]> Git Repo - linux.git/blame - net/bluetooth/mgmt.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Add support for extended index management events
[linux.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
0381101f 38
2da9c55c 39#define MGMT_VERSION 1
beb1c21b 40#define MGMT_REVISION 9
02d98129 41
e70bb2e8
JH		 42static const u16 mgmt_commands[] = {
43 MGMT_OP_READ_INDEX_LIST,
44 MGMT_OP_READ_INFO,
45 MGMT_OP_SET_POWERED,
46 MGMT_OP_SET_DISCOVERABLE,
47 MGMT_OP_SET_CONNECTABLE,
48 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 49 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 50 MGMT_OP_SET_LINK_SECURITY,
51 MGMT_OP_SET_SSP,
52 MGMT_OP_SET_HS,
53 MGMT_OP_SET_LE,
54 MGMT_OP_SET_DEV_CLASS,
55 MGMT_OP_SET_LOCAL_NAME,
56 MGMT_OP_ADD_UUID,
57 MGMT_OP_REMOVE_UUID,
58 MGMT_OP_LOAD_LINK_KEYS,
59 MGMT_OP_LOAD_LONG_TERM_KEYS,
60 MGMT_OP_DISCONNECT,
61 MGMT_OP_GET_CONNECTIONS,
62 MGMT_OP_PIN_CODE_REPLY,
63 MGMT_OP_PIN_CODE_NEG_REPLY,
64 MGMT_OP_SET_IO_CAPABILITY,
65 MGMT_OP_PAIR_DEVICE,
66 MGMT_OP_CANCEL_PAIR_DEVICE,
67 MGMT_OP_UNPAIR_DEVICE,
68 MGMT_OP_USER_CONFIRM_REPLY,
69 MGMT_OP_USER_CONFIRM_NEG_REPLY,
70 MGMT_OP_USER_PASSKEY_REPLY,
71 MGMT_OP_USER_PASSKEY_NEG_REPLY,
72 MGMT_OP_READ_LOCAL_OOB_DATA,
73 MGMT_OP_ADD_REMOTE_OOB_DATA,
74 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
75 MGMT_OP_START_DISCOVERY,
76 MGMT_OP_STOP_DISCOVERY,
77 MGMT_OP_CONFIRM_NAME,
78 MGMT_OP_BLOCK_DEVICE,
79 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 80 MGMT_OP_SET_DEVICE_ID,
4375f103 81 MGMT_OP_SET_ADVERTISING,
0663ca2a 82 MGMT_OP_SET_BREDR,
d13eafce 83 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 84 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 85 MGMT_OP_SET_SECURE_CONN,
4e39ac81 86 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 87 MGMT_OP_SET_PRIVACY,
41edf160 88 MGMT_OP_LOAD_IRKS,
dd983808 89 MGMT_OP_GET_CONN_INFO,
95868426 90 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 91 MGMT_OP_ADD_DEVICE,
92 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 93 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 94 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 95 MGMT_OP_READ_CONFIG_INFO,
dbece37a 96 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 97 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 98 MGMT_OP_START_SERVICE_DISCOVERY,
e70bb2e8
JH		 99};
100
101static const u16 mgmt_events[] = {
102 MGMT_EV_CONTROLLER_ERROR,
103 MGMT_EV_INDEX_ADDED,
104 MGMT_EV_INDEX_REMOVED,
105 MGMT_EV_NEW_SETTINGS,
106 MGMT_EV_CLASS_OF_DEV_CHANGED,
107 MGMT_EV_LOCAL_NAME_CHANGED,
108 MGMT_EV_NEW_LINK_KEY,
109 MGMT_EV_NEW_LONG_TERM_KEY,
110 MGMT_EV_DEVICE_CONNECTED,
111 MGMT_EV_DEVICE_DISCONNECTED,
112 MGMT_EV_CONNECT_FAILED,
113 MGMT_EV_PIN_CODE_REQUEST,
114 MGMT_EV_USER_CONFIRM_REQUEST,
115 MGMT_EV_USER_PASSKEY_REQUEST,
116 MGMT_EV_AUTH_FAILED,
117 MGMT_EV_DEVICE_FOUND,
118 MGMT_EV_DISCOVERING,
119 MGMT_EV_DEVICE_BLOCKED,
120 MGMT_EV_DEVICE_UNBLOCKED,
121 MGMT_EV_DEVICE_UNPAIRED,
92a25256 122 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 123 MGMT_EV_NEW_IRK,
7ee4ea36 124 MGMT_EV_NEW_CSRK,
8afef092
MH		 125 MGMT_EV_DEVICE_ADDED,
126 MGMT_EV_DEVICE_REMOVED,
ffb5a827 127 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 128 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 129 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 130 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 131 MGMT_EV_EXT_INDEX_ADDED,
132 MGMT_EV_EXT_INDEX_REMOVED,
e70bb2e8
JH		 133};
134
17b02e62 135#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 136
d25b78e2
JH		 137#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
138 "\x00\x00\x00\x00\x00\x00\x00\x00"
139
3b0602cd 140struct mgmt_pending_cmd {
eec8d2bc 141 struct list_head list;
fc2f4b13 142 u16 opcode;
eec8d2bc 143 int index;
c68fb7ff 144 void *param;
323b0b88 145 size_t param_len;
eec8d2bc 146 struct sock *sk;
e9a416b5 147 void *user_data;
3b0602cd 148 int (*cmd_complete)(struct mgmt_pending_cmd *cmd, u8 status);
eec8d2bc
JH		 149};
150
ca69b795
JH		 151/* HCI to MGMT error code conversion table */
152static u8 mgmt_status_table[] = {
153 MGMT_STATUS_SUCCESS,
154 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
155 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
156 MGMT_STATUS_FAILED, /* Hardware Failure */
157 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
158 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 159 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 160 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
161 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
162 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
163 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
164 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
165 MGMT_STATUS_BUSY, /* Command Disallowed */
166 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
167 MGMT_STATUS_REJECTED, /* Rejected Security */
168 MGMT_STATUS_REJECTED, /* Rejected Personal */
169 MGMT_STATUS_TIMEOUT, /* Host Timeout */
170 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
171 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
172 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
173 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
174 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
175 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
176 MGMT_STATUS_BUSY, /* Repeated Attempts */
177 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
178 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
179 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
180 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
181 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
182 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
183 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
184 MGMT_STATUS_FAILED, /* Unspecified Error */
185 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
186 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
187 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
188 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
189 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
190 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
191 MGMT_STATUS_FAILED, /* Unit Link Key Used */
192 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
193 MGMT_STATUS_TIMEOUT, /* Instant Passed */
194 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
195 MGMT_STATUS_FAILED, /* Transaction Collision */
196 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
197 MGMT_STATUS_REJECTED, /* QoS Rejected */
198 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
199 MGMT_STATUS_REJECTED, /* Insufficient Security */
200 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
201 MGMT_STATUS_BUSY, /* Role Switch Pending */
202 MGMT_STATUS_FAILED, /* Slot Violation */
203 MGMT_STATUS_FAILED, /* Role Switch Failed */
204 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
205 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
206 MGMT_STATUS_BUSY, /* Host Busy Pairing */
207 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
208 MGMT_STATUS_BUSY, /* Controller Busy */
209 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
210 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
211 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
212 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
213 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
214};
215
216static u8 mgmt_status(u8 hci_status)
217{
218 if (hci_status < ARRAY_SIZE(mgmt_status_table))
219 return mgmt_status_table[hci_status];
220
221 return MGMT_STATUS_FAILED;
222}
223
7a00ff44
JH		 224static int mgmt_send_event(u16 event, struct hci_dev *hdev,
225 unsigned short channel, void *data, u16 data_len,
226 struct sock *skip_sk)
04c60f05
MH		 227{
228 struct sk_buff *skb;
229 struct mgmt_hdr *hdr;
230
231 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
232 if (!skb)
233 return -ENOMEM;
234
235 hdr = (void *) skb_put(skb, sizeof(*hdr));
236 hdr->opcode = cpu_to_le16(event);
237 if (hdev)
238 hdr->index = cpu_to_le16(hdev->id);
239 else
240 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
241 hdr->len = cpu_to_le16(data_len);
242
243 if (data)
244 memcpy(skb_put(skb, data_len), data, data_len);
245
246 /* Time stamp */
247 __net_timestamp(skb);
248
7a00ff44 249 hci_send_to_channel(channel, skb, skip_sk);
04c60f05
MH		 250 kfree_skb(skb);
251
252 return 0;
253}
254
f9207338
MH		 255static int mgmt_index_event(u16 event, struct hci_dev *hdev,
256 void *data, u16 data_len, int flag)
257{
258 struct sk_buff *skb;
259 struct mgmt_hdr *hdr;
260
261 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
262 if (!skb)
263 return -ENOMEM;
264
265 hdr = (void *) skb_put(skb, sizeof(*hdr));
266 hdr->opcode = cpu_to_le16(event);
267 hdr->index = cpu_to_le16(hdev->id);
268 hdr->len = cpu_to_le16(data_len);
269
270 if (data)
271 memcpy(skb_put(skb, data_len), data, data_len);
272
273 /* Time stamp */
274 __net_timestamp(skb);
275
276 hci_send_to_flagged_channel(HCI_CHANNEL_CONTROL, skb, flag);
277 kfree_skb(skb);
278
279 return 0;
280}
281
7a00ff44
JH		 282static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
283 struct sock *skip_sk)
284{
285 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
286 skip_sk);
287}
288
a69e8375 289static int mgmt_cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 290{
291 struct sk_buff *skb;
292 struct mgmt_hdr *hdr;
293 struct mgmt_ev_cmd_status *ev;
56b7d137 294 int err;
f7b64e69 295
34eb525c 296 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 297
790eff44 298 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 299 if (!skb)
300 return -ENOMEM;
301
302 hdr = (void *) skb_put(skb, sizeof(*hdr));
303
dcf4adbf 304 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 305 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 306 hdr->len = cpu_to_le16(sizeof(*ev));
307
308 ev = (void *) skb_put(skb, sizeof(*ev));
309 ev->status = status;
eb55ef07 310 ev->opcode = cpu_to_le16(cmd);
f7b64e69 311
56b7d137
GP		 312 err = sock_queue_rcv_skb(sk, skb);
313 if (err < 0)
f7b64e69
JH		 314 kfree_skb(skb);
315
56b7d137 316 return err;
f7b64e69
JH		 317}
318
2a1afb5a
JH		 319static int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
320 void *rp, size_t rp_len)
02d98129
JH		 321{
322 struct sk_buff *skb;
323 struct mgmt_hdr *hdr;
324 struct mgmt_ev_cmd_complete *ev;
56b7d137 325 int err;
02d98129
JH		 326
327 BT_DBG("sock %p", sk);
328
790eff44 329 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 330 if (!skb)
331 return -ENOMEM;
332
333 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 334
