projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add USB device 04ca:3010 as Atheros AR3012
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
854bda19 38#define MGMT_REVISION 8
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 47 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 96 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 97};
98
99static const u16 mgmt_events[] = {
100 MGMT_EV_CONTROLLER_ERROR,
101 MGMT_EV_INDEX_ADDED,
102 MGMT_EV_INDEX_REMOVED,
103 MGMT_EV_NEW_SETTINGS,
104 MGMT_EV_CLASS_OF_DEV_CHANGED,
105 MGMT_EV_LOCAL_NAME_CHANGED,
106 MGMT_EV_NEW_LINK_KEY,
107 MGMT_EV_NEW_LONG_TERM_KEY,
108 MGMT_EV_DEVICE_CONNECTED,
109 MGMT_EV_DEVICE_DISCONNECTED,
110 MGMT_EV_CONNECT_FAILED,
111 MGMT_EV_PIN_CODE_REQUEST,
112 MGMT_EV_USER_CONFIRM_REQUEST,
113 MGMT_EV_USER_PASSKEY_REQUEST,
114 MGMT_EV_AUTH_FAILED,
115 MGMT_EV_DEVICE_FOUND,
116 MGMT_EV_DISCOVERING,
117 MGMT_EV_DEVICE_BLOCKED,
118 MGMT_EV_DEVICE_UNBLOCKED,
119 MGMT_EV_DEVICE_UNPAIRED,
92a25256 120 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 121 MGMT_EV_NEW_IRK,
7ee4ea36 122 MGMT_EV_NEW_CSRK,
8afef092
MH		 123 MGMT_EV_DEVICE_ADDED,
124 MGMT_EV_DEVICE_REMOVED,
ffb5a827 125 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 126 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 127 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 128 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 129};
130
17b02e62 131#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 132
eec8d2bc
JH		 133struct pending_cmd {
134 struct list_head list;
fc2f4b13 135 u16 opcode;
eec8d2bc 136 int index;
c68fb7ff 137 void *param;
323b0b88 138 size_t param_len;
eec8d2bc 139 struct sock *sk;
e9a416b5 140 void *user_data;
1b9b5ee5 141 void (*cmd_complete)(struct pending_cmd *cmd, u8 status);
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
b2939475 556 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 558 settings |= MGMT_SETTING_CONNECTABLE;
559 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 560
ed3fa31f 561 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 562 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
563 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
a3209694 580 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 581 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 582 }
69ab39ea 583
eb1904f4
MH		 584 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
585 hdev->set_bdaddr)
9fc3bfb6
MH		 586 settings |= MGMT_SETTING_CONFIGURATION;
587
69ab39ea
JH		 588 return settings;
589}
590
591static u32 get_current_settings(struct hci_dev *hdev)
592{
593 u32 settings = 0;
594
f1f0eb02 595 if (hdev_is_powered(hdev))
f0d4b78a
MH		 596 settings |= MGMT_SETTING_POWERED;
597
5e5282bb 598 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 599 settings |= MGMT_SETTING_CONNECTABLE;
600
1a4d3c4b
JH		 601 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
602 settings |= MGMT_SETTING_FAST_CONNECTABLE;
603
5e5282bb 604 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 605 settings |= MGMT_SETTING_DISCOVERABLE;
606
b6ae8457 607 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 608 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 609
56f87901 610 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 611 settings |= MGMT_SETTING_BREDR;
612
06199cf8 613 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 614 settings |= MGMT_SETTING_LE;
615
47990ea0 616 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 617 settings |= MGMT_SETTING_LINK_SECURITY;
618
84bde9d6 619 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 620 settings |= MGMT_SETTING_SSP;
621
6d80dfd0
JH		 622 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
623 settings |= MGMT_SETTING_HS;
624
f3d3444a 625 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 626 settings |= MGMT_SETTING_ADVERTISING;
627
e98d2ce2
MH		 628 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
629 settings |= MGMT_SETTING_SECURE_CONN;
630
0663b297 631 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 632 settings |= MGMT_SETTING_DEBUG_KEYS;
633
0f4bd942
JH		 634 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
635 settings |= MGMT_SETTING_PRIVACY;
636
69ab39ea
JH		 637 return settings;
638}
639
ef580372
JH		 640#define PNP_INFO_SVCLASS_ID 0x1200
641
213202ed
JH		 642static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
643{
644 u8 *ptr = data, *uuids_start = NULL;
645 struct bt_uuid *uuid;
646
647 if (len < 4)
648 return ptr;
649
650 list_for_each_entry(uuid, &hdev->uuids, list) {
651 u16 uuid16;
652
653 if (uuid->size != 16)
654 continue;
655
656 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
657 if (uuid16 < 0x1100)
658 continue;
659
660 if (uuid16 == PNP_INFO_SVCLASS_ID)
661 continue;
662
663 if (!uuids_start) {
664 uuids_start = ptr;
665 uuids_start[0] = 1;
666 uuids_start[1] = EIR_UUID16_ALL;
667 ptr += 2;
668 }
669
670 /* Stop if not enough space to put next UUID */
671 if ((ptr - data) + sizeof(u16) > len) {
672 uuids_start[1] = EIR_UUID16_SOME;
673 break;
674 }
675
676 *ptr++ = (uuid16 & 0x00ff);
677 *ptr++ = (uuid16 & 0xff00) >> 8;
678 uuids_start[0] += sizeof(uuid16);
679 }
680
681 return ptr;
682}
683
cdf1963f
JH		 684static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
685{
686 u8 *ptr = data, *uuids_start = NULL;
687 struct bt_uuid *uuid;
688
689 if (len < 6)
690 return ptr;
691
692 list_for_each_entry(uuid, &hdev->uuids, list) {
693 if (uuid->size != 32)
694 continue;
695
696 if (!uuids_start) {
697 uuids_start = ptr;
698 uuids_start[0] = 1;
699 uuids_start[1] = EIR_UUID32_ALL;
700 ptr += 2;
701 }
702
703 /* Stop if not enough space to put next UUID */
704 if ((ptr - data) + sizeof(u32) > len) {
705 uuids_start[1] = EIR_UUID32_SOME;
706 break;
707 }
708
709 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
710 ptr += sizeof(u32);
711 uuids_start[0] += sizeof(u32);
712 }
713
714 return ptr;
715}
716
c00d575b
JH		 717static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
718{
719 u8 *ptr = data, *uuids_start = NULL;
720 struct bt_uuid *uuid;
721
722 if (len < 18)
723 return ptr;
724
725 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 128)
727 continue;
728
729 if (!uuids_start) {
730 uuids_start = ptr;
731 uuids_start[0] = 1;
732 uuids_start[1] = EIR_UUID128_ALL;
733 ptr += 2;
734 }
735
736 /* Stop if not enough space to put next UUID */
737 if ((ptr - data) + 16 > len) {
738 uuids_start[1] = EIR_UUID128_SOME;
739 break;
740 }
741
742 memcpy(ptr, uuid->uuid, 16);
743 ptr += 16;
744 uuids_start[0] += 16;
745 }
746
747 return ptr;
748}
749
eb2a8d20
JH		 750static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
751{
752 struct pending_cmd *cmd;
753
754 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
755 if (cmd->opcode == opcode)
756 return cmd;
757 }
758
759 return NULL;
760}
761
95868426
JH		 762static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
763 struct hci_dev *hdev,
764 const void *data)
765{
766 struct pending_cmd *cmd;
767
768 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
769 if (cmd->user_data != data)
770 continue;
771 if (cmd->opcode == opcode)
772 return cmd;
773 }
774
775 return NULL;
776}
777
f14d8f64
MH		 778static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
779{
7a5f4990
MH		 780 u8 ad_len = 0;
781 size_t name_len;
782
783 name_len = strlen(hdev->dev_name);
784 if (name_len > 0) {
785 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
786
787 if (name_len > max_len) {
788 name_len = max_len;
789 ptr[1] = EIR_NAME_SHORT;
790 } else
791 ptr[1] = EIR_NAME_COMPLETE;
792
793 ptr[0] = name_len + 1;
794
795 memcpy(ptr + 2, hdev->dev_name, name_len);
796
797 ad_len += (name_len + 2);
798 ptr += (name_len + 2);
799 }
800
801 return ad_len;
f14d8f64
MH		 802}
803
804static void update_scan_rsp_data(struct hci_request *req)
805{
806 struct hci_dev *hdev = req->hdev;
807 struct hci_cp_le_set_scan_rsp_data cp;
808 u8 len;
809
7751ef1b 810 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 811 return;
812
813 memset(&cp, 0, sizeof(cp));
814
815 len = create_scan_rsp_data(hdev, cp.data);
816
eb438b5f
JH		 817 if (hdev->scan_rsp_data_len == len &&
818 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 819 return;
820
eb438b5f
JH		 821 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
822 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 823
824 cp.length = len;
825
826 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
827}
828
9a43e25f
JH		 829static u8 get_adv_discov_flags(struct hci_dev *hdev)
830{
831 struct pending_cmd *cmd;
832
833 /* If there's a pending mgmt command the flags will not yet have
834 * their final values, so check for this first.
835 */
836 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
837 if (cmd) {
838 struct mgmt_mode *cp = cmd->param;
839 if (cp->val == 0x01)
840 return LE_AD_GENERAL;
841 else if (cp->val == 0x02)
842 return LE_AD_LIMITED;
843 } else {
844 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
845 return LE_AD_LIMITED;
846 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
847 return LE_AD_GENERAL;
848 }
849
850 return 0;
851}
852
46cad2ed 853static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 854{
855 u8 ad_len = 0, flags = 0;
441ad2d0 856
9a43e25f 857 flags |= get_adv_discov_flags(hdev);
441ad2d0 858
e834004b 859 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 860 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 861
862 if (flags) {
863 BT_DBG("adv flags 0x%02x", flags);
864
865 ptr[0] = 2;
866 ptr[1] = EIR_FLAGS;
867 ptr[2] = flags;
868
869 ad_len += 3;
870 ptr += 3;
871 }
872
873 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
874 ptr[0] = 2;
875 ptr[1] = EIR_TX_POWER;
876 ptr[2] = (u8) hdev->adv_tx_power;
877
878 ad_len += 3;
879 ptr += 3;
880 }
881
441ad2d0
MH		 882 return ad_len;
883}
884
5947f4bc 885static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 886{
887 struct hci_dev *hdev = req->hdev;
888 struct hci_cp_le_set_adv_data cp;
889 u8 len;
890
10994ce6 891 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 892 return;
893
894 memset(&cp, 0, sizeof(cp));
895
46cad2ed 896 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 897
898 if (hdev->adv_data_len == len &&
899 memcmp(cp.data, hdev->adv_data, len) == 0)
900 return;
901
902 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
903 hdev->adv_data_len = len;
904
905 cp.length = len;
906
907 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
908}
909
bc6d2d04
JH		 910int mgmt_update_adv_data(struct hci_dev *hdev)
911{
912 struct hci_request req;
913
914 hci_req_init(&req, hdev);
915 update_adv_data(&req);
916
917 return hci_req_run(&req, NULL);
918}
919
ef580372
JH		 920static void create_eir(struct hci_dev *hdev, u8 *data)
921{
922 u8 *ptr = data;
ef580372
JH		 923 size_t name_len;
924
925 name_len = strlen(hdev->dev_name);
926
927 if (name_len > 0) {
928 /* EIR Data type */
929 if (name_len > 48) {
930 name_len = 48;
931 ptr[1] = EIR_NAME_SHORT;
932 } else
933 ptr[1] = EIR_NAME_COMPLETE;
934
935 /* EIR Data length */
936 ptr[0] = name_len + 1;
937
938 memcpy(ptr + 2, hdev->dev_name, name_len);
939
ef580372
JH		 940 ptr += (name_len + 2);
941 }
942
bbaf444a 943 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 944 ptr[0] = 2;
945 ptr[1] = EIR_TX_POWER;
946 ptr[2] = (u8) hdev->inq_tx_power;
947
91c4e9b1
MH		 948 ptr += 3;
949 }
950
2b9be137
MH		 951 if (hdev->devid_source > 0) {
952 ptr[0] = 9;
953 ptr[1] = EIR_DEVICE_ID;
954
955 put_unaligned_le16(hdev->devid_source, ptr + 2);
956 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
957 put_unaligned_le16(hdev->devid_product, ptr + 6);
958 put_unaligned_le16(hdev->devid_version, ptr + 8);
959
2b9be137
MH		 960 ptr += 10;
961 }
962
213202ed 963 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 964 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 965 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 966}
967
890ea898 968static void update_eir(struct hci_request *req)
ef580372 969{
890ea898 970 struct hci_dev *hdev = req->hdev;
ef580372
JH		 971 struct hci_cp_write_eir cp;
972
504c8dcd 973 if (!hdev_is_powered(hdev))
890ea898 974 return;
7770c4aa 975
976eb20e 976 if (!lmp_ext_inq_capable(hdev))
890ea898 977 return;
ef580372 978
84bde9d6 979 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 980 return;
ef580372 981
a8b2d5c2 982 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 983 return;
ef580372
JH		 984
985 memset(&cp, 0, sizeof(cp));
986
987 create_eir(hdev, cp.data);
988
989 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 990 return;
ef580372
JH		 991
992 memcpy(hdev->eir, cp.data, sizeof(cp.data));
993
890ea898 994 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 995}
996
997static u8 get_service_classes(struct hci_dev *hdev)
998{
999 struct bt_uuid *uuid;
1000 u8 val = 0;
1001
1002 list_for_each_entry(uuid, &hdev->uuids, list)
1003 val |= uuid->svc_hint;
1004
1005 return val;
1006}
1007
890ea898 1008static void update_class(struct hci_request *req)
ef580372 1009{
890ea898 1010 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1011 u8 cod[3];
1012
1013 BT_DBG("%s", hdev->name);
1014
504c8dcd 1015 if (!hdev_is_powered(hdev))
890ea898 1016 return;
7770c4aa 1017
f87ea1da
JH		 1018 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1019 return;
1020
a8b2d5c2 1021 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1022 return;
ef580372
JH		 1023
1024 cod[0] = hdev->minor_class;
1025 cod[1] = hdev->major_class;
1026 cod[2] = get_service_classes(hdev);
1027
6acd7db4
MH		 1028 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1029 cod[1] |= 0x20;
1030
ef580372 1031 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1032 return;
ef580372 1033
890ea898 1034 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1035}
1036
a4858cb9 1037static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1038{
1039 struct pending_cmd *cmd;
199a2fb1
JH		 1040
1041 /* If there's a pending mgmt command the flag will not yet have
1042 * it's final value, so check for this first.
1043 */
1044 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1045 if (cmd) {
1046 struct mgmt_mode *cp = cmd->param;
a4858cb9 1047 return cp->val;
199a2fb1
JH		 1048 }
1049
a4858cb9 1050 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1051}
1052
0ec5ae84
JH		 1053static void disable_advertising(struct hci_request *req)
1054{
1055 u8 enable = 0x00;
1056
1057 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1058}
1059
199a2fb1
JH		 1060static void enable_advertising(struct hci_request *req)
1061{
1062 struct hci_dev *hdev = req->hdev;
1063 struct hci_cp_le_set_adv_param cp;
8f2a0601 1064 u8 own_addr_type, enable = 0x01;
a4858cb9 1065 bool connectable;
199a2fb1 1066
0ec5ae84
JH		 1067 if (hci_conn_num(hdev, LE_LINK) > 0)
1068 return;
1069
1070 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1071 disable_advertising(req);
1072
5ce194c4 1073 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1074 * hci_update_random_address knows that it's safe to go ahead
1075 * and write a new random address. The flag will be set back on
1076 * as soon as the SET_ADV_ENABLE HCI command completes.
1077 */
5ce194c4 1078 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1079
a4858cb9 1080 connectable = get_connectable(hdev);
8f2a0601 1081
a4858cb9
JH		 1082 /* Set require_privacy to true only when non-connectable
1083 * advertising is used. In that case it is fine to use a
1084 * non-resolvable private address.
1085 */
1086 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1087 return;
1088
41c90c18 1089 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1090 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1091 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1092 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1093 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1094 cp.channel_map = hdev->le_adv_channel_map;
1095
1096 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1097
1098 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1099}
1100
7d78525d
JH		 1101static void service_cache_off(struct work_struct *work)
1102{
1103 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1104 service_cache.work);
890ea898 1105 struct hci_request req;
7d78525d 1106
a8b2d5c2 1107 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1108 return;
1109
890ea898
JH		 1110 hci_req_init(&req, hdev);
1111
7d78525d
JH		 1112 hci_dev_lock(hdev);
1113
890ea898
JH		 1114 update_eir(&req);
1115 update_class(&req);
7d78525d
JH		 1116
1117 hci_dev_unlock(hdev);
890ea898
JH		 1118
1119 hci_req_run(&req, NULL);
7d78525d
JH		 1120}
1121
d6bfd59c
JH		 1122static void rpa_expired(struct work_struct *work)
1123{
1124 struct hci_dev *hdev = container_of(work, struct hci_dev,
1125 rpa_expired.work);
1126 struct hci_request req;
1127
1128 BT_DBG("");
1129
1130 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1131
0ec5ae84 1132 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1133 return;
1134
1135 /* The generation of a new RPA and programming it into the
1136 * controller happens in the enable_advertising() function.
1137 */
d6bfd59c 1138 hci_req_init(&req, hdev);
d6bfd59c 1139 enable_advertising(&req);
d6bfd59c
JH		 1140 hci_req_run(&req, NULL);
1141}
1142
6a919082 1143static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1144{
4f87da80 1145 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1146 return;
1147
4f87da80 1148 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1149 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1150
4f87da80
JH		 1151 /* Non-mgmt controlled devices get this bit set
1152 * implicitly so that pairing works for them, however
1153 * for mgmt we require user-space to explicitly enable
1154 * it
1155 */
b6ae8457 1156 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1157}
1158
0f4e68cf 1159static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1160 void *data, u16 data_len)
0381101f 1161{
a38528f1 1162 struct mgmt_rp_read_info rp;
f7b64e69 1163
bdb6d971 1164 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1165
09fd0de5 1166 hci_dev_lock(hdev);
f7b64e69 1167
dc4fe30b
JH		 1168 memset(&rp, 0, sizeof(rp));
1169
69ab39ea 1170 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1171
69ab39ea 1172 rp.version = hdev->hci_ver;
eb55ef07 1173 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1174
1175 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1176 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1177
a38528f1 1178 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1179
dc4fe30b 1180 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1181 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1182
09fd0de5 1183 hci_dev_unlock(hdev);
0381101f 1184
bdb6d971 1185 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1186 sizeof(rp));
0381101f
JH		 1187}
1188
eec8d2bc
JH		 1189static void mgmt_pending_free(struct pending_cmd *cmd)
1190{
1191 sock_put(cmd->sk);
c68fb7ff 1192 kfree(cmd->param);
eec8d2bc
JH		 1193 kfree(cmd);
1194}
1195
366a0336 1196static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1197 struct hci_dev *hdev, void *data,
1198 u16 len)
eec8d2bc
JH		 1199{
1200 struct pending_cmd *cmd;
1201
fca20018 1202 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1203 if (!cmd)
366a0336 1204 return NULL;
eec8d2bc
JH		 1205
1206 cmd->opcode = opcode;
2e58ef3e 1207 cmd->index = hdev->id;
eec8d2bc 1208
323b0b88 1209 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1210 if (!cmd->param) {
eec8d2bc 1211 kfree(cmd);
366a0336 1212 return NULL;
eec8d2bc
JH		 1213 }
1214
323b0b88 1215 cmd->param_len = len;
eec8d2bc
JH		 1216
1217 cmd->sk = sk;
1218 sock_hold(sk);
1219
2e58ef3e 1220 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1221
366a0336 1222 return cmd;
eec8d2bc
JH		 1223}
1224
744cf19e 1225static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1226 void (*cb)(struct pending_cmd *cmd,
1227 void *data),
04124681 1228 void *data)
eec8d2bc 1229{
a3d09356 1230 struct pending_cmd *cmd, *tmp;
eec8d2bc 1231
a3d09356 1232 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1233 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1234 continue;
1235
eec8d2bc
JH		 1236 cb(cmd, data);
1237 }
1238}
1239
a664b5bc 1240static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1241{
73f22f62
JH		 1242 list_del(&cmd->list);
1243 mgmt_pending_free(cmd);
1244}
1245
69ab39ea 1246static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1247{
69ab39ea 1248 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1249
aee9b218 1250 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1251 sizeof(settings));
8680570b
JH		 1252}
1253
8b064a3a
JH		 1254static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1255{
1256 BT_DBG("%s status 0x%02x", hdev->name, status);
1257
a3172b7e
JH		 1258 if (hci_conn_count(hdev) == 0) {
1259 cancel_delayed_work(&hdev->power_off);
8b064a3a 1260 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1261 }
8b064a3a
JH		 1262}
1263
23a48093 1264static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1265{
1266 struct hci_dev *hdev = req->hdev;
1267 struct hci_cp_remote_name_req_cancel cp;
1268 struct inquiry_entry *e;
1269
1270 switch (hdev->discovery.state) {
1271 case DISCOVERY_FINDING:
1272 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1273 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1274 } else {
1275 cancel_delayed_work(&hdev->le_scan_disable);
1276 hci_req_add_le_scan_disable(req);
1277 }
1278
23a48093 1279 return true;
21a60d30
JH		 1280
1281 case DISCOVERY_RESOLVING:
1282 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1283 NAME_PENDING);
1284 if (!e)
23a48093 1285 break;
21a60d30
JH		 1286
1287 bacpy(&cp.bdaddr, &e->data.bdaddr);
1288 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1289 &cp);
1290
23a48093 1291 return true;
21a60d30
JH		 1292
1293 default:
1294 /* Passive scanning */
23a48093 1295 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1296 hci_req_add_le_scan_disable(req);
23a48093
JH		 1297 return true;
1298 }
1299
21a60d30
JH		 1300 break;
1301 }
23a48093
JH		 1302
1303 return false;
21a60d30
JH		 1304}
1305
8b064a3a
JH		 1306static int clean_up_hci_state(struct hci_dev *hdev)
1307{
1308 struct hci_request req;
1309 struct hci_conn *conn;
23a48093
JH		 1310 bool discov_stopped;
1311 int err;
8b064a3a
JH		 1312
1313 hci_req_init(&req, hdev);
1314
1315 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1316 test_bit(HCI_PSCAN, &hdev->flags)) {
1317 u8 scan = 0x00;
1318 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1319 }
1320
73e082f8 1321 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1322 disable_advertising(&req);
1323
23a48093 1324 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1325
1326 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1327 struct hci_cp_disconnect dc;
c9910d0f
JH		 1328 struct hci_cp_reject_conn_req rej;
1329
1330 switch (conn->state) {
1331 case BT_CONNECTED:
1332 case BT_CONFIG:
1333 dc.handle = cpu_to_le16(conn->handle);
1334 dc.reason = 0x15; /* Terminated due to Power Off */
1335 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1336 break;
1337 case BT_CONNECT:
1338 if (conn->type == LE_LINK)
1339 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1340 0, NULL);
1341 else if (conn->type == ACL_LINK)
1342 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 6, &conn->dst);
1344 break;
1345 case BT_CONNECT2:
1346 bacpy(&rej.bdaddr, &conn->dst);
1347 rej.reason = 0x15; /* Terminated due to Power Off */
1348 if (conn->type == ACL_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1350 sizeof(rej), &rej);
1351 else if (conn->type == SCO_LINK)
1352 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1353 sizeof(rej), &rej);
1354 break;
1355 }
8b064a3a
JH		 1356 }
1357
23a48093
JH		 1358 err = hci_req_run(&req, clean_up_hci_complete);
1359 if (!err && discov_stopped)
1360 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1361
1362 return err;
8b064a3a
JH		 1363}
1364
bdb6d971 1365static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1366 u16 len)
eec8d2bc 1367{
650f726d 1368 struct mgmt_mode *cp = data;
366a0336 1369 struct pending_cmd *cmd;
4b34ee78 1370 int err;
eec8d2bc 1371
bdb6d971 1372 BT_DBG("request for %s", hdev->name);
eec8d2bc 1373
a7e80f25
JH		 1374 if (cp->val != 0x00 && cp->val != 0x01)
1375 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1376 MGMT_STATUS_INVALID_PARAMS);
1377
09fd0de5 1378 hci_dev_lock(hdev);
eec8d2bc 1379
87b95ba6
JH		 1380 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1381 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1382 MGMT_STATUS_BUSY);
1383 goto failed;
1384 }
1385
f0d4b78a
MH		 1386 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1387 cancel_delayed_work(&hdev->power_off);
1388
1389 if (cp->val) {
a1d70450
JH		 1390 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1391 data, len);
1392 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1393 goto failed;
1394 }
1395 }
1396
4b34ee78 1397 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1398 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1399 goto failed;
1400 }
1401
2e58ef3e 1402 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1403 if (!cmd) {
1404 err = -ENOMEM;
eec8d2bc 1405 goto failed;
366a0336 1406 }
eec8d2bc 1407
8b064a3a 1408 if (cp->val) {
19202573 1409 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1410 err = 0;
1411 } else {
1412 /* Disconnect connections, stop scans, etc */
1413 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1414 if (!err)
1415 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1416 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1417
8b064a3a
JH		 1418 /* ENODATA means there were no HCI commands queued */
1419 if (err == -ENODATA) {
a3172b7e 1420 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1421 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1422 err = 0;
1423 }
1424 }
eec8d2bc
JH		 1425
1426failed:
09fd0de5 1427 hci_dev_unlock(hdev);
366a0336 1428 return err;
eec8d2bc
JH		 1429}
1430
beadb2bd
JH		 1431static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432{
1433 __le32 ev;
1434
1435 ev = cpu_to_le32(get_current_settings(hdev));
1436
1437 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1438}
1439
91a668b0
JH		 1440int mgmt_new_settings(struct hci_dev *hdev)
1441{
1442 return new_settings(hdev, NULL);
1443}
1444
bd99abdd
JH		 1445struct cmd_lookup {
1446 struct sock *sk;
1447 struct hci_dev *hdev;
1448 u8 mgmt_status;
1449};
1450
1451static void settings_rsp(struct pending_cmd *cmd, void *data)
1452{
1453 struct cmd_lookup *match = data;
1454
1455 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1456
1457 list_del(&cmd->list);
1458
1459 if (match->sk == NULL) {
1460 match->sk = cmd->sk;
1461 sock_hold(match->sk);
1462 }
1463
1464 mgmt_pending_free(cmd);
1465}
1466
1467static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468{
1469 u8 *status = data;
1470
1471 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1472 mgmt_pending_remove(cmd);
1473}
1474
1b9b5ee5
JH		 1475static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1476{
1477 if (cmd->cmd_complete) {
1478 u8 *status = data;
1479
1480 cmd->cmd_complete(cmd, *status);
1481 mgmt_pending_remove(cmd);
1482
1483 return;
1484 }
1485
1486 cmd_status_rsp(cmd, data);
1487}
1488
f5818c22
JH		 1489static void generic_cmd_complete(struct pending_cmd *cmd, u8 status)
1490{
1491 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1492 cmd->param_len);
1493}
1494
7776d1d8
JH		 1495static void addr_cmd_complete(struct pending_cmd *cmd, u8 status)
1496{
1497 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1498 sizeof(struct mgmt_addr_info));
1499}
1500
e6fe7986
JH		 1501static u8 mgmt_bredr_support(struct hci_dev *hdev)
1502{
1503 if (!lmp_bredr_capable(hdev))
1504 return MGMT_STATUS_NOT_SUPPORTED;
1505 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1506 return MGMT_STATUS_REJECTED;
1507 else
1508 return MGMT_STATUS_SUCCESS;
1509}
1510
1511static u8 mgmt_le_support(struct hci_dev *hdev)
1512{
1513 if (!lmp_le_capable(hdev))
1514 return MGMT_STATUS_NOT_SUPPORTED;
1515 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1516 return MGMT_STATUS_REJECTED;
1517 else
1518 return MGMT_STATUS_SUCCESS;
1519}
1520
bfaf8c9f
JH		 1521static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1522{
1523 struct pending_cmd *cmd;
1524 struct mgmt_mode *cp;
970ba524 1525 struct hci_request req;
bfaf8c9f
JH		 1526 bool changed;
1527
1528 BT_DBG("status 0x%02x", status);
1529
1530 hci_dev_lock(hdev);
1531
1532 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1533 if (!cmd)
1534 goto unlock;
1535
1536 if (status) {
1537 u8 mgmt_err = mgmt_status(status);
1538 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1539 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1540 goto remove_cmd;
1541 }
1542
1543 cp = cmd->param;
d4462a07 1544 if (cp->val) {
bfaf8c9f
JH		 1545 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1546 &hdev->dev_flags);
d4462a07
MH		 1547
1548 if (hdev->discov_timeout > 0) {
1549 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1550 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1551 to);
1552 }
1553 } else {
bfaf8c9f
JH		 1554 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1555 &hdev->dev_flags);
d4462a07 1556 }
bfaf8c9f
JH		 1557
1558 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1559
1560 if (changed)
1561 new_settings(hdev, cmd->sk);
1562
970ba524
MH		 1563 /* When the discoverable mode gets changed, make sure
1564 * that class of device has the limited discoverable
432df05e
JH		 1565 * bit correctly set. Also update page scan based on whitelist
1566 * entries.
