]> Git Repo - linux.git/blame - net/bluetooth/mgmt.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: btmrvl_main: repair a non-kernel-doc comment
[linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
17896406 39#include "mgmt_config.h"
e5e1e7fd 40#include "msft.h"
01ce70b0 41#include "eir.h"
258f56d1 42#include "aosp.h"
0381101f 43
2da9c55c 44#define MGMT_VERSION 1
43e59cb7 45#define MGMT_REVISION 21
02d98129 46
e70bb2e8
JH		 47static const u16 mgmt_commands[] = {
48 MGMT_OP_READ_INDEX_LIST,
49 MGMT_OP_READ_INFO,
50 MGMT_OP_SET_POWERED,
51 MGMT_OP_SET_DISCOVERABLE,
52 MGMT_OP_SET_CONNECTABLE,
53 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 54 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 55 MGMT_OP_SET_LINK_SECURITY,
56 MGMT_OP_SET_SSP,
57 MGMT_OP_SET_HS,
58 MGMT_OP_SET_LE,
59 MGMT_OP_SET_DEV_CLASS,
60 MGMT_OP_SET_LOCAL_NAME,
61 MGMT_OP_ADD_UUID,
62 MGMT_OP_REMOVE_UUID,
63 MGMT_OP_LOAD_LINK_KEYS,
64 MGMT_OP_LOAD_LONG_TERM_KEYS,
65 MGMT_OP_DISCONNECT,
66 MGMT_OP_GET_CONNECTIONS,
67 MGMT_OP_PIN_CODE_REPLY,
68 MGMT_OP_PIN_CODE_NEG_REPLY,
69 MGMT_OP_SET_IO_CAPABILITY,
70 MGMT_OP_PAIR_DEVICE,
71 MGMT_OP_CANCEL_PAIR_DEVICE,
72 MGMT_OP_UNPAIR_DEVICE,
73 MGMT_OP_USER_CONFIRM_REPLY,
74 MGMT_OP_USER_CONFIRM_NEG_REPLY,
75 MGMT_OP_USER_PASSKEY_REPLY,
76 MGMT_OP_USER_PASSKEY_NEG_REPLY,
77 MGMT_OP_READ_LOCAL_OOB_DATA,
78 MGMT_OP_ADD_REMOTE_OOB_DATA,
79 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
80 MGMT_OP_START_DISCOVERY,
81 MGMT_OP_STOP_DISCOVERY,
82 MGMT_OP_CONFIRM_NAME,
83 MGMT_OP_BLOCK_DEVICE,
84 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 85 MGMT_OP_SET_DEVICE_ID,
4375f103 86 MGMT_OP_SET_ADVERTISING,
0663ca2a 87 MGMT_OP_SET_BREDR,
d13eafce 88 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 89 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 90 MGMT_OP_SET_SECURE_CONN,
4e39ac81 91 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 92 MGMT_OP_SET_PRIVACY,
41edf160 93 MGMT_OP_LOAD_IRKS,
dd983808 94 MGMT_OP_GET_CONN_INFO,
95868426 95 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 96 MGMT_OP_ADD_DEVICE,
97 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 98 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 99 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 100 MGMT_OP_READ_CONFIG_INFO,
dbece37a 101 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 102 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 103 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 104 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 105 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 106 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 107 MGMT_OP_ADD_ADVERTISING,
da929335 108 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 109 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 110 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 111 MGMT_OP_READ_EXT_INFO,
c4960ecf 112 MGMT_OP_SET_APPEARANCE,
02431b6c
MH		 113 MGMT_OP_GET_PHY_CONFIGURATION,
114 MGMT_OP_SET_PHY_CONFIGURATION,
600a8749 115 MGMT_OP_SET_BLOCKED_KEYS,
00bce3fb 116 MGMT_OP_SET_WIDEBAND_SPEECH,
4d9b9528 117 MGMT_OP_READ_CONTROLLER_CAP,
a10c907c
MH		 118 MGMT_OP_READ_EXP_FEATURES_INFO,
119 MGMT_OP_SET_EXP_FEATURE,
17896406
AM		 120 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
121 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
aececa64
MH		 122 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
123 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
4c54bf2b
APS		 124 MGMT_OP_GET_DEVICE_FLAGS,
125 MGMT_OP_SET_DEVICE_FLAGS,
e5e1e7fd 126 MGMT_OP_READ_ADV_MONITOR_FEATURES,
b139553d 127 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
bd2fbc6c 128 MGMT_OP_REMOVE_ADV_MONITOR,
12410572
DW		 129 MGMT_OP_ADD_EXT_ADV_PARAMS,
130 MGMT_OP_ADD_EXT_ADV_DATA,
b4a221ea 131 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
e70bb2e8
JH		 132};
133
134static const u16 mgmt_events[] = {
135 MGMT_EV_CONTROLLER_ERROR,
136 MGMT_EV_INDEX_ADDED,
137 MGMT_EV_INDEX_REMOVED,
138 MGMT_EV_NEW_SETTINGS,
139 MGMT_EV_CLASS_OF_DEV_CHANGED,
140 MGMT_EV_LOCAL_NAME_CHANGED,
141 MGMT_EV_NEW_LINK_KEY,
142 MGMT_EV_NEW_LONG_TERM_KEY,
143 MGMT_EV_DEVICE_CONNECTED,
144 MGMT_EV_DEVICE_DISCONNECTED,
145 MGMT_EV_CONNECT_FAILED,
146 MGMT_EV_PIN_CODE_REQUEST,
147 MGMT_EV_USER_CONFIRM_REQUEST,
148 MGMT_EV_USER_PASSKEY_REQUEST,
149 MGMT_EV_AUTH_FAILED,
150 MGMT_EV_DEVICE_FOUND,
151 MGMT_EV_DISCOVERING,
152 MGMT_EV_DEVICE_BLOCKED,
153 MGMT_EV_DEVICE_UNBLOCKED,
154 MGMT_EV_DEVICE_UNPAIRED,
92a25256 155 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 156 MGMT_EV_NEW_IRK,
7ee4ea36 157 MGMT_EV_NEW_CSRK,
8afef092
MH		 158 MGMT_EV_DEVICE_ADDED,
159 MGMT_EV_DEVICE_REMOVED,
ffb5a827 160 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 161 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 162 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 163 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 164 MGMT_EV_EXT_INDEX_ADDED,
165 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 166 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 167 MGMT_EV_ADVERTISING_ADDED,
168 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 169 MGMT_EV_EXT_INFO_CHANGED,
5f4b9172 170 MGMT_EV_PHY_CONFIGURATION_CHANGED,
a10c907c 171 MGMT_EV_EXP_FEATURE_CHANGED,
4c54bf2b 172 MGMT_EV_DEVICE_FLAGS_CHANGED,
3d34a71f
MH		 173 MGMT_EV_ADV_MONITOR_ADDED,
174 MGMT_EV_ADV_MONITOR_REMOVED,
346ce5b7
APS		 175 MGMT_EV_CONTROLLER_SUSPEND,
176 MGMT_EV_CONTROLLER_RESUME,
e70bb2e8
JH		 177};
178
99c679ac
MH		 179static const u16 mgmt_untrusted_commands[] = {
180 MGMT_OP_READ_INDEX_LIST,
181 MGMT_OP_READ_INFO,
182 MGMT_OP_READ_UNCONF_INDEX_LIST,
183 MGMT_OP_READ_CONFIG_INFO,
184 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 185 MGMT_OP_READ_EXT_INFO,
4d9b9528 186 MGMT_OP_READ_CONTROLLER_CAP,
a10c907c 187 MGMT_OP_READ_EXP_FEATURES_INFO,
17896406 188 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
aececa64 189 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
99c679ac
MH		 190};
191
192static const u16 mgmt_untrusted_events[] = {
193 MGMT_EV_INDEX_ADDED,
194 MGMT_EV_INDEX_REMOVED,
195 MGMT_EV_NEW_SETTINGS,
196 MGMT_EV_CLASS_OF_DEV_CHANGED,
197 MGMT_EV_LOCAL_NAME_CHANGED,
198 MGMT_EV_UNCONF_INDEX_ADDED,
199 MGMT_EV_UNCONF_INDEX_REMOVED,
200 MGMT_EV_NEW_CONFIG_OPTIONS,
201 MGMT_EV_EXT_INDEX_ADDED,
202 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 203 MGMT_EV_EXT_INFO_CHANGED,
a10c907c 204 MGMT_EV_EXP_FEATURE_CHANGED,
99c679ac
MH		 205};
206
17b02e62 207#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 208
d25b78e2
JH		 209#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
210 "\x00\x00\x00\x00\x00\x00\x00\x00"
211
ca69b795 212/* HCI to MGMT error code conversion table */
bdf2aca7 213static const u8 mgmt_status_table[] = {
ca69b795
JH		 214 MGMT_STATUS_SUCCESS,
215 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
216 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
217 MGMT_STATUS_FAILED, /* Hardware Failure */
218 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
219 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 220 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 221 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
222 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
223 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
224 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
225 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
226 MGMT_STATUS_BUSY, /* Command Disallowed */
227 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
228 MGMT_STATUS_REJECTED, /* Rejected Security */
229 MGMT_STATUS_REJECTED, /* Rejected Personal */
230 MGMT_STATUS_TIMEOUT, /* Host Timeout */
231 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
232 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
233 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
234 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
235 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
236 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
237 MGMT_STATUS_BUSY, /* Repeated Attempts */
238 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
239 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
240 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
241 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
242 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
243 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
244 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
245 MGMT_STATUS_FAILED, /* Unspecified Error */
246 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
247 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
248 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
249 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
250 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
251 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
252 MGMT_STATUS_FAILED, /* Unit Link Key Used */
253 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
254 MGMT_STATUS_TIMEOUT, /* Instant Passed */
255 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
256 MGMT_STATUS_FAILED, /* Transaction Collision */
4ef36a52 257 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795
JH		 258 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
259 MGMT_STATUS_REJECTED, /* QoS Rejected */
260 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
261 MGMT_STATUS_REJECTED, /* Insufficient Security */
262 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
4ef36a52 263 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795 264 MGMT_STATUS_BUSY, /* Role Switch Pending */
4ef36a52 265 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795
JH		 266 MGMT_STATUS_FAILED, /* Slot Violation */
267 MGMT_STATUS_FAILED, /* Role Switch Failed */
268 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
269 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
270 MGMT_STATUS_BUSY, /* Host Busy Pairing */
271 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
272 MGMT_STATUS_BUSY, /* Controller Busy */
273 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
274 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
275 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
276 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
277 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
278};
279
161510cc 280static u8 mgmt_errno_status(int err)
ca69b795 281{
161510cc
LAD		 282 switch (err) {
283 case 0:
284 return MGMT_STATUS_SUCCESS;
285 case -EPERM:
286 return MGMT_STATUS_REJECTED;
287 case -EINVAL:
288 return MGMT_STATUS_INVALID_PARAMS;
289 case -EOPNOTSUPP:
290 return MGMT_STATUS_NOT_SUPPORTED;
291 case -EBUSY:
292 return MGMT_STATUS_BUSY;
293 case -ETIMEDOUT:
294 return MGMT_STATUS_AUTH_FAILED;
295 case -ENOMEM:
296 return MGMT_STATUS_NO_RESOURCES;
297 case -EISCONN:
298 return MGMT_STATUS_ALREADY_CONNECTED;
299 case -ENOTCONN:
300 return MGMT_STATUS_DISCONNECTED;
301 }
302
303 return MGMT_STATUS_FAILED;
304}
305
306static u8 mgmt_status(int err)
307{
308 if (err < 0)
309 return mgmt_errno_status(err);
310
311 if (err < ARRAY_SIZE(mgmt_status_table))
312 return mgmt_status_table[err];
ca69b795
JH		 313
314 return MGMT_STATUS_FAILED;
315}
316
c08b1a1d
MH		 317static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
318 u16 len, int flag)
f9207338 319{
c08b1a1d
MH		 320 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
321 flag, NULL);
f9207338
MH		 322}
323
72000df2
MH		 324static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
325 u16 len, int flag, struct sock *skip_sk)
326{
327 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
328 flag, skip_sk);
329}
330
7a00ff44
JH		 331static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
332 struct sock *skip_sk)
333{
334 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 335 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 336}
337
85813a7e
JH		 338static u8 le_addr_type(u8 mgmt_addr_type)
339{
340 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
341 return ADDR_LE_DEV_PUBLIC;
342 else
343 return ADDR_LE_DEV_RANDOM;
344}
345
03c979c4
MH		 346void mgmt_fill_version_info(void *ver)
347{
348 struct mgmt_rp_read_version *rp = ver;
349
350 rp->version = MGMT_VERSION;
351 rp->revision = cpu_to_le16(MGMT_REVISION);
352}
353
04124681
GP		 354static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
355 u16 data_len)
a38528f1
JH		 356{
357 struct mgmt_rp_read_version rp;
358
181d6953 359 bt_dev_dbg(hdev, "sock %p", sk);
a38528f1 360
03c979c4 361 mgmt_fill_version_info(&rp);
a38528f1 362
2a1afb5a
JH		 363 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
364 &rp, sizeof(rp));
a38528f1
JH		 365}
366
04124681
GP		 367static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
368 u16 data_len)
e70bb2e8
JH		 369{
370 struct mgmt_rp_read_commands *rp;
99c679ac 371 u16 num_commands, num_events;
e70bb2e8
JH		 372 size_t rp_size;
373 int i, err;
374
181d6953 375 bt_dev_dbg(hdev, "sock %p", sk);
e70bb2e8 376
99c679ac
MH		 377 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
378 num_commands = ARRAY_SIZE(mgmt_commands);
379 num_events = ARRAY_SIZE(mgmt_events);
380 } else {
381 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
382 num_events = ARRAY_SIZE(mgmt_untrusted_events);
383 }
384
e70bb2e8
JH		 385 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
386
387 rp = kmalloc(rp_size, GFP_KERNEL);
388 if (!rp)
389 return -ENOMEM;
390
dcf4adbf
JP		 391 rp->num_commands = cpu_to_le16(num_commands);
392 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 393
99c679ac
MH		 394 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
395 __le16 *opcode = rp->opcodes;
396
397 for (i = 0; i < num_commands; i++, opcode++)
398 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 399
99c679ac
MH		 400 for (i = 0; i < num_events; i++, opcode++)
401 put_unaligned_le16(mgmt_events[i], opcode);
402 } else {
403 __le16 *opcode = rp->opcodes;
404
405 for (i = 0; i < num_commands; i++, opcode++)
406 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
407
408 for (i = 0; i < num_events; i++, opcode++)
409 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
410 }
e70bb2e8 411
2a1afb5a
JH		 412 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
413 rp, rp_size);
e70bb2e8
JH		 414 kfree(rp);
415
416 return err;
417}
418
04124681
GP		 419static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
420 u16 data_len)
faba42eb 421{
faba42eb 422 struct mgmt_rp_read_index_list *rp;
8035ded4 423 struct hci_dev *d;
a38528f1 424 size_t rp_len;
faba42eb 425 u16 count;
476e44cb 426 int err;
faba42eb 427
181d6953 428 bt_dev_dbg(hdev, "sock %p", sk);
faba42eb
JH		 429
430 read_lock(&hci_dev_list_lock);
431
432 count = 0;
bb4b2a9a 433 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 434 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 435 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 436 count++;
faba42eb
JH		 437 }
438
a38528f1
JH		 439 rp_len = sizeof(*rp) + (2 * count);
440 rp = kmalloc(rp_len, GFP_ATOMIC);
441 if (!rp) {
b2c60d42 442 read_unlock(&hci_dev_list_lock);
faba42eb 443 return -ENOMEM;
b2c60d42 444 }
faba42eb 445
476e44cb 446 count = 0;
8035ded4 447 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 448 if (hci_dev_test_flag(d, HCI_SETUP) ||
449 hci_dev_test_flag(d, HCI_CONFIG) ||
450 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 451 continue;
452
73d1df2a
MH		 453 /* Devices marked as raw-only are neither configured
454 * nor unconfigured controllers.
455 */
456 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 457 continue;
458
ca8bee5d 459 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 460 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892 461 rp->index[count++] = cpu_to_le16(d->id);
181d6953 462 bt_dev_dbg(hdev, "Added hci%u", d->id);
1514b892 463 }
faba42eb
JH		 464 }
465
476e44cb
JH		 466 rp->num_controllers = cpu_to_le16(count);
467 rp_len = sizeof(*rp) + (2 * count);
468
faba42eb
JH		 469 read_unlock(&hci_dev_list_lock);
470
2a1afb5a
JH		 471 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
472 0, rp, rp_len);
faba42eb 473
a38528f1
JH		 474 kfree(rp);
475
476 return err;
faba42eb
JH		 477}
478
73d1df2a
MH		 479static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
480 void *data, u16 data_len)
481{
482 struct mgmt_rp_read_unconf_index_list *rp;
483 struct hci_dev *d;
484 size_t rp_len;
485 u16 count;
486 int err;
487
181d6953 488 bt_dev_dbg(hdev, "sock %p", sk);
73d1df2a
MH		 489
490 read_lock(&hci_dev_list_lock);
491
492 count = 0;
493 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 494 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 495 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 496 count++;
497 }
498
499 rp_len = sizeof(*rp) + (2 * count);
500 rp = kmalloc(rp_len, GFP_ATOMIC);
501 if (!rp) {
502 read_unlock(&hci_dev_list_lock);
503 return -ENOMEM;
504 }
505
506 count = 0;
507 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 508 if (hci_dev_test_flag(d, HCI_SETUP) ||
509 hci_dev_test_flag(d, HCI_CONFIG) ||
510 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 511 continue;
512
513 /* Devices marked as raw-only are neither configured
514 * nor unconfigured controllers.
515 */
516 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
517 continue;
518
ca8bee5d 519 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 520 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a 521 rp->index[count++] = cpu_to_le16(d->id);
181d6953 522 bt_dev_dbg(hdev, "Added hci%u", d->id);
73d1df2a
MH		 523 }
524 }
525
526 rp->num_controllers = cpu_to_le16(count);
527 rp_len = sizeof(*rp) + (2 * count);
528
529 read_unlock(&hci_dev_list_lock);
530
2a1afb5a
JH		 531 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
532 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 533
534 kfree(rp);
535
536 return err;
537}
538
96f1474a
MH		 539static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
540 void *data, u16 data_len)
541{
542 struct mgmt_rp_read_ext_index_list *rp;
543 struct hci_dev *d;
96f1474a
MH		 544 u16 count;
545 int err;
546
181d6953 547 bt_dev_dbg(hdev, "sock %p", sk);
96f1474a
MH		 548
549 read_lock(&hci_dev_list_lock);
550
551 count = 0;
552 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 553 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 554 count++;
555 }
556
4a67e5d4 557 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
96f1474a
MH		 558 if (!rp) {
559 read_unlock(&hci_dev_list_lock);
560 return -ENOMEM;
561 }
562
563 count = 0;
564 list_for_each_entry(d, &hci_dev_list, list) {
565 if (hci_dev_test_flag(d, HCI_SETUP) ||
566 hci_dev_test_flag(d, HCI_CONFIG) ||
567 hci_dev_test_flag(d, HCI_USER_CHANNEL))
568 continue;
569
570 /* Devices marked as raw-only are neither configured
571 * nor unconfigured controllers.
572 */
573 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
574 continue;
575
ca8bee5d 576 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 577 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
578 rp->entry[count].type = 0x01;
579 else
580 rp->entry[count].type = 0x00;
581 } else if (d->dev_type == HCI_AMP) {
582 rp->entry[count].type = 0x02;
583 } else {
584 continue;
585 }
586
587 rp->entry[count].bus = d->bus;
588 rp->entry[count++].index = cpu_to_le16(d->id);
181d6953 589 bt_dev_dbg(hdev, "Added hci%u", d->id);
96f1474a
MH		 590 }
591
592 rp->num_controllers = cpu_to_le16(count);
96f1474a
MH		 593
594 read_unlock(&hci_dev_list_lock);
595
596 /* If this command is called at least once, then all the
597 * default index and unconfigured index events are disabled
598 * and from now on only extended index events are used.
599 */
600 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
601 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
602 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
603
604 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4a67e5d4
GS		 605 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
606 struct_size(rp, entry, count));
96f1474a
MH		 607
608 kfree(rp);
609
610 return err;
611}
612
dbece37a
MH		 613static bool is_configured(struct hci_dev *hdev)
614{
615 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 616 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 617 return false;
618
7a0e5b15
MK		 619 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
620 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
dbece37a
MH		 621 !bacmp(&hdev->public_addr, BDADDR_ANY))
622 return false;
623
624 return true;
625}
626
89bc22d2
MH		 627static __le32 get_missing_options(struct hci_dev *hdev)
628{
629 u32 options = 0;
630
dbece37a 631 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 632 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 633 options |= MGMT_OPTION_EXTERNAL_CONFIG;
634
7a0e5b15
MK		 635 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
636 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
89bc22d2
MH		 637 !bacmp(&hdev->public_addr, BDADDR_ANY))
638 options |= MGMT_OPTION_PUBLIC_ADDRESS;
639
640 return cpu_to_le32(options);
641}
642
f4537c04
MH		 643static int new_options(struct hci_dev *hdev, struct sock *skip)
644{
645 __le32 options = get_missing_options(hdev);
646
5504c3a3
MH		 647 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
648 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 649}
650
dbece37a
MH		 651static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
652{
653 __le32 options = get_missing_options(hdev);
654
2a1afb5a
JH		 655 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
656 sizeof(options));
dbece37a
MH		 657}
658
9fc3bfb6
MH		 659static int read_config_info(struct sock *sk, struct hci_dev *hdev,
660 void *data, u16 data_len)
661{
662 struct mgmt_rp_read_config_info rp;
89bc22d2 663 u32 options = 0;
9fc3bfb6 664
181d6953 665 bt_dev_dbg(hdev, "sock %p", sk);
9fc3bfb6
MH		 666
667 hci_dev_lock(hdev);
668
669 memset(&rp, 0, sizeof(rp));
670 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 671
eb1904f4
MH		 672 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
673 options |= MGMT_OPTION_EXTERNAL_CONFIG;
674
9fc3bfb6 675 if (hdev->set_bdaddr)
89bc22d2
MH		 676 options |= MGMT_OPTION_PUBLIC_ADDRESS;
677
678 rp.supported_options = cpu_to_le32(options);
679 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 680
681 hci_dev_unlock(hdev);
682
2a1afb5a
JH		 683 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
684 &rp, sizeof(rp));
9fc3bfb6
MH		 685}
686
6244691f
JK		 687static u32 get_supported_phys(struct hci_dev *hdev)
688{
689 u32 supported_phys = 0;
690
691 if (lmp_bredr_capable(hdev)) {
692 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
693
694 if (hdev->features[0][0] & LMP_3SLOT)
695 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
696
697 if (hdev->features[0][0] & LMP_5SLOT)
698 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
699
700 if (lmp_edr_2m_capable(hdev)) {
701 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
702
703 if (lmp_edr_3slot_capable(hdev))
704 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
705
706 if (lmp_edr_5slot_capable(hdev))
707 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
708
709 if (lmp_edr_3m_capable(hdev)) {
710 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
711
712 if (lmp_edr_3slot_capable(hdev))
713 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
714
715 if (lmp_edr_5slot_capable(hdev))
716 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
717 }
718 }
719 }
720
721 if (lmp_le_capable(hdev)) {
722 supported_phys |= MGMT_PHY_LE_1M_TX;
723 supported_phys |= MGMT_PHY_LE_1M_RX;
724
725 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
726 supported_phys |= MGMT_PHY_LE_2M_TX;
727 supported_phys |= MGMT_PHY_LE_2M_RX;
728 }
729
730 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
731 supported_phys |= MGMT_PHY_LE_CODED_TX;
732 supported_phys |= MGMT_PHY_LE_CODED_RX;
733 }
734 }
735
736 return supported_phys;
737}
738
739static u32 get_selected_phys(struct hci_dev *hdev)
740{
741 u32 selected_phys = 0;
742
743 if (lmp_bredr_capable(hdev)) {
744 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
745
746 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
747 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
748
749 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
750 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
751
752 if (lmp_edr_2m_capable(hdev)) {
753 if (!(hdev->pkt_type & HCI_2DH1))
754 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
755
756 if (lmp_edr_3slot_capable(hdev) &&
757 !(hdev->pkt_type & HCI_2DH3))
758 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
759
760 if (lmp_edr_5slot_capable(hdev) &&
761 !(hdev->pkt_type & HCI_2DH5))
762 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
763
764 if (lmp_edr_3m_capable(hdev)) {
765 if (!(hdev->pkt_type & HCI_3DH1))
766 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
767
768 if (lmp_edr_3slot_capable(hdev) &&
769 !(hdev->pkt_type & HCI_3DH3))
770 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
771
772 if (lmp_edr_5slot_capable(hdev) &&
773 !(hdev->pkt_type & HCI_3DH5))
774 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
775 }
776 }
777 }
778
779 if (lmp_le_capable(hdev)) {
780 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
781 selected_phys |= MGMT_PHY_LE_1M_TX;
782
783 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
784 selected_phys |= MGMT_PHY_LE_1M_RX;
785
786 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
787 selected_phys |= MGMT_PHY_LE_2M_TX;
788
789 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
790 selected_phys |= MGMT_PHY_LE_2M_RX;
791
792 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
793 selected_phys |= MGMT_PHY_LE_CODED_TX;
794
795 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
796 selected_phys |= MGMT_PHY_LE_CODED_RX;
797 }
798
799 return selected_phys;
800}
801
802static u32 get_configurable_phys(struct hci_dev *hdev)
803{
804 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
805 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
806}
807
69ab39ea
JH		 808static u32 get_supported_settings(struct hci_dev *hdev)
809{
810 u32 settings = 0;
811
812 settings |= MGMT_SETTING_POWERED;
b2939475 813 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 814 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 815 settings |= MGMT_SETTING_CONNECTABLE;
816 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 817
ed3fa31f 818 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 819 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
820 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 821 settings |= MGMT_SETTING_BREDR;
822 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 823
824 if (lmp_ssp_capable(hdev)) {
825 settings |= MGMT_SETTING_SSP;
b560a208
LAD		 826 if (IS_ENABLED(CONFIG_BT_HS))
827 settings |= MGMT_SETTING_HS;
a82974c9 828 }
e98d2ce2 829
05b3c3e7 830 if (lmp_sc_capable(hdev))
e98d2ce2 831 settings |= MGMT_SETTING_SECURE_CONN;
4b127bd5 832
00bce3fb 833 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
4b127bd5 834 &hdev->quirks))
00bce3fb 835 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
848566b3 836 }
d7b7e796 837
eeca6f89 838 if (lmp_le_capable(hdev)) {
9d42820f 839 settings |= MGMT_SETTING_LE;
a3209694 840 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 841 settings |= MGMT_SETTING_PRIVACY;
93690c22 842 settings |= MGMT_SETTING_STATIC_ADDRESS;
ad383c2c 843 settings |= MGMT_SETTING_ADVERTISING;
eeca6f89 844 }
69ab39ea 845
eb1904f4
MH		 846 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
847 hdev->set_bdaddr)
9fc3bfb6
MH		 848 settings |= MGMT_SETTING_CONFIGURATION;
849
6244691f
JK		 850 settings |= MGMT_SETTING_PHY_CONFIGURATION;
851
69ab39ea
JH		 852 return settings;
853}
854
855static u32 get_current_settings(struct hci_dev *hdev)
856{
857 u32 settings = 0;
858
f1f0eb02 859 if (hdev_is_powered(hdev))
f0d4b78a
MH		 860 settings |= MGMT_SETTING_POWERED;
861
d7a5a11d 862 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 863 settings |= MGMT_SETTING_CONNECTABLE;
864
d7a5a11d 865 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 866 settings |= MGMT_SETTING_FAST_CONNECTABLE;
867
d7a5a11d 868 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 869 settings |= MGMT_SETTING_DISCOVERABLE;
870
d7a5a11d 871 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 872 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 873
d7a5a11d 874 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 875 settings |= MGMT_SETTING_BREDR;
876
d7a5a11d 877 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 878 settings |= MGMT_SETTING_LE;
879
d7a5a11d 880 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 881 settings |= MGMT_SETTING_LINK_SECURITY;
882
d7a5a11d 883 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 884 settings |= MGMT_SETTING_SSP;
885
d7a5a11d 886 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 887 settings |= MGMT_SETTING_HS;
888
d7a5a11d 889 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 890 settings |= MGMT_SETTING_ADVERTISING;
891
d7a5a11d 892 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 893 settings |= MGMT_SETTING_SECURE_CONN;
894
d7a5a11d 895 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 896 settings |= MGMT_SETTING_DEBUG_KEYS;
897
d7a5a11d 898 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 899 settings |= MGMT_SETTING_PRIVACY;
900
93690c22
MH		 901 /* The current setting for static address has two purposes. The
902 * first is to indicate if the static address will be used and
903 * the second is to indicate if it is actually set.
904 *
905 * This means if the static address is not configured, this flag
08dc0e98 906 * will never be set. If the address is configured, then if the
93690c22
MH		 907 * address is actually used decides if the flag is set or not.
908 *
909 * For single mode LE only controllers and dual-mode controllers
910 * with BR/EDR disabled, the existence of the static address will
911 * be evaluated.
912 */
b7cb93e5 913 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 914 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 915 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
916 if (bacmp(&hdev->static_addr, BDADDR_ANY))
917 settings |= MGMT_SETTING_STATIC_ADDRESS;
918 }
919
00bce3fb
AM		 920 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
921 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
922
69ab39ea
JH		 923 return settings;
924}
925
333ae95d
JH		 926static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
927{
928 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
929}
930
f2252570 931u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 932{
3b0602cd 933 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 934
935 /* If there's a pending mgmt command the flags will not yet have
936 * their final values, so check for this first.
937 */
333ae95d 938 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 939 if (cmd) {
940 struct mgmt_mode *cp = cmd->param;
941 if (cp->val == 0x01)
942 return LE_AD_GENERAL;
943 else if (cp->val == 0x02)
944 return LE_AD_LIMITED;
945 } else {
d7a5a11d 946 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 947 return LE_AD_LIMITED;
d7a5a11d 948 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 949 return LE_AD_GENERAL;
950 }
951
952 return 0;
953}
954
f2252570 955bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 956{
957 struct mgmt_pending_cmd *cmd;
441ad2d0 958
fdf51784
AU		 959 /* If there's a pending mgmt command the flag will not yet have
960 * it's final value, so check for this first.
961 */
962 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
963 if (cmd) {
964 struct mgmt_mode *cp = cmd->param;
441ad2d0 965
fdf51784 966 return cp->val;
441ad2d0
MH		 967 }
968
fdf51784
AU		 969 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
970}
441ad2d0 971
161510cc
LAD		 972static int service_cache_sync(struct hci_dev *hdev, void *data)
973{
974 hci_update_eir_sync(hdev);
975 hci_update_class_sync(hdev);
976
977 return 0;
978}
979
7d78525d
JH		 980static void service_cache_off(struct work_struct *work)
981{
982 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 983 service_cache.work);
7d78525d 984
a69d8927 985 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 986 return;
987
161510cc 988 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
7d78525d
JH		 989}
990
cba6b758
LAD		 991static int rpa_expired_sync(struct hci_dev *hdev, void *data)
992{
993 /* The generation of a new RPA and programming it into the
994 * controller happens in the hci_req_enable_advertising()
995 * function.
996 */
997 if (ext_adv_capable(hdev))
998 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
999 else
1000 return hci_enable_advertising_sync(hdev);
1001}
1002
d6bfd59c
JH		 1003static void rpa_expired(struct work_struct *work)
1004{
1005 struct hci_dev *hdev = container_of(work, struct hci_dev,
1006 rpa_expired.work);
d6bfd59c 1007
181d6953 1008 bt_dev_dbg(hdev, "");
d6bfd59c 1009
a1536da2 1010 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1011
d7a5a11d 1012 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1013 return;
1014
cba6b758 1015 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
d6bfd59c
JH		 1016}
1017
6a919082 1018static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1019{
238be788 1020 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1021 return;
1022
4f87da80 1023 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1024 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1025
4f87da80
JH		 1026 /* Non-mgmt controlled devices get this bit set
1027 * implicitly so that pairing works for them, however
1028 * for mgmt we require user-space to explicitly enable
1029 * it
1030 */
a358dc11 1031 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1032}
1033
0f4e68cf 1034static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1035 void *data, u16 data_len)
0381101f 1036{
a38528f1 1037 struct mgmt_rp_read_info rp;
f7b64e69 1038
181d6953 1039 bt_dev_dbg(hdev, "sock %p", sk);
f7b64e69 1040
09fd0de5 1041 hci_dev_lock(hdev);
f7b64e69 1042
dc4fe30b
JH		 1043 memset(&rp, 0, sizeof(rp));
1044
69ab39ea 1045 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1046
69ab39ea 1047 rp.version = hdev->hci_ver;
eb55ef07 1048 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1049
1050 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1051 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1052
a38528f1 1053 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1054
dc4fe30b 1055 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1056 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1057
09fd0de5 1058 hci_dev_unlock(hdev);
0381101f 1059
2a1afb5a
JH		 1060 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1061 sizeof(rp));
0381101f
JH		 1062}
1063
cde7a863
MN		 1064static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1065{
1066 u16 eir_len = 0;
1067 size_t name_len;
1068
1069 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1070 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1071 hdev->dev_class, 3);
1072
6a9e90bf
SJ		 1073 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1074 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1075 hdev->appearance);
1076
cde7a863
MN		 1077 name_len = strlen(hdev->dev_name);
1078 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1079 hdev->dev_name, name_len);
1080
1081 name_len = strlen(hdev->short_name);
1082 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1083 hdev->short_name, name_len);
1084
1085 return eir_len;
1086}
1087
321c6fee
MH		 1088static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1089 void *data, u16 data_len)
1090{
7d5c11da
SJ		 1091 char buf[512];
1092 struct mgmt_rp_read_ext_info *rp = (void *)buf;
cde7a863 1093 u16 eir_len;
321c6fee 1094
181d6953 1095 bt_dev_dbg(hdev, "sock %p", sk);
321c6fee 1096
7d5c11da
SJ		 1097 memset(&buf, 0, sizeof(buf));
1098
321c6fee
MH		 1099 hci_dev_lock(hdev);
1100
7d5c11da
SJ		 1101 bacpy(&rp->bdaddr, &hdev->bdaddr);
1102
1103 rp->version = hdev->hci_ver;
1104 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1105
1106 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1107 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1108
321c6fee 1109
cde7a863 1110 eir_len = append_eir_data_to_buf(hdev, rp->eir);
8a0c9f49 1111 rp->eir_len = cpu_to_le16(eir_len);
321c6fee
MH		 1112
1113 hci_dev_unlock(hdev);
1114
1115 /* If this command is called at least once, then the events
1116 * for class of device and local name changes are disabled
1117 * and only the new extended controller information event
1118 * is used.
1119 */
1120 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1121 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1122 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1123
8a0c9f49
MN		 1124 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1125 sizeof(*rp) + eir_len);
321c6fee
MH		 1126}
1127
1128static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1129{
5e9fae48
MN		 1130 char buf[512];
1131 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1132 u16 eir_len;
1133
1134 memset(buf, 0, sizeof(buf));
321c6fee 1135
5e9fae48
MN		 1136 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1137 ev->eir_len = cpu_to_le16(eir_len);
321c6fee 1138
5e9fae48
MN		 1139 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1140 sizeof(*ev) + eir_len,
1141 HCI_MGMT_EXT_INFO_EVENTS, skip);
321c6fee
MH		 1142}
1143
69ab39ea 1144static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1145{
69ab39ea 1146 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1147
2a1afb5a
JH		 1148 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1149 sizeof(settings));
8680570b
JH		 1150}
1151
f2252570 1152void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1153{
1154 struct mgmt_ev_advertising_added ev;
1155
1156 ev.instance = instance;
1157
1158 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1159}
1160
f2252570
JH		 1161void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1162 u8 instance)
912098a6
AU		 1163{
1164 struct mgmt_ev_advertising_removed ev;
1165
1166 ev.instance = instance;
1167
1168 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1169}
1170
7816b820
FG		 1171static void cancel_adv_timeout(struct hci_dev *hdev)
1172{
1173 if (hdev->adv_instance_timeout) {
1174 hdev->adv_instance_timeout = 0;
1175 cancel_delayed_work(&hdev->adv_instance_expire);
1176 }
1177}
1178
cf75ad8b
LAD		 1179/* This function requires the caller holds hdev->lock */
1180static void restart_le_actions(struct hci_dev *hdev)
8b064a3a 1181{
cf75ad8b 1182 struct hci_conn_params *p;
8b064a3a 1183
cf75ad8b
LAD		 1184 list_for_each_entry(p, &hdev->le_conn_params, list) {
1185 /* Needed for AUTO_OFF case where might not "really"
1186 * have been powered off.
