]> Git Repo - linux.git/blame - net/bluetooth/mgmt.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix connectable and discoverable supported settings values
[linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 95 MGMT_OP_SET_PUBLIC_ADDRESS,
e70bb2e8
JH		 96};
97
98static const u16 mgmt_events[] = {
99 MGMT_EV_CONTROLLER_ERROR,
100 MGMT_EV_INDEX_ADDED,
101 MGMT_EV_INDEX_REMOVED,
102 MGMT_EV_NEW_SETTINGS,
103 MGMT_EV_CLASS_OF_DEV_CHANGED,
104 MGMT_EV_LOCAL_NAME_CHANGED,
105 MGMT_EV_NEW_LINK_KEY,
106 MGMT_EV_NEW_LONG_TERM_KEY,
107 MGMT_EV_DEVICE_CONNECTED,
108 MGMT_EV_DEVICE_DISCONNECTED,
109 MGMT_EV_CONNECT_FAILED,
110 MGMT_EV_PIN_CODE_REQUEST,
111 MGMT_EV_USER_CONFIRM_REQUEST,
112 MGMT_EV_USER_PASSKEY_REQUEST,
113 MGMT_EV_AUTH_FAILED,
114 MGMT_EV_DEVICE_FOUND,
115 MGMT_EV_DISCOVERING,
116 MGMT_EV_DEVICE_BLOCKED,
117 MGMT_EV_DEVICE_UNBLOCKED,
118 MGMT_EV_DEVICE_UNPAIRED,
92a25256 119 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 120 MGMT_EV_NEW_IRK,
7ee4ea36 121 MGMT_EV_NEW_CSRK,
8afef092
MH		 122 MGMT_EV_DEVICE_ADDED,
123 MGMT_EV_DEVICE_REMOVED,
ffb5a827 124 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 125 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 126 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 127 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 128};
129
17b02e62 130#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 131
4b34ee78
JH		 132#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
133 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
134
eec8d2bc
JH		 135struct pending_cmd {
136 struct list_head list;
fc2f4b13 137 u16 opcode;
eec8d2bc 138 int index;
c68fb7ff 139 void *param;
eec8d2bc 140 struct sock *sk;
e9a416b5 141 void *user_data;
eec8d2bc
JH		 142};
143
ca69b795
JH		 144/* HCI to MGMT error code conversion table */
145static u8 mgmt_status_table[] = {
146 MGMT_STATUS_SUCCESS,
147 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
148 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
149 MGMT_STATUS_FAILED, /* Hardware Failure */
150 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
151 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 152 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 153 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
154 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
156 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
157 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
158 MGMT_STATUS_BUSY, /* Command Disallowed */
159 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
160 MGMT_STATUS_REJECTED, /* Rejected Security */
161 MGMT_STATUS_REJECTED, /* Rejected Personal */
162 MGMT_STATUS_TIMEOUT, /* Host Timeout */
163 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
164 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
165 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
166 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
167 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
168 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
169 MGMT_STATUS_BUSY, /* Repeated Attempts */
170 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
171 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
172 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
173 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
174 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
175 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
176 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
177 MGMT_STATUS_FAILED, /* Unspecified Error */
178 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
179 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
180 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
181 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
182 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
183 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
184 MGMT_STATUS_FAILED, /* Unit Link Key Used */
185 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
186 MGMT_STATUS_TIMEOUT, /* Instant Passed */
187 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
188 MGMT_STATUS_FAILED, /* Transaction Collision */
189 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
190 MGMT_STATUS_REJECTED, /* QoS Rejected */
191 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
192 MGMT_STATUS_REJECTED, /* Insufficient Security */
193 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
194 MGMT_STATUS_BUSY, /* Role Switch Pending */
195 MGMT_STATUS_FAILED, /* Slot Violation */
196 MGMT_STATUS_FAILED, /* Role Switch Failed */
197 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
198 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
199 MGMT_STATUS_BUSY, /* Host Busy Pairing */
200 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
201 MGMT_STATUS_BUSY, /* Controller Busy */
202 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
203 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
204 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
205 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
206 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
207};
208
209static u8 mgmt_status(u8 hci_status)
210{
211 if (hci_status < ARRAY_SIZE(mgmt_status_table))
212 return mgmt_status_table[hci_status];
213
214 return MGMT_STATUS_FAILED;
215}
216
04c60f05
MH		 217static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
218 struct sock *skip_sk)
219{
220 struct sk_buff *skb;
221 struct mgmt_hdr *hdr;
222
223 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
224 if (!skb)
225 return -ENOMEM;
226
227 hdr = (void *) skb_put(skb, sizeof(*hdr));
228 hdr->opcode = cpu_to_le16(event);
229 if (hdev)
230 hdr->index = cpu_to_le16(hdev->id);
231 else
232 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
233 hdr->len = cpu_to_le16(data_len);
234
235 if (data)
236 memcpy(skb_put(skb, data_len), data, data_len);
237
238 /* Time stamp */
239 __net_timestamp(skb);
240
241 hci_send_to_control(skb, skip_sk);
242 kfree_skb(skb);
243
244 return 0;
245}
246
4e51eae9 247static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 248{
249 struct sk_buff *skb;
250 struct mgmt_hdr *hdr;
251 struct mgmt_ev_cmd_status *ev;
56b7d137 252 int err;
f7b64e69 253
34eb525c 254 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 255
790eff44 256 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 257 if (!skb)
258 return -ENOMEM;
259
260 hdr = (void *) skb_put(skb, sizeof(*hdr));
261
dcf4adbf 262 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 263 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 264 hdr->len = cpu_to_le16(sizeof(*ev));
265
266 ev = (void *) skb_put(skb, sizeof(*ev));
267 ev->status = status;
eb55ef07 268 ev->opcode = cpu_to_le16(cmd);
f7b64e69 269
56b7d137
GP		 270 err = sock_queue_rcv_skb(sk, skb);
271 if (err < 0)
f7b64e69
JH		 272 kfree_skb(skb);
273
56b7d137 274 return err;
f7b64e69
JH		 275}
276
aee9b218 277static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 278 void *rp, size_t rp_len)
02d98129
JH		 279{
280 struct sk_buff *skb;
281 struct mgmt_hdr *hdr;
282 struct mgmt_ev_cmd_complete *ev;
56b7d137 283 int err;
02d98129
JH		 284
285 BT_DBG("sock %p", sk);
286
790eff44 287 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 288 if (!skb)
289 return -ENOMEM;
290
291 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 292
dcf4adbf 293 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 294 hdr->index = cpu_to_le16(index);
a38528f1 295 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 296
a38528f1 297 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 298 ev->opcode = cpu_to_le16(cmd);
aee9b218 299 ev->status = status;
8020c16a
SJ		 300
301 if (rp)
302 memcpy(ev->data, rp, rp_len);
02d98129 303
56b7d137
GP		 304 err = sock_queue_rcv_skb(sk, skb);
305 if (err < 0)
02d98129
JH		 306 kfree_skb(skb);
307
e5f0e151 308 return err;
02d98129
JH		 309}
310
04124681
GP		 311static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
312 u16 data_len)
a38528f1
JH		 313{
314 struct mgmt_rp_read_version rp;
315
316 BT_DBG("sock %p", sk);
317
318 rp.version = MGMT_VERSION;
dcf4adbf 319 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 320
aee9b218 321 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 322 sizeof(rp));
a38528f1
JH		 323}
324
04124681
GP		 325static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
326 u16 data_len)
e70bb2e8
JH		 327{
328 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 329 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
330 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 331 __le16 *opcode;
e70bb2e8
JH		 332 size_t rp_size;
333 int i, err;
334
335 BT_DBG("sock %p", sk);
336
337 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
338
339 rp = kmalloc(rp_size, GFP_KERNEL);
340 if (!rp)
341 return -ENOMEM;
342
dcf4adbf
JP		 343 rp->num_commands = cpu_to_le16(num_commands);
344 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 345
346 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
347 put_unaligned_le16(mgmt_commands[i], opcode);
348
349 for (i = 0; i < num_events; i++, opcode++)
350 put_unaligned_le16(mgmt_events[i], opcode);
351
aee9b218 352 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 353 rp_size);
e70bb2e8
JH		 354 kfree(rp);
355
356 return err;
357}
358
04124681
GP		 359static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
360 u16 data_len)
faba42eb 361{
faba42eb 362 struct mgmt_rp_read_index_list *rp;
8035ded4 363 struct hci_dev *d;
a38528f1 364 size_t rp_len;
faba42eb 365 u16 count;
476e44cb 366 int err;
faba42eb
JH		 367
368 BT_DBG("sock %p", sk);
369
370 read_lock(&hci_dev_list_lock);
371
372 count = 0;
bb4b2a9a 373 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 374 if (d->dev_type == HCI_BREDR &&
375 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 376 count++;
faba42eb
JH		 377 }
378
a38528f1
JH		 379 rp_len = sizeof(*rp) + (2 * count);
380 rp = kmalloc(rp_len, GFP_ATOMIC);
381 if (!rp) {
b2c60d42 382 read_unlock(&hci_dev_list_lock);
faba42eb 383 return -ENOMEM;
b2c60d42 384 }
faba42eb 385
476e44cb 386 count = 0;
8035ded4 387 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 388 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 389 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a 390 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 391 continue;
392
73d1df2a
MH		 393 /* Devices marked as raw-only are neither configured
394 * nor unconfigured controllers.
395 */
396 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 397 continue;
398
73d1df2a
MH		 399 if (d->dev_type == HCI_BREDR &&
400 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 401 rp->index[count++] = cpu_to_le16(d->id);
402 BT_DBG("Added hci%u", d->id);
403 }
faba42eb
JH		 404 }
405
476e44cb
JH		 406 rp->num_controllers = cpu_to_le16(count);
407 rp_len = sizeof(*rp) + (2 * count);
408
faba42eb
JH		 409 read_unlock(&hci_dev_list_lock);
410
aee9b218 411 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 412 rp_len);
faba42eb 413
a38528f1
JH		 414 kfree(rp);
415
416 return err;
faba42eb
JH		 417}
418
73d1df2a
MH		 419static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
420 void *data, u16 data_len)
421{
422 struct mgmt_rp_read_unconf_index_list *rp;
423 struct hci_dev *d;
424 size_t rp_len;
425 u16 count;
426 int err;
427
428 BT_DBG("sock %p", sk);
429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
433 list_for_each_entry(d, &hci_dev_list, list) {
434 if (d->dev_type == HCI_BREDR &&
435 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
436 count++;
437 }
438
439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
442 read_unlock(&hci_dev_list_lock);
443 return -ENOMEM;
444 }
445
446 count = 0;
447 list_for_each_entry(d, &hci_dev_list, list) {
448 if (test_bit(HCI_SETUP, &d->dev_flags) ||
d603b76b 449 test_bit(HCI_CONFIG, &d->dev_flags) ||
73d1df2a
MH		 450 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
451 continue;
452
453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
457 continue;
458
459 if (d->dev_type == HCI_BREDR &&
460 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
461 rp->index[count++] = cpu_to_le16(d->id);
462 BT_DBG("Added hci%u", d->id);
463 }
464 }
465
466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
469 read_unlock(&hci_dev_list_lock);
470
471 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
472 0, rp, rp_len);
473
474 kfree(rp);
475
476 return err;
477}
478
dbece37a
MH		 479static bool is_configured(struct hci_dev *hdev)
480{
481 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
482 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
483 return false;
484
485 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
486 !bacmp(&hdev->public_addr, BDADDR_ANY))
487 return false;
488
489 return true;
490}
491
89bc22d2
MH		 492static __le32 get_missing_options(struct hci_dev *hdev)
493{
494 u32 options = 0;
495
dbece37a
MH		 496 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
497 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 498 options |= MGMT_OPTION_EXTERNAL_CONFIG;
499
89bc22d2
MH		 500 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
501 !bacmp(&hdev->public_addr, BDADDR_ANY))
502 options |= MGMT_OPTION_PUBLIC_ADDRESS;
503
504 return cpu_to_le32(options);
505}
506
f4537c04
MH		 507static int new_options(struct hci_dev *hdev, struct sock *skip)
508{
509 __le32 options = get_missing_options(hdev);
510
511 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
512 sizeof(options), skip);
513}
514
dbece37a
MH		 515static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
516{
517 __le32 options = get_missing_options(hdev);
518
519 return cmd_complete(sk, hdev->id, opcode, 0, &options,
520 sizeof(options));
521}
522
9fc3bfb6
MH		 523static int read_config_info(struct sock *sk, struct hci_dev *hdev,
524 void *data, u16 data_len)
525{
526 struct mgmt_rp_read_config_info rp;
89bc22d2 527 u32 options = 0;
9fc3bfb6
MH		 528
529 BT_DBG("sock %p %s", sk, hdev->name);
530
531 hci_dev_lock(hdev);
532
533 memset(&rp, 0, sizeof(rp));
534 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 535
eb1904f4
MH		 536 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
537 options |= MGMT_OPTION_EXTERNAL_CONFIG;
538
9fc3bfb6 539 if (hdev->set_bdaddr)
89bc22d2
MH		 540 options |= MGMT_OPTION_PUBLIC_ADDRESS;
541
542 rp.supported_options = cpu_to_le32(options);
543 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 544
545 hci_dev_unlock(hdev);
546
547 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
548 sizeof(rp));
549}
550
69ab39ea
JH		 551static u32 get_supported_settings(struct hci_dev *hdev)
552{
553 u32 settings = 0;
554
555 settings |= MGMT_SETTING_POWERED;
69ab39ea 556 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 557 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 558 settings |= MGMT_SETTING_CONNECTABLE;
559 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 560
ed3fa31f 561 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 562 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
563 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 564 settings |= MGMT_SETTING_BREDR;
565 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 566
567 if (lmp_ssp_capable(hdev)) {
568 settings |= MGMT_SETTING_SSP;
569 settings |= MGMT_SETTING_HS;
570 }
e98d2ce2 571
5afeac14 572 if (lmp_sc_capable(hdev) ||
111902f7 573 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 574 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 575 }
d7b7e796 576
eeca6f89 577 if (lmp_le_capable(hdev)) {
9d42820f 578 settings |= MGMT_SETTING_LE;
eeca6f89 579 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 580 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 581 }
69ab39ea 582
eb1904f4
MH		 583 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
584 hdev->set_bdaddr)
9fc3bfb6
MH		 585 settings |= MGMT_SETTING_CONFIGURATION;
586
69ab39ea
JH		 587 return settings;
588}
589
590static u32 get_current_settings(struct hci_dev *hdev)
591{
592 u32 settings = 0;
593
f1f0eb02 594 if (hdev_is_powered(hdev))
f0d4b78a
MH		 595 settings |= MGMT_SETTING_POWERED;
596
5e5282bb 597 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 598 settings |= MGMT_SETTING_CONNECTABLE;
599
1a4d3c4b
JH		 600 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
601 settings |= MGMT_SETTING_FAST_CONNECTABLE;
602
5e5282bb 603 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_DISCOVERABLE;
605
a8b2d5c2 606 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_PAIRABLE;
608
56f87901 609 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_BREDR;
611
06199cf8 612 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LE;
614
47990ea0 615 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_LINK_SECURITY;
617
84bde9d6 618 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 619 settings |= MGMT_SETTING_SSP;
620
6d80dfd0
JH		 621 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
622 settings |= MGMT_SETTING_HS;
623
f3d3444a 624 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 625 settings |= MGMT_SETTING_ADVERTISING;
626
e98d2ce2
MH		 627 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
628 settings |= MGMT_SETTING_SECURE_CONN;
629
0663b297 630 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 631 settings |= MGMT_SETTING_DEBUG_KEYS;
632
0f4bd942
JH		 633 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
634 settings |= MGMT_SETTING_PRIVACY;
635
69ab39ea
JH		 636 return settings;
637}
638
ef580372
JH		 639#define PNP_INFO_SVCLASS_ID 0x1200
640
213202ed
JH		 641static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
642{
643 u8 *ptr = data, *uuids_start = NULL;
644 struct bt_uuid *uuid;
645
646 if (len < 4)
647 return ptr;
648
649 list_for_each_entry(uuid, &hdev->uuids, list) {
650 u16 uuid16;
651
652 if (uuid->size != 16)
653 continue;
654
655 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
656 if (uuid16 < 0x1100)
657 continue;
658
659 if (uuid16 == PNP_INFO_SVCLASS_ID)
660 continue;
661
662 if (!uuids_start) {
663 uuids_start = ptr;
664 uuids_start[0] = 1;
665 uuids_start[1] = EIR_UUID16_ALL;
666 ptr += 2;
667 }
668
669 /* Stop if not enough space to put next UUID */
670 if ((ptr - data) + sizeof(u16) > len) {
671 uuids_start[1] = EIR_UUID16_SOME;
672 break;
673 }
674
675 *ptr++ = (uuid16 & 0x00ff);
676 *ptr++ = (uuid16 & 0xff00) >> 8;
677 uuids_start[0] += sizeof(uuid16);
678 }
679
680 return ptr;
681}
682
cdf1963f
JH		 683static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
684{
685 u8 *ptr = data, *uuids_start = NULL;
686 struct bt_uuid *uuid;
687
688 if (len < 6)
689 return ptr;
690
691 list_for_each_entry(uuid, &hdev->uuids, list) {
692 if (uuid->size != 32)
693 continue;
694
695 if (!uuids_start) {
696 uuids_start = ptr;
697 uuids_start[0] = 1;
698 uuids_start[1] = EIR_UUID32_ALL;
699 ptr += 2;
700 }
701
702 /* Stop if not enough space to put next UUID */
703 if ((ptr - data) + sizeof(u32) > len) {
704 uuids_start[1] = EIR_UUID32_SOME;
705 break;
706 }
707
708 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
709 ptr += sizeof(u32);
710 uuids_start[0] += sizeof(u32);
711 }
712
713 return ptr;
714}
715
c00d575b
JH		 716static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
717{
718 u8 *ptr = data, *uuids_start = NULL;
719 struct bt_uuid *uuid;
720
721 if (len < 18)
722 return ptr;
723
724 list_for_each_entry(uuid, &hdev->uuids, list) {
725 if (uuid->size != 128)
726 continue;
727
728 if (!uuids_start) {
729 uuids_start = ptr;
730 uuids_start[0] = 1;
731 uuids_start[1] = EIR_UUID128_ALL;
732 ptr += 2;
733 }
734
735 /* Stop if not enough space to put next UUID */
736 if ((ptr - data) + 16 > len) {
737 uuids_start[1] = EIR_UUID128_SOME;
738 break;
739 }
740
741 memcpy(ptr, uuid->uuid, 16);
742 ptr += 16;
743 uuids_start[0] += 16;
744 }
745
746 return ptr;
747}
748
eb2a8d20
JH		 749static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
750{
751 struct pending_cmd *cmd;
752
753 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
754 if (cmd->opcode == opcode)
755 return cmd;
756 }
757
758 return NULL;
759}
760
95868426
JH		 761static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
762 struct hci_dev *hdev,
763 const void *data)
764{
765 struct pending_cmd *cmd;
766
767 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
768 if (cmd->user_data != data)
769 continue;
770 if (cmd->opcode == opcode)
771 return cmd;
772 }
773
774 return NULL;
775}
776
f14d8f64
MH		 777static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
778{
7a5f4990
MH		 779 u8 ad_len = 0;
780 size_t name_len;
781
782 name_len = strlen(hdev->dev_name);
783 if (name_len > 0) {
784 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
785
786 if (name_len > max_len) {
787 name_len = max_len;
788 ptr[1] = EIR_NAME_SHORT;
789 } else
790 ptr[1] = EIR_NAME_COMPLETE;
791
792 ptr[0] = name_len + 1;
793
794 memcpy(ptr + 2, hdev->dev_name, name_len);
795
796 ad_len += (name_len + 2);
797 ptr += (name_len + 2);
798 }
799
800 return ad_len;
f14d8f64
MH		 801}
802
803static void update_scan_rsp_data(struct hci_request *req)
804{
805 struct hci_dev *hdev = req->hdev;
806 struct hci_cp_le_set_scan_rsp_data cp;
807 u8 len;
808
7751ef1b 809 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 810 return;
811
812 memset(&cp, 0, sizeof(cp));
813
814 len = create_scan_rsp_data(hdev, cp.data);
815
eb438b5f
JH		 816 if (hdev->scan_rsp_data_len == len &&
817 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 818 return;
819
eb438b5f
JH		 820 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
821 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 822
823 cp.length = len;
824
825 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
826}
827
9a43e25f
JH		 828static u8 get_adv_discov_flags(struct hci_dev *hdev)
829{
830 struct pending_cmd *cmd;
831
832 /* If there's a pending mgmt command the flags will not yet have
833 * their final values, so check for this first.
834 */
835 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
836 if (cmd) {
837 struct mgmt_mode *cp = cmd->param;
838 if (cp->val == 0x01)
839 return LE_AD_GENERAL;
840 else if (cp->val == 0x02)
841 return LE_AD_LIMITED;
842 } else {
843 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
844 return LE_AD_LIMITED;
845 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
846 return LE_AD_GENERAL;
847 }
848
849 return 0;
850}
851
46cad2ed 852static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 853{
854 u8 ad_len = 0, flags = 0;
441ad2d0 855
9a43e25f 856 flags |= get_adv_discov_flags(hdev);
441ad2d0 857
e834004b 858 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 859 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 860
861 if (flags) {
862 BT_DBG("adv flags 0x%02x", flags);
863
864 ptr[0] = 2;
865 ptr[1] = EIR_FLAGS;
866 ptr[2] = flags;
867
868 ad_len += 3;
869 ptr += 3;
870 }
871
872 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
873 ptr[0] = 2;
874 ptr[1] = EIR_TX_POWER;
875 ptr[2] = (u8) hdev->adv_tx_power;
876
877 ad_len += 3;
878 ptr += 3;
879 }
880
441ad2d0
MH		 881 return ad_len;
882}
883
5947f4bc 884static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 885{
886 struct hci_dev *hdev = req->hdev;
887 struct hci_cp_le_set_adv_data cp;
888 u8 len;
889
10994ce6 890 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 891 return;
892
893 memset(&cp, 0, sizeof(cp));
894
46cad2ed 895 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 896
897 if (hdev->adv_data_len == len &&
898 memcmp(cp.data, hdev->adv_data, len) == 0)
899 return;
900
901 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
902 hdev->adv_data_len = len;
903
904 cp.length = len;
905
906 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
907}
908
ef580372
JH		 909static void create_eir(struct hci_dev *hdev, u8 *data)
910{
911 u8 *ptr = data;
ef580372
JH		 912 size_t name_len;
913
914 name_len = strlen(hdev->dev_name);
915
916 if (name_len > 0) {
917 /* EIR Data type */
918 if (name_len > 48) {
919 name_len = 48;
920 ptr[1] = EIR_NAME_SHORT;
921 } else
922 ptr[1] = EIR_NAME_COMPLETE;
923
924 /* EIR Data length */
925 ptr[0] = name_len + 1;
926
927 memcpy(ptr + 2, hdev->dev_name, name_len);
928
ef580372
JH		 929 ptr += (name_len + 2);
930 }
931
bbaf444a 932 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 933 ptr[0] = 2;
934 ptr[1] = EIR_TX_POWER;
935 ptr[2] = (u8) hdev->inq_tx_power;
936
91c4e9b1
MH		 937 ptr += 3;
938 }
939
2b9be137
MH		 940 if (hdev->devid_source > 0) {
941 ptr[0] = 9;
942 ptr[1] = EIR_DEVICE_ID;
943
944 put_unaligned_le16(hdev->devid_source, ptr + 2);
945 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
946 put_unaligned_le16(hdev->devid_product, ptr + 6);
947 put_unaligned_le16(hdev->devid_version, ptr + 8);
948
2b9be137
MH		 949 ptr += 10;
950 }
951
213202ed 952 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 953 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 954 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 955}
956
890ea898 957static void update_eir(struct hci_request *req)
ef580372 958{
890ea898 959 struct hci_dev *hdev = req->hdev;
ef580372
JH		 960 struct hci_cp_write_eir cp;
961
504c8dcd 962 if (!hdev_is_powered(hdev))
890ea898 963 return;
7770c4aa 964
976eb20e 965 if (!lmp_ext_inq_capable(hdev))
890ea898 966 return;
ef580372 967
84bde9d6 968 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 969 return;
ef580372 970
a8b2d5c2 971 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 972 return;
ef580372
JH		 973
974 memset(&cp, 0, sizeof(cp));
975
976 create_eir(hdev, cp.data);
977
978 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 979 return;
ef580372
JH		 980
981 memcpy(hdev->eir, cp.data, sizeof(cp.data));
982
890ea898 983 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 984}
985
986static u8 get_service_classes(struct hci_dev *hdev)
987{
988 struct bt_uuid *uuid;
989 u8 val = 0;
990
991 list_for_each_entry(uuid, &hdev->uuids, list)
992 val |= uuid->svc_hint;
993
994 return val;
995}
996
890ea898 997static void update_class(struct hci_request *req)
ef580372 998{
890ea898 999 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1000 u8 cod[3];
1001
1002 BT_DBG("%s", hdev->name);
1003
504c8dcd 1004 if (!hdev_is_powered(hdev))
890ea898 1005 return;
7770c4aa 1006
f87ea1da
JH		 1007 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1008 return;
1009
a8b2d5c2 1010 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1011 return;
ef580372
JH		 1012
1013 cod[0] = hdev->minor_class;
1014 cod[1] = hdev->major_class;
1015 cod[2] = get_service_classes(hdev);
1016
6acd7db4
MH		 1017 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1018 cod[1] |= 0x20;
1019
ef580372 1020 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1021 return;
ef580372 1022
890ea898 1023 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1024}
1025
a4858cb9 1026static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1027{
1028 struct pending_cmd *cmd;
199a2fb1
JH		 1029
1030 /* If there's a pending mgmt command the flag will not yet have
1031 * it's final value, so check for this first.
