projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Expose current identity information in debugfs
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
32#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 33
34#include "smp.h"
0381101f 35
2da9c55c 36#define MGMT_VERSION 1
40456644 37#define MGMT_REVISION 5
02d98129 38
e70bb2e8
JH		 39static const u16 mgmt_commands[] = {
40 MGMT_OP_READ_INDEX_LIST,
41 MGMT_OP_READ_INFO,
42 MGMT_OP_SET_POWERED,
43 MGMT_OP_SET_DISCOVERABLE,
44 MGMT_OP_SET_CONNECTABLE,
45 MGMT_OP_SET_FAST_CONNECTABLE,
46 MGMT_OP_SET_PAIRABLE,
47 MGMT_OP_SET_LINK_SECURITY,
48 MGMT_OP_SET_SSP,
49 MGMT_OP_SET_HS,
50 MGMT_OP_SET_LE,
51 MGMT_OP_SET_DEV_CLASS,
52 MGMT_OP_SET_LOCAL_NAME,
53 MGMT_OP_ADD_UUID,
54 MGMT_OP_REMOVE_UUID,
55 MGMT_OP_LOAD_LINK_KEYS,
56 MGMT_OP_LOAD_LONG_TERM_KEYS,
57 MGMT_OP_DISCONNECT,
58 MGMT_OP_GET_CONNECTIONS,
59 MGMT_OP_PIN_CODE_REPLY,
60 MGMT_OP_PIN_CODE_NEG_REPLY,
61 MGMT_OP_SET_IO_CAPABILITY,
62 MGMT_OP_PAIR_DEVICE,
63 MGMT_OP_CANCEL_PAIR_DEVICE,
64 MGMT_OP_UNPAIR_DEVICE,
65 MGMT_OP_USER_CONFIRM_REPLY,
66 MGMT_OP_USER_CONFIRM_NEG_REPLY,
67 MGMT_OP_USER_PASSKEY_REPLY,
68 MGMT_OP_USER_PASSKEY_NEG_REPLY,
69 MGMT_OP_READ_LOCAL_OOB_DATA,
70 MGMT_OP_ADD_REMOTE_OOB_DATA,
71 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
72 MGMT_OP_START_DISCOVERY,
73 MGMT_OP_STOP_DISCOVERY,
74 MGMT_OP_CONFIRM_NAME,
75 MGMT_OP_BLOCK_DEVICE,
76 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 77 MGMT_OP_SET_DEVICE_ID,
4375f103 78 MGMT_OP_SET_ADVERTISING,
0663ca2a 79 MGMT_OP_SET_BREDR,
d13eafce 80 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 81 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 82 MGMT_OP_SET_SECURE_CONN,
4e39ac81 83 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 84 MGMT_OP_SET_PRIVACY,
41edf160 85 MGMT_OP_LOAD_IRKS,
e70bb2e8
JH		 86};
87
88static const u16 mgmt_events[] = {
89 MGMT_EV_CONTROLLER_ERROR,
90 MGMT_EV_INDEX_ADDED,
91 MGMT_EV_INDEX_REMOVED,
92 MGMT_EV_NEW_SETTINGS,
93 MGMT_EV_CLASS_OF_DEV_CHANGED,
94 MGMT_EV_LOCAL_NAME_CHANGED,
95 MGMT_EV_NEW_LINK_KEY,
96 MGMT_EV_NEW_LONG_TERM_KEY,
97 MGMT_EV_DEVICE_CONNECTED,
98 MGMT_EV_DEVICE_DISCONNECTED,
99 MGMT_EV_CONNECT_FAILED,
100 MGMT_EV_PIN_CODE_REQUEST,
101 MGMT_EV_USER_CONFIRM_REQUEST,
102 MGMT_EV_USER_PASSKEY_REQUEST,
103 MGMT_EV_AUTH_FAILED,
104 MGMT_EV_DEVICE_FOUND,
105 MGMT_EV_DISCOVERING,
106 MGMT_EV_DEVICE_BLOCKED,
107 MGMT_EV_DEVICE_UNBLOCKED,
108 MGMT_EV_DEVICE_UNPAIRED,
92a25256 109 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 110 MGMT_EV_NEW_IRK,
e70bb2e8
JH		 111};
112
17b02e62 113#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 114
4b34ee78
JH		 115#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
116 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
117
eec8d2bc
JH		 118struct pending_cmd {
119 struct list_head list;
fc2f4b13 120 u16 opcode;
eec8d2bc 121 int index;
c68fb7ff 122 void *param;
eec8d2bc 123 struct sock *sk;
e9a416b5 124 void *user_data;
eec8d2bc
JH		 125};
126
ca69b795
JH		 127/* HCI to MGMT error code conversion table */
128static u8 mgmt_status_table[] = {
129 MGMT_STATUS_SUCCESS,
130 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
131 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
132 MGMT_STATUS_FAILED, /* Hardware Failure */
133 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
134 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 135 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 136 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
137 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
138 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
139 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
140 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
141 MGMT_STATUS_BUSY, /* Command Disallowed */
142 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
143 MGMT_STATUS_REJECTED, /* Rejected Security */
144 MGMT_STATUS_REJECTED, /* Rejected Personal */
145 MGMT_STATUS_TIMEOUT, /* Host Timeout */
146 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
147 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
148 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
149 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
150 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
151 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
152 MGMT_STATUS_BUSY, /* Repeated Attempts */
153 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
154 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
155 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
156 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
157 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
158 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
159 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
160 MGMT_STATUS_FAILED, /* Unspecified Error */
161 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
162 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
163 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
164 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
165 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
166 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
167 MGMT_STATUS_FAILED, /* Unit Link Key Used */
168 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
169 MGMT_STATUS_TIMEOUT, /* Instant Passed */
170 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
171 MGMT_STATUS_FAILED, /* Transaction Collision */
172 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
173 MGMT_STATUS_REJECTED, /* QoS Rejected */
174 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
175 MGMT_STATUS_REJECTED, /* Insufficient Security */
176 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
177 MGMT_STATUS_BUSY, /* Role Switch Pending */
178 MGMT_STATUS_FAILED, /* Slot Violation */
179 MGMT_STATUS_FAILED, /* Role Switch Failed */
180 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
181 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
182 MGMT_STATUS_BUSY, /* Host Busy Pairing */
183 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
184 MGMT_STATUS_BUSY, /* Controller Busy */
185 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
186 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
187 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
188 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
189 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
190};
191
192static u8 mgmt_status(u8 hci_status)
193{
194 if (hci_status < ARRAY_SIZE(mgmt_status_table))
195 return mgmt_status_table[hci_status];
196
197 return MGMT_STATUS_FAILED;
198}
199
4e51eae9 200static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 201{
202 struct sk_buff *skb;
203 struct mgmt_hdr *hdr;
204 struct mgmt_ev_cmd_status *ev;
56b7d137 205 int err;
f7b64e69 206
34eb525c 207 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 208
790eff44 209 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 210 if (!skb)
211 return -ENOMEM;
212
213 hdr = (void *) skb_put(skb, sizeof(*hdr));
214
612dfce9 215 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 216 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 217 hdr->len = cpu_to_le16(sizeof(*ev));
218
219 ev = (void *) skb_put(skb, sizeof(*ev));
220 ev->status = status;
eb55ef07 221 ev->opcode = cpu_to_le16(cmd);
f7b64e69 222
56b7d137
GP		 223 err = sock_queue_rcv_skb(sk, skb);
224 if (err < 0)
f7b64e69
JH		 225 kfree_skb(skb);
226
56b7d137 227 return err;
f7b64e69
JH		 228}
229
aee9b218 230static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 231 void *rp, size_t rp_len)
02d98129
JH		 232{
233 struct sk_buff *skb;
234 struct mgmt_hdr *hdr;
235 struct mgmt_ev_cmd_complete *ev;
56b7d137 236 int err;
02d98129
JH		 237
238 BT_DBG("sock %p", sk);
239
790eff44 240 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 241 if (!skb)
242 return -ENOMEM;
243
244 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 245
612dfce9 246 hdr->opcode = __constant_cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 247 hdr->index = cpu_to_le16(index);
a38528f1 248 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 249
a38528f1 250 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 251 ev->opcode = cpu_to_le16(cmd);
aee9b218 252 ev->status = status;
8020c16a
SJ		 253
254 if (rp)
255 memcpy(ev->data, rp, rp_len);
02d98129 256
56b7d137
GP		 257 err = sock_queue_rcv_skb(sk, skb);
258 if (err < 0)
02d98129
JH		 259 kfree_skb(skb);
260
e5f0e151 261 return err;
02d98129
JH		 262}
263
04124681
GP		 264static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
265 u16 data_len)
a38528f1
JH		 266{
267 struct mgmt_rp_read_version rp;
268
269 BT_DBG("sock %p", sk);
270
271 rp.version = MGMT_VERSION;
eb55ef07 272 rp.revision = __constant_cpu_to_le16(MGMT_REVISION);
a38528f1 273
aee9b218 274 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 275 sizeof(rp));
a38528f1
JH		 276}
277
04124681
GP		 278static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
279 u16 data_len)
e70bb2e8
JH		 280{
281 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 282 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
283 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 284 __le16 *opcode;
e70bb2e8
JH		 285 size_t rp_size;
286 int i, err;
287
288 BT_DBG("sock %p", sk);
289
290 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
291
292 rp = kmalloc(rp_size, GFP_KERNEL);
293 if (!rp)
294 return -ENOMEM;
295
eb55ef07
MH		 296 rp->num_commands = __constant_cpu_to_le16(num_commands);
297 rp->num_events = __constant_cpu_to_le16(num_events);
e70bb2e8
JH		 298
299 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
300 put_unaligned_le16(mgmt_commands[i], opcode);
301
302 for (i = 0; i < num_events; i++, opcode++)
303 put_unaligned_le16(mgmt_events[i], opcode);
304
aee9b218 305 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 306 rp_size);
e70bb2e8
JH		 307 kfree(rp);
308
309 return err;
310}
311
04124681
GP		 312static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
313 u16 data_len)
faba42eb 314{
faba42eb 315 struct mgmt_rp_read_index_list *rp;
8035ded4 316 struct hci_dev *d;
a38528f1 317 size_t rp_len;
faba42eb 318 u16 count;
476e44cb 319 int err;
faba42eb
JH		 320
321 BT_DBG("sock %p", sk);
322
323 read_lock(&hci_dev_list_lock);
324
325 count = 0;
bb4b2a9a 326 list_for_each_entry(d, &hci_dev_list, list) {
1514b892
MH		 327 if (d->dev_type == HCI_BREDR)
328 count++;
faba42eb
JH		 329 }
330
a38528f1
JH		 331 rp_len = sizeof(*rp) + (2 * count);
332 rp = kmalloc(rp_len, GFP_ATOMIC);
333 if (!rp) {
b2c60d42 334 read_unlock(&hci_dev_list_lock);
faba42eb 335 return -ENOMEM;
b2c60d42 336 }
faba42eb 337
476e44cb 338 count = 0;
8035ded4 339 list_for_each_entry(d, &hci_dev_list, list) {
a8b2d5c2 340 if (test_bit(HCI_SETUP, &d->dev_flags))
ab81cbf9
JH		 341 continue;
342
0736cfa8
MH		 343 if (test_bit(HCI_USER_CHANNEL, &d->dev_flags))
344 continue;
345
1514b892
MH		 346 if (d->dev_type == HCI_BREDR) {
347 rp->index[count++] = cpu_to_le16(d->id);
348 BT_DBG("Added hci%u", d->id);
349 }
faba42eb
JH		 350 }
351
476e44cb
JH		 352 rp->num_controllers = cpu_to_le16(count);
353 rp_len = sizeof(*rp) + (2 * count);
354
faba42eb
JH		 355 read_unlock(&hci_dev_list_lock);
356
aee9b218 357 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 358 rp_len);
faba42eb 359
a38528f1
JH		 360 kfree(rp);
361
362 return err;
faba42eb
JH		 363}
364
69ab39ea
JH		 365static u32 get_supported_settings(struct hci_dev *hdev)
366{
367 u32 settings = 0;
368
369 settings |= MGMT_SETTING_POWERED;
69ab39ea 370 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 371 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 372
ed3fa31f 373 if (lmp_bredr_capable(hdev)) {
33c525c0 374 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 375 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
376 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 377 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 378 settings |= MGMT_SETTING_BREDR;
379 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 380
381 if (lmp_ssp_capable(hdev)) {
382 settings |= MGMT_SETTING_SSP;
383 settings |= MGMT_SETTING_HS;
384 }
e98d2ce2 385
5afeac14
MH		 386 if (lmp_sc_capable(hdev) ||
387 test_bit(HCI_FORCE_SC, &hdev->dev_flags))
e98d2ce2 388 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 389 }
d7b7e796 390
eeca6f89 391 if (lmp_le_capable(hdev)) {
9d42820f 392 settings |= MGMT_SETTING_LE;
eeca6f89 393 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 394 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 395 }
69ab39ea
JH		 396
397 return settings;
398}
399
400static u32 get_current_settings(struct hci_dev *hdev)
401{
402 u32 settings = 0;
403
f1f0eb02 404 if (hdev_is_powered(hdev))
f0d4b78a
MH		 405 settings |= MGMT_SETTING_POWERED;
406
5e5282bb 407 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 408 settings |= MGMT_SETTING_CONNECTABLE;
409
1a4d3c4b
JH		 410 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
411 settings |= MGMT_SETTING_FAST_CONNECTABLE;
412
5e5282bb 413 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 414 settings |= MGMT_SETTING_DISCOVERABLE;
415
a8b2d5c2 416 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 417 settings |= MGMT_SETTING_PAIRABLE;
418
56f87901 419 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 420 settings |= MGMT_SETTING_BREDR;
421
06199cf8 422 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 423 settings |= MGMT_SETTING_LE;
424
47990ea0 425 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 426 settings |= MGMT_SETTING_LINK_SECURITY;
427
84bde9d6 428 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 429 settings |= MGMT_SETTING_SSP;
430
6d80dfd0
JH		 431 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
432 settings |= MGMT_SETTING_HS;
433
f3d3444a 434 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 435 settings |= MGMT_SETTING_ADVERTISING;
436
e98d2ce2
MH		 437 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
438 settings |= MGMT_SETTING_SECURE_CONN;
439
b1de97d8
MH		 440 if (test_bit(HCI_DEBUG_KEYS, &hdev->dev_flags))
441 settings |= MGMT_SETTING_DEBUG_KEYS;
442
0f4bd942
JH		 443 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
444 settings |= MGMT_SETTING_PRIVACY;
445
69ab39ea
JH		 446 return settings;
447}
448
ef580372
JH		 449#define PNP_INFO_SVCLASS_ID 0x1200
450
213202ed
JH		 451static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
452{
453 u8 *ptr = data, *uuids_start = NULL;
454 struct bt_uuid *uuid;
455
456 if (len < 4)
457 return ptr;
458
459 list_for_each_entry(uuid, &hdev->uuids, list) {
460 u16 uuid16;
461
462 if (uuid->size != 16)
463 continue;
464
465 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
466 if (uuid16 < 0x1100)
467 continue;
468
469 if (uuid16 == PNP_INFO_SVCLASS_ID)
470 continue;
471
472 if (!uuids_start) {
473 uuids_start = ptr;
474 uuids_start[0] = 1;
475 uuids_start[1] = EIR_UUID16_ALL;
476 ptr += 2;
477 }
478
479 /* Stop if not enough space to put next UUID */
480 if ((ptr - data) + sizeof(u16) > len) {
481 uuids_start[1] = EIR_UUID16_SOME;
482 break;
483 }
484
485 *ptr++ = (uuid16 & 0x00ff);
486 *ptr++ = (uuid16 & 0xff00) >> 8;
487 uuids_start[0] += sizeof(uuid16);
488 }
489
490 return ptr;
491}
492
cdf1963f
JH		 493static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
494{
495 u8 *ptr = data, *uuids_start = NULL;
496 struct bt_uuid *uuid;
497
498 if (len < 6)
499 return ptr;
500
501 list_for_each_entry(uuid, &hdev->uuids, list) {
502 if (uuid->size != 32)
503 continue;
504
505 if (!uuids_start) {
506 uuids_start = ptr;
507 uuids_start[0] = 1;
508 uuids_start[1] = EIR_UUID32_ALL;
509 ptr += 2;
510 }
511
512 /* Stop if not enough space to put next UUID */
513 if ((ptr - data) + sizeof(u32) > len) {
514 uuids_start[1] = EIR_UUID32_SOME;
515 break;
516 }
517
518 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
519 ptr += sizeof(u32);
520 uuids_start[0] += sizeof(u32);
521 }
522
523 return ptr;
524}
525
c00d575b
JH		 526static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
527{
528 u8 *ptr = data, *uuids_start = NULL;
529 struct bt_uuid *uuid;
530
531 if (len < 18)
532 return ptr;
533
534 list_for_each_entry(uuid, &hdev->uuids, list) {
535 if (uuid->size != 128)
536 continue;
537
538 if (!uuids_start) {
539 uuids_start = ptr;
540 uuids_start[0] = 1;
541 uuids_start[1] = EIR_UUID128_ALL;
542 ptr += 2;
543 }
544
545 /* Stop if not enough space to put next UUID */
546 if ((ptr - data) + 16 > len) {
547 uuids_start[1] = EIR_UUID128_SOME;
548 break;
549 }
550
551 memcpy(ptr, uuid->uuid, 16);
552 ptr += 16;
553 uuids_start[0] += 16;
554 }
555
556 return ptr;
557}
558
eb2a8d20
JH		 559static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
560{
561 struct pending_cmd *cmd;
562
563 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
564 if (cmd->opcode == opcode)
565 return cmd;
566 }
567
568 return NULL;
569}
570
f14d8f64
MH		 571static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
572{
7a5f4990
MH		 573 u8 ad_len = 0;
574 size_t name_len;
575
576 name_len = strlen(hdev->dev_name);
577 if (name_len > 0) {
578 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
579
580 if (name_len > max_len) {
581 name_len = max_len;
582 ptr[1] = EIR_NAME_SHORT;
583 } else
584 ptr[1] = EIR_NAME_COMPLETE;
585
586 ptr[0] = name_len + 1;
587
588 memcpy(ptr + 2, hdev->dev_name, name_len);
589
590 ad_len += (name_len + 2);
591 ptr += (name_len + 2);
592 }
593
594 return ad_len;
f14d8f64
MH		 595}
596
597static void update_scan_rsp_data(struct hci_request *req)
598{
599 struct hci_dev *hdev = req->hdev;
600 struct hci_cp_le_set_scan_rsp_data cp;
601 u8 len;
602
7751ef1b 603 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 604 return;
605
606 memset(&cp, 0, sizeof(cp));
607
608 len = create_scan_rsp_data(hdev, cp.data);
609
eb438b5f
JH		 610 if (hdev->scan_rsp_data_len == len &&
611 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 612 return;
613
eb438b5f
JH		 614 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
615 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 616
617 cp.length = len;
618
619 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
620}
621
9a43e25f
JH		 622static u8 get_adv_discov_flags(struct hci_dev *hdev)
623{
624 struct pending_cmd *cmd;
625
626 /* If there's a pending mgmt command the flags will not yet have
627 * their final values, so check for this first.
