projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add a new HCI_USE_DEBUG_KEYS flag
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
b75cf9cd 38#define MGMT_REVISION 6
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
e70bb2e8
JH		 88};
89
90static const u16 mgmt_events[] = {
91 MGMT_EV_CONTROLLER_ERROR,
92 MGMT_EV_INDEX_ADDED,
93 MGMT_EV_INDEX_REMOVED,
94 MGMT_EV_NEW_SETTINGS,
95 MGMT_EV_CLASS_OF_DEV_CHANGED,
96 MGMT_EV_LOCAL_NAME_CHANGED,
97 MGMT_EV_NEW_LINK_KEY,
98 MGMT_EV_NEW_LONG_TERM_KEY,
99 MGMT_EV_DEVICE_CONNECTED,
100 MGMT_EV_DEVICE_DISCONNECTED,
101 MGMT_EV_CONNECT_FAILED,
102 MGMT_EV_PIN_CODE_REQUEST,
103 MGMT_EV_USER_CONFIRM_REQUEST,
104 MGMT_EV_USER_PASSKEY_REQUEST,
105 MGMT_EV_AUTH_FAILED,
106 MGMT_EV_DEVICE_FOUND,
107 MGMT_EV_DISCOVERING,
108 MGMT_EV_DEVICE_BLOCKED,
109 MGMT_EV_DEVICE_UNBLOCKED,
110 MGMT_EV_DEVICE_UNPAIRED,
92a25256 111 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 112 MGMT_EV_NEW_IRK,
7ee4ea36 113 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 114};
115
17b02e62 116#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 117
4b34ee78
JH		 118#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
119 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
120
eec8d2bc
JH		 121struct pending_cmd {
122 struct list_head list;
fc2f4b13 123 u16 opcode;
eec8d2bc 124 int index;
c68fb7ff 125 void *param;
eec8d2bc 126 struct sock *sk;
e9a416b5 127 void *user_data;
eec8d2bc
JH		 128};
129
ca69b795
JH		 130/* HCI to MGMT error code conversion table */
131static u8 mgmt_status_table[] = {
132 MGMT_STATUS_SUCCESS,
133 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
134 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
135 MGMT_STATUS_FAILED, /* Hardware Failure */
136 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
137 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 138 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 139 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
140 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
141 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
143 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
144 MGMT_STATUS_BUSY, /* Command Disallowed */
145 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
146 MGMT_STATUS_REJECTED, /* Rejected Security */
147 MGMT_STATUS_REJECTED, /* Rejected Personal */
148 MGMT_STATUS_TIMEOUT, /* Host Timeout */
149 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
150 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
151 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
152 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
153 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
154 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
155 MGMT_STATUS_BUSY, /* Repeated Attempts */
156 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
157 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
158 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
159 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
160 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
161 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
162 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
163 MGMT_STATUS_FAILED, /* Unspecified Error */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
165 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
166 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
167 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
168 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
169 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
170 MGMT_STATUS_FAILED, /* Unit Link Key Used */
171 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
172 MGMT_STATUS_TIMEOUT, /* Instant Passed */
173 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
174 MGMT_STATUS_FAILED, /* Transaction Collision */
175 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
176 MGMT_STATUS_REJECTED, /* QoS Rejected */
177 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
178 MGMT_STATUS_REJECTED, /* Insufficient Security */
179 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
180 MGMT_STATUS_BUSY, /* Role Switch Pending */
181 MGMT_STATUS_FAILED, /* Slot Violation */
182 MGMT_STATUS_FAILED, /* Role Switch Failed */
183 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
184 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
185 MGMT_STATUS_BUSY, /* Host Busy Pairing */
186 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
187 MGMT_STATUS_BUSY, /* Controller Busy */
188 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
189 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
190 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
191 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
192 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
193};
194
195static u8 mgmt_status(u8 hci_status)
196{
197 if (hci_status < ARRAY_SIZE(mgmt_status_table))
198 return mgmt_status_table[hci_status];
199
200 return MGMT_STATUS_FAILED;
201}
202
4e51eae9 203static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 204{
205 struct sk_buff *skb;
206 struct mgmt_hdr *hdr;
207 struct mgmt_ev_cmd_status *ev;
56b7d137 208 int err;
f7b64e69 209
34eb525c 210 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 211
790eff44 212 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 213 if (!skb)
214 return -ENOMEM;
215
216 hdr = (void *) skb_put(skb, sizeof(*hdr));
217
dcf4adbf 218 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 219 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 220 hdr->len = cpu_to_le16(sizeof(*ev));
221
222 ev = (void *) skb_put(skb, sizeof(*ev));
223 ev->status = status;
eb55ef07 224 ev->opcode = cpu_to_le16(cmd);
f7b64e69 225
56b7d137
GP		 226 err = sock_queue_rcv_skb(sk, skb);
227 if (err < 0)
f7b64e69
JH		 228 kfree_skb(skb);
229
56b7d137 230 return err;
f7b64e69
JH		 231}
232
aee9b218 233static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 234 void *rp, size_t rp_len)
02d98129
JH		 235{
236 struct sk_buff *skb;
237 struct mgmt_hdr *hdr;
238 struct mgmt_ev_cmd_complete *ev;
56b7d137 239 int err;
02d98129
JH		 240
241 BT_DBG("sock %p", sk);
242
790eff44 243 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 244 if (!skb)
245 return -ENOMEM;
246
247 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 248
dcf4adbf 249 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 250 hdr->index = cpu_to_le16(index);
a38528f1 251 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 252
a38528f1 253 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 254 ev->opcode = cpu_to_le16(cmd);
aee9b218 255 ev->status = status;
8020c16a
SJ		 256
257 if (rp)
258 memcpy(ev->data, rp, rp_len);
02d98129 259
56b7d137
GP		 260 err = sock_queue_rcv_skb(sk, skb);
261 if (err < 0)
02d98129
JH		 262 kfree_skb(skb);
263
e5f0e151 264 return err;
02d98129
JH		 265}
266
04124681
GP		 267static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
268 u16 data_len)
a38528f1
JH		 269{
270 struct mgmt_rp_read_version rp;
271
272 BT_DBG("sock %p", sk);
273
274 rp.version = MGMT_VERSION;
dcf4adbf 275 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 276
aee9b218 277 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 278 sizeof(rp));
a38528f1
JH		 279}
280
04124681
GP		 281static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
282 u16 data_len)
e70bb2e8
JH		 283{
284 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 285 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
286 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 287 __le16 *opcode;
e70bb2e8
JH		 288 size_t rp_size;
289 int i, err;
290
291 BT_DBG("sock %p", sk);
292
293 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
294
295 rp = kmalloc(rp_size, GFP_KERNEL);
296 if (!rp)
297 return -ENOMEM;
298
dcf4adbf
JP		 299 rp->num_commands = cpu_to_le16(num_commands);
300 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 301
302 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
303 put_unaligned_le16(mgmt_commands[i], opcode);
304
305 for (i = 0; i < num_events; i++, opcode++)
306 put_unaligned_le16(mgmt_events[i], opcode);
307
aee9b218 308 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 309 rp_size);
e70bb2e8
JH		 310 kfree(rp);
311
312 return err;
313}
314
04124681
GP		 315static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
316 u16 data_len)
faba42eb 317{
faba42eb 318 struct mgmt_rp_read_index_list *rp;
8035ded4 319 struct hci_dev *d;
a38528f1 320 size_t rp_len;
faba42eb 321 u16 count;
476e44cb 322 int err;
faba42eb
JH		 323
324 BT_DBG("sock %p", sk);
325
326 read_lock(&hci_dev_list_lock);
327
328 count = 0;
bb4b2a9a 329 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 330 if (d->dev_type == HCI_BREDR)
331 count++;
faba42eb
JH		 332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
476e44cb 341 count = 0;
8035ded4 342 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 343 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 344 continue;
345
0736cfa8
MH		 346 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
347 continue;
348
1514b892
MH		 349 if (d->dev_type == HCI_BREDR) {
350 rp->index[count++] = cpu_to_le16(d->id);
351 BT_DBG("Added hci%u", d->id);
352 }
faba42eb
JH		 353 }
354
476e44cb
JH		 355 rp->num_controllers = cpu_to_le16(count);
356 rp_len = sizeof(*rp) + (2 * count);
357
faba42eb
JH		 358 read_unlock(&hci_dev_list_lock);
359
aee9b218 360 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 361 rp_len);
faba42eb 362
a38528f1
JH		 363 kfree(rp);
364
365 return err;
faba42eb
JH		 366}
367
69ab39ea
JH		 368static u32 get_supported_settings(struct hci_dev *hdev)
369{
370 u32 settings = 0;
371
372 settings |= MGMT_SETTING_POWERED;
69ab39ea 373 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 374 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 383
384 if (lmp_ssp_capable(hdev)) {
385 settings |= MGMT_SETTING_SSP;
386 settings |= MGMT_SETTING_HS;
387 }
e98d2ce2 388
5afeac14 389 if (lmp_sc_capable(hdev) ||
111902f7 390 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 391 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 392 }
d7b7e796 393
eeca6f89 394 if (lmp_le_capable(hdev)) {
9d42820f 395 settings |= MGMT_SETTING_LE;
eeca6f89 396 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 397 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 398 }
69ab39ea
JH		 399
400 return settings;
401}
402
403static u32 get_current_settings(struct hci_dev *hdev)
404{
405 u32 settings = 0;
406
f1f0eb02 407 if (hdev_is_powered(hdev))
f0d4b78a
MH		 408 settings |= MGMT_SETTING_POWERED;
409
5e5282bb 410 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_CONNECTABLE;
412
1a4d3c4b
JH		 413 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
414 settings |= MGMT_SETTING_FAST_CONNECTABLE;
415
5e5282bb 416 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_DISCOVERABLE;
418
a8b2d5c2 419 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_PAIRABLE;
421
56f87901 422 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_BREDR;
424
06199cf8 425 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LE;
427
47990ea0 428 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_LINK_SECURITY;
430
84bde9d6 431 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 432 settings |= MGMT_SETTING_SSP;
433
6d80dfd0
JH		 434 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
435 settings |= MGMT_SETTING_HS;
436
f3d3444a 437 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 438 settings |= MGMT_SETTING_ADVERTISING;
439
e98d2ce2
MH		 440 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
441 settings |= MGMT_SETTING_SECURE_CONN;
442
0663b297 443 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 444 settings |= MGMT_SETTING_DEBUG_KEYS;
445
0f4bd942
JH		 446 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
447 settings |= MGMT_SETTING_PRIVACY;
448
69ab39ea
JH		 449 return settings;
450}
451
ef580372
JH		 452#define PNP_INFO_SVCLASS_ID 0x1200
453
213202ed
JH		 454static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
455{
456 u8 *ptr = data, *uuids_start = NULL;
457 struct bt_uuid *uuid;
458
459 if (len < 4)
460 return ptr;
461
462 list_for_each_entry(uuid, &hdev->uuids, list) {
463 u16 uuid16;
464
465 if (uuid->size != 16)
466 continue;
467
468 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
469 if (uuid16 < 0x1100)
470 continue;
471
472 if (uuid16 == PNP_INFO_SVCLASS_ID)
473 continue;
474
475 if (!uuids_start) {
476 uuids_start = ptr;
477 uuids_start[0] = 1;
478 uuids_start[1] = EIR_UUID16_ALL;
479 ptr += 2;
480 }
481
482 /* Stop if not enough space to put next UUID */
483 if ((ptr - data) + sizeof(u16) > len) {
484 uuids_start[1] = EIR_UUID16_SOME;
485 break;
486 }
487
488 *ptr++ = (uuid16 & 0x00ff);
489 *ptr++ = (uuid16 & 0xff00) >> 8;
490 uuids_start[0] += sizeof(uuid16);
491 }
492
493 return ptr;
494}
495
cdf1963f
JH		 496static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
497{
498 u8 *ptr = data, *uuids_start = NULL;
499 struct bt_uuid *uuid;
500
501 if (len < 6)
502 return ptr;
503
504 list_for_each_entry(uuid, &hdev->uuids, list) {
505 if (uuid->size != 32)
506 continue;
507
508 if (!uuids_start) {
509 uuids_start = ptr;
510 uuids_start[0] = 1;
511 uuids_start[1] = EIR_UUID32_ALL;
512 ptr += 2;
513 }
514
515 /* Stop if not enough space to put next UUID */
516 if ((ptr - data) + sizeof(u32) > len) {
517 uuids_start[1] = EIR_UUID32_SOME;
518 break;
519 }
520
521 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
522 ptr += sizeof(u32);
523 uuids_start[0] += sizeof(u32);
524 }
525
526 return ptr;
527}
528
c00d575b
JH		 529static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
530{
531 u8 *ptr = data, *uuids_start = NULL;
532 struct bt_uuid *uuid;
533
534 if (len < 18)
535 return ptr;
536
537 list_for_each_entry(uuid, &hdev->uuids, list) {
538 if (uuid->size != 128)
539 continue;
540
541 if (!uuids_start) {
542 uuids_start = ptr;
543 uuids_start[0] = 1;
544 uuids_start[1] = EIR_UUID128_ALL;
545 ptr += 2;
546 }
547
548 /* Stop if not enough space to put next UUID */
549 if ((ptr - data) + 16 > len) {
550 uuids_start[1] = EIR_UUID128_SOME;
551 break;
552 }
553
554 memcpy(ptr, uuid->uuid, 16);
555 ptr += 16;
556 uuids_start[0] += 16;
557 }
558
559 return ptr;
560}
561
eb2a8d20
JH		 562static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
563{
564 struct pending_cmd *cmd;
565
566 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
567 if (cmd->opcode == opcode)
568 return cmd;
569 }
570
571 return NULL;
572}
573
f14d8f64
MH		 574static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
575{
7a5f4990
MH		 576 u8 ad_len = 0;
577 size_t name_len;
578
579 name_len = strlen(hdev->dev_name);
580 if (name_len > 0) {
581 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
582
583 if (name_len > max_len) {
584 name_len = max_len;
585 ptr[1] = EIR_NAME_SHORT;
586 } else
587 ptr[1] = EIR_NAME_COMPLETE;
588
589 ptr[0] = name_len + 1;
590
591 memcpy(ptr + 2, hdev->dev_name, name_len);
592
593 ad_len += (name_len + 2);
594 ptr += (name_len + 2);
595 }
596
597 return ad_len;
f14d8f64
MH		 598}
599
600static void update_scan_rsp_data(struct hci_request *req)
601{
602 struct hci_dev *hdev = req->hdev;
603 struct hci_cp_le_set_scan_rsp_data cp;
604 u8 len;
605
7751ef1b 606 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 607 return;
608
609 memset(&cp, 0, sizeof(cp));
610
611 len = create_scan_rsp_data(hdev, cp.data);
612
eb438b5f
JH		 613 if (hdev->scan_rsp_data_len == len &&
614 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 615 return;
616
eb438b5f
JH		 617 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
618 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 619
620 cp.length = len;
621
622 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
623}
624
9a43e25f
JH		 625static u8 get_adv_discov_flags(struct hci_dev *hdev)
626{
627 struct pending_cmd *cmd;
628
629 /* If there's a pending mgmt command the flags will not yet have
630 * their final values, so check for this first.
631 */
632 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
633 if (cmd) {
634 struct mgmt_mode *cp = cmd->param;
635 if (cp->val == 0x01)
636 return LE_AD_GENERAL;
637 else if (cp->val == 0x02)
638 return LE_AD_LIMITED;
639 } else {
640 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_LIMITED;
642 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
643 return LE_AD_GENERAL;
644 }
645
646 return 0;
647}
648
46cad2ed 649static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 650{
651 u8 ad_len = 0, flags = 0;
441ad2d0 652
9a43e25f 653 flags |= get_adv_discov_flags(hdev);
441ad2d0 654
e834004b 655 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 656 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 657
658 if (flags) {
659 BT_DBG("adv flags 0x%02x", flags);
660
661 ptr[0] = 2;
662 ptr[1] = EIR_FLAGS;
663 ptr[2] = flags;
664
665 ad_len += 3;
666 ptr += 3;
667 }
668
669 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
670 ptr[0] = 2;
671 ptr[1] = EIR_TX_POWER;
672 ptr[2] = (u8) hdev->adv_tx_power;
673
674 ad_len += 3;
675 ptr += 3;
676 }
677
441ad2d0
MH		 678 return ad_len;
679}
680
5947f4bc 681static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 682{
683 struct hci_dev *hdev = req->hdev;
684 struct hci_cp_le_set_adv_data cp;
685 u8 len;
686
10994ce6 687 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 688 return;
689
690 memset(&cp, 0, sizeof(cp));
691
46cad2ed 692 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 693
694 if (hdev->adv_data_len == len &&
695 memcmp(cp.data, hdev->adv_data, len) == 0)
696 return;
697
698 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
699 hdev->adv_data_len = len;
700
701 cp.length = len;
702
703 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
704}
705
ef580372
JH		 706static void create_eir(struct hci_dev *hdev, u8 *data)
707{
708 u8 *ptr = data;
ef580372
JH		 709 size_t name_len;
710
711 name_len = strlen(hdev->dev_name);
712
713 if (name_len > 0) {
714 /* EIR Data type */
715 if (name_len > 48) {
716 name_len = 48;
717 ptr[1] = EIR_NAME_SHORT;
718 } else
719 ptr[1] = EIR_NAME_COMPLETE;
720
721 /* EIR Data length */
722 ptr[0] = name_len + 1;
723
724 memcpy(ptr + 2, hdev->dev_name, name_len);
725
ef580372
JH		 726 ptr += (name_len + 2);
727 }
728
bbaf444a 729 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 730 ptr[0] = 2;
731 ptr[1] = EIR_TX_POWER;
732 ptr[2] = (u8) hdev->inq_tx_power;
733
91c4e9b1
MH		 734 ptr += 3;
735 }
736
2b9be137
MH		 737 if (hdev->devid_source > 0) {
738 ptr[0] = 9;
739 ptr[1] = EIR_DEVICE_ID;
740
741 put_unaligned_le16(hdev->devid_source, ptr + 2);
742 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
743 put_unaligned_le16(hdev->devid_product, ptr + 6);
744 put_unaligned_le16(hdev->devid_version, ptr + 8);
745
2b9be137
MH		 746 ptr += 10;
747 }
748
213202ed 749 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 750 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 751 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 752}
753
890ea898 754static void update_eir(struct hci_request *req)
ef580372 755{
890ea898 756 struct hci_dev *hdev = req->hdev;
ef580372
JH		 757 struct hci_cp_write_eir cp;
758
504c8dcd 759 if (!hdev_is_powered(hdev))
890ea898 760 return;
7770c4aa 761
976eb20e 762 if (!lmp_ext_inq_capable(hdev))
890ea898 763 return;
ef580372 764
84bde9d6 765 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 766 return;
ef580372 767
a8b2d5c2 768 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 769 return;
ef580372
JH		 770
771 memset(&cp, 0, sizeof(cp));
772
773 create_eir(hdev, cp.data);
774
775 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 776 return;
ef580372
JH		 777
778 memcpy(hdev->eir, cp.data, sizeof(cp.data));
779
890ea898 780 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 781}
782
783static u8 get_service_classes(struct hci_dev *hdev)
784{
785 struct bt_uuid *uuid;
786 u8 val = 0;
787
788 list_for_each_entry(uuid, &hdev->uuids, list)
789 val |= uuid->svc_hint;
790
791 return val;
792}
793
890ea898 794static void update_class(struct hci_request *req)
ef580372 795{
890ea898 796 struct hci_dev *hdev = req->hdev;
ef580372
JH		 797 u8 cod[3];
798
799 BT_DBG("%s", hdev->name);
800
504c8dcd 801 if (!hdev_is_powered(hdev))
890ea898 802 return;
7770c4aa 803
f87ea1da
JH		 804 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
805 return;
806
a8b2d5c2 807 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 808 return;
ef580372
JH		 809
810 cod[0] = hdev->minor_class;
811 cod[1] = hdev->major_class;
812 cod[2] = get_service_classes(hdev);
813
6acd7db4
MH		 814 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
815 cod[1] |= 0x20;
816
ef580372 817 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 818 return;
ef580372 819
890ea898 820 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 821}
822
a4858cb9 823static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 824{
825 struct pending_cmd *cmd;
199a2fb1
JH		 826
827 /* If there's a pending mgmt command the flag will not yet have
828 * it's final value, so check for this first.
829 */
830 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
831 if (cmd) {
832 struct mgmt_mode *cp = cmd->param;
a4858cb9 833 return cp->val;
199a2fb1
JH		 834 }
835
a4858cb9 836 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 837}
838
839static void enable_advertising(struct hci_request *req)
840{
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
8f2a0601 843 u8 own_addr_type, enable = 0x01;
a4858cb9 844 bool connectable;
199a2fb1 845
8d97250e
JH		 846 /* Clear the HCI_ADVERTISING bit temporarily so that the
847 * hci_update_random_address knows that it's safe to go ahead
848 * and write a new random address. The flag will be set back on
849 * as soon as the SET_ADV_ENABLE HCI command completes.
