projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: dry update_scan_rsp_data()
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
beb1c21b 41#define MGMT_REVISION 9
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
e70bb2e8
JH		 105};
106
107static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
109 MGMT_EV_INDEX_ADDED,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
122 MGMT_EV_AUTH_FAILED,
123 MGMT_EV_DEVICE_FOUND,
124 MGMT_EV_DISCOVERING,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
92a25256 128 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 129 MGMT_EV_NEW_IRK,
7ee4ea36 130 MGMT_EV_NEW_CSRK,
8afef092
MH		 131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
ffb5a827 133 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 134 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 135 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 136 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 142};
143
99c679ac
MH		 144static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
146 MGMT_OP_READ_INFO,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
150};
151
152static const u16 mgmt_untrusted_events[] = {
153 MGMT_EV_INDEX_ADDED,
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
163};
164
17b02e62 165#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 166
d25b78e2
JH		 167#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
169
ca69b795
JH		 170/* HCI to MGMT error code conversion table */
171static u8 mgmt_status_table[] = {
172 MGMT_STATUS_SUCCESS,
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
233};
234
235static u8 mgmt_status(u8 hci_status)
236{
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
239
240 return MGMT_STATUS_FAILED;
241}
242
c08b1a1d
MH		 243static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
244 u16 len, int flag)
f9207338 245{
c08b1a1d
MH		 246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
247 flag, NULL);
f9207338
MH		 248}
249
72000df2
MH		 250static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, skip_sk);
255}
256
f6b7712e
MH		 257static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
262}
263
7a00ff44
JH		 264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 268 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 269}
270
04124681
GP		 271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
a38528f1
JH		 273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
dcf4adbf 279 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 280
2a1afb5a
JH		 281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
282 &rp, sizeof(rp));
a38528f1
JH		 283}
284
04124681
GP		 285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
e70bb2e8
JH		 287{
288 struct mgmt_rp_read_commands *rp;
99c679ac 289 u16 num_commands, num_events;
e70bb2e8
JH		 290 size_t rp_size;
291 int i, err;
292
293 BT_DBG("sock %p", sk);
294
99c679ac
MH		 295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
298 } else {
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
301 }
302
e70bb2e8
JH		 303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
304
305 rp = kmalloc(rp_size, GFP_KERNEL);
306 if (!rp)
307 return -ENOMEM;
308
dcf4adbf
JP		 309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 311
99c679ac
MH		 312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
314
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 317
99c679ac
MH		 318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
320 } else {
321 __le16 *opcode = rp->opcodes;
322
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
325
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
328 }
e70bb2e8 329
2a1afb5a
JH		 330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
331 rp, rp_size);
e70bb2e8
JH		 332 kfree(rp);
333
334 return err;
335}
336
04124681
GP		 337static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
338 u16 data_len)
faba42eb 339{
faba42eb 340 struct mgmt_rp_read_index_list *rp;
8035ded4 341 struct hci_dev *d;
a38528f1 342 size_t rp_len;
faba42eb 343 u16 count;
476e44cb 344 int err;
faba42eb
JH		 345
346 BT_DBG("sock %p", sk);
347
348 read_lock(&hci_dev_list_lock);
349
350 count = 0;
bb4b2a9a 351 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 352 if (d->dev_type == HCI_BREDR &&
d7a5a11d 353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 354 count++;
faba42eb
JH		 355 }
356
a38528f1
JH		 357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
359 if (!rp) {
b2c60d42 360 read_unlock(&hci_dev_list_lock);
faba42eb 361 return -ENOMEM;
b2c60d42 362 }
faba42eb 363
476e44cb 364 count = 0;
8035ded4 365 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 369 continue;
370
73d1df2a
MH		 371 /* Devices marked as raw-only are neither configured
372 * nor unconfigured controllers.
373 */
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 375 continue;
376
73d1df2a 377 if (d->dev_type == HCI_BREDR &&
d7a5a11d 378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
381 }
faba42eb
JH		 382 }
383
476e44cb
JH		 384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
386
faba42eb
JH		 387 read_unlock(&hci_dev_list_lock);
388
2a1afb5a
JH		 389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
390 0, rp, rp_len);
faba42eb 391
a38528f1
JH		 392 kfree(rp);
393
394 return err;
faba42eb
JH		 395}
396
73d1df2a
MH		 397static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
399{
400 struct mgmt_rp_read_unconf_index_list *rp;
401 struct hci_dev *d;
402 size_t rp_len;
403 u16 count;
404 int err;
405
406 BT_DBG("sock %p", sk);
407
408 read_lock(&hci_dev_list_lock);
409
410 count = 0;
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
d7a5a11d 413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 414 count++;
415 }
416
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
419 if (!rp) {
420 read_unlock(&hci_dev_list_lock);
421 return -ENOMEM;
422 }
423
424 count = 0;
425 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 429 continue;
430
431 /* Devices marked as raw-only are neither configured
432 * nor unconfigured controllers.
433 */
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
435 continue;
436
437 if (d->dev_type == HCI_BREDR &&
d7a5a11d 438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
441 }
442 }
443
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
446
447 read_unlock(&hci_dev_list_lock);
448
2a1afb5a
JH		 449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 451
452 kfree(rp);
453
454 return err;
455}
456
96f1474a
MH		 457static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
459{
460 struct mgmt_rp_read_ext_index_list *rp;
461 struct hci_dev *d;
462 size_t rp_len;
463 u16 count;
464 int err;
465
466 BT_DBG("sock %p", sk);
467
468 read_lock(&hci_dev_list_lock);
469
470 count = 0;
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
473 count++;
474 }
475
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
478 if (!rp) {
479 read_unlock(&hci_dev_list_lock);
480 return -ENOMEM;
481 }
482
483 count = 0;
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
488 continue;
489
490 /* Devices marked as raw-only are neither configured
491 * nor unconfigured controllers.
492 */
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
494 continue;
495
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
499 else
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
503 } else {
504 continue;
505 }
506
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
510 }
511
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
514
515 read_unlock(&hci_dev_list_lock);
516
517 /* If this command is called at least once, then all the
518 * default index and unconfigured index events are disabled
519 * and from now on only extended index events are used.
520 */
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
524
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
527
528 kfree(rp);
529
530 return err;
531}
532
dbece37a
MH		 533static bool is_configured(struct hci_dev *hdev)
534{
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 537 return false;
538
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
541 return false;
542
543 return true;
544}
545
89bc22d2
MH		 546static __le32 get_missing_options(struct hci_dev *hdev)
547{
548 u32 options = 0;
549
dbece37a 550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
553
89bc22d2
MH		 554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
557
558 return cpu_to_le32(options);
559}
560
f4537c04
MH		 561static int new_options(struct hci_dev *hdev, struct sock *skip)
562{
563 __le32 options = get_missing_options(hdev);
564
f6b7712e
MH		 565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
f4537c04
MH		 567}
568
dbece37a
MH		 569static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
570{
571 __le32 options = get_missing_options(hdev);
572
2a1afb5a
JH		 573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
574 sizeof(options));
dbece37a
MH		 575}
576
9fc3bfb6
MH		 577static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
579{
580 struct mgmt_rp_read_config_info rp;
89bc22d2 581 u32 options = 0;
9fc3bfb6
MH		 582
583 BT_DBG("sock %p %s", sk, hdev->name);
584
585 hci_dev_lock(hdev);
586
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 589
eb1904f4
MH		 590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
592
9fc3bfb6 593 if (hdev->set_bdaddr)
89bc22d2
MH		 594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
595
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 598
599 hci_dev_unlock(hdev);
600
2a1afb5a
JH		 601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
602 &rp, sizeof(rp));
9fc3bfb6
MH		 603}
604
69ab39ea
JH		 605static u32 get_supported_settings(struct hci_dev *hdev)
606{
607 u32 settings = 0;
608
609 settings |= MGMT_SETTING_POWERED;
b2939475 610 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 611 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 614
ed3fa31f 615 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 620
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
624 }
e98d2ce2 625
05b3c3e7 626 if (lmp_sc_capable(hdev))
e98d2ce2 627 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 628 }
d7b7e796 629
eeca6f89 630 if (lmp_le_capable(hdev)) {
9d42820f 631 settings |= MGMT_SETTING_LE;
eeca6f89 632 settings |= MGMT_SETTING_ADVERTISING;
a3209694 633 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 634 settings |= MGMT_SETTING_PRIVACY;
93690c22 635 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 636 }
69ab39ea 637
eb1904f4
MH		 638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
639 hdev->set_bdaddr)
9fc3bfb6
MH		 640 settings |= MGMT_SETTING_CONFIGURATION;
641
69ab39ea
JH		 642 return settings;
643}
644
645static u32 get_current_settings(struct hci_dev *hdev)
646{
647 u32 settings = 0;
648
f1f0eb02 649 if (hdev_is_powered(hdev))
f0d4b78a
MH		 650 settings |= MGMT_SETTING_POWERED;
651
d7a5a11d 652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 653 settings |= MGMT_SETTING_CONNECTABLE;
654
d7a5a11d 655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
657
d7a5a11d 658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 659 settings |= MGMT_SETTING_DISCOVERABLE;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 662 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 665 settings |= MGMT_SETTING_BREDR;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 668 settings |= MGMT_SETTING_LE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 671 settings |= MGMT_SETTING_LINK_SECURITY;
672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_SSP;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 677 settings |= MGMT_SETTING_HS;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 680 settings |= MGMT_SETTING_ADVERTISING;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 683 settings |= MGMT_SETTING_SECURE_CONN;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 686 settings |= MGMT_SETTING_DEBUG_KEYS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 689 settings |= MGMT_SETTING_PRIVACY;
690
93690c22
MH		 691 /* The current setting for static address has two purposes. The
692 * first is to indicate if the static address will be used and
693 * the second is to indicate if it is actually set.
694 *
695 * This means if the static address is not configured, this flag
08dc0e98 696 * will never be set. If the address is configured, then if the
93690c22
MH		 697 * address is actually used decides if the flag is set or not.
698 *
699 * For single mode LE only controllers and dual-mode controllers
700 * with BR/EDR disabled, the existence of the static address will
701 * be evaluated.
702 */
b7cb93e5 703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
708 }
709
69ab39ea
JH		 710 return settings;
711}
712
ef580372
JH		 713#define PNP_INFO_SVCLASS_ID 0x1200
714
213202ed
JH		 715static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
716{
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
719
720 if (len < 4)
721 return ptr;
722
723 list_for_each_entry(uuid, &hdev->uuids, list) {
724 u16 uuid16;
725
726 if (uuid->size != 16)
727 continue;
728
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
730 if (uuid16 < 0x1100)
731 continue;
732
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
734 continue;
735
736 if (!uuids_start) {
737 uuids_start = ptr;
738 uuids_start[0] = 1;
739 uuids_start[1] = EIR_UUID16_ALL;
740 ptr += 2;
741 }
742
743 /* Stop if not enough space to put next UUID */
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
746 break;
747 }
748
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
752 }
753
754 return ptr;
755}
756
cdf1963f
JH		 757static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
758{
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
761
762 if (len < 6)
763 return ptr;
764
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
767 continue;
768
769 if (!uuids_start) {
770 uuids_start = ptr;
771 uuids_start[0] = 1;
772 uuids_start[1] = EIR_UUID32_ALL;
773 ptr += 2;
774 }
775
776 /* Stop if not enough space to put next UUID */
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
779 break;
780 }
781
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
783 ptr += sizeof(u32);
784 uuids_start[0] += sizeof(u32);
785 }
786
787 return ptr;
788}
789
c00d575b
JH		 790static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
791{
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
794
795 if (len < 18)
796 return ptr;
797
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
800 continue;
801
802 if (!uuids_start) {
803 uuids_start = ptr;
804 uuids_start[0] = 1;
805 uuids_start[1] = EIR_UUID128_ALL;
806 ptr += 2;
807 }
808
809 /* Stop if not enough space to put next UUID */
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
812 break;
813 }
814
815 memcpy(ptr, uuid->uuid, 16);
816 ptr += 16;
817 uuids_start[0] += 16;
818 }
819
820 return ptr;
821}
822
333ae95d
JH		 823static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
824{
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
826}
827
333ae95d
JH		 828static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
830 const void *data)
831{
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
833}
834
91aa9bb2
FG		 835static u8 get_current_adv_instance(struct hci_dev *hdev)
836{
837 /* The "Set Advertising" setting supersedes the "Add Advertising"
838 * setting. Here we set the advertising data based on which
839 * setting was set. When neither apply, default to the global settings,
840 * represented by instance "0".
841 */
842 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
843 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
844 return 0x01;
845
846 return 0x00;
847}
848
4117ed70 849static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
f14d8f64 850{
7a5f4990
MH		 851 u8 ad_len = 0;
852 size_t name_len;
853
854 name_len = strlen(hdev->dev_name);
855 if (name_len > 0) {
856 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
857
858 if (name_len > max_len) {
859 name_len = max_len;
860 ptr[1] = EIR_NAME_SHORT;
861 } else
862 ptr[1] = EIR_NAME_COMPLETE;
863
864 ptr[0] = name_len + 1;
865
866 memcpy(ptr + 2, hdev->dev_name, name_len);
867
868 ad_len += (name_len + 2);
869 ptr += (name_len + 2);
870 }
871
872 return ad_len;
f14d8f64
MH		 873}
874
4117ed70
AU		 875static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
876{
877 /* TODO: Set the appropriate entries based on advertising instance flags
878 * here once flags other than 0 are supported.
879 */
880 memcpy(ptr, hdev->adv_instance.scan_rsp_data,
881 hdev->adv_instance.scan_rsp_len);
882
883 return hdev->adv_instance.scan_rsp_len;
884}
885
886static void update_scan_rsp_data_for_instance(struct hci_request *req,
887 u8 instance)
f14d8f64
MH		 888{
889 struct hci_dev *hdev = req->hdev;
890 struct hci_cp_le_set_scan_rsp_data cp;
891 u8 len;
892
d7a5a11d 893 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 894 return;
895
896 memset(&cp, 0, sizeof(cp));
897
4117ed70
AU		 898 if (instance)
899 len = create_instance_scan_rsp_data(hdev, cp.data);
900 else
901 len = create_default_scan_rsp_data(hdev, cp.data);
f14d8f64 902
eb438b5f 903 if (hdev->scan_rsp_data_len == len &&
4117ed70 904 !memcmp(cp.data, hdev->scan_rsp_data, len))
f14d8f64
MH		 905 return;
906
eb438b5f
JH		 907 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
908 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 909
910 cp.length = len;
911
912 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
913}
914
4117ed70
AU		 915static void update_scan_rsp_data(struct hci_request *req)
916{
91aa9bb2
FG		 917 update_scan_rsp_data_for_instance(req,
918 get_current_adv_instance(req->hdev));
4117ed70
AU		 919}
920
9a43e25f
JH		 921static u8 get_adv_discov_flags(struct hci_dev *hdev)
922{
3b0602cd 923 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 924
925 /* If there's a pending mgmt command the flags will not yet have
926 * their final values, so check for this first.
927 */
333ae95d 928 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 929 if (cmd) {
930 struct mgmt_mode *cp = cmd->param;
931 if (cp->val == 0x01)
932 return LE_AD_GENERAL;
933 else if (cp->val == 0x02)
934 return LE_AD_LIMITED;
935 } else {
d7a5a11d 936 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 937 return LE_AD_LIMITED;
d7a5a11d 938 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 939 return LE_AD_GENERAL;
940 }
941
942 return 0;
943}
944
fdf51784
AU		 945static bool get_connectable(struct hci_dev *hdev)
946{
947 struct mgmt_pending_cmd *cmd;
441ad2d0 948
fdf51784
AU		 949 /* If there's a pending mgmt command the flag will not yet have
950 * it's final value, so check for this first.
951 */
952 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
953 if (cmd) {
954 struct mgmt_mode *cp = cmd->param;
441ad2d0 955
fdf51784 956 return cp->val;
441ad2d0
MH		 957 }
958
fdf51784
AU		 959 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
960}
441ad2d0 961
fdf51784
AU		 962static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
963{
964 u32 flags;
441ad2d0 965
fdf51784
AU		 966 if (instance > 0x01)
967 return 0;
968
969 if (instance == 0x01)
970 return hdev->adv_instance.flags;
971
972 /* Instance 0 always manages the "Tx Power" and "Flags" fields */
973 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
974
faccb950
AU		 975 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting corresponds
976 * to the "connectable" instance flag.
977 */
978 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
fdf51784
AU		 979 flags |= MGMT_ADV_FLAG_CONNECTABLE;
980
981 return flags;
441ad2d0
MH		 982}
983
c7d4883b
AU		 984static u8 get_adv_instance_scan_rsp_len(struct hci_dev *hdev, u8 instance)
985{
986 /* Ignore instance 0 and other unsupported instances */
987 if (instance != 0x01)
988 return 0;
989
990 /* TODO: Take into account the "appearance" and "local-name" flags here.
991 * These are currently being ignored as they are not supported.
992 */
993 return hdev->adv_instance.scan_rsp_len;
994}
995
fdf51784 996static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
24b4f38f 997{
b44133ff 998 u8 ad_len = 0, flags = 0;
fdf51784 999 u32 instance_flags = get_adv_instance_flags(hdev, instance);
b44133ff 1000
807ec772
AU		 1001 /* The Add Advertising command allows userspace to set both the general
1002 * and limited discoverable flags.
1003 */
fdf51784 1004 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
b44133ff
AU		 1005 flags |= LE_AD_GENERAL;
1006
fdf51784 1007 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
807ec772
AU		 1008 flags |= LE_AD_LIMITED;
1009
fdf51784 1010 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
67e0c0cd
AU		 1011 /* If a discovery flag wasn't provided, simply use the global
1012 * settings.
1013 */
1014 if (!flags)
1015 flags |= get_adv_discov_flags(hdev);
1016
b44133ff
AU		 1017 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1018 flags |= LE_AD_NO_BREDR;
1019
fdf51784
AU		 1020 /* If flags would still be empty, then there is no need to
1021 * include the "Flags" AD field".
1022 */
1023 if (flags) {
1024 ptr[0] = 0x02;
1025 ptr[1] = EIR_FLAGS;
1026 ptr[2] = flags;
b44133ff 1027
fdf51784
AU		 1028 ad_len += 3;
1029 ptr += 3;
1030 }
b44133ff
AU		 1031 }
1032
38c8af60
MH		 1033 if (instance) {
1034 memcpy(ptr, hdev->adv_instance.adv_data,
1035 hdev->adv_instance.adv_data_len);
1036
1037 ad_len += hdev->adv_instance.adv_data_len;
1038 ptr += hdev->adv_instance.adv_data_len;
1039 }
1040
fdf51784 1041 /* Provide Tx Power only if we can provide a valid value for it */
5507e358 1042 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
fdf51784 1043 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
5507e358
AU		 1044 ptr[0] = 0x02;
1045 ptr[1] = EIR_TX_POWER;
1046 ptr[2] = (u8)hdev->adv_tx_power;
1047
1048 ad_len += 3;
1049 ptr += 3;
1050 }
1051
b44133ff 1052 return ad_len;
24b4f38f
AU		 1053}
1054
1055static void update_adv_data_for_instance(struct hci_request *req, u8 instance)
441ad2d0
MH		 1056{
1057 struct hci_dev *hdev = req->hdev;
1058 struct hci_cp_le_set_adv_data cp;
1059 u8 len;
1060
d7a5a11d 1061 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1062 return;
1063
1064 memset(&cp, 0, sizeof(cp));
1065
fdf51784 1066 len = create_instance_adv_data(hdev, instance, cp.data);
441ad2d0 1067
24b4f38f 1068 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 1069 if (hdev->adv_data_len == len &&
1070 memcmp(cp.data, hdev->adv_data, len) == 0)
1071 return;
1072
1073 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1074 hdev->adv_data_len = len;
1075
1076 cp.length = len;
1077
1078 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1079}
1080
e7a685d3
AU		 1081static void update_adv_data(struct hci_request *req)
1082{
91aa9bb2 1083 update_adv_data_for_instance(req, get_current_adv_instance(req->hdev));
24b4f38f
AU		 1084}
1085
bc6d2d04
JH		 1086int mgmt_update_adv_data(struct hci_dev *hdev)
1087{
1088 struct hci_request req;
1089
1090 hci_req_init(&req, hdev);
1091 update_adv_data(&req);
1092
1093 return hci_req_run(&req, NULL);
1094}
1095
ef580372
JH		 1096static void create_eir(struct hci_dev *hdev, u8 *data)
1097{
1098 u8 *ptr = data;
ef580372
JH		 1099 size_t name_len;
1100
1101 name_len = strlen(hdev->dev_name);
1102
1103 if (name_len > 0) {
1104 /* EIR Data type */
1105 if (name_len > 48) {
1106 name_len = 48;
1107 ptr[1] = EIR_NAME_SHORT;
1108 } else
1109 ptr[1] = EIR_NAME_COMPLETE;
1110
1111 /* EIR Data length */
1112 ptr[0] = name_len + 1;
1113
1114 memcpy(ptr + 2, hdev->dev_name, name_len);
1115
ef580372
JH		 1116 ptr += (name_len + 2);
1117 }
1118
bbaf444a 1119 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1120 ptr[0] = 2;
1121 ptr[1] = EIR_TX_POWER;
1122 ptr[2] = (u8) hdev->inq_tx_power;
1123
91c4e9b1
MH		 1124 ptr += 3;
1125 }
1126
2b9be137
MH		 1127 if (hdev->devid_source > 0) {
1128 ptr[0] = 9;
1129 ptr[1] = EIR_DEVICE_ID;
1130
1131 put_unaligned_le16(hdev->devid_source, ptr + 2);
1132 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1133 put_unaligned_le16(hdev->devid_product, ptr + 6);
1134 put_unaligned_le16(hdev->devid_version, ptr + 8);
1135
2b9be137
MH		 1136 ptr += 10;
1137 }
1138
213202ed 1139 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1140 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1141 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1142}
1143
890ea898 1144static void update_eir(struct hci_request *req)
ef580372 1145{
890ea898 1146 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1147 struct hci_cp_write_eir cp;
1148
504c8dcd 1149 if (!hdev_is_powered(hdev))
890ea898 1150 return;
7770c4aa 1151
976eb20e 1152 if (!lmp_ext_inq_capable(hdev))
890ea898 1153 return;
ef580372 1154
d7a5a11d 1155 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1156 return;
ef580372 1157
d7a5a11d 1158 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1159 return;
ef580372
JH		 1160
1161 memset(&cp, 0, sizeof(cp));
1162
1163 create_eir(hdev, cp.data);
1164
1165 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1166 return;
ef580372
JH		 1167
1168 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1169
890ea898 1170 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1171}
1172
1173static u8 get_service_classes(struct hci_dev *hdev)
1174{
1175 struct bt_uuid *uuid;
1176 u8 val = 0;
1177
1178 list_for_each_entry(uuid, &hdev->uuids, list)
1179 val |= uuid->svc_hint;
1180
1181 return val;
1182}
1183
890ea898 1184static void update_class(struct hci_request *req)
ef580372 1185{
890ea898 1186 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1187 u8 cod[3];
1188
1189 BT_DBG("%s", hdev->name);
1190
504c8dcd 1191 if (!hdev_is_powered(hdev))
890ea898 1192 return;
7770c4aa 1193
d7a5a11d 1194 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1195 return;
1196
d7a5a11d 1197 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1198 return;
ef580372
JH		 1199
1200 cod[0] = hdev->minor_class;
1201 cod[1] = hdev->major_class;
1202 cod[2] = get_service_classes(hdev);
1203
d7a5a11d 1204 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1205 cod[1] |= 0x20;
1206
ef580372 1207 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1208 return;
ef580372 1209
890ea898 1210 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1211}
1212
0ec5ae84
JH		 1213static void disable_advertising(struct hci_request *req)
1214{
1215 u8 enable = 0x00;
1216
1217 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1218}
1219
199a2fb1
JH		 1220static void enable_advertising(struct hci_request *req)
1221{
1222 struct hci_dev *hdev = req->hdev;
1223 struct hci_cp_le_set_adv_param cp;
8f2a0601 1224 u8 own_addr_type, enable = 0x01;
a4858cb9 1225 bool connectable;
e7a685d3
AU		 1226 u8 instance;
1227 u32 flags;
199a2fb1 1228
0ec5ae84
JH		 1229 if (hci_conn_num(hdev, LE_LINK) > 0)
1230 return;
1231
d7a5a11d 1232 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1233 disable_advertising(req);
1234
5ce194c4 1235 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1236 * hci_update_random_address knows that it's safe to go ahead
1237 * and write a new random address. The flag will be set back on
1238 * as soon as the SET_ADV_ENABLE HCI command completes.
1239 */
a358dc11 1240 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1241
e7a685d3
AU		 1242 instance = get_current_adv_instance(hdev);
1243 flags = get_adv_instance_flags(hdev, instance);
faccb950
AU		 1244
1245 /* If the "connectable" instance flag was not set, then choose between
1246 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1247 */
1248 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1249 get_connectable(hdev);
8f2a0601 1250
a4858cb9
JH		 1251 /* Set require_privacy to true only when non-connectable
1252 * advertising is used. In that case it is fine to use a
1253 * non-resolvable private address.
1254 */
1255 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1256 return;
1257
41c90c18 1258 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1259 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1260 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
c7d4883b
AU		 1261
1262 if (connectable)
1263 cp.type = LE_ADV_IND;
1264 else if (get_adv_instance_scan_rsp_len(hdev, instance))
1265 cp.type = LE_ADV_SCAN_IND;
1266 else
1267 cp.type = LE_ADV_NONCONN_IND;
1268
8f2a0601 1269 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1270 cp.channel_map = hdev->le_adv_channel_map;
1271
1272 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1273
1274 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1275}
1276
7d78525d
JH		 1277static void service_cache_off(struct work_struct *work)
1278{
1279 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1280 service_cache.work);
890ea898 1281 struct hci_request req;
7d78525d 1282
a69d8927 1283 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1284 return;
1285
890ea898
JH		 1286 hci_req_init(&req, hdev);
1287
7d78525d
JH		 1288 hci_dev_lock(hdev);
1289
890ea898
JH		 1290 update_eir(&req);
1291 update_class(&req);
7d78525d
JH		 1292
1293 hci_dev_unlock(hdev);
890ea898
JH		 1294
1295 hci_req_run(&req, NULL);
7d78525d
JH		 1296}
1297
d6bfd59c
JH		 1298static void rpa_expired(struct work_struct *work)
1299{
1300 struct hci_dev *hdev = container_of(work, struct hci_dev,
1301 rpa_expired.work);
1302 struct hci_request req;
1303
1304 BT_DBG("");
1305
a1536da2 1306 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1307
d7a5a11d 1308 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1309 return;
1310
1311 /* The generation of a new RPA and programming it into the
1312 * controller happens in the enable_advertising() function.