1032 */
1033 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1034 if (cmd) {
1035 struct mgmt_mode *cp = cmd->param;
a4858cb9 1036 return cp->val;
199a2fb1
JH		 1037 }
1038
a4858cb9 1039 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1040}
1041
0ec5ae84
JH		 1042static void disable_advertising(struct hci_request *req)
1043{
1044 u8 enable = 0x00;
1045
1046 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1047}
1048
199a2fb1
JH		 1049static void enable_advertising(struct hci_request *req)
1050{
1051 struct hci_dev *hdev = req->hdev;
1052 struct hci_cp_le_set_adv_param cp;
8f2a0601 1053 u8 own_addr_type, enable = 0x01;
a4858cb9 1054 bool connectable;
199a2fb1 1055
0ec5ae84
JH		 1056 if (hci_conn_num(hdev, LE_LINK) > 0)
1057 return;
1058
1059 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
1060 disable_advertising(req);
1061
5ce194c4 1062 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1063 * hci_update_random_address knows that it's safe to go ahead
1064 * and write a new random address. The flag will be set back on
1065 * as soon as the SET_ADV_ENABLE HCI command completes.
1066 */
5ce194c4 1067 clear_bit(HCI_LE_ADV, &hdev->dev_flags);
8d97250e 1068
a4858cb9 1069 connectable = get_connectable(hdev);
8f2a0601 1070
a4858cb9
JH		 1071 /* Set require_privacy to true only when non-connectable
1072 * advertising is used. In that case it is fine to use a
1073 * non-resolvable private address.
1074 */
1075 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1076 return;
1077
41c90c18 1078 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1079 cp.min_interval = cpu_to_le16(0x0800);
1080 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1081 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1082 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1083 cp.channel_map = hdev->le_adv_channel_map;
1084
1085 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1086
1087 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1088}
1089
7d78525d
JH		 1090static void service_cache_off(struct work_struct *work)
1091{
1092 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1093 service_cache.work);
890ea898 1094 struct hci_request req;
7d78525d 1095
a8b2d5c2 1096 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1097 return;
1098
890ea898
JH		 1099 hci_req_init(&req, hdev);
1100
7d78525d
JH		 1101 hci_dev_lock(hdev);
1102
890ea898
JH		 1103 update_eir(&req);
1104 update_class(&req);
7d78525d
JH		 1105
1106 hci_dev_unlock(hdev);
890ea898
JH		 1107
1108 hci_req_run(&req, NULL);
7d78525d
JH		 1109}
1110
d6bfd59c
JH		 1111static void rpa_expired(struct work_struct *work)
1112{
1113 struct hci_dev *hdev = container_of(work, struct hci_dev,
1114 rpa_expired.work);
1115 struct hci_request req;
1116
1117 BT_DBG("");
1118
1119 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1120
0ec5ae84 1121 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
d6bfd59c
JH		 1122 return;
1123
1124 /* The generation of a new RPA and programming it into the
1125 * controller happens in the enable_advertising() function.
1126 */
d6bfd59c 1127 hci_req_init(&req, hdev);
d6bfd59c 1128 enable_advertising(&req);
d6bfd59c
JH		 1129 hci_req_run(&req, NULL);
1130}
1131
6a919082 1132static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1133{
4f87da80 1134 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1135 return;
1136
4f87da80 1137 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1138 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1139
4f87da80
JH		 1140 /* Non-mgmt controlled devices get this bit set
1141 * implicitly so that pairing works for them, however
1142 * for mgmt we require user-space to explicitly enable
1143 * it
1144 */
1145 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1146}
1147
0f4e68cf 1148static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1149 void *data, u16 data_len)
0381101f 1150{
a38528f1 1151 struct mgmt_rp_read_info rp;
f7b64e69 1152
bdb6d971 1153 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1154
09fd0de5 1155 hci_dev_lock(hdev);
f7b64e69 1156
dc4fe30b
JH		 1157 memset(&rp, 0, sizeof(rp));
1158
69ab39ea 1159 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1160
69ab39ea 1161 rp.version = hdev->hci_ver;
eb55ef07 1162 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1163
1164 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1165 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1166
a38528f1 1167 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1168
dc4fe30b 1169 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1170 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1171
09fd0de5 1172 hci_dev_unlock(hdev);
0381101f 1173
bdb6d971 1174 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1175 sizeof(rp));
0381101f
JH		 1176}
1177
eec8d2bc
JH		 1178static void mgmt_pending_free(struct pending_cmd *cmd)
1179{
1180 sock_put(cmd->sk);
c68fb7ff 1181 kfree(cmd->param);
eec8d2bc
JH		 1182 kfree(cmd);
1183}
1184
366a0336 1185static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1186 struct hci_dev *hdev, void *data,
1187 u16 len)
eec8d2bc
JH		 1188{
1189 struct pending_cmd *cmd;
1190
fca20018 1191 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1192 if (!cmd)
366a0336 1193 return NULL;
eec8d2bc
JH		 1194
1195 cmd->opcode = opcode;
2e58ef3e 1196 cmd->index = hdev->id;
eec8d2bc 1197
12b94565 1198 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1199 if (!cmd->param) {
eec8d2bc 1200 kfree(cmd);
366a0336 1201 return NULL;
eec8d2bc
JH		 1202 }
1203
8fce6357
SJ		 1204 if (data)
1205 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1206
1207 cmd->sk = sk;
1208 sock_hold(sk);
1209
2e58ef3e 1210 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1211
366a0336 1212 return cmd;
eec8d2bc
JH		 1213}
1214
744cf19e 1215static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1216 void (*cb)(struct pending_cmd *cmd,
1217 void *data),
04124681 1218 void *data)
eec8d2bc 1219{
a3d09356 1220 struct pending_cmd *cmd, *tmp;
eec8d2bc 1221
a3d09356 1222 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1223 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1224 continue;
1225
eec8d2bc
JH		 1226 cb(cmd, data);
1227 }
1228}
1229
a664b5bc 1230static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1231{
73f22f62
JH		 1232 list_del(&cmd->list);
1233 mgmt_pending_free(cmd);
1234}
1235
69ab39ea 1236static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1237{
69ab39ea 1238 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1239
aee9b218 1240 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1241 sizeof(settings));
8680570b
JH		 1242}
1243
8b064a3a
JH		 1244static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1245{
1246 BT_DBG("%s status 0x%02x", hdev->name, status);
1247
a3172b7e
JH		 1248 if (hci_conn_count(hdev) == 0) {
1249 cancel_delayed_work(&hdev->power_off);
8b064a3a 1250 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1251 }
8b064a3a
JH		 1252}
1253
23a48093 1254static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1255{
1256 struct hci_dev *hdev = req->hdev;
1257 struct hci_cp_remote_name_req_cancel cp;
1258 struct inquiry_entry *e;
1259
1260 switch (hdev->discovery.state) {
1261 case DISCOVERY_FINDING:
1262 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1263 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1264 } else {
1265 cancel_delayed_work(&hdev->le_scan_disable);
1266 hci_req_add_le_scan_disable(req);
1267 }
1268
23a48093 1269 return true;
21a60d30
JH		 1270
1271 case DISCOVERY_RESOLVING:
1272 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1273 NAME_PENDING);
1274 if (!e)
23a48093 1275 break;
21a60d30
JH		 1276
1277 bacpy(&cp.bdaddr, &e->data.bdaddr);
1278 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1279 &cp);
1280
23a48093 1281 return true;
21a60d30
JH		 1282
1283 default:
1284 /* Passive scanning */
23a48093 1285 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags)) {
21a60d30 1286 hci_req_add_le_scan_disable(req);
23a48093
JH		 1287 return true;
1288 }
1289
21a60d30
JH		 1290 break;
1291 }
23a48093
JH		 1292
1293 return false;
21a60d30
JH		 1294}
1295
8b064a3a
JH		 1296static int clean_up_hci_state(struct hci_dev *hdev)
1297{
1298 struct hci_request req;
1299 struct hci_conn *conn;
23a48093
JH		 1300 bool discov_stopped;
1301 int err;
8b064a3a
JH		 1302
1303 hci_req_init(&req, hdev);
1304
1305 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1306 test_bit(HCI_PSCAN, &hdev->flags)) {
1307 u8 scan = 0x00;
1308 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1309 }
1310
73e082f8 1311 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
8b064a3a
JH		 1312 disable_advertising(&req);
1313
23a48093 1314 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1315
1316 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1317 struct hci_cp_disconnect dc;
c9910d0f
JH		 1318 struct hci_cp_reject_conn_req rej;
1319
1320 switch (conn->state) {
1321 case BT_CONNECTED:
1322 case BT_CONFIG:
1323 dc.handle = cpu_to_le16(conn->handle);
1324 dc.reason = 0x15; /* Terminated due to Power Off */
1325 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1326 break;
1327 case BT_CONNECT:
1328 if (conn->type == LE_LINK)
1329 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1330 0, NULL);
1331 else if (conn->type == ACL_LINK)
1332 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1333 6, &conn->dst);
1334 break;
1335 case BT_CONNECT2:
1336 bacpy(&rej.bdaddr, &conn->dst);
1337 rej.reason = 0x15; /* Terminated due to Power Off */
1338 if (conn->type == ACL_LINK)
1339 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1340 sizeof(rej), &rej);
1341 else if (conn->type == SCO_LINK)
1342 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1343 sizeof(rej), &rej);
1344 break;
1345 }
8b064a3a
JH		 1346 }
1347
23a48093
JH		 1348 err = hci_req_run(&req, clean_up_hci_complete);
1349 if (!err && discov_stopped)
1350 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1351
1352 return err;
8b064a3a
JH		 1353}
1354
bdb6d971 1355static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1356 u16 len)
eec8d2bc 1357{
650f726d 1358 struct mgmt_mode *cp = data;
366a0336 1359 struct pending_cmd *cmd;
4b34ee78 1360 int err;
eec8d2bc 1361
bdb6d971 1362 BT_DBG("request for %s", hdev->name);
eec8d2bc 1363
a7e80f25
JH		 1364 if (cp->val != 0x00 && cp->val != 0x01)
1365 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1366 MGMT_STATUS_INVALID_PARAMS);
1367
09fd0de5 1368 hci_dev_lock(hdev);
eec8d2bc 1369
87b95ba6
JH		 1370 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1371 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1372 MGMT_STATUS_BUSY);
1373 goto failed;
1374 }
1375
f0d4b78a
MH		 1376 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1377 cancel_delayed_work(&hdev->power_off);
1378
1379 if (cp->val) {
a1d70450
JH		 1380 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1381 data, len);
1382 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1383 goto failed;
1384 }
1385 }
1386
4b34ee78 1387 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1388 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1389 goto failed;
1390 }
1391
2e58ef3e 1392 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1393 if (!cmd) {
1394 err = -ENOMEM;
eec8d2bc 1395 goto failed;
366a0336 1396 }
eec8d2bc 1397
8b064a3a 1398 if (cp->val) {
19202573 1399 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1400 err = 0;
1401 } else {
1402 /* Disconnect connections, stop scans, etc */
1403 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1404 if (!err)
1405 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1406 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1407
8b064a3a
JH		 1408 /* ENODATA means there were no HCI commands queued */
1409 if (err == -ENODATA) {
a3172b7e 1410 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1411 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1412 err = 0;
1413 }
1414 }
eec8d2bc
JH		 1415
1416failed:
09fd0de5 1417 hci_dev_unlock(hdev);
366a0336 1418 return err;
eec8d2bc
JH		 1419}
1420
beadb2bd
JH		 1421static int new_settings(struct hci_dev *hdev, struct sock *skip)
1422{
1423 __le32 ev;
1424
1425 ev = cpu_to_le32(get_current_settings(hdev));
1426
1427 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1428}
1429
bd99abdd
JH		 1430struct cmd_lookup {
1431 struct sock *sk;
1432 struct hci_dev *hdev;
1433 u8 mgmt_status;
1434};
1435
1436static void settings_rsp(struct pending_cmd *cmd, void *data)
1437{
1438 struct cmd_lookup *match = data;
1439
1440 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1441
1442 list_del(&cmd->list);
1443
1444 if (match->sk == NULL) {
1445 match->sk = cmd->sk;
1446 sock_hold(match->sk);
1447 }
1448
1449 mgmt_pending_free(cmd);
1450}
1451
1452static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1453{
1454 u8 *status = data;
1455
1456 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1457 mgmt_pending_remove(cmd);
1458}
1459
e6fe7986
JH		 1460static u8 mgmt_bredr_support(struct hci_dev *hdev)
1461{
1462 if (!lmp_bredr_capable(hdev))
1463 return MGMT_STATUS_NOT_SUPPORTED;
1464 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1465 return MGMT_STATUS_REJECTED;
1466 else
1467 return MGMT_STATUS_SUCCESS;
1468}
1469
1470static u8 mgmt_le_support(struct hci_dev *hdev)
1471{
1472 if (!lmp_le_capable(hdev))
1473 return MGMT_STATUS_NOT_SUPPORTED;
1474 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1475 return MGMT_STATUS_REJECTED;
1476 else
1477 return MGMT_STATUS_SUCCESS;
1478}
1479
bfaf8c9f
JH		 1480static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1481{
1482 struct pending_cmd *cmd;
1483 struct mgmt_mode *cp;
970ba524 1484 struct hci_request req;
bfaf8c9f
JH		 1485 bool changed;
1486
1487 BT_DBG("status 0x%02x", status);
1488
1489 hci_dev_lock(hdev);
1490
1491 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1492 if (!cmd)
1493 goto unlock;
1494
1495 if (status) {
1496 u8 mgmt_err = mgmt_status(status);
1497 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1498 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1499 goto remove_cmd;
1500 }
1501
1502 cp = cmd->param;
d4462a07 1503 if (cp->val) {
bfaf8c9f
JH		 1504 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1505 &hdev->dev_flags);
d4462a07
MH		 1506
1507 if (hdev->discov_timeout > 0) {
1508 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1509 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1510 to);
1511 }
1512 } else {
bfaf8c9f
JH		 1513 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1514 &hdev->dev_flags);
d4462a07 1515 }
bfaf8c9f
JH		 1516
1517 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1518
1519 if (changed)
1520 new_settings(hdev, cmd->sk);
1521
970ba524
MH		 1522 /* When the discoverable mode gets changed, make sure
1523 * that class of device has the limited discoverable
1524 * bit correctly set.
1525 */
1526 hci_req_init(&req, hdev);
1527 update_class(&req);
1528 hci_req_run(&req, NULL);
1529
bfaf8c9f
JH		 1530remove_cmd:
1531 mgmt_pending_remove(cmd);
1532
1533unlock:
1534 hci_dev_unlock(hdev);
1535}
1536
bdb6d971 1537static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1538 u16 len)
73f22f62 1539{
650f726d 1540 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1541 struct pending_cmd *cmd;
bfaf8c9f 1542 struct hci_request req;
5e5282bb 1543 u16 timeout;
9a43e25f 1544 u8 scan;
73f22f62
JH		 1545 int err;
1546
bdb6d971 1547 BT_DBG("request for %s", hdev->name);
73f22f62 1548
9a43e25f
JH		 1549 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1550 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1551 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1552 MGMT_STATUS_REJECTED);
33c525c0 1553
310a3d48 1554 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1555 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1556 MGMT_STATUS_INVALID_PARAMS);
1557
1f350c87 1558 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1559
1560 /* Disabling discoverable requires that no timeout is set,
1561 * and enabling limited discoverable requires a timeout.
1562 */
1563 if ((cp->val == 0x00 && timeout > 0) ||
1564 (cp->val == 0x02 && timeout == 0))
bdb6d971 1565 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1566 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1567
09fd0de5 1568 hci_dev_lock(hdev);
73f22f62 1569
5e5282bb 1570 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1571 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1572 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1573 goto failed;
1574 }
1575
2e58ef3e 1576 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1577 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1578 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1579 MGMT_STATUS_BUSY);
73f22f62
JH		 1580 goto failed;
1581 }
1582
5e5282bb 1583 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1584 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1585 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1586 goto failed;
1587 }
1588
1589 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1590 bool changed = false;
1591
310a3d48
MH		 1592 /* Setting limited discoverable when powered off is
1593 * not a valid operation since it requires a timeout
1594 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1595 */
0224d2fa
JH		 1596 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1597 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1598 changed = true;
1599 }
1600
5e5282bb 1601 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1602 if (err < 0)
1603 goto failed;
1604
1605 if (changed)
1606 err = new_settings(hdev, sk);
1607
5e5282bb
JH		 1608 goto failed;
1609 }
1610
310a3d48
MH		 1611 /* If the current mode is the same, then just update the timeout
1612 * value with the new value. And if only the timeout gets updated,
1613 * then no need for any HCI transactions.
1614 */
1615 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1616 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1617 &hdev->dev_flags)) {
36261547
MH		 1618 cancel_delayed_work(&hdev->discov_off);
1619 hdev->discov_timeout = timeout;
955638ec 1620
36261547
MH		 1621 if (cp->val && hdev->discov_timeout > 0) {
1622 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1623 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1624 to);
955638ec
MH		 1625 }
1626
69ab39ea 1627 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1628 goto failed;
1629 }
1630
2e58ef3e 1631 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1632 if (!cmd) {
1633 err = -ENOMEM;
73f22f62 1634 goto failed;
366a0336 1635 }
73f22f62 1636
310a3d48
MH		 1637 /* Cancel any potential discoverable timeout that might be
1638 * still active and store new timeout value. The arming of
1639 * the timeout happens in the complete handler.
1640 */
1641 cancel_delayed_work(&hdev->discov_off);
1642 hdev->discov_timeout = timeout;
1643
b456f87c
JH		 1644 /* Limited discoverable mode */
1645 if (cp->val == 0x02)
1646 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1647 else
1648 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1649
bfaf8c9f
JH		 1650 hci_req_init(&req, hdev);
1651
9a43e25f
JH		 1652 /* The procedure for LE-only controllers is much simpler - just
1653 * update the advertising data.
1654 */
1655 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1656 goto update_ad;
1657
73f22f62
JH		 1658 scan = SCAN_PAGE;
1659
310a3d48
MH		 1660 if (cp->val) {
1661 struct hci_cp_write_current_iac_lap hci_cp;
1662
1663 if (cp->val == 0x02) {
1664 /* Limited discoverable mode */
33337dcb 1665 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1666 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1667 hci_cp.iac_lap[1] = 0x8b;
1668 hci_cp.iac_lap[2] = 0x9e;
1669 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1670 hci_cp.iac_lap[4] = 0x8b;
1671 hci_cp.iac_lap[5] = 0x9e;
1672 } else {
1673 /* General discoverable mode */
310a3d48
MH		 1674 hci_cp.num_iac = 1;
1675 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1676 hci_cp.iac_lap[1] = 0x8b;
1677 hci_cp.iac_lap[2] = 0x9e;
1678 }
1679
1680 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1681 (hci_cp.num_iac * 3) + 1, &hci_cp);
1682
73f22f62 1683 scan |= SCAN_INQUIRY;
310a3d48
MH		 1684 } else {
1685 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1686 }
73f22f62 1687
310a3d48 1688 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1689
9a43e25f
JH		 1690update_ad:
1691 update_adv_data(&req);
1692
bfaf8c9f 1693 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1694 if (err < 0)
a664b5bc 1695 mgmt_pending_remove(cmd);
73f22f62
JH		 1696
1697failed:
09fd0de5 1698 hci_dev_unlock(hdev);
73f22f62
JH		 1699 return err;
1700}
1701
406d7804
JH		 1702static void write_fast_connectable(struct hci_request *req, bool enable)
1703{
bd98b996 1704 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1705 struct hci_cp_write_page_scan_activity acp;
1706 u8 type;
1707
547003b1
JH		 1708 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1709 return;
1710
4c01f8b8
JH		 1711 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1712 return;
1713
406d7804
JH		 1714 if (enable) {
1715 type = PAGE_SCAN_TYPE_INTERLACED;
1716
1717 /* 160 msec page scan interval */
dcf4adbf 1718 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1719 } else {
1720 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1721
1722 /* default 1.28 sec page scan */
dcf4adbf 1723 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1724 }
1725
dcf4adbf 1726 acp.window = cpu_to_le16(0x0012);
406d7804 1727
bd98b996
JH		 1728 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1729 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1730 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1731 sizeof(acp), &acp);
1732
1733 if (hdev->page_scan_type != type)
1734 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1735}
1736
2b76f453
JH		 1737static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1738{
1739 struct pending_cmd *cmd;
d7b856f9
JH		 1740 struct mgmt_mode *cp;
1741 bool changed;
2b76f453
JH		 1742
1743 BT_DBG("status 0x%02x", status);
1744
1745 hci_dev_lock(hdev);
1746
1747 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1748 if (!cmd)
1749 goto unlock;
1750
37438c1f
JH		 1751 if (status) {
1752 u8 mgmt_err = mgmt_status(status);
1753 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1754 goto remove_cmd;
1755 }
1756
d7b856f9
JH		 1757 cp = cmd->param;
1758 if (cp->val)
1759 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1760 else
1761 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1762
2b76f453
JH		 1763 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1764
2b7be33e 1765 if (changed) {
d7b856f9 1766 new_settings(hdev, cmd->sk);
2b7be33e
JH		 1767 hci_update_background_scan(hdev);
1768 }
d7b856f9 1769
37438c1f 1770remove_cmd:
2b76f453
JH		 1771 mgmt_pending_remove(cmd);
1772
1773unlock:
1774 hci_dev_unlock(hdev);
1775}
1776
e8ba3a1f
JH		 1777static int set_connectable_update_settings(struct hci_dev *hdev,
1778 struct sock *sk, u8 val)
1779{
1780 bool changed = false;
1781 int err;
1782
1783 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1784 changed = true;
1785
1786 if (val) {
1787 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1788 } else {
1789 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1790 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1791 }
1792
1793 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1794 if (err < 0)
1795 return err;
1796
1797 if (changed)
1798 return new_settings(hdev, sk);
1799
1800 return 0;
1801}
1802
bdb6d971 1803static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1804 u16 len)
9fbcbb45 1805{
650f726d 1806 struct mgmt_mode *cp = data;
366a0336 1807 struct pending_cmd *cmd;
2b76f453 1808 struct hci_request req;
1987fdc7 1809 u8 scan;
9fbcbb45
JH		 1810 int err;
1811
bdb6d971 1812 BT_DBG("request for %s", hdev->name);
9fbcbb45 1813
1987fdc7
JH		 1814 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1815 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1816 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1817 MGMT_STATUS_REJECTED);
33c525c0 1818
a7e80f25
JH		 1819 if (cp->val != 0x00 && cp->val != 0x01)
1820 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1821 MGMT_STATUS_INVALID_PARAMS);
1822
09fd0de5 1823 hci_dev_lock(hdev);
9fbcbb45 1824
4b34ee78 1825 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1826 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1827 goto failed;
1828 }
1829
2e58ef3e 1830 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1831 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1832 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1833 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1834 goto failed;
1835 }
1836
2e58ef3e 1837 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1838 if (!cmd) {
1839 err = -ENOMEM;
9fbcbb45 1840 goto failed;
366a0336 1841 }
9fbcbb45 1842
9b74246f 1843 hci_req_init(&req, hdev);
9fbcbb45 1844
9a43e25f
JH		 1845 /* If BR/EDR is not enabled and we disable advertising as a
1846 * by-product of disabling connectable, we need to update the
1847 * advertising flags.