850 */
851 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
852
a4858cb9 853 connectable = get_connectable(hdev);
8f2a0601 854
a4858cb9
JH		 855 /* Set require_privacy to true only when non-connectable
856 * advertising is used. In that case it is fine to use a
857 * non-resolvable private address.
858 */
859 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 860 return;
861
41c90c18 862 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 863 cp.min_interval = cpu_to_le16(0x0800);
864 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 865 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 866 cp.own_address_type = own_addr_type;
199a2fb1
JH		 867 cp.channel_map = hdev->le_adv_channel_map;
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
870
871 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
872}
873
874static void disable_advertising(struct hci_request *req)
875{
876 u8 enable = 0x00;
877
878 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
879}
880
7d78525d
JH		 881static void service_cache_off(struct work_struct *work)
882{
883 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 884 service_cache.work);
890ea898 885 struct hci_request req;
7d78525d 886
a8b2d5c2 887 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 888 return;
889
890ea898
JH		 890 hci_req_init(&req, hdev);
891
7d78525d
JH		 892 hci_dev_lock(hdev);
893
890ea898
JH		 894 update_eir(&req);
895 update_class(&req);
7d78525d
JH		 896
897 hci_dev_unlock(hdev);
890ea898
JH		 898
899 hci_req_run(&req, NULL);
7d78525d
JH		 900}
901
d6bfd59c
JH		 902static void rpa_expired(struct work_struct *work)
903{
904 struct hci_dev *hdev = container_of(work, struct hci_dev,
905 rpa_expired.work);
906 struct hci_request req;
907
908 BT_DBG("");
909
910 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
911
912 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
913 hci_conn_num(hdev, LE_LINK) > 0)
914 return;
915
916 /* The generation of a new RPA and programming it into the
917 * controller happens in the enable_advertising() function.
918 */
919
920 hci_req_init(&req, hdev);
921
922 disable_advertising(&req);
923 enable_advertising(&req);
924
925 hci_req_run(&req, NULL);
926}
927
6a919082 928static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 929{
4f87da80 930 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 931 return;
932
4f87da80 933 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 934 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 935
4f87da80
JH		 936 /* Non-mgmt controlled devices get this bit set
937 * implicitly so that pairing works for them, however
938 * for mgmt we require user-space to explicitly enable
939 * it
940 */
941 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 942}
943
0f4e68cf 944static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 945 void *data, u16 data_len)
0381101f 946{
a38528f1 947 struct mgmt_rp_read_info rp;
f7b64e69 948
bdb6d971 949 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 950
09fd0de5 951 hci_dev_lock(hdev);
f7b64e69 952
dc4fe30b
JH		 953 memset(&rp, 0, sizeof(rp));
954
69ab39ea 955 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 956
69ab39ea 957 rp.version = hdev->hci_ver;
eb55ef07 958 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 959
960 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
961 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 962
a38528f1 963 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 964
dc4fe30b 965 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 966 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 967
09fd0de5 968 hci_dev_unlock(hdev);
0381101f 969
bdb6d971 970 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 971 sizeof(rp));
0381101f
JH		 972}
973
eec8d2bc
JH		 974static void mgmt_pending_free(struct pending_cmd *cmd)
975{
976 sock_put(cmd->sk);
c68fb7ff 977 kfree(cmd->param);
eec8d2bc
JH		 978 kfree(cmd);
979}
980
366a0336 981static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 982 struct hci_dev *hdev, void *data,
983 u16 len)
eec8d2bc
JH		 984{
985 struct pending_cmd *cmd;
986
12b94565 987 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 988 if (!cmd)
366a0336 989 return NULL;
eec8d2bc
JH		 990
991 cmd->opcode = opcode;
2e58ef3e 992 cmd->index = hdev->id;
eec8d2bc 993
12b94565 994 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 995 if (!cmd->param) {
eec8d2bc 996 kfree(cmd);
366a0336 997 return NULL;
eec8d2bc
JH		 998 }
999
8fce6357
SJ		 1000 if (data)
1001 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1002
1003 cmd->sk = sk;
1004 sock_hold(sk);
1005
2e58ef3e 1006 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1007
366a0336 1008 return cmd;
eec8d2bc
JH		 1009}
1010
744cf19e 1011static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1012 void (*cb)(struct pending_cmd *cmd,
1013 void *data),
04124681 1014 void *data)
eec8d2bc 1015{
a3d09356 1016 struct pending_cmd *cmd, *tmp;
eec8d2bc 1017
a3d09356 1018 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1019 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1020 continue;
1021
eec8d2bc
JH		 1022 cb(cmd, data);
1023 }
1024}
1025
a664b5bc 1026static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1027{
73f22f62
JH		 1028 list_del(&cmd->list);
1029 mgmt_pending_free(cmd);
1030}
1031
69ab39ea 1032static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1033{
69ab39ea 1034 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1035
aee9b218 1036 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1037 sizeof(settings));
8680570b
JH		 1038}
1039
8b064a3a
JH		 1040static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1041{
1042 BT_DBG("%s status 0x%02x", hdev->name, status);
1043
a3172b7e
JH		 1044 if (hci_conn_count(hdev) == 0) {
1045 cancel_delayed_work(&hdev->power_off);
8b064a3a 1046 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1047 }
8b064a3a
JH		 1048}
1049
21a60d30
JH		 1050static void hci_stop_discovery(struct hci_request *req)
1051{
1052 struct hci_dev *hdev = req->hdev;
1053 struct hci_cp_remote_name_req_cancel cp;
1054 struct inquiry_entry *e;
1055
1056 switch (hdev->discovery.state) {
1057 case DISCOVERY_FINDING:
1058 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1059 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1060 } else {
1061 cancel_delayed_work(&hdev->le_scan_disable);
1062 hci_req_add_le_scan_disable(req);
1063 }
1064
1065 break;
1066
1067 case DISCOVERY_RESOLVING:
1068 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1069 NAME_PENDING);
1070 if (!e)
1071 return;
1072
1073 bacpy(&cp.bdaddr, &e->data.bdaddr);
1074 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1075 &cp);
1076
1077 break;
1078
1079 default:
1080 /* Passive scanning */
1081 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1082 hci_req_add_le_scan_disable(req);
1083 break;
1084 }
1085}
1086
8b064a3a
JH		 1087static int clean_up_hci_state(struct hci_dev *hdev)
1088{
1089 struct hci_request req;
1090 struct hci_conn *conn;
1091
1092 hci_req_init(&req, hdev);
1093
1094 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1095 test_bit(HCI_PSCAN, &hdev->flags)) {
1096 u8 scan = 0x00;
1097 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1098 }
1099
1100 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1101 disable_advertising(&req);
1102
f8680f12 1103 hci_stop_discovery(&req);
8b064a3a
JH		 1104
1105 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1106 struct hci_cp_disconnect dc;
c9910d0f
JH		 1107 struct hci_cp_reject_conn_req rej;
1108
1109 switch (conn->state) {
1110 case BT_CONNECTED:
1111 case BT_CONFIG:
1112 dc.handle = cpu_to_le16(conn->handle);
1113 dc.reason = 0x15; /* Terminated due to Power Off */
1114 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1115 break;
1116 case BT_CONNECT:
1117 if (conn->type == LE_LINK)
1118 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1119 0, NULL);
1120 else if (conn->type == ACL_LINK)
1121 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1122 6, &conn->dst);
1123 break;
1124 case BT_CONNECT2:
1125 bacpy(&rej.bdaddr, &conn->dst);
1126 rej.reason = 0x15; /* Terminated due to Power Off */
1127 if (conn->type == ACL_LINK)
1128 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1129 sizeof(rej), &rej);
1130 else if (conn->type == SCO_LINK)
1131 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1132 sizeof(rej), &rej);
1133 break;
1134 }
8b064a3a
JH		 1135 }
1136
1137 return hci_req_run(&req, clean_up_hci_complete);
1138}
1139
bdb6d971 1140static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1141 u16 len)
eec8d2bc 1142{
650f726d 1143 struct mgmt_mode *cp = data;
366a0336 1144 struct pending_cmd *cmd;
4b34ee78 1145 int err;
eec8d2bc 1146
bdb6d971 1147 BT_DBG("request for %s", hdev->name);
eec8d2bc 1148
a7e80f25
JH		 1149 if (cp->val != 0x00 && cp->val != 0x01)
1150 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1151 MGMT_STATUS_INVALID_PARAMS);
1152
09fd0de5 1153 hci_dev_lock(hdev);
eec8d2bc 1154
87b95ba6
JH		 1155 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1156 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1157 MGMT_STATUS_BUSY);
1158 goto failed;
1159 }
1160
f0d4b78a
MH		 1161 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1162 cancel_delayed_work(&hdev->power_off);
1163
1164 if (cp->val) {
a1d70450
JH		 1165 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1166 data, len);
1167 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1168 goto failed;
1169 }
1170 }
1171
4b34ee78 1172 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1173 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1174 goto failed;
1175 }
1176
2e58ef3e 1177 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1178 if (!cmd) {
1179 err = -ENOMEM;
eec8d2bc 1180 goto failed;
366a0336 1181 }
eec8d2bc 1182
8b064a3a 1183 if (cp->val) {
19202573 1184 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1185 err = 0;
1186 } else {
1187 /* Disconnect connections, stop scans, etc */
1188 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1189 if (!err)
1190 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1191 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1192
8b064a3a
JH		 1193 /* ENODATA means there were no HCI commands queued */
1194 if (err == -ENODATA) {
a3172b7e 1195 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1196 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1197 err = 0;
1198 }
1199 }
eec8d2bc
JH		 1200
1201failed:
09fd0de5 1202 hci_dev_unlock(hdev);
366a0336 1203 return err;
eec8d2bc
JH		 1204}
1205
04124681
GP		 1206static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1207 struct sock *skip_sk)
beadb2bd
JH		 1208{
1209 struct sk_buff *skb;
1210 struct mgmt_hdr *hdr;
1211
790eff44 1212 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1213 if (!skb)
1214 return -ENOMEM;
1215
1216 hdr = (void *) skb_put(skb, sizeof(*hdr));
1217 hdr->opcode = cpu_to_le16(event);
1218 if (hdev)
1219 hdr->index = cpu_to_le16(hdev->id);
1220 else
dcf4adbf 1221 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1222 hdr->len = cpu_to_le16(data_len);
1223
1224 if (data)
1225 memcpy(skb_put(skb, data_len), data, data_len);
1226
97e0bdeb
MH		 1227 /* Time stamp */
1228 __net_timestamp(skb);
1229
beadb2bd
JH		 1230 hci_send_to_control(skb, skip_sk);
1231 kfree_skb(skb);
1232
1233 return 0;
1234}
1235
1236static int new_settings(struct hci_dev *hdev, struct sock *skip)
1237{
1238 __le32 ev;
1239
1240 ev = cpu_to_le32(get_current_settings(hdev));
1241
1242 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1243}
1244
bd99abdd
JH		 1245struct cmd_lookup {
1246 struct sock *sk;
1247 struct hci_dev *hdev;
1248 u8 mgmt_status;
1249};
1250
1251static void settings_rsp(struct pending_cmd *cmd, void *data)
1252{
1253 struct cmd_lookup *match = data;
1254
1255 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1256
1257 list_del(&cmd->list);
1258
1259 if (match->sk == NULL) {
1260 match->sk = cmd->sk;
1261 sock_hold(match->sk);
1262 }
1263
1264 mgmt_pending_free(cmd);
1265}
1266
1267static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1268{
1269 u8 *status = data;
1270
1271 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1272 mgmt_pending_remove(cmd);
1273}
1274
e6fe7986
JH		 1275static u8 mgmt_bredr_support(struct hci_dev *hdev)
1276{
1277 if (!lmp_bredr_capable(hdev))
1278 return MGMT_STATUS_NOT_SUPPORTED;
1279 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1280 return MGMT_STATUS_REJECTED;
1281 else
1282 return MGMT_STATUS_SUCCESS;
1283}
1284
1285static u8 mgmt_le_support(struct hci_dev *hdev)
1286{
1287 if (!lmp_le_capable(hdev))
1288 return MGMT_STATUS_NOT_SUPPORTED;
1289 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1290 return MGMT_STATUS_REJECTED;
1291 else
1292 return MGMT_STATUS_SUCCESS;
1293}
1294
bfaf8c9f
JH		 1295static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1296{
1297 struct pending_cmd *cmd;
1298 struct mgmt_mode *cp;
970ba524 1299 struct hci_request req;
bfaf8c9f
JH		 1300 bool changed;
1301
1302 BT_DBG("status 0x%02x", status);
1303
1304 hci_dev_lock(hdev);
1305
1306 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1307 if (!cmd)
1308 goto unlock;
1309
1310 if (status) {
1311 u8 mgmt_err = mgmt_status(status);
1312 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1313 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1314 goto remove_cmd;
1315 }
1316
1317 cp = cmd->param;
d4462a07 1318 if (cp->val) {
bfaf8c9f
JH		 1319 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1320 &hdev->dev_flags);
d4462a07
MH		 1321
1322 if (hdev->discov_timeout > 0) {
1323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1325 to);
1326 }
1327 } else {
bfaf8c9f
JH		 1328 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1329 &hdev->dev_flags);
d4462a07 1330 }
bfaf8c9f
JH		 1331
1332 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1333
1334 if (changed)
1335 new_settings(hdev, cmd->sk);
1336
970ba524
MH		 1337 /* When the discoverable mode gets changed, make sure
1338 * that class of device has the limited discoverable
1339 * bit correctly set.
1340 */
1341 hci_req_init(&req, hdev);
1342 update_class(&req);
1343 hci_req_run(&req, NULL);
1344
bfaf8c9f
JH		 1345remove_cmd:
1346 mgmt_pending_remove(cmd);
1347
1348unlock:
1349 hci_dev_unlock(hdev);
1350}
1351
bdb6d971 1352static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1353 u16 len)
73f22f62 1354{
650f726d 1355 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1356 struct pending_cmd *cmd;
bfaf8c9f 1357 struct hci_request req;
5e5282bb 1358 u16 timeout;
9a43e25f 1359 u8 scan;
73f22f62
JH		 1360 int err;
1361
bdb6d971 1362 BT_DBG("request for %s", hdev->name);
73f22f62 1363
9a43e25f
JH		 1364 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1365 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1366 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1367 MGMT_STATUS_REJECTED);
33c525c0 1368
310a3d48 1369 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1370 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1371 MGMT_STATUS_INVALID_PARAMS);
1372
1f350c87 1373 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1374
1375 /* Disabling discoverable requires that no timeout is set,
1376 * and enabling limited discoverable requires a timeout.
1377 */
1378 if ((cp->val == 0x00 && timeout > 0) ||
1379 (cp->val == 0x02 && timeout == 0))
bdb6d971 1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1381 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1382
09fd0de5 1383 hci_dev_lock(hdev);
73f22f62 1384
5e5282bb 1385 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1386 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1387 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1388 goto failed;
1389 }
1390
2e58ef3e 1391 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1392 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1394 MGMT_STATUS_BUSY);
73f22f62
JH		 1395 goto failed;
1396 }
1397
5e5282bb 1398 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1399 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1400 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1401 goto failed;
1402 }
1403
1404 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1405 bool changed = false;
1406
310a3d48
MH		 1407 /* Setting limited discoverable when powered off is
1408 * not a valid operation since it requires a timeout
1409 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1410 */
0224d2fa
JH		 1411 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1412 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1413 changed = true;
1414 }
1415
5e5282bb 1416 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1417 if (err < 0)
1418 goto failed;
1419
1420 if (changed)
1421 err = new_settings(hdev, sk);
1422
5e5282bb
JH		 1423 goto failed;
1424 }
1425
310a3d48
MH		 1426 /* If the current mode is the same, then just update the timeout
1427 * value with the new value. And if only the timeout gets updated,
1428 * then no need for any HCI transactions.
1429 */
1430 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1431 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1432 &hdev->dev_flags)) {
36261547
MH		 1433 cancel_delayed_work(&hdev->discov_off);
1434 hdev->discov_timeout = timeout;
955638ec 1435
36261547
MH		 1436 if (cp->val && hdev->discov_timeout > 0) {
1437 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1438 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1439 to);
955638ec
MH		 1440 }
1441
69ab39ea 1442 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1443 goto failed;
1444 }
1445
2e58ef3e 1446 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1447 if (!cmd) {
1448 err = -ENOMEM;
73f22f62 1449 goto failed;
366a0336 1450 }
73f22f62 1451
310a3d48
MH		 1452 /* Cancel any potential discoverable timeout that might be
1453 * still active and store new timeout value. The arming of
1454 * the timeout happens in the complete handler.
1455 */
1456 cancel_delayed_work(&hdev->discov_off);
1457 hdev->discov_timeout = timeout;
1458
b456f87c
JH		 1459 /* Limited discoverable mode */
1460 if (cp->val == 0x02)
1461 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1462 else
1463 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1464
bfaf8c9f
JH		 1465 hci_req_init(&req, hdev);
1466
9a43e25f
JH		 1467 /* The procedure for LE-only controllers is much simpler - just
1468 * update the advertising data.
1469 */
1470 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1471 goto update_ad;
1472
73f22f62
JH		 1473 scan = SCAN_PAGE;
1474
310a3d48
MH		 1475 if (cp->val) {
1476 struct hci_cp_write_current_iac_lap hci_cp;
1477
1478 if (cp->val == 0x02) {
1479 /* Limited discoverable mode */
33337dcb 1480 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1481 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1482 hci_cp.iac_lap[1] = 0x8b;
1483 hci_cp.iac_lap[2] = 0x9e;
1484 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1485 hci_cp.iac_lap[4] = 0x8b;
1486 hci_cp.iac_lap[5] = 0x9e;
1487 } else {
1488 /* General discoverable mode */
310a3d48
MH		 1489 hci_cp.num_iac = 1;
1490 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1491 hci_cp.iac_lap[1] = 0x8b;
1492 hci_cp.iac_lap[2] = 0x9e;
1493 }
1494
1495 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1496 (hci_cp.num_iac * 3) + 1, &hci_cp);
1497
73f22f62 1498 scan |= SCAN_INQUIRY;
310a3d48
MH		 1499 } else {
1500 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1501 }
73f22f62 1502
310a3d48 1503 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1504
9a43e25f
JH		 1505update_ad:
1506 update_adv_data(&req);
1507
bfaf8c9f 1508 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1509 if (err < 0)
a664b5bc 1510 mgmt_pending_remove(cmd);
73f22f62
JH		 1511
1512failed:
09fd0de5 1513 hci_dev_unlock(hdev);
73f22f62
JH		 1514 return err;
1515}
1516
406d7804
JH		 1517static void write_fast_connectable(struct hci_request *req, bool enable)
1518{
bd98b996 1519 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1520 struct hci_cp_write_page_scan_activity acp;
1521 u8 type;
1522
547003b1
JH		 1523 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1524 return;
1525
4c01f8b8
JH		 1526 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1527 return;
1528
406d7804
JH		 1529 if (enable) {
1530 type = PAGE_SCAN_TYPE_INTERLACED;
1531
1532 /* 160 msec page scan interval */
dcf4adbf 1533 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1534 } else {
1535 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1536
1537 /* default 1.28 sec page scan */
dcf4adbf 1538 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1539 }
1540
dcf4adbf 1541 acp.window = cpu_to_le16(0x0012);
406d7804 1542
bd98b996
JH		 1543 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1544 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1545 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1546 sizeof(acp), &acp);
1547
1548 if (hdev->page_scan_type != type)
1549 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1550}
1551
2b76f453
JH		 1552static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1553{
1554 struct pending_cmd *cmd;
d7b856f9
JH		 1555 struct mgmt_mode *cp;
1556 bool changed;
2b76f453
JH		 1557
1558 BT_DBG("status 0x%02x", status);
1559
1560 hci_dev_lock(hdev);
1561
1562 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1563 if (!cmd)
1564 goto unlock;
1565
37438c1f
JH		 1566 if (status) {
1567 u8 mgmt_err = mgmt_status(status);
1568 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1569 goto remove_cmd;
1570 }
1571
d7b856f9
JH		 1572 cp = cmd->param;
1573 if (cp->val)
1574 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1575 else
1576 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1577
2b76f453
JH		 1578 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1579
d7b856f9
JH		 1580 if (changed)
1581 new_settings(hdev, cmd->sk);
1582
37438c1f 1583remove_cmd:
2b76f453
JH		 1584 mgmt_pending_remove(cmd);
1585
1586unlock:
1587 hci_dev_unlock(hdev);
1588}
1589
e8ba3a1f
JH		 1590static int set_connectable_update_settings(struct hci_dev *hdev,
1591 struct sock *sk, u8 val)
1592{
1593 bool changed = false;
1594 int err;
1595
1596 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1597 changed = true;
1598
1599 if (val) {
1600 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1601 } else {
1602 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1603 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1604 }
1605
1606 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1607 if (err < 0)
1608 return err;
1609
1610 if (changed)
1611 return new_settings(hdev, sk);
1612
1613 return 0;
1614}
1615
bdb6d971 1616static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1617 u16 len)
9fbcbb45 1618{
650f726d 1619 struct mgmt_mode *cp = data;
366a0336 1620 struct pending_cmd *cmd;
2b76f453 1621 struct hci_request req;
1987fdc7 1622 u8 scan;
9fbcbb45
JH		 1623 int err;
1624
bdb6d971 1625 BT_DBG("request for %s", hdev->name);
9fbcbb45 1626
1987fdc7
JH		 1627 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1628 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1629 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1630 MGMT_STATUS_REJECTED);
33c525c0 1631
a7e80f25
JH		 1632 if (cp->val != 0x00 && cp->val != 0x01)
1633 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1634 MGMT_STATUS_INVALID_PARAMS);
1635
09fd0de5 1636 hci_dev_lock(hdev);
9fbcbb45 1637
4b34ee78 1638 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1639 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1640 goto failed;
1641 }
1642
2e58ef3e 1643 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1644 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1645 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1646 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1647 goto failed;
1648 }
1649
2e58ef3e 1650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1651 if (!cmd) {
1652 err = -ENOMEM;
9fbcbb45 1653 goto failed;
366a0336 1654 }
9fbcbb45 1655
9b74246f 1656 hci_req_init(&req, hdev);
9fbcbb45 1657
9a43e25f
JH		 1658 /* If BR/EDR is not enabled and we disable advertising as a
1659 * by-product of disabling connectable, we need to update the
1660 * advertising flags.
