projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Don't take actions on blocked devices when scanning
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
e70bb2e8
JH		 94};
95
96static const u16 mgmt_events[] = {
97 MGMT_EV_CONTROLLER_ERROR,
98 MGMT_EV_INDEX_ADDED,
99 MGMT_EV_INDEX_REMOVED,
100 MGMT_EV_NEW_SETTINGS,
101 MGMT_EV_CLASS_OF_DEV_CHANGED,
102 MGMT_EV_LOCAL_NAME_CHANGED,
103 MGMT_EV_NEW_LINK_KEY,
104 MGMT_EV_NEW_LONG_TERM_KEY,
105 MGMT_EV_DEVICE_CONNECTED,
106 MGMT_EV_DEVICE_DISCONNECTED,
107 MGMT_EV_CONNECT_FAILED,
108 MGMT_EV_PIN_CODE_REQUEST,
109 MGMT_EV_USER_CONFIRM_REQUEST,
110 MGMT_EV_USER_PASSKEY_REQUEST,
111 MGMT_EV_AUTH_FAILED,
112 MGMT_EV_DEVICE_FOUND,
113 MGMT_EV_DISCOVERING,
114 MGMT_EV_DEVICE_BLOCKED,
115 MGMT_EV_DEVICE_UNBLOCKED,
116 MGMT_EV_DEVICE_UNPAIRED,
92a25256 117 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 118 MGMT_EV_NEW_IRK,
7ee4ea36 119 MGMT_EV_NEW_CSRK,
8afef092
MH		 120 MGMT_EV_DEVICE_ADDED,
121 MGMT_EV_DEVICE_REMOVED,
ffb5a827 122 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 123 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 124 MGMT_EV_UNCONF_INDEX_REMOVED,
e70bb2e8
JH		 125};
126
17b02e62 127#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 128
4b34ee78
JH		 129#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
130 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
131
eec8d2bc
JH		 132struct pending_cmd {
133 struct list_head list;
fc2f4b13 134 u16 opcode;
eec8d2bc 135 int index;
c68fb7ff 136 void *param;
eec8d2bc 137 struct sock *sk;
e9a416b5 138 void *user_data;
eec8d2bc
JH		 139};
140
ca69b795
JH		 141/* HCI to MGMT error code conversion table */
142static u8 mgmt_status_table[] = {
143 MGMT_STATUS_SUCCESS,
144 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
145 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
146 MGMT_STATUS_FAILED, /* Hardware Failure */
147 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
148 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 149 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 150 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
151 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
152 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
153 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
154 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
155 MGMT_STATUS_BUSY, /* Command Disallowed */
156 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
157 MGMT_STATUS_REJECTED, /* Rejected Security */
158 MGMT_STATUS_REJECTED, /* Rejected Personal */
159 MGMT_STATUS_TIMEOUT, /* Host Timeout */
160 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
161 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
162 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
163 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
164 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
165 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
166 MGMT_STATUS_BUSY, /* Repeated Attempts */
167 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
168 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
169 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
170 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
171 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
172 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
173 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
174 MGMT_STATUS_FAILED, /* Unspecified Error */
175 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
176 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
177 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
178 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
179 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
180 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
181 MGMT_STATUS_FAILED, /* Unit Link Key Used */
182 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
183 MGMT_STATUS_TIMEOUT, /* Instant Passed */
184 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
185 MGMT_STATUS_FAILED, /* Transaction Collision */
186 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
187 MGMT_STATUS_REJECTED, /* QoS Rejected */
188 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
189 MGMT_STATUS_REJECTED, /* Insufficient Security */
190 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
191 MGMT_STATUS_BUSY, /* Role Switch Pending */
192 MGMT_STATUS_FAILED, /* Slot Violation */
193 MGMT_STATUS_FAILED, /* Role Switch Failed */
194 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
195 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
196 MGMT_STATUS_BUSY, /* Host Busy Pairing */
197 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
198 MGMT_STATUS_BUSY, /* Controller Busy */
199 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
200 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
201 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
202 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
203 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
204};
205
206static u8 mgmt_status(u8 hci_status)
207{
208 if (hci_status < ARRAY_SIZE(mgmt_status_table))
209 return mgmt_status_table[hci_status];
210
211 return MGMT_STATUS_FAILED;
212}
213
4e51eae9 214static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 215{
216 struct sk_buff *skb;
217 struct mgmt_hdr *hdr;
218 struct mgmt_ev_cmd_status *ev;
56b7d137 219 int err;
f7b64e69 220
34eb525c 221 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 222
790eff44 223 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228
dcf4adbf 229 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 230 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 231 hdr->len = cpu_to_le16(sizeof(*ev));
232
233 ev = (void *) skb_put(skb, sizeof(*ev));
234 ev->status = status;
eb55ef07 235 ev->opcode = cpu_to_le16(cmd);
f7b64e69 236
56b7d137
GP		 237 err = sock_queue_rcv_skb(sk, skb);
238 if (err < 0)
f7b64e69
JH		 239 kfree_skb(skb);
240
56b7d137 241 return err;
f7b64e69
JH		 242}
243
aee9b218 244static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 245 void *rp, size_t rp_len)
02d98129
JH		 246{
247 struct sk_buff *skb;
248 struct mgmt_hdr *hdr;
249 struct mgmt_ev_cmd_complete *ev;
56b7d137 250 int err;
02d98129
JH		 251
252 BT_DBG("sock %p", sk);
253
790eff44 254 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 255 if (!skb)
256 return -ENOMEM;
257
258 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 259
dcf4adbf 260 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 261 hdr->index = cpu_to_le16(index);
a38528f1 262 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 263
a38528f1 264 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 265 ev->opcode = cpu_to_le16(cmd);
aee9b218 266 ev->status = status;
8020c16a
SJ		 267
268 if (rp)
269 memcpy(ev->data, rp, rp_len);
02d98129 270
56b7d137
GP		 271 err = sock_queue_rcv_skb(sk, skb);
272 if (err < 0)
02d98129
JH		 273 kfree_skb(skb);
274
e5f0e151 275 return err;
02d98129
JH		 276}
277
04124681
GP		 278static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
a38528f1
JH		 280{
281 struct mgmt_rp_read_version rp;
282
283 BT_DBG("sock %p", sk);
284
285 rp.version = MGMT_VERSION;
dcf4adbf 286 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 287
aee9b218 288 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 289 sizeof(rp));
a38528f1
JH		 290}
291
04124681
GP		 292static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
293 u16 data_len)
e70bb2e8
JH		 294{
295 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 296 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
297 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 298 __le16 *opcode;
e70bb2e8
JH		 299 size_t rp_size;
300 int i, err;
301
302 BT_DBG("sock %p", sk);
303
304 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
305
306 rp = kmalloc(rp_size, GFP_KERNEL);
307 if (!rp)
308 return -ENOMEM;
309
dcf4adbf
JP		 310 rp->num_commands = cpu_to_le16(num_commands);
311 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 312
313 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
314 put_unaligned_le16(mgmt_commands[i], opcode);
315
316 for (i = 0; i < num_events; i++, opcode++)
317 put_unaligned_le16(mgmt_events[i], opcode);
318
aee9b218 319 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 320 rp_size);
e70bb2e8
JH		 321 kfree(rp);
322
323 return err;
324}
325
04124681
GP		 326static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
327 u16 data_len)
faba42eb 328{
faba42eb 329 struct mgmt_rp_read_index_list *rp;
8035ded4 330 struct hci_dev *d;
a38528f1 331 size_t rp_len;
faba42eb 332 u16 count;
476e44cb 333 int err;
faba42eb
JH		 334
335 BT_DBG("sock %p", sk);
336
337 read_lock(&hci_dev_list_lock);
338
339 count = 0;
bb4b2a9a 340 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 341 if (d->dev_type == HCI_BREDR &&
342 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 343 count++;
faba42eb
JH		 344 }
345
a38528f1
JH		 346 rp_len = sizeof(*rp) + (2 * count);
347 rp = kmalloc(rp_len, GFP_ATOMIC);
348 if (!rp) {
b2c60d42 349 read_unlock(&hci_dev_list_lock);
faba42eb 350 return -ENOMEM;
b2c60d42 351 }
faba42eb 352
476e44cb 353 count = 0;
8035ded4 354 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 355 if (test_bit(HCI_SETUP, &d->dev_flags) ||
356 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 357 continue;
358
73d1df2a
MH		 359 /* Devices marked as raw-only are neither configured
360 * nor unconfigured controllers.
361 */
362 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 363 continue;
364
73d1df2a
MH		 365 if (d->dev_type == HCI_BREDR &&
366 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 367 rp->index[count++] = cpu_to_le16(d->id);
368 BT_DBG("Added hci%u", d->id);
369 }
faba42eb
JH		 370 }
371
476e44cb
JH		 372 rp->num_controllers = cpu_to_le16(count);
373 rp_len = sizeof(*rp) + (2 * count);
374
faba42eb
JH		 375 read_unlock(&hci_dev_list_lock);
376
aee9b218 377 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 378 rp_len);
faba42eb 379
a38528f1
JH		 380 kfree(rp);
381
382 return err;
faba42eb
JH		 383}
384
73d1df2a
MH		 385static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
386 void *data, u16 data_len)
387{
388 struct mgmt_rp_read_unconf_index_list *rp;
389 struct hci_dev *d;
390 size_t rp_len;
391 u16 count;
392 int err;
393
394 BT_DBG("sock %p", sk);
395
396 read_lock(&hci_dev_list_lock);
397
398 count = 0;
399 list_for_each_entry(d, &hci_dev_list, list) {
400 if (d->dev_type == HCI_BREDR &&
401 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
402 count++;
403 }
404
405 rp_len = sizeof(*rp) + (2 * count);
406 rp = kmalloc(rp_len, GFP_ATOMIC);
407 if (!rp) {
408 read_unlock(&hci_dev_list_lock);
409 return -ENOMEM;
410 }
411
412 count = 0;
413 list_for_each_entry(d, &hci_dev_list, list) {
414 if (test_bit(HCI_SETUP, &d->dev_flags) ||
415 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
416 continue;
417
418 /* Devices marked as raw-only are neither configured
419 * nor unconfigured controllers.
420 */
421 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
422 continue;
423
424 if (d->dev_type == HCI_BREDR &&
425 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
426 rp->index[count++] = cpu_to_le16(d->id);
427 BT_DBG("Added hci%u", d->id);
428 }
429 }
430
431 rp->num_controllers = cpu_to_le16(count);
432 rp_len = sizeof(*rp) + (2 * count);
433
434 read_unlock(&hci_dev_list_lock);
435
436 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
437 0, rp, rp_len);
438
439 kfree(rp);
440
441 return err;
442}
443
9fc3bfb6
MH		 444static int read_config_info(struct sock *sk, struct hci_dev *hdev,
445 void *data, u16 data_len)
446{
447 struct mgmt_rp_read_config_info rp;
448
449 BT_DBG("sock %p %s", sk, hdev->name);
450
451 hci_dev_lock(hdev);
452
453 memset(&rp, 0, sizeof(rp));
454 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
455 if (hdev->set_bdaddr)
456 rp.supported_options = cpu_to_le32(MGMT_OPTION_PUBLIC_ADDRESS);
457 else
458 rp.supported_options = cpu_to_le32(0);
459 rp.missing_options = cpu_to_le32(0);
460
461 hci_dev_unlock(hdev);
462
463 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
464 sizeof(rp));
465}
466
69ab39ea
JH		 467static u32 get_supported_settings(struct hci_dev *hdev)
468{
469 u32 settings = 0;
470
471 settings |= MGMT_SETTING_POWERED;
69ab39ea 472 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 473 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 474
ed3fa31f 475 if (lmp_bredr_capable(hdev)) {
33c525c0 476 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 477 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
478 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 479 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 480 settings |= MGMT_SETTING_BREDR;
481 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 482
483 if (lmp_ssp_capable(hdev)) {
484 settings |= MGMT_SETTING_SSP;
485 settings |= MGMT_SETTING_HS;
486 }
e98d2ce2 487
5afeac14 488 if (lmp_sc_capable(hdev) ||
111902f7 489 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 490 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 491 }
d7b7e796 492
eeca6f89 493 if (lmp_le_capable(hdev)) {
9d42820f 494 settings |= MGMT_SETTING_LE;
eeca6f89 495 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 496 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 497 }
69ab39ea 498
9fc3bfb6
MH		 499 if (hdev->set_bdaddr)
500 settings |= MGMT_SETTING_CONFIGURATION;
501
69ab39ea
JH		 502 return settings;
503}
504
505static u32 get_current_settings(struct hci_dev *hdev)
506{
507 u32 settings = 0;
508
f1f0eb02 509 if (hdev_is_powered(hdev))
f0d4b78a
MH		 510 settings |= MGMT_SETTING_POWERED;
511
5e5282bb 512 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 513 settings |= MGMT_SETTING_CONNECTABLE;
514
1a4d3c4b
JH		 515 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
516 settings |= MGMT_SETTING_FAST_CONNECTABLE;
517
5e5282bb 518 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 519 settings |= MGMT_SETTING_DISCOVERABLE;
520
a8b2d5c2 521 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 522 settings |= MGMT_SETTING_PAIRABLE;
523
56f87901 524 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 525 settings |= MGMT_SETTING_BREDR;
526
06199cf8 527 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 528 settings |= MGMT_SETTING_LE;
529
47990ea0 530 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 531 settings |= MGMT_SETTING_LINK_SECURITY;
532
84bde9d6 533 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 534 settings |= MGMT_SETTING_SSP;
535
6d80dfd0
JH		 536 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
537 settings |= MGMT_SETTING_HS;
538
f3d3444a 539 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 540 settings |= MGMT_SETTING_ADVERTISING;
541
e98d2ce2
MH		 542 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
543 settings |= MGMT_SETTING_SECURE_CONN;
544
0663b297 545 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 546 settings |= MGMT_SETTING_DEBUG_KEYS;
547
0f4bd942
JH		 548 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
549 settings |= MGMT_SETTING_PRIVACY;
550
69ab39ea
JH		 551 return settings;
552}
553
ef580372
JH		 554#define PNP_INFO_SVCLASS_ID 0x1200
555
213202ed
JH		 556static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
557{
558 u8 *ptr = data, *uuids_start = NULL;
559 struct bt_uuid *uuid;
560
561 if (len < 4)
562 return ptr;
563
564 list_for_each_entry(uuid, &hdev->uuids, list) {
565 u16 uuid16;
566
567 if (uuid->size != 16)
568 continue;
569
570 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
571 if (uuid16 < 0x1100)
572 continue;
573
574 if (uuid16 == PNP_INFO_SVCLASS_ID)
575 continue;
576
577 if (!uuids_start) {
578 uuids_start = ptr;
579 uuids_start[0] = 1;
580 uuids_start[1] = EIR_UUID16_ALL;
581 ptr += 2;
582 }
583
584 /* Stop if not enough space to put next UUID */
585 if ((ptr - data) + sizeof(u16) > len) {
586 uuids_start[1] = EIR_UUID16_SOME;
587 break;
588 }
589
590 *ptr++ = (uuid16 & 0x00ff);
591 *ptr++ = (uuid16 & 0xff00) >> 8;
592 uuids_start[0] += sizeof(uuid16);
593 }
594
595 return ptr;
596}
597
cdf1963f
JH		 598static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
599{
600 u8 *ptr = data, *uuids_start = NULL;
601 struct bt_uuid *uuid;
602
603 if (len < 6)
604 return ptr;
605
606 list_for_each_entry(uuid, &hdev->uuids, list) {
607 if (uuid->size != 32)
608 continue;
609
610 if (!uuids_start) {
611 uuids_start = ptr;
612 uuids_start[0] = 1;
613 uuids_start[1] = EIR_UUID32_ALL;
614 ptr += 2;
615 }
616
617 /* Stop if not enough space to put next UUID */
618 if ((ptr - data) + sizeof(u32) > len) {
619 uuids_start[1] = EIR_UUID32_SOME;
620 break;
621 }
622
623 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
624 ptr += sizeof(u32);
625 uuids_start[0] += sizeof(u32);
626 }
627
628 return ptr;
629}
630
c00d575b
JH		 631static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
632{
633 u8 *ptr = data, *uuids_start = NULL;
634 struct bt_uuid *uuid;
635
636 if (len < 18)
637 return ptr;
638
639 list_for_each_entry(uuid, &hdev->uuids, list) {
640 if (uuid->size != 128)
641 continue;
642
643 if (!uuids_start) {
644 uuids_start = ptr;
645 uuids_start[0] = 1;
646 uuids_start[1] = EIR_UUID128_ALL;
647 ptr += 2;
648 }
649
650 /* Stop if not enough space to put next UUID */
651 if ((ptr - data) + 16 > len) {
652 uuids_start[1] = EIR_UUID128_SOME;
653 break;
654 }
655
656 memcpy(ptr, uuid->uuid, 16);
657 ptr += 16;
658 uuids_start[0] += 16;
659 }
660
661 return ptr;
662}
663
eb2a8d20
JH		 664static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
665{
666 struct pending_cmd *cmd;
667
668 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
669 if (cmd->opcode == opcode)
670 return cmd;
671 }
672
673 return NULL;
674}
675
95868426
JH		 676static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
677 struct hci_dev *hdev,
678 const void *data)
679{
680 struct pending_cmd *cmd;
681
682 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
683 if (cmd->user_data != data)
684 continue;
685 if (cmd->opcode == opcode)
686 return cmd;
687 }
688
689 return NULL;
690}
691
f14d8f64
MH		 692static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
693{
7a5f4990
MH		 694 u8 ad_len = 0;
695 size_t name_len;
696
697 name_len = strlen(hdev->dev_name);
698 if (name_len > 0) {
699 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
700
701 if (name_len > max_len) {
702 name_len = max_len;
703 ptr[1] = EIR_NAME_SHORT;
704 } else
705 ptr[1] = EIR_NAME_COMPLETE;
706
707 ptr[0] = name_len + 1;
708
709 memcpy(ptr + 2, hdev->dev_name, name_len);
710
711 ad_len += (name_len + 2);
712 ptr += (name_len + 2);
713 }
714
715 return ad_len;
f14d8f64
MH		 716}
717
718static void update_scan_rsp_data(struct hci_request *req)
719{
720 struct hci_dev *hdev = req->hdev;
721 struct hci_cp_le_set_scan_rsp_data cp;
722 u8 len;
723
7751ef1b 724 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 725 return;
726
727 memset(&cp, 0, sizeof(cp));
728
729 len = create_scan_rsp_data(hdev, cp.data);
730
eb438b5f
JH		 731 if (hdev->scan_rsp_data_len == len &&
732 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 733 return;
734
eb438b5f
JH		 735 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
736 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 737
738 cp.length = len;
739
740 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
741}
742
9a43e25f
JH		 743static u8 get_adv_discov_flags(struct hci_dev *hdev)
744{
745 struct pending_cmd *cmd;
746
747 /* If there's a pending mgmt command the flags will not yet have
748 * their final values, so check for this first.
749 */
750 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
751 if (cmd) {
752 struct mgmt_mode *cp = cmd->param;
753 if (cp->val == 0x01)
754 return LE_AD_GENERAL;
755 else if (cp->val == 0x02)
756 return LE_AD_LIMITED;
757 } else {
758 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
759 return LE_AD_LIMITED;
760 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
761 return LE_AD_GENERAL;
762 }
763
764 return 0;
765}
766
46cad2ed 767static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 768{
769 u8 ad_len = 0, flags = 0;
441ad2d0 770
9a43e25f 771 flags |= get_adv_discov_flags(hdev);
441ad2d0 772
e834004b 773 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 774 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 775
776 if (flags) {
777 BT_DBG("adv flags 0x%02x", flags);
778
779 ptr[0] = 2;
780 ptr[1] = EIR_FLAGS;
781 ptr[2] = flags;
782
783 ad_len += 3;
784 ptr += 3;
785 }
786
787 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
788 ptr[0] = 2;
789 ptr[1] = EIR_TX_POWER;
790 ptr[2] = (u8) hdev->adv_tx_power;
791
792 ad_len += 3;
793 ptr += 3;
794 }
795
441ad2d0
MH		 796 return ad_len;
797}
798
5947f4bc 799static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 800{
801 struct hci_dev *hdev = req->hdev;
802 struct hci_cp_le_set_adv_data cp;
803 u8 len;
804
10994ce6 805 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 806 return;
807
808 memset(&cp, 0, sizeof(cp));
809
46cad2ed 810 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 811
812 if (hdev->adv_data_len == len &&
813 memcmp(cp.data, hdev->adv_data, len) == 0)
814 return;
815
816 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
817 hdev->adv_data_len = len;
818
819 cp.length = len;
820
821 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
822}
823
ef580372
JH		 824static void create_eir(struct hci_dev *hdev, u8 *data)
825{
826 u8 *ptr = data;
ef580372
JH		 827 size_t name_len;
828
829 name_len = strlen(hdev->dev_name);
830
831 if (name_len > 0) {
832 /* EIR Data type */
833 if (name_len > 48) {
834 name_len = 48;
835 ptr[1] = EIR_NAME_SHORT;
836 } else
837 ptr[1] = EIR_NAME_COMPLETE;
838
839 /* EIR Data length */
840 ptr[0] = name_len + 1;
841
842 memcpy(ptr + 2, hdev->dev_name, name_len);
843
ef580372
JH		 844 ptr += (name_len + 2);
845 }
846
bbaf444a 847 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 848 ptr[0] = 2;
849 ptr[1] = EIR_TX_POWER;
850 ptr[2] = (u8) hdev->inq_tx_power;
851
91c4e9b1
MH		 852 ptr += 3;
853 }
854
2b9be137
MH		 855 if (hdev->devid_source > 0) {
856 ptr[0] = 9;
857 ptr[1] = EIR_DEVICE_ID;
858
859 put_unaligned_le16(hdev->devid_source, ptr + 2);
860 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
861 put_unaligned_le16(hdev->devid_product, ptr + 6);
862 put_unaligned_le16(hdev->devid_version, ptr + 8);
863
2b9be137
MH		 864 ptr += 10;
865 }
866
213202ed 867 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 868 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 869 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 870}
871
890ea898 872static void update_eir(struct hci_request *req)
ef580372 873{
890ea898 874 struct hci_dev *hdev = req->hdev;
ef580372
JH		 875 struct hci_cp_write_eir cp;
876
504c8dcd 877 if (!hdev_is_powered(hdev))
890ea898 878 return;
7770c4aa 879
976eb20e 880 if (!lmp_ext_inq_capable(hdev))
890ea898 881 return;
ef580372 882
84bde9d6 883 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 884 return;
ef580372 885
a8b2d5c2 886 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 887 return;
ef580372
JH		 888
889 memset(&cp, 0, sizeof(cp));
890
891 create_eir(hdev, cp.data);
892
893 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 894 return;
ef580372
JH		 895
896 memcpy(hdev->eir, cp.data, sizeof(cp.data));
897
890ea898 898 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 899}
900
901static u8 get_service_classes(struct hci_dev *hdev)
902{
903 struct bt_uuid *uuid;
904 u8 val = 0;
905
906 list_for_each_entry(uuid, &hdev->uuids, list)
907 val |= uuid->svc_hint;
908
909 return val;
910}
911
890ea898 912static void update_class(struct hci_request *req)
ef580372 913{
890ea898 914 struct hci_dev *hdev = req->hdev;
ef580372
JH		 915 u8 cod[3];
916
917 BT_DBG("%s", hdev->name);
918
504c8dcd 919 if (!hdev_is_powered(hdev))
890ea898 920 return;
7770c4aa 921
f87ea1da
JH		 922 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
923 return;
924
a8b2d5c2 925 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 926 return;
ef580372
JH		 927
928 cod[0] = hdev->minor_class;
929 cod[1] = hdev->major_class;
930 cod[2] = get_service_classes(hdev);
931
6acd7db4
MH		 932 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
933 cod[1] |= 0x20;
934
ef580372 935 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 936 return;
ef580372 937
890ea898 938 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 939}
940
a4858cb9 941static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 942{
943 struct pending_cmd *cmd;
199a2fb1
JH		 944
945 /* If there's a pending mgmt command the flag will not yet have
946 * it's final value, so check for this first.
