projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Remove unneeded initializer for management command table
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
beb1c21b 40#define MGMT_REVISION 9
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
96f1474a 99 MGMT_OP_READ_EXT_INDEX_LIST,
e70bb2e8
JH		 100};
101
102static const u16 mgmt_events[] = {
103 MGMT_EV_CONTROLLER_ERROR,
104 MGMT_EV_INDEX_ADDED,
105 MGMT_EV_INDEX_REMOVED,
106 MGMT_EV_NEW_SETTINGS,
107 MGMT_EV_CLASS_OF_DEV_CHANGED,
108 MGMT_EV_LOCAL_NAME_CHANGED,
109 MGMT_EV_NEW_LINK_KEY,
110 MGMT_EV_NEW_LONG_TERM_KEY,
111 MGMT_EV_DEVICE_CONNECTED,
112 MGMT_EV_DEVICE_DISCONNECTED,
113 MGMT_EV_CONNECT_FAILED,
114 MGMT_EV_PIN_CODE_REQUEST,
115 MGMT_EV_USER_CONFIRM_REQUEST,
116 MGMT_EV_USER_PASSKEY_REQUEST,
117 MGMT_EV_AUTH_FAILED,
118 MGMT_EV_DEVICE_FOUND,
119 MGMT_EV_DISCOVERING,
120 MGMT_EV_DEVICE_BLOCKED,
121 MGMT_EV_DEVICE_UNBLOCKED,
122 MGMT_EV_DEVICE_UNPAIRED,
92a25256 123 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 124 MGMT_EV_NEW_IRK,
7ee4ea36 125 MGMT_EV_NEW_CSRK,
8afef092
MH		 126 MGMT_EV_DEVICE_ADDED,
127 MGMT_EV_DEVICE_REMOVED,
ffb5a827 128 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 129 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 130 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 131 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 132 MGMT_EV_EXT_INDEX_ADDED,
133 MGMT_EV_EXT_INDEX_REMOVED,
e70bb2e8
JH		 134};
135
17b02e62 136#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 137
d25b78e2
JH		 138#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
139 "\x00\x00\x00\x00\x00\x00\x00\x00"
140
3b0602cd 141struct mgmt_pending_cmd {
eec8d2bc 142 struct list_head list;
fc2f4b13 143 u16 opcode;
eec8d2bc 144 int index;
c68fb7ff 145 void *param;
323b0b88 146 size_t param_len;
eec8d2bc 147 struct sock *sk;
e9a416b5 148 void *user_data;
3b0602cd 149 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 150};
151
ca69b795
JH		 152/* HCI to MGMT error code conversion table */
153static u8 mgmt_status_table[] = {
154 MGMT_STATUS_SUCCESS,
155 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
156 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
157 MGMT_STATUS_FAILED, /* Hardware Failure */
158 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
159 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 160 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 161 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
162 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
163 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
164 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
165 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
166 MGMT_STATUS_BUSY, /* Command Disallowed */
167 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
168 MGMT_STATUS_REJECTED, /* Rejected Security */
169 MGMT_STATUS_REJECTED, /* Rejected Personal */
170 MGMT_STATUS_TIMEOUT, /* Host Timeout */
171 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
172 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
173 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
174 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
175 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
176 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
177 MGMT_STATUS_BUSY, /* Repeated Attempts */
178 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
179 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
180 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
181 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
182 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
183 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
184 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
185 MGMT_STATUS_FAILED, /* Unspecified Error */
186 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
187 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
188 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
189 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
190 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
191 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
192 MGMT_STATUS_FAILED, /* Unit Link Key Used */
193 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
194 MGMT_STATUS_TIMEOUT, /* Instant Passed */
195 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
196 MGMT_STATUS_FAILED, /* Transaction Collision */
197 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
198 MGMT_STATUS_REJECTED, /* QoS Rejected */
199 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
200 MGMT_STATUS_REJECTED, /* Insufficient Security */
201 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
202 MGMT_STATUS_BUSY, /* Role Switch Pending */
203 MGMT_STATUS_FAILED, /* Slot Violation */
204 MGMT_STATUS_FAILED, /* Role Switch Failed */
205 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
206 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
207 MGMT_STATUS_BUSY, /* Host Busy Pairing */
208 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
209 MGMT_STATUS_BUSY, /* Controller Busy */
210 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
211 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
212 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
213 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
214 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
215};
216
217static u8 mgmt_status(u8 hci_status)
218{
219 if (hci_status < ARRAY_SIZE(mgmt_status_table))
220 return mgmt_status_table[hci_status];
221
222 return MGMT_STATUS_FAILED;
223}
224
7a00ff44
JH		 225static int mgmt_send_event(u16 event, struct hci_dev *hdev,
226 unsigned short channel, void *data, u16 data_len,
c08b1a1d 227 int flag, struct sock *skip_sk)
04c60f05
MH		 228{
229 struct sk_buff *skb;
230 struct mgmt_hdr *hdr;
231
232 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
233 if (!skb)
234 return -ENOMEM;
235
236 hdr = (void *) skb_put(skb, sizeof(*hdr));
237 hdr->opcode = cpu_to_le16(event);
238 if (hdev)
239 hdr->index = cpu_to_le16(hdev->id);
240 else
241 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
242 hdr->len = cpu_to_le16(data_len);
243
244 if (data)
245 memcpy(skb_put(skb, data_len), data, data_len);
246
247 /* Time stamp */
248 __net_timestamp(skb);
249
c08b1a1d 250 hci_send_to_channel(channel, skb, flag, skip_sk);
04c60f05
MH		 251 kfree_skb(skb);
252
253 return 0;
254}
255
c08b1a1d
MH		 256static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
257 u16 len, int flag)
f9207338 258{
c08b1a1d
MH		 259 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
260 flag, NULL);
f9207338
MH		 261}
262
7a00ff44
JH		 263static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
264 struct sock *skip_sk)
265{
266 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 267 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 268}
269
a69e8375 270static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 271{
272 struct sk_buff *skb;
273 struct mgmt_hdr *hdr;
274 struct mgmt_ev_cmd_status *ev;
56b7d137 275 int err;
f7b64e69 276
34eb525c 277 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 278
790eff44 279 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 280 if (!skb)
281 return -ENOMEM;
282
283 hdr = (void *) skb_put(skb, sizeof(*hdr));
284
dcf4adbf 285 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 286 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 287 hdr->len = cpu_to_le16(sizeof(*ev));
288
289 ev = (void *) skb_put(skb, sizeof(*ev));
290 ev->status = status;
eb55ef07 291 ev->opcode = cpu_to_le16(cmd);
f7b64e69 292
56b7d137
GP		 293 err = sock_queue_rcv_skb(sk, skb);
294 if (err < 0)
f7b64e69
JH		 295 kfree_skb(skb);
296
56b7d137 297 return err;
f7b64e69
JH		 298}
299
2a1afb5a
JH		 300static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
301 void *rp, size_t rp_len)
02d98129
JH		 302{
303 struct sk_buff *skb;
304 struct mgmt_hdr *hdr;
305 struct mgmt_ev_cmd_complete *ev;
56b7d137 306 int err;
02d98129
JH		 307
308 BT_DBG("sock %p", sk);
309
790eff44 310 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 311 if (!skb)
312 return -ENOMEM;
313
314 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 315
dcf4adbf 316 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 317 hdr->index = cpu_to_le16(index);
a38528f1 318 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 319
a38528f1 320 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 321 ev->opcode = cpu_to_le16(cmd);
aee9b218 322 ev->status = status;
8020c16a
SJ		 323
324 if (rp)
325 memcpy(ev->data, rp, rp_len);
02d98129 326
56b7d137
GP		 327 err = sock_queue_rcv_skb(sk, skb);
328 if (err < 0)
02d98129
JH		 329 kfree_skb(skb);
330
e5f0e151 331 return err;
02d98129
JH		 332}
333
04124681
GP		 334static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
335 u16 data_len)
a38528f1
JH		 336{
337 struct mgmt_rp_read_version rp;
338
339 BT_DBG("sock %p", sk);
340
341 rp.version = MGMT_VERSION;
dcf4adbf 342 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 343
2a1afb5a
JH		 344 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
345 &rp, sizeof(rp));
a38528f1
JH		 346}
347
04124681
GP		 348static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
349 u16 data_len)
e70bb2e8
JH		 350{
351 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 352 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
353 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 354 __le16 *opcode;
e70bb2e8
JH		 355 size_t rp_size;
356 int i, err;
357
358 BT_DBG("sock %p", sk);
359
360 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
361
362 rp = kmalloc(rp_size, GFP_KERNEL);
363 if (!rp)
364 return -ENOMEM;
365
dcf4adbf
JP		 366 rp->num_commands = cpu_to_le16(num_commands);
367 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 368
369 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
370 put_unaligned_le16(mgmt_commands[i], opcode);
371
372 for (i = 0; i < num_events; i++, opcode++)
373 put_unaligned_le16(mgmt_events[i], opcode);
374
2a1afb5a
JH		 375 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
376 rp, rp_size);
e70bb2e8
JH		 377 kfree(rp);
378
379 return err;
380}
381
04124681
GP		 382static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
383 u16 data_len)
faba42eb 384{
faba42eb 385 struct mgmt_rp_read_index_list *rp;
8035ded4 386 struct hci_dev *d;
a38528f1 387 size_t rp_len;
faba42eb 388 u16 count;
476e44cb 389 int err;
faba42eb
JH		 390
391 BT_DBG("sock %p", sk);
392
393 read_lock(&hci_dev_list_lock);
394
395 count = 0;
bb4b2a9a 396 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 397 if (d->dev_type == HCI_BREDR &&
d7a5a11d 398 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 399 count++;
faba42eb
JH		 400 }
401
a38528f1
JH		 402 rp_len = sizeof(*rp) + (2 * count);
403 rp = kmalloc(rp_len, GFP_ATOMIC);
404 if (!rp) {
b2c60d42 405 read_unlock(&hci_dev_list_lock);
faba42eb 406 return -ENOMEM;
b2c60d42 407 }
faba42eb 408
476e44cb 409 count = 0;
8035ded4 410 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 411 if (hci_dev_test_flag(d, HCI_SETUP) ||
412 hci_dev_test_flag(d, HCI_CONFIG) ||
413 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 414 continue;
415
73d1df2a
MH		 416 /* Devices marked as raw-only are neither configured
417 * nor unconfigured controllers.
418 */
419 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 420 continue;
421
73d1df2a 422 if (d->dev_type == HCI_BREDR &&
d7a5a11d 423 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 424 rp->index[count++] = cpu_to_le16(d->id);
425 BT_DBG("Added hci%u", d->id);
426 }
faba42eb
JH		 427 }
428
476e44cb
JH		 429 rp->num_controllers = cpu_to_le16(count);
430 rp_len = sizeof(*rp) + (2 * count);
431
faba42eb
JH		 432 read_unlock(&hci_dev_list_lock);
433
2a1afb5a
JH		 434 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
435 0, rp, rp_len);
faba42eb 436
a38528f1
JH		 437 kfree(rp);
438
439 return err;
faba42eb
JH		 440}
441
73d1df2a
MH		 442static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
443 void *data, u16 data_len)
444{
445 struct mgmt_rp_read_unconf_index_list *rp;
446 struct hci_dev *d;
447 size_t rp_len;
448 u16 count;
449 int err;
450
451 BT_DBG("sock %p", sk);
452
453 read_lock(&hci_dev_list_lock);
454
455 count = 0;
456 list_for_each_entry(d, &hci_dev_list, list) {
457 if (d->dev_type == HCI_BREDR &&
d7a5a11d 458 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 459 count++;
460 }
461
462 rp_len = sizeof(*rp) + (2 * count);
463 rp = kmalloc(rp_len, GFP_ATOMIC);
464 if (!rp) {
465 read_unlock(&hci_dev_list_lock);
466 return -ENOMEM;
467 }
468
469 count = 0;
470 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 471 if (hci_dev_test_flag(d, HCI_SETUP) ||
472 hci_dev_test_flag(d, HCI_CONFIG) ||
473 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 474 continue;
475
476 /* Devices marked as raw-only are neither configured
477 * nor unconfigured controllers.
478 */
479 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
480 continue;
481
482 if (d->dev_type == HCI_BREDR &&
d7a5a11d 483 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 484 rp->index[count++] = cpu_to_le16(d->id);
485 BT_DBG("Added hci%u", d->id);
486 }
487 }
488
489 rp->num_controllers = cpu_to_le16(count);
490 rp_len = sizeof(*rp) + (2 * count);
491
492 read_unlock(&hci_dev_list_lock);
493
2a1afb5a
JH		 494 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
495 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 496
497 kfree(rp);
498
499 return err;
500}
501
96f1474a
MH		 502static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
503 void *data, u16 data_len)
504{
505 struct mgmt_rp_read_ext_index_list *rp;
506 struct hci_dev *d;
507 size_t rp_len;
508 u16 count;
509 int err;
510
511 BT_DBG("sock %p", sk);
512
513 read_lock(&hci_dev_list_lock);
514
515 count = 0;
516 list_for_each_entry(d, &hci_dev_list, list) {
517 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
518 count++;
519 }
520
521 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
522 rp = kmalloc(rp_len, GFP_ATOMIC);
523 if (!rp) {
524 read_unlock(&hci_dev_list_lock);
525 return -ENOMEM;
526 }
527
528 count = 0;
529 list_for_each_entry(d, &hci_dev_list, list) {
530 if (hci_dev_test_flag(d, HCI_SETUP) ||
531 hci_dev_test_flag(d, HCI_CONFIG) ||
532 hci_dev_test_flag(d, HCI_USER_CHANNEL))
533 continue;
534
535 /* Devices marked as raw-only are neither configured
536 * nor unconfigured controllers.
537 */
538 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
539 continue;
540
541 if (d->dev_type == HCI_BREDR) {
542 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
543 rp->entry[count].type = 0x01;
544 else
545 rp->entry[count].type = 0x00;
546 } else if (d->dev_type == HCI_AMP) {
547 rp->entry[count].type = 0x02;
548 } else {
549 continue;
550 }
551
552 rp->entry[count].bus = d->bus;
553 rp->entry[count++].index = cpu_to_le16(d->id);
554 BT_DBG("Added hci%u", d->id);
555 }
556
557 rp->num_controllers = cpu_to_le16(count);
558 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
559
560 read_unlock(&hci_dev_list_lock);
561
562 /* If this command is called at least once, then all the
563 * default index and unconfigured index events are disabled
564 * and from now on only extended index events are used.
565 */
566 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
567 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
568 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
569
570 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
571 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
572
573 kfree(rp);
574
575 return err;
576}
577
dbece37a
MH		 578static bool is_configured(struct hci_dev *hdev)
579{
580 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 581 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 582 return false;
583
584 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
585 !bacmp(&hdev->public_addr, BDADDR_ANY))
586 return false;
587
588 return true;
589}
590
89bc22d2
MH		 591static __le32 get_missing_options(struct hci_dev *hdev)
592{
593 u32 options = 0;
594
dbece37a 595 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 596 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 597 options |= MGMT_OPTION_EXTERNAL_CONFIG;
598
89bc22d2
MH		 599 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
600 !bacmp(&hdev->public_addr, BDADDR_ANY))
601 options |= MGMT_OPTION_PUBLIC_ADDRESS;
602
603 return cpu_to_le32(options);
604}
605
f4537c04
MH		 606static int new_options(struct hci_dev *hdev, struct sock *skip)
607{
608 __le32 options = get_missing_options(hdev);
609
610 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
611 sizeof(options), skip);
612}
613
dbece37a
MH		 614static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
615{
616 __le32 options = get_missing_options(hdev);
617
2a1afb5a
JH		 618 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
619 sizeof(options));
dbece37a
MH		 620}
621
9fc3bfb6
MH		 622static int read_config_info(struct sock *sk, struct hci_dev *hdev,
623 void *data, u16 data_len)
624{
625 struct mgmt_rp_read_config_info rp;
89bc22d2 626 u32 options = 0;
9fc3bfb6
MH		 627
628 BT_DBG("sock %p %s", sk, hdev->name);
629
630 hci_dev_lock(hdev);
631
632 memset(&rp, 0, sizeof(rp));
633 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 634
eb1904f4
MH		 635 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
636 options |= MGMT_OPTION_EXTERNAL_CONFIG;
637
9fc3bfb6 638 if (hdev->set_bdaddr)
89bc22d2
MH		 639 options |= MGMT_OPTION_PUBLIC_ADDRESS;
640
641 rp.supported_options = cpu_to_le32(options);
642 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 643
644 hci_dev_unlock(hdev);
645
2a1afb5a
JH		 646 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
647 &rp, sizeof(rp));
9fc3bfb6
MH		 648}
649
69ab39ea
JH		 650static u32 get_supported_settings(struct hci_dev *hdev)
651{
652 u32 settings = 0;
653
654 settings |= MGMT_SETTING_POWERED;
b2939475 655 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 656 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 657 settings |= MGMT_SETTING_CONNECTABLE;
658 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 659
ed3fa31f 660 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 661 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
662 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 663 settings |= MGMT_SETTING_BREDR;
664 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 665
666 if (lmp_ssp_capable(hdev)) {
667 settings |= MGMT_SETTING_SSP;
668 settings |= MGMT_SETTING_HS;
669 }
e98d2ce2 670
05b3c3e7 671 if (lmp_sc_capable(hdev))
e98d2ce2 672 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 673 }
d7b7e796 674
eeca6f89 675 if (lmp_le_capable(hdev)) {
9d42820f 676 settings |= MGMT_SETTING_LE;
eeca6f89 677 settings |= MGMT_SETTING_ADVERTISING;
a3209694 678 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 679 settings |= MGMT_SETTING_PRIVACY;
93690c22 680 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 681 }
69ab39ea 682
eb1904f4
MH		 683 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
684 hdev->set_bdaddr)
9fc3bfb6
MH		 685 settings |= MGMT_SETTING_CONFIGURATION;
686
69ab39ea
JH		 687 return settings;
688}
689
690static u32 get_current_settings(struct hci_dev *hdev)
691{
692 u32 settings = 0;
693
f1f0eb02 694 if (hdev_is_powered(hdev))
f0d4b78a
MH		 695 settings |= MGMT_SETTING_POWERED;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 698 settings |= MGMT_SETTING_CONNECTABLE;
699
d7a5a11d 700 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 701 settings |= MGMT_SETTING_FAST_CONNECTABLE;
702
d7a5a11d 703 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 704 settings |= MGMT_SETTING_DISCOVERABLE;
705
d7a5a11d 706 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 707 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 708
d7a5a11d 709 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 710 settings |= MGMT_SETTING_BREDR;
711
d7a5a11d 712 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 713 settings |= MGMT_SETTING_LE;
714
d7a5a11d 715 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 716 settings |= MGMT_SETTING_LINK_SECURITY;
717
d7a5a11d 718 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 719 settings |= MGMT_SETTING_SSP;
720
d7a5a11d 721 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 722 settings |= MGMT_SETTING_HS;
723
d7a5a11d 724 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 725 settings |= MGMT_SETTING_ADVERTISING;
726
d7a5a11d 727 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 728 settings |= MGMT_SETTING_SECURE_CONN;
729
d7a5a11d 730 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 731 settings |= MGMT_SETTING_DEBUG_KEYS;
732
d7a5a11d 733 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 734 settings |= MGMT_SETTING_PRIVACY;
735
93690c22
MH		 736 /* The current setting for static address has two purposes. The
737 * first is to indicate if the static address will be used and
738 * the second is to indicate if it is actually set.
739 *
740 * This means if the static address is not configured, this flag
741 * will never bet set. If the address is configured, then if the
742 * address is actually used decides if the flag is set or not.
743 *
744 * For single mode LE only controllers and dual-mode controllers
745 * with BR/EDR disabled, the existence of the static address will
746 * be evaluated.
747 */
b7cb93e5 748 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 749 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 750 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
751 if (bacmp(&hdev->static_addr, BDADDR_ANY))
752 settings |= MGMT_SETTING_STATIC_ADDRESS;
753 }
754
69ab39ea
JH		 755 return settings;
756}
757
ef580372
JH		 758#define PNP_INFO_SVCLASS_ID 0x1200
759
213202ed
JH		 760static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
761{
762 u8 *ptr = data, *uuids_start = NULL;
763 struct bt_uuid *uuid;
764
765 if (len < 4)
766 return ptr;
767
768 list_for_each_entry(uuid, &hdev->uuids, list) {
769 u16 uuid16;
770
771 if (uuid->size != 16)
772 continue;
773
774 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
775 if (uuid16 < 0x1100)
776 continue;
777
778 if (uuid16 == PNP_INFO_SVCLASS_ID)
779 continue;
780
781 if (!uuids_start) {
782 uuids_start = ptr;
783 uuids_start[0] = 1;
784 uuids_start[1] = EIR_UUID16_ALL;
785 ptr += 2;
786 }
787
788 /* Stop if not enough space to put next UUID */
789 if ((ptr - data) + sizeof(u16) > len) {
790 uuids_start[1] = EIR_UUID16_SOME;
791 break;
792 }
793
794 *ptr++ = (uuid16 & 0x00ff);
795 *ptr++ = (uuid16 & 0xff00) >> 8;
796 uuids_start[0] += sizeof(uuid16);
797 }
798
799 return ptr;
800}
801
cdf1963f
JH		 802static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
803{
804 u8 *ptr = data, *uuids_start = NULL;
805 struct bt_uuid *uuid;
806
807 if (len < 6)
808 return ptr;
809
810 list_for_each_entry(uuid, &hdev->uuids, list) {
811 if (uuid->size != 32)
812 continue;
813
814 if (!uuids_start) {
815 uuids_start = ptr;
816 uuids_start[0] = 1;
817 uuids_start[1] = EIR_UUID32_ALL;
818 ptr += 2;
819 }
820
821 /* Stop if not enough space to put next UUID */
822 if ((ptr - data) + sizeof(u32) > len) {
823 uuids_start[1] = EIR_UUID32_SOME;
824 break;
825 }
826
827 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
828 ptr += sizeof(u32);
829 uuids_start[0] += sizeof(u32);
830 }
831
832 return ptr;
833}
834
c00d575b
JH		 835static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
836{
837 u8 *ptr = data, *uuids_start = NULL;
838 struct bt_uuid *uuid;
839
840 if (len < 18)
841 return ptr;
842
843 list_for_each_entry(uuid, &hdev->uuids, list) {
844 if (uuid->size != 128)
845 continue;
846
847 if (!uuids_start) {
848 uuids_start = ptr;
849 uuids_start[0] = 1;
850 uuids_start[1] = EIR_UUID128_ALL;
851 ptr += 2;
852 }
853
854 /* Stop if not enough space to put next UUID */
855 if ((ptr - data) + 16 > len) {
856 uuids_start[1] = EIR_UUID128_SOME;
857 break;
858 }
859
860 memcpy(ptr, uuid->uuid, 16);
861 ptr += 16;
862 uuids_start[0] += 16;
863 }
864
865 return ptr;
866}
867
3b0602cd
JH		 868static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
869 struct hci_dev *hdev)
eb2a8d20 870{
3b0602cd 871 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 872
873 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
874 if (cmd->opcode == opcode)
875 return cmd;
876 }
877
878 return NULL;
879}
880
3b0602cd
JH		 881static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
882 struct hci_dev *hdev,
883 const void *data)
95868426 884{
3b0602cd 885 struct mgmt_pending_cmd *cmd;
95868426
JH		 886
887 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
888 if (cmd->user_data != data)
889 continue;
890 if (cmd->opcode == opcode)
891 return cmd;
892 }
893
894 return NULL;
895}
896
f14d8f64
MH		 897static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
898{
7a5f4990
MH		 899 u8 ad_len = 0;
900 size_t name_len;
901
902 name_len = strlen(hdev->dev_name);
903 if (name_len > 0) {
904 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
905
906 if (name_len > max_len) {
907 name_len = max_len;
908 ptr[1] = EIR_NAME_SHORT;
909 } else
910 ptr[1] = EIR_NAME_COMPLETE;
911
912 ptr[0] = name_len + 1;
913
914 memcpy(ptr + 2, hdev->dev_name, name_len);
915
916 ad_len += (name_len + 2);
917 ptr += (name_len + 2);
918 }
919
920 return ad_len;
f14d8f64
MH		 921}
922
923static void update_scan_rsp_data(struct hci_request *req)
924{
925 struct hci_dev *hdev = req->hdev;
926 struct hci_cp_le_set_scan_rsp_data cp;
927 u8 len;
928
d7a5a11d 929 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 930 return;
931
932 memset(&cp, 0, sizeof(cp));
933
934 len = create_scan_rsp_data(hdev, cp.data);
935
eb438b5f
JH		 936 if (hdev->scan_rsp_data_len == len &&
937 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 938 return;
939
eb438b5f
JH		 940 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
941 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 942
943 cp.length = len;
944
945 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
946}
947
9a43e25f
JH		 948static u8 get_adv_discov_flags(struct hci_dev *hdev)
949{
3b0602cd 950 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 951
952 /* If there's a pending mgmt command the flags will not yet have
953 * their final values, so check for this first.