1313 */
d6bfd59c 1314 hci_req_init(&req, hdev);
d6bfd59c 1315 enable_advertising(&req);
d6bfd59c
JH		 1316 hci_req_run(&req, NULL);
1317}
1318
6a919082 1319static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1320{
238be788 1321 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1322 return;
1323
4f87da80 1324 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1325 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1326
4f87da80
JH		 1327 /* Non-mgmt controlled devices get this bit set
1328 * implicitly so that pairing works for them, however
1329 * for mgmt we require user-space to explicitly enable
1330 * it
1331 */
a358dc11 1332 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1333}
1334
0f4e68cf 1335static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1336 void *data, u16 data_len)
0381101f 1337{
a38528f1 1338 struct mgmt_rp_read_info rp;
f7b64e69 1339
bdb6d971 1340 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1341
09fd0de5 1342 hci_dev_lock(hdev);
f7b64e69 1343
dc4fe30b
JH		 1344 memset(&rp, 0, sizeof(rp));
1345
69ab39ea 1346 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1347
69ab39ea 1348 rp.version = hdev->hci_ver;
eb55ef07 1349 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1350
1351 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1352 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1353
a38528f1 1354 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1355
dc4fe30b 1356 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1357 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1358
09fd0de5 1359 hci_dev_unlock(hdev);
0381101f 1360
2a1afb5a
JH		 1361 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1362 sizeof(rp));
0381101f
JH		 1363}
1364
69ab39ea 1365static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1366{
69ab39ea 1367 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1368
2a1afb5a
JH		 1369 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1370 sizeof(settings));
8680570b
JH		 1371}
1372
1904a853 1373static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1374{
1375 BT_DBG("%s status 0x%02x", hdev->name, status);
1376
a3172b7e
JH		 1377 if (hci_conn_count(hdev) == 0) {
1378 cancel_delayed_work(&hdev->power_off);
8b064a3a 1379 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1380 }
8b064a3a
JH		 1381}
1382
23a48093 1383static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1384{
1385 struct hci_dev *hdev = req->hdev;
1386 struct hci_cp_remote_name_req_cancel cp;
1387 struct inquiry_entry *e;
1388
1389 switch (hdev->discovery.state) {
1390 case DISCOVERY_FINDING:
07d2334a 1391 if (test_bit(HCI_INQUIRY, &hdev->flags))
21a60d30 1392 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
07d2334a
JP		 1393
1394 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30
JH		 1395 cancel_delayed_work(&hdev->le_scan_disable);
1396 hci_req_add_le_scan_disable(req);
1397 }
1398
23a48093 1399 return true;
21a60d30
JH		 1400
1401 case DISCOVERY_RESOLVING:
1402 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1403 NAME_PENDING);
1404 if (!e)
23a48093 1405 break;
21a60d30
JH		 1406
1407 bacpy(&cp.bdaddr, &e->data.bdaddr);
1408 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1409 &cp);
1410
23a48093 1411 return true;
21a60d30
JH		 1412
1413 default:
1414 /* Passive scanning */
d7a5a11d 1415 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1416 hci_req_add_le_scan_disable(req);
23a48093
JH		 1417 return true;
1418 }
1419
21a60d30
JH		 1420 break;
1421 }
23a48093
JH		 1422
1423 return false;
21a60d30
JH		 1424}
1425
912098a6
AU		 1426static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1427 u8 instance)
1428{
1429 struct mgmt_ev_advertising_added ev;
1430
1431 ev.instance = instance;
1432
1433 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1434}
1435
1436static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1437 u8 instance)
1438{
1439 struct mgmt_ev_advertising_removed ev;
1440
1441 ev.instance = instance;
1442
1443 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1444}
1445
1446static void clear_adv_instance(struct hci_dev *hdev)
1447{
1448 struct hci_request req;
1449
1450 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1451 return;
1452
5d900e46
FG		 1453 if (hdev->adv_instance_timeout)
1454 cancel_delayed_work(&hdev->adv_instance_expire);
912098a6
AU		 1455
1456 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
1457 advertising_removed(NULL, hdev, 1);
1458 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1459
1460 if (!hdev_is_powered(hdev) ||
1461 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1462 return;
1463
1464 hci_req_init(&req, hdev);
1465 disable_advertising(&req);
1466 hci_req_run(&req, NULL);
1467}
1468
8b064a3a
JH		 1469static int clean_up_hci_state(struct hci_dev *hdev)
1470{
1471 struct hci_request req;
1472 struct hci_conn *conn;
23a48093
JH		 1473 bool discov_stopped;
1474 int err;
8b064a3a
JH		 1475
1476 hci_req_init(&req, hdev);
1477
1478 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1479 test_bit(HCI_PSCAN, &hdev->flags)) {
1480 u8 scan = 0x00;
1481 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1482 }
1483
5d900e46 1484 if (hdev->adv_instance_timeout)
912098a6
AU		 1485 clear_adv_instance(hdev);
1486
d7a5a11d 1487 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1488 disable_advertising(&req);
1489
23a48093 1490 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1491
1492 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1493 struct hci_cp_disconnect dc;
c9910d0f
JH		 1494 struct hci_cp_reject_conn_req rej;
1495
1496 switch (conn->state) {
1497 case BT_CONNECTED:
1498 case BT_CONFIG:
1499 dc.handle = cpu_to_le16(conn->handle);
1500 dc.reason = 0x15; /* Terminated due to Power Off */
1501 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1502 break;
1503 case BT_CONNECT:
1504 if (conn->type == LE_LINK)
1505 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1506 0, NULL);
1507 else if (conn->type == ACL_LINK)
1508 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1509 6, &conn->dst);
1510 break;
1511 case BT_CONNECT2:
1512 bacpy(&rej.bdaddr, &conn->dst);
1513 rej.reason = 0x15; /* Terminated due to Power Off */
1514 if (conn->type == ACL_LINK)
1515 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1516 sizeof(rej), &rej);
1517 else if (conn->type == SCO_LINK)
1518 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1519 sizeof(rej), &rej);
1520 break;
1521 }
8b064a3a
JH		 1522 }
1523
23a48093
JH		 1524 err = hci_req_run(&req, clean_up_hci_complete);
1525 if (!err && discov_stopped)
1526 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1527
1528 return err;
8b064a3a
JH		 1529}
1530
bdb6d971 1531static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1532 u16 len)
eec8d2bc 1533{
650f726d 1534 struct mgmt_mode *cp = data;
3b0602cd 1535 struct mgmt_pending_cmd *cmd;
4b34ee78 1536 int err;
eec8d2bc 1537
bdb6d971 1538 BT_DBG("request for %s", hdev->name);
eec8d2bc 1539
a7e80f25 1540 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1541 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1542 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1543
09fd0de5 1544 hci_dev_lock(hdev);
eec8d2bc 1545
333ae95d 1546 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1548 MGMT_STATUS_BUSY);
87b95ba6
JH		 1549 goto failed;
1550 }
1551
a69d8927 1552 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1553 cancel_delayed_work(&hdev->power_off);
1554
1555 if (cp->val) {
a1d70450
JH		 1556 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1557 data, len);
1558 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1559 goto failed;
1560 }
1561 }
1562
4b34ee78 1563 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1564 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1565 goto failed;
1566 }
1567
2e58ef3e 1568 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1569 if (!cmd) {
1570 err = -ENOMEM;
eec8d2bc 1571 goto failed;
366a0336 1572 }
eec8d2bc 1573
8b064a3a 1574 if (cp->val) {
19202573 1575 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1576 err = 0;
1577 } else {
1578 /* Disconnect connections, stop scans, etc */
1579 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1580 if (!err)
1581 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1582 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1583
8b064a3a
JH		 1584 /* ENODATA means there were no HCI commands queued */
1585 if (err == -ENODATA) {
a3172b7e 1586 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1587 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1588 err = 0;
1589 }
1590 }
eec8d2bc
JH		 1591
1592failed:
09fd0de5 1593 hci_dev_unlock(hdev);
366a0336 1594 return err;
eec8d2bc
JH		 1595}
1596
beadb2bd
JH		 1597static int new_settings(struct hci_dev *hdev, struct sock *skip)
1598{
f6b7712e 1599 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1600
f6b7712e
MH		 1601 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1602 sizeof(ev), skip);
beadb2bd
JH		 1603}
1604
91a668b0
JH		 1605int mgmt_new_settings(struct hci_dev *hdev)
1606{
1607 return new_settings(hdev, NULL);
1608}
1609
bd99abdd
JH		 1610struct cmd_lookup {
1611 struct sock *sk;
1612 struct hci_dev *hdev;
1613 u8 mgmt_status;
1614};
1615
3b0602cd 1616static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1617{
1618 struct cmd_lookup *match = data;
1619
1620 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1621
1622 list_del(&cmd->list);
1623
1624 if (match->sk == NULL) {
1625 match->sk = cmd->sk;
1626 sock_hold(match->sk);
1627 }
1628
1629 mgmt_pending_free(cmd);
1630}
1631
3b0602cd 1632static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1633{
1634 u8 *status = data;
1635
a69e8375 1636 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1637 mgmt_pending_remove(cmd);
1638}
1639
3b0602cd 1640static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1641{
1642 if (cmd->cmd_complete) {
1643 u8 *status = data;
1644
1645 cmd->cmd_complete(cmd, *status);
1646 mgmt_pending_remove(cmd);
1647
1648 return;
1649 }
1650
1651 cmd_status_rsp(cmd, data);
1652}
1653
3b0602cd 1654static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1655{
2a1afb5a
JH		 1656 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1657 cmd->param, cmd->param_len);
f5818c22
JH		 1658}
1659
3b0602cd 1660static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1661{
2a1afb5a
JH		 1662 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1663 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1664}
1665
e6fe7986
JH		 1666static u8 mgmt_bredr_support(struct hci_dev *hdev)
1667{
1668 if (!lmp_bredr_capable(hdev))
1669 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1670 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1671 return MGMT_STATUS_REJECTED;
1672 else
1673 return MGMT_STATUS_SUCCESS;
1674}
1675
1676static u8 mgmt_le_support(struct hci_dev *hdev)
1677{
1678 if (!lmp_le_capable(hdev))
1679 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1680 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1681 return MGMT_STATUS_REJECTED;
1682 else
1683 return MGMT_STATUS_SUCCESS;
1684}
1685
1904a853
MH		 1686static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1687 u16 opcode)
bfaf8c9f 1688{
3b0602cd 1689 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1690 struct mgmt_mode *cp;
970ba524 1691 struct hci_request req;
bfaf8c9f
JH		 1692 bool changed;
1693
1694 BT_DBG("status 0x%02x", status);
1695
1696 hci_dev_lock(hdev);
1697
333ae95d 1698 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1699 if (!cmd)
1700 goto unlock;
1701
1702 if (status) {
1703 u8 mgmt_err = mgmt_status(status);
a69e8375 1704 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1705 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1706 goto remove_cmd;
1707 }
1708
1709 cp = cmd->param;
d4462a07 1710 if (cp->val) {
238be788 1711 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1712
1713 if (hdev->discov_timeout > 0) {
1714 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1715 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1716 to);
1717 }
1718 } else {
a69d8927 1719 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1720 }
bfaf8c9f
JH		 1721
1722 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1723
1724 if (changed)
1725 new_settings(hdev, cmd->sk);
1726
970ba524
MH		 1727 /* When the discoverable mode gets changed, make sure
1728 * that class of device has the limited discoverable
432df05e
JH		 1729 * bit correctly set. Also update page scan based on whitelist
1730 * entries.
970ba524
MH		 1731 */
1732 hci_req_init(&req, hdev);
1d2dc5b7 1733 __hci_update_page_scan(&req);
970ba524
MH		 1734 update_class(&req);
1735 hci_req_run(&req, NULL);
1736
bfaf8c9f
JH		 1737remove_cmd:
1738 mgmt_pending_remove(cmd);
1739
1740unlock:
1741 hci_dev_unlock(hdev);
1742}
1743
bdb6d971 1744static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1745 u16 len)
73f22f62 1746{
650f726d 1747 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1748 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1749 struct hci_request req;
5e5282bb 1750 u16 timeout;
9a43e25f 1751 u8 scan;
73f22f62
JH		 1752 int err;
1753
bdb6d971 1754 BT_DBG("request for %s", hdev->name);
73f22f62 1755
d7a5a11d
MH		 1756 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1757 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1758 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1759 MGMT_STATUS_REJECTED);
33c525c0 1760
310a3d48 1761 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1762 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1763 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1764
1f350c87 1765 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1766
1767 /* Disabling discoverable requires that no timeout is set,
1768 * and enabling limited discoverable requires a timeout.
1769 */
1770 if ((cp->val == 0x00 && timeout > 0) ||
1771 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1772 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1773 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1774
09fd0de5 1775 hci_dev_lock(hdev);
73f22f62 1776
5e5282bb 1777 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1778 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1779 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1780 goto failed;
1781 }
1782
333ae95d
JH		 1783 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1784 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1785 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1786 MGMT_STATUS_BUSY);
73f22f62
JH		 1787 goto failed;
1788 }
1789
d7a5a11d 1790 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1791 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1792 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1793 goto failed;
1794 }
1795
1796 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1797 bool changed = false;
1798
310a3d48
MH		 1799 /* Setting limited discoverable when powered off is
1800 * not a valid operation since it requires a timeout
1801 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1802 */
d7a5a11d 1803 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1804 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1805 changed = true;
1806 }
1807
5e5282bb 1808 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1809 if (err < 0)
1810 goto failed;
1811
1812 if (changed)
1813 err = new_settings(hdev, sk);
1814
5e5282bb
JH		 1815 goto failed;
1816 }
1817
310a3d48
MH		 1818 /* If the current mode is the same, then just update the timeout
1819 * value with the new value. And if only the timeout gets updated,
1820 * then no need for any HCI transactions.
1821 */
d7a5a11d
MH		 1822 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1823 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1824 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1825 cancel_delayed_work(&hdev->discov_off);
1826 hdev->discov_timeout = timeout;
955638ec 1827
36261547
MH		 1828 if (cp->val && hdev->discov_timeout > 0) {
1829 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1830 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1831 to);
955638ec
MH		 1832 }
1833
69ab39ea 1834 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1835 goto failed;
1836 }
1837
2e58ef3e 1838 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1839 if (!cmd) {
1840 err = -ENOMEM;
73f22f62 1841 goto failed;
366a0336 1842 }
73f22f62 1843
310a3d48
MH		 1844 /* Cancel any potential discoverable timeout that might be
1845 * still active and store new timeout value. The arming of
1846 * the timeout happens in the complete handler.
1847 */
1848 cancel_delayed_work(&hdev->discov_off);
1849 hdev->discov_timeout = timeout;
1850
b456f87c
JH		 1851 /* Limited discoverable mode */
1852 if (cp->val == 0x02)
a1536da2 1853 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1854 else
a358dc11 1855 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1856
bfaf8c9f
JH		 1857 hci_req_init(&req, hdev);
1858
9a43e25f
JH		 1859 /* The procedure for LE-only controllers is much simpler - just
1860 * update the advertising data.
1861 */
d7a5a11d 1862 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1863 goto update_ad;
1864
73f22f62
JH		 1865 scan = SCAN_PAGE;
1866
310a3d48
MH		 1867 if (cp->val) {
1868 struct hci_cp_write_current_iac_lap hci_cp;
1869
1870 if (cp->val == 0x02) {
1871 /* Limited discoverable mode */
33337dcb 1872 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1873 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1874 hci_cp.iac_lap[1] = 0x8b;
1875 hci_cp.iac_lap[2] = 0x9e;
1876 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1877 hci_cp.iac_lap[4] = 0x8b;
1878 hci_cp.iac_lap[5] = 0x9e;
1879 } else {
1880 /* General discoverable mode */
310a3d48
MH		 1881 hci_cp.num_iac = 1;
1882 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1883 hci_cp.iac_lap[1] = 0x8b;
1884 hci_cp.iac_lap[2] = 0x9e;
1885 }
1886
1887 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1888 (hci_cp.num_iac * 3) + 1, &hci_cp);
1889
73f22f62 1890 scan |= SCAN_INQUIRY;
310a3d48 1891 } else {
a358dc11 1892 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1893 }
73f22f62 1894
310a3d48 1895 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1896
9a43e25f
JH		 1897update_ad:
1898 update_adv_data(&req);
1899
bfaf8c9f 1900 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1901 if (err < 0)
a664b5bc 1902 mgmt_pending_remove(cmd);
73f22f62
JH		 1903
1904failed:
09fd0de5 1905 hci_dev_unlock(hdev);
73f22f62
JH		 1906 return err;
1907}
1908
406d7804
JH		 1909static void write_fast_connectable(struct hci_request *req, bool enable)
1910{
bd98b996 1911 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1912 struct hci_cp_write_page_scan_activity acp;
1913 u8 type;
1914
d7a5a11d 1915 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1916 return;
1917
4c01f8b8
JH		 1918 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1919 return;
1920
406d7804
JH		 1921 if (enable) {
1922 type = PAGE_SCAN_TYPE_INTERLACED;
1923
1924 /* 160 msec page scan interval */
dcf4adbf 1925 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1926 } else {
1927 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1928
1929 /* default 1.28 sec page scan */
dcf4adbf 1930 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1931 }
1932
dcf4adbf 1933 acp.window = cpu_to_le16(0x0012);
406d7804 1934
bd98b996
JH		 1935 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1936 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1937 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1938 sizeof(acp), &acp);
1939
1940 if (hdev->page_scan_type != type)
1941 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1942}
1943
1904a853
MH		 1944static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1945 u16 opcode)
2b76f453 1946{
3b0602cd 1947 struct mgmt_pending_cmd *cmd;
d7b856f9 1948 struct mgmt_mode *cp;
bc6d2d04 1949 bool conn_changed, discov_changed;
2b76f453
JH		 1950
1951 BT_DBG("status 0x%02x", status);
1952
1953 hci_dev_lock(hdev);
1954
333ae95d 1955 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1956 if (!cmd)
1957 goto unlock;
1958
37438c1f
JH		 1959 if (status) {
1960 u8 mgmt_err = mgmt_status(status);
a69e8375 1961 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1962 goto remove_cmd;
1963 }
1964
d7b856f9 1965 cp = cmd->param;
bc6d2d04 1966 if (cp->val) {
238be788
MH		 1967 conn_changed = !hci_dev_test_and_set_flag(hdev,
1968 HCI_CONNECTABLE);
bc6d2d04
JH		 1969 discov_changed = false;
1970 } else {
a69d8927
MH		 1971 conn_changed = hci_dev_test_and_clear_flag(hdev,
1972 HCI_CONNECTABLE);
1973 discov_changed = hci_dev_test_and_clear_flag(hdev,
1974 HCI_DISCOVERABLE);
bc6d2d04 1975 }
d7b856f9 1976
2b76f453
JH		 1977 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1978
bc6d2d04 1979 if (conn_changed || discov_changed) {
d7b856f9 1980 new_settings(hdev, cmd->sk);
1d2dc5b7 1981 hci_update_page_scan(hdev);
bc6d2d04
JH		 1982 if (discov_changed)
1983 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1984 hci_update_background_scan(hdev);
1985 }
d7b856f9 1986
37438c1f 1987remove_cmd:
2b76f453
JH		 1988 mgmt_pending_remove(cmd);
1989
1990unlock:
1991 hci_dev_unlock(hdev);
1992}
1993
e8ba3a1f
JH		 1994static int set_connectable_update_settings(struct hci_dev *hdev,
1995 struct sock *sk, u8 val)
1996{
1997 bool changed = false;
1998 int err;
1999
d7a5a11d 2000 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 2001 changed = true;
2002
2003 if (val) {
a1536da2 2004 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 2005 } else {
a358dc11
MH		 2006 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2007 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 2008 }
2009
2010 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2011 if (err < 0)
2012 return err;
2013
562064e6 2014 if (changed) {
1d2dc5b7 2015 hci_update_page_scan(hdev);
562064e6 2016 hci_update_background_scan(hdev);
e8ba3a1f 2017 return new_settings(hdev, sk);
562064e6 2018 }
e8ba3a1f
JH		 2019
2020 return 0;
2021}
2022
bdb6d971 2023static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2024 u16 len)
9fbcbb45 2025{
650f726d 2026 struct mgmt_mode *cp = data;
3b0602cd 2027 struct mgmt_pending_cmd *cmd;
2b76f453 2028 struct hci_request req;
1987fdc7 2029 u8 scan;
9fbcbb45
JH		 2030 int err;
2031
bdb6d971 2032 BT_DBG("request for %s", hdev->name);
9fbcbb45 2033
d7a5a11d
MH		 2034 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2035 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2037 MGMT_STATUS_REJECTED);
33c525c0 2038
a7e80f25 2039 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2040 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2041 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2042
09fd0de5 2043 hci_dev_lock(hdev);
9fbcbb45 2044
4b34ee78 2045 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2046 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2047 goto failed;
2048 }
2049
333ae95d
JH		 2050 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2051 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2052 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2053 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2054 goto failed;
2055 }
2056
2e58ef3e 2057 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2058 if (!cmd) {
2059 err = -ENOMEM;
9fbcbb45 2060 goto failed;
366a0336 2061 }
9fbcbb45 2062
9b74246f 2063 hci_req_init(&req, hdev);
9fbcbb45 2064
9a43e25f
JH		 2065 /* If BR/EDR is not enabled and we disable advertising as a
2066 * by-product of disabling connectable, we need to update the
2067 * advertising flags.
2068 */
d7a5a11d 2069 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2070 if (!cp->val) {
a358dc11
MH		 2071 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2072 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2073 }
2074 update_adv_data(&req);
2075 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2076 if (cp->val) {
2077 scan = SCAN_PAGE;
2078 } else {
3bd27240
JH		 2079 /* If we don't have any whitelist entries just
2080 * disable all scanning. If there are entries
2081 * and we had both page and inquiry scanning
2082 * enabled then fall back to only page scanning.
2083 * Otherwise no changes are needed.
2084 */
2085 if (list_empty(&hdev->whitelist))
2086 scan = SCAN_DISABLED;
2087 else if (test_bit(HCI_ISCAN, &hdev->flags))
2088 scan = SCAN_PAGE;
2089 else
2090 goto no_scan_update;
9b74246f
JH		 2091
2092 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2093 hdev->discov_timeout > 0)
9b74246f
JH		 2094 cancel_delayed_work(&hdev->discov_off);
2095 }
2b76f453 2096
9b74246f
JH		 2097 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2098 }
2b76f453 2099
3bd27240 2100no_scan_update:
e8b1202c 2101 /* Update the advertising parameters if necessary */
880897d4
AU		 2102 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2103 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1987fdc7 2104 enable_advertising(&req);
1987fdc7 2105
2b76f453 2106 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2107 if (err < 0) {
a664b5bc 2108 mgmt_pending_remove(cmd);
9b74246f 2109 if (err == -ENODATA)
a81070ba
JH		 2110 err = set_connectable_update_settings(hdev, sk,
2111 cp->val);
9b74246f
JH		 2112 goto failed;
2113 }
9fbcbb45
JH		 2114
2115failed:
09fd0de5 2116 hci_dev_unlock(hdev);
9fbcbb45
JH		 2117 return err;
2118}
2119
b2939475 2120static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2121 u16 len)
c542a06c 2122{
650f726d 2123 struct mgmt_mode *cp = data;
55594356 2124 bool changed;
c542a06c
JH		 2125 int err;
2126
bdb6d971 2127 BT_DBG("request for %s", hdev->name);
c542a06c 2128
a7e80f25 2129 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2130 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2131 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2132
09fd0de5 2133 hci_dev_lock(hdev);
c542a06c
JH		 2134
2135 if (cp->val)
238be788 2136 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2137 else
a69d8927 2138 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2139
b2939475 2140 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2141 if (err < 0)
55594356 2142 goto unlock;
c542a06c 2143
55594356
MH		 2144 if (changed)
2145 err = new_settings(hdev, sk);
c542a06c 2146
55594356 2147unlock:
09fd0de5 2148 hci_dev_unlock(hdev);
c542a06c
JH		 2149 return err;
2150}
2151
04124681
GP		 2152static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2153 u16 len)
33ef95ed
JH		 2154{
2155 struct mgmt_mode *cp = data;
3b0602cd 2156 struct mgmt_pending_cmd *cmd;
e6fe7986 2157 u8 val, status;
33ef95ed
JH		 2158 int err;
2159
bdb6d971 2160 BT_DBG("request for %s", hdev->name);
33ef95ed 2161
e6fe7986
JH		 2162 status = mgmt_bredr_support(hdev);
2163 if (status)
a69e8375
JH		 2164 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2165 status);
33c525c0 2166
a7e80f25 2167 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2168 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2169 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2170
33ef95ed
JH		 2171 hci_dev_lock(hdev);
2172
4b34ee78 2173 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2174 bool changed = false;
2175
d7a5a11d 2176 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2177 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2178 changed = true;
2179 }
2180
2181 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2182 if (err < 0)
2183 goto failed;
2184
2185 if (changed)
2186 err = new_settings(hdev, sk);
2187
33ef95ed
JH		 2188 goto failed;
2189 }
2190
333ae95d 2191 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2192 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2193 MGMT_STATUS_BUSY);
33ef95ed
JH		 2194 goto failed;
2195 }
2196
2197 val = !!cp->val;
2198
2199 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2200 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2201 goto failed;
2202 }
2203
2204 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2205 if (!cmd) {
2206 err = -ENOMEM;
2207 goto failed;
2208 }
2209
2210 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2211 if (err < 0) {
2212 mgmt_pending_remove(cmd);
2213 goto failed;
2214 }
2215
2216failed:
2217 hci_dev_unlock(hdev);
33ef95ed
JH		 2218 return err;
2219}
2220
bdb6d971 2221static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2222{
2223 struct mgmt_mode *cp = data;
3b0602cd 2224 struct mgmt_pending_cmd *cmd;
72ef0c1a 2225 u8 status;
ed2c4ee3
JH		 2226 int err;
2227
bdb6d971 2228 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2229
cdba5281
MH		 2230 status = mgmt_bredr_support(hdev);
2231 if (status)
a69e8375 2232 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2233
13ecd8b6 2234 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2235 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2236 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2237
a7e80f25 2238 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2239 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2240 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2241
13ecd8b6 2242 hci_dev_lock(hdev);
6c8f12c1 2243
4b34ee78 2244 if (!hdev_is_powered(hdev)) {
9ecb3e24 2245 bool changed;
c0ecddc2 2246
9ecb3e24 2247 if (cp->val) {
238be788
MH		 2248 changed = !hci_dev_test_and_set_flag(hdev,
2249 HCI_SSP_ENABLED);
9ecb3e24 2250 } else {
a69d8927
MH		 2251 changed = hci_dev_test_and_clear_flag(hdev,
2252 HCI_SSP_ENABLED);
9ecb3e24 2253 if (!changed)
a69d8927
MH		 2254 changed = hci_dev_test_and_clear_flag(hdev,
2255 HCI_HS_ENABLED);
9ecb3e24 2256 else
a358dc11 2257 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2258 }
2259
2260 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2261 if (err < 0)
2262 goto failed;
2263
2264 if (changed)
2265 err = new_settings(hdev, sk);
2266
ed2c4ee3
JH		 2267 goto failed;
2268 }
2269
333ae95d 2270 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2271 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2272 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2273 goto failed;
2274 }
2275
d7a5a11d 2276 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2277 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2278 goto failed;
2279 }
2280
2281 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2282 if (!cmd) {
2283 err = -ENOMEM;
2284 goto failed;
2285 }
2286
d7a5a11d 2287 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2288 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2289 sizeof(cp->val), &cp->val);
2290
72ef0c1a 2291 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2292 if (err < 0) {
2293 mgmt_pending_remove(cmd);
2294 goto failed;
2295 }
2296
2297failed:
2298 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2299 return err;
2300}
2301
bdb6d971 2302static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2303{
2304 struct mgmt_mode *cp = data;
ee392693 2305 bool changed;
e6fe7986 2306 u8 status;
ee392693 2307 int err;
6d80dfd0 2308
bdb6d971 2309 BT_DBG("request for %s", hdev->name);
6d80dfd0 2310
e6fe7986
JH		 2311 status = mgmt_bredr_support(hdev);
2312 if (status)
a69e8375 2313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2314
9ecb3e24 2315 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2316 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2317 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2318
d7a5a11d 2319 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2321 MGMT_STATUS_REJECTED);
9ecb3e24 2322
a7e80f25 2323 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2324 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2325 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2326
ee392693
MH		 2327 hci_dev_lock(hdev);
2328
333ae95d 2329 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2330 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2331 MGMT_STATUS_BUSY);
a2cb01de
JH		 2332 goto unlock;
2333 }
2334
a0cdf960 2335 if (cp->val) {
238be788 2336 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2337 } else {
2338 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2339 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2340 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2341 goto unlock;
2342 }
2343
a69d8927 2344 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2345 }
ee392693
MH		 2346
2347 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2348 if (err < 0)
2349 goto unlock;
2350
2351 if (changed)
2352 err = new_settings(hdev, sk);
6d80dfd0 2353
ee392693
MH		 2354unlock:
2355 hci_dev_unlock(hdev);
2356 return err;
6d80dfd0
JH		 2357}
2358
1904a853 2359static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2360{
2361 struct cmd_lookup match = { NULL, hdev };
2362
3ad67582
JK		 2363 hci_dev_lock(hdev);
2364
416a4ae5
JH		 2365 if (status) {
2366 u8 mgmt_err = mgmt_status(status);
2367
2368 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2369 &mgmt_err);
3ad67582 2370 goto unlock;
416a4ae5
JH		 2371 }
2372
2373 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2374
2375 new_settings(hdev, match.sk);
2376
2377 if (match.sk)
2378 sock_put(match.sk);
441ad2d0
MH		 2379
2380 /* Make sure the controller has a good default for
2381 * advertising data. Restrict the update to when LE
2382 * has actually been enabled. During power on, the
2383 * update in powered_update_hci will take care of it.
2384 */
d7a5a11d 2385 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2386 struct hci_request req;
2387
441ad2d0 2388 hci_req_init(&req, hdev);
5947f4bc 2389 update_adv_data(&req);
f14d8f64 2390 update_scan_rsp_data(&req);
2cf22218 2391 __hci_update_background_scan(&req);
441ad2d0 2392 hci_req_run(&req, NULL);
441ad2d0 2393 }
3ad67582
JK		 2394
2395unlock:
2396 hci_dev_unlock(hdev);
416a4ae5
JH		 2397}
2398
bdb6d971 2399static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2400{
2401 struct mgmt_mode *cp = data;
2402 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2403 struct mgmt_pending_cmd *cmd;
416a4ae5 2404 struct hci_request req;
06199cf8 2405 int err;
0b60eba1 2406 u8 val, enabled;
06199cf8 2407
bdb6d971 2408 BT_DBG("request for %s", hdev->name);
06199cf8 2409
13ecd8b6 2410 if (!lmp_le_capable(hdev))
a69e8375
JH		 2411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2412 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2413
a7e80f25 2414 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2415 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2416 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2417
e7844ee5
MH		 2418 /* Bluetooth single mode LE only controllers or dual-mode
2419 * controllers configured as LE only devices, do not allow
2420 * switching LE off. These have either LE enabled explicitly
2421 * or BR/EDR has been previously switched off.
