hint = persistent;
d753fdc4 6006 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6007 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6008 ev.key.type = key->type;
9b3b4460 6009 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6010 ev.key.pin_len = key->pin_len;
55ed8ca1 6011
dc4a5ee2 6012 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6013}
f7520543 6014
d7b25450
JH		 6015static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6016{
6017 if (ltk->authenticated)
6018 return MGMT_LTK_AUTHENTICATED;
6019
6020 return MGMT_LTK_UNAUTHENTICATED;
6021}
6022
53ac6ab6 6023void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6024{
6025 struct mgmt_ev_new_long_term_key ev;
6026
6027 memset(&ev, 0, sizeof(ev));
6028
5192d301
MH		 6029 /* Devices using resolvable or non-resolvable random addresses
6030 * without providing an indentity resolving key don't require
6031 * to store long term keys. Their addresses will change the
6032 * next time around.
6033 *
6034 * Only when a remote device provides an identity address
6035 * make sure the long term key is stored. If the remote
6036 * identity is known, the long term keys are internally
6037 * mapped to the identity address. So allow static random
6038 * and public addresses here.
6039 */
ba74b666
JH		 6040 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6041 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6042 ev.store_hint = 0x00;
6043 else
53ac6ab6 6044 ev.store_hint = persistent;
ba74b666 6045
346af67b 6046 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6047 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6048 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6049 ev.key.enc_size = key->enc_size;
6050 ev.key.ediv = key->ediv;
fe39c7b2 6051 ev.key.rand = key->rand;
346af67b 6052
2ceba539 6053 if (key->type == SMP_LTK)
346af67b
VCG		 6054 ev.key.master = 1;
6055
346af67b
VCG		 6056 memcpy(ev.key.val, key->val, sizeof(key->val));
6057
083368f7 6058 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6059}
6060
95fbac8a
JH		 6061void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6062{
6063 struct mgmt_ev_new_irk ev;
6064
6065 memset(&ev, 0, sizeof(ev));
6066
bab6d1e5
MH		 6067 /* For identity resolving keys from devices that are already
6068 * using a public address or static random address, do not
6069 * ask for storing this key. The identity resolving key really
6070 * is only mandatory for devices using resovlable random
6071 * addresses.
6072 *
6073 * Storing all identity resolving keys has the downside that
6074 * they will be also loaded on next boot of they system. More
6075 * identity resolving keys, means more time during scanning is
6076 * needed to actually resolve these addresses.
6077 */
6078 if (bacmp(&irk->rpa, BDADDR_ANY))
6079 ev.store_hint = 0x01;
6080 else
6081 ev.store_hint = 0x00;
6082
95fbac8a
JH		 6083 bacpy(&ev.rpa, &irk->rpa);
6084 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6085 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6086 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6087
6088 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6089}
6090
53ac6ab6
MH		 6091void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6092 bool persistent)
7ee4ea36
MH		 6093{
6094 struct mgmt_ev_new_csrk ev;
6095
6096 memset(&ev, 0, sizeof(ev));
6097
6098 /* Devices using resolvable or non-resolvable random addresses
6099 * without providing an indentity resolving key don't require
6100 * to store signature resolving keys. Their addresses will change
6101 * the next time around.
6102 *
6103 * Only when a remote device provides an identity address
6104 * make sure the signature resolving key is stored. So allow
6105 * static random and public addresses here.
