projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Make Fast Connectable available while powered off
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
854bda19 40#define MGMT_REVISION 8
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 99};
100
101static const u16 mgmt_events[] = {
102 MGMT_EV_CONTROLLER_ERROR,
103 MGMT_EV_INDEX_ADDED,
104 MGMT_EV_INDEX_REMOVED,
105 MGMT_EV_NEW_SETTINGS,
106 MGMT_EV_CLASS_OF_DEV_CHANGED,
107 MGMT_EV_LOCAL_NAME_CHANGED,
108 MGMT_EV_NEW_LINK_KEY,
109 MGMT_EV_NEW_LONG_TERM_KEY,
110 MGMT_EV_DEVICE_CONNECTED,
111 MGMT_EV_DEVICE_DISCONNECTED,
112 MGMT_EV_CONNECT_FAILED,
113 MGMT_EV_PIN_CODE_REQUEST,
114 MGMT_EV_USER_CONFIRM_REQUEST,
115 MGMT_EV_USER_PASSKEY_REQUEST,
116 MGMT_EV_AUTH_FAILED,
117 MGMT_EV_DEVICE_FOUND,
118 MGMT_EV_DISCOVERING,
119 MGMT_EV_DEVICE_BLOCKED,
120 MGMT_EV_DEVICE_UNBLOCKED,
121 MGMT_EV_DEVICE_UNPAIRED,
92a25256 122 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 123 MGMT_EV_NEW_IRK,
7ee4ea36 124 MGMT_EV_NEW_CSRK,
8afef092
MH		 125 MGMT_EV_DEVICE_ADDED,
126 MGMT_EV_DEVICE_REMOVED,
ffb5a827 127 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 128 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 129 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 130 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 131};
132
17b02e62 133#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 134
d25b78e2
JH		 135#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
136 "\x00\x00\x00\x00\x00\x00\x00\x00"
137
3b0602cd 138struct mgmt_pending_cmd {
eec8d2bc 139 struct list_head list;
fc2f4b13 140 u16 opcode;
eec8d2bc 141 int index;
c68fb7ff 142 void *param;
323b0b88 143 size_t param_len;
eec8d2bc 144 struct sock *sk;
e9a416b5 145 void *user_data;
3b0602cd 146 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 147};
148
ca69b795
JH		 149/* HCI to MGMT error code conversion table */
150static u8 mgmt_status_table[] = {
151 MGMT_STATUS_SUCCESS,
152 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
153 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
154 MGMT_STATUS_FAILED, /* Hardware Failure */
155 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
156 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 157 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 158 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
159 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
160 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
161 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
162 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
163 MGMT_STATUS_BUSY, /* Command Disallowed */
164 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
165 MGMT_STATUS_REJECTED, /* Rejected Security */
166 MGMT_STATUS_REJECTED, /* Rejected Personal */
167 MGMT_STATUS_TIMEOUT, /* Host Timeout */
168 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
169 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
170 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
171 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
172 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
173 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
174 MGMT_STATUS_BUSY, /* Repeated Attempts */
175 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
176 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
178 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
179 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
180 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
181 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
182 MGMT_STATUS_FAILED, /* Unspecified Error */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
184 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
185 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
186 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
187 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
188 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
189 MGMT_STATUS_FAILED, /* Unit Link Key Used */
190 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
191 MGMT_STATUS_TIMEOUT, /* Instant Passed */
192 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
193 MGMT_STATUS_FAILED, /* Transaction Collision */
194 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
195 MGMT_STATUS_REJECTED, /* QoS Rejected */
196 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
197 MGMT_STATUS_REJECTED, /* Insufficient Security */
198 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
199 MGMT_STATUS_BUSY, /* Role Switch Pending */
200 MGMT_STATUS_FAILED, /* Slot Violation */
201 MGMT_STATUS_FAILED, /* Role Switch Failed */
202 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
203 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
204 MGMT_STATUS_BUSY, /* Host Busy Pairing */
205 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
206 MGMT_STATUS_BUSY, /* Controller Busy */
207 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
208 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
209 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
210 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
211 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
212};
213
214static u8 mgmt_status(u8 hci_status)
215{
216 if (hci_status < ARRAY_SIZE(mgmt_status_table))
217 return mgmt_status_table[hci_status];
218
219 return MGMT_STATUS_FAILED;
220}
221
7a00ff44
JH		 222static int mgmt_send_event(u16 event, struct hci_dev *hdev,
223 unsigned short channel, void *data, u16 data_len,
224 struct sock *skip_sk)
04c60f05
MH		 225{
226 struct sk_buff *skb;
227 struct mgmt_hdr *hdr;
228
229 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
230 if (!skb)
231 return -ENOMEM;
232
233 hdr = (void *) skb_put(skb, sizeof(*hdr));
234 hdr->opcode = cpu_to_le16(event);
235 if (hdev)
236 hdr->index = cpu_to_le16(hdev->id);
237 else
238 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
239 hdr->len = cpu_to_le16(data_len);
240
241 if (data)
242 memcpy(skb_put(skb, data_len), data, data_len);
243
244 /* Time stamp */
245 __net_timestamp(skb);
246
7a00ff44 247 hci_send_to_channel(channel, skb, skip_sk);
04c60f05
MH		 248 kfree_skb(skb);
249
250 return 0;
251}
252
7a00ff44
JH		 253static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
254 struct sock *skip_sk)
255{
256 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
257 skip_sk);
258}
259
a69e8375 260static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 261{
262 struct sk_buff *skb;
263 struct mgmt_hdr *hdr;
264 struct mgmt_ev_cmd_status *ev;
56b7d137 265 int err;
f7b64e69 266
34eb525c 267 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 268
790eff44 269 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 270 if (!skb)
271 return -ENOMEM;
272
273 hdr = (void *) skb_put(skb, sizeof(*hdr));
274
dcf4adbf 275 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 276 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 277 hdr->len = cpu_to_le16(sizeof(*ev));
278
279 ev = (void *) skb_put(skb, sizeof(*ev));
280 ev->status = status;
eb55ef07 281 ev->opcode = cpu_to_le16(cmd);
f7b64e69 282
56b7d137
GP		 283 err = sock_queue_rcv_skb(sk, skb);
284 if (err < 0)
f7b64e69
JH		 285 kfree_skb(skb);
286
56b7d137 287 return err;
f7b64e69
JH		 288}
289
2a1afb5a
JH		 290static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
291 void *rp, size_t rp_len)
02d98129
JH		 292{
293 struct sk_buff *skb;
294 struct mgmt_hdr *hdr;
295 struct mgmt_ev_cmd_complete *ev;
56b7d137 296 int err;
02d98129
JH		 297
298 BT_DBG("sock %p", sk);
299
790eff44 300 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 301 if (!skb)
302 return -ENOMEM;
303
304 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 305
dcf4adbf 306 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 307 hdr->index = cpu_to_le16(index);
a38528f1 308 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 309
a38528f1 310 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 311 ev->opcode = cpu_to_le16(cmd);
aee9b218 312 ev->status = status;
8020c16a
SJ		 313
314 if (rp)
315 memcpy(ev->data, rp, rp_len);
02d98129 316
56b7d137
GP		 317 err = sock_queue_rcv_skb(sk, skb);
318 if (err < 0)
02d98129
JH		 319 kfree_skb(skb);
320
e5f0e151 321 return err;
02d98129
JH		 322}
323
04124681
GP		 324static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
325 u16 data_len)
a38528f1
JH		 326{
327 struct mgmt_rp_read_version rp;
328
329 BT_DBG("sock %p", sk);
330
331 rp.version = MGMT_VERSION;
dcf4adbf 332 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 333
2a1afb5a
JH		 334 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
335 &rp, sizeof(rp));
a38528f1
JH		 336}
337
04124681
GP		 338static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
339 u16 data_len)
e70bb2e8
JH		 340{
341 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 342 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
343 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 344 __le16 *opcode;
e70bb2e8
JH		 345 size_t rp_size;
346 int i, err;
347
348 BT_DBG("sock %p", sk);
349
350 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
351
352 rp = kmalloc(rp_size, GFP_KERNEL);
353 if (!rp)
354 return -ENOMEM;
355
dcf4adbf
JP		 356 rp->num_commands = cpu_to_le16(num_commands);
357 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 358
359 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
360 put_unaligned_le16(mgmt_commands[i], opcode);
361
362 for (i = 0; i < num_events; i++, opcode++)
363 put_unaligned_le16(mgmt_events[i], opcode);
364
2a1afb5a
JH		 365 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
366 rp, rp_size);
e70bb2e8
JH		 367 kfree(rp);
368
369 return err;
370}
371
04124681
GP		 372static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
373 u16 data_len)
faba42eb 374{
faba42eb 375 struct mgmt_rp_read_index_list *rp;
8035ded4 376 struct hci_dev *d;
a38528f1 377 size_t rp_len;
faba42eb 378 u16 count;
476e44cb 379 int err;
faba42eb
JH		 380
381 BT_DBG("sock %p", sk);
382
383 read_lock(&hci_dev_list_lock);
384
385 count = 0;
bb4b2a9a 386 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 387 if (d->dev_type == HCI_BREDR &&
388 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 389 count++;
faba42eb
JH		 390 }
391
a38528f1
JH		 392 rp_len = sizeof(*rp) + (2 * count);
393 rp = kmalloc(rp_len, GFP_ATOMIC);
394 if (!rp) {
b2c60d42 395 read_unlock(&hci_dev_list_lock);
faba42eb 396 return -ENOMEM;
b2c60d42 397 }
faba42eb 398
476e44cb 399 count = 0;
8035ded4 400 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 401 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 402 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 403 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 404 continue;
405
73d1df2a
MH		 406 /* Devices marked as raw-only are neither configured
407 * nor unconfigured controllers.
408 */
409 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 410 continue;
411
73d1df2a
MH		 412 if (d->dev_type == HCI_BREDR &&
413 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 414 rp->index[count++] = cpu_to_le16(d->id);
415 BT_DBG("Added hci%u", d->id);
416 }
faba42eb
JH		 417 }
418
476e44cb
JH		 419 rp->num_controllers = cpu_to_le16(count);
420 rp_len = sizeof(*rp) + (2 * count);
421
faba42eb
JH		 422 read_unlock(&hci_dev_list_lock);
423
2a1afb5a
JH		 424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
425 0, rp, rp_len);
faba42eb 426
a38528f1
JH		 427 kfree(rp);
428
429 return err;
faba42eb
JH		 430}
431
73d1df2a
MH		 432static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
433 void *data, u16 data_len)
434{
435 struct mgmt_rp_read_unconf_index_list *rp;
436 struct hci_dev *d;
437 size_t rp_len;
438 u16 count;
439 int err;
440
441 BT_DBG("sock %p", sk);
442
443 read_lock(&hci_dev_list_lock);
444
445 count = 0;
446 list_for_each_entry(d, &hci_dev_list, list) {
447 if (d->dev_type == HCI_BREDR &&
448 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
449 count++;
450 }
451
452 rp_len = sizeof(*rp) + (2 * count);
453 rp = kmalloc(rp_len, GFP_ATOMIC);
454 if (!rp) {
455 read_unlock(&hci_dev_list_lock);
456 return -ENOMEM;
457 }
458
459 count = 0;
460 list_for_each_entry(d, &hci_dev_list, list) {
461 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 462 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 463 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
464 continue;
465
466 /* Devices marked as raw-only are neither configured
467 * nor unconfigured controllers.
468 */
469 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
470 continue;
471
472 if (d->dev_type == HCI_BREDR &&
473 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
474 rp->index[count++] = cpu_to_le16(d->id);
475 BT_DBG("Added hci%u", d->id);
476 }
477 }
478
479 rp->num_controllers = cpu_to_le16(count);
480 rp_len = sizeof(*rp) + (2 * count);
481
482 read_unlock(&hci_dev_list_lock);
483
2a1afb5a
JH		 484 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
485 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 486
487 kfree(rp);
488
489 return err;
490}
491
dbece37a
MH		 492static bool is_configured(struct hci_dev *hdev)
493{
494 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
495 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
496 return false;
497
498 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
499 !bacmp(&hdev->public_addr, BDADDR_ANY))
500 return false;
501
502 return true;
503}
504
89bc22d2
MH		 505static __le32 get_missing_options(struct hci_dev *hdev)
506{
507 u32 options = 0;
508
dbece37a
MH		 509 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
510 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 511 options |= MGMT_OPTION_EXTERNAL_CONFIG;
512
89bc22d2
MH		 513 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
514 !bacmp(&hdev->public_addr, BDADDR_ANY))
515 options |= MGMT_OPTION_PUBLIC_ADDRESS;
516
517 return cpu_to_le32(options);
518}
519
f4537c04
MH		 520static int new_options(struct hci_dev *hdev, struct sock *skip)
521{
522 __le32 options = get_missing_options(hdev);
523
524 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
525 sizeof(options), skip);
526}
527
dbece37a
MH		 528static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
529{
530 __le32 options = get_missing_options(hdev);
531
2a1afb5a
JH		 532 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
533 sizeof(options));
dbece37a
MH		 534}
535
9fc3bfb6
MH		 536static int read_config_info(struct sock *sk, struct hci_dev *hdev,
537 void *data, u16 data_len)
538{
539 struct mgmt_rp_read_config_info rp;
89bc22d2 540 u32 options = 0;
9fc3bfb6
MH		 541
542 BT_DBG("sock %p %s", sk, hdev->name);
543
544 hci_dev_lock(hdev);
545
546 memset(&rp, 0, sizeof(rp));
547 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 548
eb1904f4
MH		 549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
550 options |= MGMT_OPTION_EXTERNAL_CONFIG;
551
9fc3bfb6 552 if (hdev->set_bdaddr)
89bc22d2
MH		 553 options |= MGMT_OPTION_PUBLIC_ADDRESS;
554
555 rp.supported_options = cpu_to_le32(options);
556 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 557
558 hci_dev_unlock(hdev);
559
2a1afb5a
JH		 560 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
561 &rp, sizeof(rp));
9fc3bfb6
MH		 562}
563
69ab39ea
JH		 564static u32 get_supported_settings(struct hci_dev *hdev)
565{
566 u32 settings = 0;
567
568 settings |= MGMT_SETTING_POWERED;
b2939475 569 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 570 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 571 settings |= MGMT_SETTING_CONNECTABLE;
572 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 573
ed3fa31f 574 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 575 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
576 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 577 settings |= MGMT_SETTING_BREDR;
578 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 579
580 if (lmp_ssp_capable(hdev)) {
581 settings |= MGMT_SETTING_SSP;
582 settings |= MGMT_SETTING_HS;
583 }
e98d2ce2 584
05b3c3e7 585 if (lmp_sc_capable(hdev))
e98d2ce2 586 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 587 }
d7b7e796 588
eeca6f89 589 if (lmp_le_capable(hdev)) {
9d42820f 590 settings |= MGMT_SETTING_LE;
eeca6f89 591 settings |= MGMT_SETTING_ADVERTISING;
a3209694 592 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 593 settings |= MGMT_SETTING_PRIVACY;
93690c22 594 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 595 }
69ab39ea 596
eb1904f4
MH		 597 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
598 hdev->set_bdaddr)
9fc3bfb6
MH		 599 settings |= MGMT_SETTING_CONFIGURATION;
600
69ab39ea
JH		 601 return settings;
602}
603
604static u32 get_current_settings(struct hci_dev *hdev)
605{
606 u32 settings = 0;
607
f1f0eb02 608 if (hdev_is_powered(hdev))
f0d4b78a
MH		 609 settings |= MGMT_SETTING_POWERED;
610
5e5282bb 611 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 612 settings |= MGMT_SETTING_CONNECTABLE;
613
1a4d3c4b
JH		 614 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
615 settings |= MGMT_SETTING_FAST_CONNECTABLE;
616
5e5282bb 617 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 618 settings |= MGMT_SETTING_DISCOVERABLE;
619
b6ae8457 620 if (test_bit(HCI_BONDABLE, &hdev->dev_flags))
b2939475 621 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 622
56f87901 623 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 624 settings |= MGMT_SETTING_BREDR;
625
06199cf8 626 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 627 settings |= MGMT_SETTING_LE;
628
47990ea0 629 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 630 settings |= MGMT_SETTING_LINK_SECURITY;
631
84bde9d6 632 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 633 settings |= MGMT_SETTING_SSP;
634
6d80dfd0
JH		 635 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
636 settings |= MGMT_SETTING_HS;
637
f3d3444a 638 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 639 settings |= MGMT_SETTING_ADVERTISING;
640
e98d2ce2
MH		 641 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
642 settings |= MGMT_SETTING_SECURE_CONN;
643
0663b297 644 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 645 settings |= MGMT_SETTING_DEBUG_KEYS;
646
0f4bd942
JH		 647 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
648 settings |= MGMT_SETTING_PRIVACY;
649
93690c22
MH		 650 /* The current setting for static address has two purposes. The
651 * first is to indicate if the static address will be used and
652 * the second is to indicate if it is actually set.
653 *
654 * This means if the static address is not configured, this flag
655 * will never bet set. If the address is configured, then if the
656 * address is actually used decides if the flag is set or not.
657 *
658 * For single mode LE only controllers and dual-mode controllers
659 * with BR/EDR disabled, the existence of the static address will
660 * be evaluated.
661 */
662 if (test_bit(HCI_FORCE_STATIC_ADDR, &hdev->dbg_flags) ||
663 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
664 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
665 if (bacmp(&hdev->static_addr, BDADDR_ANY))
666 settings |= MGMT_SETTING_STATIC_ADDRESS;
667 }
668
69ab39ea
JH		 669 return settings;
670}
671
ef580372
JH		 672#define PNP_INFO_SVCLASS_ID 0x1200
673
213202ed
JH		 674static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
675{
676 u8 *ptr = data, *uuids_start = NULL;
677 struct bt_uuid *uuid;
678
679 if (len < 4)
680 return ptr;
681
682 list_for_each_entry(uuid, &hdev->uuids, list) {
683 u16 uuid16;
684
685 if (uuid->size != 16)
686 continue;
687
688 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
689 if (uuid16 < 0x1100)
690 continue;
691
692 if (uuid16 == PNP_INFO_SVCLASS_ID)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID16_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u16) > len) {
704 uuids_start[1] = EIR_UUID16_SOME;
705 break;
706 }
707
708 *ptr++ = (uuid16 & 0x00ff);
709 *ptr++ = (uuid16 & 0xff00) >> 8;
710 uuids_start[0] += sizeof(uuid16);
711 }
712
713 return ptr;
714}
715
cdf1963f
JH		 716static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 6)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 32)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID32_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + sizeof(u32) > len) {
737 uuids_start[1] = EIR_UUID32_SOME;
738 break;
739 }
740
741 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
742 ptr += sizeof(u32);
743 uuids_start[0] += sizeof(u32);
744 }
745
746 return ptr;
747}
748
c00d575b
JH		 749static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
750{
751 u8 *ptr = data, *uuids_start = NULL;
752 struct bt_uuid *uuid;
753
754 if (len < 18)
755 return ptr;
756
757 list_for_each_entry(uuid, &hdev->uuids, list) {
758 if (uuid->size != 128)
759 continue;
760
761 if (!uuids_start) {
762 uuids_start = ptr;
763 uuids_start[0] = 1;
764 uuids_start[1] = EIR_UUID128_ALL;
765 ptr += 2;
766 }
767
768 /* Stop if not enough space to put next UUID */
769 if ((ptr - data) + 16 > len) {
770 uuids_start[1] = EIR_UUID128_SOME;
771 break;
772 }
773
774 memcpy(ptr, uuid->uuid, 16);
775 ptr += 16;
776 uuids_start[0] += 16;
777 }
778
779 return ptr;
780}
781
3b0602cd
JH		 782static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
783 struct hci_dev *hdev)
eb2a8d20 784{
3b0602cd 785 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 786
787 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
788 if (cmd->opcode == opcode)
789 return cmd;
790 }
791
792 return NULL;
793}
794
3b0602cd
JH		 795static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
796 struct hci_dev *hdev,
797 const void *data)
95868426 798{
3b0602cd 799 struct mgmt_pending_cmd *cmd;
95868426
JH		 800
801 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
802 if (cmd->user_data != data)
803 continue;
804 if (cmd->opcode == opcode)
805 return cmd;
806 }
807
808 return NULL;
809}
810
f14d8f64
MH		 811static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
812{
7a5f4990
MH		 813 u8 ad_len = 0;
814 size_t name_len;
815
816 name_len = strlen(hdev->dev_name);
817 if (name_len > 0) {
818 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
819
820 if (name_len > max_len) {
821 name_len = max_len;
822 ptr[1] = EIR_NAME_SHORT;
823 } else
824 ptr[1] = EIR_NAME_COMPLETE;
825
826 ptr[0] = name_len + 1;
827
828 memcpy(ptr + 2, hdev->dev_name, name_len);
829
830 ad_len += (name_len + 2);
831 ptr += (name_len + 2);
832 }
833
834 return ad_len;
f14d8f64
MH		 835}
836
837static void update_scan_rsp_data(struct hci_request *req)
838{
839 struct hci_dev *hdev = req->hdev;
840 struct hci_cp_le_set_scan_rsp_data cp;
841 u8 len;
842
7751ef1b 843 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 844 return;
845
846 memset(&cp, 0, sizeof(cp));
847
848 len = create_scan_rsp_data(hdev, cp.data);
849
eb438b5f
JH		 850 if (hdev->scan_rsp_data_len == len &&
851 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 852 return;
853
eb438b5f
JH		 854 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
855 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 856
857 cp.length = len;
858
859 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
860}
861
9a43e25f
JH		 862static u8 get_adv_discov_flags(struct hci_dev *hdev)
863{
3b0602cd 864 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 865
866 /* If there's a pending mgmt command the flags will not yet have
867 * their final values, so check for this first.
868 */
869 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
870 if (cmd) {
871 struct mgmt_mode *cp = cmd->param;
872 if (cp->val == 0x01)
873 return LE_AD_GENERAL;
874 else if (cp->val == 0x02)
875 return LE_AD_LIMITED;
876 } else {
877 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
878 return LE_AD_LIMITED;
879 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
880 return LE_AD_GENERAL;
881 }
882
883 return 0;
884}
885
46cad2ed 886static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 887{
888 u8 ad_len = 0, flags = 0;
441ad2d0 889
9a43e25f 890 flags |= get_adv_discov_flags(hdev);
441ad2d0 891
e834004b 892 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 893 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 894
895 if (flags) {
896 BT_DBG("adv flags 0x%02x", flags);
897
898 ptr[0] = 2;
899 ptr[1] = EIR_FLAGS;
900 ptr[2] = flags;
901
902 ad_len += 3;
903 ptr += 3;
904 }
905
906 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
907 ptr[0] = 2;
908 ptr[1] = EIR_TX_POWER;
909 ptr[2] = (u8) hdev->adv_tx_power;
910
911 ad_len += 3;
912 ptr += 3;
913 }
914
441ad2d0
MH		 915 return ad_len;
916}
917
5947f4bc 918static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 919{
920 struct hci_dev *hdev = req->hdev;
921 struct hci_cp_le_set_adv_data cp;
922 u8 len;
923
10994ce6 924 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 925 return;
926
927 memset(&cp, 0, sizeof(cp));
928
46cad2ed 929 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 930
931 if (hdev->adv_data_len == len &&
932 memcmp(cp.data, hdev->adv_data, len) == 0)
933 return;
934
935 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
936 hdev->adv_data_len = len;
937
938 cp.length = len;
939
940 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
941}
942
bc6d2d04
JH		 943int mgmt_update_adv_data(struct hci_dev *hdev)
944{
945 struct hci_request req;
946
947 hci_req_init(&req, hdev);
948 update_adv_data(&req);
949
950 return hci_req_run(&req, NULL);
951}
952
ef580372
JH		 953static void create_eir(struct hci_dev *hdev, u8 *data)
954{
955 u8 *ptr = data;
ef580372
JH		 956 size_t name_len;
957
958 name_len = strlen(hdev->dev_name);
959
960 if (name_len > 0) {
961 /* EIR Data type */
962 if (name_len > 48) {
963 name_len = 48;
964 ptr[1] = EIR_NAME_SHORT;
965 } else
966 ptr[1] = EIR_NAME_COMPLETE;
967
968 /* EIR Data length */
969 ptr[0] = name_len + 1;
970
971 memcpy(ptr + 2, hdev->dev_name, name_len);
972
ef580372
JH		 973 ptr += (name_len + 2);
974 }
975
bbaf444a 976 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 977 ptr[0] = 2;
978 ptr[1] = EIR_TX_POWER;
979 ptr[2] = (u8) hdev->inq_tx_power;
980
91c4e9b1
MH		 981 ptr += 3;
982 }
983
2b9be137
MH		 984 if (hdev->devid_source > 0) {
985 ptr[0] = 9;
986 ptr[1] = EIR_DEVICE_ID;
987
988 put_unaligned_le16(hdev->devid_source, ptr + 2);
989 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
990 put_unaligned_le16(hdev->devid_product, ptr + 6);
991 put_unaligned_le16(hdev->devid_version, ptr + 8);
992
2b9be137
MH		 993 ptr += 10;
994 }
995
213202ed 996 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 997 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 998 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 999}
1000
890ea898 1001static void update_eir(struct hci_request *req)
ef580372 1002{
890ea898 1003 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1004 struct hci_cp_write_eir cp;
1005
504c8dcd 1006 if (!hdev_is_powered(hdev))
890ea898 1007 return;
7770c4aa 1008
976eb20e 1009 if (!lmp_ext_inq_capable(hdev))
890ea898 1010 return;
ef580372 1011
84bde9d6 1012 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 1013 return;
ef580372 1014
a8b2d5c2 1015 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1016 return;
ef580372
JH		 1017
1018 memset(&cp, 0, sizeof(cp));
1019
1020 create_eir(hdev, cp.data);
1021
1022 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1023 return;
ef580372
JH		 1024
1025 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1026
890ea898 1027 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1028}
1029
1030static u8 get_service_classes(struct hci_dev *hdev)
1031{
1032 struct bt_uuid *uuid;
1033 u8 val = 0;
1034
1035 list_for_each_entry(uuid, &hdev->uuids, list)
1036 val |= uuid->svc_hint;
1037
1038 return val;
1039}
1040
890ea898 1041static void update_class(struct hci_request *req)
ef580372 1042{
890ea898 1043 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1044 u8 cod[3];
1045
1046 BT_DBG("%s", hdev->name);
1047
504c8dcd 1048 if (!hdev_is_powered(hdev))
890ea898 1049 return;
7770c4aa 1050
f87ea1da
JH		 1051 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1052 return;
1053
a8b2d5c2 1054 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1055 return;
ef580372
JH		 1056
1057 cod[0] = hdev->minor_class;
1058 cod[1] = hdev->major_class;
1059 cod[2] = get_service_classes(hdev);
1060
6acd7db4
MH		 1061 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1062 cod[1] |= 0x20;
1063
ef580372 1064 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1065 return;
ef580372 1066
890ea898 1067 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1068}
1069
a4858cb9 1070static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1071{
3b0602cd 1072 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1073
1074 /* If there's a pending mgmt command the flag will not yet have
1075 * it's final value, so check for this first.
