projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Use real advertising state to random address update decision
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
4b34ee78
JH		 132#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
133 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
134
eec8d2bc
JH		 135struct pending_cmd {
136 struct list_head list;
fc2f4b13 137 u16 opcode;
eec8d2bc 138 int index;
c68fb7ff 139 void *param;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
69ab39ea 556 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 558
ed3fa31f 559 if (lmp_bredr_capable(hdev)) {
33c525c0 560 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 561 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
562 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 563 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 580 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 581 }
69ab39ea 582
eb1904f4
MH		 583 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
584 hdev->set_bdaddr)
9fc3bfb6
MH		 585 settings |= MGMT_SETTING_CONFIGURATION;
586
69ab39ea
JH		 587 return settings;
588}
589
590static u32 get_current_settings(struct hci_dev *hdev)
591{
592 u32 settings = 0;
593
f1f0eb02 594 if (hdev_is_powered(hdev))
f0d4b78a
MH		 595 settings |= MGMT_SETTING_POWERED;
596
5e5282bb 597 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 598 settings |= MGMT_SETTING_CONNECTABLE;
599
1a4d3c4b
JH		 600 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_FAST_CONNECTABLE;
602
5e5282bb 603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_DISCOVERABLE;
605
a8b2d5c2 606 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_PAIRABLE;
608
56f87901 609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_BREDR;
611
06199cf8 612 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LE;
614
47990ea0 615 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_LINK_SECURITY;
617
84bde9d6 618 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 619 settings |= MGMT_SETTING_SSP;
620
6d80dfd0
JH		 621 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
622 settings |= MGMT_SETTING_HS;
623
f3d3444a 624 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 625 settings |= MGMT_SETTING_ADVERTISING;
626
e98d2ce2
MH		 627 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
628 settings |= MGMT_SETTING_SECURE_CONN;
629
0663b297 630 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 631 settings |= MGMT_SETTING_DEBUG_KEYS;
632
0f4bd942
JH		 633 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
634 settings |= MGMT_SETTING_PRIVACY;
635
69ab39ea
JH		 636 return settings;
637}
638
ef580372
JH		 639#define PNP_INFO_SVCLASS_ID 0x1200
640
213202ed
JH		 641static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
642{
643 u8 *ptr = data, *uuids_start = NULL;
644 struct bt_uuid *uuid;
645
646 if (len < 4)
647 return ptr;
648
649 list_for_each_entry(uuid, &hdev->uuids, list) {
650 u16 uuid16;
651
652 if (uuid->size != 16)
653 continue;
654
655 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 < 0x1100)
657 continue;
658
659 if (uuid16 == PNP_INFO_SVCLASS_ID)
660 continue;
661
662 if (!uuids_start) {
663 uuids_start = ptr;
664 uuids_start[0] = 1;
665 uuids_start[1] = EIR_UUID16_ALL;
666 ptr += 2;
667 }
668
669 /* Stop if not enough space to put next UUID */
670 if ((ptr - data) + sizeof(u16) > len) {
671 uuids_start[1] = EIR_UUID16_SOME;
672 break;
673 }
674
675 *ptr++ = (uuid16 & 0x00ff);
676 *ptr++ = (uuid16 & 0xff00) >> 8;
677 uuids_start[0] += sizeof(uuid16);
678 }
679
680 return ptr;
681}
682
cdf1963f
JH		 683static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
684{
685 u8 *ptr = data, *uuids_start = NULL;
686 struct bt_uuid *uuid;
687
688 if (len < 6)
689 return ptr;
690
691 list_for_each_entry(uuid, &hdev->uuids, list) {
692 if (uuid->size != 32)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID32_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u32) > len) {
704 uuids_start[1] = EIR_UUID32_SOME;
705 break;
706 }
707
708 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
709 ptr += sizeof(u32);
710 uuids_start[0] += sizeof(u32);
711 }
712
713 return ptr;
714}
715
c00d575b
JH		 716static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 18)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 128)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID128_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + 16 > len) {
737 uuids_start[1] = EIR_UUID128_SOME;
738 break;
739 }
740
741 memcpy(ptr, uuid->uuid, 16);
742 ptr += 16;
743 uuids_start[0] += 16;
744 }
745
746 return ptr;
747}
748
eb2a8d20
JH		 749static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
750{
751 struct pending_cmd *cmd;
752
753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
754 if (cmd->opcode == opcode)
755 return cmd;
756 }
757
758 return NULL;
759}
760
95868426
JH		 761static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
762 struct hci_dev *hdev,
763 const void *data)
764{
765 struct pending_cmd *cmd;
766
767 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
768 if (cmd->user_data != data)
769 continue;
770 if (cmd->opcode == opcode)
771 return cmd;
772 }
773
774 return NULL;
775}
776
f14d8f64
MH		 777static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
778{
7a5f4990
MH		 779 u8 ad_len = 0;
780 size_t name_len;
781
782 name_len = strlen(hdev->dev_name);
783 if (name_len > 0) {
784 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
785
786 if (name_len > max_len) {
787 name_len = max_len;
788 ptr[1] = EIR_NAME_SHORT;
789 } else
790 ptr[1] = EIR_NAME_COMPLETE;
791
792 ptr[0] = name_len + 1;
793
794 memcpy(ptr + 2, hdev->dev_name, name_len);
795
796 ad_len += (name_len + 2);
797 ptr += (name_len + 2);
798 }
799
800 return ad_len;
f14d8f64
MH		 801}
802
803static void update_scan_rsp_data(struct hci_request *req)
804{
805 struct hci_dev *hdev = req->hdev;
806 struct hci_cp_le_set_scan_rsp_data cp;
807 u8 len;
808
7751ef1b 809 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 810 return;
811
812 memset(&cp, 0, sizeof(cp));
813
814 len = create_scan_rsp_data(hdev, cp.data);
815
eb438b5f
JH		 816 if (hdev->scan_rsp_data_len == len &&
817 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 818 return;
819
eb438b5f
JH		 820 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
821 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 822
823 cp.length = len;
824
825 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
826}
827
9a43e25f
JH		 828static u8 get_adv_discov_flags(struct hci_dev *hdev)
829{
830 struct pending_cmd *cmd;
831
832 /* If there's a pending mgmt command the flags will not yet have
833 * their final values, so check for this first.
834 */
835 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
836 if (cmd) {
837 struct mgmt_mode *cp = cmd->param;
838 if (cp->val == 0x01)
839 return LE_AD_GENERAL;
840 else if (cp->val == 0x02)
841 return LE_AD_LIMITED;
842 } else {
843 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
844 return LE_AD_LIMITED;
845 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_GENERAL;
847 }
848
849 return 0;
850}
851
46cad2ed 852static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 853{
854 u8 ad_len = 0, flags = 0;
441ad2d0 855
9a43e25f 856 flags |= get_adv_discov_flags(hdev);
441ad2d0 857
e834004b 858 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 859 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 860
861 if (flags) {
862 BT_DBG("adv flags 0x%02x", flags);
863
864 ptr[0] = 2;
865 ptr[1] = EIR_FLAGS;
866 ptr[2] = flags;
867
868 ad_len += 3;
869 ptr += 3;
870 }
871
872 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
873 ptr[0] = 2;
874 ptr[1] = EIR_TX_POWER;
875 ptr[2] = (u8) hdev->adv_tx_power;
876
877 ad_len += 3;
878 ptr += 3;
879 }
880
441ad2d0
MH		 881 return ad_len;
882}
883
5947f4bc 884static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 885{
886 struct hci_dev *hdev = req->hdev;
887 struct hci_cp_le_set_adv_data cp;
888 u8 len;
889
10994ce6 890 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 891 return;
892
893 memset(&cp, 0, sizeof(cp));
894
46cad2ed 895 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 896
897 if (hdev->adv_data_len == len &&
898 memcmp(cp.data, hdev->adv_data, len) == 0)
899 return;
900
901 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
902 hdev->adv_data_len = len;
903
904 cp.length = len;
905
906 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
907}
908
ef580372
JH		 909static void create_eir(struct hci_dev *hdev, u8 *data)
910{
911 u8 *ptr = data;
ef580372
JH		 912 size_t name_len;
913
914 name_len = strlen(hdev->dev_name);
915
916 if (name_len > 0) {
917 /* EIR Data type */
918 if (name_len > 48) {
919 name_len = 48;
920 ptr[1] = EIR_NAME_SHORT;
921 } else
922 ptr[1] = EIR_NAME_COMPLETE;
923
924 /* EIR Data length */
925 ptr[0] = name_len + 1;
926
927 memcpy(ptr + 2, hdev->dev_name, name_len);
928
ef580372
JH		 929 ptr += (name_len + 2);
930 }
931
bbaf444a 932 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 933 ptr[0] = 2;
934 ptr[1] = EIR_TX_POWER;
935 ptr[2] = (u8) hdev->inq_tx_power;
936
91c4e9b1
MH		 937 ptr += 3;
938 }
939
2b9be137
MH		 940 if (hdev->devid_source > 0) {
941 ptr[0] = 9;
942 ptr[1] = EIR_DEVICE_ID;
943
944 put_unaligned_le16(hdev->devid_source, ptr + 2);
945 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
946 put_unaligned_le16(hdev->devid_product, ptr + 6);
947 put_unaligned_le16(hdev->devid_version, ptr + 8);
948
2b9be137
MH		 949 ptr += 10;
950 }
951
213202ed 952 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 953 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 954 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 955}
956
890ea898 957static void update_eir(struct hci_request *req)
ef580372 958{
890ea898 959 struct hci_dev *hdev = req->hdev;
ef580372
JH		 960 struct hci_cp_write_eir cp;
961
504c8dcd 962 if (!hdev_is_powered(hdev))
890ea898 963 return;
7770c4aa 964
976eb20e 965 if (!lmp_ext_inq_capable(hdev))
890ea898 966 return;
ef580372 967
84bde9d6 968 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 969 return;
ef580372 970
a8b2d5c2 971 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 972 return;
ef580372
JH		 973
974 memset(&cp, 0, sizeof(cp));
975
976 create_eir(hdev, cp.data);
977
978 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 979 return;
ef580372
JH		 980
981 memcpy(hdev->eir, cp.data, sizeof(cp.data));
982
890ea898 983 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 984}
985
986static u8 get_service_classes(struct hci_dev *hdev)
987{
988 struct bt_uuid *uuid;
989 u8 val = 0;
990
991 list_for_each_entry(uuid, &hdev->uuids, list)
992 val |= uuid->svc_hint;
993
994 return val;
995}
996
890ea898 997static void update_class(struct hci_request *req)
ef580372 998{
890ea898 999 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1000 u8 cod[3];
1001
1002 BT_DBG("%s", hdev->name);
1003
504c8dcd 1004 if (!hdev_is_powered(hdev))
890ea898 1005 return;
7770c4aa 1006
f87ea1da
JH		 1007 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1008 return;
1009
a8b2d5c2 1010 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1011 return;
ef580372
JH		 1012
1013 cod[0] = hdev->minor_class;
1014 cod[1] = hdev->major_class;
1015 cod[2] = get_service_classes(hdev);
1016
6acd7db4
MH		 1017 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1018 cod[1] |= 0x20;
1019
ef580372 1020 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1021 return;
ef580372 1022
890ea898 1023 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1024}
1025
a4858cb9 1026static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1027{
1028 struct pending_cmd *cmd;
199a2fb1
JH		 1029
1030 /* If there's a pending mgmt command the flag will not yet have
1031 * it's final value, so check for this first.
1032 */
1033 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1034 if (cmd) {
1035 struct mgmt_mode *cp = cmd->param;
a4858cb9 1036 return cp->val;
199a2fb1
JH		 1037 }
1038
a4858cb9 1039 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1040}
1041
1042static void enable_advertising(struct hci_request *req)
1043{
1044 struct hci_dev *hdev = req->hdev;
1045 struct hci_cp_le_set_adv_param cp;
8f2a0601 1046 u8 own_addr_type, enable = 0x01;
a4858cb9 1047 bool connectable;
199a2fb1 1048
5ce194c4 1049 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1050 * hci_update_random_address knows that it's safe to go ahead
1051 * and write a new random address. The flag will be set back on
1052 * as soon as the SET_ADV_ENABLE HCI command completes.
1053 */
5ce194c4 1054 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1055
a4858cb9 1056 connectable = get_connectable(hdev);
8f2a0601 1057
a4858cb9
JH		 1058 /* Set require_privacy to true only when non-connectable
1059 * advertising is used. In that case it is fine to use a
1060 * non-resolvable private address.
1061 */
1062 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1063 return;
1064
41c90c18 1065 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1066 cp.min_interval = cpu_to_le16(0x0800);
1067 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1068 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1069 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1070 cp.channel_map = hdev->le_adv_channel_map;
1071
1072 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1073
1074 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1075}
1076
1077static void disable_advertising(struct hci_request *req)
1078{
1079 u8 enable = 0x00;
1080
1081 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1082}
1083
7d78525d
JH		 1084static void service_cache_off(struct work_struct *work)
1085{
1086 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1087 service_cache.work);
890ea898 1088 struct hci_request req;
7d78525d 1089
a8b2d5c2 1090 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1091 return;
1092
890ea898
JH		 1093 hci_req_init(&req, hdev);
1094
7d78525d
JH		 1095 hci_dev_lock(hdev);
1096
890ea898
JH		 1097 update_eir(&req);
1098 update_class(&req);
7d78525d
JH		 1099
1100 hci_dev_unlock(hdev);
890ea898
JH		 1101
1102 hci_req_run(&req, NULL);
7d78525d
JH		 1103}
1104
d6bfd59c
JH		 1105static void rpa_expired(struct work_struct *work)
1106{
1107 struct hci_dev *hdev = container_of(work, struct hci_dev,
1108 rpa_expired.work);
1109 struct hci_request req;
1110
1111 BT_DBG("");
1112
1113 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1114
1115 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
1116 hci_conn_num(hdev, LE_LINK) > 0)
1117 return;
1118
1119 /* The generation of a new RPA and programming it into the
1120 * controller happens in the enable_advertising() function.
1121 */
1122
1123 hci_req_init(&req, hdev);
1124
1125 disable_advertising(&req);
1126 enable_advertising(&req);
1127
1128 hci_req_run(&req, NULL);
1129}
1130
6a919082 1131static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1132{
4f87da80 1133 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1134 return;
1135
4f87da80 1136 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1137 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1138
4f87da80
JH		 1139 /* Non-mgmt controlled devices get this bit set
1140 * implicitly so that pairing works for them, however
1141 * for mgmt we require user-space to explicitly enable
1142 * it
1143 */
1144 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1145}
1146
0f4e68cf 1147static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1148 void *data, u16 data_len)
0381101f 1149{
a38528f1 1150 struct mgmt_rp_read_info rp;
f7b64e69 1151
bdb6d971 1152 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1153
09fd0de5 1154 hci_dev_lock(hdev);
f7b64e69 1155
dc4fe30b
JH		 1156 memset(&rp, 0, sizeof(rp));
1157
69ab39ea 1158 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1159
69ab39ea 1160 rp.version = hdev->hci_ver;
eb55ef07 1161 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1162
1163 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1164 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1165
a38528f1 1166 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1167
dc4fe30b 1168 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1169 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1170
09fd0de5 1171 hci_dev_unlock(hdev);
0381101f 1172
bdb6d971 1173 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1174 sizeof(rp));
0381101f
JH		 1175}
1176
eec8d2bc
JH		 1177static void mgmt_pending_free(struct pending_cmd *cmd)
1178{
1179 sock_put(cmd->sk);
c68fb7ff 1180 kfree(cmd->param);
eec8d2bc
JH		 1181 kfree(cmd);
1182}
1183
366a0336 1184static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1185 struct hci_dev *hdev, void *data,
1186 u16 len)
eec8d2bc
JH		 1187{
1188 struct pending_cmd *cmd;
1189
fca20018 1190 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1191 if (!cmd)
366a0336 1192 return NULL;
eec8d2bc
JH		 1193
1194 cmd->opcode = opcode;
2e58ef3e 1195 cmd->index = hdev->id;
eec8d2bc 1196
12b94565 1197 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1198 if (!cmd->param) {
eec8d2bc 1199 kfree(cmd);
366a0336 1200 return NULL;
eec8d2bc
JH		 1201 }
1202
8fce6357
SJ		 1203 if (data)
1204 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1205
1206 cmd->sk = sk;
1207 sock_hold(sk);
1208
2e58ef3e 1209 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1210
366a0336 1211 return cmd;
eec8d2bc
JH		 1212}
1213
744cf19e 1214static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1215 void (*cb)(struct pending_cmd *cmd,
1216 void *data),
04124681 1217 void *data)
eec8d2bc 1218{
a3d09356 1219 struct pending_cmd *cmd, *tmp;
eec8d2bc 1220
a3d09356 1221 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1222 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1223 continue;
1224
eec8d2bc
JH		 1225 cb(cmd, data);
1226 }
1227}
1228
a664b5bc 1229static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1230{
73f22f62
JH		 1231 list_del(&cmd->list);
1232 mgmt_pending_free(cmd);
1233}
1234
69ab39ea 1235static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1236{
69ab39ea 1237 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1238
aee9b218 1239 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1240 sizeof(settings));
8680570b
JH		 1241}
1242
8b064a3a
JH		 1243static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1244{
1245 BT_DBG("%s status 0x%02x", hdev->name, status);
1246
a3172b7e
JH		 1247 if (hci_conn_count(hdev) == 0) {
1248 cancel_delayed_work(&hdev->power_off);
8b064a3a 1249 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1250 }
8b064a3a
JH		 1251}
1252
21a60d30
JH		 1253static void hci_stop_discovery(struct hci_request *req)
1254{
1255 struct hci_dev *hdev = req->hdev;
1256 struct hci_cp_remote_name_req_cancel cp;
1257 struct inquiry_entry *e;
1258
1259 switch (hdev->discovery.state) {
1260 case DISCOVERY_FINDING:
1261 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1262 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1263 } else {
1264 cancel_delayed_work(&hdev->le_scan_disable);
1265 hci_req_add_le_scan_disable(req);
1266 }
1267
1268 break;
1269
1270 case DISCOVERY_RESOLVING:
1271 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1272 NAME_PENDING);
1273 if (!e)
1274 return;
1275
1276 bacpy(&cp.bdaddr, &e->data.bdaddr);
1277 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1278 &cp);
1279
1280 break;
1281
1282 default:
1283 /* Passive scanning */
1284 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1285 hci_req_add_le_scan_disable(req);
1286 break;
1287 }
1288}
1289
8b064a3a
JH		 1290static int clean_up_hci_state(struct hci_dev *hdev)
1291{
1292 struct hci_request req;
1293 struct hci_conn *conn;
1294
1295 hci_req_init(&req, hdev);
1296
1297 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1298 test_bit(HCI_PSCAN, &hdev->flags)) {
1299 u8 scan = 0x00;
1300 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1301 }
1302
1303 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1304 disable_advertising(&req);
1305
f8680f12 1306 hci_stop_discovery(&req);
8b064a3a
JH		 1307
1308 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1309 struct hci_cp_disconnect dc;
c9910d0f
JH		 1310 struct hci_cp_reject_conn_req rej;
1311
1312 switch (conn->state) {
1313 case BT_CONNECTED:
1314 case BT_CONFIG:
1315 dc.handle = cpu_to_le16(conn->handle);
1316 dc.reason = 0x15; /* Terminated due to Power Off */
1317 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1318 break;
1319 case BT_CONNECT:
1320 if (conn->type == LE_LINK)
1321 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1322 0, NULL);
1323 else if (conn->type == ACL_LINK)
1324 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1325 6, &conn->dst);
1326 break;
1327 case BT_CONNECT2:
1328 bacpy(&rej.bdaddr, &conn->dst);
1329 rej.reason = 0x15; /* Terminated due to Power Off */
1330 if (conn->type == ACL_LINK)
1331 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1332 sizeof(rej), &rej);
1333 else if (conn->type == SCO_LINK)
1334 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1335 sizeof(rej), &rej);
1336 break;
1337 }
8b064a3a
JH		 1338 }
1339
1340 return hci_req_run(&req, clean_up_hci_complete);
1341}
1342
bdb6d971 1343static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1344 u16 len)
eec8d2bc 1345{
650f726d 1346 struct mgmt_mode *cp = data;
366a0336 1347 struct pending_cmd *cmd;
4b34ee78 1348 int err;
eec8d2bc 1349
bdb6d971 1350 BT_DBG("request for %s", hdev->name);
eec8d2bc 1351
a7e80f25
JH		 1352 if (cp->val != 0x00 && cp->val != 0x01)
1353 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1354 MGMT_STATUS_INVALID_PARAMS);
1355
09fd0de5 1356 hci_dev_lock(hdev);
eec8d2bc 1357
87b95ba6
JH		 1358 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1359 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1360 MGMT_STATUS_BUSY);
1361 goto failed;
1362 }
1363
f0d4b78a
MH		 1364 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1365 cancel_delayed_work(&hdev->power_off);
1366
1367 if (cp->val) {
a1d70450
JH		 1368 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1369 data, len);
1370 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1371 goto failed;
1372 }
1373 }
1374
4b34ee78 1375 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1376 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1377 goto failed;
1378 }
1379
2e58ef3e 1380 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1381 if (!cmd) {
1382 err = -ENOMEM;
eec8d2bc 1383 goto failed;
366a0336 1384 }
eec8d2bc 1385
8b064a3a 1386 if (cp->val) {
19202573 1387 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1388 err = 0;
1389 } else {
1390 /* Disconnect connections, stop scans, etc */
1391 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1392 if (!err)
1393 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1394 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1395
8b064a3a
JH		 1396 /* ENODATA means there were no HCI commands queued */
1397 if (err == -ENODATA) {
a3172b7e 1398 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1399 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1400 err = 0;
1401 }
1402 }
eec8d2bc
JH		 1403
1404failed:
09fd0de5 1405 hci_dev_unlock(hdev);
366a0336 1406 return err;
eec8d2bc
JH		 1407}
1408
beadb2bd
JH		 1409static int new_settings(struct hci_dev *hdev, struct sock *skip)
1410{
1411 __le32 ev;
1412
1413 ev = cpu_to_le32(get_current_settings(hdev));
1414
1415 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1416}
1417
bd99abdd
JH		 1418struct cmd_lookup {
1419 struct sock *sk;
1420 struct hci_dev *hdev;
1421 u8 mgmt_status;
1422};
1423
1424static void settings_rsp(struct pending_cmd *cmd, void *data)
1425{
1426 struct cmd_lookup *match = data;
1427
1428 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1429
1430 list_del(&cmd->list);
1431
1432 if (match->sk == NULL) {
1433 match->sk = cmd->sk;
1434 sock_hold(match->sk);
1435 }
1436
1437 mgmt_pending_free(cmd);
1438}
1439
1440static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1441{
1442 u8 *status = data;
1443
1444 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1445 mgmt_pending_remove(cmd);
1446}
1447
e6fe7986
JH		 1448static u8 mgmt_bredr_support(struct hci_dev *hdev)
1449{
1450 if (!lmp_bredr_capable(hdev))
1451 return MGMT_STATUS_NOT_SUPPORTED;
1452 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1453 return MGMT_STATUS_REJECTED;
1454 else
1455 return MGMT_STATUS_SUCCESS;
1456}
1457
1458static u8 mgmt_le_support(struct hci_dev *hdev)
1459{
1460 if (!lmp_le_capable(hdev))
1461 return MGMT_STATUS_NOT_SUPPORTED;
1462 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1463 return MGMT_STATUS_REJECTED;
1464 else
1465 return MGMT_STATUS_SUCCESS;
1466}
1467
bfaf8c9f
JH		 1468static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1469{
1470 struct pending_cmd *cmd;
1471 struct mgmt_mode *cp;
970ba524 1472 struct hci_request req;
bfaf8c9f
JH		 1473 bool changed;
1474
1475 BT_DBG("status 0x%02x", status);
1476
1477 hci_dev_lock(hdev);
1478
1479 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1480 if (!cmd)
1481 goto unlock;
1482
1483 if (status) {
1484 u8 mgmt_err = mgmt_status(status);
1485 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1486 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1487 goto remove_cmd;
1488 }
1489
1490 cp = cmd->param;
d4462a07 1491 if (cp->val) {
bfaf8c9f
JH		 1492 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1493 &hdev->dev_flags);
d4462a07
MH		 1494
1495 if (hdev->discov_timeout > 0) {
1496 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1497 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1498 to);
1499 }
1500 } else {
bfaf8c9f
JH		 1501 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1502 &hdev->dev_flags);
d4462a07 1503 }
bfaf8c9f
JH		 1504
1505 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1506
1507 if (changed)
1508 new_settings(hdev, cmd->sk);
1509
970ba524
MH		 1510 /* When the discoverable mode gets changed, make sure
1511 * that class of device has the limited discoverable
1512 * bit correctly set.
