projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Move EIR update to hci_request.c
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
dc4270c0 41#define MGMT_REVISION 11
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
e70bb2e8
JH		 106};
107
108static const u16 mgmt_events[] = {
109 MGMT_EV_CONTROLLER_ERROR,
110 MGMT_EV_INDEX_ADDED,
111 MGMT_EV_INDEX_REMOVED,
112 MGMT_EV_NEW_SETTINGS,
113 MGMT_EV_CLASS_OF_DEV_CHANGED,
114 MGMT_EV_LOCAL_NAME_CHANGED,
115 MGMT_EV_NEW_LINK_KEY,
116 MGMT_EV_NEW_LONG_TERM_KEY,
117 MGMT_EV_DEVICE_CONNECTED,
118 MGMT_EV_DEVICE_DISCONNECTED,
119 MGMT_EV_CONNECT_FAILED,
120 MGMT_EV_PIN_CODE_REQUEST,
121 MGMT_EV_USER_CONFIRM_REQUEST,
122 MGMT_EV_USER_PASSKEY_REQUEST,
123 MGMT_EV_AUTH_FAILED,
124 MGMT_EV_DEVICE_FOUND,
125 MGMT_EV_DISCOVERING,
126 MGMT_EV_DEVICE_BLOCKED,
127 MGMT_EV_DEVICE_UNBLOCKED,
128 MGMT_EV_DEVICE_UNPAIRED,
92a25256 129 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 130 MGMT_EV_NEW_IRK,
7ee4ea36 131 MGMT_EV_NEW_CSRK,
8afef092
MH		 132 MGMT_EV_DEVICE_ADDED,
133 MGMT_EV_DEVICE_REMOVED,
ffb5a827 134 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 135 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 136 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 137 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 138 MGMT_EV_EXT_INDEX_ADDED,
139 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 140 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 141 MGMT_EV_ADVERTISING_ADDED,
142 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 143};
144
99c679ac
MH		 145static const u16 mgmt_untrusted_commands[] = {
146 MGMT_OP_READ_INDEX_LIST,
147 MGMT_OP_READ_INFO,
148 MGMT_OP_READ_UNCONF_INDEX_LIST,
149 MGMT_OP_READ_CONFIG_INFO,
150 MGMT_OP_READ_EXT_INDEX_LIST,
151};
152
153static const u16 mgmt_untrusted_events[] = {
154 MGMT_EV_INDEX_ADDED,
155 MGMT_EV_INDEX_REMOVED,
156 MGMT_EV_NEW_SETTINGS,
157 MGMT_EV_CLASS_OF_DEV_CHANGED,
158 MGMT_EV_LOCAL_NAME_CHANGED,
159 MGMT_EV_UNCONF_INDEX_ADDED,
160 MGMT_EV_UNCONF_INDEX_REMOVED,
161 MGMT_EV_NEW_CONFIG_OPTIONS,
162 MGMT_EV_EXT_INDEX_ADDED,
163 MGMT_EV_EXT_INDEX_REMOVED,
164};
165
17b02e62 166#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 167
d25b78e2
JH		 168#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
169 "\x00\x00\x00\x00\x00\x00\x00\x00"
170
ca69b795
JH		 171/* HCI to MGMT error code conversion table */
172static u8 mgmt_status_table[] = {
173 MGMT_STATUS_SUCCESS,
174 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
175 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
176 MGMT_STATUS_FAILED, /* Hardware Failure */
177 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
178 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 179 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 180 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
181 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
183 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
184 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
185 MGMT_STATUS_BUSY, /* Command Disallowed */
186 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
187 MGMT_STATUS_REJECTED, /* Rejected Security */
188 MGMT_STATUS_REJECTED, /* Rejected Personal */
189 MGMT_STATUS_TIMEOUT, /* Host Timeout */
190 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
191 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
192 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
193 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
194 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
195 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
196 MGMT_STATUS_BUSY, /* Repeated Attempts */
197 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
198 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
199 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
200 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
201 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
202 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
203 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
204 MGMT_STATUS_FAILED, /* Unspecified Error */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
206 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
207 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
208 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
209 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
210 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
211 MGMT_STATUS_FAILED, /* Unit Link Key Used */
212 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
213 MGMT_STATUS_TIMEOUT, /* Instant Passed */
214 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
215 MGMT_STATUS_FAILED, /* Transaction Collision */
216 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
217 MGMT_STATUS_REJECTED, /* QoS Rejected */
218 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
219 MGMT_STATUS_REJECTED, /* Insufficient Security */
220 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
221 MGMT_STATUS_BUSY, /* Role Switch Pending */
222 MGMT_STATUS_FAILED, /* Slot Violation */
223 MGMT_STATUS_FAILED, /* Role Switch Failed */
224 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
225 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
226 MGMT_STATUS_BUSY, /* Host Busy Pairing */
227 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
228 MGMT_STATUS_BUSY, /* Controller Busy */
229 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
230 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
231 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
232 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
233 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
234};
235
236static u8 mgmt_status(u8 hci_status)
237{
238 if (hci_status < ARRAY_SIZE(mgmt_status_table))
239 return mgmt_status_table[hci_status];
240
241 return MGMT_STATUS_FAILED;
242}
243
c08b1a1d
MH		 244static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
245 u16 len, int flag)
f9207338 246{
c08b1a1d
MH		 247 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
248 flag, NULL);
f9207338
MH		 249}
250
72000df2
MH		 251static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
252 u16 len, int flag, struct sock *skip_sk)
253{
254 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
255 flag, skip_sk);
256}
257
f6b7712e
MH		 258static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
259 u16 len, struct sock *skip_sk)
260{
261 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
262 HCI_MGMT_GENERIC_EVENTS, skip_sk);
263}
264
7a00ff44
JH		 265static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
266 struct sock *skip_sk)
267{
268 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 269 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 270}
271
85813a7e
JH		 272static u8 le_addr_type(u8 mgmt_addr_type)
273{
274 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
275 return ADDR_LE_DEV_PUBLIC;
276 else
277 return ADDR_LE_DEV_RANDOM;
278}
279
04124681
GP		 280static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
281 u16 data_len)
a38528f1
JH		 282{
283 struct mgmt_rp_read_version rp;
284
285 BT_DBG("sock %p", sk);
286
287 rp.version = MGMT_VERSION;
dcf4adbf 288 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 289
2a1afb5a
JH		 290 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
291 &rp, sizeof(rp));
a38528f1
JH		 292}
293
04124681
GP		 294static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
295 u16 data_len)
e70bb2e8
JH		 296{
297 struct mgmt_rp_read_commands *rp;
99c679ac 298 u16 num_commands, num_events;
e70bb2e8
JH		 299 size_t rp_size;
300 int i, err;
301
302 BT_DBG("sock %p", sk);
303
99c679ac
MH		 304 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
305 num_commands = ARRAY_SIZE(mgmt_commands);
306 num_events = ARRAY_SIZE(mgmt_events);
307 } else {
308 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
309 num_events = ARRAY_SIZE(mgmt_untrusted_events);
310 }
311
e70bb2e8
JH		 312 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
313
314 rp = kmalloc(rp_size, GFP_KERNEL);
315 if (!rp)
316 return -ENOMEM;
317
dcf4adbf
JP		 318 rp->num_commands = cpu_to_le16(num_commands);
319 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 320
99c679ac
MH		 321 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
322 __le16 *opcode = rp->opcodes;
323
324 for (i = 0; i < num_commands; i++, opcode++)
325 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 326
99c679ac
MH		 327 for (i = 0; i < num_events; i++, opcode++)
328 put_unaligned_le16(mgmt_events[i], opcode);
329 } else {
330 __le16 *opcode = rp->opcodes;
331
332 for (i = 0; i < num_commands; i++, opcode++)
333 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
334
335 for (i = 0; i < num_events; i++, opcode++)
336 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
337 }
e70bb2e8 338
2a1afb5a
JH		 339 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
340 rp, rp_size);
e70bb2e8
JH		 341 kfree(rp);
342
343 return err;
344}
345
04124681
GP		 346static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
347 u16 data_len)
faba42eb 348{
faba42eb 349 struct mgmt_rp_read_index_list *rp;
8035ded4 350 struct hci_dev *d;
a38528f1 351 size_t rp_len;
faba42eb 352 u16 count;
476e44cb 353 int err;
faba42eb
JH		 354
355 BT_DBG("sock %p", sk);
356
357 read_lock(&hci_dev_list_lock);
358
359 count = 0;
bb4b2a9a 360 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 361 if (d->dev_type == HCI_BREDR &&
d7a5a11d 362 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 363 count++;
faba42eb
JH		 364 }
365
a38528f1
JH		 366 rp_len = sizeof(*rp) + (2 * count);
367 rp = kmalloc(rp_len, GFP_ATOMIC);
368 if (!rp) {
b2c60d42 369 read_unlock(&hci_dev_list_lock);
faba42eb 370 return -ENOMEM;
b2c60d42 371 }
faba42eb 372
476e44cb 373 count = 0;
8035ded4 374 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 375 if (hci_dev_test_flag(d, HCI_SETUP) ||
376 hci_dev_test_flag(d, HCI_CONFIG) ||
377 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 378 continue;
379
73d1df2a
MH		 380 /* Devices marked as raw-only are neither configured
381 * nor unconfigured controllers.
382 */
383 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 384 continue;
385
73d1df2a 386 if (d->dev_type == HCI_BREDR &&
d7a5a11d 387 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 388 rp->index[count++] = cpu_to_le16(d->id);
389 BT_DBG("Added hci%u", d->id);
390 }
faba42eb
JH		 391 }
392
476e44cb
JH		 393 rp->num_controllers = cpu_to_le16(count);
394 rp_len = sizeof(*rp) + (2 * count);
395
faba42eb
JH		 396 read_unlock(&hci_dev_list_lock);
397
2a1afb5a
JH		 398 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
399 0, rp, rp_len);
faba42eb 400
a38528f1
JH		 401 kfree(rp);
402
403 return err;
faba42eb
JH		 404}
405
73d1df2a
MH		 406static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
407 void *data, u16 data_len)
408{
409 struct mgmt_rp_read_unconf_index_list *rp;
410 struct hci_dev *d;
411 size_t rp_len;
412 u16 count;
413 int err;
414
415 BT_DBG("sock %p", sk);
416
417 read_lock(&hci_dev_list_lock);
418
419 count = 0;
420 list_for_each_entry(d, &hci_dev_list, list) {
421 if (d->dev_type == HCI_BREDR &&
d7a5a11d 422 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 423 count++;
424 }
425
426 rp_len = sizeof(*rp) + (2 * count);
427 rp = kmalloc(rp_len, GFP_ATOMIC);
428 if (!rp) {
429 read_unlock(&hci_dev_list_lock);
430 return -ENOMEM;
431 }
432
433 count = 0;
434 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 435 if (hci_dev_test_flag(d, HCI_SETUP) ||
436 hci_dev_test_flag(d, HCI_CONFIG) ||
437 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 438 continue;
439
440 /* Devices marked as raw-only are neither configured
441 * nor unconfigured controllers.
442 */
443 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
444 continue;
445
446 if (d->dev_type == HCI_BREDR &&
d7a5a11d 447 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 448 rp->index[count++] = cpu_to_le16(d->id);
449 BT_DBG("Added hci%u", d->id);
450 }
451 }
452
453 rp->num_controllers = cpu_to_le16(count);
454 rp_len = sizeof(*rp) + (2 * count);
455
456 read_unlock(&hci_dev_list_lock);
457
2a1afb5a
JH		 458 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
459 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 460
461 kfree(rp);
462
463 return err;
464}
465
96f1474a
MH		 466static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
467 void *data, u16 data_len)
468{
469 struct mgmt_rp_read_ext_index_list *rp;
470 struct hci_dev *d;
471 size_t rp_len;
472 u16 count;
473 int err;
474
475 BT_DBG("sock %p", sk);
476
477 read_lock(&hci_dev_list_lock);
478
479 count = 0;
480 list_for_each_entry(d, &hci_dev_list, list) {
481 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
482 count++;
483 }
484
485 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
486 rp = kmalloc(rp_len, GFP_ATOMIC);
487 if (!rp) {
488 read_unlock(&hci_dev_list_lock);
489 return -ENOMEM;
490 }
491
492 count = 0;
493 list_for_each_entry(d, &hci_dev_list, list) {
494 if (hci_dev_test_flag(d, HCI_SETUP) ||
495 hci_dev_test_flag(d, HCI_CONFIG) ||
496 hci_dev_test_flag(d, HCI_USER_CHANNEL))
497 continue;
498
499 /* Devices marked as raw-only are neither configured
500 * nor unconfigured controllers.
501 */
502 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
503 continue;
504
505 if (d->dev_type == HCI_BREDR) {
506 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
507 rp->entry[count].type = 0x01;
508 else
509 rp->entry[count].type = 0x00;
510 } else if (d->dev_type == HCI_AMP) {
511 rp->entry[count].type = 0x02;
512 } else {
513 continue;
514 }
515
516 rp->entry[count].bus = d->bus;
517 rp->entry[count++].index = cpu_to_le16(d->id);
518 BT_DBG("Added hci%u", d->id);
519 }
520
521 rp->num_controllers = cpu_to_le16(count);
522 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
523
524 read_unlock(&hci_dev_list_lock);
525
526 /* If this command is called at least once, then all the
527 * default index and unconfigured index events are disabled
528 * and from now on only extended index events are used.
529 */
530 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
531 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
532 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
533
534 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
535 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
536
537 kfree(rp);
538
539 return err;
540}
541
dbece37a
MH		 542static bool is_configured(struct hci_dev *hdev)
543{
544 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 545 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 546 return false;
547
548 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
549 !bacmp(&hdev->public_addr, BDADDR_ANY))
550 return false;
551
552 return true;
553}
554
89bc22d2
MH		 555static __le32 get_missing_options(struct hci_dev *hdev)
556{
557 u32 options = 0;
558
dbece37a 559 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 560 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 561 options |= MGMT_OPTION_EXTERNAL_CONFIG;
562
89bc22d2
MH		 563 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
564 !bacmp(&hdev->public_addr, BDADDR_ANY))
565 options |= MGMT_OPTION_PUBLIC_ADDRESS;
566
567 return cpu_to_le32(options);
568}
569
f4537c04
MH		 570static int new_options(struct hci_dev *hdev, struct sock *skip)
571{
572 __le32 options = get_missing_options(hdev);
573
f6b7712e
MH		 574 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
575 sizeof(options), skip);
f4537c04
MH		 576}
577
dbece37a
MH		 578static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
579{
580 __le32 options = get_missing_options(hdev);
581
2a1afb5a
JH		 582 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
583 sizeof(options));
dbece37a
MH		 584}
585
9fc3bfb6
MH		 586static int read_config_info(struct sock *sk, struct hci_dev *hdev,
587 void *data, u16 data_len)
588{
589 struct mgmt_rp_read_config_info rp;
89bc22d2 590 u32 options = 0;
9fc3bfb6
MH		 591
592 BT_DBG("sock %p %s", sk, hdev->name);
593
594 hci_dev_lock(hdev);
595
596 memset(&rp, 0, sizeof(rp));
597 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 598
eb1904f4
MH		 599 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
600 options |= MGMT_OPTION_EXTERNAL_CONFIG;
601
9fc3bfb6 602 if (hdev->set_bdaddr)
89bc22d2
MH		 603 options |= MGMT_OPTION_PUBLIC_ADDRESS;
604
605 rp.supported_options = cpu_to_le32(options);
606 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 607
608 hci_dev_unlock(hdev);
609
2a1afb5a
JH		 610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
611 &rp, sizeof(rp));
9fc3bfb6
MH		 612}
613
69ab39ea
JH		 614static u32 get_supported_settings(struct hci_dev *hdev)
615{
616 u32 settings = 0;
617
618 settings |= MGMT_SETTING_POWERED;
b2939475 619 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 620 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 621 settings |= MGMT_SETTING_CONNECTABLE;
622 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 623
ed3fa31f 624 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 625 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
626 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 627 settings |= MGMT_SETTING_BREDR;
628 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 629
630 if (lmp_ssp_capable(hdev)) {
631 settings |= MGMT_SETTING_SSP;
632 settings |= MGMT_SETTING_HS;
633 }
e98d2ce2 634
05b3c3e7 635 if (lmp_sc_capable(hdev))
e98d2ce2 636 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 637 }
d7b7e796 638
eeca6f89 639 if (lmp_le_capable(hdev)) {
9d42820f 640 settings |= MGMT_SETTING_LE;
eeca6f89 641 settings |= MGMT_SETTING_ADVERTISING;
a3209694 642 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 643 settings |= MGMT_SETTING_PRIVACY;
93690c22 644 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 645 }
69ab39ea 646
eb1904f4
MH		 647 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
648 hdev->set_bdaddr)
9fc3bfb6
MH		 649 settings |= MGMT_SETTING_CONFIGURATION;
650
69ab39ea
JH		 651 return settings;
652}
653
654static u32 get_current_settings(struct hci_dev *hdev)
655{
656 u32 settings = 0;
657
f1f0eb02 658 if (hdev_is_powered(hdev))
f0d4b78a
MH		 659 settings |= MGMT_SETTING_POWERED;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 662 settings |= MGMT_SETTING_CONNECTABLE;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 665 settings |= MGMT_SETTING_FAST_CONNECTABLE;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 668 settings |= MGMT_SETTING_DISCOVERABLE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 671 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_BREDR;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 677 settings |= MGMT_SETTING_LE;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 680 settings |= MGMT_SETTING_LINK_SECURITY;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 683 settings |= MGMT_SETTING_SSP;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 686 settings |= MGMT_SETTING_HS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 689 settings |= MGMT_SETTING_ADVERTISING;
690
d7a5a11d 691 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 692 settings |= MGMT_SETTING_SECURE_CONN;
693
d7a5a11d 694 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 695 settings |= MGMT_SETTING_DEBUG_KEYS;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 698 settings |= MGMT_SETTING_PRIVACY;
699
93690c22
MH		 700 /* The current setting for static address has two purposes. The
701 * first is to indicate if the static address will be used and
702 * the second is to indicate if it is actually set.
703 *
704 * This means if the static address is not configured, this flag
08dc0e98 705 * will never be set. If the address is configured, then if the
93690c22
MH		 706 * address is actually used decides if the flag is set or not.
707 *
708 * For single mode LE only controllers and dual-mode controllers
709 * with BR/EDR disabled, the existence of the static address will
710 * be evaluated.
711 */
b7cb93e5 712 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 713 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 714 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
715 if (bacmp(&hdev->static_addr, BDADDR_ANY))
716 settings |= MGMT_SETTING_STATIC_ADDRESS;
717 }
718
69ab39ea
JH		 719 return settings;
720}
721
333ae95d
JH		 722static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
723{
724 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
725}
726
333ae95d
JH		 727static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
728 struct hci_dev *hdev,
729 const void *data)
730{
731 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
732}
733
f2252570 734u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 735{
3b0602cd 736 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 737
738 /* If there's a pending mgmt command the flags will not yet have
739 * their final values, so check for this first.
740 */
333ae95d 741 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 742 if (cmd) {
743 struct mgmt_mode *cp = cmd->param;
744 if (cp->val == 0x01)
745 return LE_AD_GENERAL;
746 else if (cp->val == 0x02)
747 return LE_AD_LIMITED;
748 } else {
d7a5a11d 749 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 750 return LE_AD_LIMITED;
d7a5a11d 751 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 752 return LE_AD_GENERAL;
753 }
754
755 return 0;
756}
757
f2252570 758bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 759{
760 struct mgmt_pending_cmd *cmd;
441ad2d0 761
fdf51784
AU		 762 /* If there's a pending mgmt command the flag will not yet have
763 * it's final value, so check for this first.
764 */
765 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
766 if (cmd) {
767 struct mgmt_mode *cp = cmd->param;
441ad2d0 768
fdf51784 769 return cp->val;
441ad2d0
MH		 770 }
771
fdf51784
AU		 772 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
773}
441ad2d0 774
7d78525d
JH		 775static void service_cache_off(struct work_struct *work)
776{
777 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 778 service_cache.work);
890ea898 779 struct hci_request req;
7d78525d 780
a69d8927 781 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 782 return;
783
890ea898
JH		 784 hci_req_init(&req, hdev);
785
7d78525d
JH		 786 hci_dev_lock(hdev);
787
b1a8917c 788 __hci_req_update_eir(&req);
14bf5eac 789 __hci_req_update_class(&req);
7d78525d
JH		 790
791 hci_dev_unlock(hdev);
890ea898
JH		 792
793 hci_req_run(&req, NULL);
7d78525d
JH		 794}
795
d6bfd59c
JH		 796static void rpa_expired(struct work_struct *work)
797{
798 struct hci_dev *hdev = container_of(work, struct hci_dev,
799 rpa_expired.work);
800 struct hci_request req;
801
802 BT_DBG("");
803
a1536da2 804 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 805
d7a5a11d 806 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 807 return;
808
809 /* The generation of a new RPA and programming it into the
f2252570
JH		 810 * controller happens in the hci_req_enable_advertising()
811 * function.
d6bfd59c 812 */
d6bfd59c 813 hci_req_init(&req, hdev);
f2252570 814 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 815 hci_req_run(&req, NULL);
816}
817
6a919082 818static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 819{
238be788 820 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 821 return;
822
4f87da80 823 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 824 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 825
4f87da80
JH		 826 /* Non-mgmt controlled devices get this bit set
827 * implicitly so that pairing works for them, however
828 * for mgmt we require user-space to explicitly enable
829 * it
830 */
a358dc11 831 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 832}
833
0f4e68cf 834static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 835 void *data, u16 data_len)
0381101f 836{
a38528f1 837 struct mgmt_rp_read_info rp;
f7b64e69 838
bdb6d971 839 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 840
09fd0de5 841 hci_dev_lock(hdev);
f7b64e69 842
dc4fe30b
JH		 843 memset(&rp, 0, sizeof(rp));
844
69ab39ea 845 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 846
69ab39ea 847 rp.version = hdev->hci_ver;
eb55ef07 848 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 849
850 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
851 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 852
a38528f1 853 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 854
dc4fe30b 855 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 856 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 857
09fd0de5 858 hci_dev_unlock(hdev);
0381101f 859
2a1afb5a
JH		 860 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
861 sizeof(rp));
0381101f
JH		 862}
863
69ab39ea 864static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 865{
69ab39ea 866 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 867
2a1afb5a
JH		 868 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
869 sizeof(settings));
8680570b
JH		 870}
871
1904a853 872static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 873{
874 BT_DBG("%s status 0x%02x", hdev->name, status);
875
a3172b7e
JH		 876 if (hci_conn_count(hdev) == 0) {
877 cancel_delayed_work(&hdev->power_off);
8b064a3a 878 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 879 }
8b064a3a
JH		 880}
881
f2252570 882void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 883{
884 struct mgmt_ev_advertising_added ev;
885
886 ev.instance = instance;
887
888 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
889}
890
f2252570
JH		 891void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
892 u8 instance)
912098a6
AU		 893{
894 struct mgmt_ev_advertising_removed ev;
895
896 ev.instance = instance;
897
898 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
899}
900
7816b820
FG		 901static void cancel_adv_timeout(struct hci_dev *hdev)
902{
903 if (hdev->adv_instance_timeout) {
904 hdev->adv_instance_timeout = 0;
905 cancel_delayed_work(&hdev->adv_instance_expire);
906 }
907}
908
8b064a3a
JH		 909static int clean_up_hci_state(struct hci_dev *hdev)
910{
911 struct hci_request req;
912 struct hci_conn *conn;
23a48093
JH		 913 bool discov_stopped;
914 int err;
8b064a3a
JH		 915
916 hci_req_init(&req, hdev);
917
918 if (test_bit(HCI_ISCAN, &hdev->flags) ||
919 test_bit(HCI_PSCAN, &hdev->flags)) {
920 u8 scan = 0x00;
921 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
922 }
923
f2252570 924 hci_req_clear_adv_instance(hdev, NULL, 0x00, false);
912098a6 925
d7a5a11d 926 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 927 __hci_req_disable_advertising(&req);
8b064a3a 928
2154d3f4 929 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 930
931 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 932 /* 0x15 == Terminated due to Power Off */
933 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 934 }
935
23a48093
JH		 936 err = hci_req_run(&req, clean_up_hci_complete);
937 if (!err && discov_stopped)
938 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
939
940 return err;
8b064a3a
JH		 941}
942
bdb6d971 943static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 944 u16 len)
eec8d2bc 945{
650f726d 946 struct mgmt_mode *cp = data;
3b0602cd 947 struct mgmt_pending_cmd *cmd;
4b34ee78 948 int err;
eec8d2bc 949
bdb6d971 950 BT_DBG("request for %s", hdev->name);
eec8d2bc 951
a7e80f25 952 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
954 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 955
09fd0de5 956 hci_dev_lock(hdev);
eec8d2bc 957
333ae95d 958 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 959 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
960 MGMT_STATUS_BUSY);
87b95ba6
JH		 961 goto failed;
962 }
963
a69d8927 964 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 965 cancel_delayed_work(&hdev->power_off);
966
967 if (cp->val) {
a1d70450
JH		 968 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
969 data, len);
970 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 971 goto failed;
972 }
973 }
974
4b34ee78 975 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 976 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 977 goto failed;
978 }
979
2e58ef3e 980 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 981 if (!cmd) {
982 err = -ENOMEM;
eec8d2bc 983 goto failed;
366a0336 984 }
eec8d2bc 985
8b064a3a 986 if (cp->val) {
19202573 987 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 988 err = 0;
989 } else {
990 /* Disconnect connections, stop scans, etc */
991 err = clean_up_hci_state(hdev);
a3172b7e
JH		 992 if (!err)
993 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
994 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 995
8b064a3a
JH		 996 /* ENODATA means there were no HCI commands queued */
997 if (err == -ENODATA) {
a3172b7e 998 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 999 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1000 err = 0;
1001 }
1002 }
eec8d2bc
JH		 1003
1004failed:
09fd0de5 1005 hci_dev_unlock(hdev);
366a0336 1006 return err;
eec8d2bc
JH		 1007}
1008
beadb2bd
JH		 1009static int new_settings(struct hci_dev *hdev, struct sock *skip)
1010{
f6b7712e 1011 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1012
f6b7712e
MH		 1013 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1014 sizeof(ev), skip);
beadb2bd
JH		 1015}
1016
91a668b0
JH		 1017int mgmt_new_settings(struct hci_dev *hdev)
1018{
1019 return new_settings(hdev, NULL);
1020}
1021
bd99abdd
JH		 1022struct cmd_lookup {
1023 struct sock *sk;
1024 struct hci_dev *hdev;
1025 u8 mgmt_status;
1026};
1027
3b0602cd 1028static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1029{
1030 struct cmd_lookup *match = data;
1031
1032 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1033
1034 list_del(&cmd->list);
1035
1036 if (match->sk == NULL) {
1037 match->sk = cmd->sk;
1038 sock_hold(match->sk);
1039 }
1040
1041 mgmt_pending_free(cmd);
1042}
1043
3b0602cd 1044static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1045{
1046 u8 *status = data;
1047
a69e8375 1048 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1049 mgmt_pending_remove(cmd);
1050}
1051
3b0602cd 1052static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1053{
1054 if (cmd->cmd_complete) {
1055 u8 *status = data;
1056
1057 cmd->cmd_complete(cmd, *status);
1058 mgmt_pending_remove(cmd);
1059
1060 return;
1061 }
1062
1063 cmd_status_rsp(cmd, data);
1064}
1065
3b0602cd 1066static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1067{
2a1afb5a
JH		 1068 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1069 cmd->param, cmd->param_len);
f5818c22
JH		 1070}
1071
3b0602cd 1072static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1073{
2a1afb5a
JH		 1074 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1075 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1076}
1077
e6fe7986
JH		 1078static u8 mgmt_bredr_support(struct hci_dev *hdev)
1079{
1080 if (!lmp_bredr_capable(hdev))
1081 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1082 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1083 return MGMT_STATUS_REJECTED;
1084 else
1085 return MGMT_STATUS_SUCCESS;
1086}
1087
1088static u8 mgmt_le_support(struct hci_dev *hdev)
1089{
1090 if (!lmp_le_capable(hdev))
1091 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1092 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1093 return MGMT_STATUS_REJECTED;
1094 else
1095 return MGMT_STATUS_SUCCESS;
1096}
1097
aed1a885 1098void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1099{
3b0602cd 1100 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1101
1102 BT_DBG("status 0x%02x", status);
1103
1104 hci_dev_lock(hdev);
1105
333ae95d 1106 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1107 if (!cmd)
1108 goto unlock;
1109
1110 if (status) {
1111 u8 mgmt_err = mgmt_status(status);
a69e8375 1112 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1113 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1114 goto remove_cmd;
1115 }
1116
aed1a885
JH		 1117 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1118 hdev->discov_timeout > 0) {
1119 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1120 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1121 }
bfaf8c9f
JH		 1122
1123 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1124 new_settings(hdev, cmd->sk);
970ba524 1125
bfaf8c9f
JH		 1126remove_cmd:
1127 mgmt_pending_remove(cmd);
1128
1129unlock:
1130 hci_dev_unlock(hdev);
1131}
1132
bdb6d971 1133static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1134 u16 len)
73f22f62 1135{
650f726d 1136 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1137 struct mgmt_pending_cmd *cmd;
5e5282bb 1138 u16 timeout;
73f22f62
JH		 1139 int err;
1140
bdb6d971 1141 BT_DBG("request for %s", hdev->name);
73f22f62 1142
d7a5a11d
MH		 1143 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1144 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1145 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1146 MGMT_STATUS_REJECTED);
33c525c0 1147
310a3d48 1148 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1150 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1151
1f350c87 1152 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1153
1154 /* Disabling discoverable requires that no timeout is set,
1155 * and enabling limited discoverable requires a timeout.