1661 */
1662 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1663 if (!cp->val) {
1664 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1665 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1666 }
1667 update_adv_data(&req);
1668 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1669 if (cp->val) {
1670 scan = SCAN_PAGE;
1671 } else {
1672 scan = 0;
1673
1674 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1675 hdev->discov_timeout > 0)
9b74246f
JH		 1676 cancel_delayed_work(&hdev->discov_off);
1677 }
2b76f453 1678
9b74246f
JH		 1679 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1680 }
2b76f453 1681
4c01f8b8
JH		 1682 /* If we're going from non-connectable to connectable or
1683 * vice-versa when fast connectable is enabled ensure that fast
1684 * connectable gets disabled. write_fast_connectable won't do
1685 * anything if the page scan parameters are already what they
1686 * should be.
1687 */
1688 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1689 write_fast_connectable(&req, false);
1690
1987fdc7
JH		 1691 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1692 hci_conn_num(hdev, LE_LINK) == 0) {
1693 disable_advertising(&req);
1694 enable_advertising(&req);
1695 }
1696
2b76f453 1697 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1698 if (err < 0) {
a664b5bc 1699 mgmt_pending_remove(cmd);
9b74246f 1700 if (err == -ENODATA)
a81070ba
JH		 1701 err = set_connectable_update_settings(hdev, sk,
1702 cp->val);
9b74246f
JH		 1703 goto failed;
1704 }
9fbcbb45
JH		 1705
1706failed:
09fd0de5 1707 hci_dev_unlock(hdev);
9fbcbb45
JH		 1708 return err;
1709}
1710
bdb6d971 1711static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1712 u16 len)
c542a06c 1713{
650f726d 1714 struct mgmt_mode *cp = data;
55594356 1715 bool changed;
c542a06c
JH		 1716 int err;
1717
bdb6d971 1718 BT_DBG("request for %s", hdev->name);
c542a06c 1719
a7e80f25
JH		 1720 if (cp->val != 0x00 && cp->val != 0x01)
1721 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1722 MGMT_STATUS_INVALID_PARAMS);
1723
09fd0de5 1724 hci_dev_lock(hdev);
c542a06c
JH		 1725
1726 if (cp->val)
55594356 1727 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1728 else
55594356 1729 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1730
69ab39ea 1731 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1732 if (err < 0)
55594356 1733 goto unlock;
c542a06c 1734
55594356
MH		 1735 if (changed)
1736 err = new_settings(hdev, sk);
c542a06c 1737
55594356 1738unlock:
09fd0de5 1739 hci_dev_unlock(hdev);
c542a06c
JH		 1740 return err;
1741}
1742
04124681
GP		 1743static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1744 u16 len)
33ef95ed
JH		 1745{
1746 struct mgmt_mode *cp = data;
1747 struct pending_cmd *cmd;
e6fe7986 1748 u8 val, status;
33ef95ed
JH		 1749 int err;
1750
bdb6d971 1751 BT_DBG("request for %s", hdev->name);
33ef95ed 1752
e6fe7986
JH		 1753 status = mgmt_bredr_support(hdev);
1754 if (status)
33c525c0 1755 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1756 status);
33c525c0 1757
a7e80f25
JH		 1758 if (cp->val != 0x00 && cp->val != 0x01)
1759 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1760 MGMT_STATUS_INVALID_PARAMS);
1761
33ef95ed
JH		 1762 hci_dev_lock(hdev);
1763
4b34ee78 1764 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1765 bool changed = false;
1766
1767 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1768 &hdev->dev_flags)) {
47990ea0
JH		 1769 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1770 changed = true;
1771 }
1772
1773 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1774 if (err < 0)
1775 goto failed;
1776
1777 if (changed)
1778 err = new_settings(hdev, sk);
1779
33ef95ed
JH		 1780 goto failed;
1781 }
1782
1783 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1784 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1785 MGMT_STATUS_BUSY);
33ef95ed
JH		 1786 goto failed;
1787 }
1788
1789 val = !!cp->val;
1790
1791 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1792 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1793 goto failed;
1794 }
1795
1796 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1797 if (!cmd) {
1798 err = -ENOMEM;
1799 goto failed;
1800 }
1801
1802 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1803 if (err < 0) {
1804 mgmt_pending_remove(cmd);
1805 goto failed;
1806 }
1807
1808failed:
1809 hci_dev_unlock(hdev);
33ef95ed
JH		 1810 return err;
1811}
1812
bdb6d971 1813static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1814{
1815 struct mgmt_mode *cp = data;
1816 struct pending_cmd *cmd;
72ef0c1a 1817 u8 status;
ed2c4ee3
JH		 1818 int err;
1819
bdb6d971 1820 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1821
cdba5281
MH		 1822 status = mgmt_bredr_support(hdev);
1823 if (status)
1824 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1825
13ecd8b6
JH		 1826 if (!lmp_ssp_capable(hdev))
1827 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1828 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1829
a7e80f25
JH		 1830 if (cp->val != 0x00 && cp->val != 0x01)
1831 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1832 MGMT_STATUS_INVALID_PARAMS);
1833
13ecd8b6 1834 hci_dev_lock(hdev);
6c8f12c1 1835
4b34ee78 1836 if (!hdev_is_powered(hdev)) {
9ecb3e24 1837 bool changed;
c0ecddc2 1838
9ecb3e24
MH		 1839 if (cp->val) {
1840 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1841 &hdev->dev_flags);
1842 } else {
1843 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1844 &hdev->dev_flags);
1845 if (!changed)
1846 changed = test_and_clear_bit(HCI_HS_ENABLED,
1847 &hdev->dev_flags);
1848 else
1849 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1850 }
1851
1852 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1853 if (err < 0)
1854 goto failed;
1855
1856 if (changed)
1857 err = new_settings(hdev, sk);
1858
ed2c4ee3
JH		 1859 goto failed;
1860 }
1861
9ecb3e24
MH		 1862 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1863 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1865 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1866 goto failed;
1867 }
1868
72ef0c1a 1869 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1870 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1871 goto failed;
1872 }
1873
1874 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1875 if (!cmd) {
1876 err = -ENOMEM;
1877 goto failed;
1878 }
1879
3769972b
JH		 1880 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1881 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1882 sizeof(cp->val), &cp->val);
1883
72ef0c1a 1884 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1885 if (err < 0) {
1886 mgmt_pending_remove(cmd);
1887 goto failed;
1888 }
1889
1890failed:
1891 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1892 return err;
1893}
1894
bdb6d971 1895static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1896{
1897 struct mgmt_mode *cp = data;
ee392693 1898 bool changed;
e6fe7986 1899 u8 status;
ee392693 1900 int err;
6d80dfd0 1901
bdb6d971 1902 BT_DBG("request for %s", hdev->name);
6d80dfd0 1903
e6fe7986
JH		 1904 status = mgmt_bredr_support(hdev);
1905 if (status)
1906 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1907
9ecb3e24
MH		 1908 if (!lmp_ssp_capable(hdev))
1909 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1910 MGMT_STATUS_NOT_SUPPORTED);
1911
1912 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1913 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1914 MGMT_STATUS_REJECTED);
1915
a7e80f25
JH		 1916 if (cp->val != 0x00 && cp->val != 0x01)
1917 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1918 MGMT_STATUS_INVALID_PARAMS);
1919
ee392693
MH		 1920 hci_dev_lock(hdev);
1921
a0cdf960 1922 if (cp->val) {
ee392693 1923 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1924 } else {
1925 if (hdev_is_powered(hdev)) {
1926 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1927 MGMT_STATUS_REJECTED);
1928 goto unlock;
1929 }
1930
ee392693 1931 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1932 }
ee392693
MH		 1933
1934 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1935 if (err < 0)
1936 goto unlock;
1937
1938 if (changed)
1939 err = new_settings(hdev, sk);
6d80dfd0 1940
ee392693
MH		 1941unlock:
1942 hci_dev_unlock(hdev);
1943 return err;
6d80dfd0
JH		 1944}
1945
416a4ae5
JH		 1946static void le_enable_complete(struct hci_dev *hdev, u8 status)
1947{
1948 struct cmd_lookup match = { NULL, hdev };
1949
1950 if (status) {
1951 u8 mgmt_err = mgmt_status(status);
1952
1953 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1954 &mgmt_err);
1955 return;
1956 }
1957
1958 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1959
1960 new_settings(hdev, match.sk);
1961
1962 if (match.sk)
1963 sock_put(match.sk);
441ad2d0
MH		 1964
1965 /* Make sure the controller has a good default for
1966 * advertising data. Restrict the update to when LE
1967 * has actually been enabled. During power on, the
1968 * update in powered_update_hci will take care of it.
1969 */
1970 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1971 struct hci_request req;
1972
1973 hci_dev_lock(hdev);
1974
1975 hci_req_init(&req, hdev);
5947f4bc 1976 update_adv_data(&req);
f14d8f64 1977 update_scan_rsp_data(&req);
441ad2d0
MH		 1978 hci_req_run(&req, NULL);
1979
1980 hci_dev_unlock(hdev);
1981 }
416a4ae5
JH		 1982}
1983
bdb6d971 1984static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1985{
1986 struct mgmt_mode *cp = data;
1987 struct hci_cp_write_le_host_supported hci_cp;
1988 struct pending_cmd *cmd;
416a4ae5 1989 struct hci_request req;
06199cf8 1990 int err;
0b60eba1 1991 u8 val, enabled;
06199cf8 1992
bdb6d971 1993 BT_DBG("request for %s", hdev->name);
06199cf8 1994
13ecd8b6
JH		 1995 if (!lmp_le_capable(hdev))
1996 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1997 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1998
a7e80f25
JH		 1999 if (cp->val != 0x00 && cp->val != 0x01)
2000 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2001 MGMT_STATUS_INVALID_PARAMS);
2002
c73eee91 2003 /* LE-only devices do not allow toggling LE on/off */
56f87901 2004 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2005 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2006 MGMT_STATUS_REJECTED);
2007
13ecd8b6 2008 hci_dev_lock(hdev);
06199cf8
JH		 2009
2010 val = !!cp->val;
ffa88e02 2011 enabled = lmp_host_le_capable(hdev);
06199cf8 2012
0b60eba1 2013 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2014 bool changed = false;
2015
2016 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2017 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2018 changed = true;
2019 }
2020
f3d3444a
JH		 2021 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2022 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2023 changed = true;
2024 }
2025
06199cf8
JH		 2026 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2027 if (err < 0)
1de028ce 2028 goto unlock;
06199cf8
JH		 2029
2030 if (changed)
2031 err = new_settings(hdev, sk);
2032
1de028ce 2033 goto unlock;
06199cf8
JH		 2034 }
2035
4375f103
JH		 2036 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2037 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2038 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2039 MGMT_STATUS_BUSY);
1de028ce 2040 goto unlock;
06199cf8
JH		 2041 }
2042
2043 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2044 if (!cmd) {
2045 err = -ENOMEM;
1de028ce 2046 goto unlock;
06199cf8
JH		 2047 }
2048
441ad2d0
MH		 2049 hci_req_init(&req, hdev);
2050
06199cf8
JH		 2051 memset(&hci_cp, 0, sizeof(hci_cp));
2052
2053 if (val) {
2054 hci_cp.le = val;
ffa88e02 2055 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2056 } else {
2057 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2058 disable_advertising(&req);
06199cf8
JH		 2059 }
2060
416a4ae5
JH		 2061 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2062 &hci_cp);
2063
2064 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2065 if (err < 0)
06199cf8 2066 mgmt_pending_remove(cmd);
06199cf8 2067
1de028ce
JH		 2068unlock:
2069 hci_dev_unlock(hdev);
06199cf8
JH		 2070 return err;
2071}
2072
0cab9c80
JH		 2073/* This is a helper function to test for pending mgmt commands that can
2074 * cause CoD or EIR HCI commands. We can only allow one such pending
2075 * mgmt command at a time since otherwise we cannot easily track what
2076 * the current values are, will be, and based on that calculate if a new
2077 * HCI command needs to be sent and if yes with what value.
2078 */
2079static bool pending_eir_or_class(struct hci_dev *hdev)
2080{
2081 struct pending_cmd *cmd;
2082
2083 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2084 switch (cmd->opcode) {
2085 case MGMT_OP_ADD_UUID:
2086 case MGMT_OP_REMOVE_UUID:
2087 case MGMT_OP_SET_DEV_CLASS:
2088 case MGMT_OP_SET_POWERED:
2089 return true;
2090 }
2091 }
2092
2093 return false;
2094}
2095
83be8eca
JH		 2096static const u8 bluetooth_base_uuid[] = {
2097 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2098 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2099};
2100
2101static u8 get_uuid_size(const u8 *uuid)
2102{
2103 u32 val;
2104
2105 if (memcmp(uuid, bluetooth_base_uuid, 12))
2106 return 128;
2107
2108 val = get_unaligned_le32(&uuid[12]);
2109 if (val > 0xffff)
2110 return 32;
2111
2112 return 16;
2113}
2114
92da6097
JH		 2115static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2116{
2117 struct pending_cmd *cmd;
2118
2119 hci_dev_lock(hdev);
2120
2121 cmd = mgmt_pending_find(mgmt_op, hdev);
2122 if (!cmd)
2123 goto unlock;
2124
2125 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2126 hdev->dev_class, 3);
2127
2128 mgmt_pending_remove(cmd);
2129
2130unlock:
2131 hci_dev_unlock(hdev);
2132}
2133
2134static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2135{
2136 BT_DBG("status 0x%02x", status);
2137
2138 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2139}
2140
bdb6d971 2141static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2142{
650f726d 2143 struct mgmt_cp_add_uuid *cp = data;
90e70454 2144 struct pending_cmd *cmd;
890ea898 2145 struct hci_request req;
2aeb9a1a 2146 struct bt_uuid *uuid;
2aeb9a1a
JH		 2147 int err;
2148
bdb6d971 2149 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2150
09fd0de5 2151 hci_dev_lock(hdev);
2aeb9a1a 2152
0cab9c80 2153 if (pending_eir_or_class(hdev)) {
bdb6d971 2154 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2155 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2156 goto failed;
2157 }
2158
92c4c204 2159 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2160 if (!uuid) {
2161 err = -ENOMEM;
2162 goto failed;
2163 }
2164
2165 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2166 uuid->svc_hint = cp->svc_hint;
83be8eca 2167 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2168
de66aa63 2169 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2170
890ea898 2171 hci_req_init(&req, hdev);
1aff6f09 2172
890ea898
JH		 2173 update_class(&req);
2174 update_eir(&req);
2175
92da6097
JH		 2176 err = hci_req_run(&req, add_uuid_complete);
2177 if (err < 0) {
2178 if (err != -ENODATA)
2179 goto failed;
80a1e1db 2180
bdb6d971 2181 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2182 hdev->dev_class, 3);
90e70454
JH		 2183 goto failed;
2184 }
2185
2186 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2187 if (!cmd) {
90e70454 2188 err = -ENOMEM;
890ea898
JH		 2189 goto failed;
2190 }
2191
2192 err = 0;
2aeb9a1a
JH		 2193
2194failed:
09fd0de5 2195 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2196 return err;
2197}
2198
24b78d0f
JH		 2199static bool enable_service_cache(struct hci_dev *hdev)
2200{
2201 if (!hdev_is_powered(hdev))
2202 return false;
2203
2204 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2205 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2206 CACHE_TIMEOUT);
24b78d0f
JH		 2207 return true;
2208 }
2209
2210 return false;
2211}
2212
92da6097
JH		 2213static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2214{
2215 BT_DBG("status 0x%02x", status);
2216
2217 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2218}
2219
bdb6d971 2220static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2221 u16 len)
2aeb9a1a 2222{
650f726d 2223 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2224 struct pending_cmd *cmd;
056341c8 2225 struct bt_uuid *match, *tmp;
2aeb9a1a 2226 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2227 struct hci_request req;
2aeb9a1a
JH		 2228 int err, found;
2229
bdb6d971 2230 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2231
09fd0de5 2232 hci_dev_lock(hdev);
2aeb9a1a 2233
0cab9c80 2234 if (pending_eir_or_class(hdev)) {
bdb6d971 2235 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2236 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2237 goto unlock;
2238 }
2239
2aeb9a1a 2240 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2241 hci_uuids_clear(hdev);
4004b6d9 2242
24b78d0f 2243 if (enable_service_cache(hdev)) {
bdb6d971 2244 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2245 0, hdev->dev_class, 3);
24b78d0f
JH		 2246 goto unlock;
2247 }
4004b6d9 2248
9246a869 2249 goto update_class;
2aeb9a1a
JH		 2250 }
2251
2252 found = 0;
2253
056341c8 2254 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2255 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2256 continue;
2257
2258 list_del(&match->list);
482049f7 2259 kfree(match);
2aeb9a1a
JH		 2260 found++;
2261 }
2262
2263 if (found == 0) {
bdb6d971 2264 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2265 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2266 goto unlock;
2267 }
2268
9246a869 2269update_class:
890ea898 2270 hci_req_init(&req, hdev);
1aff6f09 2271
890ea898
JH		 2272 update_class(&req);
2273 update_eir(&req);
2274
92da6097
JH		 2275 err = hci_req_run(&req, remove_uuid_complete);
2276 if (err < 0) {
2277 if (err != -ENODATA)
2278 goto unlock;
80a1e1db 2279
bdb6d971 2280 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2281 hdev->dev_class, 3);
90e70454
JH		 2282 goto unlock;
2283 }
2284
2285 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2286 if (!cmd) {
90e70454 2287 err = -ENOMEM;
890ea898
JH		 2288 goto unlock;
2289 }
2290
2291 err = 0;
2aeb9a1a
JH		 2292
2293unlock:
09fd0de5 2294 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2295 return err;
2296}
2297
92da6097
JH		 2298static void set_class_complete(struct hci_dev *hdev, u8 status)
2299{
2300 BT_DBG("status 0x%02x", status);
2301
2302 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2303}
2304
bdb6d971 2305static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2306 u16 len)
1aff6f09 2307{
650f726d 2308 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2309 struct pending_cmd *cmd;
890ea898 2310 struct hci_request req;
1aff6f09
JH		 2311 int err;
2312
bdb6d971 2313 BT_DBG("request for %s", hdev->name);
1aff6f09 2314
6203fc98 2315 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2316 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2317 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2318
0cab9c80 2319 hci_dev_lock(hdev);
ee98f473 2320
0cab9c80
JH		 2321 if (pending_eir_or_class(hdev)) {
2322 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2323 MGMT_STATUS_BUSY);
2324 goto unlock;
2325 }
c95f0ba7 2326
0cab9c80
JH		 2327 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2328 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2329 MGMT_STATUS_INVALID_PARAMS);
2330 goto unlock;
2331 }
575b3a02 2332
932f5ff5
JH		 2333 hdev->major_class = cp->major;
2334 hdev->minor_class = cp->minor;
2335
b5235a65 2336 if (!hdev_is_powered(hdev)) {
bdb6d971 2337 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2338 hdev->dev_class, 3);
b5235a65
JH		 2339 goto unlock;
2340 }
2341
890ea898
JH		 2342 hci_req_init(&req, hdev);
2343
a8b2d5c2 2344 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2345 hci_dev_unlock(hdev);
2346 cancel_delayed_work_sync(&hdev->service_cache);
2347 hci_dev_lock(hdev);
890ea898 2348 update_eir(&req);
7d78525d 2349 }
14c0b608 2350
890ea898
JH		 2351 update_class(&req);
2352
92da6097
JH		 2353 err = hci_req_run(&req, set_class_complete);
2354 if (err < 0) {
2355 if (err != -ENODATA)
2356 goto unlock;
1aff6f09 2357
bdb6d971 2358 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2359 hdev->dev_class, 3);
90e70454
JH		 2360 goto unlock;
2361 }
2362
2363 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2364 if (!cmd) {
90e70454 2365 err = -ENOMEM;
890ea898
JH		 2366 goto unlock;
2367 }
2368
2369 err = 0;
1aff6f09 2370
b5235a65 2371unlock:
09fd0de5 2372 hci_dev_unlock(hdev);
1aff6f09
JH		 2373 return err;
2374}
2375
bdb6d971 2376static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2377 u16 len)
55ed8ca1 2378{
650f726d 2379 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2380 u16 key_count, expected_len;
b1de97d8 2381 bool changed;
a492cd52 2382 int i;
55ed8ca1 2383
9060d5cf
MH		 2384 BT_DBG("request for %s", hdev->name);
2385
2386 if (!lmp_bredr_capable(hdev))
2387 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2388 MGMT_STATUS_NOT_SUPPORTED);
2389
1f350c87 2390 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2391
86742e1e
JH		 2392 expected_len = sizeof(*cp) + key_count *
2393 sizeof(struct mgmt_link_key_info);
a492cd52 2394 if (expected_len != len) {
86742e1e 2395 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2396 expected_len, len);
bdb6d971 2397 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2398 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2399 }
2400
4ae14301
JH		 2401 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2402 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2403 MGMT_STATUS_INVALID_PARAMS);
2404
bdb6d971 2405 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2406 key_count);
55ed8ca1 2407
4ee71b20
JH		 2408 for (i = 0; i < key_count; i++) {
2409 struct mgmt_link_key_info *key = &cp->keys[i];
2410
8e991132 2411 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2412 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2413 MGMT_STATUS_INVALID_PARAMS);
2414 }
2415
09fd0de5 2416 hci_dev_lock(hdev);
55ed8ca1
JH		 2417
2418 hci_link_keys_clear(hdev);
2419
55ed8ca1 2420 if (cp->debug_keys)
0663b297
JH		 2421 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2422 &hdev->dev_flags);
55ed8ca1 2423 else
0663b297
JH		 2424 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2425 &hdev->dev_flags);
b1de97d8
MH		 2426
2427 if (changed)
2428 new_settings(hdev, NULL);
55ed8ca1 2429
a492cd52 2430 for (i = 0; i < key_count; i++) {
86742e1e 2431 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2432
58e9293c
JH		 2433 /* Always ignore debug keys and require a new pairing if
2434 * the user wants to use them.
