projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Limit BR/EDR switching for LE only with secure connections
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236 34
0857dd3b 35#include "hci_request.h"
ac4b7236 36#include "smp.h"
0381101f 37
2da9c55c 38#define MGMT_VERSION 1
854bda19 39#define MGMT_REVISION 8
02d98129 40
e70bb2e8
JH		 41static const u16 mgmt_commands[] = {
42 MGMT_OP_READ_INDEX_LIST,
43 MGMT_OP_READ_INFO,
44 MGMT_OP_SET_POWERED,
45 MGMT_OP_SET_DISCOVERABLE,
46 MGMT_OP_SET_CONNECTABLE,
47 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 48 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 49 MGMT_OP_SET_LINK_SECURITY,
50 MGMT_OP_SET_SSP,
51 MGMT_OP_SET_HS,
52 MGMT_OP_SET_LE,
53 MGMT_OP_SET_DEV_CLASS,
54 MGMT_OP_SET_LOCAL_NAME,
55 MGMT_OP_ADD_UUID,
56 MGMT_OP_REMOVE_UUID,
57 MGMT_OP_LOAD_LINK_KEYS,
58 MGMT_OP_LOAD_LONG_TERM_KEYS,
59 MGMT_OP_DISCONNECT,
60 MGMT_OP_GET_CONNECTIONS,
61 MGMT_OP_PIN_CODE_REPLY,
62 MGMT_OP_PIN_CODE_NEG_REPLY,
63 MGMT_OP_SET_IO_CAPABILITY,
64 MGMT_OP_PAIR_DEVICE,
65 MGMT_OP_CANCEL_PAIR_DEVICE,
66 MGMT_OP_UNPAIR_DEVICE,
67 MGMT_OP_USER_CONFIRM_REPLY,
68 MGMT_OP_USER_CONFIRM_NEG_REPLY,
69 MGMT_OP_USER_PASSKEY_REPLY,
70 MGMT_OP_USER_PASSKEY_NEG_REPLY,
71 MGMT_OP_READ_LOCAL_OOB_DATA,
72 MGMT_OP_ADD_REMOTE_OOB_DATA,
73 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
74 MGMT_OP_START_DISCOVERY,
75 MGMT_OP_STOP_DISCOVERY,
76 MGMT_OP_CONFIRM_NAME,
77 MGMT_OP_BLOCK_DEVICE,
78 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 79 MGMT_OP_SET_DEVICE_ID,
4375f103 80 MGMT_OP_SET_ADVERTISING,
0663ca2a 81 MGMT_OP_SET_BREDR,
d13eafce 82 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 83 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 84 MGMT_OP_SET_SECURE_CONN,
4e39ac81 85 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 86 MGMT_OP_SET_PRIVACY,
41edf160 87 MGMT_OP_LOAD_IRKS,
dd983808 88 MGMT_OP_GET_CONN_INFO,
95868426 89 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 90 MGMT_OP_ADD_DEVICE,
91 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 92 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 93 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 94 MGMT_OP_READ_CONFIG_INFO,
dbece37a 95 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 96 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 97 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 98};
99
100static const u16 mgmt_events[] = {
101 MGMT_EV_CONTROLLER_ERROR,
102 MGMT_EV_INDEX_ADDED,
103 MGMT_EV_INDEX_REMOVED,
104 MGMT_EV_NEW_SETTINGS,
105 MGMT_EV_CLASS_OF_DEV_CHANGED,
106 MGMT_EV_LOCAL_NAME_CHANGED,
107 MGMT_EV_NEW_LINK_KEY,
108 MGMT_EV_NEW_LONG_TERM_KEY,
109 MGMT_EV_DEVICE_CONNECTED,
110 MGMT_EV_DEVICE_DISCONNECTED,
111 MGMT_EV_CONNECT_FAILED,
112 MGMT_EV_PIN_CODE_REQUEST,
113 MGMT_EV_USER_CONFIRM_REQUEST,
114 MGMT_EV_USER_PASSKEY_REQUEST,
115 MGMT_EV_AUTH_FAILED,
116 MGMT_EV_DEVICE_FOUND,
117 MGMT_EV_DISCOVERING,
118 MGMT_EV_DEVICE_BLOCKED,
119 MGMT_EV_DEVICE_UNBLOCKED,
120 MGMT_EV_DEVICE_UNPAIRED,
92a25256 121 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 122 MGMT_EV_NEW_IRK,
7ee4ea36 123 MGMT_EV_NEW_CSRK,
8afef092
MH		 124 MGMT_EV_DEVICE_ADDED,
125 MGMT_EV_DEVICE_REMOVED,
ffb5a827 126 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 127 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 128 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 129 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 130};
131
17b02e62 132#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 133
eec8d2bc
JH		 134struct pending_cmd {
135 struct list_head list;
fc2f4b13 136 u16 opcode;
eec8d2bc 137 int index;
c68fb7ff 138 void *param;
323b0b88 139 size_t param_len;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
9df74653 142 int (*cmd_complete)(struct pending_cmd *cmd, u8 status);
eec8d2bc
JH		 143};
144
ca69b795
JH		 145/* HCI to MGMT error code conversion table */
146static u8 mgmt_status_table[] = {
147 MGMT_STATUS_SUCCESS,
148 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
149 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
150 MGMT_STATUS_FAILED, /* Hardware Failure */
151 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
152 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 153 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 154 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
155 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
157 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
158 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
159 MGMT_STATUS_BUSY, /* Command Disallowed */
160 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
161 MGMT_STATUS_REJECTED, /* Rejected Security */
162 MGMT_STATUS_REJECTED, /* Rejected Personal */
163 MGMT_STATUS_TIMEOUT, /* Host Timeout */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
165 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
166 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
167 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
168 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
169 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
170 MGMT_STATUS_BUSY, /* Repeated Attempts */
171 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
172 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
173 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
174 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
175 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
176 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
177 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
178 MGMT_STATUS_FAILED, /* Unspecified Error */
179 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
180 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
181 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
182 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
183 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
184 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
185 MGMT_STATUS_FAILED, /* Unit Link Key Used */
186 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
187 MGMT_STATUS_TIMEOUT, /* Instant Passed */
188 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
189 MGMT_STATUS_FAILED, /* Transaction Collision */
190 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
191 MGMT_STATUS_REJECTED, /* QoS Rejected */
192 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
193 MGMT_STATUS_REJECTED, /* Insufficient Security */
194 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
195 MGMT_STATUS_BUSY, /* Role Switch Pending */
196 MGMT_STATUS_FAILED, /* Slot Violation */
197 MGMT_STATUS_FAILED, /* Role Switch Failed */
198 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
199 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
200 MGMT_STATUS_BUSY, /* Host Busy Pairing */
201 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
202 MGMT_STATUS_BUSY, /* Controller Busy */
203 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
204 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
205 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
206 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
207 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
208};
209
210static u8 mgmt_status(u8 hci_status)
211{
212 if (hci_status < ARRAY_SIZE(mgmt_status_table))
213 return mgmt_status_table[hci_status];
214
215 return MGMT_STATUS_FAILED;
216}
217
04c60f05
MH		 218static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
219 struct sock *skip_sk)
220{
221 struct sk_buff *skb;
222 struct mgmt_hdr *hdr;
223
224 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
225 if (!skb)
226 return -ENOMEM;
227
228 hdr = (void *) skb_put(skb, sizeof(*hdr));
229 hdr->opcode = cpu_to_le16(event);
230 if (hdev)
231 hdr->index = cpu_to_le16(hdev->id);
232 else
233 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
234 hdr->len = cpu_to_le16(data_len);
235
236 if (data)
237 memcpy(skb_put(skb, data_len), data, data_len);
238
239 /* Time stamp */
240 __net_timestamp(skb);
241
242 hci_send_to_control(skb, skip_sk);
243 kfree_skb(skb);
244
245 return 0;
246}
247
4e51eae9 248static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 249{
250 struct sk_buff *skb;
251 struct mgmt_hdr *hdr;
252 struct mgmt_ev_cmd_status *ev;
56b7d137 253 int err;
f7b64e69 254
34eb525c 255 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 256
790eff44 257 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 258 if (!skb)
259 return -ENOMEM;
260
261 hdr = (void *) skb_put(skb, sizeof(*hdr));
262
dcf4adbf 263 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 264 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 265 hdr->len = cpu_to_le16(sizeof(*ev));
266
267 ev = (void *) skb_put(skb, sizeof(*ev));
268 ev->status = status;
eb55ef07 269 ev->opcode = cpu_to_le16(cmd);
f7b64e69 270
56b7d137
GP		 271 err = sock_queue_rcv_skb(sk, skb);
272 if (err < 0)
f7b64e69
JH		 273 kfree_skb(skb);
274
56b7d137 275 return err;
f7b64e69
JH		 276}
277
aee9b218 278static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 279 void *rp, size_t rp_len)
02d98129
JH		 280{
281 struct sk_buff *skb;
282 struct mgmt_hdr *hdr;
283 struct mgmt_ev_cmd_complete *ev;
56b7d137 284 int err;
02d98129
JH		 285
286 BT_DBG("sock %p", sk);
287
790eff44 288 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 289 if (!skb)
290 return -ENOMEM;
291
292 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 293
dcf4adbf 294 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 295 hdr->index = cpu_to_le16(index);
a38528f1 296 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 297
a38528f1 298 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 299 ev->opcode = cpu_to_le16(cmd);
aee9b218 300 ev->status = status;
8020c16a
SJ		 301
302 if (rp)
303 memcpy(ev->data, rp, rp_len);
02d98129 304
56b7d137
GP		 305 err = sock_queue_rcv_skb(sk, skb);
306 if (err < 0)
02d98129
JH		 307 kfree_skb(skb);
308
e5f0e151 309 return err;
02d98129
JH		 310}
311
04124681
GP		 312static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
a38528f1
JH		 314{
315 struct mgmt_rp_read_version rp;
316
317 BT_DBG("sock %p", sk);
318
319 rp.version = MGMT_VERSION;
dcf4adbf 320 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 321
aee9b218 322 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 323 sizeof(rp));
a38528f1
JH		 324}
325
04124681
GP		 326static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
327 u16 data_len)
e70bb2e8
JH		 328{
329 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 330 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
331 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 332 __le16 *opcode;
e70bb2e8
JH		 333 size_t rp_size;
334 int i, err;
335
336 BT_DBG("sock %p", sk);
337
338 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
339
340 rp = kmalloc(rp_size, GFP_KERNEL);
341 if (!rp)
342 return -ENOMEM;
343
dcf4adbf
JP		 344 rp->num_commands = cpu_to_le16(num_commands);
345 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 346
347 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
348 put_unaligned_le16(mgmt_commands[i], opcode);
349
350 for (i = 0; i < num_events; i++, opcode++)
351 put_unaligned_le16(mgmt_events[i], opcode);
352
aee9b218 353 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 354 rp_size);
e70bb2e8
JH		 355 kfree(rp);
356
357 return err;
358}
359
04124681
GP		 360static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
361 u16 data_len)
faba42eb 362{
faba42eb 363 struct mgmt_rp_read_index_list *rp;
8035ded4 364 struct hci_dev *d;
a38528f1 365 size_t rp_len;
faba42eb 366 u16 count;
476e44cb 367 int err;
faba42eb
JH		 368
369 BT_DBG("sock %p", sk);
370
371 read_lock(&hci_dev_list_lock);
372
373 count = 0;
bb4b2a9a 374 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 375 if (d->dev_type == HCI_BREDR &&
376 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 377 count++;
faba42eb
JH		 378 }
379
a38528f1
JH		 380 rp_len = sizeof(*rp) + (2 * count);
381 rp = kmalloc(rp_len, GFP_ATOMIC);
382 if (!rp) {
b2c60d42 383 read_unlock(&hci_dev_list_lock);
faba42eb 384 return -ENOMEM;
b2c60d42 385 }
faba42eb 386
476e44cb 387 count = 0;
8035ded4 388 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 389 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 390 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 391 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 392 continue;
393
73d1df2a
MH		 394 /* Devices marked as raw-only are neither configured
395 * nor unconfigured controllers.
396 */
397 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 398 continue;
399
73d1df2a
MH		 400 if (d->dev_type == HCI_BREDR &&
401 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 402 rp->index[count++] = cpu_to_le16(d->id);
403 BT_DBG("Added hci%u", d->id);
404 }
faba42eb
JH		 405 }
406
476e44cb
JH		 407 rp->num_controllers = cpu_to_le16(count);
408 rp_len = sizeof(*rp) + (2 * count);
409
faba42eb
JH		 410 read_unlock(&hci_dev_list_lock);
411
aee9b218 412 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 413 rp_len);
faba42eb 414
a38528f1
JH		 415 kfree(rp);
416
417 return err;
faba42eb
JH		 418}
419
73d1df2a
MH		 420static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
421 void *data, u16 data_len)
422{
423 struct mgmt_rp_read_unconf_index_list *rp;
424 struct hci_dev *d;
425 size_t rp_len;
426 u16 count;
427 int err;
428
429 BT_DBG("sock %p", sk);
430
431 read_lock(&hci_dev_list_lock);
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
435 if (d->dev_type == HCI_BREDR &&
436 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
437 count++;
438 }
439
440 rp_len = sizeof(*rp) + (2 * count);
441 rp = kmalloc(rp_len, GFP_ATOMIC);
442 if (!rp) {
443 read_unlock(&hci_dev_list_lock);
444 return -ENOMEM;
445 }
446
447 count = 0;
448 list_for_each_entry(d, &hci_dev_list, list) {
449 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 450 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 451 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
452 continue;
453
454 /* Devices marked as raw-only are neither configured
455 * nor unconfigured controllers.
456 */
457 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
458 continue;
459
460 if (d->dev_type == HCI_BREDR &&
461 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
462 rp->index[count++] = cpu_to_le16(d->id);
463 BT_DBG("Added hci%u", d->id);
464 }
465 }
466
467 rp->num_controllers = cpu_to_le16(count);
468 rp_len = sizeof(*rp) + (2 * count);
469
470 read_unlock(&hci_dev_list_lock);
471
472 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
473 0, rp, rp_len);
474
475 kfree(rp);
476
477 return err;
478}
479
dbece37a
MH		 480static bool is_configured(struct hci_dev *hdev)
481{
482 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
483 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
484 return false;
485
486 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
487 !bacmp(&hdev->public_addr, BDADDR_ANY))
488 return false;
489
490 return true;
491}
492
89bc22d2
MH		 493static __le32 get_missing_options(struct hci_dev *hdev)
494{
495 u32 options = 0;
496
dbece37a
MH		 497 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
498 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 499 options |= MGMT_OPTION_EXTERNAL_CONFIG;
500
89bc22d2
MH		 501 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
502 !bacmp(&hdev->public_addr, BDADDR_ANY))
503 options |= MGMT_OPTION_PUBLIC_ADDRESS;
504
505 return cpu_to_le32(options);
506}
507
f4537c04
MH		 508static int new_options(struct hci_dev *hdev, struct sock *skip)
509{
510 __le32 options = get_missing_options(hdev);
511
512 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
513 sizeof(options), skip);
514}
515
dbece37a
MH		 516static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
517{
518 __le32 options = get_missing_options(hdev);
519
520 return cmd_complete(sk, hdev->id, opcode, 0, &options,
521 sizeof(options));
522}
523
9fc3bfb6
MH		 524static int read_config_info(struct sock *sk, struct hci_dev *hdev,
525 void *data, u16 data_len)
526{
527 struct mgmt_rp_read_config_info rp;
89bc22d2 528 u32 options = 0;
9fc3bfb6
MH		 529
530 BT_DBG("sock %p %s", sk, hdev->name);
531
532 hci_dev_lock(hdev);
533
534 memset(&rp, 0, sizeof(rp));
535 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 536
eb1904f4
MH		 537 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
538 options |= MGMT_OPTION_EXTERNAL_CONFIG;
539
9fc3bfb6 540 if (hdev->set_bdaddr)
89bc22d2
MH		 541 options |= MGMT_OPTION_PUBLIC_ADDRESS;
542
543 rp.supported_options = cpu_to_le32(options);
544 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 545
546 hci_dev_unlock(hdev);
547
548 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
549 sizeof(rp));
550}
551
69ab39ea
JH		 552static u32 get_supported_settings(struct hci_dev *hdev)
553{
554 u32 settings = 0;
555
556 settings |= MGMT_SETTING_POWERED;
b2939475 557 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 558 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 559 settings |= MGMT_SETTING_CONNECTABLE;
560 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 561
ed3fa31f 562 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 563 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
564 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 565 settings |= MGMT_SETTING_BREDR;
566 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 567
568 if (lmp_ssp_capable(hdev)) {
569 settings |= MGMT_SETTING_SSP;
570 settings |= MGMT_SETTING_HS;
571 }
e98d2ce2 572
05b3c3e7 573 if (lmp_sc_capable(hdev))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
a3209694 580 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 581 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 582 }
69ab39ea 583
eb1904f4
MH		 584 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
585 hdev->set_bdaddr)
9fc3bfb6
MH		 586 settings |= MGMT_SETTING_CONFIGURATION;
587
69ab39ea
JH		 588 return settings;
589}
590
591static u32 get_current_settings(struct hci_dev *hdev)
592{
593 u32 settings = 0;
594
f1f0eb02 595 if (hdev_is_powered(hdev))
f0d4b78a
MH		 596 settings |= MGMT_SETTING_POWERED;
597
5e5282bb 598 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 599 settings |= MGMT_SETTING_CONNECTABLE;
600
1a4d3c4b
JH		 601 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
602 settings |= MGMT_SETTING_FAST_CONNECTABLE;
603
5e5282bb 604 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 605 settings |= MGMT_SETTING_DISCOVERABLE;
606
b6ae8457 607 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 608 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 609
56f87901 610 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 611 settings |= MGMT_SETTING_BREDR;
612
06199cf8 613 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 614 settings |= MGMT_SETTING_LE;
615
47990ea0 616 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 617 settings |= MGMT_SETTING_LINK_SECURITY;
618
84bde9d6 619 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 620 settings |= MGMT_SETTING_SSP;
621
6d80dfd0
JH		 622 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
623 settings |= MGMT_SETTING_HS;
624
f3d3444a 625 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 626 settings |= MGMT_SETTING_ADVERTISING;
627
e98d2ce2
MH		 628 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
629 settings |= MGMT_SETTING_SECURE_CONN;
630
0663b297 631 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 632 settings |= MGMT_SETTING_DEBUG_KEYS;
633
0f4bd942
JH		 634 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
635 settings |= MGMT_SETTING_PRIVACY;
636
69ab39ea
JH		 637 return settings;
638}
639
ef580372
JH		 640#define PNP_INFO_SVCLASS_ID 0x1200
641
213202ed
JH		 642static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
643{
644 u8 *ptr = data, *uuids_start = NULL;
645 struct bt_uuid *uuid;
646
647 if (len < 4)
648 return ptr;
649
650 list_for_each_entry(uuid, &hdev->uuids, list) {
651 u16 uuid16;
652
653 if (uuid->size != 16)
654 continue;
655
656 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
657 if (uuid16 < 0x1100)
658 continue;
659
660 if (uuid16 == PNP_INFO_SVCLASS_ID)
661 continue;
662
663 if (!uuids_start) {
664 uuids_start = ptr;
665 uuids_start[0] = 1;
666 uuids_start[1] = EIR_UUID16_ALL;
667 ptr += 2;
668 }
669
670 /* Stop if not enough space to put next UUID */
671 if ((ptr - data) + sizeof(u16) > len) {
672 uuids_start[1] = EIR_UUID16_SOME;
673 break;
674 }
675
676 *ptr++ = (uuid16 & 0x00ff);
677 *ptr++ = (uuid16 & 0xff00) >> 8;
678 uuids_start[0] += sizeof(uuid16);
679 }
680
681 return ptr;
682}
683
cdf1963f
JH		 684static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
685{
686 u8 *ptr = data, *uuids_start = NULL;
687 struct bt_uuid *uuid;
688
689 if (len < 6)
690 return ptr;
691
692 list_for_each_entry(uuid, &hdev->uuids, list) {
693 if (uuid->size != 32)
694 continue;
695
696 if (!uuids_start) {
697 uuids_start = ptr;
698 uuids_start[0] = 1;
699 uuids_start[1] = EIR_UUID32_ALL;
700 ptr += 2;
701 }
702
703 /* Stop if not enough space to put next UUID */
704 if ((ptr - data) + sizeof(u32) > len) {
705 uuids_start[1] = EIR_UUID32_SOME;
706 break;
707 }
708
709 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
710 ptr += sizeof(u32);
711 uuids_start[0] += sizeof(u32);
712 }
713
714 return ptr;
715}
716
c00d575b
JH		 717static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
718{
719 u8 *ptr = data, *uuids_start = NULL;
720 struct bt_uuid *uuid;
721
722 if (len < 18)
723 return ptr;
724
725 list_for_each_entry(uuid, &hdev->uuids, list) {
726 if (uuid->size != 128)
727 continue;
728
729 if (!uuids_start) {
730 uuids_start = ptr;
731 uuids_start[0] = 1;
732 uuids_start[1] = EIR_UUID128_ALL;
733 ptr += 2;
734 }
735
736 /* Stop if not enough space to put next UUID */
737 if ((ptr - data) + 16 > len) {
738 uuids_start[1] = EIR_UUID128_SOME;
739 break;
740 }
741
742 memcpy(ptr, uuid->uuid, 16);
743 ptr += 16;
744 uuids_start[0] += 16;
745 }
746
747 return ptr;
748}
749
eb2a8d20
JH		 750static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
751{
752 struct pending_cmd *cmd;
753
754 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
755 if (cmd->opcode == opcode)
756 return cmd;
757 }
758
759 return NULL;
760}
761
95868426
JH		 762static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
763 struct hci_dev *hdev,
764 const void *data)
765{
766 struct pending_cmd *cmd;
767
768 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
769 if (cmd->user_data != data)
770 continue;
771 if (cmd->opcode == opcode)
772 return cmd;
773 }
774
775 return NULL;
776}
777
f14d8f64
MH		 778static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
779{
7a5f4990
MH		 780 u8 ad_len = 0;
781 size_t name_len;
782
783 name_len = strlen(hdev->dev_name);
784 if (name_len > 0) {
785 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
786
787 if (name_len > max_len) {
788 name_len = max_len;
789 ptr[1] = EIR_NAME_SHORT;
790 } else
791 ptr[1] = EIR_NAME_COMPLETE;
792
793 ptr[0] = name_len + 1;
794
795 memcpy(ptr + 2, hdev->dev_name, name_len);
796
797 ad_len += (name_len + 2);
798 ptr += (name_len + 2);
799 }
800
801 return ad_len;
f14d8f64
MH		 802}
803
804static void update_scan_rsp_data(struct hci_request *req)
805{
806 struct hci_dev *hdev = req->hdev;
807 struct hci_cp_le_set_scan_rsp_data cp;
808 u8 len;
809
7751ef1b 810 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 811 return;
812
813 memset(&cp, 0, sizeof(cp));
814
815 len = create_scan_rsp_data(hdev, cp.data);
816
eb438b5f
JH		 817 if (hdev->scan_rsp_data_len == len &&
818 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 819 return;
820
eb438b5f
JH		 821 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
822 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 823
824 cp.length = len;
825
826 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
827}
828
9a43e25f
JH		 829static u8 get_adv_discov_flags(struct hci_dev *hdev)
830{
831 struct pending_cmd *cmd;
832
833 /* If there's a pending mgmt command the flags will not yet have
834 * their final values, so check for this first.
835 */
836 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
837 if (cmd) {
838 struct mgmt_mode *cp = cmd->param;
839 if (cp->val == 0x01)
840 return LE_AD_GENERAL;
841 else if (cp->val == 0x02)
842 return LE_AD_LIMITED;
843 } else {
844 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
845 return LE_AD_LIMITED;
846 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
847 return LE_AD_GENERAL;
848 }
849
850 return 0;
851}
852
46cad2ed 853static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 854{
855 u8 ad_len = 0, flags = 0;
441ad2d0 856
9a43e25f 857 flags |= get_adv_discov_flags(hdev);
441ad2d0 858
e834004b 859 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 860 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 861
862 if (flags) {
863 BT_DBG("adv flags 0x%02x", flags);
864
865 ptr[0] = 2;
866 ptr[1] = EIR_FLAGS;
867 ptr[2] = flags;
868
869 ad_len += 3;
870 ptr += 3;
871 }
872
873 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
874 ptr[0] = 2;
875 ptr[1] = EIR_TX_POWER;
876 ptr[2] = (u8) hdev->adv_tx_power;
877
878 ad_len += 3;
879 ptr += 3;
880 }
881
441ad2d0
MH		 882 return ad_len;
883}
884
5947f4bc 885static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 886{
887 struct hci_dev *hdev = req->hdev;
888 struct hci_cp_le_set_adv_data cp;
889 u8 len;
890
10994ce6 891 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 892 return;
893
894 memset(&cp, 0, sizeof(cp));
895
46cad2ed 896 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 897
898 if (hdev->adv_data_len == len &&
899 memcmp(cp.data, hdev->adv_data, len) == 0)
900 return;
901
902 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
903 hdev->adv_data_len = len;
904
905 cp.length = len;
906
907 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
908}
909
bc6d2d04
JH		 910int mgmt_update_adv_data(struct hci_dev *hdev)
911{
912 struct hci_request req;
913
914 hci_req_init(&req, hdev);
915 update_adv_data(&req);
916
917 return hci_req_run(&req, NULL);
918}
919
ef580372
JH		 920static void create_eir(struct hci_dev *hdev, u8 *data)
921{
922 u8 *ptr = data;
ef580372
JH		 923 size_t name_len;
924
925 name_len = strlen(hdev->dev_name);
926
927 if (name_len > 0) {
928 /* EIR Data type */
929 if (name_len > 48) {
930 name_len = 48;
931 ptr[1] = EIR_NAME_SHORT;
932 } else
933 ptr[1] = EIR_NAME_COMPLETE;
934
935 /* EIR Data length */
936 ptr[0] = name_len + 1;
937
938 memcpy(ptr + 2, hdev->dev_name, name_len);
939
ef580372
JH		 940 ptr += (name_len + 2);
941 }
942
bbaf444a 943 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 944 ptr[0] = 2;
945 ptr[1] = EIR_TX_POWER;
946 ptr[2] = (u8) hdev->inq_tx_power;
947
91c4e9b1
MH		 948 ptr += 3;
949 }
950
2b9be137
MH		 951 if (hdev->devid_source > 0) {
952 ptr[0] = 9;
953 ptr[1] = EIR_DEVICE_ID;
954
955 put_unaligned_le16(hdev->devid_source, ptr + 2);
956 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
957 put_unaligned_le16(hdev->devid_product, ptr + 6);
958 put_unaligned_le16(hdev->devid_version, ptr + 8);
959
2b9be137
MH		 960 ptr += 10;
961 }
962
213202ed 963 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 964 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 965 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 966}
967
890ea898 968static void update_eir(struct hci_request *req)
ef580372 969{
890ea898 970 struct hci_dev *hdev = req->hdev;
ef580372
JH		 971 struct hci_cp_write_eir cp;
972
504c8dcd 973 if (!hdev_is_powered(hdev))
890ea898 974 return;
7770c4aa 975
976eb20e 976 if (!lmp_ext_inq_capable(hdev))
890ea898 977 return;
ef580372 978
84bde9d6 979 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 980 return;
ef580372 981
a8b2d5c2 982 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 983 return;
ef580372
JH		 984
985 memset(&cp, 0, sizeof(cp));
986
987 create_eir(hdev, cp.data);
988
989 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 990 return;
ef580372
JH		 991
992 memcpy(hdev->eir, cp.data, sizeof(cp.data));
993
890ea898 994 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 995}
996
997static u8 get_service_classes(struct hci_dev *hdev)
998{
999 struct bt_uuid *uuid;
1000 u8 val = 0;
1001
1002 list_for_each_entry(uuid, &hdev->uuids, list)
1003 val |= uuid->svc_hint;
1004
1005 return val;
1006}
1007
890ea898 1008static void update_class(struct hci_request *req)
ef580372 1009{
890ea898 1010 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1011 u8 cod[3];
1012
1013 BT_DBG("%s", hdev->name);
1014
504c8dcd 1015 if (!hdev_is_powered(hdev))
890ea898 1016 return;
7770c4aa 1017
f87ea1da
JH		 1018 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1019 return;
1020
a8b2d5c2 1021 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1022 return;
ef580372
JH		 1023
1024 cod[0] = hdev->minor_class;
1025 cod[1] = hdev->major_class;
1026 cod[2] = get_service_classes(hdev);
1027
6acd7db4
MH		 1028 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1029 cod[1] |= 0x20;
1030
ef580372 1031 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1032 return;
ef580372 1033
890ea898 1034 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1035}
1036
a4858cb9 1037static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1038{
1039 struct pending_cmd *cmd;
199a2fb1
JH		 1040
1041 /* If there's a pending mgmt command the flag will not yet have
1042 * it's final value, so check for this first.
