projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add helper to get HCI channel of a socket
[deliverable/linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
beb1c21b 40#define MGMT_REVISION 9
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 99 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 100 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 101 MGMT_OP_READ_ADV_FEATURES,
e70bb2e8
JH		 102};
103
104static const u16 mgmt_events[] = {
105 MGMT_EV_CONTROLLER_ERROR,
106 MGMT_EV_INDEX_ADDED,
107 MGMT_EV_INDEX_REMOVED,
108 MGMT_EV_NEW_SETTINGS,
109 MGMT_EV_CLASS_OF_DEV_CHANGED,
110 MGMT_EV_LOCAL_NAME_CHANGED,
111 MGMT_EV_NEW_LINK_KEY,
112 MGMT_EV_NEW_LONG_TERM_KEY,
113 MGMT_EV_DEVICE_CONNECTED,
114 MGMT_EV_DEVICE_DISCONNECTED,
115 MGMT_EV_CONNECT_FAILED,
116 MGMT_EV_PIN_CODE_REQUEST,
117 MGMT_EV_USER_CONFIRM_REQUEST,
118 MGMT_EV_USER_PASSKEY_REQUEST,
119 MGMT_EV_AUTH_FAILED,
120 MGMT_EV_DEVICE_FOUND,
121 MGMT_EV_DISCOVERING,
122 MGMT_EV_DEVICE_BLOCKED,
123 MGMT_EV_DEVICE_UNBLOCKED,
124 MGMT_EV_DEVICE_UNPAIRED,
92a25256 125 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 126 MGMT_EV_NEW_IRK,
7ee4ea36 127 MGMT_EV_NEW_CSRK,
8afef092
MH		 128 MGMT_EV_DEVICE_ADDED,
129 MGMT_EV_DEVICE_REMOVED,
ffb5a827 130 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 131 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 132 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 133 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 134 MGMT_EV_EXT_INDEX_ADDED,
135 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 136 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
e70bb2e8
JH		 137};
138
17b02e62 139#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 140
d25b78e2
JH		 141#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
142 "\x00\x00\x00\x00\x00\x00\x00\x00"
143
3b0602cd 144struct mgmt_pending_cmd {
eec8d2bc 145 struct list_head list;
fc2f4b13 146 u16 opcode;
eec8d2bc 147 int index;
c68fb7ff 148 void *param;
323b0b88 149 size_t param_len;
eec8d2bc 150 struct sock *sk;
e9a416b5 151 void *user_data;
3b0602cd 152 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 153};
154
ca69b795
JH		 155/* HCI to MGMT error code conversion table */
156static u8 mgmt_status_table[] = {
157 MGMT_STATUS_SUCCESS,
158 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
159 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
160 MGMT_STATUS_FAILED, /* Hardware Failure */
161 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
162 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 163 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 164 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
165 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
166 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
167 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
168 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
169 MGMT_STATUS_BUSY, /* Command Disallowed */
170 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
171 MGMT_STATUS_REJECTED, /* Rejected Security */
172 MGMT_STATUS_REJECTED, /* Rejected Personal */
173 MGMT_STATUS_TIMEOUT, /* Host Timeout */
174 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
175 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
176 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
177 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
178 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
179 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
180 MGMT_STATUS_BUSY, /* Repeated Attempts */
181 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
182 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
183 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
184 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
185 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
186 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
187 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
188 MGMT_STATUS_FAILED, /* Unspecified Error */
189 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
190 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
191 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
192 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
193 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
194 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
195 MGMT_STATUS_FAILED, /* Unit Link Key Used */
196 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
197 MGMT_STATUS_TIMEOUT, /* Instant Passed */
198 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
199 MGMT_STATUS_FAILED, /* Transaction Collision */
200 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
201 MGMT_STATUS_REJECTED, /* QoS Rejected */
202 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
203 MGMT_STATUS_REJECTED, /* Insufficient Security */
204 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
205 MGMT_STATUS_BUSY, /* Role Switch Pending */
206 MGMT_STATUS_FAILED, /* Slot Violation */
207 MGMT_STATUS_FAILED, /* Role Switch Failed */
208 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
209 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
210 MGMT_STATUS_BUSY, /* Host Busy Pairing */
211 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
212 MGMT_STATUS_BUSY, /* Controller Busy */
213 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
214 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
215 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
216 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
217 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
218};
219
220static u8 mgmt_status(u8 hci_status)
221{
222 if (hci_status < ARRAY_SIZE(mgmt_status_table))
223 return mgmt_status_table[hci_status];
224
225 return MGMT_STATUS_FAILED;
226}
227
7a00ff44
JH		 228static int mgmt_send_event(u16 event, struct hci_dev *hdev,
229 unsigned short channel, void *data, u16 data_len,
c08b1a1d 230 int flag, struct sock *skip_sk)
04c60f05
MH		 231{
232 struct sk_buff *skb;
233 struct mgmt_hdr *hdr;
234
235 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
236 if (!skb)
237 return -ENOMEM;
238
239 hdr = (void *) skb_put(skb, sizeof(*hdr));
240 hdr->opcode = cpu_to_le16(event);
241 if (hdev)
242 hdr->index = cpu_to_le16(hdev->id);
243 else
244 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
245 hdr->len = cpu_to_le16(data_len);
246
247 if (data)
248 memcpy(skb_put(skb, data_len), data, data_len);
249
250 /* Time stamp */
251 __net_timestamp(skb);
252
c08b1a1d 253 hci_send_to_channel(channel, skb, flag, skip_sk);
04c60f05
MH		 254 kfree_skb(skb);
255
256 return 0;
257}
258
c08b1a1d
MH		 259static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
260 u16 len, int flag)
f9207338 261{
c08b1a1d
MH		 262 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
263 flag, NULL);
f9207338
MH		 264}
265
72000df2
MH		 266static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
267 u16 len, int flag, struct sock *skip_sk)
268{
269 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
270 flag, skip_sk);
271}
272
f6b7712e
MH		 273static int mgmt_generic_event(u16 event, struct hci_dev *hdev, void *data,
274 u16 len, struct sock *skip_sk)
275{
276 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
277 HCI_MGMT_GENERIC_EVENTS, skip_sk);
278}
279
7a00ff44
JH		 280static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
281 struct sock *skip_sk)
282{
283 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 284 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 285}
286
a69e8375 287static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 288{
289 struct sk_buff *skb;
290 struct mgmt_hdr *hdr;
291 struct mgmt_ev_cmd_status *ev;
56b7d137 292 int err;
f7b64e69 293
34eb525c 294 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 295
790eff44 296 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 297 if (!skb)
298 return -ENOMEM;
299
300 hdr = (void *) skb_put(skb, sizeof(*hdr));
301
dcf4adbf 302 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 303 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 304 hdr->len = cpu_to_le16(sizeof(*ev));
305
306 ev = (void *) skb_put(skb, sizeof(*ev));
307 ev->status = status;
eb55ef07 308 ev->opcode = cpu_to_le16(cmd);
f7b64e69 309
56b7d137
GP		 310 err = sock_queue_rcv_skb(sk, skb);
311 if (err < 0)
f7b64e69
JH		 312 kfree_skb(skb);
313
56b7d137 314 return err;
f7b64e69
JH		 315}
316
2a1afb5a
JH		 317static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
318 void *rp, size_t rp_len)
02d98129
JH		 319{
320 struct sk_buff *skb;
321 struct mgmt_hdr *hdr;
322 struct mgmt_ev_cmd_complete *ev;
56b7d137 323 int err;
02d98129
JH		 324
325 BT_DBG("sock %p", sk);
326
790eff44 327 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 328 if (!skb)
329 return -ENOMEM;
330
331 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 332
dcf4adbf 333 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 334 hdr->index = cpu_to_le16(index);
a38528f1 335 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 336
a38528f1 337 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 338 ev->opcode = cpu_to_le16(cmd);
aee9b218 339 ev->status = status;
8020c16a
SJ		 340
341 if (rp)
342 memcpy(ev->data, rp, rp_len);
02d98129 343
56b7d137
GP		 344 err = sock_queue_rcv_skb(sk, skb);
345 if (err < 0)
02d98129
JH		 346 kfree_skb(skb);
347
e5f0e151 348 return err;
02d98129
JH		 349}
350
04124681
GP		 351static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
352 u16 data_len)
a38528f1
JH		 353{
354 struct mgmt_rp_read_version rp;
355
356 BT_DBG("sock %p", sk);
357
358 rp.version = MGMT_VERSION;
dcf4adbf 359 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 360
2a1afb5a
JH		 361 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
362 &rp, sizeof(rp));
a38528f1
JH		 363}
364
04124681
GP		 365static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
366 u16 data_len)
e70bb2e8
JH		 367{
368 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 369 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
370 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 371 __le16 *opcode;
e70bb2e8
JH		 372 size_t rp_size;
373 int i, err;
374
375 BT_DBG("sock %p", sk);
376
377 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
378
379 rp = kmalloc(rp_size, GFP_KERNEL);
380 if (!rp)
381 return -ENOMEM;
382
dcf4adbf
JP		 383 rp->num_commands = cpu_to_le16(num_commands);
384 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 385
386 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
387 put_unaligned_le16(mgmt_commands[i], opcode);
388
389 for (i = 0; i < num_events; i++, opcode++)
390 put_unaligned_le16(mgmt_events[i], opcode);
391
2a1afb5a
JH		 392 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
393 rp, rp_size);
e70bb2e8
JH		 394 kfree(rp);
395
396 return err;
397}
398
04124681
GP		 399static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
400 u16 data_len)
faba42eb 401{
faba42eb 402 struct mgmt_rp_read_index_list *rp;
8035ded4 403 struct hci_dev *d;
a38528f1 404 size_t rp_len;
faba42eb 405 u16 count;
476e44cb 406 int err;
faba42eb
JH		 407
408 BT_DBG("sock %p", sk);
409
410 read_lock(&hci_dev_list_lock);
411
412 count = 0;
bb4b2a9a 413 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 414 if (d->dev_type == HCI_BREDR &&
d7a5a11d 415 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 416 count++;
faba42eb
JH		 417 }
418
a38528f1
JH		 419 rp_len = sizeof(*rp) + (2 * count);
420 rp = kmalloc(rp_len, GFP_ATOMIC);
421 if (!rp) {
b2c60d42 422 read_unlock(&hci_dev_list_lock);
faba42eb 423 return -ENOMEM;
b2c60d42 424 }
faba42eb 425
476e44cb 426 count = 0;
8035ded4 427 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 428 if (hci_dev_test_flag(d, HCI_SETUP) ||
429 hci_dev_test_flag(d, HCI_CONFIG) ||
430 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 431 continue;
432
73d1df2a
MH		 433 /* Devices marked as raw-only are neither configured
434 * nor unconfigured controllers.
435 */
436 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 437 continue;
438
73d1df2a 439 if (d->dev_type == HCI_BREDR &&
d7a5a11d 440 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 441 rp->index[count++] = cpu_to_le16(d->id);
442 BT_DBG("Added hci%u", d->id);
443 }
faba42eb
JH		 444 }
445
476e44cb
JH		 446 rp->num_controllers = cpu_to_le16(count);
447 rp_len = sizeof(*rp) + (2 * count);
448
faba42eb
JH		 449 read_unlock(&hci_dev_list_lock);
450
2a1afb5a
JH		 451 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
452 0, rp, rp_len);
faba42eb 453
a38528f1
JH		 454 kfree(rp);
455
456 return err;
faba42eb
JH		 457}
458
73d1df2a
MH		 459static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
460 void *data, u16 data_len)
461{
462 struct mgmt_rp_read_unconf_index_list *rp;
463 struct hci_dev *d;
464 size_t rp_len;
465 u16 count;
466 int err;
467
468 BT_DBG("sock %p", sk);
469
470 read_lock(&hci_dev_list_lock);
471
472 count = 0;
473 list_for_each_entry(d, &hci_dev_list, list) {
474 if (d->dev_type == HCI_BREDR &&
d7a5a11d 475 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 476 count++;
477 }
478
479 rp_len = sizeof(*rp) + (2 * count);
480 rp = kmalloc(rp_len, GFP_ATOMIC);
481 if (!rp) {
482 read_unlock(&hci_dev_list_lock);
483 return -ENOMEM;
484 }
485
486 count = 0;
487 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 488 if (hci_dev_test_flag(d, HCI_SETUP) ||
489 hci_dev_test_flag(d, HCI_CONFIG) ||
490 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 491 continue;
492
493 /* Devices marked as raw-only are neither configured
494 * nor unconfigured controllers.
495 */
496 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
497 continue;
498
499 if (d->dev_type == HCI_BREDR &&
d7a5a11d 500 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 501 rp->index[count++] = cpu_to_le16(d->id);
502 BT_DBG("Added hci%u", d->id);
503 }
504 }
505
506 rp->num_controllers = cpu_to_le16(count);
507 rp_len = sizeof(*rp) + (2 * count);
508
509 read_unlock(&hci_dev_list_lock);
510
2a1afb5a
JH		 511 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
512 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 513
514 kfree(rp);
515
516 return err;
517}
518
96f1474a
MH		 519static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
520 void *data, u16 data_len)
521{
522 struct mgmt_rp_read_ext_index_list *rp;
523 struct hci_dev *d;
524 size_t rp_len;
525 u16 count;
526 int err;
527
528 BT_DBG("sock %p", sk);
529
530 read_lock(&hci_dev_list_lock);
531
532 count = 0;
533 list_for_each_entry(d, &hci_dev_list, list) {
534 if (d->dev_type == HCI_BREDR || d->dev_type == HCI_AMP)
535 count++;
536 }
537
538 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
539 rp = kmalloc(rp_len, GFP_ATOMIC);
540 if (!rp) {
541 read_unlock(&hci_dev_list_lock);
542 return -ENOMEM;
543 }
544
545 count = 0;
546 list_for_each_entry(d, &hci_dev_list, list) {
547 if (hci_dev_test_flag(d, HCI_SETUP) ||
548 hci_dev_test_flag(d, HCI_CONFIG) ||
549 hci_dev_test_flag(d, HCI_USER_CHANNEL))
550 continue;
551
552 /* Devices marked as raw-only are neither configured
553 * nor unconfigured controllers.
554 */
555 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
556 continue;
557
558 if (d->dev_type == HCI_BREDR) {
559 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
560 rp->entry[count].type = 0x01;
561 else
562 rp->entry[count].type = 0x00;
563 } else if (d->dev_type == HCI_AMP) {
564 rp->entry[count].type = 0x02;
565 } else {
566 continue;
567 }
568
569 rp->entry[count].bus = d->bus;
570 rp->entry[count++].index = cpu_to_le16(d->id);
571 BT_DBG("Added hci%u", d->id);
572 }
573
574 rp->num_controllers = cpu_to_le16(count);
575 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
576
577 read_unlock(&hci_dev_list_lock);
578
579 /* If this command is called at least once, then all the
580 * default index and unconfigured index events are disabled
581 * and from now on only extended index events are used.
582 */
583 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
584 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
585 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
586
587 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
588 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
589
590 kfree(rp);
591
592 return err;
593}
594
dbece37a
MH		 595static bool is_configured(struct hci_dev *hdev)
596{
597 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 598 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 599 return false;
600
601 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
602 !bacmp(&hdev->public_addr, BDADDR_ANY))
603 return false;
604
605 return true;
606}
607
89bc22d2
MH		 608static __le32 get_missing_options(struct hci_dev *hdev)
609{
610 u32 options = 0;
611
dbece37a 612 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 613 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 614 options |= MGMT_OPTION_EXTERNAL_CONFIG;
615
89bc22d2
MH		 616 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
617 !bacmp(&hdev->public_addr, BDADDR_ANY))
618 options |= MGMT_OPTION_PUBLIC_ADDRESS;
619
620 return cpu_to_le32(options);
621}
622
f4537c04
MH		 623static int new_options(struct hci_dev *hdev, struct sock *skip)
624{
625 __le32 options = get_missing_options(hdev);
626
f6b7712e
MH		 627 return mgmt_generic_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
628 sizeof(options), skip);
f4537c04
MH		 629}
630
dbece37a
MH		 631static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
632{
633 __le32 options = get_missing_options(hdev);
634
2a1afb5a
JH		 635 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
636 sizeof(options));
dbece37a
MH		 637}
638
9fc3bfb6
MH		 639static int read_config_info(struct sock *sk, struct hci_dev *hdev,
640 void *data, u16 data_len)
641{
642 struct mgmt_rp_read_config_info rp;
89bc22d2 643 u32 options = 0;
9fc3bfb6
MH		 644
645 BT_DBG("sock %p %s", sk, hdev->name);
646
647 hci_dev_lock(hdev);
648
649 memset(&rp, 0, sizeof(rp));
650 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 651
eb1904f4
MH		 652 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
653 options |= MGMT_OPTION_EXTERNAL_CONFIG;
654
9fc3bfb6 655 if (hdev->set_bdaddr)
89bc22d2
MH		 656 options |= MGMT_OPTION_PUBLIC_ADDRESS;
657
658 rp.supported_options = cpu_to_le32(options);
659 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 660
661 hci_dev_unlock(hdev);
662
2a1afb5a
JH		 663 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
664 &rp, sizeof(rp));
9fc3bfb6
MH		 665}
666
69ab39ea
JH		 667static u32 get_supported_settings(struct hci_dev *hdev)
668{
669 u32 settings = 0;
670
671 settings |= MGMT_SETTING_POWERED;
b2939475 672 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 673 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 674 settings |= MGMT_SETTING_CONNECTABLE;
675 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 676
ed3fa31f 677 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 678 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
679 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 680 settings |= MGMT_SETTING_BREDR;
681 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 682
683 if (lmp_ssp_capable(hdev)) {
684 settings |= MGMT_SETTING_SSP;
685 settings |= MGMT_SETTING_HS;
686 }
e98d2ce2 687
05b3c3e7 688 if (lmp_sc_capable(hdev))
e98d2ce2 689 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 690 }
d7b7e796 691
eeca6f89 692 if (lmp_le_capable(hdev)) {
9d42820f 693 settings |= MGMT_SETTING_LE;
eeca6f89 694 settings |= MGMT_SETTING_ADVERTISING;
a3209694 695 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 696 settings |= MGMT_SETTING_PRIVACY;
93690c22 697 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 698 }
69ab39ea 699
eb1904f4
MH		 700 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
701 hdev->set_bdaddr)
9fc3bfb6
MH		 702 settings |= MGMT_SETTING_CONFIGURATION;
703
69ab39ea
JH		 704 return settings;
705}
706
707static u32 get_current_settings(struct hci_dev *hdev)
708{
709 u32 settings = 0;
710
f1f0eb02 711 if (hdev_is_powered(hdev))
f0d4b78a
MH		 712 settings |= MGMT_SETTING_POWERED;
713
d7a5a11d 714 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 715 settings |= MGMT_SETTING_CONNECTABLE;
716
d7a5a11d 717 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 718 settings |= MGMT_SETTING_FAST_CONNECTABLE;
719
d7a5a11d 720 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 721 settings |= MGMT_SETTING_DISCOVERABLE;
722
d7a5a11d 723 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 724 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 725
d7a5a11d 726 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 727 settings |= MGMT_SETTING_BREDR;
728
d7a5a11d 729 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 730 settings |= MGMT_SETTING_LE;
731
d7a5a11d 732 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 733 settings |= MGMT_SETTING_LINK_SECURITY;
734
d7a5a11d 735 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 736 settings |= MGMT_SETTING_SSP;
737
d7a5a11d 738 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 739 settings |= MGMT_SETTING_HS;
740
d7a5a11d 741 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 742 settings |= MGMT_SETTING_ADVERTISING;
743
d7a5a11d 744 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 745 settings |= MGMT_SETTING_SECURE_CONN;
746
d7a5a11d 747 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 748 settings |= MGMT_SETTING_DEBUG_KEYS;
749
d7a5a11d 750 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 751 settings |= MGMT_SETTING_PRIVACY;
752
93690c22
MH		 753 /* The current setting for static address has two purposes. The
754 * first is to indicate if the static address will be used and
755 * the second is to indicate if it is actually set.
756 *
757 * This means if the static address is not configured, this flag
758 * will never bet set. If the address is configured, then if the
759 * address is actually used decides if the flag is set or not.
760 *
761 * For single mode LE only controllers and dual-mode controllers
762 * with BR/EDR disabled, the existence of the static address will
763 * be evaluated.
764 */
b7cb93e5 765 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 766 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 767 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
768 if (bacmp(&hdev->static_addr, BDADDR_ANY))
769 settings |= MGMT_SETTING_STATIC_ADDRESS;
770 }
771
69ab39ea
JH		 772 return settings;
773}
774
ef580372
JH		 775#define PNP_INFO_SVCLASS_ID 0x1200
776
213202ed
JH		 777static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
778{
779 u8 *ptr = data, *uuids_start = NULL;
780 struct bt_uuid *uuid;
781
782 if (len < 4)
783 return ptr;
784
785 list_for_each_entry(uuid, &hdev->uuids, list) {
786 u16 uuid16;
787
788 if (uuid->size != 16)
789 continue;
790
791 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
792 if (uuid16 < 0x1100)
793 continue;
794
795 if (uuid16 == PNP_INFO_SVCLASS_ID)
796 continue;
797
798 if (!uuids_start) {
799 uuids_start = ptr;
800 uuids_start[0] = 1;
801 uuids_start[1] = EIR_UUID16_ALL;
802 ptr += 2;
803 }
804
805 /* Stop if not enough space to put next UUID */
806 if ((ptr - data) + sizeof(u16) > len) {
807 uuids_start[1] = EIR_UUID16_SOME;
808 break;
809 }
810
811 *ptr++ = (uuid16 & 0x00ff);
812 *ptr++ = (uuid16 & 0xff00) >> 8;
813 uuids_start[0] += sizeof(uuid16);
814 }
815
816 return ptr;
817}
818
cdf1963f
JH		 819static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
820{
821 u8 *ptr = data, *uuids_start = NULL;
822 struct bt_uuid *uuid;
823
824 if (len < 6)
825 return ptr;
826
827 list_for_each_entry(uuid, &hdev->uuids, list) {
828 if (uuid->size != 32)
829 continue;
830
831 if (!uuids_start) {
832 uuids_start = ptr;
833 uuids_start[0] = 1;
834 uuids_start[1] = EIR_UUID32_ALL;
835 ptr += 2;
836 }
837
838 /* Stop if not enough space to put next UUID */
839 if ((ptr - data) + sizeof(u32) > len) {
840 uuids_start[1] = EIR_UUID32_SOME;
841 break;
842 }
843
844 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
845 ptr += sizeof(u32);
846 uuids_start[0] += sizeof(u32);
847 }
848
849 return ptr;
850}
851
c00d575b
JH		 852static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
853{
854 u8 *ptr = data, *uuids_start = NULL;
855 struct bt_uuid *uuid;
856
857 if (len < 18)
858 return ptr;
859
860 list_for_each_entry(uuid, &hdev->uuids, list) {
861 if (uuid->size != 128)
862 continue;
863
864 if (!uuids_start) {
865 uuids_start = ptr;
866 uuids_start[0] = 1;
867 uuids_start[1] = EIR_UUID128_ALL;
868 ptr += 2;
869 }
870
871 /* Stop if not enough space to put next UUID */
872 if ((ptr - data) + 16 > len) {
873 uuids_start[1] = EIR_UUID128_SOME;
874 break;
875 }
876
877 memcpy(ptr, uuid->uuid, 16);
878 ptr += 16;
879 uuids_start[0] += 16;
880 }
881
882 return ptr;
883}
884
3b0602cd
JH		 885static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
886 struct hci_dev *hdev)
eb2a8d20 887{
3b0602cd 888 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 889
890 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
891 if (cmd->opcode == opcode)
892 return cmd;
893 }
894
895 return NULL;
896}
897
3b0602cd
JH		 898static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
899 struct hci_dev *hdev,
900 const void *data)
95868426 901{
3b0602cd 902 struct mgmt_pending_cmd *cmd;
95868426
JH		 903
904 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
905 if (cmd->user_data != data)
906 continue;
907 if (cmd->opcode == opcode)
908 return cmd;
909 }
910
911 return NULL;
912}
913
f14d8f64
MH		 914static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
915{
7a5f4990
MH		 916 u8 ad_len = 0;
917 size_t name_len;
918
919 name_len = strlen(hdev->dev_name);
920 if (name_len > 0) {
921 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
922
923 if (name_len > max_len) {
924 name_len = max_len;
925 ptr[1] = EIR_NAME_SHORT;
926 } else
927 ptr[1] = EIR_NAME_COMPLETE;
928
929 ptr[0] = name_len + 1;
930
931 memcpy(ptr + 2, hdev->dev_name, name_len);
932
933 ad_len += (name_len + 2);
934 ptr += (name_len + 2);
935 }
936
937 return ad_len;
f14d8f64
MH		 938}
939
940static void update_scan_rsp_data(struct hci_request *req)
941{
942 struct hci_dev *hdev = req->hdev;
943 struct hci_cp_le_set_scan_rsp_data cp;
944 u8 len;
945
d7a5a11d 946 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 947 return;
948
949 memset(&cp, 0, sizeof(cp));
950
951 len = create_scan_rsp_data(hdev, cp.data);
952
eb438b5f
JH		 953 if (hdev->scan_rsp_data_len == len &&
954 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 955 return;
956
eb438b5f
JH		 957 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
958 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 959
960 cp.length = len;
961
962 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
963}
964
9a43e25f
JH		 965static u8 get_adv_discov_flags(struct hci_dev *hdev)
966{
3b0602cd 967 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 968
969 /* If there's a pending mgmt command the flags will not yet have
970 * their final values, so check for this first.
