projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix connecting devices during LE device discovery
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
4b34ee78
JH		 132#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
133 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
134
eec8d2bc
JH		 135struct pending_cmd {
136 struct list_head list;
fc2f4b13 137 u16 opcode;
eec8d2bc 138 int index;
c68fb7ff 139 void *param;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
69ab39ea 556 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 558
ed3fa31f 559 if (lmp_bredr_capable(hdev)) {
33c525c0 560 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 561 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
562 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 563 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 580 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 581 }
69ab39ea 582
eb1904f4
MH		 583 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
584 hdev->set_bdaddr)
9fc3bfb6
MH		 585 settings |= MGMT_SETTING_CONFIGURATION;
586
69ab39ea
JH		 587 return settings;
588}
589
590static u32 get_current_settings(struct hci_dev *hdev)
591{
592 u32 settings = 0;
593
f1f0eb02 594 if (hdev_is_powered(hdev))
f0d4b78a
MH		 595 settings |= MGMT_SETTING_POWERED;
596
5e5282bb 597 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 598 settings |= MGMT_SETTING_CONNECTABLE;
599
1a4d3c4b
JH		 600 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_FAST_CONNECTABLE;
602
5e5282bb 603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_DISCOVERABLE;
605
a8b2d5c2 606 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_PAIRABLE;
608
56f87901 609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_BREDR;
611
06199cf8 612 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LE;
614
47990ea0 615 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_LINK_SECURITY;
617
84bde9d6 618 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 619 settings |= MGMT_SETTING_SSP;
620
6d80dfd0
JH		 621 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
622 settings |= MGMT_SETTING_HS;
623
f3d3444a 624 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 625 settings |= MGMT_SETTING_ADVERTISING;
626
e98d2ce2
MH		 627 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
628 settings |= MGMT_SETTING_SECURE_CONN;
629
0663b297 630 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 631 settings |= MGMT_SETTING_DEBUG_KEYS;
632
0f4bd942
JH		 633 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
634 settings |= MGMT_SETTING_PRIVACY;
635
69ab39ea
JH		 636 return settings;
637}
638
ef580372
JH		 639#define PNP_INFO_SVCLASS_ID 0x1200
640
213202ed
JH		 641static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
642{
643 u8 *ptr = data, *uuids_start = NULL;
644 struct bt_uuid *uuid;
645
646 if (len < 4)
647 return ptr;
648
649 list_for_each_entry(uuid, &hdev->uuids, list) {
650 u16 uuid16;
651
652 if (uuid->size != 16)
653 continue;
654
655 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 < 0x1100)
657 continue;
658
659 if (uuid16 == PNP_INFO_SVCLASS_ID)
660 continue;
661
662 if (!uuids_start) {
663 uuids_start = ptr;
664 uuids_start[0] = 1;
665 uuids_start[1] = EIR_UUID16_ALL;
666 ptr += 2;
667 }
668
669 /* Stop if not enough space to put next UUID */
670 if ((ptr - data) + sizeof(u16) > len) {
671 uuids_start[1] = EIR_UUID16_SOME;
672 break;
673 }
674
675 *ptr++ = (uuid16 & 0x00ff);
676 *ptr++ = (uuid16 & 0xff00) >> 8;
677 uuids_start[0] += sizeof(uuid16);
678 }
679
680 return ptr;
681}
682
cdf1963f
JH		 683static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
684{
685 u8 *ptr = data, *uuids_start = NULL;
686 struct bt_uuid *uuid;
687
688 if (len < 6)
689 return ptr;
690
691 list_for_each_entry(uuid, &hdev->uuids, list) {
692 if (uuid->size != 32)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID32_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u32) > len) {
704 uuids_start[1] = EIR_UUID32_SOME;
705 break;
706 }
707
708 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
709 ptr += sizeof(u32);
710 uuids_start[0] += sizeof(u32);
711 }
712
713 return ptr;
714}
715
c00d575b
JH		 716static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 18)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 128)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID128_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + 16 > len) {
737 uuids_start[1] = EIR_UUID128_SOME;
738 break;
739 }
740
741 memcpy(ptr, uuid->uuid, 16);
742 ptr += 16;
743 uuids_start[0] += 16;
744 }
745
746 return ptr;
747}
748
eb2a8d20
JH		 749static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
750{
751 struct pending_cmd *cmd;
752
753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
754 if (cmd->opcode == opcode)
755 return cmd;
756 }
757
758 return NULL;
759}
760
95868426
JH		 761static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
762 struct hci_dev *hdev,
763 const void *data)
764{
765 struct pending_cmd *cmd;
766
767 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
768 if (cmd->user_data != data)
769 continue;
770 if (cmd->opcode == opcode)
771 return cmd;
772 }
773
774 return NULL;
775}
776
f14d8f64
MH		 777static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
778{
7a5f4990
MH		 779 u8 ad_len = 0;
780 size_t name_len;
781
782 name_len = strlen(hdev->dev_name);
783 if (name_len > 0) {
784 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
785
786 if (name_len > max_len) {
787 name_len = max_len;
788 ptr[1] = EIR_NAME_SHORT;
789 } else
790 ptr[1] = EIR_NAME_COMPLETE;
791
792 ptr[0] = name_len + 1;
793
794 memcpy(ptr + 2, hdev->dev_name, name_len);
795
796 ad_len += (name_len + 2);
797 ptr += (name_len + 2);
798 }
799
800 return ad_len;
f14d8f64
MH		 801}
802
803static void update_scan_rsp_data(struct hci_request *req)
804{
805 struct hci_dev *hdev = req->hdev;
806 struct hci_cp_le_set_scan_rsp_data cp;
807 u8 len;
808
7751ef1b 809 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 810 return;
811
812 memset(&cp, 0, sizeof(cp));
813
814 len = create_scan_rsp_data(hdev, cp.data);
815
eb438b5f
JH		 816 if (hdev->scan_rsp_data_len == len &&
817 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 818 return;
819
eb438b5f
JH		 820 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
821 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 822
823 cp.length = len;
824
825 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
826}
827
9a43e25f
JH		 828static u8 get_adv_discov_flags(struct hci_dev *hdev)
829{
830 struct pending_cmd *cmd;
831
832 /* If there's a pending mgmt command the flags will not yet have
833 * their final values, so check for this first.
834 */
835 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
836 if (cmd) {
837 struct mgmt_mode *cp = cmd->param;
838 if (cp->val == 0x01)
839 return LE_AD_GENERAL;
840 else if (cp->val == 0x02)
841 return LE_AD_LIMITED;
842 } else {
843 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
844 return LE_AD_LIMITED;
845 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_GENERAL;
847 }
848
849 return 0;
850}
851
46cad2ed 852static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 853{
854 u8 ad_len = 0, flags = 0;
441ad2d0 855
9a43e25f 856 flags |= get_adv_discov_flags(hdev);
441ad2d0 857
e834004b 858 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 859 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 860
861 if (flags) {
862 BT_DBG("adv flags 0x%02x", flags);
863
864 ptr[0] = 2;
865 ptr[1] = EIR_FLAGS;
866 ptr[2] = flags;
867
868 ad_len += 3;
869 ptr += 3;
870 }
871
872 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
873 ptr[0] = 2;
874 ptr[1] = EIR_TX_POWER;
875 ptr[2] = (u8) hdev->adv_tx_power;
876
877 ad_len += 3;
878 ptr += 3;
879 }
880
441ad2d0
MH		 881 return ad_len;
882}
883
5947f4bc 884static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 885{
886 struct hci_dev *hdev = req->hdev;
887 struct hci_cp_le_set_adv_data cp;
888 u8 len;
889
10994ce6 890 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 891 return;
892
893 memset(&cp, 0, sizeof(cp));
894
46cad2ed 895 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 896
897 if (hdev->adv_data_len == len &&
898 memcmp(cp.data, hdev->adv_data, len) == 0)
899 return;
900
901 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
902 hdev->adv_data_len = len;
903
904 cp.length = len;
905
906 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
907}
908
ef580372
JH		 909static void create_eir(struct hci_dev *hdev, u8 *data)
910{
911 u8 *ptr = data;
ef580372
JH		 912 size_t name_len;
913
914 name_len = strlen(hdev->dev_name);
915
916 if (name_len > 0) {
917 /* EIR Data type */
918 if (name_len > 48) {
919 name_len = 48;
920 ptr[1] = EIR_NAME_SHORT;
921 } else
922 ptr[1] = EIR_NAME_COMPLETE;
923
924 /* EIR Data length */
925 ptr[0] = name_len + 1;
926
927 memcpy(ptr + 2, hdev->dev_name, name_len);
928
ef580372
JH		 929 ptr += (name_len + 2);
930 }
931
bbaf444a 932 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 933 ptr[0] = 2;
934 ptr[1] = EIR_TX_POWER;
935 ptr[2] = (u8) hdev->inq_tx_power;
936
91c4e9b1
MH		 937 ptr += 3;
938 }
939
2b9be137
MH		 940 if (hdev->devid_source > 0) {
941 ptr[0] = 9;
942 ptr[1] = EIR_DEVICE_ID;
943
944 put_unaligned_le16(hdev->devid_source, ptr + 2);
945 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
946 put_unaligned_le16(hdev->devid_product, ptr + 6);
947 put_unaligned_le16(hdev->devid_version, ptr + 8);
948
2b9be137
MH		 949 ptr += 10;
950 }
951
213202ed 952 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 953 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 954 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 955}
956
890ea898 957static void update_eir(struct hci_request *req)
ef580372 958{
890ea898 959 struct hci_dev *hdev = req->hdev;
ef580372
JH		 960 struct hci_cp_write_eir cp;
961
504c8dcd 962 if (!hdev_is_powered(hdev))
890ea898 963 return;
7770c4aa 964
976eb20e 965 if (!lmp_ext_inq_capable(hdev))
890ea898 966 return;
ef580372 967
84bde9d6 968 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 969 return;
ef580372 970
a8b2d5c2 971 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 972 return;
ef580372
JH		 973
974 memset(&cp, 0, sizeof(cp));
975
976 create_eir(hdev, cp.data);
977
978 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 979 return;
ef580372
JH		 980
981 memcpy(hdev->eir, cp.data, sizeof(cp.data));
982
890ea898 983 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 984}
985
986static u8 get_service_classes(struct hci_dev *hdev)
987{
988 struct bt_uuid *uuid;
989 u8 val = 0;
990
991 list_for_each_entry(uuid, &hdev->uuids, list)
992 val |= uuid->svc_hint;
993
994 return val;
995}
996
890ea898 997static void update_class(struct hci_request *req)
ef580372 998{
890ea898 999 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1000 u8 cod[3];
1001
1002 BT_DBG("%s", hdev->name);
1003
504c8dcd 1004 if (!hdev_is_powered(hdev))
890ea898 1005 return;
7770c4aa 1006
f87ea1da
JH		 1007 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1008 return;
1009
a8b2d5c2 1010 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1011 return;
ef580372
JH		 1012
1013 cod[0] = hdev->minor_class;
1014 cod[1] = hdev->major_class;
1015 cod[2] = get_service_classes(hdev);
1016
6acd7db4
MH		 1017 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1018 cod[1] |= 0x20;
1019
ef580372 1020 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1021 return;
ef580372 1022
890ea898 1023 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1024}
1025
a4858cb9 1026static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1027{
1028 struct pending_cmd *cmd;
199a2fb1
JH		 1029
1030 /* If there's a pending mgmt command the flag will not yet have
1031 * it's final value, so check for this first.
1032 */
1033 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1034 if (cmd) {
1035 struct mgmt_mode *cp = cmd->param;
a4858cb9 1036 return cp->val;
199a2fb1
JH		 1037 }
1038
a4858cb9 1039 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1040}
1041
1042static void enable_advertising(struct hci_request *req)
1043{
1044 struct hci_dev *hdev = req->hdev;
1045 struct hci_cp_le_set_adv_param cp;
8f2a0601 1046 u8 own_addr_type, enable = 0x01;
a4858cb9 1047 bool connectable;
199a2fb1 1048
8d97250e
JH		 1049 /* Clear the HCI_ADVERTISING bit temporarily so that the
1050 * hci_update_random_address knows that it's safe to go ahead
1051 * and write a new random address. The flag will be set back on
1052 * as soon as the SET_ADV_ENABLE HCI command completes.
1053 */
1054 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1055
a4858cb9 1056 connectable = get_connectable(hdev);
8f2a0601 1057
a4858cb9
JH		 1058 /* Set require_privacy to true only when non-connectable
1059 * advertising is used. In that case it is fine to use a
1060 * non-resolvable private address.
1061 */
1062 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1063 return;
1064
41c90c18 1065 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1066 cp.min_interval = cpu_to_le16(0x0800);
1067 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1068 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1069 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1070 cp.channel_map = hdev->le_adv_channel_map;
1071
1072 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1073
1074 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1075}
1076
1077static void disable_advertising(struct hci_request *req)
1078{
1079 u8 enable = 0x00;
1080
1081 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1082}
1083
7d78525d
JH		 1084static void service_cache_off(struct work_struct *work)
1085{
1086 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1087 service_cache.work);
890ea898 1088 struct hci_request req;
7d78525d 1089
a8b2d5c2 1090 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1091 return;
1092
890ea898
JH		 1093 hci_req_init(&req, hdev);
1094
7d78525d
JH		 1095 hci_dev_lock(hdev);
1096
890ea898
JH		 1097 update_eir(&req);
1098 update_class(&req);
7d78525d
JH		 1099
1100 hci_dev_unlock(hdev);
890ea898
JH		 1101
1102 hci_req_run(&req, NULL);
7d78525d
JH		 1103}
1104
d6bfd59c
JH		 1105static void rpa_expired(struct work_struct *work)
1106{
1107 struct hci_dev *hdev = container_of(work, struct hci_dev,
1108 rpa_expired.work);
1109 struct hci_request req;
1110
1111 BT_DBG("");
1112
1113 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1114
1115 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
1116 hci_conn_num(hdev, LE_LINK) > 0)
1117 return;
1118
1119 /* The generation of a new RPA and programming it into the
1120 * controller happens in the enable_advertising() function.
1121 */
1122
1123 hci_req_init(&req, hdev);
1124
1125 disable_advertising(&req);
1126 enable_advertising(&req);
1127
1128 hci_req_run(&req, NULL);
1129}
1130
6a919082 1131static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1132{
4f87da80 1133 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1134 return;
1135
4f87da80 1136 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1137 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1138
4f87da80
JH		 1139 /* Non-mgmt controlled devices get this bit set
1140 * implicitly so that pairing works for them, however
1141 * for mgmt we require user-space to explicitly enable
1142 * it
1143 */
1144 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1145}
1146
0f4e68cf 1147static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1148 void *data, u16 data_len)
0381101f 1149{
a38528f1 1150 struct mgmt_rp_read_info rp;
f7b64e69 1151
bdb6d971 1152 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1153
09fd0de5 1154 hci_dev_lock(hdev);
f7b64e69 1155
dc4fe30b
JH		 1156 memset(&rp, 0, sizeof(rp));
1157
69ab39ea 1158 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1159
69ab39ea 1160 rp.version = hdev->hci_ver;
eb55ef07 1161 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1162
1163 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1164 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1165
a38528f1 1166 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1167
dc4fe30b 1168 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1169 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1170
09fd0de5 1171 hci_dev_unlock(hdev);
0381101f 1172
bdb6d971 1173 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1174 sizeof(rp));
0381101f
JH		 1175}
1176
eec8d2bc
JH		 1177static void mgmt_pending_free(struct pending_cmd *cmd)
1178{
1179 sock_put(cmd->sk);
c68fb7ff 1180 kfree(cmd->param);
eec8d2bc
JH		 1181 kfree(cmd);
1182}
1183
366a0336 1184static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1185 struct hci_dev *hdev, void *data,
1186 u16 len)
eec8d2bc
JH		 1187{
1188 struct pending_cmd *cmd;
1189
fca20018 1190 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1191 if (!cmd)
366a0336 1192 return NULL;
eec8d2bc
JH		 1193
1194 cmd->opcode = opcode;
2e58ef3e 1195 cmd->index = hdev->id;
eec8d2bc 1196
12b94565 1197 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1198 if (!cmd->param) {
eec8d2bc 1199 kfree(cmd);
366a0336 1200 return NULL;
eec8d2bc
JH		 1201 }
1202
8fce6357
SJ		 1203 if (data)
1204 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1205
1206 cmd->sk = sk;
1207 sock_hold(sk);
1208
2e58ef3e 1209 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1210
366a0336 1211 return cmd;
eec8d2bc
JH		 1212}
1213
744cf19e 1214static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1215 void (*cb)(struct pending_cmd *cmd,
1216 void *data),
04124681 1217 void *data)
eec8d2bc 1218{
a3d09356 1219 struct pending_cmd *cmd, *tmp;
eec8d2bc 1220
a3d09356 1221 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1222 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1223 continue;
1224
eec8d2bc
JH		 1225 cb(cmd, data);
1226 }
1227}
1228
a664b5bc 1229static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1230{
73f22f62
JH		 1231 list_del(&cmd->list);
1232 mgmt_pending_free(cmd);
1233}
1234
69ab39ea 1235static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1236{
69ab39ea 1237 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1238
aee9b218 1239 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1240 sizeof(settings));
8680570b
JH		 1241}
1242
8b064a3a
JH		 1243static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1244{
1245 BT_DBG("%s status 0x%02x", hdev->name, status);
1246
a3172b7e
JH		 1247 if (hci_conn_count(hdev) == 0) {
1248 cancel_delayed_work(&hdev->power_off);
8b064a3a 1249 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1250 }
8b064a3a
JH		 1251}
1252
21a60d30
JH		 1253static void hci_stop_discovery(struct hci_request *req)
1254{
1255 struct hci_dev *hdev = req->hdev;
1256 struct hci_cp_remote_name_req_cancel cp;
1257 struct inquiry_entry *e;
1258
1259 switch (hdev->discovery.state) {
1260 case DISCOVERY_FINDING:
1261 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1262 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1263 } else {
1264 cancel_delayed_work(&hdev->le_scan_disable);
1265 hci_req_add_le_scan_disable(req);
1266 }
1267
1268 break;
1269
1270 case DISCOVERY_RESOLVING:
1271 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1272 NAME_PENDING);
1273 if (!e)
1274 return;
1275
1276 bacpy(&cp.bdaddr, &e->data.bdaddr);
1277 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1278 &cp);
1279
1280 break;
1281
1282 default:
1283 /* Passive scanning */
1284 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1285 hci_req_add_le_scan_disable(req);
1286 break;
1287 }
1288}
1289
8b064a3a
JH		 1290static int clean_up_hci_state(struct hci_dev *hdev)
1291{
1292 struct hci_request req;
1293 struct hci_conn *conn;
1294
1295 hci_req_init(&req, hdev);
1296
1297 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1298 test_bit(HCI_PSCAN, &hdev->flags)) {
1299 u8 scan = 0x00;
1300 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1301 }
1302
1303 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1304 disable_advertising(&req);
1305
f8680f12 1306 hci_stop_discovery(&req);
8b064a3a
JH		 1307
1308 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1309 struct hci_cp_disconnect dc;
c9910d0f
JH		 1310 struct hci_cp_reject_conn_req rej;
1311
1312 switch (conn->state) {
1313 case BT_CONNECTED:
1314 case BT_CONFIG:
1315 dc.handle = cpu_to_le16(conn->handle);
1316 dc.reason = 0x15; /* Terminated due to Power Off */
1317 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1318 break;
1319 case BT_CONNECT:
1320 if (conn->type == LE_LINK)
1321 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1322 0, NULL);
1323 else if (conn->type == ACL_LINK)
1324 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1325 6, &conn->dst);
1326 break;
1327 case BT_CONNECT2:
1328 bacpy(&rej.bdaddr, &conn->dst);
1329 rej.reason = 0x15; /* Terminated due to Power Off */
1330 if (conn->type == ACL_LINK)
1331 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1332 sizeof(rej), &rej);
1333 else if (conn->type == SCO_LINK)
1334 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1335 sizeof(rej), &rej);
1336 break;
1337 }
8b064a3a
JH		 1338 }
1339
1340 return hci_req_run(&req, clean_up_hci_complete);
1341}
1342
bdb6d971 1343static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1344 u16 len)
eec8d2bc 1345{
650f726d 1346 struct mgmt_mode *cp = data;
366a0336 1347 struct pending_cmd *cmd;
4b34ee78 1348 int err;
eec8d2bc 1349
bdb6d971 1350 BT_DBG("request for %s", hdev->name);
eec8d2bc 1351
a7e80f25
JH		 1352 if (cp->val != 0x00 && cp->val != 0x01)
1353 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1354 MGMT_STATUS_INVALID_PARAMS);
1355
09fd0de5 1356 hci_dev_lock(hdev);
eec8d2bc 1357
87b95ba6
JH		 1358 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1359 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1360 MGMT_STATUS_BUSY);
1361 goto failed;
1362 }
1363
f0d4b78a
MH		 1364 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1365 cancel_delayed_work(&hdev->power_off);
1366
1367 if (cp->val) {
a1d70450
JH		 1368 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1369 data, len);
1370 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1371 goto failed;
1372 }
1373 }
1374
4b34ee78 1375 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1376 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1377 goto failed;
1378 }
1379
2e58ef3e 1380 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1381 if (!cmd) {
1382 err = -ENOMEM;
eec8d2bc 1383 goto failed;
366a0336 1384 }
eec8d2bc 1385
8b064a3a 1386 if (cp->val) {
19202573 1387 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1388 err = 0;
1389 } else {
1390 /* Disconnect connections, stop scans, etc */
1391 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1392 if (!err)
1393 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1394 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1395
8b064a3a
JH		 1396 /* ENODATA means there were no HCI commands queued */
1397 if (err == -ENODATA) {
a3172b7e 1398 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1399 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1400 err = 0;
1401 }
1402 }
eec8d2bc
JH		 1403
1404failed:
09fd0de5 1405 hci_dev_unlock(hdev);
366a0336 1406 return err;
eec8d2bc
JH		 1407}
1408
beadb2bd
JH		 1409static int new_settings(struct hci_dev *hdev, struct sock *skip)
1410{
1411 __le32 ev;
1412
1413 ev = cpu_to_le32(get_current_settings(hdev));
1414
1415 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1416}
1417
bd99abdd
JH		 1418struct cmd_lookup {
1419 struct sock *sk;
1420 struct hci_dev *hdev;
1421 u8 mgmt_status;
1422};
1423
1424static void settings_rsp(struct pending_cmd *cmd, void *data)
1425{
1426 struct cmd_lookup *match = data;
1427
1428 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1429
1430 list_del(&cmd->list);
1431
1432 if (match->sk == NULL) {
1433 match->sk = cmd->sk;
1434 sock_hold(match->sk);
1435 }
1436
1437 mgmt_pending_free(cmd);
1438}
1439
1440static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1441{
1442 u8 *status = data;
1443
1444 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1445 mgmt_pending_remove(cmd);
1446}
1447
e6fe7986
JH		 1448static u8 mgmt_bredr_support(struct hci_dev *hdev)
1449{
1450 if (!lmp_bredr_capable(hdev))
1451 return MGMT_STATUS_NOT_SUPPORTED;
1452 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1453 return MGMT_STATUS_REJECTED;
1454 else
1455 return MGMT_STATUS_SUCCESS;
1456}
1457
1458static u8 mgmt_le_support(struct hci_dev *hdev)
1459{
1460 if (!lmp_le_capable(hdev))
1461 return MGMT_STATUS_NOT_SUPPORTED;
1462 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1463 return MGMT_STATUS_REJECTED;
1464 else
1465 return MGMT_STATUS_SUCCESS;
1466}
1467
bfaf8c9f
JH		 1468static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1469{
1470 struct pending_cmd *cmd;
1471 struct mgmt_mode *cp;
970ba524 1472 struct hci_request req;
bfaf8c9f
JH		 1473 bool changed;
1474
1475 BT_DBG("status 0x%02x", status);
1476
1477 hci_dev_lock(hdev);
1478
1479 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1480 if (!cmd)
1481 goto unlock;
1482
1483 if (status) {
1484 u8 mgmt_err = mgmt_status(status);
1485 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1486 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1487 goto remove_cmd;
1488 }
1489
1490 cp = cmd->param;
d4462a07 1491 if (cp->val) {
bfaf8c9f
JH		 1492 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1493 &hdev->dev_flags);
d4462a07
MH		 1494
1495 if (hdev->discov_timeout > 0) {
1496 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1497 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1498 to);
1499 }
1500 } else {
bfaf8c9f
JH		 1501 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1502 &hdev->dev_flags);
d4462a07 1503 }
bfaf8c9f
JH		 1504
1505 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1506
1507 if (changed)
1508 new_settings(hdev, cmd->sk);
1509
970ba524
MH		 1510 /* When the discoverable mode gets changed, make sure
1511 * that class of device has the limited discoverable
1512 * bit correctly set.
