]> Git Repo - linux.git/blame - net/bluetooth/mgmt.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for local name in scan rsp
[linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
87510973 41#define MGMT_REVISION 13
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 106 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 107 MGMT_OP_READ_EXT_INFO,
e70bb2e8
JH		 108};
109
110static const u16 mgmt_events[] = {
111 MGMT_EV_CONTROLLER_ERROR,
112 MGMT_EV_INDEX_ADDED,
113 MGMT_EV_INDEX_REMOVED,
114 MGMT_EV_NEW_SETTINGS,
115 MGMT_EV_CLASS_OF_DEV_CHANGED,
116 MGMT_EV_LOCAL_NAME_CHANGED,
117 MGMT_EV_NEW_LINK_KEY,
118 MGMT_EV_NEW_LONG_TERM_KEY,
119 MGMT_EV_DEVICE_CONNECTED,
120 MGMT_EV_DEVICE_DISCONNECTED,
121 MGMT_EV_CONNECT_FAILED,
122 MGMT_EV_PIN_CODE_REQUEST,
123 MGMT_EV_USER_CONFIRM_REQUEST,
124 MGMT_EV_USER_PASSKEY_REQUEST,
125 MGMT_EV_AUTH_FAILED,
126 MGMT_EV_DEVICE_FOUND,
127 MGMT_EV_DISCOVERING,
128 MGMT_EV_DEVICE_BLOCKED,
129 MGMT_EV_DEVICE_UNBLOCKED,
130 MGMT_EV_DEVICE_UNPAIRED,
92a25256 131 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 132 MGMT_EV_NEW_IRK,
7ee4ea36 133 MGMT_EV_NEW_CSRK,
8afef092
MH		 134 MGMT_EV_DEVICE_ADDED,
135 MGMT_EV_DEVICE_REMOVED,
ffb5a827 136 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 137 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 138 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 139 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 140 MGMT_EV_EXT_INDEX_ADDED,
141 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 142 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 143 MGMT_EV_ADVERTISING_ADDED,
144 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 145 MGMT_EV_EXT_INFO_CHANGED,
e70bb2e8
JH		 146};
147
99c679ac
MH		 148static const u16 mgmt_untrusted_commands[] = {
149 MGMT_OP_READ_INDEX_LIST,
150 MGMT_OP_READ_INFO,
151 MGMT_OP_READ_UNCONF_INDEX_LIST,
152 MGMT_OP_READ_CONFIG_INFO,
153 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 154 MGMT_OP_READ_EXT_INFO,
99c679ac
MH		 155};
156
157static const u16 mgmt_untrusted_events[] = {
158 MGMT_EV_INDEX_ADDED,
159 MGMT_EV_INDEX_REMOVED,
160 MGMT_EV_NEW_SETTINGS,
161 MGMT_EV_CLASS_OF_DEV_CHANGED,
162 MGMT_EV_LOCAL_NAME_CHANGED,
163 MGMT_EV_UNCONF_INDEX_ADDED,
164 MGMT_EV_UNCONF_INDEX_REMOVED,
165 MGMT_EV_NEW_CONFIG_OPTIONS,
166 MGMT_EV_EXT_INDEX_ADDED,
167 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 168 MGMT_EV_EXT_INFO_CHANGED,
99c679ac
MH		 169};
170
17b02e62 171#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 172
d25b78e2
JH		 173#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
174 "\x00\x00\x00\x00\x00\x00\x00\x00"
175
ca69b795
JH		 176/* HCI to MGMT error code conversion table */
177static u8 mgmt_status_table[] = {
178 MGMT_STATUS_SUCCESS,
179 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
180 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
181 MGMT_STATUS_FAILED, /* Hardware Failure */
182 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
183 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 184 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 185 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
186 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
187 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
189 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
190 MGMT_STATUS_BUSY, /* Command Disallowed */
191 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
192 MGMT_STATUS_REJECTED, /* Rejected Security */
193 MGMT_STATUS_REJECTED, /* Rejected Personal */
194 MGMT_STATUS_TIMEOUT, /* Host Timeout */
195 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
196 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
197 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
198 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
199 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
200 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
201 MGMT_STATUS_BUSY, /* Repeated Attempts */
202 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
203 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
204 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
205 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
206 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
207 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
208 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
209 MGMT_STATUS_FAILED, /* Unspecified Error */
210 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
211 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
212 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
213 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
214 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
215 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
216 MGMT_STATUS_FAILED, /* Unit Link Key Used */
217 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
218 MGMT_STATUS_TIMEOUT, /* Instant Passed */
219 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
220 MGMT_STATUS_FAILED, /* Transaction Collision */
221 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
222 MGMT_STATUS_REJECTED, /* QoS Rejected */
223 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
224 MGMT_STATUS_REJECTED, /* Insufficient Security */
225 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
226 MGMT_STATUS_BUSY, /* Role Switch Pending */
227 MGMT_STATUS_FAILED, /* Slot Violation */
228 MGMT_STATUS_FAILED, /* Role Switch Failed */
229 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
230 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
231 MGMT_STATUS_BUSY, /* Host Busy Pairing */
232 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
233 MGMT_STATUS_BUSY, /* Controller Busy */
234 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
235 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
236 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
237 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
238 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
239};
240
241static u8 mgmt_status(u8 hci_status)
242{
243 if (hci_status < ARRAY_SIZE(mgmt_status_table))
244 return mgmt_status_table[hci_status];
245
246 return MGMT_STATUS_FAILED;
247}
248
c08b1a1d
MH		 249static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
250 u16 len, int flag)
f9207338 251{
c08b1a1d
MH		 252 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
253 flag, NULL);
f9207338
MH		 254}
255
72000df2
MH		 256static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
257 u16 len, int flag, struct sock *skip_sk)
258{
259 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
260 flag, skip_sk);
261}
262
7a00ff44
JH		 263static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
264 struct sock *skip_sk)
265{
266 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 267 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 268}
269
85813a7e
JH		 270static u8 le_addr_type(u8 mgmt_addr_type)
271{
272 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
273 return ADDR_LE_DEV_PUBLIC;
274 else
275 return ADDR_LE_DEV_RANDOM;
276}
277
03c979c4
MH		 278void mgmt_fill_version_info(void *ver)
279{
280 struct mgmt_rp_read_version *rp = ver;
281
282 rp->version = MGMT_VERSION;
283 rp->revision = cpu_to_le16(MGMT_REVISION);
284}
285
04124681
GP		 286static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
287 u16 data_len)
a38528f1
JH		 288{
289 struct mgmt_rp_read_version rp;
290
291 BT_DBG("sock %p", sk);
292
03c979c4 293 mgmt_fill_version_info(&rp);
a38528f1 294
2a1afb5a
JH		 295 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
296 &rp, sizeof(rp));
a38528f1
JH		 297}
298
04124681
GP		 299static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
300 u16 data_len)
e70bb2e8
JH		 301{
302 struct mgmt_rp_read_commands *rp;
99c679ac 303 u16 num_commands, num_events;
e70bb2e8
JH		 304 size_t rp_size;
305 int i, err;
306
307 BT_DBG("sock %p", sk);
308
99c679ac
MH		 309 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
310 num_commands = ARRAY_SIZE(mgmt_commands);
311 num_events = ARRAY_SIZE(mgmt_events);
312 } else {
313 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
314 num_events = ARRAY_SIZE(mgmt_untrusted_events);
315 }
316
e70bb2e8
JH		 317 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
318
319 rp = kmalloc(rp_size, GFP_KERNEL);
320 if (!rp)
321 return -ENOMEM;
322
dcf4adbf
JP		 323 rp->num_commands = cpu_to_le16(num_commands);
324 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 325
99c679ac
MH		 326 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
327 __le16 *opcode = rp->opcodes;
328
329 for (i = 0; i < num_commands; i++, opcode++)
330 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 331
99c679ac
MH		 332 for (i = 0; i < num_events; i++, opcode++)
333 put_unaligned_le16(mgmt_events[i], opcode);
334 } else {
335 __le16 *opcode = rp->opcodes;
336
337 for (i = 0; i < num_commands; i++, opcode++)
338 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
339
340 for (i = 0; i < num_events; i++, opcode++)
341 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
342 }
e70bb2e8 343
2a1afb5a
JH		 344 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
345 rp, rp_size);
e70bb2e8
JH		 346 kfree(rp);
347
348 return err;
349}
350
04124681
GP		 351static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
352 u16 data_len)
faba42eb 353{
faba42eb 354 struct mgmt_rp_read_index_list *rp;
8035ded4 355 struct hci_dev *d;
a38528f1 356 size_t rp_len;
faba42eb 357 u16 count;
476e44cb 358 int err;
faba42eb
JH		 359
360 BT_DBG("sock %p", sk);
361
362 read_lock(&hci_dev_list_lock);
363
364 count = 0;
bb4b2a9a 365 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 366 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 367 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 368 count++;
faba42eb
JH		 369 }
370
a38528f1
JH		 371 rp_len = sizeof(*rp) + (2 * count);
372 rp = kmalloc(rp_len, GFP_ATOMIC);
373 if (!rp) {
b2c60d42 374 read_unlock(&hci_dev_list_lock);
faba42eb 375 return -ENOMEM;
b2c60d42 376 }
faba42eb 377
476e44cb 378 count = 0;
8035ded4 379 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 380 if (hci_dev_test_flag(d, HCI_SETUP) ||
381 hci_dev_test_flag(d, HCI_CONFIG) ||
382 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 383 continue;
384
73d1df2a
MH		 385 /* Devices marked as raw-only are neither configured
386 * nor unconfigured controllers.
387 */
388 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 389 continue;
390
ca8bee5d 391 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 392 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 393 rp->index[count++] = cpu_to_le16(d->id);
394 BT_DBG("Added hci%u", d->id);
395 }
faba42eb
JH		 396 }
397
476e44cb
JH		 398 rp->num_controllers = cpu_to_le16(count);
399 rp_len = sizeof(*rp) + (2 * count);
400
faba42eb
JH		 401 read_unlock(&hci_dev_list_lock);
402
2a1afb5a
JH		 403 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
404 0, rp, rp_len);
faba42eb 405
a38528f1
JH		 406 kfree(rp);
407
408 return err;
faba42eb
JH		 409}
410
73d1df2a
MH		 411static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
412 void *data, u16 data_len)
413{
414 struct mgmt_rp_read_unconf_index_list *rp;
415 struct hci_dev *d;
416 size_t rp_len;
417 u16 count;
418 int err;
419
420 BT_DBG("sock %p", sk);
421
422 read_lock(&hci_dev_list_lock);
423
424 count = 0;
425 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 426 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 427 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 428 count++;
429 }
430
431 rp_len = sizeof(*rp) + (2 * count);
432 rp = kmalloc(rp_len, GFP_ATOMIC);
433 if (!rp) {
434 read_unlock(&hci_dev_list_lock);
435 return -ENOMEM;
436 }
437
438 count = 0;
439 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 440 if (hci_dev_test_flag(d, HCI_SETUP) ||
441 hci_dev_test_flag(d, HCI_CONFIG) ||
442 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 443 continue;
444
445 /* Devices marked as raw-only are neither configured
446 * nor unconfigured controllers.
447 */
448 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
449 continue;
450
ca8bee5d 451 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 452 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 453 rp->index[count++] = cpu_to_le16(d->id);
454 BT_DBG("Added hci%u", d->id);
455 }
456 }
457
458 rp->num_controllers = cpu_to_le16(count);
459 rp_len = sizeof(*rp) + (2 * count);
460
461 read_unlock(&hci_dev_list_lock);
462
2a1afb5a
JH		 463 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
464 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 465
466 kfree(rp);
467
468 return err;
469}
470
96f1474a
MH		 471static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
472 void *data, u16 data_len)
473{
474 struct mgmt_rp_read_ext_index_list *rp;
475 struct hci_dev *d;
476 size_t rp_len;
477 u16 count;
478 int err;
479
480 BT_DBG("sock %p", sk);
481
482 read_lock(&hci_dev_list_lock);
483
484 count = 0;
485 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 486 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 487 count++;
488 }
489
490 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
491 rp = kmalloc(rp_len, GFP_ATOMIC);
492 if (!rp) {
493 read_unlock(&hci_dev_list_lock);
494 return -ENOMEM;
495 }
496
497 count = 0;
498 list_for_each_entry(d, &hci_dev_list, list) {
499 if (hci_dev_test_flag(d, HCI_SETUP) ||
500 hci_dev_test_flag(d, HCI_CONFIG) ||
501 hci_dev_test_flag(d, HCI_USER_CHANNEL))
502 continue;
503
504 /* Devices marked as raw-only are neither configured
505 * nor unconfigured controllers.
506 */
507 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
508 continue;
509
ca8bee5d 510 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 511 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
512 rp->entry[count].type = 0x01;
513 else
514 rp->entry[count].type = 0x00;
515 } else if (d->dev_type == HCI_AMP) {
516 rp->entry[count].type = 0x02;
517 } else {
518 continue;
519 }
520
521 rp->entry[count].bus = d->bus;
522 rp->entry[count++].index = cpu_to_le16(d->id);
523 BT_DBG("Added hci%u", d->id);
524 }
525
526 rp->num_controllers = cpu_to_le16(count);
527 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
528
529 read_unlock(&hci_dev_list_lock);
530
531 /* If this command is called at least once, then all the
532 * default index and unconfigured index events are disabled
533 * and from now on only extended index events are used.
534 */
535 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
536 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
538
539 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
540 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
541
542 kfree(rp);
543
544 return err;
545}
546
dbece37a
MH		 547static bool is_configured(struct hci_dev *hdev)
548{
549 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 550 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 551 return false;
552
553 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
554 !bacmp(&hdev->public_addr, BDADDR_ANY))
555 return false;
556
557 return true;
558}
559
89bc22d2
MH		 560static __le32 get_missing_options(struct hci_dev *hdev)
561{
562 u32 options = 0;
563
dbece37a 564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 565 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 566 options |= MGMT_OPTION_EXTERNAL_CONFIG;
567
89bc22d2
MH		 568 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
569 !bacmp(&hdev->public_addr, BDADDR_ANY))
570 options |= MGMT_OPTION_PUBLIC_ADDRESS;
571
572 return cpu_to_le32(options);
573}
574
f4537c04
MH		 575static int new_options(struct hci_dev *hdev, struct sock *skip)
576{
577 __le32 options = get_missing_options(hdev);
578
5504c3a3
MH		 579 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
580 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 581}
582
dbece37a
MH		 583static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
584{
585 __le32 options = get_missing_options(hdev);
586
2a1afb5a
JH		 587 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
588 sizeof(options));
dbece37a
MH		 589}
590
9fc3bfb6
MH		 591static int read_config_info(struct sock *sk, struct hci_dev *hdev,
592 void *data, u16 data_len)
593{
594 struct mgmt_rp_read_config_info rp;
89bc22d2 595 u32 options = 0;
9fc3bfb6
MH		 596
597 BT_DBG("sock %p %s", sk, hdev->name);
598
599 hci_dev_lock(hdev);
600
601 memset(&rp, 0, sizeof(rp));
602 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 603
eb1904f4
MH		 604 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
605 options |= MGMT_OPTION_EXTERNAL_CONFIG;
606
9fc3bfb6 607 if (hdev->set_bdaddr)
89bc22d2
MH		 608 options |= MGMT_OPTION_PUBLIC_ADDRESS;
609
610 rp.supported_options = cpu_to_le32(options);
611 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 612
613 hci_dev_unlock(hdev);
614
2a1afb5a
JH		 615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
616 &rp, sizeof(rp));
9fc3bfb6
MH		 617}
618
69ab39ea
JH		 619static u32 get_supported_settings(struct hci_dev *hdev)
620{
621 u32 settings = 0;
622
623 settings |= MGMT_SETTING_POWERED;
b2939475 624 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 625 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 626 settings |= MGMT_SETTING_CONNECTABLE;
627 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 628
ed3fa31f 629 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 630 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
631 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 632 settings |= MGMT_SETTING_BREDR;
633 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 634
635 if (lmp_ssp_capable(hdev)) {
636 settings |= MGMT_SETTING_SSP;
637 settings |= MGMT_SETTING_HS;
638 }
e98d2ce2 639
05b3c3e7 640 if (lmp_sc_capable(hdev))
e98d2ce2 641 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 642 }
d7b7e796 643
eeca6f89 644 if (lmp_le_capable(hdev)) {
9d42820f 645 settings |= MGMT_SETTING_LE;
eeca6f89 646 settings |= MGMT_SETTING_ADVERTISING;
a3209694 647 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 648 settings |= MGMT_SETTING_PRIVACY;
93690c22 649 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 650 }
69ab39ea 651
eb1904f4
MH		 652 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
653 hdev->set_bdaddr)
9fc3bfb6
MH		 654 settings |= MGMT_SETTING_CONFIGURATION;
655
69ab39ea
JH		 656 return settings;
657}
658
659static u32 get_current_settings(struct hci_dev *hdev)
660{
661 u32 settings = 0;
662
f1f0eb02 663 if (hdev_is_powered(hdev))
f0d4b78a
MH		 664 settings |= MGMT_SETTING_POWERED;
665
d7a5a11d 666 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 667 settings |= MGMT_SETTING_CONNECTABLE;
668
d7a5a11d 669 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 670 settings |= MGMT_SETTING_FAST_CONNECTABLE;
671
d7a5a11d 672 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 673 settings |= MGMT_SETTING_DISCOVERABLE;
674
d7a5a11d 675 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 676 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 677
d7a5a11d 678 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 679 settings |= MGMT_SETTING_BREDR;
680
d7a5a11d 681 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 682 settings |= MGMT_SETTING_LE;
683
d7a5a11d 684 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 685 settings |= MGMT_SETTING_LINK_SECURITY;
686
d7a5a11d 687 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 688 settings |= MGMT_SETTING_SSP;
689
d7a5a11d 690 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 691 settings |= MGMT_SETTING_HS;
692
d7a5a11d 693 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 694 settings |= MGMT_SETTING_ADVERTISING;
695
d7a5a11d 696 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 697 settings |= MGMT_SETTING_SECURE_CONN;
698
d7a5a11d 699 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 700 settings |= MGMT_SETTING_DEBUG_KEYS;
701
d7a5a11d 702 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 703 settings |= MGMT_SETTING_PRIVACY;
704
93690c22
MH		 705 /* The current setting for static address has two purposes. The
706 * first is to indicate if the static address will be used and
707 * the second is to indicate if it is actually set.
708 *
709 * This means if the static address is not configured, this flag
08dc0e98 710 * will never be set. If the address is configured, then if the
93690c22
MH		 711 * address is actually used decides if the flag is set or not.
712 *
713 * For single mode LE only controllers and dual-mode controllers
714 * with BR/EDR disabled, the existence of the static address will
715 * be evaluated.
716 */
b7cb93e5 717 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 718 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 719 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
720 if (bacmp(&hdev->static_addr, BDADDR_ANY))
721 settings |= MGMT_SETTING_STATIC_ADDRESS;
722 }
723
69ab39ea
JH		 724 return settings;
725}
726
333ae95d
JH		 727static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
728{
729 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
730}
731
333ae95d
JH		 732static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
733 struct hci_dev *hdev,
734 const void *data)
735{
736 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
737}
738
f2252570 739u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 740{
3b0602cd 741 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 742
743 /* If there's a pending mgmt command the flags will not yet have
744 * their final values, so check for this first.
745 */
333ae95d 746 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 747 if (cmd) {
748 struct mgmt_mode *cp = cmd->param;
749 if (cp->val == 0x01)
750 return LE_AD_GENERAL;
751 else if (cp->val == 0x02)
752 return LE_AD_LIMITED;
753 } else {
d7a5a11d 754 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 755 return LE_AD_LIMITED;
d7a5a11d 756 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 757 return LE_AD_GENERAL;
758 }
759
760 return 0;
761}
762
f2252570 763bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 764{
765 struct mgmt_pending_cmd *cmd;
441ad2d0 766
fdf51784
AU		 767 /* If there's a pending mgmt command the flag will not yet have
768 * it's final value, so check for this first.
769 */
770 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
771 if (cmd) {
772 struct mgmt_mode *cp = cmd->param;
441ad2d0 773
fdf51784 774 return cp->val;
441ad2d0
MH		 775 }
776
fdf51784
AU		 777 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
778}
441ad2d0 779
7d78525d
JH		 780static void service_cache_off(struct work_struct *work)
781{
782 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 783 service_cache.work);
890ea898 784 struct hci_request req;
7d78525d 785
a69d8927 786 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 787 return;
788
890ea898
JH		 789 hci_req_init(&req, hdev);
790
7d78525d
JH		 791 hci_dev_lock(hdev);
792
b1a8917c 793 __hci_req_update_eir(&req);
14bf5eac 794 __hci_req_update_class(&req);
7d78525d
JH		 795
796 hci_dev_unlock(hdev);
890ea898
JH		 797
798 hci_req_run(&req, NULL);
7d78525d
JH		 799}
800
d6bfd59c
JH		 801static void rpa_expired(struct work_struct *work)
802{
803 struct hci_dev *hdev = container_of(work, struct hci_dev,
804 rpa_expired.work);
805 struct hci_request req;
806
807 BT_DBG("");
808
a1536da2 809 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 810
d7a5a11d 811 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 812 return;
813
814 /* The generation of a new RPA and programming it into the
f2252570
JH		 815 * controller happens in the hci_req_enable_advertising()
816 * function.
d6bfd59c 817 */
d6bfd59c 818 hci_req_init(&req, hdev);
f2252570 819 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 820 hci_req_run(&req, NULL);
821}
822
6a919082 823static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 824{
238be788 825 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 826 return;
827
4f87da80 828 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 829 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 830
4f87da80
JH		 831 /* Non-mgmt controlled devices get this bit set
832 * implicitly so that pairing works for them, however
833 * for mgmt we require user-space to explicitly enable
834 * it
835 */
a358dc11 836 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 837}
838
0f4e68cf 839static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 840 void *data, u16 data_len)
0381101f 841{
a38528f1 842 struct mgmt_rp_read_info rp;
f7b64e69 843
bdb6d971 844 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 845
09fd0de5 846 hci_dev_lock(hdev);
f7b64e69 847
dc4fe30b
JH		 848 memset(&rp, 0, sizeof(rp));
849
69ab39ea 850 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 851
69ab39ea 852 rp.version = hdev->hci_ver;
eb55ef07 853 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 854
855 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
856 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 857
a38528f1 858 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 859
dc4fe30b 860 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 861 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 862
09fd0de5 863 hci_dev_unlock(hdev);
0381101f 864
2a1afb5a
JH		 865 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
866 sizeof(rp));
0381101f
JH		 867}
868
8a0c9f49
MN		 869static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
870 u8 data_len)
871{
872 eir[eir_len++] = sizeof(type) + data_len;
873 eir[eir_len++] = type;
874 memcpy(&eir[eir_len], data, data_len);
875 eir_len += data_len;
876
877 return eir_len;
878}
879
321c6fee
MH		 880static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
881 void *data, u16 data_len)
882{
8a0c9f49
MN		 883 struct mgmt_rp_read_ext_info *rp;
884 char buff[512];
885 u16 eir_len = 0;
886 u8 name_len;
321c6fee
MH		 887
888 BT_DBG("sock %p %s", sk, hdev->name);
889
890 hci_dev_lock(hdev);
891
8a0c9f49
MN		 892 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
893 eir_len = eir_append_data(buff, eir_len,
894 EIR_CLASS_OF_DEV,
895 hdev->dev_class, 3);
321c6fee 896
8a0c9f49
MN		 897 name_len = strlen(hdev->dev_name);
898 eir_len = eir_append_data(buff, eir_len, EIR_NAME_COMPLETE,
899 hdev->dev_name, name_len);
321c6fee 900
8a0c9f49
MN		 901 name_len = strlen(hdev->short_name);
902 eir_len = eir_append_data(buff, eir_len, EIR_NAME_SHORT,
903 hdev->short_name, name_len);
321c6fee 904
3e36ca48 905 rp = kzalloc(sizeof(*rp) + eir_len, GFP_KERNEL);
8a0c9f49
MN		 906 if (!rp)
907 return -ENOMEM;
908
8a0c9f49
MN		 909 rp->eir_len = cpu_to_le16(eir_len);
910 memcpy(rp->eir, buff, eir_len);
911
912 bacpy(&rp->bdaddr, &hdev->bdaddr);
321c6fee 913
8a0c9f49
MN		 914 rp->version = hdev->hci_ver;
915 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
916
917 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
918 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
321c6fee
MH		 919
920 hci_dev_unlock(hdev);
921
922 /* If this command is called at least once, then the events
923 * for class of device and local name changes are disabled
924 * and only the new extended controller information event
925 * is used.
