projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: mgmt: multi adv for create_instance_scan_rsp_data()
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
beb1c21b 41#define MGMT_REVISION 9
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
e70bb2e8
JH		 105};
106
107static const u16 mgmt_events[] = {
108 MGMT_EV_CONTROLLER_ERROR,
109 MGMT_EV_INDEX_ADDED,
110 MGMT_EV_INDEX_REMOVED,
111 MGMT_EV_NEW_SETTINGS,
112 MGMT_EV_CLASS_OF_DEV_CHANGED,
113 MGMT_EV_LOCAL_NAME_CHANGED,
114 MGMT_EV_NEW_LINK_KEY,
115 MGMT_EV_NEW_LONG_TERM_KEY,
116 MGMT_EV_DEVICE_CONNECTED,
117 MGMT_EV_DEVICE_DISCONNECTED,
118 MGMT_EV_CONNECT_FAILED,
119 MGMT_EV_PIN_CODE_REQUEST,
120 MGMT_EV_USER_CONFIRM_REQUEST,
121 MGMT_EV_USER_PASSKEY_REQUEST,
122 MGMT_EV_AUTH_FAILED,
123 MGMT_EV_DEVICE_FOUND,
124 MGMT_EV_DISCOVERING,
125 MGMT_EV_DEVICE_BLOCKED,
126 MGMT_EV_DEVICE_UNBLOCKED,
127 MGMT_EV_DEVICE_UNPAIRED,
92a25256 128 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 129 MGMT_EV_NEW_IRK,
7ee4ea36 130 MGMT_EV_NEW_CSRK,
8afef092
MH		 131 MGMT_EV_DEVICE_ADDED,
132 MGMT_EV_DEVICE_REMOVED,
ffb5a827 133 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 134 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 135 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 136 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 137 MGMT_EV_EXT_INDEX_ADDED,
138 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 139 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 140 MGMT_EV_ADVERTISING_ADDED,
141 MGMT_EV_ADVERTISING_REMOVED,
e70bb2e8
JH		 142};
143
99c679ac
MH		 144static const u16 mgmt_untrusted_commands[] = {
145 MGMT_OP_READ_INDEX_LIST,
146 MGMT_OP_READ_INFO,
147 MGMT_OP_READ_UNCONF_INDEX_LIST,
148 MGMT_OP_READ_CONFIG_INFO,
149 MGMT_OP_READ_EXT_INDEX_LIST,
150};
151
152static const u16 mgmt_untrusted_events[] = {
153 MGMT_EV_INDEX_ADDED,
154 MGMT_EV_INDEX_REMOVED,
155 MGMT_EV_NEW_SETTINGS,
156 MGMT_EV_CLASS_OF_DEV_CHANGED,
157 MGMT_EV_LOCAL_NAME_CHANGED,
158 MGMT_EV_UNCONF_INDEX_ADDED,
159 MGMT_EV_UNCONF_INDEX_REMOVED,
160 MGMT_EV_NEW_CONFIG_OPTIONS,
161 MGMT_EV_EXT_INDEX_ADDED,
162 MGMT_EV_EXT_INDEX_REMOVED,
163};
164
17b02e62 165#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 166
d25b78e2
JH		 167#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
168 "\x00\x00\x00\x00\x00\x00\x00\x00"
169
ca69b795
JH		 170/* HCI to MGMT error code conversion table */
171static u8 mgmt_status_table[] = {
172 MGMT_STATUS_SUCCESS,
173 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
174 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
175 MGMT_STATUS_FAILED, /* Hardware Failure */
176 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
177 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 178 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 179 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
180 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
181 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
182 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
183 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
184 MGMT_STATUS_BUSY, /* Command Disallowed */
185 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
186 MGMT_STATUS_REJECTED, /* Rejected Security */
187 MGMT_STATUS_REJECTED, /* Rejected Personal */
188 MGMT_STATUS_TIMEOUT, /* Host Timeout */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
190 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
191 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
192 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
193 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
194 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
195 MGMT_STATUS_BUSY, /* Repeated Attempts */
196 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
197 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
198 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
199 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
200 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
201 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
202 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
203 MGMT_STATUS_FAILED, /* Unspecified Error */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
205 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
206 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
207 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
208 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
209 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
210 MGMT_STATUS_FAILED, /* Unit Link Key Used */
211 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
212 MGMT_STATUS_TIMEOUT, /* Instant Passed */
213 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
214 MGMT_STATUS_FAILED, /* Transaction Collision */
215 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
216 MGMT_STATUS_REJECTED, /* QoS Rejected */
217 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
218 MGMT_STATUS_REJECTED, /* Insufficient Security */
219 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
220 MGMT_STATUS_BUSY, /* Role Switch Pending */
221 MGMT_STATUS_FAILED, /* Slot Violation */
222 MGMT_STATUS_FAILED, /* Role Switch Failed */
223 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
224 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
225 MGMT_STATUS_BUSY, /* Host Busy Pairing */
226 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
227 MGMT_STATUS_BUSY, /* Controller Busy */
228 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
229 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
230 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
231 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
232 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
233};
234
235static u8 mgmt_status(u8 hci_status)
236{
237 if (hci_status < ARRAY_SIZE(mgmt_status_table))
238 return mgmt_status_table[hci_status];
239
240 return MGMT_STATUS_FAILED;
241}
242
c08b1a1d
MH		 243static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
244 u16 len, int flag)
f9207338 245{
c08b1a1d
MH		 246 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
247 flag, NULL);
f9207338
MH		 248}
249
72000df2
MH		 250static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag, struct sock *skip_sk)
252{
253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, skip_sk);
255}
256
f6b7712e
MH		 257static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 HCI_MGMT_GENERIC_EVENTS, skip_sk);
262}
263
7a00ff44
JH		 264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 268 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 269}
270
04124681
GP		 271static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
272 u16 data_len)
a38528f1
JH		 273{
274 struct mgmt_rp_read_version rp;
275
276 BT_DBG("sock %p", sk);
277
278 rp.version = MGMT_VERSION;
dcf4adbf 279 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 280
2a1afb5a
JH		 281 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
282 &rp, sizeof(rp));
a38528f1
JH		 283}
284
04124681
GP		 285static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
286 u16 data_len)
e70bb2e8
JH		 287{
288 struct mgmt_rp_read_commands *rp;
99c679ac 289 u16 num_commands, num_events;
e70bb2e8
JH		 290 size_t rp_size;
291 int i, err;
292
293 BT_DBG("sock %p", sk);
294
99c679ac
MH		 295 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
296 num_commands = ARRAY_SIZE(mgmt_commands);
297 num_events = ARRAY_SIZE(mgmt_events);
298 } else {
299 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
300 num_events = ARRAY_SIZE(mgmt_untrusted_events);
301 }
302
e70bb2e8
JH		 303 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
304
305 rp = kmalloc(rp_size, GFP_KERNEL);
306 if (!rp)
307 return -ENOMEM;
308
dcf4adbf
JP		 309 rp->num_commands = cpu_to_le16(num_commands);
310 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 311
99c679ac
MH		 312 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
313 __le16 *opcode = rp->opcodes;
314
315 for (i = 0; i < num_commands; i++, opcode++)
316 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 317
99c679ac
MH		 318 for (i = 0; i < num_events; i++, opcode++)
319 put_unaligned_le16(mgmt_events[i], opcode);
320 } else {
321 __le16 *opcode = rp->opcodes;
322
323 for (i = 0; i < num_commands; i++, opcode++)
324 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
325
326 for (i = 0; i < num_events; i++, opcode++)
327 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
328 }
e70bb2e8 329
2a1afb5a
JH		 330 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
331 rp, rp_size);
e70bb2e8
JH		 332 kfree(rp);
333
334 return err;
335}
336
04124681
GP		 337static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
338 u16 data_len)
faba42eb 339{
faba42eb 340 struct mgmt_rp_read_index_list *rp;
8035ded4 341 struct hci_dev *d;
a38528f1 342 size_t rp_len;
faba42eb 343 u16 count;
476e44cb 344 int err;
faba42eb
JH		 345
346 BT_DBG("sock %p", sk);
347
348 read_lock(&hci_dev_list_lock);
349
350 count = 0;
bb4b2a9a 351 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 352 if (d->dev_type == HCI_BREDR &&
d7a5a11d 353 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 354 count++;
faba42eb
JH		 355 }
356
a38528f1
JH		 357 rp_len = sizeof(*rp) + (2 * count);
358 rp = kmalloc(rp_len, GFP_ATOMIC);
359 if (!rp) {
b2c60d42 360 read_unlock(&hci_dev_list_lock);
faba42eb 361 return -ENOMEM;
b2c60d42 362 }
faba42eb 363
476e44cb 364 count = 0;
8035ded4 365 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 366 if (hci_dev_test_flag(d, HCI_SETUP) ||
367 hci_dev_test_flag(d, HCI_CONFIG) ||
368 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 369 continue;
370
73d1df2a
MH		 371 /* Devices marked as raw-only are neither configured
372 * nor unconfigured controllers.
373 */
374 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 375 continue;
376
73d1df2a 377 if (d->dev_type == HCI_BREDR &&
d7a5a11d 378 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 379 rp->index[count++] = cpu_to_le16(d->id);
380 BT_DBG("Added hci%u", d->id);
381 }
faba42eb
JH		 382 }
383
476e44cb
JH		 384 rp->num_controllers = cpu_to_le16(count);
385 rp_len = sizeof(*rp) + (2 * count);
386
faba42eb
JH		 387 read_unlock(&hci_dev_list_lock);
388
2a1afb5a
JH		 389 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
390 0, rp, rp_len);
faba42eb 391
a38528f1
JH		 392 kfree(rp);
393
394 return err;
faba42eb
JH		 395}
396
73d1df2a
MH		 397static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
398 void *data, u16 data_len)
399{
400 struct mgmt_rp_read_unconf_index_list *rp;
401 struct hci_dev *d;
402 size_t rp_len;
403 u16 count;
404 int err;
405
406 BT_DBG("sock %p", sk);
407
408 read_lock(&hci_dev_list_lock);
409
410 count = 0;
411 list_for_each_entry(d, &hci_dev_list, list) {
412 if (d->dev_type == HCI_BREDR &&
d7a5a11d 413 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 414 count++;
415 }
416
417 rp_len = sizeof(*rp) + (2 * count);
418 rp = kmalloc(rp_len, GFP_ATOMIC);
419 if (!rp) {
420 read_unlock(&hci_dev_list_lock);
421 return -ENOMEM;
422 }
423
424 count = 0;
425 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 426 if (hci_dev_test_flag(d, HCI_SETUP) ||
427 hci_dev_test_flag(d, HCI_CONFIG) ||
428 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 429 continue;
430
431 /* Devices marked as raw-only are neither configured
432 * nor unconfigured controllers.
433 */
434 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
435 continue;
436
437 if (d->dev_type == HCI_BREDR &&
d7a5a11d 438 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 439 rp->index[count++] = cpu_to_le16(d->id);
440 BT_DBG("Added hci%u", d->id);
441 }
442 }
443
444 rp->num_controllers = cpu_to_le16(count);
445 rp_len = sizeof(*rp) + (2 * count);
446
447 read_unlock(&hci_dev_list_lock);
448
2a1afb5a
JH		 449 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
450 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 451
452 kfree(rp);
453
454 return err;
455}
456
96f1474a
MH		 457static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
458 void *data, u16 data_len)
459{
460 struct mgmt_rp_read_ext_index_list *rp;
461 struct hci_dev *d;
462 size_t rp_len;
463 u16 count;
464 int err;
465
466 BT_DBG("sock %p", sk);
467
468 read_lock(&hci_dev_list_lock);
469
470 count = 0;
471 list_for_each_entry(d, &hci_dev_list, list) {
472 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
473 count++;
474 }
475
476 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
477 rp = kmalloc(rp_len, GFP_ATOMIC);
478 if (!rp) {
479 read_unlock(&hci_dev_list_lock);
480 return -ENOMEM;
481 }
482
483 count = 0;
484 list_for_each_entry(d, &hci_dev_list, list) {
485 if (hci_dev_test_flag(d, HCI_SETUP) ||
486 hci_dev_test_flag(d, HCI_CONFIG) ||
487 hci_dev_test_flag(d, HCI_USER_CHANNEL))
488 continue;
489
490 /* Devices marked as raw-only are neither configured
491 * nor unconfigured controllers.
492 */
493 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
494 continue;
495
496 if (d->dev_type == HCI_BREDR) {
497 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
498 rp->entry[count].type = 0x01;
499 else
500 rp->entry[count].type = 0x00;
501 } else if (d->dev_type == HCI_AMP) {
502 rp->entry[count].type = 0x02;
503 } else {
504 continue;
505 }
506
507 rp->entry[count].bus = d->bus;
508 rp->entry[count++].index = cpu_to_le16(d->id);
509 BT_DBG("Added hci%u", d->id);
510 }
511
512 rp->num_controllers = cpu_to_le16(count);
513 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
514
515 read_unlock(&hci_dev_list_lock);
516
517 /* If this command is called at least once, then all the
518 * default index and unconfigured index events are disabled
519 * and from now on only extended index events are used.
520 */
521 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
522 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
523 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
524
525 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
526 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
527
528 kfree(rp);
529
530 return err;
531}
532
dbece37a
MH		 533static bool is_configured(struct hci_dev *hdev)
534{
535 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 536 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 537 return false;
538
539 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
540 !bacmp(&hdev->public_addr, BDADDR_ANY))
541 return false;
542
543 return true;
544}
545
89bc22d2
MH		 546static __le32 get_missing_options(struct hci_dev *hdev)
547{
548 u32 options = 0;
549
dbece37a 550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 552 options |= MGMT_OPTION_EXTERNAL_CONFIG;
553
89bc22d2
MH		 554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 options |= MGMT_OPTION_PUBLIC_ADDRESS;
557
558 return cpu_to_le32(options);
559}
560
f4537c04
MH		 561static int new_options(struct hci_dev *hdev, struct sock *skip)
562{
563 __le32 options = get_missing_options(hdev);
564
f6b7712e
MH		 565 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
566 sizeof(options), skip);
f4537c04
MH		 567}
568
dbece37a
MH		 569static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
570{
571 __le32 options = get_missing_options(hdev);
572
2a1afb5a
JH		 573 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
574 sizeof(options));
dbece37a
MH		 575}
576
9fc3bfb6
MH		 577static int read_config_info(struct sock *sk, struct hci_dev *hdev,
578 void *data, u16 data_len)
579{
580 struct mgmt_rp_read_config_info rp;
89bc22d2 581 u32 options = 0;
9fc3bfb6
MH		 582
583 BT_DBG("sock %p %s", sk, hdev->name);
584
585 hci_dev_lock(hdev);
586
587 memset(&rp, 0, sizeof(rp));
588 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 589
eb1904f4
MH		 590 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
591 options |= MGMT_OPTION_EXTERNAL_CONFIG;
592
9fc3bfb6 593 if (hdev->set_bdaddr)
89bc22d2
MH		 594 options |= MGMT_OPTION_PUBLIC_ADDRESS;
595
596 rp.supported_options = cpu_to_le32(options);
597 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 598
599 hci_dev_unlock(hdev);
600
2a1afb5a
JH		 601 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
602 &rp, sizeof(rp));
9fc3bfb6
MH		 603}
604
69ab39ea
JH		 605static u32 get_supported_settings(struct hci_dev *hdev)
606{
607 u32 settings = 0;
608
609 settings |= MGMT_SETTING_POWERED;
b2939475 610 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 611 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 612 settings |= MGMT_SETTING_CONNECTABLE;
613 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 614
ed3fa31f 615 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 616 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
617 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 618 settings |= MGMT_SETTING_BREDR;
619 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 620
621 if (lmp_ssp_capable(hdev)) {
622 settings |= MGMT_SETTING_SSP;
623 settings |= MGMT_SETTING_HS;
624 }
e98d2ce2 625
05b3c3e7 626 if (lmp_sc_capable(hdev))
e98d2ce2 627 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 628 }
d7b7e796 629
eeca6f89 630 if (lmp_le_capable(hdev)) {
9d42820f 631 settings |= MGMT_SETTING_LE;
eeca6f89 632 settings |= MGMT_SETTING_ADVERTISING;
a3209694 633 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 634 settings |= MGMT_SETTING_PRIVACY;
93690c22 635 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 636 }
69ab39ea 637
eb1904f4
MH		 638 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
639 hdev->set_bdaddr)
9fc3bfb6
MH		 640 settings |= MGMT_SETTING_CONFIGURATION;
641
69ab39ea
JH		 642 return settings;
643}
644
645static u32 get_current_settings(struct hci_dev *hdev)
646{
647 u32 settings = 0;
648
f1f0eb02 649 if (hdev_is_powered(hdev))
f0d4b78a
MH		 650 settings |= MGMT_SETTING_POWERED;
651
d7a5a11d 652 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 653 settings |= MGMT_SETTING_CONNECTABLE;
654
d7a5a11d 655 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 656 settings |= MGMT_SETTING_FAST_CONNECTABLE;
657
d7a5a11d 658 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 659 settings |= MGMT_SETTING_DISCOVERABLE;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 662 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 665 settings |= MGMT_SETTING_BREDR;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 668 settings |= MGMT_SETTING_LE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 671 settings |= MGMT_SETTING_LINK_SECURITY;
672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 674 settings |= MGMT_SETTING_SSP;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 677 settings |= MGMT_SETTING_HS;
678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 680 settings |= MGMT_SETTING_ADVERTISING;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 683 settings |= MGMT_SETTING_SECURE_CONN;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 686 settings |= MGMT_SETTING_DEBUG_KEYS;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 689 settings |= MGMT_SETTING_PRIVACY;
690
93690c22
MH		 691 /* The current setting for static address has two purposes. The
692 * first is to indicate if the static address will be used and
693 * the second is to indicate if it is actually set.
694 *
695 * This means if the static address is not configured, this flag
08dc0e98 696 * will never be set. If the address is configured, then if the
93690c22
MH		 697 * address is actually used decides if the flag is set or not.
698 *
699 * For single mode LE only controllers and dual-mode controllers
700 * with BR/EDR disabled, the existence of the static address will
701 * be evaluated.
702 */
b7cb93e5 703 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 704 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 705 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
706 if (bacmp(&hdev->static_addr, BDADDR_ANY))
707 settings |= MGMT_SETTING_STATIC_ADDRESS;
708 }
709
69ab39ea
JH		 710 return settings;
711}
712
ef580372
JH		 713#define PNP_INFO_SVCLASS_ID 0x1200
714
213202ed
JH		 715static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
716{
717 u8 *ptr = data, *uuids_start = NULL;
718 struct bt_uuid *uuid;
719
720 if (len < 4)
721 return ptr;
722
723 list_for_each_entry(uuid, &hdev->uuids, list) {
724 u16 uuid16;
725
726 if (uuid->size != 16)
727 continue;
728
729 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
730 if (uuid16 < 0x1100)
731 continue;
732
733 if (uuid16 == PNP_INFO_SVCLASS_ID)
734 continue;
735
736 if (!uuids_start) {
737 uuids_start = ptr;
738 uuids_start[0] = 1;
739 uuids_start[1] = EIR_UUID16_ALL;
740 ptr += 2;
741 }
742
743 /* Stop if not enough space to put next UUID */
744 if ((ptr - data) + sizeof(u16) > len) {
745 uuids_start[1] = EIR_UUID16_SOME;
746 break;
747 }
748
749 *ptr++ = (uuid16 & 0x00ff);
750 *ptr++ = (uuid16 & 0xff00) >> 8;
751 uuids_start[0] += sizeof(uuid16);
752 }
753
754 return ptr;
755}
756
cdf1963f
JH		 757static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
758{
759 u8 *ptr = data, *uuids_start = NULL;
760 struct bt_uuid *uuid;
761
762 if (len < 6)
763 return ptr;
764
765 list_for_each_entry(uuid, &hdev->uuids, list) {
766 if (uuid->size != 32)
767 continue;
768
769 if (!uuids_start) {
770 uuids_start = ptr;
771 uuids_start[0] = 1;
772 uuids_start[1] = EIR_UUID32_ALL;
773 ptr += 2;
774 }
775
776 /* Stop if not enough space to put next UUID */
777 if ((ptr - data) + sizeof(u32) > len) {
778 uuids_start[1] = EIR_UUID32_SOME;
779 break;
780 }
781
782 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
783 ptr += sizeof(u32);
784 uuids_start[0] += sizeof(u32);
785 }
786
787 return ptr;
788}
789
c00d575b
JH		 790static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
791{
792 u8 *ptr = data, *uuids_start = NULL;
793 struct bt_uuid *uuid;
794
795 if (len < 18)
796 return ptr;
797
798 list_for_each_entry(uuid, &hdev->uuids, list) {
799 if (uuid->size != 128)
800 continue;
801
802 if (!uuids_start) {
803 uuids_start = ptr;
804 uuids_start[0] = 1;
805 uuids_start[1] = EIR_UUID128_ALL;
806 ptr += 2;
807 }
808
809 /* Stop if not enough space to put next UUID */
810 if ((ptr - data) + 16 > len) {
811 uuids_start[1] = EIR_UUID128_SOME;
812 break;
813 }
814
815 memcpy(ptr, uuid->uuid, 16);
816 ptr += 16;
817 uuids_start[0] += 16;
818 }
819
820 return ptr;
821}
822
333ae95d
JH		 823static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
824{
825 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
826}
827
333ae95d
JH		 828static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
829 struct hci_dev *hdev,
830 const void *data)
831{
832 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
833}
834
91aa9bb2
FG		 835static u8 get_current_adv_instance(struct hci_dev *hdev)
836{
837 /* The "Set Advertising" setting supersedes the "Add Advertising"
838 * setting. Here we set the advertising data based on which
839 * setting was set. When neither apply, default to the global settings,
840 * represented by instance "0".
841 */
842 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE) &&
843 !hci_dev_test_flag(hdev, HCI_ADVERTISING))
3ff37e6b 844 return hdev->cur_adv_instance;
91aa9bb2
FG		 845
846 return 0x00;
847}
848
4117ed70 849static u8 create_default_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
f14d8f64 850{
7a5f4990
MH		 851 u8 ad_len = 0;
852 size_t name_len;
853
854 name_len = strlen(hdev->dev_name);
855 if (name_len > 0) {
856 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
857
858 if (name_len > max_len) {
859 name_len = max_len;
860 ptr[1] = EIR_NAME_SHORT;
861 } else
862 ptr[1] = EIR_NAME_COMPLETE;
863
864 ptr[0] = name_len + 1;
865
866 memcpy(ptr + 2, hdev->dev_name, name_len);
867
868 ad_len += (name_len + 2);
869 ptr += (name_len + 2);
870 }
871
872 return ad_len;
f14d8f64
MH		 873}
874
ca21fbe9
FG		 875static u8 create_instance_scan_rsp_data(struct hci_dev *hdev, u8 instance,
876 u8 *ptr)
4117ed70 877{
ca21fbe9
FG		 878 struct adv_info *adv_instance;
879
880 adv_instance = hci_find_adv_instance(hdev, instance);
881 if (!adv_instance)
882 return 0;
883
4117ed70
AU		 884 /* TODO: Set the appropriate entries based on advertising instance flags
885 * here once flags other than 0 are supported.
886 */
ca21fbe9
FG		 887 memcpy(ptr, adv_instance->scan_rsp_data,
888 adv_instance->scan_rsp_len);
4117ed70 889
ca21fbe9 890 return adv_instance->scan_rsp_len;
4117ed70
AU		 891}
892
efae002c 893static void update_inst_scan_rsp_data(struct hci_request *req, u8 instance)
f14d8f64
MH		 894{
895 struct hci_dev *hdev = req->hdev;
896 struct hci_cp_le_set_scan_rsp_data cp;
897 u8 len;
898
d7a5a11d 899 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 900 return;
901
902 memset(&cp, 0, sizeof(cp));
903
4117ed70 904 if (instance)
ca21fbe9 905 len = create_instance_scan_rsp_data(hdev, instance, cp.data);
4117ed70
AU		 906 else
907 len = create_default_scan_rsp_data(hdev, cp.data);
f14d8f64 908
eb438b5f 909 if (hdev->scan_rsp_data_len == len &&
4117ed70 910 !memcmp(cp.data, hdev->scan_rsp_data, len))
f14d8f64
MH		 911 return;
912
eb438b5f
JH		 913 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
914 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 915
916 cp.length = len;
917
918 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
919}
920
4117ed70
AU		 921static void update_scan_rsp_data(struct hci_request *req)
922{
efae002c 923 update_inst_scan_rsp_data(req, get_current_adv_instance(req->hdev));
4117ed70
AU		 924}
925
9a43e25f
JH		 926static u8 get_adv_discov_flags(struct hci_dev *hdev)
927{
3b0602cd 928 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 929
930 /* If there's a pending mgmt command the flags will not yet have
931 * their final values, so check for this first.
932 */
333ae95d 933 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 934 if (cmd) {
935 struct mgmt_mode *cp = cmd->param;
936 if (cp->val == 0x01)
937 return LE_AD_GENERAL;
938 else if (cp->val == 0x02)
939 return LE_AD_LIMITED;
940 } else {
d7a5a11d 941 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 942 return LE_AD_LIMITED;
d7a5a11d 943 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 944 return LE_AD_GENERAL;
945 }
946
947 return 0;
948}
949
fdf51784
AU		 950static bool get_connectable(struct hci_dev *hdev)
951{
952 struct mgmt_pending_cmd *cmd;
441ad2d0 953
fdf51784
AU		 954 /* If there's a pending mgmt command the flag will not yet have
955 * it's final value, so check for this first.
956 */
957 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
958 if (cmd) {
959 struct mgmt_mode *cp = cmd->param;
441ad2d0 960
fdf51784 961 return cp->val;
441ad2d0
MH		 962 }
963
fdf51784
AU		 964 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
965}
441ad2d0 966
fdf51784
AU		 967static u32 get_adv_instance_flags(struct hci_dev *hdev, u8 instance)
968{
969 u32 flags;
411b4121 970 struct adv_info *adv_instance;
441ad2d0 971
bea28e65
FG		 972 if (instance == 0x00) {
973 /* Instance 0 always manages the "Tx Power" and "Flags"
974 * fields
975 */
976 flags = MGMT_ADV_FLAG_TX_POWER | MGMT_ADV_FLAG_MANAGED_FLAGS;
411b4121 977
bea28e65
FG		 978 /* For instance 0, the HCI_ADVERTISING_CONNECTABLE setting
979 * corresponds to the "connectable" instance flag.
980 */
981 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
982 flags |= MGMT_ADV_FLAG_CONNECTABLE;
fdf51784 983
bea28e65 984 return flags;
411b4121 985 }
fdf51784 986
bea28e65 987 adv_instance = hci_find_adv_instance(hdev, instance);
fdf51784 988
bea28e65
FG		 989 /* Return 0 when we got an invalid instance identifier. */
990 if (!adv_instance)
991 return 0;
fdf51784 992
bea28e65 993 return adv_instance->flags;
441ad2d0
MH		 994}
995
7b683b74 996static u8 get_cur_adv_instance_scan_rsp_len(struct hci_dev *hdev)
c7d4883b 997{
7b683b74
FG		 998 u8 instance = get_current_adv_instance(hdev);
999 struct adv_info *adv_instance;
1000
1001 /* Ignore instance 0 */
1002 if (instance == 0x00)
1003 return 0;
1004
1005 adv_instance = hci_find_adv_instance(hdev, instance);
1006 if (!adv_instance)
c7d4883b
AU		 1007 return 0;
1008
1009 /* TODO: Take into account the "appearance" and "local-name" flags here.
1010 * These are currently being ignored as they are not supported.
1011 */
7b683b74 1012 return adv_instance->scan_rsp_len;
c7d4883b
AU		 1013}
1014
fdf51784 1015static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr)
24b4f38f 1016{
b44133ff 1017 u8 ad_len = 0, flags = 0;
fdf51784 1018 u32 instance_flags = get_adv_instance_flags(hdev, instance);
b44133ff 1019
807ec772
AU		 1020 /* The Add Advertising command allows userspace to set both the general
1021 * and limited discoverable flags.
1022 */
fdf51784 1023 if (instance_flags & MGMT_ADV_FLAG_DISCOV)
b44133ff
AU		 1024 flags |= LE_AD_GENERAL;
1025
fdf51784 1026 if (instance_flags & MGMT_ADV_FLAG_LIMITED_DISCOV)
807ec772
AU		 1027 flags |= LE_AD_LIMITED;
1028
fdf51784 1029 if (flags || (instance_flags & MGMT_ADV_FLAG_MANAGED_FLAGS)) {
67e0c0cd
AU		 1030 /* If a discovery flag wasn't provided, simply use the global
1031 * settings.
1032 */
1033 if (!flags)
1034 flags |= get_adv_discov_flags(hdev);
1035
b44133ff
AU		 1036 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1037 flags |= LE_AD_NO_BREDR;
1038
fdf51784
AU		 1039 /* If flags would still be empty, then there is no need to
1040 * include the "Flags" AD field".