971 */
972 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
973 if (cmd) {
974 struct mgmt_mode *cp = cmd->param;
975 if (cp->val == 0x01)
976 return LE_AD_GENERAL;
977 else if (cp->val == 0x02)
978 return LE_AD_LIMITED;
979 } else {
d7a5a11d 980 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 981 return LE_AD_LIMITED;
d7a5a11d 982 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 983 return LE_AD_GENERAL;
984 }
985
986 return 0;
987}
988
46cad2ed 989static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 990{
991 u8 ad_len = 0, flags = 0;
441ad2d0 992
9a43e25f 993 flags |= get_adv_discov_flags(hdev);
441ad2d0 994
d7a5a11d 995 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 996 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 997
998 if (flags) {
999 BT_DBG("adv flags 0x%02x", flags);
1000
1001 ptr[0] = 2;
1002 ptr[1] = EIR_FLAGS;
1003 ptr[2] = flags;
1004
1005 ad_len += 3;
1006 ptr += 3;
1007 }
1008
1009 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
1010 ptr[0] = 2;
1011 ptr[1] = EIR_TX_POWER;
1012 ptr[2] = (u8) hdev->adv_tx_power;
1013
1014 ad_len += 3;
1015 ptr += 3;
1016 }
1017
441ad2d0
MH		 1018 return ad_len;
1019}
1020
5947f4bc 1021static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 1022{
1023 struct hci_dev *hdev = req->hdev;
1024 struct hci_cp_le_set_adv_data cp;
1025 u8 len;
1026
d7a5a11d 1027 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 1028 return;
1029
1030 memset(&cp, 0, sizeof(cp));
1031
46cad2ed 1032 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 1033
1034 if (hdev->adv_data_len == len &&
1035 memcmp(cp.data, hdev->adv_data, len) == 0)
1036 return;
1037
1038 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
1039 hdev->adv_data_len = len;
1040
1041 cp.length = len;
1042
1043 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
1044}
1045
bc6d2d04
JH		 1046int mgmt_update_adv_data(struct hci_dev *hdev)
1047{
1048 struct hci_request req;
1049
1050 hci_req_init(&req, hdev);
1051 update_adv_data(&req);
1052
1053 return hci_req_run(&req, NULL);
1054}
1055
ef580372
JH		 1056static void create_eir(struct hci_dev *hdev, u8 *data)
1057{
1058 u8 *ptr = data;
ef580372
JH		 1059 size_t name_len;
1060
1061 name_len = strlen(hdev->dev_name);
1062
1063 if (name_len > 0) {
1064 /* EIR Data type */
1065 if (name_len > 48) {
1066 name_len = 48;
1067 ptr[1] = EIR_NAME_SHORT;
1068 } else
1069 ptr[1] = EIR_NAME_COMPLETE;
1070
1071 /* EIR Data length */
1072 ptr[0] = name_len + 1;
1073
1074 memcpy(ptr + 2, hdev->dev_name, name_len);
1075
ef580372
JH		 1076 ptr += (name_len + 2);
1077 }
1078
bbaf444a 1079 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1080 ptr[0] = 2;
1081 ptr[1] = EIR_TX_POWER;
1082 ptr[2] = (u8) hdev->inq_tx_power;
1083
91c4e9b1
MH		 1084 ptr += 3;
1085 }
1086
2b9be137
MH		 1087 if (hdev->devid_source > 0) {
1088 ptr[0] = 9;
1089 ptr[1] = EIR_DEVICE_ID;
1090
1091 put_unaligned_le16(hdev->devid_source, ptr + 2);
1092 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1093 put_unaligned_le16(hdev->devid_product, ptr + 6);
1094 put_unaligned_le16(hdev->devid_version, ptr + 8);
1095
2b9be137
MH		 1096 ptr += 10;
1097 }
1098
213202ed 1099 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1100 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1101 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1102}
1103
890ea898 1104static void update_eir(struct hci_request *req)
ef580372 1105{
890ea898 1106 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1107 struct hci_cp_write_eir cp;
1108
504c8dcd 1109 if (!hdev_is_powered(hdev))
890ea898 1110 return;
7770c4aa 1111
976eb20e 1112 if (!lmp_ext_inq_capable(hdev))
890ea898 1113 return;
ef580372 1114
d7a5a11d 1115 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1116 return;
ef580372 1117
d7a5a11d 1118 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1119 return;
ef580372
JH		 1120
1121 memset(&cp, 0, sizeof(cp));
1122
1123 create_eir(hdev, cp.data);
1124
1125 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1126 return;
ef580372
JH		 1127
1128 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1129
890ea898 1130 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1131}
1132
1133static u8 get_service_classes(struct hci_dev *hdev)
1134{
1135 struct bt_uuid *uuid;
1136 u8 val = 0;
1137
1138 list_for_each_entry(uuid, &hdev->uuids, list)
1139 val |= uuid->svc_hint;
1140
1141 return val;
1142}
1143
890ea898 1144static void update_class(struct hci_request *req)
ef580372 1145{
890ea898 1146 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1147 u8 cod[3];
1148
1149 BT_DBG("%s", hdev->name);
1150
504c8dcd 1151 if (!hdev_is_powered(hdev))
890ea898 1152 return;
7770c4aa 1153
d7a5a11d 1154 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1155 return;
1156
d7a5a11d 1157 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1158 return;
ef580372
JH		 1159
1160 cod[0] = hdev->minor_class;
1161 cod[1] = hdev->major_class;
1162 cod[2] = get_service_classes(hdev);
1163
d7a5a11d 1164 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1165 cod[1] |= 0x20;
1166
ef580372 1167 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1168 return;
ef580372 1169
890ea898 1170 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1171}
1172
a4858cb9 1173static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1174{
3b0602cd 1175 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1176
1177 /* If there's a pending mgmt command the flag will not yet have
1178 * it's final value, so check for this first.
1179 */
1180 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1181 if (cmd) {
1182 struct mgmt_mode *cp = cmd->param;
a4858cb9 1183 return cp->val;
199a2fb1
JH		 1184 }
1185
d7a5a11d 1186 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1187}
1188
0ec5ae84
JH		 1189static void disable_advertising(struct hci_request *req)
1190{
1191 u8 enable = 0x00;
1192
1193 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1194}
1195
199a2fb1
JH		 1196static void enable_advertising(struct hci_request *req)
1197{
1198 struct hci_dev *hdev = req->hdev;
1199 struct hci_cp_le_set_adv_param cp;
8f2a0601 1200 u8 own_addr_type, enable = 0x01;
a4858cb9 1201 bool connectable;
199a2fb1 1202
0ec5ae84
JH		 1203 if (hci_conn_num(hdev, LE_LINK) > 0)
1204 return;
1205
d7a5a11d 1206 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1207 disable_advertising(req);
1208
5ce194c4 1209 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1210 * hci_update_random_address knows that it's safe to go ahead
1211 * and write a new random address. The flag will be set back on
1212 * as soon as the SET_ADV_ENABLE HCI command completes.
1213 */
a358dc11 1214 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1215
d7a5a11d 1216 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1217 connectable = true;
1218 else
1219 connectable = get_connectable(hdev);
8f2a0601 1220
a4858cb9
JH		 1221 /* Set require_privacy to true only when non-connectable
1222 * advertising is used. In that case it is fine to use a
1223 * non-resolvable private address.
1224 */
1225 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1226 return;
1227
41c90c18 1228 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1229 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1230 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1231 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1232 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1233 cp.channel_map = hdev->le_adv_channel_map;
1234
1235 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1236
1237 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1238}
1239
7d78525d
JH		 1240static void service_cache_off(struct work_struct *work)
1241{
1242 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1243 service_cache.work);
890ea898 1244 struct hci_request req;
7d78525d 1245
a69d8927 1246 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1247 return;
1248
890ea898
JH		 1249 hci_req_init(&req, hdev);
1250
7d78525d
JH		 1251 hci_dev_lock(hdev);
1252
890ea898
JH		 1253 update_eir(&req);
1254 update_class(&req);
7d78525d
JH		 1255
1256 hci_dev_unlock(hdev);
890ea898
JH		 1257
1258 hci_req_run(&req, NULL);
7d78525d
JH		 1259}
1260
d6bfd59c
JH		 1261static void rpa_expired(struct work_struct *work)
1262{
1263 struct hci_dev *hdev = container_of(work, struct hci_dev,
1264 rpa_expired.work);
1265 struct hci_request req;
1266
1267 BT_DBG("");
1268
a1536da2 1269 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1270
d7a5a11d 1271 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1272 return;
1273
1274 /* The generation of a new RPA and programming it into the
1275 * controller happens in the enable_advertising() function.
1276 */
d6bfd59c 1277 hci_req_init(&req, hdev);
d6bfd59c 1278 enable_advertising(&req);
d6bfd59c
JH		 1279 hci_req_run(&req, NULL);
1280}
1281
6a919082 1282static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1283{
238be788 1284 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1285 return;
1286
4f87da80 1287 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1288 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1289
4f87da80
JH		 1290 /* Non-mgmt controlled devices get this bit set
1291 * implicitly so that pairing works for them, however
1292 * for mgmt we require user-space to explicitly enable
1293 * it
1294 */
a358dc11 1295 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1296}
1297
0f4e68cf 1298static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1299 void *data, u16 data_len)
0381101f 1300{
a38528f1 1301 struct mgmt_rp_read_info rp;
f7b64e69 1302
bdb6d971 1303 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1304
09fd0de5 1305 hci_dev_lock(hdev);
f7b64e69 1306
dc4fe30b
JH		 1307 memset(&rp, 0, sizeof(rp));
1308
69ab39ea 1309 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1310
69ab39ea 1311 rp.version = hdev->hci_ver;
eb55ef07 1312 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1313
1314 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1315 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1316
a38528f1 1317 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1318
dc4fe30b 1319 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1320 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1321
09fd0de5 1322 hci_dev_unlock(hdev);
0381101f 1323
2a1afb5a
JH		 1324 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1325 sizeof(rp));
0381101f
JH		 1326}
1327
3b0602cd 1328static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1329{
1330 sock_put(cmd->sk);
c68fb7ff 1331 kfree(cmd->param);
eec8d2bc
JH		 1332 kfree(cmd);
1333}
1334
3b0602cd
JH		 1335static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1336 struct hci_dev *hdev,
1337 void *data, u16 len)
eec8d2bc 1338{
3b0602cd 1339 struct mgmt_pending_cmd *cmd;
eec8d2bc 1340
fca20018 1341 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1342 if (!cmd)
366a0336 1343 return NULL;
eec8d2bc
JH		 1344
1345 cmd->opcode = opcode;
2e58ef3e 1346 cmd->index = hdev->id;
eec8d2bc 1347
323b0b88 1348 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1349 if (!cmd->param) {
eec8d2bc 1350 kfree(cmd);
366a0336 1351 return NULL;
eec8d2bc
JH		 1352 }
1353
323b0b88 1354 cmd->param_len = len;
eec8d2bc
JH		 1355
1356 cmd->sk = sk;
1357 sock_hold(sk);
1358
2e58ef3e 1359 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1360
366a0336 1361 return cmd;
eec8d2bc
JH		 1362}
1363
744cf19e 1364static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1365 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1366 void *data),
04124681 1367 void *data)
eec8d2bc 1368{
3b0602cd 1369 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1370
a3d09356 1371 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1372 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1373 continue;
1374
eec8d2bc
JH		 1375 cb(cmd, data);
1376 }
1377}
1378
3b0602cd 1379static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1380{
73f22f62
JH		 1381 list_del(&cmd->list);
1382 mgmt_pending_free(cmd);
1383}
1384
69ab39ea 1385static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1386{
69ab39ea 1387 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1388
2a1afb5a
JH		 1389 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1390 sizeof(settings));
8680570b
JH		 1391}
1392
1904a853 1393static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1394{
1395 BT_DBG("%s status 0x%02x", hdev->name, status);
1396
a3172b7e
JH		 1397 if (hci_conn_count(hdev) == 0) {
1398 cancel_delayed_work(&hdev->power_off);
8b064a3a 1399 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1400 }
8b064a3a
JH		 1401}
1402
23a48093 1403static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1404{
1405 struct hci_dev *hdev = req->hdev;
1406 struct hci_cp_remote_name_req_cancel cp;
1407 struct inquiry_entry *e;
1408
1409 switch (hdev->discovery.state) {
1410 case DISCOVERY_FINDING:
07d2334a 1411 if (test_bit(HCI_INQUIRY, &hdev->flags))
21a60d30 1412 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
07d2334a
JP		 1413
1414 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30
JH		 1415 cancel_delayed_work(&hdev->le_scan_disable);
1416 hci_req_add_le_scan_disable(req);
1417 }
1418
23a48093 1419 return true;
21a60d30
JH		 1420
1421 case DISCOVERY_RESOLVING:
1422 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1423 NAME_PENDING);
1424 if (!e)
23a48093 1425 break;
21a60d30
JH		 1426
1427 bacpy(&cp.bdaddr, &e->data.bdaddr);
1428 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1429 &cp);
1430
23a48093 1431 return true;
21a60d30
JH		 1432
1433 default:
1434 /* Passive scanning */
d7a5a11d 1435 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1436 hci_req_add_le_scan_disable(req);
23a48093
JH		 1437 return true;
1438 }
1439
21a60d30
JH		 1440 break;
1441 }
23a48093
JH		 1442
1443 return false;
21a60d30
JH		 1444}
1445
8b064a3a
JH		 1446static int clean_up_hci_state(struct hci_dev *hdev)
1447{
1448 struct hci_request req;
1449 struct hci_conn *conn;
23a48093
JH		 1450 bool discov_stopped;
1451 int err;
8b064a3a
JH		 1452
1453 hci_req_init(&req, hdev);
1454
1455 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1456 test_bit(HCI_PSCAN, &hdev->flags)) {
1457 u8 scan = 0x00;
1458 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1459 }
1460
d7a5a11d 1461 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1462 disable_advertising(&req);
1463
23a48093 1464 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1465
1466 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1467 struct hci_cp_disconnect dc;
c9910d0f
JH		 1468 struct hci_cp_reject_conn_req rej;
1469
1470 switch (conn->state) {
1471 case BT_CONNECTED:
1472 case BT_CONFIG:
1473 dc.handle = cpu_to_le16(conn->handle);
1474 dc.reason = 0x15; /* Terminated due to Power Off */
1475 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1476 break;
1477 case BT_CONNECT:
1478 if (conn->type == LE_LINK)
1479 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1480 0, NULL);
1481 else if (conn->type == ACL_LINK)
1482 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1483 6, &conn->dst);
1484 break;
1485 case BT_CONNECT2:
1486 bacpy(&rej.bdaddr, &conn->dst);
1487 rej.reason = 0x15; /* Terminated due to Power Off */
1488 if (conn->type == ACL_LINK)
1489 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1490 sizeof(rej), &rej);
1491 else if (conn->type == SCO_LINK)
1492 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1493 sizeof(rej), &rej);
1494 break;
1495 }
8b064a3a
JH		 1496 }
1497
23a48093
JH		 1498 err = hci_req_run(&req, clean_up_hci_complete);
1499 if (!err && discov_stopped)
1500 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1501
1502 return err;
8b064a3a
JH		 1503}
1504
bdb6d971 1505static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1506 u16 len)
eec8d2bc 1507{
650f726d 1508 struct mgmt_mode *cp = data;
3b0602cd 1509 struct mgmt_pending_cmd *cmd;
4b34ee78 1510 int err;
eec8d2bc 1511
bdb6d971 1512 BT_DBG("request for %s", hdev->name);
eec8d2bc 1513
a7e80f25 1514 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1515 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1516 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1517
09fd0de5 1518 hci_dev_lock(hdev);
eec8d2bc 1519
87b95ba6 1520 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1521 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1522 MGMT_STATUS_BUSY);
87b95ba6
JH		 1523 goto failed;
1524 }
1525
a69d8927 1526 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1527 cancel_delayed_work(&hdev->power_off);
1528
1529 if (cp->val) {
a1d70450
JH		 1530 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1531 data, len);
1532 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1533 goto failed;
1534 }
1535 }
1536
4b34ee78 1537 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1538 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1539 goto failed;
1540 }
1541
2e58ef3e 1542 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1543 if (!cmd) {
1544 err = -ENOMEM;
eec8d2bc 1545 goto failed;
366a0336 1546 }
eec8d2bc 1547
8b064a3a 1548 if (cp->val) {
19202573 1549 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1550 err = 0;
1551 } else {
1552 /* Disconnect connections, stop scans, etc */
1553 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1554 if (!err)
1555 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1556 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1557
8b064a3a
JH		 1558 /* ENODATA means there were no HCI commands queued */
1559 if (err == -ENODATA) {
a3172b7e 1560 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1561 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1562 err = 0;
1563 }
1564 }
eec8d2bc
JH		 1565
1566failed:
09fd0de5 1567 hci_dev_unlock(hdev);
366a0336 1568 return err;
eec8d2bc
JH		 1569}
1570
beadb2bd
JH		 1571static int new_settings(struct hci_dev *hdev, struct sock *skip)
1572{
f6b7712e 1573 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1574
f6b7712e
MH		 1575 return mgmt_generic_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1576 sizeof(ev), skip);
beadb2bd
JH		 1577}
1578
91a668b0
JH		 1579int mgmt_new_settings(struct hci_dev *hdev)
1580{
1581 return new_settings(hdev, NULL);
1582}
1583
bd99abdd
JH		 1584struct cmd_lookup {
1585 struct sock *sk;
1586 struct hci_dev *hdev;
1587 u8 mgmt_status;
1588};
1589
3b0602cd 1590static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1591{
1592 struct cmd_lookup *match = data;
1593
1594 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1595
1596 list_del(&cmd->list);
1597
1598 if (match->sk == NULL) {
1599 match->sk = cmd->sk;
1600 sock_hold(match->sk);
1601 }
1602
1603 mgmt_pending_free(cmd);
1604}
1605
3b0602cd 1606static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1607{
1608 u8 *status = data;
1609
a69e8375 1610 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1611 mgmt_pending_remove(cmd);
1612}
1613
3b0602cd 1614static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1615{
1616 if (cmd->cmd_complete) {
1617 u8 *status = data;
1618
1619 cmd->cmd_complete(cmd, *status);
1620 mgmt_pending_remove(cmd);
1621
1622 return;
1623 }
1624
1625 cmd_status_rsp(cmd, data);
1626}
1627
3b0602cd 1628static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1629{
2a1afb5a
JH		 1630 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1631 cmd->param, cmd->param_len);
f5818c22
JH		 1632}
1633
3b0602cd 1634static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1635{
2a1afb5a
JH		 1636 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1637 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1638}
1639
e6fe7986
JH		 1640static u8 mgmt_bredr_support(struct hci_dev *hdev)
1641{
1642 if (!lmp_bredr_capable(hdev))
1643 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1644 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1645 return MGMT_STATUS_REJECTED;
1646 else
1647 return MGMT_STATUS_SUCCESS;
1648}
1649
1650static u8 mgmt_le_support(struct hci_dev *hdev)
1651{
1652 if (!lmp_le_capable(hdev))
1653 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1654 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1655 return MGMT_STATUS_REJECTED;
1656 else
1657 return MGMT_STATUS_SUCCESS;
1658}
1659
1904a853
MH		 1660static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1661 u16 opcode)
bfaf8c9f 1662{
3b0602cd 1663 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1664 struct mgmt_mode *cp;
970ba524 1665 struct hci_request req;
bfaf8c9f
JH		 1666 bool changed;
1667
1668 BT_DBG("status 0x%02x", status);
1669
1670 hci_dev_lock(hdev);
1671
1672 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1673 if (!cmd)
1674 goto unlock;
1675
1676 if (status) {
1677 u8 mgmt_err = mgmt_status(status);
a69e8375 1678 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1679 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1680 goto remove_cmd;
1681 }
1682
1683 cp = cmd->param;
d4462a07 1684 if (cp->val) {
238be788 1685 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1686
1687 if (hdev->discov_timeout > 0) {
1688 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1689 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1690 to);
1691 }
1692 } else {
a69d8927 1693 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1694 }
bfaf8c9f
JH		 1695
1696 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1697
1698 if (changed)
1699 new_settings(hdev, cmd->sk);
1700
970ba524
MH		 1701 /* When the discoverable mode gets changed, make sure
1702 * that class of device has the limited discoverable
432df05e
JH		 1703 * bit correctly set. Also update page scan based on whitelist
1704 * entries.
970ba524
MH		 1705 */
1706 hci_req_init(&req, hdev);
1d2dc5b7 1707 __hci_update_page_scan(&req);
970ba524
MH		 1708 update_class(&req);
1709 hci_req_run(&req, NULL);
1710
bfaf8c9f
JH		 1711remove_cmd:
1712 mgmt_pending_remove(cmd);
1713
1714unlock:
1715 hci_dev_unlock(hdev);
1716}
1717
bdb6d971 1718static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1719 u16 len)
73f22f62 1720{
650f726d 1721 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1722 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1723 struct hci_request req;
5e5282bb 1724 u16 timeout;
9a43e25f 1725 u8 scan;
73f22f62
JH		 1726 int err;
1727
bdb6d971 1728 BT_DBG("request for %s", hdev->name);
73f22f62 1729
d7a5a11d
MH		 1730 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1731 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1732 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1733 MGMT_STATUS_REJECTED);
33c525c0 1734
310a3d48 1735 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1736 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1737 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1738
1f350c87 1739 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1740
1741 /* Disabling discoverable requires that no timeout is set,
1742 * and enabling limited discoverable requires a timeout.
1743 */
1744 if ((cp->val == 0x00 && timeout > 0) ||
1745 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1747 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1748
09fd0de5 1749 hci_dev_lock(hdev);
73f22f62 1750
5e5282bb 1751 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1752 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1753 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1754 goto failed;
1755 }
1756
2e58ef3e 1757 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1758 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1759 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1760 MGMT_STATUS_BUSY);
73f22f62
JH		 1761 goto failed;
1762 }
1763
d7a5a11d 1764 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1765 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1766 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1767 goto failed;
1768 }
1769
1770 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1771 bool changed = false;
1772
310a3d48
MH		 1773 /* Setting limited discoverable when powered off is
1774 * not a valid operation since it requires a timeout
1775 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1776 */
d7a5a11d 1777 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1778 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1779 changed = true;
1780 }
1781
5e5282bb 1782 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1783 if (err < 0)
1784 goto failed;
1785
1786 if (changed)
1787 err = new_settings(hdev, sk);
1788
5e5282bb
JH		 1789 goto failed;
1790 }
1791
310a3d48
MH		 1792 /* If the current mode is the same, then just update the timeout
1793 * value with the new value. And if only the timeout gets updated,
1794 * then no need for any HCI transactions.
1795 */
d7a5a11d
MH		 1796 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1797 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1798 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1799 cancel_delayed_work(&hdev->discov_off);
1800 hdev->discov_timeout = timeout;
955638ec 1801
36261547
MH		 1802 if (cp->val && hdev->discov_timeout > 0) {
1803 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1804 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1805 to);
955638ec
MH		 1806 }
1807
69ab39ea 1808 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1809 goto failed;
1810 }
1811
2e58ef3e 1812 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1813 if (!cmd) {
1814 err = -ENOMEM;
73f22f62 1815 goto failed;
366a0336 1816 }
73f22f62 1817
310a3d48
MH		 1818 /* Cancel any potential discoverable timeout that might be
1819 * still active and store new timeout value. The arming of
1820 * the timeout happens in the complete handler.
1821 */
1822 cancel_delayed_work(&hdev->discov_off);
1823 hdev->discov_timeout = timeout;
1824
b456f87c
JH		 1825 /* Limited discoverable mode */
1826 if (cp->val == 0x02)
a1536da2 1827 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1828 else
a358dc11 1829 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1830
bfaf8c9f
JH		 1831 hci_req_init(&req, hdev);
1832
9a43e25f
JH		 1833 /* The procedure for LE-only controllers is much simpler - just
1834 * update the advertising data.
1835 */
d7a5a11d 1836 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1837 goto update_ad;
1838
73f22f62
JH		 1839 scan = SCAN_PAGE;
1840
310a3d48
MH		 1841 if (cp->val) {
1842 struct hci_cp_write_current_iac_lap hci_cp;
1843
1844 if (cp->val == 0x02) {
1845 /* Limited discoverable mode */
33337dcb 1846 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1847 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1848 hci_cp.iac_lap[1] = 0x8b;
1849 hci_cp.iac_lap[2] = 0x9e;
1850 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1851 hci_cp.iac_lap[4] = 0x8b;
1852 hci_cp.iac_lap[5] = 0x9e;
1853 } else {
1854 /* General discoverable mode */
310a3d48
MH		 1855 hci_cp.num_iac = 1;
1856 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1857 hci_cp.iac_lap[1] = 0x8b;
1858 hci_cp.iac_lap[2] = 0x9e;
1859 }
1860
1861 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1862 (hci_cp.num_iac * 3) + 1, &hci_cp);
1863
73f22f62 1864 scan |= SCAN_INQUIRY;
310a3d48 1865 } else {
a358dc11 1866 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1867 }
73f22f62 1868
310a3d48 1869 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1870
9a43e25f
JH		 1871update_ad:
1872 update_adv_data(&req);
1873
bfaf8c9f 1874 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1875 if (err < 0)
a664b5bc 1876 mgmt_pending_remove(cmd);
73f22f62
JH		 1877
1878failed:
09fd0de5 1879 hci_dev_unlock(hdev);
73f22f62
JH		 1880 return err;
1881}
1882
406d7804
JH		 1883static void write_fast_connectable(struct hci_request *req, bool enable)
1884{
bd98b996 1885 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1886 struct hci_cp_write_page_scan_activity acp;
1887 u8 type;
1888
d7a5a11d 1889 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1890 return;
1891
4c01f8b8
JH		 1892 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1893 return;
1894
406d7804
JH		 1895 if (enable) {
1896 type = PAGE_SCAN_TYPE_INTERLACED;
1897
1898 /* 160 msec page scan interval */
dcf4adbf 1899 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1900 } else {
1901 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1902
1903 /* default 1.28 sec page scan */
dcf4adbf 1904 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1905 }
1906
dcf4adbf 1907 acp.window = cpu_to_le16(0x0012);
406d7804 1908
bd98b996
JH		 1909 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1910 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1911 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1912 sizeof(acp), &acp);
1913
1914 if (hdev->page_scan_type != type)
1915 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1916}
1917
1904a853
MH		 1918static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1919 u16 opcode)
2b76f453 1920{
3b0602cd 1921 struct mgmt_pending_cmd *cmd;
d7b856f9 1922 struct mgmt_mode *cp;
bc6d2d04 1923 bool conn_changed, discov_changed;
2b76f453
JH		 1924
1925 BT_DBG("status 0x%02x", status);
1926
1927 hci_dev_lock(hdev);
1928
1929 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1930 if (!cmd)
1931 goto unlock;
1932
37438c1f
JH		 1933 if (status) {
1934 u8 mgmt_err = mgmt_status(status);
a69e8375 1935 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1936 goto remove_cmd;
1937 }
1938
d7b856f9 1939 cp = cmd->param;
bc6d2d04 1940 if (cp->val) {
238be788
MH		 1941 conn_changed = !hci_dev_test_and_set_flag(hdev,
1942 HCI_CONNECTABLE);
bc6d2d04
JH		 1943 discov_changed = false;
1944 } else {
a69d8927
MH		 1945 conn_changed = hci_dev_test_and_clear_flag(hdev,
1946 HCI_CONNECTABLE);
1947 discov_changed = hci_dev_test_and_clear_flag(hdev,
1948 HCI_DISCOVERABLE);
bc6d2d04 1949 }
d7b856f9 1950
2b76f453
JH		 1951 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1952
bc6d2d04 1953 if (conn_changed || discov_changed) {
d7b856f9 1954 new_settings(hdev, cmd->sk);
1d2dc5b7 1955 hci_update_page_scan(hdev);
bc6d2d04
JH		 1956 if (discov_changed)
1957 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1958 hci_update_background_scan(hdev);
1959 }
d7b856f9 1960
37438c1f 1961remove_cmd:
2b76f453
JH		 1962 mgmt_pending_remove(cmd);
1963
1964unlock:
1965 hci_dev_unlock(hdev);
1966}
1967
e8ba3a1f
JH		 1968static int set_connectable_update_settings(struct hci_dev *hdev,
1969 struct sock *sk, u8 val)
1970{
1971 bool changed = false;
1972 int err;
1973
d7a5a11d 1974 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1975 changed = true;
1976
1977 if (val) {
a1536da2 1978 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1979 } else {
a358dc11
MH		 1980 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1981 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1982 }
1983
1984 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1985 if (err < 0)
1986 return err;
1987
562064e6 1988 if (changed) {
1d2dc5b7 1989 hci_update_page_scan(hdev);
562064e6 1990 hci_update_background_scan(hdev);
e8ba3a1f 1991 return new_settings(hdev, sk);
562064e6 1992 }
e8ba3a1f
JH		 1993
1994 return 0;
1995}
1996
bdb6d971 1997static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1998 u16 len)
9fbcbb45 1999{
650f726d 2000 struct mgmt_mode *cp = data;
3b0602cd 2001 struct mgmt_pending_cmd *cmd;
2b76f453 2002 struct hci_request req;
1987fdc7 2003 u8 scan;
9fbcbb45
JH		 2004 int err;
2005
bdb6d971 2006 BT_DBG("request for %s", hdev->name);
9fbcbb45 2007
d7a5a11d
MH		 2008 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
2009 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2010 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2011 MGMT_STATUS_REJECTED);
33c525c0 2012
a7e80f25 2013 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2014 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2015 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2016
09fd0de5 2017 hci_dev_lock(hdev);
9fbcbb45 2018
4b34ee78 2019 if (!hdev_is_powered(hdev)) {
e8ba3a1f 2020 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 2021 goto failed;
2022 }
2023
2e58ef3e 2024 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 2025 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 2026 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
2027 MGMT_STATUS_BUSY);
9fbcbb45
JH		 2028 goto failed;
2029 }
2030
2e58ef3e 2031 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 2032 if (!cmd) {
2033 err = -ENOMEM;
9fbcbb45 2034 goto failed;
366a0336 2035 }
9fbcbb45 2036
9b74246f 2037 hci_req_init(&req, hdev);
9fbcbb45 2038
9a43e25f
JH		 2039 /* If BR/EDR is not enabled and we disable advertising as a
2040 * by-product of disabling connectable, we need to update the
2041 * advertising flags.
2042 */
d7a5a11d 2043 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 2044 if (!cp->val) {
a358dc11
MH		 2045 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2046 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 2047 }
2048 update_adv_data(&req);
2049 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 2050 if (cp->val) {
2051 scan = SCAN_PAGE;
2052 } else {
3bd27240
JH		 2053 /* If we don't have any whitelist entries just
2054 * disable all scanning. If there are entries
2055 * and we had both page and inquiry scanning
2056 * enabled then fall back to only page scanning.
2057 * Otherwise no changes are needed.