1513 */
1514 hci_req_init(&req, hdev);
1515 update_class(&req);
1516 hci_req_run(&req, NULL);
1517
bfaf8c9f
JH		 1518remove_cmd:
1519 mgmt_pending_remove(cmd);
1520
1521unlock:
1522 hci_dev_unlock(hdev);
1523}
1524
bdb6d971 1525static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1526 u16 len)
73f22f62 1527{
650f726d 1528 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1529 struct pending_cmd *cmd;
bfaf8c9f 1530 struct hci_request req;
5e5282bb 1531 u16 timeout;
9a43e25f 1532 u8 scan;
73f22f62
JH		 1533 int err;
1534
bdb6d971 1535 BT_DBG("request for %s", hdev->name);
73f22f62 1536
9a43e25f
JH		 1537 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1538 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1539 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1540 MGMT_STATUS_REJECTED);
33c525c0 1541
310a3d48 1542 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1543 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1544 MGMT_STATUS_INVALID_PARAMS);
1545
1f350c87 1546 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1547
1548 /* Disabling discoverable requires that no timeout is set,
1549 * and enabling limited discoverable requires a timeout.
1550 */
1551 if ((cp->val == 0x00 && timeout > 0) ||
1552 (cp->val == 0x02 && timeout == 0))
bdb6d971 1553 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1554 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1555
09fd0de5 1556 hci_dev_lock(hdev);
73f22f62 1557
5e5282bb 1558 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1559 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1560 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1561 goto failed;
1562 }
1563
2e58ef3e 1564 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1565 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1566 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1567 MGMT_STATUS_BUSY);
73f22f62
JH		 1568 goto failed;
1569 }
1570
5e5282bb 1571 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1572 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1573 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1574 goto failed;
1575 }
1576
1577 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1578 bool changed = false;
1579
310a3d48
MH		 1580 /* Setting limited discoverable when powered off is
1581 * not a valid operation since it requires a timeout
1582 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1583 */
0224d2fa
JH		 1584 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1585 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1586 changed = true;
1587 }
1588
5e5282bb 1589 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1590 if (err < 0)
1591 goto failed;
1592
1593 if (changed)
1594 err = new_settings(hdev, sk);
1595
5e5282bb
JH		 1596 goto failed;
1597 }
1598
310a3d48
MH		 1599 /* If the current mode is the same, then just update the timeout
1600 * value with the new value. And if only the timeout gets updated,
1601 * then no need for any HCI transactions.
1602 */
1603 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1604 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1605 &hdev->dev_flags)) {
36261547
MH		 1606 cancel_delayed_work(&hdev->discov_off);
1607 hdev->discov_timeout = timeout;
955638ec 1608
36261547
MH		 1609 if (cp->val && hdev->discov_timeout > 0) {
1610 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1611 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1612 to);
955638ec
MH		 1613 }
1614
69ab39ea 1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1616 goto failed;
1617 }
1618
2e58ef3e 1619 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1620 if (!cmd) {
1621 err = -ENOMEM;
73f22f62 1622 goto failed;
366a0336 1623 }
73f22f62 1624
310a3d48
MH		 1625 /* Cancel any potential discoverable timeout that might be
1626 * still active and store new timeout value. The arming of
1627 * the timeout happens in the complete handler.
1628 */
1629 cancel_delayed_work(&hdev->discov_off);
1630 hdev->discov_timeout = timeout;
1631
b456f87c
JH		 1632 /* Limited discoverable mode */
1633 if (cp->val == 0x02)
1634 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1635 else
1636 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1637
bfaf8c9f
JH		 1638 hci_req_init(&req, hdev);
1639
9a43e25f
JH		 1640 /* The procedure for LE-only controllers is much simpler - just
1641 * update the advertising data.
1642 */
1643 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1644 goto update_ad;
1645
73f22f62
JH		 1646 scan = SCAN_PAGE;
1647
310a3d48
MH		 1648 if (cp->val) {
1649 struct hci_cp_write_current_iac_lap hci_cp;
1650
1651 if (cp->val == 0x02) {
1652 /* Limited discoverable mode */
33337dcb 1653 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1654 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1655 hci_cp.iac_lap[1] = 0x8b;
1656 hci_cp.iac_lap[2] = 0x9e;
1657 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1658 hci_cp.iac_lap[4] = 0x8b;
1659 hci_cp.iac_lap[5] = 0x9e;
1660 } else {
1661 /* General discoverable mode */
310a3d48
MH		 1662 hci_cp.num_iac = 1;
1663 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1664 hci_cp.iac_lap[1] = 0x8b;
1665 hci_cp.iac_lap[2] = 0x9e;
1666 }
1667
1668 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1669 (hci_cp.num_iac * 3) + 1, &hci_cp);
1670
73f22f62 1671 scan |= SCAN_INQUIRY;
310a3d48
MH		 1672 } else {
1673 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1674 }
73f22f62 1675
310a3d48 1676 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1677
9a43e25f
JH		 1678update_ad:
1679 update_adv_data(&req);
1680
bfaf8c9f 1681 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1682 if (err < 0)
a664b5bc 1683 mgmt_pending_remove(cmd);
73f22f62
JH		 1684
1685failed:
09fd0de5 1686 hci_dev_unlock(hdev);
73f22f62
JH		 1687 return err;
1688}
1689
406d7804
JH		 1690static void write_fast_connectable(struct hci_request *req, bool enable)
1691{
bd98b996 1692 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1693 struct hci_cp_write_page_scan_activity acp;
1694 u8 type;
1695
547003b1
JH		 1696 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1697 return;
1698
4c01f8b8
JH		 1699 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1700 return;
1701
406d7804
JH		 1702 if (enable) {
1703 type = PAGE_SCAN_TYPE_INTERLACED;
1704
1705 /* 160 msec page scan interval */
dcf4adbf 1706 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1707 } else {
1708 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1709
1710 /* default 1.28 sec page scan */
dcf4adbf 1711 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1712 }
1713
dcf4adbf 1714 acp.window = cpu_to_le16(0x0012);
406d7804 1715
bd98b996
JH		 1716 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1717 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1718 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1719 sizeof(acp), &acp);
1720
1721 if (hdev->page_scan_type != type)
1722 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1723}
1724
2b76f453
JH		 1725static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1726{
1727 struct pending_cmd *cmd;
d7b856f9
JH		 1728 struct mgmt_mode *cp;
1729 bool changed;
2b76f453
JH		 1730
1731 BT_DBG("status 0x%02x", status);
1732
1733 hci_dev_lock(hdev);
1734
1735 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1736 if (!cmd)
1737 goto unlock;
1738
37438c1f
JH		 1739 if (status) {
1740 u8 mgmt_err = mgmt_status(status);
1741 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1742 goto remove_cmd;
1743 }
1744
d7b856f9
JH		 1745 cp = cmd->param;
1746 if (cp->val)
1747 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1748 else
1749 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1750
2b76f453
JH		 1751 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1752
d7b856f9
JH		 1753 if (changed)
1754 new_settings(hdev, cmd->sk);
1755
37438c1f 1756remove_cmd:
2b76f453
JH		 1757 mgmt_pending_remove(cmd);
1758
1759unlock:
1760 hci_dev_unlock(hdev);
1761}
1762
e8ba3a1f
JH		 1763static int set_connectable_update_settings(struct hci_dev *hdev,
1764 struct sock *sk, u8 val)
1765{
1766 bool changed = false;
1767 int err;
1768
1769 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1770 changed = true;
1771
1772 if (val) {
1773 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1774 } else {
1775 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1776 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1777 }
1778
1779 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1780 if (err < 0)
1781 return err;
1782
1783 if (changed)
1784 return new_settings(hdev, sk);
1785
1786 return 0;
1787}
1788
bdb6d971 1789static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1790 u16 len)
9fbcbb45 1791{
650f726d 1792 struct mgmt_mode *cp = data;
366a0336 1793 struct pending_cmd *cmd;
2b76f453 1794 struct hci_request req;
1987fdc7 1795 u8 scan;
9fbcbb45
JH		 1796 int err;
1797
bdb6d971 1798 BT_DBG("request for %s", hdev->name);
9fbcbb45 1799
1987fdc7
JH		 1800 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1801 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1802 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1803 MGMT_STATUS_REJECTED);
33c525c0 1804
a7e80f25
JH		 1805 if (cp->val != 0x00 && cp->val != 0x01)
1806 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1807 MGMT_STATUS_INVALID_PARAMS);
1808
09fd0de5 1809 hci_dev_lock(hdev);
9fbcbb45 1810
4b34ee78 1811 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1812 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1813 goto failed;
1814 }
1815
2e58ef3e 1816 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1817 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1818 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1819 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1820 goto failed;
1821 }
1822
2e58ef3e 1823 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1824 if (!cmd) {
1825 err = -ENOMEM;
9fbcbb45 1826 goto failed;
366a0336 1827 }
9fbcbb45 1828
9b74246f 1829 hci_req_init(&req, hdev);
9fbcbb45 1830
9a43e25f
JH		 1831 /* If BR/EDR is not enabled and we disable advertising as a
1832 * by-product of disabling connectable, we need to update the
1833 * advertising flags.
1834 */
1835 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1836 if (!cp->val) {
1837 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1838 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1839 }
1840 update_adv_data(&req);
1841 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1842 if (cp->val) {
1843 scan = SCAN_PAGE;
1844 } else {
1845 scan = 0;
1846
1847 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1848 hdev->discov_timeout > 0)
9b74246f
JH		 1849 cancel_delayed_work(&hdev->discov_off);
1850 }
2b76f453 1851
9b74246f
JH		 1852 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1853 }
2b76f453 1854
4c01f8b8
JH		 1855 /* If we're going from non-connectable to connectable or
1856 * vice-versa when fast connectable is enabled ensure that fast
1857 * connectable gets disabled. write_fast_connectable won't do
1858 * anything if the page scan parameters are already what they
1859 * should be.
1860 */
1861 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1862 write_fast_connectable(&req, false);
1863
1987fdc7
JH		 1864 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1865 hci_conn_num(hdev, LE_LINK) == 0) {
1866 disable_advertising(&req);
1867 enable_advertising(&req);
1868 }
1869
2b76f453 1870 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1871 if (err < 0) {
a664b5bc 1872 mgmt_pending_remove(cmd);
9b74246f 1873 if (err == -ENODATA)
a81070ba
JH		 1874 err = set_connectable_update_settings(hdev, sk,
1875 cp->val);
9b74246f
JH		 1876 goto failed;
1877 }
9fbcbb45
JH		 1878
1879failed:
09fd0de5 1880 hci_dev_unlock(hdev);
9fbcbb45
JH		 1881 return err;
1882}
1883
bdb6d971 1884static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1885 u16 len)
c542a06c 1886{
650f726d 1887 struct mgmt_mode *cp = data;
55594356 1888 bool changed;
c542a06c
JH		 1889 int err;
1890
bdb6d971 1891 BT_DBG("request for %s", hdev->name);
c542a06c 1892
a7e80f25
JH		 1893 if (cp->val != 0x00 && cp->val != 0x01)
1894 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1895 MGMT_STATUS_INVALID_PARAMS);
1896
09fd0de5 1897 hci_dev_lock(hdev);
c542a06c
JH		 1898
1899 if (cp->val)
55594356 1900 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1901 else
55594356 1902 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1903
69ab39ea 1904 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1905 if (err < 0)
55594356 1906 goto unlock;
c542a06c 1907
55594356
MH		 1908 if (changed)
1909 err = new_settings(hdev, sk);
c542a06c 1910
55594356 1911unlock:
09fd0de5 1912 hci_dev_unlock(hdev);
c542a06c
JH		 1913 return err;
1914}
1915
04124681
GP		 1916static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1917 u16 len)
33ef95ed
JH		 1918{
1919 struct mgmt_mode *cp = data;
1920 struct pending_cmd *cmd;
e6fe7986 1921 u8 val, status;
33ef95ed
JH		 1922 int err;
1923
bdb6d971 1924 BT_DBG("request for %s", hdev->name);
33ef95ed 1925
e6fe7986
JH		 1926 status = mgmt_bredr_support(hdev);
1927 if (status)
33c525c0 1928 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1929 status);
33c525c0 1930
a7e80f25
JH		 1931 if (cp->val != 0x00 && cp->val != 0x01)
1932 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1933 MGMT_STATUS_INVALID_PARAMS);
1934
33ef95ed
JH		 1935 hci_dev_lock(hdev);
1936
4b34ee78 1937 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1938 bool changed = false;
1939
1940 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1941 &hdev->dev_flags)) {
47990ea0
JH		 1942 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1943 changed = true;
1944 }
1945
1946 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1947 if (err < 0)
1948 goto failed;
1949
1950 if (changed)
1951 err = new_settings(hdev, sk);
1952
33ef95ed
JH		 1953 goto failed;
1954 }
1955
1956 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1957 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1958 MGMT_STATUS_BUSY);
33ef95ed
JH		 1959 goto failed;
1960 }
1961
1962 val = !!cp->val;
1963
1964 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1965 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1966 goto failed;
1967 }
1968
1969 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1970 if (!cmd) {
1971 err = -ENOMEM;
1972 goto failed;
1973 }
1974
1975 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1976 if (err < 0) {
1977 mgmt_pending_remove(cmd);
1978 goto failed;
1979 }
1980
1981failed:
1982 hci_dev_unlock(hdev);
33ef95ed
JH		 1983 return err;
1984}
1985
bdb6d971 1986static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1987{
1988 struct mgmt_mode *cp = data;
1989 struct pending_cmd *cmd;
72ef0c1a 1990 u8 status;
ed2c4ee3
JH		 1991 int err;
1992
bdb6d971 1993 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1994
cdba5281
MH		 1995 status = mgmt_bredr_support(hdev);
1996 if (status)
1997 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1998
13ecd8b6
JH		 1999 if (!lmp_ssp_capable(hdev))
2000 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2001 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2002
a7e80f25
JH		 2003 if (cp->val != 0x00 && cp->val != 0x01)
2004 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2005 MGMT_STATUS_INVALID_PARAMS);
2006
13ecd8b6 2007 hci_dev_lock(hdev);
6c8f12c1 2008
4b34ee78 2009 if (!hdev_is_powered(hdev)) {
9ecb3e24 2010 bool changed;
c0ecddc2 2011
9ecb3e24
MH		 2012 if (cp->val) {
2013 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2014 &hdev->dev_flags);
2015 } else {
2016 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2017 &hdev->dev_flags);
2018 if (!changed)
2019 changed = test_and_clear_bit(HCI_HS_ENABLED,
2020 &hdev->dev_flags);
2021 else
2022 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2023 }
2024
2025 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2026 if (err < 0)
2027 goto failed;
2028
2029 if (changed)
2030 err = new_settings(hdev, sk);
2031
ed2c4ee3
JH		 2032 goto failed;
2033 }
2034
9ecb3e24
MH		 2035 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2036 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2037 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2038 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2039 goto failed;
2040 }
2041
72ef0c1a 2042 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2043 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2044 goto failed;
2045 }
2046
2047 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2048 if (!cmd) {
2049 err = -ENOMEM;
2050 goto failed;
2051 }
2052
3769972b
JH		 2053 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2054 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2055 sizeof(cp->val), &cp->val);
2056
72ef0c1a 2057 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2058 if (err < 0) {
2059 mgmt_pending_remove(cmd);
2060 goto failed;
2061 }
2062
2063failed:
2064 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2065 return err;
2066}
2067
bdb6d971 2068static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2069{
2070 struct mgmt_mode *cp = data;
ee392693 2071 bool changed;
e6fe7986 2072 u8 status;
ee392693 2073 int err;
6d80dfd0 2074
bdb6d971 2075 BT_DBG("request for %s", hdev->name);
6d80dfd0 2076
e6fe7986
JH		 2077 status = mgmt_bredr_support(hdev);
2078 if (status)
2079 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2080
9ecb3e24
MH		 2081 if (!lmp_ssp_capable(hdev))
2082 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2083 MGMT_STATUS_NOT_SUPPORTED);
2084
2085 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2086 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2087 MGMT_STATUS_REJECTED);
2088
a7e80f25
JH		 2089 if (cp->val != 0x00 && cp->val != 0x01)
2090 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2091 MGMT_STATUS_INVALID_PARAMS);
2092
ee392693
MH		 2093 hci_dev_lock(hdev);
2094
a0cdf960 2095 if (cp->val) {
ee392693 2096 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2097 } else {
2098 if (hdev_is_powered(hdev)) {
2099 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2100 MGMT_STATUS_REJECTED);
2101 goto unlock;
2102 }
2103
ee392693 2104 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2105 }
ee392693
MH		 2106
2107 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2108 if (err < 0)
2109 goto unlock;
2110
2111 if (changed)
2112 err = new_settings(hdev, sk);
6d80dfd0 2113
ee392693
MH		 2114unlock:
2115 hci_dev_unlock(hdev);
2116 return err;
6d80dfd0
JH		 2117}
2118
416a4ae5
JH		 2119static void le_enable_complete(struct hci_dev *hdev, u8 status)
2120{
2121 struct cmd_lookup match = { NULL, hdev };
2122
2123 if (status) {
2124 u8 mgmt_err = mgmt_status(status);
2125
2126 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2127 &mgmt_err);
2128 return;
2129 }
2130
2131 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2132
2133 new_settings(hdev, match.sk);
2134
2135 if (match.sk)
2136 sock_put(match.sk);
441ad2d0
MH		 2137
2138 /* Make sure the controller has a good default for
2139 * advertising data. Restrict the update to when LE
2140 * has actually been enabled. During power on, the
2141 * update in powered_update_hci will take care of it.