2422 *
2423 * When trying to enable an already enabled LE, then gracefully
2424 * send a positive response. Trying to disable it however will
2425 * result into rejection.
2426 */
2427 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2428 if (cp->val == 0x01)
2429 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2430
a69e8375
JH		 2431 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2432 MGMT_STATUS_REJECTED);
e7844ee5 2433 }
c73eee91 2434
13ecd8b6 2435 hci_dev_lock(hdev);
06199cf8
JH		 2436
2437 val = !!cp->val;
ffa88e02 2438 enabled = lmp_host_le_capable(hdev);
06199cf8 2439
0b60eba1 2440 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2441 bool changed = false;
2442
d7a5a11d 2443 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2444 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2445 changed = true;
2446 }
2447
d7a5a11d 2448 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2449 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2450 changed = true;
2451 }
2452
06199cf8
JH		 2453 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2454 if (err < 0)
1de028ce 2455 goto unlock;
06199cf8
JH		 2456
2457 if (changed)
2458 err = new_settings(hdev, sk);
2459
1de028ce 2460 goto unlock;
06199cf8
JH		 2461 }
2462
333ae95d
JH		 2463 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2464 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2465 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2466 MGMT_STATUS_BUSY);
1de028ce 2467 goto unlock;
06199cf8
JH		 2468 }
2469
2470 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2471 if (!cmd) {
2472 err = -ENOMEM;
1de028ce 2473 goto unlock;
06199cf8
JH		 2474 }
2475
441ad2d0
MH		 2476 hci_req_init(&req, hdev);
2477
06199cf8
JH		 2478 memset(&hci_cp, 0, sizeof(hci_cp));
2479
2480 if (val) {
2481 hci_cp.le = val;
32226e4f 2482 hci_cp.simul = 0x00;
441ad2d0 2483 } else {
d7a5a11d 2484 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2485 disable_advertising(&req);
06199cf8
JH		 2486 }
2487
416a4ae5
JH		 2488 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2489 &hci_cp);
2490
2491 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2492 if (err < 0)
06199cf8 2493 mgmt_pending_remove(cmd);
06199cf8 2494
1de028ce
JH		 2495unlock:
2496 hci_dev_unlock(hdev);
06199cf8
JH		 2497 return err;
2498}
2499
0cab9c80
JH		 2500/* This is a helper function to test for pending mgmt commands that can
2501 * cause CoD or EIR HCI commands. We can only allow one such pending
2502 * mgmt command at a time since otherwise we cannot easily track what
2503 * the current values are, will be, and based on that calculate if a new
2504 * HCI command needs to be sent and if yes with what value.
2505 */
2506static bool pending_eir_or_class(struct hci_dev *hdev)
2507{
3b0602cd 2508 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2509
2510 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2511 switch (cmd->opcode) {
2512 case MGMT_OP_ADD_UUID:
2513 case MGMT_OP_REMOVE_UUID:
2514 case MGMT_OP_SET_DEV_CLASS:
2515 case MGMT_OP_SET_POWERED:
2516 return true;
2517 }
2518 }
2519
2520 return false;
2521}
2522
83be8eca
JH		 2523static const u8 bluetooth_base_uuid[] = {
2524 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2525 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2526};
2527
2528static u8 get_uuid_size(const u8 *uuid)
2529{
2530 u32 val;
2531
2532 if (memcmp(uuid, bluetooth_base_uuid, 12))
2533 return 128;
2534
2535 val = get_unaligned_le32(&uuid[12]);
2536 if (val > 0xffff)
2537 return 32;
2538
2539 return 16;
2540}
2541
92da6097
JH		 2542static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2543{
3b0602cd 2544 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2545
2546 hci_dev_lock(hdev);
2547
333ae95d 2548 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2549 if (!cmd)
2550 goto unlock;
2551
2a1afb5a
JH		 2552 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2553 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2554
2555 mgmt_pending_remove(cmd);
2556
2557unlock:
2558 hci_dev_unlock(hdev);
2559}
2560
1904a853 2561static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2562{
2563 BT_DBG("status 0x%02x", status);
2564
2565 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2566}
2567
bdb6d971 2568static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2569{
650f726d 2570 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2571 struct mgmt_pending_cmd *cmd;
890ea898 2572 struct hci_request req;
2aeb9a1a 2573 struct bt_uuid *uuid;
2aeb9a1a
JH		 2574 int err;
2575
bdb6d971 2576 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2577
09fd0de5 2578 hci_dev_lock(hdev);
2aeb9a1a 2579
0cab9c80 2580 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2581 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2582 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2583 goto failed;
2584 }
2585
92c4c204 2586 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2587 if (!uuid) {
2588 err = -ENOMEM;
2589 goto failed;
2590 }
2591
2592 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2593 uuid->svc_hint = cp->svc_hint;
83be8eca 2594 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2595
de66aa63 2596 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2597
890ea898 2598 hci_req_init(&req, hdev);
1aff6f09 2599
890ea898
JH		 2600 update_class(&req);
2601 update_eir(&req);
2602
92da6097
JH		 2603 err = hci_req_run(&req, add_uuid_complete);
2604 if (err < 0) {
2605 if (err != -ENODATA)
2606 goto failed;
80a1e1db 2607
2a1afb5a
JH		 2608 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2609 hdev->dev_class, 3);
90e70454
JH		 2610 goto failed;
2611 }
2612
2613 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2614 if (!cmd) {
90e70454 2615 err = -ENOMEM;
890ea898
JH		 2616 goto failed;
2617 }
2618
2619 err = 0;
2aeb9a1a
JH		 2620
2621failed:
09fd0de5 2622 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2623 return err;
2624}
2625
24b78d0f
JH		 2626static bool enable_service_cache(struct hci_dev *hdev)
2627{
2628 if (!hdev_is_powered(hdev))
2629 return false;
2630
238be788 2631 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2632 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2633 CACHE_TIMEOUT);
24b78d0f
JH		 2634 return true;
2635 }
2636
2637 return false;
2638}
2639
1904a853 2640static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2641{
2642 BT_DBG("status 0x%02x", status);
2643
2644 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2645}
2646
bdb6d971 2647static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2648 u16 len)
2aeb9a1a 2649{
650f726d 2650 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2651 struct mgmt_pending_cmd *cmd;
056341c8 2652 struct bt_uuid *match, *tmp;
2aeb9a1a 2653 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2654 struct hci_request req;
2aeb9a1a
JH		 2655 int err, found;
2656
bdb6d971 2657 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2658
09fd0de5 2659 hci_dev_lock(hdev);
2aeb9a1a 2660
0cab9c80 2661 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2662 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2663 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2664 goto unlock;
2665 }
2666
2aeb9a1a 2667 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2668 hci_uuids_clear(hdev);
4004b6d9 2669
24b78d0f 2670 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2671 err = mgmt_cmd_complete(sk, hdev->id,
2672 MGMT_OP_REMOVE_UUID,
2673 0, hdev->dev_class, 3);
24b78d0f
JH		 2674 goto unlock;
2675 }
4004b6d9 2676
9246a869 2677 goto update_class;
2aeb9a1a
JH		 2678 }
2679
2680 found = 0;
2681
056341c8 2682 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2683 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2684 continue;
2685
2686 list_del(&match->list);
482049f7 2687 kfree(match);
2aeb9a1a
JH		 2688 found++;
2689 }
2690
2691 if (found == 0) {
a69e8375
JH		 2692 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2693 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2694 goto unlock;
2695 }
2696
9246a869 2697update_class:
890ea898 2698 hci_req_init(&req, hdev);
1aff6f09 2699
890ea898
JH		 2700 update_class(&req);
2701 update_eir(&req);
2702
92da6097
JH		 2703 err = hci_req_run(&req, remove_uuid_complete);
2704 if (err < 0) {
2705 if (err != -ENODATA)
2706 goto unlock;
80a1e1db 2707
2a1afb5a
JH		 2708 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2709 hdev->dev_class, 3);
90e70454
JH		 2710 goto unlock;
2711 }
2712
2713 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2714 if (!cmd) {
90e70454 2715 err = -ENOMEM;
890ea898
JH		 2716 goto unlock;
2717 }
2718
2719 err = 0;
2aeb9a1a
JH		 2720
2721unlock:
09fd0de5 2722 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2723 return err;
2724}
2725
1904a853 2726static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2727{
2728 BT_DBG("status 0x%02x", status);
2729
2730 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2731}
2732
bdb6d971 2733static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2734 u16 len)
1aff6f09 2735{
650f726d 2736 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2737 struct mgmt_pending_cmd *cmd;
890ea898 2738 struct hci_request req;
1aff6f09
JH		 2739 int err;
2740
bdb6d971 2741 BT_DBG("request for %s", hdev->name);
1aff6f09 2742
6203fc98 2743 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2745 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2746
0cab9c80 2747 hci_dev_lock(hdev);
ee98f473 2748
0cab9c80 2749 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2750 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2751 MGMT_STATUS_BUSY);
0cab9c80
JH		 2752 goto unlock;
2753 }
c95f0ba7 2754
0cab9c80 2755 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2756 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2757 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2758 goto unlock;
2759 }
575b3a02 2760
932f5ff5
JH		 2761 hdev->major_class = cp->major;
2762 hdev->minor_class = cp->minor;
2763
b5235a65 2764 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2765 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2766 hdev->dev_class, 3);
b5235a65
JH		 2767 goto unlock;
2768 }
2769
890ea898
JH		 2770 hci_req_init(&req, hdev);
2771
a69d8927 2772 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2773 hci_dev_unlock(hdev);
2774 cancel_delayed_work_sync(&hdev->service_cache);
2775 hci_dev_lock(hdev);
890ea898 2776 update_eir(&req);
7d78525d 2777 }
14c0b608 2778
890ea898
JH		 2779 update_class(&req);
2780
92da6097
JH		 2781 err = hci_req_run(&req, set_class_complete);
2782 if (err < 0) {
2783 if (err != -ENODATA)
2784 goto unlock;
1aff6f09 2785
2a1afb5a
JH		 2786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2787 hdev->dev_class, 3);
90e70454
JH		 2788 goto unlock;
2789 }
2790
2791 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2792 if (!cmd) {
90e70454 2793 err = -ENOMEM;
890ea898
JH		 2794 goto unlock;
2795 }
2796
2797 err = 0;
1aff6f09 2798
b5235a65 2799unlock:
09fd0de5 2800 hci_dev_unlock(hdev);
1aff6f09
JH		 2801 return err;
2802}
2803
bdb6d971 2804static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2805 u16 len)
55ed8ca1 2806{
650f726d 2807 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2808 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2809 sizeof(struct mgmt_link_key_info));
4e51eae9 2810 u16 key_count, expected_len;
b1de97d8 2811 bool changed;
a492cd52 2812 int i;
55ed8ca1 2813
9060d5cf
MH		 2814 BT_DBG("request for %s", hdev->name);
2815
2816 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2817 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2818 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2819
1f350c87 2820 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2821 if (key_count > max_key_count) {
2822 BT_ERR("load_link_keys: too big key_count value %u",
2823 key_count);
a69e8375
JH		 2824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2825 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2826 }
55ed8ca1 2827
86742e1e
JH		 2828 expected_len = sizeof(*cp) + key_count *
2829 sizeof(struct mgmt_link_key_info);
a492cd52 2830 if (expected_len != len) {
86742e1e 2831 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2832 expected_len, len);
a69e8375
JH		 2833 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2834 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2835 }
2836
4ae14301 2837 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2839 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2840
bdb6d971 2841 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2842 key_count);
55ed8ca1 2843
4ee71b20
JH		 2844 for (i = 0; i < key_count; i++) {
2845 struct mgmt_link_key_info *key = &cp->keys[i];
2846
8e991132 2847 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2848 return mgmt_cmd_status(sk, hdev->id,
2849 MGMT_OP_LOAD_LINK_KEYS,
2850 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2851 }
2852
09fd0de5 2853 hci_dev_lock(hdev);
55ed8ca1
JH		 2854
2855 hci_link_keys_clear(hdev);
2856
55ed8ca1 2857 if (cp->debug_keys)
238be788 2858 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2859 else
a69d8927
MH		 2860 changed = hci_dev_test_and_clear_flag(hdev,
2861 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2862
2863 if (changed)
2864 new_settings(hdev, NULL);
55ed8ca1 2865
a492cd52 2866 for (i = 0; i < key_count; i++) {
86742e1e 2867 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2868
58e9293c
JH		 2869 /* Always ignore debug keys and require a new pairing if
2870 * the user wants to use them.
2871 */
2872 if (key->type == HCI_LK_DEBUG_COMBINATION)
2873 continue;
2874
7652ff6a
JH		 2875 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2876 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2877 }
2878
2a1afb5a 2879 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2880
09fd0de5 2881 hci_dev_unlock(hdev);
55ed8ca1 2882
a492cd52 2883 return 0;
55ed8ca1
JH		 2884}
2885
b1078ad0 2886static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2887 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2888{
2889 struct mgmt_ev_device_unpaired ev;
2890
2891 bacpy(&ev.addr.bdaddr, bdaddr);
2892 ev.addr.type = addr_type;
2893
2894 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2895 skip_sk);
b1078ad0
JH		 2896}
2897
bdb6d971 2898static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2899 u16 len)
55ed8ca1 2900{
124f6e35
JH		 2901 struct mgmt_cp_unpair_device *cp = data;
2902 struct mgmt_rp_unpair_device rp;
a8a1d19e 2903 struct hci_cp_disconnect dc;
3b0602cd 2904 struct mgmt_pending_cmd *cmd;
55ed8ca1 2905 struct hci_conn *conn;
55ed8ca1
JH		 2906 int err;
2907
a8a1d19e 2908 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2909 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2910 rp.addr.type = cp->addr.type;
a8a1d19e 2911
4ee71b20 2912 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2913 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2914 MGMT_STATUS_INVALID_PARAMS,
2915 &rp, sizeof(rp));
4ee71b20 2916
118da70b 2917 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2918 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2919 MGMT_STATUS_INVALID_PARAMS,
2920 &rp, sizeof(rp));
118da70b 2921
4ee71b20
JH		 2922 hci_dev_lock(hdev);
2923
86a8cfc6 2924 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2925 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2926 MGMT_STATUS_NOT_POWERED, &rp,
2927 sizeof(rp));
86a8cfc6
JH		 2928 goto unlock;
2929 }
2930
e0b2b27e 2931 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2932 /* If disconnection is requested, then look up the
2933 * connection. If the remote device is connected, it
2934 * will be later used to terminate the link.
2935 *
2936 * Setting it to NULL explicitly will cause no
2937 * termination of the link.
2938 */
2939 if (cp->disconnect)
2940 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2941 &cp->addr.bdaddr);
2942 else
2943 conn = NULL;
2944
124f6e35 2945 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2946 } else {
2947 u8 addr_type;
2948
89cbb063
AA		 2949 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2950 &cp->addr.bdaddr);
2951 if (conn) {
2952 /* Defer clearing up the connection parameters
2953 * until closing to give a chance of keeping
2954 * them if a repairing happens.
2955 */
2956 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2957
2958 /* If disconnection is not requested, then
2959 * clear the connection variable so that the
2960 * link is not terminated.
2961 */
2962 if (!cp->disconnect)
2963 conn = NULL;
2964 }
2965
e0b2b27e
JH		 2966 if (cp->addr.type == BDADDR_LE_PUBLIC)
2967 addr_type = ADDR_LE_DEV_PUBLIC;
2968 else
2969 addr_type = ADDR_LE_DEV_RANDOM;
2970
a7ec7338
JH		 2971 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2972
e0b2b27e
JH		 2973 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2974 }
b0dbfb46 2975
55ed8ca1 2976 if (err < 0) {
2a1afb5a
JH		 2977 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2978 MGMT_STATUS_NOT_PAIRED, &rp,
2979 sizeof(rp));
55ed8ca1
JH		 2980 goto unlock;
2981 }
2982
89cbb063
AA		 2983 /* If the connection variable is set, then termination of the
2984 * link is requested.
2985 */
a8a1d19e 2986 if (!conn) {
2a1afb5a
JH		 2987 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2988 &rp, sizeof(rp));
b1078ad0 2989 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2990 goto unlock;
2991 }
55ed8ca1 2992
124f6e35 2993 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2994 sizeof(*cp));
a8a1d19e
JH		 2995 if (!cmd) {
2996 err = -ENOMEM;
2997 goto unlock;
55ed8ca1
JH		 2998 }
2999
d8b7b1e4
JH		 3000 cmd->cmd_complete = addr_cmd_complete;
3001
eb55ef07 3002 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 3003 dc.reason = 0x13; /* Remote User Terminated Connection */
3004 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
3005 if (err < 0)
3006 mgmt_pending_remove(cmd);
3007
55ed8ca1 3008unlock:
09fd0de5 3009 hci_dev_unlock(hdev);
55ed8ca1
JH		 3010 return err;
3011}
3012
bdb6d971 3013static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3014 u16 len)
8962ee74 3015{
650f726d 3016 struct mgmt_cp_disconnect *cp = data;
06a63b19 3017 struct mgmt_rp_disconnect rp;
3b0602cd 3018 struct mgmt_pending_cmd *cmd;
8962ee74 3019 struct hci_conn *conn;
8962ee74
JH		 3020 int err;
3021
3022 BT_DBG("");
3023
06a63b19
JH		 3024 memset(&rp, 0, sizeof(rp));
3025 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3026 rp.addr.type = cp->addr.type;
3027
4ee71b20 3028 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3029 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3030 MGMT_STATUS_INVALID_PARAMS,
3031 &rp, sizeof(rp));
4ee71b20 3032
09fd0de5 3033 hci_dev_lock(hdev);
8962ee74
JH		 3034
3035 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3036 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3037 MGMT_STATUS_NOT_POWERED, &rp,
3038 sizeof(rp));
8962ee74
JH		 3039 goto failed;
3040 }
3041
333ae95d 3042 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3043 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3044 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3045 goto failed;
3046 }
3047
591f47f3 3048 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3049 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3050 &cp->addr.bdaddr);
88c3df13
JH		 3051 else
3052 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 3053
f960727e 3054 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3055 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3056 MGMT_STATUS_NOT_CONNECTED, &rp,
3057 sizeof(rp));
8962ee74
JH		 3058 goto failed;
3059 }
3060
2e58ef3e 3061 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3062 if (!cmd) {
3063 err = -ENOMEM;
8962ee74 3064 goto failed;
366a0336 3065 }
8962ee74 3066
f5818c22
JH		 3067 cmd->cmd_complete = generic_cmd_complete;
3068
e3f2f92a 3069 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3070 if (err < 0)
a664b5bc 3071 mgmt_pending_remove(cmd);
8962ee74
JH		 3072
3073failed:
09fd0de5 3074 hci_dev_unlock(hdev);
8962ee74
JH		 3075 return err;
3076}
3077
57c1477c 3078static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3079{
3080 switch (link_type) {
3081 case LE_LINK:
48264f06
JH		 3082 switch (addr_type) {
3083 case ADDR_LE_DEV_PUBLIC:
591f47f3 3084 return BDADDR_LE_PUBLIC;
0ed09148 3085
48264f06 3086 default:
0ed09148 3087 /* Fallback to LE Random address type */
591f47f3 3088 return BDADDR_LE_RANDOM;
48264f06 3089 }
0ed09148 3090
4c659c39 3091 default:
0ed09148 3092 /* Fallback to BR/EDR type */
591f47f3 3093 return BDADDR_BREDR;
4c659c39
JH		 3094 }
3095}
3096
04124681
GP		 3097static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3098 u16 data_len)
2784eb41 3099{
2784eb41 3100 struct mgmt_rp_get_connections *rp;
8035ded4 3101 struct hci_conn *c;
a38528f1 3102 size_t rp_len;
60fc5fb6
JH		 3103 int err;
3104 u16 i;
2784eb41
JH		 3105
3106 BT_DBG("");
3107
09fd0de5 3108 hci_dev_lock(hdev);
2784eb41 3109
5f97c1df 3110 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3111 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3112 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3113 goto unlock;
3114 }
3115
60fc5fb6 3116 i = 0;
b644ba33
JH		 3117 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3118 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3119 i++;
2784eb41
JH		 3120 }
3121
60fc5fb6 3122 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3123 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3124 if (!rp) {
2784eb41
JH		 3125 err = -ENOMEM;
3126 goto unlock;
3127 }
3128
2784eb41 3129 i = 0;
4c659c39 3130 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3131 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3132 continue;
4c659c39 3133 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3134 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3135 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3136 continue;
3137 i++;
3138 }
3139
eb55ef07 3140 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3141
4c659c39
JH		 3142 /* Recalculate length in case of filtered SCO connections, etc */
3143 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3144
2a1afb5a
JH		 3145 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3146 rp_len);
2784eb41 3147
a38528f1 3148 kfree(rp);
5f97c1df
JH		 3149
3150unlock:
09fd0de5 3151 hci_dev_unlock(hdev);
2784eb41
JH		 3152 return err;
3153}
3154
bdb6d971 3155static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3156 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3157{
3b0602cd 3158 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3159 int err;
3160
2e58ef3e 3161 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3162 sizeof(*cp));
96d97a67
WR		 3163 if (!cmd)
3164 return -ENOMEM;
3165
d8457698 3166 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3167 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3168 if (err < 0)
3169 mgmt_pending_remove(cmd);
3170
3171 return err;
3172}
3173
bdb6d971 3174static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3175 u16 len)
980e1a53 3176{
96d97a67 3177 struct hci_conn *conn;
650f726d 3178 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3179 struct hci_cp_pin_code_reply reply;
3b0602cd 3180 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3181 int err;
3182
3183 BT_DBG("");
3184
09fd0de5 3185 hci_dev_lock(hdev);
980e1a53 3186
4b34ee78 3187 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3188 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3189 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3190 goto failed;
3191 }
3192
d8457698 3193 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3194 if (!conn) {
a69e8375
JH		 3195 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3196 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3197 goto failed;
3198 }
3199
3200 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3201 struct mgmt_cp_pin_code_neg_reply ncp;
3202
3203 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3204
3205 BT_ERR("PIN code is not 16 bytes long");
3206
bdb6d971 3207 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3208 if (err >= 0)
a69e8375
JH		 3209 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3210 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3211
3212 goto failed;
3213 }
3214
00abfe44 3215 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3216 if (!cmd) {
3217 err = -ENOMEM;
980e1a53 3218 goto failed;
366a0336 3219 }
980e1a53 3220
7776d1d8
JH		 3221 cmd->cmd_complete = addr_cmd_complete;
3222
d8457698 3223 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3224 reply.pin_len = cp->pin_len;
24718ca5 3225 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3226
3227 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3228 if (err < 0)
a664b5bc 3229 mgmt_pending_remove(cmd);
980e1a53
JH		 3230
3231failed:
09fd0de5 3232 hci_dev_unlock(hdev);
980e1a53
JH		 3233 return err;
3234}
3235
04124681
GP		 3236static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3237 u16 len)
17fa4b9d 3238{
650f726d 3239 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3240
3241 BT_DBG("");
3242
4ec86d4c 3243 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3244 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3245 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3246
09fd0de5 3247 hci_dev_lock(hdev);
17fa4b9d
JH		 3248
3249 hdev->io_capability = cp->io_capability;
3250
3251 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3252 hdev->io_capability);
17fa4b9d 3253
09fd0de5 3254 hci_dev_unlock(hdev);
17fa4b9d 3255
2a1afb5a
JH		 3256 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3257 NULL, 0);
17fa4b9d
JH		 3258}
3259
3b0602cd 3260static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3261{
3262 struct hci_dev *hdev = conn->hdev;
3b0602cd 3263 struct mgmt_pending_cmd *cmd;
e9a416b5 3264
2e58ef3e 3265 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3266 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3267 continue;
3268
e9a416b5
JH		 3269 if (cmd->user_data != conn)
3270 continue;
3271
3272 return cmd;
3273 }
3274
3275 return NULL;
3276}
3277
3b0602cd 3278static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3279{
3280 struct mgmt_rp_pair_device rp;
3281 struct hci_conn *conn = cmd->user_data;
9df74653 3282 int err;
e9a416b5 3283
61b1a7fb
JH		 3284 bacpy(&rp.addr.bdaddr, &conn->dst);
3285 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3286
2a1afb5a
JH		 3287 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3288 status, &rp, sizeof(rp));
e9a416b5
JH		 3289
3290 /* So we don't get further callbacks for this connection */
3291 conn->connect_cfm_cb = NULL;
3292 conn->security_cfm_cb = NULL;
3293 conn->disconn_cfm_cb = NULL;
3294
76a68ba0 3295 hci_conn_drop(conn);
89cbb063
AA		 3296
3297 /* The device is paired so there is no need to remove
3298 * its connection parameters anymore.
3299 */
3300 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3301
3302 hci_conn_put(conn);
9df74653
JH		 3303
3304 return err;
e9a416b5
JH		 3305}
3306
f4a407be
JH		 3307void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3308{
3309 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3310 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3311
3312 cmd = find_pairing(conn);
a511b35b 3313 if (cmd) {
04ab2749 3314 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3315 mgmt_pending_remove(cmd);
3316 }
f4a407be
JH		 3317}
3318
e9a416b5
JH		 3319static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3320{
3b0602cd 3321 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3322
3323 BT_DBG("status %u", status);
3324
3325 cmd = find_pairing(conn);
a511b35b 3326 if (!cmd) {
e9a416b5 3327 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3328 return;
3329 }
3330
3331 cmd->cmd_complete(cmd, mgmt_status(status));
3332 mgmt_pending_remove(cmd);
e9a416b5
JH		 3333}
3334
f4a407be 3335static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3336{
3b0602cd 3337 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3338
3339 BT_DBG("status %u", status);
3340
3341 if (!status)
3342 return;
3343
3344 cmd = find_pairing(conn);
a511b35b 3345 if (!cmd) {
4c47d739 3346 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3347 return;
3348 }
3349
3350 cmd->cmd_complete(cmd, mgmt_status(status));
3351 mgmt_pending_remove(cmd);
4c47d739
VA		 3352}
3353
bdb6d971 3354static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3355 u16 len)
e9a416b5 3356{
650f726d 3357 struct mgmt_cp_pair_device *cp = data;
1425acb7 3358 struct mgmt_rp_pair_device rp;
3b0602cd 3359 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3360 u8 sec_level, auth_type;
3361 struct hci_conn *conn;
e9a416b5
JH		 3362 int err;
3363
3364 BT_DBG("");
3365
f950a30e
SJ		 3366 memset(&rp, 0, sizeof(rp));
3367 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3368 rp.addr.type = cp->addr.type;
3369
4ee71b20 3370 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3371 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3372 MGMT_STATUS_INVALID_PARAMS,
3373 &rp, sizeof(rp));
4ee71b20 3374
4ec86d4c 3375 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3376 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3377 MGMT_STATUS_INVALID_PARAMS,
3378 &rp, sizeof(rp));
4ec86d4c 3379
09fd0de5 3380 hci_dev_lock(hdev);
e9a416b5 3381
5f97c1df 3382 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3383 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3384 MGMT_STATUS_NOT_POWERED, &rp,
3385 sizeof(rp));
5f97c1df
JH		 3386 goto unlock;
3387 }
3388
55e76b38
JH		 3389 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3390 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3391 MGMT_STATUS_ALREADY_PAIRED, &rp,
3392 sizeof(rp));
3393 goto unlock;
3394 }
3395
c908df36 3396 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3397 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3398
6f77d8c7 3399 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3400 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3401 auth_type);
6f77d8c7
AG		 3402 } else {
3403 u8 addr_type;
3404
3405 /* Convert from L2CAP channel address type to HCI address type
3406 */
3407 if (cp->addr.type == BDADDR_LE_PUBLIC)
3408 addr_type = ADDR_LE_DEV_PUBLIC;
3409 else
3410 addr_type = ADDR_LE_DEV_RANDOM;
3411
7c264b10
MH		 3412 /* When pairing a new device, it is expected to remember
3413 * this device for future connections. Adding the connection
3414 * parameter information ahead of time allows tracking
3415 * of the slave preferred values and will speed up any
3416 * further connection establishment.
3417 *
3418 * If connection parameters already exist, then they
3419 * will be kept and this function does nothing.