970ba524
MH		 1567 */
1568 hci_req_init(&req, hdev);
432df05e 1569 hci_update_page_scan(hdev, &req);
970ba524
MH		 1570 update_class(&req);
1571 hci_req_run(&req, NULL);
1572
bfaf8c9f
JH		 1573remove_cmd:
1574 mgmt_pending_remove(cmd);
1575
1576unlock:
1577 hci_dev_unlock(hdev);
1578}
1579
bdb6d971 1580static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1581 u16 len)
73f22f62 1582{
650f726d 1583 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1584 struct pending_cmd *cmd;
bfaf8c9f 1585 struct hci_request req;
5e5282bb 1586 u16 timeout;
9a43e25f 1587 u8 scan;
73f22f62
JH		 1588 int err;
1589
bdb6d971 1590 BT_DBG("request for %s", hdev->name);
73f22f62 1591
9a43e25f
JH		 1592 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1593 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1594 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1595 MGMT_STATUS_REJECTED);
33c525c0 1596
310a3d48 1597 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1598 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1599 MGMT_STATUS_INVALID_PARAMS);
1600
1f350c87 1601 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1602
1603 /* Disabling discoverable requires that no timeout is set,
1604 * and enabling limited discoverable requires a timeout.
1605 */
1606 if ((cp->val == 0x00 && timeout > 0) ||
1607 (cp->val == 0x02 && timeout == 0))
bdb6d971 1608 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1609 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1610
09fd0de5 1611 hci_dev_lock(hdev);
73f22f62 1612
5e5282bb 1613 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1614 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1615 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1616 goto failed;
1617 }
1618
2e58ef3e 1619 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1620 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1621 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1622 MGMT_STATUS_BUSY);
73f22f62
JH		 1623 goto failed;
1624 }
1625
5e5282bb 1626 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1627 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1628 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1629 goto failed;
1630 }
1631
1632 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1633 bool changed = false;
1634
310a3d48
MH		 1635 /* Setting limited discoverable when powered off is
1636 * not a valid operation since it requires a timeout
1637 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1638 */
0224d2fa
JH		 1639 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1640 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1641 changed = true;
1642 }
1643
5e5282bb 1644 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1645 if (err < 0)
1646 goto failed;
1647
1648 if (changed)
1649 err = new_settings(hdev, sk);
1650
5e5282bb
JH		 1651 goto failed;
1652 }
1653
310a3d48
MH		 1654 /* If the current mode is the same, then just update the timeout
1655 * value with the new value. And if only the timeout gets updated,
1656 * then no need for any HCI transactions.
1657 */
1658 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1659 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1660 &hdev->dev_flags)) {
36261547
MH		 1661 cancel_delayed_work(&hdev->discov_off);
1662 hdev->discov_timeout = timeout;
955638ec 1663
36261547
MH		 1664 if (cp->val && hdev->discov_timeout > 0) {
1665 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1666 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1667 to);
955638ec
MH		 1668 }
1669
69ab39ea 1670 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1671 goto failed;
1672 }
1673
2e58ef3e 1674 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1675 if (!cmd) {
1676 err = -ENOMEM;
73f22f62 1677 goto failed;
366a0336 1678 }
73f22f62 1679
310a3d48
MH		 1680 /* Cancel any potential discoverable timeout that might be
1681 * still active and store new timeout value. The arming of
1682 * the timeout happens in the complete handler.
1683 */
1684 cancel_delayed_work(&hdev->discov_off);
1685 hdev->discov_timeout = timeout;
1686
b456f87c
JH		 1687 /* Limited discoverable mode */
1688 if (cp->val == 0x02)
1689 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1690 else
1691 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1692
bfaf8c9f
JH		 1693 hci_req_init(&req, hdev);
1694
9a43e25f
JH		 1695 /* The procedure for LE-only controllers is much simpler - just
1696 * update the advertising data.
1697 */
1698 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1699 goto update_ad;
1700
73f22f62
JH		 1701 scan = SCAN_PAGE;
1702
310a3d48
MH		 1703 if (cp->val) {
1704 struct hci_cp_write_current_iac_lap hci_cp;
1705
1706 if (cp->val == 0x02) {
1707 /* Limited discoverable mode */
33337dcb 1708 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1709 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1710 hci_cp.iac_lap[1] = 0x8b;
1711 hci_cp.iac_lap[2] = 0x9e;
1712 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1713 hci_cp.iac_lap[4] = 0x8b;
1714 hci_cp.iac_lap[5] = 0x9e;
1715 } else {
1716 /* General discoverable mode */
310a3d48
MH		 1717 hci_cp.num_iac = 1;
1718 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1719 hci_cp.iac_lap[1] = 0x8b;
1720 hci_cp.iac_lap[2] = 0x9e;
1721 }
1722
1723 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1724 (hci_cp.num_iac * 3) + 1, &hci_cp);
1725
73f22f62 1726 scan |= SCAN_INQUIRY;
310a3d48
MH		 1727 } else {
1728 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1729 }
73f22f62 1730
310a3d48 1731 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1732
9a43e25f
JH		 1733update_ad:
1734 update_adv_data(&req);
1735
bfaf8c9f 1736 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1737 if (err < 0)
a664b5bc 1738 mgmt_pending_remove(cmd);
73f22f62
JH		 1739
1740failed:
09fd0de5 1741 hci_dev_unlock(hdev);
73f22f62
JH		 1742 return err;
1743}
1744
406d7804
JH		 1745static void write_fast_connectable(struct hci_request *req, bool enable)
1746{
bd98b996 1747 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1748 struct hci_cp_write_page_scan_activity acp;
1749 u8 type;
1750
547003b1
JH		 1751 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1752 return;
1753
4c01f8b8
JH		 1754 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1755 return;
1756
406d7804
JH		 1757 if (enable) {
1758 type = PAGE_SCAN_TYPE_INTERLACED;
1759
1760 /* 160 msec page scan interval */
dcf4adbf 1761 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1762 } else {
1763 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1764
1765 /* default 1.28 sec page scan */
dcf4adbf 1766 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1767 }
1768
dcf4adbf 1769 acp.window = cpu_to_le16(0x0012);
406d7804 1770
bd98b996
JH		 1771 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1772 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1773 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1774 sizeof(acp), &acp);
1775
1776 if (hdev->page_scan_type != type)
1777 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1778}
1779
2b76f453
JH		 1780static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1781{
1782 struct pending_cmd *cmd;
d7b856f9 1783 struct mgmt_mode *cp;
bc6d2d04 1784 bool conn_changed, discov_changed;
2b76f453
JH		 1785
1786 BT_DBG("status 0x%02x", status);
1787
1788 hci_dev_lock(hdev);
1789
1790 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1791 if (!cmd)
1792 goto unlock;
1793
37438c1f
JH		 1794 if (status) {
1795 u8 mgmt_err = mgmt_status(status);
1796 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1797 goto remove_cmd;
1798 }
1799
d7b856f9 1800 cp = cmd->param;
bc6d2d04
JH		 1801 if (cp->val) {
1802 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1803 &hdev->dev_flags);
1804 discov_changed = false;
1805 } else {
1806 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1807 &hdev->dev_flags);
1808 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1809 &hdev->dev_flags);
1810 }
d7b856f9 1811
2b76f453
JH		 1812 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1813
bc6d2d04 1814 if (conn_changed || discov_changed) {
d7b856f9 1815 new_settings(hdev, cmd->sk);
432df05e 1816 hci_update_page_scan(hdev, NULL);
bc6d2d04
JH		 1817 if (discov_changed)
1818 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1819 hci_update_background_scan(hdev);
1820 }
d7b856f9 1821
37438c1f 1822remove_cmd:
2b76f453
JH		 1823 mgmt_pending_remove(cmd);
1824
1825unlock:
1826 hci_dev_unlock(hdev);
1827}
1828
e8ba3a1f
JH		 1829static int set_connectable_update_settings(struct hci_dev *hdev,
1830 struct sock *sk, u8 val)
1831{
1832 bool changed = false;
1833 int err;
1834
1835 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1836 changed = true;
1837
1838 if (val) {
1839 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1840 } else {
1841 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1842 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1843 }
1844
1845 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1846 if (err < 0)
1847 return err;
1848
562064e6 1849 if (changed) {
432df05e 1850 hci_update_page_scan(hdev, NULL);
562064e6 1851 hci_update_background_scan(hdev);
e8ba3a1f 1852 return new_settings(hdev, sk);
562064e6 1853 }
e8ba3a1f
JH		 1854
1855 return 0;
1856}
1857
bdb6d971 1858static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1859 u16 len)
9fbcbb45 1860{
650f726d 1861 struct mgmt_mode *cp = data;
366a0336 1862 struct pending_cmd *cmd;
2b76f453 1863 struct hci_request req;
1987fdc7 1864 u8 scan;
9fbcbb45
JH		 1865 int err;
1866
bdb6d971 1867 BT_DBG("request for %s", hdev->name);
9fbcbb45 1868
1987fdc7
JH		 1869 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1870 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1871 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1872 MGMT_STATUS_REJECTED);
33c525c0 1873
a7e80f25
JH		 1874 if (cp->val != 0x00 && cp->val != 0x01)
1875 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1876 MGMT_STATUS_INVALID_PARAMS);
1877
09fd0de5 1878 hci_dev_lock(hdev);
9fbcbb45 1879
4b34ee78 1880 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1881 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1882 goto failed;
1883 }
1884
2e58ef3e 1885 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1886 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1887 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1888 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1889 goto failed;
1890 }
1891
2e58ef3e 1892 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1893 if (!cmd) {
1894 err = -ENOMEM;
9fbcbb45 1895 goto failed;
366a0336 1896 }
9fbcbb45 1897
9b74246f 1898 hci_req_init(&req, hdev);
9fbcbb45 1899
9a43e25f
JH		 1900 /* If BR/EDR is not enabled and we disable advertising as a
1901 * by-product of disabling connectable, we need to update the
1902 * advertising flags.
1903 */
1904 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1905 if (!cp->val) {
1906 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1907 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1908 }
1909 update_adv_data(&req);
1910 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1911 if (cp->val) {
1912 scan = SCAN_PAGE;
1913 } else {
3bd27240
JH		 1914 /* If we don't have any whitelist entries just
1915 * disable all scanning. If there are entries
1916 * and we had both page and inquiry scanning
1917 * enabled then fall back to only page scanning.
1918 * Otherwise no changes are needed.
1919 */
1920 if (list_empty(&hdev->whitelist))
1921 scan = SCAN_DISABLED;
1922 else if (test_bit(HCI_ISCAN, &hdev->flags))
1923 scan = SCAN_PAGE;
1924 else
1925 goto no_scan_update;
9b74246f
JH		 1926
1927 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1928 hdev->discov_timeout > 0)
9b74246f
JH		 1929 cancel_delayed_work(&hdev->discov_off);
1930 }
2b76f453 1931
9b74246f
JH		 1932 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1933 }
2b76f453 1934
3bd27240 1935no_scan_update:
4c01f8b8
JH		 1936 /* If we're going from non-connectable to connectable or
1937 * vice-versa when fast connectable is enabled ensure that fast
1938 * connectable gets disabled. write_fast_connectable won't do
1939 * anything if the page scan parameters are already what they
1940 * should be.
1941 */
1942 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1943 write_fast_connectable(&req, false);
1944
e8b1202c
JH		 1945 /* Update the advertising parameters if necessary */
1946 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1947 enable_advertising(&req);
1987fdc7 1948
2b76f453 1949 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1950 if (err < 0) {
a664b5bc 1951 mgmt_pending_remove(cmd);
9b74246f 1952 if (err == -ENODATA)
a81070ba
JH		 1953 err = set_connectable_update_settings(hdev, sk,
1954 cp->val);
9b74246f
JH		 1955 goto failed;
1956 }
9fbcbb45
JH		 1957
1958failed:
09fd0de5 1959 hci_dev_unlock(hdev);
9fbcbb45
JH		 1960 return err;
1961}
1962
b2939475 1963static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1964 u16 len)
c542a06c 1965{
650f726d 1966 struct mgmt_mode *cp = data;
55594356 1967 bool changed;
c542a06c
JH		 1968 int err;
1969
bdb6d971 1970 BT_DBG("request for %s", hdev->name);
c542a06c 1971
a7e80f25 1972 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1973 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1974 MGMT_STATUS_INVALID_PARAMS);
1975
09fd0de5 1976 hci_dev_lock(hdev);
c542a06c
JH		 1977
1978 if (cp->val)
b6ae8457 1979 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1980 else
b6ae8457 1981 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1982
b2939475 1983 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1984 if (err < 0)
55594356 1985 goto unlock;
c542a06c 1986
55594356
MH		 1987 if (changed)
1988 err = new_settings(hdev, sk);
c542a06c 1989
55594356 1990unlock:
09fd0de5 1991 hci_dev_unlock(hdev);
c542a06c
JH		 1992 return err;
1993}
1994
04124681
GP		 1995static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1996 u16 len)
33ef95ed
JH		 1997{
1998 struct mgmt_mode *cp = data;
1999 struct pending_cmd *cmd;
e6fe7986 2000 u8 val, status;
33ef95ed
JH		 2001 int err;
2002
bdb6d971 2003 BT_DBG("request for %s", hdev->name);
33ef95ed 2004
e6fe7986
JH		 2005 status = mgmt_bredr_support(hdev);
2006 if (status)
33c525c0 2007 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 2008 status);
33c525c0 2009
a7e80f25
JH		 2010 if (cp->val != 0x00 && cp->val != 0x01)
2011 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2012 MGMT_STATUS_INVALID_PARAMS);
2013
33ef95ed
JH		 2014 hci_dev_lock(hdev);
2015
4b34ee78 2016 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2017 bool changed = false;
2018
2019 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2020 &hdev->dev_flags)) {
47990ea0
JH		 2021 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2022 changed = true;
2023 }
2024
2025 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2026 if (err < 0)
2027 goto failed;
2028
2029 if (changed)
2030 err = new_settings(hdev, sk);
2031
33ef95ed
JH		 2032 goto failed;
2033 }
2034
2035 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2036 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2037 MGMT_STATUS_BUSY);
33ef95ed
JH		 2038 goto failed;
2039 }
2040
2041 val = !!cp->val;
2042
2043 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2044 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2045 goto failed;
2046 }
2047
2048 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2049 if (!cmd) {
2050 err = -ENOMEM;
2051 goto failed;
2052 }
2053
2054 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2055 if (err < 0) {
2056 mgmt_pending_remove(cmd);
2057 goto failed;
2058 }
2059
2060failed:
2061 hci_dev_unlock(hdev);
33ef95ed
JH		 2062 return err;
2063}
2064
bdb6d971 2065static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2066{
2067 struct mgmt_mode *cp = data;
2068 struct pending_cmd *cmd;
72ef0c1a 2069 u8 status;
ed2c4ee3
JH		 2070 int err;
2071
bdb6d971 2072 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2073
cdba5281
MH		 2074 status = mgmt_bredr_support(hdev);
2075 if (status)
2076 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2077
13ecd8b6
JH		 2078 if (!lmp_ssp_capable(hdev))
2079 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2080 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2081
a7e80f25
JH		 2082 if (cp->val != 0x00 && cp->val != 0x01)
2083 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2084 MGMT_STATUS_INVALID_PARAMS);
2085
13ecd8b6 2086 hci_dev_lock(hdev);
6c8f12c1 2087
4b34ee78 2088 if (!hdev_is_powered(hdev)) {
9ecb3e24 2089 bool changed;
c0ecddc2 2090
9ecb3e24
MH		 2091 if (cp->val) {
2092 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2093 &hdev->dev_flags);
2094 } else {
2095 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2096 &hdev->dev_flags);
2097 if (!changed)
2098 changed = test_and_clear_bit(HCI_HS_ENABLED,
2099 &hdev->dev_flags);
2100 else
2101 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2102 }
2103
2104 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2105 if (err < 0)
2106 goto failed;
2107
2108 if (changed)
2109 err = new_settings(hdev, sk);
2110
ed2c4ee3
JH		 2111 goto failed;
2112 }
2113
9ecb3e24
MH		 2114 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2115 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2116 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2117 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2118 goto failed;
2119 }
2120
72ef0c1a 2121 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2122 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2123 goto failed;
2124 }
2125
2126 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2127 if (!cmd) {
2128 err = -ENOMEM;
2129 goto failed;
2130 }
2131
3769972b
JH		 2132 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2133 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2134 sizeof(cp->val), &cp->val);
2135
72ef0c1a 2136 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2137 if (err < 0) {
2138 mgmt_pending_remove(cmd);
2139 goto failed;
2140 }
2141
2142failed:
2143 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2144 return err;
2145}
2146
bdb6d971 2147static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2148{
2149 struct mgmt_mode *cp = data;
ee392693 2150 bool changed;
e6fe7986 2151 u8 status;
ee392693 2152 int err;
6d80dfd0 2153
bdb6d971 2154 BT_DBG("request for %s", hdev->name);
6d80dfd0 2155
e6fe7986
JH		 2156 status = mgmt_bredr_support(hdev);
2157 if (status)
2158 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2159
9ecb3e24
MH		 2160 if (!lmp_ssp_capable(hdev))
2161 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2162 MGMT_STATUS_NOT_SUPPORTED);
2163
2164 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2165 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2166 MGMT_STATUS_REJECTED);
2167
a7e80f25
JH		 2168 if (cp->val != 0x00 && cp->val != 0x01)
2169 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2170 MGMT_STATUS_INVALID_PARAMS);
2171
ee392693
MH		 2172 hci_dev_lock(hdev);
2173
a0cdf960 2174 if (cp->val) {
ee392693 2175 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2176 } else {
2177 if (hdev_is_powered(hdev)) {
2178 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2179 MGMT_STATUS_REJECTED);
2180 goto unlock;
2181 }
2182
ee392693 2183 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2184 }
ee392693
MH		 2185
2186 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2187 if (err < 0)
2188 goto unlock;
2189
2190 if (changed)
2191 err = new_settings(hdev, sk);
6d80dfd0 2192
ee392693
MH		 2193unlock:
2194 hci_dev_unlock(hdev);
2195 return err;
6d80dfd0
JH		 2196}
2197
416a4ae5
JH		 2198static void le_enable_complete(struct hci_dev *hdev, u8 status)
2199{
2200 struct cmd_lookup match = { NULL, hdev };
2201
2202 if (status) {
2203 u8 mgmt_err = mgmt_status(status);
2204
2205 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2206 &mgmt_err);
2207 return;
2208 }
2209
2210 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2211
2212 new_settings(hdev, match.sk);
2213
2214 if (match.sk)
2215 sock_put(match.sk);
441ad2d0
MH		 2216
2217 /* Make sure the controller has a good default for
2218 * advertising data. Restrict the update to when LE
2219 * has actually been enabled. During power on, the
2220 * update in powered_update_hci will take care of it.