2142 */
2143 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2144 struct hci_request req;
2145
2146 hci_dev_lock(hdev);
2147
2148 hci_req_init(&req, hdev);
5947f4bc 2149 update_adv_data(&req);
f14d8f64 2150 update_scan_rsp_data(&req);
441ad2d0
MH		 2151 hci_req_run(&req, NULL);
2152
2153 hci_dev_unlock(hdev);
2154 }
416a4ae5
JH		 2155}
2156
bdb6d971 2157static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2158{
2159 struct mgmt_mode *cp = data;
2160 struct hci_cp_write_le_host_supported hci_cp;
2161 struct pending_cmd *cmd;
416a4ae5 2162 struct hci_request req;
06199cf8 2163 int err;
0b60eba1 2164 u8 val, enabled;
06199cf8 2165
bdb6d971 2166 BT_DBG("request for %s", hdev->name);
06199cf8 2167
13ecd8b6
JH		 2168 if (!lmp_le_capable(hdev))
2169 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2170 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2171
a7e80f25
JH		 2172 if (cp->val != 0x00 && cp->val != 0x01)
2173 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2174 MGMT_STATUS_INVALID_PARAMS);
2175
c73eee91 2176 /* LE-only devices do not allow toggling LE on/off */
56f87901 2177 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2178 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2179 MGMT_STATUS_REJECTED);
2180
13ecd8b6 2181 hci_dev_lock(hdev);
06199cf8
JH		 2182
2183 val = !!cp->val;
ffa88e02 2184 enabled = lmp_host_le_capable(hdev);
06199cf8 2185
0b60eba1 2186 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2187 bool changed = false;
2188
2189 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2190 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2191 changed = true;
2192 }
2193
f3d3444a
JH		 2194 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2195 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2196 changed = true;
2197 }
2198
06199cf8
JH		 2199 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2200 if (err < 0)
1de028ce 2201 goto unlock;
06199cf8
JH		 2202
2203 if (changed)
2204 err = new_settings(hdev, sk);
2205
1de028ce 2206 goto unlock;
06199cf8
JH		 2207 }
2208
4375f103
JH		 2209 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2210 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2211 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2212 MGMT_STATUS_BUSY);
1de028ce 2213 goto unlock;
06199cf8
JH		 2214 }
2215
2216 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2217 if (!cmd) {
2218 err = -ENOMEM;
1de028ce 2219 goto unlock;
06199cf8
JH		 2220 }
2221
441ad2d0
MH		 2222 hci_req_init(&req, hdev);
2223
06199cf8
JH		 2224 memset(&hci_cp, 0, sizeof(hci_cp));
2225
2226 if (val) {
2227 hci_cp.le = val;
ffa88e02 2228 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2229 } else {
2230 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2231 disable_advertising(&req);
06199cf8
JH		 2232 }
2233
416a4ae5
JH		 2234 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2235 &hci_cp);
2236
2237 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2238 if (err < 0)
06199cf8 2239 mgmt_pending_remove(cmd);
06199cf8 2240
1de028ce
JH		 2241unlock:
2242 hci_dev_unlock(hdev);
06199cf8
JH		 2243 return err;
2244}
2245
0cab9c80
JH		 2246/* This is a helper function to test for pending mgmt commands that can
2247 * cause CoD or EIR HCI commands. We can only allow one such pending
2248 * mgmt command at a time since otherwise we cannot easily track what
2249 * the current values are, will be, and based on that calculate if a new
2250 * HCI command needs to be sent and if yes with what value.
2251 */
2252static bool pending_eir_or_class(struct hci_dev *hdev)
2253{
2254 struct pending_cmd *cmd;
2255
2256 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2257 switch (cmd->opcode) {
2258 case MGMT_OP_ADD_UUID:
2259 case MGMT_OP_REMOVE_UUID:
2260 case MGMT_OP_SET_DEV_CLASS:
2261 case MGMT_OP_SET_POWERED:
2262 return true;
2263 }
2264 }
2265
2266 return false;
2267}
2268
83be8eca
JH		 2269static const u8 bluetooth_base_uuid[] = {
2270 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2271 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2272};
2273
2274static u8 get_uuid_size(const u8 *uuid)
2275{
2276 u32 val;
2277
2278 if (memcmp(uuid, bluetooth_base_uuid, 12))
2279 return 128;
2280
2281 val = get_unaligned_le32(&uuid[12]);
2282 if (val > 0xffff)
2283 return 32;
2284
2285 return 16;
2286}
2287
92da6097
JH		 2288static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2289{
2290 struct pending_cmd *cmd;
2291
2292 hci_dev_lock(hdev);
2293
2294 cmd = mgmt_pending_find(mgmt_op, hdev);
2295 if (!cmd)
2296 goto unlock;
2297
2298 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2299 hdev->dev_class, 3);
2300
2301 mgmt_pending_remove(cmd);
2302
2303unlock:
2304 hci_dev_unlock(hdev);
2305}
2306
2307static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2308{
2309 BT_DBG("status 0x%02x", status);
2310
2311 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2312}
2313
bdb6d971 2314static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2315{
650f726d 2316 struct mgmt_cp_add_uuid *cp = data;
90e70454 2317 struct pending_cmd *cmd;
890ea898 2318 struct hci_request req;
2aeb9a1a 2319 struct bt_uuid *uuid;
2aeb9a1a
JH		 2320 int err;
2321
bdb6d971 2322 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2323
09fd0de5 2324 hci_dev_lock(hdev);
2aeb9a1a 2325
0cab9c80 2326 if (pending_eir_or_class(hdev)) {
bdb6d971 2327 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2328 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2329 goto failed;
2330 }
2331
92c4c204 2332 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2333 if (!uuid) {
2334 err = -ENOMEM;
2335 goto failed;
2336 }
2337
2338 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2339 uuid->svc_hint = cp->svc_hint;
83be8eca 2340 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2341
de66aa63 2342 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2343
890ea898 2344 hci_req_init(&req, hdev);
1aff6f09 2345
890ea898
JH		 2346 update_class(&req);
2347 update_eir(&req);
2348
92da6097
JH		 2349 err = hci_req_run(&req, add_uuid_complete);
2350 if (err < 0) {
2351 if (err != -ENODATA)
2352 goto failed;
80a1e1db 2353
bdb6d971 2354 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2355 hdev->dev_class, 3);
90e70454
JH		 2356 goto failed;
2357 }
2358
2359 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2360 if (!cmd) {
90e70454 2361 err = -ENOMEM;
890ea898
JH		 2362 goto failed;
2363 }
2364
2365 err = 0;
2aeb9a1a
JH		 2366
2367failed:
09fd0de5 2368 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2369 return err;
2370}
2371
24b78d0f
JH		 2372static bool enable_service_cache(struct hci_dev *hdev)
2373{
2374 if (!hdev_is_powered(hdev))
2375 return false;
2376
2377 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2378 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2379 CACHE_TIMEOUT);
24b78d0f
JH		 2380 return true;
2381 }
2382
2383 return false;
2384}
2385
92da6097
JH		 2386static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2387{
2388 BT_DBG("status 0x%02x", status);
2389
2390 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2391}
2392
bdb6d971 2393static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2394 u16 len)
2aeb9a1a 2395{
650f726d 2396 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2397 struct pending_cmd *cmd;
056341c8 2398 struct bt_uuid *match, *tmp;
2aeb9a1a 2399 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2400 struct hci_request req;
2aeb9a1a
JH		 2401 int err, found;
2402
bdb6d971 2403 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2404
09fd0de5 2405 hci_dev_lock(hdev);
2aeb9a1a 2406
0cab9c80 2407 if (pending_eir_or_class(hdev)) {
bdb6d971 2408 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2409 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2410 goto unlock;
2411 }
2412
2aeb9a1a 2413 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2414 hci_uuids_clear(hdev);
4004b6d9 2415
24b78d0f 2416 if (enable_service_cache(hdev)) {
bdb6d971 2417 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2418 0, hdev->dev_class, 3);
24b78d0f
JH		 2419 goto unlock;
2420 }
4004b6d9 2421
9246a869 2422 goto update_class;
2aeb9a1a
JH		 2423 }
2424
2425 found = 0;
2426
056341c8 2427 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2428 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2429 continue;
2430
2431 list_del(&match->list);
482049f7 2432 kfree(match);
2aeb9a1a
JH		 2433 found++;
2434 }
2435
2436 if (found == 0) {
bdb6d971 2437 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2438 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2439 goto unlock;
2440 }
2441
9246a869 2442update_class:
890ea898 2443 hci_req_init(&req, hdev);
1aff6f09 2444
890ea898
JH		 2445 update_class(&req);
2446 update_eir(&req);
2447
92da6097
JH		 2448 err = hci_req_run(&req, remove_uuid_complete);
2449 if (err < 0) {
2450 if (err != -ENODATA)
2451 goto unlock;
80a1e1db 2452
bdb6d971 2453 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2454 hdev->dev_class, 3);
90e70454
JH		 2455 goto unlock;
2456 }
2457
2458 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2459 if (!cmd) {
90e70454 2460 err = -ENOMEM;
890ea898
JH		 2461 goto unlock;
2462 }
2463
2464 err = 0;
2aeb9a1a
JH		 2465
2466unlock:
09fd0de5 2467 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2468 return err;
2469}
2470
92da6097
JH		 2471static void set_class_complete(struct hci_dev *hdev, u8 status)
2472{
2473 BT_DBG("status 0x%02x", status);
2474
2475 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2476}
2477
bdb6d971 2478static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2479 u16 len)
1aff6f09 2480{
650f726d 2481 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2482 struct pending_cmd *cmd;
890ea898 2483 struct hci_request req;
1aff6f09
JH		 2484 int err;
2485
bdb6d971 2486 BT_DBG("request for %s", hdev->name);
1aff6f09 2487
6203fc98 2488 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2489 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2490 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2491
0cab9c80 2492 hci_dev_lock(hdev);
ee98f473 2493
0cab9c80
JH		 2494 if (pending_eir_or_class(hdev)) {
2495 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2496 MGMT_STATUS_BUSY);
2497 goto unlock;
2498 }
c95f0ba7 2499
0cab9c80
JH		 2500 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2501 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2502 MGMT_STATUS_INVALID_PARAMS);
2503 goto unlock;
2504 }
575b3a02 2505
932f5ff5
JH		 2506 hdev->major_class = cp->major;
2507 hdev->minor_class = cp->minor;
2508
b5235a65 2509 if (!hdev_is_powered(hdev)) {
bdb6d971 2510 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2511 hdev->dev_class, 3);
b5235a65
JH		 2512 goto unlock;
2513 }
2514
890ea898
JH		 2515 hci_req_init(&req, hdev);
2516
a8b2d5c2 2517 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2518 hci_dev_unlock(hdev);
2519 cancel_delayed_work_sync(&hdev->service_cache);
2520 hci_dev_lock(hdev);
890ea898 2521 update_eir(&req);
7d78525d 2522 }
14c0b608 2523
890ea898
JH		 2524 update_class(&req);
2525
92da6097
JH		 2526 err = hci_req_run(&req, set_class_complete);
2527 if (err < 0) {
2528 if (err != -ENODATA)
2529 goto unlock;
1aff6f09 2530
bdb6d971 2531 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2532 hdev->dev_class, 3);
90e70454
JH		 2533 goto unlock;
2534 }
2535
2536 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2537 if (!cmd) {
90e70454 2538 err = -ENOMEM;
890ea898
JH		 2539 goto unlock;
2540 }
2541
2542 err = 0;
1aff6f09 2543
b5235a65 2544unlock:
09fd0de5 2545 hci_dev_unlock(hdev);
1aff6f09
JH		 2546 return err;
2547}
2548
bdb6d971 2549static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2550 u16 len)
55ed8ca1 2551{
650f726d 2552 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2553 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2554 sizeof(struct mgmt_link_key_info));
4e51eae9 2555 u16 key_count, expected_len;
b1de97d8 2556 bool changed;
a492cd52 2557 int i;
55ed8ca1 2558
9060d5cf
MH		 2559 BT_DBG("request for %s", hdev->name);
2560
2561 if (!lmp_bredr_capable(hdev))
2562 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2563 MGMT_STATUS_NOT_SUPPORTED);
2564
1f350c87 2565 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2566 if (key_count > max_key_count) {
2567 BT_ERR("load_link_keys: too big key_count value %u",
2568 key_count);
2569 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2570 MGMT_STATUS_INVALID_PARAMS);
2571 }
55ed8ca1 2572
86742e1e
JH		 2573 expected_len = sizeof(*cp) + key_count *
2574 sizeof(struct mgmt_link_key_info);
a492cd52 2575 if (expected_len != len) {
86742e1e 2576 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2577 expected_len, len);
bdb6d971 2578 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2579 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2580 }
2581
4ae14301
JH		 2582 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2583 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2584 MGMT_STATUS_INVALID_PARAMS);
2585
bdb6d971 2586 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2587 key_count);
55ed8ca1 2588
4ee71b20
JH		 2589 for (i = 0; i < key_count; i++) {
2590 struct mgmt_link_key_info *key = &cp->keys[i];
2591
8e991132 2592 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2593 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2594 MGMT_STATUS_INVALID_PARAMS);
2595 }
2596
09fd0de5 2597 hci_dev_lock(hdev);
55ed8ca1
JH		 2598
2599 hci_link_keys_clear(hdev);
2600
55ed8ca1 2601 if (cp->debug_keys)
0663b297
JH		 2602 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2603 &hdev->dev_flags);
55ed8ca1 2604 else
0663b297
JH		 2605 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2606 &hdev->dev_flags);
b1de97d8
MH		 2607
2608 if (changed)
2609 new_settings(hdev, NULL);
55ed8ca1 2610
a492cd52 2611 for (i = 0; i < key_count; i++) {
86742e1e 2612 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2613
58e9293c
JH		 2614 /* Always ignore debug keys and require a new pairing if
2615 * the user wants to use them.
2616 */
2617 if (key->type == HCI_LK_DEBUG_COMBINATION)
2618 continue;
2619
7652ff6a
JH		 2620 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2621 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2622 }
2623
bdb6d971 2624 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2625
09fd0de5 2626 hci_dev_unlock(hdev);
55ed8ca1 2627
a492cd52 2628 return 0;
55ed8ca1
JH		 2629}
2630
b1078ad0 2631static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2632 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2633{
2634 struct mgmt_ev_device_unpaired ev;
2635
2636 bacpy(&ev.addr.bdaddr, bdaddr);
2637 ev.addr.type = addr_type;
2638
2639 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2640 skip_sk);
b1078ad0
JH		 2641}
2642
bdb6d971 2643static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2644 u16 len)
55ed8ca1 2645{
124f6e35
JH		 2646 struct mgmt_cp_unpair_device *cp = data;
2647 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2648 struct hci_cp_disconnect dc;
2649 struct pending_cmd *cmd;
55ed8ca1 2650 struct hci_conn *conn;
55ed8ca1
JH		 2651 int err;
2652
a8a1d19e 2653 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2654 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2655 rp.addr.type = cp->addr.type;
a8a1d19e 2656
4ee71b20
JH		 2657 if (!bdaddr_type_is_valid(cp->addr.type))
2658 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2659 MGMT_STATUS_INVALID_PARAMS,
2660 &rp, sizeof(rp));
2661
118da70b
JH		 2662 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2663 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2664 MGMT_STATUS_INVALID_PARAMS,
2665 &rp, sizeof(rp));
2666
4ee71b20
JH		 2667 hci_dev_lock(hdev);
2668
86a8cfc6 2669 if (!hdev_is_powered(hdev)) {
bdb6d971 2670 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2671 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2672 goto unlock;
2673 }
2674
e0b2b27e 2675 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2676 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2677 } else {
2678 u8 addr_type;
2679
2680 if (cp->addr.type == BDADDR_LE_PUBLIC)
2681 addr_type = ADDR_LE_DEV_PUBLIC;
2682 else
2683 addr_type = ADDR_LE_DEV_RANDOM;
2684
a7ec7338
JH		 2685 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2686
a9b0a04c
AG		 2687 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2688
e0b2b27e
JH		 2689 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2690 }
b0dbfb46 2691
55ed8ca1 2692 if (err < 0) {
bdb6d971 2693 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2694 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2695 goto unlock;
2696 }
2697
86a8cfc6 2698 if (cp->disconnect) {
591f47f3 2699 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2700 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2701 &cp->addr.bdaddr);
86a8cfc6
JH		 2702 else
2703 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2704 &cp->addr.bdaddr);
86a8cfc6
JH		 2705 } else {
2706 conn = NULL;
2707 }
124f6e35 2708
a8a1d19e 2709 if (!conn) {
bdb6d971 2710 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2711 &rp, sizeof(rp));
b1078ad0 2712 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2713 goto unlock;
2714 }
55ed8ca1 2715
124f6e35 2716 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2717 sizeof(*cp));
a8a1d19e
JH		 2718 if (!cmd) {
2719 err = -ENOMEM;
2720 goto unlock;
55ed8ca1
JH		 2721 }
2722
eb55ef07 2723 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2724 dc.reason = 0x13; /* Remote User Terminated Connection */
2725 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2726 if (err < 0)
2727 mgmt_pending_remove(cmd);
2728
55ed8ca1 2729unlock:
09fd0de5 2730 hci_dev_unlock(hdev);
55ed8ca1
JH		 2731 return err;
2732}
2733
bdb6d971 2734static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2735 u16 len)
8962ee74 2736{
650f726d 2737 struct mgmt_cp_disconnect *cp = data;
06a63b19 2738 struct mgmt_rp_disconnect rp;
8962ee74 2739 struct hci_cp_disconnect dc;
366a0336 2740 struct pending_cmd *cmd;
8962ee74 2741 struct hci_conn *conn;
8962ee74
JH		 2742 int err;
2743
2744 BT_DBG("");
2745
06a63b19
JH		 2746 memset(&rp, 0, sizeof(rp));
2747 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2748 rp.addr.type = cp->addr.type;
2749
4ee71b20 2750 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2751 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2752 MGMT_STATUS_INVALID_PARAMS,
2753 &rp, sizeof(rp));
4ee71b20 2754
09fd0de5 2755 hci_dev_lock(hdev);
8962ee74
JH		 2756
2757 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2758 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2759 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2760 goto failed;
2761 }
2762
2e58ef3e 2763 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2764 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2765 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2766 goto failed;
2767 }
2768
591f47f3 2769 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2770 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2771 &cp->addr.bdaddr);
88c3df13
JH		 2772 else
2773 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2774
f960727e 2775 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2776 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2777 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2778 goto failed;
2779 }
2780
2e58ef3e 2781 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2782 if (!cmd) {
2783 err = -ENOMEM;
8962ee74 2784 goto failed;
366a0336 2785 }
8962ee74 2786
eb55ef07 2787 dc.handle = cpu_to_le16(conn->handle);
3701f944 2788 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2789
2790 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2791 if (err < 0)
a664b5bc 2792 mgmt_pending_remove(cmd);
8962ee74
JH		 2793
2794failed:
09fd0de5 2795 hci_dev_unlock(hdev);
8962ee74
JH		 2796 return err;
2797}
2798
57c1477c 2799static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2800{
2801 switch (link_type) {
2802 case LE_LINK:
48264f06
JH		 2803 switch (addr_type) {
2804 case ADDR_LE_DEV_PUBLIC:
591f47f3 2805 return BDADDR_LE_PUBLIC;
0ed09148 2806
48264f06 2807 default:
0ed09148 2808 /* Fallback to LE Random address type */
591f47f3 2809 return BDADDR_LE_RANDOM;
48264f06 2810 }
0ed09148 2811
4c659c39 2812 default:
0ed09148 2813 /* Fallback to BR/EDR type */
591f47f3 2814 return BDADDR_BREDR;
4c659c39
JH		 2815 }
2816}
2817
04124681
GP		 2818static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2819 u16 data_len)
2784eb41 2820{
2784eb41 2821 struct mgmt_rp_get_connections *rp;
8035ded4 2822 struct hci_conn *c;
a38528f1 2823 size_t rp_len;
60fc5fb6
JH		 2824 int err;
2825 u16 i;
2784eb41
JH		 2826
2827 BT_DBG("");
2828
09fd0de5 2829 hci_dev_lock(hdev);
2784eb41 2830
5f97c1df 2831 if (!hdev_is_powered(hdev)) {
bdb6d971 2832 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2833 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2834 goto unlock;
2835 }
2836
60fc5fb6 2837 i = 0;
b644ba33
JH		 2838 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2839 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2840 i++;
2784eb41
JH		 2841 }
2842
60fc5fb6 2843 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2844 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2845 if (!rp) {
2784eb41
JH		 2846 err = -ENOMEM;
2847 goto unlock;
2848 }
2849
2784eb41 2850 i = 0;
4c659c39 2851 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2852 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2853 continue;
4c659c39 2854 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2855 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2856 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2857 continue;
2858 i++;
2859 }
2860
eb55ef07 2861 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2862
4c659c39
JH		 2863 /* Recalculate length in case of filtered SCO connections, etc */
2864 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2865
bdb6d971 2866 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2867 rp_len);
2784eb41 2868
a38528f1 2869 kfree(rp);
5f97c1df
JH		 2870
2871unlock:
09fd0de5 2872 hci_dev_unlock(hdev);
2784eb41
JH		 2873 return err;
2874}
2875
bdb6d971 2876static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2877 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2878{
2879 struct pending_cmd *cmd;
2880 int err;
2881
2e58ef3e 2882 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2883 sizeof(*cp));
96d97a67
WR		 2884 if (!cmd)
2885 return -ENOMEM;
2886
d8457698 2887 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2888 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2889 if (err < 0)
2890 mgmt_pending_remove(cmd);
2891
2892 return err;
2893}
2894
bdb6d971 2895static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2896 u16 len)
980e1a53 2897{
96d97a67 2898 struct hci_conn *conn;
650f726d 2899 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2900 struct hci_cp_pin_code_reply reply;
366a0336 2901 struct pending_cmd *cmd;
980e1a53
JH		 2902 int err;
2903
2904 BT_DBG("");
2905
09fd0de5 2906 hci_dev_lock(hdev);
980e1a53 2907
4b34ee78 2908 if (!hdev_is_powered(hdev)) {
bdb6d971 2909 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2910 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2911 goto failed;
2912 }
2913
d8457698 2914 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2915 if (!conn) {
bdb6d971 2916 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2917 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2918 goto failed;
2919 }
2920
2921 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2922 struct mgmt_cp_pin_code_neg_reply ncp;
2923
2924 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2925
2926 BT_ERR("PIN code is not 16 bytes long");
2927
bdb6d971 2928 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2929 if (err >= 0)
bdb6d971 2930 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2931 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2932
2933 goto failed;
2934 }
2935
00abfe44 2936 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2937 if (!cmd) {
2938 err = -ENOMEM;
980e1a53 2939 goto failed;
366a0336 2940 }
980e1a53 2941
d8457698 2942 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2943 reply.pin_len = cp->pin_len;
24718ca5 2944 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2945
2946 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2947 if (err < 0)
a664b5bc 2948 mgmt_pending_remove(cmd);
980e1a53
JH		 2949
2950failed:
09fd0de5 2951 hci_dev_unlock(hdev);
980e1a53
JH		 2952 return err;
2953}
2954
04124681
GP		 2955static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2956 u16 len)
17fa4b9d 2957{
650f726d 2958 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2959
2960 BT_DBG("");
2961
4ec86d4c
JH		 2962 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2963 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2964 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2965
09fd0de5 2966 hci_dev_lock(hdev);
17fa4b9d
JH		 2967
2968 hdev->io_capability = cp->io_capability;
2969
2970 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2971 hdev->io_capability);
17fa4b9d 2972
09fd0de5 2973 hci_dev_unlock(hdev);
17fa4b9d 2974
04124681
GP		 2975 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2976 0);
17fa4b9d
JH		 2977}
2978
6039aa73 2979static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2980{
2981 struct hci_dev *hdev = conn->hdev;
8035ded4 2982 struct pending_cmd *cmd;
e9a416b5 2983
2e58ef3e 2984 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2985 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2986 continue;
2987
e9a416b5
JH		 2988 if (cmd->user_data != conn)
2989 continue;
2990
2991 return cmd;
2992 }
2993
2994 return NULL;
2995}
2996
2997static void pairing_complete(struct pending_cmd *cmd, u8 status)
2998{
2999 struct mgmt_rp_pair_device rp;
3000 struct hci_conn *conn = cmd->user_data;
3001
61b1a7fb
JH		 3002 bacpy(&rp.addr.bdaddr, &conn->dst);
3003 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3004
aee9b218 3005 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3006 &rp, sizeof(rp));
e9a416b5
JH		 3007
3008 /* So we don't get further callbacks for this connection */
3009 conn->connect_cfm_cb = NULL;
3010 conn->security_cfm_cb = NULL;
3011 conn->disconn_cfm_cb = NULL;
3012
76a68ba0 3013 hci_conn_drop(conn);
e9a416b5 3014
a664b5bc 3015 mgmt_pending_remove(cmd);
e9a416b5
JH		 3016}
3017
f4a407be
JH		 3018void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3019{
3020 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3021 struct pending_cmd *cmd;
3022
3023 cmd = find_pairing(conn);
3024 if (cmd)
3025 pairing_complete(cmd, status);
3026}
3027
e9a416b5
JH		 3028static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3029{
3030 struct pending_cmd *cmd;
3031
3032 BT_DBG("status %u", status);
3033
3034 cmd = find_pairing(conn);
56e5cb86 3035 if (!cmd)
e9a416b5 3036 BT_DBG("Unable to find a pending command");
56e5cb86 3037 else
e211326c 3038 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3039}
3040
f4a407be 3041static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3042{
3043 struct pending_cmd *cmd;
3044
3045 BT_DBG("status %u", status);
3046
3047 if (!status)
3048 return;
3049
3050 cmd = find_pairing(conn);
3051 if (!cmd)
3052 BT_DBG("Unable to find a pending command");
3053 else
3054 pairing_complete(cmd, mgmt_status(status));
3055}
3056
bdb6d971 3057static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3058 u16 len)
e9a416b5 3059{
650f726d 3060 struct mgmt_cp_pair_device *cp = data;
1425acb7 3061 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3062 struct pending_cmd *cmd;
3063 u8 sec_level, auth_type;
3064 struct hci_conn *conn;
e9a416b5
JH		 3065 int err;
3066
3067 BT_DBG("");
3068
f950a30e
SJ		 3069 memset(&rp, 0, sizeof(rp));
3070 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3071 rp.addr.type = cp->addr.type;
3072
4ee71b20
JH		 3073 if (!bdaddr_type_is_valid(cp->addr.type))
3074 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3075 MGMT_STATUS_INVALID_PARAMS,
3076 &rp, sizeof(rp));
3077
4ec86d4c
JH		 3078 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3079 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3080 MGMT_STATUS_INVALID_PARAMS,
3081 &rp, sizeof(rp));
3082
09fd0de5 3083 hci_dev_lock(hdev);
e9a416b5 3084
5f97c1df 3085 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3086 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3087 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3088 goto unlock;
3089 }
3090
c908df36 3091 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3092 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3093
6f77d8c7 3094 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3095 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3096 auth_type);
6f77d8c7
AG		 3097 } else {
3098 u8 addr_type;
3099
3100 /* Convert from L2CAP channel address type to HCI address type
3101 */
3102 if (cp->addr.type == BDADDR_LE_PUBLIC)
3103 addr_type = ADDR_LE_DEV_PUBLIC;
3104 else
3105 addr_type = ADDR_LE_DEV_RANDOM;
3106
7c264b10
MH		 3107 /* When pairing a new device, it is expected to remember
3108 * this device for future connections. Adding the connection
3109 * parameter information ahead of time allows tracking
3110 * of the slave preferred values and will speed up any
3111 * further connection establishment.