1041 */
1042 if (flags) {
1043 ptr[0] = 0x02;
1044 ptr[1] = EIR_FLAGS;
1045 ptr[2] = flags;
b44133ff 1046
fdf51784
AU		 1047 ad_len += 3;
1048 ptr += 3;
1049 }
b44133ff
AU		 1050 }
1051
38c8af60
MH		 1052 if (instance) {
1053 memcpy(ptr, hdev->adv_instance.adv_data,
1054 hdev->adv_instance.adv_data_len);
1055
1056 ad_len += hdev->adv_instance.adv_data_len;
1057 ptr += hdev->adv_instance.adv_data_len;
1058 }
1059
fdf51784 1060 /* Provide Tx Power only if we can provide a valid value for it */
5507e358 1061 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID &&
fdf51784 1062 (instance_flags & MGMT_ADV_FLAG_TX_POWER)) {
5507e358
AU		 1063 ptr[0] = 0x02;
1064 ptr[1] = EIR_TX_POWER;
1065 ptr[2] = (u8)hdev->adv_tx_power;
1066
1067 ad_len += 3;
1068 ptr += 3;
1069 }
1070
b44133ff 1071 return ad_len;
24b4f38f
AU		 1072}
1073
efae002c 1074static void update_inst_adv_data(struct hci_request *req, u8 instance)
441ad2d0
MH		 1075{
1076 struct hci_dev *hdev = req->hdev;
1077 struct hci_cp_le_set_adv_data cp;
1078 u8 len;
1079
d7a5a11d 1080 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1081 return;
1082
1083 memset(&cp, 0, sizeof(cp));
1084
fdf51784 1085 len = create_instance_adv_data(hdev, instance, cp.data);
441ad2d0 1086
24b4f38f 1087 /* There's nothing to do if the data hasn't changed */
441ad2d0
MH		 1088 if (hdev->adv_data_len == len &&
1089 memcmp(cp.data, hdev->adv_data, len) == 0)
1090 return;
1091
1092 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1093 hdev->adv_data_len = len;
1094
1095 cp.length = len;
1096
1097 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1098}
1099
e7a685d3
AU		 1100static void update_adv_data(struct hci_request *req)
1101{
efae002c 1102 update_inst_adv_data(req, get_current_adv_instance(req->hdev));
24b4f38f
AU		 1103}
1104
bc6d2d04
JH		 1105int mgmt_update_adv_data(struct hci_dev *hdev)
1106{
1107 struct hci_request req;
1108
1109 hci_req_init(&req, hdev);
1110 update_adv_data(&req);
1111
1112 return hci_req_run(&req, NULL);
1113}
1114
ef580372
JH		 1115static void create_eir(struct hci_dev *hdev, u8 *data)
1116{
1117 u8 *ptr = data;
ef580372
JH		 1118 size_t name_len;
1119
1120 name_len = strlen(hdev->dev_name);
1121
1122 if (name_len > 0) {
1123 /* EIR Data type */
1124 if (name_len > 48) {
1125 name_len = 48;
1126 ptr[1] = EIR_NAME_SHORT;
1127 } else
1128 ptr[1] = EIR_NAME_COMPLETE;
1129
1130 /* EIR Data length */
1131 ptr[0] = name_len + 1;
1132
1133 memcpy(ptr + 2, hdev->dev_name, name_len);
1134
ef580372
JH		 1135 ptr += (name_len + 2);
1136 }
1137
bbaf444a 1138 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1139 ptr[0] = 2;
1140 ptr[1] = EIR_TX_POWER;
1141 ptr[2] = (u8) hdev->inq_tx_power;
1142
91c4e9b1
MH		 1143 ptr += 3;
1144 }
1145
2b9be137
MH		 1146 if (hdev->devid_source > 0) {
1147 ptr[0] = 9;
1148 ptr[1] = EIR_DEVICE_ID;
1149
1150 put_unaligned_le16(hdev->devid_source, ptr + 2);
1151 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1152 put_unaligned_le16(hdev->devid_product, ptr + 6);
1153 put_unaligned_le16(hdev->devid_version, ptr + 8);
1154
2b9be137
MH		 1155 ptr += 10;
1156 }
1157
213202ed 1158 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1159 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1160 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1161}
1162
890ea898 1163static void update_eir(struct hci_request *req)
ef580372 1164{
890ea898 1165 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1166 struct hci_cp_write_eir cp;
1167
504c8dcd 1168 if (!hdev_is_powered(hdev))
890ea898 1169 return;
7770c4aa 1170
976eb20e 1171 if (!lmp_ext_inq_capable(hdev))
890ea898 1172 return;
ef580372 1173
d7a5a11d 1174 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1175 return;
ef580372 1176
d7a5a11d 1177 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1178 return;
ef580372
JH		 1179
1180 memset(&cp, 0, sizeof(cp));
1181
1182 create_eir(hdev, cp.data);
1183
1184 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1185 return;
ef580372
JH		 1186
1187 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1188
890ea898 1189 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1190}
1191
1192static u8 get_service_classes(struct hci_dev *hdev)
1193{
1194 struct bt_uuid *uuid;
1195 u8 val = 0;
1196
1197 list_for_each_entry(uuid, &hdev->uuids, list)
1198 val |= uuid->svc_hint;
1199
1200 return val;
1201}
1202
890ea898 1203static void update_class(struct hci_request *req)
ef580372 1204{
890ea898 1205 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1206 u8 cod[3];
1207
1208 BT_DBG("%s", hdev->name);
1209
504c8dcd 1210 if (!hdev_is_powered(hdev))
890ea898 1211 return;
7770c4aa 1212
d7a5a11d 1213 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1214 return;
1215
d7a5a11d 1216 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1217 return;
ef580372
JH		 1218
1219 cod[0] = hdev->minor_class;
1220 cod[1] = hdev->major_class;
1221 cod[2] = get_service_classes(hdev);
1222
d7a5a11d 1223 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1224 cod[1] |= 0x20;
1225
ef580372 1226 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1227 return;
ef580372 1228
890ea898 1229 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1230}
1231
0ec5ae84
JH		 1232static void disable_advertising(struct hci_request *req)
1233{
1234 u8 enable = 0x00;
1235
1236 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1237}
1238
199a2fb1
JH		 1239static void enable_advertising(struct hci_request *req)
1240{
1241 struct hci_dev *hdev = req->hdev;
1242 struct hci_cp_le_set_adv_param cp;
8f2a0601 1243 u8 own_addr_type, enable = 0x01;
a4858cb9 1244 bool connectable;
e7a685d3
AU		 1245 u8 instance;
1246 u32 flags;
199a2fb1 1247
0ec5ae84
JH		 1248 if (hci_conn_num(hdev, LE_LINK) > 0)
1249 return;
1250
d7a5a11d 1251 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1252 disable_advertising(req);
1253
5ce194c4 1254 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1255 * hci_update_random_address knows that it's safe to go ahead
1256 * and write a new random address. The flag will be set back on
1257 * as soon as the SET_ADV_ENABLE HCI command completes.
1258 */
a358dc11 1259 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1260
e7a685d3
AU		 1261 instance = get_current_adv_instance(hdev);
1262 flags = get_adv_instance_flags(hdev, instance);
faccb950
AU		 1263
1264 /* If the "connectable" instance flag was not set, then choose between
1265 * ADV_IND and ADV_NONCONN_IND based on the global connectable setting.
1266 */
1267 connectable = (flags & MGMT_ADV_FLAG_CONNECTABLE) ||
1268 get_connectable(hdev);
8f2a0601 1269
a4858cb9
JH		 1270 /* Set require_privacy to true only when non-connectable
1271 * advertising is used. In that case it is fine to use a
1272 * non-resolvable private address.
1273 */
1274 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1275 return;
1276
41c90c18 1277 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1278 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1279 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
c7d4883b
AU		 1280
1281 if (connectable)
1282 cp.type = LE_ADV_IND;
7b683b74 1283 else if (get_cur_adv_instance_scan_rsp_len(hdev))
c7d4883b
AU		 1284 cp.type = LE_ADV_SCAN_IND;
1285 else
1286 cp.type = LE_ADV_NONCONN_IND;
1287
8f2a0601 1288 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1289 cp.channel_map = hdev->le_adv_channel_map;
1290
1291 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1292
1293 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1294}
1295
7d78525d
JH		 1296static void service_cache_off(struct work_struct *work)
1297{
1298 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1299 service_cache.work);
890ea898 1300 struct hci_request req;
7d78525d 1301
a69d8927 1302 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1303 return;
1304
890ea898
JH		 1305 hci_req_init(&req, hdev);
1306
7d78525d
JH		 1307 hci_dev_lock(hdev);
1308
890ea898
JH		 1309 update_eir(&req);
1310 update_class(&req);
7d78525d
JH		 1311
1312 hci_dev_unlock(hdev);
890ea898
JH		 1313
1314 hci_req_run(&req, NULL);
7d78525d
JH		 1315}
1316
d6bfd59c
JH		 1317static void rpa_expired(struct work_struct *work)
1318{
1319 struct hci_dev *hdev = container_of(work, struct hci_dev,
1320 rpa_expired.work);
1321 struct hci_request req;
1322
1323 BT_DBG("");
1324
a1536da2 1325 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1326
d7a5a11d 1327 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1328 return;
1329
1330 /* The generation of a new RPA and programming it into the
1331 * controller happens in the enable_advertising() function.
1332 */
d6bfd59c 1333 hci_req_init(&req, hdev);
d6bfd59c 1334 enable_advertising(&req);
d6bfd59c
JH		 1335 hci_req_run(&req, NULL);
1336}
1337
6a919082 1338static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1339{
238be788 1340 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1341 return;
1342
4f87da80 1343 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1344 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1345
4f87da80
JH		 1346 /* Non-mgmt controlled devices get this bit set
1347 * implicitly so that pairing works for them, however
1348 * for mgmt we require user-space to explicitly enable
1349 * it
1350 */
a358dc11 1351 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1352}
1353
0f4e68cf 1354static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1355 void *data, u16 data_len)
0381101f 1356{
a38528f1 1357 struct mgmt_rp_read_info rp;
f7b64e69 1358
bdb6d971 1359 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1360
09fd0de5 1361 hci_dev_lock(hdev);
f7b64e69 1362
dc4fe30b
JH		 1363 memset(&rp, 0, sizeof(rp));
1364
69ab39ea 1365 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1366
69ab39ea 1367 rp.version = hdev->hci_ver;
eb55ef07 1368 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1369
1370 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1371 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1372
a38528f1 1373 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1374
dc4fe30b 1375 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1376 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1377
09fd0de5 1378 hci_dev_unlock(hdev);
0381101f 1379
2a1afb5a
JH		 1380 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1381 sizeof(rp));
0381101f
JH		 1382}
1383
69ab39ea 1384static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1385{
69ab39ea 1386 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1387
2a1afb5a
JH		 1388 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1389 sizeof(settings));
8680570b
JH		 1390}
1391
1904a853 1392static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1393{
1394 BT_DBG("%s status 0x%02x", hdev->name, status);
1395
a3172b7e
JH		 1396 if (hci_conn_count(hdev) == 0) {
1397 cancel_delayed_work(&hdev->power_off);
8b064a3a 1398 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1399 }
8b064a3a
JH		 1400}
1401
23a48093 1402static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1403{
1404 struct hci_dev *hdev = req->hdev;
1405 struct hci_cp_remote_name_req_cancel cp;
1406 struct inquiry_entry *e;
1407
1408 switch (hdev->discovery.state) {
1409 case DISCOVERY_FINDING:
07d2334a 1410 if (test_bit(HCI_INQUIRY, &hdev->flags))
21a60d30 1411 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
07d2334a
JP		 1412
1413 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30
JH		 1414 cancel_delayed_work(&hdev->le_scan_disable);
1415 hci_req_add_le_scan_disable(req);
1416 }
1417
23a48093 1418 return true;
21a60d30
JH		 1419
1420 case DISCOVERY_RESOLVING:
1421 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1422 NAME_PENDING);
1423 if (!e)
23a48093 1424 break;
21a60d30
JH		 1425
1426 bacpy(&cp.bdaddr, &e->data.bdaddr);
1427 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1428 &cp);
1429
23a48093 1430 return true;
21a60d30
JH		 1431
1432 default:
1433 /* Passive scanning */
d7a5a11d 1434 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1435 hci_req_add_le_scan_disable(req);
23a48093
JH		 1436 return true;
1437 }
1438
21a60d30
JH		 1439 break;
1440 }
23a48093
JH		 1441
1442 return false;
21a60d30
JH		 1443}
1444
912098a6
AU		 1445static void advertising_added(struct sock *sk, struct hci_dev *hdev,
1446 u8 instance)
1447{
1448 struct mgmt_ev_advertising_added ev;
1449
1450 ev.instance = instance;
1451
1452 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1453}
1454
1455static void advertising_removed(struct sock *sk, struct hci_dev *hdev,
1456 u8 instance)
1457{
1458 struct mgmt_ev_advertising_removed ev;
1459
1460 ev.instance = instance;
1461
1462 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1463}
1464
1465static void clear_adv_instance(struct hci_dev *hdev)
1466{
1467 struct hci_request req;
1468
1469 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1470 return;
1471
5d900e46
FG		 1472 if (hdev->adv_instance_timeout)
1473 cancel_delayed_work(&hdev->adv_instance_expire);
912098a6
AU		 1474
1475 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
1476 advertising_removed(NULL, hdev, 1);
1477 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
1478
1479 if (!hdev_is_powered(hdev) ||
1480 hci_dev_test_flag(hdev, HCI_ADVERTISING))
1481 return;
1482
1483 hci_req_init(&req, hdev);
1484 disable_advertising(&req);
1485 hci_req_run(&req, NULL);
1486}
1487
8b064a3a
JH		 1488static int clean_up_hci_state(struct hci_dev *hdev)
1489{
1490 struct hci_request req;
1491 struct hci_conn *conn;
23a48093
JH		 1492 bool discov_stopped;
1493 int err;
8b064a3a
JH		 1494
1495 hci_req_init(&req, hdev);
1496
1497 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1498 test_bit(HCI_PSCAN, &hdev->flags)) {
1499 u8 scan = 0x00;
1500 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1501 }
1502
5d900e46 1503 if (hdev->adv_instance_timeout)
912098a6
AU		 1504 clear_adv_instance(hdev);
1505
d7a5a11d 1506 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1507 disable_advertising(&req);
1508
23a48093 1509 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1510
1511 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1512 struct hci_cp_disconnect dc;
c9910d0f
JH		 1513 struct hci_cp_reject_conn_req rej;
1514
1515 switch (conn->state) {
1516 case BT_CONNECTED:
1517 case BT_CONFIG:
1518 dc.handle = cpu_to_le16(conn->handle);
1519 dc.reason = 0x15; /* Terminated due to Power Off */
1520 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1521 break;
1522 case BT_CONNECT:
1523 if (conn->type == LE_LINK)
1524 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1525 0, NULL);
1526 else if (conn->type == ACL_LINK)
1527 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1528 6, &conn->dst);
1529 break;
1530 case BT_CONNECT2:
1531 bacpy(&rej.bdaddr, &conn->dst);
1532 rej.reason = 0x15; /* Terminated due to Power Off */
1533 if (conn->type == ACL_LINK)
1534 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1535 sizeof(rej), &rej);
1536 else if (conn->type == SCO_LINK)
1537 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1538 sizeof(rej), &rej);
1539 break;
1540 }
8b064a3a
JH		 1541 }
1542
23a48093
JH		 1543 err = hci_req_run(&req, clean_up_hci_complete);
1544 if (!err && discov_stopped)
1545 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1546
1547 return err;
8b064a3a
JH		 1548}
1549
bdb6d971 1550static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1551 u16 len)
eec8d2bc 1552{
650f726d 1553 struct mgmt_mode *cp = data;
3b0602cd 1554 struct mgmt_pending_cmd *cmd;
4b34ee78 1555 int err;
eec8d2bc 1556
bdb6d971 1557 BT_DBG("request for %s", hdev->name);
eec8d2bc 1558
a7e80f25 1559 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1561 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1562
09fd0de5 1563 hci_dev_lock(hdev);
eec8d2bc 1564
333ae95d 1565 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1566 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1567 MGMT_STATUS_BUSY);
87b95ba6
JH		 1568 goto failed;
1569 }
1570
a69d8927 1571 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1572 cancel_delayed_work(&hdev->power_off);
1573
1574 if (cp->val) {
a1d70450
JH		 1575 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1576 data, len);
1577 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1578 goto failed;
1579 }
1580 }
1581
4b34ee78 1582 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1583 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1584 goto failed;
1585 }
1586
2e58ef3e 1587 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1588 if (!cmd) {
1589 err = -ENOMEM;
eec8d2bc 1590 goto failed;
366a0336 1591 }
eec8d2bc 1592
8b064a3a 1593 if (cp->val) {
19202573 1594 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1595 err = 0;
1596 } else {
1597 /* Disconnect connections, stop scans, etc */
1598 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1599 if (!err)
1600 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1601 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1602
8b064a3a
JH		 1603 /* ENODATA means there were no HCI commands queued */
1604 if (err == -ENODATA) {
a3172b7e 1605 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1606 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1607 err = 0;
1608 }
1609 }
eec8d2bc
JH		 1610
1611failed:
09fd0de5 1612 hci_dev_unlock(hdev);
366a0336 1613 return err;
eec8d2bc
JH		 1614}
1615
beadb2bd
JH		 1616static int new_settings(struct hci_dev *hdev, struct sock *skip)
1617{
f6b7712e 1618 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1619
f6b7712e
MH		 1620 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1621 sizeof(ev), skip);
beadb2bd
JH		 1622}
1623
91a668b0
JH		 1624int mgmt_new_settings(struct hci_dev *hdev)
1625{
1626 return new_settings(hdev, NULL);
1627}
1628
bd99abdd
JH		 1629struct cmd_lookup {
1630 struct sock *sk;
1631 struct hci_dev *hdev;
1632 u8 mgmt_status;
1633};
1634
3b0602cd 1635static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1636{
1637 struct cmd_lookup *match = data;
1638
1639 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1640
1641 list_del(&cmd->list);
1642
1643 if (match->sk == NULL) {
1644 match->sk = cmd->sk;
1645 sock_hold(match->sk);
1646 }
1647
1648 mgmt_pending_free(cmd);
1649}
1650
3b0602cd 1651static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1652{
1653 u8 *status = data;
1654
a69e8375 1655 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1656 mgmt_pending_remove(cmd);
1657}
1658
3b0602cd 1659static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1660{
1661 if (cmd->cmd_complete) {
1662 u8 *status = data;
1663
1664 cmd->cmd_complete(cmd, *status);
1665 mgmt_pending_remove(cmd);
1666
1667 return;
1668 }
1669
1670 cmd_status_rsp(cmd, data);
1671}
1672
3b0602cd 1673static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1674{
2a1afb5a
JH		 1675 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1676 cmd->param, cmd->param_len);
f5818c22
JH		 1677}
1678
3b0602cd 1679static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1680{
2a1afb5a
JH		 1681 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1682 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1683}
1684
e6fe7986
JH		 1685static u8 mgmt_bredr_support(struct hci_dev *hdev)
1686{
1687 if (!lmp_bredr_capable(hdev))
1688 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1689 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1690 return MGMT_STATUS_REJECTED;
1691 else
1692 return MGMT_STATUS_SUCCESS;
1693}
1694
1695static u8 mgmt_le_support(struct hci_dev *hdev)
1696{
1697 if (!lmp_le_capable(hdev))
1698 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1699 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1700 return MGMT_STATUS_REJECTED;
1701 else
1702 return MGMT_STATUS_SUCCESS;
1703}
1704
1904a853
MH		 1705static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1706 u16 opcode)
bfaf8c9f 1707{
3b0602cd 1708 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1709 struct mgmt_mode *cp;
970ba524 1710 struct hci_request req;
bfaf8c9f
JH		 1711 bool changed;
1712
1713 BT_DBG("status 0x%02x", status);
1714
1715 hci_dev_lock(hdev);
1716
333ae95d 1717 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1718 if (!cmd)
1719 goto unlock;
1720
1721 if (status) {
1722 u8 mgmt_err = mgmt_status(status);
a69e8375 1723 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1724 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1725 goto remove_cmd;
1726 }
1727
1728 cp = cmd->param;
d4462a07 1729 if (cp->val) {
238be788 1730 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1731
1732 if (hdev->discov_timeout > 0) {
1733 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1734 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1735 to);
1736 }
1737 } else {
a69d8927 1738 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1739 }
bfaf8c9f
JH		 1740
1741 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1742
1743 if (changed)
1744 new_settings(hdev, cmd->sk);
1745
970ba524
MH		 1746 /* When the discoverable mode gets changed, make sure
1747 * that class of device has the limited discoverable
432df05e
JH		 1748 * bit correctly set. Also update page scan based on whitelist
1749 * entries.
970ba524
MH		 1750 */
1751 hci_req_init(&req, hdev);
1d2dc5b7 1752 __hci_update_page_scan(&req);
970ba524
MH		 1753 update_class(&req);
1754 hci_req_run(&req, NULL);
1755
bfaf8c9f
JH		 1756remove_cmd:
1757 mgmt_pending_remove(cmd);
1758
1759unlock:
1760 hci_dev_unlock(hdev);
1761}
1762
bdb6d971 1763static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1764 u16 len)
73f22f62 1765{
650f726d 1766 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1767 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1768 struct hci_request req;
5e5282bb 1769 u16 timeout;
9a43e25f 1770 u8 scan;
73f22f62
JH		 1771 int err;
1772
bdb6d971 1773 BT_DBG("request for %s", hdev->name);
73f22f62 1774
d7a5a11d
MH		 1775 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1776 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1777 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1778 MGMT_STATUS_REJECTED);
33c525c0 1779
310a3d48 1780 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1781 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1782 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1783
1f350c87 1784 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1785
1786 /* Disabling discoverable requires that no timeout is set,
1787 * and enabling limited discoverable requires a timeout.
1788 */
1789 if ((cp->val == 0x00 && timeout > 0) ||
1790 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1791 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1792 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1793
09fd0de5 1794 hci_dev_lock(hdev);
73f22f62 1795
5e5282bb 1796 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1797 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1798 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1799 goto failed;
1800 }
1801
333ae95d
JH		 1802 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1803 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1804 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1805 MGMT_STATUS_BUSY);
73f22f62
JH		 1806 goto failed;
1807 }
1808
d7a5a11d 1809 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1810 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1811 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1812 goto failed;
1813 }
1814
1815 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1816 bool changed = false;
1817
310a3d48
MH		 1818 /* Setting limited discoverable when powered off is
1819 * not a valid operation since it requires a timeout
1820 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1821 */
d7a5a11d 1822 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1823 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1824 changed = true;
1825 }
1826
5e5282bb 1827 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1828 if (err < 0)
1829 goto failed;
1830
1831 if (changed)
1832 err = new_settings(hdev, sk);
1833
5e5282bb
JH		 1834 goto failed;
1835 }
1836
310a3d48
MH		 1837 /* If the current mode is the same, then just update the timeout
1838 * value with the new value. And if only the timeout gets updated,
1839 * then no need for any HCI transactions.
1840 */
d7a5a11d
MH		 1841 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1842 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1843 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1844 cancel_delayed_work(&hdev->discov_off);
1845 hdev->discov_timeout = timeout;
955638ec 1846
36261547
MH		 1847 if (cp->val && hdev->discov_timeout > 0) {
1848 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1849 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1850 to);
955638ec
MH		 1851 }
1852
69ab39ea 1853 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1854 goto failed;
1855 }
1856
2e58ef3e 1857 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1858 if (!cmd) {
1859 err = -ENOMEM;
73f22f62 1860 goto failed;
366a0336 1861 }
73f22f62 1862
310a3d48
MH		 1863 /* Cancel any potential discoverable timeout that might be
1864 * still active and store new timeout value. The arming of
1865 * the timeout happens in the complete handler.
1866 */
1867 cancel_delayed_work(&hdev->discov_off);
1868 hdev->discov_timeout = timeout;
1869
b456f87c
JH		 1870 /* Limited discoverable mode */
1871 if (cp->val == 0x02)
a1536da2 1872 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1873 else
a358dc11 1874 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1875
bfaf8c9f
JH		 1876 hci_req_init(&req, hdev);
1877
9a43e25f
JH		 1878 /* The procedure for LE-only controllers is much simpler - just
1879 * update the advertising data.
1880 */
d7a5a11d 1881 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1882 goto update_ad;
1883
73f22f62
JH		 1884 scan = SCAN_PAGE;
1885
310a3d48
MH		 1886 if (cp->val) {
1887 struct hci_cp_write_current_iac_lap hci_cp;
1888
1889 if (cp->val == 0x02) {
1890 /* Limited discoverable mode */
33337dcb 1891 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1892 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1893 hci_cp.iac_lap[1] = 0x8b;
1894 hci_cp.iac_lap[2] = 0x9e;
1895 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1896 hci_cp.iac_lap[4] = 0x8b;
1897 hci_cp.iac_lap[5] = 0x9e;
1898 } else {
1899 /* General discoverable mode */
310a3d48
MH		 1900 hci_cp.num_iac = 1;
1901 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1902 hci_cp.iac_lap[1] = 0x8b;
1903 hci_cp.iac_lap[2] = 0x9e;
1904 }
1905
1906 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1907 (hci_cp.num_iac * 3) + 1, &hci_cp);
1908
73f22f62 1909 scan |= SCAN_INQUIRY;
310a3d48 1910 } else {
a358dc11 1911 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1912 }
73f22f62 1913
310a3d48 1914 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1915
9a43e25f
JH		 1916update_ad:
1917 update_adv_data(&req);
1918
bfaf8c9f 1919 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1920 if (err < 0)
a664b5bc 1921 mgmt_pending_remove(cmd);
73f22f62
JH		 1922
1923failed:
09fd0de5 1924 hci_dev_unlock(hdev);
73f22f62
JH		 1925 return err;
1926}
1927
406d7804
JH		 1928static void write_fast_connectable(struct hci_request *req, bool enable)
1929{
bd98b996 1930 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1931 struct hci_cp_write_page_scan_activity acp;
1932 u8 type;
1933
d7a5a11d 1934 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1935 return;
1936
4c01f8b8
JH		 1937 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1938 return;
1939
406d7804
JH		 1940 if (enable) {
1941 type = PAGE_SCAN_TYPE_INTERLACED;
1942
1943 /* 160 msec page scan interval */
dcf4adbf 1944 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1945 } else {
1946 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1947
1948 /* default 1.28 sec page scan */
dcf4adbf 1949 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1950 }
1951
dcf4adbf 1952 acp.window = cpu_to_le16(0x0012);
406d7804 1953
bd98b996
JH		 1954 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1955 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1956 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1957 sizeof(acp), &acp);
1958
1959 if (hdev->page_scan_type != type)
1960 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1961}
1962
1904a853
MH		 1963static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1964 u16 opcode)
2b76f453 1965{
3b0602cd 1966 struct mgmt_pending_cmd *cmd;
d7b856f9 1967 struct mgmt_mode *cp;
bc6d2d04 1968 bool conn_changed, discov_changed;
2b76f453
JH		 1969
1970 BT_DBG("status 0x%02x", status);
1971
1972 hci_dev_lock(hdev);
1973
333ae95d 1974 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1975 if (!cmd)
1976 goto unlock;
1977
37438c1f
JH		 1978 if (status) {
1979 u8 mgmt_err = mgmt_status(status);
a69e8375 1980 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1981 goto remove_cmd;
1982 }
1983
d7b856f9 1984 cp = cmd->param;
bc6d2d04 1985 if (cp->val) {
238be788
MH		 1986 conn_changed = !hci_dev_test_and_set_flag(hdev,
1987 HCI_CONNECTABLE);
bc6d2d04
JH		 1988 discov_changed = false;
1989 } else {
a69d8927
MH		 1990 conn_changed = hci_dev_test_and_clear_flag(hdev,
1991 HCI_CONNECTABLE);
1992 discov_changed = hci_dev_test_and_clear_flag(hdev,
1993 HCI_DISCOVERABLE);
bc6d2d04 1994 }
d7b856f9 1995
2b76f453
JH		 1996 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1997
bc6d2d04 1998 if (conn_changed || discov_changed) {
d7b856f9 1999 new_settings(hdev, cmd->sk);
1d2dc5b7 2000 hci_update_page_scan(hdev);
bc6d2d04
JH		 2001 if (discov_changed)
2002 mgmt_update_adv_data(hdev);
2b7be33e
JH		 2003 hci_update_background_scan(hdev);
2004 }
d7b856f9 2005
37438c1f 2006remove_cmd:
2b76f453
JH		 2007 mgmt_pending_remove(cmd);
2008
2009unlock:
2010 hci_dev_unlock(hdev);
2011}
2012
e8ba3a1f
JH		 2013static int set_connectable_update_settings(struct hci_dev *hdev,
2014 struct sock *sk, u8 val)
2015{
2016 bool changed = false;
2017 int err;
2018
d7a5a11d 2019 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 2020 changed = true;
2021
2022 if (val) {
a1536da2 2023 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 2024 } else {
a358dc11
MH		 2025 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
2026 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 2027 }
2028
2029 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
2030 if (err < 0)
2031 return err;
2032
562064e6 2033 if (changed) {
1d2dc5b7 2034 hci_update_page_scan(hdev);
562064e6 2035 hci_update_background_scan(hdev);
e8ba3a1f 2036 return new_settings(hdev, sk);
562064e6 2037 }
e8ba3a1f
JH		 2038
2039 return 0;
2040}
2041
bdb6d971 2042static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2043 u16 len)
9fbcbb45 2044{
650f726d 2045 struct mgmt_mode *cp = data;
3b0602cd 2046 struct mgmt_pending_cmd *cmd;
2b76f453 2047 struct hci_request req;
1987fdc7 2048 u8 scan;
9fbcbb45
JH		 2049 int err;
2050
bdb6d971 2051 BT_DBG("request for %s", hdev->name);
9fbcbb45 2052
d7a5a11d
MH		 2053 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2054 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2055 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2056 MGMT_STATUS_REJECTED);
33c525c0 2057
a7e80f25 2058 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2059 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2060 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2061
09fd0de5 2062 hci_dev_lock(hdev);
9fbcbb45 2063
4b34ee78 2064 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2065 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2066 goto failed;
2067 }
2068
333ae95d
JH		 2069 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
2070 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2071 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2072 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2073 goto failed;
2074 }
2075
2e58ef3e 2076 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2077 if (!cmd) {
2078 err = -ENOMEM;
9fbcbb45 2079 goto failed;
366a0336 2080 }
9fbcbb45 2081
9b74246f 2082 hci_req_init(&req, hdev);
9fbcbb45 2083
9a43e25f
JH		 2084 /* If BR/EDR is not enabled and we disable advertising as a
2085 * by-product of disabling connectable, we need to update the
2086 * advertising flags.
2087 */
d7a5a11d 2088 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2089 if (!cp->val) {
a358dc11
MH		 2090 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2091 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2092 }
2093 update_adv_data(&req);
2094 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2095 if (cp->val) {
2096 scan = SCAN_PAGE;
2097 } else {
3bd27240
JH		 2098 /* If we don't have any whitelist entries just
2099 * disable all scanning. If there are entries
2100 * and we had both page and inquiry scanning
2101 * enabled then fall back to only page scanning.
2102 * Otherwise no changes are needed.