1076 */
1077 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1078 if (cmd) {
1079 struct mgmt_mode *cp = cmd->param;
a4858cb9 1080 return cp->val;
199a2fb1
JH		 1081 }
1082
a4858cb9 1083 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1084}
1085
0ec5ae84
JH		 1086static void disable_advertising(struct hci_request *req)
1087{
1088 u8 enable = 0x00;
1089
1090 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1091}
1092
199a2fb1
JH		 1093static void enable_advertising(struct hci_request *req)
1094{
1095 struct hci_dev *hdev = req->hdev;
1096 struct hci_cp_le_set_adv_param cp;
8f2a0601 1097 u8 own_addr_type, enable = 0x01;
a4858cb9 1098 bool connectable;
199a2fb1 1099
0ec5ae84
JH		 1100 if (hci_conn_num(hdev, LE_LINK) > 0)
1101 return;
1102
1103 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1104 disable_advertising(req);
1105
5ce194c4 1106 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1107 * hci_update_random_address knows that it's safe to go ahead
1108 * and write a new random address. The flag will be set back on
1109 * as soon as the SET_ADV_ENABLE HCI command completes.
1110 */
5ce194c4 1111 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1112
a4858cb9 1113 connectable = get_connectable(hdev);
8f2a0601 1114
a4858cb9
JH		 1115 /* Set require_privacy to true only when non-connectable
1116 * advertising is used. In that case it is fine to use a
1117 * non-resolvable private address.
1118 */
1119 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1120 return;
1121
41c90c18 1122 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1123 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1124 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1125 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1126 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1127 cp.channel_map = hdev->le_adv_channel_map;
1128
1129 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1130
1131 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1132}
1133
7d78525d
JH		 1134static void service_cache_off(struct work_struct *work)
1135{
1136 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1137 service_cache.work);
890ea898 1138 struct hci_request req;
7d78525d 1139
a8b2d5c2 1140 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1141 return;
1142
890ea898
JH		 1143 hci_req_init(&req, hdev);
1144
7d78525d
JH		 1145 hci_dev_lock(hdev);
1146
890ea898
JH		 1147 update_eir(&req);
1148 update_class(&req);
7d78525d
JH		 1149
1150 hci_dev_unlock(hdev);
890ea898
JH		 1151
1152 hci_req_run(&req, NULL);
7d78525d
JH		 1153}
1154
d6bfd59c
JH		 1155static void rpa_expired(struct work_struct *work)
1156{
1157 struct hci_dev *hdev = container_of(work, struct hci_dev,
1158 rpa_expired.work);
1159 struct hci_request req;
1160
1161 BT_DBG("");
1162
1163 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1164
0ec5ae84 1165 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1166 return;
1167
1168 /* The generation of a new RPA and programming it into the
1169 * controller happens in the enable_advertising() function.
1170 */
d6bfd59c 1171 hci_req_init(&req, hdev);
d6bfd59c 1172 enable_advertising(&req);
d6bfd59c
JH		 1173 hci_req_run(&req, NULL);
1174}
1175
6a919082 1176static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1177{
4f87da80 1178 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1179 return;
1180
4f87da80 1181 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1182 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1183
4f87da80
JH		 1184 /* Non-mgmt controlled devices get this bit set
1185 * implicitly so that pairing works for them, however
1186 * for mgmt we require user-space to explicitly enable
1187 * it
1188 */
b6ae8457 1189 clear_bit(HCI_BONDABLE, &hdev->dev_flags);
7d78525d
JH		 1190}
1191
0f4e68cf 1192static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1193 void *data, u16 data_len)
0381101f 1194{
a38528f1 1195 struct mgmt_rp_read_info rp;
f7b64e69 1196
bdb6d971 1197 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1198
09fd0de5 1199 hci_dev_lock(hdev);
f7b64e69 1200
dc4fe30b
JH		 1201 memset(&rp, 0, sizeof(rp));
1202
69ab39ea 1203 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1204
69ab39ea 1205 rp.version = hdev->hci_ver;
eb55ef07 1206 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1207
1208 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1209 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1210
a38528f1 1211 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1212
dc4fe30b 1213 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1214 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1215
09fd0de5 1216 hci_dev_unlock(hdev);
0381101f 1217
2a1afb5a
JH		 1218 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1219 sizeof(rp));
0381101f
JH		 1220}
1221
3b0602cd 1222static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1223{
1224 sock_put(cmd->sk);
c68fb7ff 1225 kfree(cmd->param);
eec8d2bc
JH		 1226 kfree(cmd);
1227}
1228
3b0602cd
JH		 1229static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1230 struct hci_dev *hdev,
1231 void *data, u16 len)
eec8d2bc 1232{
3b0602cd 1233 struct mgmt_pending_cmd *cmd;
eec8d2bc 1234
fca20018 1235 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1236 if (!cmd)
366a0336 1237 return NULL;
eec8d2bc
JH		 1238
1239 cmd->opcode = opcode;
2e58ef3e 1240 cmd->index = hdev->id;
eec8d2bc 1241
323b0b88 1242 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1243 if (!cmd->param) {
eec8d2bc 1244 kfree(cmd);
366a0336 1245 return NULL;
eec8d2bc
JH		 1246 }
1247
323b0b88 1248 cmd->param_len = len;
eec8d2bc
JH		 1249
1250 cmd->sk = sk;
1251 sock_hold(sk);
1252
2e58ef3e 1253 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1254
366a0336 1255 return cmd;
eec8d2bc
JH		 1256}
1257
744cf19e 1258static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1259 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1260 void *data),
04124681 1261 void *data)
eec8d2bc 1262{
3b0602cd 1263 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1264
a3d09356 1265 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1266 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1267 continue;
1268
eec8d2bc
JH		 1269 cb(cmd, data);
1270 }
1271}
1272
3b0602cd 1273static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1274{
73f22f62
JH		 1275 list_del(&cmd->list);
1276 mgmt_pending_free(cmd);
1277}
1278
69ab39ea 1279static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1280{
69ab39ea 1281 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1282
2a1afb5a
JH		 1283 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1284 sizeof(settings));
8680570b
JH		 1285}
1286
1904a853 1287static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1288{
1289 BT_DBG("%s status 0x%02x", hdev->name, status);
1290
a3172b7e
JH		 1291 if (hci_conn_count(hdev) == 0) {
1292 cancel_delayed_work(&hdev->power_off);
8b064a3a 1293 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1294 }
8b064a3a
JH		 1295}
1296
23a48093 1297static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1298{
1299 struct hci_dev *hdev = req->hdev;
1300 struct hci_cp_remote_name_req_cancel cp;
1301 struct inquiry_entry *e;
1302
1303 switch (hdev->discovery.state) {
1304 case DISCOVERY_FINDING:
1305 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1306 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1307 } else {
1308 cancel_delayed_work(&hdev->le_scan_disable);
1309 hci_req_add_le_scan_disable(req);
1310 }
1311
23a48093 1312 return true;
21a60d30
JH		 1313
1314 case DISCOVERY_RESOLVING:
1315 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1316 NAME_PENDING);
1317 if (!e)
23a48093 1318 break;
21a60d30
JH		 1319
1320 bacpy(&cp.bdaddr, &e->data.bdaddr);
1321 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1322 &cp);
1323
23a48093 1324 return true;
21a60d30
JH		 1325
1326 default:
1327 /* Passive scanning */
23a48093 1328 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1329 hci_req_add_le_scan_disable(req);
23a48093
JH		 1330 return true;
1331 }
1332
21a60d30
JH		 1333 break;
1334 }
23a48093
JH		 1335
1336 return false;
21a60d30
JH		 1337}
1338
8b064a3a
JH		 1339static int clean_up_hci_state(struct hci_dev *hdev)
1340{
1341 struct hci_request req;
1342 struct hci_conn *conn;
23a48093
JH		 1343 bool discov_stopped;
1344 int err;
8b064a3a
JH		 1345
1346 hci_req_init(&req, hdev);
1347
1348 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1349 test_bit(HCI_PSCAN, &hdev->flags)) {
1350 u8 scan = 0x00;
1351 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1352 }
1353
73e082f8 1354 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1355 disable_advertising(&req);
1356
23a48093 1357 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1358
1359 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1360 struct hci_cp_disconnect dc;
c9910d0f
JH		 1361 struct hci_cp_reject_conn_req rej;
1362
1363 switch (conn->state) {
1364 case BT_CONNECTED:
1365 case BT_CONFIG:
1366 dc.handle = cpu_to_le16(conn->handle);
1367 dc.reason = 0x15; /* Terminated due to Power Off */
1368 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1369 break;
1370 case BT_CONNECT:
1371 if (conn->type == LE_LINK)
1372 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1373 0, NULL);
1374 else if (conn->type == ACL_LINK)
1375 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1376 6, &conn->dst);
1377 break;
1378 case BT_CONNECT2:
1379 bacpy(&rej.bdaddr, &conn->dst);
1380 rej.reason = 0x15; /* Terminated due to Power Off */
1381 if (conn->type == ACL_LINK)
1382 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1383 sizeof(rej), &rej);
1384 else if (conn->type == SCO_LINK)
1385 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1386 sizeof(rej), &rej);
1387 break;
1388 }
8b064a3a
JH		 1389 }
1390
23a48093
JH		 1391 err = hci_req_run(&req, clean_up_hci_complete);
1392 if (!err && discov_stopped)
1393 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1394
1395 return err;
8b064a3a
JH		 1396}
1397
bdb6d971 1398static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1399 u16 len)
eec8d2bc 1400{
650f726d 1401 struct mgmt_mode *cp = data;
3b0602cd 1402 struct mgmt_pending_cmd *cmd;
4b34ee78 1403 int err;
eec8d2bc 1404
bdb6d971 1405 BT_DBG("request for %s", hdev->name);
eec8d2bc 1406
a7e80f25 1407 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1409 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1410
09fd0de5 1411 hci_dev_lock(hdev);
eec8d2bc 1412
87b95ba6 1413 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1414 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1415 MGMT_STATUS_BUSY);
87b95ba6
JH		 1416 goto failed;
1417 }
1418
f0d4b78a
MH		 1419 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1420 cancel_delayed_work(&hdev->power_off);
1421
1422 if (cp->val) {
a1d70450
JH		 1423 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1424 data, len);
1425 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1426 goto failed;
1427 }
1428 }
1429
4b34ee78 1430 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1431 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1432 goto failed;
1433 }
1434
2e58ef3e 1435 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1436 if (!cmd) {
1437 err = -ENOMEM;
eec8d2bc 1438 goto failed;
366a0336 1439 }
eec8d2bc 1440
8b064a3a 1441 if (cp->val) {
19202573 1442 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1443 err = 0;
1444 } else {
1445 /* Disconnect connections, stop scans, etc */
1446 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1447 if (!err)
1448 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1449 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1450
8b064a3a
JH		 1451 /* ENODATA means there were no HCI commands queued */
1452 if (err == -ENODATA) {
a3172b7e 1453 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1454 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1455 err = 0;
1456 }
1457 }
eec8d2bc
JH		 1458
1459failed:
09fd0de5 1460 hci_dev_unlock(hdev);
366a0336 1461 return err;
eec8d2bc
JH		 1462}
1463
beadb2bd
JH		 1464static int new_settings(struct hci_dev *hdev, struct sock *skip)
1465{
1466 __le32 ev;
1467
1468 ev = cpu_to_le32(get_current_settings(hdev));
1469
1470 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1471}
1472
91a668b0
JH		 1473int mgmt_new_settings(struct hci_dev *hdev)
1474{
1475 return new_settings(hdev, NULL);
1476}
1477
bd99abdd
JH		 1478struct cmd_lookup {
1479 struct sock *sk;
1480 struct hci_dev *hdev;
1481 u8 mgmt_status;
1482};
1483
3b0602cd 1484static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1485{
1486 struct cmd_lookup *match = data;
1487
1488 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1489
1490 list_del(&cmd->list);
1491
1492 if (match->sk == NULL) {
1493 match->sk = cmd->sk;
1494 sock_hold(match->sk);
1495 }
1496
1497 mgmt_pending_free(cmd);
1498}
1499
3b0602cd 1500static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1501{
1502 u8 *status = data;
1503
a69e8375 1504 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1505 mgmt_pending_remove(cmd);
1506}
1507
3b0602cd 1508static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1509{
1510 if (cmd->cmd_complete) {
1511 u8 *status = data;
1512
1513 cmd->cmd_complete(cmd, *status);
1514 mgmt_pending_remove(cmd);
1515
1516 return;
1517 }
1518
1519 cmd_status_rsp(cmd, data);
1520}
1521
3b0602cd 1522static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1523{
2a1afb5a
JH		 1524 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1525 cmd->param, cmd->param_len);
f5818c22
JH		 1526}
1527
3b0602cd 1528static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1529{
2a1afb5a
JH		 1530 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1531 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1532}
1533
e6fe7986
JH		 1534static u8 mgmt_bredr_support(struct hci_dev *hdev)
1535{
1536 if (!lmp_bredr_capable(hdev))
1537 return MGMT_STATUS_NOT_SUPPORTED;
1538 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1539 return MGMT_STATUS_REJECTED;
1540 else
1541 return MGMT_STATUS_SUCCESS;
1542}
1543
1544static u8 mgmt_le_support(struct hci_dev *hdev)
1545{
1546 if (!lmp_le_capable(hdev))
1547 return MGMT_STATUS_NOT_SUPPORTED;
1548 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1549 return MGMT_STATUS_REJECTED;
1550 else
1551 return MGMT_STATUS_SUCCESS;
1552}
1553
1904a853
MH		 1554static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1555 u16 opcode)
bfaf8c9f 1556{
3b0602cd 1557 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1558 struct mgmt_mode *cp;
970ba524 1559 struct hci_request req;
bfaf8c9f
JH		 1560 bool changed;
1561
1562 BT_DBG("status 0x%02x", status);
1563
1564 hci_dev_lock(hdev);
1565
1566 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1567 if (!cmd)
1568 goto unlock;
1569
1570 if (status) {
1571 u8 mgmt_err = mgmt_status(status);
a69e8375 1572 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1573 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1574 goto remove_cmd;
1575 }
1576
1577 cp = cmd->param;
d4462a07 1578 if (cp->val) {
bfaf8c9f
JH		 1579 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1580 &hdev->dev_flags);
d4462a07
MH		 1581
1582 if (hdev->discov_timeout > 0) {
1583 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1584 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1585 to);
1586 }
1587 } else {
bfaf8c9f
JH		 1588 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1589 &hdev->dev_flags);
d4462a07 1590 }
bfaf8c9f
JH		 1591
1592 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1593
1594 if (changed)
1595 new_settings(hdev, cmd->sk);
1596
970ba524
MH		 1597 /* When the discoverable mode gets changed, make sure
1598 * that class of device has the limited discoverable
432df05e
JH		 1599 * bit correctly set. Also update page scan based on whitelist
1600 * entries.
970ba524
MH		 1601 */
1602 hci_req_init(&req, hdev);
1d2dc5b7 1603 __hci_update_page_scan(&req);
970ba524
MH		 1604 update_class(&req);
1605 hci_req_run(&req, NULL);
1606
bfaf8c9f
JH		 1607remove_cmd:
1608 mgmt_pending_remove(cmd);
1609
1610unlock:
1611 hci_dev_unlock(hdev);
1612}
1613
bdb6d971 1614static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1615 u16 len)
73f22f62 1616{
650f726d 1617 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1618 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1619 struct hci_request req;
5e5282bb 1620 u16 timeout;
9a43e25f 1621 u8 scan;
73f22f62
JH		 1622 int err;
1623
bdb6d971 1624 BT_DBG("request for %s", hdev->name);
73f22f62 1625
9a43e25f
JH		 1626 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1627 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 1628 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1629 MGMT_STATUS_REJECTED);
33c525c0 1630
310a3d48 1631 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1632 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1633 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1634
1f350c87 1635 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1636
1637 /* Disabling discoverable requires that no timeout is set,
1638 * and enabling limited discoverable requires a timeout.
1639 */
1640 if ((cp->val == 0x00 && timeout > 0) ||
1641 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1642 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1643 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1644
09fd0de5 1645 hci_dev_lock(hdev);
73f22f62 1646
5e5282bb 1647 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1648 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1649 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1650 goto failed;
1651 }
1652
2e58ef3e 1653 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1654 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1656 MGMT_STATUS_BUSY);
73f22f62
JH		 1657 goto failed;
1658 }
1659
5e5282bb 1660 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
a69e8375
JH		 1661 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1662 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1663 goto failed;
1664 }
1665
1666 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1667 bool changed = false;
1668
310a3d48
MH		 1669 /* Setting limited discoverable when powered off is
1670 * not a valid operation since it requires a timeout
1671 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1672 */
0224d2fa
JH		 1673 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1674 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1675 changed = true;
1676 }
1677
5e5282bb 1678 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1679 if (err < 0)
1680 goto failed;
1681
1682 if (changed)
1683 err = new_settings(hdev, sk);
1684
5e5282bb
JH		 1685 goto failed;
1686 }
1687
310a3d48
MH		 1688 /* If the current mode is the same, then just update the timeout
1689 * value with the new value. And if only the timeout gets updated,
1690 * then no need for any HCI transactions.
1691 */
1692 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1693 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1694 &hdev->dev_flags)) {
36261547
MH		 1695 cancel_delayed_work(&hdev->discov_off);
1696 hdev->discov_timeout = timeout;
955638ec 1697
36261547
MH		 1698 if (cp->val && hdev->discov_timeout > 0) {
1699 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1700 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1701 to);
955638ec
MH		 1702 }
1703
69ab39ea 1704 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1705 goto failed;
1706 }
1707
2e58ef3e 1708 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1709 if (!cmd) {
1710 err = -ENOMEM;
73f22f62 1711 goto failed;
366a0336 1712 }
73f22f62 1713
310a3d48
MH		 1714 /* Cancel any potential discoverable timeout that might be
1715 * still active and store new timeout value. The arming of
1716 * the timeout happens in the complete handler.
1717 */
1718 cancel_delayed_work(&hdev->discov_off);
1719 hdev->discov_timeout = timeout;
1720
b456f87c
JH		 1721 /* Limited discoverable mode */
1722 if (cp->val == 0x02)
1723 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1724 else
1725 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1726
bfaf8c9f
JH		 1727 hci_req_init(&req, hdev);
1728
9a43e25f
JH		 1729 /* The procedure for LE-only controllers is much simpler - just
1730 * update the advertising data.
1731 */
1732 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1733 goto update_ad;
1734
73f22f62
JH		 1735 scan = SCAN_PAGE;
1736
310a3d48
MH		 1737 if (cp->val) {
1738 struct hci_cp_write_current_iac_lap hci_cp;
1739
1740 if (cp->val == 0x02) {
1741 /* Limited discoverable mode */
33337dcb 1742 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1743 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1744 hci_cp.iac_lap[1] = 0x8b;
1745 hci_cp.iac_lap[2] = 0x9e;
1746 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1747 hci_cp.iac_lap[4] = 0x8b;
1748 hci_cp.iac_lap[5] = 0x9e;
1749 } else {
1750 /* General discoverable mode */
310a3d48
MH		 1751 hci_cp.num_iac = 1;
1752 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1753 hci_cp.iac_lap[1] = 0x8b;
1754 hci_cp.iac_lap[2] = 0x9e;
1755 }
1756
1757 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1758 (hci_cp.num_iac * 3) + 1, &hci_cp);
1759
73f22f62 1760 scan |= SCAN_INQUIRY;
310a3d48
MH		 1761 } else {
1762 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1763 }
73f22f62 1764
310a3d48 1765 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1766
9a43e25f
JH		 1767update_ad:
1768 update_adv_data(&req);
1769
bfaf8c9f 1770 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1771 if (err < 0)
a664b5bc 1772 mgmt_pending_remove(cmd);
73f22f62
JH		 1773
1774failed:
09fd0de5 1775 hci_dev_unlock(hdev);
73f22f62
JH		 1776 return err;
1777}
1778
406d7804
JH		 1779static void write_fast_connectable(struct hci_request *req, bool enable)
1780{
bd98b996 1781 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1782 struct hci_cp_write_page_scan_activity acp;
1783 u8 type;
1784
547003b1
JH		 1785 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1786 return;
1787
4c01f8b8
JH		 1788 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1789 return;
1790
406d7804
JH		 1791 if (enable) {
1792 type = PAGE_SCAN_TYPE_INTERLACED;
1793
1794 /* 160 msec page scan interval */
dcf4adbf 1795 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1796 } else {
1797 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1798
1799 /* default 1.28 sec page scan */
dcf4adbf 1800 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1801 }
1802
dcf4adbf 1803 acp.window = cpu_to_le16(0x0012);
406d7804 1804
bd98b996
JH		 1805 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1806 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1807 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1808 sizeof(acp), &acp);
1809
1810 if (hdev->page_scan_type != type)
1811 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1812}
1813
1904a853
MH		 1814static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1815 u16 opcode)
2b76f453 1816{
3b0602cd 1817 struct mgmt_pending_cmd *cmd;
d7b856f9 1818 struct mgmt_mode *cp;
bc6d2d04 1819 bool conn_changed, discov_changed;
2b76f453
JH		 1820
1821 BT_DBG("status 0x%02x", status);
1822
1823 hci_dev_lock(hdev);
1824
1825 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1826 if (!cmd)
1827 goto unlock;
1828
37438c1f
JH		 1829 if (status) {
1830 u8 mgmt_err = mgmt_status(status);
a69e8375 1831 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1832 goto remove_cmd;
1833 }
1834
d7b856f9 1835 cp = cmd->param;
bc6d2d04
JH		 1836 if (cp->val) {
1837 conn_changed = !test_and_set_bit(HCI_CONNECTABLE,
1838 &hdev->dev_flags);
1839 discov_changed = false;
1840 } else {
1841 conn_changed = test_and_clear_bit(HCI_CONNECTABLE,
1842 &hdev->dev_flags);
1843 discov_changed = test_and_clear_bit(HCI_DISCOVERABLE,
1844 &hdev->dev_flags);
1845 }
d7b856f9 1846
2b76f453
JH		 1847 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1848
bc6d2d04 1849 if (conn_changed || discov_changed) {
d7b856f9 1850 new_settings(hdev, cmd->sk);
1d2dc5b7 1851 hci_update_page_scan(hdev);
bc6d2d04
JH		 1852 if (discov_changed)
1853 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1854 hci_update_background_scan(hdev);
1855 }
d7b856f9 1856
37438c1f 1857remove_cmd:
2b76f453
JH		 1858 mgmt_pending_remove(cmd);
1859
1860unlock:
1861 hci_dev_unlock(hdev);
1862}
1863
e8ba3a1f
JH		 1864static int set_connectable_update_settings(struct hci_dev *hdev,
1865 struct sock *sk, u8 val)
1866{
1867 bool changed = false;
1868 int err;
1869
1870 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1871 changed = true;
1872
1873 if (val) {
1874 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1875 } else {
1876 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1877 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1878 }
1879
1880 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1881 if (err < 0)
1882 return err;
1883
562064e6 1884 if (changed) {
1d2dc5b7 1885 hci_update_page_scan(hdev);
562064e6 1886 hci_update_background_scan(hdev);
e8ba3a1f 1887 return new_settings(hdev, sk);
562064e6 1888 }
e8ba3a1f
JH		 1889
1890 return 0;
1891}
1892
bdb6d971 1893static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1894 u16 len)
9fbcbb45 1895{
650f726d 1896 struct mgmt_mode *cp = data;
3b0602cd 1897 struct mgmt_pending_cmd *cmd;
2b76f453 1898 struct hci_request req;
1987fdc7 1899 u8 scan;
9fbcbb45
JH		 1900 int err;
1901
bdb6d971 1902 BT_DBG("request for %s", hdev->name);
9fbcbb45 1903
1987fdc7
JH		 1904 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1905 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 1906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1907 MGMT_STATUS_REJECTED);
33c525c0 1908
a7e80f25 1909 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1910 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1911 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1912
09fd0de5 1913 hci_dev_lock(hdev);
9fbcbb45 1914
4b34ee78 1915 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1916 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1917 goto failed;
1918 }
1919
2e58ef3e 1920 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1921 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1922 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1923 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1924 goto failed;
1925 }
1926
2e58ef3e 1927 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1928 if (!cmd) {
1929 err = -ENOMEM;
9fbcbb45 1930 goto failed;
366a0336 1931 }
9fbcbb45 1932
9b74246f 1933 hci_req_init(&req, hdev);
9fbcbb45 1934
9a43e25f
JH		 1935 /* If BR/EDR is not enabled and we disable advertising as a
1936 * by-product of disabling connectable, we need to update the
1937 * advertising flags.
1938 */
1939 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1940 if (!cp->val) {
1941 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1942 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1943 }
1944 update_adv_data(&req);
1945 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1946 if (cp->val) {
1947 scan = SCAN_PAGE;
1948 } else {
3bd27240
JH		 1949 /* If we don't have any whitelist entries just
1950 * disable all scanning. If there are entries
1951 * and we had both page and inquiry scanning
1952 * enabled then fall back to only page scanning.
1953 * Otherwise no changes are needed.