3420 */
3421 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3422
6f77d8c7 3423 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3424 sec_level, HCI_LE_CONN_TIMEOUT,
3425 HCI_ROLE_MASTER);
6f77d8c7 3426 }
7a512d01 3427
30e76272 3428 if (IS_ERR(conn)) {
489dc48e
AK		 3429 int status;
3430
3431 if (PTR_ERR(conn) == -EBUSY)
3432 status = MGMT_STATUS_BUSY;
faa81030
LR		 3433 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3434 status = MGMT_STATUS_NOT_SUPPORTED;
3435 else if (PTR_ERR(conn) == -ECONNREFUSED)
3436 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3437 else
3438 status = MGMT_STATUS_CONNECT_FAILED;
3439
2a1afb5a
JH		 3440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3441 status, &rp, sizeof(rp));
e9a416b5
JH		 3442 goto unlock;
3443 }
3444
3445 if (conn->connect_cfm_cb) {
76a68ba0 3446 hci_conn_drop(conn);
2a1afb5a
JH		 3447 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3448 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3449 goto unlock;
3450 }
3451
2e58ef3e 3452 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3453 if (!cmd) {
3454 err = -ENOMEM;
76a68ba0 3455 hci_conn_drop(conn);
e9a416b5
JH		 3456 goto unlock;
3457 }
3458
04ab2749
JH		 3459 cmd->cmd_complete = pairing_complete;
3460
7a512d01 3461 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3462 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3463 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3464 conn->security_cfm_cb = pairing_complete_cb;
3465 conn->disconn_cfm_cb = pairing_complete_cb;
3466 } else {
3467 conn->connect_cfm_cb = le_pairing_complete_cb;
3468 conn->security_cfm_cb = le_pairing_complete_cb;
3469 conn->disconn_cfm_cb = le_pairing_complete_cb;
3470 }
7a512d01 3471
e9a416b5 3472 conn->io_capability = cp->io_cap;
f8aaf9b6 3473 cmd->user_data = hci_conn_get(conn);
e9a416b5 3474
6f78fd4b 3475 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3476 hci_conn_security(conn, sec_level, auth_type, true)) {
3477 cmd->cmd_complete(cmd, 0);
3478 mgmt_pending_remove(cmd);
3479 }
e9a416b5
JH		 3480
3481 err = 0;
3482
3483unlock:
09fd0de5 3484 hci_dev_unlock(hdev);
e9a416b5
JH		 3485 return err;
3486}
3487
04124681
GP		 3488static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3489 u16 len)
28424707 3490{
0f4e68cf 3491 struct mgmt_addr_info *addr = data;
3b0602cd 3492 struct mgmt_pending_cmd *cmd;
28424707
JH		 3493 struct hci_conn *conn;
3494 int err;
3495
3496 BT_DBG("");
3497
28424707
JH		 3498 hci_dev_lock(hdev);
3499
5f97c1df 3500 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3501 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3502 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3503 goto unlock;
3504 }
3505
333ae95d 3506 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3507 if (!cmd) {
a69e8375
JH		 3508 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3509 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3510 goto unlock;
3511 }
3512
3513 conn = cmd->user_data;
3514
3515 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3516 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3517 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3518 goto unlock;
3519 }
3520
a511b35b
JH		 3521 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3522 mgmt_pending_remove(cmd);
28424707 3523
2a1afb5a
JH		 3524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3525 addr, sizeof(*addr));
28424707
JH		 3526unlock:
3527 hci_dev_unlock(hdev);
28424707
JH		 3528 return err;
3529}
3530
bdb6d971 3531static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3532 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3533 u16 hci_op, __le32 passkey)
a5c29683 3534{
3b0602cd 3535 struct mgmt_pending_cmd *cmd;
0df4c185 3536 struct hci_conn *conn;
a5c29683
JH		 3537 int err;
3538
09fd0de5 3539 hci_dev_lock(hdev);
08ba5382 3540
4b34ee78 3541 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3542 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3543 MGMT_STATUS_NOT_POWERED, addr,
3544 sizeof(*addr));
0df4c185 3545 goto done;
a5c29683
JH		 3546 }
3547
1707c60e
JH		 3548 if (addr->type == BDADDR_BREDR)
3549 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3550 else
1707c60e 3551 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3552
3553 if (!conn) {
2a1afb5a
JH		 3554 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3555 MGMT_STATUS_NOT_CONNECTED, addr,
3556 sizeof(*addr));
272d90df
JH		 3557 goto done;
3558 }
47c15e2b 3559
1707c60e 3560 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3561 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3562 if (!err)
2a1afb5a
JH		 3563 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3564 MGMT_STATUS_SUCCESS, addr,
3565 sizeof(*addr));
5fe57d9e 3566 else
2a1afb5a
JH		 3567 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3568 MGMT_STATUS_FAILED, addr,
3569 sizeof(*addr));
47c15e2b 3570
47c15e2b
BG		 3571 goto done;
3572 }
3573
1707c60e 3574 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3575 if (!cmd) {
3576 err = -ENOMEM;
0df4c185 3577 goto done;
a5c29683
JH		 3578 }
3579
7776d1d8
JH		 3580 cmd->cmd_complete = addr_cmd_complete;
3581
0df4c185 3582 /* Continue with pairing via HCI */
604086b7
BG		 3583 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3584 struct hci_cp_user_passkey_reply cp;
3585
1707c60e 3586 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3587 cp.passkey = passkey;
3588 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3589 } else
1707c60e
JH		 3590 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3591 &addr->bdaddr);
604086b7 3592
a664b5bc
JH		 3593 if (err < 0)
3594 mgmt_pending_remove(cmd);
a5c29683 3595
0df4c185 3596done:
09fd0de5 3597 hci_dev_unlock(hdev);
a5c29683
JH		 3598 return err;
3599}
3600
afeb019d
JK		 3601static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3602 void *data, u16 len)
3603{
3604 struct mgmt_cp_pin_code_neg_reply *cp = data;
3605
3606 BT_DBG("");
3607
1707c60e 3608 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3609 MGMT_OP_PIN_CODE_NEG_REPLY,
3610 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3611}
3612
04124681
GP		 3613static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3614 u16 len)
0df4c185 3615{
650f726d 3616 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3617
3618 BT_DBG("");
3619
3620 if (len != sizeof(*cp))
a69e8375
JH		 3621 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3622 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3623
1707c60e 3624 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3625 MGMT_OP_USER_CONFIRM_REPLY,
3626 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3627}
3628
bdb6d971 3629static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3630 void *data, u16 len)
0df4c185 3631{
c9c2659f 3632 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3633
3634 BT_DBG("");
3635
1707c60e 3636 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3637 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3638 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3639}
3640
04124681
GP		 3641static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3642 u16 len)
604086b7 3643{
650f726d 3644 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3645
3646 BT_DBG("");
3647
1707c60e 3648 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3649 MGMT_OP_USER_PASSKEY_REPLY,
3650 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3651}
3652
bdb6d971 3653static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3654 void *data, u16 len)
604086b7 3655{
650f726d 3656 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3657
3658 BT_DBG("");
3659
1707c60e 3660 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3661 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3662 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3663}
3664
13928971 3665static void update_name(struct hci_request *req)
2b4bf397 3666{
13928971 3667 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3668 struct hci_cp_write_local_name cp;
3669
13928971 3670 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3671
890ea898 3672 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3673}
3674
1904a853 3675static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3676{
3677 struct mgmt_cp_set_local_name *cp;
3b0602cd 3678 struct mgmt_pending_cmd *cmd;
13928971
JH		 3679
3680 BT_DBG("status 0x%02x", status);
3681
3682 hci_dev_lock(hdev);
3683
333ae95d 3684 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3685 if (!cmd)
3686 goto unlock;
3687
3688 cp = cmd->param;
3689
3690 if (status)
a69e8375
JH		 3691 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3692 mgmt_status(status));
13928971 3693 else
2a1afb5a
JH		 3694 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3695 cp, sizeof(*cp));
13928971
JH		 3696
3697 mgmt_pending_remove(cmd);
3698
3699unlock:
3700 hci_dev_unlock(hdev);
3701}
3702
bdb6d971 3703static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3704 u16 len)
b312b161 3705{
2b4bf397 3706 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3707 struct mgmt_pending_cmd *cmd;
890ea898 3708 struct hci_request req;
b312b161
JH		 3709 int err;
3710
3711 BT_DBG("");
3712
09fd0de5 3713 hci_dev_lock(hdev);
b312b161 3714
b3f2ca94
JH		 3715 /* If the old values are the same as the new ones just return a
3716 * direct command complete event.
3717 */
3718 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3719 !memcmp(hdev->short_name, cp->short_name,
3720 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3721 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3722 data, len);
b3f2ca94
JH		 3723 goto failed;
3724 }
3725
2b4bf397 3726 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3727
b5235a65 3728 if (!hdev_is_powered(hdev)) {
2b4bf397 3729 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3730
2a1afb5a
JH		 3731 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3732 data, len);
28cc7bde
JH		 3733 if (err < 0)
3734 goto failed;
3735
f6b7712e
MH		 3736 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3737 data, len, sk);
28cc7bde 3738
b5235a65
JH		 3739 goto failed;
3740 }
3741
28cc7bde 3742 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3743 if (!cmd) {
3744 err = -ENOMEM;
3745 goto failed;
3746 }
3747
13928971
JH		 3748 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3749
890ea898 3750 hci_req_init(&req, hdev);
3f985050
JH		 3751
3752 if (lmp_bredr_capable(hdev)) {
3753 update_name(&req);
3754 update_eir(&req);
3755 }
3756
7a5f4990
MH		 3757 /* The name is stored in the scan response data and so
3758 * no need to udpate the advertising data here.
3759 */
3f985050 3760 if (lmp_le_capable(hdev))
7a5f4990 3761 update_scan_rsp_data(&req);
3f985050 3762
13928971 3763 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3764 if (err < 0)
3765 mgmt_pending_remove(cmd);
3766
3767failed:
09fd0de5 3768 hci_dev_unlock(hdev);
b312b161
JH		 3769 return err;
3770}
3771
1b9441f8
JH		 3772static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3773 u16 opcode, struct sk_buff *skb)
3774{
3775 struct mgmt_rp_read_local_oob_data mgmt_rp;
3776 size_t rp_size = sizeof(mgmt_rp);
3777 struct mgmt_pending_cmd *cmd;
3778
3779 BT_DBG("%s status %u", hdev->name, status);
3780
3781 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3782 if (!cmd)
3783 return;
3784
3785 if (status || !skb) {
3786 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3787 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3788 goto remove;
3789 }
3790
3791 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3792
3793 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3794 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3795
3796 if (skb->len < sizeof(*rp)) {
3797 mgmt_cmd_status(cmd->sk, hdev->id,
3798 MGMT_OP_READ_LOCAL_OOB_DATA,
3799 MGMT_STATUS_FAILED);
3800 goto remove;
3801 }
3802
3803 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3804 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3805
3806 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3807 } else {
3808 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3809
3810 if (skb->len < sizeof(*rp)) {
3811 mgmt_cmd_status(cmd->sk, hdev->id,
3812 MGMT_OP_READ_LOCAL_OOB_DATA,
3813 MGMT_STATUS_FAILED);
3814 goto remove;
3815 }
3816
3817 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3818 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3819
3820 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3821 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3822 }
3823
3824 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3825 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3826
3827remove:
3828 mgmt_pending_remove(cmd);
3829}
3830
0f4e68cf 3831static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3832 void *data, u16 data_len)
c35938b2 3833{
3b0602cd 3834 struct mgmt_pending_cmd *cmd;
1b9441f8 3835 struct hci_request req;
c35938b2
SJ		 3836 int err;
3837
bdb6d971 3838 BT_DBG("%s", hdev->name);
c35938b2 3839
09fd0de5 3840 hci_dev_lock(hdev);
c35938b2 3841
4b34ee78 3842 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3843 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3844 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3845 goto unlock;
3846 }
3847
9a1a1996 3848 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3849 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3850 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3851 goto unlock;
3852 }
3853
333ae95d 3854 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3855 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3856 MGMT_STATUS_BUSY);
c35938b2
SJ		 3857 goto unlock;
3858 }
3859
2e58ef3e 3860 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3861 if (!cmd) {
3862 err = -ENOMEM;
3863 goto unlock;
3864 }
3865
1b9441f8
JH		 3866 hci_req_init(&req, hdev);
3867
710f11c0 3868 if (bredr_sc_enabled(hdev))
1b9441f8 3869 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3870 else
1b9441f8 3871 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3872
1b9441f8 3873 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3874 if (err < 0)
3875 mgmt_pending_remove(cmd);
3876
3877unlock:
09fd0de5 3878 hci_dev_unlock(hdev);
c35938b2
SJ		 3879 return err;
3880}
3881
bdb6d971 3882static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3883 void *data, u16 len)
2763eda6 3884{
5d57e796 3885 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3886 int err;
3887
bdb6d971 3888 BT_DBG("%s ", hdev->name);
2763eda6 3889
5d57e796 3890 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3891 return mgmt_cmd_complete(sk, hdev->id,
3892 MGMT_OP_ADD_REMOTE_OOB_DATA,
3893 MGMT_STATUS_INVALID_PARAMS,
3894 addr, sizeof(*addr));
5d57e796 3895
09fd0de5 3896 hci_dev_lock(hdev);
2763eda6 3897
ec109113
MH		 3898 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3899 struct mgmt_cp_add_remote_oob_data *cp = data;
3900 u8 status;
bf1e3541 3901
c19a495c 3902 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3903 err = mgmt_cmd_complete(sk, hdev->id,
3904 MGMT_OP_ADD_REMOTE_OOB_DATA,
3905 MGMT_STATUS_INVALID_PARAMS,
3906 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3907 goto unlock;
3908 }
3909
ec109113 3910 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3911 cp->addr.type, cp->hash,
3912 cp->rand, NULL, NULL);
ec109113
MH		 3913 if (err < 0)
3914 status = MGMT_STATUS_FAILED;
3915 else
3916 status = MGMT_STATUS_SUCCESS;
3917
2a1afb5a
JH		 3918 err = mgmt_cmd_complete(sk, hdev->id,
3919 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3920 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3921 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3922 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3923 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3924 u8 status;
3925
86df9200 3926 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3927 /* Enforce zero-valued 192-bit parameters as
3928 * long as legacy SMP OOB isn't implemented.
3929 */
3930 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3931 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3932 err = mgmt_cmd_complete(sk, hdev->id,
3933 MGMT_OP_ADD_REMOTE_OOB_DATA,
3934 MGMT_STATUS_INVALID_PARAMS,
3935 addr, sizeof(*addr));
d25b78e2
JH		 3936 goto unlock;
3937 }
3938
86df9200
JH		 3939 rand192 = NULL;
3940 hash192 = NULL;
3941 } else {
41bcfd50
MH		 3942 /* In case one of the P-192 values is set to zero,
3943 * then just disable OOB data for P-192.
3944 */
3945 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3946 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3947 rand192 = NULL;
3948 hash192 = NULL;
3949 } else {
3950 rand192 = cp->rand192;
3951 hash192 = cp->hash192;
3952 }
3953 }
3954
3955 /* In case one of the P-256 values is set to zero, then just
3956 * disable OOB data for P-256.
3957 */
3958 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3959 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3960 rand256 = NULL;
3961 hash256 = NULL;
3962 } else {
3963 rand256 = cp->rand256;
3964 hash256 = cp->hash256;
86df9200
JH		 3965 }
3966
81328d5c 3967 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3968 cp->addr.type, hash192, rand192,
41bcfd50 3969 hash256, rand256);
ec109113
MH		 3970 if (err < 0)
3971 status = MGMT_STATUS_FAILED;
3972 else
3973 status = MGMT_STATUS_SUCCESS;
3974
2a1afb5a
JH		 3975 err = mgmt_cmd_complete(sk, hdev->id,
3976 MGMT_OP_ADD_REMOTE_OOB_DATA,
3977 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3978 } else {
3979 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3980 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3981 MGMT_STATUS_INVALID_PARAMS);
ec109113 3982 }
2763eda6 3983
c19a495c 3984unlock:
09fd0de5 3985 hci_dev_unlock(hdev);
2763eda6
SJ		 3986 return err;
3987}
3988
bdb6d971 3989static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3990 void *data, u16 len)
2763eda6 3991{
650f726d 3992 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3993 u8 status;
2763eda6
SJ		 3994 int err;
3995
bdb6d971 3996 BT_DBG("%s", hdev->name);
2763eda6 3997
c19a495c 3998 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3999 return mgmt_cmd_complete(sk, hdev->id,
4000 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4001 MGMT_STATUS_INVALID_PARAMS,
4002 &cp->addr, sizeof(cp->addr));
c19a495c 4003
09fd0de5 4004 hci_dev_lock(hdev);
2763eda6 4005
eedbd581
JH		 4006 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4007 hci_remote_oob_data_clear(hdev);
4008 status = MGMT_STATUS_SUCCESS;
4009 goto done;
4010 }
4011
6928a924 4012 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 4013 if (err < 0)
bf1e3541 4014 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 4015 else
a6785be2 4016 status = MGMT_STATUS_SUCCESS;
bf1e3541 4017
eedbd581 4018done:
2a1afb5a
JH		 4019 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4020 status, &cp->addr, sizeof(cp->addr));
2763eda6 4021
09fd0de5 4022 hci_dev_unlock(hdev);
2763eda6
SJ		 4023 return err;
4024}
4025
812abb13 4026static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
41dc2bd6 4027{
8019044d 4028 struct hci_dev *hdev = req->hdev;
812abb13 4029 struct hci_cp_inquiry cp;
8019044d
MH		 4030 /* General inquiry access code (GIAC) */
4031 u8 lap[3] = { 0x33, 0x8b, 0x9e };
812abb13
JP		 4032
4033 *status = mgmt_bredr_support(hdev);
4034 if (*status)
4035 return false;
4036
4037 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
4038 *status = MGMT_STATUS_BUSY;
4039 return false;
4040 }
4041
4042 hci_inquiry_cache_flush(hdev);
4043
4044 memset(&cp, 0, sizeof(cp));
4045 memcpy(&cp.lap, lap, sizeof(cp.lap));
4046 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4047
4048 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4049
4050 return true;
4051}
4052
4053static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4054{
4055 struct hci_dev *hdev = req->hdev;
4056 struct hci_cp_le_set_scan_param param_cp;
4057 struct hci_cp_le_set_scan_enable enable_cp;
8019044d 4058 u8 own_addr_type;
41dc2bd6
AG		 4059 int err;
4060
812abb13
JP		 4061 *status = mgmt_le_support(hdev);
4062 if (*status)
4063 return false;
41dc2bd6 4064
812abb13
JP		 4065 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4066 /* Don't let discovery abort an outgoing connection attempt
4067 * that's using directed advertising.
4068 */
4069 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
4070 *status = MGMT_STATUS_REJECTED;
8019044d
MH		 4071 return false;
4072 }
41dc2bd6 4073
812abb13
JP		 4074 disable_advertising(req);
4075 }
41dc2bd6 4076
812abb13
JP		 4077 /* If controller is scanning, it means the background scanning is
4078 * running. Thus, we should temporarily stop it in order to set the
4079 * discovery scanning parameters.
4080 */
4081 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4082 hci_req_add_le_scan_disable(req);
41dc2bd6 4083
812abb13
JP		 4084 /* All active scans will be done with either a resolvable private
4085 * address (when privacy feature has been enabled) or non-resolvable
4086 * private address.
4087 */
4088 err = hci_update_random_address(req, true, &own_addr_type);
4089 if (err < 0) {
4090 *status = MGMT_STATUS_FAILED;
4091 return false;
4092 }
8019044d 4093
812abb13
JP		 4094 memset(&param_cp, 0, sizeof(param_cp));
4095 param_cp.type = LE_SCAN_ACTIVE;
4096 param_cp.interval = cpu_to_le16(interval);
4097 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4098 param_cp.own_address_type = own_addr_type;
8019044d 4099
812abb13
JP		 4100 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4101 &param_cp);
8019044d 4102
812abb13
JP		 4103 memset(&enable_cp, 0, sizeof(enable_cp));
4104 enable_cp.enable = LE_SCAN_ENABLE;
4105 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
8019044d 4106
812abb13
JP		 4107 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4108 &enable_cp);
4109
4110 return true;
4111}
8019044d 4112
812abb13
JP		 4113static bool trigger_discovery(struct hci_request *req, u8 *status)
4114{
4115 struct hci_dev *hdev = req->hdev;
8019044d 4116
812abb13
JP		 4117 switch (hdev->discovery.type) {
4118 case DISCOV_TYPE_BREDR:
4119 if (!trigger_bredr_inquiry(req, status))
4120 return false;
4121 break;
4122
4123 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4124 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4125 &hdev->quirks)) {
4126 /* During simultaneous discovery, we double LE scan
4127 * interval. We must leave some time for the controller
4128 * to do BR/EDR inquiry.
4129 */
4130 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4131 status))
4132 return false;
4133
4134 if (!trigger_bredr_inquiry(req, status))
4135 return false;
4136
4137 return true;
4138 }
4139
812abb13
JP		 4140 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4141 *status = MGMT_STATUS_NOT_SUPPORTED;
8019044d
MH		 4142 return false;
4143 }
812abb13 4144 /* fall through */
8019044d 4145
812abb13
JP		 4146 case DISCOV_TYPE_LE:
4147 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4148 return false;
8019044d
MH		 4149 break;
4150
4151 default:
4152 *status = MGMT_STATUS_INVALID_PARAMS;
4153 return false;
4154 }
4155
4156 return true;
41dc2bd6
AG		 4157}
4158
1904a853
MH		 4159static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4160 u16 opcode)
7c307720 4161{
3b0602cd 4162 struct mgmt_pending_cmd *cmd;
11e6e25d 4163 unsigned long timeout;
ae55f598 4164
7c307720
AG		 4165 BT_DBG("status %d", status);
4166
11e6e25d 4167 hci_dev_lock(hdev);
41dc2bd6 4168
333ae95d 4169 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 4170 if (!cmd)
333ae95d 4171 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 4172
11e6e25d 4173 if (cmd) {
2922a94f 4174 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4175 mgmt_pending_remove(cmd);
4176 }
7c307720
AG		 4177
4178 if (status) {
11e6e25d
MH		 4179 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4180 goto unlock;
7c307720
AG		 4181 }
4182
7c307720 4183 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 4184
2d28cfe7
JP		 4185 /* If the scan involves LE scan, pick proper timeout to schedule
4186 * hdev->le_scan_disable that will stop it.
4187 */
7c307720
AG		 4188 switch (hdev->discovery.type) {
4189 case DISCOV_TYPE_LE:
3d5a76f0 4190 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 4191 break;
7c307720 4192 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4193 /* When running simultaneous discovery, the LE scanning time
4194 * should occupy the whole discovery time sine BR/EDR inquiry
4195 * and LE scanning are scheduled by the controller.
4196 *
4197 * For interleaving discovery in comparison, BR/EDR inquiry
4198 * and LE scanning are done sequentially with separate
4199 * timeouts.
4200 */
4201 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4202 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4203 else
4204 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 4205 break;
7c307720 4206 case DISCOV_TYPE_BREDR:
11e6e25d 4207 timeout = 0;
7c307720 4208 break;
7c307720
AG		 4209 default:
4210 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 4211 timeout = 0;
4212 break;
7c307720 4213 }
ae55f598 4214
2d28cfe7
JP		 4215 if (timeout) {
4216 /* When service discovery is used and the controller has
4217 * a strict duplicate filter, it is important to remember
4218 * the start and duration of the scan. This is required
4219 * for restarting scanning during the discovery phase.
4220 */
4221 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4222 &hdev->quirks) &&
82f8b651 4223 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4224 hdev->discovery.scan_start = jiffies;
4225 hdev->discovery.scan_duration = timeout;
4226 }
4227
11e6e25d
MH		 4228 queue_delayed_work(hdev->workqueue,
4229 &hdev->le_scan_disable, timeout);
2d28cfe7 4230 }
ae55f598 4231
11e6e25d
MH		 4232unlock:
4233 hci_dev_unlock(hdev);
7c307720
AG		 4234}
4235
bdb6d971 4236static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4237 void *data, u16 len)
14a53664 4238{
650f726d 4239 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4240 struct mgmt_pending_cmd *cmd;
7c307720 4241 struct hci_request req;
8019044d 4242 u8 status;
14a53664
JH		 4243 int err;
4244
bdb6d971 4245 BT_DBG("%s", hdev->name);
14a53664 4246
09fd0de5 4247 hci_dev_lock(hdev);
14a53664 4248
4b34ee78 4249 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4250 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4251 MGMT_STATUS_NOT_POWERED,
4252 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4253 goto failed;
4254 }
4255
f5a969f2 4256 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4257 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4258 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4259 MGMT_STATUS_BUSY, &cp->type,
4260 sizeof(cp->type));
642be6c7
AG		 4261 goto failed;
4262 }
4263
2922a94f 4264 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4265 if (!cmd) {
4266 err = -ENOMEM;
4267 goto failed;
4268 }
4269
2922a94f
JH		 4270 cmd->cmd_complete = generic_cmd_complete;
4271
22078800
MH		 4272 /* Clear the discovery filter first to free any previously
4273 * allocated memory for the UUID list.
4274 */
4275 hci_discovery_filter_clear(hdev);
4276
4aab14e5 4277 hdev->discovery.type = cp->type;
da25cf6a 4278 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4279
7c307720
AG		 4280 hci_req_init(&req, hdev);
4281
8019044d 4282 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4283 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4284 status, &cp->type, sizeof(cp->type));
04106755
JH		 4285 mgmt_pending_remove(cmd);
4286 goto failed;
f39799f5 4287 }
04106755 4288
7c307720 4289 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4290 if (err < 0) {
14a53664 4291 mgmt_pending_remove(cmd);
f5a969f2
MH		 4292 goto failed;
4293 }
7c307720 4294
f5a969f2 4295 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4296
14a53664 4297failed:
09fd0de5 4298 hci_dev_unlock(hdev);
14a53664
JH		 4299 return err;
4300}
f39799f5 4301
3b0602cd
JH		 4302static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4303 u8 status)
2922a94f 4304{
2a1afb5a
JH		 4305 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4306 cmd->param, 1);
2922a94f 4307}
04106755 4308
66ea9427
JP		 4309static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4310 void *data, u16 len)
4311{
4312 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4313 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4314 struct hci_request req;
4315 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4316 u16 uuid_count, expected_len;
4317 u8 status;
4318 int err;
04106755 4319
66ea9427 4320 BT_DBG("%s", hdev->name);
e8bb6b97 4321
66ea9427 4322 hci_dev_lock(hdev);
7c307720 4323
66ea9427 4324 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4325 err = mgmt_cmd_complete(sk, hdev->id,
4326 MGMT_OP_START_SERVICE_DISCOVERY,
4327 MGMT_STATUS_NOT_POWERED,
4328 &cp->type, sizeof(cp->type));
66ea9427
JP		 4329 goto failed;
4330 }
7c307720 4331
66ea9427 4332 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4333 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4334 err = mgmt_cmd_complete(sk, hdev->id,
4335 MGMT_OP_START_SERVICE_DISCOVERY,
4336 MGMT_STATUS_BUSY, &cp->type,
4337 sizeof(cp->type));
66ea9427
JP		 4338 goto failed;
4339 }
d9483943 4340
66ea9427
JP		 4341 uuid_count = __le16_to_cpu(cp->uuid_count);
4342 if (uuid_count > max_uuid_count) {
4343 BT_ERR("service_discovery: too big uuid_count value %u",
4344 uuid_count);
2a1afb5a
JH		 4345 err = mgmt_cmd_complete(sk, hdev->id,
4346 MGMT_OP_START_SERVICE_DISCOVERY,
4347 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4348 sizeof(cp->type));
66ea9427
JP		 4349 goto failed;
4350 }
4351
4352 expected_len = sizeof(*cp) + uuid_count * 16;
4353 if (expected_len != len) {
4354 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4355 expected_len, len);
2a1afb5a
JH		 4356 err = mgmt_cmd_complete(sk, hdev->id,
4357 MGMT_OP_START_SERVICE_DISCOVERY,
4358 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4359 sizeof(cp->type));
66ea9427
JP		 4360 goto failed;
4361 }
4362
4363 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4364 hdev, data, len);
66ea9427
JP		 4365 if (!cmd) {
4366 err = -ENOMEM;
4367 goto failed;
4368 }
4369
2922a94f
JH		 4370 cmd->cmd_complete = service_discovery_cmd_complete;
4371
22078800
MH		 4372 /* Clear the discovery filter first to free any previously
4373 * allocated memory for the UUID list.