1043 */
1044 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1045 if (cmd) {
1046 struct mgmt_mode *cp = cmd->param;
a4858cb9 1047 return cp->val;
199a2fb1
JH		 1048 }
1049
a4858cb9 1050 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1051}
1052
0ec5ae84
JH		 1053static void disable_advertising(struct hci_request *req)
1054{
1055 u8 enable = 0x00;
1056
1057 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1058}
1059
199a2fb1
JH		 1060static void enable_advertising(struct hci_request *req)
1061{
1062 struct hci_dev *hdev = req->hdev;
1063 struct hci_cp_le_set_adv_param cp;
8f2a0601 1064 u8 own_addr_type, enable = 0x01;
a4858cb9 1065 bool connectable;
199a2fb1 1066
0ec5ae84
JH		 1067 if (hci_conn_num(hdev, LE_LINK) > 0)
1068 return;
1069
1070 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1071 disable_advertising(req);
1072
5ce194c4 1073 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1074 * hci_update_random_address knows that it's safe to go ahead
1075 * and write a new random address. The flag will be set back on
1076 * as soon as the SET_ADV_ENABLE HCI command completes.
1077 */
5ce194c4 1078 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1079
a4858cb9 1080 connectable = get_connectable(hdev);
8f2a0601 1081
a4858cb9
JH		 1082 /* Set require_privacy to true only when non-connectable
1083 * advertising is used. In that case it is fine to use a
1084 * non-resolvable private address.
1085 */
1086 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1087 return;
1088
41c90c18 1089 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1090 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1091 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1092 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1093 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1094 cp.channel_map = hdev->le_adv_channel_map;
1095
1096 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1097
1098 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1099}
1100
7d78525d
JH		 1101static void service_cache_off(struct work_struct *work)
1102{
1103 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1104 service_cache.work);
890ea898 1105 struct hci_request req;
7d78525d 1106
a8b2d5c2 1107 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1108 return;
1109
890ea898
JH		 1110 hci_req_init(&req, hdev);
1111
7d78525d
JH		 1112 hci_dev_lock(hdev);
1113
890ea898
JH		 1114 update_eir(&req);
1115 update_class(&req);
7d78525d
JH		 1116
1117 hci_dev_unlock(hdev);
890ea898
JH		 1118
1119 hci_req_run(&req, NULL);
7d78525d
JH		 1120}
1121
d6bfd59c
JH		 1122static void rpa_expired(struct work_struct *work)
1123{
1124 struct hci_dev *hdev = container_of(work, struct hci_dev,
1125 rpa_expired.work);
1126 struct hci_request req;
1127
1128 BT_DBG("");
1129
1130 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1131
0ec5ae84 1132 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1133 return;
1134
1135 /* The generation of a new RPA and programming it into the
1136 * controller happens in the enable_advertising() function.
1137 */
d6bfd59c 1138 hci_req_init(&req, hdev);
d6bfd59c 1139 enable_advertising(&req);
d6bfd59c
JH		 1140 hci_req_run(&req, NULL);
1141}
1142
6a919082 1143static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1144{
4f87da80 1145 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1146 return;
1147
4f87da80 1148 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1149 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1150
4f87da80
JH		 1151 /* Non-mgmt controlled devices get this bit set
1152 * implicitly so that pairing works for them, however
1153 * for mgmt we require user-space to explicitly enable
1154 * it
1155 */
b6ae8457 1156 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1157}
1158
0f4e68cf 1159static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1160 void *data, u16 data_len)
0381101f 1161{
a38528f1 1162 struct mgmt_rp_read_info rp;
f7b64e69 1163
bdb6d971 1164 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1165
09fd0de5 1166 hci_dev_lock(hdev);
f7b64e69 1167
dc4fe30b
JH		 1168 memset(&rp, 0, sizeof(rp));
1169
69ab39ea 1170 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1171
69ab39ea 1172 rp.version = hdev->hci_ver;
eb55ef07 1173 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1174
1175 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1176 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1177
a38528f1 1178 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1179
dc4fe30b 1180 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1181 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1182
09fd0de5 1183 hci_dev_unlock(hdev);
0381101f 1184
bdb6d971 1185 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1186 sizeof(rp));
0381101f
JH		 1187}
1188
eec8d2bc
JH		 1189static void mgmt_pending_free(struct pending_cmd *cmd)
1190{
1191 sock_put(cmd->sk);
c68fb7ff 1192 kfree(cmd->param);
eec8d2bc
JH		 1193 kfree(cmd);
1194}
1195
366a0336 1196static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1197 struct hci_dev *hdev, void *data,
1198 u16 len)
eec8d2bc
JH		 1199{
1200 struct pending_cmd *cmd;
1201
fca20018 1202 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1203 if (!cmd)
366a0336 1204 return NULL;
eec8d2bc
JH		 1205
1206 cmd->opcode = opcode;
2e58ef3e 1207 cmd->index = hdev->id;
eec8d2bc 1208
323b0b88 1209 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1210 if (!cmd->param) {
eec8d2bc 1211 kfree(cmd);
366a0336 1212 return NULL;
eec8d2bc
JH		 1213 }
1214
323b0b88 1215 cmd->param_len = len;
eec8d2bc
JH		 1216
1217 cmd->sk = sk;
1218 sock_hold(sk);
1219
2e58ef3e 1220 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1221
366a0336 1222 return cmd;
eec8d2bc
JH		 1223}
1224
744cf19e 1225static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1226 void (*cb)(struct pending_cmd *cmd,
1227 void *data),
04124681 1228 void *data)
eec8d2bc 1229{
a3d09356 1230 struct pending_cmd *cmd, *tmp;
eec8d2bc 1231
a3d09356 1232 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1233 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1234 continue;
1235
eec8d2bc
JH		 1236 cb(cmd, data);
1237 }
1238}
1239
a664b5bc 1240static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1241{
73f22f62
JH		 1242 list_del(&cmd->list);
1243 mgmt_pending_free(cmd);
1244}
1245
69ab39ea 1246static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1247{
69ab39ea 1248 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1249
aee9b218 1250 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1251 sizeof(settings));
8680570b
JH		 1252}
1253
1904a853 1254static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1255{
1256 BT_DBG("%s status 0x%02x", hdev->name, status);
1257
a3172b7e
JH		 1258 if (hci_conn_count(hdev) == 0) {
1259 cancel_delayed_work(&hdev->power_off);
8b064a3a 1260 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1261 }
8b064a3a
JH		 1262}
1263
23a48093 1264static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1265{
1266 struct hci_dev *hdev = req->hdev;
1267 struct hci_cp_remote_name_req_cancel cp;
1268 struct inquiry_entry *e;
1269
1270 switch (hdev->discovery.state) {
1271 case DISCOVERY_FINDING:
1272 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1273 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1274 } else {
1275 cancel_delayed_work(&hdev->le_scan_disable);
1276 hci_req_add_le_scan_disable(req);
1277 }
1278
23a48093 1279 return true;
21a60d30
JH		 1280
1281 case DISCOVERY_RESOLVING:
1282 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1283 NAME_PENDING);
1284 if (!e)
23a48093 1285 break;
21a60d30
JH		 1286
1287 bacpy(&cp.bdaddr, &e->data.bdaddr);
1288 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1289 &cp);
1290
23a48093 1291 return true;
21a60d30
JH		 1292
1293 default:
1294 /* Passive scanning */
23a48093 1295 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1296 hci_req_add_le_scan_disable(req);
23a48093
JH		 1297 return true;
1298 }
1299
21a60d30
JH		 1300 break;
1301 }
23a48093
JH		 1302
1303 return false;
21a60d30
JH		 1304}
1305
8b064a3a
JH		 1306static int clean_up_hci_state(struct hci_dev *hdev)
1307{
1308 struct hci_request req;
1309 struct hci_conn *conn;
23a48093
JH		 1310 bool discov_stopped;
1311 int err;
8b064a3a
JH		 1312
1313 hci_req_init(&req, hdev);
1314
1315 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1316 test_bit(HCI_PSCAN, &hdev->flags)) {
1317 u8 scan = 0x00;
1318 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1319 }
1320
73e082f8 1321 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1322 disable_advertising(&req);
1323
23a48093 1324 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1325
1326 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1327 struct hci_cp_disconnect dc;
c9910d0f
JH		 1328 struct hci_cp_reject_conn_req rej;
1329
1330 switch (conn->state) {
1331 case BT_CONNECTED:
1332 case BT_CONFIG:
1333 dc.handle = cpu_to_le16(conn->handle);
1334 dc.reason = 0x15; /* Terminated due to Power Off */
1335 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1336 break;
1337 case BT_CONNECT:
1338 if (conn->type == LE_LINK)
1339 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1340 0, NULL);
1341 else if (conn->type == ACL_LINK)
1342 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1343 6, &conn->dst);
1344 break;
1345 case BT_CONNECT2:
1346 bacpy(&rej.bdaddr, &conn->dst);
1347 rej.reason = 0x15; /* Terminated due to Power Off */
1348 if (conn->type == ACL_LINK)
1349 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1350 sizeof(rej), &rej);
1351 else if (conn->type == SCO_LINK)
1352 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1353 sizeof(rej), &rej);
1354 break;
1355 }
8b064a3a
JH		 1356 }
1357
23a48093
JH		 1358 err = hci_req_run(&req, clean_up_hci_complete);
1359 if (!err && discov_stopped)
1360 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1361
1362 return err;
8b064a3a
JH		 1363}
1364
bdb6d971 1365static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1366 u16 len)
eec8d2bc 1367{
650f726d 1368 struct mgmt_mode *cp = data;
366a0336 1369 struct pending_cmd *cmd;
4b34ee78 1370 int err;
eec8d2bc 1371
bdb6d971 1372 BT_DBG("request for %s", hdev->name);
eec8d2bc 1373
a7e80f25
JH		 1374 if (cp->val != 0x00 && cp->val != 0x01)
1375 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1376 MGMT_STATUS_INVALID_PARAMS);
1377
09fd0de5 1378 hci_dev_lock(hdev);
eec8d2bc 1379
87b95ba6
JH		 1380 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1381 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1382 MGMT_STATUS_BUSY);
1383 goto failed;
1384 }
1385
f0d4b78a
MH		 1386 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1387 cancel_delayed_work(&hdev->power_off);
1388
1389 if (cp->val) {
a1d70450
JH		 1390 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1391 data, len);
1392 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1393 goto failed;
1394 }
1395 }
1396
4b34ee78 1397 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1398 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1399 goto failed;
1400 }
1401
2e58ef3e 1402 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1403 if (!cmd) {
1404 err = -ENOMEM;
eec8d2bc 1405 goto failed;
366a0336 1406 }
eec8d2bc 1407
8b064a3a 1408 if (cp->val) {
19202573 1409 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1410 err = 0;
1411 } else {
1412 /* Disconnect connections, stop scans, etc */
1413 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1414 if (!err)
1415 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1416 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1417
8b064a3a
JH		 1418 /* ENODATA means there were no HCI commands queued */
1419 if (err == -ENODATA) {
a3172b7e 1420 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1421 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1422 err = 0;
1423 }
1424 }
eec8d2bc
JH		 1425
1426failed:
09fd0de5 1427 hci_dev_unlock(hdev);
366a0336 1428 return err;
eec8d2bc
JH		 1429}
1430
beadb2bd
JH		 1431static int new_settings(struct hci_dev *hdev, struct sock *skip)
1432{
1433 __le32 ev;
1434
1435 ev = cpu_to_le32(get_current_settings(hdev));
1436
1437 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1438}
1439
91a668b0
JH		 1440int mgmt_new_settings(struct hci_dev *hdev)
1441{
1442 return new_settings(hdev, NULL);
1443}
1444
bd99abdd
JH		 1445struct cmd_lookup {
1446 struct sock *sk;
1447 struct hci_dev *hdev;
1448 u8 mgmt_status;
1449};
1450
1451static void settings_rsp(struct pending_cmd *cmd, void *data)
1452{
1453 struct cmd_lookup *match = data;
1454
1455 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1456
1457 list_del(&cmd->list);
1458
1459 if (match->sk == NULL) {
1460 match->sk = cmd->sk;
1461 sock_hold(match->sk);
1462 }
1463
1464 mgmt_pending_free(cmd);
1465}
1466
1467static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1468{
1469 u8 *status = data;
1470
1471 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1472 mgmt_pending_remove(cmd);
1473}
1474
1b9b5ee5
JH		 1475static void cmd_complete_rsp(struct pending_cmd *cmd, void *data)
1476{
1477 if (cmd->cmd_complete) {
1478 u8 *status = data;
1479
1480 cmd->cmd_complete(cmd, *status);
1481 mgmt_pending_remove(cmd);
1482
1483 return;
1484 }
1485
1486 cmd_status_rsp(cmd, data);
1487}
1488
9df74653 1489static int generic_cmd_complete(struct pending_cmd *cmd, u8 status)
f5818c22 1490{
9df74653
JH		 1491 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1492 cmd->param, cmd->param_len);
f5818c22
JH		 1493}
1494
9df74653 1495static int addr_cmd_complete(struct pending_cmd *cmd, u8 status)
7776d1d8 1496{
9df74653
JH		 1497 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, cmd->param,
1498 sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1499}
1500
e6fe7986
JH		 1501static u8 mgmt_bredr_support(struct hci_dev *hdev)
1502{
1503 if (!lmp_bredr_capable(hdev))
1504 return MGMT_STATUS_NOT_SUPPORTED;
1505 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1506 return MGMT_STATUS_REJECTED;
1507 else
1508 return MGMT_STATUS_SUCCESS;
1509}
1510
1511static u8 mgmt_le_support(struct hci_dev *hdev)
1512{
1513 if (!lmp_le_capable(hdev))
1514 return MGMT_STATUS_NOT_SUPPORTED;
1515 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1516 return MGMT_STATUS_REJECTED;
1517 else
1518 return MGMT_STATUS_SUCCESS;
1519}
1520
1904a853
MH		 1521static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1522 u16 opcode)
bfaf8c9f
JH		 1523{
1524 struct pending_cmd *cmd;
1525 struct mgmt_mode *cp;
970ba524 1526 struct hci_request req;
bfaf8c9f
JH		 1527 bool changed;
1528
1529 BT_DBG("status 0x%02x", status);
1530
1531 hci_dev_lock(hdev);
1532
1533 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1534 if (!cmd)
1535 goto unlock;
1536
1537 if (status) {
1538 u8 mgmt_err = mgmt_status(status);
1539 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1540 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1541 goto remove_cmd;
1542 }
1543
1544 cp = cmd->param;
d4462a07 1545 if (cp->val) {
bfaf8c9f
JH		 1546 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1547 &hdev->dev_flags);
d4462a07
MH		 1548
1549 if (hdev->discov_timeout > 0) {
1550 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1551 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1552 to);
1553 }
1554 } else {
bfaf8c9f
JH		 1555 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1556 &hdev->dev_flags);
d4462a07 1557 }
bfaf8c9f
JH		 1558
1559 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1560
1561 if (changed)
1562 new_settings(hdev, cmd->sk);
1563
970ba524
MH		 1564 /* When the discoverable mode gets changed, make sure
1565 * that class of device has the limited discoverable
432df05e
JH		 1566 * bit correctly set. Also update page scan based on whitelist
1567 * entries.
970ba524
MH		 1568 */
1569 hci_req_init(&req, hdev);
1d2dc5b7 1570 __hci_update_page_scan(&req);
970ba524
MH		 1571 update_class(&req);
1572 hci_req_run(&req, NULL);
1573
bfaf8c9f
JH		 1574remove_cmd:
1575 mgmt_pending_remove(cmd);
1576
1577unlock:
1578 hci_dev_unlock(hdev);
1579}
1580
bdb6d971 1581static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1582 u16 len)
73f22f62 1583{
650f726d 1584 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1585 struct pending_cmd *cmd;
bfaf8c9f 1586 struct hci_request req;
5e5282bb 1587 u16 timeout;
9a43e25f 1588 u8 scan;
73f22f62
JH		 1589 int err;
1590
bdb6d971 1591 BT_DBG("request for %s", hdev->name);
73f22f62 1592
9a43e25f
JH		 1593 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1594 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1595 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1596 MGMT_STATUS_REJECTED);
33c525c0 1597
310a3d48 1598 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1599 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1600 MGMT_STATUS_INVALID_PARAMS);
1601
1f350c87 1602 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1603
1604 /* Disabling discoverable requires that no timeout is set,
1605 * and enabling limited discoverable requires a timeout.
1606 */
1607 if ((cp->val == 0x00 && timeout > 0) ||
1608 (cp->val == 0x02 && timeout == 0))
bdb6d971 1609 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1610 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1611
09fd0de5 1612 hci_dev_lock(hdev);
73f22f62 1613
5e5282bb 1614 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1615 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1616 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1617 goto failed;
1618 }
1619
2e58ef3e 1620 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1621 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1622 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1623 MGMT_STATUS_BUSY);
73f22f62
JH		 1624 goto failed;
1625 }
1626
5e5282bb 1627 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1628 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1629 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1630 goto failed;
1631 }
1632
1633 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1634 bool changed = false;
1635
310a3d48
MH		 1636 /* Setting limited discoverable when powered off is
1637 * not a valid operation since it requires a timeout
1638 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1639 */
0224d2fa
JH		 1640 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1641 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1642 changed = true;
1643 }
1644
5e5282bb 1645 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1646 if (err < 0)
1647 goto failed;
1648
1649 if (changed)
1650 err = new_settings(hdev, sk);
1651
5e5282bb
JH		 1652 goto failed;
1653 }
1654
310a3d48
MH		 1655 /* If the current mode is the same, then just update the timeout
1656 * value with the new value. And if only the timeout gets updated,
1657 * then no need for any HCI transactions.
1658 */
1659 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1660 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1661 &hdev->dev_flags)) {
36261547
MH		 1662 cancel_delayed_work(&hdev->discov_off);
1663 hdev->discov_timeout = timeout;
955638ec 1664
36261547
MH		 1665 if (cp->val && hdev->discov_timeout > 0) {
1666 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1667 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1668 to);
955638ec
MH		 1669 }
1670
69ab39ea 1671 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1672 goto failed;
1673 }
1674
2e58ef3e 1675 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1676 if (!cmd) {
1677 err = -ENOMEM;
73f22f62 1678 goto failed;
366a0336 1679 }
73f22f62 1680
310a3d48
MH		 1681 /* Cancel any potential discoverable timeout that might be
1682 * still active and store new timeout value. The arming of
1683 * the timeout happens in the complete handler.
1684 */
1685 cancel_delayed_work(&hdev->discov_off);
1686 hdev->discov_timeout = timeout;
1687
b456f87c
JH		 1688 /* Limited discoverable mode */
1689 if (cp->val == 0x02)
1690 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1691 else
1692 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1693
bfaf8c9f
JH		 1694 hci_req_init(&req, hdev);
1695
9a43e25f
JH		 1696 /* The procedure for LE-only controllers is much simpler - just
1697 * update the advertising data.
1698 */
1699 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1700 goto update_ad;
1701
73f22f62
JH		 1702 scan = SCAN_PAGE;
1703
310a3d48
MH		 1704 if (cp->val) {
1705 struct hci_cp_write_current_iac_lap hci_cp;
1706
1707 if (cp->val == 0x02) {
1708 /* Limited discoverable mode */
33337dcb 1709 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1710 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1711 hci_cp.iac_lap[1] = 0x8b;
1712 hci_cp.iac_lap[2] = 0x9e;
1713 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1714 hci_cp.iac_lap[4] = 0x8b;
1715 hci_cp.iac_lap[5] = 0x9e;
1716 } else {
1717 /* General discoverable mode */
310a3d48
MH		 1718 hci_cp.num_iac = 1;
1719 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1720 hci_cp.iac_lap[1] = 0x8b;
1721 hci_cp.iac_lap[2] = 0x9e;
1722 }
1723
1724 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1725 (hci_cp.num_iac * 3) + 1, &hci_cp);
1726
73f22f62 1727 scan |= SCAN_INQUIRY;
310a3d48
MH		 1728 } else {
1729 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1730 }
73f22f62 1731
310a3d48 1732 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1733
9a43e25f
JH		 1734update_ad:
1735 update_adv_data(&req);
1736
bfaf8c9f 1737 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1738 if (err < 0)
a664b5bc 1739 mgmt_pending_remove(cmd);
73f22f62
JH		 1740
1741failed:
09fd0de5 1742 hci_dev_unlock(hdev);
73f22f62
JH		 1743 return err;
1744}
1745
406d7804
JH		 1746static void write_fast_connectable(struct hci_request *req, bool enable)
1747{
bd98b996 1748 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1749 struct hci_cp_write_page_scan_activity acp;
1750 u8 type;
1751
547003b1
JH		 1752 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1753 return;
1754
4c01f8b8
JH		 1755 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1756 return;
1757
406d7804
JH		 1758 if (enable) {
1759 type = PAGE_SCAN_TYPE_INTERLACED;
1760
1761 /* 160 msec page scan interval */
dcf4adbf 1762 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1763 } else {
1764 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1765
1766 /* default 1.28 sec page scan */
dcf4adbf 1767 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1768 }
1769
dcf4adbf 1770 acp.window = cpu_to_le16(0x0012);
406d7804 1771
bd98b996
JH		 1772 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1773 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1774 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1775 sizeof(acp), &acp);
1776
1777 if (hdev->page_scan_type != type)
1778 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1779}
1780
1904a853
MH		 1781static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1782 u16 opcode)
2b76f453
JH		 1783{
1784 struct pending_cmd *cmd;
d7b856f9 1785 struct mgmt_mode *cp;
bc6d2d04 1786 bool conn_changed, discov_changed;
2b76f453
JH		 1787
1788 BT_DBG("status 0x%02x", status);
1789
1790 hci_dev_lock(hdev);
1791
1792 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1793 if (!cmd)
1794 goto unlock;
1795
37438c1f
JH		 1796 if (status) {
1797 u8 mgmt_err = mgmt_status(status);
1798 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1799 goto remove_cmd;
1800 }
1801
d7b856f9 1802 cp = cmd->param;
bc6d2d04
JH		 1803 if (cp->val) {
1804 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1805 &hdev->dev_flags);
1806 discov_changed = false;
1807 } else {
1808 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1809 &hdev->dev_flags);
1810 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1811 &hdev->dev_flags);
1812 }
d7b856f9 1813
2b76f453
JH		 1814 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1815
bc6d2d04 1816 if (conn_changed || discov_changed) {
d7b856f9 1817 new_settings(hdev, cmd->sk);
1d2dc5b7 1818 hci_update_page_scan(hdev);
bc6d2d04
JH		 1819 if (discov_changed)
1820 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1821 hci_update_background_scan(hdev);
1822 }
d7b856f9 1823
37438c1f 1824remove_cmd:
2b76f453
JH		 1825 mgmt_pending_remove(cmd);
1826
1827unlock:
1828 hci_dev_unlock(hdev);
1829}
1830
e8ba3a1f
JH		 1831static int set_connectable_update_settings(struct hci_dev *hdev,
1832 struct sock *sk, u8 val)
1833{
1834 bool changed = false;
1835 int err;
1836
1837 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1838 changed = true;
1839
1840 if (val) {
1841 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1842 } else {
1843 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1844 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1845 }
1846
1847 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1848 if (err < 0)
1849 return err;
1850
562064e6 1851 if (changed) {
1d2dc5b7 1852 hci_update_page_scan(hdev);
562064e6 1853 hci_update_background_scan(hdev);
e8ba3a1f 1854 return new_settings(hdev, sk);
562064e6 1855 }
e8ba3a1f
JH		 1856
1857 return 0;
1858}
1859
bdb6d971 1860static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1861 u16 len)
9fbcbb45 1862{
650f726d 1863 struct mgmt_mode *cp = data;
366a0336 1864 struct pending_cmd *cmd;
2b76f453 1865 struct hci_request req;
1987fdc7 1866 u8 scan;
9fbcbb45
JH		 1867 int err;
1868
bdb6d971 1869 BT_DBG("request for %s", hdev->name);
9fbcbb45 1870
1987fdc7
JH		 1871 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1872 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1873 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1874 MGMT_STATUS_REJECTED);
33c525c0 1875
a7e80f25
JH		 1876 if (cp->val != 0x00 && cp->val != 0x01)
1877 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1878 MGMT_STATUS_INVALID_PARAMS);
1879
09fd0de5 1880 hci_dev_lock(hdev);
9fbcbb45 1881
4b34ee78 1882 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1883 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1884 goto failed;
1885 }
1886
2e58ef3e 1887 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1888 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1889 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1890 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1891 goto failed;
1892 }
1893
2e58ef3e 1894 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1895 if (!cmd) {
1896 err = -ENOMEM;
9fbcbb45 1897 goto failed;
366a0336 1898 }
9fbcbb45 1899
9b74246f 1900 hci_req_init(&req, hdev);
9fbcbb45 1901
9a43e25f
JH		 1902 /* If BR/EDR is not enabled and we disable advertising as a
1903 * by-product of disabling connectable, we need to update the
1904 * advertising flags.