1848 */
1849 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1850 if (!cp->val) {
1851 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1852 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1853 }
1854 update_adv_data(&req);
1855 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1856 if (cp->val) {
1857 scan = SCAN_PAGE;
1858 } else {
1859 scan = 0;
1860
1861 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1862 hdev->discov_timeout > 0)
9b74246f
JH		 1863 cancel_delayed_work(&hdev->discov_off);
1864 }
2b76f453 1865
9b74246f
JH		 1866 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1867 }
2b76f453 1868
4c01f8b8
JH		 1869 /* If we're going from non-connectable to connectable or
1870 * vice-versa when fast connectable is enabled ensure that fast
1871 * connectable gets disabled. write_fast_connectable won't do
1872 * anything if the page scan parameters are already what they
1873 * should be.
1874 */
1875 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1876 write_fast_connectable(&req, false);
1877
1987fdc7 1878 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
0ec5ae84 1879 !test_bit(HCI_LE_ADV, &hdev->dev_flags))
1987fdc7 1880 enable_advertising(&req);
1987fdc7 1881
2b76f453 1882 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1883 if (err < 0) {
a664b5bc 1884 mgmt_pending_remove(cmd);
9b74246f 1885 if (err == -ENODATA)
a81070ba
JH		 1886 err = set_connectable_update_settings(hdev, sk,
1887 cp->val);
9b74246f
JH		 1888 goto failed;
1889 }
9fbcbb45
JH		 1890
1891failed:
09fd0de5 1892 hci_dev_unlock(hdev);
9fbcbb45
JH		 1893 return err;
1894}
1895
bdb6d971 1896static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1897 u16 len)
c542a06c 1898{
650f726d 1899 struct mgmt_mode *cp = data;
55594356 1900 bool changed;
c542a06c
JH		 1901 int err;
1902
bdb6d971 1903 BT_DBG("request for %s", hdev->name);
c542a06c 1904
a7e80f25
JH		 1905 if (cp->val != 0x00 && cp->val != 0x01)
1906 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1907 MGMT_STATUS_INVALID_PARAMS);
1908
09fd0de5 1909 hci_dev_lock(hdev);
c542a06c
JH		 1910
1911 if (cp->val)
55594356 1912 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1913 else
55594356 1914 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1915
69ab39ea 1916 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1917 if (err < 0)
55594356 1918 goto unlock;
c542a06c 1919
55594356
MH		 1920 if (changed)
1921 err = new_settings(hdev, sk);
c542a06c 1922
55594356 1923unlock:
09fd0de5 1924 hci_dev_unlock(hdev);
c542a06c
JH		 1925 return err;
1926}
1927
04124681
GP		 1928static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1929 u16 len)
33ef95ed
JH		 1930{
1931 struct mgmt_mode *cp = data;
1932 struct pending_cmd *cmd;
e6fe7986 1933 u8 val, status;
33ef95ed
JH		 1934 int err;
1935
bdb6d971 1936 BT_DBG("request for %s", hdev->name);
33ef95ed 1937
e6fe7986
JH		 1938 status = mgmt_bredr_support(hdev);
1939 if (status)
33c525c0 1940 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1941 status);
33c525c0 1942
a7e80f25
JH		 1943 if (cp->val != 0x00 && cp->val != 0x01)
1944 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1945 MGMT_STATUS_INVALID_PARAMS);
1946
33ef95ed
JH		 1947 hci_dev_lock(hdev);
1948
4b34ee78 1949 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1950 bool changed = false;
1951
1952 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1953 &hdev->dev_flags)) {
47990ea0
JH		 1954 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1955 changed = true;
1956 }
1957
1958 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1959 if (err < 0)
1960 goto failed;
1961
1962 if (changed)
1963 err = new_settings(hdev, sk);
1964
33ef95ed
JH		 1965 goto failed;
1966 }
1967
1968 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1969 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1970 MGMT_STATUS_BUSY);
33ef95ed
JH		 1971 goto failed;
1972 }
1973
1974 val = !!cp->val;
1975
1976 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1977 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1978 goto failed;
1979 }
1980
1981 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1982 if (!cmd) {
1983 err = -ENOMEM;
1984 goto failed;
1985 }
1986
1987 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1988 if (err < 0) {
1989 mgmt_pending_remove(cmd);
1990 goto failed;
1991 }
1992
1993failed:
1994 hci_dev_unlock(hdev);
33ef95ed
JH		 1995 return err;
1996}
1997
bdb6d971 1998static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1999{
2000 struct mgmt_mode *cp = data;
2001 struct pending_cmd *cmd;
72ef0c1a 2002 u8 status;
ed2c4ee3
JH		 2003 int err;
2004
bdb6d971 2005 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2006
cdba5281
MH		 2007 status = mgmt_bredr_support(hdev);
2008 if (status)
2009 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
2010
13ecd8b6
JH		 2011 if (!lmp_ssp_capable(hdev))
2012 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2013 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2014
a7e80f25
JH		 2015 if (cp->val != 0x00 && cp->val != 0x01)
2016 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2017 MGMT_STATUS_INVALID_PARAMS);
2018
13ecd8b6 2019 hci_dev_lock(hdev);
6c8f12c1 2020
4b34ee78 2021 if (!hdev_is_powered(hdev)) {
9ecb3e24 2022 bool changed;
c0ecddc2 2023
9ecb3e24
MH		 2024 if (cp->val) {
2025 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2026 &hdev->dev_flags);
2027 } else {
2028 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2029 &hdev->dev_flags);
2030 if (!changed)
2031 changed = test_and_clear_bit(HCI_HS_ENABLED,
2032 &hdev->dev_flags);
2033 else
2034 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2035 }
2036
2037 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2038 if (err < 0)
2039 goto failed;
2040
2041 if (changed)
2042 err = new_settings(hdev, sk);
2043
ed2c4ee3
JH		 2044 goto failed;
2045 }
2046
9ecb3e24
MH		 2047 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2048 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2049 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2050 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2051 goto failed;
2052 }
2053
72ef0c1a 2054 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2055 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2056 goto failed;
2057 }
2058
2059 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2060 if (!cmd) {
2061 err = -ENOMEM;
2062 goto failed;
2063 }
2064
3769972b
JH		 2065 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2066 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2067 sizeof(cp->val), &cp->val);
2068
72ef0c1a 2069 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2070 if (err < 0) {
2071 mgmt_pending_remove(cmd);
2072 goto failed;
2073 }
2074
2075failed:
2076 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2077 return err;
2078}
2079
bdb6d971 2080static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2081{
2082 struct mgmt_mode *cp = data;
ee392693 2083 bool changed;
e6fe7986 2084 u8 status;
ee392693 2085 int err;
6d80dfd0 2086
bdb6d971 2087 BT_DBG("request for %s", hdev->name);
6d80dfd0 2088
e6fe7986
JH		 2089 status = mgmt_bredr_support(hdev);
2090 if (status)
2091 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2092
9ecb3e24
MH		 2093 if (!lmp_ssp_capable(hdev))
2094 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2095 MGMT_STATUS_NOT_SUPPORTED);
2096
2097 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2098 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2099 MGMT_STATUS_REJECTED);
2100
a7e80f25
JH		 2101 if (cp->val != 0x00 && cp->val != 0x01)
2102 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2103 MGMT_STATUS_INVALID_PARAMS);
2104
ee392693
MH		 2105 hci_dev_lock(hdev);
2106
a0cdf960 2107 if (cp->val) {
ee392693 2108 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2109 } else {
2110 if (hdev_is_powered(hdev)) {
2111 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2112 MGMT_STATUS_REJECTED);
2113 goto unlock;
2114 }
2115
ee392693 2116 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2117 }
ee392693
MH		 2118
2119 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2120 if (err < 0)
2121 goto unlock;
2122
2123 if (changed)
2124 err = new_settings(hdev, sk);
6d80dfd0 2125
ee392693
MH		 2126unlock:
2127 hci_dev_unlock(hdev);
2128 return err;
6d80dfd0
JH		 2129}
2130
416a4ae5
JH		 2131static void le_enable_complete(struct hci_dev *hdev, u8 status)
2132{
2133 struct cmd_lookup match = { NULL, hdev };
2134
2135 if (status) {
2136 u8 mgmt_err = mgmt_status(status);
2137
2138 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2139 &mgmt_err);
2140 return;
2141 }
2142
2143 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2144
2145 new_settings(hdev, match.sk);
2146
2147 if (match.sk)
2148 sock_put(match.sk);
441ad2d0
MH		 2149
2150 /* Make sure the controller has a good default for
2151 * advertising data. Restrict the update to when LE
2152 * has actually been enabled. During power on, the
2153 * update in powered_update_hci will take care of it.
2154 */
2155 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2156 struct hci_request req;
2157
2158 hci_dev_lock(hdev);
2159
2160 hci_req_init(&req, hdev);
5947f4bc 2161 update_adv_data(&req);
f14d8f64 2162 update_scan_rsp_data(&req);
441ad2d0
MH		 2163 hci_req_run(&req, NULL);
2164
a70f4b5f
JH		 2165 hci_update_background_scan(hdev);
2166
441ad2d0
MH		 2167 hci_dev_unlock(hdev);
2168 }
416a4ae5
JH		 2169}
2170
bdb6d971 2171static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2172{
2173 struct mgmt_mode *cp = data;
2174 struct hci_cp_write_le_host_supported hci_cp;
2175 struct pending_cmd *cmd;
416a4ae5 2176 struct hci_request req;
06199cf8 2177 int err;
0b60eba1 2178 u8 val, enabled;
06199cf8 2179
bdb6d971 2180 BT_DBG("request for %s", hdev->name);
06199cf8 2181
13ecd8b6
JH		 2182 if (!lmp_le_capable(hdev))
2183 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2184 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2185
a7e80f25
JH		 2186 if (cp->val != 0x00 && cp->val != 0x01)
2187 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2188 MGMT_STATUS_INVALID_PARAMS);
2189
c73eee91 2190 /* LE-only devices do not allow toggling LE on/off */
56f87901 2191 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2192 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2193 MGMT_STATUS_REJECTED);
2194
13ecd8b6 2195 hci_dev_lock(hdev);
06199cf8
JH		 2196
2197 val = !!cp->val;
ffa88e02 2198 enabled = lmp_host_le_capable(hdev);
06199cf8 2199
0b60eba1 2200 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2201 bool changed = false;
2202
2203 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2204 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2205 changed = true;
2206 }
2207
f3d3444a
JH		 2208 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2209 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2210 changed = true;
2211 }
2212
06199cf8
JH		 2213 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2214 if (err < 0)
1de028ce 2215 goto unlock;
06199cf8
JH		 2216
2217 if (changed)
2218 err = new_settings(hdev, sk);
2219
1de028ce 2220 goto unlock;
06199cf8
JH		 2221 }
2222
4375f103
JH		 2223 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2224 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2225 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2226 MGMT_STATUS_BUSY);
1de028ce 2227 goto unlock;
06199cf8
JH		 2228 }
2229
2230 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2231 if (!cmd) {
2232 err = -ENOMEM;
1de028ce 2233 goto unlock;
06199cf8
JH		 2234 }
2235
441ad2d0
MH		 2236 hci_req_init(&req, hdev);
2237
06199cf8
JH		 2238 memset(&hci_cp, 0, sizeof(hci_cp));
2239
2240 if (val) {
2241 hci_cp.le = val;
ffa88e02 2242 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0 2243 } else {
73e082f8 2244 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
441ad2d0 2245 disable_advertising(&req);
06199cf8
JH		 2246 }
2247
416a4ae5
JH		 2248 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2249 &hci_cp);
2250
2251 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2252 if (err < 0)
06199cf8 2253 mgmt_pending_remove(cmd);
06199cf8 2254
1de028ce
JH		 2255unlock:
2256 hci_dev_unlock(hdev);
06199cf8
JH		 2257 return err;
2258}
2259
0cab9c80
JH		 2260/* This is a helper function to test for pending mgmt commands that can
2261 * cause CoD or EIR HCI commands. We can only allow one such pending
2262 * mgmt command at a time since otherwise we cannot easily track what
2263 * the current values are, will be, and based on that calculate if a new
2264 * HCI command needs to be sent and if yes with what value.
2265 */
2266static bool pending_eir_or_class(struct hci_dev *hdev)
2267{
2268 struct pending_cmd *cmd;
2269
2270 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2271 switch (cmd->opcode) {
2272 case MGMT_OP_ADD_UUID:
2273 case MGMT_OP_REMOVE_UUID:
2274 case MGMT_OP_SET_DEV_CLASS:
2275 case MGMT_OP_SET_POWERED:
2276 return true;
2277 }
2278 }
2279
2280 return false;
2281}
2282
83be8eca
JH		 2283static const u8 bluetooth_base_uuid[] = {
2284 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2285 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2286};
2287
2288static u8 get_uuid_size(const u8 *uuid)
2289{
2290 u32 val;
2291
2292 if (memcmp(uuid, bluetooth_base_uuid, 12))
2293 return 128;
2294
2295 val = get_unaligned_le32(&uuid[12]);
2296 if (val > 0xffff)
2297 return 32;
2298
2299 return 16;
2300}
2301
92da6097
JH		 2302static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2303{
2304 struct pending_cmd *cmd;
2305
2306 hci_dev_lock(hdev);
2307
2308 cmd = mgmt_pending_find(mgmt_op, hdev);
2309 if (!cmd)
2310 goto unlock;
2311
2312 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2313 hdev->dev_class, 3);
2314
2315 mgmt_pending_remove(cmd);
2316
2317unlock:
2318 hci_dev_unlock(hdev);
2319}
2320
2321static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2322{
2323 BT_DBG("status 0x%02x", status);
2324
2325 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2326}
2327
bdb6d971 2328static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2329{
650f726d 2330 struct mgmt_cp_add_uuid *cp = data;
90e70454 2331 struct pending_cmd *cmd;
890ea898 2332 struct hci_request req;
2aeb9a1a 2333 struct bt_uuid *uuid;
2aeb9a1a
JH		 2334 int err;
2335
bdb6d971 2336 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2337
09fd0de5 2338 hci_dev_lock(hdev);
2aeb9a1a 2339
0cab9c80 2340 if (pending_eir_or_class(hdev)) {
bdb6d971 2341 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2342 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2343 goto failed;
2344 }
2345
92c4c204 2346 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2347 if (!uuid) {
2348 err = -ENOMEM;
2349 goto failed;
2350 }
2351
2352 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2353 uuid->svc_hint = cp->svc_hint;
83be8eca 2354 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2355
de66aa63 2356 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2357
890ea898 2358 hci_req_init(&req, hdev);
1aff6f09 2359
890ea898
JH		 2360 update_class(&req);
2361 update_eir(&req);
2362
92da6097
JH		 2363 err = hci_req_run(&req, add_uuid_complete);
2364 if (err < 0) {
2365 if (err != -ENODATA)
2366 goto failed;
80a1e1db 2367
bdb6d971 2368 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2369 hdev->dev_class, 3);
90e70454
JH		 2370 goto failed;
2371 }
2372
2373 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2374 if (!cmd) {
90e70454 2375 err = -ENOMEM;
890ea898
JH		 2376 goto failed;
2377 }
2378
2379 err = 0;
2aeb9a1a
JH		 2380
2381failed:
09fd0de5 2382 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2383 return err;
2384}
2385
24b78d0f
JH		 2386static bool enable_service_cache(struct hci_dev *hdev)
2387{
2388 if (!hdev_is_powered(hdev))
2389 return false;
2390
2391 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2392 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2393 CACHE_TIMEOUT);
24b78d0f
JH		 2394 return true;
2395 }
2396
2397 return false;
2398}
2399
92da6097
JH		 2400static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2401{
2402 BT_DBG("status 0x%02x", status);
2403
2404 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2405}
2406
bdb6d971 2407static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2408 u16 len)
2aeb9a1a 2409{
650f726d 2410 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2411 struct pending_cmd *cmd;
056341c8 2412 struct bt_uuid *match, *tmp;
2aeb9a1a 2413 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2414 struct hci_request req;
2aeb9a1a
JH		 2415 int err, found;
2416
bdb6d971 2417 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2418
09fd0de5 2419 hci_dev_lock(hdev);
2aeb9a1a 2420
0cab9c80 2421 if (pending_eir_or_class(hdev)) {
bdb6d971 2422 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2423 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2424 goto unlock;
2425 }
2426
2aeb9a1a 2427 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2428 hci_uuids_clear(hdev);
4004b6d9 2429
24b78d0f 2430 if (enable_service_cache(hdev)) {
bdb6d971 2431 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2432 0, hdev->dev_class, 3);
24b78d0f
JH		 2433 goto unlock;
2434 }
4004b6d9 2435
9246a869 2436 goto update_class;
2aeb9a1a
JH		 2437 }
2438
2439 found = 0;
2440
056341c8 2441 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2442 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2443 continue;
2444
2445 list_del(&match->list);
482049f7 2446 kfree(match);
2aeb9a1a
JH		 2447 found++;
2448 }
2449
2450 if (found == 0) {
bdb6d971 2451 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2452 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2453 goto unlock;
2454 }
2455
9246a869 2456update_class:
890ea898 2457 hci_req_init(&req, hdev);
1aff6f09 2458
890ea898
JH		 2459 update_class(&req);
2460 update_eir(&req);
2461
92da6097
JH		 2462 err = hci_req_run(&req, remove_uuid_complete);
2463 if (err < 0) {
2464 if (err != -ENODATA)
2465 goto unlock;
80a1e1db 2466
bdb6d971 2467 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2468 hdev->dev_class, 3);
90e70454
JH		 2469 goto unlock;
2470 }
2471
2472 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2473 if (!cmd) {
90e70454 2474 err = -ENOMEM;
890ea898
JH		 2475 goto unlock;
2476 }
2477
2478 err = 0;
2aeb9a1a
JH		 2479
2480unlock:
09fd0de5 2481 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2482 return err;
2483}
2484
92da6097
JH		 2485static void set_class_complete(struct hci_dev *hdev, u8 status)
2486{
2487 BT_DBG("status 0x%02x", status);
2488
2489 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2490}
2491
bdb6d971 2492static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2493 u16 len)
1aff6f09 2494{
650f726d 2495 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2496 struct pending_cmd *cmd;
890ea898 2497 struct hci_request req;
1aff6f09
JH		 2498 int err;
2499
bdb6d971 2500 BT_DBG("request for %s", hdev->name);
1aff6f09 2501
6203fc98 2502 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2503 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2504 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2505
0cab9c80 2506 hci_dev_lock(hdev);
ee98f473 2507
0cab9c80
JH		 2508 if (pending_eir_or_class(hdev)) {
2509 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2510 MGMT_STATUS_BUSY);
2511 goto unlock;
2512 }
c95f0ba7 2513
0cab9c80
JH		 2514 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2515 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2516 MGMT_STATUS_INVALID_PARAMS);
2517 goto unlock;
2518 }
575b3a02 2519
932f5ff5
JH		 2520 hdev->major_class = cp->major;
2521 hdev->minor_class = cp->minor;
2522
b5235a65 2523 if (!hdev_is_powered(hdev)) {
bdb6d971 2524 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2525 hdev->dev_class, 3);
b5235a65
JH		 2526 goto unlock;
2527 }
2528
890ea898
JH		 2529 hci_req_init(&req, hdev);
2530
a8b2d5c2 2531 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2532 hci_dev_unlock(hdev);
2533 cancel_delayed_work_sync(&hdev->service_cache);
2534 hci_dev_lock(hdev);
890ea898 2535 update_eir(&req);
7d78525d 2536 }
14c0b608 2537
890ea898
JH		 2538 update_class(&req);
2539
92da6097
JH		 2540 err = hci_req_run(&req, set_class_complete);
2541 if (err < 0) {
2542 if (err != -ENODATA)
2543 goto unlock;
1aff6f09 2544
bdb6d971 2545 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2546 hdev->dev_class, 3);
90e70454
JH		 2547 goto unlock;
2548 }
2549
2550 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2551 if (!cmd) {
90e70454 2552 err = -ENOMEM;
890ea898
JH		 2553 goto unlock;
2554 }
2555
2556 err = 0;
1aff6f09 2557
b5235a65 2558unlock:
09fd0de5 2559 hci_dev_unlock(hdev);
1aff6f09
JH		 2560 return err;
2561}
2562
bdb6d971 2563static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2564 u16 len)
55ed8ca1 2565{
650f726d 2566 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2567 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2568 sizeof(struct mgmt_link_key_info));
4e51eae9 2569 u16 key_count, expected_len;
b1de97d8 2570 bool changed;
a492cd52 2571 int i;
55ed8ca1 2572
9060d5cf
MH		 2573 BT_DBG("request for %s", hdev->name);
2574
2575 if (!lmp_bredr_capable(hdev))
2576 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2577 MGMT_STATUS_NOT_SUPPORTED);
2578
1f350c87 2579 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2580 if (key_count > max_key_count) {
2581 BT_ERR("load_link_keys: too big key_count value %u",
2582 key_count);
2583 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2584 MGMT_STATUS_INVALID_PARAMS);
2585 }
55ed8ca1 2586
86742e1e
JH		 2587 expected_len = sizeof(*cp) + key_count *
2588 sizeof(struct mgmt_link_key_info);
a492cd52 2589 if (expected_len != len) {
86742e1e 2590 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2591 expected_len, len);
bdb6d971 2592 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2593 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2594 }
2595
4ae14301
JH		 2596 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2597 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2598 MGMT_STATUS_INVALID_PARAMS);
2599
bdb6d971 2600 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2601 key_count);
55ed8ca1 2602
4ee71b20
JH		 2603 for (i = 0; i < key_count; i++) {
2604 struct mgmt_link_key_info *key = &cp->keys[i];
2605
8e991132 2606 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2607 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2608 MGMT_STATUS_INVALID_PARAMS);
2609 }
2610
09fd0de5 2611 hci_dev_lock(hdev);
55ed8ca1
JH		 2612
2613 hci_link_keys_clear(hdev);
2614
55ed8ca1 2615 if (cp->debug_keys)
0663b297
JH		 2616 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2617 &hdev->dev_flags);
55ed8ca1 2618 else
0663b297
JH		 2619 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2620 &hdev->dev_flags);
b1de97d8
MH		 2621
2622 if (changed)
2623 new_settings(hdev, NULL);
55ed8ca1 2624
a492cd52 2625 for (i = 0; i < key_count; i++) {
86742e1e 2626 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2627
58e9293c
JH		 2628 /* Always ignore debug keys and require a new pairing if
2629 * the user wants to use them.