4374 */
4375 hci_discovery_filter_clear(hdev);
4376
82f8b651 4377 hdev->discovery.result_filtering = true;
66ea9427
JP		 4378 hdev->discovery.type = cp->type;
4379 hdev->discovery.rssi = cp->rssi;
4380 hdev->discovery.uuid_count = uuid_count;
4381
4382 if (uuid_count > 0) {
4383 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4384 GFP_KERNEL);
4385 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4386 err = mgmt_cmd_complete(sk, hdev->id,
4387 MGMT_OP_START_SERVICE_DISCOVERY,
4388 MGMT_STATUS_FAILED,
4389 &cp->type, sizeof(cp->type));
d9483943
JH		 4390 mgmt_pending_remove(cmd);
4391 goto failed;
4392 }
66ea9427 4393 }
d9483943 4394
66ea9427 4395 hci_req_init(&req, hdev);
5e0452c0 4396
66ea9427 4397 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4398 err = mgmt_cmd_complete(sk, hdev->id,
4399 MGMT_OP_START_SERVICE_DISCOVERY,
4400 status, &cp->type, sizeof(cp->type));
04106755
JH		 4401 mgmt_pending_remove(cmd);
4402 goto failed;
f39799f5 4403 }
3fd24153 4404
7c307720 4405 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4406 if (err < 0) {
14a53664 4407 mgmt_pending_remove(cmd);
66ea9427
JP		 4408 goto failed;
4409 }
4410
4411 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4412
4413failed:
09fd0de5 4414 hci_dev_unlock(hdev);
14a53664
JH		 4415 return err;
4416}
4417
1904a853 4418static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4419{
3b0602cd 4420 struct mgmt_pending_cmd *cmd;
1183fdca 4421
0e05bba6
AG		 4422 BT_DBG("status %d", status);
4423
4424 hci_dev_lock(hdev);
4425
333ae95d 4426 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4427 if (cmd) {
2922a94f 4428 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4429 mgmt_pending_remove(cmd);
0e05bba6
AG		 4430 }
4431
11e6e25d
MH		 4432 if (!status)
4433 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4434
0e05bba6
AG		 4435 hci_dev_unlock(hdev);
4436}
4437
bdb6d971 4438static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4439 u16 len)
14a53664 4440{
d930650b 4441 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4442 struct mgmt_pending_cmd *cmd;
0e05bba6 4443 struct hci_request req;
14a53664
JH		 4444 int err;
4445
bdb6d971 4446 BT_DBG("%s", hdev->name);
14a53664 4447
09fd0de5 4448 hci_dev_lock(hdev);
14a53664 4449
30dc78e1 4450 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4451 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4452 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4453 sizeof(mgmt_cp->type));
d930650b
JH		 4454 goto unlock;
4455 }
4456
4457 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4458 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4459 MGMT_STATUS_INVALID_PARAMS,
4460 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4461 goto unlock;
ff9ef578
JH		 4462 }
4463
2922a94f 4464 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4465 if (!cmd) {
4466 err = -ENOMEM;
30dc78e1
JH		 4467 goto unlock;
4468 }
4469
2922a94f
JH		 4470 cmd->cmd_complete = generic_cmd_complete;
4471
0e05bba6
AG		 4472 hci_req_init(&req, hdev);
4473
21a60d30 4474 hci_stop_discovery(&req);
e0d9727e 4475
21a60d30
JH		 4476 err = hci_req_run(&req, stop_discovery_complete);
4477 if (!err) {
4478 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4479 goto unlock;
14a53664
JH		 4480 }
4481
21a60d30
JH		 4482 mgmt_pending_remove(cmd);
4483
4484 /* If no HCI commands were sent we're done */
4485 if (err == -ENODATA) {
2a1afb5a
JH		 4486 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4487 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4488 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4489 }
14a53664 4490
30dc78e1 4491unlock:
09fd0de5 4492 hci_dev_unlock(hdev);
14a53664
JH		 4493 return err;
4494}
4495
bdb6d971 4496static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4497 u16 len)
561aafbc 4498{
650f726d 4499 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4500 struct inquiry_entry *e;
561aafbc
JH		 4501 int err;
4502
bdb6d971 4503 BT_DBG("%s", hdev->name);
561aafbc 4504
561aafbc
JH		 4505 hci_dev_lock(hdev);
4506
30dc78e1 4507 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4508 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4509 MGMT_STATUS_FAILED, &cp->addr,
4510 sizeof(cp->addr));
30dc78e1
JH		 4511 goto failed;
4512 }
4513
a198e7b1 4514 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4515 if (!e) {
2a1afb5a
JH		 4516 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4517 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4518 sizeof(cp->addr));
561aafbc
JH		 4519 goto failed;
4520 }
4521
4522 if (cp->name_known) {
4523 e->name_state = NAME_KNOWN;
4524 list_del(&e->list);
4525 } else {
4526 e->name_state = NAME_NEEDED;
a3d4e20a 4527 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4528 }
4529
2a1afb5a
JH		 4530 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4531 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4532
4533failed:
4534 hci_dev_unlock(hdev);
561aafbc
JH		 4535 return err;
4536}
4537
bdb6d971 4538static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4539 u16 len)
7fbec224 4540{
650f726d 4541 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4542 u8 status;
7fbec224
AJ		 4543 int err;
4544
bdb6d971 4545 BT_DBG("%s", hdev->name);
7fbec224 4546
4ee71b20 4547 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4548 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4549 MGMT_STATUS_INVALID_PARAMS,
4550 &cp->addr, sizeof(cp->addr));
4ee71b20 4551
09fd0de5 4552 hci_dev_lock(hdev);
5e762444 4553
dcc36c16
JH		 4554 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4555 cp->addr.type);
2a8357f2 4556 if (err < 0) {
f0eeea8b 4557 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4558 goto done;
4559 }
4560
4561 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4562 sk);
4563 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4564
2a8357f2 4565done:
2a1afb5a
JH		 4566 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4567 &cp->addr, sizeof(cp->addr));
5e762444 4568
09fd0de5 4569 hci_dev_unlock(hdev);
7fbec224
AJ		 4570
4571 return err;
4572}
4573
bdb6d971 4574static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4575 u16 len)
7fbec224 4576{
650f726d 4577 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4578 u8 status;
7fbec224
AJ		 4579 int err;
4580
bdb6d971 4581 BT_DBG("%s", hdev->name);
7fbec224 4582
4ee71b20 4583 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4584 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4585 MGMT_STATUS_INVALID_PARAMS,
4586 &cp->addr, sizeof(cp->addr));
4ee71b20 4587
09fd0de5 4588 hci_dev_lock(hdev);
5e762444 4589
dcc36c16
JH		 4590 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4591 cp->addr.type);
2a8357f2 4592 if (err < 0) {
f0eeea8b 4593 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4594 goto done;
4595 }
4596
4597 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4598 sk);
4599 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4600
2a8357f2 4601done:
2a1afb5a
JH		 4602 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4603 &cp->addr, sizeof(cp->addr));
5e762444 4604
09fd0de5 4605 hci_dev_unlock(hdev);
7fbec224
AJ		 4606
4607 return err;
4608}
4609
cdbaccca
MH		 4610static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4611 u16 len)
4612{
4613 struct mgmt_cp_set_device_id *cp = data;
890ea898 4614 struct hci_request req;
cdbaccca 4615 int err;
c72d4b8a 4616 __u16 source;
cdbaccca
MH		 4617
4618 BT_DBG("%s", hdev->name);
4619
c72d4b8a
SJ		 4620 source = __le16_to_cpu(cp->source);
4621
4622 if (source > 0x0002)
a69e8375
JH		 4623 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4624 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4625
cdbaccca
MH		 4626 hci_dev_lock(hdev);
4627
c72d4b8a 4628 hdev->devid_source = source;
cdbaccca
MH		 4629 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4630 hdev->devid_product = __le16_to_cpu(cp->product);
4631 hdev->devid_version = __le16_to_cpu(cp->version);
4632
2a1afb5a
JH		 4633 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4634 NULL, 0);
cdbaccca 4635
890ea898
JH		 4636 hci_req_init(&req, hdev);
4637 update_eir(&req);
4638 hci_req_run(&req, NULL);
cdbaccca
MH		 4639
4640 hci_dev_unlock(hdev);
4641
4642 return err;
4643}
4644
24b4f38f
AU		 4645static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4646 u16 opcode)
4647{
4648 BT_DBG("status %d", status);
4649}
4650
1904a853
MH		 4651static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4652 u16 opcode)
4375f103
JH		 4653{
4654 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4655 struct hci_request req;
4375f103 4656
3ad67582
JK		 4657 hci_dev_lock(hdev);
4658
4375f103
JH		 4659 if (status) {
4660 u8 mgmt_err = mgmt_status(status);
4661
4662 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4663 cmd_status_rsp, &mgmt_err);
3ad67582 4664 goto unlock;
4375f103
JH		 4665 }
4666
d7a5a11d 4667 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4668 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4669 else
a358dc11 4670 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4671
4375f103
JH		 4672 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4673 &match);
4674
4675 new_settings(hdev, match.sk);
4676
4677 if (match.sk)
4678 sock_put(match.sk);
3ad67582 4679
24b4f38f
AU		 4680 /* If "Set Advertising" was just disabled and instance advertising was
4681 * set up earlier, then enable the advertising instance.
4682 */
4683 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4684 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4685 goto unlock;
4686
4687 hci_req_init(&req, hdev);
4688
4689 update_adv_data(&req);
4690 enable_advertising(&req);
4691
4692 if (hci_req_run(&req, enable_advertising_instance) < 0)
4693 BT_ERR("Failed to re-configure advertising");
4694
3ad67582
JK		 4695unlock:
4696 hci_dev_unlock(hdev);
4375f103
JH		 4697}
4698
21b5187f
MH		 4699static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4700 u16 len)
4375f103
JH		 4701{
4702 struct mgmt_mode *cp = data;
3b0602cd 4703 struct mgmt_pending_cmd *cmd;
4375f103 4704 struct hci_request req;
cc91cb04 4705 u8 val, status;
4375f103
JH		 4706 int err;
4707
4708 BT_DBG("request for %s", hdev->name);
4709
e6fe7986
JH		 4710 status = mgmt_le_support(hdev);
4711 if (status)
a69e8375
JH		 4712 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4713 status);
4375f103 4714
cc91cb04 4715 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4716 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4717 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4718
4719 hci_dev_lock(hdev);
4720
4721 val = !!cp->val;
4375f103 4722
f74ca9b8
JH		 4723 /* The following conditions are ones which mean that we should
4724 * not do any HCI communication but directly send a mgmt
4725 * response to user space (after toggling the flag if
4726 * necessary).
4727 */
cc91cb04 4728 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4729 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4730 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4731 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4732 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4733 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4734 bool changed;
4375f103 4735
cc91cb04 4736 if (cp->val) {
238be788 4737 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4738 if (cp->val == 0x02)
a1536da2 4739 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4740 else
a358dc11 4741 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4742 } else {
a69d8927 4743 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4744 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4745 }
4746
4747 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4748 if (err < 0)
4749 goto unlock;
4750
4751 if (changed)
4752 err = new_settings(hdev, sk);
4753
4754 goto unlock;
4755 }
4756
333ae95d
JH		 4757 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4758 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4759 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4760 MGMT_STATUS_BUSY);
4375f103
JH		 4761 goto unlock;
4762 }
4763
4764 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4765 if (!cmd) {
4766 err = -ENOMEM;
4767 goto unlock;
4768 }
4769
4770 hci_req_init(&req, hdev);
4771
cc91cb04 4772 if (cp->val == 0x02)
a1536da2 4773 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4774 else
a358dc11 4775 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4776
24b4f38f
AU		 4777 if (val) {
4778 /* Switch to instance "0" for the Set Advertising setting. */
4779 update_adv_data_for_instance(&req, 0);
4117ed70 4780 update_scan_rsp_data_for_instance(&req, 0);
bba3aa55 4781 enable_advertising(&req);
24b4f38f 4782 } else {
bba3aa55 4783 disable_advertising(&req);
24b4f38f 4784 }
4375f103
JH		 4785
4786 err = hci_req_run(&req, set_advertising_complete);
4787 if (err < 0)
4788 mgmt_pending_remove(cmd);
4789
4790unlock:
4791 hci_dev_unlock(hdev);
4792 return err;
4793}
4794
d13eafce
MH		 4795static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4796 void *data, u16 len)
4797{
4798 struct mgmt_cp_set_static_address *cp = data;
4799 int err;
4800
4801 BT_DBG("%s", hdev->name);
4802
62af4443 4803 if (!lmp_le_capable(hdev))
a69e8375
JH		 4804 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4805 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4806
4807 if (hdev_is_powered(hdev))
a69e8375
JH		 4808 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4809 MGMT_STATUS_REJECTED);
d13eafce
MH		 4810
4811 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4812 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4813 return mgmt_cmd_status(sk, hdev->id,
4814 MGMT_OP_SET_STATIC_ADDRESS,
4815 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4816
4817 /* Two most significant bits shall be set */
4818 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4819 return mgmt_cmd_status(sk, hdev->id,
4820 MGMT_OP_SET_STATIC_ADDRESS,
4821 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4822 }
4823
4824 hci_dev_lock(hdev);
4825
4826 bacpy(&hdev->static_addr, &cp->bdaddr);
4827
93690c22
MH		 4828 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4829 if (err < 0)
4830 goto unlock;
4831
4832 err = new_settings(hdev, sk);
d13eafce 4833
93690c22 4834unlock:
d13eafce 4835 hci_dev_unlock(hdev);
d13eafce
MH		 4836 return err;
4837}
4838
14b49b9a
MH		 4839static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4840 void *data, u16 len)
4841{
4842 struct mgmt_cp_set_scan_params *cp = data;
4843 __u16 interval, window;
4844 int err;
4845
4846 BT_DBG("%s", hdev->name);
4847
4848 if (!lmp_le_capable(hdev))
a69e8375
JH		 4849 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4850 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4851
4852 interval = __le16_to_cpu(cp->interval);
4853
4854 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4855 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4856 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4857
4858 window = __le16_to_cpu(cp->window);
4859
4860 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4862 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4863
899e1075 4864 if (window > interval)
a69e8375
JH		 4865 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4866 MGMT_STATUS_INVALID_PARAMS);
899e1075 4867
14b49b9a
MH		 4868 hci_dev_lock(hdev);
4869
4870 hdev->le_scan_interval = interval;
4871 hdev->le_scan_window = window;
4872
2a1afb5a
JH		 4873 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4874 NULL, 0);
14b49b9a 4875
dd2ef8e2
AG		 4876 /* If background scan is running, restart it so new parameters are
4877 * loaded.
4878 */
d7a5a11d 4879 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4880 hdev->discovery.state == DISCOVERY_STOPPED) {
4881 struct hci_request req;
4882
4883 hci_req_init(&req, hdev);
4884
4885 hci_req_add_le_scan_disable(&req);
4886 hci_req_add_le_passive_scan(&req);
4887
4888 hci_req_run(&req, NULL);
4889 }
4890
14b49b9a
MH		 4891 hci_dev_unlock(hdev);
4892
4893 return err;
4894}
4895
1904a853
MH		 4896static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4897 u16 opcode)
33e38b3e 4898{
3b0602cd 4899 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4900
4901 BT_DBG("status 0x%02x", status);
4902
4903 hci_dev_lock(hdev);
4904
333ae95d 4905 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4906 if (!cmd)
4907 goto unlock;
4908
4909 if (status) {
a69e8375
JH		 4910 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4911 mgmt_status(status));
33e38b3e 4912 } else {
1a4d3c4b
JH		 4913 struct mgmt_mode *cp = cmd->param;
4914
4915 if (cp->val)
a1536da2 4916 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4917 else
a358dc11 4918 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4919
33e38b3e
JH		 4920 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4921 new_settings(hdev, cmd->sk);
4922 }
4923
4924 mgmt_pending_remove(cmd);
4925
4926unlock:
4927 hci_dev_unlock(hdev);
4928}
4929
bdb6d971 4930static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4931 void *data, u16 len)
f6422ec6 4932{
650f726d 4933 struct mgmt_mode *cp = data;
3b0602cd 4934 struct mgmt_pending_cmd *cmd;
33e38b3e 4935 struct hci_request req;
f6422ec6
AJ		 4936 int err;
4937
bdb6d971 4938 BT_DBG("%s", hdev->name);
f6422ec6 4939
d7a5a11d 4940 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4941 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4942 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4943 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4944
a7e80f25 4945 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4946 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4947 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4948
f6422ec6
AJ		 4949 hci_dev_lock(hdev);
4950
333ae95d 4951 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4952 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4953 MGMT_STATUS_BUSY);
05cbf29f
JH		 4954 goto unlock;
4955 }
4956
d7a5a11d 4957 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4958 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4959 hdev);
4960 goto unlock;
4961 }
4962
406ef2a6 4963 if (!hdev_is_powered(hdev)) {
ce05d603 4964 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4965 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4966 hdev);
4967 new_settings(hdev, sk);
4968 goto unlock;
4969 }
4970
33e38b3e
JH		 4971 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4972 data, len);
4973 if (!cmd) {
4974 err = -ENOMEM;
4975 goto unlock;
f6422ec6
AJ		 4976 }
4977
33e38b3e
JH		 4978 hci_req_init(&req, hdev);
4979
406d7804 4980 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4981
4982 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4983 if (err < 0) {
a69e8375
JH		 4984 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4985 MGMT_STATUS_FAILED);
33e38b3e 4986 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4987 }
4988
33e38b3e 4989unlock:
f6422ec6 4990 hci_dev_unlock(hdev);
33e38b3e 4991
f6422ec6
AJ		 4992 return err;
4993}
4994
1904a853 4995static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4996{
3b0602cd 4997 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4998
4999 BT_DBG("status 0x%02x", status);
5000
5001 hci_dev_lock(hdev);
5002
333ae95d 5003 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 5004 if (!cmd)
5005 goto unlock;
5006
5007 if (status) {
5008 u8 mgmt_err = mgmt_status(status);
5009
5010 /* We need to restore the flag if related HCI commands
5011 * failed.
5012 */
a358dc11 5013 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 5014
a69e8375 5015 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 5016 } else {
5017 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5018 new_settings(hdev, cmd->sk);
5019 }
5020
5021 mgmt_pending_remove(cmd);
5022
5023unlock:
5024 hci_dev_unlock(hdev);
5025}
5026
5027static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5028{
5029 struct mgmt_mode *cp = data;
3b0602cd 5030 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 5031 struct hci_request req;
5032 int err;
5033
5034 BT_DBG("request for %s", hdev->name);
5035
5036 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 5037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5038 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 5039
d7a5a11d 5040 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5041 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5042 MGMT_STATUS_REJECTED);
0663ca2a
JH		 5043
5044 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 5045 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5046 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 5047
5048 hci_dev_lock(hdev);
5049
d7a5a11d 5050 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 5051 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5052 goto unlock;
5053 }
5054
5055 if (!hdev_is_powered(hdev)) {
5056 if (!cp->val) {
a358dc11
MH		 5057 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5058 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5059 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5060 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5061 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 5062 }
5063
ce05d603 5064 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5065
5066 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5067 if (err < 0)
5068 goto unlock;
5069
5070 err = new_settings(hdev, sk);
5071 goto unlock;
5072 }
5073
5074 /* Reject disabling when powered on */
5075 if (!cp->val) {
a69e8375
JH		 5076 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5077 MGMT_STATUS_REJECTED);
0663ca2a 5078 goto unlock;
111e4bcc
MH		 5079 } else {
5080 /* When configuring a dual-mode controller to operate
5081 * with LE only and using a static address, then switching
5082 * BR/EDR back on is not allowed.
5083 *
5084 * Dual-mode controllers shall operate with the public
5085 * address as its identity address for BR/EDR and LE. So
5086 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 5087 *
5088 * The same restrictions applies when secure connections
5089 * has been enabled. For BR/EDR this is a controller feature
5090 * while for LE it is a host stack feature. This means that
5091 * switching BR/EDR back on when secure connections has been
5092 * enabled is not a supported transaction.
111e4bcc 5093 */
d7a5a11d 5094 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 5095 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 5096 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 5097 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5098 MGMT_STATUS_REJECTED);
111e4bcc
MH		 5099 goto unlock;
5100 }
0663ca2a
JH		 5101 }
5102
333ae95d 5103 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 5104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5105 MGMT_STATUS_BUSY);
0663ca2a
JH		 5106 goto unlock;
5107 }
5108
5109 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5110 if (!cmd) {
5111 err = -ENOMEM;
5112 goto unlock;
5113 }
5114
5947f4bc 5115 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 5116 * generates the correct flags.
5117 */
a1536da2 5118 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5119
5120 hci_req_init(&req, hdev);
aa8af46e 5121
432df05e 5122 write_fast_connectable(&req, false);
1d2dc5b7 5123 __hci_update_page_scan(&req);
aa8af46e 5124
f14d8f64
MH		 5125 /* Since only the advertising data flags will change, there
5126 * is no need to update the scan response data.
5127 */
5947f4bc 5128 update_adv_data(&req);
aa8af46e 5129
0663ca2a
JH		 5130 err = hci_req_run(&req, set_bredr_complete);
5131 if (err < 0)
5132 mgmt_pending_remove(cmd);
5133
5134unlock:
5135 hci_dev_unlock(hdev);
5136 return err;
5137}
5138
a1443f5a
JH		 5139static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5140{
3b0602cd 5141 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 5142 struct mgmt_mode *cp;
5143
5144 BT_DBG("%s status %u", hdev->name, status);
5145
5146 hci_dev_lock(hdev);
5147
333ae95d 5148 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 5149 if (!cmd)
5150 goto unlock;
5151
5152 if (status) {
a69e8375
JH		 5153 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5154 mgmt_status(status));
a1443f5a
JH		 5155 goto remove;
5156 }
5157
5158 cp = cmd->param;
5159
5160 switch (cp->val) {
5161 case 0x00:
a358dc11
MH		 5162 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5163 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5164 break;
5165 case 0x01:
a1536da2 5166 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5167 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5168 break;
5169 case 0x02:
a1536da2
MH		 5170 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5171 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5172 break;
5173 }
5174
5175 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5176 new_settings(hdev, cmd->sk);
5177
5178remove:
5179 mgmt_pending_remove(cmd);
5180unlock:
5181 hci_dev_unlock(hdev);
5182}
5183
eac83dc6
MH		 5184static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5185 void *data, u16 len)
5186{
5187 struct mgmt_mode *cp = data;
3b0602cd 5188 struct mgmt_pending_cmd *cmd;
a1443f5a 5189 struct hci_request req;
a3209694 5190 u8 val;
eac83dc6
MH		 5191 int err;
5192
5193 BT_DBG("request for %s", hdev->name);
5194
05b3c3e7 5195 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5196 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5197 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5198 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5199
d7a5a11d 5200 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5201 lmp_sc_capable(hdev) &&
d7a5a11d 5202 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5203 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5204 MGMT_STATUS_REJECTED);
ed93ec69 5205
0ab04a9c 5206 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5208 MGMT_STATUS_INVALID_PARAMS);
5209
5210 hci_dev_lock(hdev);
5211
05b3c3e7 5212 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5213 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5214 bool changed;
5215
0ab04a9c 5216 if (cp->val) {
238be788
MH		 5217 changed = !hci_dev_test_and_set_flag(hdev,
5218 HCI_SC_ENABLED);
0ab04a9c 5219 if (cp->val == 0x02)
a1536da2 5220 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5221 else
a358dc11 5222 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5223 } else {
a69d8927
MH		 5224 changed = hci_dev_test_and_clear_flag(hdev,
5225 HCI_SC_ENABLED);
a358dc11 5226 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5227 }
eac83dc6
MH		 5228
5229 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5230 if (err < 0)
5231 goto failed;
5232
5233 if (changed)
5234 err = new_settings(hdev, sk);
5235
5236 goto failed;
5237 }
5238
333ae95d 5239 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5240 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5241 MGMT_STATUS_BUSY);
eac83dc6
MH		 5242 goto failed;
5243 }
5244
0ab04a9c
MH		 5245 val = !!cp->val;
5246
d7a5a11d
MH		 5247 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5248 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5249 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5250 goto failed;
5251 }
5252
5253 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5254 if (!cmd) {
5255 err = -ENOMEM;
5256 goto failed;
5257 }
5258
a1443f5a
JH		 5259 hci_req_init(&req, hdev);
5260 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5261 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5262 if (err < 0) {
5263 mgmt_pending_remove(cmd);
5264 goto failed;
5265 }
5266
5267failed:
5268 hci_dev_unlock(hdev);
5269 return err;
5270}
5271
4e39ac81
MH		 5272static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5273 void *data, u16 len)
5274{
5275 struct mgmt_mode *cp = data;
b9710979 5276 bool changed, use_changed;
4e39ac81
MH		 5277 int err;
5278
5279 BT_DBG("request for %s", hdev->name);
5280
b9710979 5281 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5282 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5283 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5284
5285 hci_dev_lock(hdev);
5286
5287 if (cp->val)
238be788 5288 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5289 else
a69d8927
MH		 5290 changed = hci_dev_test_and_clear_flag(hdev,
5291 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5292
b9710979 5293 if (cp->val == 0x02)
238be788
MH		 5294 use_changed = !hci_dev_test_and_set_flag(hdev,
5295 HCI_USE_DEBUG_KEYS);
b9710979 5296 else
a69d8927
MH		 5297 use_changed = hci_dev_test_and_clear_flag(hdev,
5298 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5299
5300 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5301 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5302 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5303 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5304 sizeof(mode), &mode);
5305 }
5306
4e39ac81
MH		 5307 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5308 if (err < 0)
5309 goto unlock;
5310
5311 if (changed)
5312 err = new_settings(hdev, sk);
5313
5314unlock:
5315 hci_dev_unlock(hdev);
5316 return err;
5317}
5318
62b04cd1
JH		 5319static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5320 u16 len)
5321{
5322 struct mgmt_cp_set_privacy *cp = cp_data;
5323 bool changed;
5324 int err;
5325
5326 BT_DBG("request for %s", hdev->name);
5327
5328 if (!lmp_le_capable(hdev))
a69e8375
JH		 5329 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5330 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5331
5332 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5333 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5334 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5335
5336 if (hdev_is_powered(hdev))
a69e8375
JH		 5337 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5338 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5339
5340 hci_dev_lock(hdev);
5341
c21c0ea0
JH		 5342 /* If user space supports this command it is also expected to
5343 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5344 */
a1536da2 5345 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5346
62b04cd1 5347 if (cp->privacy) {
238be788 5348 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5349 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5350 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5351 } else {
a69d8927 5352 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5353 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5354 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5355 }
5356
5357 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5358 if (err < 0)
5359 goto unlock;
5360
5361 if (changed)
5362 err = new_settings(hdev, sk);
5363
5364unlock:
5365 hci_dev_unlock(hdev);
5366 return err;
5367}
5368
41edf160
JH		 5369static bool irk_is_valid(struct mgmt_irk_info *irk)
5370{
5371 switch (irk->addr.type) {
5372 case BDADDR_LE_PUBLIC:
5373 return true;
5374
5375 case BDADDR_LE_RANDOM:
5376 /* Two most significant bits shall be set */
5377 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5378 return false;
5379 return true;
5380 }
5381
5382 return false;
5383}
5384
5385static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5386 u16 len)
5387{
5388 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5389 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5390 sizeof(struct mgmt_irk_info));
41edf160
JH		 5391 u16 irk_count, expected_len;
5392 int i, err;
5393
5394 BT_DBG("request for %s", hdev->name);
5395
5396 if (!lmp_le_capable(hdev))
a69e8375
JH		 5397 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5398 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5399
5400 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5401 if (irk_count > max_irk_count) {
5402 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5403 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5404 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5405 }
41edf160
JH		 5406
5407 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5408 if (expected_len != len) {
5409 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5410 expected_len, len);
a69e8375
JH		 5411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5412 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5413 }
5414
5415 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5416
5417 for (i = 0; i < irk_count; i++) {
5418 struct mgmt_irk_info *key = &cp->irks[i];
5419
5420 if (!irk_is_valid(key))
a69e8375
JH		 5421 return mgmt_cmd_status(sk, hdev->id,
5422 MGMT_OP_LOAD_IRKS,
5423 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5424 }
5425
5426 hci_dev_lock(hdev);
5427
5428 hci_smp_irks_clear(hdev);
5429
5430 for (i = 0; i < irk_count; i++) {
5431 struct mgmt_irk_info *irk = &cp->irks[i];
5432 u8 addr_type;
5433
5434 if (irk->addr.type == BDADDR_LE_PUBLIC)
5435 addr_type = ADDR_LE_DEV_PUBLIC;
5436 else
5437 addr_type = ADDR_LE_DEV_RANDOM;
5438
5439 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5440 BDADDR_ANY);
5441 }
5442
a1536da2 5443 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5444
2a1afb5a 5445 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5446
5447 hci_dev_unlock(hdev);
5448
5449 return err;
5450}
5451
3f706b72
JH		 5452static bool ltk_is_valid(struct mgmt_ltk_info *key)
5453{
5454 if (key->master != 0x00 && key->master != 0x01)
5455 return false;
490cb0b3
MH		 5456
5457 switch (key->addr.type) {
5458 case BDADDR_LE_PUBLIC:
5459 return true;
5460
5461 case BDADDR_LE_RANDOM:
5462 /* Two most significant bits shall be set */
5463 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5464 return false;
5465 return true;
5466 }
5467
5468 return false;
3f706b72
JH		 5469}
5470
bdb6d971 5471static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5472 void *cp_data, u16 len)
346af67b 5473{
346af67b 5474 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5475 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5476 sizeof(struct mgmt_ltk_info));
346af67b 5477 u16 key_count, expected_len;
715a5bf2 5478 int i, err;
346af67b 5479
cf99ba13
MH		 5480 BT_DBG("request for %s", hdev->name);
5481
5482 if (!lmp_le_capable(hdev))
a69e8375
JH		 5483 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5484 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5485
1f350c87 5486 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5487 if (key_count > max_key_count) {
5488 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5489 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5490 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5491 }
346af67b
VCG		 5492
5493 expected_len = sizeof(*cp) + key_count *
5494 sizeof(struct mgmt_ltk_info);
5495 if (expected_len != len) {
5496 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5497 expected_len, len);
a69e8375
JH		 5498 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5499 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5500 }
5501
bdb6d971 5502 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5503
54ad6d8a
JH		 5504 for (i = 0; i < key_count; i++) {
5505 struct mgmt_ltk_info *key = &cp->keys[i];
5506
3f706b72 5507 if (!ltk_is_valid(key))
a69e8375
JH		 5508 return mgmt_cmd_status(sk, hdev->id,
5509 MGMT_OP_LOAD_LONG_TERM_KEYS,
5510 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5511 }
5512
346af67b
VCG		 5513 hci_dev_lock(hdev);
5514
5515 hci_smp_ltks_clear(hdev);
5516
5517 for (i = 0; i < key_count; i++) {
5518 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5519 u8 type, addr_type, authenticated;
79d95a19
MH		 5520
5521 if (key->addr.type == BDADDR_LE_PUBLIC)
5522 addr_type = ADDR_LE_DEV_PUBLIC;
5523 else
5524 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5525
61b43357
JH		 5526 switch (key->type) {
5527 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5528 authenticated = 0x00;
23fb8de3 5529 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5530 break;
5531 case MGMT_LTK_AUTHENTICATED:
d7b25450 5532 authenticated = 0x01;
23fb8de3
JH		 5533 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5534 break;
5535 case MGMT_LTK_P256_UNAUTH:
5536 authenticated = 0x00;
5537 type = SMP_LTK_P256;
61b43357 5538 break;
23fb8de3
JH		 5539 case MGMT_LTK_P256_AUTH:
5540 authenticated = 0x01;
5541 type = SMP_LTK_P256;
61b43357 5542 break;
23fb8de3
JH		 5543 case MGMT_LTK_P256_DEBUG:
5544 authenticated = 0x00;
5545 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5546 default:
5547 continue;
5548 }
d7b25450 5549
35d70271 5550 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5551 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5552 key->rand);
346af67b
VCG		 5553 }
5554
2a1afb5a 5555 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5556 NULL, 0);
5557
346af67b 5558 hci_dev_unlock(hdev);
346af67b 5559
715a5bf2 5560 return err;
346af67b
VCG		 5561}
5562
3b0602cd 5563static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5564{
dd983808 5565 struct hci_conn *conn = cmd->user_data;
9981bdb0 5566 struct mgmt_rp_get_conn_info rp;
9df74653 5567 int err;
dd983808 5568
9981bdb0 5569 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5570
9981bdb0 5571 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5572 rp.rssi = conn->rssi;
9981bdb0
JH		 5573 rp.tx_power = conn->tx_power;
5574 rp.max_tx_power = conn->max_tx_power;
5575 } else {
5576 rp.rssi = HCI_RSSI_INVALID;
5577 rp.tx_power = HCI_TX_POWER_INVALID;
5578 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5579 }
5580
2a1afb5a
JH		 5581 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5582 status, &rp, sizeof(rp));
dd983808
AK		 5583
5584 hci_conn_drop(conn);
f8aaf9b6 5585 hci_conn_put(conn);
9df74653
JH		 5586
5587 return err;
dd983808
AK		 5588}
5589
1904a853
MH		 5590static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5591 u16 opcode)
dd983808
AK		 5592{
5593 struct hci_cp_read_rssi *cp;
3b0602cd 5594 struct mgmt_pending_cmd *cmd;
dd983808 5595 struct hci_conn *conn;
dd983808 5596 u16 handle;
9981bdb0 5597 u8 status;
dd983808 5598
9981bdb0 5599 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5600
5601 hci_dev_lock(hdev);
5602
dd983808
AK		 5603 /* Commands sent in request are either Read RSSI or Read Transmit Power
5604 * Level so we check which one was last sent to retrieve connection
5605 * handle. Both commands have handle as first parameter so it's safe to
5606 * cast data on the same command struct.
