]> Git Repo - linux.git/blame - net/bluetooth/mgmt.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Refactor read_ext_controller_info handler
[linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
3310230c 41#define MGMT_REVISION 14
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 106 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 107 MGMT_OP_READ_EXT_INFO,
c4960ecf 108 MGMT_OP_SET_APPEARANCE,
e70bb2e8
JH		 109};
110
111static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
92a25256 132 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 133 MGMT_EV_NEW_IRK,
7ee4ea36 134 MGMT_EV_NEW_CSRK,
8afef092
MH		 135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
ffb5a827 137 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 138 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 139 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 140 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 146 MGMT_EV_EXT_INFO_CHANGED,
e70bb2e8
JH		 147};
148
99c679ac
MH		 149static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 155 MGMT_OP_READ_EXT_INFO,
99c679ac
MH		 156};
157
158static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 169 MGMT_EV_EXT_INFO_CHANGED,
99c679ac
MH		 170};
171
17b02e62 172#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 173
d25b78e2
JH		 174#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
ca69b795
JH		 177/* HCI to MGMT error code conversion table */
178static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
240};
241
242static u8 mgmt_status(u8 hci_status)
243{
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248}
249
c08b1a1d
MH		 250static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
f9207338 252{
c08b1a1d
MH		 253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
f9207338
MH		 255}
256
72000df2
MH		 257static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262}
263
7a00ff44
JH		 264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 268 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 269}
270
85813a7e
JH		 271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
03c979c4
MH		 279void mgmt_fill_version_info(void *ver)
280{
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285}
286
04124681
GP		 287static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
a38528f1
JH		 289{
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
03c979c4 294 mgmt_fill_version_info(&rp);
a38528f1 295
2a1afb5a
JH		 296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
a38528f1
JH		 298}
299
04124681
GP		 300static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
e70bb2e8
JH		 302{
303 struct mgmt_rp_read_commands *rp;
99c679ac 304 u16 num_commands, num_events;
e70bb2e8
JH		 305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
99c679ac
MH		 310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
e70bb2e8
JH		 318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
dcf4adbf
JP		 324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 326
99c679ac
MH		 327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 332
99c679ac
MH		 333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
e70bb2e8 344
2a1afb5a
JH		 345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
e70bb2e8
JH		 347 kfree(rp);
348
349 return err;
350}
351
04124681
GP		 352static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
faba42eb 354{
faba42eb 355 struct mgmt_rp_read_index_list *rp;
8035ded4 356 struct hci_dev *d;
a38528f1 357 size_t rp_len;
faba42eb 358 u16 count;
476e44cb 359 int err;
faba42eb
JH		 360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
bb4b2a9a 366 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 367 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 369 count++;
faba42eb
JH		 370 }
371
a38528f1
JH		 372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
b2c60d42 375 read_unlock(&hci_dev_list_lock);
faba42eb 376 return -ENOMEM;
b2c60d42 377 }
faba42eb 378
476e44cb 379 count = 0;
8035ded4 380 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 384 continue;
385
73d1df2a
MH		 386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
388 */
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 390 continue;
391
ca8bee5d 392 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
faba42eb
JH		 397 }
398
476e44cb
JH		 399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
faba42eb
JH		 402 read_unlock(&hci_dev_list_lock);
403
2a1afb5a
JH		 404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
faba42eb 406
a38528f1
JH		 407 kfree(rp);
408
409 return err;
faba42eb
JH		 410}
411
73d1df2a
MH		 412static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414{
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 427 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 444 continue;
445
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
448 */
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
ca8bee5d 452 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
2a1afb5a
JH		 464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 466
467 kfree(rp);
468
469 return err;
470}
471
96f1474a
MH		 472static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474{
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
477 size_t rp_len;
478 u16 count;
479 int err;
480
481 BT_DBG("sock %p", sk);
482
483 read_lock(&hci_dev_list_lock);
484
485 count = 0;
486 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 487 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 488 count++;
489 }
490
491 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
492 rp = kmalloc(rp_len, GFP_ATOMIC);
493 if (!rp) {
494 read_unlock(&hci_dev_list_lock);
495 return -ENOMEM;
496 }
497
498 count = 0;
499 list_for_each_entry(d, &hci_dev_list, list) {
500 if (hci_dev_test_flag(d, HCI_SETUP) ||
501 hci_dev_test_flag(d, HCI_CONFIG) ||
502 hci_dev_test_flag(d, HCI_USER_CHANNEL))
503 continue;
504
505 /* Devices marked as raw-only are neither configured
506 * nor unconfigured controllers.
507 */
508 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
509 continue;
510
ca8bee5d 511 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 512 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
513 rp->entry[count].type = 0x01;
514 else
515 rp->entry[count].type = 0x00;
516 } else if (d->dev_type == HCI_AMP) {
517 rp->entry[count].type = 0x02;
518 } else {
519 continue;
520 }
521
522 rp->entry[count].bus = d->bus;
523 rp->entry[count++].index = cpu_to_le16(d->id);
524 BT_DBG("Added hci%u", d->id);
525 }
526
527 rp->num_controllers = cpu_to_le16(count);
528 rp_len = sizeof(*rp) + (sizeof(rp->entry[0]) * count);
529
530 read_unlock(&hci_dev_list_lock);
531
532 /* If this command is called at least once, then all the
533 * default index and unconfigured index events are disabled
534 * and from now on only extended index events are used.
535 */
536 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
537 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
538 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
539
540 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
541 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp, rp_len);
542
543 kfree(rp);
544
545 return err;
546}
547
dbece37a
MH		 548static bool is_configured(struct hci_dev *hdev)
549{
550 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 551 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 552 return false;
553
554 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
555 !bacmp(&hdev->public_addr, BDADDR_ANY))
556 return false;
557
558 return true;
559}
560
89bc22d2
MH		 561static __le32 get_missing_options(struct hci_dev *hdev)
562{
563 u32 options = 0;
564
dbece37a 565 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 566 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 567 options |= MGMT_OPTION_EXTERNAL_CONFIG;
568
89bc22d2
MH		 569 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574}
575
f4537c04
MH		 576static int new_options(struct hci_dev *hdev, struct sock *skip)
577{
578 __le32 options = get_missing_options(hdev);
579
5504c3a3
MH		 580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 582}
583
dbece37a
MH		 584static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585{
586 __le32 options = get_missing_options(hdev);
587
2a1afb5a
JH		 588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
dbece37a
MH		 590}
591
9fc3bfb6
MH		 592static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594{
595 struct mgmt_rp_read_config_info rp;
89bc22d2 596 u32 options = 0;
9fc3bfb6
MH		 597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 604
eb1904f4
MH		 605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
9fc3bfb6 608 if (hdev->set_bdaddr)
89bc22d2
MH		 609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 613
614 hci_dev_unlock(hdev);
615
2a1afb5a
JH		 616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
9fc3bfb6
MH		 618}
619
69ab39ea
JH		 620static u32 get_supported_settings(struct hci_dev *hdev)
621{
622 u32 settings = 0;
623
624 settings |= MGMT_SETTING_POWERED;
b2939475 625 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 626 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 627 settings |= MGMT_SETTING_CONNECTABLE;
628 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 629
ed3fa31f 630 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 631 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
632 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 633 settings |= MGMT_SETTING_BREDR;
634 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 635
636 if (lmp_ssp_capable(hdev)) {
637 settings |= MGMT_SETTING_SSP;
638 settings |= MGMT_SETTING_HS;
639 }
e98d2ce2 640
05b3c3e7 641 if (lmp_sc_capable(hdev))
e98d2ce2 642 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 643 }
d7b7e796 644
eeca6f89 645 if (lmp_le_capable(hdev)) {
9d42820f 646 settings |= MGMT_SETTING_LE;
eeca6f89 647 settings |= MGMT_SETTING_ADVERTISING;
a3209694 648 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 649 settings |= MGMT_SETTING_PRIVACY;
93690c22 650 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 651 }
69ab39ea 652
eb1904f4
MH		 653 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
654 hdev->set_bdaddr)
9fc3bfb6
MH		 655 settings |= MGMT_SETTING_CONFIGURATION;
656
69ab39ea
JH		 657 return settings;
658}
659
660static u32 get_current_settings(struct hci_dev *hdev)
661{
662 u32 settings = 0;
663
f1f0eb02 664 if (hdev_is_powered(hdev))
f0d4b78a
MH		 665 settings |= MGMT_SETTING_POWERED;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 668 settings |= MGMT_SETTING_CONNECTABLE;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 671 settings |= MGMT_SETTING_FAST_CONNECTABLE;
672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 674 settings |= MGMT_SETTING_DISCOVERABLE;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 677 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 678
d7a5a11d 679 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 680 settings |= MGMT_SETTING_BREDR;
681
d7a5a11d 682 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 683 settings |= MGMT_SETTING_LE;
684
d7a5a11d 685 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 686 settings |= MGMT_SETTING_LINK_SECURITY;
687
d7a5a11d 688 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 689 settings |= MGMT_SETTING_SSP;
690
d7a5a11d 691 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 692 settings |= MGMT_SETTING_HS;
693
d7a5a11d 694 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 695 settings |= MGMT_SETTING_ADVERTISING;
696
d7a5a11d 697 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 698 settings |= MGMT_SETTING_SECURE_CONN;
699
d7a5a11d 700 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 701 settings |= MGMT_SETTING_DEBUG_KEYS;
702
d7a5a11d 703 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 704 settings |= MGMT_SETTING_PRIVACY;
705
93690c22
MH		 706 /* The current setting for static address has two purposes. The
707 * first is to indicate if the static address will be used and
708 * the second is to indicate if it is actually set.
709 *
710 * This means if the static address is not configured, this flag
08dc0e98 711 * will never be set. If the address is configured, then if the
93690c22
MH		 712 * address is actually used decides if the flag is set or not.
713 *
714 * For single mode LE only controllers and dual-mode controllers
715 * with BR/EDR disabled, the existence of the static address will
716 * be evaluated.
717 */
b7cb93e5 718 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 719 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 720 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
721 if (bacmp(&hdev->static_addr, BDADDR_ANY))
722 settings |= MGMT_SETTING_STATIC_ADDRESS;
723 }
724
69ab39ea
JH		 725 return settings;
726}
727
333ae95d
JH		 728static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
729{
730 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
731}
732
333ae95d
JH		 733static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
734 struct hci_dev *hdev,
735 const void *data)
736{
737 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
738}
739
f2252570 740u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 741{
3b0602cd 742 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 743
744 /* If there's a pending mgmt command the flags will not yet have
745 * their final values, so check for this first.
746 */
333ae95d 747 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 748 if (cmd) {
749 struct mgmt_mode *cp = cmd->param;
750 if (cp->val == 0x01)
751 return LE_AD_GENERAL;
752 else if (cp->val == 0x02)
753 return LE_AD_LIMITED;
754 } else {
d7a5a11d 755 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 756 return LE_AD_LIMITED;
d7a5a11d 757 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 758 return LE_AD_GENERAL;
759 }
760
761 return 0;
762}
763
f2252570 764bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 765{
766 struct mgmt_pending_cmd *cmd;
441ad2d0 767
fdf51784
AU		 768 /* If there's a pending mgmt command the flag will not yet have
769 * it's final value, so check for this first.
770 */
771 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
772 if (cmd) {
773 struct mgmt_mode *cp = cmd->param;
441ad2d0 774
fdf51784 775 return cp->val;
441ad2d0
MH		 776 }
777
fdf51784
AU		 778 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
779}
441ad2d0 780
7d78525d
JH		 781static void service_cache_off(struct work_struct *work)
782{
783 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 784 service_cache.work);
890ea898 785 struct hci_request req;
7d78525d 786
a69d8927 787 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 788 return;
789
890ea898
JH		 790 hci_req_init(&req, hdev);
791
7d78525d
JH		 792 hci_dev_lock(hdev);
793
b1a8917c 794 __hci_req_update_eir(&req);
14bf5eac 795 __hci_req_update_class(&req);
7d78525d
JH		 796
797 hci_dev_unlock(hdev);
890ea898
JH		 798
799 hci_req_run(&req, NULL);
7d78525d
JH		 800}
801
d6bfd59c
JH		 802static void rpa_expired(struct work_struct *work)
803{
804 struct hci_dev *hdev = container_of(work, struct hci_dev,
805 rpa_expired.work);
806 struct hci_request req;
807
808 BT_DBG("");
809
a1536da2 810 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 811
d7a5a11d 812 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 813 return;
814
815 /* The generation of a new RPA and programming it into the
f2252570
JH		 816 * controller happens in the hci_req_enable_advertising()
817 * function.
d6bfd59c 818 */
d6bfd59c 819 hci_req_init(&req, hdev);
f2252570 820 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 821 hci_req_run(&req, NULL);
822}
823
6a919082 824static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 825{
238be788 826 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 827 return;
828
4f87da80 829 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 830 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 831
4f87da80
JH		 832 /* Non-mgmt controlled devices get this bit set
833 * implicitly so that pairing works for them, however
834 * for mgmt we require user-space to explicitly enable
835 * it
836 */
a358dc11 837 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 838}
839
0f4e68cf 840static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 841 void *data, u16 data_len)
0381101f 842{
a38528f1 843 struct mgmt_rp_read_info rp;
f7b64e69 844
bdb6d971 845 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 846
09fd0de5 847 hci_dev_lock(hdev);
f7b64e69 848
dc4fe30b
JH		 849 memset(&rp, 0, sizeof(rp));
850
69ab39ea 851 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 852
69ab39ea 853 rp.version = hdev->hci_ver;
eb55ef07 854 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 855
856 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
857 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 858
a38528f1 859 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 860
dc4fe30b 861 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 862 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 863
09fd0de5 864 hci_dev_unlock(hdev);
0381101f 865
2a1afb5a
JH		 866 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
867 sizeof(rp));
0381101f
JH		 868}
869
8a0c9f49
MN		 870static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
871 u8 data_len)
872{
873 eir[eir_len++] = sizeof(type) + data_len;
874 eir[eir_len++] = type;
875 memcpy(&eir[eir_len], data, data_len);
876 eir_len += data_len;
877
878 return eir_len;
879}
880
321c6fee
MH		 881static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
882 void *data, u16 data_len)
883{
7d5c11da
SJ		 884 char buf[512];
885 struct mgmt_rp_read_ext_info *rp = (void *)buf;
8a0c9f49 886 u16 eir_len = 0;
7d5c11da 887 size_t name_len;
321c6fee
MH		 888
889 BT_DBG("sock %p %s", sk, hdev->name);
890
7d5c11da
SJ		 891 memset(&buf, 0, sizeof(buf));
892
321c6fee
MH		 893 hci_dev_lock(hdev);
894
7d5c11da
SJ		 895 bacpy(&rp->bdaddr, &hdev->bdaddr);
896
897 rp->version = hdev->hci_ver;
898 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
899
900 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
901 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
902
8a0c9f49 903 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7d5c11da 904 eir_len = eir_append_data(rp->eir, eir_len, EIR_CLASS_OF_DEV,
8a0c9f49 905 hdev->dev_class, 3);
321c6fee 906
8a0c9f49 907 name_len = strlen(hdev->dev_name);
7d5c11da 908 eir_len = eir_append_data(rp->eir, eir_len, EIR_NAME_COMPLETE,
8a0c9f49 909 hdev->dev_name, name_len);
321c6fee 910
8a0c9f49 911 name_len = strlen(hdev->short_name);
7d5c11da 912 eir_len = eir_append_data(rp->eir, eir_len, EIR_NAME_SHORT,
8a0c9f49 913 hdev->short_name, name_len);
321c6fee 914
8a0c9f49 915 rp->eir_len = cpu_to_le16(eir_len);
321c6fee
MH		 916
917 hci_dev_unlock(hdev);
918
919 /* If this command is called at least once, then the events
920 * for class of device and local name changes are disabled
921 * and only the new extended controller information event
922 * is used.
923 */
924 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
925 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
926 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
927
8a0c9f49
MN		 928 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
929 sizeof(*rp) + eir_len);
321c6fee
MH		 930}
931
932static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
933{
934 struct mgmt_ev_ext_info_changed ev;
935
936 ev.eir_len = cpu_to_le16(0);
937
938 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, &ev,
939 sizeof(ev), HCI_MGMT_EXT_INFO_EVENTS, skip);
940}
941
69ab39ea 942static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 943{
69ab39ea 944 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 945
2a1afb5a
JH		 946 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
947 sizeof(settings));
8680570b
JH		 948}
949
1904a853 950static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 951{
952 BT_DBG("%s status 0x%02x", hdev->name, status);
953
a3172b7e
JH		 954 if (hci_conn_count(hdev) == 0) {
955 cancel_delayed_work(&hdev->power_off);
8b064a3a 956 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 957 }
8b064a3a
JH		 958}
959
f2252570 960void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 961{
962 struct mgmt_ev_advertising_added ev;
963
964 ev.instance = instance;
965
966 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
967}
968
f2252570
JH		 969void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
970 u8 instance)
912098a6
AU		 971{
972 struct mgmt_ev_advertising_removed ev;
973
974 ev.instance = instance;
975
976 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
977}
978
7816b820
FG		 979static void cancel_adv_timeout(struct hci_dev *hdev)
980{
981 if (hdev->adv_instance_timeout) {
982 hdev->adv_instance_timeout = 0;
983 cancel_delayed_work(&hdev->adv_instance_expire);
984 }
985}
986
8b064a3a
JH		 987static int clean_up_hci_state(struct hci_dev *hdev)
988{
989 struct hci_request req;
990 struct hci_conn *conn;
23a48093
JH		 991 bool discov_stopped;
992 int err;
8b064a3a
JH		 993
994 hci_req_init(&req, hdev);
995
996 if (test_bit(HCI_ISCAN, &hdev->flags) ||
997 test_bit(HCI_PSCAN, &hdev->flags)) {
998 u8 scan = 0x00;
999 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1000 }
1001
37d3a1fa 1002 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
912098a6 1003
d7a5a11d 1004 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1005 __hci_req_disable_advertising(&req);
8b064a3a 1006
2154d3f4 1007 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1008
1009 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1010 /* 0x15 == Terminated due to Power Off */
1011 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1012 }
1013
23a48093
JH		 1014 err = hci_req_run(&req, clean_up_hci_complete);
1015 if (!err && discov_stopped)
1016 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1017
1018 return err;
8b064a3a
JH		 1019}
1020
bdb6d971 1021static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1022 u16 len)
eec8d2bc 1023{
650f726d 1024 struct mgmt_mode *cp = data;
3b0602cd 1025 struct mgmt_pending_cmd *cmd;
4b34ee78 1026 int err;
eec8d2bc 1027
bdb6d971 1028 BT_DBG("request for %s", hdev->name);
eec8d2bc 1029
a7e80f25 1030 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1031 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1032 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1033
09fd0de5 1034 hci_dev_lock(hdev);
eec8d2bc 1035
333ae95d 1036 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1037 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1038 MGMT_STATUS_BUSY);
87b95ba6
JH		 1039 goto failed;
1040 }
1041
4b34ee78 1042 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1043 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1044 goto failed;
1045 }
1046
2e58ef3e 1047 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1048 if (!cmd) {
1049 err = -ENOMEM;
eec8d2bc 1050 goto failed;
366a0336 1051 }
eec8d2bc 1052
8b064a3a 1053 if (cp->val) {
19202573 1054 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1055 err = 0;
1056 } else {
1057 /* Disconnect connections, stop scans, etc */
1058 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1059 if (!err)
1060 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1061 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1062
8b064a3a
JH		 1063 /* ENODATA means there were no HCI commands queued */
1064 if (err == -ENODATA) {
a3172b7e 1065 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1066 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1067 err = 0;
1068 }
1069 }
eec8d2bc
JH		 1070
1071failed:
09fd0de5 1072 hci_dev_unlock(hdev);
366a0336 1073 return err;
eec8d2bc
JH		 1074}
1075
beadb2bd
JH		 1076static int new_settings(struct hci_dev *hdev, struct sock *skip)
1077{
f6b7712e 1078 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1079
5504c3a3
MH		 1080 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1081 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
beadb2bd
JH		 1082}
1083
91a668b0
JH		 1084int mgmt_new_settings(struct hci_dev *hdev)
1085{
1086 return new_settings(hdev, NULL);
1087}
1088
bd99abdd
JH		 1089struct cmd_lookup {
1090 struct sock *sk;
1091 struct hci_dev *hdev;
1092 u8 mgmt_status;
1093};
1094
3b0602cd 1095static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1096{
1097 struct cmd_lookup *match = data;
1098
1099 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1100
1101 list_del(&cmd->list);
1102
1103 if (match->sk == NULL) {
1104 match->sk = cmd->sk;
1105 sock_hold(match->sk);
1106 }
1107
1108 mgmt_pending_free(cmd);
1109}
1110
3b0602cd 1111static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1112{
1113 u8 *status = data;
1114
a69e8375 1115 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1116 mgmt_pending_remove(cmd);
1117}
1118
3b0602cd 1119static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1120{
1121 if (cmd->cmd_complete) {
1122 u8 *status = data;
1123
1124 cmd->cmd_complete(cmd, *status);
1125 mgmt_pending_remove(cmd);
1126
1127 return;
1128 }
1129
1130 cmd_status_rsp(cmd, data);
1131}
1132
3b0602cd 1133static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1134{
2a1afb5a
JH		 1135 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1136 cmd->param, cmd->param_len);
f5818c22
JH		 1137}
1138
3b0602cd 1139static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1140{
2a1afb5a
JH		 1141 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1142 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1143}
1144
e6fe7986
JH		 1145static u8 mgmt_bredr_support(struct hci_dev *hdev)
1146{
1147 if (!lmp_bredr_capable(hdev))
1148 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1149 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1150 return MGMT_STATUS_REJECTED;
1151 else
1152 return MGMT_STATUS_SUCCESS;
1153}
1154
1155static u8 mgmt_le_support(struct hci_dev *hdev)
1156{
1157 if (!lmp_le_capable(hdev))
1158 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1159 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1160 return MGMT_STATUS_REJECTED;
1161 else
1162 return MGMT_STATUS_SUCCESS;
1163}
1164
aed1a885 1165void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1166{
3b0602cd 1167 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1168
1169 BT_DBG("status 0x%02x", status);
1170
1171 hci_dev_lock(hdev);
1172
333ae95d 1173 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1174 if (!cmd)
1175 goto unlock;
1176
1177 if (status) {
1178 u8 mgmt_err = mgmt_status(status);
a69e8375 1179 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1180 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1181 goto remove_cmd;
1182 }
1183
aed1a885
JH		 1184 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1185 hdev->discov_timeout > 0) {
1186 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1187 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1188 }
bfaf8c9f
JH		 1189
1190 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1191 new_settings(hdev, cmd->sk);
970ba524 1192
bfaf8c9f
JH		 1193remove_cmd:
1194 mgmt_pending_remove(cmd);
1195
1196unlock:
1197 hci_dev_unlock(hdev);
1198}
1199
bdb6d971 1200static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1201 u16 len)
73f22f62 1202{
650f726d 1203 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1204 struct mgmt_pending_cmd *cmd;
5e5282bb 1205 u16 timeout;
73f22f62
JH		 1206 int err;
1207
bdb6d971 1208 BT_DBG("request for %s", hdev->name);
73f22f62 1209
d7a5a11d
MH		 1210 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1211 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1213 MGMT_STATUS_REJECTED);
33c525c0 1214
310a3d48 1215 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1216 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1217 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1218
1f350c87 1219 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1220
1221 /* Disabling discoverable requires that no timeout is set,
1222 * and enabling limited discoverable requires a timeout.
1223 */
1224 if ((cp->val == 0x00 && timeout > 0) ||
1225 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1226 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1227 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1228
09fd0de5 1229 hci_dev_lock(hdev);
73f22f62 1230
5e5282bb 1231 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1233 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1234 goto failed;
1235 }
1236
333ae95d
JH		 1237 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1238 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1239 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1240 MGMT_STATUS_BUSY);
73f22f62
JH		 1241 goto failed;
1242 }
1243
d7a5a11d 1244 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1245 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1246 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1247 goto failed;
1248 }
1249
1250 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1251 bool changed = false;
1252
310a3d48
MH		 1253 /* Setting limited discoverable when powered off is
1254 * not a valid operation since it requires a timeout
1255 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1256 */
d7a5a11d 1257 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1258 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1259 changed = true;
1260 }
1261
5e5282bb 1262 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1263 if (err < 0)
1264 goto failed;
1265
1266 if (changed)
1267 err = new_settings(hdev, sk);
1268
5e5282bb
JH		 1269 goto failed;
1270 }
1271
310a3d48
MH		 1272 /* If the current mode is the same, then just update the timeout
1273 * value with the new value. And if only the timeout gets updated,
1274 * then no need for any HCI transactions.
1275 */
d7a5a11d
MH		 1276 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1277 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1278 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1279 cancel_delayed_work(&hdev->discov_off);
1280 hdev->discov_timeout = timeout;
955638ec 1281
36261547
MH		 1282 if (cp->val && hdev->discov_timeout > 0) {
1283 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1284 queue_delayed_work(hdev->req_workqueue,
1285 &hdev->discov_off, to);
955638ec
MH		 1286 }
1287
69ab39ea 1288 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1289 goto failed;
1290 }
1291
2e58ef3e 1292 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1293 if (!cmd) {
1294 err = -ENOMEM;
73f22f62 1295 goto failed;
366a0336 1296 }
73f22f62 1297
310a3d48
MH		 1298 /* Cancel any potential discoverable timeout that might be
1299 * still active and store new timeout value. The arming of
1300 * the timeout happens in the complete handler.