628 */
629 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
630 if (cmd) {
631 struct mgmt_mode *cp = cmd->param;
632 if (cp->val == 0x01)
633 return LE_AD_GENERAL;
634 else if (cp->val == 0x02)
635 return LE_AD_LIMITED;
636 } else {
637 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
638 return LE_AD_LIMITED;
639 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
640 return LE_AD_GENERAL;
641 }
642
643 return 0;
644}
645
46cad2ed 646static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 647{
648 u8 ad_len = 0, flags = 0;
441ad2d0 649
9a43e25f 650 flags |= get_adv_discov_flags(hdev);
441ad2d0 651
e834004b 652 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 653 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 654
655 if (flags) {
656 BT_DBG("adv flags 0x%02x", flags);
657
658 ptr[0] = 2;
659 ptr[1] = EIR_FLAGS;
660 ptr[2] = flags;
661
662 ad_len += 3;
663 ptr += 3;
664 }
665
666 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
667 ptr[0] = 2;
668 ptr[1] = EIR_TX_POWER;
669 ptr[2] = (u8) hdev->adv_tx_power;
670
671 ad_len += 3;
672 ptr += 3;
673 }
674
441ad2d0
MH		 675 return ad_len;
676}
677
5947f4bc 678static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 679{
680 struct hci_dev *hdev = req->hdev;
681 struct hci_cp_le_set_adv_data cp;
682 u8 len;
683
10994ce6 684 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 685 return;
686
687 memset(&cp, 0, sizeof(cp));
688
46cad2ed 689 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 690
691 if (hdev->adv_data_len == len &&
692 memcmp(cp.data, hdev->adv_data, len) == 0)
693 return;
694
695 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
696 hdev->adv_data_len = len;
697
698 cp.length = len;
699
700 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
701}
702
ef580372
JH		 703static void create_eir(struct hci_dev *hdev, u8 *data)
704{
705 u8 *ptr = data;
ef580372
JH		 706 size_t name_len;
707
708 name_len = strlen(hdev->dev_name);
709
710 if (name_len > 0) {
711 /* EIR Data type */
712 if (name_len > 48) {
713 name_len = 48;
714 ptr[1] = EIR_NAME_SHORT;
715 } else
716 ptr[1] = EIR_NAME_COMPLETE;
717
718 /* EIR Data length */
719 ptr[0] = name_len + 1;
720
721 memcpy(ptr + 2, hdev->dev_name, name_len);
722
ef580372
JH		 723 ptr += (name_len + 2);
724 }
725
bbaf444a 726 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 727 ptr[0] = 2;
728 ptr[1] = EIR_TX_POWER;
729 ptr[2] = (u8) hdev->inq_tx_power;
730
91c4e9b1
MH		 731 ptr += 3;
732 }
733
2b9be137
MH		 734 if (hdev->devid_source > 0) {
735 ptr[0] = 9;
736 ptr[1] = EIR_DEVICE_ID;
737
738 put_unaligned_le16(hdev->devid_source, ptr + 2);
739 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
740 put_unaligned_le16(hdev->devid_product, ptr + 6);
741 put_unaligned_le16(hdev->devid_version, ptr + 8);
742
2b9be137
MH		 743 ptr += 10;
744 }
745
213202ed 746 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 747 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 748 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 749}
750
890ea898 751static void update_eir(struct hci_request *req)
ef580372 752{
890ea898 753 struct hci_dev *hdev = req->hdev;
ef580372
JH		 754 struct hci_cp_write_eir cp;
755
504c8dcd 756 if (!hdev_is_powered(hdev))
890ea898 757 return;
7770c4aa 758
976eb20e 759 if (!lmp_ext_inq_capable(hdev))
890ea898 760 return;
ef580372 761
84bde9d6 762 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 763 return;
ef580372 764
a8b2d5c2 765 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 766 return;
ef580372
JH		 767
768 memset(&cp, 0, sizeof(cp));
769
770 create_eir(hdev, cp.data);
771
772 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 773 return;
ef580372
JH		 774
775 memcpy(hdev->eir, cp.data, sizeof(cp.data));
776
890ea898 777 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 778}
779
780static u8 get_service_classes(struct hci_dev *hdev)
781{
782 struct bt_uuid *uuid;
783 u8 val = 0;
784
785 list_for_each_entry(uuid, &hdev->uuids, list)
786 val |= uuid->svc_hint;
787
788 return val;
789}
790
890ea898 791static void update_class(struct hci_request *req)
ef580372 792{
890ea898 793 struct hci_dev *hdev = req->hdev;
ef580372
JH		 794 u8 cod[3];
795
796 BT_DBG("%s", hdev->name);
797
504c8dcd 798 if (!hdev_is_powered(hdev))
890ea898 799 return;
7770c4aa 800
f87ea1da
JH		 801 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
802 return;
803
a8b2d5c2 804 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 805 return;
ef580372
JH		 806
807 cod[0] = hdev->minor_class;
808 cod[1] = hdev->major_class;
809 cod[2] = get_service_classes(hdev);
810
6acd7db4
MH		 811 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
812 cod[1] |= 0x20;
813
ef580372 814 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 815 return;
ef580372 816
890ea898 817 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 818}
819
199a2fb1
JH		 820static u8 get_adv_type(struct hci_dev *hdev)
821{
822 struct pending_cmd *cmd;
823 bool connectable;
824
825 /* If there's a pending mgmt command the flag will not yet have
826 * it's final value, so check for this first.
827 */
828 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
829 if (cmd) {
830 struct mgmt_mode *cp = cmd->param;
831 connectable = !!cp->val;
832 } else {
833 connectable = test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
834 }
835
836 return connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
837}
838
839static void enable_advertising(struct hci_request *req)
840{
841 struct hci_dev *hdev = req->hdev;
842 struct hci_cp_le_set_adv_param cp;
8f2a0601 843 u8 own_addr_type, enable = 0x01;
199a2fb1
JH		 844
845 memset(&cp, 0, sizeof(cp));
8f2a0601
JH		 846
847 if (hci_update_random_address(req, &own_addr_type) < 0)
848 return;
849
199a2fb1
JH		 850 cp.min_interval = __constant_cpu_to_le16(0x0800);
851 cp.max_interval = __constant_cpu_to_le16(0x0800);
852 cp.type = get_adv_type(hdev);
8f2a0601 853 cp.own_address_type = own_addr_type;
199a2fb1
JH		 854 cp.channel_map = hdev->le_adv_channel_map;
855
856 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
857
858 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
859}
860
861static void disable_advertising(struct hci_request *req)
862{
863 u8 enable = 0x00;
864
865 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
866}
867
7d78525d
JH		 868static void service_cache_off(struct work_struct *work)
869{
870 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 871 service_cache.work);
890ea898 872 struct hci_request req;
7d78525d 873
a8b2d5c2 874 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 875 return;
876
890ea898
JH		 877 hci_req_init(&req, hdev);
878
7d78525d
JH		 879 hci_dev_lock(hdev);
880
890ea898
JH		 881 update_eir(&req);
882 update_class(&req);
7d78525d
JH		 883
884 hci_dev_unlock(hdev);
890ea898
JH		 885
886 hci_req_run(&req, NULL);
7d78525d
JH		 887}
888
d6bfd59c
JH		 889static void rpa_expired(struct work_struct *work)
890{
891 struct hci_dev *hdev = container_of(work, struct hci_dev,
892 rpa_expired.work);
893 struct hci_request req;
894
895 BT_DBG("");
896
897 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
898
899 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
900 hci_conn_num(hdev, LE_LINK) > 0)
901 return;
902
903 /* The generation of a new RPA and programming it into the
904 * controller happens in the enable_advertising() function.
905 */
906
907 hci_req_init(&req, hdev);
908
909 disable_advertising(&req);
910 enable_advertising(&req);
911
912 hci_req_run(&req, NULL);
913}
914
6a919082 915static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 916{
4f87da80 917 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 918 return;
919
4f87da80 920 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 921 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 922
4f87da80
JH		 923 /* Non-mgmt controlled devices get this bit set
924 * implicitly so that pairing works for them, however
925 * for mgmt we require user-space to explicitly enable
926 * it
927 */
928 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 929}
930
0f4e68cf 931static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 932 void *data, u16 data_len)
0381101f 933{
a38528f1 934 struct mgmt_rp_read_info rp;
f7b64e69 935
bdb6d971 936 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 937
09fd0de5 938 hci_dev_lock(hdev);
f7b64e69 939
dc4fe30b
JH		 940 memset(&rp, 0, sizeof(rp));
941
69ab39ea 942 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 943
69ab39ea 944 rp.version = hdev->hci_ver;
eb55ef07 945 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 946
947 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
948 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 949
a38528f1 950 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 951
dc4fe30b 952 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 953 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 954
09fd0de5 955 hci_dev_unlock(hdev);
0381101f 956
bdb6d971 957 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 958 sizeof(rp));
0381101f
JH		 959}
960
eec8d2bc
JH		 961static void mgmt_pending_free(struct pending_cmd *cmd)
962{
963 sock_put(cmd->sk);
c68fb7ff 964 kfree(cmd->param);
eec8d2bc
JH		 965 kfree(cmd);
966}
967
366a0336 968static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 969 struct hci_dev *hdev, void *data,
970 u16 len)
eec8d2bc
JH		 971{
972 struct pending_cmd *cmd;
973
12b94565 974 cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 975 if (!cmd)
366a0336 976 return NULL;
eec8d2bc
JH		 977
978 cmd->opcode = opcode;
2e58ef3e 979 cmd->index = hdev->id;
eec8d2bc 980
12b94565 981 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 982 if (!cmd->param) {
eec8d2bc 983 kfree(cmd);
366a0336 984 return NULL;
eec8d2bc
JH		 985 }
986
8fce6357
SJ		 987 if (data)
988 memcpy(cmd->param, data, len);
eec8d2bc
JH		 989
990 cmd->sk = sk;
991 sock_hold(sk);
992
2e58ef3e 993 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 994
366a0336 995 return cmd;
eec8d2bc
JH		 996}
997
744cf19e 998static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 999 void (*cb)(struct pending_cmd *cmd,
1000 void *data),
04124681 1001 void *data)
eec8d2bc 1002{
a3d09356 1003 struct pending_cmd *cmd, *tmp;
eec8d2bc 1004
a3d09356 1005 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1006 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1007 continue;
1008
eec8d2bc
JH		 1009 cb(cmd, data);
1010 }
1011}
1012
a664b5bc 1013static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1014{
73f22f62
JH		 1015 list_del(&cmd->list);
1016 mgmt_pending_free(cmd);
1017}
1018
69ab39ea 1019static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1020{
69ab39ea 1021 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1022
aee9b218 1023 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1024 sizeof(settings));
8680570b
JH		 1025}
1026
bdb6d971 1027static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1028 u16 len)
eec8d2bc 1029{
650f726d 1030 struct mgmt_mode *cp = data;
366a0336 1031 struct pending_cmd *cmd;
4b34ee78 1032 int err;
eec8d2bc 1033
bdb6d971 1034 BT_DBG("request for %s", hdev->name);
eec8d2bc 1035
a7e80f25
JH		 1036 if (cp->val != 0x00 && cp->val != 0x01)
1037 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1038 MGMT_STATUS_INVALID_PARAMS);
1039
09fd0de5 1040 hci_dev_lock(hdev);
eec8d2bc 1041
87b95ba6
JH		 1042 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1043 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1044 MGMT_STATUS_BUSY);
1045 goto failed;
1046 }
1047
f0d4b78a
MH		 1048 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1049 cancel_delayed_work(&hdev->power_off);
1050
1051 if (cp->val) {
a1d70450
JH		 1052 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1053 data, len);
1054 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1055 goto failed;
1056 }
1057 }
1058
4b34ee78 1059 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1060 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1061 goto failed;
1062 }
1063
2e58ef3e 1064 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1065 if (!cmd) {
1066 err = -ENOMEM;
eec8d2bc 1067 goto failed;
366a0336 1068 }
eec8d2bc 1069
72a734ec 1070 if (cp->val)
19202573 1071 queue_work(hdev->req_workqueue, &hdev->power_on);
eec8d2bc 1072 else
19202573 1073 queue_work(hdev->req_workqueue, &hdev->power_off.work);
eec8d2bc 1074
366a0336 1075 err = 0;
eec8d2bc
JH		 1076
1077failed:
09fd0de5 1078 hci_dev_unlock(hdev);
366a0336 1079 return err;
eec8d2bc
JH		 1080}
1081
04124681
GP		 1082static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
1083 struct sock *skip_sk)
beadb2bd
JH		 1084{
1085 struct sk_buff *skb;
1086 struct mgmt_hdr *hdr;
1087
790eff44 1088 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
beadb2bd
JH		 1089 if (!skb)
1090 return -ENOMEM;
1091
1092 hdr = (void *) skb_put(skb, sizeof(*hdr));
1093 hdr->opcode = cpu_to_le16(event);
1094 if (hdev)
1095 hdr->index = cpu_to_le16(hdev->id);
1096 else
612dfce9 1097 hdr->index = __constant_cpu_to_le16(MGMT_INDEX_NONE);
beadb2bd
JH		 1098 hdr->len = cpu_to_le16(data_len);
1099
1100 if (data)
1101 memcpy(skb_put(skb, data_len), data, data_len);
1102
97e0bdeb
MH		 1103 /* Time stamp */
1104 __net_timestamp(skb);
1105
beadb2bd
JH		 1106 hci_send_to_control(skb, skip_sk);
1107 kfree_skb(skb);
1108
1109 return 0;
1110}
1111
1112static int new_settings(struct hci_dev *hdev, struct sock *skip)
1113{
1114 __le32 ev;
1115
1116 ev = cpu_to_le32(get_current_settings(hdev));
1117
1118 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1119}
1120
bd99abdd
JH		 1121struct cmd_lookup {
1122 struct sock *sk;
1123 struct hci_dev *hdev;
1124 u8 mgmt_status;
1125};
1126
1127static void settings_rsp(struct pending_cmd *cmd, void *data)
1128{
1129 struct cmd_lookup *match = data;
1130
1131 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1132
1133 list_del(&cmd->list);
1134
1135 if (match->sk == NULL) {
1136 match->sk = cmd->sk;
1137 sock_hold(match->sk);
1138 }
1139
1140 mgmt_pending_free(cmd);
1141}
1142
1143static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1144{
1145 u8 *status = data;
1146
1147 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1148 mgmt_pending_remove(cmd);
1149}
1150
e6fe7986
JH		 1151static u8 mgmt_bredr_support(struct hci_dev *hdev)
1152{
1153 if (!lmp_bredr_capable(hdev))
1154 return MGMT_STATUS_NOT_SUPPORTED;
1155 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1156 return MGMT_STATUS_REJECTED;
1157 else
1158 return MGMT_STATUS_SUCCESS;
1159}
1160
1161static u8 mgmt_le_support(struct hci_dev *hdev)
1162{
1163 if (!lmp_le_capable(hdev))
1164 return MGMT_STATUS_NOT_SUPPORTED;
1165 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1166 return MGMT_STATUS_REJECTED;
1167 else
1168 return MGMT_STATUS_SUCCESS;
1169}
1170
bfaf8c9f
JH		 1171static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1172{
1173 struct pending_cmd *cmd;
1174 struct mgmt_mode *cp;
970ba524 1175 struct hci_request req;
bfaf8c9f
JH		 1176 bool changed;
1177
1178 BT_DBG("status 0x%02x", status);
1179
1180 hci_dev_lock(hdev);
1181
1182 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1183 if (!cmd)
1184 goto unlock;
1185
1186 if (status) {
1187 u8 mgmt_err = mgmt_status(status);
1188 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1189 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1190 goto remove_cmd;
1191 }
1192
1193 cp = cmd->param;
d4462a07 1194 if (cp->val) {
bfaf8c9f
JH		 1195 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1196 &hdev->dev_flags);
d4462a07
MH		 1197
1198 if (hdev->discov_timeout > 0) {
1199 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1200 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1201 to);
1202 }
1203 } else {
bfaf8c9f
JH		 1204 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1205 &hdev->dev_flags);
d4462a07 1206 }
bfaf8c9f
JH		 1207
1208 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1209
1210 if (changed)
1211 new_settings(hdev, cmd->sk);
1212
970ba524
MH		 1213 /* When the discoverable mode gets changed, make sure
1214 * that class of device has the limited discoverable
1215 * bit correctly set.
1216 */
1217 hci_req_init(&req, hdev);
1218 update_class(&req);
1219 hci_req_run(&req, NULL);
1220
bfaf8c9f
JH		 1221remove_cmd:
1222 mgmt_pending_remove(cmd);
1223
1224unlock:
1225 hci_dev_unlock(hdev);
1226}
1227
bdb6d971 1228static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1229 u16 len)
73f22f62 1230{
650f726d 1231 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1232 struct pending_cmd *cmd;
bfaf8c9f 1233 struct hci_request req;
5e5282bb 1234 u16 timeout;
9a43e25f 1235 u8 scan;
73f22f62
JH		 1236 int err;
1237
bdb6d971 1238 BT_DBG("request for %s", hdev->name);
73f22f62 1239
9a43e25f
JH		 1240 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1241 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1242 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1243 MGMT_STATUS_REJECTED);
33c525c0 1244
310a3d48 1245 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1246 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1247 MGMT_STATUS_INVALID_PARAMS);
1248
1f350c87 1249 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1250
1251 /* Disabling discoverable requires that no timeout is set,
1252 * and enabling limited discoverable requires a timeout.
1253 */
1254 if ((cp->val == 0x00 && timeout > 0) ||
1255 (cp->val == 0x02 && timeout == 0))
bdb6d971 1256 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1257 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1258
09fd0de5 1259 hci_dev_lock(hdev);
73f22f62 1260
5e5282bb 1261 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1262 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1263 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1264 goto failed;
1265 }
1266
2e58ef3e 1267 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1268 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1269 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1270 MGMT_STATUS_BUSY);
73f22f62
JH		 1271 goto failed;
1272 }
1273
5e5282bb 1274 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1275 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1276 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1277 goto failed;
1278 }
1279
1280 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1281 bool changed = false;
1282
310a3d48
MH		 1283 /* Setting limited discoverable when powered off is
1284 * not a valid operation since it requires a timeout
1285 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1286 */
0224d2fa
JH		 1287 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1288 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1289 changed = true;
1290 }
1291
5e5282bb 1292 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1293 if (err < 0)
1294 goto failed;
1295
1296 if (changed)
1297 err = new_settings(hdev, sk);
1298
5e5282bb
JH		 1299 goto failed;
1300 }
1301
310a3d48
MH		 1302 /* If the current mode is the same, then just update the timeout
1303 * value with the new value. And if only the timeout gets updated,
1304 * then no need for any HCI transactions.
1305 */
1306 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1307 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1308 &hdev->dev_flags)) {
36261547
MH		 1309 cancel_delayed_work(&hdev->discov_off);
1310 hdev->discov_timeout = timeout;
955638ec 1311
36261547
MH		 1312 if (cp->val && hdev->discov_timeout > 0) {
1313 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1314 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1315 to);
955638ec
MH		 1316 }
1317
69ab39ea 1318 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1319 goto failed;
1320 }
1321
2e58ef3e 1322 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1323 if (!cmd) {
1324 err = -ENOMEM;
73f22f62 1325 goto failed;
366a0336 1326 }
73f22f62 1327
310a3d48
MH		 1328 /* Cancel any potential discoverable timeout that might be
1329 * still active and store new timeout value. The arming of
1330 * the timeout happens in the complete handler.
1331 */
1332 cancel_delayed_work(&hdev->discov_off);
1333 hdev->discov_timeout = timeout;
1334
b456f87c
JH		 1335 /* Limited discoverable mode */
1336 if (cp->val == 0x02)
1337 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1338 else
1339 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1340
bfaf8c9f
JH		 1341 hci_req_init(&req, hdev);
1342
9a43e25f
JH		 1343 /* The procedure for LE-only controllers is much simpler - just
1344 * update the advertising data.