2630 */
2631 if (key->type == HCI_LK_DEBUG_COMBINATION)
2632 continue;
2633
7652ff6a
JH		 2634 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2635 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2636 }
2637
bdb6d971 2638 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2639
09fd0de5 2640 hci_dev_unlock(hdev);
55ed8ca1 2641
a492cd52 2642 return 0;
55ed8ca1
JH		 2643}
2644
b1078ad0 2645static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2646 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2647{
2648 struct mgmt_ev_device_unpaired ev;
2649
2650 bacpy(&ev.addr.bdaddr, bdaddr);
2651 ev.addr.type = addr_type;
2652
2653 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2654 skip_sk);
b1078ad0
JH		 2655}
2656
bdb6d971 2657static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2658 u16 len)
55ed8ca1 2659{
124f6e35
JH		 2660 struct mgmt_cp_unpair_device *cp = data;
2661 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2662 struct hci_cp_disconnect dc;
2663 struct pending_cmd *cmd;
55ed8ca1 2664 struct hci_conn *conn;
55ed8ca1
JH		 2665 int err;
2666
a8a1d19e 2667 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2668 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2669 rp.addr.type = cp->addr.type;
a8a1d19e 2670
4ee71b20
JH		 2671 if (!bdaddr_type_is_valid(cp->addr.type))
2672 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2673 MGMT_STATUS_INVALID_PARAMS,
2674 &rp, sizeof(rp));
2675
118da70b
JH		 2676 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2677 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2678 MGMT_STATUS_INVALID_PARAMS,
2679 &rp, sizeof(rp));
2680
4ee71b20
JH		 2681 hci_dev_lock(hdev);
2682
86a8cfc6 2683 if (!hdev_is_powered(hdev)) {
bdb6d971 2684 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2685 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2686 goto unlock;
2687 }
2688
e0b2b27e 2689 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2690 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2691 } else {
2692 u8 addr_type;
2693
2694 if (cp->addr.type == BDADDR_LE_PUBLIC)
2695 addr_type = ADDR_LE_DEV_PUBLIC;
2696 else
2697 addr_type = ADDR_LE_DEV_RANDOM;
2698
a7ec7338
JH		 2699 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2700
a9b0a04c
AG		 2701 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2702
e0b2b27e
JH		 2703 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2704 }
b0dbfb46 2705
55ed8ca1 2706 if (err < 0) {
bdb6d971 2707 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2708 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2709 goto unlock;
2710 }
2711
86a8cfc6 2712 if (cp->disconnect) {
591f47f3 2713 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2714 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2715 &cp->addr.bdaddr);
86a8cfc6
JH		 2716 else
2717 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2718 &cp->addr.bdaddr);
86a8cfc6
JH		 2719 } else {
2720 conn = NULL;
2721 }
124f6e35 2722
a8a1d19e 2723 if (!conn) {
bdb6d971 2724 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2725 &rp, sizeof(rp));
b1078ad0 2726 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2727 goto unlock;
2728 }
55ed8ca1 2729
124f6e35 2730 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2731 sizeof(*cp));
a8a1d19e
JH		 2732 if (!cmd) {
2733 err = -ENOMEM;
2734 goto unlock;
55ed8ca1
JH		 2735 }
2736
eb55ef07 2737 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2738 dc.reason = 0x13; /* Remote User Terminated Connection */
2739 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2740 if (err < 0)
2741 mgmt_pending_remove(cmd);
2742
55ed8ca1 2743unlock:
09fd0de5 2744 hci_dev_unlock(hdev);
55ed8ca1
JH		 2745 return err;
2746}
2747
bdb6d971 2748static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2749 u16 len)
8962ee74 2750{
650f726d 2751 struct mgmt_cp_disconnect *cp = data;
06a63b19 2752 struct mgmt_rp_disconnect rp;
8962ee74 2753 struct hci_cp_disconnect dc;
366a0336 2754 struct pending_cmd *cmd;
8962ee74 2755 struct hci_conn *conn;
8962ee74
JH		 2756 int err;
2757
2758 BT_DBG("");
2759
06a63b19
JH		 2760 memset(&rp, 0, sizeof(rp));
2761 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2762 rp.addr.type = cp->addr.type;
2763
4ee71b20 2764 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2765 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2766 MGMT_STATUS_INVALID_PARAMS,
2767 &rp, sizeof(rp));
4ee71b20 2768
09fd0de5 2769 hci_dev_lock(hdev);
8962ee74
JH		 2770
2771 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2772 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2773 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2774 goto failed;
2775 }
2776
2e58ef3e 2777 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2778 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2779 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2780 goto failed;
2781 }
2782
591f47f3 2783 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2784 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2785 &cp->addr.bdaddr);
88c3df13
JH		 2786 else
2787 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2788
f960727e 2789 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2790 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2791 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2792 goto failed;
2793 }
2794
2e58ef3e 2795 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2796 if (!cmd) {
2797 err = -ENOMEM;
8962ee74 2798 goto failed;
366a0336 2799 }
8962ee74 2800
eb55ef07 2801 dc.handle = cpu_to_le16(conn->handle);
3701f944 2802 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2803
2804 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2805 if (err < 0)
a664b5bc 2806 mgmt_pending_remove(cmd);
8962ee74
JH		 2807
2808failed:
09fd0de5 2809 hci_dev_unlock(hdev);
8962ee74
JH		 2810 return err;
2811}
2812
57c1477c 2813static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2814{
2815 switch (link_type) {
2816 case LE_LINK:
48264f06
JH		 2817 switch (addr_type) {
2818 case ADDR_LE_DEV_PUBLIC:
591f47f3 2819 return BDADDR_LE_PUBLIC;
0ed09148 2820
48264f06 2821 default:
0ed09148 2822 /* Fallback to LE Random address type */
591f47f3 2823 return BDADDR_LE_RANDOM;
48264f06 2824 }
0ed09148 2825
4c659c39 2826 default:
0ed09148 2827 /* Fallback to BR/EDR type */
591f47f3 2828 return BDADDR_BREDR;
4c659c39
JH		 2829 }
2830}
2831
04124681
GP		 2832static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2833 u16 data_len)
2784eb41 2834{
2784eb41 2835 struct mgmt_rp_get_connections *rp;
8035ded4 2836 struct hci_conn *c;
a38528f1 2837 size_t rp_len;
60fc5fb6
JH		 2838 int err;
2839 u16 i;
2784eb41
JH		 2840
2841 BT_DBG("");
2842
09fd0de5 2843 hci_dev_lock(hdev);
2784eb41 2844
5f97c1df 2845 if (!hdev_is_powered(hdev)) {
bdb6d971 2846 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2847 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2848 goto unlock;
2849 }
2850
60fc5fb6 2851 i = 0;
b644ba33
JH		 2852 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2853 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2854 i++;
2784eb41
JH		 2855 }
2856
60fc5fb6 2857 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2858 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2859 if (!rp) {
2784eb41
JH		 2860 err = -ENOMEM;
2861 goto unlock;
2862 }
2863
2784eb41 2864 i = 0;
4c659c39 2865 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2866 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2867 continue;
4c659c39 2868 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2869 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2870 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2871 continue;
2872 i++;
2873 }
2874
eb55ef07 2875 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2876
4c659c39
JH		 2877 /* Recalculate length in case of filtered SCO connections, etc */
2878 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2879
bdb6d971 2880 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2881 rp_len);
2784eb41 2882
a38528f1 2883 kfree(rp);
5f97c1df
JH		 2884
2885unlock:
09fd0de5 2886 hci_dev_unlock(hdev);
2784eb41
JH		 2887 return err;
2888}
2889
bdb6d971 2890static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2891 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2892{
2893 struct pending_cmd *cmd;
2894 int err;
2895
2e58ef3e 2896 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2897 sizeof(*cp));
96d97a67
WR		 2898 if (!cmd)
2899 return -ENOMEM;
2900
d8457698 2901 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2902 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2903 if (err < 0)
2904 mgmt_pending_remove(cmd);
2905
2906 return err;
2907}
2908
bdb6d971 2909static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2910 u16 len)
980e1a53 2911{
96d97a67 2912 struct hci_conn *conn;
650f726d 2913 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2914 struct hci_cp_pin_code_reply reply;
366a0336 2915 struct pending_cmd *cmd;
980e1a53
JH		 2916 int err;
2917
2918 BT_DBG("");
2919
09fd0de5 2920 hci_dev_lock(hdev);
980e1a53 2921
4b34ee78 2922 if (!hdev_is_powered(hdev)) {
bdb6d971 2923 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2924 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2925 goto failed;
2926 }
2927
d8457698 2928 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2929 if (!conn) {
bdb6d971 2930 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2931 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2932 goto failed;
2933 }
2934
2935 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2936 struct mgmt_cp_pin_code_neg_reply ncp;
2937
2938 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2939
2940 BT_ERR("PIN code is not 16 bytes long");
2941
bdb6d971 2942 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2943 if (err >= 0)
bdb6d971 2944 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2945 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2946
2947 goto failed;
2948 }
2949
00abfe44 2950 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2951 if (!cmd) {
2952 err = -ENOMEM;
980e1a53 2953 goto failed;
366a0336 2954 }
980e1a53 2955
d8457698 2956 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2957 reply.pin_len = cp->pin_len;
24718ca5 2958 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2959
2960 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2961 if (err < 0)
a664b5bc 2962 mgmt_pending_remove(cmd);
980e1a53
JH		 2963
2964failed:
09fd0de5 2965 hci_dev_unlock(hdev);
980e1a53
JH		 2966 return err;
2967}
2968
04124681
GP		 2969static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2970 u16 len)
17fa4b9d 2971{
650f726d 2972 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2973
2974 BT_DBG("");
2975
4ec86d4c
JH		 2976 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2977 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2978 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2979
09fd0de5 2980 hci_dev_lock(hdev);
17fa4b9d
JH		 2981
2982 hdev->io_capability = cp->io_capability;
2983
2984 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2985 hdev->io_capability);
17fa4b9d 2986
09fd0de5 2987 hci_dev_unlock(hdev);
17fa4b9d 2988
04124681
GP		 2989 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2990 0);
17fa4b9d
JH		 2991}
2992
6039aa73 2993static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2994{
2995 struct hci_dev *hdev = conn->hdev;
8035ded4 2996 struct pending_cmd *cmd;
e9a416b5 2997
2e58ef3e 2998 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2999 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3000 continue;
3001
e9a416b5
JH		 3002 if (cmd->user_data != conn)
3003 continue;
3004
3005 return cmd;
3006 }
3007
3008 return NULL;
3009}
3010
3011static void pairing_complete(struct pending_cmd *cmd, u8 status)
3012{
3013 struct mgmt_rp_pair_device rp;
3014 struct hci_conn *conn = cmd->user_data;
3015
61b1a7fb
JH		 3016 bacpy(&rp.addr.bdaddr, &conn->dst);
3017 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3018
aee9b218 3019 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3020 &rp, sizeof(rp));
e9a416b5
JH		 3021
3022 /* So we don't get further callbacks for this connection */
3023 conn->connect_cfm_cb = NULL;
3024 conn->security_cfm_cb = NULL;
3025 conn->disconn_cfm_cb = NULL;
3026
76a68ba0 3027 hci_conn_drop(conn);
e9a416b5 3028
a664b5bc 3029 mgmt_pending_remove(cmd);
e9a416b5
JH		 3030}
3031
f4a407be
JH		 3032void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3033{
3034 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3035 struct pending_cmd *cmd;
3036
3037 cmd = find_pairing(conn);
3038 if (cmd)
3039 pairing_complete(cmd, status);
3040}
3041
e9a416b5
JH		 3042static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3043{
3044 struct pending_cmd *cmd;
3045
3046 BT_DBG("status %u", status);
3047
3048 cmd = find_pairing(conn);
56e5cb86 3049 if (!cmd)
e9a416b5 3050 BT_DBG("Unable to find a pending command");
56e5cb86 3051 else
e211326c 3052 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3053}
3054
f4a407be 3055static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3056{
3057 struct pending_cmd *cmd;
3058
3059 BT_DBG("status %u", status);
3060
3061 if (!status)
3062 return;
3063
3064 cmd = find_pairing(conn);
3065 if (!cmd)
3066 BT_DBG("Unable to find a pending command");
3067 else
3068 pairing_complete(cmd, mgmt_status(status));
3069}
3070
bdb6d971 3071static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3072 u16 len)
e9a416b5 3073{
650f726d 3074 struct mgmt_cp_pair_device *cp = data;
1425acb7 3075 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3076 struct pending_cmd *cmd;
3077 u8 sec_level, auth_type;
3078 struct hci_conn *conn;
e9a416b5
JH		 3079 int err;
3080
3081 BT_DBG("");
3082
f950a30e
SJ		 3083 memset(&rp, 0, sizeof(rp));
3084 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3085 rp.addr.type = cp->addr.type;
3086
4ee71b20
JH		 3087 if (!bdaddr_type_is_valid(cp->addr.type))
3088 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3089 MGMT_STATUS_INVALID_PARAMS,
3090 &rp, sizeof(rp));
3091
4ec86d4c
JH		 3092 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3093 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3094 MGMT_STATUS_INVALID_PARAMS,
3095 &rp, sizeof(rp));
3096
09fd0de5 3097 hci_dev_lock(hdev);
e9a416b5 3098
5f97c1df 3099 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3100 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3101 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3102 goto unlock;
3103 }
3104
c908df36 3105 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3106 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3107
6f77d8c7 3108 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3109 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3110 auth_type);
6f77d8c7
AG		 3111 } else {
3112 u8 addr_type;
3113
3114 /* Convert from L2CAP channel address type to HCI address type
3115 */
3116 if (cp->addr.type == BDADDR_LE_PUBLIC)
3117 addr_type = ADDR_LE_DEV_PUBLIC;
3118 else
3119 addr_type = ADDR_LE_DEV_RANDOM;
3120
7c264b10
MH		 3121 /* When pairing a new device, it is expected to remember
3122 * this device for future connections. Adding the connection
3123 * parameter information ahead of time allows tracking
3124 * of the slave preferred values and will speed up any
3125 * further connection establishment.
3126 *
3127 * If connection parameters already exist, then they
3128 * will be kept and this function does nothing.
3129 */
3130 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3131
cdd6275e 3132 /* Request a connection with master = true role */
6f77d8c7 3133 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
cdd6275e 3134 sec_level, HCI_LE_CONN_TIMEOUT, true);
6f77d8c7 3135 }
7a512d01 3136
30e76272 3137 if (IS_ERR(conn)) {
489dc48e
AK		 3138 int status;
3139
3140 if (PTR_ERR(conn) == -EBUSY)
3141 status = MGMT_STATUS_BUSY;
3142 else
3143 status = MGMT_STATUS_CONNECT_FAILED;
3144
bdb6d971 3145 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3146 status, &rp,
04124681 3147 sizeof(rp));
e9a416b5
JH		 3148 goto unlock;
3149 }
3150
3151 if (conn->connect_cfm_cb) {
76a68ba0 3152 hci_conn_drop(conn);
bdb6d971 3153 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3154 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3155 goto unlock;
3156 }
3157
2e58ef3e 3158 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3159 if (!cmd) {
3160 err = -ENOMEM;
76a68ba0 3161 hci_conn_drop(conn);
e9a416b5
JH		 3162 goto unlock;
3163 }
3164
7a512d01 3165 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3166 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3167 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3168 conn->security_cfm_cb = pairing_complete_cb;
3169 conn->disconn_cfm_cb = pairing_complete_cb;
3170 } else {
3171 conn->connect_cfm_cb = le_pairing_complete_cb;
3172 conn->security_cfm_cb = le_pairing_complete_cb;
3173 conn->disconn_cfm_cb = le_pairing_complete_cb;
3174 }
7a512d01 3175
e9a416b5
JH		 3176 conn->io_capability = cp->io_cap;
3177 cmd->user_data = conn;
3178
3179 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3180 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3181 pairing_complete(cmd, 0);
3182
3183 err = 0;
3184
3185unlock:
09fd0de5 3186 hci_dev_unlock(hdev);
e9a416b5
JH		 3187 return err;
3188}
3189
04124681
GP		 3190static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3191 u16 len)
28424707 3192{
0f4e68cf 3193 struct mgmt_addr_info *addr = data;
28424707
JH		 3194 struct pending_cmd *cmd;
3195 struct hci_conn *conn;
3196 int err;
3197
3198 BT_DBG("");
3199
28424707
JH		 3200 hci_dev_lock(hdev);
3201
5f97c1df 3202 if (!hdev_is_powered(hdev)) {
bdb6d971 3203 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3204 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3205 goto unlock;
3206 }
3207
28424707
JH		 3208 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3209 if (!cmd) {
bdb6d971 3210 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3211 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3212 goto unlock;
3213 }
3214
3215 conn = cmd->user_data;
3216
3217 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3218 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3219 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3220 goto unlock;
3221 }
3222
3223 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3224
bdb6d971 3225 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3226 addr, sizeof(*addr));
28424707
JH		 3227unlock:
3228 hci_dev_unlock(hdev);
28424707
JH		 3229 return err;
3230}
3231
bdb6d971 3232static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3233 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3234 u16 hci_op, __le32 passkey)
a5c29683 3235{
a5c29683 3236 struct pending_cmd *cmd;
0df4c185 3237 struct hci_conn *conn;
a5c29683
JH		 3238 int err;
3239
09fd0de5 3240 hci_dev_lock(hdev);
08ba5382 3241
4b34ee78 3242 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3243 err = cmd_complete(sk, hdev->id, mgmt_op,
3244 MGMT_STATUS_NOT_POWERED, addr,
3245 sizeof(*addr));
0df4c185 3246 goto done;
a5c29683
JH		 3247 }
3248
1707c60e
JH		 3249 if (addr->type == BDADDR_BREDR)
3250 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3251 else
1707c60e 3252 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3253
3254 if (!conn) {
feb94d3d
JH		 3255 err = cmd_complete(sk, hdev->id, mgmt_op,
3256 MGMT_STATUS_NOT_CONNECTED, addr,
3257 sizeof(*addr));
272d90df
JH		 3258 goto done;
3259 }
47c15e2b 3260
1707c60e 3261 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3262 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3263 if (!err)
feb94d3d
JH		 3264 err = cmd_complete(sk, hdev->id, mgmt_op,
3265 MGMT_STATUS_SUCCESS, addr,
3266 sizeof(*addr));
5fe57d9e 3267 else
feb94d3d
JH		 3268 err = cmd_complete(sk, hdev->id, mgmt_op,
3269 MGMT_STATUS_FAILED, addr,
3270 sizeof(*addr));
47c15e2b 3271
47c15e2b
BG		 3272 goto done;
3273 }
3274
1707c60e 3275 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3276 if (!cmd) {
3277 err = -ENOMEM;
0df4c185 3278 goto done;
a5c29683
JH		 3279 }
3280
0df4c185 3281 /* Continue with pairing via HCI */
604086b7
BG		 3282 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3283 struct hci_cp_user_passkey_reply cp;
3284
1707c60e 3285 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3286 cp.passkey = passkey;
3287 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3288 } else
1707c60e
JH		 3289 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3290 &addr->bdaddr);
604086b7 3291
a664b5bc
JH		 3292 if (err < 0)
3293 mgmt_pending_remove(cmd);
a5c29683 3294
0df4c185 3295done:
09fd0de5 3296 hci_dev_unlock(hdev);
a5c29683
JH		 3297 return err;
3298}
3299
afeb019d
JK		 3300static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3301 void *data, u16 len)
3302{
3303 struct mgmt_cp_pin_code_neg_reply *cp = data;
3304
3305 BT_DBG("");
3306
1707c60e 3307 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3308 MGMT_OP_PIN_CODE_NEG_REPLY,
3309 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3310}
3311
04124681
GP		 3312static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3313 u16 len)
0df4c185 3314{
650f726d 3315 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3316
3317 BT_DBG("");
3318
3319 if (len != sizeof(*cp))
bdb6d971 3320 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3321 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3322
1707c60e 3323 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3324 MGMT_OP_USER_CONFIRM_REPLY,
3325 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3326}
3327
bdb6d971 3328static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3329 void *data, u16 len)
0df4c185 3330{
c9c2659f 3331 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3332
3333 BT_DBG("");
3334
1707c60e 3335 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3336 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3337 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3338}
3339
04124681
GP		 3340static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3341 u16 len)
604086b7 3342{
650f726d 3343 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3344
3345 BT_DBG("");
3346
1707c60e 3347 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3348 MGMT_OP_USER_PASSKEY_REPLY,
3349 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3350}
3351
bdb6d971 3352static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3353 void *data, u16 len)
604086b7 3354{
650f726d 3355 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3356
3357 BT_DBG("");
3358
1707c60e 3359 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3360 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3361 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3362}
3363
13928971 3364static void update_name(struct hci_request *req)
2b4bf397 3365{
13928971 3366 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3367 struct hci_cp_write_local_name cp;
3368
13928971 3369 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3370
890ea898 3371 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3372}
3373
13928971
JH		 3374static void set_name_complete(struct hci_dev *hdev, u8 status)
3375{
3376 struct mgmt_cp_set_local_name *cp;
3377 struct pending_cmd *cmd;
3378
3379 BT_DBG("status 0x%02x", status);
3380
3381 hci_dev_lock(hdev);
3382
3383 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3384 if (!cmd)
3385 goto unlock;
3386
3387 cp = cmd->param;
3388
3389 if (status)
3390 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3391 mgmt_status(status));
3392 else
3393 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3394 cp, sizeof(*cp));
3395
3396 mgmt_pending_remove(cmd);
3397
3398unlock:
3399 hci_dev_unlock(hdev);
3400}
3401
bdb6d971 3402static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3403 u16 len)
b312b161 3404{
2b4bf397 3405 struct mgmt_cp_set_local_name *cp = data;
b312b161 3406 struct pending_cmd *cmd;
890ea898 3407 struct hci_request req;
b312b161
JH		 3408 int err;
3409
3410 BT_DBG("");
3411
09fd0de5 3412 hci_dev_lock(hdev);
b312b161 3413
b3f2ca94
JH		 3414 /* If the old values are the same as the new ones just return a
3415 * direct command complete event.
3416 */
3417 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3418 !memcmp(hdev->short_name, cp->short_name,
3419 sizeof(hdev->short_name))) {
3420 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3421 data, len);
3422 goto failed;
3423 }
3424
2b4bf397 3425 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3426
b5235a65 3427 if (!hdev_is_powered(hdev)) {
2b4bf397 3428 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3429
3430 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3431 data, len);
28cc7bde
JH		 3432 if (err < 0)
3433 goto failed;
3434
3435 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3436 sk);
28cc7bde 3437
b5235a65
JH		 3438 goto failed;
3439 }
3440
28cc7bde 3441 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3442 if (!cmd) {
3443 err = -ENOMEM;
3444 goto failed;
3445 }
3446
13928971
JH		 3447 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3448
890ea898 3449 hci_req_init(&req, hdev);
3f985050
JH		 3450
3451 if (lmp_bredr_capable(hdev)) {
3452 update_name(&req);
3453 update_eir(&req);
3454 }
3455
7a5f4990
MH		 3456 /* The name is stored in the scan response data and so
3457 * no need to udpate the advertising data here.