1954 */
1955 if (list_empty(&hdev->whitelist))
1956 scan = SCAN_DISABLED;
1957 else if (test_bit(HCI_ISCAN, &hdev->flags))
1958 scan = SCAN_PAGE;
1959 else
1960 goto no_scan_update;
9b74246f
JH		 1961
1962 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1963 hdev->discov_timeout > 0)
9b74246f
JH		 1964 cancel_delayed_work(&hdev->discov_off);
1965 }
2b76f453 1966
9b74246f
JH		 1967 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1968 }
2b76f453 1969
3bd27240 1970no_scan_update:
e8b1202c
JH		 1971 /* Update the advertising parameters if necessary */
1972 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1987fdc7 1973 enable_advertising(&req);
1987fdc7 1974
2b76f453 1975 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1976 if (err < 0) {
a664b5bc 1977 mgmt_pending_remove(cmd);
9b74246f 1978 if (err == -ENODATA)
a81070ba
JH		 1979 err = set_connectable_update_settings(hdev, sk,
1980 cp->val);
9b74246f
JH		 1981 goto failed;
1982 }
9fbcbb45
JH		 1983
1984failed:
09fd0de5 1985 hci_dev_unlock(hdev);
9fbcbb45
JH		 1986 return err;
1987}
1988
b2939475 1989static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1990 u16 len)
c542a06c 1991{
650f726d 1992 struct mgmt_mode *cp = data;
55594356 1993 bool changed;
c542a06c
JH		 1994 int err;
1995
bdb6d971 1996 BT_DBG("request for %s", hdev->name);
c542a06c 1997
a7e80f25 1998 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2000 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2001
09fd0de5 2002 hci_dev_lock(hdev);
c542a06c
JH		 2003
2004 if (cp->val)
b6ae8457 2005 changed = !test_and_set_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2006 else
b6ae8457 2007 changed = test_and_clear_bit(HCI_BONDABLE, &hdev->dev_flags);
c542a06c 2008
b2939475 2009 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2010 if (err < 0)
55594356 2011 goto unlock;
c542a06c 2012
55594356
MH		 2013 if (changed)
2014 err = new_settings(hdev, sk);
c542a06c 2015
55594356 2016unlock:
09fd0de5 2017 hci_dev_unlock(hdev);
c542a06c
JH		 2018 return err;
2019}
2020
04124681
GP		 2021static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2022 u16 len)
33ef95ed
JH		 2023{
2024 struct mgmt_mode *cp = data;
3b0602cd 2025 struct mgmt_pending_cmd *cmd;
e6fe7986 2026 u8 val, status;
33ef95ed
JH		 2027 int err;
2028
bdb6d971 2029 BT_DBG("request for %s", hdev->name);
33ef95ed 2030
e6fe7986
JH		 2031 status = mgmt_bredr_support(hdev);
2032 if (status)
a69e8375
JH		 2033 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2034 status);
33c525c0 2035
a7e80f25 2036 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2038 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2039
33ef95ed
JH		 2040 hci_dev_lock(hdev);
2041
4b34ee78 2042 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2043 bool changed = false;
2044
2045 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 2046 &hdev->dev_flags)) {
47990ea0
JH		 2047 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
2048 changed = true;
2049 }
2050
2051 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2052 if (err < 0)
2053 goto failed;
2054
2055 if (changed)
2056 err = new_settings(hdev, sk);
2057
33ef95ed
JH		 2058 goto failed;
2059 }
2060
2061 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2062 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2063 MGMT_STATUS_BUSY);
33ef95ed
JH		 2064 goto failed;
2065 }
2066
2067 val = !!cp->val;
2068
2069 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2070 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2071 goto failed;
2072 }
2073
2074 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2075 if (!cmd) {
2076 err = -ENOMEM;
2077 goto failed;
2078 }
2079
2080 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2081 if (err < 0) {
2082 mgmt_pending_remove(cmd);
2083 goto failed;
2084 }
2085
2086failed:
2087 hci_dev_unlock(hdev);
33ef95ed
JH		 2088 return err;
2089}
2090
bdb6d971 2091static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2092{
2093 struct mgmt_mode *cp = data;
3b0602cd 2094 struct mgmt_pending_cmd *cmd;
72ef0c1a 2095 u8 status;
ed2c4ee3
JH		 2096 int err;
2097
bdb6d971 2098 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2099
cdba5281
MH		 2100 status = mgmt_bredr_support(hdev);
2101 if (status)
a69e8375 2102 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2103
13ecd8b6 2104 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2106 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2107
a7e80f25 2108 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2110 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2111
13ecd8b6 2112 hci_dev_lock(hdev);
6c8f12c1 2113
4b34ee78 2114 if (!hdev_is_powered(hdev)) {
9ecb3e24 2115 bool changed;
c0ecddc2 2116
9ecb3e24
MH		 2117 if (cp->val) {
2118 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2119 &hdev->dev_flags);
2120 } else {
2121 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2122 &hdev->dev_flags);
2123 if (!changed)
2124 changed = test_and_clear_bit(HCI_HS_ENABLED,
2125 &hdev->dev_flags);
2126 else
2127 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2128 }
2129
2130 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2131 if (err < 0)
2132 goto failed;
2133
2134 if (changed)
2135 err = new_settings(hdev, sk);
2136
ed2c4ee3
JH		 2137 goto failed;
2138 }
2139
94d52dad 2140 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2141 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2142 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2143 goto failed;
2144 }
2145
72ef0c1a 2146 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2147 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2148 goto failed;
2149 }
2150
2151 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2152 if (!cmd) {
2153 err = -ENOMEM;
2154 goto failed;
2155 }
2156
3769972b
JH		 2157 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2158 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2159 sizeof(cp->val), &cp->val);
2160
72ef0c1a 2161 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2162 if (err < 0) {
2163 mgmt_pending_remove(cmd);
2164 goto failed;
2165 }
2166
2167failed:
2168 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2169 return err;
2170}
2171
bdb6d971 2172static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2173{
2174 struct mgmt_mode *cp = data;
ee392693 2175 bool changed;
e6fe7986 2176 u8 status;
ee392693 2177 int err;
6d80dfd0 2178
bdb6d971 2179 BT_DBG("request for %s", hdev->name);
6d80dfd0 2180
e6fe7986
JH		 2181 status = mgmt_bredr_support(hdev);
2182 if (status)
a69e8375 2183 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2184
9ecb3e24 2185 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2187 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24
MH		 2188
2189 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
a69e8375
JH		 2190 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2191 MGMT_STATUS_REJECTED);
9ecb3e24 2192
a7e80f25 2193 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2195 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2196
ee392693
MH		 2197 hci_dev_lock(hdev);
2198
a2cb01de 2199 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2200 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2201 MGMT_STATUS_BUSY);
a2cb01de
JH		 2202 goto unlock;
2203 }
2204
a0cdf960 2205 if (cp->val) {
ee392693 2206 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2207 } else {
2208 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2210 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2211 goto unlock;
2212 }
2213
ee392693 2214 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2215 }
ee392693
MH		 2216
2217 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2218 if (err < 0)
2219 goto unlock;
2220
2221 if (changed)
2222 err = new_settings(hdev, sk);
6d80dfd0 2223
ee392693
MH		 2224unlock:
2225 hci_dev_unlock(hdev);
2226 return err;
6d80dfd0
JH		 2227}
2228
1904a853 2229static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2230{
2231 struct cmd_lookup match = { NULL, hdev };
2232
3ad67582
JK		 2233 hci_dev_lock(hdev);
2234
416a4ae5
JH		 2235 if (status) {
2236 u8 mgmt_err = mgmt_status(status);
2237
2238 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2239 &mgmt_err);
3ad67582 2240 goto unlock;
416a4ae5
JH		 2241 }
2242
2243 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2244
2245 new_settings(hdev, match.sk);
2246
2247 if (match.sk)
2248 sock_put(match.sk);
441ad2d0
MH		 2249
2250 /* Make sure the controller has a good default for
2251 * advertising data. Restrict the update to when LE
2252 * has actually been enabled. During power on, the
2253 * update in powered_update_hci will take care of it.
2254 */
2255 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2256 struct hci_request req;
2257
441ad2d0 2258 hci_req_init(&req, hdev);
5947f4bc 2259 update_adv_data(&req);
f14d8f64 2260 update_scan_rsp_data(&req);
2cf22218 2261 __hci_update_background_scan(&req);
441ad2d0 2262 hci_req_run(&req, NULL);
441ad2d0 2263 }
3ad67582
JK		 2264
2265unlock:
2266 hci_dev_unlock(hdev);
416a4ae5
JH		 2267}
2268
bdb6d971 2269static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2270{
2271 struct mgmt_mode *cp = data;
2272 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2273 struct mgmt_pending_cmd *cmd;
416a4ae5 2274 struct hci_request req;
06199cf8 2275 int err;
0b60eba1 2276 u8 val, enabled;
06199cf8 2277
bdb6d971 2278 BT_DBG("request for %s", hdev->name);
06199cf8 2279
13ecd8b6 2280 if (!lmp_le_capable(hdev))
a69e8375
JH		 2281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2282 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2283
a7e80f25 2284 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2285 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2286 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2287
c73eee91 2288 /* LE-only devices do not allow toggling LE on/off */
56f87901 2289 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
a69e8375
JH		 2290 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2291 MGMT_STATUS_REJECTED);
c73eee91 2292
13ecd8b6 2293 hci_dev_lock(hdev);
06199cf8
JH		 2294
2295 val = !!cp->val;
ffa88e02 2296 enabled = lmp_host_le_capable(hdev);
06199cf8 2297
0b60eba1 2298 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2299 bool changed = false;
2300
2301 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2302 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2303 changed = true;
2304 }
2305
f3d3444a
JH		 2306 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2307 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2308 changed = true;
2309 }
2310
06199cf8
JH		 2311 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2312 if (err < 0)
1de028ce 2313 goto unlock;
06199cf8
JH		 2314
2315 if (changed)
2316 err = new_settings(hdev, sk);
2317
1de028ce 2318 goto unlock;
06199cf8
JH		 2319 }
2320
4375f103
JH		 2321 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2322 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2323 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2324 MGMT_STATUS_BUSY);
1de028ce 2325 goto unlock;
06199cf8
JH		 2326 }
2327
2328 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2329 if (!cmd) {
2330 err = -ENOMEM;
1de028ce 2331 goto unlock;
06199cf8
JH		 2332 }
2333
441ad2d0
MH		 2334 hci_req_init(&req, hdev);
2335
06199cf8
JH		 2336 memset(&hci_cp, 0, sizeof(hci_cp));
2337
2338 if (val) {
2339 hci_cp.le = val;
32226e4f 2340 hci_cp.simul = 0x00;
441ad2d0 2341 } else {
73e082f8 2342 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2343 disable_advertising(&req);
06199cf8
JH		 2344 }
2345
416a4ae5
JH		 2346 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2347 &hci_cp);
2348
2349 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2350 if (err < 0)
06199cf8 2351 mgmt_pending_remove(cmd);
06199cf8 2352
1de028ce
JH		 2353unlock:
2354 hci_dev_unlock(hdev);
06199cf8
JH		 2355 return err;
2356}
2357
0cab9c80
JH		 2358/* This is a helper function to test for pending mgmt commands that can
2359 * cause CoD or EIR HCI commands. We can only allow one such pending
2360 * mgmt command at a time since otherwise we cannot easily track what
2361 * the current values are, will be, and based on that calculate if a new
2362 * HCI command needs to be sent and if yes with what value.
2363 */
2364static bool pending_eir_or_class(struct hci_dev *hdev)
2365{
3b0602cd 2366 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2367
2368 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2369 switch (cmd->opcode) {
2370 case MGMT_OP_ADD_UUID:
2371 case MGMT_OP_REMOVE_UUID:
2372 case MGMT_OP_SET_DEV_CLASS:
2373 case MGMT_OP_SET_POWERED:
2374 return true;
2375 }
2376 }
2377
2378 return false;
2379}
2380
83be8eca
JH		 2381static const u8 bluetooth_base_uuid[] = {
2382 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2383 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2384};
2385
2386static u8 get_uuid_size(const u8 *uuid)
2387{
2388 u32 val;
2389
2390 if (memcmp(uuid, bluetooth_base_uuid, 12))
2391 return 128;
2392
2393 val = get_unaligned_le32(&uuid[12]);
2394 if (val > 0xffff)
2395 return 32;
2396
2397 return 16;
2398}
2399
92da6097
JH		 2400static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2401{
3b0602cd 2402 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2403
2404 hci_dev_lock(hdev);
2405
2406 cmd = mgmt_pending_find(mgmt_op, hdev);
2407 if (!cmd)
2408 goto unlock;
2409
2a1afb5a
JH		 2410 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2411 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2412
2413 mgmt_pending_remove(cmd);
2414
2415unlock:
2416 hci_dev_unlock(hdev);
2417}
2418
1904a853 2419static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2420{
2421 BT_DBG("status 0x%02x", status);
2422
2423 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2424}
2425
bdb6d971 2426static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2427{
650f726d 2428 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2429 struct mgmt_pending_cmd *cmd;
890ea898 2430 struct hci_request req;
2aeb9a1a 2431 struct bt_uuid *uuid;
2aeb9a1a
JH		 2432 int err;
2433
bdb6d971 2434 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2435
09fd0de5 2436 hci_dev_lock(hdev);
2aeb9a1a 2437
0cab9c80 2438 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2439 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2440 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2441 goto failed;
2442 }
2443
92c4c204 2444 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2445 if (!uuid) {
2446 err = -ENOMEM;
2447 goto failed;
2448 }
2449
2450 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2451 uuid->svc_hint = cp->svc_hint;
83be8eca 2452 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2453
de66aa63 2454 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2455
890ea898 2456 hci_req_init(&req, hdev);
1aff6f09 2457
890ea898
JH		 2458 update_class(&req);
2459 update_eir(&req);
2460
92da6097
JH		 2461 err = hci_req_run(&req, add_uuid_complete);
2462 if (err < 0) {
2463 if (err != -ENODATA)
2464 goto failed;
80a1e1db 2465
2a1afb5a
JH		 2466 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2467 hdev->dev_class, 3);
90e70454
JH		 2468 goto failed;
2469 }
2470
2471 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2472 if (!cmd) {
90e70454 2473 err = -ENOMEM;
890ea898
JH		 2474 goto failed;
2475 }
2476
2477 err = 0;
2aeb9a1a
JH		 2478
2479failed:
09fd0de5 2480 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2481 return err;
2482}
2483
24b78d0f
JH		 2484static bool enable_service_cache(struct hci_dev *hdev)
2485{
2486 if (!hdev_is_powered(hdev))
2487 return false;
2488
2489 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2490 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2491 CACHE_TIMEOUT);
24b78d0f
JH		 2492 return true;
2493 }
2494
2495 return false;
2496}
2497
1904a853 2498static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2499{
2500 BT_DBG("status 0x%02x", status);
2501
2502 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2503}
2504
bdb6d971 2505static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2506 u16 len)
2aeb9a1a 2507{
650f726d 2508 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2509 struct mgmt_pending_cmd *cmd;
056341c8 2510 struct bt_uuid *match, *tmp;
2aeb9a1a 2511 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2512 struct hci_request req;
2aeb9a1a
JH		 2513 int err, found;
2514
bdb6d971 2515 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2516
09fd0de5 2517 hci_dev_lock(hdev);
2aeb9a1a 2518
0cab9c80 2519 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2520 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2521 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2522 goto unlock;
2523 }
2524
2aeb9a1a 2525 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2526 hci_uuids_clear(hdev);
4004b6d9 2527
24b78d0f 2528 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2529 err = mgmt_cmd_complete(sk, hdev->id,
2530 MGMT_OP_REMOVE_UUID,
2531 0, hdev->dev_class, 3);
24b78d0f
JH		 2532 goto unlock;
2533 }
4004b6d9 2534
9246a869 2535 goto update_class;
2aeb9a1a
JH		 2536 }
2537
2538 found = 0;
2539
056341c8 2540 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2541 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2542 continue;
2543
2544 list_del(&match->list);
482049f7 2545 kfree(match);
2aeb9a1a
JH		 2546 found++;
2547 }
2548
2549 if (found == 0) {
a69e8375
JH		 2550 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2551 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2552 goto unlock;
2553 }
2554
9246a869 2555update_class:
890ea898 2556 hci_req_init(&req, hdev);
1aff6f09 2557
890ea898
JH		 2558 update_class(&req);
2559 update_eir(&req);
2560
92da6097
JH		 2561 err = hci_req_run(&req, remove_uuid_complete);
2562 if (err < 0) {
2563 if (err != -ENODATA)
2564 goto unlock;
80a1e1db 2565
2a1afb5a
JH		 2566 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2567 hdev->dev_class, 3);
90e70454
JH		 2568 goto unlock;
2569 }
2570
2571 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2572 if (!cmd) {
90e70454 2573 err = -ENOMEM;
890ea898
JH		 2574 goto unlock;
2575 }
2576
2577 err = 0;
2aeb9a1a
JH		 2578
2579unlock:
09fd0de5 2580 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2581 return err;
2582}
2583
1904a853 2584static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2585{
2586 BT_DBG("status 0x%02x", status);
2587
2588 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2589}
2590
bdb6d971 2591static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2592 u16 len)
1aff6f09 2593{
650f726d 2594 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2595 struct mgmt_pending_cmd *cmd;
890ea898 2596 struct hci_request req;
1aff6f09
JH		 2597 int err;
2598
bdb6d971 2599 BT_DBG("request for %s", hdev->name);
1aff6f09 2600
6203fc98 2601 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2602 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2603 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2604
0cab9c80 2605 hci_dev_lock(hdev);
ee98f473 2606
0cab9c80 2607 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2608 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2609 MGMT_STATUS_BUSY);
0cab9c80
JH		 2610 goto unlock;
2611 }
c95f0ba7 2612
0cab9c80 2613 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2614 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2615 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2616 goto unlock;
2617 }
575b3a02 2618
932f5ff5
JH		 2619 hdev->major_class = cp->major;
2620 hdev->minor_class = cp->minor;
2621
b5235a65 2622 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2623 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2624 hdev->dev_class, 3);
b5235a65
JH		 2625 goto unlock;
2626 }
2627
890ea898
JH		 2628 hci_req_init(&req, hdev);
2629
a8b2d5c2 2630 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2631 hci_dev_unlock(hdev);
2632 cancel_delayed_work_sync(&hdev->service_cache);
2633 hci_dev_lock(hdev);
890ea898 2634 update_eir(&req);
7d78525d 2635 }
14c0b608 2636
890ea898
JH		 2637 update_class(&req);
2638
92da6097
JH		 2639 err = hci_req_run(&req, set_class_complete);
2640 if (err < 0) {
2641 if (err != -ENODATA)
2642 goto unlock;
1aff6f09 2643
2a1afb5a
JH		 2644 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2645 hdev->dev_class, 3);
90e70454
JH		 2646 goto unlock;
2647 }
2648
2649 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2650 if (!cmd) {
90e70454 2651 err = -ENOMEM;
890ea898
JH		 2652 goto unlock;
2653 }
2654
2655 err = 0;
1aff6f09 2656
b5235a65 2657unlock:
09fd0de5 2658 hci_dev_unlock(hdev);
1aff6f09
JH		 2659 return err;
2660}
2661
bdb6d971 2662static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2663 u16 len)
55ed8ca1 2664{
650f726d 2665 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2666 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2667 sizeof(struct mgmt_link_key_info));
4e51eae9 2668 u16 key_count, expected_len;
b1de97d8 2669 bool changed;
a492cd52 2670 int i;
55ed8ca1 2671
9060d5cf
MH		 2672 BT_DBG("request for %s", hdev->name);
2673
2674 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2675 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2676 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2677
1f350c87 2678 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2679 if (key_count > max_key_count) {
2680 BT_ERR("load_link_keys: too big key_count value %u",
2681 key_count);
a69e8375
JH		 2682 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2683 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2684 }
55ed8ca1 2685
86742e1e
JH		 2686 expected_len = sizeof(*cp) + key_count *
2687 sizeof(struct mgmt_link_key_info);
a492cd52 2688 if (expected_len != len) {
86742e1e 2689 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2690 expected_len, len);
a69e8375
JH		 2691 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2692 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2693 }
2694
4ae14301 2695 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2696 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2697 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2698
bdb6d971 2699 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2700 key_count);
55ed8ca1 2701
4ee71b20
JH		 2702 for (i = 0; i < key_count; i++) {
2703 struct mgmt_link_key_info *key = &cp->keys[i];
2704
8e991132 2705 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2706 return mgmt_cmd_status(sk, hdev->id,
2707 MGMT_OP_LOAD_LINK_KEYS,
2708 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2709 }
2710
09fd0de5 2711 hci_dev_lock(hdev);
55ed8ca1
JH		 2712
2713 hci_link_keys_clear(hdev);
2714
55ed8ca1 2715 if (cp->debug_keys)
0663b297
JH		 2716 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2717 &hdev->dev_flags);
55ed8ca1 2718 else
0663b297
JH		 2719 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2720 &hdev->dev_flags);
b1de97d8
MH		 2721
2722 if (changed)
2723 new_settings(hdev, NULL);
55ed8ca1 2724
a492cd52 2725 for (i = 0; i < key_count; i++) {
86742e1e 2726 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2727
58e9293c
JH		 2728 /* Always ignore debug keys and require a new pairing if
2729 * the user wants to use them.
2730 */
2731 if (key->type == HCI_LK_DEBUG_COMBINATION)
2732 continue;
2733
7652ff6a
JH		 2734 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2735 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2736 }
2737
2a1afb5a 2738 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2739
09fd0de5 2740 hci_dev_unlock(hdev);
55ed8ca1 2741
a492cd52 2742 return 0;
55ed8ca1
JH		 2743}
2744
b1078ad0 2745static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2746 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2747{
2748 struct mgmt_ev_device_unpaired ev;
2749
2750 bacpy(&ev.addr.bdaddr, bdaddr);
2751 ev.addr.type = addr_type;
2752
2753 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2754 skip_sk);
b1078ad0
JH		 2755}
2756
bdb6d971 2757static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2758 u16 len)
55ed8ca1 2759{
124f6e35
JH		 2760 struct mgmt_cp_unpair_device *cp = data;
2761 struct mgmt_rp_unpair_device rp;
a8a1d19e 2762 struct hci_cp_disconnect dc;
3b0602cd 2763 struct mgmt_pending_cmd *cmd;
55ed8ca1 2764 struct hci_conn *conn;
55ed8ca1
JH		 2765 int err;
2766
a8a1d19e 2767 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2768 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2769 rp.addr.type = cp->addr.type;
a8a1d19e 2770
4ee71b20 2771 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2772 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2773 MGMT_STATUS_INVALID_PARAMS,
2774 &rp, sizeof(rp));
4ee71b20 2775
118da70b 2776 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2777 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2778 MGMT_STATUS_INVALID_PARAMS,
2779 &rp, sizeof(rp));
118da70b 2780
4ee71b20
JH		 2781 hci_dev_lock(hdev);
2782
86a8cfc6 2783 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2784 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2785 MGMT_STATUS_NOT_POWERED, &rp,
2786 sizeof(rp));
86a8cfc6
JH		 2787 goto unlock;
2788 }
2789
e0b2b27e 2790 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2791 /* If disconnection is requested, then look up the
2792 * connection. If the remote device is connected, it
2793 * will be later used to terminate the link.
2794 *
2795 * Setting it to NULL explicitly will cause no
2796 * termination of the link.
2797 */
2798 if (cp->disconnect)
2799 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2800 &cp->addr.bdaddr);
2801 else
2802 conn = NULL;
2803
124f6e35 2804 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2805 } else {
2806 u8 addr_type;
2807
89cbb063
AA		 2808 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2809 &cp->addr.bdaddr);
2810 if (conn) {
2811 /* Defer clearing up the connection parameters
2812 * until closing to give a chance of keeping
2813 * them if a repairing happens.
2814 */
2815 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2816
2817 /* If disconnection is not requested, then
2818 * clear the connection variable so that the
2819 * link is not terminated.
2820 */
2821 if (!cp->disconnect)
2822 conn = NULL;
2823 }
2824
e0b2b27e
JH		 2825 if (cp->addr.type == BDADDR_LE_PUBLIC)
2826 addr_type = ADDR_LE_DEV_PUBLIC;
2827 else
2828 addr_type = ADDR_LE_DEV_RANDOM;
2829
a7ec7338
JH		 2830 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2831
e0b2b27e
JH		 2832 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2833 }
b0dbfb46 2834
55ed8ca1 2835 if (err < 0) {
2a1afb5a
JH		 2836 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2837 MGMT_STATUS_NOT_PAIRED, &rp,
2838 sizeof(rp));
55ed8ca1
JH		 2839 goto unlock;
2840 }
2841
89cbb063
AA		 2842 /* If the connection variable is set, then termination of the
2843 * link is requested.