1345 */
1346 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1347 goto update_ad;
1348
73f22f62
JH		 1349 scan = SCAN_PAGE;
1350
310a3d48
MH		 1351 if (cp->val) {
1352 struct hci_cp_write_current_iac_lap hci_cp;
1353
1354 if (cp->val == 0x02) {
1355 /* Limited discoverable mode */
33337dcb 1356 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1357 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1358 hci_cp.iac_lap[1] = 0x8b;
1359 hci_cp.iac_lap[2] = 0x9e;
1360 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1361 hci_cp.iac_lap[4] = 0x8b;
1362 hci_cp.iac_lap[5] = 0x9e;
1363 } else {
1364 /* General discoverable mode */
310a3d48
MH		 1365 hci_cp.num_iac = 1;
1366 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1367 hci_cp.iac_lap[1] = 0x8b;
1368 hci_cp.iac_lap[2] = 0x9e;
1369 }
1370
1371 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1372 (hci_cp.num_iac * 3) + 1, &hci_cp);
1373
73f22f62 1374 scan |= SCAN_INQUIRY;
310a3d48
MH		 1375 } else {
1376 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1377 }
73f22f62 1378
310a3d48 1379 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1380
9a43e25f
JH		 1381update_ad:
1382 update_adv_data(&req);
1383
bfaf8c9f 1384 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1385 if (err < 0)
a664b5bc 1386 mgmt_pending_remove(cmd);
73f22f62
JH		 1387
1388failed:
09fd0de5 1389 hci_dev_unlock(hdev);
73f22f62
JH		 1390 return err;
1391}
1392
406d7804
JH		 1393static void write_fast_connectable(struct hci_request *req, bool enable)
1394{
bd98b996 1395 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1396 struct hci_cp_write_page_scan_activity acp;
1397 u8 type;
1398
547003b1
JH		 1399 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1400 return;
1401
4c01f8b8
JH		 1402 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1403 return;
1404
406d7804
JH		 1405 if (enable) {
1406 type = PAGE_SCAN_TYPE_INTERLACED;
1407
1408 /* 160 msec page scan interval */
1409 acp.interval = __constant_cpu_to_le16(0x0100);
1410 } else {
1411 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1412
1413 /* default 1.28 sec page scan */
1414 acp.interval = __constant_cpu_to_le16(0x0800);
1415 }
1416
1417 acp.window = __constant_cpu_to_le16(0x0012);
1418
bd98b996
JH		 1419 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1420 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1421 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1422 sizeof(acp), &acp);
1423
1424 if (hdev->page_scan_type != type)
1425 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1426}
1427
2b76f453
JH		 1428static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1429{
1430 struct pending_cmd *cmd;
d7b856f9
JH		 1431 struct mgmt_mode *cp;
1432 bool changed;
2b76f453
JH		 1433
1434 BT_DBG("status 0x%02x", status);
1435
1436 hci_dev_lock(hdev);
1437
1438 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1439 if (!cmd)
1440 goto unlock;
1441
37438c1f
JH		 1442 if (status) {
1443 u8 mgmt_err = mgmt_status(status);
1444 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1445 goto remove_cmd;
1446 }
1447
d7b856f9
JH		 1448 cp = cmd->param;
1449 if (cp->val)
1450 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1451 else
1452 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1453
2b76f453
JH		 1454 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1455
d7b856f9
JH		 1456 if (changed)
1457 new_settings(hdev, cmd->sk);
1458
37438c1f 1459remove_cmd:
2b76f453
JH		 1460 mgmt_pending_remove(cmd);
1461
1462unlock:
1463 hci_dev_unlock(hdev);
1464}
1465
e8ba3a1f
JH		 1466static int set_connectable_update_settings(struct hci_dev *hdev,
1467 struct sock *sk, u8 val)
1468{
1469 bool changed = false;
1470 int err;
1471
1472 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1473 changed = true;
1474
1475 if (val) {
1476 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1477 } else {
1478 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1479 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1480 }
1481
1482 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1483 if (err < 0)
1484 return err;
1485
1486 if (changed)
1487 return new_settings(hdev, sk);
1488
1489 return 0;
1490}
1491
bdb6d971 1492static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1493 u16 len)
9fbcbb45 1494{
650f726d 1495 struct mgmt_mode *cp = data;
366a0336 1496 struct pending_cmd *cmd;
2b76f453 1497 struct hci_request req;
1987fdc7 1498 u8 scan;
9fbcbb45
JH		 1499 int err;
1500
bdb6d971 1501 BT_DBG("request for %s", hdev->name);
9fbcbb45 1502
1987fdc7
JH		 1503 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1504 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1505 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1506 MGMT_STATUS_REJECTED);
33c525c0 1507
a7e80f25
JH		 1508 if (cp->val != 0x00 && cp->val != 0x01)
1509 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1510 MGMT_STATUS_INVALID_PARAMS);
1511
09fd0de5 1512 hci_dev_lock(hdev);
9fbcbb45 1513
4b34ee78 1514 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1515 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1516 goto failed;
1517 }
1518
2e58ef3e 1519 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1520 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1521 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1522 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1523 goto failed;
1524 }
1525
2e58ef3e 1526 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1527 if (!cmd) {
1528 err = -ENOMEM;
9fbcbb45 1529 goto failed;
366a0336 1530 }
9fbcbb45 1531
9b74246f 1532 hci_req_init(&req, hdev);
9fbcbb45 1533
9a43e25f
JH		 1534 /* If BR/EDR is not enabled and we disable advertising as a
1535 * by-product of disabling connectable, we need to update the
1536 * advertising flags.
1537 */
1538 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1539 if (!cp->val) {
1540 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1541 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1542 }
1543 update_adv_data(&req);
1544 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1545 if (cp->val) {
1546 scan = SCAN_PAGE;
1547 } else {
1548 scan = 0;
1549
1550 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1551 hdev->discov_timeout > 0)
9b74246f
JH		 1552 cancel_delayed_work(&hdev->discov_off);
1553 }
2b76f453 1554
9b74246f
JH		 1555 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1556 }
2b76f453 1557
4c01f8b8
JH		 1558 /* If we're going from non-connectable to connectable or
1559 * vice-versa when fast connectable is enabled ensure that fast
1560 * connectable gets disabled. write_fast_connectable won't do
1561 * anything if the page scan parameters are already what they
1562 * should be.
1563 */
1564 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1565 write_fast_connectable(&req, false);
1566
1987fdc7
JH		 1567 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1568 hci_conn_num(hdev, LE_LINK) == 0) {
1569 disable_advertising(&req);
1570 enable_advertising(&req);
1571 }
1572
2b76f453 1573 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1574 if (err < 0) {
a664b5bc 1575 mgmt_pending_remove(cmd);
9b74246f 1576 if (err == -ENODATA)
a81070ba
JH		 1577 err = set_connectable_update_settings(hdev, sk,
1578 cp->val);
9b74246f
JH		 1579 goto failed;
1580 }
9fbcbb45
JH		 1581
1582failed:
09fd0de5 1583 hci_dev_unlock(hdev);
9fbcbb45
JH		 1584 return err;
1585}
1586
bdb6d971 1587static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1588 u16 len)
c542a06c 1589{
650f726d 1590 struct mgmt_mode *cp = data;
55594356 1591 bool changed;
c542a06c
JH		 1592 int err;
1593
bdb6d971 1594 BT_DBG("request for %s", hdev->name);
c542a06c 1595
a7e80f25
JH		 1596 if (cp->val != 0x00 && cp->val != 0x01)
1597 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1598 MGMT_STATUS_INVALID_PARAMS);
1599
09fd0de5 1600 hci_dev_lock(hdev);
c542a06c
JH		 1601
1602 if (cp->val)
55594356 1603 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1604 else
55594356 1605 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1606
69ab39ea 1607 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1608 if (err < 0)
55594356 1609 goto unlock;
c542a06c 1610
55594356
MH		 1611 if (changed)
1612 err = new_settings(hdev, sk);
c542a06c 1613
55594356 1614unlock:
09fd0de5 1615 hci_dev_unlock(hdev);
c542a06c
JH		 1616 return err;
1617}
1618
04124681
GP		 1619static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1620 u16 len)
33ef95ed
JH		 1621{
1622 struct mgmt_mode *cp = data;
1623 struct pending_cmd *cmd;
e6fe7986 1624 u8 val, status;
33ef95ed
JH		 1625 int err;
1626
bdb6d971 1627 BT_DBG("request for %s", hdev->name);
33ef95ed 1628
e6fe7986
JH		 1629 status = mgmt_bredr_support(hdev);
1630 if (status)
33c525c0 1631 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1632 status);
33c525c0 1633
a7e80f25
JH		 1634 if (cp->val != 0x00 && cp->val != 0x01)
1635 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1636 MGMT_STATUS_INVALID_PARAMS);
1637
33ef95ed
JH		 1638 hci_dev_lock(hdev);
1639
4b34ee78 1640 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1641 bool changed = false;
1642
1643 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1644 &hdev->dev_flags)) {
47990ea0
JH		 1645 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1646 changed = true;
1647 }
1648
1649 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1650 if (err < 0)
1651 goto failed;
1652
1653 if (changed)
1654 err = new_settings(hdev, sk);
1655
33ef95ed
JH		 1656 goto failed;
1657 }
1658
1659 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1660 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1661 MGMT_STATUS_BUSY);
33ef95ed
JH		 1662 goto failed;
1663 }
1664
1665 val = !!cp->val;
1666
1667 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1668 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1669 goto failed;
1670 }
1671
1672 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1673 if (!cmd) {
1674 err = -ENOMEM;
1675 goto failed;
1676 }
1677
1678 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1679 if (err < 0) {
1680 mgmt_pending_remove(cmd);
1681 goto failed;
1682 }
1683
1684failed:
1685 hci_dev_unlock(hdev);
33ef95ed
JH		 1686 return err;
1687}
1688
bdb6d971 1689static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1690{
1691 struct mgmt_mode *cp = data;
1692 struct pending_cmd *cmd;
72ef0c1a 1693 u8 status;
ed2c4ee3
JH		 1694 int err;
1695
bdb6d971 1696 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1697
cdba5281
MH		 1698 status = mgmt_bredr_support(hdev);
1699 if (status)
1700 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1701
13ecd8b6
JH		 1702 if (!lmp_ssp_capable(hdev))
1703 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1704 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1705
a7e80f25
JH		 1706 if (cp->val != 0x00 && cp->val != 0x01)
1707 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1708 MGMT_STATUS_INVALID_PARAMS);
1709
13ecd8b6 1710 hci_dev_lock(hdev);
6c8f12c1 1711
4b34ee78 1712 if (!hdev_is_powered(hdev)) {
9ecb3e24 1713 bool changed;
c0ecddc2 1714
9ecb3e24
MH		 1715 if (cp->val) {
1716 changed = !test_and_set_bit(HCI_SSP_ENABLED,
1717 &hdev->dev_flags);
1718 } else {
1719 changed = test_and_clear_bit(HCI_SSP_ENABLED,
1720 &hdev->dev_flags);
1721 if (!changed)
1722 changed = test_and_clear_bit(HCI_HS_ENABLED,
1723 &hdev->dev_flags);
1724 else
1725 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 1726 }
1727
1728 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1729 if (err < 0)
1730 goto failed;
1731
1732 if (changed)
1733 err = new_settings(hdev, sk);
1734
ed2c4ee3
JH		 1735 goto failed;
1736 }
1737
9ecb3e24
MH		 1738 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
1739 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 1740 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1741 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1742 goto failed;
1743 }
1744
72ef0c1a 1745 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 1746 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1747 goto failed;
1748 }
1749
1750 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1751 if (!cmd) {
1752 err = -ENOMEM;
1753 goto failed;
1754 }
1755
72ef0c1a 1756 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1757 if (err < 0) {
1758 mgmt_pending_remove(cmd);
1759 goto failed;
1760 }
1761
1762failed:
1763 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1764 return err;
1765}
1766
bdb6d971 1767static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1768{
1769 struct mgmt_mode *cp = data;
ee392693 1770 bool changed;
e6fe7986 1771 u8 status;
ee392693 1772 int err;
6d80dfd0 1773
bdb6d971 1774 BT_DBG("request for %s", hdev->name);
6d80dfd0 1775
e6fe7986
JH		 1776 status = mgmt_bredr_support(hdev);
1777 if (status)
1778 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1779
9ecb3e24
MH		 1780 if (!lmp_ssp_capable(hdev))
1781 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1782 MGMT_STATUS_NOT_SUPPORTED);
1783
1784 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
1785 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1786 MGMT_STATUS_REJECTED);
1787
a7e80f25
JH		 1788 if (cp->val != 0x00 && cp->val != 0x01)
1789 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1790 MGMT_STATUS_INVALID_PARAMS);
1791
ee392693
MH		 1792 hci_dev_lock(hdev);
1793
a0cdf960 1794 if (cp->val) {
ee392693 1795 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 1796 } else {
1797 if (hdev_is_powered(hdev)) {
1798 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1799 MGMT_STATUS_REJECTED);
1800 goto unlock;
1801 }
1802
ee392693 1803 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 1804 }
ee392693
MH		 1805
1806 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1807 if (err < 0)
1808 goto unlock;
1809
1810 if (changed)
1811 err = new_settings(hdev, sk);
6d80dfd0 1812
ee392693
MH		 1813unlock:
1814 hci_dev_unlock(hdev);
1815 return err;
6d80dfd0
JH		 1816}
1817
416a4ae5
JH		 1818static void le_enable_complete(struct hci_dev *hdev, u8 status)
1819{
1820 struct cmd_lookup match = { NULL, hdev };
1821
1822 if (status) {
1823 u8 mgmt_err = mgmt_status(status);
1824
1825 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1826 &mgmt_err);
1827 return;
1828 }
1829
1830 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1831
1832 new_settings(hdev, match.sk);
1833
1834 if (match.sk)
1835 sock_put(match.sk);
441ad2d0
MH		 1836
1837 /* Make sure the controller has a good default for
1838 * advertising data. Restrict the update to when LE
1839 * has actually been enabled. During power on, the
1840 * update in powered_update_hci will take care of it.
1841 */
1842 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1843 struct hci_request req;
1844
1845 hci_dev_lock(hdev);
1846
1847 hci_req_init(&req, hdev);
5947f4bc 1848 update_adv_data(&req);
f14d8f64 1849 update_scan_rsp_data(&req);
441ad2d0
MH		 1850 hci_req_run(&req, NULL);
1851
1852 hci_dev_unlock(hdev);
1853 }
416a4ae5
JH		 1854}
1855
bdb6d971 1856static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1857{
1858 struct mgmt_mode *cp = data;
1859 struct hci_cp_write_le_host_supported hci_cp;
1860 struct pending_cmd *cmd;
416a4ae5 1861 struct hci_request req;
06199cf8 1862 int err;
0b60eba1 1863 u8 val, enabled;
06199cf8 1864
bdb6d971 1865 BT_DBG("request for %s", hdev->name);
06199cf8 1866
13ecd8b6
JH		 1867 if (!lmp_le_capable(hdev))
1868 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1869 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1870
a7e80f25
JH		 1871 if (cp->val != 0x00 && cp->val != 0x01)
1872 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1873 MGMT_STATUS_INVALID_PARAMS);
1874
c73eee91 1875 /* LE-only devices do not allow toggling LE on/off */
56f87901 1876 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 1877 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1878 MGMT_STATUS_REJECTED);
1879
13ecd8b6 1880 hci_dev_lock(hdev);
06199cf8
JH		 1881
1882 val = !!cp->val;
ffa88e02 1883 enabled = lmp_host_le_capable(hdev);
06199cf8 1884
0b60eba1 1885 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1886 bool changed = false;
1887
1888 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
1889 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
1890 changed = true;
1891 }
1892
f3d3444a
JH		 1893 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
1894 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 1895 changed = true;
1896 }
1897
06199cf8
JH		 1898 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1899 if (err < 0)
1de028ce 1900 goto unlock;
06199cf8
JH		 1901
1902 if (changed)
1903 err = new_settings(hdev, sk);
1904
1de028ce 1905 goto unlock;
06199cf8
JH		 1906 }
1907
4375f103
JH		 1908 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
1909 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 1910 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 1911 MGMT_STATUS_BUSY);
1de028ce 1912 goto unlock;
06199cf8
JH		 1913 }
1914
1915 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1916 if (!cmd) {
1917 err = -ENOMEM;
1de028ce 1918 goto unlock;
06199cf8
JH		 1919 }
1920
441ad2d0
MH		 1921 hci_req_init(&req, hdev);
1922
06199cf8
JH		 1923 memset(&hci_cp, 0, sizeof(hci_cp));
1924
1925 if (val) {
1926 hci_cp.le = val;
ffa88e02 1927 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 1928 } else {
1929 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1930 disable_advertising(&req);
06199cf8
JH		 1931 }
1932
416a4ae5
JH		 1933 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1934 &hci_cp);
1935
1936 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1937 if (err < 0)
06199cf8 1938 mgmt_pending_remove(cmd);
06199cf8 1939
1de028ce
JH		 1940unlock:
1941 hci_dev_unlock(hdev);
06199cf8
JH		 1942 return err;
1943}
1944
0cab9c80
JH		 1945/* This is a helper function to test for pending mgmt commands that can
1946 * cause CoD or EIR HCI commands. We can only allow one such pending
1947 * mgmt command at a time since otherwise we cannot easily track what
1948 * the current values are, will be, and based on that calculate if a new
1949 * HCI command needs to be sent and if yes with what value.