926 */
927 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
928 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
929 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
930
8a0c9f49
MN		 931 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
932 sizeof(*rp) + eir_len);
321c6fee
MH		 933}
934
935static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
936{
937 struct mgmt_ev_ext_info_changed ev;
938
939 ev.eir_len = cpu_to_le16(0);
940
941 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, &ev,
942 sizeof(ev), HCI_MGMT_EXT_INFO_EVENTS, skip);
943}
944
69ab39ea 945static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 946{
69ab39ea 947 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 948
2a1afb5a
JH		 949 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
950 sizeof(settings));
8680570b
JH		 951}
952
1904a853 953static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 954{
955 BT_DBG("%s status 0x%02x", hdev->name, status);
956
a3172b7e
JH		 957 if (hci_conn_count(hdev) == 0) {
958 cancel_delayed_work(&hdev->power_off);
8b064a3a 959 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 960 }
8b064a3a
JH		 961}
962
f2252570 963void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 964{
965 struct mgmt_ev_advertising_added ev;
966
967 ev.instance = instance;
968
969 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
970}
971
f2252570
JH		 972void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
973 u8 instance)
912098a6
AU		 974{
975 struct mgmt_ev_advertising_removed ev;
976
977 ev.instance = instance;
978
979 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
980}
981
7816b820
FG		 982static void cancel_adv_timeout(struct hci_dev *hdev)
983{
984 if (hdev->adv_instance_timeout) {
985 hdev->adv_instance_timeout = 0;
986 cancel_delayed_work(&hdev->adv_instance_expire);
987 }
988}
989
8b064a3a
JH		 990static int clean_up_hci_state(struct hci_dev *hdev)
991{
992 struct hci_request req;
993 struct hci_conn *conn;
23a48093
JH		 994 bool discov_stopped;
995 int err;
8b064a3a
JH		 996
997 hci_req_init(&req, hdev);
998
999 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1000 test_bit(HCI_PSCAN, &hdev->flags)) {
1001 u8 scan = 0x00;
1002 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1003 }
1004
37d3a1fa 1005 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
912098a6 1006
d7a5a11d 1007 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1008 __hci_req_disable_advertising(&req);
8b064a3a 1009
2154d3f4 1010 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1011
1012 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1013 /* 0x15 == Terminated due to Power Off */
1014 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1015 }
1016
23a48093
JH		 1017 err = hci_req_run(&req, clean_up_hci_complete);
1018 if (!err && discov_stopped)
1019 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1020
1021 return err;
8b064a3a
JH		 1022}
1023
bdb6d971 1024static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1025 u16 len)
eec8d2bc 1026{
650f726d 1027 struct mgmt_mode *cp = data;
3b0602cd 1028 struct mgmt_pending_cmd *cmd;
4b34ee78 1029 int err;
eec8d2bc 1030
bdb6d971 1031 BT_DBG("request for %s", hdev->name);
eec8d2bc 1032
a7e80f25 1033 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1035 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1036
09fd0de5 1037 hci_dev_lock(hdev);
eec8d2bc 1038
333ae95d 1039 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1040 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1041 MGMT_STATUS_BUSY);
87b95ba6
JH		 1042 goto failed;
1043 }
1044
4b34ee78 1045 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1046 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1047 goto failed;
1048 }
1049
2e58ef3e 1050 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1051 if (!cmd) {
1052 err = -ENOMEM;
eec8d2bc 1053 goto failed;
366a0336 1054 }
eec8d2bc 1055
8b064a3a 1056 if (cp->val) {
19202573 1057 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1058 err = 0;
1059 } else {
1060 /* Disconnect connections, stop scans, etc */
1061 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1062 if (!err)
1063 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1064 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1065
8b064a3a
JH		 1066 /* ENODATA means there were no HCI commands queued */
1067 if (err == -ENODATA) {
a3172b7e 1068 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1069 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1070 err = 0;
1071 }
1072 }
eec8d2bc
JH		 1073
1074failed:
09fd0de5 1075 hci_dev_unlock(hdev);
366a0336 1076 return err;
eec8d2bc
JH		 1077}
1078
beadb2bd
JH		 1079static int new_settings(struct hci_dev *hdev, struct sock *skip)
1080{
f6b7712e 1081 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1082
5504c3a3
MH		 1083 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1084 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
beadb2bd
JH		 1085}
1086
91a668b0
JH		 1087int mgmt_new_settings(struct hci_dev *hdev)
1088{
1089 return new_settings(hdev, NULL);
1090}
1091
bd99abdd
JH		 1092struct cmd_lookup {
1093 struct sock *sk;
1094 struct hci_dev *hdev;
1095 u8 mgmt_status;
1096};
1097
3b0602cd 1098static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1099{
1100 struct cmd_lookup *match = data;
1101
1102 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1103
1104 list_del(&cmd->list);
1105
1106 if (match->sk == NULL) {
1107 match->sk = cmd->sk;
1108 sock_hold(match->sk);
1109 }
1110
1111 mgmt_pending_free(cmd);
1112}
1113
3b0602cd 1114static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1115{
1116 u8 *status = data;
1117
a69e8375 1118 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1119 mgmt_pending_remove(cmd);
1120}
1121
3b0602cd 1122static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1123{
1124 if (cmd->cmd_complete) {
1125 u8 *status = data;
1126
1127 cmd->cmd_complete(cmd, *status);
1128 mgmt_pending_remove(cmd);
1129
1130 return;
1131 }
1132
1133 cmd_status_rsp(cmd, data);
1134}
1135
3b0602cd 1136static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1137{
2a1afb5a
JH		 1138 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1139 cmd->param, cmd->param_len);
f5818c22
JH		 1140}
1141
3b0602cd 1142static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1143{
2a1afb5a
JH		 1144 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1145 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1146}
1147
e6fe7986
JH		 1148static u8 mgmt_bredr_support(struct hci_dev *hdev)
1149{
1150 if (!lmp_bredr_capable(hdev))
1151 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1152 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1153 return MGMT_STATUS_REJECTED;
1154 else
1155 return MGMT_STATUS_SUCCESS;
1156}
1157
1158static u8 mgmt_le_support(struct hci_dev *hdev)
1159{
1160 if (!lmp_le_capable(hdev))
1161 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1162 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1163 return MGMT_STATUS_REJECTED;
1164 else
1165 return MGMT_STATUS_SUCCESS;
1166}
1167
aed1a885 1168void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1169{
3b0602cd 1170 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1171
1172 BT_DBG("status 0x%02x", status);
1173
1174 hci_dev_lock(hdev);
1175
333ae95d 1176 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1177 if (!cmd)
1178 goto unlock;
1179
1180 if (status) {
1181 u8 mgmt_err = mgmt_status(status);
a69e8375 1182 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1183 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1184 goto remove_cmd;
1185 }
1186
aed1a885
JH		 1187 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1188 hdev->discov_timeout > 0) {
1189 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1190 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1191 }
bfaf8c9f
JH		 1192
1193 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1194 new_settings(hdev, cmd->sk);
970ba524 1195
bfaf8c9f
JH		 1196remove_cmd:
1197 mgmt_pending_remove(cmd);
1198
1199unlock:
1200 hci_dev_unlock(hdev);
1201}
1202
bdb6d971 1203static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1204 u16 len)
73f22f62 1205{
650f726d 1206 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1207 struct mgmt_pending_cmd *cmd;
5e5282bb 1208 u16 timeout;
73f22f62
JH		 1209 int err;
1210
bdb6d971 1211 BT_DBG("request for %s", hdev->name);
73f22f62 1212
d7a5a11d
MH		 1213 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1214 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1215 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1216 MGMT_STATUS_REJECTED);
33c525c0 1217
310a3d48 1218 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1219 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1220 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1221
1f350c87 1222 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1223
1224 /* Disabling discoverable requires that no timeout is set,
1225 * and enabling limited discoverable requires a timeout.
1226 */
1227 if ((cp->val == 0x00 && timeout > 0) ||
1228 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1229 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1230 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1231
09fd0de5 1232 hci_dev_lock(hdev);
73f22f62 1233
5e5282bb 1234 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1235 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1236 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1237 goto failed;
1238 }
1239
333ae95d
JH		 1240 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1241 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1242 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1243 MGMT_STATUS_BUSY);
73f22f62
JH		 1244 goto failed;
1245 }
1246
d7a5a11d 1247 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1248 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1249 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1250 goto failed;
1251 }
1252
1253 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1254 bool changed = false;
1255
310a3d48
MH		 1256 /* Setting limited discoverable when powered off is
1257 * not a valid operation since it requires a timeout
1258 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1259 */
d7a5a11d 1260 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1261 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1262 changed = true;
1263 }
1264
5e5282bb 1265 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1266 if (err < 0)
1267 goto failed;
1268
1269 if (changed)
1270 err = new_settings(hdev, sk);
1271
5e5282bb
JH		 1272 goto failed;
1273 }
1274
310a3d48
MH		 1275 /* If the current mode is the same, then just update the timeout
1276 * value with the new value. And if only the timeout gets updated,
1277 * then no need for any HCI transactions.
1278 */
d7a5a11d
MH		 1279 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1280 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1281 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1282 cancel_delayed_work(&hdev->discov_off);
1283 hdev->discov_timeout = timeout;
955638ec 1284
36261547
MH		 1285 if (cp->val && hdev->discov_timeout > 0) {
1286 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1287 queue_delayed_work(hdev->req_workqueue,
1288 &hdev->discov_off, to);
955638ec
MH		 1289 }
1290
69ab39ea 1291 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1292 goto failed;
1293 }
1294
2e58ef3e 1295 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1296 if (!cmd) {
1297 err = -ENOMEM;
73f22f62 1298 goto failed;
366a0336 1299 }
73f22f62 1300
310a3d48
MH		 1301 /* Cancel any potential discoverable timeout that might be
1302 * still active and store new timeout value. The arming of
1303 * the timeout happens in the complete handler.
1304 */
1305 cancel_delayed_work(&hdev->discov_off);
1306 hdev->discov_timeout = timeout;
1307
aed1a885
JH		 1308 if (cp->val)
1309 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1310 else
1311 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1312
b456f87c
JH		 1313 /* Limited discoverable mode */
1314 if (cp->val == 0x02)
a1536da2 1315 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1316 else
a358dc11 1317 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1318
aed1a885
JH		 1319 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1320 err = 0;
73f22f62
JH		 1321
1322failed:
09fd0de5 1323 hci_dev_unlock(hdev);
73f22f62
JH		 1324 return err;
1325}
1326
53c0ba74 1327void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1328{
3b0602cd 1329 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1330
1331 BT_DBG("status 0x%02x", status);
1332
1333 hci_dev_lock(hdev);
1334
333ae95d 1335 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1336 if (!cmd)
1337 goto unlock;
1338
37438c1f
JH		 1339 if (status) {
1340 u8 mgmt_err = mgmt_status(status);
a69e8375 1341 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1342 goto remove_cmd;
1343 }
1344
2b76f453 1345 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1346 new_settings(hdev, cmd->sk);
d7b856f9 1347
37438c1f 1348remove_cmd:
2b76f453
JH		 1349 mgmt_pending_remove(cmd);
1350
1351unlock:
1352 hci_dev_unlock(hdev);
1353}
1354
e8ba3a1f
JH		 1355static int set_connectable_update_settings(struct hci_dev *hdev,
1356 struct sock *sk, u8 val)
1357{
1358 bool changed = false;
1359 int err;
1360
d7a5a11d 1361 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1362 changed = true;
1363
1364 if (val) {
a1536da2 1365 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1366 } else {
a358dc11
MH		 1367 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1368 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1369 }
1370
1371 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1372 if (err < 0)
1373 return err;
1374
562064e6 1375 if (changed) {
01b1cb87 1376 hci_req_update_scan(hdev);
562064e6 1377 hci_update_background_scan(hdev);
e8ba3a1f 1378 return new_settings(hdev, sk);
562064e6 1379 }
e8ba3a1f
JH		 1380
1381 return 0;
1382}
1383
bdb6d971 1384static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1385 u16 len)
9fbcbb45 1386{
650f726d 1387 struct mgmt_mode *cp = data;
3b0602cd 1388 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1389 int err;
1390
bdb6d971 1391 BT_DBG("request for %s", hdev->name);
9fbcbb45 1392
d7a5a11d
MH		 1393 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1394 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1395 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1396 MGMT_STATUS_REJECTED);
33c525c0 1397
a7e80f25 1398 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1399 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1400 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1401
09fd0de5 1402 hci_dev_lock(hdev);
9fbcbb45 1403
4b34ee78 1404 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1405 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1406 goto failed;
1407 }
1408
333ae95d
JH		 1409 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1410 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1411 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1412 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1413 goto failed;
1414 }
1415
2e58ef3e 1416 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1417 if (!cmd) {
1418 err = -ENOMEM;
9fbcbb45 1419 goto failed;
366a0336 1420 }
9fbcbb45 1421
53c0ba74
JH		 1422 if (cp->val) {
1423 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1424 } else {
1425 if (hdev->discov_timeout > 0)
1426 cancel_delayed_work(&hdev->discov_off);
2b76f453 1427
53c0ba74
JH		 1428 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1429 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1430 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1431 }
2b76f453 1432
53c0ba74
JH		 1433 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1434 err = 0;
9fbcbb45
JH		 1435
1436failed:
09fd0de5 1437 hci_dev_unlock(hdev);
9fbcbb45
JH		 1438 return err;
1439}
1440
b2939475 1441static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1442 u16 len)
c542a06c 1443{
650f726d 1444 struct mgmt_mode *cp = data;
55594356 1445 bool changed;
c542a06c
JH		 1446 int err;
1447
bdb6d971 1448 BT_DBG("request for %s", hdev->name);
c542a06c 1449
a7e80f25 1450 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1451 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1452 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1453
09fd0de5 1454 hci_dev_lock(hdev);
c542a06c
JH		 1455
1456 if (cp->val)
238be788 1457 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1458 else
a69d8927 1459 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1460
b2939475 1461 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1462 if (err < 0)
55594356 1463 goto unlock;
c542a06c 1464
82a37ade
JH		 1465 if (changed) {
1466 /* In limited privacy mode the change of bondable mode
1467 * may affect the local advertising address.
1468 */
1469 if (hdev_is_powered(hdev) &&
1470 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1471 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1472 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1473 queue_work(hdev->req_workqueue,
1474 &hdev->discoverable_update);
1475
55594356 1476 err = new_settings(hdev, sk);
82a37ade 1477 }
c542a06c 1478
55594356 1479unlock:
09fd0de5 1480 hci_dev_unlock(hdev);
c542a06c
JH		 1481 return err;
1482}
1483
04124681
GP		 1484static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1485 u16 len)
33ef95ed
JH		 1486{
1487 struct mgmt_mode *cp = data;
3b0602cd 1488 struct mgmt_pending_cmd *cmd;
e6fe7986 1489 u8 val, status;
33ef95ed
JH		 1490 int err;
1491
bdb6d971 1492 BT_DBG("request for %s", hdev->name);
33ef95ed 1493
e6fe7986
JH		 1494 status = mgmt_bredr_support(hdev);
1495 if (status)
a69e8375
JH		 1496 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1497 status);
33c525c0 1498
a7e80f25 1499 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1500 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1501 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1502
33ef95ed
JH		 1503 hci_dev_lock(hdev);
1504
4b34ee78 1505 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1506 bool changed = false;
1507
d7a5a11d 1508 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1509 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1510 changed = true;
1511 }
1512
1513 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1514 if (err < 0)
1515 goto failed;
1516
1517 if (changed)
1518 err = new_settings(hdev, sk);
1519
33ef95ed
JH		 1520 goto failed;
1521 }
1522
333ae95d 1523 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1524 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1525 MGMT_STATUS_BUSY);
33ef95ed
JH		 1526 goto failed;
1527 }
1528
1529 val = !!cp->val;
1530
1531 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1532 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1533 goto failed;
1534 }
1535
1536 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1537 if (!cmd) {
1538 err = -ENOMEM;
1539 goto failed;
1540 }
1541
1542 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1543 if (err < 0) {
1544 mgmt_pending_remove(cmd);
1545 goto failed;
1546 }
1547
1548failed:
1549 hci_dev_unlock(hdev);
33ef95ed
JH		 1550 return err;
1551}
1552
bdb6d971 1553static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1554{
1555 struct mgmt_mode *cp = data;
3b0602cd 1556 struct mgmt_pending_cmd *cmd;
72ef0c1a 1557 u8 status;
ed2c4ee3
JH		 1558 int err;
1559
bdb6d971 1560 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1561
cdba5281
MH		 1562 status = mgmt_bredr_support(hdev);
1563 if (status)
a69e8375 1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1565
13ecd8b6 1566 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1567 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1568 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1569
a7e80f25 1570 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1571 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1572 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1573
13ecd8b6 1574 hci_dev_lock(hdev);
6c8f12c1 1575
4b34ee78 1576 if (!hdev_is_powered(hdev)) {
9ecb3e24 1577 bool changed;
c0ecddc2 1578
9ecb3e24 1579 if (cp->val) {
238be788
MH		 1580 changed = !hci_dev_test_and_set_flag(hdev,
1581 HCI_SSP_ENABLED);
9ecb3e24 1582 } else {
a69d8927
MH		 1583 changed = hci_dev_test_and_clear_flag(hdev,
1584 HCI_SSP_ENABLED);
9ecb3e24 1585 if (!changed)
a69d8927
MH		 1586 changed = hci_dev_test_and_clear_flag(hdev,
1587 HCI_HS_ENABLED);
9ecb3e24 1588 else
a358dc11 1589 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1590 }
1591
1592 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1593 if (err < 0)
1594 goto failed;
1595
1596 if (changed)
1597 err = new_settings(hdev, sk);
1598
ed2c4ee3
JH		 1599 goto failed;
1600 }
1601
333ae95d 1602 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1603 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1604 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1605 goto failed;
1606 }
1607
d7a5a11d 1608 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1609 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1610 goto failed;
1611 }
1612
1613 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1614 if (!cmd) {
1615 err = -ENOMEM;
1616 goto failed;
1617 }
1618
d7a5a11d 1619 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1620 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1621 sizeof(cp->val), &cp->val);
1622
72ef0c1a 1623 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1624 if (err < 0) {
1625 mgmt_pending_remove(cmd);
1626 goto failed;
1627 }
1628
1629failed:
1630 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1631 return err;
1632}
1633
bdb6d971 1634static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1635{
1636 struct mgmt_mode *cp = data;
ee392693 1637 bool changed;
e6fe7986 1638 u8 status;
ee392693 1639 int err;
6d80dfd0 1640
bdb6d971 1641 BT_DBG("request for %s", hdev->name);
6d80dfd0 1642
e6fe7986
JH		 1643 status = mgmt_bredr_support(hdev);
1644 if (status)
a69e8375 1645 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1646
9ecb3e24 1647 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1648 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1649 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1650
d7a5a11d 1651 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1652 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1653 MGMT_STATUS_REJECTED);
9ecb3e24 1654
a7e80f25 1655 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1656 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1657 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1658
ee392693
MH		 1659 hci_dev_lock(hdev);
1660
333ae95d 1661 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1662 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1663 MGMT_STATUS_BUSY);
a2cb01de
JH		 1664 goto unlock;
1665 }
1666
a0cdf960 1667 if (cp->val) {
238be788 1668 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1669 } else {
1670 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1671 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1672 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1673 goto unlock;
1674 }
1675
a69d8927 1676 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1677 }
ee392693
MH		 1678
1679 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1680 if (err < 0)
1681 goto unlock;
1682
1683 if (changed)
1684 err = new_settings(hdev, sk);
6d80dfd0 1685
ee392693
MH		 1686unlock:
1687 hci_dev_unlock(hdev);
1688 return err;
6d80dfd0
JH		 1689}
1690
1904a853 1691static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1692{
1693 struct cmd_lookup match = { NULL, hdev };
1694
3ad67582
JK		 1695 hci_dev_lock(hdev);
1696
416a4ae5
JH		 1697 if (status) {
1698 u8 mgmt_err = mgmt_status(status);
1699
1700 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1701 &mgmt_err);
3ad67582 1702 goto unlock;
416a4ae5
JH		 1703 }
1704
1705 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1706
1707 new_settings(hdev, match.sk);
1708
1709 if (match.sk)
1710 sock_put(match.sk);
441ad2d0
MH		 1711
1712 /* Make sure the controller has a good default for
1713 * advertising data. Restrict the update to when LE
1714 * has actually been enabled. During power on, the
1715 * update in powered_update_hci will take care of it.
1716 */
d7a5a11d 1717 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 1718 struct hci_request req;
1719
441ad2d0 1720 hci_req_init(&req, hdev);
cab054ab
JH		 1721 __hci_req_update_adv_data(&req, 0x00);
1722 __hci_req_update_scan_rsp_data(&req, 0x00);
441ad2d0 1723 hci_req_run(&req, NULL);
2e93e53b 1724 hci_update_background_scan(hdev);
441ad2d0 1725 }
3ad67582
JK		 1726
1727unlock:
1728 hci_dev_unlock(hdev);
416a4ae5
JH		 1729}
1730
bdb6d971 1731static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1732{
1733 struct mgmt_mode *cp = data;
1734 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1735 struct mgmt_pending_cmd *cmd;
416a4ae5 1736 struct hci_request req;
06199cf8 1737 int err;
0b60eba1 1738 u8 val, enabled;
06199cf8 1739
bdb6d971 1740 BT_DBG("request for %s", hdev->name);
06199cf8 1741
13ecd8b6 1742 if (!lmp_le_capable(hdev))
a69e8375
JH		 1743 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1744 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1745
a7e80f25 1746 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1747 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1748 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1749
e7844ee5
MH		 1750 /* Bluetooth single mode LE only controllers or dual-mode
1751 * controllers configured as LE only devices, do not allow
1752 * switching LE off. These have either LE enabled explicitly
1753 * or BR/EDR has been previously switched off.
1754 *
1755 * When trying to enable an already enabled LE, then gracefully
1756 * send a positive response. Trying to disable it however will
1757 * result into rejection.
1758 */
1759 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1760 if (cp->val == 0x01)
1761 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1762
a69e8375
JH		 1763 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1764 MGMT_STATUS_REJECTED);
e7844ee5 1765 }
c73eee91 1766
13ecd8b6 1767 hci_dev_lock(hdev);
06199cf8
JH		 1768
1769 val = !!cp->val;
ffa88e02 1770 enabled = lmp_host_le_capable(hdev);
06199cf8 1771
847818d9 1772 if (!val)
37d3a1fa 1773 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
847818d9 1774
0b60eba1 1775 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1776 bool changed = false;
1777
d7a5a11d 1778 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1779 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1780 changed = true;
1781 }
1782
d7a5a11d 1783 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1784 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1785 changed = true;
1786 }
1787
06199cf8
JH		 1788 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1789 if (err < 0)
1de028ce 1790 goto unlock;
06199cf8
JH		 1791
1792 if (changed)
1793 err = new_settings(hdev, sk);
1794
1de028ce 1795 goto unlock;
06199cf8
JH		 1796 }
1797
333ae95d
JH		 1798 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1799 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1800 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1801 MGMT_STATUS_BUSY);
1de028ce 1802 goto unlock;
06199cf8
JH		 1803 }
1804
1805 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1806 if (!cmd) {
1807 err = -ENOMEM;
1de028ce 1808 goto unlock;
06199cf8
JH		 1809 }
1810
441ad2d0
MH		 1811 hci_req_init(&req, hdev);
1812
06199cf8
JH		 1813 memset(&hci_cp, 0, sizeof(hci_cp));
1814
1815 if (val) {
1816 hci_cp.le = val;
32226e4f 1817 hci_cp.simul = 0x00;
441ad2d0 1818 } else {
d7a5a11d 1819 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1820 __hci_req_disable_advertising(&req);
06199cf8
JH		 1821 }
1822
416a4ae5
JH		 1823 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1824 &hci_cp);
1825
1826 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1827 if (err < 0)
06199cf8 1828 mgmt_pending_remove(cmd);
06199cf8 1829
1de028ce
JH		 1830unlock:
1831 hci_dev_unlock(hdev);
06199cf8
JH		 1832 return err;
1833}
1834
0cab9c80
JH		 1835/* This is a helper function to test for pending mgmt commands that can
1836 * cause CoD or EIR HCI commands. We can only allow one such pending
1837 * mgmt command at a time since otherwise we cannot easily track what
1838 * the current values are, will be, and based on that calculate if a new
1839 * HCI command needs to be sent and if yes with what value.