947 */
948 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
949 if (cmd) {
950 struct mgmt_mode *cp = cmd->param;
a4858cb9 951 return cp->val;
199a2fb1
JH		 952 }
953
a4858cb9 954 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 955}
956
957static void enable_advertising(struct hci_request *req)
958{
959 struct hci_dev *hdev = req->hdev;
960 struct hci_cp_le_set_adv_param cp;
8f2a0601 961 u8 own_addr_type, enable = 0x01;
a4858cb9 962 bool connectable;
199a2fb1 963
8d97250e
JH		 964 /* Clear the HCI_ADVERTISING bit temporarily so that the
965 * hci_update_random_address knows that it's safe to go ahead
966 * and write a new random address. The flag will be set back on
967 * as soon as the SET_ADV_ENABLE HCI command completes.
968 */
969 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
970
a4858cb9 971 connectable = get_connectable(hdev);
8f2a0601 972
a4858cb9
JH		 973 /* Set require_privacy to true only when non-connectable
974 * advertising is used. In that case it is fine to use a
975 * non-resolvable private address.
976 */
977 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 978 return;
979
41c90c18 980 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 981 cp.min_interval = cpu_to_le16(0x0800);
982 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 983 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 984 cp.own_address_type = own_addr_type;
199a2fb1
JH		 985 cp.channel_map = hdev->le_adv_channel_map;
986
987 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
988
989 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
990}
991
992static void disable_advertising(struct hci_request *req)
993{
994 u8 enable = 0x00;
995
996 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
997}
998
7d78525d
JH		 999static void service_cache_off(struct work_struct *work)
1000{
1001 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1002 service_cache.work);
890ea898 1003 struct hci_request req;
7d78525d 1004
a8b2d5c2 1005 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1006 return;
1007
890ea898
JH		 1008 hci_req_init(&req, hdev);
1009
7d78525d
JH		 1010 hci_dev_lock(hdev);
1011
890ea898
JH		 1012 update_eir(&req);
1013 update_class(&req);
7d78525d
JH		 1014
1015 hci_dev_unlock(hdev);
890ea898
JH		 1016
1017 hci_req_run(&req, NULL);
7d78525d
JH		 1018}
1019
d6bfd59c
JH		 1020static void rpa_expired(struct work_struct *work)
1021{
1022 struct hci_dev *hdev = container_of(work, struct hci_dev,
1023 rpa_expired.work);
1024 struct hci_request req;
1025
1026 BT_DBG("");
1027
1028 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1029
1030 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
1031 hci_conn_num(hdev, LE_LINK) > 0)
1032 return;
1033
1034 /* The generation of a new RPA and programming it into the
1035 * controller happens in the enable_advertising() function.
1036 */
1037
1038 hci_req_init(&req, hdev);
1039
1040 disable_advertising(&req);
1041 enable_advertising(&req);
1042
1043 hci_req_run(&req, NULL);
1044}
1045
6a919082 1046static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1047{
4f87da80 1048 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1049 return;
1050
4f87da80 1051 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1052 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1053
4f87da80
JH		 1054 /* Non-mgmt controlled devices get this bit set
1055 * implicitly so that pairing works for them, however
1056 * for mgmt we require user-space to explicitly enable
1057 * it
1058 */
1059 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1060}
1061
0f4e68cf 1062static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1063 void *data, u16 data_len)
0381101f 1064{
a38528f1 1065 struct mgmt_rp_read_info rp;
f7b64e69 1066
bdb6d971 1067 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1068
09fd0de5 1069 hci_dev_lock(hdev);
f7b64e69 1070
dc4fe30b
JH		 1071 memset(&rp, 0, sizeof(rp));
1072
69ab39ea 1073 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1074
69ab39ea 1075 rp.version = hdev->hci_ver;
eb55ef07 1076 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1077
1078 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1079 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1080
a38528f1 1081 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1082
dc4fe30b 1083 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1084 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1085
09fd0de5 1086 hci_dev_unlock(hdev);
0381101f 1087
bdb6d971 1088 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1089 sizeof(rp));
0381101f
JH		 1090}
1091
eec8d2bc
JH		 1092static void mgmt_pending_free(struct pending_cmd *cmd)
1093{
1094 sock_put(cmd->sk);
c68fb7ff 1095 kfree(cmd->param);
eec8d2bc
JH		 1096 kfree(cmd);
1097}
1098
366a0336 1099static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1100 struct hci_dev *hdev, void *data,
1101 u16 len)
eec8d2bc
JH		 1102{
1103 struct pending_cmd *cmd;
1104
fca20018 1105 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1106 if (!cmd)
366a0336 1107 return NULL;
eec8d2bc
JH		 1108
1109 cmd->opcode = opcode;
2e58ef3e 1110 cmd->index = hdev->id;
eec8d2bc 1111
12b94565 1112 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1113 if (!cmd->param) {
eec8d2bc 1114 kfree(cmd);
366a0336 1115 return NULL;
eec8d2bc
JH		 1116 }
1117
8fce6357
SJ		 1118 if (data)
1119 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1120
1121 cmd->sk = sk;
1122 sock_hold(sk);
1123
2e58ef3e 1124 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1125
366a0336 1126 return cmd;
eec8d2bc
JH		 1127}
1128
744cf19e 1129static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1130 void (*cb)(struct pending_cmd *cmd,
1131 void *data),
04124681 1132 void *data)
eec8d2bc 1133{
a3d09356 1134 struct pending_cmd *cmd, *tmp;
eec8d2bc 1135
a3d09356 1136 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1137 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1138 continue;
1139
eec8d2bc
JH		 1140 cb(cmd, data);
1141 }
1142}
1143
a664b5bc 1144static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1145{
73f22f62
JH		 1146 list_del(&cmd->list);
1147 mgmt_pending_free(cmd);
1148}
1149
69ab39ea 1150static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1151{
69ab39ea 1152 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1153
aee9b218 1154 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1155 sizeof(settings));
8680570b
JH		 1156}
1157
8b064a3a
JH		 1158static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1159{
1160 BT_DBG("%s status 0x%02x", hdev->name, status);
1161
a3172b7e
JH		 1162 if (hci_conn_count(hdev) == 0) {
1163 cancel_delayed_work(&hdev->power_off);
8b064a3a 1164 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1165 }
8b064a3a
JH		 1166}
1167
21a60d30
JH		 1168static void hci_stop_discovery(struct hci_request *req)
1169{
1170 struct hci_dev *hdev = req->hdev;
1171 struct hci_cp_remote_name_req_cancel cp;
1172 struct inquiry_entry *e;
1173
1174 switch (hdev->discovery.state) {
1175 case DISCOVERY_FINDING:
1176 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1177 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1178 } else {
1179 cancel_delayed_work(&hdev->le_scan_disable);
1180 hci_req_add_le_scan_disable(req);
1181 }
1182
1183 break;
1184
1185 case DISCOVERY_RESOLVING:
1186 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1187 NAME_PENDING);
1188 if (!e)
1189 return;
1190
1191 bacpy(&cp.bdaddr, &e->data.bdaddr);
1192 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1193 &cp);
1194
1195 break;
1196
1197 default:
1198 /* Passive scanning */
1199 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1200 hci_req_add_le_scan_disable(req);
1201 break;
1202 }
1203}
1204
8b064a3a
JH		 1205static int clean_up_hci_state(struct hci_dev *hdev)
1206{
1207 struct hci_request req;
1208 struct hci_conn *conn;
1209
1210 hci_req_init(&req, hdev);
1211
1212 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1213 test_bit(HCI_PSCAN, &hdev->flags)) {
1214 u8 scan = 0x00;
1215 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1216 }
1217
1218 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1219 disable_advertising(&req);
1220
f8680f12 1221 hci_stop_discovery(&req);
8b064a3a
JH		 1222
1223 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1224 struct hci_cp_disconnect dc;
c9910d0f
JH		 1225 struct hci_cp_reject_conn_req rej;
1226
1227 switch (conn->state) {
1228 case BT_CONNECTED:
1229 case BT_CONFIG:
1230 dc.handle = cpu_to_le16(conn->handle);
1231 dc.reason = 0x15; /* Terminated due to Power Off */
1232 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1233 break;
1234 case BT_CONNECT:
1235 if (conn->type == LE_LINK)
1236 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1237 0, NULL);
1238 else if (conn->type == ACL_LINK)
1239 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1240 6, &conn->dst);
1241 break;
1242 case BT_CONNECT2:
1243 bacpy(&rej.bdaddr, &conn->dst);
1244 rej.reason = 0x15; /* Terminated due to Power Off */
1245 if (conn->type == ACL_LINK)
1246 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1247 sizeof(rej), &rej);
1248 else if (conn->type == SCO_LINK)
1249 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1250 sizeof(rej), &rej);
1251 break;
1252 }
8b064a3a
JH		 1253 }
1254
1255 return hci_req_run(&req, clean_up_hci_complete);
1256}
1257
bdb6d971 1258static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1259 u16 len)
eec8d2bc 1260{
650f726d 1261 struct mgmt_mode *cp = data;
366a0336 1262 struct pending_cmd *cmd;
4b34ee78 1263 int err;
eec8d2bc 1264
bdb6d971 1265 BT_DBG("request for %s", hdev->name);
eec8d2bc 1266
a7e80f25
JH		 1267 if (cp->val != 0x00 && cp->val != 0x01)
1268 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1269 MGMT_STATUS_INVALID_PARAMS);
1270
09fd0de5 1271 hci_dev_lock(hdev);
eec8d2bc 1272
87b95ba6
JH		 1273 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1274 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1275 MGMT_STATUS_BUSY);
1276 goto failed;
1277 }
1278
f0d4b78a
MH		 1279 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1280 cancel_delayed_work(&hdev->power_off);
1281
1282 if (cp->val) {
a1d70450
JH		 1283 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1284 data, len);
1285 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1286 goto failed;
1287 }
1288 }
1289
4b34ee78 1290 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1291 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1292 goto failed;
1293 }
1294
2e58ef3e 1295 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1296 if (!cmd) {
1297 err = -ENOMEM;
eec8d2bc 1298 goto failed;
366a0336 1299 }
eec8d2bc 1300
8b064a3a 1301 if (cp->val) {
19202573 1302 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1303 err = 0;
1304 } else {
1305 /* Disconnect connections, stop scans, etc */
1306 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1307 if (!err)
1308 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1309 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1310
8b064a3a
JH		 1311 /* ENODATA means there were no HCI commands queued */
1312 if (err == -ENODATA) {
a3172b7e 1313 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1314 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1315 err = 0;
1316 }
1317 }
eec8d2bc
JH		 1318
1319failed:
09fd0de5 1320 hci_dev_unlock(hdev);
366a0336 1321 return err;
eec8d2bc
JH		 1322}
1323
04124681
GP		 1324static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1325 struct sock *skip_sk)
beadb2bd
JH		 1326{
1327 struct sk_buff *skb;
1328 struct mgmt_hdr *hdr;
1329
790eff44 1330 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1331 if (!skb)
1332 return -ENOMEM;
1333
1334 hdr = (void *) skb_put(skb, sizeof(*hdr));
1335 hdr->opcode = cpu_to_le16(event);
1336 if (hdev)
1337 hdr->index = cpu_to_le16(hdev->id);
1338 else
dcf4adbf 1339 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1340 hdr->len = cpu_to_le16(data_len);
1341
1342 if (data)
1343 memcpy(skb_put(skb, data_len), data, data_len);
1344
97e0bdeb
MH		 1345 /* Time stamp */
1346 __net_timestamp(skb);
1347
beadb2bd
JH		 1348 hci_send_to_control(skb, skip_sk);
1349 kfree_skb(skb);
1350
1351 return 0;
1352}
1353
1354static int new_settings(struct hci_dev *hdev, struct sock *skip)
1355{
1356 __le32 ev;
1357
1358 ev = cpu_to_le32(get_current_settings(hdev));
1359
1360 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1361}
1362
bd99abdd
JH		 1363struct cmd_lookup {
1364 struct sock *sk;
1365 struct hci_dev *hdev;
1366 u8 mgmt_status;
1367};
1368
1369static void settings_rsp(struct pending_cmd *cmd, void *data)
1370{
1371 struct cmd_lookup *match = data;
1372
1373 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1374
1375 list_del(&cmd->list);
1376
1377 if (match->sk == NULL) {
1378 match->sk = cmd->sk;
1379 sock_hold(match->sk);
1380 }
1381
1382 mgmt_pending_free(cmd);
1383}
1384
1385static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1386{
1387 u8 *status = data;
1388
1389 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1390 mgmt_pending_remove(cmd);
1391}
1392
e6fe7986
JH		 1393static u8 mgmt_bredr_support(struct hci_dev *hdev)
1394{
1395 if (!lmp_bredr_capable(hdev))
1396 return MGMT_STATUS_NOT_SUPPORTED;
1397 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1398 return MGMT_STATUS_REJECTED;
1399 else
1400 return MGMT_STATUS_SUCCESS;
1401}
1402
1403static u8 mgmt_le_support(struct hci_dev *hdev)
1404{
1405 if (!lmp_le_capable(hdev))
1406 return MGMT_STATUS_NOT_SUPPORTED;
1407 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1408 return MGMT_STATUS_REJECTED;
1409 else
1410 return MGMT_STATUS_SUCCESS;
1411}
1412
bfaf8c9f
JH		 1413static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1414{
1415 struct pending_cmd *cmd;
1416 struct mgmt_mode *cp;
970ba524 1417 struct hci_request req;
bfaf8c9f
JH		 1418 bool changed;
1419
1420 BT_DBG("status 0x%02x", status);
1421
1422 hci_dev_lock(hdev);
1423
1424 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1425 if (!cmd)
1426 goto unlock;
1427
1428 if (status) {
1429 u8 mgmt_err = mgmt_status(status);
1430 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1431 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1432 goto remove_cmd;
1433 }
1434
1435 cp = cmd->param;
d4462a07 1436 if (cp->val) {
bfaf8c9f
JH		 1437 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1438 &hdev->dev_flags);
d4462a07
MH		 1439
1440 if (hdev->discov_timeout > 0) {
1441 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1442 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1443 to);
1444 }
1445 } else {
bfaf8c9f
JH		 1446 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1447 &hdev->dev_flags);
d4462a07 1448 }
bfaf8c9f
JH		 1449
1450 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1451
1452 if (changed)
1453 new_settings(hdev, cmd->sk);
1454
970ba524
MH		 1455 /* When the discoverable mode gets changed, make sure
1456 * that class of device has the limited discoverable
1457 * bit correctly set.
1458 */
1459 hci_req_init(&req, hdev);
1460 update_class(&req);
1461 hci_req_run(&req, NULL);
1462
bfaf8c9f
JH		 1463remove_cmd:
1464 mgmt_pending_remove(cmd);
1465
1466unlock:
1467 hci_dev_unlock(hdev);
1468}
1469
bdb6d971 1470static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1471 u16 len)
73f22f62 1472{
650f726d 1473 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1474 struct pending_cmd *cmd;
bfaf8c9f 1475 struct hci_request req;
5e5282bb 1476 u16 timeout;
9a43e25f 1477 u8 scan;
73f22f62
JH		 1478 int err;
1479
bdb6d971 1480 BT_DBG("request for %s", hdev->name);
73f22f62 1481
9a43e25f
JH		 1482 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1483 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1484 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1485 MGMT_STATUS_REJECTED);
33c525c0 1486
310a3d48 1487 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1488 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1489 MGMT_STATUS_INVALID_PARAMS);
1490
1f350c87 1491 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1492
1493 /* Disabling discoverable requires that no timeout is set,
1494 * and enabling limited discoverable requires a timeout.
1495 */
1496 if ((cp->val == 0x00 && timeout > 0) ||
1497 (cp->val == 0x02 && timeout == 0))
bdb6d971 1498 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1499 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1500
09fd0de5 1501 hci_dev_lock(hdev);
73f22f62 1502
5e5282bb 1503 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1504 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1505 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1506 goto failed;
1507 }
1508
2e58ef3e 1509 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1510 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1511 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1512 MGMT_STATUS_BUSY);
73f22f62
JH		 1513 goto failed;
1514 }
1515
5e5282bb 1516 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1517 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1518 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1519 goto failed;
1520 }
1521
1522 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1523 bool changed = false;
1524
310a3d48
MH		 1525 /* Setting limited discoverable when powered off is
1526 * not a valid operation since it requires a timeout
1527 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1528 */
0224d2fa
JH		 1529 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1530 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1531 changed = true;
1532 }
1533
5e5282bb 1534 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1535 if (err < 0)
1536 goto failed;
1537
1538 if (changed)
1539 err = new_settings(hdev, sk);
1540
5e5282bb
JH		 1541 goto failed;
1542 }
1543
310a3d48
MH		 1544 /* If the current mode is the same, then just update the timeout
1545 * value with the new value. And if only the timeout gets updated,
1546 * then no need for any HCI transactions.
1547 */
1548 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1549 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1550 &hdev->dev_flags)) {
36261547
MH		 1551 cancel_delayed_work(&hdev->discov_off);
1552 hdev->discov_timeout = timeout;
955638ec 1553
36261547
MH		 1554 if (cp->val && hdev->discov_timeout > 0) {
1555 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1556 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1557 to);
955638ec
MH		 1558 }
1559
69ab39ea 1560 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1561 goto failed;
1562 }
1563
2e58ef3e 1564 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1565 if (!cmd) {
1566 err = -ENOMEM;
73f22f62 1567 goto failed;
366a0336 1568 }
73f22f62 1569
310a3d48
MH		 1570 /* Cancel any potential discoverable timeout that might be
1571 * still active and store new timeout value. The arming of
1572 * the timeout happens in the complete handler.
1573 */
1574 cancel_delayed_work(&hdev->discov_off);
1575 hdev->discov_timeout = timeout;
1576
b456f87c
JH		 1577 /* Limited discoverable mode */
1578 if (cp->val == 0x02)
1579 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1580 else
1581 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1582
bfaf8c9f
JH		 1583 hci_req_init(&req, hdev);
1584
9a43e25f
JH		 1585 /* The procedure for LE-only controllers is much simpler - just
1586 * update the advertising data.
1587 */
1588 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1589 goto update_ad;
1590
73f22f62
JH		 1591 scan = SCAN_PAGE;
1592
310a3d48
MH		 1593 if (cp->val) {
1594 struct hci_cp_write_current_iac_lap hci_cp;
1595
1596 if (cp->val == 0x02) {
1597 /* Limited discoverable mode */
33337dcb 1598 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1599 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1600 hci_cp.iac_lap[1] = 0x8b;
1601 hci_cp.iac_lap[2] = 0x9e;
1602 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1603 hci_cp.iac_lap[4] = 0x8b;
1604 hci_cp.iac_lap[5] = 0x9e;
1605 } else {
1606 /* General discoverable mode */
310a3d48
MH		 1607 hci_cp.num_iac = 1;
1608 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1609 hci_cp.iac_lap[1] = 0x8b;
1610 hci_cp.iac_lap[2] = 0x9e;
1611 }
1612
1613 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1614 (hci_cp.num_iac * 3) + 1, &hci_cp);
1615
73f22f62 1616 scan |= SCAN_INQUIRY;
310a3d48
MH		 1617 } else {
1618 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1619 }
73f22f62 1620
310a3d48 1621 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1622
9a43e25f
JH		 1623update_ad:
1624 update_adv_data(&req);
1625
bfaf8c9f 1626 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1627 if (err < 0)
a664b5bc 1628 mgmt_pending_remove(cmd);
73f22f62
JH		 1629
1630failed:
09fd0de5 1631 hci_dev_unlock(hdev);
73f22f62
JH		 1632 return err;
1633}
1634
406d7804
JH		 1635static void write_fast_connectable(struct hci_request *req, bool enable)
1636{
bd98b996 1637 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1638 struct hci_cp_write_page_scan_activity acp;
1639 u8 type;
1640
547003b1
JH		 1641 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1642 return;
1643
4c01f8b8
JH		 1644 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1645 return;
1646
406d7804
JH		 1647 if (enable) {
1648 type = PAGE_SCAN_TYPE_INTERLACED;
1649
1650 /* 160 msec page scan interval */
dcf4adbf 1651 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1652 } else {
1653 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1654
1655 /* default 1.28 sec page scan */
dcf4adbf 1656 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1657 }
1658
dcf4adbf 1659 acp.window = cpu_to_le16(0x0012);
406d7804 1660
bd98b996
JH		 1661 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1662 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1663 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1664 sizeof(acp), &acp);
1665
1666 if (hdev->page_scan_type != type)
1667 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1668}
1669
2b76f453
JH		 1670static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1671{
1672 struct pending_cmd *cmd;
d7b856f9
JH		 1673 struct mgmt_mode *cp;
1674 bool changed;
2b76f453
JH		 1675
1676 BT_DBG("status 0x%02x", status);
1677
1678 hci_dev_lock(hdev);
1679
1680 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1681 if (!cmd)
1682 goto unlock;
1683
37438c1f
JH		 1684 if (status) {
1685 u8 mgmt_err = mgmt_status(status);
1686 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1687 goto remove_cmd;
1688 }
1689
d7b856f9
JH		 1690 cp = cmd->param;
1691 if (cp->val)
1692 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1693 else
1694 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1695
2b76f453
JH		 1696 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1697
d7b856f9
JH		 1698 if (changed)
1699 new_settings(hdev, cmd->sk);
1700
37438c1f 1701remove_cmd:
2b76f453
JH		 1702 mgmt_pending_remove(cmd);
1703
1704unlock:
1705 hci_dev_unlock(hdev);
1706}
1707
e8ba3a1f
JH		 1708static int set_connectable_update_settings(struct hci_dev *hdev,
1709 struct sock *sk, u8 val)
1710{
1711 bool changed = false;
1712 int err;
1713
1714 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1715 changed = true;
1716
1717 if (val) {
1718 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1719 } else {
1720 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1721 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1722 }
1723
1724 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1725 if (err < 0)
1726 return err;
1727
1728 if (changed)
1729 return new_settings(hdev, sk);
1730
1731 return 0;
1732}
1733
bdb6d971 1734static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1735 u16 len)
9fbcbb45 1736{
650f726d 1737 struct mgmt_mode *cp = data;
366a0336 1738 struct pending_cmd *cmd;
2b76f453 1739 struct hci_request req;
1987fdc7 1740 u8 scan;
9fbcbb45
JH		 1741 int err;
1742
bdb6d971 1743 BT_DBG("request for %s", hdev->name);
9fbcbb45 1744
1987fdc7
JH		 1745 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1746 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1747 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1748 MGMT_STATUS_REJECTED);
33c525c0 1749
a7e80f25
JH		 1750 if (cp->val != 0x00 && cp->val != 0x01)
1751 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1752 MGMT_STATUS_INVALID_PARAMS);
1753
09fd0de5 1754 hci_dev_lock(hdev);
9fbcbb45 1755
4b34ee78 1756 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1757 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1758 goto failed;
1759 }
1760
2e58ef3e 1761 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1762 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1763 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1764 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1765 goto failed;
1766 }
1767
2e58ef3e 1768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1769 if (!cmd) {
1770 err = -ENOMEM;
9fbcbb45 1771 goto failed;
366a0336 1772 }
9fbcbb45 1773
9b74246f 1774 hci_req_init(&req, hdev);
9fbcbb45 1775
9a43e25f
JH		 1776 /* If BR/EDR is not enabled and we disable advertising as a
1777 * by-product of disabling connectable, we need to update the
1778 * advertising flags.