3112 *
3113 * If connection parameters already exist, then they
3114 * will be kept and this function does nothing.
3115 */
3116 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3117
6f77d8c7 3118 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
09ae260b
JH		 3119 sec_level, auth_type,
3120 HCI_LE_CONN_TIMEOUT);
6f77d8c7 3121 }
7a512d01 3122
30e76272 3123 if (IS_ERR(conn)) {
489dc48e
AK		 3124 int status;
3125
3126 if (PTR_ERR(conn) == -EBUSY)
3127 status = MGMT_STATUS_BUSY;
3128 else
3129 status = MGMT_STATUS_CONNECT_FAILED;
3130
bdb6d971 3131 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3132 status, &rp,
04124681 3133 sizeof(rp));
e9a416b5
JH		 3134 goto unlock;
3135 }
3136
3137 if (conn->connect_cfm_cb) {
76a68ba0 3138 hci_conn_drop(conn);
bdb6d971 3139 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3140 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3141 goto unlock;
3142 }
3143
2e58ef3e 3144 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3145 if (!cmd) {
3146 err = -ENOMEM;
76a68ba0 3147 hci_conn_drop(conn);
e9a416b5
JH		 3148 goto unlock;
3149 }
3150
7a512d01 3151 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3152 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3153 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3154 conn->security_cfm_cb = pairing_complete_cb;
3155 conn->disconn_cfm_cb = pairing_complete_cb;
3156 } else {
3157 conn->connect_cfm_cb = le_pairing_complete_cb;
3158 conn->security_cfm_cb = le_pairing_complete_cb;
3159 conn->disconn_cfm_cb = le_pairing_complete_cb;
3160 }
7a512d01 3161
e9a416b5
JH		 3162 conn->io_capability = cp->io_cap;
3163 cmd->user_data = conn;
3164
3165 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3166 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3167 pairing_complete(cmd, 0);
3168
3169 err = 0;
3170
3171unlock:
09fd0de5 3172 hci_dev_unlock(hdev);
e9a416b5
JH		 3173 return err;
3174}
3175
04124681
GP		 3176static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3177 u16 len)
28424707 3178{
0f4e68cf 3179 struct mgmt_addr_info *addr = data;
28424707
JH		 3180 struct pending_cmd *cmd;
3181 struct hci_conn *conn;
3182 int err;
3183
3184 BT_DBG("");
3185
28424707
JH		 3186 hci_dev_lock(hdev);
3187
5f97c1df 3188 if (!hdev_is_powered(hdev)) {
bdb6d971 3189 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3190 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3191 goto unlock;
3192 }
3193
28424707
JH		 3194 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3195 if (!cmd) {
bdb6d971 3196 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3197 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3198 goto unlock;
3199 }
3200
3201 conn = cmd->user_data;
3202
3203 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3204 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3205 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3206 goto unlock;
3207 }
3208
3209 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3210
bdb6d971 3211 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3212 addr, sizeof(*addr));
28424707
JH		 3213unlock:
3214 hci_dev_unlock(hdev);
28424707
JH		 3215 return err;
3216}
3217
bdb6d971 3218static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3219 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3220 u16 hci_op, __le32 passkey)
a5c29683 3221{
a5c29683 3222 struct pending_cmd *cmd;
0df4c185 3223 struct hci_conn *conn;
a5c29683
JH		 3224 int err;
3225
09fd0de5 3226 hci_dev_lock(hdev);
08ba5382 3227
4b34ee78 3228 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3229 err = cmd_complete(sk, hdev->id, mgmt_op,
3230 MGMT_STATUS_NOT_POWERED, addr,
3231 sizeof(*addr));
0df4c185 3232 goto done;
a5c29683
JH		 3233 }
3234
1707c60e
JH		 3235 if (addr->type == BDADDR_BREDR)
3236 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3237 else
1707c60e 3238 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3239
3240 if (!conn) {
feb94d3d
JH		 3241 err = cmd_complete(sk, hdev->id, mgmt_op,
3242 MGMT_STATUS_NOT_CONNECTED, addr,
3243 sizeof(*addr));
272d90df
JH		 3244 goto done;
3245 }
47c15e2b 3246
1707c60e 3247 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3248 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3249 if (!err)
feb94d3d
JH		 3250 err = cmd_complete(sk, hdev->id, mgmt_op,
3251 MGMT_STATUS_SUCCESS, addr,
3252 sizeof(*addr));
5fe57d9e 3253 else
feb94d3d
JH		 3254 err = cmd_complete(sk, hdev->id, mgmt_op,
3255 MGMT_STATUS_FAILED, addr,
3256 sizeof(*addr));
47c15e2b 3257
47c15e2b
BG		 3258 goto done;
3259 }
3260
1707c60e 3261 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3262 if (!cmd) {
3263 err = -ENOMEM;
0df4c185 3264 goto done;
a5c29683
JH		 3265 }
3266
0df4c185 3267 /* Continue with pairing via HCI */
604086b7
BG		 3268 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3269 struct hci_cp_user_passkey_reply cp;
3270
1707c60e 3271 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3272 cp.passkey = passkey;
3273 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3274 } else
1707c60e
JH		 3275 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3276 &addr->bdaddr);
604086b7 3277
a664b5bc
JH		 3278 if (err < 0)
3279 mgmt_pending_remove(cmd);
a5c29683 3280
0df4c185 3281done:
09fd0de5 3282 hci_dev_unlock(hdev);
a5c29683
JH		 3283 return err;
3284}
3285
afeb019d
JK		 3286static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3287 void *data, u16 len)
3288{
3289 struct mgmt_cp_pin_code_neg_reply *cp = data;
3290
3291 BT_DBG("");
3292
1707c60e 3293 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3294 MGMT_OP_PIN_CODE_NEG_REPLY,
3295 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3296}
3297
04124681
GP		 3298static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3299 u16 len)
0df4c185 3300{
650f726d 3301 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3302
3303 BT_DBG("");
3304
3305 if (len != sizeof(*cp))
bdb6d971 3306 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3307 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3308
1707c60e 3309 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3310 MGMT_OP_USER_CONFIRM_REPLY,
3311 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3312}
3313
bdb6d971 3314static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3315 void *data, u16 len)
0df4c185 3316{
c9c2659f 3317 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3318
3319 BT_DBG("");
3320
1707c60e 3321 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3322 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3323 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3324}
3325
04124681
GP		 3326static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3327 u16 len)
604086b7 3328{
650f726d 3329 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3330
3331 BT_DBG("");
3332
1707c60e 3333 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3334 MGMT_OP_USER_PASSKEY_REPLY,
3335 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3336}
3337
bdb6d971 3338static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3339 void *data, u16 len)
604086b7 3340{
650f726d 3341 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3342
3343 BT_DBG("");
3344
1707c60e 3345 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3346 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3347 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3348}
3349
13928971 3350static void update_name(struct hci_request *req)
2b4bf397 3351{
13928971 3352 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3353 struct hci_cp_write_local_name cp;
3354
13928971 3355 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3356
890ea898 3357 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3358}
3359
13928971
JH		 3360static void set_name_complete(struct hci_dev *hdev, u8 status)
3361{
3362 struct mgmt_cp_set_local_name *cp;
3363 struct pending_cmd *cmd;
3364
3365 BT_DBG("status 0x%02x", status);
3366
3367 hci_dev_lock(hdev);
3368
3369 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3370 if (!cmd)
3371 goto unlock;
3372
3373 cp = cmd->param;
3374
3375 if (status)
3376 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3377 mgmt_status(status));
3378 else
3379 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3380 cp, sizeof(*cp));
3381
3382 mgmt_pending_remove(cmd);
3383
3384unlock:
3385 hci_dev_unlock(hdev);
3386}
3387
bdb6d971 3388static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3389 u16 len)
b312b161 3390{
2b4bf397 3391 struct mgmt_cp_set_local_name *cp = data;
b312b161 3392 struct pending_cmd *cmd;
890ea898 3393 struct hci_request req;
b312b161
JH		 3394 int err;
3395
3396 BT_DBG("");
3397
09fd0de5 3398 hci_dev_lock(hdev);
b312b161 3399
b3f2ca94
JH		 3400 /* If the old values are the same as the new ones just return a
3401 * direct command complete event.
3402 */
3403 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3404 !memcmp(hdev->short_name, cp->short_name,
3405 sizeof(hdev->short_name))) {
3406 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3407 data, len);
3408 goto failed;
3409 }
3410
2b4bf397 3411 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3412
b5235a65 3413 if (!hdev_is_powered(hdev)) {
2b4bf397 3414 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3415
3416 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3417 data, len);
28cc7bde
JH		 3418 if (err < 0)
3419 goto failed;
3420
3421 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3422 sk);
28cc7bde 3423
b5235a65
JH		 3424 goto failed;
3425 }
3426
28cc7bde 3427 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3428 if (!cmd) {
3429 err = -ENOMEM;
3430 goto failed;
3431 }
3432
13928971
JH		 3433 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3434
890ea898 3435 hci_req_init(&req, hdev);
3f985050
JH		 3436
3437 if (lmp_bredr_capable(hdev)) {
3438 update_name(&req);
3439 update_eir(&req);
3440 }
3441
7a5f4990
MH		 3442 /* The name is stored in the scan response data and so
3443 * no need to udpate the advertising data here.
3444 */
3f985050 3445 if (lmp_le_capable(hdev))
7a5f4990 3446 update_scan_rsp_data(&req);
3f985050 3447
13928971 3448 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3449 if (err < 0)
3450 mgmt_pending_remove(cmd);
3451
3452failed:
09fd0de5 3453 hci_dev_unlock(hdev);
b312b161
JH		 3454 return err;
3455}
3456
0f4e68cf 3457static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3458 void *data, u16 data_len)
c35938b2 3459{
c35938b2
SJ		 3460 struct pending_cmd *cmd;
3461 int err;
3462
bdb6d971 3463 BT_DBG("%s", hdev->name);
c35938b2 3464
09fd0de5 3465 hci_dev_lock(hdev);
c35938b2 3466
4b34ee78 3467 if (!hdev_is_powered(hdev)) {
bdb6d971 3468 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3469 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3470 goto unlock;
3471 }
3472
9a1a1996 3473 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3474 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3475 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3476 goto unlock;
3477 }
3478
2e58ef3e 3479 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3480 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3481 MGMT_STATUS_BUSY);
c35938b2
SJ		 3482 goto unlock;
3483 }
3484
2e58ef3e 3485 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3486 if (!cmd) {
3487 err = -ENOMEM;
3488 goto unlock;
3489 }
3490
4d2d2796
MH		 3491 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3492 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3493 0, NULL);
3494 else
3495 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3496
c35938b2
SJ		 3497 if (err < 0)
3498 mgmt_pending_remove(cmd);
3499
3500unlock:
09fd0de5 3501 hci_dev_unlock(hdev);
c35938b2
SJ		 3502 return err;
3503}
3504
bdb6d971 3505static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3506 void *data, u16 len)
2763eda6 3507{
2763eda6
SJ		 3508 int err;
3509
bdb6d971 3510 BT_DBG("%s ", hdev->name);
2763eda6 3511
09fd0de5 3512 hci_dev_lock(hdev);
2763eda6 3513
ec109113
MH		 3514 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3515 struct mgmt_cp_add_remote_oob_data *cp = data;
3516 u8 status;
bf1e3541 3517
ec109113
MH		 3518 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3519 cp->hash, cp->randomizer);
3520 if (err < 0)
3521 status = MGMT_STATUS_FAILED;
3522 else
3523 status = MGMT_STATUS_SUCCESS;
3524
3525 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3526 status, &cp->addr, sizeof(cp->addr));
3527 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3528 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3529 u8 status;
3530
3531 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3532 cp->hash192,
3533 cp->randomizer192,
3534 cp->hash256,
3535 cp->randomizer256);
3536 if (err < 0)
3537 status = MGMT_STATUS_FAILED;
3538 else
3539 status = MGMT_STATUS_SUCCESS;
3540
3541 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3542 status, &cp->addr, sizeof(cp->addr));
3543 } else {
3544 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3545 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3546 MGMT_STATUS_INVALID_PARAMS);
3547 }
2763eda6 3548
09fd0de5 3549 hci_dev_unlock(hdev);
2763eda6
SJ		 3550 return err;
3551}
3552
bdb6d971 3553static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3554 void *data, u16 len)
2763eda6 3555{
650f726d 3556 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3557 u8 status;
2763eda6
SJ		 3558 int err;
3559
bdb6d971 3560 BT_DBG("%s", hdev->name);
2763eda6 3561
09fd0de5 3562 hci_dev_lock(hdev);
2763eda6 3563
664ce4cc 3564 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3565 if (err < 0)
bf1e3541 3566 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3567 else
a6785be2 3568 status = MGMT_STATUS_SUCCESS;
bf1e3541 3569
bdb6d971 3570 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3571 status, &cp->addr, sizeof(cp->addr));
2763eda6 3572
09fd0de5 3573 hci_dev_unlock(hdev);
2763eda6
SJ		 3574 return err;
3575}
3576
41dc2bd6
AG		 3577static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3578{
3579 struct pending_cmd *cmd;
3580 u8 type;
3581 int err;
3582
3583 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3584
3585 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3586 if (!cmd)
3587 return -ENOENT;
3588
3589 type = hdev->discovery.type;
3590
3591 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3592 &type, sizeof(type));
3593 mgmt_pending_remove(cmd);
3594
3595 return err;
3596}
3597
7c307720
AG		 3598static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3599{
ae55f598
LR		 3600 unsigned long timeout = 0;
3601
7c307720
AG		 3602 BT_DBG("status %d", status);
3603
3604 if (status) {
3605 hci_dev_lock(hdev);
3606 mgmt_start_discovery_failed(hdev, status);
3607 hci_dev_unlock(hdev);
3608 return;
3609 }
3610
3611 hci_dev_lock(hdev);
3612 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3613 hci_dev_unlock(hdev);
3614
3615 switch (hdev->discovery.type) {
3616 case DISCOV_TYPE_LE:
3d5a76f0 3617 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3618 break;
3619
3620 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3621 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3622 break;
3623
3624 case DISCOV_TYPE_BREDR:
3625 break;
3626
3627 default:
3628 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3629 }
ae55f598
LR		 3630
3631 if (!timeout)
3632 return;
3633
3634 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3635}
3636
bdb6d971 3637static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3638 void *data, u16 len)
14a53664 3639{
650f726d 3640 struct mgmt_cp_start_discovery *cp = data;
14a53664 3641 struct pending_cmd *cmd;
7c307720
AG		 3642 struct hci_cp_le_set_scan_param param_cp;
3643 struct hci_cp_le_set_scan_enable enable_cp;
3644 struct hci_cp_inquiry inq_cp;
3645 struct hci_request req;
3646 /* General inquiry access code (GIAC) */
3647 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3648 u8 status, own_addr_type;
14a53664
JH		 3649 int err;
3650
bdb6d971 3651 BT_DBG("%s", hdev->name);
14a53664 3652
09fd0de5 3653 hci_dev_lock(hdev);
14a53664 3654
4b34ee78 3655 if (!hdev_is_powered(hdev)) {
bdb6d971 3656 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3657 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3658 goto failed;
3659 }
3660
642be6c7
AG		 3661 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3662 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3663 MGMT_STATUS_BUSY);
3664 goto failed;
3665 }
3666
ff9ef578 3667 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3668 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3669 MGMT_STATUS_BUSY);
ff9ef578
JH		 3670 goto failed;
3671 }
3672
2e58ef3e 3673 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3674 if (!cmd) {
3675 err = -ENOMEM;
3676 goto failed;
3677 }
3678
4aab14e5
AG		 3679 hdev->discovery.type = cp->type;
3680
7c307720
AG		 3681 hci_req_init(&req, hdev);
3682
4aab14e5 3683 switch (hdev->discovery.type) {
f39799f5 3684 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3685 status = mgmt_bredr_support(hdev);
3686 if (status) {
04106755 3687 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3688 status);
04106755
JH		 3689 mgmt_pending_remove(cmd);
3690 goto failed;
3691 }
3692
7c307720
AG		 3693 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3694 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3695 MGMT_STATUS_BUSY);
3696 mgmt_pending_remove(cmd);
3697 goto failed;
3698 }
3699
3700 hci_inquiry_cache_flush(hdev);
3701
3702 memset(&inq_cp, 0, sizeof(inq_cp));
3703 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3704 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3705 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3706 break;
3707
3708 case DISCOV_TYPE_LE:
7c307720 3709 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3710 status = mgmt_le_support(hdev);
3711 if (status) {
04106755 3712 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3713 status);
04106755
JH		 3714 mgmt_pending_remove(cmd);
3715 goto failed;
3716 }
3717
7c307720 3718 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3719 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3720 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3721 MGMT_STATUS_NOT_SUPPORTED);
3722 mgmt_pending_remove(cmd);
3723 goto failed;
3724 }
3725
f3d3444a 3726 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3727 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3728 MGMT_STATUS_REJECTED);
3729 mgmt_pending_remove(cmd);
3730 goto failed;
3731 }
3732
c54c3860
AG		 3733 /* If controller is scanning, it means the background scanning
3734 * is running. Thus, we should temporarily stop it in order to
3735 * set the discovery scanning parameters.