1301 */
1302 cancel_delayed_work(&hdev->discov_off);
1303 hdev->discov_timeout = timeout;
1304
aed1a885
JH		 1305 if (cp->val)
1306 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1307 else
1308 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1309
b456f87c
JH		 1310 /* Limited discoverable mode */
1311 if (cp->val == 0x02)
a1536da2 1312 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1313 else
a358dc11 1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1315
aed1a885
JH		 1316 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1317 err = 0;
73f22f62
JH		 1318
1319failed:
09fd0de5 1320 hci_dev_unlock(hdev);
73f22f62
JH		 1321 return err;
1322}
1323
53c0ba74 1324void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1325{
3b0602cd 1326 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1327
1328 BT_DBG("status 0x%02x", status);
1329
1330 hci_dev_lock(hdev);
1331
333ae95d 1332 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1333 if (!cmd)
1334 goto unlock;
1335
37438c1f
JH		 1336 if (status) {
1337 u8 mgmt_err = mgmt_status(status);
a69e8375 1338 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1339 goto remove_cmd;
1340 }
1341
2b76f453 1342 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1343 new_settings(hdev, cmd->sk);
d7b856f9 1344
37438c1f 1345remove_cmd:
2b76f453
JH		 1346 mgmt_pending_remove(cmd);
1347
1348unlock:
1349 hci_dev_unlock(hdev);
1350}
1351
e8ba3a1f
JH		 1352static int set_connectable_update_settings(struct hci_dev *hdev,
1353 struct sock *sk, u8 val)
1354{
1355 bool changed = false;
1356 int err;
1357
d7a5a11d 1358 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1359 changed = true;
1360
1361 if (val) {
a1536da2 1362 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1363 } else {
a358dc11
MH		 1364 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1365 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1366 }
1367
1368 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1369 if (err < 0)
1370 return err;
1371
562064e6 1372 if (changed) {
01b1cb87 1373 hci_req_update_scan(hdev);
562064e6 1374 hci_update_background_scan(hdev);
e8ba3a1f 1375 return new_settings(hdev, sk);
562064e6 1376 }
e8ba3a1f
JH		 1377
1378 return 0;
1379}
1380
bdb6d971 1381static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1382 u16 len)
9fbcbb45 1383{
650f726d 1384 struct mgmt_mode *cp = data;
3b0602cd 1385 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1386 int err;
1387
bdb6d971 1388 BT_DBG("request for %s", hdev->name);
9fbcbb45 1389
d7a5a11d
MH		 1390 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1391 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1392 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1393 MGMT_STATUS_REJECTED);
33c525c0 1394
a7e80f25 1395 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1396 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1397 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1398
09fd0de5 1399 hci_dev_lock(hdev);
9fbcbb45 1400
4b34ee78 1401 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1402 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1403 goto failed;
1404 }
1405
333ae95d
JH		 1406 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1407 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1408 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1409 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1410 goto failed;
1411 }
1412
2e58ef3e 1413 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1414 if (!cmd) {
1415 err = -ENOMEM;
9fbcbb45 1416 goto failed;
366a0336 1417 }
9fbcbb45 1418
53c0ba74
JH		 1419 if (cp->val) {
1420 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1421 } else {
1422 if (hdev->discov_timeout > 0)
1423 cancel_delayed_work(&hdev->discov_off);
2b76f453 1424
53c0ba74
JH		 1425 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1426 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1427 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1428 }
2b76f453 1429
53c0ba74
JH		 1430 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1431 err = 0;
9fbcbb45
JH		 1432
1433failed:
09fd0de5 1434 hci_dev_unlock(hdev);
9fbcbb45
JH		 1435 return err;
1436}
1437
b2939475 1438static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1439 u16 len)
c542a06c 1440{
650f726d 1441 struct mgmt_mode *cp = data;
55594356 1442 bool changed;
c542a06c
JH		 1443 int err;
1444
bdb6d971 1445 BT_DBG("request for %s", hdev->name);
c542a06c 1446
a7e80f25 1447 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1448 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1449 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1450
09fd0de5 1451 hci_dev_lock(hdev);
c542a06c
JH		 1452
1453 if (cp->val)
238be788 1454 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1455 else
a69d8927 1456 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1457
b2939475 1458 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1459 if (err < 0)
55594356 1460 goto unlock;
c542a06c 1461
82a37ade
JH		 1462 if (changed) {
1463 /* In limited privacy mode the change of bondable mode
1464 * may affect the local advertising address.
1465 */
1466 if (hdev_is_powered(hdev) &&
1467 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1468 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1469 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1470 queue_work(hdev->req_workqueue,
1471 &hdev->discoverable_update);
1472
55594356 1473 err = new_settings(hdev, sk);
82a37ade 1474 }
c542a06c 1475
55594356 1476unlock:
09fd0de5 1477 hci_dev_unlock(hdev);
c542a06c
JH		 1478 return err;
1479}
1480
04124681
GP		 1481static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1482 u16 len)
33ef95ed
JH		 1483{
1484 struct mgmt_mode *cp = data;
3b0602cd 1485 struct mgmt_pending_cmd *cmd;
e6fe7986 1486 u8 val, status;
33ef95ed
JH		 1487 int err;
1488
bdb6d971 1489 BT_DBG("request for %s", hdev->name);
33ef95ed 1490
e6fe7986
JH		 1491 status = mgmt_bredr_support(hdev);
1492 if (status)
a69e8375
JH		 1493 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1494 status);
33c525c0 1495
a7e80f25 1496 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1497 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1498 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1499
33ef95ed
JH		 1500 hci_dev_lock(hdev);
1501
4b34ee78 1502 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1503 bool changed = false;
1504
d7a5a11d 1505 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1506 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1507 changed = true;
1508 }
1509
1510 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1511 if (err < 0)
1512 goto failed;
1513
1514 if (changed)
1515 err = new_settings(hdev, sk);
1516
33ef95ed
JH		 1517 goto failed;
1518 }
1519
333ae95d 1520 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1521 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1522 MGMT_STATUS_BUSY);
33ef95ed
JH		 1523 goto failed;
1524 }
1525
1526 val = !!cp->val;
1527
1528 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1529 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1530 goto failed;
1531 }
1532
1533 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1534 if (!cmd) {
1535 err = -ENOMEM;
1536 goto failed;
1537 }
1538
1539 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1540 if (err < 0) {
1541 mgmt_pending_remove(cmd);
1542 goto failed;
1543 }
1544
1545failed:
1546 hci_dev_unlock(hdev);
33ef95ed
JH		 1547 return err;
1548}
1549
bdb6d971 1550static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1551{
1552 struct mgmt_mode *cp = data;
3b0602cd 1553 struct mgmt_pending_cmd *cmd;
72ef0c1a 1554 u8 status;
ed2c4ee3
JH		 1555 int err;
1556
bdb6d971 1557 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1558
cdba5281
MH		 1559 status = mgmt_bredr_support(hdev);
1560 if (status)
a69e8375 1561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1562
13ecd8b6 1563 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1565 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1566
a7e80f25 1567 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1568 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1569 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1570
13ecd8b6 1571 hci_dev_lock(hdev);
6c8f12c1 1572
4b34ee78 1573 if (!hdev_is_powered(hdev)) {
9ecb3e24 1574 bool changed;
c0ecddc2 1575
9ecb3e24 1576 if (cp->val) {
238be788
MH		 1577 changed = !hci_dev_test_and_set_flag(hdev,
1578 HCI_SSP_ENABLED);
9ecb3e24 1579 } else {
a69d8927
MH		 1580 changed = hci_dev_test_and_clear_flag(hdev,
1581 HCI_SSP_ENABLED);
9ecb3e24 1582 if (!changed)
a69d8927
MH		 1583 changed = hci_dev_test_and_clear_flag(hdev,
1584 HCI_HS_ENABLED);
9ecb3e24 1585 else
a358dc11 1586 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1587 }
1588
1589 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1590 if (err < 0)
1591 goto failed;
1592
1593 if (changed)
1594 err = new_settings(hdev, sk);
1595
ed2c4ee3
JH		 1596 goto failed;
1597 }
1598
333ae95d 1599 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1600 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1601 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1602 goto failed;
1603 }
1604
d7a5a11d 1605 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1606 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1607 goto failed;
1608 }
1609
1610 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1611 if (!cmd) {
1612 err = -ENOMEM;
1613 goto failed;
1614 }
1615
d7a5a11d 1616 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1617 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1618 sizeof(cp->val), &cp->val);
1619
72ef0c1a 1620 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1621 if (err < 0) {
1622 mgmt_pending_remove(cmd);
1623 goto failed;
1624 }
1625
1626failed:
1627 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1628 return err;
1629}
1630
bdb6d971 1631static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1632{
1633 struct mgmt_mode *cp = data;
ee392693 1634 bool changed;
e6fe7986 1635 u8 status;
ee392693 1636 int err;
6d80dfd0 1637
bdb6d971 1638 BT_DBG("request for %s", hdev->name);
6d80dfd0 1639
e6fe7986
JH		 1640 status = mgmt_bredr_support(hdev);
1641 if (status)
a69e8375 1642 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1643
9ecb3e24 1644 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1645 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1646 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1647
d7a5a11d 1648 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1649 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1650 MGMT_STATUS_REJECTED);
9ecb3e24 1651
a7e80f25 1652 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1653 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1654 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1655
ee392693
MH		 1656 hci_dev_lock(hdev);
1657
333ae95d 1658 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1659 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1660 MGMT_STATUS_BUSY);
a2cb01de
JH		 1661 goto unlock;
1662 }
1663
a0cdf960 1664 if (cp->val) {
238be788 1665 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1666 } else {
1667 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1668 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1669 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1670 goto unlock;
1671 }
1672
a69d8927 1673 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1674 }
ee392693
MH		 1675
1676 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1677 if (err < 0)
1678 goto unlock;
1679
1680 if (changed)
1681 err = new_settings(hdev, sk);
6d80dfd0 1682
ee392693
MH		 1683unlock:
1684 hci_dev_unlock(hdev);
1685 return err;
6d80dfd0
JH		 1686}
1687
1904a853 1688static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1689{
1690 struct cmd_lookup match = { NULL, hdev };
1691
3ad67582
JK		 1692 hci_dev_lock(hdev);
1693
416a4ae5
JH		 1694 if (status) {
1695 u8 mgmt_err = mgmt_status(status);
1696
1697 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1698 &mgmt_err);
3ad67582 1699 goto unlock;
416a4ae5
JH		 1700 }
1701
1702 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1703
1704 new_settings(hdev, match.sk);
1705
1706 if (match.sk)
1707 sock_put(match.sk);
441ad2d0
MH		 1708
1709 /* Make sure the controller has a good default for
1710 * advertising data. Restrict the update to when LE
1711 * has actually been enabled. During power on, the
1712 * update in powered_update_hci will take care of it.
1713 */
d7a5a11d 1714 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 1715 struct hci_request req;
1716
441ad2d0 1717 hci_req_init(&req, hdev);
cab054ab
JH		 1718 __hci_req_update_adv_data(&req, 0x00);
1719 __hci_req_update_scan_rsp_data(&req, 0x00);
441ad2d0 1720 hci_req_run(&req, NULL);
2e93e53b 1721 hci_update_background_scan(hdev);
441ad2d0 1722 }
3ad67582
JK		 1723
1724unlock:
1725 hci_dev_unlock(hdev);
416a4ae5
JH		 1726}
1727
bdb6d971 1728static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1729{
1730 struct mgmt_mode *cp = data;
1731 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1732 struct mgmt_pending_cmd *cmd;
416a4ae5 1733 struct hci_request req;
06199cf8 1734 int err;
0b60eba1 1735 u8 val, enabled;
06199cf8 1736
bdb6d971 1737 BT_DBG("request for %s", hdev->name);
06199cf8 1738
13ecd8b6 1739 if (!lmp_le_capable(hdev))
a69e8375
JH		 1740 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1741 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1742
a7e80f25 1743 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1744 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1745 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1746
e7844ee5
MH		 1747 /* Bluetooth single mode LE only controllers or dual-mode
1748 * controllers configured as LE only devices, do not allow
1749 * switching LE off. These have either LE enabled explicitly
1750 * or BR/EDR has been previously switched off.
1751 *
1752 * When trying to enable an already enabled LE, then gracefully
1753 * send a positive response. Trying to disable it however will
1754 * result into rejection.
1755 */
1756 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1757 if (cp->val == 0x01)
1758 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1759
a69e8375
JH		 1760 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1761 MGMT_STATUS_REJECTED);
e7844ee5 1762 }
c73eee91 1763
13ecd8b6 1764 hci_dev_lock(hdev);
06199cf8
JH		 1765
1766 val = !!cp->val;
ffa88e02 1767 enabled = lmp_host_le_capable(hdev);
06199cf8 1768
847818d9 1769 if (!val)
37d3a1fa 1770 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
847818d9 1771
0b60eba1 1772 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1773 bool changed = false;
1774
d7a5a11d 1775 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1776 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1777 changed = true;
1778 }
1779
d7a5a11d 1780 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1781 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1782 changed = true;
1783 }
1784
06199cf8
JH		 1785 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1786 if (err < 0)
1de028ce 1787 goto unlock;
06199cf8
JH		 1788
1789 if (changed)
1790 err = new_settings(hdev, sk);
1791
1de028ce 1792 goto unlock;
06199cf8
JH		 1793 }
1794
333ae95d
JH		 1795 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1796 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1797 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1798 MGMT_STATUS_BUSY);
1de028ce 1799 goto unlock;
06199cf8
JH		 1800 }
1801
1802 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1803 if (!cmd) {
1804 err = -ENOMEM;
1de028ce 1805 goto unlock;
06199cf8
JH		 1806 }
1807
441ad2d0
MH		 1808 hci_req_init(&req, hdev);
1809
06199cf8
JH		 1810 memset(&hci_cp, 0, sizeof(hci_cp));
1811
1812 if (val) {
1813 hci_cp.le = val;
32226e4f 1814 hci_cp.simul = 0x00;
441ad2d0 1815 } else {
d7a5a11d 1816 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1817 __hci_req_disable_advertising(&req);
06199cf8
JH		 1818 }
1819
416a4ae5
JH		 1820 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1821 &hci_cp);
1822
1823 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1824 if (err < 0)
06199cf8 1825 mgmt_pending_remove(cmd);
06199cf8 1826
1de028ce
JH		 1827unlock:
1828 hci_dev_unlock(hdev);
06199cf8
JH		 1829 return err;
1830}
1831
0cab9c80
JH		 1832/* This is a helper function to test for pending mgmt commands that can
1833 * cause CoD or EIR HCI commands. We can only allow one such pending
1834 * mgmt command at a time since otherwise we cannot easily track what
1835 * the current values are, will be, and based on that calculate if a new
1836 * HCI command needs to be sent and if yes with what value.
1837 */
1838static bool pending_eir_or_class(struct hci_dev *hdev)
1839{
3b0602cd 1840 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1841
1842 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1843 switch (cmd->opcode) {
1844 case MGMT_OP_ADD_UUID:
1845 case MGMT_OP_REMOVE_UUID:
1846 case MGMT_OP_SET_DEV_CLASS:
1847 case MGMT_OP_SET_POWERED:
1848 return true;
1849 }
1850 }
1851
1852 return false;
1853}
1854
83be8eca
JH		 1855static const u8 bluetooth_base_uuid[] = {
1856 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
1857 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1858};
1859
1860static u8 get_uuid_size(const u8 *uuid)
1861{
1862 u32 val;
1863
1864 if (memcmp(uuid, bluetooth_base_uuid, 12))
1865 return 128;
1866
1867 val = get_unaligned_le32(&uuid[12]);
1868 if (val > 0xffff)
1869 return 32;
1870
1871 return 16;
1872}
1873
92da6097
JH		 1874static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
1875{
3b0602cd 1876 struct mgmt_pending_cmd *cmd;
92da6097
JH		 1877
1878 hci_dev_lock(hdev);
1879
333ae95d 1880 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 1881 if (!cmd)
1882 goto unlock;
1883
2a1afb5a
JH		 1884 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
1885 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 1886
1887 mgmt_pending_remove(cmd);
1888
1889unlock:
1890 hci_dev_unlock(hdev);
1891}
1892
1904a853 1893static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1894{
1895 BT_DBG("status 0x%02x", status);
1896
1897 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
1898}
1899
bdb6d971 1900static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 1901{
650f726d 1902 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 1903 struct mgmt_pending_cmd *cmd;
890ea898 1904 struct hci_request req;
2aeb9a1a 1905 struct bt_uuid *uuid;
2aeb9a1a
JH		 1906 int err;
1907
bdb6d971 1908 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1909
09fd0de5 1910 hci_dev_lock(hdev);
2aeb9a1a 1911
0cab9c80 1912 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1913 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
1914 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1915 goto failed;
1916 }
1917
92c4c204 1918 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 1919 if (!uuid) {
1920 err = -ENOMEM;
1921 goto failed;
1922 }
1923
1924 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 1925 uuid->svc_hint = cp->svc_hint;
83be8eca 1926 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 1927
de66aa63 1928 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 1929
890ea898 1930 hci_req_init(&req, hdev);
1aff6f09 1931
14bf5eac 1932 __hci_req_update_class(&req);
b1a8917c 1933 __hci_req_update_eir(&req);
890ea898 1934
92da6097
JH		 1935 err = hci_req_run(&req, add_uuid_complete);
1936 if (err < 0) {
1937 if (err != -ENODATA)
1938 goto failed;
80a1e1db 1939
2a1afb5a
JH		 1940 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
1941 hdev->dev_class, 3);
90e70454
JH		 1942 goto failed;
1943 }
1944
1945 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 1946 if (!cmd) {
90e70454 1947 err = -ENOMEM;
890ea898
JH		 1948 goto failed;
1949 }
1950
1951 err = 0;
2aeb9a1a
JH		 1952
1953failed:
09fd0de5 1954 hci_dev_unlock(hdev);
2aeb9a1a
JH		 1955 return err;
1956}
1957
24b78d0f
JH		 1958static bool enable_service_cache(struct hci_dev *hdev)
1959{
1960 if (!hdev_is_powered(hdev))
1961 return false;
1962
238be788 1963 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 1964 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
1965 CACHE_TIMEOUT);
24b78d0f
JH		 1966 return true;
1967 }
1968
1969 return false;
1970}
1971
1904a853 1972static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 1973{
1974 BT_DBG("status 0x%02x", status);
1975
1976 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
1977}
1978
bdb6d971 1979static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 1980 u16 len)
2aeb9a1a 1981{
650f726d 1982 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 1983 struct mgmt_pending_cmd *cmd;
056341c8 1984 struct bt_uuid *match, *tmp;
2aeb9a1a 1985 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 1986 struct hci_request req;
2aeb9a1a
JH		 1987 int err, found;
1988
bdb6d971 1989 BT_DBG("request for %s", hdev->name);
2aeb9a1a 1990
09fd0de5 1991 hci_dev_lock(hdev);
2aeb9a1a 1992
0cab9c80 1993 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 1994 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
1995 MGMT_STATUS_BUSY);
c95f0ba7
JH		 1996 goto unlock;
1997 }
1998
2aeb9a1a 1999 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2000 hci_uuids_clear(hdev);
4004b6d9 2001
24b78d0f 2002 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2003 err = mgmt_cmd_complete(sk, hdev->id,
2004 MGMT_OP_REMOVE_UUID,
2005 0, hdev->dev_class, 3);
24b78d0f
JH		 2006 goto unlock;
2007 }
4004b6d9 2008
9246a869 2009 goto update_class;
2aeb9a1a
JH		 2010 }
2011
2012 found = 0;
2013
056341c8 2014 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2015 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2016 continue;
2017
2018 list_del(&match->list);
482049f7 2019 kfree(match);
2aeb9a1a
JH		 2020 found++;
2021 }
2022
2023 if (found == 0) {
a69e8375
JH		 2024 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2025 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2026 goto unlock;
2027 }
2028
9246a869 2029update_class:
890ea898 2030 hci_req_init(&req, hdev);
1aff6f09 2031
14bf5eac 2032 __hci_req_update_class(&req);
b1a8917c 2033 __hci_req_update_eir(&req);
890ea898 2034
92da6097
JH		 2035 err = hci_req_run(&req, remove_uuid_complete);
2036 if (err < 0) {
2037 if (err != -ENODATA)
2038 goto unlock;
80a1e1db 2039
2a1afb5a
JH		 2040 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2041 hdev->dev_class, 3);
90e70454
JH		 2042 goto unlock;
2043 }
2044
2045 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2046 if (!cmd) {
90e70454 2047 err = -ENOMEM;
890ea898
JH		 2048 goto unlock;
2049 }
2050
2051 err = 0;
2aeb9a1a
JH		 2052
2053unlock:
09fd0de5 2054 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2055 return err;
2056}
2057
1904a853 2058static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2059{
2060 BT_DBG("status 0x%02x", status);
2061
2062 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2063}
2064
bdb6d971 2065static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2066 u16 len)
1aff6f09 2067{
650f726d 2068 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2069 struct mgmt_pending_cmd *cmd;
890ea898 2070 struct hci_request req;
1aff6f09
JH		 2071 int err;
2072
bdb6d971 2073 BT_DBG("request for %s", hdev->name);
1aff6f09 2074
6203fc98 2075 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2077 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2078
0cab9c80 2079 hci_dev_lock(hdev);
ee98f473 2080
0cab9c80 2081 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2082 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2083 MGMT_STATUS_BUSY);
0cab9c80
JH		 2084 goto unlock;
2085 }
c95f0ba7 2086
0cab9c80 2087 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2088 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2089 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2090 goto unlock;
2091 }
575b3a02 2092
932f5ff5
JH		 2093 hdev->major_class = cp->major;
2094 hdev->minor_class = cp->minor;
2095
b5235a65 2096 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2097 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2098 hdev->dev_class, 3);
b5235a65
JH		 2099 goto unlock;
2100 }
2101
890ea898
JH		 2102 hci_req_init(&req, hdev);
2103
a69d8927 2104 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2105 hci_dev_unlock(hdev);
2106 cancel_delayed_work_sync(&hdev->service_cache);
2107 hci_dev_lock(hdev);
b1a8917c 2108 __hci_req_update_eir(&req);
7d78525d 2109 }
14c0b608 2110
14bf5eac 2111 __hci_req_update_class(&req);
890ea898 2112
92da6097
JH		 2113 err = hci_req_run(&req, set_class_complete);
2114 if (err < 0) {
2115 if (err != -ENODATA)
2116 goto unlock;
1aff6f09 2117
2a1afb5a
JH		 2118 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2119 hdev->dev_class, 3);
90e70454
JH		 2120 goto unlock;
2121 }
2122
2123 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2124 if (!cmd) {
90e70454 2125 err = -ENOMEM;
890ea898
JH		 2126 goto unlock;
2127 }
2128
2129 err = 0;
1aff6f09 2130
b5235a65 2131unlock:
09fd0de5 2132 hci_dev_unlock(hdev);
1aff6f09
JH		 2133 return err;
2134}
2135
bdb6d971 2136static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2137 u16 len)
55ed8ca1 2138{
650f726d 2139 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2140 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2141 sizeof(struct mgmt_link_key_info));
4e51eae9 2142 u16 key_count, expected_len;
b1de97d8 2143 bool changed;
a492cd52 2144 int i;
55ed8ca1 2145
9060d5cf
MH		 2146 BT_DBG("request for %s", hdev->name);
2147
2148 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2150 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2151
1f350c87 2152 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2153 if (key_count > max_key_count) {
2154 BT_ERR("load_link_keys: too big key_count value %u",
2155 key_count);
a69e8375
JH		 2156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2157 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2158 }
55ed8ca1 2159
86742e1e
JH		 2160 expected_len = sizeof(*cp) + key_count *
2161 sizeof(struct mgmt_link_key_info);
a492cd52 2162 if (expected_len != len) {
86742e1e 2163 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2164 expected_len, len);
a69e8375
JH		 2165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2166 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2167 }
2168
4ae14301 2169 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2170 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2171 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2172
bdb6d971 2173 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2174 key_count);
55ed8ca1 2175
4ee71b20
JH		 2176 for (i = 0; i < key_count; i++) {
2177 struct mgmt_link_key_info *key = &cp->keys[i];
2178
8e991132 2179 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2180 return mgmt_cmd_status(sk, hdev->id,
2181 MGMT_OP_LOAD_LINK_KEYS,
2182 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2183 }
2184
09fd0de5 2185 hci_dev_lock(hdev);
55ed8ca1
JH		 2186
2187 hci_link_keys_clear(hdev);
2188
55ed8ca1 2189 if (cp->debug_keys)
238be788 2190 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2191 else
a69d8927
MH		 2192 changed = hci_dev_test_and_clear_flag(hdev,
2193 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2194
2195 if (changed)
2196 new_settings(hdev, NULL);
55ed8ca1 2197
a492cd52 2198 for (i = 0; i < key_count; i++) {
86742e1e 2199 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2200
58e9293c
JH		 2201 /* Always ignore debug keys and require a new pairing if
2202 * the user wants to use them.