1779 */
1780 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1781 if (!cp->val) {
1782 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1783 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1784 }
1785 update_adv_data(&req);
1786 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1787 if (cp->val) {
1788 scan = SCAN_PAGE;
1789 } else {
1790 scan = 0;
1791
1792 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1793 hdev->discov_timeout > 0)
9b74246f
JH		 1794 cancel_delayed_work(&hdev->discov_off);
1795 }
2b76f453 1796
9b74246f
JH		 1797 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1798 }
2b76f453 1799
4c01f8b8
JH		 1800 /* If we're going from non-connectable to connectable or
1801 * vice-versa when fast connectable is enabled ensure that fast
1802 * connectable gets disabled. write_fast_connectable won't do
1803 * anything if the page scan parameters are already what they
1804 * should be.
1805 */
1806 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1807 write_fast_connectable(&req, false);
1808
1987fdc7
JH		 1809 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1810 hci_conn_num(hdev, LE_LINK) == 0) {
1811 disable_advertising(&req);
1812 enable_advertising(&req);
1813 }
1814
2b76f453 1815 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1816 if (err < 0) {
a664b5bc 1817 mgmt_pending_remove(cmd);
9b74246f 1818 if (err == -ENODATA)
a81070ba
JH		 1819 err = set_connectable_update_settings(hdev, sk,
1820 cp->val);
9b74246f
JH		 1821 goto failed;
1822 }
9fbcbb45
JH		 1823
1824failed:
09fd0de5 1825 hci_dev_unlock(hdev);
9fbcbb45
JH		 1826 return err;
1827}
1828
bdb6d971 1829static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1830 u16 len)
c542a06c 1831{
650f726d 1832 struct mgmt_mode *cp = data;
55594356 1833 bool changed;
c542a06c
JH		 1834 int err;
1835
bdb6d971 1836 BT_DBG("request for %s", hdev->name);
c542a06c 1837
a7e80f25
JH		 1838 if (cp->val != 0x00 && cp->val != 0x01)
1839 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1840 MGMT_STATUS_INVALID_PARAMS);
1841
09fd0de5 1842 hci_dev_lock(hdev);
c542a06c
JH		 1843
1844 if (cp->val)
55594356 1845 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1846 else
55594356 1847 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1848
69ab39ea 1849 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1850 if (err < 0)
55594356 1851 goto unlock;
c542a06c 1852
55594356
MH		 1853 if (changed)
1854 err = new_settings(hdev, sk);
c542a06c 1855
55594356 1856unlock:
09fd0de5 1857 hci_dev_unlock(hdev);
c542a06c
JH		 1858 return err;
1859}
1860
04124681
GP		 1861static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1862 u16 len)
33ef95ed
JH		 1863{
1864 struct mgmt_mode *cp = data;
1865 struct pending_cmd *cmd;
e6fe7986 1866 u8 val, status;
33ef95ed
JH		 1867 int err;
1868
bdb6d971 1869 BT_DBG("request for %s", hdev->name);
33ef95ed 1870
e6fe7986
JH		 1871 status = mgmt_bredr_support(hdev);
1872 if (status)
33c525c0 1873 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1874 status);
33c525c0 1875
a7e80f25
JH		 1876 if (cp->val != 0x00 && cp->val != 0x01)
1877 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1878 MGMT_STATUS_INVALID_PARAMS);
1879
33ef95ed
JH		 1880 hci_dev_lock(hdev);
1881
4b34ee78 1882 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1883 bool changed = false;
1884
1885 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1886 &hdev->dev_flags)) {
47990ea0
JH		 1887 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1888 changed = true;
1889 }
1890
1891 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1892 if (err < 0)
1893 goto failed;
1894
1895 if (changed)
1896 err = new_settings(hdev, sk);
1897
33ef95ed
JH		 1898 goto failed;
1899 }
1900
1901 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1902 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1903 MGMT_STATUS_BUSY);
33ef95ed
JH		 1904 goto failed;
1905 }
1906
1907 val = !!cp->val;
1908
1909 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1910 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1911 goto failed;
1912 }
1913
1914 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1915 if (!cmd) {
1916 err = -ENOMEM;
1917 goto failed;
1918 }
1919
1920 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1921 if (err < 0) {
1922 mgmt_pending_remove(cmd);
1923 goto failed;
1924 }
1925
1926failed:
1927 hci_dev_unlock(hdev);
33ef95ed
JH		 1928 return err;
1929}
1930
bdb6d971 1931static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1932{
1933 struct mgmt_mode *cp = data;
1934 struct pending_cmd *cmd;
72ef0c1a 1935 u8 status;
ed2c4ee3
JH		 1936 int err;
1937
bdb6d971 1938 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1939
cdba5281
MH		 1940 status = mgmt_bredr_support(hdev);
1941 if (status)
1942 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1943
13ecd8b6
JH		 1944 if (!lmp_ssp_capable(hdev))
1945 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1946 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1947
a7e80f25
JH		 1948 if (cp->val != 0x00 && cp->val != 0x01)
1949 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1950 MGMT_STATUS_INVALID_PARAMS);
1951
13ecd8b6 1952 hci_dev_lock(hdev);
6c8f12c1 1953
4b34ee78 1954 if (!hdev_is_powered(hdev)) {
9ecb3e24 1955 bool changed;
c0ecddc2 1956
9ecb3e24
MH		 1957 if (cp->val) {
1958 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1959 &hdev->dev_flags);
1960 } else {
1961 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1962 &hdev->dev_flags);
1963 if (!changed)
1964 changed = test_and_clear_bit(HCI_HS_ENABLED,
1965 &hdev->dev_flags);
1966 else
1967 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1968 }
1969
1970 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1971 if (err < 0)
1972 goto failed;
1973
1974 if (changed)
1975 err = new_settings(hdev, sk);
1976
ed2c4ee3
JH		 1977 goto failed;
1978 }
1979
9ecb3e24
MH		 1980 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1981 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1982 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1983 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1984 goto failed;
1985 }
1986
72ef0c1a 1987 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1988 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1989 goto failed;
1990 }
1991
1992 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1993 if (!cmd) {
1994 err = -ENOMEM;
1995 goto failed;
1996 }
1997
3769972b
JH		 1998 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
1999 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2000 sizeof(cp->val), &cp->val);
2001
72ef0c1a 2002 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2003 if (err < 0) {
2004 mgmt_pending_remove(cmd);
2005 goto failed;
2006 }
2007
2008failed:
2009 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2010 return err;
2011}
2012
bdb6d971 2013static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2014{
2015 struct mgmt_mode *cp = data;
ee392693 2016 bool changed;
e6fe7986 2017 u8 status;
ee392693 2018 int err;
6d80dfd0 2019
bdb6d971 2020 BT_DBG("request for %s", hdev->name);
6d80dfd0 2021
e6fe7986
JH		 2022 status = mgmt_bredr_support(hdev);
2023 if (status)
2024 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2025
9ecb3e24
MH		 2026 if (!lmp_ssp_capable(hdev))
2027 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2028 MGMT_STATUS_NOT_SUPPORTED);
2029
2030 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2031 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2032 MGMT_STATUS_REJECTED);
2033
a7e80f25
JH		 2034 if (cp->val != 0x00 && cp->val != 0x01)
2035 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2036 MGMT_STATUS_INVALID_PARAMS);
2037
ee392693
MH		 2038 hci_dev_lock(hdev);
2039
a0cdf960 2040 if (cp->val) {
ee392693 2041 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2042 } else {
2043 if (hdev_is_powered(hdev)) {
2044 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2045 MGMT_STATUS_REJECTED);
2046 goto unlock;
2047 }
2048
ee392693 2049 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2050 }
ee392693
MH		 2051
2052 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2053 if (err < 0)
2054 goto unlock;
2055
2056 if (changed)
2057 err = new_settings(hdev, sk);
6d80dfd0 2058
ee392693
MH		 2059unlock:
2060 hci_dev_unlock(hdev);
2061 return err;
6d80dfd0
JH		 2062}
2063
416a4ae5
JH		 2064static void le_enable_complete(struct hci_dev *hdev, u8 status)
2065{
2066 struct cmd_lookup match = { NULL, hdev };
2067
2068 if (status) {
2069 u8 mgmt_err = mgmt_status(status);
2070
2071 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2072 &mgmt_err);
2073 return;
2074 }
2075
2076 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2077
2078 new_settings(hdev, match.sk);
2079
2080 if (match.sk)
2081 sock_put(match.sk);
441ad2d0
MH		 2082
2083 /* Make sure the controller has a good default for
2084 * advertising data. Restrict the update to when LE
2085 * has actually been enabled. During power on, the
2086 * update in powered_update_hci will take care of it.
2087 */
2088 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2089 struct hci_request req;
2090
2091 hci_dev_lock(hdev);
2092
2093 hci_req_init(&req, hdev);
5947f4bc 2094 update_adv_data(&req);
f14d8f64 2095 update_scan_rsp_data(&req);
441ad2d0
MH		 2096 hci_req_run(&req, NULL);
2097
2098 hci_dev_unlock(hdev);
2099 }
416a4ae5
JH		 2100}
2101
bdb6d971 2102static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2103{
2104 struct mgmt_mode *cp = data;
2105 struct hci_cp_write_le_host_supported hci_cp;
2106 struct pending_cmd *cmd;
416a4ae5 2107 struct hci_request req;
06199cf8 2108 int err;
0b60eba1 2109 u8 val, enabled;
06199cf8 2110
bdb6d971 2111 BT_DBG("request for %s", hdev->name);
06199cf8 2112
13ecd8b6
JH		 2113 if (!lmp_le_capable(hdev))
2114 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2115 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2116
a7e80f25
JH		 2117 if (cp->val != 0x00 && cp->val != 0x01)
2118 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2119 MGMT_STATUS_INVALID_PARAMS);
2120
c73eee91 2121 /* LE-only devices do not allow toggling LE on/off */
56f87901 2122 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2123 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2124 MGMT_STATUS_REJECTED);
2125
13ecd8b6 2126 hci_dev_lock(hdev);
06199cf8
JH		 2127
2128 val = !!cp->val;
ffa88e02 2129 enabled = lmp_host_le_capable(hdev);
06199cf8 2130
0b60eba1 2131 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2132 bool changed = false;
2133
2134 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2135 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2136 changed = true;
2137 }
2138
f3d3444a
JH		 2139 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2140 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2141 changed = true;
2142 }
2143
06199cf8
JH		 2144 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2145 if (err < 0)
1de028ce 2146 goto unlock;
06199cf8
JH		 2147
2148 if (changed)
2149 err = new_settings(hdev, sk);
2150
1de028ce 2151 goto unlock;
06199cf8
JH		 2152 }
2153
4375f103
JH		 2154 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2155 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2156 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2157 MGMT_STATUS_BUSY);
1de028ce 2158 goto unlock;
06199cf8
JH		 2159 }
2160
2161 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2162 if (!cmd) {
2163 err = -ENOMEM;
1de028ce 2164 goto unlock;
06199cf8
JH		 2165 }
2166
441ad2d0
MH		 2167 hci_req_init(&req, hdev);
2168
06199cf8
JH		 2169 memset(&hci_cp, 0, sizeof(hci_cp));
2170
2171 if (val) {
2172 hci_cp.le = val;
ffa88e02 2173 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2174 } else {
2175 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2176 disable_advertising(&req);
06199cf8
JH		 2177 }
2178
416a4ae5
JH		 2179 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2180 &hci_cp);
2181
2182 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2183 if (err < 0)
06199cf8 2184 mgmt_pending_remove(cmd);
06199cf8 2185
1de028ce
JH		 2186unlock:
2187 hci_dev_unlock(hdev);
06199cf8
JH		 2188 return err;
2189}
2190
0cab9c80
JH		 2191/* This is a helper function to test for pending mgmt commands that can
2192 * cause CoD or EIR HCI commands. We can only allow one such pending
2193 * mgmt command at a time since otherwise we cannot easily track what
2194 * the current values are, will be, and based on that calculate if a new
2195 * HCI command needs to be sent and if yes with what value.
2196 */
2197static bool pending_eir_or_class(struct hci_dev *hdev)
2198{
2199 struct pending_cmd *cmd;
2200
2201 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2202 switch (cmd->opcode) {
2203 case MGMT_OP_ADD_UUID:
2204 case MGMT_OP_REMOVE_UUID:
2205 case MGMT_OP_SET_DEV_CLASS:
2206 case MGMT_OP_SET_POWERED:
2207 return true;
2208 }
2209 }
2210
2211 return false;
2212}
2213
83be8eca
JH		 2214static const u8 bluetooth_base_uuid[] = {
2215 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2216 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2217};
2218
2219static u8 get_uuid_size(const u8 *uuid)
2220{
2221 u32 val;
2222
2223 if (memcmp(uuid, bluetooth_base_uuid, 12))
2224 return 128;
2225
2226 val = get_unaligned_le32(&uuid[12]);
2227 if (val > 0xffff)
2228 return 32;
2229
2230 return 16;
2231}
2232
92da6097
JH		 2233static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2234{
2235 struct pending_cmd *cmd;
2236
2237 hci_dev_lock(hdev);
2238
2239 cmd = mgmt_pending_find(mgmt_op, hdev);
2240 if (!cmd)
2241 goto unlock;
2242
2243 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2244 hdev->dev_class, 3);
2245
2246 mgmt_pending_remove(cmd);
2247
2248unlock:
2249 hci_dev_unlock(hdev);
2250}
2251
2252static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2253{
2254 BT_DBG("status 0x%02x", status);
2255
2256 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2257}
2258
bdb6d971 2259static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2260{
650f726d 2261 struct mgmt_cp_add_uuid *cp = data;
90e70454 2262 struct pending_cmd *cmd;
890ea898 2263 struct hci_request req;
2aeb9a1a 2264 struct bt_uuid *uuid;
2aeb9a1a
JH		 2265 int err;
2266
bdb6d971 2267 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2268
09fd0de5 2269 hci_dev_lock(hdev);
2aeb9a1a 2270
0cab9c80 2271 if (pending_eir_or_class(hdev)) {
bdb6d971 2272 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2273 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2274 goto failed;
2275 }
2276
92c4c204 2277 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2278 if (!uuid) {
2279 err = -ENOMEM;
2280 goto failed;
2281 }
2282
2283 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2284 uuid->svc_hint = cp->svc_hint;
83be8eca 2285 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2286
de66aa63 2287 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2288
890ea898 2289 hci_req_init(&req, hdev);
1aff6f09 2290
890ea898
JH		 2291 update_class(&req);
2292 update_eir(&req);
2293
92da6097
JH		 2294 err = hci_req_run(&req, add_uuid_complete);
2295 if (err < 0) {
2296 if (err != -ENODATA)
2297 goto failed;
80a1e1db 2298
bdb6d971 2299 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2300 hdev->dev_class, 3);
90e70454
JH		 2301 goto failed;
2302 }
2303
2304 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2305 if (!cmd) {
90e70454 2306 err = -ENOMEM;
890ea898
JH		 2307 goto failed;
2308 }
2309
2310 err = 0;
2aeb9a1a
JH		 2311
2312failed:
09fd0de5 2313 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2314 return err;
2315}
2316
24b78d0f
JH		 2317static bool enable_service_cache(struct hci_dev *hdev)
2318{
2319 if (!hdev_is_powered(hdev))
2320 return false;
2321
2322 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2323 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2324 CACHE_TIMEOUT);
24b78d0f
JH		 2325 return true;
2326 }
2327
2328 return false;
2329}
2330
92da6097
JH		 2331static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2332{
2333 BT_DBG("status 0x%02x", status);
2334
2335 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2336}
2337
bdb6d971 2338static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2339 u16 len)
2aeb9a1a 2340{
650f726d 2341 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2342 struct pending_cmd *cmd;
056341c8 2343 struct bt_uuid *match, *tmp;
2aeb9a1a 2344 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2345 struct hci_request req;
2aeb9a1a
JH		 2346 int err, found;
2347
bdb6d971 2348 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2349
09fd0de5 2350 hci_dev_lock(hdev);
2aeb9a1a 2351
0cab9c80 2352 if (pending_eir_or_class(hdev)) {
bdb6d971 2353 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2354 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2355 goto unlock;
2356 }
2357
2aeb9a1a 2358 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2359 hci_uuids_clear(hdev);
4004b6d9 2360
24b78d0f 2361 if (enable_service_cache(hdev)) {
bdb6d971 2362 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2363 0, hdev->dev_class, 3);
24b78d0f
JH		 2364 goto unlock;
2365 }
4004b6d9 2366
9246a869 2367 goto update_class;
2aeb9a1a
JH		 2368 }
2369
2370 found = 0;
2371
056341c8 2372 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2373 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2374 continue;
2375
2376 list_del(&match->list);
482049f7 2377 kfree(match);
2aeb9a1a
JH		 2378 found++;
2379 }
2380
2381 if (found == 0) {
bdb6d971 2382 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2383 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2384 goto unlock;
2385 }
2386
9246a869 2387update_class:
890ea898 2388 hci_req_init(&req, hdev);
1aff6f09 2389
890ea898
JH		 2390 update_class(&req);
2391 update_eir(&req);
2392
92da6097
JH		 2393 err = hci_req_run(&req, remove_uuid_complete);
2394 if (err < 0) {
2395 if (err != -ENODATA)
2396 goto unlock;
80a1e1db 2397
bdb6d971 2398 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2399 hdev->dev_class, 3);
90e70454
JH		 2400 goto unlock;
2401 }
2402
2403 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2404 if (!cmd) {
90e70454 2405 err = -ENOMEM;
890ea898
JH		 2406 goto unlock;
2407 }
2408
2409 err = 0;
2aeb9a1a
JH		 2410
2411unlock:
09fd0de5 2412 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2413 return err;
2414}
2415
92da6097
JH		 2416static void set_class_complete(struct hci_dev *hdev, u8 status)
2417{
2418 BT_DBG("status 0x%02x", status);
2419
2420 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2421}
2422
bdb6d971 2423static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2424 u16 len)
1aff6f09 2425{
650f726d 2426 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2427 struct pending_cmd *cmd;
890ea898 2428 struct hci_request req;
1aff6f09
JH		 2429 int err;
2430
bdb6d971 2431 BT_DBG("request for %s", hdev->name);
1aff6f09 2432
6203fc98 2433 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2434 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2435 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2436
0cab9c80 2437 hci_dev_lock(hdev);
ee98f473 2438
0cab9c80
JH		 2439 if (pending_eir_or_class(hdev)) {
2440 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2441 MGMT_STATUS_BUSY);
2442 goto unlock;
2443 }
c95f0ba7 2444
0cab9c80
JH		 2445 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2446 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2447 MGMT_STATUS_INVALID_PARAMS);
2448 goto unlock;
2449 }
575b3a02 2450
932f5ff5
JH		 2451 hdev->major_class = cp->major;
2452 hdev->minor_class = cp->minor;
2453
b5235a65 2454 if (!hdev_is_powered(hdev)) {
bdb6d971 2455 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2456 hdev->dev_class, 3);
b5235a65
JH		 2457 goto unlock;
2458 }
2459
890ea898
JH		 2460 hci_req_init(&req, hdev);
2461
a8b2d5c2 2462 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2463 hci_dev_unlock(hdev);
2464 cancel_delayed_work_sync(&hdev->service_cache);
2465 hci_dev_lock(hdev);
890ea898 2466 update_eir(&req);
7d78525d 2467 }
14c0b608 2468
890ea898
JH		 2469 update_class(&req);
2470
92da6097
JH		 2471 err = hci_req_run(&req, set_class_complete);
2472 if (err < 0) {
2473 if (err != -ENODATA)
2474 goto unlock;
1aff6f09 2475
bdb6d971 2476 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2477 hdev->dev_class, 3);
90e70454
JH		 2478 goto unlock;
2479 }
2480
2481 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2482 if (!cmd) {
90e70454 2483 err = -ENOMEM;
890ea898
JH		 2484 goto unlock;
2485 }
2486
2487 err = 0;
1aff6f09 2488
b5235a65 2489unlock:
09fd0de5 2490 hci_dev_unlock(hdev);
1aff6f09
JH		 2491 return err;
2492}
2493
bdb6d971 2494static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2495 u16 len)
55ed8ca1 2496{
650f726d 2497 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2498 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2499 sizeof(struct mgmt_link_key_info));
4e51eae9 2500 u16 key_count, expected_len;
b1de97d8 2501 bool changed;
a492cd52 2502 int i;
55ed8ca1 2503
9060d5cf
MH		 2504 BT_DBG("request for %s", hdev->name);
2505
2506 if (!lmp_bredr_capable(hdev))
2507 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2508 MGMT_STATUS_NOT_SUPPORTED);
2509
1f350c87 2510 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2511 if (key_count > max_key_count) {
2512 BT_ERR("load_link_keys: too big key_count value %u",
2513 key_count);
2514 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2515 MGMT_STATUS_INVALID_PARAMS);
2516 }
55ed8ca1 2517
86742e1e
JH		 2518 expected_len = sizeof(*cp) + key_count *
2519 sizeof(struct mgmt_link_key_info);
a492cd52 2520 if (expected_len != len) {
86742e1e 2521 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2522 expected_len, len);
bdb6d971 2523 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2524 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2525 }
2526
4ae14301
JH		 2527 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2528 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2529 MGMT_STATUS_INVALID_PARAMS);
2530
bdb6d971 2531 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2532 key_count);
55ed8ca1 2533
4ee71b20
JH		 2534 for (i = 0; i < key_count; i++) {
2535 struct mgmt_link_key_info *key = &cp->keys[i];
2536
8e991132 2537 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2538 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2539 MGMT_STATUS_INVALID_PARAMS);
2540 }
2541
09fd0de5 2542 hci_dev_lock(hdev);
55ed8ca1
JH		 2543
2544 hci_link_keys_clear(hdev);
2545
55ed8ca1 2546 if (cp->debug_keys)
0663b297
JH		 2547 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2548 &hdev->dev_flags);
55ed8ca1 2549 else
0663b297
JH		 2550 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2551 &hdev->dev_flags);
b1de97d8
MH		 2552
2553 if (changed)
2554 new_settings(hdev, NULL);
55ed8ca1 2555
a492cd52 2556 for (i = 0; i < key_count; i++) {
86742e1e 2557 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2558
58e9293c
JH		 2559 /* Always ignore debug keys and require a new pairing if
2560 * the user wants to use them.