2058 */
2059 if (list_empty(&hdev->whitelist))
2060 scan = SCAN_DISABLED;
2061 else if (test_bit(HCI_ISCAN, &hdev->flags))
2062 scan = SCAN_PAGE;
2063 else
2064 goto no_scan_update;
9b74246f
JH		 2065
2066 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 2067 hdev->discov_timeout > 0)
9b74246f
JH		 2068 cancel_delayed_work(&hdev->discov_off);
2069 }
2b76f453 2070
9b74246f
JH		 2071 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
2072 }
2b76f453 2073
3bd27240 2074no_scan_update:
e8b1202c 2075 /* Update the advertising parameters if necessary */
d7a5a11d 2076 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 2077 enable_advertising(&req);
1987fdc7 2078
2b76f453 2079 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2080 if (err < 0) {
a664b5bc 2081 mgmt_pending_remove(cmd);
9b74246f 2082 if (err == -ENODATA)
a81070ba
JH		 2083 err = set_connectable_update_settings(hdev, sk,
2084 cp->val);
9b74246f
JH		 2085 goto failed;
2086 }
9fbcbb45
JH		 2087
2088failed:
09fd0de5 2089 hci_dev_unlock(hdev);
9fbcbb45
JH		 2090 return err;
2091}
2092
b2939475 2093static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2094 u16 len)
c542a06c 2095{
650f726d 2096 struct mgmt_mode *cp = data;
55594356 2097 bool changed;
c542a06c
JH		 2098 int err;
2099
bdb6d971 2100 BT_DBG("request for %s", hdev->name);
c542a06c 2101
a7e80f25 2102 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2104 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2105
09fd0de5 2106 hci_dev_lock(hdev);
c542a06c
JH		 2107
2108 if (cp->val)
238be788 2109 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2110 else
a69d8927 2111 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2112
b2939475 2113 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2114 if (err < 0)
55594356 2115 goto unlock;
c542a06c 2116
55594356
MH		 2117 if (changed)
2118 err = new_settings(hdev, sk);
c542a06c 2119
55594356 2120unlock:
09fd0de5 2121 hci_dev_unlock(hdev);
c542a06c
JH		 2122 return err;
2123}
2124
04124681
GP		 2125static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2126 u16 len)
33ef95ed
JH		 2127{
2128 struct mgmt_mode *cp = data;
3b0602cd 2129 struct mgmt_pending_cmd *cmd;
e6fe7986 2130 u8 val, status;
33ef95ed
JH		 2131 int err;
2132
bdb6d971 2133 BT_DBG("request for %s", hdev->name);
33ef95ed 2134
e6fe7986
JH		 2135 status = mgmt_bredr_support(hdev);
2136 if (status)
a69e8375
JH		 2137 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2138 status);
33c525c0 2139
a7e80f25 2140 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2141 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2142 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2143
33ef95ed
JH		 2144 hci_dev_lock(hdev);
2145
4b34ee78 2146 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2147 bool changed = false;
2148
d7a5a11d 2149 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2150 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2151 changed = true;
2152 }
2153
2154 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2155 if (err < 0)
2156 goto failed;
2157
2158 if (changed)
2159 err = new_settings(hdev, sk);
2160
33ef95ed
JH		 2161 goto failed;
2162 }
2163
2164 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2165 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2166 MGMT_STATUS_BUSY);
33ef95ed
JH		 2167 goto failed;
2168 }
2169
2170 val = !!cp->val;
2171
2172 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2173 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2174 goto failed;
2175 }
2176
2177 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2178 if (!cmd) {
2179 err = -ENOMEM;
2180 goto failed;
2181 }
2182
2183 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2184 if (err < 0) {
2185 mgmt_pending_remove(cmd);
2186 goto failed;
2187 }
2188
2189failed:
2190 hci_dev_unlock(hdev);
33ef95ed
JH		 2191 return err;
2192}
2193
bdb6d971 2194static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2195{
2196 struct mgmt_mode *cp = data;
3b0602cd 2197 struct mgmt_pending_cmd *cmd;
72ef0c1a 2198 u8 status;
ed2c4ee3
JH		 2199 int err;
2200
bdb6d971 2201 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2202
cdba5281
MH		 2203 status = mgmt_bredr_support(hdev);
2204 if (status)
a69e8375 2205 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2206
13ecd8b6 2207 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2208 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2209 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2210
a7e80f25 2211 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2213 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2214
13ecd8b6 2215 hci_dev_lock(hdev);
6c8f12c1 2216
4b34ee78 2217 if (!hdev_is_powered(hdev)) {
9ecb3e24 2218 bool changed;
c0ecddc2 2219
9ecb3e24 2220 if (cp->val) {
238be788
MH		 2221 changed = !hci_dev_test_and_set_flag(hdev,
2222 HCI_SSP_ENABLED);
9ecb3e24 2223 } else {
a69d8927
MH		 2224 changed = hci_dev_test_and_clear_flag(hdev,
2225 HCI_SSP_ENABLED);
9ecb3e24 2226 if (!changed)
a69d8927
MH		 2227 changed = hci_dev_test_and_clear_flag(hdev,
2228 HCI_HS_ENABLED);
9ecb3e24 2229 else
a358dc11 2230 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2231 }
2232
2233 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2234 if (err < 0)
2235 goto failed;
2236
2237 if (changed)
2238 err = new_settings(hdev, sk);
2239
ed2c4ee3
JH		 2240 goto failed;
2241 }
2242
94d52dad 2243 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2244 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2245 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2246 goto failed;
2247 }
2248
d7a5a11d 2249 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2250 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2251 goto failed;
2252 }
2253
2254 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2255 if (!cmd) {
2256 err = -ENOMEM;
2257 goto failed;
2258 }
2259
d7a5a11d 2260 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2261 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2262 sizeof(cp->val), &cp->val);
2263
72ef0c1a 2264 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2265 if (err < 0) {
2266 mgmt_pending_remove(cmd);
2267 goto failed;
2268 }
2269
2270failed:
2271 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2272 return err;
2273}
2274
bdb6d971 2275static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2276{
2277 struct mgmt_mode *cp = data;
ee392693 2278 bool changed;
e6fe7986 2279 u8 status;
ee392693 2280 int err;
6d80dfd0 2281
bdb6d971 2282 BT_DBG("request for %s", hdev->name);
6d80dfd0 2283
e6fe7986
JH		 2284 status = mgmt_bredr_support(hdev);
2285 if (status)
a69e8375 2286 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2287
9ecb3e24 2288 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2289 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2290 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2291
d7a5a11d 2292 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2294 MGMT_STATUS_REJECTED);
9ecb3e24 2295
a7e80f25 2296 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2298 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2299
ee392693
MH		 2300 hci_dev_lock(hdev);
2301
a2cb01de 2302 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2303 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2304 MGMT_STATUS_BUSY);
a2cb01de
JH		 2305 goto unlock;
2306 }
2307
a0cdf960 2308 if (cp->val) {
238be788 2309 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2310 } else {
2311 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2312 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2313 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2314 goto unlock;
2315 }
2316
a69d8927 2317 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2318 }
ee392693
MH		 2319
2320 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2321 if (err < 0)
2322 goto unlock;
2323
2324 if (changed)
2325 err = new_settings(hdev, sk);
6d80dfd0 2326
ee392693
MH		 2327unlock:
2328 hci_dev_unlock(hdev);
2329 return err;
6d80dfd0
JH		 2330}
2331
1904a853 2332static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2333{
2334 struct cmd_lookup match = { NULL, hdev };
2335
3ad67582
JK		 2336 hci_dev_lock(hdev);
2337
416a4ae5
JH		 2338 if (status) {
2339 u8 mgmt_err = mgmt_status(status);
2340
2341 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2342 &mgmt_err);
3ad67582 2343 goto unlock;
416a4ae5
JH		 2344 }
2345
2346 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2347
2348 new_settings(hdev, match.sk);
2349
2350 if (match.sk)
2351 sock_put(match.sk);
441ad2d0
MH		 2352
2353 /* Make sure the controller has a good default for
2354 * advertising data. Restrict the update to when LE
2355 * has actually been enabled. During power on, the
2356 * update in powered_update_hci will take care of it.
2357 */
d7a5a11d 2358 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2359 struct hci_request req;
2360
441ad2d0 2361 hci_req_init(&req, hdev);
5947f4bc 2362 update_adv_data(&req);
f14d8f64 2363 update_scan_rsp_data(&req);
2cf22218 2364 __hci_update_background_scan(&req);
441ad2d0 2365 hci_req_run(&req, NULL);
441ad2d0 2366 }
3ad67582
JK		 2367
2368unlock:
2369 hci_dev_unlock(hdev);
416a4ae5
JH		 2370}
2371
bdb6d971 2372static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2373{
2374 struct mgmt_mode *cp = data;
2375 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2376 struct mgmt_pending_cmd *cmd;
416a4ae5 2377 struct hci_request req;
06199cf8 2378 int err;
0b60eba1 2379 u8 val, enabled;
06199cf8 2380
bdb6d971 2381 BT_DBG("request for %s", hdev->name);
06199cf8 2382
13ecd8b6 2383 if (!lmp_le_capable(hdev))
a69e8375
JH		 2384 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2385 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2386
a7e80f25 2387 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2388 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2389 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2390
c73eee91 2391 /* LE-only devices do not allow toggling LE on/off */
d7a5a11d 2392 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2393 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2394 MGMT_STATUS_REJECTED);
c73eee91 2395
13ecd8b6 2396 hci_dev_lock(hdev);
06199cf8
JH		 2397
2398 val = !!cp->val;
ffa88e02 2399 enabled = lmp_host_le_capable(hdev);
06199cf8 2400
0b60eba1 2401 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2402 bool changed = false;
2403
d7a5a11d 2404 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2405 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2406 changed = true;
2407 }
2408
d7a5a11d 2409 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2410 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2411 changed = true;
2412 }
2413
06199cf8
JH		 2414 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2415 if (err < 0)
1de028ce 2416 goto unlock;
06199cf8
JH		 2417
2418 if (changed)
2419 err = new_settings(hdev, sk);
2420
1de028ce 2421 goto unlock;
06199cf8
JH		 2422 }
2423
4375f103
JH		 2424 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2425 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2426 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2427 MGMT_STATUS_BUSY);
1de028ce 2428 goto unlock;
06199cf8
JH		 2429 }
2430
2431 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2432 if (!cmd) {
2433 err = -ENOMEM;
1de028ce 2434 goto unlock;
06199cf8
JH		 2435 }
2436
441ad2d0
MH		 2437 hci_req_init(&req, hdev);
2438
06199cf8
JH		 2439 memset(&hci_cp, 0, sizeof(hci_cp));
2440
2441 if (val) {
2442 hci_cp.le = val;
32226e4f 2443 hci_cp.simul = 0x00;
441ad2d0 2444 } else {
d7a5a11d 2445 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2446 disable_advertising(&req);
06199cf8
JH		 2447 }
2448
416a4ae5
JH		 2449 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2450 &hci_cp);
2451
2452 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2453 if (err < 0)
06199cf8 2454 mgmt_pending_remove(cmd);
06199cf8 2455
1de028ce
JH		 2456unlock:
2457 hci_dev_unlock(hdev);
06199cf8
JH		 2458 return err;
2459}
2460
0cab9c80
JH		 2461/* This is a helper function to test for pending mgmt commands that can
2462 * cause CoD or EIR HCI commands. We can only allow one such pending
2463 * mgmt command at a time since otherwise we cannot easily track what
2464 * the current values are, will be, and based on that calculate if a new
2465 * HCI command needs to be sent and if yes with what value.
2466 */
2467static bool pending_eir_or_class(struct hci_dev *hdev)
2468{
3b0602cd 2469 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2470
2471 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2472 switch (cmd->opcode) {
2473 case MGMT_OP_ADD_UUID:
2474 case MGMT_OP_REMOVE_UUID:
2475 case MGMT_OP_SET_DEV_CLASS:
2476 case MGMT_OP_SET_POWERED:
2477 return true;
2478 }
2479 }
2480
2481 return false;
2482}
2483
83be8eca
JH		 2484static const u8 bluetooth_base_uuid[] = {
2485 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2486 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2487};
2488
2489static u8 get_uuid_size(const u8 *uuid)
2490{
2491 u32 val;
2492
2493 if (memcmp(uuid, bluetooth_base_uuid, 12))
2494 return 128;
2495
2496 val = get_unaligned_le32(&uuid[12]);
2497 if (val > 0xffff)
2498 return 32;
2499
2500 return 16;
2501}
2502
92da6097
JH		 2503static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2504{
3b0602cd 2505 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2506
2507 hci_dev_lock(hdev);
2508
2509 cmd = mgmt_pending_find(mgmt_op, hdev);
2510 if (!cmd)
2511 goto unlock;
2512
2a1afb5a
JH		 2513 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2514 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2515
2516 mgmt_pending_remove(cmd);
2517
2518unlock:
2519 hci_dev_unlock(hdev);
2520}
2521
1904a853 2522static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2523{
2524 BT_DBG("status 0x%02x", status);
2525
2526 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2527}
2528
bdb6d971 2529static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2530{
650f726d 2531 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2532 struct mgmt_pending_cmd *cmd;
890ea898 2533 struct hci_request req;
2aeb9a1a 2534 struct bt_uuid *uuid;
2aeb9a1a
JH		 2535 int err;
2536
bdb6d971 2537 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2538
09fd0de5 2539 hci_dev_lock(hdev);
2aeb9a1a 2540
0cab9c80 2541 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2543 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2544 goto failed;
2545 }
2546
92c4c204 2547 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2548 if (!uuid) {
2549 err = -ENOMEM;
2550 goto failed;
2551 }
2552
2553 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2554 uuid->svc_hint = cp->svc_hint;
83be8eca 2555 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2556
de66aa63 2557 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2558
890ea898 2559 hci_req_init(&req, hdev);
1aff6f09 2560
890ea898
JH		 2561 update_class(&req);
2562 update_eir(&req);
2563
92da6097
JH		 2564 err = hci_req_run(&req, add_uuid_complete);
2565 if (err < 0) {
2566 if (err != -ENODATA)
2567 goto failed;
80a1e1db 2568
2a1afb5a
JH		 2569 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2570 hdev->dev_class, 3);
90e70454
JH		 2571 goto failed;
2572 }
2573
2574 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2575 if (!cmd) {
90e70454 2576 err = -ENOMEM;
890ea898
JH		 2577 goto failed;
2578 }
2579
2580 err = 0;
2aeb9a1a
JH		 2581
2582failed:
09fd0de5 2583 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2584 return err;
2585}
2586
24b78d0f
JH		 2587static bool enable_service_cache(struct hci_dev *hdev)
2588{
2589 if (!hdev_is_powered(hdev))
2590 return false;
2591
238be788 2592 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2593 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2594 CACHE_TIMEOUT);
24b78d0f
JH		 2595 return true;
2596 }
2597
2598 return false;
2599}
2600
1904a853 2601static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2602{
2603 BT_DBG("status 0x%02x", status);
2604
2605 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2606}
2607
bdb6d971 2608static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2609 u16 len)
2aeb9a1a 2610{
650f726d 2611 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2612 struct mgmt_pending_cmd *cmd;
056341c8 2613 struct bt_uuid *match, *tmp;
2aeb9a1a 2614 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2615 struct hci_request req;
2aeb9a1a
JH		 2616 int err, found;
2617
bdb6d971 2618 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2619
09fd0de5 2620 hci_dev_lock(hdev);
2aeb9a1a 2621
0cab9c80 2622 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2623 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2624 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2625 goto unlock;
2626 }
2627
2aeb9a1a 2628 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2629 hci_uuids_clear(hdev);
4004b6d9 2630
24b78d0f 2631 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2632 err = mgmt_cmd_complete(sk, hdev->id,
2633 MGMT_OP_REMOVE_UUID,
2634 0, hdev->dev_class, 3);
24b78d0f
JH		 2635 goto unlock;
2636 }
4004b6d9 2637
9246a869 2638 goto update_class;
2aeb9a1a
JH		 2639 }
2640
2641 found = 0;
2642
056341c8 2643 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2644 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2645 continue;
2646
2647 list_del(&match->list);
482049f7 2648 kfree(match);
2aeb9a1a
JH		 2649 found++;
2650 }
2651
2652 if (found == 0) {
a69e8375
JH		 2653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2654 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2655 goto unlock;
2656 }
2657
9246a869 2658update_class:
890ea898 2659 hci_req_init(&req, hdev);
1aff6f09 2660
890ea898
JH		 2661 update_class(&req);
2662 update_eir(&req);
2663
92da6097
JH		 2664 err = hci_req_run(&req, remove_uuid_complete);
2665 if (err < 0) {
2666 if (err != -ENODATA)
2667 goto unlock;
80a1e1db 2668
2a1afb5a
JH		 2669 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2670 hdev->dev_class, 3);
90e70454
JH		 2671 goto unlock;
2672 }
2673
2674 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2675 if (!cmd) {
90e70454 2676 err = -ENOMEM;
890ea898
JH		 2677 goto unlock;
2678 }
2679
2680 err = 0;
2aeb9a1a
JH		 2681
2682unlock:
09fd0de5 2683 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2684 return err;
2685}
2686
1904a853 2687static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2688{
2689 BT_DBG("status 0x%02x", status);
2690
2691 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2692}
2693
bdb6d971 2694static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2695 u16 len)
1aff6f09 2696{
650f726d 2697 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2698 struct mgmt_pending_cmd *cmd;
890ea898 2699 struct hci_request req;
1aff6f09
JH		 2700 int err;
2701
bdb6d971 2702 BT_DBG("request for %s", hdev->name);
1aff6f09 2703
6203fc98 2704 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2705 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2706 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2707
0cab9c80 2708 hci_dev_lock(hdev);
ee98f473 2709
0cab9c80 2710 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2711 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2712 MGMT_STATUS_BUSY);
0cab9c80
JH		 2713 goto unlock;
2714 }
c95f0ba7 2715
0cab9c80 2716 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2717 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2718 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2719 goto unlock;
2720 }
575b3a02 2721
932f5ff5
JH		 2722 hdev->major_class = cp->major;
2723 hdev->minor_class = cp->minor;
2724
b5235a65 2725 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2726 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2727 hdev->dev_class, 3);
b5235a65
JH		 2728 goto unlock;
2729 }
2730
890ea898
JH		 2731 hci_req_init(&req, hdev);
2732
a69d8927 2733 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2734 hci_dev_unlock(hdev);
2735 cancel_delayed_work_sync(&hdev->service_cache);
2736 hci_dev_lock(hdev);
890ea898 2737 update_eir(&req);
7d78525d 2738 }
14c0b608 2739
890ea898
JH		 2740 update_class(&req);
2741
92da6097
JH		 2742 err = hci_req_run(&req, set_class_complete);
2743 if (err < 0) {
2744 if (err != -ENODATA)
2745 goto unlock;
1aff6f09 2746
2a1afb5a
JH		 2747 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2748 hdev->dev_class, 3);
90e70454
JH		 2749 goto unlock;
2750 }
2751
2752 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2753 if (!cmd) {
90e70454 2754 err = -ENOMEM;
890ea898
JH		 2755 goto unlock;
2756 }
2757
2758 err = 0;
1aff6f09 2759
b5235a65 2760unlock:
09fd0de5 2761 hci_dev_unlock(hdev);
1aff6f09
JH		 2762 return err;
2763}
2764
bdb6d971 2765static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2766 u16 len)
55ed8ca1 2767{
650f726d 2768 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2769 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2770 sizeof(struct mgmt_link_key_info));
4e51eae9 2771 u16 key_count, expected_len;
b1de97d8 2772 bool changed;
a492cd52 2773 int i;
55ed8ca1 2774
9060d5cf
MH		 2775 BT_DBG("request for %s", hdev->name);
2776
2777 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2778 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2779 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2780
1f350c87 2781 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2782 if (key_count > max_key_count) {
2783 BT_ERR("load_link_keys: too big key_count value %u",
2784 key_count);
a69e8375
JH		 2785 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2786 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2787 }
55ed8ca1 2788
86742e1e
JH		 2789 expected_len = sizeof(*cp) + key_count *
2790 sizeof(struct mgmt_link_key_info);
a492cd52 2791 if (expected_len != len) {
86742e1e 2792 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2793 expected_len, len);
a69e8375
JH		 2794 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2795 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2796 }
2797
4ae14301 2798 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2800 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2801
bdb6d971 2802 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2803 key_count);
55ed8ca1 2804
4ee71b20
JH		 2805 for (i = 0; i < key_count; i++) {
2806 struct mgmt_link_key_info *key = &cp->keys[i];
2807
8e991132 2808 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2809 return mgmt_cmd_status(sk, hdev->id,
2810 MGMT_OP_LOAD_LINK_KEYS,
2811 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2812 }
2813
09fd0de5 2814 hci_dev_lock(hdev);
55ed8ca1
JH		 2815
2816 hci_link_keys_clear(hdev);
2817
55ed8ca1 2818 if (cp->debug_keys)
238be788 2819 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2820 else
a69d8927
MH		 2821 changed = hci_dev_test_and_clear_flag(hdev,
2822 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2823
2824 if (changed)
2825 new_settings(hdev, NULL);
55ed8ca1 2826
a492cd52 2827 for (i = 0; i < key_count; i++) {
86742e1e 2828 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2829
58e9293c
JH		 2830 /* Always ignore debug keys and require a new pairing if
2831 * the user wants to use them.
2832 */
2833 if (key->type == HCI_LK_DEBUG_COMBINATION)
2834 continue;
2835
7652ff6a
JH		 2836 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2837 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2838 }
2839
2a1afb5a 2840 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2841
09fd0de5 2842 hci_dev_unlock(hdev);
55ed8ca1 2843
a492cd52 2844 return 0;
55ed8ca1
JH		 2845}
2846
b1078ad0 2847static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2848 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2849{
2850 struct mgmt_ev_device_unpaired ev;
2851
2852 bacpy(&ev.addr.bdaddr, bdaddr);
2853 ev.addr.type = addr_type;
2854
2855 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2856 skip_sk);
b1078ad0
JH		 2857}
2858
bdb6d971 2859static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2860 u16 len)
55ed8ca1 2861{
124f6e35
JH		 2862 struct mgmt_cp_unpair_device *cp = data;
2863 struct mgmt_rp_unpair_device rp;
a8a1d19e 2864 struct hci_cp_disconnect dc;
3b0602cd 2865 struct mgmt_pending_cmd *cmd;
55ed8ca1 2866 struct hci_conn *conn;
55ed8ca1
JH		 2867 int err;
2868
a8a1d19e 2869 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2870 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2871 rp.addr.type = cp->addr.type;
a8a1d19e 2872
4ee71b20 2873 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2874 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2875 MGMT_STATUS_INVALID_PARAMS,
2876 &rp, sizeof(rp));
4ee71b20 2877
118da70b 2878 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2879 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2880 MGMT_STATUS_INVALID_PARAMS,
2881 &rp, sizeof(rp));
118da70b 2882
4ee71b20
JH		 2883 hci_dev_lock(hdev);
2884
86a8cfc6 2885 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2886 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2887 MGMT_STATUS_NOT_POWERED, &rp,
2888 sizeof(rp));
86a8cfc6
JH		 2889 goto unlock;
2890 }
2891
e0b2b27e 2892 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2893 /* If disconnection is requested, then look up the
2894 * connection. If the remote device is connected, it
2895 * will be later used to terminate the link.
2896 *
2897 * Setting it to NULL explicitly will cause no
2898 * termination of the link.
2899 */
2900 if (cp->disconnect)
2901 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2902 &cp->addr.bdaddr);
2903 else
2904 conn = NULL;
2905
124f6e35 2906 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2907 } else {
2908 u8 addr_type;
2909
89cbb063
AA		 2910 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2911 &cp->addr.bdaddr);
2912 if (conn) {
2913 /* Defer clearing up the connection parameters
2914 * until closing to give a chance of keeping
2915 * them if a repairing happens.
2916 */
2917 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2918
2919 /* If disconnection is not requested, then
2920 * clear the connection variable so that the
2921 * link is not terminated.
2922 */
2923 if (!cp->disconnect)
2924 conn = NULL;
2925 }
2926
e0b2b27e
JH		 2927 if (cp->addr.type == BDADDR_LE_PUBLIC)
2928 addr_type = ADDR_LE_DEV_PUBLIC;
2929 else
2930 addr_type = ADDR_LE_DEV_RANDOM;
2931
a7ec7338
JH		 2932 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2933
e0b2b27e
JH		 2934 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2935 }
b0dbfb46 2936
55ed8ca1 2937 if (err < 0) {
2a1afb5a
JH		 2938 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2939 MGMT_STATUS_NOT_PAIRED, &rp,
2940 sizeof(rp));
55ed8ca1
JH		 2941 goto unlock;
2942 }
2943
89cbb063
AA		 2944 /* If the connection variable is set, then termination of the
2945 * link is requested.