6106 */
6107 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6108 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6109 ev.store_hint = 0x00;
6110 else
53ac6ab6 6111 ev.store_hint = persistent;
7ee4ea36
MH		 6112
6113 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6114 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6115 ev.key.master = csrk->master;
6116 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6117
6118 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6119}
6120
ffb5a827 6121void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6122 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6123 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6124{
6125 struct mgmt_ev_new_conn_param ev;
6126
c103aea6
JH		 6127 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6128 return;
6129
ffb5a827
AG		 6130 memset(&ev, 0, sizeof(ev));
6131 bacpy(&ev.addr.bdaddr, bdaddr);
6132 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6133 ev.store_hint = store_hint;
ffb5a827
AG		 6134 ev.min_interval = cpu_to_le16(min_interval);
6135 ev.max_interval = cpu_to_le16(max_interval);
6136 ev.latency = cpu_to_le16(latency);
6137 ev.timeout = cpu_to_le16(timeout);
6138
6139 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6140}
6141
94933991
MH		 6142static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6143 u8 data_len)
6144{
6145 eir[eir_len++] = sizeof(type) + data_len;
6146 eir[eir_len++] = type;
6147 memcpy(&eir[eir_len], data, data_len);
6148 eir_len += data_len;
6149
6150 return eir_len;
6151}
6152
ecd90ae7
MH		 6153void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6154 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6155 u8 *dev_class)
f7520543 6156{
b644ba33
JH		 6157 char buf[512];
6158 struct mgmt_ev_device_connected *ev = (void *) buf;
6159 u16 eir_len = 0;
f7520543 6160
b644ba33 6161 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6162 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6163
c95f0ba7 6164 ev->flags = __cpu_to_le32(flags);
08c79b61 6165
b644ba33
JH		 6166 if (name_len > 0)
6167 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6168 name, name_len);
b644ba33
JH		 6169
6170 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6171 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6172 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6173
eb55ef07 6174 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6175
ecd90ae7
MH		 6176 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6177 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6178}
6179
8962ee74
JH		 6180static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6181{
c68fb7ff 6182 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6183 struct sock **sk = data;
a38528f1 6184 struct mgmt_rp_disconnect rp;
8962ee74 6185
88c3df13
JH		 6186 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6187 rp.addr.type = cp->addr.type;
8962ee74 6188
aee9b218 6189 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6190 sizeof(rp));
8962ee74
JH		 6191
6192 *sk = cmd->sk;
6193 sock_hold(*sk);
6194
a664b5bc 6195 mgmt_pending_remove(cmd);
8962ee74
JH		 6196}
6197
124f6e35 6198static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6199{
b1078ad0 6200 struct hci_dev *hdev = data;
124f6e35
JH		 6201 struct mgmt_cp_unpair_device *cp = cmd->param;
6202 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6203
6204 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6205 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6206 rp.addr.type = cp->addr.type;
a8a1d19e 6207
b1078ad0
JH		 6208 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6209
aee9b218 6210 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6211
6212 mgmt_pending_remove(cmd);
6213}
6214
9b80ec5e 6215void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6216 u8 link_type, u8 addr_type, u8 reason,
6217 bool mgmt_connected)
f7520543 6218{
f0d6a0ea 6219 struct mgmt_ev_device_disconnected ev;
8b064a3a 6220 struct pending_cmd *power_off;
8962ee74 6221 struct sock *sk = NULL;
8962ee74 6222
8b064a3a
JH		 6223 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6224 if (power_off) {
6225 struct mgmt_mode *cp = power_off->param;
6226
6227 /* The connection is still in hci_conn_hash so test for 1
6228 * instead of 0 to know if this is the last one.
6229 */
a3172b7e
JH		 6230 if (!cp->val && hci_conn_count(hdev) == 1) {
6231 cancel_delayed_work(&hdev->power_off);
8b064a3a 6232 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6233 }
8b064a3a
JH		 6234 }
6235
12d4a3b2
JH		 6236 if (!mgmt_connected)
6237 return;
6238
57eb776f
AG		 6239 if (link_type != ACL_LINK && link_type != LE_LINK)
6240 return;
6241
744cf19e 6242 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6243
f0d6a0ea
MA		 6244 bacpy(&ev.addr.bdaddr, bdaddr);
6245 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6246 ev.reason = reason;
f7520543 6247
9b80ec5e 6248 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6249
6250 if (sk)
d97dcb66 6251 sock_put(sk);
8962ee74 6252
124f6e35 6253 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6254 hdev);
8962ee74
JH		 6255}
6256
7892924c
MH		 6257void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6258 u8 link_type, u8 addr_type, u8 status)
8962ee74 6259{
3655bba8
AG		 6260 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6261 struct mgmt_cp_disconnect *cp;
88c3df13 6262 struct mgmt_rp_disconnect rp;
8962ee74 6263 struct pending_cmd *cmd;
8962ee74 6264
36a75f1b
JD		 6265 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6266 hdev);
6267
2e58ef3e 6268 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6269 if (!cmd)
7892924c 6270 return;
8962ee74 6271
3655bba8
AG		 6272 cp = cmd->param;
6273
6274 if (bacmp(bdaddr, &cp->addr.bdaddr))
6275 return;
6276
6277 if (cp->addr.type != bdaddr_type)
6278 return;
6279
88c3df13 6280 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6281 rp.addr.type = bdaddr_type;
37d9ef76 6282
7892924c
MH		 6283 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6284 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6285
a664b5bc 6286 mgmt_pending_remove(cmd);
f7520543 6287}
17d5c04c 6288
445608d0
MH		 6289void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6290 u8 addr_type, u8 status)
17d5c04c
JH		 6291{
6292 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6293 struct pending_cmd *power_off;
6294
6295 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6296 if (power_off) {
6297 struct mgmt_mode *cp = power_off->param;
6298
6299 /* The connection is still in hci_conn_hash so test for 1
6300 * instead of 0 to know if this is the last one.