1905 */
1906 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1907 if (!cp->val) {
1908 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1909 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1910 }
1911 update_adv_data(&req);
1912 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1913 if (cp->val) {
1914 scan = SCAN_PAGE;
1915 } else {
3bd27240
JH		 1916 /* If we don't have any whitelist entries just
1917 * disable all scanning. If there are entries
1918 * and we had both page and inquiry scanning
1919 * enabled then fall back to only page scanning.
1920 * Otherwise no changes are needed.
1921 */
1922 if (list_empty(&hdev->whitelist))
1923 scan = SCAN_DISABLED;
1924 else if (test_bit(HCI_ISCAN, &hdev->flags))
1925 scan = SCAN_PAGE;
1926 else
1927 goto no_scan_update;
9b74246f
JH		 1928
1929 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1930 hdev->discov_timeout > 0)
9b74246f
JH		 1931 cancel_delayed_work(&hdev->discov_off);
1932 }
2b76f453 1933
9b74246f
JH		 1934 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1935 }
2b76f453 1936
3bd27240 1937no_scan_update:
4c01f8b8
JH		 1938 /* If we're going from non-connectable to connectable or
1939 * vice-versa when fast connectable is enabled ensure that fast
1940 * connectable gets disabled. write_fast_connectable won't do
1941 * anything if the page scan parameters are already what they
1942 * should be.
1943 */
1944 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1945 write_fast_connectable(&req, false);
1946
e8b1202c
JH		 1947 /* Update the advertising parameters if necessary */
1948 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1949 enable_advertising(&req);
1987fdc7 1950
2b76f453 1951 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1952 if (err < 0) {
a664b5bc 1953 mgmt_pending_remove(cmd);
9b74246f 1954 if (err == -ENODATA)
a81070ba
JH		 1955 err = set_connectable_update_settings(hdev, sk,
1956 cp->val);
9b74246f
JH		 1957 goto failed;
1958 }
9fbcbb45
JH		 1959
1960failed:
09fd0de5 1961 hci_dev_unlock(hdev);
9fbcbb45
JH		 1962 return err;
1963}
1964
b2939475 1965static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1966 u16 len)
c542a06c 1967{
650f726d 1968 struct mgmt_mode *cp = data;
55594356 1969 bool changed;
c542a06c
JH		 1970 int err;
1971
bdb6d971 1972 BT_DBG("request for %s", hdev->name);
c542a06c 1973
a7e80f25 1974 if (cp->val != 0x00 && cp->val != 0x01)
b2939475 1975 return cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
a7e80f25
JH		 1976 MGMT_STATUS_INVALID_PARAMS);
1977
09fd0de5 1978 hci_dev_lock(hdev);
c542a06c
JH		 1979
1980 if (cp->val)
b6ae8457 1981 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1982 else
b6ae8457 1983 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 1984
b2939475 1985 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1986 if (err < 0)
55594356 1987 goto unlock;
c542a06c 1988
55594356
MH		 1989 if (changed)
1990 err = new_settings(hdev, sk);
c542a06c 1991
55594356 1992unlock:
09fd0de5 1993 hci_dev_unlock(hdev);
c542a06c
JH		 1994 return err;
1995}
1996
04124681
GP		 1997static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1998 u16 len)
33ef95ed
JH		 1999{
2000 struct mgmt_mode *cp = data;
2001 struct pending_cmd *cmd;
e6fe7986 2002 u8 val, status;
33ef95ed
JH		 2003 int err;
2004
bdb6d971 2005 BT_DBG("request for %s", hdev->name);
33ef95ed 2006
e6fe7986
JH		 2007 status = mgmt_bredr_support(hdev);
2008 if (status)
33c525c0 2009 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 2010 status);
33c525c0 2011
a7e80f25
JH		 2012 if (cp->val != 0x00 && cp->val != 0x01)
2013 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2014 MGMT_STATUS_INVALID_PARAMS);
2015
33ef95ed
JH		 2016 hci_dev_lock(hdev);
2017
4b34ee78 2018 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2019 bool changed = false;
2020
2021 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2022 &hdev->dev_flags)) {
47990ea0
JH		 2023 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2024 changed = true;
2025 }
2026
2027 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2028 if (err < 0)
2029 goto failed;
2030
2031 if (changed)
2032 err = new_settings(hdev, sk);
2033
33ef95ed
JH		 2034 goto failed;
2035 }
2036
2037 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 2038 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 2039 MGMT_STATUS_BUSY);
33ef95ed
JH		 2040 goto failed;
2041 }
2042
2043 val = !!cp->val;
2044
2045 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2046 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2047 goto failed;
2048 }
2049
2050 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2051 if (!cmd) {
2052 err = -ENOMEM;
2053 goto failed;
2054 }
2055
2056 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2057 if (err < 0) {
2058 mgmt_pending_remove(cmd);
2059 goto failed;
2060 }
2061
2062failed:
2063 hci_dev_unlock(hdev);
33ef95ed
JH		 2064 return err;
2065}
2066
bdb6d971 2067static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2068{
2069 struct mgmt_mode *cp = data;
2070 struct pending_cmd *cmd;
72ef0c1a 2071 u8 status;
ed2c4ee3
JH		 2072 int err;
2073
bdb6d971 2074 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2075
cdba5281
MH		 2076 status = mgmt_bredr_support(hdev);
2077 if (status)
2078 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2079
13ecd8b6
JH		 2080 if (!lmp_ssp_capable(hdev))
2081 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2082 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2083
a7e80f25
JH		 2084 if (cp->val != 0x00 && cp->val != 0x01)
2085 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2086 MGMT_STATUS_INVALID_PARAMS);
2087
13ecd8b6 2088 hci_dev_lock(hdev);
6c8f12c1 2089
4b34ee78 2090 if (!hdev_is_powered(hdev)) {
9ecb3e24 2091 bool changed;
c0ecddc2 2092
9ecb3e24
MH		 2093 if (cp->val) {
2094 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2095 &hdev->dev_flags);
2096 } else {
2097 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2098 &hdev->dev_flags);
2099 if (!changed)
2100 changed = test_and_clear_bit(HCI_HS_ENABLED,
2101 &hdev->dev_flags);
2102 else
2103 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2104 }
2105
2106 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2107 if (err < 0)
2108 goto failed;
2109
2110 if (changed)
2111 err = new_settings(hdev, sk);
2112
ed2c4ee3
JH		 2113 goto failed;
2114 }
2115
9ecb3e24
MH		 2116 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2117 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2118 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2119 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2120 goto failed;
2121 }
2122
72ef0c1a 2123 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2124 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2125 goto failed;
2126 }
2127
2128 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2129 if (!cmd) {
2130 err = -ENOMEM;
2131 goto failed;
2132 }
2133
3769972b
JH		 2134 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2135 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2136 sizeof(cp->val), &cp->val);
2137
72ef0c1a 2138 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2139 if (err < 0) {
2140 mgmt_pending_remove(cmd);
2141 goto failed;
2142 }
2143
2144failed:
2145 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2146 return err;
2147}
2148
bdb6d971 2149static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2150{
2151 struct mgmt_mode *cp = data;
ee392693 2152 bool changed;
e6fe7986 2153 u8 status;
ee392693 2154 int err;
6d80dfd0 2155
bdb6d971 2156 BT_DBG("request for %s", hdev->name);
6d80dfd0 2157
e6fe7986
JH		 2158 status = mgmt_bredr_support(hdev);
2159 if (status)
2160 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2161
9ecb3e24
MH		 2162 if (!lmp_ssp_capable(hdev))
2163 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2164 MGMT_STATUS_NOT_SUPPORTED);
2165
2166 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2167 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2168 MGMT_STATUS_REJECTED);
2169
a7e80f25
JH		 2170 if (cp->val != 0x00 && cp->val != 0x01)
2171 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2172 MGMT_STATUS_INVALID_PARAMS);
2173
ee392693
MH		 2174 hci_dev_lock(hdev);
2175
a0cdf960 2176 if (cp->val) {
ee392693 2177 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2178 } else {
2179 if (hdev_is_powered(hdev)) {
2180 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2181 MGMT_STATUS_REJECTED);
2182 goto unlock;
2183 }
2184
ee392693 2185 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2186 }
ee392693
MH		 2187
2188 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2189 if (err < 0)
2190 goto unlock;
2191
2192 if (changed)
2193 err = new_settings(hdev, sk);
6d80dfd0 2194
ee392693
MH		 2195unlock:
2196 hci_dev_unlock(hdev);
2197 return err;
6d80dfd0
JH		 2198}
2199
1904a853 2200static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2201{
2202 struct cmd_lookup match = { NULL, hdev };
2203
3ad67582
JK		 2204 hci_dev_lock(hdev);
2205
416a4ae5
JH		 2206 if (status) {
2207 u8 mgmt_err = mgmt_status(status);
2208
2209 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2210 &mgmt_err);
3ad67582 2211 goto unlock;
416a4ae5
JH		 2212 }
2213
2214 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2215
2216 new_settings(hdev, match.sk);
2217
2218 if (match.sk)
2219 sock_put(match.sk);
441ad2d0
MH		 2220
2221 /* Make sure the controller has a good default for
2222 * advertising data. Restrict the update to when LE
2223 * has actually been enabled. During power on, the
2224 * update in powered_update_hci will take care of it.
2225 */
2226 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2227 struct hci_request req;
2228
441ad2d0 2229 hci_req_init(&req, hdev);
5947f4bc 2230 update_adv_data(&req);
f14d8f64 2231 update_scan_rsp_data(&req);
2cf22218 2232 __hci_update_background_scan(&req);
441ad2d0 2233 hci_req_run(&req, NULL);
441ad2d0 2234 }
3ad67582
JK		 2235
2236unlock:
2237 hci_dev_unlock(hdev);
416a4ae5
JH		 2238}
2239
bdb6d971 2240static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2241{
2242 struct mgmt_mode *cp = data;
2243 struct hci_cp_write_le_host_supported hci_cp;
2244 struct pending_cmd *cmd;
416a4ae5 2245 struct hci_request req;
06199cf8 2246 int err;
0b60eba1 2247 u8 val, enabled;
06199cf8 2248
bdb6d971 2249 BT_DBG("request for %s", hdev->name);
06199cf8 2250
13ecd8b6
JH		 2251 if (!lmp_le_capable(hdev))
2252 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2253 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2254
a7e80f25
JH		 2255 if (cp->val != 0x00 && cp->val != 0x01)
2256 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2257 MGMT_STATUS_INVALID_PARAMS);
2258
c73eee91 2259 /* LE-only devices do not allow toggling LE on/off */
56f87901 2260 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2261 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2262 MGMT_STATUS_REJECTED);
2263
13ecd8b6 2264 hci_dev_lock(hdev);
06199cf8
JH		 2265
2266 val = !!cp->val;
ffa88e02 2267 enabled = lmp_host_le_capable(hdev);
06199cf8 2268
0b60eba1 2269 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2270 bool changed = false;
2271
2272 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2273 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2274 changed = true;
2275 }
2276
f3d3444a
JH		 2277 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2278 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2279 changed = true;
2280 }
2281
06199cf8
JH		 2282 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2283 if (err < 0)
1de028ce 2284 goto unlock;
06199cf8
JH		 2285
2286 if (changed)
2287 err = new_settings(hdev, sk);
2288
1de028ce 2289 goto unlock;
06199cf8
JH		 2290 }
2291
4375f103
JH		 2292 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2293 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2294 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2295 MGMT_STATUS_BUSY);
1de028ce 2296 goto unlock;
06199cf8
JH		 2297 }
2298
2299 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2300 if (!cmd) {
2301 err = -ENOMEM;
1de028ce 2302 goto unlock;
06199cf8
JH		 2303 }
2304
441ad2d0
MH		 2305 hci_req_init(&req, hdev);
2306
06199cf8
JH		 2307 memset(&hci_cp, 0, sizeof(hci_cp));
2308
2309 if (val) {
2310 hci_cp.le = val;
32226e4f 2311 hci_cp.simul = 0x00;
441ad2d0 2312 } else {
73e082f8 2313 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2314 disable_advertising(&req);
06199cf8
JH		 2315 }
2316
416a4ae5
JH		 2317 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2318 &hci_cp);
2319
2320 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2321 if (err < 0)
06199cf8 2322 mgmt_pending_remove(cmd);
06199cf8 2323
1de028ce
JH		 2324unlock:
2325 hci_dev_unlock(hdev);
06199cf8
JH		 2326 return err;
2327}
2328
0cab9c80
JH		 2329/* This is a helper function to test for pending mgmt commands that can
2330 * cause CoD or EIR HCI commands. We can only allow one such pending
2331 * mgmt command at a time since otherwise we cannot easily track what
2332 * the current values are, will be, and based on that calculate if a new
2333 * HCI command needs to be sent and if yes with what value.
2334 */
2335static bool pending_eir_or_class(struct hci_dev *hdev)
2336{
2337 struct pending_cmd *cmd;
2338
2339 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2340 switch (cmd->opcode) {
2341 case MGMT_OP_ADD_UUID:
2342 case MGMT_OP_REMOVE_UUID:
2343 case MGMT_OP_SET_DEV_CLASS:
2344 case MGMT_OP_SET_POWERED:
2345 return true;
2346 }
2347 }
2348
2349 return false;
2350}
2351
83be8eca
JH		 2352static const u8 bluetooth_base_uuid[] = {
2353 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2354 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2355};
2356
2357static u8 get_uuid_size(const u8 *uuid)
2358{
2359 u32 val;
2360
2361 if (memcmp(uuid, bluetooth_base_uuid, 12))
2362 return 128;
2363
2364 val = get_unaligned_le32(&uuid[12]);
2365 if (val > 0xffff)
2366 return 32;
2367
2368 return 16;
2369}
2370
92da6097
JH		 2371static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2372{
2373 struct pending_cmd *cmd;
2374
2375 hci_dev_lock(hdev);
2376
2377 cmd = mgmt_pending_find(mgmt_op, hdev);
2378 if (!cmd)
2379 goto unlock;
2380
2381 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2382 hdev->dev_class, 3);
2383
2384 mgmt_pending_remove(cmd);
2385
2386unlock:
2387 hci_dev_unlock(hdev);
2388}
2389
1904a853 2390static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2391{
2392 BT_DBG("status 0x%02x", status);
2393
2394 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2395}
2396
bdb6d971 2397static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2398{
650f726d 2399 struct mgmt_cp_add_uuid *cp = data;
90e70454 2400 struct pending_cmd *cmd;
890ea898 2401 struct hci_request req;
2aeb9a1a 2402 struct bt_uuid *uuid;
2aeb9a1a
JH		 2403 int err;
2404
bdb6d971 2405 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2406
09fd0de5 2407 hci_dev_lock(hdev);
2aeb9a1a 2408
0cab9c80 2409 if (pending_eir_or_class(hdev)) {
bdb6d971 2410 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2411 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2412 goto failed;
2413 }
2414
92c4c204 2415 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2416 if (!uuid) {
2417 err = -ENOMEM;
2418 goto failed;
2419 }
2420
2421 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2422 uuid->svc_hint = cp->svc_hint;
83be8eca 2423 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2424
de66aa63 2425 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2426
890ea898 2427 hci_req_init(&req, hdev);
1aff6f09 2428
890ea898
JH		 2429 update_class(&req);
2430 update_eir(&req);
2431
92da6097
JH		 2432 err = hci_req_run(&req, add_uuid_complete);
2433 if (err < 0) {
2434 if (err != -ENODATA)
2435 goto failed;
80a1e1db 2436
bdb6d971 2437 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2438 hdev->dev_class, 3);
90e70454
JH		 2439 goto failed;
2440 }
2441
2442 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2443 if (!cmd) {
90e70454 2444 err = -ENOMEM;
890ea898
JH		 2445 goto failed;
2446 }
2447
2448 err = 0;
2aeb9a1a
JH		 2449
2450failed:
09fd0de5 2451 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2452 return err;
2453}
2454
24b78d0f
JH		 2455static bool enable_service_cache(struct hci_dev *hdev)
2456{
2457 if (!hdev_is_powered(hdev))
2458 return false;
2459
2460 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2461 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2462 CACHE_TIMEOUT);
24b78d0f
JH		 2463 return true;
2464 }
2465
2466 return false;
2467}
2468
1904a853 2469static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2470{
2471 BT_DBG("status 0x%02x", status);
2472
2473 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2474}
2475
bdb6d971 2476static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2477 u16 len)
2aeb9a1a 2478{
650f726d 2479 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2480 struct pending_cmd *cmd;
056341c8 2481 struct bt_uuid *match, *tmp;
2aeb9a1a 2482 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2483 struct hci_request req;
2aeb9a1a
JH		 2484 int err, found;
2485
bdb6d971 2486 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2487
09fd0de5 2488 hci_dev_lock(hdev);
2aeb9a1a 2489
0cab9c80 2490 if (pending_eir_or_class(hdev)) {
bdb6d971 2491 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2492 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2493 goto unlock;
2494 }
2495
2aeb9a1a 2496 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2497 hci_uuids_clear(hdev);
4004b6d9 2498
24b78d0f 2499 if (enable_service_cache(hdev)) {
bdb6d971 2500 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2501 0, hdev->dev_class, 3);
24b78d0f
JH		 2502 goto unlock;
2503 }
4004b6d9 2504
9246a869 2505 goto update_class;
2aeb9a1a
JH		 2506 }
2507
2508 found = 0;
2509
056341c8 2510 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2511 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2512 continue;
2513
2514 list_del(&match->list);
482049f7 2515 kfree(match);
2aeb9a1a
JH		 2516 found++;
2517 }
2518
2519 if (found == 0) {
bdb6d971 2520 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2521 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2522 goto unlock;
2523 }
2524
9246a869 2525update_class:
890ea898 2526 hci_req_init(&req, hdev);
1aff6f09 2527
890ea898
JH		 2528 update_class(&req);
2529 update_eir(&req);
2530
92da6097
JH		 2531 err = hci_req_run(&req, remove_uuid_complete);
2532 if (err < 0) {
2533 if (err != -ENODATA)
2534 goto unlock;
80a1e1db 2535
bdb6d971 2536 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2537 hdev->dev_class, 3);
90e70454
JH		 2538 goto unlock;
2539 }
2540
2541 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2542 if (!cmd) {
90e70454 2543 err = -ENOMEM;
890ea898
JH		 2544 goto unlock;
2545 }
2546
2547 err = 0;
2aeb9a1a
JH		 2548
2549unlock:
09fd0de5 2550 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2551 return err;
2552}
2553
1904a853 2554static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2555{
2556 BT_DBG("status 0x%02x", status);
2557
2558 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2559}
2560
bdb6d971 2561static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2562 u16 len)
1aff6f09 2563{
650f726d 2564 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2565 struct pending_cmd *cmd;
890ea898 2566 struct hci_request req;
1aff6f09
JH		 2567 int err;
2568
bdb6d971 2569 BT_DBG("request for %s", hdev->name);
1aff6f09 2570
6203fc98 2571 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2572 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2573 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2574
0cab9c80 2575 hci_dev_lock(hdev);
ee98f473 2576
0cab9c80
JH		 2577 if (pending_eir_or_class(hdev)) {
2578 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2579 MGMT_STATUS_BUSY);
2580 goto unlock;
2581 }
c95f0ba7 2582
0cab9c80
JH		 2583 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2584 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2585 MGMT_STATUS_INVALID_PARAMS);
2586 goto unlock;
2587 }
575b3a02 2588
932f5ff5
JH		 2589 hdev->major_class = cp->major;
2590 hdev->minor_class = cp->minor;
2591
b5235a65 2592 if (!hdev_is_powered(hdev)) {
bdb6d971 2593 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2594 hdev->dev_class, 3);
b5235a65
JH		 2595 goto unlock;
2596 }
2597
890ea898
JH		 2598 hci_req_init(&req, hdev);
2599
a8b2d5c2 2600 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2601 hci_dev_unlock(hdev);
2602 cancel_delayed_work_sync(&hdev->service_cache);
2603 hci_dev_lock(hdev);
890ea898 2604 update_eir(&req);
7d78525d 2605 }
14c0b608 2606
890ea898
JH		 2607 update_class(&req);
2608
92da6097
JH		 2609 err = hci_req_run(&req, set_class_complete);
2610 if (err < 0) {
2611 if (err != -ENODATA)
2612 goto unlock;
1aff6f09 2613
bdb6d971 2614 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2615 hdev->dev_class, 3);
90e70454
JH		 2616 goto unlock;
2617 }
2618
2619 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2620 if (!cmd) {
90e70454 2621 err = -ENOMEM;
890ea898
JH		 2622 goto unlock;
2623 }
2624
2625 err = 0;
1aff6f09 2626
b5235a65 2627unlock:
09fd0de5 2628 hci_dev_unlock(hdev);
1aff6f09
JH		 2629 return err;
2630}
2631
bdb6d971 2632static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2633 u16 len)
55ed8ca1 2634{
650f726d 2635 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2636 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2637 sizeof(struct mgmt_link_key_info));
4e51eae9 2638 u16 key_count, expected_len;
b1de97d8 2639 bool changed;
a492cd52 2640 int i;
55ed8ca1 2641
9060d5cf
MH		 2642 BT_DBG("request for %s", hdev->name);
2643
2644 if (!lmp_bredr_capable(hdev))
2645 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2646 MGMT_STATUS_NOT_SUPPORTED);
2647
1f350c87 2648 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2649 if (key_count > max_key_count) {
2650 BT_ERR("load_link_keys: too big key_count value %u",
2651 key_count);
2652 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2653 MGMT_STATUS_INVALID_PARAMS);
2654 }
55ed8ca1 2655
86742e1e
JH		 2656 expected_len = sizeof(*cp) + key_count *
2657 sizeof(struct mgmt_link_key_info);
a492cd52 2658 if (expected_len != len) {
86742e1e 2659 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2660 expected_len, len);
bdb6d971 2661 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2662 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2663 }
2664
4ae14301
JH		 2665 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2666 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2667 MGMT_STATUS_INVALID_PARAMS);
2668
bdb6d971 2669 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2670 key_count);
55ed8ca1 2671
4ee71b20
JH		 2672 for (i = 0; i < key_count; i++) {
2673 struct mgmt_link_key_info *key = &cp->keys[i];
2674
8e991132 2675 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2676 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2677 MGMT_STATUS_INVALID_PARAMS);
2678 }
2679
09fd0de5 2680 hci_dev_lock(hdev);
55ed8ca1
JH		 2681
2682 hci_link_keys_clear(hdev);
2683
55ed8ca1 2684 if (cp->debug_keys)
0663b297
JH		 2685 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2686 &hdev->dev_flags);
55ed8ca1 2687 else
0663b297
JH		 2688 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2689 &hdev->dev_flags);
b1de97d8
MH		 2690
2691 if (changed)
2692 new_settings(hdev, NULL);
55ed8ca1 2693
a492cd52 2694 for (i = 0; i < key_count; i++) {
86742e1e 2695 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2696
58e9293c
JH		 2697 /* Always ignore debug keys and require a new pairing if
2698 * the user wants to use them.
2699 */
2700 if (key->type == HCI_LK_DEBUG_COMBINATION)
2701 continue;
2702
7652ff6a
JH		 2703 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2704 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2705 }
2706
bdb6d971 2707 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2708
09fd0de5 2709 hci_dev_unlock(hdev);
55ed8ca1 2710
a492cd52 2711 return 0;
55ed8ca1
JH		 2712}
2713
b1078ad0 2714static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2715 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2716{
2717 struct mgmt_ev_device_unpaired ev;
2718
2719 bacpy(&ev.addr.bdaddr, bdaddr);
2720 ev.addr.type = addr_type;
2721
2722 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2723 skip_sk);
b1078ad0
JH		 2724}
2725
bdb6d971 2726static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2727 u16 len)
55ed8ca1 2728{
124f6e35
JH		 2729 struct mgmt_cp_unpair_device *cp = data;
2730 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2731 struct hci_cp_disconnect dc;
2732 struct pending_cmd *cmd;
55ed8ca1 2733 struct hci_conn *conn;
55ed8ca1
JH		 2734 int err;
2735
a8a1d19e 2736 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2737 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2738 rp.addr.type = cp->addr.type;
a8a1d19e 2739
4ee71b20
JH		 2740 if (!bdaddr_type_is_valid(cp->addr.type))
2741 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2742 MGMT_STATUS_INVALID_PARAMS,
2743 &rp, sizeof(rp));
2744
118da70b
JH		 2745 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2746 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2747 MGMT_STATUS_INVALID_PARAMS,
2748 &rp, sizeof(rp));
2749
4ee71b20
JH		 2750 hci_dev_lock(hdev);
2751
86a8cfc6 2752 if (!hdev_is_powered(hdev)) {
bdb6d971 2753 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2754 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2755 goto unlock;
2756 }
2757
e0b2b27e 2758 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2759 /* If disconnection is requested, then look up the
2760 * connection. If the remote device is connected, it
2761 * will be later used to terminate the link.
2762 *
2763 * Setting it to NULL explicitly will cause no
2764 * termination of the link.
2765 */
2766 if (cp->disconnect)
2767 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2768 &cp->addr.bdaddr);
2769 else
2770 conn = NULL;
2771
124f6e35 2772 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2773 } else {
2774 u8 addr_type;
2775
89cbb063
AA		 2776 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2777 &cp->addr.bdaddr);
2778 if (conn) {
2779 /* Defer clearing up the connection parameters
2780 * until closing to give a chance of keeping
2781 * them if a repairing happens.
2782 */
2783 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2784
2785 /* If disconnection is not requested, then
2786 * clear the connection variable so that the
2787 * link is not terminated.
2788 */
2789 if (!cp->disconnect)
2790 conn = NULL;
2791 }
2792
e0b2b27e
JH		 2793 if (cp->addr.type == BDADDR_LE_PUBLIC)
2794 addr_type = ADDR_LE_DEV_PUBLIC;
2795 else
2796 addr_type = ADDR_LE_DEV_RANDOM;
2797
a7ec7338
JH		 2798 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2799
e0b2b27e
JH		 2800 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2801 }
b0dbfb46 2802
55ed8ca1 2803 if (err < 0) {
bdb6d971 2804 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2805 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2806 goto unlock;
2807 }
2808
89cbb063
AA		 2809 /* If the connection variable is set, then termination of the
2810 * link is requested.