2203 */
2204 if (key->type == HCI_LK_DEBUG_COMBINATION)
2205 continue;
2206
7652ff6a
JH		 2207 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2208 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2209 }
2210
2a1afb5a 2211 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2212
09fd0de5 2213 hci_dev_unlock(hdev);
55ed8ca1 2214
a492cd52 2215 return 0;
55ed8ca1
JH		 2216}
2217
b1078ad0 2218static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2219 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2220{
2221 struct mgmt_ev_device_unpaired ev;
2222
2223 bacpy(&ev.addr.bdaddr, bdaddr);
2224 ev.addr.type = addr_type;
2225
2226 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2227 skip_sk);
b1078ad0
JH		 2228}
2229
bdb6d971 2230static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2231 u16 len)
55ed8ca1 2232{
124f6e35
JH		 2233 struct mgmt_cp_unpair_device *cp = data;
2234 struct mgmt_rp_unpair_device rp;
fc64361a 2235 struct hci_conn_params *params;
3b0602cd 2236 struct mgmt_pending_cmd *cmd;
55ed8ca1 2237 struct hci_conn *conn;
ec182f03 2238 u8 addr_type;
55ed8ca1
JH		 2239 int err;
2240
a8a1d19e 2241 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2242 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2243 rp.addr.type = cp->addr.type;
a8a1d19e 2244
4ee71b20 2245 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2246 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2247 MGMT_STATUS_INVALID_PARAMS,
2248 &rp, sizeof(rp));
4ee71b20 2249
118da70b 2250 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2251 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2252 MGMT_STATUS_INVALID_PARAMS,
2253 &rp, sizeof(rp));
118da70b 2254
4ee71b20
JH		 2255 hci_dev_lock(hdev);
2256
86a8cfc6 2257 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2258 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2259 MGMT_STATUS_NOT_POWERED, &rp,
2260 sizeof(rp));
86a8cfc6
JH		 2261 goto unlock;
2262 }
2263
e0b2b27e 2264 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2265 /* If disconnection is requested, then look up the
2266 * connection. If the remote device is connected, it
2267 * will be later used to terminate the link.
2268 *
2269 * Setting it to NULL explicitly will cause no
2270 * termination of the link.
2271 */
2272 if (cp->disconnect)
2273 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2274 &cp->addr.bdaddr);
2275 else
2276 conn = NULL;
2277
124f6e35 2278 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2279 if (err < 0) {
2280 err = mgmt_cmd_complete(sk, hdev->id,
2281 MGMT_OP_UNPAIR_DEVICE,
2282 MGMT_STATUS_NOT_PAIRED, &rp,
2283 sizeof(rp));
2284 goto unlock;
89cbb063
AA		 2285 }
2286
ec182f03 2287 goto done;
e0b2b27e 2288 }
b0dbfb46 2289
ec182f03
JH		 2290 /* LE address type */
2291 addr_type = le_addr_type(cp->addr.type);
2292
2293 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2294
2295 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2296 if (err < 0) {
2a1afb5a
JH		 2297 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2298 MGMT_STATUS_NOT_PAIRED, &rp,
2299 sizeof(rp));
55ed8ca1
JH		 2300 goto unlock;
2301 }
2302
ec182f03
JH		 2303 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2304 if (!conn) {
2305 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2306 goto done;
2307 }
2308
c81d555a
JH		 2309 /* Abort any ongoing SMP pairing */
2310 smp_cancel_pairing(conn);
2311
ec182f03
JH		 2312 /* Defer clearing up the connection parameters until closing to
2313 * give a chance of keeping them if a repairing happens.
2314 */
2315 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2316
fc64361a
JH		 2317 /* Disable auto-connection parameters if present */
2318 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2319 if (params) {
2320 if (params->explicit_connect)
2321 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2322 else
2323 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2324 }
2325
ec182f03
JH		 2326 /* If disconnection is not requested, then clear the connection
2327 * variable so that the link is not terminated.
2328 */
2329 if (!cp->disconnect)
2330 conn = NULL;
2331
2332done:
89cbb063
AA		 2333 /* If the connection variable is set, then termination of the
2334 * link is requested.
2335 */
a8a1d19e 2336 if (!conn) {
2a1afb5a
JH		 2337 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2338 &rp, sizeof(rp));
b1078ad0 2339 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2340 goto unlock;
2341 }
55ed8ca1 2342
124f6e35 2343 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2344 sizeof(*cp));
a8a1d19e
JH		 2345 if (!cmd) {
2346 err = -ENOMEM;
2347 goto unlock;
55ed8ca1
JH		 2348 }
2349
d8b7b1e4
JH		 2350 cmd->cmd_complete = addr_cmd_complete;
2351
89e0ccc8 2352 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2353 if (err < 0)
2354 mgmt_pending_remove(cmd);
2355
55ed8ca1 2356unlock:
09fd0de5 2357 hci_dev_unlock(hdev);
55ed8ca1
JH		 2358 return err;
2359}
2360
bdb6d971 2361static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2362 u16 len)
8962ee74 2363{
650f726d 2364 struct mgmt_cp_disconnect *cp = data;
06a63b19 2365 struct mgmt_rp_disconnect rp;
3b0602cd 2366 struct mgmt_pending_cmd *cmd;
8962ee74 2367 struct hci_conn *conn;
8962ee74
JH		 2368 int err;
2369
2370 BT_DBG("");
2371
06a63b19
JH		 2372 memset(&rp, 0, sizeof(rp));
2373 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2374 rp.addr.type = cp->addr.type;
2375
4ee71b20 2376 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2377 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2378 MGMT_STATUS_INVALID_PARAMS,
2379 &rp, sizeof(rp));
4ee71b20 2380
09fd0de5 2381 hci_dev_lock(hdev);
8962ee74
JH		 2382
2383 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2384 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2385 MGMT_STATUS_NOT_POWERED, &rp,
2386 sizeof(rp));
8962ee74
JH		 2387 goto failed;
2388 }
2389
333ae95d 2390 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2391 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2392 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2393 goto failed;
2394 }
2395
591f47f3 2396 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2397 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2398 &cp->addr.bdaddr);
88c3df13 2399 else
9d4c1cc1
JH		 2400 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2401 le_addr_type(cp->addr.type));
365227e5 2402
f960727e 2403 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2404 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2405 MGMT_STATUS_NOT_CONNECTED, &rp,
2406 sizeof(rp));
8962ee74
JH		 2407 goto failed;
2408 }
2409
2e58ef3e 2410 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2411 if (!cmd) {
2412 err = -ENOMEM;
8962ee74 2413 goto failed;
366a0336 2414 }
8962ee74 2415
f5818c22
JH		 2416 cmd->cmd_complete = generic_cmd_complete;
2417
e3f2f92a 2418 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2419 if (err < 0)
a664b5bc 2420 mgmt_pending_remove(cmd);
8962ee74
JH		 2421
2422failed:
09fd0de5 2423 hci_dev_unlock(hdev);
8962ee74
JH		 2424 return err;
2425}
2426
57c1477c 2427static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2428{
2429 switch (link_type) {
2430 case LE_LINK:
48264f06
JH		 2431 switch (addr_type) {
2432 case ADDR_LE_DEV_PUBLIC:
591f47f3 2433 return BDADDR_LE_PUBLIC;
0ed09148 2434
48264f06 2435 default:
0ed09148 2436 /* Fallback to LE Random address type */
591f47f3 2437 return BDADDR_LE_RANDOM;
48264f06 2438 }
0ed09148 2439
4c659c39 2440 default:
0ed09148 2441 /* Fallback to BR/EDR type */
591f47f3 2442 return BDADDR_BREDR;
4c659c39
JH		 2443 }
2444}
2445
04124681
GP		 2446static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2447 u16 data_len)
2784eb41 2448{
2784eb41 2449 struct mgmt_rp_get_connections *rp;
8035ded4 2450 struct hci_conn *c;
a38528f1 2451 size_t rp_len;
60fc5fb6
JH		 2452 int err;
2453 u16 i;
2784eb41
JH		 2454
2455 BT_DBG("");
2456
09fd0de5 2457 hci_dev_lock(hdev);
2784eb41 2458
5f97c1df 2459 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2460 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2461 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2462 goto unlock;
2463 }
2464
60fc5fb6 2465 i = 0;
b644ba33
JH		 2466 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2467 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2468 i++;
2784eb41
JH		 2469 }
2470
60fc5fb6 2471 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2472 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2473 if (!rp) {
2784eb41
JH		 2474 err = -ENOMEM;
2475 goto unlock;
2476 }
2477
2784eb41 2478 i = 0;
4c659c39 2479 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2480 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2481 continue;
4c659c39 2482 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2483 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2484 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2485 continue;
2486 i++;
2487 }
2488
eb55ef07 2489 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2490
4c659c39
JH		 2491 /* Recalculate length in case of filtered SCO connections, etc */
2492 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2493
2a1afb5a
JH		 2494 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2495 rp_len);
2784eb41 2496
a38528f1 2497 kfree(rp);
5f97c1df
JH		 2498
2499unlock:
09fd0de5 2500 hci_dev_unlock(hdev);
2784eb41
JH		 2501 return err;
2502}
2503
bdb6d971 2504static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2505 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2506{
3b0602cd 2507 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2508 int err;
2509
2e58ef3e 2510 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2511 sizeof(*cp));
96d97a67
WR		 2512 if (!cmd)
2513 return -ENOMEM;
2514
d8457698 2515 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2516 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2517 if (err < 0)
2518 mgmt_pending_remove(cmd);
2519
2520 return err;
2521}
2522
bdb6d971 2523static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2524 u16 len)
980e1a53 2525{
96d97a67 2526 struct hci_conn *conn;
650f726d 2527 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2528 struct hci_cp_pin_code_reply reply;
3b0602cd 2529 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2530 int err;
2531
2532 BT_DBG("");
2533
09fd0de5 2534 hci_dev_lock(hdev);
980e1a53 2535
4b34ee78 2536 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2537 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2538 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2539 goto failed;
2540 }
2541
d8457698 2542 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2543 if (!conn) {
a69e8375
JH		 2544 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2545 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2546 goto failed;
2547 }
2548
2549 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2550 struct mgmt_cp_pin_code_neg_reply ncp;
2551
2552 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2553
2554 BT_ERR("PIN code is not 16 bytes long");
2555
bdb6d971 2556 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2557 if (err >= 0)
a69e8375
JH		 2558 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2559 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2560
2561 goto failed;
2562 }
2563
00abfe44 2564 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2565 if (!cmd) {
2566 err = -ENOMEM;
980e1a53 2567 goto failed;
366a0336 2568 }
980e1a53 2569
7776d1d8
JH		 2570 cmd->cmd_complete = addr_cmd_complete;
2571
d8457698 2572 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2573 reply.pin_len = cp->pin_len;
24718ca5 2574 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2575
2576 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2577 if (err < 0)
a664b5bc 2578 mgmt_pending_remove(cmd);
980e1a53
JH		 2579
2580failed:
09fd0de5 2581 hci_dev_unlock(hdev);
980e1a53
JH		 2582 return err;
2583}
2584
04124681
GP		 2585static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2586 u16 len)
17fa4b9d 2587{
650f726d 2588 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2589
2590 BT_DBG("");
2591
4ec86d4c 2592 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 2593 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2594 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 2595
09fd0de5 2596 hci_dev_lock(hdev);
17fa4b9d
JH		 2597
2598 hdev->io_capability = cp->io_capability;
2599
2600 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2601 hdev->io_capability);
17fa4b9d 2602
09fd0de5 2603 hci_dev_unlock(hdev);
17fa4b9d 2604
2a1afb5a
JH		 2605 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2606 NULL, 0);
17fa4b9d
JH		 2607}
2608
3b0602cd 2609static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2610{
2611 struct hci_dev *hdev = conn->hdev;
3b0602cd 2612 struct mgmt_pending_cmd *cmd;
e9a416b5 2613
2e58ef3e 2614 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2615 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2616 continue;
2617
e9a416b5
JH		 2618 if (cmd->user_data != conn)
2619 continue;
2620
2621 return cmd;
2622 }
2623
2624 return NULL;
2625}
2626
3b0602cd 2627static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2628{
2629 struct mgmt_rp_pair_device rp;
2630 struct hci_conn *conn = cmd->user_data;
9df74653 2631 int err;
e9a416b5 2632
61b1a7fb
JH		 2633 bacpy(&rp.addr.bdaddr, &conn->dst);
2634 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2635
2a1afb5a
JH		 2636 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2637 status, &rp, sizeof(rp));
e9a416b5
JH		 2638
2639 /* So we don't get further callbacks for this connection */
2640 conn->connect_cfm_cb = NULL;
2641 conn->security_cfm_cb = NULL;
2642 conn->disconn_cfm_cb = NULL;
2643
76a68ba0 2644 hci_conn_drop(conn);
89cbb063
AA		 2645
2646 /* The device is paired so there is no need to remove
2647 * its connection parameters anymore.
2648 */
2649 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2650
2651 hci_conn_put(conn);
9df74653
JH		 2652
2653 return err;
e9a416b5
JH		 2654}
2655
f4a407be
JH		 2656void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2657{
2658 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2659 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2660
2661 cmd = find_pairing(conn);
a511b35b 2662 if (cmd) {
04ab2749 2663 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2664 mgmt_pending_remove(cmd);
2665 }
f4a407be
JH		 2666}
2667
e9a416b5
JH		 2668static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2669{
3b0602cd 2670 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2671
2672 BT_DBG("status %u", status);
2673
2674 cmd = find_pairing(conn);
a511b35b 2675 if (!cmd) {
e9a416b5 2676 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2677 return;
2678 }
2679
2680 cmd->cmd_complete(cmd, mgmt_status(status));
2681 mgmt_pending_remove(cmd);
e9a416b5
JH		 2682}
2683
f4a407be 2684static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2685{
3b0602cd 2686 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2687
2688 BT_DBG("status %u", status);
2689
2690 if (!status)
2691 return;
2692
2693 cmd = find_pairing(conn);
a511b35b 2694 if (!cmd) {
4c47d739 2695 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2696 return;
2697 }
2698
2699 cmd->cmd_complete(cmd, mgmt_status(status));
2700 mgmt_pending_remove(cmd);
4c47d739
VA		 2701}
2702
bdb6d971 2703static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2704 u16 len)
e9a416b5 2705{
650f726d 2706 struct mgmt_cp_pair_device *cp = data;
1425acb7 2707 struct mgmt_rp_pair_device rp;
3b0602cd 2708 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2709 u8 sec_level, auth_type;
2710 struct hci_conn *conn;
e9a416b5
JH		 2711 int err;
2712
2713 BT_DBG("");
2714
f950a30e
SJ		 2715 memset(&rp, 0, sizeof(rp));
2716 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2717 rp.addr.type = cp->addr.type;
2718
4ee71b20 2719 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2720 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2721 MGMT_STATUS_INVALID_PARAMS,
2722 &rp, sizeof(rp));
4ee71b20 2723
4ec86d4c 2724 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2725 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2726 MGMT_STATUS_INVALID_PARAMS,
2727 &rp, sizeof(rp));
4ec86d4c 2728
09fd0de5 2729 hci_dev_lock(hdev);
e9a416b5 2730
5f97c1df 2731 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2732 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2733 MGMT_STATUS_NOT_POWERED, &rp,
2734 sizeof(rp));
5f97c1df
JH		 2735 goto unlock;
2736 }
2737
55e76b38
JH		 2738 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2739 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2740 MGMT_STATUS_ALREADY_PAIRED, &rp,
2741 sizeof(rp));
2742 goto unlock;
2743 }
2744
c908df36 2745 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2746 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2747
6f77d8c7 2748 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2749 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2750 auth_type);
6f77d8c7 2751 } else {
85813a7e 2752 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2753 struct hci_conn_params *p;
6f77d8c7 2754
7c264b10
MH		 2755 /* When pairing a new device, it is expected to remember
2756 * this device for future connections. Adding the connection
2757 * parameter information ahead of time allows tracking
2758 * of the slave preferred values and will speed up any
2759 * further connection establishment.
2760 *
2761 * If connection parameters already exist, then they
2762 * will be kept and this function does nothing.
2763 */
5157b8a5
JP		 2764 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2765
2766 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2767 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2768
fa142220
JP		 2769 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2770 addr_type, sec_level,
0ad06aa6 2771 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2772 }
7a512d01 2773
30e76272 2774 if (IS_ERR(conn)) {
489dc48e
AK		 2775 int status;
2776
2777 if (PTR_ERR(conn) == -EBUSY)
2778 status = MGMT_STATUS_BUSY;
faa81030
LR		 2779 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2780 status = MGMT_STATUS_NOT_SUPPORTED;
2781 else if (PTR_ERR(conn) == -ECONNREFUSED)
2782 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2783 else
2784 status = MGMT_STATUS_CONNECT_FAILED;
2785
2a1afb5a
JH		 2786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2787 status, &rp, sizeof(rp));
e9a416b5
JH		 2788 goto unlock;
2789 }
2790
2791 if (conn->connect_cfm_cb) {
76a68ba0 2792 hci_conn_drop(conn);
2a1afb5a
JH		 2793 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2794 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2795 goto unlock;
2796 }
2797
2e58ef3e 2798 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2799 if (!cmd) {
2800 err = -ENOMEM;
76a68ba0 2801 hci_conn_drop(conn);
e9a416b5
JH		 2802 goto unlock;
2803 }
2804
04ab2749
JH		 2805 cmd->cmd_complete = pairing_complete;
2806
7a512d01 2807 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2808 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2809 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2810 conn->security_cfm_cb = pairing_complete_cb;
2811 conn->disconn_cfm_cb = pairing_complete_cb;
2812 } else {
2813 conn->connect_cfm_cb = le_pairing_complete_cb;
2814 conn->security_cfm_cb = le_pairing_complete_cb;
2815 conn->disconn_cfm_cb = le_pairing_complete_cb;
2816 }
7a512d01 2817
e9a416b5 2818 conn->io_capability = cp->io_cap;
f8aaf9b6 2819 cmd->user_data = hci_conn_get(conn);
e9a416b5 2820
6f78fd4b 2821 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2822 hci_conn_security(conn, sec_level, auth_type, true)) {
2823 cmd->cmd_complete(cmd, 0);
2824 mgmt_pending_remove(cmd);
2825 }
e9a416b5
JH		 2826
2827 err = 0;
2828
2829unlock:
09fd0de5 2830 hci_dev_unlock(hdev);
e9a416b5
JH		 2831 return err;
2832}
2833
04124681
GP		 2834static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2835 u16 len)
28424707 2836{
0f4e68cf 2837 struct mgmt_addr_info *addr = data;
3b0602cd 2838 struct mgmt_pending_cmd *cmd;
28424707
JH		 2839 struct hci_conn *conn;
2840 int err;
2841
2842 BT_DBG("");
2843
28424707
JH		 2844 hci_dev_lock(hdev);
2845
5f97c1df 2846 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2847 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2848 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2849 goto unlock;
2850 }
2851
333ae95d 2852 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2853 if (!cmd) {
a69e8375
JH		 2854 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2855 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2856 goto unlock;
2857 }
2858
2859 conn = cmd->user_data;
2860
2861 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 2862 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2863 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2864 goto unlock;
2865 }
2866
a511b35b
JH		 2867 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
2868 mgmt_pending_remove(cmd);
28424707 2869
2a1afb5a
JH		 2870 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
2871 addr, sizeof(*addr));
28424707
JH		 2872unlock:
2873 hci_dev_unlock(hdev);
28424707
JH		 2874 return err;
2875}
2876
bdb6d971 2877static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 2878 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 2879 u16 hci_op, __le32 passkey)
a5c29683 2880{
3b0602cd 2881 struct mgmt_pending_cmd *cmd;
0df4c185 2882 struct hci_conn *conn;
a5c29683
JH		 2883 int err;
2884
09fd0de5 2885 hci_dev_lock(hdev);
08ba5382 2886
4b34ee78 2887 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2888 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2889 MGMT_STATUS_NOT_POWERED, addr,
2890 sizeof(*addr));
0df4c185 2891 goto done;
a5c29683
JH		 2892 }
2893
1707c60e
JH		 2894 if (addr->type == BDADDR_BREDR)
2895 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 2896 else
9d4c1cc1
JH		 2897 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
2898 le_addr_type(addr->type));
272d90df
JH		 2899
2900 if (!conn) {
2a1afb5a
JH		 2901 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2902 MGMT_STATUS_NOT_CONNECTED, addr,
2903 sizeof(*addr));
272d90df
JH		 2904 goto done;
2905 }
47c15e2b 2906
1707c60e 2907 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 2908 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 2909 if (!err)
2a1afb5a
JH		 2910 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2911 MGMT_STATUS_SUCCESS, addr,
2912 sizeof(*addr));
5fe57d9e 2913 else
2a1afb5a
JH		 2914 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
2915 MGMT_STATUS_FAILED, addr,
2916 sizeof(*addr));
47c15e2b 2917
47c15e2b
BG		 2918 goto done;
2919 }
2920
1707c60e 2921 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 2922 if (!cmd) {
2923 err = -ENOMEM;
0df4c185 2924 goto done;
a5c29683
JH		 2925 }
2926
7776d1d8
JH		 2927 cmd->cmd_complete = addr_cmd_complete;
2928
0df4c185 2929 /* Continue with pairing via HCI */
604086b7
BG		 2930 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
2931 struct hci_cp_user_passkey_reply cp;
2932
1707c60e 2933 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 2934 cp.passkey = passkey;
2935 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
2936 } else
1707c60e
JH		 2937 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
2938 &addr->bdaddr);
604086b7 2939
a664b5bc
JH		 2940 if (err < 0)
2941 mgmt_pending_remove(cmd);
a5c29683 2942
0df4c185 2943done:
09fd0de5 2944 hci_dev_unlock(hdev);
a5c29683
JH		 2945 return err;
2946}
2947
afeb019d
JK		 2948static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
2949 void *data, u16 len)
2950{
2951 struct mgmt_cp_pin_code_neg_reply *cp = data;
2952
2953 BT_DBG("");
2954
1707c60e 2955 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 2956 MGMT_OP_PIN_CODE_NEG_REPLY,
2957 HCI_OP_PIN_CODE_NEG_REPLY, 0);
2958}
2959
04124681
GP		 2960static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2961 u16 len)
0df4c185 2962{
650f726d 2963 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 2964
2965 BT_DBG("");
2966
2967 if (len != sizeof(*cp))
a69e8375
JH		 2968 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
2969 MGMT_STATUS_INVALID_PARAMS);
0df4c185 2970
1707c60e 2971 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2972 MGMT_OP_USER_CONFIRM_REPLY,
2973 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 2974}
2975
bdb6d971 2976static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2977 void *data, u16 len)
0df4c185 2978{
c9c2659f 2979 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 2980
2981 BT_DBG("");
2982
1707c60e 2983 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2984 MGMT_OP_USER_CONFIRM_NEG_REPLY,
2985 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 2986}
2987
04124681
GP		 2988static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
2989 u16 len)
604086b7 2990{
650f726d 2991 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 2992
2993 BT_DBG("");
2994
1707c60e 2995 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 2996 MGMT_OP_USER_PASSKEY_REPLY,
2997 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 2998}
2999
bdb6d971 3000static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3001 void *data, u16 len)
604086b7 3002{
650f726d 3003 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3004
3005 BT_DBG("");
3006
1707c60e 3007 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3008 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3009 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3010}
3011
7c295c48
MN		 3012static void adv_expire(struct hci_dev *hdev, u32 flags)
3013{
3014 struct adv_info *adv_instance;
3015 struct hci_request req;
3016 int err;
3017
3018 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3019 if (!adv_instance)
3020 return;
3021
3022 /* stop if current instance doesn't need to be changed */
3023 if (!(adv_instance->flags & flags))
3024 return;
3025
3026 cancel_adv_timeout(hdev);
3027
3028 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3029 if (!adv_instance)
3030 return;
3031
3032 hci_req_init(&req, hdev);
3033 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3034 true);
3035 if (err)
3036 return;
3037
3038 hci_req_run(&req, NULL);
3039}
3040
1904a853 3041static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3042{
3043 struct mgmt_cp_set_local_name *cp;
3b0602cd 3044 struct mgmt_pending_cmd *cmd;
13928971
JH		 3045
3046 BT_DBG("status 0x%02x", status);
3047
3048 hci_dev_lock(hdev);
3049
333ae95d 3050 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3051 if (!cmd)
3052 goto unlock;
3053
3054 cp = cmd->param;
3055
7c295c48 3056 if (status) {
a69e8375
JH		 3057 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3058 mgmt_status(status));
7c295c48 3059 } else {
2a1afb5a
JH		 3060 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3061 cp, sizeof(*cp));
13928971 3062
7c295c48
MN		 3063 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3064 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3065 }
3066
13928971
JH		 3067 mgmt_pending_remove(cmd);
3068
3069unlock:
3070 hci_dev_unlock(hdev);
3071}
3072
bdb6d971 3073static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3074 u16 len)
b312b161 3075{
2b4bf397 3076 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3077 struct mgmt_pending_cmd *cmd;
890ea898 3078 struct hci_request req;
b312b161
JH		 3079 int err;
3080
3081 BT_DBG("");
3082
09fd0de5 3083 hci_dev_lock(hdev);
b312b161 3084
b3f2ca94
JH		 3085 /* If the old values are the same as the new ones just return a
3086 * direct command complete event.
3087 */
3088 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3089 !memcmp(hdev->short_name, cp->short_name,
3090 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3091 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3092 data, len);
b3f2ca94
JH		 3093 goto failed;
3094 }
3095
2b4bf397 3096 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3097
b5235a65 3098 if (!hdev_is_powered(hdev)) {
2b4bf397 3099 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3100
2a1afb5a
JH		 3101 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3102 data, len);
28cc7bde
JH		 3103 if (err < 0)
3104 goto failed;
3105
5504c3a3
MH		 3106 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3107 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3108 ext_info_changed(hdev, sk);
28cc7bde 3109
b5235a65
JH		 3110 goto failed;
3111 }
3112
28cc7bde 3113 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3114 if (!cmd) {
3115 err = -ENOMEM;
3116 goto failed;
3117 }
3118
13928971
JH		 3119 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3120
890ea898 3121 hci_req_init(&req, hdev);
3f985050
JH		 3122
3123 if (lmp_bredr_capable(hdev)) {
00cf5040 3124 __hci_req_update_name(&req);
b1a8917c 3125 __hci_req_update_eir(&req);
3f985050
JH		 3126 }
3127
7a5f4990
MH		 3128 /* The name is stored in the scan response data and so
3129 * no need to udpate the advertising data here.