5607 *
5608 * First command sent is always Read RSSI and we fail only if it fails.
5609 * In other case we simply override error to indicate success as we
5610 * already remembered if TX power value is actually valid.
5611 */
5612 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5613 if (!cp) {
5614 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5615 status = MGMT_STATUS_SUCCESS;
5616 } else {
5617 status = mgmt_status(hci_status);
dd983808
AK		 5618 }
5619
5620 if (!cp) {
9981bdb0 5621 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5622 goto unlock;
5623 }
5624
5625 handle = __le16_to_cpu(cp->handle);
5626 conn = hci_conn_hash_lookup_handle(hdev, handle);
5627 if (!conn) {
9981bdb0 5628 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5629 goto unlock;
5630 }
5631
333ae95d 5632 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5633 if (!cmd)
5634 goto unlock;
dd983808 5635
9981bdb0
JH		 5636 cmd->cmd_complete(cmd, status);
5637 mgmt_pending_remove(cmd);
dd983808
AK		 5638
5639unlock:
5640 hci_dev_unlock(hdev);
5641}
5642
5643static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5644 u16 len)
5645{
5646 struct mgmt_cp_get_conn_info *cp = data;
5647 struct mgmt_rp_get_conn_info rp;
5648 struct hci_conn *conn;
5649 unsigned long conn_info_age;
5650 int err = 0;
5651
5652 BT_DBG("%s", hdev->name);
5653
5654 memset(&rp, 0, sizeof(rp));
5655 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5656 rp.addr.type = cp->addr.type;
5657
5658 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5659 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5660 MGMT_STATUS_INVALID_PARAMS,
5661 &rp, sizeof(rp));
dd983808
AK		 5662
5663 hci_dev_lock(hdev);
5664
5665 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5666 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5667 MGMT_STATUS_NOT_POWERED, &rp,
5668 sizeof(rp));
dd983808
AK		 5669 goto unlock;
5670 }
5671
5672 if (cp->addr.type == BDADDR_BREDR)
5673 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5674 &cp->addr.bdaddr);
5675 else
5676 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5677
5678 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5679 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5680 MGMT_STATUS_NOT_CONNECTED, &rp,
5681 sizeof(rp));
dd983808
AK		 5682 goto unlock;
5683 }
5684
333ae95d 5685 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5686 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5687 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5688 goto unlock;
5689 }
5690
dd983808
AK		 5691 /* To avoid client trying to guess when to poll again for information we
5692 * calculate conn info age as random value between min/max set in hdev.
5693 */
5694 conn_info_age = hdev->conn_info_min_age +
5695 prandom_u32_max(hdev->conn_info_max_age -
5696 hdev->conn_info_min_age);
5697
5698 /* Query controller to refresh cached values if they are too old or were
5699 * never read.
5700 */
f4e2dd53
AK		 5701 if (time_after(jiffies, conn->conn_info_timestamp +
5702 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5703 !conn->conn_info_timestamp) {
5704 struct hci_request req;
5705 struct hci_cp_read_tx_power req_txp_cp;
5706 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5707 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5708
5709 hci_req_init(&req, hdev);
5710 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5711 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5712 &req_rssi_cp);
5713
f7faab0c
AK		 5714 /* For LE links TX power does not change thus we don't need to
5715 * query for it once value is known.
5716 */
5717 if (!bdaddr_type_is_le(cp->addr.type) ||
5718 conn->tx_power == HCI_TX_POWER_INVALID) {
5719 req_txp_cp.handle = cpu_to_le16(conn->handle);
5720 req_txp_cp.type = 0x00;
5721 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5722 sizeof(req_txp_cp), &req_txp_cp);
5723 }
dd983808 5724
eed5daf3
AK		 5725 /* Max TX power needs to be read only once per connection */
5726 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5727 req_txp_cp.handle = cpu_to_le16(conn->handle);
5728 req_txp_cp.type = 0x01;
5729 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5730 sizeof(req_txp_cp), &req_txp_cp);
5731 }
5732
dd983808
AK		 5733 err = hci_req_run(&req, conn_info_refresh_complete);
5734 if (err < 0)
5735 goto unlock;
5736
5737 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5738 data, len);
5739 if (!cmd) {
5740 err = -ENOMEM;
5741 goto unlock;
5742 }
5743
5744 hci_conn_hold(conn);
f8aaf9b6 5745 cmd->user_data = hci_conn_get(conn);
9981bdb0 5746 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5747
5748 conn->conn_info_timestamp = jiffies;
5749 } else {
5750 /* Cache is valid, just reply with values cached in hci_conn */
5751 rp.rssi = conn->rssi;
5752 rp.tx_power = conn->tx_power;
eed5daf3 5753 rp.max_tx_power = conn->max_tx_power;
dd983808 5754
2a1afb5a
JH		 5755 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5756 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5757 }
5758
5759unlock:
5760 hci_dev_unlock(hdev);
5761 return err;
5762}
5763
3b0602cd 5764static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5765{
69487371 5766 struct hci_conn *conn = cmd->user_data;
95868426 5767 struct mgmt_rp_get_clock_info rp;
69487371 5768 struct hci_dev *hdev;
9df74653 5769 int err;
69487371
JH		 5770
5771 memset(&rp, 0, sizeof(rp));
5772 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5773
5774 if (status)
5775 goto complete;
5776
5777 hdev = hci_dev_get(cmd->index);
5778 if (hdev) {
5779 rp.local_clock = cpu_to_le32(hdev->clock);
5780 hci_dev_put(hdev);
5781 }
5782
5783 if (conn) {
5784 rp.piconet_clock = cpu_to_le32(conn->clock);
5785 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5786 }
5787
5788complete:
2a1afb5a
JH		 5789 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5790 sizeof(rp));
69487371
JH		 5791
5792 if (conn) {
5793 hci_conn_drop(conn);
5794 hci_conn_put(conn);
5795 }
9df74653
JH		 5796
5797 return err;
69487371
JH		 5798}
5799
1904a853 5800static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5801{
95868426 5802 struct hci_cp_read_clock *hci_cp;
3b0602cd 5803 struct mgmt_pending_cmd *cmd;
95868426
JH		 5804 struct hci_conn *conn;
5805
5806 BT_DBG("%s status %u", hdev->name, status);
5807
5808 hci_dev_lock(hdev);
5809
5810 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5811 if (!hci_cp)
5812 goto unlock;
5813
5814 if (hci_cp->which) {
5815 u16 handle = __le16_to_cpu(hci_cp->handle);
5816 conn = hci_conn_hash_lookup_handle(hdev, handle);
5817 } else {
5818 conn = NULL;
5819 }
5820
333ae95d 5821 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5822 if (!cmd)
5823 goto unlock;
5824
69487371 5825 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5826 mgmt_pending_remove(cmd);
95868426
JH		 5827
5828unlock:
5829 hci_dev_unlock(hdev);
5830}
5831
5832static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5833 u16 len)
5834{
5835 struct mgmt_cp_get_clock_info *cp = data;
5836 struct mgmt_rp_get_clock_info rp;
5837 struct hci_cp_read_clock hci_cp;
3b0602cd 5838 struct mgmt_pending_cmd *cmd;
95868426
JH		 5839 struct hci_request req;
5840 struct hci_conn *conn;
5841 int err;
5842
5843 BT_DBG("%s", hdev->name);
5844
5845 memset(&rp, 0, sizeof(rp));
5846 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5847 rp.addr.type = cp->addr.type;
5848
5849 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5850 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5851 MGMT_STATUS_INVALID_PARAMS,
5852 &rp, sizeof(rp));
95868426
JH		 5853
5854 hci_dev_lock(hdev);
5855
5856 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5857 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5858 MGMT_STATUS_NOT_POWERED, &rp,
5859 sizeof(rp));
95868426
JH		 5860 goto unlock;
5861 }
5862
5863 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5864 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5865 &cp->addr.bdaddr);
5866 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5867 err = mgmt_cmd_complete(sk, hdev->id,
5868 MGMT_OP_GET_CLOCK_INFO,
5869 MGMT_STATUS_NOT_CONNECTED,
5870 &rp, sizeof(rp));
95868426
JH		 5871 goto unlock;
5872 }
5873 } else {
5874 conn = NULL;
5875 }
5876
5877 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5878 if (!cmd) {
5879 err = -ENOMEM;
5880 goto unlock;
5881 }
5882
69487371
JH		 5883 cmd->cmd_complete = clock_info_cmd_complete;
5884
95868426
JH		 5885 hci_req_init(&req, hdev);
5886
5887 memset(&hci_cp, 0, sizeof(hci_cp));
5888 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5889
5890 if (conn) {
5891 hci_conn_hold(conn);
f8aaf9b6 5892 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5893
5894 hci_cp.handle = cpu_to_le16(conn->handle);
5895 hci_cp.which = 0x01; /* Piconet clock */
5896 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5897 }
5898
5899 err = hci_req_run(&req, get_clock_info_complete);
5900 if (err < 0)
5901 mgmt_pending_remove(cmd);
5902
5903unlock:
5904 hci_dev_unlock(hdev);
5905 return err;
5906}
5907
5a154e6f
JH		 5908static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5909{
5910 struct hci_conn *conn;
5911
5912 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5913 if (!conn)
5914 return false;
5915
5916 if (conn->dst_type != type)
5917 return false;
5918
5919 if (conn->state != BT_CONNECTED)
5920 return false;
5921
5922 return true;
5923}
5924
5925/* This function requires the caller holds hdev->lock */
5926static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5927 u8 addr_type, u8 auto_connect)
5928{
5929 struct hci_dev *hdev = req->hdev;
5930 struct hci_conn_params *params;
5931
5932 params = hci_conn_params_add(hdev, addr, addr_type);
5933 if (!params)
5934 return -EIO;
5935
5936 if (params->auto_connect == auto_connect)
5937 return 0;
5938
5939 list_del_init(&params->action);
5940
5941 switch (auto_connect) {
5942 case HCI_AUTO_CONN_DISABLED:
5943 case HCI_AUTO_CONN_LINK_LOSS:
5944 __hci_update_background_scan(req);
5945 break;
5946 case HCI_AUTO_CONN_REPORT:
5947 list_add(&params->action, &hdev->pend_le_reports);
5948 __hci_update_background_scan(req);
5949 break;
5950 case HCI_AUTO_CONN_DIRECT:
5951 case HCI_AUTO_CONN_ALWAYS:
5952 if (!is_connected(hdev, addr, addr_type)) {
5953 list_add(&params->action, &hdev->pend_le_conns);
5954 __hci_update_background_scan(req);
5955 }
5956 break;
5957 }
5958
5959 params->auto_connect = auto_connect;
5960
5961 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5962 auto_connect);
5963
5964 return 0;
5965}
5966
8afef092
MH		 5967static void device_added(struct sock *sk, struct hci_dev *hdev,
5968 bdaddr_t *bdaddr, u8 type, u8 action)
5969{
5970 struct mgmt_ev_device_added ev;
5971
5972 bacpy(&ev.addr.bdaddr, bdaddr);
5973 ev.addr.type = type;
5974 ev.action = action;
5975
5976 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5977}
5978
1904a853 5979static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5980{
3b0602cd 5981 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5982
5983 BT_DBG("status 0x%02x", status);
5984
5985 hci_dev_lock(hdev);
5986
333ae95d 5987 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5a154e6f
JH		 5988 if (!cmd)
5989 goto unlock;
5990
5991 cmd->cmd_complete(cmd, mgmt_status(status));
5992 mgmt_pending_remove(cmd);
5993
5994unlock:
5995 hci_dev_unlock(hdev);
5996}
5997
2faade53
MH		 5998static int add_device(struct sock *sk, struct hci_dev *hdev,
5999 void *data, u16 len)
6000{
6001 struct mgmt_cp_add_device *cp = data;
3b0602cd 6002 struct mgmt_pending_cmd *cmd;
5a154e6f 6003 struct hci_request req;
2faade53
MH		 6004 u8 auto_conn, addr_type;
6005 int err;
6006
6007 BT_DBG("%s", hdev->name);
6008
6659358e 6009 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 6010 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 6011 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6012 MGMT_STATUS_INVALID_PARAMS,
6013 &cp->addr, sizeof(cp->addr));
2faade53 6014
4b9e7e75 6015 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 6016 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6017 MGMT_STATUS_INVALID_PARAMS,
6018 &cp->addr, sizeof(cp->addr));
2faade53 6019
5a154e6f
JH		 6020 hci_req_init(&req, hdev);
6021
2faade53
MH		 6022 hci_dev_lock(hdev);
6023
5a154e6f
JH		 6024 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
6025 if (!cmd) {
6026 err = -ENOMEM;
6027 goto unlock;
6028 }
6029
6030 cmd->cmd_complete = addr_cmd_complete;
6031
6659358e 6032 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 6033 /* Only incoming connections action is supported for now */
6659358e 6034 if (cp->action != 0x01) {
9df74653
JH		 6035 err = cmd->cmd_complete(cmd,
6036 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 6037 mgmt_pending_remove(cmd);
6659358e
JH		 6038 goto unlock;
6039 }
6040
6041 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6042 cp->addr.type);
6043 if (err)
6044 goto unlock;
a397407f 6045
5a154e6f 6046 __hci_update_page_scan(&req);
a397407f 6047
6659358e
JH		 6048 goto added;
6049 }
6050
2faade53
MH		 6051 if (cp->addr.type == BDADDR_LE_PUBLIC)
6052 addr_type = ADDR_LE_DEV_PUBLIC;
6053 else
6054 addr_type = ADDR_LE_DEV_RANDOM;
6055
4b9e7e75 6056 if (cp->action == 0x02)
2faade53 6057 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 6058 else if (cp->action == 0x01)
6059 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 6060 else
a3451d27 6061 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 6062
bf5b3c8b
MH		 6063 /* If the connection parameters don't exist for this device,
6064 * they will be created and configured with defaults.
6065 */
5a154e6f 6066 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 6067 auto_conn) < 0) {
9df74653 6068 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 6069 mgmt_pending_remove(cmd);
2faade53
MH		 6070 goto unlock;
6071 }
6072
6659358e 6073added:
8afef092
MH		 6074 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6075
5a154e6f
JH		 6076 err = hci_req_run(&req, add_device_complete);
6077 if (err < 0) {
6078 /* ENODATA means no HCI commands were needed (e.g. if
6079 * the adapter is powered off).
6080 */
9df74653
JH		 6081 if (err == -ENODATA)
6082 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 6083 mgmt_pending_remove(cmd);
6084 }
2faade53
MH		 6085
6086unlock:
6087 hci_dev_unlock(hdev);
6088 return err;
6089}
6090
8afef092
MH		 6091static void device_removed(struct sock *sk, struct hci_dev *hdev,
6092 bdaddr_t *bdaddr, u8 type)
6093{
6094 struct mgmt_ev_device_removed ev;
6095
6096 bacpy(&ev.addr.bdaddr, bdaddr);
6097 ev.addr.type = type;
6098
6099 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6100}
6101
1904a853 6102static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 6103{
3b0602cd 6104 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 6105
6106 BT_DBG("status 0x%02x", status);
6107
6108 hci_dev_lock(hdev);
6109
333ae95d 6110 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
51ef3ebe
JH		 6111 if (!cmd)
6112 goto unlock;
6113
6114 cmd->cmd_complete(cmd, mgmt_status(status));
6115 mgmt_pending_remove(cmd);
6116
6117unlock:
6118 hci_dev_unlock(hdev);
6119}
6120
2faade53
MH		 6121static int remove_device(struct sock *sk, struct hci_dev *hdev,
6122 void *data, u16 len)
6123{
6124 struct mgmt_cp_remove_device *cp = data;
3b0602cd 6125 struct mgmt_pending_cmd *cmd;
51ef3ebe 6126 struct hci_request req;
2faade53
MH		 6127 int err;
6128
6129 BT_DBG("%s", hdev->name);
6130
51ef3ebe
JH		 6131 hci_req_init(&req, hdev);
6132
2faade53
MH		 6133 hci_dev_lock(hdev);
6134
51ef3ebe
JH		 6135 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6136 if (!cmd) {
6137 err = -ENOMEM;
6138 goto unlock;
6139 }
6140
6141 cmd->cmd_complete = addr_cmd_complete;
6142
2faade53 6143 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 6144 struct hci_conn_params *params;
2faade53
MH		 6145 u8 addr_type;
6146
6659358e 6147 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 6148 err = cmd->cmd_complete(cmd,
6149 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6150 mgmt_pending_remove(cmd);
2faade53
MH		 6151 goto unlock;
6152 }
6153
6659358e
JH		 6154 if (cp->addr.type == BDADDR_BREDR) {
6155 err = hci_bdaddr_list_del(&hdev->whitelist,
6156 &cp->addr.bdaddr,
6157 cp->addr.type);
6158 if (err) {
9df74653
JH		 6159 err = cmd->cmd_complete(cmd,
6160 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6161 mgmt_pending_remove(cmd);
6659358e
JH		 6162 goto unlock;
6163 }
6164
51ef3ebe 6165 __hci_update_page_scan(&req);
a397407f 6166
6659358e
JH		 6167 device_removed(sk, hdev, &cp->addr.bdaddr,
6168 cp->addr.type);
6169 goto complete;
6170 }
6171
2faade53
MH		 6172 if (cp->addr.type == BDADDR_LE_PUBLIC)
6173 addr_type = ADDR_LE_DEV_PUBLIC;
6174 else
6175 addr_type = ADDR_LE_DEV_RANDOM;
6176
c71593dd
JH		 6177 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6178 addr_type);
6179 if (!params) {
9df74653
JH		 6180 err = cmd->cmd_complete(cmd,
6181 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6182 mgmt_pending_remove(cmd);
c71593dd
JH		 6183 goto unlock;
6184 }
6185
6186 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 6187 err = cmd->cmd_complete(cmd,
6188 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6189 mgmt_pending_remove(cmd);
c71593dd
JH		 6190 goto unlock;
6191 }
6192
d1dbf12e 6193 list_del(&params->action);
c71593dd
JH		 6194 list_del(&params->list);
6195 kfree(params);
51ef3ebe 6196 __hci_update_background_scan(&req);
8afef092
MH		 6197
6198 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6199 } else {
19de0825 6200 struct hci_conn_params *p, *tmp;
6659358e 6201 struct bdaddr_list *b, *btmp;
19de0825 6202
2faade53 6203 if (cp->addr.type) {
9df74653
JH		 6204 err = cmd->cmd_complete(cmd,
6205 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6206 mgmt_pending_remove(cmd);
2faade53
MH		 6207 goto unlock;
6208 }
6209
6659358e
JH		 6210 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6211 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6212 list_del(&b->list);
6213 kfree(b);
6214 }
6215
51ef3ebe 6216 __hci_update_page_scan(&req);
a397407f 6217
19de0825
JH		 6218 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6219 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6220 continue;
6221 device_removed(sk, hdev, &p->addr, p->addr_type);
6222 list_del(&p->action);
6223 list_del(&p->list);
6224 kfree(p);
6225 }
6226
6227 BT_DBG("All LE connection parameters were removed");
6228
51ef3ebe 6229 __hci_update_background_scan(&req);
2faade53
MH		 6230 }
6231
6659358e 6232complete:
51ef3ebe
JH		 6233 err = hci_req_run(&req, remove_device_complete);
6234 if (err < 0) {
6235 /* ENODATA means no HCI commands were needed (e.g. if
6236 * the adapter is powered off).