1187 */
1188 list_del_init(&p->action);
8b064a3a 1189
cf75ad8b
LAD		 1190 switch (p->auto_connect) {
1191 case HCI_AUTO_CONN_DIRECT:
1192 case HCI_AUTO_CONN_ALWAYS:
1193 list_add(&p->action, &hdev->pend_le_conns);
1194 break;
1195 case HCI_AUTO_CONN_REPORT:
1196 list_add(&p->action, &hdev->pend_le_reports);
1197 break;
1198 default:
1199 break;
1200 }
8b064a3a 1201 }
cf75ad8b 1202}
8b064a3a 1203
cf75ad8b
LAD		 1204static int new_settings(struct hci_dev *hdev, struct sock *skip)
1205{
1206 __le32 ev = cpu_to_le32(get_current_settings(hdev));
912098a6 1207
cf75ad8b
LAD		 1208 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1209 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1210}
8b064a3a 1211
cf75ad8b
LAD		 1212static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1213{
1214 struct mgmt_pending_cmd *cmd = data;
1215 struct mgmt_mode *cp = cmd->param;
1216
1217 bt_dev_dbg(hdev, "err %d", err);
1218
1219 if (!err) {
1220 if (cp->val) {
1221 hci_dev_lock(hdev);
1222 restart_le_actions(hdev);
1223 hci_update_passive_scan(hdev);
1224 hci_dev_unlock(hdev);
1225 }
8b064a3a 1226
cf75ad8b
LAD		 1227 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1228
1229 /* Only call new_setting for power on as power off is deferred
1230 * to hdev->power_off work which does call hci_dev_do_close.
1231 */
1232 if (cp->val)
1233 new_settings(hdev, cmd->sk);
1234 } else {
1235 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1236 mgmt_status(err));
8b064a3a
JH		 1237 }
1238
cf75ad8b
LAD		 1239 mgmt_pending_free(cmd);
1240}
23a48093 1241
cf75ad8b
LAD		 1242static int set_powered_sync(struct hci_dev *hdev, void *data)
1243{
1244 struct mgmt_pending_cmd *cmd = data;
1245 struct mgmt_mode *cp = cmd->param;
1246
1247 BT_DBG("%s", hdev->name);
1248
1249 return hci_set_powered_sync(hdev, cp->val);
8b064a3a
JH		 1250}
1251
bdb6d971 1252static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1253 u16 len)
eec8d2bc 1254{
650f726d 1255 struct mgmt_mode *cp = data;
3b0602cd 1256 struct mgmt_pending_cmd *cmd;
4b34ee78 1257 int err;
eec8d2bc 1258
181d6953 1259 bt_dev_dbg(hdev, "sock %p", sk);
eec8d2bc 1260
a7e80f25 1261 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1262 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1263 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1264
09fd0de5 1265 hci_dev_lock(hdev);
eec8d2bc 1266
333ae95d 1267 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1268 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1269 MGMT_STATUS_BUSY);
87b95ba6
JH		 1270 goto failed;
1271 }
1272
4b34ee78 1273 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1274 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1275 goto failed;
1276 }
1277
cf75ad8b 1278 cmd = mgmt_pending_new(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1279 if (!cmd) {
1280 err = -ENOMEM;
eec8d2bc 1281 goto failed;
366a0336 1282 }
eec8d2bc 1283
cf75ad8b
LAD		 1284 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1285 mgmt_set_powered_complete);
eec8d2bc
JH		 1286
1287failed:
09fd0de5 1288 hci_dev_unlock(hdev);
366a0336 1289 return err;
eec8d2bc
JH		 1290}
1291
91a668b0
JH		 1292int mgmt_new_settings(struct hci_dev *hdev)
1293{
1294 return new_settings(hdev, NULL);
1295}
1296
bd99abdd
JH		 1297struct cmd_lookup {
1298 struct sock *sk;
1299 struct hci_dev *hdev;
1300 u8 mgmt_status;
1301};
1302
3b0602cd 1303static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1304{
1305 struct cmd_lookup *match = data;
1306
1307 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1308
1309 list_del(&cmd->list);
1310
1311 if (match->sk == NULL) {
1312 match->sk = cmd->sk;
1313 sock_hold(match->sk);
1314 }
1315
1316 mgmt_pending_free(cmd);
1317}
1318
3b0602cd 1319static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1320{
1321 u8 *status = data;
1322
a69e8375 1323 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1324 mgmt_pending_remove(cmd);
1325}
1326
3b0602cd 1327static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1328{
1329 if (cmd->cmd_complete) {
1330 u8 *status = data;
1331
1332 cmd->cmd_complete(cmd, *status);
1333 mgmt_pending_remove(cmd);
1334
1335 return;
1336 }
1337
1338 cmd_status_rsp(cmd, data);
1339}
1340
3b0602cd 1341static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1342{
2a1afb5a
JH		 1343 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1344 cmd->param, cmd->param_len);
f5818c22
JH		 1345}
1346
3b0602cd 1347static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1348{
2a1afb5a
JH		 1349 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1350 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1351}
1352
e6fe7986
JH		 1353static u8 mgmt_bredr_support(struct hci_dev *hdev)
1354{
1355 if (!lmp_bredr_capable(hdev))
1356 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1357 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1358 return MGMT_STATUS_REJECTED;
1359 else
1360 return MGMT_STATUS_SUCCESS;
1361}
1362
1363static u8 mgmt_le_support(struct hci_dev *hdev)
1364{
1365 if (!lmp_le_capable(hdev))
1366 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1367 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1368 return MGMT_STATUS_REJECTED;
1369 else
1370 return MGMT_STATUS_SUCCESS;
1371}
1372
aed1a885 1373void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1374{
3b0602cd 1375 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1376
181d6953 1377 bt_dev_dbg(hdev, "status 0x%02x", status);
bfaf8c9f
JH		 1378
1379 hci_dev_lock(hdev);
1380
333ae95d 1381 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1382 if (!cmd)
1383 goto unlock;
1384
1385 if (status) {
1386 u8 mgmt_err = mgmt_status(status);
a69e8375 1387 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1388 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1389 goto remove_cmd;
1390 }
1391
aed1a885
JH		 1392 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1393 hdev->discov_timeout > 0) {
1394 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1395 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1396 }
bfaf8c9f
JH		 1397
1398 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1399 new_settings(hdev, cmd->sk);
970ba524 1400
bfaf8c9f
JH		 1401remove_cmd:
1402 mgmt_pending_remove(cmd);
1403
1404unlock:
1405 hci_dev_unlock(hdev);
1406}
1407
bdb6d971 1408static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1409 u16 len)
73f22f62 1410{
650f726d 1411 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1412 struct mgmt_pending_cmd *cmd;
5e5282bb 1413 u16 timeout;
73f22f62
JH		 1414 int err;
1415
181d6953 1416 bt_dev_dbg(hdev, "sock %p", sk);
73f22f62 1417
d7a5a11d
MH		 1418 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1419 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1420 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1421 MGMT_STATUS_REJECTED);
33c525c0 1422
310a3d48 1423 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1424 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1425 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1426
1f350c87 1427 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1428
1429 /* Disabling discoverable requires that no timeout is set,
1430 * and enabling limited discoverable requires a timeout.
1431 */
1432 if ((cp->val == 0x00 && timeout > 0) ||
1433 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1435 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1436
09fd0de5 1437 hci_dev_lock(hdev);
73f22f62 1438
5e5282bb 1439 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1440 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1441 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1442 goto failed;
1443 }
1444
333ae95d
JH		 1445 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1446 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1447 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1448 MGMT_STATUS_BUSY);
73f22f62
JH		 1449 goto failed;
1450 }
1451
d7a5a11d 1452 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1453 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1454 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1455 goto failed;
1456 }
1457
4867bd00
APS		 1458 if (hdev->advertising_paused) {
1459 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1460 MGMT_STATUS_BUSY);
1461 goto failed;
1462 }
1463
5e5282bb 1464 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1465 bool changed = false;
1466
310a3d48
MH		 1467 /* Setting limited discoverable when powered off is
1468 * not a valid operation since it requires a timeout
1469 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1470 */
d7a5a11d 1471 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1472 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1473 changed = true;
1474 }
1475
5e5282bb 1476 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1477 if (err < 0)
1478 goto failed;
1479
1480 if (changed)
1481 err = new_settings(hdev, sk);
1482
5e5282bb
JH		 1483 goto failed;
1484 }
1485
310a3d48
MH		 1486 /* If the current mode is the same, then just update the timeout
1487 * value with the new value. And if only the timeout gets updated,
1488 * then no need for any HCI transactions.
1489 */
d7a5a11d
MH		 1490 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1491 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1492 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1493 cancel_delayed_work(&hdev->discov_off);
1494 hdev->discov_timeout = timeout;
955638ec 1495
36261547
MH		 1496 if (cp->val && hdev->discov_timeout > 0) {
1497 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1498 queue_delayed_work(hdev->req_workqueue,
1499 &hdev->discov_off, to);
955638ec
MH		 1500 }
1501
69ab39ea 1502 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1503 goto failed;
1504 }
1505
2e58ef3e 1506 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1507 if (!cmd) {
1508 err = -ENOMEM;
73f22f62 1509 goto failed;
366a0336 1510 }
73f22f62 1511
310a3d48
MH		 1512 /* Cancel any potential discoverable timeout that might be
1513 * still active and store new timeout value. The arming of
1514 * the timeout happens in the complete handler.
1515 */
1516 cancel_delayed_work(&hdev->discov_off);
1517 hdev->discov_timeout = timeout;
1518
aed1a885
JH		 1519 if (cp->val)
1520 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1521 else
1522 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1523
b456f87c
JH		 1524 /* Limited discoverable mode */
1525 if (cp->val == 0x02)
a1536da2 1526 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1527 else
a358dc11 1528 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1529
aed1a885
JH		 1530 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1531 err = 0;
73f22f62
JH		 1532
1533failed:
09fd0de5 1534 hci_dev_unlock(hdev);
73f22f62
JH		 1535 return err;
1536}
1537
53c0ba74 1538void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1539{
3b0602cd 1540 struct mgmt_pending_cmd *cmd;
2b76f453 1541
181d6953 1542 bt_dev_dbg(hdev, "status 0x%02x", status);
2b76f453
JH		 1543
1544 hci_dev_lock(hdev);
1545
333ae95d 1546 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1547 if (!cmd)
1548 goto unlock;
1549
37438c1f
JH		 1550 if (status) {
1551 u8 mgmt_err = mgmt_status(status);
a69e8375 1552 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1553 goto remove_cmd;
1554 }
1555
2b76f453 1556 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1557 new_settings(hdev, cmd->sk);
d7b856f9 1558
37438c1f 1559remove_cmd:
2b76f453
JH		 1560 mgmt_pending_remove(cmd);
1561
1562unlock:
1563 hci_dev_unlock(hdev);
1564}
1565
e8ba3a1f
JH		 1566static int set_connectable_update_settings(struct hci_dev *hdev,
1567 struct sock *sk, u8 val)
1568{
1569 bool changed = false;
1570 int err;
1571
d7a5a11d 1572 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1573 changed = true;
1574
1575 if (val) {
a1536da2 1576 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1577 } else {
a358dc11
MH		 1578 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1579 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1580 }
1581
1582 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1583 if (err < 0)
1584 return err;
1585
562064e6 1586 if (changed) {
01b1cb87 1587 hci_req_update_scan(hdev);
5bee2fd6 1588 hci_update_passive_scan(hdev);
e8ba3a1f 1589 return new_settings(hdev, sk);
562064e6 1590 }
e8ba3a1f
JH		 1591
1592 return 0;
1593}
1594
bdb6d971 1595static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1596 u16 len)
9fbcbb45 1597{
650f726d 1598 struct mgmt_mode *cp = data;
3b0602cd 1599 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1600 int err;
1601
181d6953 1602 bt_dev_dbg(hdev, "sock %p", sk);
9fbcbb45 1603
d7a5a11d
MH		 1604 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1605 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1606 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1607 MGMT_STATUS_REJECTED);
33c525c0 1608
a7e80f25 1609 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1610 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1611 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1612
09fd0de5 1613 hci_dev_lock(hdev);
9fbcbb45 1614
4b34ee78 1615 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1616 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1617 goto failed;
1618 }
1619
333ae95d
JH		 1620 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1621 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1622 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1623 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1624 goto failed;
1625 }
1626
2e58ef3e 1627 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1628 if (!cmd) {
1629 err = -ENOMEM;
9fbcbb45 1630 goto failed;
366a0336 1631 }
9fbcbb45 1632
53c0ba74
JH		 1633 if (cp->val) {
1634 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1635 } else {
1636 if (hdev->discov_timeout > 0)
1637 cancel_delayed_work(&hdev->discov_off);
2b76f453 1638
53c0ba74
JH		 1639 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1640 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1641 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1642 }
2b76f453 1643
53c0ba74
JH		 1644 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1645 err = 0;
9fbcbb45
JH		 1646
1647failed:
09fd0de5 1648 hci_dev_unlock(hdev);
9fbcbb45
JH		 1649 return err;
1650}
1651
b2939475 1652static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1653 u16 len)
c542a06c 1654{
650f726d 1655 struct mgmt_mode *cp = data;
55594356 1656 bool changed;
c542a06c
JH		 1657 int err;
1658
181d6953 1659 bt_dev_dbg(hdev, "sock %p", sk);
c542a06c 1660
a7e80f25 1661 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1663 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1664
09fd0de5 1665 hci_dev_lock(hdev);
c542a06c
JH		 1666
1667 if (cp->val)
238be788 1668 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1669 else
a69d8927 1670 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1671
b2939475 1672 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1673 if (err < 0)
55594356 1674 goto unlock;
c542a06c 1675
82a37ade
JH		 1676 if (changed) {
1677 /* In limited privacy mode the change of bondable mode
1678 * may affect the local advertising address.
1679 */
1680 if (hdev_is_powered(hdev) &&
1681 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1682 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1683 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1684 queue_work(hdev->req_workqueue,
1685 &hdev->discoverable_update);
1686
55594356 1687 err = new_settings(hdev, sk);
82a37ade 1688 }
c542a06c 1689
55594356 1690unlock:
09fd0de5 1691 hci_dev_unlock(hdev);
c542a06c
JH		 1692 return err;
1693}
1694
04124681
GP		 1695static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1696 u16 len)
33ef95ed
JH		 1697{
1698 struct mgmt_mode *cp = data;
3b0602cd 1699 struct mgmt_pending_cmd *cmd;
e6fe7986 1700 u8 val, status;
33ef95ed
JH		 1701 int err;
1702
181d6953 1703 bt_dev_dbg(hdev, "sock %p", sk);
33ef95ed 1704
e6fe7986
JH		 1705 status = mgmt_bredr_support(hdev);
1706 if (status)
a69e8375
JH		 1707 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1708 status);
33c525c0 1709
a7e80f25 1710 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1711 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1712 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1713
33ef95ed
JH		 1714 hci_dev_lock(hdev);
1715
4b34ee78 1716 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1717 bool changed = false;
1718
d7a5a11d 1719 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1720 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1721 changed = true;
1722 }
1723
1724 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1725 if (err < 0)
1726 goto failed;
1727
1728 if (changed)
1729 err = new_settings(hdev, sk);
1730
33ef95ed
JH		 1731 goto failed;
1732 }
1733
333ae95d 1734 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1735 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1736 MGMT_STATUS_BUSY);
33ef95ed
JH		 1737 goto failed;
1738 }
1739
1740 val = !!cp->val;
1741
1742 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1743 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1744 goto failed;
1745 }
1746
1747 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1748 if (!cmd) {
1749 err = -ENOMEM;
1750 goto failed;
1751 }
1752
1753 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1754 if (err < 0) {
1755 mgmt_pending_remove(cmd);
1756 goto failed;
1757 }
1758
1759failed:
1760 hci_dev_unlock(hdev);
33ef95ed
JH		 1761 return err;
1762}
1763
3244845c
BG		 1764static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1765{
1766 struct cmd_lookup match = { NULL, hdev };
1767 struct mgmt_pending_cmd *cmd = data;
1768 struct mgmt_mode *cp = cmd->param;
1769 u8 enable = cp->val;
1770 bool changed;
1771
1772 if (err) {
1773 u8 mgmt_err = mgmt_status(err);
1774
1775 if (enable && hci_dev_test_and_clear_flag(hdev,
1776 HCI_SSP_ENABLED)) {
1777 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1778 new_settings(hdev, NULL);
1779 }
1780
1781 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1782 &mgmt_err);
1783 return;
1784 }
1785
1786 if (enable) {
1787 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1788 } else {
1789 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1790
1791 if (!changed)
1792 changed = hci_dev_test_and_clear_flag(hdev,
1793 HCI_HS_ENABLED);
1794 else
1795 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1796 }
1797
1798 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1799
1800 if (changed)
1801 new_settings(hdev, match.sk);
1802
1803 if (match.sk)
1804 sock_put(match.sk);
1805
1806 hci_update_eir_sync(hdev);
1807}
1808
1809static int set_ssp_sync(struct hci_dev *hdev, void *data)
1810{
1811 struct mgmt_pending_cmd *cmd = data;
1812 struct mgmt_mode *cp = cmd->param;
1813 bool changed = false;
1814 int err;
1815
1816 if (cp->val)
1817 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1818
1819 err = hci_write_ssp_mode_sync(hdev, cp->val);
1820
1821 if (!err && changed)
1822 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1823
1824 return err;
1825}
1826
bdb6d971 1827static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1828{
1829 struct mgmt_mode *cp = data;
3b0602cd 1830 struct mgmt_pending_cmd *cmd;
72ef0c1a 1831 u8 status;
ed2c4ee3
JH		 1832 int err;
1833
181d6953 1834 bt_dev_dbg(hdev, "sock %p", sk);
ed2c4ee3 1835
cdba5281
MH		 1836 status = mgmt_bredr_support(hdev);
1837 if (status)
a69e8375 1838 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1839
13ecd8b6 1840 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1841 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1842 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1843
a7e80f25 1844 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1845 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1846 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1847
13ecd8b6 1848 hci_dev_lock(hdev);
6c8f12c1 1849
4b34ee78 1850 if (!hdev_is_powered(hdev)) {
9ecb3e24 1851 bool changed;
c0ecddc2 1852
9ecb3e24 1853 if (cp->val) {
238be788
MH		 1854 changed = !hci_dev_test_and_set_flag(hdev,
1855 HCI_SSP_ENABLED);
9ecb3e24 1856 } else {
a69d8927
MH		 1857 changed = hci_dev_test_and_clear_flag(hdev,
1858 HCI_SSP_ENABLED);
9ecb3e24 1859 if (!changed)
a69d8927
MH		 1860 changed = hci_dev_test_and_clear_flag(hdev,
1861 HCI_HS_ENABLED);
9ecb3e24 1862 else
a358dc11 1863 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1864 }
1865
1866 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1867 if (err < 0)
1868 goto failed;
1869
1870 if (changed)
1871 err = new_settings(hdev, sk);
1872
ed2c4ee3
JH		 1873 goto failed;
1874 }
1875
333ae95d 1876 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1877 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1878 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1879 goto failed;
1880 }
1881
d7a5a11d 1882 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1883 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1884 goto failed;
1885 }
1886
1887 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
3244845c 1888 if (!cmd)
ed2c4ee3 1889 err = -ENOMEM;
3244845c
BG		 1890 else
1891 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
1892 set_ssp_complete);
3769972b 1893
ed2c4ee3 1894 if (err < 0) {
3244845c
BG		 1895 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1896 MGMT_STATUS_FAILED);
1897
1898 if (cmd)
1899 mgmt_pending_remove(cmd);
ed2c4ee3
JH		 1900 }
1901
1902failed:
1903 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1904 return err;
1905}
1906
bdb6d971 1907static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1908{
1909 struct mgmt_mode *cp = data;
ee392693 1910 bool changed;
e6fe7986 1911 u8 status;
ee392693 1912 int err;
6d80dfd0 1913
181d6953 1914 bt_dev_dbg(hdev, "sock %p", sk);
6d80dfd0 1915
b560a208
LAD		 1916 if (!IS_ENABLED(CONFIG_BT_HS))
1917 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1918 MGMT_STATUS_NOT_SUPPORTED);
1919
e6fe7986
JH		 1920 status = mgmt_bredr_support(hdev);
1921 if (status)
a69e8375 1922 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1923
9ecb3e24 1924 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1925 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1926 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1927
d7a5a11d 1928 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1929 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1930 MGMT_STATUS_REJECTED);
9ecb3e24 1931
a7e80f25 1932 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1933 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1934 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1935
ee392693
MH		 1936 hci_dev_lock(hdev);
1937
333ae95d 1938 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1939 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1940 MGMT_STATUS_BUSY);
a2cb01de
JH		 1941 goto unlock;
1942 }
1943
a0cdf960 1944 if (cp->val) {
238be788 1945 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1946 } else {
1947 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1948 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1949 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1950 goto unlock;
1951 }
1952
a69d8927 1953 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1954 }
ee392693
MH		 1955
1956 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1957 if (err < 0)
1958 goto unlock;
1959
1960 if (changed)
1961 err = new_settings(hdev, sk);
6d80dfd0 1962
ee392693
MH		 1963unlock:
1964 hci_dev_unlock(hdev);
1965 return err;
6d80dfd0
JH		 1966}
1967
d81a494c 1968static void set_le_complete(struct hci_dev *hdev, void *data, int err)
416a4ae5
JH		 1969{
1970 struct cmd_lookup match = { NULL, hdev };
d81a494c 1971 u8 status = mgmt_status(err);
416a4ae5 1972
d81a494c 1973 bt_dev_dbg(hdev, "err %d", err);
3ad67582 1974
416a4ae5 1975 if (status) {
416a4ae5 1976 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
d81a494c
BG		 1977 &status);
1978 return;
416a4ae5
JH		 1979 }
1980
1981 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1982
1983 new_settings(hdev, match.sk);
1984
1985 if (match.sk)
1986 sock_put(match.sk);
d81a494c
BG		 1987}
1988
1989static int set_le_sync(struct hci_dev *hdev, void *data)
1990{
1991 struct mgmt_pending_cmd *cmd = data;
1992 struct mgmt_mode *cp = cmd->param;
1993 u8 val = !!cp->val;
1994 int err;
1995
1996 if (!val) {
1997 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
1998 hci_disable_advertising_sync(hdev);
1999
2000 if (ext_adv_capable(hdev))
2001 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2002 } else {
2003 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2004 }
2005
2006 err = hci_write_le_host_supported_sync(hdev, val, 0);
441ad2d0
MH		 2007
2008 /* Make sure the controller has a good default for
2009 * advertising data. Restrict the update to when LE
2010 * has actually been enabled. During power on, the
2011 * update in powered_update_hci will take care of it.
2012 */
d81a494c 2013 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
a0fb3726 2014 if (ext_adv_capable(hdev)) {
d81a494c 2015 int status;
a0fb3726 2016
d81a494c
BG		 2017 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2018 if (!status)
2019 hci_update_scan_rsp_data_sync(hdev, 0x00);
a0fb3726 2020 } else {
d81a494c
BG		 2021 hci_update_adv_data_sync(hdev, 0x00);
2022 hci_update_scan_rsp_data_sync(hdev, 0x00);
a0fb3726 2023 }
d81a494c 2024
5bee2fd6 2025 hci_update_passive_scan(hdev);
441ad2d0 2026 }
3ad67582 2027
d81a494c 2028 return err;
416a4ae5
JH		 2029}
2030
bdb6d971 2031static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2032{
2033 struct mgmt_mode *cp = data;
3b0602cd 2034 struct mgmt_pending_cmd *cmd;
06199cf8 2035 int err;
0b60eba1 2036 u8 val, enabled;
06199cf8 2037
181d6953 2038 bt_dev_dbg(hdev, "sock %p", sk);
06199cf8 2039
13ecd8b6 2040 if (!lmp_le_capable(hdev))
a69e8375
JH		 2041 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2042 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2043
a7e80f25 2044 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2045 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2046 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2047
e7844ee5
MH		 2048 /* Bluetooth single mode LE only controllers or dual-mode
2049 * controllers configured as LE only devices, do not allow
2050 * switching LE off. These have either LE enabled explicitly
2051 * or BR/EDR has been previously switched off.
2052 *
2053 * When trying to enable an already enabled LE, then gracefully
2054 * send a positive response. Trying to disable it however will
2055 * result into rejection.
2056 */
2057 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2058 if (cp->val == 0x01)
2059 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2060
a69e8375
JH		 2061 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2062 MGMT_STATUS_REJECTED);
e7844ee5 2063 }
c73eee91 2064
13ecd8b6 2065 hci_dev_lock(hdev);
06199cf8
JH		 2066
2067 val = !!cp->val;
ffa88e02 2068 enabled = lmp_host_le_capable(hdev);
06199cf8 2069
847818d9 2070 if (!val)
37d3a1fa 2071 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
847818d9 2072
0b60eba1 2073 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2074 bool changed = false;
2075
d7a5a11d 2076 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2077 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2078 changed = true;
2079 }
2080
d7a5a11d 2081 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2082 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2083 changed = true;
2084 }
2085
06199cf8
JH		 2086 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2087 if (err < 0)
1de028ce 2088 goto unlock;
06199cf8
JH		 2089
2090 if (changed)
2091 err = new_settings(hdev, sk);
2092
1de028ce 2093 goto unlock;
06199cf8
JH		 2094 }
2095
333ae95d
JH		 2096 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2097 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2098 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2099 MGMT_STATUS_BUSY);
1de028ce 2100 goto unlock;
06199cf8
JH		 2101 }
2102
2103 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
d81a494c 2104 if (!cmd)
06199cf8 2105 err = -ENOMEM;
d81a494c
BG		 2106 else
2107 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2108 set_le_complete);
06199cf8 2109
d81a494c
BG		 2110 if (err < 0) {
2111 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2112 MGMT_STATUS_FAILED);
45b7749f 2113
d81a494c
BG		 2114 if (cmd)
2115 mgmt_pending_remove(cmd);
06199cf8
JH		 2116 }
2117
1de028ce
JH		 2118unlock:
2119 hci_dev_unlock(hdev);
06199cf8
JH		 2120 return err;
2121}
2122
0cab9c80
JH		 2123/* This is a helper function to test for pending mgmt commands that can
2124 * cause CoD or EIR HCI commands. We can only allow one such pending
2125 * mgmt command at a time since otherwise we cannot easily track what
2126 * the current values are, will be, and based on that calculate if a new
2127 * HCI command needs to be sent and if yes with what value.
2128 */
2129static bool pending_eir_or_class(struct hci_dev *hdev)
2130{
3b0602cd 2131 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2132
2133 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2134 switch (cmd->opcode) {
2135 case MGMT_OP_ADD_UUID:
2136 case MGMT_OP_REMOVE_UUID:
2137 case MGMT_OP_SET_DEV_CLASS:
2138 case MGMT_OP_SET_POWERED:
2139 return true;
2140 }
2141 }
2142
2143 return false;
2144}
2145
83be8eca
JH		 2146static const u8 bluetooth_base_uuid[] = {
2147 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2148 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2149};
2150
2151static u8 get_uuid_size(const u8 *uuid)
2152{
2153 u32 val;
2154
2155 if (memcmp(uuid, bluetooth_base_uuid, 12))
2156 return 128;
2157
2158 val = get_unaligned_le32(&uuid[12]);
2159 if (val > 0xffff)
2160 return 32;
2161
2162 return 16;
2163}
2164
161510cc 2165static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
92da6097 2166{
161510cc 2167 struct mgmt_pending_cmd *cmd = data;
92da6097 2168
161510cc 2169 bt_dev_dbg(hdev, "err %d", err);
92da6097 2170
2a1afb5a 2171 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
161510cc 2172 mgmt_status(err), hdev->dev_class, 3);
92da6097 2173
161510cc 2174 mgmt_pending_free(cmd);
92da6097
JH		 2175}
2176
161510cc 2177static int add_uuid_sync(struct hci_dev *hdev, void *data)
92da6097 2178{
161510cc 2179 int err;
92da6097 2180
161510cc
LAD		 2181 err = hci_update_class_sync(hdev);
2182 if (err)
2183 return err;
2184
2185 return hci_update_eir_sync(hdev);
92da6097
JH		 2186}
2187
bdb6d971 2188static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2189{
650f726d 2190 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2191 struct mgmt_pending_cmd *cmd;
2aeb9a1a 2192 struct bt_uuid *uuid;
2aeb9a1a
JH		 2193 int err;
2194
181d6953 2195 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2196
09fd0de5 2197 hci_dev_lock(hdev);
2aeb9a1a 2198
0cab9c80 2199 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2200 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2201 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2202 goto failed;
2203 }
2204
92c4c204 2205 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2206 if (!uuid) {
2207 err = -ENOMEM;
2208 goto failed;
2209 }
2210
2211 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2212 uuid->svc_hint = cp->svc_hint;
83be8eca 2213 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2214
de66aa63 2215 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2216
161510cc 2217 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2218 if (!cmd) {
90e70454 2219 err = -ENOMEM;
890ea898
JH		 2220 goto failed;
2221 }
2222
161510cc
LAD		 2223 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2224 if (err < 0) {
2225 mgmt_pending_free(cmd);
2226 goto failed;
2227 }
2aeb9a1a
JH		 2228
2229failed:
09fd0de5 2230 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2231 return err;
2232}
2233
24b78d0f
JH		 2234static bool enable_service_cache(struct hci_dev *hdev)
2235{
2236 if (!hdev_is_powered(hdev))
2237 return false;
2238
238be788 2239 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2240 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2241 CACHE_TIMEOUT);
24b78d0f
JH		 2242 return true;
2243 }
2244
2245 return false;
2246}
2247
161510cc 2248static int remove_uuid_sync(struct hci_dev *hdev, void *data)
92da6097 2249{
161510cc 2250 int err;
92da6097 2251
161510cc
LAD		 2252 err = hci_update_class_sync(hdev);
2253 if (err)
2254 return err;
2255
2256 return hci_update_eir_sync(hdev);
92da6097
JH		 2257}
2258
bdb6d971 2259static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2260 u16 len)
2aeb9a1a 2261{
650f726d 2262 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2263 struct mgmt_pending_cmd *cmd;
056341c8 2264 struct bt_uuid *match, *tmp;
2aeb9a1a 2265 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 2266 int err, found;
2267
181d6953 2268 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2269
09fd0de5 2270 hci_dev_lock(hdev);
2aeb9a1a 2271
0cab9c80 2272 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2273 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2274 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2275 goto unlock;
2276 }
2277
2aeb9a1a 2278 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2279 hci_uuids_clear(hdev);
4004b6d9 2280
24b78d0f 2281 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2282 err = mgmt_cmd_complete(sk, hdev->id,
2283 MGMT_OP_REMOVE_UUID,
2284 0, hdev->dev_class, 3);
24b78d0f
JH		 2285 goto unlock;
2286 }
4004b6d9 2287
9246a869 2288 goto update_class;
2aeb9a1a
JH		 2289 }
2290
2291 found = 0;
2292
056341c8 2293 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2294 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2295 continue;
2296
2297 list_del(&match->list);
482049f7 2298 kfree(match);
2aeb9a1a
JH		 2299 found++;
2300 }
2301
2302 if (found == 0) {
a69e8375
JH		 2303 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2304 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2305 goto unlock;
2306 }
2307
9246a869 2308update_class:
161510cc 2309 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2310 if (!cmd) {
90e70454 2311 err = -ENOMEM;
890ea898
JH		 2312 goto unlock;
2313 }
2314
161510cc
LAD		 2315 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2316 mgmt_class_complete);
2317 if (err < 0)
2318 mgmt_pending_free(cmd);
2aeb9a1a
JH		 2319
2320unlock:
09fd0de5 2321 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2322 return err;
2323}
2324
161510cc 2325static int set_class_sync(struct hci_dev *hdev, void *data)
92da6097 2326{
161510cc
LAD		 2327 int err = 0;
2328
2329 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2330 cancel_delayed_work_sync(&hdev->service_cache);
2331 err = hci_update_eir_sync(hdev);
2332 }
2333
2334 if (err)
2335 return err;
92da6097 2336
161510cc 2337 return hci_update_class_sync(hdev);
92da6097
JH		 2338}
2339
bdb6d971 2340static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2341 u16 len)
1aff6f09 2342{
650f726d 2343 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2344 struct mgmt_pending_cmd *cmd;
1aff6f09
JH		 2345 int err;
2346
181d6953 2347 bt_dev_dbg(hdev, "sock %p", sk);
1aff6f09 2348
6203fc98 2349 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2351 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2352
0cab9c80 2353 hci_dev_lock(hdev);
ee98f473 2354
0cab9c80 2355 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2356 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2357 MGMT_STATUS_BUSY);
0cab9c80
JH		 2358 goto unlock;
2359 }
c95f0ba7 2360
0cab9c80 2361 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2362 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2363 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2364 goto unlock;
2365 }
575b3a02 2366
932f5ff5
JH		 2367 hdev->major_class = cp->major;
2368 hdev->minor_class = cp->minor;
2369
b5235a65 2370 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2371 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2372 hdev->dev_class, 3);
b5235a65
JH		 2373 goto unlock;
2374 }
2375
161510cc 2376 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2377 if (!cmd) {
90e70454 2378 err = -ENOMEM;
890ea898
JH		 2379 goto unlock;
2380 }
2381
161510cc
LAD		 2382 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2383 mgmt_class_complete);
2384 if (err < 0)
2385 mgmt_pending_free(cmd);
1aff6f09 2386
b5235a65 2387unlock:
09fd0de5 2388 hci_dev_unlock(hdev);
1aff6f09
JH		 2389 return err;
2390}
2391
bdb6d971 2392static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2393 u16 len)
55ed8ca1 2394{
650f726d 2395 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2396 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2397 sizeof(struct mgmt_link_key_info));
4e51eae9 2398 u16 key_count, expected_len;
b1de97d8 2399 bool changed;
a492cd52 2400 int i;
55ed8ca1 2401
181d6953 2402 bt_dev_dbg(hdev, "sock %p", sk);
9060d5cf
MH		 2403
2404 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2405 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2406 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2407
1f350c87 2408 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 2409 if (key_count > max_key_count) {
2064ee33
MH		 2410 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2411 key_count);
a69e8375
JH		 2412 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2413 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2414 }
55ed8ca1 2415
5bec1fb8 2416 expected_len = struct_size(cp, keys, key_count);
a492cd52 2417 if (expected_len != len) {
2064ee33
MH		 2418 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2419 expected_len, len);
a69e8375
JH		 2420 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2421 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2422 }
2423
4ae14301 2424 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2426 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2427
181d6953
MH		 2428 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2429 key_count);
55ed8ca1 2430
4ee71b20
JH		 2431 for (i = 0; i < key_count; i++) {
2432 struct mgmt_link_key_info *key = &cp->keys[i];
2433
8e991132 2434 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2435 return mgmt_cmd_status(sk, hdev->id,
2436 MGMT_OP_LOAD_LINK_KEYS,
2437 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2438 }
2439
09fd0de5 2440 hci_dev_lock(hdev);
55ed8ca1
JH		 2441
2442 hci_link_keys_clear(hdev);
2443
55ed8ca1 2444 if (cp->debug_keys)
238be788 2445 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2446 else
a69d8927
MH		 2447 changed = hci_dev_test_and_clear_flag(hdev,
2448 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2449
2450 if (changed)
2451 new_settings(hdev, NULL);
55ed8ca1 2452
a492cd52 2453 for (i = 0; i < key_count; i++) {
86742e1e 2454 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2455
600a8749
AM		 2456 if (hci_is_blocked_key(hdev,
2457 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2458 key->val)) {
2459 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2460 &key->addr.bdaddr);
2461 continue;
2462 }
2463
58e9293c
JH		 2464 /* Always ignore debug keys and require a new pairing if
2465 * the user wants to use them.
2466 */
2467 if (key->type == HCI_LK_DEBUG_COMBINATION)
2468 continue;
2469
7652ff6a
JH		 2470 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2471 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2472 }
2473
2a1afb5a 2474 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2475
09fd0de5 2476 hci_dev_unlock(hdev);
55ed8ca1 2477
a492cd52 2478 return 0;
55ed8ca1
JH		 2479}
2480
b1078ad0 2481static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2482 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2483{
2484 struct mgmt_ev_device_unpaired ev;
2485
2486 bacpy(&ev.addr.bdaddr, bdaddr);
2487 ev.addr.type = addr_type;
2488
2489 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2490 skip_sk);
b1078ad0
JH		 2491}
2492
bdb6d971 2493static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2494 u16 len)
55ed8ca1 2495{
124f6e35
JH		 2496 struct mgmt_cp_unpair_device *cp = data;
2497 struct mgmt_rp_unpair_device rp;
fc64361a 2498 struct hci_conn_params *params;
3b0602cd 2499 struct mgmt_pending_cmd *cmd;
55ed8ca1 2500 struct hci_conn *conn;
ec182f03 2501 u8 addr_type;
55ed8ca1
JH		 2502 int err;
2503
a8a1d19e 2504 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2505 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2506 rp.addr.type = cp->addr.type;
a8a1d19e 2507
4ee71b20 2508 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2509 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2510 MGMT_STATUS_INVALID_PARAMS,
2511 &rp, sizeof(rp));
4ee71b20 2512
118da70b 2513 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2514 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2515 MGMT_STATUS_INVALID_PARAMS,
2516 &rp, sizeof(rp));
118da70b 2517
4ee71b20
JH		 2518 hci_dev_lock(hdev);
2519
86a8cfc6 2520 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2521 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2522 MGMT_STATUS_NOT_POWERED, &rp,
2523 sizeof(rp));
86a8cfc6
JH		 2524 goto unlock;
2525 }
2526
e0b2b27e 2527 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2528 /* If disconnection is requested, then look up the
2529 * connection. If the remote device is connected, it
2530 * will be later used to terminate the link.
2531 *
2532 * Setting it to NULL explicitly will cause no
2533 * termination of the link.