1513 */
1514 hci_req_init(&req, hdev);
1515 update_class(&req);
1516 hci_req_run(&req, NULL);
1517
bfaf8c9f
JH		 1518remove_cmd:
1519 mgmt_pending_remove(cmd);
1520
1521unlock:
1522 hci_dev_unlock(hdev);
1523}
1524
bdb6d971 1525static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1526 u16 len)
73f22f62 1527{
650f726d 1528 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1529 struct pending_cmd *cmd;
bfaf8c9f 1530 struct hci_request req;
5e5282bb 1531 u16 timeout;
9a43e25f 1532 u8 scan;
73f22f62
JH		 1533 int err;
1534
bdb6d971 1535 BT_DBG("request for %s", hdev->name);
73f22f62 1536
9a43e25f
JH		 1537 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1538 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1539 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1540 MGMT_STATUS_REJECTED);
33c525c0 1541
310a3d48 1542 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1543 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1544 MGMT_STATUS_INVALID_PARAMS);
1545
1f350c87 1546 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1547
1548 /* Disabling discoverable requires that no timeout is set,
1549 * and enabling limited discoverable requires a timeout.
1550 */
1551 if ((cp->val == 0x00 && timeout > 0) ||
1552 (cp->val == 0x02 && timeout == 0))
bdb6d971 1553 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1554 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1555
09fd0de5 1556 hci_dev_lock(hdev);
73f22f62 1557
5e5282bb 1558 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1559 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1560 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1561 goto failed;
1562 }
1563
2e58ef3e 1564 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1565 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1566 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1567 MGMT_STATUS_BUSY);
73f22f62
JH		 1568 goto failed;
1569 }
1570
5e5282bb 1571 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1572 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1573 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1574 goto failed;
1575 }
1576
1577 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1578 bool changed = false;
1579
310a3d48
MH		 1580 /* Setting limited discoverable when powered off is
1581 * not a valid operation since it requires a timeout
1582 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1583 */
0224d2fa
JH		 1584 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1585 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1586 changed = true;
1587 }
1588
5e5282bb 1589 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1590 if (err < 0)
1591 goto failed;
1592
1593 if (changed)
1594 err = new_settings(hdev, sk);
1595
5e5282bb
JH		 1596 goto failed;
1597 }
1598
310a3d48
MH		 1599 /* If the current mode is the same, then just update the timeout
1600 * value with the new value. And if only the timeout gets updated,
1601 * then no need for any HCI transactions.
1602 */
1603 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1604 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1605 &hdev->dev_flags)) {
36261547
MH		 1606 cancel_delayed_work(&hdev->discov_off);
1607 hdev->discov_timeout = timeout;
955638ec 1608
36261547
MH		 1609 if (cp->val && hdev->discov_timeout > 0) {
1610 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1611 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1612 to);
955638ec
MH		 1613 }
1614
69ab39ea 1615 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1616 goto failed;
1617 }
1618
2e58ef3e 1619 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1620 if (!cmd) {
1621 err = -ENOMEM;
73f22f62 1622 goto failed;
366a0336 1623 }
73f22f62 1624
310a3d48
MH		 1625 /* Cancel any potential discoverable timeout that might be
1626 * still active and store new timeout value. The arming of
1627 * the timeout happens in the complete handler.
1628 */
1629 cancel_delayed_work(&hdev->discov_off);
1630 hdev->discov_timeout = timeout;
1631
b456f87c
JH		 1632 /* Limited discoverable mode */
1633 if (cp->val == 0x02)
1634 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1635 else
1636 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1637
bfaf8c9f
JH		 1638 hci_req_init(&req, hdev);
1639
9a43e25f
JH		 1640 /* The procedure for LE-only controllers is much simpler - just
1641 * update the advertising data.
1642 */
1643 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1644 goto update_ad;
1645
73f22f62
JH		 1646 scan = SCAN_PAGE;
1647
310a3d48
MH		 1648 if (cp->val) {
1649 struct hci_cp_write_current_iac_lap hci_cp;
1650
1651 if (cp->val == 0x02) {
1652 /* Limited discoverable mode */
33337dcb 1653 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1654 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1655 hci_cp.iac_lap[1] = 0x8b;
1656 hci_cp.iac_lap[2] = 0x9e;
1657 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1658 hci_cp.iac_lap[4] = 0x8b;
1659 hci_cp.iac_lap[5] = 0x9e;
1660 } else {
1661 /* General discoverable mode */
310a3d48
MH		 1662 hci_cp.num_iac = 1;
1663 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1664 hci_cp.iac_lap[1] = 0x8b;
1665 hci_cp.iac_lap[2] = 0x9e;
1666 }
1667
1668 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1669 (hci_cp.num_iac * 3) + 1, &hci_cp);
1670
73f22f62 1671 scan |= SCAN_INQUIRY;
310a3d48
MH		 1672 } else {
1673 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1674 }
73f22f62 1675
310a3d48 1676 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1677
9a43e25f
JH		 1678update_ad:
1679 update_adv_data(&req);
1680
bfaf8c9f 1681 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1682 if (err < 0)
a664b5bc 1683 mgmt_pending_remove(cmd);
73f22f62
JH		 1684
1685failed:
09fd0de5 1686 hci_dev_unlock(hdev);
73f22f62
JH		 1687 return err;
1688}
1689
406d7804
JH		 1690static void write_fast_connectable(struct hci_request *req, bool enable)
1691{
bd98b996 1692 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1693 struct hci_cp_write_page_scan_activity acp;
1694 u8 type;
1695
547003b1
JH		 1696 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1697 return;
1698
4c01f8b8
JH		 1699 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1700 return;
1701
406d7804
JH		 1702 if (enable) {
1703 type = PAGE_SCAN_TYPE_INTERLACED;
1704
1705 /* 160 msec page scan interval */
dcf4adbf 1706 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1707 } else {
1708 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1709
1710 /* default 1.28 sec page scan */
dcf4adbf 1711 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1712 }
1713
dcf4adbf 1714 acp.window = cpu_to_le16(0x0012);
406d7804 1715
bd98b996
JH		 1716 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1717 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1718 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1719 sizeof(acp), &acp);
1720
1721 if (hdev->page_scan_type != type)
1722 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1723}
1724
2b76f453
JH		 1725static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1726{
1727 struct pending_cmd *cmd;
d7b856f9
JH		 1728 struct mgmt_mode *cp;
1729 bool changed;
2b76f453
JH		 1730
1731 BT_DBG("status 0x%02x", status);
1732
1733 hci_dev_lock(hdev);
1734
1735 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1736 if (!cmd)
1737 goto unlock;
1738
37438c1f
JH		 1739 if (status) {
1740 u8 mgmt_err = mgmt_status(status);
1741 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1742 goto remove_cmd;
1743 }
1744
d7b856f9
JH		 1745 cp = cmd->param;
1746 if (cp->val)
1747 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1748 else
1749 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1750
2b76f453
JH		 1751 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1752
2b7be33e 1753 if (changed) {
d7b856f9 1754 new_settings(hdev, cmd->sk);
2b7be33e
JH		 1755 hci_update_background_scan(hdev);
1756 }
d7b856f9 1757
37438c1f 1758remove_cmd:
2b76f453
JH		 1759 mgmt_pending_remove(cmd);
1760
1761unlock:
1762 hci_dev_unlock(hdev);
1763}
1764
e8ba3a1f
JH		 1765static int set_connectable_update_settings(struct hci_dev *hdev,
1766 struct sock *sk, u8 val)
1767{
1768 bool changed = false;
1769 int err;
1770
1771 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1772 changed = true;
1773
1774 if (val) {
1775 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1776 } else {
1777 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1778 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1779 }
1780
1781 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1782 if (err < 0)
1783 return err;
1784
1785 if (changed)
1786 return new_settings(hdev, sk);
1787
1788 return 0;
1789}
1790
bdb6d971 1791static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1792 u16 len)
9fbcbb45 1793{
650f726d 1794 struct mgmt_mode *cp = data;
366a0336 1795 struct pending_cmd *cmd;
2b76f453 1796 struct hci_request req;
1987fdc7 1797 u8 scan;
9fbcbb45
JH		 1798 int err;
1799
bdb6d971 1800 BT_DBG("request for %s", hdev->name);
9fbcbb45 1801
1987fdc7
JH		 1802 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1803 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1804 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1805 MGMT_STATUS_REJECTED);
33c525c0 1806
a7e80f25
JH		 1807 if (cp->val != 0x00 && cp->val != 0x01)
1808 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1809 MGMT_STATUS_INVALID_PARAMS);
1810
09fd0de5 1811 hci_dev_lock(hdev);
9fbcbb45 1812
4b34ee78 1813 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1814 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1815 goto failed;
1816 }
1817
2e58ef3e 1818 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1819 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1820 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1821 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1822 goto failed;
1823 }
1824
2e58ef3e 1825 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1826 if (!cmd) {
1827 err = -ENOMEM;
9fbcbb45 1828 goto failed;
366a0336 1829 }
9fbcbb45 1830
9b74246f 1831 hci_req_init(&req, hdev);
9fbcbb45 1832
9a43e25f
JH		 1833 /* If BR/EDR is not enabled and we disable advertising as a
1834 * by-product of disabling connectable, we need to update the
1835 * advertising flags.
1836 */
1837 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1838 if (!cp->val) {
1839 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1840 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1841 }
1842 update_adv_data(&req);
1843 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1844 if (cp->val) {
1845 scan = SCAN_PAGE;
1846 } else {
1847 scan = 0;
1848
1849 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1850 hdev->discov_timeout > 0)
9b74246f
JH		 1851 cancel_delayed_work(&hdev->discov_off);
1852 }
2b76f453 1853
9b74246f
JH		 1854 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1855 }
2b76f453 1856
4c01f8b8
JH		 1857 /* If we're going from non-connectable to connectable or
1858 * vice-versa when fast connectable is enabled ensure that fast
1859 * connectable gets disabled. write_fast_connectable won't do
1860 * anything if the page scan parameters are already what they
1861 * should be.
1862 */
1863 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1864 write_fast_connectable(&req, false);
1865
1987fdc7
JH		 1866 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1867 hci_conn_num(hdev, LE_LINK) == 0) {
1868 disable_advertising(&req);
1869 enable_advertising(&req);
1870 }
1871
2b76f453 1872 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1873 if (err < 0) {
a664b5bc 1874 mgmt_pending_remove(cmd);
9b74246f 1875 if (err == -ENODATA)
a81070ba
JH		 1876 err = set_connectable_update_settings(hdev, sk,
1877 cp->val);
9b74246f
JH		 1878 goto failed;
1879 }
9fbcbb45
JH		 1880
1881failed:
09fd0de5 1882 hci_dev_unlock(hdev);
9fbcbb45
JH		 1883 return err;
1884}
1885
bdb6d971 1886static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1887 u16 len)
c542a06c 1888{
650f726d 1889 struct mgmt_mode *cp = data;
55594356 1890 bool changed;
c542a06c
JH		 1891 int err;
1892
bdb6d971 1893 BT_DBG("request for %s", hdev->name);
c542a06c 1894
a7e80f25
JH		 1895 if (cp->val != 0x00 && cp->val != 0x01)
1896 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1897 MGMT_STATUS_INVALID_PARAMS);
1898
09fd0de5 1899 hci_dev_lock(hdev);
c542a06c
JH		 1900
1901 if (cp->val)
55594356 1902 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1903 else
55594356 1904 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1905
69ab39ea 1906 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1907 if (err < 0)
55594356 1908 goto unlock;
c542a06c 1909
55594356
MH		 1910 if (changed)
1911 err = new_settings(hdev, sk);
c542a06c 1912
55594356 1913unlock:
09fd0de5 1914 hci_dev_unlock(hdev);
c542a06c
JH		 1915 return err;
1916}
1917
04124681
GP		 1918static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1919 u16 len)
33ef95ed
JH		 1920{
1921 struct mgmt_mode *cp = data;
1922 struct pending_cmd *cmd;
e6fe7986 1923 u8 val, status;
33ef95ed
JH		 1924 int err;
1925
bdb6d971 1926 BT_DBG("request for %s", hdev->name);
33ef95ed 1927
e6fe7986
JH		 1928 status = mgmt_bredr_support(hdev);
1929 if (status)
33c525c0 1930 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1931 status);
33c525c0 1932
a7e80f25
JH		 1933 if (cp->val != 0x00 && cp->val != 0x01)
1934 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1935 MGMT_STATUS_INVALID_PARAMS);
1936
33ef95ed
JH		 1937 hci_dev_lock(hdev);
1938
4b34ee78 1939 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1940 bool changed = false;
1941
1942 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1943 &hdev->dev_flags)) {
47990ea0
JH		 1944 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1945 changed = true;
1946 }
1947
1948 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1949 if (err < 0)
1950 goto failed;
1951
1952 if (changed)
1953 err = new_settings(hdev, sk);
1954
33ef95ed
JH		 1955 goto failed;
1956 }
1957
1958 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1959 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1960 MGMT_STATUS_BUSY);
33ef95ed
JH		 1961 goto failed;
1962 }
1963
1964 val = !!cp->val;
1965
1966 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1967 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1968 goto failed;
1969 }
1970
1971 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1972 if (!cmd) {
1973 err = -ENOMEM;
1974 goto failed;
1975 }
1976
1977 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1978 if (err < 0) {
1979 mgmt_pending_remove(cmd);
1980 goto failed;
1981 }
1982
1983failed:
1984 hci_dev_unlock(hdev);
33ef95ed
JH		 1985 return err;
1986}
1987
bdb6d971 1988static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1989{
1990 struct mgmt_mode *cp = data;
1991 struct pending_cmd *cmd;
72ef0c1a 1992 u8 status;
ed2c4ee3
JH		 1993 int err;
1994
bdb6d971 1995 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1996
cdba5281
MH		 1997 status = mgmt_bredr_support(hdev);
1998 if (status)
1999 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2000
13ecd8b6
JH		 2001 if (!lmp_ssp_capable(hdev))
2002 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2003 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2004
a7e80f25
JH		 2005 if (cp->val != 0x00 && cp->val != 0x01)
2006 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2007 MGMT_STATUS_INVALID_PARAMS);
2008
13ecd8b6 2009 hci_dev_lock(hdev);
6c8f12c1 2010
4b34ee78 2011 if (!hdev_is_powered(hdev)) {
9ecb3e24 2012 bool changed;
c0ecddc2 2013
9ecb3e24
MH		 2014 if (cp->val) {
2015 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2016 &hdev->dev_flags);
2017 } else {
2018 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2019 &hdev->dev_flags);
2020 if (!changed)
2021 changed = test_and_clear_bit(HCI_HS_ENABLED,
2022 &hdev->dev_flags);
2023 else
2024 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2025 }
2026
2027 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2028 if (err < 0)
2029 goto failed;
2030
2031 if (changed)
2032 err = new_settings(hdev, sk);
2033
ed2c4ee3
JH		 2034 goto failed;
2035 }
2036
9ecb3e24
MH		 2037 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2038 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2039 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2040 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2041 goto failed;
2042 }
2043
72ef0c1a 2044 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2045 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2046 goto failed;
2047 }
2048
2049 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2050 if (!cmd) {
2051 err = -ENOMEM;
2052 goto failed;
2053 }
2054
3769972b
JH		 2055 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2056 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2057 sizeof(cp->val), &cp->val);
2058
72ef0c1a 2059 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2060 if (err < 0) {
2061 mgmt_pending_remove(cmd);
2062 goto failed;
2063 }
2064
2065failed:
2066 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2067 return err;
2068}
2069
bdb6d971 2070static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2071{
2072 struct mgmt_mode *cp = data;
ee392693 2073 bool changed;
e6fe7986 2074 u8 status;
ee392693 2075 int err;
6d80dfd0 2076
bdb6d971 2077 BT_DBG("request for %s", hdev->name);
6d80dfd0 2078
e6fe7986
JH		 2079 status = mgmt_bredr_support(hdev);
2080 if (status)
2081 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2082
9ecb3e24
MH		 2083 if (!lmp_ssp_capable(hdev))
2084 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2085 MGMT_STATUS_NOT_SUPPORTED);
2086
2087 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2088 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2089 MGMT_STATUS_REJECTED);
2090
a7e80f25
JH		 2091 if (cp->val != 0x00 && cp->val != 0x01)
2092 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2093 MGMT_STATUS_INVALID_PARAMS);
2094
ee392693
MH		 2095 hci_dev_lock(hdev);
2096
a0cdf960 2097 if (cp->val) {
ee392693 2098 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2099 } else {
2100 if (hdev_is_powered(hdev)) {
2101 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2102 MGMT_STATUS_REJECTED);
2103 goto unlock;
2104 }
2105
ee392693 2106 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2107 }
ee392693
MH		 2108
2109 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2110 if (err < 0)
2111 goto unlock;
2112
2113 if (changed)
2114 err = new_settings(hdev, sk);
6d80dfd0 2115
ee392693
MH		 2116unlock:
2117 hci_dev_unlock(hdev);
2118 return err;
6d80dfd0
JH		 2119}
2120
416a4ae5
JH		 2121static void le_enable_complete(struct hci_dev *hdev, u8 status)
2122{
2123 struct cmd_lookup match = { NULL, hdev };
2124
2125 if (status) {
2126 u8 mgmt_err = mgmt_status(status);
2127
2128 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2129 &mgmt_err);
2130 return;
2131 }
2132
2133 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2134
2135 new_settings(hdev, match.sk);
2136
2137 if (match.sk)
2138 sock_put(match.sk);
441ad2d0
MH		 2139
2140 /* Make sure the controller has a good default for
2141 * advertising data. Restrict the update to when LE
2142 * has actually been enabled. During power on, the
2143 * update in powered_update_hci will take care of it.