2435 */
2436 if (key->type == HCI_LK_DEBUG_COMBINATION)
2437 continue;
2438
7652ff6a
JH		 2439 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2440 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2441 }
2442
bdb6d971 2443 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2444
09fd0de5 2445 hci_dev_unlock(hdev);
55ed8ca1 2446
a492cd52 2447 return 0;
55ed8ca1
JH		 2448}
2449
b1078ad0 2450static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2451 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2452{
2453 struct mgmt_ev_device_unpaired ev;
2454
2455 bacpy(&ev.addr.bdaddr, bdaddr);
2456 ev.addr.type = addr_type;
2457
2458 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2459 skip_sk);
b1078ad0
JH		 2460}
2461
bdb6d971 2462static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2463 u16 len)
55ed8ca1 2464{
124f6e35
JH		 2465 struct mgmt_cp_unpair_device *cp = data;
2466 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2467 struct hci_cp_disconnect dc;
2468 struct pending_cmd *cmd;
55ed8ca1 2469 struct hci_conn *conn;
55ed8ca1
JH		 2470 int err;
2471
a8a1d19e 2472 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2473 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2474 rp.addr.type = cp->addr.type;
a8a1d19e 2475
4ee71b20
JH		 2476 if (!bdaddr_type_is_valid(cp->addr.type))
2477 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2478 MGMT_STATUS_INVALID_PARAMS,
2479 &rp, sizeof(rp));
2480
118da70b
JH		 2481 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2482 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2483 MGMT_STATUS_INVALID_PARAMS,
2484 &rp, sizeof(rp));
2485
4ee71b20
JH		 2486 hci_dev_lock(hdev);
2487
86a8cfc6 2488 if (!hdev_is_powered(hdev)) {
bdb6d971 2489 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2490 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2491 goto unlock;
2492 }
2493
e0b2b27e 2494 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2495 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2496 } else {
2497 u8 addr_type;
2498
2499 if (cp->addr.type == BDADDR_LE_PUBLIC)
2500 addr_type = ADDR_LE_DEV_PUBLIC;
2501 else
2502 addr_type = ADDR_LE_DEV_RANDOM;
2503
a7ec7338
JH		 2504 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2505
a9b0a04c
AG		 2506 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2507
e0b2b27e
JH		 2508 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2509 }
b0dbfb46 2510
55ed8ca1 2511 if (err < 0) {
bdb6d971 2512 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2513 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2514 goto unlock;
2515 }
2516
86a8cfc6 2517 if (cp->disconnect) {
591f47f3 2518 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2519 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2520 &cp->addr.bdaddr);
86a8cfc6
JH		 2521 else
2522 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2523 &cp->addr.bdaddr);
86a8cfc6
JH		 2524 } else {
2525 conn = NULL;
2526 }
124f6e35 2527
a8a1d19e 2528 if (!conn) {
bdb6d971 2529 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2530 &rp, sizeof(rp));
b1078ad0 2531 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2532 goto unlock;
2533 }
55ed8ca1 2534
124f6e35 2535 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2536 sizeof(*cp));
a8a1d19e
JH		 2537 if (!cmd) {
2538 err = -ENOMEM;
2539 goto unlock;
55ed8ca1
JH		 2540 }
2541
eb55ef07 2542 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2543 dc.reason = 0x13; /* Remote User Terminated Connection */
2544 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2545 if (err < 0)
2546 mgmt_pending_remove(cmd);
2547
55ed8ca1 2548unlock:
09fd0de5 2549 hci_dev_unlock(hdev);
55ed8ca1
JH		 2550 return err;
2551}
2552
bdb6d971 2553static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2554 u16 len)
8962ee74 2555{
650f726d 2556 struct mgmt_cp_disconnect *cp = data;
06a63b19 2557 struct mgmt_rp_disconnect rp;
8962ee74 2558 struct hci_cp_disconnect dc;
366a0336 2559 struct pending_cmd *cmd;
8962ee74 2560 struct hci_conn *conn;
8962ee74
JH		 2561 int err;
2562
2563 BT_DBG("");
2564
06a63b19
JH		 2565 memset(&rp, 0, sizeof(rp));
2566 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2567 rp.addr.type = cp->addr.type;
2568
4ee71b20 2569 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2570 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2571 MGMT_STATUS_INVALID_PARAMS,
2572 &rp, sizeof(rp));
4ee71b20 2573
09fd0de5 2574 hci_dev_lock(hdev);
8962ee74
JH		 2575
2576 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2577 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2578 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2579 goto failed;
2580 }
2581
2e58ef3e 2582 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2583 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2584 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2585 goto failed;
2586 }
2587
591f47f3 2588 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2589 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2590 &cp->addr.bdaddr);
88c3df13
JH		 2591 else
2592 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2593
f960727e 2594 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2595 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2596 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2597 goto failed;
2598 }
2599
2e58ef3e 2600 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2601 if (!cmd) {
2602 err = -ENOMEM;
8962ee74 2603 goto failed;
366a0336 2604 }
8962ee74 2605
eb55ef07 2606 dc.handle = cpu_to_le16(conn->handle);
3701f944 2607 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2608
2609 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2610 if (err < 0)
a664b5bc 2611 mgmt_pending_remove(cmd);
8962ee74
JH		 2612
2613failed:
09fd0de5 2614 hci_dev_unlock(hdev);
8962ee74
JH		 2615 return err;
2616}
2617
57c1477c 2618static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2619{
2620 switch (link_type) {
2621 case LE_LINK:
48264f06
JH		 2622 switch (addr_type) {
2623 case ADDR_LE_DEV_PUBLIC:
591f47f3 2624 return BDADDR_LE_PUBLIC;
0ed09148 2625
48264f06 2626 default:
0ed09148 2627 /* Fallback to LE Random address type */
591f47f3 2628 return BDADDR_LE_RANDOM;
48264f06 2629 }
0ed09148 2630
4c659c39 2631 default:
0ed09148 2632 /* Fallback to BR/EDR type */
591f47f3 2633 return BDADDR_BREDR;
4c659c39
JH		 2634 }
2635}
2636
04124681
GP		 2637static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2638 u16 data_len)
2784eb41 2639{
2784eb41 2640 struct mgmt_rp_get_connections *rp;
8035ded4 2641 struct hci_conn *c;
a38528f1 2642 size_t rp_len;
60fc5fb6
JH		 2643 int err;
2644 u16 i;
2784eb41
JH		 2645
2646 BT_DBG("");
2647
09fd0de5 2648 hci_dev_lock(hdev);
2784eb41 2649
5f97c1df 2650 if (!hdev_is_powered(hdev)) {
bdb6d971 2651 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2652 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2653 goto unlock;
2654 }
2655
60fc5fb6 2656 i = 0;
b644ba33
JH		 2657 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2658 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2659 i++;
2784eb41
JH		 2660 }
2661
60fc5fb6 2662 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2663 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2664 if (!rp) {
2784eb41
JH		 2665 err = -ENOMEM;
2666 goto unlock;
2667 }
2668
2784eb41 2669 i = 0;
4c659c39 2670 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2671 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2672 continue;
4c659c39 2673 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2674 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2675 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2676 continue;
2677 i++;
2678 }
2679
eb55ef07 2680 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2681
4c659c39
JH		 2682 /* Recalculate length in case of filtered SCO connections, etc */
2683 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2684
bdb6d971 2685 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2686 rp_len);
2784eb41 2687
a38528f1 2688 kfree(rp);
5f97c1df
JH		 2689
2690unlock:
09fd0de5 2691 hci_dev_unlock(hdev);
2784eb41
JH		 2692 return err;
2693}
2694
bdb6d971 2695static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2696 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2697{
2698 struct pending_cmd *cmd;
2699 int err;
2700
2e58ef3e 2701 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2702 sizeof(*cp));
96d97a67
WR		 2703 if (!cmd)
2704 return -ENOMEM;
2705
d8457698 2706 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2707 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2708 if (err < 0)
2709 mgmt_pending_remove(cmd);
2710
2711 return err;
2712}
2713
bdb6d971 2714static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2715 u16 len)
980e1a53 2716{
96d97a67 2717 struct hci_conn *conn;
650f726d 2718 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2719 struct hci_cp_pin_code_reply reply;
366a0336 2720 struct pending_cmd *cmd;
980e1a53
JH		 2721 int err;
2722
2723 BT_DBG("");
2724
09fd0de5 2725 hci_dev_lock(hdev);
980e1a53 2726
4b34ee78 2727 if (!hdev_is_powered(hdev)) {
bdb6d971 2728 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2729 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2730 goto failed;
2731 }
2732
d8457698 2733 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2734 if (!conn) {
bdb6d971 2735 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2736 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2737 goto failed;
2738 }
2739
2740 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2741 struct mgmt_cp_pin_code_neg_reply ncp;
2742
2743 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2744
2745 BT_ERR("PIN code is not 16 bytes long");
2746
bdb6d971 2747 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2748 if (err >= 0)
bdb6d971 2749 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2750 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2751
2752 goto failed;
2753 }
2754
00abfe44 2755 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2756 if (!cmd) {
2757 err = -ENOMEM;
980e1a53 2758 goto failed;
366a0336 2759 }
980e1a53 2760
d8457698 2761 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2762 reply.pin_len = cp->pin_len;
24718ca5 2763 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2764
2765 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2766 if (err < 0)
a664b5bc 2767 mgmt_pending_remove(cmd);
980e1a53
JH		 2768
2769failed:
09fd0de5 2770 hci_dev_unlock(hdev);
980e1a53
JH		 2771 return err;
2772}
2773
04124681
GP		 2774static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2775 u16 len)
17fa4b9d 2776{
650f726d 2777 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2778
2779 BT_DBG("");
2780
4ec86d4c
JH		 2781 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2782 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2783 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2784
09fd0de5 2785 hci_dev_lock(hdev);
17fa4b9d
JH		 2786
2787 hdev->io_capability = cp->io_capability;
2788
2789 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2790 hdev->io_capability);
17fa4b9d 2791
09fd0de5 2792 hci_dev_unlock(hdev);
17fa4b9d 2793
04124681
GP		 2794 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2795 0);
17fa4b9d
JH		 2796}
2797
6039aa73 2798static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2799{
2800 struct hci_dev *hdev = conn->hdev;
8035ded4 2801 struct pending_cmd *cmd;
e9a416b5 2802
2e58ef3e 2803 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2804 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2805 continue;
2806
e9a416b5
JH		 2807 if (cmd->user_data != conn)
2808 continue;
2809
2810 return cmd;
2811 }
2812
2813 return NULL;
2814}
2815
2816static void pairing_complete(struct pending_cmd *cmd, u8 status)
2817{
2818 struct mgmt_rp_pair_device rp;
2819 struct hci_conn *conn = cmd->user_data;
2820
61b1a7fb
JH		 2821 bacpy(&rp.addr.bdaddr, &conn->dst);
2822 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2823
aee9b218 2824 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2825 &rp, sizeof(rp));
e9a416b5
JH		 2826
2827 /* So we don't get further callbacks for this connection */
2828 conn->connect_cfm_cb = NULL;
2829 conn->security_cfm_cb = NULL;
2830 conn->disconn_cfm_cb = NULL;
2831
76a68ba0 2832 hci_conn_drop(conn);
e9a416b5 2833
a664b5bc 2834 mgmt_pending_remove(cmd);
e9a416b5
JH		 2835}
2836
f4a407be
JH		 2837void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2838{
2839 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2840 struct pending_cmd *cmd;
2841
2842 cmd = find_pairing(conn);
2843 if (cmd)
2844 pairing_complete(cmd, status);
2845}
2846
e9a416b5
JH		 2847static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2848{
2849 struct pending_cmd *cmd;
2850
2851 BT_DBG("status %u", status);
2852
2853 cmd = find_pairing(conn);
56e5cb86 2854 if (!cmd)
e9a416b5 2855 BT_DBG("Unable to find a pending command");
56e5cb86 2856 else
e211326c 2857 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2858}
2859
f4a407be 2860static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2861{
2862 struct pending_cmd *cmd;
2863
2864 BT_DBG("status %u", status);
2865
2866 if (!status)
2867 return;
2868
2869 cmd = find_pairing(conn);
2870 if (!cmd)
2871 BT_DBG("Unable to find a pending command");
2872 else
2873 pairing_complete(cmd, mgmt_status(status));
2874}
2875
bdb6d971 2876static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2877 u16 len)
e9a416b5 2878{
650f726d 2879 struct mgmt_cp_pair_device *cp = data;
1425acb7 2880 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2881 struct pending_cmd *cmd;
2882 u8 sec_level, auth_type;
2883 struct hci_conn *conn;
e9a416b5
JH		 2884 int err;
2885
2886 BT_DBG("");
2887
f950a30e
SJ		 2888 memset(&rp, 0, sizeof(rp));
2889 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2890 rp.addr.type = cp->addr.type;
2891
4ee71b20
JH		 2892 if (!bdaddr_type_is_valid(cp->addr.type))
2893 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2894 MGMT_STATUS_INVALID_PARAMS,
2895 &rp, sizeof(rp));
2896
4ec86d4c
JH		 2897 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2898 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2899 MGMT_STATUS_INVALID_PARAMS,
2900 &rp, sizeof(rp));
2901
09fd0de5 2902 hci_dev_lock(hdev);
e9a416b5 2903
5f97c1df 2904 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2905 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2906 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2907 goto unlock;
2908 }
2909
c908df36 2910 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2911 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2912
6f77d8c7 2913 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2914 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2915 auth_type);
6f77d8c7
AG		 2916 } else {
2917 u8 addr_type;
2918
2919 /* Convert from L2CAP channel address type to HCI address type
2920 */
2921 if (cp->addr.type == BDADDR_LE_PUBLIC)
2922 addr_type = ADDR_LE_DEV_PUBLIC;
2923 else
2924 addr_type = ADDR_LE_DEV_RANDOM;
2925
2926 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2927 sec_level, auth_type);
6f77d8c7 2928 }
7a512d01 2929
30e76272 2930 if (IS_ERR(conn)) {
489dc48e
AK		 2931 int status;
2932
2933 if (PTR_ERR(conn) == -EBUSY)
2934 status = MGMT_STATUS_BUSY;
2935 else
2936 status = MGMT_STATUS_CONNECT_FAILED;
2937
bdb6d971 2938 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2939 status, &rp,
04124681 2940 sizeof(rp));
e9a416b5
JH		 2941 goto unlock;
2942 }
2943
2944 if (conn->connect_cfm_cb) {
76a68ba0 2945 hci_conn_drop(conn);
bdb6d971 2946 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2947 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2948 goto unlock;
2949 }
2950
2e58ef3e 2951 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2952 if (!cmd) {
2953 err = -ENOMEM;
76a68ba0 2954 hci_conn_drop(conn);
e9a416b5
JH		 2955 goto unlock;
2956 }
2957
7a512d01 2958 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2959 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2960 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2961 conn->security_cfm_cb = pairing_complete_cb;
2962 conn->disconn_cfm_cb = pairing_complete_cb;
2963 } else {
2964 conn->connect_cfm_cb = le_pairing_complete_cb;
2965 conn->security_cfm_cb = le_pairing_complete_cb;
2966 conn->disconn_cfm_cb = le_pairing_complete_cb;
2967 }
7a512d01 2968
e9a416b5
JH		 2969 conn->io_capability = cp->io_cap;
2970 cmd->user_data = conn;
2971
2972 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2973 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2974 pairing_complete(cmd, 0);
2975
2976 err = 0;
2977
2978unlock:
09fd0de5 2979 hci_dev_unlock(hdev);
e9a416b5
JH		 2980 return err;
2981}
2982
04124681
GP		 2983static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2984 u16 len)
28424707 2985{
0f4e68cf 2986 struct mgmt_addr_info *addr = data;
28424707
JH		 2987 struct pending_cmd *cmd;
2988 struct hci_conn *conn;
2989 int err;
2990
2991 BT_DBG("");
2992
28424707
JH		 2993 hci_dev_lock(hdev);
2994
5f97c1df 2995 if (!hdev_is_powered(hdev)) {
bdb6d971 2996 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2997 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2998 goto unlock;
2999 }
3000
28424707
JH		 3001 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3002 if (!cmd) {
bdb6d971 3003 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3004 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3005 goto unlock;
3006 }
3007
3008 conn = cmd->user_data;
3009
3010 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3011 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3012 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3013 goto unlock;
3014 }
3015
3016 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3017
bdb6d971 3018 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3019 addr, sizeof(*addr));
28424707
JH		 3020unlock:
3021 hci_dev_unlock(hdev);
28424707
JH		 3022 return err;
3023}
3024
bdb6d971 3025static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3026 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3027 u16 hci_op, __le32 passkey)
a5c29683 3028{
a5c29683 3029 struct pending_cmd *cmd;
0df4c185 3030 struct hci_conn *conn;
a5c29683
JH		 3031 int err;
3032
09fd0de5 3033 hci_dev_lock(hdev);
08ba5382 3034
4b34ee78 3035 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3036 err = cmd_complete(sk, hdev->id, mgmt_op,
3037 MGMT_STATUS_NOT_POWERED, addr,
3038 sizeof(*addr));
0df4c185 3039 goto done;
a5c29683
JH		 3040 }
3041
1707c60e
JH		 3042 if (addr->type == BDADDR_BREDR)
3043 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3044 else
1707c60e 3045 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3046
3047 if (!conn) {
feb94d3d
JH		 3048 err = cmd_complete(sk, hdev->id, mgmt_op,
3049 MGMT_STATUS_NOT_CONNECTED, addr,
3050 sizeof(*addr));
272d90df
JH		 3051 goto done;
3052 }
47c15e2b 3053
1707c60e 3054 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
c73f94b8
JH		 3055 /* Continue with pairing via SMP. The hdev lock must be
3056 * released as SMP may try to recquire it for crypto
3057 * purposes.