1950 */
1951static bool pending_eir_or_class(struct hci_dev *hdev)
1952{
1953 struct pending_cmd *cmd;
1954
1955 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1956 switch (cmd->opcode) {
1957 case MGMT_OP_ADD_UUID:
1958 case MGMT_OP_REMOVE_UUID:
1959 case MGMT_OP_SET_DEV_CLASS:
1960 case MGMT_OP_SET_POWERED:
1961 return true;
1962 }
1963 }
1964
1965 return false;
1966}
1967
83be8eca
JH		 1968static const u8 bluetooth_base_uuid[] = {
1969 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1970 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1971};
1972
1973static u8 get_uuid_size(const u8 *uuid)
1974{
1975 u32 val;
1976
1977 if (memcmp(uuid, bluetooth_base_uuid, 12))
1978 return 128;
1979
1980 val = get_unaligned_le32(&uuid[12]);
1981 if (val > 0xffff)
1982 return 32;
1983
1984 return 16;
1985}
1986
92da6097
JH		 1987static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1988{
1989 struct pending_cmd *cmd;
1990
1991 hci_dev_lock(hdev);
1992
1993 cmd = mgmt_pending_find(mgmt_op, hdev);
1994 if (!cmd)
1995 goto unlock;
1996
1997 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
1998 hdev->dev_class, 3);
1999
2000 mgmt_pending_remove(cmd);
2001
2002unlock:
2003 hci_dev_unlock(hdev);
2004}
2005
2006static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2007{
2008 BT_DBG("status 0x%02x", status);
2009
2010 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2011}
2012
bdb6d971 2013static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2014{
650f726d 2015 struct mgmt_cp_add_uuid *cp = data;
90e70454 2016 struct pending_cmd *cmd;
890ea898 2017 struct hci_request req;
2aeb9a1a 2018 struct bt_uuid *uuid;
2aeb9a1a
JH		 2019 int err;
2020
bdb6d971 2021 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2022
09fd0de5 2023 hci_dev_lock(hdev);
2aeb9a1a 2024
0cab9c80 2025 if (pending_eir_or_class(hdev)) {
bdb6d971 2026 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2027 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2028 goto failed;
2029 }
2030
92c4c204 2031 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2032 if (!uuid) {
2033 err = -ENOMEM;
2034 goto failed;
2035 }
2036
2037 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2038 uuid->svc_hint = cp->svc_hint;
83be8eca 2039 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2040
de66aa63 2041 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2042
890ea898 2043 hci_req_init(&req, hdev);
1aff6f09 2044
890ea898
JH		 2045 update_class(&req);
2046 update_eir(&req);
2047
92da6097
JH		 2048 err = hci_req_run(&req, add_uuid_complete);
2049 if (err < 0) {
2050 if (err != -ENODATA)
2051 goto failed;
80a1e1db 2052
bdb6d971 2053 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2054 hdev->dev_class, 3);
90e70454
JH		 2055 goto failed;
2056 }
2057
2058 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2059 if (!cmd) {
90e70454 2060 err = -ENOMEM;
890ea898
JH		 2061 goto failed;
2062 }
2063
2064 err = 0;
2aeb9a1a
JH		 2065
2066failed:
09fd0de5 2067 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2068 return err;
2069}
2070
24b78d0f
JH		 2071static bool enable_service_cache(struct hci_dev *hdev)
2072{
2073 if (!hdev_is_powered(hdev))
2074 return false;
2075
2076 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2077 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2078 CACHE_TIMEOUT);
24b78d0f
JH		 2079 return true;
2080 }
2081
2082 return false;
2083}
2084
92da6097
JH		 2085static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2086{
2087 BT_DBG("status 0x%02x", status);
2088
2089 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2090}
2091
bdb6d971 2092static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2093 u16 len)
2aeb9a1a 2094{
650f726d 2095 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2096 struct pending_cmd *cmd;
056341c8 2097 struct bt_uuid *match, *tmp;
2aeb9a1a 2098 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2099 struct hci_request req;
2aeb9a1a
JH		 2100 int err, found;
2101
bdb6d971 2102 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2103
09fd0de5 2104 hci_dev_lock(hdev);
2aeb9a1a 2105
0cab9c80 2106 if (pending_eir_or_class(hdev)) {
bdb6d971 2107 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2108 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2109 goto unlock;
2110 }
2111
2aeb9a1a 2112 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2113 hci_uuids_clear(hdev);
4004b6d9 2114
24b78d0f 2115 if (enable_service_cache(hdev)) {
bdb6d971 2116 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2117 0, hdev->dev_class, 3);
24b78d0f
JH		 2118 goto unlock;
2119 }
4004b6d9 2120
9246a869 2121 goto update_class;
2aeb9a1a
JH		 2122 }
2123
2124 found = 0;
2125
056341c8 2126 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2127 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2128 continue;
2129
2130 list_del(&match->list);
482049f7 2131 kfree(match);
2aeb9a1a
JH		 2132 found++;
2133 }
2134
2135 if (found == 0) {
bdb6d971 2136 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2137 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2138 goto unlock;
2139 }
2140
9246a869 2141update_class:
890ea898 2142 hci_req_init(&req, hdev);
1aff6f09 2143
890ea898
JH		 2144 update_class(&req);
2145 update_eir(&req);
2146
92da6097
JH		 2147 err = hci_req_run(&req, remove_uuid_complete);
2148 if (err < 0) {
2149 if (err != -ENODATA)
2150 goto unlock;
80a1e1db 2151
bdb6d971 2152 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2153 hdev->dev_class, 3);
90e70454
JH		 2154 goto unlock;
2155 }
2156
2157 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2158 if (!cmd) {
90e70454 2159 err = -ENOMEM;
890ea898
JH		 2160 goto unlock;
2161 }
2162
2163 err = 0;
2aeb9a1a
JH		 2164
2165unlock:
09fd0de5 2166 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2167 return err;
2168}
2169
92da6097
JH		 2170static void set_class_complete(struct hci_dev *hdev, u8 status)
2171{
2172 BT_DBG("status 0x%02x", status);
2173
2174 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2175}
2176
bdb6d971 2177static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2178 u16 len)
1aff6f09 2179{
650f726d 2180 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2181 struct pending_cmd *cmd;
890ea898 2182 struct hci_request req;
1aff6f09
JH		 2183 int err;
2184
bdb6d971 2185 BT_DBG("request for %s", hdev->name);
1aff6f09 2186
6203fc98 2187 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2188 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2189 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2190
0cab9c80 2191 hci_dev_lock(hdev);
ee98f473 2192
0cab9c80
JH		 2193 if (pending_eir_or_class(hdev)) {
2194 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2195 MGMT_STATUS_BUSY);
2196 goto unlock;
2197 }
c95f0ba7 2198
0cab9c80
JH		 2199 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2200 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2201 MGMT_STATUS_INVALID_PARAMS);
2202 goto unlock;
2203 }
575b3a02 2204
932f5ff5
JH		 2205 hdev->major_class = cp->major;
2206 hdev->minor_class = cp->minor;
2207
b5235a65 2208 if (!hdev_is_powered(hdev)) {
bdb6d971 2209 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2210 hdev->dev_class, 3);
b5235a65
JH		 2211 goto unlock;
2212 }
2213
890ea898
JH		 2214 hci_req_init(&req, hdev);
2215
a8b2d5c2 2216 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2217 hci_dev_unlock(hdev);
2218 cancel_delayed_work_sync(&hdev->service_cache);
2219 hci_dev_lock(hdev);
890ea898 2220 update_eir(&req);
7d78525d 2221 }
14c0b608 2222
890ea898
JH		 2223 update_class(&req);
2224
92da6097
JH		 2225 err = hci_req_run(&req, set_class_complete);
2226 if (err < 0) {
2227 if (err != -ENODATA)
2228 goto unlock;
1aff6f09 2229
bdb6d971 2230 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2231 hdev->dev_class, 3);
90e70454
JH		 2232 goto unlock;
2233 }
2234
2235 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2236 if (!cmd) {
90e70454 2237 err = -ENOMEM;
890ea898
JH		 2238 goto unlock;
2239 }
2240
2241 err = 0;
1aff6f09 2242
b5235a65 2243unlock:
09fd0de5 2244 hci_dev_unlock(hdev);
1aff6f09
JH		 2245 return err;
2246}
2247
bdb6d971 2248static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2249 u16 len)
55ed8ca1 2250{
650f726d 2251 struct mgmt_cp_load_link_keys *cp = data;
4e51eae9 2252 u16 key_count, expected_len;
b1de97d8 2253 bool changed;
a492cd52 2254 int i;
55ed8ca1 2255
9060d5cf
MH		 2256 BT_DBG("request for %s", hdev->name);
2257
2258 if (!lmp_bredr_capable(hdev))
2259 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2260 MGMT_STATUS_NOT_SUPPORTED);
2261
1f350c87 2262 key_count = __le16_to_cpu(cp->key_count);
55ed8ca1 2263
86742e1e
JH		 2264 expected_len = sizeof(*cp) + key_count *
2265 sizeof(struct mgmt_link_key_info);
a492cd52 2266 if (expected_len != len) {
86742e1e 2267 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
8ce8e2b5 2268 len, expected_len);
bdb6d971 2269 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2270 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2271 }
2272
4ae14301
JH		 2273 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2274 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2275 MGMT_STATUS_INVALID_PARAMS);
2276
bdb6d971 2277 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2278 key_count);
55ed8ca1 2279
4ee71b20
JH		 2280 for (i = 0; i < key_count; i++) {
2281 struct mgmt_link_key_info *key = &cp->keys[i];
2282
8e991132 2283 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2284 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2285 MGMT_STATUS_INVALID_PARAMS);
2286 }
2287
09fd0de5 2288 hci_dev_lock(hdev);
55ed8ca1
JH		 2289
2290 hci_link_keys_clear(hdev);
2291
55ed8ca1 2292 if (cp->debug_keys)
b1de97d8 2293 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
55ed8ca1 2294 else
b1de97d8
MH		 2295 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
2296
2297 if (changed)
2298 new_settings(hdev, NULL);
55ed8ca1 2299
a492cd52 2300 for (i = 0; i < key_count; i++) {
86742e1e 2301 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2302
d753fdc4 2303 hci_add_link_key(hdev, NULL, 0, &key->addr.bdaddr, key->val,
04124681 2304 key->type, key->pin_len);
55ed8ca1
JH		 2305 }
2306
bdb6d971 2307 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2308
09fd0de5 2309 hci_dev_unlock(hdev);
55ed8ca1 2310
a492cd52 2311 return 0;
55ed8ca1
JH		 2312}
2313
b1078ad0 2314static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2315 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2316{
2317 struct mgmt_ev_device_unpaired ev;
2318
2319 bacpy(&ev.addr.bdaddr, bdaddr);
2320 ev.addr.type = addr_type;
2321
2322 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2323 skip_sk);
b1078ad0
JH		 2324}
2325
bdb6d971 2326static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2327 u16 len)
55ed8ca1 2328{
124f6e35
JH		 2329 struct mgmt_cp_unpair_device *cp = data;
2330 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2331 struct hci_cp_disconnect dc;
2332 struct pending_cmd *cmd;
55ed8ca1 2333 struct hci_conn *conn;
55ed8ca1
JH		 2334 int err;
2335
a8a1d19e 2336 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2337 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2338 rp.addr.type = cp->addr.type;
a8a1d19e 2339
4ee71b20
JH		 2340 if (!bdaddr_type_is_valid(cp->addr.type))
2341 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2342 MGMT_STATUS_INVALID_PARAMS,
2343 &rp, sizeof(rp));
2344
118da70b
JH		 2345 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2346 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2347 MGMT_STATUS_INVALID_PARAMS,
2348 &rp, sizeof(rp));
2349
4ee71b20
JH		 2350 hci_dev_lock(hdev);
2351
86a8cfc6 2352 if (!hdev_is_powered(hdev)) {
bdb6d971 2353 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2354 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2355 goto unlock;
2356 }
2357
e0b2b27e 2358 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2359 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2360 } else {
2361 u8 addr_type;
2362
2363 if (cp->addr.type == BDADDR_LE_PUBLIC)
2364 addr_type = ADDR_LE_DEV_PUBLIC;
2365 else
2366 addr_type = ADDR_LE_DEV_RANDOM;
2367
a7ec7338
JH		 2368 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2369
e0b2b27e
JH		 2370 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2371 }
b0dbfb46 2372
55ed8ca1 2373 if (err < 0) {
bdb6d971 2374 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2375 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2376 goto unlock;
2377 }
2378
86a8cfc6 2379 if (cp->disconnect) {
591f47f3 2380 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2381 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2382 &cp->addr.bdaddr);
86a8cfc6
JH		 2383 else
2384 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2385 &cp->addr.bdaddr);
86a8cfc6
JH		 2386 } else {
2387 conn = NULL;
2388 }
124f6e35 2389
a8a1d19e 2390 if (!conn) {
bdb6d971 2391 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2392 &rp, sizeof(rp));
b1078ad0 2393 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2394 goto unlock;
2395 }
55ed8ca1 2396
124f6e35 2397 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2398 sizeof(*cp));
a8a1d19e
JH		 2399 if (!cmd) {
2400 err = -ENOMEM;
2401 goto unlock;
55ed8ca1
JH		 2402 }
2403
eb55ef07 2404 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2405 dc.reason = 0x13; /* Remote User Terminated Connection */
2406 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2407 if (err < 0)
2408 mgmt_pending_remove(cmd);
2409
55ed8ca1 2410unlock:
09fd0de5 2411 hci_dev_unlock(hdev);
55ed8ca1
JH		 2412 return err;
2413}
2414
bdb6d971 2415static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2416 u16 len)
8962ee74 2417{
650f726d 2418 struct mgmt_cp_disconnect *cp = data;
06a63b19 2419 struct mgmt_rp_disconnect rp;
8962ee74 2420 struct hci_cp_disconnect dc;
366a0336 2421 struct pending_cmd *cmd;
8962ee74 2422 struct hci_conn *conn;
8962ee74
JH		 2423 int err;
2424
2425 BT_DBG("");
2426
06a63b19
JH		 2427 memset(&rp, 0, sizeof(rp));
2428 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2429 rp.addr.type = cp->addr.type;
2430
4ee71b20 2431 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2432 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2433 MGMT_STATUS_INVALID_PARAMS,
2434 &rp, sizeof(rp));
4ee71b20 2435
09fd0de5 2436 hci_dev_lock(hdev);
8962ee74
JH		 2437
2438 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2439 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2440 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2441 goto failed;
2442 }
2443
2e58ef3e 2444 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2445 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2446 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2447 goto failed;
2448 }
2449
591f47f3 2450 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2451 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2452 &cp->addr.bdaddr);
88c3df13
JH		 2453 else
2454 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2455
f960727e 2456 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2457 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2458 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2459 goto failed;
2460 }
2461
2e58ef3e 2462 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2463 if (!cmd) {
2464 err = -ENOMEM;
8962ee74 2465 goto failed;
366a0336 2466 }
8962ee74 2467
eb55ef07 2468 dc.handle = cpu_to_le16(conn->handle);
3701f944 2469 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2470
2471 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2472 if (err < 0)
a664b5bc 2473 mgmt_pending_remove(cmd);
8962ee74
JH		 2474
2475failed:
09fd0de5 2476 hci_dev_unlock(hdev);
8962ee74
JH		 2477 return err;
2478}
2479
57c1477c 2480static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2481{
2482 switch (link_type) {
2483 case LE_LINK:
48264f06
JH		 2484 switch (addr_type) {
2485 case ADDR_LE_DEV_PUBLIC:
591f47f3 2486 return BDADDR_LE_PUBLIC;
0ed09148 2487
48264f06 2488 default:
0ed09148 2489 /* Fallback to LE Random address type */
591f47f3 2490 return BDADDR_LE_RANDOM;
48264f06 2491 }
0ed09148 2492
4c659c39 2493 default:
0ed09148 2494 /* Fallback to BR/EDR type */
591f47f3 2495 return BDADDR_BREDR;
4c659c39
JH		 2496 }
2497}
2498
04124681
GP		 2499static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2500 u16 data_len)
2784eb41 2501{
2784eb41 2502 struct mgmt_rp_get_connections *rp;
8035ded4 2503 struct hci_conn *c;
a38528f1 2504 size_t rp_len;
60fc5fb6
JH		 2505 int err;
2506 u16 i;
2784eb41
JH		 2507
2508 BT_DBG("");
2509
09fd0de5 2510 hci_dev_lock(hdev);
2784eb41 2511
5f97c1df 2512 if (!hdev_is_powered(hdev)) {
bdb6d971 2513 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2514 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2515 goto unlock;
2516 }
2517
60fc5fb6 2518 i = 0;
b644ba33
JH		 2519 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2520 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2521 i++;
2784eb41
JH		 2522 }
2523
60fc5fb6 2524 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2525 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2526 if (!rp) {
2784eb41
JH		 2527 err = -ENOMEM;
2528 goto unlock;
2529 }
2530
2784eb41 2531 i = 0;
4c659c39 2532 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2533 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2534 continue;
4c659c39 2535 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2536 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2537 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2538 continue;
2539 i++;
2540 }
2541
eb55ef07 2542 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2543
4c659c39
JH		 2544 /* Recalculate length in case of filtered SCO connections, etc */
2545 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2546
bdb6d971 2547 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2548 rp_len);
2784eb41 2549
a38528f1 2550 kfree(rp);
5f97c1df
JH		 2551
2552unlock:
09fd0de5 2553 hci_dev_unlock(hdev);
2784eb41
JH		 2554 return err;
2555}
2556
bdb6d971 2557static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2558 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2559{
2560 struct pending_cmd *cmd;
2561 int err;
2562
2e58ef3e 2563 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2564 sizeof(*cp));
96d97a67
WR		 2565 if (!cmd)
2566 return -ENOMEM;
2567
d8457698 2568 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2569 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2570 if (err < 0)
2571 mgmt_pending_remove(cmd);
2572
2573 return err;
2574}
2575
bdb6d971 2576static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2577 u16 len)
980e1a53 2578{
96d97a67 2579 struct hci_conn *conn;
650f726d 2580 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2581 struct hci_cp_pin_code_reply reply;
366a0336 2582 struct pending_cmd *cmd;
980e1a53
JH		 2583 int err;
2584
2585 BT_DBG("");
2586
09fd0de5 2587 hci_dev_lock(hdev);
980e1a53 2588
4b34ee78 2589 if (!hdev_is_powered(hdev)) {
bdb6d971 2590 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2591 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2592 goto failed;
2593 }
2594
d8457698 2595 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2596 if (!conn) {
bdb6d971 2597 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2598 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2599 goto failed;
2600 }
2601
2602 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2603 struct mgmt_cp_pin_code_neg_reply ncp;
2604
2605 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2606
2607 BT_ERR("PIN code is not 16 bytes long");
2608
bdb6d971 2609 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2610 if (err >= 0)
bdb6d971 2611 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2612 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2613
2614 goto failed;
2615 }
2616
00abfe44 2617 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2618 if (!cmd) {
2619 err = -ENOMEM;
980e1a53 2620 goto failed;
366a0336 2621 }
980e1a53 2622
d8457698 2623 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2624 reply.pin_len = cp->pin_len;
24718ca5 2625 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2626
2627 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2628 if (err < 0)
a664b5bc 2629 mgmt_pending_remove(cmd);
980e1a53
JH		 2630
2631failed:
09fd0de5 2632 hci_dev_unlock(hdev);
980e1a53
JH		 2633 return err;
2634}
2635
04124681
GP		 2636static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2637 u16 len)
17fa4b9d 2638{
650f726d 2639 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2640
2641 BT_DBG("");
2642
09fd0de5 2643 hci_dev_lock(hdev);
17fa4b9d
JH		 2644
2645 hdev->io_capability = cp->io_capability;
2646
2647 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2648 hdev->io_capability);
17fa4b9d 2649
09fd0de5 2650 hci_dev_unlock(hdev);
17fa4b9d 2651
04124681
GP		 2652 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2653 0);
17fa4b9d
JH		 2654}
2655
6039aa73 2656static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2657{
2658 struct hci_dev *hdev = conn->hdev;
8035ded4 2659 struct pending_cmd *cmd;
e9a416b5 2660
