projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Increment management interface revision
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
e70bb2e8
JH		 88};
89
90static const u16 mgmt_events[] = {
91 MGMT_EV_CONTROLLER_ERROR,
92 MGMT_EV_INDEX_ADDED,
93 MGMT_EV_INDEX_REMOVED,
94 MGMT_EV_NEW_SETTINGS,
95 MGMT_EV_CLASS_OF_DEV_CHANGED,
96 MGMT_EV_LOCAL_NAME_CHANGED,
97 MGMT_EV_NEW_LINK_KEY,
98 MGMT_EV_NEW_LONG_TERM_KEY,
99 MGMT_EV_DEVICE_CONNECTED,
100 MGMT_EV_DEVICE_DISCONNECTED,
101 MGMT_EV_CONNECT_FAILED,
102 MGMT_EV_PIN_CODE_REQUEST,
103 MGMT_EV_USER_CONFIRM_REQUEST,
104 MGMT_EV_USER_PASSKEY_REQUEST,
105 MGMT_EV_AUTH_FAILED,
106 MGMT_EV_DEVICE_FOUND,
107 MGMT_EV_DISCOVERING,
108 MGMT_EV_DEVICE_BLOCKED,
109 MGMT_EV_DEVICE_UNBLOCKED,
110 MGMT_EV_DEVICE_UNPAIRED,
92a25256 111 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 112 MGMT_EV_NEW_IRK,
7ee4ea36 113 MGMT_EV_NEW_CSRK,
e70bb2e8
JH		 114};
115
17b02e62 116#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 117
4b34ee78
JH		 118#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
119 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
120
eec8d2bc
JH		 121struct pending_cmd {
122 struct list_head list;
fc2f4b13 123 u16 opcode;
eec8d2bc 124 int index;
c68fb7ff 125 void *param;
eec8d2bc 126 struct sock *sk;
e9a416b5 127 void *user_data;
eec8d2bc
JH		 128};
129
ca69b795
JH		 130/* HCI to MGMT error code conversion table */
131static u8 mgmt_status_table[] = {
132 MGMT_STATUS_SUCCESS,
133 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
134 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
135 MGMT_STATUS_FAILED, /* Hardware Failure */
136 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
137 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 138 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 139 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
140 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
141 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
142 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
143 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
144 MGMT_STATUS_BUSY, /* Command Disallowed */
145 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
146 MGMT_STATUS_REJECTED, /* Rejected Security */
147 MGMT_STATUS_REJECTED, /* Rejected Personal */
148 MGMT_STATUS_TIMEOUT, /* Host Timeout */
149 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
150 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
151 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
152 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
153 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
154 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
155 MGMT_STATUS_BUSY, /* Repeated Attempts */
156 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
157 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
158 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
159 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
160 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
161 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
162 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
163 MGMT_STATUS_FAILED, /* Unspecified Error */
164 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
165 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
166 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
167 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
168 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
169 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
170 MGMT_STATUS_FAILED, /* Unit Link Key Used */
171 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
172 MGMT_STATUS_TIMEOUT, /* Instant Passed */
173 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
174 MGMT_STATUS_FAILED, /* Transaction Collision */
175 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
176 MGMT_STATUS_REJECTED, /* QoS Rejected */
177 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
178 MGMT_STATUS_REJECTED, /* Insufficient Security */
179 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
180 MGMT_STATUS_BUSY, /* Role Switch Pending */
181 MGMT_STATUS_FAILED, /* Slot Violation */
182 MGMT_STATUS_FAILED, /* Role Switch Failed */
183 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
184 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
185 MGMT_STATUS_BUSY, /* Host Busy Pairing */
186 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
187 MGMT_STATUS_BUSY, /* Controller Busy */
188 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
189 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
190 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
191 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
192 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
193};
194
195static u8 mgmt_status(u8 hci_status)
196{
197 if (hci_status < ARRAY_SIZE(mgmt_status_table))
198 return mgmt_status_table[hci_status];
199
200 return MGMT_STATUS_FAILED;
201}
202
4e51eae9 203static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 204{
205 struct sk_buff *skb;
206 struct mgmt_hdr *hdr;
207 struct mgmt_ev_cmd_status *ev;
56b7d137 208 int err;
f7b64e69 209
34eb525c 210 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 211
790eff44 212 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 213 if (!skb)
214 return -ENOMEM;
215
216 hdr = (void *) skb_put(skb, sizeof(*hdr));
217
dcf4adbf 218 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 219 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 220 hdr->len = cpu_to_le16(sizeof(*ev));
221
222 ev = (void *) skb_put(skb, sizeof(*ev));
223 ev->status = status;
eb55ef07 224 ev->opcode = cpu_to_le16(cmd);
f7b64e69 225
56b7d137
GP		 226 err = sock_queue_rcv_skb(sk, skb);
227 if (err < 0)
f7b64e69
JH		 228 kfree_skb(skb);
229
56b7d137 230 return err;
f7b64e69
JH		 231}
232
aee9b218 233static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 234 void *rp, size_t rp_len)
02d98129
JH		 235{
236 struct sk_buff *skb;
237 struct mgmt_hdr *hdr;
238 struct mgmt_ev_cmd_complete *ev;
56b7d137 239 int err;
02d98129
JH		 240
241 BT_DBG("sock %p", sk);
242
790eff44 243 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 244 if (!skb)
245 return -ENOMEM;
246
247 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 248
dcf4adbf 249 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 250 hdr->index = cpu_to_le16(index);
a38528f1 251 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 252
a38528f1 253 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 254 ev->opcode = cpu_to_le16(cmd);
aee9b218 255 ev->status = status;
8020c16a
SJ		 256
257 if (rp)
258 memcpy(ev->data, rp, rp_len);
02d98129 259
56b7d137
GP		 260 err = sock_queue_rcv_skb(sk, skb);
261 if (err < 0)
02d98129
JH		 262 kfree_skb(skb);
263
e5f0e151 264 return err;
02d98129
JH		 265}
266
04124681
GP		 267static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
268 u16 data_len)
a38528f1
JH		 269{
270 struct mgmt_rp_read_version rp;
271
272 BT_DBG("sock %p", sk);
273
274 rp.version = MGMT_VERSION;
dcf4adbf 275 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 276
aee9b218 277 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 278 sizeof(rp));
a38528f1
JH		 279}
280
04124681
GP		 281static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
282 u16 data_len)
e70bb2e8
JH		 283{
284 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 285 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
286 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 287 __le16 *opcode;
e70bb2e8
JH		 288 size_t rp_size;
289 int i, err;
290
291 BT_DBG("sock %p", sk);
292
293 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
294
295 rp = kmalloc(rp_size, GFP_KERNEL);
296 if (!rp)
297 return -ENOMEM;
298
dcf4adbf
JP		 299 rp->num_commands = cpu_to_le16(num_commands);
300 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 301
302 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
303 put_unaligned_le16(mgmt_commands[i], opcode);
304
305 for (i = 0; i < num_events; i++, opcode++)
306 put_unaligned_le16(mgmt_events[i], opcode);
307
aee9b218 308 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 309 rp_size);
e70bb2e8
JH		 310 kfree(rp);
311
312 return err;
313}
314
04124681
GP		 315static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
316 u16 data_len)
faba42eb 317{
faba42eb 318 struct mgmt_rp_read_index_list *rp;
8035ded4 319 struct hci_dev *d;
a38528f1 320 size_t rp_len;
faba42eb 321 u16 count;
476e44cb 322 int err;
faba42eb
JH		 323
324 BT_DBG("sock %p", sk);
325
326 read_lock(&hci_dev_list_lock);
327
328 count = 0;
bb4b2a9a 329 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 330 if (d->dev_type == HCI_BREDR)
331 count++;
faba42eb
JH		 332 }
333
a38528f1
JH		 334 rp_len = sizeof(*rp) + (2 * count);
335 rp = kmalloc(rp_len, GFP_ATOMIC);
336 if (!rp) {
b2c60d42 337 read_unlock(&hci_dev_list_lock);
faba42eb 338 return -ENOMEM;
b2c60d42 339 }
faba42eb 340
476e44cb 341 count = 0;
8035ded4 342 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 343 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 344 continue;
345
0736cfa8
MH		 346 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
347 continue;
348
1514b892
MH		 349 if (d->dev_type == HCI_BREDR) {
350 rp->index[count++] = cpu_to_le16(d->id);
351 BT_DBG("Added hci%u", d->id);
352 }
faba42eb
JH		 353 }
354
476e44cb
JH		 355 rp->num_controllers = cpu_to_le16(count);
356 rp_len = sizeof(*rp) + (2 * count);
357
faba42eb
JH		 358 read_unlock(&hci_dev_list_lock);
359
aee9b218 360 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 361 rp_len);
faba42eb 362
a38528f1
JH		 363 kfree(rp);
364
365 return err;
faba42eb
JH		 366}
367
69ab39ea
JH		 368static u32 get_supported_settings(struct hci_dev *hdev)
369{
370 u32 settings = 0;
371
372 settings |= MGMT_SETTING_POWERED;
69ab39ea 373 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 374 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 375
ed3fa31f 376 if (lmp_bredr_capable(hdev)) {
33c525c0 377 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 378 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
379 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 380 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 381 settings |= MGMT_SETTING_BREDR;
382 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 383
384 if (lmp_ssp_capable(hdev)) {
385 settings |= MGMT_SETTING_SSP;
386 settings |= MGMT_SETTING_HS;
387 }
e98d2ce2 388
5afeac14 389 if (lmp_sc_capable(hdev) ||
111902f7 390 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 391 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 392 }
d7b7e796 393
eeca6f89 394 if (lmp_le_capable(hdev)) {
9d42820f 395 settings |= MGMT_SETTING_LE;
eeca6f89 396 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 397 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 398 }
69ab39ea
JH		 399
400 return settings;
401}
402
403static u32 get_current_settings(struct hci_dev *hdev)
404{
405 u32 settings = 0;
406
f1f0eb02 407 if (hdev_is_powered(hdev))
f0d4b78a
MH		 408 settings |= MGMT_SETTING_POWERED;
409
5e5282bb 410 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 411 settings |= MGMT_SETTING_CONNECTABLE;
412
1a4d3c4b
JH		 413 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
414 settings |= MGMT_SETTING_FAST_CONNECTABLE;
415
5e5282bb 416 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_DISCOVERABLE;
418
a8b2d5c2 419 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_PAIRABLE;
421
56f87901 422 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_BREDR;
424
06199cf8 425 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LE;
427
47990ea0 428 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_LINK_SECURITY;
430
84bde9d6 431 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 432 settings |= MGMT_SETTING_SSP;
433
6d80dfd0
JH		 434 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
435 settings |= MGMT_SETTING_HS;
436
f3d3444a 437 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 438 settings |= MGMT_SETTING_ADVERTISING;
439
e98d2ce2
MH		 440 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
441 settings |= MGMT_SETTING_SECURE_CONN;
442
0663b297 443 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 444 settings |= MGMT_SETTING_DEBUG_KEYS;
445
0f4bd942
JH		 446 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
447 settings |= MGMT_SETTING_PRIVACY;
448
69ab39ea
JH		 449 return settings;
450}
451
ef580372
JH		 452#define PNP_INFO_SVCLASS_ID 0x1200
453
213202ed
JH		 454static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
455{
456 u8 *ptr = data, *uuids_start = NULL;
457 struct bt_uuid *uuid;
458
459 if (len < 4)
460 return ptr;
461
462 list_for_each_entry(uuid, &hdev->uuids, list) {
463 u16 uuid16;
464
465 if (uuid->size != 16)
466 continue;
467
468 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
469 if (uuid16 < 0x1100)
470 continue;
471
472 if (uuid16 == PNP_INFO_SVCLASS_ID)
473 continue;
474
475 if (!uuids_start) {
476 uuids_start = ptr;
477 uuids_start[0] = 1;
478 uuids_start[1] = EIR_UUID16_ALL;
479 ptr += 2;
480 }
481
482 /* Stop if not enough space to put next UUID */
483 if ((ptr - data) + sizeof(u16) > len) {
484 uuids_start[1] = EIR_UUID16_SOME;
485 break;
486 }
487
488 *ptr++ = (uuid16 & 0x00ff);
489 *ptr++ = (uuid16 & 0xff00) >> 8;
490 uuids_start[0] += sizeof(uuid16);
491 }
492
493 return ptr;
494}
495
cdf1963f
JH		 496static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
497{
498 u8 *ptr = data, *uuids_start = NULL;
499 struct bt_uuid *uuid;
500
501 if (len < 6)
502 return ptr;
503
504 list_for_each_entry(uuid, &hdev->uuids, list) {
505 if (uuid->size != 32)
506 continue;
507
508 if (!uuids_start) {
509 uuids_start = ptr;
510 uuids_start[0] = 1;
511 uuids_start[1] = EIR_UUID32_ALL;
512 ptr += 2;
513 }
514
515 /* Stop if not enough space to put next UUID */
516 if ((ptr - data) + sizeof(u32) > len) {
517 uuids_start[1] = EIR_UUID32_SOME;
518 break;
519 }
520
521 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
522 ptr += sizeof(u32);
523 uuids_start[0] += sizeof(u32);
524 }
525
526 return ptr;
527}
528
c00d575b
JH		 529static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
530{
531 u8 *ptr = data, *uuids_start = NULL;
532 struct bt_uuid *uuid;
533
534 if (len < 18)
535 return ptr;
536
537 list_for_each_entry(uuid, &hdev->uuids, list) {
538 if (uuid->size != 128)
539 continue;
540
541 if (!uuids_start) {
542 uuids_start = ptr;
543 uuids_start[0] = 1;
544 uuids_start[1] = EIR_UUID128_ALL;
545 ptr += 2;
546 }
547
548 /* Stop if not enough space to put next UUID */
549 if ((ptr - data) + 16 > len) {
550 uuids_start[1] = EIR_UUID128_SOME;
551 break;
552 }
553
554 memcpy(ptr, uuid->uuid, 16);
555 ptr += 16;
556 uuids_start[0] += 16;
557 }
558
559 return ptr;
560}
561
eb2a8d20
JH		 562static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
563{
564 struct pending_cmd *cmd;
565
566 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
567 if (cmd->opcode == opcode)
568 return cmd;
569 }
570
571 return NULL;
572}
573
f14d8f64
MH		 574static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
575{
7a5f4990
MH		 576 u8 ad_len = 0;
577 size_t name_len;
578
579 name_len = strlen(hdev->dev_name);
580 if (name_len > 0) {
581 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
582
583 if (name_len > max_len) {
584 name_len = max_len;
585 ptr[1] = EIR_NAME_SHORT;
586 } else
587 ptr[1] = EIR_NAME_COMPLETE;
588
589 ptr[0] = name_len + 1;
590
591 memcpy(ptr + 2, hdev->dev_name, name_len);
592
593 ad_len += (name_len + 2);
594 ptr += (name_len + 2);
595 }
596
597 return ad_len;
f14d8f64
MH		 598}
599
600static void update_scan_rsp_data(struct hci_request *req)
601{
602 struct hci_dev *hdev = req->hdev;
603 struct hci_cp_le_set_scan_rsp_data cp;
604 u8 len;
605
7751ef1b 606 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 607 return;
608
609 memset(&cp, 0, sizeof(cp));
610
611 len = create_scan_rsp_data(hdev, cp.data);
612
eb438b5f
JH		 613 if (hdev->scan_rsp_data_len == len &&
614 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 615 return;
616
eb438b5f
JH		 617 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
618 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 619
620 cp.length = len;
621
622 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
623}
624
9a43e25f
JH		 625static u8 get_adv_discov_flags(struct hci_dev *hdev)
626{
627 struct pending_cmd *cmd;
628
629 /* If there's a pending mgmt command the flags will not yet have
630 * their final values, so check for this first.
631 */
632 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
633 if (cmd) {
634 struct mgmt_mode *cp = cmd->param;
635 if (cp->val == 0x01)
636 return LE_AD_GENERAL;
637 else if (cp->val == 0x02)
638 return LE_AD_LIMITED;
639 } else {
640 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
641 return LE_AD_LIMITED;
642 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
643 return LE_AD_GENERAL;
644 }
645
646 return 0;
647}
648
46cad2ed 649static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 650{
651 u8 ad_len = 0, flags = 0;
441ad2d0 652
9a43e25f 653 flags |= get_adv_discov_flags(hdev);
441ad2d0 654
e834004b 655 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 656 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 657
658 if (flags) {
659 BT_DBG("adv flags 0x%02x", flags);
660
661 ptr[0] = 2;
662 ptr[1] = EIR_FLAGS;
663 ptr[2] = flags;
664
665 ad_len += 3;
666 ptr += 3;
667 }
668
669 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
670 ptr[0] = 2;
671 ptr[1] = EIR_TX_POWER;
672 ptr[2] = (u8) hdev->adv_tx_power;
673
674 ad_len += 3;
675 ptr += 3;
676 }
677
441ad2d0
MH		 678 return ad_len;
679}
680
5947f4bc 681static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 682{
683 struct hci_dev *hdev = req->hdev;
684 struct hci_cp_le_set_adv_data cp;
685 u8 len;
686
10994ce6 687 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 688 return;
689
690 memset(&cp, 0, sizeof(cp));
691
46cad2ed 692 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 693
694 if (hdev->adv_data_len == len &&
695 memcmp(cp.data, hdev->adv_data, len) == 0)
696 return;
697
698 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
699 hdev->adv_data_len = len;
700
701 cp.length = len;
702
703 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
704}
705
ef580372
JH		 706static void create_eir(struct hci_dev *hdev, u8 *data)
707{
708 u8 *ptr = data;
ef580372
JH		 709 size_t name_len;
710
711 name_len = strlen(hdev->dev_name);
712
713 if (name_len > 0) {
714 /* EIR Data type */
715 if (name_len > 48) {
716 name_len = 48;
717 ptr[1] = EIR_NAME_SHORT;
718 } else
719 ptr[1] = EIR_NAME_COMPLETE;
720
721 /* EIR Data length */
722 ptr[0] = name_len + 1;
723
724 memcpy(ptr + 2, hdev->dev_name, name_len);
725
ef580372
JH		 726 ptr += (name_len + 2);
727 }
728
bbaf444a 729 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 730 ptr[0] = 2;
731 ptr[1] = EIR_TX_POWER;
732 ptr[2] = (u8) hdev->inq_tx_power;
733
91c4e9b1
MH		 734 ptr += 3;
735 }
736
2b9be137
MH		 737 if (hdev->devid_source > 0) {
738 ptr[0] = 9;
739 ptr[1] = EIR_DEVICE_ID;
740
741 put_unaligned_le16(hdev->devid_source, ptr + 2);
742 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
743 put_unaligned_le16(hdev->devid_product, ptr + 6);
744 put_unaligned_le16(hdev->devid_version, ptr + 8);
745
2b9be137
MH		 746 ptr += 10;
747 }
748
213202ed 749 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 750 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 751 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 752}
753
890ea898 754static void update_eir(struct hci_request *req)
ef580372 755{
890ea898 756 struct hci_dev *hdev = req->hdev;
ef580372
JH		 757 struct hci_cp_write_eir cp;
758
504c8dcd 759 if (!hdev_is_powered(hdev))
890ea898 760 return;
7770c4aa 761
976eb20e 762 if (!lmp_ext_inq_capable(hdev))
890ea898 763 return;
ef580372 764
84bde9d6 765 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 766 return;
ef580372 767
a8b2d5c2 768 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 769 return;
ef580372
JH		 770
771 memset(&cp, 0, sizeof(cp));
772
773 create_eir(hdev, cp.data);
774
775 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 776 return;
ef580372
JH		 777
778 memcpy(hdev->eir, cp.data, sizeof(cp.data));
779
890ea898 780 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 781}
782
783static u8 get_service_classes(struct hci_dev *hdev)
784{
785 struct bt_uuid *uuid;
786 u8 val = 0;
787
788 list_for_each_entry(uuid, &hdev->uuids, list)
789 val |= uuid->svc_hint;
790
791 return val;
792}
793
890ea898 794static void update_class(struct hci_request *req)
ef580372 795{
890ea898 796 struct hci_dev *hdev = req->hdev;
ef580372
JH		 797 u8 cod[3];
798
799 BT_DBG("%s", hdev->name);
800
504c8dcd 801 if (!hdev_is_powered(hdev))
890ea898 802 return;
7770c4aa 803
f87ea1da
JH		 804 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
805 return;
806
a8b2d5c2 807 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 808 return;
ef580372
JH		 809
810 cod[0] = hdev->minor_class;
811 cod[1] = hdev->major_class;
812 cod[2] = get_service_classes(hdev);
813
6acd7db4
MH		 814 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
815 cod[1] |= 0x20;
816
ef580372 817 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 818 return;
ef580372 819
890ea898 820 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 821}
822
a4858cb9 823static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 824{
825 struct pending_cmd *cmd;
199a2fb1
JH		 826
827 /* If there's a pending mgmt command the flag will not yet have
828 * it's final value, so check for this first.