2221 */
2222 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2223 struct hci_request req;
2224
2225 hci_dev_lock(hdev);
2226
2227 hci_req_init(&req, hdev);
5947f4bc 2228 update_adv_data(&req);
f14d8f64 2229 update_scan_rsp_data(&req);
441ad2d0
MH		 2230 hci_req_run(&req, NULL);
2231
a70f4b5f
JH		 2232 hci_update_background_scan(hdev);
2233
441ad2d0
MH		 2234 hci_dev_unlock(hdev);
2235 }
416a4ae5
JH		 2236}
2237
bdb6d971 2238static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2239{
2240 struct mgmt_mode *cp = data;
2241 struct hci_cp_write_le_host_supported hci_cp;
2242 struct pending_cmd *cmd;
416a4ae5 2243 struct hci_request req;
06199cf8 2244 int err;
0b60eba1 2245 u8 val, enabled;
06199cf8 2246
bdb6d971 2247 BT_DBG("request for %s", hdev->name);
06199cf8 2248
13ecd8b6
JH		 2249 if (!lmp_le_capable(hdev))
2250 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2251 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2252
a7e80f25
JH		 2253 if (cp->val != 0x00 && cp->val != 0x01)
2254 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2255 MGMT_STATUS_INVALID_PARAMS);
2256
c73eee91 2257 /* LE-only devices do not allow toggling LE on/off */
56f87901 2258 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2259 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2260 MGMT_STATUS_REJECTED);
2261
13ecd8b6 2262 hci_dev_lock(hdev);
06199cf8
JH		 2263
2264 val = !!cp->val;
ffa88e02 2265 enabled = lmp_host_le_capable(hdev);
06199cf8 2266
0b60eba1 2267 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2268 bool changed = false;
2269
2270 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2271 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2272 changed = true;
2273 }
2274
f3d3444a
JH		 2275 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2276 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2277 changed = true;
2278 }
2279
06199cf8
JH		 2280 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2281 if (err < 0)
1de028ce 2282 goto unlock;
06199cf8
JH		 2283
2284 if (changed)
2285 err = new_settings(hdev, sk);
2286
1de028ce 2287 goto unlock;
06199cf8
JH		 2288 }
2289
4375f103
JH		 2290 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2291 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2292 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2293 MGMT_STATUS_BUSY);
1de028ce 2294 goto unlock;
06199cf8
JH		 2295 }
2296
2297 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2298 if (!cmd) {
2299 err = -ENOMEM;
1de028ce 2300 goto unlock;
06199cf8
JH		 2301 }
2302
441ad2d0
MH		 2303 hci_req_init(&req, hdev);
2304
06199cf8
JH		 2305 memset(&hci_cp, 0, sizeof(hci_cp));
2306
2307 if (val) {
2308 hci_cp.le = val;
32226e4f 2309 hci_cp.simul = 0x00;
441ad2d0 2310 } else {
73e082f8 2311 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2312 disable_advertising(&req);
06199cf8
JH		 2313 }
2314
416a4ae5
JH		 2315 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2316 &hci_cp);
2317
2318 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2319 if (err < 0)
06199cf8 2320 mgmt_pending_remove(cmd);
06199cf8 2321
1de028ce
JH		 2322unlock:
2323 hci_dev_unlock(hdev);
06199cf8
JH		 2324 return err;
2325}
2326
0cab9c80
JH		 2327/* This is a helper function to test for pending mgmt commands that can
2328 * cause CoD or EIR HCI commands. We can only allow one such pending
2329 * mgmt command at a time since otherwise we cannot easily track what
2330 * the current values are, will be, and based on that calculate if a new
2331 * HCI command needs to be sent and if yes with what value.
2332 */
2333static bool pending_eir_or_class(struct hci_dev *hdev)
2334{
2335 struct pending_cmd *cmd;
2336
2337 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2338 switch (cmd->opcode) {
2339 case MGMT_OP_ADD_UUID:
2340 case MGMT_OP_REMOVE_UUID:
2341 case MGMT_OP_SET_DEV_CLASS:
2342 case MGMT_OP_SET_POWERED:
2343 return true;
2344 }
2345 }
2346
2347 return false;
2348}
2349
83be8eca
JH		 2350static const u8 bluetooth_base_uuid[] = {
2351 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2352 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2353};
2354
2355static u8 get_uuid_size(const u8 *uuid)
2356{
2357 u32 val;
2358
2359 if (memcmp(uuid, bluetooth_base_uuid, 12))
2360 return 128;
2361
2362 val = get_unaligned_le32(&uuid[12]);
2363 if (val > 0xffff)
2364 return 32;
2365
2366 return 16;
2367}
2368
92da6097
JH		 2369static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2370{
2371 struct pending_cmd *cmd;
2372
2373 hci_dev_lock(hdev);
2374
2375 cmd = mgmt_pending_find(mgmt_op, hdev);
2376 if (!cmd)
2377 goto unlock;
2378
2379 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2380 hdev->dev_class, 3);
2381
2382 mgmt_pending_remove(cmd);
2383
2384unlock:
2385 hci_dev_unlock(hdev);
2386}
2387
2388static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2389{
2390 BT_DBG("status 0x%02x", status);
2391
2392 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2393}
2394
bdb6d971 2395static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2396{
650f726d 2397 struct mgmt_cp_add_uuid *cp = data;
90e70454 2398 struct pending_cmd *cmd;
890ea898 2399 struct hci_request req;
2aeb9a1a 2400 struct bt_uuid *uuid;
2aeb9a1a
JH		 2401 int err;
2402
bdb6d971 2403 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2404
09fd0de5 2405 hci_dev_lock(hdev);
2aeb9a1a 2406
0cab9c80 2407 if (pending_eir_or_class(hdev)) {
bdb6d971 2408 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2409 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2410 goto failed;
2411 }
2412
92c4c204 2413 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2414 if (!uuid) {
2415 err = -ENOMEM;
2416 goto failed;
2417 }
2418
2419 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2420 uuid->svc_hint = cp->svc_hint;
83be8eca 2421 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2422
de66aa63 2423 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2424
890ea898 2425 hci_req_init(&req, hdev);
1aff6f09 2426
890ea898
JH		 2427 update_class(&req);
2428 update_eir(&req);
2429
92da6097
JH		 2430 err = hci_req_run(&req, add_uuid_complete);
2431 if (err < 0) {
2432 if (err != -ENODATA)
2433 goto failed;
80a1e1db 2434
bdb6d971 2435 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2436 hdev->dev_class, 3);
90e70454
JH		 2437 goto failed;
2438 }
2439
2440 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2441 if (!cmd) {
90e70454 2442 err = -ENOMEM;
890ea898
JH		 2443 goto failed;
2444 }
2445
2446 err = 0;
2aeb9a1a
JH		 2447
2448failed:
09fd0de5 2449 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2450 return err;
2451}
2452
24b78d0f
JH		 2453static bool enable_service_cache(struct hci_dev *hdev)
2454{
2455 if (!hdev_is_powered(hdev))
2456 return false;
2457
2458 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2459 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2460 CACHE_TIMEOUT);
24b78d0f
JH		 2461 return true;
2462 }
2463
2464 return false;
2465}
2466
92da6097
JH		 2467static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2468{
2469 BT_DBG("status 0x%02x", status);
2470
2471 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2472}
2473
bdb6d971 2474static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2475 u16 len)
2aeb9a1a 2476{
650f726d 2477 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2478 struct pending_cmd *cmd;
056341c8 2479 struct bt_uuid *match, *tmp;
2aeb9a1a 2480 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2481 struct hci_request req;
2aeb9a1a
JH		 2482 int err, found;
2483
bdb6d971 2484 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2485
09fd0de5 2486 hci_dev_lock(hdev);
2aeb9a1a 2487
0cab9c80 2488 if (pending_eir_or_class(hdev)) {
bdb6d971 2489 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2490 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2491 goto unlock;
2492 }
2493
2aeb9a1a 2494 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2495 hci_uuids_clear(hdev);
4004b6d9 2496
24b78d0f 2497 if (enable_service_cache(hdev)) {
bdb6d971 2498 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2499 0, hdev->dev_class, 3);
24b78d0f
JH		 2500 goto unlock;
2501 }
4004b6d9 2502
9246a869 2503 goto update_class;
2aeb9a1a
JH		 2504 }
2505
2506 found = 0;
2507
056341c8 2508 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2509 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2510 continue;
2511
2512 list_del(&match->list);
482049f7 2513 kfree(match);
2aeb9a1a
JH		 2514 found++;
2515 }
2516
2517 if (found == 0) {
bdb6d971 2518 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2519 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2520 goto unlock;
2521 }
2522
9246a869 2523update_class:
890ea898 2524 hci_req_init(&req, hdev);
1aff6f09 2525
890ea898
JH		 2526 update_class(&req);
2527 update_eir(&req);
2528
92da6097
JH		 2529 err = hci_req_run(&req, remove_uuid_complete);
2530 if (err < 0) {
2531 if (err != -ENODATA)
2532 goto unlock;
80a1e1db 2533
bdb6d971 2534 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2535 hdev->dev_class, 3);
90e70454
JH		 2536 goto unlock;
2537 }
2538
2539 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2540 if (!cmd) {
90e70454 2541 err = -ENOMEM;
890ea898
JH		 2542 goto unlock;
2543 }
2544
2545 err = 0;
2aeb9a1a
JH		 2546
2547unlock:
09fd0de5 2548 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2549 return err;
2550}
2551
92da6097
JH		 2552static void set_class_complete(struct hci_dev *hdev, u8 status)
2553{
2554 BT_DBG("status 0x%02x", status);
2555
2556 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2557}
2558
bdb6d971 2559static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2560 u16 len)
1aff6f09 2561{
650f726d 2562 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2563 struct pending_cmd *cmd;
890ea898 2564 struct hci_request req;
1aff6f09
JH		 2565 int err;
2566
bdb6d971 2567 BT_DBG("request for %s", hdev->name);
1aff6f09 2568
6203fc98 2569 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2570 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2571 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2572
0cab9c80 2573 hci_dev_lock(hdev);
ee98f473 2574
0cab9c80
JH		 2575 if (pending_eir_or_class(hdev)) {
2576 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2577 MGMT_STATUS_BUSY);
2578 goto unlock;
2579 }
c95f0ba7 2580
0cab9c80
JH		 2581 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2582 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2583 MGMT_STATUS_INVALID_PARAMS);
2584 goto unlock;
2585 }
575b3a02 2586
932f5ff5
JH		 2587 hdev->major_class = cp->major;
2588 hdev->minor_class = cp->minor;
2589
b5235a65 2590 if (!hdev_is_powered(hdev)) {
bdb6d971 2591 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2592 hdev->dev_class, 3);
b5235a65
JH		 2593 goto unlock;
2594 }
2595
890ea898
JH		 2596 hci_req_init(&req, hdev);
2597
a8b2d5c2 2598 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2599 hci_dev_unlock(hdev);
2600 cancel_delayed_work_sync(&hdev->service_cache);
2601 hci_dev_lock(hdev);
890ea898 2602 update_eir(&req);
7d78525d 2603 }
14c0b608 2604
890ea898
JH		 2605 update_class(&req);
2606
92da6097
JH		 2607 err = hci_req_run(&req, set_class_complete);
2608 if (err < 0) {
2609 if (err != -ENODATA)
2610 goto unlock;
1aff6f09 2611
bdb6d971 2612 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2613 hdev->dev_class, 3);
90e70454
JH		 2614 goto unlock;
2615 }
2616
2617 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2618 if (!cmd) {
90e70454 2619 err = -ENOMEM;
890ea898
JH		 2620 goto unlock;
2621 }
2622
2623 err = 0;
1aff6f09 2624
b5235a65 2625unlock:
09fd0de5 2626 hci_dev_unlock(hdev);
1aff6f09
JH		 2627 return err;
2628}
2629
bdb6d971 2630static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2631 u16 len)
55ed8ca1 2632{
650f726d 2633 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2634 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2635 sizeof(struct mgmt_link_key_info));
4e51eae9 2636 u16 key_count, expected_len;
b1de97d8 2637 bool changed;
a492cd52 2638 int i;
55ed8ca1 2639
9060d5cf
MH		 2640 BT_DBG("request for %s", hdev->name);
2641
2642 if (!lmp_bredr_capable(hdev))
2643 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2644 MGMT_STATUS_NOT_SUPPORTED);
2645
1f350c87 2646 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2647 if (key_count > max_key_count) {
2648 BT_ERR("load_link_keys: too big key_count value %u",
2649 key_count);
2650 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2651 MGMT_STATUS_INVALID_PARAMS);
2652 }
55ed8ca1 2653
86742e1e
JH		 2654 expected_len = sizeof(*cp) + key_count *
2655 sizeof(struct mgmt_link_key_info);
a492cd52 2656 if (expected_len != len) {
86742e1e 2657 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2658 expected_len, len);
bdb6d971 2659 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2660 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2661 }
2662
4ae14301
JH		 2663 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2664 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2665 MGMT_STATUS_INVALID_PARAMS);
2666
bdb6d971 2667 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2668 key_count);
55ed8ca1 2669
4ee71b20
JH		 2670 for (i = 0; i < key_count; i++) {
2671 struct mgmt_link_key_info *key = &cp->keys[i];
2672
8e991132 2673 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2674 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2675 MGMT_STATUS_INVALID_PARAMS);
2676 }
2677
09fd0de5 2678 hci_dev_lock(hdev);
55ed8ca1
JH		 2679
2680 hci_link_keys_clear(hdev);
2681
55ed8ca1 2682 if (cp->debug_keys)
0663b297
JH		 2683 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2684 &hdev->dev_flags);
55ed8ca1 2685 else
0663b297
JH		 2686 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2687 &hdev->dev_flags);
b1de97d8
MH		 2688
2689 if (changed)
2690 new_settings(hdev, NULL);
55ed8ca1 2691
a492cd52 2692 for (i = 0; i < key_count; i++) {
86742e1e 2693 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2694
58e9293c
JH		 2695 /* Always ignore debug keys and require a new pairing if
2696 * the user wants to use them.
2697 */
2698 if (key->type == HCI_LK_DEBUG_COMBINATION)
2699 continue;
2700
7652ff6a
JH		 2701 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2702 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2703 }
2704
bdb6d971 2705 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2706
09fd0de5 2707 hci_dev_unlock(hdev);
55ed8ca1 2708
a492cd52 2709 return 0;
55ed8ca1
JH		 2710}
2711
b1078ad0 2712static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2713 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2714{
2715 struct mgmt_ev_device_unpaired ev;
2716
2717 bacpy(&ev.addr.bdaddr, bdaddr);
2718 ev.addr.type = addr_type;
2719
2720 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2721 skip_sk);
b1078ad0
JH		 2722}
2723
bdb6d971 2724static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2725 u16 len)
55ed8ca1 2726{
124f6e35
JH		 2727 struct mgmt_cp_unpair_device *cp = data;
2728 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2729 struct hci_cp_disconnect dc;
2730 struct pending_cmd *cmd;
55ed8ca1 2731 struct hci_conn *conn;
55ed8ca1
JH		 2732 int err;
2733
a8a1d19e 2734 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2735 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2736 rp.addr.type = cp->addr.type;
a8a1d19e 2737
4ee71b20
JH		 2738 if (!bdaddr_type_is_valid(cp->addr.type))
2739 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2740 MGMT_STATUS_INVALID_PARAMS,
2741 &rp, sizeof(rp));
2742
118da70b
JH		 2743 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2744 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2745 MGMT_STATUS_INVALID_PARAMS,
2746 &rp, sizeof(rp));
2747
4ee71b20
JH		 2748 hci_dev_lock(hdev);
2749
86a8cfc6 2750 if (!hdev_is_powered(hdev)) {
bdb6d971 2751 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2752 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2753 goto unlock;
2754 }
2755
e0b2b27e 2756 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2757 /* If disconnection is requested, then look up the
2758 * connection. If the remote device is connected, it
2759 * will be later used to terminate the link.
2760 *
2761 * Setting it to NULL explicitly will cause no
2762 * termination of the link.
2763 */
2764 if (cp->disconnect)
2765 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2766 &cp->addr.bdaddr);
2767 else
2768 conn = NULL;
2769
124f6e35 2770 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2771 } else {
2772 u8 addr_type;
2773
89cbb063
AA		 2774 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2775 &cp->addr.bdaddr);
2776 if (conn) {
2777 /* Defer clearing up the connection parameters
2778 * until closing to give a chance of keeping
2779 * them if a repairing happens.
2780 */
2781 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2782
2783 /* If disconnection is not requested, then
2784 * clear the connection variable so that the
2785 * link is not terminated.
2786 */
2787 if (!cp->disconnect)
2788 conn = NULL;
2789 }
2790
e0b2b27e
JH		 2791 if (cp->addr.type == BDADDR_LE_PUBLIC)
2792 addr_type = ADDR_LE_DEV_PUBLIC;
2793 else
2794 addr_type = ADDR_LE_DEV_RANDOM;
2795
a7ec7338
JH		 2796 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2797
e0b2b27e
JH		 2798 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2799 }
b0dbfb46 2800
55ed8ca1 2801 if (err < 0) {
bdb6d971 2802 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2803 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2804 goto unlock;
2805 }
2806
89cbb063
AA		 2807 /* If the connection variable is set, then termination of the
2808 * link is requested.
2809 */
a8a1d19e 2810 if (!conn) {
bdb6d971 2811 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2812 &rp, sizeof(rp));
b1078ad0 2813 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2814 goto unlock;
2815 }
55ed8ca1 2816
124f6e35 2817 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2818 sizeof(*cp));
a8a1d19e
JH		 2819 if (!cmd) {
2820 err = -ENOMEM;
2821 goto unlock;
55ed8ca1
JH		 2822 }
2823
d8b7b1e4
JH		 2824 cmd->cmd_complete = addr_cmd_complete;
2825
eb55ef07 2826 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2827 dc.reason = 0x13; /* Remote User Terminated Connection */
2828 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2829 if (err < 0)
2830 mgmt_pending_remove(cmd);
2831
55ed8ca1 2832unlock:
09fd0de5 2833 hci_dev_unlock(hdev);
55ed8ca1
JH		 2834 return err;
2835}
2836
bdb6d971 2837static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2838 u16 len)
8962ee74 2839{
650f726d 2840 struct mgmt_cp_disconnect *cp = data;
06a63b19 2841 struct mgmt_rp_disconnect rp;
366a0336 2842 struct pending_cmd *cmd;
8962ee74 2843 struct hci_conn *conn;
8962ee74
JH		 2844 int err;
2845
2846 BT_DBG("");
2847
06a63b19
JH		 2848 memset(&rp, 0, sizeof(rp));
2849 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2850 rp.addr.type = cp->addr.type;
2851
4ee71b20 2852 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2853 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2854 MGMT_STATUS_INVALID_PARAMS,
2855 &rp, sizeof(rp));
4ee71b20 2856
09fd0de5 2857 hci_dev_lock(hdev);
8962ee74
JH		 2858
2859 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2860 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2861 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2862 goto failed;
2863 }
2864
2e58ef3e 2865 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2866 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2867 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2868 goto failed;
2869 }
2870
591f47f3 2871 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2872 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2873 &cp->addr.bdaddr);
88c3df13
JH		 2874 else
2875 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2876
f960727e 2877 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2878 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2879 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2880 goto failed;
2881 }
2882
2e58ef3e 2883 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2884 if (!cmd) {
2885 err = -ENOMEM;
8962ee74 2886 goto failed;
366a0336 2887 }
8962ee74 2888
f5818c22
JH		 2889 cmd->cmd_complete = generic_cmd_complete;
2890
e3f2f92a 2891 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2892 if (err < 0)
a664b5bc 2893 mgmt_pending_remove(cmd);
8962ee74
JH		 2894
2895failed:
09fd0de5 2896 hci_dev_unlock(hdev);
8962ee74
JH		 2897 return err;
2898}
2899
57c1477c 2900static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2901{
2902 switch (link_type) {
2903 case LE_LINK:
48264f06
JH		 2904 switch (addr_type) {
2905 case ADDR_LE_DEV_PUBLIC:
591f47f3 2906 return BDADDR_LE_PUBLIC;
0ed09148 2907
48264f06 2908 default:
0ed09148 2909 /* Fallback to LE Random address type */
591f47f3 2910 return BDADDR_LE_RANDOM;
48264f06 2911 }
0ed09148 2912
4c659c39 2913 default:
0ed09148 2914 /* Fallback to BR/EDR type */
591f47f3 2915 return BDADDR_BREDR;
4c659c39
JH		 2916 }
2917}
2918
04124681
GP		 2919static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2920 u16 data_len)
2784eb41 2921{
2784eb41 2922 struct mgmt_rp_get_connections *rp;
8035ded4 2923 struct hci_conn *c;
a38528f1 2924 size_t rp_len;
60fc5fb6
JH		 2925 int err;
2926 u16 i;
2784eb41
JH		 2927
2928 BT_DBG("");
2929
09fd0de5 2930 hci_dev_lock(hdev);
2784eb41 2931
5f97c1df 2932 if (!hdev_is_powered(hdev)) {
bdb6d971 2933 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2934 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2935 goto unlock;
2936 }
2937
60fc5fb6 2938 i = 0;
b644ba33
JH		 2939 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2940 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2941 i++;
2784eb41
JH		 2942 }
2943
60fc5fb6 2944 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2945 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2946 if (!rp) {
2784eb41
JH		 2947 err = -ENOMEM;
2948 goto unlock;
2949 }
2950
2784eb41 2951 i = 0;
4c659c39 2952 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2953 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2954 continue;
4c659c39 2955 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2956 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2957 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2958 continue;
2959 i++;
2960 }
2961
eb55ef07 2962 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2963
4c659c39
JH		 2964 /* Recalculate length in case of filtered SCO connections, etc */
2965 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2966
bdb6d971 2967 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2968 rp_len);
2784eb41 2969
a38528f1 2970 kfree(rp);
5f97c1df
JH		 2971
2972unlock:
09fd0de5 2973 hci_dev_unlock(hdev);
2784eb41
JH		 2974 return err;
2975}
2976
bdb6d971 2977static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2978 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2979{
2980 struct pending_cmd *cmd;
2981 int err;
2982
2e58ef3e 2983 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2984 sizeof(*cp));
96d97a67
WR		 2985 if (!cmd)
2986 return -ENOMEM;
2987
d8457698 2988 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2989 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2990 if (err < 0)
2991 mgmt_pending_remove(cmd);
2992
2993 return err;
2994}
2995
bdb6d971 2996static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2997 u16 len)
980e1a53 2998{
96d97a67 2999 struct hci_conn *conn;
650f726d 3000 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3001 struct hci_cp_pin_code_reply reply;
366a0336 3002 struct pending_cmd *cmd;
980e1a53
JH		 3003 int err;
3004
3005 BT_DBG("");
3006
09fd0de5 3007 hci_dev_lock(hdev);
980e1a53 3008
4b34ee78 3009 if (!hdev_is_powered(hdev)) {
bdb6d971 3010 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3011 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3012 goto failed;
3013 }
3014
d8457698 3015 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3016 if (!conn) {
bdb6d971 3017 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3018 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3019 goto failed;
3020 }
3021
3022 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3023 struct mgmt_cp_pin_code_neg_reply ncp;
3024
3025 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3026
3027 BT_ERR("PIN code is not 16 bytes long");
3028
bdb6d971 3029 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3030 if (err >= 0)
bdb6d971 3031 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3032 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3033
3034 goto failed;
3035 }
3036
00abfe44 3037 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3038 if (!cmd) {
3039 err = -ENOMEM;
980e1a53 3040 goto failed;
366a0336 3041 }
980e1a53 3042
7776d1d8
JH		 3043 cmd->cmd_complete = addr_cmd_complete;
3044
d8457698 3045 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3046 reply.pin_len = cp->pin_len;
24718ca5 3047 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3048
3049 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3050 if (err < 0)
a664b5bc 3051 mgmt_pending_remove(cmd);
980e1a53
JH		 3052
3053failed:
09fd0de5 3054 hci_dev_unlock(hdev);
980e1a53
JH		 3055 return err;
3056}
3057
04124681
GP		 3058static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3059 u16 len)
17fa4b9d 3060{
650f726d 3061 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3062
3063 BT_DBG("");
3064
4ec86d4c
JH		 3065 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3066 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3067 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3068
09fd0de5 3069 hci_dev_lock(hdev);
17fa4b9d
JH		 3070
3071 hdev->io_capability = cp->io_capability;
3072
3073 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3074 hdev->io_capability);
17fa4b9d 3075
09fd0de5 3076 hci_dev_unlock(hdev);
17fa4b9d 3077
04124681
GP		 3078 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3079 0);
17fa4b9d
JH		 3080}
3081
6039aa73 3082static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3083{
3084 struct hci_dev *hdev = conn->hdev;
8035ded4 3085 struct pending_cmd *cmd;
e9a416b5 3086
2e58ef3e 3087 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3088 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3089 continue;
3090
e9a416b5
JH		 3091 if (cmd->user_data != conn)
3092 continue;
3093
3094 return cmd;
3095 }
3096
3097 return NULL;
3098}
3099
3100static void pairing_complete(struct pending_cmd *cmd, u8 status)
3101{
3102 struct mgmt_rp_pair_device rp;
3103 struct hci_conn *conn = cmd->user_data;
3104
61b1a7fb
JH		 3105 bacpy(&rp.addr.bdaddr, &conn->dst);
3106 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3107
aee9b218 3108 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3109 &rp, sizeof(rp));
e9a416b5
JH		 3110
3111 /* So we don't get further callbacks for this connection */
3112 conn->connect_cfm_cb = NULL;
3113 conn->security_cfm_cb = NULL;
3114 conn->disconn_cfm_cb = NULL;
3115
76a68ba0 3116 hci_conn_drop(conn);
f8aaf9b6 3117 hci_conn_put(conn);
e9a416b5 3118
a664b5bc 3119 mgmt_pending_remove(cmd);
89cbb063
AA		 3120
3121 /* The device is paired so there is no need to remove
3122 * its connection parameters anymore.