dcf4adbf 335 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 336 hdr->index = cpu_to_le16(index);
a38528f1 337 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 338
a38528f1 339 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 340 ev->opcode = cpu_to_le16(cmd);
aee9b218 341 ev->status = status;
8020c16a
SJ		 342
343 if (rp)
344 memcpy(ev->data, rp, rp_len);
02d98129 345
56b7d137
GP		 346 err = sock_queue_rcv_skb(sk, skb);
347 if (err < 0)
02d98129
JH		 348 kfree_skb(skb);
349
e5f0e151 350 return err;
02d98129
JH		 351}
352
04124681
GP		 353static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
354 u16 data_len)
a38528f1
JH		 355{
356 struct mgmt_rp_read_version rp;
357
358 BT_DBG("sock %p", sk);
359
360 rp.version = MGMT_VERSION;
dcf4adbf 361 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 362
2a1afb5a
JH		 363 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
364 &rp, sizeof(rp));
a38528f1
JH		 365}
366
04124681
GP		 367static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
368 u16 data_len)
e70bb2e8
JH		 369{
370 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 371 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
372 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 373 __le16 *opcode;
e70bb2e8
JH		 374 size_t rp_size;
375 int i, err;
376
377 BT_DBG("sock %p", sk);
378
379 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
380
381 rp = kmalloc(rp_size, GFP_KERNEL);
382 if (!rp)
383 return -ENOMEM;
384
dcf4adbf
JP		 385 rp->num_commands = cpu_to_le16(num_commands);
386 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 387
388 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
389 put_unaligned_le16(mgmt_commands[i], opcode);
390
391 for (i = 0; i < num_events; i++, opcode++)
392 put_unaligned_le16(mgmt_events[i], opcode);
393
2a1afb5a
JH		 394 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
395 rp, rp_size);
e70bb2e8
JH		 396 kfree(rp);
397
398 return err;
399}
400
04124681
GP		 401static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
402 u16 data_len)
faba42eb 403{
faba42eb 404 struct mgmt_rp_read_index_list *rp;
8035ded4 405 struct hci_dev *d;
a38528f1 406 size_t rp_len;
faba42eb 407 u16 count;
476e44cb 408 int err;
faba42eb
JH		 409
410 BT_DBG("sock %p", sk);
411
412 read_lock(&hci_dev_list_lock);
413
414 count = 0;
bb4b2a9a 415 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a 416 if (d->dev_type == HCI_BREDR &&
d7a5a11d 417 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 418 count++;
faba42eb
JH		 419 }
420
a38528f1
JH		 421 rp_len = sizeof(*rp) + (2 * count);
422 rp = kmalloc(rp_len, GFP_ATOMIC);
423 if (!rp) {
b2c60d42 424 read_unlock(&hci_dev_list_lock);
faba42eb 425 return -ENOMEM;
b2c60d42 426 }
faba42eb 427
476e44cb 428 count = 0;
8035ded4 429 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 430 if (hci_dev_test_flag(d, HCI_SETUP) ||
431 hci_dev_test_flag(d, HCI_CONFIG) ||
432 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 433 continue;
434
73d1df2a
MH		 435 /* Devices marked as raw-only are neither configured
436 * nor unconfigured controllers.
437 */
438 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 439 continue;
440
73d1df2a 441 if (d->dev_type == HCI_BREDR &&
d7a5a11d 442 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 443 rp->index[count++] = cpu_to_le16(d->id);
444 BT_DBG("Added hci%u", d->id);
445 }
faba42eb
JH		 446 }
447
476e44cb
JH		 448 rp->num_controllers = cpu_to_le16(count);
449 rp_len = sizeof(*rp) + (2 * count);
450
faba42eb
JH		 451 read_unlock(&hci_dev_list_lock);
452
2a1afb5a
JH		 453 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
454 0, rp, rp_len);
faba42eb 455
a38528f1
JH		 456 kfree(rp);
457
458 return err;
faba42eb
JH		 459}
460
73d1df2a
MH		 461static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
462 void *data, u16 data_len)
463{
464 struct mgmt_rp_read_unconf_index_list *rp;
465 struct hci_dev *d;
466 size_t rp_len;
467 u16 count;
468 int err;
469
470 BT_DBG("sock %p", sk);
471
472 read_lock(&hci_dev_list_lock);
473
474 count = 0;
475 list_for_each_entry(d, &hci_dev_list, list) {
476 if (d->dev_type == HCI_BREDR &&
d7a5a11d 477 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 478 count++;
479 }
480
481 rp_len = sizeof(*rp) + (2 * count);
482 rp = kmalloc(rp_len, GFP_ATOMIC);
483 if (!rp) {
484 read_unlock(&hci_dev_list_lock);
485 return -ENOMEM;
486 }
487
488 count = 0;
489 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 490 if (hci_dev_test_flag(d, HCI_SETUP) ||
491 hci_dev_test_flag(d, HCI_CONFIG) ||
492 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 493 continue;
494
495 /* Devices marked as raw-only are neither configured
496 * nor unconfigured controllers.
497 */
498 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
499 continue;
500
501 if (d->dev_type == HCI_BREDR &&
d7a5a11d 502 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 503 rp->index[count++] = cpu_to_le16(d->id);
504 BT_DBG("Added hci%u", d->id);
505 }
506 }
507
508 rp->num_controllers = cpu_to_le16(count);
509 rp_len = sizeof(*rp) + (2 * count);
510
511 read_unlock(&hci_dev_list_lock);
512
2a1afb5a
JH		 513 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
514 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 515
516 kfree(rp);
517
518 return err;
519}
520
dbece37a
MH		 521static bool is_configured(struct hci_dev *hdev)
522{
523 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 524 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 525 return false;
526
527 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
528 !bacmp(&hdev->public_addr, BDADDR_ANY))
529 return false;
530
531 return true;
532}
533
89bc22d2
MH		 534static __le32 get_missing_options(struct hci_dev *hdev)
535{
536 u32 options = 0;
537
dbece37a 538 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 539 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 540 options |= MGMT_OPTION_EXTERNAL_CONFIG;
541
89bc22d2
MH		 542 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
543 !bacmp(&hdev->public_addr, BDADDR_ANY))
544 options |= MGMT_OPTION_PUBLIC_ADDRESS;
545
546 return cpu_to_le32(options);
547}
548
f4537c04
MH		 549static int new_options(struct hci_dev *hdev, struct sock *skip)
550{
551 __le32 options = get_missing_options(hdev);
552
553 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
554 sizeof(options), skip);
555}
556
dbece37a
MH		 557static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
558{
559 __le32 options = get_missing_options(hdev);
560
2a1afb5a
JH		 561 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
562 sizeof(options));
dbece37a
MH		 563}
564
9fc3bfb6
MH		 565static int read_config_info(struct sock *sk, struct hci_dev *hdev,
566 void *data, u16 data_len)
567{
568 struct mgmt_rp_read_config_info rp;
89bc22d2 569 u32 options = 0;
9fc3bfb6
MH		 570
571 BT_DBG("sock %p %s", sk, hdev->name);
572
573 hci_dev_lock(hdev);
574
575 memset(&rp, 0, sizeof(rp));
576 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 577
eb1904f4
MH		 578 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
579 options |= MGMT_OPTION_EXTERNAL_CONFIG;
580
9fc3bfb6 581 if (hdev->set_bdaddr)
89bc22d2
MH		 582 options |= MGMT_OPTION_PUBLIC_ADDRESS;
583
584 rp.supported_options = cpu_to_le32(options);
585 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 586
587 hci_dev_unlock(hdev);
588
2a1afb5a
JH		 589 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
590 &rp, sizeof(rp));
9fc3bfb6
MH		 591}
592
69ab39ea
JH		 593static u32 get_supported_settings(struct hci_dev *hdev)
594{
595 u32 settings = 0;
596
597 settings |= MGMT_SETTING_POWERED;
b2939475 598 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 599 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 600 settings |= MGMT_SETTING_CONNECTABLE;
601 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 602
ed3fa31f 603 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 604 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
605 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 606 settings |= MGMT_SETTING_BREDR;
607 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 608
609 if (lmp_ssp_capable(hdev)) {
610 settings |= MGMT_SETTING_SSP;
611 settings |= MGMT_SETTING_HS;
612 }
e98d2ce2 613
05b3c3e7 614 if (lmp_sc_capable(hdev))
e98d2ce2 615 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 616 }
d7b7e796 617
eeca6f89 618 if (lmp_le_capable(hdev)) {
9d42820f 619 settings |= MGMT_SETTING_LE;
eeca6f89 620 settings |= MGMT_SETTING_ADVERTISING;
a3209694 621 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 622 settings |= MGMT_SETTING_PRIVACY;
93690c22 623 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 624 }
69ab39ea 625
eb1904f4
MH		 626 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
627 hdev->set_bdaddr)
9fc3bfb6
MH		 628 settings |= MGMT_SETTING_CONFIGURATION;
629
69ab39ea
JH		 630 return settings;
631}
632
633static u32 get_current_settings(struct hci_dev *hdev)
634{
635 u32 settings = 0;
636
f1f0eb02 637 if (hdev_is_powered(hdev))
f0d4b78a
MH		 638 settings |= MGMT_SETTING_POWERED;
639
d7a5a11d 640 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 641 settings |= MGMT_SETTING_CONNECTABLE;
642
d7a5a11d 643 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 644 settings |= MGMT_SETTING_FAST_CONNECTABLE;
645
d7a5a11d 646 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 647 settings |= MGMT_SETTING_DISCOVERABLE;
648
d7a5a11d 649 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 650 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 651
d7a5a11d 652 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 653 settings |= MGMT_SETTING_BREDR;
654
d7a5a11d 655 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 656 settings |= MGMT_SETTING_LE;
657
d7a5a11d 658 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 659 settings |= MGMT_SETTING_LINK_SECURITY;
660
d7a5a11d 661 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 662 settings |= MGMT_SETTING_SSP;
663
d7a5a11d 664 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 665 settings |= MGMT_SETTING_HS;
666
d7a5a11d 667 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 668 settings |= MGMT_SETTING_ADVERTISING;
669
d7a5a11d 670 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 671 settings |= MGMT_SETTING_SECURE_CONN;
672
d7a5a11d 673 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 674 settings |= MGMT_SETTING_DEBUG_KEYS;
675
d7a5a11d 676 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 677 settings |= MGMT_SETTING_PRIVACY;
678
93690c22
MH		 679 /* The current setting for static address has two purposes. The
680 * first is to indicate if the static address will be used and
681 * the second is to indicate if it is actually set.