6301 */
a3172b7e
JH		 6302 if (!cp->val && hci_conn_count(hdev) == 1) {
6303 cancel_delayed_work(&hdev->power_off);
c9910d0f 6304 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6305 }
c9910d0f 6306 }
17d5c04c 6307
4c659c39 6308 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6309 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6310 ev.status = mgmt_status(status);
17d5c04c 6311
445608d0 6312 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6313}
980e1a53 6314
ce0e4a0d 6315void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6316{
6317 struct mgmt_ev_pin_code_request ev;
6318
d8457698 6319 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6320 ev.addr.type = BDADDR_BREDR;
a770bb5a 6321 ev.secure = secure;
980e1a53 6322
ce0e4a0d 6323 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6324}
6325
e669cf80
MH		 6326void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6327 u8 status)
980e1a53
JH		 6328{
6329 struct pending_cmd *cmd;
ac56fb13 6330 struct mgmt_rp_pin_code_reply rp;
980e1a53 6331
2e58ef3e 6332 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6333 if (!cmd)
e669cf80 6334 return;
980e1a53 6335
d8457698 6336 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6337 rp.addr.type = BDADDR_BREDR;
ac56fb13 6338
e669cf80
MH		 6339 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6340 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6341
a664b5bc 6342 mgmt_pending_remove(cmd);
980e1a53
JH		 6343}
6344
3eb38528
MH		 6345void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6346 u8 status)
980e1a53
JH		 6347{
6348 struct pending_cmd *cmd;
ac56fb13 6349 struct mgmt_rp_pin_code_reply rp;
980e1a53 6350
2e58ef3e 6351 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6352 if (!cmd)
3eb38528 6353 return;
980e1a53 6354
d8457698 6355 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6356 rp.addr.type = BDADDR_BREDR;
ac56fb13 6357
3eb38528
MH		 6358 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6359 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6360
a664b5bc 6361 mgmt_pending_remove(cmd);
980e1a53 6362}
a5c29683 6363
744cf19e 6364int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6365 u8 link_type, u8 addr_type, u32 value,
04124681 6366 u8 confirm_hint)
a5c29683
JH		 6367{
6368 struct mgmt_ev_user_confirm_request ev;
6369
744cf19e 6370 BT_DBG("%s", hdev->name);
a5c29683 6371
272d90df 6372 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6373 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6374 ev.confirm_hint = confirm_hint;
39adbffe 6375 ev.value = cpu_to_le32(value);
a5c29683 6376
744cf19e 6377 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6378 NULL);
a5c29683
JH		 6379}
6380
272d90df 6381int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6382 u8 link_type, u8 addr_type)
604086b7
BG		 6383{
6384 struct mgmt_ev_user_passkey_request ev;
6385
6386 BT_DBG("%s", hdev->name);
6387
272d90df 6388 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6389 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6390
6391 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6392 NULL);
604086b7
BG		 6393}
6394
0df4c185 6395static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6396 u8 link_type, u8 addr_type, u8 status,
6397 u8 opcode)
a5c29683
JH		 6398{
6399 struct pending_cmd *cmd;
6400 struct mgmt_rp_user_confirm_reply rp;
6401 int err;
6402
2e58ef3e 6403 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6404 if (!cmd)
6405 return -ENOENT;
6406
272d90df 6407 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6408 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6409 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6410 &rp, sizeof(rp));
a5c29683 6411
a664b5bc 6412 mgmt_pending_remove(cmd);
a5c29683
JH		 6413
6414 return err;
6415}
6416
744cf19e 6417int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6418 u8 link_type, u8 addr_type, u8 status)
a5c29683 6419{
272d90df 6420 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6421 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6422}
6423
272d90df 6424int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6425 u8 link_type, u8 addr_type, u8 status)
a5c29683 6426{
272d90df 6427 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6428 status,
6429 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6430}
2a611692 6431
604086b7 6432int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6433 u8 link_type, u8 addr_type, u8 status)
604086b7 6434{