3736 */
3737 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3738 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3739
3740 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3741
94b1fc92
MH		 3742 /* All active scans will be done with either a resolvable
3743 * private address (when privacy feature has been enabled)
3744 * or unresolvable private address.
3745 */
3746 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3747 if (err < 0) {
3748 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3749 MGMT_STATUS_FAILED);
3750 mgmt_pending_remove(cmd);
3751 goto failed;
3752 }
3753
7c307720 3754 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3755 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3756 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3757 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3758 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3759 &param_cp);
3760
3761 memset(&enable_cp, 0, sizeof(enable_cp));
3762 enable_cp.enable = LE_SCAN_ENABLE;
3763 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3764 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3765 &enable_cp);
5e0452c0
AG		 3766 break;
3767
f39799f5 3768 default:
04106755
JH		 3769 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3770 MGMT_STATUS_INVALID_PARAMS);
3771 mgmt_pending_remove(cmd);
3772 goto failed;
f39799f5 3773 }
3fd24153 3774
7c307720 3775 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3776 if (err < 0)
3777 mgmt_pending_remove(cmd);
ff9ef578
JH		 3778 else
3779 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3780
3781failed:
09fd0de5 3782 hci_dev_unlock(hdev);
14a53664
JH		 3783 return err;
3784}
3785
1183fdca
AG		 3786static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3787{
3788 struct pending_cmd *cmd;
3789 int err;
3790
3791 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3792 if (!cmd)
3793 return -ENOENT;
3794
3795 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3796 &hdev->discovery.type, sizeof(hdev->discovery.type));
3797 mgmt_pending_remove(cmd);
3798
3799 return err;
3800}
3801
0e05bba6
AG		 3802static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3803{
3804 BT_DBG("status %d", status);
3805
3806 hci_dev_lock(hdev);
3807
3808 if (status) {
3809 mgmt_stop_discovery_failed(hdev, status);
3810 goto unlock;
3811 }
3812
3813 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3814
3815unlock:
3816 hci_dev_unlock(hdev);
3817}
3818
bdb6d971 3819static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3820 u16 len)
14a53664 3821{
d930650b 3822 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3823 struct pending_cmd *cmd;
0e05bba6 3824 struct hci_request req;
14a53664
JH		 3825 int err;
3826
bdb6d971 3827 BT_DBG("%s", hdev->name);
14a53664 3828
09fd0de5 3829 hci_dev_lock(hdev);
14a53664 3830
30dc78e1 3831 if (!hci_discovery_active(hdev)) {
bdb6d971 3832 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3833 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3834 sizeof(mgmt_cp->type));
d930650b
JH		 3835 goto unlock;
3836 }
3837
3838 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3839 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3840 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3841 sizeof(mgmt_cp->type));
30dc78e1 3842 goto unlock;
ff9ef578
JH		 3843 }
3844
2e58ef3e 3845 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3846 if (!cmd) {
3847 err = -ENOMEM;
30dc78e1
JH		 3848 goto unlock;
3849 }
3850
0e05bba6
AG		 3851 hci_req_init(&req, hdev);
3852
21a60d30 3853 hci_stop_discovery(&req);
e0d9727e 3854
21a60d30
JH		 3855 err = hci_req_run(&req, stop_discovery_complete);
3856 if (!err) {
3857 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3858 goto unlock;
14a53664
JH		 3859 }
3860
21a60d30
JH		 3861 mgmt_pending_remove(cmd);
3862
3863 /* If no HCI commands were sent we're done */
3864 if (err == -ENODATA) {
3865 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3866 &mgmt_cp->type, sizeof(mgmt_cp->type));
3867 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3868 }
14a53664 3869
30dc78e1 3870unlock:
09fd0de5 3871 hci_dev_unlock(hdev);
14a53664
JH		 3872 return err;
3873}
3874
bdb6d971 3875static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3876 u16 len)
561aafbc 3877{
650f726d 3878 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3879 struct inquiry_entry *e;
561aafbc
JH		 3880 int err;
3881
bdb6d971 3882 BT_DBG("%s", hdev->name);
561aafbc 3883
561aafbc
JH		 3884 hci_dev_lock(hdev);
3885
30dc78e1 3886 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3887 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3888 MGMT_STATUS_FAILED, &cp->addr,
3889 sizeof(cp->addr));
30dc78e1
JH		 3890 goto failed;
3891 }
3892
a198e7b1 3893 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3894 if (!e) {
d3a2541d
LR		 3895 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3896 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3897 sizeof(cp->addr));
561aafbc
JH		 3898 goto failed;
3899 }
3900
3901 if (cp->name_known) {
3902 e->name_state = NAME_KNOWN;
3903 list_del(&e->list);
3904 } else {
3905 e->name_state = NAME_NEEDED;
a3d4e20a 3906 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3907 }
3908
e384662b
JH		 3909 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3910 sizeof(cp->addr));
561aafbc
JH		 3911
3912failed:
3913 hci_dev_unlock(hdev);
561aafbc
JH		 3914 return err;
3915}
3916
bdb6d971 3917static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3918 u16 len)
7fbec224 3919{
650f726d 3920 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3921 u8 status;
7fbec224
AJ		 3922 int err;
3923
bdb6d971 3924 BT_DBG("%s", hdev->name);
7fbec224 3925
4ee71b20 3926 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3927 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3928 MGMT_STATUS_INVALID_PARAMS,
3929 &cp->addr, sizeof(cp->addr));
4ee71b20 3930
09fd0de5 3931 hci_dev_lock(hdev);
5e762444 3932
88c1fe4b 3933 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3934 if (err < 0) {
f0eeea8b 3935 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3936 goto done;
3937 }
3938
3939 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3940 sk);
3941 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3942
2a8357f2 3943done:
bdb6d971 3944 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3945 &cp->addr, sizeof(cp->addr));
5e762444 3946
09fd0de5 3947 hci_dev_unlock(hdev);
7fbec224
AJ		 3948
3949 return err;
3950}
3951
bdb6d971 3952static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3953 u16 len)
7fbec224 3954{
650f726d 3955 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3956 u8 status;
7fbec224
AJ		 3957 int err;
3958
bdb6d971 3959 BT_DBG("%s", hdev->name);
7fbec224 3960
4ee71b20 3961 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3962 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3963 MGMT_STATUS_INVALID_PARAMS,
3964 &cp->addr, sizeof(cp->addr));
4ee71b20 3965
09fd0de5 3966 hci_dev_lock(hdev);
5e762444 3967
88c1fe4b 3968 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3969 if (err < 0) {
f0eeea8b 3970 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3971 goto done;
3972 }
3973
3974 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3975 sk);
3976 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3977
2a8357f2 3978done:
bdb6d971 3979 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3980 &cp->addr, sizeof(cp->addr));
5e762444 3981
09fd0de5 3982 hci_dev_unlock(hdev);
7fbec224
AJ		 3983
3984 return err;
3985}
3986
cdbaccca
MH		 3987static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3988 u16 len)
3989{
3990 struct mgmt_cp_set_device_id *cp = data;
890ea898 3991 struct hci_request req;
cdbaccca 3992 int err;
c72d4b8a 3993 __u16 source;
cdbaccca
MH		 3994
3995 BT_DBG("%s", hdev->name);
3996
c72d4b8a
SJ		 3997 source = __le16_to_cpu(cp->source);
3998
3999 if (source > 0x0002)
4000 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4001 MGMT_STATUS_INVALID_PARAMS);
4002
cdbaccca
MH		 4003 hci_dev_lock(hdev);
4004
c72d4b8a 4005 hdev->devid_source = source;
cdbaccca
MH		 4006 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4007 hdev->devid_product = __le16_to_cpu(cp->product);
4008 hdev->devid_version = __le16_to_cpu(cp->version);
4009
4010 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4011
890ea898
JH		 4012 hci_req_init(&req, hdev);
4013 update_eir(&req);
4014 hci_req_run(&req, NULL);
cdbaccca
MH		 4015
4016 hci_dev_unlock(hdev);
4017
4018 return err;
4019}
4020
4375f103
JH		 4021static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4022{
4023 struct cmd_lookup match = { NULL, hdev };
4024
4025 if (status) {
4026 u8 mgmt_err = mgmt_status(status);
4027
4028 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4029 cmd_status_rsp, &mgmt_err);
4030 return;
4031 }
4032
4033 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4034 &match);
4035
4036 new_settings(hdev, match.sk);
4037
4038 if (match.sk)
4039 sock_put(match.sk);
4040}
4041
21b5187f
MH		 4042static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4043 u16 len)
4375f103
JH		 4044{
4045 struct mgmt_mode *cp = data;
4046 struct pending_cmd *cmd;
4047 struct hci_request req;
e6fe7986 4048 u8 val, enabled, status;
4375f103
JH		 4049 int err;
4050
4051 BT_DBG("request for %s", hdev->name);
4052
e6fe7986
JH		 4053 status = mgmt_le_support(hdev);
4054 if (status)
4375f103 4055 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4056 status);
4375f103
JH		 4057
4058 if (cp->val != 0x00 && cp->val != 0x01)
4059 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4060 MGMT_STATUS_INVALID_PARAMS);
4061
4062 hci_dev_lock(hdev);
4063
4064 val = !!cp->val;
f3d3444a 4065 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4066
f74ca9b8
JH		 4067 /* The following conditions are ones which mean that we should
4068 * not do any HCI communication but directly send a mgmt
4069 * response to user space (after toggling the flag if
4070 * necessary).
4071 */
4072 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 4073 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 4074 bool changed = false;
4075
f3d3444a
JH		 4076 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4077 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4078 changed = true;
4079 }
4080
4081 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4082 if (err < 0)
4083 goto unlock;
4084
4085 if (changed)
4086 err = new_settings(hdev, sk);
4087
4088 goto unlock;
4089 }
4090
4091 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4092 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4093 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4094 MGMT_STATUS_BUSY);
4095 goto unlock;
4096 }
4097
4098 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4099 if (!cmd) {
4100 err = -ENOMEM;
4101 goto unlock;
4102 }
4103
4104 hci_req_init(&req, hdev);
4105
bba3aa55
MH		 4106 if (val)
4107 enable_advertising(&req);
4108 else
4109 disable_advertising(&req);
4375f103
JH		 4110
4111 err = hci_req_run(&req, set_advertising_complete);
4112 if (err < 0)
4113 mgmt_pending_remove(cmd);
4114
4115unlock:
4116 hci_dev_unlock(hdev);
4117 return err;
4118}
4119
d13eafce
MH		 4120static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4121 void *data, u16 len)
4122{
4123 struct mgmt_cp_set_static_address *cp = data;
4124 int err;
4125
4126 BT_DBG("%s", hdev->name);
4127
62af4443 4128 if (!lmp_le_capable(hdev))
d13eafce 4129 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4130 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4131
4132 if (hdev_is_powered(hdev))
4133 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4134 MGMT_STATUS_REJECTED);
4135
4136 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4137 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4138 return cmd_status(sk, hdev->id,
4139 MGMT_OP_SET_STATIC_ADDRESS,
4140 MGMT_STATUS_INVALID_PARAMS);
4141
4142 /* Two most significant bits shall be set */
4143 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4144 return cmd_status(sk, hdev->id,
4145 MGMT_OP_SET_STATIC_ADDRESS,
4146 MGMT_STATUS_INVALID_PARAMS);
4147 }
4148
4149 hci_dev_lock(hdev);
4150
4151 bacpy(&hdev->static_addr, &cp->bdaddr);
4152
4153 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4154
4155 hci_dev_unlock(hdev);
4156
4157 return err;
4158}
4159
14b49b9a
MH		 4160static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4161 void *data, u16 len)
4162{
4163 struct mgmt_cp_set_scan_params *cp = data;
4164 __u16 interval, window;
4165 int err;
4166
4167 BT_DBG("%s", hdev->name);
4168
4169 if (!lmp_le_capable(hdev))
4170 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4171 MGMT_STATUS_NOT_SUPPORTED);
4172
4173 interval = __le16_to_cpu(cp->interval);
4174
4175 if (interval < 0x0004 || interval > 0x4000)
4176 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4177 MGMT_STATUS_INVALID_PARAMS);
4178
4179 window = __le16_to_cpu(cp->window);
4180
4181 if (window < 0x0004 || window > 0x4000)
4182 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4183 MGMT_STATUS_INVALID_PARAMS);
4184
899e1075
MH		 4185 if (window > interval)
4186 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4187 MGMT_STATUS_INVALID_PARAMS);
4188
14b49b9a
MH		 4189 hci_dev_lock(hdev);
4190
4191 hdev->le_scan_interval = interval;
4192 hdev->le_scan_window = window;
4193
4194 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4195
dd2ef8e2
AG		 4196 /* If background scan is running, restart it so new parameters are
4197 * loaded.
4198 */
4199 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4200 hdev->discovery.state == DISCOVERY_STOPPED) {
4201 struct hci_request req;
4202
4203 hci_req_init(&req, hdev);
4204
4205 hci_req_add_le_scan_disable(&req);
4206 hci_req_add_le_passive_scan(&req);
4207
4208 hci_req_run(&req, NULL);
4209 }
4210
14b49b9a
MH		 4211 hci_dev_unlock(hdev);
4212
4213 return err;
4214}
4215
33e38b3e
JH		 4216static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4217{
4218 struct pending_cmd *cmd;
4219
4220 BT_DBG("status 0x%02x", status);
4221
4222 hci_dev_lock(hdev);
4223
4224 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4225 if (!cmd)
4226 goto unlock;
4227
4228 if (status) {
4229 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4230 mgmt_status(status));
4231 } else {
1a4d3c4b
JH		 4232 struct mgmt_mode *cp = cmd->param;
4233
4234 if (cp->val)
4235 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4236 else
4237 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4238
33e38b3e
JH		 4239 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4240 new_settings(hdev, cmd->sk);
4241 }
4242
4243 mgmt_pending_remove(cmd);
4244
4245unlock:
4246 hci_dev_unlock(hdev);
4247}
4248
bdb6d971 4249static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4250 void *data, u16 len)
f6422ec6 4251{
650f726d 4252 struct mgmt_mode *cp = data;
33e38b3e
JH		 4253 struct pending_cmd *cmd;
4254 struct hci_request req;
f6422ec6
AJ		 4255 int err;
4256
bdb6d971 4257 BT_DBG("%s", hdev->name);
f6422ec6 4258
56f87901
JH		 4259 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4260 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4261 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4262 MGMT_STATUS_NOT_SUPPORTED);
4263
a7e80f25
JH		 4264 if (cp->val != 0x00 && cp->val != 0x01)
4265 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4266 MGMT_STATUS_INVALID_PARAMS);
4267
5400c044 4268 if (!hdev_is_powered(hdev))
bdb6d971 4269 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4270 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4271
4272 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4273 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4274 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4275
4276 hci_dev_lock(hdev);
4277
05cbf29f
JH		 4278 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4279 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4280 MGMT_STATUS_BUSY);
4281 goto unlock;
4282 }
4283
1a4d3c4b
JH		 4284 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4285 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4286 hdev);
4287 goto unlock;
4288 }
4289
33e38b3e
JH		 4290 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4291 data, len);
4292 if (!cmd) {
4293 err = -ENOMEM;
4294 goto unlock;
f6422ec6
AJ		 4295 }
4296
33e38b3e
JH		 4297 hci_req_init(&req, hdev);
4298
406d7804 4299 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4300
4301 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4302 if (err < 0) {
bdb6d971 4303 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4304 MGMT_STATUS_FAILED);
33e38b3e 4305 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4306 }
4307
33e38b3e 4308unlock:
f6422ec6 4309 hci_dev_unlock(hdev);
33e38b3e 4310
f6422ec6
AJ		 4311 return err;
4312}
4313
67e5a7a3
JH		 4314static void set_bredr_scan(struct hci_request *req)
4315{
4316 struct hci_dev *hdev = req->hdev;
4317 u8 scan = 0;
4318
4319 /* Ensure that fast connectable is disabled. This function will
4320 * not do anything if the page scan parameters are already what
4321 * they should be.
4322 */
4323 write_fast_connectable(req, false);
4324
4325 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4326 scan |= SCAN_PAGE;
4327 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4328 scan |= SCAN_INQUIRY;
4329
4330 if (scan)
4331 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4332}
4333
0663ca2a
JH		 4334static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4335{
4336 struct pending_cmd *cmd;
4337
4338 BT_DBG("status 0x%02x", status);
4339
4340 hci_dev_lock(hdev);
4341
4342 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4343 if (!cmd)
4344 goto unlock;
4345
4346 if (status) {
4347 u8 mgmt_err = mgmt_status(status);
4348
4349 /* We need to restore the flag if related HCI commands
4350 * failed.
4351 */
4352 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4353
4354 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4355 } else {
4356 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4357 new_settings(hdev, cmd->sk);
4358 }
4359
4360 mgmt_pending_remove(cmd);
4361
4362unlock:
4363 hci_dev_unlock(hdev);
4364}
4365
4366static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4367{
4368 struct mgmt_mode *cp = data;
4369 struct pending_cmd *cmd;
4370 struct hci_request req;
4371 int err;
4372
4373 BT_DBG("request for %s", hdev->name);
4374
4375 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4376 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4377 MGMT_STATUS_NOT_SUPPORTED);
4378
4379 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4380 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4381 MGMT_STATUS_REJECTED);
4382
4383 if (cp->val != 0x00 && cp->val != 0x01)
4384 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4385 MGMT_STATUS_INVALID_PARAMS);
4386
4387 hci_dev_lock(hdev);
4388
4389 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4390 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4391 goto unlock;
4392 }
4393
4394 if (!hdev_is_powered(hdev)) {
4395 if (!cp->val) {
0663ca2a
JH		 4396 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4397 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4398 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4399 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4400 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4401 }
4402
4403 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4404
4405 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4406 if (err < 0)
4407 goto unlock;
4408
4409 err = new_settings(hdev, sk);
4410 goto unlock;
4411 }
4412
4413 /* Reject disabling when powered on */
4414 if (!cp->val) {
4415 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4416 MGMT_STATUS_REJECTED);
4417 goto unlock;
4418 }
4419
4420 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4421 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4422 MGMT_STATUS_BUSY);
4423 goto unlock;
4424 }
4425
4426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4427 if (!cmd) {
4428 err = -ENOMEM;
4429 goto unlock;
4430 }
4431
5947f4bc 4432 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4433 * generates the correct flags.
4434 */
4435 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4436
4437 hci_req_init(&req, hdev);
aa8af46e
JH		 4438
4439 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4440 set_bredr_scan(&req);
4441
f14d8f64
MH		 4442 /* Since only the advertising data flags will change, there
4443 * is no need to update the scan response data.