829 */
830 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
831 if (cmd) {
832 struct mgmt_mode *cp = cmd->param;
a4858cb9 833 return cp->val;
199a2fb1
JH		 834 }
835
a4858cb9 836 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 837}
838
839static void enable_advertising(struct hci_request *req)
840{
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
8f2a0601 843 u8 own_addr_type, enable = 0x01;
a4858cb9 844 bool connectable;
199a2fb1 845
8d97250e
JH		 846 /* Clear the HCI_ADVERTISING bit temporarily so that the
847 * hci_update_random_address knows that it's safe to go ahead
848 * and write a new random address. The flag will be set back on
849 * as soon as the SET_ADV_ENABLE HCI command completes.
850 */
851 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
852
a4858cb9 853 connectable = get_connectable(hdev);
8f2a0601 854
a4858cb9
JH		 855 /* Set require_privacy to true only when non-connectable
856 * advertising is used. In that case it is fine to use a
857 * non-resolvable private address.
858 */
859 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 860 return;
861
41c90c18 862 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 863 cp.min_interval = cpu_to_le16(0x0800);
864 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 865 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 866 cp.own_address_type = own_addr_type;
199a2fb1
JH		 867 cp.channel_map = hdev->le_adv_channel_map;
868
869 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
870
871 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
872}
873
874static void disable_advertising(struct hci_request *req)
875{
876 u8 enable = 0x00;
877
878 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
879}
880
7d78525d
JH		 881static void service_cache_off(struct work_struct *work)
882{
883 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 884 service_cache.work);
890ea898 885 struct hci_request req;
7d78525d 886
a8b2d5c2 887 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 888 return;
889
890ea898
JH		 890 hci_req_init(&req, hdev);
891
7d78525d
JH		 892 hci_dev_lock(hdev);
893
890ea898
JH		 894 update_eir(&req);
895 update_class(&req);
7d78525d
JH		 896
897 hci_dev_unlock(hdev);
890ea898
JH		 898
899 hci_req_run(&req, NULL);
7d78525d
JH		 900}
901
d6bfd59c
JH		 902static void rpa_expired(struct work_struct *work)
903{
904 struct hci_dev *hdev = container_of(work, struct hci_dev,
905 rpa_expired.work);
906 struct hci_request req;
907
908 BT_DBG("");
909
910 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
911
912 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
913 hci_conn_num(hdev, LE_LINK) > 0)
914 return;
915
916 /* The generation of a new RPA and programming it into the
917 * controller happens in the enable_advertising() function.
918 */
919
920 hci_req_init(&req, hdev);
921
922 disable_advertising(&req);
923 enable_advertising(&req);
924
925 hci_req_run(&req, NULL);
926}
927
6a919082 928static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 929{
4f87da80 930 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 931 return;
932
4f87da80 933 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 934 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 935
4f87da80
JH		 936 /* Non-mgmt controlled devices get this bit set
937 * implicitly so that pairing works for them, however
938 * for mgmt we require user-space to explicitly enable
939 * it
940 */
941 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 942}
943
0f4e68cf 944static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 945 void *data, u16 data_len)
0381101f 946{
a38528f1 947 struct mgmt_rp_read_info rp;
f7b64e69 948
bdb6d971 949 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 950
09fd0de5 951 hci_dev_lock(hdev);
f7b64e69 952
dc4fe30b
JH		 953 memset(&rp, 0, sizeof(rp));
954
69ab39ea 955 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 956
69ab39ea 957 rp.version = hdev->hci_ver;
eb55ef07 958 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 959
960 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
961 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 962
a38528f1 963 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 964
dc4fe30b 965 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 966 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 967
09fd0de5 968 hci_dev_unlock(hdev);
0381101f 969
bdb6d971 970 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 971 sizeof(rp));
0381101f
JH		 972}
973
eec8d2bc
JH		 974static void mgmt_pending_free(struct pending_cmd *cmd)
975{
976 sock_put(cmd->sk);
c68fb7ff 977 kfree(cmd->param);
eec8d2bc
JH		 978 kfree(cmd);
979}
980
366a0336 981static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 982 struct hci_dev *hdev, void *data,
983 u16 len)
eec8d2bc
JH		 984{
985 struct pending_cmd *cmd;
986
12b94565 987 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 988 if (!cmd)
366a0336 989 return NULL;
eec8d2bc
JH		 990
991 cmd->opcode = opcode;
2e58ef3e 992 cmd->index = hdev->id;
eec8d2bc 993
12b94565 994 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 995 if (!cmd->param) {
eec8d2bc 996 kfree(cmd);
366a0336 997 return NULL;
eec8d2bc
JH		 998 }
999
8fce6357
SJ		 1000 if (data)
1001 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1002
1003 cmd->sk = sk;
1004 sock_hold(sk);
1005
2e58ef3e 1006 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1007
366a0336 1008 return cmd;
eec8d2bc
JH		 1009}
1010
744cf19e 1011static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1012 void (*cb)(struct pending_cmd *cmd,
1013 void *data),
04124681 1014 void *data)
eec8d2bc 1015{
a3d09356 1016 struct pending_cmd *cmd, *tmp;
eec8d2bc 1017
a3d09356 1018 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1019 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1020 continue;
1021
eec8d2bc
JH		 1022 cb(cmd, data);
1023 }
1024}
1025
a664b5bc 1026static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1027{
73f22f62
JH		 1028 list_del(&cmd->list);
1029 mgmt_pending_free(cmd);
1030}
1031
69ab39ea 1032static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1033{
69ab39ea 1034 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1035
aee9b218 1036 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1037 sizeof(settings));
8680570b
JH		 1038}
1039
8b064a3a
JH		 1040static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1041{
1042 BT_DBG("%s status 0x%02x", hdev->name, status);
1043
a3172b7e
JH		 1044 if (hci_conn_count(hdev) == 0) {
1045 cancel_delayed_work(&hdev->power_off);
8b064a3a 1046 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1047 }
8b064a3a
JH		 1048}
1049
21a60d30
JH		 1050static void hci_stop_discovery(struct hci_request *req)
1051{
1052 struct hci_dev *hdev = req->hdev;
1053 struct hci_cp_remote_name_req_cancel cp;
1054 struct inquiry_entry *e;
1055
1056 switch (hdev->discovery.state) {
1057 case DISCOVERY_FINDING:
1058 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1059 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1060 } else {
1061 cancel_delayed_work(&hdev->le_scan_disable);
1062 hci_req_add_le_scan_disable(req);
1063 }
1064
1065 break;
1066
1067 case DISCOVERY_RESOLVING:
1068 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1069 NAME_PENDING);
1070 if (!e)
1071 return;
1072
1073 bacpy(&cp.bdaddr, &e->data.bdaddr);
1074 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1075 &cp);
1076
1077 break;
1078
1079 default:
1080 /* Passive scanning */
1081 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1082 hci_req_add_le_scan_disable(req);
1083 break;
1084 }
1085}
1086
8b064a3a
JH		 1087static int clean_up_hci_state(struct hci_dev *hdev)
1088{
1089 struct hci_request req;
1090 struct hci_conn *conn;
1091
1092 hci_req_init(&req, hdev);
1093
1094 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1095 test_bit(HCI_PSCAN, &hdev->flags)) {
1096 u8 scan = 0x00;
1097 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1098 }
1099
1100 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1101 disable_advertising(&req);
1102
f8680f12 1103 hci_stop_discovery(&req);
8b064a3a
JH		 1104
1105 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1106 struct hci_cp_disconnect dc;
c9910d0f
JH		 1107 struct hci_cp_reject_conn_req rej;
1108
1109 switch (conn->state) {
1110 case BT_CONNECTED:
1111 case BT_CONFIG:
1112 dc.handle = cpu_to_le16(conn->handle);
1113 dc.reason = 0x15; /* Terminated due to Power Off */
1114 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1115 break;
1116 case BT_CONNECT:
1117 if (conn->type == LE_LINK)
1118 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1119 0, NULL);
1120 else if (conn->type == ACL_LINK)
1121 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1122 6, &conn->dst);
1123 break;
1124 case BT_CONNECT2:
1125 bacpy(&rej.bdaddr, &conn->dst);
1126 rej.reason = 0x15; /* Terminated due to Power Off */
1127 if (conn->type == ACL_LINK)
1128 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1129 sizeof(rej), &rej);
1130 else if (conn->type == SCO_LINK)
1131 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1132 sizeof(rej), &rej);
1133 break;
1134 }
8b064a3a
JH		 1135 }
1136
1137 return hci_req_run(&req, clean_up_hci_complete);
1138}
1139
bdb6d971 1140static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1141 u16 len)
eec8d2bc 1142{
650f726d 1143 struct mgmt_mode *cp = data;
366a0336 1144 struct pending_cmd *cmd;
4b34ee78 1145 int err;
eec8d2bc 1146
bdb6d971 1147 BT_DBG("request for %s", hdev->name);
eec8d2bc 1148
a7e80f25
JH		 1149 if (cp->val != 0x00 && cp->val != 0x01)
1150 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1151 MGMT_STATUS_INVALID_PARAMS);
1152
09fd0de5 1153 hci_dev_lock(hdev);
eec8d2bc 1154
87b95ba6
JH		 1155 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1156 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1157 MGMT_STATUS_BUSY);
1158 goto failed;
1159 }
1160
f0d4b78a
MH		 1161 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1162 cancel_delayed_work(&hdev->power_off);
1163
1164 if (cp->val) {
a1d70450
JH		 1165 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1166 data, len);
1167 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1168 goto failed;
1169 }
1170 }
1171
4b34ee78 1172 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1173 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1174 goto failed;
1175 }
1176
2e58ef3e 1177 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1178 if (!cmd) {
1179 err = -ENOMEM;
eec8d2bc 1180 goto failed;
366a0336 1181 }
eec8d2bc 1182
8b064a3a 1183 if (cp->val) {
19202573 1184 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1185 err = 0;
1186 } else {
1187 /* Disconnect connections, stop scans, etc */
1188 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1189 if (!err)
1190 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1191 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1192
8b064a3a
JH		 1193 /* ENODATA means there were no HCI commands queued */
1194 if (err == -ENODATA) {
a3172b7e 1195 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1196 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1197 err = 0;
1198 }
1199 }
eec8d2bc
JH		 1200
1201failed:
09fd0de5 1202 hci_dev_unlock(hdev);
366a0336 1203 return err;
eec8d2bc
JH		 1204}
1205
04124681
GP		 1206static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1207 struct sock *skip_sk)
beadb2bd
JH		 1208{
1209 struct sk_buff *skb;
1210 struct mgmt_hdr *hdr;
1211
790eff44 1212 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1213 if (!skb)
1214 return -ENOMEM;
1215
1216 hdr = (void *) skb_put(skb, sizeof(*hdr));
1217 hdr->opcode = cpu_to_le16(event);
1218 if (hdev)
1219 hdr->index = cpu_to_le16(hdev->id);
1220 else
dcf4adbf 1221 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1222 hdr->len = cpu_to_le16(data_len);
1223
1224 if (data)
1225 memcpy(skb_put(skb, data_len), data, data_len);
1226
97e0bdeb
MH		 1227 /* Time stamp */
1228 __net_timestamp(skb);
1229
beadb2bd
JH		 1230 hci_send_to_control(skb, skip_sk);
1231 kfree_skb(skb);
1232
1233 return 0;
1234}
1235
1236static int new_settings(struct hci_dev *hdev, struct sock *skip)
1237{
1238 __le32 ev;
1239
1240 ev = cpu_to_le32(get_current_settings(hdev));
1241
1242 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1243}
1244
bd99abdd
JH		 1245struct cmd_lookup {
1246 struct sock *sk;
1247 struct hci_dev *hdev;
1248 u8 mgmt_status;
1249};
1250
1251static void settings_rsp(struct pending_cmd *cmd, void *data)
1252{
1253 struct cmd_lookup *match = data;
1254
1255 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1256
1257 list_del(&cmd->list);
1258
1259 if (match->sk == NULL) {
1260 match->sk = cmd->sk;
1261 sock_hold(match->sk);
1262 }
1263
1264 mgmt_pending_free(cmd);
1265}
1266
1267static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1268{
1269 u8 *status = data;
1270
1271 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1272 mgmt_pending_remove(cmd);
1273}
1274
e6fe7986
JH		 1275static u8 mgmt_bredr_support(struct hci_dev *hdev)
1276{
1277 if (!lmp_bredr_capable(hdev))
1278 return MGMT_STATUS_NOT_SUPPORTED;
1279 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1280 return MGMT_STATUS_REJECTED;
1281 else
1282 return MGMT_STATUS_SUCCESS;
1283}
1284
1285static u8 mgmt_le_support(struct hci_dev *hdev)
1286{
1287 if (!lmp_le_capable(hdev))
1288 return MGMT_STATUS_NOT_SUPPORTED;
1289 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1290 return MGMT_STATUS_REJECTED;
1291 else
1292 return MGMT_STATUS_SUCCESS;
1293}
1294
bfaf8c9f
JH		 1295static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1296{
1297 struct pending_cmd *cmd;
1298 struct mgmt_mode *cp;
970ba524 1299 struct hci_request req;
bfaf8c9f
JH		 1300 bool changed;
1301
1302 BT_DBG("status 0x%02x", status);
1303
1304 hci_dev_lock(hdev);
1305
1306 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1307 if (!cmd)
1308 goto unlock;
1309
1310 if (status) {
1311 u8 mgmt_err = mgmt_status(status);
1312 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1313 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1314 goto remove_cmd;
1315 }
1316
1317 cp = cmd->param;
d4462a07 1318 if (cp->val) {
bfaf8c9f
JH		 1319 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1320 &hdev->dev_flags);
d4462a07
MH		 1321
1322 if (hdev->discov_timeout > 0) {
1323 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1324 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1325 to);
1326 }
1327 } else {
bfaf8c9f
JH		 1328 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1329 &hdev->dev_flags);
d4462a07 1330 }
bfaf8c9f
JH		 1331
1332 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1333
1334 if (changed)
1335 new_settings(hdev, cmd->sk);
1336
970ba524
MH		 1337 /* When the discoverable mode gets changed, make sure
1338 * that class of device has the limited discoverable
1339 * bit correctly set.
1340 */
1341 hci_req_init(&req, hdev);
1342 update_class(&req);
1343 hci_req_run(&req, NULL);
1344
bfaf8c9f
JH		 1345remove_cmd:
1346 mgmt_pending_remove(cmd);
1347
1348unlock:
1349 hci_dev_unlock(hdev);
1350}
1351
bdb6d971 1352static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1353 u16 len)
73f22f62 1354{
650f726d 1355 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1356 struct pending_cmd *cmd;
bfaf8c9f 1357 struct hci_request req;
5e5282bb 1358 u16 timeout;
9a43e25f 1359 u8 scan;
73f22f62
JH		 1360 int err;
1361
bdb6d971 1362 BT_DBG("request for %s", hdev->name);
73f22f62 1363
9a43e25f
JH		 1364 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1365 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1366 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1367 MGMT_STATUS_REJECTED);
33c525c0 1368
310a3d48 1369 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1370 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1371 MGMT_STATUS_INVALID_PARAMS);
1372
1f350c87 1373 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1374
1375 /* Disabling discoverable requires that no timeout is set,
1376 * and enabling limited discoverable requires a timeout.
1377 */
1378 if ((cp->val == 0x00 && timeout > 0) ||
1379 (cp->val == 0x02 && timeout == 0))
bdb6d971 1380 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1381 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1382
09fd0de5 1383 hci_dev_lock(hdev);
73f22f62 1384
5e5282bb 1385 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1386 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1387 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1388 goto failed;
1389 }
1390
2e58ef3e 1391 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1392 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1393 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1394 MGMT_STATUS_BUSY);
73f22f62
JH		 1395 goto failed;
1396 }
1397
5e5282bb 1398 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1399 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1400 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1401 goto failed;
1402 }
1403
1404 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1405 bool changed = false;
1406
310a3d48
MH		 1407 /* Setting limited discoverable when powered off is
1408 * not a valid operation since it requires a timeout
1409 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1410 */
0224d2fa
JH		 1411 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1412 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1413 changed = true;
1414 }
1415
5e5282bb 1416 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1417 if (err < 0)
1418 goto failed;
1419
1420 if (changed)
1421 err = new_settings(hdev, sk);
1422
5e5282bb
JH		 1423 goto failed;
1424 }
1425
310a3d48
MH		 1426 /* If the current mode is the same, then just update the timeout
1427 * value with the new value. And if only the timeout gets updated,
1428 * then no need for any HCI transactions.
1429 */
1430 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1431 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1432 &hdev->dev_flags)) {
36261547
MH		 1433 cancel_delayed_work(&hdev->discov_off);
1434 hdev->discov_timeout = timeout;
955638ec 1435
36261547
MH		 1436 if (cp->val && hdev->discov_timeout > 0) {
1437 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1438 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1439 to);
955638ec
MH		 1440 }
1441
69ab39ea 1442 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1443 goto failed;
1444 }
1445
2e58ef3e 1446 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1447 if (!cmd) {
1448 err = -ENOMEM;
73f22f62 1449 goto failed;
366a0336 1450 }
73f22f62 1451
310a3d48
MH		 1452 /* Cancel any potential discoverable timeout that might be
1453 * still active and store new timeout value. The arming of
1454 * the timeout happens in the complete handler.
1455 */
1456 cancel_delayed_work(&hdev->discov_off);
1457 hdev->discov_timeout = timeout;
1458
b456f87c
JH		 1459 /* Limited discoverable mode */
1460 if (cp->val == 0x02)
1461 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1462 else
1463 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1464
bfaf8c9f
JH		 1465 hci_req_init(&req, hdev);
1466
9a43e25f
JH		 1467 /* The procedure for LE-only controllers is much simpler - just
1468 * update the advertising data.
1469 */
1470 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1471 goto update_ad;
1472
73f22f62
JH		 1473 scan = SCAN_PAGE;
1474
310a3d48
MH		 1475 if (cp->val) {
1476 struct hci_cp_write_current_iac_lap hci_cp;
1477
1478 if (cp->val == 0x02) {
1479 /* Limited discoverable mode */
33337dcb 1480 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1481 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1482 hci_cp.iac_lap[1] = 0x8b;
1483 hci_cp.iac_lap[2] = 0x9e;
1484 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1485 hci_cp.iac_lap[4] = 0x8b;
1486 hci_cp.iac_lap[5] = 0x9e;
1487 } else {
1488 /* General discoverable mode */
310a3d48
MH		 1489 hci_cp.num_iac = 1;
1490 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1491 hci_cp.iac_lap[1] = 0x8b;
1492 hci_cp.iac_lap[2] = 0x9e;
1493 }
1494
1495 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1496 (hci_cp.num_iac * 3) + 1, &hci_cp);
1497
73f22f62 1498 scan |= SCAN_INQUIRY;
310a3d48
MH		 1499 } else {
1500 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1501 }
73f22f62 1502
310a3d48 1503 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1504
9a43e25f
JH		 1505update_ad:
1506 update_adv_data(&req);
1507
bfaf8c9f 1508 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1509 if (err < 0)
a664b5bc 1510 mgmt_pending_remove(cmd);
73f22f62
JH		 1511
1512failed:
09fd0de5 1513 hci_dev_unlock(hdev);
73f22f62
JH		 1514 return err;
1515}
1516
406d7804
JH		 1517static void write_fast_connectable(struct hci_request *req, bool enable)
1518{
bd98b996 1519 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1520 struct hci_cp_write_page_scan_activity acp;
1521 u8 type;
1522
547003b1
JH		 1523 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1524 return;
1525
4c01f8b8
JH		 1526 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1527 return;
1528
406d7804
JH		 1529 if (enable) {
1530 type = PAGE_SCAN_TYPE_INTERLACED;
1531
1532 /* 160 msec page scan interval */
dcf4adbf 1533 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1534 } else {
1535 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1536
1537 /* default 1.28 sec page scan */
dcf4adbf 1538 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1539 }
1540
dcf4adbf 1541 acp.window = cpu_to_le16(0x0012);
406d7804 1542
bd98b996
JH		 1543 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1544 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1545 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1546 sizeof(acp), &acp);
1547
1548 if (hdev->page_scan_type != type)
1549 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1550}
1551
2b76f453
JH		 1552static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1553{
1554 struct pending_cmd *cmd;
d7b856f9
JH		 1555 struct mgmt_mode *cp;
1556 bool changed;
2b76f453
JH		 1557
1558 BT_DBG("status 0x%02x", status);
1559
1560 hci_dev_lock(hdev);
1561
1562 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1563 if (!cmd)
1564 goto unlock;
1565
37438c1f
JH		 1566 if (status) {
1567 u8 mgmt_err = mgmt_status(status);
1568 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1569 goto remove_cmd;
1570 }
1571
d7b856f9
JH		 1572 cp = cmd->param;
1573 if (cp->val)
1574 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1575 else
1576 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1577
2b76f453
JH		 1578 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1579
d7b856f9
JH		 1580 if (changed)
1581 new_settings(hdev, cmd->sk);
1582
37438c1f 1583remove_cmd:
2b76f453
JH		 1584 mgmt_pending_remove(cmd);
1585
1586unlock:
1587 hci_dev_unlock(hdev);
1588}
1589
e8ba3a1f
JH		 1590static int set_connectable_update_settings(struct hci_dev *hdev,
1591 struct sock *sk, u8 val)
1592{
1593 bool changed = false;
1594 int err;
1595
1596 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1597 changed = true;
1598
1599 if (val) {
1600 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1601 } else {
1602 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1603 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1604 }
1605
1606 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1607 if (err < 0)
1608 return err;
1609
1610 if (changed)
1611 return new_settings(hdev, sk);
1612
1613 return 0;
1614}
1615
bdb6d971 1616static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1617 u16 len)
9fbcbb45 1618{
650f726d 1619 struct mgmt_mode *cp = data;
366a0336 1620 struct pending_cmd *cmd;
2b76f453 1621 struct hci_request req;
1987fdc7 1622 u8 scan;
9fbcbb45
JH		 1623 int err;
1624
bdb6d971 1625 BT_DBG("request for %s", hdev->name);
9fbcbb45 1626
1987fdc7
JH		 1627 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1628 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1629 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1630 MGMT_STATUS_REJECTED);
33c525c0 1631
a7e80f25
JH		 1632 if (cp->val != 0x00 && cp->val != 0x01)
1633 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1634 MGMT_STATUS_INVALID_PARAMS);
1635
09fd0de5 1636 hci_dev_lock(hdev);
9fbcbb45 1637
4b34ee78 1638 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1639 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1640 goto failed;
1641 }
1642
2e58ef3e 1643 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1644 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1645 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1646 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1647 goto failed;
1648 }
1649
2e58ef3e 1650 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1651 if (!cmd) {
1652 err = -ENOMEM;
9fbcbb45 1653 goto failed;
366a0336 1654 }
9fbcbb45 1655
9b74246f 1656 hci_req_init(&req, hdev);
9fbcbb45 1657
9a43e25f
JH		 1658 /* If BR/EDR is not enabled and we disable advertising as a
1659 * by-product of disabling connectable, we need to update the
1660 * advertising flags.