3458 */
3f985050 3459 if (lmp_le_capable(hdev))
7a5f4990 3460 update_scan_rsp_data(&req);
3f985050 3461
13928971 3462 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3463 if (err < 0)
3464 mgmt_pending_remove(cmd);
3465
3466failed:
09fd0de5 3467 hci_dev_unlock(hdev);
b312b161
JH		 3468 return err;
3469}
3470
0f4e68cf 3471static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3472 void *data, u16 data_len)
c35938b2 3473{
c35938b2
SJ		 3474 struct pending_cmd *cmd;
3475 int err;
3476
bdb6d971 3477 BT_DBG("%s", hdev->name);
c35938b2 3478
09fd0de5 3479 hci_dev_lock(hdev);
c35938b2 3480
4b34ee78 3481 if (!hdev_is_powered(hdev)) {
bdb6d971 3482 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3483 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3484 goto unlock;
3485 }
3486
9a1a1996 3487 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3488 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3489 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3490 goto unlock;
3491 }
3492
2e58ef3e 3493 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3494 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3495 MGMT_STATUS_BUSY);
c35938b2
SJ		 3496 goto unlock;
3497 }
3498
2e58ef3e 3499 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3500 if (!cmd) {
3501 err = -ENOMEM;
3502 goto unlock;
3503 }
3504
4d2d2796
MH		 3505 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3506 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3507 0, NULL);
3508 else
3509 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3510
c35938b2
SJ		 3511 if (err < 0)
3512 mgmt_pending_remove(cmd);
3513
3514unlock:
09fd0de5 3515 hci_dev_unlock(hdev);
c35938b2
SJ		 3516 return err;
3517}
3518
bdb6d971 3519static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3520 void *data, u16 len)
2763eda6 3521{
2763eda6
SJ		 3522 int err;
3523
bdb6d971 3524 BT_DBG("%s ", hdev->name);
2763eda6 3525
09fd0de5 3526 hci_dev_lock(hdev);
2763eda6 3527
ec109113
MH		 3528 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3529 struct mgmt_cp_add_remote_oob_data *cp = data;
3530 u8 status;
bf1e3541 3531
ec109113
MH		 3532 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3533 cp->hash, cp->randomizer);
3534 if (err < 0)
3535 status = MGMT_STATUS_FAILED;
3536 else
3537 status = MGMT_STATUS_SUCCESS;
3538
3539 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3540 status, &cp->addr, sizeof(cp->addr));
3541 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3542 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3543 u8 status;
3544
3545 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3546 cp->hash192,
3547 cp->randomizer192,
3548 cp->hash256,
3549 cp->randomizer256);
3550 if (err < 0)
3551 status = MGMT_STATUS_FAILED;
3552 else
3553 status = MGMT_STATUS_SUCCESS;
3554
3555 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3556 status, &cp->addr, sizeof(cp->addr));
3557 } else {
3558 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3559 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3560 MGMT_STATUS_INVALID_PARAMS);
3561 }
2763eda6 3562
09fd0de5 3563 hci_dev_unlock(hdev);
2763eda6
SJ		 3564 return err;
3565}
3566
bdb6d971 3567static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3568 void *data, u16 len)
2763eda6 3569{
650f726d 3570 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3571 u8 status;
2763eda6
SJ		 3572 int err;
3573
bdb6d971 3574 BT_DBG("%s", hdev->name);
2763eda6 3575
09fd0de5 3576 hci_dev_lock(hdev);
2763eda6 3577
664ce4cc 3578 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3579 if (err < 0)
bf1e3541 3580 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3581 else
a6785be2 3582 status = MGMT_STATUS_SUCCESS;
bf1e3541 3583
bdb6d971 3584 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3585 status, &cp->addr, sizeof(cp->addr));
2763eda6 3586
09fd0de5 3587 hci_dev_unlock(hdev);
2763eda6
SJ		 3588 return err;
3589}
3590
41dc2bd6
AG		 3591static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3592{
3593 struct pending_cmd *cmd;
3594 u8 type;
3595 int err;
3596
3597 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3598
3599 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3600 if (!cmd)
3601 return -ENOENT;
3602
3603 type = hdev->discovery.type;
3604
3605 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3606 &type, sizeof(type));
3607 mgmt_pending_remove(cmd);
3608
3609 return err;
3610}
3611
7c307720
AG		 3612static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3613{
ae55f598
LR		 3614 unsigned long timeout = 0;
3615
7c307720
AG		 3616 BT_DBG("status %d", status);
3617
3618 if (status) {
3619 hci_dev_lock(hdev);
3620 mgmt_start_discovery_failed(hdev, status);
3621 hci_dev_unlock(hdev);
3622 return;
3623 }
3624
3625 hci_dev_lock(hdev);
3626 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3627 hci_dev_unlock(hdev);
3628
3629 switch (hdev->discovery.type) {
3630 case DISCOV_TYPE_LE:
3d5a76f0 3631 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3632 break;
3633
3634 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3635 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3636 break;
3637
3638 case DISCOV_TYPE_BREDR:
3639 break;
3640
3641 default:
3642 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3643 }
ae55f598
LR		 3644
3645 if (!timeout)
3646 return;
3647
3648 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3649}
3650
bdb6d971 3651static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3652 void *data, u16 len)
14a53664 3653{
650f726d 3654 struct mgmt_cp_start_discovery *cp = data;
14a53664 3655 struct pending_cmd *cmd;
7c307720
AG		 3656 struct hci_cp_le_set_scan_param param_cp;
3657 struct hci_cp_le_set_scan_enable enable_cp;
3658 struct hci_cp_inquiry inq_cp;
3659 struct hci_request req;
3660 /* General inquiry access code (GIAC) */
3661 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3662 u8 status, own_addr_type;
14a53664
JH		 3663 int err;
3664
bdb6d971 3665 BT_DBG("%s", hdev->name);
14a53664 3666
09fd0de5 3667 hci_dev_lock(hdev);
14a53664 3668
4b34ee78 3669 if (!hdev_is_powered(hdev)) {
bdb6d971 3670 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3671 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3672 goto failed;
3673 }
3674
642be6c7
AG		 3675 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3676 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3677 MGMT_STATUS_BUSY);
3678 goto failed;
3679 }
3680
ff9ef578 3681 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3682 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3683 MGMT_STATUS_BUSY);
ff9ef578
JH		 3684 goto failed;
3685 }
3686
2e58ef3e 3687 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3688 if (!cmd) {
3689 err = -ENOMEM;
3690 goto failed;
3691 }
3692
4aab14e5
AG		 3693 hdev->discovery.type = cp->type;
3694
7c307720
AG		 3695 hci_req_init(&req, hdev);
3696
4aab14e5 3697 switch (hdev->discovery.type) {
f39799f5 3698 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3699 status = mgmt_bredr_support(hdev);
3700 if (status) {
04106755 3701 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3702 status);
04106755
JH		 3703 mgmt_pending_remove(cmd);
3704 goto failed;
3705 }
3706
7c307720
AG		 3707 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3708 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3709 MGMT_STATUS_BUSY);
3710 mgmt_pending_remove(cmd);
3711 goto failed;
3712 }
3713
3714 hci_inquiry_cache_flush(hdev);
3715
3716 memset(&inq_cp, 0, sizeof(inq_cp));
3717 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3718 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3719 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3720 break;
3721
3722 case DISCOV_TYPE_LE:
7c307720 3723 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3724 status = mgmt_le_support(hdev);
3725 if (status) {
04106755 3726 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3727 status);
04106755
JH		 3728 mgmt_pending_remove(cmd);
3729 goto failed;
3730 }
3731
7c307720 3732 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3733 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3734 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3735 MGMT_STATUS_NOT_SUPPORTED);
3736 mgmt_pending_remove(cmd);
3737 goto failed;
3738 }
3739
e8bb6b97
JH		 3740 if (test_bit(HCI_LE_ADV, &hdev->dev_flags)) {
3741 /* Don't let discovery abort an outgoing
3742 * connection attempt that's using directed
3743 * advertising.
3744 */
3745 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3746 BT_CONNECT)) {
3747 err = cmd_status(sk, hdev->id,
3748 MGMT_OP_START_DISCOVERY,
3749 MGMT_STATUS_REJECTED);
3750 mgmt_pending_remove(cmd);
3751 goto failed;
3752 }
3753
3754 disable_advertising(&req);
7c307720
AG		 3755 }
3756
c54c3860
AG		 3757 /* If controller is scanning, it means the background scanning
3758 * is running. Thus, we should temporarily stop it in order to
3759 * set the discovery scanning parameters.
3760 */
3761 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3762 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3763
3764 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3765
94b1fc92
MH		 3766 /* All active scans will be done with either a resolvable
3767 * private address (when privacy feature has been enabled)
3768 * or unresolvable private address.
3769 */
3770 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3771 if (err < 0) {
3772 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3773 MGMT_STATUS_FAILED);
3774 mgmt_pending_remove(cmd);
3775 goto failed;
3776 }
3777
7c307720 3778 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3779 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3780 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3781 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3782 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3783 &param_cp);
3784
3785 memset(&enable_cp, 0, sizeof(enable_cp));
3786 enable_cp.enable = LE_SCAN_ENABLE;
3787 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3788 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3789 &enable_cp);
5e0452c0
AG		 3790 break;
3791
f39799f5 3792 default:
04106755
JH		 3793 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3794 MGMT_STATUS_INVALID_PARAMS);
3795 mgmt_pending_remove(cmd);
3796 goto failed;
f39799f5 3797 }
3fd24153 3798
7c307720 3799 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3800 if (err < 0)
3801 mgmt_pending_remove(cmd);
ff9ef578
JH		 3802 else
3803 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3804
3805failed:
09fd0de5 3806 hci_dev_unlock(hdev);
14a53664
JH		 3807 return err;
3808}
3809
1183fdca
AG		 3810static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3811{
3812 struct pending_cmd *cmd;
3813 int err;
3814
3815 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3816 if (!cmd)
3817 return -ENOENT;
3818
3819 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3820 &hdev->discovery.type, sizeof(hdev->discovery.type));
3821 mgmt_pending_remove(cmd);
3822
3823 return err;
3824}
3825
0e05bba6
AG		 3826static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3827{
3828 BT_DBG("status %d", status);
3829
3830 hci_dev_lock(hdev);
3831
3832 if (status) {
3833 mgmt_stop_discovery_failed(hdev, status);
3834 goto unlock;
3835 }
3836
3837 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3838
3839unlock:
3840 hci_dev_unlock(hdev);
3841}
3842
bdb6d971 3843static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3844 u16 len)
14a53664 3845{
d930650b 3846 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3847 struct pending_cmd *cmd;
0e05bba6 3848 struct hci_request req;
14a53664
JH		 3849 int err;
3850
bdb6d971 3851 BT_DBG("%s", hdev->name);
14a53664 3852
09fd0de5 3853 hci_dev_lock(hdev);
14a53664 3854
30dc78e1 3855 if (!hci_discovery_active(hdev)) {
bdb6d971 3856 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3857 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3858 sizeof(mgmt_cp->type));
d930650b
JH		 3859 goto unlock;
3860 }
3861
3862 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3863 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3864 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3865 sizeof(mgmt_cp->type));
30dc78e1 3866 goto unlock;
ff9ef578
JH		 3867 }
3868
2e58ef3e 3869 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3870 if (!cmd) {
3871 err = -ENOMEM;
30dc78e1
JH		 3872 goto unlock;
3873 }
3874
0e05bba6
AG		 3875 hci_req_init(&req, hdev);
3876
21a60d30 3877 hci_stop_discovery(&req);
e0d9727e 3878
21a60d30
JH		 3879 err = hci_req_run(&req, stop_discovery_complete);
3880 if (!err) {
3881 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3882 goto unlock;
14a53664
JH		 3883 }
3884
21a60d30
JH		 3885 mgmt_pending_remove(cmd);
3886
3887 /* If no HCI commands were sent we're done */
3888 if (err == -ENODATA) {
3889 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3890 &mgmt_cp->type, sizeof(mgmt_cp->type));
3891 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3892 }
14a53664 3893
30dc78e1 3894unlock:
09fd0de5 3895 hci_dev_unlock(hdev);
14a53664
JH		 3896 return err;
3897}
3898
bdb6d971 3899static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3900 u16 len)
561aafbc 3901{
650f726d 3902 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3903 struct inquiry_entry *e;
561aafbc
JH		 3904 int err;
3905
bdb6d971 3906 BT_DBG("%s", hdev->name);
561aafbc 3907
561aafbc
JH		 3908 hci_dev_lock(hdev);
3909
30dc78e1 3910 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3911 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3912 MGMT_STATUS_FAILED, &cp->addr,
3913 sizeof(cp->addr));
30dc78e1
JH		 3914 goto failed;
3915 }
3916
a198e7b1 3917 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3918 if (!e) {
d3a2541d
LR		 3919 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3920 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3921 sizeof(cp->addr));
561aafbc
JH		 3922 goto failed;
3923 }
3924
3925 if (cp->name_known) {
3926 e->name_state = NAME_KNOWN;
3927 list_del(&e->list);
3928 } else {
3929 e->name_state = NAME_NEEDED;
a3d4e20a 3930 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3931 }
3932
e384662b
JH		 3933 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3934 sizeof(cp->addr));
561aafbc
JH		 3935
3936failed:
3937 hci_dev_unlock(hdev);
561aafbc
JH		 3938 return err;
3939}
3940
bdb6d971 3941static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3942 u16 len)
7fbec224 3943{
650f726d 3944 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3945 u8 status;
7fbec224
AJ		 3946 int err;
3947
bdb6d971 3948 BT_DBG("%s", hdev->name);
7fbec224 3949
4ee71b20 3950 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3951 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3952 MGMT_STATUS_INVALID_PARAMS,
3953 &cp->addr, sizeof(cp->addr));
4ee71b20 3954
09fd0de5 3955 hci_dev_lock(hdev);
5e762444 3956
88c1fe4b 3957 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3958 if (err < 0) {
f0eeea8b 3959 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3960 goto done;
3961 }
3962
3963 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3964 sk);
3965 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3966
2a8357f2 3967done:
bdb6d971 3968 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3969 &cp->addr, sizeof(cp->addr));
5e762444 3970
09fd0de5 3971 hci_dev_unlock(hdev);
7fbec224
AJ		 3972
3973 return err;
3974}
3975
bdb6d971 3976static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3977 u16 len)
7fbec224 3978{
650f726d 3979 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3980 u8 status;
7fbec224
AJ		 3981 int err;
3982
bdb6d971 3983 BT_DBG("%s", hdev->name);
7fbec224 3984
4ee71b20 3985 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3986 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3987 MGMT_STATUS_INVALID_PARAMS,
3988 &cp->addr, sizeof(cp->addr));
4ee71b20 3989
09fd0de5 3990 hci_dev_lock(hdev);
5e762444 3991
88c1fe4b 3992 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3993 if (err < 0) {
f0eeea8b 3994 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3995 goto done;
3996 }
3997
3998 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3999 sk);
4000 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4001
2a8357f2 4002done:
bdb6d971 4003 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 4004 &cp->addr, sizeof(cp->addr));
5e762444 4005
09fd0de5 4006 hci_dev_unlock(hdev);
7fbec224
AJ		 4007
4008 return err;
4009}
4010
cdbaccca
MH		 4011static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4012 u16 len)
4013{
4014 struct mgmt_cp_set_device_id *cp = data;
890ea898 4015 struct hci_request req;
cdbaccca 4016 int err;
c72d4b8a 4017 __u16 source;
cdbaccca
MH		 4018
4019 BT_DBG("%s", hdev->name);
4020
c72d4b8a
SJ		 4021 source = __le16_to_cpu(cp->source);
4022
4023 if (source > 0x0002)
4024 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4025 MGMT_STATUS_INVALID_PARAMS);
4026
cdbaccca
MH		 4027 hci_dev_lock(hdev);
4028
c72d4b8a 4029 hdev->devid_source = source;
cdbaccca
MH		 4030 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4031 hdev->devid_product = __le16_to_cpu(cp->product);
4032 hdev->devid_version = __le16_to_cpu(cp->version);
4033
4034 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4035
890ea898
JH		 4036 hci_req_init(&req, hdev);
4037 update_eir(&req);
4038 hci_req_run(&req, NULL);
cdbaccca
MH		 4039
4040 hci_dev_unlock(hdev);
4041
4042 return err;
4043}
4044
4375f103
JH		 4045static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4046{
4047 struct cmd_lookup match = { NULL, hdev };
4048
4049 if (status) {
4050 u8 mgmt_err = mgmt_status(status);
4051
4052 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4053 cmd_status_rsp, &mgmt_err);
4054 return;
4055 }
4056
c93bd150
JH		 4057 if (test_bit(HCI_LE_ADV, &hdev->dev_flags))
4058 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
4059 else
4060 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
4061
4375f103
JH		 4062 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4063 &match);
4064
4065 new_settings(hdev, match.sk);
4066
4067 if (match.sk)
4068 sock_put(match.sk);
4069}
4070
21b5187f
MH		 4071static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4072 u16 len)
4375f103
JH		 4073{
4074 struct mgmt_mode *cp = data;
4075 struct pending_cmd *cmd;
4076 struct hci_request req;
e6fe7986 4077 u8 val, enabled, status;
4375f103
JH		 4078 int err;
4079
4080 BT_DBG("request for %s", hdev->name);
4081
e6fe7986
JH		 4082 status = mgmt_le_support(hdev);
4083 if (status)
4375f103 4084 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4085 status);
4375f103
JH		 4086
4087 if (cp->val != 0x00 && cp->val != 0x01)
4088 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4089 MGMT_STATUS_INVALID_PARAMS);
4090
4091 hci_dev_lock(hdev);
4092
4093 val = !!cp->val;
f3d3444a 4094 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4095
f74ca9b8
JH		 4096 /* The following conditions are ones which mean that we should
4097 * not do any HCI communication but directly send a mgmt
4098 * response to user space (after toggling the flag if
4099 * necessary).
4100 */
4101 if (!hdev_is_powered(hdev) || val == enabled ||
e8bb6b97
JH		 4102 hci_conn_num(hdev, LE_LINK) > 0 ||
4103 (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4104 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
4375f103
JH		 4105 bool changed = false;
4106
f3d3444a
JH		 4107 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4108 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4109 changed = true;
4110 }
4111
4112 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4113 if (err < 0)
4114 goto unlock;
4115
4116 if (changed)
4117 err = new_settings(hdev, sk);
4118
4119 goto unlock;
4120 }
4121
4122 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4123 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4124 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4125 MGMT_STATUS_BUSY);
4126 goto unlock;
4127 }
4128
4129 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4130 if (!cmd) {
4131 err = -ENOMEM;
4132 goto unlock;
4133 }
4134
4135 hci_req_init(&req, hdev);
4136
bba3aa55
MH		 4137 if (val)
4138 enable_advertising(&req);
4139 else
4140 disable_advertising(&req);
4375f103
JH		 4141
4142 err = hci_req_run(&req, set_advertising_complete);
4143 if (err < 0)
4144 mgmt_pending_remove(cmd);
4145
4146unlock:
4147 hci_dev_unlock(hdev);
4148 return err;
4149}
4150
d13eafce
MH		 4151static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4152 void *data, u16 len)
4153{
4154 struct mgmt_cp_set_static_address *cp = data;
4155 int err;
4156
4157 BT_DBG("%s", hdev->name);
4158
62af4443 4159 if (!lmp_le_capable(hdev))
d13eafce 4160 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4161 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4162
4163 if (hdev_is_powered(hdev))
4164 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4165 MGMT_STATUS_REJECTED);
4166
4167 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4168 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4169 return cmd_status(sk, hdev->id,
4170 MGMT_OP_SET_STATIC_ADDRESS,
4171 MGMT_STATUS_INVALID_PARAMS);
4172
4173 /* Two most significant bits shall be set */
4174 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4175 return cmd_status(sk, hdev->id,
4176 MGMT_OP_SET_STATIC_ADDRESS,
4177 MGMT_STATUS_INVALID_PARAMS);
4178 }
4179
4180 hci_dev_lock(hdev);
4181
4182 bacpy(&hdev->static_addr, &cp->bdaddr);
4183
4184 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4185
4186 hci_dev_unlock(hdev);
4187
4188 return err;
4189}
4190
14b49b9a
MH		 4191static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4192 void *data, u16 len)
4193{
4194 struct mgmt_cp_set_scan_params *cp = data;
4195 __u16 interval, window;
4196 int err;
4197
4198 BT_DBG("%s", hdev->name);
4199
4200 if (!lmp_le_capable(hdev))
4201 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4202 MGMT_STATUS_NOT_SUPPORTED);
4203
4204 interval = __le16_to_cpu(cp->interval);
4205
4206 if (interval < 0x0004 || interval > 0x4000)
4207 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4208 MGMT_STATUS_INVALID_PARAMS);
4209
4210 window = __le16_to_cpu(cp->window);
4211
4212 if (window < 0x0004 || window > 0x4000)
4213 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4214 MGMT_STATUS_INVALID_PARAMS);
4215
899e1075
MH		 4216 if (window > interval)
4217 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4218 MGMT_STATUS_INVALID_PARAMS);
4219
14b49b9a
MH		 4220 hci_dev_lock(hdev);
4221
4222 hdev->le_scan_interval = interval;
4223 hdev->le_scan_window = window;
4224
4225 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4226
dd2ef8e2
AG		 4227 /* If background scan is running, restart it so new parameters are
4228 * loaded.
4229 */
4230 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4231 hdev->discovery.state == DISCOVERY_STOPPED) {
4232 struct hci_request req;
4233
4234 hci_req_init(&req, hdev);
4235
4236 hci_req_add_le_scan_disable(&req);
4237 hci_req_add_le_passive_scan(&req);
4238
4239 hci_req_run(&req, NULL);
4240 }
4241
14b49b9a
MH		 4242 hci_dev_unlock(hdev);
4243
4244 return err;
4245}
4246
33e38b3e
JH		 4247static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4248{
4249 struct pending_cmd *cmd;
4250
4251 BT_DBG("status 0x%02x", status);
4252
4253 hci_dev_lock(hdev);
4254
4255 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4256 if (!cmd)
4257 goto unlock;
4258
4259 if (status) {
4260 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4261 mgmt_status(status));
4262 } else {
1a4d3c4b
JH		 4263 struct mgmt_mode *cp = cmd->param;
4264
4265 if (cp->val)
4266 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4267 else
4268 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4269
33e38b3e
JH		 4270 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4271 new_settings(hdev, cmd->sk);
4272 }
4273
4274 mgmt_pending_remove(cmd);
4275
4276unlock:
4277 hci_dev_unlock(hdev);
4278}
4279
bdb6d971 4280static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4281 void *data, u16 len)
f6422ec6 4282{
650f726d 4283 struct mgmt_mode *cp = data;
33e38b3e
JH		 4284 struct pending_cmd *cmd;
4285 struct hci_request req;
f6422ec6
AJ		 4286 int err;
4287
bdb6d971 4288 BT_DBG("%s", hdev->name);
f6422ec6 4289
56f87901
JH		 4290 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4291 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4292 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4293 MGMT_STATUS_NOT_SUPPORTED);
4294
a7e80f25
JH		 4295 if (cp->val != 0x00 && cp->val != 0x01)
4296 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4297 MGMT_STATUS_INVALID_PARAMS);
4298
5400c044 4299 if (!hdev_is_powered(hdev))
bdb6d971 4300 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4301 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4302
4303 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4304 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4305 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4306
4307 hci_dev_lock(hdev);
4308
05cbf29f
JH		 4309 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4310 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4311 MGMT_STATUS_BUSY);
4312 goto unlock;
4313 }
4314
1a4d3c4b
JH		 4315 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4316 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4317 hdev);
4318 goto unlock;
4319 }
4320
33e38b3e
JH		 4321 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4322 data, len);
4323 if (!cmd) {
4324 err = -ENOMEM;
4325 goto unlock;
f6422ec6
AJ		 4326 }
4327
33e38b3e
JH		 4328 hci_req_init(&req, hdev);
4329
406d7804 4330 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4331
4332 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4333 if (err < 0) {
bdb6d971 4334 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4335 MGMT_STATUS_FAILED);
33e38b3e 4336 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4337 }
4338
33e38b3e 4339unlock:
f6422ec6 4340 hci_dev_unlock(hdev);
33e38b3e 4341
f6422ec6
AJ		 4342 return err;
4343}
4344
67e5a7a3
JH		 4345static void set_bredr_scan(struct hci_request *req)
4346{
4347 struct hci_dev *hdev = req->hdev;
4348 u8 scan = 0;
4349
4350 /* Ensure that fast connectable is disabled. This function will
4351 * not do anything if the page scan parameters are already what
4352 * they should be.