272d90df 6435 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6436 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6437}
6438
272d90df 6439int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6440 u8 link_type, u8 addr_type, u8 status)
604086b7 6441{
272d90df 6442 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6443 status,
6444 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6445}
6446
92a25256
JH		 6447int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6448 u8 link_type, u8 addr_type, u32 passkey,
6449 u8 entered)
6450{
6451 struct mgmt_ev_passkey_notify ev;
6452
6453 BT_DBG("%s", hdev->name);
6454
6455 bacpy(&ev.addr.bdaddr, bdaddr);
6456 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6457 ev.passkey = __cpu_to_le32(passkey);
6458 ev.entered = entered;
6459
6460 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6461}
6462
e546099c
MH		 6463void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6464 u8 addr_type, u8 status)
2a611692
JH		 6465{
6466 struct mgmt_ev_auth_failed ev;
6467
bab73cb6 6468 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6469 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6470 ev.status = mgmt_status(status);
2a611692 6471
e546099c 6472 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6473}
b312b161 6474
464996ae 6475void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6476{
6477 struct cmd_lookup match = { NULL, hdev };
464996ae 6478 bool changed;
33ef95ed
JH		 6479
6480 if (status) {
6481 u8 mgmt_err = mgmt_status(status);
6482 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6483 cmd_status_rsp, &mgmt_err);
464996ae 6484 return;
33ef95ed
JH		 6485 }
6486
464996ae
MH		 6487 if (test_bit(HCI_AUTH, &hdev->flags))
6488 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6489 &hdev->dev_flags);
6490 else
6491 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6492 &hdev->dev_flags);
47990ea0 6493
33ef95ed 6494 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6495 &match);
33ef95ed 6496
47990ea0 6497 if (changed)
464996ae 6498 new_settings(hdev, match.sk);
33ef95ed
JH		 6499
6500 if (match.sk)
6501 sock_put(match.sk);
33ef95ed
JH		 6502}
6503
890ea898 6504static void clear_eir(struct hci_request *req)
cacaf52f 6505{
890ea898 6506 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6507 struct hci_cp_write_eir cp;
6508
976eb20e 6509 if (!lmp_ext_inq_capable(hdev))
890ea898 6510 return;
cacaf52f 6511
c80da27e
JH		 6512 memset(hdev->eir, 0, sizeof(hdev->eir));
6513
cacaf52f
JH		 6514 memset(&cp, 0, sizeof(cp));
6515
890ea898 6516 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6517}
6518
3e248560 6519void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6520{
6521 struct cmd_lookup match = { NULL, hdev };
890ea898 6522 struct hci_request req;
c0ecddc2 6523 bool changed = false;
ed2c4ee3
JH		 6524
6525 if (status) {
6526 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6527
6528 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6529 &hdev->dev_flags)) {
6530 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6531 new_settings(hdev, NULL);
9ecb3e24 6532 }
c0ecddc2 6533
04124681
GP		 6534 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6535 &mgmt_err);
3e248560 6536 return;
c0ecddc2
JH		 6537 }
6538
6539 if (enable) {
9ecb3e24 6540 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6541 } else {
9ecb3e24
MH		 6542 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6543 if (!changed)
6544 changed = test_and_clear_bit(HCI_HS_ENABLED,
6545 &hdev->dev_flags);
6546 else
6547 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6548 }
6549
6550 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6551
c0ecddc2 6552 if (changed)
3e248560 6553 new_settings(hdev, match.sk);
ed2c4ee3 6554
5fc6ebb1 6555 if (match.sk)
ed2c4ee3
JH		 6556 sock_put(match.sk);
6557
890ea898
JH		 6558 hci_req_init(&req, hdev);
6559
3769972b
JH		 6560 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6561 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6562 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6563 sizeof(enable), &enable);
890ea898 6564 update_eir(&req);
3769972b 6565 } else {
890ea898 6566 clear_eir(&req);
3769972b 6567 }
890ea898
JH		 6568
6569 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6570}
6571
eac83dc6
MH		 6572void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6573{
6574 struct cmd_lookup match = { NULL, hdev };
6575 bool changed = false;
6576
6577 if (status) {
6578 u8 mgmt_err = mgmt_status(status);
6579
0ab04a9c
MH		 6580 if (enable) {
6581 if (test_and_clear_bit(HCI_SC_ENABLED,