2144 */
2145 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2146 struct hci_request req;
2147
2148 hci_dev_lock(hdev);
2149
2150 hci_req_init(&req, hdev);
5947f4bc 2151 update_adv_data(&req);
f14d8f64 2152 update_scan_rsp_data(&req);
441ad2d0
MH		 2153 hci_req_run(&req, NULL);
2154
a70f4b5f
JH		 2155 hci_update_background_scan(hdev);
2156
441ad2d0
MH		 2157 hci_dev_unlock(hdev);
2158 }
416a4ae5
JH		 2159}
2160
bdb6d971 2161static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2162{
2163 struct mgmt_mode *cp = data;
2164 struct hci_cp_write_le_host_supported hci_cp;
2165 struct pending_cmd *cmd;
416a4ae5 2166 struct hci_request req;
06199cf8 2167 int err;
0b60eba1 2168 u8 val, enabled;
06199cf8 2169
bdb6d971 2170 BT_DBG("request for %s", hdev->name);
06199cf8 2171
13ecd8b6
JH		 2172 if (!lmp_le_capable(hdev))
2173 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2174 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2175
a7e80f25
JH		 2176 if (cp->val != 0x00 && cp->val != 0x01)
2177 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2178 MGMT_STATUS_INVALID_PARAMS);
2179
c73eee91 2180 /* LE-only devices do not allow toggling LE on/off */
56f87901 2181 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2182 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2183 MGMT_STATUS_REJECTED);
2184
13ecd8b6 2185 hci_dev_lock(hdev);
06199cf8
JH		 2186
2187 val = !!cp->val;
ffa88e02 2188 enabled = lmp_host_le_capable(hdev);
06199cf8 2189
0b60eba1 2190 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2191 bool changed = false;
2192
2193 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2194 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2195 changed = true;
2196 }
2197
f3d3444a
JH		 2198 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2199 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2200 changed = true;
2201 }
2202
06199cf8
JH		 2203 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2204 if (err < 0)
1de028ce 2205 goto unlock;
06199cf8
JH		 2206
2207 if (changed)
2208 err = new_settings(hdev, sk);
2209
1de028ce 2210 goto unlock;
06199cf8
JH		 2211 }
2212
4375f103
JH		 2213 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2214 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2215 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2216 MGMT_STATUS_BUSY);
1de028ce 2217 goto unlock;
06199cf8
JH		 2218 }
2219
2220 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2221 if (!cmd) {
2222 err = -ENOMEM;
1de028ce 2223 goto unlock;
06199cf8
JH		 2224 }
2225
441ad2d0
MH		 2226 hci_req_init(&req, hdev);
2227
06199cf8
JH		 2228 memset(&hci_cp, 0, sizeof(hci_cp));
2229
2230 if (val) {
2231 hci_cp.le = val;
ffa88e02 2232 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2233 } else {
2234 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2235 disable_advertising(&req);
06199cf8
JH		 2236 }
2237
416a4ae5
JH		 2238 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2239 &hci_cp);
2240
2241 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2242 if (err < 0)
06199cf8 2243 mgmt_pending_remove(cmd);
06199cf8 2244
1de028ce
JH		 2245unlock:
2246 hci_dev_unlock(hdev);
06199cf8
JH		 2247 return err;
2248}
2249
0cab9c80
JH		 2250/* This is a helper function to test for pending mgmt commands that can
2251 * cause CoD or EIR HCI commands. We can only allow one such pending
2252 * mgmt command at a time since otherwise we cannot easily track what
2253 * the current values are, will be, and based on that calculate if a new
2254 * HCI command needs to be sent and if yes with what value.
2255 */
2256static bool pending_eir_or_class(struct hci_dev *hdev)
2257{
2258 struct pending_cmd *cmd;
2259
2260 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2261 switch (cmd->opcode) {
2262 case MGMT_OP_ADD_UUID:
2263 case MGMT_OP_REMOVE_UUID:
2264 case MGMT_OP_SET_DEV_CLASS:
2265 case MGMT_OP_SET_POWERED:
2266 return true;
2267 }
2268 }
2269
2270 return false;
2271}
2272
83be8eca
JH		 2273static const u8 bluetooth_base_uuid[] = {
2274 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2275 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2276};
2277
2278static u8 get_uuid_size(const u8 *uuid)
2279{
2280 u32 val;
2281
2282 if (memcmp(uuid, bluetooth_base_uuid, 12))
2283 return 128;
2284
2285 val = get_unaligned_le32(&uuid[12]);
2286 if (val > 0xffff)
2287 return 32;
2288
2289 return 16;
2290}
2291
92da6097
JH		 2292static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2293{
2294 struct pending_cmd *cmd;
2295
2296 hci_dev_lock(hdev);
2297
2298 cmd = mgmt_pending_find(mgmt_op, hdev);
2299 if (!cmd)
2300 goto unlock;
2301
2302 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2303 hdev->dev_class, 3);
2304
2305 mgmt_pending_remove(cmd);
2306
2307unlock:
2308 hci_dev_unlock(hdev);
2309}
2310
2311static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2312{
2313 BT_DBG("status 0x%02x", status);
2314
2315 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2316}
2317
bdb6d971 2318static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2319{
650f726d 2320 struct mgmt_cp_add_uuid *cp = data;
90e70454 2321 struct pending_cmd *cmd;
890ea898 2322 struct hci_request req;
2aeb9a1a 2323 struct bt_uuid *uuid;
2aeb9a1a
JH		 2324 int err;
2325
bdb6d971 2326 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2327
09fd0de5 2328 hci_dev_lock(hdev);
2aeb9a1a 2329
0cab9c80 2330 if (pending_eir_or_class(hdev)) {
bdb6d971 2331 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2332 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2333 goto failed;
2334 }
2335
92c4c204 2336 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2337 if (!uuid) {
2338 err = -ENOMEM;
2339 goto failed;
2340 }
2341
2342 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2343 uuid->svc_hint = cp->svc_hint;
83be8eca 2344 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2345
de66aa63 2346 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2347
890ea898 2348 hci_req_init(&req, hdev);
1aff6f09 2349
890ea898
JH		 2350 update_class(&req);
2351 update_eir(&req);
2352
92da6097
JH		 2353 err = hci_req_run(&req, add_uuid_complete);
2354 if (err < 0) {
2355 if (err != -ENODATA)
2356 goto failed;
80a1e1db 2357
bdb6d971 2358 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2359 hdev->dev_class, 3);
90e70454
JH		 2360 goto failed;
2361 }
2362
2363 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2364 if (!cmd) {
90e70454 2365 err = -ENOMEM;
890ea898
JH		 2366 goto failed;
2367 }
2368
2369 err = 0;
2aeb9a1a
JH		 2370
2371failed:
09fd0de5 2372 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2373 return err;
2374}
2375
24b78d0f
JH		 2376static bool enable_service_cache(struct hci_dev *hdev)
2377{
2378 if (!hdev_is_powered(hdev))
2379 return false;
2380
2381 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2382 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2383 CACHE_TIMEOUT);
24b78d0f
JH		 2384 return true;
2385 }
2386
2387 return false;
2388}
2389
92da6097
JH		 2390static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2391{
2392 BT_DBG("status 0x%02x", status);
2393
2394 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2395}
2396
bdb6d971 2397static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2398 u16 len)
2aeb9a1a 2399{
650f726d 2400 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2401 struct pending_cmd *cmd;
056341c8 2402 struct bt_uuid *match, *tmp;
2aeb9a1a 2403 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2404 struct hci_request req;
2aeb9a1a
JH		 2405 int err, found;
2406
bdb6d971 2407 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2408
09fd0de5 2409 hci_dev_lock(hdev);
2aeb9a1a 2410
0cab9c80 2411 if (pending_eir_or_class(hdev)) {
bdb6d971 2412 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2413 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2414 goto unlock;
2415 }
2416
2aeb9a1a 2417 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2418 hci_uuids_clear(hdev);
4004b6d9 2419
24b78d0f 2420 if (enable_service_cache(hdev)) {
bdb6d971 2421 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2422 0, hdev->dev_class, 3);
24b78d0f
JH		 2423 goto unlock;
2424 }
4004b6d9 2425
9246a869 2426 goto update_class;
2aeb9a1a
JH		 2427 }
2428
2429 found = 0;
2430
056341c8 2431 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2432 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2433 continue;
2434
2435 list_del(&match->list);
482049f7 2436 kfree(match);
2aeb9a1a
JH		 2437 found++;
2438 }
2439
2440 if (found == 0) {
bdb6d971 2441 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2442 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2443 goto unlock;
2444 }
2445
9246a869 2446update_class:
890ea898 2447 hci_req_init(&req, hdev);
1aff6f09 2448
890ea898
JH		 2449 update_class(&req);
2450 update_eir(&req);
2451
92da6097
JH		 2452 err = hci_req_run(&req, remove_uuid_complete);
2453 if (err < 0) {
2454 if (err != -ENODATA)
2455 goto unlock;
80a1e1db 2456
bdb6d971 2457 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2458 hdev->dev_class, 3);
90e70454
JH		 2459 goto unlock;
2460 }
2461
2462 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2463 if (!cmd) {
90e70454 2464 err = -ENOMEM;
890ea898
JH		 2465 goto unlock;
2466 }
2467
2468 err = 0;
2aeb9a1a
JH		 2469
2470unlock:
09fd0de5 2471 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2472 return err;
2473}
2474
92da6097
JH		 2475static void set_class_complete(struct hci_dev *hdev, u8 status)
2476{
2477 BT_DBG("status 0x%02x", status);
2478
2479 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2480}
2481
bdb6d971 2482static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2483 u16 len)
1aff6f09 2484{
650f726d 2485 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2486 struct pending_cmd *cmd;
890ea898 2487 struct hci_request req;
1aff6f09
JH		 2488 int err;
2489
bdb6d971 2490 BT_DBG("request for %s", hdev->name);
1aff6f09 2491
6203fc98 2492 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2493 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2494 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2495
0cab9c80 2496 hci_dev_lock(hdev);
ee98f473 2497
0cab9c80
JH		 2498 if (pending_eir_or_class(hdev)) {
2499 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2500 MGMT_STATUS_BUSY);
2501 goto unlock;
2502 }
c95f0ba7 2503
0cab9c80
JH		 2504 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2506 MGMT_STATUS_INVALID_PARAMS);
2507 goto unlock;
2508 }
575b3a02 2509
932f5ff5
JH		 2510 hdev->major_class = cp->major;
2511 hdev->minor_class = cp->minor;
2512
b5235a65 2513 if (!hdev_is_powered(hdev)) {
bdb6d971 2514 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2515 hdev->dev_class, 3);
b5235a65
JH		 2516 goto unlock;
2517 }
2518
890ea898
JH		 2519 hci_req_init(&req, hdev);
2520
a8b2d5c2 2521 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2522 hci_dev_unlock(hdev);
2523 cancel_delayed_work_sync(&hdev->service_cache);
2524 hci_dev_lock(hdev);
890ea898 2525 update_eir(&req);
7d78525d 2526 }
14c0b608 2527
890ea898
JH		 2528 update_class(&req);
2529
92da6097
JH		 2530 err = hci_req_run(&req, set_class_complete);
2531 if (err < 0) {
2532 if (err != -ENODATA)
2533 goto unlock;
1aff6f09 2534
bdb6d971 2535 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2536 hdev->dev_class, 3);
90e70454
JH		 2537 goto unlock;
2538 }
2539
2540 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2541 if (!cmd) {
90e70454 2542 err = -ENOMEM;
890ea898
JH		 2543 goto unlock;
2544 }
2545
2546 err = 0;
1aff6f09 2547
b5235a65 2548unlock:
09fd0de5 2549 hci_dev_unlock(hdev);
1aff6f09
JH		 2550 return err;
2551}
2552
bdb6d971 2553static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2554 u16 len)
55ed8ca1 2555{
650f726d 2556 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2557 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2558 sizeof(struct mgmt_link_key_info));
4e51eae9 2559 u16 key_count, expected_len;
b1de97d8 2560 bool changed;
a492cd52 2561 int i;
55ed8ca1 2562
9060d5cf
MH		 2563 BT_DBG("request for %s", hdev->name);
2564
2565 if (!lmp_bredr_capable(hdev))
2566 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2567 MGMT_STATUS_NOT_SUPPORTED);
2568
1f350c87 2569 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2570 if (key_count > max_key_count) {
2571 BT_ERR("load_link_keys: too big key_count value %u",
2572 key_count);
2573 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2574 MGMT_STATUS_INVALID_PARAMS);
2575 }
55ed8ca1 2576
86742e1e
JH		 2577 expected_len = sizeof(*cp) + key_count *
2578 sizeof(struct mgmt_link_key_info);
a492cd52 2579 if (expected_len != len) {
86742e1e 2580 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2581 expected_len, len);
bdb6d971 2582 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2583 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2584 }
2585
4ae14301
JH		 2586 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2587 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2588 MGMT_STATUS_INVALID_PARAMS);
2589
bdb6d971 2590 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2591 key_count);
55ed8ca1 2592
4ee71b20
JH		 2593 for (i = 0; i < key_count; i++) {
2594 struct mgmt_link_key_info *key = &cp->keys[i];
2595
8e991132 2596 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2597 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2598 MGMT_STATUS_INVALID_PARAMS);
2599 }
2600
09fd0de5 2601 hci_dev_lock(hdev);
55ed8ca1
JH		 2602
2603 hci_link_keys_clear(hdev);
2604
55ed8ca1 2605 if (cp->debug_keys)
0663b297
JH		 2606 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2607 &hdev->dev_flags);
55ed8ca1 2608 else
0663b297
JH		 2609 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2610 &hdev->dev_flags);
b1de97d8
MH		 2611
2612 if (changed)
2613 new_settings(hdev, NULL);
55ed8ca1 2614
a492cd52 2615 for (i = 0; i < key_count; i++) {
86742e1e 2616 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2617
58e9293c
JH		 2618 /* Always ignore debug keys and require a new pairing if
2619 * the user wants to use them.
2620 */
2621 if (key->type == HCI_LK_DEBUG_COMBINATION)
2622 continue;
2623
7652ff6a
JH		 2624 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2625 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2626 }
2627
bdb6d971 2628 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2629
09fd0de5 2630 hci_dev_unlock(hdev);
55ed8ca1 2631
a492cd52 2632 return 0;
55ed8ca1
JH		 2633}
2634
b1078ad0 2635static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2636 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2637{
2638 struct mgmt_ev_device_unpaired ev;
2639
2640 bacpy(&ev.addr.bdaddr, bdaddr);
2641 ev.addr.type = addr_type;
2642
2643 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2644 skip_sk);
b1078ad0
JH		 2645}
2646
bdb6d971 2647static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2648 u16 len)
55ed8ca1 2649{
124f6e35
JH		 2650 struct mgmt_cp_unpair_device *cp = data;
2651 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2652 struct hci_cp_disconnect dc;
2653 struct pending_cmd *cmd;
55ed8ca1 2654 struct hci_conn *conn;
55ed8ca1
JH		 2655 int err;
2656
a8a1d19e 2657 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2658 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2659 rp.addr.type = cp->addr.type;
a8a1d19e 2660
4ee71b20
JH		 2661 if (!bdaddr_type_is_valid(cp->addr.type))
2662 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2663 MGMT_STATUS_INVALID_PARAMS,
2664 &rp, sizeof(rp));
2665
118da70b
JH		 2666 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2667 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2668 MGMT_STATUS_INVALID_PARAMS,
2669 &rp, sizeof(rp));
2670
4ee71b20
JH		 2671 hci_dev_lock(hdev);
2672
86a8cfc6 2673 if (!hdev_is_powered(hdev)) {
bdb6d971 2674 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2675 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2676 goto unlock;
2677 }
2678
e0b2b27e 2679 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2680 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2681 } else {
2682 u8 addr_type;
2683
2684 if (cp->addr.type == BDADDR_LE_PUBLIC)
2685 addr_type = ADDR_LE_DEV_PUBLIC;
2686 else
2687 addr_type = ADDR_LE_DEV_RANDOM;
2688
a7ec7338
JH		 2689 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2690
a9b0a04c
AG		 2691 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2692
e0b2b27e
JH		 2693 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2694 }
b0dbfb46 2695
55ed8ca1 2696 if (err < 0) {
bdb6d971 2697 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2698 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2699 goto unlock;
2700 }
2701
86a8cfc6 2702 if (cp->disconnect) {
591f47f3 2703 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2704 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2705 &cp->addr.bdaddr);
86a8cfc6
JH		 2706 else
2707 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2708 &cp->addr.bdaddr);
86a8cfc6
JH		 2709 } else {
2710 conn = NULL;
2711 }
124f6e35 2712
a8a1d19e 2713 if (!conn) {
bdb6d971 2714 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2715 &rp, sizeof(rp));
b1078ad0 2716 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2717 goto unlock;
2718 }
55ed8ca1 2719
124f6e35 2720 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2721 sizeof(*cp));
a8a1d19e
JH		 2722 if (!cmd) {
2723 err = -ENOMEM;
2724 goto unlock;
55ed8ca1
JH		 2725 }
2726
eb55ef07 2727 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2728 dc.reason = 0x13; /* Remote User Terminated Connection */
2729 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2730 if (err < 0)
2731 mgmt_pending_remove(cmd);
2732
55ed8ca1 2733unlock:
09fd0de5 2734 hci_dev_unlock(hdev);
55ed8ca1
JH		 2735 return err;
2736}
2737
bdb6d971 2738static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2739 u16 len)
8962ee74 2740{
650f726d 2741 struct mgmt_cp_disconnect *cp = data;
06a63b19 2742 struct mgmt_rp_disconnect rp;
8962ee74 2743 struct hci_cp_disconnect dc;
366a0336 2744 struct pending_cmd *cmd;
8962ee74 2745 struct hci_conn *conn;
8962ee74
JH		 2746 int err;
2747
2748 BT_DBG("");
2749
06a63b19
JH		 2750 memset(&rp, 0, sizeof(rp));
2751 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2752 rp.addr.type = cp->addr.type;
2753
4ee71b20 2754 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2755 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2756 MGMT_STATUS_INVALID_PARAMS,
2757 &rp, sizeof(rp));
4ee71b20 2758
09fd0de5 2759 hci_dev_lock(hdev);
8962ee74
JH		 2760
2761 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2762 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2763 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2764 goto failed;
2765 }
2766
2e58ef3e 2767 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2768 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2769 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2770 goto failed;
2771 }
2772
591f47f3 2773 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2774 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2775 &cp->addr.bdaddr);
88c3df13
JH		 2776 else
2777 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2778
f960727e 2779 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2780 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2781 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2782 goto failed;
2783 }
2784
2e58ef3e 2785 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2786 if (!cmd) {
2787 err = -ENOMEM;
8962ee74 2788 goto failed;
366a0336 2789 }
8962ee74 2790
eb55ef07 2791 dc.handle = cpu_to_le16(conn->handle);
3701f944 2792 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2793
2794 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2795 if (err < 0)
a664b5bc 2796 mgmt_pending_remove(cmd);
8962ee74
JH		 2797
2798failed:
09fd0de5 2799 hci_dev_unlock(hdev);
8962ee74
JH		 2800 return err;
2801}
2802
57c1477c 2803static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2804{
2805 switch (link_type) {
2806 case LE_LINK:
48264f06
JH		 2807 switch (addr_type) {
2808 case ADDR_LE_DEV_PUBLIC:
591f47f3 2809 return BDADDR_LE_PUBLIC;
0ed09148 2810
48264f06 2811 default:
0ed09148 2812 /* Fallback to LE Random address type */
591f47f3 2813 return BDADDR_LE_RANDOM;
48264f06 2814 }
0ed09148 2815
4c659c39 2816 default:
0ed09148 2817 /* Fallback to BR/EDR type */
591f47f3 2818 return BDADDR_BREDR;
4c659c39
JH		 2819 }
2820}
2821
04124681
GP		 2822static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2823 u16 data_len)
2784eb41 2824{
2784eb41 2825 struct mgmt_rp_get_connections *rp;
8035ded4 2826 struct hci_conn *c;
a38528f1 2827 size_t rp_len;
60fc5fb6
JH		 2828 int err;
2829 u16 i;
2784eb41
JH		 2830
2831 BT_DBG("");
2832
09fd0de5 2833 hci_dev_lock(hdev);
2784eb41 2834
5f97c1df 2835 if (!hdev_is_powered(hdev)) {
bdb6d971 2836 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2837 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2838 goto unlock;
2839 }
2840
60fc5fb6 2841 i = 0;
b644ba33
JH		 2842 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2843 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2844 i++;
2784eb41
JH		 2845 }
2846
60fc5fb6 2847 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2848 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2849 if (!rp) {
2784eb41
JH		 2850 err = -ENOMEM;
2851 goto unlock;
2852 }
2853
2784eb41 2854 i = 0;
4c659c39 2855 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2856 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2857 continue;
4c659c39 2858 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2859 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2860 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2861 continue;
2862 i++;
2863 }
2864
eb55ef07 2865 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2866
4c659c39
JH		 2867 /* Recalculate length in case of filtered SCO connections, etc */
2868 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2869
bdb6d971 2870 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2871 rp_len);
2784eb41 2872
a38528f1 2873 kfree(rp);
5f97c1df
JH		 2874
2875unlock:
09fd0de5 2876 hci_dev_unlock(hdev);
2784eb41
JH		 2877 return err;
2878}
2879
bdb6d971 2880static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2881 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2882{
2883 struct pending_cmd *cmd;
2884 int err;
2885
2e58ef3e 2886 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2887 sizeof(*cp));
96d97a67
WR		 2888 if (!cmd)
2889 return -ENOMEM;
2890
d8457698 2891 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2892 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2893 if (err < 0)
2894 mgmt_pending_remove(cmd);
2895
2896 return err;
2897}
2898
bdb6d971 2899static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2900 u16 len)
980e1a53 2901{
96d97a67 2902 struct hci_conn *conn;
650f726d 2903 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2904 struct hci_cp_pin_code_reply reply;
366a0336 2905 struct pending_cmd *cmd;
980e1a53
JH		 2906 int err;
2907
2908 BT_DBG("");
2909
09fd0de5 2910 hci_dev_lock(hdev);
980e1a53 2911
4b34ee78 2912 if (!hdev_is_powered(hdev)) {
bdb6d971 2913 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2914 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2915 goto failed;
2916 }
2917
d8457698 2918 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2919 if (!conn) {
bdb6d971 2920 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2921 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2922 goto failed;
2923 }
2924
2925 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2926 struct mgmt_cp_pin_code_neg_reply ncp;
2927
2928 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2929
2930 BT_ERR("PIN code is not 16 bytes long");
2931
bdb6d971 2932 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2933 if (err >= 0)
bdb6d971 2934 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2935 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2936
2937 goto failed;
2938 }
2939
00abfe44 2940 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2941 if (!cmd) {
2942 err = -ENOMEM;
980e1a53 2943 goto failed;
366a0336 2944 }
980e1a53 2945
d8457698 2946 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2947 reply.pin_len = cp->pin_len;
24718ca5 2948 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2949
2950 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2951 if (err < 0)
a664b5bc 2952 mgmt_pending_remove(cmd);
980e1a53
JH		 2953
2954failed:
09fd0de5 2955 hci_dev_unlock(hdev);
980e1a53
JH		 2956 return err;
2957}
2958
04124681
GP		 2959static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2960 u16 len)
17fa4b9d 2961{
650f726d 2962 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2963
2964 BT_DBG("");
2965
4ec86d4c
JH		 2966 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2967 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2968 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2969
09fd0de5 2970 hci_dev_lock(hdev);
17fa4b9d
JH		 2971
2972 hdev->io_capability = cp->io_capability;
2973
2974 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2975 hdev->io_capability);
17fa4b9d 2976
09fd0de5 2977 hci_dev_unlock(hdev);
17fa4b9d 2978
04124681
GP		 2979 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2980 0);
17fa4b9d
JH		 2981}
2982
6039aa73 2983static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2984{
2985 struct hci_dev *hdev = conn->hdev;
8035ded4 2986 struct pending_cmd *cmd;
e9a416b5 2987
2e58ef3e 2988 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2989 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2990 continue;
2991
e9a416b5
JH		 2992 if (cmd->user_data != conn)
2993 continue;
2994
2995 return cmd;
2996 }
2997
2998 return NULL;
2999}
3000
3001static void pairing_complete(struct pending_cmd *cmd, u8 status)
3002{
3003 struct mgmt_rp_pair_device rp;
3004 struct hci_conn *conn = cmd->user_data;
3005
61b1a7fb
JH		 3006 bacpy(&rp.addr.bdaddr, &conn->dst);
3007 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3008
aee9b218 3009 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3010 &rp, sizeof(rp));
e9a416b5
JH		 3011
3012 /* So we don't get further callbacks for this connection */
3013 conn->connect_cfm_cb = NULL;
3014 conn->security_cfm_cb = NULL;
3015 conn->disconn_cfm_cb = NULL;
3016
76a68ba0 3017 hci_conn_drop(conn);
e9a416b5 3018
a664b5bc 3019 mgmt_pending_remove(cmd);
e9a416b5
JH		 3020}
3021
f4a407be
JH		 3022void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3023{
3024 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3025 struct pending_cmd *cmd;
3026
3027 cmd = find_pairing(conn);
3028 if (cmd)
3029 pairing_complete(cmd, status);
3030}
3031
e9a416b5
JH		 3032static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3033{
3034 struct pending_cmd *cmd;
3035
3036 BT_DBG("status %u", status);
3037
3038 cmd = find_pairing(conn);
56e5cb86 3039 if (!cmd)
e9a416b5 3040 BT_DBG("Unable to find a pending command");
56e5cb86 3041 else
e211326c 3042 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3043}
3044
f4a407be 3045static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3046{
3047 struct pending_cmd *cmd;
3048
3049 BT_DBG("status %u", status);
3050
3051 if (!status)
3052 return;
3053
3054 cmd = find_pairing(conn);
3055 if (!cmd)
3056 BT_DBG("Unable to find a pending command");
3057 else
3058 pairing_complete(cmd, mgmt_status(status));
3059}
3060
bdb6d971 3061static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3062 u16 len)
e9a416b5 3063{
650f726d 3064 struct mgmt_cp_pair_device *cp = data;
1425acb7 3065 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3066 struct pending_cmd *cmd;
3067 u8 sec_level, auth_type;
3068 struct hci_conn *conn;
e9a416b5
JH		 3069 int err;
3070
3071 BT_DBG("");
3072
f950a30e
SJ		 3073 memset(&rp, 0, sizeof(rp));
3074 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3075 rp.addr.type = cp->addr.type;
3076
4ee71b20
JH		 3077 if (!bdaddr_type_is_valid(cp->addr.type))
3078 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3079 MGMT_STATUS_INVALID_PARAMS,
3080 &rp, sizeof(rp));
3081
4ec86d4c
JH		 3082 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3083 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3084 MGMT_STATUS_INVALID_PARAMS,
3085 &rp, sizeof(rp));
3086
09fd0de5 3087 hci_dev_lock(hdev);
e9a416b5 3088
5f97c1df 3089 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3090 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3091 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3092 goto unlock;
3093 }
3094
c908df36 3095 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3096 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3097
6f77d8c7 3098 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3099 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3100 auth_type);
6f77d8c7
AG		 3101 } else {
3102 u8 addr_type;
3103
3104 /* Convert from L2CAP channel address type to HCI address type
3105 */
3106 if (cp->addr.type == BDADDR_LE_PUBLIC)
3107 addr_type = ADDR_LE_DEV_PUBLIC;
3108 else
3109 addr_type = ADDR_LE_DEV_RANDOM;
3110
7c264b10
MH		 3111 /* When pairing a new device, it is expected to remember
3112 * this device for future connections. Adding the connection
3113 * parameter information ahead of time allows tracking
3114 * of the slave preferred values and will speed up any
3115 * further connection establishment.