4353 */
4354 write_fast_connectable(req, false);
4355
4356 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4357 scan |= SCAN_PAGE;
4358 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4359 scan |= SCAN_INQUIRY;
4360
4361 if (scan)
4362 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4363}
4364
0663ca2a
JH		 4365static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4366{
4367 struct pending_cmd *cmd;
4368
4369 BT_DBG("status 0x%02x", status);
4370
4371 hci_dev_lock(hdev);
4372
4373 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4374 if (!cmd)
4375 goto unlock;
4376
4377 if (status) {
4378 u8 mgmt_err = mgmt_status(status);
4379
4380 /* We need to restore the flag if related HCI commands
4381 * failed.
4382 */
4383 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4384
4385 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4386 } else {
4387 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4388 new_settings(hdev, cmd->sk);
4389 }
4390
4391 mgmt_pending_remove(cmd);
4392
4393unlock:
4394 hci_dev_unlock(hdev);
4395}
4396
4397static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4398{
4399 struct mgmt_mode *cp = data;
4400 struct pending_cmd *cmd;
4401 struct hci_request req;
4402 int err;
4403
4404 BT_DBG("request for %s", hdev->name);
4405
4406 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4407 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4408 MGMT_STATUS_NOT_SUPPORTED);
4409
4410 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4411 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4412 MGMT_STATUS_REJECTED);
4413
4414 if (cp->val != 0x00 && cp->val != 0x01)
4415 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4416 MGMT_STATUS_INVALID_PARAMS);
4417
4418 hci_dev_lock(hdev);
4419
4420 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4421 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4422 goto unlock;
4423 }
4424
4425 if (!hdev_is_powered(hdev)) {
4426 if (!cp->val) {
0663ca2a
JH		 4427 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4428 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4429 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4430 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4431 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4432 }
4433
4434 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4435
4436 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4437 if (err < 0)
4438 goto unlock;
4439
4440 err = new_settings(hdev, sk);
4441 goto unlock;
4442 }
4443
4444 /* Reject disabling when powered on */
4445 if (!cp->val) {
4446 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4447 MGMT_STATUS_REJECTED);
4448 goto unlock;
4449 }
4450
4451 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4452 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4453 MGMT_STATUS_BUSY);
4454 goto unlock;
4455 }
4456
4457 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4458 if (!cmd) {
4459 err = -ENOMEM;
4460 goto unlock;
4461 }
4462
5947f4bc 4463 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4464 * generates the correct flags.
4465 */
4466 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4467
4468 hci_req_init(&req, hdev);
aa8af46e
JH		 4469
4470 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4471 set_bredr_scan(&req);
4472
f14d8f64
MH		 4473 /* Since only the advertising data flags will change, there
4474 * is no need to update the scan response data.
4475 */
5947f4bc 4476 update_adv_data(&req);
aa8af46e 4477
0663ca2a
JH		 4478 err = hci_req_run(&req, set_bredr_complete);
4479 if (err < 0)
4480 mgmt_pending_remove(cmd);
4481
4482unlock:
4483 hci_dev_unlock(hdev);
4484 return err;
4485}
4486
eac83dc6
MH		 4487static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4488 void *data, u16 len)
4489{
4490 struct mgmt_mode *cp = data;
4491 struct pending_cmd *cmd;
0ab04a9c 4492 u8 val, status;
eac83dc6
MH		 4493 int err;
4494
4495 BT_DBG("request for %s", hdev->name);
4496
4497 status = mgmt_bredr_support(hdev);
4498 if (status)
4499 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4500 status);
4501
5afeac14 4502 if (!lmp_sc_capable(hdev) &&
111902f7 4503 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4504 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4505 MGMT_STATUS_NOT_SUPPORTED);
4506
0ab04a9c 4507 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4508 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4509 MGMT_STATUS_INVALID_PARAMS);
4510
4511 hci_dev_lock(hdev);
4512
4513 if (!hdev_is_powered(hdev)) {
4514 bool changed;
4515
0ab04a9c 4516 if (cp->val) {
eac83dc6
MH		 4517 changed = !test_and_set_bit(HCI_SC_ENABLED,
4518 &hdev->dev_flags);
0ab04a9c
MH		 4519 if (cp->val == 0x02)
4520 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4521 else
4522 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4523 } else {
eac83dc6
MH		 4524 changed = test_and_clear_bit(HCI_SC_ENABLED,
4525 &hdev->dev_flags);
0ab04a9c
MH		 4526 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4527 }
eac83dc6
MH		 4528
4529 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4530 if (err < 0)
4531 goto failed;
4532
4533 if (changed)
4534 err = new_settings(hdev, sk);
4535
4536 goto failed;
4537 }
4538
4539 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4540 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4541 MGMT_STATUS_BUSY);
4542 goto failed;
4543 }
4544
0ab04a9c
MH		 4545 val = !!cp->val;
4546
4547 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4548 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4549 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4550 goto failed;
4551 }
4552
4553 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4554 if (!cmd) {
4555 err = -ENOMEM;
4556 goto failed;
4557 }
4558
0ab04a9c 4559 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4560 if (err < 0) {
4561 mgmt_pending_remove(cmd);
4562 goto failed;
4563 }
4564
0ab04a9c
MH		 4565 if (cp->val == 0x02)
4566 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4567 else
4568 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4569
eac83dc6
MH		 4570failed:
4571 hci_dev_unlock(hdev);
4572 return err;
4573}
4574
4e39ac81
MH		 4575static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4576 void *data, u16 len)
4577{
4578 struct mgmt_mode *cp = data;
b9710979 4579 bool changed, use_changed;
4e39ac81
MH		 4580 int err;
4581
4582 BT_DBG("request for %s", hdev->name);
4583
b9710979 4584 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4585 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4586 MGMT_STATUS_INVALID_PARAMS);
4587
4588 hci_dev_lock(hdev);
4589
4590 if (cp->val)
0663b297
JH		 4591 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4592 &hdev->dev_flags);
4e39ac81 4593 else
0663b297
JH		 4594 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4595 &hdev->dev_flags);
4e39ac81 4596
b9710979
JH		 4597 if (cp->val == 0x02)
4598 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4599 &hdev->dev_flags);
4600 else
4601 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4602 &hdev->dev_flags);
4603
4604 if (hdev_is_powered(hdev) && use_changed &&
4605 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4606 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4607 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4608 sizeof(mode), &mode);
4609 }
4610
4e39ac81
MH		 4611 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4612 if (err < 0)
4613 goto unlock;
4614
4615 if (changed)
4616 err = new_settings(hdev, sk);
4617
4618unlock:
4619 hci_dev_unlock(hdev);
4620 return err;
4621}
4622
62b04cd1
JH		 4623static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4624 u16 len)
4625{
4626 struct mgmt_cp_set_privacy *cp = cp_data;
4627 bool changed;
4628 int err;
4629
4630 BT_DBG("request for %s", hdev->name);
4631
4632 if (!lmp_le_capable(hdev))
4633 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4634 MGMT_STATUS_NOT_SUPPORTED);
4635
4636 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4637 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4638 MGMT_STATUS_INVALID_PARAMS);
4639
4640 if (hdev_is_powered(hdev))
4641 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4642 MGMT_STATUS_REJECTED);
4643
4644 hci_dev_lock(hdev);
4645
c21c0ea0
JH		 4646 /* If user space supports this command it is also expected to
4647 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4648 */
4649 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4650
62b04cd1
JH		 4651 if (cp->privacy) {
4652 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4653 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4654 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4655 } else {
4656 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4657 memset(hdev->irk, 0, sizeof(hdev->irk));
4658 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4659 }
4660
4661 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4662 if (err < 0)
4663 goto unlock;
4664
4665 if (changed)
4666 err = new_settings(hdev, sk);
4667
4668unlock:
4669 hci_dev_unlock(hdev);
4670 return err;
4671}
4672
41edf160
JH		 4673static bool irk_is_valid(struct mgmt_irk_info *irk)
4674{
4675 switch (irk->addr.type) {
4676 case BDADDR_LE_PUBLIC:
4677 return true;
4678
4679 case BDADDR_LE_RANDOM:
4680 /* Two most significant bits shall be set */
4681 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4682 return false;
4683 return true;
4684 }
4685
4686 return false;
4687}
4688
4689static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4690 u16 len)
4691{
4692 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4693 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4694 sizeof(struct mgmt_irk_info));
41edf160
JH		 4695 u16 irk_count, expected_len;
4696 int i, err;
4697
4698 BT_DBG("request for %s", hdev->name);
4699
4700 if (!lmp_le_capable(hdev))
4701 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4702 MGMT_STATUS_NOT_SUPPORTED);
4703
4704 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4705 if (irk_count > max_irk_count) {
4706 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4707 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4708 MGMT_STATUS_INVALID_PARAMS);
4709 }
41edf160
JH		 4710
4711 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4712 if (expected_len != len) {
4713 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4714 expected_len, len);
41edf160
JH		 4715 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4716 MGMT_STATUS_INVALID_PARAMS);
4717 }
4718
4719 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4720
4721 for (i = 0; i < irk_count; i++) {
4722 struct mgmt_irk_info *key = &cp->irks[i];
4723
4724 if (!irk_is_valid(key))
4725 return cmd_status(sk, hdev->id,
4726 MGMT_OP_LOAD_IRKS,
4727 MGMT_STATUS_INVALID_PARAMS);
4728 }
4729
4730 hci_dev_lock(hdev);
4731
4732 hci_smp_irks_clear(hdev);
4733
4734 for (i = 0; i < irk_count; i++) {
4735 struct mgmt_irk_info *irk = &cp->irks[i];
4736 u8 addr_type;
4737
4738 if (irk->addr.type == BDADDR_LE_PUBLIC)
4739 addr_type = ADDR_LE_DEV_PUBLIC;
4740 else
4741 addr_type = ADDR_LE_DEV_RANDOM;
4742
4743 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4744 BDADDR_ANY);
4745 }
4746
4747 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4748
4749 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4750
4751 hci_dev_unlock(hdev);
4752
4753 return err;
4754}
4755
3f706b72
JH		 4756static bool ltk_is_valid(struct mgmt_ltk_info *key)
4757{
4758 if (key->master != 0x00 && key->master != 0x01)
4759 return false;
490cb0b3
MH		 4760
4761 switch (key->addr.type) {
4762 case BDADDR_LE_PUBLIC:
4763 return true;
4764
4765 case BDADDR_LE_RANDOM:
4766 /* Two most significant bits shall be set */
4767 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4768 return false;
4769 return true;
4770 }
4771
4772 return false;
3f706b72
JH		 4773}
4774
bdb6d971 4775static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4776 void *cp_data, u16 len)
346af67b 4777{
346af67b 4778 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4779 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4780 sizeof(struct mgmt_ltk_info));
346af67b 4781 u16 key_count, expected_len;
715a5bf2 4782 int i, err;
346af67b 4783
cf99ba13
MH		 4784 BT_DBG("request for %s", hdev->name);
4785
4786 if (!lmp_le_capable(hdev))
4787 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4788 MGMT_STATUS_NOT_SUPPORTED);
4789
1f350c87 4790 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4791 if (key_count > max_key_count) {
4792 BT_ERR("load_ltks: too big key_count value %u", key_count);
4793 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4794 MGMT_STATUS_INVALID_PARAMS);
4795 }
346af67b
VCG		 4796
4797 expected_len = sizeof(*cp) + key_count *
4798 sizeof(struct mgmt_ltk_info);
4799 if (expected_len != len) {
4800 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4801 expected_len, len);
bdb6d971 4802 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4803 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4804 }
4805
bdb6d971 4806 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4807
54ad6d8a
JH		 4808 for (i = 0; i < key_count; i++) {
4809 struct mgmt_ltk_info *key = &cp->keys[i];
4810
3f706b72 4811 if (!ltk_is_valid(key))
54ad6d8a
JH		 4812 return cmd_status(sk, hdev->id,
4813 MGMT_OP_LOAD_LONG_TERM_KEYS,
4814 MGMT_STATUS_INVALID_PARAMS);
4815 }
4816
346af67b
VCG		 4817 hci_dev_lock(hdev);
4818
4819 hci_smp_ltks_clear(hdev);
4820
4821 for (i = 0; i < key_count; i++) {
4822 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4823 u8 type, addr_type, authenticated;
79d95a19
MH		 4824
4825 if (key->addr.type == BDADDR_LE_PUBLIC)
4826 addr_type = ADDR_LE_DEV_PUBLIC;
4827 else
4828 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4829
4830 if (key->master)
2ceba539 4831 type = SMP_LTK;
346af67b 4832 else
2ceba539 4833 type = SMP_LTK_SLAVE;
346af67b 4834
61b43357
JH		 4835 switch (key->type) {
4836 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4837 authenticated = 0x00;
61b43357
JH		 4838 break;
4839 case MGMT_LTK_AUTHENTICATED:
d7b25450 4840 authenticated = 0x01;
61b43357
JH		 4841 break;
4842 default:
4843 continue;
4844 }
d7b25450 4845
35d70271 4846 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4847 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4848 key->rand);
346af67b
VCG		 4849 }
4850
715a5bf2
JH		 4851 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4852 NULL, 0);
4853
346af67b 4854 hci_dev_unlock(hdev);
346af67b 4855
715a5bf2 4856 return err;
346af67b
VCG		 4857}
4858
dd983808
AK		 4859struct cmd_conn_lookup {
4860 struct hci_conn *conn;
4861 bool valid_tx_power;
4862 u8 mgmt_status;
4863};
4864
4865static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4866{
4867 struct cmd_conn_lookup *match = data;
4868 struct mgmt_cp_get_conn_info *cp;
4869 struct mgmt_rp_get_conn_info rp;
4870 struct hci_conn *conn = cmd->user_data;
4871
4872 if (conn != match->conn)
4873 return;
4874
4875 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4876
4877 memset(&rp, 0, sizeof(rp));
4878 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4879 rp.addr.type = cp->addr.type;
4880
4881 if (!match->mgmt_status) {
4882 rp.rssi = conn->rssi;
4883
eed5daf3 4884 if (match->valid_tx_power) {
dd983808 4885 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4886 rp.max_tx_power = conn->max_tx_power;
4887 } else {
dd983808 4888 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4889 rp.max_tx_power = HCI_TX_POWER_INVALID;
4890 }
dd983808
AK		 4891 }
4892
4893 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4894 match->mgmt_status, &rp, sizeof(rp));
4895
4896 hci_conn_drop(conn);
4897
4898 mgmt_pending_remove(cmd);
4899}
4900
4901static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4902{
4903 struct hci_cp_read_rssi *cp;
4904 struct hci_conn *conn;
4905 struct cmd_conn_lookup match;
4906 u16 handle;
4907
4908 BT_DBG("status 0x%02x", status);
4909
4910 hci_dev_lock(hdev);
4911
4912 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4913 * otherwise we assume it's not valid. At the moment we assume that
4914 * either both or none of current and max values are valid to keep code
4915 * simple.
dd983808
AK		 4916 */
4917 match.valid_tx_power = !status;
4918
4919 /* Commands sent in request are either Read RSSI or Read Transmit Power
4920 * Level so we check which one was last sent to retrieve connection
4921 * handle. Both commands have handle as first parameter so it's safe to
4922 * cast data on the same command struct.
4923 *
4924 * First command sent is always Read RSSI and we fail only if it fails.
4925 * In other case we simply override error to indicate success as we
4926 * already remembered if TX power value is actually valid.
4927 */
4928 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4929 if (!cp) {
4930 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4931 status = 0;
4932 }
4933
4934 if (!cp) {
4935 BT_ERR("invalid sent_cmd in response");
4936 goto unlock;
4937 }
4938
4939 handle = __le16_to_cpu(cp->handle);
4940 conn = hci_conn_hash_lookup_handle(hdev, handle);
4941 if (!conn) {
4942 BT_ERR("unknown handle (%d) in response", handle);
4943 goto unlock;
4944 }
4945
4946 match.conn = conn;
4947 match.mgmt_status = mgmt_status(status);
4948
4949 /* Cache refresh is complete, now reply for mgmt request for given
4950 * connection only.
4951 */
4952 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4953 get_conn_info_complete, &match);
4954
4955unlock:
4956 hci_dev_unlock(hdev);
4957}
4958
4959static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4960 u16 len)
4961{
4962 struct mgmt_cp_get_conn_info *cp = data;
4963 struct mgmt_rp_get_conn_info rp;
4964 struct hci_conn *conn;
4965 unsigned long conn_info_age;
4966 int err = 0;
4967
4968 BT_DBG("%s", hdev->name);
4969
4970 memset(&rp, 0, sizeof(rp));
4971 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4972 rp.addr.type = cp->addr.type;
4973
4974 if (!bdaddr_type_is_valid(cp->addr.type))
4975 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4976 MGMT_STATUS_INVALID_PARAMS,
4977 &rp, sizeof(rp));
4978
4979 hci_dev_lock(hdev);
4980
4981 if (!hdev_is_powered(hdev)) {
4982 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4983 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4984 goto unlock;
4985 }
4986
4987 if (cp->addr.type == BDADDR_BREDR)
4988 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4989 &cp->addr.bdaddr);
4990 else
4991 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4992
4993 if (!conn || conn->state != BT_CONNECTED) {
4994 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4995 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4996 goto unlock;
4997 }
4998
4999 /* To avoid client trying to guess when to poll again for information we
5000 * calculate conn info age as random value between min/max set in hdev.
5001 */
5002 conn_info_age = hdev->conn_info_min_age +
5003 prandom_u32_max(hdev->conn_info_max_age -
5004 hdev->conn_info_min_age);
5005
5006 /* Query controller to refresh cached values if they are too old or were
5007 * never read.
5008 */
f4e2dd53
AK		 5009 if (time_after(jiffies, conn->conn_info_timestamp +
5010 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5011 !conn->conn_info_timestamp) {
5012 struct hci_request req;
5013 struct hci_cp_read_tx_power req_txp_cp;
5014 struct hci_cp_read_rssi req_rssi_cp;
5015 struct pending_cmd *cmd;
5016
5017 hci_req_init(&req, hdev);
5018 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5019 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5020 &req_rssi_cp);
5021
f7faab0c
AK		 5022 /* For LE links TX power does not change thus we don't need to
5023 * query for it once value is known.
5024 */
5025 if (!bdaddr_type_is_le(cp->addr.type) ||
5026 conn->tx_power == HCI_TX_POWER_INVALID) {
5027 req_txp_cp.handle = cpu_to_le16(conn->handle);
5028 req_txp_cp.type = 0x00;
5029 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5030 sizeof(req_txp_cp), &req_txp_cp);
5031 }
dd983808 5032
eed5daf3
AK		 5033 /* Max TX power needs to be read only once per connection */
5034 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5035 req_txp_cp.handle = cpu_to_le16(conn->handle);
5036 req_txp_cp.type = 0x01;
5037 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5038 sizeof(req_txp_cp), &req_txp_cp);
5039 }
5040
dd983808
AK		 5041 err = hci_req_run(&req, conn_info_refresh_complete);
5042 if (err < 0)
5043 goto unlock;
5044
5045 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5046 data, len);
5047 if (!cmd) {
5048 err = -ENOMEM;
5049 goto unlock;
5050 }
5051
5052 hci_conn_hold(conn);
5053 cmd->user_data = conn;
5054
5055 conn->conn_info_timestamp = jiffies;
5056 } else {
5057 /* Cache is valid, just reply with values cached in hci_conn */
5058 rp.rssi = conn->rssi;
5059 rp.tx_power = conn->tx_power;
eed5daf3 5060 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5061
5062 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5063 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5064 }
5065
5066unlock:
5067 hci_dev_unlock(hdev);
5068 return err;
5069}
5070
95868426
JH		 5071static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5072{
5073 struct mgmt_cp_get_clock_info *cp;
5074 struct mgmt_rp_get_clock_info rp;
5075 struct hci_cp_read_clock *hci_cp;
5076 struct pending_cmd *cmd;
5077 struct hci_conn *conn;
5078
5079 BT_DBG("%s status %u", hdev->name, status);
5080
5081 hci_dev_lock(hdev);
5082
5083 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5084 if (!hci_cp)
5085 goto unlock;
5086
5087 if (hci_cp->which) {
5088 u16 handle = __le16_to_cpu(hci_cp->handle);
5089 conn = hci_conn_hash_lookup_handle(hdev, handle);
5090 } else {
5091 conn = NULL;
5092 }
5093
5094 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5095 if (!cmd)
5096 goto unlock;
5097
5098 cp = cmd->param;
5099
5100 memset(&rp, 0, sizeof(rp));
5101 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5102
5103 if (status)
5104 goto send_rsp;
5105
5106 rp.local_clock = cpu_to_le32(hdev->clock);
5107
5108 if (conn) {
5109 rp.piconet_clock = cpu_to_le32(conn->clock);
5110 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5111 }
5112
5113send_rsp:
5114 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5115 &rp, sizeof(rp));
5116 mgmt_pending_remove(cmd);
5117 if (conn)
5118 hci_conn_drop(conn);
5119
5120unlock:
5121 hci_dev_unlock(hdev);
5122}
5123
5124static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5125 u16 len)
5126{
5127 struct mgmt_cp_get_clock_info *cp = data;
5128 struct mgmt_rp_get_clock_info rp;
5129 struct hci_cp_read_clock hci_cp;
5130 struct pending_cmd *cmd;
5131 struct hci_request req;
5132 struct hci_conn *conn;
5133 int err;
5134
5135 BT_DBG("%s", hdev->name);
5136
5137 memset(&rp, 0, sizeof(rp));
5138 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5139 rp.addr.type = cp->addr.type;
5140
5141 if (cp->addr.type != BDADDR_BREDR)
5142 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5143 MGMT_STATUS_INVALID_PARAMS,
5144 &rp, sizeof(rp));
5145
5146 hci_dev_lock(hdev);
5147
5148 if (!hdev_is_powered(hdev)) {
5149 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5150 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5151 goto unlock;
5152 }
5153
5154 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5155 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5156 &cp->addr.bdaddr);
5157 if (!conn || conn->state != BT_CONNECTED) {
5158 err = cmd_complete(sk, hdev->id,
5159 MGMT_OP_GET_CLOCK_INFO,
5160 MGMT_STATUS_NOT_CONNECTED,
5161 &rp, sizeof(rp));
5162 goto unlock;
5163 }
5164 } else {
5165 conn = NULL;
5166 }
5167
5168 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5169 if (!cmd) {
5170 err = -ENOMEM;
5171 goto unlock;
5172 }
5173
5174 hci_req_init(&req, hdev);
5175
5176 memset(&hci_cp, 0, sizeof(hci_cp));
5177 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5178
5179 if (conn) {
5180 hci_conn_hold(conn);
5181 cmd->user_data = conn;
5182
5183 hci_cp.handle = cpu_to_le16(conn->handle);
5184 hci_cp.which = 0x01; /* Piconet clock */
5185 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5186 }
5187
5188 err = hci_req_run(&req, get_clock_info_complete);
5189 if (err < 0)
5190 mgmt_pending_remove(cmd);
5191
5192unlock:
5193 hci_dev_unlock(hdev);
5194 return err;
5195}
5196
8afef092
MH		 5197static void device_added(struct sock *sk, struct hci_dev *hdev,
5198 bdaddr_t *bdaddr, u8 type, u8 action)
5199{
5200 struct mgmt_ev_device_added ev;
5201
5202 bacpy(&ev.addr.bdaddr, bdaddr);
5203 ev.addr.type = type;
5204 ev.action = action;
5205
5206 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5207}
5208
2faade53
MH		 5209static int add_device(struct sock *sk, struct hci_dev *hdev,
5210 void *data, u16 len)
5211{
5212 struct mgmt_cp_add_device *cp = data;
5213 u8 auto_conn, addr_type;
5214 int err;
5215
5216 BT_DBG("%s", hdev->name);
5217
5218 if (!bdaddr_type_is_le(cp->addr.type) ||
5219 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5220 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5221 MGMT_STATUS_INVALID_PARAMS,
5222 &cp->addr, sizeof(cp->addr));
5223
5224 if (cp->action != 0x00 && cp->action != 0x01)
5225 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5226 MGMT_STATUS_INVALID_PARAMS,
5227 &cp->addr, sizeof(cp->addr));
5228
5229 hci_dev_lock(hdev);
5230
5231 if (cp->addr.type == BDADDR_LE_PUBLIC)
5232 addr_type = ADDR_LE_DEV_PUBLIC;
5233 else
5234 addr_type = ADDR_LE_DEV_RANDOM;
5235
5236 if (cp->action)
5237 auto_conn = HCI_AUTO_CONN_ALWAYS;
5238 else
a3451d27 5239 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5240
bf5b3c8b
MH		 5241 /* If the connection parameters don't exist for this device,
5242 * they will be created and configured with defaults.