2811 */
a8a1d19e 2812 if (!conn) {
bdb6d971 2813 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2814 &rp, sizeof(rp));
b1078ad0 2815 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2816 goto unlock;
2817 }
55ed8ca1 2818
124f6e35 2819 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2820 sizeof(*cp));
a8a1d19e
JH		 2821 if (!cmd) {
2822 err = -ENOMEM;
2823 goto unlock;
55ed8ca1
JH		 2824 }
2825
d8b7b1e4
JH		 2826 cmd->cmd_complete = addr_cmd_complete;
2827
eb55ef07 2828 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2829 dc.reason = 0x13; /* Remote User Terminated Connection */
2830 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2831 if (err < 0)
2832 mgmt_pending_remove(cmd);
2833
55ed8ca1 2834unlock:
09fd0de5 2835 hci_dev_unlock(hdev);
55ed8ca1
JH		 2836 return err;
2837}
2838
bdb6d971 2839static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2840 u16 len)
8962ee74 2841{
650f726d 2842 struct mgmt_cp_disconnect *cp = data;
06a63b19 2843 struct mgmt_rp_disconnect rp;
366a0336 2844 struct pending_cmd *cmd;
8962ee74 2845 struct hci_conn *conn;
8962ee74
JH		 2846 int err;
2847
2848 BT_DBG("");
2849
06a63b19
JH		 2850 memset(&rp, 0, sizeof(rp));
2851 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2852 rp.addr.type = cp->addr.type;
2853
4ee71b20 2854 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2855 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2856 MGMT_STATUS_INVALID_PARAMS,
2857 &rp, sizeof(rp));
4ee71b20 2858
09fd0de5 2859 hci_dev_lock(hdev);
8962ee74
JH		 2860
2861 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2862 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2863 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2864 goto failed;
2865 }
2866
2e58ef3e 2867 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2868 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2869 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2870 goto failed;
2871 }
2872
591f47f3 2873 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2874 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2875 &cp->addr.bdaddr);
88c3df13
JH		 2876 else
2877 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2878
f960727e 2879 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2880 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2881 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2882 goto failed;
2883 }
2884
2e58ef3e 2885 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2886 if (!cmd) {
2887 err = -ENOMEM;
8962ee74 2888 goto failed;
366a0336 2889 }
8962ee74 2890
f5818c22
JH		 2891 cmd->cmd_complete = generic_cmd_complete;
2892
e3f2f92a 2893 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2894 if (err < 0)
a664b5bc 2895 mgmt_pending_remove(cmd);
8962ee74
JH		 2896
2897failed:
09fd0de5 2898 hci_dev_unlock(hdev);
8962ee74
JH		 2899 return err;
2900}
2901
57c1477c 2902static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2903{
2904 switch (link_type) {
2905 case LE_LINK:
48264f06
JH		 2906 switch (addr_type) {
2907 case ADDR_LE_DEV_PUBLIC:
591f47f3 2908 return BDADDR_LE_PUBLIC;
0ed09148 2909
48264f06 2910 default:
0ed09148 2911 /* Fallback to LE Random address type */
591f47f3 2912 return BDADDR_LE_RANDOM;
48264f06 2913 }
0ed09148 2914
4c659c39 2915 default:
0ed09148 2916 /* Fallback to BR/EDR type */
591f47f3 2917 return BDADDR_BREDR;
4c659c39
JH		 2918 }
2919}
2920
04124681
GP		 2921static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2922 u16 data_len)
2784eb41 2923{
2784eb41 2924 struct mgmt_rp_get_connections *rp;
8035ded4 2925 struct hci_conn *c;
a38528f1 2926 size_t rp_len;
60fc5fb6
JH		 2927 int err;
2928 u16 i;
2784eb41
JH		 2929
2930 BT_DBG("");
2931
09fd0de5 2932 hci_dev_lock(hdev);
2784eb41 2933
5f97c1df 2934 if (!hdev_is_powered(hdev)) {
bdb6d971 2935 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2936 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2937 goto unlock;
2938 }
2939
60fc5fb6 2940 i = 0;
b644ba33
JH		 2941 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2942 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2943 i++;
2784eb41
JH		 2944 }
2945
60fc5fb6 2946 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2947 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2948 if (!rp) {
2784eb41
JH		 2949 err = -ENOMEM;
2950 goto unlock;
2951 }
2952
2784eb41 2953 i = 0;
4c659c39 2954 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2955 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2956 continue;
4c659c39 2957 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2958 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2959 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2960 continue;
2961 i++;
2962 }
2963
eb55ef07 2964 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2965
4c659c39
JH		 2966 /* Recalculate length in case of filtered SCO connections, etc */
2967 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2968
bdb6d971 2969 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2970 rp_len);
2784eb41 2971
a38528f1 2972 kfree(rp);
5f97c1df
JH		 2973
2974unlock:
09fd0de5 2975 hci_dev_unlock(hdev);
2784eb41
JH		 2976 return err;
2977}
2978
bdb6d971 2979static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2980 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2981{
2982 struct pending_cmd *cmd;
2983 int err;
2984
2e58ef3e 2985 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2986 sizeof(*cp));
96d97a67
WR		 2987 if (!cmd)
2988 return -ENOMEM;
2989
d8457698 2990 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2991 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2992 if (err < 0)
2993 mgmt_pending_remove(cmd);
2994
2995 return err;
2996}
2997
bdb6d971 2998static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2999 u16 len)
980e1a53 3000{
96d97a67 3001 struct hci_conn *conn;
650f726d 3002 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3003 struct hci_cp_pin_code_reply reply;
366a0336 3004 struct pending_cmd *cmd;
980e1a53
JH		 3005 int err;
3006
3007 BT_DBG("");
3008
09fd0de5 3009 hci_dev_lock(hdev);
980e1a53 3010
4b34ee78 3011 if (!hdev_is_powered(hdev)) {
bdb6d971 3012 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3013 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3014 goto failed;
3015 }
3016
d8457698 3017 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3018 if (!conn) {
bdb6d971 3019 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3020 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3021 goto failed;
3022 }
3023
3024 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3025 struct mgmt_cp_pin_code_neg_reply ncp;
3026
3027 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3028
3029 BT_ERR("PIN code is not 16 bytes long");
3030
bdb6d971 3031 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3032 if (err >= 0)
bdb6d971 3033 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 3034 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3035
3036 goto failed;
3037 }
3038
00abfe44 3039 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3040 if (!cmd) {
3041 err = -ENOMEM;
980e1a53 3042 goto failed;
366a0336 3043 }
980e1a53 3044
7776d1d8
JH		 3045 cmd->cmd_complete = addr_cmd_complete;
3046
d8457698 3047 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3048 reply.pin_len = cp->pin_len;
24718ca5 3049 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3050
3051 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3052 if (err < 0)
a664b5bc 3053 mgmt_pending_remove(cmd);
980e1a53
JH		 3054
3055failed:
09fd0de5 3056 hci_dev_unlock(hdev);
980e1a53
JH		 3057 return err;
3058}
3059
04124681
GP		 3060static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3061 u16 len)
17fa4b9d 3062{
650f726d 3063 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3064
3065 BT_DBG("");
3066
4ec86d4c
JH		 3067 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
3068 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3069 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
3070
09fd0de5 3071 hci_dev_lock(hdev);
17fa4b9d
JH		 3072
3073 hdev->io_capability = cp->io_capability;
3074
3075 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3076 hdev->io_capability);
17fa4b9d 3077
09fd0de5 3078 hci_dev_unlock(hdev);
17fa4b9d 3079
04124681
GP		 3080 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
3081 0);
17fa4b9d
JH		 3082}
3083
6039aa73 3084static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3085{
3086 struct hci_dev *hdev = conn->hdev;
8035ded4 3087 struct pending_cmd *cmd;
e9a416b5 3088
2e58ef3e 3089 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3090 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3091 continue;
3092
e9a416b5
JH		 3093 if (cmd->user_data != conn)
3094 continue;
3095
3096 return cmd;
3097 }
3098
3099 return NULL;
3100}
3101
9df74653 3102static int pairing_complete(struct pending_cmd *cmd, u8 status)
e9a416b5
JH		 3103{
3104 struct mgmt_rp_pair_device rp;
3105 struct hci_conn *conn = cmd->user_data;
9df74653 3106 int err;
e9a416b5 3107
61b1a7fb
JH		 3108 bacpy(&rp.addr.bdaddr, &conn->dst);
3109 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3110
9df74653
JH		 3111 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
3112 &rp, sizeof(rp));
e9a416b5
JH		 3113
3114 /* So we don't get further callbacks for this connection */
3115 conn->connect_cfm_cb = NULL;
3116 conn->security_cfm_cb = NULL;
3117 conn->disconn_cfm_cb = NULL;
3118
76a68ba0 3119 hci_conn_drop(conn);
89cbb063
AA		 3120
3121 /* The device is paired so there is no need to remove
3122 * its connection parameters anymore.
3123 */
3124 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3125
3126 hci_conn_put(conn);
9df74653
JH		 3127
3128 return err;
e9a416b5
JH		 3129}
3130
f4a407be
JH		 3131void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3132{
3133 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3134 struct pending_cmd *cmd;
3135
3136 cmd = find_pairing(conn);
a511b35b 3137 if (cmd) {
04ab2749 3138 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3139 mgmt_pending_remove(cmd);
3140 }
f4a407be
JH		 3141}
3142
e9a416b5
JH		 3143static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3144{
3145 struct pending_cmd *cmd;
3146
3147 BT_DBG("status %u", status);
3148
3149 cmd = find_pairing(conn);
a511b35b 3150 if (!cmd) {
e9a416b5 3151 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3152 return;
3153 }
3154
3155 cmd->cmd_complete(cmd, mgmt_status(status));
3156 mgmt_pending_remove(cmd);
e9a416b5
JH		 3157}
3158
f4a407be 3159static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3160{
3161 struct pending_cmd *cmd;
3162
3163 BT_DBG("status %u", status);
3164
3165 if (!status)
3166 return;
3167
3168 cmd = find_pairing(conn);
a511b35b 3169 if (!cmd) {
4c47d739 3170 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3171 return;
3172 }
3173
3174 cmd->cmd_complete(cmd, mgmt_status(status));
3175 mgmt_pending_remove(cmd);
4c47d739
VA		 3176}
3177
bdb6d971 3178static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3179 u16 len)
e9a416b5 3180{
650f726d 3181 struct mgmt_cp_pair_device *cp = data;
1425acb7 3182 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3183 struct pending_cmd *cmd;
3184 u8 sec_level, auth_type;
3185 struct hci_conn *conn;
e9a416b5
JH		 3186 int err;
3187
3188 BT_DBG("");
3189
f950a30e
SJ		 3190 memset(&rp, 0, sizeof(rp));
3191 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3192 rp.addr.type = cp->addr.type;
3193
4ee71b20
JH		 3194 if (!bdaddr_type_is_valid(cp->addr.type))
3195 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3196 MGMT_STATUS_INVALID_PARAMS,
3197 &rp, sizeof(rp));
3198
4ec86d4c
JH		 3199 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3200 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3201 MGMT_STATUS_INVALID_PARAMS,
3202 &rp, sizeof(rp));
3203
09fd0de5 3204 hci_dev_lock(hdev);
e9a416b5 3205
5f97c1df 3206 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3207 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3208 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3209 goto unlock;
3210 }
3211
c908df36 3212 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3213 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3214
6f77d8c7 3215 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3216 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3217 auth_type);
6f77d8c7
AG		 3218 } else {
3219 u8 addr_type;
3220
3221 /* Convert from L2CAP channel address type to HCI address type
3222 */
3223 if (cp->addr.type == BDADDR_LE_PUBLIC)
3224 addr_type = ADDR_LE_DEV_PUBLIC;
3225 else
3226 addr_type = ADDR_LE_DEV_RANDOM;
3227
7c264b10
MH		 3228 /* When pairing a new device, it is expected to remember
3229 * this device for future connections. Adding the connection
3230 * parameter information ahead of time allows tracking
3231 * of the slave preferred values and will speed up any
3232 * further connection establishment.
3233 *
3234 * If connection parameters already exist, then they
3235 * will be kept and this function does nothing.
3236 */
3237 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3238
6f77d8c7 3239 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3240 sec_level, HCI_LE_CONN_TIMEOUT,
3241 HCI_ROLE_MASTER);
6f77d8c7 3242 }
7a512d01 3243
30e76272 3244 if (IS_ERR(conn)) {
489dc48e
AK		 3245 int status;
3246
3247 if (PTR_ERR(conn) == -EBUSY)
3248 status = MGMT_STATUS_BUSY;
3249 else
3250 status = MGMT_STATUS_CONNECT_FAILED;
3251
bdb6d971 3252 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3253 status, &rp,
04124681 3254 sizeof(rp));
e9a416b5
JH		 3255 goto unlock;
3256 }
3257
3258 if (conn->connect_cfm_cb) {
76a68ba0 3259 hci_conn_drop(conn);
bdb6d971 3260 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3261 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3262 goto unlock;
3263 }
3264
2e58ef3e 3265 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3266 if (!cmd) {
3267 err = -ENOMEM;
76a68ba0 3268 hci_conn_drop(conn);
e9a416b5
JH		 3269 goto unlock;
3270 }
3271
04ab2749
JH		 3272 cmd->cmd_complete = pairing_complete;
3273
7a512d01 3274 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3275 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3276 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3277 conn->security_cfm_cb = pairing_complete_cb;
3278 conn->disconn_cfm_cb = pairing_complete_cb;
3279 } else {
3280 conn->connect_cfm_cb = le_pairing_complete_cb;
3281 conn->security_cfm_cb = le_pairing_complete_cb;
3282 conn->disconn_cfm_cb = le_pairing_complete_cb;
3283 }
7a512d01 3284
e9a416b5 3285 conn->io_capability = cp->io_cap;
f8aaf9b6 3286 cmd->user_data = hci_conn_get(conn);
e9a416b5 3287
6f78fd4b 3288 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3289 hci_conn_security(conn, sec_level, auth_type, true)) {
3290 cmd->cmd_complete(cmd, 0);
3291 mgmt_pending_remove(cmd);
3292 }
e9a416b5
JH		 3293
3294 err = 0;
3295
3296unlock:
09fd0de5 3297 hci_dev_unlock(hdev);
e9a416b5
JH		 3298 return err;
3299}
3300
04124681
GP		 3301static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3302 u16 len)
28424707 3303{
0f4e68cf 3304 struct mgmt_addr_info *addr = data;
28424707
JH		 3305 struct pending_cmd *cmd;
3306 struct hci_conn *conn;
3307 int err;
3308
3309 BT_DBG("");
3310
28424707
JH		 3311 hci_dev_lock(hdev);
3312
5f97c1df 3313 if (!hdev_is_powered(hdev)) {
bdb6d971 3314 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3315 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3316 goto unlock;
3317 }
3318
28424707
JH		 3319 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3320 if (!cmd) {
bdb6d971 3321 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3322 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3323 goto unlock;
3324 }
3325
3326 conn = cmd->user_data;
3327
3328 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3329 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3330 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3331 goto unlock;
3332 }
3333
a511b35b
JH		 3334 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3335 mgmt_pending_remove(cmd);
28424707 3336
bdb6d971 3337 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3338 addr, sizeof(*addr));
28424707
JH		 3339unlock:
3340 hci_dev_unlock(hdev);
28424707
JH		 3341 return err;
3342}
3343
bdb6d971 3344static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3345 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3346 u16 hci_op, __le32 passkey)
a5c29683 3347{
a5c29683 3348 struct pending_cmd *cmd;
0df4c185 3349 struct hci_conn *conn;
a5c29683
JH		 3350 int err;
3351
09fd0de5 3352 hci_dev_lock(hdev);
08ba5382 3353
4b34ee78 3354 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3355 err = cmd_complete(sk, hdev->id, mgmt_op,
3356 MGMT_STATUS_NOT_POWERED, addr,
3357 sizeof(*addr));
0df4c185 3358 goto done;
a5c29683
JH		 3359 }
3360
1707c60e
JH		 3361 if (addr->type == BDADDR_BREDR)
3362 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3363 else
1707c60e 3364 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3365
3366 if (!conn) {
feb94d3d
JH		 3367 err = cmd_complete(sk, hdev->id, mgmt_op,
3368 MGMT_STATUS_NOT_CONNECTED, addr,
3369 sizeof(*addr));
272d90df
JH		 3370 goto done;
3371 }
47c15e2b 3372
1707c60e 3373 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3374 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3375 if (!err)
feb94d3d
JH		 3376 err = cmd_complete(sk, hdev->id, mgmt_op,
3377 MGMT_STATUS_SUCCESS, addr,
3378 sizeof(*addr));
5fe57d9e 3379 else
feb94d3d
JH		 3380 err = cmd_complete(sk, hdev->id, mgmt_op,
3381 MGMT_STATUS_FAILED, addr,
3382 sizeof(*addr));
47c15e2b 3383
47c15e2b
BG		 3384 goto done;
3385 }
3386
1707c60e 3387 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3388 if (!cmd) {
3389 err = -ENOMEM;
0df4c185 3390 goto done;
a5c29683
JH		 3391 }
3392
7776d1d8
JH		 3393 cmd->cmd_complete = addr_cmd_complete;
3394
0df4c185 3395 /* Continue with pairing via HCI */
604086b7
BG		 3396 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3397 struct hci_cp_user_passkey_reply cp;
3398
1707c60e 3399 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3400 cp.passkey = passkey;
3401 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3402 } else
1707c60e
JH		 3403 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3404 &addr->bdaddr);
604086b7 3405
a664b5bc
JH		 3406 if (err < 0)
3407 mgmt_pending_remove(cmd);
a5c29683 3408
0df4c185 3409done:
09fd0de5 3410 hci_dev_unlock(hdev);
a5c29683
JH		 3411 return err;
3412}
3413
afeb019d
JK		 3414static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3415 void *data, u16 len)
3416{
3417 struct mgmt_cp_pin_code_neg_reply *cp = data;
3418
3419 BT_DBG("");
3420
1707c60e 3421 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3422 MGMT_OP_PIN_CODE_NEG_REPLY,
3423 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3424}
3425
04124681
GP		 3426static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3427 u16 len)
0df4c185 3428{
650f726d 3429 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3430
3431 BT_DBG("");
3432
3433 if (len != sizeof(*cp))
bdb6d971 3434 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3435 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3436
1707c60e 3437 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3438 MGMT_OP_USER_CONFIRM_REPLY,
3439 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3440}
3441
bdb6d971 3442static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3443 void *data, u16 len)
0df4c185 3444{
c9c2659f 3445 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3446
3447 BT_DBG("");
3448
1707c60e 3449 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3450 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3451 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3452}
3453
04124681
GP		 3454static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3455 u16 len)
604086b7 3456{
650f726d 3457 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3458
3459 BT_DBG("");
3460
1707c60e 3461 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3462 MGMT_OP_USER_PASSKEY_REPLY,
3463 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3464}
3465
bdb6d971 3466static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3467 void *data, u16 len)
604086b7 3468{
650f726d 3469 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3470
3471 BT_DBG("");
3472
1707c60e 3473 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3474 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3475 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3476}
3477
13928971 3478static void update_name(struct hci_request *req)
2b4bf397 3479{
13928971 3480 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3481 struct hci_cp_write_local_name cp;
3482
13928971 3483 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3484
890ea898 3485 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3486}
3487
1904a853 3488static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3489{
3490 struct mgmt_cp_set_local_name *cp;
3491 struct pending_cmd *cmd;
3492
3493 BT_DBG("status 0x%02x", status);
3494
3495 hci_dev_lock(hdev);
3496
3497 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3498 if (!cmd)
3499 goto unlock;
3500
3501 cp = cmd->param;
3502
3503 if (status)
3504 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3505 mgmt_status(status));
3506 else
3507 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3508 cp, sizeof(*cp));
3509
3510 mgmt_pending_remove(cmd);
3511
3512unlock:
3513 hci_dev_unlock(hdev);
3514}
3515
bdb6d971 3516static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3517 u16 len)
b312b161 3518{
2b4bf397 3519 struct mgmt_cp_set_local_name *cp = data;
b312b161 3520 struct pending_cmd *cmd;
890ea898 3521 struct hci_request req;
b312b161
JH		 3522 int err;
3523
3524 BT_DBG("");
3525
09fd0de5 3526 hci_dev_lock(hdev);
b312b161 3527
b3f2ca94
JH		 3528 /* If the old values are the same as the new ones just return a
3529 * direct command complete event.
3530 */
3531 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3532 !memcmp(hdev->short_name, cp->short_name,
3533 sizeof(hdev->short_name))) {
3534 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3535 data, len);
3536 goto failed;
3537 }
3538
2b4bf397 3539 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3540
b5235a65 3541 if (!hdev_is_powered(hdev)) {
2b4bf397 3542 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3543
3544 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3545 data, len);
28cc7bde
JH		 3546 if (err < 0)
3547 goto failed;
3548
3549 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3550 sk);
28cc7bde 3551
b5235a65
JH		 3552 goto failed;
3553 }
3554
28cc7bde 3555 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3556 if (!cmd) {
3557 err = -ENOMEM;
3558 goto failed;
3559 }
3560
13928971
JH		 3561 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3562
890ea898 3563 hci_req_init(&req, hdev);
3f985050
JH		 3564
3565 if (lmp_bredr_capable(hdev)) {
3566 update_name(&req);
3567 update_eir(&req);
3568 }
3569
7a5f4990
MH		 3570 /* The name is stored in the scan response data and so
3571 * no need to udpate the advertising data here.
3572 */
3f985050 3573 if (lmp_le_capable(hdev))
7a5f4990 3574 update_scan_rsp_data(&req);
3f985050 3575
13928971 3576 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3577 if (err < 0)
3578 mgmt_pending_remove(cmd);
3579
3580failed:
09fd0de5 3581 hci_dev_unlock(hdev);
b312b161
JH		 3582 return err;
3583}
3584
0f4e68cf 3585static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3586 void *data, u16 data_len)
c35938b2 3587{
c35938b2
SJ		 3588 struct pending_cmd *cmd;
3589 int err;
3590
bdb6d971 3591 BT_DBG("%s", hdev->name);
c35938b2 3592
09fd0de5 3593 hci_dev_lock(hdev);
c35938b2 3594
4b34ee78 3595 if (!hdev_is_powered(hdev)) {
bdb6d971 3596 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3597 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3598 goto unlock;
3599 }
3600
9a1a1996 3601 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3602 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3603 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3604 goto unlock;
3605 }
3606
2e58ef3e 3607 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3608 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3609 MGMT_STATUS_BUSY);
c35938b2
SJ		 3610 goto unlock;
3611 }
3612
2e58ef3e 3613 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3614 if (!cmd) {
3615 err = -ENOMEM;
3616 goto unlock;
3617 }
3618
710f11c0 3619 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3620 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3621 0, NULL);
3622 else
3623 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3624
c35938b2
SJ		 3625 if (err < 0)
3626 mgmt_pending_remove(cmd);
3627
3628unlock:
09fd0de5 3629 hci_dev_unlock(hdev);
c35938b2
SJ		 3630 return err;
3631}
3632
bdb6d971 3633static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3634 void *data, u16 len)
2763eda6 3635{
2763eda6
SJ		 3636 int err;
3637
bdb6d971 3638 BT_DBG("%s ", hdev->name);
2763eda6 3639
09fd0de5 3640 hci_dev_lock(hdev);
2763eda6 3641
ec109113
MH		 3642 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3643 struct mgmt_cp_add_remote_oob_data *cp = data;
3644 u8 status;
bf1e3541 3645
c19a495c
JH		 3646 if (cp->addr.type != BDADDR_BREDR) {
3647 err = cmd_complete(sk, hdev->id,
3648 MGMT_OP_ADD_REMOTE_OOB_DATA,
3649 MGMT_STATUS_INVALID_PARAMS,
3650 &cp->addr, sizeof(cp->addr));
3651 goto unlock;
3652 }
3653
ec109113 3654 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3655 cp->addr.type, cp->hash,
3656 cp->rand, NULL, NULL);
ec109113
MH		 3657 if (err < 0)
3658 status = MGMT_STATUS_FAILED;
3659 else
3660 status = MGMT_STATUS_SUCCESS;
3661
3662 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3663 status, &cp->addr, sizeof(cp->addr));
3664 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3665 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
86df9200 3666 u8 *rand192, *hash192;
ec109113
MH		 3667 u8 status;
3668
c19a495c
JH		 3669 if (cp->addr.type != BDADDR_BREDR) {
3670 err = cmd_complete(sk, hdev->id,
3671 MGMT_OP_ADD_REMOTE_OOB_DATA,
3672 MGMT_STATUS_INVALID_PARAMS,
3673 &cp->addr, sizeof(cp->addr));
3674 goto unlock;
3675 }
3676
86df9200
JH		 3677 if (bdaddr_type_is_le(cp->addr.type)) {
3678 rand192 = NULL;
3679 hash192 = NULL;
3680 } else {
3681 rand192 = cp->rand192;
3682 hash192 = cp->hash192;
3683 }
3684
81328d5c 3685 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200
JH		 3686 cp->addr.type, hash192, rand192,
3687 cp->hash256, cp->rand256);
ec109113
MH		 3688 if (err < 0)
3689 status = MGMT_STATUS_FAILED;
3690 else
3691 status = MGMT_STATUS_SUCCESS;
3692
3693 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3694 status, &cp->addr, sizeof(cp->addr));
3695 } else {
3696 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3697 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3698 MGMT_STATUS_INVALID_PARAMS);
3699 }
2763eda6 3700
c19a495c 3701unlock:
09fd0de5 3702 hci_dev_unlock(hdev);
2763eda6
SJ		 3703 return err;
3704}
3705
bdb6d971 3706static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3707 void *data, u16 len)
2763eda6 3708{
650f726d 3709 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3710 u8 status;
2763eda6
SJ		 3711 int err;
3712
bdb6d971 3713 BT_DBG("%s", hdev->name);
2763eda6 3714
c19a495c
JH		 3715 if (cp->addr.type != BDADDR_BREDR)
3716 return cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3717 MGMT_STATUS_INVALID_PARAMS,
3718 &cp->addr, sizeof(cp->addr));
3719
09fd0de5 3720 hci_dev_lock(hdev);
2763eda6 3721
eedbd581
JH		 3722 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3723 hci_remote_oob_data_clear(hdev);
3724 status = MGMT_STATUS_SUCCESS;
3725 goto done;
3726 }
3727
6928a924 3728 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3729 if (err < 0)
bf1e3541 3730 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3731 else
a6785be2 3732 status = MGMT_STATUS_SUCCESS;
bf1e3541 3733
eedbd581 3734done:
bdb6d971 3735 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3736 status, &cp->addr, sizeof(cp->addr));
2763eda6 3737
09fd0de5 3738 hci_dev_unlock(hdev);
2763eda6
SJ		 3739 return err;
3740}
3741
8019044d 3742static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3743{
8019044d
MH		 3744 struct hci_dev *hdev = req->hdev;
3745 struct hci_cp_le_set_scan_param param_cp;
3746 struct hci_cp_le_set_scan_enable enable_cp;
3747 struct hci_cp_inquiry inq_cp;
3748 /* General inquiry access code (GIAC) */
3749 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3750 u8 own_addr_type;
41dc2bd6
AG		 3751 int err;
3752
8019044d
MH		 3753 switch (hdev->discovery.type) {
3754 case DISCOV_TYPE_BREDR:
3755 *status = mgmt_bredr_support(hdev);
3756 if (*status)
3757 return false;
41dc2bd6 3758
8019044d
MH		 3759 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3760 *status = MGMT_STATUS_BUSY;
3761 return false;
3762 }
41dc2bd6 3763
8019044d 3764 hci_inquiry_cache_flush(hdev);
41dc2bd6 3765
8019044d
MH		 3766 memset(&inq_cp, 0, sizeof(inq_cp));
3767 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3768 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3769 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3770 break;
41dc2bd6 3771
8019044d
MH		 3772 case DISCOV_TYPE_LE:
3773 case DISCOV_TYPE_INTERLEAVED:
3774 *status = mgmt_le_support(hdev);
3775 if (*status)
3776 return false;
3777
3778 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3779 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3780 *status = MGMT_STATUS_NOT_SUPPORTED;
3781 return false;
3782 }
3783
3784 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3785 /* Don't let discovery abort an outgoing
3786 * connection attempt that's using directed
3787 * advertising.