6582 &hdev->dev_flags))
6583 new_settings(hdev, NULL);
6584 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6585 }
eac83dc6
MH		 6586
6587 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6588 cmd_status_rsp, &mgmt_err);
6589 return;
6590 }
6591
0ab04a9c 6592 if (enable) {
eac83dc6 6593 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6594 } else {
eac83dc6 6595 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6596 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6597 }
eac83dc6
MH		 6598
6599 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6600 settings_rsp, &match);
6601
6602 if (changed)
6603 new_settings(hdev, match.sk);
6604
6605 if (match.sk)
6606 sock_put(match.sk);
6607}
6608
92da6097 6609static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6610{
6611 struct cmd_lookup *match = data;
6612
90e70454
JH		 6613 if (match->sk == NULL) {
6614 match->sk = cmd->sk;
6615 sock_hold(match->sk);
6616 }
90e70454
JH		 6617}
6618
4e1b0245
MH		 6619void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6620 u8 status)
7f9a903c 6621{
90e70454 6622 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6623
92da6097
JH		 6624 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6625 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6626 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6627
6628 if (!status)
4e1b0245
MH		 6629 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6630 NULL);
90e70454
JH		 6631
6632 if (match.sk)
6633 sock_put(match.sk);
7f9a903c
MH		 6634}
6635
7667da34 6636void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6637{
b312b161 6638 struct mgmt_cp_set_local_name ev;
13928971 6639 struct pending_cmd *cmd;
28cc7bde 6640
13928971 6641 if (status)
7667da34 6642 return;
b312b161
JH		 6643
6644 memset(&ev, 0, sizeof(ev));
6645 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6646 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6647
2e58ef3e 6648 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6649 if (!cmd) {
6650 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6651
13928971
JH		 6652 /* If this is a HCI command related to powering on the
6653 * HCI dev don't send any mgmt signals.
6654 */
6655 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6656 return;
890ea898 6657 }
b312b161 6658
7667da34
MH		 6659 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6660 cmd ? cmd->sk : NULL);
b312b161 6661}
c35938b2 6662
4d2d2796
MH		 6663void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6664 u8 *randomizer192, u8 *hash256,
6665 u8 *randomizer256, u8 status)
c35938b2
SJ		 6666{
6667 struct pending_cmd *cmd;
c35938b2 6668
744cf19e 6669 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6670
2e58ef3e 6671 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6672 if (!cmd)
3edaf092 6673 return;
c35938b2
SJ		 6674
6675 if (status) {
3edaf092
MH		 6676 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6677 mgmt_status(status));
c35938b2 6678 } else {
4d2d2796
MH		 6679 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6680 hash256 && randomizer256) {
6681 struct mgmt_rp_read_local_oob_ext_data rp;
6682
6683 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6684 memcpy(rp.randomizer192, randomizer192,
6685 sizeof(rp.randomizer192));
c35938b2 6686
4d2d2796
MH		 6687 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6688 memcpy(rp.randomizer256, randomizer256,
6689 sizeof(rp.randomizer256));
c35938b2 6690
4d2d2796
MH		 6691 cmd_complete(cmd->sk, hdev->id,
6692 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6693 &rp, sizeof(rp));
6694 } else {
6695 struct mgmt_rp_read_local_oob_data rp;
6696
6697 memcpy(rp.hash, hash192, sizeof(rp.hash));
6698 memcpy(rp.randomizer, randomizer192,
6699 sizeof(rp.randomizer));
6700
6701 cmd_complete(cmd->sk, hdev->id,
6702 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6703 &rp, sizeof(rp));
6704 }
c35938b2
SJ		 6705 }
6706
6707 mgmt_pending_remove(cmd);
c35938b2 6708}
e17acd40 6709
901801b9 6710void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6711 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6712 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6713{
e319d2e7
JH		 6714 char buf[512];
6715 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6716 size_t ev_size;
e17acd40 6717
75ce208c
JH		 6718 /* Don't send events for a non-kernel initiated discovery. With
6719 * LE one exception is if we have pend_le_reports > 0 in which
6720 * case we're doing passive scanning and want these events.