682 *
683 * This means if the static address is not configured, this flag
684 * will never bet set. If the address is configured, then if the
685 * address is actually used decides if the flag is set or not.
686 *
687 * For single mode LE only controllers and dual-mode controllers
688 * with BR/EDR disabled, the existence of the static address will
689 * be evaluated.
690 */
b7cb93e5 691 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 692 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 693 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
694 if (bacmp(&hdev->static_addr, BDADDR_ANY))
695 settings |= MGMT_SETTING_STATIC_ADDRESS;
696 }
697
69ab39ea
JH		 698 return settings;
699}
700
ef580372
JH		 701#define PNP_INFO_SVCLASS_ID 0x1200
702
213202ed
JH		 703static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
704{
705 u8 *ptr = data, *uuids_start = NULL;
706 struct bt_uuid *uuid;
707
708 if (len < 4)
709 return ptr;
710
711 list_for_each_entry(uuid, &hdev->uuids, list) {
712 u16 uuid16;
713
714 if (uuid->size != 16)
715 continue;
716
717 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
718 if (uuid16 < 0x1100)
719 continue;
720
721 if (uuid16 == PNP_INFO_SVCLASS_ID)
722 continue;
723
724 if (!uuids_start) {
725 uuids_start = ptr;
726 uuids_start[0] = 1;
727 uuids_start[1] = EIR_UUID16_ALL;
728 ptr += 2;
729 }
730
731 /* Stop if not enough space to put next UUID */
732 if ((ptr - data) + sizeof(u16) > len) {
733 uuids_start[1] = EIR_UUID16_SOME;
734 break;
735 }
736
737 *ptr++ = (uuid16 & 0x00ff);
738 *ptr++ = (uuid16 & 0xff00) >> 8;
739 uuids_start[0] += sizeof(uuid16);
740 }
741
742 return ptr;
743}
744
cdf1963f
JH		 745static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
746{
747 u8 *ptr = data, *uuids_start = NULL;
748 struct bt_uuid *uuid;
749
750 if (len < 6)
751 return ptr;
752
753 list_for_each_entry(uuid, &hdev->uuids, list) {
754 if (uuid->size != 32)
755 continue;
756
757 if (!uuids_start) {
758 uuids_start = ptr;
759 uuids_start[0] = 1;
760 uuids_start[1] = EIR_UUID32_ALL;
761 ptr += 2;
762 }
763
764 /* Stop if not enough space to put next UUID */
765 if ((ptr - data) + sizeof(u32) > len) {
766 uuids_start[1] = EIR_UUID32_SOME;
767 break;
768 }
769
770 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
771 ptr += sizeof(u32);
772 uuids_start[0] += sizeof(u32);
773 }
774
775 return ptr;
776}
777
c00d575b
JH		 778static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
779{
780 u8 *ptr = data, *uuids_start = NULL;
781 struct bt_uuid *uuid;
782
783 if (len < 18)
784 return ptr;
785
786 list_for_each_entry(uuid, &hdev->uuids, list) {
787 if (uuid->size != 128)
788 continue;
789
790 if (!uuids_start) {
791 uuids_start = ptr;
792 uuids_start[0] = 1;
793 uuids_start[1] = EIR_UUID128_ALL;
794 ptr += 2;
795 }
796
797 /* Stop if not enough space to put next UUID */
798 if ((ptr - data) + 16 > len) {
799 uuids_start[1] = EIR_UUID128_SOME;
800 break;
801 }
802
803 memcpy(ptr, uuid->uuid, 16);
804 ptr += 16;
805 uuids_start[0] += 16;
806 }
807
808 return ptr;
809}
810
3b0602cd
JH		 811static struct mgmt_pending_cmd *mgmt_pending_find(u16 opcode,
812 struct hci_dev *hdev)
eb2a8d20 813{
3b0602cd 814 struct mgmt_pending_cmd *cmd;
eb2a8d20
JH		 815
816 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
817 if (cmd->opcode == opcode)
818 return cmd;
819 }
820
821 return NULL;
822}
823
3b0602cd
JH		 824static struct mgmt_pending_cmd *mgmt_pending_find_data(u16 opcode,
825 struct hci_dev *hdev,
826 const void *data)
95868426 827{
3b0602cd 828 struct mgmt_pending_cmd *cmd;
95868426
JH		 829
830 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
831 if (cmd->user_data != data)
832 continue;
833 if (cmd->opcode == opcode)
834 return cmd;
835 }
836
837 return NULL;
838}
839
f14d8f64
MH		 840static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
841{
7a5f4990
MH		 842 u8 ad_len = 0;
843 size_t name_len;
844
845 name_len = strlen(hdev->dev_name);
846 if (name_len > 0) {
847 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
848
849 if (name_len > max_len) {
850 name_len = max_len;
851 ptr[1] = EIR_NAME_SHORT;
852 } else
853 ptr[1] = EIR_NAME_COMPLETE;
854
855 ptr[0] = name_len + 1;
856
857 memcpy(ptr + 2, hdev->dev_name, name_len);
858
859 ad_len += (name_len + 2);
860 ptr += (name_len + 2);
861 }
862
863 return ad_len;
f14d8f64
MH		 864}
865
866static void update_scan_rsp_data(struct hci_request *req)
867{
868 struct hci_dev *hdev = req->hdev;
869 struct hci_cp_le_set_scan_rsp_data cp;
870 u8 len;
871
d7a5a11d 872 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
f14d8f64
MH		 873 return;
874
875 memset(&cp, 0, sizeof(cp));
876
877 len = create_scan_rsp_data(hdev, cp.data);
878
eb438b5f
JH		 879 if (hdev->scan_rsp_data_len == len &&
880 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 881 return;
882
eb438b5f
JH		 883 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
884 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 885
886 cp.length = len;
887
888 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
889}
890
9a43e25f
JH		 891static u8 get_adv_discov_flags(struct hci_dev *hdev)
892{
3b0602cd 893 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 894
895 /* If there's a pending mgmt command the flags will not yet have
896 * their final values, so check for this first.