1156 */
1157 if ((cp->val == 0x00 && timeout > 0) ||
1158 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1159 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1160 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1161
09fd0de5 1162 hci_dev_lock(hdev);
73f22f62 1163
5e5282bb 1164 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1165 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1166 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1167 goto failed;
1168 }
1169
333ae95d
JH		 1170 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1171 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1172 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1173 MGMT_STATUS_BUSY);
73f22f62
JH		 1174 goto failed;
1175 }
1176
d7a5a11d 1177 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1178 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1179 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1180 goto failed;
1181 }
1182
1183 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1184 bool changed = false;
1185
310a3d48
MH		 1186 /* Setting limited discoverable when powered off is
1187 * not a valid operation since it requires a timeout
1188 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1189 */
d7a5a11d 1190 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1191 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1192 changed = true;
1193 }
1194
5e5282bb 1195 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1196 if (err < 0)
1197 goto failed;
1198
1199 if (changed)
1200 err = new_settings(hdev, sk);
1201
5e5282bb
JH		 1202 goto failed;
1203 }
1204
310a3d48
MH		 1205 /* If the current mode is the same, then just update the timeout
1206 * value with the new value. And if only the timeout gets updated,
1207 * then no need for any HCI transactions.
1208 */
d7a5a11d
MH		 1209 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1210 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1211 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1212 cancel_delayed_work(&hdev->discov_off);
1213 hdev->discov_timeout = timeout;
955638ec 1214
36261547
MH		 1215 if (cp->val && hdev->discov_timeout > 0) {
1216 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1217 queue_delayed_work(hdev->req_workqueue,
1218 &hdev->discov_off, to);
955638ec
MH		 1219 }
1220
69ab39ea 1221 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1222 goto failed;
1223 }
1224
2e58ef3e 1225 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1226 if (!cmd) {
1227 err = -ENOMEM;
73f22f62 1228 goto failed;
366a0336 1229 }
73f22f62 1230
310a3d48
MH		 1231 /* Cancel any potential discoverable timeout that might be
1232 * still active and store new timeout value. The arming of
1233 * the timeout happens in the complete handler.
1234 */
1235 cancel_delayed_work(&hdev->discov_off);
1236 hdev->discov_timeout = timeout;
1237
aed1a885
JH		 1238 if (cp->val)
1239 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1240 else
1241 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1242
b456f87c
JH		 1243 /* Limited discoverable mode */
1244 if (cp->val == 0x02)
a1536da2 1245 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1246 else
a358dc11 1247 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1248
aed1a885
JH		 1249 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1250 err = 0;
73f22f62
JH		 1251
1252failed:
09fd0de5 1253 hci_dev_unlock(hdev);
73f22f62
JH		 1254 return err;
1255}
1256
406d7804
JH		 1257static void write_fast_connectable(struct hci_request *req, bool enable)
1258{
bd98b996 1259 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1260 struct hci_cp_write_page_scan_activity acp;
1261 u8 type;
1262
d7a5a11d 1263 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1264 return;
1265
4c01f8b8
JH		 1266 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1267 return;
1268
406d7804
JH		 1269 if (enable) {
1270 type = PAGE_SCAN_TYPE_INTERLACED;
1271
1272 /* 160 msec page scan interval */
dcf4adbf 1273 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1274 } else {
1275 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1276
1277 /* default 1.28 sec page scan */
dcf4adbf 1278 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1279 }
1280
dcf4adbf 1281 acp.window = cpu_to_le16(0x0012);
406d7804 1282
bd98b996
JH		 1283 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1284 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1285 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1286 sizeof(acp), &acp);
1287
1288 if (hdev->page_scan_type != type)
1289 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1290}
1291
53c0ba74 1292void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1293{
3b0602cd 1294 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1295
1296 BT_DBG("status 0x%02x", status);
1297
1298 hci_dev_lock(hdev);
1299
333ae95d 1300 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1301 if (!cmd)
1302 goto unlock;
1303
37438c1f
JH		 1304 if (status) {
1305 u8 mgmt_err = mgmt_status(status);
a69e8375 1306 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1307 goto remove_cmd;
1308 }
1309
2b76f453 1310 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1311 new_settings(hdev, cmd->sk);
d7b856f9 1312
37438c1f 1313remove_cmd:
2b76f453
JH		 1314 mgmt_pending_remove(cmd);
1315
1316unlock:
1317 hci_dev_unlock(hdev);
1318}
1319
e8ba3a1f
JH		 1320static int set_connectable_update_settings(struct hci_dev *hdev,
1321 struct sock *sk, u8 val)
1322{
1323 bool changed = false;
1324 int err;
1325
d7a5a11d 1326 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1327 changed = true;
1328
1329 if (val) {
a1536da2 1330 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1331 } else {
a358dc11
MH		 1332 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1333 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1334 }
1335
1336 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1337 if (err < 0)
1338 return err;
1339
562064e6 1340 if (changed) {
01b1cb87 1341 hci_req_update_scan(hdev);
562064e6 1342 hci_update_background_scan(hdev);
e8ba3a1f 1343 return new_settings(hdev, sk);
562064e6 1344 }
e8ba3a1f
JH		 1345
1346 return 0;
1347}
1348
bdb6d971 1349static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1350 u16 len)
9fbcbb45 1351{
650f726d 1352 struct mgmt_mode *cp = data;
3b0602cd 1353 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1354 int err;
1355
bdb6d971 1356 BT_DBG("request for %s", hdev->name);
9fbcbb45 1357
d7a5a11d
MH		 1358 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1359 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1361 MGMT_STATUS_REJECTED);
33c525c0 1362
a7e80f25 1363 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1364 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1365 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1366
09fd0de5 1367 hci_dev_lock(hdev);
9fbcbb45 1368
4b34ee78 1369 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1370 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1371 goto failed;
1372 }
1373
333ae95d
JH		 1374 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1375 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1376 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1377 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1378 goto failed;
1379 }
1380
2e58ef3e 1381 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1382 if (!cmd) {
1383 err = -ENOMEM;
9fbcbb45 1384 goto failed;
366a0336 1385 }
9fbcbb45 1386
53c0ba74
JH		 1387 if (cp->val) {
1388 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1389 } else {
1390 if (hdev->discov_timeout > 0)
1391 cancel_delayed_work(&hdev->discov_off);
2b76f453 1392
53c0ba74
JH		 1393 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1394 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1395 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1396 }
2b76f453 1397
53c0ba74
JH		 1398 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1399 err = 0;
9fbcbb45
JH		 1400
1401failed:
09fd0de5 1402 hci_dev_unlock(hdev);
9fbcbb45
JH		 1403 return err;
1404}
1405
b2939475 1406static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1407 u16 len)
c542a06c 1408{
650f726d 1409 struct mgmt_mode *cp = data;
55594356 1410 bool changed;
c542a06c
JH		 1411 int err;
1412
bdb6d971 1413 BT_DBG("request for %s", hdev->name);
c542a06c 1414
a7e80f25 1415 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1417 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1418
09fd0de5 1419 hci_dev_lock(hdev);
c542a06c
JH		 1420
1421 if (cp->val)
238be788 1422 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1423 else
a69d8927 1424 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1425
b2939475 1426 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1427 if (err < 0)
55594356 1428 goto unlock;
c542a06c 1429
55594356
MH		 1430 if (changed)
1431 err = new_settings(hdev, sk);
c542a06c 1432
55594356 1433unlock:
09fd0de5 1434 hci_dev_unlock(hdev);
c542a06c
JH		 1435 return err;
1436}
1437
04124681
GP		 1438static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1439 u16 len)
33ef95ed
JH		 1440{
1441 struct mgmt_mode *cp = data;
3b0602cd 1442 struct mgmt_pending_cmd *cmd;
e6fe7986 1443 u8 val, status;
33ef95ed
JH		 1444 int err;
1445
bdb6d971 1446 BT_DBG("request for %s", hdev->name);
33ef95ed 1447
e6fe7986
JH		 1448 status = mgmt_bredr_support(hdev);
1449 if (status)
a69e8375
JH		 1450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1451 status);
33c525c0 1452
a7e80f25 1453 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1455 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1456
33ef95ed
JH		 1457 hci_dev_lock(hdev);
1458
4b34ee78 1459 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1460 bool changed = false;
1461
d7a5a11d 1462 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1463 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1464 changed = true;
1465 }
1466
1467 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1468 if (err < 0)
1469 goto failed;
1470
1471 if (changed)
1472 err = new_settings(hdev, sk);
1473
33ef95ed
JH		 1474 goto failed;
1475 }
1476
333ae95d 1477 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1478 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1479 MGMT_STATUS_BUSY);
33ef95ed
JH		 1480 goto failed;
1481 }
1482
1483 val = !!cp->val;
1484
1485 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1486 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1487 goto failed;
1488 }
1489
1490 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1491 if (!cmd) {
1492 err = -ENOMEM;
1493 goto failed;
1494 }
1495
1496 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1497 if (err < 0) {
1498 mgmt_pending_remove(cmd);
1499 goto failed;
1500 }
1501
1502failed:
1503 hci_dev_unlock(hdev);
33ef95ed
JH		 1504 return err;
1505}
1506
bdb6d971 1507static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1508{
1509 struct mgmt_mode *cp = data;
3b0602cd 1510 struct mgmt_pending_cmd *cmd;
72ef0c1a 1511 u8 status;
ed2c4ee3
JH		 1512 int err;
1513
bdb6d971 1514 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1515
cdba5281
MH		 1516 status = mgmt_bredr_support(hdev);
1517 if (status)
a69e8375 1518 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1519
13ecd8b6 1520 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1521 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1522 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1523
a7e80f25 1524 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1525 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1526 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1527
13ecd8b6 1528 hci_dev_lock(hdev);
6c8f12c1 1529
4b34ee78 1530 if (!hdev_is_powered(hdev)) {
9ecb3e24 1531 bool changed;
c0ecddc2 1532
9ecb3e24 1533 if (cp->val) {
238be788
MH		 1534 changed = !hci_dev_test_and_set_flag(hdev,
1535 HCI_SSP_ENABLED);
9ecb3e24 1536 } else {
a69d8927
MH		 1537 changed = hci_dev_test_and_clear_flag(hdev,
1538 HCI_SSP_ENABLED);
9ecb3e24 1539 if (!changed)
a69d8927
MH		 1540 changed = hci_dev_test_and_clear_flag(hdev,
1541 HCI_HS_ENABLED);
9ecb3e24 1542 else
a358dc11 1543 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1544 }
1545
1546 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1547 if (err < 0)
1548 goto failed;
1549
1550 if (changed)
1551 err = new_settings(hdev, sk);
1552
ed2c4ee3
JH		 1553 goto failed;
1554 }
1555
333ae95d 1556 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1557 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1558 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1559 goto failed;
1560 }
1561
d7a5a11d 1562 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1563 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1564 goto failed;
1565 }
1566
1567 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1568 if (!cmd) {
1569 err = -ENOMEM;
1570 goto failed;
1571 }
1572
d7a5a11d 1573 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1574 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1575 sizeof(cp->val), &cp->val);
1576
72ef0c1a 1577 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1578 if (err < 0) {
1579 mgmt_pending_remove(cmd);
1580 goto failed;
1581 }
1582
1583failed:
1584 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1585 return err;
1586}
1587
bdb6d971 1588static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1589{
1590 struct mgmt_mode *cp = data;
ee392693 1591 bool changed;
e6fe7986 1592 u8 status;
ee392693 1593 int err;
6d80dfd0 1594
bdb6d971 1595 BT_DBG("request for %s", hdev->name);
6d80dfd0 1596
e6fe7986
JH		 1597 status = mgmt_bredr_support(hdev);
1598 if (status)
a69e8375 1599 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1600
9ecb3e24 1601 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1602 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1603 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1604
d7a5a11d 1605 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1606 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1607 MGMT_STATUS_REJECTED);
9ecb3e24 1608
a7e80f25 1609 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1610 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1611 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1612
ee392693
MH		 1613 hci_dev_lock(hdev);
1614
333ae95d 1615 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1616 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1617 MGMT_STATUS_BUSY);
a2cb01de
JH		 1618 goto unlock;
1619 }
1620
a0cdf960 1621 if (cp->val) {
238be788 1622 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1623 } else {
1624 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1625 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1626 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1627 goto unlock;
1628 }
1629
a69d8927 1630 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1631 }
ee392693
MH		 1632
1633 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1634 if (err < 0)
1635 goto unlock;
1636
1637 if (changed)
1638 err = new_settings(hdev, sk);
6d80dfd0 1639
ee392693
MH		 1640unlock:
1641 hci_dev_unlock(hdev);
1642 return err;
6d80dfd0
JH		 1643}
1644
1904a853 1645static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1646{
1647 struct cmd_lookup match = { NULL, hdev };
1648
3ad67582
JK		 1649 hci_dev_lock(hdev);
1650
416a4ae5
JH		 1651 if (status) {
1652 u8 mgmt_err = mgmt_status(status);
1653
1654 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1655 &mgmt_err);
3ad67582 1656 goto unlock;
416a4ae5
JH		 1657 }
1658
1659 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1660
1661 new_settings(hdev, match.sk);
1662
1663 if (match.sk)
1664 sock_put(match.sk);
441ad2d0
MH		 1665
1666 /* Make sure the controller has a good default for
1667 * advertising data. Restrict the update to when LE
1668 * has actually been enabled. During power on, the
1669 * update in powered_update_hci will take care of it.
1670 */
d7a5a11d 1671 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 1672 struct hci_request req;
1673
441ad2d0 1674 hci_req_init(&req, hdev);
f2252570
JH		 1675 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
1676 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
441ad2d0 1677 hci_req_run(&req, NULL);
2e93e53b 1678 hci_update_background_scan(hdev);
441ad2d0 1679 }
3ad67582
JK		 1680
1681unlock:
1682 hci_dev_unlock(hdev);
416a4ae5
JH		 1683}
1684
bdb6d971 1685static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1686{
1687 struct mgmt_mode *cp = data;
1688 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1689 struct mgmt_pending_cmd *cmd;
416a4ae5 1690 struct hci_request req;
06199cf8 1691 int err;
0b60eba1 1692 u8 val, enabled;
06199cf8 1693
bdb6d971 1694 BT_DBG("request for %s", hdev->name);
06199cf8 1695
13ecd8b6 1696 if (!lmp_le_capable(hdev))
a69e8375
JH		 1697 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1698 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1699
a7e80f25 1700 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1701 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1702 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1703
e7844ee5
MH		 1704 /* Bluetooth single mode LE only controllers or dual-mode
1705 * controllers configured as LE only devices, do not allow
1706 * switching LE off. These have either LE enabled explicitly
1707 * or BR/EDR has been previously switched off.
1708 *
1709 * When trying to enable an already enabled LE, then gracefully
1710 * send a positive response. Trying to disable it however will
1711 * result into rejection.
1712 */
1713 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1714 if (cp->val == 0x01)
1715 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1716
a69e8375
JH		 1717 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1718 MGMT_STATUS_REJECTED);
e7844ee5 1719 }
c73eee91 1720
13ecd8b6 1721 hci_dev_lock(hdev);
06199cf8
JH		 1722
1723 val = !!cp->val;
ffa88e02 1724 enabled = lmp_host_le_capable(hdev);
06199cf8 1725
847818d9 1726 if (!val)
f2252570 1727 hci_req_clear_adv_instance(hdev, NULL, 0x00, true);
847818d9 1728
0b60eba1 1729 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1730 bool changed = false;
1731
d7a5a11d 1732 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1733 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1734 changed = true;
1735 }
1736
d7a5a11d 1737 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1738 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1739 changed = true;
1740 }
1741
06199cf8
JH		 1742 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1743 if (err < 0)
1de028ce 1744 goto unlock;
06199cf8
JH		 1745
1746 if (changed)
1747 err = new_settings(hdev, sk);
1748
1de028ce 1749 goto unlock;
06199cf8
JH		 1750 }
1751
333ae95d
JH		 1752 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1753 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1754 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1755 MGMT_STATUS_BUSY);
1de028ce 1756 goto unlock;
06199cf8
JH		 1757 }
1758
1759 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1760 if (!cmd) {
1761 err = -ENOMEM;
1de028ce 1762 goto unlock;
06199cf8
JH		 1763 }
1764
441ad2d0
MH		 1765 hci_req_init(&req, hdev);
1766
06199cf8
JH		 1767 memset(&hci_cp, 0, sizeof(hci_cp));
1768
1769 if (val) {
1770 hci_cp.le = val;
32226e4f 1771 hci_cp.simul = 0x00;
441ad2d0 1772 } else {
d7a5a11d 1773 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1774 __hci_req_disable_advertising(&req);
06199cf8
JH		 1775 }
1776
416a4ae5
JH		 1777 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1778 &hci_cp);
1779
1780 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1781 if (err < 0)
06199cf8 1782 mgmt_pending_remove(cmd);
06199cf8 1783
1de028ce
JH		 1784unlock:
1785 hci_dev_unlock(hdev);
06199cf8
JH		 1786 return err;
1787}
1788
0cab9c80
JH		 1789/* This is a helper function to test for pending mgmt commands that can
1790 * cause CoD or EIR HCI commands. We can only allow one such pending
1791 * mgmt command at a time since otherwise we cannot easily track what
1792 * the current values are, will be, and based on that calculate if a new
1793 * HCI command needs to be sent and if yes with what value.
1794 */
1795static bool pending_eir_or_class(struct hci_dev *hdev)
1796{
3b0602cd 1797 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1798
1799 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1800 switch (cmd->opcode) {
1801 case MGMT_OP_ADD_UUID:
1802 case MGMT_OP_REMOVE_UUID:
1803 case MGMT_OP_SET_DEV_CLASS:
1804 case MGMT_OP_SET_POWERED:
1805 return true;
1806 }
1807 }
1808
1809 return false;
1810}
1811
83be8eca
JH		 1812static const u8 bluetooth_base_uuid[] = {
1813 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1814 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1815};
1816
1817static u8 get_uuid_size(const u8 *uuid)
1818{
1819 u32 val;
1820
1821 if (memcmp(uuid, bluetooth_base_uuid, 12))
1822 return 128;
1823
1824 val = get_unaligned_le32(&uuid[12]);
1825 if (val > 0xffff)
1826 return 32;
1827
1828 return 16;
1829}
1830
92da6097
JH		 1831static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1832{
3b0602cd 1833 struct mgmt_pending_cmd *cmd;
92da6097
JH		 1834
1835 hci_dev_lock(hdev);
1836
333ae95d 1837 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 1838 if (!cmd)
1839 goto unlock;
1840
2a1afb5a
JH		 1841 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1842 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 1843
1844 mgmt_pending_remove(cmd);
1845
1846unlock:
1847 hci_dev_unlock(hdev);
1848}
1849
1904a853 1850static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1851{
1852 BT_DBG("status 0x%02x", status);
1853
1854 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1855}
1856
bdb6d971 1857static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1858{
650f726d 1859 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 1860 struct mgmt_pending_cmd *cmd;
890ea898 1861 struct hci_request req;
2aeb9a1a 1862 struct bt_uuid *uuid;
2aeb9a1a
JH		 1863 int err;
1864
bdb6d971 1865 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1866
09fd0de5 1867 hci_dev_lock(hdev);
2aeb9a1a 1868
0cab9c80 1869 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1870 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1871 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1872 goto failed;
1873 }
1874
92c4c204 1875 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1876 if (!uuid) {
1877 err = -ENOMEM;
1878 goto failed;
1879 }
1880
1881 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1882 uuid->svc_hint = cp->svc_hint;
83be8eca 1883 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1884
de66aa63 1885 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1886
890ea898 1887 hci_req_init(&req, hdev);
1aff6f09 1888
14bf5eac 1889 __hci_req_update_class(&req);
b1a8917c 1890 __hci_req_update_eir(&req);
890ea898 1891
92da6097
JH		 1892 err = hci_req_run(&req, add_uuid_complete);
1893 if (err < 0) {
1894 if (err != -ENODATA)
1895 goto failed;
80a1e1db 1896
2a1afb5a
JH		 1897 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1898 hdev->dev_class, 3);
90e70454
JH		 1899 goto failed;
1900 }
1901
1902 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1903 if (!cmd) {
90e70454 1904 err = -ENOMEM;
890ea898
JH		 1905 goto failed;
1906 }
1907
1908 err = 0;
2aeb9a1a
JH		 1909
1910failed:
09fd0de5 1911 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1912 return err;
1913}
1914
24b78d0f
JH		 1915static bool enable_service_cache(struct hci_dev *hdev)
1916{
1917 if (!hdev_is_powered(hdev))
1918 return false;
1919
238be788 1920 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 1921 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1922 CACHE_TIMEOUT);
24b78d0f
JH		 1923 return true;
1924 }
1925
1926 return false;
1927}
1928
1904a853 1929static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1930{
1931 BT_DBG("status 0x%02x", status);
1932
1933 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1934}
1935
bdb6d971 1936static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1937 u16 len)
2aeb9a1a 1938{
650f726d 1939 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 1940 struct mgmt_pending_cmd *cmd;
056341c8 1941 struct bt_uuid *match, *tmp;
2aeb9a1a 1942 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1943 struct hci_request req;
2aeb9a1a
JH		 1944 int err, found;
1945
bdb6d971 1946 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1947
09fd0de5 1948 hci_dev_lock(hdev);
2aeb9a1a 1949
0cab9c80 1950 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1951 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1952 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1953 goto unlock;
1954 }
1955
2aeb9a1a 1956 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 1957 hci_uuids_clear(hdev);
4004b6d9 1958
24b78d0f 1959 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 1960 err = mgmt_cmd_complete(sk, hdev->id,
1961 MGMT_OP_REMOVE_UUID,
1962 0, hdev->dev_class, 3);
24b78d0f
JH		 1963 goto unlock;
1964 }
4004b6d9 1965
9246a869 1966 goto update_class;
2aeb9a1a
JH		 1967 }
1968
1969 found = 0;
1970
056341c8 1971 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 1972 if (memcmp(match->uuid, cp->uuid, 16) != 0)
1973 continue;
1974
1975 list_del(&match->list);
482049f7 1976 kfree(match);
2aeb9a1a
JH		 1977 found++;
1978 }
1979
1980 if (found == 0) {
a69e8375
JH		 1981 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1982 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 1983 goto unlock;
1984 }
1985
9246a869 1986update_class:
890ea898 1987 hci_req_init(&req, hdev);
1aff6f09 1988
14bf5eac 1989 __hci_req_update_class(&req);
b1a8917c 1990 __hci_req_update_eir(&req);
890ea898 1991
92da6097
JH		 1992 err = hci_req_run(&req, remove_uuid_complete);
1993 if (err < 0) {
1994 if (err != -ENODATA)
1995 goto unlock;
80a1e1db 1996
2a1afb5a
JH		 1997 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
1998 hdev->dev_class, 3);
90e70454
JH		 1999 goto unlock;
2000 }
2001
2002 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2003 if (!cmd) {
90e70454 2004 err = -ENOMEM;
890ea898
JH		 2005 goto unlock;
2006 }
2007
2008 err = 0;
2aeb9a1a
JH		 2009
2010unlock:
09fd0de5 2011 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2012 return err;
2013}
2014
1904a853 2015static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2016{
2017 BT_DBG("status 0x%02x", status);
2018
2019 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2020}
2021
bdb6d971 2022static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2023 u16 len)
1aff6f09 2024{
650f726d 2025 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2026 struct mgmt_pending_cmd *cmd;
890ea898 2027 struct hci_request req;
1aff6f09
JH		 2028 int err;
2029
bdb6d971 2030 BT_DBG("request for %s", hdev->name);
1aff6f09 2031
6203fc98 2032 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2033 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2034 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2035
0cab9c80 2036 hci_dev_lock(hdev);
ee98f473 2037
0cab9c80 2038 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2039 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2040 MGMT_STATUS_BUSY);
0cab9c80
JH		 2041 goto unlock;
2042 }
c95f0ba7 2043
0cab9c80 2044 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2045 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2046 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2047 goto unlock;
2048 }
575b3a02 2049
932f5ff5
JH		 2050 hdev->major_class = cp->major;
2051 hdev->minor_class = cp->minor;
2052
b5235a65 2053 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2054 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2055 hdev->dev_class, 3);
b5235a65
JH		 2056 goto unlock;
2057 }
2058
890ea898
JH		 2059 hci_req_init(&req, hdev);
2060
a69d8927 2061 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2062 hci_dev_unlock(hdev);
2063 cancel_delayed_work_sync(&hdev->service_cache);
2064 hci_dev_lock(hdev);
b1a8917c 2065 __hci_req_update_eir(&req);
7d78525d 2066 }
14c0b608 2067
14bf5eac 2068 __hci_req_update_class(&req);
890ea898 2069
92da6097
JH		 2070 err = hci_req_run(&req, set_class_complete);
2071 if (err < 0) {
2072 if (err != -ENODATA)
2073 goto unlock;
1aff6f09 2074
2a1afb5a
JH		 2075 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2076 hdev->dev_class, 3);
90e70454
JH		 2077 goto unlock;
2078 }
2079
2080 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2081 if (!cmd) {
90e70454 2082 err = -ENOMEM;
890ea898
JH		 2083 goto unlock;
2084 }
2085
2086 err = 0;
1aff6f09 2087
b5235a65 2088unlock:
09fd0de5 2089 hci_dev_unlock(hdev);
1aff6f09
JH		 2090 return err;
2091}
2092
bdb6d971 2093static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2094 u16 len)
55ed8ca1 2095{
650f726d 2096 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2097 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2098 sizeof(struct mgmt_link_key_info));
4e51eae9 2099 u16 key_count, expected_len;
b1de97d8 2100 bool changed;
a492cd52 2101 int i;
55ed8ca1 2102
9060d5cf
MH		 2103 BT_DBG("request for %s", hdev->name);
2104
2105 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2106 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2107 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2108
1f350c87 2109 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2110 if (key_count > max_key_count) {
2111 BT_ERR("load_link_keys: too big key_count value %u",
2112 key_count);
a69e8375
JH		 2113 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2114 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2115 }
55ed8ca1 2116
86742e1e
JH		 2117 expected_len = sizeof(*cp) + key_count *
2118 sizeof(struct mgmt_link_key_info);
a492cd52 2119 if (expected_len != len) {
86742e1e 2120 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2121 expected_len, len);
a69e8375
JH		 2122 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2123 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2124 }
2125
4ae14301 2126 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2127 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2128 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2129
bdb6d971 2130 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2131 key_count);
55ed8ca1 2132
4ee71b20
JH		 2133 for (i = 0; i < key_count; i++) {
2134 struct mgmt_link_key_info *key = &cp->keys[i];
2135
8e991132 2136 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2137 return mgmt_cmd_status(sk, hdev->id,
2138 MGMT_OP_LOAD_LINK_KEYS,
2139 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2140 }
2141
09fd0de5 2142 hci_dev_lock(hdev);
55ed8ca1
JH		 2143
2144 hci_link_keys_clear(hdev);
2145
55ed8ca1 2146 if (cp->debug_keys)
238be788 2147 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2148 else
a69d8927
MH		 2149 changed = hci_dev_test_and_clear_flag(hdev,
2150 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2151
2152 if (changed)
2153 new_settings(hdev, NULL);
55ed8ca1 2154
a492cd52 2155 for (i = 0; i < key_count; i++) {
86742e1e 2156 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2157
58e9293c
JH		 2158 /* Always ignore debug keys and require a new pairing if
2159 * the user wants to use them.