2534 */
2535 if (cp->disconnect)
2536 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2537 &cp->addr.bdaddr);
2538 else
2539 conn = NULL;
2540
124f6e35 2541 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2542 if (err < 0) {
2543 err = mgmt_cmd_complete(sk, hdev->id,
2544 MGMT_OP_UNPAIR_DEVICE,
2545 MGMT_STATUS_NOT_PAIRED, &rp,
2546 sizeof(rp));
2547 goto unlock;
89cbb063
AA		 2548 }
2549
ec182f03 2550 goto done;
e0b2b27e 2551 }
b0dbfb46 2552
ec182f03
JH		 2553 /* LE address type */
2554 addr_type = le_addr_type(cp->addr.type);
2555
cb28c306
MK		 2556 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2557 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2558 if (err < 0) {
2a1afb5a
JH		 2559 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2560 MGMT_STATUS_NOT_PAIRED, &rp,
2561 sizeof(rp));
55ed8ca1
JH		 2562 goto unlock;
2563 }
2564
ec182f03
JH		 2565 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2566 if (!conn) {
2567 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2568 goto done;
2569 }
2570
c81d555a 2571
ec182f03
JH		 2572 /* Defer clearing up the connection parameters until closing to
2573 * give a chance of keeping them if a repairing happens.
2574 */
2575 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2576
fc64361a
JH		 2577 /* Disable auto-connection parameters if present */
2578 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2579 if (params) {
2580 if (params->explicit_connect)
2581 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2582 else
2583 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2584 }
2585
ec182f03
JH		 2586 /* If disconnection is not requested, then clear the connection
2587 * variable so that the link is not terminated.
2588 */
2589 if (!cp->disconnect)
2590 conn = NULL;
2591
2592done:
89cbb063
AA		 2593 /* If the connection variable is set, then termination of the
2594 * link is requested.
2595 */
a8a1d19e 2596 if (!conn) {
2a1afb5a
JH		 2597 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2598 &rp, sizeof(rp));
b1078ad0 2599 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2600 goto unlock;
2601 }
55ed8ca1 2602
124f6e35 2603 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2604 sizeof(*cp));
a8a1d19e
JH		 2605 if (!cmd) {
2606 err = -ENOMEM;
2607 goto unlock;
55ed8ca1
JH		 2608 }
2609
d8b7b1e4
JH		 2610 cmd->cmd_complete = addr_cmd_complete;
2611
89e0ccc8 2612 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2613 if (err < 0)
2614 mgmt_pending_remove(cmd);
2615
55ed8ca1 2616unlock:
09fd0de5 2617 hci_dev_unlock(hdev);
55ed8ca1
JH		 2618 return err;
2619}
2620
bdb6d971 2621static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2622 u16 len)
8962ee74 2623{
650f726d 2624 struct mgmt_cp_disconnect *cp = data;
06a63b19 2625 struct mgmt_rp_disconnect rp;
3b0602cd 2626 struct mgmt_pending_cmd *cmd;
8962ee74 2627 struct hci_conn *conn;
8962ee74
JH		 2628 int err;
2629
181d6953 2630 bt_dev_dbg(hdev, "sock %p", sk);
8962ee74 2631
06a63b19
JH		 2632 memset(&rp, 0, sizeof(rp));
2633 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2634 rp.addr.type = cp->addr.type;
2635
4ee71b20 2636 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2637 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2638 MGMT_STATUS_INVALID_PARAMS,
2639 &rp, sizeof(rp));
4ee71b20 2640
09fd0de5 2641 hci_dev_lock(hdev);
8962ee74
JH		 2642
2643 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2644 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2645 MGMT_STATUS_NOT_POWERED, &rp,
2646 sizeof(rp));
8962ee74
JH		 2647 goto failed;
2648 }
2649
333ae95d 2650 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2651 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2652 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2653 goto failed;
2654 }
2655
591f47f3 2656 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2657 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2658 &cp->addr.bdaddr);
88c3df13 2659 else
9d4c1cc1
JH		 2660 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2661 le_addr_type(cp->addr.type));
365227e5 2662
f960727e 2663 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2664 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2665 MGMT_STATUS_NOT_CONNECTED, &rp,
2666 sizeof(rp));
8962ee74
JH		 2667 goto failed;
2668 }
2669
2e58ef3e 2670 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2671 if (!cmd) {
2672 err = -ENOMEM;
8962ee74 2673 goto failed;
366a0336 2674 }
8962ee74 2675
f5818c22
JH		 2676 cmd->cmd_complete = generic_cmd_complete;
2677
e3f2f92a 2678 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2679 if (err < 0)
a664b5bc 2680 mgmt_pending_remove(cmd);
8962ee74
JH		 2681
2682failed:
09fd0de5 2683 hci_dev_unlock(hdev);
8962ee74
JH		 2684 return err;
2685}
2686
57c1477c 2687static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2688{
2689 switch (link_type) {
2690 case LE_LINK:
48264f06
JH		 2691 switch (addr_type) {
2692 case ADDR_LE_DEV_PUBLIC:
591f47f3 2693 return BDADDR_LE_PUBLIC;
0ed09148 2694
48264f06 2695 default:
0ed09148 2696 /* Fallback to LE Random address type */
591f47f3 2697 return BDADDR_LE_RANDOM;
48264f06 2698 }
0ed09148 2699
4c659c39 2700 default:
0ed09148 2701 /* Fallback to BR/EDR type */
591f47f3 2702 return BDADDR_BREDR;
4c659c39
JH		 2703 }
2704}
2705
04124681
GP		 2706static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2707 u16 data_len)
2784eb41 2708{
2784eb41 2709 struct mgmt_rp_get_connections *rp;
8035ded4 2710 struct hci_conn *c;
60fc5fb6
JH		 2711 int err;
2712 u16 i;
2784eb41 2713
181d6953 2714 bt_dev_dbg(hdev, "sock %p", sk);
2784eb41 2715
09fd0de5 2716 hci_dev_lock(hdev);
2784eb41 2717
5f97c1df 2718 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2719 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2720 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2721 goto unlock;
2722 }
2723
60fc5fb6 2724 i = 0;
b644ba33
JH		 2725 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2726 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2727 i++;
2784eb41
JH		 2728 }
2729
72bb169e 2730 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
a38528f1 2731 if (!rp) {
2784eb41
JH		 2732 err = -ENOMEM;
2733 goto unlock;
2734 }
2735
2784eb41 2736 i = 0;
4c659c39 2737 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2738 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2739 continue;
4c659c39 2740 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2741 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2742 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2743 continue;
2744 i++;
2745 }
2746
eb55ef07 2747 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2748
4c659c39 2749 /* Recalculate length in case of filtered SCO connections, etc */
2a1afb5a 2750 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
72bb169e 2751 struct_size(rp, addr, i));
2784eb41 2752
a38528f1 2753 kfree(rp);
5f97c1df
JH		 2754
2755unlock:
09fd0de5 2756 hci_dev_unlock(hdev);
2784eb41
JH		 2757 return err;
2758}
2759
bdb6d971 2760static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2761 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2762{
3b0602cd 2763 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2764 int err;
2765
2e58ef3e 2766 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2767 sizeof(*cp));
96d97a67
WR		 2768 if (!cmd)
2769 return -ENOMEM;
2770
dd7e39bb
AL		 2771 cmd->cmd_complete = addr_cmd_complete;
2772
d8457698 2773 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2774 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2775 if (err < 0)
2776 mgmt_pending_remove(cmd);
2777
2778 return err;
2779}
2780
bdb6d971 2781static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2782 u16 len)
980e1a53 2783{
96d97a67 2784 struct hci_conn *conn;
650f726d 2785 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2786 struct hci_cp_pin_code_reply reply;
3b0602cd 2787 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2788 int err;
2789
181d6953 2790 bt_dev_dbg(hdev, "sock %p", sk);
980e1a53 2791
09fd0de5 2792 hci_dev_lock(hdev);
980e1a53 2793
4b34ee78 2794 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2795 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2796 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2797 goto failed;
2798 }
2799
d8457698 2800 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2801 if (!conn) {
a69e8375
JH		 2802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2803 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2804 goto failed;
2805 }
2806
2807 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2808 struct mgmt_cp_pin_code_neg_reply ncp;
2809
2810 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67 2811
2064ee33 2812 bt_dev_err(hdev, "PIN code is not 16 bytes long");
96d97a67 2813
bdb6d971 2814 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2815 if (err >= 0)
a69e8375
JH		 2816 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2817 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2818
2819 goto failed;
2820 }
2821
00abfe44 2822 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2823 if (!cmd) {
2824 err = -ENOMEM;
980e1a53 2825 goto failed;
366a0336 2826 }
980e1a53 2827
7776d1d8
JH		 2828 cmd->cmd_complete = addr_cmd_complete;
2829
d8457698 2830 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2831 reply.pin_len = cp->pin_len;
24718ca5 2832 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2833
2834 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2835 if (err < 0)
a664b5bc 2836 mgmt_pending_remove(cmd);
980e1a53
JH		 2837
2838failed:
09fd0de5 2839 hci_dev_unlock(hdev);
980e1a53
JH		 2840 return err;
2841}
2842
04124681
GP		 2843static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2844 u16 len)
17fa4b9d 2845{
650f726d 2846 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d 2847
181d6953 2848 bt_dev_dbg(hdev, "sock %p", sk);
17fa4b9d 2849
4ec86d4c 2850 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 2851 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2852 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 2853
09fd0de5 2854 hci_dev_lock(hdev);
17fa4b9d
JH		 2855
2856 hdev->io_capability = cp->io_capability;
2857
181d6953 2858 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
17fa4b9d 2859
09fd0de5 2860 hci_dev_unlock(hdev);
17fa4b9d 2861
2a1afb5a
JH		 2862 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2863 NULL, 0);
17fa4b9d
JH		 2864}
2865
3b0602cd 2866static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2867{
2868 struct hci_dev *hdev = conn->hdev;
3b0602cd 2869 struct mgmt_pending_cmd *cmd;
e9a416b5 2870
2e58ef3e 2871 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2872 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2873 continue;
2874
e9a416b5
JH		 2875 if (cmd->user_data != conn)
2876 continue;
2877
2878 return cmd;
2879 }
2880
2881 return NULL;
2882}
2883
3b0602cd 2884static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2885{
2886 struct mgmt_rp_pair_device rp;
2887 struct hci_conn *conn = cmd->user_data;
9df74653 2888 int err;
e9a416b5 2889
61b1a7fb
JH		 2890 bacpy(&rp.addr.bdaddr, &conn->dst);
2891 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2892
2a1afb5a
JH		 2893 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2894 status, &rp, sizeof(rp));
e9a416b5
JH		 2895
2896 /* So we don't get further callbacks for this connection */
2897 conn->connect_cfm_cb = NULL;
2898 conn->security_cfm_cb = NULL;
2899 conn->disconn_cfm_cb = NULL;
2900
76a68ba0 2901 hci_conn_drop(conn);
89cbb063
AA		 2902
2903 /* The device is paired so there is no need to remove
2904 * its connection parameters anymore.
2905 */
2906 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2907
2908 hci_conn_put(conn);
9df74653
JH		 2909
2910 return err;
e9a416b5
JH		 2911}
2912
f4a407be
JH		 2913void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2914{
2915 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2916 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2917
2918 cmd = find_pairing(conn);
a511b35b 2919 if (cmd) {
04ab2749 2920 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2921 mgmt_pending_remove(cmd);
2922 }
f4a407be
JH		 2923}
2924
e9a416b5
JH		 2925static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2926{
3b0602cd 2927 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2928
2929 BT_DBG("status %u", status);
2930
2931 cmd = find_pairing(conn);
a511b35b 2932 if (!cmd) {
e9a416b5 2933 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2934 return;
2935 }
2936
2937 cmd->cmd_complete(cmd, mgmt_status(status));
2938 mgmt_pending_remove(cmd);
e9a416b5
JH		 2939}
2940
f4a407be 2941static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2942{
3b0602cd 2943 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2944
2945 BT_DBG("status %u", status);
2946
2947 if (!status)
2948 return;
2949
2950 cmd = find_pairing(conn);
a511b35b 2951 if (!cmd) {
4c47d739 2952 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2953 return;
2954 }
2955
2956 cmd->cmd_complete(cmd, mgmt_status(status));
2957 mgmt_pending_remove(cmd);
4c47d739
VA		 2958}
2959
bdb6d971 2960static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2961 u16 len)
e9a416b5 2962{
650f726d 2963 struct mgmt_cp_pair_device *cp = data;
1425acb7 2964 struct mgmt_rp_pair_device rp;
3b0602cd 2965 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2966 u8 sec_level, auth_type;
2967 struct hci_conn *conn;
e9a416b5
JH		 2968 int err;
2969
181d6953 2970 bt_dev_dbg(hdev, "sock %p", sk);
e9a416b5 2971
f950a30e
SJ		 2972 memset(&rp, 0, sizeof(rp));
2973 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2974 rp.addr.type = cp->addr.type;
2975
4ee71b20 2976 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2977 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2978 MGMT_STATUS_INVALID_PARAMS,
2979 &rp, sizeof(rp));
4ee71b20 2980
4ec86d4c 2981 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2982 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2983 MGMT_STATUS_INVALID_PARAMS,
2984 &rp, sizeof(rp));
4ec86d4c 2985
09fd0de5 2986 hci_dev_lock(hdev);
e9a416b5 2987
5f97c1df 2988 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2989 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2990 MGMT_STATUS_NOT_POWERED, &rp,
2991 sizeof(rp));
5f97c1df
JH		 2992 goto unlock;
2993 }
2994
55e76b38
JH		 2995 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2996 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2997 MGMT_STATUS_ALREADY_PAIRED, &rp,
2998 sizeof(rp));
2999 goto unlock;
3000 }
3001
c908df36 3002 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3003 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3004
6f77d8c7 3005 if (cp->addr.type == BDADDR_BREDR) {
04a6c589 3006 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
76b13996 3007 auth_type, CONN_REASON_PAIR_DEVICE);
6f77d8c7 3008 } else {
85813a7e 3009 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 3010 struct hci_conn_params *p;
6f77d8c7 3011
7c264b10
MH		 3012 /* When pairing a new device, it is expected to remember
3013 * this device for future connections. Adding the connection
3014 * parameter information ahead of time allows tracking
67ffb185 3015 * of the peripheral preferred values and will speed up any
7c264b10
MH		 3016 * further connection establishment.
3017 *
3018 * If connection parameters already exist, then they
3019 * will be kept and this function does nothing.
3020 */
5157b8a5
JP		 3021 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3022
3023 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3024 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 3025
76b13996
MM		 3026 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3027 sec_level, HCI_LE_CONN_TIMEOUT,
3028 CONN_REASON_PAIR_DEVICE);
6f77d8c7 3029 }
7a512d01 3030
30e76272 3031 if (IS_ERR(conn)) {
489dc48e
AK		 3032 int status;
3033
3034 if (PTR_ERR(conn) == -EBUSY)
3035 status = MGMT_STATUS_BUSY;
faa81030
LR		 3036 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3037 status = MGMT_STATUS_NOT_SUPPORTED;
3038 else if (PTR_ERR(conn) == -ECONNREFUSED)
3039 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3040 else
3041 status = MGMT_STATUS_CONNECT_FAILED;
3042
2a1afb5a
JH		 3043 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3044 status, &rp, sizeof(rp));
e9a416b5
JH		 3045 goto unlock;
3046 }
3047
3048 if (conn->connect_cfm_cb) {
76a68ba0 3049 hci_conn_drop(conn);
2a1afb5a
JH		 3050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3051 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3052 goto unlock;
3053 }
3054
2e58ef3e 3055 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3056 if (!cmd) {
3057 err = -ENOMEM;
76a68ba0 3058 hci_conn_drop(conn);
e9a416b5
JH		 3059 goto unlock;
3060 }
3061
04ab2749
JH		 3062 cmd->cmd_complete = pairing_complete;
3063
7a512d01 3064 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3065 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3066 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3067 conn->security_cfm_cb = pairing_complete_cb;
3068 conn->disconn_cfm_cb = pairing_complete_cb;
3069 } else {
3070 conn->connect_cfm_cb = le_pairing_complete_cb;
3071 conn->security_cfm_cb = le_pairing_complete_cb;
3072 conn->disconn_cfm_cb = le_pairing_complete_cb;
3073 }
7a512d01 3074
e9a416b5 3075 conn->io_capability = cp->io_cap;
f8aaf9b6 3076 cmd->user_data = hci_conn_get(conn);
e9a416b5 3077
6f78fd4b 3078 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3079 hci_conn_security(conn, sec_level, auth_type, true)) {
3080 cmd->cmd_complete(cmd, 0);
3081 mgmt_pending_remove(cmd);
3082 }
e9a416b5
JH		 3083
3084 err = 0;
3085
3086unlock:
09fd0de5 3087 hci_dev_unlock(hdev);
e9a416b5
JH		 3088 return err;
3089}
3090
04124681
GP		 3091static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3092 u16 len)
28424707 3093{
0f4e68cf 3094 struct mgmt_addr_info *addr = data;
3b0602cd 3095 struct mgmt_pending_cmd *cmd;
28424707
JH		 3096 struct hci_conn *conn;
3097 int err;
3098
181d6953 3099 bt_dev_dbg(hdev, "sock %p", sk);
28424707 3100
28424707
JH		 3101 hci_dev_lock(hdev);
3102
5f97c1df 3103 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3104 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3105 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3106 goto unlock;
3107 }
3108
333ae95d 3109 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3110 if (!cmd) {
a69e8375
JH		 3111 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3112 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3113 goto unlock;
3114 }
3115
3116 conn = cmd->user_data;
3117
3118 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3119 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3120 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3121 goto unlock;
3122 }
3123
a511b35b
JH		 3124 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3125 mgmt_pending_remove(cmd);
28424707 3126
2a1afb5a
JH		 3127 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3128 addr, sizeof(*addr));
76b13996
MM		 3129
3130 /* Since user doesn't want to proceed with the connection, abort any
3131 * ongoing pairing and then terminate the link if it was created
3132 * because of the pair device action.
3133 */
3134 if (addr->type == BDADDR_BREDR)
3135 hci_remove_link_key(hdev, &addr->bdaddr);
3136 else
3137 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3138 le_addr_type(addr->type));
3139
3140 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3141 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3142
28424707
JH		 3143unlock:
3144 hci_dev_unlock(hdev);
28424707
JH		 3145 return err;
3146}
3147
bdb6d971 3148static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3149 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3150 u16 hci_op, __le32 passkey)
a5c29683 3151{
3b0602cd 3152 struct mgmt_pending_cmd *cmd;
0df4c185 3153 struct hci_conn *conn;
a5c29683
JH		 3154 int err;
3155
09fd0de5 3156 hci_dev_lock(hdev);
08ba5382 3157
4b34ee78 3158 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3159 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3160 MGMT_STATUS_NOT_POWERED, addr,
3161 sizeof(*addr));
0df4c185 3162 goto done;
a5c29683
JH		 3163 }
3164
1707c60e
JH		 3165 if (addr->type == BDADDR_BREDR)
3166 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3167 else
9d4c1cc1
JH		 3168 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3169 le_addr_type(addr->type));
272d90df
JH		 3170
3171 if (!conn) {
2a1afb5a
JH		 3172 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3173 MGMT_STATUS_NOT_CONNECTED, addr,
3174 sizeof(*addr));
272d90df
JH		 3175 goto done;
3176 }
47c15e2b 3177
1707c60e 3178 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3179 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3180 if (!err)
2a1afb5a
JH		 3181 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3182 MGMT_STATUS_SUCCESS, addr,
3183 sizeof(*addr));
5fe57d9e 3184 else
2a1afb5a
JH		 3185 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3186 MGMT_STATUS_FAILED, addr,
3187 sizeof(*addr));
47c15e2b 3188
47c15e2b
BG		 3189 goto done;
3190 }
3191
1707c60e 3192 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3193 if (!cmd) {
3194 err = -ENOMEM;
0df4c185 3195 goto done;
a5c29683
JH		 3196 }
3197
7776d1d8
JH		 3198 cmd->cmd_complete = addr_cmd_complete;
3199
0df4c185 3200 /* Continue with pairing via HCI */
604086b7
BG		 3201 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3202 struct hci_cp_user_passkey_reply cp;
3203
1707c60e 3204 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3205 cp.passkey = passkey;
3206 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3207 } else
1707c60e
JH		 3208 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3209 &addr->bdaddr);
604086b7 3210
a664b5bc
JH		 3211 if (err < 0)
3212 mgmt_pending_remove(cmd);
a5c29683 3213
0df4c185 3214done:
09fd0de5 3215 hci_dev_unlock(hdev);
a5c29683
JH		 3216 return err;
3217}
3218
afeb019d
JK		 3219static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3220 void *data, u16 len)
3221{
3222 struct mgmt_cp_pin_code_neg_reply *cp = data;
3223
181d6953 3224 bt_dev_dbg(hdev, "sock %p", sk);
afeb019d 3225
1707c60e 3226 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3227 MGMT_OP_PIN_CODE_NEG_REPLY,
3228 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3229}
3230
04124681
GP		 3231static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3232 u16 len)
0df4c185 3233{
650f726d 3234 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185 3235
181d6953 3236 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185
BG		 3237
3238 if (len != sizeof(*cp))
a69e8375
JH		 3239 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3240 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3241
1707c60e 3242 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3243 MGMT_OP_USER_CONFIRM_REPLY,
3244 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3245}
3246
bdb6d971 3247static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3248 void *data, u16 len)
0df4c185 3249{
c9c2659f 3250 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185 3251
181d6953 3252 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185 3253
1707c60e 3254 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3255 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3256 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3257}
3258
04124681
GP		 3259static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3260 u16 len)
604086b7 3261{
650f726d 3262 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7 3263
181d6953 3264 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3265
1707c60e 3266 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3267 MGMT_OP_USER_PASSKEY_REPLY,
3268 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3269}
3270
bdb6d971 3271static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3272 void *data, u16 len)
604086b7 3273{
650f726d 3274 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7 3275
181d6953 3276 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3277
1707c60e 3278 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3279 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3280 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3281}
3282
5e233ed5 3283static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
7c295c48
MN		 3284{
3285 struct adv_info *adv_instance;
7c295c48
MN		 3286
3287 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3288 if (!adv_instance)
5e233ed5 3289 return 0;
7c295c48
MN		 3290
3291 /* stop if current instance doesn't need to be changed */
3292 if (!(adv_instance->flags & flags))
5e233ed5 3293 return 0;
7c295c48
MN		 3294
3295 cancel_adv_timeout(hdev);
3296
3297 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3298 if (!adv_instance)
5e233ed5 3299 return 0;
7c295c48 3300
5e233ed5 3301 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
7c295c48 3302
5e233ed5
BG		 3303 return 0;
3304}
3305
3306static int name_changed_sync(struct hci_dev *hdev, void *data)
3307{
3308 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
7c295c48
MN		 3309}
3310
6f6ff38a 3311static void set_name_complete(struct hci_dev *hdev, void *data, int err)
13928971 3312{
6f6ff38a
BG		 3313 struct mgmt_pending_cmd *cmd = data;
3314 struct mgmt_cp_set_local_name *cp = cmd->param;
3315 u8 status = mgmt_status(err);
13928971 3316
6f6ff38a 3317 bt_dev_dbg(hdev, "err %d", err);
13928971 3318
7c295c48 3319 if (status) {
a69e8375 3320 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
6f6ff38a 3321 status);
7c295c48 3322 } else {
2a1afb5a
JH		 3323 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3324 cp, sizeof(*cp));
13928971 3325
7c295c48 3326 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5e233ed5 3327 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
7c295c48
MN		 3328 }
3329
13928971 3330 mgmt_pending_remove(cmd);
6f6ff38a 3331}
13928971 3332
6f6ff38a
BG		 3333static int set_name_sync(struct hci_dev *hdev, void *data)
3334{
3335 if (lmp_bredr_capable(hdev)) {
3336 hci_update_name_sync(hdev);
3337 hci_update_eir_sync(hdev);
3338 }
3339
3340 /* The name is stored in the scan response data and so
3341 * no need to update the advertising data here.
3342 */
3343 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3344 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3345
3346 return 0;
13928971
JH		 3347}
3348
bdb6d971 3349static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3350 u16 len)
b312b161 3351{
2b4bf397 3352 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3353 struct mgmt_pending_cmd *cmd;
b312b161
JH		 3354 int err;
3355
181d6953 3356 bt_dev_dbg(hdev, "sock %p", sk);
b312b161 3357
09fd0de5 3358 hci_dev_lock(hdev);
b312b161 3359
b3f2ca94
JH		 3360 /* If the old values are the same as the new ones just return a
3361 * direct command complete event.
3362 */
3363 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3364 !memcmp(hdev->short_name, cp->short_name,
3365 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3366 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3367 data, len);
b3f2ca94
JH		 3368 goto failed;
3369 }
3370
2b4bf397 3371 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3372
b5235a65 3373 if (!hdev_is_powered(hdev)) {
2b4bf397 3374 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3375
2a1afb5a
JH		 3376 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3377 data, len);
28cc7bde
JH		 3378 if (err < 0)
3379 goto failed;
3380
5504c3a3
MH		 3381 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3382 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3383 ext_info_changed(hdev, sk);
28cc7bde 3384
b5235a65
JH		 3385 goto failed;
3386 }
3387
28cc7bde 3388 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
6f6ff38a 3389 if (!cmd)
b312b161 3390 err = -ENOMEM;
6f6ff38a
BG		 3391 else
3392 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3393 set_name_complete);
b312b161 3394
6f6ff38a
BG		 3395 if (err < 0) {
3396 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3397 MGMT_STATUS_FAILED);
13928971 3398
6f6ff38a
BG		 3399 if (cmd)
3400 mgmt_pending_remove(cmd);
3f985050 3401
6f6ff38a 3402 goto failed;
3f985050
JH		 3403 }
3404
6f6ff38a 3405 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
b312b161
JH		 3406
3407failed:
09fd0de5 3408 hci_dev_unlock(hdev);
b312b161
JH		 3409 return err;
3410}
3411
5e233ed5
BG		 3412static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3413{
3414 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3415}
3416
c4960ecf
MN		 3417static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3418 u16 len)
3419{
3420 struct mgmt_cp_set_appearance *cp = data;
6613baba 3421 u16 appearance;
c4960ecf
MN		 3422 int err;
3423
181d6953 3424 bt_dev_dbg(hdev, "sock %p", sk);
c4960ecf 3425
af4168c5
MN		 3426 if (!lmp_le_capable(hdev))
3427 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3428 MGMT_STATUS_NOT_SUPPORTED);
3429
6613baba 3430 appearance = le16_to_cpu(cp->appearance);
c4960ecf
MN		 3431
3432 hci_dev_lock(hdev);
3433
6613baba
AM		 3434 if (hdev->appearance != appearance) {
3435 hdev->appearance = appearance;
c4960ecf
MN		 3436
3437 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5e233ed5
BG		 3438 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3439 NULL);
e74317f4
MN		 3440
3441 ext_info_changed(hdev, sk);
c4960ecf
MN		 3442 }
3443
3444 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3445 0);
3446
3447 hci_dev_unlock(hdev);
3448
3449 return err;
3450}
3451
6244691f
JK		 3452static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3453 void *data, u16 len)
3454{
35302158 3455 struct mgmt_rp_get_phy_configuration rp;
6244691f 3456
181d6953 3457 bt_dev_dbg(hdev, "sock %p", sk);
6244691f
JK		 3458
3459 hci_dev_lock(hdev);
3460
3461 memset(&rp, 0, sizeof(rp));
3462
3463 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3464 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3465 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3466
3467 hci_dev_unlock(hdev);
3468
3469 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3470 &rp, sizeof(rp));
3471}
3472
b7c23df8
JK		 3473int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3474{
3475 struct mgmt_ev_phy_configuration_changed ev;
3476
3477 memset(&ev, 0, sizeof(ev));
3478
3479 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3480
3481 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3482 sizeof(ev), skip);
3483}
3484
71efbb08 3485static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
0314f286 3486{
71efbb08
BG		 3487 struct mgmt_pending_cmd *cmd = data;
3488 struct sk_buff *skb = cmd->skb;
3489 u8 status = mgmt_status(err);
0314f286 3490
71efbb08
BG		 3491 if (!status) {
3492 if (!skb)
3493 status = MGMT_STATUS_FAILED;
3494 else if (IS_ERR(skb))
3495 status = mgmt_status(PTR_ERR(skb));
3496 else
3497 status = mgmt_status(skb->data[0]);
3498 }
0314f286 3499
71efbb08 3500 bt_dev_dbg(hdev, "status %d", status);
0314f286 3501
0314f286
JK		 3502 if (status) {
3503 mgmt_cmd_status(cmd->sk, hdev->id,
71efbb08 3504 MGMT_OP_SET_PHY_CONFIGURATION, status);
0314f286
JK		 3505 } else {
3506 mgmt_cmd_complete(cmd->sk, hdev->id,
3507 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3508 NULL, 0);
b7c23df8
JK		 3509
3510 mgmt_phy_configuration_changed(hdev, cmd->sk);
0314f286
JK		 3511 }
3512
71efbb08
BG		 3513 if (skb && !IS_ERR(skb))
3514 kfree_skb(skb);
3515
0314f286 3516 mgmt_pending_remove(cmd);
71efbb08 3517}
0314f286 3518
71efbb08
BG		 3519static int set_default_phy_sync(struct hci_dev *hdev, void *data)
3520{
3521 struct mgmt_pending_cmd *cmd = data;
3522 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
3523 struct hci_cp_le_set_default_phy cp_phy;
3524 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
3525
3526 memset(&cp_phy, 0, sizeof(cp_phy));
3527
3528 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3529 cp_phy.all_phys |= 0x01;
3530
3531 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3532 cp_phy.all_phys |= 0x02;
3533
3534 if (selected_phys & MGMT_PHY_LE_1M_TX)
3535 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3536
3537 if (selected_phys & MGMT_PHY_LE_2M_TX)
3538 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3539
3540 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3541 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3542
3543 if (selected_phys & MGMT_PHY_LE_1M_RX)
3544 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3545
3546 if (selected_phys & MGMT_PHY_LE_2M_RX)
3547 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3548
3549 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3550 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3551
3552 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
3553 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
3554
3555 return 0;
0314f286
JK		 3556}
3557
3558static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3559 void *data, u16 len)
3560{
35302158 3561 struct mgmt_cp_set_phy_configuration *cp = data;
0314f286 3562 struct mgmt_pending_cmd *cmd;
0314f286
JK		 3563 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3564 u16 pkt_type = (HCI_DH1 | HCI_DM1);
b7c23df8 3565 bool changed = false;
0314f286
JK		 3566 int err;
3567
181d6953 3568 bt_dev_dbg(hdev, "sock %p", sk);
0314f286
JK		 3569
3570 configurable_phys = get_configurable_phys(hdev);
3571 supported_phys = get_supported_phys(hdev);
3572 selected_phys = __le32_to_cpu(cp->selected_phys);
3573
3574 if (selected_phys & ~supported_phys)
3575 return mgmt_cmd_status(sk, hdev->id,
3576 MGMT_OP_SET_PHY_CONFIGURATION,
3577 MGMT_STATUS_INVALID_PARAMS);
3578
3579 unconfigure_phys = supported_phys & ~configurable_phys;
3580
3581 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3582 return mgmt_cmd_status(sk, hdev->id,
3583 MGMT_OP_SET_PHY_CONFIGURATION,
3584 MGMT_STATUS_INVALID_PARAMS);
3585
3586 if (selected_phys == get_selected_phys(hdev))
3587 return mgmt_cmd_complete(sk, hdev->id,
3588 MGMT_OP_SET_PHY_CONFIGURATION,
3589 0, NULL, 0);
3590
3591 hci_dev_lock(hdev);
3592
3593 if (!hdev_is_powered(hdev)) {
3594 err = mgmt_cmd_status(sk, hdev->id,
3595 MGMT_OP_SET_PHY_CONFIGURATION,
3596 MGMT_STATUS_REJECTED);
3597 goto unlock;
3598 }
3599
3600 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3601 err = mgmt_cmd_status(sk, hdev->id,
3602 MGMT_OP_SET_PHY_CONFIGURATION,
3603 MGMT_STATUS_BUSY);
3604 goto unlock;
3605 }
3606
3607 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3608 pkt_type |= (HCI_DH3 | HCI_DM3);
3609 else
3610 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3611
3612 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3613 pkt_type |= (HCI_DH5 | HCI_DM5);
3614 else
3615 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3616
3617 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3618 pkt_type &= ~HCI_2DH1;
3619 else
3620 pkt_type |= HCI_2DH1;
3621
3622 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3623 pkt_type &= ~HCI_2DH3;
3624 else
3625 pkt_type |= HCI_2DH3;
3626
3627 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3628 pkt_type &= ~HCI_2DH5;
3629 else
3630 pkt_type |= HCI_2DH5;
3631
3632 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3633 pkt_type &= ~HCI_3DH1;
3634 else
3635 pkt_type |= HCI_3DH1;
3636
3637 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3638 pkt_type &= ~HCI_3DH3;
3639 else
3640 pkt_type |= HCI_3DH3;
3641
3642 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3643 pkt_type &= ~HCI_3DH5;
3644 else
3645 pkt_type |= HCI_3DH5;
3646
b7c23df8 3647 if (pkt_type != hdev->pkt_type) {
0314f286 3648 hdev->pkt_type = pkt_type;
b7c23df8
JK		 3649 changed = true;
3650 }
0314f286
JK		 3651
3652 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3653 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
b7c23df8
JK		 3654 if (changed)
3655 mgmt_phy_configuration_changed(hdev, sk);
3656
0314f286
JK		 3657 err = mgmt_cmd_complete(sk, hdev->id,
3658 MGMT_OP_SET_PHY_CONFIGURATION,
3659 0, NULL, 0);
3660
3661 goto unlock;
3662 }
3663
3664 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3665 len);
71efbb08 3666 if (!cmd)
0314f286 3667 err = -ENOMEM;
71efbb08
BG		 3668 else
3669 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
3670 set_default_phy_complete);
0314f286 3671
71efbb08
BG		 3672 if (err < 0) {
3673 err = mgmt_cmd_status(sk, hdev->id,
3674 MGMT_OP_SET_PHY_CONFIGURATION,
3675 MGMT_STATUS_FAILED);
0314f286 3676
71efbb08
BG		 3677 if (cmd)
3678 mgmt_pending_remove(cmd);
3679 }
0314f286
JK		 3680
3681unlock:
3682 hci_dev_unlock(hdev);
3683
3684 return err;
3685}
3686
600a8749
AM		 3687static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3688 u16 len)
3689{
3690 int err = MGMT_STATUS_SUCCESS;
3691 struct mgmt_cp_set_blocked_keys *keys = data;
3692 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3693 sizeof(struct mgmt_blocked_key_info));
3694 u16 key_count, expected_len;
3695 int i;
3696
181d6953 3697 bt_dev_dbg(hdev, "sock %p", sk);
600a8749
AM		 3698
3699 key_count = __le16_to_cpu(keys->key_count);
3700 if (key_count > max_key_count) {
3701 bt_dev_err(hdev, "too big key_count value %u", key_count);
3702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3703 MGMT_STATUS_INVALID_PARAMS);
3704 }
3705
3706 expected_len = struct_size(keys, keys, key_count);
3707 if (expected_len != len) {
3708 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3709 expected_len, len);
3710 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3711 MGMT_STATUS_INVALID_PARAMS);
3712 }
3713
3714 hci_dev_lock(hdev);
3715
3716 hci_blocked_keys_clear(hdev);
3717
3718 for (i = 0; i < keys->key_count; ++i) {
3719 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3720
3721 if (!b) {
3722 err = MGMT_STATUS_NO_RESOURCES;
3723 break;
3724 }
3725
3726 b->type = keys->keys[i].type;
3727 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3728 list_add_rcu(&b->list, &hdev->blocked_keys);
3729 }
3730 hci_dev_unlock(hdev);
3731
3732 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3733 err, NULL, 0);
3734}
3735
00bce3fb
AM		 3736static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3737 void *data, u16 len)
3738{
3739 struct mgmt_mode *cp = data;
3740 int err;
3741 bool changed = false;
3742
181d6953 3743 bt_dev_dbg(hdev, "sock %p", sk);
00bce3fb
AM		 3744
3745 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3746 return mgmt_cmd_status(sk, hdev->id,
3747 MGMT_OP_SET_WIDEBAND_SPEECH,
3748 MGMT_STATUS_NOT_SUPPORTED);
3749
3750 if (cp->val != 0x00 && cp->val != 0x01)
3751 return mgmt_cmd_status(sk, hdev->id,
3752 MGMT_OP_SET_WIDEBAND_SPEECH,
3753 MGMT_STATUS_INVALID_PARAMS);
3754
3755 hci_dev_lock(hdev);
3756
3757 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3758 err = mgmt_cmd_status(sk, hdev->id,
3759 MGMT_OP_SET_WIDEBAND_SPEECH,
3760 MGMT_STATUS_BUSY);
3761 goto unlock;
3762 }
3763
3764 if (hdev_is_powered(hdev) &&
3765 !!cp->val != hci_dev_test_flag(hdev,
3766 HCI_WIDEBAND_SPEECH_ENABLED)) {
3767 err = mgmt_cmd_status(sk, hdev->id,
3768 MGMT_OP_SET_WIDEBAND_SPEECH,
3769 MGMT_STATUS_REJECTED);
3770 goto unlock;
3771 }
3772
3773 if (cp->val)
3774 changed = !hci_dev_test_and_set_flag(hdev,
3775 HCI_WIDEBAND_SPEECH_ENABLED);
3776 else
3777 changed = hci_dev_test_and_clear_flag(hdev,
3778 HCI_WIDEBAND_SPEECH_ENABLED);
3779
3780 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3781 if (err < 0)
3782 goto unlock;
3783
3784 if (changed)
3785 err = new_settings(hdev, sk);
3786
3787unlock:
3788 hci_dev_unlock(hdev);
3789 return err;
3790}
3791
4d9b9528
DW		 3792static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
3793 void *data, u16 data_len)
bc292258 3794{
4d9b9528
DW		 3795 char buf[20];
3796 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
3797 u16 cap_len = 0;
bc292258 3798 u8 flags = 0;
4d9b9528 3799 u8 tx_power_range[2];
bc292258
MH		 3800
3801 bt_dev_dbg(hdev, "sock %p", sk);
3802
3803 memset(&buf, 0, sizeof(buf));
3804
3805 hci_dev_lock(hdev);
3806
3807 /* When the Read Simple Pairing Options command is supported, then
3808 * the remote public key validation is supported.
a61d6718
MH		 3809 *
3810 * Alternatively, when Microsoft extensions are available, they can
3811 * indicate support for public key validation as well.
bc292258 3812 */
a61d6718 3813 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
bc292258
MH		 3814 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3815
3816 flags |= 0x02; /* Remote public key validation (LE) */
3817
3818 /* When the Read Encryption Key Size command is supported, then the
3819 * encryption key size is enforced.