3123 */
3124 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
e9a416b5
JH		 3125}
3126
f4a407be
JH		 3127void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3128{
3129 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3130 struct pending_cmd *cmd;
3131
3132 cmd = find_pairing(conn);
3133 if (cmd)
04ab2749 3134 cmd->cmd_complete(cmd, status);
f4a407be
JH		 3135}
3136
e9a416b5
JH		 3137static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3138{
3139 struct pending_cmd *cmd;
3140
3141 BT_DBG("status %u", status);
3142
3143 cmd = find_pairing(conn);
56e5cb86 3144 if (!cmd)
e9a416b5 3145 BT_DBG("Unable to find a pending command");
56e5cb86 3146 else
04ab2749 3147 cmd->cmd_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3148}
3149
f4a407be 3150static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3151{
3152 struct pending_cmd *cmd;
3153
3154 BT_DBG("status %u", status);
3155
3156 if (!status)
3157 return;
3158
3159 cmd = find_pairing(conn);
3160 if (!cmd)
3161 BT_DBG("Unable to find a pending command");
3162 else
04ab2749 3163 cmd->cmd_complete(cmd, mgmt_status(status));
4c47d739
VA		 3164}
3165
bdb6d971 3166static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3167 u16 len)
e9a416b5 3168{
650f726d 3169 struct mgmt_cp_pair_device *cp = data;
1425acb7 3170 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3171 struct pending_cmd *cmd;
3172 u8 sec_level, auth_type;
3173 struct hci_conn *conn;
e9a416b5
JH		 3174 int err;
3175
3176 BT_DBG("");
3177
f950a30e
SJ		 3178 memset(&rp, 0, sizeof(rp));
3179 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3180 rp.addr.type = cp->addr.type;
3181
4ee71b20
JH		 3182 if (!bdaddr_type_is_valid(cp->addr.type))
3183 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3184 MGMT_STATUS_INVALID_PARAMS,
3185 &rp, sizeof(rp));
3186
4ec86d4c
JH		 3187 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3188 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3189 MGMT_STATUS_INVALID_PARAMS,
3190 &rp, sizeof(rp));
3191
09fd0de5 3192 hci_dev_lock(hdev);
e9a416b5 3193
5f97c1df 3194 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3195 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3196 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3197 goto unlock;
3198 }
3199
c908df36 3200 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3201 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3202
6f77d8c7 3203 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3204 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3205 auth_type);
6f77d8c7
AG		 3206 } else {
3207 u8 addr_type;
3208
3209 /* Convert from L2CAP channel address type to HCI address type
3210 */
3211 if (cp->addr.type == BDADDR_LE_PUBLIC)
3212 addr_type = ADDR_LE_DEV_PUBLIC;
3213 else
3214 addr_type = ADDR_LE_DEV_RANDOM;
3215
7c264b10
MH		 3216 /* When pairing a new device, it is expected to remember
3217 * this device for future connections. Adding the connection
3218 * parameter information ahead of time allows tracking
3219 * of the slave preferred values and will speed up any
3220 * further connection establishment.
3221 *
3222 * If connection parameters already exist, then they
3223 * will be kept and this function does nothing.
3224 */
3225 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3226
6f77d8c7 3227 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3228 sec_level, HCI_LE_CONN_TIMEOUT,
3229 HCI_ROLE_MASTER);
6f77d8c7 3230 }
7a512d01 3231
30e76272 3232 if (IS_ERR(conn)) {
489dc48e
AK		 3233 int status;
3234
3235 if (PTR_ERR(conn) == -EBUSY)
3236 status = MGMT_STATUS_BUSY;
3237 else
3238 status = MGMT_STATUS_CONNECT_FAILED;
3239
bdb6d971 3240 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3241 status, &rp,
04124681 3242 sizeof(rp));
e9a416b5
JH		 3243 goto unlock;
3244 }
3245
3246 if (conn->connect_cfm_cb) {
76a68ba0 3247 hci_conn_drop(conn);
bdb6d971 3248 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3249 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3250 goto unlock;
3251 }
3252
2e58ef3e 3253 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3254 if (!cmd) {
3255 err = -ENOMEM;
76a68ba0 3256 hci_conn_drop(conn);
e9a416b5
JH		 3257 goto unlock;
3258 }
3259
04ab2749
JH		 3260 cmd->cmd_complete = pairing_complete;
3261
7a512d01 3262 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3263 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3264 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3265 conn->security_cfm_cb = pairing_complete_cb;
3266 conn->disconn_cfm_cb = pairing_complete_cb;
3267 } else {
3268 conn->connect_cfm_cb = le_pairing_complete_cb;
3269 conn->security_cfm_cb = le_pairing_complete_cb;
3270 conn->disconn_cfm_cb = le_pairing_complete_cb;
3271 }
7a512d01 3272
e9a416b5 3273 conn->io_capability = cp->io_cap;
f8aaf9b6 3274 cmd->user_data = hci_conn_get(conn);
e9a416b5 3275
6f78fd4b 3276 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
e7cafc45 3277 hci_conn_security(conn, sec_level, auth_type, true))
e9a416b5
JH		 3278 pairing_complete(cmd, 0);
3279
3280 err = 0;
3281
3282unlock:
09fd0de5 3283 hci_dev_unlock(hdev);
e9a416b5
JH		 3284 return err;
3285}
3286
04124681
GP		 3287static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3288 u16 len)
28424707 3289{
0f4e68cf 3290 struct mgmt_addr_info *addr = data;
28424707
JH		 3291 struct pending_cmd *cmd;
3292 struct hci_conn *conn;
3293 int err;
3294
3295 BT_DBG("");
3296
28424707
JH		 3297 hci_dev_lock(hdev);
3298
5f97c1df 3299 if (!hdev_is_powered(hdev)) {
bdb6d971 3300 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3301 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3302 goto unlock;
3303 }
3304
28424707
JH		 3305 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3306 if (!cmd) {
bdb6d971 3307 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3308 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3309 goto unlock;
3310 }
3311
3312 conn = cmd->user_data;
3313
3314 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3315 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3316 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3317 goto unlock;
3318 }
3319
3320 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3321
bdb6d971 3322 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3323 addr, sizeof(*addr));
28424707
JH		 3324unlock:
3325 hci_dev_unlock(hdev);
28424707
JH		 3326 return err;
3327}
3328
bdb6d971 3329static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3330 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3331 u16 hci_op, __le32 passkey)
a5c29683 3332{
a5c29683 3333 struct pending_cmd *cmd;
0df4c185 3334 struct hci_conn *conn;
a5c29683
JH		 3335 int err;
3336
09fd0de5 3337 hci_dev_lock(hdev);
08ba5382 3338
4b34ee78 3339 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3340 err = cmd_complete(sk, hdev->id, mgmt_op,
3341 MGMT_STATUS_NOT_POWERED, addr,
3342 sizeof(*addr));
0df4c185 3343 goto done;
a5c29683
JH		 3344 }
3345
1707c60e
JH		 3346 if (addr->type == BDADDR_BREDR)
3347 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3348 else
1707c60e 3349 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3350
3351 if (!conn) {
feb94d3d
JH		 3352 err = cmd_complete(sk, hdev->id, mgmt_op,
3353 MGMT_STATUS_NOT_CONNECTED, addr,
3354 sizeof(*addr));
272d90df
JH		 3355 goto done;
3356 }
47c15e2b 3357
1707c60e 3358 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3359 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3360 if (!err)
feb94d3d
JH		 3361 err = cmd_complete(sk, hdev->id, mgmt_op,
3362 MGMT_STATUS_SUCCESS, addr,
3363 sizeof(*addr));
5fe57d9e 3364 else
feb94d3d
JH		 3365 err = cmd_complete(sk, hdev->id, mgmt_op,
3366 MGMT_STATUS_FAILED, addr,
3367 sizeof(*addr));
47c15e2b 3368
47c15e2b
BG		 3369 goto done;
3370 }
3371
1707c60e 3372 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3373 if (!cmd) {
3374 err = -ENOMEM;
0df4c185 3375 goto done;
a5c29683
JH		 3376 }
3377
7776d1d8
JH		 3378 cmd->cmd_complete = addr_cmd_complete;
3379
0df4c185 3380 /* Continue with pairing via HCI */
604086b7
BG		 3381 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3382 struct hci_cp_user_passkey_reply cp;
3383
1707c60e 3384 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3385 cp.passkey = passkey;
3386 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3387 } else
1707c60e
JH		 3388 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3389 &addr->bdaddr);
604086b7 3390
a664b5bc
JH		 3391 if (err < 0)
3392 mgmt_pending_remove(cmd);
a5c29683 3393
0df4c185 3394done:
09fd0de5 3395 hci_dev_unlock(hdev);
a5c29683
JH		 3396 return err;
3397}
3398
afeb019d
JK		 3399static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3400 void *data, u16 len)
3401{
3402 struct mgmt_cp_pin_code_neg_reply *cp = data;
3403
3404 BT_DBG("");
3405
1707c60e 3406 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3407 MGMT_OP_PIN_CODE_NEG_REPLY,
3408 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3409}
3410
04124681
GP		 3411static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3412 u16 len)
0df4c185 3413{
650f726d 3414 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3415
3416 BT_DBG("");
3417
3418 if (len != sizeof(*cp))
bdb6d971 3419 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3420 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3421
1707c60e 3422 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3423 MGMT_OP_USER_CONFIRM_REPLY,
3424 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3425}
3426
bdb6d971 3427static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3428 void *data, u16 len)
0df4c185 3429{
c9c2659f 3430 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3431
3432 BT_DBG("");
3433
1707c60e 3434 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3435 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3436 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3437}
3438
04124681
GP		 3439static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3440 u16 len)
604086b7 3441{
650f726d 3442 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3443
3444 BT_DBG("");
3445
1707c60e 3446 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3447 MGMT_OP_USER_PASSKEY_REPLY,
3448 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3449}
3450
bdb6d971 3451static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3452 void *data, u16 len)
604086b7 3453{
650f726d 3454 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3455
3456 BT_DBG("");
3457
1707c60e 3458 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3459 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3460 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3461}
3462
13928971 3463static void update_name(struct hci_request *req)
2b4bf397 3464{
13928971 3465 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3466 struct hci_cp_write_local_name cp;
3467
13928971 3468 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3469
890ea898 3470 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3471}
3472
13928971
JH		 3473static void set_name_complete(struct hci_dev *hdev, u8 status)
3474{
3475 struct mgmt_cp_set_local_name *cp;
3476 struct pending_cmd *cmd;
3477
3478 BT_DBG("status 0x%02x", status);
3479
3480 hci_dev_lock(hdev);
3481
3482 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3483 if (!cmd)
3484 goto unlock;
3485
3486 cp = cmd->param;
3487
3488 if (status)
3489 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3490 mgmt_status(status));
3491 else
3492 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3493 cp, sizeof(*cp));
3494
3495 mgmt_pending_remove(cmd);
3496
3497unlock:
3498 hci_dev_unlock(hdev);
3499}
3500
bdb6d971 3501static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3502 u16 len)
b312b161 3503{
2b4bf397 3504 struct mgmt_cp_set_local_name *cp = data;
b312b161 3505 struct pending_cmd *cmd;
890ea898 3506 struct hci_request req;
b312b161
JH		 3507 int err;
3508
3509 BT_DBG("");
3510
09fd0de5 3511 hci_dev_lock(hdev);
b312b161 3512
b3f2ca94
JH		 3513 /* If the old values are the same as the new ones just return a
3514 * direct command complete event.
3515 */
3516 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3517 !memcmp(hdev->short_name, cp->short_name,
3518 sizeof(hdev->short_name))) {
3519 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3520 data, len);
3521 goto failed;
3522 }
3523
2b4bf397 3524 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3525
b5235a65 3526 if (!hdev_is_powered(hdev)) {
2b4bf397 3527 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3528
3529 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3530 data, len);
28cc7bde
JH		 3531 if (err < 0)
3532 goto failed;
3533
3534 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3535 sk);
28cc7bde 3536
b5235a65
JH		 3537 goto failed;
3538 }
3539
28cc7bde 3540 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3541 if (!cmd) {
3542 err = -ENOMEM;
3543 goto failed;
3544 }
3545
13928971
JH		 3546 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3547
890ea898 3548 hci_req_init(&req, hdev);
3f985050
JH		 3549
3550 if (lmp_bredr_capable(hdev)) {
3551 update_name(&req);
3552 update_eir(&req);
3553 }
3554
7a5f4990
MH		 3555 /* The name is stored in the scan response data and so
3556 * no need to udpate the advertising data here.
3557 */
3f985050 3558 if (lmp_le_capable(hdev))
7a5f4990 3559 update_scan_rsp_data(&req);
3f985050 3560
13928971 3561 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3562 if (err < 0)
3563 mgmt_pending_remove(cmd);
3564
3565failed:
09fd0de5 3566 hci_dev_unlock(hdev);
b312b161
JH		 3567 return err;
3568}
3569
0f4e68cf 3570static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3571 void *data, u16 data_len)
c35938b2 3572{
c35938b2
SJ		 3573 struct pending_cmd *cmd;
3574 int err;
3575
bdb6d971 3576 BT_DBG("%s", hdev->name);
c35938b2 3577
09fd0de5 3578 hci_dev_lock(hdev);
c35938b2 3579
4b34ee78 3580 if (!hdev_is_powered(hdev)) {
bdb6d971 3581 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3582 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3583 goto unlock;
3584 }
3585
9a1a1996 3586 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3587 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3588 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3589 goto unlock;
3590 }
3591
2e58ef3e 3592 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3593 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3594 MGMT_STATUS_BUSY);
c35938b2
SJ		 3595 goto unlock;
3596 }
3597
2e58ef3e 3598 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3599 if (!cmd) {
3600 err = -ENOMEM;
3601 goto unlock;
3602 }
3603
710f11c0 3604 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3605 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3606 0, NULL);
3607 else
3608 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3609
c35938b2
SJ		 3610 if (err < 0)
3611 mgmt_pending_remove(cmd);
3612
3613unlock:
09fd0de5 3614 hci_dev_unlock(hdev);
c35938b2
SJ		 3615 return err;
3616}
3617
bdb6d971 3618static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3619 void *data, u16 len)
2763eda6 3620{
2763eda6
SJ		 3621 int err;
3622
bdb6d971 3623 BT_DBG("%s ", hdev->name);
2763eda6 3624
09fd0de5 3625 hci_dev_lock(hdev);
2763eda6 3626
ec109113
MH		 3627 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3628 struct mgmt_cp_add_remote_oob_data *cp = data;
3629 u8 status;
bf1e3541 3630
c19a495c
JH		 3631 if (cp->addr.type != BDADDR_BREDR) {
3632 err = cmd_complete(sk, hdev->id,
3633 MGMT_OP_ADD_REMOTE_OOB_DATA,
3634 MGMT_STATUS_INVALID_PARAMS,
3635 &cp->addr, sizeof(cp->addr));
3636 goto unlock;
3637 }
3638
ec109113 3639 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3640 cp->addr.type, cp->hash,
3641 cp->rand, NULL, NULL);
ec109113
MH		 3642 if (err < 0)
3643 status = MGMT_STATUS_FAILED;
3644 else
3645 status = MGMT_STATUS_SUCCESS;
3646
3647 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3648 status, &cp->addr, sizeof(cp->addr));
3649 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3650 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
86df9200 3651 u8 *rand192, *hash192;
ec109113
MH		 3652 u8 status;
3653
c19a495c
JH		 3654 if (cp->addr.type != BDADDR_BREDR) {
3655 err = cmd_complete(sk, hdev->id,
3656 MGMT_OP_ADD_REMOTE_OOB_DATA,
3657 MGMT_STATUS_INVALID_PARAMS,
3658 &cp->addr, sizeof(cp->addr));
3659 goto unlock;
3660 }
3661
86df9200
JH		 3662 if (bdaddr_type_is_le(cp->addr.type)) {
3663 rand192 = NULL;
3664 hash192 = NULL;
3665 } else {
3666 rand192 = cp->rand192;
3667 hash192 = cp->hash192;
3668 }
3669
81328d5c 3670 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200
JH		 3671 cp->addr.type, hash192, rand192,
3672 cp->hash256, cp->rand256);
ec109113
MH		 3673 if (err < 0)
3674 status = MGMT_STATUS_FAILED;
3675 else
3676 status = MGMT_STATUS_SUCCESS;
3677
3678 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3679 status, &cp->addr, sizeof(cp->addr));
3680 } else {
3681 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3682 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3683 MGMT_STATUS_INVALID_PARAMS);
3684 }
2763eda6 3685
c19a495c 3686unlock:
09fd0de5 3687 hci_dev_unlock(hdev);
2763eda6
SJ		 3688 return err;
3689}
3690
bdb6d971 3691static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3692 void *data, u16 len)
2763eda6 3693{
650f726d 3694 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3695 u8 status;
2763eda6
SJ		 3696 int err;
3697
bdb6d971 3698 BT_DBG("%s", hdev->name);
2763eda6 3699
c19a495c
JH		 3700 if (cp->addr.type != BDADDR_BREDR)
3701 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3702 MGMT_STATUS_INVALID_PARAMS,
3703 &cp->addr, sizeof(cp->addr));
3704
09fd0de5 3705 hci_dev_lock(hdev);
2763eda6 3706
eedbd581
JH		 3707 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3708 hci_remote_oob_data_clear(hdev);
3709 status = MGMT_STATUS_SUCCESS;
3710 goto done;
3711 }
3712
6928a924 3713 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3714 if (err < 0)
bf1e3541 3715 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3716 else
a6785be2 3717 status = MGMT_STATUS_SUCCESS;
bf1e3541 3718
eedbd581 3719done:
bdb6d971 3720 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3721 status, &cp->addr, sizeof(cp->addr));
2763eda6 3722
09fd0de5 3723 hci_dev_unlock(hdev);
2763eda6
SJ		 3724 return err;
3725}
3726
8019044d
MH		 3727static bool trigger_discovery(struct hci_request *req, u8 *status)
3728{
3729 struct hci_dev *hdev = req->hdev;
3730 struct hci_cp_le_set_scan_param param_cp;
3731 struct hci_cp_le_set_scan_enable enable_cp;
3732 struct hci_cp_inquiry inq_cp;
3733 /* General inquiry access code (GIAC) */
3734 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3735 u8 own_addr_type;
3736 int err;
3737
3738 switch (hdev->discovery.type) {
3739 case DISCOV_TYPE_BREDR:
3740 *status = mgmt_bredr_support(hdev);
3741 if (*status)
3742 return false;
3743
3744 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3745 *status = MGMT_STATUS_BUSY;
3746 return false;
3747 }
3748
3749 hci_inquiry_cache_flush(hdev);
3750
3751 memset(&inq_cp, 0, sizeof(inq_cp));
3752 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3753 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3754 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3755 break;
3756
3757 case DISCOV_TYPE_LE:
3758 case DISCOV_TYPE_INTERLEAVED:
3759 *status = mgmt_le_support(hdev);
3760 if (*status)
3761 return false;
3762
3763 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3764 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3765 *status = MGMT_STATUS_NOT_SUPPORTED;
3766 return false;
3767 }
3768
3769 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3770 /* Don't let discovery abort an outgoing
3771 * connection attempt that's using directed
3772 * advertising.
3773 */
3774 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3775 BT_CONNECT)) {
3776 *status = MGMT_STATUS_REJECTED;
3777 return false;
3778 }
3779
3780 disable_advertising(req);
3781 }
3782
3783 /* If controller is scanning, it means the background scanning
3784 * is running. Thus, we should temporarily stop it in order to
3785 * set the discovery scanning parameters.
3786 */
3787 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3788 hci_req_add_le_scan_disable(req);
3789
3790 memset(&param_cp, 0, sizeof(param_cp));
3791
3792 /* All active scans will be done with either a resolvable
3793 * private address (when privacy feature has been enabled)
9437d2ed 3794 * or non-resolvable private address.