2160 */
2161 if (key->type == HCI_LK_DEBUG_COMBINATION)
2162 continue;
2163
7652ff6a
JH		 2164 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2165 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2166 }
2167
2a1afb5a 2168 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2169
09fd0de5 2170 hci_dev_unlock(hdev);
55ed8ca1 2171
a492cd52 2172 return 0;
55ed8ca1
JH		 2173}
2174
b1078ad0 2175static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2176 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2177{
2178 struct mgmt_ev_device_unpaired ev;
2179
2180 bacpy(&ev.addr.bdaddr, bdaddr);
2181 ev.addr.type = addr_type;
2182
2183 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2184 skip_sk);
b1078ad0
JH		 2185}
2186
bdb6d971 2187static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2188 u16 len)
55ed8ca1 2189{
124f6e35
JH		 2190 struct mgmt_cp_unpair_device *cp = data;
2191 struct mgmt_rp_unpair_device rp;
fc64361a 2192 struct hci_conn_params *params;
3b0602cd 2193 struct mgmt_pending_cmd *cmd;
55ed8ca1 2194 struct hci_conn *conn;
ec182f03 2195 u8 addr_type;
55ed8ca1
JH		 2196 int err;
2197
a8a1d19e 2198 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2199 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2200 rp.addr.type = cp->addr.type;
a8a1d19e 2201
4ee71b20 2202 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2203 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2204 MGMT_STATUS_INVALID_PARAMS,
2205 &rp, sizeof(rp));
4ee71b20 2206
118da70b 2207 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2208 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2209 MGMT_STATUS_INVALID_PARAMS,
2210 &rp, sizeof(rp));
118da70b 2211
4ee71b20
JH		 2212 hci_dev_lock(hdev);
2213
86a8cfc6 2214 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2215 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2216 MGMT_STATUS_NOT_POWERED, &rp,
2217 sizeof(rp));
86a8cfc6
JH		 2218 goto unlock;
2219 }
2220
e0b2b27e 2221 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2222 /* If disconnection is requested, then look up the
2223 * connection. If the remote device is connected, it
2224 * will be later used to terminate the link.
2225 *
2226 * Setting it to NULL explicitly will cause no
2227 * termination of the link.
2228 */
2229 if (cp->disconnect)
2230 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2231 &cp->addr.bdaddr);
2232 else
2233 conn = NULL;
2234
124f6e35 2235 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2236 if (err < 0) {
2237 err = mgmt_cmd_complete(sk, hdev->id,
2238 MGMT_OP_UNPAIR_DEVICE,
2239 MGMT_STATUS_NOT_PAIRED, &rp,
2240 sizeof(rp));
2241 goto unlock;
89cbb063
AA		 2242 }
2243
ec182f03 2244 goto done;
e0b2b27e 2245 }
b0dbfb46 2246
ec182f03
JH		 2247 /* LE address type */
2248 addr_type = le_addr_type(cp->addr.type);
2249
2250 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2251
2252 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2253 if (err < 0) {
2a1afb5a
JH		 2254 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2255 MGMT_STATUS_NOT_PAIRED, &rp,
2256 sizeof(rp));
55ed8ca1
JH		 2257 goto unlock;
2258 }
2259
ec182f03
JH		 2260 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2261 if (!conn) {
2262 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2263 goto done;
2264 }
2265
c81d555a
JH		 2266 /* Abort any ongoing SMP pairing */
2267 smp_cancel_pairing(conn);
2268
ec182f03
JH		 2269 /* Defer clearing up the connection parameters until closing to
2270 * give a chance of keeping them if a repairing happens.
2271 */
2272 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2273
fc64361a
JH		 2274 /* Disable auto-connection parameters if present */
2275 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2276 if (params) {
2277 if (params->explicit_connect)
2278 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2279 else
2280 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2281 }
2282
ec182f03
JH		 2283 /* If disconnection is not requested, then clear the connection
2284 * variable so that the link is not terminated.
2285 */
2286 if (!cp->disconnect)
2287 conn = NULL;
2288
2289done:
89cbb063
AA		 2290 /* If the connection variable is set, then termination of the
2291 * link is requested.
2292 */
a8a1d19e 2293 if (!conn) {
2a1afb5a
JH		 2294 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2295 &rp, sizeof(rp));
b1078ad0 2296 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2297 goto unlock;
2298 }
55ed8ca1 2299
124f6e35 2300 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2301 sizeof(*cp));
a8a1d19e
JH		 2302 if (!cmd) {
2303 err = -ENOMEM;
2304 goto unlock;
55ed8ca1
JH		 2305 }
2306
d8b7b1e4
JH		 2307 cmd->cmd_complete = addr_cmd_complete;
2308
89e0ccc8 2309 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2310 if (err < 0)
2311 mgmt_pending_remove(cmd);
2312
55ed8ca1 2313unlock:
09fd0de5 2314 hci_dev_unlock(hdev);
55ed8ca1
JH		 2315 return err;
2316}
2317
bdb6d971 2318static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2319 u16 len)
8962ee74 2320{
650f726d 2321 struct mgmt_cp_disconnect *cp = data;
06a63b19 2322 struct mgmt_rp_disconnect rp;
3b0602cd 2323 struct mgmt_pending_cmd *cmd;
8962ee74 2324 struct hci_conn *conn;
8962ee74
JH		 2325 int err;
2326
2327 BT_DBG("");
2328
06a63b19
JH		 2329 memset(&rp, 0, sizeof(rp));
2330 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2331 rp.addr.type = cp->addr.type;
2332
4ee71b20 2333 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2334 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2335 MGMT_STATUS_INVALID_PARAMS,
2336 &rp, sizeof(rp));
4ee71b20 2337
09fd0de5 2338 hci_dev_lock(hdev);
8962ee74
JH		 2339
2340 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2341 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2342 MGMT_STATUS_NOT_POWERED, &rp,
2343 sizeof(rp));
8962ee74
JH		 2344 goto failed;
2345 }
2346
333ae95d 2347 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2348 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2349 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2350 goto failed;
2351 }
2352
591f47f3 2353 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2354 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2355 &cp->addr.bdaddr);
88c3df13 2356 else
9d4c1cc1
JH		 2357 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2358 le_addr_type(cp->addr.type));
365227e5 2359
f960727e 2360 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2361 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2362 MGMT_STATUS_NOT_CONNECTED, &rp,
2363 sizeof(rp));
8962ee74
JH		 2364 goto failed;
2365 }
2366
2e58ef3e 2367 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2368 if (!cmd) {
2369 err = -ENOMEM;
8962ee74 2370 goto failed;
366a0336 2371 }
8962ee74 2372
f5818c22
JH		 2373 cmd->cmd_complete = generic_cmd_complete;
2374
e3f2f92a 2375 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2376 if (err < 0)
a664b5bc 2377 mgmt_pending_remove(cmd);
8962ee74
JH		 2378
2379failed:
09fd0de5 2380 hci_dev_unlock(hdev);
8962ee74
JH		 2381 return err;
2382}
2383
57c1477c 2384static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2385{
2386 switch (link_type) {
2387 case LE_LINK:
48264f06
JH		 2388 switch (addr_type) {
2389 case ADDR_LE_DEV_PUBLIC:
591f47f3 2390 return BDADDR_LE_PUBLIC;
0ed09148 2391
48264f06 2392 default:
0ed09148 2393 /* Fallback to LE Random address type */
591f47f3 2394 return BDADDR_LE_RANDOM;
48264f06 2395 }
0ed09148 2396
4c659c39 2397 default:
0ed09148 2398 /* Fallback to BR/EDR type */
591f47f3 2399 return BDADDR_BREDR;
4c659c39
JH		 2400 }
2401}
2402
04124681
GP		 2403static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2404 u16 data_len)
2784eb41 2405{
2784eb41 2406 struct mgmt_rp_get_connections *rp;
8035ded4 2407 struct hci_conn *c;
a38528f1 2408 size_t rp_len;
60fc5fb6
JH		 2409 int err;
2410 u16 i;
2784eb41
JH		 2411
2412 BT_DBG("");
2413
09fd0de5 2414 hci_dev_lock(hdev);
2784eb41 2415
5f97c1df 2416 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2417 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2418 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2419 goto unlock;
2420 }
2421
60fc5fb6 2422 i = 0;
b644ba33
JH		 2423 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2424 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2425 i++;
2784eb41
JH		 2426 }
2427
60fc5fb6 2428 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2429 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2430 if (!rp) {
2784eb41
JH		 2431 err = -ENOMEM;
2432 goto unlock;
2433 }
2434
2784eb41 2435 i = 0;
4c659c39 2436 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2437 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2438 continue;
4c659c39 2439 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2440 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2441 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2442 continue;
2443 i++;
2444 }
2445
eb55ef07 2446 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2447
4c659c39
JH		 2448 /* Recalculate length in case of filtered SCO connections, etc */
2449 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2450
2a1afb5a
JH		 2451 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2452 rp_len);
2784eb41 2453
a38528f1 2454 kfree(rp);
5f97c1df
JH		 2455
2456unlock:
09fd0de5 2457 hci_dev_unlock(hdev);
2784eb41
JH		 2458 return err;
2459}
2460
bdb6d971 2461static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2462 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2463{
3b0602cd 2464 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2465 int err;
2466
2e58ef3e 2467 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2468 sizeof(*cp));
96d97a67
WR		 2469 if (!cmd)
2470 return -ENOMEM;
2471
d8457698 2472 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2473 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2474 if (err < 0)
2475 mgmt_pending_remove(cmd);
2476
2477 return err;
2478}
2479
bdb6d971 2480static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2481 u16 len)
980e1a53 2482{
96d97a67 2483 struct hci_conn *conn;
650f726d 2484 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2485 struct hci_cp_pin_code_reply reply;
3b0602cd 2486 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2487 int err;
2488
2489 BT_DBG("");
2490
09fd0de5 2491 hci_dev_lock(hdev);
980e1a53 2492
4b34ee78 2493 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2494 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2495 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2496 goto failed;
2497 }
2498
d8457698 2499 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2500 if (!conn) {
a69e8375
JH		 2501 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2502 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2503 goto failed;
2504 }
2505
2506 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2507 struct mgmt_cp_pin_code_neg_reply ncp;
2508
2509 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2510
2511 BT_ERR("PIN code is not 16 bytes long");
2512
bdb6d971 2513 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2514 if (err >= 0)
a69e8375
JH		 2515 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2516 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2517
2518 goto failed;
2519 }
2520
00abfe44 2521 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2522 if (!cmd) {
2523 err = -ENOMEM;
980e1a53 2524 goto failed;
366a0336 2525 }
980e1a53 2526
7776d1d8
JH		 2527 cmd->cmd_complete = addr_cmd_complete;
2528
d8457698 2529 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2530 reply.pin_len = cp->pin_len;
24718ca5 2531 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2532
2533 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2534 if (err < 0)
a664b5bc 2535 mgmt_pending_remove(cmd);
980e1a53
JH		 2536
2537failed:
09fd0de5 2538 hci_dev_unlock(hdev);
980e1a53
JH		 2539 return err;
2540}
2541
04124681
GP		 2542static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2543 u16 len)
17fa4b9d 2544{
650f726d 2545 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2546
2547 BT_DBG("");
2548
4ec86d4c 2549 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2550 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2551 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 2552
09fd0de5 2553 hci_dev_lock(hdev);
17fa4b9d
JH		 2554
2555 hdev->io_capability = cp->io_capability;
2556
2557 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2558 hdev->io_capability);
17fa4b9d 2559
09fd0de5 2560 hci_dev_unlock(hdev);
17fa4b9d 2561
2a1afb5a
JH		 2562 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2563 NULL, 0);
17fa4b9d
JH		 2564}
2565
3b0602cd 2566static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2567{
2568 struct hci_dev *hdev = conn->hdev;
3b0602cd 2569 struct mgmt_pending_cmd *cmd;
e9a416b5 2570
2e58ef3e 2571 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2572 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2573 continue;
2574
e9a416b5
JH		 2575 if (cmd->user_data != conn)
2576 continue;
2577
2578 return cmd;
2579 }
2580
2581 return NULL;
2582}
2583
3b0602cd 2584static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2585{
2586 struct mgmt_rp_pair_device rp;
2587 struct hci_conn *conn = cmd->user_data;
9df74653 2588 int err;
e9a416b5 2589
61b1a7fb
JH		 2590 bacpy(&rp.addr.bdaddr, &conn->dst);
2591 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2592
2a1afb5a
JH		 2593 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2594 status, &rp, sizeof(rp));
e9a416b5
JH		 2595
2596 /* So we don't get further callbacks for this connection */
2597 conn->connect_cfm_cb = NULL;
2598 conn->security_cfm_cb = NULL;
2599 conn->disconn_cfm_cb = NULL;
2600
76a68ba0 2601 hci_conn_drop(conn);
89cbb063
AA		 2602
2603 /* The device is paired so there is no need to remove
2604 * its connection parameters anymore.
2605 */
2606 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2607
2608 hci_conn_put(conn);
9df74653
JH		 2609
2610 return err;
e9a416b5
JH		 2611}
2612
f4a407be
JH		 2613void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2614{
2615 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2616 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2617
2618 cmd = find_pairing(conn);
a511b35b 2619 if (cmd) {
04ab2749 2620 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2621 mgmt_pending_remove(cmd);
2622 }
f4a407be
JH		 2623}
2624
e9a416b5
JH		 2625static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2626{
3b0602cd 2627 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2628
2629 BT_DBG("status %u", status);
2630
2631 cmd = find_pairing(conn);
a511b35b 2632 if (!cmd) {
e9a416b5 2633 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2634 return;
2635 }
2636
2637 cmd->cmd_complete(cmd, mgmt_status(status));
2638 mgmt_pending_remove(cmd);
e9a416b5
JH		 2639}
2640
f4a407be 2641static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2642{
3b0602cd 2643 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2644
2645 BT_DBG("status %u", status);
2646
2647 if (!status)
2648 return;
2649
2650 cmd = find_pairing(conn);
a511b35b 2651 if (!cmd) {
4c47d739 2652 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2653 return;
2654 }
2655
2656 cmd->cmd_complete(cmd, mgmt_status(status));
2657 mgmt_pending_remove(cmd);
4c47d739
VA		 2658}
2659
bdb6d971 2660static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2661 u16 len)
e9a416b5 2662{
650f726d 2663 struct mgmt_cp_pair_device *cp = data;
1425acb7 2664 struct mgmt_rp_pair_device rp;
3b0602cd 2665 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2666 u8 sec_level, auth_type;
2667 struct hci_conn *conn;
e9a416b5
JH		 2668 int err;
2669
2670 BT_DBG("");
2671
f950a30e
SJ		 2672 memset(&rp, 0, sizeof(rp));
2673 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2674 rp.addr.type = cp->addr.type;
2675
4ee71b20 2676 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2677 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2678 MGMT_STATUS_INVALID_PARAMS,
2679 &rp, sizeof(rp));
4ee71b20 2680
4ec86d4c 2681 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2682 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2683 MGMT_STATUS_INVALID_PARAMS,
2684 &rp, sizeof(rp));
4ec86d4c 2685
09fd0de5 2686 hci_dev_lock(hdev);
e9a416b5 2687
5f97c1df 2688 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2689 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2690 MGMT_STATUS_NOT_POWERED, &rp,
2691 sizeof(rp));
5f97c1df
JH		 2692 goto unlock;
2693 }
2694
55e76b38
JH		 2695 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2696 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2697 MGMT_STATUS_ALREADY_PAIRED, &rp,
2698 sizeof(rp));
2699 goto unlock;
2700 }
2701
c908df36 2702 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2703 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2704
6f77d8c7 2705 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2706 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2707 auth_type);
6f77d8c7 2708 } else {
85813a7e 2709 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2710 struct hci_conn_params *p;
6f77d8c7 2711
7c264b10
MH		 2712 /* When pairing a new device, it is expected to remember
2713 * this device for future connections. Adding the connection
2714 * parameter information ahead of time allows tracking
2715 * of the slave preferred values and will speed up any
2716 * further connection establishment.
2717 *
2718 * If connection parameters already exist, then they
2719 * will be kept and this function does nothing.
2720 */
5157b8a5
JP		 2721 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2722
2723 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2724 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2725
fa142220
JP		 2726 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2727 addr_type, sec_level,
0ad06aa6 2728 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2729 }
7a512d01 2730
30e76272 2731 if (IS_ERR(conn)) {
489dc48e
AK		 2732 int status;
2733
2734 if (PTR_ERR(conn) == -EBUSY)
2735 status = MGMT_STATUS_BUSY;
faa81030
LR		 2736 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2737 status = MGMT_STATUS_NOT_SUPPORTED;
2738 else if (PTR_ERR(conn) == -ECONNREFUSED)
2739 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2740 else
2741 status = MGMT_STATUS_CONNECT_FAILED;
2742
2a1afb5a
JH		 2743 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2744 status, &rp, sizeof(rp));
e9a416b5
JH		 2745 goto unlock;
2746 }
2747
2748 if (conn->connect_cfm_cb) {
76a68ba0 2749 hci_conn_drop(conn);
2a1afb5a
JH		 2750 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2751 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2752 goto unlock;
2753 }
2754
2e58ef3e 2755 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2756 if (!cmd) {
2757 err = -ENOMEM;
76a68ba0 2758 hci_conn_drop(conn);
e9a416b5
JH		 2759 goto unlock;
2760 }
2761
04ab2749
JH		 2762 cmd->cmd_complete = pairing_complete;
2763
7a512d01 2764 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2765 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2766 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2767 conn->security_cfm_cb = pairing_complete_cb;
2768 conn->disconn_cfm_cb = pairing_complete_cb;
2769 } else {
2770 conn->connect_cfm_cb = le_pairing_complete_cb;
2771 conn->security_cfm_cb = le_pairing_complete_cb;
2772 conn->disconn_cfm_cb = le_pairing_complete_cb;
2773 }
7a512d01 2774
e9a416b5 2775 conn->io_capability = cp->io_cap;
f8aaf9b6 2776 cmd->user_data = hci_conn_get(conn);
e9a416b5 2777
6f78fd4b 2778 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2779 hci_conn_security(conn, sec_level, auth_type, true)) {
2780 cmd->cmd_complete(cmd, 0);
2781 mgmt_pending_remove(cmd);
2782 }
e9a416b5
JH		 2783
2784 err = 0;
2785
2786unlock:
09fd0de5 2787 hci_dev_unlock(hdev);
e9a416b5
JH		 2788 return err;
2789}
2790
04124681
GP		 2791static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2792 u16 len)
28424707 2793{
0f4e68cf 2794 struct mgmt_addr_info *addr = data;
3b0602cd 2795 struct mgmt_pending_cmd *cmd;
28424707
JH		 2796 struct hci_conn *conn;
2797 int err;
2798
2799 BT_DBG("");
2800
28424707
JH		 2801 hci_dev_lock(hdev);
2802
5f97c1df 2803 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2804 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2805 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2806 goto unlock;
2807 }
2808
333ae95d 2809 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2810 if (!cmd) {
a69e8375
JH		 2811 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2812 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2813 goto unlock;
2814 }
2815
2816 conn = cmd->user_data;
2817
2818 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 2819 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2820 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2821 goto unlock;
2822 }
2823
a511b35b
JH		 2824 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2825 mgmt_pending_remove(cmd);
28424707 2826
2a1afb5a
JH		 2827 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2828 addr, sizeof(*addr));
28424707
JH		 2829unlock:
2830 hci_dev_unlock(hdev);
28424707
JH		 2831 return err;
2832}
2833
bdb6d971 2834static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2835 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2836 u16 hci_op, __le32 passkey)
a5c29683 2837{
3b0602cd 2838 struct mgmt_pending_cmd *cmd;
0df4c185 2839 struct hci_conn *conn;
a5c29683
JH		 2840 int err;
2841
09fd0de5 2842 hci_dev_lock(hdev);
08ba5382 2843
4b34ee78 2844 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2845 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2846 MGMT_STATUS_NOT_POWERED, addr,
2847 sizeof(*addr));
0df4c185 2848 goto done;
a5c29683
JH		 2849 }
2850
1707c60e
JH		 2851 if (addr->type == BDADDR_BREDR)
2852 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2853 else
9d4c1cc1
JH		 2854 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2855 le_addr_type(addr->type));
272d90df
JH		 2856
2857 if (!conn) {
2a1afb5a
JH		 2858 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2859 MGMT_STATUS_NOT_CONNECTED, addr,
2860 sizeof(*addr));
272d90df
JH		 2861 goto done;
2862 }
47c15e2b 2863
1707c60e 2864 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 2865 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 2866 if (!err)
2a1afb5a
JH		 2867 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2868 MGMT_STATUS_SUCCESS, addr,
2869 sizeof(*addr));
5fe57d9e 2870 else
2a1afb5a
JH		 2871 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2872 MGMT_STATUS_FAILED, addr,
2873 sizeof(*addr));
47c15e2b 2874
47c15e2b
BG		 2875 goto done;
2876 }
2877
1707c60e 2878 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2879 if (!cmd) {
2880 err = -ENOMEM;
0df4c185 2881 goto done;
a5c29683
JH		 2882 }
2883
7776d1d8
JH		 2884 cmd->cmd_complete = addr_cmd_complete;
2885
0df4c185 2886 /* Continue with pairing via HCI */
604086b7
BG		 2887 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2888 struct hci_cp_user_passkey_reply cp;
2889
1707c60e 2890 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2891 cp.passkey = passkey;
2892 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2893 } else
1707c60e
JH		 2894 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2895 &addr->bdaddr);
604086b7 2896
a664b5bc
JH		 2897 if (err < 0)
2898 mgmt_pending_remove(cmd);
a5c29683 2899
0df4c185 2900done:
09fd0de5 2901 hci_dev_unlock(hdev);
a5c29683
JH		 2902 return err;
2903}
2904
afeb019d
JK		 2905static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2906 void *data, u16 len)
2907{
2908 struct mgmt_cp_pin_code_neg_reply *cp = data;
2909
2910 BT_DBG("");
2911
1707c60e 2912 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2913 MGMT_OP_PIN_CODE_NEG_REPLY,
2914 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2915}
2916
04124681
GP		 2917static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2918 u16 len)
0df4c185 2919{
650f726d 2920 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2921
2922 BT_DBG("");
2923
2924 if (len != sizeof(*cp))
a69e8375
JH		 2925 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2926 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2927
1707c60e 2928 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2929 MGMT_OP_USER_CONFIRM_REPLY,
2930 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2931}
2932
bdb6d971 2933static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2934 void *data, u16 len)
0df4c185 2935{
c9c2659f 2936 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2937
2938 BT_DBG("");
2939
1707c60e 2940 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2941 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2942 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2943}
2944
04124681
GP		 2945static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2946 u16 len)
604086b7 2947{
650f726d 2948 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2949
2950 BT_DBG("");
2951
1707c60e 2952 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2953 MGMT_OP_USER_PASSKEY_REPLY,
2954 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2955}
2956
bdb6d971 2957static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2958 void *data, u16 len)
604086b7 2959{
650f726d 2960 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 2961
2962 BT_DBG("");
2963
1707c60e 2964 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2965 MGMT_OP_USER_PASSKEY_NEG_REPLY,
2966 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 2967}
2968
1904a853 2969static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 2970{
2971 struct mgmt_cp_set_local_name *cp;
3b0602cd 2972 struct mgmt_pending_cmd *cmd;
13928971
JH		 2973
2974 BT_DBG("status 0x%02x", status);
2975
2976 hci_dev_lock(hdev);
2977
333ae95d 2978 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 2979 if (!cmd)
2980 goto unlock;
2981
2982 cp = cmd->param;
2983
2984 if (status)
a69e8375
JH		 2985 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
2986 mgmt_status(status));
13928971 2987 else
2a1afb5a
JH		 2988 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
2989 cp, sizeof(*cp));
13928971
JH		 2990
2991 mgmt_pending_remove(cmd);
2992
2993unlock:
2994 hci_dev_unlock(hdev);
2995}
2996
bdb6d971 2997static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2998 u16 len)
b312b161 2999{
2b4bf397 3000 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3001 struct mgmt_pending_cmd *cmd;
890ea898 3002 struct hci_request req;
b312b161
JH		 3003 int err;
3004
3005 BT_DBG("");
3006
09fd0de5 3007 hci_dev_lock(hdev);
b312b161 3008
b3f2ca94
JH		 3009 /* If the old values are the same as the new ones just return a
3010 * direct command complete event.