2103 */
2104 if (list_empty(&hdev->whitelist))
2105 scan = SCAN_DISABLED;
2106 else if (test_bit(HCI_ISCAN, &hdev->flags))
2107 scan = SCAN_PAGE;
2108 else
2109 goto no_scan_update;
9b74246f
JH		 2110
2111 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2112 hdev->discov_timeout > 0)
9b74246f
JH		 2113 cancel_delayed_work(&hdev->discov_off);
2114 }
2b76f453 2115
9b74246f
JH		 2116 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2117 }
2b76f453 2118
3bd27240 2119no_scan_update:
e8b1202c 2120 /* Update the advertising parameters if necessary */
880897d4
AU		 2121 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
2122 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
1987fdc7 2123 enable_advertising(&req);
1987fdc7 2124
2b76f453 2125 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2126 if (err < 0) {
a664b5bc 2127 mgmt_pending_remove(cmd);
9b74246f 2128 if (err == -ENODATA)
a81070ba
JH		 2129 err = set_connectable_update_settings(hdev, sk,
2130 cp->val);
9b74246f
JH		 2131 goto failed;
2132 }
9fbcbb45
JH		 2133
2134failed:
09fd0de5 2135 hci_dev_unlock(hdev);
9fbcbb45
JH		 2136 return err;
2137}
2138
b2939475 2139static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2140 u16 len)
c542a06c 2141{
650f726d 2142 struct mgmt_mode *cp = data;
55594356 2143 bool changed;
c542a06c
JH		 2144 int err;
2145
bdb6d971 2146 BT_DBG("request for %s", hdev->name);
c542a06c 2147
a7e80f25 2148 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2150 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2151
09fd0de5 2152 hci_dev_lock(hdev);
c542a06c
JH		 2153
2154 if (cp->val)
238be788 2155 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2156 else
a69d8927 2157 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2158
b2939475 2159 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2160 if (err < 0)
55594356 2161 goto unlock;
c542a06c 2162
55594356
MH		 2163 if (changed)
2164 err = new_settings(hdev, sk);
c542a06c 2165
55594356 2166unlock:
09fd0de5 2167 hci_dev_unlock(hdev);
c542a06c
JH		 2168 return err;
2169}
2170
04124681
GP		 2171static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2172 u16 len)
33ef95ed
JH		 2173{
2174 struct mgmt_mode *cp = data;
3b0602cd 2175 struct mgmt_pending_cmd *cmd;
e6fe7986 2176 u8 val, status;
33ef95ed
JH		 2177 int err;
2178
bdb6d971 2179 BT_DBG("request for %s", hdev->name);
33ef95ed 2180
e6fe7986
JH		 2181 status = mgmt_bredr_support(hdev);
2182 if (status)
a69e8375
JH		 2183 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2184 status);
33c525c0 2185
a7e80f25 2186 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2187 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2188 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2189
33ef95ed
JH		 2190 hci_dev_lock(hdev);
2191
4b34ee78 2192 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2193 bool changed = false;
2194
d7a5a11d 2195 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2196 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2197 changed = true;
2198 }
2199
2200 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2201 if (err < 0)
2202 goto failed;
2203
2204 if (changed)
2205 err = new_settings(hdev, sk);
2206
33ef95ed
JH		 2207 goto failed;
2208 }
2209
333ae95d 2210 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2211 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2212 MGMT_STATUS_BUSY);
33ef95ed
JH		 2213 goto failed;
2214 }
2215
2216 val = !!cp->val;
2217
2218 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2219 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2220 goto failed;
2221 }
2222
2223 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2224 if (!cmd) {
2225 err = -ENOMEM;
2226 goto failed;
2227 }
2228
2229 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2230 if (err < 0) {
2231 mgmt_pending_remove(cmd);
2232 goto failed;
2233 }
2234
2235failed:
2236 hci_dev_unlock(hdev);
33ef95ed
JH		 2237 return err;
2238}
2239
bdb6d971 2240static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2241{
2242 struct mgmt_mode *cp = data;
3b0602cd 2243 struct mgmt_pending_cmd *cmd;
72ef0c1a 2244 u8 status;
ed2c4ee3
JH		 2245 int err;
2246
bdb6d971 2247 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2248
cdba5281
MH		 2249 status = mgmt_bredr_support(hdev);
2250 if (status)
a69e8375 2251 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2252
13ecd8b6 2253 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2254 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2255 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2256
a7e80f25 2257 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2258 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2259 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2260
13ecd8b6 2261 hci_dev_lock(hdev);
6c8f12c1 2262
4b34ee78 2263 if (!hdev_is_powered(hdev)) {
9ecb3e24 2264 bool changed;
c0ecddc2 2265
9ecb3e24 2266 if (cp->val) {
238be788
MH		 2267 changed = !hci_dev_test_and_set_flag(hdev,
2268 HCI_SSP_ENABLED);
9ecb3e24 2269 } else {
a69d8927
MH		 2270 changed = hci_dev_test_and_clear_flag(hdev,
2271 HCI_SSP_ENABLED);
9ecb3e24 2272 if (!changed)
a69d8927
MH		 2273 changed = hci_dev_test_and_clear_flag(hdev,
2274 HCI_HS_ENABLED);
9ecb3e24 2275 else
a358dc11 2276 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2277 }
2278
2279 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2280 if (err < 0)
2281 goto failed;
2282
2283 if (changed)
2284 err = new_settings(hdev, sk);
2285
ed2c4ee3
JH		 2286 goto failed;
2287 }
2288
333ae95d 2289 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2290 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2291 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2292 goto failed;
2293 }
2294
d7a5a11d 2295 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2296 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2297 goto failed;
2298 }
2299
2300 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2301 if (!cmd) {
2302 err = -ENOMEM;
2303 goto failed;
2304 }
2305
d7a5a11d 2306 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2307 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2308 sizeof(cp->val), &cp->val);
2309
72ef0c1a 2310 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2311 if (err < 0) {
2312 mgmt_pending_remove(cmd);
2313 goto failed;
2314 }
2315
2316failed:
2317 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2318 return err;
2319}
2320
bdb6d971 2321static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2322{
2323 struct mgmt_mode *cp = data;
ee392693 2324 bool changed;
e6fe7986 2325 u8 status;
ee392693 2326 int err;
6d80dfd0 2327
bdb6d971 2328 BT_DBG("request for %s", hdev->name);
6d80dfd0 2329
e6fe7986
JH		 2330 status = mgmt_bredr_support(hdev);
2331 if (status)
a69e8375 2332 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2333
9ecb3e24 2334 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2335 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2336 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2337
d7a5a11d 2338 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2339 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2340 MGMT_STATUS_REJECTED);
9ecb3e24 2341
a7e80f25 2342 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2343 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2344 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2345
ee392693
MH		 2346 hci_dev_lock(hdev);
2347
333ae95d 2348 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2349 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2350 MGMT_STATUS_BUSY);
a2cb01de
JH		 2351 goto unlock;
2352 }
2353
a0cdf960 2354 if (cp->val) {
238be788 2355 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2356 } else {
2357 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2358 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2359 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2360 goto unlock;
2361 }
2362
a69d8927 2363 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2364 }
ee392693
MH		 2365
2366 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2367 if (err < 0)
2368 goto unlock;
2369
2370 if (changed)
2371 err = new_settings(hdev, sk);
6d80dfd0 2372
ee392693
MH		 2373unlock:
2374 hci_dev_unlock(hdev);
2375 return err;
6d80dfd0
JH		 2376}
2377
1904a853 2378static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2379{
2380 struct cmd_lookup match = { NULL, hdev };
2381
3ad67582
JK		 2382 hci_dev_lock(hdev);
2383
416a4ae5
JH		 2384 if (status) {
2385 u8 mgmt_err = mgmt_status(status);
2386
2387 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2388 &mgmt_err);
3ad67582 2389 goto unlock;
416a4ae5
JH		 2390 }
2391
2392 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2393
2394 new_settings(hdev, match.sk);
2395
2396 if (match.sk)
2397 sock_put(match.sk);
441ad2d0
MH		 2398
2399 /* Make sure the controller has a good default for
2400 * advertising data. Restrict the update to when LE
2401 * has actually been enabled. During power on, the
2402 * update in powered_update_hci will take care of it.
2403 */
d7a5a11d 2404 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2405 struct hci_request req;
2406
441ad2d0 2407 hci_req_init(&req, hdev);
5947f4bc 2408 update_adv_data(&req);
f14d8f64 2409 update_scan_rsp_data(&req);
2cf22218 2410 __hci_update_background_scan(&req);
441ad2d0 2411 hci_req_run(&req, NULL);
441ad2d0 2412 }
3ad67582
JK		 2413
2414unlock:
2415 hci_dev_unlock(hdev);
416a4ae5
JH		 2416}
2417
bdb6d971 2418static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2419{
2420 struct mgmt_mode *cp = data;
2421 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2422 struct mgmt_pending_cmd *cmd;
416a4ae5 2423 struct hci_request req;
06199cf8 2424 int err;
0b60eba1 2425 u8 val, enabled;
06199cf8 2426
bdb6d971 2427 BT_DBG("request for %s", hdev->name);
06199cf8 2428
13ecd8b6 2429 if (!lmp_le_capable(hdev))
a69e8375
JH		 2430 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2431 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2432
a7e80f25 2433 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2435 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2436
e7844ee5
MH		 2437 /* Bluetooth single mode LE only controllers or dual-mode
2438 * controllers configured as LE only devices, do not allow
2439 * switching LE off. These have either LE enabled explicitly
2440 * or BR/EDR has been previously switched off.
2441 *
2442 * When trying to enable an already enabled LE, then gracefully
2443 * send a positive response. Trying to disable it however will
2444 * result into rejection.
2445 */
2446 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2447 if (cp->val == 0x01)
2448 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2449
a69e8375
JH		 2450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2451 MGMT_STATUS_REJECTED);
e7844ee5 2452 }
c73eee91 2453
13ecd8b6 2454 hci_dev_lock(hdev);
06199cf8
JH		 2455
2456 val = !!cp->val;
ffa88e02 2457 enabled = lmp_host_le_capable(hdev);
06199cf8 2458
0b60eba1 2459 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2460 bool changed = false;
2461
d7a5a11d 2462 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2463 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2464 changed = true;
2465 }
2466
d7a5a11d 2467 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2468 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2469 changed = true;
2470 }
2471
06199cf8
JH		 2472 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2473 if (err < 0)
1de028ce 2474 goto unlock;
06199cf8
JH		 2475
2476 if (changed)
2477 err = new_settings(hdev, sk);
2478
1de028ce 2479 goto unlock;
06199cf8
JH		 2480 }
2481
333ae95d
JH		 2482 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2483 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2484 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2485 MGMT_STATUS_BUSY);
1de028ce 2486 goto unlock;
06199cf8
JH		 2487 }
2488
2489 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2490 if (!cmd) {
2491 err = -ENOMEM;
1de028ce 2492 goto unlock;
06199cf8
JH		 2493 }
2494
441ad2d0
MH		 2495 hci_req_init(&req, hdev);
2496
06199cf8
JH		 2497 memset(&hci_cp, 0, sizeof(hci_cp));
2498
2499 if (val) {
2500 hci_cp.le = val;
32226e4f 2501 hci_cp.simul = 0x00;
441ad2d0 2502 } else {
d7a5a11d 2503 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2504 disable_advertising(&req);
06199cf8
JH		 2505 }
2506
416a4ae5
JH		 2507 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2508 &hci_cp);
2509
2510 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2511 if (err < 0)
06199cf8 2512 mgmt_pending_remove(cmd);
06199cf8 2513
1de028ce
JH		 2514unlock:
2515 hci_dev_unlock(hdev);
06199cf8
JH		 2516 return err;
2517}
2518
0cab9c80
JH		 2519/* This is a helper function to test for pending mgmt commands that can
2520 * cause CoD or EIR HCI commands. We can only allow one such pending
2521 * mgmt command at a time since otherwise we cannot easily track what
2522 * the current values are, will be, and based on that calculate if a new
2523 * HCI command needs to be sent and if yes with what value.
2524 */
2525static bool pending_eir_or_class(struct hci_dev *hdev)
2526{
3b0602cd 2527 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2528
2529 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2530 switch (cmd->opcode) {
2531 case MGMT_OP_ADD_UUID:
2532 case MGMT_OP_REMOVE_UUID:
2533 case MGMT_OP_SET_DEV_CLASS:
2534 case MGMT_OP_SET_POWERED:
2535 return true;
2536 }
2537 }
2538
2539 return false;
2540}
2541
83be8eca
JH		 2542static const u8 bluetooth_base_uuid[] = {
2543 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2544 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2545};
2546
2547static u8 get_uuid_size(const u8 *uuid)
2548{
2549 u32 val;
2550
2551 if (memcmp(uuid, bluetooth_base_uuid, 12))
2552 return 128;
2553
2554 val = get_unaligned_le32(&uuid[12]);
2555 if (val > 0xffff)
2556 return 32;
2557
2558 return 16;
2559}
2560
92da6097
JH		 2561static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2562{
3b0602cd 2563 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2564
2565 hci_dev_lock(hdev);
2566
333ae95d 2567 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2568 if (!cmd)
2569 goto unlock;
2570
2a1afb5a
JH		 2571 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2572 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2573
2574 mgmt_pending_remove(cmd);
2575
2576unlock:
2577 hci_dev_unlock(hdev);
2578}
2579
1904a853 2580static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2581{
2582 BT_DBG("status 0x%02x", status);
2583
2584 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2585}
2586
bdb6d971 2587static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2588{
650f726d 2589 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2590 struct mgmt_pending_cmd *cmd;
890ea898 2591 struct hci_request req;
2aeb9a1a 2592 struct bt_uuid *uuid;
2aeb9a1a
JH		 2593 int err;
2594
bdb6d971 2595 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2596
09fd0de5 2597 hci_dev_lock(hdev);
2aeb9a1a 2598
0cab9c80 2599 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2600 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2601 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2602 goto failed;
2603 }
2604
92c4c204 2605 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2606 if (!uuid) {
2607 err = -ENOMEM;
2608 goto failed;
2609 }
2610
2611 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2612 uuid->svc_hint = cp->svc_hint;
83be8eca 2613 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2614
de66aa63 2615 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2616
890ea898 2617 hci_req_init(&req, hdev);
1aff6f09 2618
890ea898
JH		 2619 update_class(&req);
2620 update_eir(&req);
2621
92da6097
JH		 2622 err = hci_req_run(&req, add_uuid_complete);
2623 if (err < 0) {
2624 if (err != -ENODATA)
2625 goto failed;
80a1e1db 2626
2a1afb5a
JH		 2627 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2628 hdev->dev_class, 3);
90e70454
JH		 2629 goto failed;
2630 }
2631
2632 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2633 if (!cmd) {
90e70454 2634 err = -ENOMEM;
890ea898
JH		 2635 goto failed;
2636 }
2637
2638 err = 0;
2aeb9a1a
JH		 2639
2640failed:
09fd0de5 2641 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2642 return err;
2643}
2644
24b78d0f
JH		 2645static bool enable_service_cache(struct hci_dev *hdev)
2646{
2647 if (!hdev_is_powered(hdev))
2648 return false;
2649
238be788 2650 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2651 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2652 CACHE_TIMEOUT);
24b78d0f
JH		 2653 return true;
2654 }
2655
2656 return false;
2657}
2658
1904a853 2659static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2660{
2661 BT_DBG("status 0x%02x", status);
2662
2663 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2664}
2665
bdb6d971 2666static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2667 u16 len)
2aeb9a1a 2668{
650f726d 2669 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2670 struct mgmt_pending_cmd *cmd;
056341c8 2671 struct bt_uuid *match, *tmp;
2aeb9a1a 2672 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2673 struct hci_request req;
2aeb9a1a
JH		 2674 int err, found;
2675
bdb6d971 2676 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2677
09fd0de5 2678 hci_dev_lock(hdev);
2aeb9a1a 2679
0cab9c80 2680 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2681 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2682 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2683 goto unlock;
2684 }
2685
2aeb9a1a 2686 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2687 hci_uuids_clear(hdev);
4004b6d9 2688
24b78d0f 2689 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2690 err = mgmt_cmd_complete(sk, hdev->id,
2691 MGMT_OP_REMOVE_UUID,
2692 0, hdev->dev_class, 3);
24b78d0f
JH		 2693 goto unlock;
2694 }
4004b6d9 2695
9246a869 2696 goto update_class;
2aeb9a1a
JH		 2697 }
2698
2699 found = 0;
2700
056341c8 2701 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2702 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2703 continue;
2704
2705 list_del(&match->list);
482049f7 2706 kfree(match);
2aeb9a1a
JH		 2707 found++;
2708 }
2709
2710 if (found == 0) {
a69e8375
JH		 2711 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2712 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2713 goto unlock;
2714 }
2715
9246a869 2716update_class:
890ea898 2717 hci_req_init(&req, hdev);
1aff6f09 2718
890ea898
JH		 2719 update_class(&req);
2720 update_eir(&req);
2721
92da6097
JH		 2722 err = hci_req_run(&req, remove_uuid_complete);
2723 if (err < 0) {
2724 if (err != -ENODATA)
2725 goto unlock;
80a1e1db 2726
2a1afb5a
JH		 2727 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2728 hdev->dev_class, 3);
90e70454
JH		 2729 goto unlock;
2730 }
2731
2732 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2733 if (!cmd) {
90e70454 2734 err = -ENOMEM;
890ea898
JH		 2735 goto unlock;
2736 }
2737
2738 err = 0;
2aeb9a1a
JH		 2739
2740unlock:
09fd0de5 2741 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2742 return err;
2743}
2744
1904a853 2745static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2746{
2747 BT_DBG("status 0x%02x", status);
2748
2749 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2750}
2751
bdb6d971 2752static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2753 u16 len)
1aff6f09 2754{
650f726d 2755 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2756 struct mgmt_pending_cmd *cmd;
890ea898 2757 struct hci_request req;
1aff6f09
JH		 2758 int err;
2759
bdb6d971 2760 BT_DBG("request for %s", hdev->name);
1aff6f09 2761
6203fc98 2762 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2763 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2764 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2765
0cab9c80 2766 hci_dev_lock(hdev);
ee98f473 2767
0cab9c80 2768 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2769 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2770 MGMT_STATUS_BUSY);
0cab9c80
JH		 2771 goto unlock;
2772 }
c95f0ba7 2773
0cab9c80 2774 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2775 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2776 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2777 goto unlock;
2778 }
575b3a02 2779
932f5ff5
JH		 2780 hdev->major_class = cp->major;
2781 hdev->minor_class = cp->minor;
2782
b5235a65 2783 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2784 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2785 hdev->dev_class, 3);
b5235a65
JH		 2786 goto unlock;
2787 }
2788
890ea898
JH		 2789 hci_req_init(&req, hdev);
2790
a69d8927 2791 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2792 hci_dev_unlock(hdev);
2793 cancel_delayed_work_sync(&hdev->service_cache);
2794 hci_dev_lock(hdev);
890ea898 2795 update_eir(&req);
7d78525d 2796 }
14c0b608 2797
890ea898
JH		 2798 update_class(&req);
2799
92da6097
JH		 2800 err = hci_req_run(&req, set_class_complete);
2801 if (err < 0) {
2802 if (err != -ENODATA)
2803 goto unlock;
1aff6f09 2804
2a1afb5a
JH		 2805 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2806 hdev->dev_class, 3);
90e70454
JH		 2807 goto unlock;
2808 }
2809
2810 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2811 if (!cmd) {
90e70454 2812 err = -ENOMEM;
890ea898
JH		 2813 goto unlock;
2814 }
2815
2816 err = 0;
1aff6f09 2817
b5235a65 2818unlock:
09fd0de5 2819 hci_dev_unlock(hdev);
1aff6f09
JH		 2820 return err;
2821}
2822
bdb6d971 2823static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2824 u16 len)
55ed8ca1 2825{
650f726d 2826 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2827 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2828 sizeof(struct mgmt_link_key_info));
4e51eae9 2829 u16 key_count, expected_len;
b1de97d8 2830 bool changed;
a492cd52 2831 int i;
55ed8ca1 2832
9060d5cf
MH		 2833 BT_DBG("request for %s", hdev->name);
2834
2835 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2836 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2837 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2838
1f350c87 2839 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2840 if (key_count > max_key_count) {
2841 BT_ERR("load_link_keys: too big key_count value %u",
2842 key_count);
a69e8375
JH		 2843 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2844 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2845 }
55ed8ca1 2846
86742e1e
JH		 2847 expected_len = sizeof(*cp) + key_count *
2848 sizeof(struct mgmt_link_key_info);
a492cd52 2849 if (expected_len != len) {
86742e1e 2850 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2851 expected_len, len);
a69e8375
JH		 2852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2853 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2854 }
2855
4ae14301 2856 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2857 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2858 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2859
bdb6d971 2860 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2861 key_count);
55ed8ca1 2862
4ee71b20
JH		 2863 for (i = 0; i < key_count; i++) {
2864 struct mgmt_link_key_info *key = &cp->keys[i];
2865
8e991132 2866 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2867 return mgmt_cmd_status(sk, hdev->id,
2868 MGMT_OP_LOAD_LINK_KEYS,
2869 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2870 }
2871
09fd0de5 2872 hci_dev_lock(hdev);
55ed8ca1
JH		 2873
2874 hci_link_keys_clear(hdev);
2875
55ed8ca1 2876 if (cp->debug_keys)
238be788 2877 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2878 else
a69d8927
MH		 2879 changed = hci_dev_test_and_clear_flag(hdev,
2880 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2881
2882 if (changed)
2883 new_settings(hdev, NULL);
55ed8ca1 2884
a492cd52 2885 for (i = 0; i < key_count; i++) {
86742e1e 2886 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2887
58e9293c
JH		 2888 /* Always ignore debug keys and require a new pairing if
2889 * the user wants to use them.
2890 */
2891 if (key->type == HCI_LK_DEBUG_COMBINATION)
2892 continue;
2893
7652ff6a
JH		 2894 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2895 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2896 }
2897
2a1afb5a 2898 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2899
09fd0de5 2900 hci_dev_unlock(hdev);
55ed8ca1 2901
a492cd52 2902 return 0;
55ed8ca1
JH		 2903}
2904
b1078ad0 2905static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2906 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2907{
2908 struct mgmt_ev_device_unpaired ev;
2909
2910 bacpy(&ev.addr.bdaddr, bdaddr);
2911 ev.addr.type = addr_type;
2912
2913 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2914 skip_sk);
b1078ad0
JH		 2915}
2916
bdb6d971 2917static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2918 u16 len)
55ed8ca1 2919{
124f6e35
JH		 2920 struct mgmt_cp_unpair_device *cp = data;
2921 struct mgmt_rp_unpair_device rp;
a8a1d19e 2922 struct hci_cp_disconnect dc;
3b0602cd 2923 struct mgmt_pending_cmd *cmd;
55ed8ca1 2924 struct hci_conn *conn;
55ed8ca1
JH		 2925 int err;
2926
a8a1d19e 2927 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2928 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2929 rp.addr.type = cp->addr.type;
a8a1d19e 2930
4ee71b20 2931 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2932 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2933 MGMT_STATUS_INVALID_PARAMS,
2934 &rp, sizeof(rp));
4ee71b20 2935
118da70b 2936 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2937 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2938 MGMT_STATUS_INVALID_PARAMS,
2939 &rp, sizeof(rp));
118da70b 2940
4ee71b20
JH		 2941 hci_dev_lock(hdev);
2942
86a8cfc6 2943 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2944 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2945 MGMT_STATUS_NOT_POWERED, &rp,
2946 sizeof(rp));
86a8cfc6
JH		 2947 goto unlock;
2948 }
2949
e0b2b27e 2950 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2951 /* If disconnection is requested, then look up the
2952 * connection. If the remote device is connected, it
2953 * will be later used to terminate the link.
2954 *
2955 * Setting it to NULL explicitly will cause no
2956 * termination of the link.
2957 */
2958 if (cp->disconnect)
2959 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2960 &cp->addr.bdaddr);
2961 else
2962 conn = NULL;
2963
124f6e35 2964 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2965 } else {
2966 u8 addr_type;
2967
89cbb063
AA		 2968 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2969 &cp->addr.bdaddr);
2970 if (conn) {
2971 /* Defer clearing up the connection parameters
2972 * until closing to give a chance of keeping
2973 * them if a repairing happens.
2974 */
2975 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2976
2977 /* If disconnection is not requested, then
2978 * clear the connection variable so that the
2979 * link is not terminated.
2980 */
2981 if (!cp->disconnect)
2982 conn = NULL;
2983 }
2984
e0b2b27e
JH		 2985 if (cp->addr.type == BDADDR_LE_PUBLIC)
2986 addr_type = ADDR_LE_DEV_PUBLIC;
2987 else
2988 addr_type = ADDR_LE_DEV_RANDOM;
2989
a7ec7338
JH		 2990 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2991
e0b2b27e
JH		 2992 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2993 }
b0dbfb46 2994
55ed8ca1 2995 if (err < 0) {
2a1afb5a
JH		 2996 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2997 MGMT_STATUS_NOT_PAIRED, &rp,
2998 sizeof(rp));
55ed8ca1
JH		 2999 goto unlock;
3000 }
3001
89cbb063
AA		 3002 /* If the connection variable is set, then termination of the
3003 * link is requested.
3004 */
a8a1d19e 3005 if (!conn) {
2a1afb5a
JH		 3006 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3007 &rp, sizeof(rp));
b1078ad0 3008 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 3009 goto unlock;
3010 }
55ed8ca1 3011
124f6e35 3012 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 3013 sizeof(*cp));
a8a1d19e
JH		 3014 if (!cmd) {
3015 err = -ENOMEM;
3016 goto unlock;
55ed8ca1
JH		 3017 }
3018
d8b7b1e4
JH		 3019 cmd->cmd_complete = addr_cmd_complete;
3020
eb55ef07 3021 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 3022 dc.reason = 0x13; /* Remote User Terminated Connection */
3023 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
3024 if (err < 0)
3025 mgmt_pending_remove(cmd);
3026
55ed8ca1 3027unlock:
09fd0de5 3028 hci_dev_unlock(hdev);
55ed8ca1
JH		 3029 return err;
3030}
3031
bdb6d971 3032static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3033 u16 len)
8962ee74 3034{
650f726d 3035 struct mgmt_cp_disconnect *cp = data;
06a63b19 3036 struct mgmt_rp_disconnect rp;
3b0602cd 3037 struct mgmt_pending_cmd *cmd;
8962ee74 3038 struct hci_conn *conn;
8962ee74
JH		 3039 int err;
3040
3041 BT_DBG("");
3042
06a63b19
JH		 3043 memset(&rp, 0, sizeof(rp));
3044 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3045 rp.addr.type = cp->addr.type;
3046
4ee71b20 3047 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3048 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3049 MGMT_STATUS_INVALID_PARAMS,
3050 &rp, sizeof(rp));
4ee71b20 3051
09fd0de5 3052 hci_dev_lock(hdev);
8962ee74
JH		 3053
3054 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3055 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3056 MGMT_STATUS_NOT_POWERED, &rp,
3057 sizeof(rp));
8962ee74
JH		 3058 goto failed;
3059 }
3060
333ae95d 3061 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3062 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3063 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3064 goto failed;
3065 }
3066
591f47f3 3067 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3068 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3069 &cp->addr.bdaddr);
88c3df13
JH		 3070 else
3071 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 3072
f960727e 3073 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3074 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3075 MGMT_STATUS_NOT_CONNECTED, &rp,
3076 sizeof(rp));
8962ee74
JH		 3077 goto failed;
3078 }
3079
2e58ef3e 3080 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3081 if (!cmd) {
3082 err = -ENOMEM;
8962ee74 3083 goto failed;
366a0336 3084 }
8962ee74 3085
f5818c22
JH		 3086 cmd->cmd_complete = generic_cmd_complete;
3087
e3f2f92a 3088 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3089 if (err < 0)
a664b5bc 3090 mgmt_pending_remove(cmd);
8962ee74
JH		 3091
3092failed:
09fd0de5 3093 hci_dev_unlock(hdev);
8962ee74
JH		 3094 return err;
3095}
3096
57c1477c 3097static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3098{
3099 switch (link_type) {
3100 case LE_LINK:
48264f06
JH		 3101 switch (addr_type) {
3102 case ADDR_LE_DEV_PUBLIC:
591f47f3 3103 return BDADDR_LE_PUBLIC;
0ed09148 3104
48264f06 3105 default:
0ed09148 3106 /* Fallback to LE Random address type */
591f47f3 3107 return BDADDR_LE_RANDOM;
48264f06 3108 }
0ed09148 3109
4c659c39 3110 default:
0ed09148 3111 /* Fallback to BR/EDR type */
591f47f3 3112 return BDADDR_BREDR;
4c659c39
JH		 3113 }
3114}
3115
04124681
GP		 3116static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3117 u16 data_len)
2784eb41 3118{
2784eb41 3119 struct mgmt_rp_get_connections *rp;
8035ded4 3120 struct hci_conn *c;
a38528f1 3121 size_t rp_len;
60fc5fb6
JH		 3122 int err;
3123 u16 i;
2784eb41
JH		 3124
3125 BT_DBG("");
3126
09fd0de5 3127 hci_dev_lock(hdev);
2784eb41 3128
5f97c1df 3129 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3130 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3131 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3132 goto unlock;
3133 }
3134
60fc5fb6 3135 i = 0;
b644ba33
JH		 3136 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3137 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3138 i++;
2784eb41
JH		 3139 }
3140
60fc5fb6 3141 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3142 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3143 if (!rp) {
2784eb41
JH		 3144 err = -ENOMEM;
3145 goto unlock;
3146 }
3147
2784eb41 3148 i = 0;
4c659c39 3149 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3150 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3151 continue;
4c659c39 3152 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3153 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3154 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3155 continue;
3156 i++;
3157 }
3158
eb55ef07 3159 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3160
4c659c39
JH		 3161 /* Recalculate length in case of filtered SCO connections, etc */
3162 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3163
2a1afb5a
JH		 3164 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3165 rp_len);
2784eb41 3166
a38528f1 3167 kfree(rp);
5f97c1df
JH		 3168
3169unlock:
09fd0de5 3170 hci_dev_unlock(hdev);
2784eb41
JH		 3171 return err;
3172}
3173
bdb6d971 3174static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3175 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3176{
3b0602cd 3177 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3178 int err;
3179
2e58ef3e 3180 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3181 sizeof(*cp));
96d97a67
WR		 3182 if (!cmd)
3183 return -ENOMEM;
3184
d8457698 3185 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3186 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3187 if (err < 0)
3188 mgmt_pending_remove(cmd);
3189
3190 return err;
3191}
3192
bdb6d971 3193static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3194 u16 len)
980e1a53 3195{
96d97a67 3196 struct hci_conn *conn;
650f726d 3197 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3198 struct hci_cp_pin_code_reply reply;
3b0602cd 3199 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3200 int err;
3201
3202 BT_DBG("");
3203
09fd0de5 3204 hci_dev_lock(hdev);
980e1a53 3205
4b34ee78 3206 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3207 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3208 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3209 goto failed;
3210 }
3211
d8457698 3212 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3213 if (!conn) {
a69e8375
JH		 3214 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3215 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3216 goto failed;
3217 }
3218
3219 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3220 struct mgmt_cp_pin_code_neg_reply ncp;
3221
3222 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3223
3224 BT_ERR("PIN code is not 16 bytes long");
3225
bdb6d971 3226 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3227 if (err >= 0)
a69e8375
JH		 3228 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3229 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3230
3231 goto failed;
3232 }
3233
00abfe44 3234 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3235 if (!cmd) {
3236 err = -ENOMEM;
980e1a53 3237 goto failed;
366a0336 3238 }
980e1a53 3239
7776d1d8
JH		 3240 cmd->cmd_complete = addr_cmd_complete;
3241
d8457698 3242 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3243 reply.pin_len = cp->pin_len;
24718ca5 3244 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3245
3246 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3247 if (err < 0)
a664b5bc 3248 mgmt_pending_remove(cmd);
980e1a53
JH		 3249
3250failed:
09fd0de5 3251 hci_dev_unlock(hdev);
980e1a53
JH		 3252 return err;
3253}
3254
04124681
GP		 3255static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3256 u16 len)
17fa4b9d 3257{
650f726d 3258 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3259
3260 BT_DBG("");
3261
4ec86d4c 3262 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3263 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3264 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3265
09fd0de5 3266 hci_dev_lock(hdev);
17fa4b9d
JH		 3267
3268 hdev->io_capability = cp->io_capability;
3269
3270 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3271 hdev->io_capability);
17fa4b9d 3272
09fd0de5 3273 hci_dev_unlock(hdev);
17fa4b9d 3274
2a1afb5a
JH		 3275 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3276 NULL, 0);
17fa4b9d
JH		 3277}
3278
3b0602cd 3279static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3280{
3281 struct hci_dev *hdev = conn->hdev;
3b0602cd 3282 struct mgmt_pending_cmd *cmd;
e9a416b5 3283
2e58ef3e 3284 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3285 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3286 continue;
3287
e9a416b5
JH		 3288 if (cmd->user_data != conn)
3289 continue;
3290
3291 return cmd;
3292 }
3293
3294 return NULL;
3295}
3296
3b0602cd 3297static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3298{
3299 struct mgmt_rp_pair_device rp;
3300 struct hci_conn *conn = cmd->user_data;
9df74653 3301 int err;
e9a416b5 3302
61b1a7fb
JH		 3303 bacpy(&rp.addr.bdaddr, &conn->dst);
3304 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3305
2a1afb5a
JH		 3306 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3307 status, &rp, sizeof(rp));
e9a416b5
JH		 3308
3309 /* So we don't get further callbacks for this connection */
3310 conn->connect_cfm_cb = NULL;
3311 conn->security_cfm_cb = NULL;
3312 conn->disconn_cfm_cb = NULL;
3313
76a68ba0 3314 hci_conn_drop(conn);
89cbb063
AA		 3315
3316 /* The device is paired so there is no need to remove
3317 * its connection parameters anymore.