3130 */
3f985050 3131 if (lmp_le_capable(hdev))
cab054ab 3132 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3f985050 3133
13928971 3134 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3135 if (err < 0)
3136 mgmt_pending_remove(cmd);
3137
3138failed:
09fd0de5 3139 hci_dev_unlock(hdev);
b312b161
JH		 3140 return err;
3141}
3142
c4960ecf
MN		 3143static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3144 u16 len)
3145{
3146 struct mgmt_cp_set_appearance *cp = data;
3147 u16 apperance;
3148 int err;
3149
3150 BT_DBG("");
3151
3152 apperance = le16_to_cpu(cp->appearance);
3153
3154 hci_dev_lock(hdev);
3155
3156 if (hdev->appearance != apperance) {
3157 hdev->appearance = apperance;
3158
3159 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3160 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
3161 }
3162
3163 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3164 0);
3165
3166 hci_dev_unlock(hdev);
3167
3168 return err;
3169}
3170
1b9441f8
JH		 3171static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3172 u16 opcode, struct sk_buff *skb)
3173{
3174 struct mgmt_rp_read_local_oob_data mgmt_rp;
3175 size_t rp_size = sizeof(mgmt_rp);
3176 struct mgmt_pending_cmd *cmd;
3177
3178 BT_DBG("%s status %u", hdev->name, status);
3179
3180 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3181 if (!cmd)
3182 return;
3183
3184 if (status || !skb) {
3185 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3186 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3187 goto remove;
3188 }
3189
3190 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3191
3192 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3193 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3194
3195 if (skb->len < sizeof(*rp)) {
3196 mgmt_cmd_status(cmd->sk, hdev->id,
3197 MGMT_OP_READ_LOCAL_OOB_DATA,
3198 MGMT_STATUS_FAILED);
3199 goto remove;
3200 }
3201
3202 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3203 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3204
3205 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3206 } else {
3207 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3208
3209 if (skb->len < sizeof(*rp)) {
3210 mgmt_cmd_status(cmd->sk, hdev->id,
3211 MGMT_OP_READ_LOCAL_OOB_DATA,
3212 MGMT_STATUS_FAILED);
3213 goto remove;
3214 }
3215
3216 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3217 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3218
3219 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3220 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3221 }
3222
3223 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3224 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3225
3226remove:
3227 mgmt_pending_remove(cmd);
3228}
3229
0f4e68cf 3230static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3231 void *data, u16 data_len)
c35938b2 3232{
3b0602cd 3233 struct mgmt_pending_cmd *cmd;
1b9441f8 3234 struct hci_request req;
c35938b2
SJ		 3235 int err;
3236
bdb6d971 3237 BT_DBG("%s", hdev->name);
c35938b2 3238
09fd0de5 3239 hci_dev_lock(hdev);
c35938b2 3240
4b34ee78 3241 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3242 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3243 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3244 goto unlock;
3245 }
3246
9a1a1996 3247 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3248 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3249 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3250 goto unlock;
3251 }
3252
333ae95d 3253 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3254 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3255 MGMT_STATUS_BUSY);
c35938b2
SJ		 3256 goto unlock;
3257 }
3258
2e58ef3e 3259 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3260 if (!cmd) {
3261 err = -ENOMEM;
3262 goto unlock;
3263 }
3264
1b9441f8
JH		 3265 hci_req_init(&req, hdev);
3266
710f11c0 3267 if (bredr_sc_enabled(hdev))
1b9441f8 3268 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3269 else
1b9441f8 3270 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3271
1b9441f8 3272 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3273 if (err < 0)
3274 mgmt_pending_remove(cmd);
3275
3276unlock:
09fd0de5 3277 hci_dev_unlock(hdev);
c35938b2
SJ		 3278 return err;
3279}
3280
bdb6d971 3281static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3282 void *data, u16 len)
2763eda6 3283{
5d57e796 3284 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3285 int err;
3286
bdb6d971 3287 BT_DBG("%s ", hdev->name);
2763eda6 3288
5d57e796 3289 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3290 return mgmt_cmd_complete(sk, hdev->id,
3291 MGMT_OP_ADD_REMOTE_OOB_DATA,
3292 MGMT_STATUS_INVALID_PARAMS,
3293 addr, sizeof(*addr));
5d57e796 3294
09fd0de5 3295 hci_dev_lock(hdev);
2763eda6 3296
ec109113
MH		 3297 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3298 struct mgmt_cp_add_remote_oob_data *cp = data;
3299 u8 status;
bf1e3541 3300
c19a495c 3301 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3302 err = mgmt_cmd_complete(sk, hdev->id,
3303 MGMT_OP_ADD_REMOTE_OOB_DATA,
3304 MGMT_STATUS_INVALID_PARAMS,
3305 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3306 goto unlock;
3307 }
3308
ec109113 3309 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3310 cp->addr.type, cp->hash,
3311 cp->rand, NULL, NULL);
ec109113
MH		 3312 if (err < 0)
3313 status = MGMT_STATUS_FAILED;
3314 else
3315 status = MGMT_STATUS_SUCCESS;
3316
2a1afb5a
JH		 3317 err = mgmt_cmd_complete(sk, hdev->id,
3318 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3319 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3320 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3321 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3322 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3323 u8 status;
3324
86df9200 3325 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3326 /* Enforce zero-valued 192-bit parameters as
3327 * long as legacy SMP OOB isn't implemented.
3328 */
3329 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3330 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3331 err = mgmt_cmd_complete(sk, hdev->id,
3332 MGMT_OP_ADD_REMOTE_OOB_DATA,
3333 MGMT_STATUS_INVALID_PARAMS,
3334 addr, sizeof(*addr));
d25b78e2
JH		 3335 goto unlock;
3336 }
3337
86df9200
JH		 3338 rand192 = NULL;
3339 hash192 = NULL;
3340 } else {
41bcfd50
MH		 3341 /* In case one of the P-192 values is set to zero,
3342 * then just disable OOB data for P-192.
3343 */
3344 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3345 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3346 rand192 = NULL;
3347 hash192 = NULL;
3348 } else {
3349 rand192 = cp->rand192;
3350 hash192 = cp->hash192;
3351 }
3352 }
3353
3354 /* In case one of the P-256 values is set to zero, then just
3355 * disable OOB data for P-256.
3356 */
3357 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3358 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3359 rand256 = NULL;
3360 hash256 = NULL;
3361 } else {
3362 rand256 = cp->rand256;
3363 hash256 = cp->hash256;
86df9200
JH		 3364 }
3365
81328d5c 3366 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3367 cp->addr.type, hash192, rand192,
41bcfd50 3368 hash256, rand256);
ec109113
MH		 3369 if (err < 0)
3370 status = MGMT_STATUS_FAILED;
3371 else
3372 status = MGMT_STATUS_SUCCESS;
3373
2a1afb5a
JH		 3374 err = mgmt_cmd_complete(sk, hdev->id,
3375 MGMT_OP_ADD_REMOTE_OOB_DATA,
3376 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3377 } else {
3378 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3380 MGMT_STATUS_INVALID_PARAMS);
ec109113 3381 }
2763eda6 3382
c19a495c 3383unlock:
09fd0de5 3384 hci_dev_unlock(hdev);
2763eda6
SJ		 3385 return err;
3386}
3387
bdb6d971 3388static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3389 void *data, u16 len)
2763eda6 3390{
650f726d 3391 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3392 u8 status;
2763eda6
SJ		 3393 int err;
3394
bdb6d971 3395 BT_DBG("%s", hdev->name);
2763eda6 3396
c19a495c 3397 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3398 return mgmt_cmd_complete(sk, hdev->id,
3399 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3400 MGMT_STATUS_INVALID_PARAMS,
3401 &cp->addr, sizeof(cp->addr));
c19a495c 3402
09fd0de5 3403 hci_dev_lock(hdev);
2763eda6 3404
eedbd581
JH		 3405 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3406 hci_remote_oob_data_clear(hdev);
3407 status = MGMT_STATUS_SUCCESS;
3408 goto done;
3409 }
3410
6928a924 3411 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3412 if (err < 0)
bf1e3541 3413 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3414 else
a6785be2 3415 status = MGMT_STATUS_SUCCESS;
bf1e3541 3416
eedbd581 3417done:
2a1afb5a
JH		 3418 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3419 status, &cp->addr, sizeof(cp->addr));
2763eda6 3420
09fd0de5 3421 hci_dev_unlock(hdev);
2763eda6
SJ		 3422 return err;
3423}
3424
e68f072b 3425void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3426{
3b0602cd 3427 struct mgmt_pending_cmd *cmd;
ae55f598 3428
7c307720
AG		 3429 BT_DBG("status %d", status);
3430
11e6e25d 3431 hci_dev_lock(hdev);
41dc2bd6 3432
333ae95d 3433 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3434 if (!cmd)
333ae95d 3435 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3436
78b781ca
JH		 3437 if (!cmd)
3438 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3439
11e6e25d 3440 if (cmd) {
2922a94f 3441 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3442 mgmt_pending_remove(cmd);
3443 }
7c307720 3444
11e6e25d 3445 hci_dev_unlock(hdev);
7c307720
AG		 3446}
3447
591752af
JH		 3448static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3449 uint8_t *mgmt_status)
3450{
3451 switch (type) {
3452 case DISCOV_TYPE_LE:
3453 *mgmt_status = mgmt_le_support(hdev);
3454 if (*mgmt_status)
3455 return false;
3456 break;
3457 case DISCOV_TYPE_INTERLEAVED:
3458 *mgmt_status = mgmt_le_support(hdev);
3459 if (*mgmt_status)
3460 return false;
3461 /* Intentional fall-through */
3462 case DISCOV_TYPE_BREDR:
3463 *mgmt_status = mgmt_bredr_support(hdev);
3464 if (*mgmt_status)
3465 return false;
3466 break;
3467 default:
3468 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3469 return false;
3470 }
3471
3472 return true;
3473}
3474
78b781ca
JH		 3475static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3476 u16 op, void *data, u16 len)
14a53664 3477{
650f726d 3478 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3479 struct mgmt_pending_cmd *cmd;
8019044d 3480 u8 status;
14a53664
JH		 3481 int err;
3482
bdb6d971 3483 BT_DBG("%s", hdev->name);
14a53664 3484
09fd0de5 3485 hci_dev_lock(hdev);
14a53664 3486
4b34ee78 3487 if (!hdev_is_powered(hdev)) {
78b781ca 3488 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 3489 MGMT_STATUS_NOT_POWERED,
3490 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3491 goto failed;
3492 }
3493
f5a969f2 3494 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3495 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 3496 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3497 &cp->type, sizeof(cp->type));
642be6c7
AG		 3498 goto failed;
3499 }
3500
591752af 3501 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 3502 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3503 &cp->type, sizeof(cp->type));
591752af
JH		 3504 goto failed;
3505 }
3506
22078800
MH		 3507 /* Clear the discovery filter first to free any previously
3508 * allocated memory for the UUID list.
3509 */
3510 hci_discovery_filter_clear(hdev);
3511
4aab14e5 3512 hdev->discovery.type = cp->type;
da25cf6a 3513 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 3514 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3515 hdev->discovery.limited = true;
3516 else
3517 hdev->discovery.limited = false;
4aab14e5 3518
78b781ca 3519 cmd = mgmt_pending_add(sk, op, hdev, data, len);
e68f072b
JH		 3520 if (!cmd) {
3521 err = -ENOMEM;
04106755 3522 goto failed;
f39799f5 3523 }
04106755 3524
e68f072b 3525 cmd->cmd_complete = generic_cmd_complete;
7c307720 3526
f5a969f2 3527 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3528 queue_work(hdev->req_workqueue, &hdev->discov_update);
3529 err = 0;
7c307720 3530
14a53664 3531failed:
09fd0de5 3532 hci_dev_unlock(hdev);
14a53664
JH		 3533 return err;
3534}
f39799f5 3535
78b781ca
JH		 3536static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3537 void *data, u16 len)
3538{
3539 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3540 data, len);
3541}
3542
3543static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3544 void *data, u16 len)
3545{
3546 return start_discovery_internal(sk, hdev,
3547 MGMT_OP_START_LIMITED_DISCOVERY,
3548 data, len);
3549}
3550
3b0602cd
JH		 3551static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3552 u8 status)
2922a94f 3553{
2a1afb5a
JH		 3554 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3555 cmd->param, 1);
2922a94f 3556}
04106755 3557
66ea9427
JP		 3558static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3559 void *data, u16 len)
3560{
3561 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3562 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3563 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3564 u16 uuid_count, expected_len;
3565 u8 status;
3566 int err;
04106755 3567
66ea9427 3568 BT_DBG("%s", hdev->name);
e8bb6b97 3569
66ea9427 3570 hci_dev_lock(hdev);
7c307720 3571
66ea9427 3572 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3573 err = mgmt_cmd_complete(sk, hdev->id,
3574 MGMT_OP_START_SERVICE_DISCOVERY,
3575 MGMT_STATUS_NOT_POWERED,
3576 &cp->type, sizeof(cp->type));
66ea9427
JP		 3577 goto failed;
3578 }
7c307720 3579
66ea9427 3580 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3581 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3582 err = mgmt_cmd_complete(sk, hdev->id,
3583 MGMT_OP_START_SERVICE_DISCOVERY,
3584 MGMT_STATUS_BUSY, &cp->type,
3585 sizeof(cp->type));
66ea9427
JP		 3586 goto failed;
3587 }
d9483943 3588
66ea9427
JP		 3589 uuid_count = __le16_to_cpu(cp->uuid_count);
3590 if (uuid_count > max_uuid_count) {
3591 BT_ERR("service_discovery: too big uuid_count value %u",
3592 uuid_count);
2a1afb5a
JH		 3593 err = mgmt_cmd_complete(sk, hdev->id,
3594 MGMT_OP_START_SERVICE_DISCOVERY,
3595 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3596 sizeof(cp->type));
66ea9427
JP		 3597 goto failed;
3598 }
3599
3600 expected_len = sizeof(*cp) + uuid_count * 16;
3601 if (expected_len != len) {
3602 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
3603 expected_len, len);
2a1afb5a
JH		 3604 err = mgmt_cmd_complete(sk, hdev->id,
3605 MGMT_OP_START_SERVICE_DISCOVERY,
3606 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3607 sizeof(cp->type));
66ea9427
JP		 3608 goto failed;
3609 }
3610
591752af
JH		 3611 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3612 err = mgmt_cmd_complete(sk, hdev->id,
3613 MGMT_OP_START_SERVICE_DISCOVERY,
3614 status, &cp->type, sizeof(cp->type));
3615 goto failed;
3616 }
3617
66ea9427 3618 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3619 hdev, data, len);
66ea9427
JP		 3620 if (!cmd) {
3621 err = -ENOMEM;
3622 goto failed;
3623 }
3624
2922a94f
JH		 3625 cmd->cmd_complete = service_discovery_cmd_complete;
3626
22078800
MH		 3627 /* Clear the discovery filter first to free any previously
3628 * allocated memory for the UUID list.
3629 */
3630 hci_discovery_filter_clear(hdev);
3631
82f8b651 3632 hdev->discovery.result_filtering = true;
66ea9427
JP		 3633 hdev->discovery.type = cp->type;
3634 hdev->discovery.rssi = cp->rssi;
3635 hdev->discovery.uuid_count = uuid_count;
3636
3637 if (uuid_count > 0) {
3638 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
3639 GFP_KERNEL);
3640 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 3641 err = mgmt_cmd_complete(sk, hdev->id,
3642 MGMT_OP_START_SERVICE_DISCOVERY,
3643 MGMT_STATUS_FAILED,
3644 &cp->type, sizeof(cp->type));
d9483943
JH		 3645 mgmt_pending_remove(cmd);
3646 goto failed;
3647 }
66ea9427 3648 }
d9483943 3649
66ea9427 3650 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3651 queue_work(hdev->req_workqueue, &hdev->discov_update);
3652 err = 0;
14a53664
JH		 3653
3654failed:
09fd0de5 3655 hci_dev_unlock(hdev);
14a53664
JH		 3656 return err;
3657}
3658
2154d3f4 3659void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 3660{
3b0602cd 3661 struct mgmt_pending_cmd *cmd;
1183fdca 3662
0e05bba6
AG		 3663 BT_DBG("status %d", status);
3664
3665 hci_dev_lock(hdev);
3666
333ae95d 3667 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 3668 if (cmd) {
2922a94f 3669 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 3670 mgmt_pending_remove(cmd);
0e05bba6
AG		 3671 }
3672
0e05bba6
AG		 3673 hci_dev_unlock(hdev);
3674}
3675
bdb6d971 3676static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3677 u16 len)
14a53664 3678{
d930650b 3679 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 3680 struct mgmt_pending_cmd *cmd;
14a53664
JH		 3681 int err;
3682
bdb6d971 3683 BT_DBG("%s", hdev->name);
14a53664 3684
09fd0de5 3685 hci_dev_lock(hdev);
14a53664 3686
30dc78e1 3687 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3688 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3689 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3690 sizeof(mgmt_cp->type));
d930650b
JH		 3691 goto unlock;
3692 }
3693
3694 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 3695 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
3696 MGMT_STATUS_INVALID_PARAMS,
3697 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 3698 goto unlock;
ff9ef578
JH		 3699 }
3700
2922a94f 3701 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 3702 if (!cmd) {
3703 err = -ENOMEM;
30dc78e1
JH		 3704 goto unlock;
3705 }
3706
2922a94f
JH		 3707 cmd->cmd_complete = generic_cmd_complete;
3708
2154d3f4
JH		 3709 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
3710 queue_work(hdev->req_workqueue, &hdev->discov_update);
3711 err = 0;
14a53664 3712
30dc78e1 3713unlock:
09fd0de5 3714 hci_dev_unlock(hdev);
14a53664
JH		 3715 return err;
3716}
3717
bdb6d971 3718static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3719 u16 len)
561aafbc 3720{
650f726d 3721 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3722 struct inquiry_entry *e;
561aafbc
JH		 3723 int err;
3724
bdb6d971 3725 BT_DBG("%s", hdev->name);
561aafbc 3726
561aafbc
JH		 3727 hci_dev_lock(hdev);
3728
30dc78e1 3729 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 3730 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3731 MGMT_STATUS_FAILED, &cp->addr,
3732 sizeof(cp->addr));
30dc78e1
JH		 3733 goto failed;
3734 }
3735
a198e7b1 3736 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3737 if (!e) {
2a1afb5a
JH		 3738 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3739 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3740 sizeof(cp->addr));
561aafbc
JH		 3741 goto failed;
3742 }
3743
3744 if (cp->name_known) {
3745 e->name_state = NAME_KNOWN;
3746 list_del(&e->list);
3747 } else {
3748 e->name_state = NAME_NEEDED;
a3d4e20a 3749 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3750 }
3751
2a1afb5a
JH		 3752 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
3753 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 3754
3755failed:
3756 hci_dev_unlock(hdev);
561aafbc
JH		 3757 return err;
3758}
3759
bdb6d971 3760static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3761 u16 len)
7fbec224 3762{
650f726d 3763 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3764 u8 status;
7fbec224
AJ		 3765 int err;
3766
bdb6d971 3767 BT_DBG("%s", hdev->name);
7fbec224 3768
4ee71b20 3769 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3770 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3771 MGMT_STATUS_INVALID_PARAMS,
3772 &cp->addr, sizeof(cp->addr));
4ee71b20 3773
09fd0de5 3774 hci_dev_lock(hdev);
5e762444 3775
dcc36c16
JH		 3776 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
3777 cp->addr.type);
2a8357f2 3778 if (err < 0) {
f0eeea8b 3779 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3780 goto done;
3781 }
3782
3783 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3784 sk);
3785 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3786
2a8357f2 3787done:
2a1afb5a
JH		 3788 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
3789 &cp->addr, sizeof(cp->addr));
5e762444 3790
09fd0de5 3791 hci_dev_unlock(hdev);
7fbec224
AJ		 3792
3793 return err;
3794}
3795
bdb6d971 3796static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3797 u16 len)
7fbec224 3798{
650f726d 3799 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3800 u8 status;
7fbec224
AJ		 3801 int err;
3802
bdb6d971 3803 BT_DBG("%s", hdev->name);
7fbec224 3804
4ee71b20 3805 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3806 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3807 MGMT_STATUS_INVALID_PARAMS,
3808 &cp->addr, sizeof(cp->addr));
4ee71b20 3809
09fd0de5 3810 hci_dev_lock(hdev);
5e762444 3811
dcc36c16
JH		 3812 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
3813 cp->addr.type);
2a8357f2 3814 if (err < 0) {
f0eeea8b 3815 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3816 goto done;
3817 }
3818
3819 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3820 sk);
3821 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3822
2a8357f2 3823done:
2a1afb5a
JH		 3824 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
3825 &cp->addr, sizeof(cp->addr));
5e762444 3826
09fd0de5 3827 hci_dev_unlock(hdev);
7fbec224
AJ		 3828
3829 return err;
3830}
3831
cdbaccca
MH		 3832static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3833 u16 len)
3834{
3835 struct mgmt_cp_set_device_id *cp = data;
890ea898 3836 struct hci_request req;
cdbaccca 3837 int err;
c72d4b8a 3838 __u16 source;
cdbaccca
MH		 3839
3840 BT_DBG("%s", hdev->name);
3841
c72d4b8a
SJ		 3842 source = __le16_to_cpu(cp->source);
3843
3844 if (source > 0x0002)
a69e8375
JH		 3845 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3846 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 3847
cdbaccca
MH		 3848 hci_dev_lock(hdev);
3849
c72d4b8a 3850 hdev->devid_source = source;
cdbaccca
MH		 3851 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
3852 hdev->devid_product = __le16_to_cpu(cp->product);
3853 hdev->devid_version = __le16_to_cpu(cp->version);
3854
2a1afb5a
JH		 3855 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
3856 NULL, 0);
cdbaccca 3857
890ea898 3858 hci_req_init(&req, hdev);
b1a8917c 3859 __hci_req_update_eir(&req);
890ea898 3860 hci_req_run(&req, NULL);
cdbaccca
MH		 3861
3862 hci_dev_unlock(hdev);
3863
3864 return err;
3865}
3866
24b4f38f
AU		 3867static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
3868 u16 opcode)
3869{
3870 BT_DBG("status %d", status);
3871}
3872
1904a853
MH		 3873static void set_advertising_complete(struct hci_dev *hdev, u8 status,
3874 u16 opcode)
4375f103
JH		 3875{
3876 struct cmd_lookup match = { NULL, hdev };
24b4f38f 3877 struct hci_request req;
7816b820
FG		 3878 u8 instance;
3879 struct adv_info *adv_instance;
3880 int err;
4375f103 3881
3ad67582
JK		 3882 hci_dev_lock(hdev);
3883
4375f103
JH		 3884 if (status) {
3885 u8 mgmt_err = mgmt_status(status);
3886
3887 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
3888 cmd_status_rsp, &mgmt_err);
3ad67582 3889 goto unlock;
4375f103
JH		 3890 }
3891
d7a5a11d 3892 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 3893 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 3894 else
a358dc11 3895 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 3896
4375f103
JH		 3897 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
3898 &match);
3899
3900 new_settings(hdev, match.sk);
3901
3902 if (match.sk)
3903 sock_put(match.sk);
3ad67582 3904
24b4f38f 3905 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 3906 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 3907 */
3908 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 3909 list_empty(&hdev->adv_instances))
24b4f38f
AU		 3910 goto unlock;
3911
7816b820
FG		 3912 instance = hdev->cur_adv_instance;
3913 if (!instance) {
3914 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
3915 struct adv_info, list);
3916 if (!adv_instance)
3917 goto unlock;
3918
3919 instance = adv_instance->instance;
3920 }
3921
24b4f38f
AU		 3922 hci_req_init(&req, hdev);
3923
f2252570 3924 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 3925
3926 if (!err)
3927 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 3928
7816b820 3929 if (err)
24b4f38f
AU		 3930 BT_ERR("Failed to re-configure advertising");
3931
3ad67582
JK		 3932unlock:
3933 hci_dev_unlock(hdev);
4375f103
JH		 3934}
3935
21b5187f
MH		 3936static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
3937 u16 len)
4375f103
JH		 3938{
3939 struct mgmt_mode *cp = data;
3b0602cd 3940 struct mgmt_pending_cmd *cmd;
4375f103 3941 struct hci_request req;
cc91cb04 3942 u8 val, status;
4375f103
JH		 3943 int err;
3944
3945 BT_DBG("request for %s", hdev->name);
3946
e6fe7986
JH		 3947 status = mgmt_le_support(hdev);
3948 if (status)
a69e8375
JH		 3949 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3950 status);
4375f103 3951
cc91cb04 3952 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 3953 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3954 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 3955
3956 hci_dev_lock(hdev);
3957
3958 val = !!cp->val;
4375f103 3959
f74ca9b8
JH		 3960 /* The following conditions are ones which mean that we should
3961 * not do any HCI communication but directly send a mgmt
3962 * response to user space (after toggling the flag if
3963 * necessary).
3964 */
cc91cb04 3965 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 3966 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
3967 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 3968 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 3969 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 3970 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 3971 bool changed;
4375f103 3972
cc91cb04 3973 if (cp->val) {
cab054ab 3974 hdev->cur_adv_instance = 0x00;
238be788 3975 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 3976 if (cp->val == 0x02)
a1536da2 3977 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3978 else
a358dc11 3979 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 3980 } else {
a69d8927 3981 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 3982 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 3983 }
3984
3985 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
3986 if (err < 0)
3987 goto unlock;
3988
3989 if (changed)
3990 err = new_settings(hdev, sk);
3991
3992 goto unlock;
3993 }
3994
333ae95d
JH		 3995 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
3996 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 3997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
3998 MGMT_STATUS_BUSY);
4375f103
JH		 3999 goto unlock;
4000 }
4001
4002 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4003 if (!cmd) {
4004 err = -ENOMEM;
4005 goto unlock;
4006 }
4007
4008 hci_req_init(&req, hdev);
4009
cc91cb04 4010 if (cp->val == 0x02)
a1536da2 4011 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4012 else
a358dc11 4013 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4014
7816b820
FG		 4015 cancel_adv_timeout(hdev);
4016
24b4f38f 4017 if (val) {
7816b820
FG		 4018 /* Switch to instance "0" for the Set Advertising setting.