2844 */
a8a1d19e 2845 if (!conn) {
2a1afb5a
JH		 2846 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2847 &rp, sizeof(rp));
b1078ad0 2848 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2849 goto unlock;
2850 }
55ed8ca1 2851
124f6e35 2852 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2853 sizeof(*cp));
a8a1d19e
JH		 2854 if (!cmd) {
2855 err = -ENOMEM;
2856 goto unlock;
55ed8ca1
JH		 2857 }
2858
d8b7b1e4
JH		 2859 cmd->cmd_complete = addr_cmd_complete;
2860
eb55ef07 2861 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2862 dc.reason = 0x13; /* Remote User Terminated Connection */
2863 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2864 if (err < 0)
2865 mgmt_pending_remove(cmd);
2866
55ed8ca1 2867unlock:
09fd0de5 2868 hci_dev_unlock(hdev);
55ed8ca1
JH		 2869 return err;
2870}
2871
bdb6d971 2872static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2873 u16 len)
8962ee74 2874{
650f726d 2875 struct mgmt_cp_disconnect *cp = data;
06a63b19 2876 struct mgmt_rp_disconnect rp;
3b0602cd 2877 struct mgmt_pending_cmd *cmd;
8962ee74 2878 struct hci_conn *conn;
8962ee74
JH		 2879 int err;
2880
2881 BT_DBG("");
2882
06a63b19
JH		 2883 memset(&rp, 0, sizeof(rp));
2884 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2885 rp.addr.type = cp->addr.type;
2886
4ee71b20 2887 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2888 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2889 MGMT_STATUS_INVALID_PARAMS,
2890 &rp, sizeof(rp));
4ee71b20 2891
09fd0de5 2892 hci_dev_lock(hdev);
8962ee74
JH		 2893
2894 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2895 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2896 MGMT_STATUS_NOT_POWERED, &rp,
2897 sizeof(rp));
8962ee74
JH		 2898 goto failed;
2899 }
2900
2e58ef3e 2901 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2902 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2903 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2904 goto failed;
2905 }
2906
591f47f3 2907 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2908 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2909 &cp->addr.bdaddr);
88c3df13
JH		 2910 else
2911 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2912
f960727e 2913 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2914 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2915 MGMT_STATUS_NOT_CONNECTED, &rp,
2916 sizeof(rp));
8962ee74
JH		 2917 goto failed;
2918 }
2919
2e58ef3e 2920 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2921 if (!cmd) {
2922 err = -ENOMEM;
8962ee74 2923 goto failed;
366a0336 2924 }
8962ee74 2925
f5818c22
JH		 2926 cmd->cmd_complete = generic_cmd_complete;
2927
e3f2f92a 2928 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2929 if (err < 0)
a664b5bc 2930 mgmt_pending_remove(cmd);
8962ee74
JH		 2931
2932failed:
09fd0de5 2933 hci_dev_unlock(hdev);
8962ee74
JH		 2934 return err;
2935}
2936
57c1477c 2937static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2938{
2939 switch (link_type) {
2940 case LE_LINK:
48264f06
JH		 2941 switch (addr_type) {
2942 case ADDR_LE_DEV_PUBLIC:
591f47f3 2943 return BDADDR_LE_PUBLIC;
0ed09148 2944
48264f06 2945 default:
0ed09148 2946 /* Fallback to LE Random address type */
591f47f3 2947 return BDADDR_LE_RANDOM;
48264f06 2948 }
0ed09148 2949
4c659c39 2950 default:
0ed09148 2951 /* Fallback to BR/EDR type */
591f47f3 2952 return BDADDR_BREDR;
4c659c39
JH		 2953 }
2954}
2955
04124681
GP		 2956static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2957 u16 data_len)
2784eb41 2958{
2784eb41 2959 struct mgmt_rp_get_connections *rp;
8035ded4 2960 struct hci_conn *c;
a38528f1 2961 size_t rp_len;
60fc5fb6
JH		 2962 int err;
2963 u16 i;
2784eb41
JH		 2964
2965 BT_DBG("");
2966
09fd0de5 2967 hci_dev_lock(hdev);
2784eb41 2968
5f97c1df 2969 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2970 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2971 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2972 goto unlock;
2973 }
2974
60fc5fb6 2975 i = 0;
b644ba33
JH		 2976 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2977 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2978 i++;
2784eb41
JH		 2979 }
2980
60fc5fb6 2981 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2982 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2983 if (!rp) {
2784eb41
JH		 2984 err = -ENOMEM;
2985 goto unlock;
2986 }
2987
2784eb41 2988 i = 0;
4c659c39 2989 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2990 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2991 continue;
4c659c39 2992 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2993 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2994 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2995 continue;
2996 i++;
2997 }
2998
eb55ef07 2999 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3000
4c659c39
JH		 3001 /* Recalculate length in case of filtered SCO connections, etc */
3002 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3003
2a1afb5a
JH		 3004 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3005 rp_len);
2784eb41 3006
a38528f1 3007 kfree(rp);
5f97c1df
JH		 3008
3009unlock:
09fd0de5 3010 hci_dev_unlock(hdev);
2784eb41
JH		 3011 return err;
3012}
3013
bdb6d971 3014static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3015 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3016{
3b0602cd 3017 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3018 int err;
3019
2e58ef3e 3020 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3021 sizeof(*cp));
96d97a67
WR		 3022 if (!cmd)
3023 return -ENOMEM;
3024
d8457698 3025 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3026 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3027 if (err < 0)
3028 mgmt_pending_remove(cmd);
3029
3030 return err;
3031}
3032
bdb6d971 3033static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3034 u16 len)
980e1a53 3035{
96d97a67 3036 struct hci_conn *conn;
650f726d 3037 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3038 struct hci_cp_pin_code_reply reply;
3b0602cd 3039 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3040 int err;
3041
3042 BT_DBG("");
3043
09fd0de5 3044 hci_dev_lock(hdev);
980e1a53 3045
4b34ee78 3046 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3047 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3048 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3049 goto failed;
3050 }
3051
d8457698 3052 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3053 if (!conn) {
a69e8375
JH		 3054 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3055 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3056 goto failed;
3057 }
3058
3059 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3060 struct mgmt_cp_pin_code_neg_reply ncp;
3061
3062 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3063
3064 BT_ERR("PIN code is not 16 bytes long");
3065
bdb6d971 3066 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3067 if (err >= 0)
a69e8375
JH		 3068 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3069 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3070
3071 goto failed;
3072 }
3073
00abfe44 3074 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3075 if (!cmd) {
3076 err = -ENOMEM;
980e1a53 3077 goto failed;
366a0336 3078 }
980e1a53 3079
7776d1d8
JH		 3080 cmd->cmd_complete = addr_cmd_complete;
3081
d8457698 3082 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3083 reply.pin_len = cp->pin_len;
24718ca5 3084 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3085
3086 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3087 if (err < 0)
a664b5bc 3088 mgmt_pending_remove(cmd);
980e1a53
JH		 3089
3090failed:
09fd0de5 3091 hci_dev_unlock(hdev);
980e1a53
JH		 3092 return err;
3093}
3094
04124681
GP		 3095static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3096 u16 len)
17fa4b9d 3097{
650f726d 3098 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3099
3100 BT_DBG("");
3101
4ec86d4c 3102 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3103 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3104 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3105
09fd0de5 3106 hci_dev_lock(hdev);
17fa4b9d
JH		 3107
3108 hdev->io_capability = cp->io_capability;
3109
3110 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3111 hdev->io_capability);
17fa4b9d 3112
09fd0de5 3113 hci_dev_unlock(hdev);
17fa4b9d 3114
2a1afb5a
JH		 3115 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3116 NULL, 0);
17fa4b9d
JH		 3117}
3118
3b0602cd 3119static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3120{
3121 struct hci_dev *hdev = conn->hdev;
3b0602cd 3122 struct mgmt_pending_cmd *cmd;
e9a416b5 3123
2e58ef3e 3124 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3125 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3126 continue;
3127
e9a416b5
JH		 3128 if (cmd->user_data != conn)
3129 continue;
3130
3131 return cmd;
3132 }
3133
3134 return NULL;
3135}
3136
3b0602cd 3137static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3138{
3139 struct mgmt_rp_pair_device rp;
3140 struct hci_conn *conn = cmd->user_data;
9df74653 3141 int err;
e9a416b5 3142
61b1a7fb
JH		 3143 bacpy(&rp.addr.bdaddr, &conn->dst);
3144 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3145
2a1afb5a
JH		 3146 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3147 status, &rp, sizeof(rp));
e9a416b5
JH		 3148
3149 /* So we don't get further callbacks for this connection */
3150 conn->connect_cfm_cb = NULL;
3151 conn->security_cfm_cb = NULL;
3152 conn->disconn_cfm_cb = NULL;
3153
76a68ba0 3154 hci_conn_drop(conn);
89cbb063
AA		 3155
3156 /* The device is paired so there is no need to remove
3157 * its connection parameters anymore.
3158 */
3159 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3160
3161 hci_conn_put(conn);
9df74653
JH		 3162
3163 return err;
e9a416b5
JH		 3164}
3165
f4a407be
JH		 3166void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3167{
3168 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3169 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3170
3171 cmd = find_pairing(conn);
a511b35b 3172 if (cmd) {
04ab2749 3173 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3174 mgmt_pending_remove(cmd);
3175 }
f4a407be
JH		 3176}
3177
e9a416b5
JH		 3178static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3179{
3b0602cd 3180 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3181
3182 BT_DBG("status %u", status);
3183
3184 cmd = find_pairing(conn);
a511b35b 3185 if (!cmd) {
e9a416b5 3186 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3187 return;
3188 }
3189
3190 cmd->cmd_complete(cmd, mgmt_status(status));
3191 mgmt_pending_remove(cmd);
e9a416b5
JH		 3192}
3193
f4a407be 3194static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3195{
3b0602cd 3196 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3197
3198 BT_DBG("status %u", status);
3199
3200 if (!status)
3201 return;
3202
3203 cmd = find_pairing(conn);
a511b35b 3204 if (!cmd) {
4c47d739 3205 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3206 return;
3207 }
3208
3209 cmd->cmd_complete(cmd, mgmt_status(status));
3210 mgmt_pending_remove(cmd);
4c47d739
VA		 3211}
3212
bdb6d971 3213static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3214 u16 len)
e9a416b5 3215{
650f726d 3216 struct mgmt_cp_pair_device *cp = data;
1425acb7 3217 struct mgmt_rp_pair_device rp;
3b0602cd 3218 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3219 u8 sec_level, auth_type;
3220 struct hci_conn *conn;
e9a416b5
JH		 3221 int err;
3222
3223 BT_DBG("");
3224
f950a30e
SJ		 3225 memset(&rp, 0, sizeof(rp));
3226 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3227 rp.addr.type = cp->addr.type;
3228
4ee71b20 3229 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3230 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3231 MGMT_STATUS_INVALID_PARAMS,
3232 &rp, sizeof(rp));
4ee71b20 3233
4ec86d4c 3234 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3235 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3236 MGMT_STATUS_INVALID_PARAMS,
3237 &rp, sizeof(rp));
4ec86d4c 3238
09fd0de5 3239 hci_dev_lock(hdev);
e9a416b5 3240
5f97c1df 3241 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3242 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3243 MGMT_STATUS_NOT_POWERED, &rp,
3244 sizeof(rp));
5f97c1df
JH		 3245 goto unlock;
3246 }
3247
c908df36 3248 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3249 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3250
6f77d8c7 3251 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3252 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3253 auth_type);
6f77d8c7
AG		 3254 } else {
3255 u8 addr_type;
3256
3257 /* Convert from L2CAP channel address type to HCI address type
3258 */
3259 if (cp->addr.type == BDADDR_LE_PUBLIC)
3260 addr_type = ADDR_LE_DEV_PUBLIC;
3261 else
3262 addr_type = ADDR_LE_DEV_RANDOM;
3263
7c264b10
MH		 3264 /* When pairing a new device, it is expected to remember
3265 * this device for future connections. Adding the connection
3266 * parameter information ahead of time allows tracking
3267 * of the slave preferred values and will speed up any
3268 * further connection establishment.
3269 *
3270 * If connection parameters already exist, then they
3271 * will be kept and this function does nothing.
3272 */
3273 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3274
6f77d8c7 3275 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3276 sec_level, HCI_LE_CONN_TIMEOUT,
3277 HCI_ROLE_MASTER);
6f77d8c7 3278 }
7a512d01 3279
30e76272 3280 if (IS_ERR(conn)) {
489dc48e
AK		 3281 int status;
3282
3283 if (PTR_ERR(conn) == -EBUSY)
3284 status = MGMT_STATUS_BUSY;
faa81030
LR		 3285 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3286 status = MGMT_STATUS_NOT_SUPPORTED;
3287 else if (PTR_ERR(conn) == -ECONNREFUSED)
3288 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3289 else
3290 status = MGMT_STATUS_CONNECT_FAILED;
3291
2a1afb5a
JH		 3292 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3293 status, &rp, sizeof(rp));
e9a416b5
JH		 3294 goto unlock;
3295 }
3296
3297 if (conn->connect_cfm_cb) {
76a68ba0 3298 hci_conn_drop(conn);
2a1afb5a
JH		 3299 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3300 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3301 goto unlock;
3302 }
3303
2e58ef3e 3304 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3305 if (!cmd) {
3306 err = -ENOMEM;
76a68ba0 3307 hci_conn_drop(conn);
e9a416b5
JH		 3308 goto unlock;
3309 }
3310
04ab2749
JH		 3311 cmd->cmd_complete = pairing_complete;
3312
7a512d01 3313 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3314 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3315 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3316 conn->security_cfm_cb = pairing_complete_cb;
3317 conn->disconn_cfm_cb = pairing_complete_cb;
3318 } else {
3319 conn->connect_cfm_cb = le_pairing_complete_cb;
3320 conn->security_cfm_cb = le_pairing_complete_cb;
3321 conn->disconn_cfm_cb = le_pairing_complete_cb;
3322 }
7a512d01 3323
e9a416b5 3324 conn->io_capability = cp->io_cap;
f8aaf9b6 3325 cmd->user_data = hci_conn_get(conn);
e9a416b5 3326
6f78fd4b 3327 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3328 hci_conn_security(conn, sec_level, auth_type, true)) {
3329 cmd->cmd_complete(cmd, 0);
3330 mgmt_pending_remove(cmd);
3331 }
e9a416b5
JH		 3332
3333 err = 0;
3334
3335unlock:
09fd0de5 3336 hci_dev_unlock(hdev);
e9a416b5
JH		 3337 return err;
3338}
3339
04124681
GP		 3340static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3341 u16 len)
28424707 3342{
0f4e68cf 3343 struct mgmt_addr_info *addr = data;
3b0602cd 3344 struct mgmt_pending_cmd *cmd;
28424707
JH		 3345 struct hci_conn *conn;
3346 int err;
3347
3348 BT_DBG("");
3349
28424707
JH		 3350 hci_dev_lock(hdev);
3351
5f97c1df 3352 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3353 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3354 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3355 goto unlock;
3356 }
3357
28424707
JH		 3358 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3359 if (!cmd) {
a69e8375
JH		 3360 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3361 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3362 goto unlock;
3363 }
3364
3365 conn = cmd->user_data;
3366
3367 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3368 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3369 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3370 goto unlock;
3371 }
3372
a511b35b
JH		 3373 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3374 mgmt_pending_remove(cmd);
28424707 3375
2a1afb5a
JH		 3376 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3377 addr, sizeof(*addr));
28424707
JH		 3378unlock:
3379 hci_dev_unlock(hdev);
28424707
JH		 3380 return err;
3381}
3382
bdb6d971 3383static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3384 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3385 u16 hci_op, __le32 passkey)
a5c29683 3386{
3b0602cd 3387 struct mgmt_pending_cmd *cmd;
0df4c185 3388 struct hci_conn *conn;
a5c29683
JH		 3389 int err;
3390
09fd0de5 3391 hci_dev_lock(hdev);
08ba5382 3392
4b34ee78 3393 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3394 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3395 MGMT_STATUS_NOT_POWERED, addr,
3396 sizeof(*addr));
0df4c185 3397 goto done;
a5c29683
JH		 3398 }
3399
1707c60e
JH		 3400 if (addr->type == BDADDR_BREDR)
3401 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3402 else
1707c60e 3403 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3404
3405 if (!conn) {
2a1afb5a
JH		 3406 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3407 MGMT_STATUS_NOT_CONNECTED, addr,
3408 sizeof(*addr));
272d90df
JH		 3409 goto done;
3410 }
47c15e2b 3411
1707c60e 3412 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3413 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3414 if (!err)
2a1afb5a
JH		 3415 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3416 MGMT_STATUS_SUCCESS, addr,
3417 sizeof(*addr));
5fe57d9e 3418 else
2a1afb5a
JH		 3419 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3420 MGMT_STATUS_FAILED, addr,
3421 sizeof(*addr));
47c15e2b 3422
47c15e2b
BG		 3423 goto done;
3424 }
3425
1707c60e 3426 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3427 if (!cmd) {
3428 err = -ENOMEM;
0df4c185 3429 goto done;
a5c29683
JH		 3430 }
3431
7776d1d8
JH		 3432 cmd->cmd_complete = addr_cmd_complete;
3433
0df4c185 3434 /* Continue with pairing via HCI */
604086b7
BG		 3435 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3436 struct hci_cp_user_passkey_reply cp;
3437
1707c60e 3438 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3439 cp.passkey = passkey;
3440 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3441 } else
1707c60e
JH		 3442 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3443 &addr->bdaddr);
604086b7 3444
a664b5bc
JH		 3445 if (err < 0)
3446 mgmt_pending_remove(cmd);
a5c29683 3447
0df4c185 3448done:
09fd0de5 3449 hci_dev_unlock(hdev);
a5c29683
JH		 3450 return err;
3451}
3452
afeb019d
JK		 3453static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3454 void *data, u16 len)
3455{
3456 struct mgmt_cp_pin_code_neg_reply *cp = data;
3457
3458 BT_DBG("");
3459
1707c60e 3460 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3461 MGMT_OP_PIN_CODE_NEG_REPLY,
3462 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3463}
3464
04124681
GP		 3465static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3466 u16 len)
0df4c185 3467{
650f726d 3468 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3469
3470 BT_DBG("");
3471
3472 if (len != sizeof(*cp))
a69e8375
JH		 3473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3474 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3475
1707c60e 3476 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3477 MGMT_OP_USER_CONFIRM_REPLY,
3478 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3479}
3480
bdb6d971 3481static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3482 void *data, u16 len)
0df4c185 3483{
c9c2659f 3484 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3485
3486 BT_DBG("");
3487
1707c60e 3488 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3489 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3490 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3491}
3492
04124681
GP		 3493static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3494 u16 len)
604086b7 3495{
650f726d 3496 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3497
3498 BT_DBG("");
3499
1707c60e 3500 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3501 MGMT_OP_USER_PASSKEY_REPLY,
3502 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3503}
3504
bdb6d971 3505static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3506 void *data, u16 len)
604086b7 3507{
650f726d 3508 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3509
3510 BT_DBG("");
3511
1707c60e 3512 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3513 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3514 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3515}
3516
13928971 3517static void update_name(struct hci_request *req)
2b4bf397 3518{
13928971 3519 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3520 struct hci_cp_write_local_name cp;
3521
13928971 3522 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3523
890ea898 3524 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3525}
3526
1904a853 3527static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3528{
3529 struct mgmt_cp_set_local_name *cp;
3b0602cd 3530 struct mgmt_pending_cmd *cmd;
13928971
JH		 3531
3532 BT_DBG("status 0x%02x", status);
3533
3534 hci_dev_lock(hdev);
3535
3536 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3537 if (!cmd)
3538 goto unlock;
3539
3540 cp = cmd->param;
3541
3542 if (status)
a69e8375
JH		 3543 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3544 mgmt_status(status));
13928971 3545 else
2a1afb5a
JH		 3546 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3547 cp, sizeof(*cp));
13928971
JH		 3548
3549 mgmt_pending_remove(cmd);
3550
3551unlock:
3552 hci_dev_unlock(hdev);
3553}
3554
bdb6d971 3555static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3556 u16 len)
b312b161 3557{
2b4bf397 3558 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3559 struct mgmt_pending_cmd *cmd;
890ea898 3560 struct hci_request req;
b312b161
JH		 3561 int err;
3562
3563 BT_DBG("");
3564
09fd0de5 3565 hci_dev_lock(hdev);
b312b161 3566
b3f2ca94
JH		 3567 /* If the old values are the same as the new ones just return a
3568 * direct command complete event.
3569 */
3570 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3571 !memcmp(hdev->short_name, cp->short_name,
3572 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3573 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3574 data, len);
b3f2ca94
JH		 3575 goto failed;
3576 }
3577
2b4bf397 3578 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3579
b5235a65 3580 if (!hdev_is_powered(hdev)) {
2b4bf397 3581 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3582
2a1afb5a
JH		 3583 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3584 data, len);
28cc7bde
JH		 3585 if (err < 0)
3586 goto failed;
3587
3588 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3589 sk);
28cc7bde 3590
b5235a65
JH		 3591 goto failed;
3592 }
3593
28cc7bde 3594 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3595 if (!cmd) {
3596 err = -ENOMEM;
3597 goto failed;
3598 }
3599
13928971
JH		 3600 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3601
890ea898 3602 hci_req_init(&req, hdev);
3f985050
JH		 3603
3604 if (lmp_bredr_capable(hdev)) {
3605 update_name(&req);
3606 update_eir(&req);
3607 }
3608
7a5f4990
MH		 3609 /* The name is stored in the scan response data and so
3610 * no need to udpate the advertising data here.
3611 */
3f985050 3612 if (lmp_le_capable(hdev))
7a5f4990 3613 update_scan_rsp_data(&req);
3f985050 3614
13928971 3615 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3616 if (err < 0)
3617 mgmt_pending_remove(cmd);
3618
3619failed:
09fd0de5 3620 hci_dev_unlock(hdev);
b312b161
JH		 3621 return err;
3622}
3623
0f4e68cf 3624static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3625 void *data, u16 data_len)
c35938b2 3626{
3b0602cd 3627 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3628 int err;
3629
bdb6d971 3630 BT_DBG("%s", hdev->name);
c35938b2 3631
09fd0de5 3632 hci_dev_lock(hdev);
c35938b2 3633
4b34ee78 3634 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3635 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3636 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3637 goto unlock;
3638 }
3639
9a1a1996 3640 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3641 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3642 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3643 goto unlock;
3644 }
3645
2e58ef3e 3646 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3647 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3648 MGMT_STATUS_BUSY);
c35938b2
SJ		 3649 goto unlock;
3650 }
3651
2e58ef3e 3652 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3653 if (!cmd) {
3654 err = -ENOMEM;
3655 goto unlock;
3656 }
3657
710f11c0 3658 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3659 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3660 0, NULL);
3661 else
3662 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3663
c35938b2
SJ		 3664 if (err < 0)
3665 mgmt_pending_remove(cmd);
3666
3667unlock:
09fd0de5 3668 hci_dev_unlock(hdev);
c35938b2
SJ		 3669 return err;
3670}
3671
bdb6d971 3672static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3673 void *data, u16 len)
2763eda6 3674{
5d57e796 3675 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3676 int err;
3677
bdb6d971 3678 BT_DBG("%s ", hdev->name);
2763eda6 3679
5d57e796 3680 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3681 return mgmt_cmd_complete(sk, hdev->id,
3682 MGMT_OP_ADD_REMOTE_OOB_DATA,
3683 MGMT_STATUS_INVALID_PARAMS,
3684 addr, sizeof(*addr));
5d57e796 3685
09fd0de5 3686 hci_dev_lock(hdev);
2763eda6 3687
ec109113
MH		 3688 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3689 struct mgmt_cp_add_remote_oob_data *cp = data;
3690 u8 status;
bf1e3541 3691
c19a495c 3692 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3693 err = mgmt_cmd_complete(sk, hdev->id,
3694 MGMT_OP_ADD_REMOTE_OOB_DATA,
3695 MGMT_STATUS_INVALID_PARAMS,
3696 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3697 goto unlock;
3698 }
3699
ec109113 3700 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3701 cp->addr.type, cp->hash,
3702 cp->rand, NULL, NULL);
ec109113
MH		 3703 if (err < 0)
3704 status = MGMT_STATUS_FAILED;
3705 else
3706 status = MGMT_STATUS_SUCCESS;
3707
2a1afb5a
JH		 3708 err = mgmt_cmd_complete(sk, hdev->id,
3709 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3710 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3711 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3712 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3713 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3714 u8 status;
3715
86df9200 3716 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3717 /* Enforce zero-valued 192-bit parameters as
3718 * long as legacy SMP OOB isn't implemented.
3719 */
3720 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3721 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3722 err = mgmt_cmd_complete(sk, hdev->id,
3723 MGMT_OP_ADD_REMOTE_OOB_DATA,
3724 MGMT_STATUS_INVALID_PARAMS,
3725 addr, sizeof(*addr));
d25b78e2
JH		 3726 goto unlock;
3727 }
3728
86df9200
JH		 3729 rand192 = NULL;
3730 hash192 = NULL;
3731 } else {
41bcfd50
MH		 3732 /* In case one of the P-192 values is set to zero,
3733 * then just disable OOB data for P-192.
3734 */
3735 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3736 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3737 rand192 = NULL;
3738 hash192 = NULL;
3739 } else {
3740 rand192 = cp->rand192;
3741 hash192 = cp->hash192;
3742 }
3743 }
3744
3745 /* In case one of the P-256 values is set to zero, then just
3746 * disable OOB data for P-256.
3747 */
3748 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3749 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3750 rand256 = NULL;
3751 hash256 = NULL;
3752 } else {
3753 rand256 = cp->rand256;
3754 hash256 = cp->hash256;
86df9200
JH		 3755 }
3756
81328d5c 3757 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3758 cp->addr.type, hash192, rand192,
41bcfd50 3759 hash256, rand256);
ec109113
MH		 3760 if (err < 0)
3761 status = MGMT_STATUS_FAILED;
3762 else
3763 status = MGMT_STATUS_SUCCESS;
3764
2a1afb5a
JH		 3765 err = mgmt_cmd_complete(sk, hdev->id,
3766 MGMT_OP_ADD_REMOTE_OOB_DATA,
3767 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3768 } else {
3769 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3770 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3771 MGMT_STATUS_INVALID_PARAMS);
ec109113 3772 }
2763eda6 3773
c19a495c 3774unlock:
09fd0de5 3775 hci_dev_unlock(hdev);
2763eda6
SJ		 3776 return err;
3777}
3778
bdb6d971 3779static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3780 void *data, u16 len)
2763eda6 3781{
650f726d 3782 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3783 u8 status;
2763eda6
SJ		 3784 int err;
3785
bdb6d971 3786 BT_DBG("%s", hdev->name);
2763eda6 3787
c19a495c 3788 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3789 return mgmt_cmd_complete(sk, hdev->id,
3790 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3791 MGMT_STATUS_INVALID_PARAMS,
3792 &cp->addr, sizeof(cp->addr));
c19a495c 3793
09fd0de5 3794 hci_dev_lock(hdev);
2763eda6 3795
eedbd581
JH		 3796 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3797 hci_remote_oob_data_clear(hdev);
3798 status = MGMT_STATUS_SUCCESS;
3799 goto done;
3800 }
3801
6928a924 3802 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3803 if (err < 0)
bf1e3541 3804 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3805 else
a6785be2 3806 status = MGMT_STATUS_SUCCESS;
bf1e3541 3807
eedbd581 3808done:
2a1afb5a
JH		 3809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3810 status, &cp->addr, sizeof(cp->addr));
2763eda6 3811
09fd0de5 3812 hci_dev_unlock(hdev);
2763eda6
SJ		 3813 return err;
3814}
3815
8019044d 3816static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3817{
8019044d
MH		 3818 struct hci_dev *hdev = req->hdev;
3819 struct hci_cp_le_set_scan_param param_cp;
3820 struct hci_cp_le_set_scan_enable enable_cp;
3821 struct hci_cp_inquiry inq_cp;
3822 /* General inquiry access code (GIAC) */
3823 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3824 u8 own_addr_type;
41dc2bd6
AG		 3825 int err;
3826
8019044d
MH		 3827 switch (hdev->discovery.type) {
3828 case DISCOV_TYPE_BREDR:
3829 *status = mgmt_bredr_support(hdev);
3830 if (*status)
3831 return false;
41dc2bd6 3832
8019044d
MH		 3833 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3834 *status = MGMT_STATUS_BUSY;
3835 return false;
3836 }
41dc2bd6 3837
8019044d 3838 hci_inquiry_cache_flush(hdev);
41dc2bd6 3839
8019044d
MH		 3840 memset(&inq_cp, 0, sizeof(inq_cp));
3841 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3842 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3843 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3844 break;
41dc2bd6 3845
8019044d
MH		 3846 case DISCOV_TYPE_LE:
3847 case DISCOV_TYPE_INTERLEAVED:
3848 *status = mgmt_le_support(hdev);
3849 if (*status)
3850 return false;
3851
3852 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
3853 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
3854 *status = MGMT_STATUS_NOT_SUPPORTED;
3855 return false;
3856 }
3857
3858 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3859 /* Don't let discovery abort an outgoing
3860 * connection attempt that's using directed
3861 * advertising.