2e58ef3e 2661 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2662 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2663 continue;
2664
e9a416b5
JH		 2665 if (cmd->user_data != conn)
2666 continue;
2667
2668 return cmd;
2669 }
2670
2671 return NULL;
2672}
2673
2674static void pairing_complete(struct pending_cmd *cmd, u8 status)
2675{
2676 struct mgmt_rp_pair_device rp;
2677 struct hci_conn *conn = cmd->user_data;
2678
ba4e564f 2679 bacpy(&rp.addr.bdaddr, &conn->dst);
57c1477c 2680 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2681
aee9b218 2682 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 2683 &rp, sizeof(rp));
e9a416b5
JH		 2684
2685 /* So we don't get further callbacks for this connection */
2686 conn->connect_cfm_cb = NULL;
2687 conn->security_cfm_cb = NULL;
2688 conn->disconn_cfm_cb = NULL;
2689
76a68ba0 2690 hci_conn_drop(conn);
e9a416b5 2691
a664b5bc 2692 mgmt_pending_remove(cmd);
e9a416b5
JH		 2693}
2694
f4a407be
JH		 2695void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2696{
2697 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
2698 struct pending_cmd *cmd;
2699
2700 cmd = find_pairing(conn);
2701 if (cmd)
2702 pairing_complete(cmd, status);
2703}
2704
e9a416b5
JH		 2705static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2706{
2707 struct pending_cmd *cmd;
2708
2709 BT_DBG("status %u", status);
2710
2711 cmd = find_pairing(conn);
56e5cb86 2712 if (!cmd)
e9a416b5 2713 BT_DBG("Unable to find a pending command");
56e5cb86 2714 else
e211326c 2715 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 2716}
2717
f4a407be 2718static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 2719{
2720 struct pending_cmd *cmd;
2721
2722 BT_DBG("status %u", status);
2723
2724 if (!status)
2725 return;
2726
2727 cmd = find_pairing(conn);
2728 if (!cmd)
2729 BT_DBG("Unable to find a pending command");
2730 else
2731 pairing_complete(cmd, mgmt_status(status));
2732}
2733
bdb6d971 2734static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2735 u16 len)
e9a416b5 2736{
650f726d 2737 struct mgmt_cp_pair_device *cp = data;
1425acb7 2738 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 2739 struct pending_cmd *cmd;
2740 u8 sec_level, auth_type;
2741 struct hci_conn *conn;
e9a416b5
JH		 2742 int err;
2743
2744 BT_DBG("");
2745
f950a30e
SJ		 2746 memset(&rp, 0, sizeof(rp));
2747 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2748 rp.addr.type = cp->addr.type;
2749
4ee71b20
JH		 2750 if (!bdaddr_type_is_valid(cp->addr.type))
2751 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2752 MGMT_STATUS_INVALID_PARAMS,
2753 &rp, sizeof(rp));
2754
09fd0de5 2755 hci_dev_lock(hdev);
e9a416b5 2756
5f97c1df 2757 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 2758 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2759 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 2760 goto unlock;
2761 }
2762
c908df36
VCG		 2763 sec_level = BT_SECURITY_MEDIUM;
2764 if (cp->io_cap == 0x03)
e9a416b5 2765 auth_type = HCI_AT_DEDICATED_BONDING;
c908df36 2766 else
e9a416b5 2767 auth_type = HCI_AT_DEDICATED_BONDING_MITM;
e9a416b5 2768
591f47f3 2769 if (cp->addr.type == BDADDR_BREDR)
b12f62cf
AG		 2770 conn = hci_connect(hdev, ACL_LINK, &cp->addr.bdaddr,
2771 cp->addr.type, sec_level, auth_type);
7a512d01 2772 else
b12f62cf
AG		 2773 conn = hci_connect(hdev, LE_LINK, &cp->addr.bdaddr,
2774 cp->addr.type, sec_level, auth_type);
7a512d01 2775
30e76272 2776 if (IS_ERR(conn)) {
489dc48e
AK		 2777 int status;
2778
2779 if (PTR_ERR(conn) == -EBUSY)
2780 status = MGMT_STATUS_BUSY;
2781 else
2782 status = MGMT_STATUS_CONNECT_FAILED;
2783
bdb6d971 2784 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 2785 status, &rp,
04124681 2786 sizeof(rp));
e9a416b5
JH		 2787 goto unlock;
2788 }
2789
2790 if (conn->connect_cfm_cb) {
76a68ba0 2791 hci_conn_drop(conn);
bdb6d971 2792 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 2793 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2794 goto unlock;
2795 }
2796
2e58ef3e 2797 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2798 if (!cmd) {
2799 err = -ENOMEM;
76a68ba0 2800 hci_conn_drop(conn);
e9a416b5
JH		 2801 goto unlock;
2802 }
2803
7a512d01 2804 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2805 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2806 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2807 conn->security_cfm_cb = pairing_complete_cb;
2808 conn->disconn_cfm_cb = pairing_complete_cb;
2809 } else {
2810 conn->connect_cfm_cb = le_pairing_complete_cb;
2811 conn->security_cfm_cb = le_pairing_complete_cb;
2812 conn->disconn_cfm_cb = le_pairing_complete_cb;
2813 }
7a512d01 2814
e9a416b5
JH		 2815 conn->io_capability = cp->io_cap;
2816 cmd->user_data = conn;
2817
2818 if (conn->state == BT_CONNECTED &&
8ce8e2b5 2819 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 2820 pairing_complete(cmd, 0);
2821
2822 err = 0;
2823
2824unlock:
09fd0de5 2825 hci_dev_unlock(hdev);
e9a416b5
JH		 2826 return err;
2827}
2828
04124681
GP		 2829static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2830 u16 len)
28424707 2831{
0f4e68cf 2832 struct mgmt_addr_info *addr = data;
28424707
JH		 2833 struct pending_cmd *cmd;
2834 struct hci_conn *conn;
2835 int err;
2836
2837 BT_DBG("");
2838
28424707
JH		 2839 hci_dev_lock(hdev);
2840
5f97c1df 2841 if (!hdev_is_powered(hdev)) {
bdb6d971 2842 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2843 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2844 goto unlock;
2845 }
2846
28424707
JH		 2847 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
2848 if (!cmd) {
bdb6d971 2849 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2850 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2851 goto unlock;
2852 }
2853
2854 conn = cmd->user_data;
2855
2856 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 2857 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 2858 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2859 goto unlock;
2860 }
2861
2862 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
2863
bdb6d971 2864 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 2865 addr, sizeof(*addr));
28424707
JH		 2866unlock:
2867 hci_dev_unlock(hdev);
28424707
JH		 2868 return err;
2869}
2870
bdb6d971 2871static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2872 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2873 u16 hci_op, __le32 passkey)
a5c29683 2874{
a5c29683 2875 struct pending_cmd *cmd;
0df4c185 2876 struct hci_conn *conn;
a5c29683
JH		 2877 int err;
2878
09fd0de5 2879 hci_dev_lock(hdev);
08ba5382 2880
4b34ee78 2881 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 2882 err = cmd_complete(sk, hdev->id, mgmt_op,
2883 MGMT_STATUS_NOT_POWERED, addr,
2884 sizeof(*addr));
0df4c185 2885 goto done;
a5c29683
JH		 2886 }
2887
1707c60e
JH		 2888 if (addr->type == BDADDR_BREDR)
2889 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2890 else
1707c60e 2891 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 2892
2893 if (!conn) {
feb94d3d
JH		 2894 err = cmd_complete(sk, hdev->id, mgmt_op,
2895 MGMT_STATUS_NOT_CONNECTED, addr,
2896 sizeof(*addr));
272d90df
JH		 2897 goto done;
2898 }
47c15e2b 2899
1707c60e 2900 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
47c15e2b 2901 /* Continue with pairing via SMP */
5fe57d9e
BG		 2902 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
2903
2904 if (!err)
feb94d3d
JH		 2905 err = cmd_complete(sk, hdev->id, mgmt_op,
2906 MGMT_STATUS_SUCCESS, addr,
2907 sizeof(*addr));
5fe57d9e 2908 else
feb94d3d
JH		 2909 err = cmd_complete(sk, hdev->id, mgmt_op,
2910 MGMT_STATUS_FAILED, addr,
2911 sizeof(*addr));
47c15e2b 2912
47c15e2b
BG		 2913 goto done;
2914 }
2915
1707c60e 2916 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2917 if (!cmd) {
2918 err = -ENOMEM;
0df4c185 2919 goto done;
a5c29683
JH		 2920 }
2921
0df4c185 2922 /* Continue with pairing via HCI */
604086b7
BG		 2923 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2924 struct hci_cp_user_passkey_reply cp;
2925
1707c60e 2926 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2927 cp.passkey = passkey;
2928 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2929 } else
1707c60e
JH		 2930 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2931 &addr->bdaddr);
604086b7 2932
a664b5bc
JH		 2933 if (err < 0)
2934 mgmt_pending_remove(cmd);
a5c29683 2935
0df4c185 2936done:
09fd0de5 2937 hci_dev_unlock(hdev);
a5c29683
JH		 2938 return err;
2939}
2940
afeb019d
JK		 2941static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2942 void *data, u16 len)
2943{
2944 struct mgmt_cp_pin_code_neg_reply *cp = data;
2945
2946 BT_DBG("");
2947
1707c60e 2948 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2949 MGMT_OP_PIN_CODE_NEG_REPLY,
2950 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2951}
2952
04124681
GP		 2953static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2954 u16 len)
0df4c185 2955{
650f726d 2956 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2957
2958 BT_DBG("");
2959
2960 if (len != sizeof(*cp))
bdb6d971 2961 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 2962 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2963
1707c60e 2964 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2965 MGMT_OP_USER_CONFIRM_REPLY,
2966 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2967}
2968
bdb6d971 2969static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2970 void *data, u16 len)
0df4c185 2971{
c9c2659f 2972 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2973
2974 BT_DBG("");
2975
1707c60e 2976 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2977 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2978 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2979}
2980
04124681
GP		 2981static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2982 u16 len)
604086b7 2983{
650f726d 2984 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2985
2986 BT_DBG("");
2987
1707c60e 2988 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2989 MGMT_OP_USER_PASSKEY_REPLY,
2990 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2991}
2992
bdb6d971 2993static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2994 void *data, u16 len)
604086b7 2995{
650f726d 2996 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2997
2998 BT_DBG("");
2999
1707c60e 3000 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3001 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3002 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3003}
3004
13928971 3005static void update_name(struct hci_request *req)
2b4bf397 3006{
13928971 3007 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3008 struct hci_cp_write_local_name cp;
3009
13928971 3010 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3011
890ea898 3012 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3013}
3014
13928971
JH		 3015static void set_name_complete(struct hci_dev *hdev, u8 status)
3016{
3017 struct mgmt_cp_set_local_name *cp;
3018 struct pending_cmd *cmd;
3019
3020 BT_DBG("status 0x%02x", status);
3021
3022 hci_dev_lock(hdev);
3023
3024 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3025 if (!cmd)
3026 goto unlock;
3027
3028 cp = cmd->param;
3029
3030 if (status)
3031 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3032 mgmt_status(status));
3033 else
3034 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3035 cp, sizeof(*cp));
3036
3037 mgmt_pending_remove(cmd);
3038
3039unlock:
3040 hci_dev_unlock(hdev);
3041}
3042
bdb6d971 3043static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3044 u16 len)
b312b161 3045{
2b4bf397 3046 struct mgmt_cp_set_local_name *cp = data;
b312b161 3047 struct pending_cmd *cmd;
890ea898 3048 struct hci_request req;
b312b161
JH		 3049 int err;
3050
3051 BT_DBG("");
3052
09fd0de5 3053 hci_dev_lock(hdev);
b312b161 3054
b3f2ca94
JH		 3055 /* If the old values are the same as the new ones just return a
3056 * direct command complete event.
3057 */
3058 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3059 !memcmp(hdev->short_name, cp->short_name,
3060 sizeof(hdev->short_name))) {
3061 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3062 data, len);
3063 goto failed;
3064 }
3065
2b4bf397 3066 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3067
b5235a65 3068 if (!hdev_is_powered(hdev)) {
2b4bf397 3069 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3070
3071 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3072 data, len);
28cc7bde
JH		 3073 if (err < 0)
3074 goto failed;
3075
3076 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3077 sk);
28cc7bde 3078
b5235a65
JH		 3079 goto failed;
3080 }
3081
28cc7bde 3082 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3083 if (!cmd) {
3084 err = -ENOMEM;
3085 goto failed;
3086 }
3087
13928971
JH		 3088 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3089
890ea898 3090 hci_req_init(&req, hdev);
3f985050
JH		 3091
3092 if (lmp_bredr_capable(hdev)) {
3093 update_name(&req);
3094 update_eir(&req);
3095 }
3096
7a5f4990
MH		 3097 /* The name is stored in the scan response data and so
3098 * no need to udpate the advertising data here.
3099 */
3f985050 3100 if (lmp_le_capable(hdev))
7a5f4990 3101 update_scan_rsp_data(&req);
3f985050 3102
13928971 3103 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3104 if (err < 0)
3105 mgmt_pending_remove(cmd);
3106
3107failed:
09fd0de5 3108 hci_dev_unlock(hdev);
b312b161
JH		 3109 return err;
3110}
3111
0f4e68cf 3112static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3113 void *data, u16 data_len)
c35938b2 3114{
c35938b2
SJ		 3115 struct pending_cmd *cmd;
3116 int err;
3117
bdb6d971 3118 BT_DBG("%s", hdev->name);
c35938b2 3119
09fd0de5 3120 hci_dev_lock(hdev);
c35938b2 3121
4b34ee78 3122 if (!hdev_is_powered(hdev)) {
bdb6d971 3123 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3124 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3125 goto unlock;
3126 }
3127
9a1a1996 3128 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3129 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3130 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3131 goto unlock;
3132 }
3133
2e58ef3e 3134 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3135 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3136 MGMT_STATUS_BUSY);
c35938b2
SJ		 3137 goto unlock;
3138 }
3139
2e58ef3e 3140 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3141 if (!cmd) {
3142 err = -ENOMEM;
3143 goto unlock;
3144 }
3145
4d2d2796
MH		 3146 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3147 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3148 0, NULL);
3149 else
3150 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3151
c35938b2
SJ		 3152 if (err < 0)
3153 mgmt_pending_remove(cmd);
3154
3155unlock:
09fd0de5 3156 hci_dev_unlock(hdev);
c35938b2
SJ		 3157 return err;
3158}
3159
bdb6d971 3160static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3161 void *data, u16 len)
2763eda6 3162{
2763eda6
SJ		 3163 int err;
3164
bdb6d971 3165 BT_DBG("%s ", hdev->name);
2763eda6 3166
09fd0de5 3167 hci_dev_lock(hdev);
2763eda6 3168
ec109113
MH		 3169 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3170 struct mgmt_cp_add_remote_oob_data *cp = data;
3171 u8 status;
bf1e3541 3172
ec109113
MH		 3173 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3174 cp->hash, cp->randomizer);
3175 if (err < 0)
3176 status = MGMT_STATUS_FAILED;
3177 else
3178 status = MGMT_STATUS_SUCCESS;
3179
3180 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3181 status, &cp->addr, sizeof(cp->addr));
3182 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3183 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3184 u8 status;
3185
3186 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3187 cp->hash192,
3188 cp->randomizer192,
3189 cp->hash256,
3190 cp->randomizer256);
3191 if (err < 0)
3192 status = MGMT_STATUS_FAILED;
3193 else
3194 status = MGMT_STATUS_SUCCESS;
3195
3196 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3197 status, &cp->addr, sizeof(cp->addr));
3198 } else {
3199 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3200 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3201 MGMT_STATUS_INVALID_PARAMS);
3202 }
2763eda6 3203
09fd0de5 3204 hci_dev_unlock(hdev);
2763eda6
SJ		 3205 return err;
3206}
3207
bdb6d971 3208static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3209 void *data, u16 len)
2763eda6 3210{
650f726d 3211 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3212 u8 status;
2763eda6
SJ		 3213 int err;
3214
bdb6d971 3215 BT_DBG("%s", hdev->name);
2763eda6 3216
09fd0de5 3217 hci_dev_lock(hdev);
2763eda6 3218
664ce4cc 3219 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3220 if (err < 0)
bf1e3541 3221 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3222 else
a6785be2 3223 status = MGMT_STATUS_SUCCESS;
bf1e3541 3224
bdb6d971 3225 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3226 status, &cp->addr, sizeof(cp->addr));
2763eda6 3227
09fd0de5 3228 hci_dev_unlock(hdev);
2763eda6
SJ		 3229 return err;
3230}
3231
41dc2bd6
AG		 3232static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3233{
3234 struct pending_cmd *cmd;
3235 u8 type;
3236 int err;
3237
3238 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3239
3240 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3241 if (!cmd)
3242 return -ENOENT;
3243
3244 type = hdev->discovery.type;
3245
3246 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3247 &type, sizeof(type));
3248 mgmt_pending_remove(cmd);
3249
3250 return err;
3251}
3252
7c307720
AG		 3253static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3254{
3255 BT_DBG("status %d", status);
3256
3257 if (status) {
3258 hci_dev_lock(hdev);
3259 mgmt_start_discovery_failed(hdev, status);
3260 hci_dev_unlock(hdev);
3261 return;
3262 }
3263
3264 hci_dev_lock(hdev);
3265 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3266 hci_dev_unlock(hdev);
3267
3268 switch (hdev->discovery.type) {
3269 case DISCOV_TYPE_LE:
3270 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3271 DISCOV_LE_TIMEOUT);
7c307720
AG		 3272 break;
3273
3274 case DISCOV_TYPE_INTERLEAVED:
3275 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
0d8cc935 3276 DISCOV_INTERLEAVED_TIMEOUT);
7c307720
AG		 3277 break;
3278
3279 case DISCOV_TYPE_BREDR:
3280 break;
3281
3282 default:
3283 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3284 }
3285}
3286
bdb6d971 3287static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3288 void *data, u16 len)
14a53664 3289{
650f726d 3290 struct mgmt_cp_start_discovery *cp = data;
14a53664 3291 struct pending_cmd *cmd;
7c307720
AG		 3292 struct hci_cp_le_set_scan_param param_cp;
3293 struct hci_cp_le_set_scan_enable enable_cp;
3294 struct hci_cp_inquiry inq_cp;
3295 struct hci_request req;
3296 /* General inquiry access code (GIAC) */
3297 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3298 u8 status, own_addr_type;
14a53664
JH		 3299 int err;
3300
bdb6d971 3301 BT_DBG("%s", hdev->name);
14a53664 3302
09fd0de5 3303 hci_dev_lock(hdev);
14a53664 3304
4b34ee78 3305 if (!hdev_is_powered(hdev)) {
bdb6d971 3306 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3307 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3308 goto failed;
3309 }
3310
642be6c7
AG		 3311 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3312 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3313 MGMT_STATUS_BUSY);
3314 goto failed;
3315 }
3316
ff9ef578 3317 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3318 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3319 MGMT_STATUS_BUSY);
ff9ef578
JH		 3320 goto failed;
3321 }
3322
2e58ef3e 3323 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3324 if (!cmd) {
3325 err = -ENOMEM;
3326 goto failed;
3327 }
3328
4aab14e5
AG		 3329 hdev->discovery.type = cp->type;
3330
7c307720
AG		 3331 hci_req_init(&req, hdev);
3332
4aab14e5 3333 switch (hdev->discovery.type) {
f39799f5 3334 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3335 status = mgmt_bredr_support(hdev);
3336 if (status) {
04106755 3337 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3338 status);
04106755
JH		 3339 mgmt_pending_remove(cmd);
3340 goto failed;
3341 }
3342
7c307720
AG		 3343 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3344 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3345 MGMT_STATUS_BUSY);
3346 mgmt_pending_remove(cmd);
3347 goto failed;
3348 }
3349
3350 hci_inquiry_cache_flush(hdev);
3351
3352 memset(&inq_cp, 0, sizeof(inq_cp));
3353 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3354 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3355 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3356 break;
3357
3358 case DISCOV_TYPE_LE:
7c307720 3359 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3360 status = mgmt_le_support(hdev);
3361 if (status) {
04106755 3362 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3363 status);
04106755
JH		 3364 mgmt_pending_remove(cmd);
3365 goto failed;
3366 }
3367
7c307720 3368 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3369 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3370 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3371 MGMT_STATUS_NOT_SUPPORTED);
3372 mgmt_pending_remove(cmd);
3373 goto failed;
3374 }