3011 */
3012 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3013 !memcmp(hdev->short_name, cp->short_name,
3014 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3015 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3016 data, len);
b3f2ca94
JH		 3017 goto failed;
3018 }
3019
2b4bf397 3020 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3021
b5235a65 3022 if (!hdev_is_powered(hdev)) {
2b4bf397 3023 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3024
2a1afb5a
JH		 3025 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3026 data, len);
28cc7bde
JH		 3027 if (err < 0)
3028 goto failed;
3029
f6b7712e
MH		 3030 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3031 data, len, sk);
28cc7bde 3032
b5235a65
JH		 3033 goto failed;
3034 }
3035
28cc7bde 3036 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3037 if (!cmd) {
3038 err = -ENOMEM;
3039 goto failed;
3040 }
3041
13928971
JH		 3042 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3043
890ea898 3044 hci_req_init(&req, hdev);
3f985050
JH		 3045
3046 if (lmp_bredr_capable(hdev)) {
00cf5040 3047 __hci_req_update_name(&req);
b1a8917c 3048 __hci_req_update_eir(&req);
3f985050
JH		 3049 }
3050
7a5f4990
MH		 3051 /* The name is stored in the scan response data and so
3052 * no need to udpate the advertising data here.
3053 */
3f985050 3054 if (lmp_le_capable(hdev))
f2252570 3055 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
3f985050 3056
13928971 3057 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3058 if (err < 0)
3059 mgmt_pending_remove(cmd);
3060
3061failed:
09fd0de5 3062 hci_dev_unlock(hdev);
b312b161
JH		 3063 return err;
3064}
3065
1b9441f8
JH		 3066static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3067 u16 opcode, struct sk_buff *skb)
3068{
3069 struct mgmt_rp_read_local_oob_data mgmt_rp;
3070 size_t rp_size = sizeof(mgmt_rp);
3071 struct mgmt_pending_cmd *cmd;
3072
3073 BT_DBG("%s status %u", hdev->name, status);
3074
3075 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3076 if (!cmd)
3077 return;
3078
3079 if (status || !skb) {
3080 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3081 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3082 goto remove;
3083 }
3084
3085 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3086
3087 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3088 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3089
3090 if (skb->len < sizeof(*rp)) {
3091 mgmt_cmd_status(cmd->sk, hdev->id,
3092 MGMT_OP_READ_LOCAL_OOB_DATA,
3093 MGMT_STATUS_FAILED);
3094 goto remove;
3095 }
3096
3097 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3098 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3099
3100 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3101 } else {
3102 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3103
3104 if (skb->len < sizeof(*rp)) {
3105 mgmt_cmd_status(cmd->sk, hdev->id,
3106 MGMT_OP_READ_LOCAL_OOB_DATA,
3107 MGMT_STATUS_FAILED);
3108 goto remove;
3109 }
3110
3111 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3112 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3113
3114 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3115 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3116 }
3117
3118 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3119 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3120
3121remove:
3122 mgmt_pending_remove(cmd);
3123}
3124
0f4e68cf 3125static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3126 void *data, u16 data_len)
c35938b2 3127{
3b0602cd 3128 struct mgmt_pending_cmd *cmd;
1b9441f8 3129 struct hci_request req;
c35938b2
SJ		 3130 int err;
3131
bdb6d971 3132 BT_DBG("%s", hdev->name);
c35938b2 3133
09fd0de5 3134 hci_dev_lock(hdev);
c35938b2 3135
4b34ee78 3136 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3137 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3138 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3139 goto unlock;
3140 }
3141
9a1a1996 3142 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3143 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3144 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3145 goto unlock;
3146 }
3147
333ae95d 3148 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3149 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3150 MGMT_STATUS_BUSY);
c35938b2
SJ		 3151 goto unlock;
3152 }
3153
2e58ef3e 3154 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3155 if (!cmd) {
3156 err = -ENOMEM;
3157 goto unlock;
3158 }
3159
1b9441f8
JH		 3160 hci_req_init(&req, hdev);
3161
710f11c0 3162 if (bredr_sc_enabled(hdev))
1b9441f8 3163 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3164 else
1b9441f8 3165 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3166
1b9441f8 3167 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3168 if (err < 0)
3169 mgmt_pending_remove(cmd);
3170
3171unlock:
09fd0de5 3172 hci_dev_unlock(hdev);
c35938b2
SJ		 3173 return err;
3174}
3175
bdb6d971 3176static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3177 void *data, u16 len)
2763eda6 3178{
5d57e796 3179 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3180 int err;
3181
bdb6d971 3182 BT_DBG("%s ", hdev->name);
2763eda6 3183
5d57e796 3184 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3185 return mgmt_cmd_complete(sk, hdev->id,
3186 MGMT_OP_ADD_REMOTE_OOB_DATA,
3187 MGMT_STATUS_INVALID_PARAMS,
3188 addr, sizeof(*addr));
5d57e796 3189
09fd0de5 3190 hci_dev_lock(hdev);
2763eda6 3191
ec109113
MH		 3192 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3193 struct mgmt_cp_add_remote_oob_data *cp = data;
3194 u8 status;
bf1e3541 3195
c19a495c 3196 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3197 err = mgmt_cmd_complete(sk, hdev->id,
3198 MGMT_OP_ADD_REMOTE_OOB_DATA,
3199 MGMT_STATUS_INVALID_PARAMS,
3200 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3201 goto unlock;
3202 }
3203
ec109113 3204 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3205 cp->addr.type, cp->hash,
3206 cp->rand, NULL, NULL);
ec109113
MH		 3207 if (err < 0)
3208 status = MGMT_STATUS_FAILED;
3209 else
3210 status = MGMT_STATUS_SUCCESS;
3211
2a1afb5a
JH		 3212 err = mgmt_cmd_complete(sk, hdev->id,
3213 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3214 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3215 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3216 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3217 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3218 u8 status;
3219
86df9200 3220 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3221 /* Enforce zero-valued 192-bit parameters as
3222 * long as legacy SMP OOB isn't implemented.
3223 */
3224 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3225 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3226 err = mgmt_cmd_complete(sk, hdev->id,
3227 MGMT_OP_ADD_REMOTE_OOB_DATA,
3228 MGMT_STATUS_INVALID_PARAMS,
3229 addr, sizeof(*addr));
d25b78e2
JH		 3230 goto unlock;
3231 }
3232
86df9200
JH		 3233 rand192 = NULL;
3234 hash192 = NULL;
3235 } else {
41bcfd50
MH		 3236 /* In case one of the P-192 values is set to zero,
3237 * then just disable OOB data for P-192.
3238 */
3239 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3240 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3241 rand192 = NULL;
3242 hash192 = NULL;
3243 } else {
3244 rand192 = cp->rand192;
3245 hash192 = cp->hash192;
3246 }
3247 }
3248
3249 /* In case one of the P-256 values is set to zero, then just
3250 * disable OOB data for P-256.
3251 */
3252 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3253 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3254 rand256 = NULL;
3255 hash256 = NULL;
3256 } else {
3257 rand256 = cp->rand256;
3258 hash256 = cp->hash256;
86df9200
JH		 3259 }
3260
81328d5c 3261 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3262 cp->addr.type, hash192, rand192,
41bcfd50 3263 hash256, rand256);
ec109113
MH		 3264 if (err < 0)
3265 status = MGMT_STATUS_FAILED;
3266 else
3267 status = MGMT_STATUS_SUCCESS;
3268
2a1afb5a
JH		 3269 err = mgmt_cmd_complete(sk, hdev->id,
3270 MGMT_OP_ADD_REMOTE_OOB_DATA,
3271 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3272 } else {
3273 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3274 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3275 MGMT_STATUS_INVALID_PARAMS);
ec109113 3276 }
2763eda6 3277
c19a495c 3278unlock:
09fd0de5 3279 hci_dev_unlock(hdev);
2763eda6
SJ		 3280 return err;
3281}
3282
bdb6d971 3283static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3284 void *data, u16 len)
2763eda6 3285{
650f726d 3286 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3287 u8 status;
2763eda6
SJ		 3288 int err;
3289
bdb6d971 3290 BT_DBG("%s", hdev->name);
2763eda6 3291
c19a495c 3292 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3293 return mgmt_cmd_complete(sk, hdev->id,
3294 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3295 MGMT_STATUS_INVALID_PARAMS,
3296 &cp->addr, sizeof(cp->addr));
c19a495c 3297
09fd0de5 3298 hci_dev_lock(hdev);
2763eda6 3299
eedbd581
JH		 3300 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3301 hci_remote_oob_data_clear(hdev);
3302 status = MGMT_STATUS_SUCCESS;
3303 goto done;
3304 }
3305
6928a924 3306 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3307 if (err < 0)
bf1e3541 3308 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3309 else
a6785be2 3310 status = MGMT_STATUS_SUCCESS;
bf1e3541 3311
eedbd581 3312done:
2a1afb5a
JH		 3313 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3314 status, &cp->addr, sizeof(cp->addr));
2763eda6 3315
09fd0de5 3316 hci_dev_unlock(hdev);
2763eda6
SJ		 3317 return err;
3318}
3319
e68f072b 3320void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3321{
3b0602cd 3322 struct mgmt_pending_cmd *cmd;
ae55f598 3323
7c307720
AG		 3324 BT_DBG("status %d", status);
3325
11e6e25d 3326 hci_dev_lock(hdev);
41dc2bd6 3327
333ae95d 3328 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3329 if (!cmd)
333ae95d 3330 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3331
11e6e25d 3332 if (cmd) {
2922a94f 3333 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3334 mgmt_pending_remove(cmd);
3335 }
7c307720 3336
11e6e25d 3337 hci_dev_unlock(hdev);
7c307720
AG		 3338}
3339
591752af
JH		 3340static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3341 uint8_t *mgmt_status)
3342{
3343 switch (type) {
3344 case DISCOV_TYPE_LE:
3345 *mgmt_status = mgmt_le_support(hdev);
3346 if (*mgmt_status)
3347 return false;
3348 break;
3349 case DISCOV_TYPE_INTERLEAVED:
3350 *mgmt_status = mgmt_le_support(hdev);
3351 if (*mgmt_status)
3352 return false;
3353 /* Intentional fall-through */
3354 case DISCOV_TYPE_BREDR:
3355 *mgmt_status = mgmt_bredr_support(hdev);
3356 if (*mgmt_status)
3357 return false;
3358 break;
3359 default:
3360 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3361 return false;
3362 }
3363
3364 return true;
3365}
3366
bdb6d971 3367static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3368 void *data, u16 len)
14a53664 3369{
650f726d 3370 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3371 struct mgmt_pending_cmd *cmd;
8019044d 3372 u8 status;
14a53664
JH		 3373 int err;
3374
bdb6d971 3375 BT_DBG("%s", hdev->name);
14a53664 3376
09fd0de5 3377 hci_dev_lock(hdev);
14a53664 3378
4b34ee78 3379 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3380 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3381 MGMT_STATUS_NOT_POWERED,
3382 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3383 goto failed;
3384 }
3385
f5a969f2 3386 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3387 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3388 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3389 MGMT_STATUS_BUSY, &cp->type,
3390 sizeof(cp->type));
642be6c7
AG		 3391 goto failed;
3392 }
3393
591752af
JH		 3394 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3395 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3396 status, &cp->type, sizeof(cp->type));
3397 goto failed;
3398 }
3399
22078800
MH		 3400 /* Clear the discovery filter first to free any previously
3401 * allocated memory for the UUID list.
3402 */
3403 hci_discovery_filter_clear(hdev);
3404
4aab14e5 3405 hdev->discovery.type = cp->type;
da25cf6a 3406 hdev->discovery.report_invalid_rssi = false;
4aab14e5 3407
e68f072b
JH		 3408 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
3409 if (!cmd) {
3410 err = -ENOMEM;
04106755 3411 goto failed;
f39799f5 3412 }
04106755 3413
e68f072b 3414 cmd->cmd_complete = generic_cmd_complete;
7c307720 3415
f5a969f2 3416 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3417 queue_work(hdev->req_workqueue, &hdev->discov_update);
3418 err = 0;
7c307720 3419
14a53664 3420failed:
09fd0de5 3421 hci_dev_unlock(hdev);
14a53664
JH		 3422 return err;
3423}
f39799f5 3424
3b0602cd
JH		 3425static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3426 u8 status)
2922a94f 3427{
2a1afb5a
JH		 3428 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3429 cmd->param, 1);
2922a94f 3430}
04106755 3431
66ea9427
JP		 3432static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3433 void *data, u16 len)
3434{
3435 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3436 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3437 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3438 u16 uuid_count, expected_len;
3439 u8 status;
3440 int err;
04106755 3441
66ea9427 3442 BT_DBG("%s", hdev->name);
e8bb6b97 3443
66ea9427 3444 hci_dev_lock(hdev);
7c307720 3445
66ea9427 3446 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3447 err = mgmt_cmd_complete(sk, hdev->id,
3448 MGMT_OP_START_SERVICE_DISCOVERY,
3449 MGMT_STATUS_NOT_POWERED,
3450 &cp->type, sizeof(cp->type));
66ea9427
JP		 3451 goto failed;
3452 }
7c307720 3453
66ea9427 3454 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3455 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3456 err = mgmt_cmd_complete(sk, hdev->id,
3457 MGMT_OP_START_SERVICE_DISCOVERY,
3458 MGMT_STATUS_BUSY, &cp->type,
3459 sizeof(cp->type));
66ea9427
JP		 3460 goto failed;
3461 }
d9483943 3462
66ea9427
JP		 3463 uuid_count = __le16_to_cpu(cp->uuid_count);
3464 if (uuid_count > max_uuid_count) {
3465 BT_ERR("service_discovery: too big uuid_count value %u",
3466 uuid_count);
2a1afb5a
JH		 3467 err = mgmt_cmd_complete(sk, hdev->id,
3468 MGMT_OP_START_SERVICE_DISCOVERY,
3469 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3470 sizeof(cp->type));
66ea9427
JP		 3471 goto failed;
3472 }
3473
3474 expected_len = sizeof(*cp) + uuid_count * 16;
3475 if (expected_len != len) {
3476 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3477 expected_len, len);
2a1afb5a
JH		 3478 err = mgmt_cmd_complete(sk, hdev->id,
3479 MGMT_OP_START_SERVICE_DISCOVERY,
3480 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3481 sizeof(cp->type));
66ea9427
JP		 3482 goto failed;
3483 }
3484
591752af
JH		 3485 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3486 err = mgmt_cmd_complete(sk, hdev->id,
3487 MGMT_OP_START_SERVICE_DISCOVERY,
3488 status, &cp->type, sizeof(cp->type));
3489 goto failed;
3490 }
3491
66ea9427 3492 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3493 hdev, data, len);
66ea9427
JP		 3494 if (!cmd) {
3495 err = -ENOMEM;
3496 goto failed;
3497 }
3498
2922a94f
JH		 3499 cmd->cmd_complete = service_discovery_cmd_complete;
3500
22078800
MH		 3501 /* Clear the discovery filter first to free any previously
3502 * allocated memory for the UUID list.
3503 */
3504 hci_discovery_filter_clear(hdev);
3505
82f8b651 3506 hdev->discovery.result_filtering = true;
66ea9427
JP		 3507 hdev->discovery.type = cp->type;
3508 hdev->discovery.rssi = cp->rssi;
3509 hdev->discovery.uuid_count = uuid_count;
3510
3511 if (uuid_count > 0) {
3512 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3513 GFP_KERNEL);
3514 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 3515 err = mgmt_cmd_complete(sk, hdev->id,
3516 MGMT_OP_START_SERVICE_DISCOVERY,
3517 MGMT_STATUS_FAILED,
3518 &cp->type, sizeof(cp->type));
d9483943
JH		 3519 mgmt_pending_remove(cmd);
3520 goto failed;
3521 }
66ea9427 3522 }
d9483943 3523
66ea9427 3524 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3525 queue_work(hdev->req_workqueue, &hdev->discov_update);
3526 err = 0;
14a53664
JH		 3527
3528failed:
09fd0de5 3529 hci_dev_unlock(hdev);
14a53664
JH		 3530 return err;
3531}
3532
2154d3f4 3533void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 3534{
3b0602cd 3535 struct mgmt_pending_cmd *cmd;
1183fdca 3536
0e05bba6
AG		 3537 BT_DBG("status %d", status);
3538
3539 hci_dev_lock(hdev);
3540
333ae95d 3541 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 3542 if (cmd) {
2922a94f 3543 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 3544 mgmt_pending_remove(cmd);
0e05bba6
AG		 3545 }
3546
0e05bba6
AG		 3547 hci_dev_unlock(hdev);
3548}
3549
bdb6d971 3550static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3551 u16 len)
14a53664 3552{
d930650b 3553 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 3554 struct mgmt_pending_cmd *cmd;
14a53664
JH		 3555 int err;
3556
bdb6d971 3557 BT_DBG("%s", hdev->name);
14a53664 3558
09fd0de5 3559 hci_dev_lock(hdev);
14a53664 3560
30dc78e1 3561 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3562 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3563 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3564 sizeof(mgmt_cp->type));
d930650b
JH		 3565 goto unlock;
3566 }
3567
3568 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 3569 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3570 MGMT_STATUS_INVALID_PARAMS,
3571 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 3572 goto unlock;
ff9ef578
JH		 3573 }
3574
2922a94f 3575 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 3576 if (!cmd) {
3577 err = -ENOMEM;
30dc78e1
JH		 3578 goto unlock;
3579 }
3580
2922a94f
JH		 3581 cmd->cmd_complete = generic_cmd_complete;
3582
2154d3f4
JH		 3583 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3584 queue_work(hdev->req_workqueue, &hdev->discov_update);
3585 err = 0;
14a53664 3586
30dc78e1 3587unlock:
09fd0de5 3588 hci_dev_unlock(hdev);
14a53664
JH		 3589 return err;
3590}
3591
bdb6d971 3592static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3593 u16 len)
561aafbc 3594{
650f726d 3595 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3596 struct inquiry_entry *e;
561aafbc
JH		 3597 int err;
3598
bdb6d971 3599 BT_DBG("%s", hdev->name);
561aafbc 3600
561aafbc
JH		 3601 hci_dev_lock(hdev);
3602
30dc78e1 3603 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3604 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3605 MGMT_STATUS_FAILED, &cp->addr,
3606 sizeof(cp->addr));
30dc78e1
JH		 3607 goto failed;
3608 }
3609
a198e7b1 3610 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3611 if (!e) {
2a1afb5a
JH		 3612 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3613 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3614 sizeof(cp->addr));
561aafbc
JH		 3615 goto failed;
3616 }
3617
3618 if (cp->name_known) {
3619 e->name_state = NAME_KNOWN;
3620 list_del(&e->list);
3621 } else {
3622 e->name_state = NAME_NEEDED;
a3d4e20a 3623 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3624 }
3625
2a1afb5a
JH		 3626 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3627 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 3628
3629failed:
3630 hci_dev_unlock(hdev);
561aafbc
JH		 3631 return err;
3632}
3633
bdb6d971 3634static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3635 u16 len)
7fbec224 3636{
650f726d 3637 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3638 u8 status;
7fbec224
AJ		 3639 int err;
3640
bdb6d971 3641 BT_DBG("%s", hdev->name);
7fbec224 3642
4ee71b20 3643 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3644 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3645 MGMT_STATUS_INVALID_PARAMS,
3646 &cp->addr, sizeof(cp->addr));
4ee71b20 3647
09fd0de5 3648 hci_dev_lock(hdev);
5e762444 3649
dcc36c16
JH		 3650 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3651 cp->addr.type);
2a8357f2 3652 if (err < 0) {
f0eeea8b 3653 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3654 goto done;
3655 }
3656
3657 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3658 sk);
3659 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3660
2a8357f2 3661done:
2a1afb5a
JH		 3662 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3663 &cp->addr, sizeof(cp->addr));
5e762444 3664
09fd0de5 3665 hci_dev_unlock(hdev);
7fbec224
AJ		 3666
3667 return err;
3668}
3669
bdb6d971 3670static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3671 u16 len)
7fbec224 3672{
650f726d 3673 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3674 u8 status;
7fbec224
AJ		 3675 int err;
3676
bdb6d971 3677 BT_DBG("%s", hdev->name);
7fbec224 3678
4ee71b20 3679 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3680 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3681 MGMT_STATUS_INVALID_PARAMS,
3682 &cp->addr, sizeof(cp->addr));
4ee71b20 3683
09fd0de5 3684 hci_dev_lock(hdev);
5e762444 3685
dcc36c16
JH		 3686 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3687 cp->addr.type);
2a8357f2 3688 if (err < 0) {
f0eeea8b 3689 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3690 goto done;
3691 }
3692
3693 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3694 sk);
3695 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3696
2a8357f2 3697done:
2a1afb5a
JH		 3698 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3699 &cp->addr, sizeof(cp->addr));
5e762444 3700
09fd0de5 3701 hci_dev_unlock(hdev);
7fbec224
AJ		 3702
3703 return err;
3704}
3705
cdbaccca
MH		 3706static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3707 u16 len)
3708{
3709 struct mgmt_cp_set_device_id *cp = data;
890ea898 3710 struct hci_request req;
cdbaccca 3711 int err;
c72d4b8a 3712 __u16 source;
cdbaccca
MH		 3713
3714 BT_DBG("%s", hdev->name);
3715
c72d4b8a
SJ		 3716 source = __le16_to_cpu(cp->source);
3717
3718 if (source > 0x0002)
a69e8375
JH		 3719 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3720 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 3721
cdbaccca
MH		 3722 hci_dev_lock(hdev);
3723
c72d4b8a 3724 hdev->devid_source = source;
cdbaccca
MH		 3725 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3726 hdev->devid_product = __le16_to_cpu(cp->product);
3727 hdev->devid_version = __le16_to_cpu(cp->version);
3728
2a1afb5a
JH		 3729 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3730 NULL, 0);
cdbaccca 3731
890ea898 3732 hci_req_init(&req, hdev);
b1a8917c 3733 __hci_req_update_eir(&req);
890ea898 3734 hci_req_run(&req, NULL);
cdbaccca
MH		 3735
3736 hci_dev_unlock(hdev);
3737
3738 return err;
3739}
3740
24b4f38f
AU		 3741static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3742 u16 opcode)
3743{
3744 BT_DBG("status %d", status);
3745}
3746
1904a853
MH		 3747static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3748 u16 opcode)
4375f103
JH		 3749{
3750 struct cmd_lookup match = { NULL, hdev };
24b4f38f 3751 struct hci_request req;
7816b820
FG		 3752 u8 instance;
3753 struct adv_info *adv_instance;
3754 int err;
4375f103 3755
3ad67582
JK		 3756 hci_dev_lock(hdev);
3757
4375f103
JH		 3758 if (status) {
3759 u8 mgmt_err = mgmt_status(status);
3760
3761 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3762 cmd_status_rsp, &mgmt_err);
3ad67582 3763 goto unlock;
4375f103
JH		 3764 }
3765
d7a5a11d 3766 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 3767 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 3768 else
a358dc11 3769 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 3770
4375f103
JH		 3771 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3772 &match);
3773
3774 new_settings(hdev, match.sk);
3775
3776 if (match.sk)
3777 sock_put(match.sk);
3ad67582 3778
24b4f38f 3779 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 3780 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 3781 */
3782 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820
FG		 3783 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) ||
3784 list_empty(&hdev->adv_instances))
24b4f38f
AU		 3785 goto unlock;
3786
7816b820
FG		 3787 instance = hdev->cur_adv_instance;
3788 if (!instance) {
3789 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3790 struct adv_info, list);
3791 if (!adv_instance)
3792 goto unlock;
3793
3794 instance = adv_instance->instance;
3795 }
3796
24b4f38f
AU		 3797 hci_req_init(&req, hdev);
3798
f2252570 3799 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 3800
3801 if (!err)
3802 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 3803
7816b820 3804 if (err)
24b4f38f
AU		 3805 BT_ERR("Failed to re-configure advertising");
3806
3ad67582
JK		 3807unlock:
3808 hci_dev_unlock(hdev);
4375f103
JH		 3809}
3810
21b5187f
MH		 3811static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3812 u16 len)
4375f103
JH		 3813{
3814 struct mgmt_mode *cp = data;
3b0602cd 3815 struct mgmt_pending_cmd *cmd;
4375f103 3816 struct hci_request req;
cc91cb04 3817 u8 val, status;
4375f103
JH		 3818 int err;
3819
3820 BT_DBG("request for %s", hdev->name);
3821
e6fe7986
JH		 3822 status = mgmt_le_support(hdev);
3823 if (status)
a69e8375
JH		 3824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3825 status);
4375f103 3826
cc91cb04 3827 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 3828 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3829 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 3830
3831 hci_dev_lock(hdev);
3832
3833 val = !!cp->val;
4375f103 3834
f74ca9b8
JH		 3835 /* The following conditions are ones which mean that we should
3836 * not do any HCI communication but directly send a mgmt
3837 * response to user space (after toggling the flag if
3838 * necessary).