1840 */
1841static bool pending_eir_or_class(struct hci_dev *hdev)
1842{
3b0602cd 1843 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1844
1845 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1846 switch (cmd->opcode) {
1847 case MGMT_OP_ADD_UUID:
1848 case MGMT_OP_REMOVE_UUID:
1849 case MGMT_OP_SET_DEV_CLASS:
1850 case MGMT_OP_SET_POWERED:
1851 return true;
1852 }
1853 }
1854
1855 return false;
1856}
1857
83be8eca
JH		 1858static const u8 bluetooth_base_uuid[] = {
1859 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1860 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1861};
1862
1863static u8 get_uuid_size(const u8 *uuid)
1864{
1865 u32 val;
1866
1867 if (memcmp(uuid, bluetooth_base_uuid, 12))
1868 return 128;
1869
1870 val = get_unaligned_le32(&uuid[12]);
1871 if (val > 0xffff)
1872 return 32;
1873
1874 return 16;
1875}
1876
92da6097
JH		 1877static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1878{
3b0602cd 1879 struct mgmt_pending_cmd *cmd;
92da6097
JH		 1880
1881 hci_dev_lock(hdev);
1882
333ae95d 1883 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 1884 if (!cmd)
1885 goto unlock;
1886
2a1afb5a
JH		 1887 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1888 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 1889
1890 mgmt_pending_remove(cmd);
1891
1892unlock:
1893 hci_dev_unlock(hdev);
1894}
1895
1904a853 1896static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1897{
1898 BT_DBG("status 0x%02x", status);
1899
1900 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1901}
1902
bdb6d971 1903static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1904{
650f726d 1905 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 1906 struct mgmt_pending_cmd *cmd;
890ea898 1907 struct hci_request req;
2aeb9a1a 1908 struct bt_uuid *uuid;
2aeb9a1a
JH		 1909 int err;
1910
bdb6d971 1911 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1912
09fd0de5 1913 hci_dev_lock(hdev);
2aeb9a1a 1914
0cab9c80 1915 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1916 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1917 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1918 goto failed;
1919 }
1920
92c4c204 1921 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1922 if (!uuid) {
1923 err = -ENOMEM;
1924 goto failed;
1925 }
1926
1927 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1928 uuid->svc_hint = cp->svc_hint;
83be8eca 1929 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1930
de66aa63 1931 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1932
890ea898 1933 hci_req_init(&req, hdev);
1aff6f09 1934
14bf5eac 1935 __hci_req_update_class(&req);
b1a8917c 1936 __hci_req_update_eir(&req);
890ea898 1937
92da6097
JH		 1938 err = hci_req_run(&req, add_uuid_complete);
1939 if (err < 0) {
1940 if (err != -ENODATA)
1941 goto failed;
80a1e1db 1942
2a1afb5a
JH		 1943 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1944 hdev->dev_class, 3);
90e70454
JH		 1945 goto failed;
1946 }
1947
1948 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1949 if (!cmd) {
90e70454 1950 err = -ENOMEM;
890ea898
JH		 1951 goto failed;
1952 }
1953
1954 err = 0;
2aeb9a1a
JH		 1955
1956failed:
09fd0de5 1957 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1958 return err;
1959}
1960
24b78d0f
JH		 1961static bool enable_service_cache(struct hci_dev *hdev)
1962{
1963 if (!hdev_is_powered(hdev))
1964 return false;
1965
238be788 1966 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 1967 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1968 CACHE_TIMEOUT);
24b78d0f
JH		 1969 return true;
1970 }
1971
1972 return false;
1973}
1974
1904a853 1975static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1976{
1977 BT_DBG("status 0x%02x", status);
1978
1979 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1980}
1981
bdb6d971 1982static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1983 u16 len)
2aeb9a1a 1984{
650f726d 1985 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 1986 struct mgmt_pending_cmd *cmd;
056341c8 1987 struct bt_uuid *match, *tmp;
2aeb9a1a 1988 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1989 struct hci_request req;
2aeb9a1a
JH		 1990 int err, found;
1991
bdb6d971 1992 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1993
09fd0de5 1994 hci_dev_lock(hdev);
2aeb9a1a 1995
0cab9c80 1996 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1998 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1999 goto unlock;
2000 }
2001
2aeb9a1a 2002 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2003 hci_uuids_clear(hdev);
4004b6d9 2004
24b78d0f 2005 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2006 err = mgmt_cmd_complete(sk, hdev->id,
2007 MGMT_OP_REMOVE_UUID,
2008 0, hdev->dev_class, 3);
24b78d0f
JH		 2009 goto unlock;
2010 }
4004b6d9 2011
9246a869 2012 goto update_class;
2aeb9a1a
JH		 2013 }
2014
2015 found = 0;
2016
056341c8 2017 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2018 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2019 continue;
2020
2021 list_del(&match->list);
482049f7 2022 kfree(match);
2aeb9a1a
JH		 2023 found++;
2024 }
2025
2026 if (found == 0) {
a69e8375
JH		 2027 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2028 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2029 goto unlock;
2030 }
2031
9246a869 2032update_class:
890ea898 2033 hci_req_init(&req, hdev);
1aff6f09 2034
14bf5eac 2035 __hci_req_update_class(&req);
b1a8917c 2036 __hci_req_update_eir(&req);
890ea898 2037
92da6097
JH		 2038 err = hci_req_run(&req, remove_uuid_complete);
2039 if (err < 0) {
2040 if (err != -ENODATA)
2041 goto unlock;
80a1e1db 2042
2a1afb5a
JH		 2043 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2044 hdev->dev_class, 3);
90e70454
JH		 2045 goto unlock;
2046 }
2047
2048 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2049 if (!cmd) {
90e70454 2050 err = -ENOMEM;
890ea898
JH		 2051 goto unlock;
2052 }
2053
2054 err = 0;
2aeb9a1a
JH		 2055
2056unlock:
09fd0de5 2057 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2058 return err;
2059}
2060
1904a853 2061static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2062{
2063 BT_DBG("status 0x%02x", status);
2064
2065 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2066}
2067
bdb6d971 2068static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2069 u16 len)
1aff6f09 2070{
650f726d 2071 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2072 struct mgmt_pending_cmd *cmd;
890ea898 2073 struct hci_request req;
1aff6f09
JH		 2074 int err;
2075
bdb6d971 2076 BT_DBG("request for %s", hdev->name);
1aff6f09 2077
6203fc98 2078 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2080 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2081
0cab9c80 2082 hci_dev_lock(hdev);
ee98f473 2083
0cab9c80 2084 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2085 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2086 MGMT_STATUS_BUSY);
0cab9c80
JH		 2087 goto unlock;
2088 }
c95f0ba7 2089
0cab9c80 2090 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2091 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2092 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2093 goto unlock;
2094 }
575b3a02 2095
932f5ff5
JH		 2096 hdev->major_class = cp->major;
2097 hdev->minor_class = cp->minor;
2098
b5235a65 2099 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2100 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2101 hdev->dev_class, 3);
b5235a65
JH		 2102 goto unlock;
2103 }
2104
890ea898
JH		 2105 hci_req_init(&req, hdev);
2106
a69d8927 2107 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2108 hci_dev_unlock(hdev);
2109 cancel_delayed_work_sync(&hdev->service_cache);
2110 hci_dev_lock(hdev);
b1a8917c 2111 __hci_req_update_eir(&req);
7d78525d 2112 }
14c0b608 2113
14bf5eac 2114 __hci_req_update_class(&req);
890ea898 2115
92da6097
JH		 2116 err = hci_req_run(&req, set_class_complete);
2117 if (err < 0) {
2118 if (err != -ENODATA)
2119 goto unlock;
1aff6f09 2120
2a1afb5a
JH		 2121 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2122 hdev->dev_class, 3);
90e70454
JH		 2123 goto unlock;
2124 }
2125
2126 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2127 if (!cmd) {
90e70454 2128 err = -ENOMEM;
890ea898
JH		 2129 goto unlock;
2130 }
2131
2132 err = 0;
1aff6f09 2133
b5235a65 2134unlock:
09fd0de5 2135 hci_dev_unlock(hdev);
1aff6f09
JH		 2136 return err;
2137}
2138
bdb6d971 2139static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2140 u16 len)
55ed8ca1 2141{
650f726d 2142 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2143 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2144 sizeof(struct mgmt_link_key_info));
4e51eae9 2145 u16 key_count, expected_len;
b1de97d8 2146 bool changed;
a492cd52 2147 int i;
55ed8ca1 2148
9060d5cf
MH		 2149 BT_DBG("request for %s", hdev->name);
2150
2151 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2152 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2153 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2154
1f350c87 2155 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2156 if (key_count > max_key_count) {
2157 BT_ERR("load_link_keys: too big key_count value %u",
2158 key_count);
a69e8375
JH		 2159 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2160 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2161 }
55ed8ca1 2162
86742e1e
JH		 2163 expected_len = sizeof(*cp) + key_count *
2164 sizeof(struct mgmt_link_key_info);
a492cd52 2165 if (expected_len != len) {
86742e1e 2166 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2167 expected_len, len);
a69e8375
JH		 2168 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2169 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2170 }
2171
4ae14301 2172 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2173 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2174 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2175
bdb6d971 2176 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2177 key_count);
55ed8ca1 2178
4ee71b20
JH		 2179 for (i = 0; i < key_count; i++) {
2180 struct mgmt_link_key_info *key = &cp->keys[i];
2181
8e991132 2182 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2183 return mgmt_cmd_status(sk, hdev->id,
2184 MGMT_OP_LOAD_LINK_KEYS,
2185 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2186 }
2187
09fd0de5 2188 hci_dev_lock(hdev);
55ed8ca1
JH		 2189
2190 hci_link_keys_clear(hdev);
2191
55ed8ca1 2192 if (cp->debug_keys)
238be788 2193 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2194 else
a69d8927
MH		 2195 changed = hci_dev_test_and_clear_flag(hdev,
2196 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2197
2198 if (changed)
2199 new_settings(hdev, NULL);
55ed8ca1 2200
a492cd52 2201 for (i = 0; i < key_count; i++) {
86742e1e 2202 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2203
58e9293c
JH		 2204 /* Always ignore debug keys and require a new pairing if
2205 * the user wants to use them.
2206 */
2207 if (key->type == HCI_LK_DEBUG_COMBINATION)
2208 continue;
2209
7652ff6a
JH		 2210 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2211 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2212 }
2213
2a1afb5a 2214 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2215
09fd0de5 2216 hci_dev_unlock(hdev);
55ed8ca1 2217
a492cd52 2218 return 0;
55ed8ca1
JH		 2219}
2220
b1078ad0 2221static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2222 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2223{
2224 struct mgmt_ev_device_unpaired ev;
2225
2226 bacpy(&ev.addr.bdaddr, bdaddr);
2227 ev.addr.type = addr_type;
2228
2229 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2230 skip_sk);
b1078ad0
JH		 2231}
2232
bdb6d971 2233static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2234 u16 len)
55ed8ca1 2235{
124f6e35
JH		 2236 struct mgmt_cp_unpair_device *cp = data;
2237 struct mgmt_rp_unpair_device rp;
fc64361a 2238 struct hci_conn_params *params;
3b0602cd 2239 struct mgmt_pending_cmd *cmd;
55ed8ca1 2240 struct hci_conn *conn;
ec182f03 2241 u8 addr_type;
55ed8ca1
JH		 2242 int err;
2243
a8a1d19e 2244 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2245 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2246 rp.addr.type = cp->addr.type;
a8a1d19e 2247
4ee71b20 2248 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2249 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2250 MGMT_STATUS_INVALID_PARAMS,
2251 &rp, sizeof(rp));
4ee71b20 2252
118da70b 2253 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2254 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2255 MGMT_STATUS_INVALID_PARAMS,
2256 &rp, sizeof(rp));
118da70b 2257
4ee71b20
JH		 2258 hci_dev_lock(hdev);
2259
86a8cfc6 2260 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2261 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2262 MGMT_STATUS_NOT_POWERED, &rp,
2263 sizeof(rp));
86a8cfc6
JH		 2264 goto unlock;
2265 }
2266
e0b2b27e 2267 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2268 /* If disconnection is requested, then look up the
2269 * connection. If the remote device is connected, it
2270 * will be later used to terminate the link.
2271 *
2272 * Setting it to NULL explicitly will cause no
2273 * termination of the link.
2274 */
2275 if (cp->disconnect)
2276 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2277 &cp->addr.bdaddr);
2278 else
2279 conn = NULL;
2280
124f6e35 2281 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2282 if (err < 0) {
2283 err = mgmt_cmd_complete(sk, hdev->id,
2284 MGMT_OP_UNPAIR_DEVICE,
2285 MGMT_STATUS_NOT_PAIRED, &rp,
2286 sizeof(rp));
2287 goto unlock;
89cbb063
AA		 2288 }
2289
ec182f03 2290 goto done;
e0b2b27e 2291 }
b0dbfb46 2292
ec182f03
JH		 2293 /* LE address type */
2294 addr_type = le_addr_type(cp->addr.type);
2295
2296 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2297
2298 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2299 if (err < 0) {
2a1afb5a
JH		 2300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2301 MGMT_STATUS_NOT_PAIRED, &rp,
2302 sizeof(rp));
55ed8ca1
JH		 2303 goto unlock;
2304 }
2305
ec182f03
JH		 2306 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2307 if (!conn) {
2308 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2309 goto done;
2310 }
2311
c81d555a
JH		 2312 /* Abort any ongoing SMP pairing */
2313 smp_cancel_pairing(conn);
2314
ec182f03
JH		 2315 /* Defer clearing up the connection parameters until closing to
2316 * give a chance of keeping them if a repairing happens.
2317 */
2318 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2319
fc64361a
JH		 2320 /* Disable auto-connection parameters if present */
2321 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2322 if (params) {
2323 if (params->explicit_connect)
2324 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2325 else
2326 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2327 }
2328
ec182f03
JH		 2329 /* If disconnection is not requested, then clear the connection
2330 * variable so that the link is not terminated.
2331 */
2332 if (!cp->disconnect)
2333 conn = NULL;
2334
2335done:
89cbb063
AA		 2336 /* If the connection variable is set, then termination of the
2337 * link is requested.
2338 */
a8a1d19e 2339 if (!conn) {
2a1afb5a
JH		 2340 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2341 &rp, sizeof(rp));
b1078ad0 2342 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2343 goto unlock;
2344 }
55ed8ca1 2345
124f6e35 2346 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2347 sizeof(*cp));
a8a1d19e
JH		 2348 if (!cmd) {
2349 err = -ENOMEM;
2350 goto unlock;
55ed8ca1
JH		 2351 }
2352
d8b7b1e4
JH		 2353 cmd->cmd_complete = addr_cmd_complete;
2354
89e0ccc8 2355 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2356 if (err < 0)
2357 mgmt_pending_remove(cmd);
2358
55ed8ca1 2359unlock:
09fd0de5 2360 hci_dev_unlock(hdev);
55ed8ca1
JH		 2361 return err;
2362}
2363
bdb6d971 2364static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2365 u16 len)
8962ee74 2366{
650f726d 2367 struct mgmt_cp_disconnect *cp = data;
06a63b19 2368 struct mgmt_rp_disconnect rp;
3b0602cd 2369 struct mgmt_pending_cmd *cmd;
8962ee74 2370 struct hci_conn *conn;
8962ee74
JH		 2371 int err;
2372
2373 BT_DBG("");
2374
06a63b19
JH		 2375 memset(&rp, 0, sizeof(rp));
2376 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2377 rp.addr.type = cp->addr.type;
2378
4ee71b20 2379 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2380 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2381 MGMT_STATUS_INVALID_PARAMS,
2382 &rp, sizeof(rp));
4ee71b20 2383
09fd0de5 2384 hci_dev_lock(hdev);
8962ee74
JH		 2385
2386 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2387 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2388 MGMT_STATUS_NOT_POWERED, &rp,
2389 sizeof(rp));
8962ee74
JH		 2390 goto failed;
2391 }
2392
333ae95d 2393 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2394 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2395 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2396 goto failed;
2397 }
2398
591f47f3 2399 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2400 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2401 &cp->addr.bdaddr);
88c3df13 2402 else
9d4c1cc1
JH		 2403 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2404 le_addr_type(cp->addr.type));
365227e5 2405
f960727e 2406 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2407 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2408 MGMT_STATUS_NOT_CONNECTED, &rp,
2409 sizeof(rp));
8962ee74
JH		 2410 goto failed;
2411 }
2412
2e58ef3e 2413 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2414 if (!cmd) {
2415 err = -ENOMEM;
8962ee74 2416 goto failed;
366a0336 2417 }
8962ee74 2418
f5818c22
JH		 2419 cmd->cmd_complete = generic_cmd_complete;
2420
e3f2f92a 2421 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2422 if (err < 0)
a664b5bc 2423 mgmt_pending_remove(cmd);
8962ee74
JH		 2424
2425failed:
09fd0de5 2426 hci_dev_unlock(hdev);
8962ee74
JH		 2427 return err;
2428}
2429
57c1477c 2430static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2431{
2432 switch (link_type) {
2433 case LE_LINK:
48264f06
JH		 2434 switch (addr_type) {
2435 case ADDR_LE_DEV_PUBLIC:
591f47f3 2436 return BDADDR_LE_PUBLIC;
0ed09148 2437
48264f06 2438 default:
0ed09148 2439 /* Fallback to LE Random address type */
591f47f3 2440 return BDADDR_LE_RANDOM;
48264f06 2441 }
0ed09148 2442
4c659c39 2443 default:
0ed09148 2444 /* Fallback to BR/EDR type */
591f47f3 2445 return BDADDR_BREDR;
4c659c39
JH		 2446 }
2447}
2448
04124681
GP		 2449static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2450 u16 data_len)
2784eb41 2451{
2784eb41 2452 struct mgmt_rp_get_connections *rp;
8035ded4 2453 struct hci_conn *c;
a38528f1 2454 size_t rp_len;
60fc5fb6
JH		 2455 int err;
2456 u16 i;
2784eb41
JH		 2457
2458 BT_DBG("");
2459
09fd0de5 2460 hci_dev_lock(hdev);
2784eb41 2461
5f97c1df 2462 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2463 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2464 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2465 goto unlock;
2466 }
2467
60fc5fb6 2468 i = 0;
b644ba33
JH		 2469 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2470 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2471 i++;
2784eb41
JH		 2472 }
2473
60fc5fb6 2474 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2475 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2476 if (!rp) {
2784eb41
JH		 2477 err = -ENOMEM;
2478 goto unlock;
2479 }
2480
2784eb41 2481 i = 0;
4c659c39 2482 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2483 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2484 continue;
4c659c39 2485 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2486 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2487 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2488 continue;
2489 i++;
2490 }
2491
eb55ef07 2492 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2493
4c659c39
JH		 2494 /* Recalculate length in case of filtered SCO connections, etc */
2495 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2496
2a1afb5a
JH		 2497 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2498 rp_len);
2784eb41 2499
a38528f1 2500 kfree(rp);
5f97c1df
JH		 2501
2502unlock:
09fd0de5 2503 hci_dev_unlock(hdev);
2784eb41
JH		 2504 return err;
2505}
2506
bdb6d971 2507static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2508 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2509{
3b0602cd 2510 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2511 int err;
2512
2e58ef3e 2513 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2514 sizeof(*cp));
96d97a67
WR		 2515 if (!cmd)
2516 return -ENOMEM;
2517
d8457698 2518 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2519 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2520 if (err < 0)
2521 mgmt_pending_remove(cmd);
2522
2523 return err;
2524}
2525
bdb6d971 2526static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2527 u16 len)
980e1a53 2528{
96d97a67 2529 struct hci_conn *conn;
650f726d 2530 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2531 struct hci_cp_pin_code_reply reply;
3b0602cd 2532 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2533 int err;
2534
2535 BT_DBG("");
2536
09fd0de5 2537 hci_dev_lock(hdev);
980e1a53 2538
4b34ee78 2539 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2540 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2541 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2542 goto failed;
2543 }
2544
d8457698 2545 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2546 if (!conn) {
a69e8375
JH		 2547 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2548 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2549 goto failed;
2550 }
2551
2552 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2553 struct mgmt_cp_pin_code_neg_reply ncp;
2554
2555 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2556
2557 BT_ERR("PIN code is not 16 bytes long");
2558
bdb6d971 2559 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2560 if (err >= 0)
a69e8375
JH		 2561 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2562 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2563
2564 goto failed;
2565 }
2566
00abfe44 2567 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2568 if (!cmd) {
2569 err = -ENOMEM;
980e1a53 2570 goto failed;
366a0336 2571 }
980e1a53 2572
7776d1d8
JH		 2573 cmd->cmd_complete = addr_cmd_complete;
2574
d8457698 2575 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2576 reply.pin_len = cp->pin_len;
24718ca5 2577 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2578
2579 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2580 if (err < 0)
a664b5bc 2581 mgmt_pending_remove(cmd);
980e1a53
JH		 2582
2583failed:
09fd0de5 2584 hci_dev_unlock(hdev);
980e1a53
JH		 2585 return err;
2586}
2587
04124681
GP		 2588static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2589 u16 len)
17fa4b9d 2590{
650f726d 2591 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2592
2593 BT_DBG("");
2594
4ec86d4c 2595 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 2596 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2597 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 2598
09fd0de5 2599 hci_dev_lock(hdev);
17fa4b9d
JH		 2600
2601 hdev->io_capability = cp->io_capability;
2602
2603 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2604 hdev->io_capability);
17fa4b9d 2605
09fd0de5 2606 hci_dev_unlock(hdev);
17fa4b9d 2607
2a1afb5a
JH		 2608 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2609 NULL, 0);
17fa4b9d
JH		 2610}
2611
3b0602cd 2612static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2613{
2614 struct hci_dev *hdev = conn->hdev;
3b0602cd 2615 struct mgmt_pending_cmd *cmd;
e9a416b5 2616
2e58ef3e 2617 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2618 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2619 continue;
2620
e9a416b5
JH		 2621 if (cmd->user_data != conn)
2622 continue;
2623
2624 return cmd;
2625 }
2626
2627 return NULL;
2628}
2629
3b0602cd 2630static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2631{
2632 struct mgmt_rp_pair_device rp;
2633 struct hci_conn *conn = cmd->user_data;
9df74653 2634 int err;
e9a416b5 2635
61b1a7fb
JH		 2636 bacpy(&rp.addr.bdaddr, &conn->dst);
2637 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2638
2a1afb5a
JH		 2639 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2640 status, &rp, sizeof(rp));
e9a416b5
JH		 2641
2642 /* So we don't get further callbacks for this connection */
2643 conn->connect_cfm_cb = NULL;
2644 conn->security_cfm_cb = NULL;
2645 conn->disconn_cfm_cb = NULL;
2646
76a68ba0 2647 hci_conn_drop(conn);
89cbb063
AA		 2648
2649 /* The device is paired so there is no need to remove
2650 * its connection parameters anymore.
2651 */
2652 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2653
2654 hci_conn_put(conn);
9df74653
JH		 2655
2656 return err;
e9a416b5
JH		 2657}
2658
f4a407be
JH		 2659void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2660{
2661 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2662 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2663
2664 cmd = find_pairing(conn);
a511b35b 2665 if (cmd) {
04ab2749 2666 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2667 mgmt_pending_remove(cmd);
2668 }
f4a407be
JH		 2669}
2670
e9a416b5
JH		 2671static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2672{
3b0602cd 2673 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2674
2675 BT_DBG("status %u", status);
2676
2677 cmd = find_pairing(conn);
a511b35b 2678 if (!cmd) {
e9a416b5 2679 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2680 return;
2681 }
2682
2683 cmd->cmd_complete(cmd, mgmt_status(status));
2684 mgmt_pending_remove(cmd);
e9a416b5
JH		 2685}
2686
f4a407be 2687static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2688{
3b0602cd 2689 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2690
2691 BT_DBG("status %u", status);
2692
2693 if (!status)
2694 return;
2695
2696 cmd = find_pairing(conn);
a511b35b 2697 if (!cmd) {
4c47d739 2698 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2699 return;
2700 }
2701
2702 cmd->cmd_complete(cmd, mgmt_status(status));
2703 mgmt_pending_remove(cmd);
4c47d739
VA		 2704}
2705
bdb6d971 2706static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2707 u16 len)
e9a416b5 2708{
650f726d 2709 struct mgmt_cp_pair_device *cp = data;
1425acb7 2710 struct mgmt_rp_pair_device rp;
3b0602cd 2711 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2712 u8 sec_level, auth_type;
2713 struct hci_conn *conn;
e9a416b5
JH		 2714 int err;
2715
2716 BT_DBG("");
2717
f950a30e
SJ		 2718 memset(&rp, 0, sizeof(rp));
2719 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2720 rp.addr.type = cp->addr.type;
2721
4ee71b20 2722 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2723 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2724 MGMT_STATUS_INVALID_PARAMS,
2725 &rp, sizeof(rp));
4ee71b20 2726
4ec86d4c 2727 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2728 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2729 MGMT_STATUS_INVALID_PARAMS,
2730 &rp, sizeof(rp));
4ec86d4c 2731
09fd0de5 2732 hci_dev_lock(hdev);
e9a416b5 2733
5f97c1df 2734 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2735 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2736 MGMT_STATUS_NOT_POWERED, &rp,
2737 sizeof(rp));
5f97c1df
JH		 2738 goto unlock;
2739 }
2740
55e76b38
JH		 2741 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2743 MGMT_STATUS_ALREADY_PAIRED, &rp,
2744 sizeof(rp));
2745 goto unlock;
2746 }
2747
c908df36 2748 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2749 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2750
6f77d8c7 2751 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2752 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2753 auth_type);
6f77d8c7 2754 } else {
85813a7e 2755 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2756 struct hci_conn_params *p;
6f77d8c7 2757
7c264b10
MH		 2758 /* When pairing a new device, it is expected to remember
2759 * this device for future connections. Adding the connection
2760 * parameter information ahead of time allows tracking
2761 * of the slave preferred values and will speed up any
2762 * further connection establishment.
2763 *
2764 * If connection parameters already exist, then they
2765 * will be kept and this function does nothing.