3116 *
3117 * If connection parameters already exist, then they
3118 * will be kept and this function does nothing.
3119 */
3120 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3121
cdd6275e 3122 /* Request a connection with master = true role */
6f77d8c7 3123 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
cdd6275e 3124 sec_level, HCI_LE_CONN_TIMEOUT, true);
6f77d8c7 3125 }
7a512d01 3126
30e76272 3127 if (IS_ERR(conn)) {
489dc48e
AK		 3128 int status;
3129
3130 if (PTR_ERR(conn) == -EBUSY)
3131 status = MGMT_STATUS_BUSY;
3132 else
3133 status = MGMT_STATUS_CONNECT_FAILED;
3134
bdb6d971 3135 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3136 status, &rp,
04124681 3137 sizeof(rp));
e9a416b5
JH		 3138 goto unlock;
3139 }
3140
3141 if (conn->connect_cfm_cb) {
76a68ba0 3142 hci_conn_drop(conn);
bdb6d971 3143 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3144 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3145 goto unlock;
3146 }
3147
2e58ef3e 3148 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3149 if (!cmd) {
3150 err = -ENOMEM;
76a68ba0 3151 hci_conn_drop(conn);
e9a416b5
JH		 3152 goto unlock;
3153 }
3154
7a512d01 3155 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3156 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3157 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3158 conn->security_cfm_cb = pairing_complete_cb;
3159 conn->disconn_cfm_cb = pairing_complete_cb;
3160 } else {
3161 conn->connect_cfm_cb = le_pairing_complete_cb;
3162 conn->security_cfm_cb = le_pairing_complete_cb;
3163 conn->disconn_cfm_cb = le_pairing_complete_cb;
3164 }
7a512d01 3165
e9a416b5
JH		 3166 conn->io_capability = cp->io_cap;
3167 cmd->user_data = conn;
3168
3169 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3170 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3171 pairing_complete(cmd, 0);
3172
3173 err = 0;
3174
3175unlock:
09fd0de5 3176 hci_dev_unlock(hdev);
e9a416b5
JH		 3177 return err;
3178}
3179
04124681
GP		 3180static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3181 u16 len)
28424707 3182{
0f4e68cf 3183 struct mgmt_addr_info *addr = data;
28424707
JH		 3184 struct pending_cmd *cmd;
3185 struct hci_conn *conn;
3186 int err;
3187
3188 BT_DBG("");
3189
28424707
JH		 3190 hci_dev_lock(hdev);
3191
5f97c1df 3192 if (!hdev_is_powered(hdev)) {
bdb6d971 3193 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3194 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3195 goto unlock;
3196 }
3197
28424707
JH		 3198 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3199 if (!cmd) {
bdb6d971 3200 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3201 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3202 goto unlock;
3203 }
3204
3205 conn = cmd->user_data;
3206
3207 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3208 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3209 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3210 goto unlock;
3211 }
3212
3213 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3214
bdb6d971 3215 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3216 addr, sizeof(*addr));
28424707
JH		 3217unlock:
3218 hci_dev_unlock(hdev);
28424707
JH		 3219 return err;
3220}
3221
bdb6d971 3222static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3223 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3224 u16 hci_op, __le32 passkey)
a5c29683 3225{
a5c29683 3226 struct pending_cmd *cmd;
0df4c185 3227 struct hci_conn *conn;
a5c29683
JH		 3228 int err;
3229
09fd0de5 3230 hci_dev_lock(hdev);
08ba5382 3231
4b34ee78 3232 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3233 err = cmd_complete(sk, hdev->id, mgmt_op,
3234 MGMT_STATUS_NOT_POWERED, addr,
3235 sizeof(*addr));
0df4c185 3236 goto done;
a5c29683
JH		 3237 }
3238
1707c60e
JH		 3239 if (addr->type == BDADDR_BREDR)
3240 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3241 else
1707c60e 3242 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3243
3244 if (!conn) {
feb94d3d
JH		 3245 err = cmd_complete(sk, hdev->id, mgmt_op,
3246 MGMT_STATUS_NOT_CONNECTED, addr,
3247 sizeof(*addr));
272d90df
JH		 3248 goto done;
3249 }
47c15e2b 3250
1707c60e 3251 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3252 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3253 if (!err)
feb94d3d
JH		 3254 err = cmd_complete(sk, hdev->id, mgmt_op,
3255 MGMT_STATUS_SUCCESS, addr,
3256 sizeof(*addr));
5fe57d9e 3257 else
feb94d3d
JH		 3258 err = cmd_complete(sk, hdev->id, mgmt_op,
3259 MGMT_STATUS_FAILED, addr,
3260 sizeof(*addr));
47c15e2b 3261
47c15e2b
BG		 3262 goto done;
3263 }
3264
1707c60e 3265 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3266 if (!cmd) {
3267 err = -ENOMEM;
0df4c185 3268 goto done;
a5c29683
JH		 3269 }
3270
0df4c185 3271 /* Continue with pairing via HCI */
604086b7
BG		 3272 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3273 struct hci_cp_user_passkey_reply cp;
3274
1707c60e 3275 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3276 cp.passkey = passkey;
3277 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3278 } else
1707c60e
JH		 3279 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3280 &addr->bdaddr);
604086b7 3281
a664b5bc
JH		 3282 if (err < 0)
3283 mgmt_pending_remove(cmd);
a5c29683 3284
0df4c185 3285done:
09fd0de5 3286 hci_dev_unlock(hdev);
a5c29683
JH		 3287 return err;
3288}
3289
afeb019d
JK		 3290static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3291 void *data, u16 len)
3292{
3293 struct mgmt_cp_pin_code_neg_reply *cp = data;
3294
3295 BT_DBG("");
3296
1707c60e 3297 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3298 MGMT_OP_PIN_CODE_NEG_REPLY,
3299 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3300}
3301
04124681
GP		 3302static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3303 u16 len)
0df4c185 3304{
650f726d 3305 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3306
3307 BT_DBG("");
3308
3309 if (len != sizeof(*cp))
bdb6d971 3310 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3311 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3312
1707c60e 3313 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3314 MGMT_OP_USER_CONFIRM_REPLY,
3315 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3316}
3317
bdb6d971 3318static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3319 void *data, u16 len)
0df4c185 3320{
c9c2659f 3321 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3322
3323 BT_DBG("");
3324
1707c60e 3325 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3326 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3327 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3328}
3329
04124681
GP		 3330static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3331 u16 len)
604086b7 3332{
650f726d 3333 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3334
3335 BT_DBG("");
3336
1707c60e 3337 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3338 MGMT_OP_USER_PASSKEY_REPLY,
3339 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3340}
3341
bdb6d971 3342static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3343 void *data, u16 len)
604086b7 3344{
650f726d 3345 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3346
3347 BT_DBG("");
3348
1707c60e 3349 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3350 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3351 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3352}
3353
13928971 3354static void update_name(struct hci_request *req)
2b4bf397 3355{
13928971 3356 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3357 struct hci_cp_write_local_name cp;
3358
13928971 3359 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3360
890ea898 3361 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3362}
3363
13928971
JH		 3364static void set_name_complete(struct hci_dev *hdev, u8 status)
3365{
3366 struct mgmt_cp_set_local_name *cp;
3367 struct pending_cmd *cmd;
3368
3369 BT_DBG("status 0x%02x", status);
3370
3371 hci_dev_lock(hdev);
3372
3373 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3374 if (!cmd)
3375 goto unlock;
3376
3377 cp = cmd->param;
3378
3379 if (status)
3380 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3381 mgmt_status(status));
3382 else
3383 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3384 cp, sizeof(*cp));
3385
3386 mgmt_pending_remove(cmd);
3387
3388unlock:
3389 hci_dev_unlock(hdev);
3390}
3391
bdb6d971 3392static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3393 u16 len)
b312b161 3394{
2b4bf397 3395 struct mgmt_cp_set_local_name *cp = data;
b312b161 3396 struct pending_cmd *cmd;
890ea898 3397 struct hci_request req;
b312b161
JH		 3398 int err;
3399
3400 BT_DBG("");
3401
09fd0de5 3402 hci_dev_lock(hdev);
b312b161 3403
b3f2ca94
JH		 3404 /* If the old values are the same as the new ones just return a
3405 * direct command complete event.
3406 */
3407 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3408 !memcmp(hdev->short_name, cp->short_name,
3409 sizeof(hdev->short_name))) {
3410 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3411 data, len);
3412 goto failed;
3413 }
3414
2b4bf397 3415 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3416
b5235a65 3417 if (!hdev_is_powered(hdev)) {
2b4bf397 3418 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3419
3420 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3421 data, len);
28cc7bde
JH		 3422 if (err < 0)
3423 goto failed;
3424
3425 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3426 sk);
28cc7bde 3427
b5235a65
JH		 3428 goto failed;
3429 }
3430
28cc7bde 3431 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3432 if (!cmd) {
3433 err = -ENOMEM;
3434 goto failed;
3435 }
3436
13928971
JH		 3437 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3438
890ea898 3439 hci_req_init(&req, hdev);
3f985050
JH		 3440
3441 if (lmp_bredr_capable(hdev)) {
3442 update_name(&req);
3443 update_eir(&req);
3444 }
3445
7a5f4990
MH		 3446 /* The name is stored in the scan response data and so
3447 * no need to udpate the advertising data here.
3448 */
3f985050 3449 if (lmp_le_capable(hdev))
7a5f4990 3450 update_scan_rsp_data(&req);
3f985050 3451
13928971 3452 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3453 if (err < 0)
3454 mgmt_pending_remove(cmd);
3455
3456failed:
09fd0de5 3457 hci_dev_unlock(hdev);
b312b161
JH		 3458 return err;
3459}
3460
0f4e68cf 3461static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3462 void *data, u16 data_len)
c35938b2 3463{
c35938b2
SJ		 3464 struct pending_cmd *cmd;
3465 int err;
3466
bdb6d971 3467 BT_DBG("%s", hdev->name);
c35938b2 3468
09fd0de5 3469 hci_dev_lock(hdev);
c35938b2 3470
4b34ee78 3471 if (!hdev_is_powered(hdev)) {
bdb6d971 3472 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3473 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3474 goto unlock;
3475 }
3476
9a1a1996 3477 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3478 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3479 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3480 goto unlock;
3481 }
3482
2e58ef3e 3483 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3484 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3485 MGMT_STATUS_BUSY);
c35938b2
SJ		 3486 goto unlock;
3487 }
3488
2e58ef3e 3489 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3490 if (!cmd) {
3491 err = -ENOMEM;
3492 goto unlock;
3493 }
3494
4d2d2796
MH		 3495 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3496 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3497 0, NULL);
3498 else
3499 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3500
c35938b2
SJ		 3501 if (err < 0)
3502 mgmt_pending_remove(cmd);
3503
3504unlock:
09fd0de5 3505 hci_dev_unlock(hdev);
c35938b2
SJ		 3506 return err;
3507}
3508
bdb6d971 3509static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3510 void *data, u16 len)
2763eda6 3511{
2763eda6
SJ		 3512 int err;
3513
bdb6d971 3514 BT_DBG("%s ", hdev->name);
2763eda6 3515
09fd0de5 3516 hci_dev_lock(hdev);
2763eda6 3517
ec109113
MH		 3518 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3519 struct mgmt_cp_add_remote_oob_data *cp = data;
3520 u8 status;
bf1e3541 3521
ec109113
MH		 3522 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3523 cp->hash, cp->randomizer);
3524 if (err < 0)
3525 status = MGMT_STATUS_FAILED;
3526 else
3527 status = MGMT_STATUS_SUCCESS;
3528
3529 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3530 status, &cp->addr, sizeof(cp->addr));
3531 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3532 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3533 u8 status;
3534
3535 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3536 cp->hash192,
3537 cp->randomizer192,
3538 cp->hash256,
3539 cp->randomizer256);
3540 if (err < 0)
3541 status = MGMT_STATUS_FAILED;
3542 else
3543 status = MGMT_STATUS_SUCCESS;
3544
3545 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3546 status, &cp->addr, sizeof(cp->addr));
3547 } else {
3548 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3549 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3550 MGMT_STATUS_INVALID_PARAMS);
3551 }
2763eda6 3552
09fd0de5 3553 hci_dev_unlock(hdev);
2763eda6
SJ		 3554 return err;
3555}
3556
bdb6d971 3557static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3558 void *data, u16 len)
2763eda6 3559{
650f726d 3560 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3561 u8 status;
2763eda6
SJ		 3562 int err;
3563
bdb6d971 3564 BT_DBG("%s", hdev->name);
2763eda6 3565
09fd0de5 3566 hci_dev_lock(hdev);
2763eda6 3567
664ce4cc 3568 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3569 if (err < 0)
bf1e3541 3570 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3571 else
a6785be2 3572 status = MGMT_STATUS_SUCCESS;
bf1e3541 3573
bdb6d971 3574 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3575 status, &cp->addr, sizeof(cp->addr));
2763eda6 3576
09fd0de5 3577 hci_dev_unlock(hdev);
2763eda6
SJ		 3578 return err;
3579}
3580
41dc2bd6
AG		 3581static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3582{
3583 struct pending_cmd *cmd;
3584 u8 type;
3585 int err;
3586
3587 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3588
3589 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3590 if (!cmd)
3591 return -ENOENT;
3592
3593 type = hdev->discovery.type;
3594
3595 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3596 &type, sizeof(type));
3597 mgmt_pending_remove(cmd);
3598
3599 return err;
3600}
3601
7c307720
AG		 3602static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3603{
ae55f598
LR		 3604 unsigned long timeout = 0;
3605
7c307720
AG		 3606 BT_DBG("status %d", status);
3607
3608 if (status) {
3609 hci_dev_lock(hdev);
3610 mgmt_start_discovery_failed(hdev, status);
3611 hci_dev_unlock(hdev);
3612 return;
3613 }
3614
3615 hci_dev_lock(hdev);
3616 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3617 hci_dev_unlock(hdev);
3618
3619 switch (hdev->discovery.type) {
3620 case DISCOV_TYPE_LE:
3d5a76f0 3621 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3622 break;
3623
3624 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3625 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3626 break;
3627
3628 case DISCOV_TYPE_BREDR:
3629 break;
3630
3631 default:
3632 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3633 }
ae55f598
LR		 3634
3635 if (!timeout)
3636 return;
3637
3638 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3639}
3640
bdb6d971 3641static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3642 void *data, u16 len)
14a53664 3643{
650f726d 3644 struct mgmt_cp_start_discovery *cp = data;
14a53664 3645 struct pending_cmd *cmd;
7c307720
AG		 3646 struct hci_cp_le_set_scan_param param_cp;
3647 struct hci_cp_le_set_scan_enable enable_cp;
3648 struct hci_cp_inquiry inq_cp;
3649 struct hci_request req;
3650 /* General inquiry access code (GIAC) */
3651 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3652 u8 status, own_addr_type;
14a53664
JH		 3653 int err;
3654
bdb6d971 3655 BT_DBG("%s", hdev->name);
14a53664 3656
09fd0de5 3657 hci_dev_lock(hdev);
14a53664 3658
4b34ee78 3659 if (!hdev_is_powered(hdev)) {
bdb6d971 3660 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3661 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3662 goto failed;
3663 }
3664
642be6c7
AG		 3665 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3666 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3667 MGMT_STATUS_BUSY);
3668 goto failed;
3669 }
3670
ff9ef578 3671 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3672 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3673 MGMT_STATUS_BUSY);
ff9ef578
JH		 3674 goto failed;
3675 }
3676
2e58ef3e 3677 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3678 if (!cmd) {
3679 err = -ENOMEM;
3680 goto failed;
3681 }
3682
4aab14e5
AG		 3683 hdev->discovery.type = cp->type;
3684
7c307720
AG		 3685 hci_req_init(&req, hdev);
3686
4aab14e5 3687 switch (hdev->discovery.type) {
f39799f5 3688 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3689 status = mgmt_bredr_support(hdev);
3690 if (status) {
04106755 3691 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3692 status);
04106755
JH		 3693 mgmt_pending_remove(cmd);
3694 goto failed;
3695 }
3696
7c307720
AG		 3697 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3698 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3699 MGMT_STATUS_BUSY);
3700 mgmt_pending_remove(cmd);
3701 goto failed;
3702 }
3703
3704 hci_inquiry_cache_flush(hdev);
3705
3706 memset(&inq_cp, 0, sizeof(inq_cp));
3707 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3708 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3709 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3710 break;
3711
3712 case DISCOV_TYPE_LE:
7c307720 3713 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3714 status = mgmt_le_support(hdev);
3715 if (status) {
04106755 3716 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3717 status);
04106755
JH		 3718 mgmt_pending_remove(cmd);
3719 goto failed;
3720 }
3721
7c307720 3722 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3723 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3724 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3725 MGMT_STATUS_NOT_SUPPORTED);
3726 mgmt_pending_remove(cmd);
3727 goto failed;
3728 }
3729
f3d3444a 3730 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3731 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3732 MGMT_STATUS_REJECTED);
3733 mgmt_pending_remove(cmd);
3734 goto failed;
3735 }
3736
c54c3860
AG		 3737 /* If controller is scanning, it means the background scanning
3738 * is running. Thus, we should temporarily stop it in order to
3739 * set the discovery scanning parameters.