3839 */
cc91cb04 3840 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 3841 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3842 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 3843 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 3844 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 3845 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 3846 bool changed;
4375f103 3847
cc91cb04 3848 if (cp->val) {
238be788 3849 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 3850 if (cp->val == 0x02)
a1536da2 3851 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3852 else
a358dc11 3853 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3854 } else {
a69d8927 3855 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 3856 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 3857 }
3858
3859 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3860 if (err < 0)
3861 goto unlock;
3862
3863 if (changed)
3864 err = new_settings(hdev, sk);
3865
3866 goto unlock;
3867 }
3868
333ae95d
JH		 3869 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3870 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 3871 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3872 MGMT_STATUS_BUSY);
4375f103
JH		 3873 goto unlock;
3874 }
3875
3876 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3877 if (!cmd) {
3878 err = -ENOMEM;
3879 goto unlock;
3880 }
3881
3882 hci_req_init(&req, hdev);
3883
cc91cb04 3884 if (cp->val == 0x02)
a1536da2 3885 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3886 else
a358dc11 3887 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3888
7816b820
FG		 3889 cancel_adv_timeout(hdev);
3890
24b4f38f 3891 if (val) {
7816b820
FG		 3892 /* Switch to instance "0" for the Set Advertising setting.
3893 * We cannot use update_[adv|scan_rsp]_data() here as the
3894 * HCI_ADVERTISING flag is not yet set.
3895 */
f2252570
JH		 3896 __hci_req_update_adv_data(&req, 0x00);
3897 __hci_req_update_scan_rsp_data(&req, 0x00);
3898 __hci_req_enable_advertising(&req);
24b4f38f 3899 } else {
f2252570 3900 __hci_req_disable_advertising(&req);
24b4f38f 3901 }
4375f103
JH		 3902
3903 err = hci_req_run(&req, set_advertising_complete);
3904 if (err < 0)
3905 mgmt_pending_remove(cmd);
3906
3907unlock:
3908 hci_dev_unlock(hdev);
3909 return err;
3910}
3911
d13eafce
MH		 3912static int set_static_address(struct sock *sk, struct hci_dev *hdev,
3913 void *data, u16 len)
3914{
3915 struct mgmt_cp_set_static_address *cp = data;
3916 int err;
3917
3918 BT_DBG("%s", hdev->name);
3919
62af4443 3920 if (!lmp_le_capable(hdev))
a69e8375
JH		 3921 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3922 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 3923
3924 if (hdev_is_powered(hdev))
a69e8375
JH		 3925 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
3926 MGMT_STATUS_REJECTED);
d13eafce
MH		 3927
3928 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
3929 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 3930 return mgmt_cmd_status(sk, hdev->id,
3931 MGMT_OP_SET_STATIC_ADDRESS,
3932 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 3933
3934 /* Two most significant bits shall be set */
3935 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 3936 return mgmt_cmd_status(sk, hdev->id,
3937 MGMT_OP_SET_STATIC_ADDRESS,
3938 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 3939 }
3940
3941 hci_dev_lock(hdev);
3942
3943 bacpy(&hdev->static_addr, &cp->bdaddr);
3944
93690c22
MH		 3945 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
3946 if (err < 0)
3947 goto unlock;
3948
3949 err = new_settings(hdev, sk);
d13eafce 3950
93690c22 3951unlock:
d13eafce 3952 hci_dev_unlock(hdev);
d13eafce
MH		 3953 return err;
3954}
3955
14b49b9a
MH		 3956static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
3957 void *data, u16 len)
3958{
3959 struct mgmt_cp_set_scan_params *cp = data;
3960 __u16 interval, window;
3961 int err;
3962
3963 BT_DBG("%s", hdev->name);
3964
3965 if (!lmp_le_capable(hdev))
a69e8375
JH		 3966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3967 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 3968
3969 interval = __le16_to_cpu(cp->interval);
3970
3971 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 3972 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3973 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 3974
3975 window = __le16_to_cpu(cp->window);
3976
3977 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 3978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3979 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 3980
899e1075 3981 if (window > interval)
a69e8375
JH		 3982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
3983 MGMT_STATUS_INVALID_PARAMS);
899e1075 3984
14b49b9a
MH		 3985 hci_dev_lock(hdev);
3986
3987 hdev->le_scan_interval = interval;
3988 hdev->le_scan_window = window;
3989
2a1afb5a
JH		 3990 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
3991 NULL, 0);
14b49b9a 3992
dd2ef8e2
AG		 3993 /* If background scan is running, restart it so new parameters are
3994 * loaded.
3995 */
d7a5a11d 3996 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 3997 hdev->discovery.state == DISCOVERY_STOPPED) {
3998 struct hci_request req;
3999
4000 hci_req_init(&req, hdev);
4001
4002 hci_req_add_le_scan_disable(&req);
4003 hci_req_add_le_passive_scan(&req);
4004
4005 hci_req_run(&req, NULL);
4006 }
4007
14b49b9a
MH		 4008 hci_dev_unlock(hdev);
4009
4010 return err;
4011}
4012
1904a853
MH		 4013static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4014 u16 opcode)
33e38b3e 4015{
3b0602cd 4016 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4017
4018 BT_DBG("status 0x%02x", status);
4019
4020 hci_dev_lock(hdev);
4021
333ae95d 4022 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4023 if (!cmd)
4024 goto unlock;
4025
4026 if (status) {
a69e8375
JH		 4027 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4028 mgmt_status(status));
33e38b3e 4029 } else {
1a4d3c4b
JH		 4030 struct mgmt_mode *cp = cmd->param;
4031
4032 if (cp->val)
a1536da2 4033 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4034 else
a358dc11 4035 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4036
33e38b3e
JH		 4037 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4038 new_settings(hdev, cmd->sk);
4039 }
4040
4041 mgmt_pending_remove(cmd);
4042
4043unlock:
4044 hci_dev_unlock(hdev);
4045}
4046
bdb6d971 4047static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4048 void *data, u16 len)
f6422ec6 4049{
650f726d 4050 struct mgmt_mode *cp = data;
3b0602cd 4051 struct mgmt_pending_cmd *cmd;
33e38b3e 4052 struct hci_request req;
f6422ec6
AJ		 4053 int err;
4054
bdb6d971 4055 BT_DBG("%s", hdev->name);
f6422ec6 4056
d7a5a11d 4057 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4058 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4059 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4060 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4061
a7e80f25 4062 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4063 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4064 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4065
f6422ec6
AJ		 4066 hci_dev_lock(hdev);
4067
333ae95d 4068 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4069 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4070 MGMT_STATUS_BUSY);
05cbf29f
JH		 4071 goto unlock;
4072 }
4073
d7a5a11d 4074 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4075 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4076 hdev);
4077 goto unlock;
4078 }
4079
406ef2a6 4080 if (!hdev_is_powered(hdev)) {
ce05d603 4081 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4082 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4083 hdev);
4084 new_settings(hdev, sk);
4085 goto unlock;
4086 }
4087
33e38b3e
JH		 4088 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4089 data, len);
4090 if (!cmd) {
4091 err = -ENOMEM;
4092 goto unlock;
f6422ec6
AJ		 4093 }
4094
33e38b3e
JH		 4095 hci_req_init(&req, hdev);
4096
406d7804 4097 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4098
4099 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4100 if (err < 0) {
a69e8375
JH		 4101 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4102 MGMT_STATUS_FAILED);
33e38b3e 4103 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4104 }
4105
33e38b3e 4106unlock:
f6422ec6 4107 hci_dev_unlock(hdev);
33e38b3e 4108
f6422ec6
AJ		 4109 return err;
4110}
4111
1904a853 4112static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4113{
3b0602cd 4114 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4115
4116 BT_DBG("status 0x%02x", status);
4117
4118 hci_dev_lock(hdev);
4119
333ae95d 4120 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4121 if (!cmd)
4122 goto unlock;
4123
4124 if (status) {
4125 u8 mgmt_err = mgmt_status(status);
4126
4127 /* We need to restore the flag if related HCI commands
4128 * failed.
4129 */
a358dc11 4130 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4131
a69e8375 4132 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4133 } else {
4134 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4135 new_settings(hdev, cmd->sk);
4136 }
4137
4138 mgmt_pending_remove(cmd);
4139
4140unlock:
4141 hci_dev_unlock(hdev);
4142}
4143
4144static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4145{
4146 struct mgmt_mode *cp = data;
3b0602cd 4147 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4148 struct hci_request req;
4149 int err;
4150
4151 BT_DBG("request for %s", hdev->name);
4152
4153 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4154 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4155 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4156
d7a5a11d 4157 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4158 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4159 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4160
4161 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4162 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4163 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4164
4165 hci_dev_lock(hdev);
4166
d7a5a11d 4167 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4168 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4169 goto unlock;
4170 }
4171
4172 if (!hdev_is_powered(hdev)) {
4173 if (!cp->val) {
a358dc11
MH		 4174 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4175 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4176 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4177 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4178 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4179 }
4180
ce05d603 4181 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4182
4183 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4184 if (err < 0)
4185 goto unlock;
4186
4187 err = new_settings(hdev, sk);
4188 goto unlock;
4189 }
4190
4191 /* Reject disabling when powered on */
4192 if (!cp->val) {
a69e8375
JH		 4193 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4194 MGMT_STATUS_REJECTED);
0663ca2a 4195 goto unlock;
111e4bcc
MH		 4196 } else {
4197 /* When configuring a dual-mode controller to operate
4198 * with LE only and using a static address, then switching
4199 * BR/EDR back on is not allowed.
4200 *
4201 * Dual-mode controllers shall operate with the public
4202 * address as its identity address for BR/EDR and LE. So
4203 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4204 *
4205 * The same restrictions applies when secure connections
4206 * has been enabled. For BR/EDR this is a controller feature
4207 * while for LE it is a host stack feature. This means that
4208 * switching BR/EDR back on when secure connections has been
4209 * enabled is not a supported transaction.
111e4bcc 4210 */
d7a5a11d 4211 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4212 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4213 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4214 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4215 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4216 goto unlock;
4217 }
0663ca2a
JH		 4218 }
4219
333ae95d 4220 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4221 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4222 MGMT_STATUS_BUSY);
0663ca2a
JH		 4223 goto unlock;
4224 }
4225
4226 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4227 if (!cmd) {
4228 err = -ENOMEM;
4229 goto unlock;
4230 }
4231
f2252570
JH		 4232 /* We need to flip the bit already here so that
4233 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4234 */
a1536da2 4235 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4236
4237 hci_req_init(&req, hdev);
aa8af46e 4238
432df05e 4239 write_fast_connectable(&req, false);
01b1cb87 4240 __hci_req_update_scan(&req);
aa8af46e 4241
f14d8f64
MH		 4242 /* Since only the advertising data flags will change, there
4243 * is no need to update the scan response data.
4244 */
f2252570 4245 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
aa8af46e 4246
0663ca2a
JH		 4247 err = hci_req_run(&req, set_bredr_complete);
4248 if (err < 0)
4249 mgmt_pending_remove(cmd);
4250
4251unlock:
4252 hci_dev_unlock(hdev);
4253 return err;
4254}
4255
a1443f5a
JH		 4256static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4257{
3b0602cd 4258 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4259 struct mgmt_mode *cp;
4260
4261 BT_DBG("%s status %u", hdev->name, status);
4262
4263 hci_dev_lock(hdev);
4264
333ae95d 4265 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4266 if (!cmd)
4267 goto unlock;
4268
4269 if (status) {
a69e8375
JH		 4270 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4271 mgmt_status(status));
a1443f5a
JH		 4272 goto remove;
4273 }
4274
4275 cp = cmd->param;
4276
4277 switch (cp->val) {
4278 case 0x00:
a358dc11
MH		 4279 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4280 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4281 break;
4282 case 0x01:
a1536da2 4283 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4284 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4285 break;
4286 case 0x02:
a1536da2
MH		 4287 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4288 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4289 break;
4290 }
4291
4292 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4293 new_settings(hdev, cmd->sk);
4294
4295remove:
4296 mgmt_pending_remove(cmd);
4297unlock:
4298 hci_dev_unlock(hdev);
4299}
4300
eac83dc6
MH		 4301static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4302 void *data, u16 len)
4303{
4304 struct mgmt_mode *cp = data;
3b0602cd 4305 struct mgmt_pending_cmd *cmd;
a1443f5a 4306 struct hci_request req;
a3209694 4307 u8 val;
eac83dc6
MH		 4308 int err;
4309
4310 BT_DBG("request for %s", hdev->name);
4311
05b3c3e7 4312 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4313 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4315 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4316
d7a5a11d 4317 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4318 lmp_sc_capable(hdev) &&
d7a5a11d 4319 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4320 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4321 MGMT_STATUS_REJECTED);
ed93ec69 4322
0ab04a9c 4323 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4324 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4325 MGMT_STATUS_INVALID_PARAMS);
4326
4327 hci_dev_lock(hdev);
4328
05b3c3e7 4329 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4330 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4331 bool changed;
4332
0ab04a9c 4333 if (cp->val) {
238be788
MH		 4334 changed = !hci_dev_test_and_set_flag(hdev,
4335 HCI_SC_ENABLED);
0ab04a9c 4336 if (cp->val == 0x02)
a1536da2 4337 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4338 else
a358dc11 4339 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4340 } else {
a69d8927
MH		 4341 changed = hci_dev_test_and_clear_flag(hdev,
4342 HCI_SC_ENABLED);
a358dc11 4343 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4344 }
eac83dc6
MH		 4345
4346 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4347 if (err < 0)
4348 goto failed;
4349
4350 if (changed)
4351 err = new_settings(hdev, sk);
4352
4353 goto failed;
4354 }
4355
333ae95d 4356 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4357 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4358 MGMT_STATUS_BUSY);
eac83dc6
MH		 4359 goto failed;
4360 }
4361
0ab04a9c
MH		 4362 val = !!cp->val;
4363
d7a5a11d
MH		 4364 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4365 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4366 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4367 goto failed;
4368 }
4369
4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4371 if (!cmd) {
4372 err = -ENOMEM;
4373 goto failed;
4374 }
4375
a1443f5a
JH		 4376 hci_req_init(&req, hdev);
4377 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4378 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4379 if (err < 0) {
4380 mgmt_pending_remove(cmd);
4381 goto failed;
4382 }
4383
4384failed:
4385 hci_dev_unlock(hdev);
4386 return err;
4387}
4388
4e39ac81
MH		 4389static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4390 void *data, u16 len)
4391{
4392 struct mgmt_mode *cp = data;
b9710979 4393 bool changed, use_changed;
4e39ac81
MH		 4394 int err;
4395
4396 BT_DBG("request for %s", hdev->name);
4397
b9710979 4398 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4400 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4401
4402 hci_dev_lock(hdev);
4403
4404 if (cp->val)
238be788 4405 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4406 else
a69d8927
MH		 4407 changed = hci_dev_test_and_clear_flag(hdev,
4408 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4409
b9710979 4410 if (cp->val == 0x02)
238be788
MH		 4411 use_changed = !hci_dev_test_and_set_flag(hdev,
4412 HCI_USE_DEBUG_KEYS);
b9710979 4413 else
a69d8927
MH		 4414 use_changed = hci_dev_test_and_clear_flag(hdev,
4415 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4416
4417 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4418 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4419 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4420 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4421 sizeof(mode), &mode);
4422 }
4423
4e39ac81
MH		 4424 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4425 if (err < 0)
4426 goto unlock;
4427
4428 if (changed)
4429 err = new_settings(hdev, sk);
4430
4431unlock:
4432 hci_dev_unlock(hdev);
4433 return err;
4434}
4435
62b04cd1
JH		 4436static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4437 u16 len)
4438{
4439 struct mgmt_cp_set_privacy *cp = cp_data;
4440 bool changed;
4441 int err;
4442
4443 BT_DBG("request for %s", hdev->name);
4444
4445 if (!lmp_le_capable(hdev))
a69e8375
JH		 4446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4447 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 4448
4449 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 4450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4451 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4452
4453 if (hdev_is_powered(hdev))
a69e8375
JH		 4454 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4455 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4456
4457 hci_dev_lock(hdev);
4458
c21c0ea0
JH		 4459 /* If user space supports this command it is also expected to
4460 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4461 */
a1536da2 4462 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4463
62b04cd1 4464 if (cp->privacy) {
238be788 4465 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4466 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4467 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 4468 } else {
a69d8927 4469 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4470 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4471 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 4472 }
4473
4474 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4475 if (err < 0)
4476 goto unlock;
4477
4478 if (changed)
4479 err = new_settings(hdev, sk);
4480
4481unlock:
4482 hci_dev_unlock(hdev);
4483 return err;
4484}
4485
41edf160
JH		 4486static bool irk_is_valid(struct mgmt_irk_info *irk)
4487{
4488 switch (irk->addr.type) {
4489 case BDADDR_LE_PUBLIC:
4490 return true;
4491
4492 case BDADDR_LE_RANDOM:
4493 /* Two most significant bits shall be set */
4494 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4495 return false;
4496 return true;
4497 }
4498
4499 return false;
4500}
4501
4502static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4503 u16 len)
4504{
4505 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4506 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4507 sizeof(struct mgmt_irk_info));
41edf160
JH		 4508 u16 irk_count, expected_len;
4509 int i, err;
4510
4511 BT_DBG("request for %s", hdev->name);
4512
4513 if (!lmp_le_capable(hdev))
a69e8375
JH		 4514 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4515 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 4516
4517 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4518 if (irk_count > max_irk_count) {
4519 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 4520 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4521 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4522 }
41edf160
JH		 4523
4524 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4525 if (expected_len != len) {
4526 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4527 expected_len, len);
a69e8375
JH		 4528 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4529 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4530 }
4531
4532 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4533
4534 for (i = 0; i < irk_count; i++) {
4535 struct mgmt_irk_info *key = &cp->irks[i];
4536
4537 if (!irk_is_valid(key))
a69e8375
JH		 4538 return mgmt_cmd_status(sk, hdev->id,
4539 MGMT_OP_LOAD_IRKS,
4540 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4541 }
4542
4543 hci_dev_lock(hdev);
4544
4545 hci_smp_irks_clear(hdev);
4546
4547 for (i = 0; i < irk_count; i++) {
4548 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 4549
85813a7e
JH		 4550 hci_add_irk(hdev, &irk->addr.bdaddr,
4551 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 4552 BDADDR_ANY);
4553 }
4554
a1536da2 4555 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 4556
2a1afb5a 4557 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 4558
4559 hci_dev_unlock(hdev);
4560
4561 return err;
4562}
4563
3f706b72
JH		 4564static bool ltk_is_valid(struct mgmt_ltk_info *key)
4565{
4566 if (key->master != 0x00 && key->master != 0x01)
4567 return false;
490cb0b3
MH		 4568
4569 switch (key->addr.type) {
4570 case BDADDR_LE_PUBLIC:
4571 return true;
4572
4573 case BDADDR_LE_RANDOM:
4574 /* Two most significant bits shall be set */
4575 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4576 return false;
4577 return true;
4578 }
4579
4580 return false;
3f706b72
JH		 4581}
4582
bdb6d971 4583static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4584 void *cp_data, u16 len)
346af67b 4585{
346af67b 4586 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4587 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4588 sizeof(struct mgmt_ltk_info));
346af67b 4589 u16 key_count, expected_len;
715a5bf2 4590 int i, err;
346af67b 4591
cf99ba13
MH		 4592 BT_DBG("request for %s", hdev->name);
4593
4594 if (!lmp_le_capable(hdev))
a69e8375
JH		 4595 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4596 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 4597
1f350c87 4598 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4599 if (key_count > max_key_count) {
4600 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 4601 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4602 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4603 }
346af67b
VCG		 4604
4605 expected_len = sizeof(*cp) + key_count *
4606 sizeof(struct mgmt_ltk_info);
4607 if (expected_len != len) {
4608 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4609 expected_len, len);
a69e8375
JH		 4610 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4611 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4612 }
4613
bdb6d971 4614 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4615
54ad6d8a
JH		 4616 for (i = 0; i < key_count; i++) {
4617 struct mgmt_ltk_info *key = &cp->keys[i];
4618
3f706b72 4619 if (!ltk_is_valid(key))
a69e8375
JH		 4620 return mgmt_cmd_status(sk, hdev->id,
4621 MGMT_OP_LOAD_LONG_TERM_KEYS,
4622 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 4623 }
4624
346af67b
VCG		 4625 hci_dev_lock(hdev);
4626
4627 hci_smp_ltks_clear(hdev);
4628
4629 for (i = 0; i < key_count; i++) {
4630 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 4631 u8 type, authenticated;
346af67b 4632
61b43357
JH		 4633 switch (key->type) {
4634 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4635 authenticated = 0x00;
23fb8de3 4636 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4637 break;
4638 case MGMT_LTK_AUTHENTICATED:
d7b25450 4639 authenticated = 0x01;
23fb8de3
JH		 4640 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4641 break;
4642 case MGMT_LTK_P256_UNAUTH:
4643 authenticated = 0x00;
4644 type = SMP_LTK_P256;
61b43357 4645 break;
23fb8de3
JH		 4646 case MGMT_LTK_P256_AUTH:
4647 authenticated = 0x01;
4648 type = SMP_LTK_P256;
61b43357 4649 break;
23fb8de3
JH		 4650 case MGMT_LTK_P256_DEBUG:
4651 authenticated = 0x00;
4652 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4653 default:
4654 continue;
4655 }
d7b25450 4656
85813a7e
JH		 4657 hci_add_ltk(hdev, &key->addr.bdaddr,
4658 le_addr_type(key->addr.type), type, authenticated,
4659 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4660 }
4661
2a1afb5a 4662 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 4663 NULL, 0);
4664
346af67b 4665 hci_dev_unlock(hdev);
346af67b 4666
715a5bf2 4667 return err;
346af67b
VCG		 4668}
4669
3b0602cd 4670static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 4671{
dd983808 4672 struct hci_conn *conn = cmd->user_data;
9981bdb0 4673 struct mgmt_rp_get_conn_info rp;
9df74653 4674 int err;
dd983808 4675
9981bdb0 4676 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 4677
9981bdb0 4678 if (status == MGMT_STATUS_SUCCESS) {
dd983808 4679 rp.rssi = conn->rssi;
9981bdb0
JH		 4680 rp.tx_power = conn->tx_power;
4681 rp.max_tx_power = conn->max_tx_power;
4682 } else {
4683 rp.rssi = HCI_RSSI_INVALID;
4684 rp.tx_power = HCI_TX_POWER_INVALID;
4685 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 4686 }
4687
2a1afb5a
JH		 4688 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4689 status, &rp, sizeof(rp));
dd983808
AK		 4690
4691 hci_conn_drop(conn);
f8aaf9b6 4692 hci_conn_put(conn);
9df74653
JH		 4693
4694 return err;
dd983808
AK		 4695}
4696
1904a853
MH		 4697static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4698 u16 opcode)
dd983808
AK		 4699{
4700 struct hci_cp_read_rssi *cp;
3b0602cd 4701 struct mgmt_pending_cmd *cmd;
dd983808 4702 struct hci_conn *conn;
dd983808 4703 u16 handle;
9981bdb0 4704 u8 status;
dd983808 4705
9981bdb0 4706 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 4707
4708 hci_dev_lock(hdev);
4709
dd983808
AK		 4710 /* Commands sent in request are either Read RSSI or Read Transmit Power
4711 * Level so we check which one was last sent to retrieve connection
4712 * handle. Both commands have handle as first parameter so it's safe to
4713 * cast data on the same command struct.
4714 *
4715 * First command sent is always Read RSSI and we fail only if it fails.
4716 * In other case we simply override error to indicate success as we
4717 * already remembered if TX power value is actually valid.
4718 */
4719 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4720 if (!cp) {
4721 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 4722 status = MGMT_STATUS_SUCCESS;
4723 } else {
4724 status = mgmt_status(hci_status);
dd983808
AK		 4725 }
4726
4727 if (!cp) {
9981bdb0 4728 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 4729 goto unlock;
4730 }
4731
4732 handle = __le16_to_cpu(cp->handle);
4733 conn = hci_conn_hash_lookup_handle(hdev, handle);
4734 if (!conn) {
9981bdb0 4735 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 4736 goto unlock;
4737 }
4738
333ae95d 4739 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 4740 if (!cmd)
4741 goto unlock;
dd983808 4742
9981bdb0
JH		 4743 cmd->cmd_complete(cmd, status);
4744 mgmt_pending_remove(cmd);
dd983808
AK		 4745
4746unlock:
4747 hci_dev_unlock(hdev);
4748}
4749
4750static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4751 u16 len)
4752{
4753 struct mgmt_cp_get_conn_info *cp = data;
4754 struct mgmt_rp_get_conn_info rp;
4755 struct hci_conn *conn;
4756 unsigned long conn_info_age;
4757 int err = 0;
4758
4759 BT_DBG("%s", hdev->name);
4760
4761 memset(&rp, 0, sizeof(rp));
4762 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4763 rp.addr.type = cp->addr.type;
4764
4765 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4766 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4767 MGMT_STATUS_INVALID_PARAMS,
4768 &rp, sizeof(rp));
dd983808
AK		 4769
4770 hci_dev_lock(hdev);
4771
4772 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4773 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4774 MGMT_STATUS_NOT_POWERED, &rp,
4775 sizeof(rp));
dd983808
AK		 4776 goto unlock;
4777 }
4778
4779 if (cp->addr.type == BDADDR_BREDR)
4780 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4781 &cp->addr.bdaddr);
4782 else
4783 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4784
4785 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4787 MGMT_STATUS_NOT_CONNECTED, &rp,
4788 sizeof(rp));
dd983808
AK		 4789 goto unlock;
4790 }
4791
333ae95d 4792 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 4793 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4794 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 4795 goto unlock;
4796 }
4797
dd983808
AK		 4798 /* To avoid client trying to guess when to poll again for information we
4799 * calculate conn info age as random value between min/max set in hdev.