2561 */
2562 if (key->type == HCI_LK_DEBUG_COMBINATION)
2563 continue;
2564
7652ff6a
JH		 2565 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2566 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2567 }
2568
bdb6d971 2569 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2570
09fd0de5 2571 hci_dev_unlock(hdev);
55ed8ca1 2572
a492cd52 2573 return 0;
55ed8ca1
JH		 2574}
2575
b1078ad0 2576static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2577 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2578{
2579 struct mgmt_ev_device_unpaired ev;
2580
2581 bacpy(&ev.addr.bdaddr, bdaddr);
2582 ev.addr.type = addr_type;
2583
2584 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2585 skip_sk);
b1078ad0
JH		 2586}
2587
bdb6d971 2588static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2589 u16 len)
55ed8ca1 2590{
124f6e35
JH		 2591 struct mgmt_cp_unpair_device *cp = data;
2592 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2593 struct hci_cp_disconnect dc;
2594 struct pending_cmd *cmd;
55ed8ca1 2595 struct hci_conn *conn;
55ed8ca1
JH		 2596 int err;
2597
a8a1d19e 2598 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2599 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2600 rp.addr.type = cp->addr.type;
a8a1d19e 2601
4ee71b20
JH		 2602 if (!bdaddr_type_is_valid(cp->addr.type))
2603 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2604 MGMT_STATUS_INVALID_PARAMS,
2605 &rp, sizeof(rp));
2606
118da70b
JH		 2607 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2608 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2609 MGMT_STATUS_INVALID_PARAMS,
2610 &rp, sizeof(rp));
2611
4ee71b20
JH		 2612 hci_dev_lock(hdev);
2613
86a8cfc6 2614 if (!hdev_is_powered(hdev)) {
bdb6d971 2615 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2616 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2617 goto unlock;
2618 }
2619
e0b2b27e 2620 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2621 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2622 } else {
2623 u8 addr_type;
2624
2625 if (cp->addr.type == BDADDR_LE_PUBLIC)
2626 addr_type = ADDR_LE_DEV_PUBLIC;
2627 else
2628 addr_type = ADDR_LE_DEV_RANDOM;
2629
a7ec7338
JH		 2630 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2631
a9b0a04c
AG		 2632 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2633
e0b2b27e
JH		 2634 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2635 }
b0dbfb46 2636
55ed8ca1 2637 if (err < 0) {
bdb6d971 2638 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2639 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2640 goto unlock;
2641 }
2642
86a8cfc6 2643 if (cp->disconnect) {
591f47f3 2644 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2645 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2646 &cp->addr.bdaddr);
86a8cfc6
JH		 2647 else
2648 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2649 &cp->addr.bdaddr);
86a8cfc6
JH		 2650 } else {
2651 conn = NULL;
2652 }
124f6e35 2653
a8a1d19e 2654 if (!conn) {
bdb6d971 2655 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2656 &rp, sizeof(rp));
b1078ad0 2657 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2658 goto unlock;
2659 }
55ed8ca1 2660
124f6e35 2661 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2662 sizeof(*cp));
a8a1d19e
JH		 2663 if (!cmd) {
2664 err = -ENOMEM;
2665 goto unlock;
55ed8ca1
JH		 2666 }
2667
eb55ef07 2668 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2669 dc.reason = 0x13; /* Remote User Terminated Connection */
2670 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2671 if (err < 0)
2672 mgmt_pending_remove(cmd);
2673
55ed8ca1 2674unlock:
09fd0de5 2675 hci_dev_unlock(hdev);
55ed8ca1
JH		 2676 return err;
2677}
2678
bdb6d971 2679static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2680 u16 len)
8962ee74 2681{
650f726d 2682 struct mgmt_cp_disconnect *cp = data;
06a63b19 2683 struct mgmt_rp_disconnect rp;
8962ee74 2684 struct hci_cp_disconnect dc;
366a0336 2685 struct pending_cmd *cmd;
8962ee74 2686 struct hci_conn *conn;
8962ee74
JH		 2687 int err;
2688
2689 BT_DBG("");
2690
06a63b19
JH		 2691 memset(&rp, 0, sizeof(rp));
2692 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2693 rp.addr.type = cp->addr.type;
2694
4ee71b20 2695 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2696 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2697 MGMT_STATUS_INVALID_PARAMS,
2698 &rp, sizeof(rp));
4ee71b20 2699
09fd0de5 2700 hci_dev_lock(hdev);
8962ee74
JH		 2701
2702 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2703 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2704 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2705 goto failed;
2706 }
2707
2e58ef3e 2708 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2709 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2710 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2711 goto failed;
2712 }
2713
591f47f3 2714 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2715 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2716 &cp->addr.bdaddr);
88c3df13
JH		 2717 else
2718 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2719
f960727e 2720 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2721 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2722 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2723 goto failed;
2724 }
2725
2e58ef3e 2726 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2727 if (!cmd) {
2728 err = -ENOMEM;
8962ee74 2729 goto failed;
366a0336 2730 }
8962ee74 2731
eb55ef07 2732 dc.handle = cpu_to_le16(conn->handle);
3701f944 2733 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2734
2735 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2736 if (err < 0)
a664b5bc 2737 mgmt_pending_remove(cmd);
8962ee74
JH		 2738
2739failed:
09fd0de5 2740 hci_dev_unlock(hdev);
8962ee74
JH		 2741 return err;
2742}
2743
57c1477c 2744static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2745{
2746 switch (link_type) {
2747 case LE_LINK:
48264f06
JH		 2748 switch (addr_type) {
2749 case ADDR_LE_DEV_PUBLIC:
591f47f3 2750 return BDADDR_LE_PUBLIC;
0ed09148 2751
48264f06 2752 default:
0ed09148 2753 /* Fallback to LE Random address type */
591f47f3 2754 return BDADDR_LE_RANDOM;
48264f06 2755 }
0ed09148 2756
4c659c39 2757 default:
0ed09148 2758 /* Fallback to BR/EDR type */
591f47f3 2759 return BDADDR_BREDR;
4c659c39
JH		 2760 }
2761}
2762
04124681
GP		 2763static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2764 u16 data_len)
2784eb41 2765{
2784eb41 2766 struct mgmt_rp_get_connections *rp;
8035ded4 2767 struct hci_conn *c;
a38528f1 2768 size_t rp_len;
60fc5fb6
JH		 2769 int err;
2770 u16 i;
2784eb41
JH		 2771
2772 BT_DBG("");
2773
09fd0de5 2774 hci_dev_lock(hdev);
2784eb41 2775
5f97c1df 2776 if (!hdev_is_powered(hdev)) {
bdb6d971 2777 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2778 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2779 goto unlock;
2780 }
2781
60fc5fb6 2782 i = 0;
b644ba33
JH		 2783 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2784 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2785 i++;
2784eb41
JH		 2786 }
2787
60fc5fb6 2788 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2789 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2790 if (!rp) {
2784eb41
JH		 2791 err = -ENOMEM;
2792 goto unlock;
2793 }
2794
2784eb41 2795 i = 0;
4c659c39 2796 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2797 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2798 continue;
4c659c39 2799 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2800 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2801 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2802 continue;
2803 i++;
2804 }
2805
eb55ef07 2806 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2807
4c659c39
JH		 2808 /* Recalculate length in case of filtered SCO connections, etc */
2809 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2810
bdb6d971 2811 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2812 rp_len);
2784eb41 2813
a38528f1 2814 kfree(rp);
5f97c1df
JH		 2815
2816unlock:
09fd0de5 2817 hci_dev_unlock(hdev);
2784eb41
JH		 2818 return err;
2819}
2820
bdb6d971 2821static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2822 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2823{
2824 struct pending_cmd *cmd;
2825 int err;
2826
2e58ef3e 2827 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2828 sizeof(*cp));
96d97a67
WR		 2829 if (!cmd)
2830 return -ENOMEM;
2831
d8457698 2832 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2833 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2834 if (err < 0)
2835 mgmt_pending_remove(cmd);
2836
2837 return err;
2838}
2839
bdb6d971 2840static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2841 u16 len)
980e1a53 2842{
96d97a67 2843 struct hci_conn *conn;
650f726d 2844 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2845 struct hci_cp_pin_code_reply reply;
366a0336 2846 struct pending_cmd *cmd;
980e1a53
JH		 2847 int err;
2848
2849 BT_DBG("");
2850
09fd0de5 2851 hci_dev_lock(hdev);
980e1a53 2852
4b34ee78 2853 if (!hdev_is_powered(hdev)) {
bdb6d971 2854 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2855 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2856 goto failed;
2857 }
2858
d8457698 2859 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2860 if (!conn) {
bdb6d971 2861 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2862 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2863 goto failed;
2864 }
2865
2866 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2867 struct mgmt_cp_pin_code_neg_reply ncp;
2868
2869 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2870
2871 BT_ERR("PIN code is not 16 bytes long");
2872
bdb6d971 2873 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2874 if (err >= 0)
bdb6d971 2875 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2876 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2877
2878 goto failed;
2879 }
2880
00abfe44 2881 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2882 if (!cmd) {
2883 err = -ENOMEM;
980e1a53 2884 goto failed;
366a0336 2885 }
980e1a53 2886
d8457698 2887 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2888 reply.pin_len = cp->pin_len;
24718ca5 2889 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2890
2891 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2892 if (err < 0)
a664b5bc 2893 mgmt_pending_remove(cmd);
980e1a53
JH		 2894
2895failed:
09fd0de5 2896 hci_dev_unlock(hdev);
980e1a53
JH		 2897 return err;
2898}
2899
04124681
GP		 2900static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2901 u16 len)
17fa4b9d 2902{
650f726d 2903 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2904
2905 BT_DBG("");
2906
4ec86d4c
JH		 2907 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2908 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2909 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2910
09fd0de5 2911 hci_dev_lock(hdev);
17fa4b9d
JH		 2912
2913 hdev->io_capability = cp->io_capability;
2914
2915 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2916 hdev->io_capability);
17fa4b9d 2917
09fd0de5 2918 hci_dev_unlock(hdev);
17fa4b9d 2919
04124681
GP		 2920 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2921 0);
17fa4b9d
JH		 2922}
2923
6039aa73 2924static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2925{
2926 struct hci_dev *hdev = conn->hdev;
8035ded4 2927 struct pending_cmd *cmd;
e9a416b5 2928
2e58ef3e 2929 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2930 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2931 continue;
2932
e9a416b5
JH		 2933 if (cmd->user_data != conn)
2934 continue;
2935
2936 return cmd;
2937 }
2938
2939 return NULL;
2940}
2941
2942static void pairing_complete(struct pending_cmd *cmd, u8 status)
2943{
2944 struct mgmt_rp_pair_device rp;
2945 struct hci_conn *conn = cmd->user_data;
2946
61b1a7fb
JH		 2947 bacpy(&rp.addr.bdaddr, &conn->dst);
2948 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2949
aee9b218 2950 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2951 &rp, sizeof(rp));
e9a416b5
JH		 2952
2953 /* So we don't get further callbacks for this connection */
2954 conn->connect_cfm_cb = NULL;
2955 conn->security_cfm_cb = NULL;
2956 conn->disconn_cfm_cb = NULL;
2957
76a68ba0 2958 hci_conn_drop(conn);
e9a416b5 2959
a664b5bc 2960 mgmt_pending_remove(cmd);
e9a416b5
JH		 2961}
2962
f4a407be
JH		 2963void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2964{
2965 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2966 struct pending_cmd *cmd;
2967
2968 cmd = find_pairing(conn);
2969 if (cmd)
2970 pairing_complete(cmd, status);
2971}
2972
e9a416b5
JH		 2973static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2974{
2975 struct pending_cmd *cmd;
2976
2977 BT_DBG("status %u", status);
2978
2979 cmd = find_pairing(conn);
56e5cb86 2980 if (!cmd)
e9a416b5 2981 BT_DBG("Unable to find a pending command");
56e5cb86 2982 else
e211326c 2983 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2984}
2985
f4a407be 2986static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2987{
2988 struct pending_cmd *cmd;
2989
2990 BT_DBG("status %u", status);
2991
2992 if (!status)
2993 return;
2994
2995 cmd = find_pairing(conn);
2996 if (!cmd)
2997 BT_DBG("Unable to find a pending command");
2998 else
2999 pairing_complete(cmd, mgmt_status(status));
3000}
3001
bdb6d971 3002static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3003 u16 len)
e9a416b5 3004{
650f726d 3005 struct mgmt_cp_pair_device *cp = data;
1425acb7 3006 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3007 struct pending_cmd *cmd;
3008 u8 sec_level, auth_type;
3009 struct hci_conn *conn;
e9a416b5
JH		 3010 int err;
3011
3012 BT_DBG("");
3013
f950a30e
SJ		 3014 memset(&rp, 0, sizeof(rp));
3015 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3016 rp.addr.type = cp->addr.type;
3017
4ee71b20
JH		 3018 if (!bdaddr_type_is_valid(cp->addr.type))
3019 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3020 MGMT_STATUS_INVALID_PARAMS,
3021 &rp, sizeof(rp));
3022
4ec86d4c
JH		 3023 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3024 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3025 MGMT_STATUS_INVALID_PARAMS,
3026 &rp, sizeof(rp));
3027
09fd0de5 3028 hci_dev_lock(hdev);
e9a416b5 3029
5f97c1df 3030 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3031 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3032 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3033 goto unlock;
3034 }
3035
c908df36 3036 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3037 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3038
6f77d8c7 3039 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3040 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3041 auth_type);
6f77d8c7
AG		 3042 } else {
3043 u8 addr_type;
3044
3045 /* Convert from L2CAP channel address type to HCI address type
3046 */
3047 if (cp->addr.type == BDADDR_LE_PUBLIC)
3048 addr_type = ADDR_LE_DEV_PUBLIC;
3049 else
3050 addr_type = ADDR_LE_DEV_RANDOM;
3051
7c264b10
MH		 3052 /* When pairing a new device, it is expected to remember
3053 * this device for future connections. Adding the connection
3054 * parameter information ahead of time allows tracking
3055 * of the slave preferred values and will speed up any
3056 * further connection establishment.
3057 *
3058 * If connection parameters already exist, then they
3059 * will be kept and this function does nothing.
3060 */
3061 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3062
6f77d8c7 3063 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 3064 sec_level, auth_type);
6f77d8c7 3065 }
7a512d01 3066
30e76272 3067 if (IS_ERR(conn)) {
489dc48e
AK		 3068 int status;
3069
3070 if (PTR_ERR(conn) == -EBUSY)
3071 status = MGMT_STATUS_BUSY;
3072 else
3073 status = MGMT_STATUS_CONNECT_FAILED;
3074
bdb6d971 3075 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3076 status, &rp,
04124681 3077 sizeof(rp));
e9a416b5
JH		 3078 goto unlock;
3079 }
3080
3081 if (conn->connect_cfm_cb) {
76a68ba0 3082 hci_conn_drop(conn);
bdb6d971 3083 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3084 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3085 goto unlock;
3086 }
3087
2e58ef3e 3088 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3089 if (!cmd) {
3090 err = -ENOMEM;
76a68ba0 3091 hci_conn_drop(conn);
e9a416b5
JH		 3092 goto unlock;
3093 }
3094
7a512d01 3095 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3096 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3097 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3098 conn->security_cfm_cb = pairing_complete_cb;
3099 conn->disconn_cfm_cb = pairing_complete_cb;
3100 } else {
3101 conn->connect_cfm_cb = le_pairing_complete_cb;
3102 conn->security_cfm_cb = le_pairing_complete_cb;
3103 conn->disconn_cfm_cb = le_pairing_complete_cb;
3104 }
7a512d01 3105
e9a416b5
JH		 3106 conn->io_capability = cp->io_cap;
3107 cmd->user_data = conn;
3108
3109 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3110 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3111 pairing_complete(cmd, 0);
3112
3113 err = 0;
3114
3115unlock:
09fd0de5 3116 hci_dev_unlock(hdev);
e9a416b5
JH		 3117 return err;
3118}
3119
04124681
GP		 3120static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3121 u16 len)
28424707 3122{
0f4e68cf 3123 struct mgmt_addr_info *addr = data;
28424707
JH		 3124 struct pending_cmd *cmd;
3125 struct hci_conn *conn;
3126 int err;
3127
3128 BT_DBG("");
3129
28424707
JH		 3130 hci_dev_lock(hdev);
3131
5f97c1df 3132 if (!hdev_is_powered(hdev)) {
bdb6d971 3133 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3134 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3135 goto unlock;
3136 }
3137
28424707
JH		 3138 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3139 if (!cmd) {
bdb6d971 3140 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3141 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3142 goto unlock;
3143 }
3144
3145 conn = cmd->user_data;
3146
3147 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3148 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3149 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3150 goto unlock;
3151 }
3152
3153 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3154
bdb6d971 3155 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3156 addr, sizeof(*addr));
28424707
JH		 3157unlock:
3158 hci_dev_unlock(hdev);
28424707
JH		 3159 return err;
3160}
3161
bdb6d971 3162static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3163 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3164 u16 hci_op, __le32 passkey)
a5c29683 3165{
a5c29683 3166 struct pending_cmd *cmd;
0df4c185 3167 struct hci_conn *conn;
a5c29683
JH		 3168 int err;
3169
09fd0de5 3170 hci_dev_lock(hdev);
08ba5382 3171
4b34ee78 3172 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3173 err = cmd_complete(sk, hdev->id, mgmt_op,
3174 MGMT_STATUS_NOT_POWERED, addr,
3175 sizeof(*addr));
0df4c185 3176 goto done;
a5c29683
JH		 3177 }
3178
1707c60e
JH		 3179 if (addr->type == BDADDR_BREDR)
3180 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3181 else
1707c60e 3182 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3183
3184 if (!conn) {
feb94d3d
JH		 3185 err = cmd_complete(sk, hdev->id, mgmt_op,
3186 MGMT_STATUS_NOT_CONNECTED, addr,
3187 sizeof(*addr));
272d90df
JH		 3188 goto done;
3189 }
47c15e2b 3190
1707c60e 3191 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3192 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3193 if (!err)
feb94d3d
JH		 3194 err = cmd_complete(sk, hdev->id, mgmt_op,
3195 MGMT_STATUS_SUCCESS, addr,
3196 sizeof(*addr));
5fe57d9e 3197 else
feb94d3d
JH		 3198 err = cmd_complete(sk, hdev->id, mgmt_op,
3199 MGMT_STATUS_FAILED, addr,
3200 sizeof(*addr));
47c15e2b 3201
47c15e2b
BG		 3202 goto done;
3203 }
3204
1707c60e 3205 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3206 if (!cmd) {
3207 err = -ENOMEM;
0df4c185 3208 goto done;
a5c29683
JH		 3209 }
3210
0df4c185 3211 /* Continue with pairing via HCI */
604086b7
BG		 3212 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3213 struct hci_cp_user_passkey_reply cp;
3214
1707c60e 3215 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3216 cp.passkey = passkey;
3217 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3218 } else
1707c60e
JH		 3219 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3220 &addr->bdaddr);
604086b7 3221
a664b5bc
JH		 3222 if (err < 0)
3223 mgmt_pending_remove(cmd);
a5c29683 3224
0df4c185 3225done:
09fd0de5 3226 hci_dev_unlock(hdev);
a5c29683
JH		 3227 return err;
3228}
3229
afeb019d
JK		 3230static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3231 void *data, u16 len)
3232{
3233 struct mgmt_cp_pin_code_neg_reply *cp = data;
3234
3235 BT_DBG("");
3236
1707c60e 3237 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3238 MGMT_OP_PIN_CODE_NEG_REPLY,
3239 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3240}
3241
04124681
GP		 3242static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3243 u16 len)
0df4c185 3244{
650f726d 3245 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3246
3247 BT_DBG("");
3248
3249 if (len != sizeof(*cp))
bdb6d971 3250 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3251 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3252
1707c60e 3253 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3254 MGMT_OP_USER_CONFIRM_REPLY,
3255 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3256}
3257
bdb6d971 3258static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3259 void *data, u16 len)
0df4c185 3260{
c9c2659f 3261 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3262
3263 BT_DBG("");
3264
1707c60e 3265 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3266 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3267 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3268}
3269
04124681
GP		 3270static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3271 u16 len)
604086b7 3272{
650f726d 3273 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3274
3275 BT_DBG("");
3276
1707c60e 3277 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3278 MGMT_OP_USER_PASSKEY_REPLY,
3279 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3280}
3281
bdb6d971 3282static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3283 void *data, u16 len)
604086b7 3284{
650f726d 3285 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3286
3287 BT_DBG("");
3288
1707c60e 3289 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3290 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3291 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3292}
3293
13928971 3294static void update_name(struct hci_request *req)
2b4bf397 3295{
13928971 3296 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3297 struct hci_cp_write_local_name cp;
3298
13928971 3299 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3300
890ea898 3301 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3302}
3303
13928971
JH		 3304static void set_name_complete(struct hci_dev *hdev, u8 status)
3305{
3306 struct mgmt_cp_set_local_name *cp;
3307 struct pending_cmd *cmd;
3308
3309 BT_DBG("status 0x%02x", status);
3310
3311 hci_dev_lock(hdev);
3312
3313 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3314 if (!cmd)
3315 goto unlock;
3316
3317 cp = cmd->param;
3318
3319 if (status)
3320 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3321 mgmt_status(status));
3322 else
3323 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3324 cp, sizeof(*cp));
3325
3326 mgmt_pending_remove(cmd);
3327
3328unlock:
3329 hci_dev_unlock(hdev);
3330}
3331
bdb6d971 3332static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3333 u16 len)
b312b161 3334{
2b4bf397 3335 struct mgmt_cp_set_local_name *cp = data;
b312b161 3336 struct pending_cmd *cmd;
890ea898 3337 struct hci_request req;
b312b161
JH		 3338 int err;
3339
3340 BT_DBG("");
3341
09fd0de5 3342 hci_dev_lock(hdev);
b312b161 3343
b3f2ca94
JH		 3344 /* If the old values are the same as the new ones just return a
3345 * direct command complete event.
3346 */
3347 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3348 !memcmp(hdev->short_name, cp->short_name,
3349 sizeof(hdev->short_name))) {
3350 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3351 data, len);
3352 goto failed;
3353 }
3354
2b4bf397 3355 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3356
b5235a65 3357 if (!hdev_is_powered(hdev)) {
2b4bf397 3358 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3359
3360 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3361 data, len);
28cc7bde
JH		 3362 if (err < 0)
3363 goto failed;
3364
3365 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3366 sk);
28cc7bde 3367
b5235a65
JH		 3368 goto failed;
3369 }
3370
28cc7bde 3371 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3372 if (!cmd) {
3373 err = -ENOMEM;
3374 goto failed;
3375 }
3376
13928971
JH		 3377 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3378
890ea898 3379 hci_req_init(&req, hdev);
3f985050
JH		 3380
3381 if (lmp_bredr_capable(hdev)) {
3382 update_name(&req);
3383 update_eir(&req);
3384 }
3385
7a5f4990
MH		 3386 /* The name is stored in the scan response data and so
3387 * no need to udpate the advertising data here.