3820 */
3821 if (hdev->commands[20] & 0x10)
3822 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3823
3824 flags |= 0x08; /* Encryption key size enforcement (LE) */
3825
4d9b9528
DW		 3826 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
3827 &flags, 1);
bc292258
MH		 3828
3829 /* When the Read Simple Pairing Options command is supported, then
3830 * also max encryption key size information is provided.
3831 */
3832 if (hdev->commands[41] & 0x08)
4d9b9528
DW		 3833 cap_len = eir_append_le16(rp->cap, cap_len,
3834 MGMT_CAP_MAX_ENC_KEY_SIZE,
bc292258
MH		 3835 hdev->max_enc_key_size);
3836
4d9b9528
DW		 3837 cap_len = eir_append_le16(rp->cap, cap_len,
3838 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
3839 SMP_MAX_ENC_KEY_SIZE);
3840
3841 /* Append the min/max LE tx power parameters if we were able to fetch
3842 * it from the controller
3843 */
3844 if (hdev->commands[38] & 0x80) {
3845 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
3846 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
3847 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
3848 tx_power_range, 2);
3849 }
bc292258 3850
4d9b9528 3851 rp->cap_len = cpu_to_le16(cap_len);
bc292258
MH		 3852
3853 hci_dev_unlock(hdev);
3854
4d9b9528
DW		 3855 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
3856 rp, sizeof(*rp) + cap_len);
bc292258
MH		 3857}
3858
e625e50c
MH		 3859#ifdef CONFIG_BT_FEATURE_DEBUG
3860/* d4992530-b9ec-469f-ab01-6c481c47da1c */
3861static const u8 debug_uuid[16] = {
3862 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3863 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3864};
3865#endif
3866
ae7d925b
JH		 3867/* 330859bc-7506-492d-9370-9a6f0614037f */
3868static const u8 quality_report_uuid[16] = {
3869 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
3870 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
3871};
3872
ad933151
K		 3873/* a6695ace-ee7f-4fb9-881a-5fac66c629af */
3874static const u8 offload_codecs_uuid[16] = {
3875 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
3876 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
3877};
3878
15d8ce05
AM		 3879/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
3880static const u8 simult_central_periph_uuid[16] = {
3881 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
3882 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
3883};
3884
cbbdfa6f
SN		 3885/* 15c0a148-c273-11ea-b3de-0242ac130004 */
3886static const u8 rpa_resolution_uuid[16] = {
3887 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
3888 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
3889};
3890
a10c907c
MH		 3891static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3892 void *data, u16 data_len)
3893{
ad933151 3894 char buf[102]; /* Enough space for 5 features: 2 + 20 * 5 */
a10c907c
MH		 3895 struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
3896 u16 idx = 0;
15d8ce05 3897 u32 flags;
a10c907c
MH		 3898
3899 bt_dev_dbg(hdev, "sock %p", sk);
3900
3901 memset(&buf, 0, sizeof(buf));
3902
e625e50c
MH		 3903#ifdef CONFIG_BT_FEATURE_DEBUG
3904 if (!hdev) {
15d8ce05 3905 flags = bt_dbg_get() ? BIT(0) : 0;
e625e50c
MH		 3906
3907 memcpy(rp->features[idx].uuid, debug_uuid, 16);
3908 rp->features[idx].flags = cpu_to_le32(flags);
3909 idx++;
3910 }
3911#endif
3912
15d8ce05
AM		 3913 if (hdev) {
3914 if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) &&
3915 (hdev->le_states[4] & 0x08) && /* Central */
3916 (hdev->le_states[4] & 0x40) && /* Peripheral */
3917 (hdev->le_states[3] & 0x10)) /* Simultaneous */
3918 flags = BIT(0);
3919 else
3920 flags = 0;
3921
3922 memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16);
3923 rp->features[idx].flags = cpu_to_le32(flags);
3924 idx++;
3925 }
3926
ad383c2c 3927 if (hdev && ll_privacy_capable(hdev)) {
cbbdfa6f
SN		 3928 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
3929 flags = BIT(0) | BIT(1);
3930 else
3931 flags = BIT(1);
3932
3933 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
3934 rp->features[idx].flags = cpu_to_le32(flags);
3935 idx++;
3936 }
3937
258f56d1
JH		 3938 if (hdev && (aosp_has_quality_report(hdev) ||
3939 hdev->set_quality_report)) {
823f3bc4 3940 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
ae7d925b 3941 flags = BIT(0);
823f3bc4 3942 else
ae7d925b 3943 flags = 0;
823f3bc4 3944
ae7d925b
JH		 3945 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
3946 rp->features[idx].flags = cpu_to_le32(flags);
3947 idx++;
3948 }
3949
7f7fd17e
MH		 3950 if (hdev && hdev->get_data_path_id) {
3951 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
ad933151 3952 flags = BIT(0);
7f7fd17e 3953 else
ad933151 3954 flags = 0;
7f7fd17e 3955
ad933151
K		 3956 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
3957 rp->features[idx].flags = cpu_to_le32(flags);
3958 idx++;
3959 }
3960
a10c907c
MH		 3961 rp->feature_count = cpu_to_le16(idx);
3962
3963 /* After reading the experimental features information, enable
3964 * the events to update client on any future change.
3965 */
3966 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3967
3968 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3969 MGMT_OP_READ_EXP_FEATURES_INFO,
3970 0, rp, sizeof(*rp) + (20 * idx));
3971}
3972
cbbdfa6f
SN		 3973static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
3974 struct sock *skip)
3975{
3976 struct mgmt_ev_exp_feature_changed ev;
3977
3978 memset(&ev, 0, sizeof(ev));
3979 memcpy(ev.uuid, rpa_resolution_uuid, 16);
3980 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
3981
3982 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
3983 &ev, sizeof(ev),
3984 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3985
3986}
3987
e625e50c
MH		 3988#ifdef CONFIG_BT_FEATURE_DEBUG
3989static int exp_debug_feature_changed(bool enabled, struct sock *skip)
3990{
3991 struct mgmt_ev_exp_feature_changed ev;
3992
3993 memset(&ev, 0, sizeof(ev));
3994 memcpy(ev.uuid, debug_uuid, 16);
3995 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3996
3997 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL,
3998 &ev, sizeof(ev),
3999 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4000}
4001#endif
4002
b15bfa4d
THJA		 4003static int exp_quality_report_feature_changed(bool enabled,
4004 struct hci_dev *hdev,
4005 struct sock *skip)
ae7d925b
JH		 4006{
4007 struct mgmt_ev_exp_feature_changed ev;
4008
4009 memset(&ev, 0, sizeof(ev));
4010 memcpy(ev.uuid, quality_report_uuid, 16);
4011 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4012
b15bfa4d 4013 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
ae7d925b
JH		 4014 &ev, sizeof(ev),
4015 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4016}
4017
93fb70bc
JH		 4018#define EXP_FEAT(_uuid, _set_func) \
4019{ \
4020 .uuid = _uuid, \
4021 .set_func = _set_func, \
4022}
4023
4024/* The zero key uuid is special. Multiple exp features are set through it. */
4025static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4026 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
a10c907c 4027{
a10c907c
MH		 4028 struct mgmt_rp_set_exp_feature rp;
4029
93fb70bc
JH		 4030 memset(rp.uuid, 0, 16);
4031 rp.flags = cpu_to_le32(0);
a10c907c 4032
e625e50c 4033#ifdef CONFIG_BT_FEATURE_DEBUG
93fb70bc
JH		 4034 if (!hdev) {
4035 bool changed = bt_dbg_get();
e625e50c 4036
93fb70bc 4037 bt_dbg_set(false);
e625e50c 4038
93fb70bc
JH		 4039 if (changed)
4040 exp_debug_feature_changed(false, sk);
4041 }
e625e50c
MH		 4042#endif
4043
93fb70bc
JH		 4044 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
4045 bool changed = hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY);
cbbdfa6f 4046
93fb70bc 4047 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
cbbdfa6f 4048
93fb70bc
JH		 4049 if (changed)
4050 exp_ll_privacy_feature_changed(false, hdev, sk);
4051 }
cbbdfa6f 4052
93fb70bc 4053 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
a10c907c 4054
93fb70bc
JH		 4055 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4056 MGMT_OP_SET_EXP_FEATURE, 0,
4057 &rp, sizeof(rp));
4058}
a10c907c 4059
e625e50c 4060#ifdef CONFIG_BT_FEATURE_DEBUG
93fb70bc
JH		 4061static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4062 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4063{
4064 struct mgmt_rp_set_exp_feature rp;
e625e50c 4065
93fb70bc
JH		 4066 bool val, changed;
4067 int err;
e625e50c 4068
93fb70bc
JH		 4069 /* Command requires to use the non-controller index */
4070 if (hdev)
4071 return mgmt_cmd_status(sk, hdev->id,
4072 MGMT_OP_SET_EXP_FEATURE,
4073 MGMT_STATUS_INVALID_INDEX);
e625e50c 4074
93fb70bc
JH		 4075 /* Parameters are limited to a single octet */
4076 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4077 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4078 MGMT_OP_SET_EXP_FEATURE,
4079 MGMT_STATUS_INVALID_PARAMS);
e625e50c 4080
93fb70bc
JH		 4081 /* Only boolean on/off is supported */
4082 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4083 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4084 MGMT_OP_SET_EXP_FEATURE,
4085 MGMT_STATUS_INVALID_PARAMS);
e625e50c 4086
93fb70bc
JH		 4087 val = !!cp->param[0];
4088 changed = val ? !bt_dbg_get() : bt_dbg_get();
4089 bt_dbg_set(val);
e625e50c 4090
93fb70bc
JH		 4091 memcpy(rp.uuid, debug_uuid, 16);
4092 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
e625e50c 4093
93fb70bc 4094 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
e625e50c 4095
93fb70bc
JH		 4096 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4097 MGMT_OP_SET_EXP_FEATURE, 0,
4098 &rp, sizeof(rp));
e625e50c 4099
93fb70bc
JH		 4100 if (changed)
4101 exp_debug_feature_changed(val, sk);
4102
4103 return err;
4104}
e625e50c
MH		 4105#endif
4106
93fb70bc
JH		 4107static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4108 struct mgmt_cp_set_exp_feature *cp,
4109 u16 data_len)
4110{
4111 struct mgmt_rp_set_exp_feature rp;
4112 bool val, changed;
4113 int err;
4114 u32 flags;
4115
4116 /* Command requires to use the controller index */
4117 if (!hdev)
4118 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4119 MGMT_OP_SET_EXP_FEATURE,
4120 MGMT_STATUS_INVALID_INDEX);
cbbdfa6f 4121
93fb70bc
JH		 4122 /* Changes can only be made when controller is powered down */
4123 if (hdev_is_powered(hdev))
4124 return mgmt_cmd_status(sk, hdev->id,
4125 MGMT_OP_SET_EXP_FEATURE,
4126 MGMT_STATUS_REJECTED);
cbbdfa6f 4127
93fb70bc
JH		 4128 /* Parameters are limited to a single octet */
4129 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4130 return mgmt_cmd_status(sk, hdev->id,
4131 MGMT_OP_SET_EXP_FEATURE,
4132 MGMT_STATUS_INVALID_PARAMS);
cbbdfa6f 4133
93fb70bc
JH		 4134 /* Only boolean on/off is supported */
4135 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4136 return mgmt_cmd_status(sk, hdev->id,
4137 MGMT_OP_SET_EXP_FEATURE,
4138 MGMT_STATUS_INVALID_PARAMS);
cbbdfa6f 4139
93fb70bc 4140 val = !!cp->param[0];
cbbdfa6f 4141
93fb70bc
JH		 4142 if (val) {
4143 changed = !hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4144 hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4145 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
cbbdfa6f 4146
93fb70bc
JH		 4147 /* Enable LL privacy + supported settings changed */
4148 flags = BIT(0) | BIT(1);
4149 } else {
4150 changed = hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4151 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
cbbdfa6f 4152
93fb70bc
JH		 4153 /* Disable LL privacy + supported settings changed */
4154 flags = BIT(1);
4155 }
cbbdfa6f 4156
93fb70bc
JH		 4157 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4158 rp.flags = cpu_to_le32(flags);
cbbdfa6f 4159
93fb70bc 4160 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
cbbdfa6f 4161
93fb70bc
JH		 4162 err = mgmt_cmd_complete(sk, hdev->id,
4163 MGMT_OP_SET_EXP_FEATURE, 0,
4164 &rp, sizeof(rp));
cbbdfa6f 4165
93fb70bc
JH		 4166 if (changed)
4167 exp_ll_privacy_feature_changed(val, hdev, sk);
cbbdfa6f 4168
93fb70bc
JH		 4169 return err;
4170}
cbbdfa6f 4171
ae7d925b
JH		 4172static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4173 struct mgmt_cp_set_exp_feature *cp,
4174 u16 data_len)
4175{
4176 struct mgmt_rp_set_exp_feature rp;
4177 bool val, changed;
4178 int err;
4179
4180 /* Command requires to use a valid controller index */
4181 if (!hdev)
4182 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4183 MGMT_OP_SET_EXP_FEATURE,
4184 MGMT_STATUS_INVALID_INDEX);
4185
4186 /* Parameters are limited to a single octet */
4187 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4188 return mgmt_cmd_status(sk, hdev->id,
4189 MGMT_OP_SET_EXP_FEATURE,
4190 MGMT_STATUS_INVALID_PARAMS);
4191
4192 /* Only boolean on/off is supported */
4193 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4194 return mgmt_cmd_status(sk, hdev->id,
4195 MGMT_OP_SET_EXP_FEATURE,
4196 MGMT_STATUS_INVALID_PARAMS);
4197
4198 hci_req_sync_lock(hdev);
4199
4200 val = !!cp->param[0];
4201 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4202
258f56d1 4203 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
ae7d925b
JH		 4204 err = mgmt_cmd_status(sk, hdev->id,
4205 MGMT_OP_SET_EXP_FEATURE,
4206 MGMT_STATUS_NOT_SUPPORTED);
4207 goto unlock_quality_report;
4208 }
4209
4210 if (changed) {
258f56d1
JH		 4211 if (hdev->set_quality_report)
4212 err = hdev->set_quality_report(hdev, val);
4213 else
4214 err = aosp_set_quality_report(hdev, val);
4215
ae7d925b
JH		 4216 if (err) {
4217 err = mgmt_cmd_status(sk, hdev->id,
4218 MGMT_OP_SET_EXP_FEATURE,
4219 MGMT_STATUS_FAILED);
4220 goto unlock_quality_report;
4221 }
258f56d1 4222
ae7d925b
JH		 4223 if (val)
4224 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4225 else
4226 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4227 }
4228
4229 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4230
4231 memcpy(rp.uuid, quality_report_uuid, 16);
4232 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4233 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
258f56d1
JH		 4234
4235 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
ae7d925b
JH		 4236 &rp, sizeof(rp));
4237
4238 if (changed)
b15bfa4d 4239 exp_quality_report_feature_changed(val, hdev, sk);
ae7d925b
JH		 4240
4241unlock_quality_report:
4242 hci_req_sync_unlock(hdev);
4243 return err;
4244}
4245
b15bfa4d
THJA		 4246static int exp_offload_codec_feature_changed(bool enabled, struct hci_dev *hdev,
4247 struct sock *skip)
ad933151
K		 4248{
4249 struct mgmt_ev_exp_feature_changed ev;
4250
4251 memset(&ev, 0, sizeof(ev));
4252 memcpy(ev.uuid, offload_codecs_uuid, 16);
4253 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4254
b15bfa4d 4255 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
ad933151
K		 4256 &ev, sizeof(ev),
4257 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4258}
4259
4260static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4261 struct mgmt_cp_set_exp_feature *cp,
4262 u16 data_len)
4263{
4264 bool val, changed;
4265 int err;
4266 struct mgmt_rp_set_exp_feature rp;
4267
4268 /* Command requires to use a valid controller index */
4269 if (!hdev)
4270 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4271 MGMT_OP_SET_EXP_FEATURE,
4272 MGMT_STATUS_INVALID_INDEX);
4273
4274 /* Parameters are limited to a single octet */
4275 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4276 return mgmt_cmd_status(sk, hdev->id,
4277 MGMT_OP_SET_EXP_FEATURE,
4278 MGMT_STATUS_INVALID_PARAMS);
4279
4280 /* Only boolean on/off is supported */
4281 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4282 return mgmt_cmd_status(sk, hdev->id,
4283 MGMT_OP_SET_EXP_FEATURE,
4284 MGMT_STATUS_INVALID_PARAMS);
4285
4286 val = !!cp->param[0];
4287 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4288
4289 if (!hdev->get_data_path_id) {
4290 return mgmt_cmd_status(sk, hdev->id,
4291 MGMT_OP_SET_EXP_FEATURE,
4292 MGMT_STATUS_NOT_SUPPORTED);
4293 }
4294
4295 if (changed) {
4296 if (val)
4297 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4298 else
4299 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4300 }
4301
4302 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4303 val, changed);
4304
4305 memcpy(rp.uuid, offload_codecs_uuid, 16);
4306 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4307 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4308 err = mgmt_cmd_complete(sk, hdev->id,
4309 MGMT_OP_SET_EXP_FEATURE, 0,
4310 &rp, sizeof(rp));
4311
4312 if (changed)
b15bfa4d 4313 exp_offload_codec_feature_changed(val, hdev, sk);
ad933151
K		 4314
4315 return err;
4316}
4317
93fb70bc
JH		 4318static const struct mgmt_exp_feature {
4319 const u8 *uuid;
4320 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4321 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4322} exp_features[] = {
4323 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4324#ifdef CONFIG_BT_FEATURE_DEBUG
4325 EXP_FEAT(debug_uuid, set_debug_func),
4326#endif
4327 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
ae7d925b 4328 EXP_FEAT(quality_report_uuid, set_quality_report_func),
ad933151 4329 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
93fb70bc
JH		 4330
4331 /* end with a null feature */
4332 EXP_FEAT(NULL, NULL)
4333};
4334
4335static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
4336 void *data, u16 data_len)
4337{
4338 struct mgmt_cp_set_exp_feature *cp = data;
4339 size_t i = 0;
4340
4341 bt_dev_dbg(hdev, "sock %p", sk);
4342
4343 for (i = 0; exp_features[i].uuid; i++) {
4344 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
4345 return exp_features[i].set_func(sk, hdev, cp, data_len);
cbbdfa6f
SN		 4346 }
4347
a10c907c
MH		 4348 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4349 MGMT_OP_SET_EXP_FEATURE,
4350 MGMT_STATUS_NOT_SUPPORTED);
4351}
4352
4c54bf2b
APS		 4353#define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1)
4354
4355static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4356 u16 data_len)
4357{
4358 struct mgmt_cp_get_device_flags *cp = data;
4359 struct mgmt_rp_get_device_flags rp;
4360 struct bdaddr_list_with_flags *br_params;
4361 struct hci_conn_params *params;
4362 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4363 u32 current_flags = 0;
4364 u8 status = MGMT_STATUS_INVALID_PARAMS;
4365
4366 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
4367 &cp->addr.bdaddr, cp->addr.type);
4368
3ca33e3f
APS		 4369 hci_dev_lock(hdev);
4370
02ce2c2c
THJA		 4371 memset(&rp, 0, sizeof(rp));
4372
4c54bf2b 4373 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 4374 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4c54bf2b
APS		 4375 &cp->addr.bdaddr,
4376 cp->addr.type);
4377 if (!br_params)
4378 goto done;
4379
4380 current_flags = br_params->current_flags;
4381 } else {
4382 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4383 le_addr_type(cp->addr.type));
4384
4385 if (!params)
4386 goto done;
4387
4388 current_flags = params->current_flags;
4389 }
4390
4391 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4392 rp.addr.type = cp->addr.type;
4393 rp.supported_flags = cpu_to_le32(supported_flags);
4394 rp.current_flags = cpu_to_le32(current_flags);
4395
4396 status = MGMT_STATUS_SUCCESS;
4397
4398done:
3ca33e3f
APS		 4399 hci_dev_unlock(hdev);
4400
4c54bf2b
APS		 4401 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
4402 &rp, sizeof(rp));
4403}
4404
4405static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
4406 bdaddr_t *bdaddr, u8 bdaddr_type,
4407 u32 supported_flags, u32 current_flags)
4408{
4409 struct mgmt_ev_device_flags_changed ev;
4410
4411 bacpy(&ev.addr.bdaddr, bdaddr);
4412 ev.addr.type = bdaddr_type;
4413 ev.supported_flags = cpu_to_le32(supported_flags);
4414 ev.current_flags = cpu_to_le32(current_flags);
4415
4416 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
4417}
4418
4419static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4420 u16 len)
4421{
4422 struct mgmt_cp_set_device_flags *cp = data;
4423 struct bdaddr_list_with_flags *br_params;
4424 struct hci_conn_params *params;
4425 u8 status = MGMT_STATUS_INVALID_PARAMS;
4426 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4427 u32 current_flags = __le32_to_cpu(cp->current_flags);
4428
4429 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
4430 &cp->addr.bdaddr, cp->addr.type,
4431 __le32_to_cpu(current_flags));
4432
4433 if ((supported_flags | current_flags) != supported_flags) {
4434 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4435 current_flags, supported_flags);
4436 goto done;
4437 }
4438
3ca33e3f
APS		 4439 hci_dev_lock(hdev);
4440
4c54bf2b 4441 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 4442 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4c54bf2b
APS		 4443 &cp->addr.bdaddr,
4444 cp->addr.type);
4445
4446 if (br_params) {
4447 br_params->current_flags = current_flags;
4448 status = MGMT_STATUS_SUCCESS;
4449 } else {
4450 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
4451 &cp->addr.bdaddr, cp->addr.type);
4452 }
4453 } else {
4454 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4455 le_addr_type(cp->addr.type));
4456 if (params) {
4457 params->current_flags = current_flags;
4458 status = MGMT_STATUS_SUCCESS;
4459 } else {
4460 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
4461 &cp->addr.bdaddr,
4462 le_addr_type(cp->addr.type));
4463 }
4464 }
4465
4466done:
3ca33e3f
APS		 4467 hci_dev_unlock(hdev);
4468
4c54bf2b
APS		 4469 if (status == MGMT_STATUS_SUCCESS)
4470 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
4471 supported_flags, current_flags);
4472
4473 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
4474 &cp->addr, sizeof(cp->addr));
4475}
4476
b52729f2
MC		 4477static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
4478 u16 handle)
4479{
4480 struct mgmt_ev_adv_monitor_added ev;
4481
4482 ev.monitor_handle = cpu_to_le16(handle);
4483
4484 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
4485}
4486
66bd095a 4487void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
cdde92e2 4488{
66bd095a
AP		 4489 struct mgmt_ev_adv_monitor_removed ev;
4490 struct mgmt_pending_cmd *cmd;
4491 struct sock *sk_skip = NULL;
4492 struct mgmt_cp_remove_adv_monitor *cp;
4493
4494 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4495 if (cmd) {
4496 cp = cmd->param;
4497
4498 if (cp->monitor_handle)
4499 sk_skip = cmd->sk;
4500 }
cdde92e2
MC		 4501
4502 ev.monitor_handle = cpu_to_le16(handle);
4503
66bd095a 4504 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
cdde92e2
MC		 4505}
4506
e5e1e7fd
MC		 4507static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
4508 void *data, u16 len)
4509{
4510 struct adv_monitor *monitor = NULL;
4511 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
cafd472a 4512 int handle, err;
e5e1e7fd
MC		 4513 size_t rp_size = 0;
4514 __u32 supported = 0;
a2a4dedf 4515 __u32 enabled = 0;
e5e1e7fd
MC		 4516 __u16 num_handles = 0;
4517 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
4518
4519 BT_DBG("request for %s", hdev->name);
4520
4521 hci_dev_lock(hdev);
4522
a2a4dedf 4523 if (msft_monitor_supported(hdev))
e5e1e7fd
MC		 4524 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
4525
a2a4dedf 4526 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
e5e1e7fd 4527 handles[num_handles++] = monitor->handle;
e5e1e7fd
MC		 4528
4529 hci_dev_unlock(hdev);
4530
4531 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
4532 rp = kmalloc(rp_size, GFP_KERNEL);
4533 if (!rp)
4534 return -ENOMEM;
4535
a2a4dedf
AP		 4536 /* All supported features are currently enabled */
4537 enabled = supported;
4538
e5e1e7fd 4539 rp->supported_features = cpu_to_le32(supported);
a2a4dedf 4540 rp->enabled_features = cpu_to_le32(enabled);
e5e1e7fd
MC		 4541 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
4542 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
4543 rp->num_handles = cpu_to_le16(num_handles);
4544 if (num_handles)
4545 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4546
cafd472a
PY		 4547 err = mgmt_cmd_complete(sk, hdev->id,
4548 MGMT_OP_READ_ADV_MONITOR_FEATURES,
4549 MGMT_STATUS_SUCCESS, rp, rp_size);
4550
4551 kfree(rp);
4552
4553 return err;
e5e1e7fd
MC		 4554}
4555
a2a4dedf
AP		 4556int mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, u8 status)
4557{
4558 struct mgmt_rp_add_adv_patterns_monitor rp;
4559 struct mgmt_pending_cmd *cmd;
4560 struct adv_monitor *monitor;
4561 int err = 0;
4562
4563 hci_dev_lock(hdev);
4564
4565 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev);
4566 if (!cmd) {
4567 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev);
4568 if (!cmd)
4569 goto done;
4570 }
4571
4572 monitor = cmd->user_data;
4573 rp.monitor_handle = cpu_to_le16(monitor->handle);
4574
4575 if (!status) {
4576 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
4577 hdev->adv_monitors_cnt++;
4578 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
4579 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5bee2fd6 4580 hci_update_passive_scan(hdev);
a2a4dedf
AP		 4581 }
4582
4583 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4584 mgmt_status(status), &rp, sizeof(rp));
4585 mgmt_pending_remove(cmd);
4586
4587done:
4588 hci_dev_unlock(hdev);
85d67284 4589 bt_dev_dbg(hdev, "add monitor %d complete, status %u",
a2a4dedf
AP		 4590 rp.monitor_handle, status);
4591
4592 return err;
4593}
4594
b4a221ea 4595static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
a2a4dedf
AP		 4596 struct adv_monitor *m, u8 status,
4597 void *data, u16 len, u16 op)
b139553d 4598{
b139553d 4599 struct mgmt_rp_add_adv_patterns_monitor rp;
a2a4dedf 4600 struct mgmt_pending_cmd *cmd;
b4a221ea 4601 int err;
a2a4dedf
AP		 4602 bool pending;
4603
4604 hci_dev_lock(hdev);
b139553d 4605
b4a221ea 4606 if (status)
a2a4dedf 4607 goto unlock;
b139553d 4608
a2a4dedf
AP		 4609 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4610 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4611 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
4612 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
4613 status = MGMT_STATUS_BUSY;
4614 goto unlock;
4615 }
b139553d 4616
a2a4dedf
AP		 4617 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4618 if (!cmd) {
4619 status = MGMT_STATUS_NO_RESOURCES;
4620 goto unlock;
4621 }
b52729f2 4622
b1810feb 4623 cmd->user_data = m;
a2a4dedf 4624 pending = hci_add_adv_monitor(hdev, m, &err);
b139553d 4625 if (err) {
a2a4dedf 4626 if (err == -ENOSPC || err == -ENOMEM)
b4a221ea 4627 status = MGMT_STATUS_NO_RESOURCES;
a2a4dedf
AP		 4628 else if (err == -EINVAL)
4629 status = MGMT_STATUS_INVALID_PARAMS;
b4a221ea
AP		 4630 else
4631 status = MGMT_STATUS_FAILED;
4632
a2a4dedf 4633 mgmt_pending_remove(cmd);
b139553d
MC		 4634 goto unlock;
4635 }
4636
a2a4dedf
AP		 4637 if (!pending) {
4638 mgmt_pending_remove(cmd);
4639 rp.monitor_handle = cpu_to_le16(m->handle);
b52729f2 4640 mgmt_adv_monitor_added(sk, hdev, m->handle);
a2a4dedf
AP		 4641 m->state = ADV_MONITOR_STATE_REGISTERED;
4642 hdev->adv_monitors_cnt++;
b52729f2 4643
a2a4dedf
AP		 4644 hci_dev_unlock(hdev);
4645 return mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_SUCCESS,
4646 &rp, sizeof(rp));
4647 }
b139553d 4648
a2a4dedf 4649 hci_dev_unlock(hdev);
b139553d 4650
a2a4dedf 4651 return 0;
b139553d
MC		 4652
4653unlock:
66bd095a 4654 hci_free_adv_monitor(hdev, m);
b139553d 4655 hci_dev_unlock(hdev);
b4a221ea
AP		 4656 return mgmt_cmd_status(sk, hdev->id, op, status);
4657}
4658
4659static void parse_adv_monitor_rssi(struct adv_monitor *m,
4660 struct mgmt_adv_rssi_thresholds *rssi)
4661{
4662 if (rssi) {
4663 m->rssi.low_threshold = rssi->low_threshold;
4664 m->rssi.low_threshold_timeout =
4665 __le16_to_cpu(rssi->low_threshold_timeout);
4666 m->rssi.high_threshold = rssi->high_threshold;
4667 m->rssi.high_threshold_timeout =
4668 __le16_to_cpu(rssi->high_threshold_timeout);
4669 m->rssi.sampling_period = rssi->sampling_period;
4670 } else {
4671 /* Default values. These numbers are the least constricting
4672 * parameters for MSFT API to work, so it behaves as if there
4673 * are no rssi parameter to consider. May need to be changed
4674 * if other API are to be supported.
4675 */
4676 m->rssi.low_threshold = -127;
4677 m->rssi.low_threshold_timeout = 60;
4678 m->rssi.high_threshold = -127;
4679 m->rssi.high_threshold_timeout = 0;
4680 m->rssi.sampling_period = 0;
4681 }
4682}
4683
4684static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
4685 struct mgmt_adv_pattern *patterns)
4686{
4687 u8 offset = 0, length = 0;
4688 struct adv_pattern *p = NULL;
b4a221ea
AP		 4689 int i;
4690
4691 for (i = 0; i < pattern_count; i++) {
b4a221ea
AP		 4692 offset = patterns[i].offset;
4693 length = patterns[i].length;
4694 if (offset >= HCI_MAX_AD_LENGTH ||
4695 length > HCI_MAX_AD_LENGTH ||
4696 (offset + length) > HCI_MAX_AD_LENGTH)
4697 return MGMT_STATUS_INVALID_PARAMS;
4698
4699 p = kmalloc(sizeof(*p), GFP_KERNEL);
4700 if (!p)
4701 return MGMT_STATUS_NO_RESOURCES;
4702
4703 p->ad_type = patterns[i].ad_type;
4704 p->offset = patterns[i].offset;
4705 p->length = patterns[i].length;
4706 memcpy(p->value, patterns[i].value, p->length);
4707
4708 INIT_LIST_HEAD(&p->list);
4709 list_add(&p->list, &m->patterns);
4710 }
4711
b4a221ea
AP		 4712 return MGMT_STATUS_SUCCESS;
4713}
4714
4715static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4716 void *data, u16 len)
4717{
4718 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
4719 struct adv_monitor *m = NULL;
4720 u8 status = MGMT_STATUS_SUCCESS;
4721 size_t expected_size = sizeof(*cp);
4722
4723 BT_DBG("request for %s", hdev->name);
4724
4725 if (len <= sizeof(*cp)) {
4726 status = MGMT_STATUS_INVALID_PARAMS;
4727 goto done;
4728 }
4729
4730 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4731 if (len != expected_size) {
4732 status = MGMT_STATUS_INVALID_PARAMS;
4733 goto done;
4734 }
4735
4736 m = kzalloc(sizeof(*m), GFP_KERNEL);
4737 if (!m) {
4738 status = MGMT_STATUS_NO_RESOURCES;
4739 goto done;
4740 }
4741
4742 INIT_LIST_HEAD(&m->patterns);
4743
4744 parse_adv_monitor_rssi(m, NULL);
4745 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4746
4747done:
a2a4dedf 4748 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
b4a221ea
AP		 4749 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
4750}
4751
4752static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
4753 void *data, u16 len)
4754{
4755 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
4756 struct adv_monitor *m = NULL;
4757 u8 status = MGMT_STATUS_SUCCESS;
4758 size_t expected_size = sizeof(*cp);
4759
4760 BT_DBG("request for %s", hdev->name);
4761
4762 if (len <= sizeof(*cp)) {
4763 status = MGMT_STATUS_INVALID_PARAMS;
4764 goto done;
4765 }
4766
4767 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4768 if (len != expected_size) {
4769 status = MGMT_STATUS_INVALID_PARAMS;
4770 goto done;
4771 }
4772
4773 m = kzalloc(sizeof(*m), GFP_KERNEL);
4774 if (!m) {
4775 status = MGMT_STATUS_NO_RESOURCES;
4776 goto done;
4777 }
4778
4779 INIT_LIST_HEAD(&m->patterns);
4780
4781 parse_adv_monitor_rssi(m, &cp->rssi);
4782 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4783
4784done:
a2a4dedf 4785 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
b4a221ea 4786 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
b139553d
MC		 4787}
4788
66bd095a
AP		 4789int mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, u8 status)
4790{
4791 struct mgmt_rp_remove_adv_monitor rp;
4792 struct mgmt_cp_remove_adv_monitor *cp;
4793 struct mgmt_pending_cmd *cmd;
4794 int err = 0;
4795
4796 hci_dev_lock(hdev);
4797
4798 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4799 if (!cmd)
4800 goto done;
4801
4802 cp = cmd->param;
4803 rp.monitor_handle = cp->monitor_handle;
4804
4805 if (!status)
5bee2fd6 4806 hci_update_passive_scan(hdev);
66bd095a
AP		 4807
4808 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4809 mgmt_status(status), &rp, sizeof(rp));
4810 mgmt_pending_remove(cmd);
4811
4812done:
4813 hci_dev_unlock(hdev);
85d67284 4814 bt_dev_dbg(hdev, "remove monitor %d complete, status %u",
66bd095a
AP		 4815 rp.monitor_handle, status);
4816
4817 return err;
4818}
4819
bd2fbc6c
MC		 4820static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
4821 void *data, u16 len)
4822{
4823 struct mgmt_cp_remove_adv_monitor *cp = data;
4824 struct mgmt_rp_remove_adv_monitor rp;
66bd095a
AP		 4825 struct mgmt_pending_cmd *cmd;
4826 u16 handle = __le16_to_cpu(cp->monitor_handle);
4827 int err, status;
4828 bool pending;
bd2fbc6c
MC		 4829
4830 BT_DBG("request for %s", hdev->name);
66bd095a 4831 rp.monitor_handle = cp->monitor_handle;
bd2fbc6c
MC		 4832
4833 hci_dev_lock(hdev);
4834
66bd095a
AP		 4835 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4836 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
4837 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4838 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
4839 status = MGMT_STATUS_BUSY;
4840 goto unlock;
4841 }
bd2fbc6c 4842
66bd095a
AP		 4843 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
4844 if (!cmd) {
4845 status = MGMT_STATUS_NO_RESOURCES;
bd2fbc6c
MC		 4846 goto unlock;
4847 }
4848
66bd095a
AP		 4849 if (handle)
4850 pending = hci_remove_single_adv_monitor(hdev, handle, &err);
4851 else
4852 pending = hci_remove_all_adv_monitor(hdev, &err);
cdde92e2 4853
66bd095a
AP		 4854 if (err) {
4855 mgmt_pending_remove(cmd);
bd2fbc6c 4856
66bd095a
AP		 4857 if (err == -ENOENT)
4858 status = MGMT_STATUS_INVALID_INDEX;
4859 else
4860 status = MGMT_STATUS_FAILED;
4861
4862 goto unlock;
4863 }
4864
4865 /* monitor can be removed without forwarding request to controller */
4866 if (!pending) {
4867 mgmt_pending_remove(cmd);
4868 hci_dev_unlock(hdev);
4869
4870 return mgmt_cmd_complete(sk, hdev->id,
4871 MGMT_OP_REMOVE_ADV_MONITOR,
4872 MGMT_STATUS_SUCCESS,
4873 &rp, sizeof(rp));
4874 }
bd2fbc6c 4875
66bd095a
AP		 4876 hci_dev_unlock(hdev);
4877 return 0;
bd2fbc6c
MC		 4878
4879unlock:
4880 hci_dev_unlock(hdev);
66bd095a
AP		 4881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4882 status);
bd2fbc6c
MC		 4883}
4884
f892244b 4885static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
1b9441f8
JH		 4886{
4887 struct mgmt_rp_read_local_oob_data mgmt_rp;
4888 size_t rp_size = sizeof(mgmt_rp);
f892244b
BG		 4889 struct mgmt_pending_cmd *cmd = data;
4890 struct sk_buff *skb = cmd->skb;
4891 u8 status = mgmt_status(err);
1b9441f8 4892
f892244b
BG		 4893 if (!status) {
4894 if (!skb)
4895 status = MGMT_STATUS_FAILED;
4896 else if (IS_ERR(skb))
4897 status = mgmt_status(PTR_ERR(skb));
4898 else
4899 status = mgmt_status(skb->data[0]);
4900 }
1b9441f8 4901
f892244b 4902 bt_dev_dbg(hdev, "status %d", status);
1b9441f8 4903
f892244b
BG		 4904 if (status) {
4905 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
1b9441f8
JH		 4906 goto remove;
4907 }
4908
4909 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
4910
f892244b 4911 if (!bredr_sc_enabled(hdev)) {
1b9441f8
JH		 4912 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
4913
4914 if (skb->len < sizeof(*rp)) {
4915 mgmt_cmd_status(cmd->sk, hdev->id,
4916 MGMT_OP_READ_LOCAL_OOB_DATA,
4917 MGMT_STATUS_FAILED);
4918 goto remove;
4919 }
4920
4921 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
4922 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
4923
4924 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
4925 } else {
4926 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
4927
4928 if (skb->len < sizeof(*rp)) {
4929 mgmt_cmd_status(cmd->sk, hdev->id,
4930 MGMT_OP_READ_LOCAL_OOB_DATA,
4931 MGMT_STATUS_FAILED);
4932 goto remove;
4933 }
4934
4935 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
4936 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
4937
4938 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
4939 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
4940 }
4941
4942 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4943 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
4944
4945remove:
f892244b
BG		 4946 if (skb && !IS_ERR(skb))
4947 kfree_skb(skb);
4948
4949 mgmt_pending_free(cmd);
4950}
4951
4952static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
4953{
4954 struct mgmt_pending_cmd *cmd = data;
4955
4956 if (bredr_sc_enabled(hdev))
4957 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
4958 else
4959 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
4960
4961 if (IS_ERR(cmd->skb))
4962 return PTR_ERR(cmd->skb);
4963 else
4964 return 0;
1b9441f8
JH		 4965}
4966
0f4e68cf 4967static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 4968 void *data, u16 data_len)
c35938b2 4969{
3b0602cd 4970 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 4971 int err;
4972
181d6953 4973 bt_dev_dbg(hdev, "sock %p", sk);
c35938b2 4974
09fd0de5 4975 hci_dev_lock(hdev);
c35938b2 4976
4b34ee78 4977 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 4978 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4979 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 4980 goto unlock;
4981 }
4982
9a1a1996 4983 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 4984 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4985 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 4986 goto unlock;
4987 }
4988
333ae95d 4989 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 4990 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4991 MGMT_STATUS_BUSY);
c35938b2
SJ		 4992 goto unlock;
4993 }
4994
f892244b
BG		 4995 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
4996 if (!cmd)
c35938b2 4997 err = -ENOMEM;
4d2d2796 4998 else
f892244b
BG		 4999 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5000 read_local_oob_data_complete);
4d2d2796 5001
f892244b
BG		 5002 if (err < 0) {
5003 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5004 MGMT_STATUS_FAILED);
5005
5006 if (cmd)
5007 mgmt_pending_free(cmd);
5008 }
c35938b2
SJ		 5009
5010unlock:
09fd0de5 5011 hci_dev_unlock(hdev);
c35938b2
SJ		 5012 return err;
5013}
5014
bdb6d971 5015static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 5016 void *data, u16 len)
2763eda6 5017{
5d57e796 5018 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 5019 int err;
5020
181d6953 5021 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 5022
5d57e796 5023 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 5024 return mgmt_cmd_complete(sk, hdev->id,
5025 MGMT_OP_ADD_REMOTE_OOB_DATA,
5026 MGMT_STATUS_INVALID_PARAMS,
5027 addr, sizeof(*addr));
5d57e796 5028
09fd0de5 5029 hci_dev_lock(hdev);
2763eda6 5030
ec109113
MH		 5031 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5032 struct mgmt_cp_add_remote_oob_data *cp = data;
5033 u8 status;
bf1e3541 5034
c19a495c 5035 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 5036 err = mgmt_cmd_complete(sk, hdev->id,
5037 MGMT_OP_ADD_REMOTE_OOB_DATA,
5038 MGMT_STATUS_INVALID_PARAMS,
5039 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 5040 goto unlock;
5041 }
5042
ec109113 5043 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 5044 cp->addr.type, cp->hash,
5045 cp->rand, NULL, NULL);
ec109113
MH		 5046 if (err < 0)
5047 status = MGMT_STATUS_FAILED;
5048 else
5049 status = MGMT_STATUS_SUCCESS;
5050
2a1afb5a
JH		 5051 err = mgmt_cmd_complete(sk, hdev->id,
5052 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5053 &cp->addr, sizeof(cp->addr));
ec109113
MH		 5054 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5055 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 5056 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 5057 u8 status;
5058
86df9200 5059 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 5060 /* Enforce zero-valued 192-bit parameters as
5061 * long as legacy SMP OOB isn't implemented.