6237 */
9df74653
JH		 6238 if (err == -ENODATA)
6239 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6240 mgmt_pending_remove(cmd);
6241 }
2faade53
MH		 6242
6243unlock:
6244 hci_dev_unlock(hdev);
6245 return err;
6246}
6247
a26f3dcf
JH		 6248static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6249 u16 len)
6250{
6251 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6252 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6253 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6254 u16 param_count, expected_len;
6255 int i;
6256
6257 if (!lmp_le_capable(hdev))
a69e8375
JH		 6258 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6259 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6260
6261 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6262 if (param_count > max_param_count) {
6263 BT_ERR("load_conn_param: too big param_count value %u",
6264 param_count);
a69e8375
JH		 6265 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6266 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6267 }
a26f3dcf
JH		 6268
6269 expected_len = sizeof(*cp) + param_count *
6270 sizeof(struct mgmt_conn_param);
6271 if (expected_len != len) {
6272 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6273 expected_len, len);
a69e8375
JH		 6274 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6275 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6276 }
6277
6278 BT_DBG("%s param_count %u", hdev->name, param_count);
6279
6280 hci_dev_lock(hdev);
6281
6282 hci_conn_params_clear_disabled(hdev);
6283
6284 for (i = 0; i < param_count; i++) {
6285 struct mgmt_conn_param *param = &cp->params[i];
6286 struct hci_conn_params *hci_param;
6287 u16 min, max, latency, timeout;
6288 u8 addr_type;
6289
6290 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6291 param->addr.type);
6292
6293 if (param->addr.type == BDADDR_LE_PUBLIC) {
6294 addr_type = ADDR_LE_DEV_PUBLIC;
6295 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6296 addr_type = ADDR_LE_DEV_RANDOM;
6297 } else {
6298 BT_ERR("Ignoring invalid connection parameters");
6299 continue;
6300 }
6301
6302 min = le16_to_cpu(param->min_interval);
6303 max = le16_to_cpu(param->max_interval);
6304 latency = le16_to_cpu(param->latency);
6305 timeout = le16_to_cpu(param->timeout);
6306
6307 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6308 min, max, latency, timeout);
6309
6310 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6311 BT_ERR("Ignoring invalid connection parameters");
6312 continue;
6313 }
6314
6315 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6316 addr_type);
6317 if (!hci_param) {
6318 BT_ERR("Failed to add connection parameters");
6319 continue;
6320 }
6321
6322 hci_param->conn_min_interval = min;
6323 hci_param->conn_max_interval = max;
6324 hci_param->conn_latency = latency;
6325 hci_param->supervision_timeout = timeout;
6326 }
6327
6328 hci_dev_unlock(hdev);
6329
2a1afb5a
JH		 6330 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6331 NULL, 0);
a26f3dcf
JH		 6332}
6333
dbece37a
MH		 6334static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6335 void *data, u16 len)
6336{
6337 struct mgmt_cp_set_external_config *cp = data;
6338 bool changed;
6339 int err;
6340
6341 BT_DBG("%s", hdev->name);
6342
6343 if (hdev_is_powered(hdev))
a69e8375
JH		 6344 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6345 MGMT_STATUS_REJECTED);
dbece37a
MH		 6346
6347 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6348 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6349 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6350
6351 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6352 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6353 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6354
6355 hci_dev_lock(hdev);
6356
6357 if (cp->config)
238be788 6358 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6359 else
a69d8927 6360 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6361
6362 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6363 if (err < 0)
6364 goto unlock;
6365
6366 if (!changed)
6367 goto unlock;
6368
f4537c04
MH		 6369 err = new_options(hdev, sk);
6370
d7a5a11d 6371 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6372 mgmt_index_removed(hdev);
d603b76b 6373
516018a9 6374 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6375 hci_dev_set_flag(hdev, HCI_CONFIG);
6376 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6377
6378 queue_work(hdev->req_workqueue, &hdev->power_on);
6379 } else {
5ea234d3 6380 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6381 mgmt_index_added(hdev);
6382 }
dbece37a
MH		 6383 }
6384
6385unlock:
6386 hci_dev_unlock(hdev);
6387 return err;
6388}
6389
9713c17b
MH		 6390static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6391 void *data, u16 len)
6392{
6393 struct mgmt_cp_set_public_address *cp = data;
6394 bool changed;
6395 int err;
6396
6397 BT_DBG("%s", hdev->name);
6398
6399 if (hdev_is_powered(hdev))
a69e8375
JH		 6400 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6401 MGMT_STATUS_REJECTED);
9713c17b
MH		 6402
6403 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6404 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6405 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6406
6407 if (!hdev->set_bdaddr)
a69e8375
JH		 6408 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6409 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6410
6411 hci_dev_lock(hdev);
6412
6413 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6414 bacpy(&hdev->public_addr, &cp->bdaddr);
6415
6416 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6417 if (err < 0)
6418 goto unlock;
6419
6420 if (!changed)
6421 goto unlock;
6422
d7a5a11d 6423 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6424 err = new_options(hdev, sk);
6425
6426 if (is_configured(hdev)) {
6427 mgmt_index_removed(hdev);
6428
a358dc11 6429 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6430
a1536da2
MH		 6431 hci_dev_set_flag(hdev, HCI_CONFIG);
6432 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6433
6434 queue_work(hdev->req_workqueue, &hdev->power_on);
6435 }
6436
6437unlock:
6438 hci_dev_unlock(hdev);
6439 return err;
6440}
6441
bea41609
MH		 6442static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6443 u8 data_len)
6444{
6445 eir[eir_len++] = sizeof(type) + data_len;
6446 eir[eir_len++] = type;
6447 memcpy(&eir[eir_len], data, data_len);
6448 eir_len += data_len;
6449
6450 return eir_len;
6451}
6452
40f66c05
JH		 6453static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6454 u16 opcode, struct sk_buff *skb)
6455{
6456 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6457 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6458 u8 *h192, *r192, *h256, *r256;
6459 struct mgmt_pending_cmd *cmd;
6460 u16 eir_len;
6461 int err;
6462
6463 BT_DBG("%s status %u", hdev->name, status);
6464
6465 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6466 if (!cmd)
6467 return;
6468
6469 mgmt_cp = cmd->param;
6470
6471 if (status) {
6472 status = mgmt_status(status);
6473 eir_len = 0;
6474
6475 h192 = NULL;
6476 r192 = NULL;
6477 h256 = NULL;
6478 r256 = NULL;
6479 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6480 struct hci_rp_read_local_oob_data *rp;
6481
6482 if (skb->len != sizeof(*rp)) {
6483 status = MGMT_STATUS_FAILED;
6484 eir_len = 0;
6485 } else {
6486 status = MGMT_STATUS_SUCCESS;
6487 rp = (void *)skb->data;
6488
6489 eir_len = 5 + 18 + 18;
6490 h192 = rp->hash;
6491 r192 = rp->rand;
6492 h256 = NULL;
6493 r256 = NULL;
6494 }
6495 } else {
6496 struct hci_rp_read_local_oob_ext_data *rp;
6497
6498 if (skb->len != sizeof(*rp)) {
6499 status = MGMT_STATUS_FAILED;
6500 eir_len = 0;
6501 } else {
6502 status = MGMT_STATUS_SUCCESS;
6503 rp = (void *)skb->data;
6504
6505 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6506 eir_len = 5 + 18 + 18;
6507 h192 = NULL;
6508 r192 = NULL;
6509 } else {
6510 eir_len = 5 + 18 + 18 + 18 + 18;
6511 h192 = rp->hash192;
6512 r192 = rp->rand192;
6513 }
6514
6515 h256 = rp->hash256;
6516 r256 = rp->rand256;
6517 }
6518 }
6519
6520 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6521 if (!mgmt_rp)
6522 goto done;
6523
6524 if (status)
6525 goto send_rsp;
6526
6527 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6528 hdev->dev_class, 3);
6529
6530 if (h192 && r192) {
6531 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6532 EIR_SSP_HASH_C192, h192, 16);
6533 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6534 EIR_SSP_RAND_R192, r192, 16);
6535 }
6536
6537 if (h256 && r256) {
6538 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6539 EIR_SSP_HASH_C256, h256, 16);
6540 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6541 EIR_SSP_RAND_R256, r256, 16);
6542 }
6543
6544send_rsp:
6545 mgmt_rp->type = mgmt_cp->type;
6546 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6547
6548 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6549 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6550 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6551 if (err < 0 || status)
6552 goto done;
6553
6554 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6555
6556 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6557 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6558 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6559done:
6560 kfree(mgmt_rp);
6561 mgmt_pending_remove(cmd);
6562}
6563
6564static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6565 struct mgmt_cp_read_local_oob_ext_data *cp)
6566{
6567 struct mgmt_pending_cmd *cmd;
6568 struct hci_request req;
6569 int err;
6570
6571 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6572 cp, sizeof(*cp));
6573 if (!cmd)
6574 return -ENOMEM;
6575
6576 hci_req_init(&req, hdev);
6577
6578 if (bredr_sc_enabled(hdev))
6579 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6580 else
6581 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6582
6583 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6584 if (err < 0) {
6585 mgmt_pending_remove(cmd);
6586 return err;
6587 }
6588
6589 return 0;
6590}
6591
4f0f155c
MH		 6592static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6593 void *data, u16 data_len)
6594{
6595 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6596 struct mgmt_rp_read_local_oob_ext_data *rp;
6597 size_t rp_len;
6598 u16 eir_len;
0821a2c5 6599 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6600 int err;
6601
6602 BT_DBG("%s", hdev->name);
6603
57b0d3e8
MH		 6604 if (hdev_is_powered(hdev)) {
6605 switch (cp->type) {
6606 case BIT(BDADDR_BREDR):
6607 status = mgmt_bredr_support(hdev);
6608 if (status)
6609 eir_len = 0;
6610 else
6611 eir_len = 5;
6612 break;
6613 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6614 status = mgmt_le_support(hdev);
6615 if (status)
6616 eir_len = 0;
6617 else
6618 eir_len = 9 + 3 + 18 + 18 + 3;
6619 break;
6620 default:
6621 status = MGMT_STATUS_INVALID_PARAMS;
6622 eir_len = 0;
6623 break;
6624 }
6625 } else {
6626 status = MGMT_STATUS_NOT_POWERED;
6627 eir_len = 0;
4f0f155c
MH		 6628 }
6629
4f0f155c
MH		 6630 rp_len = sizeof(*rp) + eir_len;
6631 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 6632 if (!rp)
4f0f155c 6633 return -ENOMEM;
efcd8c98 6634
57b0d3e8
MH		 6635 if (status)
6636 goto complete;
6637
efcd8c98 6638 hci_dev_lock(hdev);
4f0f155c
MH		 6639
6640 eir_len = 0;
6641 switch (cp->type) {
6642 case BIT(BDADDR_BREDR):
40f66c05
JH		 6643 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6644 err = read_local_ssp_oob_req(hdev, sk, cp);
6645 hci_dev_unlock(hdev);
6646 if (!err)
6647 goto done;
6648
6649 status = MGMT_STATUS_FAILED;
6650 goto complete;
6651 } else {
6652 eir_len = eir_append_data(rp->eir, eir_len,
6653 EIR_CLASS_OF_DEV,
6654 hdev->dev_class, 3);
6655 }
4f0f155c
MH		 6656 break;
6657 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6658 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6659 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 6660 hci_dev_unlock(hdev);
57b0d3e8
MH		 6661 status = MGMT_STATUS_FAILED;
6662 goto complete;
0821a2c5
MH		 6663 }
6664
e213568a
MH		 6665 /* This should return the active RPA, but since the RPA
6666 * is only programmed on demand, it is really hard to fill
6667 * this in at the moment. For now disallow retrieving
6668 * local out-of-band data when privacy is in use.
6669 *
6670 * Returning the identity address will not help here since
6671 * pairing happens before the identity resolving key is
6672 * known and thus the connection establishment happens
6673 * based on the RPA and not the identity address.
6674 */
4f0f155c 6675 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 6676 hci_dev_unlock(hdev);
6677 status = MGMT_STATUS_REJECTED;
6678 goto complete;
6679 }
6680
6681 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6682 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6683 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6684 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 6685 memcpy(addr, &hdev->static_addr, 6);
6686 addr[6] = 0x01;
6687 } else {
6688 memcpy(addr, &hdev->bdaddr, 6);
6689 addr[6] = 0x00;
6690 }
6691
6692 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6693 addr, sizeof(addr));
6694
6695 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6696 role = 0x02;
6697 else
6698 role = 0x01;
6699
6700 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6701 &role, sizeof(role));
6702
5082a599
MH		 6703 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6704 eir_len = eir_append_data(rp->eir, eir_len,
6705 EIR_LE_SC_CONFIRM,
6706 hash, sizeof(hash));
0821a2c5 6707
5082a599
MH		 6708 eir_len = eir_append_data(rp->eir, eir_len,
6709 EIR_LE_SC_RANDOM,
6710 rand, sizeof(rand));
6711 }
0821a2c5 6712
4f0f155c
MH		 6713 flags = get_adv_discov_flags(hdev);
6714
6715 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6716 flags |= LE_AD_NO_BREDR;
6717
6718 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6719 &flags, sizeof(flags));
6720 break;
6721 }
6722
4f0f155c
MH		 6723 hci_dev_unlock(hdev);
6724
72000df2
MH		 6725 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6726
57b0d3e8
MH		 6727 status = MGMT_STATUS_SUCCESS;
6728
6729complete:
efcd8c98
MH		 6730 rp->type = cp->type;
6731 rp->eir_len = cpu_to_le16(eir_len);
6732
4f0f155c 6733 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6734 status, rp, sizeof(*rp) + eir_len);
6735 if (err < 0 || status)
72000df2
MH		 6736 goto done;
6737
6738 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6739 rp, sizeof(*rp) + eir_len,
6740 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6741
0821a2c5 6742done:
4f0f155c
MH		 6743 kfree(rp);
6744
6745 return err;
6746}
6747
089fa8c0
AU		 6748static u32 get_supported_adv_flags(struct hci_dev *hdev)
6749{
6750 u32 flags = 0;
6751
6752 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6753 flags |= MGMT_ADV_FLAG_DISCOV;
6754 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6755 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6756
6757 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6758 flags |= MGMT_ADV_FLAG_TX_POWER;
6759
6760 return flags;
6761}
6762
d3d5305b
MH		 6763static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6764 void *data, u16 data_len)
6765{
6766 struct mgmt_rp_read_adv_features *rp;
6767 size_t rp_len;
6768 int err;
24b4f38f 6769 bool instance;
089fa8c0 6770 u32 supported_flags;
d3d5305b
MH		 6771
6772 BT_DBG("%s", hdev->name);
6773
089fa8c0
AU		 6774 if (!lmp_le_capable(hdev))
6775 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6776 MGMT_STATUS_REJECTED);
6777
d3d5305b
MH		 6778 hci_dev_lock(hdev);
6779
6780 rp_len = sizeof(*rp);
24b4f38f
AU		 6781
6782 /* Currently only one instance is supported, so just add 1 to the
6783 * response length.
6784 */
6785 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6786 if (instance)
6787 rp_len++;
6788
d3d5305b
MH		 6789 rp = kmalloc(rp_len, GFP_ATOMIC);
6790 if (!rp) {
6791 hci_dev_unlock(hdev);
6792 return -ENOMEM;
6793 }
6794
089fa8c0
AU		 6795 supported_flags = get_supported_adv_flags(hdev);
6796
6797 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6798 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6799 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6800 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f
AU		 6801
6802 /* Currently only one instance is supported, so simply return the
6803 * current instance number.
6804 */
6805 if (instance) {
6806 rp->num_instances = 1;
6807 rp->instance[0] = 1;
6808 } else {
6809 rp->num_instances = 0;
6810 }
d3d5305b
MH		 6811
6812 hci_dev_unlock(hdev);
6813
6814 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6815 MGMT_STATUS_SUCCESS, rp, rp_len);
6816
6817 kfree(rp);
6818
6819 return err;
6820}
6821
4117ed70 6822static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 6823 u8 len, bool is_adv_data)
24b4f38f 6824{
4117ed70 6825 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6826 int i, cur_len;
b44133ff 6827 bool flags_managed = false;
5507e358 6828 bool tx_power_managed = false;
67e0c0cd
AU		 6829 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
6830 MGMT_ADV_FLAG_MANAGED_FLAGS;
24b4f38f 6831
807ec772 6832 if (is_adv_data && (adv_flags & flags_params)) {
b44133ff
AU		 6833 flags_managed = true;
6834 max_len -= 3;
6835 }
24b4f38f 6836
5507e358
AU		 6837 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
6838 tx_power_managed = true;
6839 max_len -= 3;
6840 }
6841
4117ed70 6842 if (len > max_len)
24b4f38f
AU		 6843 return false;
6844
4117ed70
AU		 6845 /* Make sure that the data is correctly formatted. */
6846 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6847 cur_len = data[i];
24b4f38f 6848
b44133ff
AU		 6849 if (flags_managed && data[i + 1] == EIR_FLAGS)
6850 return false;
6851
5507e358
AU		 6852 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6853 return false;
6854
24b4f38f
AU		 6855 /* If the current field length would exceed the total data
6856 * length, then it's invalid.
6857 */
4117ed70 6858 if (i + cur_len >= len)
24b4f38f
AU		 6859 return false;
6860 }
6861
6862 return true;
6863}
6864
24b4f38f
AU		 6865static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6866 u16 opcode)
6867{
6868 struct mgmt_pending_cmd *cmd;
6869 struct mgmt_rp_add_advertising rp;
6870
6871 BT_DBG("status %d", status);
6872
6873 hci_dev_lock(hdev);
6874
6875 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6876
6877 if (status) {
6878 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6879 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6880 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6881 }
6882
6883 if (!cmd)
6884 goto unlock;
6885
6886 rp.instance = 0x01;
6887
6888 if (status)
6889 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6890 mgmt_status(status));
6891 else
6892 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6893 mgmt_status(status), &rp, sizeof(rp));
6894
6895 mgmt_pending_remove(cmd);
6896
6897unlock:
6898 hci_dev_unlock(hdev);
6899}
6900
5d900e46 6901void mgmt_adv_timeout_expired(struct hci_dev *hdev)
912098a6 6902{
5d900e46 6903 hdev->adv_instance_timeout = 0;
912098a6
AU		 6904
6905 hci_dev_lock(hdev);
6906 clear_adv_instance(hdev);
6907 hci_dev_unlock(hdev);
6908}
6909
24b4f38f
AU		 6910static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6911 void *data, u16 data_len)
6912{
6913 struct mgmt_cp_add_advertising *cp = data;
6914 struct mgmt_rp_add_advertising rp;
6915 u32 flags;
089fa8c0 6916 u32 supported_flags;
24b4f38f 6917 u8 status;
912098a6 6918 u16 timeout;
24b4f38f
AU		 6919 int err;
6920 struct mgmt_pending_cmd *cmd;
6921 struct hci_request req;
6922
6923 BT_DBG("%s", hdev->name);
6924
6925 status = mgmt_le_support(hdev);
6926 if (status)
6927 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6928 status);
6929
6930 flags = __le32_to_cpu(cp->flags);
912098a6 6931 timeout = __le16_to_cpu(cp->timeout);
24b4f38f 6932
089fa8c0
AU		 6933 /* The current implementation only supports adding one instance and only
6934 * a subset of the specified flags.
6935 */
6936 supported_flags = get_supported_adv_flags(hdev);
6937 if (cp->instance != 0x01 || (flags & ~supported_flags))
24b4f38f
AU		 6938 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6939 MGMT_STATUS_INVALID_PARAMS);
6940
6941 hci_dev_lock(hdev);
6942
912098a6
AU		 6943 if (timeout && !hdev_is_powered(hdev)) {
6944 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6945 MGMT_STATUS_REJECTED);
6946 goto unlock;
6947 }
6948
24b4f38f 6949 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6950 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6951 pending_find(MGMT_OP_SET_LE, hdev)) {
6952 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6953 MGMT_STATUS_BUSY);
6954 goto unlock;
6955 }
6956
b44133ff 6957 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6958 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6959 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6960 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6961 MGMT_STATUS_INVALID_PARAMS);
6962 goto unlock;
6963 }
6964
6965 hdev->adv_instance.flags = flags;
6966 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6967 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6968
6969 if (cp->adv_data_len)
6970 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6971
6972 if (cp->scan_rsp_len)
6973 memcpy(hdev->adv_instance.scan_rsp_data,
6974 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6975
5d900e46
FG		 6976 if (hdev->adv_instance_timeout)
6977 cancel_delayed_work(&hdev->adv_instance_expire);
912098a6 6978
5d900e46 6979 hdev->adv_instance_timeout = timeout;
912098a6
AU		 6980
6981 if (timeout)
6982 queue_delayed_work(hdev->workqueue,
5d900e46 6983 &hdev->adv_instance_expire,
912098a6
AU		 6984 msecs_to_jiffies(timeout * 1000));
6985
24b4f38f
AU		 6986 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
6987 advertising_added(sk, hdev, 1);
6988
6989 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
6990 * we have no HCI communication to make. Simply return.
6991 */
6992 if (!hdev_is_powered(hdev) ||
6993 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
6994 rp.instance = 0x01;
6995 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6996 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6997 goto unlock;
6998 }
6999
7000 /* We're good to go, update advertising data, parameters, and start
7001 * advertising.
7002 */
7003 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7004 data_len);
7005 if (!cmd) {
7006 err = -ENOMEM;
7007 goto unlock;
7008 }
7009
7010 hci_req_init(&req, hdev);
7011
7012 update_adv_data(&req);
4117ed70 7013 update_scan_rsp_data(&req);
24b4f38f
AU		 7014 enable_advertising(&req);
7015
7016 err = hci_req_run(&req, add_advertising_complete);
7017 if (err < 0)
7018 mgmt_pending_remove(cmd);
7019
7020unlock:
7021 hci_dev_unlock(hdev);
7022
7023 return err;
7024}
7025
da929335
AU		 7026static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7027 u16 opcode)
7028{
7029 struct mgmt_pending_cmd *cmd;
7030 struct mgmt_rp_remove_advertising rp;
7031
7032 BT_DBG("status %d", status);
7033
7034 hci_dev_lock(hdev);
7035
7036 /* A failure status here only means that we failed to disable
7037 * advertising. Otherwise, the advertising instance has been removed,
7038 * so report success.
7039 */
7040 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7041 if (!cmd)
7042 goto unlock;
7043
7044 rp.instance = 1;
7045
7046 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7047 &rp, sizeof(rp));
7048 mgmt_pending_remove(cmd);
7049
7050unlock:
7051 hci_dev_unlock(hdev);
7052}
7053
7054static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7055 void *data, u16 data_len)
7056{
7057 struct mgmt_cp_remove_advertising *cp = data;
7058 struct mgmt_rp_remove_advertising rp;
7059 int err;
7060 struct mgmt_pending_cmd *cmd;
7061 struct hci_request req;
7062
7063 BT_DBG("%s", hdev->name);
7064
7065 /* The current implementation only allows modifying instance no 1. A
7066 * value of 0 indicates that all instances should be cleared.
7067 */
7068 if (cp->instance > 1)
7069 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7070 MGMT_STATUS_INVALID_PARAMS);
7071
7072 hci_dev_lock(hdev);
7073
7074 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7075 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7076 pending_find(MGMT_OP_SET_LE, hdev)) {
7077 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7078 MGMT_STATUS_BUSY);
7079 goto unlock;
7080 }
7081
7082 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7083 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7084 MGMT_STATUS_INVALID_PARAMS);
7085 goto unlock;
7086 }
7087
5d900e46
FG		 7088 if (hdev->adv_instance_timeout)
7089 cancel_delayed_work(&hdev->adv_instance_expire);
912098a6 7090
da929335
AU		 7091 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
7092
7093 advertising_removed(sk, hdev, 1);
7094
7095 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
7096
7097 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
7098 * we have no HCI communication to make. Simply return.
7099 */
7100 if (!hdev_is_powered(hdev) ||
7101 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7102 rp.instance = 1;
7103 err = mgmt_cmd_complete(sk, hdev->id,
7104 MGMT_OP_REMOVE_ADVERTISING,
7105 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7106 goto unlock;
7107 }
7108
7109 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7110 data_len);
7111 if (!cmd) {
7112 err = -ENOMEM;
7113 goto unlock;
7114 }
7115
7116 hci_req_init(&req, hdev);
7117 disable_advertising(&req);
7118
7119 err = hci_req_run(&req, remove_advertising_complete);
7120 if (err < 0)
7121 mgmt_pending_remove(cmd);
7122
7123unlock:
7124 hci_dev_unlock(hdev);
7125
7126 return err;
7127}
7128
6d785aa3 7129static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 7130 { NULL }, /* 0x0000 (no command) */
b9a245fb 7131 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 7132 HCI_MGMT_NO_HDEV |
7133 HCI_MGMT_UNTRUSTED },
b9a245fb 7134 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 7135 HCI_MGMT_NO_HDEV |
7136 HCI_MGMT_UNTRUSTED },
b9a245fb 7137 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 7138 HCI_MGMT_NO_HDEV |
7139 HCI_MGMT_UNTRUSTED },
7140 { read_controller_info, MGMT_READ_INFO_SIZE,
7141 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 7142 { set_powered, MGMT_SETTING_SIZE },
7143 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7144 { set_connectable, MGMT_SETTING_SIZE },
7145 { set_fast_connectable, MGMT_SETTING_SIZE },
7146 { set_bondable, MGMT_SETTING_SIZE },
7147 { set_link_security, MGMT_SETTING_SIZE },
7148 { set_ssp, MGMT_SETTING_SIZE },
7149 { set_hs, MGMT_SETTING_SIZE },
7150 { set_le, MGMT_SETTING_SIZE },
7151 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7152 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7153 { add_uuid, MGMT_ADD_UUID_SIZE },
7154 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 7155 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7156 HCI_MGMT_VAR_LEN },
7157 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7158 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7159 { disconnect, MGMT_DISCONNECT_SIZE },
7160 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7161 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7162 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7163 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7164 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7165 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7166 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7167 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7168 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7169 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7170 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 7171 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7172 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7173 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7174 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7175 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7176 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7177 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7178 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7179 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7180 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7181 { set_advertising, MGMT_SETTING_SIZE },
7182 { set_bredr, MGMT_SETTING_SIZE },
7183 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7184 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7185 { set_secure_conn, MGMT_SETTING_SIZE },
7186 { set_debug_keys, MGMT_SETTING_SIZE },
7187 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 7188 { load_irks, MGMT_LOAD_IRKS_SIZE,
7189 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7190 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7191 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7192 { add_device, MGMT_ADD_DEVICE_SIZE },
7193 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 7194 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7195 HCI_MGMT_VAR_LEN },
7196 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 7197 HCI_MGMT_NO_HDEV |
7198 HCI_MGMT_UNTRUSTED },
b9a245fb 7199 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 7200 HCI_MGMT_UNCONFIGURED |
7201 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 7202 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7203 HCI_MGMT_UNCONFIGURED },
7204 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7205 HCI_MGMT_UNCONFIGURED },
7206 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7207 HCI_MGMT_VAR_LEN },
4f0f155c 7208 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 7209 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 7210 HCI_MGMT_NO_HDEV |
7211 HCI_MGMT_UNTRUSTED },
d3d5305b 7212 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 7213 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7214 HCI_MGMT_VAR_LEN },
da929335 7215 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
0f4e68cf
JH		 7216};
7217
bf6b56db 7218void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 7219{
ced85549 7220 struct mgmt_ev_ext_index ev;
bb4b2a9a 7221
0602a8ad
MH		 7222 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7223 return;
7224
f9207338
MH		 7225 switch (hdev->dev_type) {
7226 case HCI_BREDR:
7227 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7228 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7229 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7230 ev.type = 0x01;
f9207338
MH		 7231 } else {
7232 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7233 HCI_MGMT_INDEX_EVENTS);
ced85549 7234 ev.type = 0x00;
f9207338
MH		 7235 }
7236 break;
ced85549
MH		 7237 case HCI_AMP:
7238 ev.type = 0x02;
7239 break;
7240 default:
7241 return;
f9207338 7242 }
ced85549
MH		 7243
7244 ev.bus = hdev->bus;
7245
7246 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7247 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 7248}
7249
bf6b56db 7250void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 7251{
ced85549 7252 struct mgmt_ev_ext_index ev;
5f159032 7253 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 7254
0602a8ad
MH		 7255 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7256 return;
7257
f9207338
MH		 7258 switch (hdev->dev_type) {
7259 case HCI_BREDR:
7260 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 7261
f9207338
MH		 7262 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7263 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7264 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7265 ev.type = 0x01;
f9207338
MH		 7266 } else {
7267 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7268 HCI_MGMT_INDEX_EVENTS);
ced85549 7269 ev.type = 0x00;
f9207338
MH		 7270 }
7271 break;
ced85549
MH		 7272 case HCI_AMP:
7273 ev.type = 0x02;
7274 break;
7275 default:
7276 return;
f9207338 7277 }
ced85549
MH		 7278
7279 ev.bus = hdev->bus;
7280
7281 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7282 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 7283}
7284
6046dc3e 7285/* This function requires the caller holds hdev->lock */
2cf22218 7286static void restart_le_actions(struct hci_request *req)
6046dc3e 7287{
2cf22218 7288 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 7289 struct hci_conn_params *p;
7290
7291 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 7292 /* Needed for AUTO_OFF case where might not "really"
7293 * have been powered off.
7294 */
7295 list_del_init(&p->action);
7296
7297 switch (p->auto_connect) {
4b9e7e75 7298 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7299 case HCI_AUTO_CONN_ALWAYS:
7300 list_add(&p->action, &hdev->pend_le_conns);
7301 break;
7302 case HCI_AUTO_CONN_REPORT:
7303 list_add(&p->action, &hdev->pend_le_reports);
7304 break;
7305 default:
7306 break;
c83ed19d 7307 }
6046dc3e 7308 }
c83ed19d 7309
2cf22218 7310 __hci_update_background_scan(req);
6046dc3e
AG		 7311}
7312
1904a853 7313static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 7314{
7315 struct cmd_lookup match = { NULL, hdev };
7316
7317 BT_DBG("status 0x%02x", status);
7318
162a3bac
MH		 7319 if (!status) {
7320 /* Register the available SMP channels (BR/EDR and LE) only
7321 * when successfully powering on the controller. This late
7322 * registration is required so that LE SMP can clearly
7323 * decide if the public address or static address is used.
7324 */
7325 smp_register(hdev);
7326 }
7327
229ab39c
JH		 7328 hci_dev_lock(hdev);
7329
7330 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7331
7332 new_settings(hdev, match.sk);
7333
7334 hci_dev_unlock(hdev);
7335
7336 if (match.sk)
7337 sock_put(match.sk);
7338}
7339
70da6243 7340static int powered_update_hci(struct hci_dev *hdev)
5add6af8 7341{
890ea898 7342 struct hci_request req;
70da6243 7343 u8 link_sec;
5add6af8 7344
890ea898
JH		 7345 hci_req_init(&req, hdev);
7346
d7a5a11d 7347 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 7348 !lmp_host_ssp_capable(hdev)) {
574ea3c7 7349 u8 mode = 0x01;
5e5282bb 7350
574ea3c7
MH		 7351 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7352
7353 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7354 u8 support = 0x01;
5add6af8 7355
574ea3c7
MH		 7356 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7357 sizeof(support), &support);
7358 }
ec6f99b8
JH		 7359 }
7360
d7a5a11d 7361 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 7362 lmp_bredr_capable(hdev)) {
70da6243 7363 struct hci_cp_write_le_host_supported cp;
f0ff92fb 7364
32226e4f
MH		 7365 cp.le = 0x01;
7366 cp.simul = 0x00;
3d1cbdd6 7367
70da6243
JH		 7368 /* Check first if we already have the right
7369 * host state (host features set)
7370 */
7371 if (cp.le != lmp_host_le_capable(hdev) ||
7372 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 7373 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7374 sizeof(cp), &cp);
70da6243 7375 }
3d1cbdd6 7376
d13eafce 7377 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 7378 /* Make sure the controller has a good default for
7379 * advertising data. This also applies to the case
7380 * where BR/EDR was toggled during the AUTO_OFF phase.
7381 */
d7a5a11d 7382 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 7383 update_adv_data(&req);
f14d8f64
MH		 7384 update_scan_rsp_data(&req);
7385 }
441ad2d0 7386
24b4f38f
AU		 7387 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7388 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
bba3aa55 7389 enable_advertising(&req);
2cf22218
JH		 7390
7391 restart_le_actions(&req);
eeca6f89
JH		 7392 }
7393
d7a5a11d 7394 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 7395 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 7396 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7397 sizeof(link_sec), &link_sec);
562fcc24 7398
70da6243 7399 if (lmp_bredr_capable(hdev)) {
d7a5a11d 7400 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 7401 write_fast_connectable(&req, true);
7402 else
7403 write_fast_connectable(&req, false);
1d2dc5b7 7404 __hci_update_page_scan(&req);
890ea898 7405 update_class(&req);
13928971 7406 update_name(&req);
890ea898 7407 update_eir(&req);
70da6243 7408 }
562fcc24 7409
229ab39c 7410 return hci_req_run(&req, powered_complete);
70da6243 7411}
562fcc24 7412
70da6243
JH		 7413int mgmt_powered(struct hci_dev *hdev, u8 powered)
7414{
7415 struct cmd_lookup match = { NULL, hdev };
9845904f 7416 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 7417 int err;
f0ff92fb 7418
d7a5a11d 7419 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 7420 return 0;
7421
70da6243 7422 if (powered) {
229ab39c
JH		 7423 if (powered_update_hci(hdev) == 0)
7424 return 0;
fe038884 7425
229ab39c
JH		 7426 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7427 &match);
7428 goto new_settings;
b24752fe
JH		 7429 }
7430
229ab39c 7431 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7432
7433 /* If the power off is because of hdev unregistration let
7434 * use the appropriate INVALID_INDEX status. Otherwise use
7435 * NOT_POWERED. We cover both scenarios here since later in
7436 * mgmt_index_removed() any hci_conn callbacks will have already
7437 * been triggered, potentially causing misleading DISCONNECTED
7438 * status responses.