1661 */
1662 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1663 if (!cp->val) {
1664 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1665 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1666 }
1667 update_adv_data(&req);
1668 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1669 if (cp->val) {
1670 scan = SCAN_PAGE;
1671 } else {
1672 scan = 0;
1673
1674 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1675 hdev->discov_timeout > 0)
9b74246f
JH		 1676 cancel_delayed_work(&hdev->discov_off);
1677 }
2b76f453 1678
9b74246f
JH		 1679 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1680 }
2b76f453 1681
4c01f8b8
JH		 1682 /* If we're going from non-connectable to connectable or
1683 * vice-versa when fast connectable is enabled ensure that fast
1684 * connectable gets disabled. write_fast_connectable won't do
1685 * anything if the page scan parameters are already what they
1686 * should be.
1687 */
1688 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1689 write_fast_connectable(&req, false);
1690
1987fdc7
JH		 1691 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1692 hci_conn_num(hdev, LE_LINK) == 0) {
1693 disable_advertising(&req);
1694 enable_advertising(&req);
1695 }
1696
2b76f453 1697 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1698 if (err < 0) {
a664b5bc 1699 mgmt_pending_remove(cmd);
9b74246f 1700 if (err == -ENODATA)
a81070ba
JH		 1701 err = set_connectable_update_settings(hdev, sk,
1702 cp->val);
9b74246f
JH		 1703 goto failed;
1704 }
9fbcbb45
JH		 1705
1706failed:
09fd0de5 1707 hci_dev_unlock(hdev);
9fbcbb45
JH		 1708 return err;
1709}
1710
bdb6d971 1711static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1712 u16 len)
c542a06c 1713{
650f726d 1714 struct mgmt_mode *cp = data;
55594356 1715 bool changed;
c542a06c
JH		 1716 int err;
1717
bdb6d971 1718 BT_DBG("request for %s", hdev->name);
c542a06c 1719
a7e80f25
JH		 1720 if (cp->val != 0x00 && cp->val != 0x01)
1721 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1722 MGMT_STATUS_INVALID_PARAMS);
1723
09fd0de5 1724 hci_dev_lock(hdev);
c542a06c
JH		 1725
1726 if (cp->val)
55594356 1727 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1728 else
55594356 1729 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1730
69ab39ea 1731 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1732 if (err < 0)
55594356 1733 goto unlock;
c542a06c 1734
55594356
MH		 1735 if (changed)
1736 err = new_settings(hdev, sk);
c542a06c 1737
55594356 1738unlock:
09fd0de5 1739 hci_dev_unlock(hdev);
c542a06c
JH		 1740 return err;
1741}
1742
04124681
GP		 1743static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1744 u16 len)
33ef95ed
JH		 1745{
1746 struct mgmt_mode *cp = data;
1747 struct pending_cmd *cmd;
e6fe7986 1748 u8 val, status;
33ef95ed
JH		 1749 int err;
1750
bdb6d971 1751 BT_DBG("request for %s", hdev->name);
33ef95ed 1752
e6fe7986
JH		 1753 status = mgmt_bredr_support(hdev);
1754 if (status)
33c525c0 1755 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1756 status);
33c525c0 1757
a7e80f25
JH		 1758 if (cp->val != 0x00 && cp->val != 0x01)
1759 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1760 MGMT_STATUS_INVALID_PARAMS);
1761
33ef95ed
JH		 1762 hci_dev_lock(hdev);
1763
4b34ee78 1764 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1765 bool changed = false;
1766
1767 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1768 &hdev->dev_flags)) {
47990ea0
JH		 1769 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1770 changed = true;
1771 }
1772
1773 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1774 if (err < 0)
1775 goto failed;
1776
1777 if (changed)
1778 err = new_settings(hdev, sk);
1779
33ef95ed
JH		 1780 goto failed;
1781 }
1782
1783 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1784 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1785 MGMT_STATUS_BUSY);
33ef95ed
JH		 1786 goto failed;
1787 }
1788
1789 val = !!cp->val;
1790
1791 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1792 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1793 goto failed;
1794 }
1795
1796 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1797 if (!cmd) {
1798 err = -ENOMEM;
1799 goto failed;
1800 }
1801
1802 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1803 if (err < 0) {
1804 mgmt_pending_remove(cmd);
1805 goto failed;
1806 }
1807
1808failed:
1809 hci_dev_unlock(hdev);
33ef95ed
JH		 1810 return err;
1811}
1812
bdb6d971 1813static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1814{
1815 struct mgmt_mode *cp = data;
1816 struct pending_cmd *cmd;
72ef0c1a 1817 u8 status;
ed2c4ee3
JH		 1818 int err;
1819
bdb6d971 1820 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1821
cdba5281
MH		 1822 status = mgmt_bredr_support(hdev);
1823 if (status)
1824 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1825
13ecd8b6
JH		 1826 if (!lmp_ssp_capable(hdev))
1827 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1828 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1829
a7e80f25
JH		 1830 if (cp->val != 0x00 && cp->val != 0x01)
1831 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1832 MGMT_STATUS_INVALID_PARAMS);
1833
13ecd8b6 1834 hci_dev_lock(hdev);
6c8f12c1 1835
4b34ee78 1836 if (!hdev_is_powered(hdev)) {
9ecb3e24 1837 bool changed;
c0ecddc2 1838
9ecb3e24
MH		 1839 if (cp->val) {
1840 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1841 &hdev->dev_flags);
1842 } else {
1843 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1844 &hdev->dev_flags);
1845 if (!changed)
1846 changed = test_and_clear_bit(HCI_HS_ENABLED,
1847 &hdev->dev_flags);
1848 else
1849 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1850 }
1851
1852 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1853 if (err < 0)
1854 goto failed;
1855
1856 if (changed)
1857 err = new_settings(hdev, sk);
1858
ed2c4ee3
JH		 1859 goto failed;
1860 }
1861
9ecb3e24
MH		 1862 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1863 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1864 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1865 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1866 goto failed;
1867 }
1868
72ef0c1a 1869 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1870 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1871 goto failed;
1872 }
1873
1874 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1875 if (!cmd) {
1876 err = -ENOMEM;
1877 goto failed;
1878 }
1879
3769972b
JH		 1880 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1881 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1882 sizeof(cp->val), &cp->val);
1883
72ef0c1a 1884 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1885 if (err < 0) {
1886 mgmt_pending_remove(cmd);
1887 goto failed;
1888 }
1889
1890failed:
1891 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1892 return err;
1893}
1894
bdb6d971 1895static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1896{
1897 struct mgmt_mode *cp = data;
ee392693 1898 bool changed;
e6fe7986 1899 u8 status;
ee392693 1900 int err;
6d80dfd0 1901
bdb6d971 1902 BT_DBG("request for %s", hdev->name);
6d80dfd0 1903
e6fe7986
JH		 1904 status = mgmt_bredr_support(hdev);
1905 if (status)
1906 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1907
9ecb3e24
MH		 1908 if (!lmp_ssp_capable(hdev))
1909 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1910 MGMT_STATUS_NOT_SUPPORTED);
1911
1912 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1913 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1914 MGMT_STATUS_REJECTED);
1915
a7e80f25
JH		 1916 if (cp->val != 0x00 && cp->val != 0x01)
1917 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1918 MGMT_STATUS_INVALID_PARAMS);
1919
ee392693
MH		 1920 hci_dev_lock(hdev);
1921
a0cdf960 1922 if (cp->val) {
ee392693 1923 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1924 } else {
1925 if (hdev_is_powered(hdev)) {
1926 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1927 MGMT_STATUS_REJECTED);
1928 goto unlock;
1929 }
1930
ee392693 1931 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1932 }
ee392693
MH		 1933
1934 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1935 if (err < 0)
1936 goto unlock;
1937
1938 if (changed)
1939 err = new_settings(hdev, sk);
6d80dfd0 1940
ee392693
MH		 1941unlock:
1942 hci_dev_unlock(hdev);
1943 return err;
6d80dfd0
JH		 1944}
1945
416a4ae5
JH		 1946static void le_enable_complete(struct hci_dev *hdev, u8 status)
1947{
1948 struct cmd_lookup match = { NULL, hdev };
1949
1950 if (status) {
1951 u8 mgmt_err = mgmt_status(status);
1952
1953 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1954 &mgmt_err);
1955 return;
1956 }
1957
1958 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1959
1960 new_settings(hdev, match.sk);
1961
1962 if (match.sk)
1963 sock_put(match.sk);
441ad2d0
MH		 1964
1965 /* Make sure the controller has a good default for
1966 * advertising data. Restrict the update to when LE
1967 * has actually been enabled. During power on, the
1968 * update in powered_update_hci will take care of it.
1969 */
1970 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1971 struct hci_request req;
1972
1973 hci_dev_lock(hdev);
1974
1975 hci_req_init(&req, hdev);
5947f4bc 1976 update_adv_data(&req);
f14d8f64 1977 update_scan_rsp_data(&req);
441ad2d0
MH		 1978 hci_req_run(&req, NULL);
1979
1980 hci_dev_unlock(hdev);
1981 }
416a4ae5
JH		 1982}
1983
bdb6d971 1984static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1985{
1986 struct mgmt_mode *cp = data;
1987 struct hci_cp_write_le_host_supported hci_cp;
1988 struct pending_cmd *cmd;
416a4ae5 1989 struct hci_request req;
06199cf8 1990 int err;
0b60eba1 1991 u8 val, enabled;
06199cf8 1992
bdb6d971 1993 BT_DBG("request for %s", hdev->name);
06199cf8 1994
13ecd8b6
JH		 1995 if (!lmp_le_capable(hdev))
1996 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1997 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1998
a7e80f25
JH		 1999 if (cp->val != 0x00 && cp->val != 0x01)
2000 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2001 MGMT_STATUS_INVALID_PARAMS);
2002
c73eee91 2003 /* LE-only devices do not allow toggling LE on/off */
56f87901 2004 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2005 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2006 MGMT_STATUS_REJECTED);
2007
13ecd8b6 2008 hci_dev_lock(hdev);
06199cf8
JH		 2009
2010 val = !!cp->val;
ffa88e02 2011 enabled = lmp_host_le_capable(hdev);
06199cf8 2012
0b60eba1 2013 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2014 bool changed = false;
2015
2016 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2017 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2018 changed = true;
2019 }
2020
f3d3444a
JH		 2021 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2022 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2023 changed = true;
2024 }
2025
06199cf8
JH		 2026 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2027 if (err < 0)
1de028ce 2028 goto unlock;
06199cf8
JH		 2029
2030 if (changed)
2031 err = new_settings(hdev, sk);
2032
1de028ce 2033 goto unlock;
06199cf8
JH		 2034 }
2035
4375f103
JH		 2036 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2037 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2038 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2039 MGMT_STATUS_BUSY);
1de028ce 2040 goto unlock;
06199cf8
JH		 2041 }
2042
2043 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2044 if (!cmd) {
2045 err = -ENOMEM;
1de028ce 2046 goto unlock;
06199cf8
JH		 2047 }
2048
441ad2d0
MH		 2049 hci_req_init(&req, hdev);
2050
06199cf8
JH		 2051 memset(&hci_cp, 0, sizeof(hci_cp));
2052
2053 if (val) {
2054 hci_cp.le = val;
ffa88e02 2055 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2056 } else {
2057 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2058 disable_advertising(&req);
06199cf8
JH		 2059 }
2060
416a4ae5
JH		 2061 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2062 &hci_cp);
2063
2064 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2065 if (err < 0)
06199cf8 2066 mgmt_pending_remove(cmd);
06199cf8 2067
1de028ce
JH		 2068unlock:
2069 hci_dev_unlock(hdev);
06199cf8
JH		 2070 return err;
2071}
2072
0cab9c80
JH		 2073/* This is a helper function to test for pending mgmt commands that can
2074 * cause CoD or EIR HCI commands. We can only allow one such pending
2075 * mgmt command at a time since otherwise we cannot easily track what
2076 * the current values are, will be, and based on that calculate if a new
2077 * HCI command needs to be sent and if yes with what value.
2078 */
2079static bool pending_eir_or_class(struct hci_dev *hdev)
2080{
2081 struct pending_cmd *cmd;
2082
2083 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2084 switch (cmd->opcode) {
2085 case MGMT_OP_ADD_UUID:
2086 case MGMT_OP_REMOVE_UUID:
2087 case MGMT_OP_SET_DEV_CLASS:
2088 case MGMT_OP_SET_POWERED:
2089 return true;
2090 }
2091 }
2092
2093 return false;
2094}
2095
83be8eca
JH		 2096static const u8 bluetooth_base_uuid[] = {
2097 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2098 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2099};
2100
2101static u8 get_uuid_size(const u8 *uuid)
2102{
2103 u32 val;
2104
2105 if (memcmp(uuid, bluetooth_base_uuid, 12))
2106 return 128;
2107
2108 val = get_unaligned_le32(&uuid[12]);
2109 if (val > 0xffff)
2110 return 32;
2111
2112 return 16;
2113}
2114
92da6097
JH		 2115static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2116{
2117 struct pending_cmd *cmd;
2118
2119 hci_dev_lock(hdev);
2120
2121 cmd = mgmt_pending_find(mgmt_op, hdev);
2122 if (!cmd)
2123 goto unlock;
2124
2125 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2126 hdev->dev_class, 3);
2127
2128 mgmt_pending_remove(cmd);
2129
2130unlock:
2131 hci_dev_unlock(hdev);
2132}
2133
2134static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2135{
2136 BT_DBG("status 0x%02x", status);
2137
2138 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2139}
2140
bdb6d971 2141static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2142{
650f726d 2143 struct mgmt_cp_add_uuid *cp = data;
90e70454 2144 struct pending_cmd *cmd;
890ea898 2145 struct hci_request req;
2aeb9a1a 2146 struct bt_uuid *uuid;
2aeb9a1a
JH		 2147 int err;
2148
bdb6d971 2149 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2150
09fd0de5 2151 hci_dev_lock(hdev);
2aeb9a1a 2152
0cab9c80 2153 if (pending_eir_or_class(hdev)) {
bdb6d971 2154 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2155 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2156 goto failed;
2157 }
2158
92c4c204 2159 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2160 if (!uuid) {
2161 err = -ENOMEM;
2162 goto failed;
2163 }
2164
2165 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2166 uuid->svc_hint = cp->svc_hint;
83be8eca 2167 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2168
de66aa63 2169 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2170
890ea898 2171 hci_req_init(&req, hdev);
1aff6f09 2172
890ea898
JH		 2173 update_class(&req);
2174 update_eir(&req);
2175
92da6097
JH		 2176 err = hci_req_run(&req, add_uuid_complete);
2177 if (err < 0) {
2178 if (err != -ENODATA)
2179 goto failed;
80a1e1db 2180
bdb6d971 2181 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2182 hdev->dev_class, 3);
90e70454
JH		 2183 goto failed;
2184 }
2185
2186 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2187 if (!cmd) {
90e70454 2188 err = -ENOMEM;
890ea898
JH		 2189 goto failed;
2190 }
2191
2192 err = 0;
2aeb9a1a
JH		 2193
2194failed:
09fd0de5 2195 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2196 return err;
2197}
2198
24b78d0f
JH		 2199static bool enable_service_cache(struct hci_dev *hdev)
2200{
2201 if (!hdev_is_powered(hdev))
2202 return false;
2203
2204 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2205 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2206 CACHE_TIMEOUT);
24b78d0f
JH		 2207 return true;
2208 }
2209
2210 return false;
2211}
2212
92da6097
JH		 2213static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2214{
2215 BT_DBG("status 0x%02x", status);
2216
2217 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2218}
2219
bdb6d971 2220static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2221 u16 len)
2aeb9a1a 2222{
650f726d 2223 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2224 struct pending_cmd *cmd;
056341c8 2225 struct bt_uuid *match, *tmp;
2aeb9a1a 2226 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2227 struct hci_request req;
2aeb9a1a
JH		 2228 int err, found;
2229
bdb6d971 2230 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2231
09fd0de5 2232 hci_dev_lock(hdev);
2aeb9a1a 2233
0cab9c80 2234 if (pending_eir_or_class(hdev)) {
bdb6d971 2235 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2236 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2237 goto unlock;
2238 }
2239
2aeb9a1a 2240 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2241 hci_uuids_clear(hdev);
4004b6d9 2242
24b78d0f 2243 if (enable_service_cache(hdev)) {
bdb6d971 2244 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2245 0, hdev->dev_class, 3);
24b78d0f
JH		 2246 goto unlock;
2247 }
4004b6d9 2248
9246a869 2249 goto update_class;
2aeb9a1a
JH		 2250 }
2251
2252 found = 0;
2253
056341c8 2254 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2255 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2256 continue;
2257
2258 list_del(&match->list);
482049f7 2259 kfree(match);
2aeb9a1a
JH		 2260 found++;
2261 }
2262
2263 if (found == 0) {
bdb6d971 2264 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2265 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2266 goto unlock;
2267 }
2268
9246a869 2269update_class:
890ea898 2270 hci_req_init(&req, hdev);
1aff6f09 2271
890ea898
JH		 2272 update_class(&req);
2273 update_eir(&req);
2274
92da6097
JH		 2275 err = hci_req_run(&req, remove_uuid_complete);
2276 if (err < 0) {
2277 if (err != -ENODATA)
2278 goto unlock;
80a1e1db 2279
bdb6d971 2280 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2281 hdev->dev_class, 3);
90e70454
JH		 2282 goto unlock;
2283 }
2284
2285 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2286 if (!cmd) {
90e70454 2287 err = -ENOMEM;
890ea898
JH		 2288 goto unlock;
2289 }
2290
2291 err = 0;
2aeb9a1a
JH		 2292
2293unlock:
09fd0de5 2294 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2295 return err;
2296}
2297
92da6097
JH		 2298static void set_class_complete(struct hci_dev *hdev, u8 status)
2299{
2300 BT_DBG("status 0x%02x", status);
2301
2302 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2303}
2304
bdb6d971 2305static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2306 u16 len)
1aff6f09 2307{
650f726d 2308 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2309 struct pending_cmd *cmd;
890ea898 2310 struct hci_request req;
1aff6f09
JH		 2311 int err;
2312
bdb6d971 2313 BT_DBG("request for %s", hdev->name);
1aff6f09 2314
6203fc98 2315 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2316 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2317 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2318
0cab9c80 2319 hci_dev_lock(hdev);
ee98f473 2320
0cab9c80
JH		 2321 if (pending_eir_or_class(hdev)) {
2322 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2323 MGMT_STATUS_BUSY);
2324 goto unlock;
2325 }
c95f0ba7 2326
0cab9c80
JH		 2327 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2328 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2329 MGMT_STATUS_INVALID_PARAMS);
2330 goto unlock;
2331 }
575b3a02 2332
932f5ff5
JH		 2333 hdev->major_class = cp->major;
2334 hdev->minor_class = cp->minor;
2335
b5235a65 2336 if (!hdev_is_powered(hdev)) {
bdb6d971 2337 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2338 hdev->dev_class, 3);
b5235a65
JH		 2339 goto unlock;
2340 }
2341
890ea898
JH		 2342 hci_req_init(&req, hdev);
2343
a8b2d5c2 2344 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2345 hci_dev_unlock(hdev);
2346 cancel_delayed_work_sync(&hdev->service_cache);
2347 hci_dev_lock(hdev);
890ea898 2348 update_eir(&req);
7d78525d 2349 }
14c0b608 2350
890ea898
JH		 2351 update_class(&req);
2352
92da6097
JH		 2353 err = hci_req_run(&req, set_class_complete);
2354 if (err < 0) {
2355 if (err != -ENODATA)
2356 goto unlock;
1aff6f09 2357
bdb6d971 2358 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2359 hdev->dev_class, 3);
90e70454
JH		 2360 goto unlock;
2361 }
2362
2363 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2364 if (!cmd) {
90e70454 2365 err = -ENOMEM;
890ea898
JH		 2366 goto unlock;
2367 }
2368
2369 err = 0;
1aff6f09 2370
b5235a65 2371unlock:
09fd0de5 2372 hci_dev_unlock(hdev);
1aff6f09
JH		 2373 return err;
2374}
2375
bdb6d971 2376static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2377 u16 len)
55ed8ca1 2378{
650f726d 2379 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2380 u16 key_count, expected_len;
b1de97d8 2381 bool changed;
a492cd52 2382 int i;
55ed8ca1 2383
9060d5cf
MH		 2384 BT_DBG("request for %s", hdev->name);
2385
2386 if (!lmp_bredr_capable(hdev))
2387 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2388 MGMT_STATUS_NOT_SUPPORTED);
2389
1f350c87 2390 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2391
86742e1e
JH		 2392 expected_len = sizeof(*cp) + key_count *
2393 sizeof(struct mgmt_link_key_info);
a492cd52 2394 if (expected_len != len) {
86742e1e 2395 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2396 expected_len, len);
bdb6d971 2397 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2398 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2399 }
2400
4ae14301
JH		 2401 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2402 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2403 MGMT_STATUS_INVALID_PARAMS);
2404
bdb6d971 2405 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2406 key_count);
55ed8ca1 2407
4ee71b20
JH		 2408 for (i = 0; i < key_count; i++) {
2409 struct mgmt_link_key_info *key = &cp->keys[i];
2410
8e991132 2411 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2412 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2413 MGMT_STATUS_INVALID_PARAMS);
2414 }
2415
09fd0de5 2416 hci_dev_lock(hdev);
55ed8ca1
JH		 2417
2418 hci_link_keys_clear(hdev);
2419
55ed8ca1 2420 if (cp->debug_keys)
0663b297
JH		 2421 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2422 &hdev->dev_flags);
55ed8ca1 2423 else
0663b297
JH		 2424 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2425 &hdev->dev_flags);
b1de97d8
MH		 2426
2427 if (changed)
2428 new_settings(hdev, NULL);
55ed8ca1 2429
a492cd52 2430 for (i = 0; i < key_count; i++) {
86742e1e 2431 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2432
58e9293c
JH		 2433 /* Always ignore debug keys and require a new pairing if
2434 * the user wants to use them.