3862 */
3863 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3864 BT_CONNECT)) {
3865 *status = MGMT_STATUS_REJECTED;
3866 return false;
3867 }
3868
3869 disable_advertising(req);
3870 }
3871
3872 /* If controller is scanning, it means the background scanning
3873 * is running. Thus, we should temporarily stop it in order to
3874 * set the discovery scanning parameters.
3875 */
3876 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3877 hci_req_add_le_scan_disable(req);
3878
3879 memset(&param_cp, 0, sizeof(param_cp));
3880
3881 /* All active scans will be done with either a resolvable
3882 * private address (when privacy feature has been enabled)
9437d2ed 3883 * or non-resolvable private address.
8019044d
MH		 3884 */
3885 err = hci_update_random_address(req, true, &own_addr_type);
3886 if (err < 0) {
3887 *status = MGMT_STATUS_FAILED;
3888 return false;
3889 }
3890
3891 param_cp.type = LE_SCAN_ACTIVE;
3892 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3893 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3894 param_cp.own_address_type = own_addr_type;
3895 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3896 &param_cp);
3897
3898 memset(&enable_cp, 0, sizeof(enable_cp));
3899 enable_cp.enable = LE_SCAN_ENABLE;
3900 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3901 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3902 &enable_cp);
3903 break;
3904
3905 default:
3906 *status = MGMT_STATUS_INVALID_PARAMS;
3907 return false;
3908 }
3909
3910 return true;
41dc2bd6
AG		 3911}
3912
1904a853
MH		 3913static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3914 u16 opcode)
7c307720 3915{
3b0602cd 3916 struct mgmt_pending_cmd *cmd;
11e6e25d 3917 unsigned long timeout;
ae55f598 3918
7c307720
AG		 3919 BT_DBG("status %d", status);
3920
11e6e25d 3921 hci_dev_lock(hdev);
41dc2bd6 3922
11e6e25d 3923 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3924 if (!cmd)
3925 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3926
11e6e25d 3927 if (cmd) {
2922a94f 3928 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3929 mgmt_pending_remove(cmd);
3930 }
7c307720
AG		 3931
3932 if (status) {
11e6e25d
MH		 3933 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3934 goto unlock;
7c307720
AG		 3935 }
3936
7c307720 3937 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3938
2d28cfe7
JP		 3939 /* If the scan involves LE scan, pick proper timeout to schedule
3940 * hdev->le_scan_disable that will stop it.
3941 */
7c307720
AG		 3942 switch (hdev->discovery.type) {
3943 case DISCOV_TYPE_LE:
3d5a76f0 3944 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3945 break;
7c307720 3946 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3947 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3948 break;
7c307720 3949 case DISCOV_TYPE_BREDR:
11e6e25d 3950 timeout = 0;
7c307720 3951 break;
7c307720
AG		 3952 default:
3953 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3954 timeout = 0;
3955 break;
7c307720 3956 }
ae55f598 3957
2d28cfe7
JP		 3958 if (timeout) {
3959 /* When service discovery is used and the controller has
3960 * a strict duplicate filter, it is important to remember
3961 * the start and duration of the scan. This is required
3962 * for restarting scanning during the discovery phase.
3963 */
3964 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
3965 &hdev->quirks) &&
82f8b651 3966 hdev->discovery.result_filtering) {
2d28cfe7
JP		 3967 hdev->discovery.scan_start = jiffies;
3968 hdev->discovery.scan_duration = timeout;
3969 }
3970
11e6e25d
MH		 3971 queue_delayed_work(hdev->workqueue,
3972 &hdev->le_scan_disable, timeout);
2d28cfe7 3973 }
ae55f598 3974
11e6e25d
MH		 3975unlock:
3976 hci_dev_unlock(hdev);
7c307720
AG		 3977}
3978
bdb6d971 3979static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3980 void *data, u16 len)
14a53664 3981{
650f726d 3982 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3983 struct mgmt_pending_cmd *cmd;
7c307720 3984 struct hci_request req;
8019044d 3985 u8 status;
14a53664
JH		 3986 int err;
3987
bdb6d971 3988 BT_DBG("%s", hdev->name);
14a53664 3989
09fd0de5 3990 hci_dev_lock(hdev);
14a53664 3991
4b34ee78 3992 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3993 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3994 MGMT_STATUS_NOT_POWERED,
3995 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3996 goto failed;
3997 }
3998
f5a969f2
MH		 3999 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4000 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2a1afb5a
JH		 4001 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4002 MGMT_STATUS_BUSY, &cp->type,
4003 sizeof(cp->type));
642be6c7
AG		 4004 goto failed;
4005 }
4006
2922a94f 4007 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4008 if (!cmd) {
4009 err = -ENOMEM;
4010 goto failed;
4011 }
4012
2922a94f
JH		 4013 cmd->cmd_complete = generic_cmd_complete;
4014
22078800
MH		 4015 /* Clear the discovery filter first to free any previously
4016 * allocated memory for the UUID list.
4017 */
4018 hci_discovery_filter_clear(hdev);
4019
4aab14e5 4020 hdev->discovery.type = cp->type;
da25cf6a 4021 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4022
7c307720
AG		 4023 hci_req_init(&req, hdev);
4024
8019044d 4025 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4026 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4027 status, &cp->type, sizeof(cp->type));
04106755
JH		 4028 mgmt_pending_remove(cmd);
4029 goto failed;
f39799f5 4030 }
04106755 4031
7c307720 4032 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4033 if (err < 0) {
14a53664 4034 mgmt_pending_remove(cmd);
f5a969f2
MH		 4035 goto failed;
4036 }
7c307720 4037
f5a969f2 4038 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4039
14a53664 4040failed:
09fd0de5 4041 hci_dev_unlock(hdev);
14a53664
JH		 4042 return err;
4043}
f39799f5 4044
3b0602cd
JH		 4045static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4046 u8 status)
2922a94f 4047{
2a1afb5a
JH		 4048 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4049 cmd->param, 1);
2922a94f 4050}
04106755 4051
66ea9427
JP		 4052static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4053 void *data, u16 len)
4054{
4055 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4056 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4057 struct hci_request req;
4058 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4059 u16 uuid_count, expected_len;
4060 u8 status;
4061 int err;
04106755 4062
66ea9427 4063 BT_DBG("%s", hdev->name);
e8bb6b97 4064
66ea9427 4065 hci_dev_lock(hdev);
7c307720 4066
66ea9427 4067 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4068 err = mgmt_cmd_complete(sk, hdev->id,
4069 MGMT_OP_START_SERVICE_DISCOVERY,
4070 MGMT_STATUS_NOT_POWERED,
4071 &cp->type, sizeof(cp->type));
66ea9427
JP		 4072 goto failed;
4073 }
7c307720 4074
66ea9427
JP		 4075 if (hdev->discovery.state != DISCOVERY_STOPPED ||
4076 test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
2a1afb5a
JH		 4077 err = mgmt_cmd_complete(sk, hdev->id,
4078 MGMT_OP_START_SERVICE_DISCOVERY,
4079 MGMT_STATUS_BUSY, &cp->type,
4080 sizeof(cp->type));
66ea9427
JP		 4081 goto failed;
4082 }
d9483943 4083
66ea9427
JP		 4084 uuid_count = __le16_to_cpu(cp->uuid_count);
4085 if (uuid_count > max_uuid_count) {
4086 BT_ERR("service_discovery: too big uuid_count value %u",
4087 uuid_count);
2a1afb5a
JH		 4088 err = mgmt_cmd_complete(sk, hdev->id,
4089 MGMT_OP_START_SERVICE_DISCOVERY,
4090 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4091 sizeof(cp->type));
66ea9427
JP		 4092 goto failed;
4093 }
4094
4095 expected_len = sizeof(*cp) + uuid_count * 16;
4096 if (expected_len != len) {
4097 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4098 expected_len, len);
2a1afb5a
JH		 4099 err = mgmt_cmd_complete(sk, hdev->id,
4100 MGMT_OP_START_SERVICE_DISCOVERY,
4101 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4102 sizeof(cp->type));
66ea9427
JP		 4103 goto failed;
4104 }
4105
4106 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4107 hdev, data, len);
66ea9427
JP		 4108 if (!cmd) {
4109 err = -ENOMEM;
4110 goto failed;
4111 }
4112
2922a94f
JH		 4113 cmd->cmd_complete = service_discovery_cmd_complete;
4114
22078800
MH		 4115 /* Clear the discovery filter first to free any previously
4116 * allocated memory for the UUID list.
4117 */
4118 hci_discovery_filter_clear(hdev);
4119
82f8b651 4120 hdev->discovery.result_filtering = true;
66ea9427
JP		 4121 hdev->discovery.type = cp->type;
4122 hdev->discovery.rssi = cp->rssi;
4123 hdev->discovery.uuid_count = uuid_count;
4124
4125 if (uuid_count > 0) {
4126 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4127 GFP_KERNEL);
4128 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4129 err = mgmt_cmd_complete(sk, hdev->id,
4130 MGMT_OP_START_SERVICE_DISCOVERY,
4131 MGMT_STATUS_FAILED,
4132 &cp->type, sizeof(cp->type));
d9483943
JH		 4133 mgmt_pending_remove(cmd);
4134 goto failed;
4135 }
66ea9427 4136 }
d9483943 4137
66ea9427 4138 hci_req_init(&req, hdev);
5e0452c0 4139
66ea9427 4140 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4141 err = mgmt_cmd_complete(sk, hdev->id,
4142 MGMT_OP_START_SERVICE_DISCOVERY,
4143 status, &cp->type, sizeof(cp->type));
04106755
JH		 4144 mgmt_pending_remove(cmd);
4145 goto failed;
f39799f5 4146 }
3fd24153 4147
7c307720 4148 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4149 if (err < 0) {
14a53664 4150 mgmt_pending_remove(cmd);
66ea9427
JP		 4151 goto failed;
4152 }
4153
4154 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4155
4156failed:
09fd0de5 4157 hci_dev_unlock(hdev);
14a53664
JH		 4158 return err;
4159}
4160
1904a853 4161static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4162{
3b0602cd 4163 struct mgmt_pending_cmd *cmd;
1183fdca 4164
0e05bba6
AG		 4165 BT_DBG("status %d", status);
4166
4167 hci_dev_lock(hdev);
4168
11e6e25d
MH		 4169 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4170 if (cmd) {
2922a94f 4171 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4172 mgmt_pending_remove(cmd);
0e05bba6
AG		 4173 }
4174
11e6e25d
MH		 4175 if (!status)
4176 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4177
0e05bba6
AG		 4178 hci_dev_unlock(hdev);
4179}
4180
bdb6d971 4181static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4182 u16 len)
14a53664 4183{
d930650b 4184 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4185 struct mgmt_pending_cmd *cmd;
0e05bba6 4186 struct hci_request req;
14a53664
JH		 4187 int err;
4188
bdb6d971 4189 BT_DBG("%s", hdev->name);
14a53664 4190
09fd0de5 4191 hci_dev_lock(hdev);
14a53664 4192
30dc78e1 4193 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4194 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4195 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4196 sizeof(mgmt_cp->type));
d930650b
JH		 4197 goto unlock;
4198 }
4199
4200 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4201 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4202 MGMT_STATUS_INVALID_PARAMS,
4203 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4204 goto unlock;
ff9ef578
JH		 4205 }
4206
2922a94f 4207 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4208 if (!cmd) {
4209 err = -ENOMEM;
30dc78e1
JH		 4210 goto unlock;
4211 }
4212
2922a94f
JH		 4213 cmd->cmd_complete = generic_cmd_complete;
4214
0e05bba6
AG		 4215 hci_req_init(&req, hdev);
4216
21a60d30 4217 hci_stop_discovery(&req);
e0d9727e 4218
21a60d30
JH		 4219 err = hci_req_run(&req, stop_discovery_complete);
4220 if (!err) {
4221 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4222 goto unlock;
14a53664
JH		 4223 }
4224
21a60d30
JH		 4225 mgmt_pending_remove(cmd);
4226
4227 /* If no HCI commands were sent we're done */
4228 if (err == -ENODATA) {
2a1afb5a
JH		 4229 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4230 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4231 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4232 }
14a53664 4233
30dc78e1 4234unlock:
09fd0de5 4235 hci_dev_unlock(hdev);
14a53664
JH		 4236 return err;
4237}
4238
bdb6d971 4239static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4240 u16 len)
561aafbc 4241{
650f726d 4242 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4243 struct inquiry_entry *e;
561aafbc
JH		 4244 int err;
4245
bdb6d971 4246 BT_DBG("%s", hdev->name);
561aafbc 4247
561aafbc
JH		 4248 hci_dev_lock(hdev);
4249
30dc78e1 4250 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4251 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4252 MGMT_STATUS_FAILED, &cp->addr,
4253 sizeof(cp->addr));
30dc78e1
JH		 4254 goto failed;
4255 }
4256
a198e7b1 4257 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4258 if (!e) {
2a1afb5a
JH		 4259 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4260 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4261 sizeof(cp->addr));
561aafbc
JH		 4262 goto failed;
4263 }
4264
4265 if (cp->name_known) {
4266 e->name_state = NAME_KNOWN;
4267 list_del(&e->list);
4268 } else {
4269 e->name_state = NAME_NEEDED;
a3d4e20a 4270 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4271 }
4272
2a1afb5a
JH		 4273 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4274 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4275
4276failed:
4277 hci_dev_unlock(hdev);
561aafbc
JH		 4278 return err;
4279}
4280
bdb6d971 4281static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4282 u16 len)
7fbec224 4283{
650f726d 4284 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4285 u8 status;
7fbec224
AJ		 4286 int err;
4287
bdb6d971 4288 BT_DBG("%s", hdev->name);
7fbec224 4289
4ee71b20 4290 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4291 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4292 MGMT_STATUS_INVALID_PARAMS,
4293 &cp->addr, sizeof(cp->addr));
4ee71b20 4294
09fd0de5 4295 hci_dev_lock(hdev);
5e762444 4296
dcc36c16
JH		 4297 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4298 cp->addr.type);
2a8357f2 4299 if (err < 0) {
f0eeea8b 4300 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4301 goto done;
4302 }
4303
4304 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4305 sk);
4306 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4307
2a8357f2 4308done:
2a1afb5a
JH		 4309 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4310 &cp->addr, sizeof(cp->addr));
5e762444 4311
09fd0de5 4312 hci_dev_unlock(hdev);
7fbec224
AJ		 4313
4314 return err;
4315}
4316
bdb6d971 4317static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4318 u16 len)
7fbec224 4319{
650f726d 4320 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4321 u8 status;
7fbec224
AJ		 4322 int err;
4323
bdb6d971 4324 BT_DBG("%s", hdev->name);
7fbec224 4325
4ee71b20 4326 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4327 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4328 MGMT_STATUS_INVALID_PARAMS,
4329 &cp->addr, sizeof(cp->addr));
4ee71b20 4330
09fd0de5 4331 hci_dev_lock(hdev);
5e762444 4332
dcc36c16
JH		 4333 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4334 cp->addr.type);
2a8357f2 4335 if (err < 0) {
f0eeea8b 4336 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4337 goto done;
4338 }
4339
4340 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4341 sk);
4342 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4343
2a8357f2 4344done:
2a1afb5a
JH		 4345 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4346 &cp->addr, sizeof(cp->addr));
5e762444 4347
09fd0de5 4348 hci_dev_unlock(hdev);
7fbec224
AJ		 4349
4350 return err;
4351}
4352
cdbaccca
MH		 4353static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4354 u16 len)
4355{
4356 struct mgmt_cp_set_device_id *cp = data;
890ea898 4357 struct hci_request req;
cdbaccca 4358 int err;
c72d4b8a 4359 __u16 source;
cdbaccca
MH		 4360
4361 BT_DBG("%s", hdev->name);
4362
c72d4b8a
SJ		 4363 source = __le16_to_cpu(cp->source);
4364
4365 if (source > 0x0002)
a69e8375
JH		 4366 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4367 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4368
cdbaccca
MH		 4369 hci_dev_lock(hdev);
4370
c72d4b8a 4371 hdev->devid_source = source;
cdbaccca
MH		 4372 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4373 hdev->devid_product = __le16_to_cpu(cp->product);
4374 hdev->devid_version = __le16_to_cpu(cp->version);
4375
2a1afb5a
JH		 4376 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4377 NULL, 0);
cdbaccca 4378
890ea898
JH		 4379 hci_req_init(&req, hdev);
4380 update_eir(&req);
4381 hci_req_run(&req, NULL);
cdbaccca
MH		 4382
4383 hci_dev_unlock(hdev);
4384
4385 return err;
4386}
4387
1904a853
MH		 4388static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4389 u16 opcode)
4375f103
JH		 4390{
4391 struct cmd_lookup match = { NULL, hdev };
4392
3ad67582
JK		 4393 hci_dev_lock(hdev);
4394
4375f103
JH		 4395 if (status) {
4396 u8 mgmt_err = mgmt_status(status);
4397
4398 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4399 cmd_status_rsp, &mgmt_err);
3ad67582 4400 goto unlock;
4375f103
JH		 4401 }
4402
c93bd150
JH		 4403 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4404 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4405 else
4406 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4407
4375f103
JH		 4408 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4409 &match);
4410
4411 new_settings(hdev, match.sk);
4412
4413 if (match.sk)
4414 sock_put(match.sk);
3ad67582
JK		 4415
4416unlock:
4417 hci_dev_unlock(hdev);
4375f103
JH		 4418}
4419
21b5187f
MH		 4420static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4421 u16 len)
4375f103
JH		 4422{
4423 struct mgmt_mode *cp = data;
3b0602cd 4424 struct mgmt_pending_cmd *cmd;
4375f103 4425 struct hci_request req;
e6fe7986 4426 u8 val, enabled, status;
4375f103
JH		 4427 int err;
4428
4429 BT_DBG("request for %s", hdev->name);
4430
e6fe7986
JH		 4431 status = mgmt_le_support(hdev);
4432 if (status)
a69e8375
JH		 4433 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4434 status);
4375f103
JH		 4435
4436 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4437 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4438 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4439
4440 hci_dev_lock(hdev);
4441
4442 val = !!cp->val;
f3d3444a 4443 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4444
f74ca9b8
JH		 4445 /* The following conditions are ones which mean that we should
4446 * not do any HCI communication but directly send a mgmt
4447 * response to user space (after toggling the flag if
4448 * necessary).
4449 */
4450 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4451 hci_conn_num(hdev, LE_LINK) > 0 ||
4452 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4453 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4454 bool changed = false;
4455
f3d3444a
JH		 4456 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4457 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4458 changed = true;
4459 }
4460
4461 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4462 if (err < 0)
4463 goto unlock;
4464
4465 if (changed)
4466 err = new_settings(hdev, sk);
4467
4468 goto unlock;
4469 }
4470
4471 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4472 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4473 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4474 MGMT_STATUS_BUSY);
4375f103
JH		 4475 goto unlock;
4476 }
4477
4478 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4479 if (!cmd) {
4480 err = -ENOMEM;
4481 goto unlock;
4482 }
4483
4484 hci_req_init(&req, hdev);
4485
bba3aa55
MH		 4486 if (val)
4487 enable_advertising(&req);
4488 else
4489 disable_advertising(&req);
4375f103
JH		 4490
4491 err = hci_req_run(&req, set_advertising_complete);
4492 if (err < 0)
4493 mgmt_pending_remove(cmd);
4494
4495unlock:
4496 hci_dev_unlock(hdev);
4497 return err;
4498}
4499
d13eafce
MH		 4500static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4501 void *data, u16 len)
4502{
4503 struct mgmt_cp_set_static_address *cp = data;
4504 int err;
4505
4506 BT_DBG("%s", hdev->name);
4507
62af4443 4508 if (!lmp_le_capable(hdev))
a69e8375
JH		 4509 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4510 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4511
4512 if (hdev_is_powered(hdev))
a69e8375
JH		 4513 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4514 MGMT_STATUS_REJECTED);
d13eafce
MH		 4515
4516 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4517 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4518 return mgmt_cmd_status(sk, hdev->id,
4519 MGMT_OP_SET_STATIC_ADDRESS,
4520 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4521
4522 /* Two most significant bits shall be set */
4523 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4524 return mgmt_cmd_status(sk, hdev->id,
4525 MGMT_OP_SET_STATIC_ADDRESS,
4526 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4527 }
4528
4529 hci_dev_lock(hdev);
4530
4531 bacpy(&hdev->static_addr, &cp->bdaddr);
4532
93690c22
MH		 4533 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4534 if (err < 0)
4535 goto unlock;
4536
4537 err = new_settings(hdev, sk);
d13eafce 4538
93690c22 4539unlock:
d13eafce 4540 hci_dev_unlock(hdev);
d13eafce
MH		 4541 return err;
4542}
4543
14b49b9a
MH		 4544static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4545 void *data, u16 len)
4546{
4547 struct mgmt_cp_set_scan_params *cp = data;
4548 __u16 interval, window;
4549 int err;
4550
4551 BT_DBG("%s", hdev->name);
4552
4553 if (!lmp_le_capable(hdev))
a69e8375
JH		 4554 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4555 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4556
4557 interval = __le16_to_cpu(cp->interval);
4558
4559 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4561 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4562
4563 window = __le16_to_cpu(cp->window);
4564
4565 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4567 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4568
899e1075 4569 if (window > interval)
a69e8375
JH		 4570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4571 MGMT_STATUS_INVALID_PARAMS);
899e1075 4572
14b49b9a
MH		 4573 hci_dev_lock(hdev);
4574
4575 hdev->le_scan_interval = interval;
4576 hdev->le_scan_window = window;
4577
2a1afb5a
JH		 4578 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4579 NULL, 0);
14b49b9a 4580
dd2ef8e2
AG		 4581 /* If background scan is running, restart it so new parameters are
4582 * loaded.
4583 */
4584 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4585 hdev->discovery.state == DISCOVERY_STOPPED) {
4586 struct hci_request req;
4587
4588 hci_req_init(&req, hdev);
4589
4590 hci_req_add_le_scan_disable(&req);
4591 hci_req_add_le_passive_scan(&req);
4592
4593 hci_req_run(&req, NULL);
4594 }
4595
14b49b9a
MH		 4596 hci_dev_unlock(hdev);
4597
4598 return err;
4599}
4600
1904a853
MH		 4601static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4602 u16 opcode)
33e38b3e 4603{
3b0602cd 4604 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4605
4606 BT_DBG("status 0x%02x", status);
4607
4608 hci_dev_lock(hdev);
4609
4610 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4611 if (!cmd)
4612 goto unlock;
4613
4614 if (status) {
a69e8375
JH		 4615 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4616 mgmt_status(status));
33e38b3e 4617 } else {
1a4d3c4b
JH		 4618 struct mgmt_mode *cp = cmd->param;
4619
4620 if (cp->val)
4621 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4622 else
4623 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4624
33e38b3e
JH		 4625 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4626 new_settings(hdev, cmd->sk);
4627 }
4628
4629 mgmt_pending_remove(cmd);
4630
4631unlock:
4632 hci_dev_unlock(hdev);
4633}
4634
bdb6d971 4635static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4636 void *data, u16 len)
f6422ec6 4637{
650f726d 4638 struct mgmt_mode *cp = data;
3b0602cd 4639 struct mgmt_pending_cmd *cmd;
33e38b3e 4640 struct hci_request req;
f6422ec6
AJ		 4641 int err;
4642
bdb6d971 4643 BT_DBG("%s", hdev->name);
f6422ec6 4644
56f87901
JH		 4645 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4646 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4647 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4648 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4649
a7e80f25 4650 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4651 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4652 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4653
f6422ec6
AJ		 4654 hci_dev_lock(hdev);
4655
05cbf29f 4656 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4657 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4658 MGMT_STATUS_BUSY);
05cbf29f
JH		 4659 goto unlock;
4660 }
4661
1a4d3c4b
JH		 4662 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4663 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4664 hdev);
4665 goto unlock;
4666 }
4667
406ef2a6
JH		 4668 if (!hdev_is_powered(hdev)) {
4669 change_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4670 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4671 hdev);
4672 new_settings(hdev, sk);
4673 goto unlock;
4674 }
4675
33e38b3e
JH		 4676 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4677 data, len);
4678 if (!cmd) {
4679 err = -ENOMEM;
4680 goto unlock;
f6422ec6
AJ		 4681 }
4682
33e38b3e
JH		 4683 hci_req_init(&req, hdev);
4684
406d7804 4685 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4686
4687 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4688 if (err < 0) {
a69e8375
JH		 4689 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4690 MGMT_STATUS_FAILED);
33e38b3e 4691 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4692 }
4693
33e38b3e 4694unlock:
f6422ec6 4695 hci_dev_unlock(hdev);
33e38b3e 4696
f6422ec6
AJ		 4697 return err;
4698}
4699
1904a853 4700static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4701{
3b0602cd 4702 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4703
4704 BT_DBG("status 0x%02x", status);
4705
4706 hci_dev_lock(hdev);
4707
4708 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4709 if (!cmd)
4710 goto unlock;
4711
4712 if (status) {
4713 u8 mgmt_err = mgmt_status(status);
4714
4715 /* We need to restore the flag if related HCI commands
4716 * failed.
4717 */
4718 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4719
a69e8375 4720 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4721 } else {
4722 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4723 new_settings(hdev, cmd->sk);
4724 }
4725
4726 mgmt_pending_remove(cmd);
4727
4728unlock:
4729 hci_dev_unlock(hdev);
4730}
4731
4732static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4733{
4734 struct mgmt_mode *cp = data;
3b0602cd 4735 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4736 struct hci_request req;
4737 int err;
4738
4739 BT_DBG("request for %s", hdev->name);
4740
4741 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4742 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4743 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a
JH		 4744
4745 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4747 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4748
4749 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4751 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4752
4753 hci_dev_lock(hdev);
4754
4755 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4756 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4757 goto unlock;
4758 }
4759
4760 if (!hdev_is_powered(hdev)) {
4761 if (!cp->val) {
0663ca2a
JH		 4762 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4763 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4764 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4765 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4766 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4767 }
4768
4769 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4770
4771 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4772 if (err < 0)
4773 goto unlock;
4774
4775 err = new_settings(hdev, sk);
4776 goto unlock;
4777 }
4778
4779 /* Reject disabling when powered on */
4780 if (!cp->val) {
a69e8375
JH		 4781 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4782 MGMT_STATUS_REJECTED);
0663ca2a 4783 goto unlock;
111e4bcc
MH		 4784 } else {
4785 /* When configuring a dual-mode controller to operate
4786 * with LE only and using a static address, then switching
4787 * BR/EDR back on is not allowed.