954 */
955 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
956 if (cmd) {
957 struct mgmt_mode *cp = cmd->param;
958 if (cp->val == 0x01)
959 return LE_AD_GENERAL;
960 else if (cp->val == 0x02)
961 return LE_AD_LIMITED;
962 } else {
d7a5a11d 963 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 964 return LE_AD_LIMITED;
d7a5a11d 965 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 966 return LE_AD_GENERAL;
967 }
968
969 return 0;
970}
971
46cad2ed 972static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 973{
974 u8 ad_len = 0, flags = 0;
441ad2d0 975
9a43e25f 976 flags |= get_adv_discov_flags(hdev);
441ad2d0 977
d7a5a11d 978 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 979 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 980
981 if (flags) {
982 BT_DBG("adv flags 0x%02x", flags);
983
984 ptr[0] = 2;
985 ptr[1] = EIR_FLAGS;
986 ptr[2] = flags;
987
988 ad_len += 3;
989 ptr += 3;
990 }
991
992 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
993 ptr[0] = 2;
994 ptr[1] = EIR_TX_POWER;
995 ptr[2] = (u8) hdev->adv_tx_power;
996
997 ad_len += 3;
998 ptr += 3;
999 }
1000
441ad2d0
MH		 1001 return ad_len;
1002}
1003
5947f4bc 1004static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 1005{
1006 struct hci_dev *hdev = req->hdev;
1007 struct hci_cp_le_set_adv_data cp;
1008 u8 len;
1009
d7a5a11d 1010 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1011 return;
1012
1013 memset(&cp, 0, sizeof(cp));
1014
46cad2ed 1015 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 1016
1017 if (hdev->adv_data_len == len &&
1018 memcmp(cp.data, hdev->adv_data, len) == 0)
1019 return;
1020
1021 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1022 hdev->adv_data_len = len;
1023
1024 cp.length = len;
1025
1026 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1027}
1028
bc6d2d04
JH		 1029int mgmt_update_adv_data(struct hci_dev *hdev)
1030{
1031 struct hci_request req;
1032
1033 hci_req_init(&req, hdev);
1034 update_adv_data(&req);
1035
1036 return hci_req_run(&req, NULL);
1037}
1038
ef580372
JH		 1039static void create_eir(struct hci_dev *hdev, u8 *data)
1040{
1041 u8 *ptr = data;
ef580372
JH		 1042 size_t name_len;
1043
1044 name_len = strlen(hdev->dev_name);
1045
1046 if (name_len > 0) {
1047 /* EIR Data type */
1048 if (name_len > 48) {
1049 name_len = 48;
1050 ptr[1] = EIR_NAME_SHORT;
1051 } else
1052 ptr[1] = EIR_NAME_COMPLETE;
1053
1054 /* EIR Data length */
1055 ptr[0] = name_len + 1;
1056
1057 memcpy(ptr + 2, hdev->dev_name, name_len);
1058
ef580372
JH		 1059 ptr += (name_len + 2);
1060 }
1061
bbaf444a 1062 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1063 ptr[0] = 2;
1064 ptr[1] = EIR_TX_POWER;
1065 ptr[2] = (u8) hdev->inq_tx_power;
1066
91c4e9b1
MH		 1067 ptr += 3;
1068 }
1069
2b9be137
MH		 1070 if (hdev->devid_source > 0) {
1071 ptr[0] = 9;
1072 ptr[1] = EIR_DEVICE_ID;
1073
1074 put_unaligned_le16(hdev->devid_source, ptr + 2);
1075 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1076 put_unaligned_le16(hdev->devid_product, ptr + 6);
1077 put_unaligned_le16(hdev->devid_version, ptr + 8);
1078
2b9be137
MH		 1079 ptr += 10;
1080 }
1081
213202ed 1082 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1083 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1084 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1085}
1086
890ea898 1087static void update_eir(struct hci_request *req)
ef580372 1088{
890ea898 1089 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1090 struct hci_cp_write_eir cp;
1091
504c8dcd 1092 if (!hdev_is_powered(hdev))
890ea898 1093 return;
7770c4aa 1094
976eb20e 1095 if (!lmp_ext_inq_capable(hdev))
890ea898 1096 return;
ef580372 1097
d7a5a11d 1098 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1099 return;
ef580372 1100
d7a5a11d 1101 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1102 return;
ef580372
JH		 1103
1104 memset(&cp, 0, sizeof(cp));
1105
1106 create_eir(hdev, cp.data);
1107
1108 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1109 return;
ef580372
JH		 1110
1111 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1112
890ea898 1113 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1114}
1115
1116static u8 get_service_classes(struct hci_dev *hdev)
1117{
1118 struct bt_uuid *uuid;
1119 u8 val = 0;
1120
1121 list_for_each_entry(uuid, &hdev->uuids, list)
1122 val |= uuid->svc_hint;
1123
1124 return val;
1125}
1126
890ea898 1127static void update_class(struct hci_request *req)
ef580372 1128{
890ea898 1129 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1130 u8 cod[3];
1131
1132 BT_DBG("%s", hdev->name);
1133
504c8dcd 1134 if (!hdev_is_powered(hdev))
890ea898 1135 return;
7770c4aa 1136
d7a5a11d 1137 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1138 return;
1139
d7a5a11d 1140 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1141 return;
ef580372
JH		 1142
1143 cod[0] = hdev->minor_class;
1144 cod[1] = hdev->major_class;
1145 cod[2] = get_service_classes(hdev);
1146
d7a5a11d 1147 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1148 cod[1] |= 0x20;
1149
ef580372 1150 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1151 return;
ef580372 1152
890ea898 1153 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1154}
1155
a4858cb9 1156static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1157{
3b0602cd 1158 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1159
1160 /* If there's a pending mgmt command the flag will not yet have
1161 * it's final value, so check for this first.
1162 */
1163 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1164 if (cmd) {
1165 struct mgmt_mode *cp = cmd->param;
a4858cb9 1166 return cp->val;
199a2fb1
JH		 1167 }
1168
d7a5a11d 1169 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1170}
1171
0ec5ae84
JH		 1172static void disable_advertising(struct hci_request *req)
1173{
1174 u8 enable = 0x00;
1175
1176 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1177}
1178
199a2fb1
JH		 1179static void enable_advertising(struct hci_request *req)
1180{
1181 struct hci_dev *hdev = req->hdev;
1182 struct hci_cp_le_set_adv_param cp;
8f2a0601 1183 u8 own_addr_type, enable = 0x01;
a4858cb9 1184 bool connectable;
199a2fb1 1185
0ec5ae84
JH		 1186 if (hci_conn_num(hdev, LE_LINK) > 0)
1187 return;
1188
d7a5a11d 1189 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1190 disable_advertising(req);
1191
5ce194c4 1192 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1193 * hci_update_random_address knows that it's safe to go ahead
1194 * and write a new random address. The flag will be set back on
1195 * as soon as the SET_ADV_ENABLE HCI command completes.
1196 */
a358dc11 1197 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1198
d7a5a11d 1199 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1200 connectable = true;
1201 else
1202 connectable = get_connectable(hdev);
8f2a0601 1203
a4858cb9
JH		 1204 /* Set require_privacy to true only when non-connectable
1205 * advertising is used. In that case it is fine to use a
1206 * non-resolvable private address.
1207 */
1208 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1209 return;
1210
41c90c18 1211 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1212 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1213 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1214 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1215 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1216 cp.channel_map = hdev->le_adv_channel_map;
1217
1218 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1219
1220 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1221}
1222
7d78525d
JH		 1223static void service_cache_off(struct work_struct *work)
1224{
1225 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1226 service_cache.work);
890ea898 1227 struct hci_request req;
7d78525d 1228
a69d8927 1229 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1230 return;
1231
890ea898
JH		 1232 hci_req_init(&req, hdev);
1233
7d78525d
JH		 1234 hci_dev_lock(hdev);
1235
890ea898
JH		 1236 update_eir(&req);
1237 update_class(&req);
7d78525d
JH		 1238
1239 hci_dev_unlock(hdev);
890ea898
JH		 1240
1241 hci_req_run(&req, NULL);
7d78525d
JH		 1242}
1243
d6bfd59c
JH		 1244static void rpa_expired(struct work_struct *work)
1245{
1246 struct hci_dev *hdev = container_of(work, struct hci_dev,
1247 rpa_expired.work);
1248 struct hci_request req;
1249
1250 BT_DBG("");
1251
a1536da2 1252 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1253
d7a5a11d 1254 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1255 return;
1256
1257 /* The generation of a new RPA and programming it into the
1258 * controller happens in the enable_advertising() function.
1259 */
d6bfd59c 1260 hci_req_init(&req, hdev);
d6bfd59c 1261 enable_advertising(&req);
d6bfd59c
JH		 1262 hci_req_run(&req, NULL);
1263}
1264
6a919082 1265static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1266{
238be788 1267 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1268 return;
1269
4f87da80 1270 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1271 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1272
4f87da80
JH		 1273 /* Non-mgmt controlled devices get this bit set
1274 * implicitly so that pairing works for them, however
1275 * for mgmt we require user-space to explicitly enable
1276 * it
1277 */
a358dc11 1278 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1279}
1280
0f4e68cf 1281static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1282 void *data, u16 data_len)
0381101f 1283{
a38528f1 1284 struct mgmt_rp_read_info rp;
f7b64e69 1285
bdb6d971 1286 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1287
09fd0de5 1288 hci_dev_lock(hdev);
f7b64e69 1289
dc4fe30b
JH		 1290 memset(&rp, 0, sizeof(rp));
1291
69ab39ea 1292 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1293
69ab39ea 1294 rp.version = hdev->hci_ver;
eb55ef07 1295 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1296
1297 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1298 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1299
a38528f1 1300 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1301
dc4fe30b 1302 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1303 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1304
09fd0de5 1305 hci_dev_unlock(hdev);
0381101f 1306
2a1afb5a
JH		 1307 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1308 sizeof(rp));
0381101f
JH		 1309}
1310
3b0602cd 1311static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1312{
1313 sock_put(cmd->sk);
c68fb7ff 1314 kfree(cmd->param);
eec8d2bc
JH		 1315 kfree(cmd);
1316}
1317
3b0602cd
JH		 1318static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1319 struct hci_dev *hdev,
1320 void *data, u16 len)
eec8d2bc 1321{
3b0602cd 1322 struct mgmt_pending_cmd *cmd;
eec8d2bc 1323
fca20018 1324 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1325 if (!cmd)
366a0336 1326 return NULL;
eec8d2bc
JH		 1327
1328 cmd->opcode = opcode;
2e58ef3e 1329 cmd->index = hdev->id;
eec8d2bc 1330
323b0b88 1331 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1332 if (!cmd->param) {
eec8d2bc 1333 kfree(cmd);
366a0336 1334 return NULL;
eec8d2bc
JH		 1335 }
1336
323b0b88 1337 cmd->param_len = len;
eec8d2bc
JH		 1338
1339 cmd->sk = sk;
1340 sock_hold(sk);
1341
2e58ef3e 1342 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1343
366a0336 1344 return cmd;
eec8d2bc
JH		 1345}
1346
744cf19e 1347static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1348 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1349 void *data),
04124681 1350 void *data)
eec8d2bc 1351{
3b0602cd 1352 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1353
a3d09356 1354 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1355 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1356 continue;
1357
eec8d2bc
JH		 1358 cb(cmd, data);
1359 }
1360}
1361
3b0602cd 1362static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1363{
73f22f62
JH		 1364 list_del(&cmd->list);
1365 mgmt_pending_free(cmd);
1366}
1367
69ab39ea 1368static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1369{
69ab39ea 1370 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1371
2a1afb5a
JH		 1372 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1373 sizeof(settings));
8680570b
JH		 1374}
1375
1904a853 1376static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1377{
1378 BT_DBG("%s status 0x%02x", hdev->name, status);
1379
a3172b7e
JH		 1380 if (hci_conn_count(hdev) == 0) {
1381 cancel_delayed_work(&hdev->power_off);
8b064a3a 1382 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1383 }
8b064a3a
JH		 1384}
1385
23a48093 1386static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1387{
1388 struct hci_dev *hdev = req->hdev;
1389 struct hci_cp_remote_name_req_cancel cp;
1390 struct inquiry_entry *e;
1391
1392 switch (hdev->discovery.state) {
1393 case DISCOVERY_FINDING:
1394 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1395 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1396 } else {
1397 cancel_delayed_work(&hdev->le_scan_disable);
1398 hci_req_add_le_scan_disable(req);
1399 }
1400
23a48093 1401 return true;
21a60d30
JH		 1402
1403 case DISCOVERY_RESOLVING:
1404 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1405 NAME_PENDING);
1406 if (!e)
23a48093 1407 break;
21a60d30
JH		 1408
1409 bacpy(&cp.bdaddr, &e->data.bdaddr);
1410 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1411 &cp);
1412
23a48093 1413 return true;
21a60d30
JH		 1414
1415 default:
1416 /* Passive scanning */
d7a5a11d 1417 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1418 hci_req_add_le_scan_disable(req);
23a48093
JH		 1419 return true;
1420 }
1421
21a60d30
JH		 1422 break;
1423 }
23a48093
JH		 1424
1425 return false;
21a60d30
JH		 1426}
1427
8b064a3a
JH		 1428static int clean_up_hci_state(struct hci_dev *hdev)
1429{
1430 struct hci_request req;
1431 struct hci_conn *conn;
23a48093
JH		 1432 bool discov_stopped;
1433 int err;
8b064a3a
JH		 1434
1435 hci_req_init(&req, hdev);
1436
1437 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1438 test_bit(HCI_PSCAN, &hdev->flags)) {
1439 u8 scan = 0x00;
1440 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1441 }
1442
d7a5a11d 1443 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1444 disable_advertising(&req);
1445
23a48093 1446 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1447
1448 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1449 struct hci_cp_disconnect dc;
c9910d0f
JH		 1450 struct hci_cp_reject_conn_req rej;
1451
1452 switch (conn->state) {
1453 case BT_CONNECTED:
1454 case BT_CONFIG:
1455 dc.handle = cpu_to_le16(conn->handle);
1456 dc.reason = 0x15; /* Terminated due to Power Off */
1457 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1458 break;
1459 case BT_CONNECT:
1460 if (conn->type == LE_LINK)
1461 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1462 0, NULL);
1463 else if (conn->type == ACL_LINK)
1464 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1465 6, &conn->dst);
1466 break;
1467 case BT_CONNECT2:
1468 bacpy(&rej.bdaddr, &conn->dst);
1469 rej.reason = 0x15; /* Terminated due to Power Off */
1470 if (conn->type == ACL_LINK)
1471 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1472 sizeof(rej), &rej);
1473 else if (conn->type == SCO_LINK)
1474 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1475 sizeof(rej), &rej);
1476 break;
1477 }
8b064a3a
JH		 1478 }
1479
23a48093
JH		 1480 err = hci_req_run(&req, clean_up_hci_complete);
1481 if (!err && discov_stopped)
1482 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1483
1484 return err;
8b064a3a
JH		 1485}
1486
bdb6d971 1487static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1488 u16 len)
eec8d2bc 1489{
650f726d 1490 struct mgmt_mode *cp = data;
3b0602cd 1491 struct mgmt_pending_cmd *cmd;
4b34ee78 1492 int err;
eec8d2bc 1493
bdb6d971 1494 BT_DBG("request for %s", hdev->name);
eec8d2bc 1495
a7e80f25 1496 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1498 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1499
09fd0de5 1500 hci_dev_lock(hdev);
eec8d2bc 1501
87b95ba6 1502 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1503 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1504 MGMT_STATUS_BUSY);
87b95ba6
JH		 1505 goto failed;
1506 }
1507
a69d8927 1508 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1509 cancel_delayed_work(&hdev->power_off);
1510
1511 if (cp->val) {
a1d70450
JH		 1512 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1513 data, len);
1514 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1515 goto failed;
1516 }
1517 }
1518
4b34ee78 1519 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1520 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1521 goto failed;
1522 }
1523
2e58ef3e 1524 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1525 if (!cmd) {
1526 err = -ENOMEM;
eec8d2bc 1527 goto failed;
366a0336 1528 }
eec8d2bc 1529
8b064a3a 1530 if (cp->val) {
19202573 1531 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1532 err = 0;
1533 } else {
1534 /* Disconnect connections, stop scans, etc */
1535 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1536 if (!err)
1537 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1538 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1539
8b064a3a
JH		 1540 /* ENODATA means there were no HCI commands queued */
1541 if (err == -ENODATA) {
a3172b7e 1542 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1543 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1544 err = 0;
1545 }
1546 }
eec8d2bc
JH		 1547
1548failed:
09fd0de5 1549 hci_dev_unlock(hdev);
366a0336 1550 return err;
eec8d2bc
JH		 1551}
1552
beadb2bd
JH		 1553static int new_settings(struct hci_dev *hdev, struct sock *skip)
1554{
1555 __le32 ev;
1556
1557 ev = cpu_to_le32(get_current_settings(hdev));
1558
1559 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1560}
1561
91a668b0
JH		 1562int mgmt_new_settings(struct hci_dev *hdev)
1563{
1564 return new_settings(hdev, NULL);
1565}
1566
bd99abdd
JH		 1567struct cmd_lookup {
1568 struct sock *sk;
1569 struct hci_dev *hdev;
1570 u8 mgmt_status;
1571};
1572
3b0602cd 1573static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1574{
1575 struct cmd_lookup *match = data;
1576
1577 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1578
1579 list_del(&cmd->list);
1580
1581 if (match->sk == NULL) {
1582 match->sk = cmd->sk;
1583 sock_hold(match->sk);
1584 }
1585
1586 mgmt_pending_free(cmd);
1587}
1588
3b0602cd 1589static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1590{
1591 u8 *status = data;
1592
a69e8375 1593 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1594 mgmt_pending_remove(cmd);
1595}
1596
3b0602cd 1597static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1598{
1599 if (cmd->cmd_complete) {
1600 u8 *status = data;
1601
1602 cmd->cmd_complete(cmd, *status);
1603 mgmt_pending_remove(cmd);
1604
1605 return;
1606 }
1607
1608 cmd_status_rsp(cmd, data);
1609}
1610
3b0602cd 1611static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1612{
2a1afb5a
JH		 1613 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1614 cmd->param, cmd->param_len);
f5818c22
JH		 1615}
1616
3b0602cd 1617static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1618{
2a1afb5a
JH		 1619 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1620 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1621}
1622
e6fe7986
JH		 1623static u8 mgmt_bredr_support(struct hci_dev *hdev)
1624{
1625 if (!lmp_bredr_capable(hdev))
1626 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1627 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1628 return MGMT_STATUS_REJECTED;
1629 else
1630 return MGMT_STATUS_SUCCESS;
1631}
1632
1633static u8 mgmt_le_support(struct hci_dev *hdev)
1634{
1635 if (!lmp_le_capable(hdev))
1636 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1637 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1638 return MGMT_STATUS_REJECTED;
1639 else
1640 return MGMT_STATUS_SUCCESS;
1641}
1642
1904a853
MH		 1643static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1644 u16 opcode)
bfaf8c9f 1645{
3b0602cd 1646 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1647 struct mgmt_mode *cp;
970ba524 1648 struct hci_request req;
bfaf8c9f
JH		 1649 bool changed;
1650
1651 BT_DBG("status 0x%02x", status);
1652
1653 hci_dev_lock(hdev);
1654
1655 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1656 if (!cmd)
1657 goto unlock;
1658
1659 if (status) {
1660 u8 mgmt_err = mgmt_status(status);
a69e8375 1661 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1662 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1663 goto remove_cmd;
1664 }
1665
1666 cp = cmd->param;
d4462a07 1667 if (cp->val) {
238be788 1668 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1669
1670 if (hdev->discov_timeout > 0) {
1671 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1672 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1673 to);
1674 }
1675 } else {
a69d8927 1676 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1677 }
bfaf8c9f
JH		 1678
1679 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1680
1681 if (changed)
1682 new_settings(hdev, cmd->sk);
1683
970ba524
MH		 1684 /* When the discoverable mode gets changed, make sure
1685 * that class of device has the limited discoverable
432df05e
JH		 1686 * bit correctly set. Also update page scan based on whitelist
1687 * entries.
970ba524
MH		 1688 */
1689 hci_req_init(&req, hdev);
1d2dc5b7 1690 __hci_update_page_scan(&req);
970ba524
MH		 1691 update_class(&req);
1692 hci_req_run(&req, NULL);
1693
bfaf8c9f
JH		 1694remove_cmd:
1695 mgmt_pending_remove(cmd);
1696
1697unlock:
1698 hci_dev_unlock(hdev);
1699}
1700
bdb6d971 1701static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1702 u16 len)
73f22f62 1703{
650f726d 1704 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1705 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1706 struct hci_request req;
5e5282bb 1707 u16 timeout;
9a43e25f 1708 u8 scan;
73f22f62
JH		 1709 int err;
1710
bdb6d971 1711 BT_DBG("request for %s", hdev->name);
73f22f62 1712
d7a5a11d
MH		 1713 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1714 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1715 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1716 MGMT_STATUS_REJECTED);
33c525c0 1717
310a3d48 1718 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1719 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1720 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1721
1f350c87 1722 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1723
1724 /* Disabling discoverable requires that no timeout is set,
1725 * and enabling limited discoverable requires a timeout.
1726 */
1727 if ((cp->val == 0x00 && timeout > 0) ||
1728 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1729 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1730 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1731
09fd0de5 1732 hci_dev_lock(hdev);
73f22f62 1733
5e5282bb 1734 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1735 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1736 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1737 goto failed;
1738 }
1739
2e58ef3e 1740 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1741 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1742 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1743 MGMT_STATUS_BUSY);
73f22f62
JH		 1744 goto failed;
1745 }
1746
d7a5a11d 1747 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1748 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1749 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1750 goto failed;
1751 }
1752
1753 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1754 bool changed = false;
1755
310a3d48
MH		 1756 /* Setting limited discoverable when powered off is
1757 * not a valid operation since it requires a timeout
1758 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1759 */
d7a5a11d 1760 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1761 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1762 changed = true;
1763 }
1764
5e5282bb 1765 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1766 if (err < 0)
1767 goto failed;
1768
1769 if (changed)
1770 err = new_settings(hdev, sk);
1771
5e5282bb
JH		 1772 goto failed;
1773 }
1774
310a3d48
MH		 1775 /* If the current mode is the same, then just update the timeout
1776 * value with the new value. And if only the timeout gets updated,
1777 * then no need for any HCI transactions.
1778 */
d7a5a11d
MH		 1779 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1780 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1781 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1782 cancel_delayed_work(&hdev->discov_off);
1783 hdev->discov_timeout = timeout;
955638ec 1784
36261547
MH		 1785 if (cp->val && hdev->discov_timeout > 0) {
1786 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1787 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1788 to);
955638ec
MH		 1789 }
1790
69ab39ea 1791 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1792 goto failed;
1793 }
1794
2e58ef3e 1795 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1796 if (!cmd) {
1797 err = -ENOMEM;
73f22f62 1798 goto failed;
366a0336 1799 }
73f22f62 1800
310a3d48
MH		 1801 /* Cancel any potential discoverable timeout that might be
1802 * still active and store new timeout value. The arming of
1803 * the timeout happens in the complete handler.
1804 */
1805 cancel_delayed_work(&hdev->discov_off);
1806 hdev->discov_timeout = timeout;
1807
b456f87c
JH		 1808 /* Limited discoverable mode */
1809 if (cp->val == 0x02)
a1536da2 1810 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1811 else
a358dc11 1812 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1813
bfaf8c9f
JH		 1814 hci_req_init(&req, hdev);
1815
9a43e25f
JH		 1816 /* The procedure for LE-only controllers is much simpler - just
1817 * update the advertising data.
1818 */
d7a5a11d 1819 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1820 goto update_ad;
1821
73f22f62
JH		 1822 scan = SCAN_PAGE;
1823
310a3d48
MH		 1824 if (cp->val) {
1825 struct hci_cp_write_current_iac_lap hci_cp;
1826
1827 if (cp->val == 0x02) {
1828 /* Limited discoverable mode */
33337dcb 1829 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1830 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1831 hci_cp.iac_lap[1] = 0x8b;
1832 hci_cp.iac_lap[2] = 0x9e;
1833 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1834 hci_cp.iac_lap[4] = 0x8b;
1835 hci_cp.iac_lap[5] = 0x9e;
1836 } else {
1837 /* General discoverable mode */
310a3d48
MH		 1838 hci_cp.num_iac = 1;
1839 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1840 hci_cp.iac_lap[1] = 0x8b;
1841 hci_cp.iac_lap[2] = 0x9e;
1842 }
1843
1844 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1845 (hci_cp.num_iac * 3) + 1, &hci_cp);
1846
73f22f62 1847 scan |= SCAN_INQUIRY;
310a3d48 1848 } else {
a358dc11 1849 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1850 }
73f22f62 1851
310a3d48 1852 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1853
9a43e25f
JH		 1854update_ad:
1855 update_adv_data(&req);
1856
bfaf8c9f 1857 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1858 if (err < 0)
a664b5bc 1859 mgmt_pending_remove(cmd);
73f22f62
JH		 1860
1861failed:
09fd0de5 1862 hci_dev_unlock(hdev);
73f22f62
JH		 1863 return err;
1864}
1865
406d7804
JH		 1866static void write_fast_connectable(struct hci_request *req, bool enable)
1867{
bd98b996 1868 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1869 struct hci_cp_write_page_scan_activity acp;
1870 u8 type;
1871
d7a5a11d 1872 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1873 return;
1874
4c01f8b8
JH		 1875 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1876 return;
1877
406d7804
JH		 1878 if (enable) {
1879 type = PAGE_SCAN_TYPE_INTERLACED;
1880
1881 /* 160 msec page scan interval */
dcf4adbf 1882 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1883 } else {
1884 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1885
1886 /* default 1.28 sec page scan */
dcf4adbf 1887 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1888 }
1889
dcf4adbf 1890 acp.window = cpu_to_le16(0x0012);
406d7804 1891
bd98b996
JH		 1892 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1893 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1894 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1895 sizeof(acp), &acp);
1896
1897 if (hdev->page_scan_type != type)
1898 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1899}
1900
1904a853
MH		 1901static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1902 u16 opcode)
2b76f453 1903{
3b0602cd 1904 struct mgmt_pending_cmd *cmd;
d7b856f9 1905 struct mgmt_mode *cp;
bc6d2d04 1906 bool conn_changed, discov_changed;
2b76f453
JH		 1907
1908 BT_DBG("status 0x%02x", status);
1909
1910 hci_dev_lock(hdev);
1911
1912 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1913 if (!cmd)
1914 goto unlock;
1915
37438c1f
JH		 1916 if (status) {
1917 u8 mgmt_err = mgmt_status(status);
a69e8375 1918 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1919 goto remove_cmd;
1920 }
1921
d7b856f9 1922 cp = cmd->param;
bc6d2d04 1923 if (cp->val) {
238be788
MH		 1924 conn_changed = !hci_dev_test_and_set_flag(hdev,
1925 HCI_CONNECTABLE);
bc6d2d04
JH		 1926 discov_changed = false;
1927 } else {
a69d8927
MH		 1928 conn_changed = hci_dev_test_and_clear_flag(hdev,
1929 HCI_CONNECTABLE);
1930 discov_changed = hci_dev_test_and_clear_flag(hdev,
1931 HCI_DISCOVERABLE);
bc6d2d04 1932 }
d7b856f9 1933
2b76f453
JH		 1934 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1935
bc6d2d04 1936 if (conn_changed || discov_changed) {
d7b856f9 1937 new_settings(hdev, cmd->sk);
1d2dc5b7 1938 hci_update_page_scan(hdev);
bc6d2d04
JH		 1939 if (discov_changed)
1940 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1941 hci_update_background_scan(hdev);
1942 }
d7b856f9 1943
37438c1f 1944remove_cmd:
2b76f453
JH		 1945 mgmt_pending_remove(cmd);
1946
1947unlock:
1948 hci_dev_unlock(hdev);
1949}
1950
e8ba3a1f
JH		 1951static int set_connectable_update_settings(struct hci_dev *hdev,
1952 struct sock *sk, u8 val)
1953{
1954 bool changed = false;
1955 int err;
1956
d7a5a11d 1957 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1958 changed = true;
1959
1960 if (val) {
a1536da2 1961 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1962 } else {
a358dc11
MH		 1963 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1964 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1965 }
1966
1967 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1968 if (err < 0)
1969 return err;
1970
562064e6 1971 if (changed) {
1d2dc5b7 1972 hci_update_page_scan(hdev);
562064e6 1973 hci_update_background_scan(hdev);
e8ba3a1f 1974 return new_settings(hdev, sk);
562064e6 1975 }
e8ba3a1f
JH		 1976
1977 return 0;
1978}
1979
bdb6d971 1980static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1981 u16 len)
9fbcbb45 1982{
650f726d 1983 struct mgmt_mode *cp = data;
3b0602cd 1984 struct mgmt_pending_cmd *cmd;
2b76f453 1985 struct hci_request req;
1987fdc7 1986 u8 scan;
9fbcbb45
JH		 1987 int err;
1988
bdb6d971 1989 BT_DBG("request for %s", hdev->name);
9fbcbb45 1990
d7a5a11d
MH		 1991 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1992 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1993 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1994 MGMT_STATUS_REJECTED);
33c525c0 1995
a7e80f25 1996 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1997 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1998 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1999
09fd0de5 2000 hci_dev_lock(hdev);
9fbcbb45 2001
4b34ee78 2002 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2003 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2004 goto failed;
2005 }
2006
2e58ef3e 2007 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 2008 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2009 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2010 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2011 goto failed;
2012 }
2013
2e58ef3e 2014 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2015 if (!cmd) {
2016 err = -ENOMEM;
9fbcbb45 2017 goto failed;
366a0336 2018 }
9fbcbb45 2019
9b74246f 2020 hci_req_init(&req, hdev);
9fbcbb45 2021
9a43e25f
JH		 2022 /* If BR/EDR is not enabled and we disable advertising as a
2023 * by-product of disabling connectable, we need to update the
2024 * advertising flags.