897 */
898 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
899 if (cmd) {
900 struct mgmt_mode *cp = cmd->param;
901 if (cp->val == 0x01)
902 return LE_AD_GENERAL;
903 else if (cp->val == 0x02)
904 return LE_AD_LIMITED;
905 } else {
d7a5a11d 906 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 907 return LE_AD_LIMITED;
d7a5a11d 908 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 909 return LE_AD_GENERAL;
910 }
911
912 return 0;
913}
914
46cad2ed 915static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 916{
917 u8 ad_len = 0, flags = 0;
441ad2d0 918
9a43e25f 919 flags |= get_adv_discov_flags(hdev);
441ad2d0 920
d7a5a11d 921 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
441ad2d0 922 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 923
924 if (flags) {
925 BT_DBG("adv flags 0x%02x", flags);
926
927 ptr[0] = 2;
928 ptr[1] = EIR_FLAGS;
929 ptr[2] = flags;
930
931 ad_len += 3;
932 ptr += 3;
933 }
934
935 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
936 ptr[0] = 2;
937 ptr[1] = EIR_TX_POWER;
938 ptr[2] = (u8) hdev->adv_tx_power;
939
940 ad_len += 3;
941 ptr += 3;
942 }
943
441ad2d0
MH		 944 return ad_len;
945}
946
5947f4bc 947static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 948{
949 struct hci_dev *hdev = req->hdev;
950 struct hci_cp_le_set_adv_data cp;
951 u8 len;
952
d7a5a11d 953 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
441ad2d0
MH		 954 return;
955
956 memset(&cp, 0, sizeof(cp));
957
46cad2ed 958 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 959
960 if (hdev->adv_data_len == len &&
961 memcmp(cp.data, hdev->adv_data, len) == 0)
962 return;
963
964 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
965 hdev->adv_data_len = len;
966
967 cp.length = len;
968
969 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
970}
971
bc6d2d04
JH		 972int mgmt_update_adv_data(struct hci_dev *hdev)
973{
974 struct hci_request req;
975
976 hci_req_init(&req, hdev);
977 update_adv_data(&req);
978
979 return hci_req_run(&req, NULL);
980}
981
ef580372
JH		 982static void create_eir(struct hci_dev *hdev, u8 *data)
983{
984 u8 *ptr = data;
ef580372
JH		 985 size_t name_len;
986
987 name_len = strlen(hdev->dev_name);
988
989 if (name_len > 0) {
990 /* EIR Data type */
991 if (name_len > 48) {
992 name_len = 48;
993 ptr[1] = EIR_NAME_SHORT;
994 } else
995 ptr[1] = EIR_NAME_COMPLETE;
996
997 /* EIR Data length */
998 ptr[0] = name_len + 1;
999
1000 memcpy(ptr + 2, hdev->dev_name, name_len);
1001
ef580372
JH		 1002 ptr += (name_len + 2);
1003 }
1004
bbaf444a 1005 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 1006 ptr[0] = 2;
1007 ptr[1] = EIR_TX_POWER;
1008 ptr[2] = (u8) hdev->inq_tx_power;
1009
91c4e9b1
MH		 1010 ptr += 3;
1011 }
1012
2b9be137
MH		 1013 if (hdev->devid_source > 0) {
1014 ptr[0] = 9;
1015 ptr[1] = EIR_DEVICE_ID;
1016
1017 put_unaligned_le16(hdev->devid_source, ptr + 2);
1018 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
1019 put_unaligned_le16(hdev->devid_product, ptr + 6);
1020 put_unaligned_le16(hdev->devid_version, ptr + 8);
1021
2b9be137
MH		 1022 ptr += 10;
1023 }
1024
213202ed 1025 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 1026 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 1027 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 1028}
1029
890ea898 1030static void update_eir(struct hci_request *req)
ef580372 1031{
890ea898 1032 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1033 struct hci_cp_write_eir cp;
1034
504c8dcd 1035 if (!hdev_is_powered(hdev))
890ea898 1036 return;
7770c4aa 1037
976eb20e 1038 if (!lmp_ext_inq_capable(hdev))
890ea898 1039 return;
ef580372 1040
d7a5a11d 1041 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
890ea898 1042 return;
ef580372 1043
d7a5a11d 1044 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1045 return;
ef580372
JH		 1046
1047 memset(&cp, 0, sizeof(cp));
1048
1049 create_eir(hdev, cp.data);
1050
1051 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 1052 return;
ef580372
JH		 1053
1054 memcpy(hdev->eir, cp.data, sizeof(cp.data));
1055
890ea898 1056 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 1057}
1058
1059static u8 get_service_classes(struct hci_dev *hdev)
1060{
1061 struct bt_uuid *uuid;
1062 u8 val = 0;
1063
1064 list_for_each_entry(uuid, &hdev->uuids, list)
1065 val |= uuid->svc_hint;
1066
1067 return val;
1068}
1069
890ea898 1070static void update_class(struct hci_request *req)
ef580372 1071{
890ea898 1072 struct hci_dev *hdev = req->hdev;
ef580372
JH		 1073 u8 cod[3];
1074
1075 BT_DBG("%s", hdev->name);
1076
504c8dcd 1077 if (!hdev_is_powered(hdev))
890ea898 1078 return;
7770c4aa 1079
d7a5a11d 1080 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
f87ea1da
JH		 1081 return;
1082
d7a5a11d 1083 if (hci_dev_test_flag(hdev, HCI_SERVICE_CACHE))
890ea898 1084 return;
ef580372
JH		 1085
1086 cod[0] = hdev->minor_class;
1087 cod[1] = hdev->major_class;
1088 cod[2] = get_service_classes(hdev);
1089
d7a5a11d 1090 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
6acd7db4
MH		 1091 cod[1] |= 0x20;
1092
ef580372 1093 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1094 return;
ef580372 1095
890ea898 1096 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1097}
1098
a4858cb9 1099static bool get_connectable(struct hci_dev *hdev)
199a2fb1 1100{
3b0602cd 1101 struct mgmt_pending_cmd *cmd;
199a2fb1
JH		 1102
1103 /* If there's a pending mgmt command the flag will not yet have
1104 * it's final value, so check for this first.
1105 */
1106 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1107 if (cmd) {
1108 struct mgmt_mode *cp = cmd->param;
a4858cb9 1109 return cp->val;
199a2fb1
JH		 1110 }
1111
d7a5a11d 1112 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
199a2fb1
JH		 1113}
1114
0ec5ae84
JH		 1115static void disable_advertising(struct hci_request *req)
1116{
1117 u8 enable = 0x00;
1118
1119 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1120}
1121
199a2fb1
JH		 1122static void enable_advertising(struct hci_request *req)
1123{
1124 struct hci_dev *hdev = req->hdev;
1125 struct hci_cp_le_set_adv_param cp;
8f2a0601 1126 u8 own_addr_type, enable = 0x01;
a4858cb9 1127 bool connectable;
199a2fb1 1128
0ec5ae84
JH		 1129 if (hci_conn_num(hdev, LE_LINK) > 0)
1130 return;
1131
d7a5a11d 1132 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
0ec5ae84
JH		 1133 disable_advertising(req);
1134
5ce194c4 1135 /* Clear the HCI_LE_ADV bit temporarily so that the
8d97250e
JH		 1136 * hci_update_random_address knows that it's safe to go ahead
1137 * and write a new random address. The flag will be set back on
1138 * as soon as the SET_ADV_ENABLE HCI command completes.
1139 */
a358dc11 1140 hci_dev_clear_flag(hdev, HCI_LE_ADV);
8d97250e 1141
d7a5a11d 1142 if (hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE))
cc91cb04
MH		 1143 connectable = true;
1144 else
1145 connectable = get_connectable(hdev);
8f2a0601 1146
a4858cb9
JH		 1147 /* Set require_privacy to true only when non-connectable
1148 * advertising is used. In that case it is fine to use a
1149 * non-resolvable private address.
1150 */
1151 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1152 return;
1153
41c90c18 1154 memset(&cp, 0, sizeof(cp));
628531c9
GL		 1155 cp.min_interval = cpu_to_le16(hdev->le_adv_min_interval);
1156 cp.max_interval = cpu_to_le16(hdev->le_adv_max_interval);
a4858cb9 1157 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1158 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1159 cp.channel_map = hdev->le_adv_channel_map;
1160
1161 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1162
1163 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1164}
1165
7d78525d
JH		 1166static void service_cache_off(struct work_struct *work)
1167{
1168 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1169 service_cache.work);
890ea898 1170 struct hci_request req;
7d78525d 1171
a69d8927 1172 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1173 return;
1174
890ea898
JH		 1175 hci_req_init(&req, hdev);
1176
7d78525d
JH		 1177 hci_dev_lock(hdev);
1178
890ea898
JH		 1179 update_eir(&req);
1180 update_class(&req);
7d78525d
JH		 1181
1182 hci_dev_unlock(hdev);
890ea898
JH		 1183
1184 hci_req_run(&req, NULL);
7d78525d
JH		 1185}
1186
d6bfd59c
JH		 1187static void rpa_expired(struct work_struct *work)
1188{
1189 struct hci_dev *hdev = container_of(work, struct hci_dev,
1190 rpa_expired.work);
1191 struct hci_request req;
1192
1193 BT_DBG("");
1194
a1536da2 1195 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1196
d7a5a11d 1197 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1198 return;
1199
1200 /* The generation of a new RPA and programming it into the
1201 * controller happens in the enable_advertising() function.