3788 */
3789 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3790 BT_CONNECT)) {
3791 *status = MGMT_STATUS_REJECTED;
3792 return false;
3793 }
3794
3795 disable_advertising(req);
3796 }
3797
3798 /* If controller is scanning, it means the background scanning
3799 * is running. Thus, we should temporarily stop it in order to
3800 * set the discovery scanning parameters.
3801 */
3802 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3803 hci_req_add_le_scan_disable(req);
3804
3805 memset(&param_cp, 0, sizeof(param_cp));
3806
3807 /* All active scans will be done with either a resolvable
3808 * private address (when privacy feature has been enabled)
9437d2ed 3809 * or non-resolvable private address.
8019044d
MH		 3810 */
3811 err = hci_update_random_address(req, true, &own_addr_type);
3812 if (err < 0) {
3813 *status = MGMT_STATUS_FAILED;
3814 return false;
3815 }
3816
3817 param_cp.type = LE_SCAN_ACTIVE;
3818 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3819 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3820 param_cp.own_address_type = own_addr_type;
3821 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3822 &param_cp);
3823
3824 memset(&enable_cp, 0, sizeof(enable_cp));
3825 enable_cp.enable = LE_SCAN_ENABLE;
3826 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3827 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3828 &enable_cp);
3829 break;
3830
3831 default:
3832 *status = MGMT_STATUS_INVALID_PARAMS;
3833 return false;
3834 }
3835
3836 return true;
41dc2bd6
AG		 3837}
3838
1904a853
MH		 3839static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3840 u16 opcode)
7c307720 3841{
41dc2bd6 3842 struct pending_cmd *cmd;
11e6e25d 3843 unsigned long timeout;
ae55f598 3844
7c307720
AG		 3845 BT_DBG("status %d", status);
3846
11e6e25d 3847 hci_dev_lock(hdev);
41dc2bd6 3848
11e6e25d 3849 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3850 if (!cmd)
3851 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3852
11e6e25d 3853 if (cmd) {
2922a94f 3854 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3855 mgmt_pending_remove(cmd);
3856 }
7c307720
AG		 3857
3858 if (status) {
11e6e25d
MH		 3859 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3860 goto unlock;
7c307720
AG		 3861 }
3862
7c307720 3863 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720
AG		 3864
3865 switch (hdev->discovery.type) {
3866 case DISCOV_TYPE_LE:
3d5a76f0 3867 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3868 break;
7c307720 3869 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3870 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3871 break;
7c307720 3872 case DISCOV_TYPE_BREDR:
11e6e25d 3873 timeout = 0;
7c307720 3874 break;
7c307720
AG		 3875 default:
3876 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3877 timeout = 0;
3878 break;
7c307720 3879 }
ae55f598 3880
11e6e25d
MH		 3881 if (timeout)
3882 queue_delayed_work(hdev->workqueue,
3883 &hdev->le_scan_disable, timeout);
ae55f598 3884
11e6e25d
MH		 3885unlock:
3886 hci_dev_unlock(hdev);
7c307720
AG		 3887}
3888
bdb6d971 3889static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3890 void *data, u16 len)
14a53664 3891{
650f726d 3892 struct mgmt_cp_start_discovery *cp = data;
14a53664 3893 struct pending_cmd *cmd;
7c307720 3894 struct hci_request req;
8019044d 3895 u8 status;
14a53664
JH		 3896 int err;
3897
bdb6d971 3898 BT_DBG("%s", hdev->name);
14a53664 3899
09fd0de5 3900 hci_dev_lock(hdev);
14a53664 3901
4b34ee78 3902 if (!hdev_is_powered(hdev)) {
a736abc1
SJ		 3903 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3904 MGMT_STATUS_NOT_POWERED,
3905 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3906 goto failed;
3907 }
3908
f5a969f2
MH		 3909 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3910 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
a736abc1
SJ		 3911 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3912 MGMT_STATUS_BUSY, &cp->type,
3913 sizeof(cp->type));
642be6c7
AG		 3914 goto failed;
3915 }
3916
2922a94f 3917 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 3918 if (!cmd) {
3919 err = -ENOMEM;
3920 goto failed;
3921 }
3922
2922a94f
JH		 3923 cmd->cmd_complete = generic_cmd_complete;
3924
22078800
MH		 3925 /* Clear the discovery filter first to free any previously
3926 * allocated memory for the UUID list.
3927 */
3928 hci_discovery_filter_clear(hdev);
3929
4aab14e5 3930 hdev->discovery.type = cp->type;
da25cf6a 3931 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3932
7c307720
AG		 3933 hci_req_init(&req, hdev);
3934
8019044d 3935 if (!trigger_discovery(&req, &status)) {
a736abc1 3936 err = cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
8019044d 3937 status, &cp->type, sizeof(cp->type));
04106755
JH		 3938 mgmt_pending_remove(cmd);
3939 goto failed;
f39799f5 3940 }
04106755 3941
7c307720 3942 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 3943 if (err < 0) {
14a53664 3944 mgmt_pending_remove(cmd);
f5a969f2
MH		 3945 goto failed;
3946 }
7c307720 3947
f5a969f2 3948 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 3949
14a53664 3950failed:
09fd0de5 3951 hci_dev_unlock(hdev);
14a53664
JH		 3952 return err;
3953}
f39799f5 3954
9df74653 3955static int service_discovery_cmd_complete(struct pending_cmd *cmd, u8 status)
2922a94f 3956{
9df74653
JH		 3957 return cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3958 cmd->param, 1);
2922a94f 3959}
04106755 3960
66ea9427
JP		 3961static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3962 void *data, u16 len)
3963{
3964 struct mgmt_cp_start_service_discovery *cp = data;
3965 struct pending_cmd *cmd;
3966 struct hci_request req;
3967 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3968 u16 uuid_count, expected_len;
3969 u8 status;
3970 int err;
04106755 3971
66ea9427 3972 BT_DBG("%s", hdev->name);
e8bb6b97 3973
66ea9427 3974 hci_dev_lock(hdev);
7c307720 3975
66ea9427
JP		 3976 if (!hdev_is_powered(hdev)) {
3977 err = cmd_complete(sk, hdev->id,
3978 MGMT_OP_START_SERVICE_DISCOVERY,
3979 MGMT_STATUS_NOT_POWERED,
3980 &cp->type, sizeof(cp->type));
3981 goto failed;
3982 }
7c307720 3983
66ea9427
JP		 3984 if (hdev->discovery.state != DISCOVERY_STOPPED ||
3985 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3986 err = cmd_complete(sk, hdev->id,
3987 MGMT_OP_START_SERVICE_DISCOVERY,
3988 MGMT_STATUS_BUSY, &cp->type,
3989 sizeof(cp->type));
3990 goto failed;
3991 }
d9483943 3992
66ea9427
JP		 3993 uuid_count = __le16_to_cpu(cp->uuid_count);
3994 if (uuid_count > max_uuid_count) {
3995 BT_ERR("service_discovery: too big uuid_count value %u",
3996 uuid_count);
3997 err = cmd_complete(sk, hdev->id,
3998 MGMT_OP_START_SERVICE_DISCOVERY,
3999 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4000 sizeof(cp->type));
4001 goto failed;
4002 }
4003
4004 expected_len = sizeof(*cp) + uuid_count * 16;
4005 if (expected_len != len) {
4006 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4007 expected_len, len);
4008 err = cmd_complete(sk, hdev->id,
4009 MGMT_OP_START_SERVICE_DISCOVERY,
4010 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4011 sizeof(cp->type));
4012 goto failed;
4013 }
4014
4015 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4016 hdev, data, len);
66ea9427
JP		 4017 if (!cmd) {
4018 err = -ENOMEM;
4019 goto failed;
4020 }
4021
2922a94f
JH		 4022 cmd->cmd_complete = service_discovery_cmd_complete;
4023
22078800
MH		 4024 /* Clear the discovery filter first to free any previously
4025 * allocated memory for the UUID list.
4026 */
4027 hci_discovery_filter_clear(hdev);
4028
66ea9427
JP		 4029 hdev->discovery.type = cp->type;
4030 hdev->discovery.rssi = cp->rssi;
4031 hdev->discovery.uuid_count = uuid_count;
4032
4033 if (uuid_count > 0) {
4034 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4035 GFP_KERNEL);
4036 if (!hdev->discovery.uuids) {
a736abc1 4037 err = cmd_complete(sk, hdev->id,
66ea9427 4038 MGMT_OP_START_SERVICE_DISCOVERY,
a736abc1
SJ		 4039 MGMT_STATUS_FAILED,
4040 &cp->type, sizeof(cp->type));
d9483943
JH		 4041 mgmt_pending_remove(cmd);
4042 goto failed;
4043 }
66ea9427 4044 }
d9483943 4045
66ea9427 4046 hci_req_init(&req, hdev);
5e0452c0 4047
66ea9427
JP		 4048 if (!trigger_discovery(&req, &status)) {
4049 err = cmd_complete(sk, hdev->id,
4050 MGMT_OP_START_SERVICE_DISCOVERY,
4051 status, &cp->type, sizeof(cp->type));
04106755
JH		 4052 mgmt_pending_remove(cmd);
4053 goto failed;
f39799f5 4054 }
3fd24153 4055
7c307720 4056 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4057 if (err < 0) {
14a53664 4058 mgmt_pending_remove(cmd);
66ea9427
JP		 4059 goto failed;
4060 }
4061
4062 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4063
4064failed:
09fd0de5 4065 hci_dev_unlock(hdev);
14a53664
JH		 4066 return err;
4067}
4068
1904a853 4069static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca
AG		 4070{
4071 struct pending_cmd *cmd;
1183fdca 4072
0e05bba6
AG		 4073 BT_DBG("status %d", status);
4074
4075 hci_dev_lock(hdev);
4076
11e6e25d
MH		 4077 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4078 if (cmd) {
2922a94f 4079 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4080 mgmt_pending_remove(cmd);
0e05bba6
AG		 4081 }
4082
11e6e25d
MH		 4083 if (!status)
4084 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4085
0e05bba6
AG		 4086 hci_dev_unlock(hdev);
4087}
4088
bdb6d971 4089static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4090 u16 len)
14a53664 4091{
d930650b 4092 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 4093 struct pending_cmd *cmd;
0e05bba6 4094 struct hci_request req;
14a53664
JH		 4095 int err;
4096
bdb6d971 4097 BT_DBG("%s", hdev->name);
14a53664 4098
09fd0de5 4099 hci_dev_lock(hdev);
14a53664 4100
30dc78e1 4101 if (!hci_discovery_active(hdev)) {
bdb6d971 4102 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4103 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4104 sizeof(mgmt_cp->type));
d930650b
JH		 4105 goto unlock;
4106 }
4107
4108 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 4109 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 4110 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
4111 sizeof(mgmt_cp->type));
30dc78e1 4112 goto unlock;
ff9ef578
JH		 4113 }
4114
2922a94f 4115 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4116 if (!cmd) {
4117 err = -ENOMEM;
30dc78e1
JH		 4118 goto unlock;
4119 }
4120
2922a94f
JH		 4121 cmd->cmd_complete = generic_cmd_complete;
4122
0e05bba6
AG		 4123 hci_req_init(&req, hdev);
4124
21a60d30 4125 hci_stop_discovery(&req);
e0d9727e 4126
21a60d30
JH		 4127 err = hci_req_run(&req, stop_discovery_complete);
4128 if (!err) {
4129 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4130 goto unlock;
14a53664
JH		 4131 }
4132
21a60d30
JH		 4133 mgmt_pending_remove(cmd);
4134
4135 /* If no HCI commands were sent we're done */
4136 if (err == -ENODATA) {
4137 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4138 &mgmt_cp->type, sizeof(mgmt_cp->type));
4139 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4140 }
14a53664 4141
30dc78e1 4142unlock:
09fd0de5 4143 hci_dev_unlock(hdev);
14a53664
JH		 4144 return err;
4145}
4146
bdb6d971 4147static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4148 u16 len)
561aafbc 4149{
650f726d 4150 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4151 struct inquiry_entry *e;
561aafbc
JH		 4152 int err;
4153
bdb6d971 4154 BT_DBG("%s", hdev->name);
561aafbc 4155
561aafbc
JH		 4156 hci_dev_lock(hdev);
4157
30dc78e1 4158 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 4159 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4160 MGMT_STATUS_FAILED, &cp->addr,
4161 sizeof(cp->addr));
30dc78e1
JH		 4162 goto failed;
4163 }
4164
a198e7b1 4165 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4166 if (!e) {
d3a2541d
LR		 4167 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4168 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4169 sizeof(cp->addr));
561aafbc
JH		 4170 goto failed;
4171 }
4172
4173 if (cp->name_known) {
4174 e->name_state = NAME_KNOWN;
4175 list_del(&e->list);
4176 } else {
4177 e->name_state = NAME_NEEDED;
a3d4e20a 4178 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4179 }
4180
e384662b
JH		 4181 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
4182 sizeof(cp->addr));
561aafbc
JH		 4183
4184failed:
4185 hci_dev_unlock(hdev);
561aafbc
JH		 4186 return err;
4187}
4188
bdb6d971 4189static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4190 u16 len)
7fbec224 4191{
650f726d 4192 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4193 u8 status;
7fbec224
AJ		 4194 int err;
4195
bdb6d971 4196 BT_DBG("%s", hdev->name);
7fbec224 4197
4ee71b20 4198 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4199 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4200 MGMT_STATUS_INVALID_PARAMS,
4201 &cp->addr, sizeof(cp->addr));
4ee71b20 4202
09fd0de5 4203 hci_dev_lock(hdev);
5e762444 4204
dcc36c16
JH		 4205 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4206 cp->addr.type);
2a8357f2 4207 if (err < 0) {
f0eeea8b 4208 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4209 goto done;
4210 }
4211
4212 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4213 sk);
4214 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4215
2a8357f2 4216done:
bdb6d971 4217 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 4218 &cp->addr, sizeof(cp->addr));
5e762444 4219
09fd0de5 4220 hci_dev_unlock(hdev);
7fbec224
AJ		 4221
4222 return err;
4223}
4224
bdb6d971 4225static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4226 u16 len)
7fbec224 4227{
650f726d 4228 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4229 u8 status;
7fbec224
AJ		 4230 int err;
4231
bdb6d971 4232 BT_DBG("%s", hdev->name);
7fbec224 4233
4ee71b20 4234 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 4235 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4236 MGMT_STATUS_INVALID_PARAMS,
4237 &cp->addr, sizeof(cp->addr));
4ee71b20 4238
09fd0de5 4239 hci_dev_lock(hdev);
5e762444 4240
dcc36c16
JH		 4241 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4242 cp->addr.type);
2a8357f2 4243 if (err < 0) {
f0eeea8b 4244 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4245 goto done;
4246 }
4247
4248 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4249 sk);
4250 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4251
2a8357f2 4252done:
bdb6d971 4253 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4254 &cp->addr, sizeof(cp->addr));
5e762444 4255
09fd0de5 4256 hci_dev_unlock(hdev);
7fbec224
AJ		 4257
4258 return err;
4259}
4260
cdbaccca
MH		 4261static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4262 u16 len)
4263{
4264 struct mgmt_cp_set_device_id *cp = data;
890ea898 4265 struct hci_request req;
cdbaccca 4266 int err;
c72d4b8a 4267 __u16 source;
cdbaccca
MH		 4268
4269 BT_DBG("%s", hdev->name);
4270
c72d4b8a
SJ		 4271 source = __le16_to_cpu(cp->source);
4272
4273 if (source > 0x0002)
4274 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4275 MGMT_STATUS_INVALID_PARAMS);
4276
cdbaccca
MH		 4277 hci_dev_lock(hdev);
4278
c72d4b8a 4279 hdev->devid_source = source;
cdbaccca
MH		 4280 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4281 hdev->devid_product = __le16_to_cpu(cp->product);
4282 hdev->devid_version = __le16_to_cpu(cp->version);
4283
4284 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4285
890ea898
JH		 4286 hci_req_init(&req, hdev);
4287 update_eir(&req);
4288 hci_req_run(&req, NULL);
cdbaccca
MH		 4289
4290 hci_dev_unlock(hdev);
4291
4292 return err;
4293}
4294
1904a853
MH		 4295static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4296 u16 opcode)
4375f103
JH		 4297{
4298 struct cmd_lookup match = { NULL, hdev };
4299
3ad67582
JK		 4300 hci_dev_lock(hdev);
4301
4375f103
JH		 4302 if (status) {
4303 u8 mgmt_err = mgmt_status(status);
4304
4305 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4306 cmd_status_rsp, &mgmt_err);
3ad67582 4307 goto unlock;
4375f103
JH		 4308 }
4309
c93bd150
JH		 4310 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4311 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4312 else
4313 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4314
4375f103
JH		 4315 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4316 &match);
4317
4318 new_settings(hdev, match.sk);
4319
4320 if (match.sk)
4321 sock_put(match.sk);
3ad67582
JK		 4322
4323unlock:
4324 hci_dev_unlock(hdev);
4375f103
JH		 4325}
4326
21b5187f
MH		 4327static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4328 u16 len)
4375f103
JH		 4329{
4330 struct mgmt_mode *cp = data;
4331 struct pending_cmd *cmd;
4332 struct hci_request req;
e6fe7986 4333 u8 val, enabled, status;
4375f103
JH		 4334 int err;
4335
4336 BT_DBG("request for %s", hdev->name);
4337
e6fe7986
JH		 4338 status = mgmt_le_support(hdev);
4339 if (status)
4375f103 4340 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4341 status);
4375f103
JH		 4342
4343 if (cp->val != 0x00 && cp->val != 0x01)
4344 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4345 MGMT_STATUS_INVALID_PARAMS);
4346
4347 hci_dev_lock(hdev);
4348
4349 val = !!cp->val;
f3d3444a 4350 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4351
f74ca9b8
JH		 4352 /* The following conditions are ones which mean that we should
4353 * not do any HCI communication but directly send a mgmt
4354 * response to user space (after toggling the flag if
4355 * necessary).
4356 */
4357 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4358 hci_conn_num(hdev, LE_LINK) > 0 ||
4359 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4360 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4361 bool changed = false;
4362
f3d3444a
JH		 4363 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4364 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4365 changed = true;
4366 }
4367
4368 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4369 if (err < 0)
4370 goto unlock;
4371
4372 if (changed)
4373 err = new_settings(hdev, sk);
4374
4375 goto unlock;
4376 }
4377
4378 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4379 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4380 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4381 MGMT_STATUS_BUSY);
4382 goto unlock;
4383 }
4384
4385 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4386 if (!cmd) {
4387 err = -ENOMEM;
4388 goto unlock;
4389 }
4390
4391 hci_req_init(&req, hdev);
4392
bba3aa55
MH		 4393 if (val)
4394 enable_advertising(&req);
4395 else
4396 disable_advertising(&req);
4375f103
JH		 4397
4398 err = hci_req_run(&req, set_advertising_complete);
4399 if (err < 0)
4400 mgmt_pending_remove(cmd);
4401
4402unlock:
4403 hci_dev_unlock(hdev);
4404 return err;
4405}
4406
d13eafce
MH		 4407static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4408 void *data, u16 len)
4409{
4410 struct mgmt_cp_set_static_address *cp = data;
4411 int err;
4412
4413 BT_DBG("%s", hdev->name);
4414
62af4443 4415 if (!lmp_le_capable(hdev))
d13eafce 4416 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4417 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4418
4419 if (hdev_is_powered(hdev))
4420 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4421 MGMT_STATUS_REJECTED);
4422
4423 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4424 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4425 return cmd_status(sk, hdev->id,
4426 MGMT_OP_SET_STATIC_ADDRESS,
4427 MGMT_STATUS_INVALID_PARAMS);
4428
4429 /* Two most significant bits shall be set */
4430 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4431 return cmd_status(sk, hdev->id,
4432 MGMT_OP_SET_STATIC_ADDRESS,
4433 MGMT_STATUS_INVALID_PARAMS);
4434 }
4435
4436 hci_dev_lock(hdev);
4437
4438 bacpy(&hdev->static_addr, &cp->bdaddr);
4439
4440 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4441
4442 hci_dev_unlock(hdev);
4443
4444 return err;
4445}
4446
14b49b9a
MH		 4447static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4448 void *data, u16 len)
4449{
4450 struct mgmt_cp_set_scan_params *cp = data;
4451 __u16 interval, window;
4452 int err;
4453
4454 BT_DBG("%s", hdev->name);
4455
4456 if (!lmp_le_capable(hdev))
4457 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4458 MGMT_STATUS_NOT_SUPPORTED);
4459
4460 interval = __le16_to_cpu(cp->interval);
4461
4462 if (interval < 0x0004 || interval > 0x4000)
4463 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4464 MGMT_STATUS_INVALID_PARAMS);
4465
4466 window = __le16_to_cpu(cp->window);
4467
4468 if (window < 0x0004 || window > 0x4000)
4469 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4470 MGMT_STATUS_INVALID_PARAMS);
4471
899e1075
MH		 4472 if (window > interval)
4473 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4474 MGMT_STATUS_INVALID_PARAMS);
4475
14b49b9a
MH		 4476 hci_dev_lock(hdev);
4477
4478 hdev->le_scan_interval = interval;
4479 hdev->le_scan_window = window;
4480
4481 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4482
dd2ef8e2
AG		 4483 /* If background scan is running, restart it so new parameters are
4484 * loaded.
4485 */
4486 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4487 hdev->discovery.state == DISCOVERY_STOPPED) {
4488 struct hci_request req;
4489
4490 hci_req_init(&req, hdev);
4491
4492 hci_req_add_le_scan_disable(&req);
4493 hci_req_add_le_passive_scan(&req);
4494
4495 hci_req_run(&req, NULL);
4496 }
4497
14b49b9a
MH		 4498 hci_dev_unlock(hdev);
4499
4500 return err;
4501}
4502
1904a853
MH		 4503static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4504 u16 opcode)
33e38b3e
JH		 4505{
4506 struct pending_cmd *cmd;
4507
4508 BT_DBG("status 0x%02x", status);
4509
4510 hci_dev_lock(hdev);
4511
4512 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4513 if (!cmd)
4514 goto unlock;
4515
4516 if (status) {
4517 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4518 mgmt_status(status));
4519 } else {
1a4d3c4b
JH		 4520 struct mgmt_mode *cp = cmd->param;
4521
4522 if (cp->val)
4523 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4524 else
4525 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4526
33e38b3e
JH		 4527 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4528 new_settings(hdev, cmd->sk);
4529 }
4530
4531 mgmt_pending_remove(cmd);
4532
4533unlock:
4534 hci_dev_unlock(hdev);
4535}
4536
bdb6d971 4537static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4538 void *data, u16 len)
f6422ec6 4539{
650f726d 4540 struct mgmt_mode *cp = data;
33e38b3e
JH		 4541 struct pending_cmd *cmd;
4542 struct hci_request req;
f6422ec6
AJ		 4543 int err;
4544
bdb6d971 4545 BT_DBG("%s", hdev->name);
f6422ec6 4546
56f87901
JH		 4547 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4548 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4549 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4550 MGMT_STATUS_NOT_SUPPORTED);
4551
a7e80f25
JH		 4552 if (cp->val != 0x00 && cp->val != 0x01)
4553 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4554 MGMT_STATUS_INVALID_PARAMS);
4555
5400c044 4556 if (!hdev_is_powered(hdev))
bdb6d971 4557 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4558 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4559
4560 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4561 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4562 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4563
4564 hci_dev_lock(hdev);
4565
05cbf29f
JH		 4566 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4567 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4568 MGMT_STATUS_BUSY);
4569 goto unlock;
4570 }
4571
1a4d3c4b
JH		 4572 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4573 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4574 hdev);
4575 goto unlock;
4576 }
4577
33e38b3e
JH		 4578 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4579 data, len);
4580 if (!cmd) {
4581 err = -ENOMEM;
4582 goto unlock;
f6422ec6
AJ		 4583 }
4584
33e38b3e
JH		 4585 hci_req_init(&req, hdev);
4586
406d7804 4587 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4588
4589 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4590 if (err < 0) {
bdb6d971 4591 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4592 MGMT_STATUS_FAILED);
33e38b3e 4593 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4594 }
4595
33e38b3e 4596unlock:
f6422ec6 4597 hci_dev_unlock(hdev);
33e38b3e 4598
f6422ec6
AJ		 4599 return err;
4600}
4601
1904a853 4602static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a
JH		 4603{
4604 struct pending_cmd *cmd;
4605
4606 BT_DBG("status 0x%02x", status);
4607
4608 hci_dev_lock(hdev);
4609
4610 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4611 if (!cmd)
4612 goto unlock;
4613
4614 if (status) {
4615 u8 mgmt_err = mgmt_status(status);
4616
4617 /* We need to restore the flag if related HCI commands
4618 * failed.