3318 */
3319 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3320
3321 hci_conn_put(conn);
9df74653
JH		 3322
3323 return err;
e9a416b5
JH		 3324}
3325
f4a407be
JH		 3326void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3327{
3328 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3329 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3330
3331 cmd = find_pairing(conn);
a511b35b 3332 if (cmd) {
04ab2749 3333 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3334 mgmt_pending_remove(cmd);
3335 }
f4a407be
JH		 3336}
3337
e9a416b5
JH		 3338static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3339{
3b0602cd 3340 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3341
3342 BT_DBG("status %u", status);
3343
3344 cmd = find_pairing(conn);
a511b35b 3345 if (!cmd) {
e9a416b5 3346 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3347 return;
3348 }
3349
3350 cmd->cmd_complete(cmd, mgmt_status(status));
3351 mgmt_pending_remove(cmd);
e9a416b5
JH		 3352}
3353
f4a407be 3354static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3355{
3b0602cd 3356 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3357
3358 BT_DBG("status %u", status);
3359
3360 if (!status)
3361 return;
3362
3363 cmd = find_pairing(conn);
a511b35b 3364 if (!cmd) {
4c47d739 3365 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3366 return;
3367 }
3368
3369 cmd->cmd_complete(cmd, mgmt_status(status));
3370 mgmt_pending_remove(cmd);
4c47d739
VA		 3371}
3372
bdb6d971 3373static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3374 u16 len)
e9a416b5 3375{
650f726d 3376 struct mgmt_cp_pair_device *cp = data;
1425acb7 3377 struct mgmt_rp_pair_device rp;
3b0602cd 3378 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3379 u8 sec_level, auth_type;
3380 struct hci_conn *conn;
e9a416b5
JH		 3381 int err;
3382
3383 BT_DBG("");
3384
f950a30e
SJ		 3385 memset(&rp, 0, sizeof(rp));
3386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3387 rp.addr.type = cp->addr.type;
3388
4ee71b20 3389 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3391 MGMT_STATUS_INVALID_PARAMS,
3392 &rp, sizeof(rp));
4ee71b20 3393
4ec86d4c 3394 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3395 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3396 MGMT_STATUS_INVALID_PARAMS,
3397 &rp, sizeof(rp));
4ec86d4c 3398
09fd0de5 3399 hci_dev_lock(hdev);
e9a416b5 3400
5f97c1df 3401 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3403 MGMT_STATUS_NOT_POWERED, &rp,
3404 sizeof(rp));
5f97c1df
JH		 3405 goto unlock;
3406 }
3407
55e76b38
JH		 3408 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3409 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3410 MGMT_STATUS_ALREADY_PAIRED, &rp,
3411 sizeof(rp));
3412 goto unlock;
3413 }
3414
c908df36 3415 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3416 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3417
6f77d8c7 3418 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3419 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3420 auth_type);
6f77d8c7
AG		 3421 } else {
3422 u8 addr_type;
3423
3424 /* Convert from L2CAP channel address type to HCI address type
3425 */
3426 if (cp->addr.type == BDADDR_LE_PUBLIC)
3427 addr_type = ADDR_LE_DEV_PUBLIC;
3428 else
3429 addr_type = ADDR_LE_DEV_RANDOM;
3430
7c264b10
MH		 3431 /* When pairing a new device, it is expected to remember
3432 * this device for future connections. Adding the connection
3433 * parameter information ahead of time allows tracking
3434 * of the slave preferred values and will speed up any
3435 * further connection establishment.
3436 *
3437 * If connection parameters already exist, then they
3438 * will be kept and this function does nothing.
3439 */
3440 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3441
6f77d8c7 3442 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3443 sec_level, HCI_LE_CONN_TIMEOUT,
3444 HCI_ROLE_MASTER);
6f77d8c7 3445 }
7a512d01 3446
30e76272 3447 if (IS_ERR(conn)) {
489dc48e
AK		 3448 int status;
3449
3450 if (PTR_ERR(conn) == -EBUSY)
3451 status = MGMT_STATUS_BUSY;
faa81030
LR		 3452 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3453 status = MGMT_STATUS_NOT_SUPPORTED;
3454 else if (PTR_ERR(conn) == -ECONNREFUSED)
3455 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3456 else
3457 status = MGMT_STATUS_CONNECT_FAILED;
3458
2a1afb5a
JH		 3459 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3460 status, &rp, sizeof(rp));
e9a416b5
JH		 3461 goto unlock;
3462 }
3463
3464 if (conn->connect_cfm_cb) {
76a68ba0 3465 hci_conn_drop(conn);
2a1afb5a
JH		 3466 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3467 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3468 goto unlock;
3469 }
3470
2e58ef3e 3471 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3472 if (!cmd) {
3473 err = -ENOMEM;
76a68ba0 3474 hci_conn_drop(conn);
e9a416b5
JH		 3475 goto unlock;
3476 }
3477
04ab2749
JH		 3478 cmd->cmd_complete = pairing_complete;
3479
7a512d01 3480 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3481 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3482 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3483 conn->security_cfm_cb = pairing_complete_cb;
3484 conn->disconn_cfm_cb = pairing_complete_cb;
3485 } else {
3486 conn->connect_cfm_cb = le_pairing_complete_cb;
3487 conn->security_cfm_cb = le_pairing_complete_cb;
3488 conn->disconn_cfm_cb = le_pairing_complete_cb;
3489 }
7a512d01 3490
e9a416b5 3491 conn->io_capability = cp->io_cap;
f8aaf9b6 3492 cmd->user_data = hci_conn_get(conn);
e9a416b5 3493
6f78fd4b 3494 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3495 hci_conn_security(conn, sec_level, auth_type, true)) {
3496 cmd->cmd_complete(cmd, 0);
3497 mgmt_pending_remove(cmd);
3498 }
e9a416b5
JH		 3499
3500 err = 0;
3501
3502unlock:
09fd0de5 3503 hci_dev_unlock(hdev);
e9a416b5
JH		 3504 return err;
3505}
3506
04124681
GP		 3507static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3508 u16 len)
28424707 3509{
0f4e68cf 3510 struct mgmt_addr_info *addr = data;
3b0602cd 3511 struct mgmt_pending_cmd *cmd;
28424707
JH		 3512 struct hci_conn *conn;
3513 int err;
3514
3515 BT_DBG("");
3516
28424707
JH		 3517 hci_dev_lock(hdev);
3518
5f97c1df 3519 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3520 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3521 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3522 goto unlock;
3523 }
3524
333ae95d 3525 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3526 if (!cmd) {
a69e8375
JH		 3527 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3528 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3529 goto unlock;
3530 }
3531
3532 conn = cmd->user_data;
3533
3534 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3535 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3536 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3537 goto unlock;
3538 }
3539
a511b35b
JH		 3540 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3541 mgmt_pending_remove(cmd);
28424707 3542
2a1afb5a
JH		 3543 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3544 addr, sizeof(*addr));
28424707
JH		 3545unlock:
3546 hci_dev_unlock(hdev);
28424707
JH		 3547 return err;
3548}
3549
bdb6d971 3550static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3551 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3552 u16 hci_op, __le32 passkey)
a5c29683 3553{
3b0602cd 3554 struct mgmt_pending_cmd *cmd;
0df4c185 3555 struct hci_conn *conn;
a5c29683
JH		 3556 int err;
3557
09fd0de5 3558 hci_dev_lock(hdev);
08ba5382 3559
4b34ee78 3560 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3561 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3562 MGMT_STATUS_NOT_POWERED, addr,
3563 sizeof(*addr));
0df4c185 3564 goto done;
a5c29683
JH		 3565 }
3566
1707c60e
JH		 3567 if (addr->type == BDADDR_BREDR)
3568 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3569 else
1707c60e 3570 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3571
3572 if (!conn) {
2a1afb5a
JH		 3573 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3574 MGMT_STATUS_NOT_CONNECTED, addr,
3575 sizeof(*addr));
272d90df
JH		 3576 goto done;
3577 }
47c15e2b 3578
1707c60e 3579 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3580 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3581 if (!err)
2a1afb5a
JH		 3582 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3583 MGMT_STATUS_SUCCESS, addr,
3584 sizeof(*addr));
5fe57d9e 3585 else
2a1afb5a
JH		 3586 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3587 MGMT_STATUS_FAILED, addr,
3588 sizeof(*addr));
47c15e2b 3589
47c15e2b
BG		 3590 goto done;
3591 }
3592
1707c60e 3593 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3594 if (!cmd) {
3595 err = -ENOMEM;
0df4c185 3596 goto done;
a5c29683
JH		 3597 }
3598
7776d1d8
JH		 3599 cmd->cmd_complete = addr_cmd_complete;
3600
0df4c185 3601 /* Continue with pairing via HCI */
604086b7
BG		 3602 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3603 struct hci_cp_user_passkey_reply cp;
3604
1707c60e 3605 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3606 cp.passkey = passkey;
3607 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3608 } else
1707c60e
JH		 3609 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3610 &addr->bdaddr);
604086b7 3611
a664b5bc
JH		 3612 if (err < 0)
3613 mgmt_pending_remove(cmd);
a5c29683 3614
0df4c185 3615done:
09fd0de5 3616 hci_dev_unlock(hdev);
a5c29683
JH		 3617 return err;
3618}
3619
afeb019d
JK		 3620static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3621 void *data, u16 len)
3622{
3623 struct mgmt_cp_pin_code_neg_reply *cp = data;
3624
3625 BT_DBG("");
3626
1707c60e 3627 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3628 MGMT_OP_PIN_CODE_NEG_REPLY,
3629 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3630}
3631
04124681
GP		 3632static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3633 u16 len)
0df4c185 3634{
650f726d 3635 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3636
3637 BT_DBG("");
3638
3639 if (len != sizeof(*cp))
a69e8375
JH		 3640 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3641 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3642
1707c60e 3643 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3644 MGMT_OP_USER_CONFIRM_REPLY,
3645 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3646}
3647
bdb6d971 3648static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3649 void *data, u16 len)
0df4c185 3650{
c9c2659f 3651 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3652
3653 BT_DBG("");
3654
1707c60e 3655 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3656 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3657 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3658}
3659
04124681
GP		 3660static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3661 u16 len)
604086b7 3662{
650f726d 3663 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3664
3665 BT_DBG("");
3666
1707c60e 3667 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3668 MGMT_OP_USER_PASSKEY_REPLY,
3669 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3670}
3671
bdb6d971 3672static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3673 void *data, u16 len)
604086b7 3674{
650f726d 3675 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3676
3677 BT_DBG("");
3678
1707c60e 3679 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3680 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3681 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3682}
3683
13928971 3684static void update_name(struct hci_request *req)
2b4bf397 3685{
13928971 3686 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3687 struct hci_cp_write_local_name cp;
3688
13928971 3689 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3690
890ea898 3691 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3692}
3693
1904a853 3694static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3695{
3696 struct mgmt_cp_set_local_name *cp;
3b0602cd 3697 struct mgmt_pending_cmd *cmd;
13928971
JH		 3698
3699 BT_DBG("status 0x%02x", status);
3700
3701 hci_dev_lock(hdev);
3702
333ae95d 3703 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3704 if (!cmd)
3705 goto unlock;
3706
3707 cp = cmd->param;
3708
3709 if (status)
a69e8375
JH		 3710 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3711 mgmt_status(status));
13928971 3712 else
2a1afb5a
JH		 3713 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3714 cp, sizeof(*cp));
13928971
JH		 3715
3716 mgmt_pending_remove(cmd);
3717
3718unlock:
3719 hci_dev_unlock(hdev);
3720}
3721
bdb6d971 3722static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3723 u16 len)
b312b161 3724{
2b4bf397 3725 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3726 struct mgmt_pending_cmd *cmd;
890ea898 3727 struct hci_request req;
b312b161
JH		 3728 int err;
3729
3730 BT_DBG("");
3731
09fd0de5 3732 hci_dev_lock(hdev);
b312b161 3733
b3f2ca94
JH		 3734 /* If the old values are the same as the new ones just return a
3735 * direct command complete event.
3736 */
3737 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3738 !memcmp(hdev->short_name, cp->short_name,
3739 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3740 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3741 data, len);
b3f2ca94
JH		 3742 goto failed;
3743 }
3744
2b4bf397 3745 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3746
b5235a65 3747 if (!hdev_is_powered(hdev)) {
2b4bf397 3748 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3749
2a1afb5a
JH		 3750 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3751 data, len);
28cc7bde
JH		 3752 if (err < 0)
3753 goto failed;
3754
f6b7712e
MH		 3755 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3756 data, len, sk);
28cc7bde 3757
b5235a65
JH		 3758 goto failed;
3759 }
3760
28cc7bde 3761 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3762 if (!cmd) {
3763 err = -ENOMEM;
3764 goto failed;
3765 }
3766
13928971
JH		 3767 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3768
890ea898 3769 hci_req_init(&req, hdev);
3f985050
JH		 3770
3771 if (lmp_bredr_capable(hdev)) {
3772 update_name(&req);
3773 update_eir(&req);
3774 }
3775
7a5f4990
MH		 3776 /* The name is stored in the scan response data and so
3777 * no need to udpate the advertising data here.
3778 */
3f985050 3779 if (lmp_le_capable(hdev))
7a5f4990 3780 update_scan_rsp_data(&req);
3f985050 3781
13928971 3782 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3783 if (err < 0)
3784 mgmt_pending_remove(cmd);
3785
3786failed:
09fd0de5 3787 hci_dev_unlock(hdev);
b312b161
JH		 3788 return err;
3789}
3790
1b9441f8
JH		 3791static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3792 u16 opcode, struct sk_buff *skb)
3793{
3794 struct mgmt_rp_read_local_oob_data mgmt_rp;
3795 size_t rp_size = sizeof(mgmt_rp);
3796 struct mgmt_pending_cmd *cmd;
3797
3798 BT_DBG("%s status %u", hdev->name, status);
3799
3800 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3801 if (!cmd)
3802 return;
3803
3804 if (status || !skb) {
3805 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3806 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3807 goto remove;
3808 }
3809
3810 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3811
3812 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3813 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3814
3815 if (skb->len < sizeof(*rp)) {
3816 mgmt_cmd_status(cmd->sk, hdev->id,
3817 MGMT_OP_READ_LOCAL_OOB_DATA,
3818 MGMT_STATUS_FAILED);
3819 goto remove;
3820 }
3821
3822 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3823 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3824
3825 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3826 } else {
3827 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3828
3829 if (skb->len < sizeof(*rp)) {
3830 mgmt_cmd_status(cmd->sk, hdev->id,
3831 MGMT_OP_READ_LOCAL_OOB_DATA,
3832 MGMT_STATUS_FAILED);
3833 goto remove;
3834 }
3835
3836 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3837 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3838
3839 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3840 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3841 }
3842
3843 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3844 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3845
3846remove:
3847 mgmt_pending_remove(cmd);
3848}
3849
0f4e68cf 3850static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3851 void *data, u16 data_len)
c35938b2 3852{
3b0602cd 3853 struct mgmt_pending_cmd *cmd;
1b9441f8 3854 struct hci_request req;
c35938b2
SJ		 3855 int err;
3856
bdb6d971 3857 BT_DBG("%s", hdev->name);
c35938b2 3858
09fd0de5 3859 hci_dev_lock(hdev);
c35938b2 3860
4b34ee78 3861 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3862 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3863 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3864 goto unlock;
3865 }
3866
9a1a1996 3867 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3868 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3869 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3870 goto unlock;
3871 }
3872
333ae95d 3873 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3874 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3875 MGMT_STATUS_BUSY);
c35938b2
SJ		 3876 goto unlock;
3877 }
3878
2e58ef3e 3879 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3880 if (!cmd) {
3881 err = -ENOMEM;
3882 goto unlock;
3883 }
3884
1b9441f8
JH		 3885 hci_req_init(&req, hdev);
3886
710f11c0 3887 if (bredr_sc_enabled(hdev))
1b9441f8 3888 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3889 else
1b9441f8 3890 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3891
1b9441f8 3892 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3893 if (err < 0)
3894 mgmt_pending_remove(cmd);
3895
3896unlock:
09fd0de5 3897 hci_dev_unlock(hdev);
c35938b2
SJ		 3898 return err;
3899}
3900
bdb6d971 3901static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3902 void *data, u16 len)
2763eda6 3903{
5d57e796 3904 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3905 int err;
3906
bdb6d971 3907 BT_DBG("%s ", hdev->name);
2763eda6 3908
5d57e796 3909 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3910 return mgmt_cmd_complete(sk, hdev->id,
3911 MGMT_OP_ADD_REMOTE_OOB_DATA,
3912 MGMT_STATUS_INVALID_PARAMS,
3913 addr, sizeof(*addr));
5d57e796 3914
09fd0de5 3915 hci_dev_lock(hdev);
2763eda6 3916
ec109113
MH		 3917 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3918 struct mgmt_cp_add_remote_oob_data *cp = data;
3919 u8 status;
bf1e3541 3920
c19a495c 3921 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3922 err = mgmt_cmd_complete(sk, hdev->id,
3923 MGMT_OP_ADD_REMOTE_OOB_DATA,
3924 MGMT_STATUS_INVALID_PARAMS,
3925 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3926 goto unlock;
3927 }
3928
ec109113 3929 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3930 cp->addr.type, cp->hash,
3931 cp->rand, NULL, NULL);
ec109113
MH		 3932 if (err < 0)
3933 status = MGMT_STATUS_FAILED;
3934 else
3935 status = MGMT_STATUS_SUCCESS;
3936
2a1afb5a
JH		 3937 err = mgmt_cmd_complete(sk, hdev->id,
3938 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3939 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3940 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3941 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3942 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3943 u8 status;
3944
86df9200 3945 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3946 /* Enforce zero-valued 192-bit parameters as
3947 * long as legacy SMP OOB isn't implemented.
3948 */
3949 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3950 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3951 err = mgmt_cmd_complete(sk, hdev->id,
3952 MGMT_OP_ADD_REMOTE_OOB_DATA,
3953 MGMT_STATUS_INVALID_PARAMS,
3954 addr, sizeof(*addr));
d25b78e2
JH		 3955 goto unlock;
3956 }
3957
86df9200
JH		 3958 rand192 = NULL;
3959 hash192 = NULL;
3960 } else {
41bcfd50
MH		 3961 /* In case one of the P-192 values is set to zero,
3962 * then just disable OOB data for P-192.
3963 */
3964 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3965 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3966 rand192 = NULL;
3967 hash192 = NULL;
3968 } else {
3969 rand192 = cp->rand192;
3970 hash192 = cp->hash192;
3971 }
3972 }
3973
3974 /* In case one of the P-256 values is set to zero, then just
3975 * disable OOB data for P-256.
3976 */
3977 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3978 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3979 rand256 = NULL;
3980 hash256 = NULL;
3981 } else {
3982 rand256 = cp->rand256;
3983 hash256 = cp->hash256;
86df9200
JH		 3984 }
3985
81328d5c 3986 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3987 cp->addr.type, hash192, rand192,
41bcfd50 3988 hash256, rand256);
ec109113
MH		 3989 if (err < 0)
3990 status = MGMT_STATUS_FAILED;
3991 else
3992 status = MGMT_STATUS_SUCCESS;
3993
2a1afb5a
JH		 3994 err = mgmt_cmd_complete(sk, hdev->id,
3995 MGMT_OP_ADD_REMOTE_OOB_DATA,
3996 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3997 } else {
3998 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3999 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
4000 MGMT_STATUS_INVALID_PARAMS);
ec109113 4001 }
2763eda6 4002
c19a495c 4003unlock:
09fd0de5 4004 hci_dev_unlock(hdev);
2763eda6
SJ		 4005 return err;
4006}
4007
bdb6d971 4008static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 4009 void *data, u16 len)
2763eda6 4010{
650f726d 4011 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 4012 u8 status;
2763eda6
SJ		 4013 int err;
4014
bdb6d971 4015 BT_DBG("%s", hdev->name);
2763eda6 4016
c19a495c 4017 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 4018 return mgmt_cmd_complete(sk, hdev->id,
4019 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4020 MGMT_STATUS_INVALID_PARAMS,
4021 &cp->addr, sizeof(cp->addr));
c19a495c 4022
09fd0de5 4023 hci_dev_lock(hdev);
2763eda6 4024
eedbd581
JH		 4025 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
4026 hci_remote_oob_data_clear(hdev);
4027 status = MGMT_STATUS_SUCCESS;
4028 goto done;
4029 }
4030
6928a924 4031 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 4032 if (err < 0)
bf1e3541 4033 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 4034 else
a6785be2 4035 status = MGMT_STATUS_SUCCESS;
bf1e3541 4036
eedbd581 4037done:
2a1afb5a
JH		 4038 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
4039 status, &cp->addr, sizeof(cp->addr));
2763eda6 4040
09fd0de5 4041 hci_dev_unlock(hdev);
2763eda6
SJ		 4042 return err;
4043}
4044
812abb13 4045static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
41dc2bd6 4046{
8019044d 4047 struct hci_dev *hdev = req->hdev;
812abb13 4048 struct hci_cp_inquiry cp;
8019044d
MH		 4049 /* General inquiry access code (GIAC) */
4050 u8 lap[3] = { 0x33, 0x8b, 0x9e };
812abb13
JP		 4051
4052 *status = mgmt_bredr_support(hdev);
4053 if (*status)
4054 return false;
4055
4056 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
4057 *status = MGMT_STATUS_BUSY;
4058 return false;
4059 }
4060
4061 hci_inquiry_cache_flush(hdev);
4062
4063 memset(&cp, 0, sizeof(cp));
4064 memcpy(&cp.lap, lap, sizeof(cp.lap));
4065 cp.length = DISCOV_BREDR_INQUIRY_LEN;
4066
4067 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
4068
4069 return true;
4070}
4071
4072static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
4073{
4074 struct hci_dev *hdev = req->hdev;
4075 struct hci_cp_le_set_scan_param param_cp;
4076 struct hci_cp_le_set_scan_enable enable_cp;
8019044d 4077 u8 own_addr_type;
41dc2bd6
AG		 4078 int err;
4079
812abb13
JP		 4080 *status = mgmt_le_support(hdev);
4081 if (*status)
4082 return false;
41dc2bd6 4083
812abb13
JP		 4084 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
4085 /* Don't let discovery abort an outgoing connection attempt
4086 * that's using directed advertising.
4087 */
4088 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
4089 *status = MGMT_STATUS_REJECTED;
8019044d
MH		 4090 return false;
4091 }
41dc2bd6 4092
812abb13
JP		 4093 disable_advertising(req);
4094 }
41dc2bd6 4095
812abb13
JP		 4096 /* If controller is scanning, it means the background scanning is
4097 * running. Thus, we should temporarily stop it in order to set the
4098 * discovery scanning parameters.
4099 */
4100 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
4101 hci_req_add_le_scan_disable(req);
41dc2bd6 4102
812abb13
JP		 4103 /* All active scans will be done with either a resolvable private
4104 * address (when privacy feature has been enabled) or non-resolvable
4105 * private address.
4106 */
4107 err = hci_update_random_address(req, true, &own_addr_type);
4108 if (err < 0) {
4109 *status = MGMT_STATUS_FAILED;
4110 return false;
4111 }
8019044d 4112
812abb13
JP		 4113 memset(&param_cp, 0, sizeof(param_cp));
4114 param_cp.type = LE_SCAN_ACTIVE;
4115 param_cp.interval = cpu_to_le16(interval);
4116 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
4117 param_cp.own_address_type = own_addr_type;
8019044d 4118
812abb13
JP		 4119 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4120 &param_cp);
8019044d 4121
812abb13
JP		 4122 memset(&enable_cp, 0, sizeof(enable_cp));
4123 enable_cp.enable = LE_SCAN_ENABLE;
4124 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
8019044d 4125
812abb13
JP		 4126 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4127 &enable_cp);
4128
4129 return true;
4130}
8019044d 4131
812abb13
JP		 4132static bool trigger_discovery(struct hci_request *req, u8 *status)
4133{
4134 struct hci_dev *hdev = req->hdev;
8019044d 4135
812abb13
JP		 4136 switch (hdev->discovery.type) {
4137 case DISCOV_TYPE_BREDR:
4138 if (!trigger_bredr_inquiry(req, status))
4139 return false;
4140 break;
4141
4142 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4143 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4144 &hdev->quirks)) {
4145 /* During simultaneous discovery, we double LE scan
4146 * interval. We must leave some time for the controller
4147 * to do BR/EDR inquiry.
4148 */
4149 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4150 status))
4151 return false;
4152
4153 if (!trigger_bredr_inquiry(req, status))
4154 return false;
4155
4156 return true;
4157 }
4158
812abb13
JP		 4159 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4160 *status = MGMT_STATUS_NOT_SUPPORTED;
8019044d
MH		 4161 return false;
4162 }
812abb13 4163 /* fall through */
8019044d 4164
812abb13
JP		 4165 case DISCOV_TYPE_LE:
4166 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4167 return false;
8019044d
MH		 4168 break;
4169
4170 default:
4171 *status = MGMT_STATUS_INVALID_PARAMS;
4172 return false;
4173 }
4174
4175 return true;
41dc2bd6
AG		 4176}
4177
1904a853
MH		 4178static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4179 u16 opcode)
7c307720 4180{
3b0602cd 4181 struct mgmt_pending_cmd *cmd;
11e6e25d 4182 unsigned long timeout;
ae55f598 4183
7c307720
AG		 4184 BT_DBG("status %d", status);
4185
11e6e25d 4186 hci_dev_lock(hdev);
41dc2bd6 4187
333ae95d 4188 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 4189 if (!cmd)
333ae95d 4190 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 4191
11e6e25d 4192 if (cmd) {
2922a94f 4193 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4194 mgmt_pending_remove(cmd);
4195 }
7c307720
AG		 4196
4197 if (status) {
11e6e25d
MH		 4198 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4199 goto unlock;
7c307720
AG		 4200 }
4201
7c307720 4202 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 4203
2d28cfe7
JP		 4204 /* If the scan involves LE scan, pick proper timeout to schedule
4205 * hdev->le_scan_disable that will stop it.
4206 */
7c307720
AG		 4207 switch (hdev->discovery.type) {
4208 case DISCOV_TYPE_LE:
3d5a76f0 4209 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 4210 break;
7c307720 4211 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4212 /* When running simultaneous discovery, the LE scanning time
4213 * should occupy the whole discovery time sine BR/EDR inquiry
4214 * and LE scanning are scheduled by the controller.
4215 *
4216 * For interleaving discovery in comparison, BR/EDR inquiry
4217 * and LE scanning are done sequentially with separate
4218 * timeouts.
4219 */
4220 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4221 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4222 else
4223 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 4224 break;
7c307720 4225 case DISCOV_TYPE_BREDR:
11e6e25d 4226 timeout = 0;
7c307720 4227 break;
7c307720
AG		 4228 default:
4229 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 4230 timeout = 0;
4231 break;
7c307720 4232 }
ae55f598 4233
2d28cfe7
JP		 4234 if (timeout) {
4235 /* When service discovery is used and the controller has
4236 * a strict duplicate filter, it is important to remember
4237 * the start and duration of the scan. This is required
4238 * for restarting scanning during the discovery phase.
4239 */
4240 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4241 &hdev->quirks) &&
82f8b651 4242 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4243 hdev->discovery.scan_start = jiffies;
4244 hdev->discovery.scan_duration = timeout;
4245 }
4246
11e6e25d
MH		 4247 queue_delayed_work(hdev->workqueue,
4248 &hdev->le_scan_disable, timeout);
2d28cfe7 4249 }
ae55f598 4250
11e6e25d
MH		 4251unlock:
4252 hci_dev_unlock(hdev);
7c307720
AG		 4253}
4254
bdb6d971 4255static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4256 void *data, u16 len)
14a53664 4257{
650f726d 4258 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4259 struct mgmt_pending_cmd *cmd;
7c307720 4260 struct hci_request req;
8019044d 4261 u8 status;
14a53664
JH		 4262 int err;
4263
bdb6d971 4264 BT_DBG("%s", hdev->name);
14a53664 4265
09fd0de5 4266 hci_dev_lock(hdev);
14a53664 4267
4b34ee78 4268 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4269 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4270 MGMT_STATUS_NOT_POWERED,
4271 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4272 goto failed;
4273 }
4274
f5a969f2 4275 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4276 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4278 MGMT_STATUS_BUSY, &cp->type,
4279 sizeof(cp->type));
642be6c7
AG		 4280 goto failed;
4281 }
4282
2922a94f 4283 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4284 if (!cmd) {
4285 err = -ENOMEM;
4286 goto failed;
4287 }
4288
2922a94f
JH		 4289 cmd->cmd_complete = generic_cmd_complete;
4290
22078800
MH		 4291 /* Clear the discovery filter first to free any previously
4292 * allocated memory for the UUID list.