8019044d
MH		 3795 */
3796 err = hci_update_random_address(req, true, &own_addr_type);
3797 if (err < 0) {
3798 *status = MGMT_STATUS_FAILED;
3799 return false;
3800 }
3801
3802 param_cp.type = LE_SCAN_ACTIVE;
3803 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3804 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3805 param_cp.own_address_type = own_addr_type;
3806 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3807 &param_cp);
3808
3809 memset(&enable_cp, 0, sizeof(enable_cp));
3810 enable_cp.enable = LE_SCAN_ENABLE;
3811 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3812 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3813 &enable_cp);
3814 break;
3815
3816 default:
3817 *status = MGMT_STATUS_INVALID_PARAMS;
3818 return false;
3819 }
3820
3821 return true;
3822}
3823
11e6e25d 3824static void start_discovery_complete(struct hci_dev *hdev, u8 status)
41dc2bd6
AG		 3825{
3826 struct pending_cmd *cmd;
11e6e25d 3827 unsigned long timeout;
41dc2bd6 3828
11e6e25d 3829 BT_DBG("status %d", status);
41dc2bd6 3830
11e6e25d 3831 hci_dev_lock(hdev);
41dc2bd6 3832
11e6e25d 3833 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3834 if (!cmd)
3835 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3836
11e6e25d 3837 if (cmd) {
2922a94f 3838 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3839 mgmt_pending_remove(cmd);
3840 }
7c307720
AG		 3841
3842 if (status) {
11e6e25d
MH		 3843 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3844 goto unlock;
7c307720
AG		 3845 }
3846
7c307720 3847 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720
AG		 3848
3849 switch (hdev->discovery.type) {
3850 case DISCOV_TYPE_LE:
3d5a76f0 3851 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3852 break;
7c307720 3853 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3854 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3855 break;
7c307720 3856 case DISCOV_TYPE_BREDR:
11e6e25d 3857 timeout = 0;
7c307720 3858 break;
7c307720
AG		 3859 default:
3860 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3861 timeout = 0;
3862 break;
7c307720 3863 }
ae55f598 3864
11e6e25d
MH		 3865 if (timeout)
3866 queue_delayed_work(hdev->workqueue,
3867 &hdev->le_scan_disable, timeout);
ae55f598 3868
11e6e25d
MH		 3869unlock:
3870 hci_dev_unlock(hdev);
7c307720
AG		 3871}
3872
bdb6d971 3873static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3874 void *data, u16 len)
14a53664 3875{
650f726d 3876 struct mgmt_cp_start_discovery *cp = data;
14a53664 3877 struct pending_cmd *cmd;
7c307720 3878 struct hci_request req;
8019044d 3879 u8 status;
14a53664
JH		 3880 int err;
3881
bdb6d971 3882 BT_DBG("%s", hdev->name);
14a53664 3883
09fd0de5 3884 hci_dev_lock(hdev);
14a53664 3885
4b34ee78 3886 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3887 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3888 MGMT_STATUS_NOT_POWERED,
3889 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3890 goto failed;
3891 }
3892
f5a969f2
MH		 3893 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3894 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3895 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3896 MGMT_STATUS_BUSY, &cp->type,
3897 sizeof(cp->type));
ff9ef578
JH		 3898 goto failed;
3899 }
3900
2922a94f 3901 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 3902 if (!cmd) {
3903 err = -ENOMEM;
3904 goto failed;
3905 }
3906
2922a94f
JH		 3907 cmd->cmd_complete = generic_cmd_complete;
3908
22078800
MH		 3909 /* Clear the discovery filter first to free any previously
3910 * allocated memory for the UUID list.
3911 */
3912 hci_discovery_filter_clear(hdev);
3913
4aab14e5 3914 hdev->discovery.type = cp->type;
da25cf6a 3915 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3916
7c307720
AG		 3917 hci_req_init(&req, hdev);
3918
8019044d 3919 if (!trigger_discovery(&req, &status)) {
a736abc1 3920 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
8019044d 3921 status, &cp->type, sizeof(cp->type));
04106755
JH		 3922 mgmt_pending_remove(cmd);
3923 goto failed;
f39799f5 3924 }
3fd24153 3925
7c307720 3926 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3927 if (err < 0) {
14a53664 3928 mgmt_pending_remove(cmd);
f5a969f2
MH		 3929 goto failed;
3930 }
3931
3932 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3933
3934failed:
09fd0de5 3935 hci_dev_unlock(hdev);
14a53664
JH		 3936 return err;
3937}
3938
2922a94f
JH		 3939static void service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
3940{
3941 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param, 1);
3942}
3943
66ea9427
JP		 3944static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3945 void *data, u16 len)
3946{
3947 struct mgmt_cp_start_service_discovery *cp = data;
3948 struct pending_cmd *cmd;
3949 struct hci_request req;
3950 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3951 u16 uuid_count, expected_len;
3952 u8 status;
3953 int err;
3954
3955 BT_DBG("%s", hdev->name);
3956
3957 hci_dev_lock(hdev);
3958
3959 if (!hdev_is_powered(hdev)) {
3960 err = cmd_complete(sk, hdev->id,
3961 MGMT_OP_START_SERVICE_DISCOVERY,
3962 MGMT_STATUS_NOT_POWERED,
3963 &cp->type, sizeof(cp->type));
3964 goto failed;
3965 }
3966
3967 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3968 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3969 err = cmd_complete(sk, hdev->id,
3970 MGMT_OP_START_SERVICE_DISCOVERY,
3971 MGMT_STATUS_BUSY, &cp->type,
3972 sizeof(cp->type));
3973 goto failed;
3974 }
3975
3976 uuid_count = __le16_to_cpu(cp->uuid_count);
3977 if (uuid_count > max_uuid_count) {
3978 BT_ERR("service_discovery: too big uuid_count value %u",
3979 uuid_count);
3980 err = cmd_complete(sk, hdev->id,
3981 MGMT_OP_START_SERVICE_DISCOVERY,
3982 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3983 sizeof(cp->type));
3984 goto failed;
3985 }
3986
3987 expected_len = sizeof(*cp) + uuid_count * 16;
3988 if (expected_len != len) {
3989 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3990 expected_len, len);
3991 err = cmd_complete(sk, hdev->id,
3992 MGMT_OP_START_SERVICE_DISCOVERY,
3993 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3994 sizeof(cp->type));
3995 goto failed;
3996 }
3997
3998 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3999 hdev, data, len);
66ea9427
JP		 4000 if (!cmd) {
4001 err = -ENOMEM;
4002 goto failed;
4003 }
4004
2922a94f
JH		 4005 cmd->cmd_complete = service_discovery_cmd_complete;
4006
22078800
MH		 4007 /* Clear the discovery filter first to free any previously
4008 * allocated memory for the UUID list.
4009 */
4010 hci_discovery_filter_clear(hdev);
4011
66ea9427
JP		 4012 hdev->discovery.type = cp->type;
4013 hdev->discovery.rssi = cp->rssi;
4014 hdev->discovery.uuid_count = uuid_count;
4015
4016 if (uuid_count > 0) {
4017 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4018 GFP_KERNEL);
4019 if (!hdev->discovery.uuids) {
4020 err = cmd_complete(sk, hdev->id,
4021 MGMT_OP_START_SERVICE_DISCOVERY,
4022 MGMT_STATUS_FAILED,
4023 &cp->type, sizeof(cp->type));
4024 mgmt_pending_remove(cmd);
4025 goto failed;
4026 }
4027 }
4028
4029 hci_req_init(&req, hdev);
4030
4031 if (!trigger_discovery(&req, &status)) {
4032 err = cmd_complete(sk, hdev->id,
4033 MGMT_OP_START_SERVICE_DISCOVERY,
4034 status, &cp->type, sizeof(cp->type));
4035 mgmt_pending_remove(cmd);
4036 goto failed;
4037 }
4038
4039 err = hci_req_run(&req, start_discovery_complete);
4040 if (err < 0) {
4041 mgmt_pending_remove(cmd);
4042 goto failed;
4043 }
4044
4045 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
4046
4047failed:
4048 hci_dev_unlock(hdev);
4049 return err;
4050}
4051
11e6e25d 4052static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca
AG		 4053{
4054 struct pending_cmd *cmd;
1183fdca 4055
0e05bba6
AG		 4056 BT_DBG("status %d", status);
4057
4058 hci_dev_lock(hdev);
4059
11e6e25d
MH		 4060 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4061 if (cmd) {
2922a94f 4062 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4063 mgmt_pending_remove(cmd);
0e05bba6
AG		 4064 }
4065
11e6e25d
MH		 4066 if (!status)
4067 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4068
0e05bba6
AG		 4069 hci_dev_unlock(hdev);
4070}
4071
bdb6d971 4072static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4073 u16 len)
14a53664 4074{
d930650b 4075 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 4076 struct pending_cmd *cmd;
0e05bba6 4077 struct hci_request req;
14a53664
JH		 4078 int err;
4079
bdb6d971 4080 BT_DBG("%s", hdev->name);
14a53664 4081
09fd0de5 4082 hci_dev_lock(hdev);
14a53664 4083
30dc78e1 4084 if (!hci_discovery_active(hdev)) {
bdb6d971 4085 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4086 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4087 sizeof(mgmt_cp->type));
d930650b
JH		 4088 goto unlock;
4089 }
4090
4091 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 4092 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4093 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4094 sizeof(mgmt_cp->type));
30dc78e1 4095 goto unlock;
ff9ef578
JH		 4096 }
4097
2922a94f 4098 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4099 if (!cmd) {
4100 err = -ENOMEM;
30dc78e1
JH		 4101 goto unlock;
4102 }
4103
2922a94f
JH		 4104 cmd->cmd_complete = generic_cmd_complete;
4105
0e05bba6
AG		 4106 hci_req_init(&req, hdev);
4107
21a60d30 4108 hci_stop_discovery(&req);
e0d9727e 4109
21a60d30
JH		 4110 err = hci_req_run(&req, stop_discovery_complete);
4111 if (!err) {
4112 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4113 goto unlock;
14a53664
JH		 4114 }
4115
21a60d30
JH		 4116 mgmt_pending_remove(cmd);
4117
4118 /* If no HCI commands were sent we're done */
4119 if (err == -ENODATA) {
4120 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4121 &mgmt_cp->type, sizeof(mgmt_cp->type));
4122 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4123 }
14a53664 4124
30dc78e1 4125unlock:
09fd0de5 4126 hci_dev_unlock(hdev);
14a53664
JH		 4127 return err;
4128}
4129
bdb6d971 4130static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4131 u16 len)
561aafbc 4132{
650f726d 4133 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4134 struct inquiry_entry *e;
561aafbc
JH		 4135 int err;
4136
bdb6d971 4137 BT_DBG("%s", hdev->name);
561aafbc 4138
561aafbc
JH		 4139 hci_dev_lock(hdev);
4140
30dc78e1 4141 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4142 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4143 MGMT_STATUS_FAILED, &cp->addr,
4144 sizeof(cp->addr));
30dc78e1
JH		 4145 goto failed;
4146 }
4147
a198e7b1 4148 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4149 if (!e) {
d3a2541d
LR		 4150 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4151 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4152 sizeof(cp->addr));
561aafbc
JH		 4153 goto failed;
4154 }
4155
4156 if (cp->name_known) {
4157 e->name_state = NAME_KNOWN;
4158 list_del(&e->list);
4159 } else {
4160 e->name_state = NAME_NEEDED;
a3d4e20a 4161 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4162 }
4163
e384662b
JH		 4164 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4165 sizeof(cp->addr));
561aafbc
JH		 4166
4167failed:
4168 hci_dev_unlock(hdev);
561aafbc
JH		 4169 return err;
4170}
4171
bdb6d971 4172static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4173 u16 len)
7fbec224 4174{
650f726d 4175 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4176 u8 status;
7fbec224
AJ		 4177 int err;
4178
bdb6d971 4179 BT_DBG("%s", hdev->name);
7fbec224 4180
4ee71b20 4181 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4182 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4183 MGMT_STATUS_INVALID_PARAMS,
4184 &cp->addr, sizeof(cp->addr));
4ee71b20 4185
09fd0de5 4186 hci_dev_lock(hdev);
5e762444 4187
dcc36c16
JH		 4188 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4189 cp->addr.type);
2a8357f2 4190 if (err < 0) {
f0eeea8b 4191 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4192 goto done;
4193 }
4194
4195 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4196 sk);
4197 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4198
2a8357f2 4199done:
bdb6d971 4200 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4201 &cp->addr, sizeof(cp->addr));
5e762444 4202
09fd0de5 4203 hci_dev_unlock(hdev);
7fbec224
AJ		 4204
4205 return err;
4206}
4207
bdb6d971 4208static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4209 u16 len)
7fbec224 4210{
650f726d 4211 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4212 u8 status;
7fbec224
AJ		 4213 int err;
4214
bdb6d971 4215 BT_DBG("%s", hdev->name);
7fbec224 4216
4ee71b20 4217 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4218 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4219 MGMT_STATUS_INVALID_PARAMS,
4220 &cp->addr, sizeof(cp->addr));
4ee71b20 4221
09fd0de5 4222 hci_dev_lock(hdev);
5e762444 4223
dcc36c16
JH		 4224 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4225 cp->addr.type);
2a8357f2 4226 if (err < 0) {
f0eeea8b 4227 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4228 goto done;
4229 }
4230
4231 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4232 sk);
4233 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4234
2a8357f2 4235done:
bdb6d971 4236 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4237 &cp->addr, sizeof(cp->addr));
5e762444 4238
09fd0de5 4239 hci_dev_unlock(hdev);
7fbec224
AJ		 4240
4241 return err;
4242}
4243
cdbaccca
MH		 4244static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4245 u16 len)
4246{
4247 struct mgmt_cp_set_device_id *cp = data;
890ea898 4248 struct hci_request req;
cdbaccca 4249 int err;
c72d4b8a 4250 __u16 source;
cdbaccca
MH		 4251
4252 BT_DBG("%s", hdev->name);
4253
c72d4b8a
SJ		 4254 source = __le16_to_cpu(cp->source);
4255
4256 if (source > 0x0002)
4257 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4258 MGMT_STATUS_INVALID_PARAMS);
4259
cdbaccca
MH		 4260 hci_dev_lock(hdev);
4261
c72d4b8a 4262 hdev->devid_source = source;
cdbaccca
MH		 4263 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4264 hdev->devid_product = __le16_to_cpu(cp->product);
4265 hdev->devid_version = __le16_to_cpu(cp->version);
4266
4267 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4268
890ea898
JH		 4269 hci_req_init(&req, hdev);
4270 update_eir(&req);
4271 hci_req_run(&req, NULL);
cdbaccca
MH		 4272
4273 hci_dev_unlock(hdev);
4274
4275 return err;
4276}
4277
4375f103
JH		 4278static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4279{
4280 struct cmd_lookup match = { NULL, hdev };
4281
4282 if (status) {
4283 u8 mgmt_err = mgmt_status(status);
4284
4285 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4286 cmd_status_rsp, &mgmt_err);
4287 return;
4288 }
4289
c93bd150
JH		 4290 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4291 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4292 else
4293 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4294
4375f103
JH		 4295 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4296 &match);
4297
4298 new_settings(hdev, match.sk);
4299
4300 if (match.sk)
4301 sock_put(match.sk);
4302}
4303
21b5187f
MH		 4304static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4305 u16 len)
4375f103
JH		 4306{
4307 struct mgmt_mode *cp = data;
4308 struct pending_cmd *cmd;
4309 struct hci_request req;
e6fe7986 4310 u8 val, enabled, status;
4375f103
JH		 4311 int err;
4312
4313 BT_DBG("request for %s", hdev->name);
4314
e6fe7986
JH		 4315 status = mgmt_le_support(hdev);
4316 if (status)
4375f103 4317 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4318 status);
4375f103
JH		 4319
4320 if (cp->val != 0x00 && cp->val != 0x01)
4321 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4322 MGMT_STATUS_INVALID_PARAMS);
4323
4324 hci_dev_lock(hdev);
4325
4326 val = !!cp->val;
f3d3444a 4327 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4328
f74ca9b8
JH		 4329 /* The following conditions are ones which mean that we should
4330 * not do any HCI communication but directly send a mgmt
4331 * response to user space (after toggling the flag if
4332 * necessary).
4333 */
4334 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4335 hci_conn_num(hdev, LE_LINK) > 0 ||
4336 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4337 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4338 bool changed = false;
4339
f3d3444a
JH		 4340 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4341 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4342 changed = true;
4343 }
4344
4345 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4346 if (err < 0)
4347 goto unlock;
4348
4349 if (changed)
4350 err = new_settings(hdev, sk);
4351
4352 goto unlock;
4353 }
4354
4355 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4356 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4357 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4358 MGMT_STATUS_BUSY);
4359 goto unlock;
4360 }
4361
4362 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4363 if (!cmd) {
4364 err = -ENOMEM;
4365 goto unlock;
4366 }
4367
4368 hci_req_init(&req, hdev);
4369
bba3aa55
MH		 4370 if (val)
4371 enable_advertising(&req);
4372 else
4373 disable_advertising(&req);
4375f103
JH		 4374
4375 err = hci_req_run(&req, set_advertising_complete);
4376 if (err < 0)
4377 mgmt_pending_remove(cmd);
4378
4379unlock:
4380 hci_dev_unlock(hdev);
4381 return err;
4382}
4383
d13eafce
MH		 4384static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4385 void *data, u16 len)
4386{
4387 struct mgmt_cp_set_static_address *cp = data;
4388 int err;
4389
4390 BT_DBG("%s", hdev->name);
4391
62af4443 4392 if (!lmp_le_capable(hdev))
d13eafce 4393 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4394 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4395
4396 if (hdev_is_powered(hdev))
4397 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4398 MGMT_STATUS_REJECTED);
4399
4400 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4401 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4402 return cmd_status(sk, hdev->id,
4403 MGMT_OP_SET_STATIC_ADDRESS,
4404 MGMT_STATUS_INVALID_PARAMS);
4405
4406 /* Two most significant bits shall be set */
4407 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4408 return cmd_status(sk, hdev->id,
4409 MGMT_OP_SET_STATIC_ADDRESS,
4410 MGMT_STATUS_INVALID_PARAMS);
4411 }
4412
4413 hci_dev_lock(hdev);
4414
4415 bacpy(&hdev->static_addr, &cp->bdaddr);
4416
4417 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4418
4419 hci_dev_unlock(hdev);
4420
4421 return err;
4422}
4423
14b49b9a
MH		 4424static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4425 void *data, u16 len)
4426{
4427 struct mgmt_cp_set_scan_params *cp = data;
4428 __u16 interval, window;
4429 int err;
4430
4431 BT_DBG("%s", hdev->name);
4432
4433 if (!lmp_le_capable(hdev))
4434 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4435 MGMT_STATUS_NOT_SUPPORTED);
4436
4437 interval = __le16_to_cpu(cp->interval);
4438
4439 if (interval < 0x0004 || interval > 0x4000)
4440 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4441 MGMT_STATUS_INVALID_PARAMS);
4442
4443 window = __le16_to_cpu(cp->window);
4444
4445 if (window < 0x0004 || window > 0x4000)
4446 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4447 MGMT_STATUS_INVALID_PARAMS);
4448
899e1075
MH		 4449 if (window > interval)
4450 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4451 MGMT_STATUS_INVALID_PARAMS);
4452
14b49b9a
MH		 4453 hci_dev_lock(hdev);
4454
4455 hdev->le_scan_interval = interval;
4456 hdev->le_scan_window = window;
4457
4458 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4459
dd2ef8e2
AG		 4460 /* If background scan is running, restart it so new parameters are
4461 * loaded.
4462 */
4463 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4464 hdev->discovery.state == DISCOVERY_STOPPED) {
4465 struct hci_request req;
4466
4467 hci_req_init(&req, hdev);
4468
4469 hci_req_add_le_scan_disable(&req);
4470 hci_req_add_le_passive_scan(&req);
4471
4472 hci_req_run(&req, NULL);
4473 }
4474
14b49b9a
MH		 4475 hci_dev_unlock(hdev);
4476
4477 return err;
4478}
4479
33e38b3e
JH		 4480static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4481{
4482 struct pending_cmd *cmd;
4483
4484 BT_DBG("status 0x%02x", status);
4485
4486 hci_dev_lock(hdev);
4487
4488 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4489 if (!cmd)
4490 goto unlock;
4491
4492 if (status) {
4493 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4494 mgmt_status(status));
4495 } else {
1a4d3c4b
JH		 4496 struct mgmt_mode *cp = cmd->param;
4497
4498 if (cp->val)
4499 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4500 else
4501 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4502
33e38b3e
JH		 4503 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4504 new_settings(hdev, cmd->sk);
4505 }
4506
4507 mgmt_pending_remove(cmd);
4508
4509unlock:
4510 hci_dev_unlock(hdev);
4511}
4512
bdb6d971 4513static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4514 void *data, u16 len)
f6422ec6 4515{
650f726d 4516 struct mgmt_mode *cp = data;
33e38b3e
JH		 4517 struct pending_cmd *cmd;
4518 struct hci_request req;
f6422ec6
AJ		 4519 int err;
4520
bdb6d971 4521 BT_DBG("%s", hdev->name);
f6422ec6 4522
56f87901
JH		 4523 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4524 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4525 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4526 MGMT_STATUS_NOT_SUPPORTED);
4527
a7e80f25
JH		 4528 if (cp->val != 0x00 && cp->val != 0x01)
4529 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4530 MGMT_STATUS_INVALID_PARAMS);
4531
5400c044 4532 if (!hdev_is_powered(hdev))
bdb6d971 4533 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4534 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4535
4536 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4537 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4538 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4539
4540 hci_dev_lock(hdev);
4541
05cbf29f
JH		 4542 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4543 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4544 MGMT_STATUS_BUSY);
4545 goto unlock;
4546 }
4547
1a4d3c4b
JH		 4548 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4549 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4550 hdev);
4551 goto unlock;
4552 }
4553
33e38b3e
JH		 4554 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4555 data, len);
4556 if (!cmd) {
4557 err = -ENOMEM;
4558 goto unlock;
f6422ec6
AJ		 4559 }
4560
33e38b3e
JH		 4561 hci_req_init(&req, hdev);
4562
406d7804 4563 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4564
4565 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4566 if (err < 0) {
bdb6d971 4567 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4568 MGMT_STATUS_FAILED);
33e38b3e 4569 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4570 }
4571
33e38b3e 4572unlock:
f6422ec6 4573 hci_dev_unlock(hdev);
33e38b3e 4574
f6422ec6
AJ		 4575 return err;
4576}
4577
0663ca2a
JH		 4578static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4579{
4580 struct pending_cmd *cmd;
4581
4582 BT_DBG("status 0x%02x", status);
4583
4584 hci_dev_lock(hdev);
4585
4586 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4587 if (!cmd)
4588 goto unlock;
4589
4590 if (status) {
4591 u8 mgmt_err = mgmt_status(status);
4592
4593 /* We need to restore the flag if related HCI commands
4594 * failed.
4595 */
4596 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4597
4598 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4599 } else {
4600 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4601 new_settings(hdev, cmd->sk);
4602 }
4603
4604 mgmt_pending_remove(cmd);
4605
4606unlock:
4607 hci_dev_unlock(hdev);
4608}
4609
4610static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4611{
4612 struct mgmt_mode *cp = data;
4613 struct pending_cmd *cmd;
4614 struct hci_request req;
4615 int err;
4616
4617 BT_DBG("request for %s", hdev->name);
4618
4619 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4620 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4621 MGMT_STATUS_NOT_SUPPORTED);
4622
4623 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4624 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4625 MGMT_STATUS_REJECTED);
4626
4627 if (cp->val != 0x00 && cp->val != 0x01)
4628 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4629 MGMT_STATUS_INVALID_PARAMS);
4630
4631 hci_dev_lock(hdev);
4632
4633 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4634 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4635 goto unlock;
4636 }
4637
4638 if (!hdev_is_powered(hdev)) {
4639 if (!cp->val) {
0663ca2a
JH		 4640 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4641 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4642 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4643 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4644 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4645 }
4646
4647 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4648
4649 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4650 if (err < 0)
4651 goto unlock;
4652
4653 err = new_settings(hdev, sk);
4654 goto unlock;
4655 }
4656
4657 /* Reject disabling when powered on */
4658 if (!cp->val) {
4659 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4660 MGMT_STATUS_REJECTED);
4661 goto unlock;
4662 }
4663
4664 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4665 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4666 MGMT_STATUS_BUSY);
4667 goto unlock;
4668 }
4669
4670 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4671 if (!cmd) {
4672 err = -ENOMEM;
4673 goto unlock;
4674 }
4675
5947f4bc 4676 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4677 * generates the correct flags.
4678 */
4679 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4680
4681 hci_req_init(&req, hdev);
aa8af46e 4682
432df05e
JH		 4683 write_fast_connectable(&req, false);
4684 hci_update_page_scan(hdev, &req);
aa8af46e 4685
f14d8f64
MH		 4686 /* Since only the advertising data flags will change, there
4687 * is no need to update the scan response data.