4019 * We cannot use update_[adv|scan_rsp]_data() here as the
4020 * HCI_ADVERTISING flag is not yet set.
4021 */
cab054ab 4022 hdev->cur_adv_instance = 0x00;
f2252570
JH		 4023 __hci_req_update_adv_data(&req, 0x00);
4024 __hci_req_update_scan_rsp_data(&req, 0x00);
4025 __hci_req_enable_advertising(&req);
24b4f38f 4026 } else {
f2252570 4027 __hci_req_disable_advertising(&req);
24b4f38f 4028 }
4375f103
JH		 4029
4030 err = hci_req_run(&req, set_advertising_complete);
4031 if (err < 0)
4032 mgmt_pending_remove(cmd);
4033
4034unlock:
4035 hci_dev_unlock(hdev);
4036 return err;
4037}
4038
d13eafce
MH		 4039static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4040 void *data, u16 len)
4041{
4042 struct mgmt_cp_set_static_address *cp = data;
4043 int err;
4044
4045 BT_DBG("%s", hdev->name);
4046
62af4443 4047 if (!lmp_le_capable(hdev))
a69e8375
JH		 4048 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4049 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4050
4051 if (hdev_is_powered(hdev))
a69e8375
JH		 4052 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4053 MGMT_STATUS_REJECTED);
d13eafce
MH		 4054
4055 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4056 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4057 return mgmt_cmd_status(sk, hdev->id,
4058 MGMT_OP_SET_STATIC_ADDRESS,
4059 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4060
4061 /* Two most significant bits shall be set */
4062 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4063 return mgmt_cmd_status(sk, hdev->id,
4064 MGMT_OP_SET_STATIC_ADDRESS,
4065 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4066 }
4067
4068 hci_dev_lock(hdev);
4069
4070 bacpy(&hdev->static_addr, &cp->bdaddr);
4071
93690c22
MH		 4072 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4073 if (err < 0)
4074 goto unlock;
4075
4076 err = new_settings(hdev, sk);
d13eafce 4077
93690c22 4078unlock:
d13eafce 4079 hci_dev_unlock(hdev);
d13eafce
MH		 4080 return err;
4081}
4082
14b49b9a
MH		 4083static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4084 void *data, u16 len)
4085{
4086 struct mgmt_cp_set_scan_params *cp = data;
4087 __u16 interval, window;
4088 int err;
4089
4090 BT_DBG("%s", hdev->name);
4091
4092 if (!lmp_le_capable(hdev))
a69e8375
JH		 4093 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4094 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4095
4096 interval = __le16_to_cpu(cp->interval);
4097
4098 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4099 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4100 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4101
4102 window = __le16_to_cpu(cp->window);
4103
4104 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4105 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4106 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4107
899e1075 4108 if (window > interval)
a69e8375
JH		 4109 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4110 MGMT_STATUS_INVALID_PARAMS);
899e1075 4111
14b49b9a
MH		 4112 hci_dev_lock(hdev);
4113
4114 hdev->le_scan_interval = interval;
4115 hdev->le_scan_window = window;
4116
2a1afb5a
JH		 4117 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4118 NULL, 0);
14b49b9a 4119
dd2ef8e2
AG		 4120 /* If background scan is running, restart it so new parameters are
4121 * loaded.
4122 */
d7a5a11d 4123 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4124 hdev->discovery.state == DISCOVERY_STOPPED) {
4125 struct hci_request req;
4126
4127 hci_req_init(&req, hdev);
4128
4129 hci_req_add_le_scan_disable(&req);
4130 hci_req_add_le_passive_scan(&req);
4131
4132 hci_req_run(&req, NULL);
4133 }
4134
14b49b9a
MH		 4135 hci_dev_unlock(hdev);
4136
4137 return err;
4138}
4139
1904a853
MH		 4140static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4141 u16 opcode)
33e38b3e 4142{
3b0602cd 4143 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4144
4145 BT_DBG("status 0x%02x", status);
4146
4147 hci_dev_lock(hdev);
4148
333ae95d 4149 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4150 if (!cmd)
4151 goto unlock;
4152
4153 if (status) {
a69e8375
JH		 4154 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4155 mgmt_status(status));
33e38b3e 4156 } else {
1a4d3c4b
JH		 4157 struct mgmt_mode *cp = cmd->param;
4158
4159 if (cp->val)
a1536da2 4160 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4161 else
a358dc11 4162 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4163
33e38b3e
JH		 4164 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4165 new_settings(hdev, cmd->sk);
4166 }
4167
4168 mgmt_pending_remove(cmd);
4169
4170unlock:
4171 hci_dev_unlock(hdev);
4172}
4173
bdb6d971 4174static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4175 void *data, u16 len)
f6422ec6 4176{
650f726d 4177 struct mgmt_mode *cp = data;
3b0602cd 4178 struct mgmt_pending_cmd *cmd;
33e38b3e 4179 struct hci_request req;
f6422ec6
AJ		 4180 int err;
4181
bdb6d971 4182 BT_DBG("%s", hdev->name);
f6422ec6 4183
d7a5a11d 4184 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4185 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4186 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4187 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4188
a7e80f25 4189 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4190 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4191 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4192
f6422ec6
AJ		 4193 hci_dev_lock(hdev);
4194
333ae95d 4195 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4196 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4197 MGMT_STATUS_BUSY);
05cbf29f
JH		 4198 goto unlock;
4199 }
4200
d7a5a11d 4201 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4202 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4203 hdev);
4204 goto unlock;
4205 }
4206
406ef2a6 4207 if (!hdev_is_powered(hdev)) {
ce05d603 4208 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4209 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4210 hdev);
4211 new_settings(hdev, sk);
4212 goto unlock;
4213 }
4214
33e38b3e
JH		 4215 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4216 data, len);
4217 if (!cmd) {
4218 err = -ENOMEM;
4219 goto unlock;
f6422ec6
AJ		 4220 }
4221
33e38b3e
JH		 4222 hci_req_init(&req, hdev);
4223
bf943cbf 4224 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4225
4226 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4227 if (err < 0) {
a69e8375
JH		 4228 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4229 MGMT_STATUS_FAILED);
33e38b3e 4230 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4231 }
4232
33e38b3e 4233unlock:
f6422ec6 4234 hci_dev_unlock(hdev);
33e38b3e 4235
f6422ec6
AJ		 4236 return err;
4237}
4238
1904a853 4239static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4240{
3b0602cd 4241 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4242
4243 BT_DBG("status 0x%02x", status);
4244
4245 hci_dev_lock(hdev);
4246
333ae95d 4247 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4248 if (!cmd)
4249 goto unlock;
4250
4251 if (status) {
4252 u8 mgmt_err = mgmt_status(status);
4253
4254 /* We need to restore the flag if related HCI commands
4255 * failed.
4256 */
a358dc11 4257 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4258
a69e8375 4259 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4260 } else {
4261 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4262 new_settings(hdev, cmd->sk);
4263 }
4264
4265 mgmt_pending_remove(cmd);
4266
4267unlock:
4268 hci_dev_unlock(hdev);
4269}
4270
4271static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4272{
4273 struct mgmt_mode *cp = data;
3b0602cd 4274 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4275 struct hci_request req;
4276 int err;
4277
4278 BT_DBG("request for %s", hdev->name);
4279
4280 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4281 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4282 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4283
d7a5a11d 4284 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4285 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4286 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4287
4288 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4289 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4290 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4291
4292 hci_dev_lock(hdev);
4293
d7a5a11d 4294 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4295 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4296 goto unlock;
4297 }
4298
4299 if (!hdev_is_powered(hdev)) {
4300 if (!cp->val) {
a358dc11
MH		 4301 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4302 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4303 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4304 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4305 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4306 }
4307
ce05d603 4308 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4309
4310 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4311 if (err < 0)
4312 goto unlock;
4313
4314 err = new_settings(hdev, sk);
4315 goto unlock;
4316 }
4317
4318 /* Reject disabling when powered on */
4319 if (!cp->val) {
a69e8375
JH		 4320 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4321 MGMT_STATUS_REJECTED);
0663ca2a 4322 goto unlock;
111e4bcc
MH		 4323 } else {
4324 /* When configuring a dual-mode controller to operate
4325 * with LE only and using a static address, then switching
4326 * BR/EDR back on is not allowed.
4327 *
4328 * Dual-mode controllers shall operate with the public
4329 * address as its identity address for BR/EDR and LE. So
4330 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4331 *
4332 * The same restrictions applies when secure connections
4333 * has been enabled. For BR/EDR this is a controller feature
4334 * while for LE it is a host stack feature. This means that
4335 * switching BR/EDR back on when secure connections has been
4336 * enabled is not a supported transaction.
111e4bcc 4337 */
d7a5a11d 4338 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4339 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4340 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4341 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4342 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4343 goto unlock;
4344 }
0663ca2a
JH		 4345 }
4346
333ae95d 4347 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4348 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4349 MGMT_STATUS_BUSY);
0663ca2a
JH		 4350 goto unlock;
4351 }
4352
4353 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4354 if (!cmd) {
4355 err = -ENOMEM;
4356 goto unlock;
4357 }
4358
f2252570
JH		 4359 /* We need to flip the bit already here so that
4360 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4361 */
a1536da2 4362 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4363
4364 hci_req_init(&req, hdev);
aa8af46e 4365
bf943cbf 4366 __hci_req_write_fast_connectable(&req, false);
01b1cb87 4367 __hci_req_update_scan(&req);
aa8af46e 4368
f14d8f64
MH		 4369 /* Since only the advertising data flags will change, there
4370 * is no need to update the scan response data.
4371 */
cab054ab 4372 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
aa8af46e 4373
0663ca2a
JH		 4374 err = hci_req_run(&req, set_bredr_complete);
4375 if (err < 0)
4376 mgmt_pending_remove(cmd);
4377
4378unlock:
4379 hci_dev_unlock(hdev);
4380 return err;
4381}
4382
a1443f5a
JH		 4383static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4384{
3b0602cd 4385 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4386 struct mgmt_mode *cp;
4387
4388 BT_DBG("%s status %u", hdev->name, status);
4389
4390 hci_dev_lock(hdev);
4391
333ae95d 4392 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4393 if (!cmd)
4394 goto unlock;
4395
4396 if (status) {
a69e8375
JH		 4397 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4398 mgmt_status(status));
a1443f5a
JH		 4399 goto remove;
4400 }
4401
4402 cp = cmd->param;
4403
4404 switch (cp->val) {
4405 case 0x00:
a358dc11
MH		 4406 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4407 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4408 break;
4409 case 0x01:
a1536da2 4410 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4411 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4412 break;
4413 case 0x02:
a1536da2
MH		 4414 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4415 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4416 break;
4417 }
4418
4419 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4420 new_settings(hdev, cmd->sk);
4421
4422remove:
4423 mgmt_pending_remove(cmd);
4424unlock:
4425 hci_dev_unlock(hdev);
4426}
4427
eac83dc6
MH		 4428static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4429 void *data, u16 len)
4430{
4431 struct mgmt_mode *cp = data;
3b0602cd 4432 struct mgmt_pending_cmd *cmd;
a1443f5a 4433 struct hci_request req;
a3209694 4434 u8 val;
eac83dc6
MH		 4435 int err;
4436
4437 BT_DBG("request for %s", hdev->name);
4438
05b3c3e7 4439 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4440 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4441 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4442 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4443
d7a5a11d 4444 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4445 lmp_sc_capable(hdev) &&
d7a5a11d 4446 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4447 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4448 MGMT_STATUS_REJECTED);
ed93ec69 4449
0ab04a9c 4450 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4451 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4452 MGMT_STATUS_INVALID_PARAMS);
4453
4454 hci_dev_lock(hdev);
4455
05b3c3e7 4456 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4457 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4458 bool changed;
4459
0ab04a9c 4460 if (cp->val) {
238be788
MH		 4461 changed = !hci_dev_test_and_set_flag(hdev,
4462 HCI_SC_ENABLED);
0ab04a9c 4463 if (cp->val == 0x02)
a1536da2 4464 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4465 else
a358dc11 4466 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4467 } else {
a69d8927
MH		 4468 changed = hci_dev_test_and_clear_flag(hdev,
4469 HCI_SC_ENABLED);
a358dc11 4470 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4471 }
eac83dc6
MH		 4472
4473 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4474 if (err < 0)
4475 goto failed;
4476
4477 if (changed)
4478 err = new_settings(hdev, sk);
4479
4480 goto failed;
4481 }
4482
333ae95d 4483 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4484 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4485 MGMT_STATUS_BUSY);
eac83dc6
MH		 4486 goto failed;
4487 }
4488
0ab04a9c
MH		 4489 val = !!cp->val;
4490
d7a5a11d
MH		 4491 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4492 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4493 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4494 goto failed;
4495 }
4496
4497 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4498 if (!cmd) {
4499 err = -ENOMEM;
4500 goto failed;
4501 }
4502
a1443f5a
JH		 4503 hci_req_init(&req, hdev);
4504 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4505 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4506 if (err < 0) {
4507 mgmt_pending_remove(cmd);
4508 goto failed;
4509 }
4510
4511failed:
4512 hci_dev_unlock(hdev);
4513 return err;
4514}
4515
4e39ac81
MH		 4516static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4517 void *data, u16 len)
4518{
4519 struct mgmt_mode *cp = data;
b9710979 4520 bool changed, use_changed;
4e39ac81
MH		 4521 int err;
4522
4523 BT_DBG("request for %s", hdev->name);
4524
b9710979 4525 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4527 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4528
4529 hci_dev_lock(hdev);
4530
4531 if (cp->val)
238be788 4532 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4533 else
a69d8927
MH		 4534 changed = hci_dev_test_and_clear_flag(hdev,
4535 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4536
b9710979 4537 if (cp->val == 0x02)
238be788
MH		 4538 use_changed = !hci_dev_test_and_set_flag(hdev,
4539 HCI_USE_DEBUG_KEYS);
b9710979 4540 else
a69d8927
MH		 4541 use_changed = hci_dev_test_and_clear_flag(hdev,
4542 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4543
4544 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4545 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4546 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4547 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4548 sizeof(mode), &mode);
4549 }
4550
4e39ac81
MH		 4551 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4552 if (err < 0)
4553 goto unlock;
4554
4555 if (changed)
4556 err = new_settings(hdev, sk);
4557
4558unlock:
4559 hci_dev_unlock(hdev);
4560 return err;
4561}
4562
62b04cd1
JH		 4563static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4564 u16 len)
4565{
4566 struct mgmt_cp_set_privacy *cp = cp_data;
4567 bool changed;
4568 int err;
4569
4570 BT_DBG("request for %s", hdev->name);
4571
4572 if (!lmp_le_capable(hdev))
a69e8375
JH		 4573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4574 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 4575
82a37ade 4576 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 4577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4578 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4579
4580 if (hdev_is_powered(hdev))
a69e8375
JH		 4581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4582 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4583
4584 hci_dev_lock(hdev);
4585
c21c0ea0
JH		 4586 /* If user space supports this command it is also expected to
4587 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4588 */
a1536da2 4589 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4590
62b04cd1 4591 if (cp->privacy) {
238be788 4592 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4593 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4594 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
82a37ade
JH		 4595 if (cp->privacy == 0x02)
4596 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4597 else
4598 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 4599 } else {
a69d8927 4600 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4601 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4602 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
82a37ade 4603 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 4604 }
4605
4606 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4607 if (err < 0)
4608 goto unlock;
4609
4610 if (changed)
4611 err = new_settings(hdev, sk);
4612
4613unlock:
4614 hci_dev_unlock(hdev);
4615 return err;
4616}
4617
41edf160
JH		 4618static bool irk_is_valid(struct mgmt_irk_info *irk)
4619{
4620 switch (irk->addr.type) {
4621 case BDADDR_LE_PUBLIC:
4622 return true;
4623
4624 case BDADDR_LE_RANDOM:
4625 /* Two most significant bits shall be set */
4626 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4627 return false;
4628 return true;
4629 }
4630
4631 return false;
4632}
4633
4634static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4635 u16 len)
4636{
4637 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4638 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4639 sizeof(struct mgmt_irk_info));
41edf160
JH		 4640 u16 irk_count, expected_len;
4641 int i, err;
4642
4643 BT_DBG("request for %s", hdev->name);
4644
4645 if (!lmp_le_capable(hdev))
a69e8375
JH		 4646 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4647 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 4648
4649 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4650 if (irk_count > max_irk_count) {
4651 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 4652 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4653 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4654 }
41edf160
JH		 4655
4656 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4657 if (expected_len != len) {
4658 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4659 expected_len, len);
a69e8375
JH		 4660 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4661 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4662 }
4663
4664 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4665
4666 for (i = 0; i < irk_count; i++) {
4667 struct mgmt_irk_info *key = &cp->irks[i];
4668
4669 if (!irk_is_valid(key))
a69e8375
JH		 4670 return mgmt_cmd_status(sk, hdev->id,
4671 MGMT_OP_LOAD_IRKS,
4672 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 4673 }
4674
4675 hci_dev_lock(hdev);
4676
4677 hci_smp_irks_clear(hdev);
4678
4679 for (i = 0; i < irk_count; i++) {
4680 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 4681
85813a7e
JH		 4682 hci_add_irk(hdev, &irk->addr.bdaddr,
4683 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 4684 BDADDR_ANY);
4685 }
4686
a1536da2 4687 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 4688
2a1afb5a 4689 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 4690
4691 hci_dev_unlock(hdev);
4692
4693 return err;
4694}
4695
3f706b72
JH		 4696static bool ltk_is_valid(struct mgmt_ltk_info *key)
4697{
4698 if (key->master != 0x00 && key->master != 0x01)
4699 return false;
490cb0b3
MH		 4700
4701 switch (key->addr.type) {
4702 case BDADDR_LE_PUBLIC:
4703 return true;
4704
4705 case BDADDR_LE_RANDOM:
4706 /* Two most significant bits shall be set */
4707 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4708 return false;
4709 return true;
4710 }
4711
4712 return false;
3f706b72
JH		 4713}
4714
bdb6d971 4715static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4716 void *cp_data, u16 len)
346af67b 4717{
346af67b 4718 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4719 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4720 sizeof(struct mgmt_ltk_info));
346af67b 4721 u16 key_count, expected_len;
715a5bf2 4722 int i, err;
346af67b 4723
cf99ba13
MH		 4724 BT_DBG("request for %s", hdev->name);
4725
4726 if (!lmp_le_capable(hdev))
a69e8375
JH		 4727 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4728 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 4729
1f350c87 4730 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4731 if (key_count > max_key_count) {
4732 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 4733 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4734 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 4735 }
346af67b
VCG		 4736
4737 expected_len = sizeof(*cp) + key_count *
4738 sizeof(struct mgmt_ltk_info);
4739 if (expected_len != len) {
4740 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4741 expected_len, len);
a69e8375
JH		 4742 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4743 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4744 }
4745
bdb6d971 4746 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4747
54ad6d8a
JH		 4748 for (i = 0; i < key_count; i++) {
4749 struct mgmt_ltk_info *key = &cp->keys[i];
4750
3f706b72 4751 if (!ltk_is_valid(key))
a69e8375
JH		 4752 return mgmt_cmd_status(sk, hdev->id,
4753 MGMT_OP_LOAD_LONG_TERM_KEYS,
4754 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 4755 }
4756
346af67b
VCG		 4757 hci_dev_lock(hdev);
4758
4759 hci_smp_ltks_clear(hdev);
4760
4761 for (i = 0; i < key_count; i++) {
4762 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 4763 u8 type, authenticated;
346af67b 4764
61b43357
JH		 4765 switch (key->type) {
4766 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4767 authenticated = 0x00;
23fb8de3 4768 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 4769 break;
4770 case MGMT_LTK_AUTHENTICATED:
d7b25450 4771 authenticated = 0x01;
23fb8de3
JH		 4772 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
4773 break;
4774 case MGMT_LTK_P256_UNAUTH:
4775 authenticated = 0x00;
4776 type = SMP_LTK_P256;
61b43357 4777 break;
23fb8de3
JH		 4778 case MGMT_LTK_P256_AUTH:
4779 authenticated = 0x01;
4780 type = SMP_LTK_P256;
61b43357 4781 break;
23fb8de3
JH		 4782 case MGMT_LTK_P256_DEBUG:
4783 authenticated = 0x00;
4784 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 4785 default:
4786 continue;
4787 }
d7b25450 4788
85813a7e
JH		 4789 hci_add_ltk(hdev, &key->addr.bdaddr,
4790 le_addr_type(key->addr.type), type, authenticated,
4791 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 4792 }
4793
2a1afb5a 4794 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 4795 NULL, 0);
4796
346af67b 4797 hci_dev_unlock(hdev);
346af67b 4798
715a5bf2 4799 return err;
346af67b
VCG		 4800}
4801
3b0602cd 4802static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 4803{
dd983808 4804 struct hci_conn *conn = cmd->user_data;
9981bdb0 4805 struct mgmt_rp_get_conn_info rp;
9df74653 4806 int err;
dd983808 4807
9981bdb0 4808 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 4809
9981bdb0 4810 if (status == MGMT_STATUS_SUCCESS) {
dd983808 4811 rp.rssi = conn->rssi;
9981bdb0
JH		 4812 rp.tx_power = conn->tx_power;
4813 rp.max_tx_power = conn->max_tx_power;
4814 } else {
4815 rp.rssi = HCI_RSSI_INVALID;
4816 rp.tx_power = HCI_TX_POWER_INVALID;
4817 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 4818 }
4819
2a1afb5a
JH		 4820 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4821 status, &rp, sizeof(rp));
dd983808
AK		 4822
4823 hci_conn_drop(conn);
f8aaf9b6 4824 hci_conn_put(conn);
9df74653
JH		 4825
4826 return err;
dd983808
AK		 4827}
4828
1904a853
MH		 4829static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
4830 u16 opcode)
dd983808
AK		 4831{
4832 struct hci_cp_read_rssi *cp;
3b0602cd 4833 struct mgmt_pending_cmd *cmd;
dd983808 4834 struct hci_conn *conn;
dd983808 4835 u16 handle;
9981bdb0 4836 u8 status;
dd983808 4837
9981bdb0 4838 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 4839
4840 hci_dev_lock(hdev);
4841
dd983808
AK		 4842 /* Commands sent in request are either Read RSSI or Read Transmit Power
4843 * Level so we check which one was last sent to retrieve connection
4844 * handle. Both commands have handle as first parameter so it's safe to
4845 * cast data on the same command struct.
4846 *
4847 * First command sent is always Read RSSI and we fail only if it fails.
4848 * In other case we simply override error to indicate success as we
4849 * already remembered if TX power value is actually valid.
4850 */
4851 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4852 if (!cp) {
4853 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 4854 status = MGMT_STATUS_SUCCESS;
4855 } else {
4856 status = mgmt_status(hci_status);
dd983808
AK		 4857 }
4858
4859 if (!cp) {
9981bdb0 4860 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 4861 goto unlock;
4862 }
4863
4864 handle = __le16_to_cpu(cp->handle);
4865 conn = hci_conn_hash_lookup_handle(hdev, handle);
4866 if (!conn) {
9981bdb0 4867 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 4868 goto unlock;
4869 }
4870
333ae95d 4871 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 4872 if (!cmd)
4873 goto unlock;
dd983808 4874
9981bdb0
JH		 4875 cmd->cmd_complete(cmd, status);
4876 mgmt_pending_remove(cmd);
dd983808
AK		 4877
4878unlock:
4879 hci_dev_unlock(hdev);
4880}
4881
4882static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4883 u16 len)
4884{
4885 struct mgmt_cp_get_conn_info *cp = data;
4886 struct mgmt_rp_get_conn_info rp;
4887 struct hci_conn *conn;
4888 unsigned long conn_info_age;
4889 int err = 0;
4890
4891 BT_DBG("%s", hdev->name);
4892
4893 memset(&rp, 0, sizeof(rp));
4894 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4895 rp.addr.type = cp->addr.type;
4896
4897 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4898 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4899 MGMT_STATUS_INVALID_PARAMS,
4900 &rp, sizeof(rp));
dd983808
AK		 4901
4902 hci_dev_lock(hdev);
4903
4904 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4905 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4906 MGMT_STATUS_NOT_POWERED, &rp,
4907 sizeof(rp));
dd983808
AK		 4908 goto unlock;
4909 }
4910
4911 if (cp->addr.type == BDADDR_BREDR)
4912 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4913 &cp->addr.bdaddr);
4914 else
4915 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4916
4917 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 4918 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4919 MGMT_STATUS_NOT_CONNECTED, &rp,
4920 sizeof(rp));
dd983808
AK		 4921 goto unlock;
4922 }
4923
333ae95d 4924 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 4925 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4926 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 4927 goto unlock;
4928 }
4929
dd983808
AK		 4930 /* To avoid client trying to guess when to poll again for information we
4931 * calculate conn info age as random value between min/max set in hdev.
4932 */
4933 conn_info_age = hdev->conn_info_min_age +
4934 prandom_u32_max(hdev->conn_info_max_age -
4935 hdev->conn_info_min_age);
4936
4937 /* Query controller to refresh cached values if they are too old or were
4938 * never read.