5243 */
d06b50ce
MH		 5244 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5245 auto_conn) < 0) {
2faade53
MH		 5246 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5247 MGMT_STATUS_FAILED,
5248 &cp->addr, sizeof(cp->addr));
5249 goto unlock;
5250 }
5251
8afef092
MH		 5252 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5253
2faade53
MH		 5254 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5255 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5256
5257unlock:
5258 hci_dev_unlock(hdev);
5259 return err;
5260}
5261
8afef092
MH		 5262static void device_removed(struct sock *sk, struct hci_dev *hdev,
5263 bdaddr_t *bdaddr, u8 type)
5264{
5265 struct mgmt_ev_device_removed ev;
5266
5267 bacpy(&ev.addr.bdaddr, bdaddr);
5268 ev.addr.type = type;
5269
5270 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5271}
5272
2faade53
MH		 5273static int remove_device(struct sock *sk, struct hci_dev *hdev,
5274 void *data, u16 len)
5275{
5276 struct mgmt_cp_remove_device *cp = data;
5277 int err;
5278
5279 BT_DBG("%s", hdev->name);
5280
5281 hci_dev_lock(hdev);
5282
5283 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5284 struct hci_conn_params *params;
2faade53
MH		 5285 u8 addr_type;
5286
5287 if (!bdaddr_type_is_le(cp->addr.type)) {
5288 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5289 MGMT_STATUS_INVALID_PARAMS,
5290 &cp->addr, sizeof(cp->addr));
5291 goto unlock;
5292 }
5293
5294 if (cp->addr.type == BDADDR_LE_PUBLIC)
5295 addr_type = ADDR_LE_DEV_PUBLIC;
5296 else
5297 addr_type = ADDR_LE_DEV_RANDOM;
5298
c71593dd
JH		 5299 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5300 addr_type);
5301 if (!params) {
5302 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5303 MGMT_STATUS_INVALID_PARAMS,
5304 &cp->addr, sizeof(cp->addr));
5305 goto unlock;
5306 }
5307
5308 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5309 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5310 MGMT_STATUS_INVALID_PARAMS,
5311 &cp->addr, sizeof(cp->addr));
5312 goto unlock;
5313 }
5314
d1dbf12e 5315 list_del(&params->action);
c71593dd
JH		 5316 list_del(&params->list);
5317 kfree(params);
95305baa 5318 hci_update_background_scan(hdev);
8afef092
MH		 5319
5320 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5321 } else {
19de0825
JH		 5322 struct hci_conn_params *p, *tmp;
5323
2faade53
MH		 5324 if (cp->addr.type) {
5325 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5326 MGMT_STATUS_INVALID_PARAMS,
5327 &cp->addr, sizeof(cp->addr));
5328 goto unlock;
5329 }
5330
19de0825
JH		 5331 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5332 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5333 continue;
5334 device_removed(sk, hdev, &p->addr, p->addr_type);
5335 list_del(&p->action);
5336 list_del(&p->list);
5337 kfree(p);
5338 }
5339
5340 BT_DBG("All LE connection parameters were removed");
5341
5342 hci_update_background_scan(hdev);
2faade53
MH		 5343 }
5344
5345 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5346 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5347
5348unlock:
5349 hci_dev_unlock(hdev);
5350 return err;
5351}
5352
a26f3dcf
JH		 5353static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5354 u16 len)
5355{
5356 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5357 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5358 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5359 u16 param_count, expected_len;
5360 int i;
5361
5362 if (!lmp_le_capable(hdev))
5363 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5364 MGMT_STATUS_NOT_SUPPORTED);
5365
5366 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5367 if (param_count > max_param_count) {
5368 BT_ERR("load_conn_param: too big param_count value %u",
5369 param_count);
5370 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5371 MGMT_STATUS_INVALID_PARAMS);
5372 }
a26f3dcf
JH		 5373
5374 expected_len = sizeof(*cp) + param_count *
5375 sizeof(struct mgmt_conn_param);
5376 if (expected_len != len) {
5377 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5378 expected_len, len);
5379 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5380 MGMT_STATUS_INVALID_PARAMS);
5381 }
5382
5383 BT_DBG("%s param_count %u", hdev->name, param_count);
5384
5385 hci_dev_lock(hdev);
5386
5387 hci_conn_params_clear_disabled(hdev);
5388
5389 for (i = 0; i < param_count; i++) {
5390 struct mgmt_conn_param *param = &cp->params[i];
5391 struct hci_conn_params *hci_param;
5392 u16 min, max, latency, timeout;
5393 u8 addr_type;
5394
5395 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5396 param->addr.type);
5397
5398 if (param->addr.type == BDADDR_LE_PUBLIC) {
5399 addr_type = ADDR_LE_DEV_PUBLIC;
5400 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5401 addr_type = ADDR_LE_DEV_RANDOM;
5402 } else {
5403 BT_ERR("Ignoring invalid connection parameters");
5404 continue;
5405 }
5406
5407 min = le16_to_cpu(param->min_interval);
5408 max = le16_to_cpu(param->max_interval);
5409 latency = le16_to_cpu(param->latency);
5410 timeout = le16_to_cpu(param->timeout);
5411
5412 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5413 min, max, latency, timeout);
5414
5415 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5416 BT_ERR("Ignoring invalid connection parameters");
5417 continue;
5418 }
5419
5420 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5421 addr_type);
5422 if (!hci_param) {
5423 BT_ERR("Failed to add connection parameters");
5424 continue;
5425 }
5426
5427 hci_param->conn_min_interval = min;
5428 hci_param->conn_max_interval = max;
5429 hci_param->conn_latency = latency;
5430 hci_param->supervision_timeout = timeout;
5431 }
5432
5433 hci_dev_unlock(hdev);
5434
5435 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5436}
5437
dbece37a
MH		 5438static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5439 void *data, u16 len)
5440{
5441 struct mgmt_cp_set_external_config *cp = data;
5442 bool changed;
5443 int err;
5444
5445 BT_DBG("%s", hdev->name);
5446
5447 if (hdev_is_powered(hdev))
5448 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5449 MGMT_STATUS_REJECTED);
5450
5451 if (cp->config != 0x00 && cp->config != 0x01)
5452 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5453 MGMT_STATUS_INVALID_PARAMS);
5454
5455 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5456 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5457 MGMT_STATUS_NOT_SUPPORTED);
5458
5459 hci_dev_lock(hdev);
5460
5461 if (cp->config)
5462 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5463 &hdev->dev_flags);
5464 else
5465 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5466 &hdev->dev_flags);
5467
5468 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5469 if (err < 0)
5470 goto unlock;
5471
5472 if (!changed)
5473 goto unlock;
5474
f4537c04
MH		 5475 err = new_options(hdev, sk);
5476
dbece37a
MH		 5477 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5478 mgmt_index_removed(hdev);
d603b76b
MH		 5479
5480 if (test_and_change_bit(HCI_UNCONFIGURED, &hdev->dev_flags)) {
5481 set_bit(HCI_CONFIG, &hdev->dev_flags);
5482 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5483
5484 queue_work(hdev->req_workqueue, &hdev->power_on);
5485 } else {
5ea234d3 5486 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5487 mgmt_index_added(hdev);
5488 }
dbece37a
MH		 5489 }
5490
5491unlock:
5492 hci_dev_unlock(hdev);
5493 return err;
5494}
5495
9713c17b
MH		 5496static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5497 void *data, u16 len)
5498{
5499 struct mgmt_cp_set_public_address *cp = data;
5500 bool changed;
5501 int err;
5502
5503 BT_DBG("%s", hdev->name);
5504
5505 if (hdev_is_powered(hdev))
5506 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5507 MGMT_STATUS_REJECTED);
5508
5509 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
5510 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5511 MGMT_STATUS_INVALID_PARAMS);
5512
5513 if (!hdev->set_bdaddr)
5514 return cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5515 MGMT_STATUS_NOT_SUPPORTED);
5516
5517 hci_dev_lock(hdev);
5518
5519 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5520 bacpy(&hdev->public_addr, &cp->bdaddr);
5521
5522 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5523 if (err < 0)
5524 goto unlock;
5525
5526 if (!changed)
5527 goto unlock;
5528
5529 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5530 err = new_options(hdev, sk);
5531
5532 if (is_configured(hdev)) {
5533 mgmt_index_removed(hdev);
5534
5535 clear_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5536
5537 set_bit(HCI_CONFIG, &hdev->dev_flags);
5538 set_bit(HCI_AUTO_OFF, &hdev->dev_flags);
5539
5540 queue_work(hdev->req_workqueue, &hdev->power_on);
5541 }
5542
5543unlock:
5544 hci_dev_unlock(hdev);
5545 return err;
5546}
5547
2e3c35ea 5548static const struct mgmt_handler {
04124681
GP		 5549 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5550 u16 data_len);
be22b54e
JH		 5551 bool var_len;
5552 size_t data_len;
0f4e68cf
JH		 5553} mgmt_handlers[] = {
5554 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5555 { read_version, false, MGMT_READ_VERSION_SIZE },
5556 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5557 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5558 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5559 { set_powered, false, MGMT_SETTING_SIZE },
5560 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5561 { set_connectable, false, MGMT_SETTING_SIZE },
5562 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5563 { set_pairable, false, MGMT_SETTING_SIZE },
5564 { set_link_security, false, MGMT_SETTING_SIZE },
5565 { set_ssp, false, MGMT_SETTING_SIZE },
5566 { set_hs, false, MGMT_SETTING_SIZE },
5567 { set_le, false, MGMT_SETTING_SIZE },
5568 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5569 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5570 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5571 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5572 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5573 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5574 { disconnect, false, MGMT_DISCONNECT_SIZE },
5575 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5576 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5577 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5578 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5579 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5580 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5581 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5582 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5583 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5584 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5585 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5586 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5587 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5588 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5589 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5590 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5591 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5592 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5593 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5594 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5595 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5596 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5597 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5598 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5599 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5600 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5601 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5602 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5603 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5604 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5605 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5606 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5607 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5608 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5609 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5610 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
9713c17b 5611 { set_public_address, false, MGMT_SET_PUBLIC_ADDRESS_SIZE },
0f4e68cf
JH		 5612};
5613
0381101f
JH		 5614int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5615{
650f726d
VCG		 5616 void *buf;
5617 u8 *cp;
0381101f 5618 struct mgmt_hdr *hdr;
4e51eae9 5619 u16 opcode, index, len;
bdb6d971 5620 struct hci_dev *hdev = NULL;
2e3c35ea 5621 const struct mgmt_handler *handler;
0381101f
JH		 5622 int err;
5623
5624 BT_DBG("got %zu bytes", msglen);
5625
5626 if (msglen < sizeof(*hdr))
5627 return -EINVAL;
5628
e63a15ec 5629 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5630 if (!buf)
5631 return -ENOMEM;
5632
5633 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5634 err = -EFAULT;
5635 goto done;
5636 }
5637
650f726d 5638 hdr = buf;
1f350c87
MH		 5639 opcode = __le16_to_cpu(hdr->opcode);
5640 index = __le16_to_cpu(hdr->index);
5641 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5642
5643 if (len != msglen - sizeof(*hdr)) {
5644 err = -EINVAL;
5645 goto done;
5646 }
5647
0f4e68cf 5648 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5649 hdev = hci_dev_get(index);
5650 if (!hdev) {
5651 err = cmd_status(sk, index, opcode,
04124681 5652 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5653 goto done;
5654 }
0736cfa8 5655
cebf4cfd 5656 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
d603b76b 5657 test_bit(HCI_CONFIG, &hdev->dev_flags) ||
4a964404 5658 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5659 err = cmd_status(sk, index, opcode,
5660 MGMT_STATUS_INVALID_INDEX);
5661 goto done;
5662 }
42a9bc14
MH		 5663
5664 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a 5665 opcode != MGMT_OP_READ_CONFIG_INFO &&
9713c17b
MH		 5666 opcode != MGMT_OP_SET_EXTERNAL_CONFIG &&
5667 opcode != MGMT_OP_SET_PUBLIC_ADDRESS) {
42a9bc14
MH		 5668 err = cmd_status(sk, index, opcode,
5669 MGMT_STATUS_INVALID_INDEX);
5670 goto done;
5671 }
bdb6d971
JH		 5672 }
5673
0f4e68cf 5674 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5675 mgmt_handlers[opcode].func == NULL) {
0381101f 5676 BT_DBG("Unknown op %u", opcode);
ca69b795 5677 err = cmd_status(sk, index, opcode,
04124681 5678 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5679 goto done;
5680 }
5681
73d1df2a
MH		 5682 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5683 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5684 err = cmd_status(sk, index, opcode,
5685 MGMT_STATUS_INVALID_INDEX);
5686 goto done;
5687 }
5688
5689 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5690 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5691 err = cmd_status(sk, index, opcode,
04124681 5692 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5693 goto done;
0381101f
JH		 5694 }
5695
be22b54e
JH		 5696 handler = &mgmt_handlers[opcode];
5697
5698 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5699 (!handler->var_len && len != handler->data_len)) {
be22b54e 5700 err = cmd_status(sk, index, opcode,
04124681 5701 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5702 goto done;
5703 }
5704
0f4e68cf
JH		 5705 if (hdev)
5706 mgmt_init_hdev(sk, hdev);
5707
5708 cp = buf + sizeof(*hdr);
5709
be22b54e 5710 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5711 if (err < 0)
5712 goto done;
5713
0381101f
JH		 5714 err = msglen;
5715
5716done:
bdb6d971
JH		 5717 if (hdev)
5718 hci_dev_put(hdev);
5719
0381101f
JH		 5720 kfree(buf);
5721 return err;
5722}
c71e97bf 5723
bf6b56db 5724void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5725{
1514b892 5726 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5727 return;
bb4b2a9a 5728
0602a8ad
MH		 5729 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5730 return;
5731
5732 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5733 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5734 else
5735 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5736}
5737
bf6b56db 5738void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5739{
5f159032 5740 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5741
1514b892 5742 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5743 return;
bb4b2a9a 5744
0602a8ad
MH		 5745 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5746 return;
5747
744cf19e 5748 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5749
edd3896b
MH		 5750 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5751 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5752 else
5753 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5754}
5755
6046dc3e 5756/* This function requires the caller holds hdev->lock */
d7347f3c 5757static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5758{
5759 struct hci_conn_params *p;
5760
5761 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5762 /* Needed for AUTO_OFF case where might not "really"
5763 * have been powered off.
5764 */
5765 list_del_init(&p->action);
5766
5767 switch (p->auto_connect) {
5768 case HCI_AUTO_CONN_ALWAYS:
5769 list_add(&p->action, &hdev->pend_le_conns);
5770 break;
5771 case HCI_AUTO_CONN_REPORT:
5772 list_add(&p->action, &hdev->pend_le_reports);
5773 break;
5774 default:
5775 break;
c83ed19d 5776 }
6046dc3e 5777 }
c83ed19d 5778
c83ed19d 5779 hci_update_background_scan(hdev);
6046dc3e
AG		 5780}
5781
229ab39c
JH		 5782static void powered_complete(struct hci_dev *hdev, u8 status)
5783{
5784 struct cmd_lookup match = { NULL, hdev };
5785
5786 BT_DBG("status 0x%02x", status);
5787
5788 hci_dev_lock(hdev);
5789
d7347f3c 5790 restart_le_actions(hdev);
6046dc3e 5791
229ab39c
JH		 5792 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5793
5794 new_settings(hdev, match.sk);
5795
5796 hci_dev_unlock(hdev);
5797
5798 if (match.sk)
5799 sock_put(match.sk);
5800}
5801
70da6243 5802static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5803{
890ea898 5804 struct hci_request req;
70da6243 5805 u8 link_sec;
5add6af8 5806
890ea898
JH		 5807 hci_req_init(&req, hdev);
5808
70da6243
JH		 5809 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5810 !lmp_host_ssp_capable(hdev)) {
5811 u8 ssp = 1;
5e5282bb 5812
890ea898 5813 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5814 }
5add6af8 5815
c73eee91
JH		 5816 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5817 lmp_bredr_capable(hdev)) {
70da6243 5818 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5819
70da6243
JH		 5820 cp.le = 1;
5821 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5822
70da6243
JH		 5823 /* Check first if we already have the right
5824 * host state (host features set)
5825 */
5826 if (cp.le != lmp_host_le_capable(hdev) ||
5827 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5828 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5829 sizeof(cp), &cp);
70da6243 5830 }
3d1cbdd6 5831
d13eafce 5832 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5833 /* Make sure the controller has a good default for
5834 * advertising data. This also applies to the case
5835 * where BR/EDR was toggled during the AUTO_OFF phase.
5836 */
f14d8f64 5837 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5838 update_adv_data(&req);
f14d8f64
MH		 5839 update_scan_rsp_data(&req);
5840 }
441ad2d0 5841
bba3aa55
MH		 5842 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5843 enable_advertising(&req);
eeca6f89
JH		 5844 }
5845
70da6243
JH		 5846 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5847 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5848 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5849 sizeof(link_sec), &link_sec);
562fcc24 5850
70da6243 5851 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5852 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5853 set_bredr_scan(&req);
890ea898 5854 update_class(&req);
13928971 5855 update_name(&req);
890ea898 5856 update_eir(&req);
70da6243 5857 }
562fcc24 5858
229ab39c 5859 return hci_req_run(&req, powered_complete);
70da6243 5860}
562fcc24 5861
70da6243
JH		 5862int mgmt_powered(struct hci_dev *hdev, u8 powered)
5863{
5864 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5865 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5866 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5867 int err;
f0ff92fb 5868
70da6243
JH		 5869 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5870 return 0;
5871
70da6243 5872 if (powered) {
229ab39c
JH		 5873 if (powered_update_hci(hdev) == 0)
5874 return 0;
fe038884 5875
229ab39c
JH		 5876 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5877 &match);
5878 goto new_settings;
b24752fe
JH		 5879 }
5880
229ab39c
JH		 5881 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5882 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5883
5884 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5885 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5886 zero_cod, sizeof(zero_cod), NULL);
5887
5888new_settings:
beadb2bd 5889 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5890
5891 if (match.sk)
5892 sock_put(match.sk);
5893
7bb895d6 5894 return err;
5add6af8 5895}
73f22f62 5896
3eec705e 5897void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5898{
5899 struct pending_cmd *cmd;
5900 u8 status;
5901
5902 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5903 if (!cmd)
3eec705e 5904 return;
96570ffc
JH		 5905
5906 if (err == -ERFKILL)
5907 status = MGMT_STATUS_RFKILLED;
5908 else
5909 status = MGMT_STATUS_FAILED;
5910
3eec705e 5911 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5912
5913 mgmt_pending_remove(cmd);
96570ffc
JH		 5914}
5915
d1967ff8
MH		 5916void mgmt_discoverable_timeout(struct hci_dev *hdev)
5917{
5918 struct hci_request req;
d1967ff8
MH		 5919
5920 hci_dev_lock(hdev);
5921
5922 /* When discoverable timeout triggers, then just make sure
5923 * the limited discoverable flag is cleared. Even in the case
5924 * of a timeout triggered from general discoverable, it is
5925 * safe to unconditionally clear the flag.
5926 */
5927 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5928 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5929
5930 hci_req_init(&req, hdev);
4b580614
JH		 5931 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5932 u8 scan = SCAN_PAGE;
5933 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5934 sizeof(scan), &scan);
5935 }
d1967ff8 5936 update_class(&req);
9a43e25f 5937 update_adv_data(&req);
d1967ff8
MH		 5938 hci_req_run(&req, NULL);
5939
5940 hdev->discov_timeout = 0;
5941
9a43e25f
JH		 5942 new_settings(hdev, NULL);
5943
d1967ff8
MH		 5944 hci_dev_unlock(hdev);
5945}
5946
86a75645 5947void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5948{
86a75645 5949 bool changed;
73f22f62 5950
bfaf8c9f
JH		 5951 /* Nothing needed here if there's a pending command since that
5952 * commands request completion callback takes care of everything
5953 * necessary.
5954 */
5955 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5956 return;
bfaf8c9f 5957
bd107999
JH		 5958 /* Powering off may clear the scan mode - don't let that interfere */
5959 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5960 return;
5961
9a43e25f 5962 if (discoverable) {
86a75645 5963 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5964 } else {
5965 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5966 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5967 }
5968
5969 if (changed) {
5970 struct hci_request req;
5971
5972 /* In case this change in discoverable was triggered by
5973 * a disabling of connectable there could be a need to
5974 * update the advertising flags.
5975 */
5976 hci_req_init(&req, hdev);
5977 update_adv_data(&req);
5978 hci_req_run(&req, NULL);
73f22f62 5979
86a75645 5980 new_settings(hdev, NULL);
9a43e25f 5981 }
73f22f62 5982}
9fbcbb45 5983
a330916c 5984void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5985{
a330916c 5986 bool changed;
9fbcbb45 5987
d7b856f9
JH		 5988 /* Nothing needed here if there's a pending command since that
5989 * commands request completion callback takes care of everything
5990 * necessary.
5991 */
5992 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5993 return;
d7b856f9 5994
ce3f24cf
JH		 5995 /* Powering off may clear the scan mode - don't let that interfere */
5996 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5997 return;
5998
a330916c
MH		 5999 if (connectable)
6000 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
6001 else
6002 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 6003
beadb2bd 6004 if (changed)
a330916c 6005 new_settings(hdev, NULL);
9fbcbb45 6006}
55ed8ca1 6007
4796e8af 6008void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 6009{
ca69b795
JH		 6010 u8 mgmt_err = mgmt_status(status);
6011
2d7cee58 6012 if (scan & SCAN_PAGE)
744cf19e 6013 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 6014 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 6015
6016 if (scan & SCAN_INQUIRY)
744cf19e 6017 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 6018 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 6019}
6020
dc4a5ee2
MH		 6021void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6022 bool persistent)
55ed8ca1 6023{
86742e1e 6024 struct mgmt_ev_new_link_key ev;
55ed8ca1 6025
a492cd52 6026 memset(&ev, 0, sizeof(ev));
55ed8ca1 6027
a492cd52 6028 ev.store_hint = persistent;
d753fdc4 6029 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6030 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6031 ev.key.type = key->type;
9b3b4460 6032 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6033 ev.key.pin_len = key->pin_len;
55ed8ca1 6034
dc4a5ee2 6035 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6036}
f7520543 6037
d7b25450
JH		 6038static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6039{
6040 if (ltk->authenticated)
6041 return MGMT_LTK_AUTHENTICATED;
6042
6043 return MGMT_LTK_UNAUTHENTICATED;
6044}
6045
53ac6ab6 6046void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6047{
6048 struct mgmt_ev_new_long_term_key ev;
6049
6050 memset(&ev, 0, sizeof(ev));
6051
5192d301
MH		 6052 /* Devices using resolvable or non-resolvable random addresses
6053 * without providing an indentity resolving key don't require
6054 * to store long term keys. Their addresses will change the
6055 * next time around.