3388 */
3f985050 3389 if (lmp_le_capable(hdev))
7a5f4990 3390 update_scan_rsp_data(&req);
3f985050 3391
13928971 3392 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3393 if (err < 0)
3394 mgmt_pending_remove(cmd);
3395
3396failed:
09fd0de5 3397 hci_dev_unlock(hdev);
b312b161
JH		 3398 return err;
3399}
3400
0f4e68cf 3401static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3402 void *data, u16 data_len)
c35938b2 3403{
c35938b2
SJ		 3404 struct pending_cmd *cmd;
3405 int err;
3406
bdb6d971 3407 BT_DBG("%s", hdev->name);
c35938b2 3408
09fd0de5 3409 hci_dev_lock(hdev);
c35938b2 3410
4b34ee78 3411 if (!hdev_is_powered(hdev)) {
bdb6d971 3412 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3413 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3414 goto unlock;
3415 }
3416
9a1a1996 3417 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3418 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3419 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3420 goto unlock;
3421 }
3422
2e58ef3e 3423 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3424 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3425 MGMT_STATUS_BUSY);
c35938b2
SJ		 3426 goto unlock;
3427 }
3428
2e58ef3e 3429 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3430 if (!cmd) {
3431 err = -ENOMEM;
3432 goto unlock;
3433 }
3434
4d2d2796
MH		 3435 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3436 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3437 0, NULL);
3438 else
3439 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3440
c35938b2
SJ		 3441 if (err < 0)
3442 mgmt_pending_remove(cmd);
3443
3444unlock:
09fd0de5 3445 hci_dev_unlock(hdev);
c35938b2
SJ		 3446 return err;
3447}
3448
bdb6d971 3449static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3450 void *data, u16 len)
2763eda6 3451{
2763eda6
SJ		 3452 int err;
3453
bdb6d971 3454 BT_DBG("%s ", hdev->name);
2763eda6 3455
09fd0de5 3456 hci_dev_lock(hdev);
2763eda6 3457
ec109113
MH		 3458 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3459 struct mgmt_cp_add_remote_oob_data *cp = data;
3460 u8 status;
bf1e3541 3461
ec109113
MH		 3462 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3463 cp->hash, cp->randomizer);
3464 if (err < 0)
3465 status = MGMT_STATUS_FAILED;
3466 else
3467 status = MGMT_STATUS_SUCCESS;
3468
3469 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3470 status, &cp->addr, sizeof(cp->addr));
3471 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3472 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3473 u8 status;
3474
3475 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3476 cp->hash192,
3477 cp->randomizer192,
3478 cp->hash256,
3479 cp->randomizer256);
3480 if (err < 0)
3481 status = MGMT_STATUS_FAILED;
3482 else
3483 status = MGMT_STATUS_SUCCESS;
3484
3485 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3486 status, &cp->addr, sizeof(cp->addr));
3487 } else {
3488 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3489 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3490 MGMT_STATUS_INVALID_PARAMS);
3491 }
2763eda6 3492
09fd0de5 3493 hci_dev_unlock(hdev);
2763eda6
SJ		 3494 return err;
3495}
3496
bdb6d971 3497static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3498 void *data, u16 len)
2763eda6 3499{
650f726d 3500 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3501 u8 status;
2763eda6
SJ		 3502 int err;
3503
bdb6d971 3504 BT_DBG("%s", hdev->name);
2763eda6 3505
09fd0de5 3506 hci_dev_lock(hdev);
2763eda6 3507
664ce4cc 3508 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3509 if (err < 0)
bf1e3541 3510 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3511 else
a6785be2 3512 status = MGMT_STATUS_SUCCESS;
bf1e3541 3513
bdb6d971 3514 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3515 status, &cp->addr, sizeof(cp->addr));
2763eda6 3516
09fd0de5 3517 hci_dev_unlock(hdev);
2763eda6
SJ		 3518 return err;
3519}
3520
41dc2bd6
AG		 3521static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3522{
3523 struct pending_cmd *cmd;
3524 u8 type;
3525 int err;
3526
3527 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3528
3529 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3530 if (!cmd)
3531 return -ENOENT;
3532
3533 type = hdev->discovery.type;
3534
3535 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3536 &type, sizeof(type));
3537 mgmt_pending_remove(cmd);
3538
3539 return err;
3540}
3541
7c307720
AG		 3542static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3543{
ae55f598
LR		 3544 unsigned long timeout = 0;
3545
7c307720
AG		 3546 BT_DBG("status %d", status);
3547
3548 if (status) {
3549 hci_dev_lock(hdev);
3550 mgmt_start_discovery_failed(hdev, status);
3551 hci_dev_unlock(hdev);
3552 return;
3553 }
3554
3555 hci_dev_lock(hdev);
3556 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3557 hci_dev_unlock(hdev);
3558
3559 switch (hdev->discovery.type) {
3560 case DISCOV_TYPE_LE:
3d5a76f0 3561 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3562 break;
3563
3564 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3565 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3566 break;
3567
3568 case DISCOV_TYPE_BREDR:
3569 break;
3570
3571 default:
3572 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3573 }
ae55f598
LR		 3574
3575 if (!timeout)
3576 return;
3577
3578 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3579}
3580
bdb6d971 3581static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3582 void *data, u16 len)
14a53664 3583{
650f726d 3584 struct mgmt_cp_start_discovery *cp = data;
14a53664 3585 struct pending_cmd *cmd;
7c307720
AG		 3586 struct hci_cp_le_set_scan_param param_cp;
3587 struct hci_cp_le_set_scan_enable enable_cp;
3588 struct hci_cp_inquiry inq_cp;
3589 struct hci_request req;
3590 /* General inquiry access code (GIAC) */
3591 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3592 u8 status, own_addr_type;
14a53664
JH		 3593 int err;
3594
bdb6d971 3595 BT_DBG("%s", hdev->name);
14a53664 3596
09fd0de5 3597 hci_dev_lock(hdev);
14a53664 3598
4b34ee78 3599 if (!hdev_is_powered(hdev)) {
bdb6d971 3600 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3601 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3602 goto failed;
3603 }
3604
642be6c7
AG		 3605 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3606 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3607 MGMT_STATUS_BUSY);
3608 goto failed;
3609 }
3610
ff9ef578 3611 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3612 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3613 MGMT_STATUS_BUSY);
ff9ef578
JH		 3614 goto failed;
3615 }
3616
2e58ef3e 3617 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3618 if (!cmd) {
3619 err = -ENOMEM;
3620 goto failed;
3621 }
3622
4aab14e5
AG		 3623 hdev->discovery.type = cp->type;
3624
7c307720
AG		 3625 hci_req_init(&req, hdev);
3626
4aab14e5 3627 switch (hdev->discovery.type) {
f39799f5 3628 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3629 status = mgmt_bredr_support(hdev);
3630 if (status) {
04106755 3631 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3632 status);
04106755
JH		 3633 mgmt_pending_remove(cmd);
3634 goto failed;
3635 }
3636
7c307720
AG		 3637 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3638 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3639 MGMT_STATUS_BUSY);
3640 mgmt_pending_remove(cmd);
3641 goto failed;
3642 }
3643
3644 hci_inquiry_cache_flush(hdev);
3645
3646 memset(&inq_cp, 0, sizeof(inq_cp));
3647 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3648 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3649 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3650 break;
3651
3652 case DISCOV_TYPE_LE:
7c307720 3653 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3654 status = mgmt_le_support(hdev);
3655 if (status) {
04106755 3656 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3657 status);
04106755
JH		 3658 mgmt_pending_remove(cmd);
3659 goto failed;
3660 }
3661
7c307720 3662 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3663 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3664 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3665 MGMT_STATUS_NOT_SUPPORTED);
3666 mgmt_pending_remove(cmd);
3667 goto failed;
3668 }
3669
f3d3444a 3670 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3671 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3672 MGMT_STATUS_REJECTED);
3673 mgmt_pending_remove(cmd);
3674 goto failed;
3675 }
3676
c54c3860
AG		 3677 /* If controller is scanning, it means the background scanning
3678 * is running. Thus, we should temporarily stop it in order to
3679 * set the discovery scanning parameters.
3680 */
3681 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3682 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3683
3684 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3685
94b1fc92
MH		 3686 /* All active scans will be done with either a resolvable
3687 * private address (when privacy feature has been enabled)
3688 * or unresolvable private address.
3689 */
3690 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3691 if (err < 0) {
3692 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3693 MGMT_STATUS_FAILED);
3694 mgmt_pending_remove(cmd);
3695 goto failed;
3696 }
3697
7c307720 3698 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3699 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3700 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3701 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3702 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3703 &param_cp);
3704
3705 memset(&enable_cp, 0, sizeof(enable_cp));
3706 enable_cp.enable = LE_SCAN_ENABLE;
3707 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3708 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3709 &enable_cp);
5e0452c0
AG		 3710 break;
3711
f39799f5 3712 default:
04106755
JH		 3713 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3714 MGMT_STATUS_INVALID_PARAMS);
3715 mgmt_pending_remove(cmd);
3716 goto failed;
f39799f5 3717 }
3fd24153 3718
7c307720 3719 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3720 if (err < 0)
3721 mgmt_pending_remove(cmd);
ff9ef578
JH		 3722 else
3723 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3724
3725failed:
09fd0de5 3726 hci_dev_unlock(hdev);
14a53664
JH		 3727 return err;
3728}
3729
1183fdca
AG		 3730static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3731{
3732 struct pending_cmd *cmd;
3733 int err;
3734
3735 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3736 if (!cmd)
3737 return -ENOENT;
3738
3739 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3740 &hdev->discovery.type, sizeof(hdev->discovery.type));
3741 mgmt_pending_remove(cmd);
3742
3743 return err;
3744}
3745
0e05bba6
AG		 3746static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3747{
3748 BT_DBG("status %d", status);
3749
3750 hci_dev_lock(hdev);
3751
3752 if (status) {
3753 mgmt_stop_discovery_failed(hdev, status);
3754 goto unlock;
3755 }
3756
3757 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3758
3759unlock:
3760 hci_dev_unlock(hdev);
3761}
3762
bdb6d971 3763static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3764 u16 len)
14a53664 3765{
d930650b 3766 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3767 struct pending_cmd *cmd;
0e05bba6 3768 struct hci_request req;
14a53664
JH		 3769 int err;
3770
bdb6d971 3771 BT_DBG("%s", hdev->name);
14a53664 3772
09fd0de5 3773 hci_dev_lock(hdev);
14a53664 3774
30dc78e1 3775 if (!hci_discovery_active(hdev)) {
bdb6d971 3776 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3777 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3778 sizeof(mgmt_cp->type));
d930650b
JH		 3779 goto unlock;
3780 }
3781
3782 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3783 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3784 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3785 sizeof(mgmt_cp->type));
30dc78e1 3786 goto unlock;
ff9ef578
JH		 3787 }
3788
2e58ef3e 3789 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3790 if (!cmd) {
3791 err = -ENOMEM;
30dc78e1
JH		 3792 goto unlock;
3793 }
3794
0e05bba6
AG		 3795 hci_req_init(&req, hdev);
3796
21a60d30 3797 hci_stop_discovery(&req);
e0d9727e 3798
21a60d30
JH		 3799 err = hci_req_run(&req, stop_discovery_complete);
3800 if (!err) {
3801 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3802 goto unlock;
14a53664
JH		 3803 }
3804
21a60d30
JH		 3805 mgmt_pending_remove(cmd);
3806
3807 /* If no HCI commands were sent we're done */
3808 if (err == -ENODATA) {
3809 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3810 &mgmt_cp->type, sizeof(mgmt_cp->type));
3811 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3812 }
14a53664 3813
30dc78e1 3814unlock:
09fd0de5 3815 hci_dev_unlock(hdev);
14a53664
JH		 3816 return err;
3817}
3818
bdb6d971 3819static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3820 u16 len)
561aafbc 3821{
650f726d 3822 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3823 struct inquiry_entry *e;
561aafbc
JH		 3824 int err;
3825
bdb6d971 3826 BT_DBG("%s", hdev->name);
561aafbc 3827
561aafbc
JH		 3828 hci_dev_lock(hdev);
3829
30dc78e1 3830 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3831 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3832 MGMT_STATUS_FAILED, &cp->addr,
3833 sizeof(cp->addr));
30dc78e1
JH		 3834 goto failed;
3835 }
3836
a198e7b1 3837 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3838 if (!e) {
d3a2541d
LR		 3839 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3840 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3841 sizeof(cp->addr));
561aafbc
JH		 3842 goto failed;
3843 }
3844
3845 if (cp->name_known) {
3846 e->name_state = NAME_KNOWN;
3847 list_del(&e->list);
3848 } else {
3849 e->name_state = NAME_NEEDED;
a3d4e20a 3850 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3851 }
3852
e384662b
JH		 3853 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3854 sizeof(cp->addr));
561aafbc
JH		 3855
3856failed:
3857 hci_dev_unlock(hdev);
561aafbc
JH		 3858 return err;
3859}
3860
bdb6d971 3861static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3862 u16 len)
7fbec224 3863{
650f726d 3864 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3865 u8 status;
7fbec224
AJ		 3866 int err;
3867
bdb6d971 3868 BT_DBG("%s", hdev->name);
7fbec224 3869
4ee71b20 3870 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3871 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3872 MGMT_STATUS_INVALID_PARAMS,
3873 &cp->addr, sizeof(cp->addr));
4ee71b20 3874
09fd0de5 3875 hci_dev_lock(hdev);
5e762444 3876
88c1fe4b 3877 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3878 if (err < 0) {
f0eeea8b 3879 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3880 goto done;
3881 }
3882
3883 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3884 sk);
3885 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3886
2a8357f2 3887done:
bdb6d971 3888 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3889 &cp->addr, sizeof(cp->addr));
5e762444 3890
09fd0de5 3891 hci_dev_unlock(hdev);
7fbec224
AJ		 3892
3893 return err;
3894}
3895
bdb6d971 3896static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3897 u16 len)
7fbec224 3898{
650f726d 3899 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3900 u8 status;
7fbec224
AJ		 3901 int err;
3902
bdb6d971 3903 BT_DBG("%s", hdev->name);
7fbec224 3904
4ee71b20 3905 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3906 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3907 MGMT_STATUS_INVALID_PARAMS,
3908 &cp->addr, sizeof(cp->addr));
4ee71b20 3909
09fd0de5 3910 hci_dev_lock(hdev);
5e762444 3911
88c1fe4b 3912 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3913 if (err < 0) {
f0eeea8b 3914 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3915 goto done;
3916 }
3917
3918 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3919 sk);
3920 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3921
2a8357f2 3922done:
bdb6d971 3923 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3924 &cp->addr, sizeof(cp->addr));
5e762444 3925
09fd0de5 3926 hci_dev_unlock(hdev);
7fbec224
AJ		 3927
3928 return err;
3929}
3930
cdbaccca
MH		 3931static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3932 u16 len)
3933{
3934 struct mgmt_cp_set_device_id *cp = data;
890ea898 3935 struct hci_request req;
cdbaccca 3936 int err;
c72d4b8a 3937 __u16 source;
cdbaccca
MH		 3938
3939 BT_DBG("%s", hdev->name);
3940
c72d4b8a
SJ		 3941 source = __le16_to_cpu(cp->source);
3942
3943 if (source > 0x0002)
3944 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3945 MGMT_STATUS_INVALID_PARAMS);
3946
cdbaccca
MH		 3947 hci_dev_lock(hdev);
3948
c72d4b8a 3949 hdev->devid_source = source;
cdbaccca
MH		 3950 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3951 hdev->devid_product = __le16_to_cpu(cp->product);
3952 hdev->devid_version = __le16_to_cpu(cp->version);
3953
3954 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3955
890ea898
JH		 3956 hci_req_init(&req, hdev);
3957 update_eir(&req);
3958 hci_req_run(&req, NULL);
cdbaccca
MH		 3959
3960 hci_dev_unlock(hdev);
3961
3962 return err;
3963}
3964
4375f103
JH		 3965static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3966{
3967 struct cmd_lookup match = { NULL, hdev };
3968
3969 if (status) {
3970 u8 mgmt_err = mgmt_status(status);
3971
3972 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3973 cmd_status_rsp, &mgmt_err);
3974 return;
3975 }
3976
3977 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3978 &match);
3979
3980 new_settings(hdev, match.sk);
3981
3982 if (match.sk)
3983 sock_put(match.sk);
3984}
3985
21b5187f
MH		 3986static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3987 u16 len)
4375f103
JH		 3988{
3989 struct mgmt_mode *cp = data;
3990 struct pending_cmd *cmd;
3991 struct hci_request req;
e6fe7986 3992 u8 val, enabled, status;
4375f103
JH		 3993 int err;
3994
3995 BT_DBG("request for %s", hdev->name);
3996
e6fe7986
JH		 3997 status = mgmt_le_support(hdev);
3998 if (status)
4375f103 3999 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4000 status);
4375f103
JH		 4001
4002 if (cp->val != 0x00 && cp->val != 0x01)
4003 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4004 MGMT_STATUS_INVALID_PARAMS);
4005
4006 hci_dev_lock(hdev);
4007
4008 val = !!cp->val;
f3d3444a 4009 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4010
f74ca9b8
JH		 4011 /* The following conditions are ones which mean that we should
4012 * not do any HCI communication but directly send a mgmt
4013 * response to user space (after toggling the flag if
4014 * necessary).
4015 */
4016 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 4017 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 4018 bool changed = false;
4019
f3d3444a
JH		 4020 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4021 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4022 changed = true;
4023 }
4024
4025 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4026 if (err < 0)
4027 goto unlock;
4028
4029 if (changed)
4030 err = new_settings(hdev, sk);
4031
4032 goto unlock;
4033 }
4034
4035 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4036 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4037 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4038 MGMT_STATUS_BUSY);
4039 goto unlock;
4040 }
4041
4042 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4043 if (!cmd) {
4044 err = -ENOMEM;
4045 goto unlock;
4046 }
4047
4048 hci_req_init(&req, hdev);
4049
bba3aa55
MH		 4050 if (val)
4051 enable_advertising(&req);
4052 else
4053 disable_advertising(&req);
4375f103
JH		 4054
4055 err = hci_req_run(&req, set_advertising_complete);
4056 if (err < 0)
4057 mgmt_pending_remove(cmd);
4058
4059unlock:
4060 hci_dev_unlock(hdev);
4061 return err;
4062}
4063
d13eafce
MH		 4064static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4065 void *data, u16 len)
4066{
4067 struct mgmt_cp_set_static_address *cp = data;
4068 int err;
4069
4070 BT_DBG("%s", hdev->name);
4071
62af4443 4072 if (!lmp_le_capable(hdev))
d13eafce 4073 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4074 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4075
4076 if (hdev_is_powered(hdev))
4077 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4078 MGMT_STATUS_REJECTED);
4079
4080 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4081 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4082 return cmd_status(sk, hdev->id,
4083 MGMT_OP_SET_STATIC_ADDRESS,
4084 MGMT_STATUS_INVALID_PARAMS);
4085
4086 /* Two most significant bits shall be set */
4087 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4088 return cmd_status(sk, hdev->id,
4089 MGMT_OP_SET_STATIC_ADDRESS,
4090 MGMT_STATUS_INVALID_PARAMS);
4091 }
4092
4093 hci_dev_lock(hdev);
4094
4095 bacpy(&hdev->static_addr, &cp->bdaddr);
4096
4097 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4098
4099 hci_dev_unlock(hdev);
4100
4101 return err;
4102}
4103
14b49b9a
MH		 4104static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4105 void *data, u16 len)
4106{
4107 struct mgmt_cp_set_scan_params *cp = data;
4108 __u16 interval, window;
4109 int err;
4110
4111 BT_DBG("%s", hdev->name);
4112
4113 if (!lmp_le_capable(hdev))
4114 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4115 MGMT_STATUS_NOT_SUPPORTED);
4116
4117 interval = __le16_to_cpu(cp->interval);
4118
4119 if (interval < 0x0004 || interval > 0x4000)
4120 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4121 MGMT_STATUS_INVALID_PARAMS);
4122
4123 window = __le16_to_cpu(cp->window);
4124
4125 if (window < 0x0004 || window > 0x4000)
4126 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4127 MGMT_STATUS_INVALID_PARAMS);
4128
899e1075
MH		 4129 if (window > interval)
4130 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4131 MGMT_STATUS_INVALID_PARAMS);
4132
14b49b9a
MH		 4133 hci_dev_lock(hdev);
4134
4135 hdev->le_scan_interval = interval;
4136 hdev->le_scan_window = window;
4137
4138 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4139
dd2ef8e2
AG		 4140 /* If background scan is running, restart it so new parameters are
4141 * loaded.
4142 */
4143 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4144 hdev->discovery.state == DISCOVERY_STOPPED) {
4145 struct hci_request req;
4146
4147 hci_req_init(&req, hdev);
4148
4149 hci_req_add_le_scan_disable(&req);
4150 hci_req_add_le_passive_scan(&req);
4151
4152 hci_req_run(&req, NULL);
4153 }
4154
14b49b9a
MH		 4155 hci_dev_unlock(hdev);
4156
4157 return err;
4158}
4159
33e38b3e
JH		 4160static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4161{
4162 struct pending_cmd *cmd;
4163
4164 BT_DBG("status 0x%02x", status);
4165
4166 hci_dev_lock(hdev);
4167
4168 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4169 if (!cmd)
4170 goto unlock;
4171
4172 if (status) {
4173 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4174 mgmt_status(status));
4175 } else {
1a4d3c4b
JH		 4176 struct mgmt_mode *cp = cmd->param;
4177
4178 if (cp->val)
4179 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4180 else
4181 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4182
33e38b3e
JH		 4183 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4184 new_settings(hdev, cmd->sk);
4185 }
4186
4187 mgmt_pending_remove(cmd);
4188
4189unlock:
4190 hci_dev_unlock(hdev);
4191}
4192
bdb6d971 4193static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4194 void *data, u16 len)
f6422ec6 4195{
650f726d 4196 struct mgmt_mode *cp = data;
33e38b3e
JH		 4197 struct pending_cmd *cmd;
4198 struct hci_request req;
f6422ec6
AJ		 4199 int err;
4200
bdb6d971 4201 BT_DBG("%s", hdev->name);
f6422ec6 4202
56f87901
JH		 4203 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4204 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4205 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4206 MGMT_STATUS_NOT_SUPPORTED);
4207
a7e80f25
JH		 4208 if (cp->val != 0x00 && cp->val != 0x01)
4209 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4210 MGMT_STATUS_INVALID_PARAMS);
4211
5400c044 4212 if (!hdev_is_powered(hdev))
bdb6d971 4213 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4214 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4215
4216 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4217 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4218 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4219
4220 hci_dev_lock(hdev);
4221
05cbf29f
JH		 4222 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4223 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4224 MGMT_STATUS_BUSY);
4225 goto unlock;
4226 }
4227
1a4d3c4b
JH		 4228 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4229 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4230 hdev);
4231 goto unlock;
4232 }
4233
33e38b3e
JH		 4234 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4235 data, len);
4236 if (!cmd) {
4237 err = -ENOMEM;
4238 goto unlock;
f6422ec6
AJ		 4239 }
4240
33e38b3e
JH		 4241 hci_req_init(&req, hdev);
4242
406d7804 4243 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4244
4245 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4246 if (err < 0) {
bdb6d971 4247 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4248 MGMT_STATUS_FAILED);
33e38b3e 4249 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4250 }
4251
33e38b3e 4252unlock:
f6422ec6 4253 hci_dev_unlock(hdev);
33e38b3e 4254
f6422ec6
AJ		 4255 return err;
4256}
4257
67e5a7a3
JH		 4258static void set_bredr_scan(struct hci_request *req)
4259{
4260 struct hci_dev *hdev = req->hdev;
4261 u8 scan = 0;
4262
4263 /* Ensure that fast connectable is disabled. This function will
4264 * not do anything if the page scan parameters are already what
4265 * they should be.