2435 */
2436 if (key->type == HCI_LK_DEBUG_COMBINATION)
2437 continue;
2438
7652ff6a
JH		 2439 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2440 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2441 }
2442
bdb6d971 2443 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2444
09fd0de5 2445 hci_dev_unlock(hdev);
55ed8ca1 2446
a492cd52 2447 return 0;
55ed8ca1
JH		 2448}
2449
b1078ad0 2450static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2451 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2452{
2453 struct mgmt_ev_device_unpaired ev;
2454
2455 bacpy(&ev.addr.bdaddr, bdaddr);
2456 ev.addr.type = addr_type;
2457
2458 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2459 skip_sk);
b1078ad0
JH		 2460}
2461
bdb6d971 2462static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2463 u16 len)
55ed8ca1 2464{
124f6e35
JH		 2465 struct mgmt_cp_unpair_device *cp = data;
2466 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2467 struct hci_cp_disconnect dc;
2468 struct pending_cmd *cmd;
55ed8ca1 2469 struct hci_conn *conn;
55ed8ca1
JH		 2470 int err;
2471
a8a1d19e 2472 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2473 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2474 rp.addr.type = cp->addr.type;
a8a1d19e 2475
4ee71b20
JH		 2476 if (!bdaddr_type_is_valid(cp->addr.type))
2477 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2478 MGMT_STATUS_INVALID_PARAMS,
2479 &rp, sizeof(rp));
2480
118da70b
JH		 2481 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2482 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2483 MGMT_STATUS_INVALID_PARAMS,
2484 &rp, sizeof(rp));
2485
4ee71b20
JH		 2486 hci_dev_lock(hdev);
2487
86a8cfc6 2488 if (!hdev_is_powered(hdev)) {
bdb6d971 2489 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2490 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2491 goto unlock;
2492 }
2493
e0b2b27e 2494 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2495 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2496 } else {
2497 u8 addr_type;
2498
2499 if (cp->addr.type == BDADDR_LE_PUBLIC)
2500 addr_type = ADDR_LE_DEV_PUBLIC;
2501 else
2502 addr_type = ADDR_LE_DEV_RANDOM;
2503
a7ec7338
JH		 2504 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2505
a9b0a04c
AG		 2506 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2507
e0b2b27e
JH		 2508 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2509 }
b0dbfb46 2510
55ed8ca1 2511 if (err < 0) {
bdb6d971 2512 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2513 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2514 goto unlock;
2515 }
2516
86a8cfc6 2517 if (cp->disconnect) {
591f47f3 2518 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2519 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2520 &cp->addr.bdaddr);
86a8cfc6
JH		 2521 else
2522 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2523 &cp->addr.bdaddr);
86a8cfc6
JH		 2524 } else {
2525 conn = NULL;
2526 }
124f6e35 2527
a8a1d19e 2528 if (!conn) {
bdb6d971 2529 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2530 &rp, sizeof(rp));
b1078ad0 2531 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2532 goto unlock;
2533 }
55ed8ca1 2534
124f6e35 2535 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2536 sizeof(*cp));
a8a1d19e
JH		 2537 if (!cmd) {
2538 err = -ENOMEM;
2539 goto unlock;
55ed8ca1
JH		 2540 }
2541
eb55ef07 2542 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2543 dc.reason = 0x13; /* Remote User Terminated Connection */
2544 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2545 if (err < 0)
2546 mgmt_pending_remove(cmd);
2547
55ed8ca1 2548unlock:
09fd0de5 2549 hci_dev_unlock(hdev);
55ed8ca1
JH		 2550 return err;
2551}
2552
bdb6d971 2553static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2554 u16 len)
8962ee74 2555{
650f726d 2556 struct mgmt_cp_disconnect *cp = data;
06a63b19 2557 struct mgmt_rp_disconnect rp;
8962ee74 2558 struct hci_cp_disconnect dc;
366a0336 2559 struct pending_cmd *cmd;
8962ee74 2560 struct hci_conn *conn;
8962ee74
JH		 2561 int err;
2562
2563 BT_DBG("");
2564
06a63b19
JH		 2565 memset(&rp, 0, sizeof(rp));
2566 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2567 rp.addr.type = cp->addr.type;
2568
4ee71b20 2569 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2570 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2571 MGMT_STATUS_INVALID_PARAMS,
2572 &rp, sizeof(rp));
4ee71b20 2573
09fd0de5 2574 hci_dev_lock(hdev);
8962ee74
JH		 2575
2576 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2577 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2578 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2579 goto failed;
2580 }
2581
2e58ef3e 2582 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2583 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2584 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2585 goto failed;
2586 }
2587
591f47f3 2588 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2589 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2590 &cp->addr.bdaddr);
88c3df13
JH		 2591 else
2592 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2593
f960727e 2594 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2595 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2596 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2597 goto failed;
2598 }
2599
2e58ef3e 2600 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2601 if (!cmd) {
2602 err = -ENOMEM;
8962ee74 2603 goto failed;
366a0336 2604 }
8962ee74 2605
eb55ef07 2606 dc.handle = cpu_to_le16(conn->handle);
3701f944 2607 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2608
2609 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2610 if (err < 0)
a664b5bc 2611 mgmt_pending_remove(cmd);
8962ee74
JH		 2612
2613failed:
09fd0de5 2614 hci_dev_unlock(hdev);
8962ee74
JH		 2615 return err;
2616}
2617
57c1477c 2618static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2619{
2620 switch (link_type) {
2621 case LE_LINK:
48264f06
JH		 2622 switch (addr_type) {
2623 case ADDR_LE_DEV_PUBLIC:
591f47f3 2624 return BDADDR_LE_PUBLIC;
0ed09148 2625
48264f06 2626 default:
0ed09148 2627 /* Fallback to LE Random address type */
591f47f3 2628 return BDADDR_LE_RANDOM;
48264f06 2629 }
0ed09148 2630
4c659c39 2631 default:
0ed09148 2632 /* Fallback to BR/EDR type */
591f47f3 2633 return BDADDR_BREDR;
4c659c39
JH		 2634 }
2635}
2636
04124681
GP		 2637static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2638 u16 data_len)
2784eb41 2639{
2784eb41 2640 struct mgmt_rp_get_connections *rp;
8035ded4 2641 struct hci_conn *c;
a38528f1 2642 size_t rp_len;
60fc5fb6
JH		 2643 int err;
2644 u16 i;
2784eb41
JH		 2645
2646 BT_DBG("");
2647
09fd0de5 2648 hci_dev_lock(hdev);
2784eb41 2649
5f97c1df 2650 if (!hdev_is_powered(hdev)) {
bdb6d971 2651 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2652 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2653 goto unlock;
2654 }
2655
60fc5fb6 2656 i = 0;
b644ba33
JH		 2657 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2658 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2659 i++;
2784eb41
JH		 2660 }
2661
60fc5fb6 2662 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2663 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2664 if (!rp) {
2784eb41
JH		 2665 err = -ENOMEM;
2666 goto unlock;
2667 }
2668
2784eb41 2669 i = 0;
4c659c39 2670 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2671 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2672 continue;
4c659c39 2673 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2674 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2675 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2676 continue;
2677 i++;
2678 }
2679
eb55ef07 2680 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2681
4c659c39
JH		 2682 /* Recalculate length in case of filtered SCO connections, etc */
2683 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2684
bdb6d971 2685 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2686 rp_len);
2784eb41 2687
a38528f1 2688 kfree(rp);
5f97c1df
JH		 2689
2690unlock:
09fd0de5 2691 hci_dev_unlock(hdev);
2784eb41
JH		 2692 return err;
2693}
2694
bdb6d971 2695static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2696 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2697{
2698 struct pending_cmd *cmd;
2699 int err;
2700
2e58ef3e 2701 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2702 sizeof(*cp));
96d97a67
WR		 2703 if (!cmd)
2704 return -ENOMEM;
2705
d8457698 2706 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2707 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2708 if (err < 0)
2709 mgmt_pending_remove(cmd);
2710
2711 return err;
2712}
2713
bdb6d971 2714static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2715 u16 len)
980e1a53 2716{
96d97a67 2717 struct hci_conn *conn;
650f726d 2718 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2719 struct hci_cp_pin_code_reply reply;
366a0336 2720 struct pending_cmd *cmd;
980e1a53
JH		 2721 int err;
2722
2723 BT_DBG("");
2724
09fd0de5 2725 hci_dev_lock(hdev);
980e1a53 2726
4b34ee78 2727 if (!hdev_is_powered(hdev)) {
bdb6d971 2728 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2729 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2730 goto failed;
2731 }
2732
d8457698 2733 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2734 if (!conn) {
bdb6d971 2735 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2736 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2737 goto failed;
2738 }
2739
2740 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2741 struct mgmt_cp_pin_code_neg_reply ncp;
2742
2743 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2744
2745 BT_ERR("PIN code is not 16 bytes long");
2746
bdb6d971 2747 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2748 if (err >= 0)
bdb6d971 2749 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2750 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2751
2752 goto failed;
2753 }
2754
00abfe44 2755 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2756 if (!cmd) {
2757 err = -ENOMEM;
980e1a53 2758 goto failed;
366a0336 2759 }
980e1a53 2760
d8457698 2761 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2762 reply.pin_len = cp->pin_len;
24718ca5 2763 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2764
2765 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2766 if (err < 0)
a664b5bc 2767 mgmt_pending_remove(cmd);
980e1a53
JH		 2768
2769failed:
09fd0de5 2770 hci_dev_unlock(hdev);
980e1a53
JH		 2771 return err;
2772}
2773
04124681
GP		 2774static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2775 u16 len)
17fa4b9d 2776{
650f726d 2777 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2778
2779 BT_DBG("");
2780
4ec86d4c
JH		 2781 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2782 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2783 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2784
09fd0de5 2785 hci_dev_lock(hdev);
17fa4b9d
JH		 2786
2787 hdev->io_capability = cp->io_capability;
2788
2789 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2790 hdev->io_capability);
17fa4b9d 2791
09fd0de5 2792 hci_dev_unlock(hdev);
17fa4b9d 2793
04124681
GP		 2794 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2795 0);
17fa4b9d
JH		 2796}
2797
6039aa73 2798static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2799{
2800 struct hci_dev *hdev = conn->hdev;
8035ded4 2801 struct pending_cmd *cmd;
e9a416b5 2802
2e58ef3e 2803 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2804 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2805 continue;
2806
e9a416b5
JH		 2807 if (cmd->user_data != conn)
2808 continue;
2809
2810 return cmd;
2811 }
2812
2813 return NULL;
2814}
2815
2816static void pairing_complete(struct pending_cmd *cmd, u8 status)
2817{
2818 struct mgmt_rp_pair_device rp;
2819 struct hci_conn *conn = cmd->user_data;
2820
61b1a7fb
JH		 2821 bacpy(&rp.addr.bdaddr, &conn->dst);
2822 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2823
aee9b218 2824 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2825 &rp, sizeof(rp));
e9a416b5
JH		 2826
2827 /* So we don't get further callbacks for this connection */
2828 conn->connect_cfm_cb = NULL;
2829 conn->security_cfm_cb = NULL;
2830 conn->disconn_cfm_cb = NULL;
2831
76a68ba0 2832 hci_conn_drop(conn);
e9a416b5 2833
a664b5bc 2834 mgmt_pending_remove(cmd);
e9a416b5
JH		 2835}
2836
f4a407be
JH		 2837void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2838{
2839 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2840 struct pending_cmd *cmd;
2841
2842 cmd = find_pairing(conn);
2843 if (cmd)
2844 pairing_complete(cmd, status);
2845}
2846
e9a416b5
JH		 2847static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2848{
2849 struct pending_cmd *cmd;
2850
2851 BT_DBG("status %u", status);
2852
2853 cmd = find_pairing(conn);
56e5cb86 2854 if (!cmd)
e9a416b5 2855 BT_DBG("Unable to find a pending command");
56e5cb86 2856 else
e211326c 2857 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2858}
2859
f4a407be 2860static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2861{
2862 struct pending_cmd *cmd;
2863
2864 BT_DBG("status %u", status);
2865
2866 if (!status)
2867 return;
2868
2869 cmd = find_pairing(conn);
2870 if (!cmd)
2871 BT_DBG("Unable to find a pending command");
2872 else
2873 pairing_complete(cmd, mgmt_status(status));
2874}
2875
bdb6d971 2876static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2877 u16 len)
e9a416b5 2878{
650f726d 2879 struct mgmt_cp_pair_device *cp = data;
1425acb7 2880 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2881 struct pending_cmd *cmd;
2882 u8 sec_level, auth_type;
2883 struct hci_conn *conn;
e9a416b5
JH		 2884 int err;
2885
2886 BT_DBG("");
2887
f950a30e
SJ		 2888 memset(&rp, 0, sizeof(rp));
2889 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2890 rp.addr.type = cp->addr.type;
2891
4ee71b20
JH		 2892 if (!bdaddr_type_is_valid(cp->addr.type))
2893 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2894 MGMT_STATUS_INVALID_PARAMS,
2895 &rp, sizeof(rp));
2896
4ec86d4c
JH		 2897 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2898 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2899 MGMT_STATUS_INVALID_PARAMS,
2900 &rp, sizeof(rp));
2901
09fd0de5 2902 hci_dev_lock(hdev);
e9a416b5 2903
5f97c1df 2904 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2905 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2906 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2907 goto unlock;
2908 }
2909
c908df36 2910 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2911 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2912
6f77d8c7 2913 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2914 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2915 auth_type);
6f77d8c7
AG		 2916 } else {
2917 u8 addr_type;
2918
2919 /* Convert from L2CAP channel address type to HCI address type
2920 */
2921 if (cp->addr.type == BDADDR_LE_PUBLIC)
2922 addr_type = ADDR_LE_DEV_PUBLIC;
2923 else
2924 addr_type = ADDR_LE_DEV_RANDOM;
2925
2926 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 2927 sec_level, auth_type);
6f77d8c7 2928 }
7a512d01 2929
30e76272 2930 if (IS_ERR(conn)) {
489dc48e
AK		 2931 int status;
2932
2933 if (PTR_ERR(conn) == -EBUSY)
2934 status = MGMT_STATUS_BUSY;
2935 else
2936 status = MGMT_STATUS_CONNECT_FAILED;
2937
bdb6d971 2938 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2939 status, &rp,
04124681 2940 sizeof(rp));
e9a416b5
JH		 2941 goto unlock;
2942 }
2943
2944 if (conn->connect_cfm_cb) {
76a68ba0 2945 hci_conn_drop(conn);
bdb6d971 2946 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2947 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2948 goto unlock;
2949 }
2950
2e58ef3e 2951 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2952 if (!cmd) {
2953 err = -ENOMEM;
76a68ba0 2954 hci_conn_drop(conn);
e9a416b5
JH		 2955 goto unlock;
2956 }
2957
7a512d01 2958 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2959 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2960 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2961 conn->security_cfm_cb = pairing_complete_cb;
2962 conn->disconn_cfm_cb = pairing_complete_cb;
2963 } else {
2964 conn->connect_cfm_cb = le_pairing_complete_cb;
2965 conn->security_cfm_cb = le_pairing_complete_cb;
2966 conn->disconn_cfm_cb = le_pairing_complete_cb;
2967 }
7a512d01 2968
e9a416b5
JH		 2969 conn->io_capability = cp->io_cap;
2970 cmd->user_data = conn;
2971
2972 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2973 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2974 pairing_complete(cmd, 0);
2975
2976 err = 0;
2977
2978unlock:
09fd0de5 2979 hci_dev_unlock(hdev);
e9a416b5
JH		 2980 return err;
2981}
2982
04124681
GP		 2983static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2984 u16 len)
28424707 2985{
0f4e68cf 2986 struct mgmt_addr_info *addr = data;
28424707
JH		 2987 struct pending_cmd *cmd;
2988 struct hci_conn *conn;
2989 int err;
2990
2991 BT_DBG("");
2992
28424707
JH		 2993 hci_dev_lock(hdev);
2994
5f97c1df 2995 if (!hdev_is_powered(hdev)) {
bdb6d971 2996 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2997 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2998 goto unlock;
2999 }
3000
28424707
JH		 3001 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3002 if (!cmd) {
bdb6d971 3003 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3004 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3005 goto unlock;
3006 }
3007
3008 conn = cmd->user_data;
3009
3010 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3011 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3012 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3013 goto unlock;
3014 }
3015
3016 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3017
bdb6d971 3018 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3019 addr, sizeof(*addr));
28424707
JH		 3020unlock:
3021 hci_dev_unlock(hdev);
28424707
JH		 3022 return err;
3023}
3024
bdb6d971 3025static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3026 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3027 u16 hci_op, __le32 passkey)
a5c29683 3028{
a5c29683 3029 struct pending_cmd *cmd;
0df4c185 3030 struct hci_conn *conn;
a5c29683
JH		 3031 int err;
3032
09fd0de5 3033 hci_dev_lock(hdev);
08ba5382 3034
4b34ee78 3035 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3036 err = cmd_complete(sk, hdev->id, mgmt_op,
3037 MGMT_STATUS_NOT_POWERED, addr,
3038 sizeof(*addr));
0df4c185 3039 goto done;
a5c29683
JH		 3040 }
3041
1707c60e
JH		 3042 if (addr->type == BDADDR_BREDR)
3043 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3044 else
1707c60e 3045 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3046
3047 if (!conn) {
feb94d3d
JH		 3048 err = cmd_complete(sk, hdev->id, mgmt_op,
3049 MGMT_STATUS_NOT_CONNECTED, addr,
3050 sizeof(*addr));
272d90df
JH		 3051 goto done;
3052 }
47c15e2b 3053
1707c60e 3054 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3055 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3056 if (!err)
feb94d3d
JH		 3057 err = cmd_complete(sk, hdev->id, mgmt_op,
3058 MGMT_STATUS_SUCCESS, addr,
3059 sizeof(*addr));
5fe57d9e 3060 else
feb94d3d
JH		 3061 err = cmd_complete(sk, hdev->id, mgmt_op,
3062 MGMT_STATUS_FAILED, addr,
3063 sizeof(*addr));
47c15e2b 3064
47c15e2b
BG		 3065 goto done;
3066 }
3067
1707c60e 3068 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3069 if (!cmd) {
3070 err = -ENOMEM;
0df4c185 3071 goto done;
a5c29683
JH		 3072 }
3073
0df4c185 3074 /* Continue with pairing via HCI */
604086b7
BG		 3075 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3076 struct hci_cp_user_passkey_reply cp;
3077
1707c60e 3078 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3079 cp.passkey = passkey;
3080 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3081 } else
1707c60e
JH		 3082 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3083 &addr->bdaddr);
604086b7 3084
a664b5bc
JH		 3085 if (err < 0)
3086 mgmt_pending_remove(cmd);
a5c29683 3087
0df4c185 3088done:
09fd0de5 3089 hci_dev_unlock(hdev);
a5c29683
JH		 3090 return err;
3091}
3092
afeb019d
JK		 3093static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3094 void *data, u16 len)
3095{
3096 struct mgmt_cp_pin_code_neg_reply *cp = data;
3097
3098 BT_DBG("");
3099
1707c60e 3100 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3101 MGMT_OP_PIN_CODE_NEG_REPLY,
3102 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3103}
3104
04124681
GP		 3105static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3106 u16 len)
0df4c185 3107{
650f726d 3108 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3109
3110 BT_DBG("");
3111
3112 if (len != sizeof(*cp))
bdb6d971 3113 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3114 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3115
1707c60e 3116 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3117 MGMT_OP_USER_CONFIRM_REPLY,
3118 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3119}
3120
bdb6d971 3121static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3122 void *data, u16 len)
0df4c185 3123{
c9c2659f 3124 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3125
3126 BT_DBG("");
3127
1707c60e 3128 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3129 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3130 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3131}
3132
04124681
GP		 3133static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3134 u16 len)
604086b7 3135{
650f726d 3136 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3137
3138 BT_DBG("");
3139
1707c60e 3140 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3141 MGMT_OP_USER_PASSKEY_REPLY,
3142 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3143}
3144
bdb6d971 3145static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3146 void *data, u16 len)
604086b7 3147{
650f726d 3148 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3149
3150 BT_DBG("");
3151
1707c60e 3152 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3153 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3154 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3155}
3156
13928971 3157static void update_name(struct hci_request *req)
2b4bf397 3158{
13928971 3159 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3160 struct hci_cp_write_local_name cp;
3161
13928971 3162 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3163
890ea898 3164 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3165}
3166
13928971
JH		 3167static void set_name_complete(struct hci_dev *hdev, u8 status)
3168{
3169 struct mgmt_cp_set_local_name *cp;
3170 struct pending_cmd *cmd;
3171
3172 BT_DBG("status 0x%02x", status);
3173
3174 hci_dev_lock(hdev);
3175
3176 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3177 if (!cmd)
3178 goto unlock;
3179
3180 cp = cmd->param;
3181
3182 if (status)
3183 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3184 mgmt_status(status));
3185 else
3186 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3187 cp, sizeof(*cp));
3188
3189 mgmt_pending_remove(cmd);
3190
3191unlock:
3192 hci_dev_unlock(hdev);
3193}
3194
bdb6d971 3195static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3196 u16 len)
b312b161 3197{
2b4bf397 3198 struct mgmt_cp_set_local_name *cp = data;
b312b161 3199 struct pending_cmd *cmd;
890ea898 3200 struct hci_request req;
b312b161
JH		 3201 int err;
3202
3203 BT_DBG("");
3204
09fd0de5 3205 hci_dev_lock(hdev);
b312b161 3206
b3f2ca94
JH		 3207 /* If the old values are the same as the new ones just return a
3208 * direct command complete event.