4939 */
f4e2dd53
AK		 4940 if (time_after(jiffies, conn->conn_info_timestamp +
4941 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4942 !conn->conn_info_timestamp) {
4943 struct hci_request req;
4944 struct hci_cp_read_tx_power req_txp_cp;
4945 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 4946 struct mgmt_pending_cmd *cmd;
dd983808
AK		 4947
4948 hci_req_init(&req, hdev);
4949 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4950 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4951 &req_rssi_cp);
4952
f7faab0c
AK		 4953 /* For LE links TX power does not change thus we don't need to
4954 * query for it once value is known.
4955 */
4956 if (!bdaddr_type_is_le(cp->addr.type) ||
4957 conn->tx_power == HCI_TX_POWER_INVALID) {
4958 req_txp_cp.handle = cpu_to_le16(conn->handle);
4959 req_txp_cp.type = 0x00;
4960 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4961 sizeof(req_txp_cp), &req_txp_cp);
4962 }
dd983808 4963
eed5daf3
AK		 4964 /* Max TX power needs to be read only once per connection */
4965 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
4966 req_txp_cp.handle = cpu_to_le16(conn->handle);
4967 req_txp_cp.type = 0x01;
4968 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4969 sizeof(req_txp_cp), &req_txp_cp);
4970 }
4971
dd983808
AK		 4972 err = hci_req_run(&req, conn_info_refresh_complete);
4973 if (err < 0)
4974 goto unlock;
4975
4976 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
4977 data, len);
4978 if (!cmd) {
4979 err = -ENOMEM;
4980 goto unlock;
4981 }
4982
4983 hci_conn_hold(conn);
f8aaf9b6 4984 cmd->user_data = hci_conn_get(conn);
9981bdb0 4985 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 4986
4987 conn->conn_info_timestamp = jiffies;
4988 } else {
4989 /* Cache is valid, just reply with values cached in hci_conn */
4990 rp.rssi = conn->rssi;
4991 rp.tx_power = conn->tx_power;
eed5daf3 4992 rp.max_tx_power = conn->max_tx_power;
dd983808 4993
2a1afb5a
JH		 4994 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4995 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 4996 }
4997
4998unlock:
4999 hci_dev_unlock(hdev);
5000 return err;
5001}
5002
3b0602cd 5003static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5004{
69487371 5005 struct hci_conn *conn = cmd->user_data;
95868426 5006 struct mgmt_rp_get_clock_info rp;
69487371 5007 struct hci_dev *hdev;
9df74653 5008 int err;
69487371
JH		 5009
5010 memset(&rp, 0, sizeof(rp));
56f787c5 5011 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
69487371
JH		 5012
5013 if (status)
5014 goto complete;
5015
5016 hdev = hci_dev_get(cmd->index);
5017 if (hdev) {
5018 rp.local_clock = cpu_to_le32(hdev->clock);
5019 hci_dev_put(hdev);
5020 }
5021
5022 if (conn) {
5023 rp.piconet_clock = cpu_to_le32(conn->clock);
5024 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5025 }
5026
5027complete:
2a1afb5a
JH		 5028 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5029 sizeof(rp));
69487371
JH		 5030
5031 if (conn) {
5032 hci_conn_drop(conn);
5033 hci_conn_put(conn);
5034 }
9df74653
JH		 5035
5036 return err;
69487371
JH		 5037}
5038
1904a853 5039static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5040{
95868426 5041 struct hci_cp_read_clock *hci_cp;
3b0602cd 5042 struct mgmt_pending_cmd *cmd;
95868426
JH		 5043 struct hci_conn *conn;
5044
5045 BT_DBG("%s status %u", hdev->name, status);
5046
5047 hci_dev_lock(hdev);
5048
5049 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5050 if (!hci_cp)
5051 goto unlock;
5052
5053 if (hci_cp->which) {
5054 u16 handle = __le16_to_cpu(hci_cp->handle);
5055 conn = hci_conn_hash_lookup_handle(hdev, handle);
5056 } else {
5057 conn = NULL;
5058 }
5059
333ae95d 5060 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5061 if (!cmd)
5062 goto unlock;
5063
69487371 5064 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5065 mgmt_pending_remove(cmd);
95868426
JH		 5066
5067unlock:
5068 hci_dev_unlock(hdev);
5069}
5070
5071static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5072 u16 len)
5073{
5074 struct mgmt_cp_get_clock_info *cp = data;
5075 struct mgmt_rp_get_clock_info rp;
5076 struct hci_cp_read_clock hci_cp;
3b0602cd 5077 struct mgmt_pending_cmd *cmd;
95868426
JH		 5078 struct hci_request req;
5079 struct hci_conn *conn;
5080 int err;
5081
5082 BT_DBG("%s", hdev->name);
5083
5084 memset(&rp, 0, sizeof(rp));
5085 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5086 rp.addr.type = cp->addr.type;
5087
5088 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5089 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5090 MGMT_STATUS_INVALID_PARAMS,
5091 &rp, sizeof(rp));
95868426
JH		 5092
5093 hci_dev_lock(hdev);
5094
5095 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5096 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5097 MGMT_STATUS_NOT_POWERED, &rp,
5098 sizeof(rp));
95868426
JH		 5099 goto unlock;
5100 }
5101
5102 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5103 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5104 &cp->addr.bdaddr);
5105 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5106 err = mgmt_cmd_complete(sk, hdev->id,
5107 MGMT_OP_GET_CLOCK_INFO,
5108 MGMT_STATUS_NOT_CONNECTED,
5109 &rp, sizeof(rp));
95868426
JH		 5110 goto unlock;
5111 }
5112 } else {
5113 conn = NULL;
5114 }
5115
5116 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5117 if (!cmd) {
5118 err = -ENOMEM;
5119 goto unlock;
5120 }
5121
69487371
JH		 5122 cmd->cmd_complete = clock_info_cmd_complete;
5123
95868426
JH		 5124 hci_req_init(&req, hdev);
5125
5126 memset(&hci_cp, 0, sizeof(hci_cp));
5127 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5128
5129 if (conn) {
5130 hci_conn_hold(conn);
f8aaf9b6 5131 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5132
5133 hci_cp.handle = cpu_to_le16(conn->handle);
5134 hci_cp.which = 0x01; /* Piconet clock */
5135 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5136 }
5137
5138 err = hci_req_run(&req, get_clock_info_complete);
5139 if (err < 0)
5140 mgmt_pending_remove(cmd);
5141
5142unlock:
5143 hci_dev_unlock(hdev);
5144 return err;
5145}
5146
5a154e6f
JH		 5147static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5148{
5149 struct hci_conn *conn;
5150
5151 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5152 if (!conn)
5153 return false;
5154
5155 if (conn->dst_type != type)
5156 return false;
5157
5158 if (conn->state != BT_CONNECTED)
5159 return false;
5160
5161 return true;
5162}
5163
5164/* This function requires the caller holds hdev->lock */
51d7a94d 5165static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5166 u8 addr_type, u8 auto_connect)
5167{
5a154e6f
JH		 5168 struct hci_conn_params *params;
5169
5170 params = hci_conn_params_add(hdev, addr, addr_type);
5171 if (!params)
5172 return -EIO;
5173
5174 if (params->auto_connect == auto_connect)
5175 return 0;
5176
5177 list_del_init(&params->action);
5178
5179 switch (auto_connect) {
5180 case HCI_AUTO_CONN_DISABLED:
5181 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5182 /* If auto connect is being disabled when we're trying to
5183 * connect to device, keep connecting.
5184 */
5185 if (params->explicit_connect)
5186 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5187 break;
5188 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5189 if (params->explicit_connect)
5190 list_add(&params->action, &hdev->pend_le_conns);
5191 else
5192 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5193 break;
5194 case HCI_AUTO_CONN_DIRECT:
5195 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5196 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5197 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5198 break;
5199 }
5200
5201 params->auto_connect = auto_connect;
5202
5203 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5204 auto_connect);
5205
5206 return 0;
5207}
5208
8afef092
MH		 5209static void device_added(struct sock *sk, struct hci_dev *hdev,
5210 bdaddr_t *bdaddr, u8 type, u8 action)
5211{
5212 struct mgmt_ev_device_added ev;
5213
5214 bacpy(&ev.addr.bdaddr, bdaddr);
5215 ev.addr.type = type;
5216 ev.action = action;
5217
5218 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5219}
5220
2faade53
MH		 5221static int add_device(struct sock *sk, struct hci_dev *hdev,
5222 void *data, u16 len)
5223{
5224 struct mgmt_cp_add_device *cp = data;
5225 u8 auto_conn, addr_type;
5226 int err;
5227
5228 BT_DBG("%s", hdev->name);
5229
6659358e 5230 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5231 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5232 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5233 MGMT_STATUS_INVALID_PARAMS,
5234 &cp->addr, sizeof(cp->addr));
2faade53 5235
4b9e7e75 5236 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5237 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5238 MGMT_STATUS_INVALID_PARAMS,
5239 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5240
5241 hci_dev_lock(hdev);
5242
6659358e 5243 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5244 /* Only incoming connections action is supported for now */
6659358e 5245 if (cp->action != 0x01) {
51d7a94d
JH		 5246 err = mgmt_cmd_complete(sk, hdev->id,
5247 MGMT_OP_ADD_DEVICE,
5248 MGMT_STATUS_INVALID_PARAMS,
5249 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5250 goto unlock;
5251 }
5252
5253 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5254 cp->addr.type);
5255 if (err)
5256 goto unlock;
a397407f 5257
01b1cb87 5258 hci_req_update_scan(hdev);
a397407f 5259
6659358e
JH		 5260 goto added;
5261 }
5262
85813a7e 5263 addr_type = le_addr_type(cp->addr.type);
2faade53 5264
4b9e7e75 5265 if (cp->action == 0x02)
2faade53 5266 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5267 else if (cp->action == 0x01)
5268 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5269 else
a3451d27 5270 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5271
9a0a8a8e
JP		 5272 /* Kernel internally uses conn_params with resolvable private
5273 * address, but Add Device allows only identity addresses.
5274 * Make sure it is enforced before calling
5275 * hci_conn_params_lookup.
5276 */
5277 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5278 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5279 MGMT_STATUS_INVALID_PARAMS,
5280 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5281 goto unlock;
5282 }
5283
bf5b3c8b
MH		 5284 /* If the connection parameters don't exist for this device,
5285 * they will be created and configured with defaults.
5286 */
51d7a94d 5287 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5288 auto_conn) < 0) {
51d7a94d
JH		 5289 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5290 MGMT_STATUS_FAILED, &cp->addr,
5291 sizeof(cp->addr));
2faade53
MH		 5292 goto unlock;
5293 }
5294
51d7a94d
JH		 5295 hci_update_background_scan(hdev);
5296
6659358e 5297added:
8afef092
MH		 5298 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5299
51d7a94d
JH		 5300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5301 MGMT_STATUS_SUCCESS, &cp->addr,
5302 sizeof(cp->addr));
2faade53
MH		 5303
5304unlock:
5305 hci_dev_unlock(hdev);
5306 return err;
5307}
5308
8afef092
MH		 5309static void device_removed(struct sock *sk, struct hci_dev *hdev,
5310 bdaddr_t *bdaddr, u8 type)
5311{
5312 struct mgmt_ev_device_removed ev;
5313
5314 bacpy(&ev.addr.bdaddr, bdaddr);
5315 ev.addr.type = type;
5316
5317 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5318}
5319
2faade53
MH		 5320static int remove_device(struct sock *sk, struct hci_dev *hdev,
5321 void *data, u16 len)
5322{
5323 struct mgmt_cp_remove_device *cp = data;
5324 int err;
5325
5326 BT_DBG("%s", hdev->name);
5327
5328 hci_dev_lock(hdev);
5329
5330 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5331 struct hci_conn_params *params;
2faade53
MH		 5332 u8 addr_type;
5333
6659358e 5334 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5335 err = mgmt_cmd_complete(sk, hdev->id,
5336 MGMT_OP_REMOVE_DEVICE,
5337 MGMT_STATUS_INVALID_PARAMS,
5338 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5339 goto unlock;
5340 }
5341
6659358e
JH		 5342 if (cp->addr.type == BDADDR_BREDR) {
5343 err = hci_bdaddr_list_del(&hdev->whitelist,
5344 &cp->addr.bdaddr,
5345 cp->addr.type);
5346 if (err) {
51d7a94d
JH		 5347 err = mgmt_cmd_complete(sk, hdev->id,
5348 MGMT_OP_REMOVE_DEVICE,
5349 MGMT_STATUS_INVALID_PARAMS,
5350 &cp->addr,
5351 sizeof(cp->addr));
6659358e
JH		 5352 goto unlock;
5353 }
5354
01b1cb87 5355 hci_req_update_scan(hdev);
a397407f 5356
6659358e
JH		 5357 device_removed(sk, hdev, &cp->addr.bdaddr,
5358 cp->addr.type);
5359 goto complete;
5360 }
5361
85813a7e 5362 addr_type = le_addr_type(cp->addr.type);
2faade53 5363
9a0a8a8e
JP		 5364 /* Kernel internally uses conn_params with resolvable private
5365 * address, but Remove Device allows only identity addresses.
5366 * Make sure it is enforced before calling
5367 * hci_conn_params_lookup.
5368 */
5369 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5370 err = mgmt_cmd_complete(sk, hdev->id,
5371 MGMT_OP_REMOVE_DEVICE,
5372 MGMT_STATUS_INVALID_PARAMS,
5373 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5374 goto unlock;
5375 }
5376
c71593dd
JH		 5377 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5378 addr_type);
5379 if (!params) {
51d7a94d
JH		 5380 err = mgmt_cmd_complete(sk, hdev->id,
5381 MGMT_OP_REMOVE_DEVICE,
5382 MGMT_STATUS_INVALID_PARAMS,
5383 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5384 goto unlock;
5385 }
5386
679d2b6f
JH		 5387 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5388 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5389 err = mgmt_cmd_complete(sk, hdev->id,
5390 MGMT_OP_REMOVE_DEVICE,
5391 MGMT_STATUS_INVALID_PARAMS,
5392 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5393 goto unlock;
5394 }
5395
d1dbf12e 5396 list_del(&params->action);
c71593dd
JH		 5397 list_del(&params->list);
5398 kfree(params);
51d7a94d 5399 hci_update_background_scan(hdev);
8afef092
MH		 5400
5401 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5402 } else {
19de0825 5403 struct hci_conn_params *p, *tmp;
6659358e 5404 struct bdaddr_list *b, *btmp;
19de0825 5405
2faade53 5406 if (cp->addr.type) {
51d7a94d
JH		 5407 err = mgmt_cmd_complete(sk, hdev->id,
5408 MGMT_OP_REMOVE_DEVICE,
5409 MGMT_STATUS_INVALID_PARAMS,
5410 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5411 goto unlock;
5412 }
5413
6659358e
JH		 5414 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5415 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5416 list_del(&b->list);
5417 kfree(b);
5418 }
5419
01b1cb87 5420 hci_req_update_scan(hdev);
a397407f 5421
19de0825
JH		 5422 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5423 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5424 continue;
5425 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5426 if (p->explicit_connect) {
5427 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5428 continue;
5429 }
19de0825
JH		 5430 list_del(&p->action);
5431 list_del(&p->list);
5432 kfree(p);
5433 }
5434
5435 BT_DBG("All LE connection parameters were removed");
5436
51d7a94d 5437 hci_update_background_scan(hdev);
2faade53
MH		 5438 }
5439
6659358e 5440complete:
51d7a94d
JH		 5441 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5442 MGMT_STATUS_SUCCESS, &cp->addr,
5443 sizeof(cp->addr));
2faade53
MH		 5444unlock:
5445 hci_dev_unlock(hdev);
5446 return err;
5447}
5448
a26f3dcf
JH		 5449static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5450 u16 len)
5451{
5452 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5453 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5454 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5455 u16 param_count, expected_len;
5456 int i;
5457
5458 if (!lmp_le_capable(hdev))
a69e8375
JH		 5459 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5460 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5461
5462 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5463 if (param_count > max_param_count) {
5464 BT_ERR("load_conn_param: too big param_count value %u",
5465 param_count);
a69e8375
JH		 5466 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5467 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5468 }
a26f3dcf
JH		 5469
5470 expected_len = sizeof(*cp) + param_count *
5471 sizeof(struct mgmt_conn_param);
5472 if (expected_len != len) {
5473 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5474 expected_len, len);
a69e8375
JH		 5475 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5476 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5477 }
5478
5479 BT_DBG("%s param_count %u", hdev->name, param_count);
5480
5481 hci_dev_lock(hdev);
5482
5483 hci_conn_params_clear_disabled(hdev);
5484
5485 for (i = 0; i < param_count; i++) {
5486 struct mgmt_conn_param *param = &cp->params[i];
5487 struct hci_conn_params *hci_param;
5488 u16 min, max, latency, timeout;
5489 u8 addr_type;
5490
5491 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5492 param->addr.type);
5493
5494 if (param->addr.type == BDADDR_LE_PUBLIC) {
5495 addr_type = ADDR_LE_DEV_PUBLIC;
5496 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5497 addr_type = ADDR_LE_DEV_RANDOM;
5498 } else {
5499 BT_ERR("Ignoring invalid connection parameters");
5500 continue;
5501 }
5502
5503 min = le16_to_cpu(param->min_interval);
5504 max = le16_to_cpu(param->max_interval);
5505 latency = le16_to_cpu(param->latency);
5506 timeout = le16_to_cpu(param->timeout);
5507
5508 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5509 min, max, latency, timeout);
5510
5511 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5512 BT_ERR("Ignoring invalid connection parameters");
5513 continue;
5514 }
5515
5516 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5517 addr_type);
5518 if (!hci_param) {
5519 BT_ERR("Failed to add connection parameters");
5520 continue;
5521 }
5522
5523 hci_param->conn_min_interval = min;
5524 hci_param->conn_max_interval = max;
5525 hci_param->conn_latency = latency;
5526 hci_param->supervision_timeout = timeout;
5527 }
5528
5529 hci_dev_unlock(hdev);
5530
2a1afb5a
JH		 5531 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5532 NULL, 0);
a26f3dcf
JH		 5533}
5534
dbece37a
MH		 5535static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5536 void *data, u16 len)
5537{
5538 struct mgmt_cp_set_external_config *cp = data;
5539 bool changed;
5540 int err;
5541
5542 BT_DBG("%s", hdev->name);
5543
5544 if (hdev_is_powered(hdev))
a69e8375
JH		 5545 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5546 MGMT_STATUS_REJECTED);
dbece37a
MH		 5547
5548 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5549 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5550 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5551
5552 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5553 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5554 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5555
5556 hci_dev_lock(hdev);
5557
5558 if (cp->config)
238be788 5559 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5560 else
a69d8927 5561 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5562
5563 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5564 if (err < 0)
5565 goto unlock;
5566
5567 if (!changed)
5568 goto unlock;
5569
f4537c04
MH		 5570 err = new_options(hdev, sk);
5571
d7a5a11d 5572 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5573 mgmt_index_removed(hdev);
d603b76b 5574
516018a9 5575 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5576 hci_dev_set_flag(hdev, HCI_CONFIG);
5577 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5578
5579 queue_work(hdev->req_workqueue, &hdev->power_on);
5580 } else {
5ea234d3 5581 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5582 mgmt_index_added(hdev);
5583 }
dbece37a
MH		 5584 }
5585
5586unlock:
5587 hci_dev_unlock(hdev);
5588 return err;
5589}
5590
9713c17b
MH		 5591static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5592 void *data, u16 len)
5593{
5594 struct mgmt_cp_set_public_address *cp = data;
5595 bool changed;
5596 int err;
5597
5598 BT_DBG("%s", hdev->name);
5599
5600 if (hdev_is_powered(hdev))
a69e8375
JH		 5601 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5602 MGMT_STATUS_REJECTED);
9713c17b
MH		 5603
5604 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5605 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5606 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5607
5608 if (!hdev->set_bdaddr)
a69e8375
JH		 5609 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5610 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5611
5612 hci_dev_lock(hdev);
5613
5614 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5615 bacpy(&hdev->public_addr, &cp->bdaddr);
5616
5617 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5618 if (err < 0)
5619 goto unlock;
5620
5621 if (!changed)
5622 goto unlock;
5623
d7a5a11d 5624 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 5625 err = new_options(hdev, sk);
5626
5627 if (is_configured(hdev)) {
5628 mgmt_index_removed(hdev);
5629
a358dc11 5630 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 5631
a1536da2
MH		 5632 hci_dev_set_flag(hdev, HCI_CONFIG);
5633 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 5634
5635 queue_work(hdev->req_workqueue, &hdev->power_on);
5636 }
5637
5638unlock:
5639 hci_dev_unlock(hdev);
5640 return err;
5641}
5642
40f66c05
JH		 5643static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
5644 u16 opcode, struct sk_buff *skb)
5645{
5646 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
5647 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
5648 u8 *h192, *r192, *h256, *r256;
5649 struct mgmt_pending_cmd *cmd;
5650 u16 eir_len;
5651 int err;
5652
5653 BT_DBG("%s status %u", hdev->name, status);
5654
5655 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
5656 if (!cmd)
5657 return;
5658
5659 mgmt_cp = cmd->param;
5660
5661 if (status) {
5662 status = mgmt_status(status);
5663 eir_len = 0;
5664
5665 h192 = NULL;
5666 r192 = NULL;
5667 h256 = NULL;
5668 r256 = NULL;
5669 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
5670 struct hci_rp_read_local_oob_data *rp;
5671
5672 if (skb->len != sizeof(*rp)) {
5673 status = MGMT_STATUS_FAILED;
5674 eir_len = 0;
5675 } else {
5676 status = MGMT_STATUS_SUCCESS;
5677 rp = (void *)skb->data;
5678
5679 eir_len = 5 + 18 + 18;
5680 h192 = rp->hash;
5681 r192 = rp->rand;
5682 h256 = NULL;
5683 r256 = NULL;
5684 }
5685 } else {
5686 struct hci_rp_read_local_oob_ext_data *rp;
5687
5688 if (skb->len != sizeof(*rp)) {
5689 status = MGMT_STATUS_FAILED;
5690 eir_len = 0;
5691 } else {
5692 status = MGMT_STATUS_SUCCESS;
5693 rp = (void *)skb->data;
5694
5695 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
5696 eir_len = 5 + 18 + 18;
5697 h192 = NULL;
5698 r192 = NULL;
5699 } else {
5700 eir_len = 5 + 18 + 18 + 18 + 18;
5701 h192 = rp->hash192;
5702 r192 = rp->rand192;
5703 }
5704
5705 h256 = rp->hash256;
5706 r256 = rp->rand256;
5707 }
5708 }
5709
5710 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
5711 if (!mgmt_rp)
5712 goto done;
5713
5714 if (status)
5715 goto send_rsp;
5716
5717 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
5718 hdev->dev_class, 3);
5719
5720 if (h192 && r192) {
5721 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5722 EIR_SSP_HASH_C192, h192, 16);
5723 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5724 EIR_SSP_RAND_R192, r192, 16);
5725 }
5726
5727 if (h256 && r256) {
5728 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5729 EIR_SSP_HASH_C256, h256, 16);
5730 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
5731 EIR_SSP_RAND_R256, r256, 16);
5732 }
5733
5734send_rsp:
5735 mgmt_rp->type = mgmt_cp->type;
5736 mgmt_rp->eir_len = cpu_to_le16(eir_len);
5737
5738 err = mgmt_cmd_complete(cmd->sk, hdev->id,
5739 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
5740 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
5741 if (err < 0 || status)
5742 goto done;
5743
5744 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
5745
5746 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5747 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
5748 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
5749done:
5750 kfree(mgmt_rp);
5751 mgmt_pending_remove(cmd);
5752}
5753
5754static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
5755 struct mgmt_cp_read_local_oob_ext_data *cp)
5756{
5757 struct mgmt_pending_cmd *cmd;
5758 struct hci_request req;
5759 int err;
5760
5761 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
5762 cp, sizeof(*cp));
5763 if (!cmd)
5764 return -ENOMEM;
5765
5766 hci_req_init(&req, hdev);
5767
5768 if (bredr_sc_enabled(hdev))
5769 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
5770 else
5771 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
5772
5773 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
5774 if (err < 0) {
5775 mgmt_pending_remove(cmd);
5776 return err;
5777 }
5778
5779 return 0;
5780}
5781
4f0f155c
MH		 5782static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
5783 void *data, u16 data_len)
5784{
5785 struct mgmt_cp_read_local_oob_ext_data *cp = data;
5786 struct mgmt_rp_read_local_oob_ext_data *rp;
5787 size_t rp_len;
5788 u16 eir_len;
0821a2c5 5789 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 5790 int err;
5791
5792 BT_DBG("%s", hdev->name);
5793
57b0d3e8
MH		 5794 if (hdev_is_powered(hdev)) {
5795 switch (cp->type) {
5796 case BIT(BDADDR_BREDR):
5797 status = mgmt_bredr_support(hdev);
5798 if (status)
5799 eir_len = 0;
5800 else
5801 eir_len = 5;
5802 break;
5803 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5804 status = mgmt_le_support(hdev);
5805 if (status)
5806 eir_len = 0;
5807 else
5808 eir_len = 9 + 3 + 18 + 18 + 3;
5809 break;
5810 default:
5811 status = MGMT_STATUS_INVALID_PARAMS;
5812 eir_len = 0;
5813 break;
5814 }
5815 } else {
5816 status = MGMT_STATUS_NOT_POWERED;
5817 eir_len = 0;
4f0f155c
MH		 5818 }
5819
4f0f155c
MH		 5820 rp_len = sizeof(*rp) + eir_len;
5821 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 5822 if (!rp)
4f0f155c 5823 return -ENOMEM;
efcd8c98 5824
57b0d3e8
MH		 5825 if (status)
5826 goto complete;
5827
efcd8c98 5828 hci_dev_lock(hdev);
4f0f155c
MH		 5829
5830 eir_len = 0;
5831 switch (cp->type) {
5832 case BIT(BDADDR_BREDR):
40f66c05
JH		 5833 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
5834 err = read_local_ssp_oob_req(hdev, sk, cp);
5835 hci_dev_unlock(hdev);
5836 if (!err)
5837 goto done;
5838
5839 status = MGMT_STATUS_FAILED;
5840 goto complete;
5841 } else {
5842 eir_len = eir_append_data(rp->eir, eir_len,
5843 EIR_CLASS_OF_DEV,
5844 hdev->dev_class, 3);
5845 }
4f0f155c
MH		 5846 break;
5847 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 5848 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5849 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 5850 hci_dev_unlock(hdev);
57b0d3e8
MH		 5851 status = MGMT_STATUS_FAILED;
5852 goto complete;
0821a2c5
MH		 5853 }
5854
e213568a
MH		 5855 /* This should return the active RPA, but since the RPA
5856 * is only programmed on demand, it is really hard to fill
5857 * this in at the moment. For now disallow retrieving
5858 * local out-of-band data when privacy is in use.