1202 */
d6bfd59c 1203 hci_req_init(&req, hdev);
d6bfd59c 1204 enable_advertising(&req);
d6bfd59c
JH		 1205 hci_req_run(&req, NULL);
1206}
1207
6a919082 1208static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1209{
238be788 1210 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1211 return;
1212
4f87da80 1213 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1214 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1215
4f87da80
JH		 1216 /* Non-mgmt controlled devices get this bit set
1217 * implicitly so that pairing works for them, however
1218 * for mgmt we require user-space to explicitly enable
1219 * it
1220 */
a358dc11 1221 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1222}
1223
0f4e68cf 1224static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1225 void *data, u16 data_len)
0381101f 1226{
a38528f1 1227 struct mgmt_rp_read_info rp;
f7b64e69 1228
bdb6d971 1229 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1230
09fd0de5 1231 hci_dev_lock(hdev);
f7b64e69 1232
dc4fe30b
JH		 1233 memset(&rp, 0, sizeof(rp));
1234
69ab39ea 1235 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1236
69ab39ea 1237 rp.version = hdev->hci_ver;
eb55ef07 1238 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1239
1240 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1241 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1242
a38528f1 1243 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1244
dc4fe30b 1245 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1246 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1247
09fd0de5 1248 hci_dev_unlock(hdev);
0381101f 1249
2a1afb5a
JH		 1250 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1251 sizeof(rp));
0381101f
JH		 1252}
1253
3b0602cd 1254static void mgmt_pending_free(struct mgmt_pending_cmd *cmd)
eec8d2bc
JH		 1255{
1256 sock_put(cmd->sk);
c68fb7ff 1257 kfree(cmd->param);
eec8d2bc
JH		 1258 kfree(cmd);
1259}
1260
3b0602cd
JH		 1261static struct mgmt_pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
1262 struct hci_dev *hdev,
1263 void *data, u16 len)
eec8d2bc 1264{
3b0602cd 1265 struct mgmt_pending_cmd *cmd;
eec8d2bc 1266
fca20018 1267 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1268 if (!cmd)
366a0336 1269 return NULL;
eec8d2bc
JH		 1270
1271 cmd->opcode = opcode;
2e58ef3e 1272 cmd->index = hdev->id;
eec8d2bc 1273
323b0b88 1274 cmd->param = kmemdup(data, len, GFP_KERNEL);
c68fb7ff 1275 if (!cmd->param) {
eec8d2bc 1276 kfree(cmd);
366a0336 1277 return NULL;
eec8d2bc
JH		 1278 }
1279
323b0b88 1280 cmd->param_len = len;
eec8d2bc
JH		 1281
1282 cmd->sk = sk;
1283 sock_hold(sk);
1284
2e58ef3e 1285 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1286
366a0336 1287 return cmd;
eec8d2bc
JH		 1288}
1289
744cf19e 1290static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
3b0602cd 1291 void (*cb)(struct mgmt_pending_cmd *cmd,
8fc9ced3 1292 void *data),
04124681 1293 void *data)
eec8d2bc 1294{
3b0602cd 1295 struct mgmt_pending_cmd *cmd, *tmp;
eec8d2bc 1296
a3d09356 1297 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1298 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1299 continue;
1300
eec8d2bc
JH		 1301 cb(cmd, data);
1302 }
1303}
1304
3b0602cd 1305static void mgmt_pending_remove(struct mgmt_pending_cmd *cmd)
73f22f62 1306{
73f22f62
JH		 1307 list_del(&cmd->list);
1308 mgmt_pending_free(cmd);
1309}
1310
69ab39ea 1311static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1312{
69ab39ea 1313 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1314
2a1afb5a
JH		 1315 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1316 sizeof(settings));
8680570b
JH		 1317}
1318
1904a853 1319static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1320{
1321 BT_DBG("%s status 0x%02x", hdev->name, status);
1322
a3172b7e
JH		 1323 if (hci_conn_count(hdev) == 0) {
1324 cancel_delayed_work(&hdev->power_off);
8b064a3a 1325 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1326 }
8b064a3a
JH		 1327}
1328
23a48093 1329static bool hci_stop_discovery(struct hci_request *req)
21a60d30
JH		 1330{
1331 struct hci_dev *hdev = req->hdev;
1332 struct hci_cp_remote_name_req_cancel cp;
1333 struct inquiry_entry *e;
1334
1335 switch (hdev->discovery.state) {
1336 case DISCOVERY_FINDING:
1337 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1338 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1339 } else {
1340 cancel_delayed_work(&hdev->le_scan_disable);
1341 hci_req_add_le_scan_disable(req);
1342 }
1343
23a48093 1344 return true;
21a60d30
JH		 1345
1346 case DISCOVERY_RESOLVING:
1347 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1348 NAME_PENDING);
1349 if (!e)
23a48093 1350 break;
21a60d30
JH		 1351
1352 bacpy(&cp.bdaddr, &e->data.bdaddr);
1353 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1354 &cp);
1355
23a48093 1356 return true;
21a60d30
JH		 1357
1358 default:
1359 /* Passive scanning */
d7a5a11d 1360 if (hci_dev_test_flag(hdev, HCI_LE_SCAN)) {
21a60d30 1361 hci_req_add_le_scan_disable(req);
23a48093
JH		 1362 return true;
1363 }
1364
21a60d30
JH		 1365 break;
1366 }
23a48093
JH		 1367
1368 return false;
21a60d30
JH		 1369}
1370
8b064a3a
JH		 1371static int clean_up_hci_state(struct hci_dev *hdev)
1372{
1373 struct hci_request req;
1374 struct hci_conn *conn;
23a48093
JH		 1375 bool discov_stopped;
1376 int err;
8b064a3a
JH		 1377
1378 hci_req_init(&req, hdev);
1379
1380 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1381 test_bit(HCI_PSCAN, &hdev->flags)) {
1382 u8 scan = 0x00;
1383 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1384 }
1385
d7a5a11d 1386 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
8b064a3a
JH		 1387 disable_advertising(&req);
1388
23a48093 1389 discov_stopped = hci_stop_discovery(&req);
8b064a3a
JH		 1390
1391 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1392 struct hci_cp_disconnect dc;
c9910d0f
JH		 1393 struct hci_cp_reject_conn_req rej;
1394
1395 switch (conn->state) {
1396 case BT_CONNECTED:
1397 case BT_CONFIG:
1398 dc.handle = cpu_to_le16(conn->handle);
1399 dc.reason = 0x15; /* Terminated due to Power Off */
1400 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1401 break;
1402 case BT_CONNECT:
1403 if (conn->type == LE_LINK)
1404 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1405 0, NULL);
1406 else if (conn->type == ACL_LINK)
1407 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1408 6, &conn->dst);
1409 break;
1410 case BT_CONNECT2:
1411 bacpy(&rej.bdaddr, &conn->dst);
1412 rej.reason = 0x15; /* Terminated due to Power Off */
1413 if (conn->type == ACL_LINK)
1414 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1415 sizeof(rej), &rej);
1416 else if (conn->type == SCO_LINK)
1417 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1418 sizeof(rej), &rej);
1419 break;
1420 }
8b064a3a
JH		 1421 }
1422
23a48093
JH		 1423 err = hci_req_run(&req, clean_up_hci_complete);
1424 if (!err && discov_stopped)
1425 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1426
1427 return err;
8b064a3a
JH		 1428}
1429
bdb6d971 1430static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1431 u16 len)
eec8d2bc 1432{
650f726d 1433 struct mgmt_mode *cp = data;
3b0602cd 1434 struct mgmt_pending_cmd *cmd;
4b34ee78 1435 int err;
eec8d2bc 1436
bdb6d971 1437 BT_DBG("request for %s", hdev->name);
eec8d2bc 1438
a7e80f25 1439 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1440 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1441 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1442
09fd0de5 1443 hci_dev_lock(hdev);
eec8d2bc 1444
87b95ba6 1445 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1446 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1447 MGMT_STATUS_BUSY);
87b95ba6
JH		 1448 goto failed;
1449 }
1450
a69d8927 1451 if (hci_dev_test_and_clear_flag(hdev, HCI_AUTO_OFF)) {
f0d4b78a
MH		 1452 cancel_delayed_work(&hdev->power_off);
1453
1454 if (cp->val) {
a1d70450
JH		 1455 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1456 data, len);
1457 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1458 goto failed;
1459 }
1460 }
1461
4b34ee78 1462 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1463 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1464 goto failed;
1465 }
1466
2e58ef3e 1467 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1468 if (!cmd) {
1469 err = -ENOMEM;
eec8d2bc 1470 goto failed;
366a0336 1471 }
eec8d2bc 1472
8b064a3a 1473 if (cp->val) {
19202573 1474 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1475 err = 0;
1476 } else {
1477 /* Disconnect connections, stop scans, etc */
1478 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1479 if (!err)
1480 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1481 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1482
8b064a3a
JH		 1483 /* ENODATA means there were no HCI commands queued */
1484 if (err == -ENODATA) {
a3172b7e 1485 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1486 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1487 err = 0;
1488 }
1489 }
eec8d2bc
JH		 1490
1491failed:
09fd0de5 1492 hci_dev_unlock(hdev);
366a0336 1493 return err;
eec8d2bc
JH		 1494}
1495
beadb2bd
JH		 1496static int new_settings(struct hci_dev *hdev, struct sock *skip)
1497{
1498 __le32 ev;
1499
1500 ev = cpu_to_le32(get_current_settings(hdev));
1501
1502 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1503}
1504
91a668b0
JH		 1505int mgmt_new_settings(struct hci_dev *hdev)
1506{
1507 return new_settings(hdev, NULL);
1508}
1509
bd99abdd
JH		 1510struct cmd_lookup {
1511 struct sock *sk;
1512 struct hci_dev *hdev;
1513 u8 mgmt_status;
1514};
1515
3b0602cd 1516static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1517{
1518 struct cmd_lookup *match = data;
1519
1520 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1521
1522 list_del(&cmd->list);
1523
1524 if (match->sk == NULL) {
1525 match->sk = cmd->sk;
1526 sock_hold(match->sk);
1527 }
1528
1529 mgmt_pending_free(cmd);
1530}
1531
3b0602cd 1532static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1533{
1534 u8 *status = data;
1535
a69e8375 1536 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1537 mgmt_pending_remove(cmd);
1538}
1539
3b0602cd 1540static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1541{
1542 if (cmd->cmd_complete) {
1543 u8 *status = data;
1544
1545 cmd->cmd_complete(cmd, *status);
1546 mgmt_pending_remove(cmd);
1547
1548 return;
1549 }
1550
1551 cmd_status_rsp(cmd, data);
1552}
1553
3b0602cd 1554static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1555{
2a1afb5a
JH		 1556 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1557 cmd->param, cmd->param_len);
f5818c22
JH		 1558}
1559
3b0602cd 1560static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1561{
2a1afb5a
JH		 1562 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1563 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1564}
1565
e6fe7986
JH		 1566static u8 mgmt_bredr_support(struct hci_dev *hdev)
1567{
1568 if (!lmp_bredr_capable(hdev))
1569 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1570 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1571 return MGMT_STATUS_REJECTED;
1572 else
1573 return MGMT_STATUS_SUCCESS;
1574}
1575
1576static u8 mgmt_le_support(struct hci_dev *hdev)
1577{
1578 if (!lmp_le_capable(hdev))
1579 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1580 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1581 return MGMT_STATUS_REJECTED;
1582 else
1583 return MGMT_STATUS_SUCCESS;
1584}
1585
1904a853
MH		 1586static void set_discoverable_complete(struct hci_dev *hdev, u8 status,
1587 u16 opcode)
bfaf8c9f 1588{
3b0602cd 1589 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1590 struct mgmt_mode *cp;
970ba524 1591 struct hci_request req;
bfaf8c9f
JH		 1592 bool changed;
1593
1594 BT_DBG("status 0x%02x", status);
1595
1596 hci_dev_lock(hdev);
1597
1598 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1599 if (!cmd)
1600 goto unlock;
1601
1602 if (status) {
1603 u8 mgmt_err = mgmt_status(status);
a69e8375 1604 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1605 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1606 goto remove_cmd;
1607 }
1608
1609 cp = cmd->param;
d4462a07 1610 if (cp->val) {
238be788 1611 changed = !hci_dev_test_and_set_flag(hdev, HCI_DISCOVERABLE);
d4462a07
MH		 1612
1613 if (hdev->discov_timeout > 0) {
1614 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1615 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1616 to);
1617 }
1618 } else {
a69d8927 1619 changed = hci_dev_test_and_clear_flag(hdev, HCI_DISCOVERABLE);
d4462a07 1620 }
bfaf8c9f
JH		 1621
1622 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1623
1624 if (changed)
1625 new_settings(hdev, cmd->sk);
1626
970ba524
MH		 1627 /* When the discoverable mode gets changed, make sure
1628 * that class of device has the limited discoverable
432df05e
JH		 1629 * bit correctly set. Also update page scan based on whitelist
1630 * entries.