2025 */
d7a5a11d 2026 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2027 if (!cp->val) {
a358dc11
MH		 2028 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2029 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2030 }
2031 update_adv_data(&req);
2032 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2033 if (cp->val) {
2034 scan = SCAN_PAGE;
2035 } else {
3bd27240
JH		 2036 /* If we don't have any whitelist entries just
2037 * disable all scanning. If there are entries
2038 * and we had both page and inquiry scanning
2039 * enabled then fall back to only page scanning.
2040 * Otherwise no changes are needed.
2041 */
2042 if (list_empty(&hdev->whitelist))
2043 scan = SCAN_DISABLED;
2044 else if (test_bit(HCI_ISCAN, &hdev->flags))
2045 scan = SCAN_PAGE;
2046 else
2047 goto no_scan_update;
9b74246f
JH		 2048
2049 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2050 hdev->discov_timeout > 0)
9b74246f
JH		 2051 cancel_delayed_work(&hdev->discov_off);
2052 }
2b76f453 2053
9b74246f
JH		 2054 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2055 }
2b76f453 2056
3bd27240 2057no_scan_update:
e8b1202c 2058 /* Update the advertising parameters if necessary */
d7a5a11d 2059 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 2060 enable_advertising(&req);
1987fdc7 2061
2b76f453 2062 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2063 if (err < 0) {
a664b5bc 2064 mgmt_pending_remove(cmd);
9b74246f 2065 if (err == -ENODATA)
a81070ba
JH		 2066 err = set_connectable_update_settings(hdev, sk,
2067 cp->val);
9b74246f
JH		 2068 goto failed;
2069 }
9fbcbb45
JH		 2070
2071failed:
09fd0de5 2072 hci_dev_unlock(hdev);
9fbcbb45
JH		 2073 return err;
2074}
2075
b2939475 2076static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2077 u16 len)
c542a06c 2078{
650f726d 2079 struct mgmt_mode *cp = data;
55594356 2080 bool changed;
c542a06c
JH		 2081 int err;
2082
bdb6d971 2083 BT_DBG("request for %s", hdev->name);
c542a06c 2084
a7e80f25 2085 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2086 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2087 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2088
09fd0de5 2089 hci_dev_lock(hdev);
c542a06c
JH		 2090
2091 if (cp->val)
238be788 2092 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2093 else
a69d8927 2094 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2095
b2939475 2096 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2097 if (err < 0)
55594356 2098 goto unlock;
c542a06c 2099
55594356
MH		 2100 if (changed)
2101 err = new_settings(hdev, sk);
c542a06c 2102
55594356 2103unlock:
09fd0de5 2104 hci_dev_unlock(hdev);
c542a06c
JH		 2105 return err;
2106}
2107
04124681
GP		 2108static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2109 u16 len)
33ef95ed
JH		 2110{
2111 struct mgmt_mode *cp = data;
3b0602cd 2112 struct mgmt_pending_cmd *cmd;
e6fe7986 2113 u8 val, status;
33ef95ed
JH		 2114 int err;
2115
bdb6d971 2116 BT_DBG("request for %s", hdev->name);
33ef95ed 2117
e6fe7986
JH		 2118 status = mgmt_bredr_support(hdev);
2119 if (status)
a69e8375
JH		 2120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2121 status);
33c525c0 2122
a7e80f25 2123 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2124 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2125 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2126
33ef95ed
JH		 2127 hci_dev_lock(hdev);
2128
4b34ee78 2129 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2130 bool changed = false;
2131
d7a5a11d 2132 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2133 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2134 changed = true;
2135 }
2136
2137 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2138 if (err < 0)
2139 goto failed;
2140
2141 if (changed)
2142 err = new_settings(hdev, sk);
2143
33ef95ed
JH		 2144 goto failed;
2145 }
2146
2147 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2148 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2149 MGMT_STATUS_BUSY);
33ef95ed
JH		 2150 goto failed;
2151 }
2152
2153 val = !!cp->val;
2154
2155 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2156 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2157 goto failed;
2158 }
2159
2160 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2161 if (!cmd) {
2162 err = -ENOMEM;
2163 goto failed;
2164 }
2165
2166 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2167 if (err < 0) {
2168 mgmt_pending_remove(cmd);
2169 goto failed;
2170 }
2171
2172failed:
2173 hci_dev_unlock(hdev);
33ef95ed
JH		 2174 return err;
2175}
2176
bdb6d971 2177static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2178{
2179 struct mgmt_mode *cp = data;
3b0602cd 2180 struct mgmt_pending_cmd *cmd;
72ef0c1a 2181 u8 status;
ed2c4ee3
JH		 2182 int err;
2183
bdb6d971 2184 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2185
cdba5281
MH		 2186 status = mgmt_bredr_support(hdev);
2187 if (status)
a69e8375 2188 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2189
13ecd8b6 2190 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2191 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2192 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2193
a7e80f25 2194 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2196 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2197
13ecd8b6 2198 hci_dev_lock(hdev);
6c8f12c1 2199
4b34ee78 2200 if (!hdev_is_powered(hdev)) {
9ecb3e24 2201 bool changed;
c0ecddc2 2202
9ecb3e24 2203 if (cp->val) {
238be788
MH		 2204 changed = !hci_dev_test_and_set_flag(hdev,
2205 HCI_SSP_ENABLED);
9ecb3e24 2206 } else {
a69d8927
MH		 2207 changed = hci_dev_test_and_clear_flag(hdev,
2208 HCI_SSP_ENABLED);
9ecb3e24 2209 if (!changed)
a69d8927
MH		 2210 changed = hci_dev_test_and_clear_flag(hdev,
2211 HCI_HS_ENABLED);
9ecb3e24 2212 else
a358dc11 2213 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2214 }
2215
2216 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2217 if (err < 0)
2218 goto failed;
2219
2220 if (changed)
2221 err = new_settings(hdev, sk);
2222
ed2c4ee3
JH		 2223 goto failed;
2224 }
2225
94d52dad 2226 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2227 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2228 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2229 goto failed;
2230 }
2231
d7a5a11d 2232 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2233 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2234 goto failed;
2235 }
2236
2237 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2238 if (!cmd) {
2239 err = -ENOMEM;
2240 goto failed;
2241 }
2242
d7a5a11d 2243 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2244 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2245 sizeof(cp->val), &cp->val);
2246
72ef0c1a 2247 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2248 if (err < 0) {
2249 mgmt_pending_remove(cmd);
2250 goto failed;
2251 }
2252
2253failed:
2254 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2255 return err;
2256}
2257
bdb6d971 2258static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2259{
2260 struct mgmt_mode *cp = data;
ee392693 2261 bool changed;
e6fe7986 2262 u8 status;
ee392693 2263 int err;
6d80dfd0 2264
bdb6d971 2265 BT_DBG("request for %s", hdev->name);
6d80dfd0 2266
e6fe7986
JH		 2267 status = mgmt_bredr_support(hdev);
2268 if (status)
a69e8375 2269 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2270
9ecb3e24 2271 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2272 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2273 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2274
d7a5a11d 2275 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2276 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2277 MGMT_STATUS_REJECTED);
9ecb3e24 2278
a7e80f25 2279 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2280 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2281 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2282
ee392693
MH		 2283 hci_dev_lock(hdev);
2284
a2cb01de 2285 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2286 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2287 MGMT_STATUS_BUSY);
a2cb01de
JH		 2288 goto unlock;
2289 }
2290
a0cdf960 2291 if (cp->val) {
238be788 2292 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2293 } else {
2294 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2295 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2296 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2297 goto unlock;
2298 }
2299
a69d8927 2300 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2301 }
ee392693
MH		 2302
2303 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2304 if (err < 0)
2305 goto unlock;
2306
2307 if (changed)
2308 err = new_settings(hdev, sk);
6d80dfd0 2309
ee392693
MH		 2310unlock:
2311 hci_dev_unlock(hdev);
2312 return err;
6d80dfd0
JH		 2313}
2314
1904a853 2315static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2316{
2317 struct cmd_lookup match = { NULL, hdev };
2318
3ad67582
JK		 2319 hci_dev_lock(hdev);
2320
416a4ae5
JH		 2321 if (status) {
2322 u8 mgmt_err = mgmt_status(status);
2323
2324 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2325 &mgmt_err);
3ad67582 2326 goto unlock;
416a4ae5
JH		 2327 }
2328
2329 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2330
2331 new_settings(hdev, match.sk);
2332
2333 if (match.sk)
2334 sock_put(match.sk);
441ad2d0
MH		 2335
2336 /* Make sure the controller has a good default for
2337 * advertising data. Restrict the update to when LE
2338 * has actually been enabled. During power on, the
2339 * update in powered_update_hci will take care of it.
2340 */
d7a5a11d 2341 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2342 struct hci_request req;
2343
441ad2d0 2344 hci_req_init(&req, hdev);
5947f4bc 2345 update_adv_data(&req);
f14d8f64 2346 update_scan_rsp_data(&req);
2cf22218 2347 __hci_update_background_scan(&req);
441ad2d0 2348 hci_req_run(&req, NULL);
441ad2d0 2349 }
3ad67582
JK		 2350
2351unlock:
2352 hci_dev_unlock(hdev);
416a4ae5
JH		 2353}
2354
bdb6d971 2355static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2356{
2357 struct mgmt_mode *cp = data;
2358 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2359 struct mgmt_pending_cmd *cmd;
416a4ae5 2360 struct hci_request req;
06199cf8 2361 int err;
0b60eba1 2362 u8 val, enabled;
06199cf8 2363
bdb6d971 2364 BT_DBG("request for %s", hdev->name);
06199cf8 2365
13ecd8b6 2366 if (!lmp_le_capable(hdev))
a69e8375
JH		 2367 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2368 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2369
a7e80f25 2370 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2372 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2373
c73eee91 2374 /* LE-only devices do not allow toggling LE on/off */
d7a5a11d 2375 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2376 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2377 MGMT_STATUS_REJECTED);
c73eee91 2378
13ecd8b6 2379 hci_dev_lock(hdev);
06199cf8
JH		 2380
2381 val = !!cp->val;
ffa88e02 2382 enabled = lmp_host_le_capable(hdev);
06199cf8 2383
0b60eba1 2384 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2385 bool changed = false;
2386
d7a5a11d 2387 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2388 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2389 changed = true;
2390 }
2391
d7a5a11d 2392 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2393 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2394 changed = true;
2395 }
2396
06199cf8
JH		 2397 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2398 if (err < 0)
1de028ce 2399 goto unlock;
06199cf8
JH		 2400
2401 if (changed)
2402 err = new_settings(hdev, sk);
2403
1de028ce 2404 goto unlock;
06199cf8
JH		 2405 }
2406
4375f103
JH		 2407 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2408 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2409 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2410 MGMT_STATUS_BUSY);
1de028ce 2411 goto unlock;
06199cf8
JH		 2412 }
2413
2414 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2415 if (!cmd) {
2416 err = -ENOMEM;
1de028ce 2417 goto unlock;
06199cf8
JH		 2418 }
2419
441ad2d0
MH		 2420 hci_req_init(&req, hdev);
2421
06199cf8
JH		 2422 memset(&hci_cp, 0, sizeof(hci_cp));
2423
2424 if (val) {
2425 hci_cp.le = val;
32226e4f 2426 hci_cp.simul = 0x00;
441ad2d0 2427 } else {
d7a5a11d 2428 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2429 disable_advertising(&req);
06199cf8
JH		 2430 }
2431
416a4ae5
JH		 2432 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2433 &hci_cp);
2434
2435 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2436 if (err < 0)
06199cf8 2437 mgmt_pending_remove(cmd);
06199cf8 2438
1de028ce
JH		 2439unlock:
2440 hci_dev_unlock(hdev);
06199cf8
JH		 2441 return err;
2442}
2443
0cab9c80
JH		 2444/* This is a helper function to test for pending mgmt commands that can
2445 * cause CoD or EIR HCI commands. We can only allow one such pending
2446 * mgmt command at a time since otherwise we cannot easily track what
2447 * the current values are, will be, and based on that calculate if a new
2448 * HCI command needs to be sent and if yes with what value.
2449 */
2450static bool pending_eir_or_class(struct hci_dev *hdev)
2451{
3b0602cd 2452 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2453
2454 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2455 switch (cmd->opcode) {
2456 case MGMT_OP_ADD_UUID:
2457 case MGMT_OP_REMOVE_UUID:
2458 case MGMT_OP_SET_DEV_CLASS:
2459 case MGMT_OP_SET_POWERED:
2460 return true;
2461 }
2462 }
2463
2464 return false;
2465}
2466
83be8eca
JH		 2467static const u8 bluetooth_base_uuid[] = {
2468 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2469 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2470};
2471
2472static u8 get_uuid_size(const u8 *uuid)
2473{
2474 u32 val;
2475
2476 if (memcmp(uuid, bluetooth_base_uuid, 12))
2477 return 128;
2478
2479 val = get_unaligned_le32(&uuid[12]);
2480 if (val > 0xffff)
2481 return 32;
2482
2483 return 16;
2484}
2485
92da6097
JH		 2486static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2487{
3b0602cd 2488 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2489
2490 hci_dev_lock(hdev);
2491
2492 cmd = mgmt_pending_find(mgmt_op, hdev);
2493 if (!cmd)
2494 goto unlock;
2495
2a1afb5a
JH		 2496 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2497 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2498
2499 mgmt_pending_remove(cmd);
2500
2501unlock:
2502 hci_dev_unlock(hdev);
2503}
2504
1904a853 2505static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2506{
2507 BT_DBG("status 0x%02x", status);
2508
2509 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2510}
2511
bdb6d971 2512static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2513{
650f726d 2514 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2515 struct mgmt_pending_cmd *cmd;
890ea898 2516 struct hci_request req;
2aeb9a1a 2517 struct bt_uuid *uuid;
2aeb9a1a
JH		 2518 int err;
2519
bdb6d971 2520 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2521
09fd0de5 2522 hci_dev_lock(hdev);
2aeb9a1a 2523
0cab9c80 2524 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2525 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2526 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2527 goto failed;
2528 }
2529
92c4c204 2530 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2531 if (!uuid) {
2532 err = -ENOMEM;
2533 goto failed;
2534 }
2535
2536 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2537 uuid->svc_hint = cp->svc_hint;
83be8eca 2538 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2539
de66aa63 2540 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2541
890ea898 2542 hci_req_init(&req, hdev);
1aff6f09 2543
890ea898
JH		 2544 update_class(&req);
2545 update_eir(&req);
2546
92da6097
JH		 2547 err = hci_req_run(&req, add_uuid_complete);
2548 if (err < 0) {
2549 if (err != -ENODATA)
2550 goto failed;
80a1e1db 2551
2a1afb5a
JH		 2552 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2553 hdev->dev_class, 3);
90e70454
JH		 2554 goto failed;
2555 }
2556
2557 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2558 if (!cmd) {
90e70454 2559 err = -ENOMEM;
890ea898
JH		 2560 goto failed;
2561 }
2562
2563 err = 0;
2aeb9a1a
JH		 2564
2565failed:
09fd0de5 2566 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2567 return err;
2568}
2569
24b78d0f
JH		 2570static bool enable_service_cache(struct hci_dev *hdev)
2571{
2572 if (!hdev_is_powered(hdev))
2573 return false;
2574
238be788 2575 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2576 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2577 CACHE_TIMEOUT);
24b78d0f
JH		 2578 return true;
2579 }
2580
2581 return false;
2582}
2583
1904a853 2584static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2585{
2586 BT_DBG("status 0x%02x", status);
2587
2588 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2589}
2590
bdb6d971 2591static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2592 u16 len)
2aeb9a1a 2593{
650f726d 2594 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2595 struct mgmt_pending_cmd *cmd;
056341c8 2596 struct bt_uuid *match, *tmp;
2aeb9a1a 2597 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2598 struct hci_request req;
2aeb9a1a
JH		 2599 int err, found;
2600
bdb6d971 2601 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2602
09fd0de5 2603 hci_dev_lock(hdev);
2aeb9a1a 2604
0cab9c80 2605 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2606 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2607 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2608 goto unlock;
2609 }
2610
2aeb9a1a 2611 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2612 hci_uuids_clear(hdev);
4004b6d9 2613
24b78d0f 2614 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2615 err = mgmt_cmd_complete(sk, hdev->id,
2616 MGMT_OP_REMOVE_UUID,
2617 0, hdev->dev_class, 3);
24b78d0f
JH		 2618 goto unlock;
2619 }
4004b6d9 2620
9246a869 2621 goto update_class;
2aeb9a1a
JH		 2622 }
2623
2624 found = 0;
2625
056341c8 2626 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2627 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2628 continue;
2629
2630 list_del(&match->list);
482049f7 2631 kfree(match);
2aeb9a1a
JH		 2632 found++;
2633 }
2634
2635 if (found == 0) {
a69e8375
JH		 2636 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2637 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2638 goto unlock;
2639 }
2640
9246a869 2641update_class:
890ea898 2642 hci_req_init(&req, hdev);
1aff6f09 2643
890ea898
JH		 2644 update_class(&req);
2645 update_eir(&req);
2646
92da6097
JH		 2647 err = hci_req_run(&req, remove_uuid_complete);
2648 if (err < 0) {
2649 if (err != -ENODATA)
2650 goto unlock;
80a1e1db 2651
2a1afb5a
JH		 2652 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2653 hdev->dev_class, 3);
90e70454
JH		 2654 goto unlock;
2655 }
2656
2657 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2658 if (!cmd) {
90e70454 2659 err = -ENOMEM;
890ea898
JH		 2660 goto unlock;
2661 }
2662
2663 err = 0;
2aeb9a1a
JH		 2664
2665unlock:
09fd0de5 2666 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2667 return err;
2668}
2669
1904a853 2670static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2671{
2672 BT_DBG("status 0x%02x", status);
2673
2674 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2675}
2676
bdb6d971 2677static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2678 u16 len)
1aff6f09 2679{
650f726d 2680 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2681 struct mgmt_pending_cmd *cmd;
890ea898 2682 struct hci_request req;
1aff6f09
JH		 2683 int err;
2684
bdb6d971 2685 BT_DBG("request for %s", hdev->name);
1aff6f09 2686
6203fc98 2687 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2688 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2689 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2690
0cab9c80 2691 hci_dev_lock(hdev);
ee98f473 2692
0cab9c80 2693 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2694 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2695 MGMT_STATUS_BUSY);
0cab9c80
JH		 2696 goto unlock;
2697 }
c95f0ba7 2698
0cab9c80 2699 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2700 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2701 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2702 goto unlock;
2703 }
575b3a02 2704
932f5ff5
JH		 2705 hdev->major_class = cp->major;
2706 hdev->minor_class = cp->minor;
2707
b5235a65 2708 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2709 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2710 hdev->dev_class, 3);
b5235a65
JH		 2711 goto unlock;
2712 }
2713
890ea898
JH		 2714 hci_req_init(&req, hdev);
2715
a69d8927 2716 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2717 hci_dev_unlock(hdev);
2718 cancel_delayed_work_sync(&hdev->service_cache);
2719 hci_dev_lock(hdev);
890ea898 2720 update_eir(&req);
7d78525d 2721 }
14c0b608 2722
890ea898
JH		 2723 update_class(&req);
2724
92da6097
JH		 2725 err = hci_req_run(&req, set_class_complete);
2726 if (err < 0) {
2727 if (err != -ENODATA)
2728 goto unlock;
1aff6f09 2729
2a1afb5a
JH		 2730 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2731 hdev->dev_class, 3);
90e70454
JH		 2732 goto unlock;
2733 }
2734
2735 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2736 if (!cmd) {
90e70454 2737 err = -ENOMEM;
890ea898
JH		 2738 goto unlock;
2739 }
2740
2741 err = 0;
1aff6f09 2742
b5235a65 2743unlock:
09fd0de5 2744 hci_dev_unlock(hdev);
1aff6f09
JH		 2745 return err;
2746}
2747
bdb6d971 2748static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2749 u16 len)
55ed8ca1 2750{
650f726d 2751 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2752 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2753 sizeof(struct mgmt_link_key_info));
4e51eae9 2754 u16 key_count, expected_len;
b1de97d8 2755 bool changed;
a492cd52 2756 int i;
55ed8ca1 2757
9060d5cf
MH		 2758 BT_DBG("request for %s", hdev->name);
2759
2760 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2762 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2763
1f350c87 2764 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2765 if (key_count > max_key_count) {
2766 BT_ERR("load_link_keys: too big key_count value %u",
2767 key_count);
a69e8375
JH		 2768 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2769 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2770 }
55ed8ca1 2771
86742e1e
JH		 2772 expected_len = sizeof(*cp) + key_count *
2773 sizeof(struct mgmt_link_key_info);
a492cd52 2774 if (expected_len != len) {
86742e1e 2775 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2776 expected_len, len);
a69e8375
JH		 2777 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2778 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2779 }
2780
4ae14301 2781 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2782 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2783 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2784
bdb6d971 2785 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2786 key_count);
55ed8ca1 2787
4ee71b20
JH		 2788 for (i = 0; i < key_count; i++) {
2789 struct mgmt_link_key_info *key = &cp->keys[i];
2790
8e991132 2791 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2792 return mgmt_cmd_status(sk, hdev->id,
2793 MGMT_OP_LOAD_LINK_KEYS,
2794 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2795 }
2796
09fd0de5 2797 hci_dev_lock(hdev);
55ed8ca1
JH		 2798
2799 hci_link_keys_clear(hdev);
2800
55ed8ca1 2801 if (cp->debug_keys)
238be788 2802 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2803 else
a69d8927
MH		 2804 changed = hci_dev_test_and_clear_flag(hdev,
2805 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2806
2807 if (changed)
2808 new_settings(hdev, NULL);
55ed8ca1 2809
a492cd52 2810 for (i = 0; i < key_count; i++) {
86742e1e 2811 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2812
58e9293c
JH		 2813 /* Always ignore debug keys and require a new pairing if
2814 * the user wants to use them.
2815 */
2816 if (key->type == HCI_LK_DEBUG_COMBINATION)
2817 continue;
2818
7652ff6a
JH		 2819 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2820 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2821 }
2822
2a1afb5a 2823 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2824
09fd0de5 2825 hci_dev_unlock(hdev);
55ed8ca1 2826
a492cd52 2827 return 0;
55ed8ca1
JH		 2828}
2829
b1078ad0 2830static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2831 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2832{
2833 struct mgmt_ev_device_unpaired ev;
2834
2835 bacpy(&ev.addr.bdaddr, bdaddr);
2836 ev.addr.type = addr_type;
2837
2838 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2839 skip_sk);
b1078ad0
JH		 2840}
2841
bdb6d971 2842static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2843 u16 len)
55ed8ca1 2844{
124f6e35
JH		 2845 struct mgmt_cp_unpair_device *cp = data;
2846 struct mgmt_rp_unpair_device rp;
a8a1d19e 2847 struct hci_cp_disconnect dc;
3b0602cd 2848 struct mgmt_pending_cmd *cmd;
55ed8ca1 2849 struct hci_conn *conn;
55ed8ca1
JH		 2850 int err;
2851
a8a1d19e 2852 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2853 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2854 rp.addr.type = cp->addr.type;
a8a1d19e 2855
4ee71b20 2856 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2857 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2858 MGMT_STATUS_INVALID_PARAMS,
2859 &rp, sizeof(rp));
4ee71b20 2860
118da70b 2861 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2862 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2863 MGMT_STATUS_INVALID_PARAMS,
2864 &rp, sizeof(rp));
118da70b 2865
4ee71b20
JH		 2866 hci_dev_lock(hdev);
2867
86a8cfc6 2868 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2869 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2870 MGMT_STATUS_NOT_POWERED, &rp,
2871 sizeof(rp));
86a8cfc6
JH		 2872 goto unlock;
2873 }
2874
e0b2b27e 2875 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2876 /* If disconnection is requested, then look up the
2877 * connection. If the remote device is connected, it
2878 * will be later used to terminate the link.
2879 *
2880 * Setting it to NULL explicitly will cause no
2881 * termination of the link.
2882 */
2883 if (cp->disconnect)
2884 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2885 &cp->addr.bdaddr);
2886 else
2887 conn = NULL;
2888
124f6e35 2889 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2890 } else {
2891 u8 addr_type;
2892
89cbb063
AA		 2893 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2894 &cp->addr.bdaddr);
2895 if (conn) {
2896 /* Defer clearing up the connection parameters
2897 * until closing to give a chance of keeping
2898 * them if a repairing happens.
2899 */
2900 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2901
2902 /* If disconnection is not requested, then
2903 * clear the connection variable so that the
2904 * link is not terminated.
2905 */
2906 if (!cp->disconnect)
2907 conn = NULL;
2908 }
2909
e0b2b27e
JH		 2910 if (cp->addr.type == BDADDR_LE_PUBLIC)
2911 addr_type = ADDR_LE_DEV_PUBLIC;
2912 else
2913 addr_type = ADDR_LE_DEV_RANDOM;
2914
a7ec7338
JH		 2915 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2916
e0b2b27e
JH		 2917 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2918 }
b0dbfb46 2919
55ed8ca1 2920 if (err < 0) {
2a1afb5a
JH		 2921 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2922 MGMT_STATUS_NOT_PAIRED, &rp,
2923 sizeof(rp));
55ed8ca1
JH		 2924 goto unlock;
2925 }
2926
89cbb063
AA		 2927 /* If the connection variable is set, then termination of the
2928 * link is requested.