2766 */
5157b8a5
JP		 2767 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2768
2769 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2770 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2771
fa142220
JP		 2772 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2773 addr_type, sec_level,
0ad06aa6 2774 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2775 }
7a512d01 2776
30e76272 2777 if (IS_ERR(conn)) {
489dc48e
AK		 2778 int status;
2779
2780 if (PTR_ERR(conn) == -EBUSY)
2781 status = MGMT_STATUS_BUSY;
faa81030
LR		 2782 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2783 status = MGMT_STATUS_NOT_SUPPORTED;
2784 else if (PTR_ERR(conn) == -ECONNREFUSED)
2785 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2786 else
2787 status = MGMT_STATUS_CONNECT_FAILED;
2788
2a1afb5a
JH		 2789 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2790 status, &rp, sizeof(rp));
e9a416b5
JH		 2791 goto unlock;
2792 }
2793
2794 if (conn->connect_cfm_cb) {
76a68ba0 2795 hci_conn_drop(conn);
2a1afb5a
JH		 2796 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2797 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2798 goto unlock;
2799 }
2800
2e58ef3e 2801 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2802 if (!cmd) {
2803 err = -ENOMEM;
76a68ba0 2804 hci_conn_drop(conn);
e9a416b5
JH		 2805 goto unlock;
2806 }
2807
04ab2749
JH		 2808 cmd->cmd_complete = pairing_complete;
2809
7a512d01 2810 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2811 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2812 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2813 conn->security_cfm_cb = pairing_complete_cb;
2814 conn->disconn_cfm_cb = pairing_complete_cb;
2815 } else {
2816 conn->connect_cfm_cb = le_pairing_complete_cb;
2817 conn->security_cfm_cb = le_pairing_complete_cb;
2818 conn->disconn_cfm_cb = le_pairing_complete_cb;
2819 }
7a512d01 2820
e9a416b5 2821 conn->io_capability = cp->io_cap;
f8aaf9b6 2822 cmd->user_data = hci_conn_get(conn);
e9a416b5 2823
6f78fd4b 2824 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2825 hci_conn_security(conn, sec_level, auth_type, true)) {
2826 cmd->cmd_complete(cmd, 0);
2827 mgmt_pending_remove(cmd);
2828 }
e9a416b5
JH		 2829
2830 err = 0;
2831
2832unlock:
09fd0de5 2833 hci_dev_unlock(hdev);
e9a416b5
JH		 2834 return err;
2835}
2836
04124681
GP		 2837static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2838 u16 len)
28424707 2839{
0f4e68cf 2840 struct mgmt_addr_info *addr = data;
3b0602cd 2841 struct mgmt_pending_cmd *cmd;
28424707
JH		 2842 struct hci_conn *conn;
2843 int err;
2844
2845 BT_DBG("");
2846
28424707
JH		 2847 hci_dev_lock(hdev);
2848
5f97c1df 2849 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2850 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2851 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2852 goto unlock;
2853 }
2854
333ae95d 2855 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2856 if (!cmd) {
a69e8375
JH		 2857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2858 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2859 goto unlock;
2860 }
2861
2862 conn = cmd->user_data;
2863
2864 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 2865 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2866 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2867 goto unlock;
2868 }
2869
a511b35b
JH		 2870 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2871 mgmt_pending_remove(cmd);
28424707 2872
2a1afb5a
JH		 2873 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2874 addr, sizeof(*addr));
28424707
JH		 2875unlock:
2876 hci_dev_unlock(hdev);
28424707
JH		 2877 return err;
2878}
2879
bdb6d971 2880static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2881 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2882 u16 hci_op, __le32 passkey)
a5c29683 2883{
3b0602cd 2884 struct mgmt_pending_cmd *cmd;
0df4c185 2885 struct hci_conn *conn;
a5c29683
JH		 2886 int err;
2887
09fd0de5 2888 hci_dev_lock(hdev);
08ba5382 2889
4b34ee78 2890 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2891 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2892 MGMT_STATUS_NOT_POWERED, addr,
2893 sizeof(*addr));
0df4c185 2894 goto done;
a5c29683
JH		 2895 }
2896
1707c60e
JH		 2897 if (addr->type == BDADDR_BREDR)
2898 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2899 else
9d4c1cc1
JH		 2900 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2901 le_addr_type(addr->type));
272d90df
JH		 2902
2903 if (!conn) {
2a1afb5a
JH		 2904 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2905 MGMT_STATUS_NOT_CONNECTED, addr,
2906 sizeof(*addr));
272d90df
JH		 2907 goto done;
2908 }
47c15e2b 2909
1707c60e 2910 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 2911 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 2912 if (!err)
2a1afb5a
JH		 2913 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2914 MGMT_STATUS_SUCCESS, addr,
2915 sizeof(*addr));
5fe57d9e 2916 else
2a1afb5a
JH		 2917 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2918 MGMT_STATUS_FAILED, addr,
2919 sizeof(*addr));
47c15e2b 2920
47c15e2b
BG		 2921 goto done;
2922 }
2923
1707c60e 2924 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2925 if (!cmd) {
2926 err = -ENOMEM;
0df4c185 2927 goto done;
a5c29683
JH		 2928 }
2929
7776d1d8
JH		 2930 cmd->cmd_complete = addr_cmd_complete;
2931
0df4c185 2932 /* Continue with pairing via HCI */
604086b7
BG		 2933 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2934 struct hci_cp_user_passkey_reply cp;
2935
1707c60e 2936 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2937 cp.passkey = passkey;
2938 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2939 } else
1707c60e
JH		 2940 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2941 &addr->bdaddr);
604086b7 2942
a664b5bc
JH		 2943 if (err < 0)
2944 mgmt_pending_remove(cmd);
a5c29683 2945
0df4c185 2946done:
09fd0de5 2947 hci_dev_unlock(hdev);
a5c29683
JH		 2948 return err;
2949}
2950
afeb019d
JK		 2951static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2952 void *data, u16 len)
2953{
2954 struct mgmt_cp_pin_code_neg_reply *cp = data;
2955
2956 BT_DBG("");
2957
1707c60e 2958 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2959 MGMT_OP_PIN_CODE_NEG_REPLY,
2960 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2961}
2962
04124681
GP		 2963static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2964 u16 len)
0df4c185 2965{
650f726d 2966 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2967
2968 BT_DBG("");
2969
2970 if (len != sizeof(*cp))
a69e8375
JH		 2971 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2972 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2973
1707c60e 2974 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2975 MGMT_OP_USER_CONFIRM_REPLY,
2976 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2977}
2978
bdb6d971 2979static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2980 void *data, u16 len)
0df4c185 2981{
c9c2659f 2982 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2983
2984 BT_DBG("");
2985
1707c60e 2986 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2987 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2988 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2989}
2990
04124681
GP		 2991static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2992 u16 len)
604086b7 2993{
650f726d 2994 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2995
2996 BT_DBG("");
2997
1707c60e 2998 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2999 MGMT_OP_USER_PASSKEY_REPLY,
3000 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3001}
3002
bdb6d971 3003static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3004 void *data, u16 len)
604086b7 3005{
650f726d 3006 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3007
3008 BT_DBG("");
3009
1707c60e 3010 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3011 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3012 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3013}
3014
7c295c48
MN		 3015static void adv_expire(struct hci_dev *hdev, u32 flags)
3016{
3017 struct adv_info *adv_instance;
3018 struct hci_request req;
3019 int err;
3020
3021 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3022 if (!adv_instance)
3023 return;
3024
3025 /* stop if current instance doesn't need to be changed */
3026 if (!(adv_instance->flags & flags))
3027 return;
3028
3029 cancel_adv_timeout(hdev);
3030
3031 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3032 if (!adv_instance)
3033 return;
3034
3035 hci_req_init(&req, hdev);
3036 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3037 true);
3038 if (err)
3039 return;
3040
3041 hci_req_run(&req, NULL);
3042}
3043
1904a853 3044static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3045{
3046 struct mgmt_cp_set_local_name *cp;
3b0602cd 3047 struct mgmt_pending_cmd *cmd;
13928971
JH		 3048
3049 BT_DBG("status 0x%02x", status);
3050
3051 hci_dev_lock(hdev);
3052
333ae95d 3053 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3054 if (!cmd)
3055 goto unlock;
3056
3057 cp = cmd->param;
3058
7c295c48 3059 if (status) {
a69e8375
JH		 3060 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3061 mgmt_status(status));
7c295c48 3062 } else {
2a1afb5a
JH		 3063 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3064 cp, sizeof(*cp));
13928971 3065
7c295c48
MN		 3066 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3067 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3068 }
3069
13928971
JH		 3070 mgmt_pending_remove(cmd);
3071
3072unlock:
3073 hci_dev_unlock(hdev);
3074}
3075
bdb6d971 3076static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3077 u16 len)
b312b161 3078{
2b4bf397 3079 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3080 struct mgmt_pending_cmd *cmd;
890ea898 3081 struct hci_request req;
b312b161
JH		 3082 int err;
3083
3084 BT_DBG("");
3085
09fd0de5 3086 hci_dev_lock(hdev);
b312b161 3087
b3f2ca94
JH		 3088 /* If the old values are the same as the new ones just return a
3089 * direct command complete event.
3090 */
3091 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3092 !memcmp(hdev->short_name, cp->short_name,
3093 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3094 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3095 data, len);
b3f2ca94
JH		 3096 goto failed;
3097 }
3098
2b4bf397 3099 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3100
b5235a65 3101 if (!hdev_is_powered(hdev)) {
2b4bf397 3102 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3103
2a1afb5a
JH		 3104 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3105 data, len);
28cc7bde
JH		 3106 if (err < 0)
3107 goto failed;
3108
5504c3a3
MH		 3109 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3110 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3111 ext_info_changed(hdev, sk);
28cc7bde 3112
b5235a65
JH		 3113 goto failed;
3114 }
3115
28cc7bde 3116 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3117 if (!cmd) {
3118 err = -ENOMEM;
3119 goto failed;
3120 }
3121
13928971
JH		 3122 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3123
890ea898 3124 hci_req_init(&req, hdev);
3f985050
JH		 3125
3126 if (lmp_bredr_capable(hdev)) {
00cf5040 3127 __hci_req_update_name(&req);
b1a8917c 3128 __hci_req_update_eir(&req);
3f985050
JH		 3129 }
3130
7a5f4990
MH		 3131 /* The name is stored in the scan response data and so
3132 * no need to udpate the advertising data here.
3133 */
3f985050 3134 if (lmp_le_capable(hdev))
cab054ab 3135 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3f985050 3136
13928971 3137 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3138 if (err < 0)
3139 mgmt_pending_remove(cmd);
3140
3141failed:
09fd0de5 3142 hci_dev_unlock(hdev);
b312b161
JH		 3143 return err;
3144}
3145
1b9441f8
JH		 3146static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3147 u16 opcode, struct sk_buff *skb)
3148{
3149 struct mgmt_rp_read_local_oob_data mgmt_rp;
3150 size_t rp_size = sizeof(mgmt_rp);
3151 struct mgmt_pending_cmd *cmd;
3152
3153 BT_DBG("%s status %u", hdev->name, status);
3154
3155 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3156 if (!cmd)
3157 return;
3158
3159 if (status || !skb) {
3160 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3161 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3162 goto remove;
3163 }
3164
3165 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3166
3167 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3168 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3169
3170 if (skb->len < sizeof(*rp)) {
3171 mgmt_cmd_status(cmd->sk, hdev->id,
3172 MGMT_OP_READ_LOCAL_OOB_DATA,
3173 MGMT_STATUS_FAILED);
3174 goto remove;
3175 }
3176
3177 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3178 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3179
3180 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3181 } else {
3182 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3183
3184 if (skb->len < sizeof(*rp)) {
3185 mgmt_cmd_status(cmd->sk, hdev->id,
3186 MGMT_OP_READ_LOCAL_OOB_DATA,
3187 MGMT_STATUS_FAILED);
3188 goto remove;
3189 }
3190
3191 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3192 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3193
3194 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3195 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3196 }
3197
3198 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3199 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3200
3201remove:
3202 mgmt_pending_remove(cmd);
3203}
3204
0f4e68cf 3205static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3206 void *data, u16 data_len)
c35938b2 3207{
3b0602cd 3208 struct mgmt_pending_cmd *cmd;
1b9441f8 3209 struct hci_request req;
c35938b2
SJ		 3210 int err;
3211
bdb6d971 3212 BT_DBG("%s", hdev->name);
c35938b2 3213
09fd0de5 3214 hci_dev_lock(hdev);
c35938b2 3215
4b34ee78 3216 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3217 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3218 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3219 goto unlock;
3220 }
3221
9a1a1996 3222 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3223 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3224 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3225 goto unlock;
3226 }
3227
333ae95d 3228 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3229 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3230 MGMT_STATUS_BUSY);
c35938b2
SJ		 3231 goto unlock;
3232 }
3233
2e58ef3e 3234 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3235 if (!cmd) {
3236 err = -ENOMEM;
3237 goto unlock;
3238 }
3239
1b9441f8
JH		 3240 hci_req_init(&req, hdev);
3241
710f11c0 3242 if (bredr_sc_enabled(hdev))
1b9441f8 3243 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3244 else
1b9441f8 3245 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3246
1b9441f8 3247 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3248 if (err < 0)
3249 mgmt_pending_remove(cmd);
3250
3251unlock:
09fd0de5 3252 hci_dev_unlock(hdev);
c35938b2
SJ		 3253 return err;
3254}
3255
bdb6d971 3256static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3257 void *data, u16 len)
2763eda6 3258{
5d57e796 3259 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3260 int err;
3261
bdb6d971 3262 BT_DBG("%s ", hdev->name);
2763eda6 3263
5d57e796 3264 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3265 return mgmt_cmd_complete(sk, hdev->id,
3266 MGMT_OP_ADD_REMOTE_OOB_DATA,
3267 MGMT_STATUS_INVALID_PARAMS,
3268 addr, sizeof(*addr));
5d57e796 3269
09fd0de5 3270 hci_dev_lock(hdev);
2763eda6 3271
ec109113
MH		 3272 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3273 struct mgmt_cp_add_remote_oob_data *cp = data;
3274 u8 status;
bf1e3541 3275
c19a495c 3276 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3277 err = mgmt_cmd_complete(sk, hdev->id,
3278 MGMT_OP_ADD_REMOTE_OOB_DATA,
3279 MGMT_STATUS_INVALID_PARAMS,
3280 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3281 goto unlock;
3282 }
3283
ec109113 3284 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3285 cp->addr.type, cp->hash,
3286 cp->rand, NULL, NULL);
ec109113
MH		 3287 if (err < 0)
3288 status = MGMT_STATUS_FAILED;
3289 else
3290 status = MGMT_STATUS_SUCCESS;
3291
2a1afb5a
JH		 3292 err = mgmt_cmd_complete(sk, hdev->id,
3293 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3294 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3295 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3296 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3297 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3298 u8 status;
3299
86df9200 3300 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3301 /* Enforce zero-valued 192-bit parameters as
3302 * long as legacy SMP OOB isn't implemented.
3303 */
3304 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3305 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3306 err = mgmt_cmd_complete(sk, hdev->id,
3307 MGMT_OP_ADD_REMOTE_OOB_DATA,
3308 MGMT_STATUS_INVALID_PARAMS,
3309 addr, sizeof(*addr));
d25b78e2
JH		 3310 goto unlock;
3311 }
3312
86df9200
JH		 3313 rand192 = NULL;
3314 hash192 = NULL;
3315 } else {
41bcfd50
MH		 3316 /* In case one of the P-192 values is set to zero,
3317 * then just disable OOB data for P-192.
3318 */
3319 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3320 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3321 rand192 = NULL;
3322 hash192 = NULL;
3323 } else {
3324 rand192 = cp->rand192;
3325 hash192 = cp->hash192;
3326 }
3327 }
3328
3329 /* In case one of the P-256 values is set to zero, then just
3330 * disable OOB data for P-256.
3331 */
3332 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3333 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3334 rand256 = NULL;
3335 hash256 = NULL;
3336 } else {
3337 rand256 = cp->rand256;
3338 hash256 = cp->hash256;
86df9200
JH		 3339 }
3340
81328d5c 3341 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3342 cp->addr.type, hash192, rand192,
41bcfd50 3343 hash256, rand256);
ec109113
MH		 3344 if (err < 0)
3345 status = MGMT_STATUS_FAILED;
3346 else
3347 status = MGMT_STATUS_SUCCESS;
3348
2a1afb5a
JH		 3349 err = mgmt_cmd_complete(sk, hdev->id,
3350 MGMT_OP_ADD_REMOTE_OOB_DATA,
3351 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3352 } else {
3353 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3354 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3355 MGMT_STATUS_INVALID_PARAMS);
ec109113 3356 }
2763eda6 3357
c19a495c 3358unlock:
09fd0de5 3359 hci_dev_unlock(hdev);
2763eda6
SJ		 3360 return err;
3361}
3362
bdb6d971 3363static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3364 void *data, u16 len)
2763eda6 3365{
650f726d 3366 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3367 u8 status;
2763eda6
SJ		 3368 int err;
3369
bdb6d971 3370 BT_DBG("%s", hdev->name);
2763eda6 3371
c19a495c 3372 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3373 return mgmt_cmd_complete(sk, hdev->id,
3374 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3375 MGMT_STATUS_INVALID_PARAMS,
3376 &cp->addr, sizeof(cp->addr));
c19a495c 3377
09fd0de5 3378 hci_dev_lock(hdev);
2763eda6 3379
eedbd581
JH		 3380 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3381 hci_remote_oob_data_clear(hdev);
3382 status = MGMT_STATUS_SUCCESS;
3383 goto done;
3384 }
3385
6928a924 3386 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3387 if (err < 0)
bf1e3541 3388 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3389 else
a6785be2 3390 status = MGMT_STATUS_SUCCESS;
bf1e3541 3391
eedbd581 3392done:
2a1afb5a
JH		 3393 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3394 status, &cp->addr, sizeof(cp->addr));
2763eda6 3395
09fd0de5 3396 hci_dev_unlock(hdev);
2763eda6
SJ		 3397 return err;
3398}
3399
e68f072b 3400void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3401{
3b0602cd 3402 struct mgmt_pending_cmd *cmd;
ae55f598 3403
7c307720
AG		 3404 BT_DBG("status %d", status);
3405
11e6e25d 3406 hci_dev_lock(hdev);
41dc2bd6 3407
333ae95d 3408 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3409 if (!cmd)
333ae95d 3410 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3411
78b781ca
JH		 3412 if (!cmd)
3413 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3414
11e6e25d 3415 if (cmd) {
2922a94f 3416 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3417 mgmt_pending_remove(cmd);
3418 }
7c307720 3419
11e6e25d 3420 hci_dev_unlock(hdev);
7c307720
AG		 3421}
3422
591752af
JH		 3423static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3424 uint8_t *mgmt_status)
3425{
3426 switch (type) {
3427 case DISCOV_TYPE_LE:
3428 *mgmt_status = mgmt_le_support(hdev);
3429 if (*mgmt_status)
3430 return false;
3431 break;
3432 case DISCOV_TYPE_INTERLEAVED:
3433 *mgmt_status = mgmt_le_support(hdev);
3434 if (*mgmt_status)
3435 return false;
3436 /* Intentional fall-through */
3437 case DISCOV_TYPE_BREDR:
3438 *mgmt_status = mgmt_bredr_support(hdev);
3439 if (*mgmt_status)
3440 return false;
3441 break;
3442 default:
3443 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3444 return false;
3445 }
3446
3447 return true;
3448}
3449
78b781ca
JH		 3450static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3451 u16 op, void *data, u16 len)
14a53664 3452{
650f726d 3453 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3454 struct mgmt_pending_cmd *cmd;
8019044d 3455 u8 status;
14a53664
JH		 3456 int err;
3457
bdb6d971 3458 BT_DBG("%s", hdev->name);
14a53664 3459
09fd0de5 3460 hci_dev_lock(hdev);
14a53664 3461
4b34ee78 3462 if (!hdev_is_powered(hdev)) {
78b781ca 3463 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 3464 MGMT_STATUS_NOT_POWERED,
3465 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3466 goto failed;
3467 }
3468
f5a969f2 3469 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3470 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 3471 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3472 &cp->type, sizeof(cp->type));
642be6c7
AG		 3473 goto failed;
3474 }
3475
591752af 3476 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 3477 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3478 &cp->type, sizeof(cp->type));
591752af
JH		 3479 goto failed;
3480 }
3481
22078800
MH		 3482 /* Clear the discovery filter first to free any previously
3483 * allocated memory for the UUID list.
3484 */
3485 hci_discovery_filter_clear(hdev);
3486
4aab14e5 3487 hdev->discovery.type = cp->type;
da25cf6a 3488 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 3489 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3490 hdev->discovery.limited = true;
3491 else
3492 hdev->discovery.limited = false;
4aab14e5 3493
78b781ca 3494 cmd = mgmt_pending_add(sk, op, hdev, data, len);
e68f072b
JH		 3495 if (!cmd) {
3496 err = -ENOMEM;
04106755 3497 goto failed;
f39799f5 3498 }
04106755 3499
e68f072b 3500 cmd->cmd_complete = generic_cmd_complete;
7c307720 3501
f5a969f2 3502 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3503 queue_work(hdev->req_workqueue, &hdev->discov_update);
3504 err = 0;
7c307720 3505
14a53664 3506failed:
09fd0de5 3507 hci_dev_unlock(hdev);
14a53664
JH		 3508 return err;
3509}
f39799f5 3510
78b781ca
JH		 3511static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3512 void *data, u16 len)
3513{
3514 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3515 data, len);
3516}
3517
3518static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3519 void *data, u16 len)
3520{
3521 return start_discovery_internal(sk, hdev,
3522 MGMT_OP_START_LIMITED_DISCOVERY,
3523 data, len);
3524}
3525
3b0602cd
JH		 3526static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3527 u8 status)
2922a94f 3528{
2a1afb5a
JH		 3529 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3530 cmd->param, 1);
2922a94f 3531}
04106755 3532
66ea9427
JP		 3533static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3534 void *data, u16 len)
3535{
3536 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3537 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3538 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3539 u16 uuid_count, expected_len;
3540 u8 status;
3541 int err;
04106755 3542
66ea9427 3543 BT_DBG("%s", hdev->name);
e8bb6b97 3544
66ea9427 3545 hci_dev_lock(hdev);
7c307720 3546
66ea9427 3547 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3548 err = mgmt_cmd_complete(sk, hdev->id,
3549 MGMT_OP_START_SERVICE_DISCOVERY,
3550 MGMT_STATUS_NOT_POWERED,
3551 &cp->type, sizeof(cp->type));
66ea9427
JP		 3552 goto failed;
3553 }
7c307720 3554
66ea9427 3555 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3556 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3557 err = mgmt_cmd_complete(sk, hdev->id,
3558 MGMT_OP_START_SERVICE_DISCOVERY,
3559 MGMT_STATUS_BUSY, &cp->type,
3560 sizeof(cp->type));
66ea9427
JP		 3561 goto failed;
3562 }
d9483943 3563
66ea9427
JP		 3564 uuid_count = __le16_to_cpu(cp->uuid_count);
3565 if (uuid_count > max_uuid_count) {
3566 BT_ERR("service_discovery: too big uuid_count value %u",
3567 uuid_count);
2a1afb5a
JH		 3568 err = mgmt_cmd_complete(sk, hdev->id,
3569 MGMT_OP_START_SERVICE_DISCOVERY,
3570 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3571 sizeof(cp->type));
66ea9427
JP		 3572 goto failed;
3573 }
3574
3575 expected_len = sizeof(*cp) + uuid_count * 16;
3576 if (expected_len != len) {
3577 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3578 expected_len, len);
2a1afb5a
JH		 3579 err = mgmt_cmd_complete(sk, hdev->id,
3580 MGMT_OP_START_SERVICE_DISCOVERY,
3581 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3582 sizeof(cp->type));
66ea9427
JP		 3583 goto failed;
3584 }
3585
591752af
JH		 3586 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3587 err = mgmt_cmd_complete(sk, hdev->id,
3588 MGMT_OP_START_SERVICE_DISCOVERY,
3589 status, &cp->type, sizeof(cp->type));
3590 goto failed;
3591 }
3592
66ea9427 3593 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3594 hdev, data, len);
66ea9427
JP		 3595 if (!cmd) {
3596 err = -ENOMEM;
3597 goto failed;
3598 }
3599
2922a94f
JH		 3600 cmd->cmd_complete = service_discovery_cmd_complete;
3601
22078800
MH		 3602 /* Clear the discovery filter first to free any previously
3603 * allocated memory for the UUID list.
3604 */
3605 hci_discovery_filter_clear(hdev);
3606
82f8b651 3607 hdev->discovery.result_filtering = true;
66ea9427
JP		 3608 hdev->discovery.type = cp->type;
3609 hdev->discovery.rssi = cp->rssi;
3610 hdev->discovery.uuid_count = uuid_count;
3611
3612 if (uuid_count > 0) {
3613 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3614 GFP_KERNEL);
3615 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 3616 err = mgmt_cmd_complete(sk, hdev->id,
3617 MGMT_OP_START_SERVICE_DISCOVERY,
3618 MGMT_STATUS_FAILED,
3619 &cp->type, sizeof(cp->type));
d9483943
JH		 3620 mgmt_pending_remove(cmd);
3621 goto failed;
3622 }
66ea9427 3623 }
d9483943 3624
66ea9427 3625 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3626 queue_work(hdev->req_workqueue, &hdev->discov_update);
3627 err = 0;
14a53664
JH		 3628
3629failed:
09fd0de5 3630 hci_dev_unlock(hdev);
14a53664
JH		 3631 return err;
3632}
3633
2154d3f4 3634void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 3635{
3b0602cd 3636 struct mgmt_pending_cmd *cmd;
1183fdca 3637
0e05bba6
AG		 3638 BT_DBG("status %d", status);
3639
3640 hci_dev_lock(hdev);
3641
333ae95d 3642 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 3643 if (cmd) {
2922a94f 3644 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 3645 mgmt_pending_remove(cmd);
0e05bba6
AG		 3646 }
3647
0e05bba6
AG		 3648 hci_dev_unlock(hdev);
3649}
3650
bdb6d971 3651static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3652 u16 len)
14a53664 3653{
d930650b 3654 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 3655 struct mgmt_pending_cmd *cmd;
14a53664
JH		 3656 int err;
3657
bdb6d971 3658 BT_DBG("%s", hdev->name);
14a53664 3659
09fd0de5 3660 hci_dev_lock(hdev);
14a53664 3661
30dc78e1 3662 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3663 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3664 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3665 sizeof(mgmt_cp->type));
d930650b
JH		 3666 goto unlock;
3667 }
3668
3669 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 3670 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3671 MGMT_STATUS_INVALID_PARAMS,
3672 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 3673 goto unlock;
ff9ef578
JH		 3674 }
3675
2922a94f 3676 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 3677 if (!cmd) {
3678 err = -ENOMEM;
30dc78e1
JH		 3679 goto unlock;
3680 }
3681
2922a94f
JH		 3682 cmd->cmd_complete = generic_cmd_complete;
3683
2154d3f4
JH		 3684 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3685 queue_work(hdev->req_workqueue, &hdev->discov_update);
3686 err = 0;
14a53664 3687
30dc78e1 3688unlock:
09fd0de5 3689 hci_dev_unlock(hdev);
14a53664
JH		 3690 return err;
3691}
3692
bdb6d971 3693static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3694 u16 len)
561aafbc 3695{
650f726d 3696 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3697 struct inquiry_entry *e;
561aafbc
JH		 3698 int err;
3699
bdb6d971 3700 BT_DBG("%s", hdev->name);
561aafbc 3701
561aafbc
JH		 3702 hci_dev_lock(hdev);
3703
30dc78e1 3704 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3705 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3706 MGMT_STATUS_FAILED, &cp->addr,
3707 sizeof(cp->addr));
30dc78e1
JH		 3708 goto failed;
3709 }
3710
a198e7b1 3711 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3712 if (!e) {
2a1afb5a
JH		 3713 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3714 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3715 sizeof(cp->addr));
561aafbc
JH		 3716 goto failed;
3717 }
3718
3719 if (cp->name_known) {
3720 e->name_state = NAME_KNOWN;
3721 list_del(&e->list);
3722 } else {
3723 e->name_state = NAME_NEEDED;
a3d4e20a 3724 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3725 }
3726
2a1afb5a
JH		 3727 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3728 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 3729
3730failed:
3731 hci_dev_unlock(hdev);
561aafbc
JH		 3732 return err;
3733}
3734
bdb6d971 3735static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3736 u16 len)
7fbec224 3737{
650f726d 3738 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3739 u8 status;
7fbec224
AJ		 3740 int err;
3741
bdb6d971 3742 BT_DBG("%s", hdev->name);
7fbec224 3743
4ee71b20 3744 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3745 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3746 MGMT_STATUS_INVALID_PARAMS,
3747 &cp->addr, sizeof(cp->addr));
4ee71b20 3748
09fd0de5 3749 hci_dev_lock(hdev);
5e762444 3750
dcc36c16
JH		 3751 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3752 cp->addr.type);
2a8357f2 3753 if (err < 0) {
f0eeea8b 3754 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3755 goto done;
3756 }
3757
3758 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3759 sk);
3760 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3761
2a8357f2 3762done:
2a1afb5a
JH		 3763 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3764 &cp->addr, sizeof(cp->addr));
5e762444 3765
09fd0de5 3766 hci_dev_unlock(hdev);
7fbec224
AJ		 3767
3768 return err;
3769}
3770
bdb6d971 3771static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3772 u16 len)
7fbec224 3773{
650f726d 3774 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3775 u8 status;
7fbec224
AJ		 3776 int err;
3777
bdb6d971 3778 BT_DBG("%s", hdev->name);
7fbec224 3779
4ee71b20 3780 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3781 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3782 MGMT_STATUS_INVALID_PARAMS,
3783 &cp->addr, sizeof(cp->addr));
4ee71b20 3784
09fd0de5 3785 hci_dev_lock(hdev);
5e762444 3786
dcc36c16
JH		 3787 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3788 cp->addr.type);
2a8357f2 3789 if (err < 0) {
f0eeea8b 3790 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3791 goto done;
3792 }
3793
3794 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3795 sk);
3796 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3797
2a8357f2 3798done:
2a1afb5a
JH		 3799 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3800 &cp->addr, sizeof(cp->addr));
5e762444 3801
09fd0de5 3802 hci_dev_unlock(hdev);
7fbec224
AJ		 3803
3804 return err;
3805}
3806
cdbaccca
MH		 3807static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3808 u16 len)
3809{
3810 struct mgmt_cp_set_device_id *cp = data;
890ea898 3811 struct hci_request req;
cdbaccca 3812 int err;
c72d4b8a 3813 __u16 source;
cdbaccca
MH		 3814
3815 BT_DBG("%s", hdev->name);
3816
c72d4b8a
SJ		 3817 source = __le16_to_cpu(cp->source);
3818
3819 if (source > 0x0002)
a69e8375
JH		 3820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3821 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 3822
cdbaccca
MH		 3823 hci_dev_lock(hdev);
3824
c72d4b8a 3825 hdev->devid_source = source;
cdbaccca
MH		 3826 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3827 hdev->devid_product = __le16_to_cpu(cp->product);
3828 hdev->devid_version = __le16_to_cpu(cp->version);
3829
2a1afb5a
JH		 3830 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3831 NULL, 0);
cdbaccca 3832
890ea898 3833 hci_req_init(&req, hdev);
b1a8917c 3834 __hci_req_update_eir(&req);
890ea898 3835 hci_req_run(&req, NULL);
cdbaccca
MH		 3836
3837 hci_dev_unlock(hdev);
3838
3839 return err;
3840}
3841
24b4f38f
AU		 3842static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3843 u16 opcode)
3844{
3845 BT_DBG("status %d", status);
3846}
3847
1904a853
MH		 3848static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3849 u16 opcode)
4375f103
JH		 3850{
3851 struct cmd_lookup match = { NULL, hdev };
24b4f38f 3852 struct hci_request req;
7816b820
FG		 3853 u8 instance;
3854 struct adv_info *adv_instance;
3855 int err;
4375f103 3856
3ad67582
JK		 3857 hci_dev_lock(hdev);
3858
4375f103
JH		 3859 if (status) {
3860 u8 mgmt_err = mgmt_status(status);
3861
3862 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3863 cmd_status_rsp, &mgmt_err);
3ad67582 3864 goto unlock;
4375f103
JH		 3865 }
3866
d7a5a11d 3867 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 3868 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 3869 else
a358dc11 3870 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 3871
4375f103
JH		 3872 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3873 &match);
3874
3875 new_settings(hdev, match.sk);
3876
3877 if (match.sk)
3878 sock_put(match.sk);
3ad67582 3879
24b4f38f 3880 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 3881 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 3882 */
3883 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 3884 list_empty(&hdev->adv_instances))
24b4f38f
AU		 3885 goto unlock;
3886
7816b820
FG		 3887 instance = hdev->cur_adv_instance;
3888 if (!instance) {
3889 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3890 struct adv_info, list);
3891 if (!adv_instance)
3892 goto unlock;
3893
3894 instance = adv_instance->instance;
3895 }
3896
24b4f38f
AU		 3897 hci_req_init(&req, hdev);
3898
f2252570 3899 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 3900
3901 if (!err)
3902 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 3903
7816b820 3904 if (err)
24b4f38f
AU		 3905 BT_ERR("Failed to re-configure advertising");
3906
3ad67582
JK		 3907unlock:
3908 hci_dev_unlock(hdev);
4375f103
JH		 3909}
3910
21b5187f
MH		 3911static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3912 u16 len)
4375f103
JH		 3913{
3914 struct mgmt_mode *cp = data;
3b0602cd 3915 struct mgmt_pending_cmd *cmd;
4375f103 3916 struct hci_request req;
cc91cb04 3917 u8 val, status;
4375f103
JH		 3918 int err;
3919
3920 BT_DBG("request for %s", hdev->name);
3921
e6fe7986
JH		 3922 status = mgmt_le_support(hdev);
3923 if (status)
a69e8375
JH		 3924 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3925 status);
4375f103 3926
cc91cb04 3927 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 3928 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3929 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 3930
3931 hci_dev_lock(hdev);
3932
3933 val = !!cp->val;
4375f103 3934
f74ca9b8
JH		 3935 /* The following conditions are ones which mean that we should
3936 * not do any HCI communication but directly send a mgmt
3937 * response to user space (after toggling the flag if
3938 * necessary).