5062 */
5063 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5064 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 5065 err = mgmt_cmd_complete(sk, hdev->id,
5066 MGMT_OP_ADD_REMOTE_OOB_DATA,
5067 MGMT_STATUS_INVALID_PARAMS,
5068 addr, sizeof(*addr));
d25b78e2
JH		 5069 goto unlock;
5070 }
5071
86df9200
JH		 5072 rand192 = NULL;
5073 hash192 = NULL;
5074 } else {
41bcfd50
MH		 5075 /* In case one of the P-192 values is set to zero,
5076 * then just disable OOB data for P-192.
5077 */
5078 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5079 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5080 rand192 = NULL;
5081 hash192 = NULL;
5082 } else {
5083 rand192 = cp->rand192;
5084 hash192 = cp->hash192;
5085 }
5086 }
5087
5088 /* In case one of the P-256 values is set to zero, then just
5089 * disable OOB data for P-256.
5090 */
5091 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5092 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5093 rand256 = NULL;
5094 hash256 = NULL;
5095 } else {
5096 rand256 = cp->rand256;
5097 hash256 = cp->hash256;
86df9200
JH		 5098 }
5099
81328d5c 5100 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 5101 cp->addr.type, hash192, rand192,
41bcfd50 5102 hash256, rand256);
ec109113
MH		 5103 if (err < 0)
5104 status = MGMT_STATUS_FAILED;
5105 else
5106 status = MGMT_STATUS_SUCCESS;
5107
2a1afb5a
JH		 5108 err = mgmt_cmd_complete(sk, hdev->id,
5109 MGMT_OP_ADD_REMOTE_OOB_DATA,
5110 status, &cp->addr, sizeof(cp->addr));
ec109113 5111 } else {
2064ee33
MH		 5112 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5113 len);
a69e8375
JH		 5114 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5115 MGMT_STATUS_INVALID_PARAMS);
ec109113 5116 }
2763eda6 5117
c19a495c 5118unlock:
09fd0de5 5119 hci_dev_unlock(hdev);
2763eda6
SJ		 5120 return err;
5121}
5122
bdb6d971 5123static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 5124 void *data, u16 len)
2763eda6 5125{
650f726d 5126 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 5127 u8 status;
2763eda6
SJ		 5128 int err;
5129
181d6953 5130 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 5131
c19a495c 5132 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5133 return mgmt_cmd_complete(sk, hdev->id,
5134 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5135 MGMT_STATUS_INVALID_PARAMS,
5136 &cp->addr, sizeof(cp->addr));
c19a495c 5137
09fd0de5 5138 hci_dev_lock(hdev);
2763eda6 5139
eedbd581
JH		 5140 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5141 hci_remote_oob_data_clear(hdev);
5142 status = MGMT_STATUS_SUCCESS;
5143 goto done;
5144 }
5145
6928a924 5146 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 5147 if (err < 0)
bf1e3541 5148 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 5149 else
a6785be2 5150 status = MGMT_STATUS_SUCCESS;
bf1e3541 5151
eedbd581 5152done:
2a1afb5a
JH		 5153 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5154 status, &cp->addr, sizeof(cp->addr));
2763eda6 5155
09fd0de5 5156 hci_dev_unlock(hdev);
2763eda6
SJ		 5157 return err;
5158}
5159
e68f072b 5160void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 5161{
3b0602cd 5162 struct mgmt_pending_cmd *cmd;
ae55f598 5163
85d67284 5164 bt_dev_dbg(hdev, "status %u", status);
7c307720 5165
11e6e25d 5166 hci_dev_lock(hdev);
41dc2bd6 5167
333ae95d 5168 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 5169 if (!cmd)
333ae95d 5170 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 5171
78b781ca
JH		 5172 if (!cmd)
5173 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5174
11e6e25d 5175 if (cmd) {
2922a94f 5176 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 5177 mgmt_pending_remove(cmd);
5178 }
7c307720 5179
11e6e25d 5180 hci_dev_unlock(hdev);
7c307720
AG		 5181}
5182
591752af
JH		 5183static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5184 uint8_t *mgmt_status)
5185{
5186 switch (type) {
5187 case DISCOV_TYPE_LE:
5188 *mgmt_status = mgmt_le_support(hdev);
5189 if (*mgmt_status)
5190 return false;
5191 break;
5192 case DISCOV_TYPE_INTERLEAVED:
5193 *mgmt_status = mgmt_le_support(hdev);
5194 if (*mgmt_status)
5195 return false;
19186c7b 5196 fallthrough;
591752af
JH		 5197 case DISCOV_TYPE_BREDR:
5198 *mgmt_status = mgmt_bredr_support(hdev);
5199 if (*mgmt_status)
5200 return false;
5201 break;
5202 default:
5203 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5204 return false;
5205 }
5206
5207 return true;
5208}
5209
abfeea47
LAD		 5210static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5211{
5212 struct mgmt_pending_cmd *cmd = data;
5213
5214 bt_dev_dbg(hdev, "err %d", err);
5215
5216 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5217 cmd->param, 1);
5218 mgmt_pending_free(cmd);
5219
182ee45d 5220 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
abfeea47
LAD		 5221 DISCOVERY_FINDING);
5222}
5223
5224static int start_discovery_sync(struct hci_dev *hdev, void *data)
5225{
5226 return hci_start_discovery_sync(hdev);
5227}
5228
78b781ca
JH		 5229static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5230 u16 op, void *data, u16 len)
14a53664 5231{
650f726d 5232 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 5233 struct mgmt_pending_cmd *cmd;
8019044d 5234 u8 status;
14a53664
JH		 5235 int err;
5236
181d6953 5237 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 5238
09fd0de5 5239 hci_dev_lock(hdev);
14a53664 5240
4b34ee78 5241 if (!hdev_is_powered(hdev)) {
78b781ca 5242 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 5243 MGMT_STATUS_NOT_POWERED,
5244 &cp->type, sizeof(cp->type));
bd2d1334
JH		 5245 goto failed;
5246 }
5247
f5a969f2 5248 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 5249 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 5250 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5251 &cp->type, sizeof(cp->type));
642be6c7
AG		 5252 goto failed;
5253 }
5254
591752af 5255 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 5256 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5257 &cp->type, sizeof(cp->type));
591752af
JH		 5258 goto failed;
5259 }
5260
4867bd00
APS		 5261 /* Can't start discovery when it is paused */
5262 if (hdev->discovery_paused) {
5263 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5264 &cp->type, sizeof(cp->type));
5265 goto failed;
5266 }
5267
22078800
MH		 5268 /* Clear the discovery filter first to free any previously
5269 * allocated memory for the UUID list.
5270 */
5271 hci_discovery_filter_clear(hdev);
5272
4aab14e5 5273 hdev->discovery.type = cp->type;
da25cf6a 5274 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 5275 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5276 hdev->discovery.limited = true;
5277 else
5278 hdev->discovery.limited = false;
4aab14e5 5279
abfeea47 5280 cmd = mgmt_pending_new(sk, op, hdev, data, len);
e68f072b
JH		 5281 if (!cmd) {
5282 err = -ENOMEM;
04106755 5283 goto failed;
f39799f5 5284 }
04106755 5285
abfeea47
LAD		 5286 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5287 start_discovery_complete);
5288 if (err < 0) {
5289 mgmt_pending_free(cmd);
5290 goto failed;
5291 }
7c307720 5292
f5a969f2 5293 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 5294
14a53664 5295failed:
09fd0de5 5296 hci_dev_unlock(hdev);
14a53664
JH		 5297 return err;
5298}
f39799f5 5299
78b781ca
JH		 5300static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5301 void *data, u16 len)
5302{
5303 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5304 data, len);
5305}
5306
5307static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5308 void *data, u16 len)
5309{
5310 return start_discovery_internal(sk, hdev,
5311 MGMT_OP_START_LIMITED_DISCOVERY,
5312 data, len);
5313}
5314
66ea9427
JP		 5315static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5316 void *data, u16 len)
5317{
5318 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 5319 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 5320 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5321 u16 uuid_count, expected_len;
5322 u8 status;
5323 int err;
04106755 5324
181d6953 5325 bt_dev_dbg(hdev, "sock %p", sk);
e8bb6b97 5326
66ea9427 5327 hci_dev_lock(hdev);
7c307720 5328
66ea9427 5329 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5330 err = mgmt_cmd_complete(sk, hdev->id,
5331 MGMT_OP_START_SERVICE_DISCOVERY,
5332 MGMT_STATUS_NOT_POWERED,
5333 &cp->type, sizeof(cp->type));
66ea9427
JP		 5334 goto failed;
5335 }
7c307720 5336
66ea9427 5337 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 5338 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
36211f7f
APS		 5339 err = mgmt_cmd_complete(sk, hdev->id,
5340 MGMT_OP_START_SERVICE_DISCOVERY,
5341 MGMT_STATUS_BUSY, &cp->type,
5342 sizeof(cp->type));
5343 goto failed;
5344 }
5345
5346 if (hdev->discovery_paused) {
2a1afb5a
JH		 5347 err = mgmt_cmd_complete(sk, hdev->id,
5348 MGMT_OP_START_SERVICE_DISCOVERY,
5349 MGMT_STATUS_BUSY, &cp->type,
5350 sizeof(cp->type));
66ea9427
JP		 5351 goto failed;
5352 }
d9483943 5353
66ea9427
JP		 5354 uuid_count = __le16_to_cpu(cp->uuid_count);
5355 if (uuid_count > max_uuid_count) {
2064ee33
MH		 5356 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
5357 uuid_count);
2a1afb5a
JH		 5358 err = mgmt_cmd_complete(sk, hdev->id,
5359 MGMT_OP_START_SERVICE_DISCOVERY,
5360 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5361 sizeof(cp->type));
66ea9427
JP		 5362 goto failed;
5363 }
5364
5365 expected_len = sizeof(*cp) + uuid_count * 16;
5366 if (expected_len != len) {
2064ee33
MH		 5367 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
5368 expected_len, len);
2a1afb5a
JH		 5369 err = mgmt_cmd_complete(sk, hdev->id,
5370 MGMT_OP_START_SERVICE_DISCOVERY,
5371 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5372 sizeof(cp->type));
66ea9427
JP		 5373 goto failed;
5374 }
5375
591752af
JH		 5376 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5377 err = mgmt_cmd_complete(sk, hdev->id,
5378 MGMT_OP_START_SERVICE_DISCOVERY,
5379 status, &cp->type, sizeof(cp->type));
5380 goto failed;
5381 }
5382
abfeea47 5383 cmd = mgmt_pending_new(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 5384 hdev, data, len);
66ea9427
JP		 5385 if (!cmd) {
5386 err = -ENOMEM;
5387 goto failed;
5388 }
5389
22078800
MH		 5390 /* Clear the discovery filter first to free any previously
5391 * allocated memory for the UUID list.
5392 */
5393 hci_discovery_filter_clear(hdev);
5394
82f8b651 5395 hdev->discovery.result_filtering = true;
66ea9427
JP		 5396 hdev->discovery.type = cp->type;
5397 hdev->discovery.rssi = cp->rssi;
5398 hdev->discovery.uuid_count = uuid_count;
5399
5400 if (uuid_count > 0) {
5401 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
5402 GFP_KERNEL);
5403 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 5404 err = mgmt_cmd_complete(sk, hdev->id,
5405 MGMT_OP_START_SERVICE_DISCOVERY,
5406 MGMT_STATUS_FAILED,
5407 &cp->type, sizeof(cp->type));
d9483943
JH		 5408 mgmt_pending_remove(cmd);
5409 goto failed;
5410 }
66ea9427 5411 }
d9483943 5412
abfeea47
LAD		 5413 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5414 start_discovery_complete);
5415 if (err < 0) {
5416 mgmt_pending_free(cmd);
5417 goto failed;
5418 }
5419
66ea9427 5420 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 5421
5422failed:
09fd0de5 5423 hci_dev_unlock(hdev);
14a53664
JH		 5424 return err;
5425}
5426
2154d3f4 5427void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 5428{
3b0602cd 5429 struct mgmt_pending_cmd *cmd;
1183fdca 5430
85d67284 5431 bt_dev_dbg(hdev, "status %u", status);
0e05bba6
AG		 5432
5433 hci_dev_lock(hdev);
5434
333ae95d 5435 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 5436 if (cmd) {
2922a94f 5437 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 5438 mgmt_pending_remove(cmd);
0e05bba6
AG		 5439 }
5440
0e05bba6
AG		 5441 hci_dev_unlock(hdev);
5442}
5443
abfeea47
LAD		 5444static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
5445{
5446 struct mgmt_pending_cmd *cmd = data;
5447
5448 bt_dev_dbg(hdev, "err %d", err);
5449
5450 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5451 cmd->param, 1);
5452 mgmt_pending_free(cmd);
5453
abfeea47
LAD		 5454 if (!err)
5455 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
5456}
5457
5458static int stop_discovery_sync(struct hci_dev *hdev, void *data)
5459{
5460 return hci_stop_discovery_sync(hdev);
5461}
5462
bdb6d971 5463static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 5464 u16 len)
14a53664 5465{
d930650b 5466 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 5467 struct mgmt_pending_cmd *cmd;
14a53664
JH		 5468 int err;
5469
181d6953 5470 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 5471
09fd0de5 5472 hci_dev_lock(hdev);
14a53664 5473
30dc78e1 5474 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 5475 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5476 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5477 sizeof(mgmt_cp->type));
d930650b
JH		 5478 goto unlock;
5479 }
5480
5481 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 5482 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5483 MGMT_STATUS_INVALID_PARAMS,
5484 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 5485 goto unlock;
ff9ef578
JH		 5486 }
5487
abfeea47 5488 cmd = mgmt_pending_new(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 5489 if (!cmd) {
5490 err = -ENOMEM;
30dc78e1
JH		 5491 goto unlock;
5492 }
5493
abfeea47
LAD		 5494 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
5495 stop_discovery_complete);
5496 if (err < 0) {
5497 mgmt_pending_free(cmd);
5498 goto unlock;
5499 }
2922a94f 5500
2154d3f4 5501 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 5502
30dc78e1 5503unlock:
09fd0de5 5504 hci_dev_unlock(hdev);
14a53664
JH		 5505 return err;
5506}
5507
bdb6d971 5508static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 5509 u16 len)
561aafbc 5510{
650f726d 5511 struct mgmt_cp_confirm_name *cp = data;
561aafbc 5512 struct inquiry_entry *e;
561aafbc
JH		 5513 int err;
5514
181d6953 5515 bt_dev_dbg(hdev, "sock %p", sk);
561aafbc 5516
561aafbc
JH		 5517 hci_dev_lock(hdev);
5518
30dc78e1 5519 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 5520 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5521 MGMT_STATUS_FAILED, &cp->addr,
5522 sizeof(cp->addr));
30dc78e1
JH		 5523 goto failed;
5524 }
5525
a198e7b1 5526 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 5527 if (!e) {
2a1afb5a
JH		 5528 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5529 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
5530 sizeof(cp->addr));
561aafbc
JH		 5531 goto failed;
5532 }
5533
5534 if (cp->name_known) {
5535 e->name_state = NAME_KNOWN;
5536 list_del(&e->list);
5537 } else {
5538 e->name_state = NAME_NEEDED;
a3d4e20a 5539 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 5540 }
5541
2a1afb5a
JH		 5542 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
5543 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 5544
5545failed:
5546 hci_dev_unlock(hdev);
561aafbc
JH		 5547 return err;
5548}
5549
bdb6d971 5550static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 5551 u16 len)
7fbec224 5552{
650f726d 5553 struct mgmt_cp_block_device *cp = data;
f0eeea8b 5554 u8 status;
7fbec224
AJ		 5555 int err;
5556
181d6953 5557 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 5558
4ee71b20 5559 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5560 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
5561 MGMT_STATUS_INVALID_PARAMS,
5562 &cp->addr, sizeof(cp->addr));
4ee71b20 5563
09fd0de5 5564 hci_dev_lock(hdev);
5e762444 5565
3d4f9c00 5566 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
dcc36c16 5567 cp->addr.type);
2a8357f2 5568 if (err < 0) {
f0eeea8b 5569 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 5570 goto done;
5571 }
5572
5573 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5574 sk);
5575 status = MGMT_STATUS_SUCCESS;
f0eeea8b 5576
2a8357f2 5577done:
2a1afb5a
JH		 5578 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
5579 &cp->addr, sizeof(cp->addr));
5e762444 5580
09fd0de5 5581 hci_dev_unlock(hdev);
7fbec224
AJ		 5582
5583 return err;
5584}
5585
bdb6d971 5586static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 5587 u16 len)
7fbec224 5588{
650f726d 5589 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 5590 u8 status;
7fbec224
AJ		 5591 int err;
5592
181d6953 5593 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 5594
4ee71b20 5595 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5596 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
5597 MGMT_STATUS_INVALID_PARAMS,
5598 &cp->addr, sizeof(cp->addr));
4ee71b20 5599
09fd0de5 5600 hci_dev_lock(hdev);
5e762444 5601
3d4f9c00 5602 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
dcc36c16 5603 cp->addr.type);
2a8357f2 5604 if (err < 0) {
f0eeea8b 5605 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 5606 goto done;
5607 }
5608
5609 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5610 sk);
5611 status = MGMT_STATUS_SUCCESS;
f0eeea8b 5612
2a8357f2 5613done:
2a1afb5a
JH		 5614 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
5615 &cp->addr, sizeof(cp->addr));
5e762444 5616
09fd0de5 5617 hci_dev_unlock(hdev);
7fbec224
AJ		 5618
5619 return err;
5620}
5621
161510cc
LAD		 5622static int set_device_id_sync(struct hci_dev *hdev, void *data)
5623{
5624 return hci_update_eir_sync(hdev);
5625}
5626
cdbaccca
MH		 5627static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
5628 u16 len)
5629{
5630 struct mgmt_cp_set_device_id *cp = data;
5631 int err;
c72d4b8a 5632 __u16 source;
cdbaccca 5633
181d6953 5634 bt_dev_dbg(hdev, "sock %p", sk);
cdbaccca 5635
c72d4b8a
SJ		 5636 source = __le16_to_cpu(cp->source);
5637
5638 if (source > 0x0002)
a69e8375
JH		 5639 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
5640 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 5641
cdbaccca
MH		 5642 hci_dev_lock(hdev);
5643
c72d4b8a 5644 hdev->devid_source = source;
cdbaccca
MH		 5645 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
5646 hdev->devid_product = __le16_to_cpu(cp->product);
5647 hdev->devid_version = __le16_to_cpu(cp->version);
5648
2a1afb5a
JH		 5649 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
5650 NULL, 0);
cdbaccca 5651
161510cc 5652 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
cdbaccca
MH		 5653
5654 hci_dev_unlock(hdev);
5655
5656 return err;
5657}
5658
26ac4c56 5659static void enable_advertising_instance(struct hci_dev *hdev, int err)
24b4f38f 5660{
26ac4c56
BG		 5661 if (err)
5662 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
5663 else
5664 bt_dev_dbg(hdev, "status %d", err);
24b4f38f
AU		 5665}
5666
26ac4c56 5667static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
4375f103
JH		 5668{
5669 struct cmd_lookup match = { NULL, hdev };
7816b820
FG		 5670 u8 instance;
5671 struct adv_info *adv_instance;
26ac4c56 5672 u8 status = mgmt_status(err);
3ad67582 5673
4375f103 5674 if (status) {
4375f103 5675 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
26ac4c56
BG		 5676 cmd_status_rsp, &status);
5677 return;
4375f103
JH		 5678 }
5679
d7a5a11d 5680 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 5681 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 5682 else
a358dc11 5683 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 5684
4375f103
JH		 5685 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
5686 &match);
5687
5688 new_settings(hdev, match.sk);
5689
5690 if (match.sk)
5691 sock_put(match.sk);
3ad67582 5692
24b4f38f 5693 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 5694 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 5695 */
5696 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 5697 list_empty(&hdev->adv_instances))
26ac4c56 5698 return;
24b4f38f 5699
7816b820
FG		 5700 instance = hdev->cur_adv_instance;
5701 if (!instance) {
5702 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
5703 struct adv_info, list);
5704 if (!adv_instance)
26ac4c56 5705 return;
7816b820
FG		 5706
5707 instance = adv_instance->instance;
5708 }
5709
26ac4c56 5710 err = hci_schedule_adv_instance_sync(hdev, instance, true);
24b4f38f 5711
26ac4c56
BG		 5712 enable_advertising_instance(hdev, err);
5713}
7816b820 5714
26ac4c56
BG		 5715static int set_adv_sync(struct hci_dev *hdev, void *data)
5716{
5717 struct mgmt_pending_cmd *cmd = data;
5718 struct mgmt_mode *cp = cmd->param;
5719 u8 val = !!cp->val;
24b4f38f 5720
26ac4c56
BG		 5721 if (cp->val == 0x02)
5722 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
5723 else
5724 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
24b4f38f 5725
26ac4c56
BG		 5726 cancel_adv_timeout(hdev);
5727
5728 if (val) {
5729 /* Switch to instance "0" for the Set Advertising setting.
5730 * We cannot use update_[adv|scan_rsp]_data() here as the
5731 * HCI_ADVERTISING flag is not yet set.
5732 */
5733 hdev->cur_adv_instance = 0x00;
5734
5735 if (ext_adv_capable(hdev)) {
5736 hci_start_ext_adv_sync(hdev, 0x00);
5737 } else {
5738 hci_update_adv_data_sync(hdev, 0x00);
5739 hci_update_scan_rsp_data_sync(hdev, 0x00);
5740 hci_enable_advertising_sync(hdev);
5741 }
5742 } else {
5743 hci_disable_advertising_sync(hdev);
5744 }
5745
5746 return 0;
4375f103
JH		 5747}
5748
21b5187f
MH		 5749static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
5750 u16 len)
4375f103
JH		 5751{
5752 struct mgmt_mode *cp = data;
3b0602cd 5753 struct mgmt_pending_cmd *cmd;
cc91cb04 5754 u8 val, status;
4375f103
JH		 5755 int err;
5756
181d6953 5757 bt_dev_dbg(hdev, "sock %p", sk);
4375f103 5758
e6fe7986
JH		 5759 status = mgmt_le_support(hdev);
5760 if (status)
a69e8375
JH		 5761 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5762 status);
4375f103 5763
cc91cb04 5764 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5765 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5766 MGMT_STATUS_INVALID_PARAMS);
4375f103 5767
4867bd00
APS		 5768 if (hdev->advertising_paused)
5769 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5770 MGMT_STATUS_BUSY);
5771
4375f103
JH		 5772 hci_dev_lock(hdev);
5773
5774 val = !!cp->val;
4375f103 5775
f74ca9b8
JH		 5776 /* The following conditions are ones which mean that we should
5777 * not do any HCI communication but directly send a mgmt
5778 * response to user space (after toggling the flag if
5779 * necessary).
5780 */
cc91cb04 5781 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 5782 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5783 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 5784 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 5785 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 5786 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 5787 bool changed;
4375f103 5788
cc91cb04 5789 if (cp->val) {
cab054ab 5790 hdev->cur_adv_instance = 0x00;
238be788 5791 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 5792 if (cp->val == 0x02)
a1536da2 5793 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5794 else
a358dc11 5795 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5796 } else {
a69d8927 5797 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 5798 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 5799 }
5800
5801 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
5802 if (err < 0)
5803 goto unlock;
5804
5805 if (changed)
5806 err = new_settings(hdev, sk);
5807
5808 goto unlock;
5809 }
5810
333ae95d
JH		 5811 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
5812 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 5813 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5814 MGMT_STATUS_BUSY);
4375f103
JH		 5815 goto unlock;
5816 }
5817
5818 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
26ac4c56 5819 if (!cmd)
4375f103 5820 err = -ENOMEM;
cc91cb04 5821 else
26ac4c56
BG		 5822 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
5823 set_advertising_complete);
de181e88 5824
26ac4c56 5825 if (err < 0 && cmd)
4375f103
JH		 5826 mgmt_pending_remove(cmd);
5827
5828unlock:
5829 hci_dev_unlock(hdev);
5830 return err;
5831}
5832
d13eafce
MH		 5833static int set_static_address(struct sock *sk, struct hci_dev *hdev,
5834 void *data, u16 len)
5835{
5836 struct mgmt_cp_set_static_address *cp = data;
5837 int err;
5838
181d6953 5839 bt_dev_dbg(hdev, "sock %p", sk);
d13eafce 5840
62af4443 5841 if (!lmp_le_capable(hdev))
a69e8375
JH		 5842 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5843 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 5844
5845 if (hdev_is_powered(hdev))
a69e8375
JH		 5846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5847 MGMT_STATUS_REJECTED);
d13eafce
MH		 5848
5849 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
5850 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 5851 return mgmt_cmd_status(sk, hdev->id,
5852 MGMT_OP_SET_STATIC_ADDRESS,
5853 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 5854
5855 /* Two most significant bits shall be set */
5856 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 5857 return mgmt_cmd_status(sk, hdev->id,
5858 MGMT_OP_SET_STATIC_ADDRESS,
5859 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 5860 }
5861
5862 hci_dev_lock(hdev);
5863
5864 bacpy(&hdev->static_addr, &cp->bdaddr);
5865
93690c22
MH		 5866 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5867 if (err < 0)
5868 goto unlock;
5869
5870 err = new_settings(hdev, sk);
d13eafce 5871
93690c22 5872unlock:
d13eafce 5873 hci_dev_unlock(hdev);
d13eafce
MH		 5874 return err;
5875}
5876
14b49b9a
MH		 5877static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5878 void *data, u16 len)
5879{
5880 struct mgmt_cp_set_scan_params *cp = data;
5881 __u16 interval, window;
5882 int err;
5883
181d6953 5884 bt_dev_dbg(hdev, "sock %p", sk);
14b49b9a
MH		 5885
5886 if (!lmp_le_capable(hdev))
a69e8375
JH		 5887 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5888 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 5889
5890 interval = __le16_to_cpu(cp->interval);
5891
5892 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 5893 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5894 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 5895
5896 window = __le16_to_cpu(cp->window);
5897
5898 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 5899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5900 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 5901
899e1075 5902 if (window > interval)
a69e8375
JH		 5903 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5904 MGMT_STATUS_INVALID_PARAMS);
899e1075 5905
14b49b9a
MH		 5906 hci_dev_lock(hdev);
5907
5908 hdev->le_scan_interval = interval;
5909 hdev->le_scan_window = window;
5910
2a1afb5a
JH		 5911 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5912 NULL, 0);
14b49b9a 5913
dd2ef8e2
AG		 5914 /* If background scan is running, restart it so new parameters are
5915 * loaded.
5916 */
d7a5a11d 5917 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
abfeea47
LAD		 5918 hdev->discovery.state == DISCOVERY_STOPPED)
5919 hci_update_passive_scan(hdev);
dd2ef8e2 5920
14b49b9a
MH		 5921 hci_dev_unlock(hdev);
5922
5923 return err;
5924}
5925
353a0249 5926static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
33e38b3e 5927{
353a0249 5928 struct mgmt_pending_cmd *cmd = data;
33e38b3e 5929
353a0249 5930 bt_dev_dbg(hdev, "err %d", err);
33e38b3e 5931
353a0249 5932 if (err) {
a69e8375 5933 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
353a0249 5934 mgmt_status(err));
33e38b3e 5935 } else {
1a4d3c4b
JH		 5936 struct mgmt_mode *cp = cmd->param;
5937
5938 if (cp->val)
a1536da2 5939 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 5940 else
a358dc11 5941 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 5942
33e38b3e
JH		 5943 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5944 new_settings(hdev, cmd->sk);
5945 }
5946
353a0249
BG		 5947 mgmt_pending_free(cmd);
5948}
33e38b3e 5949
353a0249
BG		 5950static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
5951{
5952 struct mgmt_pending_cmd *cmd = data;
5953 struct mgmt_mode *cp = cmd->param;
5954
5955 return hci_write_fast_connectable_sync(hdev, cp->val);
33e38b3e
JH		 5956}
5957
bdb6d971 5958static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 5959 void *data, u16 len)
f6422ec6 5960{
650f726d 5961 struct mgmt_mode *cp = data;
3b0602cd 5962 struct mgmt_pending_cmd *cmd;
f6422ec6
AJ		 5963 int err;
5964
181d6953 5965 bt_dev_dbg(hdev, "sock %p", sk);
f6422ec6 5966
d7a5a11d 5967 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 5968 hdev->hci_ver < BLUETOOTH_VER_1_2)
353a0249
BG		 5969 return mgmt_cmd_status(sk, hdev->id,
5970 MGMT_OP_SET_FAST_CONNECTABLE,
a69e8375 5971 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 5972
a7e80f25 5973 if (cp->val != 0x00 && cp->val != 0x01)
353a0249
BG		 5974 return mgmt_cmd_status(sk, hdev->id,
5975 MGMT_OP_SET_FAST_CONNECTABLE,
a69e8375 5976 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 5977
f6422ec6
AJ		 5978 hci_dev_lock(hdev);
5979
d7a5a11d 5980 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
353a0249 5981 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
1a4d3c4b
JH		 5982 goto unlock;
5983 }
5984
406ef2a6 5985 if (!hdev_is_powered(hdev)) {
ce05d603 5986 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
353a0249 5987 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
406ef2a6
JH		 5988 new_settings(hdev, sk);
5989 goto unlock;
5990 }
5991
353a0249
BG		 5992 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
5993 len);
5994 if (!cmd)
33e38b3e 5995 err = -ENOMEM;
353a0249
BG		 5996 else
5997 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
5998 fast_connectable_complete);
f6422ec6 5999
353a0249
BG		 6000 if (err < 0) {
6001 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6002 MGMT_STATUS_FAILED);
33e38b3e 6003
353a0249
BG		 6004 if (cmd)
6005 mgmt_pending_free(cmd);
f6422ec6
AJ		 6006 }
6007
33e38b3e 6008unlock:
f6422ec6 6009 hci_dev_unlock(hdev);
33e38b3e 6010
f6422ec6
AJ		 6011 return err;
6012}
6013
451d95a9 6014static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
0663ca2a 6015{
451d95a9 6016 struct mgmt_pending_cmd *cmd = data;
0663ca2a 6017
451d95a9 6018 bt_dev_dbg(hdev, "err %d", err);
0663ca2a 6019
451d95a9
BG		 6020 if (err) {
6021 u8 mgmt_err = mgmt_status(err);
0663ca2a
JH		 6022
6023 /* We need to restore the flag if related HCI commands
6024 * failed.
6025 */
a358dc11 6026 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 6027
a69e8375 6028 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 6029 } else {
6030 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6031 new_settings(hdev, cmd->sk);
6032 }
6033
451d95a9
BG		 6034 mgmt_pending_free(cmd);
6035}
0663ca2a 6036
451d95a9
BG		 6037static int set_bredr_sync(struct hci_dev *hdev, void *data)
6038{
6039 int status;
6040
6041 status = hci_write_fast_connectable_sync(hdev, false);
6042
6043 if (!status)
6044 status = hci_update_scan_sync(hdev);
6045
6046 /* Since only the advertising data flags will change, there
6047 * is no need to update the scan response data.
6048 */
6049 if (!status)
6050 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6051
6052 return status;
0663ca2a
JH		 6053}
6054
6055static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6056{
6057 struct mgmt_mode *cp = data;
3b0602cd 6058 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 6059 int err;
6060
181d6953 6061 bt_dev_dbg(hdev, "sock %p", sk);
0663ca2a
JH		 6062
6063 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 6064 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6065 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 6066
d7a5a11d 6067 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 6068 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6069 MGMT_STATUS_REJECTED);
0663ca2a
JH		 6070
6071 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 6072 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6073 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 6074
6075 hci_dev_lock(hdev);
6076
d7a5a11d 6077 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 6078 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6079 goto unlock;
6080 }
6081
6082 if (!hdev_is_powered(hdev)) {
6083 if (!cp->val) {
a358dc11
MH		 6084 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6085 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6086 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6087 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6088 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 6089 }
6090
ce05d603 6091 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 6092
6093 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6094 if (err < 0)
6095 goto unlock;
6096
6097 err = new_settings(hdev, sk);
6098 goto unlock;
6099 }
6100
6101 /* Reject disabling when powered on */
6102 if (!cp->val) {
a69e8375
JH		 6103 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6104 MGMT_STATUS_REJECTED);
0663ca2a 6105 goto unlock;
111e4bcc
MH		 6106 } else {
6107 /* When configuring a dual-mode controller to operate
6108 * with LE only and using a static address, then switching
6109 * BR/EDR back on is not allowed.