2946 */
a8a1d19e 2947 if (!conn) {
2a1afb5a
JH		 2948 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2949 &rp, sizeof(rp));
b1078ad0 2950 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2951 goto unlock;
2952 }
55ed8ca1 2953
124f6e35 2954 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2955 sizeof(*cp));
a8a1d19e
JH		 2956 if (!cmd) {
2957 err = -ENOMEM;
2958 goto unlock;
55ed8ca1
JH		 2959 }
2960
d8b7b1e4
JH		 2961 cmd->cmd_complete = addr_cmd_complete;
2962
eb55ef07 2963 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2964 dc.reason = 0x13; /* Remote User Terminated Connection */
2965 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2966 if (err < 0)
2967 mgmt_pending_remove(cmd);
2968
55ed8ca1 2969unlock:
09fd0de5 2970 hci_dev_unlock(hdev);
55ed8ca1
JH		 2971 return err;
2972}
2973
bdb6d971 2974static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2975 u16 len)
8962ee74 2976{
650f726d 2977 struct mgmt_cp_disconnect *cp = data;
06a63b19 2978 struct mgmt_rp_disconnect rp;
3b0602cd 2979 struct mgmt_pending_cmd *cmd;
8962ee74 2980 struct hci_conn *conn;
8962ee74
JH		 2981 int err;
2982
2983 BT_DBG("");
2984
06a63b19
JH		 2985 memset(&rp, 0, sizeof(rp));
2986 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2987 rp.addr.type = cp->addr.type;
2988
4ee71b20 2989 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2990 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2991 MGMT_STATUS_INVALID_PARAMS,
2992 &rp, sizeof(rp));
4ee71b20 2993
09fd0de5 2994 hci_dev_lock(hdev);
8962ee74
JH		 2995
2996 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2997 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2998 MGMT_STATUS_NOT_POWERED, &rp,
2999 sizeof(rp));
8962ee74
JH		 3000 goto failed;
3001 }
3002
2e58ef3e 3003 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3004 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3005 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3006 goto failed;
3007 }
3008
591f47f3 3009 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3010 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3011 &cp->addr.bdaddr);
88c3df13
JH		 3012 else
3013 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 3014
f960727e 3015 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3016 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3017 MGMT_STATUS_NOT_CONNECTED, &rp,
3018 sizeof(rp));
8962ee74
JH		 3019 goto failed;
3020 }
3021
2e58ef3e 3022 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3023 if (!cmd) {
3024 err = -ENOMEM;
8962ee74 3025 goto failed;
366a0336 3026 }
8962ee74 3027
f5818c22
JH		 3028 cmd->cmd_complete = generic_cmd_complete;
3029
e3f2f92a 3030 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3031 if (err < 0)
a664b5bc 3032 mgmt_pending_remove(cmd);
8962ee74
JH		 3033
3034failed:
09fd0de5 3035 hci_dev_unlock(hdev);
8962ee74
JH		 3036 return err;
3037}
3038
57c1477c 3039static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3040{
3041 switch (link_type) {
3042 case LE_LINK:
48264f06
JH		 3043 switch (addr_type) {
3044 case ADDR_LE_DEV_PUBLIC:
591f47f3 3045 return BDADDR_LE_PUBLIC;
0ed09148 3046
48264f06 3047 default:
0ed09148 3048 /* Fallback to LE Random address type */
591f47f3 3049 return BDADDR_LE_RANDOM;
48264f06 3050 }
0ed09148 3051
4c659c39 3052 default:
0ed09148 3053 /* Fallback to BR/EDR type */
591f47f3 3054 return BDADDR_BREDR;
4c659c39
JH		 3055 }
3056}
3057
04124681
GP		 3058static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3059 u16 data_len)
2784eb41 3060{
2784eb41 3061 struct mgmt_rp_get_connections *rp;
8035ded4 3062 struct hci_conn *c;
a38528f1 3063 size_t rp_len;
60fc5fb6
JH		 3064 int err;
3065 u16 i;
2784eb41
JH		 3066
3067 BT_DBG("");
3068
09fd0de5 3069 hci_dev_lock(hdev);
2784eb41 3070
5f97c1df 3071 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3072 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3073 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3074 goto unlock;
3075 }
3076
60fc5fb6 3077 i = 0;
b644ba33
JH		 3078 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3079 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3080 i++;
2784eb41
JH		 3081 }
3082
60fc5fb6 3083 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3084 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3085 if (!rp) {
2784eb41
JH		 3086 err = -ENOMEM;
3087 goto unlock;
3088 }
3089
2784eb41 3090 i = 0;
4c659c39 3091 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3092 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3093 continue;
4c659c39 3094 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3095 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3096 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3097 continue;
3098 i++;
3099 }
3100
eb55ef07 3101 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3102
4c659c39
JH		 3103 /* Recalculate length in case of filtered SCO connections, etc */
3104 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3105
2a1afb5a
JH		 3106 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3107 rp_len);
2784eb41 3108
a38528f1 3109 kfree(rp);
5f97c1df
JH		 3110
3111unlock:
09fd0de5 3112 hci_dev_unlock(hdev);
2784eb41
JH		 3113 return err;
3114}
3115
bdb6d971 3116static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3117 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3118{
3b0602cd 3119 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3120 int err;
3121
2e58ef3e 3122 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3123 sizeof(*cp));
96d97a67
WR		 3124 if (!cmd)
3125 return -ENOMEM;
3126
d8457698 3127 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3128 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3129 if (err < 0)
3130 mgmt_pending_remove(cmd);
3131
3132 return err;
3133}
3134
bdb6d971 3135static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3136 u16 len)
980e1a53 3137{
96d97a67 3138 struct hci_conn *conn;
650f726d 3139 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3140 struct hci_cp_pin_code_reply reply;
3b0602cd 3141 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3142 int err;
3143
3144 BT_DBG("");
3145
09fd0de5 3146 hci_dev_lock(hdev);
980e1a53 3147
4b34ee78 3148 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3149 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3150 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3151 goto failed;
3152 }
3153
d8457698 3154 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3155 if (!conn) {
a69e8375
JH		 3156 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3157 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3158 goto failed;
3159 }
3160
3161 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3162 struct mgmt_cp_pin_code_neg_reply ncp;
3163
3164 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3165
3166 BT_ERR("PIN code is not 16 bytes long");
3167
bdb6d971 3168 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3169 if (err >= 0)
a69e8375
JH		 3170 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3171 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3172
3173 goto failed;
3174 }
3175
00abfe44 3176 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3177 if (!cmd) {
3178 err = -ENOMEM;
980e1a53 3179 goto failed;
366a0336 3180 }
980e1a53 3181
7776d1d8
JH		 3182 cmd->cmd_complete = addr_cmd_complete;
3183
d8457698 3184 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3185 reply.pin_len = cp->pin_len;
24718ca5 3186 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3187
3188 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3189 if (err < 0)
a664b5bc 3190 mgmt_pending_remove(cmd);
980e1a53
JH		 3191
3192failed:
09fd0de5 3193 hci_dev_unlock(hdev);
980e1a53
JH		 3194 return err;
3195}
3196
04124681
GP		 3197static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3198 u16 len)
17fa4b9d 3199{
650f726d 3200 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3201
3202 BT_DBG("");
3203
4ec86d4c 3204 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3205 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3206 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3207
09fd0de5 3208 hci_dev_lock(hdev);
17fa4b9d
JH		 3209
3210 hdev->io_capability = cp->io_capability;
3211
3212 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3213 hdev->io_capability);
17fa4b9d 3214
09fd0de5 3215 hci_dev_unlock(hdev);
17fa4b9d 3216
2a1afb5a
JH		 3217 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3218 NULL, 0);
17fa4b9d
JH		 3219}
3220
3b0602cd 3221static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3222{
3223 struct hci_dev *hdev = conn->hdev;
3b0602cd 3224 struct mgmt_pending_cmd *cmd;
e9a416b5 3225
2e58ef3e 3226 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3227 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3228 continue;
3229
e9a416b5
JH		 3230 if (cmd->user_data != conn)
3231 continue;
3232
3233 return cmd;
3234 }
3235
3236 return NULL;
3237}
3238
3b0602cd 3239static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3240{
3241 struct mgmt_rp_pair_device rp;
3242 struct hci_conn *conn = cmd->user_data;
9df74653 3243 int err;
e9a416b5 3244
61b1a7fb
JH		 3245 bacpy(&rp.addr.bdaddr, &conn->dst);
3246 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3247
2a1afb5a
JH		 3248 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3249 status, &rp, sizeof(rp));
e9a416b5
JH		 3250
3251 /* So we don't get further callbacks for this connection */
3252 conn->connect_cfm_cb = NULL;
3253 conn->security_cfm_cb = NULL;
3254 conn->disconn_cfm_cb = NULL;
3255
76a68ba0 3256 hci_conn_drop(conn);
89cbb063
AA		 3257
3258 /* The device is paired so there is no need to remove
3259 * its connection parameters anymore.
3260 */
3261 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3262
3263 hci_conn_put(conn);
9df74653
JH		 3264
3265 return err;
e9a416b5
JH		 3266}
3267
f4a407be
JH		 3268void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3269{
3270 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3271 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3272
3273 cmd = find_pairing(conn);
a511b35b 3274 if (cmd) {
04ab2749 3275 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3276 mgmt_pending_remove(cmd);
3277 }
f4a407be
JH		 3278}
3279
e9a416b5
JH		 3280static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3281{
3b0602cd 3282 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3283
3284 BT_DBG("status %u", status);
3285
3286 cmd = find_pairing(conn);
a511b35b 3287 if (!cmd) {
e9a416b5 3288 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3289 return;
3290 }
3291
3292 cmd->cmd_complete(cmd, mgmt_status(status));
3293 mgmt_pending_remove(cmd);
e9a416b5
JH		 3294}
3295
f4a407be 3296static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3297{
3b0602cd 3298 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3299
3300 BT_DBG("status %u", status);
3301
3302 if (!status)
3303 return;
3304
3305 cmd = find_pairing(conn);
a511b35b 3306 if (!cmd) {
4c47d739 3307 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3308 return;
3309 }
3310
3311 cmd->cmd_complete(cmd, mgmt_status(status));
3312 mgmt_pending_remove(cmd);
4c47d739
VA		 3313}
3314
bdb6d971 3315static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3316 u16 len)
e9a416b5 3317{
650f726d 3318 struct mgmt_cp_pair_device *cp = data;
1425acb7 3319 struct mgmt_rp_pair_device rp;
3b0602cd 3320 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3321 u8 sec_level, auth_type;
3322 struct hci_conn *conn;
e9a416b5
JH		 3323 int err;
3324
3325 BT_DBG("");
3326
f950a30e
SJ		 3327 memset(&rp, 0, sizeof(rp));
3328 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3329 rp.addr.type = cp->addr.type;
3330
4ee71b20 3331 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3332 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3333 MGMT_STATUS_INVALID_PARAMS,
3334 &rp, sizeof(rp));
4ee71b20 3335
4ec86d4c 3336 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3337 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3338 MGMT_STATUS_INVALID_PARAMS,
3339 &rp, sizeof(rp));
4ec86d4c 3340
09fd0de5 3341 hci_dev_lock(hdev);
e9a416b5 3342
5f97c1df 3343 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3344 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3345 MGMT_STATUS_NOT_POWERED, &rp,
3346 sizeof(rp));
5f97c1df
JH		 3347 goto unlock;
3348 }
3349
55e76b38
JH		 3350 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3351 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3352 MGMT_STATUS_ALREADY_PAIRED, &rp,
3353 sizeof(rp));
3354 goto unlock;
3355 }
3356
c908df36 3357 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3358 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3359
6f77d8c7 3360 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3361 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3362 auth_type);
6f77d8c7
AG		 3363 } else {
3364 u8 addr_type;
3365
3366 /* Convert from L2CAP channel address type to HCI address type
3367 */
3368 if (cp->addr.type == BDADDR_LE_PUBLIC)
3369 addr_type = ADDR_LE_DEV_PUBLIC;
3370 else
3371 addr_type = ADDR_LE_DEV_RANDOM;
3372
7c264b10
MH		 3373 /* When pairing a new device, it is expected to remember
3374 * this device for future connections. Adding the connection
3375 * parameter information ahead of time allows tracking
3376 * of the slave preferred values and will speed up any
3377 * further connection establishment.
3378 *
3379 * If connection parameters already exist, then they
3380 * will be kept and this function does nothing.
3381 */
3382 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3383
6f77d8c7 3384 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3385 sec_level, HCI_LE_CONN_TIMEOUT,
3386 HCI_ROLE_MASTER);
6f77d8c7 3387 }
7a512d01 3388
30e76272 3389 if (IS_ERR(conn)) {
489dc48e
AK		 3390 int status;
3391
3392 if (PTR_ERR(conn) == -EBUSY)
3393 status = MGMT_STATUS_BUSY;
faa81030
LR		 3394 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3395 status = MGMT_STATUS_NOT_SUPPORTED;
3396 else if (PTR_ERR(conn) == -ECONNREFUSED)
3397 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3398 else
3399 status = MGMT_STATUS_CONNECT_FAILED;
3400
2a1afb5a
JH		 3401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3402 status, &rp, sizeof(rp));
e9a416b5
JH		 3403 goto unlock;
3404 }
3405
3406 if (conn->connect_cfm_cb) {
76a68ba0 3407 hci_conn_drop(conn);
2a1afb5a
JH		 3408 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3409 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3410 goto unlock;
3411 }
3412
2e58ef3e 3413 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3414 if (!cmd) {
3415 err = -ENOMEM;
76a68ba0 3416 hci_conn_drop(conn);
e9a416b5
JH		 3417 goto unlock;
3418 }
3419
04ab2749
JH		 3420 cmd->cmd_complete = pairing_complete;
3421
7a512d01 3422 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3423 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3424 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3425 conn->security_cfm_cb = pairing_complete_cb;
3426 conn->disconn_cfm_cb = pairing_complete_cb;
3427 } else {
3428 conn->connect_cfm_cb = le_pairing_complete_cb;
3429 conn->security_cfm_cb = le_pairing_complete_cb;
3430 conn->disconn_cfm_cb = le_pairing_complete_cb;
3431 }
7a512d01 3432
e9a416b5 3433 conn->io_capability = cp->io_cap;
f8aaf9b6 3434 cmd->user_data = hci_conn_get(conn);
e9a416b5 3435
6f78fd4b 3436 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3437 hci_conn_security(conn, sec_level, auth_type, true)) {
3438 cmd->cmd_complete(cmd, 0);
3439 mgmt_pending_remove(cmd);
3440 }
e9a416b5
JH		 3441
3442 err = 0;
3443
3444unlock:
09fd0de5 3445 hci_dev_unlock(hdev);
e9a416b5
JH		 3446 return err;
3447}
3448
04124681
GP		 3449static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3450 u16 len)
28424707 3451{
0f4e68cf 3452 struct mgmt_addr_info *addr = data;
3b0602cd 3453 struct mgmt_pending_cmd *cmd;
28424707
JH		 3454 struct hci_conn *conn;
3455 int err;
3456
3457 BT_DBG("");
3458
28424707
JH		 3459 hci_dev_lock(hdev);
3460
5f97c1df 3461 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3462 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3463 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3464 goto unlock;
3465 }
3466
28424707
JH		 3467 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3468 if (!cmd) {
a69e8375
JH		 3469 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3470 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3471 goto unlock;
3472 }
3473
3474 conn = cmd->user_data;
3475
3476 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3477 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3478 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3479 goto unlock;
3480 }
3481
a511b35b
JH		 3482 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3483 mgmt_pending_remove(cmd);
28424707 3484
2a1afb5a
JH		 3485 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3486 addr, sizeof(*addr));
28424707
JH		 3487unlock:
3488 hci_dev_unlock(hdev);
28424707
JH		 3489 return err;
3490}
3491
bdb6d971 3492static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3493 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3494 u16 hci_op, __le32 passkey)
a5c29683 3495{
3b0602cd 3496 struct mgmt_pending_cmd *cmd;
0df4c185 3497 struct hci_conn *conn;
a5c29683
JH		 3498 int err;
3499
09fd0de5 3500 hci_dev_lock(hdev);
08ba5382 3501
4b34ee78 3502 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3503 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3504 MGMT_STATUS_NOT_POWERED, addr,
3505 sizeof(*addr));
0df4c185 3506 goto done;
a5c29683
JH		 3507 }
3508
1707c60e
JH		 3509 if (addr->type == BDADDR_BREDR)
3510 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3511 else
1707c60e 3512 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3513
3514 if (!conn) {
2a1afb5a
JH		 3515 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3516 MGMT_STATUS_NOT_CONNECTED, addr,
3517 sizeof(*addr));
272d90df
JH		 3518 goto done;
3519 }
47c15e2b 3520
1707c60e 3521 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3522 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3523 if (!err)
2a1afb5a
JH		 3524 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3525 MGMT_STATUS_SUCCESS, addr,
3526 sizeof(*addr));
5fe57d9e 3527 else
2a1afb5a
JH		 3528 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3529 MGMT_STATUS_FAILED, addr,
3530 sizeof(*addr));
47c15e2b 3531
47c15e2b
BG		 3532 goto done;
3533 }
3534
1707c60e 3535 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3536 if (!cmd) {
3537 err = -ENOMEM;
0df4c185 3538 goto done;
a5c29683
JH		 3539 }
3540
7776d1d8
JH		 3541 cmd->cmd_complete = addr_cmd_complete;
3542
0df4c185 3543 /* Continue with pairing via HCI */
604086b7
BG		 3544 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3545 struct hci_cp_user_passkey_reply cp;
3546
1707c60e 3547 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3548 cp.passkey = passkey;
3549 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3550 } else
1707c60e
JH		 3551 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3552 &addr->bdaddr);
604086b7 3553
a664b5bc
JH		 3554 if (err < 0)
3555 mgmt_pending_remove(cmd);
a5c29683 3556
0df4c185 3557done:
09fd0de5 3558 hci_dev_unlock(hdev);
a5c29683
JH		 3559 return err;
3560}
3561
afeb019d
JK		 3562static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3563 void *data, u16 len)
3564{
3565 struct mgmt_cp_pin_code_neg_reply *cp = data;
3566
3567 BT_DBG("");
3568
1707c60e 3569 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3570 MGMT_OP_PIN_CODE_NEG_REPLY,
3571 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3572}
3573
04124681
GP		 3574static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3575 u16 len)
0df4c185 3576{
650f726d 3577 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3578
3579 BT_DBG("");
3580
3581 if (len != sizeof(*cp))
a69e8375
JH		 3582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3583 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3584
1707c60e 3585 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3586 MGMT_OP_USER_CONFIRM_REPLY,
3587 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3588}
3589
bdb6d971 3590static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3591 void *data, u16 len)
0df4c185 3592{
c9c2659f 3593 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3594
3595 BT_DBG("");
3596
1707c60e 3597 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3598 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3599 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3600}
3601
04124681
GP		 3602static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3603 u16 len)
604086b7 3604{
650f726d 3605 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3606
3607 BT_DBG("");
3608
1707c60e 3609 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3610 MGMT_OP_USER_PASSKEY_REPLY,
3611 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3612}
3613
bdb6d971 3614static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3615 void *data, u16 len)
604086b7 3616{
650f726d 3617 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3618
3619 BT_DBG("");
3620
1707c60e 3621 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3622 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3623 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3624}
3625
13928971 3626static void update_name(struct hci_request *req)
2b4bf397 3627{
13928971 3628 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3629 struct hci_cp_write_local_name cp;
3630
13928971 3631 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3632
890ea898 3633 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3634}
3635
1904a853 3636static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3637{
3638 struct mgmt_cp_set_local_name *cp;
3b0602cd 3639 struct mgmt_pending_cmd *cmd;
13928971
JH		 3640
3641 BT_DBG("status 0x%02x", status);
3642
3643 hci_dev_lock(hdev);
3644
3645 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3646 if (!cmd)
3647 goto unlock;
3648
3649 cp = cmd->param;
3650
3651 if (status)
a69e8375
JH		 3652 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3653 mgmt_status(status));
13928971 3654 else
2a1afb5a
JH		 3655 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3656 cp, sizeof(*cp));
13928971
JH		 3657
3658 mgmt_pending_remove(cmd);
3659
3660unlock:
3661 hci_dev_unlock(hdev);
3662}
3663
bdb6d971 3664static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3665 u16 len)
b312b161 3666{
2b4bf397 3667 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3668 struct mgmt_pending_cmd *cmd;
890ea898 3669 struct hci_request req;
b312b161
JH		 3670 int err;
3671
3672 BT_DBG("");
3673
09fd0de5 3674 hci_dev_lock(hdev);
b312b161 3675
b3f2ca94
JH		 3676 /* If the old values are the same as the new ones just return a
3677 * direct command complete event.
3678 */
3679 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3680 !memcmp(hdev->short_name, cp->short_name,
3681 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3682 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3683 data, len);
b3f2ca94
JH		 3684 goto failed;
3685 }
3686
2b4bf397 3687 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3688
b5235a65 3689 if (!hdev_is_powered(hdev)) {
2b4bf397 3690 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3691
2a1afb5a
JH		 3692 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3693 data, len);
28cc7bde
JH		 3694 if (err < 0)
3695 goto failed;
3696
f6b7712e
MH		 3697 err = mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev,
3698 data, len, sk);
28cc7bde 3699
b5235a65
JH		 3700 goto failed;
3701 }
3702
28cc7bde 3703 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3704 if (!cmd) {
3705 err = -ENOMEM;
3706 goto failed;
3707 }
3708
13928971
JH		 3709 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3710
890ea898 3711 hci_req_init(&req, hdev);
3f985050
JH		 3712
3713 if (lmp_bredr_capable(hdev)) {
3714 update_name(&req);
3715 update_eir(&req);
3716 }
3717
7a5f4990
MH		 3718 /* The name is stored in the scan response data and so
3719 * no need to udpate the advertising data here.
3720 */
3f985050 3721 if (lmp_le_capable(hdev))
7a5f4990 3722 update_scan_rsp_data(&req);
3f985050 3723
13928971 3724 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3725 if (err < 0)
3726 mgmt_pending_remove(cmd);
3727
3728failed:
09fd0de5 3729 hci_dev_unlock(hdev);
b312b161
JH		 3730 return err;
3731}
3732
0f4e68cf 3733static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3734 void *data, u16 data_len)
c35938b2 3735{
3b0602cd 3736 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3737 int err;
3738
bdb6d971 3739 BT_DBG("%s", hdev->name);
c35938b2 3740
09fd0de5 3741 hci_dev_lock(hdev);
c35938b2 3742
4b34ee78 3743 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3745 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3746 goto unlock;
3747 }
3748
9a1a1996 3749 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3750 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3751 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3752 goto unlock;
3753 }
3754
2e58ef3e 3755 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3756 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3757 MGMT_STATUS_BUSY);
c35938b2
SJ		 3758 goto unlock;
3759 }
3760
2e58ef3e 3761 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3762 if (!cmd) {
3763 err = -ENOMEM;
3764 goto unlock;
3765 }
3766
710f11c0 3767 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3768 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3769 0, NULL);
3770 else
3771 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3772
c35938b2
SJ		 3773 if (err < 0)
3774 mgmt_pending_remove(cmd);
3775
3776unlock:
09fd0de5 3777 hci_dev_unlock(hdev);
c35938b2
SJ		 3778 return err;
3779}
3780
bdb6d971 3781static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3782 void *data, u16 len)
2763eda6 3783{
5d57e796 3784 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3785 int err;
3786
bdb6d971 3787 BT_DBG("%s ", hdev->name);
2763eda6 3788
5d57e796 3789 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3790 return mgmt_cmd_complete(sk, hdev->id,
3791 MGMT_OP_ADD_REMOTE_OOB_DATA,
3792 MGMT_STATUS_INVALID_PARAMS,
3793 addr, sizeof(*addr));
5d57e796 3794
09fd0de5 3795 hci_dev_lock(hdev);
2763eda6 3796
ec109113
MH		 3797 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3798 struct mgmt_cp_add_remote_oob_data *cp = data;
3799 u8 status;
bf1e3541 3800
c19a495c 3801 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3802 err = mgmt_cmd_complete(sk, hdev->id,
3803 MGMT_OP_ADD_REMOTE_OOB_DATA,
3804 MGMT_STATUS_INVALID_PARAMS,
3805 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3806 goto unlock;
3807 }
3808
ec109113 3809 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3810 cp->addr.type, cp->hash,
3811 cp->rand, NULL, NULL);
ec109113
MH		 3812 if (err < 0)
3813 status = MGMT_STATUS_FAILED;
3814 else
3815 status = MGMT_STATUS_SUCCESS;
3816
2a1afb5a
JH		 3817 err = mgmt_cmd_complete(sk, hdev->id,
3818 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3819 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3820 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3821 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3822 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3823 u8 status;
3824
86df9200 3825 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3826 /* Enforce zero-valued 192-bit parameters as
3827 * long as legacy SMP OOB isn't implemented.
3828 */
3829 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3830 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3831 err = mgmt_cmd_complete(sk, hdev->id,
3832 MGMT_OP_ADD_REMOTE_OOB_DATA,
3833 MGMT_STATUS_INVALID_PARAMS,
3834 addr, sizeof(*addr));
d25b78e2
JH		 3835 goto unlock;
3836 }
3837
86df9200
JH		 3838 rand192 = NULL;
3839 hash192 = NULL;
3840 } else {
41bcfd50
MH		 3841 /* In case one of the P-192 values is set to zero,
3842 * then just disable OOB data for P-192.
3843 */
3844 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3845 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3846 rand192 = NULL;
3847 hash192 = NULL;
3848 } else {
3849 rand192 = cp->rand192;
3850 hash192 = cp->hash192;
3851 }
3852 }
3853
3854 /* In case one of the P-256 values is set to zero, then just
3855 * disable OOB data for P-256.
3856 */
3857 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3858 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3859 rand256 = NULL;
3860 hash256 = NULL;
3861 } else {
3862 rand256 = cp->rand256;
3863 hash256 = cp->hash256;
86df9200
JH		 3864 }
3865
81328d5c 3866 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3867 cp->addr.type, hash192, rand192,
41bcfd50 3868 hash256, rand256);
ec109113
MH		 3869 if (err < 0)
3870 status = MGMT_STATUS_FAILED;
3871 else
3872 status = MGMT_STATUS_SUCCESS;
3873
2a1afb5a
JH		 3874 err = mgmt_cmd_complete(sk, hdev->id,
3875 MGMT_OP_ADD_REMOTE_OOB_DATA,
3876 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3877 } else {
3878 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3879 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3880 MGMT_STATUS_INVALID_PARAMS);
ec109113 3881 }
2763eda6 3882
c19a495c 3883unlock:
09fd0de5 3884 hci_dev_unlock(hdev);
2763eda6
SJ		 3885 return err;
3886}
3887
bdb6d971 3888static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3889 void *data, u16 len)
2763eda6 3890{
650f726d 3891 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3892 u8 status;
2763eda6
SJ		 3893 int err;
3894
bdb6d971 3895 BT_DBG("%s", hdev->name);
2763eda6 3896
c19a495c 3897 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3898 return mgmt_cmd_complete(sk, hdev->id,
3899 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3900 MGMT_STATUS_INVALID_PARAMS,
3901 &cp->addr, sizeof(cp->addr));
c19a495c 3902
09fd0de5 3903 hci_dev_lock(hdev);
2763eda6 3904
eedbd581
JH		 3905 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3906 hci_remote_oob_data_clear(hdev);
3907 status = MGMT_STATUS_SUCCESS;
3908 goto done;
3909 }
3910
6928a924 3911 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3912 if (err < 0)
bf1e3541 3913 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3914 else
a6785be2 3915 status = MGMT_STATUS_SUCCESS;
bf1e3541 3916
eedbd581 3917done:
2a1afb5a
JH		 3918 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3919 status, &cp->addr, sizeof(cp->addr));
2763eda6 3920
09fd0de5 3921 hci_dev_unlock(hdev);
2763eda6
SJ		 3922 return err;
3923}
3924
812abb13 3925static bool trigger_bredr_inquiry(struct hci_request *req, u8 *status)
41dc2bd6 3926{
8019044d 3927 struct hci_dev *hdev = req->hdev;
812abb13 3928 struct hci_cp_inquiry cp;
8019044d
MH		 3929 /* General inquiry access code (GIAC) */
3930 u8 lap[3] = { 0x33, 0x8b, 0x9e };
812abb13
JP		 3931
3932 *status = mgmt_bredr_support(hdev);
3933 if (*status)
3934 return false;
3935
3936 if (hci_dev_test_flag(hdev, HCI_INQUIRY)) {
3937 *status = MGMT_STATUS_BUSY;
3938 return false;
3939 }
3940
3941 hci_inquiry_cache_flush(hdev);
3942
3943 memset(&cp, 0, sizeof(cp));
3944 memcpy(&cp.lap, lap, sizeof(cp.lap));
3945 cp.length = DISCOV_BREDR_INQUIRY_LEN;
3946
3947 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
3948
3949 return true;
3950}
3951
3952static bool trigger_le_scan(struct hci_request *req, u16 interval, u8 *status)
3953{
3954 struct hci_dev *hdev = req->hdev;
3955 struct hci_cp_le_set_scan_param param_cp;
3956 struct hci_cp_le_set_scan_enable enable_cp;
8019044d 3957 u8 own_addr_type;
41dc2bd6
AG		 3958 int err;
3959
812abb13
JP		 3960 *status = mgmt_le_support(hdev);
3961 if (*status)
3962 return false;
41dc2bd6 3963
812abb13
JP		 3964 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
3965 /* Don't let discovery abort an outgoing connection attempt
3966 * that's using directed advertising.
3967 */
3968 if (hci_conn_hash_lookup_state(hdev, LE_LINK, BT_CONNECT)) {
3969 *status = MGMT_STATUS_REJECTED;
8019044d
MH		 3970 return false;
3971 }
41dc2bd6 3972
812abb13
JP		 3973 disable_advertising(req);
3974 }
41dc2bd6 3975
812abb13
JP		 3976 /* If controller is scanning, it means the background scanning is
3977 * running. Thus, we should temporarily stop it in order to set the
3978 * discovery scanning parameters.
3979 */
3980 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
3981 hci_req_add_le_scan_disable(req);
41dc2bd6 3982
812abb13
JP		 3983 /* All active scans will be done with either a resolvable private
3984 * address (when privacy feature has been enabled) or non-resolvable
3985 * private address.
3986 */
3987 err = hci_update_random_address(req, true, &own_addr_type);
3988 if (err < 0) {
3989 *status = MGMT_STATUS_FAILED;
3990 return false;
3991 }
8019044d 3992
812abb13
JP		 3993 memset(&param_cp, 0, sizeof(param_cp));
3994 param_cp.type = LE_SCAN_ACTIVE;
3995 param_cp.interval = cpu_to_le16(interval);
3996 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3997 param_cp.own_address_type = own_addr_type;
8019044d 3998
812abb13
JP		 3999 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
4000 &param_cp);
8019044d 4001
812abb13
JP		 4002 memset(&enable_cp, 0, sizeof(enable_cp));
4003 enable_cp.enable = LE_SCAN_ENABLE;
4004 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
8019044d 4005
812abb13
JP		 4006 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
4007 &enable_cp);
4008
4009 return true;
4010}
8019044d 4011
812abb13
JP		 4012static bool trigger_discovery(struct hci_request *req, u8 *status)
4013{
4014 struct hci_dev *hdev = req->hdev;
8019044d 4015
812abb13
JP		 4016 switch (hdev->discovery.type) {
4017 case DISCOV_TYPE_BREDR:
4018 if (!trigger_bredr_inquiry(req, status))
4019 return false;
4020 break;
4021
4022 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4023 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY,
4024 &hdev->quirks)) {
4025 /* During simultaneous discovery, we double LE scan
4026 * interval. We must leave some time for the controller
4027 * to do BR/EDR inquiry.