3058 */
3059 hci_dev_unlock(hdev);
5fe57d9e 3060 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
c73f94b8 3061 hci_dev_lock(hdev);
5fe57d9e
BG		 3062
3063 if (!err)
feb94d3d
JH		 3064 err = cmd_complete(sk, hdev->id, mgmt_op,
3065 MGMT_STATUS_SUCCESS, addr,
3066 sizeof(*addr));
5fe57d9e 3067 else
feb94d3d
JH		 3068 err = cmd_complete(sk, hdev->id, mgmt_op,
3069 MGMT_STATUS_FAILED, addr,
3070 sizeof(*addr));
47c15e2b 3071
47c15e2b
BG		 3072 goto done;
3073 }
3074
1707c60e 3075 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3076 if (!cmd) {
3077 err = -ENOMEM;
0df4c185 3078 goto done;
a5c29683
JH		 3079 }
3080
0df4c185 3081 /* Continue with pairing via HCI */
604086b7
BG		 3082 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3083 struct hci_cp_user_passkey_reply cp;
3084
1707c60e 3085 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3086 cp.passkey = passkey;
3087 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3088 } else
1707c60e
JH		 3089 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3090 &addr->bdaddr);
604086b7 3091
a664b5bc
JH		 3092 if (err < 0)
3093 mgmt_pending_remove(cmd);
a5c29683 3094
0df4c185 3095done:
09fd0de5 3096 hci_dev_unlock(hdev);
a5c29683
JH		 3097 return err;
3098}
3099
afeb019d
JK		 3100static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3101 void *data, u16 len)
3102{
3103 struct mgmt_cp_pin_code_neg_reply *cp = data;
3104
3105 BT_DBG("");
3106
1707c60e 3107 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3108 MGMT_OP_PIN_CODE_NEG_REPLY,
3109 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3110}
3111
04124681
GP		 3112static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3113 u16 len)
0df4c185 3114{
650f726d 3115 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3116
3117 BT_DBG("");
3118
3119 if (len != sizeof(*cp))
bdb6d971 3120 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3121 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3122
1707c60e 3123 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3124 MGMT_OP_USER_CONFIRM_REPLY,
3125 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3126}
3127
bdb6d971 3128static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3129 void *data, u16 len)
0df4c185 3130{
c9c2659f 3131 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3132
3133 BT_DBG("");
3134
1707c60e 3135 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3136 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3137 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3138}
3139
04124681
GP		 3140static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3141 u16 len)
604086b7 3142{
650f726d 3143 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3144
3145 BT_DBG("");
3146
1707c60e 3147 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3148 MGMT_OP_USER_PASSKEY_REPLY,
3149 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3150}
3151
bdb6d971 3152static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3153 void *data, u16 len)
604086b7 3154{
650f726d 3155 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3156
3157 BT_DBG("");
3158
1707c60e 3159 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3160 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3161 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3162}
3163
13928971 3164static void update_name(struct hci_request *req)
2b4bf397 3165{
13928971 3166 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3167 struct hci_cp_write_local_name cp;
3168
13928971 3169 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3170
890ea898 3171 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3172}
3173
13928971
JH		 3174static void set_name_complete(struct hci_dev *hdev, u8 status)
3175{
3176 struct mgmt_cp_set_local_name *cp;
3177 struct pending_cmd *cmd;
3178
3179 BT_DBG("status 0x%02x", status);
3180
3181 hci_dev_lock(hdev);
3182
3183 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3184 if (!cmd)
3185 goto unlock;
3186
3187 cp = cmd->param;
3188
3189 if (status)
3190 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3191 mgmt_status(status));
3192 else
3193 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3194 cp, sizeof(*cp));
3195
3196 mgmt_pending_remove(cmd);
3197
3198unlock:
3199 hci_dev_unlock(hdev);
3200}
3201
bdb6d971 3202static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3203 u16 len)
b312b161 3204{
2b4bf397 3205 struct mgmt_cp_set_local_name *cp = data;
b312b161 3206 struct pending_cmd *cmd;
890ea898 3207 struct hci_request req;
b312b161
JH		 3208 int err;
3209
3210 BT_DBG("");
3211
09fd0de5 3212 hci_dev_lock(hdev);
b312b161 3213
b3f2ca94
JH		 3214 /* If the old values are the same as the new ones just return a
3215 * direct command complete event.
3216 */
3217 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3218 !memcmp(hdev->short_name, cp->short_name,
3219 sizeof(hdev->short_name))) {
3220 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3221 data, len);
3222 goto failed;
3223 }
3224
2b4bf397 3225 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3226
b5235a65 3227 if (!hdev_is_powered(hdev)) {
2b4bf397 3228 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3229
3230 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3231 data, len);
28cc7bde
JH		 3232 if (err < 0)
3233 goto failed;
3234
3235 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3236 sk);
28cc7bde 3237
b5235a65
JH		 3238 goto failed;
3239 }
3240
28cc7bde 3241 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3242 if (!cmd) {
3243 err = -ENOMEM;
3244 goto failed;
3245 }
3246
13928971
JH		 3247 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3248
890ea898 3249 hci_req_init(&req, hdev);
3f985050
JH		 3250
3251 if (lmp_bredr_capable(hdev)) {
3252 update_name(&req);
3253 update_eir(&req);
3254 }
3255
7a5f4990
MH		 3256 /* The name is stored in the scan response data and so
3257 * no need to udpate the advertising data here.
3258 */
3f985050 3259 if (lmp_le_capable(hdev))
7a5f4990 3260 update_scan_rsp_data(&req);
3f985050 3261
13928971 3262 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3263 if (err < 0)
3264 mgmt_pending_remove(cmd);
3265
3266failed:
09fd0de5 3267 hci_dev_unlock(hdev);
b312b161
JH		 3268 return err;
3269}
3270
0f4e68cf 3271static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3272 void *data, u16 data_len)
c35938b2 3273{
c35938b2
SJ		 3274 struct pending_cmd *cmd;
3275 int err;
3276
bdb6d971 3277 BT_DBG("%s", hdev->name);
c35938b2 3278
09fd0de5 3279 hci_dev_lock(hdev);
c35938b2 3280
4b34ee78 3281 if (!hdev_is_powered(hdev)) {
bdb6d971 3282 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3283 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3284 goto unlock;
3285 }
3286
9a1a1996 3287 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3288 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3289 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3290 goto unlock;
3291 }
3292
2e58ef3e 3293 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3294 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3295 MGMT_STATUS_BUSY);
c35938b2
SJ		 3296 goto unlock;
3297 }
3298
2e58ef3e 3299 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3300 if (!cmd) {
3301 err = -ENOMEM;
3302 goto unlock;
3303 }
3304
4d2d2796
MH		 3305 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3306 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3307 0, NULL);
3308 else
3309 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3310
c35938b2
SJ		 3311 if (err < 0)
3312 mgmt_pending_remove(cmd);
3313
3314unlock:
09fd0de5 3315 hci_dev_unlock(hdev);
c35938b2
SJ		 3316 return err;
3317}
3318
bdb6d971 3319static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3320 void *data, u16 len)
2763eda6 3321{
2763eda6
SJ		 3322 int err;
3323
bdb6d971 3324 BT_DBG("%s ", hdev->name);
2763eda6 3325
09fd0de5 3326 hci_dev_lock(hdev);
2763eda6 3327
ec109113
MH		 3328 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3329 struct mgmt_cp_add_remote_oob_data *cp = data;
3330 u8 status;
bf1e3541 3331
ec109113
MH		 3332 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3333 cp->hash, cp->randomizer);
3334 if (err < 0)
3335 status = MGMT_STATUS_FAILED;
3336 else
3337 status = MGMT_STATUS_SUCCESS;
3338
3339 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3340 status, &cp->addr, sizeof(cp->addr));
3341 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3342 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3343 u8 status;
3344
3345 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3346 cp->hash192,
3347 cp->randomizer192,
3348 cp->hash256,
3349 cp->randomizer256);
3350 if (err < 0)
3351 status = MGMT_STATUS_FAILED;
3352 else
3353 status = MGMT_STATUS_SUCCESS;
3354
3355 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3356 status, &cp->addr, sizeof(cp->addr));
3357 } else {
3358 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3359 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3360 MGMT_STATUS_INVALID_PARAMS);
3361 }
2763eda6 3362
09fd0de5 3363 hci_dev_unlock(hdev);
2763eda6
SJ		 3364 return err;
3365}
3366
bdb6d971 3367static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3368 void *data, u16 len)
2763eda6 3369{
650f726d 3370 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3371 u8 status;
2763eda6
SJ		 3372 int err;
3373
bdb6d971 3374 BT_DBG("%s", hdev->name);
2763eda6 3375
09fd0de5 3376 hci_dev_lock(hdev);
2763eda6 3377
664ce4cc 3378 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3379 if (err < 0)
bf1e3541 3380 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3381 else
a6785be2 3382 status = MGMT_STATUS_SUCCESS;
bf1e3541 3383
bdb6d971 3384 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3385 status, &cp->addr, sizeof(cp->addr));
2763eda6 3386
09fd0de5 3387 hci_dev_unlock(hdev);
2763eda6
SJ		 3388 return err;
3389}
3390
41dc2bd6
AG		 3391static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3392{
3393 struct pending_cmd *cmd;
3394 u8 type;
3395 int err;
3396
3397 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3398
3399 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3400 if (!cmd)
3401 return -ENOENT;
3402
3403 type = hdev->discovery.type;
3404
3405 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3406 &type, sizeof(type));
3407 mgmt_pending_remove(cmd);
3408
3409 return err;
3410}
3411
7c307720
AG		 3412static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3413{
ae55f598
LR		 3414 unsigned long timeout = 0;
3415
7c307720
AG		 3416 BT_DBG("status %d", status);
3417
3418 if (status) {
3419 hci_dev_lock(hdev);
3420 mgmt_start_discovery_failed(hdev, status);
3421 hci_dev_unlock(hdev);
3422 return;
3423 }
3424
3425 hci_dev_lock(hdev);
3426 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3427 hci_dev_unlock(hdev);
3428
3429 switch (hdev->discovery.type) {
3430 case DISCOV_TYPE_LE:
3d5a76f0 3431 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3432 break;
3433
3434 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3435 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3436 break;
3437
3438 case DISCOV_TYPE_BREDR:
3439 break;
3440
3441 default:
3442 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3443 }
ae55f598
LR		 3444
3445 if (!timeout)
3446 return;
3447
3448 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3449}
3450
bdb6d971 3451static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3452 void *data, u16 len)
14a53664 3453{
650f726d 3454 struct mgmt_cp_start_discovery *cp = data;
14a53664 3455 struct pending_cmd *cmd;
7c307720
AG		 3456 struct hci_cp_le_set_scan_param param_cp;
3457 struct hci_cp_le_set_scan_enable enable_cp;
3458 struct hci_cp_inquiry inq_cp;
3459 struct hci_request req;
3460 /* General inquiry access code (GIAC) */
3461 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3462 u8 status, own_addr_type;
14a53664
JH		 3463 int err;
3464
bdb6d971 3465 BT_DBG("%s", hdev->name);
14a53664 3466
09fd0de5 3467 hci_dev_lock(hdev);
14a53664 3468
4b34ee78 3469 if (!hdev_is_powered(hdev)) {
bdb6d971 3470 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3471 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3472 goto failed;
3473 }
3474
642be6c7
AG		 3475 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3476 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3477 MGMT_STATUS_BUSY);
3478 goto failed;
3479 }
3480
ff9ef578 3481 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3482 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3483 MGMT_STATUS_BUSY);
ff9ef578
JH		 3484 goto failed;
3485 }
3486
2e58ef3e 3487 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3488 if (!cmd) {
3489 err = -ENOMEM;
3490 goto failed;
3491 }
3492
4aab14e5
AG		 3493 hdev->discovery.type = cp->type;
3494
7c307720
AG		 3495 hci_req_init(&req, hdev);
3496
4aab14e5 3497 switch (hdev->discovery.type) {
f39799f5 3498 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3499 status = mgmt_bredr_support(hdev);
3500 if (status) {
04106755 3501 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3502 status);
04106755
JH		 3503 mgmt_pending_remove(cmd);
3504 goto failed;
3505 }
3506
7c307720
AG		 3507 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3508 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3509 MGMT_STATUS_BUSY);
3510 mgmt_pending_remove(cmd);
3511 goto failed;
3512 }
3513
3514 hci_inquiry_cache_flush(hdev);
3515
3516 memset(&inq_cp, 0, sizeof(inq_cp));
3517 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3518 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3519 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3520 break;
3521
3522 case DISCOV_TYPE_LE:
7c307720 3523 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3524 status = mgmt_le_support(hdev);
3525 if (status) {
04106755 3526 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3527 status);
04106755
JH		 3528 mgmt_pending_remove(cmd);
3529 goto failed;
3530 }
3531
7c307720 3532 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3533 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3534 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3535 MGMT_STATUS_NOT_SUPPORTED);
3536 mgmt_pending_remove(cmd);
3537 goto failed;
3538 }
3539
f3d3444a 3540 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3541 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3542 MGMT_STATUS_REJECTED);
3543 mgmt_pending_remove(cmd);
3544 goto failed;
3545 }
3546
c54c3860
AG		 3547 /* If controller is scanning, it means the background scanning
3548 * is running. Thus, we should temporarily stop it in order to
3549 * set the discovery scanning parameters.
3550 */
3551 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3552 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3553
3554 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3555
94b1fc92
MH		 3556 /* All active scans will be done with either a resolvable
3557 * private address (when privacy feature has been enabled)
3558 * or unresolvable private address.
3559 */
3560 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3561 if (err < 0) {
3562 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3563 MGMT_STATUS_FAILED);
3564 mgmt_pending_remove(cmd);
3565 goto failed;
3566 }
3567
7c307720 3568 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3569 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3570 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3571 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3572 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3573 &param_cp);
3574
3575 memset(&enable_cp, 0, sizeof(enable_cp));
3576 enable_cp.enable = LE_SCAN_ENABLE;
3577 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3578 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3579 &enable_cp);
5e0452c0
AG		 3580 break;
3581
f39799f5 3582 default:
04106755
JH		 3583 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3584 MGMT_STATUS_INVALID_PARAMS);
3585 mgmt_pending_remove(cmd);
3586 goto failed;
f39799f5 3587 }
3fd24153 3588
7c307720 3589 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3590 if (err < 0)
3591 mgmt_pending_remove(cmd);
ff9ef578
JH		 3592 else
3593 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3594
3595failed:
09fd0de5 3596 hci_dev_unlock(hdev);
14a53664
JH		 3597 return err;
3598}
3599
1183fdca
AG		 3600static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3601{
3602 struct pending_cmd *cmd;
3603 int err;
3604
3605 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3606 if (!cmd)
3607 return -ENOENT;
3608
3609 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3610 &hdev->discovery.type, sizeof(hdev->discovery.type));
3611 mgmt_pending_remove(cmd);
3612
3613 return err;
3614}
3615
0e05bba6
AG		 3616static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3617{
3618 BT_DBG("status %d", status);
3619
3620 hci_dev_lock(hdev);
3621
3622 if (status) {
3623 mgmt_stop_discovery_failed(hdev, status);
3624 goto unlock;
3625 }
3626
3627 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3628
3629unlock:
3630 hci_dev_unlock(hdev);
3631}
3632
bdb6d971 3633static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3634 u16 len)
14a53664 3635{
d930650b 3636 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3637 struct pending_cmd *cmd;
0e05bba6 3638 struct hci_request req;
14a53664
JH		 3639 int err;
3640
bdb6d971 3641 BT_DBG("%s", hdev->name);
14a53664 3642
09fd0de5 3643 hci_dev_lock(hdev);
14a53664 3644
30dc78e1 3645 if (!hci_discovery_active(hdev)) {
bdb6d971 3646 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3647 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3648 sizeof(mgmt_cp->type));
d930650b
JH		 3649 goto unlock;
3650 }
3651
3652 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3653 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3654 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3655 sizeof(mgmt_cp->type));
30dc78e1 3656 goto unlock;
ff9ef578
JH		 3657 }
3658
2e58ef3e 3659 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3660 if (!cmd) {
3661 err = -ENOMEM;
30dc78e1
JH		 3662 goto unlock;
3663 }
3664
0e05bba6
AG		 3665 hci_req_init(&req, hdev);
3666
21a60d30 3667 hci_stop_discovery(&req);
e0d9727e 3668
21a60d30
JH		 3669 err = hci_req_run(&req, stop_discovery_complete);
3670 if (!err) {
3671 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3672 goto unlock;
14a53664
JH		 3673 }
3674
21a60d30
JH		 3675 mgmt_pending_remove(cmd);
3676
3677 /* If no HCI commands were sent we're done */
3678 if (err == -ENODATA) {
3679 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3680 &mgmt_cp->type, sizeof(mgmt_cp->type));
3681 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3682 }
14a53664 3683
30dc78e1 3684unlock:
09fd0de5 3685 hci_dev_unlock(hdev);
14a53664
JH		 3686 return err;
3687}
3688
bdb6d971 3689static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3690 u16 len)
561aafbc 3691{
650f726d 3692 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3693 struct inquiry_entry *e;
561aafbc
JH		 3694 int err;
3695
bdb6d971 3696 BT_DBG("%s", hdev->name);
561aafbc 3697
561aafbc
JH		 3698 hci_dev_lock(hdev);
3699
30dc78e1 3700 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3701 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3702 MGMT_STATUS_FAILED, &cp->addr,
3703 sizeof(cp->addr));
30dc78e1
JH		 3704 goto failed;
3705 }
3706
a198e7b1 3707 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3708 if (!e) {
d3a2541d
LR		 3709 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3710 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3711 sizeof(cp->addr));
561aafbc
JH		 3712 goto failed;
3713 }
3714
3715 if (cp->name_known) {
3716 e->name_state = NAME_KNOWN;
3717 list_del(&e->list);
3718 } else {
3719 e->name_state = NAME_NEEDED;
a3d4e20a 3720 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3721 }
3722
e384662b
JH		 3723 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3724 sizeof(cp->addr));
561aafbc
JH		 3725
3726failed:
3727 hci_dev_unlock(hdev);
561aafbc
JH		 3728 return err;
3729}
3730
bdb6d971 3731static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3732 u16 len)
7fbec224 3733{
650f726d 3734 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3735 u8 status;
7fbec224
AJ		 3736 int err;
3737
bdb6d971 3738 BT_DBG("%s", hdev->name);
7fbec224 3739
4ee71b20 3740 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3741 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3742 MGMT_STATUS_INVALID_PARAMS,
3743 &cp->addr, sizeof(cp->addr));
4ee71b20 3744
09fd0de5 3745 hci_dev_lock(hdev);
5e762444 3746
88c1fe4b 3747 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3748 if (err < 0)
f0eeea8b 3749 status = MGMT_STATUS_FAILED;
7fbec224 3750 else
a6785be2 3751 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3752
bdb6d971 3753 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3754 &cp->addr, sizeof(cp->addr));
5e762444 3755
09fd0de5 3756 hci_dev_unlock(hdev);
7fbec224
AJ		 3757
3758 return err;
3759}
3760
bdb6d971 3761static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3762 u16 len)
7fbec224 3763{
650f726d 3764 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3765 u8 status;
7fbec224
AJ		 3766 int err;
3767
bdb6d971 3768 BT_DBG("%s", hdev->name);
7fbec224 3769
4ee71b20 3770 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3771 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3772 MGMT_STATUS_INVALID_PARAMS,
3773 &cp->addr, sizeof(cp->addr));
4ee71b20 3774
09fd0de5 3775 hci_dev_lock(hdev);
5e762444 3776
88c1fe4b 3777 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3778 if (err < 0)
f0eeea8b 3779 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3780 else
a6785be2 3781 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3782
bdb6d971 3783 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3784 &cp->addr, sizeof(cp->addr));
5e762444 3785
09fd0de5 3786 hci_dev_unlock(hdev);
7fbec224
AJ		 3787
3788 return err;
3789}
3790
cdbaccca
MH		 3791static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3792 u16 len)
3793{
3794 struct mgmt_cp_set_device_id *cp = data;
890ea898 3795 struct hci_request req;
cdbaccca 3796 int err;
c72d4b8a 3797 __u16 source;
cdbaccca
MH		 3798
3799 BT_DBG("%s", hdev->name);
3800
c72d4b8a
SJ		 3801 source = __le16_to_cpu(cp->source);
3802
3803 if (source > 0x0002)
3804 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3805 MGMT_STATUS_INVALID_PARAMS);
3806
cdbaccca
MH		 3807 hci_dev_lock(hdev);
3808
c72d4b8a 3809 hdev->devid_source = source;
cdbaccca
MH		 3810 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3811 hdev->devid_product = __le16_to_cpu(cp->product);
3812 hdev->devid_version = __le16_to_cpu(cp->version);
3813
3814 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3815
890ea898
JH		 3816 hci_req_init(&req, hdev);
3817 update_eir(&req);
3818 hci_req_run(&req, NULL);
cdbaccca
MH		 3819
3820 hci_dev_unlock(hdev);
3821
3822 return err;
3823}
3824
4375f103
JH		 3825static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3826{
3827 struct cmd_lookup match = { NULL, hdev };
3828
3829 if (status) {
3830 u8 mgmt_err = mgmt_status(status);
3831
3832 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3833 cmd_status_rsp, &mgmt_err);
3834 return;
3835 }
3836
3837 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3838 &match);
3839
3840 new_settings(hdev, match.sk);
3841
3842 if (match.sk)
3843 sock_put(match.sk);
3844}
3845
21b5187f
MH		 3846static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3847 u16 len)
4375f103
JH		 3848{
3849 struct mgmt_mode *cp = data;
3850 struct pending_cmd *cmd;
3851 struct hci_request req;
e6fe7986 3852 u8 val, enabled, status;
4375f103
JH		 3853 int err;
3854
3855 BT_DBG("request for %s", hdev->name);
3856
e6fe7986
JH		 3857 status = mgmt_le_support(hdev);
3858 if (status)
4375f103 3859 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3860 status);
4375f103
JH		 3861
3862 if (cp->val != 0x00 && cp->val != 0x01)
3863 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3864 MGMT_STATUS_INVALID_PARAMS);
3865
3866 hci_dev_lock(hdev);
3867
3868 val = !!cp->val;
f3d3444a 3869 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3870
f74ca9b8
JH		 3871 /* The following conditions are ones which mean that we should
3872 * not do any HCI communication but directly send a mgmt
3873 * response to user space (after toggling the flag if
3874 * necessary).