4444 */
5947f4bc 4445 update_adv_data(&req);
aa8af46e 4446
0663ca2a
JH		 4447 err = hci_req_run(&req, set_bredr_complete);
4448 if (err < 0)
4449 mgmt_pending_remove(cmd);
4450
4451unlock:
4452 hci_dev_unlock(hdev);
4453 return err;
4454}
4455
eac83dc6
MH		 4456static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4457 void *data, u16 len)
4458{
4459 struct mgmt_mode *cp = data;
4460 struct pending_cmd *cmd;
0ab04a9c 4461 u8 val, status;
eac83dc6
MH		 4462 int err;
4463
4464 BT_DBG("request for %s", hdev->name);
4465
4466 status = mgmt_bredr_support(hdev);
4467 if (status)
4468 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4469 status);
4470
5afeac14 4471 if (!lmp_sc_capable(hdev) &&
111902f7 4472 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4473 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4474 MGMT_STATUS_NOT_SUPPORTED);
4475
0ab04a9c 4476 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4477 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4478 MGMT_STATUS_INVALID_PARAMS);
4479
4480 hci_dev_lock(hdev);
4481
4482 if (!hdev_is_powered(hdev)) {
4483 bool changed;
4484
0ab04a9c 4485 if (cp->val) {
eac83dc6
MH		 4486 changed = !test_and_set_bit(HCI_SC_ENABLED,
4487 &hdev->dev_flags);
0ab04a9c
MH		 4488 if (cp->val == 0x02)
4489 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4490 else
4491 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4492 } else {
eac83dc6
MH		 4493 changed = test_and_clear_bit(HCI_SC_ENABLED,
4494 &hdev->dev_flags);
0ab04a9c
MH		 4495 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4496 }
eac83dc6
MH		 4497
4498 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4499 if (err < 0)
4500 goto failed;
4501
4502 if (changed)
4503 err = new_settings(hdev, sk);
4504
4505 goto failed;
4506 }
4507
4508 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4509 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4510 MGMT_STATUS_BUSY);
4511 goto failed;
4512 }
4513
0ab04a9c
MH		 4514 val = !!cp->val;
4515
4516 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4517 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4518 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4519 goto failed;
4520 }
4521
4522 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4523 if (!cmd) {
4524 err = -ENOMEM;
4525 goto failed;
4526 }
4527
0ab04a9c 4528 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4529 if (err < 0) {
4530 mgmt_pending_remove(cmd);
4531 goto failed;
4532 }
4533
0ab04a9c
MH		 4534 if (cp->val == 0x02)
4535 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4536 else
4537 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4538
eac83dc6
MH		 4539failed:
4540 hci_dev_unlock(hdev);
4541 return err;
4542}
4543
4e39ac81
MH		 4544static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4545 void *data, u16 len)
4546{
4547 struct mgmt_mode *cp = data;
b9710979 4548 bool changed, use_changed;
4e39ac81
MH		 4549 int err;
4550
4551 BT_DBG("request for %s", hdev->name);
4552
b9710979 4553 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4554 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4555 MGMT_STATUS_INVALID_PARAMS);
4556
4557 hci_dev_lock(hdev);
4558
4559 if (cp->val)
0663b297
JH		 4560 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4561 &hdev->dev_flags);
4e39ac81 4562 else
0663b297
JH		 4563 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4564 &hdev->dev_flags);
4e39ac81 4565
b9710979
JH		 4566 if (cp->val == 0x02)
4567 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4568 &hdev->dev_flags);
4569 else
4570 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4571 &hdev->dev_flags);
4572
4573 if (hdev_is_powered(hdev) && use_changed &&
4574 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4575 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4576 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4577 sizeof(mode), &mode);
4578 }
4579
4e39ac81
MH		 4580 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4581 if (err < 0)
4582 goto unlock;
4583
4584 if (changed)
4585 err = new_settings(hdev, sk);
4586
4587unlock:
4588 hci_dev_unlock(hdev);
4589 return err;
4590}
4591
62b04cd1
JH		 4592static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4593 u16 len)
4594{
4595 struct mgmt_cp_set_privacy *cp = cp_data;
4596 bool changed;
4597 int err;
4598
4599 BT_DBG("request for %s", hdev->name);
4600
4601 if (!lmp_le_capable(hdev))
4602 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4603 MGMT_STATUS_NOT_SUPPORTED);
4604
4605 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4606 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4607 MGMT_STATUS_INVALID_PARAMS);
4608
4609 if (hdev_is_powered(hdev))
4610 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4611 MGMT_STATUS_REJECTED);
4612
4613 hci_dev_lock(hdev);
4614
c21c0ea0
JH		 4615 /* If user space supports this command it is also expected to
4616 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4617 */
4618 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4619
62b04cd1
JH		 4620 if (cp->privacy) {
4621 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4622 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4623 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4624 } else {
4625 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4626 memset(hdev->irk, 0, sizeof(hdev->irk));
4627 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4628 }
4629
4630 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4631 if (err < 0)
4632 goto unlock;
4633
4634 if (changed)
4635 err = new_settings(hdev, sk);
4636
4637unlock:
4638 hci_dev_unlock(hdev);
4639 return err;
4640}
4641
41edf160
JH		 4642static bool irk_is_valid(struct mgmt_irk_info *irk)
4643{
4644 switch (irk->addr.type) {
4645 case BDADDR_LE_PUBLIC:
4646 return true;
4647
4648 case BDADDR_LE_RANDOM:
4649 /* Two most significant bits shall be set */
4650 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4651 return false;
4652 return true;
4653 }
4654
4655 return false;
4656}
4657
4658static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4659 u16 len)
4660{
4661 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4662 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4663 sizeof(struct mgmt_irk_info));
41edf160
JH		 4664 u16 irk_count, expected_len;
4665 int i, err;
4666
4667 BT_DBG("request for %s", hdev->name);
4668
4669 if (!lmp_le_capable(hdev))
4670 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4671 MGMT_STATUS_NOT_SUPPORTED);
4672
4673 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4674 if (irk_count > max_irk_count) {
4675 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4676 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4677 MGMT_STATUS_INVALID_PARAMS);
4678 }
41edf160
JH		 4679
4680 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4681 if (expected_len != len) {
4682 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4683 expected_len, len);
41edf160
JH		 4684 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4685 MGMT_STATUS_INVALID_PARAMS);
4686 }
4687
4688 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4689
4690 for (i = 0; i < irk_count; i++) {
4691 struct mgmt_irk_info *key = &cp->irks[i];
4692
4693 if (!irk_is_valid(key))
4694 return cmd_status(sk, hdev->id,
4695 MGMT_OP_LOAD_IRKS,
4696 MGMT_STATUS_INVALID_PARAMS);
4697 }
4698
4699 hci_dev_lock(hdev);
4700
4701 hci_smp_irks_clear(hdev);
4702
4703 for (i = 0; i < irk_count; i++) {
4704 struct mgmt_irk_info *irk = &cp->irks[i];
4705 u8 addr_type;
4706
4707 if (irk->addr.type == BDADDR_LE_PUBLIC)
4708 addr_type = ADDR_LE_DEV_PUBLIC;
4709 else
4710 addr_type = ADDR_LE_DEV_RANDOM;
4711
4712 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4713 BDADDR_ANY);
4714 }
4715
4716 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4717
4718 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4719
4720 hci_dev_unlock(hdev);
4721
4722 return err;
4723}
4724
3f706b72
JH		 4725static bool ltk_is_valid(struct mgmt_ltk_info *key)
4726{
4727 if (key->master != 0x00 && key->master != 0x01)
4728 return false;
490cb0b3
MH		 4729
4730 switch (key->addr.type) {
4731 case BDADDR_LE_PUBLIC:
4732 return true;
4733
4734 case BDADDR_LE_RANDOM:
4735 /* Two most significant bits shall be set */
4736 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4737 return false;
4738 return true;
4739 }
4740
4741 return false;
3f706b72
JH		 4742}
4743
bdb6d971 4744static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4745 void *cp_data, u16 len)
346af67b 4746{
346af67b 4747 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4748 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4749 sizeof(struct mgmt_ltk_info));
346af67b 4750 u16 key_count, expected_len;
715a5bf2 4751 int i, err;
346af67b 4752
cf99ba13
MH		 4753 BT_DBG("request for %s", hdev->name);
4754
4755 if (!lmp_le_capable(hdev))
4756 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4757 MGMT_STATUS_NOT_SUPPORTED);
4758
1f350c87 4759 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4760 if (key_count > max_key_count) {
4761 BT_ERR("load_ltks: too big key_count value %u", key_count);
4762 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4763 MGMT_STATUS_INVALID_PARAMS);
4764 }
346af67b
VCG		 4765
4766 expected_len = sizeof(*cp) + key_count *
4767 sizeof(struct mgmt_ltk_info);
4768 if (expected_len != len) {
4769 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4770 expected_len, len);
bdb6d971 4771 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4772 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4773 }
4774
bdb6d971 4775 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4776
54ad6d8a
JH		 4777 for (i = 0; i < key_count; i++) {
4778 struct mgmt_ltk_info *key = &cp->keys[i];
4779
3f706b72 4780 if (!ltk_is_valid(key))
54ad6d8a
JH		 4781 return cmd_status(sk, hdev->id,
4782 MGMT_OP_LOAD_LONG_TERM_KEYS,
4783 MGMT_STATUS_INVALID_PARAMS);
4784 }
4785
346af67b
VCG		 4786 hci_dev_lock(hdev);
4787
4788 hci_smp_ltks_clear(hdev);
4789
4790 for (i = 0; i < key_count; i++) {
4791 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4792 u8 type, addr_type, authenticated;
79d95a19
MH		 4793
4794 if (key->addr.type == BDADDR_LE_PUBLIC)
4795 addr_type = ADDR_LE_DEV_PUBLIC;
4796 else
4797 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4798
4799 if (key->master)
2ceba539 4800 type = SMP_LTK;
346af67b 4801 else
2ceba539 4802 type = SMP_LTK_SLAVE;
346af67b 4803
61b43357
JH		 4804 switch (key->type) {
4805 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4806 authenticated = 0x00;
61b43357
JH		 4807 break;
4808 case MGMT_LTK_AUTHENTICATED:
d7b25450 4809 authenticated = 0x01;
61b43357
JH		 4810 break;
4811 default:
4812 continue;
4813 }
d7b25450 4814
35d70271 4815 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4816 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4817 key->rand);
346af67b
VCG		 4818 }
4819
715a5bf2
JH		 4820 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4821 NULL, 0);
4822
346af67b 4823 hci_dev_unlock(hdev);
346af67b 4824
715a5bf2 4825 return err;
346af67b
VCG		 4826}
4827
dd983808
AK		 4828struct cmd_conn_lookup {
4829 struct hci_conn *conn;
4830 bool valid_tx_power;
4831 u8 mgmt_status;
4832};
4833
4834static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4835{
4836 struct cmd_conn_lookup *match = data;
4837 struct mgmt_cp_get_conn_info *cp;
4838 struct mgmt_rp_get_conn_info rp;
4839 struct hci_conn *conn = cmd->user_data;
4840
4841 if (conn != match->conn)
4842 return;
4843
4844 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4845
4846 memset(&rp, 0, sizeof(rp));
4847 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4848 rp.addr.type = cp->addr.type;
4849
4850 if (!match->mgmt_status) {
4851 rp.rssi = conn->rssi;
4852
eed5daf3 4853 if (match->valid_tx_power) {
dd983808 4854 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4855 rp.max_tx_power = conn->max_tx_power;
4856 } else {
dd983808 4857 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4858 rp.max_tx_power = HCI_TX_POWER_INVALID;
4859 }
dd983808
AK		 4860 }
4861
4862 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4863 match->mgmt_status, &rp, sizeof(rp));
4864
4865 hci_conn_drop(conn);
4866
4867 mgmt_pending_remove(cmd);
4868}
4869
4870static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4871{
4872 struct hci_cp_read_rssi *cp;
4873 struct hci_conn *conn;
4874 struct cmd_conn_lookup match;
4875 u16 handle;
4876
4877 BT_DBG("status 0x%02x", status);
4878
4879 hci_dev_lock(hdev);
4880
4881 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4882 * otherwise we assume it's not valid. At the moment we assume that
4883 * either both or none of current and max values are valid to keep code
4884 * simple.
dd983808
AK		 4885 */
4886 match.valid_tx_power = !status;
4887
4888 /* Commands sent in request are either Read RSSI or Read Transmit Power
4889 * Level so we check which one was last sent to retrieve connection
4890 * handle. Both commands have handle as first parameter so it's safe to
4891 * cast data on the same command struct.
4892 *
4893 * First command sent is always Read RSSI and we fail only if it fails.
4894 * In other case we simply override error to indicate success as we
4895 * already remembered if TX power value is actually valid.
4896 */
4897 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4898 if (!cp) {
4899 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4900 status = 0;
4901 }
4902
4903 if (!cp) {
4904 BT_ERR("invalid sent_cmd in response");
4905 goto unlock;
4906 }
4907
4908 handle = __le16_to_cpu(cp->handle);
4909 conn = hci_conn_hash_lookup_handle(hdev, handle);
4910 if (!conn) {
4911 BT_ERR("unknown handle (%d) in response", handle);
4912 goto unlock;
4913 }
4914
4915 match.conn = conn;
4916 match.mgmt_status = mgmt_status(status);
4917
4918 /* Cache refresh is complete, now reply for mgmt request for given
4919 * connection only.
4920 */
4921 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4922 get_conn_info_complete, &match);
4923
4924unlock:
4925 hci_dev_unlock(hdev);
4926}
4927
4928static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4929 u16 len)
4930{
4931 struct mgmt_cp_get_conn_info *cp = data;
4932 struct mgmt_rp_get_conn_info rp;
4933 struct hci_conn *conn;
4934 unsigned long conn_info_age;
4935 int err = 0;
4936
4937 BT_DBG("%s", hdev->name);
4938
4939 memset(&rp, 0, sizeof(rp));
4940 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4941 rp.addr.type = cp->addr.type;
4942
4943 if (!bdaddr_type_is_valid(cp->addr.type))
4944 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4945 MGMT_STATUS_INVALID_PARAMS,
4946 &rp, sizeof(rp));
4947
4948 hci_dev_lock(hdev);
4949
4950 if (!hdev_is_powered(hdev)) {
4951 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4952 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4953 goto unlock;
4954 }
4955
4956 if (cp->addr.type == BDADDR_BREDR)
4957 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4958 &cp->addr.bdaddr);
4959 else
4960 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4961
4962 if (!conn || conn->state != BT_CONNECTED) {
4963 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4964 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4965 goto unlock;
4966 }
4967
4968 /* To avoid client trying to guess when to poll again for information we
4969 * calculate conn info age as random value between min/max set in hdev.
4970 */
4971 conn_info_age = hdev->conn_info_min_age +
4972 prandom_u32_max(hdev->conn_info_max_age -
4973 hdev->conn_info_min_age);
4974
4975 /* Query controller to refresh cached values if they are too old or were
4976 * never read.
4977 */
f4e2dd53
AK		 4978 if (time_after(jiffies, conn->conn_info_timestamp +
4979 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4980 !conn->conn_info_timestamp) {
4981 struct hci_request req;
4982 struct hci_cp_read_tx_power req_txp_cp;
4983 struct hci_cp_read_rssi req_rssi_cp;
4984 struct pending_cmd *cmd;
4985
4986 hci_req_init(&req, hdev);
4987 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4988 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4989 &req_rssi_cp);
4990
f7faab0c
AK		 4991 /* For LE links TX power does not change thus we don't need to
4992 * query for it once value is known.
4993 */
4994 if (!bdaddr_type_is_le(cp->addr.type) ||
4995 conn->tx_power == HCI_TX_POWER_INVALID) {
4996 req_txp_cp.handle = cpu_to_le16(conn->handle);
4997 req_txp_cp.type = 0x00;
4998 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4999 sizeof(req_txp_cp), &req_txp_cp);
5000 }
dd983808 5001
eed5daf3
AK		 5002 /* Max TX power needs to be read only once per connection */
5003 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5004 req_txp_cp.handle = cpu_to_le16(conn->handle);
5005 req_txp_cp.type = 0x01;
5006 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5007 sizeof(req_txp_cp), &req_txp_cp);
5008 }
5009
dd983808
AK		 5010 err = hci_req_run(&req, conn_info_refresh_complete);
5011 if (err < 0)
5012 goto unlock;
5013
5014 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5015 data, len);
5016 if (!cmd) {
5017 err = -ENOMEM;
5018 goto unlock;
5019 }
5020
5021 hci_conn_hold(conn);
5022 cmd->user_data = conn;
5023
5024 conn->conn_info_timestamp = jiffies;
5025 } else {
5026 /* Cache is valid, just reply with values cached in hci_conn */
5027 rp.rssi = conn->rssi;
5028 rp.tx_power = conn->tx_power;
eed5daf3 5029 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5030
5031 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5032 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5033 }
5034
5035unlock:
5036 hci_dev_unlock(hdev);
5037 return err;
5038}
5039
95868426
JH		 5040static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5041{
5042 struct mgmt_cp_get_clock_info *cp;
5043 struct mgmt_rp_get_clock_info rp;
5044 struct hci_cp_read_clock *hci_cp;
5045 struct pending_cmd *cmd;
5046 struct hci_conn *conn;
5047
5048 BT_DBG("%s status %u", hdev->name, status);
5049
5050 hci_dev_lock(hdev);
5051
5052 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5053 if (!hci_cp)
5054 goto unlock;
5055
5056 if (hci_cp->which) {
5057 u16 handle = __le16_to_cpu(hci_cp->handle);
5058 conn = hci_conn_hash_lookup_handle(hdev, handle);
5059 } else {
5060 conn = NULL;
5061 }
5062
5063 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5064 if (!cmd)
5065 goto unlock;
5066
5067 cp = cmd->param;
5068
5069 memset(&rp, 0, sizeof(rp));
5070 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5071
5072 if (status)
5073 goto send_rsp;
5074
5075 rp.local_clock = cpu_to_le32(hdev->clock);
5076
5077 if (conn) {
5078 rp.piconet_clock = cpu_to_le32(conn->clock);
5079 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5080 }
5081
5082send_rsp:
5083 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5084 &rp, sizeof(rp));
5085 mgmt_pending_remove(cmd);
5086 if (conn)
5087 hci_conn_drop(conn);
5088
5089unlock:
5090 hci_dev_unlock(hdev);
5091}
5092
5093static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5094 u16 len)
5095{
5096 struct mgmt_cp_get_clock_info *cp = data;
5097 struct mgmt_rp_get_clock_info rp;
5098 struct hci_cp_read_clock hci_cp;
5099 struct pending_cmd *cmd;
5100 struct hci_request req;
5101 struct hci_conn *conn;
5102 int err;
5103
5104 BT_DBG("%s", hdev->name);
5105
5106 memset(&rp, 0, sizeof(rp));
5107 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5108 rp.addr.type = cp->addr.type;
5109
5110 if (cp->addr.type != BDADDR_BREDR)
5111 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5112 MGMT_STATUS_INVALID_PARAMS,
5113 &rp, sizeof(rp));
5114
5115 hci_dev_lock(hdev);
5116
5117 if (!hdev_is_powered(hdev)) {
5118 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5119 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5120 goto unlock;
5121 }
5122
5123 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5124 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5125 &cp->addr.bdaddr);
5126 if (!conn || conn->state != BT_CONNECTED) {
5127 err = cmd_complete(sk, hdev->id,
5128 MGMT_OP_GET_CLOCK_INFO,
5129 MGMT_STATUS_NOT_CONNECTED,
5130 &rp, sizeof(rp));
5131 goto unlock;
5132 }
5133 } else {
5134 conn = NULL;
5135 }
5136
5137 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5138 if (!cmd) {
5139 err = -ENOMEM;
5140 goto unlock;
5141 }
5142
5143 hci_req_init(&req, hdev);
5144
5145 memset(&hci_cp, 0, sizeof(hci_cp));
5146 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5147
5148 if (conn) {
5149 hci_conn_hold(conn);
5150 cmd->user_data = conn;
5151
5152 hci_cp.handle = cpu_to_le16(conn->handle);
5153 hci_cp.which = 0x01; /* Piconet clock */
5154 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5155 }
5156
5157 err = hci_req_run(&req, get_clock_info_complete);
5158 if (err < 0)
5159 mgmt_pending_remove(cmd);
5160
5161unlock:
5162 hci_dev_unlock(hdev);
5163 return err;
5164}
5165
8afef092
MH		 5166static void device_added(struct sock *sk, struct hci_dev *hdev,
5167 bdaddr_t *bdaddr, u8 type, u8 action)
5168{
5169 struct mgmt_ev_device_added ev;
5170
5171 bacpy(&ev.addr.bdaddr, bdaddr);
5172 ev.addr.type = type;
5173 ev.action = action;
5174
5175 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5176}
5177
2faade53
MH		 5178static int add_device(struct sock *sk, struct hci_dev *hdev,
5179 void *data, u16 len)
5180{
5181 struct mgmt_cp_add_device *cp = data;
5182 u8 auto_conn, addr_type;
5183 int err;
5184
5185 BT_DBG("%s", hdev->name);
5186
5187 if (!bdaddr_type_is_le(cp->addr.type) ||
5188 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5189 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5190 MGMT_STATUS_INVALID_PARAMS,
5191 &cp->addr, sizeof(cp->addr));
5192
5193 if (cp->action != 0x00 && cp->action != 0x01)
5194 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5195 MGMT_STATUS_INVALID_PARAMS,
5196 &cp->addr, sizeof(cp->addr));
5197
5198 hci_dev_lock(hdev);
5199
5200 if (cp->addr.type == BDADDR_LE_PUBLIC)
5201 addr_type = ADDR_LE_DEV_PUBLIC;
5202 else
5203 addr_type = ADDR_LE_DEV_RANDOM;
5204
5205 if (cp->action)
5206 auto_conn = HCI_AUTO_CONN_ALWAYS;
5207 else
a3451d27 5208 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5209
bf5b3c8b
MH		 5210 /* If the connection parameters don't exist for this device,
5211 * they will be created and configured with defaults.