4028 */
4029 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT * 2,
4030 status))
4031 return false;
4032
4033 if (!trigger_bredr_inquiry(req, status))
4034 return false;
4035
4036 return true;
4037 }
4038
812abb13
JP		 4039 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4040 *status = MGMT_STATUS_NOT_SUPPORTED;
8019044d
MH		 4041 return false;
4042 }
812abb13 4043 /* fall through */
8019044d 4044
812abb13
JP		 4045 case DISCOV_TYPE_LE:
4046 if (!trigger_le_scan(req, DISCOV_LE_SCAN_INT, status))
4047 return false;
8019044d
MH		 4048 break;
4049
4050 default:
4051 *status = MGMT_STATUS_INVALID_PARAMS;
4052 return false;
4053 }
4054
4055 return true;
41dc2bd6
AG		 4056}
4057
1904a853
MH		 4058static void start_discovery_complete(struct hci_dev *hdev, u8 status,
4059 u16 opcode)
7c307720 4060{
3b0602cd 4061 struct mgmt_pending_cmd *cmd;
11e6e25d 4062 unsigned long timeout;
ae55f598 4063
7c307720
AG		 4064 BT_DBG("status %d", status);
4065
11e6e25d 4066 hci_dev_lock(hdev);
41dc2bd6 4067
11e6e25d 4068 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 4069 if (!cmd)
4070 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
4071
11e6e25d 4072 if (cmd) {
2922a94f 4073 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 4074 mgmt_pending_remove(cmd);
4075 }
7c307720
AG		 4076
4077 if (status) {
11e6e25d
MH		 4078 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4079 goto unlock;
7c307720
AG		 4080 }
4081
7c307720 4082 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 4083
2d28cfe7
JP		 4084 /* If the scan involves LE scan, pick proper timeout to schedule
4085 * hdev->le_scan_disable that will stop it.
4086 */
7c307720
AG		 4087 switch (hdev->discovery.type) {
4088 case DISCOV_TYPE_LE:
3d5a76f0 4089 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 4090 break;
7c307720 4091 case DISCOV_TYPE_INTERLEAVED:
07d2334a
JP		 4092 /* When running simultaneous discovery, the LE scanning time
4093 * should occupy the whole discovery time sine BR/EDR inquiry
4094 * and LE scanning are scheduled by the controller.
4095 *
4096 * For interleaving discovery in comparison, BR/EDR inquiry
4097 * and LE scanning are done sequentially with separate
4098 * timeouts.
4099 */
4100 if (test_bit(HCI_QUIRK_SIMULTANEOUS_DISCOVERY, &hdev->quirks))
4101 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
4102 else
4103 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 4104 break;
7c307720 4105 case DISCOV_TYPE_BREDR:
11e6e25d 4106 timeout = 0;
7c307720 4107 break;
7c307720
AG		 4108 default:
4109 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 4110 timeout = 0;
4111 break;
7c307720 4112 }
ae55f598 4113
2d28cfe7
JP		 4114 if (timeout) {
4115 /* When service discovery is used and the controller has
4116 * a strict duplicate filter, it is important to remember
4117 * the start and duration of the scan. This is required
4118 * for restarting scanning during the discovery phase.
4119 */
4120 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4121 &hdev->quirks) &&
82f8b651 4122 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4123 hdev->discovery.scan_start = jiffies;
4124 hdev->discovery.scan_duration = timeout;
4125 }
4126
11e6e25d
MH		 4127 queue_delayed_work(hdev->workqueue,
4128 &hdev->le_scan_disable, timeout);
2d28cfe7 4129 }
ae55f598 4130
11e6e25d
MH		 4131unlock:
4132 hci_dev_unlock(hdev);
7c307720
AG		 4133}
4134
bdb6d971 4135static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4136 void *data, u16 len)
14a53664 4137{
650f726d 4138 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4139 struct mgmt_pending_cmd *cmd;
7c307720 4140 struct hci_request req;
8019044d 4141 u8 status;
14a53664
JH		 4142 int err;
4143
bdb6d971 4144 BT_DBG("%s", hdev->name);
14a53664 4145
09fd0de5 4146 hci_dev_lock(hdev);
14a53664 4147
4b34ee78 4148 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4149 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4150 MGMT_STATUS_NOT_POWERED,
4151 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4152 goto failed;
4153 }
4154
f5a969f2 4155 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4156 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4157 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4158 MGMT_STATUS_BUSY, &cp->type,
4159 sizeof(cp->type));
642be6c7
AG		 4160 goto failed;
4161 }
4162
2922a94f 4163 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4164 if (!cmd) {
4165 err = -ENOMEM;
4166 goto failed;
4167 }
4168
2922a94f
JH		 4169 cmd->cmd_complete = generic_cmd_complete;
4170
22078800
MH		 4171 /* Clear the discovery filter first to free any previously
4172 * allocated memory for the UUID list.
4173 */
4174 hci_discovery_filter_clear(hdev);
4175
4aab14e5 4176 hdev->discovery.type = cp->type;
da25cf6a 4177 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4178
7c307720
AG		 4179 hci_req_init(&req, hdev);
4180
8019044d 4181 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4182 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4183 status, &cp->type, sizeof(cp->type));
04106755
JH		 4184 mgmt_pending_remove(cmd);
4185 goto failed;
f39799f5 4186 }
04106755 4187
7c307720 4188 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4189 if (err < 0) {
14a53664 4190 mgmt_pending_remove(cmd);
f5a969f2
MH		 4191 goto failed;
4192 }
7c307720 4193
f5a969f2 4194 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4195
14a53664 4196failed:
09fd0de5 4197 hci_dev_unlock(hdev);
14a53664
JH		 4198 return err;
4199}
f39799f5 4200
3b0602cd
JH		 4201static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4202 u8 status)
2922a94f 4203{
2a1afb5a
JH		 4204 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4205 cmd->param, 1);
2922a94f 4206}
04106755 4207
66ea9427
JP		 4208static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4209 void *data, u16 len)
4210{
4211 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4212 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4213 struct hci_request req;
4214 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4215 u16 uuid_count, expected_len;
4216 u8 status;
4217 int err;
04106755 4218
66ea9427 4219 BT_DBG("%s", hdev->name);
e8bb6b97 4220
66ea9427 4221 hci_dev_lock(hdev);
7c307720 4222
66ea9427 4223 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4224 err = mgmt_cmd_complete(sk, hdev->id,
4225 MGMT_OP_START_SERVICE_DISCOVERY,
4226 MGMT_STATUS_NOT_POWERED,
4227 &cp->type, sizeof(cp->type));
66ea9427
JP		 4228 goto failed;
4229 }
7c307720 4230
66ea9427 4231 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4232 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4233 err = mgmt_cmd_complete(sk, hdev->id,
4234 MGMT_OP_START_SERVICE_DISCOVERY,
4235 MGMT_STATUS_BUSY, &cp->type,
4236 sizeof(cp->type));
66ea9427
JP		 4237 goto failed;
4238 }
d9483943 4239
66ea9427
JP		 4240 uuid_count = __le16_to_cpu(cp->uuid_count);
4241 if (uuid_count > max_uuid_count) {
4242 BT_ERR("service_discovery: too big uuid_count value %u",
4243 uuid_count);
2a1afb5a
JH		 4244 err = mgmt_cmd_complete(sk, hdev->id,
4245 MGMT_OP_START_SERVICE_DISCOVERY,
4246 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4247 sizeof(cp->type));
66ea9427
JP		 4248 goto failed;
4249 }
4250
4251 expected_len = sizeof(*cp) + uuid_count * 16;
4252 if (expected_len != len) {
4253 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4254 expected_len, len);
2a1afb5a
JH		 4255 err = mgmt_cmd_complete(sk, hdev->id,
4256 MGMT_OP_START_SERVICE_DISCOVERY,
4257 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4258 sizeof(cp->type));
66ea9427
JP		 4259 goto failed;
4260 }
4261
4262 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4263 hdev, data, len);
66ea9427
JP		 4264 if (!cmd) {
4265 err = -ENOMEM;
4266 goto failed;
4267 }
4268
2922a94f
JH		 4269 cmd->cmd_complete = service_discovery_cmd_complete;
4270
22078800
MH		 4271 /* Clear the discovery filter first to free any previously
4272 * allocated memory for the UUID list.
4273 */
4274 hci_discovery_filter_clear(hdev);
4275
82f8b651 4276 hdev->discovery.result_filtering = true;
66ea9427
JP		 4277 hdev->discovery.type = cp->type;
4278 hdev->discovery.rssi = cp->rssi;
4279 hdev->discovery.uuid_count = uuid_count;
4280
4281 if (uuid_count > 0) {
4282 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4283 GFP_KERNEL);
4284 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4285 err = mgmt_cmd_complete(sk, hdev->id,
4286 MGMT_OP_START_SERVICE_DISCOVERY,
4287 MGMT_STATUS_FAILED,
4288 &cp->type, sizeof(cp->type));
d9483943
JH		 4289 mgmt_pending_remove(cmd);
4290 goto failed;
4291 }
66ea9427 4292 }
d9483943 4293
66ea9427 4294 hci_req_init(&req, hdev);
5e0452c0 4295
66ea9427 4296 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4297 err = mgmt_cmd_complete(sk, hdev->id,
4298 MGMT_OP_START_SERVICE_DISCOVERY,
4299 status, &cp->type, sizeof(cp->type));
04106755
JH		 4300 mgmt_pending_remove(cmd);
4301 goto failed;
f39799f5 4302 }
3fd24153 4303
7c307720 4304 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4305 if (err < 0) {
14a53664 4306 mgmt_pending_remove(cmd);
66ea9427
JP		 4307 goto failed;
4308 }
4309
4310 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4311
4312failed:
09fd0de5 4313 hci_dev_unlock(hdev);
14a53664
JH		 4314 return err;
4315}
4316
1904a853 4317static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4318{
3b0602cd 4319 struct mgmt_pending_cmd *cmd;
1183fdca 4320
0e05bba6
AG		 4321 BT_DBG("status %d", status);
4322
4323 hci_dev_lock(hdev);
4324
11e6e25d
MH		 4325 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4326 if (cmd) {
2922a94f 4327 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4328 mgmt_pending_remove(cmd);
0e05bba6
AG		 4329 }
4330
11e6e25d
MH		 4331 if (!status)
4332 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4333
0e05bba6
AG		 4334 hci_dev_unlock(hdev);
4335}
4336
bdb6d971 4337static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4338 u16 len)
14a53664 4339{
d930650b 4340 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4341 struct mgmt_pending_cmd *cmd;
0e05bba6 4342 struct hci_request req;
14a53664
JH		 4343 int err;
4344
bdb6d971 4345 BT_DBG("%s", hdev->name);
14a53664 4346
09fd0de5 4347 hci_dev_lock(hdev);
14a53664 4348
30dc78e1 4349 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4350 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4351 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4352 sizeof(mgmt_cp->type));
d930650b
JH		 4353 goto unlock;
4354 }
4355
4356 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4357 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4358 MGMT_STATUS_INVALID_PARAMS,
4359 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4360 goto unlock;
ff9ef578
JH		 4361 }
4362
2922a94f 4363 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4364 if (!cmd) {
4365 err = -ENOMEM;
30dc78e1
JH		 4366 goto unlock;
4367 }
4368
2922a94f
JH		 4369 cmd->cmd_complete = generic_cmd_complete;
4370
0e05bba6
AG		 4371 hci_req_init(&req, hdev);
4372
21a60d30 4373 hci_stop_discovery(&req);
e0d9727e 4374
21a60d30
JH		 4375 err = hci_req_run(&req, stop_discovery_complete);
4376 if (!err) {
4377 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4378 goto unlock;
14a53664
JH		 4379 }
4380
21a60d30
JH		 4381 mgmt_pending_remove(cmd);
4382
4383 /* If no HCI commands were sent we're done */
4384 if (err == -ENODATA) {
2a1afb5a
JH		 4385 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4386 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4387 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4388 }
14a53664 4389
30dc78e1 4390unlock:
09fd0de5 4391 hci_dev_unlock(hdev);
14a53664
JH		 4392 return err;
4393}
4394
bdb6d971 4395static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4396 u16 len)
561aafbc 4397{
650f726d 4398 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4399 struct inquiry_entry *e;
561aafbc
JH		 4400 int err;
4401
bdb6d971 4402 BT_DBG("%s", hdev->name);
561aafbc 4403
561aafbc
JH		 4404 hci_dev_lock(hdev);
4405
30dc78e1 4406 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4407 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4408 MGMT_STATUS_FAILED, &cp->addr,
4409 sizeof(cp->addr));
30dc78e1
JH		 4410 goto failed;
4411 }
4412
a198e7b1 4413 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4414 if (!e) {
2a1afb5a
JH		 4415 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4416 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4417 sizeof(cp->addr));
561aafbc
JH		 4418 goto failed;
4419 }
4420
4421 if (cp->name_known) {
4422 e->name_state = NAME_KNOWN;
4423 list_del(&e->list);
4424 } else {
4425 e->name_state = NAME_NEEDED;
a3d4e20a 4426 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4427 }
4428
2a1afb5a
JH		 4429 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4430 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4431
4432failed:
4433 hci_dev_unlock(hdev);
561aafbc
JH		 4434 return err;
4435}
4436
bdb6d971 4437static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4438 u16 len)
7fbec224 4439{
650f726d 4440 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4441 u8 status;
7fbec224
AJ		 4442 int err;
4443
bdb6d971 4444 BT_DBG("%s", hdev->name);
7fbec224 4445
4ee71b20 4446 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4447 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4448 MGMT_STATUS_INVALID_PARAMS,
4449 &cp->addr, sizeof(cp->addr));
4ee71b20 4450
09fd0de5 4451 hci_dev_lock(hdev);
5e762444 4452
dcc36c16
JH		 4453 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4454 cp->addr.type);
2a8357f2 4455 if (err < 0) {
f0eeea8b 4456 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4457 goto done;
4458 }
4459
4460 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4461 sk);
4462 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4463
2a8357f2 4464done:
2a1afb5a
JH		 4465 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4466 &cp->addr, sizeof(cp->addr));
5e762444 4467
09fd0de5 4468 hci_dev_unlock(hdev);
7fbec224
AJ		 4469
4470 return err;
4471}
4472
bdb6d971 4473static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4474 u16 len)
7fbec224 4475{
650f726d 4476 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4477 u8 status;
7fbec224
AJ		 4478 int err;
4479
bdb6d971 4480 BT_DBG("%s", hdev->name);
7fbec224 4481
4ee71b20 4482 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4483 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4484 MGMT_STATUS_INVALID_PARAMS,
4485 &cp->addr, sizeof(cp->addr));
4ee71b20 4486
09fd0de5 4487 hci_dev_lock(hdev);
5e762444 4488
dcc36c16
JH		 4489 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4490 cp->addr.type);
2a8357f2 4491 if (err < 0) {
f0eeea8b 4492 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4493 goto done;
4494 }
4495
4496 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4497 sk);
4498 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4499
2a8357f2 4500done:
2a1afb5a
JH		 4501 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4502 &cp->addr, sizeof(cp->addr));
5e762444 4503
09fd0de5 4504 hci_dev_unlock(hdev);
7fbec224
AJ		 4505
4506 return err;
4507}
4508
cdbaccca
MH		 4509static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4510 u16 len)
4511{
4512 struct mgmt_cp_set_device_id *cp = data;
890ea898 4513 struct hci_request req;
cdbaccca 4514 int err;
c72d4b8a 4515 __u16 source;
cdbaccca
MH		 4516
4517 BT_DBG("%s", hdev->name);
4518
c72d4b8a
SJ		 4519 source = __le16_to_cpu(cp->source);
4520
4521 if (source > 0x0002)
a69e8375
JH		 4522 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4523 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4524
cdbaccca
MH		 4525 hci_dev_lock(hdev);
4526
c72d4b8a 4527 hdev->devid_source = source;
cdbaccca
MH		 4528 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4529 hdev->devid_product = __le16_to_cpu(cp->product);
4530 hdev->devid_version = __le16_to_cpu(cp->version);
4531
2a1afb5a
JH		 4532 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4533 NULL, 0);
cdbaccca 4534
890ea898
JH		 4535 hci_req_init(&req, hdev);
4536 update_eir(&req);
4537 hci_req_run(&req, NULL);
cdbaccca
MH		 4538
4539 hci_dev_unlock(hdev);
4540
4541 return err;
4542}
4543
1904a853
MH		 4544static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4545 u16 opcode)
4375f103
JH		 4546{
4547 struct cmd_lookup match = { NULL, hdev };
4548
3ad67582
JK		 4549 hci_dev_lock(hdev);
4550
4375f103
JH		 4551 if (status) {
4552 u8 mgmt_err = mgmt_status(status);
4553
4554 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4555 cmd_status_rsp, &mgmt_err);
3ad67582 4556 goto unlock;
4375f103
JH		 4557 }
4558
d7a5a11d 4559 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4560 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4561 else
a358dc11 4562 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4563
4375f103
JH		 4564 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4565 &match);
4566
4567 new_settings(hdev, match.sk);
4568
4569 if (match.sk)
4570 sock_put(match.sk);
3ad67582
JK		 4571
4572unlock:
4573 hci_dev_unlock(hdev);
4375f103
JH		 4574}
4575
21b5187f
MH		 4576static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4577 u16 len)
4375f103
JH		 4578{
4579 struct mgmt_mode *cp = data;
3b0602cd 4580 struct mgmt_pending_cmd *cmd;
4375f103 4581 struct hci_request req;
cc91cb04 4582 u8 val, status;
4375f103
JH		 4583 int err;
4584
4585 BT_DBG("request for %s", hdev->name);
4586
e6fe7986
JH		 4587 status = mgmt_le_support(hdev);
4588 if (status)
a69e8375
JH		 4589 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4590 status);
4375f103 4591
cc91cb04 4592 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4593 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4594 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4595
4596 hci_dev_lock(hdev);
4597
4598 val = !!cp->val;
4375f103 4599
f74ca9b8
JH		 4600 /* The following conditions are ones which mean that we should
4601 * not do any HCI communication but directly send a mgmt
4602 * response to user space (after toggling the flag if
4603 * necessary).
4604 */
cc91cb04 4605 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4606 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4607 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4608 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4609 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4610 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4611 bool changed;
4375f103 4612
cc91cb04 4613 if (cp->val) {
238be788 4614 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4615 if (cp->val == 0x02)
a1536da2 4616 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4617 else
a358dc11 4618 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4619 } else {
a69d8927 4620 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4621 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4622 }
4623
4624 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4625 if (err < 0)
4626 goto unlock;
4627
4628 if (changed)
4629 err = new_settings(hdev, sk);
4630
4631 goto unlock;
4632 }
4633
4634 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4635 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4636 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4637 MGMT_STATUS_BUSY);
4375f103
JH		 4638 goto unlock;
4639 }
4640
4641 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4642 if (!cmd) {
4643 err = -ENOMEM;
4644 goto unlock;
4645 }
4646
4647 hci_req_init(&req, hdev);
4648
cc91cb04 4649 if (cp->val == 0x02)
a1536da2 4650 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4651 else
a358dc11 4652 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4653
bba3aa55
MH		 4654 if (val)
4655 enable_advertising(&req);
4656 else
4657 disable_advertising(&req);
4375f103
JH		 4658
4659 err = hci_req_run(&req, set_advertising_complete);
4660 if (err < 0)
4661 mgmt_pending_remove(cmd);
4662
4663unlock:
4664 hci_dev_unlock(hdev);
4665 return err;
4666}
4667
d13eafce
MH		 4668static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4669 void *data, u16 len)
4670{
4671 struct mgmt_cp_set_static_address *cp = data;
4672 int err;
4673
4674 BT_DBG("%s", hdev->name);
4675
62af4443 4676 if (!lmp_le_capable(hdev))
a69e8375
JH		 4677 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4678 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4679
4680 if (hdev_is_powered(hdev))
a69e8375
JH		 4681 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4682 MGMT_STATUS_REJECTED);
d13eafce
MH		 4683
4684 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4685 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4686 return mgmt_cmd_status(sk, hdev->id,
4687 MGMT_OP_SET_STATIC_ADDRESS,
4688 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4689
4690 /* Two most significant bits shall be set */
4691 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4692 return mgmt_cmd_status(sk, hdev->id,
4693 MGMT_OP_SET_STATIC_ADDRESS,
4694 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4695 }
4696
4697 hci_dev_lock(hdev);
4698
4699 bacpy(&hdev->static_addr, &cp->bdaddr);
4700
93690c22
MH		 4701 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4702 if (err < 0)
4703 goto unlock;
4704
4705 err = new_settings(hdev, sk);
d13eafce 4706
93690c22 4707unlock:
d13eafce 4708 hci_dev_unlock(hdev);
d13eafce
MH		 4709 return err;
4710}
4711
14b49b9a
MH		 4712static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4713 void *data, u16 len)
4714{
4715 struct mgmt_cp_set_scan_params *cp = data;
4716 __u16 interval, window;
4717 int err;
4718
4719 BT_DBG("%s", hdev->name);
4720
4721 if (!lmp_le_capable(hdev))
a69e8375
JH		 4722 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4723 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4724
4725 interval = __le16_to_cpu(cp->interval);
4726
4727 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4728 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4729 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4730
4731 window = __le16_to_cpu(cp->window);
4732
4733 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4734 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4735 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4736
899e1075 4737 if (window > interval)
a69e8375
JH		 4738 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4739 MGMT_STATUS_INVALID_PARAMS);
899e1075 4740
14b49b9a
MH		 4741 hci_dev_lock(hdev);
4742
4743 hdev->le_scan_interval = interval;
4744 hdev->le_scan_window = window;
4745
2a1afb5a
JH		 4746 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4747 NULL, 0);
14b49b9a 4748
dd2ef8e2
AG		 4749 /* If background scan is running, restart it so new parameters are
4750 * loaded.
4751 */
d7a5a11d 4752 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4753 hdev->discovery.state == DISCOVERY_STOPPED) {
4754 struct hci_request req;
4755
4756 hci_req_init(&req, hdev);
4757
4758 hci_req_add_le_scan_disable(&req);
4759 hci_req_add_le_passive_scan(&req);
4760
4761 hci_req_run(&req, NULL);
4762 }
4763
14b49b9a
MH		 4764 hci_dev_unlock(hdev);
4765
4766 return err;
4767}
4768
1904a853
MH		 4769static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4770 u16 opcode)
33e38b3e 4771{
3b0602cd 4772 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4773
4774 BT_DBG("status 0x%02x", status);
4775
4776 hci_dev_lock(hdev);
4777
4778 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4779 if (!cmd)
4780 goto unlock;
4781
4782 if (status) {
a69e8375
JH		 4783 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4784 mgmt_status(status));
33e38b3e 4785 } else {
1a4d3c4b
JH		 4786 struct mgmt_mode *cp = cmd->param;
4787
4788 if (cp->val)
a1536da2 4789 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4790 else
a358dc11 4791 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4792
33e38b3e
JH		 4793 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4794 new_settings(hdev, cmd->sk);
4795 }
4796
4797 mgmt_pending_remove(cmd);
4798
4799unlock:
4800 hci_dev_unlock(hdev);
4801}
4802
bdb6d971 4803static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4804 void *data, u16 len)
f6422ec6 4805{
650f726d 4806 struct mgmt_mode *cp = data;
3b0602cd 4807 struct mgmt_pending_cmd *cmd;
33e38b3e 4808 struct hci_request req;
f6422ec6
AJ		 4809 int err;
4810
bdb6d971 4811 BT_DBG("%s", hdev->name);
f6422ec6 4812
d7a5a11d 4813 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4814 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4815 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4816 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4817
a7e80f25 4818 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4819 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4820 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4821
f6422ec6
AJ		 4822 hci_dev_lock(hdev);
4823
05cbf29f 4824 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4825 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4826 MGMT_STATUS_BUSY);
05cbf29f
JH		 4827 goto unlock;
4828 }
4829
d7a5a11d 4830 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4831 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4832 hdev);
4833 goto unlock;
4834 }
4835
406ef2a6 4836 if (!hdev_is_powered(hdev)) {
ce05d603 4837 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4838 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4839 hdev);
4840 new_settings(hdev, sk);
4841 goto unlock;
4842 }
4843
33e38b3e
JH		 4844 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4845 data, len);
4846 if (!cmd) {
4847 err = -ENOMEM;
4848 goto unlock;
f6422ec6
AJ		 4849 }
4850
33e38b3e
JH		 4851 hci_req_init(&req, hdev);
4852
406d7804 4853 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4854
4855 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4856 if (err < 0) {
a69e8375
JH		 4857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4858 MGMT_STATUS_FAILED);
33e38b3e 4859 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4860 }
4861
33e38b3e 4862unlock:
f6422ec6 4863 hci_dev_unlock(hdev);
33e38b3e 4864
f6422ec6
AJ		 4865 return err;
4866}
4867
1904a853 4868static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4869{
3b0602cd 4870 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4871
4872 BT_DBG("status 0x%02x", status);
4873
4874 hci_dev_lock(hdev);
4875
4876 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4877 if (!cmd)
4878 goto unlock;
4879
4880 if (status) {
4881 u8 mgmt_err = mgmt_status(status);
4882
4883 /* We need to restore the flag if related HCI commands
4884 * failed.
4885 */
a358dc11 4886 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4887
a69e8375 4888 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4889 } else {
4890 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4891 new_settings(hdev, cmd->sk);
4892 }
4893
4894 mgmt_pending_remove(cmd);
4895
4896unlock:
4897 hci_dev_unlock(hdev);
4898}
4899
4900static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4901{
4902 struct mgmt_mode *cp = data;
3b0602cd 4903 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4904 struct hci_request req;
4905 int err;
4906
4907 BT_DBG("request for %s", hdev->name);
4908
4909 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4910 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4911 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4912
d7a5a11d 4913 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4914 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4915 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4916
4917 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4918 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4919 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4920
4921 hci_dev_lock(hdev);
4922
d7a5a11d 4923 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4924 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4925 goto unlock;
4926 }
4927
4928 if (!hdev_is_powered(hdev)) {
4929 if (!cp->val) {
a358dc11
MH		 4930 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4931 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4932 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4933 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4934 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4935 }
4936
ce05d603 4937 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4938
4939 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4940 if (err < 0)
4941 goto unlock;
4942
4943 err = new_settings(hdev, sk);
4944 goto unlock;
4945 }
4946
4947 /* Reject disabling when powered on */
4948 if (!cp->val) {
a69e8375
JH		 4949 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4950 MGMT_STATUS_REJECTED);
0663ca2a 4951 goto unlock;
111e4bcc
MH		 4952 } else {
4953 /* When configuring a dual-mode controller to operate
4954 * with LE only and using a static address, then switching
4955 * BR/EDR back on is not allowed.
4956 *
4957 * Dual-mode controllers shall operate with the public
4958 * address as its identity address for BR/EDR and LE. So
4959 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4960 *
4961 * The same restrictions applies when secure connections
4962 * has been enabled. For BR/EDR this is a controller feature
4963 * while for LE it is a host stack feature. This means that
4964 * switching BR/EDR back on when secure connections has been
4965 * enabled is not a supported transaction.
111e4bcc 4966 */
d7a5a11d 4967 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4968 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4969 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4970 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4971 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4972 goto unlock;
4973 }
0663ca2a
JH		 4974 }
4975
4976 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4977 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4978 MGMT_STATUS_BUSY);
0663ca2a
JH		 4979 goto unlock;
4980 }
4981
4982 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4983 if (!cmd) {
4984 err = -ENOMEM;
4985 goto unlock;
4986 }
4987
5947f4bc 4988 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4989 * generates the correct flags.
4990 */
a1536da2 4991 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4992
4993 hci_req_init(&req, hdev);
aa8af46e 4994
432df05e 4995 write_fast_connectable(&req, false);
1d2dc5b7 4996 __hci_update_page_scan(&req);
aa8af46e 4997
f14d8f64
MH		 4998 /* Since only the advertising data flags will change, there
4999 * is no need to update the scan response data.