5859 *
5860 * Returning the identity address will not help here since
5861 * pairing happens before the identity resolving key is
5862 * known and thus the connection establishment happens
5863 * based on the RPA and not the identity address.
5864 */
4f0f155c 5865 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 5866 hci_dev_unlock(hdev);
5867 status = MGMT_STATUS_REJECTED;
5868 goto complete;
5869 }
5870
5871 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
5872 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
5873 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
5874 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 5875 memcpy(addr, &hdev->static_addr, 6);
5876 addr[6] = 0x01;
5877 } else {
5878 memcpy(addr, &hdev->bdaddr, 6);
5879 addr[6] = 0x00;
5880 }
5881
5882 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
5883 addr, sizeof(addr));
5884
5885 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
5886 role = 0x02;
5887 else
5888 role = 0x01;
5889
5890 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
5891 &role, sizeof(role));
5892
5082a599
MH		 5893 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
5894 eir_len = eir_append_data(rp->eir, eir_len,
5895 EIR_LE_SC_CONFIRM,
5896 hash, sizeof(hash));
0821a2c5 5897
5082a599
MH		 5898 eir_len = eir_append_data(rp->eir, eir_len,
5899 EIR_LE_SC_RANDOM,
5900 rand, sizeof(rand));
5901 }
0821a2c5 5902
f2252570 5903 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 5904
5905 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
5906 flags |= LE_AD_NO_BREDR;
5907
5908 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
5909 &flags, sizeof(flags));
5910 break;
5911 }
5912
4f0f155c
MH		 5913 hci_dev_unlock(hdev);
5914
72000df2
MH		 5915 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
5916
57b0d3e8
MH		 5917 status = MGMT_STATUS_SUCCESS;
5918
5919complete:
efcd8c98
MH		 5920 rp->type = cp->type;
5921 rp->eir_len = cpu_to_le16(eir_len);
5922
4f0f155c 5923 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 5924 status, rp, sizeof(*rp) + eir_len);
5925 if (err < 0 || status)
72000df2
MH		 5926 goto done;
5927
5928 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
5929 rp, sizeof(*rp) + eir_len,
5930 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 5931
0821a2c5 5932done:
4f0f155c
MH		 5933 kfree(rp);
5934
5935 return err;
5936}
5937
089fa8c0
AU		 5938static u32 get_supported_adv_flags(struct hci_dev *hdev)
5939{
5940 u32 flags = 0;
5941
5942 flags |= MGMT_ADV_FLAG_CONNECTABLE;
5943 flags |= MGMT_ADV_FLAG_DISCOV;
5944 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
5945 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
c4960ecf 5946 flags |= MGMT_ADV_FLAG_APPEARANCE;
7c295c48 5947 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
089fa8c0
AU		 5948
5949 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID)
5950 flags |= MGMT_ADV_FLAG_TX_POWER;
5951
5952 return flags;
5953}
5954
d3d5305b
MH		 5955static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
5956 void *data, u16 data_len)
5957{
5958 struct mgmt_rp_read_adv_features *rp;
5959 size_t rp_len;
02c04afe 5960 int err;
286e0c83 5961 struct adv_info *adv_instance;
089fa8c0 5962 u32 supported_flags;
02c04afe 5963 u8 *instance;
d3d5305b
MH		 5964
5965 BT_DBG("%s", hdev->name);
5966
089fa8c0
AU		 5967 if (!lmp_le_capable(hdev))
5968 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5969 MGMT_STATUS_REJECTED);
5970
d3d5305b
MH		 5971 hci_dev_lock(hdev);
5972
02c04afe 5973 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 5974 rp = kmalloc(rp_len, GFP_ATOMIC);
5975 if (!rp) {
5976 hci_dev_unlock(hdev);
5977 return -ENOMEM;
5978 }
5979
089fa8c0
AU		 5980 supported_flags = get_supported_adv_flags(hdev);
5981
5982 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 5983 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
5984 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 5985 rp->max_instances = HCI_MAX_ADV_INSTANCES;
02c04afe 5986 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 5987
02c04afe
JH		 5988 instance = rp->instance;
5989 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
5990 *instance = adv_instance->instance;
5991 instance++;
24b4f38f 5992 }
d3d5305b
MH		 5993
5994 hci_dev_unlock(hdev);
5995
5996 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
5997 MGMT_STATUS_SUCCESS, rp, rp_len);
5998
5999 kfree(rp);
6000
6001 return err;
6002}
6003
2bb36870 6004static u8 tlv_data_max_len(u32 adv_flags, bool is_adv_data)
24b4f38f 6005{
4117ed70 6006 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6007
31a3248d
MH		 6008 if (is_adv_data) {
6009 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6010 MGMT_ADV_FLAG_LIMITED_DISCOV |
2bb36870 6011 MGMT_ADV_FLAG_MANAGED_FLAGS))
31a3248d 6012 max_len -= 3;
24b4f38f 6013
2bb36870 6014 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
31a3248d 6015 max_len -= 3;
7c295c48
MN		 6016 } else {
6017 /* at least 1 byte of name should fit in */
6018 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
6019 max_len -= 3;
c4960ecf 6020
2bb36870 6021 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
c4960ecf 6022 max_len -= 4;
5507e358
AU		 6023 }
6024
2bb36870
SJ		 6025 return max_len;
6026}
6027
6028static bool flags_managed(u32 adv_flags)
6029{
6030 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6031 MGMT_ADV_FLAG_LIMITED_DISCOV |
6032 MGMT_ADV_FLAG_MANAGED_FLAGS);
6033}
6034
6035static bool tx_power_managed(u32 adv_flags)
6036{
6037 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6038}
6039
6040static bool name_managed(u32 adv_flags)
6041{
6042 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6043}
6044
6045static bool appearance_managed(u32 adv_flags)
6046{
6047 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6048}
6049
6050static bool tlv_data_is_valid(u32 adv_flags, u8 *data, u8 len, bool is_adv_data)
6051{
6052 int i, cur_len;
6053 u8 max_len;
6054
6055 max_len = tlv_data_max_len(adv_flags, is_adv_data);
6056
4117ed70 6057 if (len > max_len)
24b4f38f
AU		 6058 return false;
6059
4117ed70
AU		 6060 /* Make sure that the data is correctly formatted. */
6061 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6062 cur_len = data[i];
24b4f38f 6063
9c9db78d
SJ		 6064 if (data[i + 1] == EIR_FLAGS &&
6065 (!is_adv_data || flags_managed(adv_flags)))
2bb36870
SJ		 6066 return false;
6067
6068 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6069 return false;
6070
6071 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6072 return false;
6073
6074 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
b44133ff
AU		 6075 return false;
6076
2bb36870
SJ		 6077 if (data[i + 1] == EIR_APPEARANCE &&
6078 appearance_managed(adv_flags))
5507e358
AU		 6079 return false;
6080
24b4f38f
AU		 6081 /* If the current field length would exceed the total data
6082 * length, then it's invalid.
6083 */
4117ed70 6084 if (i + cur_len >= len)
24b4f38f
AU		 6085 return false;
6086 }
6087
6088 return true;
6089}
6090
24b4f38f
AU		 6091static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6092 u16 opcode)
6093{
6094 struct mgmt_pending_cmd *cmd;
fffd38bc 6095 struct mgmt_cp_add_advertising *cp;
24b4f38f 6096 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6097 struct adv_info *adv_instance, *n;
6098 u8 instance;
24b4f38f
AU		 6099
6100 BT_DBG("status %d", status);
6101
6102 hci_dev_lock(hdev);
6103
6104 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6105
fffd38bc
FG		 6106 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6107 if (!adv_instance->pending)
6108 continue;
6109
6110 if (!status) {
6111 adv_instance->pending = false;
6112 continue;
6113 }
6114
6115 instance = adv_instance->instance;
6116
6117 if (hdev->cur_adv_instance == instance)
6118 cancel_adv_timeout(hdev);
6119
6120 hci_remove_adv_instance(hdev, instance);
f2252570 6121 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6122 }
6123
6124 if (!cmd)
6125 goto unlock;
6126
fffd38bc
FG		 6127 cp = cmd->param;
6128 rp.instance = cp->instance;
24b4f38f
AU		 6129
6130 if (status)
6131 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6132 mgmt_status(status));
6133 else
6134 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6135 mgmt_status(status), &rp, sizeof(rp));
6136
6137 mgmt_pending_remove(cmd);
6138
6139unlock:
6140 hci_dev_unlock(hdev);
6141}
6142
6143static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6144 void *data, u16 data_len)
6145{
6146 struct mgmt_cp_add_advertising *cp = data;
6147 struct mgmt_rp_add_advertising rp;
6148 u32 flags;
089fa8c0 6149 u32 supported_flags;
24b4f38f 6150 u8 status;
fffd38bc
FG		 6151 u16 timeout, duration;
6152 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6153 u8 schedule_instance = 0;
6154 struct adv_info *next_instance;
24b4f38f
AU		 6155 int err;
6156 struct mgmt_pending_cmd *cmd;
6157 struct hci_request req;
6158
6159 BT_DBG("%s", hdev->name);
6160
6161 status = mgmt_le_support(hdev);
6162 if (status)
6163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6164 status);
6165
ceff86af 6166 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6a0e7807
JH		 6167 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6168 MGMT_STATUS_INVALID_PARAMS);
6169
6170 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 6171 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6172 MGMT_STATUS_INVALID_PARAMS);
6173
24b4f38f 6174 flags = __le32_to_cpu(cp->flags);
912098a6 6175 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6176 duration = __le16_to_cpu(cp->duration);
24b4f38f 6177
fffd38bc
FG		 6178 /* The current implementation only supports a subset of the specified
6179 * flags.
089fa8c0
AU		 6180 */
6181 supported_flags = get_supported_adv_flags(hdev);
fffd38bc 6182 if (flags & ~supported_flags)
24b4f38f
AU		 6183 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6184 MGMT_STATUS_INVALID_PARAMS);
6185
6186 hci_dev_lock(hdev);
6187
912098a6
AU		 6188 if (timeout && !hdev_is_powered(hdev)) {
6189 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6190 MGMT_STATUS_REJECTED);
6191 goto unlock;
6192 }
6193
24b4f38f 6194 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6195 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6196 pending_find(MGMT_OP_SET_LE, hdev)) {
6197 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6198 MGMT_STATUS_BUSY);
6199 goto unlock;
6200 }
6201
5e2c59e8
SJ		 6202 if (!tlv_data_is_valid(flags, cp->data, cp->adv_data_len, true) ||
6203 !tlv_data_is_valid(flags, cp->data + cp->adv_data_len,
b44133ff 6204 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6205 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6206 MGMT_STATUS_INVALID_PARAMS);
6207 goto unlock;
6208 }
6209
fffd38bc
FG		 6210 err = hci_add_adv_instance(hdev, cp->instance, flags,
6211 cp->adv_data_len, cp->data,
6212 cp->scan_rsp_len,
6213 cp->data + cp->adv_data_len,
6214 timeout, duration);
6215 if (err < 0) {
6216 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6217 MGMT_STATUS_FAILED);
6218 goto unlock;
6219 }
24b4f38f 6220
fffd38bc
FG		 6221 /* Only trigger an advertising added event if a new instance was
6222 * actually added.
6223 */
6224 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6225 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6226
fffd38bc
FG		 6227 if (hdev->cur_adv_instance == cp->instance) {
6228 /* If the currently advertised instance is being changed then
6229 * cancel the current advertising and schedule the next
6230 * instance. If there is only one instance then the overridden
6231 * advertising data will be visible right away.
6232 */
6233 cancel_adv_timeout(hdev);
912098a6 6234
fffd38bc
FG		 6235 next_instance = hci_get_next_instance(hdev, cp->instance);
6236 if (next_instance)
6237 schedule_instance = next_instance->instance;
6238 } else if (!hdev->adv_instance_timeout) {
6239 /* Immediately advertise the new instance if no other
6240 * instance is currently being advertised.
6241 */
6242 schedule_instance = cp->instance;
6243 }
24b4f38f 6244
fffd38bc
FG		 6245 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6246 * there is no instance to be advertised then we have no HCI
6247 * communication to make. Simply return.
24b4f38f
AU		 6248 */
6249 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6250 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6251 !schedule_instance) {
6252 rp.instance = cp->instance;
24b4f38f
AU		 6253 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6254 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6255 goto unlock;
6256 }
6257
6258 /* We're good to go, update advertising data, parameters, and start
6259 * advertising.
6260 */
6261 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6262 data_len);
6263 if (!cmd) {
6264 err = -ENOMEM;
6265 goto unlock;
6266 }
6267
6268 hci_req_init(&req, hdev);
6269
f2252570 6270 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6271
6272 if (!err)
6273 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6274
24b4f38f
AU		 6275 if (err < 0)
6276 mgmt_pending_remove(cmd);
6277
6278unlock:
6279 hci_dev_unlock(hdev);
6280
6281 return err;
6282}
6283
da929335
AU		 6284static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6285 u16 opcode)
6286{
6287 struct mgmt_pending_cmd *cmd;
01948331 6288 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6289 struct mgmt_rp_remove_advertising rp;
6290
6291 BT_DBG("status %d", status);
6292
6293 hci_dev_lock(hdev);
6294
6295 /* A failure status here only means that we failed to disable
6296 * advertising. Otherwise, the advertising instance has been removed,
6297 * so report success.
6298 */
6299 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6300 if (!cmd)
6301 goto unlock;
6302
01948331
FG		 6303 cp = cmd->param;
6304 rp.instance = cp->instance;
da929335
AU		 6305
6306 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6307 &rp, sizeof(rp));
6308 mgmt_pending_remove(cmd);
6309
6310unlock:
6311 hci_dev_unlock(hdev);
6312}
6313
6314static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6315 void *data, u16 data_len)
6316{
6317 struct mgmt_cp_remove_advertising *cp = data;
6318 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6319 struct mgmt_pending_cmd *cmd;
6320 struct hci_request req;
952497b1 6321 int err;
da929335
AU		 6322
6323 BT_DBG("%s", hdev->name);
6324
da929335
AU		 6325 hci_dev_lock(hdev);
6326
952497b1 6327 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6328 err = mgmt_cmd_status(sk, hdev->id,
6329 MGMT_OP_REMOVE_ADVERTISING,
6330 MGMT_STATUS_INVALID_PARAMS);
6331 goto unlock;
6332 }
6333
da929335
AU		 6334 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6335 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6336 pending_find(MGMT_OP_SET_LE, hdev)) {
6337 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6338 MGMT_STATUS_BUSY);
6339 goto unlock;
6340 }
6341
17fd08ff 6342 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 6343 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6344 MGMT_STATUS_INVALID_PARAMS);
6345 goto unlock;
6346 }
6347
01948331 6348 hci_req_init(&req, hdev);
da929335 6349
37d3a1fa 6350 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
da929335 6351
01948331 6352 if (list_empty(&hdev->adv_instances))
f2252570 6353 __hci_req_disable_advertising(&req);
da929335 6354
01948331
FG		 6355 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6356 * flag is set or the device isn't powered then we have no HCI
6357 * communication to make. Simply return.
da929335 6358 */
01948331
FG		 6359 if (skb_queue_empty(&req.cmd_q) ||
6360 !hdev_is_powered(hdev) ||
da929335 6361 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
01948331 6362 rp.instance = cp->instance;
da929335
AU		 6363 err = mgmt_cmd_complete(sk, hdev->id,
6364 MGMT_OP_REMOVE_ADVERTISING,
6365 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6366 goto unlock;
6367 }
6368
6369 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6370 data_len);
6371 if (!cmd) {
6372 err = -ENOMEM;
6373 goto unlock;
6374 }
6375
da929335
AU		 6376 err = hci_req_run(&req, remove_advertising_complete);
6377 if (err < 0)
6378 mgmt_pending_remove(cmd);
6379
6380unlock:
6381 hci_dev_unlock(hdev);
6382
6383 return err;
6384}
6385
40b25fe5
MH		 6386static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6387 void *data, u16 data_len)
6388{
6389 struct mgmt_cp_get_adv_size_info *cp = data;
6390 struct mgmt_rp_get_adv_size_info rp;
6391 u32 flags, supported_flags;
6392 int err;
6393
6394 BT_DBG("%s", hdev->name);
6395
6396 if (!lmp_le_capable(hdev))
6397 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6398 MGMT_STATUS_REJECTED);
6399
6400 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6401 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6402 MGMT_STATUS_INVALID_PARAMS);
6403
6404 flags = __le32_to_cpu(cp->flags);
6405
6406 /* The current implementation only supports a subset of the specified
6407 * flags.
6408 */
6409 supported_flags = get_supported_adv_flags(hdev);
6410 if (flags & ~supported_flags)
6411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6412 MGMT_STATUS_INVALID_PARAMS);
6413
6414 rp.instance = cp->instance;
6415 rp.flags = cp->flags;
6416 rp.max_adv_data_len = tlv_data_max_len(flags, true);
6417 rp.max_scan_rsp_len = tlv_data_max_len(flags, false);
6418
6419 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6420 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6421
6422 return err;
6423}
6424
6d785aa3 6425static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6426 { NULL }, /* 0x0000 (no command) */
b9a245fb 6427 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6428 HCI_MGMT_NO_HDEV |
6429 HCI_MGMT_UNTRUSTED },
b9a245fb 6430 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6431 HCI_MGMT_NO_HDEV |
6432 HCI_MGMT_UNTRUSTED },
b9a245fb 6433 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6434 HCI_MGMT_NO_HDEV |
6435 HCI_MGMT_UNTRUSTED },
6436 { read_controller_info, MGMT_READ_INFO_SIZE,
6437 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6438 { set_powered, MGMT_SETTING_SIZE },
6439 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6440 { set_connectable, MGMT_SETTING_SIZE },
6441 { set_fast_connectable, MGMT_SETTING_SIZE },
6442 { set_bondable, MGMT_SETTING_SIZE },
6443 { set_link_security, MGMT_SETTING_SIZE },
6444 { set_ssp, MGMT_SETTING_SIZE },
6445 { set_hs, MGMT_SETTING_SIZE },
6446 { set_le, MGMT_SETTING_SIZE },
6447 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6448 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6449 { add_uuid, MGMT_ADD_UUID_SIZE },
6450 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6451 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6452 HCI_MGMT_VAR_LEN },
6453 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6454 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6455 { disconnect, MGMT_DISCONNECT_SIZE },
6456 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6457 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6458 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6459 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6460 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6461 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6462 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6463 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6464 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6465 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6466 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6467 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6468 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6469 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6470 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6471 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6472 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6473 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6474 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6475 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6476 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6477 { set_advertising, MGMT_SETTING_SIZE },
6478 { set_bredr, MGMT_SETTING_SIZE },
6479 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6480 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6481 { set_secure_conn, MGMT_SETTING_SIZE },
6482 { set_debug_keys, MGMT_SETTING_SIZE },
6483 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6484 { load_irks, MGMT_LOAD_IRKS_SIZE,
6485 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6486 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6487 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6488 { add_device, MGMT_ADD_DEVICE_SIZE },
6489 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6490 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6491 HCI_MGMT_VAR_LEN },
6492 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6493 HCI_MGMT_NO_HDEV |
6494 HCI_MGMT_UNTRUSTED },
b9a245fb 6495 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6496 HCI_MGMT_UNCONFIGURED |
6497 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6498 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6499 HCI_MGMT_UNCONFIGURED },
6500 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6501 HCI_MGMT_UNCONFIGURED },
6502 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6503 HCI_MGMT_VAR_LEN },
4f0f155c 6504 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6505 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6506 HCI_MGMT_NO_HDEV |
6507 HCI_MGMT_UNTRUSTED },
d3d5305b 6508 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6509 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6510 HCI_MGMT_VAR_LEN },
da929335 6511 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6512 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 6513 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 6514 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6515 HCI_MGMT_UNTRUSTED },
c4960ecf 6516 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
0f4e68cf
JH		 6517};
6518
bf6b56db 6519void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6520{
ced85549 6521 struct mgmt_ev_ext_index ev;
bb4b2a9a 6522
0602a8ad
MH		 6523 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6524 return;
6525
f9207338 6526 switch (hdev->dev_type) {
ca8bee5d 6527 case HCI_PRIMARY:
f9207338
MH		 6528 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6529 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6530 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6531 ev.type = 0x01;
f9207338
MH		 6532 } else {
6533 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6534 HCI_MGMT_INDEX_EVENTS);
ced85549 6535 ev.type = 0x00;
f9207338
MH		 6536 }
6537 break;
ced85549
MH		 6538 case HCI_AMP:
6539 ev.type = 0x02;
6540 break;
6541 default:
6542 return;
f9207338 6543 }
ced85549
MH		 6544
6545 ev.bus = hdev->bus;
6546
6547 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6548 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6549}
6550
bf6b56db 6551void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6552{
ced85549 6553 struct mgmt_ev_ext_index ev;
5f159032 6554 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6555
0602a8ad
MH		 6556 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6557 return;
6558
f9207338 6559 switch (hdev->dev_type) {
ca8bee5d 6560 case HCI_PRIMARY:
f9207338 6561 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6562
f9207338
MH		 6563 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6564 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6565 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6566 ev.type = 0x01;
f9207338
MH		 6567 } else {
6568 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6569 HCI_MGMT_INDEX_EVENTS);
ced85549 6570 ev.type = 0x00;
f9207338
MH		 6571 }
6572 break;
ced85549
MH		 6573 case HCI_AMP:
6574 ev.type = 0x02;
6575 break;
6576 default:
6577 return;
f9207338 6578 }
ced85549
MH		 6579
6580 ev.bus = hdev->bus;
6581
6582 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6583 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6584}
6585
6046dc3e 6586/* This function requires the caller holds hdev->lock */
af02dd44 6587static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6588{
6589 struct hci_conn_params *p;
6590
6591 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6592 /* Needed for AUTO_OFF case where might not "really"
6593 * have been powered off.
6594 */
6595 list_del_init(&p->action);
6596
6597 switch (p->auto_connect) {
4b9e7e75 6598 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6599 case HCI_AUTO_CONN_ALWAYS:
6600 list_add(&p->action, &hdev->pend_le_conns);
6601 break;
6602 case HCI_AUTO_CONN_REPORT:
6603 list_add(&p->action, &hdev->pend_le_reports);
6604 break;
6605 default:
6606 break;
c83ed19d 6607 }
6046dc3e
AG		 6608 }
6609}
6610
2ff13894 6611void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 6612{
6613 struct cmd_lookup match = { NULL, hdev };
6614
2ff13894 6615 BT_DBG("err %d", err);
229ab39c 6616
2ff13894
JH		 6617 hci_dev_lock(hdev);
6618
6619 if (!err) {
af02dd44
JH		 6620 restart_le_actions(hdev);
6621 hci_update_background_scan(hdev);
162a3bac
MH		 6622 }
6623
229ab39c
JH		 6624 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6625
6626 new_settings(hdev, match.sk);
6627
229ab39c
JH		 6628 if (match.sk)
6629 sock_put(match.sk);
229ab39c 6630
2ff13894 6631 hci_dev_unlock(hdev);
70da6243 6632}
562fcc24 6633
2ff13894 6634void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 6635{
6636 struct cmd_lookup match = { NULL, hdev };
9845904f 6637 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 6638
229ab39c 6639 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6640
6641 /* If the power off is because of hdev unregistration let
6642 * use the appropriate INVALID_INDEX status. Otherwise use
6643 * NOT_POWERED. We cover both scenarios here since later in
6644 * mgmt_index_removed() any hci_conn callbacks will have already
6645 * been triggered, potentially causing misleading DISCONNECTED
6646 * status responses.