4619 */
4620 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4621
4622 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4623 } else {
4624 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4625 new_settings(hdev, cmd->sk);
4626 }
4627
4628 mgmt_pending_remove(cmd);
4629
4630unlock:
4631 hci_dev_unlock(hdev);
4632}
4633
4634static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4635{
4636 struct mgmt_mode *cp = data;
4637 struct pending_cmd *cmd;
4638 struct hci_request req;
4639 int err;
4640
4641 BT_DBG("request for %s", hdev->name);
4642
4643 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4644 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4645 MGMT_STATUS_NOT_SUPPORTED);
4646
4647 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4648 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4649 MGMT_STATUS_REJECTED);
4650
4651 if (cp->val != 0x00 && cp->val != 0x01)
4652 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4653 MGMT_STATUS_INVALID_PARAMS);
4654
4655 hci_dev_lock(hdev);
4656
4657 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4658 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4659 goto unlock;
4660 }
4661
4662 if (!hdev_is_powered(hdev)) {
4663 if (!cp->val) {
0663ca2a
JH		 4664 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4665 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4666 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4667 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4668 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4669 }
4670
4671 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4672
4673 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4674 if (err < 0)
4675 goto unlock;
4676
4677 err = new_settings(hdev, sk);
4678 goto unlock;
4679 }
4680
4681 /* Reject disabling when powered on */
4682 if (!cp->val) {
4683 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4684 MGMT_STATUS_REJECTED);
4685 goto unlock;
111e4bcc
MH		 4686 } else {
4687 /* When configuring a dual-mode controller to operate
4688 * with LE only and using a static address, then switching
4689 * BR/EDR back on is not allowed.
4690 *
4691 * Dual-mode controllers shall operate with the public
4692 * address as its identity address for BR/EDR and LE. So
4693 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4694 *
4695 * The same restrictions applies when secure connections
4696 * has been enabled. For BR/EDR this is a controller feature
4697 * while for LE it is a host stack feature. This means that
4698 * switching BR/EDR back on when secure connections has been
4699 * enabled is not a supported transaction.
111e4bcc
MH		 4700 */
4701 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
3a5486e1
MH		 4702 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4703 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
111e4bcc
MH		 4704 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4705 MGMT_STATUS_REJECTED);
4706 goto unlock;
4707 }
0663ca2a
JH		 4708 }
4709
4710 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4711 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4712 MGMT_STATUS_BUSY);
4713 goto unlock;
4714 }
4715
4716 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4717 if (!cmd) {
4718 err = -ENOMEM;
4719 goto unlock;
4720 }
4721
5947f4bc 4722 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4723 * generates the correct flags.
4724 */
4725 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4726
4727 hci_req_init(&req, hdev);
aa8af46e 4728
432df05e 4729 write_fast_connectable(&req, false);
1d2dc5b7 4730 __hci_update_page_scan(&req);
aa8af46e 4731
f14d8f64
MH		 4732 /* Since only the advertising data flags will change, there
4733 * is no need to update the scan response data.
4734 */
5947f4bc 4735 update_adv_data(&req);
aa8af46e 4736
0663ca2a
JH		 4737 err = hci_req_run(&req, set_bredr_complete);
4738 if (err < 0)
4739 mgmt_pending_remove(cmd);
4740
4741unlock:
4742 hci_dev_unlock(hdev);
4743 return err;
4744}
4745
eac83dc6
MH		 4746static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4747 void *data, u16 len)
4748{
4749 struct mgmt_mode *cp = data;
4750 struct pending_cmd *cmd;
a3209694 4751 u8 val;
eac83dc6
MH		 4752 int err;
4753
4754 BT_DBG("request for %s", hdev->name);
4755
05b3c3e7
MH		 4756 if (!lmp_sc_capable(hdev) &&
4757 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
eac83dc6
MH		 4758 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4759 MGMT_STATUS_NOT_SUPPORTED);
4760
0ab04a9c 4761 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4762 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4763 MGMT_STATUS_INVALID_PARAMS);
4764
4765 hci_dev_lock(hdev);
4766
05b3c3e7 4767 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
a3209694 4768 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4769 bool changed;
4770
0ab04a9c 4771 if (cp->val) {
eac83dc6
MH		 4772 changed = !test_and_set_bit(HCI_SC_ENABLED,
4773 &hdev->dev_flags);
0ab04a9c
MH		 4774 if (cp->val == 0x02)
4775 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4776 else
4777 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4778 } else {
eac83dc6
MH		 4779 changed = test_and_clear_bit(HCI_SC_ENABLED,
4780 &hdev->dev_flags);
0ab04a9c
MH		 4781 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4782 }
eac83dc6
MH		 4783
4784 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4785 if (err < 0)
4786 goto failed;
4787
4788 if (changed)
4789 err = new_settings(hdev, sk);
4790
4791 goto failed;
4792 }
4793
4794 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4795 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4796 MGMT_STATUS_BUSY);
4797 goto failed;
4798 }
4799
0ab04a9c
MH		 4800 val = !!cp->val;
4801
4802 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4803 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4804 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4805 goto failed;
4806 }
4807
4808 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4809 if (!cmd) {
4810 err = -ENOMEM;
4811 goto failed;
4812 }
4813
0ab04a9c 4814 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4815 if (err < 0) {
4816 mgmt_pending_remove(cmd);
4817 goto failed;
4818 }
4819
0ab04a9c
MH		 4820 if (cp->val == 0x02)
4821 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4822 else
4823 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4824
eac83dc6
MH		 4825failed:
4826 hci_dev_unlock(hdev);
4827 return err;
4828}
4829
4e39ac81
MH		 4830static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4831 void *data, u16 len)
4832{
4833 struct mgmt_mode *cp = data;
b9710979 4834 bool changed, use_changed;
4e39ac81
MH		 4835 int err;
4836
4837 BT_DBG("request for %s", hdev->name);
4838
b9710979 4839 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4840 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4841 MGMT_STATUS_INVALID_PARAMS);
4842
4843 hci_dev_lock(hdev);
4844
4845 if (cp->val)
0663b297
JH		 4846 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4847 &hdev->dev_flags);
4e39ac81 4848 else
0663b297
JH		 4849 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4850 &hdev->dev_flags);
4e39ac81 4851
b9710979
JH		 4852 if (cp->val == 0x02)
4853 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4854 &hdev->dev_flags);
4855 else
4856 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4857 &hdev->dev_flags);
4858
4859 if (hdev_is_powered(hdev) && use_changed &&
4860 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4861 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4862 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4863 sizeof(mode), &mode);
4864 }
4865
4e39ac81
MH		 4866 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4867 if (err < 0)
4868 goto unlock;
4869
4870 if (changed)
4871 err = new_settings(hdev, sk);
4872
4873unlock:
4874 hci_dev_unlock(hdev);
4875 return err;
4876}
4877
62b04cd1
JH		 4878static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4879 u16 len)
4880{
4881 struct mgmt_cp_set_privacy *cp = cp_data;
4882 bool changed;
4883 int err;
4884
4885 BT_DBG("request for %s", hdev->name);
4886
4887 if (!lmp_le_capable(hdev))
4888 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4889 MGMT_STATUS_NOT_SUPPORTED);
4890
4891 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4892 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4893 MGMT_STATUS_INVALID_PARAMS);
4894
4895 if (hdev_is_powered(hdev))
4896 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4897 MGMT_STATUS_REJECTED);
4898
4899 hci_dev_lock(hdev);
4900
c21c0ea0
JH		 4901 /* If user space supports this command it is also expected to
4902 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4903 */
4904 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4905
62b04cd1
JH		 4906 if (cp->privacy) {
4907 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4908 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4909 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4910 } else {
4911 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4912 memset(hdev->irk, 0, sizeof(hdev->irk));
4913 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4914 }
4915
4916 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4917 if (err < 0)
4918 goto unlock;
4919
4920 if (changed)
4921 err = new_settings(hdev, sk);
4922
4923unlock:
4924 hci_dev_unlock(hdev);
4925 return err;
4926}
4927
41edf160
JH		 4928static bool irk_is_valid(struct mgmt_irk_info *irk)
4929{
4930 switch (irk->addr.type) {
4931 case BDADDR_LE_PUBLIC:
4932 return true;
4933
4934 case BDADDR_LE_RANDOM:
4935 /* Two most significant bits shall be set */
4936 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4937 return false;
4938 return true;
4939 }
4940
4941 return false;
4942}
4943
4944static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4945 u16 len)
4946{
4947 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4948 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4949 sizeof(struct mgmt_irk_info));
41edf160
JH		 4950 u16 irk_count, expected_len;
4951 int i, err;
4952
4953 BT_DBG("request for %s", hdev->name);
4954
4955 if (!lmp_le_capable(hdev))
4956 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4957 MGMT_STATUS_NOT_SUPPORTED);
4958
4959 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4960 if (irk_count > max_irk_count) {
4961 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4962 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4963 MGMT_STATUS_INVALID_PARAMS);
4964 }
41edf160
JH		 4965
4966 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4967 if (expected_len != len) {
4968 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4969 expected_len, len);
41edf160
JH		 4970 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4971 MGMT_STATUS_INVALID_PARAMS);
4972 }
4973
4974 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4975
4976 for (i = 0; i < irk_count; i++) {
4977 struct mgmt_irk_info *key = &cp->irks[i];
4978
4979 if (!irk_is_valid(key))
4980 return cmd_status(sk, hdev->id,
4981 MGMT_OP_LOAD_IRKS,
4982 MGMT_STATUS_INVALID_PARAMS);
4983 }
4984
4985 hci_dev_lock(hdev);
4986
4987 hci_smp_irks_clear(hdev);
4988
4989 for (i = 0; i < irk_count; i++) {
4990 struct mgmt_irk_info *irk = &cp->irks[i];
4991 u8 addr_type;
4992
4993 if (irk->addr.type == BDADDR_LE_PUBLIC)
4994 addr_type = ADDR_LE_DEV_PUBLIC;
4995 else
4996 addr_type = ADDR_LE_DEV_RANDOM;
4997
4998 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4999 BDADDR_ANY);
5000 }
5001
5002 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5003
5004 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
5005
5006 hci_dev_unlock(hdev);
5007
5008 return err;
5009}
5010
3f706b72
JH		 5011static bool ltk_is_valid(struct mgmt_ltk_info *key)
5012{
5013 if (key->master != 0x00 && key->master != 0x01)
5014 return false;
490cb0b3
MH		 5015
5016 switch (key->addr.type) {
5017 case BDADDR_LE_PUBLIC:
5018 return true;
5019
5020 case BDADDR_LE_RANDOM:
5021 /* Two most significant bits shall be set */
5022 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5023 return false;
5024 return true;
5025 }
5026
5027 return false;
3f706b72
JH		 5028}
5029
bdb6d971 5030static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5031 void *cp_data, u16 len)
346af67b 5032{
346af67b 5033 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5034 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5035 sizeof(struct mgmt_ltk_info));
346af67b 5036 u16 key_count, expected_len;
715a5bf2 5037 int i, err;
346af67b 5038
cf99ba13
MH		 5039 BT_DBG("request for %s", hdev->name);
5040
5041 if (!lmp_le_capable(hdev))
5042 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5043 MGMT_STATUS_NOT_SUPPORTED);
5044
1f350c87 5045 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5046 if (key_count > max_key_count) {
5047 BT_ERR("load_ltks: too big key_count value %u", key_count);
5048 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5049 MGMT_STATUS_INVALID_PARAMS);
5050 }
346af67b
VCG		 5051
5052 expected_len = sizeof(*cp) + key_count *
5053 sizeof(struct mgmt_ltk_info);
5054 if (expected_len != len) {
5055 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5056 expected_len, len);
bdb6d971 5057 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 5058 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5059 }
5060
bdb6d971 5061 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5062
54ad6d8a
JH		 5063 for (i = 0; i < key_count; i++) {
5064 struct mgmt_ltk_info *key = &cp->keys[i];
5065
3f706b72 5066 if (!ltk_is_valid(key))
54ad6d8a
JH		 5067 return cmd_status(sk, hdev->id,
5068 MGMT_OP_LOAD_LONG_TERM_KEYS,
5069 MGMT_STATUS_INVALID_PARAMS);
5070 }
5071
346af67b
VCG		 5072 hci_dev_lock(hdev);
5073
5074 hci_smp_ltks_clear(hdev);
5075
5076 for (i = 0; i < key_count; i++) {
5077 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5078 u8 type, addr_type, authenticated;
79d95a19
MH		 5079
5080 if (key->addr.type == BDADDR_LE_PUBLIC)
5081 addr_type = ADDR_LE_DEV_PUBLIC;
5082 else
5083 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5084
61b43357
JH		 5085 switch (key->type) {
5086 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5087 authenticated = 0x00;
23fb8de3 5088 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5089 break;
5090 case MGMT_LTK_AUTHENTICATED:
d7b25450 5091 authenticated = 0x01;
23fb8de3
JH		 5092 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5093 break;
5094 case MGMT_LTK_P256_UNAUTH:
5095 authenticated = 0x00;
5096 type = SMP_LTK_P256;
61b43357 5097 break;
23fb8de3
JH		 5098 case MGMT_LTK_P256_AUTH:
5099 authenticated = 0x01;
5100 type = SMP_LTK_P256;
61b43357 5101 break;
23fb8de3
JH		 5102 case MGMT_LTK_P256_DEBUG:
5103 authenticated = 0x00;
5104 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5105 default:
5106 continue;
5107 }
d7b25450 5108
35d70271 5109 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5110 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5111 key->rand);
346af67b
VCG		 5112 }
5113
715a5bf2
JH		 5114 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
5115 NULL, 0);
5116
346af67b 5117 hci_dev_unlock(hdev);
346af67b 5118
715a5bf2 5119 return err;
346af67b
VCG		 5120}
5121
9df74653 5122static int conn_info_cmd_complete(struct pending_cmd *cmd, u8 status)
dd983808 5123{
dd983808 5124 struct hci_conn *conn = cmd->user_data;
9981bdb0 5125 struct mgmt_rp_get_conn_info rp;
9df74653 5126 int err;
dd983808 5127
9981bdb0 5128 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5129
9981bdb0 5130 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5131 rp.rssi = conn->rssi;
9981bdb0
JH		 5132 rp.tx_power = conn->tx_power;
5133 rp.max_tx_power = conn->max_tx_power;
5134 } else {
5135 rp.rssi = HCI_RSSI_INVALID;
5136 rp.tx_power = HCI_TX_POWER_INVALID;
5137 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5138 }
5139
9df74653
JH		 5140 err = cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
5141 &rp, sizeof(rp));
dd983808
AK		 5142
5143 hci_conn_drop(conn);
f8aaf9b6 5144 hci_conn_put(conn);
9df74653
JH		 5145
5146 return err;
dd983808
AK		 5147}
5148
1904a853
MH		 5149static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5150 u16 opcode)
dd983808
AK		 5151{
5152 struct hci_cp_read_rssi *cp;
9981bdb0 5153 struct pending_cmd *cmd;
dd983808 5154 struct hci_conn *conn;
dd983808 5155 u16 handle;
9981bdb0 5156 u8 status;
dd983808 5157
9981bdb0 5158 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5159
5160 hci_dev_lock(hdev);
5161
dd983808
AK		 5162 /* Commands sent in request are either Read RSSI or Read Transmit Power
5163 * Level so we check which one was last sent to retrieve connection
5164 * handle. Both commands have handle as first parameter so it's safe to
5165 * cast data on the same command struct.
5166 *
5167 * First command sent is always Read RSSI and we fail only if it fails.
5168 * In other case we simply override error to indicate success as we
5169 * already remembered if TX power value is actually valid.
5170 */
5171 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5172 if (!cp) {
5173 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5174 status = MGMT_STATUS_SUCCESS;
5175 } else {
5176 status = mgmt_status(hci_status);
dd983808
AK		 5177 }
5178
5179 if (!cp) {
9981bdb0 5180 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5181 goto unlock;
5182 }
5183
5184 handle = __le16_to_cpu(cp->handle);
5185 conn = hci_conn_hash_lookup_handle(hdev, handle);
5186 if (!conn) {
9981bdb0 5187 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5188 goto unlock;
5189 }
5190
9981bdb0
JH		 5191 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5192 if (!cmd)
5193 goto unlock;
dd983808 5194
9981bdb0
JH		 5195 cmd->cmd_complete(cmd, status);
5196 mgmt_pending_remove(cmd);
dd983808
AK		 5197
5198unlock:
5199 hci_dev_unlock(hdev);
5200}
5201
5202static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5203 u16 len)
5204{
5205 struct mgmt_cp_get_conn_info *cp = data;
5206 struct mgmt_rp_get_conn_info rp;
5207 struct hci_conn *conn;
5208 unsigned long conn_info_age;
5209 int err = 0;
5210
5211 BT_DBG("%s", hdev->name);
5212
5213 memset(&rp, 0, sizeof(rp));
5214 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5215 rp.addr.type = cp->addr.type;
5216
5217 if (!bdaddr_type_is_valid(cp->addr.type))
5218 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5219 MGMT_STATUS_INVALID_PARAMS,
5220 &rp, sizeof(rp));
5221
5222 hci_dev_lock(hdev);
5223
5224 if (!hdev_is_powered(hdev)) {
5225 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5226 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5227 goto unlock;
5228 }
5229
5230 if (cp->addr.type == BDADDR_BREDR)
5231 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5232 &cp->addr.bdaddr);
5233 else
5234 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5235
5236 if (!conn || conn->state != BT_CONNECTED) {
5237 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5238 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
5239 goto unlock;
5240 }
5241
9981bdb0
JH		 5242 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
5243 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5244 MGMT_STATUS_BUSY, &rp, sizeof(rp));
5245 goto unlock;
5246 }
5247
dd983808
AK		 5248 /* To avoid client trying to guess when to poll again for information we
5249 * calculate conn info age as random value between min/max set in hdev.
5250 */
5251 conn_info_age = hdev->conn_info_min_age +
5252 prandom_u32_max(hdev->conn_info_max_age -
5253 hdev->conn_info_min_age);
5254
5255 /* Query controller to refresh cached values if they are too old or were
5256 * never read.
5257 */
f4e2dd53
AK		 5258 if (time_after(jiffies, conn->conn_info_timestamp +
5259 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5260 !conn->conn_info_timestamp) {
5261 struct hci_request req;
5262 struct hci_cp_read_tx_power req_txp_cp;
5263 struct hci_cp_read_rssi req_rssi_cp;
5264 struct pending_cmd *cmd;
5265
5266 hci_req_init(&req, hdev);
5267 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5268 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5269 &req_rssi_cp);
5270
f7faab0c
AK		 5271 /* For LE links TX power does not change thus we don't need to
5272 * query for it once value is known.
5273 */
5274 if (!bdaddr_type_is_le(cp->addr.type) ||
5275 conn->tx_power == HCI_TX_POWER_INVALID) {
5276 req_txp_cp.handle = cpu_to_le16(conn->handle);
5277 req_txp_cp.type = 0x00;
5278 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5279 sizeof(req_txp_cp), &req_txp_cp);
5280 }
dd983808 5281
eed5daf3
AK		 5282 /* Max TX power needs to be read only once per connection */
5283 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5284 req_txp_cp.handle = cpu_to_le16(conn->handle);
5285 req_txp_cp.type = 0x01;
5286 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5287 sizeof(req_txp_cp), &req_txp_cp);
5288 }
5289
dd983808
AK		 5290 err = hci_req_run(&req, conn_info_refresh_complete);
5291 if (err < 0)
5292 goto unlock;
5293
5294 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5295 data, len);
5296 if (!cmd) {
5297 err = -ENOMEM;
5298 goto unlock;
5299 }
5300
5301 hci_conn_hold(conn);
f8aaf9b6 5302 cmd->user_data = hci_conn_get(conn);
9981bdb0 5303 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5304
5305 conn->conn_info_timestamp = jiffies;
5306 } else {
5307 /* Cache is valid, just reply with values cached in hci_conn */
5308 rp.rssi = conn->rssi;
5309 rp.tx_power = conn->tx_power;
eed5daf3 5310 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5311
5312 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5313 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5314 }
5315
5316unlock:
5317 hci_dev_unlock(hdev);
5318 return err;
5319}
5320
9df74653 5321static int clock_info_cmd_complete(struct pending_cmd *cmd, u8 status)
95868426 5322{
69487371 5323 struct hci_conn *conn = cmd->user_data;
95868426 5324 struct mgmt_rp_get_clock_info rp;
69487371 5325 struct hci_dev *hdev;
9df74653 5326 int err;
69487371
JH		 5327
5328 memset(&rp, 0, sizeof(rp));
5329 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5330
5331 if (status)
5332 goto complete;
5333
5334 hdev = hci_dev_get(cmd->index);
5335 if (hdev) {
5336 rp.local_clock = cpu_to_le32(hdev->clock);
5337 hci_dev_put(hdev);
5338 }
5339
5340 if (conn) {
5341 rp.piconet_clock = cpu_to_le32(conn->clock);
5342 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5343 }
5344
5345complete:
9df74653
JH		 5346 err = cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5347 sizeof(rp));
69487371
JH		 5348
5349 if (conn) {
5350 hci_conn_drop(conn);
5351 hci_conn_put(conn);
5352 }
9df74653
JH		 5353
5354 return err;
69487371
JH		 5355}
5356
1904a853 5357static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5358{
95868426
JH		 5359 struct hci_cp_read_clock *hci_cp;
5360 struct pending_cmd *cmd;
5361 struct hci_conn *conn;
5362
5363 BT_DBG("%s status %u", hdev->name, status);
5364
5365 hci_dev_lock(hdev);
5366
5367 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5368 if (!hci_cp)
5369 goto unlock;
5370
5371 if (hci_cp->which) {
5372 u16 handle = __le16_to_cpu(hci_cp->handle);
5373 conn = hci_conn_hash_lookup_handle(hdev, handle);
5374 } else {
5375 conn = NULL;
5376 }
5377
5378 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5379 if (!cmd)
5380 goto unlock;
5381
69487371 5382 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5383 mgmt_pending_remove(cmd);
95868426
JH		 5384
5385unlock:
5386 hci_dev_unlock(hdev);
5387}
5388
5389static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5390 u16 len)
5391{
5392 struct mgmt_cp_get_clock_info *cp = data;
5393 struct mgmt_rp_get_clock_info rp;
5394 struct hci_cp_read_clock hci_cp;
5395 struct pending_cmd *cmd;
5396 struct hci_request req;
5397 struct hci_conn *conn;
5398 int err;
5399
5400 BT_DBG("%s", hdev->name);
5401
5402 memset(&rp, 0, sizeof(rp));
5403 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5404 rp.addr.type = cp->addr.type;
5405
5406 if (cp->addr.type != BDADDR_BREDR)
5407 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5408 MGMT_STATUS_INVALID_PARAMS,
5409 &rp, sizeof(rp));
5410
5411 hci_dev_lock(hdev);
5412
5413 if (!hdev_is_powered(hdev)) {
5414 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5415 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5416 goto unlock;
5417 }
5418
5419 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5420 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5421 &cp->addr.bdaddr);
5422 if (!conn || conn->state != BT_CONNECTED) {
5423 err = cmd_complete(sk, hdev->id,
5424 MGMT_OP_GET_CLOCK_INFO,
5425 MGMT_STATUS_NOT_CONNECTED,
5426 &rp, sizeof(rp));
5427 goto unlock;
5428 }
5429 } else {
5430 conn = NULL;
5431 }
5432
5433 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5434 if (!cmd) {
5435 err = -ENOMEM;
5436 goto unlock;
5437 }
5438
69487371
JH		 5439 cmd->cmd_complete = clock_info_cmd_complete;
5440
95868426
JH		 5441 hci_req_init(&req, hdev);
5442
5443 memset(&hci_cp, 0, sizeof(hci_cp));
5444 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5445
5446 if (conn) {
5447 hci_conn_hold(conn);
f8aaf9b6 5448 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5449
5450 hci_cp.handle = cpu_to_le16(conn->handle);
5451 hci_cp.which = 0x01; /* Piconet clock */
5452 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5453 }
5454
5455 err = hci_req_run(&req, get_clock_info_complete);
5456 if (err < 0)
5457 mgmt_pending_remove(cmd);
5458
5459unlock:
5460 hci_dev_unlock(hdev);
5461 return err;
5462}
5463
5a154e6f
JH		 5464static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5465{
5466 struct hci_conn *conn;
5467
5468 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5469 if (!conn)
5470 return false;
5471
5472 if (conn->dst_type != type)
5473 return false;
5474
5475 if (conn->state != BT_CONNECTED)
5476 return false;
5477
5478 return true;
5479}
5480
5481/* This function requires the caller holds hdev->lock */
5482static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5483 u8 addr_type, u8 auto_connect)
5484{
5485 struct hci_dev *hdev = req->hdev;
5486 struct hci_conn_params *params;
5487
5488 params = hci_conn_params_add(hdev, addr, addr_type);
5489 if (!params)
5490 return -EIO;
5491
5492 if (params->auto_connect == auto_connect)
5493 return 0;
5494
5495 list_del_init(&params->action);
5496
5497 switch (auto_connect) {
5498 case HCI_AUTO_CONN_DISABLED:
5499 case HCI_AUTO_CONN_LINK_LOSS:
5500 __hci_update_background_scan(req);
5501 break;
5502 case HCI_AUTO_CONN_REPORT:
5503 list_add(&params->action, &hdev->pend_le_reports);
5504 __hci_update_background_scan(req);
5505 break;
5506 case HCI_AUTO_CONN_DIRECT:
5507 case HCI_AUTO_CONN_ALWAYS:
5508 if (!is_connected(hdev, addr, addr_type)) {
5509 list_add(&params->action, &hdev->pend_le_conns);
5510 __hci_update_background_scan(req);
5511 }
5512 break;
5513 }
5514
5515 params->auto_connect = auto_connect;
5516
5517 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5518 auto_connect);
5519
5520 return 0;
5521}
5522
8afef092
MH		 5523static void device_added(struct sock *sk, struct hci_dev *hdev,
5524 bdaddr_t *bdaddr, u8 type, u8 action)
5525{
5526 struct mgmt_ev_device_added ev;
5527
5528 bacpy(&ev.addr.bdaddr, bdaddr);
5529 ev.addr.type = type;
5530 ev.action = action;
5531
5532 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5533}
5534
1904a853 5535static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f
JH		 5536{
5537 struct pending_cmd *cmd;
5538
5539 BT_DBG("status 0x%02x", status);
5540
5541 hci_dev_lock(hdev);
5542
5543 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5544 if (!cmd)
5545 goto unlock;
5546
5547 cmd->cmd_complete(cmd, mgmt_status(status));
5548 mgmt_pending_remove(cmd);
5549
5550unlock:
5551 hci_dev_unlock(hdev);
5552}
5553
2faade53
MH		 5554static int add_device(struct sock *sk, struct hci_dev *hdev,
5555 void *data, u16 len)
5556{
5557 struct mgmt_cp_add_device *cp = data;
5a154e6f
JH		 5558 struct pending_cmd *cmd;
5559 struct hci_request req;
2faade53
MH		 5560 u8 auto_conn, addr_type;
5561 int err;
5562
5563 BT_DBG("%s", hdev->name);
5564
6659358e 5565 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53
MH		 5566 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5567 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5568 MGMT_STATUS_INVALID_PARAMS,
5569 &cp->addr, sizeof(cp->addr));
5570
4b9e7e75 5571 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2faade53
MH		 5572 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5573 MGMT_STATUS_INVALID_PARAMS,
5574 &cp->addr, sizeof(cp->addr));
5575
5a154e6f
JH		 5576 hci_req_init(&req, hdev);
5577
2faade53
MH		 5578 hci_dev_lock(hdev);
5579
5a154e6f
JH		 5580 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5581 if (!cmd) {
5582 err = -ENOMEM;
5583 goto unlock;
5584 }
5585
5586 cmd->cmd_complete = addr_cmd_complete;
5587
6659358e 5588 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5589 /* Only incoming connections action is supported for now */
6659358e 5590 if (cp->action != 0x01) {
9df74653
JH		 5591 err = cmd->cmd_complete(cmd,
5592 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5593 mgmt_pending_remove(cmd);
6659358e
JH		 5594 goto unlock;
5595 }
5596
5597 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5598 cp->addr.type);
5599 if (err)
5600 goto unlock;
a397407f 5601
5a154e6f 5602 __hci_update_page_scan(&req);
a397407f 5603
6659358e
JH		 5604 goto added;
5605 }
5606
2faade53
MH		 5607 if (cp->addr.type == BDADDR_LE_PUBLIC)
5608 addr_type = ADDR_LE_DEV_PUBLIC;
5609 else
5610 addr_type = ADDR_LE_DEV_RANDOM;
5611
4b9e7e75 5612 if (cp->action == 0x02)
2faade53 5613 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5614 else if (cp->action == 0x01)
5615 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5616 else
a3451d27 5617 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5618
bf5b3c8b
MH		 5619 /* If the connection parameters don't exist for this device,
5620 * they will be created and configured with defaults.