3939 */
cc91cb04 3940 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 3941 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3942 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 3943 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 3944 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 3945 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 3946 bool changed;
4375f103 3947
cc91cb04 3948 if (cp->val) {
cab054ab 3949 hdev->cur_adv_instance = 0x00;
238be788 3950 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 3951 if (cp->val == 0x02)
a1536da2 3952 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3953 else
a358dc11 3954 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3955 } else {
a69d8927 3956 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 3957 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 3958 }
3959
3960 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3961 if (err < 0)
3962 goto unlock;
3963
3964 if (changed)
3965 err = new_settings(hdev, sk);
3966
3967 goto unlock;
3968 }
3969
333ae95d
JH		 3970 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3971 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 3972 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3973 MGMT_STATUS_BUSY);
4375f103
JH		 3974 goto unlock;
3975 }
3976
3977 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
3978 if (!cmd) {
3979 err = -ENOMEM;
3980 goto unlock;
3981 }
3982
3983 hci_req_init(&req, hdev);
3984
cc91cb04 3985 if (cp->val == 0x02)
a1536da2 3986 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3987 else
a358dc11 3988 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3989
7816b820
FG		 3990 cancel_adv_timeout(hdev);
3991
24b4f38f 3992 if (val) {
7816b820
FG		 3993 /* Switch to instance "0" for the Set Advertising setting.
3994 * We cannot use update_[adv|scan_rsp]_data() here as the
3995 * HCI_ADVERTISING flag is not yet set.
3996 */
cab054ab 3997 hdev->cur_adv_instance = 0x00;
f2252570
JH		 3998 __hci_req_update_adv_data(&req, 0x00);
3999 __hci_req_update_scan_rsp_data(&req, 0x00);
4000 __hci_req_enable_advertising(&req);
24b4f38f 4001 } else {
f2252570 4002 __hci_req_disable_advertising(&req);
24b4f38f 4003 }
4375f103
JH		 4004
4005 err = hci_req_run(&req, set_advertising_complete);
4006 if (err < 0)
4007 mgmt_pending_remove(cmd);
4008
4009unlock:
4010 hci_dev_unlock(hdev);
4011 return err;
4012}
4013
d13eafce
MH		 4014static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4015 void *data, u16 len)
4016{
4017 struct mgmt_cp_set_static_address *cp = data;
4018 int err;
4019
4020 BT_DBG("%s", hdev->name);
4021
62af4443 4022 if (!lmp_le_capable(hdev))
a69e8375
JH		 4023 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4024 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4025
4026 if (hdev_is_powered(hdev))
a69e8375
JH		 4027 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4028 MGMT_STATUS_REJECTED);
d13eafce
MH		 4029
4030 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4031 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4032 return mgmt_cmd_status(sk, hdev->id,
4033 MGMT_OP_SET_STATIC_ADDRESS,
4034 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4035
4036 /* Two most significant bits shall be set */
4037 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4038 return mgmt_cmd_status(sk, hdev->id,
4039 MGMT_OP_SET_STATIC_ADDRESS,
4040 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4041 }
4042
4043 hci_dev_lock(hdev);
4044
4045 bacpy(&hdev->static_addr, &cp->bdaddr);
4046
93690c22
MH		 4047 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4048 if (err < 0)
4049 goto unlock;
4050
4051 err = new_settings(hdev, sk);
d13eafce 4052
93690c22 4053unlock:
d13eafce 4054 hci_dev_unlock(hdev);
d13eafce
MH		 4055 return err;
4056}
4057
14b49b9a
MH		 4058static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4059 void *data, u16 len)
4060{
4061 struct mgmt_cp_set_scan_params *cp = data;
4062 __u16 interval, window;
4063 int err;
4064
4065 BT_DBG("%s", hdev->name);
4066
4067 if (!lmp_le_capable(hdev))
a69e8375
JH		 4068 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4069 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4070
4071 interval = __le16_to_cpu(cp->interval);
4072
4073 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4074 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4075 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4076
4077 window = __le16_to_cpu(cp->window);
4078
4079 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4080 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4081 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4082
899e1075 4083 if (window > interval)
a69e8375
JH		 4084 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4085 MGMT_STATUS_INVALID_PARAMS);
899e1075 4086
14b49b9a
MH		 4087 hci_dev_lock(hdev);
4088
4089 hdev->le_scan_interval = interval;
4090 hdev->le_scan_window = window;
4091
2a1afb5a
JH		 4092 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4093 NULL, 0);
14b49b9a 4094
dd2ef8e2
AG		 4095 /* If background scan is running, restart it so new parameters are
4096 * loaded.
4097 */
d7a5a11d 4098 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4099 hdev->discovery.state == DISCOVERY_STOPPED) {
4100 struct hci_request req;
4101
4102 hci_req_init(&req, hdev);
4103
4104 hci_req_add_le_scan_disable(&req);
4105 hci_req_add_le_passive_scan(&req);
4106
4107 hci_req_run(&req, NULL);
4108 }
4109
14b49b9a
MH		 4110 hci_dev_unlock(hdev);
4111
4112 return err;
4113}
4114
1904a853
MH		 4115static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4116 u16 opcode)
33e38b3e 4117{
3b0602cd 4118 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4119
4120 BT_DBG("status 0x%02x", status);
4121
4122 hci_dev_lock(hdev);
4123
333ae95d 4124 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4125 if (!cmd)
4126 goto unlock;
4127
4128 if (status) {
a69e8375
JH		 4129 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4130 mgmt_status(status));
33e38b3e 4131 } else {
1a4d3c4b
JH		 4132 struct mgmt_mode *cp = cmd->param;
4133
4134 if (cp->val)
a1536da2 4135 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4136 else
a358dc11 4137 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4138
33e38b3e
JH		 4139 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4140 new_settings(hdev, cmd->sk);
4141 }
4142
4143 mgmt_pending_remove(cmd);
4144
4145unlock:
4146 hci_dev_unlock(hdev);
4147}
4148
bdb6d971 4149static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4150 void *data, u16 len)
f6422ec6 4151{
650f726d 4152 struct mgmt_mode *cp = data;
3b0602cd 4153 struct mgmt_pending_cmd *cmd;
33e38b3e 4154 struct hci_request req;
f6422ec6
AJ		 4155 int err;
4156
bdb6d971 4157 BT_DBG("%s", hdev->name);
f6422ec6 4158
d7a5a11d 4159 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4160 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4161 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4162 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4163
a7e80f25 4164 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4166 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4167
f6422ec6
AJ		 4168 hci_dev_lock(hdev);
4169
333ae95d 4170 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4172 MGMT_STATUS_BUSY);
05cbf29f
JH		 4173 goto unlock;
4174 }
4175
d7a5a11d 4176 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4177 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4178 hdev);
4179 goto unlock;
4180 }
4181
406ef2a6 4182 if (!hdev_is_powered(hdev)) {
ce05d603 4183 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4184 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4185 hdev);
4186 new_settings(hdev, sk);
4187 goto unlock;
4188 }
4189
33e38b3e
JH		 4190 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4191 data, len);
4192 if (!cmd) {
4193 err = -ENOMEM;
4194 goto unlock;
f6422ec6
AJ		 4195 }
4196
33e38b3e
JH		 4197 hci_req_init(&req, hdev);
4198
bf943cbf 4199 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4200
4201 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4202 if (err < 0) {
a69e8375
JH		 4203 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4204 MGMT_STATUS_FAILED);
33e38b3e 4205 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4206 }
4207
33e38b3e 4208unlock:
f6422ec6 4209 hci_dev_unlock(hdev);
33e38b3e 4210
f6422ec6
AJ		 4211 return err;
4212}
4213
1904a853 4214static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4215{
3b0602cd 4216 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4217
4218 BT_DBG("status 0x%02x", status);
4219
4220 hci_dev_lock(hdev);
4221
333ae95d 4222 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4223 if (!cmd)
4224 goto unlock;
4225
4226 if (status) {
4227 u8 mgmt_err = mgmt_status(status);
4228
4229 /* We need to restore the flag if related HCI commands
4230 * failed.
4231 */
a358dc11 4232 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4233
a69e8375 4234 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4235 } else {
4236 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4237 new_settings(hdev, cmd->sk);
4238 }
4239
4240 mgmt_pending_remove(cmd);
4241
4242unlock:
4243 hci_dev_unlock(hdev);
4244}
4245
4246static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4247{
4248 struct mgmt_mode *cp = data;
3b0602cd 4249 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4250 struct hci_request req;
4251 int err;
4252
4253 BT_DBG("request for %s", hdev->name);
4254
4255 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4256 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4257 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4258
d7a5a11d 4259 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4260 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4261 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4262
4263 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4264 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4265 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4266
4267 hci_dev_lock(hdev);
4268
d7a5a11d 4269 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4270 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4271 goto unlock;
4272 }
4273
4274 if (!hdev_is_powered(hdev)) {
4275 if (!cp->val) {
a358dc11
MH		 4276 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4277 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4278 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4279 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4280 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4281 }
4282
ce05d603 4283 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4284
4285 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4286 if (err < 0)
4287 goto unlock;
4288
4289 err = new_settings(hdev, sk);
4290 goto unlock;
4291 }
4292
4293 /* Reject disabling when powered on */
4294 if (!cp->val) {
a69e8375
JH		 4295 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4296 MGMT_STATUS_REJECTED);
0663ca2a 4297 goto unlock;
111e4bcc
MH		 4298 } else {
4299 /* When configuring a dual-mode controller to operate
4300 * with LE only and using a static address, then switching
4301 * BR/EDR back on is not allowed.
4302 *
4303 * Dual-mode controllers shall operate with the public
4304 * address as its identity address for BR/EDR and LE. So
4305 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4306 *
4307 * The same restrictions applies when secure connections
4308 * has been enabled. For BR/EDR this is a controller feature
4309 * while for LE it is a host stack feature. This means that
4310 * switching BR/EDR back on when secure connections has been
4311 * enabled is not a supported transaction.
111e4bcc 4312 */
d7a5a11d 4313 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4314 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4315 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4316 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4317 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4318 goto unlock;
4319 }
0663ca2a
JH		 4320 }
4321
333ae95d 4322 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4323 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4324 MGMT_STATUS_BUSY);
0663ca2a
JH		 4325 goto unlock;
4326 }
4327
4328 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4329 if (!cmd) {
4330 err = -ENOMEM;
4331 goto unlock;
4332 }
4333
f2252570
JH		 4334 /* We need to flip the bit already here so that
4335 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4336 */
a1536da2 4337 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4338
4339 hci_req_init(&req, hdev);
aa8af46e 4340
bf943cbf 4341 __hci_req_write_fast_connectable(&req, false);
01b1cb87 4342 __hci_req_update_scan(&req);
aa8af46e 4343
f14d8f64
MH		 4344 /* Since only the advertising data flags will change, there
4345 * is no need to update the scan response data.
4346 */
cab054ab 4347 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
aa8af46e 4348
0663ca2a
JH		 4349 err = hci_req_run(&req, set_bredr_complete);
4350 if (err < 0)
4351 mgmt_pending_remove(cmd);
4352
4353unlock:
4354 hci_dev_unlock(hdev);
4355 return err;
4356}
4357
a1443f5a
JH		 4358static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4359{
3b0602cd 4360 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4361 struct mgmt_mode *cp;
4362
4363 BT_DBG("%s status %u", hdev->name, status);
4364
4365 hci_dev_lock(hdev);
4366
333ae95d 4367 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4368 if (!cmd)
4369 goto unlock;
4370
4371 if (status) {
a69e8375
JH		 4372 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4373 mgmt_status(status));
a1443f5a
JH		 4374 goto remove;
4375 }
4376
4377 cp = cmd->param;
4378
4379 switch (cp->val) {
4380 case 0x00:
a358dc11
MH		 4381 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4382 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4383 break;
4384 case 0x01:
a1536da2 4385 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4386 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4387 break;
4388 case 0x02:
a1536da2
MH		 4389 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4390 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4391 break;
4392 }
4393
4394 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4395 new_settings(hdev, cmd->sk);
4396
4397remove:
4398 mgmt_pending_remove(cmd);
4399unlock:
4400 hci_dev_unlock(hdev);
4401}
4402
eac83dc6
MH		 4403static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4404 void *data, u16 len)
4405{
4406 struct mgmt_mode *cp = data;
3b0602cd 4407 struct mgmt_pending_cmd *cmd;
a1443f5a 4408 struct hci_request req;
a3209694 4409 u8 val;
eac83dc6
MH		 4410 int err;
4411
4412 BT_DBG("request for %s", hdev->name);
4413
05b3c3e7 4414 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4415 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4417 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4418
d7a5a11d 4419 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4420 lmp_sc_capable(hdev) &&
d7a5a11d 4421 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4422 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4423 MGMT_STATUS_REJECTED);
ed93ec69 4424
0ab04a9c 4425 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4426 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4427 MGMT_STATUS_INVALID_PARAMS);
4428
4429 hci_dev_lock(hdev);
4430
05b3c3e7 4431 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4432 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4433 bool changed;
4434
0ab04a9c 4435 if (cp->val) {
238be788
MH		 4436 changed = !hci_dev_test_and_set_flag(hdev,
4437 HCI_SC_ENABLED);
0ab04a9c 4438 if (cp->val == 0x02)
a1536da2 4439 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4440 else
a358dc11 4441 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4442 } else {
a69d8927
MH		 4443 changed = hci_dev_test_and_clear_flag(hdev,
4444 HCI_SC_ENABLED);
a358dc11 4445 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4446 }
eac83dc6
MH		 4447
4448 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4449 if (err < 0)
4450 goto failed;
4451
4452 if (changed)
4453 err = new_settings(hdev, sk);
4454
4455 goto failed;
4456 }
4457
333ae95d 4458 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4459 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4460 MGMT_STATUS_BUSY);
eac83dc6
MH		 4461 goto failed;
4462 }
4463
0ab04a9c
MH		 4464 val = !!cp->val;
4465
d7a5a11d
MH		 4466 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4467 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4468 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4469 goto failed;
4470 }
4471
4472 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4473 if (!cmd) {
4474 err = -ENOMEM;
4475 goto failed;
4476 }
4477
a1443f5a
JH		 4478 hci_req_init(&req, hdev);
4479 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4480 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4481 if (err < 0) {
4482 mgmt_pending_remove(cmd);
4483 goto failed;
4484 }
4485
4486failed:
4487 hci_dev_unlock(hdev);
4488 return err;
4489}
4490
4e39ac81
MH		 4491static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4492 void *data, u16 len)
4493{
4494 struct mgmt_mode *cp = data;
b9710979 4495 bool changed, use_changed;
4e39ac81
MH		 4496 int err;
4497
4498 BT_DBG("request for %s", hdev->name);
4499
b9710979 4500 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4501 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4502 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4503
4504 hci_dev_lock(hdev);
4505
4506 if (cp->val)
238be788 4507 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4508 else
a69d8927
MH		 4509 changed = hci_dev_test_and_clear_flag(hdev,
4510 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4511
b9710979 4512 if (cp->val == 0x02)
238be788
MH		 4513 use_changed = !hci_dev_test_and_set_flag(hdev,
4514 HCI_USE_DEBUG_KEYS);
b9710979 4515 else
a69d8927
MH		 4516 use_changed = hci_dev_test_and_clear_flag(hdev,
4517 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4518
4519 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4520 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4521 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4522 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4523 sizeof(mode), &mode);
4524 }
4525
4e39ac81
MH		 4526 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4527 if (err < 0)
4528 goto unlock;
4529
4530 if (changed)
4531 err = new_settings(hdev, sk);
4532
4533unlock:
4534 hci_dev_unlock(hdev);
4535 return err;
4536}
4537
62b04cd1
JH		 4538static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4539 u16 len)
4540{
4541 struct mgmt_cp_set_privacy *cp = cp_data;
4542 bool changed;
4543 int err;
4544
4545 BT_DBG("request for %s", hdev->name);
4546
4547 if (!lmp_le_capable(hdev))
a69e8375
JH		 4548 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4549 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 4550
82a37ade 4551 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 4552 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4553 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4554
4555 if (hdev_is_powered(hdev))
a69e8375
JH		 4556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4557 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4558
4559 hci_dev_lock(hdev);
4560
c21c0ea0
JH		 4561 /* If user space supports this command it is also expected to
4562 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4563 */
a1536da2 4564 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4565
62b04cd1 4566 if (cp->privacy) {
238be788 4567 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4568 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4569 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
82a37ade
JH		 4570 if (cp->privacy == 0x02)
4571 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4572 else
4573 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 4574 } else {
a69d8927 4575 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4576 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4577 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
82a37ade 4578 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 4579 }
4580
4581 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4582 if (err < 0)
4583 goto unlock;
4584
4585 if (changed)
4586 err = new_settings(hdev, sk);
4587
4588unlock:
4589 hci_dev_unlock(hdev);
4590 return err;
4591}
4592
41edf160
JH		 4593static bool irk_is_valid(struct mgmt_irk_info *irk)
4594{
4595 switch (irk->addr.type) {
4596 case BDADDR_LE_PUBLIC:
4597 return true;
4598
4599 case BDADDR_LE_RANDOM:
4600 /* Two most significant bits shall be set */
4601 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4602 return false;
4603 return true;
4604 }
4605
4606 return false;
4607}
4608
4609static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4610 u16 len)
4611{
4612 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4613 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4614 sizeof(struct mgmt_irk_info));
41edf160
JH		 4615 u16 irk_count, expected_len;
4616 int i, err;
4617
4618 BT_DBG("request for %s", hdev->name);
4619
4620 if (!lmp_le_capable(hdev))
a69e8375
JH		 4621 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4622 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 4623
4624 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4625 if (irk_count > max_irk_count) {
4626 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 4627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4628 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4629 }
41edf160
JH		 4630
4631 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4632 if (expected_len != len) {
4633 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4634 expected_len, len);
a69e8375
JH		 4635 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4636 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4637 }
4638
4639 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4640
4641 for (i = 0; i < irk_count; i++) {
4642 struct mgmt_irk_info *key = &cp->irks[i];
4643
4644 if (!irk_is_valid(key))
a69e8375
JH		 4645 return mgmt_cmd_status(sk, hdev->id,
4646 MGMT_OP_LOAD_IRKS,
4647 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4648 }
4649
4650 hci_dev_lock(hdev);
4651
4652 hci_smp_irks_clear(hdev);
4653
4654 for (i = 0; i < irk_count; i++) {
4655 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 4656
85813a7e
JH		 4657 hci_add_irk(hdev, &irk->addr.bdaddr,
4658 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 4659 BDADDR_ANY);
4660 }
4661
a1536da2 4662 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 4663
2a1afb5a 4664 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 4665
4666 hci_dev_unlock(hdev);
4667
4668 return err;
4669}
4670
3f706b72
JH		 4671static bool ltk_is_valid(struct mgmt_ltk_info *key)
4672{
4673 if (key->master != 0x00 && key->master != 0x01)
4674 return false;
490cb0b3
MH		 4675
4676 switch (key->addr.type) {
4677 case BDADDR_LE_PUBLIC:
4678 return true;
4679
4680 case BDADDR_LE_RANDOM:
4681 /* Two most significant bits shall be set */
4682 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4683 return false;
4684 return true;
4685 }
4686
4687 return false;
3f706b72
JH		 4688}
4689
bdb6d971 4690static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4691 void *cp_data, u16 len)
346af67b 4692{
346af67b 4693 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4694 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4695 sizeof(struct mgmt_ltk_info));
346af67b 4696 u16 key_count, expected_len;
715a5bf2 4697 int i, err;
346af67b 4698
cf99ba13
MH		 4699 BT_DBG("request for %s", hdev->name);
4700
4701 if (!lmp_le_capable(hdev))
a69e8375
JH		 4702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4703 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 4704
1f350c87 4705 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4706 if (key_count > max_key_count) {
4707 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 4708 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4709 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4710 }
346af67b
VCG		 4711
4712 expected_len = sizeof(*cp) + key_count *
4713 sizeof(struct mgmt_ltk_info);
4714 if (expected_len != len) {
4715 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4716 expected_len, len);
a69e8375
JH		 4717 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4718 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4719 }
4720
bdb6d971 4721 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4722
54ad6d8a
JH		 4723 for (i = 0; i < key_count; i++) {
4724 struct mgmt_ltk_info *key = &cp->keys[i];
4725
3f706b72 4726 if (!ltk_is_valid(key))
a69e8375
JH		 4727 return mgmt_cmd_status(sk, hdev->id,
4728 MGMT_OP_LOAD_LONG_TERM_KEYS,
4729 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 4730 }
4731
346af67b
VCG		 4732 hci_dev_lock(hdev);
4733
4734 hci_smp_ltks_clear(hdev);
4735
4736 for (i = 0; i < key_count; i++) {
4737 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 4738 u8 type, authenticated;
346af67b 4739
61b43357
JH		 4740 switch (key->type) {
4741 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4742 authenticated = 0x00;
23fb8de3 4743 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4744 break;
4745 case MGMT_LTK_AUTHENTICATED:
d7b25450 4746 authenticated = 0x01;
23fb8de3
JH		 4747 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4748 break;
4749 case MGMT_LTK_P256_UNAUTH:
4750 authenticated = 0x00;
4751 type = SMP_LTK_P256;
61b43357 4752 break;
23fb8de3
JH		 4753 case MGMT_LTK_P256_AUTH:
4754 authenticated = 0x01;
4755 type = SMP_LTK_P256;
61b43357 4756 break;
23fb8de3
JH		 4757 case MGMT_LTK_P256_DEBUG:
4758 authenticated = 0x00;
4759 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4760 default:
4761 continue;
4762 }
d7b25450 4763
85813a7e
JH		 4764 hci_add_ltk(hdev, &key->addr.bdaddr,
4765 le_addr_type(key->addr.type), type, authenticated,
4766 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4767 }
4768
2a1afb5a 4769 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 4770 NULL, 0);
4771
346af67b 4772 hci_dev_unlock(hdev);
346af67b 4773
715a5bf2 4774 return err;
346af67b
VCG		 4775}
4776
3b0602cd 4777static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 4778{
dd983808 4779 struct hci_conn *conn = cmd->user_data;
9981bdb0 4780 struct mgmt_rp_get_conn_info rp;
9df74653 4781 int err;
dd983808 4782
9981bdb0 4783 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 4784
9981bdb0 4785 if (status == MGMT_STATUS_SUCCESS) {
dd983808 4786 rp.rssi = conn->rssi;
9981bdb0
JH		 4787 rp.tx_power = conn->tx_power;
4788 rp.max_tx_power = conn->max_tx_power;
4789 } else {
4790 rp.rssi = HCI_RSSI_INVALID;
4791 rp.tx_power = HCI_TX_POWER_INVALID;
4792 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 4793 }
4794
2a1afb5a
JH		 4795 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4796 status, &rp, sizeof(rp));
dd983808
AK		 4797
4798 hci_conn_drop(conn);
f8aaf9b6 4799 hci_conn_put(conn);
9df74653
JH		 4800
4801 return err;
dd983808
AK		 4802}
4803
1904a853
MH		 4804static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4805 u16 opcode)
dd983808
AK		 4806{
4807 struct hci_cp_read_rssi *cp;
3b0602cd 4808 struct mgmt_pending_cmd *cmd;
dd983808 4809 struct hci_conn *conn;
dd983808 4810 u16 handle;
9981bdb0 4811 u8 status;
dd983808 4812
9981bdb0 4813 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 4814
4815 hci_dev_lock(hdev);
4816
dd983808
AK		 4817 /* Commands sent in request are either Read RSSI or Read Transmit Power
4818 * Level so we check which one was last sent to retrieve connection
4819 * handle. Both commands have handle as first parameter so it's safe to
4820 * cast data on the same command struct.