6110 *
6111 * Dual-mode controllers shall operate with the public
6112 * address as its identity address for BR/EDR and LE. So
6113 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 6114 *
6115 * The same restrictions applies when secure connections
6116 * has been enabled. For BR/EDR this is a controller feature
6117 * while for LE it is a host stack feature. This means that
6118 * switching BR/EDR back on when secure connections has been
6119 * enabled is not a supported transaction.
111e4bcc 6120 */
d7a5a11d 6121 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 6122 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 6123 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 6124 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6125 MGMT_STATUS_REJECTED);
111e4bcc
MH		 6126 goto unlock;
6127 }
0663ca2a
JH		 6128 }
6129
451d95a9
BG		 6130 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6131 if (!cmd)
0663ca2a 6132 err = -ENOMEM;
451d95a9
BG		 6133 else
6134 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6135 set_bredr_complete);
6136
6137 if (err < 0) {
6138 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6139 MGMT_STATUS_FAILED);
6140 if (cmd)
6141 mgmt_pending_free(cmd);
6142
0663ca2a
JH		 6143 goto unlock;
6144 }
6145
f2252570
JH		 6146 /* We need to flip the bit already here so that
6147 * hci_req_update_adv_data generates the correct flags.
0663ca2a 6148 */
a1536da2 6149 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 6150
0663ca2a
JH		 6151unlock:
6152 hci_dev_unlock(hdev);
6153 return err;
6154}
6155
2f2eb0c9 6156static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
a1443f5a 6157{
2f2eb0c9 6158 struct mgmt_pending_cmd *cmd = data;
a1443f5a
JH		 6159 struct mgmt_mode *cp;
6160
2f2eb0c9 6161 bt_dev_dbg(hdev, "err %d", err);
a1443f5a 6162
2f2eb0c9
BG		 6163 if (err) {
6164 u8 mgmt_err = mgmt_status(err);
a1443f5a 6165
2f2eb0c9
BG		 6166 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6167 goto done;
a1443f5a
JH		 6168 }
6169
6170 cp = cmd->param;
6171
6172 switch (cp->val) {
6173 case 0x00:
a358dc11
MH		 6174 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6175 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6176 break;
6177 case 0x01:
a1536da2 6178 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 6179 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6180 break;
6181 case 0x02:
a1536da2
MH		 6182 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6183 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6184 break;
6185 }
6186
2f2eb0c9 6187 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
a1443f5a
JH		 6188 new_settings(hdev, cmd->sk);
6189
2f2eb0c9
BG		 6190done:
6191 mgmt_pending_free(cmd);
6192}
6193
6194static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6195{
6196 struct mgmt_pending_cmd *cmd = data;
6197 struct mgmt_mode *cp = cmd->param;
6198 u8 val = !!cp->val;
6199
6200 /* Force write of val */
6201 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6202
6203 return hci_write_sc_support_sync(hdev, val);
a1443f5a
JH		 6204}
6205
eac83dc6
MH		 6206static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6207 void *data, u16 len)
6208{
6209 struct mgmt_mode *cp = data;
3b0602cd 6210 struct mgmt_pending_cmd *cmd;
a3209694 6211 u8 val;
eac83dc6
MH		 6212 int err;
6213
181d6953 6214 bt_dev_dbg(hdev, "sock %p", sk);
eac83dc6 6215
05b3c3e7 6216 if (!lmp_sc_capable(hdev) &&
d7a5a11d 6217 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 6218 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6219 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 6220
d7a5a11d 6221 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 6222 lmp_sc_capable(hdev) &&
d7a5a11d 6223 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 6224 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6225 MGMT_STATUS_REJECTED);
ed93ec69 6226
0ab04a9c 6227 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 6228 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
2f2eb0c9 6229 MGMT_STATUS_INVALID_PARAMS);
eac83dc6
MH		 6230
6231 hci_dev_lock(hdev);
6232
05b3c3e7 6233 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 6234 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 6235 bool changed;
6236
0ab04a9c 6237 if (cp->val) {
238be788
MH		 6238 changed = !hci_dev_test_and_set_flag(hdev,
6239 HCI_SC_ENABLED);
0ab04a9c 6240 if (cp->val == 0x02)
a1536da2 6241 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6242 else
a358dc11 6243 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6244 } else {
a69d8927
MH		 6245 changed = hci_dev_test_and_clear_flag(hdev,
6246 HCI_SC_ENABLED);
a358dc11 6247 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6248 }
eac83dc6
MH		 6249
6250 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6251 if (err < 0)
6252 goto failed;
6253
6254 if (changed)
6255 err = new_settings(hdev, sk);
6256
6257 goto failed;
6258 }
6259
0ab04a9c
MH		 6260 val = !!cp->val;
6261
d7a5a11d
MH		 6262 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6263 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 6264 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6265 goto failed;
6266 }
6267
2f2eb0c9
BG		 6268 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6269 if (!cmd)
eac83dc6 6270 err = -ENOMEM;
2f2eb0c9
BG		 6271 else
6272 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6273 set_secure_conn_complete);
eac83dc6 6274
eac83dc6 6275 if (err < 0) {
2f2eb0c9
BG		 6276 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6277 MGMT_STATUS_FAILED);
6278 if (cmd)
6279 mgmt_pending_free(cmd);
eac83dc6
MH		 6280 }
6281
6282failed:
6283 hci_dev_unlock(hdev);
6284 return err;
6285}
6286
4e39ac81
MH		 6287static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6288 void *data, u16 len)
6289{
6290 struct mgmt_mode *cp = data;
b9710979 6291 bool changed, use_changed;
4e39ac81
MH		 6292 int err;
6293
181d6953 6294 bt_dev_dbg(hdev, "sock %p", sk);
4e39ac81 6295
b9710979 6296 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 6297 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6298 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 6299
6300 hci_dev_lock(hdev);
6301
6302 if (cp->val)
238be788 6303 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 6304 else
a69d8927
MH		 6305 changed = hci_dev_test_and_clear_flag(hdev,
6306 HCI_KEEP_DEBUG_KEYS);
4e39ac81 6307
b9710979 6308 if (cp->val == 0x02)
238be788
MH		 6309 use_changed = !hci_dev_test_and_set_flag(hdev,
6310 HCI_USE_DEBUG_KEYS);
b9710979 6311 else
a69d8927
MH		 6312 use_changed = hci_dev_test_and_clear_flag(hdev,
6313 HCI_USE_DEBUG_KEYS);
b9710979
JH		 6314
6315 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 6316 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 6317 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6318 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6319 sizeof(mode), &mode);
6320 }
6321
4e39ac81
MH		 6322 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
6323 if (err < 0)
6324 goto unlock;
6325
6326 if (changed)
6327 err = new_settings(hdev, sk);
6328
6329unlock:
6330 hci_dev_unlock(hdev);
6331 return err;
6332}
6333
62b04cd1
JH		 6334static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6335 u16 len)
6336{
6337 struct mgmt_cp_set_privacy *cp = cp_data;
6338 bool changed;
6339 int err;
6340
181d6953 6341 bt_dev_dbg(hdev, "sock %p", sk);
62b04cd1
JH		 6342
6343 if (!lmp_le_capable(hdev))
a69e8375
JH		 6344 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6345 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 6346
82a37ade 6347 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 6348 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6349 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 6350
6351 if (hdev_is_powered(hdev))
a69e8375
JH		 6352 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6353 MGMT_STATUS_REJECTED);
62b04cd1
JH		 6354
6355 hci_dev_lock(hdev);
6356
c21c0ea0
JH		 6357 /* If user space supports this command it is also expected to
6358 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
6359 */
a1536da2 6360 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 6361
62b04cd1 6362 if (cp->privacy) {
238be788 6363 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 6364 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 6365 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 6366 hci_adv_instances_set_rpa_expired(hdev, true);
82a37ade
JH		 6367 if (cp->privacy == 0x02)
6368 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
6369 else
6370 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 6371 } else {
a69d8927 6372 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 6373 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 6374 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 6375 hci_adv_instances_set_rpa_expired(hdev, false);
82a37ade 6376 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 6377 }
6378
6379 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
6380 if (err < 0)
6381 goto unlock;
6382
6383 if (changed)
6384 err = new_settings(hdev, sk);
6385
6386unlock:
6387 hci_dev_unlock(hdev);
6388 return err;
6389}
6390
41edf160
JH		 6391static bool irk_is_valid(struct mgmt_irk_info *irk)
6392{
6393 switch (irk->addr.type) {
6394 case BDADDR_LE_PUBLIC:
6395 return true;
6396
6397 case BDADDR_LE_RANDOM:
6398 /* Two most significant bits shall be set */
6399 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6400 return false;
6401 return true;
6402 }
6403
6404 return false;
6405}
6406
6407static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6408 u16 len)
6409{
6410 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 6411 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
6412 sizeof(struct mgmt_irk_info));
41edf160
JH		 6413 u16 irk_count, expected_len;
6414 int i, err;
6415
181d6953 6416 bt_dev_dbg(hdev, "sock %p", sk);
41edf160
JH		 6417
6418 if (!lmp_le_capable(hdev))
a69e8375
JH		 6419 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6420 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 6421
6422 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936 6423 if (irk_count > max_irk_count) {
2064ee33
MH		 6424 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
6425 irk_count);
a69e8375
JH		 6426 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6427 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6428 }
41edf160 6429
5bec1fb8 6430 expected_len = struct_size(cp, irks, irk_count);
41edf160 6431 if (expected_len != len) {
2064ee33
MH		 6432 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
6433 expected_len, len);
a69e8375
JH		 6434 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6435 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 6436 }
6437
181d6953 6438 bt_dev_dbg(hdev, "irk_count %u", irk_count);
41edf160
JH		 6439
6440 for (i = 0; i < irk_count; i++) {
6441 struct mgmt_irk_info *key = &cp->irks[i];
6442
6443 if (!irk_is_valid(key))
a69e8375
JH		 6444 return mgmt_cmd_status(sk, hdev->id,
6445 MGMT_OP_LOAD_IRKS,
6446 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 6447 }
6448
6449 hci_dev_lock(hdev);
6450
6451 hci_smp_irks_clear(hdev);
6452
6453 for (i = 0; i < irk_count; i++) {
6454 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 6455
600a8749
AM		 6456 if (hci_is_blocked_key(hdev,
6457 HCI_BLOCKED_KEY_TYPE_IRK,
6458 irk->val)) {
6459 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
6460 &irk->addr.bdaddr);
6461 continue;
6462 }
6463
85813a7e
JH		 6464 hci_add_irk(hdev, &irk->addr.bdaddr,
6465 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 6466 BDADDR_ANY);
6467 }
6468
a1536da2 6469 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 6470
2a1afb5a 6471 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 6472
6473 hci_dev_unlock(hdev);
6474
6475 return err;
6476}
6477
3f706b72
JH		 6478static bool ltk_is_valid(struct mgmt_ltk_info *key)
6479{
fad646e1 6480 if (key->initiator != 0x00 && key->initiator != 0x01)
3f706b72 6481 return false;
490cb0b3
MH		 6482
6483 switch (key->addr.type) {
6484 case BDADDR_LE_PUBLIC:
6485 return true;
6486
6487 case BDADDR_LE_RANDOM:
6488 /* Two most significant bits shall be set */
6489 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6490 return false;
6491 return true;
6492 }
6493
6494 return false;
3f706b72
JH		 6495}
6496
bdb6d971 6497static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 6498 void *cp_data, u16 len)
346af67b 6499{
346af67b 6500 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 6501 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
6502 sizeof(struct mgmt_ltk_info));
346af67b 6503 u16 key_count, expected_len;
715a5bf2 6504 int i, err;
346af67b 6505
181d6953 6506 bt_dev_dbg(hdev, "sock %p", sk);
cf99ba13
MH		 6507
6508 if (!lmp_le_capable(hdev))
a69e8375
JH		 6509 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6510 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 6511
1f350c87 6512 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 6513 if (key_count > max_key_count) {
2064ee33
MH		 6514 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
6515 key_count);
a69e8375
JH		 6516 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6517 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6518 }
346af67b 6519
5bec1fb8 6520 expected_len = struct_size(cp, keys, key_count);
346af67b 6521 if (expected_len != len) {
2064ee33
MH		 6522 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
6523 expected_len, len);
a69e8375
JH		 6524 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6525 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 6526 }
6527
181d6953 6528 bt_dev_dbg(hdev, "key_count %u", key_count);
346af67b 6529
54ad6d8a
JH		 6530 for (i = 0; i < key_count; i++) {
6531 struct mgmt_ltk_info *key = &cp->keys[i];
6532
3f706b72 6533 if (!ltk_is_valid(key))
a69e8375
JH		 6534 return mgmt_cmd_status(sk, hdev->id,
6535 MGMT_OP_LOAD_LONG_TERM_KEYS,
6536 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 6537 }
6538
346af67b
VCG		 6539 hci_dev_lock(hdev);
6540
6541 hci_smp_ltks_clear(hdev);
6542
6543 for (i = 0; i < key_count; i++) {
6544 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 6545 u8 type, authenticated;
346af67b 6546
600a8749
AM		 6547 if (hci_is_blocked_key(hdev,
6548 HCI_BLOCKED_KEY_TYPE_LTK,
6549 key->val)) {
6550 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
6551 &key->addr.bdaddr);
6552 continue;
6553 }
6554
61b43357
JH		 6555 switch (key->type) {
6556 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 6557 authenticated = 0x00;
fad646e1 6558 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
61b43357
JH		 6559 break;
6560 case MGMT_LTK_AUTHENTICATED:
d7b25450 6561 authenticated = 0x01;
fad646e1 6562 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
23fb8de3
JH		 6563 break;
6564 case MGMT_LTK_P256_UNAUTH:
6565 authenticated = 0x00;
6566 type = SMP_LTK_P256;
61b43357 6567 break;
23fb8de3
JH		 6568 case MGMT_LTK_P256_AUTH:
6569 authenticated = 0x01;
6570 type = SMP_LTK_P256;
61b43357 6571 break;
23fb8de3
JH		 6572 case MGMT_LTK_P256_DEBUG:
6573 authenticated = 0x00;
6574 type = SMP_LTK_P256_DEBUG;
19186c7b 6575 fallthrough;
61b43357
JH		 6576 default:
6577 continue;
6578 }
d7b25450 6579
85813a7e
JH		 6580 hci_add_ltk(hdev, &key->addr.bdaddr,
6581 le_addr_type(key->addr.type), type, authenticated,
6582 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 6583 }
6584
2a1afb5a 6585 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 6586 NULL, 0);
6587
346af67b 6588 hci_dev_unlock(hdev);
346af67b 6589
715a5bf2 6590 return err;
346af67b
VCG		 6591}
6592
47db6b42 6593static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
dd983808 6594{
47db6b42 6595 struct mgmt_pending_cmd *cmd = data;
dd983808 6596 struct hci_conn *conn = cmd->user_data;
47db6b42 6597 struct mgmt_cp_get_conn_info *cp = cmd->param;
9981bdb0 6598 struct mgmt_rp_get_conn_info rp;
47db6b42 6599 u8 status;
dd983808 6600
47db6b42
BG		 6601 bt_dev_dbg(hdev, "err %d", err);
6602
6603 memcpy(&rp.addr, &cp->addr.bdaddr, sizeof(rp.addr));
dd983808 6604
47db6b42 6605 status = mgmt_status(err);
9981bdb0 6606 if (status == MGMT_STATUS_SUCCESS) {
dd983808 6607 rp.rssi = conn->rssi;
9981bdb0
JH		 6608 rp.tx_power = conn->tx_power;
6609 rp.max_tx_power = conn->max_tx_power;
6610 } else {
6611 rp.rssi = HCI_RSSI_INVALID;
6612 rp.tx_power = HCI_TX_POWER_INVALID;
6613 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 6614 }
6615
47db6b42
BG		 6616 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
6617 &rp, sizeof(rp));
dd983808 6618
47db6b42
BG		 6619 if (conn) {
6620 hci_conn_drop(conn);
6621 hci_conn_put(conn);
6622 }
9df74653 6623
47db6b42 6624 mgmt_pending_free(cmd);
dd983808
AK		 6625}
6626
47db6b42 6627static int get_conn_info_sync(struct hci_dev *hdev, void *data)
dd983808 6628{
47db6b42
BG		 6629 struct mgmt_pending_cmd *cmd = data;
6630 struct mgmt_cp_get_conn_info *cp = cmd->param;
dd983808 6631 struct hci_conn *conn;
47db6b42
BG		 6632 int err;
6633 __le16 handle;
dd983808 6634
47db6b42
BG		 6635 /* Make sure we are still connected */
6636 if (cp->addr.type == BDADDR_BREDR)
6637 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6638 &cp->addr.bdaddr);
6639 else
6640 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
dd983808 6641
47db6b42
BG		 6642 if (!conn || conn != cmd->user_data || conn->state != BT_CONNECTED) {
6643 if (cmd->user_data) {
6644 hci_conn_drop(cmd->user_data);
6645 hci_conn_put(cmd->user_data);
6646 cmd->user_data = NULL;
6647 }
6648 return MGMT_STATUS_NOT_CONNECTED;
dd983808
AK		 6649 }
6650
47db6b42 6651 handle = cpu_to_le16(conn->handle);
dd983808 6652
47db6b42
BG		 6653 /* Refresh RSSI each time */
6654 err = hci_read_rssi_sync(hdev, handle);
dd983808 6655
47db6b42
BG		 6656 /* For LE links TX power does not change thus we don't need to
6657 * query for it once value is known.
6658 */
6659 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
6660 conn->tx_power == HCI_TX_POWER_INVALID))
6661 err = hci_read_tx_power_sync(hdev, handle, 0x00);
dd983808 6662
47db6b42
BG		 6663 /* Max TX power needs to be read only once per connection */
6664 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
6665 err = hci_read_tx_power_sync(hdev, handle, 0x01);
dd983808 6666
47db6b42 6667 return err;
dd983808
AK		 6668}
6669
6670static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
6671 u16 len)
6672{
6673 struct mgmt_cp_get_conn_info *cp = data;
6674 struct mgmt_rp_get_conn_info rp;
6675 struct hci_conn *conn;
6676 unsigned long conn_info_age;
6677 int err = 0;
6678
181d6953 6679 bt_dev_dbg(hdev, "sock %p", sk);
dd983808
AK		 6680
6681 memset(&rp, 0, sizeof(rp));
6682 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6683 rp.addr.type = cp->addr.type;
6684
6685 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 6686 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6687 MGMT_STATUS_INVALID_PARAMS,
6688 &rp, sizeof(rp));
dd983808
AK		 6689
6690 hci_dev_lock(hdev);
6691
6692 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 6693 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6694 MGMT_STATUS_NOT_POWERED, &rp,
6695 sizeof(rp));
dd983808
AK		 6696 goto unlock;
6697 }
6698
6699 if (cp->addr.type == BDADDR_BREDR)
6700 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6701 &cp->addr.bdaddr);
6702 else
6703 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6704
6705 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 6706 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6707 MGMT_STATUS_NOT_CONNECTED, &rp,
6708 sizeof(rp));
dd983808
AK		 6709 goto unlock;
6710 }
6711
6712 /* To avoid client trying to guess when to poll again for information we
6713 * calculate conn info age as random value between min/max set in hdev.
6714 */
6715 conn_info_age = hdev->conn_info_min_age +
6716 prandom_u32_max(hdev->conn_info_max_age -
6717 hdev->conn_info_min_age);
6718
6719 /* Query controller to refresh cached values if they are too old or were
6720 * never read.
6721 */
f4e2dd53
AK		 6722 if (time_after(jiffies, conn->conn_info_timestamp +
6723 msecs_to_jiffies(conn_info_age)) ||
dd983808 6724 !conn->conn_info_timestamp) {
3b0602cd 6725 struct mgmt_pending_cmd *cmd;
dd983808 6726
47db6b42
BG		 6727 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
6728 len);
6729 if (!cmd)
6730 err = -ENOMEM;
6731 else
6732 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
6733 cmd, get_conn_info_complete);
dd983808 6734
47db6b42
BG		 6735 if (err < 0) {
6736 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6737 MGMT_STATUS_FAILED, &rp, sizeof(rp));
eed5daf3 6738
47db6b42
BG		 6739 if (cmd)
6740 mgmt_pending_free(cmd);
dd983808 6741
dd983808
AK		 6742 goto unlock;
6743 }
6744
6745 hci_conn_hold(conn);
f8aaf9b6 6746 cmd->user_data = hci_conn_get(conn);
dd983808
AK		 6747
6748 conn->conn_info_timestamp = jiffies;
6749 } else {
6750 /* Cache is valid, just reply with values cached in hci_conn */
6751 rp.rssi = conn->rssi;
6752 rp.tx_power = conn->tx_power;
eed5daf3 6753 rp.max_tx_power = conn->max_tx_power;
dd983808 6754
2a1afb5a
JH		 6755 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6756 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 6757 }
6758
6759unlock:
6760 hci_dev_unlock(hdev);
6761 return err;
6762}
6763
5a750137 6764static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
95868426 6765{
5a750137
BG		 6766 struct mgmt_pending_cmd *cmd = data;
6767 struct mgmt_cp_get_clock_info *cp = cmd->param;
95868426 6768 struct mgmt_rp_get_clock_info rp;
5a750137
BG		 6769 struct hci_conn *conn = cmd->user_data;
6770 u8 status = mgmt_status(err);
6771
6772 bt_dev_dbg(hdev, "err %d", err);
69487371
JH		 6773
6774 memset(&rp, 0, sizeof(rp));
5a750137
BG		 6775 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6776 rp.addr.type = cp->addr.type;
69487371 6777
5a750137 6778 if (err)
69487371
JH		 6779 goto complete;
6780
5a750137 6781 rp.local_clock = cpu_to_le32(hdev->clock);
69487371
JH		 6782
6783 if (conn) {
6784 rp.piconet_clock = cpu_to_le32(conn->clock);
6785 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
69487371
JH		 6786 hci_conn_drop(conn);
6787 hci_conn_put(conn);
6788 }
9df74653 6789
5a750137
BG		 6790complete:
6791 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
6792 sizeof(rp));
6793
6794 mgmt_pending_free(cmd);
69487371
JH		 6795}
6796
5a750137 6797static int get_clock_info_sync(struct hci_dev *hdev, void *data)
69487371 6798{
5a750137
BG		 6799 struct mgmt_pending_cmd *cmd = data;
6800 struct mgmt_cp_get_clock_info *cp = cmd->param;
6801 struct hci_cp_read_clock hci_cp;
6802 struct hci_conn *conn = cmd->user_data;
6803 int err;
95868426 6804
5a750137
BG		 6805 memset(&hci_cp, 0, sizeof(hci_cp));
6806 err = hci_read_clock_sync(hdev, &hci_cp);
95868426 6807
5a750137
BG		 6808 if (conn) {
6809 /* Make sure connection still exists */
6810 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6811 &cp->addr.bdaddr);
95868426 6812
5a750137
BG		 6813 if (conn && conn == cmd->user_data &&
6814 conn->state == BT_CONNECTED) {
6815 hci_cp.handle = cpu_to_le16(conn->handle);
6816 hci_cp.which = 0x01; /* Piconet clock */
6817 err = hci_read_clock_sync(hdev, &hci_cp);
6818 } else if (cmd->user_data) {
6819 hci_conn_drop(cmd->user_data);
6820 hci_conn_put(cmd->user_data);
6821 cmd->user_data = NULL;
6822 }
95868426
JH		 6823 }
6824
5a750137 6825 return err;
95868426
JH		 6826}
6827
6828static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5a750137 6829 u16 len)
95868426
JH		 6830{
6831 struct mgmt_cp_get_clock_info *cp = data;
6832 struct mgmt_rp_get_clock_info rp;
3b0602cd 6833 struct mgmt_pending_cmd *cmd;
95868426
JH		 6834 struct hci_conn *conn;
6835 int err;
6836
181d6953 6837 bt_dev_dbg(hdev, "sock %p", sk);
95868426
JH		 6838
6839 memset(&rp, 0, sizeof(rp));
6840 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6841 rp.addr.type = cp->addr.type;
6842
6843 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 6844 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6845 MGMT_STATUS_INVALID_PARAMS,
6846 &rp, sizeof(rp));
95868426
JH		 6847
6848 hci_dev_lock(hdev);
6849
6850 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 6851 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6852 MGMT_STATUS_NOT_POWERED, &rp,
6853 sizeof(rp));
95868426
JH		 6854 goto unlock;
6855 }
6856
6857 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6858 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6859 &cp->addr.bdaddr);
6860 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 6861 err = mgmt_cmd_complete(sk, hdev->id,
6862 MGMT_OP_GET_CLOCK_INFO,
6863 MGMT_STATUS_NOT_CONNECTED,
6864 &rp, sizeof(rp));
95868426
JH		 6865 goto unlock;
6866 }
6867 } else {
6868 conn = NULL;
6869 }
6870
5a750137
BG		 6871 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6872 if (!cmd)
95868426 6873 err = -ENOMEM;
5a750137
BG		 6874 else
6875 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
6876 get_clock_info_complete);
69487371 6877
5a750137
BG		 6878 if (err < 0) {
6879 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6880 MGMT_STATUS_FAILED, &rp, sizeof(rp));
95868426 6881
5a750137
BG		 6882 if (cmd)
6883 mgmt_pending_free(cmd);
95868426 6884
5a750137 6885 } else if (conn) {
95868426 6886 hci_conn_hold(conn);
f8aaf9b6 6887 cmd->user_data = hci_conn_get(conn);
95868426
JH		 6888 }
6889
95868426
JH		 6890
6891unlock:
6892 hci_dev_unlock(hdev);
6893 return err;
6894}
6895
5a154e6f
JH		 6896static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6897{
6898 struct hci_conn *conn;
6899
6900 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6901 if (!conn)
6902 return false;
6903
6904 if (conn->dst_type != type)
6905 return false;
6906
6907 if (conn->state != BT_CONNECTED)
6908 return false;
6909
6910 return true;
6911}
6912
6913/* This function requires the caller holds hdev->lock */
51d7a94d 6914static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 6915 u8 addr_type, u8 auto_connect)
6916{
5a154e6f
JH		 6917 struct hci_conn_params *params;
6918
6919 params = hci_conn_params_add(hdev, addr, addr_type);
6920 if (!params)
6921 return -EIO;
6922
6923 if (params->auto_connect == auto_connect)
6924 return 0;
6925
6926 list_del_init(&params->action);
6927
6928 switch (auto_connect) {
6929 case HCI_AUTO_CONN_DISABLED:
6930 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 6931 /* If auto connect is being disabled when we're trying to
6932 * connect to device, keep connecting.
6933 */
6934 if (params->explicit_connect)
6935 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 6936 break;
6937 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 6938 if (params->explicit_connect)
6939 list_add(&params->action, &hdev->pend_le_conns);
6940 else
6941 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 6942 break;
6943 case HCI_AUTO_CONN_DIRECT:
6944 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 6945 if (!is_connected(hdev, addr, addr_type))
5a154e6f 6946 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 6947 break;
6948 }
6949
6950 params->auto_connect = auto_connect;
6951
181d6953
MH		 6952 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
6953 addr, addr_type, auto_connect);
5a154e6f
JH		 6954
6955 return 0;
6956}
6957
8afef092
MH		 6958static void device_added(struct sock *sk, struct hci_dev *hdev,
6959 bdaddr_t *bdaddr, u8 type, u8 action)
6960{
6961 struct mgmt_ev_device_added ev;
6962
6963 bacpy(&ev.addr.bdaddr, bdaddr);
6964 ev.addr.type = type;
6965 ev.action = action;
6966
6967 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6968}
6969
e8907f76
LAD		 6970static int add_device_sync(struct hci_dev *hdev, void *data)
6971{
6972 return hci_update_passive_scan_sync(hdev);
6973}
6974
2faade53
MH		 6975static int add_device(struct sock *sk, struct hci_dev *hdev,
6976 void *data, u16 len)
6977{
6978 struct mgmt_cp_add_device *cp = data;
6979 u8 auto_conn, addr_type;
4c54bf2b 6980 struct hci_conn_params *params;
2faade53 6981 int err;
4c54bf2b 6982 u32 current_flags = 0;
2faade53 6983
181d6953 6984 bt_dev_dbg(hdev, "sock %p", sk);
2faade53 6985
6659358e 6986 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 6987 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 6988 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6989 MGMT_STATUS_INVALID_PARAMS,
6990 &cp->addr, sizeof(cp->addr));
2faade53 6991
4b9e7e75 6992 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 6993 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6994 MGMT_STATUS_INVALID_PARAMS,
6995 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6996
6997 hci_dev_lock(hdev);
6998
6659358e 6999 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 7000 /* Only incoming connections action is supported for now */
6659358e 7001 if (cp->action != 0x01) {
51d7a94d
JH		 7002 err = mgmt_cmd_complete(sk, hdev->id,
7003 MGMT_OP_ADD_DEVICE,
7004 MGMT_STATUS_INVALID_PARAMS,
7005 &cp->addr, sizeof(cp->addr));
6659358e
JH		 7006 goto unlock;
7007 }
7008
3d4f9c00 7009 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
8baaa403
APS		 7010 &cp->addr.bdaddr,
7011 cp->addr.type, 0);
6659358e
JH		 7012 if (err)
7013 goto unlock;
a397407f 7014
01b1cb87 7015 hci_req_update_scan(hdev);
a397407f 7016
6659358e
JH		 7017 goto added;
7018 }
7019
85813a7e 7020 addr_type = le_addr_type(cp->addr.type);
2faade53 7021
4b9e7e75 7022 if (cp->action == 0x02)
2faade53 7023 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 7024 else if (cp->action == 0x01)
7025 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 7026 else
a3451d27 7027 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 7028
9a0a8a8e
JP		 7029 /* Kernel internally uses conn_params with resolvable private
7030 * address, but Add Device allows only identity addresses.
7031 * Make sure it is enforced before calling
7032 * hci_conn_params_lookup.
7033 */
7034 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 7035 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7036 MGMT_STATUS_INVALID_PARAMS,
7037 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 7038 goto unlock;
7039 }
7040
bf5b3c8b
MH		 7041 /* If the connection parameters don't exist for this device,
7042 * they will be created and configured with defaults.
7043 */
51d7a94d 7044 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 7045 auto_conn) < 0) {
51d7a94d
JH		 7046 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7047 MGMT_STATUS_FAILED, &cp->addr,
7048 sizeof(cp->addr));
2faade53 7049 goto unlock;
4c54bf2b
APS		 7050 } else {
7051 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7052 addr_type);
7053 if (params)
7054 current_flags = params->current_flags;
2faade53
MH		 7055 }
7056
e8907f76
LAD		 7057 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
7058 if (err < 0)
7059 goto unlock;
51d7a94d 7060
6659358e 7061added:
8afef092 7062 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
4c54bf2b
APS		 7063 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
7064 SUPPORTED_DEVICE_FLAGS(), current_flags);
8afef092 7065
51d7a94d
JH		 7066 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7067 MGMT_STATUS_SUCCESS, &cp->addr,
7068 sizeof(cp->addr));
2faade53
MH		 7069
7070unlock:
7071 hci_dev_unlock(hdev);
7072 return err;
7073}
7074
8afef092
MH		 7075static void device_removed(struct sock *sk, struct hci_dev *hdev,
7076 bdaddr_t *bdaddr, u8 type)
7077{
7078 struct mgmt_ev_device_removed ev;
7079
7080 bacpy(&ev.addr.bdaddr, bdaddr);
7081 ev.addr.type = type;
7082
7083 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7084}
7085
e8907f76
LAD		 7086static int remove_device_sync(struct hci_dev *hdev, void *data)
7087{
7088 return hci_update_passive_scan_sync(hdev);
7089}
7090
2faade53
MH		 7091static int remove_device(struct sock *sk, struct hci_dev *hdev,
7092 void *data, u16 len)
7093{
7094 struct mgmt_cp_remove_device *cp = data;
7095 int err;
7096
181d6953 7097 bt_dev_dbg(hdev, "sock %p", sk);
2faade53
MH		 7098
7099 hci_dev_lock(hdev);
7100
7101 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 7102 struct hci_conn_params *params;
2faade53
MH		 7103 u8 addr_type;
7104
6659358e 7105 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 7106 err = mgmt_cmd_complete(sk, hdev->id,
7107 MGMT_OP_REMOVE_DEVICE,
7108 MGMT_STATUS_INVALID_PARAMS,
7109 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7110 goto unlock;
7111 }
7112
6659358e 7113 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 7114 err = hci_bdaddr_list_del(&hdev->accept_list,
6659358e
JH		 7115 &cp->addr.bdaddr,
7116 cp->addr.type);
7117 if (err) {
51d7a94d
JH		 7118 err = mgmt_cmd_complete(sk, hdev->id,
7119 MGMT_OP_REMOVE_DEVICE,
7120 MGMT_STATUS_INVALID_PARAMS,
7121 &cp->addr,
7122 sizeof(cp->addr));
6659358e
JH		 7123 goto unlock;
7124 }
7125
01b1cb87 7126 hci_req_update_scan(hdev);
a397407f 7127
6659358e
JH		 7128 device_removed(sk, hdev, &cp->addr.bdaddr,
7129 cp->addr.type);
7130 goto complete;
7131 }
7132
85813a7e 7133 addr_type = le_addr_type(cp->addr.type);
2faade53 7134
9a0a8a8e
JP		 7135 /* Kernel internally uses conn_params with resolvable private
7136 * address, but Remove Device allows only identity addresses.
7137 * Make sure it is enforced before calling
7138 * hci_conn_params_lookup.