4293 */
4294 hci_discovery_filter_clear(hdev);
4295
4aab14e5 4296 hdev->discovery.type = cp->type;
da25cf6a 4297 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4298
7c307720
AG		 4299 hci_req_init(&req, hdev);
4300
8019044d 4301 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4302 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4303 status, &cp->type, sizeof(cp->type));
04106755
JH		 4304 mgmt_pending_remove(cmd);
4305 goto failed;
f39799f5 4306 }
04106755 4307
7c307720 4308 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4309 if (err < 0) {
14a53664 4310 mgmt_pending_remove(cmd);
f5a969f2
MH		 4311 goto failed;
4312 }
7c307720 4313
f5a969f2 4314 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4315
14a53664 4316failed:
09fd0de5 4317 hci_dev_unlock(hdev);
14a53664
JH		 4318 return err;
4319}
f39799f5 4320
3b0602cd
JH		 4321static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4322 u8 status)
2922a94f 4323{
2a1afb5a
JH		 4324 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4325 cmd->param, 1);
2922a94f 4326}
04106755 4327
66ea9427
JP		 4328static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4329 void *data, u16 len)
4330{
4331 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4332 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4333 struct hci_request req;
4334 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4335 u16 uuid_count, expected_len;
4336 u8 status;
4337 int err;
04106755 4338
66ea9427 4339 BT_DBG("%s", hdev->name);
e8bb6b97 4340
66ea9427 4341 hci_dev_lock(hdev);
7c307720 4342
66ea9427 4343 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4344 err = mgmt_cmd_complete(sk, hdev->id,
4345 MGMT_OP_START_SERVICE_DISCOVERY,
4346 MGMT_STATUS_NOT_POWERED,
4347 &cp->type, sizeof(cp->type));
66ea9427
JP		 4348 goto failed;
4349 }
7c307720 4350
66ea9427 4351 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4352 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4353 err = mgmt_cmd_complete(sk, hdev->id,
4354 MGMT_OP_START_SERVICE_DISCOVERY,
4355 MGMT_STATUS_BUSY, &cp->type,
4356 sizeof(cp->type));
66ea9427
JP		 4357 goto failed;
4358 }
d9483943 4359
66ea9427
JP		 4360 uuid_count = __le16_to_cpu(cp->uuid_count);
4361 if (uuid_count > max_uuid_count) {
4362 BT_ERR("service_discovery: too big uuid_count value %u",
4363 uuid_count);
2a1afb5a
JH		 4364 err = mgmt_cmd_complete(sk, hdev->id,
4365 MGMT_OP_START_SERVICE_DISCOVERY,
4366 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4367 sizeof(cp->type));
66ea9427
JP		 4368 goto failed;
4369 }
4370
4371 expected_len = sizeof(*cp) + uuid_count * 16;
4372 if (expected_len != len) {
4373 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4374 expected_len, len);
2a1afb5a
JH		 4375 err = mgmt_cmd_complete(sk, hdev->id,
4376 MGMT_OP_START_SERVICE_DISCOVERY,
4377 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4378 sizeof(cp->type));
66ea9427
JP		 4379 goto failed;
4380 }
4381
4382 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4383 hdev, data, len);
66ea9427
JP		 4384 if (!cmd) {
4385 err = -ENOMEM;
4386 goto failed;
4387 }
4388
2922a94f
JH		 4389 cmd->cmd_complete = service_discovery_cmd_complete;
4390
22078800
MH		 4391 /* Clear the discovery filter first to free any previously
4392 * allocated memory for the UUID list.
4393 */
4394 hci_discovery_filter_clear(hdev);
4395
82f8b651 4396 hdev->discovery.result_filtering = true;
66ea9427
JP		 4397 hdev->discovery.type = cp->type;
4398 hdev->discovery.rssi = cp->rssi;
4399 hdev->discovery.uuid_count = uuid_count;
4400
4401 if (uuid_count > 0) {
4402 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4403 GFP_KERNEL);
4404 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4405 err = mgmt_cmd_complete(sk, hdev->id,
4406 MGMT_OP_START_SERVICE_DISCOVERY,
4407 MGMT_STATUS_FAILED,
4408 &cp->type, sizeof(cp->type));
d9483943
JH		 4409 mgmt_pending_remove(cmd);
4410 goto failed;
4411 }
66ea9427 4412 }
d9483943 4413
66ea9427 4414 hci_req_init(&req, hdev);
5e0452c0 4415
66ea9427 4416 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4417 err = mgmt_cmd_complete(sk, hdev->id,
4418 MGMT_OP_START_SERVICE_DISCOVERY,
4419 status, &cp->type, sizeof(cp->type));
04106755
JH		 4420 mgmt_pending_remove(cmd);
4421 goto failed;
f39799f5 4422 }
3fd24153 4423
7c307720 4424 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4425 if (err < 0) {
14a53664 4426 mgmt_pending_remove(cmd);
66ea9427
JP		 4427 goto failed;
4428 }
4429
4430 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4431
4432failed:
09fd0de5 4433 hci_dev_unlock(hdev);
14a53664
JH		 4434 return err;
4435}
4436
1904a853 4437static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4438{
3b0602cd 4439 struct mgmt_pending_cmd *cmd;
1183fdca 4440
0e05bba6
AG		 4441 BT_DBG("status %d", status);
4442
4443 hci_dev_lock(hdev);
4444
333ae95d 4445 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4446 if (cmd) {
2922a94f 4447 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4448 mgmt_pending_remove(cmd);
0e05bba6
AG		 4449 }
4450
11e6e25d
MH		 4451 if (!status)
4452 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4453
0e05bba6
AG		 4454 hci_dev_unlock(hdev);
4455}
4456
bdb6d971 4457static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4458 u16 len)
14a53664 4459{
d930650b 4460 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4461 struct mgmt_pending_cmd *cmd;
0e05bba6 4462 struct hci_request req;
14a53664
JH		 4463 int err;
4464
bdb6d971 4465 BT_DBG("%s", hdev->name);
14a53664 4466
09fd0de5 4467 hci_dev_lock(hdev);
14a53664 4468
30dc78e1 4469 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4470 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4471 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4472 sizeof(mgmt_cp->type));
d930650b
JH		 4473 goto unlock;
4474 }
4475
4476 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4477 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4478 MGMT_STATUS_INVALID_PARAMS,
4479 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4480 goto unlock;
ff9ef578
JH		 4481 }
4482
2922a94f 4483 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4484 if (!cmd) {
4485 err = -ENOMEM;
30dc78e1
JH		 4486 goto unlock;
4487 }
4488
2922a94f
JH		 4489 cmd->cmd_complete = generic_cmd_complete;
4490
0e05bba6
AG		 4491 hci_req_init(&req, hdev);
4492
21a60d30 4493 hci_stop_discovery(&req);
e0d9727e 4494
21a60d30
JH		 4495 err = hci_req_run(&req, stop_discovery_complete);
4496 if (!err) {
4497 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4498 goto unlock;
14a53664
JH		 4499 }
4500
21a60d30
JH		 4501 mgmt_pending_remove(cmd);
4502
4503 /* If no HCI commands were sent we're done */
4504 if (err == -ENODATA) {
2a1afb5a
JH		 4505 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4506 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4507 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4508 }
14a53664 4509
30dc78e1 4510unlock:
09fd0de5 4511 hci_dev_unlock(hdev);
14a53664
JH		 4512 return err;
4513}
4514
bdb6d971 4515static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4516 u16 len)
561aafbc 4517{
650f726d 4518 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4519 struct inquiry_entry *e;
561aafbc
JH		 4520 int err;
4521
bdb6d971 4522 BT_DBG("%s", hdev->name);
561aafbc 4523
561aafbc
JH		 4524 hci_dev_lock(hdev);
4525
30dc78e1 4526 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4527 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4528 MGMT_STATUS_FAILED, &cp->addr,
4529 sizeof(cp->addr));
30dc78e1
JH		 4530 goto failed;
4531 }
4532
a198e7b1 4533 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4534 if (!e) {
2a1afb5a
JH		 4535 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4536 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4537 sizeof(cp->addr));
561aafbc
JH		 4538 goto failed;
4539 }
4540
4541 if (cp->name_known) {
4542 e->name_state = NAME_KNOWN;
4543 list_del(&e->list);
4544 } else {
4545 e->name_state = NAME_NEEDED;
a3d4e20a 4546 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4547 }
4548
2a1afb5a
JH		 4549 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4550 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4551
4552failed:
4553 hci_dev_unlock(hdev);
561aafbc
JH		 4554 return err;
4555}
4556
bdb6d971 4557static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4558 u16 len)
7fbec224 4559{
650f726d 4560 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4561 u8 status;
7fbec224
AJ		 4562 int err;
4563
bdb6d971 4564 BT_DBG("%s", hdev->name);
7fbec224 4565
4ee71b20 4566 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4567 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4568 MGMT_STATUS_INVALID_PARAMS,
4569 &cp->addr, sizeof(cp->addr));
4ee71b20 4570
09fd0de5 4571 hci_dev_lock(hdev);
5e762444 4572
dcc36c16
JH		 4573 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4574 cp->addr.type);
2a8357f2 4575 if (err < 0) {
f0eeea8b 4576 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4577 goto done;
4578 }
4579
4580 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4581 sk);
4582 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4583
2a8357f2 4584done:
2a1afb5a
JH		 4585 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4586 &cp->addr, sizeof(cp->addr));
5e762444 4587
09fd0de5 4588 hci_dev_unlock(hdev);
7fbec224
AJ		 4589
4590 return err;
4591}
4592
bdb6d971 4593static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4594 u16 len)
7fbec224 4595{
650f726d 4596 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4597 u8 status;
7fbec224
AJ		 4598 int err;
4599
bdb6d971 4600 BT_DBG("%s", hdev->name);
7fbec224 4601
4ee71b20 4602 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4603 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4604 MGMT_STATUS_INVALID_PARAMS,
4605 &cp->addr, sizeof(cp->addr));
4ee71b20 4606
09fd0de5 4607 hci_dev_lock(hdev);
5e762444 4608
dcc36c16
JH		 4609 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4610 cp->addr.type);
2a8357f2 4611 if (err < 0) {
f0eeea8b 4612 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4613 goto done;
4614 }
4615
4616 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4617 sk);
4618 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4619
2a8357f2 4620done:
2a1afb5a
JH		 4621 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4622 &cp->addr, sizeof(cp->addr));
5e762444 4623
09fd0de5 4624 hci_dev_unlock(hdev);
7fbec224
AJ		 4625
4626 return err;
4627}
4628
cdbaccca
MH		 4629static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4630 u16 len)
4631{
4632 struct mgmt_cp_set_device_id *cp = data;
890ea898 4633 struct hci_request req;
cdbaccca 4634 int err;
c72d4b8a 4635 __u16 source;
cdbaccca
MH		 4636
4637 BT_DBG("%s", hdev->name);
4638
c72d4b8a
SJ		 4639 source = __le16_to_cpu(cp->source);
4640
4641 if (source > 0x0002)
a69e8375
JH		 4642 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4643 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4644
cdbaccca
MH		 4645 hci_dev_lock(hdev);
4646
c72d4b8a 4647 hdev->devid_source = source;
cdbaccca
MH		 4648 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4649 hdev->devid_product = __le16_to_cpu(cp->product);
4650 hdev->devid_version = __le16_to_cpu(cp->version);
4651
2a1afb5a
JH		 4652 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4653 NULL, 0);
cdbaccca 4654
890ea898
JH		 4655 hci_req_init(&req, hdev);
4656 update_eir(&req);
4657 hci_req_run(&req, NULL);
cdbaccca
MH		 4658
4659 hci_dev_unlock(hdev);
4660
4661 return err;
4662}
4663
24b4f38f
AU		 4664static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4665 u16 opcode)
4666{
4667 BT_DBG("status %d", status);
4668}
4669
1904a853
MH		 4670static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4671 u16 opcode)
4375f103
JH		 4672{
4673 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4674 struct hci_request req;
4375f103 4675
3ad67582
JK		 4676 hci_dev_lock(hdev);
4677
4375f103
JH		 4678 if (status) {
4679 u8 mgmt_err = mgmt_status(status);
4680
4681 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4682 cmd_status_rsp, &mgmt_err);
3ad67582 4683 goto unlock;
4375f103
JH		 4684 }
4685
d7a5a11d 4686 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4687 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4688 else
a358dc11 4689 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4690
4375f103
JH		 4691 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4692 &match);
4693
4694 new_settings(hdev, match.sk);
4695
4696 if (match.sk)
4697 sock_put(match.sk);
3ad67582 4698
24b4f38f
AU		 4699 /* If "Set Advertising" was just disabled and instance advertising was
4700 * set up earlier, then enable the advertising instance.
4701 */
4702 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
4703 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
4704 goto unlock;
4705
4706 hci_req_init(&req, hdev);
4707
4708 update_adv_data(&req);
4709 enable_advertising(&req);
4710
4711 if (hci_req_run(&req, enable_advertising_instance) < 0)
4712 BT_ERR("Failed to re-configure advertising");
4713
3ad67582
JK		 4714unlock:
4715 hci_dev_unlock(hdev);
4375f103
JH		 4716}
4717
21b5187f
MH		 4718static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4719 u16 len)
4375f103
JH		 4720{
4721 struct mgmt_mode *cp = data;
3b0602cd 4722 struct mgmt_pending_cmd *cmd;
4375f103 4723 struct hci_request req;
cc91cb04 4724 u8 val, status;
4375f103
JH		 4725 int err;
4726
4727 BT_DBG("request for %s", hdev->name);
4728
e6fe7986
JH		 4729 status = mgmt_le_support(hdev);
4730 if (status)
a69e8375
JH		 4731 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4732 status);
4375f103 4733
cc91cb04 4734 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4735 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4736 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4737
4738 hci_dev_lock(hdev);
4739
4740 val = !!cp->val;
4375f103 4741
f74ca9b8
JH		 4742 /* The following conditions are ones which mean that we should
4743 * not do any HCI communication but directly send a mgmt
4744 * response to user space (after toggling the flag if
4745 * necessary).
4746 */
cc91cb04 4747 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4748 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4749 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4750 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4751 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4752 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4753 bool changed;
4375f103 4754
cc91cb04 4755 if (cp->val) {
238be788 4756 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4757 if (cp->val == 0x02)
a1536da2 4758 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4759 else
a358dc11 4760 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4761 } else {
a69d8927 4762 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4763 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4764 }
4765
4766 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4767 if (err < 0)
4768 goto unlock;
4769
4770 if (changed)
4771 err = new_settings(hdev, sk);
4772
4773 goto unlock;
4774 }
4775
333ae95d
JH		 4776 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4777 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4778 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4779 MGMT_STATUS_BUSY);
4375f103
JH		 4780 goto unlock;
4781 }
4782
4783 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4784 if (!cmd) {
4785 err = -ENOMEM;
4786 goto unlock;
4787 }
4788
4789 hci_req_init(&req, hdev);
4790
cc91cb04 4791 if (cp->val == 0x02)
a1536da2 4792 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4793 else
a358dc11 4794 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4795
24b4f38f
AU		 4796 if (val) {
4797 /* Switch to instance "0" for the Set Advertising setting. */
efae002c
FG		 4798 update_inst_adv_data(&req, 0x00);
4799 update_inst_scan_rsp_data(&req, 0x00);
bba3aa55 4800 enable_advertising(&req);
24b4f38f 4801 } else {
bba3aa55 4802 disable_advertising(&req);
24b4f38f 4803 }
4375f103
JH		 4804
4805 err = hci_req_run(&req, set_advertising_complete);
4806 if (err < 0)
4807 mgmt_pending_remove(cmd);
4808
4809unlock:
4810 hci_dev_unlock(hdev);
4811 return err;
4812}
4813
d13eafce
MH		 4814static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4815 void *data, u16 len)
4816{
4817 struct mgmt_cp_set_static_address *cp = data;
4818 int err;
4819
4820 BT_DBG("%s", hdev->name);
4821
62af4443 4822 if (!lmp_le_capable(hdev))
a69e8375
JH		 4823 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4824 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4825
4826 if (hdev_is_powered(hdev))
a69e8375
JH		 4827 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4828 MGMT_STATUS_REJECTED);
d13eafce
MH		 4829
4830 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4831 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4832 return mgmt_cmd_status(sk, hdev->id,
4833 MGMT_OP_SET_STATIC_ADDRESS,
4834 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4835
4836 /* Two most significant bits shall be set */
4837 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4838 return mgmt_cmd_status(sk, hdev->id,
4839 MGMT_OP_SET_STATIC_ADDRESS,
4840 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4841 }
4842
4843 hci_dev_lock(hdev);
4844
4845 bacpy(&hdev->static_addr, &cp->bdaddr);
4846
93690c22
MH		 4847 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4848 if (err < 0)
4849 goto unlock;
4850
4851 err = new_settings(hdev, sk);
d13eafce 4852
93690c22 4853unlock:
d13eafce 4854 hci_dev_unlock(hdev);
d13eafce
MH		 4855 return err;
4856}
4857
14b49b9a
MH		 4858static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4859 void *data, u16 len)
4860{
4861 struct mgmt_cp_set_scan_params *cp = data;
4862 __u16 interval, window;
4863 int err;
4864
4865 BT_DBG("%s", hdev->name);
4866
4867 if (!lmp_le_capable(hdev))
a69e8375
JH		 4868 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4869 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4870
4871 interval = __le16_to_cpu(cp->interval);
4872
4873 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4874 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4875 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4876
4877 window = __le16_to_cpu(cp->window);
4878
4879 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4880 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4881 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4882
899e1075 4883 if (window > interval)
a69e8375
JH		 4884 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4885 MGMT_STATUS_INVALID_PARAMS);
899e1075 4886
14b49b9a
MH		 4887 hci_dev_lock(hdev);
4888
4889 hdev->le_scan_interval = interval;
4890 hdev->le_scan_window = window;
4891
2a1afb5a
JH		 4892 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4893 NULL, 0);
14b49b9a 4894
dd2ef8e2
AG		 4895 /* If background scan is running, restart it so new parameters are
4896 * loaded.
4897 */
d7a5a11d 4898 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4899 hdev->discovery.state == DISCOVERY_STOPPED) {
4900 struct hci_request req;
4901
4902 hci_req_init(&req, hdev);
4903
4904 hci_req_add_le_scan_disable(&req);
4905 hci_req_add_le_passive_scan(&req);
4906
4907 hci_req_run(&req, NULL);
4908 }
4909
14b49b9a
MH		 4910 hci_dev_unlock(hdev);
4911
4912 return err;
4913}
4914
1904a853
MH		 4915static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4916 u16 opcode)
33e38b3e 4917{
3b0602cd 4918 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4919
4920 BT_DBG("status 0x%02x", status);
4921
4922 hci_dev_lock(hdev);
4923
333ae95d 4924 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4925 if (!cmd)
4926 goto unlock;
4927
4928 if (status) {
a69e8375
JH		 4929 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4930 mgmt_status(status));
33e38b3e 4931 } else {
1a4d3c4b
JH		 4932 struct mgmt_mode *cp = cmd->param;
4933
4934 if (cp->val)
a1536da2 4935 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4936 else
a358dc11 4937 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4938
33e38b3e
JH		 4939 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4940 new_settings(hdev, cmd->sk);
4941 }
4942
4943 mgmt_pending_remove(cmd);
4944
4945unlock:
4946 hci_dev_unlock(hdev);
4947}
4948
bdb6d971 4949static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4950 void *data, u16 len)
f6422ec6 4951{
650f726d 4952 struct mgmt_mode *cp = data;
3b0602cd 4953 struct mgmt_pending_cmd *cmd;
33e38b3e 4954 struct hci_request req;
f6422ec6
AJ		 4955 int err;
4956
bdb6d971 4957 BT_DBG("%s", hdev->name);
f6422ec6 4958
d7a5a11d 4959 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4960 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4961 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4962 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4963
a7e80f25 4964 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4965 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4966 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4967
f6422ec6
AJ		 4968 hci_dev_lock(hdev);
4969
333ae95d 4970 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4971 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4972 MGMT_STATUS_BUSY);
05cbf29f
JH		 4973 goto unlock;
4974 }
4975
d7a5a11d 4976 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4977 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4978 hdev);
4979 goto unlock;
4980 }
4981
406ef2a6 4982 if (!hdev_is_powered(hdev)) {
ce05d603 4983 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4984 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4985 hdev);
4986 new_settings(hdev, sk);
4987 goto unlock;
4988 }
4989
33e38b3e
JH		 4990 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4991 data, len);
4992 if (!cmd) {
4993 err = -ENOMEM;
4994 goto unlock;
f6422ec6
AJ		 4995 }
4996
33e38b3e
JH		 4997 hci_req_init(&req, hdev);
4998
406d7804 4999 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 5000
5001 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 5002 if (err < 0) {
a69e8375
JH		 5003 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5004 MGMT_STATUS_FAILED);
33e38b3e 5005 mgmt_pending_remove(cmd);
f6422ec6
AJ		 5006 }
5007
33e38b3e 5008unlock:
f6422ec6 5009 hci_dev_unlock(hdev);
33e38b3e 5010
f6422ec6
AJ		 5011 return err;
5012}
5013
1904a853 5014static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 5015{
3b0602cd 5016 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 5017
5018 BT_DBG("status 0x%02x", status);
5019
5020 hci_dev_lock(hdev);
5021
333ae95d 5022 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 5023 if (!cmd)
5024 goto unlock;
5025
5026 if (status) {
5027 u8 mgmt_err = mgmt_status(status);
5028
5029 /* We need to restore the flag if related HCI commands
5030 * failed.
5031 */
a358dc11 5032 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 5033
a69e8375 5034 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 5035 } else {
5036 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5037 new_settings(hdev, cmd->sk);
5038 }
5039
5040 mgmt_pending_remove(cmd);
5041
5042unlock:
5043 hci_dev_unlock(hdev);
5044}
5045
5046static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5047{
5048 struct mgmt_mode *cp = data;
3b0602cd 5049 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 5050 struct hci_request req;
5051 int err;
5052
5053 BT_DBG("request for %s", hdev->name);
5054
5055 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 5056 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5057 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 5058
d7a5a11d 5059 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5060 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5061 MGMT_STATUS_REJECTED);
0663ca2a
JH		 5062
5063 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 5064 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5065 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 5066
5067 hci_dev_lock(hdev);
5068
d7a5a11d 5069 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 5070 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5071 goto unlock;
5072 }
5073
5074 if (!hdev_is_powered(hdev)) {
5075 if (!cp->val) {
a358dc11
MH		 5076 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
5077 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
5078 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
5079 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
5080 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 5081 }
5082
ce05d603 5083 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5084
5085 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
5086 if (err < 0)
5087 goto unlock;
5088
5089 err = new_settings(hdev, sk);
5090 goto unlock;
5091 }
5092
5093 /* Reject disabling when powered on */
5094 if (!cp->val) {
a69e8375
JH		 5095 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5096 MGMT_STATUS_REJECTED);
0663ca2a 5097 goto unlock;
111e4bcc
MH		 5098 } else {
5099 /* When configuring a dual-mode controller to operate
5100 * with LE only and using a static address, then switching
5101 * BR/EDR back on is not allowed.
5102 *
5103 * Dual-mode controllers shall operate with the public
5104 * address as its identity address for BR/EDR and LE. So
5105 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 5106 *
5107 * The same restrictions applies when secure connections
5108 * has been enabled. For BR/EDR this is a controller feature
5109 * while for LE it is a host stack feature. This means that
5110 * switching BR/EDR back on when secure connections has been
5111 * enabled is not a supported transaction.
111e4bcc 5112 */
d7a5a11d 5113 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 5114 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 5115 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 5116 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5117 MGMT_STATUS_REJECTED);
111e4bcc
MH		 5118 goto unlock;
5119 }
0663ca2a
JH		 5120 }
5121
333ae95d 5122 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 5123 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
5124 MGMT_STATUS_BUSY);
0663ca2a
JH		 5125 goto unlock;
5126 }
5127
5128 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
5129 if (!cmd) {
5130 err = -ENOMEM;
5131 goto unlock;
5132 }
5133
5947f4bc 5134 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 5135 * generates the correct flags.
5136 */
a1536da2 5137 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 5138
5139 hci_req_init(&req, hdev);
aa8af46e 5140
432df05e 5141 write_fast_connectable(&req, false);
1d2dc5b7 5142 __hci_update_page_scan(&req);
aa8af46e 5143
f14d8f64
MH		 5144 /* Since only the advertising data flags will change, there
5145 * is no need to update the scan response data.