3875 */
3876 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3877 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3878 bool changed = false;
3879
f3d3444a
JH		 3880 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3881 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3882 changed = true;
3883 }
3884
3885 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3886 if (err < 0)
3887 goto unlock;
3888
3889 if (changed)
3890 err = new_settings(hdev, sk);
3891
3892 goto unlock;
3893 }
3894
3895 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3896 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3897 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3898 MGMT_STATUS_BUSY);
3899 goto unlock;
3900 }
3901
3902 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3903 if (!cmd) {
3904 err = -ENOMEM;
3905 goto unlock;
3906 }
3907
3908 hci_req_init(&req, hdev);
3909
bba3aa55
MH		 3910 if (val)
3911 enable_advertising(&req);
3912 else
3913 disable_advertising(&req);
4375f103
JH		 3914
3915 err = hci_req_run(&req, set_advertising_complete);
3916 if (err < 0)
3917 mgmt_pending_remove(cmd);
3918
3919unlock:
3920 hci_dev_unlock(hdev);
3921 return err;
3922}
3923
d13eafce
MH		 3924static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3925 void *data, u16 len)
3926{
3927 struct mgmt_cp_set_static_address *cp = data;
3928 int err;
3929
3930 BT_DBG("%s", hdev->name);
3931
62af4443 3932 if (!lmp_le_capable(hdev))
d13eafce 3933 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3934 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3935
3936 if (hdev_is_powered(hdev))
3937 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3938 MGMT_STATUS_REJECTED);
3939
3940 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3941 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3942 return cmd_status(sk, hdev->id,
3943 MGMT_OP_SET_STATIC_ADDRESS,
3944 MGMT_STATUS_INVALID_PARAMS);
3945
3946 /* Two most significant bits shall be set */
3947 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3948 return cmd_status(sk, hdev->id,
3949 MGMT_OP_SET_STATIC_ADDRESS,
3950 MGMT_STATUS_INVALID_PARAMS);
3951 }
3952
3953 hci_dev_lock(hdev);
3954
3955 bacpy(&hdev->static_addr, &cp->bdaddr);
3956
3957 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3958
3959 hci_dev_unlock(hdev);
3960
3961 return err;
3962}
3963
14b49b9a
MH		 3964static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3965 void *data, u16 len)
3966{
3967 struct mgmt_cp_set_scan_params *cp = data;
3968 __u16 interval, window;
3969 int err;
3970
3971 BT_DBG("%s", hdev->name);
3972
3973 if (!lmp_le_capable(hdev))
3974 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3975 MGMT_STATUS_NOT_SUPPORTED);
3976
3977 interval = __le16_to_cpu(cp->interval);
3978
3979 if (interval < 0x0004 || interval > 0x4000)
3980 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3981 MGMT_STATUS_INVALID_PARAMS);
3982
3983 window = __le16_to_cpu(cp->window);
3984
3985 if (window < 0x0004 || window > 0x4000)
3986 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3987 MGMT_STATUS_INVALID_PARAMS);
3988
899e1075
MH		 3989 if (window > interval)
3990 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3991 MGMT_STATUS_INVALID_PARAMS);
3992
14b49b9a
MH		 3993 hci_dev_lock(hdev);
3994
3995 hdev->le_scan_interval = interval;
3996 hdev->le_scan_window = window;
3997
3998 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3999
dd2ef8e2
AG		 4000 /* If background scan is running, restart it so new parameters are
4001 * loaded.
4002 */
4003 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4004 hdev->discovery.state == DISCOVERY_STOPPED) {
4005 struct hci_request req;
4006
4007 hci_req_init(&req, hdev);
4008
4009 hci_req_add_le_scan_disable(&req);
4010 hci_req_add_le_passive_scan(&req);
4011
4012 hci_req_run(&req, NULL);
4013 }
4014
14b49b9a
MH		 4015 hci_dev_unlock(hdev);
4016
4017 return err;
4018}
4019
33e38b3e
JH		 4020static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4021{
4022 struct pending_cmd *cmd;
4023
4024 BT_DBG("status 0x%02x", status);
4025
4026 hci_dev_lock(hdev);
4027
4028 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4029 if (!cmd)
4030 goto unlock;
4031
4032 if (status) {
4033 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4034 mgmt_status(status));
4035 } else {
1a4d3c4b
JH		 4036 struct mgmt_mode *cp = cmd->param;
4037
4038 if (cp->val)
4039 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4040 else
4041 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4042
33e38b3e
JH		 4043 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4044 new_settings(hdev, cmd->sk);
4045 }
4046
4047 mgmt_pending_remove(cmd);
4048
4049unlock:
4050 hci_dev_unlock(hdev);
4051}
4052
bdb6d971 4053static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4054 void *data, u16 len)
f6422ec6 4055{
650f726d 4056 struct mgmt_mode *cp = data;
33e38b3e
JH		 4057 struct pending_cmd *cmd;
4058 struct hci_request req;
f6422ec6
AJ		 4059 int err;
4060
bdb6d971 4061 BT_DBG("%s", hdev->name);
f6422ec6 4062
56f87901
JH		 4063 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4064 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4065 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4066 MGMT_STATUS_NOT_SUPPORTED);
4067
a7e80f25
JH		 4068 if (cp->val != 0x00 && cp->val != 0x01)
4069 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4070 MGMT_STATUS_INVALID_PARAMS);
4071
5400c044 4072 if (!hdev_is_powered(hdev))
bdb6d971 4073 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4074 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4075
4076 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4077 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4078 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4079
4080 hci_dev_lock(hdev);
4081
05cbf29f
JH		 4082 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4083 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4084 MGMT_STATUS_BUSY);
4085 goto unlock;
4086 }
4087
1a4d3c4b
JH		 4088 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4089 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4090 hdev);
4091 goto unlock;
4092 }
4093
33e38b3e
JH		 4094 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4095 data, len);
4096 if (!cmd) {
4097 err = -ENOMEM;
4098 goto unlock;
f6422ec6
AJ		 4099 }
4100
33e38b3e
JH		 4101 hci_req_init(&req, hdev);
4102
406d7804 4103 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4104
4105 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4106 if (err < 0) {
bdb6d971 4107 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4108 MGMT_STATUS_FAILED);
33e38b3e 4109 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4110 }
4111
33e38b3e 4112unlock:
f6422ec6 4113 hci_dev_unlock(hdev);
33e38b3e 4114
f6422ec6
AJ		 4115 return err;
4116}
4117
67e5a7a3
JH		 4118static void set_bredr_scan(struct hci_request *req)
4119{
4120 struct hci_dev *hdev = req->hdev;
4121 u8 scan = 0;
4122
4123 /* Ensure that fast connectable is disabled. This function will
4124 * not do anything if the page scan parameters are already what
4125 * they should be.
4126 */
4127 write_fast_connectable(req, false);
4128
4129 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4130 scan |= SCAN_PAGE;
4131 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4132 scan |= SCAN_INQUIRY;
4133
4134 if (scan)
4135 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4136}
4137
0663ca2a
JH		 4138static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4139{
4140 struct pending_cmd *cmd;
4141
4142 BT_DBG("status 0x%02x", status);
4143
4144 hci_dev_lock(hdev);
4145
4146 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4147 if (!cmd)
4148 goto unlock;
4149
4150 if (status) {
4151 u8 mgmt_err = mgmt_status(status);
4152
4153 /* We need to restore the flag if related HCI commands
4154 * failed.
4155 */
4156 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4157
4158 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4159 } else {
4160 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4161 new_settings(hdev, cmd->sk);
4162 }
4163
4164 mgmt_pending_remove(cmd);
4165
4166unlock:
4167 hci_dev_unlock(hdev);
4168}
4169
4170static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4171{
4172 struct mgmt_mode *cp = data;
4173 struct pending_cmd *cmd;
4174 struct hci_request req;
4175 int err;
4176
4177 BT_DBG("request for %s", hdev->name);
4178
4179 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4180 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4181 MGMT_STATUS_NOT_SUPPORTED);
4182
4183 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4184 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4185 MGMT_STATUS_REJECTED);
4186
4187 if (cp->val != 0x00 && cp->val != 0x01)
4188 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4189 MGMT_STATUS_INVALID_PARAMS);
4190
4191 hci_dev_lock(hdev);
4192
4193 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4194 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4195 goto unlock;
4196 }
4197
4198 if (!hdev_is_powered(hdev)) {
4199 if (!cp->val) {
0663ca2a
JH		 4200 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4201 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4202 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4203 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4204 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4205 }
4206
4207 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4208
4209 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4210 if (err < 0)
4211 goto unlock;
4212
4213 err = new_settings(hdev, sk);
4214 goto unlock;
4215 }
4216
4217 /* Reject disabling when powered on */
4218 if (!cp->val) {
4219 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4220 MGMT_STATUS_REJECTED);
4221 goto unlock;
4222 }
4223
4224 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4225 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4226 MGMT_STATUS_BUSY);
4227 goto unlock;
4228 }
4229
4230 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4231 if (!cmd) {
4232 err = -ENOMEM;
4233 goto unlock;
4234 }
4235
5947f4bc 4236 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4237 * generates the correct flags.
4238 */
4239 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4240
4241 hci_req_init(&req, hdev);
aa8af46e
JH		 4242
4243 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4244 set_bredr_scan(&req);
4245
f14d8f64
MH		 4246 /* Since only the advertising data flags will change, there
4247 * is no need to update the scan response data.
4248 */
5947f4bc 4249 update_adv_data(&req);
aa8af46e 4250
0663ca2a
JH		 4251 err = hci_req_run(&req, set_bredr_complete);
4252 if (err < 0)
4253 mgmt_pending_remove(cmd);
4254
4255unlock:
4256 hci_dev_unlock(hdev);
4257 return err;
4258}
4259
eac83dc6
MH		 4260static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4261 void *data, u16 len)
4262{
4263 struct mgmt_mode *cp = data;
4264 struct pending_cmd *cmd;
0ab04a9c 4265 u8 val, status;
eac83dc6
MH		 4266 int err;
4267
4268 BT_DBG("request for %s", hdev->name);
4269
4270 status = mgmt_bredr_support(hdev);
4271 if (status)
4272 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4273 status);
4274
5afeac14 4275 if (!lmp_sc_capable(hdev) &&
111902f7 4276 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4277 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4278 MGMT_STATUS_NOT_SUPPORTED);
4279
0ab04a9c 4280 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4281 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4282 MGMT_STATUS_INVALID_PARAMS);
4283
4284 hci_dev_lock(hdev);
4285
4286 if (!hdev_is_powered(hdev)) {
4287 bool changed;
4288
0ab04a9c 4289 if (cp->val) {
eac83dc6
MH		 4290 changed = !test_and_set_bit(HCI_SC_ENABLED,
4291 &hdev->dev_flags);
0ab04a9c
MH		 4292 if (cp->val == 0x02)
4293 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4294 else
4295 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4296 } else {
eac83dc6
MH		 4297 changed = test_and_clear_bit(HCI_SC_ENABLED,
4298 &hdev->dev_flags);
0ab04a9c
MH		 4299 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4300 }
eac83dc6
MH		 4301
4302 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4303 if (err < 0)
4304 goto failed;
4305
4306 if (changed)
4307 err = new_settings(hdev, sk);
4308
4309 goto failed;
4310 }
4311
4312 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4313 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4314 MGMT_STATUS_BUSY);
4315 goto failed;
4316 }
4317
0ab04a9c
MH		 4318 val = !!cp->val;
4319
4320 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4321 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4322 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4323 goto failed;
4324 }
4325
4326 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4327 if (!cmd) {
4328 err = -ENOMEM;
4329 goto failed;
4330 }
4331
0ab04a9c 4332 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4333 if (err < 0) {
4334 mgmt_pending_remove(cmd);
4335 goto failed;
4336 }
4337
0ab04a9c
MH		 4338 if (cp->val == 0x02)
4339 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4340 else
4341 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4342
eac83dc6
MH		 4343failed:
4344 hci_dev_unlock(hdev);
4345 return err;
4346}
4347
4e39ac81
MH		 4348static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4349 void *data, u16 len)
4350{
4351 struct mgmt_mode *cp = data;
4352 bool changed;
4353 int err;
4354
4355 BT_DBG("request for %s", hdev->name);
4356
4357 if (cp->val != 0x00 && cp->val != 0x01)
4358 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4359 MGMT_STATUS_INVALID_PARAMS);
4360
4361 hci_dev_lock(hdev);
4362
4363 if (cp->val)
0663b297
JH		 4364 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4365 &hdev->dev_flags);
4e39ac81 4366 else
0663b297
JH		 4367 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4368 &hdev->dev_flags);
4e39ac81
MH		 4369
4370 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4371 if (err < 0)
4372 goto unlock;
4373
4374 if (changed)
4375 err = new_settings(hdev, sk);
4376
4377unlock:
4378 hci_dev_unlock(hdev);
4379 return err;
4380}
4381
62b04cd1
JH		 4382static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4383 u16 len)
4384{
4385 struct mgmt_cp_set_privacy *cp = cp_data;
4386 bool changed;
4387 int err;
4388
4389 BT_DBG("request for %s", hdev->name);
4390
4391 if (!lmp_le_capable(hdev))
4392 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4393 MGMT_STATUS_NOT_SUPPORTED);
4394
4395 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4396 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4397 MGMT_STATUS_INVALID_PARAMS);
4398
4399 if (hdev_is_powered(hdev))
4400 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4401 MGMT_STATUS_REJECTED);
4402
4403 hci_dev_lock(hdev);
4404
c21c0ea0
JH		 4405 /* If user space supports this command it is also expected to
4406 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4407 */
4408 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4409
62b04cd1
JH		 4410 if (cp->privacy) {
4411 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4412 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4413 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4414 } else {
4415 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4416 memset(hdev->irk, 0, sizeof(hdev->irk));
4417 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4418 }
4419
4420 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4421 if (err < 0)
4422 goto unlock;
4423
4424 if (changed)
4425 err = new_settings(hdev, sk);
4426
4427unlock:
4428 hci_dev_unlock(hdev);
4429 return err;
4430}
4431
41edf160
JH		 4432static bool irk_is_valid(struct mgmt_irk_info *irk)
4433{
4434 switch (irk->addr.type) {
4435 case BDADDR_LE_PUBLIC:
4436 return true;
4437
4438 case BDADDR_LE_RANDOM:
4439 /* Two most significant bits shall be set */
4440 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4441 return false;
4442 return true;
4443 }
4444
4445 return false;
4446}
4447
4448static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4449 u16 len)
4450{
4451 struct mgmt_cp_load_irks *cp = cp_data;
4452 u16 irk_count, expected_len;
4453 int i, err;
4454
4455 BT_DBG("request for %s", hdev->name);
4456
4457 if (!lmp_le_capable(hdev))
4458 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4459 MGMT_STATUS_NOT_SUPPORTED);
4460
4461 irk_count = __le16_to_cpu(cp->irk_count);
4462
4463 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4464 if (expected_len != len) {
4465 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4466 expected_len, len);
41edf160
JH		 4467 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4468 MGMT_STATUS_INVALID_PARAMS);
4469 }
4470
4471 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4472
4473 for (i = 0; i < irk_count; i++) {
4474 struct mgmt_irk_info *key = &cp->irks[i];
4475
4476 if (!irk_is_valid(key))
4477 return cmd_status(sk, hdev->id,
4478 MGMT_OP_LOAD_IRKS,
4479 MGMT_STATUS_INVALID_PARAMS);
4480 }
4481
4482 hci_dev_lock(hdev);
4483
4484 hci_smp_irks_clear(hdev);
4485
4486 for (i = 0; i < irk_count; i++) {
4487 struct mgmt_irk_info *irk = &cp->irks[i];
4488 u8 addr_type;
4489
4490 if (irk->addr.type == BDADDR_LE_PUBLIC)
4491 addr_type = ADDR_LE_DEV_PUBLIC;
4492 else
4493 addr_type = ADDR_LE_DEV_RANDOM;
4494
4495 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4496 BDADDR_ANY);
4497 }
4498
4499 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4500
4501 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4502
4503 hci_dev_unlock(hdev);
4504
4505 return err;
4506}
4507
3f706b72
JH		 4508static bool ltk_is_valid(struct mgmt_ltk_info *key)
4509{
4510 if (key->master != 0x00 && key->master != 0x01)
4511 return false;
490cb0b3
MH		 4512
4513 switch (key->addr.type) {
4514 case BDADDR_LE_PUBLIC:
4515 return true;
4516
4517 case BDADDR_LE_RANDOM:
4518 /* Two most significant bits shall be set */
4519 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4520 return false;
4521 return true;
4522 }
4523
4524 return false;
3f706b72
JH		 4525}
4526
bdb6d971 4527static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4528 void *cp_data, u16 len)
346af67b 4529{
346af67b
VCG		 4530 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4531 u16 key_count, expected_len;
715a5bf2 4532 int i, err;
346af67b 4533
cf99ba13
MH		 4534 BT_DBG("request for %s", hdev->name);
4535
4536 if (!lmp_le_capable(hdev))
4537 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4538 MGMT_STATUS_NOT_SUPPORTED);
4539
1f350c87 4540 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4541
4542 expected_len = sizeof(*cp) + key_count *
4543 sizeof(struct mgmt_ltk_info);
4544 if (expected_len != len) {
4545 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4546 expected_len, len);
bdb6d971 4547 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4548 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4549 }
4550
bdb6d971 4551 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4552
54ad6d8a
JH		 4553 for (i = 0; i < key_count; i++) {
4554 struct mgmt_ltk_info *key = &cp->keys[i];
4555
3f706b72 4556 if (!ltk_is_valid(key))
54ad6d8a
JH		 4557 return cmd_status(sk, hdev->id,
4558 MGMT_OP_LOAD_LONG_TERM_KEYS,
4559 MGMT_STATUS_INVALID_PARAMS);
4560 }
4561
346af67b
VCG		 4562 hci_dev_lock(hdev);
4563
4564 hci_smp_ltks_clear(hdev);
4565
4566 for (i = 0; i < key_count; i++) {
4567 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4568 u8 type, addr_type, authenticated;
79d95a19
MH		 4569
4570 if (key->addr.type == BDADDR_LE_PUBLIC)
4571 addr_type = ADDR_LE_DEV_PUBLIC;
4572 else
4573 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4574
4575 if (key->master)
2ceba539 4576 type = SMP_LTK;
346af67b 4577 else
2ceba539 4578 type = SMP_LTK_SLAVE;
346af67b 4579
61b43357
JH		 4580 switch (key->type) {
4581 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4582 authenticated = 0x00;
61b43357
JH		 4583 break;
4584 case MGMT_LTK_AUTHENTICATED:
d7b25450 4585 authenticated = 0x01;
61b43357
JH		 4586 break;
4587 default:
4588 continue;
4589 }
d7b25450 4590
35d70271 4591 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4592 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4593 key->rand);
346af67b
VCG		 4594 }
4595
715a5bf2
JH		 4596 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4597 NULL, 0);
4598
346af67b 4599 hci_dev_unlock(hdev);
346af67b 4600
715a5bf2 4601 return err;
346af67b
VCG		 4602}
4603
dd983808
AK		 4604struct cmd_conn_lookup {
4605 struct hci_conn *conn;
4606 bool valid_tx_power;
4607 u8 mgmt_status;
4608};
4609
4610static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4611{
4612 struct cmd_conn_lookup *match = data;
4613 struct mgmt_cp_get_conn_info *cp;
4614 struct mgmt_rp_get_conn_info rp;
4615 struct hci_conn *conn = cmd->user_data;
4616
4617 if (conn != match->conn)
4618 return;
4619
4620 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4621
4622 memset(&rp, 0, sizeof(rp));
4623 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4624 rp.addr.type = cp->addr.type;
4625
4626 if (!match->mgmt_status) {
4627 rp.rssi = conn->rssi;
4628
eed5daf3 4629 if (match->valid_tx_power) {
dd983808 4630 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4631 rp.max_tx_power = conn->max_tx_power;
4632 } else {
dd983808 4633 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4634 rp.max_tx_power = HCI_TX_POWER_INVALID;
4635 }
dd983808
AK		 4636 }
4637
4638 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4639 match->mgmt_status, &rp, sizeof(rp));
4640
4641 hci_conn_drop(conn);
4642
4643 mgmt_pending_remove(cmd);
4644}
4645
4646static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4647{
4648 struct hci_cp_read_rssi *cp;
4649 struct hci_conn *conn;
4650 struct cmd_conn_lookup match;
4651 u16 handle;
4652
4653 BT_DBG("status 0x%02x", status);
4654
4655 hci_dev_lock(hdev);
4656
4657 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4658 * otherwise we assume it's not valid. At the moment we assume that
4659 * either both or none of current and max values are valid to keep code
4660 * simple.
dd983808
AK		 4661 */
4662 match.valid_tx_power = !status;
4663
4664 /* Commands sent in request are either Read RSSI or Read Transmit Power
4665 * Level so we check which one was last sent to retrieve connection
4666 * handle. Both commands have handle as first parameter so it's safe to
4667 * cast data on the same command struct.