4266 */
4267 write_fast_connectable(req, false);
4268
4269 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4270 scan |= SCAN_PAGE;
4271 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4272 scan |= SCAN_INQUIRY;
4273
4274 if (scan)
4275 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4276}
4277
0663ca2a
JH		 4278static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4279{
4280 struct pending_cmd *cmd;
4281
4282 BT_DBG("status 0x%02x", status);
4283
4284 hci_dev_lock(hdev);
4285
4286 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4287 if (!cmd)
4288 goto unlock;
4289
4290 if (status) {
4291 u8 mgmt_err = mgmt_status(status);
4292
4293 /* We need to restore the flag if related HCI commands
4294 * failed.
4295 */
4296 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4297
4298 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4299 } else {
4300 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4301 new_settings(hdev, cmd->sk);
4302 }
4303
4304 mgmt_pending_remove(cmd);
4305
4306unlock:
4307 hci_dev_unlock(hdev);
4308}
4309
4310static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4311{
4312 struct mgmt_mode *cp = data;
4313 struct pending_cmd *cmd;
4314 struct hci_request req;
4315 int err;
4316
4317 BT_DBG("request for %s", hdev->name);
4318
4319 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4320 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4321 MGMT_STATUS_NOT_SUPPORTED);
4322
4323 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4324 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4325 MGMT_STATUS_REJECTED);
4326
4327 if (cp->val != 0x00 && cp->val != 0x01)
4328 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4329 MGMT_STATUS_INVALID_PARAMS);
4330
4331 hci_dev_lock(hdev);
4332
4333 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4334 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4335 goto unlock;
4336 }
4337
4338 if (!hdev_is_powered(hdev)) {
4339 if (!cp->val) {
0663ca2a
JH		 4340 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4341 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4342 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4343 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4344 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4345 }
4346
4347 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4348
4349 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4350 if (err < 0)
4351 goto unlock;
4352
4353 err = new_settings(hdev, sk);
4354 goto unlock;
4355 }
4356
4357 /* Reject disabling when powered on */
4358 if (!cp->val) {
4359 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4360 MGMT_STATUS_REJECTED);
4361 goto unlock;
4362 }
4363
4364 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4365 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4366 MGMT_STATUS_BUSY);
4367 goto unlock;
4368 }
4369
4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4371 if (!cmd) {
4372 err = -ENOMEM;
4373 goto unlock;
4374 }
4375
5947f4bc 4376 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4377 * generates the correct flags.
4378 */
4379 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4380
4381 hci_req_init(&req, hdev);
aa8af46e
JH		 4382
4383 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4384 set_bredr_scan(&req);
4385
f14d8f64
MH		 4386 /* Since only the advertising data flags will change, there
4387 * is no need to update the scan response data.
4388 */
5947f4bc 4389 update_adv_data(&req);
aa8af46e 4390
0663ca2a
JH		 4391 err = hci_req_run(&req, set_bredr_complete);
4392 if (err < 0)
4393 mgmt_pending_remove(cmd);
4394
4395unlock:
4396 hci_dev_unlock(hdev);
4397 return err;
4398}
4399
eac83dc6
MH		 4400static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4401 void *data, u16 len)
4402{
4403 struct mgmt_mode *cp = data;
4404 struct pending_cmd *cmd;
0ab04a9c 4405 u8 val, status;
eac83dc6
MH		 4406 int err;
4407
4408 BT_DBG("request for %s", hdev->name);
4409
4410 status = mgmt_bredr_support(hdev);
4411 if (status)
4412 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4413 status);
4414
5afeac14 4415 if (!lmp_sc_capable(hdev) &&
111902f7 4416 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4417 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4418 MGMT_STATUS_NOT_SUPPORTED);
4419
0ab04a9c 4420 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4421 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4422 MGMT_STATUS_INVALID_PARAMS);
4423
4424 hci_dev_lock(hdev);
4425
4426 if (!hdev_is_powered(hdev)) {
4427 bool changed;
4428
0ab04a9c 4429 if (cp->val) {
eac83dc6
MH		 4430 changed = !test_and_set_bit(HCI_SC_ENABLED,
4431 &hdev->dev_flags);
0ab04a9c
MH		 4432 if (cp->val == 0x02)
4433 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4434 else
4435 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4436 } else {
eac83dc6
MH		 4437 changed = test_and_clear_bit(HCI_SC_ENABLED,
4438 &hdev->dev_flags);
0ab04a9c
MH		 4439 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4440 }
eac83dc6
MH		 4441
4442 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4443 if (err < 0)
4444 goto failed;
4445
4446 if (changed)
4447 err = new_settings(hdev, sk);
4448
4449 goto failed;
4450 }
4451
4452 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4453 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4454 MGMT_STATUS_BUSY);
4455 goto failed;
4456 }
4457
0ab04a9c
MH		 4458 val = !!cp->val;
4459
4460 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4461 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4462 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4463 goto failed;
4464 }
4465
4466 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4467 if (!cmd) {
4468 err = -ENOMEM;
4469 goto failed;
4470 }
4471
0ab04a9c 4472 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4473 if (err < 0) {
4474 mgmt_pending_remove(cmd);
4475 goto failed;
4476 }
4477
0ab04a9c
MH		 4478 if (cp->val == 0x02)
4479 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4480 else
4481 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4482
eac83dc6
MH		 4483failed:
4484 hci_dev_unlock(hdev);
4485 return err;
4486}
4487
4e39ac81
MH		 4488static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4489 void *data, u16 len)
4490{
4491 struct mgmt_mode *cp = data;
b9710979 4492 bool changed, use_changed;
4e39ac81
MH		 4493 int err;
4494
4495 BT_DBG("request for %s", hdev->name);
4496
b9710979 4497 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4498 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4499 MGMT_STATUS_INVALID_PARAMS);
4500
4501 hci_dev_lock(hdev);
4502
4503 if (cp->val)
0663b297
JH		 4504 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4505 &hdev->dev_flags);
4e39ac81 4506 else
0663b297
JH		 4507 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4508 &hdev->dev_flags);
4e39ac81 4509
b9710979
JH		 4510 if (cp->val == 0x02)
4511 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4512 &hdev->dev_flags);
4513 else
4514 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4515 &hdev->dev_flags);
4516
4517 if (hdev_is_powered(hdev) && use_changed &&
4518 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4519 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4520 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4521 sizeof(mode), &mode);
4522 }
4523
4e39ac81
MH		 4524 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4525 if (err < 0)
4526 goto unlock;
4527
4528 if (changed)
4529 err = new_settings(hdev, sk);
4530
4531unlock:
4532 hci_dev_unlock(hdev);
4533 return err;
4534}
4535
62b04cd1
JH		 4536static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4537 u16 len)
4538{
4539 struct mgmt_cp_set_privacy *cp = cp_data;
4540 bool changed;
4541 int err;
4542
4543 BT_DBG("request for %s", hdev->name);
4544
4545 if (!lmp_le_capable(hdev))
4546 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4547 MGMT_STATUS_NOT_SUPPORTED);
4548
4549 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4550 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4551 MGMT_STATUS_INVALID_PARAMS);
4552
4553 if (hdev_is_powered(hdev))
4554 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4555 MGMT_STATUS_REJECTED);
4556
4557 hci_dev_lock(hdev);
4558
c21c0ea0
JH		 4559 /* If user space supports this command it is also expected to
4560 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4561 */
4562 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4563
62b04cd1
JH		 4564 if (cp->privacy) {
4565 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4566 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4567 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4568 } else {
4569 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4570 memset(hdev->irk, 0, sizeof(hdev->irk));
4571 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4572 }
4573
4574 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4575 if (err < 0)
4576 goto unlock;
4577
4578 if (changed)
4579 err = new_settings(hdev, sk);
4580
4581unlock:
4582 hci_dev_unlock(hdev);
4583 return err;
4584}
4585
41edf160
JH		 4586static bool irk_is_valid(struct mgmt_irk_info *irk)
4587{
4588 switch (irk->addr.type) {
4589 case BDADDR_LE_PUBLIC:
4590 return true;
4591
4592 case BDADDR_LE_RANDOM:
4593 /* Two most significant bits shall be set */
4594 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4595 return false;
4596 return true;
4597 }
4598
4599 return false;
4600}
4601
4602static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4603 u16 len)
4604{
4605 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4606 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4607 sizeof(struct mgmt_irk_info));
41edf160
JH		 4608 u16 irk_count, expected_len;
4609 int i, err;
4610
4611 BT_DBG("request for %s", hdev->name);
4612
4613 if (!lmp_le_capable(hdev))
4614 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4615 MGMT_STATUS_NOT_SUPPORTED);
4616
4617 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4618 if (irk_count > max_irk_count) {
4619 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4620 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4621 MGMT_STATUS_INVALID_PARAMS);
4622 }
41edf160
JH		 4623
4624 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4625 if (expected_len != len) {
4626 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4627 expected_len, len);
41edf160
JH		 4628 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4629 MGMT_STATUS_INVALID_PARAMS);
4630 }
4631
4632 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4633
4634 for (i = 0; i < irk_count; i++) {
4635 struct mgmt_irk_info *key = &cp->irks[i];
4636
4637 if (!irk_is_valid(key))
4638 return cmd_status(sk, hdev->id,
4639 MGMT_OP_LOAD_IRKS,
4640 MGMT_STATUS_INVALID_PARAMS);
4641 }
4642
4643 hci_dev_lock(hdev);
4644
4645 hci_smp_irks_clear(hdev);
4646
4647 for (i = 0; i < irk_count; i++) {
4648 struct mgmt_irk_info *irk = &cp->irks[i];
4649 u8 addr_type;
4650
4651 if (irk->addr.type == BDADDR_LE_PUBLIC)
4652 addr_type = ADDR_LE_DEV_PUBLIC;
4653 else
4654 addr_type = ADDR_LE_DEV_RANDOM;
4655
4656 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4657 BDADDR_ANY);
4658 }
4659
4660 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4661
4662 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4663
4664 hci_dev_unlock(hdev);
4665
4666 return err;
4667}
4668
3f706b72
JH		 4669static bool ltk_is_valid(struct mgmt_ltk_info *key)
4670{
4671 if (key->master != 0x00 && key->master != 0x01)
4672 return false;
490cb0b3
MH		 4673
4674 switch (key->addr.type) {
4675 case BDADDR_LE_PUBLIC:
4676 return true;
4677
4678 case BDADDR_LE_RANDOM:
4679 /* Two most significant bits shall be set */
4680 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4681 return false;
4682 return true;
4683 }
4684
4685 return false;
3f706b72
JH		 4686}
4687
bdb6d971 4688static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4689 void *cp_data, u16 len)
346af67b 4690{
346af67b 4691 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4692 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4693 sizeof(struct mgmt_ltk_info));
346af67b 4694 u16 key_count, expected_len;
715a5bf2 4695 int i, err;
346af67b 4696
cf99ba13
MH		 4697 BT_DBG("request for %s", hdev->name);
4698
4699 if (!lmp_le_capable(hdev))
4700 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4701 MGMT_STATUS_NOT_SUPPORTED);
4702
1f350c87 4703 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4704 if (key_count > max_key_count) {
4705 BT_ERR("load_ltks: too big key_count value %u", key_count);
4706 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4707 MGMT_STATUS_INVALID_PARAMS);
4708 }
346af67b
VCG		 4709
4710 expected_len = sizeof(*cp) + key_count *
4711 sizeof(struct mgmt_ltk_info);
4712 if (expected_len != len) {
4713 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4714 expected_len, len);
bdb6d971 4715 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4716 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4717 }
4718
bdb6d971 4719 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4720
54ad6d8a
JH		 4721 for (i = 0; i < key_count; i++) {
4722 struct mgmt_ltk_info *key = &cp->keys[i];
4723
3f706b72 4724 if (!ltk_is_valid(key))
54ad6d8a
JH		 4725 return cmd_status(sk, hdev->id,
4726 MGMT_OP_LOAD_LONG_TERM_KEYS,
4727 MGMT_STATUS_INVALID_PARAMS);
4728 }
4729
346af67b
VCG		 4730 hci_dev_lock(hdev);
4731
4732 hci_smp_ltks_clear(hdev);
4733
4734 for (i = 0; i < key_count; i++) {
4735 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4736 u8 type, addr_type, authenticated;
79d95a19
MH		 4737
4738 if (key->addr.type == BDADDR_LE_PUBLIC)
4739 addr_type = ADDR_LE_DEV_PUBLIC;
4740 else
4741 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4742
4743 if (key->master)
2ceba539 4744 type = SMP_LTK;
346af67b 4745 else
2ceba539 4746 type = SMP_LTK_SLAVE;
346af67b 4747
61b43357
JH		 4748 switch (key->type) {
4749 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4750 authenticated = 0x00;
61b43357
JH		 4751 break;
4752 case MGMT_LTK_AUTHENTICATED:
d7b25450 4753 authenticated = 0x01;
61b43357
JH		 4754 break;
4755 default:
4756 continue;
4757 }
d7b25450 4758
35d70271 4759 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4760 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4761 key->rand);
346af67b
VCG		 4762 }
4763
715a5bf2
JH		 4764 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4765 NULL, 0);
4766
346af67b 4767 hci_dev_unlock(hdev);
346af67b 4768
715a5bf2 4769 return err;
346af67b
VCG		 4770}
4771
dd983808
AK		 4772struct cmd_conn_lookup {
4773 struct hci_conn *conn;
4774 bool valid_tx_power;
4775 u8 mgmt_status;
4776};
4777
4778static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4779{
4780 struct cmd_conn_lookup *match = data;
4781 struct mgmt_cp_get_conn_info *cp;
4782 struct mgmt_rp_get_conn_info rp;
4783 struct hci_conn *conn = cmd->user_data;
4784
4785 if (conn != match->conn)
4786 return;
4787
4788 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4789
4790 memset(&rp, 0, sizeof(rp));
4791 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4792 rp.addr.type = cp->addr.type;
4793
4794 if (!match->mgmt_status) {
4795 rp.rssi = conn->rssi;
4796
eed5daf3 4797 if (match->valid_tx_power) {
dd983808 4798 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4799 rp.max_tx_power = conn->max_tx_power;
4800 } else {
dd983808 4801 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4802 rp.max_tx_power = HCI_TX_POWER_INVALID;
4803 }
dd983808
AK		 4804 }
4805
4806 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4807 match->mgmt_status, &rp, sizeof(rp));
4808
4809 hci_conn_drop(conn);
4810
4811 mgmt_pending_remove(cmd);
4812}
4813
4814static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4815{
4816 struct hci_cp_read_rssi *cp;
4817 struct hci_conn *conn;
4818 struct cmd_conn_lookup match;
4819 u16 handle;
4820
4821 BT_DBG("status 0x%02x", status);
4822
4823 hci_dev_lock(hdev);
4824
4825 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4826 * otherwise we assume it's not valid. At the moment we assume that
4827 * either both or none of current and max values are valid to keep code
4828 * simple.
dd983808
AK		 4829 */
4830 match.valid_tx_power = !status;
4831
4832 /* Commands sent in request are either Read RSSI or Read Transmit Power
4833 * Level so we check which one was last sent to retrieve connection
4834 * handle. Both commands have handle as first parameter so it's safe to
4835 * cast data on the same command struct.
4836 *
4837 * First command sent is always Read RSSI and we fail only if it fails.
4838 * In other case we simply override error to indicate success as we
4839 * already remembered if TX power value is actually valid.
4840 */
4841 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4842 if (!cp) {
4843 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4844 status = 0;
4845 }
4846
4847 if (!cp) {
4848 BT_ERR("invalid sent_cmd in response");
4849 goto unlock;
4850 }
4851
4852 handle = __le16_to_cpu(cp->handle);
4853 conn = hci_conn_hash_lookup_handle(hdev, handle);
4854 if (!conn) {
4855 BT_ERR("unknown handle (%d) in response", handle);
4856 goto unlock;
4857 }
4858
4859 match.conn = conn;
4860 match.mgmt_status = mgmt_status(status);
4861
4862 /* Cache refresh is complete, now reply for mgmt request for given
4863 * connection only.
4864 */
4865 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4866 get_conn_info_complete, &match);
4867
4868unlock:
4869 hci_dev_unlock(hdev);
4870}
4871
4872static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4873 u16 len)
4874{
4875 struct mgmt_cp_get_conn_info *cp = data;
4876 struct mgmt_rp_get_conn_info rp;
4877 struct hci_conn *conn;
4878 unsigned long conn_info_age;
4879 int err = 0;
4880
4881 BT_DBG("%s", hdev->name);
4882
4883 memset(&rp, 0, sizeof(rp));
4884 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4885 rp.addr.type = cp->addr.type;
4886
4887 if (!bdaddr_type_is_valid(cp->addr.type))
4888 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4889 MGMT_STATUS_INVALID_PARAMS,
4890 &rp, sizeof(rp));
4891
4892 hci_dev_lock(hdev);
4893
4894 if (!hdev_is_powered(hdev)) {
4895 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4896 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4897 goto unlock;
4898 }
4899
4900 if (cp->addr.type == BDADDR_BREDR)
4901 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4902 &cp->addr.bdaddr);
4903 else
4904 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4905
4906 if (!conn || conn->state != BT_CONNECTED) {
4907 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4908 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4909 goto unlock;
4910 }
4911
4912 /* To avoid client trying to guess when to poll again for information we
4913 * calculate conn info age as random value between min/max set in hdev.
4914 */
4915 conn_info_age = hdev->conn_info_min_age +
4916 prandom_u32_max(hdev->conn_info_max_age -
4917 hdev->conn_info_min_age);
4918
4919 /* Query controller to refresh cached values if they are too old or were
4920 * never read.
4921 */
f4e2dd53
AK		 4922 if (time_after(jiffies, conn->conn_info_timestamp +
4923 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4924 !conn->conn_info_timestamp) {
4925 struct hci_request req;
4926 struct hci_cp_read_tx_power req_txp_cp;
4927 struct hci_cp_read_rssi req_rssi_cp;
4928 struct pending_cmd *cmd;
4929
4930 hci_req_init(&req, hdev);
4931 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4932 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4933 &req_rssi_cp);
4934
f7faab0c
AK		 4935 /* For LE links TX power does not change thus we don't need to
4936 * query for it once value is known.
4937 */
4938 if (!bdaddr_type_is_le(cp->addr.type) ||
4939 conn->tx_power == HCI_TX_POWER_INVALID) {
4940 req_txp_cp.handle = cpu_to_le16(conn->handle);
4941 req_txp_cp.type = 0x00;
4942 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4943 sizeof(req_txp_cp), &req_txp_cp);
4944 }
dd983808 4945
eed5daf3
AK		 4946 /* Max TX power needs to be read only once per connection */
4947 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4948 req_txp_cp.handle = cpu_to_le16(conn->handle);
4949 req_txp_cp.type = 0x01;
4950 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4951 sizeof(req_txp_cp), &req_txp_cp);
4952 }
4953
dd983808
AK		 4954 err = hci_req_run(&req, conn_info_refresh_complete);
4955 if (err < 0)
4956 goto unlock;
4957
4958 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4959 data, len);
4960 if (!cmd) {
4961 err = -ENOMEM;
4962 goto unlock;
4963 }
4964
4965 hci_conn_hold(conn);
4966 cmd->user_data = conn;
4967
4968 conn->conn_info_timestamp = jiffies;
4969 } else {
4970 /* Cache is valid, just reply with values cached in hci_conn */
4971 rp.rssi = conn->rssi;
4972 rp.tx_power = conn->tx_power;
eed5daf3 4973 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 4974
4975 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4976 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
4977 }
4978
4979unlock:
4980 hci_dev_unlock(hdev);
4981 return err;
4982}
4983
95868426
JH		 4984static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
4985{
4986 struct mgmt_cp_get_clock_info *cp;
4987 struct mgmt_rp_get_clock_info rp;
4988 struct hci_cp_read_clock *hci_cp;
4989 struct pending_cmd *cmd;
4990 struct hci_conn *conn;
4991
4992 BT_DBG("%s status %u", hdev->name, status);
4993
4994 hci_dev_lock(hdev);
4995
4996 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4997 if (!hci_cp)
4998 goto unlock;
4999
5000 if (hci_cp->which) {
5001 u16 handle = __le16_to_cpu(hci_cp->handle);
5002 conn = hci_conn_hash_lookup_handle(hdev, handle);
5003 } else {
5004 conn = NULL;
5005 }
5006
5007 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5008 if (!cmd)
5009 goto unlock;
5010
5011 cp = cmd->param;
5012
5013 memset(&rp, 0, sizeof(rp));
5014 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5015
5016 if (status)
5017 goto send_rsp;
5018
5019 rp.local_clock = cpu_to_le32(hdev->clock);
5020
5021 if (conn) {
5022 rp.piconet_clock = cpu_to_le32(conn->clock);
5023 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5024 }
5025
5026send_rsp:
5027 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5028 &rp, sizeof(rp));
5029 mgmt_pending_remove(cmd);
5030 if (conn)
5031 hci_conn_drop(conn);
5032
5033unlock:
5034 hci_dev_unlock(hdev);
5035}
5036
5037static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5038 u16 len)
5039{
5040 struct mgmt_cp_get_clock_info *cp = data;
5041 struct mgmt_rp_get_clock_info rp;
5042 struct hci_cp_read_clock hci_cp;
5043 struct pending_cmd *cmd;
5044 struct hci_request req;
5045 struct hci_conn *conn;
5046 int err;
5047
5048 BT_DBG("%s", hdev->name);
5049
5050 memset(&rp, 0, sizeof(rp));
5051 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5052 rp.addr.type = cp->addr.type;
5053
5054 if (cp->addr.type != BDADDR_BREDR)
5055 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5056 MGMT_STATUS_INVALID_PARAMS,
5057 &rp, sizeof(rp));
5058
5059 hci_dev_lock(hdev);
5060
5061 if (!hdev_is_powered(hdev)) {
5062 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5063 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5064 goto unlock;
5065 }
5066
5067 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5068 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5069 &cp->addr.bdaddr);
5070 if (!conn || conn->state != BT_CONNECTED) {
5071 err = cmd_complete(sk, hdev->id,
5072 MGMT_OP_GET_CLOCK_INFO,
5073 MGMT_STATUS_NOT_CONNECTED,
5074 &rp, sizeof(rp));
5075 goto unlock;
5076 }
5077 } else {
5078 conn = NULL;
5079 }
5080
5081 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5082 if (!cmd) {
5083 err = -ENOMEM;
5084 goto unlock;
5085 }
5086
5087 hci_req_init(&req, hdev);
5088
5089 memset(&hci_cp, 0, sizeof(hci_cp));
5090 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5091
5092 if (conn) {
5093 hci_conn_hold(conn);
5094 cmd->user_data = conn;
5095
5096 hci_cp.handle = cpu_to_le16(conn->handle);
5097 hci_cp.which = 0x01; /* Piconet clock */
5098 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5099 }
5100
5101 err = hci_req_run(&req, get_clock_info_complete);
5102 if (err < 0)
5103 mgmt_pending_remove(cmd);
5104
5105unlock:
5106 hci_dev_unlock(hdev);
5107 return err;
5108}
5109
8afef092
MH		 5110static void device_added(struct sock *sk, struct hci_dev *hdev,
5111 bdaddr_t *bdaddr, u8 type, u8 action)
5112{
5113 struct mgmt_ev_device_added ev;
5114
5115 bacpy(&ev.addr.bdaddr, bdaddr);
5116 ev.addr.type = type;
5117 ev.action = action;
5118
5119 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5120}
5121
2faade53
MH		 5122static int add_device(struct sock *sk, struct hci_dev *hdev,
5123 void *data, u16 len)
5124{
5125 struct mgmt_cp_add_device *cp = data;
5126 u8 auto_conn, addr_type;
5127 int err;
5128
5129 BT_DBG("%s", hdev->name);
5130
5131 if (!bdaddr_type_is_le(cp->addr.type) ||
5132 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5133 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5134 MGMT_STATUS_INVALID_PARAMS,
5135 &cp->addr, sizeof(cp->addr));
5136
5137 if (cp->action != 0x00 && cp->action != 0x01)
5138 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5139 MGMT_STATUS_INVALID_PARAMS,
5140 &cp->addr, sizeof(cp->addr));
5141
5142 hci_dev_lock(hdev);
5143
5144 if (cp->addr.type == BDADDR_LE_PUBLIC)
5145 addr_type = ADDR_LE_DEV_PUBLIC;
5146 else
5147 addr_type = ADDR_LE_DEV_RANDOM;
5148
5149 if (cp->action)
5150 auto_conn = HCI_AUTO_CONN_ALWAYS;
5151 else
a3451d27 5152 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5153
bf5b3c8b
MH		 5154 /* If the connection parameters don't exist for this device,
5155 * they will be created and configured with defaults.