3740 */
3741 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3742 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3743
3744 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3745
94b1fc92
MH		 3746 /* All active scans will be done with either a resolvable
3747 * private address (when privacy feature has been enabled)
3748 * or unresolvable private address.
3749 */
3750 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3751 if (err < 0) {
3752 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3753 MGMT_STATUS_FAILED);
3754 mgmt_pending_remove(cmd);
3755 goto failed;
3756 }
3757
7c307720 3758 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3759 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3760 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3761 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3762 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3763 &param_cp);
3764
3765 memset(&enable_cp, 0, sizeof(enable_cp));
3766 enable_cp.enable = LE_SCAN_ENABLE;
3767 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3768 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3769 &enable_cp);
5e0452c0
AG		 3770 break;
3771
f39799f5 3772 default:
04106755
JH		 3773 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3774 MGMT_STATUS_INVALID_PARAMS);
3775 mgmt_pending_remove(cmd);
3776 goto failed;
f39799f5 3777 }
3fd24153 3778
7c307720 3779 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3780 if (err < 0)
3781 mgmt_pending_remove(cmd);
ff9ef578
JH		 3782 else
3783 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3784
3785failed:
09fd0de5 3786 hci_dev_unlock(hdev);
14a53664
JH		 3787 return err;
3788}
3789
1183fdca
AG		 3790static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3791{
3792 struct pending_cmd *cmd;
3793 int err;
3794
3795 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3796 if (!cmd)
3797 return -ENOENT;
3798
3799 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3800 &hdev->discovery.type, sizeof(hdev->discovery.type));
3801 mgmt_pending_remove(cmd);
3802
3803 return err;
3804}
3805
0e05bba6
AG		 3806static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3807{
3808 BT_DBG("status %d", status);
3809
3810 hci_dev_lock(hdev);
3811
3812 if (status) {
3813 mgmt_stop_discovery_failed(hdev, status);
3814 goto unlock;
3815 }
3816
3817 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3818
3819unlock:
3820 hci_dev_unlock(hdev);
3821}
3822
bdb6d971 3823static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3824 u16 len)
14a53664 3825{
d930650b 3826 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3827 struct pending_cmd *cmd;
0e05bba6 3828 struct hci_request req;
14a53664
JH		 3829 int err;
3830
bdb6d971 3831 BT_DBG("%s", hdev->name);
14a53664 3832
09fd0de5 3833 hci_dev_lock(hdev);
14a53664 3834
30dc78e1 3835 if (!hci_discovery_active(hdev)) {
bdb6d971 3836 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3837 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3838 sizeof(mgmt_cp->type));
d930650b
JH		 3839 goto unlock;
3840 }
3841
3842 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3843 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3844 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3845 sizeof(mgmt_cp->type));
30dc78e1 3846 goto unlock;
ff9ef578
JH		 3847 }
3848
2e58ef3e 3849 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3850 if (!cmd) {
3851 err = -ENOMEM;
30dc78e1
JH		 3852 goto unlock;
3853 }
3854
0e05bba6
AG		 3855 hci_req_init(&req, hdev);
3856
21a60d30 3857 hci_stop_discovery(&req);
e0d9727e 3858
21a60d30
JH		 3859 err = hci_req_run(&req, stop_discovery_complete);
3860 if (!err) {
3861 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3862 goto unlock;
14a53664
JH		 3863 }
3864
21a60d30
JH		 3865 mgmt_pending_remove(cmd);
3866
3867 /* If no HCI commands were sent we're done */
3868 if (err == -ENODATA) {
3869 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3870 &mgmt_cp->type, sizeof(mgmt_cp->type));
3871 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3872 }
14a53664 3873
30dc78e1 3874unlock:
09fd0de5 3875 hci_dev_unlock(hdev);
14a53664
JH		 3876 return err;
3877}
3878
bdb6d971 3879static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3880 u16 len)
561aafbc 3881{
650f726d 3882 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3883 struct inquiry_entry *e;
561aafbc
JH		 3884 int err;
3885
bdb6d971 3886 BT_DBG("%s", hdev->name);
561aafbc 3887
561aafbc
JH		 3888 hci_dev_lock(hdev);
3889
30dc78e1 3890 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3891 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3892 MGMT_STATUS_FAILED, &cp->addr,
3893 sizeof(cp->addr));
30dc78e1
JH		 3894 goto failed;
3895 }
3896
a198e7b1 3897 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3898 if (!e) {
d3a2541d
LR		 3899 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3900 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3901 sizeof(cp->addr));
561aafbc
JH		 3902 goto failed;
3903 }
3904
3905 if (cp->name_known) {
3906 e->name_state = NAME_KNOWN;
3907 list_del(&e->list);
3908 } else {
3909 e->name_state = NAME_NEEDED;
a3d4e20a 3910 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3911 }
3912
e384662b
JH		 3913 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3914 sizeof(cp->addr));
561aafbc
JH		 3915
3916failed:
3917 hci_dev_unlock(hdev);
561aafbc
JH		 3918 return err;
3919}
3920
bdb6d971 3921static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3922 u16 len)
7fbec224 3923{
650f726d 3924 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3925 u8 status;
7fbec224
AJ		 3926 int err;
3927
bdb6d971 3928 BT_DBG("%s", hdev->name);
7fbec224 3929
4ee71b20 3930 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3931 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3932 MGMT_STATUS_INVALID_PARAMS,
3933 &cp->addr, sizeof(cp->addr));
4ee71b20 3934
09fd0de5 3935 hci_dev_lock(hdev);
5e762444 3936
88c1fe4b 3937 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3938 if (err < 0) {
f0eeea8b 3939 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3940 goto done;
3941 }
3942
3943 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3944 sk);
3945 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3946
2a8357f2 3947done:
bdb6d971 3948 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3949 &cp->addr, sizeof(cp->addr));
5e762444 3950
09fd0de5 3951 hci_dev_unlock(hdev);
7fbec224
AJ		 3952
3953 return err;
3954}
3955
bdb6d971 3956static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3957 u16 len)
7fbec224 3958{
650f726d 3959 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3960 u8 status;
7fbec224
AJ		 3961 int err;
3962
bdb6d971 3963 BT_DBG("%s", hdev->name);
7fbec224 3964
4ee71b20 3965 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3966 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3967 MGMT_STATUS_INVALID_PARAMS,
3968 &cp->addr, sizeof(cp->addr));
4ee71b20 3969
09fd0de5 3970 hci_dev_lock(hdev);
5e762444 3971
88c1fe4b 3972 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3973 if (err < 0) {
f0eeea8b 3974 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3975 goto done;
3976 }
3977
3978 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3979 sk);
3980 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3981
2a8357f2 3982done:
bdb6d971 3983 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3984 &cp->addr, sizeof(cp->addr));
5e762444 3985
09fd0de5 3986 hci_dev_unlock(hdev);
7fbec224
AJ		 3987
3988 return err;
3989}
3990
cdbaccca
MH		 3991static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3992 u16 len)
3993{
3994 struct mgmt_cp_set_device_id *cp = data;
890ea898 3995 struct hci_request req;
cdbaccca 3996 int err;
c72d4b8a 3997 __u16 source;
cdbaccca
MH		 3998
3999 BT_DBG("%s", hdev->name);
4000
c72d4b8a
SJ		 4001 source = __le16_to_cpu(cp->source);
4002
4003 if (source > 0x0002)
4004 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4005 MGMT_STATUS_INVALID_PARAMS);
4006
cdbaccca
MH		 4007 hci_dev_lock(hdev);
4008
c72d4b8a 4009 hdev->devid_source = source;
cdbaccca
MH		 4010 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4011 hdev->devid_product = __le16_to_cpu(cp->product);
4012 hdev->devid_version = __le16_to_cpu(cp->version);
4013
4014 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4015
890ea898
JH		 4016 hci_req_init(&req, hdev);
4017 update_eir(&req);
4018 hci_req_run(&req, NULL);
cdbaccca
MH		 4019
4020 hci_dev_unlock(hdev);
4021
4022 return err;
4023}
4024
4375f103
JH		 4025static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4026{
4027 struct cmd_lookup match = { NULL, hdev };
4028
4029 if (status) {
4030 u8 mgmt_err = mgmt_status(status);
4031
4032 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4033 cmd_status_rsp, &mgmt_err);
4034 return;
4035 }
4036
c93bd150
JH		 4037 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4038 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4039 else
4040 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4041
4375f103
JH		 4042 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4043 &match);
4044
4045 new_settings(hdev, match.sk);
4046
4047 if (match.sk)
4048 sock_put(match.sk);
4049}
4050
21b5187f
MH		 4051static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4052 u16 len)
4375f103
JH		 4053{
4054 struct mgmt_mode *cp = data;
4055 struct pending_cmd *cmd;
4056 struct hci_request req;
e6fe7986 4057 u8 val, enabled, status;
4375f103
JH		 4058 int err;
4059
4060 BT_DBG("request for %s", hdev->name);
4061
e6fe7986
JH		 4062 status = mgmt_le_support(hdev);
4063 if (status)
4375f103 4064 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4065 status);
4375f103
JH		 4066
4067 if (cp->val != 0x00 && cp->val != 0x01)
4068 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4069 MGMT_STATUS_INVALID_PARAMS);
4070
4071 hci_dev_lock(hdev);
4072
4073 val = !!cp->val;
f3d3444a 4074 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4075
f74ca9b8
JH		 4076 /* The following conditions are ones which mean that we should
4077 * not do any HCI communication but directly send a mgmt
4078 * response to user space (after toggling the flag if
4079 * necessary).
4080 */
4081 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 4082 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 4083 bool changed = false;
4084
f3d3444a
JH		 4085 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4086 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4087 changed = true;
4088 }
4089
4090 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4091 if (err < 0)
4092 goto unlock;
4093
4094 if (changed)
4095 err = new_settings(hdev, sk);
4096
4097 goto unlock;
4098 }
4099
4100 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4101 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4102 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4103 MGMT_STATUS_BUSY);
4104 goto unlock;
4105 }
4106
4107 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4108 if (!cmd) {
4109 err = -ENOMEM;
4110 goto unlock;
4111 }
4112
4113 hci_req_init(&req, hdev);
4114
bba3aa55
MH		 4115 if (val)
4116 enable_advertising(&req);
4117 else
4118 disable_advertising(&req);
4375f103
JH		 4119
4120 err = hci_req_run(&req, set_advertising_complete);
4121 if (err < 0)
4122 mgmt_pending_remove(cmd);
4123
4124unlock:
4125 hci_dev_unlock(hdev);
4126 return err;
4127}
4128
d13eafce
MH		 4129static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4130 void *data, u16 len)
4131{
4132 struct mgmt_cp_set_static_address *cp = data;
4133 int err;
4134
4135 BT_DBG("%s", hdev->name);
4136
62af4443 4137 if (!lmp_le_capable(hdev))
d13eafce 4138 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4139 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4140
4141 if (hdev_is_powered(hdev))
4142 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4143 MGMT_STATUS_REJECTED);
4144
4145 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4146 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4147 return cmd_status(sk, hdev->id,
4148 MGMT_OP_SET_STATIC_ADDRESS,
4149 MGMT_STATUS_INVALID_PARAMS);
4150
4151 /* Two most significant bits shall be set */
4152 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4153 return cmd_status(sk, hdev->id,
4154 MGMT_OP_SET_STATIC_ADDRESS,
4155 MGMT_STATUS_INVALID_PARAMS);
4156 }
4157
4158 hci_dev_lock(hdev);
4159
4160 bacpy(&hdev->static_addr, &cp->bdaddr);
4161
4162 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4163
4164 hci_dev_unlock(hdev);
4165
4166 return err;
4167}
4168
14b49b9a
MH		 4169static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4170 void *data, u16 len)
4171{
4172 struct mgmt_cp_set_scan_params *cp = data;
4173 __u16 interval, window;
4174 int err;
4175
4176 BT_DBG("%s", hdev->name);
4177
4178 if (!lmp_le_capable(hdev))
4179 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4180 MGMT_STATUS_NOT_SUPPORTED);
4181
4182 interval = __le16_to_cpu(cp->interval);
4183
4184 if (interval < 0x0004 || interval > 0x4000)
4185 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4186 MGMT_STATUS_INVALID_PARAMS);
4187
4188 window = __le16_to_cpu(cp->window);
4189
4190 if (window < 0x0004 || window > 0x4000)
4191 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4192 MGMT_STATUS_INVALID_PARAMS);
4193
899e1075
MH		 4194 if (window > interval)
4195 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4196 MGMT_STATUS_INVALID_PARAMS);
4197
14b49b9a
MH		 4198 hci_dev_lock(hdev);
4199
4200 hdev->le_scan_interval = interval;
4201 hdev->le_scan_window = window;
4202
4203 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4204
dd2ef8e2
AG		 4205 /* If background scan is running, restart it so new parameters are
4206 * loaded.
4207 */
4208 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4209 hdev->discovery.state == DISCOVERY_STOPPED) {
4210 struct hci_request req;
4211
4212 hci_req_init(&req, hdev);
4213
4214 hci_req_add_le_scan_disable(&req);
4215 hci_req_add_le_passive_scan(&req);
4216
4217 hci_req_run(&req, NULL);
4218 }
4219
14b49b9a
MH		 4220 hci_dev_unlock(hdev);
4221
4222 return err;
4223}
4224
33e38b3e
JH		 4225static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4226{
4227 struct pending_cmd *cmd;
4228
4229 BT_DBG("status 0x%02x", status);
4230
4231 hci_dev_lock(hdev);
4232
4233 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4234 if (!cmd)
4235 goto unlock;
4236
4237 if (status) {
4238 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4239 mgmt_status(status));
4240 } else {
1a4d3c4b
JH		 4241 struct mgmt_mode *cp = cmd->param;
4242
4243 if (cp->val)
4244 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4245 else
4246 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4247
33e38b3e
JH		 4248 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4249 new_settings(hdev, cmd->sk);
4250 }
4251
4252 mgmt_pending_remove(cmd);
4253
4254unlock:
4255 hci_dev_unlock(hdev);
4256}
4257
bdb6d971 4258static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4259 void *data, u16 len)
f6422ec6 4260{
650f726d 4261 struct mgmt_mode *cp = data;
33e38b3e
JH		 4262 struct pending_cmd *cmd;
4263 struct hci_request req;
f6422ec6
AJ		 4264 int err;
4265
bdb6d971 4266 BT_DBG("%s", hdev->name);
f6422ec6 4267
56f87901
JH		 4268 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4269 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4270 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4271 MGMT_STATUS_NOT_SUPPORTED);
4272
a7e80f25
JH		 4273 if (cp->val != 0x00 && cp->val != 0x01)
4274 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4275 MGMT_STATUS_INVALID_PARAMS);
4276
5400c044 4277 if (!hdev_is_powered(hdev))
bdb6d971 4278 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4279 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4280
4281 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4282 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4283 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4284
4285 hci_dev_lock(hdev);
4286
05cbf29f
JH		 4287 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4288 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4289 MGMT_STATUS_BUSY);
4290 goto unlock;
4291 }
4292
1a4d3c4b
JH		 4293 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4294 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4295 hdev);
4296 goto unlock;
4297 }
4298
33e38b3e
JH		 4299 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4300 data, len);
4301 if (!cmd) {
4302 err = -ENOMEM;
4303 goto unlock;
f6422ec6
AJ		 4304 }
4305
33e38b3e
JH		 4306 hci_req_init(&req, hdev);
4307
406d7804 4308 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4309
4310 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4311 if (err < 0) {
bdb6d971 4312 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4313 MGMT_STATUS_FAILED);
33e38b3e 4314 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4315 }
4316
33e38b3e 4317unlock:
f6422ec6 4318 hci_dev_unlock(hdev);
33e38b3e 4319
f6422ec6
AJ		 4320 return err;
4321}
4322
67e5a7a3
JH		 4323static void set_bredr_scan(struct hci_request *req)
4324{
4325 struct hci_dev *hdev = req->hdev;
4326 u8 scan = 0;
4327
4328 /* Ensure that fast connectable is disabled. This function will
4329 * not do anything if the page scan parameters are already what
4330 * they should be.
4331 */
4332 write_fast_connectable(req, false);
4333
4334 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4335 scan |= SCAN_PAGE;
4336 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4337 scan |= SCAN_INQUIRY;
4338
4339 if (scan)
4340 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4341}
4342
0663ca2a
JH		 4343static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4344{
4345 struct pending_cmd *cmd;
4346
4347 BT_DBG("status 0x%02x", status);
4348
4349 hci_dev_lock(hdev);
4350
4351 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4352 if (!cmd)
4353 goto unlock;
4354
4355 if (status) {
4356 u8 mgmt_err = mgmt_status(status);
4357
4358 /* We need to restore the flag if related HCI commands
4359 * failed.
4360 */
4361 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4362
4363 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4364 } else {
4365 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4366 new_settings(hdev, cmd->sk);
4367 }
4368
4369 mgmt_pending_remove(cmd);
4370
4371unlock:
4372 hci_dev_unlock(hdev);
4373}
4374
4375static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4376{
4377 struct mgmt_mode *cp = data;
4378 struct pending_cmd *cmd;
4379 struct hci_request req;
4380 int err;
4381
4382 BT_DBG("request for %s", hdev->name);
4383
4384 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4385 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4386 MGMT_STATUS_NOT_SUPPORTED);
4387
4388 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4389 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4390 MGMT_STATUS_REJECTED);
4391
4392 if (cp->val != 0x00 && cp->val != 0x01)
4393 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4394 MGMT_STATUS_INVALID_PARAMS);
4395
4396 hci_dev_lock(hdev);
4397
4398 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4399 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4400 goto unlock;
4401 }
4402
4403 if (!hdev_is_powered(hdev)) {
4404 if (!cp->val) {
0663ca2a
JH		 4405 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4406 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4407 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4408 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4409 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4410 }
4411
4412 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4413
4414 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4415 if (err < 0)
4416 goto unlock;
4417
4418 err = new_settings(hdev, sk);
4419 goto unlock;
4420 }
4421
4422 /* Reject disabling when powered on */
4423 if (!cp->val) {
4424 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4425 MGMT_STATUS_REJECTED);
4426 goto unlock;
4427 }
4428
4429 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4430 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4431 MGMT_STATUS_BUSY);
4432 goto unlock;
4433 }
4434
4435 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4436 if (!cmd) {
4437 err = -ENOMEM;
4438 goto unlock;
4439 }
4440
5947f4bc 4441 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4442 * generates the correct flags.
4443 */
4444 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4445
4446 hci_req_init(&req, hdev);
aa8af46e
JH		 4447
4448 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4449 set_bredr_scan(&req);
4450
f14d8f64
MH		 4451 /* Since only the advertising data flags will change, there
4452 * is no need to update the scan response data.