4821 *
4822 * First command sent is always Read RSSI and we fail only if it fails.
4823 * In other case we simply override error to indicate success as we
4824 * already remembered if TX power value is actually valid.
4825 */
4826 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4827 if (!cp) {
4828 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 4829 status = MGMT_STATUS_SUCCESS;
4830 } else {
4831 status = mgmt_status(hci_status);
dd983808
AK		 4832 }
4833
4834 if (!cp) {
9981bdb0 4835 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 4836 goto unlock;
4837 }
4838
4839 handle = __le16_to_cpu(cp->handle);
4840 conn = hci_conn_hash_lookup_handle(hdev, handle);
4841 if (!conn) {
9981bdb0 4842 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 4843 goto unlock;
4844 }
4845
333ae95d 4846 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 4847 if (!cmd)
4848 goto unlock;
dd983808 4849
9981bdb0
JH		 4850 cmd->cmd_complete(cmd, status);
4851 mgmt_pending_remove(cmd);
dd983808
AK		 4852
4853unlock:
4854 hci_dev_unlock(hdev);
4855}
4856
4857static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4858 u16 len)
4859{
4860 struct mgmt_cp_get_conn_info *cp = data;
4861 struct mgmt_rp_get_conn_info rp;
4862 struct hci_conn *conn;
4863 unsigned long conn_info_age;
4864 int err = 0;
4865
4866 BT_DBG("%s", hdev->name);
4867
4868 memset(&rp, 0, sizeof(rp));
4869 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4870 rp.addr.type = cp->addr.type;
4871
4872 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4873 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4874 MGMT_STATUS_INVALID_PARAMS,
4875 &rp, sizeof(rp));
dd983808
AK		 4876
4877 hci_dev_lock(hdev);
4878
4879 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4880 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4881 MGMT_STATUS_NOT_POWERED, &rp,
4882 sizeof(rp));
dd983808
AK		 4883 goto unlock;
4884 }
4885
4886 if (cp->addr.type == BDADDR_BREDR)
4887 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4888 &cp->addr.bdaddr);
4889 else
4890 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4891
4892 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4893 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4894 MGMT_STATUS_NOT_CONNECTED, &rp,
4895 sizeof(rp));
dd983808
AK		 4896 goto unlock;
4897 }
4898
333ae95d 4899 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 4900 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4901 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 4902 goto unlock;
4903 }
4904
dd983808
AK		 4905 /* To avoid client trying to guess when to poll again for information we
4906 * calculate conn info age as random value between min/max set in hdev.
4907 */
4908 conn_info_age = hdev->conn_info_min_age +
4909 prandom_u32_max(hdev->conn_info_max_age -
4910 hdev->conn_info_min_age);
4911
4912 /* Query controller to refresh cached values if they are too old or were
4913 * never read.
4914 */
f4e2dd53
AK		 4915 if (time_after(jiffies, conn->conn_info_timestamp +
4916 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4917 !conn->conn_info_timestamp) {
4918 struct hci_request req;
4919 struct hci_cp_read_tx_power req_txp_cp;
4920 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 4921 struct mgmt_pending_cmd *cmd;
dd983808
AK		 4922
4923 hci_req_init(&req, hdev);
4924 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4925 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4926 &req_rssi_cp);
4927
f7faab0c
AK		 4928 /* For LE links TX power does not change thus we don't need to
4929 * query for it once value is known.
4930 */
4931 if (!bdaddr_type_is_le(cp->addr.type) ||
4932 conn->tx_power == HCI_TX_POWER_INVALID) {
4933 req_txp_cp.handle = cpu_to_le16(conn->handle);
4934 req_txp_cp.type = 0x00;
4935 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4936 sizeof(req_txp_cp), &req_txp_cp);
4937 }
dd983808 4938
eed5daf3
AK		 4939 /* Max TX power needs to be read only once per connection */
4940 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4941 req_txp_cp.handle = cpu_to_le16(conn->handle);
4942 req_txp_cp.type = 0x01;
4943 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4944 sizeof(req_txp_cp), &req_txp_cp);
4945 }
4946
dd983808
AK		 4947 err = hci_req_run(&req, conn_info_refresh_complete);
4948 if (err < 0)
4949 goto unlock;
4950
4951 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4952 data, len);
4953 if (!cmd) {
4954 err = -ENOMEM;
4955 goto unlock;
4956 }
4957
4958 hci_conn_hold(conn);
f8aaf9b6 4959 cmd->user_data = hci_conn_get(conn);
9981bdb0 4960 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 4961
4962 conn->conn_info_timestamp = jiffies;
4963 } else {
4964 /* Cache is valid, just reply with values cached in hci_conn */
4965 rp.rssi = conn->rssi;
4966 rp.tx_power = conn->tx_power;
eed5daf3 4967 rp.max_tx_power = conn->max_tx_power;
dd983808 4968
2a1afb5a
JH		 4969 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4970 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 4971 }
4972
4973unlock:
4974 hci_dev_unlock(hdev);
4975 return err;
4976}
4977
3b0602cd 4978static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 4979{
69487371 4980 struct hci_conn *conn = cmd->user_data;
95868426 4981 struct mgmt_rp_get_clock_info rp;
69487371 4982 struct hci_dev *hdev;
9df74653 4983 int err;
69487371
JH		 4984
4985 memset(&rp, 0, sizeof(rp));
56f787c5 4986 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
69487371
JH		 4987
4988 if (status)
4989 goto complete;
4990
4991 hdev = hci_dev_get(cmd->index);
4992 if (hdev) {
4993 rp.local_clock = cpu_to_le32(hdev->clock);
4994 hci_dev_put(hdev);
4995 }
4996
4997 if (conn) {
4998 rp.piconet_clock = cpu_to_le32(conn->clock);
4999 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5000 }
5001
5002complete:
2a1afb5a
JH		 5003 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5004 sizeof(rp));
69487371
JH		 5005
5006 if (conn) {
5007 hci_conn_drop(conn);
5008 hci_conn_put(conn);
5009 }
9df74653
JH		 5010
5011 return err;
69487371
JH		 5012}
5013
1904a853 5014static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5015{
95868426 5016 struct hci_cp_read_clock *hci_cp;
3b0602cd 5017 struct mgmt_pending_cmd *cmd;
95868426
JH		 5018 struct hci_conn *conn;
5019
5020 BT_DBG("%s status %u", hdev->name, status);
5021
5022 hci_dev_lock(hdev);
5023
5024 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5025 if (!hci_cp)
5026 goto unlock;
5027
5028 if (hci_cp->which) {
5029 u16 handle = __le16_to_cpu(hci_cp->handle);
5030 conn = hci_conn_hash_lookup_handle(hdev, handle);
5031 } else {
5032 conn = NULL;
5033 }
5034
333ae95d 5035 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5036 if (!cmd)
5037 goto unlock;
5038
69487371 5039 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5040 mgmt_pending_remove(cmd);
95868426
JH		 5041
5042unlock:
5043 hci_dev_unlock(hdev);
5044}
5045
5046static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5047 u16 len)
5048{
5049 struct mgmt_cp_get_clock_info *cp = data;
5050 struct mgmt_rp_get_clock_info rp;
5051 struct hci_cp_read_clock hci_cp;
3b0602cd 5052 struct mgmt_pending_cmd *cmd;
95868426
JH		 5053 struct hci_request req;
5054 struct hci_conn *conn;
5055 int err;
5056
5057 BT_DBG("%s", hdev->name);
5058
5059 memset(&rp, 0, sizeof(rp));
5060 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5061 rp.addr.type = cp->addr.type;
5062
5063 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5064 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5065 MGMT_STATUS_INVALID_PARAMS,
5066 &rp, sizeof(rp));
95868426
JH		 5067
5068 hci_dev_lock(hdev);
5069
5070 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5071 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5072 MGMT_STATUS_NOT_POWERED, &rp,
5073 sizeof(rp));
95868426
JH		 5074 goto unlock;
5075 }
5076
5077 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5078 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5079 &cp->addr.bdaddr);
5080 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5081 err = mgmt_cmd_complete(sk, hdev->id,
5082 MGMT_OP_GET_CLOCK_INFO,
5083 MGMT_STATUS_NOT_CONNECTED,
5084 &rp, sizeof(rp));
95868426
JH		 5085 goto unlock;
5086 }
5087 } else {
5088 conn = NULL;
5089 }
5090
5091 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5092 if (!cmd) {
5093 err = -ENOMEM;
5094 goto unlock;
5095 }
5096
69487371
JH		 5097 cmd->cmd_complete = clock_info_cmd_complete;
5098
95868426
JH		 5099 hci_req_init(&req, hdev);
5100
5101 memset(&hci_cp, 0, sizeof(hci_cp));
5102 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5103
5104 if (conn) {
5105 hci_conn_hold(conn);
f8aaf9b6 5106 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5107
5108 hci_cp.handle = cpu_to_le16(conn->handle);
5109 hci_cp.which = 0x01; /* Piconet clock */
5110 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5111 }
5112
5113 err = hci_req_run(&req, get_clock_info_complete);
5114 if (err < 0)
5115 mgmt_pending_remove(cmd);
5116
5117unlock:
5118 hci_dev_unlock(hdev);
5119 return err;
5120}
5121
5a154e6f
JH		 5122static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5123{
5124 struct hci_conn *conn;
5125
5126 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5127 if (!conn)
5128 return false;
5129
5130 if (conn->dst_type != type)
5131 return false;
5132
5133 if (conn->state != BT_CONNECTED)
5134 return false;
5135
5136 return true;
5137}
5138
5139/* This function requires the caller holds hdev->lock */
51d7a94d 5140static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5141 u8 addr_type, u8 auto_connect)
5142{
5a154e6f
JH		 5143 struct hci_conn_params *params;
5144
5145 params = hci_conn_params_add(hdev, addr, addr_type);
5146 if (!params)
5147 return -EIO;
5148
5149 if (params->auto_connect == auto_connect)
5150 return 0;
5151
5152 list_del_init(&params->action);
5153
5154 switch (auto_connect) {
5155 case HCI_AUTO_CONN_DISABLED:
5156 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5157 /* If auto connect is being disabled when we're trying to
5158 * connect to device, keep connecting.
5159 */
5160 if (params->explicit_connect)
5161 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5162 break;
5163 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5164 if (params->explicit_connect)
5165 list_add(&params->action, &hdev->pend_le_conns);
5166 else
5167 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5168 break;
5169 case HCI_AUTO_CONN_DIRECT:
5170 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5171 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5172 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5173 break;
5174 }
5175
5176 params->auto_connect = auto_connect;
5177
5178 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5179 auto_connect);
5180
5181 return 0;
5182}
5183
8afef092
MH		 5184static void device_added(struct sock *sk, struct hci_dev *hdev,
5185 bdaddr_t *bdaddr, u8 type, u8 action)
5186{
5187 struct mgmt_ev_device_added ev;
5188
5189 bacpy(&ev.addr.bdaddr, bdaddr);
5190 ev.addr.type = type;
5191 ev.action = action;
5192
5193 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5194}
5195
2faade53
MH		 5196static int add_device(struct sock *sk, struct hci_dev *hdev,
5197 void *data, u16 len)
5198{
5199 struct mgmt_cp_add_device *cp = data;
5200 u8 auto_conn, addr_type;
5201 int err;
5202
5203 BT_DBG("%s", hdev->name);
5204
6659358e 5205 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5206 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5207 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5208 MGMT_STATUS_INVALID_PARAMS,
5209 &cp->addr, sizeof(cp->addr));
2faade53 5210
4b9e7e75 5211 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5212 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5213 MGMT_STATUS_INVALID_PARAMS,
5214 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5215
5216 hci_dev_lock(hdev);
5217
6659358e 5218 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5219 /* Only incoming connections action is supported for now */
6659358e 5220 if (cp->action != 0x01) {
51d7a94d
JH		 5221 err = mgmt_cmd_complete(sk, hdev->id,
5222 MGMT_OP_ADD_DEVICE,
5223 MGMT_STATUS_INVALID_PARAMS,
5224 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5225 goto unlock;
5226 }
5227
5228 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5229 cp->addr.type);
5230 if (err)
5231 goto unlock;
a397407f 5232
01b1cb87 5233 hci_req_update_scan(hdev);
a397407f 5234
6659358e
JH		 5235 goto added;
5236 }
5237
85813a7e 5238 addr_type = le_addr_type(cp->addr.type);
2faade53 5239
4b9e7e75 5240 if (cp->action == 0x02)
2faade53 5241 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5242 else if (cp->action == 0x01)
5243 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5244 else
a3451d27 5245 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5246
9a0a8a8e
JP		 5247 /* Kernel internally uses conn_params with resolvable private
5248 * address, but Add Device allows only identity addresses.
5249 * Make sure it is enforced before calling
5250 * hci_conn_params_lookup.
5251 */
5252 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5253 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5254 MGMT_STATUS_INVALID_PARAMS,
5255 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5256 goto unlock;
5257 }
5258
bf5b3c8b
MH		 5259 /* If the connection parameters don't exist for this device,
5260 * they will be created and configured with defaults.
5261 */
51d7a94d 5262 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5263 auto_conn) < 0) {
51d7a94d
JH		 5264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5265 MGMT_STATUS_FAILED, &cp->addr,
5266 sizeof(cp->addr));
2faade53
MH		 5267 goto unlock;
5268 }
5269
51d7a94d
JH		 5270 hci_update_background_scan(hdev);
5271
6659358e 5272added:
8afef092
MH		 5273 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5274
51d7a94d
JH		 5275 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5276 MGMT_STATUS_SUCCESS, &cp->addr,
5277 sizeof(cp->addr));
2faade53
MH		 5278
5279unlock:
5280 hci_dev_unlock(hdev);
5281 return err;
5282}
5283
8afef092
MH		 5284static void device_removed(struct sock *sk, struct hci_dev *hdev,
5285 bdaddr_t *bdaddr, u8 type)
5286{
5287 struct mgmt_ev_device_removed ev;
5288
5289 bacpy(&ev.addr.bdaddr, bdaddr);
5290 ev.addr.type = type;
5291
5292 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5293}
5294
2faade53
MH		 5295static int remove_device(struct sock *sk, struct hci_dev *hdev,
5296 void *data, u16 len)
5297{
5298 struct mgmt_cp_remove_device *cp = data;
5299 int err;
5300
5301 BT_DBG("%s", hdev->name);
5302
5303 hci_dev_lock(hdev);
5304
5305 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5306 struct hci_conn_params *params;
2faade53
MH		 5307 u8 addr_type;
5308
6659358e 5309 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5310 err = mgmt_cmd_complete(sk, hdev->id,
5311 MGMT_OP_REMOVE_DEVICE,
5312 MGMT_STATUS_INVALID_PARAMS,
5313 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5314 goto unlock;
5315 }
5316
6659358e
JH		 5317 if (cp->addr.type == BDADDR_BREDR) {
5318 err = hci_bdaddr_list_del(&hdev->whitelist,
5319 &cp->addr.bdaddr,
5320 cp->addr.type);
5321 if (err) {
51d7a94d
JH		 5322 err = mgmt_cmd_complete(sk, hdev->id,
5323 MGMT_OP_REMOVE_DEVICE,
5324 MGMT_STATUS_INVALID_PARAMS,
5325 &cp->addr,
5326 sizeof(cp->addr));
6659358e
JH		 5327 goto unlock;
5328 }
5329
01b1cb87 5330 hci_req_update_scan(hdev);
a397407f 5331
6659358e
JH		 5332 device_removed(sk, hdev, &cp->addr.bdaddr,
5333 cp->addr.type);
5334 goto complete;
5335 }
5336
85813a7e 5337 addr_type = le_addr_type(cp->addr.type);
2faade53 5338
9a0a8a8e
JP		 5339 /* Kernel internally uses conn_params with resolvable private
5340 * address, but Remove Device allows only identity addresses.
5341 * Make sure it is enforced before calling
5342 * hci_conn_params_lookup.
5343 */
5344 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5345 err = mgmt_cmd_complete(sk, hdev->id,
5346 MGMT_OP_REMOVE_DEVICE,
5347 MGMT_STATUS_INVALID_PARAMS,
5348 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5349 goto unlock;
5350 }
5351
c71593dd
JH		 5352 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5353 addr_type);
5354 if (!params) {
51d7a94d
JH		 5355 err = mgmt_cmd_complete(sk, hdev->id,
5356 MGMT_OP_REMOVE_DEVICE,
5357 MGMT_STATUS_INVALID_PARAMS,
5358 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5359 goto unlock;
5360 }
5361
679d2b6f
JH		 5362 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5363 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5364 err = mgmt_cmd_complete(sk, hdev->id,
5365 MGMT_OP_REMOVE_DEVICE,
5366 MGMT_STATUS_INVALID_PARAMS,
5367 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5368 goto unlock;
5369 }
5370
d1dbf12e 5371 list_del(&params->action);
c71593dd
JH		 5372 list_del(&params->list);
5373 kfree(params);
51d7a94d 5374 hci_update_background_scan(hdev);
8afef092
MH		 5375
5376 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5377 } else {
19de0825 5378 struct hci_conn_params *p, *tmp;
6659358e 5379 struct bdaddr_list *b, *btmp;
19de0825 5380
2faade53 5381 if (cp->addr.type) {
51d7a94d
JH		 5382 err = mgmt_cmd_complete(sk, hdev->id,
5383 MGMT_OP_REMOVE_DEVICE,
5384 MGMT_STATUS_INVALID_PARAMS,
5385 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5386 goto unlock;
5387 }
5388
6659358e
JH		 5389 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5390 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5391 list_del(&b->list);
5392 kfree(b);
5393 }
5394
01b1cb87 5395 hci_req_update_scan(hdev);
a397407f 5396
19de0825
JH		 5397 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5398 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5399 continue;
5400 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5401 if (p->explicit_connect) {
5402 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5403 continue;
5404 }
19de0825
JH		 5405 list_del(&p->action);
5406 list_del(&p->list);
5407 kfree(p);
5408 }
5409
5410 BT_DBG("All LE connection parameters were removed");
5411
51d7a94d 5412 hci_update_background_scan(hdev);
2faade53
MH		 5413 }
5414
6659358e 5415complete:
51d7a94d
JH		 5416 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5417 MGMT_STATUS_SUCCESS, &cp->addr,
5418 sizeof(cp->addr));
2faade53
MH		 5419unlock:
5420 hci_dev_unlock(hdev);
5421 return err;
5422}
5423
a26f3dcf
JH		 5424static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5425 u16 len)
5426{
5427 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5428 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5429 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5430 u16 param_count, expected_len;
5431 int i;
5432
5433 if (!lmp_le_capable(hdev))
a69e8375
JH		 5434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5435 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5436
5437 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5438 if (param_count > max_param_count) {
5439 BT_ERR("load_conn_param: too big param_count value %u",
5440 param_count);
a69e8375
JH		 5441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5442 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5443 }
a26f3dcf
JH		 5444
5445 expected_len = sizeof(*cp) + param_count *
5446 sizeof(struct mgmt_conn_param);
5447 if (expected_len != len) {
5448 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5449 expected_len, len);
a69e8375
JH		 5450 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5451 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5452 }
5453
5454 BT_DBG("%s param_count %u", hdev->name, param_count);
5455
5456 hci_dev_lock(hdev);
5457
5458 hci_conn_params_clear_disabled(hdev);
5459
5460 for (i = 0; i < param_count; i++) {
5461 struct mgmt_conn_param *param = &cp->params[i];
5462 struct hci_conn_params *hci_param;
5463 u16 min, max, latency, timeout;
5464 u8 addr_type;
5465
5466 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5467 param->addr.type);
5468
5469 if (param->addr.type == BDADDR_LE_PUBLIC) {
5470 addr_type = ADDR_LE_DEV_PUBLIC;
5471 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5472 addr_type = ADDR_LE_DEV_RANDOM;
5473 } else {
5474 BT_ERR("Ignoring invalid connection parameters");
5475 continue;
5476 }
5477
5478 min = le16_to_cpu(param->min_interval);
5479 max = le16_to_cpu(param->max_interval);
5480 latency = le16_to_cpu(param->latency);
5481 timeout = le16_to_cpu(param->timeout);
5482
5483 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5484 min, max, latency, timeout);
5485
5486 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5487 BT_ERR("Ignoring invalid connection parameters");
5488 continue;
5489 }
5490
5491 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5492 addr_type);
5493 if (!hci_param) {
5494 BT_ERR("Failed to add connection parameters");
5495 continue;
5496 }
5497
5498 hci_param->conn_min_interval = min;
5499 hci_param->conn_max_interval = max;
5500 hci_param->conn_latency = latency;
5501 hci_param->supervision_timeout = timeout;
5502 }
5503
5504 hci_dev_unlock(hdev);
5505
2a1afb5a
JH		 5506 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5507 NULL, 0);
a26f3dcf
JH		 5508}
5509
dbece37a
MH		 5510static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5511 void *data, u16 len)
5512{
5513 struct mgmt_cp_set_external_config *cp = data;
5514 bool changed;
5515 int err;
5516
5517 BT_DBG("%s", hdev->name);
5518
5519 if (hdev_is_powered(hdev))
a69e8375
JH		 5520 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5521 MGMT_STATUS_REJECTED);
dbece37a
MH		 5522
5523 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5524 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5525 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5526
5527 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5528 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5529 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5530
5531 hci_dev_lock(hdev);
5532
5533 if (cp->config)
238be788 5534 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5535 else
a69d8927 5536 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5537
5538 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5539 if (err < 0)
5540 goto unlock;
5541
5542 if (!changed)
5543 goto unlock;
5544
f4537c04
MH		 5545 err = new_options(hdev, sk);
5546
d7a5a11d 5547 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5548 mgmt_index_removed(hdev);
d603b76b 5549
516018a9 5550 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5551 hci_dev_set_flag(hdev, HCI_CONFIG);
5552 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5553
5554 queue_work(hdev->req_workqueue, &hdev->power_on);
5555 } else {
5ea234d3 5556 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5557 mgmt_index_added(hdev);
5558 }
dbece37a
MH		 5559 }
5560
5561unlock:
5562 hci_dev_unlock(hdev);
5563 return err;
5564}
5565
9713c17b
MH		 5566static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5567 void *data, u16 len)
5568{
5569 struct mgmt_cp_set_public_address *cp = data;
5570 bool changed;
5571 int err;
5572
5573 BT_DBG("%s", hdev->name);
5574
5575 if (hdev_is_powered(hdev))
a69e8375
JH		 5576 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5577 MGMT_STATUS_REJECTED);
9713c17b
MH		 5578
5579 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5580 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5581 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5582
5583 if (!hdev->set_bdaddr)
a69e8375
JH		 5584 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5585 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5586
5587 hci_dev_lock(hdev);
5588
5589 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5590 bacpy(&hdev->public_addr, &cp->bdaddr);
5591
5592 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5593 if (err < 0)
5594 goto unlock;
5595
5596 if (!changed)
5597 goto unlock;
5598
d7a5a11d 5599 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 5600 err = new_options(hdev, sk);
5601
5602 if (is_configured(hdev)) {
5603 mgmt_index_removed(hdev);
5604
a358dc11 5605 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 5606
a1536da2
MH		 5607 hci_dev_set_flag(hdev, HCI_CONFIG);
5608 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 5609
5610 queue_work(hdev->req_workqueue, &hdev->power_on);
5611 }
5612
5613unlock:
5614 hci_dev_unlock(hdev);
5615 return err;
5616}
5617
40f66c05
JH		 5618static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5619 u16 opcode, struct sk_buff *skb)
5620{
5621 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5622 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5623 u8 *h192, *r192, *h256, *r256;
5624 struct mgmt_pending_cmd *cmd;
5625 u16 eir_len;
5626 int err;
5627
5628 BT_DBG("%s status %u", hdev->name, status);
5629
5630 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5631 if (!cmd)
5632 return;
5633
5634 mgmt_cp = cmd->param;
5635
5636 if (status) {
5637 status = mgmt_status(status);
5638 eir_len = 0;
5639
5640 h192 = NULL;
5641 r192 = NULL;
5642 h256 = NULL;
5643 r256 = NULL;
5644 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5645 struct hci_rp_read_local_oob_data *rp;
5646
5647 if (skb->len != sizeof(*rp)) {
5648 status = MGMT_STATUS_FAILED;
5649 eir_len = 0;
5650 } else {
5651 status = MGMT_STATUS_SUCCESS;
5652 rp = (void *)skb->data;
5653
5654 eir_len = 5 + 18 + 18;
5655 h192 = rp->hash;
5656 r192 = rp->rand;
5657 h256 = NULL;
5658 r256 = NULL;
5659 }
5660 } else {
5661 struct hci_rp_read_local_oob_ext_data *rp;
5662
5663 if (skb->len != sizeof(*rp)) {
5664 status = MGMT_STATUS_FAILED;
5665 eir_len = 0;
5666 } else {
5667 status = MGMT_STATUS_SUCCESS;
5668 rp = (void *)skb->data;
5669
5670 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5671 eir_len = 5 + 18 + 18;
5672 h192 = NULL;
5673 r192 = NULL;
5674 } else {
5675 eir_len = 5 + 18 + 18 + 18 + 18;
5676 h192 = rp->hash192;
5677 r192 = rp->rand192;
5678 }
5679
5680 h256 = rp->hash256;
5681 r256 = rp->rand256;
5682 }
5683 }
5684
5685 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5686 if (!mgmt_rp)
5687 goto done;
5688
5689 if (status)
5690 goto send_rsp;
5691
5692 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5693 hdev->dev_class, 3);
5694
5695 if (h192 && r192) {
5696 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5697 EIR_SSP_HASH_C192, h192, 16);
5698 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5699 EIR_SSP_RAND_R192, r192, 16);
5700 }
5701
5702 if (h256 && r256) {
5703 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5704 EIR_SSP_HASH_C256, h256, 16);
5705 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5706 EIR_SSP_RAND_R256, r256, 16);
5707 }
5708
5709send_rsp:
5710 mgmt_rp->type = mgmt_cp->type;
5711 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5712
5713 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5714 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5715 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5716 if (err < 0 || status)
5717 goto done;
5718
5719 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5720
5721 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5722 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5723 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5724done:
5725 kfree(mgmt_rp);
5726 mgmt_pending_remove(cmd);
5727}
5728
5729static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5730 struct mgmt_cp_read_local_oob_ext_data *cp)
5731{
5732 struct mgmt_pending_cmd *cmd;
5733 struct hci_request req;
5734 int err;
5735
5736 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5737 cp, sizeof(*cp));
5738 if (!cmd)
5739 return -ENOMEM;
5740
5741 hci_req_init(&req, hdev);
5742
5743 if (bredr_sc_enabled(hdev))
5744 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5745 else
5746 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5747
5748 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5749 if (err < 0) {
5750 mgmt_pending_remove(cmd);
5751 return err;
5752 }
5753
5754 return 0;
5755}
5756
4f0f155c
MH		 5757static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5758 void *data, u16 data_len)
5759{
5760 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5761 struct mgmt_rp_read_local_oob_ext_data *rp;
5762 size_t rp_len;
5763 u16 eir_len;
0821a2c5 5764 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 5765 int err;
5766
5767 BT_DBG("%s", hdev->name);
5768
57b0d3e8
MH		 5769 if (hdev_is_powered(hdev)) {
5770 switch (cp->type) {
5771 case BIT(BDADDR_BREDR):
5772 status = mgmt_bredr_support(hdev);
5773 if (status)
5774 eir_len = 0;
5775 else
5776 eir_len = 5;
5777 break;
5778 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5779 status = mgmt_le_support(hdev);
5780 if (status)
5781 eir_len = 0;
5782 else
5783 eir_len = 9 + 3 + 18 + 18 + 3;
5784 break;
5785 default:
5786 status = MGMT_STATUS_INVALID_PARAMS;
5787 eir_len = 0;
5788 break;
5789 }
5790 } else {
5791 status = MGMT_STATUS_NOT_POWERED;
5792 eir_len = 0;
4f0f155c
MH		 5793 }
5794
4f0f155c
MH		 5795 rp_len = sizeof(*rp) + eir_len;
5796 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 5797 if (!rp)
4f0f155c 5798 return -ENOMEM;
efcd8c98 5799
57b0d3e8
MH		 5800 if (status)
5801 goto complete;
5802
efcd8c98 5803 hci_dev_lock(hdev);
4f0f155c
MH		 5804
5805 eir_len = 0;
5806 switch (cp->type) {
5807 case BIT(BDADDR_BREDR):
40f66c05
JH		 5808 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5809 err = read_local_ssp_oob_req(hdev, sk, cp);
5810 hci_dev_unlock(hdev);
5811 if (!err)
5812 goto done;
5813
5814 status = MGMT_STATUS_FAILED;
5815 goto complete;
5816 } else {
5817 eir_len = eir_append_data(rp->eir, eir_len,
5818 EIR_CLASS_OF_DEV,
5819 hdev->dev_class, 3);
5820 }
4f0f155c
MH		 5821 break;
5822 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 5823 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5824 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 5825 hci_dev_unlock(hdev);
57b0d3e8
MH		 5826 status = MGMT_STATUS_FAILED;
5827 goto complete;
0821a2c5
MH		 5828 }
5829
e213568a
MH		 5830 /* This should return the active RPA, but since the RPA
5831 * is only programmed on demand, it is really hard to fill
5832 * this in at the moment. For now disallow retrieving
5833 * local out-of-band data when privacy is in use.