5212 */
d06b50ce
MH		 5213 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5214 auto_conn) < 0) {
2faade53
MH		 5215 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5216 MGMT_STATUS_FAILED,
5217 &cp->addr, sizeof(cp->addr));
5218 goto unlock;
5219 }
5220
8afef092
MH		 5221 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5222
2faade53
MH		 5223 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5224 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5225
5226unlock:
5227 hci_dev_unlock(hdev);
5228 return err;
5229}
5230
8afef092
MH		 5231static void device_removed(struct sock *sk, struct hci_dev *hdev,
5232 bdaddr_t *bdaddr, u8 type)
5233{
5234 struct mgmt_ev_device_removed ev;
5235
5236 bacpy(&ev.addr.bdaddr, bdaddr);
5237 ev.addr.type = type;
5238
5239 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5240}
5241
2faade53
MH		 5242static int remove_device(struct sock *sk, struct hci_dev *hdev,
5243 void *data, u16 len)
5244{
5245 struct mgmt_cp_remove_device *cp = data;
5246 int err;
5247
5248 BT_DBG("%s", hdev->name);
5249
5250 hci_dev_lock(hdev);
5251
5252 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5253 struct hci_conn_params *params;
2faade53
MH		 5254 u8 addr_type;
5255
5256 if (!bdaddr_type_is_le(cp->addr.type)) {
5257 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5258 MGMT_STATUS_INVALID_PARAMS,
5259 &cp->addr, sizeof(cp->addr));
5260 goto unlock;
5261 }
5262
5263 if (cp->addr.type == BDADDR_LE_PUBLIC)
5264 addr_type = ADDR_LE_DEV_PUBLIC;
5265 else
5266 addr_type = ADDR_LE_DEV_RANDOM;
5267
c71593dd
JH		 5268 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5269 addr_type);
5270 if (!params) {
5271 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5272 MGMT_STATUS_INVALID_PARAMS,
5273 &cp->addr, sizeof(cp->addr));
5274 goto unlock;
5275 }
5276
5277 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5278 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5279 MGMT_STATUS_INVALID_PARAMS,
5280 &cp->addr, sizeof(cp->addr));
5281 goto unlock;
5282 }
5283
d1dbf12e 5284 list_del(&params->action);
c71593dd
JH		 5285 list_del(&params->list);
5286 kfree(params);
95305baa 5287 hci_update_background_scan(hdev);
8afef092
MH		 5288
5289 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5290 } else {
19de0825
JH		 5291 struct hci_conn_params *p, *tmp;
5292
2faade53
MH		 5293 if (cp->addr.type) {
5294 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5295 MGMT_STATUS_INVALID_PARAMS,
5296 &cp->addr, sizeof(cp->addr));
5297 goto unlock;
5298 }
5299
19de0825
JH		 5300 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5301 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5302 continue;
5303 device_removed(sk, hdev, &p->addr, p->addr_type);
5304 list_del(&p->action);
5305 list_del(&p->list);
5306 kfree(p);
5307 }
5308
5309 BT_DBG("All LE connection parameters were removed");
5310
5311 hci_update_background_scan(hdev);
2faade53
MH		 5312 }
5313
5314 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5315 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5316
5317unlock:
5318 hci_dev_unlock(hdev);
5319 return err;
5320}
5321
a26f3dcf
JH		 5322static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5323 u16 len)
5324{
5325 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5326 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5327 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5328 u16 param_count, expected_len;
5329 int i;
5330
5331 if (!lmp_le_capable(hdev))
5332 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5333 MGMT_STATUS_NOT_SUPPORTED);
5334
5335 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5336 if (param_count > max_param_count) {
5337 BT_ERR("load_conn_param: too big param_count value %u",
5338 param_count);
5339 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5340 MGMT_STATUS_INVALID_PARAMS);
5341 }
a26f3dcf
JH		 5342
5343 expected_len = sizeof(*cp) + param_count *
5344 sizeof(struct mgmt_conn_param);
5345 if (expected_len != len) {
5346 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5347 expected_len, len);
5348 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5349 MGMT_STATUS_INVALID_PARAMS);
5350 }
5351
5352 BT_DBG("%s param_count %u", hdev->name, param_count);
5353
5354 hci_dev_lock(hdev);
5355
5356 hci_conn_params_clear_disabled(hdev);
5357
5358 for (i = 0; i < param_count; i++) {
5359 struct mgmt_conn_param *param = &cp->params[i];
5360 struct hci_conn_params *hci_param;
5361 u16 min, max, latency, timeout;
5362 u8 addr_type;
5363
5364 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5365 param->addr.type);
5366
5367 if (param->addr.type == BDADDR_LE_PUBLIC) {
5368 addr_type = ADDR_LE_DEV_PUBLIC;
5369 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5370 addr_type = ADDR_LE_DEV_RANDOM;
5371 } else {
5372 BT_ERR("Ignoring invalid connection parameters");
5373 continue;
5374 }
5375
5376 min = le16_to_cpu(param->min_interval);
5377 max = le16_to_cpu(param->max_interval);
5378 latency = le16_to_cpu(param->latency);
5379 timeout = le16_to_cpu(param->timeout);
5380
5381 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5382 min, max, latency, timeout);
5383
5384 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5385 BT_ERR("Ignoring invalid connection parameters");
5386 continue;
5387 }
5388
5389 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5390 addr_type);
5391 if (!hci_param) {
5392 BT_ERR("Failed to add connection parameters");
5393 continue;
5394 }
5395
5396 hci_param->conn_min_interval = min;
5397 hci_param->conn_max_interval = max;
5398 hci_param->conn_latency = latency;
5399 hci_param->supervision_timeout = timeout;
5400 }
5401
5402 hci_dev_unlock(hdev);
5403
5404 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5405}
5406
dbece37a
MH		 5407static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5408 void *data, u16 len)
5409{
5410 struct mgmt_cp_set_external_config *cp = data;
5411 bool changed;
5412 int err;
5413
5414 BT_DBG("%s", hdev->name);
5415
5416 if (hdev_is_powered(hdev))
5417 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5418 MGMT_STATUS_REJECTED);
5419
5420 if (cp->config != 0x00 && cp->config != 0x01)
5421 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5422 MGMT_STATUS_INVALID_PARAMS);
5423
5424 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5425 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5426 MGMT_STATUS_NOT_SUPPORTED);
5427
5428 hci_dev_lock(hdev);
5429
5430 if (cp->config)
5431 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5432 &hdev->dev_flags);
5433 else
5434 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5435 &hdev->dev_flags);
5436
5437 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5438 if (err < 0)
5439 goto unlock;
5440
5441 if (!changed)
5442 goto unlock;
5443
f4537c04
MH		 5444 err = new_options(hdev, sk);
5445
dbece37a
MH		 5446 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5447 mgmt_index_removed(hdev);
d603b76b
MH		 5448
5449 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5450 set_bit(HCI_CONFIG, &hdev->dev_flags);
5451 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5452
5453 queue_work(hdev->req_workqueue, &hdev->power_on);
5454 } else {
5ea234d3 5455 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5456 mgmt_index_added(hdev);
5457 }
dbece37a
MH		 5458 }
5459
5460unlock:
5461 hci_dev_unlock(hdev);
5462 return err;
5463}
5464
9713c17b
MH		 5465static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5466 void *data, u16 len)
5467{
5468 struct mgmt_cp_set_public_address *cp = data;
5469 bool changed;
5470 int err;
5471
5472 BT_DBG("%s", hdev->name);
5473
5474 if (hdev_is_powered(hdev))
5475 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5476 MGMT_STATUS_REJECTED);
5477
5478 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5479 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5480 MGMT_STATUS_INVALID_PARAMS);
5481
5482 if (!hdev->set_bdaddr)
5483 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5484 MGMT_STATUS_NOT_SUPPORTED);
5485
5486 hci_dev_lock(hdev);
5487
5488 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5489 bacpy(&hdev->public_addr, &cp->bdaddr);
5490
5491 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5492 if (err < 0)
5493 goto unlock;
5494
5495 if (!changed)
5496 goto unlock;
5497
5498 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5499 err = new_options(hdev, sk);
5500
5501 if (is_configured(hdev)) {
5502 mgmt_index_removed(hdev);
5503
5504 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5505
5506 set_bit(HCI_CONFIG, &hdev->dev_flags);
5507 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5508
5509 queue_work(hdev->req_workqueue, &hdev->power_on);
5510 }
5511
5512unlock:
5513 hci_dev_unlock(hdev);
5514 return err;
5515}
5516
2e3c35ea 5517static const struct mgmt_handler {
04124681
GP		 5518 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5519 u16 data_len);
be22b54e
JH		 5520 bool var_len;
5521 size_t data_len;
0f4e68cf
JH		 5522} mgmt_handlers[] = {
5523 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5524 { read_version, false, MGMT_READ_VERSION_SIZE },
5525 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5526 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5527 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5528 { set_powered, false, MGMT_SETTING_SIZE },
5529 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5530 { set_connectable, false, MGMT_SETTING_SIZE },
5531 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5532 { set_pairable, false, MGMT_SETTING_SIZE },
5533 { set_link_security, false, MGMT_SETTING_SIZE },
5534 { set_ssp, false, MGMT_SETTING_SIZE },
5535 { set_hs, false, MGMT_SETTING_SIZE },
5536 { set_le, false, MGMT_SETTING_SIZE },
5537 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5538 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5539 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5540 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5541 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5542 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5543 { disconnect, false, MGMT_DISCONNECT_SIZE },
5544 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5545 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5546 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5547 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5548 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5549 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5550 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5551 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5552 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5553 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5554 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5555 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5556 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5557 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5558 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5559 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5560 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5561 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5562 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5563 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5564 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5565 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5566 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5567 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5568 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5569 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5570 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5571 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5572 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5573 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5574 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5575 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5576 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5577 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5578 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5579 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5580 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5581};
5582
0381101f
JH		 5583int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5584{
650f726d
VCG		 5585 void *buf;
5586 u8 *cp;
0381101f 5587 struct mgmt_hdr *hdr;
4e51eae9 5588 u16 opcode, index, len;
bdb6d971 5589 struct hci_dev *hdev = NULL;
2e3c35ea 5590 const struct mgmt_handler *handler;
0381101f
JH		 5591 int err;
5592
5593 BT_DBG("got %zu bytes", msglen);
5594
5595 if (msglen < sizeof(*hdr))
5596 return -EINVAL;
5597
e63a15ec 5598 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5599 if (!buf)
5600 return -ENOMEM;
5601
5602 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5603 err = -EFAULT;
5604 goto done;
5605 }
5606
650f726d 5607 hdr = buf;
1f350c87
MH		 5608 opcode = __le16_to_cpu(hdr->opcode);
5609 index = __le16_to_cpu(hdr->index);
5610 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5611
5612 if (len != msglen - sizeof(*hdr)) {
5613 err = -EINVAL;
5614 goto done;
5615 }
5616
0f4e68cf 5617 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5618 hdev = hci_dev_get(index);
5619 if (!hdev) {
5620 err = cmd_status(sk, index, opcode,
04124681 5621 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5622 goto done;
5623 }
0736cfa8 5624
cebf4cfd 5625 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5626 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5627 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5628 err = cmd_status(sk, index, opcode,
5629 MGMT_STATUS_INVALID_INDEX);
5630 goto done;
5631 }
42a9bc14
MH		 5632
5633 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5634 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5635 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5636 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5637 err = cmd_status(sk, index, opcode,
5638 MGMT_STATUS_INVALID_INDEX);
5639 goto done;
5640 }
bdb6d971
JH		 5641 }
5642
0f4e68cf 5643 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5644 mgmt_handlers[opcode].func == NULL) {
0381101f 5645 BT_DBG("Unknown op %u", opcode);
ca69b795 5646 err = cmd_status(sk, index, opcode,
04124681 5647 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5648 goto done;
5649 }
5650
73d1df2a
MH		 5651 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5652 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5653 err = cmd_status(sk, index, opcode,
5654 MGMT_STATUS_INVALID_INDEX);
5655 goto done;
5656 }
5657
5658 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5659 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5660 err = cmd_status(sk, index, opcode,
04124681 5661 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5662 goto done;
0381101f
JH		 5663 }
5664
be22b54e
JH		 5665 handler = &mgmt_handlers[opcode];
5666
5667 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5668 (!handler->var_len && len != handler->data_len)) {
be22b54e 5669 err = cmd_status(sk, index, opcode,
04124681 5670 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5671 goto done;
5672 }
5673
0f4e68cf
JH		 5674 if (hdev)
5675 mgmt_init_hdev(sk, hdev);
5676
5677 cp = buf + sizeof(*hdr);
5678
be22b54e 5679 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5680 if (err < 0)
5681 goto done;
5682
0381101f
JH		 5683 err = msglen;
5684
5685done:
bdb6d971
JH		 5686 if (hdev)
5687 hci_dev_put(hdev);
5688
0381101f
JH		 5689 kfree(buf);
5690 return err;
5691}
c71e97bf 5692
bf6b56db 5693void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5694{
1514b892 5695 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5696 return;
bb4b2a9a 5697
0602a8ad
MH		 5698 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5699 return;
5700
5701 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5702 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5703 else
5704 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5705}
5706
bf6b56db 5707void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5708{
5f159032 5709 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5710
1514b892 5711 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5712 return;
bb4b2a9a 5713
0602a8ad
MH		 5714 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5715 return;
5716
744cf19e 5717 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5718
edd3896b
MH		 5719 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5720 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5721 else
5722 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5723}
5724
6046dc3e 5725/* This function requires the caller holds hdev->lock */
d7347f3c 5726static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5727{
5728 struct hci_conn_params *p;
5729
5730 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5731 /* Needed for AUTO_OFF case where might not "really"
5732 * have been powered off.
5733 */
5734 list_del_init(&p->action);
5735
5736 switch (p->auto_connect) {
5737 case HCI_AUTO_CONN_ALWAYS:
5738 list_add(&p->action, &hdev->pend_le_conns);
5739 break;
5740 case HCI_AUTO_CONN_REPORT:
5741 list_add(&p->action, &hdev->pend_le_reports);
5742 break;
5743 default:
5744 break;
c83ed19d 5745 }
6046dc3e 5746 }
c83ed19d 5747
c83ed19d 5748 hci_update_background_scan(hdev);
6046dc3e
AG		 5749}
5750
229ab39c
JH		 5751static void powered_complete(struct hci_dev *hdev, u8 status)
5752{
5753 struct cmd_lookup match = { NULL, hdev };
5754
5755 BT_DBG("status 0x%02x", status);
5756
5757 hci_dev_lock(hdev);
5758
d7347f3c 5759 restart_le_actions(hdev);
6046dc3e 5760
229ab39c
JH		 5761 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5762
5763 new_settings(hdev, match.sk);
5764
5765 hci_dev_unlock(hdev);
5766
5767 if (match.sk)
5768 sock_put(match.sk);
5769}
5770
70da6243 5771static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5772{
890ea898 5773 struct hci_request req;
70da6243 5774 u8 link_sec;
5add6af8 5775
890ea898
JH		 5776 hci_req_init(&req, hdev);
5777
70da6243
JH		 5778 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5779 !lmp_host_ssp_capable(hdev)) {
5780 u8 ssp = 1;
5e5282bb 5781
890ea898 5782 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5783 }
5add6af8 5784
c73eee91
JH		 5785 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5786 lmp_bredr_capable(hdev)) {
70da6243 5787 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5788
70da6243
JH		 5789 cp.le = 1;
5790 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5791
70da6243
JH		 5792 /* Check first if we already have the right
5793 * host state (host features set)
5794 */
5795 if (cp.le != lmp_host_le_capable(hdev) ||
5796 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5797 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5798 sizeof(cp), &cp);
70da6243 5799 }
3d1cbdd6 5800
d13eafce 5801 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5802 /* Make sure the controller has a good default for
5803 * advertising data. This also applies to the case
5804 * where BR/EDR was toggled during the AUTO_OFF phase.
5805 */
f14d8f64 5806 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5807 update_adv_data(&req);
f14d8f64
MH		 5808 update_scan_rsp_data(&req);
5809 }
441ad2d0 5810
bba3aa55
MH		 5811 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5812 enable_advertising(&req);
eeca6f89
JH		 5813 }
5814
70da6243
JH		 5815 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5816 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5817 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5818 sizeof(link_sec), &link_sec);
562fcc24 5819
70da6243 5820 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5821 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5822 set_bredr_scan(&req);
890ea898 5823 update_class(&req);
13928971 5824 update_name(&req);
890ea898 5825 update_eir(&req);
70da6243 5826 }
562fcc24 5827
229ab39c 5828 return hci_req_run(&req, powered_complete);
70da6243 5829}
562fcc24 5830
70da6243
JH		 5831int mgmt_powered(struct hci_dev *hdev, u8 powered)
5832{
5833 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5834 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5835 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5836 int err;
f0ff92fb 5837
70da6243
JH		 5838 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5839 return 0;
5840
70da6243 5841 if (powered) {
229ab39c
JH		 5842 if (powered_update_hci(hdev) == 0)
5843 return 0;
fe038884 5844
229ab39c
JH		 5845 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5846 &match);
5847 goto new_settings;
b24752fe
JH		 5848 }
5849
229ab39c
JH		 5850 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5851 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5852
5853 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5854 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5855 zero_cod, sizeof(zero_cod), NULL);
5856
5857new_settings:
beadb2bd 5858 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5859
5860 if (match.sk)
5861 sock_put(match.sk);
5862
7bb895d6 5863 return err;
5add6af8 5864}
73f22f62 5865
3eec705e 5866void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5867{
5868 struct pending_cmd *cmd;
5869 u8 status;
5870
5871 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5872 if (!cmd)
3eec705e 5873 return;
96570ffc
JH		 5874
5875 if (err == -ERFKILL)
5876 status = MGMT_STATUS_RFKILLED;
5877 else
5878 status = MGMT_STATUS_FAILED;
5879
3eec705e 5880 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5881
5882 mgmt_pending_remove(cmd);
96570ffc
JH		 5883}
5884
d1967ff8
MH		 5885void mgmt_discoverable_timeout(struct hci_dev *hdev)
5886{
5887 struct hci_request req;
d1967ff8
MH		 5888
5889 hci_dev_lock(hdev);
5890
5891 /* When discoverable timeout triggers, then just make sure
5892 * the limited discoverable flag is cleared. Even in the case
5893 * of a timeout triggered from general discoverable, it is
5894 * safe to unconditionally clear the flag.
5895 */
5896 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5897 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5898
5899 hci_req_init(&req, hdev);
4b580614
JH		 5900 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5901 u8 scan = SCAN_PAGE;
5902 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5903 sizeof(scan), &scan);
5904 }
d1967ff8 5905 update_class(&req);
9a43e25f 5906 update_adv_data(&req);
d1967ff8
MH		 5907 hci_req_run(&req, NULL);
5908
5909 hdev->discov_timeout = 0;
5910
9a43e25f
JH		 5911 new_settings(hdev, NULL);
5912
d1967ff8
MH		 5913 hci_dev_unlock(hdev);
5914}
5915
86a75645 5916void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5917{
86a75645 5918 bool changed;
73f22f62 5919
bfaf8c9f
JH		 5920 /* Nothing needed here if there's a pending command since that
5921 * commands request completion callback takes care of everything
5922 * necessary.
5923 */
5924 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5925 return;
bfaf8c9f 5926
bd107999
JH		 5927 /* Powering off may clear the scan mode - don't let that interfere */
5928 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5929 return;
5930
9a43e25f 5931 if (discoverable) {
86a75645 5932 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5933 } else {
5934 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5935 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5936 }
5937
5938 if (changed) {
5939 struct hci_request req;
5940
5941 /* In case this change in discoverable was triggered by
5942 * a disabling of connectable there could be a need to
5943 * update the advertising flags.
5944 */
5945 hci_req_init(&req, hdev);
5946 update_adv_data(&req);
5947 hci_req_run(&req, NULL);
73f22f62 5948
86a75645 5949 new_settings(hdev, NULL);
9a43e25f 5950 }
73f22f62 5951}
9fbcbb45 5952
a330916c 5953void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5954{
a330916c 5955 bool changed;
9fbcbb45 5956
d7b856f9
JH		 5957 /* Nothing needed here if there's a pending command since that
5958 * commands request completion callback takes care of everything
5959 * necessary.
5960 */
5961 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5962 return;
d7b856f9 5963
ce3f24cf
JH		 5964 /* Powering off may clear the scan mode - don't let that interfere */
5965 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5966 return;
5967
a330916c
MH		 5968 if (connectable)
5969 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5970 else
5971 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5972
beadb2bd 5973 if (changed)
a330916c 5974 new_settings(hdev, NULL);
9fbcbb45 5975}
55ed8ca1 5976
778b235a
JH		 5977void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5978{
7c4cfab8
JH		 5979 /* Powering off may stop advertising - don't let that interfere */
5980 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5981 return;
5982
778b235a
JH		 5983 if (advertising)
5984 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5985 else
5986 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5987}
5988
4796e8af 5989void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5990{
ca69b795
JH		 5991 u8 mgmt_err = mgmt_status(status);
5992
2d7cee58 5993 if (scan & SCAN_PAGE)
744cf19e 5994 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5995 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5996
5997 if (scan & SCAN_INQUIRY)
744cf19e 5998 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5999 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 6000}
6001
dc4a5ee2
MH		 6002void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6003 bool persistent)
55ed8ca1 6004{
86742e1e 6005 struct mgmt_ev_new_link_key ev;
55ed8ca1 6006
a492cd52 6007 memset(&ev, 0, sizeof(ev));
55ed8ca1 6008
a492cd52 6009 ev.store_hint = persistent;
d753fdc4 6010 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6011 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6012 ev.key.type = key->type;
9b3b4460 6013 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6014 ev.key.pin_len = key->pin_len;
55ed8ca1 6015
dc4a5ee2 6016 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6017}
f7520543 6018
d7b25450
JH		 6019static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6020{
6021 if (ltk->authenticated)
6022 return MGMT_LTK_AUTHENTICATED;
6023
6024 return MGMT_LTK_UNAUTHENTICATED;
6025}
6026
53ac6ab6 6027void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6028{
6029 struct mgmt_ev_new_long_term_key ev;
6030
6031 memset(&ev, 0, sizeof(ev));
6032
5192d301
MH		 6033 /* Devices using resolvable or non-resolvable random addresses
6034 * without providing an indentity resolving key don't require
6035 * to store long term keys. Their addresses will change the
6036 * next time around.
6037 *
6038 * Only when a remote device provides an identity address
6039 * make sure the long term key is stored. If the remote
6040 * identity is known, the long term keys are internally
6041 * mapped to the identity address. So allow static random
6042 * and public addresses here.
6043 */
ba74b666
JH		 6044 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6045 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6046 ev.store_hint = 0x00;
6047 else
53ac6ab6 6048 ev.store_hint = persistent;
ba74b666 6049
346af67b 6050 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6051 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6052 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6053 ev.key.enc_size = key->enc_size;
6054 ev.key.ediv = key->ediv;
fe39c7b2 6055 ev.key.rand = key->rand;
346af67b 6056
2ceba539 6057 if (key->type == SMP_LTK)
346af67b
VCG		 6058 ev.key.master = 1;
6059
346af67b
VCG		 6060 memcpy(ev.key.val, key->val, sizeof(key->val));
6061
083368f7 6062 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6063}
6064
95fbac8a
JH		 6065void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6066{
6067 struct mgmt_ev_new_irk ev;
6068
6069 memset(&ev, 0, sizeof(ev));
6070
bab6d1e5
MH		 6071 /* For identity resolving keys from devices that are already
6072 * using a public address or static random address, do not
6073 * ask for storing this key. The identity resolving key really
6074 * is only mandatory for devices using resovlable random
6075 * addresses.
6076 *
6077 * Storing all identity resolving keys has the downside that
6078 * they will be also loaded on next boot of they system. More
6079 * identity resolving keys, means more time during scanning is
6080 * needed to actually resolve these addresses.
6081 */
6082 if (bacmp(&irk->rpa, BDADDR_ANY))
6083 ev.store_hint = 0x01;
6084 else
6085 ev.store_hint = 0x00;
6086
95fbac8a
JH		 6087 bacpy(&ev.rpa, &irk->rpa);
6088 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6089 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6090 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6091
6092 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6093}
6094
53ac6ab6
MH		 6095void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6096 bool persistent)
7ee4ea36
MH		 6097{
6098 struct mgmt_ev_new_csrk ev;
6099
6100 memset(&ev, 0, sizeof(ev));
6101
6102 /* Devices using resolvable or non-resolvable random addresses
6103 * without providing an indentity resolving key don't require
6104 * to store signature resolving keys. Their addresses will change
6105 * the next time around.