5000 */
5947f4bc 5001 update_adv_data(&req);
aa8af46e 5002
0663ca2a
JH		 5003 err = hci_req_run(&req, set_bredr_complete);
5004 if (err < 0)
5005 mgmt_pending_remove(cmd);
5006
5007unlock:
5008 hci_dev_unlock(hdev);
5009 return err;
5010}
5011
a1443f5a
JH		 5012static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5013{
3b0602cd 5014 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 5015 struct mgmt_mode *cp;
5016
5017 BT_DBG("%s status %u", hdev->name, status);
5018
5019 hci_dev_lock(hdev);
5020
5021 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
5022 if (!cmd)
5023 goto unlock;
5024
5025 if (status) {
a69e8375
JH		 5026 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
5027 mgmt_status(status));
a1443f5a
JH		 5028 goto remove;
5029 }
5030
5031 cp = cmd->param;
5032
5033 switch (cp->val) {
5034 case 0x00:
a358dc11
MH		 5035 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
5036 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5037 break;
5038 case 0x01:
a1536da2 5039 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 5040 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5041 break;
5042 case 0x02:
a1536da2
MH		 5043 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
5044 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 5045 break;
5046 }
5047
5048 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
5049 new_settings(hdev, cmd->sk);
5050
5051remove:
5052 mgmt_pending_remove(cmd);
5053unlock:
5054 hci_dev_unlock(hdev);
5055}
5056
eac83dc6
MH		 5057static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
5058 void *data, u16 len)
5059{
5060 struct mgmt_mode *cp = data;
3b0602cd 5061 struct mgmt_pending_cmd *cmd;
a1443f5a 5062 struct hci_request req;
a3209694 5063 u8 val;
eac83dc6
MH		 5064 int err;
5065
5066 BT_DBG("request for %s", hdev->name);
5067
05b3c3e7 5068 if (!lmp_sc_capable(hdev) &&
d7a5a11d 5069 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 5070 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5071 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 5072
d7a5a11d 5073 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 5074 lmp_sc_capable(hdev) &&
d7a5a11d 5075 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 5076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5077 MGMT_STATUS_REJECTED);
ed93ec69 5078
0ab04a9c 5079 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 5080 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 5081 MGMT_STATUS_INVALID_PARAMS);
5082
5083 hci_dev_lock(hdev);
5084
05b3c3e7 5085 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 5086 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 5087 bool changed;
5088
0ab04a9c 5089 if (cp->val) {
238be788
MH		 5090 changed = !hci_dev_test_and_set_flag(hdev,
5091 HCI_SC_ENABLED);
0ab04a9c 5092 if (cp->val == 0x02)
a1536da2 5093 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5094 else
a358dc11 5095 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5096 } else {
a69d8927
MH		 5097 changed = hci_dev_test_and_clear_flag(hdev,
5098 HCI_SC_ENABLED);
a358dc11 5099 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 5100 }
eac83dc6
MH		 5101
5102 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5103 if (err < 0)
5104 goto failed;
5105
5106 if (changed)
5107 err = new_settings(hdev, sk);
5108
5109 goto failed;
5110 }
5111
5112 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 5113 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
5114 MGMT_STATUS_BUSY);
eac83dc6
MH		 5115 goto failed;
5116 }
5117
0ab04a9c
MH		 5118 val = !!cp->val;
5119
d7a5a11d
MH		 5120 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5121 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5122 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5123 goto failed;
5124 }
5125
5126 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5127 if (!cmd) {
5128 err = -ENOMEM;
5129 goto failed;
5130 }
5131
a1443f5a
JH		 5132 hci_req_init(&req, hdev);
5133 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5134 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5135 if (err < 0) {
5136 mgmt_pending_remove(cmd);
5137 goto failed;
5138 }
5139
5140failed:
5141 hci_dev_unlock(hdev);
5142 return err;
5143}
5144
4e39ac81
MH		 5145static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5146 void *data, u16 len)
5147{
5148 struct mgmt_mode *cp = data;
b9710979 5149 bool changed, use_changed;
4e39ac81
MH		 5150 int err;
5151
5152 BT_DBG("request for %s", hdev->name);
5153
b9710979 5154 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5155 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5156 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5157
5158 hci_dev_lock(hdev);
5159
5160 if (cp->val)
238be788 5161 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5162 else
a69d8927
MH		 5163 changed = hci_dev_test_and_clear_flag(hdev,
5164 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5165
b9710979 5166 if (cp->val == 0x02)
238be788
MH		 5167 use_changed = !hci_dev_test_and_set_flag(hdev,
5168 HCI_USE_DEBUG_KEYS);
b9710979 5169 else
a69d8927
MH		 5170 use_changed = hci_dev_test_and_clear_flag(hdev,
5171 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5172
5173 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5174 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5175 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5176 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5177 sizeof(mode), &mode);
5178 }
5179
4e39ac81
MH		 5180 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5181 if (err < 0)
5182 goto unlock;
5183
5184 if (changed)
5185 err = new_settings(hdev, sk);
5186
5187unlock:
5188 hci_dev_unlock(hdev);
5189 return err;
5190}
5191
62b04cd1
JH		 5192static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5193 u16 len)
5194{
5195 struct mgmt_cp_set_privacy *cp = cp_data;
5196 bool changed;
5197 int err;
5198
5199 BT_DBG("request for %s", hdev->name);
5200
5201 if (!lmp_le_capable(hdev))
a69e8375
JH		 5202 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5203 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5204
5205 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5206 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5207 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5208
5209 if (hdev_is_powered(hdev))
a69e8375
JH		 5210 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5211 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5212
5213 hci_dev_lock(hdev);
5214
c21c0ea0
JH		 5215 /* If user space supports this command it is also expected to
5216 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5217 */
a1536da2 5218 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5219
62b04cd1 5220 if (cp->privacy) {
238be788 5221 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5222 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5223 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5224 } else {
a69d8927 5225 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5226 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5227 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5228 }
5229
5230 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5231 if (err < 0)
5232 goto unlock;
5233
5234 if (changed)
5235 err = new_settings(hdev, sk);
5236
5237unlock:
5238 hci_dev_unlock(hdev);
5239 return err;
5240}
5241
41edf160
JH		 5242static bool irk_is_valid(struct mgmt_irk_info *irk)
5243{
5244 switch (irk->addr.type) {
5245 case BDADDR_LE_PUBLIC:
5246 return true;
5247
5248 case BDADDR_LE_RANDOM:
5249 /* Two most significant bits shall be set */
5250 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5251 return false;
5252 return true;
5253 }
5254
5255 return false;
5256}
5257
5258static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5259 u16 len)
5260{
5261 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5262 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5263 sizeof(struct mgmt_irk_info));
41edf160
JH		 5264 u16 irk_count, expected_len;
5265 int i, err;
5266
5267 BT_DBG("request for %s", hdev->name);
5268
5269 if (!lmp_le_capable(hdev))
a69e8375
JH		 5270 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5271 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5272
5273 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5274 if (irk_count > max_irk_count) {
5275 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5276 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5277 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5278 }
41edf160
JH		 5279
5280 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5281 if (expected_len != len) {
5282 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5283 expected_len, len);
a69e8375
JH		 5284 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5285 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5286 }
5287
5288 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5289
5290 for (i = 0; i < irk_count; i++) {
5291 struct mgmt_irk_info *key = &cp->irks[i];
5292
5293 if (!irk_is_valid(key))
a69e8375
JH		 5294 return mgmt_cmd_status(sk, hdev->id,
5295 MGMT_OP_LOAD_IRKS,
5296 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5297 }
5298
5299 hci_dev_lock(hdev);
5300
5301 hci_smp_irks_clear(hdev);
5302
5303 for (i = 0; i < irk_count; i++) {
5304 struct mgmt_irk_info *irk = &cp->irks[i];
5305 u8 addr_type;
5306
5307 if (irk->addr.type == BDADDR_LE_PUBLIC)
5308 addr_type = ADDR_LE_DEV_PUBLIC;
5309 else
5310 addr_type = ADDR_LE_DEV_RANDOM;
5311
5312 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5313 BDADDR_ANY);
5314 }
5315
a1536da2 5316 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5317
2a1afb5a 5318 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5319
5320 hci_dev_unlock(hdev);
5321
5322 return err;
5323}
5324
3f706b72
JH		 5325static bool ltk_is_valid(struct mgmt_ltk_info *key)
5326{
5327 if (key->master != 0x00 && key->master != 0x01)
5328 return false;
490cb0b3
MH		 5329
5330 switch (key->addr.type) {
5331 case BDADDR_LE_PUBLIC:
5332 return true;
5333
5334 case BDADDR_LE_RANDOM:
5335 /* Two most significant bits shall be set */
5336 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5337 return false;
5338 return true;
5339 }
5340
5341 return false;
3f706b72
JH		 5342}
5343
bdb6d971 5344static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5345 void *cp_data, u16 len)
346af67b 5346{
346af67b 5347 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5348 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5349 sizeof(struct mgmt_ltk_info));
346af67b 5350 u16 key_count, expected_len;
715a5bf2 5351 int i, err;
346af67b 5352
cf99ba13
MH		 5353 BT_DBG("request for %s", hdev->name);
5354
5355 if (!lmp_le_capable(hdev))
a69e8375
JH		 5356 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5357 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5358
1f350c87 5359 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5360 if (key_count > max_key_count) {
5361 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5362 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5363 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5364 }
346af67b
VCG		 5365
5366 expected_len = sizeof(*cp) + key_count *
5367 sizeof(struct mgmt_ltk_info);
5368 if (expected_len != len) {
5369 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5370 expected_len, len);
a69e8375
JH		 5371 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5372 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5373 }
5374
bdb6d971 5375 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5376
54ad6d8a
JH		 5377 for (i = 0; i < key_count; i++) {
5378 struct mgmt_ltk_info *key = &cp->keys[i];
5379
3f706b72 5380 if (!ltk_is_valid(key))
a69e8375
JH		 5381 return mgmt_cmd_status(sk, hdev->id,
5382 MGMT_OP_LOAD_LONG_TERM_KEYS,
5383 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5384 }
5385
346af67b
VCG		 5386 hci_dev_lock(hdev);
5387
5388 hci_smp_ltks_clear(hdev);
5389
5390 for (i = 0; i < key_count; i++) {
5391 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5392 u8 type, addr_type, authenticated;
79d95a19
MH		 5393
5394 if (key->addr.type == BDADDR_LE_PUBLIC)
5395 addr_type = ADDR_LE_DEV_PUBLIC;
5396 else
5397 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5398
61b43357
JH		 5399 switch (key->type) {
5400 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5401 authenticated = 0x00;
23fb8de3 5402 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5403 break;
5404 case MGMT_LTK_AUTHENTICATED:
d7b25450 5405 authenticated = 0x01;
23fb8de3
JH		 5406 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5407 break;
5408 case MGMT_LTK_P256_UNAUTH:
5409 authenticated = 0x00;
5410 type = SMP_LTK_P256;
61b43357 5411 break;
23fb8de3
JH		 5412 case MGMT_LTK_P256_AUTH:
5413 authenticated = 0x01;
5414 type = SMP_LTK_P256;
61b43357 5415 break;
23fb8de3
JH		 5416 case MGMT_LTK_P256_DEBUG:
5417 authenticated = 0x00;
5418 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5419 default:
5420 continue;
5421 }
d7b25450 5422
35d70271 5423 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5424 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5425 key->rand);
346af67b
VCG		 5426 }
5427
2a1afb5a 5428 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5429 NULL, 0);
5430
346af67b 5431 hci_dev_unlock(hdev);
346af67b 5432
715a5bf2 5433 return err;
346af67b
VCG		 5434}
5435
3b0602cd 5436static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5437{
dd983808 5438 struct hci_conn *conn = cmd->user_data;
9981bdb0 5439 struct mgmt_rp_get_conn_info rp;
9df74653 5440 int err;
dd983808 5441
9981bdb0 5442 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5443
9981bdb0 5444 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5445 rp.rssi = conn->rssi;
9981bdb0
JH		 5446 rp.tx_power = conn->tx_power;
5447 rp.max_tx_power = conn->max_tx_power;
5448 } else {
5449 rp.rssi = HCI_RSSI_INVALID;
5450 rp.tx_power = HCI_TX_POWER_INVALID;
5451 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5452 }
5453
2a1afb5a
JH		 5454 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5455 status, &rp, sizeof(rp));
dd983808
AK		 5456
5457 hci_conn_drop(conn);
f8aaf9b6 5458 hci_conn_put(conn);
9df74653
JH		 5459
5460 return err;
dd983808
AK		 5461}
5462
1904a853
MH		 5463static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5464 u16 opcode)
dd983808
AK		 5465{
5466 struct hci_cp_read_rssi *cp;
3b0602cd 5467 struct mgmt_pending_cmd *cmd;
dd983808 5468 struct hci_conn *conn;
dd983808 5469 u16 handle;
9981bdb0 5470 u8 status;
dd983808 5471
9981bdb0 5472 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5473
5474 hci_dev_lock(hdev);
5475
dd983808
AK		 5476 /* Commands sent in request are either Read RSSI or Read Transmit Power
5477 * Level so we check which one was last sent to retrieve connection
5478 * handle. Both commands have handle as first parameter so it's safe to
5479 * cast data on the same command struct.
5480 *
5481 * First command sent is always Read RSSI and we fail only if it fails.
5482 * In other case we simply override error to indicate success as we
5483 * already remembered if TX power value is actually valid.
5484 */
5485 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5486 if (!cp) {
5487 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5488 status = MGMT_STATUS_SUCCESS;
5489 } else {
5490 status = mgmt_status(hci_status);
dd983808
AK		 5491 }
5492
5493 if (!cp) {
9981bdb0 5494 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5495 goto unlock;
5496 }
5497
5498 handle = __le16_to_cpu(cp->handle);
5499 conn = hci_conn_hash_lookup_handle(hdev, handle);
5500 if (!conn) {
9981bdb0 5501 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5502 goto unlock;
5503 }
5504
9981bdb0
JH		 5505 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5506 if (!cmd)
5507 goto unlock;
dd983808 5508
9981bdb0
JH		 5509 cmd->cmd_complete(cmd, status);
5510 mgmt_pending_remove(cmd);
dd983808
AK		 5511
5512unlock:
5513 hci_dev_unlock(hdev);
5514}
5515
5516static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5517 u16 len)
5518{
5519 struct mgmt_cp_get_conn_info *cp = data;
5520 struct mgmt_rp_get_conn_info rp;
5521 struct hci_conn *conn;
5522 unsigned long conn_info_age;
5523 int err = 0;
5524
5525 BT_DBG("%s", hdev->name);
5526
5527 memset(&rp, 0, sizeof(rp));
5528 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5529 rp.addr.type = cp->addr.type;
5530
5531 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5532 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5533 MGMT_STATUS_INVALID_PARAMS,
5534 &rp, sizeof(rp));
dd983808
AK		 5535
5536 hci_dev_lock(hdev);
5537
5538 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5539 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5540 MGMT_STATUS_NOT_POWERED, &rp,
5541 sizeof(rp));
dd983808
AK		 5542 goto unlock;
5543 }
5544
5545 if (cp->addr.type == BDADDR_BREDR)
5546 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5547 &cp->addr.bdaddr);
5548 else
5549 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5550
5551 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5552 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5553 MGMT_STATUS_NOT_CONNECTED, &rp,
5554 sizeof(rp));
dd983808
AK		 5555 goto unlock;
5556 }
5557
9981bdb0 5558 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5559 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5560 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5561 goto unlock;
5562 }
5563
dd983808
AK		 5564 /* To avoid client trying to guess when to poll again for information we
5565 * calculate conn info age as random value between min/max set in hdev.
5566 */
5567 conn_info_age = hdev->conn_info_min_age +
5568 prandom_u32_max(hdev->conn_info_max_age -
5569 hdev->conn_info_min_age);
5570
5571 /* Query controller to refresh cached values if they are too old or were
5572 * never read.
5573 */
f4e2dd53
AK		 5574 if (time_after(jiffies, conn->conn_info_timestamp +
5575 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5576 !conn->conn_info_timestamp) {
5577 struct hci_request req;
5578 struct hci_cp_read_tx_power req_txp_cp;
5579 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5580 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5581
5582 hci_req_init(&req, hdev);
5583 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5584 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5585 &req_rssi_cp);
5586
f7faab0c
AK		 5587 /* For LE links TX power does not change thus we don't need to
5588 * query for it once value is known.
5589 */
5590 if (!bdaddr_type_is_le(cp->addr.type) ||
5591 conn->tx_power == HCI_TX_POWER_INVALID) {
5592 req_txp_cp.handle = cpu_to_le16(conn->handle);
5593 req_txp_cp.type = 0x00;
5594 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5595 sizeof(req_txp_cp), &req_txp_cp);
5596 }
dd983808 5597
eed5daf3
AK		 5598 /* Max TX power needs to be read only once per connection */
5599 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5600 req_txp_cp.handle = cpu_to_le16(conn->handle);
5601 req_txp_cp.type = 0x01;
5602 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5603 sizeof(req_txp_cp), &req_txp_cp);
5604 }
5605
dd983808
AK		 5606 err = hci_req_run(&req, conn_info_refresh_complete);
5607 if (err < 0)
5608 goto unlock;
5609
5610 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5611 data, len);
5612 if (!cmd) {
5613 err = -ENOMEM;
5614 goto unlock;
5615 }
5616
5617 hci_conn_hold(conn);
f8aaf9b6 5618 cmd->user_data = hci_conn_get(conn);
9981bdb0 5619 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5620
5621 conn->conn_info_timestamp = jiffies;
5622 } else {
5623 /* Cache is valid, just reply with values cached in hci_conn */
5624 rp.rssi = conn->rssi;
5625 rp.tx_power = conn->tx_power;
eed5daf3 5626 rp.max_tx_power = conn->max_tx_power;
dd983808 5627
2a1afb5a
JH		 5628 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5629 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5630 }
5631
5632unlock:
5633 hci_dev_unlock(hdev);
5634 return err;
5635}
5636
3b0602cd 5637static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5638{
69487371 5639 struct hci_conn *conn = cmd->user_data;
95868426 5640 struct mgmt_rp_get_clock_info rp;
69487371 5641 struct hci_dev *hdev;
9df74653 5642 int err;
69487371
JH		 5643
5644 memset(&rp, 0, sizeof(rp));
5645 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5646
5647 if (status)
5648 goto complete;
5649
5650 hdev = hci_dev_get(cmd->index);
5651 if (hdev) {
5652 rp.local_clock = cpu_to_le32(hdev->clock);
5653 hci_dev_put(hdev);
5654 }
5655
5656 if (conn) {
5657 rp.piconet_clock = cpu_to_le32(conn->clock);
5658 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5659 }
5660
5661complete:
2a1afb5a
JH		 5662 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5663 sizeof(rp));
69487371
JH		 5664
5665 if (conn) {
5666 hci_conn_drop(conn);
5667 hci_conn_put(conn);
5668 }
9df74653
JH		 5669
5670 return err;
69487371
JH		 5671}
5672
1904a853 5673static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5674{
95868426 5675 struct hci_cp_read_clock *hci_cp;
3b0602cd 5676 struct mgmt_pending_cmd *cmd;
95868426
JH		 5677 struct hci_conn *conn;
5678
5679 BT_DBG("%s status %u", hdev->name, status);
5680
5681 hci_dev_lock(hdev);
5682
5683 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5684 if (!hci_cp)
5685 goto unlock;
5686
5687 if (hci_cp->which) {
5688 u16 handle = __le16_to_cpu(hci_cp->handle);
5689 conn = hci_conn_hash_lookup_handle(hdev, handle);
5690 } else {
5691 conn = NULL;
5692 }
5693
5694 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5695 if (!cmd)
5696 goto unlock;
5697
69487371 5698 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5699 mgmt_pending_remove(cmd);
95868426
JH		 5700
5701unlock:
5702 hci_dev_unlock(hdev);
5703}
5704
5705static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5706 u16 len)
5707{
5708 struct mgmt_cp_get_clock_info *cp = data;
5709 struct mgmt_rp_get_clock_info rp;
5710 struct hci_cp_read_clock hci_cp;
3b0602cd 5711 struct mgmt_pending_cmd *cmd;
95868426
JH		 5712 struct hci_request req;
5713 struct hci_conn *conn;
5714 int err;
5715
5716 BT_DBG("%s", hdev->name);
5717
5718 memset(&rp, 0, sizeof(rp));
5719 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5720 rp.addr.type = cp->addr.type;
5721
5722 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5723 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5724 MGMT_STATUS_INVALID_PARAMS,
5725 &rp, sizeof(rp));
95868426
JH		 5726
5727 hci_dev_lock(hdev);
5728
5729 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5730 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5731 MGMT_STATUS_NOT_POWERED, &rp,
5732 sizeof(rp));
95868426
JH		 5733 goto unlock;
5734 }
5735
5736 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5737 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5738 &cp->addr.bdaddr);
5739 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5740 err = mgmt_cmd_complete(sk, hdev->id,
5741 MGMT_OP_GET_CLOCK_INFO,
5742 MGMT_STATUS_NOT_CONNECTED,
5743 &rp, sizeof(rp));
95868426
JH		 5744 goto unlock;
5745 }
5746 } else {
5747 conn = NULL;
5748 }
5749
5750 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5751 if (!cmd) {
5752 err = -ENOMEM;
5753 goto unlock;
5754 }
5755
69487371
JH		 5756 cmd->cmd_complete = clock_info_cmd_complete;
5757
95868426
JH		 5758 hci_req_init(&req, hdev);
5759
5760 memset(&hci_cp, 0, sizeof(hci_cp));
5761 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5762
5763 if (conn) {
5764 hci_conn_hold(conn);
f8aaf9b6 5765 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5766
5767 hci_cp.handle = cpu_to_le16(conn->handle);
5768 hci_cp.which = 0x01; /* Piconet clock */
5769 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5770 }
5771
5772 err = hci_req_run(&req, get_clock_info_complete);
5773 if (err < 0)
5774 mgmt_pending_remove(cmd);
5775
5776unlock:
5777 hci_dev_unlock(hdev);
5778 return err;
5779}
5780
5a154e6f
JH		 5781static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5782{
5783 struct hci_conn *conn;
5784
5785 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5786 if (!conn)
5787 return false;
5788
5789 if (conn->dst_type != type)
5790 return false;
5791
5792 if (conn->state != BT_CONNECTED)
5793 return false;
5794
5795 return true;
5796}
5797
5798/* This function requires the caller holds hdev->lock */
5799static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5800 u8 addr_type, u8 auto_connect)
5801{
5802 struct hci_dev *hdev = req->hdev;
5803 struct hci_conn_params *params;
5804
5805 params = hci_conn_params_add(hdev, addr, addr_type);
5806 if (!params)
5807 return -EIO;
5808
5809 if (params->auto_connect == auto_connect)
5810 return 0;
5811
5812 list_del_init(&params->action);
5813
5814 switch (auto_connect) {
5815 case HCI_AUTO_CONN_DISABLED:
5816 case HCI_AUTO_CONN_LINK_LOSS:
5817 __hci_update_background_scan(req);
5818 break;
5819 case HCI_AUTO_CONN_REPORT:
5820 list_add(&params->action, &hdev->pend_le_reports);
5821 __hci_update_background_scan(req);
5822 break;
5823 case HCI_AUTO_CONN_DIRECT:
5824 case HCI_AUTO_CONN_ALWAYS:
5825 if (!is_connected(hdev, addr, addr_type)) {
5826 list_add(&params->action, &hdev->pend_le_conns);
5827 __hci_update_background_scan(req);
5828 }
5829 break;
5830 }
5831
5832 params->auto_connect = auto_connect;
5833
5834 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5835 auto_connect);
5836
5837 return 0;
5838}
5839
8afef092
MH		 5840static void device_added(struct sock *sk, struct hci_dev *hdev,
5841 bdaddr_t *bdaddr, u8 type, u8 action)
5842{
5843 struct mgmt_ev_device_added ev;
5844
5845 bacpy(&ev.addr.bdaddr, bdaddr);
5846 ev.addr.type = type;
5847 ev.action = action;
5848
5849 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5850}
5851
1904a853 5852static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5853{
3b0602cd 5854 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5855
5856 BT_DBG("status 0x%02x", status);
5857
5858 hci_dev_lock(hdev);
5859
5860 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5861 if (!cmd)
5862 goto unlock;
5863
5864 cmd->cmd_complete(cmd, mgmt_status(status));
5865 mgmt_pending_remove(cmd);
5866
5867unlock:
5868 hci_dev_unlock(hdev);
5869}
5870
2faade53
MH		 5871static int add_device(struct sock *sk, struct hci_dev *hdev,
5872 void *data, u16 len)
5873{
5874 struct mgmt_cp_add_device *cp = data;
3b0602cd 5875 struct mgmt_pending_cmd *cmd;
5a154e6f 5876 struct hci_request req;
2faade53
MH		 5877 u8 auto_conn, addr_type;
5878 int err;
5879
5880 BT_DBG("%s", hdev->name);
5881
6659358e 5882 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5883 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5884 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5885 MGMT_STATUS_INVALID_PARAMS,
5886 &cp->addr, sizeof(cp->addr));
2faade53 5887
4b9e7e75 5888 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5889 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5890 MGMT_STATUS_INVALID_PARAMS,
5891 &cp->addr, sizeof(cp->addr));
2faade53 5892
5a154e6f
JH		 5893 hci_req_init(&req, hdev);
5894
2faade53
MH		 5895 hci_dev_lock(hdev);
5896
5a154e6f
JH		 5897 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5898 if (!cmd) {
5899 err = -ENOMEM;
5900 goto unlock;
5901 }
5902
5903 cmd->cmd_complete = addr_cmd_complete;
5904
6659358e 5905 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5906 /* Only incoming connections action is supported for now */
6659358e 5907 if (cp->action != 0x01) {
9df74653
JH		 5908 err = cmd->cmd_complete(cmd,
5909 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5910 mgmt_pending_remove(cmd);
6659358e
JH		 5911 goto unlock;
5912 }
5913
5914 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5915 cp->addr.type);
5916 if (err)
5917 goto unlock;
a397407f 5918
5a154e6f 5919 __hci_update_page_scan(&req);
a397407f 5920
6659358e
JH		 5921 goto added;
5922 }
5923
2faade53
MH		 5924 if (cp->addr.type == BDADDR_LE_PUBLIC)
5925 addr_type = ADDR_LE_DEV_PUBLIC;
5926 else
5927 addr_type = ADDR_LE_DEV_RANDOM;
5928
4b9e7e75 5929 if (cp->action == 0x02)
2faade53 5930 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5931 else if (cp->action == 0x01)
5932 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5933 else
a3451d27 5934 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5935
bf5b3c8b
MH		 5936 /* If the connection parameters don't exist for this device,
5937 * they will be created and configured with defaults.
5938 */
5a154e6f 5939 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5940 auto_conn) < 0) {
9df74653 5941 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5942 mgmt_pending_remove(cmd);
2faade53
MH		 5943 goto unlock;
5944 }
5945
6659358e 5946added:
8afef092
MH		 5947 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5948
5a154e6f
JH		 5949 err = hci_req_run(&req, add_device_complete);
5950 if (err < 0) {
5951 /* ENODATA means no HCI commands were needed (e.g. if
5952 * the adapter is powered off).