2929 */
a8a1d19e 2930 if (!conn) {
2a1afb5a
JH		 2931 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2932 &rp, sizeof(rp));
b1078ad0 2933 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2934 goto unlock;
2935 }
55ed8ca1 2936
124f6e35 2937 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2938 sizeof(*cp));
a8a1d19e
JH		 2939 if (!cmd) {
2940 err = -ENOMEM;
2941 goto unlock;
55ed8ca1
JH		 2942 }
2943
d8b7b1e4
JH		 2944 cmd->cmd_complete = addr_cmd_complete;
2945
eb55ef07 2946 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2947 dc.reason = 0x13; /* Remote User Terminated Connection */
2948 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2949 if (err < 0)
2950 mgmt_pending_remove(cmd);
2951
55ed8ca1 2952unlock:
09fd0de5 2953 hci_dev_unlock(hdev);
55ed8ca1
JH		 2954 return err;
2955}
2956
bdb6d971 2957static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2958 u16 len)
8962ee74 2959{
650f726d 2960 struct mgmt_cp_disconnect *cp = data;
06a63b19 2961 struct mgmt_rp_disconnect rp;
3b0602cd 2962 struct mgmt_pending_cmd *cmd;
8962ee74 2963 struct hci_conn *conn;
8962ee74
JH		 2964 int err;
2965
2966 BT_DBG("");
2967
06a63b19
JH		 2968 memset(&rp, 0, sizeof(rp));
2969 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2970 rp.addr.type = cp->addr.type;
2971
4ee71b20 2972 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2973 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2974 MGMT_STATUS_INVALID_PARAMS,
2975 &rp, sizeof(rp));
4ee71b20 2976
09fd0de5 2977 hci_dev_lock(hdev);
8962ee74
JH		 2978
2979 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2980 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2981 MGMT_STATUS_NOT_POWERED, &rp,
2982 sizeof(rp));
8962ee74
JH		 2983 goto failed;
2984 }
2985
2e58ef3e 2986 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2987 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2988 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2989 goto failed;
2990 }
2991
591f47f3 2992 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2993 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2994 &cp->addr.bdaddr);
88c3df13
JH		 2995 else
2996 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2997
f960727e 2998 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2999 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3000 MGMT_STATUS_NOT_CONNECTED, &rp,
3001 sizeof(rp));
8962ee74
JH		 3002 goto failed;
3003 }
3004
2e58ef3e 3005 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3006 if (!cmd) {
3007 err = -ENOMEM;
8962ee74 3008 goto failed;
366a0336 3009 }
8962ee74 3010
f5818c22
JH		 3011 cmd->cmd_complete = generic_cmd_complete;
3012
e3f2f92a 3013 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3014 if (err < 0)
a664b5bc 3015 mgmt_pending_remove(cmd);
8962ee74
JH		 3016
3017failed:
09fd0de5 3018 hci_dev_unlock(hdev);
8962ee74
JH		 3019 return err;
3020}
3021
57c1477c 3022static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3023{
3024 switch (link_type) {
3025 case LE_LINK:
48264f06
JH		 3026 switch (addr_type) {
3027 case ADDR_LE_DEV_PUBLIC:
591f47f3 3028 return BDADDR_LE_PUBLIC;
0ed09148 3029
48264f06 3030 default:
0ed09148 3031 /* Fallback to LE Random address type */
591f47f3 3032 return BDADDR_LE_RANDOM;
48264f06 3033 }
0ed09148 3034
4c659c39 3035 default:
0ed09148 3036 /* Fallback to BR/EDR type */
591f47f3 3037 return BDADDR_BREDR;
4c659c39
JH		 3038 }
3039}
3040
04124681
GP		 3041static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3042 u16 data_len)
2784eb41 3043{
2784eb41 3044 struct mgmt_rp_get_connections *rp;
8035ded4 3045 struct hci_conn *c;
a38528f1 3046 size_t rp_len;
60fc5fb6
JH		 3047 int err;
3048 u16 i;
2784eb41
JH		 3049
3050 BT_DBG("");
3051
09fd0de5 3052 hci_dev_lock(hdev);
2784eb41 3053
5f97c1df 3054 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3055 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3056 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3057 goto unlock;
3058 }
3059
60fc5fb6 3060 i = 0;
b644ba33
JH		 3061 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3062 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3063 i++;
2784eb41
JH		 3064 }
3065
60fc5fb6 3066 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3067 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3068 if (!rp) {
2784eb41
JH		 3069 err = -ENOMEM;
3070 goto unlock;
3071 }
3072
2784eb41 3073 i = 0;
4c659c39 3074 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3075 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3076 continue;
4c659c39 3077 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3078 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3079 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3080 continue;
3081 i++;
3082 }
3083
eb55ef07 3084 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3085
4c659c39
JH		 3086 /* Recalculate length in case of filtered SCO connections, etc */
3087 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3088
2a1afb5a
JH		 3089 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3090 rp_len);
2784eb41 3091
a38528f1 3092 kfree(rp);
5f97c1df
JH		 3093
3094unlock:
09fd0de5 3095 hci_dev_unlock(hdev);
2784eb41
JH		 3096 return err;
3097}
3098
bdb6d971 3099static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3100 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3101{
3b0602cd 3102 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3103 int err;
3104
2e58ef3e 3105 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3106 sizeof(*cp));
96d97a67
WR		 3107 if (!cmd)
3108 return -ENOMEM;
3109
d8457698 3110 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3111 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3112 if (err < 0)
3113 mgmt_pending_remove(cmd);
3114
3115 return err;
3116}
3117
bdb6d971 3118static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3119 u16 len)
980e1a53 3120{
96d97a67 3121 struct hci_conn *conn;
650f726d 3122 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3123 struct hci_cp_pin_code_reply reply;
3b0602cd 3124 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3125 int err;
3126
3127 BT_DBG("");
3128
09fd0de5 3129 hci_dev_lock(hdev);
980e1a53 3130
4b34ee78 3131 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3132 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3133 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3134 goto failed;
3135 }
3136
d8457698 3137 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3138 if (!conn) {
a69e8375
JH		 3139 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3140 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3141 goto failed;
3142 }
3143
3144 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3145 struct mgmt_cp_pin_code_neg_reply ncp;
3146
3147 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3148
3149 BT_ERR("PIN code is not 16 bytes long");
3150
bdb6d971 3151 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3152 if (err >= 0)
a69e8375
JH		 3153 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3154 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3155
3156 goto failed;
3157 }
3158
00abfe44 3159 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3160 if (!cmd) {
3161 err = -ENOMEM;
980e1a53 3162 goto failed;
366a0336 3163 }
980e1a53 3164
7776d1d8
JH		 3165 cmd->cmd_complete = addr_cmd_complete;
3166
d8457698 3167 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3168 reply.pin_len = cp->pin_len;
24718ca5 3169 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3170
3171 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3172 if (err < 0)
a664b5bc 3173 mgmt_pending_remove(cmd);
980e1a53
JH		 3174
3175failed:
09fd0de5 3176 hci_dev_unlock(hdev);
980e1a53
JH		 3177 return err;
3178}
3179
04124681
GP		 3180static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3181 u16 len)
17fa4b9d 3182{
650f726d 3183 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3184
3185 BT_DBG("");
3186
4ec86d4c 3187 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3188 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3189 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3190
09fd0de5 3191 hci_dev_lock(hdev);
17fa4b9d
JH		 3192
3193 hdev->io_capability = cp->io_capability;
3194
3195 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3196 hdev->io_capability);
17fa4b9d 3197
09fd0de5 3198 hci_dev_unlock(hdev);
17fa4b9d 3199
2a1afb5a
JH		 3200 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3201 NULL, 0);
17fa4b9d
JH		 3202}
3203
3b0602cd 3204static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3205{
3206 struct hci_dev *hdev = conn->hdev;
3b0602cd 3207 struct mgmt_pending_cmd *cmd;
e9a416b5 3208
2e58ef3e 3209 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3210 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3211 continue;
3212
e9a416b5
JH		 3213 if (cmd->user_data != conn)
3214 continue;
3215
3216 return cmd;
3217 }
3218
3219 return NULL;
3220}
3221
3b0602cd 3222static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3223{
3224 struct mgmt_rp_pair_device rp;
3225 struct hci_conn *conn = cmd->user_data;
9df74653 3226 int err;
e9a416b5 3227
61b1a7fb
JH		 3228 bacpy(&rp.addr.bdaddr, &conn->dst);
3229 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3230
2a1afb5a
JH		 3231 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3232 status, &rp, sizeof(rp));
e9a416b5
JH		 3233
3234 /* So we don't get further callbacks for this connection */
3235 conn->connect_cfm_cb = NULL;
3236 conn->security_cfm_cb = NULL;
3237 conn->disconn_cfm_cb = NULL;
3238
76a68ba0 3239 hci_conn_drop(conn);
89cbb063
AA		 3240
3241 /* The device is paired so there is no need to remove
3242 * its connection parameters anymore.
3243 */
3244 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3245
3246 hci_conn_put(conn);
9df74653
JH		 3247
3248 return err;
e9a416b5
JH		 3249}
3250
f4a407be
JH		 3251void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3252{
3253 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3254 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3255
3256 cmd = find_pairing(conn);
a511b35b 3257 if (cmd) {
04ab2749 3258 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3259 mgmt_pending_remove(cmd);
3260 }
f4a407be
JH		 3261}
3262
e9a416b5
JH		 3263static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3264{
3b0602cd 3265 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3266
3267 BT_DBG("status %u", status);
3268
3269 cmd = find_pairing(conn);
a511b35b 3270 if (!cmd) {
e9a416b5 3271 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3272 return;
3273 }
3274
3275 cmd->cmd_complete(cmd, mgmt_status(status));
3276 mgmt_pending_remove(cmd);
e9a416b5
JH		 3277}
3278
f4a407be 3279static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3280{
3b0602cd 3281 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3282
3283 BT_DBG("status %u", status);
3284
3285 if (!status)
3286 return;
3287
3288 cmd = find_pairing(conn);
a511b35b 3289 if (!cmd) {
4c47d739 3290 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3291 return;
3292 }
3293
3294 cmd->cmd_complete(cmd, mgmt_status(status));
3295 mgmt_pending_remove(cmd);
4c47d739
VA		 3296}
3297
bdb6d971 3298static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3299 u16 len)
e9a416b5 3300{
650f726d 3301 struct mgmt_cp_pair_device *cp = data;
1425acb7 3302 struct mgmt_rp_pair_device rp;
3b0602cd 3303 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3304 u8 sec_level, auth_type;
3305 struct hci_conn *conn;
e9a416b5
JH		 3306 int err;
3307
3308 BT_DBG("");
3309
f950a30e
SJ		 3310 memset(&rp, 0, sizeof(rp));
3311 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3312 rp.addr.type = cp->addr.type;
3313
4ee71b20 3314 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3315 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3316 MGMT_STATUS_INVALID_PARAMS,
3317 &rp, sizeof(rp));
4ee71b20 3318
4ec86d4c 3319 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3320 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3321 MGMT_STATUS_INVALID_PARAMS,
3322 &rp, sizeof(rp));
4ec86d4c 3323
09fd0de5 3324 hci_dev_lock(hdev);
e9a416b5 3325
5f97c1df 3326 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3327 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3328 MGMT_STATUS_NOT_POWERED, &rp,
3329 sizeof(rp));
5f97c1df
JH		 3330 goto unlock;
3331 }
3332
55e76b38
JH		 3333 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3334 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3335 MGMT_STATUS_ALREADY_PAIRED, &rp,
3336 sizeof(rp));
3337 goto unlock;
3338 }
3339
c908df36 3340 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3341 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3342
6f77d8c7 3343 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3344 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3345 auth_type);
6f77d8c7
AG		 3346 } else {
3347 u8 addr_type;
3348
3349 /* Convert from L2CAP channel address type to HCI address type
3350 */
3351 if (cp->addr.type == BDADDR_LE_PUBLIC)
3352 addr_type = ADDR_LE_DEV_PUBLIC;
3353 else
3354 addr_type = ADDR_LE_DEV_RANDOM;
3355
7c264b10
MH		 3356 /* When pairing a new device, it is expected to remember
3357 * this device for future connections. Adding the connection
3358 * parameter information ahead of time allows tracking
3359 * of the slave preferred values and will speed up any
3360 * further connection establishment.
3361 *
3362 * If connection parameters already exist, then they
3363 * will be kept and this function does nothing.
3364 */
3365 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3366
6f77d8c7 3367 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3368 sec_level, HCI_LE_CONN_TIMEOUT,
3369 HCI_ROLE_MASTER);
6f77d8c7 3370 }
7a512d01 3371
30e76272 3372 if (IS_ERR(conn)) {
489dc48e
AK		 3373 int status;
3374
3375 if (PTR_ERR(conn) == -EBUSY)
3376 status = MGMT_STATUS_BUSY;
faa81030
LR		 3377 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3378 status = MGMT_STATUS_NOT_SUPPORTED;
3379 else if (PTR_ERR(conn) == -ECONNREFUSED)
3380 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3381 else
3382 status = MGMT_STATUS_CONNECT_FAILED;
3383
2a1afb5a
JH		 3384 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3385 status, &rp, sizeof(rp));
e9a416b5
JH		 3386 goto unlock;
3387 }
3388
3389 if (conn->connect_cfm_cb) {
76a68ba0 3390 hci_conn_drop(conn);
2a1afb5a
JH		 3391 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3392 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3393 goto unlock;
3394 }
3395
2e58ef3e 3396 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3397 if (!cmd) {
3398 err = -ENOMEM;
76a68ba0 3399 hci_conn_drop(conn);
e9a416b5
JH		 3400 goto unlock;
3401 }
3402
04ab2749
JH		 3403 cmd->cmd_complete = pairing_complete;
3404
7a512d01 3405 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3406 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3407 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3408 conn->security_cfm_cb = pairing_complete_cb;
3409 conn->disconn_cfm_cb = pairing_complete_cb;
3410 } else {
3411 conn->connect_cfm_cb = le_pairing_complete_cb;
3412 conn->security_cfm_cb = le_pairing_complete_cb;
3413 conn->disconn_cfm_cb = le_pairing_complete_cb;
3414 }
7a512d01 3415
e9a416b5 3416 conn->io_capability = cp->io_cap;
f8aaf9b6 3417 cmd->user_data = hci_conn_get(conn);
e9a416b5 3418
6f78fd4b 3419 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3420 hci_conn_security(conn, sec_level, auth_type, true)) {
3421 cmd->cmd_complete(cmd, 0);
3422 mgmt_pending_remove(cmd);
3423 }
e9a416b5
JH		 3424
3425 err = 0;
3426
3427unlock:
09fd0de5 3428 hci_dev_unlock(hdev);
e9a416b5
JH		 3429 return err;
3430}
3431
04124681
GP		 3432static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3433 u16 len)
28424707 3434{
0f4e68cf 3435 struct mgmt_addr_info *addr = data;
3b0602cd 3436 struct mgmt_pending_cmd *cmd;
28424707
JH		 3437 struct hci_conn *conn;
3438 int err;
3439
3440 BT_DBG("");
3441
28424707
JH		 3442 hci_dev_lock(hdev);
3443
5f97c1df 3444 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3445 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3446 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3447 goto unlock;
3448 }
3449
28424707
JH		 3450 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3451 if (!cmd) {
a69e8375
JH		 3452 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3453 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3454 goto unlock;
3455 }
3456
3457 conn = cmd->user_data;
3458
3459 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3460 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3461 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3462 goto unlock;
3463 }
3464
a511b35b
JH		 3465 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3466 mgmt_pending_remove(cmd);
28424707 3467
2a1afb5a
JH		 3468 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3469 addr, sizeof(*addr));
28424707
JH		 3470unlock:
3471 hci_dev_unlock(hdev);
28424707
JH		 3472 return err;
3473}
3474
bdb6d971 3475static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3476 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3477 u16 hci_op, __le32 passkey)
a5c29683 3478{
3b0602cd 3479 struct mgmt_pending_cmd *cmd;
0df4c185 3480 struct hci_conn *conn;
a5c29683
JH		 3481 int err;
3482
09fd0de5 3483 hci_dev_lock(hdev);
08ba5382 3484
4b34ee78 3485 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3486 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3487 MGMT_STATUS_NOT_POWERED, addr,
3488 sizeof(*addr));
0df4c185 3489 goto done;
a5c29683
JH		 3490 }
3491
1707c60e
JH		 3492 if (addr->type == BDADDR_BREDR)
3493 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3494 else
1707c60e 3495 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3496
3497 if (!conn) {
2a1afb5a
JH		 3498 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3499 MGMT_STATUS_NOT_CONNECTED, addr,
3500 sizeof(*addr));
272d90df
JH		 3501 goto done;
3502 }
47c15e2b 3503
1707c60e 3504 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3505 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3506 if (!err)
2a1afb5a
JH		 3507 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3508 MGMT_STATUS_SUCCESS, addr,
3509 sizeof(*addr));
5fe57d9e 3510 else
2a1afb5a
JH		 3511 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3512 MGMT_STATUS_FAILED, addr,
3513 sizeof(*addr));
47c15e2b 3514
47c15e2b
BG		 3515 goto done;
3516 }
3517
1707c60e 3518 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3519 if (!cmd) {
3520 err = -ENOMEM;
0df4c185 3521 goto done;
a5c29683
JH		 3522 }
3523
7776d1d8
JH		 3524 cmd->cmd_complete = addr_cmd_complete;
3525
0df4c185 3526 /* Continue with pairing via HCI */
604086b7
BG		 3527 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3528 struct hci_cp_user_passkey_reply cp;
3529
1707c60e 3530 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3531 cp.passkey = passkey;
3532 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3533 } else
1707c60e
JH		 3534 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3535 &addr->bdaddr);
604086b7 3536
a664b5bc
JH		 3537 if (err < 0)
3538 mgmt_pending_remove(cmd);
a5c29683 3539
0df4c185 3540done:
09fd0de5 3541 hci_dev_unlock(hdev);
a5c29683
JH		 3542 return err;
3543}
3544
afeb019d
JK		 3545static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3546 void *data, u16 len)
3547{
3548 struct mgmt_cp_pin_code_neg_reply *cp = data;
3549
3550 BT_DBG("");
3551
1707c60e 3552 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3553 MGMT_OP_PIN_CODE_NEG_REPLY,
3554 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3555}
3556
04124681
GP		 3557static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3558 u16 len)
0df4c185 3559{
650f726d 3560 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3561
3562 BT_DBG("");
3563
3564 if (len != sizeof(*cp))
a69e8375
JH		 3565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3566 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3567
1707c60e 3568 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3569 MGMT_OP_USER_CONFIRM_REPLY,
3570 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3571}
3572
bdb6d971 3573static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3574 void *data, u16 len)
0df4c185 3575{
c9c2659f 3576 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3577
3578 BT_DBG("");
3579
1707c60e 3580 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3581 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3582 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3583}
3584
04124681
GP		 3585static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3586 u16 len)
604086b7 3587{
650f726d 3588 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3589
3590 BT_DBG("");
3591
1707c60e 3592 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3593 MGMT_OP_USER_PASSKEY_REPLY,
3594 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3595}
3596
bdb6d971 3597static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3598 void *data, u16 len)
604086b7 3599{
650f726d 3600 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3601
3602 BT_DBG("");
3603
1707c60e 3604 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3605 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3606 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3607}
3608
13928971 3609static void update_name(struct hci_request *req)
2b4bf397 3610{
13928971 3611 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3612 struct hci_cp_write_local_name cp;
3613
13928971 3614 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3615
890ea898 3616 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3617}
3618
1904a853 3619static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3620{
3621 struct mgmt_cp_set_local_name *cp;
3b0602cd 3622 struct mgmt_pending_cmd *cmd;
13928971
JH		 3623
3624 BT_DBG("status 0x%02x", status);
3625
3626 hci_dev_lock(hdev);
3627
3628 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3629 if (!cmd)
3630 goto unlock;
3631
3632 cp = cmd->param;
3633
3634 if (status)
a69e8375
JH		 3635 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3636 mgmt_status(status));
13928971 3637 else
2a1afb5a
JH		 3638 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3639 cp, sizeof(*cp));
13928971
JH		 3640
3641 mgmt_pending_remove(cmd);
3642
3643unlock:
3644 hci_dev_unlock(hdev);
3645}
3646
bdb6d971 3647static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3648 u16 len)
b312b161 3649{
2b4bf397 3650 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3651 struct mgmt_pending_cmd *cmd;
890ea898 3652 struct hci_request req;
b312b161
JH		 3653 int err;
3654
3655 BT_DBG("");
3656
09fd0de5 3657 hci_dev_lock(hdev);
b312b161 3658
b3f2ca94
JH		 3659 /* If the old values are the same as the new ones just return a
3660 * direct command complete event.
3661 */
3662 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3663 !memcmp(hdev->short_name, cp->short_name,
3664 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3665 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3666 data, len);
b3f2ca94
JH		 3667 goto failed;
3668 }
3669
2b4bf397 3670 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3671
b5235a65 3672 if (!hdev_is_powered(hdev)) {
2b4bf397 3673 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3674
2a1afb5a
JH		 3675 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3676 data, len);
28cc7bde
JH		 3677 if (err < 0)
3678 goto failed;
3679
3680 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3681 sk);
28cc7bde 3682
b5235a65
JH		 3683 goto failed;
3684 }
3685
28cc7bde 3686 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3687 if (!cmd) {
3688 err = -ENOMEM;
3689 goto failed;
3690 }
3691
13928971
JH		 3692 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3693
890ea898 3694 hci_req_init(&req, hdev);
3f985050
JH		 3695
3696 if (lmp_bredr_capable(hdev)) {
3697 update_name(&req);
3698 update_eir(&req);
3699 }
3700
7a5f4990
MH		 3701 /* The name is stored in the scan response data and so
3702 * no need to udpate the advertising data here.
3703 */
3f985050 3704 if (lmp_le_capable(hdev))
7a5f4990 3705 update_scan_rsp_data(&req);
3f985050 3706
13928971 3707 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3708 if (err < 0)
3709 mgmt_pending_remove(cmd);
3710
3711failed:
09fd0de5 3712 hci_dev_unlock(hdev);
b312b161
JH		 3713 return err;
3714}
3715
0f4e68cf 3716static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3717 void *data, u16 data_len)
c35938b2 3718{
3b0602cd 3719 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3720 int err;
3721
bdb6d971 3722 BT_DBG("%s", hdev->name);
c35938b2 3723
09fd0de5 3724 hci_dev_lock(hdev);
c35938b2 3725
4b34ee78 3726 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3727 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3728 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3729 goto unlock;
3730 }
3731
9a1a1996 3732 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3733 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3734 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3735 goto unlock;
3736 }
3737
2e58ef3e 3738 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3739 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3740 MGMT_STATUS_BUSY);
c35938b2
SJ		 3741 goto unlock;
3742 }
3743
2e58ef3e 3744 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3745 if (!cmd) {
3746 err = -ENOMEM;
3747 goto unlock;
3748 }
3749
710f11c0 3750 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3751 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3752 0, NULL);
3753 else
3754 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3755
c35938b2
SJ		 3756 if (err < 0)
3757 mgmt_pending_remove(cmd);
3758
3759unlock:
09fd0de5 3760 hci_dev_unlock(hdev);
c35938b2
SJ		 3761 return err;
3762}
3763
bdb6d971 3764static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3765 void *data, u16 len)
2763eda6 3766{
5d57e796 3767 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3768 int err;
3769
bdb6d971 3770 BT_DBG("%s ", hdev->name);
2763eda6 3771
5d57e796 3772 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3773 return mgmt_cmd_complete(sk, hdev->id,
3774 MGMT_OP_ADD_REMOTE_OOB_DATA,
3775 MGMT_STATUS_INVALID_PARAMS,
3776 addr, sizeof(*addr));
5d57e796 3777
09fd0de5 3778 hci_dev_lock(hdev);
2763eda6 3779
ec109113
MH		 3780 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3781 struct mgmt_cp_add_remote_oob_data *cp = data;
3782 u8 status;
bf1e3541 3783
c19a495c 3784 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3785 err = mgmt_cmd_complete(sk, hdev->id,
3786 MGMT_OP_ADD_REMOTE_OOB_DATA,
3787 MGMT_STATUS_INVALID_PARAMS,
3788 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3789 goto unlock;
3790 }
3791
ec109113 3792 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3793 cp->addr.type, cp->hash,
3794 cp->rand, NULL, NULL);
ec109113
MH		 3795 if (err < 0)
3796 status = MGMT_STATUS_FAILED;
3797 else
3798 status = MGMT_STATUS_SUCCESS;
3799
2a1afb5a
JH		 3800 err = mgmt_cmd_complete(sk, hdev->id,
3801 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3802 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3803 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3804 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3805 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3806 u8 status;
3807
86df9200 3808 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3809 /* Enforce zero-valued 192-bit parameters as
3810 * long as legacy SMP OOB isn't implemented.
3811 */
3812 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3813 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3814 err = mgmt_cmd_complete(sk, hdev->id,
3815 MGMT_OP_ADD_REMOTE_OOB_DATA,
3816 MGMT_STATUS_INVALID_PARAMS,
3817 addr, sizeof(*addr));
d25b78e2
JH		 3818 goto unlock;
3819 }
3820
86df9200
JH		 3821 rand192 = NULL;
3822 hash192 = NULL;
3823 } else {
41bcfd50
MH		 3824 /* In case one of the P-192 values is set to zero,
3825 * then just disable OOB data for P-192.
3826 */
3827 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3828 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3829 rand192 = NULL;
3830 hash192 = NULL;
3831 } else {
3832 rand192 = cp->rand192;
3833 hash192 = cp->hash192;
3834 }
3835 }
3836
3837 /* In case one of the P-256 values is set to zero, then just
3838 * disable OOB data for P-256.
3839 */
3840 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3841 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3842 rand256 = NULL;
3843 hash256 = NULL;
3844 } else {
3845 rand256 = cp->rand256;
3846 hash256 = cp->hash256;
86df9200
JH		 3847 }
3848
81328d5c 3849 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3850 cp->addr.type, hash192, rand192,
41bcfd50 3851 hash256, rand256);
ec109113
MH		 3852 if (err < 0)
3853 status = MGMT_STATUS_FAILED;
3854 else
3855 status = MGMT_STATUS_SUCCESS;
3856
2a1afb5a
JH		 3857 err = mgmt_cmd_complete(sk, hdev->id,
3858 MGMT_OP_ADD_REMOTE_OOB_DATA,
3859 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3860 } else {
3861 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3862 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3863 MGMT_STATUS_INVALID_PARAMS);
ec109113 3864 }
2763eda6 3865
c19a495c 3866unlock:
09fd0de5 3867 hci_dev_unlock(hdev);
2763eda6
SJ		 3868 return err;
3869}
3870
bdb6d971 3871static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3872 void *data, u16 len)
2763eda6 3873{
650f726d 3874 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3875 u8 status;
2763eda6
SJ		 3876 int err;
3877
bdb6d971 3878 BT_DBG("%s", hdev->name);
2763eda6 3879
c19a495c 3880 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3881 return mgmt_cmd_complete(sk, hdev->id,
3882 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3883 MGMT_STATUS_INVALID_PARAMS,
3884 &cp->addr, sizeof(cp->addr));
c19a495c 3885
09fd0de5 3886 hci_dev_lock(hdev);
2763eda6 3887
eedbd581
JH		 3888 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3889 hci_remote_oob_data_clear(hdev);
3890 status = MGMT_STATUS_SUCCESS;
3891 goto done;
3892 }
3893
6928a924 3894 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3895 if (err < 0)
bf1e3541 3896 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3897 else
a6785be2 3898 status = MGMT_STATUS_SUCCESS;
bf1e3541 3899
eedbd581 3900done:
2a1afb5a
JH		 3901 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3902 status, &cp->addr, sizeof(cp->addr));
2763eda6 3903
09fd0de5 3904 hci_dev_unlock(hdev);
2763eda6
SJ		 3905 return err;
3906}
3907
8019044d 3908static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3909{
8019044d
MH		 3910 struct hci_dev *hdev = req->hdev;
3911 struct hci_cp_le_set_scan_param param_cp;
3912 struct hci_cp_le_set_scan_enable enable_cp;
3913 struct hci_cp_inquiry inq_cp;
3914 /* General inquiry access code (GIAC) */
3915 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3916 u8 own_addr_type;
41dc2bd6
AG		 3917 int err;
3918
8019044d
MH		 3919 switch (hdev->discovery.type) {
3920 case DISCOV_TYPE_BREDR:
3921 *status = mgmt_bredr_support(hdev);
3922 if (*status)
3923 return false;
41dc2bd6 3924
8019044d
MH		 3925 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3926 *status = MGMT_STATUS_BUSY;
3927 return false;
3928 }
41dc2bd6 3929
8019044d 3930 hci_inquiry_cache_flush(hdev);
41dc2bd6 3931
8019044d
MH		 3932 memset(&inq_cp, 0, sizeof(inq_cp));
3933 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3934 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3935 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3936 break;
41dc2bd6 3937
8019044d
MH		 3938 case DISCOV_TYPE_LE:
3939 case DISCOV_TYPE_INTERLEAVED:
3940 *status = mgmt_le_support(hdev);
3941 if (*status)
3942 return false;
3943
3944 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
d7a5a11d 3945 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
8019044d
MH		 3946 *status = MGMT_STATUS_NOT_SUPPORTED;
3947 return false;
3948 }
3949
d7a5a11d 3950 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
8019044d
MH		 3951 /* Don't let discovery abort an outgoing
3952 * connection attempt that's using directed
3953 * advertising.