4668 *
4669 * First command sent is always Read RSSI and we fail only if it fails.
4670 * In other case we simply override error to indicate success as we
4671 * already remembered if TX power value is actually valid.
4672 */
4673 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4674 if (!cp) {
4675 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4676 status = 0;
4677 }
4678
4679 if (!cp) {
4680 BT_ERR("invalid sent_cmd in response");
4681 goto unlock;
4682 }
4683
4684 handle = __le16_to_cpu(cp->handle);
4685 conn = hci_conn_hash_lookup_handle(hdev, handle);
4686 if (!conn) {
4687 BT_ERR("unknown handle (%d) in response", handle);
4688 goto unlock;
4689 }
4690
4691 match.conn = conn;
4692 match.mgmt_status = mgmt_status(status);
4693
4694 /* Cache refresh is complete, now reply for mgmt request for given
4695 * connection only.
4696 */
4697 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4698 get_conn_info_complete, &match);
4699
4700unlock:
4701 hci_dev_unlock(hdev);
4702}
4703
4704static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4705 u16 len)
4706{
4707 struct mgmt_cp_get_conn_info *cp = data;
4708 struct mgmt_rp_get_conn_info rp;
4709 struct hci_conn *conn;
4710 unsigned long conn_info_age;
4711 int err = 0;
4712
4713 BT_DBG("%s", hdev->name);
4714
4715 memset(&rp, 0, sizeof(rp));
4716 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4717 rp.addr.type = cp->addr.type;
4718
4719 if (!bdaddr_type_is_valid(cp->addr.type))
4720 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4721 MGMT_STATUS_INVALID_PARAMS,
4722 &rp, sizeof(rp));
4723
4724 hci_dev_lock(hdev);
4725
4726 if (!hdev_is_powered(hdev)) {
4727 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4728 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4729 goto unlock;
4730 }
4731
4732 if (cp->addr.type == BDADDR_BREDR)
4733 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4734 &cp->addr.bdaddr);
4735 else
4736 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4737
4738 if (!conn || conn->state != BT_CONNECTED) {
4739 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4740 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4741 goto unlock;
4742 }
4743
4744 /* To avoid client trying to guess when to poll again for information we
4745 * calculate conn info age as random value between min/max set in hdev.
4746 */
4747 conn_info_age = hdev->conn_info_min_age +
4748 prandom_u32_max(hdev->conn_info_max_age -
4749 hdev->conn_info_min_age);
4750
4751 /* Query controller to refresh cached values if they are too old or were
4752 * never read.
4753 */
f4e2dd53
AK		 4754 if (time_after(jiffies, conn->conn_info_timestamp +
4755 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4756 !conn->conn_info_timestamp) {
4757 struct hci_request req;
4758 struct hci_cp_read_tx_power req_txp_cp;
4759 struct hci_cp_read_rssi req_rssi_cp;
4760 struct pending_cmd *cmd;
4761
4762 hci_req_init(&req, hdev);
4763 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4764 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4765 &req_rssi_cp);
4766
f7faab0c
AK		 4767 /* For LE links TX power does not change thus we don't need to
4768 * query for it once value is known.
4769 */
4770 if (!bdaddr_type_is_le(cp->addr.type) ||
4771 conn->tx_power == HCI_TX_POWER_INVALID) {
4772 req_txp_cp.handle = cpu_to_le16(conn->handle);
4773 req_txp_cp.type = 0x00;
4774 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4775 sizeof(req_txp_cp), &req_txp_cp);
4776 }
dd983808 4777
eed5daf3
AK		 4778 /* Max TX power needs to be read only once per connection */
4779 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4780 req_txp_cp.handle = cpu_to_le16(conn->handle);
4781 req_txp_cp.type = 0x01;
4782 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4783 sizeof(req_txp_cp), &req_txp_cp);
4784 }
4785
dd983808
AK		 4786 err = hci_req_run(&req, conn_info_refresh_complete);
4787 if (err < 0)
4788 goto unlock;
4789
4790 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4791 data, len);
4792 if (!cmd) {
4793 err = -ENOMEM;
4794 goto unlock;
4795 }
4796
4797 hci_conn_hold(conn);
4798 cmd->user_data = conn;
4799
4800 conn->conn_info_timestamp = jiffies;
4801 } else {
4802 /* Cache is valid, just reply with values cached in hci_conn */
4803 rp.rssi = conn->rssi;
4804 rp.tx_power = conn->tx_power;
eed5daf3 4805 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4806
4807 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4808 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4809 }
4810
4811unlock:
4812 hci_dev_unlock(hdev);
4813 return err;
4814}
4815
2e3c35ea 4816static const struct mgmt_handler {
04124681
GP		 4817 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4818 u16 data_len);
be22b54e
JH		 4819 bool var_len;
4820 size_t data_len;
0f4e68cf
JH		 4821} mgmt_handlers[] = {
4822 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4823 { read_version, false, MGMT_READ_VERSION_SIZE },
4824 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4825 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4826 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4827 { set_powered, false, MGMT_SETTING_SIZE },
4828 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4829 { set_connectable, false, MGMT_SETTING_SIZE },
4830 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4831 { set_pairable, false, MGMT_SETTING_SIZE },
4832 { set_link_security, false, MGMT_SETTING_SIZE },
4833 { set_ssp, false, MGMT_SETTING_SIZE },
4834 { set_hs, false, MGMT_SETTING_SIZE },
4835 { set_le, false, MGMT_SETTING_SIZE },
4836 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4837 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4838 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4839 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4840 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4841 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4842 { disconnect, false, MGMT_DISCONNECT_SIZE },
4843 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4844 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4845 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4846 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4847 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4848 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4849 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4850 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4851 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4852 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4853 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4854 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4855 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4856 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4857 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4858 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4859 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4860 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4861 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4862 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4863 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4864 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4865 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4866 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4867 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4868 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4869 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4870 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 4871 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
0f4e68cf
JH		 4872};
4873
4874
0381101f
JH		 4875int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4876{
650f726d
VCG		 4877 void *buf;
4878 u8 *cp;
0381101f 4879 struct mgmt_hdr *hdr;
4e51eae9 4880 u16 opcode, index, len;
bdb6d971 4881 struct hci_dev *hdev = NULL;
2e3c35ea 4882 const struct mgmt_handler *handler;
0381101f
JH		 4883 int err;
4884
4885 BT_DBG("got %zu bytes", msglen);
4886
4887 if (msglen < sizeof(*hdr))
4888 return -EINVAL;
4889
e63a15ec 4890 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4891 if (!buf)
4892 return -ENOMEM;
4893
4894 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4895 err = -EFAULT;
4896 goto done;
4897 }
4898
650f726d 4899 hdr = buf;
1f350c87
MH		 4900 opcode = __le16_to_cpu(hdr->opcode);
4901 index = __le16_to_cpu(hdr->index);
4902 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4903
4904 if (len != msglen - sizeof(*hdr)) {
4905 err = -EINVAL;
4906 goto done;
4907 }
4908
0f4e68cf 4909 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4910 hdev = hci_dev_get(index);
4911 if (!hdev) {
4912 err = cmd_status(sk, index, opcode,
04124681 4913 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4914 goto done;
4915 }
0736cfa8 4916
cebf4cfd
JH		 4917 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4918 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4919 err = cmd_status(sk, index, opcode,
4920 MGMT_STATUS_INVALID_INDEX);
4921 goto done;
4922 }
bdb6d971
JH		 4923 }
4924
0f4e68cf 4925 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4926 mgmt_handlers[opcode].func == NULL) {
0381101f 4927 BT_DBG("Unknown op %u", opcode);
ca69b795 4928 err = cmd_status(sk, index, opcode,
04124681 4929 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4930 goto done;
4931 }
4932
4933 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4934 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4935 err = cmd_status(sk, index, opcode,
04124681 4936 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4937 goto done;
0381101f
JH		 4938 }
4939
be22b54e
JH		 4940 handler = &mgmt_handlers[opcode];
4941
4942 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4943 (!handler->var_len && len != handler->data_len)) {
be22b54e 4944 err = cmd_status(sk, index, opcode,
04124681 4945 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4946 goto done;
4947 }
4948
0f4e68cf
JH		 4949 if (hdev)
4950 mgmt_init_hdev(sk, hdev);
4951
4952 cp = buf + sizeof(*hdr);
4953
be22b54e 4954 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4955 if (err < 0)
4956 goto done;
4957
0381101f
JH		 4958 err = msglen;
4959
4960done:
bdb6d971
JH		 4961 if (hdev)
4962 hci_dev_put(hdev);
4963
0381101f
JH		 4964 kfree(buf);
4965 return err;
4966}
c71e97bf 4967
bf6b56db 4968void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4969{
1514b892 4970 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4971 return;
bb4b2a9a 4972
bf6b56db 4973 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4974}
4975
bf6b56db 4976void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4977{
5f159032 4978 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4979
1514b892 4980 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4981 return;
bb4b2a9a 4982
744cf19e 4983 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4984
bf6b56db 4985 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4986}
4987
6046dc3e
AG		 4988/* This function requires the caller holds hdev->lock */
4989static void restart_le_auto_conns(struct hci_dev *hdev)
4990{
4991 struct hci_conn_params *p;
4992
4993 list_for_each_entry(p, &hdev->le_conn_params, list) {
4994 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
4995 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
4996 }
4997}
4998
229ab39c
JH		 4999static void powered_complete(struct hci_dev *hdev, u8 status)
5000{
5001 struct cmd_lookup match = { NULL, hdev };
5002
5003 BT_DBG("status 0x%02x", status);
5004
5005 hci_dev_lock(hdev);
5006
6046dc3e
AG		 5007 restart_le_auto_conns(hdev);
5008
229ab39c
JH		 5009 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5010
5011 new_settings(hdev, match.sk);
5012
5013 hci_dev_unlock(hdev);
5014
5015 if (match.sk)
5016 sock_put(match.sk);
5017}
5018
70da6243 5019static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5020{
890ea898 5021 struct hci_request req;
70da6243 5022 u8 link_sec;
5add6af8 5023
890ea898
JH		 5024 hci_req_init(&req, hdev);
5025
70da6243
JH		 5026 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5027 !lmp_host_ssp_capable(hdev)) {
5028 u8 ssp = 1;
5e5282bb 5029
890ea898 5030 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5031 }
5add6af8 5032
c73eee91
JH		 5033 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5034 lmp_bredr_capable(hdev)) {
70da6243 5035 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5036
70da6243
JH		 5037 cp.le = 1;
5038 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5039
70da6243
JH		 5040 /* Check first if we already have the right
5041 * host state (host features set)
5042 */
5043 if (cp.le != lmp_host_le_capable(hdev) ||
5044 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5045 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5046 sizeof(cp), &cp);
70da6243 5047 }
3d1cbdd6 5048
d13eafce 5049 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5050 /* Make sure the controller has a good default for
5051 * advertising data. This also applies to the case
5052 * where BR/EDR was toggled during the AUTO_OFF phase.
5053 */
f14d8f64 5054 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5055 update_adv_data(&req);
f14d8f64
MH		 5056 update_scan_rsp_data(&req);
5057 }
441ad2d0 5058
bba3aa55
MH		 5059 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5060 enable_advertising(&req);
eeca6f89
JH		 5061 }
5062
70da6243
JH		 5063 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5064 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5065 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5066 sizeof(link_sec), &link_sec);
562fcc24 5067
70da6243 5068 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5069 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5070 set_bredr_scan(&req);
890ea898 5071 update_class(&req);
13928971 5072 update_name(&req);
890ea898 5073 update_eir(&req);
70da6243 5074 }
562fcc24 5075
229ab39c 5076 return hci_req_run(&req, powered_complete);
70da6243 5077}
562fcc24 5078
70da6243
JH		 5079int mgmt_powered(struct hci_dev *hdev, u8 powered)
5080{
5081 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5082 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5083 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5084 int err;
f0ff92fb 5085
70da6243
JH		 5086 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5087 return 0;
5088
70da6243 5089 if (powered) {
229ab39c
JH		 5090 if (powered_update_hci(hdev) == 0)
5091 return 0;
fe038884 5092
229ab39c
JH		 5093 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5094 &match);
5095 goto new_settings;
b24752fe
JH		 5096 }
5097
229ab39c
JH		 5098 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5099 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5100
5101 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5102 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5103 zero_cod, sizeof(zero_cod), NULL);
5104
5105new_settings:
beadb2bd 5106 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5107
5108 if (match.sk)
5109 sock_put(match.sk);
5110
7bb895d6 5111 return err;
5add6af8 5112}
73f22f62 5113
3eec705e 5114void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5115{
5116 struct pending_cmd *cmd;
5117 u8 status;
5118
5119 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5120 if (!cmd)
3eec705e 5121 return;
96570ffc
JH		 5122
5123 if (err == -ERFKILL)
5124 status = MGMT_STATUS_RFKILLED;
5125 else
5126 status = MGMT_STATUS_FAILED;
5127
3eec705e 5128 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5129
5130 mgmt_pending_remove(cmd);
96570ffc
JH		 5131}
5132
d1967ff8
MH		 5133void mgmt_discoverable_timeout(struct hci_dev *hdev)
5134{
5135 struct hci_request req;
d1967ff8
MH		 5136
5137 hci_dev_lock(hdev);
5138
5139 /* When discoverable timeout triggers, then just make sure
5140 * the limited discoverable flag is cleared. Even in the case
5141 * of a timeout triggered from general discoverable, it is
5142 * safe to unconditionally clear the flag.
5143 */
5144 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5145 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5146
5147 hci_req_init(&req, hdev);
4b580614
JH		 5148 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5149 u8 scan = SCAN_PAGE;
5150 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5151 sizeof(scan), &scan);
5152 }
d1967ff8 5153 update_class(&req);
9a43e25f 5154 update_adv_data(&req);
d1967ff8
MH		 5155 hci_req_run(&req, NULL);
5156
5157 hdev->discov_timeout = 0;
5158
9a43e25f
JH		 5159 new_settings(hdev, NULL);
5160
d1967ff8
MH		 5161 hci_dev_unlock(hdev);
5162}
5163
86a75645 5164void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5165{
86a75645 5166 bool changed;
73f22f62 5167
bfaf8c9f
JH		 5168 /* Nothing needed here if there's a pending command since that
5169 * commands request completion callback takes care of everything
5170 * necessary.
5171 */
5172 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5173 return;
bfaf8c9f 5174
bd107999
JH		 5175 /* Powering off may clear the scan mode - don't let that interfere */
5176 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5177 return;
5178
9a43e25f 5179 if (discoverable) {
86a75645 5180 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5181 } else {
5182 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5183 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5184 }
5185
5186 if (changed) {
5187 struct hci_request req;
5188
5189 /* In case this change in discoverable was triggered by
5190 * a disabling of connectable there could be a need to
5191 * update the advertising flags.
5192 */
5193 hci_req_init(&req, hdev);
5194 update_adv_data(&req);
5195 hci_req_run(&req, NULL);
73f22f62 5196
86a75645 5197 new_settings(hdev, NULL);
9a43e25f 5198 }
73f22f62 5199}
9fbcbb45 5200
a330916c 5201void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5202{
a330916c 5203 bool changed;
9fbcbb45 5204
d7b856f9
JH		 5205 /* Nothing needed here if there's a pending command since that
5206 * commands request completion callback takes care of everything
5207 * necessary.
5208 */
5209 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5210 return;
d7b856f9 5211
ce3f24cf
JH		 5212 /* Powering off may clear the scan mode - don't let that interfere */
5213 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5214 return;
5215
a330916c
MH		 5216 if (connectable)
5217 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5218 else
5219 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5220
beadb2bd 5221 if (changed)
a330916c 5222 new_settings(hdev, NULL);
9fbcbb45 5223}
55ed8ca1 5224
778b235a
JH		 5225void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5226{
7c4cfab8
JH		 5227 /* Powering off may stop advertising - don't let that interfere */
5228 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5229 return;
5230
778b235a
JH		 5231 if (advertising)
5232 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5233 else
5234 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5235}
5236
4796e8af 5237void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5238{
ca69b795
JH		 5239 u8 mgmt_err = mgmt_status(status);
5240
2d7cee58 5241 if (scan & SCAN_PAGE)
744cf19e 5242 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5243 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5244
5245 if (scan & SCAN_INQUIRY)
744cf19e 5246 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5247 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5248}
5249
dc4a5ee2
MH		 5250void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5251 bool persistent)
55ed8ca1 5252{
86742e1e 5253 struct mgmt_ev_new_link_key ev;
55ed8ca1 5254
a492cd52 5255 memset(&ev, 0, sizeof(ev));
55ed8ca1 5256
a492cd52 5257 ev.store_hint = persistent;
d753fdc4 5258 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5259 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5260 ev.key.type = key->type;
9b3b4460 5261 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5262 ev.key.pin_len = key->pin_len;
55ed8ca1 5263
dc4a5ee2 5264 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5265}
f7520543 5266
d7b25450
JH		 5267static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5268{
5269 if (ltk->authenticated)
5270 return MGMT_LTK_AUTHENTICATED;
5271
5272 return MGMT_LTK_UNAUTHENTICATED;
5273}
5274
53ac6ab6 5275void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5276{
5277 struct mgmt_ev_new_long_term_key ev;
5278
5279 memset(&ev, 0, sizeof(ev));
5280
5192d301
MH		 5281 /* Devices using resolvable or non-resolvable random addresses
5282 * without providing an indentity resolving key don't require
5283 * to store long term keys. Their addresses will change the
5284 * next time around.
5285 *
5286 * Only when a remote device provides an identity address
5287 * make sure the long term key is stored. If the remote
5288 * identity is known, the long term keys are internally
5289 * mapped to the identity address. So allow static random
5290 * and public addresses here.
5291 */
ba74b666
JH		 5292 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5293 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5294 ev.store_hint = 0x00;
5295 else
53ac6ab6 5296 ev.store_hint = persistent;
ba74b666 5297
346af67b 5298 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5299 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5300 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5301 ev.key.enc_size = key->enc_size;
5302 ev.key.ediv = key->ediv;
fe39c7b2 5303 ev.key.rand = key->rand;
346af67b 5304
2ceba539 5305 if (key->type == SMP_LTK)
346af67b
VCG		 5306 ev.key.master = 1;
5307
346af67b
VCG		 5308 memcpy(ev.key.val, key->val, sizeof(key->val));
5309
083368f7 5310 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5311}
5312
95fbac8a
JH		 5313void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5314{
5315 struct mgmt_ev_new_irk ev;
5316
5317 memset(&ev, 0, sizeof(ev));
5318
bab6d1e5
MH		 5319 /* For identity resolving keys from devices that are already
5320 * using a public address or static random address, do not
5321 * ask for storing this key. The identity resolving key really
5322 * is only mandatory for devices using resovlable random
5323 * addresses.
5324 *
5325 * Storing all identity resolving keys has the downside that
5326 * they will be also loaded on next boot of they system. More
5327 * identity resolving keys, means more time during scanning is
5328 * needed to actually resolve these addresses.
5329 */
5330 if (bacmp(&irk->rpa, BDADDR_ANY))
5331 ev.store_hint = 0x01;
5332 else
5333 ev.store_hint = 0x00;
5334
95fbac8a
JH		 5335 bacpy(&ev.rpa, &irk->rpa);
5336 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5337 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5338 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5339
5340 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5341}
5342
53ac6ab6
MH		 5343void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5344 bool persistent)
7ee4ea36
MH		 5345{
5346 struct mgmt_ev_new_csrk ev;
5347
5348 memset(&ev, 0, sizeof(ev));
5349
5350 /* Devices using resolvable or non-resolvable random addresses
5351 * without providing an indentity resolving key don't require
5352 * to store signature resolving keys. Their addresses will change
5353 * the next time around.
5354 *
5355 * Only when a remote device provides an identity address
5356 * make sure the signature resolving key is stored. So allow
5357 * static random and public addresses here.