4453 */
5947f4bc 4454 update_adv_data(&req);
aa8af46e 4455
0663ca2a
JH		 4456 err = hci_req_run(&req, set_bredr_complete);
4457 if (err < 0)
4458 mgmt_pending_remove(cmd);
4459
4460unlock:
4461 hci_dev_unlock(hdev);
4462 return err;
4463}
4464
eac83dc6
MH		 4465static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4466 void *data, u16 len)
4467{
4468 struct mgmt_mode *cp = data;
4469 struct pending_cmd *cmd;
0ab04a9c 4470 u8 val, status;
eac83dc6
MH		 4471 int err;
4472
4473 BT_DBG("request for %s", hdev->name);
4474
4475 status = mgmt_bredr_support(hdev);
4476 if (status)
4477 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4478 status);
4479
5afeac14 4480 if (!lmp_sc_capable(hdev) &&
111902f7 4481 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4482 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4483 MGMT_STATUS_NOT_SUPPORTED);
4484
0ab04a9c 4485 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4486 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4487 MGMT_STATUS_INVALID_PARAMS);
4488
4489 hci_dev_lock(hdev);
4490
4491 if (!hdev_is_powered(hdev)) {
4492 bool changed;
4493
0ab04a9c 4494 if (cp->val) {
eac83dc6
MH		 4495 changed = !test_and_set_bit(HCI_SC_ENABLED,
4496 &hdev->dev_flags);
0ab04a9c
MH		 4497 if (cp->val == 0x02)
4498 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4499 else
4500 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4501 } else {
eac83dc6
MH		 4502 changed = test_and_clear_bit(HCI_SC_ENABLED,
4503 &hdev->dev_flags);
0ab04a9c
MH		 4504 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4505 }
eac83dc6
MH		 4506
4507 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4508 if (err < 0)
4509 goto failed;
4510
4511 if (changed)
4512 err = new_settings(hdev, sk);
4513
4514 goto failed;
4515 }
4516
4517 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4518 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4519 MGMT_STATUS_BUSY);
4520 goto failed;
4521 }
4522
0ab04a9c
MH		 4523 val = !!cp->val;
4524
4525 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4526 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4527 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4528 goto failed;
4529 }
4530
4531 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4532 if (!cmd) {
4533 err = -ENOMEM;
4534 goto failed;
4535 }
4536
0ab04a9c 4537 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4538 if (err < 0) {
4539 mgmt_pending_remove(cmd);
4540 goto failed;
4541 }
4542
0ab04a9c
MH		 4543 if (cp->val == 0x02)
4544 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4545 else
4546 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4547
eac83dc6
MH		 4548failed:
4549 hci_dev_unlock(hdev);
4550 return err;
4551}
4552
4e39ac81
MH		 4553static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4554 void *data, u16 len)
4555{
4556 struct mgmt_mode *cp = data;
b9710979 4557 bool changed, use_changed;
4e39ac81
MH		 4558 int err;
4559
4560 BT_DBG("request for %s", hdev->name);
4561
b9710979 4562 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4563 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4564 MGMT_STATUS_INVALID_PARAMS);
4565
4566 hci_dev_lock(hdev);
4567
4568 if (cp->val)
0663b297
JH		 4569 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4570 &hdev->dev_flags);
4e39ac81 4571 else
0663b297
JH		 4572 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4573 &hdev->dev_flags);
4e39ac81 4574
b9710979
JH		 4575 if (cp->val == 0x02)
4576 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4577 &hdev->dev_flags);
4578 else
4579 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4580 &hdev->dev_flags);
4581
4582 if (hdev_is_powered(hdev) && use_changed &&
4583 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4584 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4585 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4586 sizeof(mode), &mode);
4587 }
4588
4e39ac81
MH		 4589 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4590 if (err < 0)
4591 goto unlock;
4592
4593 if (changed)
4594 err = new_settings(hdev, sk);
4595
4596unlock:
4597 hci_dev_unlock(hdev);
4598 return err;
4599}
4600
62b04cd1
JH		 4601static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4602 u16 len)
4603{
4604 struct mgmt_cp_set_privacy *cp = cp_data;
4605 bool changed;
4606 int err;
4607
4608 BT_DBG("request for %s", hdev->name);
4609
4610 if (!lmp_le_capable(hdev))
4611 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4612 MGMT_STATUS_NOT_SUPPORTED);
4613
4614 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4615 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4616 MGMT_STATUS_INVALID_PARAMS);
4617
4618 if (hdev_is_powered(hdev))
4619 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4620 MGMT_STATUS_REJECTED);
4621
4622 hci_dev_lock(hdev);
4623
c21c0ea0
JH		 4624 /* If user space supports this command it is also expected to
4625 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4626 */
4627 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4628
62b04cd1
JH		 4629 if (cp->privacy) {
4630 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4631 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4632 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4633 } else {
4634 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4635 memset(hdev->irk, 0, sizeof(hdev->irk));
4636 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4637 }
4638
4639 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4640 if (err < 0)
4641 goto unlock;
4642
4643 if (changed)
4644 err = new_settings(hdev, sk);
4645
4646unlock:
4647 hci_dev_unlock(hdev);
4648 return err;
4649}
4650
41edf160
JH		 4651static bool irk_is_valid(struct mgmt_irk_info *irk)
4652{
4653 switch (irk->addr.type) {
4654 case BDADDR_LE_PUBLIC:
4655 return true;
4656
4657 case BDADDR_LE_RANDOM:
4658 /* Two most significant bits shall be set */
4659 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4660 return false;
4661 return true;
4662 }
4663
4664 return false;
4665}
4666
4667static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4668 u16 len)
4669{
4670 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4671 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4672 sizeof(struct mgmt_irk_info));
41edf160
JH		 4673 u16 irk_count, expected_len;
4674 int i, err;
4675
4676 BT_DBG("request for %s", hdev->name);
4677
4678 if (!lmp_le_capable(hdev))
4679 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4680 MGMT_STATUS_NOT_SUPPORTED);
4681
4682 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4683 if (irk_count > max_irk_count) {
4684 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4685 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4686 MGMT_STATUS_INVALID_PARAMS);
4687 }
41edf160
JH		 4688
4689 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4690 if (expected_len != len) {
4691 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4692 expected_len, len);
41edf160
JH		 4693 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4694 MGMT_STATUS_INVALID_PARAMS);
4695 }
4696
4697 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4698
4699 for (i = 0; i < irk_count; i++) {
4700 struct mgmt_irk_info *key = &cp->irks[i];
4701
4702 if (!irk_is_valid(key))
4703 return cmd_status(sk, hdev->id,
4704 MGMT_OP_LOAD_IRKS,
4705 MGMT_STATUS_INVALID_PARAMS);
4706 }
4707
4708 hci_dev_lock(hdev);
4709
4710 hci_smp_irks_clear(hdev);
4711
4712 for (i = 0; i < irk_count; i++) {
4713 struct mgmt_irk_info *irk = &cp->irks[i];
4714 u8 addr_type;
4715
4716 if (irk->addr.type == BDADDR_LE_PUBLIC)
4717 addr_type = ADDR_LE_DEV_PUBLIC;
4718 else
4719 addr_type = ADDR_LE_DEV_RANDOM;
4720
4721 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4722 BDADDR_ANY);
4723 }
4724
4725 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4726
4727 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4728
4729 hci_dev_unlock(hdev);
4730
4731 return err;
4732}
4733
3f706b72
JH		 4734static bool ltk_is_valid(struct mgmt_ltk_info *key)
4735{
4736 if (key->master != 0x00 && key->master != 0x01)
4737 return false;
490cb0b3
MH		 4738
4739 switch (key->addr.type) {
4740 case BDADDR_LE_PUBLIC:
4741 return true;
4742
4743 case BDADDR_LE_RANDOM:
4744 /* Two most significant bits shall be set */
4745 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4746 return false;
4747 return true;
4748 }
4749
4750 return false;
3f706b72
JH		 4751}
4752
bdb6d971 4753static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4754 void *cp_data, u16 len)
346af67b 4755{
346af67b 4756 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4757 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4758 sizeof(struct mgmt_ltk_info));
346af67b 4759 u16 key_count, expected_len;
715a5bf2 4760 int i, err;
346af67b 4761
cf99ba13
MH		 4762 BT_DBG("request for %s", hdev->name);
4763
4764 if (!lmp_le_capable(hdev))
4765 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4766 MGMT_STATUS_NOT_SUPPORTED);
4767
1f350c87 4768 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4769 if (key_count > max_key_count) {
4770 BT_ERR("load_ltks: too big key_count value %u", key_count);
4771 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4772 MGMT_STATUS_INVALID_PARAMS);
4773 }
346af67b
VCG		 4774
4775 expected_len = sizeof(*cp) + key_count *
4776 sizeof(struct mgmt_ltk_info);
4777 if (expected_len != len) {
4778 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4779 expected_len, len);
bdb6d971 4780 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4781 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4782 }
4783
bdb6d971 4784 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4785
54ad6d8a
JH		 4786 for (i = 0; i < key_count; i++) {
4787 struct mgmt_ltk_info *key = &cp->keys[i];
4788
3f706b72 4789 if (!ltk_is_valid(key))
54ad6d8a
JH		 4790 return cmd_status(sk, hdev->id,
4791 MGMT_OP_LOAD_LONG_TERM_KEYS,
4792 MGMT_STATUS_INVALID_PARAMS);
4793 }
4794
346af67b
VCG		 4795 hci_dev_lock(hdev);
4796
4797 hci_smp_ltks_clear(hdev);
4798
4799 for (i = 0; i < key_count; i++) {
4800 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4801 u8 type, addr_type, authenticated;
79d95a19
MH		 4802
4803 if (key->addr.type == BDADDR_LE_PUBLIC)
4804 addr_type = ADDR_LE_DEV_PUBLIC;
4805 else
4806 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4807
4808 if (key->master)
2ceba539 4809 type = SMP_LTK;
346af67b 4810 else
2ceba539 4811 type = SMP_LTK_SLAVE;
346af67b 4812
61b43357
JH		 4813 switch (key->type) {
4814 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4815 authenticated = 0x00;
61b43357
JH		 4816 break;
4817 case MGMT_LTK_AUTHENTICATED:
d7b25450 4818 authenticated = 0x01;
61b43357
JH		 4819 break;
4820 default:
4821 continue;
4822 }
d7b25450 4823
35d70271 4824 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4825 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4826 key->rand);
346af67b
VCG		 4827 }
4828
715a5bf2
JH		 4829 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4830 NULL, 0);
4831
346af67b 4832 hci_dev_unlock(hdev);
346af67b 4833
715a5bf2 4834 return err;
346af67b
VCG		 4835}
4836
dd983808
AK		 4837struct cmd_conn_lookup {
4838 struct hci_conn *conn;
4839 bool valid_tx_power;
4840 u8 mgmt_status;
4841};
4842
4843static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4844{
4845 struct cmd_conn_lookup *match = data;
4846 struct mgmt_cp_get_conn_info *cp;
4847 struct mgmt_rp_get_conn_info rp;
4848 struct hci_conn *conn = cmd->user_data;
4849
4850 if (conn != match->conn)
4851 return;
4852
4853 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4854
4855 memset(&rp, 0, sizeof(rp));
4856 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4857 rp.addr.type = cp->addr.type;
4858
4859 if (!match->mgmt_status) {
4860 rp.rssi = conn->rssi;
4861
eed5daf3 4862 if (match->valid_tx_power) {
dd983808 4863 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4864 rp.max_tx_power = conn->max_tx_power;
4865 } else {
dd983808 4866 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4867 rp.max_tx_power = HCI_TX_POWER_INVALID;
4868 }
dd983808
AK		 4869 }
4870
4871 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4872 match->mgmt_status, &rp, sizeof(rp));
4873
4874 hci_conn_drop(conn);
4875
4876 mgmt_pending_remove(cmd);
4877}
4878
4879static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4880{
4881 struct hci_cp_read_rssi *cp;
4882 struct hci_conn *conn;
4883 struct cmd_conn_lookup match;
4884 u16 handle;
4885
4886 BT_DBG("status 0x%02x", status);
4887
4888 hci_dev_lock(hdev);
4889
4890 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4891 * otherwise we assume it's not valid. At the moment we assume that
4892 * either both or none of current and max values are valid to keep code
4893 * simple.
dd983808
AK		 4894 */
4895 match.valid_tx_power = !status;
4896
4897 /* Commands sent in request are either Read RSSI or Read Transmit Power
4898 * Level so we check which one was last sent to retrieve connection
4899 * handle. Both commands have handle as first parameter so it's safe to
4900 * cast data on the same command struct.
4901 *
4902 * First command sent is always Read RSSI and we fail only if it fails.
4903 * In other case we simply override error to indicate success as we
4904 * already remembered if TX power value is actually valid.
4905 */
4906 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4907 if (!cp) {
4908 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4909 status = 0;
4910 }
4911
4912 if (!cp) {
4913 BT_ERR("invalid sent_cmd in response");
4914 goto unlock;
4915 }
4916
4917 handle = __le16_to_cpu(cp->handle);
4918 conn = hci_conn_hash_lookup_handle(hdev, handle);
4919 if (!conn) {
4920 BT_ERR("unknown handle (%d) in response", handle);
4921 goto unlock;
4922 }
4923
4924 match.conn = conn;
4925 match.mgmt_status = mgmt_status(status);
4926
4927 /* Cache refresh is complete, now reply for mgmt request for given
4928 * connection only.
4929 */
4930 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4931 get_conn_info_complete, &match);
4932
4933unlock:
4934 hci_dev_unlock(hdev);
4935}
4936
4937static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4938 u16 len)
4939{
4940 struct mgmt_cp_get_conn_info *cp = data;
4941 struct mgmt_rp_get_conn_info rp;
4942 struct hci_conn *conn;
4943 unsigned long conn_info_age;
4944 int err = 0;
4945
4946 BT_DBG("%s", hdev->name);
4947
4948 memset(&rp, 0, sizeof(rp));
4949 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4950 rp.addr.type = cp->addr.type;
4951
4952 if (!bdaddr_type_is_valid(cp->addr.type))
4953 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4954 MGMT_STATUS_INVALID_PARAMS,
4955 &rp, sizeof(rp));
4956
4957 hci_dev_lock(hdev);
4958
4959 if (!hdev_is_powered(hdev)) {
4960 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4961 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4962 goto unlock;
4963 }
4964
4965 if (cp->addr.type == BDADDR_BREDR)
4966 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4967 &cp->addr.bdaddr);
4968 else
4969 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4970
4971 if (!conn || conn->state != BT_CONNECTED) {
4972 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4973 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4974 goto unlock;
4975 }
4976
4977 /* To avoid client trying to guess when to poll again for information we
4978 * calculate conn info age as random value between min/max set in hdev.
4979 */
4980 conn_info_age = hdev->conn_info_min_age +
4981 prandom_u32_max(hdev->conn_info_max_age -
4982 hdev->conn_info_min_age);
4983
4984 /* Query controller to refresh cached values if they are too old or were
4985 * never read.
4986 */
f4e2dd53
AK		 4987 if (time_after(jiffies, conn->conn_info_timestamp +
4988 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4989 !conn->conn_info_timestamp) {
4990 struct hci_request req;
4991 struct hci_cp_read_tx_power req_txp_cp;
4992 struct hci_cp_read_rssi req_rssi_cp;
4993 struct pending_cmd *cmd;
4994
4995 hci_req_init(&req, hdev);
4996 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4997 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4998 &req_rssi_cp);
4999
f7faab0c
AK		 5000 /* For LE links TX power does not change thus we don't need to
5001 * query for it once value is known.
5002 */
5003 if (!bdaddr_type_is_le(cp->addr.type) ||
5004 conn->tx_power == HCI_TX_POWER_INVALID) {
5005 req_txp_cp.handle = cpu_to_le16(conn->handle);
5006 req_txp_cp.type = 0x00;
5007 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5008 sizeof(req_txp_cp), &req_txp_cp);
5009 }
dd983808 5010
eed5daf3
AK		 5011 /* Max TX power needs to be read only once per connection */
5012 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5013 req_txp_cp.handle = cpu_to_le16(conn->handle);
5014 req_txp_cp.type = 0x01;
5015 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5016 sizeof(req_txp_cp), &req_txp_cp);
5017 }
5018
dd983808
AK		 5019 err = hci_req_run(&req, conn_info_refresh_complete);
5020 if (err < 0)
5021 goto unlock;
5022
5023 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5024 data, len);
5025 if (!cmd) {
5026 err = -ENOMEM;
5027 goto unlock;
5028 }
5029
5030 hci_conn_hold(conn);
5031 cmd->user_data = conn;
5032
5033 conn->conn_info_timestamp = jiffies;
5034 } else {
5035 /* Cache is valid, just reply with values cached in hci_conn */
5036 rp.rssi = conn->rssi;
5037 rp.tx_power = conn->tx_power;
eed5daf3 5038 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5039
5040 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5041 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5042 }
5043
5044unlock:
5045 hci_dev_unlock(hdev);
5046 return err;
5047}
5048
95868426
JH		 5049static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5050{
5051 struct mgmt_cp_get_clock_info *cp;
5052 struct mgmt_rp_get_clock_info rp;
5053 struct hci_cp_read_clock *hci_cp;
5054 struct pending_cmd *cmd;
5055 struct hci_conn *conn;
5056
5057 BT_DBG("%s status %u", hdev->name, status);
5058
5059 hci_dev_lock(hdev);
5060
5061 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5062 if (!hci_cp)
5063 goto unlock;
5064
5065 if (hci_cp->which) {
5066 u16 handle = __le16_to_cpu(hci_cp->handle);
5067 conn = hci_conn_hash_lookup_handle(hdev, handle);
5068 } else {
5069 conn = NULL;
5070 }
5071
5072 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5073 if (!cmd)
5074 goto unlock;
5075
5076 cp = cmd->param;
5077
5078 memset(&rp, 0, sizeof(rp));
5079 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5080
5081 if (status)
5082 goto send_rsp;
5083
5084 rp.local_clock = cpu_to_le32(hdev->clock);
5085
5086 if (conn) {
5087 rp.piconet_clock = cpu_to_le32(conn->clock);
5088 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5089 }
5090
5091send_rsp:
5092 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5093 &rp, sizeof(rp));
5094 mgmt_pending_remove(cmd);
5095 if (conn)
5096 hci_conn_drop(conn);
5097
5098unlock:
5099 hci_dev_unlock(hdev);
5100}
5101
5102static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5103 u16 len)
5104{
5105 struct mgmt_cp_get_clock_info *cp = data;
5106 struct mgmt_rp_get_clock_info rp;
5107 struct hci_cp_read_clock hci_cp;
5108 struct pending_cmd *cmd;
5109 struct hci_request req;
5110 struct hci_conn *conn;
5111 int err;
5112
5113 BT_DBG("%s", hdev->name);
5114
5115 memset(&rp, 0, sizeof(rp));
5116 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5117 rp.addr.type = cp->addr.type;
5118
5119 if (cp->addr.type != BDADDR_BREDR)
5120 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5121 MGMT_STATUS_INVALID_PARAMS,
5122 &rp, sizeof(rp));
5123
5124 hci_dev_lock(hdev);
5125
5126 if (!hdev_is_powered(hdev)) {
5127 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5128 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5129 goto unlock;
5130 }
5131
5132 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5133 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5134 &cp->addr.bdaddr);
5135 if (!conn || conn->state != BT_CONNECTED) {
5136 err = cmd_complete(sk, hdev->id,
5137 MGMT_OP_GET_CLOCK_INFO,
5138 MGMT_STATUS_NOT_CONNECTED,
5139 &rp, sizeof(rp));
5140 goto unlock;
5141 }
5142 } else {
5143 conn = NULL;
5144 }
5145
5146 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5147 if (!cmd) {
5148 err = -ENOMEM;
5149 goto unlock;
5150 }
5151
5152 hci_req_init(&req, hdev);
5153
5154 memset(&hci_cp, 0, sizeof(hci_cp));
5155 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5156
5157 if (conn) {
5158 hci_conn_hold(conn);
5159 cmd->user_data = conn;
5160
5161 hci_cp.handle = cpu_to_le16(conn->handle);
5162 hci_cp.which = 0x01; /* Piconet clock */
5163 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5164 }
5165
5166 err = hci_req_run(&req, get_clock_info_complete);
5167 if (err < 0)
5168 mgmt_pending_remove(cmd);
5169
5170unlock:
5171 hci_dev_unlock(hdev);
5172 return err;
5173}
5174
8afef092
MH		 5175static void device_added(struct sock *sk, struct hci_dev *hdev,
5176 bdaddr_t *bdaddr, u8 type, u8 action)
5177{
5178 struct mgmt_ev_device_added ev;
5179
5180 bacpy(&ev.addr.bdaddr, bdaddr);
5181 ev.addr.type = type;
5182 ev.action = action;
5183
5184 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5185}
5186
2faade53
MH		 5187static int add_device(struct sock *sk, struct hci_dev *hdev,
5188 void *data, u16 len)
5189{
5190 struct mgmt_cp_add_device *cp = data;
5191 u8 auto_conn, addr_type;
5192 int err;
5193
5194 BT_DBG("%s", hdev->name);
5195
5196 if (!bdaddr_type_is_le(cp->addr.type) ||
5197 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5198 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5199 MGMT_STATUS_INVALID_PARAMS,
5200 &cp->addr, sizeof(cp->addr));
5201
5202 if (cp->action != 0x00 && cp->action != 0x01)
5203 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5204 MGMT_STATUS_INVALID_PARAMS,
5205 &cp->addr, sizeof(cp->addr));
5206
5207 hci_dev_lock(hdev);
5208
5209 if (cp->addr.type == BDADDR_LE_PUBLIC)
5210 addr_type = ADDR_LE_DEV_PUBLIC;
5211 else
5212 addr_type = ADDR_LE_DEV_RANDOM;
5213
5214 if (cp->action)
5215 auto_conn = HCI_AUTO_CONN_ALWAYS;
5216 else
a3451d27 5217 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5218
bf5b3c8b
MH		 5219 /* If the connection parameters don't exist for this device,
5220 * they will be created and configured with defaults.