3954 */
3955 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3956 BT_CONNECT)) {
3957 *status = MGMT_STATUS_REJECTED;
3958 return false;
3959 }
3960
3961 disable_advertising(req);
3962 }
3963
3964 /* If controller is scanning, it means the background scanning
3965 * is running. Thus, we should temporarily stop it in order to
3966 * set the discovery scanning parameters.
3967 */
d7a5a11d 3968 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8019044d
MH		 3969 hci_req_add_le_scan_disable(req);
3970
3971 memset(&param_cp, 0, sizeof(param_cp));
3972
3973 /* All active scans will be done with either a resolvable
3974 * private address (when privacy feature has been enabled)
9437d2ed 3975 * or non-resolvable private address.
8019044d
MH		 3976 */
3977 err = hci_update_random_address(req, true, &own_addr_type);
3978 if (err < 0) {
3979 *status = MGMT_STATUS_FAILED;
3980 return false;
3981 }
3982
3983 param_cp.type = LE_SCAN_ACTIVE;
3984 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3985 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3986 param_cp.own_address_type = own_addr_type;
3987 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3988 &param_cp);
3989
3990 memset(&enable_cp, 0, sizeof(enable_cp));
3991 enable_cp.enable = LE_SCAN_ENABLE;
3992 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3993 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3994 &enable_cp);
3995 break;
3996
3997 default:
3998 *status = MGMT_STATUS_INVALID_PARAMS;
3999 return false;
4000 }
4001
4002 return true;
41dc2bd6
AG		 4003}
4004
1904a853
MH		 4005static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4006 u16 opcode)
7c307720 4007{
3b0602cd 4008 struct mgmt_pending_cmd *cmd;
11e6e25d 4009 unsigned long timeout;
ae55f598 4010
7c307720
AG		 4011 BT_DBG("status %d", status);
4012
11e6e25d 4013 hci_dev_lock(hdev);
41dc2bd6 4014
11e6e25d 4015 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 4016 if (!cmd)
4017 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4018
11e6e25d 4019 if (cmd) {
2922a94f 4020 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4021 mgmt_pending_remove(cmd);
4022 }
7c307720
AG		 4023
4024 if (status) {
11e6e25d
MH		 4025 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4026 goto unlock;
7c307720
AG		 4027 }
4028
7c307720 4029 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 4030
2d28cfe7
JP		 4031 /* If the scan involves LE scan, pick proper timeout to schedule
4032 * hdev->le_scan_disable that will stop it.
4033 */
7c307720
AG		 4034 switch (hdev->discovery.type) {
4035 case DISCOV_TYPE_LE:
3d5a76f0 4036 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 4037 break;
7c307720 4038 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 4039 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 4040 break;
7c307720 4041 case DISCOV_TYPE_BREDR:
11e6e25d 4042 timeout = 0;
7c307720 4043 break;
7c307720
AG		 4044 default:
4045 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 4046 timeout = 0;
4047 break;
7c307720 4048 }
ae55f598 4049
2d28cfe7
JP		 4050 if (timeout) {
4051 /* When service discovery is used and the controller has
4052 * a strict duplicate filter, it is important to remember
4053 * the start and duration of the scan. This is required
4054 * for restarting scanning during the discovery phase.
4055 */
4056 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4057 &hdev->quirks) &&
82f8b651 4058 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4059 hdev->discovery.scan_start = jiffies;
4060 hdev->discovery.scan_duration = timeout;
4061 }
4062
11e6e25d
MH		 4063 queue_delayed_work(hdev->workqueue,
4064 &hdev->le_scan_disable, timeout);
2d28cfe7 4065 }
ae55f598 4066
11e6e25d
MH		 4067unlock:
4068 hci_dev_unlock(hdev);
7c307720
AG		 4069}
4070
bdb6d971 4071static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4072 void *data, u16 len)
14a53664 4073{
650f726d 4074 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4075 struct mgmt_pending_cmd *cmd;
7c307720 4076 struct hci_request req;
8019044d 4077 u8 status;
14a53664
JH		 4078 int err;
4079
bdb6d971 4080 BT_DBG("%s", hdev->name);
14a53664 4081
09fd0de5 4082 hci_dev_lock(hdev);
14a53664 4083
4b34ee78 4084 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4085 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4086 MGMT_STATUS_NOT_POWERED,
4087 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4088 goto failed;
4089 }
4090
f5a969f2 4091 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4092 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4093 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4094 MGMT_STATUS_BUSY, &cp->type,
4095 sizeof(cp->type));
642be6c7
AG		 4096 goto failed;
4097 }
4098
2922a94f 4099 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4100 if (!cmd) {
4101 err = -ENOMEM;
4102 goto failed;
4103 }
4104
2922a94f
JH		 4105 cmd->cmd_complete = generic_cmd_complete;
4106
22078800
MH		 4107 /* Clear the discovery filter first to free any previously
4108 * allocated memory for the UUID list.
4109 */
4110 hci_discovery_filter_clear(hdev);
4111
4aab14e5 4112 hdev->discovery.type = cp->type;
da25cf6a 4113 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4114
7c307720
AG		 4115 hci_req_init(&req, hdev);
4116
8019044d 4117 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4118 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4119 status, &cp->type, sizeof(cp->type));
04106755
JH		 4120 mgmt_pending_remove(cmd);
4121 goto failed;
f39799f5 4122 }
04106755 4123
7c307720 4124 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4125 if (err < 0) {
14a53664 4126 mgmt_pending_remove(cmd);
f5a969f2
MH		 4127 goto failed;
4128 }
7c307720 4129
f5a969f2 4130 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4131
14a53664 4132failed:
09fd0de5 4133 hci_dev_unlock(hdev);
14a53664
JH		 4134 return err;
4135}
f39799f5 4136
3b0602cd
JH		 4137static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4138 u8 status)
2922a94f 4139{
2a1afb5a
JH		 4140 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4141 cmd->param, 1);
2922a94f 4142}
04106755 4143
66ea9427
JP		 4144static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4145 void *data, u16 len)
4146{
4147 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4148 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4149 struct hci_request req;
4150 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4151 u16 uuid_count, expected_len;
4152 u8 status;
4153 int err;
04106755 4154
66ea9427 4155 BT_DBG("%s", hdev->name);
e8bb6b97 4156
66ea9427 4157 hci_dev_lock(hdev);
7c307720 4158
66ea9427 4159 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4160 err = mgmt_cmd_complete(sk, hdev->id,
4161 MGMT_OP_START_SERVICE_DISCOVERY,
4162 MGMT_STATUS_NOT_POWERED,
4163 &cp->type, sizeof(cp->type));
66ea9427
JP		 4164 goto failed;
4165 }
7c307720 4166
66ea9427 4167 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4168 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4169 err = mgmt_cmd_complete(sk, hdev->id,
4170 MGMT_OP_START_SERVICE_DISCOVERY,
4171 MGMT_STATUS_BUSY, &cp->type,
4172 sizeof(cp->type));
66ea9427
JP		 4173 goto failed;
4174 }
d9483943 4175
66ea9427
JP		 4176 uuid_count = __le16_to_cpu(cp->uuid_count);
4177 if (uuid_count > max_uuid_count) {
4178 BT_ERR("service_discovery: too big uuid_count value %u",
4179 uuid_count);
2a1afb5a
JH		 4180 err = mgmt_cmd_complete(sk, hdev->id,
4181 MGMT_OP_START_SERVICE_DISCOVERY,
4182 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4183 sizeof(cp->type));
66ea9427
JP		 4184 goto failed;
4185 }
4186
4187 expected_len = sizeof(*cp) + uuid_count * 16;
4188 if (expected_len != len) {
4189 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4190 expected_len, len);
2a1afb5a
JH		 4191 err = mgmt_cmd_complete(sk, hdev->id,
4192 MGMT_OP_START_SERVICE_DISCOVERY,
4193 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4194 sizeof(cp->type));
66ea9427
JP		 4195 goto failed;
4196 }
4197
4198 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4199 hdev, data, len);
66ea9427
JP		 4200 if (!cmd) {
4201 err = -ENOMEM;
4202 goto failed;
4203 }
4204
2922a94f
JH		 4205 cmd->cmd_complete = service_discovery_cmd_complete;
4206
22078800
MH		 4207 /* Clear the discovery filter first to free any previously
4208 * allocated memory for the UUID list.
4209 */
4210 hci_discovery_filter_clear(hdev);
4211
82f8b651 4212 hdev->discovery.result_filtering = true;
66ea9427
JP		 4213 hdev->discovery.type = cp->type;
4214 hdev->discovery.rssi = cp->rssi;
4215 hdev->discovery.uuid_count = uuid_count;
4216
4217 if (uuid_count > 0) {
4218 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4219 GFP_KERNEL);
4220 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4221 err = mgmt_cmd_complete(sk, hdev->id,
4222 MGMT_OP_START_SERVICE_DISCOVERY,
4223 MGMT_STATUS_FAILED,
4224 &cp->type, sizeof(cp->type));
d9483943
JH		 4225 mgmt_pending_remove(cmd);
4226 goto failed;
4227 }
66ea9427 4228 }
d9483943 4229
66ea9427 4230 hci_req_init(&req, hdev);
5e0452c0 4231
66ea9427 4232 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4233 err = mgmt_cmd_complete(sk, hdev->id,
4234 MGMT_OP_START_SERVICE_DISCOVERY,
4235 status, &cp->type, sizeof(cp->type));
04106755
JH		 4236 mgmt_pending_remove(cmd);
4237 goto failed;
f39799f5 4238 }
3fd24153 4239
7c307720 4240 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4241 if (err < 0) {
14a53664 4242 mgmt_pending_remove(cmd);
66ea9427
JP		 4243 goto failed;
4244 }
4245
4246 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4247
4248failed:
09fd0de5 4249 hci_dev_unlock(hdev);
14a53664
JH		 4250 return err;
4251}
4252
1904a853 4253static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4254{
3b0602cd 4255 struct mgmt_pending_cmd *cmd;
1183fdca 4256
0e05bba6
AG		 4257 BT_DBG("status %d", status);
4258
4259 hci_dev_lock(hdev);
4260
11e6e25d
MH		 4261 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4262 if (cmd) {
2922a94f 4263 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4264 mgmt_pending_remove(cmd);
0e05bba6
AG		 4265 }
4266
11e6e25d
MH		 4267 if (!status)
4268 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4269
0e05bba6
AG		 4270 hci_dev_unlock(hdev);
4271}
4272
bdb6d971 4273static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4274 u16 len)
14a53664 4275{
d930650b 4276 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4277 struct mgmt_pending_cmd *cmd;
0e05bba6 4278 struct hci_request req;
14a53664
JH		 4279 int err;
4280
bdb6d971 4281 BT_DBG("%s", hdev->name);
14a53664 4282
09fd0de5 4283 hci_dev_lock(hdev);
14a53664 4284
30dc78e1 4285 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4286 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4287 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4288 sizeof(mgmt_cp->type));
d930650b
JH		 4289 goto unlock;
4290 }
4291
4292 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4293 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4294 MGMT_STATUS_INVALID_PARAMS,
4295 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4296 goto unlock;
ff9ef578
JH		 4297 }
4298
2922a94f 4299 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4300 if (!cmd) {
4301 err = -ENOMEM;
30dc78e1
JH		 4302 goto unlock;
4303 }
4304
2922a94f
JH		 4305 cmd->cmd_complete = generic_cmd_complete;
4306
0e05bba6
AG		 4307 hci_req_init(&req, hdev);
4308
21a60d30 4309 hci_stop_discovery(&req);
e0d9727e 4310
21a60d30
JH		 4311 err = hci_req_run(&req, stop_discovery_complete);
4312 if (!err) {
4313 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4314 goto unlock;
14a53664
JH		 4315 }
4316
21a60d30
JH		 4317 mgmt_pending_remove(cmd);
4318
4319 /* If no HCI commands were sent we're done */
4320 if (err == -ENODATA) {
2a1afb5a
JH		 4321 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4322 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4323 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4324 }
14a53664 4325
30dc78e1 4326unlock:
09fd0de5 4327 hci_dev_unlock(hdev);
14a53664
JH		 4328 return err;
4329}
4330
bdb6d971 4331static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4332 u16 len)
561aafbc 4333{
650f726d 4334 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4335 struct inquiry_entry *e;
561aafbc
JH		 4336 int err;
4337
bdb6d971 4338 BT_DBG("%s", hdev->name);
561aafbc 4339
561aafbc
JH		 4340 hci_dev_lock(hdev);
4341
30dc78e1 4342 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4343 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4344 MGMT_STATUS_FAILED, &cp->addr,
4345 sizeof(cp->addr));
30dc78e1
JH		 4346 goto failed;
4347 }
4348
a198e7b1 4349 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4350 if (!e) {
2a1afb5a
JH		 4351 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4352 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4353 sizeof(cp->addr));
561aafbc
JH		 4354 goto failed;
4355 }
4356
4357 if (cp->name_known) {
4358 e->name_state = NAME_KNOWN;
4359 list_del(&e->list);
4360 } else {
4361 e->name_state = NAME_NEEDED;
a3d4e20a 4362 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4363 }
4364
2a1afb5a
JH		 4365 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4366 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4367
4368failed:
4369 hci_dev_unlock(hdev);
561aafbc
JH		 4370 return err;
4371}
4372
bdb6d971 4373static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4374 u16 len)
7fbec224 4375{
650f726d 4376 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4377 u8 status;
7fbec224
AJ		 4378 int err;
4379
bdb6d971 4380 BT_DBG("%s", hdev->name);
7fbec224 4381
4ee71b20 4382 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4383 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4384 MGMT_STATUS_INVALID_PARAMS,
4385 &cp->addr, sizeof(cp->addr));
4ee71b20 4386
09fd0de5 4387 hci_dev_lock(hdev);
5e762444 4388
dcc36c16
JH		 4389 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4390 cp->addr.type);
2a8357f2 4391 if (err < 0) {
f0eeea8b 4392 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4393 goto done;
4394 }
4395
4396 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4397 sk);
4398 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4399
2a8357f2 4400done:
2a1afb5a
JH		 4401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4402 &cp->addr, sizeof(cp->addr));
5e762444 4403
09fd0de5 4404 hci_dev_unlock(hdev);
7fbec224
AJ		 4405
4406 return err;
4407}
4408
bdb6d971 4409static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4410 u16 len)
7fbec224 4411{
650f726d 4412 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4413 u8 status;
7fbec224
AJ		 4414 int err;
4415
bdb6d971 4416 BT_DBG("%s", hdev->name);
7fbec224 4417
4ee71b20 4418 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4419 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4420 MGMT_STATUS_INVALID_PARAMS,
4421 &cp->addr, sizeof(cp->addr));
4ee71b20 4422
09fd0de5 4423 hci_dev_lock(hdev);
5e762444 4424
dcc36c16
JH		 4425 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4426 cp->addr.type);
2a8357f2 4427 if (err < 0) {
f0eeea8b 4428 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4429 goto done;
4430 }
4431
4432 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4433 sk);
4434 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4435
2a8357f2 4436done:
2a1afb5a
JH		 4437 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4438 &cp->addr, sizeof(cp->addr));
5e762444 4439
09fd0de5 4440 hci_dev_unlock(hdev);
7fbec224
AJ		 4441
4442 return err;
4443}
4444
cdbaccca
MH		 4445static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4446 u16 len)
4447{
4448 struct mgmt_cp_set_device_id *cp = data;
890ea898 4449 struct hci_request req;
cdbaccca 4450 int err;
c72d4b8a 4451 __u16 source;
cdbaccca
MH		 4452
4453 BT_DBG("%s", hdev->name);
4454
c72d4b8a
SJ		 4455 source = __le16_to_cpu(cp->source);
4456
4457 if (source > 0x0002)
a69e8375
JH		 4458 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4459 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4460
cdbaccca
MH		 4461 hci_dev_lock(hdev);
4462
c72d4b8a 4463 hdev->devid_source = source;
cdbaccca
MH		 4464 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4465 hdev->devid_product = __le16_to_cpu(cp->product);
4466 hdev->devid_version = __le16_to_cpu(cp->version);
4467
2a1afb5a
JH		 4468 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4469 NULL, 0);
cdbaccca 4470
890ea898
JH		 4471 hci_req_init(&req, hdev);
4472 update_eir(&req);
4473 hci_req_run(&req, NULL);
cdbaccca
MH		 4474
4475 hci_dev_unlock(hdev);
4476
4477 return err;
4478}
4479
1904a853
MH		 4480static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4481 u16 opcode)
4375f103
JH		 4482{
4483 struct cmd_lookup match = { NULL, hdev };
4484
3ad67582
JK		 4485 hci_dev_lock(hdev);
4486
4375f103
JH		 4487 if (status) {
4488 u8 mgmt_err = mgmt_status(status);
4489
4490 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4491 cmd_status_rsp, &mgmt_err);
3ad67582 4492 goto unlock;
4375f103
JH		 4493 }
4494
d7a5a11d 4495 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4496 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4497 else
a358dc11 4498 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4499
4375f103
JH		 4500 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4501 &match);
4502
4503 new_settings(hdev, match.sk);
4504
4505 if (match.sk)
4506 sock_put(match.sk);
3ad67582
JK		 4507
4508unlock:
4509 hci_dev_unlock(hdev);
4375f103
JH		 4510}
4511
21b5187f
MH		 4512static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4513 u16 len)
4375f103
JH		 4514{
4515 struct mgmt_mode *cp = data;
3b0602cd 4516 struct mgmt_pending_cmd *cmd;
4375f103 4517 struct hci_request req;
cc91cb04 4518 u8 val, status;
4375f103
JH		 4519 int err;
4520
4521 BT_DBG("request for %s", hdev->name);
4522
e6fe7986
JH		 4523 status = mgmt_le_support(hdev);
4524 if (status)
a69e8375
JH		 4525 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4526 status);
4375f103 4527
cc91cb04 4528 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4529 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4530 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4531
4532 hci_dev_lock(hdev);
4533
4534 val = !!cp->val;
4375f103 4535
f74ca9b8
JH		 4536 /* The following conditions are ones which mean that we should
4537 * not do any HCI communication but directly send a mgmt
4538 * response to user space (after toggling the flag if
4539 * necessary).
4540 */
cc91cb04 4541 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4542 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4543 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4544 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4545 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4546 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4547 bool changed;
4375f103 4548
cc91cb04 4549 if (cp->val) {
238be788 4550 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4551 if (cp->val == 0x02)
a1536da2 4552 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4553 else
a358dc11 4554 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4555 } else {
a69d8927 4556 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4557 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4558 }
4559
4560 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4561 if (err < 0)
4562 goto unlock;
4563
4564 if (changed)
4565 err = new_settings(hdev, sk);
4566
4567 goto unlock;
4568 }
4569
4570 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4571 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4572 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4573 MGMT_STATUS_BUSY);
4375f103
JH		 4574 goto unlock;
4575 }
4576
4577 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4578 if (!cmd) {
4579 err = -ENOMEM;
4580 goto unlock;
4581 }
4582
4583 hci_req_init(&req, hdev);
4584
cc91cb04 4585 if (cp->val == 0x02)
a1536da2 4586 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4587 else
a358dc11 4588 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4589
bba3aa55
MH		 4590 if (val)
4591 enable_advertising(&req);
4592 else
4593 disable_advertising(&req);
4375f103
JH		 4594
4595 err = hci_req_run(&req, set_advertising_complete);
4596 if (err < 0)
4597 mgmt_pending_remove(cmd);
4598
4599unlock:
4600 hci_dev_unlock(hdev);
4601 return err;
4602}
4603
d13eafce
MH		 4604static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4605 void *data, u16 len)
4606{
4607 struct mgmt_cp_set_static_address *cp = data;
4608 int err;
4609
4610 BT_DBG("%s", hdev->name);
4611
62af4443 4612 if (!lmp_le_capable(hdev))
a69e8375
JH		 4613 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4614 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4615
4616 if (hdev_is_powered(hdev))
a69e8375
JH		 4617 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4618 MGMT_STATUS_REJECTED);
d13eafce
MH		 4619
4620 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4621 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4622 return mgmt_cmd_status(sk, hdev->id,
4623 MGMT_OP_SET_STATIC_ADDRESS,
4624 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4625
4626 /* Two most significant bits shall be set */
4627 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4628 return mgmt_cmd_status(sk, hdev->id,
4629 MGMT_OP_SET_STATIC_ADDRESS,
4630 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4631 }
4632
4633 hci_dev_lock(hdev);
4634
4635 bacpy(&hdev->static_addr, &cp->bdaddr);
4636
93690c22
MH		 4637 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4638 if (err < 0)
4639 goto unlock;
4640
4641 err = new_settings(hdev, sk);
d13eafce 4642
93690c22 4643unlock:
d13eafce 4644 hci_dev_unlock(hdev);
d13eafce
MH		 4645 return err;
4646}
4647
14b49b9a
MH		 4648static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4649 void *data, u16 len)
4650{
4651 struct mgmt_cp_set_scan_params *cp = data;
4652 __u16 interval, window;
4653 int err;
4654
4655 BT_DBG("%s", hdev->name);
4656
4657 if (!lmp_le_capable(hdev))
a69e8375
JH		 4658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4659 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4660
4661 interval = __le16_to_cpu(cp->interval);
4662
4663 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4664 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4665 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4666
4667 window = __le16_to_cpu(cp->window);
4668
4669 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4670 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4671 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4672
899e1075 4673 if (window > interval)
a69e8375
JH		 4674 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4675 MGMT_STATUS_INVALID_PARAMS);
899e1075 4676
14b49b9a
MH		 4677 hci_dev_lock(hdev);
4678
4679 hdev->le_scan_interval = interval;
4680 hdev->le_scan_window = window;
4681
2a1afb5a
JH		 4682 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4683 NULL, 0);
14b49b9a 4684
dd2ef8e2
AG		 4685 /* If background scan is running, restart it so new parameters are
4686 * loaded.
4687 */
d7a5a11d 4688 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4689 hdev->discovery.state == DISCOVERY_STOPPED) {
4690 struct hci_request req;
4691
4692 hci_req_init(&req, hdev);
4693
4694 hci_req_add_le_scan_disable(&req);
4695 hci_req_add_le_passive_scan(&req);
4696
4697 hci_req_run(&req, NULL);
4698 }
4699
14b49b9a
MH		 4700 hci_dev_unlock(hdev);
4701
4702 return err;
4703}
4704
1904a853
MH		 4705static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4706 u16 opcode)
33e38b3e 4707{
3b0602cd 4708 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4709
4710 BT_DBG("status 0x%02x", status);
4711
4712 hci_dev_lock(hdev);
4713
4714 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4715 if (!cmd)
4716 goto unlock;
4717
4718 if (status) {
a69e8375
JH		 4719 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4720 mgmt_status(status));
33e38b3e 4721 } else {
1a4d3c4b
JH		 4722 struct mgmt_mode *cp = cmd->param;
4723
4724 if (cp->val)
a1536da2 4725 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4726 else
a358dc11 4727 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4728
33e38b3e
JH		 4729 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4730 new_settings(hdev, cmd->sk);
4731 }
4732
4733 mgmt_pending_remove(cmd);
4734
4735unlock:
4736 hci_dev_unlock(hdev);
4737}
4738
bdb6d971 4739static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4740 void *data, u16 len)
f6422ec6 4741{
650f726d 4742 struct mgmt_mode *cp = data;
3b0602cd 4743 struct mgmt_pending_cmd *cmd;
33e38b3e 4744 struct hci_request req;
f6422ec6
AJ		 4745 int err;
4746
bdb6d971 4747 BT_DBG("%s", hdev->name);
f6422ec6 4748
d7a5a11d 4749 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4750 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4751 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4752 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4753
a7e80f25 4754 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4755 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4756 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4757
f6422ec6
AJ		 4758 hci_dev_lock(hdev);
4759
05cbf29f 4760 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4761 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4762 MGMT_STATUS_BUSY);
05cbf29f
JH		 4763 goto unlock;
4764 }
4765
d7a5a11d 4766 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4767 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4768 hdev);
4769 goto unlock;
4770 }
4771
406ef2a6 4772 if (!hdev_is_powered(hdev)) {
ce05d603 4773 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4774 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4775 hdev);
4776 new_settings(hdev, sk);
4777 goto unlock;
4778 }
4779
33e38b3e
JH		 4780 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4781 data, len);
4782 if (!cmd) {
4783 err = -ENOMEM;
4784 goto unlock;
f6422ec6
AJ		 4785 }
4786
33e38b3e
JH		 4787 hci_req_init(&req, hdev);
4788
406d7804 4789 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4790
4791 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4792 if (err < 0) {
a69e8375
JH		 4793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4794 MGMT_STATUS_FAILED);
33e38b3e 4795 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4796 }
4797
33e38b3e 4798unlock:
f6422ec6 4799 hci_dev_unlock(hdev);
33e38b3e 4800
f6422ec6
AJ		 4801 return err;
4802}
4803
1904a853 4804static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4805{
3b0602cd 4806 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4807
4808 BT_DBG("status 0x%02x", status);
4809
4810 hci_dev_lock(hdev);
4811
4812 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4813 if (!cmd)
4814 goto unlock;
4815
4816 if (status) {
4817 u8 mgmt_err = mgmt_status(status);
4818
4819 /* We need to restore the flag if related HCI commands
4820 * failed.