6106 *
6107 * Only when a remote device provides an identity address
6108 * make sure the signature resolving key is stored. So allow
6109 * static random and public addresses here.
6110 */
6111 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6112 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6113 ev.store_hint = 0x00;
6114 else
53ac6ab6 6115 ev.store_hint = persistent;
7ee4ea36
MH		 6116
6117 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6118 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6119 ev.key.master = csrk->master;
6120 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6121
6122 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6123}
6124
ffb5a827 6125void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6126 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6127 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6128{
6129 struct mgmt_ev_new_conn_param ev;
6130
c103aea6
JH		 6131 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6132 return;
6133
ffb5a827
AG		 6134 memset(&ev, 0, sizeof(ev));
6135 bacpy(&ev.addr.bdaddr, bdaddr);
6136 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6137 ev.store_hint = store_hint;
ffb5a827
AG		 6138 ev.min_interval = cpu_to_le16(min_interval);
6139 ev.max_interval = cpu_to_le16(max_interval);
6140 ev.latency = cpu_to_le16(latency);
6141 ev.timeout = cpu_to_le16(timeout);
6142
6143 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6144}
6145
94933991
MH		 6146static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6147 u8 data_len)
6148{
6149 eir[eir_len++] = sizeof(type) + data_len;
6150 eir[eir_len++] = type;
6151 memcpy(&eir[eir_len], data, data_len);
6152 eir_len += data_len;
6153
6154 return eir_len;
6155}
6156
ecd90ae7
MH		 6157void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6158 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6159 u8 *dev_class)
f7520543 6160{
b644ba33
JH		 6161 char buf[512];
6162 struct mgmt_ev_device_connected *ev = (void *) buf;
6163 u16 eir_len = 0;
f7520543 6164
b644ba33 6165 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6166 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6167
c95f0ba7 6168 ev->flags = __cpu_to_le32(flags);
08c79b61 6169
b644ba33
JH		 6170 if (name_len > 0)
6171 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6172 name, name_len);
b644ba33
JH		 6173
6174 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6175 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6176 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6177
eb55ef07 6178 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6179
ecd90ae7
MH		 6180 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6181 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6182}
6183
8962ee74
JH		 6184static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6185{
c68fb7ff 6186 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6187 struct sock **sk = data;
a38528f1 6188 struct mgmt_rp_disconnect rp;
8962ee74 6189
88c3df13
JH		 6190 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6191 rp.addr.type = cp->addr.type;
8962ee74 6192
aee9b218 6193 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6194 sizeof(rp));
8962ee74
JH		 6195
6196 *sk = cmd->sk;
6197 sock_hold(*sk);
6198
a664b5bc 6199 mgmt_pending_remove(cmd);
8962ee74
JH		 6200}
6201
124f6e35 6202static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6203{
b1078ad0 6204 struct hci_dev *hdev = data;
124f6e35
JH		 6205 struct mgmt_cp_unpair_device *cp = cmd->param;
6206 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6207
6208 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6209 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6210 rp.addr.type = cp->addr.type;
a8a1d19e 6211
b1078ad0
JH		 6212 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6213
aee9b218 6214 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6215
6216 mgmt_pending_remove(cmd);
6217}
6218
9b80ec5e 6219void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6220 u8 link_type, u8 addr_type, u8 reason,
6221 bool mgmt_connected)
f7520543 6222{
f0d6a0ea 6223 struct mgmt_ev_device_disconnected ev;
8b064a3a 6224 struct pending_cmd *power_off;
8962ee74 6225 struct sock *sk = NULL;
8962ee74 6226
8b064a3a
JH		 6227 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6228 if (power_off) {
6229 struct mgmt_mode *cp = power_off->param;
6230
6231 /* The connection is still in hci_conn_hash so test for 1
6232 * instead of 0 to know if this is the last one.
6233 */
a3172b7e
JH		 6234 if (!cp->val && hci_conn_count(hdev) == 1) {
6235 cancel_delayed_work(&hdev->power_off);
8b064a3a 6236 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6237 }
8b064a3a
JH		 6238 }
6239
12d4a3b2
JH		 6240 if (!mgmt_connected)
6241 return;
6242
57eb776f
AG		 6243 if (link_type != ACL_LINK && link_type != LE_LINK)
6244 return;
6245
744cf19e 6246 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6247
f0d6a0ea
MA		 6248 bacpy(&ev.addr.bdaddr, bdaddr);
6249 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6250 ev.reason = reason;
f7520543 6251
9b80ec5e 6252 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6253
6254 if (sk)
d97dcb66 6255 sock_put(sk);
8962ee74 6256
124f6e35 6257 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6258 hdev);
8962ee74
JH		 6259}
6260
7892924c
MH		 6261void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6262 u8 link_type, u8 addr_type, u8 status)
8962ee74 6263{
3655bba8
AG		 6264 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6265 struct mgmt_cp_disconnect *cp;
88c3df13 6266 struct mgmt_rp_disconnect rp;
8962ee74 6267 struct pending_cmd *cmd;
8962ee74 6268
36a75f1b
JD		 6269 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6270 hdev);
6271
2e58ef3e 6272 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6273 if (!cmd)
7892924c 6274 return;
8962ee74 6275
3655bba8
AG		 6276 cp = cmd->param;
6277
6278 if (bacmp(bdaddr, &cp->addr.bdaddr))
6279 return;
6280
6281 if (cp->addr.type != bdaddr_type)
6282 return;
6283
88c3df13 6284 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6285 rp.addr.type = bdaddr_type;
37d9ef76 6286
7892924c
MH		 6287 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6288 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6289
a664b5bc 6290 mgmt_pending_remove(cmd);
f7520543 6291}
17d5c04c 6292
445608d0
MH		 6293void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6294 u8 addr_type, u8 status)
17d5c04c
JH		 6295{
6296 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6297 struct pending_cmd *power_off;
6298
6299 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6300 if (power_off) {
6301 struct mgmt_mode *cp = power_off->param;
6302
6303 /* The connection is still in hci_conn_hash so test for 1
6304 * instead of 0 to know if this is the last one.
6305 */
a3172b7e
JH		 6306 if (!cp->val && hci_conn_count(hdev) == 1) {
6307 cancel_delayed_work(&hdev->power_off);
c9910d0f 6308 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6309 }
c9910d0f 6310 }
17d5c04c 6311
4c659c39 6312 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6313 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6314 ev.status = mgmt_status(status);
17d5c04c 6315
445608d0 6316 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6317}
980e1a53 6318
ce0e4a0d 6319void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6320{
6321 struct mgmt_ev_pin_code_request ev;
6322
d8457698 6323 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6324 ev.addr.type = BDADDR_BREDR;
a770bb5a 6325 ev.secure = secure;
980e1a53 6326
ce0e4a0d 6327 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6328}
6329
e669cf80
MH		 6330void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6331 u8 status)
980e1a53
JH		 6332{
6333 struct pending_cmd *cmd;
ac56fb13 6334 struct mgmt_rp_pin_code_reply rp;
980e1a53 6335
2e58ef3e 6336 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6337 if (!cmd)
e669cf80 6338 return;
980e1a53 6339
d8457698 6340 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6341 rp.addr.type = BDADDR_BREDR;
ac56fb13 6342
e669cf80
MH		 6343 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6344 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6345
a664b5bc 6346 mgmt_pending_remove(cmd);
980e1a53
JH		 6347}
6348
3eb38528
MH		 6349void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6350 u8 status)
980e1a53
JH		 6351{
6352 struct pending_cmd *cmd;
ac56fb13 6353 struct mgmt_rp_pin_code_reply rp;
980e1a53 6354
2e58ef3e 6355 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6356 if (!cmd)
3eb38528 6357 return;
980e1a53 6358
d8457698 6359 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6360 rp.addr.type = BDADDR_BREDR;
ac56fb13 6361
3eb38528
MH		 6362 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6363 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6364
a664b5bc 6365 mgmt_pending_remove(cmd);
980e1a53 6366}
a5c29683 6367
744cf19e 6368int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6369 u8 link_type, u8 addr_type, u32 value,
04124681 6370 u8 confirm_hint)
a5c29683
JH		 6371{
6372 struct mgmt_ev_user_confirm_request ev;
6373
744cf19e 6374 BT_DBG("%s", hdev->name);
a5c29683 6375
272d90df 6376 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6377 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6378 ev.confirm_hint = confirm_hint;
39adbffe 6379 ev.value = cpu_to_le32(value);
a5c29683 6380
744cf19e 6381 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6382 NULL);
a5c29683
JH		 6383}
6384
272d90df 6385int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6386 u8 link_type, u8 addr_type)
604086b7
BG		 6387{
6388 struct mgmt_ev_user_passkey_request ev;
6389
6390 BT_DBG("%s", hdev->name);
6391
272d90df 6392 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6393 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6394
6395 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6396 NULL);
604086b7
BG		 6397}
6398
0df4c185 6399static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6400 u8 link_type, u8 addr_type, u8 status,
6401 u8 opcode)
a5c29683
JH		 6402{
6403 struct pending_cmd *cmd;
6404 struct mgmt_rp_user_confirm_reply rp;
6405 int err;
6406
2e58ef3e 6407 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6408 if (!cmd)
6409 return -ENOENT;
6410
272d90df 6411 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6412 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6413 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6414 &rp, sizeof(rp));
a5c29683 6415
a664b5bc 6416 mgmt_pending_remove(cmd);
a5c29683
JH		 6417
6418 return err;
6419}
6420
744cf19e 6421int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6422 u8 link_type, u8 addr_type, u8 status)
a5c29683 6423{
272d90df 6424 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6425 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6426}
6427
272d90df 6428int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6429 u8 link_type, u8 addr_type, u8 status)
a5c29683 6430{
272d90df 6431 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6432 status,
6433 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6434}
2a611692 6435
604086b7 6436int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6437 u8 link_type, u8 addr_type, u8 status)
604086b7 6438{
272d90df 6439 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6440 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6441}
6442
272d90df 6443int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6444 u8 link_type, u8 addr_type, u8 status)
604086b7 6445{
272d90df 6446 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6447 status,
6448 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6449}
6450
92a25256
JH		 6451int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6452 u8 link_type, u8 addr_type, u32 passkey,
6453 u8 entered)
6454{
6455 struct mgmt_ev_passkey_notify ev;
6456
6457 BT_DBG("%s", hdev->name);
6458
6459 bacpy(&ev.addr.bdaddr, bdaddr);
6460 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6461 ev.passkey = __cpu_to_le32(passkey);
6462 ev.entered = entered;
6463
6464 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6465}
6466
e546099c
MH		 6467void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6468 u8 addr_type, u8 status)
2a611692
JH		 6469{
6470 struct mgmt_ev_auth_failed ev;
6471
bab73cb6 6472 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6473 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6474 ev.status = mgmt_status(status);
2a611692 6475
e546099c 6476 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6477}
b312b161 6478
464996ae 6479void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6480{
6481 struct cmd_lookup match = { NULL, hdev };
464996ae 6482 bool changed;
33ef95ed
JH		 6483
6484 if (status) {
6485 u8 mgmt_err = mgmt_status(status);
6486 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6487 cmd_status_rsp, &mgmt_err);
464996ae 6488 return;
33ef95ed
JH		 6489 }
6490
464996ae
MH		 6491 if (test_bit(HCI_AUTH, &hdev->flags))
6492 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6493 &hdev->dev_flags);
6494 else
6495 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6496 &hdev->dev_flags);
47990ea0 6497
33ef95ed 6498 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6499 &match);
33ef95ed 6500
47990ea0 6501 if (changed)
464996ae 6502 new_settings(hdev, match.sk);
33ef95ed
JH		 6503
6504 if (match.sk)
6505 sock_put(match.sk);
33ef95ed
JH		 6506}
6507
890ea898 6508static void clear_eir(struct hci_request *req)
cacaf52f 6509{
890ea898 6510 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6511 struct hci_cp_write_eir cp;
6512
976eb20e 6513 if (!lmp_ext_inq_capable(hdev))
890ea898 6514 return;
cacaf52f 6515
c80da27e
JH		 6516 memset(hdev->eir, 0, sizeof(hdev->eir));
6517
cacaf52f
JH		 6518 memset(&cp, 0, sizeof(cp));
6519
890ea898 6520 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6521}
6522
3e248560 6523void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6524{
6525 struct cmd_lookup match = { NULL, hdev };
890ea898 6526 struct hci_request req;
c0ecddc2 6527 bool changed = false;
ed2c4ee3
JH		 6528
6529 if (status) {
6530 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6531
6532 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6533 &hdev->dev_flags)) {
6534 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6535 new_settings(hdev, NULL);
9ecb3e24 6536 }
c0ecddc2 6537
04124681
GP		 6538 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6539 &mgmt_err);
3e248560 6540 return;
c0ecddc2
JH		 6541 }
6542
6543 if (enable) {
9ecb3e24 6544 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6545 } else {
9ecb3e24
MH		 6546 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6547 if (!changed)
6548 changed = test_and_clear_bit(HCI_HS_ENABLED,
6549 &hdev->dev_flags);
6550 else
6551 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6552 }
6553
6554 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6555
c0ecddc2 6556 if (changed)
3e248560 6557 new_settings(hdev, match.sk);
ed2c4ee3 6558
5fc6ebb1 6559 if (match.sk)
ed2c4ee3
JH		 6560 sock_put(match.sk);
6561
890ea898
JH		 6562 hci_req_init(&req, hdev);
6563
3769972b
JH		 6564 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6565 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6566 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6567 sizeof(enable), &enable);
890ea898 6568 update_eir(&req);
3769972b 6569 } else {
890ea898 6570 clear_eir(&req);
3769972b 6571 }
890ea898
JH		 6572
6573 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6574}
6575
eac83dc6
MH		 6576void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6577{
6578 struct cmd_lookup match = { NULL, hdev };
6579 bool changed = false;
6580
6581 if (status) {
6582 u8 mgmt_err = mgmt_status(status);
6583
0ab04a9c
MH		 6584 if (enable) {
6585 if (test_and_clear_bit(HCI_SC_ENABLED,
6586 &hdev->dev_flags))
6587 new_settings(hdev, NULL);
6588 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6589 }
eac83dc6
MH		 6590
6591 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6592 cmd_status_rsp, &mgmt_err);
6593 return;
6594 }
6595
0ab04a9c 6596 if (enable) {
eac83dc6 6597 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6598 } else {
eac83dc6 6599 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6600 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6601 }
eac83dc6
MH		 6602
6603 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6604 settings_rsp, &match);
6605
6606 if (changed)
6607 new_settings(hdev, match.sk);
6608
6609 if (match.sk)
6610 sock_put(match.sk);
6611}
6612
92da6097 6613static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6614{
6615 struct cmd_lookup *match = data;
6616
90e70454
JH		 6617 if (match->sk == NULL) {
6618 match->sk = cmd->sk;
6619 sock_hold(match->sk);
6620 }
90e70454
JH		 6621}
6622
4e1b0245
MH		 6623void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6624 u8 status)
7f9a903c 6625{
90e70454 6626 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6627
92da6097
JH		 6628 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6629 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6630 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6631
6632 if (!status)
4e1b0245
MH		 6633 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6634 NULL);
90e70454
JH		 6635
6636 if (match.sk)
6637 sock_put(match.sk);
7f9a903c
MH		 6638}
6639
7667da34 6640void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6641{
b312b161 6642 struct mgmt_cp_set_local_name ev;
13928971 6643 struct pending_cmd *cmd;
28cc7bde 6644
13928971 6645 if (status)
7667da34 6646 return;
b312b161
JH		 6647
6648 memset(&ev, 0, sizeof(ev));
6649 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6650 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6651
2e58ef3e 6652 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6653 if (!cmd) {
6654 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6655
13928971
JH		 6656 /* If this is a HCI command related to powering on the
6657 * HCI dev don't send any mgmt signals.
6658 */
6659 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6660 return;
890ea898 6661 }
b312b161 6662
7667da34
MH		 6663 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6664 cmd ? cmd->sk : NULL);
b312b161 6665}
c35938b2 6666
4d2d2796
MH		 6667void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6668 u8 *randomizer192, u8 *hash256,
6669 u8 *randomizer256, u8 status)
c35938b2
SJ		 6670{
6671 struct pending_cmd *cmd;
c35938b2 6672
744cf19e 6673 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6674
2e58ef3e 6675 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6676 if (!cmd)
3edaf092 6677 return;
c35938b2
SJ		 6678
6679 if (status) {
3edaf092
MH		 6680 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6681 mgmt_status(status));
c35938b2 6682 } else {
4d2d2796
MH		 6683 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6684 hash256 && randomizer256) {
6685 struct mgmt_rp_read_local_oob_ext_data rp;
6686
6687 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6688 memcpy(rp.randomizer192, randomizer192,
6689 sizeof(rp.randomizer192));
c35938b2 6690
4d2d2796
MH		 6691 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6692 memcpy(rp.randomizer256, randomizer256,
6693 sizeof(rp.randomizer256));
c35938b2 6694
4d2d2796
MH		 6695 cmd_complete(cmd->sk, hdev->id,
6696 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6697 &rp, sizeof(rp));
6698 } else {
6699 struct mgmt_rp_read_local_oob_data rp;
6700
6701 memcpy(rp.hash, hash192, sizeof(rp.hash));
6702 memcpy(rp.randomizer, randomizer192,
6703 sizeof(rp.randomizer));
6704
6705 cmd_complete(cmd->sk, hdev->id,
6706 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6707 &rp, sizeof(rp));
6708 }
c35938b2
SJ		 6709 }
6710
6711 mgmt_pending_remove(cmd);
c35938b2 6712}
e17acd40 6713
901801b9 6714void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6715 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6716 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6717{
e319d2e7
JH		 6718 char buf[512];
6719 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6720 struct smp_irk *irk;
1dc06093 6721 size_t ev_size;
e17acd40 6722
75ce208c
JH		 6723 /* Don't send events for a non-kernel initiated discovery. With
6724 * LE one exception is if we have pend_le_reports > 0 in which
6725 * case we're doing passive scanning and want these events.
6726 */
6727 if (!hci_discovery_active(hdev)) {
6728 if (link_type == ACL_LINK)
6729 return;
66f8455a 6730 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6731 return;
6732 }
12602d0c 6733
5d2e9fad
JH		 6734 /* Make sure that the buffer is big enough. The 5 extra bytes
6735 * are for the potential CoD field.
6736 */
6737 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6738 return;
7d262f86 6739
1dc06093
JH		 6740 memset(buf, 0, sizeof(buf));
6741
5cedbb8d
JH		 6742 irk = hci_get_irk(hdev, bdaddr, addr_type);
6743 if (irk) {
6744 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6745 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6746 } else {
6747 bacpy(&ev->addr.bdaddr, bdaddr);
6748 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6749 }
6750
e319d2e7 6751 ev->rssi = rssi;
af58925c 6752 ev->flags = cpu_to_le32(flags);
e17acd40 6753
1dc06093 6754 if (eir_len > 0)
e319d2e7 6755 memcpy(ev->eir, eir, eir_len);
e17acd40 6756
1dc06093
JH		 6757 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6758 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6759 dev_class, 3);
1dc06093 6760
5d2e9fad
JH		 6761 if (scan_rsp_len > 0)
6762 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6763
6764 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6765 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6766
901801b9 6767 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6768}
a88a9652 6769
9cf12aee
MH		 6770void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6771 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6772{
b644ba33
JH		 6773 struct mgmt_ev_device_found *ev;
6774 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6775 u16 eir_len;
a88a9652 6776
b644ba33 6777 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6778
b644ba33
JH		 6779 memset(buf, 0, sizeof(buf));
6780
6781 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6782 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6783 ev->rssi = rssi;
6784
6785 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6786 name_len);
b644ba33 6787
eb55ef07 6788 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6789
9cf12aee 6790 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6791}
314b2381 6792
2f1e063b 6793void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6794{
f963e8e9 6795 struct mgmt_ev_discovering ev;
164a6e78
JH		 6796 struct pending_cmd *cmd;
6797
343fb145
AG		 6798 BT_DBG("%s discovering %u", hdev->name, discovering);
6799
164a6e78 6800 if (discovering)
2e58ef3e 6801 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6802 else
2e58ef3e 6803 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6804
6805 if (cmd != NULL) {
f808e166
JH		 6806 u8 type = hdev->discovery.type;
6807
04124681
GP		 6808 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6809 sizeof(type));
164a6e78
JH		 6810 mgmt_pending_remove(cmd);
6811 }
6812
f963e8e9
JH		 6813 memset(&ev, 0, sizeof(ev));
6814 ev.type = hdev->discovery.type;
6815 ev.discovering = discovering;
6816
2f1e063b 6817 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6818}
5e762444 6819
5976e608
MH		 6820static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6821{
6822 BT_DBG("%s status %u", hdev->name, status);
6823
6824 /* Clear the advertising mgmt setting if we failed to re-enable it */
6825 if (status) {
6826 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6827 new_settings(hdev, NULL);
5976e608
MH		 6828 }
6829}
6830
6831void mgmt_reenable_advertising(struct hci_dev *hdev)
6832{
6833 struct hci_request req;
6834
b145edcd 6835 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6836 return;
6837
6838 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6839 return;
6840
6841 hci_req_init(&req, hdev);
6842 enable_advertising(&req);
6843
6844 /* If this fails we have no option but to let user space know
6845 * that we've disabled advertising.
6846 */
6847 if (hci_req_run(&req, adv_enable_complete) < 0) {
6848 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6849 new_settings(hdev, NULL);
5976e608
MH		 6850 }
6851}
Linux kernel - Deliverables
This page took 0.718352 seconds and 5 git commands to generate.