5834 *
5835 * Returning the identity address will not help here since
5836 * pairing happens before the identity resolving key is
5837 * known and thus the connection establishment happens
5838 * based on the RPA and not the identity address.
5839 */
4f0f155c 5840 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 5841 hci_dev_unlock(hdev);
5842 status = MGMT_STATUS_REJECTED;
5843 goto complete;
5844 }
5845
5846 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5847 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5848 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5849 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 5850 memcpy(addr, &hdev->static_addr, 6);
5851 addr[6] = 0x01;
5852 } else {
5853 memcpy(addr, &hdev->bdaddr, 6);
5854 addr[6] = 0x00;
5855 }
5856
5857 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5858 addr, sizeof(addr));
5859
5860 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5861 role = 0x02;
5862 else
5863 role = 0x01;
5864
5865 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5866 &role, sizeof(role));
5867
5082a599
MH		 5868 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5869 eir_len = eir_append_data(rp->eir, eir_len,
5870 EIR_LE_SC_CONFIRM,
5871 hash, sizeof(hash));
0821a2c5 5872
5082a599
MH		 5873 eir_len = eir_append_data(rp->eir, eir_len,
5874 EIR_LE_SC_RANDOM,
5875 rand, sizeof(rand));
5876 }
0821a2c5 5877
f2252570 5878 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 5879
5880 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5881 flags |= LE_AD_NO_BREDR;
5882
5883 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5884 &flags, sizeof(flags));
5885 break;
5886 }
5887
4f0f155c
MH		 5888 hci_dev_unlock(hdev);
5889
72000df2
MH		 5890 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5891
57b0d3e8
MH		 5892 status = MGMT_STATUS_SUCCESS;
5893
5894complete:
efcd8c98
MH		 5895 rp->type = cp->type;
5896 rp->eir_len = cpu_to_le16(eir_len);
5897
4f0f155c 5898 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 5899 status, rp, sizeof(*rp) + eir_len);
5900 if (err < 0 || status)
72000df2
MH		 5901 goto done;
5902
5903 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5904 rp, sizeof(*rp) + eir_len,
5905 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 5906
0821a2c5 5907done:
4f0f155c
MH		 5908 kfree(rp);
5909
5910 return err;
5911}
5912
089fa8c0
AU		 5913static u32 get_supported_adv_flags(struct hci_dev *hdev)
5914{
5915 u32 flags = 0;
5916
5917 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5918 flags |= MGMT_ADV_FLAG_DISCOV;
5919 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5920 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
7c295c48 5921 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
089fa8c0
AU		 5922
5923 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5924 flags |= MGMT_ADV_FLAG_TX_POWER;
5925
5926 return flags;
5927}
5928
d3d5305b
MH		 5929static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5930 void *data, u16 data_len)
5931{
5932 struct mgmt_rp_read_adv_features *rp;
5933 size_t rp_len;
02c04afe 5934 int err;
286e0c83 5935 struct adv_info *adv_instance;
089fa8c0 5936 u32 supported_flags;
02c04afe 5937 u8 *instance;
d3d5305b
MH		 5938
5939 BT_DBG("%s", hdev->name);
5940
089fa8c0
AU		 5941 if (!lmp_le_capable(hdev))
5942 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5943 MGMT_STATUS_REJECTED);
5944
d3d5305b
MH		 5945 hci_dev_lock(hdev);
5946
02c04afe 5947 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 5948 rp = kmalloc(rp_len, GFP_ATOMIC);
5949 if (!rp) {
5950 hci_dev_unlock(hdev);
5951 return -ENOMEM;
5952 }
5953
089fa8c0
AU		 5954 supported_flags = get_supported_adv_flags(hdev);
5955
5956 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 5957 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5958 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 5959 rp->max_instances = HCI_MAX_ADV_INSTANCES;
02c04afe 5960 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 5961
02c04afe
JH		 5962 instance = rp->instance;
5963 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
5964 *instance = adv_instance->instance;
5965 instance++;
24b4f38f 5966 }
d3d5305b
MH		 5967
5968 hci_dev_unlock(hdev);
5969
5970 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5971 MGMT_STATUS_SUCCESS, rp, rp_len);
5972
5973 kfree(rp);
5974
5975 return err;
5976}
5977
4117ed70 5978static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
b44133ff 5979 u8 len, bool is_adv_data)
24b4f38f 5980{
4117ed70 5981 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 5982 int i, cur_len;
b44133ff 5983 bool flags_managed = false;
5507e358 5984 bool tx_power_managed = false;
24b4f38f 5985
31a3248d
MH		 5986 if (is_adv_data) {
5987 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
5988 MGMT_ADV_FLAG_LIMITED_DISCOV |
5989 MGMT_ADV_FLAG_MANAGED_FLAGS)) {
5990 flags_managed = true;
5991 max_len -= 3;
5992 }
24b4f38f 5993
31a3248d
MH		 5994 if (adv_flags & MGMT_ADV_FLAG_TX_POWER) {
5995 tx_power_managed = true;
5996 max_len -= 3;
5997 }
7c295c48
MN		 5998 } else {
5999 /* at least 1 byte of name should fit in */
6000 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6001 max_len -= 3;
5507e358
AU		 6002 }
6003
4117ed70 6004 if (len > max_len)
24b4f38f
AU		 6005 return false;
6006
4117ed70
AU		 6007 /* Make sure that the data is correctly formatted. */
6008 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6009 cur_len = data[i];
24b4f38f 6010
b44133ff
AU		 6011 if (flags_managed && data[i + 1] == EIR_FLAGS)
6012 return false;
6013
5507e358
AU		 6014 if (tx_power_managed && data[i + 1] == EIR_TX_POWER)
6015 return false;
6016
24b4f38f
AU		 6017 /* If the current field length would exceed the total data
6018 * length, then it's invalid.
6019 */
4117ed70 6020 if (i + cur_len >= len)
24b4f38f
AU		 6021 return false;
6022 }
6023
6024 return true;
6025}
6026
24b4f38f
AU		 6027static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6028 u16 opcode)
6029{
6030 struct mgmt_pending_cmd *cmd;
fffd38bc 6031 struct mgmt_cp_add_advertising *cp;
24b4f38f 6032 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6033 struct adv_info *adv_instance, *n;
6034 u8 instance;
24b4f38f
AU		 6035
6036 BT_DBG("status %d", status);
6037
6038 hci_dev_lock(hdev);
6039
6040 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6041
fffd38bc
FG		 6042 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6043 if (!adv_instance->pending)
6044 continue;
6045
6046 if (!status) {
6047 adv_instance->pending = false;
6048 continue;
6049 }
6050
6051 instance = adv_instance->instance;
6052
6053 if (hdev->cur_adv_instance == instance)
6054 cancel_adv_timeout(hdev);
6055
6056 hci_remove_adv_instance(hdev, instance);
f2252570 6057 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6058 }
6059
6060 if (!cmd)
6061 goto unlock;
6062
fffd38bc
FG		 6063 cp = cmd->param;
6064 rp.instance = cp->instance;
24b4f38f
AU		 6065
6066 if (status)
6067 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6068 mgmt_status(status));
6069 else
6070 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6071 mgmt_status(status), &rp, sizeof(rp));
6072
6073 mgmt_pending_remove(cmd);
6074
6075unlock:
6076 hci_dev_unlock(hdev);
6077}
6078
6079static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6080 void *data, u16 data_len)
6081{
6082 struct mgmt_cp_add_advertising *cp = data;
6083 struct mgmt_rp_add_advertising rp;
6084 u32 flags;
089fa8c0 6085 u32 supported_flags;
24b4f38f 6086 u8 status;
fffd38bc
FG		 6087 u16 timeout, duration;
6088 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6089 u8 schedule_instance = 0;
6090 struct adv_info *next_instance;
24b4f38f
AU		 6091 int err;
6092 struct mgmt_pending_cmd *cmd;
6093 struct hci_request req;
6094
6095 BT_DBG("%s", hdev->name);
6096
6097 status = mgmt_le_support(hdev);
6098 if (status)
6099 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6100 status);
6101
ceff86af 6102 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6a0e7807
JH		 6103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6104 MGMT_STATUS_INVALID_PARAMS);
6105
6106 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 6107 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6108 MGMT_STATUS_INVALID_PARAMS);
6109
24b4f38f 6110 flags = __le32_to_cpu(cp->flags);
912098a6 6111 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6112 duration = __le16_to_cpu(cp->duration);
24b4f38f 6113
fffd38bc
FG		 6114 /* The current implementation only supports a subset of the specified
6115 * flags.
089fa8c0
AU		 6116 */
6117 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 6118 if (flags & ~supported_flags)
24b4f38f
AU		 6119 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6120 MGMT_STATUS_INVALID_PARAMS);
6121
6122 hci_dev_lock(hdev);
6123
912098a6
AU		 6124 if (timeout && !hdev_is_powered(hdev)) {
6125 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6126 MGMT_STATUS_REJECTED);
6127 goto unlock;
6128 }
6129
24b4f38f 6130 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6131 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6132 pending_find(MGMT_OP_SET_LE, hdev)) {
6133 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6134 MGMT_STATUS_BUSY);
6135 goto unlock;
6136 }
6137
b44133ff 6138 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
4117ed70 6139 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6140 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6141 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6142 MGMT_STATUS_INVALID_PARAMS);
6143 goto unlock;
6144 }
6145
fffd38bc
FG		 6146 err = hci_add_adv_instance(hdev, cp->instance, flags,
6147 cp->adv_data_len, cp->data,
6148 cp->scan_rsp_len,
6149 cp->data + cp->adv_data_len,
6150 timeout, duration);
6151 if (err < 0) {
6152 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6153 MGMT_STATUS_FAILED);
6154 goto unlock;
6155 }
24b4f38f 6156
fffd38bc
FG		 6157 /* Only trigger an advertising added event if a new instance was
6158 * actually added.
6159 */
6160 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6161 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6162
fffd38bc
FG		 6163 if (hdev->cur_adv_instance == cp->instance) {
6164 /* If the currently advertised instance is being changed then
6165 * cancel the current advertising and schedule the next
6166 * instance. If there is only one instance then the overridden
6167 * advertising data will be visible right away.
6168 */
6169 cancel_adv_timeout(hdev);
912098a6 6170
fffd38bc
FG		 6171 next_instance = hci_get_next_instance(hdev, cp->instance);
6172 if (next_instance)
6173 schedule_instance = next_instance->instance;
6174 } else if (!hdev->adv_instance_timeout) {
6175 /* Immediately advertise the new instance if no other
6176 * instance is currently being advertised.
6177 */
6178 schedule_instance = cp->instance;
6179 }
24b4f38f 6180
fffd38bc
FG		 6181 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6182 * there is no instance to be advertised then we have no HCI
6183 * communication to make. Simply return.
24b4f38f
AU		 6184 */
6185 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6186 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6187 !schedule_instance) {
6188 rp.instance = cp->instance;
24b4f38f
AU		 6189 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6190 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6191 goto unlock;
6192 }
6193
6194 /* We're good to go, update advertising data, parameters, and start
6195 * advertising.
6196 */
6197 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6198 data_len);
6199 if (!cmd) {
6200 err = -ENOMEM;
6201 goto unlock;
6202 }
6203
6204 hci_req_init(&req, hdev);
6205
f2252570 6206 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6207
6208 if (!err)
6209 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6210
24b4f38f
AU		 6211 if (err < 0)
6212 mgmt_pending_remove(cmd);
6213
6214unlock:
6215 hci_dev_unlock(hdev);
6216
6217 return err;
6218}
6219
da929335
AU		 6220static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6221 u16 opcode)
6222{
6223 struct mgmt_pending_cmd *cmd;
01948331 6224 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6225 struct mgmt_rp_remove_advertising rp;
6226
6227 BT_DBG("status %d", status);
6228
6229 hci_dev_lock(hdev);
6230
6231 /* A failure status here only means that we failed to disable
6232 * advertising. Otherwise, the advertising instance has been removed,
6233 * so report success.
6234 */
6235 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6236 if (!cmd)
6237 goto unlock;
6238
01948331
FG		 6239 cp = cmd->param;
6240 rp.instance = cp->instance;
da929335
AU		 6241
6242 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6243 &rp, sizeof(rp));
6244 mgmt_pending_remove(cmd);
6245
6246unlock:
6247 hci_dev_unlock(hdev);
6248}
6249
6250static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6251 void *data, u16 data_len)
6252{
6253 struct mgmt_cp_remove_advertising *cp = data;
6254 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6255 struct mgmt_pending_cmd *cmd;
6256 struct hci_request req;
952497b1 6257 int err;
da929335
AU		 6258
6259 BT_DBG("%s", hdev->name);
6260
da929335
AU		 6261 hci_dev_lock(hdev);
6262
952497b1 6263 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6264 err = mgmt_cmd_status(sk, hdev->id,
6265 MGMT_OP_REMOVE_ADVERTISING,
6266 MGMT_STATUS_INVALID_PARAMS);
6267 goto unlock;
6268 }
6269
da929335
AU		 6270 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6271 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6272 pending_find(MGMT_OP_SET_LE, hdev)) {
6273 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6274 MGMT_STATUS_BUSY);
6275 goto unlock;
6276 }
6277
17fd08ff 6278 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 6279 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6280 MGMT_STATUS_INVALID_PARAMS);
6281 goto unlock;
6282 }
6283
01948331 6284 hci_req_init(&req, hdev);
da929335 6285
37d3a1fa 6286 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
da929335 6287
01948331 6288 if (list_empty(&hdev->adv_instances))
f2252570 6289 __hci_req_disable_advertising(&req);
da929335 6290
01948331
FG		 6291 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6292 * flag is set or the device isn't powered then we have no HCI
6293 * communication to make. Simply return.
da929335 6294 */
01948331
FG		 6295 if (skb_queue_empty(&req.cmd_q) ||
6296 !hdev_is_powered(hdev) ||
da929335 6297 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 6298 rp.instance = cp->instance;
da929335
AU		 6299 err = mgmt_cmd_complete(sk, hdev->id,
6300 MGMT_OP_REMOVE_ADVERTISING,
6301 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6302 goto unlock;
6303 }
6304
6305 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6306 data_len);
6307 if (!cmd) {
6308 err = -ENOMEM;
6309 goto unlock;
6310 }
6311
da929335
AU		 6312 err = hci_req_run(&req, remove_advertising_complete);
6313 if (err < 0)
6314 mgmt_pending_remove(cmd);
6315
6316unlock:
6317 hci_dev_unlock(hdev);
6318
6319 return err;
6320}
6321
40b25fe5
MH		 6322static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
6323{
6324 u8 max_len = HCI_MAX_AD_LENGTH;
6325
6326 if (is_adv_data) {
6327 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6328 MGMT_ADV_FLAG_LIMITED_DISCOV |
6329 MGMT_ADV_FLAG_MANAGED_FLAGS))
6330 max_len -= 3;
6331
6332 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
6333 max_len -= 3;
7c295c48
MN		 6334 } else {
6335 /* at least 1 byte of name should fit in */
6336 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6337 max_len -= 3;
40b25fe5
MH		 6338 }
6339
6340 return max_len;
6341}
6342
6343static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6344 void *data, u16 data_len)
6345{
6346 struct mgmt_cp_get_adv_size_info *cp = data;
6347 struct mgmt_rp_get_adv_size_info rp;
6348 u32 flags, supported_flags;
6349 int err;
6350
6351 BT_DBG("%s", hdev->name);
6352
6353 if (!lmp_le_capable(hdev))
6354 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6355 MGMT_STATUS_REJECTED);
6356
6357 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6358 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6359 MGMT_STATUS_INVALID_PARAMS);
6360
6361 flags = __le32_to_cpu(cp->flags);
6362
6363 /* The current implementation only supports a subset of the specified
6364 * flags.
6365 */
6366 supported_flags = get_supported_adv_flags(hdev);
6367 if (flags & ~supported_flags)
6368 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6369 MGMT_STATUS_INVALID_PARAMS);
6370
6371 rp.instance = cp->instance;
6372 rp.flags = cp->flags;
6373 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6374 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6375
6376 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6377 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6378
6379 return err;
6380}
6381
6d785aa3 6382static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6383 { NULL }, /* 0x0000 (no command) */
b9a245fb 6384 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6385 HCI_MGMT_NO_HDEV |
6386 HCI_MGMT_UNTRUSTED },
b9a245fb 6387 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6388 HCI_MGMT_NO_HDEV |
6389 HCI_MGMT_UNTRUSTED },
b9a245fb 6390 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6391 HCI_MGMT_NO_HDEV |
6392 HCI_MGMT_UNTRUSTED },
6393 { read_controller_info, MGMT_READ_INFO_SIZE,
6394 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6395 { set_powered, MGMT_SETTING_SIZE },
6396 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6397 { set_connectable, MGMT_SETTING_SIZE },
6398 { set_fast_connectable, MGMT_SETTING_SIZE },
6399 { set_bondable, MGMT_SETTING_SIZE },
6400 { set_link_security, MGMT_SETTING_SIZE },
6401 { set_ssp, MGMT_SETTING_SIZE },
6402 { set_hs, MGMT_SETTING_SIZE },
6403 { set_le, MGMT_SETTING_SIZE },
6404 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6405 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6406 { add_uuid, MGMT_ADD_UUID_SIZE },
6407 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6408 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6409 HCI_MGMT_VAR_LEN },
6410 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6411 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6412 { disconnect, MGMT_DISCONNECT_SIZE },
6413 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6414 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6415 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6416 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6417 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6418 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6419 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6420 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6421 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6422 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6423 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6424 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6425 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6426 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6427 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6428 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6429 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6430 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6431 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6432 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6433 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6434 { set_advertising, MGMT_SETTING_SIZE },
6435 { set_bredr, MGMT_SETTING_SIZE },
6436 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6437 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6438 { set_secure_conn, MGMT_SETTING_SIZE },
6439 { set_debug_keys, MGMT_SETTING_SIZE },
6440 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6441 { load_irks, MGMT_LOAD_IRKS_SIZE,
6442 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6443 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6444 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6445 { add_device, MGMT_ADD_DEVICE_SIZE },
6446 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6447 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6448 HCI_MGMT_VAR_LEN },
6449 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6450 HCI_MGMT_NO_HDEV |
6451 HCI_MGMT_UNTRUSTED },
b9a245fb 6452 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6453 HCI_MGMT_UNCONFIGURED |
6454 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6455 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6456 HCI_MGMT_UNCONFIGURED },
6457 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6458 HCI_MGMT_UNCONFIGURED },
6459 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6460 HCI_MGMT_VAR_LEN },
4f0f155c 6461 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6462 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6463 HCI_MGMT_NO_HDEV |
6464 HCI_MGMT_UNTRUSTED },
d3d5305b 6465 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6466 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6467 HCI_MGMT_VAR_LEN },
da929335 6468 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6469 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 6470 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 6471 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6472 HCI_MGMT_UNTRUSTED },
0f4e68cf
JH		 6473};
6474
bf6b56db 6475void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6476{
ced85549 6477 struct mgmt_ev_ext_index ev;
bb4b2a9a 6478
0602a8ad
MH		 6479 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6480 return;
6481
f9207338 6482 switch (hdev->dev_type) {
ca8bee5d 6483 case HCI_PRIMARY:
f9207338
MH		 6484 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6485 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6486 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6487 ev.type = 0x01;
f9207338
MH		 6488 } else {
6489 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6490 HCI_MGMT_INDEX_EVENTS);
ced85549 6491 ev.type = 0x00;
f9207338
MH		 6492 }
6493 break;
ced85549
MH		 6494 case HCI_AMP:
6495 ev.type = 0x02;
6496 break;
6497 default:
6498 return;
f9207338 6499 }
ced85549
MH		 6500
6501 ev.bus = hdev->bus;
6502
6503 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6504 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6505}
6506
bf6b56db 6507void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6508{
ced85549 6509 struct mgmt_ev_ext_index ev;
5f159032 6510 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6511
0602a8ad
MH		 6512 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6513 return;
6514
f9207338 6515 switch (hdev->dev_type) {
ca8bee5d 6516 case HCI_PRIMARY:
f9207338 6517 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6518
f9207338
MH		 6519 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6520 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6521 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6522 ev.type = 0x01;
f9207338
MH		 6523 } else {
6524 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6525 HCI_MGMT_INDEX_EVENTS);
ced85549 6526 ev.type = 0x00;
f9207338
MH		 6527 }
6528 break;
ced85549
MH		 6529 case HCI_AMP:
6530 ev.type = 0x02;
6531 break;
6532 default:
6533 return;
f9207338 6534 }
ced85549
MH		 6535
6536 ev.bus = hdev->bus;
6537
6538 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6539 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6540}
6541
6046dc3e 6542/* This function requires the caller holds hdev->lock */
af02dd44 6543static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6544{
6545 struct hci_conn_params *p;
6546
6547 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6548 /* Needed for AUTO_OFF case where might not "really"
6549 * have been powered off.
6550 */
6551 list_del_init(&p->action);
6552
6553 switch (p->auto_connect) {
4b9e7e75 6554 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6555 case HCI_AUTO_CONN_ALWAYS:
6556 list_add(&p->action, &hdev->pend_le_conns);
6557 break;
6558 case HCI_AUTO_CONN_REPORT:
6559 list_add(&p->action, &hdev->pend_le_reports);
6560 break;
6561 default:
6562 break;
c83ed19d 6563 }
6046dc3e
AG		 6564 }
6565}
6566
2ff13894 6567void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 6568{
6569 struct cmd_lookup match = { NULL, hdev };
6570
2ff13894 6571 BT_DBG("err %d", err);
229ab39c 6572
2ff13894
JH		 6573 hci_dev_lock(hdev);
6574
6575 if (!err) {
af02dd44
JH		 6576 restart_le_actions(hdev);
6577 hci_update_background_scan(hdev);
162a3bac
MH		 6578 }
6579
229ab39c
JH		 6580 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6581
6582 new_settings(hdev, match.sk);
6583
229ab39c
JH		 6584 if (match.sk)
6585 sock_put(match.sk);
229ab39c 6586
2ff13894 6587 hci_dev_unlock(hdev);
70da6243 6588}
562fcc24 6589
2ff13894 6590void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 6591{
6592 struct cmd_lookup match = { NULL, hdev };
9845904f 6593 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 6594
229ab39c 6595 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6596
6597 /* If the power off is because of hdev unregistration let
6598 * use the appropriate INVALID_INDEX status. Otherwise use
6599 * NOT_POWERED. We cover both scenarios here since later in
6600 * mgmt_index_removed() any hci_conn callbacks will have already
6601 * been triggered, potentially causing misleading DISCONNECTED
6602 * status responses.