5221 */
d06b50ce
MH		 5222 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5223 auto_conn) < 0) {
2faade53
MH		 5224 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5225 MGMT_STATUS_FAILED,
5226 &cp->addr, sizeof(cp->addr));
5227 goto unlock;
5228 }
5229
8afef092
MH		 5230 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5231
2faade53
MH		 5232 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5233 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5234
5235unlock:
5236 hci_dev_unlock(hdev);
5237 return err;
5238}
5239
8afef092
MH		 5240static void device_removed(struct sock *sk, struct hci_dev *hdev,
5241 bdaddr_t *bdaddr, u8 type)
5242{
5243 struct mgmt_ev_device_removed ev;
5244
5245 bacpy(&ev.addr.bdaddr, bdaddr);
5246 ev.addr.type = type;
5247
5248 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5249}
5250
2faade53
MH		 5251static int remove_device(struct sock *sk, struct hci_dev *hdev,
5252 void *data, u16 len)
5253{
5254 struct mgmt_cp_remove_device *cp = data;
5255 int err;
5256
5257 BT_DBG("%s", hdev->name);
5258
5259 hci_dev_lock(hdev);
5260
5261 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5262 struct hci_conn_params *params;
2faade53
MH		 5263 u8 addr_type;
5264
5265 if (!bdaddr_type_is_le(cp->addr.type)) {
5266 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5267 MGMT_STATUS_INVALID_PARAMS,
5268 &cp->addr, sizeof(cp->addr));
5269 goto unlock;
5270 }
5271
5272 if (cp->addr.type == BDADDR_LE_PUBLIC)
5273 addr_type = ADDR_LE_DEV_PUBLIC;
5274 else
5275 addr_type = ADDR_LE_DEV_RANDOM;
5276
c71593dd
JH		 5277 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5278 addr_type);
5279 if (!params) {
5280 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5281 MGMT_STATUS_INVALID_PARAMS,
5282 &cp->addr, sizeof(cp->addr));
5283 goto unlock;
5284 }
5285
5286 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5287 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5288 MGMT_STATUS_INVALID_PARAMS,
5289 &cp->addr, sizeof(cp->addr));
5290 goto unlock;
5291 }
5292
d1dbf12e 5293 list_del(&params->action);
c71593dd
JH		 5294 list_del(&params->list);
5295 kfree(params);
95305baa 5296 hci_update_background_scan(hdev);
8afef092
MH		 5297
5298 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5299 } else {
19de0825
JH		 5300 struct hci_conn_params *p, *tmp;
5301
2faade53
MH		 5302 if (cp->addr.type) {
5303 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5304 MGMT_STATUS_INVALID_PARAMS,
5305 &cp->addr, sizeof(cp->addr));
5306 goto unlock;
5307 }
5308
19de0825
JH		 5309 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5310 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5311 continue;
5312 device_removed(sk, hdev, &p->addr, p->addr_type);
5313 list_del(&p->action);
5314 list_del(&p->list);
5315 kfree(p);
5316 }
5317
5318 BT_DBG("All LE connection parameters were removed");
5319
5320 hci_update_background_scan(hdev);
2faade53
MH		 5321 }
5322
5323 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5324 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5325
5326unlock:
5327 hci_dev_unlock(hdev);
5328 return err;
5329}
5330
a26f3dcf
JH		 5331static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5332 u16 len)
5333{
5334 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5335 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5336 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5337 u16 param_count, expected_len;
5338 int i;
5339
5340 if (!lmp_le_capable(hdev))
5341 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5342 MGMT_STATUS_NOT_SUPPORTED);
5343
5344 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5345 if (param_count > max_param_count) {
5346 BT_ERR("load_conn_param: too big param_count value %u",
5347 param_count);
5348 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5349 MGMT_STATUS_INVALID_PARAMS);
5350 }
a26f3dcf
JH		 5351
5352 expected_len = sizeof(*cp) + param_count *
5353 sizeof(struct mgmt_conn_param);
5354 if (expected_len != len) {
5355 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5356 expected_len, len);
5357 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5358 MGMT_STATUS_INVALID_PARAMS);
5359 }
5360
5361 BT_DBG("%s param_count %u", hdev->name, param_count);
5362
5363 hci_dev_lock(hdev);
5364
5365 hci_conn_params_clear_disabled(hdev);
5366
5367 for (i = 0; i < param_count; i++) {
5368 struct mgmt_conn_param *param = &cp->params[i];
5369 struct hci_conn_params *hci_param;
5370 u16 min, max, latency, timeout;
5371 u8 addr_type;
5372
5373 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5374 param->addr.type);
5375
5376 if (param->addr.type == BDADDR_LE_PUBLIC) {
5377 addr_type = ADDR_LE_DEV_PUBLIC;
5378 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5379 addr_type = ADDR_LE_DEV_RANDOM;
5380 } else {
5381 BT_ERR("Ignoring invalid connection parameters");
5382 continue;
5383 }
5384
5385 min = le16_to_cpu(param->min_interval);
5386 max = le16_to_cpu(param->max_interval);
5387 latency = le16_to_cpu(param->latency);
5388 timeout = le16_to_cpu(param->timeout);
5389
5390 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5391 min, max, latency, timeout);
5392
5393 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5394 BT_ERR("Ignoring invalid connection parameters");
5395 continue;
5396 }
5397
5398 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5399 addr_type);
5400 if (!hci_param) {
5401 BT_ERR("Failed to add connection parameters");
5402 continue;
5403 }
5404
5405 hci_param->conn_min_interval = min;
5406 hci_param->conn_max_interval = max;
5407 hci_param->conn_latency = latency;
5408 hci_param->supervision_timeout = timeout;
5409 }
5410
5411 hci_dev_unlock(hdev);
5412
5413 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5414}
5415
dbece37a
MH		 5416static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5417 void *data, u16 len)
5418{
5419 struct mgmt_cp_set_external_config *cp = data;
5420 bool changed;
5421 int err;
5422
5423 BT_DBG("%s", hdev->name);
5424
5425 if (hdev_is_powered(hdev))
5426 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5427 MGMT_STATUS_REJECTED);
5428
5429 if (cp->config != 0x00 && cp->config != 0x01)
5430 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5431 MGMT_STATUS_INVALID_PARAMS);
5432
5433 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5434 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5435 MGMT_STATUS_NOT_SUPPORTED);
5436
5437 hci_dev_lock(hdev);
5438
5439 if (cp->config)
5440 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5441 &hdev->dev_flags);
5442 else
5443 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5444 &hdev->dev_flags);
5445
5446 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5447 if (err < 0)
5448 goto unlock;
5449
5450 if (!changed)
5451 goto unlock;
5452
f4537c04
MH		 5453 err = new_options(hdev, sk);
5454
dbece37a
MH		 5455 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5456 mgmt_index_removed(hdev);
d603b76b
MH		 5457
5458 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5459 set_bit(HCI_CONFIG, &hdev->dev_flags);
5460 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5461
5462 queue_work(hdev->req_workqueue, &hdev->power_on);
5463 } else {
5ea234d3 5464 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5465 mgmt_index_added(hdev);
5466 }
dbece37a
MH		 5467 }
5468
5469unlock:
5470 hci_dev_unlock(hdev);
5471 return err;
5472}
5473
9713c17b
MH		 5474static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5475 void *data, u16 len)
5476{
5477 struct mgmt_cp_set_public_address *cp = data;
5478 bool changed;
5479 int err;
5480
5481 BT_DBG("%s", hdev->name);
5482
5483 if (hdev_is_powered(hdev))
5484 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5485 MGMT_STATUS_REJECTED);
5486
5487 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5488 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5489 MGMT_STATUS_INVALID_PARAMS);
5490
5491 if (!hdev->set_bdaddr)
5492 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5493 MGMT_STATUS_NOT_SUPPORTED);
5494
5495 hci_dev_lock(hdev);
5496
5497 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5498 bacpy(&hdev->public_addr, &cp->bdaddr);
5499
5500 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5501 if (err < 0)
5502 goto unlock;
5503
5504 if (!changed)
5505 goto unlock;
5506
5507 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5508 err = new_options(hdev, sk);
5509
5510 if (is_configured(hdev)) {
5511 mgmt_index_removed(hdev);
5512
5513 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5514
5515 set_bit(HCI_CONFIG, &hdev->dev_flags);
5516 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5517
5518 queue_work(hdev->req_workqueue, &hdev->power_on);
5519 }
5520
5521unlock:
5522 hci_dev_unlock(hdev);
5523 return err;
5524}
5525
2e3c35ea 5526static const struct mgmt_handler {
04124681
GP		 5527 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5528 u16 data_len);
be22b54e
JH		 5529 bool var_len;
5530 size_t data_len;
0f4e68cf
JH		 5531} mgmt_handlers[] = {
5532 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5533 { read_version, false, MGMT_READ_VERSION_SIZE },
5534 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5535 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5536 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5537 { set_powered, false, MGMT_SETTING_SIZE },
5538 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5539 { set_connectable, false, MGMT_SETTING_SIZE },
5540 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5541 { set_pairable, false, MGMT_SETTING_SIZE },
5542 { set_link_security, false, MGMT_SETTING_SIZE },
5543 { set_ssp, false, MGMT_SETTING_SIZE },
5544 { set_hs, false, MGMT_SETTING_SIZE },
5545 { set_le, false, MGMT_SETTING_SIZE },
5546 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5547 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5548 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5549 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5550 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5551 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5552 { disconnect, false, MGMT_DISCONNECT_SIZE },
5553 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5554 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5555 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5556 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5557 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5558 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5559 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5560 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5561 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5562 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5563 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5564 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5565 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5566 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5567 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5568 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5569 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5570 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5571 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5572 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5573 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5574 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5575 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5576 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5577 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5578 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5579 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5580 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5581 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5582 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5583 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5584 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5585 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5586 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5587 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5588 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5589 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5590};
5591
0381101f
JH		 5592int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5593{
650f726d
VCG		 5594 void *buf;
5595 u8 *cp;
0381101f 5596 struct mgmt_hdr *hdr;
4e51eae9 5597 u16 opcode, index, len;
bdb6d971 5598 struct hci_dev *hdev = NULL;
2e3c35ea 5599 const struct mgmt_handler *handler;
0381101f
JH		 5600 int err;
5601
5602 BT_DBG("got %zu bytes", msglen);
5603
5604 if (msglen < sizeof(*hdr))
5605 return -EINVAL;
5606
e63a15ec 5607 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5608 if (!buf)
5609 return -ENOMEM;
5610
5611 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5612 err = -EFAULT;
5613 goto done;
5614 }
5615
650f726d 5616 hdr = buf;
1f350c87
MH		 5617 opcode = __le16_to_cpu(hdr->opcode);
5618 index = __le16_to_cpu(hdr->index);
5619 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5620
5621 if (len != msglen - sizeof(*hdr)) {
5622 err = -EINVAL;
5623 goto done;
5624 }
5625
0f4e68cf 5626 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5627 hdev = hci_dev_get(index);
5628 if (!hdev) {
5629 err = cmd_status(sk, index, opcode,
04124681 5630 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5631 goto done;
5632 }
0736cfa8 5633
cebf4cfd 5634 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5635 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5636 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5637 err = cmd_status(sk, index, opcode,
5638 MGMT_STATUS_INVALID_INDEX);
5639 goto done;
5640 }
42a9bc14
MH		 5641
5642 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5643 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5644 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5645 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5646 err = cmd_status(sk, index, opcode,
5647 MGMT_STATUS_INVALID_INDEX);
5648 goto done;
5649 }
bdb6d971
JH		 5650 }
5651
0f4e68cf 5652 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5653 mgmt_handlers[opcode].func == NULL) {
0381101f 5654 BT_DBG("Unknown op %u", opcode);
ca69b795 5655 err = cmd_status(sk, index, opcode,
04124681 5656 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5657 goto done;
5658 }
5659
73d1df2a
MH		 5660 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5661 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5662 err = cmd_status(sk, index, opcode,
5663 MGMT_STATUS_INVALID_INDEX);
5664 goto done;
5665 }
5666
5667 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5668 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5669 err = cmd_status(sk, index, opcode,
04124681 5670 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5671 goto done;
0381101f
JH		 5672 }
5673
be22b54e
JH		 5674 handler = &mgmt_handlers[opcode];
5675
5676 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5677 (!handler->var_len && len != handler->data_len)) {
be22b54e 5678 err = cmd_status(sk, index, opcode,
04124681 5679 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5680 goto done;
5681 }
5682
0f4e68cf
JH		 5683 if (hdev)
5684 mgmt_init_hdev(sk, hdev);
5685
5686 cp = buf + sizeof(*hdr);
5687
be22b54e 5688 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5689 if (err < 0)
5690 goto done;
5691
0381101f
JH		 5692 err = msglen;
5693
5694done:
bdb6d971
JH		 5695 if (hdev)
5696 hci_dev_put(hdev);
5697
0381101f
JH		 5698 kfree(buf);
5699 return err;
5700}
c71e97bf 5701
bf6b56db 5702void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5703{
1514b892 5704 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5705 return;
bb4b2a9a 5706
0602a8ad
MH		 5707 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5708 return;
5709
5710 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5711 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5712 else
5713 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5714}
5715
bf6b56db 5716void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5717{
5f159032 5718 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5719
1514b892 5720 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5721 return;
bb4b2a9a 5722
0602a8ad
MH		 5723 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5724 return;
5725
744cf19e 5726 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5727
edd3896b
MH		 5728 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5729 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5730 else
5731 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5732}
5733
6046dc3e 5734/* This function requires the caller holds hdev->lock */
d7347f3c 5735static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5736{
5737 struct hci_conn_params *p;
5738
5739 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5740 /* Needed for AUTO_OFF case where might not "really"
5741 * have been powered off.
5742 */
5743 list_del_init(&p->action);
5744
5745 switch (p->auto_connect) {
5746 case HCI_AUTO_CONN_ALWAYS:
5747 list_add(&p->action, &hdev->pend_le_conns);
5748 break;
5749 case HCI_AUTO_CONN_REPORT:
5750 list_add(&p->action, &hdev->pend_le_reports);
5751 break;
5752 default:
5753 break;
c83ed19d 5754 }
6046dc3e 5755 }
c83ed19d 5756
c83ed19d 5757 hci_update_background_scan(hdev);
6046dc3e
AG		 5758}
5759
229ab39c
JH		 5760static void powered_complete(struct hci_dev *hdev, u8 status)
5761{
5762 struct cmd_lookup match = { NULL, hdev };
5763
5764 BT_DBG("status 0x%02x", status);
5765
5766 hci_dev_lock(hdev);
5767
d7347f3c 5768 restart_le_actions(hdev);
6046dc3e 5769
229ab39c
JH		 5770 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5771
5772 new_settings(hdev, match.sk);
5773
5774 hci_dev_unlock(hdev);
5775
5776 if (match.sk)
5777 sock_put(match.sk);
5778}
5779
70da6243 5780static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5781{
890ea898 5782 struct hci_request req;
70da6243 5783 u8 link_sec;
5add6af8 5784
890ea898
JH		 5785 hci_req_init(&req, hdev);
5786
70da6243
JH		 5787 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5788 !lmp_host_ssp_capable(hdev)) {
5789 u8 ssp = 1;
5e5282bb 5790
890ea898 5791 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5792 }
5add6af8 5793
c73eee91
JH		 5794 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5795 lmp_bredr_capable(hdev)) {
70da6243 5796 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5797
70da6243
JH		 5798 cp.le = 1;
5799 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5800
70da6243
JH		 5801 /* Check first if we already have the right
5802 * host state (host features set)
5803 */
5804 if (cp.le != lmp_host_le_capable(hdev) ||
5805 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5806 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5807 sizeof(cp), &cp);
70da6243 5808 }
3d1cbdd6 5809
d13eafce 5810 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5811 /* Make sure the controller has a good default for
5812 * advertising data. This also applies to the case
5813 * where BR/EDR was toggled during the AUTO_OFF phase.
5814 */
f14d8f64 5815 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5816 update_adv_data(&req);
f14d8f64
MH		 5817 update_scan_rsp_data(&req);
5818 }
441ad2d0 5819
bba3aa55
MH		 5820 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5821 enable_advertising(&req);
eeca6f89
JH		 5822 }
5823
70da6243
JH		 5824 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5825 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5826 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5827 sizeof(link_sec), &link_sec);
562fcc24 5828
70da6243 5829 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5830 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5831 set_bredr_scan(&req);
890ea898 5832 update_class(&req);
13928971 5833 update_name(&req);
890ea898 5834 update_eir(&req);
70da6243 5835 }
562fcc24 5836
229ab39c 5837 return hci_req_run(&req, powered_complete);
70da6243 5838}
562fcc24 5839
70da6243
JH		 5840int mgmt_powered(struct hci_dev *hdev, u8 powered)
5841{
5842 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5843 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5844 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5845 int err;
f0ff92fb 5846
70da6243
JH		 5847 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5848 return 0;
5849
70da6243 5850 if (powered) {
229ab39c
JH		 5851 if (powered_update_hci(hdev) == 0)
5852 return 0;
fe038884 5853
229ab39c
JH		 5854 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5855 &match);
5856 goto new_settings;
b24752fe
JH		 5857 }
5858
229ab39c
JH		 5859 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5860 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5861
5862 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5863 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5864 zero_cod, sizeof(zero_cod), NULL);
5865
5866new_settings:
beadb2bd 5867 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5868
5869 if (match.sk)
5870 sock_put(match.sk);
5871
7bb895d6 5872 return err;
5add6af8 5873}
73f22f62 5874
3eec705e 5875void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5876{
5877 struct pending_cmd *cmd;
5878 u8 status;
5879
5880 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5881 if (!cmd)
3eec705e 5882 return;
96570ffc
JH		 5883
5884 if (err == -ERFKILL)
5885 status = MGMT_STATUS_RFKILLED;
5886 else
5887 status = MGMT_STATUS_FAILED;
5888
3eec705e 5889 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5890
5891 mgmt_pending_remove(cmd);
96570ffc
JH		 5892}
5893
d1967ff8
MH		 5894void mgmt_discoverable_timeout(struct hci_dev *hdev)
5895{
5896 struct hci_request req;
d1967ff8
MH		 5897
5898 hci_dev_lock(hdev);
5899
5900 /* When discoverable timeout triggers, then just make sure
5901 * the limited discoverable flag is cleared. Even in the case
5902 * of a timeout triggered from general discoverable, it is
5903 * safe to unconditionally clear the flag.
5904 */
5905 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5906 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5907
5908 hci_req_init(&req, hdev);
4b580614
JH		 5909 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5910 u8 scan = SCAN_PAGE;
5911 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5912 sizeof(scan), &scan);
5913 }
d1967ff8 5914 update_class(&req);
9a43e25f 5915 update_adv_data(&req);
d1967ff8
MH		 5916 hci_req_run(&req, NULL);
5917
5918 hdev->discov_timeout = 0;
5919
9a43e25f
JH		 5920 new_settings(hdev, NULL);
5921
d1967ff8
MH		 5922 hci_dev_unlock(hdev);
5923}
5924
86a75645 5925void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5926{
86a75645 5927 bool changed;
73f22f62 5928
bfaf8c9f
JH		 5929 /* Nothing needed here if there's a pending command since that
5930 * commands request completion callback takes care of everything
5931 * necessary.
5932 */
5933 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5934 return;
bfaf8c9f 5935
bd107999
JH		 5936 /* Powering off may clear the scan mode - don't let that interfere */
5937 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5938 return;
5939
9a43e25f 5940 if (discoverable) {
86a75645 5941 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5942 } else {
5943 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5944 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5945 }
5946
5947 if (changed) {
5948 struct hci_request req;
5949
5950 /* In case this change in discoverable was triggered by
5951 * a disabling of connectable there could be a need to
5952 * update the advertising flags.
5953 */
5954 hci_req_init(&req, hdev);
5955 update_adv_data(&req);
5956 hci_req_run(&req, NULL);
73f22f62 5957
86a75645 5958 new_settings(hdev, NULL);
9a43e25f 5959 }
73f22f62 5960}
9fbcbb45 5961
a330916c 5962void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5963{
a330916c 5964 bool changed;
9fbcbb45 5965
d7b856f9
JH		 5966 /* Nothing needed here if there's a pending command since that
5967 * commands request completion callback takes care of everything
5968 * necessary.
5969 */
5970 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5971 return;
d7b856f9 5972
ce3f24cf
JH		 5973 /* Powering off may clear the scan mode - don't let that interfere */
5974 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5975 return;
5976
a330916c
MH		 5977 if (connectable)
5978 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5979 else
5980 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5981
beadb2bd 5982 if (changed)
a330916c 5983 new_settings(hdev, NULL);
9fbcbb45 5984}
55ed8ca1 5985
4796e8af 5986void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5987{
ca69b795
JH		 5988 u8 mgmt_err = mgmt_status(status);
5989
2d7cee58 5990 if (scan & SCAN_PAGE)
744cf19e 5991 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5992 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5993
5994 if (scan & SCAN_INQUIRY)
744cf19e 5995 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5996 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5997}
5998
dc4a5ee2
MH		 5999void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6000 bool persistent)
55ed8ca1 6001{
86742e1e 6002 struct mgmt_ev_new_link_key ev;
55ed8ca1 6003
a492cd52 6004 memset(&ev, 0, sizeof(ev));
55ed8ca1 6005
a492cd52 6006 ev.store_hint = persistent;
d753fdc4 6007 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6008 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6009 ev.key.type = key->type;
9b3b4460 6010 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6011 ev.key.pin_len = key->pin_len;
55ed8ca1 6012
dc4a5ee2 6013 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6014}
f7520543 6015
d7b25450
JH		 6016static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6017{
6018 if (ltk->authenticated)
6019 return MGMT_LTK_AUTHENTICATED;
6020
6021 return MGMT_LTK_UNAUTHENTICATED;
6022}
6023
53ac6ab6 6024void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6025{
6026 struct mgmt_ev_new_long_term_key ev;
6027
6028 memset(&ev, 0, sizeof(ev));
6029
5192d301
MH		 6030 /* Devices using resolvable or non-resolvable random addresses
6031 * without providing an indentity resolving key don't require
6032 * to store long term keys. Their addresses will change the
6033 * next time around.
6034 *
6035 * Only when a remote device provides an identity address
6036 * make sure the long term key is stored. If the remote
6037 * identity is known, the long term keys are internally
6038 * mapped to the identity address. So allow static random
6039 * and public addresses here.
6040 */
ba74b666
JH		 6041 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6042 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6043 ev.store_hint = 0x00;
6044 else
53ac6ab6 6045 ev.store_hint = persistent;
ba74b666 6046
346af67b 6047 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6048 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6049 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6050 ev.key.enc_size = key->enc_size;
6051 ev.key.ediv = key->ediv;
fe39c7b2 6052 ev.key.rand = key->rand;
346af67b 6053
2ceba539 6054 if (key->type == SMP_LTK)
346af67b
VCG		 6055 ev.key.master = 1;
6056
346af67b
VCG		 6057 memcpy(ev.key.val, key->val, sizeof(key->val));
6058
083368f7 6059 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6060}
6061
95fbac8a
JH		 6062void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6063{
6064 struct mgmt_ev_new_irk ev;
6065
6066 memset(&ev, 0, sizeof(ev));
6067
bab6d1e5
MH		 6068 /* For identity resolving keys from devices that are already
6069 * using a public address or static random address, do not
6070 * ask for storing this key. The identity resolving key really
6071 * is only mandatory for devices using resovlable random
6072 * addresses.
6073 *
6074 * Storing all identity resolving keys has the downside that
6075 * they will be also loaded on next boot of they system. More
6076 * identity resolving keys, means more time during scanning is
6077 * needed to actually resolve these addresses.