3375
f3d3444a 3376 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3377 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3378 MGMT_STATUS_REJECTED);
3379 mgmt_pending_remove(cmd);
3380 goto failed;
3381 }
3382
3383 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
3384 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3385 MGMT_STATUS_BUSY);
3386 mgmt_pending_remove(cmd);
3387 goto failed;
3388 }
3389
3390 memset(&param_cp, 0, sizeof(param_cp));
d9483943
JH		 3391
3392 err = hci_update_random_address(&req, &own_addr_type);
3393 if (err < 0) {
3394 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3395 MGMT_STATUS_FAILED);
3396 mgmt_pending_remove(cmd);
3397 goto failed;
3398 }
3399
7c307720 3400 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3401 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3402 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3403 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3404 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3405 &param_cp);
3406
3407 memset(&enable_cp, 0, sizeof(enable_cp));
3408 enable_cp.enable = LE_SCAN_ENABLE;
3409 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3410 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3411 &enable_cp);
5e0452c0
AG		 3412 break;
3413
f39799f5 3414 default:
04106755
JH		 3415 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3416 MGMT_STATUS_INVALID_PARAMS);
3417 mgmt_pending_remove(cmd);
3418 goto failed;
f39799f5 3419 }
3fd24153 3420
7c307720 3421 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3422 if (err < 0)
3423 mgmt_pending_remove(cmd);
ff9ef578
JH		 3424 else
3425 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3426
3427failed:
09fd0de5 3428 hci_dev_unlock(hdev);
14a53664
JH		 3429 return err;
3430}
3431
1183fdca
AG		 3432static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3433{
3434 struct pending_cmd *cmd;
3435 int err;
3436
3437 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3438 if (!cmd)
3439 return -ENOENT;
3440
3441 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3442 &hdev->discovery.type, sizeof(hdev->discovery.type));
3443 mgmt_pending_remove(cmd);
3444
3445 return err;
3446}
3447
0e05bba6
AG		 3448static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3449{
3450 BT_DBG("status %d", status);
3451
3452 hci_dev_lock(hdev);
3453
3454 if (status) {
3455 mgmt_stop_discovery_failed(hdev, status);
3456 goto unlock;
3457 }
3458
3459 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3460
3461unlock:
3462 hci_dev_unlock(hdev);
3463}
3464
bdb6d971 3465static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3466 u16 len)
14a53664 3467{
d930650b 3468 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3469 struct pending_cmd *cmd;
30dc78e1
JH		 3470 struct hci_cp_remote_name_req_cancel cp;
3471 struct inquiry_entry *e;
0e05bba6
AG		 3472 struct hci_request req;
3473 struct hci_cp_le_set_scan_enable enable_cp;
14a53664
JH		 3474 int err;
3475
bdb6d971 3476 BT_DBG("%s", hdev->name);
14a53664 3477
09fd0de5 3478 hci_dev_lock(hdev);
14a53664 3479
30dc78e1 3480 if (!hci_discovery_active(hdev)) {
bdb6d971 3481 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3482 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3483 sizeof(mgmt_cp->type));
d930650b
JH		 3484 goto unlock;
3485 }
3486
3487 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3488 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3489 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3490 sizeof(mgmt_cp->type));
30dc78e1 3491 goto unlock;
ff9ef578
JH		 3492 }
3493
2e58ef3e 3494 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3495 if (!cmd) {
3496 err = -ENOMEM;
30dc78e1
JH		 3497 goto unlock;
3498 }
3499
0e05bba6
AG		 3500 hci_req_init(&req, hdev);
3501
e0d9727e
AG		 3502 switch (hdev->discovery.state) {
3503 case DISCOVERY_FINDING:
0e05bba6
AG		 3504 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3505 hci_req_add(&req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
3506 } else {
3507 cancel_delayed_work(&hdev->le_scan_disable);
3508
3509 memset(&enable_cp, 0, sizeof(enable_cp));
3510 enable_cp.enable = LE_SCAN_DISABLE;
3511 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE,
3512 sizeof(enable_cp), &enable_cp);
3513 }
c9ecc48e 3514
e0d9727e
AG		 3515 break;
3516
3517 case DISCOVERY_RESOLVING:
3518 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
8ce8e2b5 3519 NAME_PENDING);
e0d9727e 3520 if (!e) {
30dc78e1 3521 mgmt_pending_remove(cmd);
e0d9727e
AG		 3522 err = cmd_complete(sk, hdev->id,
3523 MGMT_OP_STOP_DISCOVERY, 0,
3524 &mgmt_cp->type,
3525 sizeof(mgmt_cp->type));
3526 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3527 goto unlock;
3528 }
30dc78e1 3529
e0d9727e 3530 bacpy(&cp.bdaddr, &e->data.bdaddr);
0e05bba6
AG		 3531 hci_req_add(&req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
3532 &cp);
e0d9727e
AG		 3533
3534 break;
3535
3536 default:
3537 BT_DBG("unknown discovery state %u", hdev->discovery.state);
0e05bba6
AG		 3538
3539 mgmt_pending_remove(cmd);
3540 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3541 MGMT_STATUS_FAILED, &mgmt_cp->type,
3542 sizeof(mgmt_cp->type));
3543 goto unlock;
14a53664
JH		 3544 }
3545
0e05bba6 3546 err = hci_req_run(&req, stop_discovery_complete);
14a53664
JH		 3547 if (err < 0)
3548 mgmt_pending_remove(cmd);
ff9ef578
JH		 3549 else
3550 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 3551
30dc78e1 3552unlock:
09fd0de5 3553 hci_dev_unlock(hdev);
14a53664
JH		 3554 return err;
3555}
3556
bdb6d971 3557static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3558 u16 len)
561aafbc 3559{
650f726d 3560 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3561 struct inquiry_entry *e;
561aafbc
JH		 3562 int err;
3563
bdb6d971 3564 BT_DBG("%s", hdev->name);
561aafbc 3565
561aafbc
JH		 3566 hci_dev_lock(hdev);
3567
30dc78e1 3568 if (!hci_discovery_active(hdev)) {
bdb6d971 3569 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3570 MGMT_STATUS_FAILED);
30dc78e1
JH		 3571 goto failed;
3572 }
3573
a198e7b1 3574 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3575 if (!e) {
bdb6d971 3576 err = cmd_status(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
04124681 3577 MGMT_STATUS_INVALID_PARAMS);
561aafbc
JH		 3578 goto failed;
3579 }
3580
3581 if (cp->name_known) {
3582 e->name_state = NAME_KNOWN;
3583 list_del(&e->list);
3584 } else {
3585 e->name_state = NAME_NEEDED;
a3d4e20a 3586 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3587 }
3588
e384662b
JH		 3589 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3590 sizeof(cp->addr));
561aafbc
JH		 3591
3592failed:
3593 hci_dev_unlock(hdev);
561aafbc
JH		 3594 return err;
3595}
3596
bdb6d971 3597static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3598 u16 len)
7fbec224 3599{
650f726d 3600 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3601 u8 status;
7fbec224
AJ		 3602 int err;
3603
bdb6d971 3604 BT_DBG("%s", hdev->name);
7fbec224 3605
4ee71b20 3606 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3607 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3608 MGMT_STATUS_INVALID_PARAMS,
3609 &cp->addr, sizeof(cp->addr));
4ee71b20 3610
09fd0de5 3611 hci_dev_lock(hdev);
5e762444 3612
88c1fe4b 3613 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3614 if (err < 0)
f0eeea8b 3615 status = MGMT_STATUS_FAILED;
7fbec224 3616 else
a6785be2 3617 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3618
bdb6d971 3619 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3620 &cp->addr, sizeof(cp->addr));
5e762444 3621
09fd0de5 3622 hci_dev_unlock(hdev);
7fbec224
AJ		 3623
3624 return err;
3625}
3626
bdb6d971 3627static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3628 u16 len)
7fbec224 3629{
650f726d 3630 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3631 u8 status;
7fbec224
AJ		 3632 int err;
3633
bdb6d971 3634 BT_DBG("%s", hdev->name);
7fbec224 3635
4ee71b20 3636 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3637 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3638 MGMT_STATUS_INVALID_PARAMS,
3639 &cp->addr, sizeof(cp->addr));
4ee71b20 3640
09fd0de5 3641 hci_dev_lock(hdev);
5e762444 3642
88c1fe4b 3643 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
7fbec224 3644 if (err < 0)
f0eeea8b 3645 status = MGMT_STATUS_INVALID_PARAMS;
7fbec224 3646 else
a6785be2 3647 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3648
bdb6d971 3649 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3650 &cp->addr, sizeof(cp->addr));
5e762444 3651
09fd0de5 3652 hci_dev_unlock(hdev);
7fbec224
AJ		 3653
3654 return err;
3655}
3656
cdbaccca
MH		 3657static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3658 u16 len)
3659{
3660 struct mgmt_cp_set_device_id *cp = data;
890ea898 3661 struct hci_request req;
cdbaccca 3662 int err;
c72d4b8a 3663 __u16 source;
cdbaccca
MH		 3664
3665 BT_DBG("%s", hdev->name);
3666
c72d4b8a
SJ		 3667 source = __le16_to_cpu(cp->source);
3668
3669 if (source > 0x0002)
3670 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3671 MGMT_STATUS_INVALID_PARAMS);
3672
cdbaccca
MH		 3673 hci_dev_lock(hdev);
3674
c72d4b8a 3675 hdev->devid_source = source;
cdbaccca
MH		 3676 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3677 hdev->devid_product = __le16_to_cpu(cp->product);
3678 hdev->devid_version = __le16_to_cpu(cp->version);
3679
3680 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
3681
890ea898
JH		 3682 hci_req_init(&req, hdev);
3683 update_eir(&req);
3684 hci_req_run(&req, NULL);
cdbaccca
MH		 3685
3686 hci_dev_unlock(hdev);
3687
3688 return err;
3689}
3690
4375f103
JH		 3691static void set_advertising_complete(struct hci_dev *hdev, u8 status)
3692{
3693 struct cmd_lookup match = { NULL, hdev };
3694
3695 if (status) {
3696 u8 mgmt_err = mgmt_status(status);
3697
3698 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3699 cmd_status_rsp, &mgmt_err);
3700 return;
3701 }
3702
3703 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3704 &match);
3705
3706 new_settings(hdev, match.sk);
3707
3708 if (match.sk)
3709 sock_put(match.sk);
3710}
3711
21b5187f
MH		 3712static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3713 u16 len)
4375f103
JH		 3714{
3715 struct mgmt_mode *cp = data;
3716 struct pending_cmd *cmd;
3717 struct hci_request req;
e6fe7986 3718 u8 val, enabled, status;
4375f103
JH		 3719 int err;
3720
3721 BT_DBG("request for %s", hdev->name);
3722
e6fe7986
JH		 3723 status = mgmt_le_support(hdev);
3724 if (status)
4375f103 3725 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 3726 status);
4375f103
JH		 3727
3728 if (cp->val != 0x00 && cp->val != 0x01)
3729 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3730 MGMT_STATUS_INVALID_PARAMS);
3731
3732 hci_dev_lock(hdev);
3733
3734 val = !!cp->val;
f3d3444a 3735 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 3736
f74ca9b8
JH		 3737 /* The following conditions are ones which mean that we should
3738 * not do any HCI communication but directly send a mgmt
3739 * response to user space (after toggling the flag if
3740 * necessary).
3741 */
3742 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 3743 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 3744 bool changed = false;
3745
f3d3444a
JH		 3746 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
3747 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 3748 changed = true;
3749 }
3750
3751 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3752 if (err < 0)
3753 goto unlock;
3754
3755 if (changed)
3756 err = new_settings(hdev, sk);
3757
3758 goto unlock;
3759 }
3760
3761 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3762 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
3763 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3764 MGMT_STATUS_BUSY);
3765 goto unlock;
3766 }
3767
3768 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3769 if (!cmd) {
3770 err = -ENOMEM;
3771 goto unlock;
3772 }
3773
3774 hci_req_init(&req, hdev);
3775
bba3aa55
MH		 3776 if (val)
3777 enable_advertising(&req);
3778 else
3779 disable_advertising(&req);
4375f103
JH		 3780
3781 err = hci_req_run(&req, set_advertising_complete);
3782 if (err < 0)
3783 mgmt_pending_remove(cmd);
3784
3785unlock:
3786 hci_dev_unlock(hdev);
3787 return err;
3788}
3789
d13eafce
MH		 3790static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3791 void *data, u16 len)
3792{
3793 struct mgmt_cp_set_static_address *cp = data;
3794 int err;
3795
3796 BT_DBG("%s", hdev->name);
3797
62af4443 3798 if (!lmp_le_capable(hdev))
d13eafce 3799 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 3800 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3801
3802 if (hdev_is_powered(hdev))
3803 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3804 MGMT_STATUS_REJECTED);
3805
3806 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3807 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
3808 return cmd_status(sk, hdev->id,
3809 MGMT_OP_SET_STATIC_ADDRESS,
3810 MGMT_STATUS_INVALID_PARAMS);
3811
3812 /* Two most significant bits shall be set */
3813 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
3814 return cmd_status(sk, hdev->id,
3815 MGMT_OP_SET_STATIC_ADDRESS,
3816 MGMT_STATUS_INVALID_PARAMS);
3817 }
3818
3819 hci_dev_lock(hdev);
3820
3821 bacpy(&hdev->static_addr, &cp->bdaddr);
3822
3823 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
3824
3825 hci_dev_unlock(hdev);
3826
3827 return err;
3828}
3829
14b49b9a
MH		 3830static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3831 void *data, u16 len)
3832{
3833 struct mgmt_cp_set_scan_params *cp = data;
3834 __u16 interval, window;
3835 int err;
3836
3837 BT_DBG("%s", hdev->name);
3838
3839 if (!lmp_le_capable(hdev))
3840 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3841 MGMT_STATUS_NOT_SUPPORTED);
3842
3843 interval = __le16_to_cpu(cp->interval);
3844
3845 if (interval < 0x0004 || interval > 0x4000)
3846 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3847 MGMT_STATUS_INVALID_PARAMS);
3848
3849 window = __le16_to_cpu(cp->window);
3850
3851 if (window < 0x0004 || window > 0x4000)
3852 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3853 MGMT_STATUS_INVALID_PARAMS);
3854
899e1075
MH		 3855 if (window > interval)
3856 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3857 MGMT_STATUS_INVALID_PARAMS);
3858
14b49b9a
MH		 3859 hci_dev_lock(hdev);
3860
3861 hdev->le_scan_interval = interval;
3862 hdev->le_scan_window = window;
3863
3864 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
3865
3866 hci_dev_unlock(hdev);
3867
3868 return err;
3869}
3870
33e38b3e
JH		 3871static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
3872{
3873 struct pending_cmd *cmd;
3874
3875 BT_DBG("status 0x%02x", status);
3876
3877 hci_dev_lock(hdev);
3878
3879 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3880 if (!cmd)
3881 goto unlock;
3882
3883 if (status) {
3884 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3885 mgmt_status(status));
3886 } else {
1a4d3c4b
JH		 3887 struct mgmt_mode *cp = cmd->param;
3888
3889 if (cp->val)
3890 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3891 else
3892 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
3893
33e38b3e
JH		 3894 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
3895 new_settings(hdev, cmd->sk);
3896 }
3897
3898 mgmt_pending_remove(cmd);
3899
3900unlock:
3901 hci_dev_unlock(hdev);
3902}
3903
bdb6d971 3904static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 3905 void *data, u16 len)
f6422ec6 3906{
650f726d 3907 struct mgmt_mode *cp = data;
33e38b3e
JH		 3908 struct pending_cmd *cmd;
3909 struct hci_request req;
f6422ec6
AJ		 3910 int err;
3911
bdb6d971 3912 BT_DBG("%s", hdev->name);
f6422ec6 3913
56f87901
JH		 3914 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
3915 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 3916 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3917 MGMT_STATUS_NOT_SUPPORTED);
3918
a7e80f25
JH		 3919 if (cp->val != 0x00 && cp->val != 0x01)
3920 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3921 MGMT_STATUS_INVALID_PARAMS);
3922
5400c044 3923 if (!hdev_is_powered(hdev))
bdb6d971 3924 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3925 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 3926
3927 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 3928 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3929 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 3930
3931 hci_dev_lock(hdev);
3932
05cbf29f
JH		 3933 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
3934 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
3935 MGMT_STATUS_BUSY);
3936 goto unlock;
3937 }
3938
1a4d3c4b
JH		 3939 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
3940 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
3941 hdev);
3942 goto unlock;
3943 }
3944
33e38b3e
JH		 3945 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
3946 data, len);
3947 if (!cmd) {
3948 err = -ENOMEM;
3949 goto unlock;
f6422ec6
AJ		 3950 }
3951
33e38b3e
JH		 3952 hci_req_init(&req, hdev);
3953
406d7804 3954 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 3955
3956 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 3957 if (err < 0) {
bdb6d971 3958 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 3959 MGMT_STATUS_FAILED);
33e38b3e 3960 mgmt_pending_remove(cmd);
f6422ec6
AJ		 3961 }
3962
33e38b3e 3963unlock:
f6422ec6 3964 hci_dev_unlock(hdev);
33e38b3e 3965
f6422ec6
AJ		 3966 return err;
3967}
3968
67e5a7a3
JH		 3969static void set_bredr_scan(struct hci_request *req)
3970{
3971 struct hci_dev *hdev = req->hdev;
3972 u8 scan = 0;
3973
3974 /* Ensure that fast connectable is disabled. This function will
3975 * not do anything if the page scan parameters are already what
3976 * they should be.
3977 */
3978 write_fast_connectable(req, false);
3979
3980 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
3981 scan |= SCAN_PAGE;
3982 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
3983 scan |= SCAN_INQUIRY;
3984
3985 if (scan)
3986 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
3987}
3988
0663ca2a
JH		 3989static void set_bredr_complete(struct hci_dev *hdev, u8 status)
3990{
3991 struct pending_cmd *cmd;
3992
3993 BT_DBG("status 0x%02x", status);
3994
3995 hci_dev_lock(hdev);
3996
3997 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
3998 if (!cmd)
3999 goto unlock;
4000
4001 if (status) {
4002 u8 mgmt_err = mgmt_status(status);
4003
4004 /* We need to restore the flag if related HCI commands
4005 * failed.
4006 */
4007 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4008
4009 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4010 } else {
4011 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4012 new_settings(hdev, cmd->sk);
4013 }
4014
4015 mgmt_pending_remove(cmd);
4016
4017unlock:
4018 hci_dev_unlock(hdev);
4019}
4020
4021static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4022{
4023 struct mgmt_mode *cp = data;
4024 struct pending_cmd *cmd;
4025 struct hci_request req;
4026 int err;
4027
4028 BT_DBG("request for %s", hdev->name);
4029
4030 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4031 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4032 MGMT_STATUS_NOT_SUPPORTED);
4033
4034 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4035 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4036 MGMT_STATUS_REJECTED);
4037
4038 if (cp->val != 0x00 && cp->val != 0x01)
4039 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4040 MGMT_STATUS_INVALID_PARAMS);
4041
4042 hci_dev_lock(hdev);
4043
4044 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4045 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4046 goto unlock;
4047 }
4048
4049 if (!hdev_is_powered(hdev)) {
4050 if (!cp->val) {
0663ca2a
JH		 4051 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4052 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4053 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4054 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4055 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4056 }
4057
4058 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4059
4060 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4061 if (err < 0)
4062 goto unlock;
4063
4064 err = new_settings(hdev, sk);
4065 goto unlock;
4066 }
4067
4068 /* Reject disabling when powered on */
4069 if (!cp->val) {
4070 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4071 MGMT_STATUS_REJECTED);
4072 goto unlock;
4073 }
4074
4075 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4076 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4077 MGMT_STATUS_BUSY);
4078 goto unlock;
4079 }
4080
4081 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4082 if (!cmd) {
4083 err = -ENOMEM;
4084 goto unlock;
4085 }
4086
5947f4bc 4087 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4088 * generates the correct flags.
4089 */
4090 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4091
4092 hci_req_init(&req, hdev);
aa8af46e
JH		 4093
4094 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4095 set_bredr_scan(&req);
4096
f14d8f64
MH		 4097 /* Since only the advertising data flags will change, there
4098 * is no need to update the scan response data.