4800 */
4801 conn_info_age = hdev->conn_info_min_age +
4802 prandom_u32_max(hdev->conn_info_max_age -
4803 hdev->conn_info_min_age);
4804
4805 /* Query controller to refresh cached values if they are too old or were
4806 * never read.
4807 */
f4e2dd53
AK		 4808 if (time_after(jiffies, conn->conn_info_timestamp +
4809 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4810 !conn->conn_info_timestamp) {
4811 struct hci_request req;
4812 struct hci_cp_read_tx_power req_txp_cp;
4813 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 4814 struct mgmt_pending_cmd *cmd;
dd983808
AK		 4815
4816 hci_req_init(&req, hdev);
4817 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4818 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4819 &req_rssi_cp);
4820
f7faab0c
AK		 4821 /* For LE links TX power does not change thus we don't need to
4822 * query for it once value is known.
4823 */
4824 if (!bdaddr_type_is_le(cp->addr.type) ||
4825 conn->tx_power == HCI_TX_POWER_INVALID) {
4826 req_txp_cp.handle = cpu_to_le16(conn->handle);
4827 req_txp_cp.type = 0x00;
4828 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4829 sizeof(req_txp_cp), &req_txp_cp);
4830 }
dd983808 4831
eed5daf3
AK		 4832 /* Max TX power needs to be read only once per connection */
4833 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4834 req_txp_cp.handle = cpu_to_le16(conn->handle);
4835 req_txp_cp.type = 0x01;
4836 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4837 sizeof(req_txp_cp), &req_txp_cp);
4838 }
4839
dd983808
AK		 4840 err = hci_req_run(&req, conn_info_refresh_complete);
4841 if (err < 0)
4842 goto unlock;
4843
4844 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4845 data, len);
4846 if (!cmd) {
4847 err = -ENOMEM;
4848 goto unlock;
4849 }
4850
4851 hci_conn_hold(conn);
f8aaf9b6 4852 cmd->user_data = hci_conn_get(conn);
9981bdb0 4853 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 4854
4855 conn->conn_info_timestamp = jiffies;
4856 } else {
4857 /* Cache is valid, just reply with values cached in hci_conn */
4858 rp.rssi = conn->rssi;
4859 rp.tx_power = conn->tx_power;
eed5daf3 4860 rp.max_tx_power = conn->max_tx_power;
dd983808 4861
2a1afb5a
JH		 4862 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4863 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 4864 }
4865
4866unlock:
4867 hci_dev_unlock(hdev);
4868 return err;
4869}
4870
3b0602cd 4871static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 4872{
69487371 4873 struct hci_conn *conn = cmd->user_data;
95868426 4874 struct mgmt_rp_get_clock_info rp;
69487371 4875 struct hci_dev *hdev;
9df74653 4876 int err;
69487371
JH		 4877
4878 memset(&rp, 0, sizeof(rp));
4879 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
4880
4881 if (status)
4882 goto complete;
4883
4884 hdev = hci_dev_get(cmd->index);
4885 if (hdev) {
4886 rp.local_clock = cpu_to_le32(hdev->clock);
4887 hci_dev_put(hdev);
4888 }
4889
4890 if (conn) {
4891 rp.piconet_clock = cpu_to_le32(conn->clock);
4892 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
4893 }
4894
4895complete:
2a1afb5a
JH		 4896 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
4897 sizeof(rp));
69487371
JH		 4898
4899 if (conn) {
4900 hci_conn_drop(conn);
4901 hci_conn_put(conn);
4902 }
9df74653
JH		 4903
4904 return err;
69487371
JH		 4905}
4906
1904a853 4907static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 4908{
95868426 4909 struct hci_cp_read_clock *hci_cp;
3b0602cd 4910 struct mgmt_pending_cmd *cmd;
95868426
JH		 4911 struct hci_conn *conn;
4912
4913 BT_DBG("%s status %u", hdev->name, status);
4914
4915 hci_dev_lock(hdev);
4916
4917 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
4918 if (!hci_cp)
4919 goto unlock;
4920
4921 if (hci_cp->which) {
4922 u16 handle = __le16_to_cpu(hci_cp->handle);
4923 conn = hci_conn_hash_lookup_handle(hdev, handle);
4924 } else {
4925 conn = NULL;
4926 }
4927
333ae95d 4928 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 4929 if (!cmd)
4930 goto unlock;
4931
69487371 4932 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 4933 mgmt_pending_remove(cmd);
95868426
JH		 4934
4935unlock:
4936 hci_dev_unlock(hdev);
4937}
4938
4939static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
4940 u16 len)
4941{
4942 struct mgmt_cp_get_clock_info *cp = data;
4943 struct mgmt_rp_get_clock_info rp;
4944 struct hci_cp_read_clock hci_cp;
3b0602cd 4945 struct mgmt_pending_cmd *cmd;
95868426
JH		 4946 struct hci_request req;
4947 struct hci_conn *conn;
4948 int err;
4949
4950 BT_DBG("%s", hdev->name);
4951
4952 memset(&rp, 0, sizeof(rp));
4953 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4954 rp.addr.type = cp->addr.type;
4955
4956 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4957 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4958 MGMT_STATUS_INVALID_PARAMS,
4959 &rp, sizeof(rp));
95868426
JH		 4960
4961 hci_dev_lock(hdev);
4962
4963 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4964 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
4965 MGMT_STATUS_NOT_POWERED, &rp,
4966 sizeof(rp));
95868426
JH		 4967 goto unlock;
4968 }
4969
4970 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4971 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4972 &cp->addr.bdaddr);
4973 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4974 err = mgmt_cmd_complete(sk, hdev->id,
4975 MGMT_OP_GET_CLOCK_INFO,
4976 MGMT_STATUS_NOT_CONNECTED,
4977 &rp, sizeof(rp));
95868426
JH		 4978 goto unlock;
4979 }
4980 } else {
4981 conn = NULL;
4982 }
4983
4984 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
4985 if (!cmd) {
4986 err = -ENOMEM;
4987 goto unlock;
4988 }
4989
69487371
JH		 4990 cmd->cmd_complete = clock_info_cmd_complete;
4991
95868426
JH		 4992 hci_req_init(&req, hdev);
4993
4994 memset(&hci_cp, 0, sizeof(hci_cp));
4995 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
4996
4997 if (conn) {
4998 hci_conn_hold(conn);
f8aaf9b6 4999 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5000
5001 hci_cp.handle = cpu_to_le16(conn->handle);
5002 hci_cp.which = 0x01; /* Piconet clock */
5003 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5004 }
5005
5006 err = hci_req_run(&req, get_clock_info_complete);
5007 if (err < 0)
5008 mgmt_pending_remove(cmd);
5009
5010unlock:
5011 hci_dev_unlock(hdev);
5012 return err;
5013}
5014
5a154e6f
JH		 5015static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5016{
5017 struct hci_conn *conn;
5018
5019 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5020 if (!conn)
5021 return false;
5022
5023 if (conn->dst_type != type)
5024 return false;
5025
5026 if (conn->state != BT_CONNECTED)
5027 return false;
5028
5029 return true;
5030}
5031
5032/* This function requires the caller holds hdev->lock */
51d7a94d 5033static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5034 u8 addr_type, u8 auto_connect)
5035{
5a154e6f
JH		 5036 struct hci_conn_params *params;
5037
5038 params = hci_conn_params_add(hdev, addr, addr_type);
5039 if (!params)
5040 return -EIO;
5041
5042 if (params->auto_connect == auto_connect)
5043 return 0;
5044
5045 list_del_init(&params->action);
5046
5047 switch (auto_connect) {
5048 case HCI_AUTO_CONN_DISABLED:
5049 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5050 /* If auto connect is being disabled when we're trying to
5051 * connect to device, keep connecting.
5052 */
5053 if (params->explicit_connect)
5054 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5055 break;
5056 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5057 if (params->explicit_connect)
5058 list_add(&params->action, &hdev->pend_le_conns);
5059 else
5060 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5061 break;
5062 case HCI_AUTO_CONN_DIRECT:
5063 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5064 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5065 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5066 break;
5067 }
5068
5069 params->auto_connect = auto_connect;
5070
5071 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5072 auto_connect);
5073
5074 return 0;
5075}
5076
8afef092
MH		 5077static void device_added(struct sock *sk, struct hci_dev *hdev,
5078 bdaddr_t *bdaddr, u8 type, u8 action)
5079{
5080 struct mgmt_ev_device_added ev;
5081
5082 bacpy(&ev.addr.bdaddr, bdaddr);
5083 ev.addr.type = type;
5084 ev.action = action;
5085
5086 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5087}
5088
2faade53
MH		 5089static int add_device(struct sock *sk, struct hci_dev *hdev,
5090 void *data, u16 len)
5091{
5092 struct mgmt_cp_add_device *cp = data;
5093 u8 auto_conn, addr_type;
5094 int err;
5095
5096 BT_DBG("%s", hdev->name);
5097
6659358e 5098 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5099 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5100 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5101 MGMT_STATUS_INVALID_PARAMS,
5102 &cp->addr, sizeof(cp->addr));
2faade53 5103
4b9e7e75 5104 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5105 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5106 MGMT_STATUS_INVALID_PARAMS,
5107 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5108
5109 hci_dev_lock(hdev);
5110
6659358e 5111 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5112 /* Only incoming connections action is supported for now */
6659358e 5113 if (cp->action != 0x01) {
51d7a94d
JH		 5114 err = mgmt_cmd_complete(sk, hdev->id,
5115 MGMT_OP_ADD_DEVICE,
5116 MGMT_STATUS_INVALID_PARAMS,
5117 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5118 goto unlock;
5119 }
5120
5121 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5122 cp->addr.type);
5123 if (err)
5124 goto unlock;
a397407f 5125
01b1cb87 5126 hci_req_update_scan(hdev);
a397407f 5127
6659358e
JH		 5128 goto added;
5129 }
5130
85813a7e 5131 addr_type = le_addr_type(cp->addr.type);
2faade53 5132
4b9e7e75 5133 if (cp->action == 0x02)
2faade53 5134 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5135 else if (cp->action == 0x01)
5136 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5137 else
a3451d27 5138 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5139
9a0a8a8e
JP		 5140 /* Kernel internally uses conn_params with resolvable private
5141 * address, but Add Device allows only identity addresses.
5142 * Make sure it is enforced before calling
5143 * hci_conn_params_lookup.
5144 */
5145 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5146 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5147 MGMT_STATUS_INVALID_PARAMS,
5148 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5149 goto unlock;
5150 }
5151
bf5b3c8b
MH		 5152 /* If the connection parameters don't exist for this device,
5153 * they will be created and configured with defaults.
5154 */
51d7a94d 5155 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5156 auto_conn) < 0) {
51d7a94d
JH		 5157 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5158 MGMT_STATUS_FAILED, &cp->addr,
5159 sizeof(cp->addr));
2faade53
MH		 5160 goto unlock;
5161 }
5162
51d7a94d
JH		 5163 hci_update_background_scan(hdev);
5164
6659358e 5165added:
8afef092
MH		 5166 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5167
51d7a94d
JH		 5168 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5169 MGMT_STATUS_SUCCESS, &cp->addr,
5170 sizeof(cp->addr));
2faade53
MH		 5171
5172unlock:
5173 hci_dev_unlock(hdev);
5174 return err;
5175}
5176
8afef092
MH		 5177static void device_removed(struct sock *sk, struct hci_dev *hdev,
5178 bdaddr_t *bdaddr, u8 type)
5179{
5180 struct mgmt_ev_device_removed ev;
5181
5182 bacpy(&ev.addr.bdaddr, bdaddr);
5183 ev.addr.type = type;
5184
5185 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5186}
5187
2faade53
MH		 5188static int remove_device(struct sock *sk, struct hci_dev *hdev,
5189 void *data, u16 len)
5190{
5191 struct mgmt_cp_remove_device *cp = data;
5192 int err;
5193
5194 BT_DBG("%s", hdev->name);
5195
5196 hci_dev_lock(hdev);
5197
5198 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5199 struct hci_conn_params *params;
2faade53
MH		 5200 u8 addr_type;
5201
6659358e 5202 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5203 err = mgmt_cmd_complete(sk, hdev->id,
5204 MGMT_OP_REMOVE_DEVICE,
5205 MGMT_STATUS_INVALID_PARAMS,
5206 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5207 goto unlock;
5208 }
5209
6659358e
JH		 5210 if (cp->addr.type == BDADDR_BREDR) {
5211 err = hci_bdaddr_list_del(&hdev->whitelist,
5212 &cp->addr.bdaddr,
5213 cp->addr.type);
5214 if (err) {
51d7a94d
JH		 5215 err = mgmt_cmd_complete(sk, hdev->id,
5216 MGMT_OP_REMOVE_DEVICE,
5217 MGMT_STATUS_INVALID_PARAMS,
5218 &cp->addr,
5219 sizeof(cp->addr));
6659358e
JH		 5220 goto unlock;
5221 }
5222
01b1cb87 5223 hci_req_update_scan(hdev);
a397407f 5224
6659358e
JH		 5225 device_removed(sk, hdev, &cp->addr.bdaddr,
5226 cp->addr.type);
5227 goto complete;
5228 }
5229
85813a7e 5230 addr_type = le_addr_type(cp->addr.type);
2faade53 5231
9a0a8a8e
JP		 5232 /* Kernel internally uses conn_params with resolvable private
5233 * address, but Remove Device allows only identity addresses.
5234 * Make sure it is enforced before calling
5235 * hci_conn_params_lookup.
5236 */
5237 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5238 err = mgmt_cmd_complete(sk, hdev->id,
5239 MGMT_OP_REMOVE_DEVICE,
5240 MGMT_STATUS_INVALID_PARAMS,
5241 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5242 goto unlock;
5243 }
5244
c71593dd
JH		 5245 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5246 addr_type);
5247 if (!params) {
51d7a94d
JH		 5248 err = mgmt_cmd_complete(sk, hdev->id,
5249 MGMT_OP_REMOVE_DEVICE,
5250 MGMT_STATUS_INVALID_PARAMS,
5251 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5252 goto unlock;
5253 }
5254
679d2b6f
JH		 5255 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5256 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5257 err = mgmt_cmd_complete(sk, hdev->id,
5258 MGMT_OP_REMOVE_DEVICE,
5259 MGMT_STATUS_INVALID_PARAMS,
5260 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5261 goto unlock;
5262 }
5263
d1dbf12e 5264 list_del(&params->action);
c71593dd
JH		 5265 list_del(&params->list);
5266 kfree(params);
51d7a94d 5267 hci_update_background_scan(hdev);
8afef092
MH		 5268
5269 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5270 } else {
19de0825 5271 struct hci_conn_params *p, *tmp;
6659358e 5272 struct bdaddr_list *b, *btmp;
19de0825 5273
2faade53 5274 if (cp->addr.type) {
51d7a94d
JH		 5275 err = mgmt_cmd_complete(sk, hdev->id,
5276 MGMT_OP_REMOVE_DEVICE,
5277 MGMT_STATUS_INVALID_PARAMS,
5278 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5279 goto unlock;
5280 }
5281
6659358e
JH		 5282 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5283 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5284 list_del(&b->list);
5285 kfree(b);
5286 }
5287
01b1cb87 5288 hci_req_update_scan(hdev);
a397407f 5289
19de0825
JH		 5290 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5291 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5292 continue;
5293 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5294 if (p->explicit_connect) {
5295 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5296 continue;
5297 }
19de0825
JH		 5298 list_del(&p->action);
5299 list_del(&p->list);
5300 kfree(p);
5301 }
5302
5303 BT_DBG("All LE connection parameters were removed");
5304
51d7a94d 5305 hci_update_background_scan(hdev);
2faade53
MH		 5306 }
5307
6659358e 5308complete:
51d7a94d
JH		 5309 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5310 MGMT_STATUS_SUCCESS, &cp->addr,
5311 sizeof(cp->addr));
2faade53
MH		 5312unlock:
5313 hci_dev_unlock(hdev);
5314 return err;
5315}
5316
a26f3dcf
JH		 5317static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5318 u16 len)
5319{
5320 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5321 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5322 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5323 u16 param_count, expected_len;
5324 int i;
5325
5326 if (!lmp_le_capable(hdev))
a69e8375
JH		 5327 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5328 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5329
5330 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5331 if (param_count > max_param_count) {
5332 BT_ERR("load_conn_param: too big param_count value %u",
5333 param_count);
a69e8375
JH		 5334 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5335 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5336 }
a26f3dcf
JH		 5337
5338 expected_len = sizeof(*cp) + param_count *
5339 sizeof(struct mgmt_conn_param);
5340 if (expected_len != len) {
5341 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5342 expected_len, len);
a69e8375
JH		 5343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5344 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5345 }
5346
5347 BT_DBG("%s param_count %u", hdev->name, param_count);
5348
5349 hci_dev_lock(hdev);
5350
5351 hci_conn_params_clear_disabled(hdev);
5352
5353 for (i = 0; i < param_count; i++) {
5354 struct mgmt_conn_param *param = &cp->params[i];
5355 struct hci_conn_params *hci_param;
5356 u16 min, max, latency, timeout;
5357 u8 addr_type;
5358
5359 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5360 param->addr.type);
5361
5362 if (param->addr.type == BDADDR_LE_PUBLIC) {
5363 addr_type = ADDR_LE_DEV_PUBLIC;
5364 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5365 addr_type = ADDR_LE_DEV_RANDOM;
5366 } else {
5367 BT_ERR("Ignoring invalid connection parameters");
5368 continue;
5369 }
5370
5371 min = le16_to_cpu(param->min_interval);
5372 max = le16_to_cpu(param->max_interval);
5373 latency = le16_to_cpu(param->latency);
5374 timeout = le16_to_cpu(param->timeout);
5375
5376 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5377 min, max, latency, timeout);
5378
5379 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5380 BT_ERR("Ignoring invalid connection parameters");
5381 continue;
5382 }
5383
5384 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5385 addr_type);
5386 if (!hci_param) {
5387 BT_ERR("Failed to add connection parameters");
5388 continue;
5389 }
5390
5391 hci_param->conn_min_interval = min;
5392 hci_param->conn_max_interval = max;
5393 hci_param->conn_latency = latency;
5394 hci_param->supervision_timeout = timeout;
5395 }
5396
5397 hci_dev_unlock(hdev);
5398
2a1afb5a
JH		 5399 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5400 NULL, 0);
a26f3dcf
JH		 5401}
5402
dbece37a
MH		 5403static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5404 void *data, u16 len)
5405{
5406 struct mgmt_cp_set_external_config *cp = data;
5407 bool changed;
5408 int err;
5409
5410 BT_DBG("%s", hdev->name);
5411
5412 if (hdev_is_powered(hdev))
a69e8375
JH		 5413 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5414 MGMT_STATUS_REJECTED);
dbece37a
MH		 5415
5416 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5417 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5418 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5419
5420 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5422 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5423
5424 hci_dev_lock(hdev);
5425
5426 if (cp->config)
238be788 5427 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5428 else
a69d8927 5429 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5430
5431 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5432 if (err < 0)
5433 goto unlock;
5434
5435 if (!changed)
5436 goto unlock;
5437
f4537c04
MH		 5438 err = new_options(hdev, sk);
5439
d7a5a11d 5440 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5441 mgmt_index_removed(hdev);
d603b76b 5442
516018a9 5443 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5444 hci_dev_set_flag(hdev, HCI_CONFIG);
5445 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5446
5447 queue_work(hdev->req_workqueue, &hdev->power_on);
5448 } else {
5ea234d3 5449 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5450 mgmt_index_added(hdev);
5451 }
dbece37a
MH		 5452 }
5453
5454unlock:
5455 hci_dev_unlock(hdev);
5456 return err;
5457}
5458
9713c17b
MH		 5459static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5460 void *data, u16 len)
5461{
5462 struct mgmt_cp_set_public_address *cp = data;
5463 bool changed;
5464 int err;
5465
5466 BT_DBG("%s", hdev->name);
5467
5468 if (hdev_is_powered(hdev))
a69e8375
JH		 5469 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5470 MGMT_STATUS_REJECTED);
9713c17b
MH		 5471
5472 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5474 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5475
5476 if (!hdev->set_bdaddr)
a69e8375
JH		 5477 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5478 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5479
5480 hci_dev_lock(hdev);
5481
5482 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5483 bacpy(&hdev->public_addr, &cp->bdaddr);
5484
5485 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5486 if (err < 0)
5487 goto unlock;
5488
5489 if (!changed)
5490 goto unlock;
5491
d7a5a11d 5492 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 5493 err = new_options(hdev, sk);
5494
5495 if (is_configured(hdev)) {
5496 mgmt_index_removed(hdev);
5497
a358dc11 5498 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 5499
a1536da2
MH		 5500 hci_dev_set_flag(hdev, HCI_CONFIG);
5501 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 5502
5503 queue_work(hdev->req_workqueue, &hdev->power_on);
5504 }
5505
5506unlock:
5507 hci_dev_unlock(hdev);
5508 return err;
5509}
5510
bea41609
MH		 5511static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
5512 u8 data_len)
5513{
5514 eir[eir_len++] = sizeof(type) + data_len;
5515 eir[eir_len++] = type;
5516 memcpy(&eir[eir_len], data, data_len);
5517 eir_len += data_len;
5518
5519 return eir_len;
5520}
5521
40f66c05
JH		 5522static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5523 u16 opcode, struct sk_buff *skb)
5524{
5525 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5526 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5527 u8 *h192, *r192, *h256, *r256;
5528 struct mgmt_pending_cmd *cmd;
5529 u16 eir_len;
5530 int err;
5531
5532 BT_DBG("%s status %u", hdev->name, status);
5533
5534 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5535 if (!cmd)
5536 return;
5537
5538 mgmt_cp = cmd->param;
5539
5540 if (status) {
5541 status = mgmt_status(status);
5542 eir_len = 0;
5543
5544 h192 = NULL;
5545 r192 = NULL;
5546 h256 = NULL;
5547 r256 = NULL;
5548 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5549 struct hci_rp_read_local_oob_data *rp;
5550
5551 if (skb->len != sizeof(*rp)) {
5552 status = MGMT_STATUS_FAILED;
5553 eir_len = 0;
5554 } else {
5555 status = MGMT_STATUS_SUCCESS;
5556 rp = (void *)skb->data;
5557
5558 eir_len = 5 + 18 + 18;
5559 h192 = rp->hash;
5560 r192 = rp->rand;
5561 h256 = NULL;
5562 r256 = NULL;
5563 }
5564 } else {
5565 struct hci_rp_read_local_oob_ext_data *rp;
5566
5567 if (skb->len != sizeof(*rp)) {
5568 status = MGMT_STATUS_FAILED;
5569 eir_len = 0;
5570 } else {
5571 status = MGMT_STATUS_SUCCESS;
5572 rp = (void *)skb->data;
5573
5574 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5575 eir_len = 5 + 18 + 18;
5576 h192 = NULL;
5577 r192 = NULL;
5578 } else {
5579 eir_len = 5 + 18 + 18 + 18 + 18;
5580 h192 = rp->hash192;
5581 r192 = rp->rand192;
5582 }
5583
5584 h256 = rp->hash256;
5585 r256 = rp->rand256;
5586 }
5587 }
5588
5589 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5590 if (!mgmt_rp)
5591 goto done;
5592
5593 if (status)
5594 goto send_rsp;
5595
5596 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5597 hdev->dev_class, 3);
5598
5599 if (h192 && r192) {
5600 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5601 EIR_SSP_HASH_C192, h192, 16);
5602 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5603 EIR_SSP_RAND_R192, r192, 16);
5604 }
5605
5606 if (h256 && r256) {
5607 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5608 EIR_SSP_HASH_C256, h256, 16);
5609 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5610 EIR_SSP_RAND_R256, r256, 16);
5611 }
5612
5613send_rsp:
5614 mgmt_rp->type = mgmt_cp->type;
5615 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5616
5617 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5618 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5619 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5620 if (err < 0 || status)
5621 goto done;
5622
5623 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5624
5625 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5626 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5627 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5628done:
5629 kfree(mgmt_rp);
5630 mgmt_pending_remove(cmd);
5631}
5632
5633static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5634 struct mgmt_cp_read_local_oob_ext_data *cp)
5635{
5636 struct mgmt_pending_cmd *cmd;
5637 struct hci_request req;
5638 int err;
5639
5640 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5641 cp, sizeof(*cp));
5642 if (!cmd)
5643 return -ENOMEM;
5644
5645 hci_req_init(&req, hdev);
5646
5647 if (bredr_sc_enabled(hdev))
5648 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5649 else
5650 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5651
5652 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5653 if (err < 0) {
5654 mgmt_pending_remove(cmd);
5655 return err;
5656 }
5657
5658 return 0;
5659}
5660
4f0f155c
MH		 5661static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5662 void *data, u16 data_len)
5663{
5664 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5665 struct mgmt_rp_read_local_oob_ext_data *rp;
5666 size_t rp_len;
5667 u16 eir_len;
0821a2c5 5668 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 5669 int err;
5670
5671 BT_DBG("%s", hdev->name);
5672
57b0d3e8
MH		 5673 if (hdev_is_powered(hdev)) {
5674 switch (cp->type) {
5675 case BIT(BDADDR_BREDR):
5676 status = mgmt_bredr_support(hdev);
5677 if (status)
5678 eir_len = 0;
5679 else
5680 eir_len = 5;
5681 break;
5682 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5683 status = mgmt_le_support(hdev);
5684 if (status)
5685 eir_len = 0;
5686 else
5687 eir_len = 9 + 3 + 18 + 18 + 3;
5688 break;
5689 default:
5690 status = MGMT_STATUS_INVALID_PARAMS;
5691 eir_len = 0;
5692 break;
5693 }
5694 } else {
5695 status = MGMT_STATUS_NOT_POWERED;
5696 eir_len = 0;
4f0f155c
MH		 5697 }
5698
4f0f155c
MH		 5699 rp_len = sizeof(*rp) + eir_len;
5700 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 5701 if (!rp)
4f0f155c 5702 return -ENOMEM;
efcd8c98 5703
57b0d3e8
MH		 5704 if (status)
5705 goto complete;
5706
efcd8c98 5707 hci_dev_lock(hdev);
4f0f155c
MH		 5708
5709 eir_len = 0;
5710 switch (cp->type) {
5711 case BIT(BDADDR_BREDR):
40f66c05
JH		 5712 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5713 err = read_local_ssp_oob_req(hdev, sk, cp);
5714 hci_dev_unlock(hdev);
5715 if (!err)
5716 goto done;
5717
5718 status = MGMT_STATUS_FAILED;
5719 goto complete;
5720 } else {
5721 eir_len = eir_append_data(rp->eir, eir_len,
5722 EIR_CLASS_OF_DEV,
5723 hdev->dev_class, 3);
5724 }
4f0f155c
MH		 5725 break;
5726 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 5727 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5728 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 5729 hci_dev_unlock(hdev);
57b0d3e8
MH		 5730 status = MGMT_STATUS_FAILED;
5731 goto complete;
0821a2c5
MH		 5732 }
5733
e213568a
MH		 5734 /* This should return the active RPA, but since the RPA
5735 * is only programmed on demand, it is really hard to fill
5736 * this in at the moment. For now disallow retrieving
5737 * local out-of-band data when privacy is in use.