6721 */
6722 if (!hci_discovery_active(hdev)) {
6723 if (link_type == ACL_LINK)
6724 return;
66f8455a 6725 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6726 return;
6727 }
12602d0c 6728
5d2e9fad
JH		 6729 /* Make sure that the buffer is big enough. The 5 extra bytes
6730 * are for the potential CoD field.
6731 */
6732 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6733 return;
7d262f86 6734
1dc06093
JH		 6735 memset(buf, 0, sizeof(buf));
6736
841c5644
JH		 6737 bacpy(&ev->addr.bdaddr, bdaddr);
6738 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6739 ev->rssi = rssi;
af58925c 6740 ev->flags = cpu_to_le32(flags);
e17acd40 6741
1dc06093 6742 if (eir_len > 0)
e319d2e7 6743 memcpy(ev->eir, eir, eir_len);
e17acd40 6744
1dc06093
JH		 6745 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6746 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6747 dev_class, 3);
1dc06093 6748
5d2e9fad
JH		 6749 if (scan_rsp_len > 0)
6750 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6751
6752 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6753 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6754
901801b9 6755 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6756}
a88a9652 6757
9cf12aee
MH		 6758void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6759 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6760{
b644ba33
JH		 6761 struct mgmt_ev_device_found *ev;
6762 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6763 u16 eir_len;
a88a9652 6764
b644ba33 6765 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6766
b644ba33
JH		 6767 memset(buf, 0, sizeof(buf));
6768
6769 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6770 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6771 ev->rssi = rssi;
6772
6773 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6774 name_len);
b644ba33 6775
eb55ef07 6776 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6777
9cf12aee 6778 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6779}
314b2381 6780
2f1e063b 6781void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6782{
f963e8e9 6783 struct mgmt_ev_discovering ev;
164a6e78
JH		 6784 struct pending_cmd *cmd;
6785
343fb145
AG		 6786 BT_DBG("%s discovering %u", hdev->name, discovering);
6787
164a6e78 6788 if (discovering)
2e58ef3e 6789 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6790 else
2e58ef3e 6791 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6792
6793 if (cmd != NULL) {
f808e166
JH		 6794 u8 type = hdev->discovery.type;
6795
04124681
GP		 6796 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6797 sizeof(type));
164a6e78
JH		 6798 mgmt_pending_remove(cmd);
6799 }
6800
f963e8e9
JH		 6801 memset(&ev, 0, sizeof(ev));
6802 ev.type = hdev->discovery.type;
6803 ev.discovering = discovering;
6804
2f1e063b 6805 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6806}
5e762444 6807
5976e608
MH		 6808static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6809{
6810 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 6811}
6812
6813void mgmt_reenable_advertising(struct hci_dev *hdev)
6814{
6815 struct hci_request req;
6816
5976e608
MH		 6817 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6818 return;
6819
6820 hci_req_init(&req, hdev);
6821 enable_advertising(&req);
0ec5ae84 6822 hci_req_run(&req, adv_enable_complete);
5976e608 6823}
Linux kernel - Deliverables
This page took 1.697454 seconds and 5 git commands to generate.