4788 *
4789 * Dual-mode controllers shall operate with the public
4790 * address as its identity address for BR/EDR and LE. So
4791 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4792 *
4793 * The same restrictions applies when secure connections
4794 * has been enabled. For BR/EDR this is a controller feature
4795 * while for LE it is a host stack feature. This means that
4796 * switching BR/EDR back on when secure connections has been
4797 * enabled is not a supported transaction.
111e4bcc
MH		 4798 */
4799 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
3a5486e1
MH		 4800 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
4801 test_bit(HCI_SC_ENABLED, &hdev->dev_flags))) {
a69e8375
JH		 4802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4803 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4804 goto unlock;
4805 }
0663ca2a
JH		 4806 }
4807
4808 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4809 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4810 MGMT_STATUS_BUSY);
0663ca2a
JH		 4811 goto unlock;
4812 }
4813
4814 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4815 if (!cmd) {
4816 err = -ENOMEM;
4817 goto unlock;
4818 }
4819
5947f4bc 4820 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4821 * generates the correct flags.
4822 */
4823 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4824
4825 hci_req_init(&req, hdev);
aa8af46e 4826
432df05e 4827 write_fast_connectable(&req, false);
1d2dc5b7 4828 __hci_update_page_scan(&req);
aa8af46e 4829
f14d8f64
MH		 4830 /* Since only the advertising data flags will change, there
4831 * is no need to update the scan response data.
4832 */
5947f4bc 4833 update_adv_data(&req);
aa8af46e 4834
0663ca2a
JH		 4835 err = hci_req_run(&req, set_bredr_complete);
4836 if (err < 0)
4837 mgmt_pending_remove(cmd);
4838
4839unlock:
4840 hci_dev_unlock(hdev);
4841 return err;
4842}
4843
a1443f5a
JH		 4844static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4845{
3b0602cd 4846 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4847 struct mgmt_mode *cp;
4848
4849 BT_DBG("%s status %u", hdev->name, status);
4850
4851 hci_dev_lock(hdev);
4852
4853 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4854 if (!cmd)
4855 goto unlock;
4856
4857 if (status) {
a69e8375
JH		 4858 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4859 mgmt_status(status));
a1443f5a
JH		 4860 goto remove;
4861 }
4862
4863 cp = cmd->param;
4864
4865 switch (cp->val) {
4866 case 0x00:
4867 clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4868 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4869 break;
4870 case 0x01:
4871 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4872 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4873 break;
4874 case 0x02:
4875 set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
4876 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4877 break;
4878 }
4879
4880 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4881 new_settings(hdev, cmd->sk);
4882
4883remove:
4884 mgmt_pending_remove(cmd);
4885unlock:
4886 hci_dev_unlock(hdev);
4887}
4888
eac83dc6
MH		 4889static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4890 void *data, u16 len)
4891{
4892 struct mgmt_mode *cp = data;
3b0602cd 4893 struct mgmt_pending_cmd *cmd;
a1443f5a 4894 struct hci_request req;
a3209694 4895 u8 val;
eac83dc6
MH		 4896 int err;
4897
4898 BT_DBG("request for %s", hdev->name);
4899
05b3c3e7
MH		 4900 if (!lmp_sc_capable(hdev) &&
4901 !test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4903 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4904
ed93ec69 4905 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) &&
59200286 4906 lmp_sc_capable(hdev) &&
ed93ec69 4907 !test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
a69e8375
JH		 4908 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4909 MGMT_STATUS_REJECTED);
ed93ec69 4910
0ab04a9c 4911 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4912 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4913 MGMT_STATUS_INVALID_PARAMS);
4914
4915 hci_dev_lock(hdev);
4916
05b3c3e7 4917 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
a3209694 4918 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
eac83dc6
MH		 4919 bool changed;
4920
0ab04a9c 4921 if (cp->val) {
eac83dc6
MH		 4922 changed = !test_and_set_bit(HCI_SC_ENABLED,
4923 &hdev->dev_flags);
0ab04a9c
MH		 4924 if (cp->val == 0x02)
4925 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4926 else
4927 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4928 } else {
eac83dc6
MH		 4929 changed = test_and_clear_bit(HCI_SC_ENABLED,
4930 &hdev->dev_flags);
0ab04a9c
MH		 4931 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4932 }
eac83dc6
MH		 4933
4934 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4935 if (err < 0)
4936 goto failed;
4937
4938 if (changed)
4939 err = new_settings(hdev, sk);
4940
4941 goto failed;
4942 }
4943
4944 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4945 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4946 MGMT_STATUS_BUSY);
eac83dc6
MH		 4947 goto failed;
4948 }
4949
0ab04a9c
MH		 4950 val = !!cp->val;
4951
4952 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4953 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4954 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4955 goto failed;
4956 }
4957
4958 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4959 if (!cmd) {
4960 err = -ENOMEM;
4961 goto failed;
4962 }
4963
a1443f5a
JH		 4964 hci_req_init(&req, hdev);
4965 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4966 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4967 if (err < 0) {
4968 mgmt_pending_remove(cmd);
4969 goto failed;
4970 }
4971
4972failed:
4973 hci_dev_unlock(hdev);
4974 return err;
4975}
4976
4e39ac81
MH		 4977static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4978 void *data, u16 len)
4979{
4980 struct mgmt_mode *cp = data;
b9710979 4981 bool changed, use_changed;
4e39ac81
MH		 4982 int err;
4983
4984 BT_DBG("request for %s", hdev->name);
4985
b9710979 4986 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4987 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4988 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4989
4990 hci_dev_lock(hdev);
4991
4992 if (cp->val)
0663b297
JH		 4993 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4994 &hdev->dev_flags);
4e39ac81 4995 else
0663b297
JH		 4996 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4997 &hdev->dev_flags);
4e39ac81 4998
b9710979
JH		 4999 if (cp->val == 0x02)
5000 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
5001 &hdev->dev_flags);
5002 else
5003 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
5004 &hdev->dev_flags);
5005
5006 if (hdev_is_powered(hdev) && use_changed &&
5007 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5008 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5009 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5010 sizeof(mode), &mode);
5011 }
5012
4e39ac81
MH		 5013 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5014 if (err < 0)
5015 goto unlock;
5016
5017 if (changed)
5018 err = new_settings(hdev, sk);
5019
5020unlock:
5021 hci_dev_unlock(hdev);
5022 return err;
5023}
5024
62b04cd1
JH		 5025static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5026 u16 len)
5027{
5028 struct mgmt_cp_set_privacy *cp = cp_data;
5029 bool changed;
5030 int err;
5031
5032 BT_DBG("request for %s", hdev->name);
5033
5034 if (!lmp_le_capable(hdev))
a69e8375
JH		 5035 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5036 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5037
5038 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5039 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5040 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5041
5042 if (hdev_is_powered(hdev))
a69e8375
JH		 5043 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5044 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5045
5046 hci_dev_lock(hdev);
5047
c21c0ea0
JH		 5048 /* If user space supports this command it is also expected to
5049 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5050 */
5051 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5052
62b04cd1
JH		 5053 if (cp->privacy) {
5054 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
5055 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
5056 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5057 } else {
5058 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
5059 memset(hdev->irk, 0, sizeof(hdev->irk));
5060 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
5061 }
5062
5063 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5064 if (err < 0)
5065 goto unlock;
5066
5067 if (changed)
5068 err = new_settings(hdev, sk);
5069
5070unlock:
5071 hci_dev_unlock(hdev);
5072 return err;
5073}
5074
41edf160
JH		 5075static bool irk_is_valid(struct mgmt_irk_info *irk)
5076{
5077 switch (irk->addr.type) {
5078 case BDADDR_LE_PUBLIC:
5079 return true;
5080
5081 case BDADDR_LE_RANDOM:
5082 /* Two most significant bits shall be set */
5083 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5084 return false;
5085 return true;
5086 }
5087
5088 return false;
5089}
5090
5091static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5092 u16 len)
5093{
5094 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5095 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5096 sizeof(struct mgmt_irk_info));
41edf160
JH		 5097 u16 irk_count, expected_len;
5098 int i, err;
5099
5100 BT_DBG("request for %s", hdev->name);
5101
5102 if (!lmp_le_capable(hdev))
a69e8375
JH		 5103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5104 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5105
5106 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5107 if (irk_count > max_irk_count) {
5108 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5110 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5111 }
41edf160
JH		 5112
5113 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5114 if (expected_len != len) {
5115 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5116 expected_len, len);
a69e8375
JH		 5117 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5118 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5119 }
5120
5121 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5122
5123 for (i = 0; i < irk_count; i++) {
5124 struct mgmt_irk_info *key = &cp->irks[i];
5125
5126 if (!irk_is_valid(key))
a69e8375
JH		 5127 return mgmt_cmd_status(sk, hdev->id,
5128 MGMT_OP_LOAD_IRKS,
5129 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5130 }
5131
5132 hci_dev_lock(hdev);
5133
5134 hci_smp_irks_clear(hdev);
5135
5136 for (i = 0; i < irk_count; i++) {
5137 struct mgmt_irk_info *irk = &cp->irks[i];
5138 u8 addr_type;
5139
5140 if (irk->addr.type == BDADDR_LE_PUBLIC)
5141 addr_type = ADDR_LE_DEV_PUBLIC;
5142 else
5143 addr_type = ADDR_LE_DEV_RANDOM;
5144
5145 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5146 BDADDR_ANY);
5147 }
5148
5149 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
5150
2a1afb5a 5151 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5152
5153 hci_dev_unlock(hdev);
5154
5155 return err;
5156}
5157
3f706b72
JH		 5158static bool ltk_is_valid(struct mgmt_ltk_info *key)
5159{
5160 if (key->master != 0x00 && key->master != 0x01)
5161 return false;
490cb0b3
MH		 5162
5163 switch (key->addr.type) {
5164 case BDADDR_LE_PUBLIC:
5165 return true;
5166
5167 case BDADDR_LE_RANDOM:
5168 /* Two most significant bits shall be set */
5169 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5170 return false;
5171 return true;
5172 }
5173
5174 return false;
3f706b72
JH		 5175}
5176
bdb6d971 5177static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5178 void *cp_data, u16 len)
346af67b 5179{
346af67b 5180 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5181 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5182 sizeof(struct mgmt_ltk_info));
346af67b 5183 u16 key_count, expected_len;
715a5bf2 5184 int i, err;
346af67b 5185
cf99ba13
MH		 5186 BT_DBG("request for %s", hdev->name);
5187
5188 if (!lmp_le_capable(hdev))
a69e8375
JH		 5189 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5190 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5191
1f350c87 5192 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5193 if (key_count > max_key_count) {
5194 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5196 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5197 }
346af67b
VCG		 5198
5199 expected_len = sizeof(*cp) + key_count *
5200 sizeof(struct mgmt_ltk_info);
5201 if (expected_len != len) {
5202 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5203 expected_len, len);
a69e8375
JH		 5204 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5205 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5206 }
5207
bdb6d971 5208 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5209
54ad6d8a
JH		 5210 for (i = 0; i < key_count; i++) {
5211 struct mgmt_ltk_info *key = &cp->keys[i];
5212
3f706b72 5213 if (!ltk_is_valid(key))
a69e8375
JH		 5214 return mgmt_cmd_status(sk, hdev->id,
5215 MGMT_OP_LOAD_LONG_TERM_KEYS,
5216 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5217 }
5218
346af67b
VCG		 5219 hci_dev_lock(hdev);
5220
5221 hci_smp_ltks_clear(hdev);
5222
5223 for (i = 0; i < key_count; i++) {
5224 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5225 u8 type, addr_type, authenticated;
79d95a19
MH		 5226
5227 if (key->addr.type == BDADDR_LE_PUBLIC)
5228 addr_type = ADDR_LE_DEV_PUBLIC;
5229 else
5230 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5231
61b43357
JH		 5232 switch (key->type) {
5233 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5234 authenticated = 0x00;
23fb8de3 5235 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5236 break;
5237 case MGMT_LTK_AUTHENTICATED:
d7b25450 5238 authenticated = 0x01;
23fb8de3
JH		 5239 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5240 break;
5241 case MGMT_LTK_P256_UNAUTH:
5242 authenticated = 0x00;
5243 type = SMP_LTK_P256;
61b43357 5244 break;
23fb8de3
JH		 5245 case MGMT_LTK_P256_AUTH:
5246 authenticated = 0x01;
5247 type = SMP_LTK_P256;
61b43357 5248 break;
23fb8de3
JH		 5249 case MGMT_LTK_P256_DEBUG:
5250 authenticated = 0x00;
5251 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5252 default:
5253 continue;
5254 }
d7b25450 5255
35d70271 5256 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5257 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5258 key->rand);
346af67b
VCG		 5259 }
5260
2a1afb5a 5261 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5262 NULL, 0);
5263
346af67b 5264 hci_dev_unlock(hdev);
346af67b 5265
715a5bf2 5266 return err;
346af67b
VCG		 5267}
5268
3b0602cd 5269static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5270{
dd983808 5271 struct hci_conn *conn = cmd->user_data;
9981bdb0 5272 struct mgmt_rp_get_conn_info rp;
9df74653 5273 int err;
dd983808 5274
9981bdb0 5275 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5276
9981bdb0 5277 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5278 rp.rssi = conn->rssi;
9981bdb0
JH		 5279 rp.tx_power = conn->tx_power;
5280 rp.max_tx_power = conn->max_tx_power;
5281 } else {
5282 rp.rssi = HCI_RSSI_INVALID;
5283 rp.tx_power = HCI_TX_POWER_INVALID;
5284 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5285 }
5286
2a1afb5a
JH		 5287 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5288 status, &rp, sizeof(rp));
dd983808
AK		 5289
5290 hci_conn_drop(conn);
f8aaf9b6 5291 hci_conn_put(conn);
9df74653
JH		 5292
5293 return err;
dd983808
AK		 5294}
5295
1904a853
MH		 5296static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5297 u16 opcode)
dd983808
AK		 5298{
5299 struct hci_cp_read_rssi *cp;
3b0602cd 5300 struct mgmt_pending_cmd *cmd;
dd983808 5301 struct hci_conn *conn;
dd983808 5302 u16 handle;
9981bdb0 5303 u8 status;
dd983808 5304
9981bdb0 5305 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5306
5307 hci_dev_lock(hdev);
5308
dd983808
AK		 5309 /* Commands sent in request are either Read RSSI or Read Transmit Power
5310 * Level so we check which one was last sent to retrieve connection
5311 * handle. Both commands have handle as first parameter so it's safe to
5312 * cast data on the same command struct.
5313 *
5314 * First command sent is always Read RSSI and we fail only if it fails.
5315 * In other case we simply override error to indicate success as we
5316 * already remembered if TX power value is actually valid.
5317 */
5318 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5319 if (!cp) {
5320 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5321 status = MGMT_STATUS_SUCCESS;
5322 } else {
5323 status = mgmt_status(hci_status);
dd983808
AK		 5324 }
5325
5326 if (!cp) {
9981bdb0 5327 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5328 goto unlock;
5329 }
5330
5331 handle = __le16_to_cpu(cp->handle);
5332 conn = hci_conn_hash_lookup_handle(hdev, handle);
5333 if (!conn) {
9981bdb0 5334 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5335 goto unlock;
5336 }
5337
9981bdb0
JH		 5338 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5339 if (!cmd)
5340 goto unlock;
dd983808 5341
9981bdb0
JH		 5342 cmd->cmd_complete(cmd, status);
5343 mgmt_pending_remove(cmd);
dd983808
AK		 5344
5345unlock:
5346 hci_dev_unlock(hdev);
5347}
5348
5349static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5350 u16 len)
5351{
5352 struct mgmt_cp_get_conn_info *cp = data;
5353 struct mgmt_rp_get_conn_info rp;
5354 struct hci_conn *conn;
5355 unsigned long conn_info_age;
5356 int err = 0;
5357
5358 BT_DBG("%s", hdev->name);
5359
5360 memset(&rp, 0, sizeof(rp));
5361 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5362 rp.addr.type = cp->addr.type;
5363
5364 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5365 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5366 MGMT_STATUS_INVALID_PARAMS,
5367 &rp, sizeof(rp));
dd983808
AK		 5368
5369 hci_dev_lock(hdev);
5370
5371 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5373 MGMT_STATUS_NOT_POWERED, &rp,
5374 sizeof(rp));
dd983808
AK		 5375 goto unlock;
5376 }
5377
5378 if (cp->addr.type == BDADDR_BREDR)
5379 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5380 &cp->addr.bdaddr);
5381 else
5382 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5383
5384 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5385 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5386 MGMT_STATUS_NOT_CONNECTED, &rp,
5387 sizeof(rp));
dd983808
AK		 5388 goto unlock;
5389 }
5390
9981bdb0 5391 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5392 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5393 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5394 goto unlock;
5395 }
5396
dd983808
AK		 5397 /* To avoid client trying to guess when to poll again for information we
5398 * calculate conn info age as random value between min/max set in hdev.
5399 */
5400 conn_info_age = hdev->conn_info_min_age +
5401 prandom_u32_max(hdev->conn_info_max_age -
5402 hdev->conn_info_min_age);
5403
5404 /* Query controller to refresh cached values if they are too old or were
5405 * never read.
5406 */
f4e2dd53
AK		 5407 if (time_after(jiffies, conn->conn_info_timestamp +
5408 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5409 !conn->conn_info_timestamp) {
5410 struct hci_request req;
5411 struct hci_cp_read_tx_power req_txp_cp;
5412 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5413 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5414
5415 hci_req_init(&req, hdev);
5416 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5417 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5418 &req_rssi_cp);
5419
f7faab0c
AK		 5420 /* For LE links TX power does not change thus we don't need to
5421 * query for it once value is known.
5422 */
5423 if (!bdaddr_type_is_le(cp->addr.type) ||
5424 conn->tx_power == HCI_TX_POWER_INVALID) {
5425 req_txp_cp.handle = cpu_to_le16(conn->handle);
5426 req_txp_cp.type = 0x00;
5427 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5428 sizeof(req_txp_cp), &req_txp_cp);
5429 }
dd983808 5430
eed5daf3
AK		 5431 /* Max TX power needs to be read only once per connection */
5432 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5433 req_txp_cp.handle = cpu_to_le16(conn->handle);
5434 req_txp_cp.type = 0x01;
5435 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5436 sizeof(req_txp_cp), &req_txp_cp);
5437 }
5438
dd983808
AK		 5439 err = hci_req_run(&req, conn_info_refresh_complete);
5440 if (err < 0)
5441 goto unlock;
5442
5443 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5444 data, len);
5445 if (!cmd) {
5446 err = -ENOMEM;
5447 goto unlock;
5448 }
5449
5450 hci_conn_hold(conn);
f8aaf9b6 5451 cmd->user_data = hci_conn_get(conn);
9981bdb0 5452 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5453
5454 conn->conn_info_timestamp = jiffies;
5455 } else {
5456 /* Cache is valid, just reply with values cached in hci_conn */
5457 rp.rssi = conn->rssi;
5458 rp.tx_power = conn->tx_power;
eed5daf3 5459 rp.max_tx_power = conn->max_tx_power;
dd983808 5460
2a1afb5a
JH		 5461 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5462 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5463 }
5464
5465unlock:
5466 hci_dev_unlock(hdev);
5467 return err;
5468}
5469
3b0602cd 5470static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5471{
69487371 5472 struct hci_conn *conn = cmd->user_data;
95868426 5473 struct mgmt_rp_get_clock_info rp;
69487371 5474 struct hci_dev *hdev;
9df74653 5475 int err;
69487371
JH		 5476
5477 memset(&rp, 0, sizeof(rp));
5478 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5479
5480 if (status)
5481 goto complete;
5482
5483 hdev = hci_dev_get(cmd->index);
5484 if (hdev) {
5485 rp.local_clock = cpu_to_le32(hdev->clock);
5486 hci_dev_put(hdev);
5487 }
5488
5489 if (conn) {
5490 rp.piconet_clock = cpu_to_le32(conn->clock);
5491 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5492 }
5493
5494complete:
2a1afb5a
JH		 5495 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5496 sizeof(rp));
69487371
JH		 5497
5498 if (conn) {
5499 hci_conn_drop(conn);
5500 hci_conn_put(conn);
5501 }
9df74653
JH		 5502
5503 return err;
69487371
JH		 5504}
5505
1904a853 5506static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5507{
95868426 5508 struct hci_cp_read_clock *hci_cp;
3b0602cd 5509 struct mgmt_pending_cmd *cmd;
95868426
JH		 5510 struct hci_conn *conn;
5511
5512 BT_DBG("%s status %u", hdev->name, status);
5513
5514 hci_dev_lock(hdev);
5515
5516 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5517 if (!hci_cp)
5518 goto unlock;
5519
5520 if (hci_cp->which) {
5521 u16 handle = __le16_to_cpu(hci_cp->handle);
5522 conn = hci_conn_hash_lookup_handle(hdev, handle);
5523 } else {
5524 conn = NULL;
5525 }
5526
5527 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5528 if (!cmd)
5529 goto unlock;
5530
69487371 5531 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5532 mgmt_pending_remove(cmd);
95868426
JH		 5533
5534unlock:
5535 hci_dev_unlock(hdev);
5536}
5537
5538static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5539 u16 len)
5540{
5541 struct mgmt_cp_get_clock_info *cp = data;
5542 struct mgmt_rp_get_clock_info rp;
5543 struct hci_cp_read_clock hci_cp;
3b0602cd 5544 struct mgmt_pending_cmd *cmd;
95868426
JH		 5545 struct hci_request req;
5546 struct hci_conn *conn;
5547 int err;
5548
5549 BT_DBG("%s", hdev->name);
5550
5551 memset(&rp, 0, sizeof(rp));
5552 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5553 rp.addr.type = cp->addr.type;
5554
5555 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5556 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5557 MGMT_STATUS_INVALID_PARAMS,
5558 &rp, sizeof(rp));
95868426
JH		 5559
5560 hci_dev_lock(hdev);
5561
5562 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5563 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5564 MGMT_STATUS_NOT_POWERED, &rp,
5565 sizeof(rp));
95868426
JH		 5566 goto unlock;
5567 }
5568
5569 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5570 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5571 &cp->addr.bdaddr);
5572 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5573 err = mgmt_cmd_complete(sk, hdev->id,
5574 MGMT_OP_GET_CLOCK_INFO,
5575 MGMT_STATUS_NOT_CONNECTED,
5576 &rp, sizeof(rp));
95868426
JH		 5577 goto unlock;
5578 }
5579 } else {
5580 conn = NULL;
5581 }
5582
5583 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5584 if (!cmd) {
5585 err = -ENOMEM;
5586 goto unlock;
5587 }
5588
69487371
JH		 5589 cmd->cmd_complete = clock_info_cmd_complete;
5590
95868426
JH		 5591 hci_req_init(&req, hdev);
5592
5593 memset(&hci_cp, 0, sizeof(hci_cp));
5594 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5595
5596 if (conn) {
5597 hci_conn_hold(conn);
f8aaf9b6 5598 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5599
5600 hci_cp.handle = cpu_to_le16(conn->handle);
5601 hci_cp.which = 0x01; /* Piconet clock */
5602 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5603 }
5604
5605 err = hci_req_run(&req, get_clock_info_complete);
5606 if (err < 0)
5607 mgmt_pending_remove(cmd);
5608
5609unlock:
5610 hci_dev_unlock(hdev);
5611 return err;
5612}
5613
5a154e6f
JH		 5614static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5615{
5616 struct hci_conn *conn;
5617
5618 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5619 if (!conn)
5620 return false;
5621
5622 if (conn->dst_type != type)
5623 return false;
5624
5625 if (conn->state != BT_CONNECTED)
5626 return false;
5627
5628 return true;
5629}
5630
5631/* This function requires the caller holds hdev->lock */
5632static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5633 u8 addr_type, u8 auto_connect)
5634{
5635 struct hci_dev *hdev = req->hdev;
5636 struct hci_conn_params *params;
5637
5638 params = hci_conn_params_add(hdev, addr, addr_type);
5639 if (!params)
5640 return -EIO;
5641
5642 if (params->auto_connect == auto_connect)
5643 return 0;
5644
5645 list_del_init(&params->action);
5646
5647 switch (auto_connect) {
5648 case HCI_AUTO_CONN_DISABLED:
5649 case HCI_AUTO_CONN_LINK_LOSS:
5650 __hci_update_background_scan(req);
5651 break;
5652 case HCI_AUTO_CONN_REPORT:
5653 list_add(&params->action, &hdev->pend_le_reports);
5654 __hci_update_background_scan(req);
5655 break;
5656 case HCI_AUTO_CONN_DIRECT:
5657 case HCI_AUTO_CONN_ALWAYS:
5658 if (!is_connected(hdev, addr, addr_type)) {
5659 list_add(&params->action, &hdev->pend_le_conns);
5660 __hci_update_background_scan(req);
5661 }
5662 break;
5663 }
5664
5665 params->auto_connect = auto_connect;
5666
5667 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5668 auto_connect);
5669
5670 return 0;
5671}
5672
8afef092
MH		 5673static void device_added(struct sock *sk, struct hci_dev *hdev,
5674 bdaddr_t *bdaddr, u8 type, u8 action)
5675{
5676 struct mgmt_ev_device_added ev;
5677
5678 bacpy(&ev.addr.bdaddr, bdaddr);
5679 ev.addr.type = type;
5680 ev.action = action;
5681
5682 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5683}
5684
1904a853 5685static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5686{
3b0602cd 5687 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5688
5689 BT_DBG("status 0x%02x", status);
5690
5691 hci_dev_lock(hdev);
5692
5693 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5694 if (!cmd)
5695 goto unlock;
5696
5697 cmd->cmd_complete(cmd, mgmt_status(status));
5698 mgmt_pending_remove(cmd);
5699
5700unlock:
5701 hci_dev_unlock(hdev);
5702}
5703
2faade53
MH		 5704static int add_device(struct sock *sk, struct hci_dev *hdev,
5705 void *data, u16 len)
5706{
5707 struct mgmt_cp_add_device *cp = data;
3b0602cd 5708 struct mgmt_pending_cmd *cmd;
5a154e6f 5709 struct hci_request req;
2faade53
MH		 5710 u8 auto_conn, addr_type;
5711 int err;
5712
5713 BT_DBG("%s", hdev->name);
5714
6659358e 5715 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5716 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5717 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5718 MGMT_STATUS_INVALID_PARAMS,
5719 &cp->addr, sizeof(cp->addr));
2faade53 5720
4b9e7e75 5721 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5722 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5723 MGMT_STATUS_INVALID_PARAMS,
5724 &cp->addr, sizeof(cp->addr));
2faade53 5725
5a154e6f
JH		 5726 hci_req_init(&req, hdev);
5727
2faade53
MH		 5728 hci_dev_lock(hdev);
5729
5a154e6f
JH		 5730 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5731 if (!cmd) {
5732 err = -ENOMEM;
5733 goto unlock;
5734 }
5735
5736 cmd->cmd_complete = addr_cmd_complete;
5737
6659358e 5738 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5739 /* Only incoming connections action is supported for now */
6659358e 5740 if (cp->action != 0x01) {
9df74653
JH		 5741 err = cmd->cmd_complete(cmd,
5742 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5743 mgmt_pending_remove(cmd);
6659358e
JH		 5744 goto unlock;
5745 }
5746
5747 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5748 cp->addr.type);
5749 if (err)
5750 goto unlock;
a397407f 5751
5a154e6f 5752 __hci_update_page_scan(&req);
a397407f 5753
6659358e
JH		 5754 goto added;
5755 }
5756
2faade53
MH		 5757 if (cp->addr.type == BDADDR_LE_PUBLIC)
5758 addr_type = ADDR_LE_DEV_PUBLIC;
5759 else
5760 addr_type = ADDR_LE_DEV_RANDOM;
5761
4b9e7e75 5762 if (cp->action == 0x02)
2faade53 5763 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5764 else if (cp->action == 0x01)
5765 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5766 else
a3451d27 5767 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5768
bf5b3c8b
MH		 5769 /* If the connection parameters don't exist for this device,
5770 * they will be created and configured with defaults.