5621 */
5a154e6f 5622 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5623 auto_conn) < 0) {
9df74653 5624 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5625 mgmt_pending_remove(cmd);
2faade53
MH		 5626 goto unlock;
5627 }
5628
6659358e 5629added:
8afef092
MH		 5630 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5631
5a154e6f
JH		 5632 err = hci_req_run(&req, add_device_complete);
5633 if (err < 0) {
5634 /* ENODATA means no HCI commands were needed (e.g. if
5635 * the adapter is powered off).
5636 */
9df74653
JH		 5637 if (err == -ENODATA)
5638 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5639 mgmt_pending_remove(cmd);
5640 }
2faade53
MH		 5641
5642unlock:
5643 hci_dev_unlock(hdev);
5644 return err;
5645}
5646
8afef092
MH		 5647static void device_removed(struct sock *sk, struct hci_dev *hdev,
5648 bdaddr_t *bdaddr, u8 type)
5649{
5650 struct mgmt_ev_device_removed ev;
5651
5652 bacpy(&ev.addr.bdaddr, bdaddr);
5653 ev.addr.type = type;
5654
5655 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5656}
5657
1904a853 5658static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe
JH		 5659{
5660 struct pending_cmd *cmd;
5661
5662 BT_DBG("status 0x%02x", status);
5663
5664 hci_dev_lock(hdev);
5665
5666 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5667 if (!cmd)
5668 goto unlock;
5669
5670 cmd->cmd_complete(cmd, mgmt_status(status));
5671 mgmt_pending_remove(cmd);
5672
5673unlock:
5674 hci_dev_unlock(hdev);
5675}
5676
2faade53
MH		 5677static int remove_device(struct sock *sk, struct hci_dev *hdev,
5678 void *data, u16 len)
5679{
5680 struct mgmt_cp_remove_device *cp = data;
51ef3ebe
JH		 5681 struct pending_cmd *cmd;
5682 struct hci_request req;
2faade53
MH		 5683 int err;
5684
5685 BT_DBG("%s", hdev->name);
5686
51ef3ebe
JH		 5687 hci_req_init(&req, hdev);
5688
2faade53
MH		 5689 hci_dev_lock(hdev);
5690
51ef3ebe
JH		 5691 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5692 if (!cmd) {
5693 err = -ENOMEM;
5694 goto unlock;
5695 }
5696
5697 cmd->cmd_complete = addr_cmd_complete;
5698
2faade53 5699 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5700 struct hci_conn_params *params;
2faade53
MH		 5701 u8 addr_type;
5702
6659358e 5703 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5704 err = cmd->cmd_complete(cmd,
5705 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5706 mgmt_pending_remove(cmd);
2faade53
MH		 5707 goto unlock;
5708 }
5709
6659358e
JH		 5710 if (cp->addr.type == BDADDR_BREDR) {
5711 err = hci_bdaddr_list_del(&hdev->whitelist,
5712 &cp->addr.bdaddr,
5713 cp->addr.type);
5714 if (err) {
9df74653
JH		 5715 err = cmd->cmd_complete(cmd,
5716 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5717 mgmt_pending_remove(cmd);
6659358e
JH		 5718 goto unlock;
5719 }
5720
51ef3ebe 5721 __hci_update_page_scan(&req);
a397407f 5722
6659358e
JH		 5723 device_removed(sk, hdev, &cp->addr.bdaddr,
5724 cp->addr.type);
5725 goto complete;
5726 }
5727
2faade53
MH		 5728 if (cp->addr.type == BDADDR_LE_PUBLIC)
5729 addr_type = ADDR_LE_DEV_PUBLIC;
5730 else
5731 addr_type = ADDR_LE_DEV_RANDOM;
5732
c71593dd
JH		 5733 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5734 addr_type);
5735 if (!params) {
9df74653
JH		 5736 err = cmd->cmd_complete(cmd,
5737 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5738 mgmt_pending_remove(cmd);
c71593dd
JH		 5739 goto unlock;
5740 }
5741
5742 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5743 err = cmd->cmd_complete(cmd,
5744 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5745 mgmt_pending_remove(cmd);
c71593dd
JH		 5746 goto unlock;
5747 }
5748
d1dbf12e 5749 list_del(&params->action);
c71593dd
JH		 5750 list_del(&params->list);
5751 kfree(params);
51ef3ebe 5752 __hci_update_background_scan(&req);
8afef092
MH		 5753
5754 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5755 } else {
19de0825 5756 struct hci_conn_params *p, *tmp;
6659358e 5757 struct bdaddr_list *b, *btmp;
19de0825 5758
2faade53 5759 if (cp->addr.type) {
9df74653
JH		 5760 err = cmd->cmd_complete(cmd,
5761 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5762 mgmt_pending_remove(cmd);
2faade53
MH		 5763 goto unlock;
5764 }
5765
6659358e
JH		 5766 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5767 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5768 list_del(&b->list);
5769 kfree(b);
5770 }
5771
51ef3ebe 5772 __hci_update_page_scan(&req);
a397407f 5773
19de0825
JH		 5774 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5775 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5776 continue;
5777 device_removed(sk, hdev, &p->addr, p->addr_type);
5778 list_del(&p->action);
5779 list_del(&p->list);
5780 kfree(p);
5781 }
5782
5783 BT_DBG("All LE connection parameters were removed");
5784
51ef3ebe 5785 __hci_update_background_scan(&req);
2faade53
MH		 5786 }
5787
6659358e 5788complete:
51ef3ebe
JH		 5789 err = hci_req_run(&req, remove_device_complete);
5790 if (err < 0) {
5791 /* ENODATA means no HCI commands were needed (e.g. if
5792 * the adapter is powered off).
5793 */
9df74653
JH		 5794 if (err == -ENODATA)
5795 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5796 mgmt_pending_remove(cmd);
5797 }
2faade53
MH		 5798
5799unlock:
5800 hci_dev_unlock(hdev);
5801 return err;
5802}
5803
a26f3dcf
JH		 5804static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5805 u16 len)
5806{
5807 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5808 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5809 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5810 u16 param_count, expected_len;
5811 int i;
5812
5813 if (!lmp_le_capable(hdev))
5814 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5815 MGMT_STATUS_NOT_SUPPORTED);
5816
5817 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5818 if (param_count > max_param_count) {
5819 BT_ERR("load_conn_param: too big param_count value %u",
5820 param_count);
5821 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5822 MGMT_STATUS_INVALID_PARAMS);
5823 }
a26f3dcf
JH		 5824
5825 expected_len = sizeof(*cp) + param_count *
5826 sizeof(struct mgmt_conn_param);
5827 if (expected_len != len) {
5828 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5829 expected_len, len);
5830 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5831 MGMT_STATUS_INVALID_PARAMS);
5832 }
5833
5834 BT_DBG("%s param_count %u", hdev->name, param_count);
5835
5836 hci_dev_lock(hdev);
5837
5838 hci_conn_params_clear_disabled(hdev);
5839
5840 for (i = 0; i < param_count; i++) {
5841 struct mgmt_conn_param *param = &cp->params[i];
5842 struct hci_conn_params *hci_param;
5843 u16 min, max, latency, timeout;
5844 u8 addr_type;
5845
5846 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5847 param->addr.type);
5848
5849 if (param->addr.type == BDADDR_LE_PUBLIC) {
5850 addr_type = ADDR_LE_DEV_PUBLIC;
5851 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5852 addr_type = ADDR_LE_DEV_RANDOM;
5853 } else {
5854 BT_ERR("Ignoring invalid connection parameters");
5855 continue;
5856 }
5857
5858 min = le16_to_cpu(param->min_interval);
5859 max = le16_to_cpu(param->max_interval);
5860 latency = le16_to_cpu(param->latency);
5861 timeout = le16_to_cpu(param->timeout);
5862
5863 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5864 min, max, latency, timeout);
5865
5866 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5867 BT_ERR("Ignoring invalid connection parameters");
5868 continue;
5869 }
5870
5871 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5872 addr_type);
5873 if (!hci_param) {
5874 BT_ERR("Failed to add connection parameters");
5875 continue;
5876 }
5877
5878 hci_param->conn_min_interval = min;
5879 hci_param->conn_max_interval = max;
5880 hci_param->conn_latency = latency;
5881 hci_param->supervision_timeout = timeout;
5882 }
5883
5884 hci_dev_unlock(hdev);
5885
5886 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5887}
5888
dbece37a
MH		 5889static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5890 void *data, u16 len)
5891{
5892 struct mgmt_cp_set_external_config *cp = data;
5893 bool changed;
5894 int err;
5895
5896 BT_DBG("%s", hdev->name);
5897
5898 if (hdev_is_powered(hdev))
5899 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5900 MGMT_STATUS_REJECTED);
5901
5902 if (cp->config != 0x00 && cp->config != 0x01)
5903 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5904 MGMT_STATUS_INVALID_PARAMS);
5905
5906 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5907 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5908 MGMT_STATUS_NOT_SUPPORTED);
5909
5910 hci_dev_lock(hdev);
5911
5912 if (cp->config)
5913 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5914 &hdev->dev_flags);
5915 else
5916 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5917 &hdev->dev_flags);
5918
5919 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5920 if (err < 0)
5921 goto unlock;
5922
5923 if (!changed)
5924 goto unlock;
5925
f4537c04
MH		 5926 err = new_options(hdev, sk);
5927
dbece37a
MH		 5928 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5929 mgmt_index_removed(hdev);
d603b76b
MH		 5930
5931 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5932 set_bit(HCI_CONFIG, &hdev->dev_flags);
5933 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5934
5935 queue_work(hdev->req_workqueue, &hdev->power_on);
5936 } else {
5ea234d3 5937 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5938 mgmt_index_added(hdev);
5939 }
dbece37a
MH		 5940 }
5941
5942unlock:
5943 hci_dev_unlock(hdev);
5944 return err;
5945}
5946
9713c17b
MH		 5947static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5948 void *data, u16 len)
5949{
5950 struct mgmt_cp_set_public_address *cp = data;
5951 bool changed;
5952 int err;
5953
5954 BT_DBG("%s", hdev->name);
5955
5956 if (hdev_is_powered(hdev))
5957 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5958 MGMT_STATUS_REJECTED);
5959
5960 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5961 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5962 MGMT_STATUS_INVALID_PARAMS);
5963
5964 if (!hdev->set_bdaddr)
5965 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5966 MGMT_STATUS_NOT_SUPPORTED);
5967
5968 hci_dev_lock(hdev);
5969
5970 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5971 bacpy(&hdev->public_addr, &cp->bdaddr);
5972
5973 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5974 if (err < 0)
5975 goto unlock;
5976
5977 if (!changed)
5978 goto unlock;
5979
5980 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5981 err = new_options(hdev, sk);
5982
5983 if (is_configured(hdev)) {
5984 mgmt_index_removed(hdev);
5985
5986 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5987
5988 set_bit(HCI_CONFIG, &hdev->dev_flags);
5989 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5990
5991 queue_work(hdev->req_workqueue, &hdev->power_on);
5992 }
5993
5994unlock:
5995 hci_dev_unlock(hdev);
5996 return err;
5997}
5998
2e3c35ea 5999static const struct mgmt_handler {
04124681
GP		 6000 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
6001 u16 data_len);
be22b54e
JH		 6002 bool var_len;
6003 size_t data_len;
0f4e68cf
JH		 6004} mgmt_handlers[] = {
6005 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 6006 { read_version, false, MGMT_READ_VERSION_SIZE },
6007 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
6008 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
6009 { read_controller_info, false, MGMT_READ_INFO_SIZE },
6010 { set_powered, false, MGMT_SETTING_SIZE },
6011 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
6012 { set_connectable, false, MGMT_SETTING_SIZE },
6013 { set_fast_connectable, false, MGMT_SETTING_SIZE },
b2939475 6014 { set_bondable, false, MGMT_SETTING_SIZE },
be22b54e
JH		 6015 { set_link_security, false, MGMT_SETTING_SIZE },
6016 { set_ssp, false, MGMT_SETTING_SIZE },
6017 { set_hs, false, MGMT_SETTING_SIZE },
6018 { set_le, false, MGMT_SETTING_SIZE },
6019 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
6020 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
6021 { add_uuid, false, MGMT_ADD_UUID_SIZE },
6022 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
6023 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
6024 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
6025 { disconnect, false, MGMT_DISCONNECT_SIZE },
6026 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
6027 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
6028 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6029 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
6030 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
6031 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6032 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
6033 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
6034 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6035 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
6036 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
6037 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 6038 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 6039 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6040 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
6041 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
6042 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
6043 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
6044 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 6045 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 6046 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 6047 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 6048 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 6049 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 6050 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 6051 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 6052 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 6053 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 6054 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 6055 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 6056 { add_device, false, MGMT_ADD_DEVICE_SIZE },
6057 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 6058 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
6059 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 6060 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 6061 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 6062 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
66ea9427 6063 { start_service_discovery,true, MGMT_START_SERVICE_DISCOVERY_SIZE },
0f4e68cf
JH		 6064};
6065
0381101f
JH		 6066int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
6067{
650f726d
VCG		 6068 void *buf;
6069 u8 *cp;
0381101f 6070 struct mgmt_hdr *hdr;
4e51eae9 6071 u16 opcode, index, len;
bdb6d971 6072 struct hci_dev *hdev = NULL;
2e3c35ea 6073 const struct mgmt_handler *handler;
0381101f
JH		 6074 int err;
6075
6076 BT_DBG("got %zu bytes", msglen);
6077
6078 if (msglen < sizeof(*hdr))
6079 return -EINVAL;
6080
e63a15ec 6081 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6082 if (!buf)
6083 return -ENOMEM;
6084
6ce8e9ce 6085 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6086 err = -EFAULT;
6087 goto done;
6088 }
6089
650f726d 6090 hdr = buf;
1f350c87
MH		 6091 opcode = __le16_to_cpu(hdr->opcode);
6092 index = __le16_to_cpu(hdr->index);
6093 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6094
6095 if (len != msglen - sizeof(*hdr)) {
6096 err = -EINVAL;
6097 goto done;
6098 }
6099
0f4e68cf 6100 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6101 hdev = hci_dev_get(index);
6102 if (!hdev) {
6103 err = cmd_status(sk, index, opcode,
04124681 6104 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6105 goto done;
6106 }
0736cfa8 6107
cebf4cfd 6108 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 6109 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 6110 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 6111 err = cmd_status(sk, index, opcode,
6112 MGMT_STATUS_INVALID_INDEX);
6113 goto done;
6114 }
42a9bc14
MH		 6115
6116 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 6117 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 6118 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
6119 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 6120 err = cmd_status(sk, index, opcode,
6121 MGMT_STATUS_INVALID_INDEX);
6122 goto done;
6123 }
bdb6d971
JH		 6124 }
6125
0f4e68cf 6126 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 6127 mgmt_handlers[opcode].func == NULL) {
0381101f 6128 BT_DBG("Unknown op %u", opcode);
ca69b795 6129 err = cmd_status(sk, index, opcode,
04124681 6130 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 6131 goto done;
6132 }
6133
73d1df2a
MH		 6134 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
6135 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
6136 err = cmd_status(sk, index, opcode,
6137 MGMT_STATUS_INVALID_INDEX);
6138 goto done;
6139 }
6140
6141 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
6142 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 6143 err = cmd_status(sk, index, opcode,
04124681 6144 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6145 goto done;
0381101f
JH		 6146 }
6147
be22b54e
JH		 6148 handler = &mgmt_handlers[opcode];
6149
6150 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 6151 (!handler->var_len && len != handler->data_len)) {
be22b54e 6152 err = cmd_status(sk, index, opcode,
04124681 6153 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6154 goto done;
6155 }
6156
0f4e68cf
JH		 6157 if (hdev)
6158 mgmt_init_hdev(sk, hdev);
6159
6160 cp = buf + sizeof(*hdr);
6161
be22b54e 6162 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6163 if (err < 0)
6164 goto done;
6165
0381101f
JH		 6166 err = msglen;
6167
6168done:
bdb6d971
JH		 6169 if (hdev)
6170 hci_dev_put(hdev);
6171
0381101f
JH		 6172 kfree(buf);
6173 return err;
6174}
c71e97bf 6175
bf6b56db 6176void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6177{
1514b892 6178 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6179 return;
bb4b2a9a 6180
0602a8ad
MH		 6181 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6182 return;
6183
6184 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6185 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6186 else
6187 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6188}
6189
bf6b56db 6190void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6191{
5f159032 6192 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6193
1514b892 6194 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6195 return;
bb4b2a9a 6196
0602a8ad
MH		 6197 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6198 return;
6199
1b9b5ee5 6200 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6201
edd3896b
MH		 6202 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6203 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6204 else
6205 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6206}
6207
6046dc3e 6208/* This function requires the caller holds hdev->lock */
2cf22218 6209static void restart_le_actions(struct hci_request *req)
6046dc3e 6210{
2cf22218 6211 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6212 struct hci_conn_params *p;
6213
6214 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6215 /* Needed for AUTO_OFF case where might not "really"
6216 * have been powered off.
6217 */
6218 list_del_init(&p->action);
6219
6220 switch (p->auto_connect) {
4b9e7e75 6221 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6222 case HCI_AUTO_CONN_ALWAYS:
6223 list_add(&p->action, &hdev->pend_le_conns);
6224 break;
6225 case HCI_AUTO_CONN_REPORT:
6226 list_add(&p->action, &hdev->pend_le_reports);
6227 break;
6228 default:
6229 break;
c83ed19d 6230 }
6046dc3e 6231 }
c83ed19d 6232
2cf22218 6233 __hci_update_background_scan(req);
6046dc3e
AG		 6234}
6235
1904a853 6236static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6237{
6238 struct cmd_lookup match = { NULL, hdev };
6239
6240 BT_DBG("status 0x%02x", status);
6241
162a3bac
MH		 6242 if (!status) {
6243 /* Register the available SMP channels (BR/EDR and LE) only
6244 * when successfully powering on the controller. This late
6245 * registration is required so that LE SMP can clearly
6246 * decide if the public address or static address is used.
6247 */
6248 smp_register(hdev);
6249 }
6250
229ab39c
JH		 6251 hci_dev_lock(hdev);
6252
6253 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6254
6255 new_settings(hdev, match.sk);
6256
6257 hci_dev_unlock(hdev);
6258
6259 if (match.sk)
6260 sock_put(match.sk);
6261}
6262
70da6243 6263static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6264{
890ea898 6265 struct hci_request req;
70da6243 6266 u8 link_sec;
5add6af8 6267
890ea898
JH		 6268 hci_req_init(&req, hdev);
6269
70da6243
JH		 6270 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6271 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6272 u8 mode = 0x01;
5e5282bb 6273
574ea3c7
MH		 6274 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6275
6276 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6277 u8 support = 0x01;
5add6af8 6278
574ea3c7
MH		 6279 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6280 sizeof(support), &support);
6281 }
ec6f99b8
JH		 6282 }
6283
c73eee91
JH		 6284 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6285 lmp_bredr_capable(hdev)) {
70da6243 6286 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6287
32226e4f
MH		 6288 cp.le = 0x01;
6289 cp.simul = 0x00;
3d1cbdd6 6290
70da6243
JH		 6291 /* Check first if we already have the right
6292 * host state (host features set)
6293 */
6294 if (cp.le != lmp_host_le_capable(hdev) ||
6295 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6296 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6297 sizeof(cp), &cp);
70da6243 6298 }
3d1cbdd6 6299
d13eafce 6300 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6301 /* Make sure the controller has a good default for
6302 * advertising data. This also applies to the case
6303 * where BR/EDR was toggled during the AUTO_OFF phase.
6304 */
f14d8f64 6305 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6306 update_adv_data(&req);
f14d8f64
MH		 6307 update_scan_rsp_data(&req);
6308 }
441ad2d0 6309
bba3aa55
MH		 6310 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6311 enable_advertising(&req);
2cf22218
JH		 6312
6313 restart_le_actions(&req);
eeca6f89
JH		 6314 }
6315
70da6243
JH		 6316 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6317 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6318 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6319 sizeof(link_sec), &link_sec);
562fcc24 6320
70da6243 6321 if (lmp_bredr_capable(hdev)) {
432df05e 6322 write_fast_connectable(&req, false);
1d2dc5b7 6323 __hci_update_page_scan(&req);
890ea898 6324 update_class(&req);
13928971 6325 update_name(&req);
890ea898 6326 update_eir(&req);
70da6243 6327 }
562fcc24 6328
229ab39c 6329 return hci_req_run(&req, powered_complete);
70da6243 6330}
562fcc24 6331
70da6243
JH		 6332int mgmt_powered(struct hci_dev *hdev, u8 powered)
6333{
6334 struct cmd_lookup match = { NULL, hdev };
9845904f 6335 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6336 int err;
f0ff92fb 6337
70da6243
JH		 6338 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6339 return 0;
6340
70da6243 6341 if (powered) {
229ab39c
JH		 6342 if (powered_update_hci(hdev) == 0)
6343 return 0;
fe038884 6344
229ab39c
JH		 6345 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6346 &match);
6347 goto new_settings;
b24752fe
JH		 6348 }
6349
229ab39c 6350 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6351
6352 /* If the power off is because of hdev unregistration let
6353 * use the appropriate INVALID_INDEX status. Otherwise use
6354 * NOT_POWERED. We cover both scenarios here since later in
6355 * mgmt_index_removed() any hci_conn callbacks will have already
6356 * been triggered, potentially causing misleading DISCONNECTED
6357 * status responses.
6358 */
6359 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6360 status = MGMT_STATUS_INVALID_INDEX;
6361 else
6362 status = MGMT_STATUS_NOT_POWERED;
6363
6364 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6365
6366 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6367 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6368 zero_cod, sizeof(zero_cod), NULL);
6369
6370new_settings:
beadb2bd 6371 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6372
6373 if (match.sk)
6374 sock_put(match.sk);
6375
7bb895d6 6376 return err;
5add6af8 6377}
73f22f62 6378
3eec705e 6379void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 6380{
6381 struct pending_cmd *cmd;
6382 u8 status;
6383
6384 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6385 if (!cmd)
3eec705e 6386 return;
96570ffc
JH		 6387
6388 if (err == -ERFKILL)
6389 status = MGMT_STATUS_RFKILLED;
6390 else
6391 status = MGMT_STATUS_FAILED;
6392
3eec705e 6393 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6394
6395 mgmt_pending_remove(cmd);
96570ffc
JH		 6396}
6397
d1967ff8
MH		 6398void mgmt_discoverable_timeout(struct hci_dev *hdev)
6399{
6400 struct hci_request req;
d1967ff8
MH		 6401
6402 hci_dev_lock(hdev);
6403
6404 /* When discoverable timeout triggers, then just make sure
6405 * the limited discoverable flag is cleared. Even in the case
6406 * of a timeout triggered from general discoverable, it is
6407 * safe to unconditionally clear the flag.
6408 */
6409 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6410 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6411
6412 hci_req_init(&req, hdev);
4b580614
JH		 6413 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6414 u8 scan = SCAN_PAGE;
6415 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6416 sizeof(scan), &scan);
6417 }
d1967ff8 6418 update_class(&req);
9a43e25f 6419 update_adv_data(&req);
d1967ff8
MH		 6420 hci_req_run(&req, NULL);
6421
6422 hdev->discov_timeout = 0;
6423
9a43e25f
JH		 6424 new_settings(hdev, NULL);
6425
d1967ff8
MH		 6426 hci_dev_unlock(hdev);
6427}
6428
dc4a5ee2
MH		 6429void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6430 bool persistent)
55ed8ca1 6431{
86742e1e 6432 struct mgmt_ev_new_link_key ev;
55ed8ca1 6433
a492cd52 6434 memset(&ev, 0, sizeof(ev));
55ed8ca1 6435
a492cd52 6436 ev.store_hint = persistent;
d753fdc4 6437 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6438 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6439 ev.key.type = key->type;
9b3b4460 6440 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6441 ev.key.pin_len = key->pin_len;
55ed8ca1 6442
dc4a5ee2 6443 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6444}
f7520543 6445
d7b25450
JH		 6446static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6447{
23fb8de3
JH		 6448 switch (ltk->type) {
6449 case SMP_LTK:
6450 case SMP_LTK_SLAVE:
6451 if (ltk->authenticated)
6452 return MGMT_LTK_AUTHENTICATED;
6453 return MGMT_LTK_UNAUTHENTICATED;
6454 case SMP_LTK_P256:
6455 if (ltk->authenticated)
6456 return MGMT_LTK_P256_AUTH;
6457 return MGMT_LTK_P256_UNAUTH;
6458 case SMP_LTK_P256_DEBUG:
6459 return MGMT_LTK_P256_DEBUG;
6460 }
d7b25450
JH		 6461
6462 return MGMT_LTK_UNAUTHENTICATED;
6463}
6464
53ac6ab6 6465void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6466{
6467 struct mgmt_ev_new_long_term_key ev;
6468
6469 memset(&ev, 0, sizeof(ev));
6470
5192d301
MH		 6471 /* Devices using resolvable or non-resolvable random addresses
6472 * without providing an indentity resolving key don't require
6473 * to store long term keys. Their addresses will change the
6474 * next time around.
6475 *
6476 * Only when a remote device provides an identity address
6477 * make sure the long term key is stored. If the remote
6478 * identity is known, the long term keys are internally
6479 * mapped to the identity address. So allow static random
6480 * and public addresses here.