6056 *
6057 * Only when a remote device provides an identity address
6058 * make sure the long term key is stored. If the remote
6059 * identity is known, the long term keys are internally
6060 * mapped to the identity address. So allow static random
6061 * and public addresses here.
6062 */
ba74b666
JH		 6063 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6064 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6065 ev.store_hint = 0x00;
6066 else
53ac6ab6 6067 ev.store_hint = persistent;
ba74b666 6068
346af67b 6069 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6070 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6071 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6072 ev.key.enc_size = key->enc_size;
6073 ev.key.ediv = key->ediv;
fe39c7b2 6074 ev.key.rand = key->rand;
346af67b 6075
2ceba539 6076 if (key->type == SMP_LTK)
346af67b
VCG		 6077 ev.key.master = 1;
6078
346af67b
VCG		 6079 memcpy(ev.key.val, key->val, sizeof(key->val));
6080
083368f7 6081 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6082}
6083
95fbac8a
JH		 6084void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6085{
6086 struct mgmt_ev_new_irk ev;
6087
6088 memset(&ev, 0, sizeof(ev));
6089
bab6d1e5
MH		 6090 /* For identity resolving keys from devices that are already
6091 * using a public address or static random address, do not
6092 * ask for storing this key. The identity resolving key really
6093 * is only mandatory for devices using resovlable random
6094 * addresses.
6095 *
6096 * Storing all identity resolving keys has the downside that
6097 * they will be also loaded on next boot of they system. More
6098 * identity resolving keys, means more time during scanning is
6099 * needed to actually resolve these addresses.
6100 */
6101 if (bacmp(&irk->rpa, BDADDR_ANY))
6102 ev.store_hint = 0x01;
6103 else
6104 ev.store_hint = 0x00;
6105
95fbac8a
JH		 6106 bacpy(&ev.rpa, &irk->rpa);
6107 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6108 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6109 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6110
6111 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6112}
6113
53ac6ab6
MH		 6114void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6115 bool persistent)
7ee4ea36
MH		 6116{
6117 struct mgmt_ev_new_csrk ev;
6118
6119 memset(&ev, 0, sizeof(ev));
6120
6121 /* Devices using resolvable or non-resolvable random addresses
6122 * without providing an indentity resolving key don't require
6123 * to store signature resolving keys. Their addresses will change
6124 * the next time around.
6125 *
6126 * Only when a remote device provides an identity address
6127 * make sure the signature resolving key is stored. So allow
6128 * static random and public addresses here.
6129 */
6130 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6131 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6132 ev.store_hint = 0x00;
6133 else
53ac6ab6 6134 ev.store_hint = persistent;
7ee4ea36
MH		 6135
6136 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6137 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6138 ev.key.master = csrk->master;
6139 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6140
6141 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6142}
6143
ffb5a827 6144void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6145 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6146 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6147{
6148 struct mgmt_ev_new_conn_param ev;
6149
c103aea6
JH		 6150 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6151 return;
6152
ffb5a827
AG		 6153 memset(&ev, 0, sizeof(ev));
6154 bacpy(&ev.addr.bdaddr, bdaddr);
6155 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6156 ev.store_hint = store_hint;
ffb5a827
AG		 6157 ev.min_interval = cpu_to_le16(min_interval);
6158 ev.max_interval = cpu_to_le16(max_interval);
6159 ev.latency = cpu_to_le16(latency);
6160 ev.timeout = cpu_to_le16(timeout);
6161
6162 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6163}
6164
94933991
MH		 6165static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6166 u8 data_len)
6167{
6168 eir[eir_len++] = sizeof(type) + data_len;
6169 eir[eir_len++] = type;
6170 memcpy(&eir[eir_len], data, data_len);
6171 eir_len += data_len;
6172
6173 return eir_len;
6174}
6175
ecd90ae7
MH		 6176void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6177 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6178 u8 *dev_class)
f7520543 6179{
b644ba33
JH		 6180 char buf[512];
6181 struct mgmt_ev_device_connected *ev = (void *) buf;
6182 u16 eir_len = 0;
f7520543 6183
b644ba33 6184 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6185 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6186
c95f0ba7 6187 ev->flags = __cpu_to_le32(flags);
08c79b61 6188
b644ba33
JH		 6189 if (name_len > 0)
6190 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6191 name, name_len);
b644ba33
JH		 6192
6193 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6194 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6195 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6196
eb55ef07 6197 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6198
ecd90ae7
MH		 6199 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6200 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6201}
6202
8962ee74
JH		 6203static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6204{
c68fb7ff 6205 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6206 struct sock **sk = data;
a38528f1 6207 struct mgmt_rp_disconnect rp;
8962ee74 6208
88c3df13
JH		 6209 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6210 rp.addr.type = cp->addr.type;
8962ee74 6211
aee9b218 6212 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6213 sizeof(rp));
8962ee74
JH		 6214
6215 *sk = cmd->sk;
6216 sock_hold(*sk);
6217
a664b5bc 6218 mgmt_pending_remove(cmd);
8962ee74
JH		 6219}
6220
124f6e35 6221static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6222{
b1078ad0 6223 struct hci_dev *hdev = data;
124f6e35
JH		 6224 struct mgmt_cp_unpair_device *cp = cmd->param;
6225 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6226
6227 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6228 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6229 rp.addr.type = cp->addr.type;
a8a1d19e 6230
b1078ad0
JH		 6231 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6232
aee9b218 6233 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6234
6235 mgmt_pending_remove(cmd);
6236}
6237
9b80ec5e 6238void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6239 u8 link_type, u8 addr_type, u8 reason,
6240 bool mgmt_connected)
f7520543 6241{
f0d6a0ea 6242 struct mgmt_ev_device_disconnected ev;
8b064a3a 6243 struct pending_cmd *power_off;
8962ee74 6244 struct sock *sk = NULL;
8962ee74 6245
8b064a3a
JH		 6246 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6247 if (power_off) {
6248 struct mgmt_mode *cp = power_off->param;
6249
6250 /* The connection is still in hci_conn_hash so test for 1
6251 * instead of 0 to know if this is the last one.
6252 */
a3172b7e
JH		 6253 if (!cp->val && hci_conn_count(hdev) == 1) {
6254 cancel_delayed_work(&hdev->power_off);
8b064a3a 6255 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6256 }
8b064a3a
JH		 6257 }
6258
12d4a3b2
JH		 6259 if (!mgmt_connected)
6260 return;
6261
57eb776f
AG		 6262 if (link_type != ACL_LINK && link_type != LE_LINK)
6263 return;
6264
744cf19e 6265 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6266
f0d6a0ea
MA		 6267 bacpy(&ev.addr.bdaddr, bdaddr);
6268 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6269 ev.reason = reason;
f7520543 6270
9b80ec5e 6271 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6272
6273 if (sk)
d97dcb66 6274 sock_put(sk);
8962ee74 6275
124f6e35 6276 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6277 hdev);
8962ee74
JH		 6278}
6279
7892924c
MH		 6280void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6281 u8 link_type, u8 addr_type, u8 status)
8962ee74 6282{
3655bba8
AG		 6283 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6284 struct mgmt_cp_disconnect *cp;
88c3df13 6285 struct mgmt_rp_disconnect rp;
8962ee74 6286 struct pending_cmd *cmd;
8962ee74 6287
36a75f1b
JD		 6288 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6289 hdev);
6290
2e58ef3e 6291 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6292 if (!cmd)
7892924c 6293 return;
8962ee74 6294
3655bba8
AG		 6295 cp = cmd->param;
6296
6297 if (bacmp(bdaddr, &cp->addr.bdaddr))
6298 return;
6299
6300 if (cp->addr.type != bdaddr_type)
6301 return;
6302
88c3df13 6303 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6304 rp.addr.type = bdaddr_type;
37d9ef76 6305
7892924c
MH		 6306 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6307 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6308
a664b5bc 6309 mgmt_pending_remove(cmd);
f7520543 6310}
17d5c04c 6311
445608d0
MH		 6312void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6313 u8 addr_type, u8 status)
17d5c04c
JH		 6314{
6315 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6316 struct pending_cmd *power_off;
6317
6318 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6319 if (power_off) {
6320 struct mgmt_mode *cp = power_off->param;
6321
6322 /* The connection is still in hci_conn_hash so test for 1
6323 * instead of 0 to know if this is the last one.
6324 */
a3172b7e
JH		 6325 if (!cp->val && hci_conn_count(hdev) == 1) {
6326 cancel_delayed_work(&hdev->power_off);
c9910d0f 6327 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6328 }
c9910d0f 6329 }
17d5c04c 6330
4c659c39 6331 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6332 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6333 ev.status = mgmt_status(status);
17d5c04c 6334
445608d0 6335 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6336}
980e1a53 6337
ce0e4a0d 6338void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6339{
6340 struct mgmt_ev_pin_code_request ev;
6341
d8457698 6342 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6343 ev.addr.type = BDADDR_BREDR;
a770bb5a 6344 ev.secure = secure;
980e1a53 6345
ce0e4a0d 6346 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6347}
6348
e669cf80
MH		 6349void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6350 u8 status)
980e1a53
JH		 6351{
6352 struct pending_cmd *cmd;
ac56fb13 6353 struct mgmt_rp_pin_code_reply rp;
980e1a53 6354
2e58ef3e 6355 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6356 if (!cmd)
e669cf80 6357 return;
980e1a53 6358
d8457698 6359 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6360 rp.addr.type = BDADDR_BREDR;
ac56fb13 6361
e669cf80
MH		 6362 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6363 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6364
a664b5bc 6365 mgmt_pending_remove(cmd);
980e1a53
JH		 6366}
6367
3eb38528
MH		 6368void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6369 u8 status)
980e1a53
JH		 6370{
6371 struct pending_cmd *cmd;
ac56fb13 6372 struct mgmt_rp_pin_code_reply rp;
980e1a53 6373
2e58ef3e 6374 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6375 if (!cmd)
3eb38528 6376 return;
980e1a53 6377
d8457698 6378 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6379 rp.addr.type = BDADDR_BREDR;
ac56fb13 6380
3eb38528
MH		 6381 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6382 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6383
a664b5bc 6384 mgmt_pending_remove(cmd);
980e1a53 6385}
a5c29683 6386
744cf19e 6387int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6388 u8 link_type, u8 addr_type, u32 value,
04124681 6389 u8 confirm_hint)
a5c29683
JH		 6390{
6391 struct mgmt_ev_user_confirm_request ev;
6392
744cf19e 6393 BT_DBG("%s", hdev->name);
a5c29683 6394
272d90df 6395 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6396 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6397 ev.confirm_hint = confirm_hint;
39adbffe 6398 ev.value = cpu_to_le32(value);
a5c29683 6399
744cf19e 6400 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6401 NULL);
a5c29683
JH		 6402}
6403
272d90df 6404int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6405 u8 link_type, u8 addr_type)
604086b7
BG		 6406{
6407 struct mgmt_ev_user_passkey_request ev;
6408
6409 BT_DBG("%s", hdev->name);
6410
272d90df 6411 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6412 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6413
6414 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6415 NULL);
604086b7
BG		 6416}
6417
0df4c185 6418static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6419 u8 link_type, u8 addr_type, u8 status,
6420 u8 opcode)
a5c29683
JH		 6421{
6422 struct pending_cmd *cmd;
6423 struct mgmt_rp_user_confirm_reply rp;
6424 int err;
6425
2e58ef3e 6426 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6427 if (!cmd)
6428 return -ENOENT;
6429
272d90df 6430 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6431 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6432 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6433 &rp, sizeof(rp));
a5c29683 6434
a664b5bc 6435 mgmt_pending_remove(cmd);
a5c29683
JH		 6436
6437 return err;
6438}
6439
744cf19e 6440int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6441 u8 link_type, u8 addr_type, u8 status)
a5c29683 6442{
272d90df 6443 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6444 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6445}
6446
272d90df 6447int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6448 u8 link_type, u8 addr_type, u8 status)
a5c29683 6449{
272d90df 6450 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6451 status,
6452 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6453}
2a611692 6454
604086b7 6455int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6456 u8 link_type, u8 addr_type, u8 status)
604086b7 6457{
272d90df 6458 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6459 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6460}
6461
272d90df 6462int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6463 u8 link_type, u8 addr_type, u8 status)
604086b7 6464{
272d90df 6465 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6466 status,
6467 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6468}
6469
92a25256
JH		 6470int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6471 u8 link_type, u8 addr_type, u32 passkey,
6472 u8 entered)
6473{
6474 struct mgmt_ev_passkey_notify ev;
6475
6476 BT_DBG("%s", hdev->name);
6477
6478 bacpy(&ev.addr.bdaddr, bdaddr);
6479 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6480 ev.passkey = __cpu_to_le32(passkey);
6481 ev.entered = entered;
6482
6483 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6484}
6485
e546099c
MH		 6486void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6487 u8 addr_type, u8 status)
2a611692
JH		 6488{
6489 struct mgmt_ev_auth_failed ev;
6490
bab73cb6 6491 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6492 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6493 ev.status = mgmt_status(status);
2a611692 6494
e546099c 6495 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6496}
b312b161 6497
464996ae 6498void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6499{
6500 struct cmd_lookup match = { NULL, hdev };
464996ae 6501 bool changed;
33ef95ed
JH		 6502
6503 if (status) {
6504 u8 mgmt_err = mgmt_status(status);
6505 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6506 cmd_status_rsp, &mgmt_err);
464996ae 6507 return;
33ef95ed
JH		 6508 }
6509
464996ae
MH		 6510 if (test_bit(HCI_AUTH, &hdev->flags))
6511 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6512 &hdev->dev_flags);
6513 else
6514 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6515 &hdev->dev_flags);
47990ea0 6516
33ef95ed 6517 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6518 &match);
33ef95ed 6519
47990ea0 6520 if (changed)
464996ae 6521 new_settings(hdev, match.sk);
33ef95ed
JH		 6522
6523 if (match.sk)
6524 sock_put(match.sk);
33ef95ed
JH		 6525}
6526
890ea898 6527static void clear_eir(struct hci_request *req)
cacaf52f 6528{
890ea898 6529 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6530 struct hci_cp_write_eir cp;
6531
976eb20e 6532 if (!lmp_ext_inq_capable(hdev))
890ea898 6533 return;
cacaf52f 6534
c80da27e
JH		 6535 memset(hdev->eir, 0, sizeof(hdev->eir));
6536
cacaf52f
JH		 6537 memset(&cp, 0, sizeof(cp));
6538
890ea898 6539 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6540}
6541
3e248560 6542void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6543{
6544 struct cmd_lookup match = { NULL, hdev };
890ea898 6545 struct hci_request req;
c0ecddc2 6546 bool changed = false;
ed2c4ee3
JH		 6547
6548 if (status) {
6549 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6550
6551 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6552 &hdev->dev_flags)) {
6553 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6554 new_settings(hdev, NULL);
9ecb3e24 6555 }
c0ecddc2 6556
04124681
GP		 6557 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6558 &mgmt_err);
3e248560 6559 return;
c0ecddc2
JH		 6560 }
6561
6562 if (enable) {
9ecb3e24 6563 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6564 } else {
9ecb3e24
MH		 6565 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6566 if (!changed)
6567 changed = test_and_clear_bit(HCI_HS_ENABLED,
6568 &hdev->dev_flags);
6569 else
6570 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6571 }
6572
6573 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6574
c0ecddc2 6575 if (changed)
3e248560 6576 new_settings(hdev, match.sk);
ed2c4ee3 6577
5fc6ebb1 6578 if (match.sk)
ed2c4ee3
JH		 6579 sock_put(match.sk);
6580
890ea898
JH		 6581 hci_req_init(&req, hdev);
6582
3769972b
JH		 6583 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6584 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6585 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6586 sizeof(enable), &enable);
890ea898 6587 update_eir(&req);
3769972b 6588 } else {
890ea898 6589 clear_eir(&req);
3769972b 6590 }
890ea898
JH		 6591
6592 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6593}
6594
eac83dc6
MH		 6595void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6596{
6597 struct cmd_lookup match = { NULL, hdev };
6598 bool changed = false;
6599
6600 if (status) {
6601 u8 mgmt_err = mgmt_status(status);
6602
0ab04a9c
MH		 6603 if (enable) {
6604 if (test_and_clear_bit(HCI_SC_ENABLED,
6605 &hdev->dev_flags))
6606 new_settings(hdev, NULL);
6607 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6608 }
eac83dc6
MH		 6609
6610 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6611 cmd_status_rsp, &mgmt_err);
6612 return;
6613 }
6614
0ab04a9c 6615 if (enable) {
eac83dc6 6616 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6617 } else {
eac83dc6 6618 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6619 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6620 }
eac83dc6
MH		 6621
6622 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6623 settings_rsp, &match);
6624
6625 if (changed)
6626 new_settings(hdev, match.sk);
6627
6628 if (match.sk)
6629 sock_put(match.sk);
6630}
6631
92da6097 6632static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6633{
6634 struct cmd_lookup *match = data;
6635
90e70454
JH		 6636 if (match->sk == NULL) {
6637 match->sk = cmd->sk;
6638 sock_hold(match->sk);
6639 }
90e70454
JH		 6640}
6641
4e1b0245
MH		 6642void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6643 u8 status)
7f9a903c 6644{
90e70454 6645 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6646
92da6097
JH		 6647 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6648 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6649 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6650
6651 if (!status)
4e1b0245
MH		 6652 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6653 NULL);
90e70454
JH		 6654
6655 if (match.sk)
6656 sock_put(match.sk);
7f9a903c
MH		 6657}
6658
7667da34 6659void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6660{
b312b161 6661 struct mgmt_cp_set_local_name ev;
13928971 6662 struct pending_cmd *cmd;
28cc7bde 6663
13928971 6664 if (status)
7667da34 6665 return;
b312b161
JH		 6666
6667 memset(&ev, 0, sizeof(ev));
6668 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6669 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6670
2e58ef3e 6671 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6672 if (!cmd) {
6673 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6674
13928971
JH		 6675 /* If this is a HCI command related to powering on the
6676 * HCI dev don't send any mgmt signals.
6677 */
6678 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6679 return;
890ea898 6680 }
b312b161 6681
7667da34
MH		 6682 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6683 cmd ? cmd->sk : NULL);
b312b161 6684}
c35938b2 6685
4d2d2796
MH		 6686void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6687 u8 *randomizer192, u8 *hash256,
6688 u8 *randomizer256, u8 status)
c35938b2
SJ		 6689{
6690 struct pending_cmd *cmd;
c35938b2 6691
744cf19e 6692 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6693
2e58ef3e 6694 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6695 if (!cmd)
3edaf092 6696 return;
c35938b2
SJ		 6697
6698 if (status) {
3edaf092
MH		 6699 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6700 mgmt_status(status));
c35938b2 6701 } else {
4d2d2796
MH		 6702 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6703 hash256 && randomizer256) {
6704 struct mgmt_rp_read_local_oob_ext_data rp;
6705
6706 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6707 memcpy(rp.randomizer192, randomizer192,
6708 sizeof(rp.randomizer192));
c35938b2 6709
4d2d2796
MH		 6710 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6711 memcpy(rp.randomizer256, randomizer256,
6712 sizeof(rp.randomizer256));
c35938b2 6713
4d2d2796
MH		 6714 cmd_complete(cmd->sk, hdev->id,
6715 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6716 &rp, sizeof(rp));
6717 } else {
6718 struct mgmt_rp_read_local_oob_data rp;
6719
6720 memcpy(rp.hash, hash192, sizeof(rp.hash));
6721 memcpy(rp.randomizer, randomizer192,
6722 sizeof(rp.randomizer));
6723
6724 cmd_complete(cmd->sk, hdev->id,
6725 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6726 &rp, sizeof(rp));
6727 }
c35938b2
SJ		 6728 }
6729
6730 mgmt_pending_remove(cmd);
c35938b2 6731}
e17acd40 6732
901801b9 6733void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6734 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6735 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6736{
e319d2e7
JH		 6737 char buf[512];
6738 struct mgmt_ev_device_found *ev = (void *) buf;
1dc06093 6739 size_t ev_size;
e17acd40 6740
75ce208c
JH		 6741 /* Don't send events for a non-kernel initiated discovery. With
6742 * LE one exception is if we have pend_le_reports > 0 in which
6743 * case we're doing passive scanning and want these events.
6744 */
6745 if (!hci_discovery_active(hdev)) {
6746 if (link_type == ACL_LINK)
6747 return;
66f8455a 6748 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6749 return;
6750 }
12602d0c 6751
5d2e9fad
JH		 6752 /* Make sure that the buffer is big enough. The 5 extra bytes
6753 * are for the potential CoD field.
6754 */
6755 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6756 return;
7d262f86 6757
1dc06093
JH		 6758 memset(buf, 0, sizeof(buf));
6759
841c5644
JH		 6760 bacpy(&ev->addr.bdaddr, bdaddr);
6761 ev->addr.type = link_to_bdaddr(link_type, addr_type);
e319d2e7 6762 ev->rssi = rssi;
af58925c 6763 ev->flags = cpu_to_le32(flags);
e17acd40 6764
1dc06093 6765 if (eir_len > 0)
e319d2e7 6766 memcpy(ev->eir, eir, eir_len);
e17acd40 6767
1dc06093
JH		 6768 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6769 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6770 dev_class, 3);
1dc06093 6771
5d2e9fad
JH		 6772 if (scan_rsp_len > 0)
6773 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6774
6775 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6776 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6777
901801b9 6778 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6779}
a88a9652 6780
9cf12aee
MH		 6781void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6782 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6783{
b644ba33
JH		 6784 struct mgmt_ev_device_found *ev;
6785 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6786 u16 eir_len;
a88a9652 6787
b644ba33 6788 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6789
b644ba33
JH		 6790 memset(buf, 0, sizeof(buf));
6791
6792 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6793 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6794 ev->rssi = rssi;
6795
6796 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6797 name_len);
b644ba33 6798
eb55ef07 6799 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6800
9cf12aee 6801 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6802}
314b2381 6803
2f1e063b 6804void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6805{
f963e8e9 6806 struct mgmt_ev_discovering ev;
164a6e78
JH		 6807 struct pending_cmd *cmd;
6808
343fb145
AG		 6809 BT_DBG("%s discovering %u", hdev->name, discovering);
6810
164a6e78 6811 if (discovering)
2e58ef3e 6812 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6813 else
2e58ef3e 6814 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6815
6816 if (cmd != NULL) {
f808e166
JH		 6817 u8 type = hdev->discovery.type;
6818
04124681
GP		 6819 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6820 sizeof(type));
164a6e78
JH		 6821 mgmt_pending_remove(cmd);
6822 }
6823
f963e8e9
JH		 6824 memset(&ev, 0, sizeof(ev));
6825 ev.type = hdev->discovery.type;
6826 ev.discovering = discovering;
6827
2f1e063b 6828 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6829}
5e762444 6830
5976e608
MH		 6831static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6832{
6833 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 6834}
6835
6836void mgmt_reenable_advertising(struct hci_dev *hdev)
6837{
6838 struct hci_request req;
6839
5976e608
MH		 6840 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6841 return;
6842
6843 hci_req_init(&req, hdev);
6844 enable_advertising(&req);
0ec5ae84 6845 hci_req_run(&req, adv_enable_complete);
5976e608 6846}
Empty description
This page took 1.517536 seconds and 4 git commands to generate.