5953 */
9df74653
JH		 5954 if (err == -ENODATA)
5955 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5956 mgmt_pending_remove(cmd);
5957 }
2faade53
MH		 5958
5959unlock:
5960 hci_dev_unlock(hdev);
5961 return err;
5962}
5963
8afef092
MH		 5964static void device_removed(struct sock *sk, struct hci_dev *hdev,
5965 bdaddr_t *bdaddr, u8 type)
5966{
5967 struct mgmt_ev_device_removed ev;
5968
5969 bacpy(&ev.addr.bdaddr, bdaddr);
5970 ev.addr.type = type;
5971
5972 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5973}
5974
1904a853 5975static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5976{
3b0602cd 5977 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5978
5979 BT_DBG("status 0x%02x", status);
5980
5981 hci_dev_lock(hdev);
5982
5983 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5984 if (!cmd)
5985 goto unlock;
5986
5987 cmd->cmd_complete(cmd, mgmt_status(status));
5988 mgmt_pending_remove(cmd);
5989
5990unlock:
5991 hci_dev_unlock(hdev);
5992}
5993
2faade53
MH		 5994static int remove_device(struct sock *sk, struct hci_dev *hdev,
5995 void *data, u16 len)
5996{
5997 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5998 struct mgmt_pending_cmd *cmd;
51ef3ebe 5999 struct hci_request req;
2faade53
MH		 6000 int err;
6001
6002 BT_DBG("%s", hdev->name);
6003
51ef3ebe
JH		 6004 hci_req_init(&req, hdev);
6005
2faade53
MH		 6006 hci_dev_lock(hdev);
6007
51ef3ebe
JH		 6008 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
6009 if (!cmd) {
6010 err = -ENOMEM;
6011 goto unlock;
6012 }
6013
6014 cmd->cmd_complete = addr_cmd_complete;
6015
2faade53 6016 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 6017 struct hci_conn_params *params;
2faade53
MH		 6018 u8 addr_type;
6019
6659358e 6020 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 6021 err = cmd->cmd_complete(cmd,
6022 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6023 mgmt_pending_remove(cmd);
2faade53
MH		 6024 goto unlock;
6025 }
6026
6659358e
JH		 6027 if (cp->addr.type == BDADDR_BREDR) {
6028 err = hci_bdaddr_list_del(&hdev->whitelist,
6029 &cp->addr.bdaddr,
6030 cp->addr.type);
6031 if (err) {
9df74653
JH		 6032 err = cmd->cmd_complete(cmd,
6033 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6034 mgmt_pending_remove(cmd);
6659358e
JH		 6035 goto unlock;
6036 }
6037
51ef3ebe 6038 __hci_update_page_scan(&req);
a397407f 6039
6659358e
JH		 6040 device_removed(sk, hdev, &cp->addr.bdaddr,
6041 cp->addr.type);
6042 goto complete;
6043 }
6044
2faade53
MH		 6045 if (cp->addr.type == BDADDR_LE_PUBLIC)
6046 addr_type = ADDR_LE_DEV_PUBLIC;
6047 else
6048 addr_type = ADDR_LE_DEV_RANDOM;
6049
c71593dd
JH		 6050 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
6051 addr_type);
6052 if (!params) {
9df74653
JH		 6053 err = cmd->cmd_complete(cmd,
6054 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6055 mgmt_pending_remove(cmd);
c71593dd
JH		 6056 goto unlock;
6057 }
6058
6059 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 6060 err = cmd->cmd_complete(cmd,
6061 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6062 mgmt_pending_remove(cmd);
c71593dd
JH		 6063 goto unlock;
6064 }
6065
d1dbf12e 6066 list_del(&params->action);
c71593dd
JH		 6067 list_del(&params->list);
6068 kfree(params);
51ef3ebe 6069 __hci_update_background_scan(&req);
8afef092
MH		 6070
6071 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 6072 } else {
19de0825 6073 struct hci_conn_params *p, *tmp;
6659358e 6074 struct bdaddr_list *b, *btmp;
19de0825 6075
2faade53 6076 if (cp->addr.type) {
9df74653
JH		 6077 err = cmd->cmd_complete(cmd,
6078 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 6079 mgmt_pending_remove(cmd);
2faade53
MH		 6080 goto unlock;
6081 }
6082
6659358e
JH		 6083 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
6084 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
6085 list_del(&b->list);
6086 kfree(b);
6087 }
6088
51ef3ebe 6089 __hci_update_page_scan(&req);
a397407f 6090
19de0825
JH		 6091 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
6092 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
6093 continue;
6094 device_removed(sk, hdev, &p->addr, p->addr_type);
6095 list_del(&p->action);
6096 list_del(&p->list);
6097 kfree(p);
6098 }
6099
6100 BT_DBG("All LE connection parameters were removed");
6101
51ef3ebe 6102 __hci_update_background_scan(&req);
2faade53
MH		 6103 }
6104
6659358e 6105complete:
51ef3ebe
JH		 6106 err = hci_req_run(&req, remove_device_complete);
6107 if (err < 0) {
6108 /* ENODATA means no HCI commands were needed (e.g. if
6109 * the adapter is powered off).
6110 */
9df74653
JH		 6111 if (err == -ENODATA)
6112 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 6113 mgmt_pending_remove(cmd);
6114 }
2faade53
MH		 6115
6116unlock:
6117 hci_dev_unlock(hdev);
6118 return err;
6119}
6120
a26f3dcf
JH		 6121static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6122 u16 len)
6123{
6124 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6125 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6126 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6127 u16 param_count, expected_len;
6128 int i;
6129
6130 if (!lmp_le_capable(hdev))
a69e8375
JH		 6131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6132 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6133
6134 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6135 if (param_count > max_param_count) {
6136 BT_ERR("load_conn_param: too big param_count value %u",
6137 param_count);
a69e8375
JH		 6138 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6139 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6140 }
a26f3dcf
JH		 6141
6142 expected_len = sizeof(*cp) + param_count *
6143 sizeof(struct mgmt_conn_param);
6144 if (expected_len != len) {
6145 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6146 expected_len, len);
a69e8375
JH		 6147 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6148 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6149 }
6150
6151 BT_DBG("%s param_count %u", hdev->name, param_count);
6152
6153 hci_dev_lock(hdev);
6154
6155 hci_conn_params_clear_disabled(hdev);
6156
6157 for (i = 0; i < param_count; i++) {
6158 struct mgmt_conn_param *param = &cp->params[i];
6159 struct hci_conn_params *hci_param;
6160 u16 min, max, latency, timeout;
6161 u8 addr_type;
6162
6163 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6164 param->addr.type);
6165
6166 if (param->addr.type == BDADDR_LE_PUBLIC) {
6167 addr_type = ADDR_LE_DEV_PUBLIC;
6168 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6169 addr_type = ADDR_LE_DEV_RANDOM;
6170 } else {
6171 BT_ERR("Ignoring invalid connection parameters");
6172 continue;
6173 }
6174
6175 min = le16_to_cpu(param->min_interval);
6176 max = le16_to_cpu(param->max_interval);
6177 latency = le16_to_cpu(param->latency);
6178 timeout = le16_to_cpu(param->timeout);
6179
6180 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6181 min, max, latency, timeout);
6182
6183 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6184 BT_ERR("Ignoring invalid connection parameters");
6185 continue;
6186 }
6187
6188 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6189 addr_type);
6190 if (!hci_param) {
6191 BT_ERR("Failed to add connection parameters");
6192 continue;
6193 }
6194
6195 hci_param->conn_min_interval = min;
6196 hci_param->conn_max_interval = max;
6197 hci_param->conn_latency = latency;
6198 hci_param->supervision_timeout = timeout;
6199 }
6200
6201 hci_dev_unlock(hdev);
6202
2a1afb5a
JH		 6203 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6204 NULL, 0);
a26f3dcf
JH		 6205}
6206
dbece37a
MH		 6207static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6208 void *data, u16 len)
6209{
6210 struct mgmt_cp_set_external_config *cp = data;
6211 bool changed;
6212 int err;
6213
6214 BT_DBG("%s", hdev->name);
6215
6216 if (hdev_is_powered(hdev))
a69e8375
JH		 6217 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6218 MGMT_STATUS_REJECTED);
dbece37a
MH		 6219
6220 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6222 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6223
6224 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6225 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6226 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6227
6228 hci_dev_lock(hdev);
6229
6230 if (cp->config)
238be788 6231 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6232 else
a69d8927 6233 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6234
6235 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6236 if (err < 0)
6237 goto unlock;
6238
6239 if (!changed)
6240 goto unlock;
6241
f4537c04
MH		 6242 err = new_options(hdev, sk);
6243
d7a5a11d 6244 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6245 mgmt_index_removed(hdev);
d603b76b 6246
516018a9 6247 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6248 hci_dev_set_flag(hdev, HCI_CONFIG);
6249 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6250
6251 queue_work(hdev->req_workqueue, &hdev->power_on);
6252 } else {
5ea234d3 6253 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6254 mgmt_index_added(hdev);
6255 }
dbece37a
MH		 6256 }
6257
6258unlock:
6259 hci_dev_unlock(hdev);
6260 return err;
6261}
6262
9713c17b
MH		 6263static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6264 void *data, u16 len)
6265{
6266 struct mgmt_cp_set_public_address *cp = data;
6267 bool changed;
6268 int err;
6269
6270 BT_DBG("%s", hdev->name);
6271
6272 if (hdev_is_powered(hdev))
a69e8375
JH		 6273 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6274 MGMT_STATUS_REJECTED);
9713c17b
MH		 6275
6276 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6277 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6278 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6279
6280 if (!hdev->set_bdaddr)
a69e8375
JH		 6281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6282 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6283
6284 hci_dev_lock(hdev);
6285
6286 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6287 bacpy(&hdev->public_addr, &cp->bdaddr);
6288
6289 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6290 if (err < 0)
6291 goto unlock;
6292
6293 if (!changed)
6294 goto unlock;
6295
d7a5a11d 6296 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6297 err = new_options(hdev, sk);
6298
6299 if (is_configured(hdev)) {
6300 mgmt_index_removed(hdev);
6301
a358dc11 6302 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6303
a1536da2
MH		 6304 hci_dev_set_flag(hdev, HCI_CONFIG);
6305 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6306
6307 queue_work(hdev->req_workqueue, &hdev->power_on);
6308 }
6309
6310unlock:
6311 hci_dev_unlock(hdev);
6312 return err;
6313}
6314
bea41609
MH		 6315static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6316 u8 data_len)
6317{
6318 eir[eir_len++] = sizeof(type) + data_len;
6319 eir[eir_len++] = type;
6320 memcpy(&eir[eir_len], data, data_len);
6321 eir_len += data_len;
6322
6323 return eir_len;
6324}
6325
4f0f155c
MH		 6326static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6327 void *data, u16 data_len)
6328{
6329 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6330 struct mgmt_rp_read_local_oob_ext_data *rp;
6331 size_t rp_len;
6332 u16 eir_len;
0821a2c5 6333 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6334 int err;
6335
6336 BT_DBG("%s", hdev->name);
6337
6338 if (!hdev_is_powered(hdev))
6339 return mgmt_cmd_complete(sk, hdev->id,
6340 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6341 MGMT_STATUS_NOT_POWERED,
6342 &cp->type, sizeof(cp->type));
6343
6344 switch (cp->type) {
6345 case BIT(BDADDR_BREDR):
6346 status = mgmt_bredr_support(hdev);
6347 if (status)
6348 return mgmt_cmd_complete(sk, hdev->id,
6349 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6350 status, &cp->type,
6351 sizeof(cp->type));
6352 eir_len = 5;
6353 break;
6354 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6355 status = mgmt_le_support(hdev);
6356 if (status)
6357 return mgmt_cmd_complete(sk, hdev->id,
6358 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6359 status, &cp->type,
6360 sizeof(cp->type));
0821a2c5 6361 eir_len = 9 + 3 + 18 + 18 + 3;
4f0f155c
MH		 6362 break;
6363 default:
6364 return mgmt_cmd_complete(sk, hdev->id,
6365 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6366 MGMT_STATUS_INVALID_PARAMS,
6367 &cp->type, sizeof(cp->type));
6368 }
6369
6370 hci_dev_lock(hdev);
6371
6372 rp_len = sizeof(*rp) + eir_len;
6373 rp = kmalloc(rp_len, GFP_ATOMIC);
6374 if (!rp) {
6375 hci_dev_unlock(hdev);
6376 return -ENOMEM;
6377 }
6378
6379 eir_len = 0;
6380 switch (cp->type) {
6381 case BIT(BDADDR_BREDR):
6382 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
6383 hdev->dev_class, 3);
6384 break;
6385 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6386 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6387 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5
MH		 6388 hci_dev_unlock(hdev);
6389 err = mgmt_cmd_complete(sk, hdev->id,
5082a599
MH		 6390 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
6391 MGMT_STATUS_FAILED,
6392 &cp->type, sizeof(cp->type));
0821a2c5
MH		 6393 goto done;
6394 }
6395
4f0f155c
MH		 6396 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
6397 memcpy(addr, &hdev->rpa, 6);
6398 addr[6] = 0x01;
6399 } else if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6400 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6401 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6402 bacmp(&hdev->static_addr, BDADDR_ANY))) {
6403 memcpy(addr, &hdev->static_addr, 6);
6404 addr[6] = 0x01;
6405 } else {
6406 memcpy(addr, &hdev->bdaddr, 6);
6407 addr[6] = 0x00;
6408 }
6409
6410 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6411 addr, sizeof(addr));
6412
6413 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6414 role = 0x02;
6415 else
6416 role = 0x01;
6417
6418 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6419 &role, sizeof(role));
6420
5082a599
MH		 6421 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6422 eir_len = eir_append_data(rp->eir, eir_len,
6423 EIR_LE_SC_CONFIRM,
6424 hash, sizeof(hash));
0821a2c5 6425
5082a599
MH		 6426 eir_len = eir_append_data(rp->eir, eir_len,
6427 EIR_LE_SC_RANDOM,
6428 rand, sizeof(rand));
6429 }
0821a2c5 6430
4f0f155c
MH		 6431 flags = get_adv_discov_flags(hdev);
6432
6433 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6434 flags |= LE_AD_NO_BREDR;
6435
6436 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6437 &flags, sizeof(flags));
6438 break;
6439 }
6440
6441 rp->type = cp->type;
6442 rp->eir_len = cpu_to_le16(eir_len);
6443
6444 hci_dev_unlock(hdev);
6445
72000df2
MH		 6446 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6447
4f0f155c 6448 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
5425f98e 6449 MGMT_STATUS_SUCCESS, rp, sizeof(*rp) + eir_len);
72000df2
MH		 6450 if (err < 0)
6451 goto done;
6452
6453 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6454 rp, sizeof(*rp) + eir_len,
6455 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6456
0821a2c5 6457done:
4f0f155c
MH		 6458 kfree(rp);
6459
6460 return err;
6461}
6462
d3d5305b
MH		 6463static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6464 void *data, u16 data_len)
6465{
6466 struct mgmt_rp_read_adv_features *rp;
6467 size_t rp_len;
6468 int err;
6469
6470 BT_DBG("%s", hdev->name);
6471
6472 hci_dev_lock(hdev);
6473
6474 rp_len = sizeof(*rp);
6475 rp = kmalloc(rp_len, GFP_ATOMIC);
6476 if (!rp) {
6477 hci_dev_unlock(hdev);
6478 return -ENOMEM;
6479 }
6480
6481 rp->supported_flags = cpu_to_le32(0);
6482 rp->max_adv_data_len = 31;
6483 rp->max_scan_rsp_len = 31;
6484 rp->max_instances = 0;
6485 rp->num_instances = 0;
6486
6487 hci_dev_unlock(hdev);
6488
6489 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6490 MGMT_STATUS_SUCCESS, rp, rp_len);
6491
6492 kfree(rp);
6493
6494 return err;
6495}
6496
6d785aa3 6497static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6498 { NULL }, /* 0x0000 (no command) */
b9a245fb 6499 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6500 HCI_MGMT_NO_HDEV |
6501 HCI_MGMT_UNTRUSTED },
b9a245fb 6502 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6503 HCI_MGMT_NO_HDEV |
6504 HCI_MGMT_UNTRUSTED },
b9a245fb 6505 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6506 HCI_MGMT_NO_HDEV |
6507 HCI_MGMT_UNTRUSTED },
6508 { read_controller_info, MGMT_READ_INFO_SIZE,
6509 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6510 { set_powered, MGMT_SETTING_SIZE },
6511 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6512 { set_connectable, MGMT_SETTING_SIZE },
6513 { set_fast_connectable, MGMT_SETTING_SIZE },
6514 { set_bondable, MGMT_SETTING_SIZE },
6515 { set_link_security, MGMT_SETTING_SIZE },
6516 { set_ssp, MGMT_SETTING_SIZE },
6517 { set_hs, MGMT_SETTING_SIZE },
6518 { set_le, MGMT_SETTING_SIZE },
6519 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6520 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6521 { add_uuid, MGMT_ADD_UUID_SIZE },
6522 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6523 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6524 HCI_MGMT_VAR_LEN },
6525 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6526 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6527 { disconnect, MGMT_DISCONNECT_SIZE },
6528 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6529 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6530 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6531 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6532 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6533 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6534 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6535 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6536 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6537 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6538 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6539 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6540 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6541 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6542 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6543 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6544 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6545 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6546 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6547 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6548 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6549 { set_advertising, MGMT_SETTING_SIZE },
6550 { set_bredr, MGMT_SETTING_SIZE },
6551 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6552 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6553 { set_secure_conn, MGMT_SETTING_SIZE },
6554 { set_debug_keys, MGMT_SETTING_SIZE },
6555 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6556 { load_irks, MGMT_LOAD_IRKS_SIZE,
6557 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6558 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6559 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6560 { add_device, MGMT_ADD_DEVICE_SIZE },
6561 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6562 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6563 HCI_MGMT_VAR_LEN },
6564 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6565 HCI_MGMT_NO_HDEV |
6566 HCI_MGMT_UNTRUSTED },
b9a245fb 6567 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6568 HCI_MGMT_UNCONFIGURED |
6569 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6570 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6571 HCI_MGMT_UNCONFIGURED },
6572 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6573 HCI_MGMT_UNCONFIGURED },
6574 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6575 HCI_MGMT_VAR_LEN },
4f0f155c 6576 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6577 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6578 HCI_MGMT_NO_HDEV |
6579 HCI_MGMT_UNTRUSTED },
d3d5305b 6580 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
0f4e68cf
JH		 6581};
6582
6d785aa3
JH		 6583int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6584 struct msghdr *msg, size_t msglen)
0381101f 6585{
650f726d
VCG		 6586 void *buf;
6587 u8 *cp;
0381101f 6588 struct mgmt_hdr *hdr;
4e51eae9 6589 u16 opcode, index, len;
bdb6d971 6590 struct hci_dev *hdev = NULL;
6d785aa3 6591 const struct hci_mgmt_handler *handler;
b9a245fb 6592 bool var_len, no_hdev;
0381101f
JH		 6593 int err;
6594
6595 BT_DBG("got %zu bytes", msglen);
6596
6597 if (msglen < sizeof(*hdr))
6598 return -EINVAL;
6599
e63a15ec 6600 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6601 if (!buf)
6602 return -ENOMEM;
6603
6ce8e9ce 6604 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6605 err = -EFAULT;
6606 goto done;
6607 }
6608
650f726d 6609 hdr = buf;
1f350c87
MH		 6610 opcode = __le16_to_cpu(hdr->opcode);
6611 index = __le16_to_cpu(hdr->index);
6612 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6613
6614 if (len != msglen - sizeof(*hdr)) {
6615 err = -EINVAL;
6616 goto done;
6617 }
6618
b9a245fb
JH		 6619 if (opcode >= chan->handler_count ||
6620 chan->handlers[opcode].func == NULL) {
6621 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6622 err = mgmt_cmd_status(sk, index, opcode,
6623 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6624 goto done;
6625 }
6626
6627 handler = &chan->handlers[opcode];
6628
c927a104
MH		 6629 if (!hci_sock_test_flag(sk, HCI_SOCK_TRUSTED) &&
6630 !(handler->flags & HCI_MGMT_UNTRUSTED)) {
6631 err = mgmt_cmd_status(sk, index, opcode,
6632 MGMT_STATUS_PERMISSION_DENIED);
6633 goto done;
6634 }
6635
0f4e68cf 6636 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6637 hdev = hci_dev_get(index);
6638 if (!hdev) {
a69e8375
JH		 6639 err = mgmt_cmd_status(sk, index, opcode,
6640 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6641 goto done;
6642 }
0736cfa8 6643
d7a5a11d
MH		 6644 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
6645 hci_dev_test_flag(hdev, HCI_CONFIG) ||
6646 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
a69e8375
JH		 6647 err = mgmt_cmd_status(sk, index, opcode,
6648 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6649 goto done;
6650 }
42a9bc14 6651
d7a5a11d 6652 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
b9a245fb 6653 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6654 err = mgmt_cmd_status(sk, index, opcode,
6655 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6656 goto done;
6657 }
bdb6d971
JH		 6658 }
6659
b9a245fb
JH		 6660 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6661 if (no_hdev != !hdev) {
a69e8375
JH		 6662 err = mgmt_cmd_status(sk, index, opcode,
6663 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6664 goto done;
0381101f
JH		 6665 }
6666
b9a245fb
JH		 6667 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6668 if ((var_len && len < handler->data_len) ||
6669 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6670 err = mgmt_cmd_status(sk, index, opcode,
6671 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6672 goto done;
6673 }
6674
0f4e68cf
JH		 6675 if (hdev)
6676 mgmt_init_hdev(sk, hdev);
6677
6678 cp = buf + sizeof(*hdr);
6679
be22b54e 6680 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6681 if (err < 0)
6682 goto done;
6683
0381101f
JH		 6684 err = msglen;
6685
6686done:
bdb6d971
JH		 6687 if (hdev)
6688 hci_dev_put(hdev);
6689
0381101f
JH		 6690 kfree(buf);
6691 return err;
6692}
c71e97bf 6693
bf6b56db 6694void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6695{
ced85549 6696 struct mgmt_ev_ext_index ev;
bb4b2a9a 6697
0602a8ad
MH		 6698 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6699 return;
6700
f9207338
MH		 6701 switch (hdev->dev_type) {
6702 case HCI_BREDR:
6703 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6704 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6705 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6706 ev.type = 0x01;
f9207338
MH		 6707 } else {
6708 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6709 HCI_MGMT_INDEX_EVENTS);
ced85549 6710 ev.type = 0x00;
f9207338
MH		 6711 }
6712 break;
ced85549
MH		 6713 case HCI_AMP:
6714 ev.type = 0x02;
6715 break;
6716 default:
6717 return;
f9207338 6718 }
ced85549
MH		 6719
6720 ev.bus = hdev->bus;
6721
6722 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6723 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6724}
6725
bf6b56db 6726void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6727{
ced85549 6728 struct mgmt_ev_ext_index ev;
5f159032 6729 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6730
0602a8ad
MH		 6731 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6732 return;
6733
f9207338
MH		 6734 switch (hdev->dev_type) {
6735 case HCI_BREDR:
6736 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6737
f9207338
MH		 6738 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6739 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6740 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6741 ev.type = 0x01;
f9207338
MH		 6742 } else {
6743 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6744 HCI_MGMT_INDEX_EVENTS);
ced85549 6745 ev.type = 0x00;
f9207338
MH		 6746 }
6747 break;
ced85549
MH		 6748 case HCI_AMP:
6749 ev.type = 0x02;
6750 break;
6751 default:
6752 return;
f9207338 6753 }
ced85549
MH		 6754
6755 ev.bus = hdev->bus;
6756
6757 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6758 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6759}
6760
6046dc3e 6761/* This function requires the caller holds hdev->lock */
2cf22218 6762static void restart_le_actions(struct hci_request *req)
6046dc3e 6763{
2cf22218 6764 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6765 struct hci_conn_params *p;
6766
6767 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6768 /* Needed for AUTO_OFF case where might not "really"
6769 * have been powered off.
6770 */
6771 list_del_init(&p->action);
6772
6773 switch (p->auto_connect) {
4b9e7e75 6774 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6775 case HCI_AUTO_CONN_ALWAYS:
6776 list_add(&p->action, &hdev->pend_le_conns);
6777 break;
6778 case HCI_AUTO_CONN_REPORT:
6779 list_add(&p->action, &hdev->pend_le_reports);
6780 break;
6781 default:
6782 break;
c83ed19d 6783 }
6046dc3e 6784 }
c83ed19d 6785
2cf22218 6786 __hci_update_background_scan(req);
6046dc3e
AG		 6787}
6788
1904a853 6789static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6790{
6791 struct cmd_lookup match = { NULL, hdev };
6792
6793 BT_DBG("status 0x%02x", status);
6794
162a3bac
MH		 6795 if (!status) {
6796 /* Register the available SMP channels (BR/EDR and LE) only
6797 * when successfully powering on the controller. This late
6798 * registration is required so that LE SMP can clearly
6799 * decide if the public address or static address is used.
6800 */
6801 smp_register(hdev);
6802 }
6803
229ab39c
JH		 6804 hci_dev_lock(hdev);
6805
6806 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6807
6808 new_settings(hdev, match.sk);
6809
6810 hci_dev_unlock(hdev);
6811
6812 if (match.sk)
6813 sock_put(match.sk);
6814}
6815
70da6243 6816static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6817{
890ea898 6818 struct hci_request req;
70da6243 6819 u8 link_sec;
5add6af8 6820
890ea898
JH		 6821 hci_req_init(&req, hdev);
6822
d7a5a11d 6823 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6824 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6825 u8 mode = 0x01;
5e5282bb 6826
574ea3c7
MH		 6827 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6828
6829 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6830 u8 support = 0x01;
5add6af8 6831
574ea3c7
MH		 6832 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6833 sizeof(support), &support);
6834 }
ec6f99b8
JH		 6835 }
6836
d7a5a11d 6837 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6838 lmp_bredr_capable(hdev)) {
70da6243 6839 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6840
32226e4f
MH		 6841 cp.le = 0x01;
6842 cp.simul = 0x00;
3d1cbdd6 6843
70da6243
JH		 6844 /* Check first if we already have the right
6845 * host state (host features set)
6846 */
6847 if (cp.le != lmp_host_le_capable(hdev) ||
6848 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6849 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6850 sizeof(cp), &cp);
70da6243 6851 }
3d1cbdd6 6852
d13eafce 6853 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6854 /* Make sure the controller has a good default for
6855 * advertising data. This also applies to the case
6856 * where BR/EDR was toggled during the AUTO_OFF phase.
6857 */
d7a5a11d 6858 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6859 update_adv_data(&req);
f14d8f64
MH		 6860 update_scan_rsp_data(&req);
6861 }
441ad2d0 6862
d7a5a11d 6863 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 6864 enable_advertising(&req);
2cf22218
JH		 6865
6866 restart_le_actions(&req);
eeca6f89
JH		 6867 }
6868
d7a5a11d 6869 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6870 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6871 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6872 sizeof(link_sec), &link_sec);
562fcc24 6873
70da6243 6874 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6875 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6876 write_fast_connectable(&req, true);
6877 else
6878 write_fast_connectable(&req, false);
1d2dc5b7 6879 __hci_update_page_scan(&req);
890ea898 6880 update_class(&req);
13928971 6881 update_name(&req);
890ea898 6882 update_eir(&req);
70da6243 6883 }
562fcc24 6884
229ab39c 6885 return hci_req_run(&req, powered_complete);
70da6243 6886}
562fcc24 6887
70da6243
JH		 6888int mgmt_powered(struct hci_dev *hdev, u8 powered)
6889{
6890 struct cmd_lookup match = { NULL, hdev };
9845904f 6891 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6892 int err;
f0ff92fb 6893
d7a5a11d 6894 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6895 return 0;
6896
70da6243 6897 if (powered) {
229ab39c
JH		 6898 if (powered_update_hci(hdev) == 0)
6899 return 0;
fe038884 6900
229ab39c
JH		 6901 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6902 &match);
6903 goto new_settings;
b24752fe
JH		 6904 }
6905
229ab39c 6906 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6907
6908 /* If the power off is because of hdev unregistration let
6909 * use the appropriate INVALID_INDEX status. Otherwise use
6910 * NOT_POWERED. We cover both scenarios here since later in
6911 * mgmt_index_removed() any hci_conn callbacks will have already
6912 * been triggered, potentially causing misleading DISCONNECTED
6913 * status responses.
6914 */
d7a5a11d 6915 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6916 status = MGMT_STATUS_INVALID_INDEX;
6917 else
6918 status = MGMT_STATUS_NOT_POWERED;
6919
6920 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6921
6922 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
f6b7712e
MH		 6923 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6924 zero_cod, sizeof(zero_cod), NULL);
229ab39c
JH		 6925
6926new_settings:
beadb2bd 6927 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6928
6929 if (match.sk)
6930 sock_put(match.sk);
6931
7bb895d6 6932 return err;
5add6af8 6933}
73f22f62 6934
3eec705e 6935void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6936{
3b0602cd 6937 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6938 u8 status;
6939
6940 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6941 if (!cmd)
3eec705e 6942 return;
96570ffc
JH		 6943
6944 if (err == -ERFKILL)
6945 status = MGMT_STATUS_RFKILLED;
6946 else
6947 status = MGMT_STATUS_FAILED;
6948
a69e8375 6949 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6950
6951 mgmt_pending_remove(cmd);
96570ffc
JH		 6952}
6953
d1967ff8
MH		 6954void mgmt_discoverable_timeout(struct hci_dev *hdev)
6955{
6956 struct hci_request req;
d1967ff8
MH		 6957
6958 hci_dev_lock(hdev);
6959
6960 /* When discoverable timeout triggers, then just make sure
6961 * the limited discoverable flag is cleared. Even in the case
6962 * of a timeout triggered from general discoverable, it is
6963 * safe to unconditionally clear the flag.