5146 */
5947f4bc 5147 update_adv_data(&req);
aa8af46e 5148
0663ca2a
JH		 5149 err = hci_req_run(&req, set_bredr_complete);
5150 if (err < 0)
5151 mgmt_pending_remove(cmd);
5152
5153unlock:
5154 hci_dev_unlock(hdev);
5155 return err;
5156}
5157
a1443f5a
JH		 5158static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5159{
3b0602cd 5160 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 5161 struct mgmt_mode *cp;
5162
5163 BT_DBG("%s status %u", hdev->name, status);
5164
5165 hci_dev_lock(hdev);
5166
333ae95d 5167 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 5168 if (!cmd)
5169 goto unlock;
5170
5171 if (status) {
a69e8375
JH		 5172 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5173 mgmt_status(status));
a1443f5a
JH		 5174 goto remove;
5175 }
5176
5177 cp = cmd->param;
5178
5179 switch (cp->val) {
5180 case 0x00:
a358dc11
MH		 5181 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5182 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5183 break;
5184 case 0x01:
a1536da2 5185 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5186 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5187 break;
5188 case 0x02:
a1536da2
MH		 5189 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5190 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5191 break;
5192 }
5193
5194 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5195 new_settings(hdev, cmd->sk);
5196
5197remove:
5198 mgmt_pending_remove(cmd);
5199unlock:
5200 hci_dev_unlock(hdev);
5201}
5202
eac83dc6
MH		 5203static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5204 void *data, u16 len)
5205{
5206 struct mgmt_mode *cp = data;
3b0602cd 5207 struct mgmt_pending_cmd *cmd;
a1443f5a 5208 struct hci_request req;
a3209694 5209 u8 val;
eac83dc6
MH		 5210 int err;
5211
5212 BT_DBG("request for %s", hdev->name);
5213
05b3c3e7 5214 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5215 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5217 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5218
d7a5a11d 5219 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5220 lmp_sc_capable(hdev) &&
d7a5a11d 5221 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5222 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5223 MGMT_STATUS_REJECTED);
ed93ec69 5224
0ab04a9c 5225 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5226 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5227 MGMT_STATUS_INVALID_PARAMS);
5228
5229 hci_dev_lock(hdev);
5230
05b3c3e7 5231 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5232 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5233 bool changed;
5234
0ab04a9c 5235 if (cp->val) {
238be788
MH		 5236 changed = !hci_dev_test_and_set_flag(hdev,
5237 HCI_SC_ENABLED);
0ab04a9c 5238 if (cp->val == 0x02)
a1536da2 5239 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5240 else
a358dc11 5241 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5242 } else {
a69d8927
MH		 5243 changed = hci_dev_test_and_clear_flag(hdev,
5244 HCI_SC_ENABLED);
a358dc11 5245 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5246 }
eac83dc6
MH		 5247
5248 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5249 if (err < 0)
5250 goto failed;
5251
5252 if (changed)
5253 err = new_settings(hdev, sk);
5254
5255 goto failed;
5256 }
5257
333ae95d 5258 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5259 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5260 MGMT_STATUS_BUSY);
eac83dc6
MH		 5261 goto failed;
5262 }
5263
0ab04a9c
MH		 5264 val = !!cp->val;
5265
d7a5a11d
MH		 5266 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5267 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5268 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5269 goto failed;
5270 }
5271
5272 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5273 if (!cmd) {
5274 err = -ENOMEM;
5275 goto failed;
5276 }
5277
a1443f5a
JH		 5278 hci_req_init(&req, hdev);
5279 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5280 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5281 if (err < 0) {
5282 mgmt_pending_remove(cmd);
5283 goto failed;
5284 }
5285
5286failed:
5287 hci_dev_unlock(hdev);
5288 return err;
5289}
5290
4e39ac81
MH		 5291static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5292 void *data, u16 len)
5293{
5294 struct mgmt_mode *cp = data;
b9710979 5295 bool changed, use_changed;
4e39ac81
MH		 5296 int err;
5297
5298 BT_DBG("request for %s", hdev->name);
5299
b9710979 5300 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5301 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5302 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5303
5304 hci_dev_lock(hdev);
5305
5306 if (cp->val)
238be788 5307 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5308 else
a69d8927
MH		 5309 changed = hci_dev_test_and_clear_flag(hdev,
5310 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5311
b9710979 5312 if (cp->val == 0x02)
238be788
MH		 5313 use_changed = !hci_dev_test_and_set_flag(hdev,
5314 HCI_USE_DEBUG_KEYS);
b9710979 5315 else
a69d8927
MH		 5316 use_changed = hci_dev_test_and_clear_flag(hdev,
5317 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5318
5319 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5320 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5321 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5322 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5323 sizeof(mode), &mode);
5324 }
5325
4e39ac81
MH		 5326 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5327 if (err < 0)
5328 goto unlock;
5329
5330 if (changed)
5331 err = new_settings(hdev, sk);
5332
5333unlock:
5334 hci_dev_unlock(hdev);
5335 return err;
5336}
5337
62b04cd1
JH		 5338static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5339 u16 len)
5340{
5341 struct mgmt_cp_set_privacy *cp = cp_data;
5342 bool changed;
5343 int err;
5344
5345 BT_DBG("request for %s", hdev->name);
5346
5347 if (!lmp_le_capable(hdev))
a69e8375
JH		 5348 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5349 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5350
5351 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5352 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5353 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5354
5355 if (hdev_is_powered(hdev))
a69e8375
JH		 5356 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5357 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5358
5359 hci_dev_lock(hdev);
5360
c21c0ea0
JH		 5361 /* If user space supports this command it is also expected to
5362 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5363 */
a1536da2 5364 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5365
62b04cd1 5366 if (cp->privacy) {
238be788 5367 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5368 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5369 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5370 } else {
a69d8927 5371 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5372 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5373 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5374 }
5375
5376 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5377 if (err < 0)
5378 goto unlock;
5379
5380 if (changed)
5381 err = new_settings(hdev, sk);
5382
5383unlock:
5384 hci_dev_unlock(hdev);
5385 return err;
5386}
5387
41edf160
JH		 5388static bool irk_is_valid(struct mgmt_irk_info *irk)
5389{
5390 switch (irk->addr.type) {
5391 case BDADDR_LE_PUBLIC:
5392 return true;
5393
5394 case BDADDR_LE_RANDOM:
5395 /* Two most significant bits shall be set */
5396 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5397 return false;
5398 return true;
5399 }
5400
5401 return false;
5402}
5403
5404static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5405 u16 len)
5406{
5407 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5408 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5409 sizeof(struct mgmt_irk_info));
41edf160
JH		 5410 u16 irk_count, expected_len;
5411 int i, err;
5412
5413 BT_DBG("request for %s", hdev->name);
5414
5415 if (!lmp_le_capable(hdev))
a69e8375
JH		 5416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5417 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5418
5419 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5420 if (irk_count > max_irk_count) {
5421 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5422 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5423 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5424 }
41edf160
JH		 5425
5426 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5427 if (expected_len != len) {
5428 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5429 expected_len, len);
a69e8375
JH		 5430 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5431 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5432 }
5433
5434 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5435
5436 for (i = 0; i < irk_count; i++) {
5437 struct mgmt_irk_info *key = &cp->irks[i];
5438
5439 if (!irk_is_valid(key))
a69e8375
JH		 5440 return mgmt_cmd_status(sk, hdev->id,
5441 MGMT_OP_LOAD_IRKS,
5442 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5443 }
5444
5445 hci_dev_lock(hdev);
5446
5447 hci_smp_irks_clear(hdev);
5448
5449 for (i = 0; i < irk_count; i++) {
5450 struct mgmt_irk_info *irk = &cp->irks[i];
5451 u8 addr_type;
5452
5453 if (irk->addr.type == BDADDR_LE_PUBLIC)
5454 addr_type = ADDR_LE_DEV_PUBLIC;
5455 else
5456 addr_type = ADDR_LE_DEV_RANDOM;
5457
5458 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5459 BDADDR_ANY);
5460 }
5461
a1536da2 5462 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5463
2a1afb5a 5464 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5465
5466 hci_dev_unlock(hdev);
5467
5468 return err;
5469}
5470
3f706b72
JH		 5471static bool ltk_is_valid(struct mgmt_ltk_info *key)
5472{
5473 if (key->master != 0x00 && key->master != 0x01)
5474 return false;
490cb0b3
MH		 5475
5476 switch (key->addr.type) {
5477 case BDADDR_LE_PUBLIC:
5478 return true;
5479
5480 case BDADDR_LE_RANDOM:
5481 /* Two most significant bits shall be set */
5482 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5483 return false;
5484 return true;
5485 }
5486
5487 return false;
3f706b72
JH		 5488}
5489
bdb6d971 5490static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5491 void *cp_data, u16 len)
346af67b 5492{
346af67b 5493 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5494 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5495 sizeof(struct mgmt_ltk_info));
346af67b 5496 u16 key_count, expected_len;
715a5bf2 5497 int i, err;
346af67b 5498
cf99ba13
MH		 5499 BT_DBG("request for %s", hdev->name);
5500
5501 if (!lmp_le_capable(hdev))
a69e8375
JH		 5502 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5503 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5504
1f350c87 5505 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5506 if (key_count > max_key_count) {
5507 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5508 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5509 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5510 }
346af67b
VCG		 5511
5512 expected_len = sizeof(*cp) + key_count *
5513 sizeof(struct mgmt_ltk_info);
5514 if (expected_len != len) {
5515 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5516 expected_len, len);
a69e8375
JH		 5517 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5518 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5519 }
5520
bdb6d971 5521 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5522
54ad6d8a
JH		 5523 for (i = 0; i < key_count; i++) {
5524 struct mgmt_ltk_info *key = &cp->keys[i];
5525
3f706b72 5526 if (!ltk_is_valid(key))
a69e8375
JH		 5527 return mgmt_cmd_status(sk, hdev->id,
5528 MGMT_OP_LOAD_LONG_TERM_KEYS,
5529 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5530 }
5531
346af67b
VCG		 5532 hci_dev_lock(hdev);
5533
5534 hci_smp_ltks_clear(hdev);
5535
5536 for (i = 0; i < key_count; i++) {
5537 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5538 u8 type, addr_type, authenticated;
79d95a19
MH		 5539
5540 if (key->addr.type == BDADDR_LE_PUBLIC)
5541 addr_type = ADDR_LE_DEV_PUBLIC;
5542 else
5543 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5544
61b43357
JH		 5545 switch (key->type) {
5546 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5547 authenticated = 0x00;
23fb8de3 5548 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5549 break;
5550 case MGMT_LTK_AUTHENTICATED:
d7b25450 5551 authenticated = 0x01;
23fb8de3
JH		 5552 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5553 break;
5554 case MGMT_LTK_P256_UNAUTH:
5555 authenticated = 0x00;
5556 type = SMP_LTK_P256;
61b43357 5557 break;
23fb8de3
JH		 5558 case MGMT_LTK_P256_AUTH:
5559 authenticated = 0x01;
5560 type = SMP_LTK_P256;
61b43357 5561 break;
23fb8de3
JH		 5562 case MGMT_LTK_P256_DEBUG:
5563 authenticated = 0x00;
5564 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5565 default:
5566 continue;
5567 }
d7b25450 5568
35d70271 5569 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5570 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5571 key->rand);
346af67b
VCG		 5572 }
5573
2a1afb5a 5574 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5575 NULL, 0);
5576
346af67b 5577 hci_dev_unlock(hdev);
346af67b 5578
715a5bf2 5579 return err;
346af67b
VCG		 5580}
5581
3b0602cd 5582static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5583{
dd983808 5584 struct hci_conn *conn = cmd->user_data;
9981bdb0 5585 struct mgmt_rp_get_conn_info rp;
9df74653 5586 int err;
dd983808 5587
9981bdb0 5588 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5589
9981bdb0 5590 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5591 rp.rssi = conn->rssi;
9981bdb0
JH		 5592 rp.tx_power = conn->tx_power;
5593 rp.max_tx_power = conn->max_tx_power;
5594 } else {
5595 rp.rssi = HCI_RSSI_INVALID;
5596 rp.tx_power = HCI_TX_POWER_INVALID;
5597 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5598 }
5599
2a1afb5a
JH		 5600 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5601 status, &rp, sizeof(rp));
dd983808
AK		 5602
5603 hci_conn_drop(conn);
f8aaf9b6 5604 hci_conn_put(conn);
9df74653
JH		 5605
5606 return err;
dd983808
AK		 5607}
5608
1904a853
MH		 5609static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5610 u16 opcode)
dd983808
AK		 5611{
5612 struct hci_cp_read_rssi *cp;
3b0602cd 5613 struct mgmt_pending_cmd *cmd;
dd983808 5614 struct hci_conn *conn;
dd983808 5615 u16 handle;
9981bdb0 5616 u8 status;
dd983808 5617
9981bdb0 5618 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5619
5620 hci_dev_lock(hdev);
5621
dd983808
AK		 5622 /* Commands sent in request are either Read RSSI or Read Transmit Power
5623 * Level so we check which one was last sent to retrieve connection
5624 * handle. Both commands have handle as first parameter so it's safe to
5625 * cast data on the same command struct.
5626 *
5627 * First command sent is always Read RSSI and we fail only if it fails.
5628 * In other case we simply override error to indicate success as we
5629 * already remembered if TX power value is actually valid.
5630 */
5631 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5632 if (!cp) {
5633 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5634 status = MGMT_STATUS_SUCCESS;
5635 } else {
5636 status = mgmt_status(hci_status);
dd983808
AK		 5637 }
5638
5639 if (!cp) {
9981bdb0 5640 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5641 goto unlock;
5642 }
5643
5644 handle = __le16_to_cpu(cp->handle);
5645 conn = hci_conn_hash_lookup_handle(hdev, handle);
5646 if (!conn) {
9981bdb0 5647 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5648 goto unlock;
5649 }
5650
333ae95d 5651 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5652 if (!cmd)
5653 goto unlock;
dd983808 5654
9981bdb0
JH		 5655 cmd->cmd_complete(cmd, status);
5656 mgmt_pending_remove(cmd);
dd983808
AK		 5657
5658unlock:
5659 hci_dev_unlock(hdev);
5660}
5661
5662static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5663 u16 len)
5664{
5665 struct mgmt_cp_get_conn_info *cp = data;
5666 struct mgmt_rp_get_conn_info rp;
5667 struct hci_conn *conn;
5668 unsigned long conn_info_age;
5669 int err = 0;
5670
5671 BT_DBG("%s", hdev->name);
5672
5673 memset(&rp, 0, sizeof(rp));
5674 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5675 rp.addr.type = cp->addr.type;
5676
5677 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5678 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5679 MGMT_STATUS_INVALID_PARAMS,
5680 &rp, sizeof(rp));
dd983808
AK		 5681
5682 hci_dev_lock(hdev);
5683
5684 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5685 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5686 MGMT_STATUS_NOT_POWERED, &rp,
5687 sizeof(rp));
dd983808
AK		 5688 goto unlock;
5689 }
5690
5691 if (cp->addr.type == BDADDR_BREDR)
5692 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5693 &cp->addr.bdaddr);
5694 else
5695 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5696
5697 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5698 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5699 MGMT_STATUS_NOT_CONNECTED, &rp,
5700 sizeof(rp));
dd983808
AK		 5701 goto unlock;
5702 }
5703
333ae95d 5704 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5706 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5707 goto unlock;
5708 }
5709
dd983808
AK		 5710 /* To avoid client trying to guess when to poll again for information we
5711 * calculate conn info age as random value between min/max set in hdev.
5712 */
5713 conn_info_age = hdev->conn_info_min_age +
5714 prandom_u32_max(hdev->conn_info_max_age -
5715 hdev->conn_info_min_age);
5716
5717 /* Query controller to refresh cached values if they are too old or were
5718 * never read.
5719 */
f4e2dd53
AK		 5720 if (time_after(jiffies, conn->conn_info_timestamp +
5721 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5722 !conn->conn_info_timestamp) {
5723 struct hci_request req;
5724 struct hci_cp_read_tx_power req_txp_cp;
5725 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5726 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5727
5728 hci_req_init(&req, hdev);
5729 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5730 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5731 &req_rssi_cp);
5732
f7faab0c
AK		 5733 /* For LE links TX power does not change thus we don't need to
5734 * query for it once value is known.
5735 */
5736 if (!bdaddr_type_is_le(cp->addr.type) ||
5737 conn->tx_power == HCI_TX_POWER_INVALID) {
5738 req_txp_cp.handle = cpu_to_le16(conn->handle);
5739 req_txp_cp.type = 0x00;
5740 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5741 sizeof(req_txp_cp), &req_txp_cp);
5742 }
dd983808 5743
eed5daf3
AK		 5744 /* Max TX power needs to be read only once per connection */
5745 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5746 req_txp_cp.handle = cpu_to_le16(conn->handle);
5747 req_txp_cp.type = 0x01;
5748 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5749 sizeof(req_txp_cp), &req_txp_cp);
5750 }
5751
dd983808
AK		 5752 err = hci_req_run(&req, conn_info_refresh_complete);
5753 if (err < 0)
5754 goto unlock;
5755
5756 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5757 data, len);
5758 if (!cmd) {
5759 err = -ENOMEM;
5760 goto unlock;
5761 }
5762
5763 hci_conn_hold(conn);
f8aaf9b6 5764 cmd->user_data = hci_conn_get(conn);
9981bdb0 5765 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5766
5767 conn->conn_info_timestamp = jiffies;
5768 } else {
5769 /* Cache is valid, just reply with values cached in hci_conn */
5770 rp.rssi = conn->rssi;
5771 rp.tx_power = conn->tx_power;
eed5daf3 5772 rp.max_tx_power = conn->max_tx_power;
dd983808 5773
2a1afb5a
JH		 5774 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5775 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5776 }
5777
5778unlock:
5779 hci_dev_unlock(hdev);
5780 return err;
5781}
5782
3b0602cd 5783static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5784{
69487371 5785 struct hci_conn *conn = cmd->user_data;
95868426 5786 struct mgmt_rp_get_clock_info rp;
69487371 5787 struct hci_dev *hdev;
9df74653 5788 int err;
69487371
JH		 5789
5790 memset(&rp, 0, sizeof(rp));
5791 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5792
5793 if (status)
5794 goto complete;
5795
5796 hdev = hci_dev_get(cmd->index);
5797 if (hdev) {
5798 rp.local_clock = cpu_to_le32(hdev->clock);
5799 hci_dev_put(hdev);
5800 }
5801
5802 if (conn) {
5803 rp.piconet_clock = cpu_to_le32(conn->clock);
5804 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5805 }
5806
5807complete:
2a1afb5a
JH		 5808 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5809 sizeof(rp));
69487371
JH		 5810
5811 if (conn) {
5812 hci_conn_drop(conn);
5813 hci_conn_put(conn);
5814 }
9df74653
JH		 5815
5816 return err;
69487371
JH		 5817}
5818
1904a853 5819static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5820{
95868426 5821 struct hci_cp_read_clock *hci_cp;
3b0602cd 5822 struct mgmt_pending_cmd *cmd;
95868426
JH		 5823 struct hci_conn *conn;
5824
5825 BT_DBG("%s status %u", hdev->name, status);
5826
5827 hci_dev_lock(hdev);
5828
5829 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5830 if (!hci_cp)
5831 goto unlock;
5832
5833 if (hci_cp->which) {
5834 u16 handle = __le16_to_cpu(hci_cp->handle);
5835 conn = hci_conn_hash_lookup_handle(hdev, handle);
5836 } else {
5837 conn = NULL;
5838 }
5839
333ae95d 5840 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5841 if (!cmd)
5842 goto unlock;
5843
69487371 5844 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5845 mgmt_pending_remove(cmd);
95868426
JH		 5846
5847unlock:
5848 hci_dev_unlock(hdev);
5849}
5850
5851static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5852 u16 len)
5853{
5854 struct mgmt_cp_get_clock_info *cp = data;
5855 struct mgmt_rp_get_clock_info rp;
5856 struct hci_cp_read_clock hci_cp;
3b0602cd 5857 struct mgmt_pending_cmd *cmd;
95868426
JH		 5858 struct hci_request req;
5859 struct hci_conn *conn;
5860 int err;
5861
5862 BT_DBG("%s", hdev->name);
5863
5864 memset(&rp, 0, sizeof(rp));
5865 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5866 rp.addr.type = cp->addr.type;
5867
5868 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5869 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5870 MGMT_STATUS_INVALID_PARAMS,
5871 &rp, sizeof(rp));
95868426
JH		 5872
5873 hci_dev_lock(hdev);
5874
5875 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5876 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5877 MGMT_STATUS_NOT_POWERED, &rp,
5878 sizeof(rp));
95868426
JH		 5879 goto unlock;
5880 }
5881
5882 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5883 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5884 &cp->addr.bdaddr);
5885 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5886 err = mgmt_cmd_complete(sk, hdev->id,
5887 MGMT_OP_GET_CLOCK_INFO,
5888 MGMT_STATUS_NOT_CONNECTED,
5889 &rp, sizeof(rp));
95868426
JH		 5890 goto unlock;
5891 }
5892 } else {
5893 conn = NULL;
5894 }
5895
5896 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5897 if (!cmd) {
5898 err = -ENOMEM;
5899 goto unlock;
5900 }
5901
69487371
JH		 5902 cmd->cmd_complete = clock_info_cmd_complete;
5903
95868426
JH		 5904 hci_req_init(&req, hdev);
5905
5906 memset(&hci_cp, 0, sizeof(hci_cp));
5907 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5908
5909 if (conn) {
5910 hci_conn_hold(conn);
f8aaf9b6 5911 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5912
5913 hci_cp.handle = cpu_to_le16(conn->handle);
5914 hci_cp.which = 0x01; /* Piconet clock */
5915 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5916 }
5917
5918 err = hci_req_run(&req, get_clock_info_complete);
5919 if (err < 0)
5920 mgmt_pending_remove(cmd);
5921
5922unlock:
5923 hci_dev_unlock(hdev);
5924 return err;
5925}
5926
5a154e6f
JH		 5927static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5928{
5929 struct hci_conn *conn;
5930
5931 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5932 if (!conn)
5933 return false;
5934
5935 if (conn->dst_type != type)
5936 return false;
5937
5938 if (conn->state != BT_CONNECTED)
5939 return false;
5940
5941 return true;
5942}
5943
5944/* This function requires the caller holds hdev->lock */
5945static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5946 u8 addr_type, u8 auto_connect)
5947{
5948 struct hci_dev *hdev = req->hdev;
5949 struct hci_conn_params *params;
5950
5951 params = hci_conn_params_add(hdev, addr, addr_type);
5952 if (!params)
5953 return -EIO;
5954
5955 if (params->auto_connect == auto_connect)
5956 return 0;
5957
5958 list_del_init(&params->action);
5959
5960 switch (auto_connect) {
5961 case HCI_AUTO_CONN_DISABLED:
5962 case HCI_AUTO_CONN_LINK_LOSS:
5963 __hci_update_background_scan(req);
5964 break;
5965 case HCI_AUTO_CONN_REPORT:
5966 list_add(&params->action, &hdev->pend_le_reports);
5967 __hci_update_background_scan(req);
5968 break;
5969 case HCI_AUTO_CONN_DIRECT:
5970 case HCI_AUTO_CONN_ALWAYS:
5971 if (!is_connected(hdev, addr, addr_type)) {
5972 list_add(&params->action, &hdev->pend_le_conns);
5973 __hci_update_background_scan(req);
5974 }
5975 break;
5976 }
5977
5978 params->auto_connect = auto_connect;
5979
5980 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5981 auto_connect);
5982
5983 return 0;
5984}
5985
8afef092
MH		 5986static void device_added(struct sock *sk, struct hci_dev *hdev,
5987 bdaddr_t *bdaddr, u8 type, u8 action)
5988{
5989 struct mgmt_ev_device_added ev;
5990
5991 bacpy(&ev.addr.bdaddr, bdaddr);
5992 ev.addr.type = type;
5993 ev.action = action;
5994
5995 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5996}
5997
1904a853 5998static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5999{
3b0602cd 6000 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 6001
6002 BT_DBG("status 0x%02x", status);
6003
6004 hci_dev_lock(hdev);
6005
333ae95d 6006 cmd = pending_find(MGMT_OP_ADD_DEVICE, hdev);
5a154e6f
JH		 6007 if (!cmd)
6008 goto unlock;
6009
6010 cmd->cmd_complete(cmd, mgmt_status(status));
6011 mgmt_pending_remove(cmd);
6012
6013unlock:
6014 hci_dev_unlock(hdev);
6015}
6016
2faade53
MH		 6017static int add_device(struct sock *sk, struct hci_dev *hdev,
6018 void *data, u16 len)
6019{
6020 struct mgmt_cp_add_device *cp = data;
3b0602cd 6021 struct mgmt_pending_cmd *cmd;
5a154e6f 6022 struct hci_request req;
2faade53
MH		 6023 u8 auto_conn, addr_type;
6024 int err;
6025
6026 BT_DBG("%s", hdev->name);
6027
6659358e 6028 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 6029 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 6030 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6031 MGMT_STATUS_INVALID_PARAMS,
6032 &cp->addr, sizeof(cp->addr));
2faade53 6033
4b9e7e75 6034 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 6035 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6036 MGMT_STATUS_INVALID_PARAMS,
6037 &cp->addr, sizeof(cp->addr));
2faade53 6038
5a154e6f
JH		 6039 hci_req_init(&req, hdev);
6040
2faade53
MH		 6041 hci_dev_lock(hdev);
6042
5a154e6f
JH		 6043 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
6044 if (!cmd) {
6045 err = -ENOMEM;
6046 goto unlock;
6047 }
6048
6049 cmd->cmd_complete = addr_cmd_complete;
6050
6659358e 6051 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 6052 /* Only incoming connections action is supported for now */
6659358e 6053 if (cp->action != 0x01) {
9df74653
JH		 6054 err = cmd->cmd_complete(cmd,
6055 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 6056 mgmt_pending_remove(cmd);
6659358e
JH		 6057 goto unlock;
6058 }
6059
6060 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
6061 cp->addr.type);
6062 if (err)
6063 goto unlock;
a397407f 6064
5a154e6f 6065 __hci_update_page_scan(&req);
a397407f 6066
6659358e
JH		 6067 goto added;
6068 }
6069
2faade53
MH		 6070 if (cp->addr.type == BDADDR_LE_PUBLIC)
6071 addr_type = ADDR_LE_DEV_PUBLIC;
6072 else
6073 addr_type = ADDR_LE_DEV_RANDOM;
6074
4b9e7e75 6075 if (cp->action == 0x02)
2faade53 6076 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 6077 else if (cp->action == 0x01)
6078 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 6079 else
a3451d27 6080 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 6081
bf5b3c8b
MH		 6082 /* If the connection parameters don't exist for this device,
6083 * they will be created and configured with defaults.
6084 */
5a154e6f 6085 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 6086 auto_conn) < 0) {
9df74653 6087 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 6088 mgmt_pending_remove(cmd);
2faade53
MH		 6089 goto unlock;
6090 }
6091
6659358e 6092added:
8afef092
MH		 6093 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
6094
5a154e6f
JH		 6095 err = hci_req_run(&req, add_device_complete);
6096 if (err < 0) {
6097 /* ENODATA means no HCI commands were needed (e.g. if
6098 * the adapter is powered off).
6099 */
9df74653
JH		 6100 if (err == -ENODATA)
6101 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 6102 mgmt_pending_remove(cmd);
6103 }
2faade53
MH		 6104
6105unlock:
6106 hci_dev_unlock(hdev);
6107 return err;
6108}
6109
8afef092
MH		 6110static void device_removed(struct sock *sk, struct hci_dev *hdev,
6111 bdaddr_t *bdaddr, u8 type)
6112{
6113 struct mgmt_ev_device_removed ev;
6114
6115 bacpy(&ev.addr.bdaddr, bdaddr);
6116 ev.addr.type = type;
6117
6118 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
6119}
6120
1904a853 6121static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 6122{
3b0602cd 6123 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 6124
6125 BT_DBG("status 0x%02x", status);
6126
6127 hci_dev_lock(hdev);
6128
333ae95d 6129 cmd = pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
51ef3ebe
JH		 6130 if (!cmd)
6131 goto unlock;
6132
6133 cmd->cmd_complete(cmd, mgmt_status(status));
6134 mgmt_pending_remove(cmd);
6135
6136unlock:
6137 hci_dev_unlock(hdev);
6138}
6139
2faade53
MH		 6140static int remove_device(struct sock *sk, struct hci_dev *hdev,
6141 void *data, u16 len)
6142{
6143 struct mgmt_cp_remove_device *cp = data;
3b0602cd 6144 struct mgmt_pending_cmd *cmd;
51ef3ebe 6145 struct hci_request req;
2faade53
MH		 6146 int err;
6147
6148 BT_DBG("%s", hdev->name);
6149
51ef3ebe
JH		 6150 hci_req_init(&req, hdev);
6151
2faade53
MH		 6152 hci_dev_lock(hdev);
6153
51ef3ebe
JH		 6154 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6155 if (!cmd) {
6156 err = -ENOMEM;
6157 goto unlock;
6158 }
6159
6160 cmd->cmd_complete = addr_cmd_complete;
6161
2faade53 6162 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 6163 struct hci_conn_params *params;
2faade53
MH		 6164 u8 addr_type;
6165
6659358e 6166 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 6167 err = cmd->cmd_complete(cmd,
6168 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6169 mgmt_pending_remove(cmd);
2faade53
MH		 6170 goto unlock;
6171 }
6172
6659358e
JH		 6173 if (cp->addr.type == BDADDR_BREDR) {
6174 err = hci_bdaddr_list_del(&hdev->whitelist,
6175 &cp->addr.bdaddr,
6176 cp->addr.type);
6177 if (err) {
9df74653
JH		 6178 err = cmd->cmd_complete(cmd,
6179 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6180 mgmt_pending_remove(cmd);
6659358e
JH		 6181 goto unlock;
6182 }
6183
51ef3ebe 6184 __hci_update_page_scan(&req);
a397407f 6185
6659358e
JH		 6186 device_removed(sk, hdev, &cp->addr.bdaddr,
6187 cp->addr.type);
6188 goto complete;
6189 }
6190
2faade53
MH		 6191 if (cp->addr.type == BDADDR_LE_PUBLIC)
6192 addr_type = ADDR_LE_DEV_PUBLIC;
6193 else
6194 addr_type = ADDR_LE_DEV_RANDOM;
6195
c71593dd
JH		 6196 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6197 addr_type);
6198 if (!params) {
9df74653
JH		 6199 err = cmd->cmd_complete(cmd,
6200 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6201 mgmt_pending_remove(cmd);
c71593dd
JH		 6202 goto unlock;
6203 }
6204
6205 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 6206 err = cmd->cmd_complete(cmd,
6207 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6208 mgmt_pending_remove(cmd);
c71593dd
JH		 6209 goto unlock;
6210 }
6211
d1dbf12e 6212 list_del(&params->action);
c71593dd
JH		 6213 list_del(&params->list);
6214 kfree(params);
51ef3ebe 6215 __hci_update_background_scan(&req);
8afef092
MH		 6216
6217 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6218 } else {
19de0825 6219 struct hci_conn_params *p, *tmp;
6659358e 6220 struct bdaddr_list *b, *btmp;
19de0825 6221
2faade53 6222 if (cp->addr.type) {
9df74653
JH		 6223 err = cmd->cmd_complete(cmd,
6224 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6225 mgmt_pending_remove(cmd);
2faade53
MH		 6226 goto unlock;
6227 }
6228
6659358e
JH		 6229 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6230 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6231 list_del(&b->list);
6232 kfree(b);
6233 }
6234
51ef3ebe 6235 __hci_update_page_scan(&req);
a397407f 6236
19de0825
JH		 6237 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6238 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6239 continue;
6240 device_removed(sk, hdev, &p->addr, p->addr_type);
6241 list_del(&p->action);
6242 list_del(&p->list);
6243 kfree(p);
6244 }
6245
6246 BT_DBG("All LE connection parameters were removed");
6247
51ef3ebe 6248 __hci_update_background_scan(&req);
2faade53
MH		 6249 }
6250
6659358e 6251complete:
51ef3ebe
JH		 6252 err = hci_req_run(&req, remove_device_complete);
6253 if (err < 0) {
6254 /* ENODATA means no HCI commands were needed (e.g. if
6255 * the adapter is powered off).