5738 *
5739 * Returning the identity address will not help here since
5740 * pairing happens before the identity resolving key is
5741 * known and thus the connection establishment happens
5742 * based on the RPA and not the identity address.
5743 */
4f0f155c 5744 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 5745 hci_dev_unlock(hdev);
5746 status = MGMT_STATUS_REJECTED;
5747 goto complete;
5748 }
5749
5750 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5751 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5752 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5753 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 5754 memcpy(addr, &hdev->static_addr, 6);
5755 addr[6] = 0x01;
5756 } else {
5757 memcpy(addr, &hdev->bdaddr, 6);
5758 addr[6] = 0x00;
5759 }
5760
5761 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5762 addr, sizeof(addr));
5763
5764 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5765 role = 0x02;
5766 else
5767 role = 0x01;
5768
5769 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5770 &role, sizeof(role));
5771
5082a599
MH		 5772 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5773 eir_len = eir_append_data(rp->eir, eir_len,
5774 EIR_LE_SC_CONFIRM,
5775 hash, sizeof(hash));
0821a2c5 5776
5082a599
MH		 5777 eir_len = eir_append_data(rp->eir, eir_len,
5778 EIR_LE_SC_RANDOM,
5779 rand, sizeof(rand));
5780 }
0821a2c5 5781
f2252570 5782 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 5783
5784 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5785 flags |= LE_AD_NO_BREDR;
5786
5787 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5788 &flags, sizeof(flags));
5789 break;
5790 }
5791
4f0f155c
MH		 5792 hci_dev_unlock(hdev);
5793
72000df2
MH		 5794 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5795
57b0d3e8
MH		 5796 status = MGMT_STATUS_SUCCESS;
5797
5798complete:
efcd8c98
MH		 5799 rp->type = cp->type;
5800 rp->eir_len = cpu_to_le16(eir_len);
5801
4f0f155c 5802 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 5803 status, rp, sizeof(*rp) + eir_len);
5804 if (err < 0 || status)
72000df2
MH		 5805 goto done;
5806
5807 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5808 rp, sizeof(*rp) + eir_len,
5809 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 5810
0821a2c5 5811done:
4f0f155c
MH		 5812 kfree(rp);
5813
5814 return err;
5815}
5816
089fa8c0
AU		 5817static u32 get_supported_adv_flags(struct hci_dev *hdev)
5818{
5819 u32 flags = 0;
5820
5821 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5822 flags |= MGMT_ADV_FLAG_DISCOV;
5823 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5824 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
5825
5826 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5827 flags |= MGMT_ADV_FLAG_TX_POWER;
5828
5829 return flags;
5830}
5831
d3d5305b
MH		 5832static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5833 void *data, u16 data_len)
5834{
5835 struct mgmt_rp_read_adv_features *rp;
5836 size_t rp_len;
286e0c83 5837 int err, i;
24b4f38f 5838 bool instance;
286e0c83 5839 struct adv_info *adv_instance;
089fa8c0 5840 u32 supported_flags;
d3d5305b
MH		 5841
5842 BT_DBG("%s", hdev->name);
5843
089fa8c0
AU		 5844 if (!lmp_le_capable(hdev))
5845 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5846 MGMT_STATUS_REJECTED);
5847
d3d5305b
MH		 5848 hci_dev_lock(hdev);
5849
5850 rp_len = sizeof(*rp);
24b4f38f 5851
24b4f38f
AU		 5852 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
5853 if (instance)
286e0c83 5854 rp_len += hdev->adv_instance_cnt;
24b4f38f 5855
d3d5305b
MH		 5856 rp = kmalloc(rp_len, GFP_ATOMIC);
5857 if (!rp) {
5858 hci_dev_unlock(hdev);
5859 return -ENOMEM;
5860 }
5861
089fa8c0
AU		 5862 supported_flags = get_supported_adv_flags(hdev);
5863
5864 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 5865 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5866 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 5867 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f 5868
24b4f38f 5869 if (instance) {
286e0c83
FG		 5870 i = 0;
5871 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
5872 if (i >= hdev->adv_instance_cnt)
5873 break;
5874
5875 rp->instance[i] = adv_instance->instance;
5876 i++;
5877 }
5878 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f
AU		 5879 } else {
5880 rp->num_instances = 0;
5881 }
d3d5305b
MH		 5882
5883 hci_dev_unlock(hdev);
5884
5885 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5886 MGMT_STATUS_SUCCESS, rp, rp_len);
5887
5888 kfree(rp);
5889
5890 return err;
5891}
5892
4117ed70 5893static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 5894 u8 len, bool is_adv_data)
24b4f38f 5895{
4117ed70 5896 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 5897 int i, cur_len;
b44133ff 5898 bool flags_managed = false;
5507e358 5899 bool tx_power_managed = false;
24b4f38f 5900
31a3248d
MH		 5901 if (is_adv_data) {
5902 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
5903 MGMT_ADV_FLAG_LIMITED_DISCOV |
5904 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
5905 flags_managed = true;
5906 max_len -= 3;
5907 }
24b4f38f 5908
31a3248d
MH		 5909 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
5910 tx_power_managed = true;
5911 max_len -= 3;
5912 }
5507e358
AU		 5913 }
5914
4117ed70 5915 if (len > max_len)
24b4f38f
AU		 5916 return false;
5917
4117ed70
AU		 5918 /* Make sure that the data is correctly formatted. */
5919 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
5920 cur_len = data[i];
24b4f38f 5921
b44133ff
AU		 5922 if (flags_managed && data[i + 1] == EIR_FLAGS)
5923 return false;
5924
5507e358
AU		 5925 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
5926 return false;
5927
24b4f38f
AU		 5928 /* If the current field length would exceed the total data
5929 * length, then it's invalid.
5930 */
4117ed70 5931 if (i + cur_len >= len)
24b4f38f
AU		 5932 return false;
5933 }
5934
5935 return true;
5936}
5937
24b4f38f
AU		 5938static void add_advertising_complete(struct hci_dev *hdev, u8 status,
5939 u16 opcode)
5940{
5941 struct mgmt_pending_cmd *cmd;
fffd38bc 5942 struct mgmt_cp_add_advertising *cp;
24b4f38f 5943 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 5944 struct adv_info *adv_instance, *n;
5945 u8 instance;
24b4f38f
AU		 5946
5947 BT_DBG("status %d", status);
5948
5949 hci_dev_lock(hdev);
5950
5951 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
5952
fffd38bc 5953 if (status)
24b4f38f 5954 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
fffd38bc
FG		 5955
5956 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
5957 if (!adv_instance->pending)
5958 continue;
5959
5960 if (!status) {
5961 adv_instance->pending = false;
5962 continue;
5963 }
5964
5965 instance = adv_instance->instance;
5966
5967 if (hdev->cur_adv_instance == instance)
5968 cancel_adv_timeout(hdev);
5969
5970 hci_remove_adv_instance(hdev, instance);
f2252570 5971 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 5972 }
5973
5974 if (!cmd)
5975 goto unlock;
5976
fffd38bc
FG		 5977 cp = cmd->param;
5978 rp.instance = cp->instance;
24b4f38f
AU		 5979
5980 if (status)
5981 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5982 mgmt_status(status));
5983 else
5984 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5985 mgmt_status(status), &rp, sizeof(rp));
5986
5987 mgmt_pending_remove(cmd);
5988
5989unlock:
5990 hci_dev_unlock(hdev);
5991}
5992
5993static int add_advertising(struct sock *sk, struct hci_dev *hdev,
5994 void *data, u16 data_len)
5995{
5996 struct mgmt_cp_add_advertising *cp = data;
5997 struct mgmt_rp_add_advertising rp;
5998 u32 flags;
089fa8c0 5999 u32 supported_flags;
24b4f38f 6000 u8 status;
fffd38bc
FG		 6001 u16 timeout, duration;
6002 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6003 u8 schedule_instance = 0;
6004 struct adv_info *next_instance;
24b4f38f
AU		 6005 int err;
6006 struct mgmt_pending_cmd *cmd;
6007 struct hci_request req;
6008
6009 BT_DBG("%s", hdev->name);
6010
6011 status = mgmt_le_support(hdev);
6012 if (status)
6013 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6014 status);
6015
ceff86af
MH		 6016 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6017 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6018 MGMT_STATUS_INVALID_PARAMS);
6019
24b4f38f 6020 flags = __le32_to_cpu(cp->flags);
912098a6 6021 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6022 duration = __le16_to_cpu(cp->duration);
24b4f38f 6023
fffd38bc
FG		 6024 /* The current implementation only supports a subset of the specified
6025 * flags.
089fa8c0
AU		 6026 */
6027 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 6028 if (flags & ~supported_flags)
24b4f38f
AU		 6029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6030 MGMT_STATUS_INVALID_PARAMS);
6031
6032 hci_dev_lock(hdev);
6033
912098a6
AU		 6034 if (timeout && !hdev_is_powered(hdev)) {
6035 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6036 MGMT_STATUS_REJECTED);
6037 goto unlock;
6038 }
6039
24b4f38f 6040 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6041 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6042 pending_find(MGMT_OP_SET_LE, hdev)) {
6043 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6044 MGMT_STATUS_BUSY);
6045 goto unlock;
6046 }
6047
b44133ff 6048 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6049 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6050 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6051 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6052 MGMT_STATUS_INVALID_PARAMS);
6053 goto unlock;
6054 }
6055
fffd38bc
FG		 6056 err = hci_add_adv_instance(hdev, cp->instance, flags,
6057 cp->adv_data_len, cp->data,
6058 cp->scan_rsp_len,
6059 cp->data + cp->adv_data_len,
6060 timeout, duration);
6061 if (err < 0) {
6062 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6063 MGMT_STATUS_FAILED);
6064 goto unlock;
6065 }
24b4f38f 6066
fffd38bc
FG		 6067 /* Only trigger an advertising added event if a new instance was
6068 * actually added.
6069 */
6070 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6071 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6072
fffd38bc 6073 hci_dev_set_flag(hdev, HCI_ADVERTISING_INSTANCE);
912098a6 6074
fffd38bc
FG		 6075 if (hdev->cur_adv_instance == cp->instance) {
6076 /* If the currently advertised instance is being changed then
6077 * cancel the current advertising and schedule the next
6078 * instance. If there is only one instance then the overridden
6079 * advertising data will be visible right away.
6080 */
6081 cancel_adv_timeout(hdev);
912098a6 6082
fffd38bc
FG		 6083 next_instance = hci_get_next_instance(hdev, cp->instance);
6084 if (next_instance)
6085 schedule_instance = next_instance->instance;
6086 } else if (!hdev->adv_instance_timeout) {
6087 /* Immediately advertise the new instance if no other
6088 * instance is currently being advertised.
6089 */
6090 schedule_instance = cp->instance;
6091 }
24b4f38f 6092
fffd38bc
FG		 6093 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6094 * there is no instance to be advertised then we have no HCI
6095 * communication to make. Simply return.
24b4f38f
AU		 6096 */
6097 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6098 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6099 !schedule_instance) {
6100 rp.instance = cp->instance;
24b4f38f
AU		 6101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6102 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6103 goto unlock;
6104 }
6105
6106 /* We're good to go, update advertising data, parameters, and start
6107 * advertising.
6108 */
6109 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6110 data_len);
6111 if (!cmd) {
6112 err = -ENOMEM;
6113 goto unlock;
6114 }
6115
6116 hci_req_init(&req, hdev);
6117
f2252570 6118 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6119
6120 if (!err)
6121 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6122
24b4f38f
AU		 6123 if (err < 0)
6124 mgmt_pending_remove(cmd);
6125
6126unlock:
6127 hci_dev_unlock(hdev);
6128
6129 return err;
6130}
6131
da929335
AU		 6132static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6133 u16 opcode)
6134{
6135 struct mgmt_pending_cmd *cmd;
01948331 6136 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6137 struct mgmt_rp_remove_advertising rp;
6138
6139 BT_DBG("status %d", status);
6140
6141 hci_dev_lock(hdev);
6142
6143 /* A failure status here only means that we failed to disable
6144 * advertising. Otherwise, the advertising instance has been removed,
6145 * so report success.
6146 */
6147 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6148 if (!cmd)
6149 goto unlock;
6150
01948331
FG		 6151 cp = cmd->param;
6152 rp.instance = cp->instance;
da929335
AU		 6153
6154 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6155 &rp, sizeof(rp));
6156 mgmt_pending_remove(cmd);
6157
6158unlock:
6159 hci_dev_unlock(hdev);
6160}
6161
6162static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6163 void *data, u16 data_len)
6164{
6165 struct mgmt_cp_remove_advertising *cp = data;
6166 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6167 struct mgmt_pending_cmd *cmd;
6168 struct hci_request req;
952497b1 6169 int err;
da929335
AU		 6170
6171 BT_DBG("%s", hdev->name);
6172
da929335
AU		 6173 hci_dev_lock(hdev);
6174
952497b1 6175 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6176 err = mgmt_cmd_status(sk, hdev->id,
6177 MGMT_OP_REMOVE_ADVERTISING,
6178 MGMT_STATUS_INVALID_PARAMS);
6179 goto unlock;
6180 }
6181
da929335
AU		 6182 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6183 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6184 pending_find(MGMT_OP_SET_LE, hdev)) {
6185 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6186 MGMT_STATUS_BUSY);
6187 goto unlock;
6188 }
6189
6190 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
6191 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6192 MGMT_STATUS_INVALID_PARAMS);
6193 goto unlock;
6194 }
6195
01948331 6196 hci_req_init(&req, hdev);
da929335 6197
f2252570 6198 hci_req_clear_adv_instance(hdev, &req, cp->instance, true);
da929335 6199
01948331 6200 if (list_empty(&hdev->adv_instances))
f2252570 6201 __hci_req_disable_advertising(&req);
da929335 6202
01948331
FG		 6203 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6204 * flag is set or the device isn't powered then we have no HCI
6205 * communication to make. Simply return.
da929335 6206 */
01948331
FG		 6207 if (skb_queue_empty(&req.cmd_q) ||
6208 !hdev_is_powered(hdev) ||
da929335 6209 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 6210 rp.instance = cp->instance;
da929335
AU		 6211 err = mgmt_cmd_complete(sk, hdev->id,
6212 MGMT_OP_REMOVE_ADVERTISING,
6213 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6214 goto unlock;
6215 }
6216
6217 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6218 data_len);
6219 if (!cmd) {
6220 err = -ENOMEM;
6221 goto unlock;
6222 }
6223
da929335
AU		 6224 err = hci_req_run(&req, remove_advertising_complete);
6225 if (err < 0)
6226 mgmt_pending_remove(cmd);
6227
6228unlock:
6229 hci_dev_unlock(hdev);
6230
6231 return err;
6232}
6233
40b25fe5
MH		 6234static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6235{
6236 u8 max_len = HCI_MAX_AD_LENGTH;
6237
6238 if (is_adv_data) {
6239 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6240 MGMT_ADV_FLAG_LIMITED_DISCOV |
6241 MGMT_ADV_FLAG_MANAGED_FLAGS))
6242 max_len -= 3;
6243
6244 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6245 max_len -= 3;
6246 }
6247
6248 return max_len;
6249}
6250
6251static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6252 void *data, u16 data_len)
6253{
6254 struct mgmt_cp_get_adv_size_info *cp = data;
6255 struct mgmt_rp_get_adv_size_info rp;
6256 u32 flags, supported_flags;
6257 int err;
6258
6259 BT_DBG("%s", hdev->name);
6260
6261 if (!lmp_le_capable(hdev))
6262 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6263 MGMT_STATUS_REJECTED);
6264
6265 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6266 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6267 MGMT_STATUS_INVALID_PARAMS);
6268
6269 flags = __le32_to_cpu(cp->flags);
6270
6271 /* The current implementation only supports a subset of the specified
6272 * flags.
6273 */
6274 supported_flags = get_supported_adv_flags(hdev);
6275 if (flags & ~supported_flags)
6276 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6277 MGMT_STATUS_INVALID_PARAMS);
6278
6279 rp.instance = cp->instance;
6280 rp.flags = cp->flags;
6281 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6282 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6283
6284 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6285 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6286
6287 return err;
6288}
6289
6d785aa3 6290static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6291 { NULL }, /* 0x0000 (no command) */
b9a245fb 6292 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6293 HCI_MGMT_NO_HDEV |
6294 HCI_MGMT_UNTRUSTED },
b9a245fb 6295 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6296 HCI_MGMT_NO_HDEV |
6297 HCI_MGMT_UNTRUSTED },
b9a245fb 6298 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6299 HCI_MGMT_NO_HDEV |
6300 HCI_MGMT_UNTRUSTED },
6301 { read_controller_info, MGMT_READ_INFO_SIZE,
6302 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6303 { set_powered, MGMT_SETTING_SIZE },
6304 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6305 { set_connectable, MGMT_SETTING_SIZE },
6306 { set_fast_connectable, MGMT_SETTING_SIZE },
6307 { set_bondable, MGMT_SETTING_SIZE },
6308 { set_link_security, MGMT_SETTING_SIZE },
6309 { set_ssp, MGMT_SETTING_SIZE },
6310 { set_hs, MGMT_SETTING_SIZE },
6311 { set_le, MGMT_SETTING_SIZE },
6312 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6313 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6314 { add_uuid, MGMT_ADD_UUID_SIZE },
6315 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6316 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6317 HCI_MGMT_VAR_LEN },
6318 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6319 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6320 { disconnect, MGMT_DISCONNECT_SIZE },
6321 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6322 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6323 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6324 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6325 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6326 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6327 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6328 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6329 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6330 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6331 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6332 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6333 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6334 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6335 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6336 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6337 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6338 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6339 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6340 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6341 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6342 { set_advertising, MGMT_SETTING_SIZE },
6343 { set_bredr, MGMT_SETTING_SIZE },
6344 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6345 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6346 { set_secure_conn, MGMT_SETTING_SIZE },
6347 { set_debug_keys, MGMT_SETTING_SIZE },
6348 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6349 { load_irks, MGMT_LOAD_IRKS_SIZE,
6350 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6351 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6352 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6353 { add_device, MGMT_ADD_DEVICE_SIZE },
6354 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6355 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6356 HCI_MGMT_VAR_LEN },
6357 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6358 HCI_MGMT_NO_HDEV |
6359 HCI_MGMT_UNTRUSTED },
b9a245fb 6360 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6361 HCI_MGMT_UNCONFIGURED |
6362 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6363 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6364 HCI_MGMT_UNCONFIGURED },
6365 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6366 HCI_MGMT_UNCONFIGURED },
6367 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6368 HCI_MGMT_VAR_LEN },
4f0f155c 6369 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6370 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6371 HCI_MGMT_NO_HDEV |
6372 HCI_MGMT_UNTRUSTED },
d3d5305b 6373 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6374 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6375 HCI_MGMT_VAR_LEN },
da929335 6376 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6377 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
0f4e68cf
JH		 6378};
6379
bf6b56db 6380void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6381{
ced85549 6382 struct mgmt_ev_ext_index ev;
bb4b2a9a 6383
0602a8ad
MH		 6384 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6385 return;
6386
f9207338
MH		 6387 switch (hdev->dev_type) {
6388 case HCI_BREDR:
6389 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6390 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6391 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6392 ev.type = 0x01;
f9207338
MH		 6393 } else {
6394 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6395 HCI_MGMT_INDEX_EVENTS);
ced85549 6396 ev.type = 0x00;
f9207338
MH		 6397 }
6398 break;
ced85549
MH		 6399 case HCI_AMP:
6400 ev.type = 0x02;
6401 break;
6402 default:
6403 return;
f9207338 6404 }
ced85549
MH		 6405
6406 ev.bus = hdev->bus;
6407
6408 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6409 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6410}
6411
bf6b56db 6412void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6413{
ced85549 6414 struct mgmt_ev_ext_index ev;
5f159032 6415 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6416
0602a8ad
MH		 6417 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6418 return;
6419
f9207338
MH		 6420 switch (hdev->dev_type) {
6421 case HCI_BREDR:
6422 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6423
f9207338
MH		 6424 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6425 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6426 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6427 ev.type = 0x01;
f9207338
MH		 6428 } else {
6429 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6430 HCI_MGMT_INDEX_EVENTS);
ced85549 6431 ev.type = 0x00;
f9207338
MH		 6432 }
6433 break;
ced85549
MH		 6434 case HCI_AMP:
6435 ev.type = 0x02;
6436 break;
6437 default:
6438 return;
f9207338 6439 }
ced85549
MH		 6440
6441 ev.bus = hdev->bus;
6442
6443 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6444 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6445}
6446
6046dc3e 6447/* This function requires the caller holds hdev->lock */
af02dd44 6448static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6449{
6450 struct hci_conn_params *p;
6451
6452 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6453 /* Needed for AUTO_OFF case where might not "really"
6454 * have been powered off.
6455 */
6456 list_del_init(&p->action);
6457
6458 switch (p->auto_connect) {
4b9e7e75 6459 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6460 case HCI_AUTO_CONN_ALWAYS:
6461 list_add(&p->action, &hdev->pend_le_conns);
6462 break;
6463 case HCI_AUTO_CONN_REPORT:
6464 list_add(&p->action, &hdev->pend_le_reports);
6465 break;
6466 default:
6467 break;
c83ed19d 6468 }
6046dc3e
AG		 6469 }
6470}
6471
1904a853 6472static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6473{
6474 struct cmd_lookup match = { NULL, hdev };
6475
6476 BT_DBG("status 0x%02x", status);
6477
162a3bac 6478 if (!status) {
af02dd44
JH		 6479 restart_le_actions(hdev);
6480 hci_update_background_scan(hdev);
162a3bac
MH		 6481 }
6482
229ab39c
JH		 6483 hci_dev_lock(hdev);
6484
6485 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6486
6487 new_settings(hdev, match.sk);
6488
6489 hci_dev_unlock(hdev);
6490
6491 if (match.sk)
6492 sock_put(match.sk);
6493}
6494
70da6243 6495static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6496{
890ea898 6497 struct hci_request req;
320b3bf7 6498 struct adv_info *adv_instance;
70da6243 6499 u8 link_sec;
5add6af8 6500
890ea898
JH		 6501 hci_req_init(&req, hdev);
6502
d7a5a11d 6503 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6504 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6505 u8 mode = 0x01;
5e5282bb 6506
574ea3c7
MH		 6507 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6508
6509 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6510 u8 support = 0x01;
5add6af8 6511
574ea3c7
MH		 6512 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6513 sizeof(support), &support);
6514 }
ec6f99b8
JH		 6515 }
6516
d7a5a11d 6517 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6518 lmp_bredr_capable(hdev)) {
70da6243 6519 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6520
32226e4f
MH		 6521 cp.le = 0x01;
6522 cp.simul = 0x00;
3d1cbdd6 6523
70da6243
JH		 6524 /* Check first if we already have the right
6525 * host state (host features set)
6526 */
6527 if (cp.le != lmp_host_le_capable(hdev) ||
6528 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6529 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6530 sizeof(cp), &cp);
70da6243 6531 }
3d1cbdd6 6532
d13eafce 6533 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6534 /* Make sure the controller has a good default for
6535 * advertising data. This also applies to the case
6536 * where BR/EDR was toggled during the AUTO_OFF phase.
6537 */
320b3bf7
FG		 6538 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
6539 (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6540 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))) {
f2252570
JH		 6541 __hci_req_update_adv_data(&req, HCI_ADV_CURRENT);
6542 __hci_req_update_scan_rsp_data(&req, HCI_ADV_CURRENT);
f14d8f64 6543 }
441ad2d0 6544
320b3bf7
FG		 6545 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
6546 hdev->cur_adv_instance == 0x00 &&
6547 !list_empty(&hdev->adv_instances)) {
6548 adv_instance = list_first_entry(&hdev->adv_instances,
6549 struct adv_info, list);
6550 hdev->cur_adv_instance = adv_instance->instance;
6551 }
6552
6553 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
f2252570 6554 __hci_req_enable_advertising(&req);
320b3bf7
FG		 6555 else if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
6556 hdev->cur_adv_instance)
f2252570
JH		 6557 __hci_req_schedule_adv_instance(&req,
6558 hdev->cur_adv_instance,
6559 true);
eeca6f89
JH		 6560 }
6561
d7a5a11d 6562 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6563 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6564 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6565 sizeof(link_sec), &link_sec);
562fcc24 6566
70da6243 6567 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6568 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6569 write_fast_connectable(&req, true);
6570 else
6571 write_fast_connectable(&req, false);
01b1cb87 6572 __hci_req_update_scan(&req);
14bf5eac 6573 __hci_req_update_class(&req);
00cf5040 6574 __hci_req_update_name(&req);
b1a8917c 6575 __hci_req_update_eir(&req);
70da6243 6576 }
562fcc24 6577
229ab39c 6578 return hci_req_run(&req, powered_complete);
70da6243 6579}
562fcc24 6580
70da6243
JH		 6581int mgmt_powered(struct hci_dev *hdev, u8 powered)
6582{
6583 struct cmd_lookup match = { NULL, hdev };
9845904f 6584 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6585 int err;
f0ff92fb 6586
d7a5a11d 6587 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6588 return 0;
6589
70da6243 6590 if (powered) {
e59a5542
AK		 6591 /* Register the available SMP channels (BR/EDR and LE) only
6592 * when successfully powering on the controller. This late
6593 * registration is required so that LE SMP can clearly
6594 * decide if the public address or static address is used.
6595 */
6596 smp_register(hdev);
6597
229ab39c
JH		 6598 if (powered_update_hci(hdev) == 0)
6599 return 0;
fe038884 6600
229ab39c
JH		 6601 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6602 &match);
6603 goto new_settings;
b24752fe
JH		 6604 }
6605
229ab39c 6606 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6607
6608 /* If the power off is because of hdev unregistration let
6609 * use the appropriate INVALID_INDEX status. Otherwise use
6610 * NOT_POWERED. We cover both scenarios here since later in
6611 * mgmt_index_removed() any hci_conn callbacks will have already
6612 * been triggered, potentially causing misleading DISCONNECTED
6613 * status responses.