4099 */
5947f4bc 4100 update_adv_data(&req);
aa8af46e 4101
0663ca2a
JH		 4102 err = hci_req_run(&req, set_bredr_complete);
4103 if (err < 0)
4104 mgmt_pending_remove(cmd);
4105
4106unlock:
4107 hci_dev_unlock(hdev);
4108 return err;
4109}
4110
eac83dc6
MH		 4111static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4112 void *data, u16 len)
4113{
4114 struct mgmt_mode *cp = data;
4115 struct pending_cmd *cmd;
0ab04a9c 4116 u8 val, status;
eac83dc6
MH		 4117 int err;
4118
4119 BT_DBG("request for %s", hdev->name);
4120
4121 status = mgmt_bredr_support(hdev);
4122 if (status)
4123 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4124 status);
4125
5afeac14
MH		 4126 if (!lmp_sc_capable(hdev) &&
4127 !test_bit(HCI_FORCE_SC, &hdev->dev_flags))
eac83dc6
MH		 4128 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4129 MGMT_STATUS_NOT_SUPPORTED);
4130
0ab04a9c 4131 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4132 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4133 MGMT_STATUS_INVALID_PARAMS);
4134
4135 hci_dev_lock(hdev);
4136
4137 if (!hdev_is_powered(hdev)) {
4138 bool changed;
4139
0ab04a9c 4140 if (cp->val) {
eac83dc6
MH		 4141 changed = !test_and_set_bit(HCI_SC_ENABLED,
4142 &hdev->dev_flags);
0ab04a9c
MH		 4143 if (cp->val == 0x02)
4144 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4145 else
4146 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4147 } else {
eac83dc6
MH		 4148 changed = test_and_clear_bit(HCI_SC_ENABLED,
4149 &hdev->dev_flags);
0ab04a9c
MH		 4150 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4151 }
eac83dc6
MH		 4152
4153 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4154 if (err < 0)
4155 goto failed;
4156
4157 if (changed)
4158 err = new_settings(hdev, sk);
4159
4160 goto failed;
4161 }
4162
4163 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4164 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4165 MGMT_STATUS_BUSY);
4166 goto failed;
4167 }
4168
0ab04a9c
MH		 4169 val = !!cp->val;
4170
4171 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4172 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4173 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4174 goto failed;
4175 }
4176
4177 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4178 if (!cmd) {
4179 err = -ENOMEM;
4180 goto failed;
4181 }
4182
0ab04a9c 4183 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4184 if (err < 0) {
4185 mgmt_pending_remove(cmd);
4186 goto failed;
4187 }
4188
0ab04a9c
MH		 4189 if (cp->val == 0x02)
4190 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4191 else
4192 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4193
eac83dc6
MH		 4194failed:
4195 hci_dev_unlock(hdev);
4196 return err;
4197}
4198
4e39ac81
MH		 4199static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4200 void *data, u16 len)
4201{
4202 struct mgmt_mode *cp = data;
4203 bool changed;
4204 int err;
4205
4206 BT_DBG("request for %s", hdev->name);
4207
4208 if (cp->val != 0x00 && cp->val != 0x01)
4209 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4210 MGMT_STATUS_INVALID_PARAMS);
4211
4212 hci_dev_lock(hdev);
4213
4214 if (cp->val)
4215 changed = !test_and_set_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4216 else
4217 changed = test_and_clear_bit(HCI_DEBUG_KEYS, &hdev->dev_flags);
4218
4219 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4220 if (err < 0)
4221 goto unlock;
4222
4223 if (changed)
4224 err = new_settings(hdev, sk);
4225
4226unlock:
4227 hci_dev_unlock(hdev);
4228 return err;
4229}
4230
62b04cd1
JH		 4231static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4232 u16 len)
4233{
4234 struct mgmt_cp_set_privacy *cp = cp_data;
4235 bool changed;
4236 int err;
4237
4238 BT_DBG("request for %s", hdev->name);
4239
4240 if (!lmp_le_capable(hdev))
4241 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4242 MGMT_STATUS_NOT_SUPPORTED);
4243
4244 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4245 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4246 MGMT_STATUS_INVALID_PARAMS);
4247
4248 if (hdev_is_powered(hdev))
4249 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4250 MGMT_STATUS_REJECTED);
4251
4252 hci_dev_lock(hdev);
4253
4254 if (cp->privacy) {
4255 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4256 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4257 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4258 } else {
4259 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4260 memset(hdev->irk, 0, sizeof(hdev->irk));
4261 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4262 }
4263
4264 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4265 if (err < 0)
4266 goto unlock;
4267
4268 if (changed)
4269 err = new_settings(hdev, sk);
4270
4271unlock:
4272 hci_dev_unlock(hdev);
4273 return err;
4274}
4275
41edf160
JH		 4276static bool irk_is_valid(struct mgmt_irk_info *irk)
4277{
4278 switch (irk->addr.type) {
4279 case BDADDR_LE_PUBLIC:
4280 return true;
4281
4282 case BDADDR_LE_RANDOM:
4283 /* Two most significant bits shall be set */
4284 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4285 return false;
4286 return true;
4287 }
4288
4289 return false;
4290}
4291
4292static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4293 u16 len)
4294{
4295 struct mgmt_cp_load_irks *cp = cp_data;
4296 u16 irk_count, expected_len;
4297 int i, err;
4298
4299 BT_DBG("request for %s", hdev->name);
4300
4301 if (!lmp_le_capable(hdev))
4302 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4303 MGMT_STATUS_NOT_SUPPORTED);
4304
4305 irk_count = __le16_to_cpu(cp->irk_count);
4306
4307 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4308 if (expected_len != len) {
4309 BT_ERR("load_irks: expected %u bytes, got %u bytes",
4310 len, expected_len);
4311 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4312 MGMT_STATUS_INVALID_PARAMS);
4313 }
4314
4315 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4316
4317 for (i = 0; i < irk_count; i++) {
4318 struct mgmt_irk_info *key = &cp->irks[i];
4319
4320 if (!irk_is_valid(key))
4321 return cmd_status(sk, hdev->id,
4322 MGMT_OP_LOAD_IRKS,
4323 MGMT_STATUS_INVALID_PARAMS);
4324 }
4325
4326 hci_dev_lock(hdev);
4327
4328 hci_smp_irks_clear(hdev);
4329
4330 for (i = 0; i < irk_count; i++) {
4331 struct mgmt_irk_info *irk = &cp->irks[i];
4332 u8 addr_type;
4333
4334 if (irk->addr.type == BDADDR_LE_PUBLIC)
4335 addr_type = ADDR_LE_DEV_PUBLIC;
4336 else
4337 addr_type = ADDR_LE_DEV_RANDOM;
4338
4339 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4340 BDADDR_ANY);
4341 }
4342
4343 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4344
4345 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4346
4347 hci_dev_unlock(hdev);
4348
4349 return err;
4350}
4351
3f706b72
JH		 4352static bool ltk_is_valid(struct mgmt_ltk_info *key)
4353{
4354 if (key->master != 0x00 && key->master != 0x01)
4355 return false;
490cb0b3
MH		 4356
4357 switch (key->addr.type) {
4358 case BDADDR_LE_PUBLIC:
4359 return true;
4360
4361 case BDADDR_LE_RANDOM:
4362 /* Two most significant bits shall be set */
4363 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4364 return false;
4365 return true;
4366 }
4367
4368 return false;
3f706b72
JH		 4369}
4370
bdb6d971 4371static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4372 void *cp_data, u16 len)
346af67b 4373{
346af67b
VCG		 4374 struct mgmt_cp_load_long_term_keys *cp = cp_data;
4375 u16 key_count, expected_len;
715a5bf2 4376 int i, err;
346af67b 4377
cf99ba13
MH		 4378 BT_DBG("request for %s", hdev->name);
4379
4380 if (!lmp_le_capable(hdev))
4381 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4382 MGMT_STATUS_NOT_SUPPORTED);
4383
1f350c87 4384 key_count = __le16_to_cpu(cp->key_count);
346af67b
VCG		 4385
4386 expected_len = sizeof(*cp) + key_count *
4387 sizeof(struct mgmt_ltk_info);
4388 if (expected_len != len) {
4389 BT_ERR("load_keys: expected %u bytes, got %u bytes",
8ce8e2b5 4390 len, expected_len);
bdb6d971 4391 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4392 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4393 }
4394
bdb6d971 4395 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4396
54ad6d8a
JH		 4397 for (i = 0; i < key_count; i++) {
4398 struct mgmt_ltk_info *key = &cp->keys[i];
4399
3f706b72 4400 if (!ltk_is_valid(key))
54ad6d8a
JH		 4401 return cmd_status(sk, hdev->id,
4402 MGMT_OP_LOAD_LONG_TERM_KEYS,
4403 MGMT_STATUS_INVALID_PARAMS);
4404 }
4405
346af67b
VCG		 4406 hci_dev_lock(hdev);
4407
4408 hci_smp_ltks_clear(hdev);
4409
4410 for (i = 0; i < key_count; i++) {
4411 struct mgmt_ltk_info *key = &cp->keys[i];
79d95a19
MH		 4412 u8 type, addr_type;
4413
4414 if (key->addr.type == BDADDR_LE_PUBLIC)
4415 addr_type = ADDR_LE_DEV_PUBLIC;
4416 else
4417 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4418
4419 if (key->master)
4420 type = HCI_SMP_LTK;
4421 else
4422 type = HCI_SMP_LTK_SLAVE;
4423
35d70271
JH		 4424 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
4425 key->type, key->val, key->enc_size, key->ediv,
4426 key->rand);
346af67b
VCG		 4427 }
4428
715a5bf2
JH		 4429 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4430 NULL, 0);
4431
346af67b 4432 hci_dev_unlock(hdev);
346af67b 4433
715a5bf2 4434 return err;
346af67b
VCG		 4435}
4436
2e3c35ea 4437static const struct mgmt_handler {
04124681
GP		 4438 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
4439 u16 data_len);
be22b54e
JH		 4440 bool var_len;
4441 size_t data_len;
0f4e68cf
JH		 4442} mgmt_handlers[] = {
4443 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 4444 { read_version, false, MGMT_READ_VERSION_SIZE },
4445 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
4446 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
4447 { read_controller_info, false, MGMT_READ_INFO_SIZE },
4448 { set_powered, false, MGMT_SETTING_SIZE },
4449 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
4450 { set_connectable, false, MGMT_SETTING_SIZE },
4451 { set_fast_connectable, false, MGMT_SETTING_SIZE },
4452 { set_pairable, false, MGMT_SETTING_SIZE },
4453 { set_link_security, false, MGMT_SETTING_SIZE },
4454 { set_ssp, false, MGMT_SETTING_SIZE },
4455 { set_hs, false, MGMT_SETTING_SIZE },
4456 { set_le, false, MGMT_SETTING_SIZE },
4457 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
4458 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
4459 { add_uuid, false, MGMT_ADD_UUID_SIZE },
4460 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
4461 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
4462 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
4463 { disconnect, false, MGMT_DISCONNECT_SIZE },
4464 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
4465 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
4466 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
4467 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
4468 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
4469 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
4470 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
4471 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
4472 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
4473 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
4474 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
4475 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 4476 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 4477 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
4478 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
4479 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
4480 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
4481 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
4482 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 4483 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 4484 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 4485 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 4486 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 4487 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 4488 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 4489 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 4490 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 4491 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
0f4e68cf
JH		 4492};
4493
4494
0381101f
JH		 4495int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
4496{
650f726d
VCG		 4497 void *buf;
4498 u8 *cp;
0381101f 4499 struct mgmt_hdr *hdr;
4e51eae9 4500 u16 opcode, index, len;
bdb6d971 4501 struct hci_dev *hdev = NULL;
2e3c35ea 4502 const struct mgmt_handler *handler;
0381101f
JH		 4503 int err;
4504
4505 BT_DBG("got %zu bytes", msglen);
4506
4507 if (msglen < sizeof(*hdr))
4508 return -EINVAL;
4509
e63a15ec 4510 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 4511 if (!buf)
4512 return -ENOMEM;
4513
4514 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
4515 err = -EFAULT;
4516 goto done;
4517 }
4518
650f726d 4519 hdr = buf;
1f350c87
MH		 4520 opcode = __le16_to_cpu(hdr->opcode);
4521 index = __le16_to_cpu(hdr->index);
4522 len = __le16_to_cpu(hdr->len);
0381101f
JH		 4523
4524 if (len != msglen - sizeof(*hdr)) {
4525 err = -EINVAL;
4526 goto done;
4527 }
4528
0f4e68cf 4529 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 4530 hdev = hci_dev_get(index);
4531 if (!hdev) {
4532 err = cmd_status(sk, index, opcode,
04124681 4533 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 4534 goto done;
4535 }
0736cfa8 4536
cebf4cfd
JH		 4537 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4538 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 4539 err = cmd_status(sk, index, opcode,
4540 MGMT_STATUS_INVALID_INDEX);
4541 goto done;
4542 }
bdb6d971
JH		 4543 }
4544
0f4e68cf 4545 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 4546 mgmt_handlers[opcode].func == NULL) {
0381101f 4547 BT_DBG("Unknown op %u", opcode);
ca69b795 4548 err = cmd_status(sk, index, opcode,
04124681 4549 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 4550 goto done;
4551 }
4552
4553 if ((hdev && opcode < MGMT_OP_READ_INFO) ||
8ce8e2b5 4554 (!hdev && opcode >= MGMT_OP_READ_INFO)) {
0f4e68cf 4555 err = cmd_status(sk, index, opcode,
04124681 4556 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 4557 goto done;
0381101f
JH		 4558 }
4559
be22b54e
JH		 4560 handler = &mgmt_handlers[opcode];
4561
4562 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 4563 (!handler->var_len && len != handler->data_len)) {
be22b54e 4564 err = cmd_status(sk, index, opcode,
04124681 4565 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 4566 goto done;
4567 }
4568
0f4e68cf
JH		 4569 if (hdev)
4570 mgmt_init_hdev(sk, hdev);
4571
4572 cp = buf + sizeof(*hdr);
4573
be22b54e 4574 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 4575 if (err < 0)
4576 goto done;
4577
0381101f
JH		 4578 err = msglen;
4579
4580done:
bdb6d971
JH		 4581 if (hdev)
4582 hci_dev_put(hdev);
4583
0381101f
JH		 4584 kfree(buf);
4585 return err;
4586}
c71e97bf 4587
bf6b56db 4588void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 4589{
1514b892 4590 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4591 return;
bb4b2a9a 4592
bf6b56db 4593 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 4594}
4595
bf6b56db 4596void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 4597{
5f159032 4598 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 4599
1514b892 4600 if (hdev->dev_type != HCI_BREDR)
bf6b56db 4601 return;
bb4b2a9a 4602
744cf19e 4603 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 4604
bf6b56db 4605 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 4606}
4607
229ab39c
JH		 4608static void powered_complete(struct hci_dev *hdev, u8 status)
4609{
4610 struct cmd_lookup match = { NULL, hdev };
4611
4612 BT_DBG("status 0x%02x", status);
4613
4614 hci_dev_lock(hdev);
4615
4616 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4617
4618 new_settings(hdev, match.sk);
4619
4620 hci_dev_unlock(hdev);
4621
4622 if (match.sk)
4623 sock_put(match.sk);
4624}
4625
70da6243 4626static int powered_update_hci(struct hci_dev *hdev)
5add6af8 4627{
890ea898 4628 struct hci_request req;
70da6243 4629 u8 link_sec;
5add6af8 4630
890ea898
JH		 4631 hci_req_init(&req, hdev);
4632
70da6243
JH		 4633 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
4634 !lmp_host_ssp_capable(hdev)) {
4635 u8 ssp = 1;
5e5282bb 4636
890ea898 4637 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 4638 }
5add6af8 4639
c73eee91
JH		 4640 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
4641 lmp_bredr_capable(hdev)) {
70da6243 4642 struct hci_cp_write_le_host_supported cp;
f0ff92fb 4643
70da6243
JH		 4644 cp.le = 1;
4645 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 4646
70da6243
JH		 4647 /* Check first if we already have the right
4648 * host state (host features set)
4649 */
4650 if (cp.le != lmp_host_le_capable(hdev) ||
4651 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 4652 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
4653 sizeof(cp), &cp);
70da6243 4654 }
3d1cbdd6 4655
d13eafce 4656 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 4657 /* Make sure the controller has a good default for
4658 * advertising data. This also applies to the case
4659 * where BR/EDR was toggled during the AUTO_OFF phase.
4660 */
f14d8f64 4661 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 4662 update_adv_data(&req);
f14d8f64
MH		 4663 update_scan_rsp_data(&req);
4664 }
441ad2d0 4665
bba3aa55
MH		 4666 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
4667 enable_advertising(&req);
eeca6f89
JH		 4668 }
4669
70da6243
JH		 4670 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4671 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 4672 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
4673 sizeof(link_sec), &link_sec);
562fcc24 4674
70da6243 4675 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 4676 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
4677 set_bredr_scan(&req);
890ea898 4678 update_class(&req);
13928971 4679 update_name(&req);
890ea898 4680 update_eir(&req);
70da6243 4681 }
562fcc24 4682
229ab39c 4683 return hci_req_run(&req, powered_complete);
70da6243 4684}
562fcc24 4685
70da6243
JH		 4686int mgmt_powered(struct hci_dev *hdev, u8 powered)
4687{
4688 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 4689 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
4690 u8 zero_cod[] = { 0, 0, 0 };
70da6243 4691 int err;
f0ff92fb 4692
70da6243
JH		 4693 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
4694 return 0;
4695
70da6243 4696 if (powered) {
229ab39c
JH		 4697 if (powered_update_hci(hdev) == 0)
4698 return 0;
fe038884 4699
229ab39c
JH		 4700 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
4701 &match);
4702 goto new_settings;
b24752fe
JH		 4703 }
4704
229ab39c
JH		 4705 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
4706 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
4707
4708 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
4709 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
4710 zero_cod, sizeof(zero_cod), NULL);
4711
4712new_settings:
beadb2bd 4713 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 4714
4715 if (match.sk)
4716 sock_put(match.sk);
4717
7bb895d6 4718 return err;
5add6af8 4719}
73f22f62 4720
3eec705e 4721void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 4722{
4723 struct pending_cmd *cmd;
4724 u8 status;
4725
4726 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
4727 if (!cmd)
3eec705e 4728 return;
96570ffc
JH		 4729
4730 if (err == -ERFKILL)
4731 status = MGMT_STATUS_RFKILLED;
4732 else
4733 status = MGMT_STATUS_FAILED;
4734
3eec705e 4735 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 4736
4737 mgmt_pending_remove(cmd);
96570ffc
JH		 4738}
4739
d1967ff8
MH		 4740void mgmt_discoverable_timeout(struct hci_dev *hdev)
4741{
4742 struct hci_request req;
d1967ff8
MH		 4743
4744 hci_dev_lock(hdev);
4745
4746 /* When discoverable timeout triggers, then just make sure
4747 * the limited discoverable flag is cleared. Even in the case
4748 * of a timeout triggered from general discoverable, it is
4749 * safe to unconditionally clear the flag.
4750 */
4751 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 4752 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 4753
4754 hci_req_init(&req, hdev);
4b580614
JH		 4755 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4756 u8 scan = SCAN_PAGE;
4757 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
4758 sizeof(scan), &scan);
4759 }
d1967ff8 4760 update_class(&req);
9a43e25f 4761 update_adv_data(&req);
d1967ff8
MH		 4762 hci_req_run(&req, NULL);
4763
4764 hdev->discov_timeout = 0;
4765
9a43e25f
JH		 4766 new_settings(hdev, NULL);
4767
d1967ff8
MH		 4768 hci_dev_unlock(hdev);
4769}
4770
86a75645 4771void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 4772{
86a75645 4773 bool changed;
73f22f62 4774
bfaf8c9f
JH		 4775 /* Nothing needed here if there's a pending command since that
4776 * commands request completion callback takes care of everything
4777 * necessary.
4778 */
4779 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 4780 return;
bfaf8c9f 4781
9a43e25f 4782 if (discoverable) {
86a75645 4783 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4784 } else {
4785 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 4786 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 4787 }
4788
4789 if (changed) {
4790 struct hci_request req;
4791
4792 /* In case this change in discoverable was triggered by
4793 * a disabling of connectable there could be a need to
4794 * update the advertising flags.
4795 */
4796 hci_req_init(&req, hdev);
4797 update_adv_data(&req);
4798 hci_req_run(&req, NULL);
73f22f62 4799
86a75645 4800 new_settings(hdev, NULL);
9a43e25f 4801 }
73f22f62 4802}
9fbcbb45 4803
a330916c 4804void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 4805{
a330916c 4806 bool changed;
9fbcbb45 4807
d7b856f9
JH		 4808 /* Nothing needed here if there's a pending command since that
4809 * commands request completion callback takes care of everything
4810 * necessary.
4811 */
4812 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 4813 return;
d7b856f9 4814
a330916c
MH		 4815 if (connectable)
4816 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
4817 else
4818 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 4819
beadb2bd 4820 if (changed)
a330916c 4821 new_settings(hdev, NULL);
9fbcbb45 4822}
55ed8ca1 4823
4796e8af 4824void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 4825{
ca69b795
JH		 4826 u8 mgmt_err = mgmt_status(status);
4827
2d7cee58 4828 if (scan & SCAN_PAGE)
744cf19e 4829 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 4830 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4831
4832 if (scan & SCAN_INQUIRY)
744cf19e 4833 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 4834 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 4835}
4836
dc4a5ee2
MH		 4837void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
4838 bool persistent)
55ed8ca1 4839{
86742e1e 4840 struct mgmt_ev_new_link_key ev;
55ed8ca1 4841
a492cd52 4842 memset(&ev, 0, sizeof(ev));
55ed8ca1 4843
a492cd52 4844 ev.store_hint = persistent;
d753fdc4 4845 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 4846 ev.key.addr.type = BDADDR_BREDR;
a492cd52 4847 ev.key.type = key->type;
9b3b4460 4848 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 4849 ev.key.pin_len = key->pin_len;
55ed8ca1 4850
dc4a5ee2 4851 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 4852}
f7520543 4853
ba74b666 4854void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key)
346af67b
VCG		 4855{
4856 struct mgmt_ev_new_long_term_key ev;
4857
4858 memset(&ev, 0, sizeof(ev));
4859
5192d301
MH		 4860 /* Devices using resolvable or non-resolvable random addresses
4861 * without providing an indentity resolving key don't require
4862 * to store long term keys. Their addresses will change the
4863 * next time around.
4864 *
4865 * Only when a remote device provides an identity address
4866 * make sure the long term key is stored. If the remote
4867 * identity is known, the long term keys are internally
4868 * mapped to the identity address. So allow static random
4869 * and public addresses here.
4870 */
ba74b666
JH		 4871 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
4872 (key->bdaddr.b[5] & 0xc0) != 0xc0)
4873 ev.store_hint = 0x00;
4874 else
4875 ev.store_hint = 0x01;
4876
346af67b 4877 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 4878 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d40f3eef 4879 ev.key.type = key->authenticated;
346af67b
VCG		 4880 ev.key.enc_size = key->enc_size;
4881 ev.key.ediv = key->ediv;
4882
4883 if (key->type == HCI_SMP_LTK)
4884 ev.key.master = 1;
4885
4886 memcpy(ev.key.rand, key->rand, sizeof(key->rand));
4887 memcpy(ev.key.val, key->val, sizeof(key->val));
4888
083368f7 4889 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 4890}
4891
95fbac8a
JH		 4892void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
4893{
4894 struct mgmt_ev_new_irk ev;
4895
4896 memset(&ev, 0, sizeof(ev));
4897
bab6d1e5
MH		 4898 /* For identity resolving keys from devices that are already
4899 * using a public address or static random address, do not
4900 * ask for storing this key. The identity resolving key really
4901 * is only mandatory for devices using resovlable random
4902 * addresses.
4903 *
4904 * Storing all identity resolving keys has the downside that
4905 * they will be also loaded on next boot of they system. More
4906 * identity resolving keys, means more time during scanning is
4907 * needed to actually resolve these addresses.