5771 */
5a154e6f 5772 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5773 auto_conn) < 0) {
9df74653 5774 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5775 mgmt_pending_remove(cmd);
2faade53
MH		 5776 goto unlock;
5777 }
5778
6659358e 5779added:
8afef092
MH		 5780 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5781
5a154e6f
JH		 5782 err = hci_req_run(&req, add_device_complete);
5783 if (err < 0) {
5784 /* ENODATA means no HCI commands were needed (e.g. if
5785 * the adapter is powered off).
5786 */
9df74653
JH		 5787 if (err == -ENODATA)
5788 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5789 mgmt_pending_remove(cmd);
5790 }
2faade53
MH		 5791
5792unlock:
5793 hci_dev_unlock(hdev);
5794 return err;
5795}
5796
8afef092
MH		 5797static void device_removed(struct sock *sk, struct hci_dev *hdev,
5798 bdaddr_t *bdaddr, u8 type)
5799{
5800 struct mgmt_ev_device_removed ev;
5801
5802 bacpy(&ev.addr.bdaddr, bdaddr);
5803 ev.addr.type = type;
5804
5805 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5806}
5807
1904a853 5808static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5809{
3b0602cd 5810 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5811
5812 BT_DBG("status 0x%02x", status);
5813
5814 hci_dev_lock(hdev);
5815
5816 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5817 if (!cmd)
5818 goto unlock;
5819
5820 cmd->cmd_complete(cmd, mgmt_status(status));
5821 mgmt_pending_remove(cmd);
5822
5823unlock:
5824 hci_dev_unlock(hdev);
5825}
5826
2faade53
MH		 5827static int remove_device(struct sock *sk, struct hci_dev *hdev,
5828 void *data, u16 len)
5829{
5830 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5831 struct mgmt_pending_cmd *cmd;
51ef3ebe 5832 struct hci_request req;
2faade53
MH		 5833 int err;
5834
5835 BT_DBG("%s", hdev->name);
5836
51ef3ebe
JH		 5837 hci_req_init(&req, hdev);
5838
2faade53
MH		 5839 hci_dev_lock(hdev);
5840
51ef3ebe
JH		 5841 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5842 if (!cmd) {
5843 err = -ENOMEM;
5844 goto unlock;
5845 }
5846
5847 cmd->cmd_complete = addr_cmd_complete;
5848
2faade53 5849 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5850 struct hci_conn_params *params;
2faade53
MH		 5851 u8 addr_type;
5852
6659358e 5853 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5854 err = cmd->cmd_complete(cmd,
5855 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5856 mgmt_pending_remove(cmd);
2faade53
MH		 5857 goto unlock;
5858 }
5859
6659358e
JH		 5860 if (cp->addr.type == BDADDR_BREDR) {
5861 err = hci_bdaddr_list_del(&hdev->whitelist,
5862 &cp->addr.bdaddr,
5863 cp->addr.type);
5864 if (err) {
9df74653
JH		 5865 err = cmd->cmd_complete(cmd,
5866 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5867 mgmt_pending_remove(cmd);
6659358e
JH		 5868 goto unlock;
5869 }
5870
51ef3ebe 5871 __hci_update_page_scan(&req);
a397407f 5872
6659358e
JH		 5873 device_removed(sk, hdev, &cp->addr.bdaddr,
5874 cp->addr.type);
5875 goto complete;
5876 }
5877
2faade53
MH		 5878 if (cp->addr.type == BDADDR_LE_PUBLIC)
5879 addr_type = ADDR_LE_DEV_PUBLIC;
5880 else
5881 addr_type = ADDR_LE_DEV_RANDOM;
5882
c71593dd
JH		 5883 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5884 addr_type);
5885 if (!params) {
9df74653
JH		 5886 err = cmd->cmd_complete(cmd,
5887 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5888 mgmt_pending_remove(cmd);
c71593dd
JH		 5889 goto unlock;
5890 }
5891
5892 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5893 err = cmd->cmd_complete(cmd,
5894 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5895 mgmt_pending_remove(cmd);
c71593dd
JH		 5896 goto unlock;
5897 }
5898
d1dbf12e 5899 list_del(&params->action);
c71593dd
JH		 5900 list_del(&params->list);
5901 kfree(params);
51ef3ebe 5902 __hci_update_background_scan(&req);
8afef092
MH		 5903
5904 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5905 } else {
19de0825 5906 struct hci_conn_params *p, *tmp;
6659358e 5907 struct bdaddr_list *b, *btmp;
19de0825 5908
2faade53 5909 if (cp->addr.type) {
9df74653
JH		 5910 err = cmd->cmd_complete(cmd,
5911 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5912 mgmt_pending_remove(cmd);
2faade53
MH		 5913 goto unlock;
5914 }
5915
6659358e
JH		 5916 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5917 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5918 list_del(&b->list);
5919 kfree(b);
5920 }
5921
51ef3ebe 5922 __hci_update_page_scan(&req);
a397407f 5923
19de0825
JH		 5924 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5925 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5926 continue;
5927 device_removed(sk, hdev, &p->addr, p->addr_type);
5928 list_del(&p->action);
5929 list_del(&p->list);
5930 kfree(p);
5931 }
5932
5933 BT_DBG("All LE connection parameters were removed");
5934
51ef3ebe 5935 __hci_update_background_scan(&req);
2faade53
MH		 5936 }
5937
6659358e 5938complete:
51ef3ebe
JH		 5939 err = hci_req_run(&req, remove_device_complete);
5940 if (err < 0) {
5941 /* ENODATA means no HCI commands were needed (e.g. if
5942 * the adapter is powered off).
5943 */
9df74653
JH		 5944 if (err == -ENODATA)
5945 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5946 mgmt_pending_remove(cmd);
5947 }
2faade53
MH		 5948
5949unlock:
5950 hci_dev_unlock(hdev);
5951 return err;
5952}
5953
a26f3dcf
JH		 5954static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5955 u16 len)
5956{
5957 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5958 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5959 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5960 u16 param_count, expected_len;
5961 int i;
5962
5963 if (!lmp_le_capable(hdev))
a69e8375
JH		 5964 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5965 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5966
5967 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5968 if (param_count > max_param_count) {
5969 BT_ERR("load_conn_param: too big param_count value %u",
5970 param_count);
a69e8375
JH		 5971 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5972 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5973 }
a26f3dcf
JH		 5974
5975 expected_len = sizeof(*cp) + param_count *
5976 sizeof(struct mgmt_conn_param);
5977 if (expected_len != len) {
5978 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5979 expected_len, len);
a69e8375
JH		 5980 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5981 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5982 }
5983
5984 BT_DBG("%s param_count %u", hdev->name, param_count);
5985
5986 hci_dev_lock(hdev);
5987
5988 hci_conn_params_clear_disabled(hdev);
5989
5990 for (i = 0; i < param_count; i++) {
5991 struct mgmt_conn_param *param = &cp->params[i];
5992 struct hci_conn_params *hci_param;
5993 u16 min, max, latency, timeout;
5994 u8 addr_type;
5995
5996 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5997 param->addr.type);
5998
5999 if (param->addr.type == BDADDR_LE_PUBLIC) {
6000 addr_type = ADDR_LE_DEV_PUBLIC;
6001 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6002 addr_type = ADDR_LE_DEV_RANDOM;
6003 } else {
6004 BT_ERR("Ignoring invalid connection parameters");
6005 continue;
6006 }
6007
6008 min = le16_to_cpu(param->min_interval);
6009 max = le16_to_cpu(param->max_interval);
6010 latency = le16_to_cpu(param->latency);
6011 timeout = le16_to_cpu(param->timeout);
6012
6013 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6014 min, max, latency, timeout);
6015
6016 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6017 BT_ERR("Ignoring invalid connection parameters");
6018 continue;
6019 }
6020
6021 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6022 addr_type);
6023 if (!hci_param) {
6024 BT_ERR("Failed to add connection parameters");
6025 continue;
6026 }
6027
6028 hci_param->conn_min_interval = min;
6029 hci_param->conn_max_interval = max;
6030 hci_param->conn_latency = latency;
6031 hci_param->supervision_timeout = timeout;
6032 }
6033
6034 hci_dev_unlock(hdev);
6035
2a1afb5a
JH		 6036 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6037 NULL, 0);
a26f3dcf
JH		 6038}
6039
dbece37a
MH		 6040static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6041 void *data, u16 len)
6042{
6043 struct mgmt_cp_set_external_config *cp = data;
6044 bool changed;
6045 int err;
6046
6047 BT_DBG("%s", hdev->name);
6048
6049 if (hdev_is_powered(hdev))
a69e8375
JH		 6050 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6051 MGMT_STATUS_REJECTED);
dbece37a
MH		 6052
6053 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6054 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6055 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6056
6057 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6058 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6059 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6060
6061 hci_dev_lock(hdev);
6062
6063 if (cp->config)
6064 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
6065 &hdev->dev_flags);
6066 else
6067 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
6068 &hdev->dev_flags);
6069
6070 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6071 if (err < 0)
6072 goto unlock;
6073
6074 if (!changed)
6075 goto unlock;
6076
f4537c04
MH		 6077 err = new_options(hdev, sk);
6078
dbece37a
MH		 6079 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
6080 mgmt_index_removed(hdev);
d603b76b
MH		 6081
6082 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
6083 set_bit(HCI_CONFIG, &hdev->dev_flags);
6084 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6085
6086 queue_work(hdev->req_workqueue, &hdev->power_on);
6087 } else {
5ea234d3 6088 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6089 mgmt_index_added(hdev);
6090 }
dbece37a
MH		 6091 }
6092
6093unlock:
6094 hci_dev_unlock(hdev);
6095 return err;
6096}
6097
9713c17b
MH		 6098static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6099 void *data, u16 len)
6100{
6101 struct mgmt_cp_set_public_address *cp = data;
6102 bool changed;
6103 int err;
6104
6105 BT_DBG("%s", hdev->name);
6106
6107 if (hdev_is_powered(hdev))
a69e8375
JH		 6108 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6109 MGMT_STATUS_REJECTED);
9713c17b
MH		 6110
6111 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6113 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6114
6115 if (!hdev->set_bdaddr)
a69e8375
JH		 6116 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6117 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6118
6119 hci_dev_lock(hdev);
6120
6121 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6122 bacpy(&hdev->public_addr, &cp->bdaddr);
6123
6124 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6125 if (err < 0)
6126 goto unlock;
6127
6128 if (!changed)
6129 goto unlock;
6130
6131 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6132 err = new_options(hdev, sk);
6133
6134 if (is_configured(hdev)) {
6135 mgmt_index_removed(hdev);
6136
6137 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
6138
6139 set_bit(HCI_CONFIG, &hdev->dev_flags);
6140 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
6141
6142 queue_work(hdev->req_workqueue, &hdev->power_on);
6143 }
6144
6145unlock:
6146 hci_dev_unlock(hdev);
6147 return err;
6148}
6149
6d785aa3 6150static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6151 { NULL }, /* 0x0000 (no command) */
b9a245fb
JH		 6152 { read_version, MGMT_READ_VERSION_SIZE,
6153 HCI_MGMT_NO_HDEV },
6154 { read_commands, MGMT_READ_COMMANDS_SIZE,
6155 HCI_MGMT_NO_HDEV },
6156 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6157 HCI_MGMT_NO_HDEV },
6158 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6159 { set_powered, MGMT_SETTING_SIZE, 0 },
6160 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6161 { set_connectable, MGMT_SETTING_SIZE, 0 },
6162 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6163 { set_bondable, MGMT_SETTING_SIZE, 0 },
6164 { set_link_security, MGMT_SETTING_SIZE, 0 },
6165 { set_ssp, MGMT_SETTING_SIZE, 0 },
6166 { set_hs, MGMT_SETTING_SIZE, 0 },
6167 { set_le, MGMT_SETTING_SIZE, 0 },
6168 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6169 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6170 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6171 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6172 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6173 HCI_MGMT_VAR_LEN },
6174 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6175 HCI_MGMT_VAR_LEN },
6176 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6177 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6178 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6179 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6180 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6181 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6182 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6183 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6184 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6185 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6186 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6187 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6188 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6189 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6190 HCI_MGMT_VAR_LEN },
6191 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6192 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6193 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6194 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6195 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6196 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6197 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6198 { set_advertising, MGMT_SETTING_SIZE, 0 },
6199 { set_bredr, MGMT_SETTING_SIZE, 0 },
6200 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6201 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6202 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6203 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6204 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6205 { load_irks, MGMT_LOAD_IRKS_SIZE,
6206 HCI_MGMT_VAR_LEN },
6207 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6208 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6209 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6210 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6211 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6212 HCI_MGMT_VAR_LEN },
6213 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6214 HCI_MGMT_NO_HDEV },
6215 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6216 HCI_MGMT_UNCONFIGURED },
6217 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6218 HCI_MGMT_UNCONFIGURED },
6219 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6220 HCI_MGMT_UNCONFIGURED },
6221 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6222 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 6223};
6224
6d785aa3
JH		 6225int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6226 struct msghdr *msg, size_t msglen)
0381101f 6227{
650f726d
VCG		 6228 void *buf;
6229 u8 *cp;
0381101f 6230 struct mgmt_hdr *hdr;
4e51eae9 6231 u16 opcode, index, len;
bdb6d971 6232 struct hci_dev *hdev = NULL;
6d785aa3 6233 const struct hci_mgmt_handler *handler;
b9a245fb 6234 bool var_len, no_hdev;
0381101f
JH		 6235 int err;
6236
6237 BT_DBG("got %zu bytes", msglen);
6238
6239 if (msglen < sizeof(*hdr))
6240 return -EINVAL;
6241
e63a15ec 6242 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6243 if (!buf)
6244 return -ENOMEM;
6245
6ce8e9ce 6246 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6247 err = -EFAULT;
6248 goto done;
6249 }
6250
650f726d 6251 hdr = buf;
1f350c87
MH		 6252 opcode = __le16_to_cpu(hdr->opcode);
6253 index = __le16_to_cpu(hdr->index);
6254 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6255
6256 if (len != msglen - sizeof(*hdr)) {
6257 err = -EINVAL;
6258 goto done;
6259 }
6260
b9a245fb
JH		 6261 if (opcode >= chan->handler_count ||
6262 chan->handlers[opcode].func == NULL) {
6263 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6264 err = mgmt_cmd_status(sk, index, opcode,
6265 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6266 goto done;
6267 }
6268
6269 handler = &chan->handlers[opcode];
6270
0f4e68cf 6271 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6272 hdev = hci_dev_get(index);
6273 if (!hdev) {
a69e8375
JH		 6274 err = mgmt_cmd_status(sk, index, opcode,
6275 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6276 goto done;
6277 }
0736cfa8 6278
cebf4cfd 6279 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 6280 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 6281 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
a69e8375
JH		 6282 err = mgmt_cmd_status(sk, index, opcode,
6283 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6284 goto done;
6285 }
42a9bc14
MH		 6286
6287 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
b9a245fb 6288 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6289 err = mgmt_cmd_status(sk, index, opcode,
6290 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6291 goto done;
6292 }
bdb6d971
JH		 6293 }
6294
b9a245fb
JH		 6295 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6296 if (no_hdev != !hdev) {
a69e8375
JH		 6297 err = mgmt_cmd_status(sk, index, opcode,
6298 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6299 goto done;
0381101f
JH		 6300 }
6301
b9a245fb
JH		 6302 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6303 if ((var_len && len < handler->data_len) ||
6304 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6305 err = mgmt_cmd_status(sk, index, opcode,
6306 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6307 goto done;
6308 }
6309
0f4e68cf
JH		 6310 if (hdev)
6311 mgmt_init_hdev(sk, hdev);
6312
6313 cp = buf + sizeof(*hdr);
6314
be22b54e 6315 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6316 if (err < 0)
6317 goto done;
6318
0381101f
JH		 6319 err = msglen;
6320
6321done:
bdb6d971
JH		 6322 if (hdev)
6323 hci_dev_put(hdev);
6324
0381101f
JH		 6325 kfree(buf);
6326 return err;
6327}
c71e97bf 6328
bf6b56db 6329void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6330{
1514b892 6331 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6332 return;
bb4b2a9a 6333
0602a8ad
MH		 6334 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6335 return;
6336
6337 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6338 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
6339 else
6340 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 6341}
6342
bf6b56db 6343void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6344{
5f159032 6345 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6346
1514b892 6347 if (hdev->dev_type != HCI_BREDR)
bf6b56db 6348 return;
bb4b2a9a 6349
0602a8ad
MH		 6350 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6351 return;
6352
1b9b5ee5 6353 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6354
edd3896b
MH		 6355 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
6356 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
6357 else
6358 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 6359}
6360
6046dc3e 6361/* This function requires the caller holds hdev->lock */
2cf22218 6362static void restart_le_actions(struct hci_request *req)
6046dc3e 6363{
2cf22218 6364 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6365 struct hci_conn_params *p;
6366
6367 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6368 /* Needed for AUTO_OFF case where might not "really"
6369 * have been powered off.
6370 */
6371 list_del_init(&p->action);
6372
6373 switch (p->auto_connect) {
4b9e7e75 6374 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6375 case HCI_AUTO_CONN_ALWAYS:
6376 list_add(&p->action, &hdev->pend_le_conns);
6377 break;
6378 case HCI_AUTO_CONN_REPORT:
6379 list_add(&p->action, &hdev->pend_le_reports);
6380 break;
6381 default:
6382 break;
c83ed19d 6383 }
6046dc3e 6384 }
c83ed19d 6385
2cf22218 6386 __hci_update_background_scan(req);
6046dc3e
AG		 6387}
6388
1904a853 6389static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6390{
6391 struct cmd_lookup match = { NULL, hdev };
6392
6393 BT_DBG("status 0x%02x", status);
6394
162a3bac
MH		 6395 if (!status) {
6396 /* Register the available SMP channels (BR/EDR and LE) only
6397 * when successfully powering on the controller. This late
6398 * registration is required so that LE SMP can clearly
6399 * decide if the public address or static address is used.
6400 */
6401 smp_register(hdev);
6402 }
6403
229ab39c
JH		 6404 hci_dev_lock(hdev);
6405
6406 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6407
6408 new_settings(hdev, match.sk);
6409
6410 hci_dev_unlock(hdev);
6411
6412 if (match.sk)
6413 sock_put(match.sk);
6414}
6415
70da6243 6416static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6417{
890ea898 6418 struct hci_request req;
70da6243 6419 u8 link_sec;
5add6af8 6420
890ea898
JH		 6421 hci_req_init(&req, hdev);
6422
70da6243
JH		 6423 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
6424 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6425 u8 mode = 0x01;
5e5282bb 6426
574ea3c7
MH		 6427 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6428
6429 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6430 u8 support = 0x01;
5add6af8 6431
574ea3c7
MH		 6432 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6433 sizeof(support), &support);
6434 }
ec6f99b8
JH		 6435 }
6436
c73eee91
JH		 6437 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
6438 lmp_bredr_capable(hdev)) {
70da6243 6439 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6440
32226e4f
MH		 6441 cp.le = 0x01;
6442 cp.simul = 0x00;
3d1cbdd6 6443
70da6243
JH		 6444 /* Check first if we already have the right
6445 * host state (host features set)
6446 */
6447 if (cp.le != lmp_host_le_capable(hdev) ||
6448 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6449 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6450 sizeof(cp), &cp);
70da6243 6451 }
3d1cbdd6 6452
d13eafce 6453 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6454 /* Make sure the controller has a good default for
6455 * advertising data. This also applies to the case
6456 * where BR/EDR was toggled during the AUTO_OFF phase.
6457 */
f14d8f64 6458 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 6459 update_adv_data(&req);
f14d8f64
MH		 6460 update_scan_rsp_data(&req);
6461 }
441ad2d0 6462
bba3aa55
MH		 6463 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6464 enable_advertising(&req);
2cf22218
JH		 6465
6466 restart_le_actions(&req);
eeca6f89
JH		 6467 }
6468
70da6243
JH		 6469 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
6470 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6471 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6472 sizeof(link_sec), &link_sec);
562fcc24 6473
70da6243 6474 if (lmp_bredr_capable(hdev)) {
406ef2a6
JH		 6475 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
6476 write_fast_connectable(&req, true);
6477 else
6478 write_fast_connectable(&req, false);
1d2dc5b7 6479 __hci_update_page_scan(&req);
890ea898 6480 update_class(&req);
13928971 6481 update_name(&req);
890ea898 6482 update_eir(&req);
70da6243 6483 }
562fcc24 6484
229ab39c 6485 return hci_req_run(&req, powered_complete);
70da6243 6486}
562fcc24 6487
70da6243
JH		 6488int mgmt_powered(struct hci_dev *hdev, u8 powered)
6489{
6490 struct cmd_lookup match = { NULL, hdev };
9845904f 6491 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6492 int err;
f0ff92fb 6493
70da6243
JH		 6494 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
6495 return 0;
6496
70da6243 6497 if (powered) {
229ab39c
JH		 6498 if (powered_update_hci(hdev) == 0)
6499 return 0;
fe038884 6500
229ab39c
JH		 6501 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6502 &match);
6503 goto new_settings;
b24752fe
JH		 6504 }
6505
229ab39c 6506 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6507
6508 /* If the power off is because of hdev unregistration let
6509 * use the appropriate INVALID_INDEX status. Otherwise use
6510 * NOT_POWERED. We cover both scenarios here since later in
6511 * mgmt_index_removed() any hci_conn callbacks will have already
6512 * been triggered, potentially causing misleading DISCONNECTED
6513 * status responses.
6514 */
6515 if (test_bit(HCI_UNREGISTER, &hdev->dev_flags))
6516 status = MGMT_STATUS_INVALID_INDEX;
6517 else
6518 status = MGMT_STATUS_NOT_POWERED;
6519
6520 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6521
6522 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6523 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6524 zero_cod, sizeof(zero_cod), NULL);
6525
6526new_settings:
beadb2bd 6527 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6528
6529 if (match.sk)
6530 sock_put(match.sk);
6531
7bb895d6 6532 return err;
5add6af8 6533}
73f22f62 6534
3eec705e 6535void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6536{
3b0602cd 6537 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6538 u8 status;
6539
6540 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6541 if (!cmd)
3eec705e 6542 return;
96570ffc
JH		 6543
6544 if (err == -ERFKILL)
6545 status = MGMT_STATUS_RFKILLED;
6546 else
6547 status = MGMT_STATUS_FAILED;
6548
a69e8375 6549 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6550
6551 mgmt_pending_remove(cmd);
96570ffc
JH		 6552}
6553
d1967ff8
MH		 6554void mgmt_discoverable_timeout(struct hci_dev *hdev)
6555{
6556 struct hci_request req;
d1967ff8
MH		 6557
6558 hci_dev_lock(hdev);
6559
6560 /* When discoverable timeout triggers, then just make sure
6561 * the limited discoverable flag is cleared. Even in the case
6562 * of a timeout triggered from general discoverable, it is
6563 * safe to unconditionally clear the flag.
6564 */
6565 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 6566 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 6567
6568 hci_req_init(&req, hdev);
4b580614
JH		 6569 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
6570 u8 scan = SCAN_PAGE;
6571 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6572 sizeof(scan), &scan);
6573 }
d1967ff8 6574 update_class(&req);
9a43e25f 6575 update_adv_data(&req);
d1967ff8
MH		 6576 hci_req_run(&req, NULL);
6577
6578 hdev->discov_timeout = 0;
6579
9a43e25f
JH		 6580 new_settings(hdev, NULL);
6581
d1967ff8
MH		 6582 hci_dev_unlock(hdev);
6583}
6584
dc4a5ee2
MH		 6585void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6586 bool persistent)
55ed8ca1 6587{
86742e1e 6588 struct mgmt_ev_new_link_key ev;
55ed8ca1 6589
a492cd52 6590 memset(&ev, 0, sizeof(ev));
55ed8ca1 6591
a492cd52 6592 ev.store_hint = persistent;
d753fdc4 6593 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6594 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6595 ev.key.type = key->type;
9b3b4460 6596 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6597 ev.key.pin_len = key->pin_len;
55ed8ca1 6598
dc4a5ee2 6599 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6600}
f7520543 6601
d7b25450
JH		 6602static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6603{
23fb8de3
JH		 6604 switch (ltk->type) {
6605 case SMP_LTK:
6606 case SMP_LTK_SLAVE:
6607 if (ltk->authenticated)
6608 return MGMT_LTK_AUTHENTICATED;
6609 return MGMT_LTK_UNAUTHENTICATED;
6610 case SMP_LTK_P256:
6611 if (ltk->authenticated)
6612 return MGMT_LTK_P256_AUTH;
6613 return MGMT_LTK_P256_UNAUTH;
6614 case SMP_LTK_P256_DEBUG:
6615 return MGMT_LTK_P256_DEBUG;
6616 }
d7b25450
JH		 6617
6618 return MGMT_LTK_UNAUTHENTICATED;
6619}
6620
53ac6ab6 6621void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6622{
6623 struct mgmt_ev_new_long_term_key ev;
6624
6625 memset(&ev, 0, sizeof(ev));
6626
5192d301
MH		 6627 /* Devices using resolvable or non-resolvable random addresses
6628 * without providing an indentity resolving key don't require
6629 * to store long term keys. Their addresses will change the
6630 * next time around.