6647 */
d7a5a11d 6648 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6649 status = MGMT_STATUS_INVALID_INDEX;
6650 else
6651 status = MGMT_STATUS_NOT_POWERED;
6652
6653 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 6654
321c6fee 6655 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 6656 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6657 zero_cod, sizeof(zero_cod),
6658 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 6659 ext_info_changed(hdev, NULL);
6660 }
229ab39c 6661
2ff13894 6662 new_settings(hdev, match.sk);
eec8d2bc
JH		 6663
6664 if (match.sk)
6665 sock_put(match.sk);
5add6af8 6666}
73f22f62 6667
3eec705e 6668void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6669{
3b0602cd 6670 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6671 u8 status;
6672
333ae95d 6673 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 6674 if (!cmd)
3eec705e 6675 return;
96570ffc
JH		 6676
6677 if (err == -ERFKILL)
6678 status = MGMT_STATUS_RFKILLED;
6679 else
6680 status = MGMT_STATUS_FAILED;
6681
a69e8375 6682 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6683
6684 mgmt_pending_remove(cmd);
96570ffc
JH		 6685}
6686
dc4a5ee2
MH		 6687void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6688 bool persistent)
55ed8ca1 6689{
86742e1e 6690 struct mgmt_ev_new_link_key ev;
55ed8ca1 6691
a492cd52 6692 memset(&ev, 0, sizeof(ev));
55ed8ca1 6693
a492cd52 6694 ev.store_hint = persistent;
d753fdc4 6695 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6696 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6697 ev.key.type = key->type;
9b3b4460 6698 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6699 ev.key.pin_len = key->pin_len;
55ed8ca1 6700
dc4a5ee2 6701 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6702}
f7520543 6703
d7b25450
JH		 6704static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6705{
23fb8de3
JH		 6706 switch (ltk->type) {
6707 case SMP_LTK:
6708 case SMP_LTK_SLAVE:
6709 if (ltk->authenticated)
6710 return MGMT_LTK_AUTHENTICATED;
6711 return MGMT_LTK_UNAUTHENTICATED;
6712 case SMP_LTK_P256:
6713 if (ltk->authenticated)
6714 return MGMT_LTK_P256_AUTH;
6715 return MGMT_LTK_P256_UNAUTH;
6716 case SMP_LTK_P256_DEBUG:
6717 return MGMT_LTK_P256_DEBUG;
6718 }
d7b25450
JH		 6719
6720 return MGMT_LTK_UNAUTHENTICATED;
6721}
6722
53ac6ab6 6723void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6724{
6725 struct mgmt_ev_new_long_term_key ev;
6726
6727 memset(&ev, 0, sizeof(ev));
6728
5192d301 6729 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6730 * without providing an identity resolving key don't require
5192d301
MH		 6731 * to store long term keys. Their addresses will change the
6732 * next time around.
6733 *
6734 * Only when a remote device provides an identity address
6735 * make sure the long term key is stored. If the remote
6736 * identity is known, the long term keys are internally
6737 * mapped to the identity address. So allow static random
6738 * and public addresses here.
6739 */
ba74b666
JH		 6740 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6741 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6742 ev.store_hint = 0x00;
6743 else
53ac6ab6 6744 ev.store_hint = persistent;
ba74b666 6745
346af67b 6746 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6747 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6748 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6749 ev.key.enc_size = key->enc_size;
6750 ev.key.ediv = key->ediv;
fe39c7b2 6751 ev.key.rand = key->rand;
346af67b 6752
2ceba539 6753 if (key->type == SMP_LTK)
346af67b
VCG		 6754 ev.key.master = 1;
6755
1fc62c52
JH		 6756 /* Make sure we copy only the significant bytes based on the
6757 * encryption key size, and set the rest of the value to zeroes.
6758 */
cb92205b 6759 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 6760 memset(ev.key.val + key->enc_size, 0,
6761 sizeof(ev.key.val) - key->enc_size);
346af67b 6762
083368f7 6763 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6764}
6765
cad20c27 6766void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 6767{
6768 struct mgmt_ev_new_irk ev;
6769
6770 memset(&ev, 0, sizeof(ev));
6771
cad20c27 6772 ev.store_hint = persistent;
bab6d1e5 6773
95fbac8a
JH		 6774 bacpy(&ev.rpa, &irk->rpa);
6775 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6776 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6777 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6778
6779 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6780}
6781
53ac6ab6
MH		 6782void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6783 bool persistent)
7ee4ea36
MH		 6784{
6785 struct mgmt_ev_new_csrk ev;
6786
6787 memset(&ev, 0, sizeof(ev));
6788
6789 /* Devices using resolvable or non-resolvable random addresses
f72186d2 6790 * without providing an identity resolving key don't require
7ee4ea36
MH		 6791 * to store signature resolving keys. Their addresses will change
6792 * the next time around.
6793 *
6794 * Only when a remote device provides an identity address
6795 * make sure the signature resolving key is stored. So allow
6796 * static random and public addresses here.
6797 */
6798 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6799 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6800 ev.store_hint = 0x00;
6801 else
53ac6ab6 6802 ev.store_hint = persistent;
7ee4ea36
MH		 6803
6804 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6805 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6806 ev.key.type = csrk->type;
7ee4ea36
MH		 6807 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6808
6809 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6810}
6811
ffb5a827 6812void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6813 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6814 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6815{
6816 struct mgmt_ev_new_conn_param ev;
6817
c103aea6
JH		 6818 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6819 return;
6820
ffb5a827
AG		 6821 memset(&ev, 0, sizeof(ev));
6822 bacpy(&ev.addr.bdaddr, bdaddr);
6823 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6824 ev.store_hint = store_hint;
ffb5a827
AG		 6825 ev.min_interval = cpu_to_le16(min_interval);
6826 ev.max_interval = cpu_to_le16(max_interval);
6827 ev.latency = cpu_to_le16(latency);
6828 ev.timeout = cpu_to_le16(timeout);
6829
6830 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6831}
6832
48ec92fa
AA		 6833void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6834 u32 flags, u8 *name, u8 name_len)
f7520543 6835{
b644ba33
JH		 6836 char buf[512];
6837 struct mgmt_ev_device_connected *ev = (void *) buf;
6838 u16 eir_len = 0;
f7520543 6839
48ec92fa
AA		 6840 bacpy(&ev->addr.bdaddr, &conn->dst);
6841 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6842
c95f0ba7 6843 ev->flags = __cpu_to_le32(flags);
08c79b61 6844
fd45ada9
AA		 6845 /* We must ensure that the EIR Data fields are ordered and
6846 * unique. Keep it simple for now and avoid the problem by not
6847 * adding any BR/EDR data to the LE adv.
6848 */
6849 if (conn->le_adv_data_len > 0) {
6850 memcpy(&ev->eir[eir_len],
6851 conn->le_adv_data, conn->le_adv_data_len);
6852 eir_len = conn->le_adv_data_len;
6853 } else {
6854 if (name_len > 0)
6855 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6856 name, name_len);
b644ba33 6857
ddbea5cf 6858 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6859 eir_len = eir_append_data(ev->eir, eir_len,
6860 EIR_CLASS_OF_DEV,
6861 conn->dev_class, 3);
6862 }
b644ba33 6863
eb55ef07 6864 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6865
ecd90ae7
MH		 6866 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6867 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6868}
6869
3b0602cd 6870static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6871{
8962ee74 6872 struct sock **sk = data;
8962ee74 6873
f5818c22 6874 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6875
6876 *sk = cmd->sk;
6877 sock_hold(*sk);
6878
a664b5bc 6879 mgmt_pending_remove(cmd);
8962ee74
JH		 6880}
6881
3b0602cd 6882static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6883{
b1078ad0 6884 struct hci_dev *hdev = data;
124f6e35 6885 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6886
b1078ad0
JH		 6887 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6888
d8b7b1e4 6889 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6890 mgmt_pending_remove(cmd);
6891}
6892
84c61d92
JH		 6893bool mgmt_powering_down(struct hci_dev *hdev)
6894{
3b0602cd 6895 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6896 struct mgmt_mode *cp;
6897
333ae95d 6898 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 6899 if (!cmd)
6900 return false;
6901
6902 cp = cmd->param;
6903 if (!cp->val)
6904 return true;
6905
6906 return false;
6907}
6908
9b80ec5e 6909void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6910 u8 link_type, u8 addr_type, u8 reason,
6911 bool mgmt_connected)
f7520543 6912{
f0d6a0ea 6913 struct mgmt_ev_device_disconnected ev;
8962ee74 6914 struct sock *sk = NULL;
8962ee74 6915
84c61d92
JH		 6916 /* The connection is still in hci_conn_hash so test for 1
6917 * instead of 0 to know if this is the last one.
6918 */
6919 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6920 cancel_delayed_work(&hdev->power_off);
6921 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6922 }
6923
12d4a3b2
JH		 6924 if (!mgmt_connected)
6925 return;
6926
57eb776f
AG		 6927 if (link_type != ACL_LINK && link_type != LE_LINK)
6928 return;
6929
744cf19e 6930 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6931
f0d6a0ea
MA		 6932 bacpy(&ev.addr.bdaddr, bdaddr);
6933 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6934 ev.reason = reason;
f7520543 6935
9b80ec5e 6936 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6937
6938 if (sk)
d97dcb66 6939 sock_put(sk);
8962ee74 6940
124f6e35 6941 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6942 hdev);
8962ee74
JH		 6943}
6944
7892924c
MH		 6945void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6946 u8 link_type, u8 addr_type, u8 status)
8962ee74 6947{
3655bba8
AG		 6948 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6949 struct mgmt_cp_disconnect *cp;
3b0602cd 6950 struct mgmt_pending_cmd *cmd;
8962ee74 6951
36a75f1b
JD		 6952 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6953 hdev);
6954
333ae95d 6955 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6956 if (!cmd)
7892924c 6957 return;
8962ee74 6958
3655bba8
AG		 6959 cp = cmd->param;
6960
6961 if (bacmp(bdaddr, &cp->addr.bdaddr))
6962 return;
6963
6964 if (cp->addr.type != bdaddr_type)
6965 return;
6966
f5818c22 6967 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6968 mgmt_pending_remove(cmd);
f7520543 6969}
17d5c04c 6970
445608d0
MH		 6971void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6972 u8 addr_type, u8 status)
17d5c04c
JH		 6973{
6974 struct mgmt_ev_connect_failed ev;
c9910d0f 6975
84c61d92
JH		 6976 /* The connection is still in hci_conn_hash so test for 1
6977 * instead of 0 to know if this is the last one.
6978 */
6979 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6980 cancel_delayed_work(&hdev->power_off);
6981 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6982 }
17d5c04c 6983
4c659c39 6984 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6985 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6986 ev.status = mgmt_status(status);
17d5c04c 6987
445608d0 6988 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6989}
980e1a53 6990
ce0e4a0d 6991void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6992{
6993 struct mgmt_ev_pin_code_request ev;
6994
d8457698 6995 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6996 ev.addr.type = BDADDR_BREDR;
a770bb5a 6997 ev.secure = secure;
980e1a53 6998
ce0e4a0d 6999 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7000}
7001
e669cf80
MH		 7002void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7003 u8 status)
980e1a53 7004{
3b0602cd 7005 struct mgmt_pending_cmd *cmd;
980e1a53 7006
333ae95d 7007 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7008 if (!cmd)
e669cf80 7009 return;
980e1a53 7010
7776d1d8 7011 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7012 mgmt_pending_remove(cmd);
980e1a53
JH		 7013}
7014
3eb38528
MH		 7015void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7016 u8 status)
980e1a53 7017{
3b0602cd 7018 struct mgmt_pending_cmd *cmd;
980e1a53 7019
333ae95d 7020 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7021 if (!cmd)
3eb38528 7022 return;
980e1a53 7023
7776d1d8 7024 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7025 mgmt_pending_remove(cmd);
980e1a53 7026}
a5c29683 7027
744cf19e 7028int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7029 u8 link_type, u8 addr_type, u32 value,
04124681 7030 u8 confirm_hint)
a5c29683
JH		 7031{
7032 struct mgmt_ev_user_confirm_request ev;
7033
744cf19e 7034 BT_DBG("%s", hdev->name);
a5c29683 7035
272d90df 7036 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7037 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7038 ev.confirm_hint = confirm_hint;
39adbffe 7039 ev.value = cpu_to_le32(value);
a5c29683 7040
744cf19e 7041 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7042 NULL);
a5c29683
JH		 7043}
7044
272d90df 7045int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7046 u8 link_type, u8 addr_type)
604086b7
BG		 7047{
7048 struct mgmt_ev_user_passkey_request ev;
7049
7050 BT_DBG("%s", hdev->name);
7051
272d90df 7052 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7053 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7054
7055 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7056 NULL);
604086b7
BG		 7057}
7058
0df4c185 7059static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7060 u8 link_type, u8 addr_type, u8 status,
7061 u8 opcode)
a5c29683 7062{
3b0602cd 7063 struct mgmt_pending_cmd *cmd;
a5c29683 7064
333ae95d 7065 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7066 if (!cmd)
7067 return -ENOENT;
7068
7776d1d8 7069 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7070 mgmt_pending_remove(cmd);
a5c29683 7071
7776d1d8 7072 return 0;
a5c29683
JH		 7073}
7074
744cf19e 7075int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7076 u8 link_type, u8 addr_type, u8 status)
a5c29683 7077{
272d90df 7078 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7079 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7080}
7081
272d90df 7082int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7083 u8 link_type, u8 addr_type, u8 status)
a5c29683 7084{
272d90df 7085 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7086 status,
7087 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7088}
2a611692 7089
604086b7 7090int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7091 u8 link_type, u8 addr_type, u8 status)
604086b7 7092{
272d90df 7093 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7094 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7095}
7096
272d90df 7097int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7098 u8 link_type, u8 addr_type, u8 status)
604086b7 7099{
272d90df 7100 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7101 status,
7102 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7103}
7104
92a25256
JH		 7105int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7106 u8 link_type, u8 addr_type, u32 passkey,
7107 u8 entered)
7108{
7109 struct mgmt_ev_passkey_notify ev;
7110
7111 BT_DBG("%s", hdev->name);
7112
7113 bacpy(&ev.addr.bdaddr, bdaddr);
7114 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7115 ev.passkey = __cpu_to_le32(passkey);
7116 ev.entered = entered;
7117
7118 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7119}
7120
e1e930f5 7121void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7122{
7123 struct mgmt_ev_auth_failed ev;
3b0602cd 7124 struct mgmt_pending_cmd *cmd;
e1e930f5 7125 u8 status = mgmt_status(hci_status);
2a611692 7126
e1e930f5
JH		 7127 bacpy(&ev.addr.bdaddr, &conn->dst);
7128 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7129 ev.status = status;
2a611692 7130
e1e930f5
JH		 7131 cmd = find_pairing(conn);
7132
7133 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7134 cmd ? cmd->sk : NULL);
7135
a511b35b
JH		 7136 if (cmd) {
7137 cmd->cmd_complete(cmd, status);
7138 mgmt_pending_remove(cmd);
7139 }
2a611692 7140}
b312b161 7141
464996ae 7142void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7143{
7144 struct cmd_lookup match = { NULL, hdev };
464996ae 7145 bool changed;
33ef95ed
JH		 7146
7147 if (status) {
7148 u8 mgmt_err = mgmt_status(status);
7149 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7150 cmd_status_rsp, &mgmt_err);
464996ae 7151 return;
33ef95ed
JH		 7152 }
7153
464996ae 7154 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7155 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7156 else
a69d8927 7157 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7158
33ef95ed 7159 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7160 &match);
33ef95ed 7161
47990ea0 7162 if (changed)
464996ae 7163 new_settings(hdev, match.sk);
33ef95ed
JH		 7164
7165 if (match.sk)
7166 sock_put(match.sk);
33ef95ed
JH		 7167}
7168
890ea898 7169static void clear_eir(struct hci_request *req)
cacaf52f 7170{
890ea898 7171 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7172 struct hci_cp_write_eir cp;
7173
976eb20e 7174 if (!lmp_ext_inq_capable(hdev))
890ea898 7175 return;
cacaf52f 7176
c80da27e
JH		 7177 memset(hdev->eir, 0, sizeof(hdev->eir));
7178
cacaf52f
JH		 7179 memset(&cp, 0, sizeof(cp));
7180
890ea898 7181 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7182}
7183
3e248560 7184void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7185{
7186 struct cmd_lookup match = { NULL, hdev };
890ea898 7187 struct hci_request req;
c0ecddc2 7188 bool changed = false;
ed2c4ee3
JH		 7189
7190 if (status) {
7191 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7192
a69d8927
MH		 7193 if (enable && hci_dev_test_and_clear_flag(hdev,
7194 HCI_SSP_ENABLED)) {
a358dc11 7195 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7196 new_settings(hdev, NULL);
9ecb3e24 7197 }
c0ecddc2 7198
04124681
GP		 7199 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7200 &mgmt_err);
3e248560 7201 return;
c0ecddc2
JH		 7202 }
7203
7204 if (enable) {
238be788 7205 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7206 } else {
a69d8927 7207 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7208 if (!changed)
a69d8927
MH		 7209 changed = hci_dev_test_and_clear_flag(hdev,
7210 HCI_HS_ENABLED);
9ecb3e24 7211 else
a358dc11 7212 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7213 }
7214
7215 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7216
c0ecddc2 7217 if (changed)
3e248560 7218 new_settings(hdev, match.sk);
ed2c4ee3 7219
5fc6ebb1 7220 if (match.sk)
ed2c4ee3
JH		 7221 sock_put(match.sk);
7222
890ea898
JH		 7223 hci_req_init(&req, hdev);
7224
d7a5a11d
MH		 7225 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7226 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7227 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7228 sizeof(enable), &enable);
b1a8917c 7229 __hci_req_update_eir(&req);
3769972b 7230 } else {
890ea898 7231 clear_eir(&req);
3769972b 7232 }
890ea898
JH		 7233
7234 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7235}
7236
3b0602cd 7237static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7238{
7239 struct cmd_lookup *match = data;
7240
90e70454
JH		 7241 if (match->sk == NULL) {
7242 match->sk = cmd->sk;
7243 sock_hold(match->sk);
7244 }
90e70454
JH		 7245}
7246
4e1b0245
MH		 7247void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7248 u8 status)
7f9a903c 7249{
90e70454 7250 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7251
92da6097
JH		 7252 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7253 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7254 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 7255
321c6fee 7256 if (!status) {
5504c3a3
MH		 7257 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7258 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 7259 ext_info_changed(hdev, NULL);
7260 }
90e70454
JH		 7261
7262 if (match.sk)
7263 sock_put(match.sk);
7f9a903c
MH		 7264}
7265
7667da34 7266void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7267{
b312b161 7268 struct mgmt_cp_set_local_name ev;
3b0602cd 7269 struct mgmt_pending_cmd *cmd;
28cc7bde 7270
13928971 7271 if (status)
7667da34 7272 return;
b312b161
JH		 7273
7274 memset(&ev, 0, sizeof(ev));
7275 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7276 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7277
333ae95d 7278 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7279 if (!cmd) {
7280 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7281
13928971
JH		 7282 /* If this is a HCI command related to powering on the
7283 * HCI dev don't send any mgmt signals.
7284 */
333ae95d 7285 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7286 return;
890ea898 7287 }
b312b161 7288
5504c3a3
MH		 7289 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7290 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 7291 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 7292}
c35938b2 7293
799ce93d
JP		 7294static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7295{
7296 int i;
7297
7298 for (i = 0; i < uuid_count; i++) {
7299 if (!memcmp(uuid, uuids[i], 16))
7300 return true;
7301 }
7302
7303 return false;
7304}
7305
b487b9ce
MH		 7306static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7307{
799ce93d
JP		 7308 u16 parsed = 0;
7309
7310 while (parsed < eir_len) {
7311 u8 field_len = eir[0];
7312 u8 uuid[16];
7313 int i;
7314
7315 if (field_len == 0)
7316 break;
7317
7318 if (eir_len - parsed < field_len + 1)
7319 break;
7320
7321 switch (eir[1]) {
7322 case EIR_UUID16_ALL:
7323 case EIR_UUID16_SOME:
7324 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7325 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7326 uuid[13] = eir[i + 3];
7327 uuid[12] = eir[i + 2];
7328 if (has_uuid(uuid, uuid_count, uuids))
7329 return true;
7330 }
7331 break;
7332 case EIR_UUID32_ALL:
7333 case EIR_UUID32_SOME:
7334 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7335 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7336 uuid[15] = eir[i + 5];
7337 uuid[14] = eir[i + 4];
7338 uuid[13] = eir[i + 3];
7339 uuid[12] = eir[i + 2];
7340 if (has_uuid(uuid, uuid_count, uuids))
7341 return true;
7342 }
7343 break;
7344 case EIR_UUID128_ALL:
7345 case EIR_UUID128_SOME:
7346 for (i = 0; i + 17 <= field_len; i += 16) {
7347 memcpy(uuid, eir + i + 2, 16);
7348 if (has_uuid(uuid, uuid_count, uuids))
7349 return true;
7350 }
7351 break;
7352 }
7353
7354 parsed += field_len + 1;
7355 eir += field_len + 1;
7356 }
7357
b487b9ce
MH		 7358 return false;
7359}
7360
4b0e0ced
JP		 7361static void restart_le_scan(struct hci_dev *hdev)
7362{
7363 /* If controller is not scanning we are done. */
d7a5a11d 7364 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7365 return;
7366
7367 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7368 hdev->discovery.scan_start +
7369 hdev->discovery.scan_duration))
7370 return;
7371
7c1fbed2 7372 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7373 DISCOV_LE_RESTART_DELAY);
7374}
7375
48f86b7f
JP		 7376static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7377 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7378{
48f86b7f
JP		 7379 /* If a RSSI threshold has been specified, and
7380 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7381 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7382 * is set, let it through for further processing, as we might need to
7383 * restart the scan.
efb2513f
MH		 7384 *
7385 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7386 * the results are also dropped.
bda157a4
MH		 7387 */
7388 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7389 (rssi == HCI_RSSI_INVALID ||
7390 (rssi < hdev->discovery.rssi &&
7391 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7392 return false;
efb2513f 7393
2976cdeb
JP		 7394 if (hdev->discovery.uuid_count != 0) {
7395 /* If a list of UUIDs is provided in filter, results with no
7396 * matching UUID should be dropped.
b487b9ce 7397 */
2976cdeb
JP		 7398 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7399 hdev->discovery.uuids) &&
7400 !eir_has_uuids(scan_rsp, scan_rsp_len,
7401 hdev->discovery.uuid_count,
7402 hdev->discovery.uuids))
7403 return false;
b487b9ce 7404 }
5d2e9fad 7405
2976cdeb
JP		 7406 /* If duplicate filtering does not report RSSI changes, then restart
7407 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7408 */
2976cdeb
JP		 7409 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7410 restart_le_scan(hdev);
7411
7412 /* Validate RSSI value against the RSSI threshold once more. */
7413 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7414 rssi < hdev->discovery.rssi)
7415 return false;
7416 }
48f86b7f
JP		 7417
7418 return true;
7419}
7420
7421void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7422 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7423 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7424{
7425 char buf[512];
7426 struct mgmt_ev_device_found *ev = (void *)buf;
7427 size_t ev_size;
7428
7429 /* Don't send events for a non-kernel initiated discovery. With
7430 * LE one exception is if we have pend_le_reports > 0 in which
7431 * case we're doing passive scanning and want these events.
7432 */
7433 if (!hci_discovery_active(hdev)) {
7434 if (link_type == ACL_LINK)
7435 return;
7436 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7437 return;
7438 }
7439
82f8b651 7440 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7441 /* We are using service discovery */
7442 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7443 scan_rsp_len))
7444 return;
7445 }
7446
78b781ca
JH		 7447 if (hdev->discovery.limited) {
7448 /* Check for limited discoverable bit */
7449 if (dev_class) {
7450 if (!(dev_class[1] & 0x20))
7451 return;
7452 } else {
7453 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7454 if (!flags || !(flags[0] & LE_AD_LIMITED))
7455 return;
7456 }
7457 }
7458
48f86b7f
JP		 7459 /* Make sure that the buffer is big enough. The 5 extra bytes
7460 * are for the potential CoD field.
7461 */
7462 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7463 return;
7464
48f86b7f
JP		 7465 memset(buf, 0, sizeof(buf));
7466
7467 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7468 * RSSI value was reported as 0 when not available. This behavior
7469 * is kept when using device discovery. This is required for full
7470 * backwards compatibility with the API.
7471 *
7472 * However when using service discovery, the value 127 will be
7473 * returned when the RSSI is not available.
7474 */
7475 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7476 link_type == ACL_LINK)
7477 rssi = 0;
7478
7479 bacpy(&ev->addr.bdaddr, bdaddr);
7480 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7481 ev->rssi = rssi;
7482 ev->flags = cpu_to_le32(flags);
7483
7484 if (eir_len > 0)
7485 /* Copy EIR or advertising data into event */
7486 memcpy(ev->eir, eir, eir_len);
7487
0d3b7f64
JH		 7488 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7489 NULL))
48f86b7f
JP		 7490 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7491 dev_class, 3);
7492
7493 if (scan_rsp_len > 0)
7494 /* Append scan response data to event */
7495 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7496
5d2e9fad
JH		 7497 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7498 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7499
901801b9 7500 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7501}
a88a9652 7502
9cf12aee
MH		 7503void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7504 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7505{
b644ba33
JH		 7506 struct mgmt_ev_device_found *ev;
7507 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7508 u16 eir_len;
a88a9652 7509
b644ba33 7510 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7511
b644ba33
JH		 7512 memset(buf, 0, sizeof(buf));
7513
7514 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7515 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7516 ev->rssi = rssi;
7517
7518 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7519 name_len);
b644ba33 7520
eb55ef07 7521 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7522
9cf12aee 7523 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7524}
314b2381 7525
2f1e063b 7526void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7527{
f963e8e9 7528 struct mgmt_ev_discovering ev;
164a6e78 7529
343fb145
AG		 7530 BT_DBG("%s discovering %u", hdev->name, discovering);
7531
f963e8e9
JH		 7532 memset(&ev, 0, sizeof(ev));
7533 ev.type = hdev->discovery.type;
7534 ev.discovering = discovering;
7535
2f1e063b 7536 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7537}
5e762444 7538
6d785aa3
JH		 7539static struct hci_mgmt_chan chan = {
7540 .channel = HCI_CHANNEL_CONTROL,
7541 .handler_count = ARRAY_SIZE(mgmt_handlers),
7542 .handlers = mgmt_handlers,
88b94ce9 7543 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7544};
7545
7546int mgmt_init(void)
7547{
7548 return hci_mgmt_chan_register(&chan);
7549}
7550
7551void mgmt_exit(void)
7552{
7553 hci_mgmt_chan_unregister(&chan);
7554}
Empty description
This page took 2.083848 seconds and 4 git commands to generate.