6964 */
a358dc11
MH		 6965 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6966 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6967
6968 hci_req_init(&req, hdev);
d7a5a11d 6969 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6970 u8 scan = SCAN_PAGE;
6971 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6972 sizeof(scan), &scan);
6973 }
d1967ff8 6974 update_class(&req);
9a43e25f 6975 update_adv_data(&req);
d1967ff8
MH		 6976 hci_req_run(&req, NULL);
6977
6978 hdev->discov_timeout = 0;
6979
9a43e25f
JH		 6980 new_settings(hdev, NULL);
6981
d1967ff8
MH		 6982 hci_dev_unlock(hdev);
6983}
6984
dc4a5ee2
MH		 6985void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6986 bool persistent)
55ed8ca1 6987{
86742e1e 6988 struct mgmt_ev_new_link_key ev;
55ed8ca1 6989
a492cd52 6990 memset(&ev, 0, sizeof(ev));
55ed8ca1 6991
a492cd52 6992 ev.store_hint = persistent;
d753fdc4 6993 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6994 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6995 ev.key.type = key->type;
9b3b4460 6996 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6997 ev.key.pin_len = key->pin_len;
55ed8ca1 6998
dc4a5ee2 6999 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7000}
f7520543 7001
d7b25450
JH		 7002static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7003{
23fb8de3
JH		 7004 switch (ltk->type) {
7005 case SMP_LTK:
7006 case SMP_LTK_SLAVE:
7007 if (ltk->authenticated)
7008 return MGMT_LTK_AUTHENTICATED;
7009 return MGMT_LTK_UNAUTHENTICATED;
7010 case SMP_LTK_P256:
7011 if (ltk->authenticated)
7012 return MGMT_LTK_P256_AUTH;
7013 return MGMT_LTK_P256_UNAUTH;
7014 case SMP_LTK_P256_DEBUG:
7015 return MGMT_LTK_P256_DEBUG;
7016 }
d7b25450
JH		 7017
7018 return MGMT_LTK_UNAUTHENTICATED;
7019}
7020
53ac6ab6 7021void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7022{
7023 struct mgmt_ev_new_long_term_key ev;
7024
7025 memset(&ev, 0, sizeof(ev));
7026
5192d301
MH		 7027 /* Devices using resolvable or non-resolvable random addresses
7028 * without providing an indentity resolving key don't require
7029 * to store long term keys. Their addresses will change the
7030 * next time around.
7031 *
7032 * Only when a remote device provides an identity address
7033 * make sure the long term key is stored. If the remote
7034 * identity is known, the long term keys are internally
7035 * mapped to the identity address. So allow static random
7036 * and public addresses here.
7037 */
ba74b666
JH		 7038 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7039 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7040 ev.store_hint = 0x00;
7041 else
53ac6ab6 7042 ev.store_hint = persistent;
ba74b666 7043
346af67b 7044 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7045 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7046 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7047 ev.key.enc_size = key->enc_size;
7048 ev.key.ediv = key->ediv;
fe39c7b2 7049 ev.key.rand = key->rand;
346af67b 7050
2ceba539 7051 if (key->type == SMP_LTK)
346af67b
VCG		 7052 ev.key.master = 1;
7053
346af67b
VCG		 7054 memcpy(ev.key.val, key->val, sizeof(key->val));
7055
083368f7 7056 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7057}
7058
95fbac8a
JH		 7059void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
7060{
7061 struct mgmt_ev_new_irk ev;
7062
7063 memset(&ev, 0, sizeof(ev));
7064
bab6d1e5
MH		 7065 /* For identity resolving keys from devices that are already
7066 * using a public address or static random address, do not
7067 * ask for storing this key. The identity resolving key really
7068 * is only mandatory for devices using resovlable random
7069 * addresses.
7070 *
7071 * Storing all identity resolving keys has the downside that
7072 * they will be also loaded on next boot of they system. More
7073 * identity resolving keys, means more time during scanning is
7074 * needed to actually resolve these addresses.
7075 */
7076 if (bacmp(&irk->rpa, BDADDR_ANY))
7077 ev.store_hint = 0x01;
7078 else
7079 ev.store_hint = 0x00;
7080
95fbac8a
JH		 7081 bacpy(&ev.rpa, &irk->rpa);
7082 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7083 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7084 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7085
7086 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7087}
7088
53ac6ab6
MH		 7089void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7090 bool persistent)
7ee4ea36
MH		 7091{
7092 struct mgmt_ev_new_csrk ev;
7093
7094 memset(&ev, 0, sizeof(ev));
7095
7096 /* Devices using resolvable or non-resolvable random addresses
7097 * without providing an indentity resolving key don't require
7098 * to store signature resolving keys. Their addresses will change
7099 * the next time around.
7100 *
7101 * Only when a remote device provides an identity address
7102 * make sure the signature resolving key is stored. So allow
7103 * static random and public addresses here.
7104 */
7105 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7106 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7107 ev.store_hint = 0x00;
7108 else
53ac6ab6 7109 ev.store_hint = persistent;
7ee4ea36
MH		 7110
7111 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7112 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7113 ev.key.type = csrk->type;
7ee4ea36
MH		 7114 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7115
7116 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7117}
7118
ffb5a827 7119void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7120 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7121 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7122{
7123 struct mgmt_ev_new_conn_param ev;
7124
c103aea6
JH		 7125 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7126 return;
7127
ffb5a827
AG		 7128 memset(&ev, 0, sizeof(ev));
7129 bacpy(&ev.addr.bdaddr, bdaddr);
7130 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7131 ev.store_hint = store_hint;
ffb5a827
AG		 7132 ev.min_interval = cpu_to_le16(min_interval);
7133 ev.max_interval = cpu_to_le16(max_interval);
7134 ev.latency = cpu_to_le16(latency);
7135 ev.timeout = cpu_to_le16(timeout);
7136
7137 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7138}
7139
48ec92fa
AA		 7140void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7141 u32 flags, u8 *name, u8 name_len)
f7520543 7142{
b644ba33
JH		 7143 char buf[512];
7144 struct mgmt_ev_device_connected *ev = (void *) buf;
7145 u16 eir_len = 0;
f7520543 7146
48ec92fa
AA		 7147 bacpy(&ev->addr.bdaddr, &conn->dst);
7148 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7149
c95f0ba7 7150 ev->flags = __cpu_to_le32(flags);
08c79b61 7151
fd45ada9
AA		 7152 /* We must ensure that the EIR Data fields are ordered and
7153 * unique. Keep it simple for now and avoid the problem by not
7154 * adding any BR/EDR data to the LE adv.
7155 */
7156 if (conn->le_adv_data_len > 0) {
7157 memcpy(&ev->eir[eir_len],
7158 conn->le_adv_data, conn->le_adv_data_len);
7159 eir_len = conn->le_adv_data_len;
7160 } else {
7161 if (name_len > 0)
7162 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7163 name, name_len);
b644ba33 7164
ddbea5cf 7165 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7166 eir_len = eir_append_data(ev->eir, eir_len,
7167 EIR_CLASS_OF_DEV,
7168 conn->dev_class, 3);
7169 }
b644ba33 7170
eb55ef07 7171 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7172
ecd90ae7
MH		 7173 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7174 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7175}
7176
3b0602cd 7177static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7178{
8962ee74 7179 struct sock **sk = data;
8962ee74 7180
f5818c22 7181 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7182
7183 *sk = cmd->sk;
7184 sock_hold(*sk);
7185
a664b5bc 7186 mgmt_pending_remove(cmd);
8962ee74
JH		 7187}
7188
3b0602cd 7189static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7190{
b1078ad0 7191 struct hci_dev *hdev = data;
124f6e35 7192 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7193
b1078ad0
JH		 7194 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7195
d8b7b1e4 7196 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7197 mgmt_pending_remove(cmd);
7198}
7199
84c61d92
JH		 7200bool mgmt_powering_down(struct hci_dev *hdev)
7201{
3b0602cd 7202 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7203 struct mgmt_mode *cp;
7204
7205 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
7206 if (!cmd)
7207 return false;
7208
7209 cp = cmd->param;
7210 if (!cp->val)
7211 return true;
7212
7213 return false;
7214}
7215
9b80ec5e 7216void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7217 u8 link_type, u8 addr_type, u8 reason,
7218 bool mgmt_connected)
f7520543 7219{
f0d6a0ea 7220 struct mgmt_ev_device_disconnected ev;
8962ee74 7221 struct sock *sk = NULL;
8962ee74 7222
84c61d92
JH		 7223 /* The connection is still in hci_conn_hash so test for 1
7224 * instead of 0 to know if this is the last one.
7225 */
7226 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7227 cancel_delayed_work(&hdev->power_off);
7228 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7229 }
7230
12d4a3b2
JH		 7231 if (!mgmt_connected)
7232 return;
7233
57eb776f
AG		 7234 if (link_type != ACL_LINK && link_type != LE_LINK)
7235 return;
7236
744cf19e 7237 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7238
f0d6a0ea
MA		 7239 bacpy(&ev.addr.bdaddr, bdaddr);
7240 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7241 ev.reason = reason;
f7520543 7242
9b80ec5e 7243 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7244
7245 if (sk)
d97dcb66 7246 sock_put(sk);
8962ee74 7247
124f6e35 7248 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7249 hdev);
8962ee74
JH		 7250}
7251
7892924c
MH		 7252void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7253 u8 link_type, u8 addr_type, u8 status)
8962ee74 7254{
3655bba8
AG		 7255 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7256 struct mgmt_cp_disconnect *cp;
3b0602cd 7257 struct mgmt_pending_cmd *cmd;
8962ee74 7258
36a75f1b
JD		 7259 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7260 hdev);
7261
2e58ef3e 7262 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7263 if (!cmd)
7892924c 7264 return;
8962ee74 7265
3655bba8
AG		 7266 cp = cmd->param;
7267
7268 if (bacmp(bdaddr, &cp->addr.bdaddr))
7269 return;
7270
7271 if (cp->addr.type != bdaddr_type)
7272 return;
7273
f5818c22 7274 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7275 mgmt_pending_remove(cmd);
f7520543 7276}
17d5c04c 7277
445608d0
MH		 7278void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7279 u8 addr_type, u8 status)
17d5c04c
JH		 7280{
7281 struct mgmt_ev_connect_failed ev;
c9910d0f 7282
84c61d92
JH		 7283 /* The connection is still in hci_conn_hash so test for 1
7284 * instead of 0 to know if this is the last one.
7285 */
7286 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7287 cancel_delayed_work(&hdev->power_off);
7288 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7289 }
17d5c04c 7290
4c659c39 7291 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7292 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7293 ev.status = mgmt_status(status);
17d5c04c 7294
445608d0 7295 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7296}
980e1a53 7297
ce0e4a0d 7298void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7299{
7300 struct mgmt_ev_pin_code_request ev;
7301
d8457698 7302 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7303 ev.addr.type = BDADDR_BREDR;
a770bb5a 7304 ev.secure = secure;
980e1a53 7305
ce0e4a0d 7306 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7307}
7308
e669cf80
MH		 7309void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7310 u8 status)
980e1a53 7311{
3b0602cd 7312 struct mgmt_pending_cmd *cmd;
980e1a53 7313
2e58ef3e 7314 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7315 if (!cmd)
e669cf80 7316 return;
980e1a53 7317
7776d1d8 7318 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7319 mgmt_pending_remove(cmd);
980e1a53
JH		 7320}
7321
3eb38528
MH		 7322void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7323 u8 status)
980e1a53 7324{
3b0602cd 7325 struct mgmt_pending_cmd *cmd;
980e1a53 7326
2e58ef3e 7327 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7328 if (!cmd)
3eb38528 7329 return;
980e1a53 7330
7776d1d8 7331 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7332 mgmt_pending_remove(cmd);
980e1a53 7333}
a5c29683 7334
744cf19e 7335int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7336 u8 link_type, u8 addr_type, u32 value,
04124681 7337 u8 confirm_hint)
a5c29683
JH		 7338{
7339 struct mgmt_ev_user_confirm_request ev;
7340
744cf19e 7341 BT_DBG("%s", hdev->name);
a5c29683 7342
272d90df 7343 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7344 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7345 ev.confirm_hint = confirm_hint;
39adbffe 7346 ev.value = cpu_to_le32(value);
a5c29683 7347
744cf19e 7348 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7349 NULL);
a5c29683
JH		 7350}
7351
272d90df 7352int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7353 u8 link_type, u8 addr_type)
604086b7
BG		 7354{
7355 struct mgmt_ev_user_passkey_request ev;
7356
7357 BT_DBG("%s", hdev->name);
7358
272d90df 7359 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7360 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7361
7362 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7363 NULL);
604086b7
BG		 7364}
7365
0df4c185 7366static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7367 u8 link_type, u8 addr_type, u8 status,
7368 u8 opcode)
a5c29683 7369{
3b0602cd 7370 struct mgmt_pending_cmd *cmd;
a5c29683 7371
2e58ef3e 7372 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 7373 if (!cmd)
7374 return -ENOENT;
7375
7776d1d8 7376 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7377 mgmt_pending_remove(cmd);
a5c29683 7378
7776d1d8 7379 return 0;
a5c29683
JH		 7380}
7381
744cf19e 7382int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7383 u8 link_type, u8 addr_type, u8 status)
a5c29683 7384{
272d90df 7385 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7386 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7387}
7388
272d90df 7389int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7390 u8 link_type, u8 addr_type, u8 status)
a5c29683 7391{
272d90df 7392 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7393 status,
7394 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7395}
2a611692 7396
604086b7 7397int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7398 u8 link_type, u8 addr_type, u8 status)
604086b7 7399{
272d90df 7400 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7401 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7402}
7403
272d90df 7404int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7405 u8 link_type, u8 addr_type, u8 status)
604086b7 7406{
272d90df 7407 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7408 status,
7409 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7410}
7411
92a25256
JH		 7412int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7413 u8 link_type, u8 addr_type, u32 passkey,
7414 u8 entered)
7415{
7416 struct mgmt_ev_passkey_notify ev;
7417
7418 BT_DBG("%s", hdev->name);
7419
7420 bacpy(&ev.addr.bdaddr, bdaddr);
7421 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7422 ev.passkey = __cpu_to_le32(passkey);
7423 ev.entered = entered;
7424
7425 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7426}
7427
e1e930f5 7428void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7429{
7430 struct mgmt_ev_auth_failed ev;
3b0602cd 7431 struct mgmt_pending_cmd *cmd;
e1e930f5 7432 u8 status = mgmt_status(hci_status);
2a611692 7433
e1e930f5
JH		 7434 bacpy(&ev.addr.bdaddr, &conn->dst);
7435 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7436 ev.status = status;
2a611692 7437
e1e930f5
JH		 7438 cmd = find_pairing(conn);
7439
7440 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7441 cmd ? cmd->sk : NULL);
7442
a511b35b
JH		 7443 if (cmd) {
7444 cmd->cmd_complete(cmd, status);
7445 mgmt_pending_remove(cmd);
7446 }
2a611692 7447}
b312b161 7448
464996ae 7449void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7450{
7451 struct cmd_lookup match = { NULL, hdev };
464996ae 7452 bool changed;
33ef95ed
JH		 7453
7454 if (status) {
7455 u8 mgmt_err = mgmt_status(status);
7456 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7457 cmd_status_rsp, &mgmt_err);
464996ae 7458 return;
33ef95ed
JH		 7459 }
7460
464996ae 7461 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7462 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7463 else
a69d8927 7464 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7465
33ef95ed 7466 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7467 &match);
33ef95ed 7468
47990ea0 7469 if (changed)
464996ae 7470 new_settings(hdev, match.sk);
33ef95ed
JH		 7471
7472 if (match.sk)
7473 sock_put(match.sk);
33ef95ed
JH		 7474}
7475
890ea898 7476static void clear_eir(struct hci_request *req)
cacaf52f 7477{
890ea898 7478 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7479 struct hci_cp_write_eir cp;
7480
976eb20e 7481 if (!lmp_ext_inq_capable(hdev))
890ea898 7482 return;
cacaf52f 7483
c80da27e
JH		 7484 memset(hdev->eir, 0, sizeof(hdev->eir));
7485
cacaf52f
JH		 7486 memset(&cp, 0, sizeof(cp));
7487
890ea898 7488 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7489}
7490
3e248560 7491void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7492{
7493 struct cmd_lookup match = { NULL, hdev };
890ea898 7494 struct hci_request req;
c0ecddc2 7495 bool changed = false;
ed2c4ee3
JH		 7496
7497 if (status) {
7498 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7499
a69d8927
MH		 7500 if (enable && hci_dev_test_and_clear_flag(hdev,
7501 HCI_SSP_ENABLED)) {
a358dc11 7502 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7503 new_settings(hdev, NULL);
9ecb3e24 7504 }
c0ecddc2 7505
04124681
GP		 7506 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7507 &mgmt_err);
3e248560 7508 return;
c0ecddc2
JH		 7509 }
7510
7511 if (enable) {
238be788 7512 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7513 } else {
a69d8927 7514 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7515 if (!changed)
a69d8927
MH		 7516 changed = hci_dev_test_and_clear_flag(hdev,
7517 HCI_HS_ENABLED);
9ecb3e24 7518 else
a358dc11 7519 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7520 }
7521
7522 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7523
c0ecddc2 7524 if (changed)
3e248560 7525 new_settings(hdev, match.sk);
ed2c4ee3 7526
5fc6ebb1 7527 if (match.sk)
ed2c4ee3
JH		 7528 sock_put(match.sk);
7529
890ea898
JH		 7530 hci_req_init(&req, hdev);
7531
d7a5a11d
MH		 7532 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7533 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7534 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7535 sizeof(enable), &enable);
890ea898 7536 update_eir(&req);
3769972b 7537 } else {
890ea898 7538 clear_eir(&req);
3769972b 7539 }
890ea898
JH		 7540
7541 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7542}
7543
3b0602cd 7544static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7545{
7546 struct cmd_lookup *match = data;
7547
90e70454
JH		 7548 if (match->sk == NULL) {
7549 match->sk = cmd->sk;
7550 sock_hold(match->sk);
7551 }
90e70454
JH		 7552}
7553
4e1b0245
MH		 7554void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7555 u8 status)
7f9a903c 7556{
90e70454 7557 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7558
92da6097
JH		 7559 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7560 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7561 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7562
7563 if (!status)
f6b7712e
MH		 7564 mgmt_generic_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7565 dev_class, 3, NULL);
90e70454
JH		 7566
7567 if (match.sk)
7568 sock_put(match.sk);
7f9a903c
MH		 7569}
7570
7667da34 7571void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7572{
b312b161 7573 struct mgmt_cp_set_local_name ev;
3b0602cd 7574 struct mgmt_pending_cmd *cmd;
28cc7bde 7575
13928971 7576 if (status)
7667da34 7577 return;
b312b161
JH		 7578
7579 memset(&ev, 0, sizeof(ev));
7580 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7581 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7582
2e58ef3e 7583 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7584 if (!cmd) {
7585 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7586
13928971
JH		 7587 /* If this is a HCI command related to powering on the
7588 * HCI dev don't send any mgmt signals.
7589 */
7590 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7591 return;
890ea898 7592 }
b312b161 7593
f6b7712e
MH		 7594 mgmt_generic_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7595 cmd ? cmd->sk : NULL);
b312b161 7596}
c35938b2 7597
4d2d2796 7598void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7599 u8 *rand192, u8 *hash256, u8 *rand256,
7600 u8 status)
c35938b2 7601{
3b0602cd 7602 struct mgmt_pending_cmd *cmd;
c35938b2 7603
744cf19e 7604 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7605
2e58ef3e 7606 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7607 if (!cmd)
3edaf092 7608 return;
c35938b2
SJ		 7609
7610 if (status) {
a69e8375
JH		 7611 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7612 mgmt_status(status));
c35938b2 7613 } else {
66f096f7
JH		 7614 struct mgmt_rp_read_local_oob_data rp;
7615 size_t rp_size = sizeof(rp);
4d2d2796 7616
66f096f7
JH		 7617 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7618 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7619
66f096f7 7620 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7621 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7622 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7623 } else {
66f096f7 7624 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7625 }
66f096f7 7626
2a1afb5a
JH		 7627 mgmt_cmd_complete(cmd->sk, hdev->id,
7628 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7629 &rp, rp_size);
c35938b2
SJ		 7630 }
7631
7632 mgmt_pending_remove(cmd);
c35938b2 7633}
e17acd40 7634
799ce93d
JP		 7635static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7636{
7637 int i;
7638
7639 for (i = 0; i < uuid_count; i++) {
7640 if (!memcmp(uuid, uuids[i], 16))
7641 return true;
7642 }
7643
7644 return false;
7645}
7646
b487b9ce
MH		 7647static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7648{
799ce93d
JP		 7649 u16 parsed = 0;
7650
7651 while (parsed < eir_len) {
7652 u8 field_len = eir[0];
7653 u8 uuid[16];
7654 int i;
7655
7656 if (field_len == 0)
7657 break;
7658
7659 if (eir_len - parsed < field_len + 1)
7660 break;
7661
7662 switch (eir[1]) {
7663 case EIR_UUID16_ALL:
7664 case EIR_UUID16_SOME:
7665 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7666 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7667 uuid[13] = eir[i + 3];
7668 uuid[12] = eir[i + 2];
7669 if (has_uuid(uuid, uuid_count, uuids))
7670 return true;
7671 }
7672 break;
7673 case EIR_UUID32_ALL:
7674 case EIR_UUID32_SOME:
7675 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7676 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7677 uuid[15] = eir[i + 5];
7678 uuid[14] = eir[i + 4];
7679 uuid[13] = eir[i + 3];
7680 uuid[12] = eir[i + 2];
7681 if (has_uuid(uuid, uuid_count, uuids))
7682 return true;
7683 }
7684 break;
7685 case EIR_UUID128_ALL:
7686 case EIR_UUID128_SOME:
7687 for (i = 0; i + 17 <= field_len; i += 16) {
7688 memcpy(uuid, eir + i + 2, 16);
7689 if (has_uuid(uuid, uuid_count, uuids))
7690 return true;
7691 }
7692 break;
7693 }
7694
7695 parsed += field_len + 1;
7696 eir += field_len + 1;
7697 }
7698
b487b9ce
MH		 7699 return false;
7700}
7701
4b0e0ced
JP		 7702static void restart_le_scan(struct hci_dev *hdev)
7703{
7704 /* If controller is not scanning we are done. */
d7a5a11d 7705 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7706 return;
7707
7708 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7709 hdev->discovery.scan_start +
7710 hdev->discovery.scan_duration))
7711 return;
7712
7713 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7714 DISCOV_LE_RESTART_DELAY);
7715}
7716
48f86b7f
JP		 7717static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7718 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7719{
48f86b7f
JP		 7720 /* If a RSSI threshold has been specified, and
7721 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7722 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7723 * is set, let it through for further processing, as we might need to
7724 * restart the scan.
efb2513f
MH		 7725 *
7726 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7727 * the results are also dropped.
bda157a4
MH		 7728 */
7729 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7730 (rssi == HCI_RSSI_INVALID ||
7731 (rssi < hdev->discovery.rssi &&
7732 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7733 return false;
efb2513f 7734
2976cdeb
JP		 7735 if (hdev->discovery.uuid_count != 0) {
7736 /* If a list of UUIDs is provided in filter, results with no
7737 * matching UUID should be dropped.
b487b9ce 7738 */
2976cdeb
JP		 7739 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7740 hdev->discovery.uuids) &&
7741 !eir_has_uuids(scan_rsp, scan_rsp_len,
7742 hdev->discovery.uuid_count,
7743 hdev->discovery.uuids))
7744 return false;
b487b9ce 7745 }
5d2e9fad 7746
2976cdeb
JP		 7747 /* If duplicate filtering does not report RSSI changes, then restart
7748 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7749 */
2976cdeb
JP		 7750 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7751 restart_le_scan(hdev);
7752
7753 /* Validate RSSI value against the RSSI threshold once more. */
7754 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7755 rssi < hdev->discovery.rssi)
7756 return false;
7757 }
48f86b7f
JP		 7758
7759 return true;
7760}
7761
7762void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7763 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7764 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7765{
7766 char buf[512];
7767 struct mgmt_ev_device_found *ev = (void *)buf;
7768 size_t ev_size;
7769
7770 /* Don't send events for a non-kernel initiated discovery. With
7771 * LE one exception is if we have pend_le_reports > 0 in which
7772 * case we're doing passive scanning and want these events.
7773 */
7774 if (!hci_discovery_active(hdev)) {
7775 if (link_type == ACL_LINK)
7776 return;
7777 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7778 return;
7779 }
7780
82f8b651 7781 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7782 /* We are using service discovery */
7783 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7784 scan_rsp_len))
7785 return;
7786 }
7787
7788 /* Make sure that the buffer is big enough. The 5 extra bytes
7789 * are for the potential CoD field.
7790 */
7791 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7792 return;
7793
48f86b7f
JP		 7794 memset(buf, 0, sizeof(buf));
7795
7796 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7797 * RSSI value was reported as 0 when not available. This behavior
7798 * is kept when using device discovery. This is required for full
7799 * backwards compatibility with the API.
7800 *
7801 * However when using service discovery, the value 127 will be
7802 * returned when the RSSI is not available.
7803 */
7804 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7805 link_type == ACL_LINK)
7806 rssi = 0;
7807
7808 bacpy(&ev->addr.bdaddr, bdaddr);
7809 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7810 ev->rssi = rssi;
7811 ev->flags = cpu_to_le32(flags);
7812
7813 if (eir_len > 0)
7814 /* Copy EIR or advertising data into event */
7815 memcpy(ev->eir, eir, eir_len);
7816
7817 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7818 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7819 dev_class, 3);
7820
7821 if (scan_rsp_len > 0)
7822 /* Append scan response data to event */
7823 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7824
5d2e9fad
JH		 7825 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7826 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7827
901801b9 7828 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7829}
a88a9652 7830
9cf12aee
MH		 7831void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7832 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7833{
b644ba33
JH		 7834 struct mgmt_ev_device_found *ev;
7835 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7836 u16 eir_len;
a88a9652 7837
b644ba33 7838 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7839
b644ba33
JH		 7840 memset(buf, 0, sizeof(buf));
7841
7842 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7843 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7844 ev->rssi = rssi;
7845
7846 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7847 name_len);
b644ba33 7848
eb55ef07 7849 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7850
9cf12aee 7851 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7852}
314b2381 7853
2f1e063b 7854void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7855{
f963e8e9 7856 struct mgmt_ev_discovering ev;
164a6e78 7857
343fb145
AG		 7858 BT_DBG("%s discovering %u", hdev->name, discovering);
7859
f963e8e9
JH		 7860 memset(&ev, 0, sizeof(ev));
7861 ev.type = hdev->discovery.type;
7862 ev.discovering = discovering;
7863
2f1e063b 7864 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7865}
5e762444 7866
1904a853 7867static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7868{
7869 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7870}
7871
7872void mgmt_reenable_advertising(struct hci_dev *hdev)
7873{
7874 struct hci_request req;
7875
d7a5a11d 7876 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
5976e608
MH		 7877 return;
7878
7879 hci_req_init(&req, hdev);
7880 enable_advertising(&req);
0ec5ae84 7881 hci_req_run(&req, adv_enable_complete);
5976e608 7882}
6d785aa3
JH		 7883
7884static struct hci_mgmt_chan chan = {
7885 .channel = HCI_CHANNEL_CONTROL,
7886 .handler_count = ARRAY_SIZE(mgmt_handlers),
7887 .handlers = mgmt_handlers,
7888};
7889
7890int mgmt_init(void)
7891{
7892 return hci_mgmt_chan_register(&chan);
7893}
7894
7895void mgmt_exit(void)
7896{
7897 hci_mgmt_chan_unregister(&chan);
7898}
Linux kernel - Deliverables
This page took 1.322923 seconds and 5 git commands to generate.