3209 */
3210 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3211 !memcmp(hdev->short_name, cp->short_name,
3212 sizeof(hdev->short_name))) {
3213 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3214 data, len);
3215 goto failed;
3216 }
3217
2b4bf397 3218 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3219
b5235a65 3220 if (!hdev_is_powered(hdev)) {
2b4bf397 3221 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3222
3223 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3224 data, len);
28cc7bde
JH		 3225 if (err < 0)
3226 goto failed;
3227
3228 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3229 sk);
28cc7bde 3230
b5235a65
JH		 3231 goto failed;
3232 }
3233
28cc7bde 3234 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3235 if (!cmd) {
3236 err = -ENOMEM;
3237 goto failed;
3238 }
3239
13928971
JH		 3240 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3241
890ea898 3242 hci_req_init(&req, hdev);
3f985050
JH		 3243
3244 if (lmp_bredr_capable(hdev)) {
3245 update_name(&req);
3246 update_eir(&req);
3247 }
3248
7a5f4990
MH		 3249 /* The name is stored in the scan response data and so
3250 * no need to udpate the advertising data here.
3251 */
3f985050 3252 if (lmp_le_capable(hdev))
7a5f4990 3253 update_scan_rsp_data(&req);
3f985050 3254
13928971 3255 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3256 if (err < 0)
3257 mgmt_pending_remove(cmd);
3258
3259failed:
09fd0de5 3260 hci_dev_unlock(hdev);
b312b161
JH		 3261 return err;
3262}
3263
0f4e68cf 3264static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3265 void *data, u16 data_len)
c35938b2 3266{
c35938b2
SJ		 3267 struct pending_cmd *cmd;
3268 int err;
3269
bdb6d971 3270 BT_DBG("%s", hdev->name);
c35938b2 3271
09fd0de5 3272 hci_dev_lock(hdev);
c35938b2 3273
4b34ee78 3274 if (!hdev_is_powered(hdev)) {
bdb6d971 3275 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3276 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3277 goto unlock;
3278 }
3279
9a1a1996 3280 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3281 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3282 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3283 goto unlock;
3284 }
3285
2e58ef3e 3286 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3287 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3288 MGMT_STATUS_BUSY);
c35938b2
SJ		 3289 goto unlock;
3290 }
3291
2e58ef3e 3292 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3293 if (!cmd) {
3294 err = -ENOMEM;
3295 goto unlock;
3296 }
3297
4d2d2796
MH		 3298 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3299 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3300 0, NULL);
3301 else
3302 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3303
c35938b2
SJ		 3304 if (err < 0)
3305 mgmt_pending_remove(cmd);
3306
3307unlock:
09fd0de5 3308 hci_dev_unlock(hdev);
c35938b2
SJ		 3309 return err;
3310}
3311
bdb6d971 3312static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3313 void *data, u16 len)
2763eda6 3314{
2763eda6
SJ		 3315 int err;
3316
bdb6d971 3317 BT_DBG("%s ", hdev->name);
2763eda6 3318
09fd0de5 3319 hci_dev_lock(hdev);
2763eda6 3320
ec109113
MH		 3321 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3322 struct mgmt_cp_add_remote_oob_data *cp = data;
3323 u8 status;
bf1e3541 3324
ec109113
MH		 3325 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3326 cp->hash, cp->randomizer);
3327 if (err < 0)
3328 status = MGMT_STATUS_FAILED;
3329 else
3330 status = MGMT_STATUS_SUCCESS;
3331
3332 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3333 status, &cp->addr, sizeof(cp->addr));
3334 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3335 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3336 u8 status;
3337
3338 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3339 cp->hash192,
3340 cp->randomizer192,
3341 cp->hash256,
3342 cp->randomizer256);
3343 if (err < 0)
3344 status = MGMT_STATUS_FAILED;
3345 else
3346 status = MGMT_STATUS_SUCCESS;
3347
3348 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3349 status, &cp->addr, sizeof(cp->addr));
3350 } else {
3351 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3352 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3353 MGMT_STATUS_INVALID_PARAMS);
3354 }
2763eda6 3355
09fd0de5 3356 hci_dev_unlock(hdev);
2763eda6
SJ		 3357 return err;
3358}
3359
bdb6d971 3360static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3361 void *data, u16 len)
2763eda6 3362{
650f726d 3363 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3364 u8 status;
2763eda6
SJ		 3365 int err;
3366
bdb6d971 3367 BT_DBG("%s", hdev->name);
2763eda6 3368
09fd0de5 3369 hci_dev_lock(hdev);
2763eda6 3370
664ce4cc 3371 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3372 if (err < 0)
bf1e3541 3373 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3374 else
a6785be2 3375 status = MGMT_STATUS_SUCCESS;
bf1e3541 3376
bdb6d971 3377 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3378 status, &cp->addr, sizeof(cp->addr));
2763eda6 3379
09fd0de5 3380 hci_dev_unlock(hdev);
2763eda6
SJ		 3381 return err;
3382}
3383
41dc2bd6
AG		 3384static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3385{
3386 struct pending_cmd *cmd;
3387 u8 type;
3388 int err;
3389
3390 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3391
3392 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3393 if (!cmd)
3394 return -ENOENT;
3395
3396 type = hdev->discovery.type;
3397
3398 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3399 &type, sizeof(type));
3400 mgmt_pending_remove(cmd);
3401
3402 return err;
3403}
3404
7c307720
AG		 3405static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3406{
ae55f598
LR		 3407 unsigned long timeout = 0;
3408
7c307720
AG		 3409 BT_DBG("status %d", status);
3410
3411 if (status) {
3412 hci_dev_lock(hdev);
3413 mgmt_start_discovery_failed(hdev, status);
3414 hci_dev_unlock(hdev);
3415 return;
3416 }
3417
3418 hci_dev_lock(hdev);
3419 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3420 hci_dev_unlock(hdev);
3421
3422 switch (hdev->discovery.type) {
3423 case DISCOV_TYPE_LE:
3d5a76f0 3424 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3425 break;
3426
3427 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3428 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3429 break;
3430
3431 case DISCOV_TYPE_BREDR:
3432 break;
3433
3434 default:
3435 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3436 }
ae55f598
LR		 3437
3438 if (!timeout)
3439 return;
3440
3441 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3442}
3443
bdb6d971 3444static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3445 void *data, u16 len)
14a53664 3446{
650f726d 3447 struct mgmt_cp_start_discovery *cp = data;
14a53664 3448 struct pending_cmd *cmd;
7c307720
AG		 3449 struct hci_cp_le_set_scan_param param_cp;
3450 struct hci_cp_le_set_scan_enable enable_cp;
3451 struct hci_cp_inquiry inq_cp;
3452 struct hci_request req;
3453 /* General inquiry access code (GIAC) */
3454 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3455 u8 status, own_addr_type;
14a53664
JH		 3456 int err;
3457
bdb6d971 3458 BT_DBG("%s", hdev->name);
14a53664 3459
09fd0de5 3460 hci_dev_lock(hdev);
14a53664 3461
4b34ee78 3462 if (!hdev_is_powered(hdev)) {
bdb6d971 3463 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3464 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3465 goto failed;
3466 }
3467
642be6c7
AG		 3468 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3469 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3470 MGMT_STATUS_BUSY);
3471 goto failed;
3472 }
3473
ff9ef578 3474 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3475 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3476 MGMT_STATUS_BUSY);
ff9ef578
JH		 3477 goto failed;
3478 }
3479
2e58ef3e 3480 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3481 if (!cmd) {
3482 err = -ENOMEM;
3483 goto failed;
3484 }
3485
4aab14e5
AG		 3486 hdev->discovery.type = cp->type;
3487
7c307720
AG		 3488 hci_req_init(&req, hdev);
3489
4aab14e5 3490 switch (hdev->discovery.type) {
f39799f5 3491 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3492 status = mgmt_bredr_support(hdev);
3493 if (status) {
04106755 3494 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3495 status);
04106755
JH		 3496 mgmt_pending_remove(cmd);
3497 goto failed;
3498 }
3499
7c307720
AG		 3500 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3501 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3502 MGMT_STATUS_BUSY);
3503 mgmt_pending_remove(cmd);
3504 goto failed;
3505 }
3506
3507 hci_inquiry_cache_flush(hdev);
3508
3509 memset(&inq_cp, 0, sizeof(inq_cp));
3510 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3511 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3512 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3513 break;
3514
3515 case DISCOV_TYPE_LE:
7c307720 3516 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3517 status = mgmt_le_support(hdev);
3518 if (status) {
04106755 3519 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3520 status);
04106755
JH		 3521 mgmt_pending_remove(cmd);
3522 goto failed;
3523 }
3524
7c307720 3525 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3526 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3527 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3528 MGMT_STATUS_NOT_SUPPORTED);
3529 mgmt_pending_remove(cmd);
3530 goto failed;
3531 }
3532
f3d3444a 3533 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3534 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3535 MGMT_STATUS_REJECTED);
3536 mgmt_pending_remove(cmd);
3537 goto failed;
3538 }
3539
c54c3860
AG		 3540 /* If controller is scanning, it means the background scanning
3541 * is running. Thus, we should temporarily stop it in order to
3542 * set the discovery scanning parameters.
3543 */
3544 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3545 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3546
3547 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3548
94b1fc92
MH		 3549 /* All active scans will be done with either a resolvable
3550 * private address (when privacy feature has been enabled)
3551 * or unresolvable private address.
3552 */
3553 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3554 if (err < 0) {
3555 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3556 MGMT_STATUS_FAILED);
3557 mgmt_pending_remove(cmd);
3558 goto failed;
3559 }
3560
7c307720 3561 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3562 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3563 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3564 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3565 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3566 &param_cp);
3567
3568 memset(&enable_cp, 0, sizeof(enable_cp));
3569 enable_cp.enable = LE_SCAN_ENABLE;
3570 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3571 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3572 &enable_cp);
5e0452c0
AG		 3573 break;
3574
f39799f5 3575 default:
04106755
JH		 3576 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3577 MGMT_STATUS_INVALID_PARAMS);
3578 mgmt_pending_remove(cmd);
3579 goto failed;
f39799f5 3580 }
3fd24153 3581
7c307720 3582 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3583 if (err < 0)
3584 mgmt_pending_remove(cmd);
ff9ef578
JH		 3585 else
3586 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3587
3588failed:
09fd0de5 3589 hci_dev_unlock(hdev);
14a53664
JH		 3590 return err;
3591}
3592
1183fdca
AG		 3593static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3594{
3595 struct pending_cmd *cmd;
3596 int err;
3597
3598 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3599 if (!cmd)
3600 return -ENOENT;
3601
3602 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3603 &hdev->discovery.type, sizeof(hdev->discovery.type));
3604 mgmt_pending_remove(cmd);
3605
3606 return err;
3607}
3608
0e05bba6
AG		 3609static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3610{
3611 BT_DBG("status %d", status);
3612
3613 hci_dev_lock(hdev);
3614
3615 if (status) {
3616 mgmt_stop_discovery_failed(hdev, status);
3617 goto unlock;
3618 }
3619
3620 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3621
3622unlock:
3623 hci_dev_unlock(hdev);
3624}
3625
bdb6d971 3626static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3627 u16 len)
14a53664 3628{
d930650b 3629 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3630 struct pending_cmd *cmd;
0e05bba6 3631 struct hci_request req;
14a53664
JH		 3632 int err;
3633
bdb6d971 3634 BT_DBG("%s", hdev->name);
14a53664 3635
09fd0de5 3636 hci_dev_lock(hdev);
14a53664 3637
30dc78e1 3638 if (!hci_discovery_active(hdev)) {
bdb6d971 3639 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3640 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3641 sizeof(mgmt_cp->type));
d930650b
JH		 3642 goto unlock;
3643 }
3644
3645 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3646 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3647 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3648 sizeof(mgmt_cp->type));
30dc78e1 3649 goto unlock;
ff9ef578
JH		 3650 }
3651
2e58ef3e 3652 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3653 if (!cmd) {
3654 err = -ENOMEM;
30dc78e1
JH		 3655 goto unlock;
3656 }
3657
0e05bba6
AG		 3658 hci_req_init(&req, hdev);
3659
21a60d30 3660 hci_stop_discovery(&req);
e0d9727e 3661
21a60d30
JH		 3662 err = hci_req_run(&req, stop_discovery_complete);
3663 if (!err) {
3664 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3665 goto unlock;
14a53664
JH		 3666 }
3667
21a60d30
JH		 3668 mgmt_pending_remove(cmd);
3669
3670 /* If no HCI commands were sent we're done */
3671 if (err == -ENODATA) {
3672 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3673 &mgmt_cp->type, sizeof(mgmt_cp->type));
3674 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3675 }
14a53664 3676
30dc78e1 3677unlock:
09fd0de5 3678 hci_dev_unlock(hdev);
14a53664
JH		 3679 return err;
3680}
3681
bdb6d971 3682static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3683 u16 len)
561aafbc 3684{
650f726d 3685 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3686 struct inquiry_entry *e;
561aafbc
JH		 3687 int err;
3688
bdb6d971 3689 BT_DBG("%s", hdev->name);
561aafbc 3690
561aafbc
JH		 3691 hci_dev_lock(hdev);
3692
30dc78e1 3693 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3694 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3695 MGMT_STATUS_FAILED, &cp->addr,
3696 sizeof(cp->addr));
30dc78e1
JH		 3697 goto failed;
3698 }
3699
a198e7b1 3700 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3701 if (!e) {
d3a2541d
LR		 3702 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3703 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3704 sizeof(cp->addr));
561aafbc
JH		 3705 goto failed;
3706 }
3707
3708 if (cp->name_known) {
3709 e->name_state = NAME_KNOWN;
3710 list_del(&e->list);
3711 } else {
3712 e->name_state = NAME_NEEDED;
a3d4e20a 3713 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3714 }
3715
e384662b
JH		 3716 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3717 sizeof(cp->addr));
561aafbc
JH		 3718
3719failed:
3720 hci_dev_unlock(hdev);
561aafbc
JH		 3721 return err;
3722}
3723
bdb6d971 3724static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3725 u16 len)
7fbec224 3726{
650f726d 3727 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3728 u8 status;
7fbec224
AJ		 3729 int err;
3730
bdb6d971 3731 BT_DBG("%s", hdev->name);
7fbec224 3732
4ee71b20 3733 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3734 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3735 MGMT_STATUS_INVALID_PARAMS,
3736 &cp->addr, sizeof(cp->addr));
4ee71b20 3737
09fd0de5 3738 hci_dev_lock(hdev);
5e762444 3739
88c1fe4b 3740 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3741 if (err < 0)
f0eeea8b 3742 status = MGMT_STATUS_FAILED;
7fbec224 3743 else
a6785be2 3744 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3745
bdb6d971 3746 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3747 &cp->addr, sizeof(cp->addr));
5e762444 3748
09fd0de5 3749 hci_dev_unlock(hdev);
7fbec224
AJ		 3750
3751 return err;
3752}
3753
bdb6d971 3754static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3755 u16 len)
7fbec224 3756{
650f726d 3757 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3758 u8 status;
7fbec224
AJ		 3759 int err;
3760
bdb6d971 3761 BT_DBG("%s", hdev->name);
7fbec224 3762
4ee71b20 3763 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3764 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3765 MGMT_STATUS_INVALID_PARAMS,
3766 &cp->addr, sizeof(cp->addr));
4ee71b20 3767
09fd0de5 3768 hci_dev_lock(hdev);
5e762444 3769
88c1fe4b 3770 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3771 if (err < 0)
f0eeea8b 3772 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3773 else
a6785be2 3774 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3775
bdb6d971 3776 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3777 &cp->addr, sizeof(cp->addr));
5e762444 3778
09fd0de5 3779 hci_dev_unlock(hdev);
7fbec224
AJ		 3780
3781 return err;
3782}
3783
cdbaccca
MH		 3784static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3785 u16 len)
3786{
3787 struct mgmt_cp_set_device_id *cp = data;
890ea898 3788 struct hci_request req;
cdbaccca 3789 int err;
c72d4b8a 3790 __u16 source;
cdbaccca
MH		 3791
3792 BT_DBG("%s", hdev->name);
3793
c72d4b8a
SJ		 3794 source = __le16_to_cpu(cp->source);
3795
3796 if (source > 0x0002)
3797 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3798 MGMT_STATUS_INVALID_PARAMS);
3799
cdbaccca
MH		 3800 hci_dev_lock(hdev);
3801
c72d4b8a 3802 hdev->devid_source = source;
cdbaccca
MH		 3803 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3804 hdev->devid_product = __le16_to_cpu(cp->product);
3805 hdev->devid_version = __le16_to_cpu(cp->version);
3806
3807 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3808
890ea898
JH		 3809 hci_req_init(&req, hdev);
3810 update_eir(&req);
3811 hci_req_run(&req, NULL);
cdbaccca
MH		 3812
3813 hci_dev_unlock(hdev);
3814
3815 return err;
3816}
3817
4375f103
JH		 3818static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3819{
3820 struct cmd_lookup match = { NULL, hdev };
3821
3822 if (status) {
3823 u8 mgmt_err = mgmt_status(status);
3824
3825 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3826 cmd_status_rsp, &mgmt_err);
3827 return;
3828 }
3829
3830 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3831 &match);
3832
3833 new_settings(hdev, match.sk);
3834
3835 if (match.sk)
3836 sock_put(match.sk);
3837}
3838
21b5187f
MH		 3839static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3840 u16 len)
4375f103
JH		 3841{
3842 struct mgmt_mode *cp = data;
3843 struct pending_cmd *cmd;
3844 struct hci_request req;
e6fe7986 3845 u8 val, enabled, status;
4375f103
JH		 3846 int err;
3847
3848 BT_DBG("request for %s", hdev->name);
3849
e6fe7986
JH		 3850 status = mgmt_le_support(hdev);
3851 if (status)
4375f103 3852 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3853 status);
4375f103
JH		 3854
3855 if (cp->val != 0x00 && cp->val != 0x01)
3856 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3857 MGMT_STATUS_INVALID_PARAMS);
3858
3859 hci_dev_lock(hdev);
3860
3861 val = !!cp->val;
f3d3444a 3862 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3863
f74ca9b8
JH		 3864 /* The following conditions are ones which mean that we should
3865 * not do any HCI communication but directly send a mgmt
3866 * response to user space (after toggling the flag if
3867 * necessary).