4688 */
5947f4bc 4689 update_adv_data(&req);
aa8af46e 4690
0663ca2a
JH		 4691 err = hci_req_run(&req, set_bredr_complete);
4692 if (err < 0)
4693 mgmt_pending_remove(cmd);
4694
4695unlock:
4696 hci_dev_unlock(hdev);
4697 return err;
4698}
4699
eac83dc6
MH		 4700static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4701 void *data, u16 len)
4702{
4703 struct mgmt_mode *cp = data;
4704 struct pending_cmd *cmd;
a3209694 4705 u8 val;
eac83dc6
MH		 4706 int err;
4707
4708 BT_DBG("request for %s", hdev->name);
4709
a3209694
JH		 4710 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4711 !lmp_sc_capable(hdev) && !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4712 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4713 MGMT_STATUS_NOT_SUPPORTED);
4714
0ab04a9c 4715 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4716 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4717 MGMT_STATUS_INVALID_PARAMS);
4718
4719 hci_dev_lock(hdev);
4720
a3209694
JH		 4721 if (!hdev_is_powered(hdev) ||
4722 (!lmp_sc_capable(hdev) &&
4723 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags)) ||
4724 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4725 bool changed;
4726
0ab04a9c 4727 if (cp->val) {
eac83dc6
MH		 4728 changed = !test_and_set_bit(HCI_SC_ENABLED,
4729 &hdev->dev_flags);
0ab04a9c
MH		 4730 if (cp->val == 0x02)
4731 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4732 else
4733 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4734 } else {
eac83dc6
MH		 4735 changed = test_and_clear_bit(HCI_SC_ENABLED,
4736 &hdev->dev_flags);
0ab04a9c
MH		 4737 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4738 }
eac83dc6
MH		 4739
4740 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4741 if (err < 0)
4742 goto failed;
4743
4744 if (changed)
4745 err = new_settings(hdev, sk);
4746
4747 goto failed;
4748 }
4749
4750 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4751 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4752 MGMT_STATUS_BUSY);
4753 goto failed;
4754 }
4755
0ab04a9c
MH		 4756 val = !!cp->val;
4757
4758 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4759 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4760 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4761 goto failed;
4762 }
4763
4764 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4765 if (!cmd) {
4766 err = -ENOMEM;
4767 goto failed;
4768 }
4769
0ab04a9c 4770 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4771 if (err < 0) {
4772 mgmt_pending_remove(cmd);
4773 goto failed;
4774 }
4775
0ab04a9c
MH		 4776 if (cp->val == 0x02)
4777 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4778 else
4779 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4780
eac83dc6
MH		 4781failed:
4782 hci_dev_unlock(hdev);
4783 return err;
4784}
4785
4e39ac81
MH		 4786static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4787 void *data, u16 len)
4788{
4789 struct mgmt_mode *cp = data;
b9710979 4790 bool changed, use_changed;
4e39ac81
MH		 4791 int err;
4792
4793 BT_DBG("request for %s", hdev->name);
4794
b9710979 4795 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4796 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4797 MGMT_STATUS_INVALID_PARAMS);
4798
4799 hci_dev_lock(hdev);
4800
4801 if (cp->val)
0663b297
JH		 4802 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4803 &hdev->dev_flags);
4e39ac81 4804 else
0663b297
JH		 4805 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4806 &hdev->dev_flags);
4e39ac81 4807
b9710979
JH		 4808 if (cp->val == 0x02)
4809 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4810 &hdev->dev_flags);
4811 else
4812 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4813 &hdev->dev_flags);
4814
4815 if (hdev_is_powered(hdev) && use_changed &&
4816 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4817 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4818 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4819 sizeof(mode), &mode);
4820 }
4821
4e39ac81
MH		 4822 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4823 if (err < 0)
4824 goto unlock;
4825
4826 if (changed)
4827 err = new_settings(hdev, sk);
4828
4829unlock:
4830 hci_dev_unlock(hdev);
4831 return err;
4832}
4833
62b04cd1
JH		 4834static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4835 u16 len)
4836{
4837 struct mgmt_cp_set_privacy *cp = cp_data;
4838 bool changed;
4839 int err;
4840
4841 BT_DBG("request for %s", hdev->name);
4842
4843 if (!lmp_le_capable(hdev))
4844 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4845 MGMT_STATUS_NOT_SUPPORTED);
4846
4847 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4848 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4849 MGMT_STATUS_INVALID_PARAMS);
4850
4851 if (hdev_is_powered(hdev))
4852 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4853 MGMT_STATUS_REJECTED);
4854
4855 hci_dev_lock(hdev);
4856
c21c0ea0
JH		 4857 /* If user space supports this command it is also expected to
4858 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4859 */
4860 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4861
62b04cd1
JH		 4862 if (cp->privacy) {
4863 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4864 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4865 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4866 } else {
4867 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4868 memset(hdev->irk, 0, sizeof(hdev->irk));
4869 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4870 }
4871
4872 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4873 if (err < 0)
4874 goto unlock;
4875
4876 if (changed)
4877 err = new_settings(hdev, sk);
4878
4879unlock:
4880 hci_dev_unlock(hdev);
4881 return err;
4882}
4883
41edf160
JH		 4884static bool irk_is_valid(struct mgmt_irk_info *irk)
4885{
4886 switch (irk->addr.type) {
4887 case BDADDR_LE_PUBLIC:
4888 return true;
4889
4890 case BDADDR_LE_RANDOM:
4891 /* Two most significant bits shall be set */
4892 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4893 return false;
4894 return true;
4895 }
4896
4897 return false;
4898}
4899
4900static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4901 u16 len)
4902{
4903 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4904 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4905 sizeof(struct mgmt_irk_info));
41edf160
JH		 4906 u16 irk_count, expected_len;
4907 int i, err;
4908
4909 BT_DBG("request for %s", hdev->name);
4910
4911 if (!lmp_le_capable(hdev))
4912 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4913 MGMT_STATUS_NOT_SUPPORTED);
4914
4915 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4916 if (irk_count > max_irk_count) {
4917 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4918 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4919 MGMT_STATUS_INVALID_PARAMS);
4920 }
41edf160
JH		 4921
4922 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4923 if (expected_len != len) {
4924 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4925 expected_len, len);
41edf160
JH		 4926 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4927 MGMT_STATUS_INVALID_PARAMS);
4928 }
4929
4930 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4931
4932 for (i = 0; i < irk_count; i++) {
4933 struct mgmt_irk_info *key = &cp->irks[i];
4934
4935 if (!irk_is_valid(key))
4936 return cmd_status(sk, hdev->id,
4937 MGMT_OP_LOAD_IRKS,
4938 MGMT_STATUS_INVALID_PARAMS);
4939 }
4940
4941 hci_dev_lock(hdev);
4942
4943 hci_smp_irks_clear(hdev);
4944
4945 for (i = 0; i < irk_count; i++) {
4946 struct mgmt_irk_info *irk = &cp->irks[i];
4947 u8 addr_type;
4948
4949 if (irk->addr.type == BDADDR_LE_PUBLIC)
4950 addr_type = ADDR_LE_DEV_PUBLIC;
4951 else
4952 addr_type = ADDR_LE_DEV_RANDOM;
4953
4954 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4955 BDADDR_ANY);
4956 }
4957
4958 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4959
4960 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4961
4962 hci_dev_unlock(hdev);
4963
4964 return err;
4965}
4966
3f706b72
JH		 4967static bool ltk_is_valid(struct mgmt_ltk_info *key)
4968{
4969 if (key->master != 0x00 && key->master != 0x01)
4970 return false;
490cb0b3
MH		 4971
4972 switch (key->addr.type) {
4973 case BDADDR_LE_PUBLIC:
4974 return true;
4975
4976 case BDADDR_LE_RANDOM:
4977 /* Two most significant bits shall be set */
4978 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4979 return false;
4980 return true;
4981 }
4982
4983 return false;
3f706b72
JH		 4984}
4985
bdb6d971 4986static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4987 void *cp_data, u16 len)
346af67b 4988{
346af67b 4989 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4990 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4991 sizeof(struct mgmt_ltk_info));
346af67b 4992 u16 key_count, expected_len;
715a5bf2 4993 int i, err;
346af67b 4994
cf99ba13
MH		 4995 BT_DBG("request for %s", hdev->name);
4996
4997 if (!lmp_le_capable(hdev))
4998 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4999 MGMT_STATUS_NOT_SUPPORTED);
5000
1f350c87 5001 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5002 if (key_count > max_key_count) {
5003 BT_ERR("load_ltks: too big key_count value %u", key_count);
5004 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5005 MGMT_STATUS_INVALID_PARAMS);
5006 }
346af67b
VCG		 5007
5008 expected_len = sizeof(*cp) + key_count *
5009 sizeof(struct mgmt_ltk_info);
5010 if (expected_len != len) {
5011 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5012 expected_len, len);
bdb6d971 5013 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 5014 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5015 }
5016
bdb6d971 5017 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5018
54ad6d8a
JH		 5019 for (i = 0; i < key_count; i++) {
5020 struct mgmt_ltk_info *key = &cp->keys[i];
5021
3f706b72 5022 if (!ltk_is_valid(key))
54ad6d8a
JH		 5023 return cmd_status(sk, hdev->id,
5024 MGMT_OP_LOAD_LONG_TERM_KEYS,
5025 MGMT_STATUS_INVALID_PARAMS);
5026 }
5027
346af67b
VCG		 5028 hci_dev_lock(hdev);
5029
5030 hci_smp_ltks_clear(hdev);
5031
5032 for (i = 0; i < key_count; i++) {
5033 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5034 u8 type, addr_type, authenticated;
79d95a19
MH		 5035
5036 if (key->addr.type == BDADDR_LE_PUBLIC)
5037 addr_type = ADDR_LE_DEV_PUBLIC;
5038 else
5039 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5040
61b43357
JH		 5041 switch (key->type) {
5042 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5043 authenticated = 0x00;
23fb8de3 5044 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5045 break;
5046 case MGMT_LTK_AUTHENTICATED:
d7b25450 5047 authenticated = 0x01;
23fb8de3
JH		 5048 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5049 break;
5050 case MGMT_LTK_P256_UNAUTH:
5051 authenticated = 0x00;
5052 type = SMP_LTK_P256;
5053 break;
5054 case MGMT_LTK_P256_AUTH:
5055 authenticated = 0x01;
5056 type = SMP_LTK_P256;
61b43357 5057 break;
23fb8de3
JH		 5058 case MGMT_LTK_P256_DEBUG:
5059 authenticated = 0x00;
5060 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5061 default:
5062 continue;
5063 }
d7b25450 5064
35d70271 5065 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5066 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5067 key->rand);
346af67b
VCG		 5068 }
5069
715a5bf2
JH		 5070 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5071 NULL, 0);
5072
346af67b 5073 hci_dev_unlock(hdev);
346af67b 5074
715a5bf2 5075 return err;
346af67b
VCG		 5076}
5077
9981bdb0 5078static void conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
dd983808 5079{
dd983808 5080 struct hci_conn *conn = cmd->user_data;
9981bdb0 5081 struct mgmt_rp_get_conn_info rp;
dd983808 5082
9981bdb0 5083 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5084
9981bdb0 5085 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5086 rp.rssi = conn->rssi;
9981bdb0
JH		 5087 rp.tx_power = conn->tx_power;
5088 rp.max_tx_power = conn->max_tx_power;
5089 } else {
5090 rp.rssi = HCI_RSSI_INVALID;
5091 rp.tx_power = HCI_TX_POWER_INVALID;
5092 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5093 }
5094
9981bdb0
JH		 5095 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5096 &rp, sizeof(rp));
dd983808
AK		 5097
5098 hci_conn_drop(conn);
f8aaf9b6 5099 hci_conn_put(conn);
dd983808
AK		 5100}
5101
9981bdb0 5102static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status)
dd983808
AK		 5103{
5104 struct hci_cp_read_rssi *cp;
9981bdb0 5105 struct pending_cmd *cmd;
dd983808 5106 struct hci_conn *conn;
dd983808 5107 u16 handle;
9981bdb0 5108 u8 status;
dd983808 5109
9981bdb0 5110 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5111
5112 hci_dev_lock(hdev);
5113
dd983808
AK		 5114 /* Commands sent in request are either Read RSSI or Read Transmit Power
5115 * Level so we check which one was last sent to retrieve connection
5116 * handle. Both commands have handle as first parameter so it's safe to
5117 * cast data on the same command struct.
5118 *
5119 * First command sent is always Read RSSI and we fail only if it fails.
5120 * In other case we simply override error to indicate success as we
5121 * already remembered if TX power value is actually valid.
5122 */
5123 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5124 if (!cp) {
5125 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5126 status = MGMT_STATUS_SUCCESS;
5127 } else {
5128 status = mgmt_status(hci_status);
dd983808
AK		 5129 }
5130
5131 if (!cp) {
9981bdb0 5132 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5133 goto unlock;
5134 }
5135
5136 handle = __le16_to_cpu(cp->handle);
5137 conn = hci_conn_hash_lookup_handle(hdev, handle);
5138 if (!conn) {
9981bdb0 5139 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5140 goto unlock;
5141 }
5142
9981bdb0
JH		 5143 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5144 if (!cmd)
5145 goto unlock;
dd983808 5146
9981bdb0
JH		 5147 cmd->cmd_complete(cmd, status);
5148 mgmt_pending_remove(cmd);
dd983808
AK		 5149
5150unlock:
5151 hci_dev_unlock(hdev);
5152}
5153
5154static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5155 u16 len)
5156{
5157 struct mgmt_cp_get_conn_info *cp = data;
5158 struct mgmt_rp_get_conn_info rp;
5159 struct hci_conn *conn;
5160 unsigned long conn_info_age;
5161 int err = 0;
5162
5163 BT_DBG("%s", hdev->name);
5164
5165 memset(&rp, 0, sizeof(rp));
5166 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5167 rp.addr.type = cp->addr.type;
5168
5169 if (!bdaddr_type_is_valid(cp->addr.type))
5170 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5171 MGMT_STATUS_INVALID_PARAMS,
5172 &rp, sizeof(rp));
5173
5174 hci_dev_lock(hdev);
5175
5176 if (!hdev_is_powered(hdev)) {
5177 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5178 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5179 goto unlock;
5180 }
5181
5182 if (cp->addr.type == BDADDR_BREDR)
5183 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5184 &cp->addr.bdaddr);
5185 else
5186 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5187
5188 if (!conn || conn->state != BT_CONNECTED) {
5189 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5190 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5191 goto unlock;
5192 }
5193
9981bdb0
JH		 5194 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5195 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5196 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5197 goto unlock;
5198 }
5199
dd983808
AK		 5200 /* To avoid client trying to guess when to poll again for information we
5201 * calculate conn info age as random value between min/max set in hdev.
5202 */
5203 conn_info_age = hdev->conn_info_min_age +
5204 prandom_u32_max(hdev->conn_info_max_age -
5205 hdev->conn_info_min_age);
5206
5207 /* Query controller to refresh cached values if they are too old or were
5208 * never read.
5209 */
f4e2dd53
AK		 5210 if (time_after(jiffies, conn->conn_info_timestamp +
5211 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5212 !conn->conn_info_timestamp) {
5213 struct hci_request req;
5214 struct hci_cp_read_tx_power req_txp_cp;
5215 struct hci_cp_read_rssi req_rssi_cp;
5216 struct pending_cmd *cmd;
5217
5218 hci_req_init(&req, hdev);
5219 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5220 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5221 &req_rssi_cp);
5222
f7faab0c
AK		 5223 /* For LE links TX power does not change thus we don't need to
5224 * query for it once value is known.
5225 */
5226 if (!bdaddr_type_is_le(cp->addr.type) ||
5227 conn->tx_power == HCI_TX_POWER_INVALID) {
5228 req_txp_cp.handle = cpu_to_le16(conn->handle);
5229 req_txp_cp.type = 0x00;
5230 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5231 sizeof(req_txp_cp), &req_txp_cp);
5232 }
dd983808 5233
eed5daf3
AK		 5234 /* Max TX power needs to be read only once per connection */
5235 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5236 req_txp_cp.handle = cpu_to_le16(conn->handle);
5237 req_txp_cp.type = 0x01;
5238 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5239 sizeof(req_txp_cp), &req_txp_cp);
5240 }
5241
dd983808
AK		 5242 err = hci_req_run(&req, conn_info_refresh_complete);
5243 if (err < 0)
5244 goto unlock;
5245
5246 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5247 data, len);
5248 if (!cmd) {
5249 err = -ENOMEM;
5250 goto unlock;
5251 }
5252
5253 hci_conn_hold(conn);
f8aaf9b6 5254 cmd->user_data = hci_conn_get(conn);
9981bdb0 5255 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5256
5257 conn->conn_info_timestamp = jiffies;
5258 } else {
5259 /* Cache is valid, just reply with values cached in hci_conn */
5260 rp.rssi = conn->rssi;
5261 rp.tx_power = conn->tx_power;
eed5daf3 5262 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5263
5264 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5265 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5266 }
5267
5268unlock:
5269 hci_dev_unlock(hdev);
5270 return err;
5271}
5272
69487371 5273static void clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
95868426 5274{
69487371 5275 struct hci_conn *conn = cmd->user_data;
95868426 5276 struct mgmt_rp_get_clock_info rp;
69487371
JH		 5277 struct hci_dev *hdev;
5278
5279 memset(&rp, 0, sizeof(rp));
5280 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5281
5282 if (status)
5283 goto complete;
5284
5285 hdev = hci_dev_get(cmd->index);
5286 if (hdev) {
5287 rp.local_clock = cpu_to_le32(hdev->clock);
5288 hci_dev_put(hdev);
5289 }
5290
5291 if (conn) {
5292 rp.piconet_clock = cpu_to_le32(conn->clock);
5293 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5294 }
5295
5296complete:
5297 cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp, sizeof(rp));
5298
5299 if (conn) {
5300 hci_conn_drop(conn);
5301 hci_conn_put(conn);
5302 }
5303}
5304
5305static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5306{
95868426
JH		 5307 struct hci_cp_read_clock *hci_cp;
5308 struct pending_cmd *cmd;
5309 struct hci_conn *conn;
5310
5311 BT_DBG("%s status %u", hdev->name, status);
5312
5313 hci_dev_lock(hdev);
5314
5315 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5316 if (!hci_cp)
5317 goto unlock;
5318
5319 if (hci_cp->which) {
5320 u16 handle = __le16_to_cpu(hci_cp->handle);
5321 conn = hci_conn_hash_lookup_handle(hdev, handle);
5322 } else {
5323 conn = NULL;
5324 }
5325
5326 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5327 if (!cmd)
5328 goto unlock;
5329
69487371 5330 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5331 mgmt_pending_remove(cmd);
95868426
JH		 5332
5333unlock:
5334 hci_dev_unlock(hdev);
5335}
5336
5337static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5338 u16 len)
5339{
5340 struct mgmt_cp_get_clock_info *cp = data;
5341 struct mgmt_rp_get_clock_info rp;
5342 struct hci_cp_read_clock hci_cp;
5343 struct pending_cmd *cmd;
5344 struct hci_request req;
5345 struct hci_conn *conn;
5346 int err;
5347
5348 BT_DBG("%s", hdev->name);
5349
5350 memset(&rp, 0, sizeof(rp));
5351 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5352 rp.addr.type = cp->addr.type;
5353
5354 if (cp->addr.type != BDADDR_BREDR)
5355 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5356 MGMT_STATUS_INVALID_PARAMS,
5357 &rp, sizeof(rp));
5358
5359 hci_dev_lock(hdev);
5360
5361 if (!hdev_is_powered(hdev)) {
5362 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5363 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5364 goto unlock;
5365 }
5366
5367 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5368 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5369 &cp->addr.bdaddr);
5370 if (!conn || conn->state != BT_CONNECTED) {
5371 err = cmd_complete(sk, hdev->id,
5372 MGMT_OP_GET_CLOCK_INFO,
5373 MGMT_STATUS_NOT_CONNECTED,
5374 &rp, sizeof(rp));
5375 goto unlock;
5376 }
5377 } else {
5378 conn = NULL;
5379 }
5380
5381 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5382 if (!cmd) {
5383 err = -ENOMEM;
5384 goto unlock;
5385 }
5386
69487371
JH		 5387 cmd->cmd_complete = clock_info_cmd_complete;
5388
95868426
JH		 5389 hci_req_init(&req, hdev);
5390
5391 memset(&hci_cp, 0, sizeof(hci_cp));
5392 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5393
5394 if (conn) {
5395 hci_conn_hold(conn);
f8aaf9b6 5396 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5397
5398 hci_cp.handle = cpu_to_le16(conn->handle);
5399 hci_cp.which = 0x01; /* Piconet clock */
5400 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5401 }
5402
5403 err = hci_req_run(&req, get_clock_info_complete);
5404 if (err < 0)
5405 mgmt_pending_remove(cmd);
5406
5407unlock:
5408 hci_dev_unlock(hdev);
5409 return err;
5410}
5411
8afef092
MH		 5412static void device_added(struct sock *sk, struct hci_dev *hdev,
5413 bdaddr_t *bdaddr, u8 type, u8 action)
5414{
5415 struct mgmt_ev_device_added ev;
5416
5417 bacpy(&ev.addr.bdaddr, bdaddr);
5418 ev.addr.type = type;
5419 ev.action = action;
5420
5421 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5422}
5423
2faade53
MH		 5424static int add_device(struct sock *sk, struct hci_dev *hdev,
5425 void *data, u16 len)
5426{
5427 struct mgmt_cp_add_device *cp = data;
5428 u8 auto_conn, addr_type;
5429 int err;
5430
5431 BT_DBG("%s", hdev->name);
5432
6659358e 5433 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5434 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5435 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5436 MGMT_STATUS_INVALID_PARAMS,
5437 &cp->addr, sizeof(cp->addr));
5438
4b9e7e75 5439 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5440 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5441 MGMT_STATUS_INVALID_PARAMS,
5442 &cp->addr, sizeof(cp->addr));
5443
5444 hci_dev_lock(hdev);
5445
6659358e 5446 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5447 /* Only incoming connections action is supported for now */
6659358e
JH		 5448 if (cp->action != 0x01) {
5449 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5450 MGMT_STATUS_INVALID_PARAMS,
5451 &cp->addr, sizeof(cp->addr));
5452 goto unlock;
5453 }
5454
5455 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5456 cp->addr.type);
5457 if (err)
5458 goto unlock;
a397407f 5459
432df05e 5460 hci_update_page_scan(hdev, NULL);
a397407f 5461
6659358e
JH		 5462 goto added;
5463 }
5464
2faade53
MH		 5465 if (cp->addr.type == BDADDR_LE_PUBLIC)
5466 addr_type = ADDR_LE_DEV_PUBLIC;
5467 else
5468 addr_type = ADDR_LE_DEV_RANDOM;
5469
4b9e7e75 5470 if (cp->action == 0x02)
2faade53 5471 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5472 else if (cp->action == 0x01)
5473 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5474 else
a3451d27 5475 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5476
bf5b3c8b
MH		 5477 /* If the connection parameters don't exist for this device,
5478 * they will be created and configured with defaults.