7139 */
7140 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 7141 err = mgmt_cmd_complete(sk, hdev->id,
7142 MGMT_OP_REMOVE_DEVICE,
7143 MGMT_STATUS_INVALID_PARAMS,
7144 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 7145 goto unlock;
7146 }
7147
c71593dd
JH		 7148 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7149 addr_type);
7150 if (!params) {
51d7a94d
JH		 7151 err = mgmt_cmd_complete(sk, hdev->id,
7152 MGMT_OP_REMOVE_DEVICE,
7153 MGMT_STATUS_INVALID_PARAMS,
7154 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 7155 goto unlock;
7156 }
7157
679d2b6f
JH		 7158 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
7159 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 7160 err = mgmt_cmd_complete(sk, hdev->id,
7161 MGMT_OP_REMOVE_DEVICE,
7162 MGMT_STATUS_INVALID_PARAMS,
7163 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 7164 goto unlock;
7165 }
7166
d1dbf12e 7167 list_del(&params->action);
c71593dd
JH		 7168 list_del(&params->list);
7169 kfree(params);
8afef092
MH		 7170
7171 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 7172 } else {
19de0825 7173 struct hci_conn_params *p, *tmp;
6659358e 7174 struct bdaddr_list *b, *btmp;
19de0825 7175
2faade53 7176 if (cp->addr.type) {
51d7a94d
JH		 7177 err = mgmt_cmd_complete(sk, hdev->id,
7178 MGMT_OP_REMOVE_DEVICE,
7179 MGMT_STATUS_INVALID_PARAMS,
7180 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7181 goto unlock;
7182 }
7183
3d4f9c00 7184 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
6659358e
JH		 7185 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7186 list_del(&b->list);
7187 kfree(b);
7188 }
7189
01b1cb87 7190 hci_req_update_scan(hdev);
a397407f 7191
19de0825
JH		 7192 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7193 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7194 continue;
7195 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 7196 if (p->explicit_connect) {
7197 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
7198 continue;
7199 }
19de0825
JH		 7200 list_del(&p->action);
7201 list_del(&p->list);
7202 kfree(p);
7203 }
7204
181d6953 7205 bt_dev_dbg(hdev, "All LE connection parameters were removed");
2faade53
MH		 7206 }
7207
e8907f76
LAD		 7208 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
7209
6659358e 7210complete:
51d7a94d
JH		 7211 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
7212 MGMT_STATUS_SUCCESS, &cp->addr,
7213 sizeof(cp->addr));
2faade53
MH		 7214unlock:
7215 hci_dev_unlock(hdev);
7216 return err;
7217}
7218
a26f3dcf
JH		 7219static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7220 u16 len)
7221{
7222 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 7223 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7224 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 7225 u16 param_count, expected_len;
7226 int i;
7227
7228 if (!lmp_le_capable(hdev))
a69e8375
JH		 7229 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7230 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 7231
7232 param_count = __le16_to_cpu(cp->param_count);
ba1d6936 7233 if (param_count > max_param_count) {
2064ee33
MH		 7234 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
7235 param_count);
a69e8375
JH		 7236 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7237 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 7238 }
a26f3dcf 7239
5bec1fb8 7240 expected_len = struct_size(cp, params, param_count);
a26f3dcf 7241 if (expected_len != len) {
2064ee33
MH		 7242 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
7243 expected_len, len);
a69e8375
JH		 7244 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7245 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 7246 }
7247
181d6953 7248 bt_dev_dbg(hdev, "param_count %u", param_count);
a26f3dcf
JH		 7249
7250 hci_dev_lock(hdev);
7251
7252 hci_conn_params_clear_disabled(hdev);
7253
7254 for (i = 0; i < param_count; i++) {
7255 struct mgmt_conn_param *param = &cp->params[i];
7256 struct hci_conn_params *hci_param;
7257 u16 min, max, latency, timeout;
7258 u8 addr_type;
7259
181d6953
MH		 7260 bt_dev_dbg(hdev, "Adding %pMR (type %u)", &param->addr.bdaddr,
7261 param->addr.type);
a26f3dcf
JH		 7262
7263 if (param->addr.type == BDADDR_LE_PUBLIC) {
7264 addr_type = ADDR_LE_DEV_PUBLIC;
7265 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7266 addr_type = ADDR_LE_DEV_RANDOM;
7267 } else {
2064ee33 7268 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 7269 continue;
7270 }
7271
7272 min = le16_to_cpu(param->min_interval);
7273 max = le16_to_cpu(param->max_interval);
7274 latency = le16_to_cpu(param->latency);
7275 timeout = le16_to_cpu(param->timeout);
7276
181d6953
MH		 7277 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7278 min, max, latency, timeout);
a26f3dcf
JH		 7279
7280 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
2064ee33 7281 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 7282 continue;
7283 }
7284
7285 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
7286 addr_type);
7287 if (!hci_param) {
2064ee33 7288 bt_dev_err(hdev, "failed to add connection parameters");
a26f3dcf
JH		 7289 continue;
7290 }
7291
7292 hci_param->conn_min_interval = min;
7293 hci_param->conn_max_interval = max;
7294 hci_param->conn_latency = latency;
7295 hci_param->supervision_timeout = timeout;
7296 }
7297
7298 hci_dev_unlock(hdev);
7299
2a1afb5a
JH		 7300 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7301 NULL, 0);
a26f3dcf
JH		 7302}
7303
dbece37a
MH		 7304static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7305 void *data, u16 len)
7306{
7307 struct mgmt_cp_set_external_config *cp = data;
7308 bool changed;
7309 int err;
7310
181d6953 7311 bt_dev_dbg(hdev, "sock %p", sk);
dbece37a
MH		 7312
7313 if (hdev_is_powered(hdev))
a69e8375
JH		 7314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7315 MGMT_STATUS_REJECTED);
dbece37a
MH		 7316
7317 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 7318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7319 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 7320
7321 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 7322 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7323 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 7324
7325 hci_dev_lock(hdev);
7326
7327 if (cp->config)
238be788 7328 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 7329 else
a69d8927 7330 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 7331
7332 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7333 if (err < 0)
7334 goto unlock;
7335
7336 if (!changed)
7337 goto unlock;
7338
f4537c04
MH		 7339 err = new_options(hdev, sk);
7340
d7a5a11d 7341 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 7342 mgmt_index_removed(hdev);
d603b76b 7343
516018a9 7344 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 7345 hci_dev_set_flag(hdev, HCI_CONFIG);
7346 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 7347
7348 queue_work(hdev->req_workqueue, &hdev->power_on);
7349 } else {
5ea234d3 7350 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 7351 mgmt_index_added(hdev);
7352 }
dbece37a
MH		 7353 }
7354
7355unlock:
7356 hci_dev_unlock(hdev);
7357 return err;
7358}
7359
9713c17b
MH		 7360static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7361 void *data, u16 len)
7362{
7363 struct mgmt_cp_set_public_address *cp = data;
7364 bool changed;
7365 int err;
7366
181d6953 7367 bt_dev_dbg(hdev, "sock %p", sk);
9713c17b
MH		 7368
7369 if (hdev_is_powered(hdev))
a69e8375
JH		 7370 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7371 MGMT_STATUS_REJECTED);
9713c17b
MH		 7372
7373 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 7374 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7375 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 7376
7377 if (!hdev->set_bdaddr)
a69e8375
JH		 7378 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7379 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 7380
7381 hci_dev_lock(hdev);
7382
7383 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7384 bacpy(&hdev->public_addr, &cp->bdaddr);
7385
7386 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7387 if (err < 0)
7388 goto unlock;
7389
7390 if (!changed)
7391 goto unlock;
7392
d7a5a11d 7393 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 7394 err = new_options(hdev, sk);
7395
7396 if (is_configured(hdev)) {
7397 mgmt_index_removed(hdev);
7398
a358dc11 7399 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 7400
a1536da2
MH		 7401 hci_dev_set_flag(hdev, HCI_CONFIG);
7402 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 7403
7404 queue_work(hdev->req_workqueue, &hdev->power_on);
7405 }
7406
7407unlock:
7408 hci_dev_unlock(hdev);
7409 return err;
7410}
7411
177e77a3
BG		 7412static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
7413 int err)
40f66c05
JH		 7414{
7415 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
7416 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
7417 u8 *h192, *r192, *h256, *r256;
177e77a3
BG		 7418 struct mgmt_pending_cmd *cmd = data;
7419 struct sk_buff *skb = cmd->skb;
7420 u8 status = mgmt_status(err);
40f66c05 7421 u16 eir_len;
40f66c05 7422
177e77a3
BG		 7423 if (!status) {
7424 if (!skb)
7425 status = MGMT_STATUS_FAILED;
7426 else if (IS_ERR(skb))
7427 status = mgmt_status(PTR_ERR(skb));
7428 else
7429 status = mgmt_status(skb->data[0]);
7430 }
40f66c05 7431
177e77a3 7432 bt_dev_dbg(hdev, "status %u", status);
40f66c05
JH		 7433
7434 mgmt_cp = cmd->param;
7435
7436 if (status) {
7437 status = mgmt_status(status);
7438 eir_len = 0;
7439
7440 h192 = NULL;
7441 r192 = NULL;
7442 h256 = NULL;
7443 r256 = NULL;
177e77a3 7444 } else if (!bredr_sc_enabled(hdev)) {
40f66c05
JH		 7445 struct hci_rp_read_local_oob_data *rp;
7446
7447 if (skb->len != sizeof(*rp)) {
7448 status = MGMT_STATUS_FAILED;
7449 eir_len = 0;
7450 } else {
7451 status = MGMT_STATUS_SUCCESS;
7452 rp = (void *)skb->data;
7453
7454 eir_len = 5 + 18 + 18;
7455 h192 = rp->hash;
7456 r192 = rp->rand;
7457 h256 = NULL;
7458 r256 = NULL;
7459 }
7460 } else {
7461 struct hci_rp_read_local_oob_ext_data *rp;
7462
7463 if (skb->len != sizeof(*rp)) {
7464 status = MGMT_STATUS_FAILED;
7465 eir_len = 0;
7466 } else {
7467 status = MGMT_STATUS_SUCCESS;
7468 rp = (void *)skb->data;
7469
7470 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
7471 eir_len = 5 + 18 + 18;
7472 h192 = NULL;
7473 r192 = NULL;
7474 } else {
7475 eir_len = 5 + 18 + 18 + 18 + 18;
7476 h192 = rp->hash192;
7477 r192 = rp->rand192;
7478 }
7479
7480 h256 = rp->hash256;
7481 r256 = rp->rand256;
7482 }
7483 }
7484
7485 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
7486 if (!mgmt_rp)
7487 goto done;
7488
a31e5a41 7489 if (eir_len == 0)
40f66c05
JH		 7490 goto send_rsp;
7491
7492 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
7493 hdev->dev_class, 3);
7494
7495 if (h192 && r192) {
7496 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7497 EIR_SSP_HASH_C192, h192, 16);
7498 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7499 EIR_SSP_RAND_R192, r192, 16);
7500 }
7501
7502 if (h256 && r256) {
7503 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7504 EIR_SSP_HASH_C256, h256, 16);
7505 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7506 EIR_SSP_RAND_R256, r256, 16);
7507 }
7508
7509send_rsp:
7510 mgmt_rp->type = mgmt_cp->type;
7511 mgmt_rp->eir_len = cpu_to_le16(eir_len);
7512
7513 err = mgmt_cmd_complete(cmd->sk, hdev->id,
7514 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
7515 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
7516 if (err < 0 || status)
7517 goto done;
7518
7519 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
7520
7521 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7522 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
7523 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
7524done:
177e77a3
BG		 7525 if (skb && !IS_ERR(skb))
7526 kfree_skb(skb);
7527
40f66c05
JH		 7528 kfree(mgmt_rp);
7529 mgmt_pending_remove(cmd);
7530}
7531
7532static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
7533 struct mgmt_cp_read_local_oob_ext_data *cp)
7534{
7535 struct mgmt_pending_cmd *cmd;
40f66c05
JH		 7536 int err;
7537
7538 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
7539 cp, sizeof(*cp));
7540 if (!cmd)
7541 return -ENOMEM;
7542
177e77a3
BG		 7543 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
7544 read_local_oob_ext_data_complete);
40f66c05 7545
40f66c05
JH		 7546 if (err < 0) {
7547 mgmt_pending_remove(cmd);
7548 return err;
7549 }
7550
7551 return 0;
7552}
7553
4f0f155c
MH		 7554static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
7555 void *data, u16 data_len)
7556{
7557 struct mgmt_cp_read_local_oob_ext_data *cp = data;
7558 struct mgmt_rp_read_local_oob_ext_data *rp;
7559 size_t rp_len;
7560 u16 eir_len;
0821a2c5 7561 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 7562 int err;
7563
181d6953 7564 bt_dev_dbg(hdev, "sock %p", sk);
4f0f155c 7565
57b0d3e8
MH		 7566 if (hdev_is_powered(hdev)) {
7567 switch (cp->type) {
7568 case BIT(BDADDR_BREDR):
7569 status = mgmt_bredr_support(hdev);
7570 if (status)
7571 eir_len = 0;
7572 else
7573 eir_len = 5;
7574 break;
7575 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7576 status = mgmt_le_support(hdev);
7577 if (status)
7578 eir_len = 0;
7579 else
7580 eir_len = 9 + 3 + 18 + 18 + 3;
7581 break;
7582 default:
7583 status = MGMT_STATUS_INVALID_PARAMS;
7584 eir_len = 0;
7585 break;
7586 }
7587 } else {
7588 status = MGMT_STATUS_NOT_POWERED;
7589 eir_len = 0;
4f0f155c
MH		 7590 }
7591
4f0f155c
MH		 7592 rp_len = sizeof(*rp) + eir_len;
7593 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 7594 if (!rp)
4f0f155c 7595 return -ENOMEM;
efcd8c98 7596
81218cbe
BG		 7597 if (!status && !lmp_ssp_capable(hdev)) {
7598 status = MGMT_STATUS_NOT_SUPPORTED;
7599 eir_len = 0;
7600 }
7601
57b0d3e8
MH		 7602 if (status)
7603 goto complete;
7604
efcd8c98 7605 hci_dev_lock(hdev);
4f0f155c
MH		 7606
7607 eir_len = 0;
7608 switch (cp->type) {
7609 case BIT(BDADDR_BREDR):
40f66c05
JH		 7610 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7611 err = read_local_ssp_oob_req(hdev, sk, cp);
7612 hci_dev_unlock(hdev);
7613 if (!err)
7614 goto done;
7615
7616 status = MGMT_STATUS_FAILED;
7617 goto complete;
7618 } else {
7619 eir_len = eir_append_data(rp->eir, eir_len,
7620 EIR_CLASS_OF_DEV,
7621 hdev->dev_class, 3);
7622 }
4f0f155c
MH		 7623 break;
7624 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 7625 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
7626 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 7627 hci_dev_unlock(hdev);
57b0d3e8
MH		 7628 status = MGMT_STATUS_FAILED;
7629 goto complete;
0821a2c5
MH		 7630 }
7631
e213568a
MH		 7632 /* This should return the active RPA, but since the RPA
7633 * is only programmed on demand, it is really hard to fill
7634 * this in at the moment. For now disallow retrieving
7635 * local out-of-band data when privacy is in use.
7636 *
7637 * Returning the identity address will not help here since
7638 * pairing happens before the identity resolving key is
7639 * known and thus the connection establishment happens
7640 * based on the RPA and not the identity address.
7641 */
4f0f155c 7642 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 7643 hci_dev_unlock(hdev);
7644 status = MGMT_STATUS_REJECTED;
7645 goto complete;
7646 }
7647
7648 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
7649 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
7650 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
7651 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 7652 memcpy(addr, &hdev->static_addr, 6);
7653 addr[6] = 0x01;
7654 } else {
7655 memcpy(addr, &hdev->bdaddr, 6);
7656 addr[6] = 0x00;
7657 }
7658
7659 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
7660 addr, sizeof(addr));
7661
7662 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7663 role = 0x02;
7664 else
7665 role = 0x01;
7666
7667 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
7668 &role, sizeof(role));
7669
5082a599
MH		 7670 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
7671 eir_len = eir_append_data(rp->eir, eir_len,
7672 EIR_LE_SC_CONFIRM,
7673 hash, sizeof(hash));
0821a2c5 7674
5082a599
MH		 7675 eir_len = eir_append_data(rp->eir, eir_len,
7676 EIR_LE_SC_RANDOM,
7677 rand, sizeof(rand));
7678 }
0821a2c5 7679
f2252570 7680 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 7681
7682 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7683 flags |= LE_AD_NO_BREDR;
7684
7685 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
7686 &flags, sizeof(flags));
7687 break;
7688 }
7689
4f0f155c
MH		 7690 hci_dev_unlock(hdev);
7691
72000df2
MH		 7692 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
7693
57b0d3e8
MH		 7694 status = MGMT_STATUS_SUCCESS;
7695
7696complete:
efcd8c98
MH		 7697 rp->type = cp->type;
7698 rp->eir_len = cpu_to_le16(eir_len);
7699
4f0f155c 7700 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 7701 status, rp, sizeof(*rp) + eir_len);
7702 if (err < 0 || status)
72000df2
MH		 7703 goto done;
7704
7705 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7706 rp, sizeof(*rp) + eir_len,
7707 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 7708
0821a2c5 7709done:
4f0f155c
MH		 7710 kfree(rp);
7711
7712 return err;
7713}
7714
089fa8c0
AU		 7715static u32 get_supported_adv_flags(struct hci_dev *hdev)
7716{
7717 u32 flags = 0;
7718
7719 flags |= MGMT_ADV_FLAG_CONNECTABLE;
7720 flags |= MGMT_ADV_FLAG_DISCOV;
7721 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
7722 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
c4960ecf 7723 flags |= MGMT_ADV_FLAG_APPEARANCE;
7c295c48 7724 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
12410572
DW		 7725 flags |= MGMT_ADV_PARAM_DURATION;
7726 flags |= MGMT_ADV_PARAM_TIMEOUT;
7727 flags |= MGMT_ADV_PARAM_INTERVALS;
7728 flags |= MGMT_ADV_PARAM_TX_POWER;
ff02db13 7729 flags |= MGMT_ADV_PARAM_SCAN_RSP;
089fa8c0 7730
de181e88
JK		 7731 /* In extended adv TX_POWER returned from Set Adv Param
7732 * will be always valid.
7733 */
7734 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
7735 ext_adv_capable(hdev))
089fa8c0
AU		 7736 flags |= MGMT_ADV_FLAG_TX_POWER;
7737
85a721a8
JK		 7738 if (ext_adv_capable(hdev)) {
7739 flags |= MGMT_ADV_FLAG_SEC_1M;
d5ea32da
DW		 7740 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
7741 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
85a721a8
JK		 7742
7743 if (hdev->le_features[1] & HCI_LE_PHY_2M)
7744 flags |= MGMT_ADV_FLAG_SEC_2M;
7745
7746 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
7747 flags |= MGMT_ADV_FLAG_SEC_CODED;
7748 }
7749
089fa8c0
AU		 7750 return flags;
7751}
7752
d3d5305b
MH		 7753static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
7754 void *data, u16 data_len)
7755{
7756 struct mgmt_rp_read_adv_features *rp;
7757 size_t rp_len;
02c04afe 7758 int err;
286e0c83 7759 struct adv_info *adv_instance;
089fa8c0 7760 u32 supported_flags;
02c04afe 7761 u8 *instance;
d3d5305b 7762
181d6953 7763 bt_dev_dbg(hdev, "sock %p", sk);
d3d5305b 7764
089fa8c0
AU		 7765 if (!lmp_le_capable(hdev))
7766 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7767 MGMT_STATUS_REJECTED);
7768
d3d5305b
MH		 7769 hci_dev_lock(hdev);
7770
02c04afe 7771 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 7772 rp = kmalloc(rp_len, GFP_ATOMIC);
7773 if (!rp) {
7774 hci_dev_unlock(hdev);
7775 return -ENOMEM;
7776 }
7777
089fa8c0
AU		 7778 supported_flags = get_supported_adv_flags(hdev);
7779
7780 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 7781 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7782 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
87597482 7783 rp->max_instances = hdev->le_num_of_adv_sets;
02c04afe 7784 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 7785
02c04afe
JH		 7786 instance = rp->instance;
7787 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7788 *instance = adv_instance->instance;
7789 instance++;
24b4f38f 7790 }
d3d5305b
MH		 7791
7792 hci_dev_unlock(hdev);
7793
7794 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7795 MGMT_STATUS_SUCCESS, rp, rp_len);
7796
7797 kfree(rp);
7798
7799 return err;
7800}
7801
f61851f6
MN		 7802static u8 calculate_name_len(struct hci_dev *hdev)
7803{
7804 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
7805
01ce70b0 7806 return eir_append_local_name(hdev, buf, 0);
f61851f6
MN		 7807}
7808
7809static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
7810 bool is_adv_data)
24b4f38f 7811{
4117ed70 7812 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 7813
31a3248d
MH		 7814 if (is_adv_data) {
7815 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7816 MGMT_ADV_FLAG_LIMITED_DISCOV |
2bb36870 7817 MGMT_ADV_FLAG_MANAGED_FLAGS))
31a3248d 7818 max_len -= 3;
24b4f38f 7819
2bb36870 7820 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
31a3248d 7821 max_len -= 3;
7c295c48 7822 } else {
7c295c48 7823 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
f61851f6 7824 max_len -= calculate_name_len(hdev);
c4960ecf 7825
2bb36870 7826 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
c4960ecf 7827 max_len -= 4;
5507e358
AU		 7828 }
7829
2bb36870
SJ		 7830 return max_len;
7831}
7832
7833static bool flags_managed(u32 adv_flags)
7834{
7835 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
7836 MGMT_ADV_FLAG_LIMITED_DISCOV |
7837 MGMT_ADV_FLAG_MANAGED_FLAGS);
7838}
7839
7840static bool tx_power_managed(u32 adv_flags)
7841{
7842 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
7843}
7844
7845static bool name_managed(u32 adv_flags)
7846{
7847 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
7848}
7849
7850static bool appearance_managed(u32 adv_flags)
7851{
7852 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
7853}
7854
f61851f6
MN		 7855static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7856 u8 len, bool is_adv_data)
2bb36870
SJ		 7857{
7858 int i, cur_len;
7859 u8 max_len;
7860
f61851f6 7861 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
2bb36870 7862
4117ed70 7863 if (len > max_len)
24b4f38f
AU		 7864 return false;
7865
4117ed70
AU		 7866 /* Make sure that the data is correctly formatted. */
7867 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7868 cur_len = data[i];
24b4f38f 7869
799acb93
LAD		 7870 if (!cur_len)
7871 continue;
7872
9c9db78d
SJ		 7873 if (data[i + 1] == EIR_FLAGS &&
7874 (!is_adv_data || flags_managed(adv_flags)))
2bb36870
SJ		 7875 return false;
7876
7877 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
7878 return false;
7879
7880 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
7881 return false;
7882
7883 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
b44133ff
AU		 7884 return false;
7885
2bb36870
SJ		 7886 if (data[i + 1] == EIR_APPEARANCE &&
7887 appearance_managed(adv_flags))
5507e358
AU		 7888 return false;
7889
24b4f38f
AU		 7890 /* If the current field length would exceed the total data
7891 * length, then it's invalid.
7892 */
4117ed70 7893 if (i + cur_len >= len)
24b4f38f
AU		 7894 return false;
7895 }
7896
7897 return true;
7898}
7899
12410572
DW		 7900static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
7901{
7902 u32 supported_flags, phy_flags;
7903
7904 /* The current implementation only supports a subset of the specified
7905 * flags. Also need to check mutual exclusiveness of sec flags.
7906 */
7907 supported_flags = get_supported_adv_flags(hdev);
7908 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
7909 if (adv_flags & ~supported_flags ||
7910 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
7911 return false;
7912
7913 return true;
7914}
7915
7916static bool adv_busy(struct hci_dev *hdev)
7917{
7918 return (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7919 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7920 pending_find(MGMT_OP_SET_LE, hdev) ||
7921 pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev) ||
7922 pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev));
7923}
7924
cba6b758
LAD		 7925static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
7926 int err)
24b4f38f 7927{
cba6b758 7928 struct adv_info *adv, *n;
24b4f38f 7929
cba6b758 7930 bt_dev_dbg(hdev, "err %d", err);
24b4f38f
AU		 7931
7932 hci_dev_lock(hdev);
7933
cba6b758
LAD		 7934 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
7935 u8 instance;
24b4f38f 7936
cba6b758 7937 if (!adv->pending)
fffd38bc
FG		 7938 continue;
7939
cba6b758
LAD		 7940 if (!err) {
7941 adv->pending = false;
fffd38bc
FG		 7942 continue;
7943 }
7944
cba6b758 7945 instance = adv->instance;
fffd38bc
FG		 7946
7947 if (hdev->cur_adv_instance == instance)
7948 cancel_adv_timeout(hdev);
7949
7950 hci_remove_adv_instance(hdev, instance);
cba6b758 7951 mgmt_advertising_removed(sk, hdev, instance);
24b4f38f
AU		 7952 }
7953
cba6b758
LAD		 7954 hci_dev_unlock(hdev);
7955}
7956
7957static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
7958{
7959 struct mgmt_pending_cmd *cmd = data;
7960 struct mgmt_cp_add_advertising *cp = cmd->param;
7961 struct mgmt_rp_add_advertising rp;
7962
7963 memset(&rp, 0, sizeof(rp));
24b4f38f 7964
fffd38bc 7965 rp.instance = cp->instance;
24b4f38f 7966
cba6b758 7967 if (err)
24b4f38f 7968 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
cba6b758 7969 mgmt_status(err));
24b4f38f
AU		 7970 else
7971 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
cba6b758 7972 mgmt_status(err), &rp, sizeof(rp));
24b4f38f 7973
cba6b758 7974 add_adv_complete(hdev, cmd->sk, cp->instance, err);
24b4f38f 7975
cba6b758
LAD		 7976 mgmt_pending_free(cmd);
7977}
7978
7979static int add_advertising_sync(struct hci_dev *hdev, void *data)
7980{
7981 struct mgmt_pending_cmd *cmd = data;
7982 struct mgmt_cp_add_advertising *cp = cmd->param;
7983
7984 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
24b4f38f
AU		 7985}
7986
7987static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7988 void *data, u16 data_len)
7989{
7990 struct mgmt_cp_add_advertising *cp = data;
7991 struct mgmt_rp_add_advertising rp;
7992 u32 flags;
7993 u8 status;
fffd38bc
FG		 7994 u16 timeout, duration;
7995 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7996 u8 schedule_instance = 0;
7997 struct adv_info *next_instance;
24b4f38f
AU		 7998 int err;
7999 struct mgmt_pending_cmd *cmd;
24b4f38f 8000
181d6953 8001 bt_dev_dbg(hdev, "sock %p", sk);
24b4f38f
AU		 8002
8003 status = mgmt_le_support(hdev);
8004 if (status)
8005 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8006 status);
8007
87597482 8008 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
6a0e7807
JH		 8009 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8010 MGMT_STATUS_INVALID_PARAMS);
8011
8012 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 8013 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8014 MGMT_STATUS_INVALID_PARAMS);
8015
24b4f38f 8016 flags = __le32_to_cpu(cp->flags);
912098a6 8017 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 8018 duration = __le16_to_cpu(cp->duration);
24b4f38f 8019
12410572 8020 if (!requested_adv_flags_are_valid(hdev, flags))
24b4f38f
AU		 8021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8022 MGMT_STATUS_INVALID_PARAMS);
8023
8024 hci_dev_lock(hdev);
8025
912098a6
AU		 8026 if (timeout && !hdev_is_powered(hdev)) {
8027 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8028 MGMT_STATUS_REJECTED);
8029 goto unlock;
8030 }
8031
12410572 8032 if (adv_busy(hdev)) {
24b4f38f
AU		 8033 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8034 MGMT_STATUS_BUSY);
8035 goto unlock;
8036 }
8037
f61851f6
MN		 8038 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
8039 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 8040 cp->scan_rsp_len, false)) {
24b4f38f
AU		 8041 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8042 MGMT_STATUS_INVALID_PARAMS);
8043 goto unlock;
8044 }
8045
fffd38bc
FG		 8046 err = hci_add_adv_instance(hdev, cp->instance, flags,
8047 cp->adv_data_len, cp->data,
8048 cp->scan_rsp_len,
8049 cp->data + cp->adv_data_len,
9bf9f4b6
DW		 8050 timeout, duration,
8051 HCI_ADV_TX_POWER_NO_PREFERENCE,
8052 hdev->le_adv_min_interval,
8053 hdev->le_adv_max_interval);
fffd38bc
FG		 8054 if (err < 0) {
8055 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8056 MGMT_STATUS_FAILED);
8057 goto unlock;
8058 }
24b4f38f 8059
fffd38bc
FG		 8060 /* Only trigger an advertising added event if a new instance was
8061 * actually added.
8062 */
8063 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 8064 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 8065
fffd38bc
FG		 8066 if (hdev->cur_adv_instance == cp->instance) {
8067 /* If the currently advertised instance is being changed then
8068 * cancel the current advertising and schedule the next
8069 * instance. If there is only one instance then the overridden
8070 * advertising data will be visible right away.
8071 */
8072 cancel_adv_timeout(hdev);
912098a6 8073
fffd38bc
FG		 8074 next_instance = hci_get_next_instance(hdev, cp->instance);
8075 if (next_instance)
8076 schedule_instance = next_instance->instance;
8077 } else if (!hdev->adv_instance_timeout) {
8078 /* Immediately advertise the new instance if no other
8079 * instance is currently being advertised.
8080 */
8081 schedule_instance = cp->instance;
8082 }
24b4f38f 8083
fffd38bc
FG		 8084 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
8085 * there is no instance to be advertised then we have no HCI
8086 * communication to make. Simply return.
24b4f38f
AU		 8087 */
8088 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 8089 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8090 !schedule_instance) {
8091 rp.instance = cp->instance;
24b4f38f
AU		 8092 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8093 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8094 goto unlock;
8095 }
8096
8097 /* We're good to go, update advertising data, parameters, and start
8098 * advertising.
8099 */
cba6b758 8100 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
24b4f38f
AU		 8101 data_len);
8102 if (!cmd) {
8103 err = -ENOMEM;
8104 goto unlock;
8105 }
8106
cba6b758 8107 cp->instance = schedule_instance;
24b4f38f 8108
cba6b758
LAD		 8109 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
8110 add_advertising_complete);
8111 if (err < 0)
8112 mgmt_pending_free(cmd);
24b4f38f
AU		 8113
8114unlock:
8115 hci_dev_unlock(hdev);
8116
8117 return err;
8118}
8119
cba6b758
LAD		 8120static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
8121 int err)
12410572 8122{
cba6b758
LAD		 8123 struct mgmt_pending_cmd *cmd = data;
8124 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
12410572 8125 struct mgmt_rp_add_ext_adv_params rp;
cba6b758 8126 struct adv_info *adv;
12410572
DW		 8127 u32 flags;
8128
8129 BT_DBG("%s", hdev->name);
8130
8131 hci_dev_lock(hdev);
8132
cba6b758
LAD		 8133 adv = hci_find_adv_instance(hdev, cp->instance);
8134 if (!adv)
12410572
DW		 8135 goto unlock;
8136
8137 rp.instance = cp->instance;
cba6b758 8138 rp.tx_power = adv->tx_power;
12410572
DW		 8139
8140 /* While we're at it, inform userspace of the available space for this
8141 * advertisement, given the flags that will be used.
8142 */
8143 flags = __le32_to_cpu(cp->flags);
8144 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8145 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8146
cba6b758 8147 if (err) {
12410572
DW		 8148 /* If this advertisement was previously advertising and we
8149 * failed to update it, we signal that it has been removed and
8150 * delete its structure
8151 */
cba6b758 8152 if (!adv->pending)
12410572
DW		 8153 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
8154
8155 hci_remove_adv_instance(hdev, cp->instance);
8156
8157 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8158 mgmt_status(err));
12410572
DW		 8159 } else {
8160 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8161 mgmt_status(err), &rp, sizeof(rp));
12410572
DW		 8162 }
8163
8164unlock:
8165 if (cmd)
cba6b758 8166 mgmt_pending_free(cmd);
12410572
DW		 8167
8168 hci_dev_unlock(hdev);
8169}
8170
cba6b758
LAD		 8171static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
8172{
8173 struct mgmt_pending_cmd *cmd = data;
8174 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
8175
8176 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
8177}
8178
12410572
DW		 8179static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
8180 void *data, u16 data_len)
8181{
8182 struct mgmt_cp_add_ext_adv_params *cp = data;
8183 struct mgmt_rp_add_ext_adv_params rp;
8184 struct mgmt_pending_cmd *cmd = NULL;
12410572
DW		 8185 u32 flags, min_interval, max_interval;
8186 u16 timeout, duration;
8187 u8 status;
8188 s8 tx_power;
8189 int err;
8190
8191 BT_DBG("%s", hdev->name);
8192
8193 status = mgmt_le_support(hdev);
8194 if (status)
8195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8196 status);
8197
8198 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8199 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8200 MGMT_STATUS_INVALID_PARAMS);
8201
8202 /* The purpose of breaking add_advertising into two separate MGMT calls
8203 * for params and data is to allow more parameters to be added to this
8204 * structure in the future. For this reason, we verify that we have the
8205 * bare minimum structure we know of when the interface was defined. Any
8206 * extra parameters we don't know about will be ignored in this request.
8207 */
8208 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
8209 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8210 MGMT_STATUS_INVALID_PARAMS);
8211
8212 flags = __le32_to_cpu(cp->flags);
8213
8214 if (!requested_adv_flags_are_valid(hdev, flags))
8215 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8216 MGMT_STATUS_INVALID_PARAMS);
8217
8218 hci_dev_lock(hdev);
8219
8220 /* In new interface, we require that we are powered to register */
8221 if (!hdev_is_powered(hdev)) {
8222 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8223 MGMT_STATUS_REJECTED);
8224 goto unlock;
8225 }
8226
8227 if (adv_busy(hdev)) {
8228 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8229 MGMT_STATUS_BUSY);
8230 goto unlock;
8231 }
8232
8233 /* Parse defined parameters from request, use defaults otherwise */
8234 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
8235 __le16_to_cpu(cp->timeout) : 0;
8236
8237 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
8238 __le16_to_cpu(cp->duration) :
8239 hdev->def_multi_adv_rotation_duration;
8240
8241 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8242 __le32_to_cpu(cp->min_interval) :
8243 hdev->le_adv_min_interval;
8244
8245 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8246 __le32_to_cpu(cp->max_interval) :
8247 hdev->le_adv_max_interval;
8248
8249 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
8250 cp->tx_power :
8251 HCI_ADV_TX_POWER_NO_PREFERENCE;
8252
8253 /* Create advertising instance with no advertising or response data */
8254 err = hci_add_adv_instance(hdev, cp->instance, flags,
9bf9f4b6
DW		 8255 0, NULL, 0, NULL, timeout, duration,
8256 tx_power, min_interval, max_interval);
12410572
DW		 8257
8258 if (err < 0) {
8259 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8260 MGMT_STATUS_FAILED);
8261 goto unlock;
8262 }
8263
12410572
DW		 8264 /* Submit request for advertising params if ext adv available */
8265 if (ext_adv_capable(hdev)) {
cba6b758
LAD		 8266 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
8267 data, data_len);
12410572
DW		 8268 if (!cmd) {
8269 err = -ENOMEM;
8270 hci_remove_adv_instance(hdev, cp->instance);
8271 goto unlock;
8272 }
8273
cba6b758
LAD		 8274 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
8275 add_ext_adv_params_complete);
8276 if (err < 0)
8277 mgmt_pending_free(cmd);
12410572
DW		 8278 } else {
8279 rp.instance = cp->instance;
8280 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8281 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8282 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8283 err = mgmt_cmd_complete(sk, hdev->id,
8284 MGMT_OP_ADD_EXT_ADV_PARAMS,
8285 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8286 }
8287
8288unlock:
8289 hci_dev_unlock(hdev);
8290
8291 return err;
8292}
8293
cba6b758
LAD		 8294static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
8295{
8296 struct mgmt_pending_cmd *cmd = data;
8297 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8298 struct mgmt_rp_add_advertising rp;
8299
8300 add_adv_complete(hdev, cmd->sk, cp->instance, err);
8301
8302 memset(&rp, 0, sizeof(rp));
8303
8304 rp.instance = cp->instance;
8305
8306 if (err)
8307 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8308 mgmt_status(err));
8309 else
8310 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8311 mgmt_status(err), &rp, sizeof(rp));
8312
8313 mgmt_pending_free(cmd);
8314}
8315
8316static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
8317{
8318 struct mgmt_pending_cmd *cmd = data;
8319 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8320 int err;
8321
8322 if (ext_adv_capable(hdev)) {
8323 err = hci_update_adv_data_sync(hdev, cp->instance);
8324 if (err)
8325 return err;
8326
8327 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
8328 if (err)
8329 return err;
8330
8331 return hci_enable_ext_advertising_sync(hdev, cp->instance);
8332 }
8333
8334 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
8335}
8336
12410572
DW		 8337static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
8338 u16 data_len)
8339{
8340 struct mgmt_cp_add_ext_adv_data *cp = data;
8341 struct mgmt_rp_add_ext_adv_data rp;
8342 u8 schedule_instance = 0;
8343 struct adv_info *next_instance;
8344 struct adv_info *adv_instance;
8345 int err = 0;
8346 struct mgmt_pending_cmd *cmd;
12410572
DW		 8347
8348 BT_DBG("%s", hdev->name);
8349
8350 hci_dev_lock(hdev);
8351
8352 adv_instance = hci_find_adv_instance(hdev, cp->instance);
8353
8354 if (!adv_instance) {
8355 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8356 MGMT_STATUS_INVALID_PARAMS);
8357 goto unlock;
8358 }
8359
8360 /* In new interface, we require that we are powered to register */
8361 if (!hdev_is_powered(hdev)) {
8362 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8363 MGMT_STATUS_REJECTED);
8364 goto clear_new_instance;
8365 }
8366
8367 if (adv_busy(hdev)) {
8368 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8369 MGMT_STATUS_BUSY);
8370 goto clear_new_instance;
8371 }
8372
8373 /* Validate new data */
8374 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
8375 cp->adv_data_len, true) ||
8376 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
8377 cp->adv_data_len, cp->scan_rsp_len, false)) {
8378 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8379 MGMT_STATUS_INVALID_PARAMS);
8380 goto clear_new_instance;
8381 }
8382
8383 /* Set the data in the advertising instance */
8384 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
8385 cp->data, cp->scan_rsp_len,
8386 cp->data + cp->adv_data_len);
8387
cba6b758
LAD		 8388 /* If using software rotation, determine next instance to use */
8389 if (hdev->cur_adv_instance == cp->instance) {
8390 /* If the currently advertised instance is being changed
8391 * then cancel the current advertising and schedule the
8392 * next instance. If there is only one instance then the
8393 * overridden advertising data will be visible right
8394 * away
8395 */
8396 cancel_adv_timeout(hdev);
12410572 8397
cba6b758
LAD		 8398 next_instance = hci_get_next_instance(hdev, cp->instance);
8399 if (next_instance)
8400 schedule_instance = next_instance->instance;
8401 } else if (!hdev->adv_instance_timeout) {
8402 /* Immediately advertise the new instance if no other
8403 * instance is currently being advertised.
12410572 8404 */
cba6b758
LAD		 8405 schedule_instance = cp->instance;
8406 }
12410572 8407
cba6b758
LAD		 8408 /* If the HCI_ADVERTISING flag is set or there is no instance to
8409 * be advertised then we have no HCI communication to make.
8410 * Simply return.