3868 */
3869 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3870 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3871 bool changed = false;
3872
f3d3444a
JH		 3873 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3874 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3875 changed = true;
3876 }
3877
3878 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3879 if (err < 0)
3880 goto unlock;
3881
3882 if (changed)
3883 err = new_settings(hdev, sk);
3884
3885 goto unlock;
3886 }
3887
3888 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3889 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3890 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3891 MGMT_STATUS_BUSY);
3892 goto unlock;
3893 }
3894
3895 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3896 if (!cmd) {
3897 err = -ENOMEM;
3898 goto unlock;
3899 }
3900
3901 hci_req_init(&req, hdev);
3902
bba3aa55
MH		 3903 if (val)
3904 enable_advertising(&req);
3905 else
3906 disable_advertising(&req);
4375f103
JH		 3907
3908 err = hci_req_run(&req, set_advertising_complete);
3909 if (err < 0)
3910 mgmt_pending_remove(cmd);
3911
3912unlock:
3913 hci_dev_unlock(hdev);
3914 return err;
3915}
3916
d13eafce
MH		 3917static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3918 void *data, u16 len)
3919{
3920 struct mgmt_cp_set_static_address *cp = data;
3921 int err;
3922
3923 BT_DBG("%s", hdev->name);
3924
62af4443 3925 if (!lmp_le_capable(hdev))
d13eafce 3926 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3927 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3928
3929 if (hdev_is_powered(hdev))
3930 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3931 MGMT_STATUS_REJECTED);
3932
3933 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3934 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3935 return cmd_status(sk, hdev->id,
3936 MGMT_OP_SET_STATIC_ADDRESS,
3937 MGMT_STATUS_INVALID_PARAMS);
3938
3939 /* Two most significant bits shall be set */
3940 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3941 return cmd_status(sk, hdev->id,
3942 MGMT_OP_SET_STATIC_ADDRESS,
3943 MGMT_STATUS_INVALID_PARAMS);
3944 }
3945
3946 hci_dev_lock(hdev);
3947
3948 bacpy(&hdev->static_addr, &cp->bdaddr);
3949
3950 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3951
3952 hci_dev_unlock(hdev);
3953
3954 return err;
3955}
3956
14b49b9a
MH		 3957static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3958 void *data, u16 len)
3959{
3960 struct mgmt_cp_set_scan_params *cp = data;
3961 __u16 interval, window;
3962 int err;
3963
3964 BT_DBG("%s", hdev->name);
3965
3966 if (!lmp_le_capable(hdev))
3967 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3968 MGMT_STATUS_NOT_SUPPORTED);
3969
3970 interval = __le16_to_cpu(cp->interval);
3971
3972 if (interval < 0x0004 || interval > 0x4000)
3973 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3974 MGMT_STATUS_INVALID_PARAMS);
3975
3976 window = __le16_to_cpu(cp->window);
3977
3978 if (window < 0x0004 || window > 0x4000)
3979 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3980 MGMT_STATUS_INVALID_PARAMS);
3981
899e1075
MH		 3982 if (window > interval)
3983 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3984 MGMT_STATUS_INVALID_PARAMS);
3985
14b49b9a
MH		 3986 hci_dev_lock(hdev);
3987
3988 hdev->le_scan_interval = interval;
3989 hdev->le_scan_window = window;
3990
3991 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3992
dd2ef8e2
AG		 3993 /* If background scan is running, restart it so new parameters are
3994 * loaded.
3995 */
3996 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
3997 hdev->discovery.state == DISCOVERY_STOPPED) {
3998 struct hci_request req;
3999
4000 hci_req_init(&req, hdev);
4001
4002 hci_req_add_le_scan_disable(&req);
4003 hci_req_add_le_passive_scan(&req);
4004
4005 hci_req_run(&req, NULL);
4006 }
4007
14b49b9a
MH		 4008 hci_dev_unlock(hdev);
4009
4010 return err;
4011}
4012
33e38b3e
JH		 4013static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4014{
4015 struct pending_cmd *cmd;
4016
4017 BT_DBG("status 0x%02x", status);
4018
4019 hci_dev_lock(hdev);
4020
4021 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4022 if (!cmd)
4023 goto unlock;
4024
4025 if (status) {
4026 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4027 mgmt_status(status));
4028 } else {
1a4d3c4b
JH		 4029 struct mgmt_mode *cp = cmd->param;
4030
4031 if (cp->val)
4032 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4033 else
4034 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4035
33e38b3e
JH		 4036 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4037 new_settings(hdev, cmd->sk);
4038 }
4039
4040 mgmt_pending_remove(cmd);
4041
4042unlock:
4043 hci_dev_unlock(hdev);
4044}
4045
bdb6d971 4046static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4047 void *data, u16 len)
f6422ec6 4048{
650f726d 4049 struct mgmt_mode *cp = data;
33e38b3e
JH		 4050 struct pending_cmd *cmd;
4051 struct hci_request req;
f6422ec6
AJ		 4052 int err;
4053
bdb6d971 4054 BT_DBG("%s", hdev->name);
f6422ec6 4055
56f87901
JH		 4056 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4057 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4058 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4059 MGMT_STATUS_NOT_SUPPORTED);
4060
a7e80f25
JH		 4061 if (cp->val != 0x00 && cp->val != 0x01)
4062 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4063 MGMT_STATUS_INVALID_PARAMS);
4064
5400c044 4065 if (!hdev_is_powered(hdev))
bdb6d971 4066 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4067 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4068
4069 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4070 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4071 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4072
4073 hci_dev_lock(hdev);
4074
05cbf29f
JH		 4075 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4076 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4077 MGMT_STATUS_BUSY);
4078 goto unlock;
4079 }
4080
1a4d3c4b
JH		 4081 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4082 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4083 hdev);
4084 goto unlock;
4085 }
4086
33e38b3e
JH		 4087 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4088 data, len);
4089 if (!cmd) {
4090 err = -ENOMEM;
4091 goto unlock;
f6422ec6
AJ		 4092 }
4093
33e38b3e
JH		 4094 hci_req_init(&req, hdev);
4095
406d7804 4096 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4097
4098 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4099 if (err < 0) {
bdb6d971 4100 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4101 MGMT_STATUS_FAILED);
33e38b3e 4102 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4103 }
4104
33e38b3e 4105unlock:
f6422ec6 4106 hci_dev_unlock(hdev);
33e38b3e 4107
f6422ec6
AJ		 4108 return err;
4109}
4110
67e5a7a3
JH		 4111static void set_bredr_scan(struct hci_request *req)
4112{
4113 struct hci_dev *hdev = req->hdev;
4114 u8 scan = 0;
4115
4116 /* Ensure that fast connectable is disabled. This function will
4117 * not do anything if the page scan parameters are already what
4118 * they should be.
4119 */
4120 write_fast_connectable(req, false);
4121
4122 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4123 scan |= SCAN_PAGE;
4124 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4125 scan |= SCAN_INQUIRY;
4126
4127 if (scan)
4128 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4129}
4130
0663ca2a
JH		 4131static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4132{
4133 struct pending_cmd *cmd;
4134
4135 BT_DBG("status 0x%02x", status);
4136
4137 hci_dev_lock(hdev);
4138
4139 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4140 if (!cmd)
4141 goto unlock;
4142
4143 if (status) {
4144 u8 mgmt_err = mgmt_status(status);
4145
4146 /* We need to restore the flag if related HCI commands
4147 * failed.
4148 */
4149 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4150
4151 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4152 } else {
4153 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4154 new_settings(hdev, cmd->sk);
4155 }
4156
4157 mgmt_pending_remove(cmd);
4158
4159unlock:
4160 hci_dev_unlock(hdev);
4161}
4162
4163static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4164{
4165 struct mgmt_mode *cp = data;
4166 struct pending_cmd *cmd;
4167 struct hci_request req;
4168 int err;
4169
4170 BT_DBG("request for %s", hdev->name);
4171
4172 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4173 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4174 MGMT_STATUS_NOT_SUPPORTED);
4175
4176 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4177 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4178 MGMT_STATUS_REJECTED);
4179
4180 if (cp->val != 0x00 && cp->val != 0x01)
4181 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4182 MGMT_STATUS_INVALID_PARAMS);
4183
4184 hci_dev_lock(hdev);
4185
4186 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4187 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4188 goto unlock;
4189 }
4190
4191 if (!hdev_is_powered(hdev)) {
4192 if (!cp->val) {
0663ca2a
JH		 4193 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4194 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4195 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4196 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4197 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4198 }
4199
4200 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4201
4202 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4203 if (err < 0)
4204 goto unlock;
4205
4206 err = new_settings(hdev, sk);
4207 goto unlock;
4208 }
4209
4210 /* Reject disabling when powered on */
4211 if (!cp->val) {
4212 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4213 MGMT_STATUS_REJECTED);
4214 goto unlock;
4215 }
4216
4217 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4218 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4219 MGMT_STATUS_BUSY);
4220 goto unlock;
4221 }
4222
4223 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4224 if (!cmd) {
4225 err = -ENOMEM;
4226 goto unlock;
4227 }
4228
5947f4bc 4229 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4230 * generates the correct flags.
4231 */
4232 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4233
4234 hci_req_init(&req, hdev);
aa8af46e
JH		 4235
4236 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4237 set_bredr_scan(&req);
4238
f14d8f64
MH		 4239 /* Since only the advertising data flags will change, there
4240 * is no need to update the scan response data.
4241 */
5947f4bc 4242 update_adv_data(&req);
aa8af46e 4243
0663ca2a
JH		 4244 err = hci_req_run(&req, set_bredr_complete);
4245 if (err < 0)
4246 mgmt_pending_remove(cmd);
4247
4248unlock:
4249 hci_dev_unlock(hdev);
4250 return err;
4251}
4252
eac83dc6
MH		 4253static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4254 void *data, u16 len)
4255{
4256 struct mgmt_mode *cp = data;
4257 struct pending_cmd *cmd;
0ab04a9c 4258 u8 val, status;
eac83dc6
MH		 4259 int err;
4260
4261 BT_DBG("request for %s", hdev->name);
4262
4263 status = mgmt_bredr_support(hdev);
4264 if (status)
4265 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4266 status);
4267
5afeac14 4268 if (!lmp_sc_capable(hdev) &&
111902f7 4269 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4270 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4271 MGMT_STATUS_NOT_SUPPORTED);
4272
0ab04a9c 4273 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4274 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4275 MGMT_STATUS_INVALID_PARAMS);
4276
4277 hci_dev_lock(hdev);
4278
4279 if (!hdev_is_powered(hdev)) {
4280 bool changed;
4281
0ab04a9c 4282 if (cp->val) {
eac83dc6
MH		 4283 changed = !test_and_set_bit(HCI_SC_ENABLED,
4284 &hdev->dev_flags);
0ab04a9c
MH		 4285 if (cp->val == 0x02)
4286 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4287 else
4288 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4289 } else {
eac83dc6
MH		 4290 changed = test_and_clear_bit(HCI_SC_ENABLED,
4291 &hdev->dev_flags);
0ab04a9c
MH		 4292 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4293 }
eac83dc6
MH		 4294
4295 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4296 if (err < 0)
4297 goto failed;
4298
4299 if (changed)
4300 err = new_settings(hdev, sk);
4301
4302 goto failed;
4303 }
4304
4305 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4306 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4307 MGMT_STATUS_BUSY);
4308 goto failed;
4309 }
4310
0ab04a9c
MH		 4311 val = !!cp->val;
4312
4313 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4314 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4315 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4316 goto failed;
4317 }
4318
4319 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4320 if (!cmd) {
4321 err = -ENOMEM;
4322 goto failed;
4323 }
4324
0ab04a9c 4325 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4326 if (err < 0) {
4327 mgmt_pending_remove(cmd);
4328 goto failed;
4329 }
4330
0ab04a9c
MH		 4331 if (cp->val == 0x02)
4332 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4333 else
4334 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4335
eac83dc6
MH		 4336failed:
4337 hci_dev_unlock(hdev);
4338 return err;
4339}
4340
4e39ac81
MH		 4341static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4342 void *data, u16 len)
4343{
4344 struct mgmt_mode *cp = data;
b9710979 4345 bool changed, use_changed;
4e39ac81
MH		 4346 int err;
4347
4348 BT_DBG("request for %s", hdev->name);
4349
b9710979 4350 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4351 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4352 MGMT_STATUS_INVALID_PARAMS);
4353
4354 hci_dev_lock(hdev);
4355
4356 if (cp->val)
0663b297
JH		 4357 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4358 &hdev->dev_flags);
4e39ac81 4359 else
0663b297
JH		 4360 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4361 &hdev->dev_flags);
4e39ac81 4362
b9710979
JH		 4363 if (cp->val == 0x02)
4364 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4365 &hdev->dev_flags);
4366 else
4367 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4368 &hdev->dev_flags);
4369
4370 if (hdev_is_powered(hdev) && use_changed &&
4371 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4372 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4373 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4374 sizeof(mode), &mode);
4375 }
4376
4e39ac81
MH		 4377 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4378 if (err < 0)
4379 goto unlock;
4380
4381 if (changed)
4382 err = new_settings(hdev, sk);
4383
4384unlock:
4385 hci_dev_unlock(hdev);
4386 return err;
4387}
4388
62b04cd1
JH		 4389static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4390 u16 len)
4391{
4392 struct mgmt_cp_set_privacy *cp = cp_data;
4393 bool changed;
4394 int err;
4395
4396 BT_DBG("request for %s", hdev->name);
4397
4398 if (!lmp_le_capable(hdev))
4399 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4400 MGMT_STATUS_NOT_SUPPORTED);
4401
4402 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4403 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4404 MGMT_STATUS_INVALID_PARAMS);
4405
4406 if (hdev_is_powered(hdev))
4407 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4408 MGMT_STATUS_REJECTED);
4409
4410 hci_dev_lock(hdev);
4411
c21c0ea0
JH		 4412 /* If user space supports this command it is also expected to
4413 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4414 */
4415 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4416
62b04cd1
JH		 4417 if (cp->privacy) {
4418 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4419 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4420 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4421 } else {
4422 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4423 memset(hdev->irk, 0, sizeof(hdev->irk));
4424 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4425 }
4426
4427 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4428 if (err < 0)
4429 goto unlock;
4430
4431 if (changed)
4432 err = new_settings(hdev, sk);
4433
4434unlock:
4435 hci_dev_unlock(hdev);
4436 return err;
4437}
4438
41edf160
JH		 4439static bool irk_is_valid(struct mgmt_irk_info *irk)
4440{
4441 switch (irk->addr.type) {
4442 case BDADDR_LE_PUBLIC:
4443 return true;
4444
4445 case BDADDR_LE_RANDOM:
4446 /* Two most significant bits shall be set */
4447 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4448 return false;
4449 return true;
4450 }
4451
4452 return false;
4453}
4454
4455static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4456 u16 len)
4457{
4458 struct mgmt_cp_load_irks *cp = cp_data;
4459 u16 irk_count, expected_len;
4460 int i, err;
4461
4462 BT_DBG("request for %s", hdev->name);
4463
4464 if (!lmp_le_capable(hdev))
4465 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4466 MGMT_STATUS_NOT_SUPPORTED);
4467
4468 irk_count = __le16_to_cpu(cp->irk_count);
4469
4470 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4471 if (expected_len != len) {
4472 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4473 expected_len, len);
41edf160
JH		 4474 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4475 MGMT_STATUS_INVALID_PARAMS);
4476 }
4477
4478 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4479
4480 for (i = 0; i < irk_count; i++) {
4481 struct mgmt_irk_info *key = &cp->irks[i];
4482
4483 if (!irk_is_valid(key))
4484 return cmd_status(sk, hdev->id,
4485 MGMT_OP_LOAD_IRKS,
4486 MGMT_STATUS_INVALID_PARAMS);
4487 }
4488
4489 hci_dev_lock(hdev);
4490
4491 hci_smp_irks_clear(hdev);
4492
4493 for (i = 0; i < irk_count; i++) {
4494 struct mgmt_irk_info *irk = &cp->irks[i];
4495 u8 addr_type;
4496
4497 if (irk->addr.type == BDADDR_LE_PUBLIC)
4498 addr_type = ADDR_LE_DEV_PUBLIC;
4499 else
4500 addr_type = ADDR_LE_DEV_RANDOM;
4501
4502 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4503 BDADDR_ANY);
4504 }
4505
4506 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4507
4508 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4509
4510 hci_dev_unlock(hdev);
4511
4512 return err;
4513}
4514
3f706b72
JH		 4515static bool ltk_is_valid(struct mgmt_ltk_info *key)
4516{
4517 if (key->master != 0x00 && key->master != 0x01)
4518 return false;
490cb0b3
MH		 4519
4520 switch (key->addr.type) {
4521 case BDADDR_LE_PUBLIC:
4522 return true;
4523
4524 case BDADDR_LE_RANDOM:
4525 /* Two most significant bits shall be set */
4526 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4527 return false;
4528 return true;
4529 }
4530
4531 return false;
3f706b72
JH		 4532}
4533
bdb6d971 4534static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4535 void *cp_data, u16 len)
346af67b 4536{
346af67b
VCG		 4537 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4538 u16 key_count, expected_len;
715a5bf2 4539 int i, err;
346af67b 4540
cf99ba13
MH		 4541 BT_DBG("request for %s", hdev->name);
4542
4543 if (!lmp_le_capable(hdev))
4544 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4545 MGMT_STATUS_NOT_SUPPORTED);
4546
1f350c87 4547 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4548
4549 expected_len = sizeof(*cp) + key_count *
4550 sizeof(struct mgmt_ltk_info);
4551 if (expected_len != len) {
4552 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4553 expected_len, len);
bdb6d971 4554 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4555 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4556 }
4557
bdb6d971 4558 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4559
54ad6d8a
JH		 4560 for (i = 0; i < key_count; i++) {
4561 struct mgmt_ltk_info *key = &cp->keys[i];
4562
3f706b72 4563 if (!ltk_is_valid(key))
54ad6d8a
JH		 4564 return cmd_status(sk, hdev->id,
4565 MGMT_OP_LOAD_LONG_TERM_KEYS,
4566 MGMT_STATUS_INVALID_PARAMS);
4567 }
4568
346af67b
VCG		 4569 hci_dev_lock(hdev);
4570
4571 hci_smp_ltks_clear(hdev);
4572
4573 for (i = 0; i < key_count; i++) {
4574 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4575 u8 type, addr_type, authenticated;
79d95a19
MH		 4576
4577 if (key->addr.type == BDADDR_LE_PUBLIC)
4578 addr_type = ADDR_LE_DEV_PUBLIC;
4579 else
4580 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4581
4582 if (key->master)
2ceba539 4583 type = SMP_LTK;
346af67b 4584 else
2ceba539 4585 type = SMP_LTK_SLAVE;
346af67b 4586
61b43357
JH		 4587 switch (key->type) {
4588 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4589 authenticated = 0x00;
61b43357
JH		 4590 break;
4591 case MGMT_LTK_AUTHENTICATED:
d7b25450 4592 authenticated = 0x01;
61b43357
JH		 4593 break;
4594 default:
4595 continue;
4596 }
d7b25450 4597
35d70271 4598 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4599 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4600 key->rand);
346af67b
VCG		 4601 }
4602
715a5bf2
JH		 4603 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4604 NULL, 0);
4605
346af67b 4606 hci_dev_unlock(hdev);
346af67b 4607
715a5bf2 4608 return err;
346af67b
VCG		 4609}
4610
dd983808
AK		 4611struct cmd_conn_lookup {
4612 struct hci_conn *conn;
4613 bool valid_tx_power;
4614 u8 mgmt_status;
4615};
4616
4617static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4618{
4619 struct cmd_conn_lookup *match = data;
4620 struct mgmt_cp_get_conn_info *cp;
4621 struct mgmt_rp_get_conn_info rp;
4622 struct hci_conn *conn = cmd->user_data;
4623
4624 if (conn != match->conn)
4625 return;
4626
4627 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4628
4629 memset(&rp, 0, sizeof(rp));
4630 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4631 rp.addr.type = cp->addr.type;
4632
4633 if (!match->mgmt_status) {
4634 rp.rssi = conn->rssi;
4635
eed5daf3 4636 if (match->valid_tx_power) {
dd983808 4637 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4638 rp.max_tx_power = conn->max_tx_power;
4639 } else {
dd983808 4640 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4641 rp.max_tx_power = HCI_TX_POWER_INVALID;
4642 }
dd983808
AK		 4643 }
4644
4645 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4646 match->mgmt_status, &rp, sizeof(rp));
4647
4648 hci_conn_drop(conn);
4649
4650 mgmt_pending_remove(cmd);
4651}
4652
4653static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4654{
4655 struct hci_cp_read_rssi *cp;
4656 struct hci_conn *conn;
4657 struct cmd_conn_lookup match;
4658 u16 handle;
4659
4660 BT_DBG("status 0x%02x", status);
4661
4662 hci_dev_lock(hdev);
4663
4664 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4665 * otherwise we assume it's not valid. At the moment we assume that
4666 * either both or none of current and max values are valid to keep code
4667 * simple.
dd983808
AK		 4668 */
4669 match.valid_tx_power = !status;
4670
4671 /* Commands sent in request are either Read RSSI or Read Transmit Power
4672 * Level so we check which one was last sent to retrieve connection
4673 * handle. Both commands have handle as first parameter so it's safe to
4674 * cast data on the same command struct.