4908 */
4909 if (bacmp(&irk->rpa, BDADDR_ANY))
4910 ev.store_hint = 0x01;
4911 else
4912 ev.store_hint = 0x00;
4913
95fbac8a
JH		 4914 bacpy(&ev.rpa, &irk->rpa);
4915 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
4916 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
4917 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
4918
4919 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
4920}
4921
94933991
MH		 4922static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
4923 u8 data_len)
4924{
4925 eir[eir_len++] = sizeof(type) + data_len;
4926 eir[eir_len++] = type;
4927 memcpy(&eir[eir_len], data, data_len);
4928 eir_len += data_len;
4929
4930 return eir_len;
4931}
4932
ecd90ae7
MH		 4933void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
4934 u8 addr_type, u32 flags, u8 *name, u8 name_len,
4935 u8 *dev_class)
f7520543 4936{
b644ba33
JH		 4937 char buf[512];
4938 struct mgmt_ev_device_connected *ev = (void *) buf;
4939 u16 eir_len = 0;
f7520543 4940
b644ba33 4941 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 4942 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 4943
c95f0ba7 4944 ev->flags = __cpu_to_le32(flags);
08c79b61 4945
b644ba33
JH		 4946 if (name_len > 0)
4947 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 4948 name, name_len);
b644ba33
JH		 4949
4950 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 4951 eir_len = eir_append_data(ev->eir, eir_len,
04124681 4952 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 4953
eb55ef07 4954 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 4955
ecd90ae7
MH		 4956 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
4957 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 4958}
4959
8962ee74
JH		 4960static void disconnect_rsp(struct pending_cmd *cmd, void *data)
4961{
c68fb7ff 4962 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 4963 struct sock **sk = data;
a38528f1 4964 struct mgmt_rp_disconnect rp;
8962ee74 4965
88c3df13
JH		 4966 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4967 rp.addr.type = cp->addr.type;
8962ee74 4968
aee9b218 4969 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 4970 sizeof(rp));
8962ee74
JH		 4971
4972 *sk = cmd->sk;
4973 sock_hold(*sk);
4974
a664b5bc 4975 mgmt_pending_remove(cmd);
8962ee74
JH		 4976}
4977
124f6e35 4978static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 4979{
b1078ad0 4980 struct hci_dev *hdev = data;
124f6e35
JH		 4981 struct mgmt_cp_unpair_device *cp = cmd->param;
4982 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 4983
4984 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 4985 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4986 rp.addr.type = cp->addr.type;
a8a1d19e 4987
b1078ad0
JH		 4988 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
4989
aee9b218 4990 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 4991
4992 mgmt_pending_remove(cmd);
4993}
4994
9b80ec5e
MH		 4995void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
4996 u8 link_type, u8 addr_type, u8 reason)
f7520543 4997{
f0d6a0ea 4998 struct mgmt_ev_device_disconnected ev;
8962ee74 4999 struct sock *sk = NULL;
8962ee74 5000
57eb776f
AG		 5001 if (link_type != ACL_LINK && link_type != LE_LINK)
5002 return;
5003
744cf19e 5004 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 5005
f0d6a0ea
MA		 5006 bacpy(&ev.addr.bdaddr, bdaddr);
5007 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5008 ev.reason = reason;
f7520543 5009
9b80ec5e 5010 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 5011
5012 if (sk)
d97dcb66 5013 sock_put(sk);
8962ee74 5014
124f6e35 5015 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 5016 hdev);
8962ee74
JH		 5017}
5018
7892924c
MH		 5019void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
5020 u8 link_type, u8 addr_type, u8 status)
8962ee74 5021{
3655bba8
AG		 5022 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
5023 struct mgmt_cp_disconnect *cp;
88c3df13 5024 struct mgmt_rp_disconnect rp;
8962ee74 5025 struct pending_cmd *cmd;
8962ee74 5026
36a75f1b
JD		 5027 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
5028 hdev);
5029
2e58ef3e 5030 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 5031 if (!cmd)
7892924c 5032 return;
8962ee74 5033
3655bba8
AG		 5034 cp = cmd->param;
5035
5036 if (bacmp(bdaddr, &cp->addr.bdaddr))
5037 return;
5038
5039 if (cp->addr.type != bdaddr_type)
5040 return;
5041
88c3df13 5042 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 5043 rp.addr.type = bdaddr_type;
37d9ef76 5044
7892924c
MH		 5045 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
5046 mgmt_status(status), &rp, sizeof(rp));
8962ee74 5047
a664b5bc 5048 mgmt_pending_remove(cmd);
f7520543 5049}
17d5c04c 5050
445608d0
MH		 5051void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5052 u8 addr_type, u8 status)
17d5c04c
JH		 5053{
5054 struct mgmt_ev_connect_failed ev;
5055
4c659c39 5056 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5057 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5058 ev.status = mgmt_status(status);
17d5c04c 5059
445608d0 5060 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 5061}
980e1a53 5062
ce0e4a0d 5063void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 5064{
5065 struct mgmt_ev_pin_code_request ev;
5066
d8457698 5067 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 5068 ev.addr.type = BDADDR_BREDR;
a770bb5a 5069 ev.secure = secure;
980e1a53 5070
ce0e4a0d 5071 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 5072}
5073
e669cf80
MH		 5074void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5075 u8 status)
980e1a53
JH		 5076{
5077 struct pending_cmd *cmd;
ac56fb13 5078 struct mgmt_rp_pin_code_reply rp;
980e1a53 5079
2e58ef3e 5080 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 5081 if (!cmd)
e669cf80 5082 return;
980e1a53 5083
d8457698 5084 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5085 rp.addr.type = BDADDR_BREDR;
ac56fb13 5086
e669cf80
MH		 5087 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
5088 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5089
a664b5bc 5090 mgmt_pending_remove(cmd);
980e1a53
JH		 5091}
5092
3eb38528
MH		 5093void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
5094 u8 status)
980e1a53
JH		 5095{
5096 struct pending_cmd *cmd;
ac56fb13 5097 struct mgmt_rp_pin_code_reply rp;
980e1a53 5098
2e58ef3e 5099 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 5100 if (!cmd)
3eb38528 5101 return;
980e1a53 5102
d8457698 5103 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 5104 rp.addr.type = BDADDR_BREDR;
ac56fb13 5105
3eb38528
MH		 5106 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
5107 mgmt_status(status), &rp, sizeof(rp));
980e1a53 5108
a664b5bc 5109 mgmt_pending_remove(cmd);
980e1a53 5110}
a5c29683 5111
744cf19e 5112int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681
GP		 5113 u8 link_type, u8 addr_type, __le32 value,
5114 u8 confirm_hint)
a5c29683
JH		 5115{
5116 struct mgmt_ev_user_confirm_request ev;
5117
744cf19e 5118 BT_DBG("%s", hdev->name);
a5c29683 5119
272d90df 5120 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5121 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 5122 ev.confirm_hint = confirm_hint;
78e8098e 5123 ev.value = value;
a5c29683 5124
744cf19e 5125 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 5126 NULL);
a5c29683
JH		 5127}
5128
272d90df 5129int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 5130 u8 link_type, u8 addr_type)
604086b7
BG		 5131{
5132 struct mgmt_ev_user_passkey_request ev;
5133
5134 BT_DBG("%s", hdev->name);
5135
272d90df 5136 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5137 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 5138
5139 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 5140 NULL);
604086b7
BG		 5141}
5142
0df4c185 5143static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 5144 u8 link_type, u8 addr_type, u8 status,
5145 u8 opcode)
a5c29683
JH		 5146{
5147 struct pending_cmd *cmd;
5148 struct mgmt_rp_user_confirm_reply rp;
5149 int err;
5150
2e58ef3e 5151 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 5152 if (!cmd)
5153 return -ENOENT;
5154
272d90df 5155 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 5156 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 5157 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 5158 &rp, sizeof(rp));
a5c29683 5159
a664b5bc 5160 mgmt_pending_remove(cmd);
a5c29683
JH		 5161
5162 return err;
5163}
5164
744cf19e 5165int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5166 u8 link_type, u8 addr_type, u8 status)
a5c29683 5167{
272d90df 5168 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5169 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 5170}
5171
272d90df 5172int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5173 u8 link_type, u8 addr_type, u8 status)
a5c29683 5174{
272d90df 5175 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5176 status,
5177 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 5178}
2a611692 5179
604086b7 5180int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5181 u8 link_type, u8 addr_type, u8 status)
604086b7 5182{
272d90df 5183 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 5184 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 5185}
5186
272d90df 5187int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 5188 u8 link_type, u8 addr_type, u8 status)
604086b7 5189{
272d90df 5190 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 5191 status,
5192 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 5193}
5194
92a25256
JH		 5195int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
5196 u8 link_type, u8 addr_type, u32 passkey,
5197 u8 entered)
5198{
5199 struct mgmt_ev_passkey_notify ev;
5200
5201 BT_DBG("%s", hdev->name);
5202
5203 bacpy(&ev.addr.bdaddr, bdaddr);
5204 ev.addr.type = link_to_bdaddr(link_type, addr_type);
5205 ev.passkey = __cpu_to_le32(passkey);
5206 ev.entered = entered;
5207
5208 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
5209}
5210
e546099c
MH		 5211void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5212 u8 addr_type, u8 status)
2a611692
JH		 5213{
5214 struct mgmt_ev_auth_failed ev;
5215
bab73cb6 5216 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 5217 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 5218 ev.status = mgmt_status(status);
2a611692 5219
e546099c 5220 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 5221}
b312b161 5222
464996ae 5223void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 5224{
5225 struct cmd_lookup match = { NULL, hdev };
464996ae 5226 bool changed;
33ef95ed
JH		 5227
5228 if (status) {
5229 u8 mgmt_err = mgmt_status(status);
5230 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 5231 cmd_status_rsp, &mgmt_err);
464996ae 5232 return;
33ef95ed
JH		 5233 }
5234
464996ae
MH		 5235 if (test_bit(HCI_AUTH, &hdev->flags))
5236 changed = !test_and_set_bit(HCI_LINK_SECURITY,
5237 &hdev->dev_flags);
5238 else
5239 changed = test_and_clear_bit(HCI_LINK_SECURITY,
5240 &hdev->dev_flags);
47990ea0 5241
33ef95ed 5242 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 5243 &match);
33ef95ed 5244
47990ea0 5245 if (changed)
464996ae 5246 new_settings(hdev, match.sk);
33ef95ed
JH		 5247
5248 if (match.sk)
5249 sock_put(match.sk);
33ef95ed
JH		 5250}
5251
890ea898 5252static void clear_eir(struct hci_request *req)
cacaf52f 5253{
890ea898 5254 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 5255 struct hci_cp_write_eir cp;
5256
976eb20e 5257 if (!lmp_ext_inq_capable(hdev))
890ea898 5258 return;
cacaf52f 5259
c80da27e
JH		 5260 memset(hdev->eir, 0, sizeof(hdev->eir));
5261
cacaf52f
JH		 5262 memset(&cp, 0, sizeof(cp));
5263
890ea898 5264 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 5265}
5266
3e248560 5267void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 5268{
5269 struct cmd_lookup match = { NULL, hdev };
890ea898 5270 struct hci_request req;
c0ecddc2 5271 bool changed = false;
ed2c4ee3
JH		 5272
5273 if (status) {
5274 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 5275
5276 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 5277 &hdev->dev_flags)) {
5278 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 5279 new_settings(hdev, NULL);
9ecb3e24 5280 }
c0ecddc2 5281
04124681
GP		 5282 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
5283 &mgmt_err);
3e248560 5284 return;
c0ecddc2
JH		 5285 }
5286
5287 if (enable) {
9ecb3e24 5288 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 5289 } else {
9ecb3e24
MH		 5290 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
5291 if (!changed)
5292 changed = test_and_clear_bit(HCI_HS_ENABLED,
5293 &hdev->dev_flags);
5294 else
5295 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 5296 }
5297
5298 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
5299
c0ecddc2 5300 if (changed)
3e248560 5301 new_settings(hdev, match.sk);
ed2c4ee3 5302
5fc6ebb1 5303 if (match.sk)
ed2c4ee3
JH		 5304 sock_put(match.sk);
5305
890ea898
JH		 5306 hci_req_init(&req, hdev);
5307
5fc6ebb1 5308 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 5309 update_eir(&req);
5fc6ebb1 5310 else
890ea898
JH		 5311 clear_eir(&req);
5312
5313 hci_req_run(&req, NULL);
ed2c4ee3
JH		 5314}
5315
eac83dc6
MH		 5316void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
5317{
5318 struct cmd_lookup match = { NULL, hdev };
5319 bool changed = false;
5320
5321 if (status) {
5322 u8 mgmt_err = mgmt_status(status);
5323
0ab04a9c
MH		 5324 if (enable) {
5325 if (test_and_clear_bit(HCI_SC_ENABLED,
5326 &hdev->dev_flags))
5327 new_settings(hdev, NULL);
5328 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5329 }
eac83dc6
MH		 5330
5331 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5332 cmd_status_rsp, &mgmt_err);
5333 return;
5334 }
5335
0ab04a9c 5336 if (enable) {
eac83dc6 5337 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 5338 } else {
eac83dc6 5339 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 5340 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
5341 }
eac83dc6
MH		 5342
5343 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
5344 settings_rsp, &match);
5345
5346 if (changed)
5347 new_settings(hdev, match.sk);
5348
5349 if (match.sk)
5350 sock_put(match.sk);
5351}
5352
92da6097 5353static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 5354{
5355 struct cmd_lookup *match = data;
5356
90e70454
JH		 5357 if (match->sk == NULL) {
5358 match->sk = cmd->sk;
5359 sock_hold(match->sk);
5360 }
90e70454
JH		 5361}
5362
4e1b0245
MH		 5363void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
5364 u8 status)
7f9a903c 5365{
90e70454 5366 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 5367
92da6097
JH		 5368 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
5369 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
5370 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 5371
5372 if (!status)
4e1b0245
MH		 5373 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
5374 NULL);
90e70454
JH		 5375
5376 if (match.sk)
5377 sock_put(match.sk);
7f9a903c
MH		 5378}
5379
7667da34 5380void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 5381{
b312b161 5382 struct mgmt_cp_set_local_name ev;
13928971 5383 struct pending_cmd *cmd;
28cc7bde 5384
13928971 5385 if (status)
7667da34 5386 return;
b312b161
JH		 5387
5388 memset(&ev, 0, sizeof(ev));
5389 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 5390 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 5391
2e58ef3e 5392 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 5393 if (!cmd) {
5394 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 5395
13928971
JH		 5396 /* If this is a HCI command related to powering on the
5397 * HCI dev don't send any mgmt signals.
5398 */
5399 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 5400 return;
890ea898 5401 }
b312b161 5402
7667da34
MH		 5403 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
5404 cmd ? cmd->sk : NULL);
b312b161 5405}
c35938b2 5406
4d2d2796
MH		 5407void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
5408 u8 *randomizer192, u8 *hash256,
5409 u8 *randomizer256, u8 status)
c35938b2
SJ		 5410{
5411 struct pending_cmd *cmd;
c35938b2 5412
744cf19e 5413 BT_DBG("%s status %u", hdev->name, status);
c35938b2 5414
2e58ef3e 5415 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 5416 if (!cmd)
3edaf092 5417 return;
c35938b2
SJ		 5418
5419 if (status) {
3edaf092
MH		 5420 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5421 mgmt_status(status));
c35938b2 5422 } else {
4d2d2796
MH		 5423 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
5424 hash256 && randomizer256) {
5425 struct mgmt_rp_read_local_oob_ext_data rp;
5426
5427 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
5428 memcpy(rp.randomizer192, randomizer192,
5429 sizeof(rp.randomizer192));
c35938b2 5430
4d2d2796
MH		 5431 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
5432 memcpy(rp.randomizer256, randomizer256,
5433 sizeof(rp.randomizer256));
c35938b2 5434
4d2d2796
MH		 5435 cmd_complete(cmd->sk, hdev->id,
5436 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5437 &rp, sizeof(rp));
5438 } else {
5439 struct mgmt_rp_read_local_oob_data rp;
5440
5441 memcpy(rp.hash, hash192, sizeof(rp.hash));
5442 memcpy(rp.randomizer, randomizer192,
5443 sizeof(rp.randomizer));
5444
5445 cmd_complete(cmd->sk, hdev->id,
5446 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
5447 &rp, sizeof(rp));
5448 }
c35938b2
SJ		 5449 }
5450
5451 mgmt_pending_remove(cmd);
c35938b2 5452}
e17acd40 5453
901801b9
MH		 5454void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5455 u8 addr_type, u8 *dev_class, s8 rssi, u8 cfm_name, u8
5456 ssp, u8 *eir, u16 eir_len)
e17acd40 5457{
e319d2e7
JH		 5458 char buf[512];
5459 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 5460 struct smp_irk *irk;
1dc06093 5461 size_t ev_size;
e17acd40 5462
12602d0c 5463 if (!hci_discovery_active(hdev))
901801b9 5464 return;
12602d0c 5465
1dc06093
JH		 5466 /* Leave 5 bytes for a potential CoD field */
5467 if (sizeof(*ev) + eir_len + 5 > sizeof(buf))
901801b9 5468 return;
7d262f86 5469
1dc06093
JH		 5470 memset(buf, 0, sizeof(buf));
5471
5cedbb8d
JH		 5472 irk = hci_get_irk(hdev, bdaddr, addr_type);
5473 if (irk) {
5474 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
5475 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
5476 } else {
5477 bacpy(&ev->addr.bdaddr, bdaddr);
5478 ev->addr.type = link_to_bdaddr(link_type, addr_type);
5479 }
5480
e319d2e7 5481 ev->rssi = rssi;
9a395a80 5482 if (cfm_name)
612dfce9 5483 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_CONFIRM_NAME);
388fc8fa 5484 if (!ssp)
612dfce9 5485 ev->flags |= __constant_cpu_to_le32(MGMT_DEV_FOUND_LEGACY_PAIRING);
e17acd40 5486
1dc06093 5487 if (eir_len > 0)
e319d2e7 5488 memcpy(ev->eir, eir, eir_len);
e17acd40 5489
1dc06093
JH		 5490 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
5491 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 5492 dev_class, 3);
1dc06093 5493
eb55ef07 5494 ev->eir_len = cpu_to_le16(eir_len);
1dc06093 5495 ev_size = sizeof(*ev) + eir_len;
f8523598 5496
901801b9 5497 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 5498}
a88a9652 5499
9cf12aee
MH		 5500void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
5501 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 5502{
b644ba33
JH		 5503 struct mgmt_ev_device_found *ev;
5504 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
5505 u16 eir_len;
a88a9652 5506
b644ba33 5507 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 5508
b644ba33
JH		 5509 memset(buf, 0, sizeof(buf));
5510
5511 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 5512 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 5513 ev->rssi = rssi;
5514
5515 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 5516 name_len);
b644ba33 5517
eb55ef07 5518 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 5519
9cf12aee 5520 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 5521}
314b2381 5522
2f1e063b 5523void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 5524{
f963e8e9 5525 struct mgmt_ev_discovering ev;
164a6e78
JH		 5526 struct pending_cmd *cmd;
5527
343fb145
AG		 5528 BT_DBG("%s discovering %u", hdev->name, discovering);
5529
164a6e78 5530 if (discovering)
2e58ef3e 5531 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 5532 else
2e58ef3e 5533 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 5534
5535 if (cmd != NULL) {
f808e166
JH		 5536 u8 type = hdev->discovery.type;
5537
04124681
GP		 5538 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
5539 sizeof(type));
164a6e78
JH		 5540 mgmt_pending_remove(cmd);
5541 }
5542
f963e8e9
JH		 5543 memset(&ev, 0, sizeof(ev));
5544 ev.type = hdev->discovery.type;
5545 ev.discovering = discovering;
5546
2f1e063b 5547 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 5548}
5e762444 5549
88c1fe4b 5550int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5551{
5552 struct pending_cmd *cmd;
5553 struct mgmt_ev_device_blocked ev;
5554
2e58ef3e 5555 cmd = mgmt_pending_find(MGMT_OP_BLOCK_DEVICE, hdev);
5e762444 5556
88c1fe4b
JH		 5557 bacpy(&ev.addr.bdaddr, bdaddr);
5558 ev.addr.type = type;
5e762444 5559
744cf19e 5560 return mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &ev, sizeof(ev),
04124681 5561 cmd ? cmd->sk : NULL);
5e762444
AJ		 5562}
5563
88c1fe4b 5564int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type)
5e762444
AJ		 5565{
5566 struct pending_cmd *cmd;
5567 struct mgmt_ev_device_unblocked ev;
5568
2e58ef3e 5569 cmd = mgmt_pending_find(MGMT_OP_UNBLOCK_DEVICE, hdev);
5e762444 5570
88c1fe4b
JH		 5571 bacpy(&ev.addr.bdaddr, bdaddr);
5572 ev.addr.type = type;
5e762444 5573
744cf19e 5574 return mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &ev, sizeof(ev),
04124681 5575 cmd ? cmd->sk : NULL);
5e762444 5576}
5976e608
MH		 5577
5578static void adv_enable_complete(struct hci_dev *hdev, u8 status)
5579{
5580 BT_DBG("%s status %u", hdev->name, status);
5581
5582 /* Clear the advertising mgmt setting if we failed to re-enable it */
5583 if (status) {
5584 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5585 new_settings(hdev, NULL);
5976e608
MH		 5586 }
5587}
5588
5589void mgmt_reenable_advertising(struct hci_dev *hdev)
5590{
5591 struct hci_request req;
5592
b145edcd 5593 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 5594 return;
5595
5596 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5597 return;
5598
5599 hci_req_init(&req, hdev);
5600 enable_advertising(&req);
5601
5602 /* If this fails we have no option but to let user space know
5603 * that we've disabled advertising.
5604 */
5605 if (hci_req_run(&req, adv_enable_complete) < 0) {
5606 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 5607 new_settings(hdev, NULL);
5976e608
MH		 5608 }
5609}
Linux kernel - Deliverables
This page took 1.497547 seconds and 5 git commands to generate.