4821 */
a358dc11 4822 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4823
a69e8375 4824 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4825 } else {
4826 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4827 new_settings(hdev, cmd->sk);
4828 }
4829
4830 mgmt_pending_remove(cmd);
4831
4832unlock:
4833 hci_dev_unlock(hdev);
4834}
4835
4836static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4837{
4838 struct mgmt_mode *cp = data;
3b0602cd 4839 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4840 struct hci_request req;
4841 int err;
4842
4843 BT_DBG("request for %s", hdev->name);
4844
4845 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4847 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4848
d7a5a11d 4849 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4850 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4851 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4852
4853 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4854 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4855 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4856
4857 hci_dev_lock(hdev);
4858
d7a5a11d 4859 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4860 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4861 goto unlock;
4862 }
4863
4864 if (!hdev_is_powered(hdev)) {
4865 if (!cp->val) {
a358dc11
MH		 4866 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4867 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4868 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4869 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4870 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4871 }
4872
ce05d603 4873 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4874
4875 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4876 if (err < 0)
4877 goto unlock;
4878
4879 err = new_settings(hdev, sk);
4880 goto unlock;
4881 }
4882
4883 /* Reject disabling when powered on */
4884 if (!cp->val) {
a69e8375
JH		 4885 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4886 MGMT_STATUS_REJECTED);
0663ca2a 4887 goto unlock;
111e4bcc
MH		 4888 } else {
4889 /* When configuring a dual-mode controller to operate
4890 * with LE only and using a static address, then switching
4891 * BR/EDR back on is not allowed.
4892 *
4893 * Dual-mode controllers shall operate with the public
4894 * address as its identity address for BR/EDR and LE. So
4895 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4896 *
4897 * The same restrictions applies when secure connections
4898 * has been enabled. For BR/EDR this is a controller feature
4899 * while for LE it is a host stack feature. This means that
4900 * switching BR/EDR back on when secure connections has been
4901 * enabled is not a supported transaction.
111e4bcc 4902 */
d7a5a11d 4903 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4904 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4905 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4906 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4907 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4908 goto unlock;
4909 }
0663ca2a
JH		 4910 }
4911
4912 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4913 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4914 MGMT_STATUS_BUSY);
0663ca2a
JH		 4915 goto unlock;
4916 }
4917
4918 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4919 if (!cmd) {
4920 err = -ENOMEM;
4921 goto unlock;
4922 }
4923
5947f4bc 4924 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4925 * generates the correct flags.
4926 */
a1536da2 4927 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4928
4929 hci_req_init(&req, hdev);
aa8af46e 4930
432df05e 4931 write_fast_connectable(&req, false);
1d2dc5b7 4932 __hci_update_page_scan(&req);
aa8af46e 4933
f14d8f64
MH		 4934 /* Since only the advertising data flags will change, there
4935 * is no need to update the scan response data.
4936 */
5947f4bc 4937 update_adv_data(&req);
aa8af46e 4938
0663ca2a
JH		 4939 err = hci_req_run(&req, set_bredr_complete);
4940 if (err < 0)
4941 mgmt_pending_remove(cmd);
4942
4943unlock:
4944 hci_dev_unlock(hdev);
4945 return err;
4946}
4947
a1443f5a
JH		 4948static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4949{
3b0602cd 4950 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4951 struct mgmt_mode *cp;
4952
4953 BT_DBG("%s status %u", hdev->name, status);
4954
4955 hci_dev_lock(hdev);
4956
4957 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4958 if (!cmd)
4959 goto unlock;
4960
4961 if (status) {
a69e8375
JH		 4962 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4963 mgmt_status(status));
a1443f5a
JH		 4964 goto remove;
4965 }
4966
4967 cp = cmd->param;
4968
4969 switch (cp->val) {
4970 case 0x00:
a358dc11
MH		 4971 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4972 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4973 break;
4974 case 0x01:
a1536da2 4975 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4976 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4977 break;
4978 case 0x02:
a1536da2
MH		 4979 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4980 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4981 break;
4982 }
4983
4984 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4985 new_settings(hdev, cmd->sk);
4986
4987remove:
4988 mgmt_pending_remove(cmd);
4989unlock:
4990 hci_dev_unlock(hdev);
4991}
4992
eac83dc6
MH		 4993static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4994 void *data, u16 len)
4995{
4996 struct mgmt_mode *cp = data;
3b0602cd 4997 struct mgmt_pending_cmd *cmd;
a1443f5a 4998 struct hci_request req;
a3209694 4999 u8 val;
eac83dc6
MH		 5000 int err;
5001
5002 BT_DBG("request for %s", hdev->name);
5003
05b3c3e7 5004 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5005 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5006 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5007 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5008
d7a5a11d 5009 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5010 lmp_sc_capable(hdev) &&
d7a5a11d 5011 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5012 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5013 MGMT_STATUS_REJECTED);
ed93ec69 5014
0ab04a9c 5015 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5016 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5017 MGMT_STATUS_INVALID_PARAMS);
5018
5019 hci_dev_lock(hdev);
5020
05b3c3e7 5021 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5022 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5023 bool changed;
5024
0ab04a9c 5025 if (cp->val) {
238be788
MH		 5026 changed = !hci_dev_test_and_set_flag(hdev,
5027 HCI_SC_ENABLED);
0ab04a9c 5028 if (cp->val == 0x02)
a1536da2 5029 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5030 else
a358dc11 5031 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5032 } else {
a69d8927
MH		 5033 changed = hci_dev_test_and_clear_flag(hdev,
5034 HCI_SC_ENABLED);
a358dc11 5035 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5036 }
eac83dc6
MH		 5037
5038 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5039 if (err < 0)
5040 goto failed;
5041
5042 if (changed)
5043 err = new_settings(hdev, sk);
5044
5045 goto failed;
5046 }
5047
5048 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5049 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5050 MGMT_STATUS_BUSY);
eac83dc6
MH		 5051 goto failed;
5052 }
5053
0ab04a9c
MH		 5054 val = !!cp->val;
5055
d7a5a11d
MH		 5056 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5057 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5058 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5059 goto failed;
5060 }
5061
5062 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5063 if (!cmd) {
5064 err = -ENOMEM;
5065 goto failed;
5066 }
5067
a1443f5a
JH		 5068 hci_req_init(&req, hdev);
5069 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5070 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5071 if (err < 0) {
5072 mgmt_pending_remove(cmd);
5073 goto failed;
5074 }
5075
5076failed:
5077 hci_dev_unlock(hdev);
5078 return err;
5079}
5080
4e39ac81
MH		 5081static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5082 void *data, u16 len)
5083{
5084 struct mgmt_mode *cp = data;
b9710979 5085 bool changed, use_changed;
4e39ac81
MH		 5086 int err;
5087
5088 BT_DBG("request for %s", hdev->name);
5089
b9710979 5090 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5091 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5092 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5093
5094 hci_dev_lock(hdev);
5095
5096 if (cp->val)
238be788 5097 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5098 else
a69d8927
MH		 5099 changed = hci_dev_test_and_clear_flag(hdev,
5100 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5101
b9710979 5102 if (cp->val == 0x02)
238be788
MH		 5103 use_changed = !hci_dev_test_and_set_flag(hdev,
5104 HCI_USE_DEBUG_KEYS);
b9710979 5105 else
a69d8927
MH		 5106 use_changed = hci_dev_test_and_clear_flag(hdev,
5107 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5108
5109 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5110 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5111 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5112 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5113 sizeof(mode), &mode);
5114 }
5115
4e39ac81
MH		 5116 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5117 if (err < 0)
5118 goto unlock;
5119
5120 if (changed)
5121 err = new_settings(hdev, sk);
5122
5123unlock:
5124 hci_dev_unlock(hdev);
5125 return err;
5126}
5127
62b04cd1
JH		 5128static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5129 u16 len)
5130{
5131 struct mgmt_cp_set_privacy *cp = cp_data;
5132 bool changed;
5133 int err;
5134
5135 BT_DBG("request for %s", hdev->name);
5136
5137 if (!lmp_le_capable(hdev))
a69e8375
JH		 5138 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5139 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5140
5141 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5142 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5143 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5144
5145 if (hdev_is_powered(hdev))
a69e8375
JH		 5146 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5147 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5148
5149 hci_dev_lock(hdev);
5150
c21c0ea0
JH		 5151 /* If user space supports this command it is also expected to
5152 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5153 */
a1536da2 5154 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5155
62b04cd1 5156 if (cp->privacy) {
238be788 5157 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5158 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5159 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5160 } else {
a69d8927 5161 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5162 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5163 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5164 }
5165
5166 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5167 if (err < 0)
5168 goto unlock;
5169
5170 if (changed)
5171 err = new_settings(hdev, sk);
5172
5173unlock:
5174 hci_dev_unlock(hdev);
5175 return err;
5176}
5177
41edf160
JH		 5178static bool irk_is_valid(struct mgmt_irk_info *irk)
5179{
5180 switch (irk->addr.type) {
5181 case BDADDR_LE_PUBLIC:
5182 return true;
5183
5184 case BDADDR_LE_RANDOM:
5185 /* Two most significant bits shall be set */
5186 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5187 return false;
5188 return true;
5189 }
5190
5191 return false;
5192}
5193
5194static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5195 u16 len)
5196{
5197 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5198 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5199 sizeof(struct mgmt_irk_info));
41edf160
JH		 5200 u16 irk_count, expected_len;
5201 int i, err;
5202
5203 BT_DBG("request for %s", hdev->name);
5204
5205 if (!lmp_le_capable(hdev))
a69e8375
JH		 5206 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5207 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5208
5209 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5210 if (irk_count > max_irk_count) {
5211 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5213 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5214 }
41edf160
JH		 5215
5216 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5217 if (expected_len != len) {
5218 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5219 expected_len, len);
a69e8375
JH		 5220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5221 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5222 }
5223
5224 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5225
5226 for (i = 0; i < irk_count; i++) {
5227 struct mgmt_irk_info *key = &cp->irks[i];
5228
5229 if (!irk_is_valid(key))
a69e8375
JH		 5230 return mgmt_cmd_status(sk, hdev->id,
5231 MGMT_OP_LOAD_IRKS,
5232 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5233 }
5234
5235 hci_dev_lock(hdev);
5236
5237 hci_smp_irks_clear(hdev);
5238
5239 for (i = 0; i < irk_count; i++) {
5240 struct mgmt_irk_info *irk = &cp->irks[i];
5241 u8 addr_type;
5242
5243 if (irk->addr.type == BDADDR_LE_PUBLIC)
5244 addr_type = ADDR_LE_DEV_PUBLIC;
5245 else
5246 addr_type = ADDR_LE_DEV_RANDOM;
5247
5248 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5249 BDADDR_ANY);
5250 }
5251
a1536da2 5252 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5253
2a1afb5a 5254 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5255
5256 hci_dev_unlock(hdev);
5257
5258 return err;
5259}
5260
3f706b72
JH		 5261static bool ltk_is_valid(struct mgmt_ltk_info *key)
5262{
5263 if (key->master != 0x00 && key->master != 0x01)
5264 return false;
490cb0b3
MH		 5265
5266 switch (key->addr.type) {
5267 case BDADDR_LE_PUBLIC:
5268 return true;
5269
5270 case BDADDR_LE_RANDOM:
5271 /* Two most significant bits shall be set */
5272 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5273 return false;
5274 return true;
5275 }
5276
5277 return false;
3f706b72
JH		 5278}
5279
bdb6d971 5280static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5281 void *cp_data, u16 len)
346af67b 5282{
346af67b 5283 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5285 sizeof(struct mgmt_ltk_info));
346af67b 5286 u16 key_count, expected_len;
715a5bf2 5287 int i, err;
346af67b 5288
cf99ba13
MH		 5289 BT_DBG("request for %s", hdev->name);
5290
5291 if (!lmp_le_capable(hdev))
a69e8375
JH		 5292 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5293 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5294
1f350c87 5295 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5296 if (key_count > max_key_count) {
5297 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5298 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5299 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5300 }
346af67b
VCG		 5301
5302 expected_len = sizeof(*cp) + key_count *
5303 sizeof(struct mgmt_ltk_info);
5304 if (expected_len != len) {
5305 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5306 expected_len, len);
a69e8375
JH		 5307 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5308 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5309 }
5310
bdb6d971 5311 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5312
54ad6d8a
JH		 5313 for (i = 0; i < key_count; i++) {
5314 struct mgmt_ltk_info *key = &cp->keys[i];
5315
3f706b72 5316 if (!ltk_is_valid(key))
a69e8375
JH		 5317 return mgmt_cmd_status(sk, hdev->id,
5318 MGMT_OP_LOAD_LONG_TERM_KEYS,
5319 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5320 }
5321
346af67b
VCG		 5322 hci_dev_lock(hdev);
5323
5324 hci_smp_ltks_clear(hdev);
5325
5326 for (i = 0; i < key_count; i++) {
5327 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5328 u8 type, addr_type, authenticated;
79d95a19
MH		 5329
5330 if (key->addr.type == BDADDR_LE_PUBLIC)
5331 addr_type = ADDR_LE_DEV_PUBLIC;
5332 else
5333 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5334
61b43357
JH		 5335 switch (key->type) {
5336 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5337 authenticated = 0x00;
23fb8de3 5338 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5339 break;
5340 case MGMT_LTK_AUTHENTICATED:
d7b25450 5341 authenticated = 0x01;
23fb8de3
JH		 5342 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5343 break;
5344 case MGMT_LTK_P256_UNAUTH:
5345 authenticated = 0x00;
5346 type = SMP_LTK_P256;
61b43357 5347 break;
23fb8de3
JH		 5348 case MGMT_LTK_P256_AUTH:
5349 authenticated = 0x01;
5350 type = SMP_LTK_P256;
61b43357 5351 break;
23fb8de3
JH		 5352 case MGMT_LTK_P256_DEBUG:
5353 authenticated = 0x00;
5354 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5355 default:
5356 continue;
5357 }
d7b25450 5358
35d70271 5359 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5360 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5361 key->rand);
346af67b
VCG		 5362 }
5363
2a1afb5a 5364 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5365 NULL, 0);
5366
346af67b 5367 hci_dev_unlock(hdev);
346af67b 5368
715a5bf2 5369 return err;
346af67b
VCG		 5370}
5371
3b0602cd 5372static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5373{
dd983808 5374 struct hci_conn *conn = cmd->user_data;
9981bdb0 5375 struct mgmt_rp_get_conn_info rp;
9df74653 5376 int err;
dd983808 5377
9981bdb0 5378 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5379
9981bdb0 5380 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5381 rp.rssi = conn->rssi;
9981bdb0
JH		 5382 rp.tx_power = conn->tx_power;
5383 rp.max_tx_power = conn->max_tx_power;
5384 } else {
5385 rp.rssi = HCI_RSSI_INVALID;
5386 rp.tx_power = HCI_TX_POWER_INVALID;
5387 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5388 }
5389
2a1afb5a
JH		 5390 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5391 status, &rp, sizeof(rp));
dd983808
AK		 5392
5393 hci_conn_drop(conn);
f8aaf9b6 5394 hci_conn_put(conn);
9df74653
JH		 5395
5396 return err;
dd983808
AK		 5397}
5398
1904a853
MH		 5399static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5400 u16 opcode)
dd983808
AK		 5401{
5402 struct hci_cp_read_rssi *cp;
3b0602cd 5403 struct mgmt_pending_cmd *cmd;
dd983808 5404 struct hci_conn *conn;
dd983808 5405 u16 handle;
9981bdb0 5406 u8 status;
dd983808 5407
9981bdb0 5408 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5409
5410 hci_dev_lock(hdev);
5411
dd983808
AK		 5412 /* Commands sent in request are either Read RSSI or Read Transmit Power
5413 * Level so we check which one was last sent to retrieve connection
5414 * handle. Both commands have handle as first parameter so it's safe to
5415 * cast data on the same command struct.
5416 *
5417 * First command sent is always Read RSSI and we fail only if it fails.
5418 * In other case we simply override error to indicate success as we
5419 * already remembered if TX power value is actually valid.
5420 */
5421 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5422 if (!cp) {
5423 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5424 status = MGMT_STATUS_SUCCESS;
5425 } else {
5426 status = mgmt_status(hci_status);
dd983808
AK		 5427 }
5428
5429 if (!cp) {
9981bdb0 5430 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5431 goto unlock;
5432 }
5433
5434 handle = __le16_to_cpu(cp->handle);
5435 conn = hci_conn_hash_lookup_handle(hdev, handle);
5436 if (!conn) {
9981bdb0 5437 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5438 goto unlock;
5439 }
5440
9981bdb0
JH		 5441 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5442 if (!cmd)
5443 goto unlock;
dd983808 5444
9981bdb0
JH		 5445 cmd->cmd_complete(cmd, status);
5446 mgmt_pending_remove(cmd);
dd983808
AK		 5447
5448unlock:
5449 hci_dev_unlock(hdev);
5450}
5451
5452static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5453 u16 len)
5454{
5455 struct mgmt_cp_get_conn_info *cp = data;
5456 struct mgmt_rp_get_conn_info rp;
5457 struct hci_conn *conn;
5458 unsigned long conn_info_age;
5459 int err = 0;
5460
5461 BT_DBG("%s", hdev->name);
5462
5463 memset(&rp, 0, sizeof(rp));
5464 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5465 rp.addr.type = cp->addr.type;
5466
5467 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5468 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5469 MGMT_STATUS_INVALID_PARAMS,
5470 &rp, sizeof(rp));
dd983808
AK		 5471
5472 hci_dev_lock(hdev);
5473
5474 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5475 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5476 MGMT_STATUS_NOT_POWERED, &rp,
5477 sizeof(rp));
dd983808
AK		 5478 goto unlock;
5479 }
5480
5481 if (cp->addr.type == BDADDR_BREDR)
5482 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5483 &cp->addr.bdaddr);
5484 else
5485 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5486
5487 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5488 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5489 MGMT_STATUS_NOT_CONNECTED, &rp,
5490 sizeof(rp));
dd983808
AK		 5491 goto unlock;
5492 }
5493
9981bdb0 5494 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5495 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5496 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5497 goto unlock;
5498 }
5499
dd983808
AK		 5500 /* To avoid client trying to guess when to poll again for information we
5501 * calculate conn info age as random value between min/max set in hdev.
5502 */
5503 conn_info_age = hdev->conn_info_min_age +
5504 prandom_u32_max(hdev->conn_info_max_age -
5505 hdev->conn_info_min_age);
5506
5507 /* Query controller to refresh cached values if they are too old or were
5508 * never read.
5509 */
f4e2dd53
AK		 5510 if (time_after(jiffies, conn->conn_info_timestamp +
5511 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5512 !conn->conn_info_timestamp) {
5513 struct hci_request req;
5514 struct hci_cp_read_tx_power req_txp_cp;
5515 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5516 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5517
5518 hci_req_init(&req, hdev);
5519 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5520 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5521 &req_rssi_cp);
5522
f7faab0c
AK		 5523 /* For LE links TX power does not change thus we don't need to
5524 * query for it once value is known.
5525 */
5526 if (!bdaddr_type_is_le(cp->addr.type) ||
5527 conn->tx_power == HCI_TX_POWER_INVALID) {
5528 req_txp_cp.handle = cpu_to_le16(conn->handle);
5529 req_txp_cp.type = 0x00;
5530 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5531 sizeof(req_txp_cp), &req_txp_cp);
5532 }
dd983808 5533
eed5daf3
AK		 5534 /* Max TX power needs to be read only once per connection */
5535 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5536 req_txp_cp.handle = cpu_to_le16(conn->handle);
5537 req_txp_cp.type = 0x01;
5538 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5539 sizeof(req_txp_cp), &req_txp_cp);
5540 }
5541
dd983808
AK		 5542 err = hci_req_run(&req, conn_info_refresh_complete);
5543 if (err < 0)
5544 goto unlock;
5545
5546 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5547 data, len);
5548 if (!cmd) {
5549 err = -ENOMEM;
5550 goto unlock;
5551 }
5552
5553 hci_conn_hold(conn);
f8aaf9b6 5554 cmd->user_data = hci_conn_get(conn);
9981bdb0 5555 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5556
5557 conn->conn_info_timestamp = jiffies;
5558 } else {
5559 /* Cache is valid, just reply with values cached in hci_conn */
5560 rp.rssi = conn->rssi;
5561 rp.tx_power = conn->tx_power;
eed5daf3 5562 rp.max_tx_power = conn->max_tx_power;
dd983808 5563
2a1afb5a
JH		 5564 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5565 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5566 }
5567
5568unlock:
5569 hci_dev_unlock(hdev);
5570 return err;
5571}
5572
3b0602cd 5573static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5574{
69487371 5575 struct hci_conn *conn = cmd->user_data;
95868426 5576 struct mgmt_rp_get_clock_info rp;
69487371 5577 struct hci_dev *hdev;
9df74653 5578 int err;
69487371
JH		 5579
5580 memset(&rp, 0, sizeof(rp));
5581 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5582
5583 if (status)
5584 goto complete;
5585
5586 hdev = hci_dev_get(cmd->index);
5587 if (hdev) {
5588 rp.local_clock = cpu_to_le32(hdev->clock);
5589 hci_dev_put(hdev);
5590 }
5591
5592 if (conn) {
5593 rp.piconet_clock = cpu_to_le32(conn->clock);
5594 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5595 }
5596
5597complete:
2a1afb5a
JH		 5598 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5599 sizeof(rp));
69487371
JH		 5600
5601 if (conn) {
5602 hci_conn_drop(conn);
5603 hci_conn_put(conn);
5604 }
9df74653
JH		 5605
5606 return err;
69487371
JH		 5607}
5608
1904a853 5609static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5610{
95868426 5611 struct hci_cp_read_clock *hci_cp;
3b0602cd 5612 struct mgmt_pending_cmd *cmd;
95868426
JH		 5613 struct hci_conn *conn;
5614
5615 BT_DBG("%s status %u", hdev->name, status);
5616
5617 hci_dev_lock(hdev);
5618
5619 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5620 if (!hci_cp)
5621 goto unlock;
5622
5623 if (hci_cp->which) {
5624 u16 handle = __le16_to_cpu(hci_cp->handle);
5625 conn = hci_conn_hash_lookup_handle(hdev, handle);
5626 } else {
5627 conn = NULL;
5628 }
5629
5630 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5631 if (!cmd)
5632 goto unlock;
5633
69487371 5634 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5635 mgmt_pending_remove(cmd);
95868426
JH		 5636
5637unlock:
5638 hci_dev_unlock(hdev);
5639}
5640
5641static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5642 u16 len)
5643{
5644 struct mgmt_cp_get_clock_info *cp = data;
5645 struct mgmt_rp_get_clock_info rp;
5646 struct hci_cp_read_clock hci_cp;
3b0602cd 5647 struct mgmt_pending_cmd *cmd;
95868426
JH		 5648 struct hci_request req;
5649 struct hci_conn *conn;
5650 int err;
5651
5652 BT_DBG("%s", hdev->name);
5653
5654 memset(&rp, 0, sizeof(rp));
5655 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5656 rp.addr.type = cp->addr.type;
5657
5658 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5659 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5660 MGMT_STATUS_INVALID_PARAMS,
5661 &rp, sizeof(rp));
95868426
JH		 5662
5663 hci_dev_lock(hdev);
5664
5665 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5666 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5667 MGMT_STATUS_NOT_POWERED, &rp,
5668 sizeof(rp));
95868426
JH		 5669 goto unlock;
5670 }
5671
5672 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5673 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5674 &cp->addr.bdaddr);
5675 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5676 err = mgmt_cmd_complete(sk, hdev->id,
5677 MGMT_OP_GET_CLOCK_INFO,
5678 MGMT_STATUS_NOT_CONNECTED,
5679 &rp, sizeof(rp));
95868426
JH		 5680 goto unlock;
5681 }
5682 } else {
5683 conn = NULL;
5684 }
5685
5686 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5687 if (!cmd) {
5688 err = -ENOMEM;
5689 goto unlock;
5690 }
5691
69487371
JH		 5692 cmd->cmd_complete = clock_info_cmd_complete;
5693
95868426
JH		 5694 hci_req_init(&req, hdev);
5695
5696 memset(&hci_cp, 0, sizeof(hci_cp));
5697 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5698
5699 if (conn) {
5700 hci_conn_hold(conn);
f8aaf9b6 5701 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5702
5703 hci_cp.handle = cpu_to_le16(conn->handle);
5704 hci_cp.which = 0x01; /* Piconet clock */
5705 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5706 }
5707
5708 err = hci_req_run(&req, get_clock_info_complete);
5709 if (err < 0)
5710 mgmt_pending_remove(cmd);
5711
5712unlock:
5713 hci_dev_unlock(hdev);
5714 return err;
5715}
5716
5a154e6f
JH		 5717static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5718{
5719 struct hci_conn *conn;
5720
5721 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5722 if (!conn)
5723 return false;
5724
5725 if (conn->dst_type != type)
5726 return false;
5727
5728 if (conn->state != BT_CONNECTED)
5729 return false;
5730
5731 return true;
5732}
5733
5734/* This function requires the caller holds hdev->lock */
5735static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5736 u8 addr_type, u8 auto_connect)
5737{
5738 struct hci_dev *hdev = req->hdev;
5739 struct hci_conn_params *params;
5740
5741 params = hci_conn_params_add(hdev, addr, addr_type);
5742 if (!params)
5743 return -EIO;
5744
5745 if (params->auto_connect == auto_connect)
5746 return 0;
5747
5748 list_del_init(&params->action);
5749
5750 switch (auto_connect) {
5751 case HCI_AUTO_CONN_DISABLED:
5752 case HCI_AUTO_CONN_LINK_LOSS:
5753 __hci_update_background_scan(req);
5754 break;
5755 case HCI_AUTO_CONN_REPORT:
5756 list_add(&params->action, &hdev->pend_le_reports);
5757 __hci_update_background_scan(req);
5758 break;
5759 case HCI_AUTO_CONN_DIRECT:
5760 case HCI_AUTO_CONN_ALWAYS:
5761 if (!is_connected(hdev, addr, addr_type)) {
5762 list_add(&params->action, &hdev->pend_le_conns);
5763 __hci_update_background_scan(req);
5764 }
5765 break;
5766 }
5767
5768 params->auto_connect = auto_connect;
5769
5770 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5771 auto_connect);
5772
5773 return 0;
5774}
5775
8afef092
MH		 5776static void device_added(struct sock *sk, struct hci_dev *hdev,
5777 bdaddr_t *bdaddr, u8 type, u8 action)
5778{
5779 struct mgmt_ev_device_added ev;
5780
5781 bacpy(&ev.addr.bdaddr, bdaddr);
5782 ev.addr.type = type;
5783 ev.action = action;
5784
5785 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5786}
5787
1904a853 5788static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5789{
3b0602cd 5790 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5791
5792 BT_DBG("status 0x%02x", status);
5793
5794 hci_dev_lock(hdev);
5795
5796 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5797 if (!cmd)
5798 goto unlock;
5799
5800 cmd->cmd_complete(cmd, mgmt_status(status));
5801 mgmt_pending_remove(cmd);
5802
5803unlock:
5804 hci_dev_unlock(hdev);
5805}
5806
2faade53
MH		 5807static int add_device(struct sock *sk, struct hci_dev *hdev,
5808 void *data, u16 len)
5809{
5810 struct mgmt_cp_add_device *cp = data;
3b0602cd 5811 struct mgmt_pending_cmd *cmd;
5a154e6f 5812 struct hci_request req;
2faade53
MH		 5813 u8 auto_conn, addr_type;
5814 int err;
5815
5816 BT_DBG("%s", hdev->name);
5817
6659358e 5818 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5819 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5820 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5821 MGMT_STATUS_INVALID_PARAMS,
5822 &cp->addr, sizeof(cp->addr));
2faade53 5823
4b9e7e75 5824 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5825 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5826 MGMT_STATUS_INVALID_PARAMS,
5827 &cp->addr, sizeof(cp->addr));
2faade53 5828
5a154e6f
JH		 5829 hci_req_init(&req, hdev);
5830
2faade53
MH		 5831 hci_dev_lock(hdev);
5832
5a154e6f
JH		 5833 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5834 if (!cmd) {
5835 err = -ENOMEM;
5836 goto unlock;
5837 }
5838
5839 cmd->cmd_complete = addr_cmd_complete;
5840
6659358e 5841 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5842 /* Only incoming connections action is supported for now */
6659358e 5843 if (cp->action != 0x01) {
9df74653
JH		 5844 err = cmd->cmd_complete(cmd,
5845 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5846 mgmt_pending_remove(cmd);
6659358e
JH		 5847 goto unlock;
5848 }
5849
5850 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5851 cp->addr.type);
5852 if (err)
5853 goto unlock;
a397407f 5854
5a154e6f 5855 __hci_update_page_scan(&req);
a397407f 5856
6659358e
JH		 5857 goto added;
5858 }
5859
2faade53
MH		 5860 if (cp->addr.type == BDADDR_LE_PUBLIC)
5861 addr_type = ADDR_LE_DEV_PUBLIC;
5862 else
5863 addr_type = ADDR_LE_DEV_RANDOM;
5864
4b9e7e75 5865 if (cp->action == 0x02)
2faade53 5866 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5867 else if (cp->action == 0x01)
5868 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5869 else
a3451d27 5870 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5871
bf5b3c8b
MH		 5872 /* If the connection parameters don't exist for this device,
5873 * they will be created and configured with defaults.