4675 *
4676 * First command sent is always Read RSSI and we fail only if it fails.
4677 * In other case we simply override error to indicate success as we
4678 * already remembered if TX power value is actually valid.
4679 */
4680 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4681 if (!cp) {
4682 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4683 status = 0;
4684 }
4685
4686 if (!cp) {
4687 BT_ERR("invalid sent_cmd in response");
4688 goto unlock;
4689 }
4690
4691 handle = __le16_to_cpu(cp->handle);
4692 conn = hci_conn_hash_lookup_handle(hdev, handle);
4693 if (!conn) {
4694 BT_ERR("unknown handle (%d) in response", handle);
4695 goto unlock;
4696 }
4697
4698 match.conn = conn;
4699 match.mgmt_status = mgmt_status(status);
4700
4701 /* Cache refresh is complete, now reply for mgmt request for given
4702 * connection only.
4703 */
4704 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4705 get_conn_info_complete, &match);
4706
4707unlock:
4708 hci_dev_unlock(hdev);
4709}
4710
4711static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4712 u16 len)
4713{
4714 struct mgmt_cp_get_conn_info *cp = data;
4715 struct mgmt_rp_get_conn_info rp;
4716 struct hci_conn *conn;
4717 unsigned long conn_info_age;
4718 int err = 0;
4719
4720 BT_DBG("%s", hdev->name);
4721
4722 memset(&rp, 0, sizeof(rp));
4723 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4724 rp.addr.type = cp->addr.type;
4725
4726 if (!bdaddr_type_is_valid(cp->addr.type))
4727 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4728 MGMT_STATUS_INVALID_PARAMS,
4729 &rp, sizeof(rp));
4730
4731 hci_dev_lock(hdev);
4732
4733 if (!hdev_is_powered(hdev)) {
4734 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4735 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4736 goto unlock;
4737 }
4738
4739 if (cp->addr.type == BDADDR_BREDR)
4740 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4741 &cp->addr.bdaddr);
4742 else
4743 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4744
4745 if (!conn || conn->state != BT_CONNECTED) {
4746 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4747 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4748 goto unlock;
4749 }
4750
4751 /* To avoid client trying to guess when to poll again for information we
4752 * calculate conn info age as random value between min/max set in hdev.
4753 */
4754 conn_info_age = hdev->conn_info_min_age +
4755 prandom_u32_max(hdev->conn_info_max_age -
4756 hdev->conn_info_min_age);
4757
4758 /* Query controller to refresh cached values if they are too old or were
4759 * never read.
4760 */
f4e2dd53
AK		 4761 if (time_after(jiffies, conn->conn_info_timestamp +
4762 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4763 !conn->conn_info_timestamp) {
4764 struct hci_request req;
4765 struct hci_cp_read_tx_power req_txp_cp;
4766 struct hci_cp_read_rssi req_rssi_cp;
4767 struct pending_cmd *cmd;
4768
4769 hci_req_init(&req, hdev);
4770 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4771 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4772 &req_rssi_cp);
4773
f7faab0c
AK		 4774 /* For LE links TX power does not change thus we don't need to
4775 * query for it once value is known.
4776 */
4777 if (!bdaddr_type_is_le(cp->addr.type) ||
4778 conn->tx_power == HCI_TX_POWER_INVALID) {
4779 req_txp_cp.handle = cpu_to_le16(conn->handle);
4780 req_txp_cp.type = 0x00;
4781 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4782 sizeof(req_txp_cp), &req_txp_cp);
4783 }
dd983808 4784
eed5daf3
AK		 4785 /* Max TX power needs to be read only once per connection */
4786 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4787 req_txp_cp.handle = cpu_to_le16(conn->handle);
4788 req_txp_cp.type = 0x01;
4789 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4790 sizeof(req_txp_cp), &req_txp_cp);
4791 }
4792
dd983808
AK		 4793 err = hci_req_run(&req, conn_info_refresh_complete);
4794 if (err < 0)
4795 goto unlock;
4796
4797 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4798 data, len);
4799 if (!cmd) {
4800 err = -ENOMEM;
4801 goto unlock;
4802 }
4803
4804 hci_conn_hold(conn);
4805 cmd->user_data = conn;
4806
4807 conn->conn_info_timestamp = jiffies;
4808 } else {
4809 /* Cache is valid, just reply with values cached in hci_conn */
4810 rp.rssi = conn->rssi;
4811 rp.tx_power = conn->tx_power;
eed5daf3 4812 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4813
4814 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4815 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4816 }
4817
4818unlock:
4819 hci_dev_unlock(hdev);
4820 return err;
4821}
4822
2e3c35ea 4823static const struct mgmt_handler {
04124681
GP		 4824 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4825 u16 data_len);
be22b54e
JH		 4826 bool var_len;
4827 size_t data_len;
0f4e68cf
JH		 4828} mgmt_handlers[] = {
4829 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4830 { read_version, false, MGMT_READ_VERSION_SIZE },
4831 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4832 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4833 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4834 { set_powered, false, MGMT_SETTING_SIZE },
4835 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4836 { set_connectable, false, MGMT_SETTING_SIZE },
4837 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4838 { set_pairable, false, MGMT_SETTING_SIZE },
4839 { set_link_security, false, MGMT_SETTING_SIZE },
4840 { set_ssp, false, MGMT_SETTING_SIZE },
4841 { set_hs, false, MGMT_SETTING_SIZE },
4842 { set_le, false, MGMT_SETTING_SIZE },
4843 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4844 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4845 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4846 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4847 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4848 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4849 { disconnect, false, MGMT_DISCONNECT_SIZE },
4850 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4851 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4852 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4853 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4854 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4855 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4856 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4857 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4858 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4859 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4860 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4861 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4862 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4863 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4864 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4865 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4866 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4867 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4868 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4869 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4870 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4871 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4872 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4873 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4874 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4875 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4876 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4877 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 4878 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
0f4e68cf
JH		 4879};
4880
4881
0381101f
JH		 4882int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4883{
650f726d
VCG		 4884 void *buf;
4885 u8 *cp;
0381101f 4886 struct mgmt_hdr *hdr;
4e51eae9 4887 u16 opcode, index, len;
bdb6d971 4888 struct hci_dev *hdev = NULL;
2e3c35ea 4889 const struct mgmt_handler *handler;
0381101f
JH		 4890 int err;
4891
4892 BT_DBG("got %zu bytes", msglen);
4893
4894 if (msglen < sizeof(*hdr))
4895 return -EINVAL;
4896
e63a15ec 4897 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4898 if (!buf)
4899 return -ENOMEM;
4900
4901 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4902 err = -EFAULT;
4903 goto done;
4904 }
4905
650f726d 4906 hdr = buf;
1f350c87
MH		 4907 opcode = __le16_to_cpu(hdr->opcode);
4908 index = __le16_to_cpu(hdr->index);
4909 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4910
4911 if (len != msglen - sizeof(*hdr)) {
4912 err = -EINVAL;
4913 goto done;
4914 }
4915
0f4e68cf 4916 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4917 hdev = hci_dev_get(index);
4918 if (!hdev) {
4919 err = cmd_status(sk, index, opcode,
04124681 4920 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4921 goto done;
4922 }
0736cfa8 4923
cebf4cfd
JH		 4924 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4925 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4926 err = cmd_status(sk, index, opcode,
4927 MGMT_STATUS_INVALID_INDEX);
4928 goto done;
4929 }
bdb6d971
JH		 4930 }
4931
0f4e68cf 4932 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4933 mgmt_handlers[opcode].func == NULL) {
0381101f 4934 BT_DBG("Unknown op %u", opcode);
ca69b795 4935 err = cmd_status(sk, index, opcode,
04124681 4936 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4937 goto done;
4938 }
4939
4940 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4941 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4942 err = cmd_status(sk, index, opcode,
04124681 4943 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4944 goto done;
0381101f
JH		 4945 }
4946
be22b54e
JH		 4947 handler = &mgmt_handlers[opcode];
4948
4949 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4950 (!handler->var_len && len != handler->data_len)) {
be22b54e 4951 err = cmd_status(sk, index, opcode,
04124681 4952 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4953 goto done;
4954 }
4955
0f4e68cf
JH		 4956 if (hdev)
4957 mgmt_init_hdev(sk, hdev);
4958
4959 cp = buf + sizeof(*hdr);
4960
be22b54e 4961 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4962 if (err < 0)
4963 goto done;
4964
0381101f
JH		 4965 err = msglen;
4966
4967done:
bdb6d971
JH		 4968 if (hdev)
4969 hci_dev_put(hdev);
4970
0381101f
JH		 4971 kfree(buf);
4972 return err;
4973}
c71e97bf 4974
bf6b56db 4975void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4976{
1514b892 4977 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4978 return;
bb4b2a9a 4979
bf6b56db 4980 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4981}
4982
bf6b56db 4983void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4984{
5f159032 4985 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4986
1514b892 4987 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4988 return;
bb4b2a9a 4989
744cf19e 4990 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4991
bf6b56db 4992 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4993}
4994
6046dc3e
AG		 4995/* This function requires the caller holds hdev->lock */
4996static void restart_le_auto_conns(struct hci_dev *hdev)
4997{
4998 struct hci_conn_params *p;
4999
5000 list_for_each_entry(p, &hdev->le_conn_params, list) {
5001 if (p->auto_connect == HCI_AUTO_CONN_ALWAYS)
5002 hci_pend_le_conn_add(hdev, &p->addr, p->addr_type);
5003 }
5004}
5005
229ab39c
JH		 5006static void powered_complete(struct hci_dev *hdev, u8 status)
5007{
5008 struct cmd_lookup match = { NULL, hdev };
5009
5010 BT_DBG("status 0x%02x", status);
5011
5012 hci_dev_lock(hdev);
5013
6046dc3e
AG		 5014 restart_le_auto_conns(hdev);
5015
229ab39c
JH		 5016 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5017
5018 new_settings(hdev, match.sk);
5019
5020 hci_dev_unlock(hdev);
5021
5022 if (match.sk)
5023 sock_put(match.sk);
5024}
5025
70da6243 5026static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5027{
890ea898 5028 struct hci_request req;
70da6243 5029 u8 link_sec;
5add6af8 5030
890ea898
JH		 5031 hci_req_init(&req, hdev);
5032
70da6243
JH		 5033 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5034 !lmp_host_ssp_capable(hdev)) {
5035 u8 ssp = 1;
5e5282bb 5036
890ea898 5037 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5038 }
5add6af8 5039
c73eee91
JH		 5040 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5041 lmp_bredr_capable(hdev)) {
70da6243 5042 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5043
70da6243
JH		 5044 cp.le = 1;
5045 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5046
70da6243
JH		 5047 /* Check first if we already have the right
5048 * host state (host features set)
5049 */
5050 if (cp.le != lmp_host_le_capable(hdev) ||
5051 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5052 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5053 sizeof(cp), &cp);
70da6243 5054 }
3d1cbdd6 5055
d13eafce 5056 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5057 /* Make sure the controller has a good default for
5058 * advertising data. This also applies to the case
5059 * where BR/EDR was toggled during the AUTO_OFF phase.
5060 */
f14d8f64 5061 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5062 update_adv_data(&req);
f14d8f64
MH		 5063 update_scan_rsp_data(&req);
5064 }
441ad2d0 5065
bba3aa55
MH		 5066 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5067 enable_advertising(&req);
eeca6f89
JH		 5068 }
5069
70da6243
JH		 5070 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5071 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5072 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5073 sizeof(link_sec), &link_sec);
562fcc24 5074
70da6243 5075 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5076 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5077 set_bredr_scan(&req);
890ea898 5078 update_class(&req);
13928971 5079 update_name(&req);
890ea898 5080 update_eir(&req);
70da6243 5081 }
562fcc24 5082
229ab39c 5083 return hci_req_run(&req, powered_complete);
70da6243 5084}
562fcc24 5085
70da6243
JH		 5086int mgmt_powered(struct hci_dev *hdev, u8 powered)
5087{
5088 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5089 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5090 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5091 int err;
f0ff92fb 5092
70da6243
JH		 5093 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5094 return 0;
5095
70da6243 5096 if (powered) {
229ab39c
JH		 5097 if (powered_update_hci(hdev) == 0)
5098 return 0;
fe038884 5099
229ab39c
JH		 5100 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5101 &match);
5102 goto new_settings;
b24752fe
JH		 5103 }
5104
229ab39c
JH		 5105 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5106 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5107
5108 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5109 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5110 zero_cod, sizeof(zero_cod), NULL);
5111
5112new_settings:
beadb2bd 5113 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5114
5115 if (match.sk)
5116 sock_put(match.sk);
5117
7bb895d6 5118 return err;
5add6af8 5119}
73f22f62 5120
3eec705e 5121void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5122{
5123 struct pending_cmd *cmd;
5124 u8 status;
5125
5126 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5127 if (!cmd)
3eec705e 5128 return;
96570ffc
JH		 5129
5130 if (err == -ERFKILL)
5131 status = MGMT_STATUS_RFKILLED;
5132 else
5133 status = MGMT_STATUS_FAILED;
5134
3eec705e 5135 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5136
5137 mgmt_pending_remove(cmd);
96570ffc
JH		 5138}
5139
d1967ff8
MH		 5140void mgmt_discoverable_timeout(struct hci_dev *hdev)
5141{
5142 struct hci_request req;
d1967ff8
MH		 5143
5144 hci_dev_lock(hdev);
5145
5146 /* When discoverable timeout triggers, then just make sure
5147 * the limited discoverable flag is cleared. Even in the case
5148 * of a timeout triggered from general discoverable, it is
5149 * safe to unconditionally clear the flag.
5150 */
5151 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5152 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5153
5154 hci_req_init(&req, hdev);
4b580614
JH		 5155 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5156 u8 scan = SCAN_PAGE;
5157 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5158 sizeof(scan), &scan);
5159 }
d1967ff8 5160 update_class(&req);
9a43e25f 5161 update_adv_data(&req);
d1967ff8
MH		 5162 hci_req_run(&req, NULL);
5163
5164 hdev->discov_timeout = 0;
5165
9a43e25f
JH		 5166 new_settings(hdev, NULL);
5167
d1967ff8
MH		 5168 hci_dev_unlock(hdev);
5169}
5170
86a75645 5171void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5172{
86a75645 5173 bool changed;
73f22f62 5174
bfaf8c9f
JH		 5175 /* Nothing needed here if there's a pending command since that
5176 * commands request completion callback takes care of everything
5177 * necessary.
5178 */
5179 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5180 return;
bfaf8c9f 5181
bd107999
JH		 5182 /* Powering off may clear the scan mode - don't let that interfere */
5183 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5184 return;
5185
9a43e25f 5186 if (discoverable) {
86a75645 5187 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5188 } else {
5189 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5190 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5191 }
5192
5193 if (changed) {
5194 struct hci_request req;
5195
5196 /* In case this change in discoverable was triggered by
5197 * a disabling of connectable there could be a need to
5198 * update the advertising flags.
5199 */
5200 hci_req_init(&req, hdev);
5201 update_adv_data(&req);
5202 hci_req_run(&req, NULL);
73f22f62 5203
86a75645 5204 new_settings(hdev, NULL);
9a43e25f 5205 }
73f22f62 5206}
9fbcbb45 5207
a330916c 5208void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5209{
a330916c 5210 bool changed;
9fbcbb45 5211
d7b856f9
JH		 5212 /* Nothing needed here if there's a pending command since that
5213 * commands request completion callback takes care of everything
5214 * necessary.
5215 */
5216 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5217 return;
d7b856f9 5218
ce3f24cf
JH		 5219 /* Powering off may clear the scan mode - don't let that interfere */
5220 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5221 return;
5222
a330916c
MH		 5223 if (connectable)
5224 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5225 else
5226 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5227
beadb2bd 5228 if (changed)
a330916c 5229 new_settings(hdev, NULL);
9fbcbb45 5230}
55ed8ca1 5231
778b235a
JH		 5232void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5233{
7c4cfab8
JH		 5234 /* Powering off may stop advertising - don't let that interfere */
5235 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5236 return;
5237
778b235a
JH		 5238 if (advertising)
5239 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5240 else
5241 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5242}
5243
4796e8af 5244void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5245{
ca69b795
JH		 5246 u8 mgmt_err = mgmt_status(status);
5247
2d7cee58 5248 if (scan & SCAN_PAGE)
744cf19e 5249 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5250 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5251
5252 if (scan & SCAN_INQUIRY)
744cf19e 5253 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5254 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5255}
5256
dc4a5ee2
MH		 5257void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5258 bool persistent)
55ed8ca1 5259{
86742e1e 5260 struct mgmt_ev_new_link_key ev;
55ed8ca1 5261
a492cd52 5262 memset(&ev, 0, sizeof(ev));
55ed8ca1 5263
a492cd52 5264 ev.store_hint = persistent;
d753fdc4 5265 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5266 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5267 ev.key.type = key->type;
9b3b4460 5268 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5269 ev.key.pin_len = key->pin_len;
55ed8ca1 5270
dc4a5ee2 5271 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5272}
f7520543 5273
d7b25450
JH		 5274static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5275{
5276 if (ltk->authenticated)
5277 return MGMT_LTK_AUTHENTICATED;
5278
5279 return MGMT_LTK_UNAUTHENTICATED;
5280}
5281
53ac6ab6 5282void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5283{
5284 struct mgmt_ev_new_long_term_key ev;
5285
5286 memset(&ev, 0, sizeof(ev));
5287
5192d301
MH		 5288 /* Devices using resolvable or non-resolvable random addresses
5289 * without providing an indentity resolving key don't require
5290 * to store long term keys. Their addresses will change the
5291 * next time around.
5292 *
5293 * Only when a remote device provides an identity address
5294 * make sure the long term key is stored. If the remote
5295 * identity is known, the long term keys are internally
5296 * mapped to the identity address. So allow static random
5297 * and public addresses here.
5298 */
ba74b666
JH		 5299 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5300 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5301 ev.store_hint = 0x00;
5302 else
53ac6ab6 5303 ev.store_hint = persistent;
ba74b666 5304
346af67b 5305 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5306 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5307 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5308 ev.key.enc_size = key->enc_size;
5309 ev.key.ediv = key->ediv;
fe39c7b2 5310 ev.key.rand = key->rand;
346af67b 5311
2ceba539 5312 if (key->type == SMP_LTK)
346af67b
VCG		 5313 ev.key.master = 1;
5314
346af67b
VCG		 5315 memcpy(ev.key.val, key->val, sizeof(key->val));
5316
083368f7 5317 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5318}
5319
95fbac8a
JH		 5320void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5321{
5322 struct mgmt_ev_new_irk ev;
5323
5324 memset(&ev, 0, sizeof(ev));
5325
bab6d1e5
MH		 5326 /* For identity resolving keys from devices that are already
5327 * using a public address or static random address, do not
5328 * ask for storing this key. The identity resolving key really
5329 * is only mandatory for devices using resovlable random
5330 * addresses.
5331 *
5332 * Storing all identity resolving keys has the downside that
5333 * they will be also loaded on next boot of they system. More
5334 * identity resolving keys, means more time during scanning is
5335 * needed to actually resolve these addresses.
5336 */
5337 if (bacmp(&irk->rpa, BDADDR_ANY))
5338 ev.store_hint = 0x01;
5339 else
5340 ev.store_hint = 0x00;
5341
95fbac8a
JH		 5342 bacpy(&ev.rpa, &irk->rpa);
5343 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5344 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5345 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5346
5347 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5348}
5349
53ac6ab6
MH		 5350void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5351 bool persistent)
7ee4ea36
MH		 5352{
5353 struct mgmt_ev_new_csrk ev;
5354
5355 memset(&ev, 0, sizeof(ev));
5356
5357 /* Devices using resolvable or non-resolvable random addresses
5358 * without providing an indentity resolving key don't require
5359 * to store signature resolving keys. Their addresses will change
5360 * the next time around.
5361 *
5362 * Only when a remote device provides an identity address
5363 * make sure the signature resolving key is stored. So allow
5364 * static random and public addresses here.