5156 */
d06b50ce
MH		 5157 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5158 auto_conn) < 0) {
2faade53
MH		 5159 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5160 MGMT_STATUS_FAILED,
5161 &cp->addr, sizeof(cp->addr));
5162 goto unlock;
5163 }
5164
8afef092
MH		 5165 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5166
2faade53
MH		 5167 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5168 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5169
5170unlock:
5171 hci_dev_unlock(hdev);
5172 return err;
5173}
5174
8afef092
MH		 5175static void device_removed(struct sock *sk, struct hci_dev *hdev,
5176 bdaddr_t *bdaddr, u8 type)
5177{
5178 struct mgmt_ev_device_removed ev;
5179
5180 bacpy(&ev.addr.bdaddr, bdaddr);
5181 ev.addr.type = type;
5182
5183 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5184}
5185
2faade53
MH		 5186static int remove_device(struct sock *sk, struct hci_dev *hdev,
5187 void *data, u16 len)
5188{
5189 struct mgmt_cp_remove_device *cp = data;
5190 int err;
5191
5192 BT_DBG("%s", hdev->name);
5193
5194 hci_dev_lock(hdev);
5195
5196 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5197 struct hci_conn_params *params;
2faade53
MH		 5198 u8 addr_type;
5199
5200 if (!bdaddr_type_is_le(cp->addr.type)) {
5201 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5202 MGMT_STATUS_INVALID_PARAMS,
5203 &cp->addr, sizeof(cp->addr));
5204 goto unlock;
5205 }
5206
5207 if (cp->addr.type == BDADDR_LE_PUBLIC)
5208 addr_type = ADDR_LE_DEV_PUBLIC;
5209 else
5210 addr_type = ADDR_LE_DEV_RANDOM;
5211
c71593dd
JH		 5212 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5213 addr_type);
5214 if (!params) {
5215 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5216 MGMT_STATUS_INVALID_PARAMS,
5217 &cp->addr, sizeof(cp->addr));
5218 goto unlock;
5219 }
5220
5221 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5222 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5223 MGMT_STATUS_INVALID_PARAMS,
5224 &cp->addr, sizeof(cp->addr));
5225 goto unlock;
5226 }
5227
95305baa 5228 list_del_init(&params->action);
c71593dd
JH		 5229 list_del(&params->list);
5230 kfree(params);
95305baa 5231 hci_update_background_scan(hdev);
8afef092
MH		 5232
5233 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53
MH		 5234 } else {
5235 if (cp->addr.type) {
5236 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5237 MGMT_STATUS_INVALID_PARAMS,
5238 &cp->addr, sizeof(cp->addr));
5239 goto unlock;
5240 }
5241
c71593dd 5242 hci_conn_params_clear_enabled(hdev);
2faade53
MH		 5243 }
5244
5245 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5246 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5247
5248unlock:
5249 hci_dev_unlock(hdev);
5250 return err;
5251}
5252
a26f3dcf
JH		 5253static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5254 u16 len)
5255{
5256 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5257 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5258 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5259 u16 param_count, expected_len;
5260 int i;
5261
5262 if (!lmp_le_capable(hdev))
5263 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5264 MGMT_STATUS_NOT_SUPPORTED);
5265
5266 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5267 if (param_count > max_param_count) {
5268 BT_ERR("load_conn_param: too big param_count value %u",
5269 param_count);
5270 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5271 MGMT_STATUS_INVALID_PARAMS);
5272 }
a26f3dcf
JH		 5273
5274 expected_len = sizeof(*cp) + param_count *
5275 sizeof(struct mgmt_conn_param);
5276 if (expected_len != len) {
5277 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5278 expected_len, len);
5279 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5280 MGMT_STATUS_INVALID_PARAMS);
5281 }
5282
5283 BT_DBG("%s param_count %u", hdev->name, param_count);
5284
5285 hci_dev_lock(hdev);
5286
5287 hci_conn_params_clear_disabled(hdev);
5288
5289 for (i = 0; i < param_count; i++) {
5290 struct mgmt_conn_param *param = &cp->params[i];
5291 struct hci_conn_params *hci_param;
5292 u16 min, max, latency, timeout;
5293 u8 addr_type;
5294
5295 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5296 param->addr.type);
5297
5298 if (param->addr.type == BDADDR_LE_PUBLIC) {
5299 addr_type = ADDR_LE_DEV_PUBLIC;
5300 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5301 addr_type = ADDR_LE_DEV_RANDOM;
5302 } else {
5303 BT_ERR("Ignoring invalid connection parameters");
5304 continue;
5305 }
5306
5307 min = le16_to_cpu(param->min_interval);
5308 max = le16_to_cpu(param->max_interval);
5309 latency = le16_to_cpu(param->latency);
5310 timeout = le16_to_cpu(param->timeout);
5311
5312 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5313 min, max, latency, timeout);
5314
5315 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5316 BT_ERR("Ignoring invalid connection parameters");
5317 continue;
5318 }
5319
5320 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5321 addr_type);
5322 if (!hci_param) {
5323 BT_ERR("Failed to add connection parameters");
5324 continue;
5325 }
5326
5327 hci_param->conn_min_interval = min;
5328 hci_param->conn_max_interval = max;
5329 hci_param->conn_latency = latency;
5330 hci_param->supervision_timeout = timeout;
5331 }
5332
5333 hci_dev_unlock(hdev);
5334
5335 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5336}
5337
2e3c35ea 5338static const struct mgmt_handler {
04124681
GP		 5339 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5340 u16 data_len);
be22b54e
JH		 5341 bool var_len;
5342 size_t data_len;
0f4e68cf
JH		 5343} mgmt_handlers[] = {
5344 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5345 { read_version, false, MGMT_READ_VERSION_SIZE },
5346 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5347 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5348 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5349 { set_powered, false, MGMT_SETTING_SIZE },
5350 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5351 { set_connectable, false, MGMT_SETTING_SIZE },
5352 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5353 { set_pairable, false, MGMT_SETTING_SIZE },
5354 { set_link_security, false, MGMT_SETTING_SIZE },
5355 { set_ssp, false, MGMT_SETTING_SIZE },
5356 { set_hs, false, MGMT_SETTING_SIZE },
5357 { set_le, false, MGMT_SETTING_SIZE },
5358 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5359 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5360 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5361 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5362 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5363 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5364 { disconnect, false, MGMT_DISCONNECT_SIZE },
5365 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5366 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5367 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5368 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5369 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5370 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5371 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5372 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5373 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5374 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5375 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5376 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5377 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5378 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5379 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5380 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5381 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5382 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5383 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5384 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5385 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5386 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5387 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5388 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5389 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5390 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5391 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5392 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5393 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5394 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5395 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5396 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5397 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5398 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5399 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
0f4e68cf
JH		 5400};
5401
0381101f
JH		 5402int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5403{
650f726d
VCG		 5404 void *buf;
5405 u8 *cp;
0381101f 5406 struct mgmt_hdr *hdr;
4e51eae9 5407 u16 opcode, index, len;
bdb6d971 5408 struct hci_dev *hdev = NULL;
2e3c35ea 5409 const struct mgmt_handler *handler;
0381101f
JH		 5410 int err;
5411
5412 BT_DBG("got %zu bytes", msglen);
5413
5414 if (msglen < sizeof(*hdr))
5415 return -EINVAL;
5416
e63a15ec 5417 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5418 if (!buf)
5419 return -ENOMEM;
5420
5421 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5422 err = -EFAULT;
5423 goto done;
5424 }
5425
650f726d 5426 hdr = buf;
1f350c87
MH		 5427 opcode = __le16_to_cpu(hdr->opcode);
5428 index = __le16_to_cpu(hdr->index);
5429 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5430
5431 if (len != msglen - sizeof(*hdr)) {
5432 err = -EINVAL;
5433 goto done;
5434 }
5435
0f4e68cf 5436 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5437 hdev = hci_dev_get(index);
5438 if (!hdev) {
5439 err = cmd_status(sk, index, opcode,
04124681 5440 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5441 goto done;
5442 }
0736cfa8 5443
cebf4cfd 5444 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4a964404
MH		 5445 test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) ||
5446 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5447 err = cmd_status(sk, index, opcode,
5448 MGMT_STATUS_INVALID_INDEX);
5449 goto done;
5450 }
bdb6d971
JH		 5451 }
5452
0f4e68cf 5453 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5454 mgmt_handlers[opcode].func == NULL) {
0381101f 5455 BT_DBG("Unknown op %u", opcode);
ca69b795 5456 err = cmd_status(sk, index, opcode,
04124681 5457 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5458 goto done;
5459 }
5460
73d1df2a
MH		 5461 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5462 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5463 err = cmd_status(sk, index, opcode,
5464 MGMT_STATUS_INVALID_INDEX);
5465 goto done;
5466 }
5467
5468 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5469 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5470 err = cmd_status(sk, index, opcode,
04124681 5471 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5472 goto done;
0381101f
JH		 5473 }
5474
be22b54e
JH		 5475 handler = &mgmt_handlers[opcode];
5476
5477 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5478 (!handler->var_len && len != handler->data_len)) {
be22b54e 5479 err = cmd_status(sk, index, opcode,
04124681 5480 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5481 goto done;
5482 }
5483
0f4e68cf
JH		 5484 if (hdev)
5485 mgmt_init_hdev(sk, hdev);
5486
5487 cp = buf + sizeof(*hdr);
5488
be22b54e 5489 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5490 if (err < 0)
5491 goto done;
5492
0381101f
JH		 5493 err = msglen;
5494
5495done:
bdb6d971
JH		 5496 if (hdev)
5497 hci_dev_put(hdev);
5498
0381101f
JH		 5499 kfree(buf);
5500 return err;
5501}
c71e97bf 5502
bf6b56db 5503void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5504{
1514b892 5505 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5506 return;
bb4b2a9a 5507
0602a8ad
MH		 5508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5509 return;
5510
5511 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5512 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5513 else
5514 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5515}
5516
bf6b56db 5517void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5518{
5f159032 5519 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5520
1514b892 5521 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5522 return;
bb4b2a9a 5523
0602a8ad
MH		 5524 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5525 return;
5526
744cf19e 5527 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5528
edd3896b
MH		 5529 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5530 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5531 else
5532 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5533}
5534
6046dc3e 5535/* This function requires the caller holds hdev->lock */
d7347f3c 5536static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5537{
5538 struct hci_conn_params *p;
5539
5540 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5541 /* Needed for AUTO_OFF case where might not "really"
5542 * have been powered off.
5543 */
5544 list_del_init(&p->action);
5545
5546 switch (p->auto_connect) {
5547 case HCI_AUTO_CONN_ALWAYS:
5548 list_add(&p->action, &hdev->pend_le_conns);
5549 break;
5550 case HCI_AUTO_CONN_REPORT:
5551 list_add(&p->action, &hdev->pend_le_reports);
5552 break;
5553 default:
5554 break;
c83ed19d 5555 }
6046dc3e 5556 }
c83ed19d 5557
c83ed19d 5558 hci_update_background_scan(hdev);
6046dc3e
AG		 5559}
5560
229ab39c
JH		 5561static void powered_complete(struct hci_dev *hdev, u8 status)
5562{
5563 struct cmd_lookup match = { NULL, hdev };
5564
5565 BT_DBG("status 0x%02x", status);
5566
5567 hci_dev_lock(hdev);
5568
d7347f3c 5569 restart_le_actions(hdev);
6046dc3e 5570
229ab39c
JH		 5571 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5572
5573 new_settings(hdev, match.sk);
5574
5575 hci_dev_unlock(hdev);
5576
5577 if (match.sk)
5578 sock_put(match.sk);
5579}
5580
70da6243 5581static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5582{
890ea898 5583 struct hci_request req;
70da6243 5584 u8 link_sec;
5add6af8 5585
890ea898
JH		 5586 hci_req_init(&req, hdev);
5587
70da6243
JH		 5588 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5589 !lmp_host_ssp_capable(hdev)) {
5590 u8 ssp = 1;
5e5282bb 5591
890ea898 5592 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5593 }
5add6af8 5594
c73eee91
JH		 5595 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5596 lmp_bredr_capable(hdev)) {
70da6243 5597 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5598
70da6243
JH		 5599 cp.le = 1;
5600 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5601
70da6243
JH		 5602 /* Check first if we already have the right
5603 * host state (host features set)
5604 */
5605 if (cp.le != lmp_host_le_capable(hdev) ||
5606 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5607 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5608 sizeof(cp), &cp);
70da6243 5609 }
3d1cbdd6 5610
d13eafce 5611 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5612 /* Make sure the controller has a good default for
5613 * advertising data. This also applies to the case
5614 * where BR/EDR was toggled during the AUTO_OFF phase.
5615 */
f14d8f64 5616 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5617 update_adv_data(&req);
f14d8f64
MH		 5618 update_scan_rsp_data(&req);
5619 }
441ad2d0 5620
bba3aa55
MH		 5621 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5622 enable_advertising(&req);
eeca6f89
JH		 5623 }
5624
70da6243
JH		 5625 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5626 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5627 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5628 sizeof(link_sec), &link_sec);
562fcc24 5629
70da6243 5630 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5631 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5632 set_bredr_scan(&req);
890ea898 5633 update_class(&req);
13928971 5634 update_name(&req);
890ea898 5635 update_eir(&req);
70da6243 5636 }
562fcc24 5637
229ab39c 5638 return hci_req_run(&req, powered_complete);
70da6243 5639}
562fcc24 5640
70da6243
JH		 5641int mgmt_powered(struct hci_dev *hdev, u8 powered)
5642{
5643 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5644 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5645 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5646 int err;
f0ff92fb 5647
70da6243
JH		 5648 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5649 return 0;
5650
70da6243 5651 if (powered) {
229ab39c
JH		 5652 if (powered_update_hci(hdev) == 0)
5653 return 0;
fe038884 5654
229ab39c
JH		 5655 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5656 &match);
5657 goto new_settings;
b24752fe
JH		 5658 }
5659
229ab39c
JH		 5660 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5661 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5662
5663 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5664 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5665 zero_cod, sizeof(zero_cod), NULL);
5666
5667new_settings:
beadb2bd 5668 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5669
5670 if (match.sk)
5671 sock_put(match.sk);
5672
7bb895d6 5673 return err;
5add6af8 5674}
73f22f62 5675
3eec705e 5676void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5677{
5678 struct pending_cmd *cmd;
5679 u8 status;
5680
5681 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5682 if (!cmd)
3eec705e 5683 return;
96570ffc
JH		 5684
5685 if (err == -ERFKILL)
5686 status = MGMT_STATUS_RFKILLED;
5687 else
5688 status = MGMT_STATUS_FAILED;
5689
3eec705e 5690 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5691
5692 mgmt_pending_remove(cmd);
96570ffc
JH		 5693}
5694
d1967ff8
MH		 5695void mgmt_discoverable_timeout(struct hci_dev *hdev)
5696{
5697 struct hci_request req;
d1967ff8
MH		 5698
5699 hci_dev_lock(hdev);
5700
5701 /* When discoverable timeout triggers, then just make sure
5702 * the limited discoverable flag is cleared. Even in the case
5703 * of a timeout triggered from general discoverable, it is
5704 * safe to unconditionally clear the flag.
5705 */
5706 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5707 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5708
5709 hci_req_init(&req, hdev);
4b580614
JH		 5710 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5711 u8 scan = SCAN_PAGE;
5712 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5713 sizeof(scan), &scan);
5714 }
d1967ff8 5715 update_class(&req);
9a43e25f 5716 update_adv_data(&req);
d1967ff8
MH		 5717 hci_req_run(&req, NULL);
5718
5719 hdev->discov_timeout = 0;
5720
9a43e25f
JH		 5721 new_settings(hdev, NULL);
5722
d1967ff8
MH		 5723 hci_dev_unlock(hdev);
5724}
5725
86a75645 5726void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5727{
86a75645 5728 bool changed;
73f22f62 5729
bfaf8c9f
JH		 5730 /* Nothing needed here if there's a pending command since that
5731 * commands request completion callback takes care of everything
5732 * necessary.
5733 */
5734 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5735 return;
bfaf8c9f 5736
bd107999
JH		 5737 /* Powering off may clear the scan mode - don't let that interfere */
5738 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5739 return;
5740
9a43e25f 5741 if (discoverable) {
86a75645 5742 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5743 } else {
5744 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5745 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5746 }
5747
5748 if (changed) {
5749 struct hci_request req;
5750
5751 /* In case this change in discoverable was triggered by
5752 * a disabling of connectable there could be a need to
5753 * update the advertising flags.
5754 */
5755 hci_req_init(&req, hdev);
5756 update_adv_data(&req);
5757 hci_req_run(&req, NULL);
73f22f62 5758
86a75645 5759 new_settings(hdev, NULL);
9a43e25f 5760 }
73f22f62 5761}
9fbcbb45 5762
a330916c 5763void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5764{
a330916c 5765 bool changed;
9fbcbb45 5766
d7b856f9
JH		 5767 /* Nothing needed here if there's a pending command since that
5768 * commands request completion callback takes care of everything
5769 * necessary.
5770 */
5771 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5772 return;
d7b856f9 5773
ce3f24cf
JH		 5774 /* Powering off may clear the scan mode - don't let that interfere */
5775 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5776 return;
5777
a330916c
MH		 5778 if (connectable)
5779 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5780 else
5781 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5782
beadb2bd 5783 if (changed)
a330916c 5784 new_settings(hdev, NULL);
9fbcbb45 5785}
55ed8ca1 5786
778b235a
JH		 5787void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5788{
7c4cfab8
JH		 5789 /* Powering off may stop advertising - don't let that interfere */
5790 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5791 return;
5792
778b235a
JH		 5793 if (advertising)
5794 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5795 else
5796 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5797}
5798
4796e8af 5799void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5800{
ca69b795
JH		 5801 u8 mgmt_err = mgmt_status(status);
5802
2d7cee58 5803 if (scan & SCAN_PAGE)
744cf19e 5804 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5805 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5806
5807 if (scan & SCAN_INQUIRY)
744cf19e 5808 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5809 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5810}
5811
dc4a5ee2
MH		 5812void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5813 bool persistent)
55ed8ca1 5814{
86742e1e 5815 struct mgmt_ev_new_link_key ev;
55ed8ca1 5816
a492cd52 5817 memset(&ev, 0, sizeof(ev));
55ed8ca1 5818
a492cd52 5819 ev.store_hint = persistent;
d753fdc4 5820 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5821 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5822 ev.key.type = key->type;
9b3b4460 5823 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5824 ev.key.pin_len = key->pin_len;
55ed8ca1 5825
dc4a5ee2 5826 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5827}
f7520543 5828
d7b25450
JH		 5829static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5830{
5831 if (ltk->authenticated)
5832 return MGMT_LTK_AUTHENTICATED;
5833
5834 return MGMT_LTK_UNAUTHENTICATED;
5835}
5836
53ac6ab6 5837void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5838{
5839 struct mgmt_ev_new_long_term_key ev;
5840
5841 memset(&ev, 0, sizeof(ev));
5842
5192d301
MH		 5843 /* Devices using resolvable or non-resolvable random addresses
5844 * without providing an indentity resolving key don't require
5845 * to store long term keys. Their addresses will change the
5846 * next time around.
5847 *
5848 * Only when a remote device provides an identity address
5849 * make sure the long term key is stored. If the remote
5850 * identity is known, the long term keys are internally
5851 * mapped to the identity address. So allow static random
5852 * and public addresses here.
5853 */
ba74b666
JH		 5854 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5855 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5856 ev.store_hint = 0x00;
5857 else
53ac6ab6 5858 ev.store_hint = persistent;
ba74b666 5859
346af67b 5860 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5861 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5862 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5863 ev.key.enc_size = key->enc_size;
5864 ev.key.ediv = key->ediv;
fe39c7b2 5865 ev.key.rand = key->rand;
346af67b 5866
2ceba539 5867 if (key->type == SMP_LTK)
346af67b
VCG		 5868 ev.key.master = 1;
5869
346af67b
VCG		 5870 memcpy(ev.key.val, key->val, sizeof(key->val));
5871
083368f7 5872 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5873}
5874
95fbac8a
JH		 5875void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5876{
5877 struct mgmt_ev_new_irk ev;
5878
5879 memset(&ev, 0, sizeof(ev));
5880
bab6d1e5
MH		 5881 /* For identity resolving keys from devices that are already
5882 * using a public address or static random address, do not
5883 * ask for storing this key. The identity resolving key really
5884 * is only mandatory for devices using resovlable random
5885 * addresses.