6481 */
ba74b666
JH		 6482 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6483 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6484 ev.store_hint = 0x00;
6485 else
53ac6ab6 6486 ev.store_hint = persistent;
ba74b666 6487
346af67b 6488 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6489 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6490 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6491 ev.key.enc_size = key->enc_size;
6492 ev.key.ediv = key->ediv;
fe39c7b2 6493 ev.key.rand = key->rand;
346af67b 6494
2ceba539 6495 if (key->type == SMP_LTK)
346af67b
VCG		 6496 ev.key.master = 1;
6497
346af67b
VCG		 6498 memcpy(ev.key.val, key->val, sizeof(key->val));
6499
083368f7 6500 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6501}
6502
95fbac8a
JH		 6503void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6504{
6505 struct mgmt_ev_new_irk ev;
6506
6507 memset(&ev, 0, sizeof(ev));
6508
bab6d1e5
MH		 6509 /* For identity resolving keys from devices that are already
6510 * using a public address or static random address, do not
6511 * ask for storing this key. The identity resolving key really
6512 * is only mandatory for devices using resovlable random
6513 * addresses.
6514 *
6515 * Storing all identity resolving keys has the downside that
6516 * they will be also loaded on next boot of they system. More
6517 * identity resolving keys, means more time during scanning is
6518 * needed to actually resolve these addresses.
6519 */
6520 if (bacmp(&irk->rpa, BDADDR_ANY))
6521 ev.store_hint = 0x01;
6522 else
6523 ev.store_hint = 0x00;
6524
95fbac8a
JH		 6525 bacpy(&ev.rpa, &irk->rpa);
6526 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6527 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6528 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6529
6530 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6531}
6532
53ac6ab6
MH		 6533void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6534 bool persistent)
7ee4ea36
MH		 6535{
6536 struct mgmt_ev_new_csrk ev;
6537
6538 memset(&ev, 0, sizeof(ev));
6539
6540 /* Devices using resolvable or non-resolvable random addresses
6541 * without providing an indentity resolving key don't require
6542 * to store signature resolving keys. Their addresses will change
6543 * the next time around.
6544 *
6545 * Only when a remote device provides an identity address
6546 * make sure the signature resolving key is stored. So allow
6547 * static random and public addresses here.
6548 */
6549 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6550 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6551 ev.store_hint = 0x00;
6552 else
53ac6ab6 6553 ev.store_hint = persistent;
7ee4ea36
MH		 6554
6555 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6556 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6557 ev.key.master = csrk->master;
6558 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6559
6560 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6561}
6562
ffb5a827 6563void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6564 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6565 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6566{
6567 struct mgmt_ev_new_conn_param ev;
6568
c103aea6
JH		 6569 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6570 return;
6571
ffb5a827
AG		 6572 memset(&ev, 0, sizeof(ev));
6573 bacpy(&ev.addr.bdaddr, bdaddr);
6574 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6575 ev.store_hint = store_hint;
ffb5a827
AG		 6576 ev.min_interval = cpu_to_le16(min_interval);
6577 ev.max_interval = cpu_to_le16(max_interval);
6578 ev.latency = cpu_to_le16(latency);
6579 ev.timeout = cpu_to_le16(timeout);
6580
6581 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6582}
6583
94933991
MH		 6584static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6585 u8 data_len)
6586{
6587 eir[eir_len++] = sizeof(type) + data_len;
6588 eir[eir_len++] = type;
6589 memcpy(&eir[eir_len], data, data_len);
6590 eir_len += data_len;
6591
6592 return eir_len;
6593}
6594
48ec92fa
AA		 6595void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6596 u32 flags, u8 *name, u8 name_len)
f7520543 6597{
b644ba33
JH		 6598 char buf[512];
6599 struct mgmt_ev_device_connected *ev = (void *) buf;
6600 u16 eir_len = 0;
f7520543 6601
48ec92fa
AA		 6602 bacpy(&ev->addr.bdaddr, &conn->dst);
6603 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6604
c95f0ba7 6605 ev->flags = __cpu_to_le32(flags);
08c79b61 6606
fd45ada9
AA		 6607 /* We must ensure that the EIR Data fields are ordered and
6608 * unique. Keep it simple for now and avoid the problem by not
6609 * adding any BR/EDR data to the LE adv.
6610 */
6611 if (conn->le_adv_data_len > 0) {
6612 memcpy(&ev->eir[eir_len],
6613 conn->le_adv_data, conn->le_adv_data_len);
6614 eir_len = conn->le_adv_data_len;
6615 } else {
6616 if (name_len > 0)
6617 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6618 name, name_len);
b644ba33 6619
ddbea5cf 6620 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6621 eir_len = eir_append_data(ev->eir, eir_len,
6622 EIR_CLASS_OF_DEV,
6623 conn->dev_class, 3);
6624 }
b644ba33 6625
eb55ef07 6626 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6627
ecd90ae7
MH		 6628 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6629 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6630}
6631
8962ee74
JH		 6632static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6633{
8962ee74 6634 struct sock **sk = data;
8962ee74 6635
f5818c22 6636 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6637
6638 *sk = cmd->sk;
6639 sock_hold(*sk);
6640
a664b5bc 6641 mgmt_pending_remove(cmd);
8962ee74
JH		 6642}
6643
124f6e35 6644static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6645{
b1078ad0 6646 struct hci_dev *hdev = data;
124f6e35 6647 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6648
b1078ad0
JH		 6649 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6650
d8b7b1e4 6651 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6652 mgmt_pending_remove(cmd);
6653}
6654
84c61d92
JH		 6655bool mgmt_powering_down(struct hci_dev *hdev)
6656{
6657 struct pending_cmd *cmd;
6658 struct mgmt_mode *cp;
6659
6660 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6661 if (!cmd)
6662 return false;
6663
6664 cp = cmd->param;
6665 if (!cp->val)
6666 return true;
6667
6668 return false;
6669}
6670
9b80ec5e 6671void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6672 u8 link_type, u8 addr_type, u8 reason,
6673 bool mgmt_connected)
f7520543 6674{
f0d6a0ea 6675 struct mgmt_ev_device_disconnected ev;
8962ee74 6676 struct sock *sk = NULL;
8962ee74 6677
84c61d92
JH		 6678 /* The connection is still in hci_conn_hash so test for 1
6679 * instead of 0 to know if this is the last one.
6680 */
6681 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6682 cancel_delayed_work(&hdev->power_off);
6683 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6684 }
6685
12d4a3b2
JH		 6686 if (!mgmt_connected)
6687 return;
6688
57eb776f
AG		 6689 if (link_type != ACL_LINK && link_type != LE_LINK)
6690 return;
6691
744cf19e 6692 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6693
f0d6a0ea
MA		 6694 bacpy(&ev.addr.bdaddr, bdaddr);
6695 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6696 ev.reason = reason;
f7520543 6697
9b80ec5e 6698 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6699
6700 if (sk)
d97dcb66 6701 sock_put(sk);
8962ee74 6702
124f6e35 6703 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6704 hdev);
8962ee74
JH		 6705}
6706
7892924c
MH		 6707void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6708 u8 link_type, u8 addr_type, u8 status)
8962ee74 6709{
3655bba8
AG		 6710 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6711 struct mgmt_cp_disconnect *cp;
8962ee74 6712 struct pending_cmd *cmd;
8962ee74 6713
36a75f1b
JD		 6714 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6715 hdev);
6716
2e58ef3e 6717 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6718 if (!cmd)
7892924c 6719 return;
8962ee74 6720
3655bba8
AG		 6721 cp = cmd->param;
6722
6723 if (bacmp(bdaddr, &cp->addr.bdaddr))
6724 return;
6725
6726 if (cp->addr.type != bdaddr_type)
6727 return;
6728
f5818c22 6729 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6730 mgmt_pending_remove(cmd);
f7520543 6731}
17d5c04c 6732
445608d0
MH		 6733void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6734 u8 addr_type, u8 status)
17d5c04c
JH		 6735{
6736 struct mgmt_ev_connect_failed ev;
c9910d0f 6737
84c61d92
JH		 6738 /* The connection is still in hci_conn_hash so test for 1
6739 * instead of 0 to know if this is the last one.
6740 */
6741 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6742 cancel_delayed_work(&hdev->power_off);
6743 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6744 }
17d5c04c 6745
4c659c39 6746 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6747 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6748 ev.status = mgmt_status(status);
17d5c04c 6749
445608d0 6750 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6751}
980e1a53 6752
ce0e4a0d 6753void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6754{
6755 struct mgmt_ev_pin_code_request ev;
6756
d8457698 6757 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6758 ev.addr.type = BDADDR_BREDR;
a770bb5a 6759 ev.secure = secure;
980e1a53 6760
ce0e4a0d 6761 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6762}
6763
e669cf80
MH		 6764void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6765 u8 status)
980e1a53
JH		 6766{
6767 struct pending_cmd *cmd;
980e1a53 6768
2e58ef3e 6769 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6770 if (!cmd)
e669cf80 6771 return;
980e1a53 6772
7776d1d8 6773 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6774 mgmt_pending_remove(cmd);
980e1a53
JH		 6775}
6776
3eb38528
MH		 6777void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6778 u8 status)
980e1a53
JH		 6779{
6780 struct pending_cmd *cmd;
980e1a53 6781
2e58ef3e 6782 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6783 if (!cmd)
3eb38528 6784 return;
980e1a53 6785
7776d1d8 6786 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6787 mgmt_pending_remove(cmd);
980e1a53 6788}
a5c29683 6789
744cf19e 6790int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6791 u8 link_type, u8 addr_type, u32 value,
04124681 6792 u8 confirm_hint)
a5c29683
JH		 6793{
6794 struct mgmt_ev_user_confirm_request ev;
6795
744cf19e 6796 BT_DBG("%s", hdev->name);
a5c29683 6797
272d90df 6798 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6799 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6800 ev.confirm_hint = confirm_hint;
39adbffe 6801 ev.value = cpu_to_le32(value);
a5c29683 6802
744cf19e 6803 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6804 NULL);
a5c29683
JH		 6805}
6806
272d90df 6807int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6808 u8 link_type, u8 addr_type)
604086b7
BG		 6809{
6810 struct mgmt_ev_user_passkey_request ev;
6811
6812 BT_DBG("%s", hdev->name);
6813
272d90df 6814 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6815 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6816
6817 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6818 NULL);
604086b7
BG		 6819}
6820
0df4c185 6821static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6822 u8 link_type, u8 addr_type, u8 status,
6823 u8 opcode)
a5c29683
JH		 6824{
6825 struct pending_cmd *cmd;
a5c29683 6826
2e58ef3e 6827 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6828 if (!cmd)
6829 return -ENOENT;
6830
7776d1d8 6831 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6832 mgmt_pending_remove(cmd);
a5c29683 6833
7776d1d8 6834 return 0;
a5c29683
JH		 6835}
6836
744cf19e 6837int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6838 u8 link_type, u8 addr_type, u8 status)
a5c29683 6839{
272d90df 6840 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6841 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6842}
6843
272d90df 6844int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6845 u8 link_type, u8 addr_type, u8 status)
a5c29683 6846{
272d90df 6847 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6848 status,
6849 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6850}
2a611692 6851
604086b7 6852int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6853 u8 link_type, u8 addr_type, u8 status)
604086b7 6854{
272d90df 6855 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6856 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6857}
6858
272d90df 6859int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6860 u8 link_type, u8 addr_type, u8 status)
604086b7 6861{
272d90df 6862 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6863 status,
6864 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6865}
6866
92a25256
JH		 6867int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6868 u8 link_type, u8 addr_type, u32 passkey,
6869 u8 entered)
6870{
6871 struct mgmt_ev_passkey_notify ev;
6872
6873 BT_DBG("%s", hdev->name);
6874
6875 bacpy(&ev.addr.bdaddr, bdaddr);
6876 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6877 ev.passkey = __cpu_to_le32(passkey);
6878 ev.entered = entered;
6879
6880 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6881}
6882
e1e930f5 6883void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 6884{
6885 struct mgmt_ev_auth_failed ev;
e1e930f5
JH		 6886 struct pending_cmd *cmd;
6887 u8 status = mgmt_status(hci_status);
2a611692 6888
e1e930f5
JH		 6889 bacpy(&ev.addr.bdaddr, &conn->dst);
6890 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
6891 ev.status = status;
2a611692 6892
e1e930f5
JH		 6893 cmd = find_pairing(conn);
6894
6895 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
6896 cmd ? cmd->sk : NULL);
6897
a511b35b
JH		 6898 if (cmd) {
6899 cmd->cmd_complete(cmd, status);
6900 mgmt_pending_remove(cmd);
6901 }
2a611692 6902}
b312b161 6903
464996ae 6904void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6905{
6906 struct cmd_lookup match = { NULL, hdev };
464996ae 6907 bool changed;
33ef95ed
JH		 6908
6909 if (status) {
6910 u8 mgmt_err = mgmt_status(status);
6911 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6912 cmd_status_rsp, &mgmt_err);
464996ae 6913 return;
33ef95ed
JH		 6914 }
6915
464996ae
MH		 6916 if (test_bit(HCI_AUTH, &hdev->flags))
6917 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6918 &hdev->dev_flags);
6919 else
6920 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6921 &hdev->dev_flags);
47990ea0 6922
33ef95ed 6923 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6924 &match);
33ef95ed 6925
47990ea0 6926 if (changed)
464996ae 6927 new_settings(hdev, match.sk);
33ef95ed
JH		 6928
6929 if (match.sk)
6930 sock_put(match.sk);
33ef95ed
JH		 6931}
6932
890ea898 6933static void clear_eir(struct hci_request *req)
cacaf52f 6934{
890ea898 6935 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6936 struct hci_cp_write_eir cp;
6937
976eb20e 6938 if (!lmp_ext_inq_capable(hdev))
890ea898 6939 return;
cacaf52f 6940
c80da27e
JH		 6941 memset(hdev->eir, 0, sizeof(hdev->eir));
6942
cacaf52f
JH		 6943 memset(&cp, 0, sizeof(cp));
6944
890ea898 6945 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6946}
6947
3e248560 6948void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6949{
6950 struct cmd_lookup match = { NULL, hdev };
890ea898 6951 struct hci_request req;
c0ecddc2 6952 bool changed = false;
ed2c4ee3
JH		 6953
6954 if (status) {
6955 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6956
6957 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6958 &hdev->dev_flags)) {
6959 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6960 new_settings(hdev, NULL);
9ecb3e24 6961 }
c0ecddc2 6962
04124681
GP		 6963 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6964 &mgmt_err);
3e248560 6965 return;
c0ecddc2
JH		 6966 }
6967
6968 if (enable) {
9ecb3e24 6969 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6970 } else {
9ecb3e24
MH		 6971 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6972 if (!changed)
6973 changed = test_and_clear_bit(HCI_HS_ENABLED,
6974 &hdev->dev_flags);
6975 else
6976 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6977 }
6978
6979 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6980
c0ecddc2 6981 if (changed)
3e248560 6982 new_settings(hdev, match.sk);
ed2c4ee3 6983
5fc6ebb1 6984 if (match.sk)
ed2c4ee3
JH		 6985 sock_put(match.sk);
6986
890ea898
JH		 6987 hci_req_init(&req, hdev);
6988
3769972b
JH		 6989 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6990 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6991 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6992 sizeof(enable), &enable);
890ea898 6993 update_eir(&req);
3769972b 6994 } else {
890ea898 6995 clear_eir(&req);
3769972b 6996 }
890ea898
JH		 6997
6998 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6999}
7000
eac83dc6
MH		 7001void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
7002{
7003 struct cmd_lookup match = { NULL, hdev };
7004 bool changed = false;
7005
7006 if (status) {
7007 u8 mgmt_err = mgmt_status(status);
7008
0ab04a9c
MH		 7009 if (enable) {
7010 if (test_and_clear_bit(HCI_SC_ENABLED,
7011 &hdev->dev_flags))
7012 new_settings(hdev, NULL);
7013 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
7014 }
eac83dc6
MH		 7015
7016 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
7017 cmd_status_rsp, &mgmt_err);
7018 return;
7019 }
7020
0ab04a9c 7021 if (enable) {
eac83dc6 7022 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 7023 } else {
eac83dc6 7024 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 7025 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
7026 }
eac83dc6
MH		 7027
7028 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
7029 settings_rsp, &match);
7030
7031 if (changed)
7032 new_settings(hdev, match.sk);
7033
7034 if (match.sk)
7035 sock_put(match.sk);
7036}
7037
92da6097 7038static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 7039{
7040 struct cmd_lookup *match = data;
7041
90e70454
JH		 7042 if (match->sk == NULL) {
7043 match->sk = cmd->sk;
7044 sock_hold(match->sk);
7045 }
90e70454
JH		 7046}
7047
4e1b0245
MH		 7048void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7049 u8 status)
7f9a903c 7050{
90e70454 7051 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7052
92da6097
JH		 7053 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7054 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7055 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7056
7057 if (!status)
4e1b0245
MH		 7058 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7059 NULL);
90e70454
JH		 7060
7061 if (match.sk)
7062 sock_put(match.sk);
7f9a903c
MH		 7063}
7064
7667da34 7065void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7066{
b312b161 7067 struct mgmt_cp_set_local_name ev;
13928971 7068 struct pending_cmd *cmd;
28cc7bde 7069
13928971 7070 if (status)
7667da34 7071 return;
b312b161
JH		 7072
7073 memset(&ev, 0, sizeof(ev));
7074 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7075 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7076
2e58ef3e 7077 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7078 if (!cmd) {
7079 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7080
13928971
JH		 7081 /* If this is a HCI command related to powering on the
7082 * HCI dev don't send any mgmt signals.
7083 */
7084 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7085 return;
890ea898 7086 }
b312b161 7087
7667da34
MH		 7088 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7089 cmd ? cmd->sk : NULL);
b312b161 7090}
c35938b2 7091
4d2d2796 7092void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7093 u8 *rand192, u8 *hash256, u8 *rand256,
7094 u8 status)
c35938b2
SJ		 7095{
7096 struct pending_cmd *cmd;
c35938b2 7097
744cf19e 7098 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7099
2e58ef3e 7100 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7101 if (!cmd)
3edaf092 7102 return;
c35938b2
SJ		 7103
7104 if (status) {
3edaf092
MH		 7105 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7106 mgmt_status(status));
c35938b2 7107 } else {
710f11c0 7108 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796
MH		 7109 struct mgmt_rp_read_local_oob_ext_data rp;
7110
7111 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
38da1703 7112 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7113
4d2d2796 7114 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7115 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
c35938b2 7116
4d2d2796
MH		 7117 cmd_complete(cmd->sk, hdev->id,
7118 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7119 &rp, sizeof(rp));
7120 } else {
7121 struct mgmt_rp_read_local_oob_data rp;
7122
7123 memcpy(rp.hash, hash192, sizeof(rp.hash));
38da1703 7124 memcpy(rp.rand, rand192, sizeof(rp.rand));
4d2d2796
MH		 7125
7126 cmd_complete(cmd->sk, hdev->id,
7127 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7128 &rp, sizeof(rp));
7129 }
c35938b2
SJ		 7130 }
7131
7132 mgmt_pending_remove(cmd);
c35938b2 7133}
e17acd40 7134
799ce93d
JP		 7135static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7136{
7137 int i;
7138
7139 for (i = 0; i < uuid_count; i++) {
7140 if (!memcmp(uuid, uuids[i], 16))
7141 return true;
7142 }
7143
7144 return false;
7145}
7146
b487b9ce
MH		 7147static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7148{
799ce93d
JP		 7149 u16 parsed = 0;
7150
7151 while (parsed < eir_len) {
7152 u8 field_len = eir[0];
7153 u8 uuid[16];
7154 int i;
7155
7156 if (field_len == 0)
7157 break;
7158
7159 if (eir_len - parsed < field_len + 1)
7160 break;
7161
7162 switch (eir[1]) {
7163 case EIR_UUID16_ALL:
7164 case EIR_UUID16_SOME:
7165 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7166 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7167 uuid[13] = eir[i + 3];
7168 uuid[12] = eir[i + 2];
7169 if (has_uuid(uuid, uuid_count, uuids))
7170 return true;
7171 }
7172 break;
7173 case EIR_UUID32_ALL:
7174 case EIR_UUID32_SOME:
7175 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7176 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7177 uuid[15] = eir[i + 5];
7178 uuid[14] = eir[i + 4];
7179 uuid[13] = eir[i + 3];
7180 uuid[12] = eir[i + 2];
7181 if (has_uuid(uuid, uuid_count, uuids))
7182 return true;
7183 }
7184 break;
7185 case EIR_UUID128_ALL:
7186 case EIR_UUID128_SOME:
7187 for (i = 0; i + 17 <= field_len; i += 16) {
7188 memcpy(uuid, eir + i + 2, 16);
7189 if (has_uuid(uuid, uuid_count, uuids))
7190 return true;
7191 }
7192 break;
7193 }
7194
7195 parsed += field_len + 1;
7196 eir += field_len + 1;
7197 }
7198
b487b9ce
MH		 7199 return false;
7200}
7201
901801b9 7202void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 7203 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7204 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7205{
e319d2e7
JH		 7206 char buf[512];
7207 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 7208 size_t ev_size;
b487b9ce 7209 bool match;
e17acd40 7210
75ce208c
JH		 7211 /* Don't send events for a non-kernel initiated discovery. With
7212 * LE one exception is if we have pend_le_reports > 0 in which
7213 * case we're doing passive scanning and want these events.
7214 */
7215 if (!hci_discovery_active(hdev)) {
7216 if (link_type == ACL_LINK)
7217 return;
66f8455a 7218 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 7219 return;
7220 }
12602d0c 7221
bda157a4
MH		 7222 /* When using service discovery with a RSSI threshold, then check
7223 * if such a RSSI threshold is specified. If a RSSI threshold has
7224 * been specified, then all results with a RSSI smaller than the
7225 * RSSI threshold will be dropped.
efb2513f
MH		 7226 *
7227 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7228 * the results are also dropped.
bda157a4
MH		 7229 */
7230 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
efb2513f 7231 (rssi < hdev->discovery.rssi || rssi == HCI_RSSI_INVALID))
bda157a4
MH		 7232 return;
7233
5d2e9fad
JH		 7234 /* Make sure that the buffer is big enough. The 5 extra bytes
7235 * are for the potential CoD field.
7236 */
7237 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 7238 return;
7d262f86 7239
1dc06093
JH		 7240 memset(buf, 0, sizeof(buf));
7241
da25cf6a
MH		 7242 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7243 * RSSI value was reported as 0 when not available. This behavior
7244 * is kept when using device discovery. This is required for full
7245 * backwards compatibility with the API.
7246 *
7247 * However when using service discovery, the value 127 will be
7248 * returned when the RSSI is not available.
7249 */
91200e9f
SJ		 7250 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7251 link_type == ACL_LINK)
efb2513f
MH		 7252 rssi = 0;
7253
841c5644
JH		 7254 bacpy(&ev->addr.bdaddr, bdaddr);
7255 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 7256 ev->rssi = rssi;
af58925c 7257 ev->flags = cpu_to_le32(flags);
e17acd40 7258
b487b9ce
MH		 7259 if (eir_len > 0) {
7260 /* When using service discovery and a list of UUID is
7261 * provided, results with no matching UUID should be
7262 * dropped. In case there is a match the result is
7263 * kept and checking possible scan response data
7264 * will be skipped.
7265 */
ea8ae251 7266 if (hdev->discovery.uuid_count > 0)
b487b9ce
MH		 7267 match = eir_has_uuids(eir, eir_len,
7268 hdev->discovery.uuid_count,
7269 hdev->discovery.uuids);
ea8ae251
MH		 7270 else
7271 match = true;
7272
7273 if (!match && !scan_rsp_len)
7274 return;
b487b9ce
MH		 7275
7276 /* Copy EIR or advertising data into event */
e319d2e7 7277 memcpy(ev->eir, eir, eir_len);
b487b9ce
MH		 7278 } else {
7279 /* When using service discovery and a list of UUID is
7280 * provided, results with empty EIR or advertising data
7281 * should be dropped since they do not match any UUID.
7282 */
ea8ae251 7283 if (hdev->discovery.uuid_count > 0 && !scan_rsp_len)
b487b9ce 7284 return;
ea8ae251
MH		 7285
7286 match = false;
b487b9ce 7287 }
e17acd40 7288
1dc06093
JH		 7289 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7290 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 7291 dev_class, 3);
1dc06093 7292
b487b9ce
MH		 7293 if (scan_rsp_len > 0) {
7294 /* When using service discovery and a list of UUID is
7295 * provided, results with no matching UUID should be
7296 * dropped if there is no previous match from the
7297 * advertising data.
7298 */
7299 if (hdev->discovery.uuid_count > 0) {
7300 if (!match && !eir_has_uuids(scan_rsp, scan_rsp_len,
7301 hdev->discovery.uuid_count,
7302 hdev->discovery.uuids))
7303 return;
7304 }
7305
7306 /* Append scan response data to event */
5d2e9fad 7307 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
b487b9ce
MH		 7308 } else {
7309 /* When using service discovery and a list of UUID is
7310 * provided, results with empty scan response and no
7311 * previous matched advertising data should be dropped.
7312 */
7313 if (hdev->discovery.uuid_count > 0 && !match)
7314 return;
7315 }
5d2e9fad
JH		 7316
7317 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7318 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7319
901801b9 7320 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7321}
a88a9652 7322
9cf12aee
MH		 7323void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7324 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7325{
b644ba33
JH		 7326 struct mgmt_ev_device_found *ev;
7327 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7328 u16 eir_len;
a88a9652 7329
b644ba33 7330 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7331
b644ba33
JH		 7332 memset(buf, 0, sizeof(buf));
7333
7334 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7335 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7336 ev->rssi = rssi;
7337
7338 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7339 name_len);
b644ba33 7340
eb55ef07 7341 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7342
9cf12aee 7343 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7344}
314b2381 7345
2f1e063b 7346void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7347{
f963e8e9 7348 struct mgmt_ev_discovering ev;
164a6e78 7349
343fb145
AG		 7350 BT_DBG("%s discovering %u", hdev->name, discovering);
7351
f963e8e9
JH		 7352 memset(&ev, 0, sizeof(ev));
7353 ev.type = hdev->discovery.type;
7354 ev.discovering = discovering;
7355
2f1e063b 7356 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7357}
5e762444 7358
1904a853 7359static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7360{
7361 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7362}
7363
7364void mgmt_reenable_advertising(struct hci_dev *hdev)
7365{
7366 struct hci_request req;
7367
5976e608
MH		 7368 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7369 return;
7370
7371 hci_req_init(&req, hdev);
7372 enable_advertising(&req);
0ec5ae84 7373 hci_req_run(&req, adv_enable_complete);
5976e608 7374}
Linux kernel - Deliverables
This page took 1.213657 seconds and 5 git commands to generate.