5358 */
5359 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5360 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5361 ev.store_hint = 0x00;
5362 else
53ac6ab6 5363 ev.store_hint = persistent;
7ee4ea36
MH		 5364
5365 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5366 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5367 ev.key.master = csrk->master;
5368 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5369
5370 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5371}
5372
94933991
MH		 5373static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5374 u8 data_len)
5375{
5376 eir[eir_len++] = sizeof(type) + data_len;
5377 eir[eir_len++] = type;
5378 memcpy(&eir[eir_len], data, data_len);
5379 eir_len += data_len;
5380
5381 return eir_len;
5382}
5383
ecd90ae7
MH		 5384void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5385 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5386 u8 *dev_class)
f7520543 5387{
b644ba33
JH		 5388 char buf[512];
5389 struct mgmt_ev_device_connected *ev = (void *) buf;
5390 u16 eir_len = 0;
f7520543 5391
b644ba33 5392 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5393 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5394
c95f0ba7 5395 ev->flags = __cpu_to_le32(flags);
08c79b61 5396
b644ba33
JH		 5397 if (name_len > 0)
5398 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5399 name, name_len);
b644ba33
JH		 5400
5401 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5402 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5403 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5404
eb55ef07 5405 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5406
ecd90ae7
MH		 5407 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5408 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5409}
5410
8962ee74
JH		 5411static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5412{
c68fb7ff 5413 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5414 struct sock **sk = data;
a38528f1 5415 struct mgmt_rp_disconnect rp;
8962ee74 5416
88c3df13
JH		 5417 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5418 rp.addr.type = cp->addr.type;
8962ee74 5419
aee9b218 5420 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5421 sizeof(rp));
8962ee74
JH		 5422
5423 *sk = cmd->sk;
5424 sock_hold(*sk);
5425
a664b5bc 5426 mgmt_pending_remove(cmd);
8962ee74
JH		 5427}
5428
124f6e35 5429static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5430{
b1078ad0 5431 struct hci_dev *hdev = data;
124f6e35
JH		 5432 struct mgmt_cp_unpair_device *cp = cmd->param;
5433 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5434
5435 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5436 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5437 rp.addr.type = cp->addr.type;
a8a1d19e 5438
b1078ad0
JH		 5439 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5440
aee9b218 5441 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5442
5443 mgmt_pending_remove(cmd);
5444}
5445
9b80ec5e 5446void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5447 u8 link_type, u8 addr_type, u8 reason,
5448 bool mgmt_connected)
f7520543 5449{
f0d6a0ea 5450 struct mgmt_ev_device_disconnected ev;
8b064a3a 5451 struct pending_cmd *power_off;
8962ee74 5452 struct sock *sk = NULL;
8962ee74 5453
8b064a3a
JH		 5454 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5455 if (power_off) {
5456 struct mgmt_mode *cp = power_off->param;
5457
5458 /* The connection is still in hci_conn_hash so test for 1
5459 * instead of 0 to know if this is the last one.
5460 */
a3172b7e
JH		 5461 if (!cp->val && hci_conn_count(hdev) == 1) {
5462 cancel_delayed_work(&hdev->power_off);
8b064a3a 5463 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5464 }
8b064a3a
JH		 5465 }
5466
12d4a3b2
JH		 5467 if (!mgmt_connected)
5468 return;
5469
57eb776f
AG		 5470 if (link_type != ACL_LINK && link_type != LE_LINK)
5471 return;
5472
744cf19e 5473 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5474
f0d6a0ea
MA		 5475 bacpy(&ev.addr.bdaddr, bdaddr);
5476 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5477 ev.reason = reason;
f7520543 5478
9b80ec5e 5479 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5480
5481 if (sk)
d97dcb66 5482 sock_put(sk);
8962ee74 5483
124f6e35 5484 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5485 hdev);
8962ee74
JH		 5486}
5487
7892924c
MH		 5488void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5489 u8 link_type, u8 addr_type, u8 status)
8962ee74 5490{
3655bba8
AG		 5491 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5492 struct mgmt_cp_disconnect *cp;
88c3df13 5493 struct mgmt_rp_disconnect rp;
8962ee74 5494 struct pending_cmd *cmd;
8962ee74 5495
36a75f1b
JD		 5496 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5497 hdev);
5498
2e58ef3e 5499 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5500 if (!cmd)
7892924c 5501 return;
8962ee74 5502
3655bba8
AG		 5503 cp = cmd->param;
5504
5505 if (bacmp(bdaddr, &cp->addr.bdaddr))
5506 return;
5507
5508 if (cp->addr.type != bdaddr_type)
5509 return;
5510
88c3df13 5511 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5512 rp.addr.type = bdaddr_type;
37d9ef76 5513
7892924c
MH		 5514 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5515 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5516
a664b5bc 5517 mgmt_pending_remove(cmd);
f7520543 5518}
17d5c04c 5519
445608d0
MH		 5520void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5521 u8 addr_type, u8 status)
17d5c04c
JH		 5522{
5523 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5524 struct pending_cmd *power_off;
5525
5526 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5527 if (power_off) {
5528 struct mgmt_mode *cp = power_off->param;
5529
5530 /* The connection is still in hci_conn_hash so test for 1
5531 * instead of 0 to know if this is the last one.
5532 */
a3172b7e
JH		 5533 if (!cp->val && hci_conn_count(hdev) == 1) {
5534 cancel_delayed_work(&hdev->power_off);
c9910d0f 5535 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5536 }
c9910d0f 5537 }
17d5c04c 5538
4c659c39 5539 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5540 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5541 ev.status = mgmt_status(status);
17d5c04c 5542
445608d0 5543 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5544}
980e1a53 5545
ce0e4a0d 5546void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5547{
5548 struct mgmt_ev_pin_code_request ev;
5549
d8457698 5550 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5551 ev.addr.type = BDADDR_BREDR;
a770bb5a 5552 ev.secure = secure;
980e1a53 5553
ce0e4a0d 5554 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5555}
5556
e669cf80
MH		 5557void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5558 u8 status)
980e1a53
JH		 5559{
5560 struct pending_cmd *cmd;
ac56fb13 5561 struct mgmt_rp_pin_code_reply rp;
980e1a53 5562
2e58ef3e 5563 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5564 if (!cmd)
e669cf80 5565 return;
980e1a53 5566
d8457698 5567 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5568 rp.addr.type = BDADDR_BREDR;
ac56fb13 5569
e669cf80
MH		 5570 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5571 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5572
a664b5bc 5573 mgmt_pending_remove(cmd);
980e1a53
JH		 5574}
5575
3eb38528
MH		 5576void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5577 u8 status)
980e1a53
JH		 5578{
5579 struct pending_cmd *cmd;
ac56fb13 5580 struct mgmt_rp_pin_code_reply rp;
980e1a53 5581
2e58ef3e 5582 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5583 if (!cmd)
3eb38528 5584 return;
980e1a53 5585
d8457698 5586 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5587 rp.addr.type = BDADDR_BREDR;
ac56fb13 5588
3eb38528
MH		 5589 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5590 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5591
a664b5bc 5592 mgmt_pending_remove(cmd);
980e1a53 5593}
a5c29683 5594
744cf19e 5595int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5596 u8 link_type, u8 addr_type, u32 value,
04124681 5597 u8 confirm_hint)
a5c29683
JH		 5598{
5599 struct mgmt_ev_user_confirm_request ev;
5600
744cf19e 5601 BT_DBG("%s", hdev->name);
a5c29683 5602
272d90df 5603 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5604 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5605 ev.confirm_hint = confirm_hint;
39adbffe 5606 ev.value = cpu_to_le32(value);
a5c29683 5607
744cf19e 5608 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5609 NULL);
a5c29683
JH		 5610}
5611
272d90df 5612int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5613 u8 link_type, u8 addr_type)
604086b7
BG		 5614{
5615 struct mgmt_ev_user_passkey_request ev;
5616
5617 BT_DBG("%s", hdev->name);
5618
272d90df 5619 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5620 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5621
5622 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5623 NULL);
604086b7
BG		 5624}
5625
0df4c185 5626static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5627 u8 link_type, u8 addr_type, u8 status,
5628 u8 opcode)
a5c29683
JH		 5629{
5630 struct pending_cmd *cmd;
5631 struct mgmt_rp_user_confirm_reply rp;
5632 int err;
5633
2e58ef3e 5634 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5635 if (!cmd)
5636 return -ENOENT;
5637
272d90df 5638 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5639 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5640 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5641 &rp, sizeof(rp));
a5c29683 5642
a664b5bc 5643 mgmt_pending_remove(cmd);
a5c29683
JH		 5644
5645 return err;
5646}
5647
744cf19e 5648int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5649 u8 link_type, u8 addr_type, u8 status)
a5c29683 5650{
272d90df 5651 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5652 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5653}
5654
272d90df 5655int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5656 u8 link_type, u8 addr_type, u8 status)
a5c29683 5657{
272d90df 5658 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5659 status,
5660 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5661}
2a611692 5662
604086b7 5663int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5664 u8 link_type, u8 addr_type, u8 status)
604086b7 5665{
272d90df 5666 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5667 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5668}
5669
272d90df 5670int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5671 u8 link_type, u8 addr_type, u8 status)
604086b7 5672{
272d90df 5673 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5674 status,
5675 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5676}
5677
92a25256
JH		 5678int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5679 u8 link_type, u8 addr_type, u32 passkey,
5680 u8 entered)
5681{
5682 struct mgmt_ev_passkey_notify ev;
5683
5684 BT_DBG("%s", hdev->name);
5685
5686 bacpy(&ev.addr.bdaddr, bdaddr);
5687 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5688 ev.passkey = __cpu_to_le32(passkey);
5689 ev.entered = entered;
5690
5691 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5692}
5693
e546099c
MH		 5694void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5695 u8 addr_type, u8 status)
2a611692
JH		 5696{
5697 struct mgmt_ev_auth_failed ev;
5698
bab73cb6 5699 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5700 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5701 ev.status = mgmt_status(status);
2a611692 5702
e546099c 5703 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5704}
b312b161 5705
464996ae 5706void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5707{
5708 struct cmd_lookup match = { NULL, hdev };
464996ae 5709 bool changed;
33ef95ed
JH		 5710
5711 if (status) {
5712 u8 mgmt_err = mgmt_status(status);
5713 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5714 cmd_status_rsp, &mgmt_err);
464996ae 5715 return;
33ef95ed
JH		 5716 }
5717
464996ae
MH		 5718 if (test_bit(HCI_AUTH, &hdev->flags))
5719 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5720 &hdev->dev_flags);
5721 else
5722 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5723 &hdev->dev_flags);
47990ea0 5724
33ef95ed 5725 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5726 &match);
33ef95ed 5727
47990ea0 5728 if (changed)
464996ae 5729 new_settings(hdev, match.sk);
33ef95ed
JH		 5730
5731 if (match.sk)
5732 sock_put(match.sk);
33ef95ed
JH		 5733}
5734
890ea898 5735static void clear_eir(struct hci_request *req)
cacaf52f 5736{
890ea898 5737 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5738 struct hci_cp_write_eir cp;
5739
976eb20e 5740 if (!lmp_ext_inq_capable(hdev))
890ea898 5741 return;
cacaf52f 5742
c80da27e
JH		 5743 memset(hdev->eir, 0, sizeof(hdev->eir));
5744
cacaf52f
JH		 5745 memset(&cp, 0, sizeof(cp));
5746
890ea898 5747 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5748}
5749
3e248560 5750void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5751{
5752 struct cmd_lookup match = { NULL, hdev };
890ea898 5753 struct hci_request req;
c0ecddc2 5754 bool changed = false;
ed2c4ee3
JH		 5755
5756 if (status) {
5757 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5758
5759 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5760 &hdev->dev_flags)) {
5761 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5762 new_settings(hdev, NULL);
9ecb3e24 5763 }
c0ecddc2 5764
04124681
GP		 5765 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5766 &mgmt_err);
3e248560 5767 return;
c0ecddc2
JH		 5768 }
5769
5770 if (enable) {
9ecb3e24 5771 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5772 } else {
9ecb3e24
MH		 5773 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5774 if (!changed)
5775 changed = test_and_clear_bit(HCI_HS_ENABLED,
5776 &hdev->dev_flags);
5777 else
5778 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5779 }
5780
5781 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5782
c0ecddc2 5783 if (changed)
3e248560 5784 new_settings(hdev, match.sk);
ed2c4ee3 5785
5fc6ebb1 5786 if (match.sk)
ed2c4ee3
JH		 5787 sock_put(match.sk);
5788
890ea898
JH		 5789 hci_req_init(&req, hdev);
5790
3769972b
JH		 5791 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5792 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
5793 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
5794 sizeof(enable), &enable);
890ea898 5795 update_eir(&req);
3769972b 5796 } else {
890ea898 5797 clear_eir(&req);
3769972b 5798 }
890ea898
JH		 5799
5800 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5801}
5802
eac83dc6
MH		 5803void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5804{
5805 struct cmd_lookup match = { NULL, hdev };
5806 bool changed = false;
5807
5808 if (status) {
5809 u8 mgmt_err = mgmt_status(status);
5810
0ab04a9c
MH		 5811 if (enable) {
5812 if (test_and_clear_bit(HCI_SC_ENABLED,
5813 &hdev->dev_flags))
5814 new_settings(hdev, NULL);
5815 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5816 }
eac83dc6
MH		 5817
5818 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5819 cmd_status_rsp, &mgmt_err);
5820 return;
5821 }
5822
0ab04a9c 5823 if (enable) {
eac83dc6 5824 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5825 } else {
eac83dc6 5826 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5827 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5828 }
eac83dc6
MH		 5829
5830 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5831 settings_rsp, &match);
5832
5833 if (changed)
5834 new_settings(hdev, match.sk);
5835
5836 if (match.sk)
5837 sock_put(match.sk);
5838}
5839
92da6097 5840static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5841{
5842 struct cmd_lookup *match = data;
5843
90e70454
JH		 5844 if (match->sk == NULL) {
5845 match->sk = cmd->sk;
5846 sock_hold(match->sk);
5847 }
90e70454
JH		 5848}
5849
4e1b0245
MH		 5850void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5851 u8 status)
7f9a903c 5852{
90e70454 5853 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5854
92da6097
JH		 5855 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5856 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5857 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5858
5859 if (!status)
4e1b0245
MH		 5860 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5861 NULL);
90e70454
JH		 5862
5863 if (match.sk)
5864 sock_put(match.sk);
7f9a903c
MH		 5865}
5866
7667da34 5867void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5868{
b312b161 5869 struct mgmt_cp_set_local_name ev;
13928971 5870 struct pending_cmd *cmd;
28cc7bde 5871
13928971 5872 if (status)
7667da34 5873 return;
b312b161
JH		 5874
5875 memset(&ev, 0, sizeof(ev));
5876 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5877 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5878
2e58ef3e 5879 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5880 if (!cmd) {
5881 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5882
13928971
JH		 5883 /* If this is a HCI command related to powering on the
5884 * HCI dev don't send any mgmt signals.
5885 */
5886 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5887 return;
890ea898 5888 }
b312b161 5889
7667da34
MH		 5890 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5891 cmd ? cmd->sk : NULL);
b312b161 5892}
c35938b2 5893
4d2d2796
MH		 5894void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5895 u8 *randomizer192, u8 *hash256,
5896 u8 *randomizer256, u8 status)
c35938b2
SJ		 5897{
5898 struct pending_cmd *cmd;
c35938b2 5899
744cf19e 5900 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5901
2e58ef3e 5902 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5903 if (!cmd)
3edaf092 5904 return;
c35938b2
SJ		 5905
5906 if (status) {
3edaf092
MH		 5907 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5908 mgmt_status(status));
c35938b2 5909 } else {
4d2d2796
MH		 5910 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5911 hash256 && randomizer256) {
5912 struct mgmt_rp_read_local_oob_ext_data rp;
5913
5914 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5915 memcpy(rp.randomizer192, randomizer192,
5916 sizeof(rp.randomizer192));
c35938b2 5917
4d2d2796
MH		 5918 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5919 memcpy(rp.randomizer256, randomizer256,
5920 sizeof(rp.randomizer256));
c35938b2 5921
4d2d2796
MH		 5922 cmd_complete(cmd->sk, hdev->id,
5923 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5924 &rp, sizeof(rp));
5925 } else {
5926 struct mgmt_rp_read_local_oob_data rp;
5927
5928 memcpy(rp.hash, hash192, sizeof(rp.hash));
5929 memcpy(rp.randomizer, randomizer192,
5930 sizeof(rp.randomizer));
5931
5932 cmd_complete(cmd->sk, hdev->id,
5933 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5934 &rp, sizeof(rp));
5935 }
c35938b2
SJ		 5936 }
5937
5938 mgmt_pending_remove(cmd);
c35938b2 5939}
e17acd40 5940
901801b9 5941void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 5942 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5943 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 5944 u8 scan_rsp_len)
e17acd40 5945{
e319d2e7
JH		 5946 char buf[512];
5947 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5948 struct smp_irk *irk;
1dc06093 5949 size_t ev_size;
e17acd40 5950
12602d0c 5951 if (!hci_discovery_active(hdev))
901801b9 5952 return;
12602d0c 5953
5d2e9fad
JH		 5954 /* Make sure that the buffer is big enough. The 5 extra bytes
5955 * are for the potential CoD field.
5956 */
5957 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 5958 return;
7d262f86 5959
1dc06093
JH		 5960 memset(buf, 0, sizeof(buf));
5961
5cedbb8d
JH		 5962 irk = hci_get_irk(hdev, bdaddr, addr_type);
5963 if (irk) {
5964 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5965 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5966 } else {
5967 bacpy(&ev->addr.bdaddr, bdaddr);
5968 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5969 }
5970
e319d2e7 5971 ev->rssi = rssi;
9a395a80 5972 if (cfm_name)
dcf4adbf 5973 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5974 if (!ssp)
dcf4adbf 5975 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5976
1dc06093 5977 if (eir_len > 0)
e319d2e7 5978 memcpy(ev->eir, eir, eir_len);
e17acd40 5979
1dc06093
JH		 5980 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5981 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5982 dev_class, 3);
1dc06093 5983
5d2e9fad
JH		 5984 if (scan_rsp_len > 0)
5985 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5986
5987 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5988 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 5989
901801b9 5990 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5991}
a88a9652 5992
9cf12aee
MH		 5993void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5994 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5995{
b644ba33
JH		 5996 struct mgmt_ev_device_found *ev;
5997 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5998 u16 eir_len;
a88a9652 5999
b644ba33 6000 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6001
b644ba33
JH		 6002 memset(buf, 0, sizeof(buf));
6003
6004 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6005 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6006 ev->rssi = rssi;
6007
6008 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6009 name_len);
b644ba33 6010
eb55ef07 6011 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6012
9cf12aee 6013 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6014}
314b2381 6015
2f1e063b 6016void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6017{
f963e8e9 6018 struct mgmt_ev_discovering ev;
164a6e78
JH		 6019 struct pending_cmd *cmd;
6020
343fb145
AG		 6021 BT_DBG("%s discovering %u", hdev->name, discovering);
6022
164a6e78 6023 if (discovering)
2e58ef3e 6024 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6025 else
2e58ef3e 6026 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6027
6028 if (cmd != NULL) {
f808e166
JH		 6029 u8 type = hdev->discovery.type;
6030
04124681
GP		 6031 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6032 sizeof(type));
164a6e78
JH		 6033 mgmt_pending_remove(cmd);
6034 }
6035
f963e8e9
JH		 6036 memset(&ev, 0, sizeof(ev));
6037 ev.type = hdev->discovery.type;
6038 ev.discovering = discovering;
6039
2f1e063b 6040 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6041}
5e762444 6042
88c1fe4b 6043int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6044{
6045 struct pending_cmd *cmd;
6046 struct mgmt_ev_device_blocked ev;
6047
2e58ef3e 6048 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 6049
88c1fe4b
JH		 6050 bacpy(&ev.addr.bdaddr, bdaddr);
6051 ev.addr.type = type;
5e762444 6052
744cf19e 6053 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 6054 cmd ? cmd->sk : NULL);
5e762444
AJ		 6055}
6056
88c1fe4b 6057int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6058{
6059 struct pending_cmd *cmd;
6060 struct mgmt_ev_device_unblocked ev;
6061
2e58ef3e 6062 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 6063
88c1fe4b
JH		 6064 bacpy(&ev.addr.bdaddr, bdaddr);
6065 ev.addr.type = type;
5e762444 6066
744cf19e 6067 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 6068 cmd ? cmd->sk : NULL);
5e762444 6069}
5976e608
MH		 6070
6071static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6072{
6073 BT_DBG("%s status %u", hdev->name, status);
6074
6075 /* Clear the advertising mgmt setting if we failed to re-enable it */
6076 if (status) {
6077 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6078 new_settings(hdev, NULL);
5976e608
MH		 6079 }
6080}
6081
6082void mgmt_reenable_advertising(struct hci_dev *hdev)
6083{
6084 struct hci_request req;
6085
b145edcd 6086 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6087 return;
6088
6089 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6090 return;
6091
6092 hci_req_init(&req, hdev);
6093 enable_advertising(&req);
6094
6095 /* If this fails we have no option but to let user space know
6096 * that we've disabled advertising.
6097 */
6098 if (hci_req_run(&req, adv_enable_complete) < 0) {
6099 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6100 new_settings(hdev, NULL);
5976e608
MH		 6101 }
6102}
Linux kernel - Deliverables
This page took 1.314857 seconds and 5 git commands to generate.