970ba524
MH		 1631 */
1632 hci_req_init(&req, hdev);
1d2dc5b7 1633 __hci_update_page_scan(&req);
970ba524
MH		 1634 update_class(&req);
1635 hci_req_run(&req, NULL);
1636
bfaf8c9f
JH		 1637remove_cmd:
1638 mgmt_pending_remove(cmd);
1639
1640unlock:
1641 hci_dev_unlock(hdev);
1642}
1643
bdb6d971 1644static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1645 u16 len)
73f22f62 1646{
650f726d 1647 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1648 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1649 struct hci_request req;
5e5282bb 1650 u16 timeout;
9a43e25f 1651 u8 scan;
73f22f62
JH		 1652 int err;
1653
bdb6d971 1654 BT_DBG("request for %s", hdev->name);
73f22f62 1655
d7a5a11d
MH		 1656 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1657 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1659 MGMT_STATUS_REJECTED);
33c525c0 1660
310a3d48 1661 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1663 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1664
1f350c87 1665 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1666
1667 /* Disabling discoverable requires that no timeout is set,
1668 * and enabling limited discoverable requires a timeout.
1669 */
1670 if ((cp->val == 0x00 && timeout > 0) ||
1671 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1672 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1673 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1674
09fd0de5 1675 hci_dev_lock(hdev);
73f22f62 1676
5e5282bb 1677 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1678 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1679 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1680 goto failed;
1681 }
1682
2e58ef3e 1683 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1684 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1685 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1686 MGMT_STATUS_BUSY);
73f22f62
JH		 1687 goto failed;
1688 }
1689
d7a5a11d 1690 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1691 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1692 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1693 goto failed;
1694 }
1695
1696 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1697 bool changed = false;
1698
310a3d48
MH		 1699 /* Setting limited discoverable when powered off is
1700 * not a valid operation since it requires a timeout
1701 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1702 */
d7a5a11d 1703 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1704 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1705 changed = true;
1706 }
1707
5e5282bb 1708 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1709 if (err < 0)
1710 goto failed;
1711
1712 if (changed)
1713 err = new_settings(hdev, sk);
1714
5e5282bb
JH		 1715 goto failed;
1716 }
1717
310a3d48
MH		 1718 /* If the current mode is the same, then just update the timeout
1719 * value with the new value. And if only the timeout gets updated,
1720 * then no need for any HCI transactions.
1721 */
d7a5a11d
MH		 1722 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1723 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1724 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1725 cancel_delayed_work(&hdev->discov_off);
1726 hdev->discov_timeout = timeout;
955638ec 1727
36261547
MH		 1728 if (cp->val && hdev->discov_timeout > 0) {
1729 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1730 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1731 to);
955638ec
MH		 1732 }
1733
69ab39ea 1734 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1735 goto failed;
1736 }
1737
2e58ef3e 1738 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1739 if (!cmd) {
1740 err = -ENOMEM;
73f22f62 1741 goto failed;
366a0336 1742 }
73f22f62 1743
310a3d48
MH		 1744 /* Cancel any potential discoverable timeout that might be
1745 * still active and store new timeout value. The arming of
1746 * the timeout happens in the complete handler.
1747 */
1748 cancel_delayed_work(&hdev->discov_off);
1749 hdev->discov_timeout = timeout;
1750
b456f87c
JH		 1751 /* Limited discoverable mode */
1752 if (cp->val == 0x02)
a1536da2 1753 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1754 else
a358dc11 1755 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1756
bfaf8c9f
JH		 1757 hci_req_init(&req, hdev);
1758
9a43e25f
JH		 1759 /* The procedure for LE-only controllers is much simpler - just
1760 * update the advertising data.
1761 */
d7a5a11d 1762 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
9a43e25f
JH		 1763 goto update_ad;
1764
73f22f62
JH		 1765 scan = SCAN_PAGE;
1766
310a3d48
MH		 1767 if (cp->val) {
1768 struct hci_cp_write_current_iac_lap hci_cp;
1769
1770 if (cp->val == 0x02) {
1771 /* Limited discoverable mode */
33337dcb 1772 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1773 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1774 hci_cp.iac_lap[1] = 0x8b;
1775 hci_cp.iac_lap[2] = 0x9e;
1776 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1777 hci_cp.iac_lap[4] = 0x8b;
1778 hci_cp.iac_lap[5] = 0x9e;
1779 } else {
1780 /* General discoverable mode */
310a3d48
MH		 1781 hci_cp.num_iac = 1;
1782 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1783 hci_cp.iac_lap[1] = 0x8b;
1784 hci_cp.iac_lap[2] = 0x9e;
1785 }
1786
1787 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1788 (hci_cp.num_iac * 3) + 1, &hci_cp);
1789
73f22f62 1790 scan |= SCAN_INQUIRY;
310a3d48 1791 } else {
a358dc11 1792 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
310a3d48 1793 }
73f22f62 1794
310a3d48 1795 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1796
9a43e25f
JH		 1797update_ad:
1798 update_adv_data(&req);
1799
bfaf8c9f 1800 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1801 if (err < 0)
a664b5bc 1802 mgmt_pending_remove(cmd);
73f22f62
JH		 1803
1804failed:
09fd0de5 1805 hci_dev_unlock(hdev);
73f22f62
JH		 1806 return err;
1807}
1808
406d7804
JH		 1809static void write_fast_connectable(struct hci_request *req, bool enable)
1810{
bd98b996 1811 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1812 struct hci_cp_write_page_scan_activity acp;
1813 u8 type;
1814
d7a5a11d 1815 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
547003b1
JH		 1816 return;
1817
4c01f8b8
JH		 1818 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1819 return;
1820
406d7804
JH		 1821 if (enable) {
1822 type = PAGE_SCAN_TYPE_INTERLACED;
1823
1824 /* 160 msec page scan interval */
dcf4adbf 1825 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1826 } else {
1827 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1828
1829 /* default 1.28 sec page scan */
dcf4adbf 1830 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1831 }
1832
dcf4adbf 1833 acp.window = cpu_to_le16(0x0012);
406d7804 1834
bd98b996
JH		 1835 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1836 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1837 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1838 sizeof(acp), &acp);
1839
1840 if (hdev->page_scan_type != type)
1841 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1842}
1843
1904a853
MH		 1844static void set_connectable_complete(struct hci_dev *hdev, u8 status,
1845 u16 opcode)
2b76f453 1846{
3b0602cd 1847 struct mgmt_pending_cmd *cmd;
d7b856f9 1848 struct mgmt_mode *cp;
bc6d2d04 1849 bool conn_changed, discov_changed;
2b76f453
JH		 1850
1851 BT_DBG("status 0x%02x", status);
1852
1853 hci_dev_lock(hdev);
1854
1855 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1856 if (!cmd)
1857 goto unlock;
1858
37438c1f
JH		 1859 if (status) {
1860 u8 mgmt_err = mgmt_status(status);
a69e8375 1861 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1862 goto remove_cmd;
1863 }
1864
d7b856f9 1865 cp = cmd->param;
bc6d2d04 1866 if (cp->val) {
238be788
MH		 1867 conn_changed = !hci_dev_test_and_set_flag(hdev,
1868 HCI_CONNECTABLE);
bc6d2d04
JH		 1869 discov_changed = false;
1870 } else {
a69d8927
MH		 1871 conn_changed = hci_dev_test_and_clear_flag(hdev,
1872 HCI_CONNECTABLE);
1873 discov_changed = hci_dev_test_and_clear_flag(hdev,
1874 HCI_DISCOVERABLE);
bc6d2d04 1875 }
d7b856f9 1876
2b76f453
JH		 1877 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1878
bc6d2d04 1879 if (conn_changed || discov_changed) {
d7b856f9 1880 new_settings(hdev, cmd->sk);
1d2dc5b7 1881 hci_update_page_scan(hdev);
bc6d2d04
JH		 1882 if (discov_changed)
1883 mgmt_update_adv_data(hdev);
2b7be33e
JH		 1884 hci_update_background_scan(hdev);
1885 }
d7b856f9 1886
37438c1f 1887remove_cmd:
2b76f453
JH		 1888 mgmt_pending_remove(cmd);
1889
1890unlock:
1891 hci_dev_unlock(hdev);
1892}
1893
e8ba3a1f
JH		 1894static int set_connectable_update_settings(struct hci_dev *hdev,
1895 struct sock *sk, u8 val)
1896{
1897 bool changed = false;
1898 int err;
1899
d7a5a11d 1900 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1901 changed = true;
1902
1903 if (val) {
a1536da2 1904 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1905 } else {
a358dc11
MH		 1906 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1907 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1908 }
1909
1910 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1911 if (err < 0)
1912 return err;
1913
562064e6 1914 if (changed) {
1d2dc5b7 1915 hci_update_page_scan(hdev);
562064e6 1916 hci_update_background_scan(hdev);
e8ba3a1f 1917 return new_settings(hdev, sk);
562064e6 1918 }
e8ba3a1f
JH		 1919
1920 return 0;
1921}
1922
bdb6d971 1923static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1924 u16 len)
9fbcbb45 1925{
650f726d 1926 struct mgmt_mode *cp = data;
3b0602cd 1927 struct mgmt_pending_cmd *cmd;
2b76f453 1928 struct hci_request req;
1987fdc7 1929 u8 scan;
9fbcbb45
JH		 1930 int err;
1931
bdb6d971 1932 BT_DBG("request for %s", hdev->name);
9fbcbb45 1933
d7a5a11d
MH		 1934 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1935 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1936 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1937 MGMT_STATUS_REJECTED);
33c525c0 1938
a7e80f25 1939 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1940 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1941 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1942
09fd0de5 1943 hci_dev_lock(hdev);
9fbcbb45 1944
4b34ee78 1945 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1946 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1947 goto failed;
1948 }
1949
2e58ef3e 1950 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1951 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1952 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1953 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1954 goto failed;
1955 }
1956
2e58ef3e 1957 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1958 if (!cmd) {
1959 err = -ENOMEM;
9fbcbb45 1960 goto failed;
366a0336 1961 }
9fbcbb45 1962
9b74246f 1963 hci_req_init(&req, hdev);
9fbcbb45 1964
9a43e25f
JH		 1965 /* If BR/EDR is not enabled and we disable advertising as a
1966 * by-product of disabling connectable, we need to update the
1967 * advertising flags.