6603 */
d7a5a11d 6604 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6605 status = MGMT_STATUS_INVALID_INDEX;
6606 else
6607 status = MGMT_STATUS_NOT_POWERED;
6608
6609 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 6610
321c6fee 6611 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 6612 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6613 zero_cod, sizeof(zero_cod),
6614 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 6615 ext_info_changed(hdev, NULL);
6616 }
229ab39c 6617
2ff13894 6618 new_settings(hdev, match.sk);
eec8d2bc
JH		 6619
6620 if (match.sk)
6621 sock_put(match.sk);
5add6af8 6622}
73f22f62 6623
3eec705e 6624void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6625{
3b0602cd 6626 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6627 u8 status;
6628
333ae95d 6629 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6630 if (!cmd)
3eec705e 6631 return;
96570ffc
JH		 6632
6633 if (err == -ERFKILL)
6634 status = MGMT_STATUS_RFKILLED;
6635 else
6636 status = MGMT_STATUS_FAILED;
6637
a69e8375 6638 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6639
6640 mgmt_pending_remove(cmd);
96570ffc
JH		 6641}
6642
dc4a5ee2
MH		 6643void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6644 bool persistent)
55ed8ca1 6645{
86742e1e 6646 struct mgmt_ev_new_link_key ev;
55ed8ca1 6647
a492cd52 6648 memset(&ev, 0, sizeof(ev));
55ed8ca1 6649
a492cd52 6650 ev.store_hint = persistent;
d753fdc4 6651 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6652 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6653 ev.key.type = key->type;
9b3b4460 6654 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6655 ev.key.pin_len = key->pin_len;
55ed8ca1 6656
dc4a5ee2 6657 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6658}
f7520543 6659
d7b25450
JH		 6660static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6661{
23fb8de3
JH		 6662 switch (ltk->type) {
6663 case SMP_LTK:
6664 case SMP_LTK_SLAVE:
6665 if (ltk->authenticated)
6666 return MGMT_LTK_AUTHENTICATED;
6667 return MGMT_LTK_UNAUTHENTICATED;
6668 case SMP_LTK_P256:
6669 if (ltk->authenticated)
6670 return MGMT_LTK_P256_AUTH;
6671 return MGMT_LTK_P256_UNAUTH;
6672 case SMP_LTK_P256_DEBUG:
6673 return MGMT_LTK_P256_DEBUG;
6674 }
d7b25450
JH		 6675
6676 return MGMT_LTK_UNAUTHENTICATED;
6677}
6678
53ac6ab6 6679void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6680{
6681 struct mgmt_ev_new_long_term_key ev;
6682
6683 memset(&ev, 0, sizeof(ev));
6684
5192d301 6685 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6686 * without providing an identity resolving key don't require
5192d301
MH		 6687 * to store long term keys. Their addresses will change the
6688 * next time around.
6689 *
6690 * Only when a remote device provides an identity address
6691 * make sure the long term key is stored. If the remote
6692 * identity is known, the long term keys are internally
6693 * mapped to the identity address. So allow static random
6694 * and public addresses here.
6695 */
ba74b666
JH		 6696 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6697 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6698 ev.store_hint = 0x00;
6699 else
53ac6ab6 6700 ev.store_hint = persistent;
ba74b666 6701
346af67b 6702 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6703 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6704 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6705 ev.key.enc_size = key->enc_size;
6706 ev.key.ediv = key->ediv;
fe39c7b2 6707 ev.key.rand = key->rand;
346af67b 6708
2ceba539 6709 if (key->type == SMP_LTK)
346af67b
VCG		 6710 ev.key.master = 1;
6711
1fc62c52
JH		 6712 /* Make sure we copy only the significant bytes based on the
6713 * encryption key size, and set the rest of the value to zeroes.
6714 */
cb92205b 6715 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 6716 memset(ev.key.val + key->enc_size, 0,
6717 sizeof(ev.key.val) - key->enc_size);
346af67b 6718
083368f7 6719 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6720}
6721
cad20c27 6722void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 6723{
6724 struct mgmt_ev_new_irk ev;
6725
6726 memset(&ev, 0, sizeof(ev));
6727
cad20c27 6728 ev.store_hint = persistent;
bab6d1e5 6729
95fbac8a
JH		 6730 bacpy(&ev.rpa, &irk->rpa);
6731 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6732 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6733 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6734
6735 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6736}
6737
53ac6ab6
MH		 6738void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6739 bool persistent)
7ee4ea36
MH		 6740{
6741 struct mgmt_ev_new_csrk ev;
6742
6743 memset(&ev, 0, sizeof(ev));
6744
6745 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6746 * without providing an identity resolving key don't require
7ee4ea36
MH		 6747 * to store signature resolving keys. Their addresses will change
6748 * the next time around.
6749 *
6750 * Only when a remote device provides an identity address
6751 * make sure the signature resolving key is stored. So allow
6752 * static random and public addresses here.
6753 */
6754 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6755 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6756 ev.store_hint = 0x00;
6757 else
53ac6ab6 6758 ev.store_hint = persistent;
7ee4ea36
MH		 6759
6760 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6761 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6762 ev.key.type = csrk->type;
7ee4ea36
MH		 6763 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6764
6765 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6766}
6767
ffb5a827 6768void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6769 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6770 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6771{
6772 struct mgmt_ev_new_conn_param ev;
6773
c103aea6
JH		 6774 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6775 return;
6776
ffb5a827
AG		 6777 memset(&ev, 0, sizeof(ev));
6778 bacpy(&ev.addr.bdaddr, bdaddr);
6779 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6780 ev.store_hint = store_hint;
ffb5a827
AG		 6781 ev.min_interval = cpu_to_le16(min_interval);
6782 ev.max_interval = cpu_to_le16(max_interval);
6783 ev.latency = cpu_to_le16(latency);
6784 ev.timeout = cpu_to_le16(timeout);
6785
6786 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6787}
6788
48ec92fa
AA		 6789void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6790 u32 flags, u8 *name, u8 name_len)
f7520543 6791{
b644ba33
JH		 6792 char buf[512];
6793 struct mgmt_ev_device_connected *ev = (void *) buf;
6794 u16 eir_len = 0;
f7520543 6795
48ec92fa
AA		 6796 bacpy(&ev->addr.bdaddr, &conn->dst);
6797 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6798
c95f0ba7 6799 ev->flags = __cpu_to_le32(flags);
08c79b61 6800
fd45ada9
AA		 6801 /* We must ensure that the EIR Data fields are ordered and
6802 * unique. Keep it simple for now and avoid the problem by not
6803 * adding any BR/EDR data to the LE adv.
6804 */
6805 if (conn->le_adv_data_len > 0) {
6806 memcpy(&ev->eir[eir_len],
6807 conn->le_adv_data, conn->le_adv_data_len);
6808 eir_len = conn->le_adv_data_len;
6809 } else {
6810 if (name_len > 0)
6811 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6812 name, name_len);
b644ba33 6813
ddbea5cf 6814 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6815 eir_len = eir_append_data(ev->eir, eir_len,
6816 EIR_CLASS_OF_DEV,
6817 conn->dev_class, 3);
6818 }
b644ba33 6819
eb55ef07 6820 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6821
ecd90ae7
MH		 6822 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6823 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6824}
6825
3b0602cd 6826static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6827{
8962ee74 6828 struct sock **sk = data;
8962ee74 6829
f5818c22 6830 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6831
6832 *sk = cmd->sk;
6833 sock_hold(*sk);
6834
a664b5bc 6835 mgmt_pending_remove(cmd);
8962ee74
JH		 6836}
6837
3b0602cd 6838static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6839{
b1078ad0 6840 struct hci_dev *hdev = data;
124f6e35 6841 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6842
b1078ad0
JH		 6843 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6844
d8b7b1e4 6845 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6846 mgmt_pending_remove(cmd);
6847}
6848
84c61d92
JH		 6849bool mgmt_powering_down(struct hci_dev *hdev)
6850{
3b0602cd 6851 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6852 struct mgmt_mode *cp;
6853
333ae95d 6854 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 6855 if (!cmd)
6856 return false;
6857
6858 cp = cmd->param;
6859 if (!cp->val)
6860 return true;
6861
6862 return false;
6863}
6864
9b80ec5e 6865void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6866 u8 link_type, u8 addr_type, u8 reason,
6867 bool mgmt_connected)
f7520543 6868{
f0d6a0ea 6869 struct mgmt_ev_device_disconnected ev;
8962ee74 6870 struct sock *sk = NULL;
8962ee74 6871
84c61d92
JH		 6872 /* The connection is still in hci_conn_hash so test for 1
6873 * instead of 0 to know if this is the last one.
6874 */
6875 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6876 cancel_delayed_work(&hdev->power_off);
6877 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6878 }
6879
12d4a3b2
JH		 6880 if (!mgmt_connected)
6881 return;
6882
57eb776f
AG		 6883 if (link_type != ACL_LINK && link_type != LE_LINK)
6884 return;
6885
744cf19e 6886 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6887
f0d6a0ea
MA		 6888 bacpy(&ev.addr.bdaddr, bdaddr);
6889 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6890 ev.reason = reason;
f7520543 6891
9b80ec5e 6892 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6893
6894 if (sk)
d97dcb66 6895 sock_put(sk);
8962ee74 6896
124f6e35 6897 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6898 hdev);
8962ee74
JH		 6899}
6900
7892924c
MH		 6901void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6902 u8 link_type, u8 addr_type, u8 status)
8962ee74 6903{
3655bba8
AG		 6904 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6905 struct mgmt_cp_disconnect *cp;
3b0602cd 6906 struct mgmt_pending_cmd *cmd;
8962ee74 6907
36a75f1b
JD		 6908 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6909 hdev);
6910
333ae95d 6911 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6912 if (!cmd)
7892924c 6913 return;
8962ee74 6914
3655bba8
AG		 6915 cp = cmd->param;
6916
6917 if (bacmp(bdaddr, &cp->addr.bdaddr))
6918 return;
6919
6920 if (cp->addr.type != bdaddr_type)
6921 return;
6922
f5818c22 6923 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6924 mgmt_pending_remove(cmd);
f7520543 6925}
17d5c04c 6926
445608d0
MH		 6927void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6928 u8 addr_type, u8 status)
17d5c04c
JH		 6929{
6930 struct mgmt_ev_connect_failed ev;
c9910d0f 6931
84c61d92
JH		 6932 /* The connection is still in hci_conn_hash so test for 1
6933 * instead of 0 to know if this is the last one.
6934 */
6935 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6936 cancel_delayed_work(&hdev->power_off);
6937 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6938 }
17d5c04c 6939
4c659c39 6940 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6941 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6942 ev.status = mgmt_status(status);
17d5c04c 6943
445608d0 6944 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6945}
980e1a53 6946
ce0e4a0d 6947void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6948{
6949 struct mgmt_ev_pin_code_request ev;
6950
d8457698 6951 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6952 ev.addr.type = BDADDR_BREDR;
a770bb5a 6953 ev.secure = secure;
980e1a53 6954
ce0e4a0d 6955 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6956}
6957
e669cf80
MH		 6958void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6959 u8 status)
980e1a53 6960{
3b0602cd 6961 struct mgmt_pending_cmd *cmd;
980e1a53 6962
333ae95d 6963 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6964 if (!cmd)
e669cf80 6965 return;
980e1a53 6966
7776d1d8 6967 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6968 mgmt_pending_remove(cmd);
980e1a53
JH		 6969}
6970
3eb38528
MH		 6971void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6972 u8 status)
980e1a53 6973{
3b0602cd 6974 struct mgmt_pending_cmd *cmd;
980e1a53 6975
333ae95d 6976 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6977 if (!cmd)
3eb38528 6978 return;
980e1a53 6979
7776d1d8 6980 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6981 mgmt_pending_remove(cmd);
980e1a53 6982}
a5c29683 6983
744cf19e 6984int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6985 u8 link_type, u8 addr_type, u32 value,
04124681 6986 u8 confirm_hint)
a5c29683
JH		 6987{
6988 struct mgmt_ev_user_confirm_request ev;
6989
744cf19e 6990 BT_DBG("%s", hdev->name);
a5c29683 6991
272d90df 6992 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6993 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6994 ev.confirm_hint = confirm_hint;
39adbffe 6995 ev.value = cpu_to_le32(value);
a5c29683 6996
744cf19e 6997 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6998 NULL);
a5c29683
JH		 6999}
7000
272d90df 7001int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7002 u8 link_type, u8 addr_type)
604086b7
BG		 7003{
7004 struct mgmt_ev_user_passkey_request ev;
7005
7006 BT_DBG("%s", hdev->name);
7007
272d90df 7008 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7009 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7010
7011 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7012 NULL);
604086b7
BG		 7013}
7014
0df4c185 7015static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7016 u8 link_type, u8 addr_type, u8 status,
7017 u8 opcode)
a5c29683 7018{
3b0602cd 7019 struct mgmt_pending_cmd *cmd;
a5c29683 7020
333ae95d 7021 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7022 if (!cmd)
7023 return -ENOENT;
7024
7776d1d8 7025 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7026 mgmt_pending_remove(cmd);
a5c29683 7027
7776d1d8 7028 return 0;
a5c29683
JH		 7029}
7030
744cf19e 7031int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7032 u8 link_type, u8 addr_type, u8 status)
a5c29683 7033{
272d90df 7034 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7035 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7036}
7037
272d90df 7038int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7039 u8 link_type, u8 addr_type, u8 status)
a5c29683 7040{
272d90df 7041 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7042 status,
7043 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7044}
2a611692 7045
604086b7 7046int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7047 u8 link_type, u8 addr_type, u8 status)
604086b7 7048{
272d90df 7049 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7050 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7051}
7052
272d90df 7053int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7054 u8 link_type, u8 addr_type, u8 status)
604086b7 7055{
272d90df 7056 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7057 status,
7058 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7059}
7060
92a25256
JH		 7061int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7062 u8 link_type, u8 addr_type, u32 passkey,
7063 u8 entered)
7064{
7065 struct mgmt_ev_passkey_notify ev;
7066
7067 BT_DBG("%s", hdev->name);
7068
7069 bacpy(&ev.addr.bdaddr, bdaddr);
7070 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7071 ev.passkey = __cpu_to_le32(passkey);
7072 ev.entered = entered;
7073
7074 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7075}
7076
e1e930f5 7077void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7078{
7079 struct mgmt_ev_auth_failed ev;
3b0602cd 7080 struct mgmt_pending_cmd *cmd;
e1e930f5 7081 u8 status = mgmt_status(hci_status);
2a611692 7082
e1e930f5
JH		 7083 bacpy(&ev.addr.bdaddr, &conn->dst);
7084 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7085 ev.status = status;
2a611692 7086
e1e930f5
JH		 7087 cmd = find_pairing(conn);
7088
7089 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7090 cmd ? cmd->sk : NULL);
7091
a511b35b
JH		 7092 if (cmd) {
7093 cmd->cmd_complete(cmd, status);
7094 mgmt_pending_remove(cmd);
7095 }
2a611692 7096}
b312b161 7097
464996ae 7098void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7099{
7100 struct cmd_lookup match = { NULL, hdev };
464996ae 7101 bool changed;
33ef95ed
JH		 7102
7103 if (status) {
7104 u8 mgmt_err = mgmt_status(status);
7105 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7106 cmd_status_rsp, &mgmt_err);
464996ae 7107 return;
33ef95ed
JH		 7108 }
7109
464996ae 7110 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7111 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7112 else
a69d8927 7113 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7114
33ef95ed 7115 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7116 &match);
33ef95ed 7117
47990ea0 7118 if (changed)
464996ae 7119 new_settings(hdev, match.sk);
33ef95ed
JH		 7120
7121 if (match.sk)
7122 sock_put(match.sk);
33ef95ed
JH		 7123}
7124
890ea898 7125static void clear_eir(struct hci_request *req)
cacaf52f 7126{
890ea898 7127 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7128 struct hci_cp_write_eir cp;
7129
976eb20e 7130 if (!lmp_ext_inq_capable(hdev))
890ea898 7131 return;
cacaf52f 7132
c80da27e
JH		 7133 memset(hdev->eir, 0, sizeof(hdev->eir));
7134
cacaf52f
JH		 7135 memset(&cp, 0, sizeof(cp));
7136
890ea898 7137 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7138}
7139
3e248560 7140void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7141{
7142 struct cmd_lookup match = { NULL, hdev };
890ea898 7143 struct hci_request req;
c0ecddc2 7144 bool changed = false;
ed2c4ee3
JH		 7145
7146 if (status) {
7147 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7148
a69d8927
MH		 7149 if (enable && hci_dev_test_and_clear_flag(hdev,
7150 HCI_SSP_ENABLED)) {
a358dc11 7151 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7152 new_settings(hdev, NULL);
9ecb3e24 7153 }
c0ecddc2 7154
04124681
GP		 7155 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7156 &mgmt_err);
3e248560 7157 return;
c0ecddc2
JH		 7158 }
7159
7160 if (enable) {
238be788 7161 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7162 } else {
a69d8927 7163 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7164 if (!changed)
a69d8927
MH		 7165 changed = hci_dev_test_and_clear_flag(hdev,
7166 HCI_HS_ENABLED);
9ecb3e24 7167 else
a358dc11 7168 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7169 }
7170
7171 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7172
c0ecddc2 7173 if (changed)
3e248560 7174 new_settings(hdev, match.sk);
ed2c4ee3 7175
5fc6ebb1 7176 if (match.sk)
ed2c4ee3
JH		 7177 sock_put(match.sk);
7178
890ea898
JH		 7179 hci_req_init(&req, hdev);
7180
d7a5a11d
MH		 7181 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7182 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7183 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7184 sizeof(enable), &enable);
b1a8917c 7185 __hci_req_update_eir(&req);
3769972b 7186 } else {
890ea898 7187 clear_eir(&req);
3769972b 7188 }
890ea898
JH		 7189
7190 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7191}
7192
3b0602cd 7193static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7194{
7195 struct cmd_lookup *match = data;
7196
90e70454
JH		 7197 if (match->sk == NULL) {
7198 match->sk = cmd->sk;
7199 sock_hold(match->sk);
7200 }
90e70454
JH		 7201}
7202
4e1b0245
MH		 7203void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7204 u8 status)
7f9a903c 7205{
90e70454 7206 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7207
92da6097
JH		 7208 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7209 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7210 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 7211
321c6fee 7212 if (!status) {
5504c3a3
MH		 7213 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7214 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 7215 ext_info_changed(hdev, NULL);
7216 }
90e70454
JH		 7217
7218 if (match.sk)
7219 sock_put(match.sk);
7f9a903c
MH		 7220}
7221
7667da34 7222void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7223{
b312b161 7224 struct mgmt_cp_set_local_name ev;
3b0602cd 7225 struct mgmt_pending_cmd *cmd;
28cc7bde 7226
13928971 7227 if (status)
7667da34 7228 return;
b312b161
JH		 7229
7230 memset(&ev, 0, sizeof(ev));
7231 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7232 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7233
333ae95d 7234 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7235 if (!cmd) {
7236 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7237
13928971
JH		 7238 /* If this is a HCI command related to powering on the
7239 * HCI dev don't send any mgmt signals.
7240 */
333ae95d 7241 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7242 return;
890ea898 7243 }
b312b161 7244
5504c3a3
MH		 7245 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7246 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 7247 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 7248}
c35938b2 7249
799ce93d
JP		 7250static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7251{
7252 int i;
7253
7254 for (i = 0; i < uuid_count; i++) {
7255 if (!memcmp(uuid, uuids[i], 16))
7256 return true;
7257 }
7258
7259 return false;
7260}
7261
b487b9ce
MH		 7262static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7263{
799ce93d
JP		 7264 u16 parsed = 0;
7265
7266 while (parsed < eir_len) {
7267 u8 field_len = eir[0];
7268 u8 uuid[16];
7269 int i;
7270
7271 if (field_len == 0)
7272 break;
7273
7274 if (eir_len - parsed < field_len + 1)
7275 break;
7276
7277 switch (eir[1]) {
7278 case EIR_UUID16_ALL:
7279 case EIR_UUID16_SOME:
7280 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7281 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7282 uuid[13] = eir[i + 3];
7283 uuid[12] = eir[i + 2];
7284 if (has_uuid(uuid, uuid_count, uuids))
7285 return true;
7286 }
7287 break;
7288 case EIR_UUID32_ALL:
7289 case EIR_UUID32_SOME:
7290 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7291 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7292 uuid[15] = eir[i + 5];
7293 uuid[14] = eir[i + 4];
7294 uuid[13] = eir[i + 3];
7295 uuid[12] = eir[i + 2];
7296 if (has_uuid(uuid, uuid_count, uuids))
7297 return true;
7298 }
7299 break;
7300 case EIR_UUID128_ALL:
7301 case EIR_UUID128_SOME:
7302 for (i = 0; i + 17 <= field_len; i += 16) {
7303 memcpy(uuid, eir + i + 2, 16);
7304 if (has_uuid(uuid, uuid_count, uuids))
7305 return true;
7306 }
7307 break;
7308 }
7309
7310 parsed += field_len + 1;
7311 eir += field_len + 1;
7312 }
7313
b487b9ce
MH		 7314 return false;
7315}
7316
4b0e0ced
JP		 7317static void restart_le_scan(struct hci_dev *hdev)
7318{
7319 /* If controller is not scanning we are done. */
d7a5a11d 7320 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7321 return;
7322
7323 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7324 hdev->discovery.scan_start +
7325 hdev->discovery.scan_duration))
7326 return;
7327
7c1fbed2 7328 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7329 DISCOV_LE_RESTART_DELAY);
7330}
7331
48f86b7f
JP		 7332static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7333 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7334{
48f86b7f
JP		 7335 /* If a RSSI threshold has been specified, and
7336 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7337 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7338 * is set, let it through for further processing, as we might need to
7339 * restart the scan.
efb2513f
MH		 7340 *
7341 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7342 * the results are also dropped.
bda157a4
MH		 7343 */
7344 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7345 (rssi == HCI_RSSI_INVALID ||
7346 (rssi < hdev->discovery.rssi &&
7347 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7348 return false;
efb2513f 7349
2976cdeb
JP		 7350 if (hdev->discovery.uuid_count != 0) {
7351 /* If a list of UUIDs is provided in filter, results with no
7352 * matching UUID should be dropped.
b487b9ce 7353 */
2976cdeb
JP		 7354 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7355 hdev->discovery.uuids) &&
7356 !eir_has_uuids(scan_rsp, scan_rsp_len,
7357 hdev->discovery.uuid_count,
7358 hdev->discovery.uuids))
7359 return false;
b487b9ce 7360 }
5d2e9fad 7361
2976cdeb
JP		 7362 /* If duplicate filtering does not report RSSI changes, then restart
7363 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7364 */
2976cdeb
JP		 7365 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7366 restart_le_scan(hdev);
7367
7368 /* Validate RSSI value against the RSSI threshold once more. */
7369 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7370 rssi < hdev->discovery.rssi)
7371 return false;
7372 }
48f86b7f
JP		 7373
7374 return true;
7375}
7376
7377void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7378 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7379 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7380{
7381 char buf[512];
7382 struct mgmt_ev_device_found *ev = (void *)buf;
7383 size_t ev_size;
7384
7385 /* Don't send events for a non-kernel initiated discovery. With
7386 * LE one exception is if we have pend_le_reports > 0 in which
7387 * case we're doing passive scanning and want these events.
7388 */
7389 if (!hci_discovery_active(hdev)) {
7390 if (link_type == ACL_LINK)
7391 return;
7392 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7393 return;
7394 }
7395
82f8b651 7396 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7397 /* We are using service discovery */
7398 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7399 scan_rsp_len))
7400 return;
7401 }
7402
78b781ca
JH		 7403 if (hdev->discovery.limited) {
7404 /* Check for limited discoverable bit */
7405 if (dev_class) {
7406 if (!(dev_class[1] & 0x20))
7407 return;
7408 } else {
7409 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7410 if (!flags || !(flags[0] & LE_AD_LIMITED))
7411 return;
7412 }
7413 }
7414
48f86b7f
JP		 7415 /* Make sure that the buffer is big enough. The 5 extra bytes
7416 * are for the potential CoD field.
7417 */
7418 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7419 return;
7420
48f86b7f
JP		 7421 memset(buf, 0, sizeof(buf));
7422
7423 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7424 * RSSI value was reported as 0 when not available. This behavior
7425 * is kept when using device discovery. This is required for full
7426 * backwards compatibility with the API.
7427 *
7428 * However when using service discovery, the value 127 will be
7429 * returned when the RSSI is not available.
7430 */
7431 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7432 link_type == ACL_LINK)
7433 rssi = 0;
7434
7435 bacpy(&ev->addr.bdaddr, bdaddr);
7436 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7437 ev->rssi = rssi;
7438 ev->flags = cpu_to_le32(flags);
7439
7440 if (eir_len > 0)
7441 /* Copy EIR or advertising data into event */
7442 memcpy(ev->eir, eir, eir_len);
7443
0d3b7f64
JH		 7444 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7445 NULL))
48f86b7f
JP		 7446 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7447 dev_class, 3);
7448
7449 if (scan_rsp_len > 0)
7450 /* Append scan response data to event */
7451 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7452
5d2e9fad
JH		 7453 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7454 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7455
901801b9 7456 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7457}
a88a9652 7458
9cf12aee
MH		 7459void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7460 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7461{
b644ba33
JH		 7462 struct mgmt_ev_device_found *ev;
7463 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7464 u16 eir_len;
a88a9652 7465
b644ba33 7466 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7467
b644ba33
JH		 7468 memset(buf, 0, sizeof(buf));
7469
7470 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7471 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7472 ev->rssi = rssi;
7473
7474 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7475 name_len);
b644ba33 7476
eb55ef07 7477 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7478
9cf12aee 7479 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7480}
314b2381 7481
2f1e063b 7482void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7483{
f963e8e9 7484 struct mgmt_ev_discovering ev;
164a6e78 7485
343fb145
AG		 7486 BT_DBG("%s discovering %u", hdev->name, discovering);
7487
f963e8e9
JH		 7488 memset(&ev, 0, sizeof(ev));
7489 ev.type = hdev->discovery.type;
7490 ev.discovering = discovering;
7491
2f1e063b 7492 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7493}
5e762444 7494
6d785aa3
JH		 7495static struct hci_mgmt_chan chan = {
7496 .channel = HCI_CHANNEL_CONTROL,
7497 .handler_count = ARRAY_SIZE(mgmt_handlers),
7498 .handlers = mgmt_handlers,
88b94ce9 7499 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7500};
7501
7502int mgmt_init(void)
7503{
7504 return hci_mgmt_chan_register(&chan);
7505}
7506
7507void mgmt_exit(void)
7508{
7509 hci_mgmt_chan_unregister(&chan);
7510}
Empty description
This page took 2.065572 seconds and 4 git commands to generate.