6614 */
d7a5a11d 6615 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6616 status = MGMT_STATUS_INVALID_INDEX;
6617 else
6618 status = MGMT_STATUS_NOT_POWERED;
6619
6620 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6621
6622 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6623 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6624 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 6625
6626new_settings:
beadb2bd 6627 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6628
6629 if (match.sk)
6630 sock_put(match.sk);
6631
7bb895d6 6632 return err;
5add6af8 6633}
73f22f62 6634
3eec705e 6635void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6636{
3b0602cd 6637 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6638 u8 status;
6639
333ae95d 6640 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6641 if (!cmd)
3eec705e 6642 return;
96570ffc
JH		 6643
6644 if (err == -ERFKILL)
6645 status = MGMT_STATUS_RFKILLED;
6646 else
6647 status = MGMT_STATUS_FAILED;
6648
a69e8375 6649 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6650
6651 mgmt_pending_remove(cmd);
96570ffc
JH		 6652}
6653
dc4a5ee2
MH		 6654void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6655 bool persistent)
55ed8ca1 6656{
86742e1e 6657 struct mgmt_ev_new_link_key ev;
55ed8ca1 6658
a492cd52 6659 memset(&ev, 0, sizeof(ev));
55ed8ca1 6660
a492cd52 6661 ev.store_hint = persistent;
d753fdc4 6662 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6663 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6664 ev.key.type = key->type;
9b3b4460 6665 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6666 ev.key.pin_len = key->pin_len;
55ed8ca1 6667
dc4a5ee2 6668 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6669}
f7520543 6670
d7b25450
JH		 6671static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6672{
23fb8de3
JH		 6673 switch (ltk->type) {
6674 case SMP_LTK:
6675 case SMP_LTK_SLAVE:
6676 if (ltk->authenticated)
6677 return MGMT_LTK_AUTHENTICATED;
6678 return MGMT_LTK_UNAUTHENTICATED;
6679 case SMP_LTK_P256:
6680 if (ltk->authenticated)
6681 return MGMT_LTK_P256_AUTH;
6682 return MGMT_LTK_P256_UNAUTH;
6683 case SMP_LTK_P256_DEBUG:
6684 return MGMT_LTK_P256_DEBUG;
6685 }
d7b25450
JH		 6686
6687 return MGMT_LTK_UNAUTHENTICATED;
6688}
6689
53ac6ab6 6690void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6691{
6692 struct mgmt_ev_new_long_term_key ev;
6693
6694 memset(&ev, 0, sizeof(ev));
6695
5192d301 6696 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6697 * without providing an identity resolving key don't require
5192d301
MH		 6698 * to store long term keys. Their addresses will change the
6699 * next time around.
6700 *
6701 * Only when a remote device provides an identity address
6702 * make sure the long term key is stored. If the remote
6703 * identity is known, the long term keys are internally
6704 * mapped to the identity address. So allow static random
6705 * and public addresses here.
6706 */
ba74b666
JH		 6707 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6708 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6709 ev.store_hint = 0x00;
6710 else
53ac6ab6 6711 ev.store_hint = persistent;
ba74b666 6712
346af67b 6713 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6714 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6715 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6716 ev.key.enc_size = key->enc_size;
6717 ev.key.ediv = key->ediv;
fe39c7b2 6718 ev.key.rand = key->rand;
346af67b 6719
2ceba539 6720 if (key->type == SMP_LTK)
346af67b
VCG		 6721 ev.key.master = 1;
6722
1fc62c52
JH		 6723 /* Make sure we copy only the significant bytes based on the
6724 * encryption key size, and set the rest of the value to zeroes.
6725 */
cb92205b 6726 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 6727 memset(ev.key.val + key->enc_size, 0,
6728 sizeof(ev.key.val) - key->enc_size);
346af67b 6729
083368f7 6730 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6731}
6732
cad20c27 6733void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 6734{
6735 struct mgmt_ev_new_irk ev;
6736
6737 memset(&ev, 0, sizeof(ev));
6738
cad20c27 6739 ev.store_hint = persistent;
bab6d1e5 6740
95fbac8a
JH		 6741 bacpy(&ev.rpa, &irk->rpa);
6742 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6743 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6744 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6745
6746 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6747}
6748
53ac6ab6
MH		 6749void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6750 bool persistent)
7ee4ea36
MH		 6751{
6752 struct mgmt_ev_new_csrk ev;
6753
6754 memset(&ev, 0, sizeof(ev));
6755
6756 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6757 * without providing an identity resolving key don't require
7ee4ea36
MH		 6758 * to store signature resolving keys. Their addresses will change
6759 * the next time around.
6760 *
6761 * Only when a remote device provides an identity address
6762 * make sure the signature resolving key is stored. So allow
6763 * static random and public addresses here.
6764 */
6765 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6766 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6767 ev.store_hint = 0x00;
6768 else
53ac6ab6 6769 ev.store_hint = persistent;
7ee4ea36
MH		 6770
6771 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6772 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6773 ev.key.type = csrk->type;
7ee4ea36
MH		 6774 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6775
6776 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6777}
6778
ffb5a827 6779void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6780 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6781 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6782{
6783 struct mgmt_ev_new_conn_param ev;
6784
c103aea6
JH		 6785 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6786 return;
6787
ffb5a827
AG		 6788 memset(&ev, 0, sizeof(ev));
6789 bacpy(&ev.addr.bdaddr, bdaddr);
6790 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6791 ev.store_hint = store_hint;
ffb5a827
AG		 6792 ev.min_interval = cpu_to_le16(min_interval);
6793 ev.max_interval = cpu_to_le16(max_interval);
6794 ev.latency = cpu_to_le16(latency);
6795 ev.timeout = cpu_to_le16(timeout);
6796
6797 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6798}
6799
48ec92fa
AA		 6800void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6801 u32 flags, u8 *name, u8 name_len)
f7520543 6802{
b644ba33
JH		 6803 char buf[512];
6804 struct mgmt_ev_device_connected *ev = (void *) buf;
6805 u16 eir_len = 0;
f7520543 6806
48ec92fa
AA		 6807 bacpy(&ev->addr.bdaddr, &conn->dst);
6808 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6809
c95f0ba7 6810 ev->flags = __cpu_to_le32(flags);
08c79b61 6811
fd45ada9
AA		 6812 /* We must ensure that the EIR Data fields are ordered and
6813 * unique. Keep it simple for now and avoid the problem by not
6814 * adding any BR/EDR data to the LE adv.
6815 */
6816 if (conn->le_adv_data_len > 0) {
6817 memcpy(&ev->eir[eir_len],
6818 conn->le_adv_data, conn->le_adv_data_len);
6819 eir_len = conn->le_adv_data_len;
6820 } else {
6821 if (name_len > 0)
6822 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6823 name, name_len);
b644ba33 6824
ddbea5cf 6825 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6826 eir_len = eir_append_data(ev->eir, eir_len,
6827 EIR_CLASS_OF_DEV,
6828 conn->dev_class, 3);
6829 }
b644ba33 6830
eb55ef07 6831 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6832
ecd90ae7
MH		 6833 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6834 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6835}
6836
3b0602cd 6837static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6838{
8962ee74 6839 struct sock **sk = data;
8962ee74 6840
f5818c22 6841 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6842
6843 *sk = cmd->sk;
6844 sock_hold(*sk);
6845
a664b5bc 6846 mgmt_pending_remove(cmd);
8962ee74
JH		 6847}
6848
3b0602cd 6849static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6850{
b1078ad0 6851 struct hci_dev *hdev = data;
124f6e35 6852 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6853
b1078ad0
JH		 6854 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6855
d8b7b1e4 6856 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6857 mgmt_pending_remove(cmd);
6858}
6859
84c61d92
JH		 6860bool mgmt_powering_down(struct hci_dev *hdev)
6861{
3b0602cd 6862 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6863 struct mgmt_mode *cp;
6864
333ae95d 6865 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 6866 if (!cmd)
6867 return false;
6868
6869 cp = cmd->param;
6870 if (!cp->val)
6871 return true;
6872
6873 return false;
6874}
6875
9b80ec5e 6876void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6877 u8 link_type, u8 addr_type, u8 reason,
6878 bool mgmt_connected)
f7520543 6879{
f0d6a0ea 6880 struct mgmt_ev_device_disconnected ev;
8962ee74 6881 struct sock *sk = NULL;
8962ee74 6882
84c61d92
JH		 6883 /* The connection is still in hci_conn_hash so test for 1
6884 * instead of 0 to know if this is the last one.
6885 */
6886 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6887 cancel_delayed_work(&hdev->power_off);
6888 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6889 }
6890
12d4a3b2
JH		 6891 if (!mgmt_connected)
6892 return;
6893
57eb776f
AG		 6894 if (link_type != ACL_LINK && link_type != LE_LINK)
6895 return;
6896
744cf19e 6897 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6898
f0d6a0ea
MA		 6899 bacpy(&ev.addr.bdaddr, bdaddr);
6900 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6901 ev.reason = reason;
f7520543 6902
9b80ec5e 6903 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6904
6905 if (sk)
d97dcb66 6906 sock_put(sk);
8962ee74 6907
124f6e35 6908 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6909 hdev);
8962ee74
JH		 6910}
6911
7892924c
MH		 6912void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6913 u8 link_type, u8 addr_type, u8 status)
8962ee74 6914{
3655bba8
AG		 6915 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6916 struct mgmt_cp_disconnect *cp;
3b0602cd 6917 struct mgmt_pending_cmd *cmd;
8962ee74 6918
36a75f1b
JD		 6919 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6920 hdev);
6921
333ae95d 6922 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6923 if (!cmd)
7892924c 6924 return;
8962ee74 6925
3655bba8
AG		 6926 cp = cmd->param;
6927
6928 if (bacmp(bdaddr, &cp->addr.bdaddr))
6929 return;
6930
6931 if (cp->addr.type != bdaddr_type)
6932 return;
6933
f5818c22 6934 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6935 mgmt_pending_remove(cmd);
f7520543 6936}
17d5c04c 6937
445608d0
MH		 6938void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6939 u8 addr_type, u8 status)
17d5c04c
JH		 6940{
6941 struct mgmt_ev_connect_failed ev;
c9910d0f 6942
84c61d92
JH		 6943 /* The connection is still in hci_conn_hash so test for 1
6944 * instead of 0 to know if this is the last one.
6945 */
6946 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6947 cancel_delayed_work(&hdev->power_off);
6948 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6949 }
17d5c04c 6950
4c659c39 6951 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6952 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6953 ev.status = mgmt_status(status);
17d5c04c 6954
445608d0 6955 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6956}
980e1a53 6957
ce0e4a0d 6958void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6959{
6960 struct mgmt_ev_pin_code_request ev;
6961
d8457698 6962 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6963 ev.addr.type = BDADDR_BREDR;
a770bb5a 6964 ev.secure = secure;
980e1a53 6965
ce0e4a0d 6966 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6967}
6968
e669cf80
MH		 6969void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6970 u8 status)
980e1a53 6971{
3b0602cd 6972 struct mgmt_pending_cmd *cmd;
980e1a53 6973
333ae95d 6974 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6975 if (!cmd)
e669cf80 6976 return;
980e1a53 6977
7776d1d8 6978 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6979 mgmt_pending_remove(cmd);
980e1a53
JH		 6980}
6981
3eb38528
MH		 6982void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6983 u8 status)
980e1a53 6984{
3b0602cd 6985 struct mgmt_pending_cmd *cmd;
980e1a53 6986
333ae95d 6987 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6988 if (!cmd)
3eb38528 6989 return;
980e1a53 6990
7776d1d8 6991 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6992 mgmt_pending_remove(cmd);
980e1a53 6993}
a5c29683 6994
744cf19e 6995int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6996 u8 link_type, u8 addr_type, u32 value,
04124681 6997 u8 confirm_hint)
a5c29683
JH		 6998{
6999 struct mgmt_ev_user_confirm_request ev;
7000
744cf19e 7001 BT_DBG("%s", hdev->name);
a5c29683 7002
272d90df 7003 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7004 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7005 ev.confirm_hint = confirm_hint;
39adbffe 7006 ev.value = cpu_to_le32(value);
a5c29683 7007
744cf19e 7008 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7009 NULL);
a5c29683
JH		 7010}
7011
272d90df 7012int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7013 u8 link_type, u8 addr_type)
604086b7
BG		 7014{
7015 struct mgmt_ev_user_passkey_request ev;
7016
7017 BT_DBG("%s", hdev->name);
7018
272d90df 7019 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7020 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7021
7022 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7023 NULL);
604086b7
BG		 7024}
7025
0df4c185 7026static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7027 u8 link_type, u8 addr_type, u8 status,
7028 u8 opcode)
a5c29683 7029{
3b0602cd 7030 struct mgmt_pending_cmd *cmd;
a5c29683 7031
333ae95d 7032 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7033 if (!cmd)
7034 return -ENOENT;
7035
7776d1d8 7036 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7037 mgmt_pending_remove(cmd);
a5c29683 7038
7776d1d8 7039 return 0;
a5c29683
JH		 7040}
7041
744cf19e 7042int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7043 u8 link_type, u8 addr_type, u8 status)
a5c29683 7044{
272d90df 7045 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7046 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7047}
7048
272d90df 7049int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7050 u8 link_type, u8 addr_type, u8 status)
a5c29683 7051{
272d90df 7052 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7053 status,
7054 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7055}
2a611692 7056
604086b7 7057int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7058 u8 link_type, u8 addr_type, u8 status)
604086b7 7059{
272d90df 7060 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7061 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7062}
7063
272d90df 7064int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7065 u8 link_type, u8 addr_type, u8 status)
604086b7 7066{
272d90df 7067 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7068 status,
7069 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7070}
7071
92a25256
JH		 7072int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7073 u8 link_type, u8 addr_type, u32 passkey,
7074 u8 entered)
7075{
7076 struct mgmt_ev_passkey_notify ev;
7077
7078 BT_DBG("%s", hdev->name);
7079
7080 bacpy(&ev.addr.bdaddr, bdaddr);
7081 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7082 ev.passkey = __cpu_to_le32(passkey);
7083 ev.entered = entered;
7084
7085 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7086}
7087
e1e930f5 7088void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7089{
7090 struct mgmt_ev_auth_failed ev;
3b0602cd 7091 struct mgmt_pending_cmd *cmd;
e1e930f5 7092 u8 status = mgmt_status(hci_status);
2a611692 7093
e1e930f5
JH		 7094 bacpy(&ev.addr.bdaddr, &conn->dst);
7095 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7096 ev.status = status;
2a611692 7097
e1e930f5
JH		 7098 cmd = find_pairing(conn);
7099
7100 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7101 cmd ? cmd->sk : NULL);
7102
a511b35b
JH		 7103 if (cmd) {
7104 cmd->cmd_complete(cmd, status);
7105 mgmt_pending_remove(cmd);
7106 }
2a611692 7107}
b312b161 7108
464996ae 7109void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7110{
7111 struct cmd_lookup match = { NULL, hdev };
464996ae 7112 bool changed;
33ef95ed
JH		 7113
7114 if (status) {
7115 u8 mgmt_err = mgmt_status(status);
7116 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7117 cmd_status_rsp, &mgmt_err);
464996ae 7118 return;
33ef95ed
JH		 7119 }
7120
464996ae 7121 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7122 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7123 else
a69d8927 7124 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7125
33ef95ed 7126 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7127 &match);
33ef95ed 7128
47990ea0 7129 if (changed)
464996ae 7130 new_settings(hdev, match.sk);
33ef95ed
JH		 7131
7132 if (match.sk)
7133 sock_put(match.sk);
33ef95ed
JH		 7134}
7135
890ea898 7136static void clear_eir(struct hci_request *req)
cacaf52f 7137{
890ea898 7138 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7139 struct hci_cp_write_eir cp;
7140
976eb20e 7141 if (!lmp_ext_inq_capable(hdev))
890ea898 7142 return;
cacaf52f 7143
c80da27e
JH		 7144 memset(hdev->eir, 0, sizeof(hdev->eir));
7145
cacaf52f
JH		 7146 memset(&cp, 0, sizeof(cp));
7147
890ea898 7148 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7149}
7150
3e248560 7151void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7152{
7153 struct cmd_lookup match = { NULL, hdev };
890ea898 7154 struct hci_request req;
c0ecddc2 7155 bool changed = false;
ed2c4ee3
JH		 7156
7157 if (status) {
7158 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7159
a69d8927
MH		 7160 if (enable && hci_dev_test_and_clear_flag(hdev,
7161 HCI_SSP_ENABLED)) {
a358dc11 7162 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7163 new_settings(hdev, NULL);
9ecb3e24 7164 }
c0ecddc2 7165
04124681
GP		 7166 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7167 &mgmt_err);
3e248560 7168 return;
c0ecddc2
JH		 7169 }
7170
7171 if (enable) {
238be788 7172 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7173 } else {
a69d8927 7174 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7175 if (!changed)
a69d8927
MH		 7176 changed = hci_dev_test_and_clear_flag(hdev,
7177 HCI_HS_ENABLED);
9ecb3e24 7178 else
a358dc11 7179 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7180 }
7181
7182 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7183
c0ecddc2 7184 if (changed)
3e248560 7185 new_settings(hdev, match.sk);
ed2c4ee3 7186
5fc6ebb1 7187 if (match.sk)
ed2c4ee3
JH		 7188 sock_put(match.sk);
7189
890ea898
JH		 7190 hci_req_init(&req, hdev);
7191
d7a5a11d
MH		 7192 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7193 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7194 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7195 sizeof(enable), &enable);
b1a8917c 7196 __hci_req_update_eir(&req);
3769972b 7197 } else {
890ea898 7198 clear_eir(&req);
3769972b 7199 }
890ea898
JH		 7200
7201 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7202}
7203
3b0602cd 7204static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7205{
7206 struct cmd_lookup *match = data;
7207
90e70454
JH		 7208 if (match->sk == NULL) {
7209 match->sk = cmd->sk;
7210 sock_hold(match->sk);
7211 }
90e70454
JH		 7212}
7213
4e1b0245
MH		 7214void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7215 u8 status)
7f9a903c 7216{
90e70454 7217 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7218
92da6097
JH		 7219 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7220 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7221 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7222
7223 if (!status)
f6b7712e
MH		 7224 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7225 dev_class, 3, NULL);
90e70454
JH		 7226
7227 if (match.sk)
7228 sock_put(match.sk);
7f9a903c
MH		 7229}
7230
7667da34 7231void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7232{
b312b161 7233 struct mgmt_cp_set_local_name ev;
3b0602cd 7234 struct mgmt_pending_cmd *cmd;
28cc7bde 7235
13928971 7236 if (status)
7667da34 7237 return;
b312b161
JH		 7238
7239 memset(&ev, 0, sizeof(ev));
7240 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7241 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7242
333ae95d 7243 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7244 if (!cmd) {
7245 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7246
13928971
JH		 7247 /* If this is a HCI command related to powering on the
7248 * HCI dev don't send any mgmt signals.
7249 */
333ae95d 7250 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7251 return;
890ea898 7252 }
b312b161 7253
f6b7712e
MH		 7254 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7255 cmd ? cmd->sk : NULL);
b312b161 7256}
c35938b2 7257
799ce93d
JP		 7258static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7259{
7260 int i;
7261
7262 for (i = 0; i < uuid_count; i++) {
7263 if (!memcmp(uuid, uuids[i], 16))
7264 return true;
7265 }
7266
7267 return false;
7268}
7269
b487b9ce
MH		 7270static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7271{
799ce93d
JP		 7272 u16 parsed = 0;
7273
7274 while (parsed < eir_len) {
7275 u8 field_len = eir[0];
7276 u8 uuid[16];
7277 int i;
7278
7279 if (field_len == 0)
7280 break;
7281
7282 if (eir_len - parsed < field_len + 1)
7283 break;
7284
7285 switch (eir[1]) {
7286 case EIR_UUID16_ALL:
7287 case EIR_UUID16_SOME:
7288 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7289 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7290 uuid[13] = eir[i + 3];
7291 uuid[12] = eir[i + 2];
7292 if (has_uuid(uuid, uuid_count, uuids))
7293 return true;
7294 }
7295 break;
7296 case EIR_UUID32_ALL:
7297 case EIR_UUID32_SOME:
7298 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7299 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7300 uuid[15] = eir[i + 5];
7301 uuid[14] = eir[i + 4];
7302 uuid[13] = eir[i + 3];
7303 uuid[12] = eir[i + 2];
7304 if (has_uuid(uuid, uuid_count, uuids))
7305 return true;
7306 }
7307 break;
7308 case EIR_UUID128_ALL:
7309 case EIR_UUID128_SOME:
7310 for (i = 0; i + 17 <= field_len; i += 16) {
7311 memcpy(uuid, eir + i + 2, 16);
7312 if (has_uuid(uuid, uuid_count, uuids))
7313 return true;
7314 }
7315 break;
7316 }
7317
7318 parsed += field_len + 1;
7319 eir += field_len + 1;
7320 }
7321
b487b9ce
MH		 7322 return false;
7323}
7324
4b0e0ced
JP		 7325static void restart_le_scan(struct hci_dev *hdev)
7326{
7327 /* If controller is not scanning we are done. */
d7a5a11d 7328 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7329 return;
7330
7331 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7332 hdev->discovery.scan_start +
7333 hdev->discovery.scan_duration))
7334 return;
7335
7c1fbed2 7336 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7337 DISCOV_LE_RESTART_DELAY);
7338}
7339
48f86b7f
JP		 7340static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7341 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7342{
48f86b7f
JP		 7343 /* If a RSSI threshold has been specified, and
7344 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7345 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7346 * is set, let it through for further processing, as we might need to
7347 * restart the scan.
efb2513f
MH		 7348 *
7349 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7350 * the results are also dropped.
bda157a4
MH		 7351 */
7352 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7353 (rssi == HCI_RSSI_INVALID ||
7354 (rssi < hdev->discovery.rssi &&
7355 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7356 return false;
efb2513f 7357
2976cdeb
JP		 7358 if (hdev->discovery.uuid_count != 0) {
7359 /* If a list of UUIDs is provided in filter, results with no
7360 * matching UUID should be dropped.
b487b9ce 7361 */
2976cdeb
JP		 7362 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7363 hdev->discovery.uuids) &&
7364 !eir_has_uuids(scan_rsp, scan_rsp_len,
7365 hdev->discovery.uuid_count,
7366 hdev->discovery.uuids))
7367 return false;
b487b9ce 7368 }
5d2e9fad 7369
2976cdeb
JP		 7370 /* If duplicate filtering does not report RSSI changes, then restart
7371 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7372 */
2976cdeb
JP		 7373 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7374 restart_le_scan(hdev);
7375
7376 /* Validate RSSI value against the RSSI threshold once more. */
7377 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7378 rssi < hdev->discovery.rssi)
7379 return false;
7380 }
48f86b7f
JP		 7381
7382 return true;
7383}
7384
7385void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7386 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7387 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7388{
7389 char buf[512];
7390 struct mgmt_ev_device_found *ev = (void *)buf;
7391 size_t ev_size;
7392
7393 /* Don't send events for a non-kernel initiated discovery. With
7394 * LE one exception is if we have pend_le_reports > 0 in which
7395 * case we're doing passive scanning and want these events.
7396 */
7397 if (!hci_discovery_active(hdev)) {
7398 if (link_type == ACL_LINK)
7399 return;
7400 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7401 return;
7402 }
7403
82f8b651 7404 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7405 /* We are using service discovery */
7406 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7407 scan_rsp_len))
7408 return;
7409 }
7410
7411 /* Make sure that the buffer is big enough. The 5 extra bytes
7412 * are for the potential CoD field.
7413 */
7414 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7415 return;
7416
48f86b7f
JP		 7417 memset(buf, 0, sizeof(buf));
7418
7419 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7420 * RSSI value was reported as 0 when not available. This behavior
7421 * is kept when using device discovery. This is required for full
7422 * backwards compatibility with the API.
7423 *
7424 * However when using service discovery, the value 127 will be
7425 * returned when the RSSI is not available.
7426 */
7427 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7428 link_type == ACL_LINK)
7429 rssi = 0;
7430
7431 bacpy(&ev->addr.bdaddr, bdaddr);
7432 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7433 ev->rssi = rssi;
7434 ev->flags = cpu_to_le32(flags);
7435
7436 if (eir_len > 0)
7437 /* Copy EIR or advertising data into event */
7438 memcpy(ev->eir, eir, eir_len);
7439
7440 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7441 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7442 dev_class, 3);
7443
7444 if (scan_rsp_len > 0)
7445 /* Append scan response data to event */
7446 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7447
5d2e9fad
JH		 7448 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7449 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7450
901801b9 7451 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7452}
a88a9652 7453
9cf12aee
MH		 7454void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7455 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7456{
b644ba33
JH		 7457 struct mgmt_ev_device_found *ev;
7458 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7459 u16 eir_len;
a88a9652 7460
b644ba33 7461 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7462
b644ba33
JH		 7463 memset(buf, 0, sizeof(buf));
7464
7465 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7466 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7467 ev->rssi = rssi;
7468
7469 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7470 name_len);
b644ba33 7471
eb55ef07 7472 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7473
9cf12aee 7474 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7475}
314b2381 7476
2f1e063b 7477void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7478{
f963e8e9 7479 struct mgmt_ev_discovering ev;
164a6e78 7480
343fb145
AG		 7481 BT_DBG("%s discovering %u", hdev->name, discovering);
7482
f963e8e9
JH		 7483 memset(&ev, 0, sizeof(ev));
7484 ev.type = hdev->discovery.type;
7485 ev.discovering = discovering;
7486
2f1e063b 7487 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7488}
5e762444 7489
6d785aa3
JH		 7490static struct hci_mgmt_chan chan = {
7491 .channel = HCI_CHANNEL_CONTROL,
7492 .handler_count = ARRAY_SIZE(mgmt_handlers),
7493 .handlers = mgmt_handlers,
88b94ce9 7494 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7495};
7496
7497int mgmt_init(void)
7498{
7499 return hci_mgmt_chan_register(&chan);
7500}
7501
7502void mgmt_exit(void)
7503{
7504 hci_mgmt_chan_unregister(&chan);
7505}
Linux kernel - Deliverables
This page took 1.110302 seconds and 5 git commands to generate.