5874 */
5a154e6f 5875 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5876 auto_conn) < 0) {
9df74653 5877 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5878 mgmt_pending_remove(cmd);
2faade53
MH		 5879 goto unlock;
5880 }
5881
6659358e 5882added:
8afef092
MH		 5883 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5884
5a154e6f
JH		 5885 err = hci_req_run(&req, add_device_complete);
5886 if (err < 0) {
5887 /* ENODATA means no HCI commands were needed (e.g. if
5888 * the adapter is powered off).
5889 */
9df74653
JH		 5890 if (err == -ENODATA)
5891 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5892 mgmt_pending_remove(cmd);
5893 }
2faade53
MH		 5894
5895unlock:
5896 hci_dev_unlock(hdev);
5897 return err;
5898}
5899
8afef092
MH		 5900static void device_removed(struct sock *sk, struct hci_dev *hdev,
5901 bdaddr_t *bdaddr, u8 type)
5902{
5903 struct mgmt_ev_device_removed ev;
5904
5905 bacpy(&ev.addr.bdaddr, bdaddr);
5906 ev.addr.type = type;
5907
5908 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5909}
5910
1904a853 5911static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5912{
3b0602cd 5913 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5914
5915 BT_DBG("status 0x%02x", status);
5916
5917 hci_dev_lock(hdev);
5918
5919 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5920 if (!cmd)
5921 goto unlock;
5922
5923 cmd->cmd_complete(cmd, mgmt_status(status));
5924 mgmt_pending_remove(cmd);
5925
5926unlock:
5927 hci_dev_unlock(hdev);
5928}
5929
2faade53
MH		 5930static int remove_device(struct sock *sk, struct hci_dev *hdev,
5931 void *data, u16 len)
5932{
5933 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5934 struct mgmt_pending_cmd *cmd;
51ef3ebe 5935 struct hci_request req;
2faade53
MH		 5936 int err;
5937
5938 BT_DBG("%s", hdev->name);
5939
51ef3ebe
JH		 5940 hci_req_init(&req, hdev);
5941
2faade53
MH		 5942 hci_dev_lock(hdev);
5943
51ef3ebe
JH		 5944 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5945 if (!cmd) {
5946 err = -ENOMEM;
5947 goto unlock;
5948 }
5949
5950 cmd->cmd_complete = addr_cmd_complete;
5951
2faade53 5952 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5953 struct hci_conn_params *params;
2faade53
MH		 5954 u8 addr_type;
5955
6659358e 5956 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5957 err = cmd->cmd_complete(cmd,
5958 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5959 mgmt_pending_remove(cmd);
2faade53
MH		 5960 goto unlock;
5961 }
5962
6659358e
JH		 5963 if (cp->addr.type == BDADDR_BREDR) {
5964 err = hci_bdaddr_list_del(&hdev->whitelist,
5965 &cp->addr.bdaddr,
5966 cp->addr.type);
5967 if (err) {
9df74653
JH		 5968 err = cmd->cmd_complete(cmd,
5969 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5970 mgmt_pending_remove(cmd);
6659358e
JH		 5971 goto unlock;
5972 }
5973
51ef3ebe 5974 __hci_update_page_scan(&req);
a397407f 5975
6659358e
JH		 5976 device_removed(sk, hdev, &cp->addr.bdaddr,
5977 cp->addr.type);
5978 goto complete;
5979 }
5980
2faade53
MH		 5981 if (cp->addr.type == BDADDR_LE_PUBLIC)
5982 addr_type = ADDR_LE_DEV_PUBLIC;
5983 else
5984 addr_type = ADDR_LE_DEV_RANDOM;
5985
c71593dd
JH		 5986 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5987 addr_type);
5988 if (!params) {
9df74653
JH		 5989 err = cmd->cmd_complete(cmd,
5990 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5991 mgmt_pending_remove(cmd);
c71593dd
JH		 5992 goto unlock;
5993 }
5994
5995 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5996 err = cmd->cmd_complete(cmd,
5997 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5998 mgmt_pending_remove(cmd);
c71593dd
JH		 5999 goto unlock;
6000 }
6001
d1dbf12e 6002 list_del(&params->action);
c71593dd
JH		 6003 list_del(&params->list);
6004 kfree(params);
51ef3ebe 6005 __hci_update_background_scan(&req);
8afef092
MH		 6006
6007 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6008 } else {
19de0825 6009 struct hci_conn_params *p, *tmp;
6659358e 6010 struct bdaddr_list *b, *btmp;
19de0825 6011
2faade53 6012 if (cp->addr.type) {
9df74653
JH		 6013 err = cmd->cmd_complete(cmd,
6014 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6015 mgmt_pending_remove(cmd);
2faade53
MH		 6016 goto unlock;
6017 }
6018
6659358e
JH		 6019 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6020 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6021 list_del(&b->list);
6022 kfree(b);
6023 }
6024
51ef3ebe 6025 __hci_update_page_scan(&req);
a397407f 6026
19de0825
JH		 6027 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6028 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6029 continue;
6030 device_removed(sk, hdev, &p->addr, p->addr_type);
6031 list_del(&p->action);
6032 list_del(&p->list);
6033 kfree(p);
6034 }
6035
6036 BT_DBG("All LE connection parameters were removed");
6037
51ef3ebe 6038 __hci_update_background_scan(&req);
2faade53
MH		 6039 }
6040
6659358e 6041complete:
51ef3ebe
JH		 6042 err = hci_req_run(&req, remove_device_complete);
6043 if (err < 0) {
6044 /* ENODATA means no HCI commands were needed (e.g. if
6045 * the adapter is powered off).
6046 */
9df74653
JH		 6047 if (err == -ENODATA)
6048 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6049 mgmt_pending_remove(cmd);
6050 }
2faade53
MH		 6051
6052unlock:
6053 hci_dev_unlock(hdev);
6054 return err;
6055}
6056
a26f3dcf
JH		 6057static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6058 u16 len)
6059{
6060 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6061 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6062 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6063 u16 param_count, expected_len;
6064 int i;
6065
6066 if (!lmp_le_capable(hdev))
a69e8375
JH		 6067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6068 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6069
6070 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6071 if (param_count > max_param_count) {
6072 BT_ERR("load_conn_param: too big param_count value %u",
6073 param_count);
a69e8375
JH		 6074 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6075 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6076 }
a26f3dcf
JH		 6077
6078 expected_len = sizeof(*cp) + param_count *
6079 sizeof(struct mgmt_conn_param);
6080 if (expected_len != len) {
6081 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6082 expected_len, len);
a69e8375
JH		 6083 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6084 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6085 }
6086
6087 BT_DBG("%s param_count %u", hdev->name, param_count);
6088
6089 hci_dev_lock(hdev);
6090
6091 hci_conn_params_clear_disabled(hdev);
6092
6093 for (i = 0; i < param_count; i++) {
6094 struct mgmt_conn_param *param = &cp->params[i];
6095 struct hci_conn_params *hci_param;
6096 u16 min, max, latency, timeout;
6097 u8 addr_type;
6098
6099 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6100 param->addr.type);
6101
6102 if (param->addr.type == BDADDR_LE_PUBLIC) {
6103 addr_type = ADDR_LE_DEV_PUBLIC;
6104 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6105 addr_type = ADDR_LE_DEV_RANDOM;
6106 } else {
6107 BT_ERR("Ignoring invalid connection parameters");
6108 continue;
6109 }
6110
6111 min = le16_to_cpu(param->min_interval);
6112 max = le16_to_cpu(param->max_interval);
6113 latency = le16_to_cpu(param->latency);
6114 timeout = le16_to_cpu(param->timeout);
6115
6116 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6117 min, max, latency, timeout);
6118
6119 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6120 BT_ERR("Ignoring invalid connection parameters");
6121 continue;
6122 }
6123
6124 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6125 addr_type);
6126 if (!hci_param) {
6127 BT_ERR("Failed to add connection parameters");
6128 continue;
6129 }
6130
6131 hci_param->conn_min_interval = min;
6132 hci_param->conn_max_interval = max;
6133 hci_param->conn_latency = latency;
6134 hci_param->supervision_timeout = timeout;
6135 }
6136
6137 hci_dev_unlock(hdev);
6138
2a1afb5a
JH		 6139 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6140 NULL, 0);
a26f3dcf
JH		 6141}
6142
dbece37a
MH		 6143static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6144 void *data, u16 len)
6145{
6146 struct mgmt_cp_set_external_config *cp = data;
6147 bool changed;
6148 int err;
6149
6150 BT_DBG("%s", hdev->name);
6151
6152 if (hdev_is_powered(hdev))
a69e8375
JH		 6153 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6154 MGMT_STATUS_REJECTED);
dbece37a
MH		 6155
6156 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6157 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6158 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6159
6160 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6161 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6162 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6163
6164 hci_dev_lock(hdev);
6165
6166 if (cp->config)
238be788 6167 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6168 else
a69d8927 6169 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6170
6171 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6172 if (err < 0)
6173 goto unlock;
6174
6175 if (!changed)
6176 goto unlock;
6177
f4537c04
MH		 6178 err = new_options(hdev, sk);
6179
d7a5a11d 6180 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6181 mgmt_index_removed(hdev);
d603b76b 6182
516018a9 6183 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6184 hci_dev_set_flag(hdev, HCI_CONFIG);
6185 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6186
6187 queue_work(hdev->req_workqueue, &hdev->power_on);
6188 } else {
5ea234d3 6189 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6190 mgmt_index_added(hdev);
6191 }
dbece37a
MH		 6192 }
6193
6194unlock:
6195 hci_dev_unlock(hdev);
6196 return err;
6197}
6198
9713c17b
MH		 6199static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6200 void *data, u16 len)
6201{
6202 struct mgmt_cp_set_public_address *cp = data;
6203 bool changed;
6204 int err;
6205
6206 BT_DBG("%s", hdev->name);
6207
6208 if (hdev_is_powered(hdev))
a69e8375
JH		 6209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6210 MGMT_STATUS_REJECTED);
9713c17b
MH		 6211
6212 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6214 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6215
6216 if (!hdev->set_bdaddr)
a69e8375
JH		 6217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6218 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6219
6220 hci_dev_lock(hdev);
6221
6222 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6223 bacpy(&hdev->public_addr, &cp->bdaddr);
6224
6225 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6226 if (err < 0)
6227 goto unlock;
6228
6229 if (!changed)
6230 goto unlock;
6231
d7a5a11d 6232 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6233 err = new_options(hdev, sk);
6234
6235 if (is_configured(hdev)) {
6236 mgmt_index_removed(hdev);
6237
a358dc11 6238 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6239
a1536da2
MH		 6240 hci_dev_set_flag(hdev, HCI_CONFIG);
6241 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6242
6243 queue_work(hdev->req_workqueue, &hdev->power_on);
6244 }
6245
6246unlock:
6247 hci_dev_unlock(hdev);
6248 return err;
6249}
6250
6d785aa3 6251static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6252 { NULL }, /* 0x0000 (no command) */
b9a245fb 6253 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6254 HCI_MGMT_NO_HDEV |
6255 HCI_MGMT_UNTRUSTED },
b9a245fb 6256 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6257 HCI_MGMT_NO_HDEV |
6258 HCI_MGMT_UNTRUSTED },
b9a245fb 6259 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6260 HCI_MGMT_NO_HDEV |
6261 HCI_MGMT_UNTRUSTED },
6262 { read_controller_info, MGMT_READ_INFO_SIZE,
6263 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6264 { set_powered, MGMT_SETTING_SIZE },
6265 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6266 { set_connectable, MGMT_SETTING_SIZE },
6267 { set_fast_connectable, MGMT_SETTING_SIZE },
6268 { set_bondable, MGMT_SETTING_SIZE },
6269 { set_link_security, MGMT_SETTING_SIZE },
6270 { set_ssp, MGMT_SETTING_SIZE },
6271 { set_hs, MGMT_SETTING_SIZE },
6272 { set_le, MGMT_SETTING_SIZE },
6273 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6274 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6275 { add_uuid, MGMT_ADD_UUID_SIZE },
6276 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6277 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6278 HCI_MGMT_VAR_LEN },
6279 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6280 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6281 { disconnect, MGMT_DISCONNECT_SIZE },
6282 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6283 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6284 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6285 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6286 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6287 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6288 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6289 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6290 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6291 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6292 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6293 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6294 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6295 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6296 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6297 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6298 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6299 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6300 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6301 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6302 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6303 { set_advertising, MGMT_SETTING_SIZE },
6304 { set_bredr, MGMT_SETTING_SIZE },
6305 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6306 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6307 { set_secure_conn, MGMT_SETTING_SIZE },
6308 { set_debug_keys, MGMT_SETTING_SIZE },
6309 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6310 { load_irks, MGMT_LOAD_IRKS_SIZE,
6311 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6312 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6313 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6314 { add_device, MGMT_ADD_DEVICE_SIZE },
6315 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6316 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6317 HCI_MGMT_VAR_LEN },
6318 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6319 HCI_MGMT_NO_HDEV |
6320 HCI_MGMT_UNTRUSTED },
b9a245fb 6321 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6322 HCI_MGMT_UNCONFIGURED |
6323 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6324 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6325 HCI_MGMT_UNCONFIGURED },
6326 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6327 HCI_MGMT_UNCONFIGURED },
6328 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6329 HCI_MGMT_VAR_LEN },
96f1474a
MH		 6330 { NULL },
6331 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6332 HCI_MGMT_NO_HDEV |
6333 HCI_MGMT_UNTRUSTED },
0f4e68cf
JH		 6334};
6335
6d785aa3
JH		 6336int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6337 struct msghdr *msg, size_t msglen)
0381101f 6338{
650f726d
VCG		 6339 void *buf;
6340 u8 *cp;
0381101f 6341 struct mgmt_hdr *hdr;
4e51eae9 6342 u16 opcode, index, len;
bdb6d971 6343 struct hci_dev *hdev = NULL;
6d785aa3 6344 const struct hci_mgmt_handler *handler;
b9a245fb 6345 bool var_len, no_hdev;
0381101f
JH		 6346 int err;
6347
6348 BT_DBG("got %zu bytes", msglen);
6349
6350 if (msglen < sizeof(*hdr))
6351 return -EINVAL;
6352
e63a15ec 6353 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6354 if (!buf)
6355 return -ENOMEM;
6356
6ce8e9ce 6357 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6358 err = -EFAULT;
6359 goto done;
6360 }
6361
650f726d 6362 hdr = buf;
1f350c87
MH		 6363 opcode = __le16_to_cpu(hdr->opcode);
6364 index = __le16_to_cpu(hdr->index);
6365 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6366
6367 if (len != msglen - sizeof(*hdr)) {
6368 err = -EINVAL;
6369 goto done;
6370 }
6371
b9a245fb
JH		 6372 if (opcode >= chan->handler_count ||
6373 chan->handlers[opcode].func == NULL) {
6374 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6375 err = mgmt_cmd_status(sk, index, opcode,
6376 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6377 goto done;
6378 }
6379
6380 handler = &chan->handlers[opcode];
6381
0f4e68cf 6382 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6383 hdev = hci_dev_get(index);
6384 if (!hdev) {
a69e8375
JH		 6385 err = mgmt_cmd_status(sk, index, opcode,
6386 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6387 goto done;
6388 }
0736cfa8 6389
d7a5a11d
MH		 6390 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
6391 hci_dev_test_flag(hdev, HCI_CONFIG) ||
6392 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
a69e8375
JH		 6393 err = mgmt_cmd_status(sk, index, opcode,
6394 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6395 goto done;
6396 }
42a9bc14 6397
d7a5a11d 6398 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
b9a245fb 6399 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6400 err = mgmt_cmd_status(sk, index, opcode,
6401 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6402 goto done;
6403 }
bdb6d971
JH		 6404 }
6405
b9a245fb
JH		 6406 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6407 if (no_hdev != !hdev) {
a69e8375
JH		 6408 err = mgmt_cmd_status(sk, index, opcode,
6409 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6410 goto done;
0381101f
JH		 6411 }
6412
b9a245fb
JH		 6413 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6414 if ((var_len && len < handler->data_len) ||
6415 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6416 err = mgmt_cmd_status(sk, index, opcode,
6417 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6418 goto done;
6419 }
6420
0f4e68cf
JH		 6421 if (hdev)
6422 mgmt_init_hdev(sk, hdev);
6423
6424 cp = buf + sizeof(*hdr);
6425
be22b54e 6426 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6427 if (err < 0)
6428 goto done;
6429
0381101f
JH		 6430 err = msglen;
6431
6432done:
bdb6d971
JH		 6433 if (hdev)
6434 hci_dev_put(hdev);
6435
0381101f
JH		 6436 kfree(buf);
6437 return err;
6438}
c71e97bf 6439
bf6b56db 6440void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6441{
ced85549 6442 struct mgmt_ev_ext_index ev;
bb4b2a9a 6443
0602a8ad
MH		 6444 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6445 return;
6446
f9207338
MH		 6447 switch (hdev->dev_type) {
6448 case HCI_BREDR:
6449 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6450 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6451 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6452 ev.type = 0x01;
f9207338
MH		 6453 } else {
6454 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6455 HCI_MGMT_INDEX_EVENTS);
ced85549 6456 ev.type = 0x00;
f9207338
MH		 6457 }
6458 break;
ced85549
MH		 6459 case HCI_AMP:
6460 ev.type = 0x02;
6461 break;
6462 default:
6463 return;
f9207338 6464 }
ced85549
MH		 6465
6466 ev.bus = hdev->bus;
6467
6468 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6469 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6470}
6471
bf6b56db 6472void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6473{
ced85549 6474 struct mgmt_ev_ext_index ev;
5f159032 6475 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6476
0602a8ad
MH		 6477 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6478 return;
6479
f9207338
MH		 6480 switch (hdev->dev_type) {
6481 case HCI_BREDR:
6482 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6483
f9207338
MH		 6484 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6485 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6486 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6487 ev.type = 0x01;
f9207338
MH		 6488 } else {
6489 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6490 HCI_MGMT_INDEX_EVENTS);
ced85549 6491 ev.type = 0x00;
f9207338
MH		 6492 }
6493 break;
ced85549
MH		 6494 case HCI_AMP:
6495 ev.type = 0x02;
6496 break;
6497 default:
6498 return;
f9207338 6499 }
ced85549
MH		 6500
6501 ev.bus = hdev->bus;
6502
6503 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6504 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6505}
6506
6046dc3e 6507/* This function requires the caller holds hdev->lock */
2cf22218 6508static void restart_le_actions(struct hci_request *req)
6046dc3e 6509{
2cf22218 6510 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6511 struct hci_conn_params *p;
6512
6513 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6514 /* Needed for AUTO_OFF case where might not "really"
6515 * have been powered off.
6516 */
6517 list_del_init(&p->action);
6518
6519 switch (p->auto_connect) {
4b9e7e75 6520 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6521 case HCI_AUTO_CONN_ALWAYS:
6522 list_add(&p->action, &hdev->pend_le_conns);
6523 break;
6524 case HCI_AUTO_CONN_REPORT:
6525 list_add(&p->action, &hdev->pend_le_reports);
6526 break;
6527 default:
6528 break;
c83ed19d 6529 }
6046dc3e 6530 }
c83ed19d 6531
2cf22218 6532 __hci_update_background_scan(req);
6046dc3e
AG		 6533}
6534
1904a853 6535static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6536{
6537 struct cmd_lookup match = { NULL, hdev };
6538
6539 BT_DBG("status 0x%02x", status);
6540
162a3bac
MH		 6541 if (!status) {
6542 /* Register the available SMP channels (BR/EDR and LE) only
6543 * when successfully powering on the controller. This late
6544 * registration is required so that LE SMP can clearly
6545 * decide if the public address or static address is used.
6546 */
6547 smp_register(hdev);
6548 }
6549
229ab39c
JH		 6550 hci_dev_lock(hdev);
6551
6552 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6553
6554 new_settings(hdev, match.sk);
6555
6556 hci_dev_unlock(hdev);
6557
6558 if (match.sk)
6559 sock_put(match.sk);
6560}
6561
70da6243 6562static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6563{
890ea898 6564 struct hci_request req;
70da6243 6565 u8 link_sec;
5add6af8 6566
890ea898
JH		 6567 hci_req_init(&req, hdev);
6568
d7a5a11d 6569 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6570 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6571 u8 mode = 0x01;
5e5282bb 6572
574ea3c7
MH		 6573 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6574
6575 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6576 u8 support = 0x01;
5add6af8 6577
574ea3c7
MH		 6578 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6579 sizeof(support), &support);
6580 }
ec6f99b8
JH		 6581 }
6582
d7a5a11d 6583 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6584 lmp_bredr_capable(hdev)) {
70da6243 6585 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6586
32226e4f
MH		 6587 cp.le = 0x01;
6588 cp.simul = 0x00;
3d1cbdd6 6589
70da6243
JH		 6590 /* Check first if we already have the right
6591 * host state (host features set)
6592 */
6593 if (cp.le != lmp_host_le_capable(hdev) ||
6594 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6595 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6596 sizeof(cp), &cp);
70da6243 6597 }
3d1cbdd6 6598
d13eafce 6599 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6600 /* Make sure the controller has a good default for
6601 * advertising data. This also applies to the case
6602 * where BR/EDR was toggled during the AUTO_OFF phase.
6603 */
d7a5a11d 6604 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6605 update_adv_data(&req);
f14d8f64
MH		 6606 update_scan_rsp_data(&req);
6607 }
441ad2d0 6608
d7a5a11d 6609 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 6610 enable_advertising(&req);
2cf22218
JH		 6611
6612 restart_le_actions(&req);
eeca6f89
JH		 6613 }
6614
d7a5a11d 6615 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6616 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6617 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6618 sizeof(link_sec), &link_sec);
562fcc24 6619
70da6243 6620 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6621 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6622 write_fast_connectable(&req, true);
6623 else
6624 write_fast_connectable(&req, false);
1d2dc5b7 6625 __hci_update_page_scan(&req);
890ea898 6626 update_class(&req);
13928971 6627 update_name(&req);
890ea898 6628 update_eir(&req);
70da6243 6629 }
562fcc24 6630
229ab39c 6631 return hci_req_run(&req, powered_complete);
70da6243 6632}
562fcc24 6633
70da6243
JH		 6634int mgmt_powered(struct hci_dev *hdev, u8 powered)
6635{
6636 struct cmd_lookup match = { NULL, hdev };
9845904f 6637 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6638 int err;
f0ff92fb 6639
d7a5a11d 6640 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6641 return 0;
6642
70da6243 6643 if (powered) {
229ab39c
JH		 6644 if (powered_update_hci(hdev) == 0)
6645 return 0;
fe038884 6646
229ab39c
JH		 6647 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6648 &match);
6649 goto new_settings;
b24752fe
JH		 6650 }
6651
229ab39c 6652 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6653
6654 /* If the power off is because of hdev unregistration let
6655 * use the appropriate INVALID_INDEX status. Otherwise use
6656 * NOT_POWERED. We cover both scenarios here since later in
6657 * mgmt_index_removed() any hci_conn callbacks will have already
6658 * been triggered, potentially causing misleading DISCONNECTED
6659 * status responses.
6660 */
d7a5a11d 6661 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6662 status = MGMT_STATUS_INVALID_INDEX;
6663 else
6664 status = MGMT_STATUS_NOT_POWERED;
6665
6666 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6667
6668 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6669 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6670 zero_cod, sizeof(zero_cod), NULL);
6671
6672new_settings:
beadb2bd 6673 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6674
6675 if (match.sk)
6676 sock_put(match.sk);
6677
7bb895d6 6678 return err;
5add6af8 6679}
73f22f62 6680
3eec705e 6681void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6682{
3b0602cd 6683 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6684 u8 status;
6685
6686 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6687 if (!cmd)
3eec705e 6688 return;
96570ffc
JH		 6689
6690 if (err == -ERFKILL)
6691 status = MGMT_STATUS_RFKILLED;
6692 else
6693 status = MGMT_STATUS_FAILED;
6694
a69e8375 6695 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6696
6697 mgmt_pending_remove(cmd);
96570ffc
JH		 6698}
6699
d1967ff8
MH		 6700void mgmt_discoverable_timeout(struct hci_dev *hdev)
6701{
6702 struct hci_request req;
d1967ff8
MH		 6703
6704 hci_dev_lock(hdev);
6705
6706 /* When discoverable timeout triggers, then just make sure
6707 * the limited discoverable flag is cleared. Even in the case
6708 * of a timeout triggered from general discoverable, it is
6709 * safe to unconditionally clear the flag.