6256 */
9df74653
JH		 6257 if (err == -ENODATA)
6258 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6259 mgmt_pending_remove(cmd);
6260 }
2faade53
MH		 6261
6262unlock:
6263 hci_dev_unlock(hdev);
6264 return err;
6265}
6266
a26f3dcf
JH		 6267static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6268 u16 len)
6269{
6270 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6271 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6272 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6273 u16 param_count, expected_len;
6274 int i;
6275
6276 if (!lmp_le_capable(hdev))
a69e8375
JH		 6277 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6278 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6279
6280 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6281 if (param_count > max_param_count) {
6282 BT_ERR("load_conn_param: too big param_count value %u",
6283 param_count);
a69e8375
JH		 6284 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6285 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6286 }
a26f3dcf
JH		 6287
6288 expected_len = sizeof(*cp) + param_count *
6289 sizeof(struct mgmt_conn_param);
6290 if (expected_len != len) {
6291 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6292 expected_len, len);
a69e8375
JH		 6293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6294 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6295 }
6296
6297 BT_DBG("%s param_count %u", hdev->name, param_count);
6298
6299 hci_dev_lock(hdev);
6300
6301 hci_conn_params_clear_disabled(hdev);
6302
6303 for (i = 0; i < param_count; i++) {
6304 struct mgmt_conn_param *param = &cp->params[i];
6305 struct hci_conn_params *hci_param;
6306 u16 min, max, latency, timeout;
6307 u8 addr_type;
6308
6309 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6310 param->addr.type);
6311
6312 if (param->addr.type == BDADDR_LE_PUBLIC) {
6313 addr_type = ADDR_LE_DEV_PUBLIC;
6314 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6315 addr_type = ADDR_LE_DEV_RANDOM;
6316 } else {
6317 BT_ERR("Ignoring invalid connection parameters");
6318 continue;
6319 }
6320
6321 min = le16_to_cpu(param->min_interval);
6322 max = le16_to_cpu(param->max_interval);
6323 latency = le16_to_cpu(param->latency);
6324 timeout = le16_to_cpu(param->timeout);
6325
6326 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6327 min, max, latency, timeout);
6328
6329 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6330 BT_ERR("Ignoring invalid connection parameters");
6331 continue;
6332 }
6333
6334 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6335 addr_type);
6336 if (!hci_param) {
6337 BT_ERR("Failed to add connection parameters");
6338 continue;
6339 }
6340
6341 hci_param->conn_min_interval = min;
6342 hci_param->conn_max_interval = max;
6343 hci_param->conn_latency = latency;
6344 hci_param->supervision_timeout = timeout;
6345 }
6346
6347 hci_dev_unlock(hdev);
6348
2a1afb5a
JH		 6349 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6350 NULL, 0);
a26f3dcf
JH		 6351}
6352
dbece37a
MH		 6353static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6354 void *data, u16 len)
6355{
6356 struct mgmt_cp_set_external_config *cp = data;
6357 bool changed;
6358 int err;
6359
6360 BT_DBG("%s", hdev->name);
6361
6362 if (hdev_is_powered(hdev))
a69e8375
JH		 6363 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6364 MGMT_STATUS_REJECTED);
dbece37a
MH		 6365
6366 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6367 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6368 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6369
6370 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6372 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6373
6374 hci_dev_lock(hdev);
6375
6376 if (cp->config)
238be788 6377 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6378 else
a69d8927 6379 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6380
6381 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6382 if (err < 0)
6383 goto unlock;
6384
6385 if (!changed)
6386 goto unlock;
6387
f4537c04
MH		 6388 err = new_options(hdev, sk);
6389
d7a5a11d 6390 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6391 mgmt_index_removed(hdev);
d603b76b 6392
516018a9 6393 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6394 hci_dev_set_flag(hdev, HCI_CONFIG);
6395 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6396
6397 queue_work(hdev->req_workqueue, &hdev->power_on);
6398 } else {
5ea234d3 6399 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6400 mgmt_index_added(hdev);
6401 }
dbece37a
MH		 6402 }
6403
6404unlock:
6405 hci_dev_unlock(hdev);
6406 return err;
6407}
6408
9713c17b
MH		 6409static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6410 void *data, u16 len)
6411{
6412 struct mgmt_cp_set_public_address *cp = data;
6413 bool changed;
6414 int err;
6415
6416 BT_DBG("%s", hdev->name);
6417
6418 if (hdev_is_powered(hdev))
a69e8375
JH		 6419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6420 MGMT_STATUS_REJECTED);
9713c17b
MH		 6421
6422 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6423 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6424 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6425
6426 if (!hdev->set_bdaddr)
a69e8375
JH		 6427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6428 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6429
6430 hci_dev_lock(hdev);
6431
6432 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6433 bacpy(&hdev->public_addr, &cp->bdaddr);
6434
6435 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6436 if (err < 0)
6437 goto unlock;
6438
6439 if (!changed)
6440 goto unlock;
6441
d7a5a11d 6442 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6443 err = new_options(hdev, sk);
6444
6445 if (is_configured(hdev)) {
6446 mgmt_index_removed(hdev);
6447
a358dc11 6448 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6449
a1536da2
MH		 6450 hci_dev_set_flag(hdev, HCI_CONFIG);
6451 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6452
6453 queue_work(hdev->req_workqueue, &hdev->power_on);
6454 }
6455
6456unlock:
6457 hci_dev_unlock(hdev);
6458 return err;
6459}
6460
bea41609
MH		 6461static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6462 u8 data_len)
6463{
6464 eir[eir_len++] = sizeof(type) + data_len;
6465 eir[eir_len++] = type;
6466 memcpy(&eir[eir_len], data, data_len);
6467 eir_len += data_len;
6468
6469 return eir_len;
6470}
6471
40f66c05
JH		 6472static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6473 u16 opcode, struct sk_buff *skb)
6474{
6475 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6476 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6477 u8 *h192, *r192, *h256, *r256;
6478 struct mgmt_pending_cmd *cmd;
6479 u16 eir_len;
6480 int err;
6481
6482 BT_DBG("%s status %u", hdev->name, status);
6483
6484 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6485 if (!cmd)
6486 return;
6487
6488 mgmt_cp = cmd->param;
6489
6490 if (status) {
6491 status = mgmt_status(status);
6492 eir_len = 0;
6493
6494 h192 = NULL;
6495 r192 = NULL;
6496 h256 = NULL;
6497 r256 = NULL;
6498 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6499 struct hci_rp_read_local_oob_data *rp;
6500
6501 if (skb->len != sizeof(*rp)) {
6502 status = MGMT_STATUS_FAILED;
6503 eir_len = 0;
6504 } else {
6505 status = MGMT_STATUS_SUCCESS;
6506 rp = (void *)skb->data;
6507
6508 eir_len = 5 + 18 + 18;
6509 h192 = rp->hash;
6510 r192 = rp->rand;
6511 h256 = NULL;
6512 r256 = NULL;
6513 }
6514 } else {
6515 struct hci_rp_read_local_oob_ext_data *rp;
6516
6517 if (skb->len != sizeof(*rp)) {
6518 status = MGMT_STATUS_FAILED;
6519 eir_len = 0;
6520 } else {
6521 status = MGMT_STATUS_SUCCESS;
6522 rp = (void *)skb->data;
6523
6524 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6525 eir_len = 5 + 18 + 18;
6526 h192 = NULL;
6527 r192 = NULL;
6528 } else {
6529 eir_len = 5 + 18 + 18 + 18 + 18;
6530 h192 = rp->hash192;
6531 r192 = rp->rand192;
6532 }
6533
6534 h256 = rp->hash256;
6535 r256 = rp->rand256;
6536 }
6537 }
6538
6539 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6540 if (!mgmt_rp)
6541 goto done;
6542
6543 if (status)
6544 goto send_rsp;
6545
6546 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6547 hdev->dev_class, 3);
6548
6549 if (h192 && r192) {
6550 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6551 EIR_SSP_HASH_C192, h192, 16);
6552 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6553 EIR_SSP_RAND_R192, r192, 16);
6554 }
6555
6556 if (h256 && r256) {
6557 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6558 EIR_SSP_HASH_C256, h256, 16);
6559 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6560 EIR_SSP_RAND_R256, r256, 16);
6561 }
6562
6563send_rsp:
6564 mgmt_rp->type = mgmt_cp->type;
6565 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6566
6567 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6568 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6569 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6570 if (err < 0 || status)
6571 goto done;
6572
6573 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6574
6575 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6576 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6577 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6578done:
6579 kfree(mgmt_rp);
6580 mgmt_pending_remove(cmd);
6581}
6582
6583static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6584 struct mgmt_cp_read_local_oob_ext_data *cp)
6585{
6586 struct mgmt_pending_cmd *cmd;
6587 struct hci_request req;
6588 int err;
6589
6590 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6591 cp, sizeof(*cp));
6592 if (!cmd)
6593 return -ENOMEM;
6594
6595 hci_req_init(&req, hdev);
6596
6597 if (bredr_sc_enabled(hdev))
6598 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6599 else
6600 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6601
6602 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6603 if (err < 0) {
6604 mgmt_pending_remove(cmd);
6605 return err;
6606 }
6607
6608 return 0;
6609}
6610
4f0f155c
MH		 6611static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6612 void *data, u16 data_len)
6613{
6614 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6615 struct mgmt_rp_read_local_oob_ext_data *rp;
6616 size_t rp_len;
6617 u16 eir_len;
0821a2c5 6618 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6619 int err;
6620
6621 BT_DBG("%s", hdev->name);
6622
57b0d3e8
MH		 6623 if (hdev_is_powered(hdev)) {
6624 switch (cp->type) {
6625 case BIT(BDADDR_BREDR):
6626 status = mgmt_bredr_support(hdev);
6627 if (status)
6628 eir_len = 0;
6629 else
6630 eir_len = 5;
6631 break;
6632 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6633 status = mgmt_le_support(hdev);
6634 if (status)
6635 eir_len = 0;
6636 else
6637 eir_len = 9 + 3 + 18 + 18 + 3;
6638 break;
6639 default:
6640 status = MGMT_STATUS_INVALID_PARAMS;
6641 eir_len = 0;
6642 break;
6643 }
6644 } else {
6645 status = MGMT_STATUS_NOT_POWERED;
6646 eir_len = 0;
4f0f155c
MH		 6647 }
6648
4f0f155c
MH		 6649 rp_len = sizeof(*rp) + eir_len;
6650 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 6651 if (!rp)
4f0f155c 6652 return -ENOMEM;
efcd8c98 6653
57b0d3e8
MH		 6654 if (status)
6655 goto complete;
6656
efcd8c98 6657 hci_dev_lock(hdev);
4f0f155c
MH		 6658
6659 eir_len = 0;
6660 switch (cp->type) {
6661 case BIT(BDADDR_BREDR):
40f66c05
JH		 6662 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6663 err = read_local_ssp_oob_req(hdev, sk, cp);
6664 hci_dev_unlock(hdev);
6665 if (!err)
6666 goto done;
6667
6668 status = MGMT_STATUS_FAILED;
6669 goto complete;
6670 } else {
6671 eir_len = eir_append_data(rp->eir, eir_len,
6672 EIR_CLASS_OF_DEV,
6673 hdev->dev_class, 3);
6674 }
4f0f155c
MH		 6675 break;
6676 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6677 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6678 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 6679 hci_dev_unlock(hdev);
57b0d3e8
MH		 6680 status = MGMT_STATUS_FAILED;
6681 goto complete;
0821a2c5
MH		 6682 }
6683
e213568a
MH		 6684 /* This should return the active RPA, but since the RPA
6685 * is only programmed on demand, it is really hard to fill
6686 * this in at the moment. For now disallow retrieving
6687 * local out-of-band data when privacy is in use.
6688 *
6689 * Returning the identity address will not help here since
6690 * pairing happens before the identity resolving key is
6691 * known and thus the connection establishment happens
6692 * based on the RPA and not the identity address.
6693 */
4f0f155c 6694 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 6695 hci_dev_unlock(hdev);
6696 status = MGMT_STATUS_REJECTED;
6697 goto complete;
6698 }
6699
6700 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6701 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6702 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6703 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 6704 memcpy(addr, &hdev->static_addr, 6);
6705 addr[6] = 0x01;
6706 } else {
6707 memcpy(addr, &hdev->bdaddr, 6);
6708 addr[6] = 0x00;
6709 }
6710
6711 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6712 addr, sizeof(addr));
6713
6714 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6715 role = 0x02;
6716 else
6717 role = 0x01;
6718
6719 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6720 &role, sizeof(role));
6721
5082a599
MH		 6722 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6723 eir_len = eir_append_data(rp->eir, eir_len,
6724 EIR_LE_SC_CONFIRM,
6725 hash, sizeof(hash));
0821a2c5 6726
5082a599
MH		 6727 eir_len = eir_append_data(rp->eir, eir_len,
6728 EIR_LE_SC_RANDOM,
6729 rand, sizeof(rand));
6730 }
0821a2c5 6731
4f0f155c
MH		 6732 flags = get_adv_discov_flags(hdev);
6733
6734 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6735 flags |= LE_AD_NO_BREDR;
6736
6737 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6738 &flags, sizeof(flags));
6739 break;
6740 }
6741
4f0f155c
MH		 6742 hci_dev_unlock(hdev);
6743
72000df2
MH		 6744 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6745
57b0d3e8
MH		 6746 status = MGMT_STATUS_SUCCESS;
6747
6748complete:
efcd8c98
MH		 6749 rp->type = cp->type;
6750 rp->eir_len = cpu_to_le16(eir_len);
6751
4f0f155c 6752 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6753 status, rp, sizeof(*rp) + eir_len);
6754 if (err < 0 || status)
72000df2
MH		 6755 goto done;
6756
6757 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6758 rp, sizeof(*rp) + eir_len,
6759 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6760
0821a2c5 6761done:
4f0f155c
MH		 6762 kfree(rp);
6763
6764 return err;
6765}
6766
089fa8c0
AU		 6767static u32 get_supported_adv_flags(struct hci_dev *hdev)
6768{
6769 u32 flags = 0;
6770
6771 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6772 flags |= MGMT_ADV_FLAG_DISCOV;
6773 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6774 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
6775
6776 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
6777 flags |= MGMT_ADV_FLAG_TX_POWER;
6778
6779 return flags;
6780}
6781
d3d5305b
MH		 6782static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6783 void *data, u16 data_len)
6784{
6785 struct mgmt_rp_read_adv_features *rp;
6786 size_t rp_len;
286e0c83 6787 int err, i;
24b4f38f 6788 bool instance;
286e0c83 6789 struct adv_info *adv_instance;
089fa8c0 6790 u32 supported_flags;
d3d5305b
MH		 6791
6792 BT_DBG("%s", hdev->name);
6793
089fa8c0
AU		 6794 if (!lmp_le_capable(hdev))
6795 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6796 MGMT_STATUS_REJECTED);
6797
d3d5305b
MH		 6798 hci_dev_lock(hdev);
6799
6800 rp_len = sizeof(*rp);
24b4f38f 6801
24b4f38f
AU		 6802 instance = hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE);
6803 if (instance)
286e0c83 6804 rp_len += hdev->adv_instance_cnt;
24b4f38f 6805
d3d5305b
MH		 6806 rp = kmalloc(rp_len, GFP_ATOMIC);
6807 if (!rp) {
6808 hci_dev_unlock(hdev);
6809 return -ENOMEM;
6810 }
6811
089fa8c0
AU		 6812 supported_flags = get_supported_adv_flags(hdev);
6813
6814 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6815 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6816 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6817 rp->max_instances = HCI_MAX_ADV_INSTANCES;
24b4f38f 6818
24b4f38f 6819 if (instance) {
286e0c83
FG		 6820 i = 0;
6821 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6822 if (i >= hdev->adv_instance_cnt)
6823 break;
6824
6825 rp->instance[i] = adv_instance->instance;
6826 i++;
6827 }
6828 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f
AU		 6829 } else {
6830 rp->num_instances = 0;
6831 }
d3d5305b
MH		 6832
6833 hci_dev_unlock(hdev);
6834
6835 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6836 MGMT_STATUS_SUCCESS, rp, rp_len);
6837
6838 kfree(rp);
6839
6840 return err;
6841}
6842
4117ed70 6843static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 6844 u8 len, bool is_adv_data)
24b4f38f 6845{
4117ed70 6846 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6847 int i, cur_len;
b44133ff 6848 bool flags_managed = false;
5507e358 6849 bool tx_power_managed = false;
67e0c0cd
AU		 6850 u32 flags_params = MGMT_ADV_FLAG_DISCOV | MGMT_ADV_FLAG_LIMITED_DISCOV |
6851 MGMT_ADV_FLAG_MANAGED_FLAGS;
24b4f38f 6852
807ec772 6853 if (is_adv_data && (adv_flags & flags_params)) {
b44133ff
AU		 6854 flags_managed = true;
6855 max_len -= 3;
6856 }
24b4f38f 6857
5507e358
AU		 6858 if (is_adv_data && (adv_flags & MGMT_ADV_FLAG_TX_POWER)) {
6859 tx_power_managed = true;
6860 max_len -= 3;
6861 }
6862
4117ed70 6863 if (len > max_len)
24b4f38f
AU		 6864 return false;
6865
4117ed70
AU		 6866 /* Make sure that the data is correctly formatted. */
6867 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6868 cur_len = data[i];
24b4f38f 6869
b44133ff
AU		 6870 if (flags_managed && data[i + 1] == EIR_FLAGS)
6871 return false;
6872
5507e358
AU		 6873 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6874 return false;
6875
24b4f38f
AU		 6876 /* If the current field length would exceed the total data
6877 * length, then it's invalid.
6878 */
4117ed70 6879 if (i + cur_len >= len)
24b4f38f
AU		 6880 return false;
6881 }
6882
6883 return true;
6884}
6885
24b4f38f
AU		 6886static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6887 u16 opcode)
6888{
6889 struct mgmt_pending_cmd *cmd;
6890 struct mgmt_rp_add_advertising rp;
6891
6892 BT_DBG("status %d", status);
6893
6894 hci_dev_lock(hdev);
6895
6896 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6897
6898 if (status) {
6899 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
6900 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
6901 advertising_removed(cmd ? cmd->sk : NULL, hdev, 1);
6902 }
6903
6904 if (!cmd)
6905 goto unlock;
6906
6907 rp.instance = 0x01;
6908
6909 if (status)
6910 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6911 mgmt_status(status));
6912 else
6913 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6914 mgmt_status(status), &rp, sizeof(rp));
6915
6916 mgmt_pending_remove(cmd);
6917
6918unlock:
6919 hci_dev_unlock(hdev);
6920}
6921
5d900e46 6922void mgmt_adv_timeout_expired(struct hci_dev *hdev)
912098a6 6923{
5d900e46 6924 hdev->adv_instance_timeout = 0;
912098a6
AU		 6925
6926 hci_dev_lock(hdev);
6927 clear_adv_instance(hdev);
6928 hci_dev_unlock(hdev);
6929}
6930
24b4f38f
AU		 6931static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6932 void *data, u16 data_len)
6933{
6934 struct mgmt_cp_add_advertising *cp = data;
6935 struct mgmt_rp_add_advertising rp;
6936 u32 flags;
089fa8c0 6937 u32 supported_flags;
24b4f38f 6938 u8 status;
912098a6 6939 u16 timeout;
24b4f38f
AU		 6940 int err;
6941 struct mgmt_pending_cmd *cmd;
6942 struct hci_request req;
6943
6944 BT_DBG("%s", hdev->name);
6945
6946 status = mgmt_le_support(hdev);
6947 if (status)
6948 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6949 status);
6950
6951 flags = __le32_to_cpu(cp->flags);
912098a6 6952 timeout = __le16_to_cpu(cp->timeout);
24b4f38f 6953
089fa8c0
AU		 6954 /* The current implementation only supports adding one instance and only
6955 * a subset of the specified flags.
6956 */
6957 supported_flags = get_supported_adv_flags(hdev);
6958 if (cp->instance != 0x01 || (flags & ~supported_flags))
24b4f38f
AU		 6959 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6960 MGMT_STATUS_INVALID_PARAMS);
6961
6962 hci_dev_lock(hdev);
6963
912098a6
AU		 6964 if (timeout && !hdev_is_powered(hdev)) {
6965 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6966 MGMT_STATUS_REJECTED);
6967 goto unlock;
6968 }
6969
24b4f38f 6970 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6971 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6972 pending_find(MGMT_OP_SET_LE, hdev)) {
6973 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6974 MGMT_STATUS_BUSY);
6975 goto unlock;
6976 }
6977
b44133ff 6978 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6979 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6980 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6981 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6982 MGMT_STATUS_INVALID_PARAMS);
6983 goto unlock;
6984 }
6985
6986 hdev->adv_instance.flags = flags;
6987 hdev->adv_instance.adv_data_len = cp->adv_data_len;
6988 hdev->adv_instance.scan_rsp_len = cp->scan_rsp_len;
6989
6990 if (cp->adv_data_len)
6991 memcpy(hdev->adv_instance.adv_data, cp->data, cp->adv_data_len);
6992
6993 if (cp->scan_rsp_len)
6994 memcpy(hdev->adv_instance.scan_rsp_data,
6995 cp->data + cp->adv_data_len, cp->scan_rsp_len);
6996
5d900e46
FG		 6997 if (hdev->adv_instance_timeout)
6998 cancel_delayed_work(&hdev->adv_instance_expire);
912098a6 6999
5d900e46 7000 hdev->adv_instance_timeout = timeout;
912098a6
AU		 7001
7002 if (timeout)
7003 queue_delayed_work(hdev->workqueue,
5d900e46 7004 &hdev->adv_instance_expire,
912098a6
AU		 7005 msecs_to_jiffies(timeout * 1000));
7006
24b4f38f
AU		 7007 if (!hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING_INSTANCE))
7008 advertising_added(sk, hdev, 1);
7009
7010 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
7011 * we have no HCI communication to make. Simply return.
7012 */
7013 if (!hdev_is_powered(hdev) ||
7014 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7015 rp.instance = 0x01;
7016 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
7017 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7018 goto unlock;
7019 }
7020
7021 /* We're good to go, update advertising data, parameters, and start
7022 * advertising.
7023 */
7024 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
7025 data_len);
7026 if (!cmd) {
7027 err = -ENOMEM;
7028 goto unlock;
7029 }
7030
7031 hci_req_init(&req, hdev);
7032
7033 update_adv_data(&req);
4117ed70 7034 update_scan_rsp_data(&req);
24b4f38f
AU		 7035 enable_advertising(&req);
7036
7037 err = hci_req_run(&req, add_advertising_complete);
7038 if (err < 0)
7039 mgmt_pending_remove(cmd);
7040
7041unlock:
7042 hci_dev_unlock(hdev);
7043
7044 return err;
7045}
7046
da929335
AU		 7047static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
7048 u16 opcode)
7049{
7050 struct mgmt_pending_cmd *cmd;
7051 struct mgmt_rp_remove_advertising rp;
7052
7053 BT_DBG("status %d", status);
7054
7055 hci_dev_lock(hdev);
7056
7057 /* A failure status here only means that we failed to disable
7058 * advertising. Otherwise, the advertising instance has been removed,
7059 * so report success.
7060 */
7061 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
7062 if (!cmd)
7063 goto unlock;
7064
7065 rp.instance = 1;
7066
7067 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
7068 &rp, sizeof(rp));
7069 mgmt_pending_remove(cmd);
7070
7071unlock:
7072 hci_dev_unlock(hdev);
7073}
7074
7075static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
7076 void *data, u16 data_len)
7077{
7078 struct mgmt_cp_remove_advertising *cp = data;
7079 struct mgmt_rp_remove_advertising rp;
7080 int err;
7081 struct mgmt_pending_cmd *cmd;
7082 struct hci_request req;
7083
7084 BT_DBG("%s", hdev->name);
7085
7086 /* The current implementation only allows modifying instance no 1. A
7087 * value of 0 indicates that all instances should be cleared.
7088 */
7089 if (cp->instance > 1)
7090 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7091 MGMT_STATUS_INVALID_PARAMS);
7092
7093 hci_dev_lock(hdev);
7094
7095 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7096 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7097 pending_find(MGMT_OP_SET_LE, hdev)) {
7098 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7099 MGMT_STATUS_BUSY);
7100 goto unlock;
7101 }
7102
7103 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE)) {
7104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
7105 MGMT_STATUS_INVALID_PARAMS);
7106 goto unlock;
7107 }
7108
5d900e46
FG		 7109 if (hdev->adv_instance_timeout)
7110 cancel_delayed_work(&hdev->adv_instance_expire);
912098a6 7111
da929335
AU		 7112 memset(&hdev->adv_instance, 0, sizeof(hdev->adv_instance));
7113
7114 advertising_removed(sk, hdev, 1);
7115
7116 hci_dev_clear_flag(hdev, HCI_ADVERTISING_INSTANCE);
7117
7118 /* If the HCI_ADVERTISING flag is set or the device isn't powered then
7119 * we have no HCI communication to make. Simply return.
7120 */
7121 if (!hdev_is_powered(hdev) ||
7122 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
7123 rp.instance = 1;
7124 err = mgmt_cmd_complete(sk, hdev->id,
7125 MGMT_OP_REMOVE_ADVERTISING,
7126 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
7127 goto unlock;
7128 }
7129
7130 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
7131 data_len);
7132 if (!cmd) {
7133 err = -ENOMEM;
7134 goto unlock;
7135 }
7136
7137 hci_req_init(&req, hdev);
7138 disable_advertising(&req);
7139
7140 err = hci_req_run(&req, remove_advertising_complete);
7141 if (err < 0)
7142 mgmt_pending_remove(cmd);
7143
7144unlock:
7145 hci_dev_unlock(hdev);
7146
7147 return err;
7148}
7149
6d785aa3 7150static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 7151 { NULL }, /* 0x0000 (no command) */
b9a245fb 7152 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 7153 HCI_MGMT_NO_HDEV |
7154 HCI_MGMT_UNTRUSTED },
b9a245fb 7155 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 7156 HCI_MGMT_NO_HDEV |
7157 HCI_MGMT_UNTRUSTED },
b9a245fb 7158 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 7159 HCI_MGMT_NO_HDEV |
7160 HCI_MGMT_UNTRUSTED },
7161 { read_controller_info, MGMT_READ_INFO_SIZE,
7162 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 7163 { set_powered, MGMT_SETTING_SIZE },
7164 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
7165 { set_connectable, MGMT_SETTING_SIZE },
7166 { set_fast_connectable, MGMT_SETTING_SIZE },
7167 { set_bondable, MGMT_SETTING_SIZE },
7168 { set_link_security, MGMT_SETTING_SIZE },
7169 { set_ssp, MGMT_SETTING_SIZE },
7170 { set_hs, MGMT_SETTING_SIZE },
7171 { set_le, MGMT_SETTING_SIZE },
7172 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
7173 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
7174 { add_uuid, MGMT_ADD_UUID_SIZE },
7175 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 7176 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
7177 HCI_MGMT_VAR_LEN },
7178 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
7179 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7180 { disconnect, MGMT_DISCONNECT_SIZE },
7181 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
7182 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
7183 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
7184 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
7185 { pair_device, MGMT_PAIR_DEVICE_SIZE },
7186 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
7187 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
7188 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
7189 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
7190 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
7191 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 7192 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
7193 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
7194 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7195 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
7196 { start_discovery, MGMT_START_DISCOVERY_SIZE },
7197 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
7198 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
7199 { block_device, MGMT_BLOCK_DEVICE_SIZE },
7200 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
7201 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
7202 { set_advertising, MGMT_SETTING_SIZE },
7203 { set_bredr, MGMT_SETTING_SIZE },
7204 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
7205 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
7206 { set_secure_conn, MGMT_SETTING_SIZE },
7207 { set_debug_keys, MGMT_SETTING_SIZE },
7208 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 7209 { load_irks, MGMT_LOAD_IRKS_SIZE,
7210 HCI_MGMT_VAR_LEN },
7aea8616
MH		 7211 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
7212 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
7213 { add_device, MGMT_ADD_DEVICE_SIZE },
7214 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 7215 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
7216 HCI_MGMT_VAR_LEN },
7217 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 7218 HCI_MGMT_NO_HDEV |
7219 HCI_MGMT_UNTRUSTED },
b9a245fb 7220 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 7221 HCI_MGMT_UNCONFIGURED |
7222 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 7223 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
7224 HCI_MGMT_UNCONFIGURED },
7225 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
7226 HCI_MGMT_UNCONFIGURED },
7227 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
7228 HCI_MGMT_VAR_LEN },
4f0f155c 7229 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 7230 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 7231 HCI_MGMT_NO_HDEV |
7232 HCI_MGMT_UNTRUSTED },
d3d5305b 7233 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 7234 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
7235 HCI_MGMT_VAR_LEN },
da929335 7236 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
0f4e68cf
JH		 7237};
7238
bf6b56db 7239void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 7240{
ced85549 7241 struct mgmt_ev_ext_index ev;
bb4b2a9a 7242
0602a8ad
MH		 7243 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7244 return;
7245
f9207338
MH		 7246 switch (hdev->dev_type) {
7247 case HCI_BREDR:
7248 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7249 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
7250 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7251 ev.type = 0x01;
f9207338
MH		 7252 } else {
7253 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
7254 HCI_MGMT_INDEX_EVENTS);
ced85549 7255 ev.type = 0x00;
f9207338
MH		 7256 }
7257 break;
ced85549
MH		 7258 case HCI_AMP:
7259 ev.type = 0x02;
7260 break;
7261 default:
7262 return;
f9207338 7263 }
ced85549
MH		 7264
7265 ev.bus = hdev->bus;
7266
7267 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
7268 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 7269}
7270
bf6b56db 7271void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 7272{
ced85549 7273 struct mgmt_ev_ext_index ev;
5f159032 7274 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 7275
0602a8ad
MH		 7276 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
7277 return;
7278
f9207338
MH		 7279 switch (hdev->dev_type) {
7280 case HCI_BREDR:
7281 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 7282
f9207338
MH		 7283 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
7284 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
7285 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 7286 ev.type = 0x01;
f9207338
MH		 7287 } else {
7288 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
7289 HCI_MGMT_INDEX_EVENTS);
ced85549 7290 ev.type = 0x00;
f9207338
MH		 7291 }
7292 break;
ced85549
MH		 7293 case HCI_AMP:
7294 ev.type = 0x02;
7295 break;
7296 default:
7297 return;
f9207338 7298 }
ced85549
MH		 7299
7300 ev.bus = hdev->bus;
7301
7302 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
7303 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 7304}
7305
6046dc3e 7306/* This function requires the caller holds hdev->lock */
2cf22218 7307static void restart_le_actions(struct hci_request *req)
6046dc3e 7308{
2cf22218 7309 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 7310 struct hci_conn_params *p;
7311
7312 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 7313 /* Needed for AUTO_OFF case where might not "really"
7314 * have been powered off.
7315 */
7316 list_del_init(&p->action);
7317
7318 switch (p->auto_connect) {
4b9e7e75 7319 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7320 case HCI_AUTO_CONN_ALWAYS:
7321 list_add(&p->action, &hdev->pend_le_conns);
7322 break;
7323 case HCI_AUTO_CONN_REPORT:
7324 list_add(&p->action, &hdev->pend_le_reports);
7325 break;
7326 default:
7327 break;
c83ed19d 7328 }
6046dc3e 7329 }
c83ed19d 7330
2cf22218 7331 __hci_update_background_scan(req);
6046dc3e
AG		 7332}
7333
1904a853 7334static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 7335{
7336 struct cmd_lookup match = { NULL, hdev };
7337
7338 BT_DBG("status 0x%02x", status);
7339
162a3bac
MH		 7340 if (!status) {
7341 /* Register the available SMP channels (BR/EDR and LE) only
7342 * when successfully powering on the controller. This late
7343 * registration is required so that LE SMP can clearly
7344 * decide if the public address or static address is used.
7345 */
7346 smp_register(hdev);
7347 }
7348
229ab39c
JH		 7349 hci_dev_lock(hdev);
7350
7351 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7352
7353 new_settings(hdev, match.sk);
7354
7355 hci_dev_unlock(hdev);
7356
7357 if (match.sk)
7358 sock_put(match.sk);
7359}
7360
70da6243 7361static int powered_update_hci(struct hci_dev *hdev)
5add6af8 7362{
890ea898 7363 struct hci_request req;
70da6243 7364 u8 link_sec;
5add6af8 7365
890ea898
JH		 7366 hci_req_init(&req, hdev);
7367
d7a5a11d 7368 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 7369 !lmp_host_ssp_capable(hdev)) {
574ea3c7 7370 u8 mode = 0x01;
5e5282bb 7371
574ea3c7
MH		 7372 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
7373
7374 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
7375 u8 support = 0x01;
5add6af8 7376
574ea3c7
MH		 7377 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
7378 sizeof(support), &support);
7379 }
ec6f99b8
JH		 7380 }
7381
d7a5a11d 7382 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 7383 lmp_bredr_capable(hdev)) {
70da6243 7384 struct hci_cp_write_le_host_supported cp;
f0ff92fb 7385
32226e4f
MH		 7386 cp.le = 0x01;
7387 cp.simul = 0x00;
3d1cbdd6 7388
70da6243
JH		 7389 /* Check first if we already have the right
7390 * host state (host features set)
7391 */
7392 if (cp.le != lmp_host_le_capable(hdev) ||
7393 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 7394 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
7395 sizeof(cp), &cp);
70da6243 7396 }
3d1cbdd6 7397
d13eafce 7398 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 7399 /* Make sure the controller has a good default for
7400 * advertising data. This also applies to the case
7401 * where BR/EDR was toggled during the AUTO_OFF phase.