5479 */
d06b50ce
MH		 5480 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5481 auto_conn) < 0) {
2faade53
MH		 5482 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5483 MGMT_STATUS_FAILED,
5484 &cp->addr, sizeof(cp->addr));
5485 goto unlock;
5486 }
5487
6659358e 5488added:
8afef092
MH		 5489 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5490
2faade53
MH		 5491 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5492 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5493
5494unlock:
5495 hci_dev_unlock(hdev);
5496 return err;
5497}
5498
8afef092
MH		 5499static void device_removed(struct sock *sk, struct hci_dev *hdev,
5500 bdaddr_t *bdaddr, u8 type)
5501{
5502 struct mgmt_ev_device_removed ev;
5503
5504 bacpy(&ev.addr.bdaddr, bdaddr);
5505 ev.addr.type = type;
5506
5507 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5508}
5509
2faade53
MH		 5510static int remove_device(struct sock *sk, struct hci_dev *hdev,
5511 void *data, u16 len)
5512{
5513 struct mgmt_cp_remove_device *cp = data;
5514 int err;
5515
5516 BT_DBG("%s", hdev->name);
5517
5518 hci_dev_lock(hdev);
5519
5520 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5521 struct hci_conn_params *params;
2faade53
MH		 5522 u8 addr_type;
5523
6659358e 5524 if (!bdaddr_type_is_valid(cp->addr.type)) {
2faade53
MH		 5525 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5526 MGMT_STATUS_INVALID_PARAMS,
5527 &cp->addr, sizeof(cp->addr));
5528 goto unlock;
5529 }
5530
6659358e
JH		 5531 if (cp->addr.type == BDADDR_BREDR) {
5532 err = hci_bdaddr_list_del(&hdev->whitelist,
5533 &cp->addr.bdaddr,
5534 cp->addr.type);
5535 if (err) {
5536 err = cmd_complete(sk, hdev->id,
5537 MGMT_OP_REMOVE_DEVICE,
5538 MGMT_STATUS_INVALID_PARAMS,
5539 &cp->addr, sizeof(cp->addr));
5540 goto unlock;
5541 }
5542
432df05e 5543 hci_update_page_scan(hdev, NULL);
a397407f 5544
6659358e
JH		 5545 device_removed(sk, hdev, &cp->addr.bdaddr,
5546 cp->addr.type);
5547 goto complete;
5548 }
5549
2faade53
MH		 5550 if (cp->addr.type == BDADDR_LE_PUBLIC)
5551 addr_type = ADDR_LE_DEV_PUBLIC;
5552 else
5553 addr_type = ADDR_LE_DEV_RANDOM;
5554
c71593dd
JH		 5555 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5556 addr_type);
5557 if (!params) {
5558 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5559 MGMT_STATUS_INVALID_PARAMS,
5560 &cp->addr, sizeof(cp->addr));
5561 goto unlock;
5562 }
5563
5564 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5565 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5566 MGMT_STATUS_INVALID_PARAMS,
5567 &cp->addr, sizeof(cp->addr));
5568 goto unlock;
5569 }
5570
d1dbf12e 5571 list_del(&params->action);
c71593dd
JH		 5572 list_del(&params->list);
5573 kfree(params);
95305baa 5574 hci_update_background_scan(hdev);
8afef092
MH		 5575
5576 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5577 } else {
19de0825 5578 struct hci_conn_params *p, *tmp;
6659358e 5579 struct bdaddr_list *b, *btmp;
19de0825 5580
2faade53
MH		 5581 if (cp->addr.type) {
5582 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5583 MGMT_STATUS_INVALID_PARAMS,
5584 &cp->addr, sizeof(cp->addr));
5585 goto unlock;
5586 }
5587
6659358e
JH		 5588 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5589 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5590 list_del(&b->list);
5591 kfree(b);
5592 }
5593
432df05e 5594 hci_update_page_scan(hdev, NULL);
a397407f 5595
19de0825
JH		 5596 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5597 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5598 continue;
5599 device_removed(sk, hdev, &p->addr, p->addr_type);
5600 list_del(&p->action);
5601 list_del(&p->list);
5602 kfree(p);
5603 }
5604
5605 BT_DBG("All LE connection parameters were removed");
5606
5607 hci_update_background_scan(hdev);
2faade53
MH		 5608 }
5609
6659358e 5610complete:
2faade53
MH		 5611 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5612 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5613
5614unlock:
5615 hci_dev_unlock(hdev);
5616 return err;
5617}
5618
a26f3dcf
JH		 5619static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5620 u16 len)
5621{
5622 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5623 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5624 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5625 u16 param_count, expected_len;
5626 int i;
5627
5628 if (!lmp_le_capable(hdev))
5629 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5630 MGMT_STATUS_NOT_SUPPORTED);
5631
5632 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5633 if (param_count > max_param_count) {
5634 BT_ERR("load_conn_param: too big param_count value %u",
5635 param_count);
5636 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5637 MGMT_STATUS_INVALID_PARAMS);
5638 }
a26f3dcf
JH		 5639
5640 expected_len = sizeof(*cp) + param_count *
5641 sizeof(struct mgmt_conn_param);
5642 if (expected_len != len) {
5643 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5644 expected_len, len);
5645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5646 MGMT_STATUS_INVALID_PARAMS);
5647 }
5648
5649 BT_DBG("%s param_count %u", hdev->name, param_count);
5650
5651 hci_dev_lock(hdev);
5652
5653 hci_conn_params_clear_disabled(hdev);
5654
5655 for (i = 0; i < param_count; i++) {
5656 struct mgmt_conn_param *param = &cp->params[i];
5657 struct hci_conn_params *hci_param;
5658 u16 min, max, latency, timeout;
5659 u8 addr_type;
5660
5661 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5662 param->addr.type);
5663
5664 if (param->addr.type == BDADDR_LE_PUBLIC) {
5665 addr_type = ADDR_LE_DEV_PUBLIC;
5666 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5667 addr_type = ADDR_LE_DEV_RANDOM;
5668 } else {
5669 BT_ERR("Ignoring invalid connection parameters");
5670 continue;
5671 }
5672
5673 min = le16_to_cpu(param->min_interval);
5674 max = le16_to_cpu(param->max_interval);
5675 latency = le16_to_cpu(param->latency);
5676 timeout = le16_to_cpu(param->timeout);
5677
5678 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5679 min, max, latency, timeout);
5680
5681 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5682 BT_ERR("Ignoring invalid connection parameters");
5683 continue;
5684 }
5685
5686 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5687 addr_type);
5688 if (!hci_param) {
5689 BT_ERR("Failed to add connection parameters");
5690 continue;
5691 }
5692
5693 hci_param->conn_min_interval = min;
5694 hci_param->conn_max_interval = max;
5695 hci_param->conn_latency = latency;
5696 hci_param->supervision_timeout = timeout;
5697 }
5698
5699 hci_dev_unlock(hdev);
5700
5701 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5702}
5703
dbece37a
MH		 5704static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5705 void *data, u16 len)
5706{
5707 struct mgmt_cp_set_external_config *cp = data;
5708 bool changed;
5709 int err;
5710
5711 BT_DBG("%s", hdev->name);
5712
5713 if (hdev_is_powered(hdev))
5714 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5715 MGMT_STATUS_REJECTED);
5716
5717 if (cp->config != 0x00 && cp->config != 0x01)
5718 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5719 MGMT_STATUS_INVALID_PARAMS);
5720
5721 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5722 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5723 MGMT_STATUS_NOT_SUPPORTED);
5724
5725 hci_dev_lock(hdev);
5726
5727 if (cp->config)
5728 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5729 &hdev->dev_flags);
5730 else
5731 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5732 &hdev->dev_flags);
5733
5734 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5735 if (err < 0)
5736 goto unlock;
5737
5738 if (!changed)
5739 goto unlock;
5740
f4537c04
MH		 5741 err = new_options(hdev, sk);
5742
dbece37a
MH		 5743 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5744 mgmt_index_removed(hdev);
d603b76b
MH		 5745
5746 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5747 set_bit(HCI_CONFIG, &hdev->dev_flags);
5748 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5749
5750 queue_work(hdev->req_workqueue, &hdev->power_on);
5751 } else {
5ea234d3 5752 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5753 mgmt_index_added(hdev);
5754 }
dbece37a
MH		 5755 }
5756
5757unlock:
5758 hci_dev_unlock(hdev);
5759 return err;
5760}
5761
9713c17b
MH		 5762static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5763 void *data, u16 len)
5764{
5765 struct mgmt_cp_set_public_address *cp = data;
5766 bool changed;
5767 int err;
5768
5769 BT_DBG("%s", hdev->name);
5770
5771 if (hdev_is_powered(hdev))
5772 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5773 MGMT_STATUS_REJECTED);
5774
5775 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5776 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5777 MGMT_STATUS_INVALID_PARAMS);
5778
5779 if (!hdev->set_bdaddr)
5780 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5781 MGMT_STATUS_NOT_SUPPORTED);
5782
5783 hci_dev_lock(hdev);
5784
5785 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5786 bacpy(&hdev->public_addr, &cp->bdaddr);
5787
5788 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5789 if (err < 0)
5790 goto unlock;
5791
5792 if (!changed)
5793 goto unlock;
5794
5795 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5796 err = new_options(hdev, sk);
5797
5798 if (is_configured(hdev)) {
5799 mgmt_index_removed(hdev);
5800
5801 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5802
5803 set_bit(HCI_CONFIG, &hdev->dev_flags);
5804 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5805
5806 queue_work(hdev->req_workqueue, &hdev->power_on);
5807 }
5808
5809unlock:
5810 hci_dev_unlock(hdev);
5811 return err;
5812}
5813
2e3c35ea 5814static const struct mgmt_handler {
04124681
GP		 5815 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5816 u16 data_len);
be22b54e
JH		 5817 bool var_len;
5818 size_t data_len;
0f4e68cf
JH		 5819} mgmt_handlers[] = {
5820 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5821 { read_version, false, MGMT_READ_VERSION_SIZE },
5822 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5823 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5824 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5825 { set_powered, false, MGMT_SETTING_SIZE },
5826 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5827 { set_connectable, false, MGMT_SETTING_SIZE },
5828 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 5829 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 5830 { set_link_security, false, MGMT_SETTING_SIZE },
5831 { set_ssp, false, MGMT_SETTING_SIZE },
5832 { set_hs, false, MGMT_SETTING_SIZE },
5833 { set_le, false, MGMT_SETTING_SIZE },
5834 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5835 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5836 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5837 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5838 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5839 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5840 { disconnect, false, MGMT_DISCONNECT_SIZE },
5841 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5842 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5843 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5844 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5845 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5846 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5847 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5848 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5849 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5850 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5851 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5852 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5853 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5854 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5855 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5856 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5857 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5858 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5859 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5860 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5861 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5862 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5863 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5864 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5865 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5866 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5867 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5868 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5869 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5870 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5871 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5872 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5873 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5874 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5875 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5876 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5877 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
66ea9427 5878 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
0f4e68cf
JH		 5879};
5880
0381101f
JH		 5881int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5882{
650f726d
VCG		 5883 void *buf;
5884 u8 *cp;
0381101f 5885 struct mgmt_hdr *hdr;
4e51eae9 5886 u16 opcode, index, len;
bdb6d971 5887 struct hci_dev *hdev = NULL;
2e3c35ea 5888 const struct mgmt_handler *handler;
0381101f
JH		 5889 int err;
5890
5891 BT_DBG("got %zu bytes", msglen);
5892
5893 if (msglen < sizeof(*hdr))
5894 return -EINVAL;
5895
e63a15ec 5896 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5897 if (!buf)
5898 return -ENOMEM;
5899
5900 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5901 err = -EFAULT;
5902 goto done;
5903 }
5904
650f726d 5905 hdr = buf;
1f350c87
MH		 5906 opcode = __le16_to_cpu(hdr->opcode);
5907 index = __le16_to_cpu(hdr->index);
5908 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5909
5910 if (len != msglen - sizeof(*hdr)) {
5911 err = -EINVAL;
5912 goto done;
5913 }
5914
0f4e68cf 5915 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5916 hdev = hci_dev_get(index);
5917 if (!hdev) {
5918 err = cmd_status(sk, index, opcode,
04124681 5919 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5920 goto done;
5921 }
0736cfa8 5922
cebf4cfd 5923 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5924 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5925 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5926 err = cmd_status(sk, index, opcode,
5927 MGMT_STATUS_INVALID_INDEX);
5928 goto done;
5929 }
42a9bc14
MH		 5930
5931 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5932 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5933 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5934 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5935 err = cmd_status(sk, index, opcode,
5936 MGMT_STATUS_INVALID_INDEX);
5937 goto done;
5938 }
bdb6d971
JH		 5939 }
5940
0f4e68cf 5941 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5942 mgmt_handlers[opcode].func == NULL) {
0381101f 5943 BT_DBG("Unknown op %u", opcode);
ca69b795 5944 err = cmd_status(sk, index, opcode,
04124681 5945 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5946 goto done;
5947 }
5948
73d1df2a
MH		 5949 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5950 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5951 err = cmd_status(sk, index, opcode,
5952 MGMT_STATUS_INVALID_INDEX);
5953 goto done;
5954 }
5955
5956 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5957 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5958 err = cmd_status(sk, index, opcode,
04124681 5959 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5960 goto done;
0381101f
JH		 5961 }
5962
be22b54e
JH		 5963 handler = &mgmt_handlers[opcode];
5964
5965 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5966 (!handler->var_len && len != handler->data_len)) {
be22b54e 5967 err = cmd_status(sk, index, opcode,
04124681 5968 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5969 goto done;
5970 }
5971
0f4e68cf
JH		 5972 if (hdev)
5973 mgmt_init_hdev(sk, hdev);
5974
5975 cp = buf + sizeof(*hdr);
5976
be22b54e 5977 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5978 if (err < 0)
5979 goto done;
5980
0381101f
JH		 5981 err = msglen;
5982
5983done:
bdb6d971
JH		 5984 if (hdev)
5985 hci_dev_put(hdev);
5986
0381101f
JH		 5987 kfree(buf);
5988 return err;
5989}
c71e97bf 5990
bf6b56db 5991void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5992{
1514b892 5993 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5994 return;
bb4b2a9a 5995
0602a8ad
MH		 5996 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5997 return;
5998
5999 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6000 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6001 else
6002 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6003}
6004
bf6b56db 6005void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6006{
5f159032 6007 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6008
1514b892 6009 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6010 return;
bb4b2a9a 6011
0602a8ad
MH		 6012 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6013 return;
6014
1b9b5ee5 6015 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6016
edd3896b
MH		 6017 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6018 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6019 else
6020 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6021}
6022
6046dc3e 6023/* This function requires the caller holds hdev->lock */
d7347f3c 6024static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6025{
6026 struct hci_conn_params *p;
6027
6028 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6029 /* Needed for AUTO_OFF case where might not "really"
6030 * have been powered off.
6031 */
6032 list_del_init(&p->action);
6033
6034 switch (p->auto_connect) {
4b9e7e75 6035 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6036 case HCI_AUTO_CONN_ALWAYS:
6037 list_add(&p->action, &hdev->pend_le_conns);
6038 break;
6039 case HCI_AUTO_CONN_REPORT:
6040 list_add(&p->action, &hdev->pend_le_reports);
6041 break;
6042 default:
6043 break;
c83ed19d 6044 }
6046dc3e 6045 }
c83ed19d 6046
c83ed19d 6047 hci_update_background_scan(hdev);
6046dc3e
AG		 6048}
6049
229ab39c
JH		 6050static void powered_complete(struct hci_dev *hdev, u8 status)
6051{
6052 struct cmd_lookup match = { NULL, hdev };
6053
6054 BT_DBG("status 0x%02x", status);
6055
6056 hci_dev_lock(hdev);
6057
d7347f3c 6058 restart_le_actions(hdev);
6046dc3e 6059
229ab39c
JH		 6060 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6061
6062 new_settings(hdev, match.sk);
6063
6064 hci_dev_unlock(hdev);
6065
6066 if (match.sk)
6067 sock_put(match.sk);
6068}
6069
70da6243 6070static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6071{
890ea898 6072 struct hci_request req;
70da6243 6073 u8 link_sec;
5add6af8 6074
890ea898
JH		 6075 hci_req_init(&req, hdev);
6076
70da6243
JH		 6077 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6078 !lmp_host_ssp_capable(hdev)) {
6079 u8 ssp = 1;
5e5282bb 6080
890ea898 6081 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 6082 }
5add6af8 6083
c73eee91
JH		 6084 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6085 lmp_bredr_capable(hdev)) {
70da6243 6086 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6087
32226e4f
MH		 6088 cp.le = 0x01;
6089 cp.simul = 0x00;
3d1cbdd6 6090
70da6243
JH		 6091 /* Check first if we already have the right
6092 * host state (host features set)
6093 */
6094 if (cp.le != lmp_host_le_capable(hdev) ||
6095 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6096 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6097 sizeof(cp), &cp);
70da6243 6098 }
3d1cbdd6 6099
d13eafce 6100 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6101 /* Make sure the controller has a good default for
6102 * advertising data. This also applies to the case
6103 * where BR/EDR was toggled during the AUTO_OFF phase.
6104 */
f14d8f64 6105 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6106 update_adv_data(&req);
f14d8f64
MH		 6107 update_scan_rsp_data(&req);
6108 }
441ad2d0 6109
bba3aa55
MH		 6110 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6111 enable_advertising(&req);
eeca6f89
JH		 6112 }
6113
70da6243
JH		 6114 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6115 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6116 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6117 sizeof(link_sec), &link_sec);
562fcc24 6118
70da6243 6119 if (lmp_bredr_capable(hdev)) {
432df05e
JH		 6120 write_fast_connectable(&req, false);
6121 hci_update_page_scan(hdev, &req);
890ea898 6122 update_class(&req);
13928971 6123 update_name(&req);
890ea898 6124 update_eir(&req);
70da6243 6125 }
562fcc24 6126
229ab39c 6127 return hci_req_run(&req, powered_complete);
70da6243 6128}
562fcc24 6129
70da6243
JH		 6130int mgmt_powered(struct hci_dev *hdev, u8 powered)
6131{
6132 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 6133 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
6134 u8 zero_cod[] = { 0, 0, 0 };
70da6243 6135 int err;
f0ff92fb 6136
70da6243
JH		 6137 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6138 return 0;
6139
70da6243 6140 if (powered) {
229ab39c
JH		 6141 if (powered_update_hci(hdev) == 0)
6142 return 0;
fe038884 6143
229ab39c
JH		 6144 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6145 &match);
6146 goto new_settings;
b24752fe
JH		 6147 }
6148
229ab39c 6149 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
1b9b5ee5 6150 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status_not_powered);
229ab39c
JH		 6151
6152 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6153 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6154 zero_cod, sizeof(zero_cod), NULL);
6155
6156new_settings:
beadb2bd 6157 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6158
6159 if (match.sk)
6160 sock_put(match.sk);
6161
7bb895d6 6162 return err;
5add6af8 6163}
73f22f62 6164
3eec705e 6165void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6166{
6167 struct pending_cmd *cmd;
6168 u8 status;
6169
6170 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6171 if (!cmd)
3eec705e 6172 return;
96570ffc
JH		 6173
6174 if (err == -ERFKILL)
6175 status = MGMT_STATUS_RFKILLED;
6176 else
6177 status = MGMT_STATUS_FAILED;
6178
3eec705e 6179 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6180
6181 mgmt_pending_remove(cmd);
96570ffc
JH		 6182}
6183
d1967ff8
MH		 6184void mgmt_discoverable_timeout(struct hci_dev *hdev)
6185{
6186 struct hci_request req;
d1967ff8
MH		 6187
6188 hci_dev_lock(hdev);
6189
6190 /* When discoverable timeout triggers, then just make sure
6191 * the limited discoverable flag is cleared. Even in the case
6192 * of a timeout triggered from general discoverable, it is
6193 * safe to unconditionally clear the flag.
6194 */
6195 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6196 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6197
6198 hci_req_init(&req, hdev);
4b580614
JH		 6199 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6200 u8 scan = SCAN_PAGE;
6201 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6202 sizeof(scan), &scan);
6203 }
d1967ff8 6204 update_class(&req);
9a43e25f 6205 update_adv_data(&req);
d1967ff8
MH		 6206 hci_req_run(&req, NULL);
6207
6208 hdev->discov_timeout = 0;
6209
9a43e25f
JH		 6210 new_settings(hdev, NULL);
6211
d1967ff8
MH		 6212 hci_dev_unlock(hdev);
6213}
6214
dc4a5ee2
MH		 6215void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6216 bool persistent)
55ed8ca1 6217{
86742e1e 6218 struct mgmt_ev_new_link_key ev;
55ed8ca1 6219
a492cd52 6220 memset(&ev, 0, sizeof(ev));
55ed8ca1 6221
a492cd52 6222 ev.store_hint = persistent;
d753fdc4 6223 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6224 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6225 ev.key.type = key->type;
9b3b4460 6226 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6227 ev.key.pin_len = key->pin_len;
55ed8ca1 6228
dc4a5ee2 6229 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6230}
f7520543 6231
d7b25450
JH		 6232static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6233{
23fb8de3
JH		 6234 switch (ltk->type) {
6235 case SMP_LTK:
6236 case SMP_LTK_SLAVE:
6237 if (ltk->authenticated)
6238 return MGMT_LTK_AUTHENTICATED;
6239 return MGMT_LTK_UNAUTHENTICATED;
6240 case SMP_LTK_P256:
6241 if (ltk->authenticated)
6242 return MGMT_LTK_P256_AUTH;
6243 return MGMT_LTK_P256_UNAUTH;
6244 case SMP_LTK_P256_DEBUG:
6245 return MGMT_LTK_P256_DEBUG;
6246 }
d7b25450
JH		 6247
6248 return MGMT_LTK_UNAUTHENTICATED;
6249}
6250
53ac6ab6 6251void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6252{
6253 struct mgmt_ev_new_long_term_key ev;
6254
6255 memset(&ev, 0, sizeof(ev));
6256
5192d301
MH		 6257 /* Devices using resolvable or non-resolvable random addresses
6258 * without providing an indentity resolving key don't require
6259 * to store long term keys. Their addresses will change the
6260 * next time around.
6261 *
6262 * Only when a remote device provides an identity address
6263 * make sure the long term key is stored. If the remote
6264 * identity is known, the long term keys are internally
6265 * mapped to the identity address. So allow static random
6266 * and public addresses here.
6267 */
ba74b666
JH		 6268 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6269 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6270 ev.store_hint = 0x00;
6271 else
53ac6ab6 6272 ev.store_hint = persistent;
ba74b666 6273
346af67b 6274 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6275 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6276 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6277 ev.key.enc_size = key->enc_size;
6278 ev.key.ediv = key->ediv;
fe39c7b2 6279 ev.key.rand = key->rand;
346af67b 6280
2ceba539 6281 if (key->type == SMP_LTK)
346af67b
VCG		 6282 ev.key.master = 1;
6283
346af67b
VCG		 6284 memcpy(ev.key.val, key->val, sizeof(key->val));
6285
083368f7 6286 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6287}
6288
95fbac8a
JH		 6289void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6290{
6291 struct mgmt_ev_new_irk ev;
6292
6293 memset(&ev, 0, sizeof(ev));
6294
bab6d1e5
MH		 6295 /* For identity resolving keys from devices that are already
6296 * using a public address or static random address, do not
6297 * ask for storing this key. The identity resolving key really
6298 * is only mandatory for devices using resovlable random
6299 * addresses.
6300 *
6301 * Storing all identity resolving keys has the downside that
6302 * they will be also loaded on next boot of they system. More
6303 * identity resolving keys, means more time during scanning is
6304 * needed to actually resolve these addresses.
6305 */
6306 if (bacmp(&irk->rpa, BDADDR_ANY))
6307 ev.store_hint = 0x01;
6308 else
6309 ev.store_hint = 0x00;
6310
95fbac8a
JH		 6311 bacpy(&ev.rpa, &irk->rpa);
6312 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6313 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6314 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6315
6316 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6317}
6318
53ac6ab6
MH		 6319void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6320 bool persistent)
7ee4ea36
MH		 6321{
6322 struct mgmt_ev_new_csrk ev;
6323
6324 memset(&ev, 0, sizeof(ev));
6325
6326 /* Devices using resolvable or non-resolvable random addresses
6327 * without providing an indentity resolving key don't require
6328 * to store signature resolving keys. Their addresses will change
6329 * the next time around.
6330 *
6331 * Only when a remote device provides an identity address
6332 * make sure the signature resolving key is stored. So allow
6333 * static random and public addresses here.