6710 */
a358dc11
MH		 6711 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6712 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6713
6714 hci_req_init(&req, hdev);
d7a5a11d 6715 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6716 u8 scan = SCAN_PAGE;
6717 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6718 sizeof(scan), &scan);
6719 }
d1967ff8 6720 update_class(&req);
9a43e25f 6721 update_adv_data(&req);
d1967ff8
MH		 6722 hci_req_run(&req, NULL);
6723
6724 hdev->discov_timeout = 0;
6725
9a43e25f
JH		 6726 new_settings(hdev, NULL);
6727
d1967ff8
MH		 6728 hci_dev_unlock(hdev);
6729}
6730
dc4a5ee2
MH		 6731void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6732 bool persistent)
55ed8ca1 6733{
86742e1e 6734 struct mgmt_ev_new_link_key ev;
55ed8ca1 6735
a492cd52 6736 memset(&ev, 0, sizeof(ev));
55ed8ca1 6737
a492cd52 6738 ev.store_hint = persistent;
d753fdc4 6739 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6740 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6741 ev.key.type = key->type;
9b3b4460 6742 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6743 ev.key.pin_len = key->pin_len;
55ed8ca1 6744
dc4a5ee2 6745 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6746}
f7520543 6747
d7b25450
JH		 6748static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6749{
23fb8de3
JH		 6750 switch (ltk->type) {
6751 case SMP_LTK:
6752 case SMP_LTK_SLAVE:
6753 if (ltk->authenticated)
6754 return MGMT_LTK_AUTHENTICATED;
6755 return MGMT_LTK_UNAUTHENTICATED;
6756 case SMP_LTK_P256:
6757 if (ltk->authenticated)
6758 return MGMT_LTK_P256_AUTH;
6759 return MGMT_LTK_P256_UNAUTH;
6760 case SMP_LTK_P256_DEBUG:
6761 return MGMT_LTK_P256_DEBUG;
6762 }
d7b25450
JH		 6763
6764 return MGMT_LTK_UNAUTHENTICATED;
6765}
6766
53ac6ab6 6767void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6768{
6769 struct mgmt_ev_new_long_term_key ev;
6770
6771 memset(&ev, 0, sizeof(ev));
6772
5192d301
MH		 6773 /* Devices using resolvable or non-resolvable random addresses
6774 * without providing an indentity resolving key don't require
6775 * to store long term keys. Their addresses will change the
6776 * next time around.
6777 *
6778 * Only when a remote device provides an identity address
6779 * make sure the long term key is stored. If the remote
6780 * identity is known, the long term keys are internally
6781 * mapped to the identity address. So allow static random
6782 * and public addresses here.
6783 */
ba74b666
JH		 6784 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6785 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6786 ev.store_hint = 0x00;
6787 else
53ac6ab6 6788 ev.store_hint = persistent;
ba74b666 6789
346af67b 6790 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6791 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6792 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6793 ev.key.enc_size = key->enc_size;
6794 ev.key.ediv = key->ediv;
fe39c7b2 6795 ev.key.rand = key->rand;
346af67b 6796
2ceba539 6797 if (key->type == SMP_LTK)
346af67b
VCG		 6798 ev.key.master = 1;
6799
346af67b
VCG		 6800 memcpy(ev.key.val, key->val, sizeof(key->val));
6801
083368f7 6802 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6803}
6804
95fbac8a
JH		 6805void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6806{
6807 struct mgmt_ev_new_irk ev;
6808
6809 memset(&ev, 0, sizeof(ev));
6810
bab6d1e5
MH		 6811 /* For identity resolving keys from devices that are already
6812 * using a public address or static random address, do not
6813 * ask for storing this key. The identity resolving key really
6814 * is only mandatory for devices using resovlable random
6815 * addresses.
6816 *
6817 * Storing all identity resolving keys has the downside that
6818 * they will be also loaded on next boot of they system. More
6819 * identity resolving keys, means more time during scanning is
6820 * needed to actually resolve these addresses.
6821 */
6822 if (bacmp(&irk->rpa, BDADDR_ANY))
6823 ev.store_hint = 0x01;
6824 else
6825 ev.store_hint = 0x00;
6826
95fbac8a
JH		 6827 bacpy(&ev.rpa, &irk->rpa);
6828 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6829 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6830 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6831
6832 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6833}
6834
53ac6ab6
MH		 6835void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6836 bool persistent)
7ee4ea36
MH		 6837{
6838 struct mgmt_ev_new_csrk ev;
6839
6840 memset(&ev, 0, sizeof(ev));
6841
6842 /* Devices using resolvable or non-resolvable random addresses
6843 * without providing an indentity resolving key don't require
6844 * to store signature resolving keys. Their addresses will change
6845 * the next time around.
6846 *
6847 * Only when a remote device provides an identity address
6848 * make sure the signature resolving key is stored. So allow
6849 * static random and public addresses here.
6850 */
6851 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6852 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6853 ev.store_hint = 0x00;
6854 else
53ac6ab6 6855 ev.store_hint = persistent;
7ee4ea36
MH		 6856
6857 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6858 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6859 ev.key.type = csrk->type;
7ee4ea36
MH		 6860 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6861
6862 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6863}
6864
ffb5a827 6865void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6866 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6867 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6868{
6869 struct mgmt_ev_new_conn_param ev;
6870
c103aea6
JH		 6871 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6872 return;
6873
ffb5a827
AG		 6874 memset(&ev, 0, sizeof(ev));
6875 bacpy(&ev.addr.bdaddr, bdaddr);
6876 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6877 ev.store_hint = store_hint;
ffb5a827
AG		 6878 ev.min_interval = cpu_to_le16(min_interval);
6879 ev.max_interval = cpu_to_le16(max_interval);
6880 ev.latency = cpu_to_le16(latency);
6881 ev.timeout = cpu_to_le16(timeout);
6882
6883 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6884}
6885
94933991
MH		 6886static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6887 u8 data_len)
6888{
6889 eir[eir_len++] = sizeof(type) + data_len;
6890 eir[eir_len++] = type;
6891 memcpy(&eir[eir_len], data, data_len);
6892 eir_len += data_len;
6893
6894 return eir_len;
6895}
6896
48ec92fa
AA		 6897void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6898 u32 flags, u8 *name, u8 name_len)
f7520543 6899{
b644ba33
JH		 6900 char buf[512];
6901 struct mgmt_ev_device_connected *ev = (void *) buf;
6902 u16 eir_len = 0;
f7520543 6903
48ec92fa
AA		 6904 bacpy(&ev->addr.bdaddr, &conn->dst);
6905 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6906
c95f0ba7 6907 ev->flags = __cpu_to_le32(flags);
08c79b61 6908
fd45ada9
AA		 6909 /* We must ensure that the EIR Data fields are ordered and
6910 * unique. Keep it simple for now and avoid the problem by not
6911 * adding any BR/EDR data to the LE adv.
6912 */
6913 if (conn->le_adv_data_len > 0) {
6914 memcpy(&ev->eir[eir_len],
6915 conn->le_adv_data, conn->le_adv_data_len);
6916 eir_len = conn->le_adv_data_len;
6917 } else {
6918 if (name_len > 0)
6919 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6920 name, name_len);
b644ba33 6921
ddbea5cf 6922 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6923 eir_len = eir_append_data(ev->eir, eir_len,
6924 EIR_CLASS_OF_DEV,
6925 conn->dev_class, 3);
6926 }
b644ba33 6927
eb55ef07 6928 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6929
ecd90ae7
MH		 6930 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6931 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6932}
6933
3b0602cd 6934static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6935{
8962ee74 6936 struct sock **sk = data;
8962ee74 6937
f5818c22 6938 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6939
6940 *sk = cmd->sk;
6941 sock_hold(*sk);
6942
a664b5bc 6943 mgmt_pending_remove(cmd);
8962ee74
JH		 6944}
6945
3b0602cd 6946static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6947{
b1078ad0 6948 struct hci_dev *hdev = data;
124f6e35 6949 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6950
b1078ad0
JH		 6951 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6952
d8b7b1e4 6953 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6954 mgmt_pending_remove(cmd);
6955}
6956
84c61d92
JH		 6957bool mgmt_powering_down(struct hci_dev *hdev)
6958{
3b0602cd 6959 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6960 struct mgmt_mode *cp;
6961
6962 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6963 if (!cmd)
6964 return false;
6965
6966 cp = cmd->param;
6967 if (!cp->val)
6968 return true;
6969
6970 return false;
6971}
6972
9b80ec5e 6973void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6974 u8 link_type, u8 addr_type, u8 reason,
6975 bool mgmt_connected)
f7520543 6976{
f0d6a0ea 6977 struct mgmt_ev_device_disconnected ev;
8962ee74 6978 struct sock *sk = NULL;
8962ee74 6979
84c61d92
JH		 6980 /* The connection is still in hci_conn_hash so test for 1
6981 * instead of 0 to know if this is the last one.
6982 */
6983 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6984 cancel_delayed_work(&hdev->power_off);
6985 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6986 }
6987
12d4a3b2
JH		 6988 if (!mgmt_connected)
6989 return;
6990
57eb776f
AG		 6991 if (link_type != ACL_LINK && link_type != LE_LINK)
6992 return;
6993
744cf19e 6994 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6995
f0d6a0ea
MA		 6996 bacpy(&ev.addr.bdaddr, bdaddr);
6997 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6998 ev.reason = reason;
f7520543 6999
9b80ec5e 7000 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7001
7002 if (sk)
d97dcb66 7003 sock_put(sk);
8962ee74 7004
124f6e35 7005 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7006 hdev);
8962ee74
JH		 7007}
7008
7892924c
MH		 7009void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7010 u8 link_type, u8 addr_type, u8 status)
8962ee74 7011{
3655bba8
AG		 7012 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7013 struct mgmt_cp_disconnect *cp;
3b0602cd 7014 struct mgmt_pending_cmd *cmd;
8962ee74 7015
36a75f1b
JD		 7016 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7017 hdev);
7018
2e58ef3e 7019 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7020 if (!cmd)
7892924c 7021 return;
8962ee74 7022
3655bba8
AG		 7023 cp = cmd->param;
7024
7025 if (bacmp(bdaddr, &cp->addr.bdaddr))
7026 return;
7027
7028 if (cp->addr.type != bdaddr_type)
7029 return;
7030
f5818c22 7031 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7032 mgmt_pending_remove(cmd);
f7520543 7033}
17d5c04c 7034
445608d0
MH		 7035void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7036 u8 addr_type, u8 status)
17d5c04c
JH		 7037{
7038 struct mgmt_ev_connect_failed ev;
c9910d0f 7039
84c61d92
JH		 7040 /* The connection is still in hci_conn_hash so test for 1
7041 * instead of 0 to know if this is the last one.
7042 */
7043 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7044 cancel_delayed_work(&hdev->power_off);
7045 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7046 }
17d5c04c 7047
4c659c39 7048 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7049 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7050 ev.status = mgmt_status(status);
17d5c04c 7051
445608d0 7052 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7053}
980e1a53 7054
ce0e4a0d 7055void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7056{
7057 struct mgmt_ev_pin_code_request ev;
7058
d8457698 7059 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7060 ev.addr.type = BDADDR_BREDR;
a770bb5a 7061 ev.secure = secure;
980e1a53 7062
ce0e4a0d 7063 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7064}
7065
e669cf80
MH		 7066void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7067 u8 status)
980e1a53 7068{
3b0602cd 7069 struct mgmt_pending_cmd *cmd;
980e1a53 7070
2e58ef3e 7071 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7072 if (!cmd)
e669cf80 7073 return;
980e1a53 7074
7776d1d8 7075 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7076 mgmt_pending_remove(cmd);
980e1a53
JH		 7077}
7078
3eb38528
MH		 7079void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7080 u8 status)
980e1a53 7081{
3b0602cd 7082 struct mgmt_pending_cmd *cmd;
980e1a53 7083
2e58ef3e 7084 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7085 if (!cmd)
3eb38528 7086 return;
980e1a53 7087
7776d1d8 7088 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7089 mgmt_pending_remove(cmd);
980e1a53 7090}
a5c29683 7091
744cf19e 7092int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7093 u8 link_type, u8 addr_type, u32 value,
04124681 7094 u8 confirm_hint)
a5c29683
JH		 7095{
7096 struct mgmt_ev_user_confirm_request ev;
7097
744cf19e 7098 BT_DBG("%s", hdev->name);
a5c29683 7099
272d90df 7100 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7101 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7102 ev.confirm_hint = confirm_hint;
39adbffe 7103 ev.value = cpu_to_le32(value);
a5c29683 7104
744cf19e 7105 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7106 NULL);
a5c29683
JH		 7107}
7108
272d90df 7109int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7110 u8 link_type, u8 addr_type)
604086b7
BG		 7111{
7112 struct mgmt_ev_user_passkey_request ev;
7113
7114 BT_DBG("%s", hdev->name);
7115
272d90df 7116 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7117 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7118
7119 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7120 NULL);
604086b7
BG		 7121}
7122
0df4c185 7123static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7124 u8 link_type, u8 addr_type, u8 status,
7125 u8 opcode)
a5c29683 7126{
3b0602cd 7127 struct mgmt_pending_cmd *cmd;
a5c29683 7128
2e58ef3e 7129 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 7130 if (!cmd)
7131 return -ENOENT;
7132
7776d1d8 7133 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7134 mgmt_pending_remove(cmd);
a5c29683 7135
7776d1d8 7136 return 0;
a5c29683
JH		 7137}
7138
744cf19e 7139int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7140 u8 link_type, u8 addr_type, u8 status)
a5c29683 7141{
272d90df 7142 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7143 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7144}
7145
272d90df 7146int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7147 u8 link_type, u8 addr_type, u8 status)
a5c29683 7148{
272d90df 7149 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7150 status,
7151 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7152}
2a611692 7153
604086b7 7154int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7155 u8 link_type, u8 addr_type, u8 status)
604086b7 7156{
272d90df 7157 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7158 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7159}
7160
272d90df 7161int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7162 u8 link_type, u8 addr_type, u8 status)
604086b7 7163{
272d90df 7164 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7165 status,
7166 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7167}
7168
92a25256
JH		 7169int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7170 u8 link_type, u8 addr_type, u32 passkey,
7171 u8 entered)
7172{
7173 struct mgmt_ev_passkey_notify ev;
7174
7175 BT_DBG("%s", hdev->name);
7176
7177 bacpy(&ev.addr.bdaddr, bdaddr);
7178 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7179 ev.passkey = __cpu_to_le32(passkey);
7180 ev.entered = entered;
7181
7182 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7183}
7184
e1e930f5 7185void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7186{
7187 struct mgmt_ev_auth_failed ev;
3b0602cd 7188 struct mgmt_pending_cmd *cmd;
e1e930f5 7189 u8 status = mgmt_status(hci_status);
2a611692 7190
e1e930f5
JH		 7191 bacpy(&ev.addr.bdaddr, &conn->dst);
7192 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7193 ev.status = status;
2a611692 7194
e1e930f5
JH		 7195 cmd = find_pairing(conn);
7196
7197 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7198 cmd ? cmd->sk : NULL);
7199
a511b35b
JH		 7200 if (cmd) {
7201 cmd->cmd_complete(cmd, status);
7202 mgmt_pending_remove(cmd);
7203 }
2a611692 7204}
b312b161 7205
464996ae 7206void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7207{
7208 struct cmd_lookup match = { NULL, hdev };
464996ae 7209 bool changed;
33ef95ed
JH		 7210
7211 if (status) {
7212 u8 mgmt_err = mgmt_status(status);
7213 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7214 cmd_status_rsp, &mgmt_err);
464996ae 7215 return;
33ef95ed
JH		 7216 }
7217
464996ae 7218 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7219 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7220 else
a69d8927 7221 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7222
33ef95ed 7223 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7224 &match);
33ef95ed 7225
47990ea0 7226 if (changed)
464996ae 7227 new_settings(hdev, match.sk);
33ef95ed
JH		 7228
7229 if (match.sk)
7230 sock_put(match.sk);
33ef95ed
JH		 7231}
7232
890ea898 7233static void clear_eir(struct hci_request *req)
cacaf52f 7234{
890ea898 7235 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7236 struct hci_cp_write_eir cp;
7237
976eb20e 7238 if (!lmp_ext_inq_capable(hdev))
890ea898 7239 return;
cacaf52f 7240
c80da27e
JH		 7241 memset(hdev->eir, 0, sizeof(hdev->eir));
7242
cacaf52f
JH		 7243 memset(&cp, 0, sizeof(cp));
7244
890ea898 7245 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7246}
7247
3e248560 7248void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7249{
7250 struct cmd_lookup match = { NULL, hdev };
890ea898 7251 struct hci_request req;
c0ecddc2 7252 bool changed = false;
ed2c4ee3
JH		 7253
7254 if (status) {
7255 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7256
a69d8927
MH		 7257 if (enable && hci_dev_test_and_clear_flag(hdev,
7258 HCI_SSP_ENABLED)) {
a358dc11 7259 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7260 new_settings(hdev, NULL);
9ecb3e24 7261 }
c0ecddc2 7262
04124681
GP		 7263 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7264 &mgmt_err);
3e248560 7265 return;
c0ecddc2
JH		 7266 }
7267
7268 if (enable) {
238be788 7269 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7270 } else {
a69d8927 7271 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7272 if (!changed)
a69d8927
MH		 7273 changed = hci_dev_test_and_clear_flag(hdev,
7274 HCI_HS_ENABLED);
9ecb3e24 7275 else
a358dc11 7276 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7277 }
7278
7279 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7280
c0ecddc2 7281 if (changed)
3e248560 7282 new_settings(hdev, match.sk);
ed2c4ee3 7283
5fc6ebb1 7284 if (match.sk)
ed2c4ee3
JH		 7285 sock_put(match.sk);
7286
890ea898
JH		 7287 hci_req_init(&req, hdev);
7288
d7a5a11d
MH		 7289 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7290 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7291 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7292 sizeof(enable), &enable);
890ea898 7293 update_eir(&req);
3769972b 7294 } else {
890ea898 7295 clear_eir(&req);
3769972b 7296 }
890ea898
JH		 7297
7298 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7299}
7300
3b0602cd 7301static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7302{
7303 struct cmd_lookup *match = data;
7304
90e70454
JH		 7305 if (match->sk == NULL) {
7306 match->sk = cmd->sk;
7307 sock_hold(match->sk);
7308 }
90e70454
JH		 7309}
7310
4e1b0245
MH		 7311void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7312 u8 status)
7f9a903c 7313{
90e70454 7314 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7315
92da6097
JH		 7316 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7317 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7318 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7319
7320 if (!status)
4e1b0245
MH		 7321 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7322 NULL);
90e70454
JH		 7323
7324 if (match.sk)
7325 sock_put(match.sk);
7f9a903c
MH		 7326}
7327
7667da34 7328void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7329{
b312b161 7330 struct mgmt_cp_set_local_name ev;
3b0602cd 7331 struct mgmt_pending_cmd *cmd;
28cc7bde 7332
13928971 7333 if (status)
7667da34 7334 return;
b312b161
JH		 7335
7336 memset(&ev, 0, sizeof(ev));
7337 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7338 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7339
2e58ef3e 7340 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7341 if (!cmd) {
7342 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7343
13928971
JH		 7344 /* If this is a HCI command related to powering on the
7345 * HCI dev don't send any mgmt signals.
7346 */
7347 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7348 return;
890ea898 7349 }
b312b161 7350
7667da34
MH		 7351 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7352 cmd ? cmd->sk : NULL);
b312b161 7353}
c35938b2 7354
4d2d2796 7355void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7356 u8 *rand192, u8 *hash256, u8 *rand256,
7357 u8 status)
c35938b2 7358{
3b0602cd 7359 struct mgmt_pending_cmd *cmd;
c35938b2 7360
744cf19e 7361 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7362
2e58ef3e 7363 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7364 if (!cmd)
3edaf092 7365 return;
c35938b2
SJ		 7366
7367 if (status) {
a69e8375
JH		 7368 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7369 mgmt_status(status));
c35938b2 7370 } else {
66f096f7
JH		 7371 struct mgmt_rp_read_local_oob_data rp;
7372 size_t rp_size = sizeof(rp);
4d2d2796 7373
66f096f7
JH		 7374 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7375 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7376
66f096f7 7377 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7378 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7379 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7380 } else {
66f096f7 7381 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7382 }
66f096f7 7383
2a1afb5a
JH		 7384 mgmt_cmd_complete(cmd->sk, hdev->id,
7385 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7386 &rp, rp_size);
c35938b2
SJ		 7387 }
7388
7389 mgmt_pending_remove(cmd);
c35938b2 7390}
e17acd40 7391
799ce93d
JP		 7392static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7393{
7394 int i;
7395
7396 for (i = 0; i < uuid_count; i++) {
7397 if (!memcmp(uuid, uuids[i], 16))
7398 return true;
7399 }
7400
7401 return false;
7402}
7403
b487b9ce
MH		 7404static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7405{
799ce93d
JP		 7406 u16 parsed = 0;
7407
7408 while (parsed < eir_len) {
7409 u8 field_len = eir[0];
7410 u8 uuid[16];
7411 int i;
7412
7413 if (field_len == 0)
7414 break;
7415
7416 if (eir_len - parsed < field_len + 1)
7417 break;
7418
7419 switch (eir[1]) {
7420 case EIR_UUID16_ALL:
7421 case EIR_UUID16_SOME:
7422 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7423 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7424 uuid[13] = eir[i + 3];
7425 uuid[12] = eir[i + 2];
7426 if (has_uuid(uuid, uuid_count, uuids))
7427 return true;
7428 }
7429 break;
7430 case EIR_UUID32_ALL:
7431 case EIR_UUID32_SOME:
7432 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7433 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7434 uuid[15] = eir[i + 5];
7435 uuid[14] = eir[i + 4];
7436 uuid[13] = eir[i + 3];
7437 uuid[12] = eir[i + 2];
7438 if (has_uuid(uuid, uuid_count, uuids))
7439 return true;
7440 }
7441 break;
7442 case EIR_UUID128_ALL:
7443 case EIR_UUID128_SOME:
7444 for (i = 0; i + 17 <= field_len; i += 16) {
7445 memcpy(uuid, eir + i + 2, 16);
7446 if (has_uuid(uuid, uuid_count, uuids))
7447 return true;
7448 }
7449 break;
7450 }
7451
7452 parsed += field_len + 1;
7453 eir += field_len + 1;
7454 }
7455
b487b9ce
MH		 7456 return false;
7457}
7458
4b0e0ced
JP		 7459static void restart_le_scan(struct hci_dev *hdev)
7460{
7461 /* If controller is not scanning we are done. */
d7a5a11d 7462 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7463 return;
7464
7465 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7466 hdev->discovery.scan_start +
7467 hdev->discovery.scan_duration))
7468 return;
7469
7470 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7471 DISCOV_LE_RESTART_DELAY);
7472}
7473
48f86b7f
JP		 7474static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7475 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7476{
48f86b7f
JP		 7477 /* If a RSSI threshold has been specified, and
7478 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7479 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7480 * is set, let it through for further processing, as we might need to
7481 * restart the scan.
efb2513f
MH		 7482 *
7483 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7484 * the results are also dropped.
bda157a4
MH		 7485 */
7486 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7487 (rssi == HCI_RSSI_INVALID ||
7488 (rssi < hdev->discovery.rssi &&
7489 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7490 return false;
efb2513f 7491
2976cdeb
JP		 7492 if (hdev->discovery.uuid_count != 0) {
7493 /* If a list of UUIDs is provided in filter, results with no
7494 * matching UUID should be dropped.
b487b9ce 7495 */
2976cdeb
JP		 7496 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7497 hdev->discovery.uuids) &&
7498 !eir_has_uuids(scan_rsp, scan_rsp_len,
7499 hdev->discovery.uuid_count,
7500 hdev->discovery.uuids))
7501 return false;
b487b9ce 7502 }
5d2e9fad 7503
2976cdeb
JP		 7504 /* If duplicate filtering does not report RSSI changes, then restart
7505 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7506 */
2976cdeb
JP		 7507 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7508 restart_le_scan(hdev);
7509
7510 /* Validate RSSI value against the RSSI threshold once more. */
7511 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7512 rssi < hdev->discovery.rssi)
7513 return false;
7514 }
48f86b7f
JP		 7515
7516 return true;
7517}
7518
7519void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7520 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7521 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7522{
7523 char buf[512];
7524 struct mgmt_ev_device_found *ev = (void *)buf;
7525 size_t ev_size;
7526
7527 /* Don't send events for a non-kernel initiated discovery. With
7528 * LE one exception is if we have pend_le_reports > 0 in which
7529 * case we're doing passive scanning and want these events.
7530 */
7531 if (!hci_discovery_active(hdev)) {
7532 if (link_type == ACL_LINK)
7533 return;
7534 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7535 return;
7536 }
7537
82f8b651 7538 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7539 /* We are using service discovery */
7540 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7541 scan_rsp_len))
7542 return;
7543 }
7544
7545 /* Make sure that the buffer is big enough. The 5 extra bytes
7546 * are for the potential CoD field.
7547 */
7548 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7549 return;
7550
48f86b7f
JP		 7551 memset(buf, 0, sizeof(buf));
7552
7553 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7554 * RSSI value was reported as 0 when not available. This behavior
7555 * is kept when using device discovery. This is required for full
7556 * backwards compatibility with the API.
7557 *
7558 * However when using service discovery, the value 127 will be
7559 * returned when the RSSI is not available.
7560 */
7561 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7562 link_type == ACL_LINK)
7563 rssi = 0;
7564
7565 bacpy(&ev->addr.bdaddr, bdaddr);
7566 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7567 ev->rssi = rssi;
7568 ev->flags = cpu_to_le32(flags);
7569
7570 if (eir_len > 0)
7571 /* Copy EIR or advertising data into event */
7572 memcpy(ev->eir, eir, eir_len);
7573
7574 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7575 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7576 dev_class, 3);
7577
7578 if (scan_rsp_len > 0)
7579 /* Append scan response data to event */
7580 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7581
5d2e9fad
JH		 7582 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7583 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7584
901801b9 7585 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7586}
a88a9652 7587
9cf12aee
MH		 7588void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7589 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7590{
b644ba33
JH		 7591 struct mgmt_ev_device_found *ev;
7592 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7593 u16 eir_len;
a88a9652 7594
b644ba33 7595 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7596
b644ba33
JH		 7597 memset(buf, 0, sizeof(buf));
7598
7599 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7600 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7601 ev->rssi = rssi;
7602
7603 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7604 name_len);
b644ba33 7605
eb55ef07 7606 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7607
9cf12aee 7608 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7609}
314b2381 7610
2f1e063b 7611void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7612{
f963e8e9 7613 struct mgmt_ev_discovering ev;
164a6e78 7614
343fb145
AG		 7615 BT_DBG("%s discovering %u", hdev->name, discovering);
7616
f963e8e9
JH		 7617 memset(&ev, 0, sizeof(ev));
7618 ev.type = hdev->discovery.type;
7619 ev.discovering = discovering;
7620
2f1e063b 7621 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7622}
5e762444 7623
1904a853 7624static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7625{
7626 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7627}
7628
7629void mgmt_reenable_advertising(struct hci_dev *hdev)
7630{
7631 struct hci_request req;
7632
d7a5a11d 7633 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
5976e608
MH		 7634 return;
7635
7636 hci_req_init(&req, hdev);
7637 enable_advertising(&req);
0ec5ae84 7638 hci_req_run(&req, adv_enable_complete);
5976e608 7639}
6d785aa3
JH		 7640
7641static struct hci_mgmt_chan chan = {
7642 .channel = HCI_CHANNEL_CONTROL,
7643 .handler_count = ARRAY_SIZE(mgmt_handlers),
7644 .handlers = mgmt_handlers,
7645};
7646
7647int mgmt_init(void)
7648{
7649 return hci_mgmt_chan_register(&chan);
7650}
7651
7652void mgmt_exit(void)
7653{
7654 hci_mgmt_chan_unregister(&chan);
7655}
Linux kernel - Deliverables
This page took 2.043658 seconds and 5 git commands to generate.