7402 */
d7a5a11d 7403 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 7404 update_adv_data(&req);
f14d8f64
MH		 7405 update_scan_rsp_data(&req);
7406 }
441ad2d0 7407
24b4f38f
AU		 7408 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7409 hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
bba3aa55 7410 enable_advertising(&req);
2cf22218
JH		 7411
7412 restart_le_actions(&req);
eeca6f89
JH		 7413 }
7414
d7a5a11d 7415 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 7416 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 7417 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
7418 sizeof(link_sec), &link_sec);
562fcc24 7419
70da6243 7420 if (lmp_bredr_capable(hdev)) {
d7a5a11d 7421 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 7422 write_fast_connectable(&req, true);
7423 else
7424 write_fast_connectable(&req, false);
1d2dc5b7 7425 __hci_update_page_scan(&req);
890ea898 7426 update_class(&req);
13928971 7427 update_name(&req);
890ea898 7428 update_eir(&req);
70da6243 7429 }
562fcc24 7430
229ab39c 7431 return hci_req_run(&req, powered_complete);
70da6243 7432}
562fcc24 7433
70da6243
JH		 7434int mgmt_powered(struct hci_dev *hdev, u8 powered)
7435{
7436 struct cmd_lookup match = { NULL, hdev };
9845904f 7437 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 7438 int err;
f0ff92fb 7439
d7a5a11d 7440 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 7441 return 0;
7442
70da6243 7443 if (powered) {
229ab39c
JH		 7444 if (powered_update_hci(hdev) == 0)
7445 return 0;
fe038884 7446
229ab39c
JH		 7447 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
7448 &match);
7449 goto new_settings;
b24752fe
JH		 7450 }
7451
229ab39c 7452 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7453
7454 /* If the power off is because of hdev unregistration let
7455 * use the appropriate INVALID_INDEX status. Otherwise use
7456 * NOT_POWERED. We cover both scenarios here since later in
7457 * mgmt_index_removed() any hci_conn callbacks will have already
7458 * been triggered, potentially causing misleading DISCONNECTED
7459 * status responses.
7460 */
d7a5a11d 7461 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7462 status = MGMT_STATUS_INVALID_INDEX;
7463 else
7464 status = MGMT_STATUS_NOT_POWERED;
7465
7466 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 7467
7468 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 7469 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7470 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 7471
7472new_settings:
beadb2bd 7473 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 7474
7475 if (match.sk)
7476 sock_put(match.sk);
7477
7bb895d6 7478 return err;
5add6af8 7479}
73f22f62 7480
3eec705e 7481void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7482{
3b0602cd 7483 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7484 u8 status;
7485
333ae95d 7486 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7487 if (!cmd)
3eec705e 7488 return;
96570ffc
JH		 7489
7490 if (err == -ERFKILL)
7491 status = MGMT_STATUS_RFKILLED;
7492 else
7493 status = MGMT_STATUS_FAILED;
7494
a69e8375 7495 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7496
7497 mgmt_pending_remove(cmd);
96570ffc
JH		 7498}
7499
d1967ff8
MH		 7500void mgmt_discoverable_timeout(struct hci_dev *hdev)
7501{
7502 struct hci_request req;
d1967ff8
MH		 7503
7504 hci_dev_lock(hdev);
7505
7506 /* When discoverable timeout triggers, then just make sure
7507 * the limited discoverable flag is cleared. Even in the case
7508 * of a timeout triggered from general discoverable, it is
7509 * safe to unconditionally clear the flag.
7510 */
a358dc11
MH		 7511 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
7512 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 7513
7514 hci_req_init(&req, hdev);
d7a5a11d 7515 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 7516 u8 scan = SCAN_PAGE;
7517 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
7518 sizeof(scan), &scan);
7519 }
d1967ff8 7520 update_class(&req);
24b4f38f
AU		 7521
7522 /* Advertising instances don't use the global discoverable setting, so
7523 * only update AD if advertising was enabled using Set Advertising.
7524 */
7525 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7526 update_adv_data(&req);
7527
d1967ff8
MH		 7528 hci_req_run(&req, NULL);
7529
7530 hdev->discov_timeout = 0;
7531
9a43e25f
JH		 7532 new_settings(hdev, NULL);
7533
d1967ff8
MH		 7534 hci_dev_unlock(hdev);
7535}
7536
dc4a5ee2
MH		 7537void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7538 bool persistent)
55ed8ca1 7539{
86742e1e 7540 struct mgmt_ev_new_link_key ev;
55ed8ca1 7541
a492cd52 7542 memset(&ev, 0, sizeof(ev));
55ed8ca1 7543
a492cd52 7544 ev.store_hint = persistent;
d753fdc4 7545 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7546 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7547 ev.key.type = key->type;
9b3b4460 7548 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7549 ev.key.pin_len = key->pin_len;
55ed8ca1 7550
dc4a5ee2 7551 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7552}
f7520543 7553
d7b25450
JH		 7554static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7555{
23fb8de3
JH		 7556 switch (ltk->type) {
7557 case SMP_LTK:
7558 case SMP_LTK_SLAVE:
7559 if (ltk->authenticated)
7560 return MGMT_LTK_AUTHENTICATED;
7561 return MGMT_LTK_UNAUTHENTICATED;
7562 case SMP_LTK_P256:
7563 if (ltk->authenticated)
7564 return MGMT_LTK_P256_AUTH;
7565 return MGMT_LTK_P256_UNAUTH;
7566 case SMP_LTK_P256_DEBUG:
7567 return MGMT_LTK_P256_DEBUG;
7568 }
d7b25450
JH		 7569
7570 return MGMT_LTK_UNAUTHENTICATED;
7571}
7572
53ac6ab6 7573void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7574{
7575 struct mgmt_ev_new_long_term_key ev;
7576
7577 memset(&ev, 0, sizeof(ev));
7578
5192d301 7579 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7580 * without providing an identity resolving key don't require
5192d301
MH		 7581 * to store long term keys. Their addresses will change the
7582 * next time around.
7583 *
7584 * Only when a remote device provides an identity address
7585 * make sure the long term key is stored. If the remote
7586 * identity is known, the long term keys are internally
7587 * mapped to the identity address. So allow static random
7588 * and public addresses here.
7589 */
ba74b666
JH		 7590 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7591 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7592 ev.store_hint = 0x00;
7593 else
53ac6ab6 7594 ev.store_hint = persistent;
ba74b666 7595
346af67b 7596 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7597 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7598 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7599 ev.key.enc_size = key->enc_size;
7600 ev.key.ediv = key->ediv;
fe39c7b2 7601 ev.key.rand = key->rand;
346af67b 7602
2ceba539 7603 if (key->type == SMP_LTK)
346af67b
VCG		 7604 ev.key.master = 1;
7605
1fc62c52
JH		 7606 /* Make sure we copy only the significant bytes based on the
7607 * encryption key size, and set the rest of the value to zeroes.
7608 */
7609 memcpy(ev.key.val, key->val, sizeof(key->enc_size));
7610 memset(ev.key.val + key->enc_size, 0,
7611 sizeof(ev.key.val) - key->enc_size);
346af67b 7612
083368f7 7613 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7614}
7615
95fbac8a
JH		 7616void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7617{
7618 struct mgmt_ev_new_irk ev;
7619
7620 memset(&ev, 0, sizeof(ev));
7621
bab6d1e5
MH		 7622 /* For identity resolving keys from devices that are already
7623 * using a public address or static random address, do not
7624 * ask for storing this key. The identity resolving key really
f72186d2 7625 * is only mandatory for devices using resolvable random
bab6d1e5
MH		 7626 * addresses.
7627 *
7628 * Storing all identity resolving keys has the downside that
7629 * they will be also loaded on next boot of they system. More
7630 * identity resolving keys, means more time during scanning is
7631 * needed to actually resolve these addresses.
7632 */
7633 if (bacmp(&irk->rpa, BDADDR_ANY))
7634 ev.store_hint = 0x01;
7635 else
7636 ev.store_hint = 0x00;
7637
95fbac8a
JH		 7638 bacpy(&ev.rpa, &irk->rpa);
7639 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7640 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7641 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7642
7643 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7644}
7645
53ac6ab6
MH		 7646void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7647 bool persistent)
7ee4ea36
MH		 7648{
7649 struct mgmt_ev_new_csrk ev;
7650
7651 memset(&ev, 0, sizeof(ev));
7652
7653 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7654 * without providing an identity resolving key don't require
7ee4ea36
MH		 7655 * to store signature resolving keys. Their addresses will change
7656 * the next time around.
7657 *
7658 * Only when a remote device provides an identity address
7659 * make sure the signature resolving key is stored. So allow
7660 * static random and public addresses here.
7661 */
7662 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7663 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7664 ev.store_hint = 0x00;
7665 else
53ac6ab6 7666 ev.store_hint = persistent;
7ee4ea36
MH		 7667
7668 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7669 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7670 ev.key.type = csrk->type;
7ee4ea36
MH		 7671 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7672
7673 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7674}
7675
ffb5a827 7676void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7677 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7678 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7679{
7680 struct mgmt_ev_new_conn_param ev;
7681
c103aea6
JH		 7682 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7683 return;
7684
ffb5a827
AG		 7685 memset(&ev, 0, sizeof(ev));
7686 bacpy(&ev.addr.bdaddr, bdaddr);
7687 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7688 ev.store_hint = store_hint;
ffb5a827
AG		 7689 ev.min_interval = cpu_to_le16(min_interval);
7690 ev.max_interval = cpu_to_le16(max_interval);
7691 ev.latency = cpu_to_le16(latency);
7692 ev.timeout = cpu_to_le16(timeout);
7693
7694 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7695}
7696
48ec92fa
AA		 7697void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7698 u32 flags, u8 *name, u8 name_len)
f7520543 7699{
b644ba33
JH		 7700 char buf[512];
7701 struct mgmt_ev_device_connected *ev = (void *) buf;
7702 u16 eir_len = 0;
f7520543 7703
48ec92fa
AA		 7704 bacpy(&ev->addr.bdaddr, &conn->dst);
7705 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7706
c95f0ba7 7707 ev->flags = __cpu_to_le32(flags);
08c79b61 7708
fd45ada9
AA		 7709 /* We must ensure that the EIR Data fields are ordered and
7710 * unique. Keep it simple for now and avoid the problem by not
7711 * adding any BR/EDR data to the LE adv.
7712 */
7713 if (conn->le_adv_data_len > 0) {
7714 memcpy(&ev->eir[eir_len],
7715 conn->le_adv_data, conn->le_adv_data_len);
7716 eir_len = conn->le_adv_data_len;
7717 } else {
7718 if (name_len > 0)
7719 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7720 name, name_len);
b644ba33 7721
ddbea5cf 7722 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7723 eir_len = eir_append_data(ev->eir, eir_len,
7724 EIR_CLASS_OF_DEV,
7725 conn->dev_class, 3);
7726 }
b644ba33 7727
eb55ef07 7728 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7729
ecd90ae7
MH		 7730 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7731 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7732}
7733
3b0602cd 7734static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7735{
8962ee74 7736 struct sock **sk = data;
8962ee74 7737
f5818c22 7738 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7739
7740 *sk = cmd->sk;
7741 sock_hold(*sk);
7742
a664b5bc 7743 mgmt_pending_remove(cmd);
8962ee74
JH		 7744}
7745
3b0602cd 7746static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7747{
b1078ad0 7748 struct hci_dev *hdev = data;
124f6e35 7749 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7750
b1078ad0
JH		 7751 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7752
d8b7b1e4 7753 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7754 mgmt_pending_remove(cmd);
7755}
7756
84c61d92
JH		 7757bool mgmt_powering_down(struct hci_dev *hdev)
7758{
3b0602cd 7759 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7760 struct mgmt_mode *cp;
7761
333ae95d 7762 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7763 if (!cmd)
7764 return false;
7765
7766 cp = cmd->param;
7767 if (!cp->val)
7768 return true;
7769
7770 return false;
7771}
7772
9b80ec5e 7773void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7774 u8 link_type, u8 addr_type, u8 reason,
7775 bool mgmt_connected)
f7520543 7776{
f0d6a0ea 7777 struct mgmt_ev_device_disconnected ev;
8962ee74 7778 struct sock *sk = NULL;
8962ee74 7779
84c61d92
JH		 7780 /* The connection is still in hci_conn_hash so test for 1
7781 * instead of 0 to know if this is the last one.
7782 */
7783 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7784 cancel_delayed_work(&hdev->power_off);
7785 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7786 }
7787
12d4a3b2
JH		 7788 if (!mgmt_connected)
7789 return;
7790
57eb776f
AG		 7791 if (link_type != ACL_LINK && link_type != LE_LINK)
7792 return;
7793
744cf19e 7794 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7795
f0d6a0ea
MA		 7796 bacpy(&ev.addr.bdaddr, bdaddr);
7797 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7798 ev.reason = reason;
f7520543 7799
9b80ec5e 7800 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7801
7802 if (sk)
d97dcb66 7803 sock_put(sk);
8962ee74 7804
124f6e35 7805 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7806 hdev);
8962ee74
JH		 7807}
7808
7892924c
MH		 7809void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7810 u8 link_type, u8 addr_type, u8 status)
8962ee74 7811{
3655bba8
AG		 7812 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7813 struct mgmt_cp_disconnect *cp;
3b0602cd 7814 struct mgmt_pending_cmd *cmd;
8962ee74 7815
36a75f1b
JD		 7816 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7817 hdev);
7818
333ae95d 7819 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7820 if (!cmd)
7892924c 7821 return;
8962ee74 7822
3655bba8
AG		 7823 cp = cmd->param;
7824
7825 if (bacmp(bdaddr, &cp->addr.bdaddr))
7826 return;
7827
7828 if (cp->addr.type != bdaddr_type)
7829 return;
7830
f5818c22 7831 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7832 mgmt_pending_remove(cmd);
f7520543 7833}
17d5c04c 7834
445608d0
MH		 7835void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7836 u8 addr_type, u8 status)
17d5c04c
JH		 7837{
7838 struct mgmt_ev_connect_failed ev;
c9910d0f 7839
84c61d92
JH		 7840 /* The connection is still in hci_conn_hash so test for 1
7841 * instead of 0 to know if this is the last one.
7842 */
7843 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7844 cancel_delayed_work(&hdev->power_off);
7845 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7846 }
17d5c04c 7847
4c659c39 7848 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7849 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7850 ev.status = mgmt_status(status);
17d5c04c 7851
445608d0 7852 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7853}
980e1a53 7854
ce0e4a0d 7855void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7856{
7857 struct mgmt_ev_pin_code_request ev;
7858
d8457698 7859 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7860 ev.addr.type = BDADDR_BREDR;
a770bb5a 7861 ev.secure = secure;
980e1a53 7862
ce0e4a0d 7863 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7864}
7865
e669cf80
MH		 7866void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7867 u8 status)
980e1a53 7868{
3b0602cd 7869 struct mgmt_pending_cmd *cmd;
980e1a53 7870
333ae95d 7871 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7872 if (!cmd)
e669cf80 7873 return;
980e1a53 7874
7776d1d8 7875 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7876 mgmt_pending_remove(cmd);
980e1a53
JH		 7877}
7878
3eb38528
MH		 7879void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7880 u8 status)
980e1a53 7881{
3b0602cd 7882 struct mgmt_pending_cmd *cmd;
980e1a53 7883
333ae95d 7884 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7885 if (!cmd)
3eb38528 7886 return;
980e1a53 7887
7776d1d8 7888 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7889 mgmt_pending_remove(cmd);
980e1a53 7890}
a5c29683 7891
744cf19e 7892int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7893 u8 link_type, u8 addr_type, u32 value,
04124681 7894 u8 confirm_hint)
a5c29683
JH		 7895{
7896 struct mgmt_ev_user_confirm_request ev;
7897
744cf19e 7898 BT_DBG("%s", hdev->name);
a5c29683 7899
272d90df 7900 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7901 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7902 ev.confirm_hint = confirm_hint;
39adbffe 7903 ev.value = cpu_to_le32(value);
a5c29683 7904
744cf19e 7905 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7906 NULL);
a5c29683
JH		 7907}
7908
272d90df 7909int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7910 u8 link_type, u8 addr_type)
604086b7
BG		 7911{
7912 struct mgmt_ev_user_passkey_request ev;
7913
7914 BT_DBG("%s", hdev->name);
7915
272d90df 7916 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7917 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7918
7919 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7920 NULL);
604086b7
BG		 7921}
7922
0df4c185 7923static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7924 u8 link_type, u8 addr_type, u8 status,
7925 u8 opcode)
a5c29683 7926{
3b0602cd 7927 struct mgmt_pending_cmd *cmd;
a5c29683 7928
333ae95d 7929 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7930 if (!cmd)
7931 return -ENOENT;
7932
7776d1d8 7933 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7934 mgmt_pending_remove(cmd);
a5c29683 7935
7776d1d8 7936 return 0;
a5c29683
JH		 7937}
7938
744cf19e 7939int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7940 u8 link_type, u8 addr_type, u8 status)
a5c29683 7941{
272d90df 7942 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7943 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7944}
7945
272d90df 7946int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7947 u8 link_type, u8 addr_type, u8 status)
a5c29683 7948{
272d90df 7949 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7950 status,
7951 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7952}
2a611692 7953
604086b7 7954int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7955 u8 link_type, u8 addr_type, u8 status)
604086b7 7956{
272d90df 7957 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7958 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7959}
7960
272d90df 7961int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7962 u8 link_type, u8 addr_type, u8 status)
604086b7 7963{
272d90df 7964 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7965 status,
7966 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7967}
7968
92a25256
JH		 7969int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7970 u8 link_type, u8 addr_type, u32 passkey,
7971 u8 entered)
7972{
7973 struct mgmt_ev_passkey_notify ev;
7974
7975 BT_DBG("%s", hdev->name);
7976
7977 bacpy(&ev.addr.bdaddr, bdaddr);
7978 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7979 ev.passkey = __cpu_to_le32(passkey);
7980 ev.entered = entered;
7981
7982 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7983}
7984
e1e930f5 7985void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7986{
7987 struct mgmt_ev_auth_failed ev;
3b0602cd 7988 struct mgmt_pending_cmd *cmd;
e1e930f5 7989 u8 status = mgmt_status(hci_status);
2a611692 7990
e1e930f5
JH		 7991 bacpy(&ev.addr.bdaddr, &conn->dst);
7992 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7993 ev.status = status;
2a611692 7994
e1e930f5
JH		 7995 cmd = find_pairing(conn);
7996
7997 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7998 cmd ? cmd->sk : NULL);
7999
a511b35b
JH		 8000 if (cmd) {
8001 cmd->cmd_complete(cmd, status);
8002 mgmt_pending_remove(cmd);
8003 }
2a611692 8004}
b312b161 8005
464996ae 8006void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 8007{
8008 struct cmd_lookup match = { NULL, hdev };
464996ae 8009 bool changed;
33ef95ed
JH		 8010
8011 if (status) {
8012 u8 mgmt_err = mgmt_status(status);
8013 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 8014 cmd_status_rsp, &mgmt_err);
464996ae 8015 return;
33ef95ed
JH		 8016 }
8017
464996ae 8018 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 8019 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 8020 else
a69d8927 8021 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 8022
33ef95ed 8023 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 8024 &match);
33ef95ed 8025
47990ea0 8026 if (changed)
464996ae 8027 new_settings(hdev, match.sk);
33ef95ed
JH		 8028
8029 if (match.sk)
8030 sock_put(match.sk);
33ef95ed
JH		 8031}
8032
890ea898 8033static void clear_eir(struct hci_request *req)
cacaf52f 8034{
890ea898 8035 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 8036 struct hci_cp_write_eir cp;
8037
976eb20e 8038 if (!lmp_ext_inq_capable(hdev))
890ea898 8039 return;
cacaf52f 8040
c80da27e
JH		 8041 memset(hdev->eir, 0, sizeof(hdev->eir));
8042
cacaf52f
JH		 8043 memset(&cp, 0, sizeof(cp));
8044
890ea898 8045 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 8046}
8047
3e248560 8048void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 8049{
8050 struct cmd_lookup match = { NULL, hdev };
890ea898 8051 struct hci_request req;
c0ecddc2 8052 bool changed = false;
ed2c4ee3
JH		 8053
8054 if (status) {
8055 u8 mgmt_err = mgmt_status(status);
c0ecddc2 8056
a69d8927
MH		 8057 if (enable && hci_dev_test_and_clear_flag(hdev,
8058 HCI_SSP_ENABLED)) {
a358dc11 8059 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 8060 new_settings(hdev, NULL);
9ecb3e24 8061 }
c0ecddc2 8062
04124681
GP		 8063 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
8064 &mgmt_err);
3e248560 8065 return;
c0ecddc2
JH		 8066 }
8067
8068 if (enable) {
238be788 8069 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 8070 } else {
a69d8927 8071 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 8072 if (!changed)
a69d8927
MH		 8073 changed = hci_dev_test_and_clear_flag(hdev,
8074 HCI_HS_ENABLED);
9ecb3e24 8075 else
a358dc11 8076 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 8077 }
8078
8079 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
8080
c0ecddc2 8081 if (changed)
3e248560 8082 new_settings(hdev, match.sk);
ed2c4ee3 8083
5fc6ebb1 8084 if (match.sk)
ed2c4ee3
JH		 8085 sock_put(match.sk);
8086
890ea898
JH		 8087 hci_req_init(&req, hdev);
8088
d7a5a11d
MH		 8089 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8090 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 8091 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
8092 sizeof(enable), &enable);
890ea898 8093 update_eir(&req);
3769972b 8094 } else {
890ea898 8095 clear_eir(&req);
3769972b 8096 }
890ea898
JH		 8097
8098 hci_req_run(&req, NULL);
ed2c4ee3
JH		 8099}
8100
3b0602cd 8101static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 8102{
8103 struct cmd_lookup *match = data;
8104
90e70454
JH		 8105 if (match->sk == NULL) {
8106 match->sk = cmd->sk;
8107 sock_hold(match->sk);
8108 }
90e70454
JH		 8109}
8110
4e1b0245
MH		 8111void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
8112 u8 status)
7f9a903c 8113{
90e70454 8114 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 8115
92da6097
JH		 8116 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
8117 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
8118 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 8119
8120 if (!status)
f6b7712e
MH		 8121 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8122 dev_class, 3, NULL);
90e70454
JH		 8123
8124 if (match.sk)
8125 sock_put(match.sk);
7f9a903c
MH		 8126}
8127
7667da34 8128void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 8129{
b312b161 8130 struct mgmt_cp_set_local_name ev;
3b0602cd 8131 struct mgmt_pending_cmd *cmd;
28cc7bde 8132
13928971 8133 if (status)
7667da34 8134 return;
b312b161
JH		 8135
8136 memset(&ev, 0, sizeof(ev));
8137 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 8138 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 8139
333ae95d 8140 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 8141 if (!cmd) {
8142 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 8143
13928971
JH		 8144 /* If this is a HCI command related to powering on the
8145 * HCI dev don't send any mgmt signals.
8146 */
333ae95d 8147 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 8148 return;
890ea898 8149 }
b312b161 8150
f6b7712e
MH		 8151 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
8152 cmd ? cmd->sk : NULL);
b312b161 8153}
c35938b2 8154
799ce93d
JP		 8155static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
8156{
8157 int i;
8158
8159 for (i = 0; i < uuid_count; i++) {
8160 if (!memcmp(uuid, uuids[i], 16))
8161 return true;
8162 }
8163
8164 return false;
8165}
8166
b487b9ce
MH		 8167static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
8168{
799ce93d
JP		 8169 u16 parsed = 0;
8170
8171 while (parsed < eir_len) {
8172 u8 field_len = eir[0];
8173 u8 uuid[16];
8174 int i;
8175
8176 if (field_len == 0)
8177 break;
8178
8179 if (eir_len - parsed < field_len + 1)
8180 break;
8181
8182 switch (eir[1]) {
8183 case EIR_UUID16_ALL:
8184 case EIR_UUID16_SOME:
8185 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 8186 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8187 uuid[13] = eir[i + 3];
8188 uuid[12] = eir[i + 2];
8189 if (has_uuid(uuid, uuid_count, uuids))
8190 return true;
8191 }
8192 break;
8193 case EIR_UUID32_ALL:
8194 case EIR_UUID32_SOME:
8195 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 8196 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 8197 uuid[15] = eir[i + 5];
8198 uuid[14] = eir[i + 4];
8199 uuid[13] = eir[i + 3];
8200 uuid[12] = eir[i + 2];
8201 if (has_uuid(uuid, uuid_count, uuids))
8202 return true;
8203 }
8204 break;
8205 case EIR_UUID128_ALL:
8206 case EIR_UUID128_SOME:
8207 for (i = 0; i + 17 <= field_len; i += 16) {
8208 memcpy(uuid, eir + i + 2, 16);
8209 if (has_uuid(uuid, uuid_count, uuids))
8210 return true;
8211 }
8212 break;
8213 }
8214
8215 parsed += field_len + 1;
8216 eir += field_len + 1;
8217 }
8218
b487b9ce
MH		 8219 return false;
8220}
8221
4b0e0ced
JP		 8222static void restart_le_scan(struct hci_dev *hdev)
8223{
8224 /* If controller is not scanning we are done. */
d7a5a11d 8225 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 8226 return;
8227
8228 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
8229 hdev->discovery.scan_start +
8230 hdev->discovery.scan_duration))
8231 return;
8232
8233 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
8234 DISCOV_LE_RESTART_DELAY);
8235}
8236
48f86b7f
JP		 8237static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
8238 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 8239{
48f86b7f
JP		 8240 /* If a RSSI threshold has been specified, and
8241 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
8242 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
8243 * is set, let it through for further processing, as we might need to
8244 * restart the scan.
efb2513f
MH		 8245 *
8246 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
8247 * the results are also dropped.
bda157a4
MH		 8248 */
8249 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 8250 (rssi == HCI_RSSI_INVALID ||
8251 (rssi < hdev->discovery.rssi &&
8252 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 8253 return false;
efb2513f 8254
2976cdeb
JP		 8255 if (hdev->discovery.uuid_count != 0) {
8256 /* If a list of UUIDs is provided in filter, results with no
8257 * matching UUID should be dropped.
b487b9ce 8258 */
2976cdeb
JP		 8259 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
8260 hdev->discovery.uuids) &&
8261 !eir_has_uuids(scan_rsp, scan_rsp_len,
8262 hdev->discovery.uuid_count,
8263 hdev->discovery.uuids))
8264 return false;
b487b9ce 8265 }
5d2e9fad 8266
2976cdeb
JP		 8267 /* If duplicate filtering does not report RSSI changes, then restart
8268 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 8269 */
2976cdeb
JP		 8270 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
8271 restart_le_scan(hdev);
8272
8273 /* Validate RSSI value against the RSSI threshold once more. */
8274 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
8275 rssi < hdev->discovery.rssi)
8276 return false;
8277 }
48f86b7f
JP		 8278
8279 return true;
8280}
8281
8282void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8283 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
8284 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
8285{
8286 char buf[512];
8287 struct mgmt_ev_device_found *ev = (void *)buf;
8288 size_t ev_size;
8289
8290 /* Don't send events for a non-kernel initiated discovery. With
8291 * LE one exception is if we have pend_le_reports > 0 in which
8292 * case we're doing passive scanning and want these events.
8293 */
8294 if (!hci_discovery_active(hdev)) {
8295 if (link_type == ACL_LINK)
8296 return;
8297 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
8298 return;
8299 }
8300
82f8b651 8301 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 8302 /* We are using service discovery */
8303 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
8304 scan_rsp_len))
8305 return;
8306 }
8307
8308 /* Make sure that the buffer is big enough. The 5 extra bytes
8309 * are for the potential CoD field.
8310 */
8311 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 8312 return;
8313
48f86b7f
JP		 8314 memset(buf, 0, sizeof(buf));
8315
8316 /* In case of device discovery with BR/EDR devices (pre 1.2), the
8317 * RSSI value was reported as 0 when not available. This behavior
8318 * is kept when using device discovery. This is required for full
8319 * backwards compatibility with the API.
8320 *
8321 * However when using service discovery, the value 127 will be
8322 * returned when the RSSI is not available.
8323 */
8324 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
8325 link_type == ACL_LINK)
8326 rssi = 0;
8327
8328 bacpy(&ev->addr.bdaddr, bdaddr);
8329 ev->addr.type = link_to_bdaddr(link_type, addr_type);
8330 ev->rssi = rssi;
8331 ev->flags = cpu_to_le32(flags);
8332
8333 if (eir_len > 0)
8334 /* Copy EIR or advertising data into event */
8335 memcpy(ev->eir, eir, eir_len);
8336
8337 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
8338 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
8339 dev_class, 3);
8340
8341 if (scan_rsp_len > 0)
8342 /* Append scan response data to event */
8343 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
8344
5d2e9fad
JH		 8345 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
8346 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 8347
901801b9 8348 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 8349}
a88a9652 8350
9cf12aee
MH		 8351void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
8352 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 8353{
b644ba33
JH		 8354 struct mgmt_ev_device_found *ev;
8355 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
8356 u16 eir_len;
a88a9652 8357
b644ba33 8358 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 8359
b644ba33
JH		 8360 memset(buf, 0, sizeof(buf));
8361
8362 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 8363 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 8364 ev->rssi = rssi;
8365
8366 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 8367 name_len);
b644ba33 8368
eb55ef07 8369 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 8370
9cf12aee 8371 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 8372}
314b2381 8373
2f1e063b 8374void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 8375{
f963e8e9 8376 struct mgmt_ev_discovering ev;
164a6e78 8377
343fb145
AG		 8378 BT_DBG("%s discovering %u", hdev->name, discovering);
8379
f963e8e9
JH		 8380 memset(&ev, 0, sizeof(ev));
8381 ev.type = hdev->discovery.type;
8382 ev.discovering = discovering;
8383
2f1e063b 8384 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 8385}
5e762444 8386
1904a853 8387static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 8388{
8389 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 8390}
8391
8392void mgmt_reenable_advertising(struct hci_dev *hdev)
8393{
8394 struct hci_request req;
8395
24b4f38f
AU		 8396 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
8397 !hci_dev_test_flag(hdev, HCI_ADVERTISING_INSTANCE))
5976e608
MH		 8398 return;
8399
8400 hci_req_init(&req, hdev);
8401 enable_advertising(&req);
0ec5ae84 8402 hci_req_run(&req, adv_enable_complete);
5976e608 8403}
6d785aa3
JH		 8404
8405static struct hci_mgmt_chan chan = {
8406 .channel = HCI_CHANNEL_CONTROL,
8407 .handler_count = ARRAY_SIZE(mgmt_handlers),
8408 .handlers = mgmt_handlers,
88b94ce9 8409 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 8410};
8411
8412int mgmt_init(void)
8413{
8414 return hci_mgmt_chan_register(&chan);
8415}
8416
8417void mgmt_exit(void)
8418{
8419 hci_mgmt_chan_unregister(&chan);
8420}
Linux kernel - Deliverables
This page took 1.318153 seconds and 5 git commands to generate.