7439 */
d7a5a11d 7440 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7441 status = MGMT_STATUS_INVALID_INDEX;
7442 else
7443 status = MGMT_STATUS_NOT_POWERED;
7444
7445 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 7446
7447 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 7448 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7449 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 7450
7451new_settings:
beadb2bd 7452 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 7453
7454 if (match.sk)
7455 sock_put(match.sk);
7456
7bb895d6 7457 return err;
5add6af8 7458}
73f22f62 7459
3eec705e 7460void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7461{
3b0602cd 7462 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7463 u8 status;
7464
333ae95d 7465 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7466 if (!cmd)
3eec705e 7467 return;
96570ffc
JH		 7468
7469 if (err == -ERFKILL)
7470 status = MGMT_STATUS_RFKILLED;
7471 else
7472 status = MGMT_STATUS_FAILED;
7473
a69e8375 7474 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7475
7476 mgmt_pending_remove(cmd);
96570ffc
JH		 7477}
7478
d1967ff8
MH		 7479void mgmt_discoverable_timeout(struct hci_dev *hdev)
7480{
7481 struct hci_request req;
d1967ff8
MH		 7482
7483 hci_dev_lock(hdev);
7484
7485 /* When discoverable timeout triggers, then just make sure
7486 * the limited discoverable flag is cleared. Even in the case
7487 * of a timeout triggered from general discoverable, it is
7488 * safe to unconditionally clear the flag.
7489 */
a358dc11
MH		 7490 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7491 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 7492
7493 hci_req_init(&req, hdev);
d7a5a11d 7494 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 7495 u8 scan = SCAN_PAGE;
7496 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7497 sizeof(scan), &scan);
7498 }
d1967ff8 7499 update_class(&req);
24b4f38f
AU		 7500
7501 /* Advertising instances don't use the global discoverable setting, so
7502 * only update AD if advertising was enabled using Set Advertising.
7503 */
7504 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7505 update_adv_data(&req);
7506
d1967ff8
MH		 7507 hci_req_run(&req, NULL);
7508
7509 hdev->discov_timeout = 0;
7510
9a43e25f
JH		 7511 new_settings(hdev, NULL);
7512
d1967ff8
MH		 7513 hci_dev_unlock(hdev);
7514}
7515
dc4a5ee2
MH		 7516void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7517 bool persistent)
55ed8ca1 7518{
86742e1e 7519 struct mgmt_ev_new_link_key ev;
55ed8ca1 7520
a492cd52 7521 memset(&ev, 0, sizeof(ev));
55ed8ca1 7522
a492cd52 7523 ev.store_hint = persistent;
d753fdc4 7524 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7525 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7526 ev.key.type = key->type;
9b3b4460 7527 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7528 ev.key.pin_len = key->pin_len;
55ed8ca1 7529
dc4a5ee2 7530 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7531}
f7520543 7532
d7b25450
JH		 7533static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7534{
23fb8de3
JH		 7535 switch (ltk->type) {
7536 case SMP_LTK:
7537 case SMP_LTK_SLAVE:
7538 if (ltk->authenticated)
7539 return MGMT_LTK_AUTHENTICATED;
7540 return MGMT_LTK_UNAUTHENTICATED;
7541 case SMP_LTK_P256:
7542 if (ltk->authenticated)
7543 return MGMT_LTK_P256_AUTH;
7544 return MGMT_LTK_P256_UNAUTH;
7545 case SMP_LTK_P256_DEBUG:
7546 return MGMT_LTK_P256_DEBUG;
7547 }
d7b25450
JH		 7548
7549 return MGMT_LTK_UNAUTHENTICATED;
7550}
7551
53ac6ab6 7552void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7553{
7554 struct mgmt_ev_new_long_term_key ev;
7555
7556 memset(&ev, 0, sizeof(ev));
7557
5192d301 7558 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7559 * without providing an identity resolving key don't require
5192d301
MH		 7560 * to store long term keys. Their addresses will change the
7561 * next time around.
7562 *
7563 * Only when a remote device provides an identity address
7564 * make sure the long term key is stored. If the remote
7565 * identity is known, the long term keys are internally
7566 * mapped to the identity address. So allow static random
7567 * and public addresses here.
7568 */
ba74b666
JH		 7569 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7570 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7571 ev.store_hint = 0x00;
7572 else
53ac6ab6 7573 ev.store_hint = persistent;
ba74b666 7574
346af67b 7575 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7576 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7577 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7578 ev.key.enc_size = key->enc_size;
7579 ev.key.ediv = key->ediv;
fe39c7b2 7580 ev.key.rand = key->rand;
346af67b 7581
2ceba539 7582 if (key->type == SMP_LTK)
346af67b
VCG		 7583 ev.key.master = 1;
7584
1fc62c52
JH		 7585 /* Make sure we copy only the significant bytes based on the
7586 * encryption key size, and set the rest of the value to zeroes.
7587 */
7588 memcpy(ev.key.val, key->val, sizeof(key->enc_size));
7589 memset(ev.key.val + key->enc_size, 0,
7590 sizeof(ev.key.val) - key->enc_size);
346af67b 7591
083368f7 7592 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7593}
7594
95fbac8a
JH		 7595void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7596{
7597 struct mgmt_ev_new_irk ev;
7598
7599 memset(&ev, 0, sizeof(ev));
7600
bab6d1e5
MH		 7601 /* For identity resolving keys from devices that are already
7602 * using a public address or static random address, do not
7603 * ask for storing this key. The identity resolving key really
f72186d2 7604 * is only mandatory for devices using resolvable random
bab6d1e5
MH		 7605 * addresses.
7606 *
7607 * Storing all identity resolving keys has the downside that
7608 * they will be also loaded on next boot of they system. More
7609 * identity resolving keys, means more time during scanning is
7610 * needed to actually resolve these addresses.
7611 */
7612 if (bacmp(&irk->rpa, BDADDR_ANY))
7613 ev.store_hint = 0x01;
7614 else
7615 ev.store_hint = 0x00;
7616
95fbac8a
JH		 7617 bacpy(&ev.rpa, &irk->rpa);
7618 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7619 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7620 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7621
7622 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7623}
7624
53ac6ab6
MH		 7625void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7626 bool persistent)
7ee4ea36
MH		 7627{
7628 struct mgmt_ev_new_csrk ev;
7629
7630 memset(&ev, 0, sizeof(ev));
7631
7632 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7633 * without providing an identity resolving key don't require
7ee4ea36
MH		 7634 * to store signature resolving keys. Their addresses will change
7635 * the next time around.
7636 *
7637 * Only when a remote device provides an identity address
7638 * make sure the signature resolving key is stored. So allow
7639 * static random and public addresses here.
7640 */
7641 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7642 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7643 ev.store_hint = 0x00;
7644 else
53ac6ab6 7645 ev.store_hint = persistent;
7ee4ea36
MH		 7646
7647 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7648 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7649 ev.key.type = csrk->type;
7ee4ea36
MH		 7650 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7651
7652 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7653}
7654
ffb5a827 7655void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7656 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7657 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7658{
7659 struct mgmt_ev_new_conn_param ev;
7660
c103aea6
JH		 7661 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7662 return;
7663
ffb5a827
AG		 7664 memset(&ev, 0, sizeof(ev));
7665 bacpy(&ev.addr.bdaddr, bdaddr);
7666 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7667 ev.store_hint = store_hint;
ffb5a827
AG		 7668 ev.min_interval = cpu_to_le16(min_interval);
7669 ev.max_interval = cpu_to_le16(max_interval);
7670 ev.latency = cpu_to_le16(latency);
7671 ev.timeout = cpu_to_le16(timeout);
7672
7673 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7674}
7675
48ec92fa
AA		 7676void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7677 u32 flags, u8 *name, u8 name_len)
f7520543 7678{
b644ba33
JH		 7679 char buf[512];
7680 struct mgmt_ev_device_connected *ev = (void *) buf;
7681 u16 eir_len = 0;
f7520543 7682
48ec92fa
AA		 7683 bacpy(&ev->addr.bdaddr, &conn->dst);
7684 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7685
c95f0ba7 7686 ev->flags = __cpu_to_le32(flags);
08c79b61 7687
fd45ada9
AA		 7688 /* We must ensure that the EIR Data fields are ordered and
7689 * unique. Keep it simple for now and avoid the problem by not
7690 * adding any BR/EDR data to the LE adv.
7691 */
7692 if (conn->le_adv_data_len > 0) {
7693 memcpy(&ev->eir[eir_len],
7694 conn->le_adv_data, conn->le_adv_data_len);
7695 eir_len = conn->le_adv_data_len;
7696 } else {
7697 if (name_len > 0)
7698 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7699 name, name_len);
b644ba33 7700
ddbea5cf 7701 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7702 eir_len = eir_append_data(ev->eir, eir_len,
7703 EIR_CLASS_OF_DEV,
7704 conn->dev_class, 3);
7705 }
b644ba33 7706
eb55ef07 7707 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7708
ecd90ae7
MH		 7709 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7710 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7711}
7712
3b0602cd 7713static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7714{
8962ee74 7715 struct sock **sk = data;
8962ee74 7716
f5818c22 7717 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7718
7719 *sk = cmd->sk;
7720 sock_hold(*sk);
7721
a664b5bc 7722 mgmt_pending_remove(cmd);
8962ee74
JH		 7723}
7724
3b0602cd 7725static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7726{
b1078ad0 7727 struct hci_dev *hdev = data;
124f6e35 7728 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7729
b1078ad0
JH		 7730 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7731
d8b7b1e4 7732 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7733 mgmt_pending_remove(cmd);
7734}
7735
84c61d92
JH		 7736bool mgmt_powering_down(struct hci_dev *hdev)
7737{
3b0602cd 7738 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7739 struct mgmt_mode *cp;
7740
333ae95d 7741 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7742 if (!cmd)
7743 return false;
7744
7745 cp = cmd->param;
7746 if (!cp->val)
7747 return true;
7748
7749 return false;
7750}
7751
9b80ec5e 7752void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7753 u8 link_type, u8 addr_type, u8 reason,
7754 bool mgmt_connected)
f7520543 7755{
f0d6a0ea 7756 struct mgmt_ev_device_disconnected ev;
8962ee74 7757 struct sock *sk = NULL;
8962ee74 7758
84c61d92
JH		 7759 /* The connection is still in hci_conn_hash so test for 1
7760 * instead of 0 to know if this is the last one.
7761 */
7762 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7763 cancel_delayed_work(&hdev->power_off);
7764 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7765 }
7766
12d4a3b2
JH		 7767 if (!mgmt_connected)
7768 return;
7769
57eb776f
AG		 7770 if (link_type != ACL_LINK && link_type != LE_LINK)
7771 return;
7772
744cf19e 7773 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7774
f0d6a0ea
MA		 7775 bacpy(&ev.addr.bdaddr, bdaddr);
7776 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7777 ev.reason = reason;
f7520543 7778
9b80ec5e 7779 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7780
7781 if (sk)
d97dcb66 7782 sock_put(sk);
8962ee74 7783
124f6e35 7784 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7785 hdev);
8962ee74
JH		 7786}
7787
7892924c
MH		 7788void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7789 u8 link_type, u8 addr_type, u8 status)
8962ee74 7790{
3655bba8
AG		 7791 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7792 struct mgmt_cp_disconnect *cp;
3b0602cd 7793 struct mgmt_pending_cmd *cmd;
8962ee74 7794
36a75f1b
JD		 7795 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7796 hdev);
7797
333ae95d 7798 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7799 if (!cmd)
7892924c 7800 return;
8962ee74 7801
3655bba8
AG		 7802 cp = cmd->param;
7803
7804 if (bacmp(bdaddr, &cp->addr.bdaddr))
7805 return;
7806
7807 if (cp->addr.type != bdaddr_type)
7808 return;
7809
f5818c22 7810 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7811 mgmt_pending_remove(cmd);
f7520543 7812}
17d5c04c 7813
445608d0
MH		 7814void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7815 u8 addr_type, u8 status)
17d5c04c
JH		 7816{
7817 struct mgmt_ev_connect_failed ev;
c9910d0f 7818
84c61d92
JH		 7819 /* The connection is still in hci_conn_hash so test for 1
7820 * instead of 0 to know if this is the last one.
7821 */
7822 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7823 cancel_delayed_work(&hdev->power_off);
7824 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7825 }
17d5c04c 7826
4c659c39 7827 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7828 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7829 ev.status = mgmt_status(status);
17d5c04c 7830
445608d0 7831 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7832}
980e1a53 7833
ce0e4a0d 7834void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7835{
7836 struct mgmt_ev_pin_code_request ev;
7837
d8457698 7838 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7839 ev.addr.type = BDADDR_BREDR;
a770bb5a 7840 ev.secure = secure;
980e1a53 7841
ce0e4a0d 7842 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7843}
7844
e669cf80
MH		 7845void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7846 u8 status)
980e1a53 7847{
3b0602cd 7848 struct mgmt_pending_cmd *cmd;
980e1a53 7849
333ae95d 7850 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7851 if (!cmd)
e669cf80 7852 return;
980e1a53 7853
7776d1d8 7854 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7855 mgmt_pending_remove(cmd);
980e1a53
JH		 7856}
7857
3eb38528
MH		 7858void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7859 u8 status)
980e1a53 7860{
3b0602cd 7861 struct mgmt_pending_cmd *cmd;
980e1a53 7862
333ae95d 7863 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7864 if (!cmd)
3eb38528 7865 return;
980e1a53 7866
7776d1d8 7867 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7868 mgmt_pending_remove(cmd);
980e1a53 7869}
a5c29683 7870
744cf19e 7871int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7872 u8 link_type, u8 addr_type, u32 value,
04124681 7873 u8 confirm_hint)
a5c29683
JH		 7874{
7875 struct mgmt_ev_user_confirm_request ev;
7876
744cf19e 7877 BT_DBG("%s", hdev->name);
a5c29683 7878
272d90df 7879 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7880 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7881 ev.confirm_hint = confirm_hint;
39adbffe 7882 ev.value = cpu_to_le32(value);
a5c29683 7883
744cf19e 7884 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7885 NULL);
a5c29683
JH		 7886}
7887
272d90df 7888int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7889 u8 link_type, u8 addr_type)
604086b7
BG		 7890{
7891 struct mgmt_ev_user_passkey_request ev;
7892
7893 BT_DBG("%s", hdev->name);
7894
272d90df 7895 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7896 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7897
7898 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7899 NULL);
604086b7
BG		 7900}
7901
0df4c185 7902static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7903 u8 link_type, u8 addr_type, u8 status,
7904 u8 opcode)
a5c29683 7905{
3b0602cd 7906 struct mgmt_pending_cmd *cmd;
a5c29683 7907
333ae95d 7908 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7909 if (!cmd)
7910 return -ENOENT;
7911
7776d1d8 7912 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7913 mgmt_pending_remove(cmd);
a5c29683 7914
7776d1d8 7915 return 0;
a5c29683
JH		 7916}
7917
744cf19e 7918int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7919 u8 link_type, u8 addr_type, u8 status)
a5c29683 7920{
272d90df 7921 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7922 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7923}
7924
272d90df 7925int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7926 u8 link_type, u8 addr_type, u8 status)
a5c29683 7927{
272d90df 7928 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7929 status,
7930 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7931}
2a611692 7932
604086b7 7933int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7934 u8 link_type, u8 addr_type, u8 status)
604086b7 7935{
272d90df 7936 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7937 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7938}
7939
272d90df 7940int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7941 u8 link_type, u8 addr_type, u8 status)
604086b7 7942{
272d90df 7943 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7944 status,
7945 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7946}
7947
92a25256
JH		 7948int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7949 u8 link_type, u8 addr_type, u32 passkey,
7950 u8 entered)
7951{
7952 struct mgmt_ev_passkey_notify ev;
7953
7954 BT_DBG("%s", hdev->name);
7955
7956 bacpy(&ev.addr.bdaddr, bdaddr);
7957 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7958 ev.passkey = __cpu_to_le32(passkey);
7959 ev.entered = entered;
7960
7961 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7962}
7963
e1e930f5 7964void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7965{
7966 struct mgmt_ev_auth_failed ev;
3b0602cd 7967 struct mgmt_pending_cmd *cmd;
e1e930f5 7968 u8 status = mgmt_status(hci_status);
2a611692 7969
e1e930f5
JH		 7970 bacpy(&ev.addr.bdaddr, &conn->dst);
7971 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7972 ev.status = status;
2a611692 7973
e1e930f5
JH		 7974 cmd = find_pairing(conn);
7975
7976 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7977 cmd ? cmd->sk : NULL);
7978
a511b35b
JH		 7979 if (cmd) {
7980 cmd->cmd_complete(cmd, status);
7981 mgmt_pending_remove(cmd);
7982 }
2a611692 7983}
b312b161 7984
464996ae 7985void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7986{
7987 struct cmd_lookup match = { NULL, hdev };
464996ae 7988 bool changed;
33ef95ed
JH		 7989
7990 if (status) {
7991 u8 mgmt_err = mgmt_status(status);
7992 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7993 cmd_status_rsp, &mgmt_err);
464996ae 7994 return;
33ef95ed
JH		 7995 }
7996
464996ae 7997 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7998 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7999 else
a69d8927 8000 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 8001
33ef95ed 8002 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 8003 &match);
33ef95ed 8004
47990ea0 8005 if (changed)
464996ae 8006 new_settings(hdev, match.sk);
33ef95ed
JH		 8007
8008 if (match.sk)
8009 sock_put(match.sk);
33ef95ed
JH		 8010}
8011
890ea898 8012static void clear_eir(struct hci_request *req)
cacaf52f 8013{
890ea898 8014 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 8015 struct hci_cp_write_eir cp;
8016
976eb20e 8017 if (!lmp_ext_inq_capable(hdev))
890ea898 8018 return;
cacaf52f 8019
c80da27e
JH		 8020 memset(hdev->eir, 0, sizeof(hdev->eir));
8021
cacaf52f
JH		 8022 memset(&cp, 0, sizeof(cp));
8023
890ea898 8024 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 8025}
8026
3e248560 8027void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 8028{
8029 struct cmd_lookup match = { NULL, hdev };
890ea898 8030 struct hci_request req;
c0ecddc2 8031 bool changed = false;
ed2c4ee3
JH		 8032
8033 if (status) {
8034 u8 mgmt_err = mgmt_status(status);
c0ecddc2 8035
a69d8927
MH		 8036 if (enable && hci_dev_test_and_clear_flag(hdev,
8037 HCI_SSP_ENABLED)) {
a358dc11 8038 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 8039 new_settings(hdev, NULL);
9ecb3e24 8040 }
c0ecddc2 8041
04124681
GP		 8042 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8043 &mgmt_err);
3e248560 8044 return;
c0ecddc2
JH		 8045 }
8046
8047 if (enable) {
238be788 8048 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 8049 } else {
a69d8927 8050 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 8051 if (!changed)
a69d8927
MH		 8052 changed = hci_dev_test_and_clear_flag(hdev,
8053 HCI_HS_ENABLED);
9ecb3e24 8054 else
a358dc11 8055 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 8056 }
8057
8058 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8059
c0ecddc2 8060 if (changed)
3e248560 8061 new_settings(hdev, match.sk);
ed2c4ee3 8062
5fc6ebb1 8063 if (match.sk)
ed2c4ee3
JH		 8064 sock_put(match.sk);
8065
890ea898
JH		 8066 hci_req_init(&req, hdev);
8067
d7a5a11d
MH		 8068 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8069 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 8070 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8071 sizeof(enable), &enable);
890ea898 8072 update_eir(&req);
3769972b 8073 } else {
890ea898 8074 clear_eir(&req);
3769972b 8075 }
890ea898
JH		 8076
8077 hci_req_run(&req, NULL);
ed2c4ee3
JH		 8078}
8079
3b0602cd 8080static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 8081{
8082 struct cmd_lookup *match = data;
8083
90e70454
JH		 8084 if (match->sk == NULL) {
8085 match->sk = cmd->sk;
8086 sock_hold(match->sk);
8087 }
90e70454
JH		 8088}
8089
4e1b0245
MH		 8090void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8091 u8 status)
7f9a903c 8092{
90e70454 8093 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 8094
92da6097
JH		 8095 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8096 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8097 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 8098
8099 if (!status)
f6b7712e
MH		 8100 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8101 dev_class, 3, NULL);
90e70454
JH		 8102
8103 if (match.sk)
8104 sock_put(match.sk);
7f9a903c
MH		 8105}
8106
7667da34 8107void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 8108{
b312b161 8109 struct mgmt_cp_set_local_name ev;
3b0602cd 8110 struct mgmt_pending_cmd *cmd;
28cc7bde 8111
13928971 8112 if (status)
7667da34 8113 return;
b312b161
JH		 8114
8115 memset(&ev, 0, sizeof(ev));
8116 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 8117 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 8118
333ae95d 8119 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 8120 if (!cmd) {
8121 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 8122
13928971
JH		 8123 /* If this is a HCI command related to powering on the
8124 * HCI dev don't send any mgmt signals.
8125 */
333ae95d 8126 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 8127 return;
890ea898 8128 }
b312b161 8129
f6b7712e
MH		 8130 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8131 cmd ? cmd->sk : NULL);
b312b161 8132}
c35938b2 8133
799ce93d
JP		 8134static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8135{
8136 int i;
8137
8138 for (i = 0; i < uuid_count; i++) {
8139 if (!memcmp(uuid, uuids[i], 16))
8140 return true;
8141 }
8142
8143 return false;
8144}
8145
b487b9ce
MH		 8146static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8147{
799ce93d
JP		 8148 u16 parsed = 0;
8149
8150 while (parsed < eir_len) {
8151 u8 field_len = eir[0];
8152 u8 uuid[16];
8153 int i;
8154
8155 if (field_len == 0)
8156 break;
8157
8158 if (eir_len - parsed < field_len + 1)
8159 break;
8160
8161 switch (eir[1]) {
8162 case EIR_UUID16_ALL:
8163 case EIR_UUID16_SOME:
8164 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 8165 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8166 uuid[13] = eir[i + 3];
8167 uuid[12] = eir[i + 2];
8168 if (has_uuid(uuid, uuid_count, uuids))
8169 return true;
8170 }
8171 break;
8172 case EIR_UUID32_ALL:
8173 case EIR_UUID32_SOME:
8174 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 8175 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8176 uuid[15] = eir[i + 5];
8177 uuid[14] = eir[i + 4];
8178 uuid[13] = eir[i + 3];
8179 uuid[12] = eir[i + 2];
8180 if (has_uuid(uuid, uuid_count, uuids))
8181 return true;
8182 }
8183 break;
8184 case EIR_UUID128_ALL:
8185 case EIR_UUID128_SOME:
8186 for (i = 0; i + 17 <= field_len; i += 16) {
8187 memcpy(uuid, eir + i + 2, 16);
8188 if (has_uuid(uuid, uuid_count, uuids))
8189 return true;
8190 }
8191 break;
8192 }
8193
8194 parsed += field_len + 1;
8195 eir += field_len + 1;
8196 }
8197
b487b9ce
MH		 8198 return false;
8199}
8200
4b0e0ced
JP		 8201static void restart_le_scan(struct hci_dev *hdev)
8202{
8203 /* If controller is not scanning we are done. */
d7a5a11d 8204 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 8205 return;
8206
8207 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8208 hdev->discovery.scan_start +
8209 hdev->discovery.scan_duration))
8210 return;
8211
8212 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8213 DISCOV_LE_RESTART_DELAY);
8214}
8215
48f86b7f
JP		 8216static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8217 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 8218{
48f86b7f
JP		 8219 /* If a RSSI threshold has been specified, and
8220 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8221 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8222 * is set, let it through for further processing, as we might need to
8223 * restart the scan.
efb2513f
MH		 8224 *
8225 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8226 * the results are also dropped.
bda157a4
MH		 8227 */
8228 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 8229 (rssi == HCI_RSSI_INVALID ||
8230 (rssi < hdev->discovery.rssi &&
8231 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 8232 return false;
efb2513f 8233
2976cdeb
JP		 8234 if (hdev->discovery.uuid_count != 0) {
8235 /* If a list of UUIDs is provided in filter, results with no
8236 * matching UUID should be dropped.
b487b9ce 8237 */
2976cdeb
JP		 8238 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8239 hdev->discovery.uuids) &&
8240 !eir_has_uuids(scan_rsp, scan_rsp_len,
8241 hdev->discovery.uuid_count,
8242 hdev->discovery.uuids))
8243 return false;
b487b9ce 8244 }
5d2e9fad 8245
2976cdeb
JP		 8246 /* If duplicate filtering does not report RSSI changes, then restart
8247 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 8248 */
2976cdeb
JP		 8249 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8250 restart_le_scan(hdev);
8251
8252 /* Validate RSSI value against the RSSI threshold once more. */
8253 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8254 rssi < hdev->discovery.rssi)
8255 return false;
8256 }
48f86b7f
JP		 8257
8258 return true;
8259}
8260
8261void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8262 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8263 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8264{
8265 char buf[512];
8266 struct mgmt_ev_device_found *ev = (void *)buf;
8267 size_t ev_size;
8268
8269 /* Don't send events for a non-kernel initiated discovery. With
8270 * LE one exception is if we have pend_le_reports > 0 in which
8271 * case we're doing passive scanning and want these events.
8272 */
8273 if (!hci_discovery_active(hdev)) {
8274 if (link_type == ACL_LINK)
8275 return;
8276 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8277 return;
8278 }
8279
82f8b651 8280 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 8281 /* We are using service discovery */
8282 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8283 scan_rsp_len))
8284 return;
8285 }
8286
8287 /* Make sure that the buffer is big enough. The 5 extra bytes
8288 * are for the potential CoD field.
8289 */
8290 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 8291 return;
8292
48f86b7f
JP		 8293 memset(buf, 0, sizeof(buf));
8294
8295 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8296 * RSSI value was reported as 0 when not available. This behavior
8297 * is kept when using device discovery. This is required for full
8298 * backwards compatibility with the API.
8299 *
8300 * However when using service discovery, the value 127 will be
8301 * returned when the RSSI is not available.
8302 */
8303 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8304 link_type == ACL_LINK)
8305 rssi = 0;
8306
8307 bacpy(&ev->addr.bdaddr, bdaddr);
8308 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8309 ev->rssi = rssi;
8310 ev->flags = cpu_to_le32(flags);
8311
8312 if (eir_len > 0)
8313 /* Copy EIR or advertising data into event */
8314 memcpy(ev->eir, eir, eir_len);
8315
8316 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8317 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8318 dev_class, 3);
8319
8320 if (scan_rsp_len > 0)
8321 /* Append scan response data to event */
8322 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8323
5d2e9fad
JH		 8324 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8325 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 8326
901801b9 8327 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 8328}
a88a9652 8329
9cf12aee
MH		 8330void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8331 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 8332{
b644ba33
JH		 8333 struct mgmt_ev_device_found *ev;
8334 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8335 u16 eir_len;
a88a9652 8336
b644ba33 8337 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 8338
b644ba33
JH		 8339 memset(buf, 0, sizeof(buf));
8340
8341 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 8342 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 8343 ev->rssi = rssi;
8344
8345 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 8346 name_len);
b644ba33 8347
eb55ef07 8348 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 8349
9cf12aee 8350 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 8351}
314b2381 8352
2f1e063b 8353void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 8354{
f963e8e9 8355 struct mgmt_ev_discovering ev;
164a6e78 8356
343fb145
AG		 8357 BT_DBG("%s discovering %u", hdev->name, discovering);
8358
f963e8e9
JH		 8359 memset(&ev, 0, sizeof(ev));
8360 ev.type = hdev->discovery.type;
8361 ev.discovering = discovering;
8362
2f1e063b 8363 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 8364}
5e762444 8365
1904a853 8366static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 8367{
8368 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 8369}
8370
8371void mgmt_reenable_advertising(struct hci_dev *hdev)
8372{
8373 struct hci_request req;
8374
24b4f38f
AU		 8375 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8376 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 8377 return;
8378
8379 hci_req_init(&req, hdev);
8380 enable_advertising(&req);
0ec5ae84 8381 hci_req_run(&req, adv_enable_complete);
5976e608 8382}
6d785aa3
JH		 8383
8384static struct hci_mgmt_chan chan = {
8385 .channel = HCI_CHANNEL_CONTROL,
8386 .handler_count = ARRAY_SIZE(mgmt_handlers),
8387 .handlers = mgmt_handlers,
88b94ce9 8388 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 8389};
8390
8391int mgmt_init(void)
8392{
8393 return hci_mgmt_chan_register(&chan);
8394}
8395
8396void mgmt_exit(void)
8397{
8398 hci_mgmt_chan_unregister(&chan);
8399}
Linux kernel - Deliverables
This page took 1.081484 seconds and 5 git commands to generate.