1968 */
d7a5a11d 1969 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
9a43e25f 1970 if (!cp->val) {
a358dc11
MH		 1971 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1972 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
9a43e25f
JH		 1973 }
1974 update_adv_data(&req);
1975 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1976 if (cp->val) {
1977 scan = SCAN_PAGE;
1978 } else {
3bd27240
JH		 1979 /* If we don't have any whitelist entries just
1980 * disable all scanning. If there are entries
1981 * and we had both page and inquiry scanning
1982 * enabled then fall back to only page scanning.
1983 * Otherwise no changes are needed.
1984 */
1985 if (list_empty(&hdev->whitelist))
1986 scan = SCAN_DISABLED;
1987 else if (test_bit(HCI_ISCAN, &hdev->flags))
1988 scan = SCAN_PAGE;
1989 else
1990 goto no_scan_update;
9b74246f
JH		 1991
1992 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1993 hdev->discov_timeout > 0)
9b74246f
JH		 1994 cancel_delayed_work(&hdev->discov_off);
1995 }
2b76f453 1996
9b74246f
JH		 1997 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1998 }
2b76f453 1999
3bd27240 2000no_scan_update:
e8b1202c 2001 /* Update the advertising parameters if necessary */
d7a5a11d 2002 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
1987fdc7 2003 enable_advertising(&req);
1987fdc7 2004
2b76f453 2005 err = hci_req_run(&req, set_connectable_complete);
9b74246f 2006 if (err < 0) {
a664b5bc 2007 mgmt_pending_remove(cmd);
9b74246f 2008 if (err == -ENODATA)
a81070ba
JH		 2009 err = set_connectable_update_settings(hdev, sk,
2010 cp->val);
9b74246f
JH		 2011 goto failed;
2012 }
9fbcbb45
JH		 2013
2014failed:
09fd0de5 2015 hci_dev_unlock(hdev);
9fbcbb45
JH		 2016 return err;
2017}
2018
b2939475 2019static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2020 u16 len)
c542a06c 2021{
650f726d 2022 struct mgmt_mode *cp = data;
55594356 2023 bool changed;
c542a06c
JH		 2024 int err;
2025
bdb6d971 2026 BT_DBG("request for %s", hdev->name);
c542a06c 2027
a7e80f25 2028 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
2030 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2031
09fd0de5 2032 hci_dev_lock(hdev);
c542a06c
JH		 2033
2034 if (cp->val)
238be788 2035 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 2036 else
a69d8927 2037 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 2038
b2939475 2039 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 2040 if (err < 0)
55594356 2041 goto unlock;
c542a06c 2042
55594356
MH		 2043 if (changed)
2044 err = new_settings(hdev, sk);
c542a06c 2045
55594356 2046unlock:
09fd0de5 2047 hci_dev_unlock(hdev);
c542a06c
JH		 2048 return err;
2049}
2050
04124681
GP		 2051static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
2052 u16 len)
33ef95ed
JH		 2053{
2054 struct mgmt_mode *cp = data;
3b0602cd 2055 struct mgmt_pending_cmd *cmd;
e6fe7986 2056 u8 val, status;
33ef95ed
JH		 2057 int err;
2058
bdb6d971 2059 BT_DBG("request for %s", hdev->name);
33ef95ed 2060
e6fe7986
JH		 2061 status = mgmt_bredr_support(hdev);
2062 if (status)
a69e8375
JH		 2063 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2064 status);
33c525c0 2065
a7e80f25 2066 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2067 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2068 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2069
33ef95ed
JH		 2070 hci_dev_lock(hdev);
2071
4b34ee78 2072 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 2073 bool changed = false;
2074
d7a5a11d 2075 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 2076 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 2077 changed = true;
2078 }
2079
2080 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2081 if (err < 0)
2082 goto failed;
2083
2084 if (changed)
2085 err = new_settings(hdev, sk);
2086
33ef95ed
JH		 2087 goto failed;
2088 }
2089
2090 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 2091 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
2092 MGMT_STATUS_BUSY);
33ef95ed
JH		 2093 goto failed;
2094 }
2095
2096 val = !!cp->val;
2097
2098 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
2099 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
2100 goto failed;
2101 }
2102
2103 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
2104 if (!cmd) {
2105 err = -ENOMEM;
2106 goto failed;
2107 }
2108
2109 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
2110 if (err < 0) {
2111 mgmt_pending_remove(cmd);
2112 goto failed;
2113 }
2114
2115failed:
2116 hci_dev_unlock(hdev);
33ef95ed
JH		 2117 return err;
2118}
2119
bdb6d971 2120static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 2121{
2122 struct mgmt_mode *cp = data;
3b0602cd 2123 struct mgmt_pending_cmd *cmd;
72ef0c1a 2124 u8 status;
ed2c4ee3
JH		 2125 int err;
2126
bdb6d971 2127 BT_DBG("request for %s", hdev->name);
ed2c4ee3 2128
cdba5281
MH		 2129 status = mgmt_bredr_support(hdev);
2130 if (status)
a69e8375 2131 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 2132
13ecd8b6 2133 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2134 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2135 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 2136
a7e80f25 2137 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2138 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2139 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2140
13ecd8b6 2141 hci_dev_lock(hdev);
6c8f12c1 2142
4b34ee78 2143 if (!hdev_is_powered(hdev)) {
9ecb3e24 2144 bool changed;
c0ecddc2 2145
9ecb3e24 2146 if (cp->val) {
238be788
MH		 2147 changed = !hci_dev_test_and_set_flag(hdev,
2148 HCI_SSP_ENABLED);
9ecb3e24 2149 } else {
a69d8927
MH		 2150 changed = hci_dev_test_and_clear_flag(hdev,
2151 HCI_SSP_ENABLED);
9ecb3e24 2152 if (!changed)
a69d8927
MH		 2153 changed = hci_dev_test_and_clear_flag(hdev,
2154 HCI_HS_ENABLED);
9ecb3e24 2155 else
a358dc11 2156 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2157 }
2158
2159 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2160 if (err < 0)
2161 goto failed;
2162
2163 if (changed)
2164 err = new_settings(hdev, sk);
2165
ed2c4ee3
JH		 2166 goto failed;
2167 }
2168
94d52dad 2169 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2170 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2171 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2172 goto failed;
2173 }
2174
d7a5a11d 2175 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2176 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2177 goto failed;
2178 }
2179
2180 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2181 if (!cmd) {
2182 err = -ENOMEM;
2183 goto failed;
2184 }
2185
d7a5a11d 2186 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 2187 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2188 sizeof(cp->val), &cp->val);
2189
72ef0c1a 2190 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2191 if (err < 0) {
2192 mgmt_pending_remove(cmd);
2193 goto failed;
2194 }
2195
2196failed:
2197 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2198 return err;
2199}
2200
bdb6d971 2201static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2202{
2203 struct mgmt_mode *cp = data;
ee392693 2204 bool changed;
e6fe7986 2205 u8 status;
ee392693 2206 int err;
6d80dfd0 2207
bdb6d971 2208 BT_DBG("request for %s", hdev->name);
6d80dfd0 2209
e6fe7986
JH		 2210 status = mgmt_bredr_support(hdev);
2211 if (status)
a69e8375 2212 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2213
9ecb3e24 2214 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2215 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2216 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2217
d7a5a11d 2218 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2219 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2220 MGMT_STATUS_REJECTED);
9ecb3e24 2221
a7e80f25 2222 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2223 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2224 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2225
ee392693
MH		 2226 hci_dev_lock(hdev);
2227
a2cb01de 2228 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2229 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2230 MGMT_STATUS_BUSY);
a2cb01de
JH		 2231 goto unlock;
2232 }
2233
a0cdf960 2234 if (cp->val) {
238be788 2235 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2236 } else {
2237 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2238 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2239 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2240 goto unlock;
2241 }
2242
a69d8927 2243 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2244 }
ee392693
MH		 2245
2246 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2247 if (err < 0)
2248 goto unlock;
2249
2250 if (changed)
2251 err = new_settings(hdev, sk);
6d80dfd0 2252
ee392693
MH		 2253unlock:
2254 hci_dev_unlock(hdev);
2255 return err;
6d80dfd0
JH		 2256}
2257
1904a853 2258static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 2259{
2260 struct cmd_lookup match = { NULL, hdev };
2261
3ad67582
JK		 2262 hci_dev_lock(hdev);
2263
416a4ae5
JH		 2264 if (status) {
2265 u8 mgmt_err = mgmt_status(status);
2266
2267 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2268 &mgmt_err);
3ad67582 2269 goto unlock;
416a4ae5
JH		 2270 }
2271
2272 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2273
2274 new_settings(hdev, match.sk);
2275
2276 if (match.sk)
2277 sock_put(match.sk);
441ad2d0
MH		 2278
2279 /* Make sure the controller has a good default for
2280 * advertising data. Restrict the update to when LE
2281 * has actually been enabled. During power on, the
2282 * update in powered_update_hci will take care of it.