6631 *
6632 * Only when a remote device provides an identity address
6633 * make sure the long term key is stored. If the remote
6634 * identity is known, the long term keys are internally
6635 * mapped to the identity address. So allow static random
6636 * and public addresses here.
6637 */
ba74b666
JH		 6638 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6639 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6640 ev.store_hint = 0x00;
6641 else
53ac6ab6 6642 ev.store_hint = persistent;
ba74b666 6643
346af67b 6644 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6645 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6646 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6647 ev.key.enc_size = key->enc_size;
6648 ev.key.ediv = key->ediv;
fe39c7b2 6649 ev.key.rand = key->rand;
346af67b 6650
2ceba539 6651 if (key->type == SMP_LTK)
346af67b
VCG		 6652 ev.key.master = 1;
6653
346af67b
VCG		 6654 memcpy(ev.key.val, key->val, sizeof(key->val));
6655
083368f7 6656 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6657}
6658
95fbac8a
JH		 6659void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6660{
6661 struct mgmt_ev_new_irk ev;
6662
6663 memset(&ev, 0, sizeof(ev));
6664
bab6d1e5
MH		 6665 /* For identity resolving keys from devices that are already
6666 * using a public address or static random address, do not
6667 * ask for storing this key. The identity resolving key really
6668 * is only mandatory for devices using resovlable random
6669 * addresses.
6670 *
6671 * Storing all identity resolving keys has the downside that
6672 * they will be also loaded on next boot of they system. More
6673 * identity resolving keys, means more time during scanning is
6674 * needed to actually resolve these addresses.
6675 */
6676 if (bacmp(&irk->rpa, BDADDR_ANY))
6677 ev.store_hint = 0x01;
6678 else
6679 ev.store_hint = 0x00;
6680
95fbac8a
JH		 6681 bacpy(&ev.rpa, &irk->rpa);
6682 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6683 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6684 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6685
6686 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6687}
6688
53ac6ab6
MH		 6689void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6690 bool persistent)
7ee4ea36
MH		 6691{
6692 struct mgmt_ev_new_csrk ev;
6693
6694 memset(&ev, 0, sizeof(ev));
6695
6696 /* Devices using resolvable or non-resolvable random addresses
6697 * without providing an indentity resolving key don't require
6698 * to store signature resolving keys. Their addresses will change
6699 * the next time around.
6700 *
6701 * Only when a remote device provides an identity address
6702 * make sure the signature resolving key is stored. So allow
6703 * static random and public addresses here.
6704 */
6705 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6706 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6707 ev.store_hint = 0x00;
6708 else
53ac6ab6 6709 ev.store_hint = persistent;
7ee4ea36
MH		 6710
6711 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6712 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6713 ev.key.type = csrk->type;
7ee4ea36
MH		 6714 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6715
6716 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6717}
6718
ffb5a827 6719void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6720 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6721 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6722{
6723 struct mgmt_ev_new_conn_param ev;
6724
c103aea6
JH		 6725 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6726 return;
6727
ffb5a827
AG		 6728 memset(&ev, 0, sizeof(ev));
6729 bacpy(&ev.addr.bdaddr, bdaddr);
6730 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6731 ev.store_hint = store_hint;
ffb5a827
AG		 6732 ev.min_interval = cpu_to_le16(min_interval);
6733 ev.max_interval = cpu_to_le16(max_interval);
6734 ev.latency = cpu_to_le16(latency);
6735 ev.timeout = cpu_to_le16(timeout);
6736
6737 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6738}
6739
94933991
MH		 6740static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6741 u8 data_len)
6742{
6743 eir[eir_len++] = sizeof(type) + data_len;
6744 eir[eir_len++] = type;
6745 memcpy(&eir[eir_len], data, data_len);
6746 eir_len += data_len;
6747
6748 return eir_len;
6749}
6750
48ec92fa
AA		 6751void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6752 u32 flags, u8 *name, u8 name_len)
f7520543 6753{
b644ba33
JH		 6754 char buf[512];
6755 struct mgmt_ev_device_connected *ev = (void *) buf;
6756 u16 eir_len = 0;
f7520543 6757
48ec92fa
AA		 6758 bacpy(&ev->addr.bdaddr, &conn->dst);
6759 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6760
c95f0ba7 6761 ev->flags = __cpu_to_le32(flags);
08c79b61 6762
fd45ada9
AA		 6763 /* We must ensure that the EIR Data fields are ordered and
6764 * unique. Keep it simple for now and avoid the problem by not
6765 * adding any BR/EDR data to the LE adv.
6766 */
6767 if (conn->le_adv_data_len > 0) {
6768 memcpy(&ev->eir[eir_len],
6769 conn->le_adv_data, conn->le_adv_data_len);
6770 eir_len = conn->le_adv_data_len;
6771 } else {
6772 if (name_len > 0)
6773 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6774 name, name_len);
b644ba33 6775
ddbea5cf 6776 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6777 eir_len = eir_append_data(ev->eir, eir_len,
6778 EIR_CLASS_OF_DEV,
6779 conn->dev_class, 3);
6780 }
b644ba33 6781
eb55ef07 6782 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6783
ecd90ae7
MH		 6784 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6785 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6786}
6787
3b0602cd 6788static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6789{
8962ee74 6790 struct sock **sk = data;
8962ee74 6791
f5818c22 6792 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6793
6794 *sk = cmd->sk;
6795 sock_hold(*sk);
6796
a664b5bc 6797 mgmt_pending_remove(cmd);
8962ee74
JH		 6798}
6799
3b0602cd 6800static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6801{
b1078ad0 6802 struct hci_dev *hdev = data;
124f6e35 6803 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6804
b1078ad0
JH		 6805 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6806
d8b7b1e4 6807 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6808 mgmt_pending_remove(cmd);
6809}
6810
84c61d92
JH		 6811bool mgmt_powering_down(struct hci_dev *hdev)
6812{
3b0602cd 6813 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6814 struct mgmt_mode *cp;
6815
6816 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6817 if (!cmd)
6818 return false;
6819
6820 cp = cmd->param;
6821 if (!cp->val)
6822 return true;
6823
6824 return false;
6825}
6826
9b80ec5e 6827void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6828 u8 link_type, u8 addr_type, u8 reason,
6829 bool mgmt_connected)
f7520543 6830{
f0d6a0ea 6831 struct mgmt_ev_device_disconnected ev;
8962ee74 6832 struct sock *sk = NULL;
8962ee74 6833
84c61d92
JH		 6834 /* The connection is still in hci_conn_hash so test for 1
6835 * instead of 0 to know if this is the last one.
6836 */
6837 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6838 cancel_delayed_work(&hdev->power_off);
6839 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6840 }
6841
12d4a3b2
JH		 6842 if (!mgmt_connected)
6843 return;
6844
57eb776f
AG		 6845 if (link_type != ACL_LINK && link_type != LE_LINK)
6846 return;
6847
744cf19e 6848 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6849
f0d6a0ea
MA		 6850 bacpy(&ev.addr.bdaddr, bdaddr);
6851 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6852 ev.reason = reason;
f7520543 6853
9b80ec5e 6854 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6855
6856 if (sk)
d97dcb66 6857 sock_put(sk);
8962ee74 6858
124f6e35 6859 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6860 hdev);
8962ee74
JH		 6861}
6862
7892924c
MH		 6863void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6864 u8 link_type, u8 addr_type, u8 status)
8962ee74 6865{
3655bba8
AG		 6866 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6867 struct mgmt_cp_disconnect *cp;
3b0602cd 6868 struct mgmt_pending_cmd *cmd;
8962ee74 6869
36a75f1b
JD		 6870 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6871 hdev);
6872
2e58ef3e 6873 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6874 if (!cmd)
7892924c 6875 return;
8962ee74 6876
3655bba8
AG		 6877 cp = cmd->param;
6878
6879 if (bacmp(bdaddr, &cp->addr.bdaddr))
6880 return;
6881
6882 if (cp->addr.type != bdaddr_type)
6883 return;
6884
f5818c22 6885 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6886 mgmt_pending_remove(cmd);
f7520543 6887}
17d5c04c 6888
445608d0
MH		 6889void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6890 u8 addr_type, u8 status)
17d5c04c
JH		 6891{
6892 struct mgmt_ev_connect_failed ev;
c9910d0f 6893
84c61d92
JH		 6894 /* The connection is still in hci_conn_hash so test for 1
6895 * instead of 0 to know if this is the last one.
6896 */
6897 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6898 cancel_delayed_work(&hdev->power_off);
6899 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6900 }
17d5c04c 6901
4c659c39 6902 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6903 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6904 ev.status = mgmt_status(status);
17d5c04c 6905
445608d0 6906 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6907}
980e1a53 6908
ce0e4a0d 6909void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6910{
6911 struct mgmt_ev_pin_code_request ev;
6912
d8457698 6913 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6914 ev.addr.type = BDADDR_BREDR;
a770bb5a 6915 ev.secure = secure;
980e1a53 6916
ce0e4a0d 6917 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6918}
6919
e669cf80
MH		 6920void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6921 u8 status)
980e1a53 6922{
3b0602cd 6923 struct mgmt_pending_cmd *cmd;
980e1a53 6924
2e58ef3e 6925 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6926 if (!cmd)
e669cf80 6927 return;
980e1a53 6928
7776d1d8 6929 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6930 mgmt_pending_remove(cmd);
980e1a53
JH		 6931}
6932
3eb38528
MH		 6933void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6934 u8 status)
980e1a53 6935{
3b0602cd 6936 struct mgmt_pending_cmd *cmd;
980e1a53 6937
2e58ef3e 6938 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6939 if (!cmd)
3eb38528 6940 return;
980e1a53 6941
7776d1d8 6942 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6943 mgmt_pending_remove(cmd);
980e1a53 6944}
a5c29683 6945
744cf19e 6946int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6947 u8 link_type, u8 addr_type, u32 value,
04124681 6948 u8 confirm_hint)
a5c29683
JH		 6949{
6950 struct mgmt_ev_user_confirm_request ev;
6951
744cf19e 6952 BT_DBG("%s", hdev->name);
a5c29683 6953
272d90df 6954 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6955 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6956 ev.confirm_hint = confirm_hint;
39adbffe 6957 ev.value = cpu_to_le32(value);
a5c29683 6958
744cf19e 6959 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6960 NULL);
a5c29683
JH		 6961}
6962
272d90df 6963int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6964 u8 link_type, u8 addr_type)
604086b7
BG		 6965{
6966 struct mgmt_ev_user_passkey_request ev;
6967
6968 BT_DBG("%s", hdev->name);
6969
272d90df 6970 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6971 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6972
6973 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6974 NULL);
604086b7
BG		 6975}
6976
0df4c185 6977static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6978 u8 link_type, u8 addr_type, u8 status,
6979 u8 opcode)
a5c29683 6980{
3b0602cd 6981 struct mgmt_pending_cmd *cmd;
a5c29683 6982
2e58ef3e 6983 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6984 if (!cmd)
6985 return -ENOENT;
6986
7776d1d8 6987 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6988 mgmt_pending_remove(cmd);
a5c29683 6989
7776d1d8 6990 return 0;
a5c29683
JH		 6991}
6992
744cf19e 6993int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6994 u8 link_type, u8 addr_type, u8 status)
a5c29683 6995{
272d90df 6996 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6997 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6998}
6999
272d90df 7000int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7001 u8 link_type, u8 addr_type, u8 status)
a5c29683 7002{
272d90df 7003 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7004 status,
7005 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7006}
2a611692 7007
604086b7 7008int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7009 u8 link_type, u8 addr_type, u8 status)
604086b7 7010{
272d90df 7011 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7012 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7013}
7014
272d90df 7015int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7016 u8 link_type, u8 addr_type, u8 status)
604086b7 7017{
272d90df 7018 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7019 status,
7020 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7021}
7022
92a25256
JH		 7023int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7024 u8 link_type, u8 addr_type, u32 passkey,
7025 u8 entered)
7026{
7027 struct mgmt_ev_passkey_notify ev;
7028
7029 BT_DBG("%s", hdev->name);
7030
7031 bacpy(&ev.addr.bdaddr, bdaddr);
7032 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7033 ev.passkey = __cpu_to_le32(passkey);
7034 ev.entered = entered;
7035
7036 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7037}
7038
e1e930f5 7039void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7040{
7041 struct mgmt_ev_auth_failed ev;
3b0602cd 7042 struct mgmt_pending_cmd *cmd;
e1e930f5 7043 u8 status = mgmt_status(hci_status);
2a611692 7044
e1e930f5
JH		 7045 bacpy(&ev.addr.bdaddr, &conn->dst);
7046 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7047 ev.status = status;
2a611692 7048
e1e930f5
JH		 7049 cmd = find_pairing(conn);
7050
7051 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7052 cmd ? cmd->sk : NULL);
7053
a511b35b
JH		 7054 if (cmd) {
7055 cmd->cmd_complete(cmd, status);
7056 mgmt_pending_remove(cmd);
7057 }
2a611692 7058}
b312b161 7059
464996ae 7060void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7061{
7062 struct cmd_lookup match = { NULL, hdev };
464996ae 7063 bool changed;
33ef95ed
JH		 7064
7065 if (status) {
7066 u8 mgmt_err = mgmt_status(status);
7067 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7068 cmd_status_rsp, &mgmt_err);
464996ae 7069 return;
33ef95ed
JH		 7070 }
7071
464996ae
MH		 7072 if (test_bit(HCI_AUTH, &hdev->flags))
7073 changed = !test_and_set_bit(HCI_LINK_SECURITY,
7074 &hdev->dev_flags);
7075 else
7076 changed = test_and_clear_bit(HCI_LINK_SECURITY,
7077 &hdev->dev_flags);
47990ea0 7078
33ef95ed 7079 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7080 &match);
33ef95ed 7081
47990ea0 7082 if (changed)
464996ae 7083 new_settings(hdev, match.sk);
33ef95ed
JH		 7084
7085 if (match.sk)
7086 sock_put(match.sk);
33ef95ed
JH		 7087}
7088
890ea898 7089static void clear_eir(struct hci_request *req)
cacaf52f 7090{
890ea898 7091 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7092 struct hci_cp_write_eir cp;
7093
976eb20e 7094 if (!lmp_ext_inq_capable(hdev))
890ea898 7095 return;
cacaf52f 7096
c80da27e
JH		 7097 memset(hdev->eir, 0, sizeof(hdev->eir));
7098
cacaf52f
JH		 7099 memset(&cp, 0, sizeof(cp));
7100
890ea898 7101 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7102}
7103
3e248560 7104void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7105{
7106 struct cmd_lookup match = { NULL, hdev };
890ea898 7107 struct hci_request req;
c0ecddc2 7108 bool changed = false;
ed2c4ee3
JH		 7109
7110 if (status) {
7111 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 7112
7113 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 7114 &hdev->dev_flags)) {
7115 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 7116 new_settings(hdev, NULL);
9ecb3e24 7117 }
c0ecddc2 7118
04124681
GP		 7119 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7120 &mgmt_err);
3e248560 7121 return;
c0ecddc2
JH		 7122 }
7123
7124 if (enable) {
9ecb3e24 7125 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 7126 } else {
9ecb3e24
MH		 7127 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
7128 if (!changed)
7129 changed = test_and_clear_bit(HCI_HS_ENABLED,
7130 &hdev->dev_flags);
7131 else
7132 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 7133 }
7134
7135 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7136
c0ecddc2 7137 if (changed)
3e248560 7138 new_settings(hdev, match.sk);
ed2c4ee3 7139
5fc6ebb1 7140 if (match.sk)
ed2c4ee3
JH		 7141 sock_put(match.sk);
7142
890ea898
JH		 7143 hci_req_init(&req, hdev);
7144
3769972b
JH		 7145 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
7146 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
7147 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7148 sizeof(enable), &enable);
890ea898 7149 update_eir(&req);
3769972b 7150 } else {
890ea898 7151 clear_eir(&req);
3769972b 7152 }
890ea898
JH		 7153
7154 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7155}
7156
3b0602cd 7157static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7158{
7159 struct cmd_lookup *match = data;
7160
90e70454
JH		 7161 if (match->sk == NULL) {
7162 match->sk = cmd->sk;
7163 sock_hold(match->sk);
7164 }
90e70454
JH		 7165}
7166
4e1b0245
MH		 7167void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7168 u8 status)
7f9a903c 7169{
90e70454 7170 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7171
92da6097
JH		 7172 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7173 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7174 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7175
7176 if (!status)
4e1b0245
MH		 7177 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7178 NULL);
90e70454
JH		 7179
7180 if (match.sk)
7181 sock_put(match.sk);
7f9a903c
MH		 7182}
7183
7667da34 7184void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7185{
b312b161 7186 struct mgmt_cp_set_local_name ev;
3b0602cd 7187 struct mgmt_pending_cmd *cmd;
28cc7bde 7188
13928971 7189 if (status)
7667da34 7190 return;
b312b161
JH		 7191
7192 memset(&ev, 0, sizeof(ev));
7193 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7194 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7195
2e58ef3e 7196 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7197 if (!cmd) {
7198 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7199
13928971
JH		 7200 /* If this is a HCI command related to powering on the
7201 * HCI dev don't send any mgmt signals.
7202 */
7203 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7204 return;
890ea898 7205 }
b312b161 7206
7667da34
MH		 7207 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7208 cmd ? cmd->sk : NULL);
b312b161 7209}
c35938b2 7210
4d2d2796 7211void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7212 u8 *rand192, u8 *hash256, u8 *rand256,
7213 u8 status)
c35938b2 7214{
3b0602cd 7215 struct mgmt_pending_cmd *cmd;
c35938b2 7216
744cf19e 7217 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7218
2e58ef3e 7219 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7220 if (!cmd)
3edaf092 7221 return;
c35938b2
SJ		 7222
7223 if (status) {
a69e8375
JH		 7224 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7225 mgmt_status(status));
c35938b2 7226 } else {
66f096f7
JH		 7227 struct mgmt_rp_read_local_oob_data rp;
7228 size_t rp_size = sizeof(rp);
4d2d2796 7229
66f096f7
JH		 7230 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7231 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7232
66f096f7 7233 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7234 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7235 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7236 } else {
66f096f7 7237 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7238 }
66f096f7 7239
2a1afb5a
JH		 7240 mgmt_cmd_complete(cmd->sk, hdev->id,
7241 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7242 &rp, rp_size);
c35938b2
SJ		 7243 }
7244
7245 mgmt_pending_remove(cmd);
c35938b2 7246}
e17acd40 7247
799ce93d
JP		 7248static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7249{
7250 int i;
7251
7252 for (i = 0; i < uuid_count; i++) {
7253 if (!memcmp(uuid, uuids[i], 16))
7254 return true;
7255 }
7256
7257 return false;
7258}
7259
b487b9ce
MH		 7260static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7261{
799ce93d
JP		 7262 u16 parsed = 0;
7263
7264 while (parsed < eir_len) {
7265 u8 field_len = eir[0];
7266 u8 uuid[16];
7267 int i;
7268
7269 if (field_len == 0)
7270 break;
7271
7272 if (eir_len - parsed < field_len + 1)
7273 break;
7274
7275 switch (eir[1]) {
7276 case EIR_UUID16_ALL:
7277 case EIR_UUID16_SOME:
7278 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7279 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7280 uuid[13] = eir[i + 3];
7281 uuid[12] = eir[i + 2];
7282 if (has_uuid(uuid, uuid_count, uuids))
7283 return true;
7284 }
7285 break;
7286 case EIR_UUID32_ALL:
7287 case EIR_UUID32_SOME:
7288 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7289 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7290 uuid[15] = eir[i + 5];
7291 uuid[14] = eir[i + 4];
7292 uuid[13] = eir[i + 3];
7293 uuid[12] = eir[i + 2];
7294 if (has_uuid(uuid, uuid_count, uuids))
7295 return true;
7296 }
7297 break;
7298 case EIR_UUID128_ALL:
7299 case EIR_UUID128_SOME:
7300 for (i = 0; i + 17 <= field_len; i += 16) {
7301 memcpy(uuid, eir + i + 2, 16);
7302 if (has_uuid(uuid, uuid_count, uuids))
7303 return true;
7304 }
7305 break;
7306 }
7307
7308 parsed += field_len + 1;
7309 eir += field_len + 1;
7310 }
7311
b487b9ce
MH		 7312 return false;
7313}
7314
4b0e0ced
JP		 7315static void restart_le_scan(struct hci_dev *hdev)
7316{
7317 /* If controller is not scanning we are done. */
7318 if (!test_bit(HCI_LE_SCAN, &hdev->dev_flags))
7319 return;
7320
7321 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7322 hdev->discovery.scan_start +
7323 hdev->discovery.scan_duration))
7324 return;
7325
7326 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7327 DISCOV_LE_RESTART_DELAY);
7328}
7329
48f86b7f
JP		 7330static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7331 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7332{
48f86b7f
JP		 7333 /* If a RSSI threshold has been specified, and
7334 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7335 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7336 * is set, let it through for further processing, as we might need to
7337 * restart the scan.
efb2513f
MH		 7338 *
7339 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7340 * the results are also dropped.
bda157a4
MH		 7341 */
7342 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7343 (rssi == HCI_RSSI_INVALID ||
7344 (rssi < hdev->discovery.rssi &&
7345 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7346 return false;
efb2513f 7347
2976cdeb
JP		 7348 if (hdev->discovery.uuid_count != 0) {
7349 /* If a list of UUIDs is provided in filter, results with no
7350 * matching UUID should be dropped.
b487b9ce 7351 */
2976cdeb
JP		 7352 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7353 hdev->discovery.uuids) &&
7354 !eir_has_uuids(scan_rsp, scan_rsp_len,
7355 hdev->discovery.uuid_count,
7356 hdev->discovery.uuids))
7357 return false;
b487b9ce 7358 }
5d2e9fad 7359
2976cdeb
JP		 7360 /* If duplicate filtering does not report RSSI changes, then restart
7361 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7362 */
2976cdeb
JP		 7363 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7364 restart_le_scan(hdev);
7365
7366 /* Validate RSSI value against the RSSI threshold once more. */
7367 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7368 rssi < hdev->discovery.rssi)
7369 return false;
7370 }
48f86b7f
JP		 7371
7372 return true;
7373}
7374
7375void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7376 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7377 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7378{
7379 char buf[512];
7380 struct mgmt_ev_device_found *ev = (void *)buf;
7381 size_t ev_size;
7382
7383 /* Don't send events for a non-kernel initiated discovery. With
7384 * LE one exception is if we have pend_le_reports > 0 in which
7385 * case we're doing passive scanning and want these events.
7386 */
7387 if (!hci_discovery_active(hdev)) {
7388 if (link_type == ACL_LINK)
7389 return;
7390 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7391 return;
7392 }
7393
82f8b651 7394 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7395 /* We are using service discovery */
7396 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7397 scan_rsp_len))
7398 return;
7399 }
7400
7401 /* Make sure that the buffer is big enough. The 5 extra bytes
7402 * are for the potential CoD field.
7403 */
7404 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7405 return;
7406
48f86b7f
JP		 7407 memset(buf, 0, sizeof(buf));
7408
7409 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7410 * RSSI value was reported as 0 when not available. This behavior
7411 * is kept when using device discovery. This is required for full
7412 * backwards compatibility with the API.
7413 *
7414 * However when using service discovery, the value 127 will be
7415 * returned when the RSSI is not available.
7416 */
7417 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7418 link_type == ACL_LINK)
7419 rssi = 0;
7420
7421 bacpy(&ev->addr.bdaddr, bdaddr);
7422 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7423 ev->rssi = rssi;
7424 ev->flags = cpu_to_le32(flags);
7425
7426 if (eir_len > 0)
7427 /* Copy EIR or advertising data into event */
7428 memcpy(ev->eir, eir, eir_len);
7429
7430 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7431 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7432 dev_class, 3);
7433
7434 if (scan_rsp_len > 0)
7435 /* Append scan response data to event */
7436 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7437
5d2e9fad
JH		 7438 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7439 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7440
901801b9 7441 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7442}
a88a9652 7443
9cf12aee
MH		 7444void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7445 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7446{
b644ba33
JH		 7447 struct mgmt_ev_device_found *ev;
7448 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7449 u16 eir_len;
a88a9652 7450
b644ba33 7451 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7452
b644ba33
JH		 7453 memset(buf, 0, sizeof(buf));
7454
7455 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7456 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7457 ev->rssi = rssi;
7458
7459 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7460 name_len);
b644ba33 7461
eb55ef07 7462 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7463
9cf12aee 7464 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7465}
314b2381 7466
2f1e063b 7467void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7468{
f963e8e9 7469 struct mgmt_ev_discovering ev;
164a6e78 7470
343fb145
AG		 7471 BT_DBG("%s discovering %u", hdev->name, discovering);
7472
f963e8e9
JH		 7473 memset(&ev, 0, sizeof(ev));
7474 ev.type = hdev->discovery.type;
7475 ev.discovering = discovering;
7476
2f1e063b 7477 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7478}
5e762444 7479
1904a853 7480static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7481{
7482 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7483}
7484
7485void mgmt_reenable_advertising(struct hci_dev *hdev)
7486{
7487 struct hci_request req;
7488
5976e608
MH		 7489 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
7490 return;
7491
7492 hci_req_init(&req, hdev);
7493 enable_advertising(&req);
0ec5ae84 7494 hci_req_run(&req, adv_enable_complete);
5976e608 7495}
6d785aa3
JH		 7496
7497static struct hci_mgmt_chan chan = {
7498 .channel = HCI_CHANNEL_CONTROL,
7499 .handler_count = ARRAY_SIZE(mgmt_handlers),
7500 .handlers = mgmt_handlers,
7501};
7502
7503int mgmt_init(void)
7504{
7505 return hci_mgmt_chan_register(&chan);
7506}
7507
7508void mgmt_exit(void)
7509{
7510 hci_mgmt_chan_unregister(&chan);
7511}
Linux kernel - Deliverables
This page took 0.850742 seconds and 5 git commands to generate.