5886 *
5887 * Storing all identity resolving keys has the downside that
5888 * they will be also loaded on next boot of they system. More
5889 * identity resolving keys, means more time during scanning is
5890 * needed to actually resolve these addresses.
5891 */
5892 if (bacmp(&irk->rpa, BDADDR_ANY))
5893 ev.store_hint = 0x01;
5894 else
5895 ev.store_hint = 0x00;
5896
95fbac8a
JH		 5897 bacpy(&ev.rpa, &irk->rpa);
5898 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
5899 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
5900 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
5901
5902 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
5903}
5904
53ac6ab6
MH		 5905void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
5906 bool persistent)
7ee4ea36
MH		 5907{
5908 struct mgmt_ev_new_csrk ev;
5909
5910 memset(&ev, 0, sizeof(ev));
5911
5912 /* Devices using resolvable or non-resolvable random addresses
5913 * without providing an indentity resolving key don't require
5914 * to store signature resolving keys. Their addresses will change
5915 * the next time around.
5916 *
5917 * Only when a remote device provides an identity address
5918 * make sure the signature resolving key is stored. So allow
5919 * static random and public addresses here.
5920 */
5921 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5922 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
5923 ev.store_hint = 0x00;
5924 else
53ac6ab6 5925 ev.store_hint = persistent;
7ee4ea36
MH		 5926
5927 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
5928 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
5929 ev.key.master = csrk->master;
5930 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
5931
5932 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
5933}
5934
ffb5a827 5935void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 5936 u8 bdaddr_type, u8 store_hint, u16 min_interval,
5937 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 5938{
5939 struct mgmt_ev_new_conn_param ev;
5940
c103aea6
JH		 5941 if (!hci_is_identity_address(bdaddr, bdaddr_type))
5942 return;
5943
ffb5a827
AG		 5944 memset(&ev, 0, sizeof(ev));
5945 bacpy(&ev.addr.bdaddr, bdaddr);
5946 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 5947 ev.store_hint = store_hint;
ffb5a827
AG		 5948 ev.min_interval = cpu_to_le16(min_interval);
5949 ev.max_interval = cpu_to_le16(max_interval);
5950 ev.latency = cpu_to_le16(latency);
5951 ev.timeout = cpu_to_le16(timeout);
5952
5953 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
5954}
5955
94933991
MH		 5956static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5957 u8 data_len)
5958{
5959 eir[eir_len++] = sizeof(type) + data_len;
5960 eir[eir_len++] = type;
5961 memcpy(&eir[eir_len], data, data_len);
5962 eir_len += data_len;
5963
5964 return eir_len;
5965}
5966
ecd90ae7
MH		 5967void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5968 u8 addr_type, u32 flags, u8 *name, u8 name_len,
5969 u8 *dev_class)
f7520543 5970{
b644ba33
JH		 5971 char buf[512];
5972 struct mgmt_ev_device_connected *ev = (void *) buf;
5973 u16 eir_len = 0;
f7520543 5974
b644ba33 5975 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5976 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 5977
c95f0ba7 5978 ev->flags = __cpu_to_le32(flags);
08c79b61 5979
b644ba33
JH		 5980 if (name_len > 0)
5981 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 5982 name, name_len);
b644ba33
JH		 5983
5984 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 5985 eir_len = eir_append_data(ev->eir, eir_len,
04124681 5986 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 5987
eb55ef07 5988 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 5989
ecd90ae7
MH		 5990 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
5991 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 5992}
5993
8962ee74
JH		 5994static void disconnect_rsp(struct pending_cmd *cmd, void *data)
5995{
c68fb7ff 5996 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 5997 struct sock **sk = data;
a38528f1 5998 struct mgmt_rp_disconnect rp;
8962ee74 5999
88c3df13
JH		 6000 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6001 rp.addr.type = cp->addr.type;
8962ee74 6002
aee9b218 6003 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6004 sizeof(rp));
8962ee74
JH		 6005
6006 *sk = cmd->sk;
6007 sock_hold(*sk);
6008
a664b5bc 6009 mgmt_pending_remove(cmd);
8962ee74
JH		 6010}
6011
124f6e35 6012static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6013{
b1078ad0 6014 struct hci_dev *hdev = data;
124f6e35
JH		 6015 struct mgmt_cp_unpair_device *cp = cmd->param;
6016 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6017
6018 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6019 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6020 rp.addr.type = cp->addr.type;
a8a1d19e 6021
b1078ad0
JH		 6022 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6023
aee9b218 6024 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6025
6026 mgmt_pending_remove(cmd);
6027}
6028
9b80ec5e 6029void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6030 u8 link_type, u8 addr_type, u8 reason,
6031 bool mgmt_connected)
f7520543 6032{
f0d6a0ea 6033 struct mgmt_ev_device_disconnected ev;
8b064a3a 6034 struct pending_cmd *power_off;
8962ee74 6035 struct sock *sk = NULL;
8962ee74 6036
8b064a3a
JH		 6037 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6038 if (power_off) {
6039 struct mgmt_mode *cp = power_off->param;
6040
6041 /* The connection is still in hci_conn_hash so test for 1
6042 * instead of 0 to know if this is the last one.
6043 */
a3172b7e
JH		 6044 if (!cp->val && hci_conn_count(hdev) == 1) {
6045 cancel_delayed_work(&hdev->power_off);
8b064a3a 6046 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6047 }
8b064a3a
JH		 6048 }
6049
12d4a3b2
JH		 6050 if (!mgmt_connected)
6051 return;
6052
57eb776f
AG		 6053 if (link_type != ACL_LINK && link_type != LE_LINK)
6054 return;
6055
744cf19e 6056 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6057
f0d6a0ea
MA		 6058 bacpy(&ev.addr.bdaddr, bdaddr);
6059 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6060 ev.reason = reason;
f7520543 6061
9b80ec5e 6062 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6063
6064 if (sk)
d97dcb66 6065 sock_put(sk);
8962ee74 6066
124f6e35 6067 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6068 hdev);
8962ee74
JH		 6069}
6070
7892924c
MH		 6071void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6072 u8 link_type, u8 addr_type, u8 status)
8962ee74 6073{
3655bba8
AG		 6074 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6075 struct mgmt_cp_disconnect *cp;
88c3df13 6076 struct mgmt_rp_disconnect rp;
8962ee74 6077 struct pending_cmd *cmd;
8962ee74 6078
36a75f1b
JD		 6079 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6080 hdev);
6081
2e58ef3e 6082 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6083 if (!cmd)
7892924c 6084 return;
8962ee74 6085
3655bba8
AG		 6086 cp = cmd->param;
6087
6088 if (bacmp(bdaddr, &cp->addr.bdaddr))
6089 return;
6090
6091 if (cp->addr.type != bdaddr_type)
6092 return;
6093
88c3df13 6094 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6095 rp.addr.type = bdaddr_type;
37d9ef76 6096
7892924c
MH		 6097 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6098 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6099
a664b5bc 6100 mgmt_pending_remove(cmd);
f7520543 6101}
17d5c04c 6102
445608d0
MH		 6103void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6104 u8 addr_type, u8 status)
17d5c04c
JH		 6105{
6106 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6107 struct pending_cmd *power_off;
6108
6109 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6110 if (power_off) {
6111 struct mgmt_mode *cp = power_off->param;
6112
6113 /* The connection is still in hci_conn_hash so test for 1
6114 * instead of 0 to know if this is the last one.
6115 */
a3172b7e
JH		 6116 if (!cp->val && hci_conn_count(hdev) == 1) {
6117 cancel_delayed_work(&hdev->power_off);
c9910d0f 6118 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6119 }
c9910d0f 6120 }
17d5c04c 6121
4c659c39 6122 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6123 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6124 ev.status = mgmt_status(status);
17d5c04c 6125
445608d0 6126 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6127}
980e1a53 6128
ce0e4a0d 6129void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6130{
6131 struct mgmt_ev_pin_code_request ev;
6132
d8457698 6133 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6134 ev.addr.type = BDADDR_BREDR;
a770bb5a 6135 ev.secure = secure;
980e1a53 6136
ce0e4a0d 6137 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6138}
6139
e669cf80
MH		 6140void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6141 u8 status)
980e1a53
JH		 6142{
6143 struct pending_cmd *cmd;
ac56fb13 6144 struct mgmt_rp_pin_code_reply rp;
980e1a53 6145
2e58ef3e 6146 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6147 if (!cmd)
e669cf80 6148 return;
980e1a53 6149
d8457698 6150 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6151 rp.addr.type = BDADDR_BREDR;
ac56fb13 6152
e669cf80
MH		 6153 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6154 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6155
a664b5bc 6156 mgmt_pending_remove(cmd);
980e1a53
JH		 6157}
6158
3eb38528
MH		 6159void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6160 u8 status)
980e1a53
JH		 6161{
6162 struct pending_cmd *cmd;
ac56fb13 6163 struct mgmt_rp_pin_code_reply rp;
980e1a53 6164
2e58ef3e 6165 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6166 if (!cmd)
3eb38528 6167 return;
980e1a53 6168
d8457698 6169 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6170 rp.addr.type = BDADDR_BREDR;
ac56fb13 6171
3eb38528
MH		 6172 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6173 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6174
a664b5bc 6175 mgmt_pending_remove(cmd);
980e1a53 6176}
a5c29683 6177
744cf19e 6178int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6179 u8 link_type, u8 addr_type, u32 value,
04124681 6180 u8 confirm_hint)
a5c29683
JH		 6181{
6182 struct mgmt_ev_user_confirm_request ev;
6183
744cf19e 6184 BT_DBG("%s", hdev->name);
a5c29683 6185
272d90df 6186 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6187 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6188 ev.confirm_hint = confirm_hint;
39adbffe 6189 ev.value = cpu_to_le32(value);
a5c29683 6190
744cf19e 6191 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6192 NULL);
a5c29683
JH		 6193}
6194
272d90df 6195int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6196 u8 link_type, u8 addr_type)
604086b7
BG		 6197{
6198 struct mgmt_ev_user_passkey_request ev;
6199
6200 BT_DBG("%s", hdev->name);
6201
272d90df 6202 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6203 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6204
6205 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6206 NULL);
604086b7
BG		 6207}
6208
0df4c185 6209static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6210 u8 link_type, u8 addr_type, u8 status,
6211 u8 opcode)
a5c29683
JH		 6212{
6213 struct pending_cmd *cmd;
6214 struct mgmt_rp_user_confirm_reply rp;
6215 int err;
6216
2e58ef3e 6217 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6218 if (!cmd)
6219 return -ENOENT;
6220
272d90df 6221 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6222 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6223 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6224 &rp, sizeof(rp));
a5c29683 6225
a664b5bc 6226 mgmt_pending_remove(cmd);
a5c29683
JH		 6227
6228 return err;
6229}
6230
744cf19e 6231int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6232 u8 link_type, u8 addr_type, u8 status)
a5c29683 6233{
272d90df 6234 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6235 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6236}
6237
272d90df 6238int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6239 u8 link_type, u8 addr_type, u8 status)
a5c29683 6240{
272d90df 6241 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6242 status,
6243 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6244}
2a611692 6245
604086b7 6246int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6247 u8 link_type, u8 addr_type, u8 status)
604086b7 6248{
272d90df 6249 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6250 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6251}
6252
272d90df 6253int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6254 u8 link_type, u8 addr_type, u8 status)
604086b7 6255{
272d90df 6256 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6257 status,
6258 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6259}
6260
92a25256
JH		 6261int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6262 u8 link_type, u8 addr_type, u32 passkey,
6263 u8 entered)
6264{
6265 struct mgmt_ev_passkey_notify ev;
6266
6267 BT_DBG("%s", hdev->name);
6268
6269 bacpy(&ev.addr.bdaddr, bdaddr);
6270 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6271 ev.passkey = __cpu_to_le32(passkey);
6272 ev.entered = entered;
6273
6274 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6275}
6276
e546099c
MH		 6277void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6278 u8 addr_type, u8 status)
2a611692
JH		 6279{
6280 struct mgmt_ev_auth_failed ev;
6281
bab73cb6 6282 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6283 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6284 ev.status = mgmt_status(status);
2a611692 6285
e546099c 6286 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6287}
b312b161 6288
464996ae 6289void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6290{
6291 struct cmd_lookup match = { NULL, hdev };
464996ae 6292 bool changed;
33ef95ed
JH		 6293
6294 if (status) {
6295 u8 mgmt_err = mgmt_status(status);
6296 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6297 cmd_status_rsp, &mgmt_err);
464996ae 6298 return;
33ef95ed
JH		 6299 }
6300
464996ae
MH		 6301 if (test_bit(HCI_AUTH, &hdev->flags))
6302 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6303 &hdev->dev_flags);
6304 else
6305 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6306 &hdev->dev_flags);
47990ea0 6307
33ef95ed 6308 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6309 &match);
33ef95ed 6310
47990ea0 6311 if (changed)
464996ae 6312 new_settings(hdev, match.sk);
33ef95ed
JH		 6313
6314 if (match.sk)
6315 sock_put(match.sk);
33ef95ed
JH		 6316}
6317
890ea898 6318static void clear_eir(struct hci_request *req)
cacaf52f 6319{
890ea898 6320 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6321 struct hci_cp_write_eir cp;
6322
976eb20e 6323 if (!lmp_ext_inq_capable(hdev))
890ea898 6324 return;
cacaf52f 6325
c80da27e
JH		 6326 memset(hdev->eir, 0, sizeof(hdev->eir));
6327
cacaf52f
JH		 6328 memset(&cp, 0, sizeof(cp));
6329
890ea898 6330 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6331}
6332
3e248560 6333void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6334{
6335 struct cmd_lookup match = { NULL, hdev };
890ea898 6336 struct hci_request req;
c0ecddc2 6337 bool changed = false;
ed2c4ee3
JH		 6338
6339 if (status) {
6340 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6341
6342 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6343 &hdev->dev_flags)) {
6344 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6345 new_settings(hdev, NULL);
9ecb3e24 6346 }
c0ecddc2 6347
04124681
GP		 6348 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6349 &mgmt_err);
3e248560 6350 return;
c0ecddc2
JH		 6351 }
6352
6353 if (enable) {
9ecb3e24 6354 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6355 } else {
9ecb3e24
MH		 6356 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6357 if (!changed)
6358 changed = test_and_clear_bit(HCI_HS_ENABLED,
6359 &hdev->dev_flags);
6360 else
6361 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6362 }
6363
6364 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6365
c0ecddc2 6366 if (changed)
3e248560 6367 new_settings(hdev, match.sk);
ed2c4ee3 6368
5fc6ebb1 6369 if (match.sk)
ed2c4ee3
JH		 6370 sock_put(match.sk);
6371
890ea898
JH		 6372 hci_req_init(&req, hdev);
6373
3769972b
JH		 6374 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6375 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6376 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6377 sizeof(enable), &enable);
890ea898 6378 update_eir(&req);
3769972b 6379 } else {
890ea898 6380 clear_eir(&req);
3769972b 6381 }
890ea898
JH		 6382
6383 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6384}
6385
eac83dc6
MH		 6386void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6387{
6388 struct cmd_lookup match = { NULL, hdev };
6389 bool changed = false;
6390
6391 if (status) {
6392 u8 mgmt_err = mgmt_status(status);
6393
0ab04a9c
MH		 6394 if (enable) {
6395 if (test_and_clear_bit(HCI_SC_ENABLED,
6396 &hdev->dev_flags))
6397 new_settings(hdev, NULL);
6398 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6399 }
eac83dc6
MH		 6400
6401 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6402 cmd_status_rsp, &mgmt_err);
6403 return;
6404 }
6405
0ab04a9c 6406 if (enable) {
eac83dc6 6407 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6408 } else {
eac83dc6 6409 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6410 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6411 }
eac83dc6
MH		 6412
6413 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6414 settings_rsp, &match);
6415
6416 if (changed)
6417 new_settings(hdev, match.sk);
6418
6419 if (match.sk)
6420 sock_put(match.sk);
6421}
6422
92da6097 6423static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6424{
6425 struct cmd_lookup *match = data;
6426
90e70454
JH		 6427 if (match->sk == NULL) {
6428 match->sk = cmd->sk;
6429 sock_hold(match->sk);
6430 }
90e70454
JH		 6431}
6432
4e1b0245
MH		 6433void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6434 u8 status)
7f9a903c 6435{
90e70454 6436 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6437
92da6097
JH		 6438 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6439 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6440 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6441
6442 if (!status)
4e1b0245
MH		 6443 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6444 NULL);
90e70454
JH		 6445
6446 if (match.sk)
6447 sock_put(match.sk);
7f9a903c
MH		 6448}
6449
7667da34 6450void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6451{
b312b161 6452 struct mgmt_cp_set_local_name ev;
13928971 6453 struct pending_cmd *cmd;
28cc7bde 6454
13928971 6455 if (status)
7667da34 6456 return;
b312b161
JH		 6457
6458 memset(&ev, 0, sizeof(ev));
6459 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6460 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6461
2e58ef3e 6462 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6463 if (!cmd) {
6464 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6465
13928971
JH		 6466 /* If this is a HCI command related to powering on the
6467 * HCI dev don't send any mgmt signals.
6468 */
6469 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6470 return;
890ea898 6471 }
b312b161 6472
7667da34
MH		 6473 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6474 cmd ? cmd->sk : NULL);
b312b161 6475}
c35938b2 6476
4d2d2796
MH		 6477void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6478 u8 *randomizer192, u8 *hash256,
6479 u8 *randomizer256, u8 status)
c35938b2
SJ		 6480{
6481 struct pending_cmd *cmd;
c35938b2 6482
744cf19e 6483 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6484
2e58ef3e 6485 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6486 if (!cmd)
3edaf092 6487 return;
c35938b2
SJ		 6488
6489 if (status) {
3edaf092
MH		 6490 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6491 mgmt_status(status));
c35938b2 6492 } else {
4d2d2796
MH		 6493 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6494 hash256 && randomizer256) {
6495 struct mgmt_rp_read_local_oob_ext_data rp;
6496
6497 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6498 memcpy(rp.randomizer192, randomizer192,
6499 sizeof(rp.randomizer192));
c35938b2 6500
4d2d2796
MH		 6501 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6502 memcpy(rp.randomizer256, randomizer256,
6503 sizeof(rp.randomizer256));
c35938b2 6504
4d2d2796
MH		 6505 cmd_complete(cmd->sk, hdev->id,
6506 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6507 &rp, sizeof(rp));
6508 } else {
6509 struct mgmt_rp_read_local_oob_data rp;
6510
6511 memcpy(rp.hash, hash192, sizeof(rp.hash));
6512 memcpy(rp.randomizer, randomizer192,
6513 sizeof(rp.randomizer));
6514
6515 cmd_complete(cmd->sk, hdev->id,
6516 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6517 &rp, sizeof(rp));
6518 }
c35938b2
SJ		 6519 }
6520
6521 mgmt_pending_remove(cmd);
c35938b2 6522}
e17acd40 6523
901801b9 6524void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6525 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6526 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6527{
e319d2e7
JH		 6528 char buf[512];
6529 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6530 struct smp_irk *irk;
1dc06093 6531 size_t ev_size;
e17acd40 6532
75ce208c
JH		 6533 /* Don't send events for a non-kernel initiated discovery. With
6534 * LE one exception is if we have pend_le_reports > 0 in which
6535 * case we're doing passive scanning and want these events.
6536 */
6537 if (!hci_discovery_active(hdev)) {
6538 if (link_type == ACL_LINK)
6539 return;
66f8455a 6540 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6541 return;
6542 }
12602d0c 6543
5d2e9fad
JH		 6544 /* Make sure that the buffer is big enough. The 5 extra bytes
6545 * are for the potential CoD field.
6546 */
6547 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6548 return;
7d262f86 6549
1dc06093
JH		 6550 memset(buf, 0, sizeof(buf));
6551
5cedbb8d
JH		 6552 irk = hci_get_irk(hdev, bdaddr, addr_type);
6553 if (irk) {
6554 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6555 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6556 } else {
6557 bacpy(&ev->addr.bdaddr, bdaddr);
6558 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6559 }
6560
e319d2e7 6561 ev->rssi = rssi;
af58925c 6562 ev->flags = cpu_to_le32(flags);
e17acd40 6563
1dc06093 6564 if (eir_len > 0)
e319d2e7 6565 memcpy(ev->eir, eir, eir_len);
e17acd40 6566
1dc06093
JH		 6567 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6568 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6569 dev_class, 3);
1dc06093 6570
5d2e9fad
JH		 6571 if (scan_rsp_len > 0)
6572 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6573
6574 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6575 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6576
901801b9 6577 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6578}
a88a9652 6579
9cf12aee
MH		 6580void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6581 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6582{
b644ba33
JH		 6583 struct mgmt_ev_device_found *ev;
6584 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6585 u16 eir_len;
a88a9652 6586
b644ba33 6587 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6588
b644ba33
JH		 6589 memset(buf, 0, sizeof(buf));
6590
6591 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6592 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6593 ev->rssi = rssi;
6594
6595 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6596 name_len);
b644ba33 6597
eb55ef07 6598 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6599
9cf12aee 6600 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6601}
314b2381 6602
2f1e063b 6603void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6604{
f963e8e9 6605 struct mgmt_ev_discovering ev;
164a6e78
JH		 6606 struct pending_cmd *cmd;
6607
343fb145
AG		 6608 BT_DBG("%s discovering %u", hdev->name, discovering);
6609
164a6e78 6610 if (discovering)
2e58ef3e 6611 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6612 else
2e58ef3e 6613 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6614
6615 if (cmd != NULL) {
f808e166
JH		 6616 u8 type = hdev->discovery.type;
6617
04124681
GP		 6618 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6619 sizeof(type));
164a6e78
JH		 6620 mgmt_pending_remove(cmd);
6621 }
6622
f963e8e9
JH		 6623 memset(&ev, 0, sizeof(ev));
6624 ev.type = hdev->discovery.type;
6625 ev.discovering = discovering;
6626
2f1e063b 6627 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6628}
5e762444 6629
5976e608
MH		 6630static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6631{
6632 BT_DBG("%s status %u", hdev->name, status);
6633
6634 /* Clear the advertising mgmt setting if we failed to re-enable it */
6635 if (status) {
6636 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6637 new_settings(hdev, NULL);
5976e608
MH		 6638 }
6639}
6640
6641void mgmt_reenable_advertising(struct hci_dev *hdev)
6642{
6643 struct hci_request req;
6644
b145edcd 6645 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6646 return;
6647
6648 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6649 return;
6650
6651 hci_req_init(&req, hdev);
6652 enable_advertising(&req);
6653
6654 /* If this fails we have no option but to let user space know
6655 * that we've disabled advertising.
6656 */
6657 if (hci_req_run(&req, adv_enable_complete) < 0) {
6658 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6659 new_settings(hdev, NULL);
5976e608
MH		 6660 }
6661}
Linux kernel - Deliverables
This page took 1.429935 seconds and 5 git commands to generate.