5365 */
5366 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5367 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5368 ev.store_hint = 0x00;
5369 else
53ac6ab6 5370 ev.store_hint = persistent;
7ee4ea36
MH		 5371
5372 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5373 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5374 ev.key.master = csrk->master;
5375 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5376
5377 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5378}
5379
94933991
MH		 5380static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5381 u8 data_len)
5382{
5383 eir[eir_len++] = sizeof(type) + data_len;
5384 eir[eir_len++] = type;
5385 memcpy(&eir[eir_len], data, data_len);
5386 eir_len += data_len;
5387
5388 return eir_len;
5389}
5390
ecd90ae7
MH		 5391void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5392 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5393 u8 *dev_class)
f7520543 5394{
b644ba33
JH		 5395 char buf[512];
5396 struct mgmt_ev_device_connected *ev = (void *) buf;
5397 u16 eir_len = 0;
f7520543 5398
b644ba33 5399 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5400 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5401
c95f0ba7 5402 ev->flags = __cpu_to_le32(flags);
08c79b61 5403
b644ba33
JH		 5404 if (name_len > 0)
5405 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5406 name, name_len);
b644ba33
JH		 5407
5408 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5409 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5410 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5411
eb55ef07 5412 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5413
ecd90ae7
MH		 5414 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5415 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5416}
5417
8962ee74
JH		 5418static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5419{
c68fb7ff 5420 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5421 struct sock **sk = data;
a38528f1 5422 struct mgmt_rp_disconnect rp;
8962ee74 5423
88c3df13
JH		 5424 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5425 rp.addr.type = cp->addr.type;
8962ee74 5426
aee9b218 5427 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 5428 sizeof(rp));
8962ee74
JH		 5429
5430 *sk = cmd->sk;
5431 sock_hold(*sk);
5432
a664b5bc 5433 mgmt_pending_remove(cmd);
8962ee74
JH		 5434}
5435
124f6e35 5436static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 5437{
b1078ad0 5438 struct hci_dev *hdev = data;
124f6e35
JH		 5439 struct mgmt_cp_unpair_device *cp = cmd->param;
5440 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 5441
5442 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 5443 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5444 rp.addr.type = cp->addr.type;
a8a1d19e 5445
b1078ad0
JH		 5446 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
5447
aee9b218 5448 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 5449
5450 mgmt_pending_remove(cmd);
5451}
5452
9b80ec5e 5453void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 5454 u8 link_type, u8 addr_type, u8 reason,
5455 bool mgmt_connected)
f7520543 5456{
f0d6a0ea 5457 struct mgmt_ev_device_disconnected ev;
8b064a3a 5458 struct pending_cmd *power_off;
8962ee74 5459 struct sock *sk = NULL;
8962ee74 5460
8b064a3a
JH		 5461 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5462 if (power_off) {
5463 struct mgmt_mode *cp = power_off->param;
5464
5465 /* The connection is still in hci_conn_hash so test for 1
5466 * instead of 0 to know if this is the last one.
5467 */
a3172b7e
JH		 5468 if (!cp->val && hci_conn_count(hdev) == 1) {
5469 cancel_delayed_work(&hdev->power_off);
8b064a3a 5470 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5471 }
8b064a3a
JH		 5472 }
5473
12d4a3b2
JH		 5474 if (!mgmt_connected)
5475 return;
5476
57eb776f
AG		 5477 if (link_type != ACL_LINK && link_type != LE_LINK)
5478 return;
5479
744cf19e 5480 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5481
f0d6a0ea
MA		 5482 bacpy(&ev.addr.bdaddr, bdaddr);
5483 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5484 ev.reason = reason;
f7520543 5485
9b80ec5e 5486 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5487
5488 if (sk)
d97dcb66 5489 sock_put(sk);
8962ee74 5490
124f6e35 5491 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5492 hdev);
8962ee74
JH		 5493}
5494
7892924c
MH		 5495void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5496 u8 link_type, u8 addr_type, u8 status)
8962ee74 5497{
3655bba8
AG		 5498 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5499 struct mgmt_cp_disconnect *cp;
88c3df13 5500 struct mgmt_rp_disconnect rp;
8962ee74 5501 struct pending_cmd *cmd;
8962ee74 5502
36a75f1b
JD		 5503 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5504 hdev);
5505
2e58ef3e 5506 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5507 if (!cmd)
7892924c 5508 return;
8962ee74 5509
3655bba8
AG		 5510 cp = cmd->param;
5511
5512 if (bacmp(bdaddr, &cp->addr.bdaddr))
5513 return;
5514
5515 if (cp->addr.type != bdaddr_type)
5516 return;
5517
88c3df13 5518 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5519 rp.addr.type = bdaddr_type;
37d9ef76 5520
7892924c
MH		 5521 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5522 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5523
a664b5bc 5524 mgmt_pending_remove(cmd);
f7520543 5525}
17d5c04c 5526
445608d0
MH		 5527void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5528 u8 addr_type, u8 status)
17d5c04c
JH		 5529{
5530 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 5531 struct pending_cmd *power_off;
5532
5533 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5534 if (power_off) {
5535 struct mgmt_mode *cp = power_off->param;
5536
5537 /* The connection is still in hci_conn_hash so test for 1
5538 * instead of 0 to know if this is the last one.
5539 */
a3172b7e
JH		 5540 if (!cp->val && hci_conn_count(hdev) == 1) {
5541 cancel_delayed_work(&hdev->power_off);
c9910d0f 5542 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 5543 }
c9910d0f 5544 }
17d5c04c 5545
4c659c39 5546 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5547 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5548 ev.status = mgmt_status(status);
17d5c04c 5549
445608d0 5550 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5551}
980e1a53 5552
ce0e4a0d 5553void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5554{
5555 struct mgmt_ev_pin_code_request ev;
5556
d8457698 5557 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5558 ev.addr.type = BDADDR_BREDR;
a770bb5a 5559 ev.secure = secure;
980e1a53 5560
ce0e4a0d 5561 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5562}
5563
e669cf80
MH		 5564void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5565 u8 status)
980e1a53
JH		 5566{
5567 struct pending_cmd *cmd;
ac56fb13 5568 struct mgmt_rp_pin_code_reply rp;
980e1a53 5569
2e58ef3e 5570 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5571 if (!cmd)
e669cf80 5572 return;
980e1a53 5573
d8457698 5574 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5575 rp.addr.type = BDADDR_BREDR;
ac56fb13 5576
e669cf80
MH		 5577 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5578 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5579
a664b5bc 5580 mgmt_pending_remove(cmd);
980e1a53
JH		 5581}
5582
3eb38528
MH		 5583void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5584 u8 status)
980e1a53
JH		 5585{
5586 struct pending_cmd *cmd;
ac56fb13 5587 struct mgmt_rp_pin_code_reply rp;
980e1a53 5588
2e58ef3e 5589 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5590 if (!cmd)
3eb38528 5591 return;
980e1a53 5592
d8457698 5593 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5594 rp.addr.type = BDADDR_BREDR;
ac56fb13 5595
3eb38528
MH		 5596 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5597 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5598
a664b5bc 5599 mgmt_pending_remove(cmd);
980e1a53 5600}
a5c29683 5601
744cf19e 5602int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 5603 u8 link_type, u8 addr_type, u32 value,
04124681 5604 u8 confirm_hint)
a5c29683
JH		 5605{
5606 struct mgmt_ev_user_confirm_request ev;
5607
744cf19e 5608 BT_DBG("%s", hdev->name);
a5c29683 5609
272d90df 5610 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5611 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5612 ev.confirm_hint = confirm_hint;
39adbffe 5613 ev.value = cpu_to_le32(value);
a5c29683 5614
744cf19e 5615 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5616 NULL);
a5c29683
JH		 5617}
5618
272d90df 5619int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5620 u8 link_type, u8 addr_type)
604086b7
BG		 5621{
5622 struct mgmt_ev_user_passkey_request ev;
5623
5624 BT_DBG("%s", hdev->name);
5625
272d90df 5626 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5627 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5628
5629 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5630 NULL);
604086b7
BG		 5631}
5632
0df4c185 5633static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5634 u8 link_type, u8 addr_type, u8 status,
5635 u8 opcode)
a5c29683
JH		 5636{
5637 struct pending_cmd *cmd;
5638 struct mgmt_rp_user_confirm_reply rp;
5639 int err;
5640
2e58ef3e 5641 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5642 if (!cmd)
5643 return -ENOENT;
5644
272d90df 5645 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5646 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5647 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5648 &rp, sizeof(rp));
a5c29683 5649
a664b5bc 5650 mgmt_pending_remove(cmd);
a5c29683
JH		 5651
5652 return err;
5653}
5654
744cf19e 5655int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5656 u8 link_type, u8 addr_type, u8 status)
a5c29683 5657{
272d90df 5658 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5659 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5660}
5661
272d90df 5662int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5663 u8 link_type, u8 addr_type, u8 status)
a5c29683 5664{
272d90df 5665 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5666 status,
5667 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5668}
2a611692 5669
604086b7 5670int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5671 u8 link_type, u8 addr_type, u8 status)
604086b7 5672{
272d90df 5673 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5674 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5675}
5676
272d90df 5677int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5678 u8 link_type, u8 addr_type, u8 status)
604086b7 5679{
272d90df 5680 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5681 status,
5682 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5683}
5684
92a25256
JH		 5685int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5686 u8 link_type, u8 addr_type, u32 passkey,
5687 u8 entered)
5688{
5689 struct mgmt_ev_passkey_notify ev;
5690
5691 BT_DBG("%s", hdev->name);
5692
5693 bacpy(&ev.addr.bdaddr, bdaddr);
5694 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5695 ev.passkey = __cpu_to_le32(passkey);
5696 ev.entered = entered;
5697
5698 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5699}
5700
e546099c
MH		 5701void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5702 u8 addr_type, u8 status)
2a611692
JH		 5703{
5704 struct mgmt_ev_auth_failed ev;
5705
bab73cb6 5706 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5707 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5708 ev.status = mgmt_status(status);
2a611692 5709
e546099c 5710 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5711}
b312b161 5712
464996ae 5713void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5714{
5715 struct cmd_lookup match = { NULL, hdev };
464996ae 5716 bool changed;
33ef95ed
JH		 5717
5718 if (status) {
5719 u8 mgmt_err = mgmt_status(status);
5720 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5721 cmd_status_rsp, &mgmt_err);
464996ae 5722 return;
33ef95ed
JH		 5723 }
5724
464996ae
MH		 5725 if (test_bit(HCI_AUTH, &hdev->flags))
5726 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5727 &hdev->dev_flags);
5728 else
5729 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5730 &hdev->dev_flags);
47990ea0 5731
33ef95ed 5732 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5733 &match);
33ef95ed 5734
47990ea0 5735 if (changed)
464996ae 5736 new_settings(hdev, match.sk);
33ef95ed
JH		 5737
5738 if (match.sk)
5739 sock_put(match.sk);
33ef95ed
JH		 5740}
5741
890ea898 5742static void clear_eir(struct hci_request *req)
cacaf52f 5743{
890ea898 5744 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5745 struct hci_cp_write_eir cp;
5746
976eb20e 5747 if (!lmp_ext_inq_capable(hdev))
890ea898 5748 return;
cacaf52f 5749
c80da27e
JH		 5750 memset(hdev->eir, 0, sizeof(hdev->eir));
5751
cacaf52f
JH		 5752 memset(&cp, 0, sizeof(cp));
5753
890ea898 5754 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5755}
5756
3e248560 5757void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5758{
5759 struct cmd_lookup match = { NULL, hdev };
890ea898 5760 struct hci_request req;
c0ecddc2 5761 bool changed = false;
ed2c4ee3
JH		 5762
5763 if (status) {
5764 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5765
5766 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5767 &hdev->dev_flags)) {
5768 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5769 new_settings(hdev, NULL);
9ecb3e24 5770 }
c0ecddc2 5771
04124681
GP		 5772 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5773 &mgmt_err);
3e248560 5774 return;
c0ecddc2
JH		 5775 }
5776
5777 if (enable) {
9ecb3e24 5778 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5779 } else {
9ecb3e24
MH		 5780 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5781 if (!changed)
5782 changed = test_and_clear_bit(HCI_HS_ENABLED,
5783 &hdev->dev_flags);
5784 else
5785 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5786 }
5787
5788 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5789
c0ecddc2 5790 if (changed)
3e248560 5791 new_settings(hdev, match.sk);
ed2c4ee3 5792
5fc6ebb1 5793 if (match.sk)
ed2c4ee3
JH		 5794 sock_put(match.sk);
5795
890ea898
JH		 5796 hci_req_init(&req, hdev);
5797
3769972b
JH		 5798 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
5799 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
5800 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
5801 sizeof(enable), &enable);
890ea898 5802 update_eir(&req);
3769972b 5803 } else {
890ea898 5804 clear_eir(&req);
3769972b 5805 }
890ea898
JH		 5806
5807 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5808}
5809
eac83dc6
MH		 5810void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5811{
5812 struct cmd_lookup match = { NULL, hdev };
5813 bool changed = false;
5814
5815 if (status) {
5816 u8 mgmt_err = mgmt_status(status);
5817
0ab04a9c
MH		 5818 if (enable) {
5819 if (test_and_clear_bit(HCI_SC_ENABLED,
5820 &hdev->dev_flags))
5821 new_settings(hdev, NULL);
5822 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5823 }
eac83dc6
MH		 5824
5825 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5826 cmd_status_rsp, &mgmt_err);
5827 return;
5828 }
5829
0ab04a9c 5830 if (enable) {
eac83dc6 5831 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5832 } else {
eac83dc6 5833 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5834 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5835 }
eac83dc6
MH		 5836
5837 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5838 settings_rsp, &match);
5839
5840 if (changed)
5841 new_settings(hdev, match.sk);
5842
5843 if (match.sk)
5844 sock_put(match.sk);
5845}
5846
92da6097 5847static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5848{
5849 struct cmd_lookup *match = data;
5850
90e70454
JH		 5851 if (match->sk == NULL) {
5852 match->sk = cmd->sk;
5853 sock_hold(match->sk);
5854 }
90e70454
JH		 5855}
5856
4e1b0245
MH		 5857void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5858 u8 status)
7f9a903c 5859{
90e70454 5860 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5861
92da6097
JH		 5862 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5863 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5864 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5865
5866 if (!status)
4e1b0245
MH		 5867 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5868 NULL);
90e70454
JH		 5869
5870 if (match.sk)
5871 sock_put(match.sk);
7f9a903c
MH		 5872}
5873
7667da34 5874void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5875{
b312b161 5876 struct mgmt_cp_set_local_name ev;
13928971 5877 struct pending_cmd *cmd;
28cc7bde 5878
13928971 5879 if (status)
7667da34 5880 return;
b312b161
JH		 5881
5882 memset(&ev, 0, sizeof(ev));
5883 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5884 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5885
2e58ef3e 5886 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5887 if (!cmd) {
5888 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5889
13928971
JH		 5890 /* If this is a HCI command related to powering on the
5891 * HCI dev don't send any mgmt signals.
5892 */
5893 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5894 return;
890ea898 5895 }
b312b161 5896
7667da34
MH		 5897 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5898 cmd ? cmd->sk : NULL);
b312b161 5899}
c35938b2 5900
4d2d2796
MH		 5901void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5902 u8 *randomizer192, u8 *hash256,
5903 u8 *randomizer256, u8 status)
c35938b2
SJ		 5904{
5905 struct pending_cmd *cmd;
c35938b2 5906
744cf19e 5907 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5908
2e58ef3e 5909 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5910 if (!cmd)
3edaf092 5911 return;
c35938b2
SJ		 5912
5913 if (status) {
3edaf092
MH		 5914 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5915 mgmt_status(status));
c35938b2 5916 } else {
4d2d2796
MH		 5917 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5918 hash256 && randomizer256) {
5919 struct mgmt_rp_read_local_oob_ext_data rp;
5920
5921 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5922 memcpy(rp.randomizer192, randomizer192,
5923 sizeof(rp.randomizer192));
c35938b2 5924
4d2d2796
MH		 5925 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5926 memcpy(rp.randomizer256, randomizer256,
5927 sizeof(rp.randomizer256));
c35938b2 5928
4d2d2796
MH		 5929 cmd_complete(cmd->sk, hdev->id,
5930 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5931 &rp, sizeof(rp));
5932 } else {
5933 struct mgmt_rp_read_local_oob_data rp;
5934
5935 memcpy(rp.hash, hash192, sizeof(rp.hash));
5936 memcpy(rp.randomizer, randomizer192,
5937 sizeof(rp.randomizer));
5938
5939 cmd_complete(cmd->sk, hdev->id,
5940 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5941 &rp, sizeof(rp));
5942 }
c35938b2
SJ		 5943 }
5944
5945 mgmt_pending_remove(cmd);
c35938b2 5946}
e17acd40 5947
901801b9 5948void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
73cf71d9
JH		 5949 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name,
5950 u8 ssp, u8 *eir, u16 eir_len, u8 *scan_rsp,
5d2e9fad 5951 u8 scan_rsp_len)
e17acd40 5952{
e319d2e7
JH		 5953 char buf[512];
5954 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5955 struct smp_irk *irk;
1dc06093 5956 size_t ev_size;
e17acd40 5957
12602d0c 5958 if (!hci_discovery_active(hdev))
901801b9 5959 return;
12602d0c 5960
5d2e9fad
JH		 5961 /* Make sure that the buffer is big enough. The 5 extra bytes
5962 * are for the potential CoD field.
5963 */
5964 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 5965 return;
7d262f86 5966
1dc06093
JH		 5967 memset(buf, 0, sizeof(buf));
5968
5cedbb8d
JH		 5969 irk = hci_get_irk(hdev, bdaddr, addr_type);
5970 if (irk) {
5971 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5972 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5973 } else {
5974 bacpy(&ev->addr.bdaddr, bdaddr);
5975 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5976 }
5977
e319d2e7 5978 ev->rssi = rssi;
9a395a80 5979 if (cfm_name)
dcf4adbf 5980 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5981 if (!ssp)
dcf4adbf 5982 ev->flags |= cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5983
1dc06093 5984 if (eir_len > 0)
e319d2e7 5985 memcpy(ev->eir, eir, eir_len);
e17acd40 5986
1dc06093
JH		 5987 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5988 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5989 dev_class, 3);
1dc06093 5990
5d2e9fad
JH		 5991 if (scan_rsp_len > 0)
5992 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
5993
5994 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
5995 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 5996
901801b9 5997 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5998}
a88a9652 5999
9cf12aee
MH		 6000void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6001 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6002{
b644ba33
JH		 6003 struct mgmt_ev_device_found *ev;
6004 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6005 u16 eir_len;
a88a9652 6006
b644ba33 6007 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6008
b644ba33
JH		 6009 memset(buf, 0, sizeof(buf));
6010
6011 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6012 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6013 ev->rssi = rssi;
6014
6015 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6016 name_len);
b644ba33 6017
eb55ef07 6018 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6019
9cf12aee 6020 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6021}
314b2381 6022
2f1e063b 6023void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6024{
f963e8e9 6025 struct mgmt_ev_discovering ev;
164a6e78
JH		 6026 struct pending_cmd *cmd;
6027
343fb145
AG		 6028 BT_DBG("%s discovering %u", hdev->name, discovering);
6029
164a6e78 6030 if (discovering)
2e58ef3e 6031 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6032 else
2e58ef3e 6033 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6034
6035 if (cmd != NULL) {
f808e166
JH		 6036 u8 type = hdev->discovery.type;
6037
04124681
GP		 6038 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6039 sizeof(type));
164a6e78
JH		 6040 mgmt_pending_remove(cmd);
6041 }
6042
f963e8e9
JH		 6043 memset(&ev, 0, sizeof(ev));
6044 ev.type = hdev->discovery.type;
6045 ev.discovering = discovering;
6046
2f1e063b 6047 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6048}
5e762444 6049
88c1fe4b 6050int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6051{
6052 struct pending_cmd *cmd;
6053 struct mgmt_ev_device_blocked ev;
6054
2e58ef3e 6055 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 6056
88c1fe4b
JH		 6057 bacpy(&ev.addr.bdaddr, bdaddr);
6058 ev.addr.type = type;
5e762444 6059
744cf19e 6060 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 6061 cmd ? cmd->sk : NULL);
5e762444
AJ		 6062}
6063
88c1fe4b 6064int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 6065{
6066 struct pending_cmd *cmd;
6067 struct mgmt_ev_device_unblocked ev;
6068
2e58ef3e 6069 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 6070
88c1fe4b
JH		 6071 bacpy(&ev.addr.bdaddr, bdaddr);
6072 ev.addr.type = type;
5e762444 6073
744cf19e 6074 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 6075 cmd ? cmd->sk : NULL);
5e762444 6076}
5976e608
MH		 6077
6078static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6079{
6080 BT_DBG("%s status %u", hdev->name, status);
6081
6082 /* Clear the advertising mgmt setting if we failed to re-enable it */
6083 if (status) {
6084 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6085 new_settings(hdev, NULL);
5976e608
MH		 6086 }
6087}
6088
6089void mgmt_reenable_advertising(struct hci_dev *hdev)
6090{
6091 struct hci_request req;
6092
b145edcd 6093 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6094 return;
6095
6096 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6097 return;
6098
6099 hci_req_init(&req, hdev);
6100 enable_advertising(&req);
6101
6102 /* If this fails we have no option but to let user space know
6103 * that we've disabled advertising.
6104 */
6105 if (hci_req_run(&req, adv_enable_complete) < 0) {
6106 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6107 new_settings(hdev, NULL);
5976e608
MH		 6108 }
6109}
Linux kernel - Deliverables
This page took 1.128264 seconds and 5 git commands to generate.