6078 */
6079 if (bacmp(&irk->rpa, BDADDR_ANY))
6080 ev.store_hint = 0x01;
6081 else
6082 ev.store_hint = 0x00;
6083
95fbac8a
JH		 6084 bacpy(&ev.rpa, &irk->rpa);
6085 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6086 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6087 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6088
6089 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6090}
6091
53ac6ab6
MH		 6092void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6093 bool persistent)
7ee4ea36
MH		 6094{
6095 struct mgmt_ev_new_csrk ev;
6096
6097 memset(&ev, 0, sizeof(ev));
6098
6099 /* Devices using resolvable or non-resolvable random addresses
6100 * without providing an indentity resolving key don't require
6101 * to store signature resolving keys. Their addresses will change
6102 * the next time around.
6103 *
6104 * Only when a remote device provides an identity address
6105 * make sure the signature resolving key is stored. So allow
6106 * static random and public addresses here.
6107 */
6108 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6109 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6110 ev.store_hint = 0x00;
6111 else
53ac6ab6 6112 ev.store_hint = persistent;
7ee4ea36
MH		 6113
6114 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6115 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6116 ev.key.master = csrk->master;
6117 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6118
6119 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6120}
6121
ffb5a827 6122void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6123 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6124 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6125{
6126 struct mgmt_ev_new_conn_param ev;
6127
c103aea6
JH		 6128 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6129 return;
6130
ffb5a827
AG		 6131 memset(&ev, 0, sizeof(ev));
6132 bacpy(&ev.addr.bdaddr, bdaddr);
6133 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6134 ev.store_hint = store_hint;
ffb5a827
AG		 6135 ev.min_interval = cpu_to_le16(min_interval);
6136 ev.max_interval = cpu_to_le16(max_interval);
6137 ev.latency = cpu_to_le16(latency);
6138 ev.timeout = cpu_to_le16(timeout);
6139
6140 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6141}
6142
94933991
MH		 6143static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6144 u8 data_len)
6145{
6146 eir[eir_len++] = sizeof(type) + data_len;
6147 eir[eir_len++] = type;
6148 memcpy(&eir[eir_len], data, data_len);
6149 eir_len += data_len;
6150
6151 return eir_len;
6152}
6153
ecd90ae7
MH		 6154void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6155 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6156 u8 *dev_class)
f7520543 6157{
b644ba33
JH		 6158 char buf[512];
6159 struct mgmt_ev_device_connected *ev = (void *) buf;
6160 u16 eir_len = 0;
f7520543 6161
b644ba33 6162 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6163 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6164
c95f0ba7 6165 ev->flags = __cpu_to_le32(flags);
08c79b61 6166
b644ba33
JH		 6167 if (name_len > 0)
6168 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6169 name, name_len);
b644ba33
JH		 6170
6171 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6172 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6173 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6174
eb55ef07 6175 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6176
ecd90ae7
MH		 6177 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6178 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6179}
6180
8962ee74
JH		 6181static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6182{
c68fb7ff 6183 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6184 struct sock **sk = data;
a38528f1 6185 struct mgmt_rp_disconnect rp;
8962ee74 6186
88c3df13
JH		 6187 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6188 rp.addr.type = cp->addr.type;
8962ee74 6189
aee9b218 6190 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6191 sizeof(rp));
8962ee74
JH		 6192
6193 *sk = cmd->sk;
6194 sock_hold(*sk);
6195
a664b5bc 6196 mgmt_pending_remove(cmd);
8962ee74
JH		 6197}
6198
124f6e35 6199static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6200{
b1078ad0 6201 struct hci_dev *hdev = data;
124f6e35
JH		 6202 struct mgmt_cp_unpair_device *cp = cmd->param;
6203 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6204
6205 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6206 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6207 rp.addr.type = cp->addr.type;
a8a1d19e 6208
b1078ad0
JH		 6209 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6210
aee9b218 6211 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6212
6213 mgmt_pending_remove(cmd);
6214}
6215
9b80ec5e 6216void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6217 u8 link_type, u8 addr_type, u8 reason,
6218 bool mgmt_connected)
f7520543 6219{
f0d6a0ea 6220 struct mgmt_ev_device_disconnected ev;
8b064a3a 6221 struct pending_cmd *power_off;
8962ee74 6222 struct sock *sk = NULL;
8962ee74 6223
8b064a3a
JH		 6224 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6225 if (power_off) {
6226 struct mgmt_mode *cp = power_off->param;
6227
6228 /* The connection is still in hci_conn_hash so test for 1
6229 * instead of 0 to know if this is the last one.
6230 */
a3172b7e
JH		 6231 if (!cp->val && hci_conn_count(hdev) == 1) {
6232 cancel_delayed_work(&hdev->power_off);
8b064a3a 6233 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6234 }
8b064a3a
JH		 6235 }
6236
12d4a3b2
JH		 6237 if (!mgmt_connected)
6238 return;
6239
57eb776f
AG		 6240 if (link_type != ACL_LINK && link_type != LE_LINK)
6241 return;
6242
744cf19e 6243 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6244
f0d6a0ea
MA		 6245 bacpy(&ev.addr.bdaddr, bdaddr);
6246 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6247 ev.reason = reason;
f7520543 6248
9b80ec5e 6249 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6250
6251 if (sk)
d97dcb66 6252 sock_put(sk);
8962ee74 6253
124f6e35 6254 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6255 hdev);
8962ee74
JH		 6256}
6257
7892924c
MH		 6258void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6259 u8 link_type, u8 addr_type, u8 status)
8962ee74 6260{
3655bba8
AG		 6261 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6262 struct mgmt_cp_disconnect *cp;
88c3df13 6263 struct mgmt_rp_disconnect rp;
8962ee74 6264 struct pending_cmd *cmd;
8962ee74 6265
36a75f1b
JD		 6266 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6267 hdev);
6268
2e58ef3e 6269 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6270 if (!cmd)
7892924c 6271 return;
8962ee74 6272
3655bba8
AG		 6273 cp = cmd->param;
6274
6275 if (bacmp(bdaddr, &cp->addr.bdaddr))
6276 return;
6277
6278 if (cp->addr.type != bdaddr_type)
6279 return;
6280
88c3df13 6281 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6282 rp.addr.type = bdaddr_type;
37d9ef76 6283
7892924c
MH		 6284 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6285 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6286
a664b5bc 6287 mgmt_pending_remove(cmd);
f7520543 6288}
17d5c04c 6289
445608d0
MH		 6290void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6291 u8 addr_type, u8 status)
17d5c04c
JH		 6292{
6293 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6294 struct pending_cmd *power_off;
6295
6296 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6297 if (power_off) {
6298 struct mgmt_mode *cp = power_off->param;
6299
6300 /* The connection is still in hci_conn_hash so test for 1
6301 * instead of 0 to know if this is the last one.
6302 */
a3172b7e
JH		 6303 if (!cp->val && hci_conn_count(hdev) == 1) {
6304 cancel_delayed_work(&hdev->power_off);
c9910d0f 6305 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6306 }
c9910d0f 6307 }
17d5c04c 6308
4c659c39 6309 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6310 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6311 ev.status = mgmt_status(status);
17d5c04c 6312
445608d0 6313 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6314}
980e1a53 6315
ce0e4a0d 6316void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6317{
6318 struct mgmt_ev_pin_code_request ev;
6319
d8457698 6320 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6321 ev.addr.type = BDADDR_BREDR;
a770bb5a 6322 ev.secure = secure;
980e1a53 6323
ce0e4a0d 6324 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6325}
6326
e669cf80
MH		 6327void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6328 u8 status)
980e1a53
JH		 6329{
6330 struct pending_cmd *cmd;
ac56fb13 6331 struct mgmt_rp_pin_code_reply rp;
980e1a53 6332
2e58ef3e 6333 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6334 if (!cmd)
e669cf80 6335 return;
980e1a53 6336
d8457698 6337 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6338 rp.addr.type = BDADDR_BREDR;
ac56fb13 6339
e669cf80
MH		 6340 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6341 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6342
a664b5bc 6343 mgmt_pending_remove(cmd);
980e1a53
JH		 6344}
6345
3eb38528
MH		 6346void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6347 u8 status)
980e1a53
JH		 6348{
6349 struct pending_cmd *cmd;
ac56fb13 6350 struct mgmt_rp_pin_code_reply rp;
980e1a53 6351
2e58ef3e 6352 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6353 if (!cmd)
3eb38528 6354 return;
980e1a53 6355
d8457698 6356 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6357 rp.addr.type = BDADDR_BREDR;
ac56fb13 6358
3eb38528
MH		 6359 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6360 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6361
a664b5bc 6362 mgmt_pending_remove(cmd);
980e1a53 6363}
a5c29683 6364
744cf19e 6365int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6366 u8 link_type, u8 addr_type, u32 value,
04124681 6367 u8 confirm_hint)
a5c29683
JH		 6368{
6369 struct mgmt_ev_user_confirm_request ev;
6370
744cf19e 6371 BT_DBG("%s", hdev->name);
a5c29683 6372
272d90df 6373 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6374 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6375 ev.confirm_hint = confirm_hint;
39adbffe 6376 ev.value = cpu_to_le32(value);
a5c29683 6377
744cf19e 6378 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6379 NULL);
a5c29683
JH		 6380}
6381
272d90df 6382int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6383 u8 link_type, u8 addr_type)
604086b7
BG		 6384{
6385 struct mgmt_ev_user_passkey_request ev;
6386
6387 BT_DBG("%s", hdev->name);
6388
272d90df 6389 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6390 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6391
6392 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6393 NULL);
604086b7
BG		 6394}
6395
0df4c185 6396static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6397 u8 link_type, u8 addr_type, u8 status,
6398 u8 opcode)
a5c29683
JH		 6399{
6400 struct pending_cmd *cmd;
6401 struct mgmt_rp_user_confirm_reply rp;
6402 int err;
6403
2e58ef3e 6404 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6405 if (!cmd)
6406 return -ENOENT;
6407
272d90df 6408 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6409 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6410 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6411 &rp, sizeof(rp));
a5c29683 6412
a664b5bc 6413 mgmt_pending_remove(cmd);
a5c29683
JH		 6414
6415 return err;
6416}
6417
744cf19e 6418int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6419 u8 link_type, u8 addr_type, u8 status)
a5c29683 6420{
272d90df 6421 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6422 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6423}
6424
272d90df 6425int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6426 u8 link_type, u8 addr_type, u8 status)
a5c29683 6427{
272d90df 6428 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6429 status,
6430 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6431}
2a611692 6432
604086b7 6433int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6434 u8 link_type, u8 addr_type, u8 status)
604086b7 6435{
272d90df 6436 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6437 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6438}
6439
272d90df 6440int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6441 u8 link_type, u8 addr_type, u8 status)
604086b7 6442{
272d90df 6443 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6444 status,
6445 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6446}
6447
92a25256
JH		 6448int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6449 u8 link_type, u8 addr_type, u32 passkey,
6450 u8 entered)
6451{
6452 struct mgmt_ev_passkey_notify ev;
6453
6454 BT_DBG("%s", hdev->name);
6455
6456 bacpy(&ev.addr.bdaddr, bdaddr);
6457 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6458 ev.passkey = __cpu_to_le32(passkey);
6459 ev.entered = entered;
6460
6461 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6462}
6463
e546099c
MH		 6464void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6465 u8 addr_type, u8 status)
2a611692
JH		 6466{
6467 struct mgmt_ev_auth_failed ev;
6468
bab73cb6 6469 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6470 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6471 ev.status = mgmt_status(status);
2a611692 6472
e546099c 6473 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6474}
b312b161 6475
464996ae 6476void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6477{
6478 struct cmd_lookup match = { NULL, hdev };
464996ae 6479 bool changed;
33ef95ed
JH		 6480
6481 if (status) {
6482 u8 mgmt_err = mgmt_status(status);
6483 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6484 cmd_status_rsp, &mgmt_err);
464996ae 6485 return;
33ef95ed
JH		 6486 }
6487
464996ae
MH		 6488 if (test_bit(HCI_AUTH, &hdev->flags))
6489 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6490 &hdev->dev_flags);
6491 else
6492 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6493 &hdev->dev_flags);
47990ea0 6494
33ef95ed 6495 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6496 &match);
33ef95ed 6497
47990ea0 6498 if (changed)
464996ae 6499 new_settings(hdev, match.sk);
33ef95ed
JH		 6500
6501 if (match.sk)
6502 sock_put(match.sk);
33ef95ed
JH		 6503}
6504
890ea898 6505static void clear_eir(struct hci_request *req)
cacaf52f 6506{
890ea898 6507 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6508 struct hci_cp_write_eir cp;
6509
976eb20e 6510 if (!lmp_ext_inq_capable(hdev))
890ea898 6511 return;
cacaf52f 6512
c80da27e
JH		 6513 memset(hdev->eir, 0, sizeof(hdev->eir));
6514
cacaf52f
JH		 6515 memset(&cp, 0, sizeof(cp));
6516
890ea898 6517 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6518}
6519
3e248560 6520void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6521{
6522 struct cmd_lookup match = { NULL, hdev };
890ea898 6523 struct hci_request req;
c0ecddc2 6524 bool changed = false;
ed2c4ee3
JH		 6525
6526 if (status) {
6527 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6528
6529 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6530 &hdev->dev_flags)) {
6531 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6532 new_settings(hdev, NULL);
9ecb3e24 6533 }
c0ecddc2 6534
04124681
GP		 6535 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6536 &mgmt_err);
3e248560 6537 return;
c0ecddc2
JH		 6538 }
6539
6540 if (enable) {
9ecb3e24 6541 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6542 } else {
9ecb3e24
MH		 6543 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6544 if (!changed)
6545 changed = test_and_clear_bit(HCI_HS_ENABLED,
6546 &hdev->dev_flags);
6547 else
6548 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6549 }
6550
6551 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6552
c0ecddc2 6553 if (changed)
3e248560 6554 new_settings(hdev, match.sk);
ed2c4ee3 6555
5fc6ebb1 6556 if (match.sk)
ed2c4ee3
JH		 6557 sock_put(match.sk);
6558
890ea898
JH		 6559 hci_req_init(&req, hdev);
6560
3769972b
JH		 6561 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6562 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6563 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6564 sizeof(enable), &enable);
890ea898 6565 update_eir(&req);
3769972b 6566 } else {
890ea898 6567 clear_eir(&req);
3769972b 6568 }
890ea898
JH		 6569
6570 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6571}
6572
eac83dc6
MH		 6573void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6574{
6575 struct cmd_lookup match = { NULL, hdev };
6576 bool changed = false;
6577
6578 if (status) {
6579 u8 mgmt_err = mgmt_status(status);
6580
0ab04a9c
MH		 6581 if (enable) {
6582 if (test_and_clear_bit(HCI_SC_ENABLED,
6583 &hdev->dev_flags))
6584 new_settings(hdev, NULL);
6585 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6586 }
eac83dc6
MH		 6587
6588 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6589 cmd_status_rsp, &mgmt_err);
6590 return;
6591 }
6592
0ab04a9c 6593 if (enable) {
eac83dc6 6594 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6595 } else {
eac83dc6 6596 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6597 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6598 }
eac83dc6
MH		 6599
6600 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6601 settings_rsp, &match);
6602
6603 if (changed)
6604 new_settings(hdev, match.sk);
6605
6606 if (match.sk)
6607 sock_put(match.sk);
6608}
6609
92da6097 6610static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6611{
6612 struct cmd_lookup *match = data;
6613
90e70454
JH		 6614 if (match->sk == NULL) {
6615 match->sk = cmd->sk;
6616 sock_hold(match->sk);
6617 }
90e70454
JH		 6618}
6619
4e1b0245
MH		 6620void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6621 u8 status)
7f9a903c 6622{
90e70454 6623 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6624
92da6097
JH		 6625 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6626 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6627 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6628
6629 if (!status)
4e1b0245
MH		 6630 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6631 NULL);
90e70454
JH		 6632
6633 if (match.sk)
6634 sock_put(match.sk);
7f9a903c
MH		 6635}
6636
7667da34 6637void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6638{
b312b161 6639 struct mgmt_cp_set_local_name ev;
13928971 6640 struct pending_cmd *cmd;
28cc7bde 6641
13928971 6642 if (status)
7667da34 6643 return;
b312b161
JH		 6644
6645 memset(&ev, 0, sizeof(ev));
6646 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6647 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6648
2e58ef3e 6649 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6650 if (!cmd) {
6651 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6652
13928971
JH		 6653 /* If this is a HCI command related to powering on the
6654 * HCI dev don't send any mgmt signals.
6655 */
6656 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6657 return;
890ea898 6658 }
b312b161 6659
7667da34
MH		 6660 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6661 cmd ? cmd->sk : NULL);
b312b161 6662}
c35938b2 6663
4d2d2796
MH		 6664void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6665 u8 *randomizer192, u8 *hash256,
6666 u8 *randomizer256, u8 status)
c35938b2
SJ		 6667{
6668 struct pending_cmd *cmd;
c35938b2 6669
744cf19e 6670 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6671
2e58ef3e 6672 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6673 if (!cmd)
3edaf092 6674 return;
c35938b2
SJ		 6675
6676 if (status) {
3edaf092
MH		 6677 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6678 mgmt_status(status));
c35938b2 6679 } else {
4d2d2796
MH		 6680 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6681 hash256 && randomizer256) {
6682 struct mgmt_rp_read_local_oob_ext_data rp;
6683
6684 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6685 memcpy(rp.randomizer192, randomizer192,
6686 sizeof(rp.randomizer192));
c35938b2 6687
4d2d2796
MH		 6688 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6689 memcpy(rp.randomizer256, randomizer256,
6690 sizeof(rp.randomizer256));
c35938b2 6691
4d2d2796
MH		 6692 cmd_complete(cmd->sk, hdev->id,
6693 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6694 &rp, sizeof(rp));
6695 } else {
6696 struct mgmt_rp_read_local_oob_data rp;
6697
6698 memcpy(rp.hash, hash192, sizeof(rp.hash));
6699 memcpy(rp.randomizer, randomizer192,
6700 sizeof(rp.randomizer));
6701
6702 cmd_complete(cmd->sk, hdev->id,
6703 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6704 &rp, sizeof(rp));
6705 }
c35938b2
SJ		 6706 }
6707
6708 mgmt_pending_remove(cmd);
c35938b2 6709}
e17acd40 6710
901801b9 6711void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6712 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6713 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6714{
e319d2e7
JH		 6715 char buf[512];
6716 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6717 size_t ev_size;
e17acd40 6718
75ce208c
JH		 6719 /* Don't send events for a non-kernel initiated discovery. With
6720 * LE one exception is if we have pend_le_reports > 0 in which
6721 * case we're doing passive scanning and want these events.
6722 */
6723 if (!hci_discovery_active(hdev)) {
6724 if (link_type == ACL_LINK)
6725 return;
66f8455a 6726 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6727 return;
6728 }
12602d0c 6729
5d2e9fad
JH		 6730 /* Make sure that the buffer is big enough. The 5 extra bytes
6731 * are for the potential CoD field.
6732 */
6733 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6734 return;
7d262f86 6735
1dc06093
JH		 6736 memset(buf, 0, sizeof(buf));
6737
841c5644
JH		 6738 bacpy(&ev->addr.bdaddr, bdaddr);
6739 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6740 ev->rssi = rssi;
af58925c 6741 ev->flags = cpu_to_le32(flags);
e17acd40 6742
1dc06093 6743 if (eir_len > 0)
e319d2e7 6744 memcpy(ev->eir, eir, eir_len);
e17acd40 6745
1dc06093
JH		 6746 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6747 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6748 dev_class, 3);
1dc06093 6749
5d2e9fad
JH		 6750 if (scan_rsp_len > 0)
6751 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6752
6753 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6754 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6755
901801b9 6756 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6757}
a88a9652 6758
9cf12aee
MH		 6759void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6760 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6761{
b644ba33
JH		 6762 struct mgmt_ev_device_found *ev;
6763 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6764 u16 eir_len;
a88a9652 6765
b644ba33 6766 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6767
b644ba33
JH		 6768 memset(buf, 0, sizeof(buf));
6769
6770 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6771 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6772 ev->rssi = rssi;
6773
6774 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6775 name_len);
b644ba33 6776
eb55ef07 6777 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6778
9cf12aee 6779 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6780}
314b2381 6781
2f1e063b 6782void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6783{
f963e8e9 6784 struct mgmt_ev_discovering ev;
164a6e78
JH		 6785 struct pending_cmd *cmd;
6786
343fb145
AG		 6787 BT_DBG("%s discovering %u", hdev->name, discovering);
6788
164a6e78 6789 if (discovering)
2e58ef3e 6790 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6791 else
2e58ef3e 6792 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6793
6794 if (cmd != NULL) {
f808e166
JH		 6795 u8 type = hdev->discovery.type;
6796
04124681
GP		 6797 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6798 sizeof(type));
164a6e78
JH		 6799 mgmt_pending_remove(cmd);
6800 }
6801
f963e8e9
JH		 6802 memset(&ev, 0, sizeof(ev));
6803 ev.type = hdev->discovery.type;
6804 ev.discovering = discovering;
6805
2f1e063b 6806 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6807}
5e762444 6808
5976e608
MH		 6809static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6810{
6811 BT_DBG("%s status %u", hdev->name, status);
6812
6813 /* Clear the advertising mgmt setting if we failed to re-enable it */
6814 if (status) {
6815 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6816 new_settings(hdev, NULL);
5976e608
MH		 6817 }
6818}
6819
6820void mgmt_reenable_advertising(struct hci_dev *hdev)
6821{
6822 struct hci_request req;
6823
b145edcd 6824 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6825 return;
6826
6827 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6828 return;
6829
6830 hci_req_init(&req, hdev);
6831 enable_advertising(&req);
6832
6833 /* If this fails we have no option but to let user space know
6834 * that we've disabled advertising.
6835 */
6836 if (hci_req_run(&req, adv_enable_complete) < 0) {
6837 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6838 new_settings(hdev, NULL);
5976e608
MH		 6839 }
6840}
Linux kernel - Deliverables
This page took 0.721576 seconds and 5 git commands to generate.