6334 */
6335 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6336 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6337 ev.store_hint = 0x00;
6338 else
53ac6ab6 6339 ev.store_hint = persistent;
7ee4ea36
MH		 6340
6341 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6342 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6343 ev.key.master = csrk->master;
6344 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6345
6346 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6347}
6348
ffb5a827 6349void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6350 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6351 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6352{
6353 struct mgmt_ev_new_conn_param ev;
6354
c103aea6
JH		 6355 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6356 return;
6357
ffb5a827
AG		 6358 memset(&ev, 0, sizeof(ev));
6359 bacpy(&ev.addr.bdaddr, bdaddr);
6360 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6361 ev.store_hint = store_hint;
ffb5a827
AG		 6362 ev.min_interval = cpu_to_le16(min_interval);
6363 ev.max_interval = cpu_to_le16(max_interval);
6364 ev.latency = cpu_to_le16(latency);
6365 ev.timeout = cpu_to_le16(timeout);
6366
6367 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6368}
6369
94933991
MH		 6370static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6371 u8 data_len)
6372{
6373 eir[eir_len++] = sizeof(type) + data_len;
6374 eir[eir_len++] = type;
6375 memcpy(&eir[eir_len], data, data_len);
6376 eir_len += data_len;
6377
6378 return eir_len;
6379}
6380
48ec92fa
AA		 6381void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6382 u32 flags, u8 *name, u8 name_len)
f7520543 6383{
b644ba33
JH		 6384 char buf[512];
6385 struct mgmt_ev_device_connected *ev = (void *) buf;
6386 u16 eir_len = 0;
f7520543 6387
48ec92fa
AA		 6388 bacpy(&ev->addr.bdaddr, &conn->dst);
6389 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6390
c95f0ba7 6391 ev->flags = __cpu_to_le32(flags);
08c79b61 6392
fd45ada9
AA		 6393 /* We must ensure that the EIR Data fields are ordered and
6394 * unique. Keep it simple for now and avoid the problem by not
6395 * adding any BR/EDR data to the LE adv.
6396 */
6397 if (conn->le_adv_data_len > 0) {
6398 memcpy(&ev->eir[eir_len],
6399 conn->le_adv_data, conn->le_adv_data_len);
6400 eir_len = conn->le_adv_data_len;
6401 } else {
6402 if (name_len > 0)
6403 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6404 name, name_len);
b644ba33 6405
ddbea5cf 6406 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6407 eir_len = eir_append_data(ev->eir, eir_len,
6408 EIR_CLASS_OF_DEV,
6409 conn->dev_class, 3);
6410 }
b644ba33 6411
eb55ef07 6412 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6413
ecd90ae7
MH		 6414 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6415 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6416}
6417
8962ee74
JH		 6418static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6419{
8962ee74 6420 struct sock **sk = data;
8962ee74 6421
f5818c22 6422 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6423
6424 *sk = cmd->sk;
6425 sock_hold(*sk);
6426
a664b5bc 6427 mgmt_pending_remove(cmd);
8962ee74
JH		 6428}
6429
124f6e35 6430static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6431{
b1078ad0 6432 struct hci_dev *hdev = data;
124f6e35 6433 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6434
b1078ad0
JH		 6435 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6436
d8b7b1e4 6437 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6438 mgmt_pending_remove(cmd);
6439}
6440
84c61d92
JH		 6441bool mgmt_powering_down(struct hci_dev *hdev)
6442{
6443 struct pending_cmd *cmd;
6444 struct mgmt_mode *cp;
6445
6446 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6447 if (!cmd)
6448 return false;
6449
6450 cp = cmd->param;
6451 if (!cp->val)
6452 return true;
6453
6454 return false;
6455}
6456
9b80ec5e 6457void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6458 u8 link_type, u8 addr_type, u8 reason,
6459 bool mgmt_connected)
f7520543 6460{
f0d6a0ea 6461 struct mgmt_ev_device_disconnected ev;
8962ee74 6462 struct sock *sk = NULL;
8962ee74 6463
84c61d92
JH		 6464 /* The connection is still in hci_conn_hash so test for 1
6465 * instead of 0 to know if this is the last one.
6466 */
6467 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6468 cancel_delayed_work(&hdev->power_off);
6469 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6470 }
6471
12d4a3b2
JH		 6472 if (!mgmt_connected)
6473 return;
6474
57eb776f
AG		 6475 if (link_type != ACL_LINK && link_type != LE_LINK)
6476 return;
6477
744cf19e 6478 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6479
f0d6a0ea
MA		 6480 bacpy(&ev.addr.bdaddr, bdaddr);
6481 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6482 ev.reason = reason;
f7520543 6483
9b80ec5e 6484 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6485
6486 if (sk)
d97dcb66 6487 sock_put(sk);
8962ee74 6488
124f6e35 6489 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6490 hdev);
8962ee74
JH		 6491}
6492
7892924c
MH		 6493void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6494 u8 link_type, u8 addr_type, u8 status)
8962ee74 6495{
3655bba8
AG		 6496 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6497 struct mgmt_cp_disconnect *cp;
8962ee74 6498 struct pending_cmd *cmd;
8962ee74 6499
36a75f1b
JD		 6500 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6501 hdev);
6502
2e58ef3e 6503 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6504 if (!cmd)
7892924c 6505 return;
8962ee74 6506
3655bba8
AG		 6507 cp = cmd->param;
6508
6509 if (bacmp(bdaddr, &cp->addr.bdaddr))
6510 return;
6511
6512 if (cp->addr.type != bdaddr_type)
6513 return;
6514
f5818c22 6515 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6516 mgmt_pending_remove(cmd);
f7520543 6517}
17d5c04c 6518
445608d0
MH		 6519void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6520 u8 addr_type, u8 status)
17d5c04c
JH		 6521{
6522 struct mgmt_ev_connect_failed ev;
c9910d0f 6523
84c61d92
JH		 6524 /* The connection is still in hci_conn_hash so test for 1
6525 * instead of 0 to know if this is the last one.
6526 */
6527 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6528 cancel_delayed_work(&hdev->power_off);
6529 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6530 }
17d5c04c 6531
4c659c39 6532 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6533 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6534 ev.status = mgmt_status(status);
17d5c04c 6535
445608d0 6536 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6537}
980e1a53 6538
ce0e4a0d 6539void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6540{
6541 struct mgmt_ev_pin_code_request ev;
6542
d8457698 6543 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6544 ev.addr.type = BDADDR_BREDR;
a770bb5a 6545 ev.secure = secure;
980e1a53 6546
ce0e4a0d 6547 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6548}
6549
e669cf80
MH		 6550void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6551 u8 status)
980e1a53
JH		 6552{
6553 struct pending_cmd *cmd;
980e1a53 6554
2e58ef3e 6555 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6556 if (!cmd)
e669cf80 6557 return;
980e1a53 6558
7776d1d8 6559 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6560 mgmt_pending_remove(cmd);
980e1a53
JH		 6561}
6562
3eb38528
MH		 6563void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6564 u8 status)
980e1a53
JH		 6565{
6566 struct pending_cmd *cmd;
980e1a53 6567
2e58ef3e 6568 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6569 if (!cmd)
3eb38528 6570 return;
980e1a53 6571
7776d1d8 6572 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6573 mgmt_pending_remove(cmd);
980e1a53 6574}
a5c29683 6575
744cf19e 6576int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6577 u8 link_type, u8 addr_type, u32 value,
04124681 6578 u8 confirm_hint)
a5c29683
JH		 6579{
6580 struct mgmt_ev_user_confirm_request ev;
6581
744cf19e 6582 BT_DBG("%s", hdev->name);
a5c29683 6583
272d90df 6584 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6585 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6586 ev.confirm_hint = confirm_hint;
39adbffe 6587 ev.value = cpu_to_le32(value);
a5c29683 6588
744cf19e 6589 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6590 NULL);
a5c29683
JH		 6591}
6592
272d90df 6593int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6594 u8 link_type, u8 addr_type)
604086b7
BG		 6595{
6596 struct mgmt_ev_user_passkey_request ev;
6597
6598 BT_DBG("%s", hdev->name);
6599
272d90df 6600 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6601 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6602
6603 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6604 NULL);
604086b7
BG		 6605}
6606
0df4c185 6607static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6608 u8 link_type, u8 addr_type, u8 status,
6609 u8 opcode)
a5c29683
JH		 6610{
6611 struct pending_cmd *cmd;
a5c29683 6612
2e58ef3e 6613 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6614 if (!cmd)
6615 return -ENOENT;
6616
7776d1d8 6617 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6618 mgmt_pending_remove(cmd);
a5c29683 6619
7776d1d8 6620 return 0;
a5c29683
JH		 6621}
6622
744cf19e 6623int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6624 u8 link_type, u8 addr_type, u8 status)
a5c29683 6625{
272d90df 6626 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6627 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6628}
6629
272d90df 6630int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6631 u8 link_type, u8 addr_type, u8 status)
a5c29683 6632{
272d90df 6633 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6634 status,
6635 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6636}
2a611692 6637
604086b7 6638int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6639 u8 link_type, u8 addr_type, u8 status)
604086b7 6640{
272d90df 6641 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6642 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6643}
6644
272d90df 6645int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6646 u8 link_type, u8 addr_type, u8 status)
604086b7 6647{
272d90df 6648 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6649 status,
6650 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6651}
6652
92a25256
JH		 6653int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6654 u8 link_type, u8 addr_type, u32 passkey,
6655 u8 entered)
6656{
6657 struct mgmt_ev_passkey_notify ev;
6658
6659 BT_DBG("%s", hdev->name);
6660
6661 bacpy(&ev.addr.bdaddr, bdaddr);
6662 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6663 ev.passkey = __cpu_to_le32(passkey);
6664 ev.entered = entered;
6665
6666 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6667}
6668
e1e930f5 6669void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6670{
6671 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6672 struct pending_cmd *cmd;
6673 u8 status = mgmt_status(hci_status);
2a611692 6674
e1e930f5
JH		 6675 bacpy(&ev.addr.bdaddr, &conn->dst);
6676 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6677 ev.status = status;
2a611692 6678
e1e930f5
JH		 6679 cmd = find_pairing(conn);
6680
6681 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6682 cmd ? cmd->sk : NULL);
6683
6684 if (cmd)
6685 pairing_complete(cmd, status);
2a611692 6686}
b312b161 6687
464996ae 6688void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6689{
6690 struct cmd_lookup match = { NULL, hdev };
464996ae 6691 bool changed;
33ef95ed
JH		 6692
6693 if (status) {
6694 u8 mgmt_err = mgmt_status(status);
6695 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6696 cmd_status_rsp, &mgmt_err);
464996ae 6697 return;
33ef95ed
JH		 6698 }
6699
464996ae
MH		 6700 if (test_bit(HCI_AUTH, &hdev->flags))
6701 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6702 &hdev->dev_flags);
6703 else
6704 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6705 &hdev->dev_flags);
47990ea0 6706
33ef95ed 6707 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6708 &match);
33ef95ed 6709
47990ea0 6710 if (changed)
464996ae 6711 new_settings(hdev, match.sk);
33ef95ed
JH		 6712
6713 if (match.sk)
6714 sock_put(match.sk);
33ef95ed
JH		 6715}
6716
890ea898 6717static void clear_eir(struct hci_request *req)
cacaf52f 6718{
890ea898 6719 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6720 struct hci_cp_write_eir cp;
6721
976eb20e 6722 if (!lmp_ext_inq_capable(hdev))
890ea898 6723 return;
cacaf52f 6724
c80da27e
JH		 6725 memset(hdev->eir, 0, sizeof(hdev->eir));
6726
cacaf52f
JH		 6727 memset(&cp, 0, sizeof(cp));
6728
890ea898 6729 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6730}
6731
3e248560 6732void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6733{
6734 struct cmd_lookup match = { NULL, hdev };
890ea898 6735 struct hci_request req;
c0ecddc2 6736 bool changed = false;
ed2c4ee3
JH		 6737
6738 if (status) {
6739 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6740
6741 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6742 &hdev->dev_flags)) {
6743 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6744 new_settings(hdev, NULL);
9ecb3e24 6745 }
c0ecddc2 6746
04124681
GP		 6747 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6748 &mgmt_err);
3e248560 6749 return;
c0ecddc2
JH		 6750 }
6751
6752 if (enable) {
9ecb3e24 6753 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6754 } else {
9ecb3e24
MH		 6755 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6756 if (!changed)
6757 changed = test_and_clear_bit(HCI_HS_ENABLED,
6758 &hdev->dev_flags);
6759 else
6760 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6761 }
6762
6763 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6764
c0ecddc2 6765 if (changed)
3e248560 6766 new_settings(hdev, match.sk);
ed2c4ee3 6767
5fc6ebb1 6768 if (match.sk)
ed2c4ee3
JH		 6769 sock_put(match.sk);
6770
890ea898
JH		 6771 hci_req_init(&req, hdev);
6772
3769972b
JH		 6773 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6774 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6775 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6776 sizeof(enable), &enable);
890ea898 6777 update_eir(&req);
3769972b 6778 } else {
890ea898 6779 clear_eir(&req);
3769972b 6780 }
890ea898
JH		 6781
6782 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6783}
6784
eac83dc6
MH		 6785void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6786{
6787 struct cmd_lookup match = { NULL, hdev };
6788 bool changed = false;
6789
6790 if (status) {
6791 u8 mgmt_err = mgmt_status(status);
6792
0ab04a9c
MH		 6793 if (enable) {
6794 if (test_and_clear_bit(HCI_SC_ENABLED,
6795 &hdev->dev_flags))
6796 new_settings(hdev, NULL);
6797 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6798 }
eac83dc6
MH		 6799
6800 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6801 cmd_status_rsp, &mgmt_err);
6802 return;
6803 }
6804
0ab04a9c 6805 if (enable) {
eac83dc6 6806 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6807 } else {
eac83dc6 6808 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6809 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6810 }
eac83dc6
MH		 6811
6812 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6813 settings_rsp, &match);
6814
6815 if (changed)
6816 new_settings(hdev, match.sk);
6817
6818 if (match.sk)
6819 sock_put(match.sk);
6820}
6821
92da6097 6822static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6823{
6824 struct cmd_lookup *match = data;
6825
90e70454
JH		 6826 if (match->sk == NULL) {
6827 match->sk = cmd->sk;
6828 sock_hold(match->sk);
6829 }
90e70454
JH		 6830}
6831
4e1b0245
MH		 6832void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6833 u8 status)
7f9a903c 6834{
90e70454 6835 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6836
92da6097
JH		 6837 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6838 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6839 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6840
6841 if (!status)
4e1b0245
MH		 6842 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6843 NULL);
90e70454
JH		 6844
6845 if (match.sk)
6846 sock_put(match.sk);
7f9a903c
MH		 6847}
6848
7667da34 6849void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6850{
b312b161 6851 struct mgmt_cp_set_local_name ev;
13928971 6852 struct pending_cmd *cmd;
28cc7bde 6853
13928971 6854 if (status)
7667da34 6855 return;
b312b161
JH		 6856
6857 memset(&ev, 0, sizeof(ev));
6858 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6859 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6860
2e58ef3e 6861 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6862 if (!cmd) {
6863 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6864
13928971
JH		 6865 /* If this is a HCI command related to powering on the
6866 * HCI dev don't send any mgmt signals.
6867 */
6868 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6869 return;
890ea898 6870 }
b312b161 6871
7667da34
MH		 6872 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6873 cmd ? cmd->sk : NULL);
b312b161 6874}
c35938b2 6875
4d2d2796 6876void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 6877 u8 *rand192, u8 *hash256, u8 *rand256,
6878 u8 status)
c35938b2
SJ		 6879{
6880 struct pending_cmd *cmd;
c35938b2 6881
744cf19e 6882 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6883
2e58ef3e 6884 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6885 if (!cmd)
3edaf092 6886 return;
c35938b2
SJ		 6887
6888 if (status) {
3edaf092
MH		 6889 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6890 mgmt_status(status));
c35938b2 6891 } else {
710f11c0 6892 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796
MH		 6893 struct mgmt_rp_read_local_oob_ext_data rp;
6894
6895 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
38da1703 6896 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 6897
4d2d2796 6898 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 6899 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
c35938b2 6900
4d2d2796
MH		 6901 cmd_complete(cmd->sk, hdev->id,
6902 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6903 &rp, sizeof(rp));
6904 } else {
6905 struct mgmt_rp_read_local_oob_data rp;
6906
6907 memcpy(rp.hash, hash192, sizeof(rp.hash));
38da1703 6908 memcpy(rp.rand, rand192, sizeof(rp.rand));
4d2d2796
MH		 6909
6910 cmd_complete(cmd->sk, hdev->id,
6911 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6912 &rp, sizeof(rp));
6913 }
c35938b2
SJ		 6914 }
6915
6916 mgmt_pending_remove(cmd);
c35938b2 6917}
e17acd40 6918
799ce93d
JP		 6919static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
6920{
6921 int i;
6922
6923 for (i = 0; i < uuid_count; i++) {
6924 if (!memcmp(uuid, uuids[i], 16))
6925 return true;
6926 }
6927
6928 return false;
6929}
6930
b487b9ce
MH		 6931static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
6932{
799ce93d
JP		 6933 u16 parsed = 0;
6934
6935 while (parsed < eir_len) {
6936 u8 field_len = eir[0];
6937 u8 uuid[16];
6938 int i;
6939
6940 if (field_len == 0)
6941 break;
6942
6943 if (eir_len - parsed < field_len + 1)
6944 break;
6945
6946 switch (eir[1]) {
6947 case EIR_UUID16_ALL:
6948 case EIR_UUID16_SOME:
6949 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 6950 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 6951 uuid[13] = eir[i + 3];
6952 uuid[12] = eir[i + 2];
6953 if (has_uuid(uuid, uuid_count, uuids))
6954 return true;
6955 }
6956 break;
6957 case EIR_UUID32_ALL:
6958 case EIR_UUID32_SOME:
6959 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 6960 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 6961 uuid[15] = eir[i + 5];
6962 uuid[14] = eir[i + 4];
6963 uuid[13] = eir[i + 3];
6964 uuid[12] = eir[i + 2];
6965 if (has_uuid(uuid, uuid_count, uuids))
6966 return true;
6967 }
6968 break;
6969 case EIR_UUID128_ALL:
6970 case EIR_UUID128_SOME:
6971 for (i = 0; i + 17 <= field_len; i += 16) {
6972 memcpy(uuid, eir + i + 2, 16);
6973 if (has_uuid(uuid, uuid_count, uuids))
6974 return true;
6975 }
6976 break;
6977 }
6978
6979 parsed += field_len + 1;
6980 eir += field_len + 1;
6981 }
6982
b487b9ce
MH		 6983 return false;
6984}
6985
901801b9 6986void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6987 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6988 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6989{
e319d2e7
JH		 6990 char buf[512];
6991 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6992 size_t ev_size;
b487b9ce 6993 bool match;
e17acd40 6994
75ce208c
JH		 6995 /* Don't send events for a non-kernel initiated discovery. With
6996 * LE one exception is if we have pend_le_reports > 0 in which
6997 * case we're doing passive scanning and want these events.
6998 */
6999 if (!hci_discovery_active(hdev)) {
7000 if (link_type == ACL_LINK)
7001 return;
66f8455a 7002 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 7003 return;
7004 }
12602d0c 7005
bda157a4
MH		 7006 /* When using service discovery with a RSSI threshold, then check
7007 * if such a RSSI threshold is specified. If a RSSI threshold has
7008 * been specified, then all results with a RSSI smaller than the
7009 * RSSI threshold will be dropped.
efb2513f
MH		 7010 *
7011 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7012 * the results are also dropped.
bda157a4
MH		 7013 */
7014 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
efb2513f 7015 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
bda157a4
MH		 7016 return;
7017
5d2e9fad
JH		 7018 /* Make sure that the buffer is big enough. The 5 extra bytes
7019 * are for the potential CoD field.
7020 */
7021 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 7022 return;
7d262f86 7023
1dc06093
JH		 7024 memset(buf, 0, sizeof(buf));
7025
da25cf6a
MH		 7026 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7027 * RSSI value was reported as 0 when not available. This behavior
7028 * is kept when using device discovery. This is required for full
7029 * backwards compatibility with the API.
7030 *
7031 * However when using service discovery, the value 127 will be
7032 * returned when the RSSI is not available.
7033 */
7034 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi)
efb2513f
MH		 7035 rssi = 0;
7036
841c5644
JH		 7037 bacpy(&ev->addr.bdaddr, bdaddr);
7038 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 7039 ev->rssi = rssi;
af58925c 7040 ev->flags = cpu_to_le32(flags);
e17acd40 7041
b487b9ce
MH		 7042 if (eir_len > 0) {
7043 /* When using service discovery and a list of UUID is
7044 * provided, results with no matching UUID should be
7045 * dropped. In case there is a match the result is
7046 * kept and checking possible scan response data
7047 * will be skipped.
7048 */
7049 if (hdev->discovery.uuid_count > 0) {
7050 match = eir_has_uuids(eir, eir_len,
7051 hdev->discovery.uuid_count,
7052 hdev->discovery.uuids);
7053 if (!match)
7054 return;
7055 }
7056
7057 /* Copy EIR or advertising data into event */
e319d2e7 7058 memcpy(ev->eir, eir, eir_len);
b487b9ce
MH		 7059 } else {
7060 /* When using service discovery and a list of UUID is
7061 * provided, results with empty EIR or advertising data
7062 * should be dropped since they do not match any UUID.
7063 */
7064 if (hdev->discovery.uuid_count > 0)
7065 return;
7066 }
e17acd40 7067
1dc06093
JH		 7068 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7069 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 7070 dev_class, 3);
1dc06093 7071
b487b9ce
MH		 7072 if (scan_rsp_len > 0) {
7073 /* When using service discovery and a list of UUID is
7074 * provided, results with no matching UUID should be
7075 * dropped if there is no previous match from the
7076 * advertising data.
7077 */
7078 if (hdev->discovery.uuid_count > 0) {
7079 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7080 hdev->discovery.uuid_count,
7081 hdev->discovery.uuids))
7082 return;
7083 }
7084
7085 /* Append scan response data to event */
5d2e9fad 7086 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
b487b9ce
MH		 7087 } else {
7088 /* When using service discovery and a list of UUID is
7089 * provided, results with empty scan response and no
7090 * previous matched advertising data should be dropped.
7091 */
7092 if (hdev->discovery.uuid_count > 0 && !match)
7093 return;
7094 }
5d2e9fad
JH		 7095
7096 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7097 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7098
901801b9 7099 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7100}
a88a9652 7101
9cf12aee
MH		 7102void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7103 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7104{
b644ba33
JH		 7105 struct mgmt_ev_device_found *ev;
7106 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7107 u16 eir_len;
a88a9652 7108
b644ba33 7109 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7110
b644ba33
JH		 7111 memset(buf, 0, sizeof(buf));
7112
7113 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7114 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7115 ev->rssi = rssi;
7116
7117 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7118 name_len);
b644ba33 7119
eb55ef07 7120 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7121
9cf12aee 7122 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7123}
314b2381 7124
2f1e063b 7125void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7126{
f963e8e9 7127 struct mgmt_ev_discovering ev;
164a6e78 7128
343fb145
AG		 7129 BT_DBG("%s discovering %u", hdev->name, discovering);
7130
f963e8e9
JH		 7131 memset(&ev, 0, sizeof(ev));
7132 ev.type = hdev->discovery.type;
7133 ev.discovering = discovering;
7134
2f1e063b 7135 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7136}
5e762444 7137
5976e608
MH		 7138static void adv_enable_complete(struct hci_dev *hdev, u8 status)
7139{
7140 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7141}
7142
7143void mgmt_reenable_advertising(struct hci_dev *hdev)
7144{
7145 struct hci_request req;
7146
5976e608
MH		 7147 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7148 return;
7149
7150 hci_req_init(&req, hdev);
7151 enable_advertising(&req);
0ec5ae84 7152 hci_req_run(&req, adv_enable_complete);
5976e608 7153}
Linux kernel - Deliverables
This page took 1.031668 seconds and 5 git commands to generate.