8411 */
8412 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
8413 if (adv_instance->pending) {
8414 mgmt_advertising_added(sk, hdev, cp->instance);
8415 adv_instance->pending = false;
8416 }
8417 rp.instance = cp->instance;
8418 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8419 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8420 goto unlock;
12410572
DW		 8421 }
8422
cba6b758 8423 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
12410572
DW		 8424 data_len);
8425 if (!cmd) {
8426 err = -ENOMEM;
8427 goto clear_new_instance;
8428 }
8429
cba6b758
LAD		 8430 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
8431 add_ext_adv_data_complete);
12410572 8432 if (err < 0) {
cba6b758 8433 mgmt_pending_free(cmd);
12410572
DW		 8434 goto clear_new_instance;
8435 }
8436
8437 /* We were successful in updating data, so trigger advertising_added
8438 * event if this is an instance that wasn't previously advertising. If
8439 * a failure occurs in the requests we initiated, we will remove the
8440 * instance again in add_advertising_complete
8441 */
8442 if (adv_instance->pending)
8443 mgmt_advertising_added(sk, hdev, cp->instance);
8444
8445 goto unlock;
8446
8447clear_new_instance:
8448 hci_remove_adv_instance(hdev, cp->instance);
8449
8450unlock:
8451 hci_dev_unlock(hdev);
8452
8453 return err;
8454}
8455
cba6b758
LAD		 8456static void remove_advertising_complete(struct hci_dev *hdev, void *data,
8457 int err)
da929335 8458{
cba6b758
LAD		 8459 struct mgmt_pending_cmd *cmd = data;
8460 struct mgmt_cp_remove_advertising *cp = cmd->param;
da929335
AU		 8461 struct mgmt_rp_remove_advertising rp;
8462
cba6b758 8463 bt_dev_dbg(hdev, "err %d", err);
da929335 8464
cba6b758
LAD		 8465 memset(&rp, 0, sizeof(rp));
8466 rp.instance = cp->instance;
da929335 8467
cba6b758
LAD		 8468 if (err)
8469 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8470 mgmt_status(err));
8471 else
8472 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8473 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
da929335 8474
cba6b758
LAD		 8475 mgmt_pending_free(cmd);
8476}
da929335 8477
cba6b758
LAD		 8478static int remove_advertising_sync(struct hci_dev *hdev, void *data)
8479{
8480 struct mgmt_pending_cmd *cmd = data;
8481 struct mgmt_cp_remove_advertising *cp = cmd->param;
8482 int err;
da929335 8483
cba6b758
LAD		 8484 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
8485 if (err)
8486 return err;
8487
8488 if (list_empty(&hdev->adv_instances))
8489 err = hci_disable_advertising_sync(hdev);
8490
8491 return err;
da929335
AU		 8492}
8493
8494static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
8495 void *data, u16 data_len)
8496{
8497 struct mgmt_cp_remove_advertising *cp = data;
da929335 8498 struct mgmt_pending_cmd *cmd;
952497b1 8499 int err;
da929335 8500
181d6953 8501 bt_dev_dbg(hdev, "sock %p", sk);
da929335 8502
da929335
AU		 8503 hci_dev_lock(hdev);
8504
952497b1 8505 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 8506 err = mgmt_cmd_status(sk, hdev->id,
8507 MGMT_OP_REMOVE_ADVERTISING,
8508 MGMT_STATUS_INVALID_PARAMS);
8509 goto unlock;
8510 }
8511
da929335
AU		 8512 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
8513 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
8514 pending_find(MGMT_OP_SET_LE, hdev)) {
8515 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8516 MGMT_STATUS_BUSY);
8517 goto unlock;
8518 }
8519
17fd08ff 8520 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 8521 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8522 MGMT_STATUS_INVALID_PARAMS);
8523 goto unlock;
8524 }
8525
cba6b758 8526 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
da929335
AU		 8527 data_len);
8528 if (!cmd) {
8529 err = -ENOMEM;
8530 goto unlock;
8531 }
8532
cba6b758
LAD		 8533 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
8534 remove_advertising_complete);
da929335 8535 if (err < 0)
cba6b758 8536 mgmt_pending_free(cmd);
da929335
AU		 8537
8538unlock:
8539 hci_dev_unlock(hdev);
8540
8541 return err;
8542}
8543
40b25fe5
MH		 8544static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
8545 void *data, u16 data_len)
8546{
8547 struct mgmt_cp_get_adv_size_info *cp = data;
8548 struct mgmt_rp_get_adv_size_info rp;
8549 u32 flags, supported_flags;
8550 int err;
8551
181d6953 8552 bt_dev_dbg(hdev, "sock %p", sk);
40b25fe5
MH		 8553
8554 if (!lmp_le_capable(hdev))
8555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8556 MGMT_STATUS_REJECTED);
8557
87597482 8558 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
40b25fe5
MH		 8559 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8560 MGMT_STATUS_INVALID_PARAMS);
8561
8562 flags = __le32_to_cpu(cp->flags);
8563
8564 /* The current implementation only supports a subset of the specified
8565 * flags.
8566 */
8567 supported_flags = get_supported_adv_flags(hdev);
8568 if (flags & ~supported_flags)
8569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8570 MGMT_STATUS_INVALID_PARAMS);
8571
8572 rp.instance = cp->instance;
8573 rp.flags = cp->flags;
f61851f6
MN		 8574 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8575 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
40b25fe5
MH		 8576
8577 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8578 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8579
8580 return err;
8581}
8582
6d785aa3 8583static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 8584 { NULL }, /* 0x0000 (no command) */
b9a245fb 8585 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 8586 HCI_MGMT_NO_HDEV |
8587 HCI_MGMT_UNTRUSTED },
b9a245fb 8588 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 8589 HCI_MGMT_NO_HDEV |
8590 HCI_MGMT_UNTRUSTED },
b9a245fb 8591 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 8592 HCI_MGMT_NO_HDEV |
8593 HCI_MGMT_UNTRUSTED },
8594 { read_controller_info, MGMT_READ_INFO_SIZE,
8595 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 8596 { set_powered, MGMT_SETTING_SIZE },
8597 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
8598 { set_connectable, MGMT_SETTING_SIZE },
8599 { set_fast_connectable, MGMT_SETTING_SIZE },
8600 { set_bondable, MGMT_SETTING_SIZE },
8601 { set_link_security, MGMT_SETTING_SIZE },
8602 { set_ssp, MGMT_SETTING_SIZE },
8603 { set_hs, MGMT_SETTING_SIZE },
8604 { set_le, MGMT_SETTING_SIZE },
8605 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
8606 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
8607 { add_uuid, MGMT_ADD_UUID_SIZE },
8608 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 8609 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
8610 HCI_MGMT_VAR_LEN },
8611 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
8612 HCI_MGMT_VAR_LEN },
7aea8616
MH		 8613 { disconnect, MGMT_DISCONNECT_SIZE },
8614 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
8615 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
8616 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
8617 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
8618 { pair_device, MGMT_PAIR_DEVICE_SIZE },
8619 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
8620 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
8621 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
8622 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8623 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
8624 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 8625 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
8626 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
8627 HCI_MGMT_VAR_LEN },
7aea8616
MH		 8628 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8629 { start_discovery, MGMT_START_DISCOVERY_SIZE },
8630 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
8631 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
8632 { block_device, MGMT_BLOCK_DEVICE_SIZE },
8633 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
8634 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
8635 { set_advertising, MGMT_SETTING_SIZE },
8636 { set_bredr, MGMT_SETTING_SIZE },
8637 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
8638 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
8639 { set_secure_conn, MGMT_SETTING_SIZE },
8640 { set_debug_keys, MGMT_SETTING_SIZE },
8641 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 8642 { load_irks, MGMT_LOAD_IRKS_SIZE,
8643 HCI_MGMT_VAR_LEN },
7aea8616
MH		 8644 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
8645 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
8646 { add_device, MGMT_ADD_DEVICE_SIZE },
8647 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 8648 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
8649 HCI_MGMT_VAR_LEN },
8650 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 8651 HCI_MGMT_NO_HDEV |
8652 HCI_MGMT_UNTRUSTED },
b9a245fb 8653 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 8654 HCI_MGMT_UNCONFIGURED |
8655 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 8656 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
8657 HCI_MGMT_UNCONFIGURED },
8658 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
8659 HCI_MGMT_UNCONFIGURED },
8660 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
8661 HCI_MGMT_VAR_LEN },
4f0f155c 8662 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 8663 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 8664 HCI_MGMT_NO_HDEV |
8665 HCI_MGMT_UNTRUSTED },
d3d5305b 8666 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 8667 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
8668 HCI_MGMT_VAR_LEN },
da929335 8669 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 8670 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 8671 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 8672 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
8673 HCI_MGMT_UNTRUSTED },
c4960ecf 8674 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6244691f 8675 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
0314f286 8676 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
600a8749
AM		 8677 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
8678 HCI_MGMT_VAR_LEN },
00bce3fb 8679 { set_wideband_speech, MGMT_SETTING_SIZE },
4d9b9528 8680 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
bc292258 8681 HCI_MGMT_UNTRUSTED },
a10c907c
MH		 8682 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
8683 HCI_MGMT_UNTRUSTED |
8684 HCI_MGMT_HDEV_OPTIONAL },
8685 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
8686 HCI_MGMT_VAR_LEN |
8687 HCI_MGMT_HDEV_OPTIONAL },
17896406
AM		 8688 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
8689 HCI_MGMT_UNTRUSTED },
8690 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
8691 HCI_MGMT_VAR_LEN },
aececa64
MH		 8692 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
8693 HCI_MGMT_UNTRUSTED },
8694 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
8695 HCI_MGMT_VAR_LEN },
4c54bf2b
APS		 8696 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
8697 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
e5e1e7fd 8698 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
b139553d
MC		 8699 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
8700 HCI_MGMT_VAR_LEN },
bd2fbc6c 8701 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
12410572
DW		 8702 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
8703 HCI_MGMT_VAR_LEN },
8704 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
8705 HCI_MGMT_VAR_LEN },
b4a221ea
AP		 8706 { add_adv_patterns_monitor_rssi,
8707 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
8708 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 8709};
8710
bf6b56db 8711void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 8712{
ced85549 8713 struct mgmt_ev_ext_index ev;
bb4b2a9a 8714
0602a8ad
MH		 8715 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8716 return;
8717
f9207338 8718 switch (hdev->dev_type) {
ca8bee5d 8719 case HCI_PRIMARY:
f9207338
MH		 8720 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8721 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
8722 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 8723 ev.type = 0x01;
f9207338
MH		 8724 } else {
8725 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
8726 HCI_MGMT_INDEX_EVENTS);
ced85549 8727 ev.type = 0x00;
f9207338
MH		 8728 }
8729 break;
ced85549
MH		 8730 case HCI_AMP:
8731 ev.type = 0x02;
8732 break;
8733 default:
8734 return;
f9207338 8735 }
ced85549
MH		 8736
8737 ev.bus = hdev->bus;
8738
8739 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
8740 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 8741}
8742
bf6b56db 8743void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 8744{
ced85549 8745 struct mgmt_ev_ext_index ev;
5f159032 8746 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 8747
0602a8ad
MH		 8748 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8749 return;
8750
f9207338 8751 switch (hdev->dev_type) {
ca8bee5d 8752 case HCI_PRIMARY:
f9207338 8753 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 8754
f9207338
MH		 8755 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8756 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
8757 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 8758 ev.type = 0x01;
f9207338
MH		 8759 } else {
8760 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
8761 HCI_MGMT_INDEX_EVENTS);
ced85549 8762 ev.type = 0x00;
f9207338
MH		 8763 }
8764 break;
ced85549
MH		 8765 case HCI_AMP:
8766 ev.type = 0x02;
8767 break;
8768 default:
8769 return;
f9207338 8770 }
ced85549
MH		 8771
8772 ev.bus = hdev->bus;
8773
8774 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
8775 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 8776}
8777
2ff13894 8778void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 8779{
8780 struct cmd_lookup match = { NULL, hdev };
8781
181d6953 8782 bt_dev_dbg(hdev, "err %d", err);
229ab39c 8783
2ff13894
JH		 8784 hci_dev_lock(hdev);
8785
8786 if (!err) {
af02dd44 8787 restart_le_actions(hdev);
ad383c2c 8788 hci_update_passive_scan(hdev);
162a3bac
MH		 8789 }
8790
229ab39c
JH		 8791 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8792
8793 new_settings(hdev, match.sk);
8794
229ab39c
JH		 8795 if (match.sk)
8796 sock_put(match.sk);
229ab39c 8797
2ff13894 8798 hci_dev_unlock(hdev);
70da6243 8799}
562fcc24 8800
2ff13894 8801void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 8802{
8803 struct cmd_lookup match = { NULL, hdev };
9845904f 8804 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 8805
229ab39c 8806 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 8807
8808 /* If the power off is because of hdev unregistration let
8809 * use the appropriate INVALID_INDEX status. Otherwise use
8810 * NOT_POWERED. We cover both scenarios here since later in
8811 * mgmt_index_removed() any hci_conn callbacks will have already
8812 * been triggered, potentially causing misleading DISCONNECTED
8813 * status responses.
8814 */
d7a5a11d 8815 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 8816 status = MGMT_STATUS_INVALID_INDEX;
8817 else
8818 status = MGMT_STATUS_NOT_POWERED;
8819
8820 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 8821
321c6fee 8822 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 8823 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8824 zero_cod, sizeof(zero_cod),
8825 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 8826 ext_info_changed(hdev, NULL);
8827 }
229ab39c 8828
2ff13894 8829 new_settings(hdev, match.sk);
eec8d2bc
JH		 8830
8831 if (match.sk)
8832 sock_put(match.sk);
5add6af8 8833}
73f22f62 8834
3eec705e 8835void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 8836{
3b0602cd 8837 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 8838 u8 status;
8839
333ae95d 8840 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 8841 if (!cmd)
3eec705e 8842 return;
96570ffc
JH		 8843
8844 if (err == -ERFKILL)
8845 status = MGMT_STATUS_RFKILLED;
8846 else
8847 status = MGMT_STATUS_FAILED;
8848
a69e8375 8849 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 8850
8851 mgmt_pending_remove(cmd);
96570ffc
JH		 8852}
8853
dc4a5ee2
MH		 8854void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8855 bool persistent)
55ed8ca1 8856{
86742e1e 8857 struct mgmt_ev_new_link_key ev;
55ed8ca1 8858
a492cd52 8859 memset(&ev, 0, sizeof(ev));
55ed8ca1 8860
a492cd52 8861 ev.store_hint = persistent;
d753fdc4 8862 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 8863 ev.key.addr.type = BDADDR_BREDR;
a492cd52 8864 ev.key.type = key->type;
9b3b4460 8865 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 8866 ev.key.pin_len = key->pin_len;
55ed8ca1 8867
dc4a5ee2 8868 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 8869}
f7520543 8870
d7b25450
JH		 8871static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8872{
23fb8de3
JH		 8873 switch (ltk->type) {
8874 case SMP_LTK:
fad646e1 8875 case SMP_LTK_RESPONDER:
23fb8de3
JH		 8876 if (ltk->authenticated)
8877 return MGMT_LTK_AUTHENTICATED;
8878 return MGMT_LTK_UNAUTHENTICATED;
8879 case SMP_LTK_P256:
8880 if (ltk->authenticated)
8881 return MGMT_LTK_P256_AUTH;
8882 return MGMT_LTK_P256_UNAUTH;
8883 case SMP_LTK_P256_DEBUG:
8884 return MGMT_LTK_P256_DEBUG;
8885 }
d7b25450
JH		 8886
8887 return MGMT_LTK_UNAUTHENTICATED;
8888}
8889
53ac6ab6 8890void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 8891{
8892 struct mgmt_ev_new_long_term_key ev;
8893
8894 memset(&ev, 0, sizeof(ev));
8895
5192d301 8896 /* Devices using resolvable or non-resolvable random addresses
f72186d2 8897 * without providing an identity resolving key don't require
5192d301
MH		 8898 * to store long term keys. Their addresses will change the
8899 * next time around.
8900 *
8901 * Only when a remote device provides an identity address
8902 * make sure the long term key is stored. If the remote
8903 * identity is known, the long term keys are internally
8904 * mapped to the identity address. So allow static random
8905 * and public addresses here.
8906 */
ba74b666
JH		 8907 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8908 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8909 ev.store_hint = 0x00;
8910 else
53ac6ab6 8911 ev.store_hint = persistent;
ba74b666 8912
346af67b 8913 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 8914 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 8915 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 8916 ev.key.enc_size = key->enc_size;
8917 ev.key.ediv = key->ediv;
fe39c7b2 8918 ev.key.rand = key->rand;
346af67b 8919
2ceba539 8920 if (key->type == SMP_LTK)
fad646e1 8921 ev.key.initiator = 1;
346af67b 8922
1fc62c52
JH		 8923 /* Make sure we copy only the significant bytes based on the
8924 * encryption key size, and set the rest of the value to zeroes.
8925 */
cb92205b 8926 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 8927 memset(ev.key.val + key->enc_size, 0,
8928 sizeof(ev.key.val) - key->enc_size);
346af67b 8929
083368f7 8930 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 8931}
8932
cad20c27 8933void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 8934{
8935 struct mgmt_ev_new_irk ev;
8936
8937 memset(&ev, 0, sizeof(ev));
8938
cad20c27 8939 ev.store_hint = persistent;
bab6d1e5 8940
95fbac8a
JH		 8941 bacpy(&ev.rpa, &irk->rpa);
8942 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8943 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8944 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8945
8946 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8947}
8948
53ac6ab6
MH		 8949void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8950 bool persistent)
7ee4ea36
MH		 8951{
8952 struct mgmt_ev_new_csrk ev;
8953
8954 memset(&ev, 0, sizeof(ev));
8955
8956 /* Devices using resolvable or non-resolvable random addresses
f72186d2 8957 * without providing an identity resolving key don't require
7ee4ea36
MH		 8958 * to store signature resolving keys. Their addresses will change
8959 * the next time around.
8960 *
8961 * Only when a remote device provides an identity address
8962 * make sure the signature resolving key is stored. So allow
8963 * static random and public addresses here.
8964 */
8965 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8966 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8967 ev.store_hint = 0x00;
8968 else
53ac6ab6 8969 ev.store_hint = persistent;
7ee4ea36
MH		 8970
8971 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8972 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 8973 ev.key.type = csrk->type;
7ee4ea36
MH		 8974 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8975
8976 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8977}
8978
ffb5a827 8979void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 8980 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8981 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 8982{
8983 struct mgmt_ev_new_conn_param ev;
8984
c103aea6
JH		 8985 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8986 return;
8987
ffb5a827
AG		 8988 memset(&ev, 0, sizeof(ev));
8989 bacpy(&ev.addr.bdaddr, bdaddr);
8990 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 8991 ev.store_hint = store_hint;
ffb5a827
AG		 8992 ev.min_interval = cpu_to_le16(min_interval);
8993 ev.max_interval = cpu_to_le16(max_interval);
8994 ev.latency = cpu_to_le16(latency);
8995 ev.timeout = cpu_to_le16(timeout);
8996
8997 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8998}
8999
48ec92fa 9000void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
1c6ed31b 9001 u8 *name, u8 name_len)
f7520543 9002{
b644ba33
JH		 9003 char buf[512];
9004 struct mgmt_ev_device_connected *ev = (void *) buf;
9005 u16 eir_len = 0;
1c6ed31b 9006 u32 flags = 0;
f7520543 9007
48ec92fa
AA		 9008 bacpy(&ev->addr.bdaddr, &conn->dst);
9009 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 9010
1c6ed31b
YL		 9011 if (conn->out)
9012 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
9013
c95f0ba7 9014 ev->flags = __cpu_to_le32(flags);
08c79b61 9015
fd45ada9
AA		 9016 /* We must ensure that the EIR Data fields are ordered and
9017 * unique. Keep it simple for now and avoid the problem by not
9018 * adding any BR/EDR data to the LE adv.
9019 */
9020 if (conn->le_adv_data_len > 0) {
9021 memcpy(&ev->eir[eir_len],
9022 conn->le_adv_data, conn->le_adv_data_len);
9023 eir_len = conn->le_adv_data_len;
9024 } else {
9025 if (name_len > 0)
9026 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
9027 name, name_len);
b644ba33 9028
ddbea5cf 9029 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 9030 eir_len = eir_append_data(ev->eir, eir_len,
9031 EIR_CLASS_OF_DEV,
9032 conn->dev_class, 3);
9033 }
b644ba33 9034
eb55ef07 9035 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 9036
ecd90ae7
MH		 9037 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
9038 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 9039}
9040
3b0602cd 9041static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 9042{
8962ee74 9043 struct sock **sk = data;
8962ee74 9044
f5818c22 9045 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 9046
9047 *sk = cmd->sk;
9048 sock_hold(*sk);
9049
a664b5bc 9050 mgmt_pending_remove(cmd);
8962ee74
JH		 9051}
9052
3b0602cd 9053static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 9054{
b1078ad0 9055 struct hci_dev *hdev = data;
124f6e35 9056 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 9057
b1078ad0
JH		 9058 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
9059
d8b7b1e4 9060 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 9061 mgmt_pending_remove(cmd);
9062}
9063
84c61d92
JH		 9064bool mgmt_powering_down(struct hci_dev *hdev)
9065{
3b0602cd 9066 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 9067 struct mgmt_mode *cp;
9068
333ae95d 9069 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 9070 if (!cmd)
9071 return false;
9072
9073 cp = cmd->param;
9074 if (!cp->val)
9075 return true;
9076
9077 return false;
9078}
9079
9b80ec5e 9080void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 9081 u8 link_type, u8 addr_type, u8 reason,
9082 bool mgmt_connected)
f7520543 9083{
f0d6a0ea 9084 struct mgmt_ev_device_disconnected ev;
8962ee74 9085 struct sock *sk = NULL;
8962ee74 9086
84c61d92
JH		 9087 /* The connection is still in hci_conn_hash so test for 1
9088 * instead of 0 to know if this is the last one.
9089 */
9090 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9091 cancel_delayed_work(&hdev->power_off);
9092 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 9093 }
9094
12d4a3b2
JH		 9095 if (!mgmt_connected)
9096 return;
9097
57eb776f
AG		 9098 if (link_type != ACL_LINK && link_type != LE_LINK)
9099 return;
9100
744cf19e 9101 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 9102
f0d6a0ea
MA		 9103 bacpy(&ev.addr.bdaddr, bdaddr);
9104 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9105 ev.reason = reason;
f7520543 9106
f0cfc486
APS		 9107 /* Report disconnects due to suspend */
9108 if (hdev->suspended)
9109 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
9110
9b80ec5e 9111 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 9112
9113 if (sk)
d97dcb66 9114 sock_put(sk);
8962ee74 9115
124f6e35 9116 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 9117 hdev);
8962ee74
JH		 9118}
9119
7892924c
MH		 9120void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
9121 u8 link_type, u8 addr_type, u8 status)
8962ee74 9122{
3655bba8
AG		 9123 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
9124 struct mgmt_cp_disconnect *cp;
3b0602cd 9125 struct mgmt_pending_cmd *cmd;
8962ee74 9126
36a75f1b
JD		 9127 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
9128 hdev);
9129
333ae95d 9130 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 9131 if (!cmd)
7892924c 9132 return;
8962ee74 9133
3655bba8
AG		 9134 cp = cmd->param;
9135
9136 if (bacmp(bdaddr, &cp->addr.bdaddr))
9137 return;
9138
9139 if (cp->addr.type != bdaddr_type)
9140 return;
9141
f5818c22 9142 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9143 mgmt_pending_remove(cmd);
f7520543 9144}
17d5c04c 9145
445608d0
MH		 9146void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9147 u8 addr_type, u8 status)
17d5c04c
JH		 9148{
9149 struct mgmt_ev_connect_failed ev;
c9910d0f 9150
84c61d92
JH		 9151 /* The connection is still in hci_conn_hash so test for 1
9152 * instead of 0 to know if this is the last one.
9153 */
9154 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9155 cancel_delayed_work(&hdev->power_off);
9156 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 9157 }
17d5c04c 9158
4c659c39 9159 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9160 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 9161 ev.status = mgmt_status(status);
17d5c04c 9162
445608d0 9163 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 9164}
980e1a53 9165
ce0e4a0d 9166void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 9167{
9168 struct mgmt_ev_pin_code_request ev;
9169
d8457698 9170 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 9171 ev.addr.type = BDADDR_BREDR;
a770bb5a 9172 ev.secure = secure;
980e1a53 9173
ce0e4a0d 9174 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 9175}
9176
e669cf80
MH		 9177void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9178 u8 status)
980e1a53 9179{
3b0602cd 9180 struct mgmt_pending_cmd *cmd;
980e1a53 9181
333ae95d 9182 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 9183 if (!cmd)
e669cf80 9184 return;
980e1a53 9185
7776d1d8 9186 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9187 mgmt_pending_remove(cmd);
980e1a53
JH		 9188}
9189
3eb38528
MH		 9190void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9191 u8 status)
980e1a53 9192{
3b0602cd 9193 struct mgmt_pending_cmd *cmd;
980e1a53 9194
333ae95d 9195 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 9196 if (!cmd)
3eb38528 9197 return;
980e1a53 9198
7776d1d8 9199 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9200 mgmt_pending_remove(cmd);
980e1a53 9201}
a5c29683 9202
744cf19e 9203int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 9204 u8 link_type, u8 addr_type, u32 value,
04124681 9205 u8 confirm_hint)
a5c29683
JH		 9206{
9207 struct mgmt_ev_user_confirm_request ev;
9208
181d6953 9209 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
a5c29683 9210
272d90df 9211 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9212 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 9213 ev.confirm_hint = confirm_hint;
39adbffe 9214 ev.value = cpu_to_le32(value);
a5c29683 9215
744cf19e 9216 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 9217 NULL);
a5c29683
JH		 9218}
9219
272d90df 9220int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 9221 u8 link_type, u8 addr_type)
604086b7
BG		 9222{
9223 struct mgmt_ev_user_passkey_request ev;
9224
181d6953 9225 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
604086b7 9226
272d90df 9227 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9228 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 9229
9230 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 9231 NULL);
604086b7
BG		 9232}
9233
0df4c185 9234static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 9235 u8 link_type, u8 addr_type, u8 status,
9236 u8 opcode)
a5c29683 9237{
3b0602cd 9238 struct mgmt_pending_cmd *cmd;
a5c29683 9239
333ae95d 9240 cmd = pending_find(opcode, hdev);
a5c29683
JH		 9241 if (!cmd)
9242 return -ENOENT;
9243
7776d1d8 9244 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9245 mgmt_pending_remove(cmd);
a5c29683 9246
7776d1d8 9247 return 0;
a5c29683
JH		 9248}
9249
744cf19e 9250int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9251 u8 link_type, u8 addr_type, u8 status)
a5c29683 9252{
272d90df 9253 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 9254 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 9255}
9256
272d90df 9257int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9258 u8 link_type, u8 addr_type, u8 status)
a5c29683 9259{
272d90df 9260 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 9261 status,
9262 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 9263}
2a611692 9264
604086b7 9265int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9266 u8 link_type, u8 addr_type, u8 status)
604086b7 9267{
272d90df 9268 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 9269 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 9270}
9271
272d90df 9272int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9273 u8 link_type, u8 addr_type, u8 status)
604086b7 9274{
272d90df 9275 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 9276 status,
9277 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 9278}
9279
92a25256
JH		 9280int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9281 u8 link_type, u8 addr_type, u32 passkey,
9282 u8 entered)
9283{
9284 struct mgmt_ev_passkey_notify ev;
9285
181d6953 9286 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
92a25256
JH		 9287
9288 bacpy(&ev.addr.bdaddr, bdaddr);
9289 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9290 ev.passkey = __cpu_to_le32(passkey);
9291 ev.entered = entered;
9292
9293 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9294}
9295
e1e930f5 9296void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 9297{
9298 struct mgmt_ev_auth_failed ev;
3b0602cd 9299 struct mgmt_pending_cmd *cmd;
e1e930f5 9300 u8 status = mgmt_status(hci_status);
2a611692 9301
e1e930f5
JH		 9302 bacpy(&ev.addr.bdaddr, &conn->dst);
9303 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9304 ev.status = status;
2a611692 9305
e1e930f5
JH		 9306 cmd = find_pairing(conn);
9307
9308 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9309 cmd ? cmd->sk : NULL);
9310
a511b35b
JH		 9311 if (cmd) {
9312 cmd->cmd_complete(cmd, status);
9313 mgmt_pending_remove(cmd);
9314 }
2a611692 9315}
b312b161 9316
464996ae 9317void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 9318{
9319 struct cmd_lookup match = { NULL, hdev };
464996ae 9320 bool changed;
33ef95ed
JH		 9321
9322 if (status) {
9323 u8 mgmt_err = mgmt_status(status);
9324 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 9325 cmd_status_rsp, &mgmt_err);
464996ae 9326 return;
33ef95ed
JH		 9327 }
9328
464996ae 9329 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 9330 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 9331 else
a69d8927 9332 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 9333
33ef95ed 9334 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 9335 &match);
33ef95ed 9336
47990ea0 9337 if (changed)
464996ae 9338 new_settings(hdev, match.sk);
33ef95ed
JH		 9339
9340 if (match.sk)
9341 sock_put(match.sk);
33ef95ed
JH		 9342}
9343
3b0602cd 9344static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 9345{
9346 struct cmd_lookup *match = data;
9347
90e70454
JH		 9348 if (match->sk == NULL) {
9349 match->sk = cmd->sk;
9350 sock_hold(match->sk);
9351 }
90e70454
JH		 9352}
9353
4e1b0245
MH		 9354void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9355 u8 status)
7f9a903c 9356{
90e70454 9357 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 9358
92da6097
JH		 9359 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9360 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9361 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 9362
321c6fee 9363 if (!status) {
5504c3a3
MH		 9364 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
9365 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 9366 ext_info_changed(hdev, NULL);
9367 }
90e70454
JH		 9368
9369 if (match.sk)
9370 sock_put(match.sk);
7f9a903c
MH		 9371}
9372
7667da34 9373void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 9374{
b312b161 9375 struct mgmt_cp_set_local_name ev;
3b0602cd 9376 struct mgmt_pending_cmd *cmd;
28cc7bde 9377
13928971 9378 if (status)
7667da34 9379 return;
b312b161
JH		 9380
9381 memset(&ev, 0, sizeof(ev));
9382 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 9383 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 9384
333ae95d 9385 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 9386 if (!cmd) {
9387 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 9388
13928971
JH		 9389 /* If this is a HCI command related to powering on the
9390 * HCI dev don't send any mgmt signals.
9391 */
333ae95d 9392 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 9393 return;
890ea898 9394 }
b312b161 9395
5504c3a3
MH		 9396 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9397 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 9398 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 9399}
c35938b2 9400
799ce93d
JP		 9401static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9402{
9403 int i;
9404
9405 for (i = 0; i < uuid_count; i++) {
9406 if (!memcmp(uuid, uuids[i], 16))
9407 return true;
9408 }
9409
9410 return false;
9411}
9412
b487b9ce
MH		 9413static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9414{
799ce93d
JP		 9415 u16 parsed = 0;
9416
9417 while (parsed < eir_len) {
9418 u8 field_len = eir[0];
9419 u8 uuid[16];
9420 int i;
9421
9422 if (field_len == 0)
9423 break;
9424
9425 if (eir_len - parsed < field_len + 1)
9426 break;
9427
9428 switch (eir[1]) {
9429 case EIR_UUID16_ALL:
9430 case EIR_UUID16_SOME:
9431 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 9432 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 9433 uuid[13] = eir[i + 3];
9434 uuid[12] = eir[i + 2];
9435 if (has_uuid(uuid, uuid_count, uuids))
9436 return true;
9437 }
9438 break;
9439 case EIR_UUID32_ALL:
9440 case EIR_UUID32_SOME:
9441 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 9442 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 9443 uuid[15] = eir[i + 5];
9444 uuid[14] = eir[i + 4];
9445 uuid[13] = eir[i + 3];
9446 uuid[12] = eir[i + 2];
9447 if (has_uuid(uuid, uuid_count, uuids))
9448 return true;
9449 }
9450 break;
9451 case EIR_UUID128_ALL:
9452 case EIR_UUID128_SOME:
9453 for (i = 0; i + 17 <= field_len; i += 16) {
9454 memcpy(uuid, eir + i + 2, 16);
9455 if (has_uuid(uuid, uuid_count, uuids))
9456 return true;
9457 }
9458 break;
9459 }
9460
9461 parsed += field_len + 1;
9462 eir += field_len + 1;
9463 }
9464
b487b9ce
MH		 9465 return false;
9466}
9467
4b0e0ced
JP		 9468static void restart_le_scan(struct hci_dev *hdev)
9469{
9470 /* If controller is not scanning we are done. */
d7a5a11d 9471 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 9472 return;
9473
9474 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
9475 hdev->discovery.scan_start +
9476 hdev->discovery.scan_duration))
9477 return;
9478
7c1fbed2 9479 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 9480 DISCOV_LE_RESTART_DELAY);
9481}
9482
48f86b7f
JP		 9483static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
9484 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 9485{
48f86b7f
JP		 9486 /* If a RSSI threshold has been specified, and
9487 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
9488 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
9489 * is set, let it through for further processing, as we might need to
9490 * restart the scan.
efb2513f
MH		 9491 *
9492 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9493 * the results are also dropped.
bda157a4
MH		 9494 */
9495 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 9496 (rssi == HCI_RSSI_INVALID ||
9497 (rssi < hdev->discovery.rssi &&
9498 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 9499 return false;
efb2513f 9500
2976cdeb
JP		 9501 if (hdev->discovery.uuid_count != 0) {
9502 /* If a list of UUIDs is provided in filter, results with no
9503 * matching UUID should be dropped.
b487b9ce 9504 */
2976cdeb
JP		 9505 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
9506 hdev->discovery.uuids) &&
9507 !eir_has_uuids(scan_rsp, scan_rsp_len,
9508 hdev->discovery.uuid_count,
9509 hdev->discovery.uuids))
9510 return false;
b487b9ce 9511 }
5d2e9fad 9512
2976cdeb
JP		 9513 /* If duplicate filtering does not report RSSI changes, then restart
9514 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 9515 */
2976cdeb
JP		 9516 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
9517 restart_le_scan(hdev);
9518
9519 /* Validate RSSI value against the RSSI threshold once more. */
9520 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9521 rssi < hdev->discovery.rssi)
9522 return false;
9523 }
48f86b7f
JP		 9524
9525 return true;
9526}
9527
9528void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9529 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9530 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9531{
9532 char buf[512];
9533 struct mgmt_ev_device_found *ev = (void *)buf;
9534 size_t ev_size;
9535
9536 /* Don't send events for a non-kernel initiated discovery. With
9537 * LE one exception is if we have pend_le_reports > 0 in which
9538 * case we're doing passive scanning and want these events.
9539 */
9540 if (!hci_discovery_active(hdev)) {
9541 if (link_type == ACL_LINK)
9542 return;
8208f5a9
MC		 9543 if (link_type == LE_LINK &&
9544 list_empty(&hdev->pend_le_reports) &&
9545 !hci_is_adv_monitoring(hdev)) {
48f86b7f 9546 return;
8208f5a9 9547 }
48f86b7f
JP		 9548 }
9549
82f8b651 9550 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 9551 /* We are using service discovery */
9552 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
9553 scan_rsp_len))
9554 return;
9555 }
9556
78b781ca
JH		 9557 if (hdev->discovery.limited) {
9558 /* Check for limited discoverable bit */
9559 if (dev_class) {
9560 if (!(dev_class[1] & 0x20))
9561 return;
9562 } else {
9563 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
9564 if (!flags || !(flags[0] & LE_AD_LIMITED))
9565 return;
9566 }
9567 }
9568
48f86b7f
JP		 9569 /* Make sure that the buffer is big enough. The 5 extra bytes
9570 * are for the potential CoD field.
9571 */
9572 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 9573 return;
9574
48f86b7f
JP		 9575 memset(buf, 0, sizeof(buf));
9576
9577 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9578 * RSSI value was reported as 0 when not available. This behavior
9579 * is kept when using device discovery. This is required for full
9580 * backwards compatibility with the API.
9581 *
9582 * However when using service discovery, the value 127 will be
9583 * returned when the RSSI is not available.
9584 */
9585 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9586 link_type == ACL_LINK)
9587 rssi = 0;
9588
9589 bacpy(&ev->addr.bdaddr, bdaddr);
9590 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9591 ev->rssi = rssi;
9592 ev->flags = cpu_to_le32(flags);
9593
9594 if (eir_len > 0)
9595 /* Copy EIR or advertising data into event */
9596 memcpy(ev->eir, eir, eir_len);
9597
0d3b7f64
JH		 9598 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9599 NULL))
48f86b7f
JP		 9600 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9601 dev_class, 3);
9602
9603 if (scan_rsp_len > 0)
9604 /* Append scan response data to event */
9605 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9606
5d2e9fad
JH		 9607 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9608 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 9609
901801b9 9610 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 9611}
a88a9652 9612
9cf12aee
MH		 9613void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9614 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 9615{
b644ba33
JH		 9616 struct mgmt_ev_device_found *ev;
9617 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9618 u16 eir_len;
a88a9652 9619
b644ba33 9620 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 9621
b644ba33
JH		 9622 memset(buf, 0, sizeof(buf));
9623
9624 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 9625 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 9626 ev->rssi = rssi;
9627
9628 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 9629 name_len);
b644ba33 9630
eb55ef07 9631 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 9632
9cf12aee 9633 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 9634}
314b2381 9635
2f1e063b 9636void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 9637{
f963e8e9 9638 struct mgmt_ev_discovering ev;
164a6e78 9639
181d6953 9640 bt_dev_dbg(hdev, "discovering %u", discovering);
343fb145 9641
f963e8e9
JH		 9642 memset(&ev, 0, sizeof(ev));
9643 ev.type = hdev->discovery.type;
9644 ev.discovering = discovering;
9645
2f1e063b 9646 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 9647}
5e762444 9648
346ce5b7
APS		 9649void mgmt_suspending(struct hci_dev *hdev, u8 state)
9650{
9651 struct mgmt_ev_controller_suspend ev;
9652
9653 ev.suspend_state = state;
9654 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
9655}
9656
9657void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
9658 u8 addr_type)
9659{
9660 struct mgmt_ev_controller_resume ev;
9661
9662 ev.wake_reason = reason;
9663 if (bdaddr) {
9664 bacpy(&ev.addr.bdaddr, bdaddr);
9665 ev.addr.type = addr_type;
9666 } else {
9667 memset(&ev.addr, 0, sizeof(ev.addr));
9668 }
9669
9670 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
9671}
9672
6d785aa3
JH		 9673static struct hci_mgmt_chan chan = {
9674 .channel = HCI_CHANNEL_CONTROL,
9675 .handler_count = ARRAY_SIZE(mgmt_handlers),
9676 .handlers = mgmt_handlers,
88b94ce9 9677 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 9678};
9679
9680int mgmt_init(void)
9681{
9682 return hci_mgmt_chan_register(&chan);
9683}
9684
9685void mgmt_exit(void)
9686{
9687 hci_mgmt_chan_unregister(&chan);
9688}
Empty description
This page took 2.703699 seconds and 4 git commands to generate.