2283 */
d7a5a11d 2284 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0
MH		 2285 struct hci_request req;
2286
441ad2d0 2287 hci_req_init(&req, hdev);
5947f4bc 2288 update_adv_data(&req);
f14d8f64 2289 update_scan_rsp_data(&req);
2cf22218 2290 __hci_update_background_scan(&req);
441ad2d0 2291 hci_req_run(&req, NULL);
441ad2d0 2292 }
3ad67582
JK		 2293
2294unlock:
2295 hci_dev_unlock(hdev);
416a4ae5
JH		 2296}
2297
bdb6d971 2298static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2299{
2300 struct mgmt_mode *cp = data;
2301 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 2302 struct mgmt_pending_cmd *cmd;
416a4ae5 2303 struct hci_request req;
06199cf8 2304 int err;
0b60eba1 2305 u8 val, enabled;
06199cf8 2306
bdb6d971 2307 BT_DBG("request for %s", hdev->name);
06199cf8 2308
13ecd8b6 2309 if (!lmp_le_capable(hdev))
a69e8375
JH		 2310 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2311 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2312
a7e80f25 2313 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2315 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2316
c73eee91 2317 /* LE-only devices do not allow toggling LE on/off */
d7a5a11d 2318 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 2319 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2320 MGMT_STATUS_REJECTED);
c73eee91 2321
13ecd8b6 2322 hci_dev_lock(hdev);
06199cf8
JH		 2323
2324 val = !!cp->val;
ffa88e02 2325 enabled = lmp_host_le_capable(hdev);
06199cf8 2326
0b60eba1 2327 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2328 bool changed = false;
2329
d7a5a11d 2330 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2331 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2332 changed = true;
2333 }
2334
d7a5a11d 2335 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2336 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2337 changed = true;
2338 }
2339
06199cf8
JH		 2340 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2341 if (err < 0)
1de028ce 2342 goto unlock;
06199cf8
JH		 2343
2344 if (changed)
2345 err = new_settings(hdev, sk);
2346
1de028ce 2347 goto unlock;
06199cf8
JH		 2348 }
2349
4375f103
JH		 2350 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2351 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2352 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2353 MGMT_STATUS_BUSY);
1de028ce 2354 goto unlock;
06199cf8
JH		 2355 }
2356
2357 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2358 if (!cmd) {
2359 err = -ENOMEM;
1de028ce 2360 goto unlock;
06199cf8
JH		 2361 }
2362
441ad2d0
MH		 2363 hci_req_init(&req, hdev);
2364
06199cf8
JH		 2365 memset(&hci_cp, 0, sizeof(hci_cp));
2366
2367 if (val) {
2368 hci_cp.le = val;
32226e4f 2369 hci_cp.simul = 0x00;
441ad2d0 2370 } else {
d7a5a11d 2371 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
441ad2d0 2372 disable_advertising(&req);
06199cf8
JH		 2373 }
2374
416a4ae5
JH		 2375 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2376 &hci_cp);
2377
2378 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2379 if (err < 0)
06199cf8 2380 mgmt_pending_remove(cmd);
06199cf8 2381
1de028ce
JH		 2382unlock:
2383 hci_dev_unlock(hdev);
06199cf8
JH		 2384 return err;
2385}
2386
0cab9c80
JH		 2387/* This is a helper function to test for pending mgmt commands that can
2388 * cause CoD or EIR HCI commands. We can only allow one such pending
2389 * mgmt command at a time since otherwise we cannot easily track what
2390 * the current values are, will be, and based on that calculate if a new
2391 * HCI command needs to be sent and if yes with what value.
2392 */
2393static bool pending_eir_or_class(struct hci_dev *hdev)
2394{
3b0602cd 2395 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2396
2397 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2398 switch (cmd->opcode) {
2399 case MGMT_OP_ADD_UUID:
2400 case MGMT_OP_REMOVE_UUID:
2401 case MGMT_OP_SET_DEV_CLASS:
2402 case MGMT_OP_SET_POWERED:
2403 return true;
2404 }
2405 }
2406
2407 return false;
2408}
2409
83be8eca
JH		 2410static const u8 bluetooth_base_uuid[] = {
2411 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2412 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2413};
2414
2415static u8 get_uuid_size(const u8 *uuid)
2416{
2417 u32 val;
2418
2419 if (memcmp(uuid, bluetooth_base_uuid, 12))
2420 return 128;
2421
2422 val = get_unaligned_le32(&uuid[12]);
2423 if (val > 0xffff)
2424 return 32;
2425
2426 return 16;
2427}
2428
92da6097
JH		 2429static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2430{
3b0602cd 2431 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2432
2433 hci_dev_lock(hdev);
2434
2435 cmd = mgmt_pending_find(mgmt_op, hdev);
2436 if (!cmd)
2437 goto unlock;
2438
2a1afb5a
JH		 2439 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2440 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2441
2442 mgmt_pending_remove(cmd);
2443
2444unlock:
2445 hci_dev_unlock(hdev);
2446}
2447
1904a853 2448static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2449{
2450 BT_DBG("status 0x%02x", status);
2451
2452 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2453}
2454
bdb6d971 2455static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2456{
650f726d 2457 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2458 struct mgmt_pending_cmd *cmd;
890ea898 2459 struct hci_request req;
2aeb9a1a 2460 struct bt_uuid *uuid;
2aeb9a1a
JH		 2461 int err;
2462
bdb6d971 2463 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2464
09fd0de5 2465 hci_dev_lock(hdev);
2aeb9a1a 2466
0cab9c80 2467 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2468 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2469 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2470 goto failed;
2471 }
2472
92c4c204 2473 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2474 if (!uuid) {
2475 err = -ENOMEM;
2476 goto failed;
2477 }
2478
2479 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2480 uuid->svc_hint = cp->svc_hint;
83be8eca 2481 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2482
de66aa63 2483 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2484
890ea898 2485 hci_req_init(&req, hdev);
1aff6f09 2486
890ea898
JH		 2487 update_class(&req);
2488 update_eir(&req);
2489
92da6097
JH		 2490 err = hci_req_run(&req, add_uuid_complete);
2491 if (err < 0) {
2492 if (err != -ENODATA)
2493 goto failed;
80a1e1db 2494
2a1afb5a
JH		 2495 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2496 hdev->dev_class, 3);
90e70454
JH		 2497 goto failed;
2498 }
2499
2500 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2501 if (!cmd) {
90e70454 2502 err = -ENOMEM;
890ea898
JH		 2503 goto failed;
2504 }
2505
2506 err = 0;
2aeb9a1a
JH		 2507
2508failed:
09fd0de5 2509 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2510 return err;
2511}
2512
24b78d0f
JH		 2513static bool enable_service_cache(struct hci_dev *hdev)
2514{
2515 if (!hdev_is_powered(hdev))
2516 return false;
2517
238be788 2518 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2519 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2520 CACHE_TIMEOUT);
24b78d0f
JH		 2521 return true;
2522 }
2523
2524 return false;
2525}
2526
1904a853 2527static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2528{
2529 BT_DBG("status 0x%02x", status);
2530
2531 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2532}
2533
bdb6d971 2534static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2535 u16 len)
2aeb9a1a 2536{
650f726d 2537 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2538 struct mgmt_pending_cmd *cmd;
056341c8 2539 struct bt_uuid *match, *tmp;
2aeb9a1a 2540 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2541 struct hci_request req;
2aeb9a1a
JH		 2542 int err, found;
2543
bdb6d971 2544 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2545
09fd0de5 2546 hci_dev_lock(hdev);
2aeb9a1a 2547
0cab9c80 2548 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2549 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2550 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2551 goto unlock;
2552 }
2553
2aeb9a1a 2554 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2555 hci_uuids_clear(hdev);
4004b6d9 2556
24b78d0f 2557 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2558 err = mgmt_cmd_complete(sk, hdev->id,
2559 MGMT_OP_REMOVE_UUID,
2560 0, hdev->dev_class, 3);
24b78d0f
JH		 2561 goto unlock;
2562 }
4004b6d9 2563
9246a869 2564 goto update_class;
2aeb9a1a
JH		 2565 }
2566
2567 found = 0;
2568
056341c8 2569 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2570 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2571 continue;
2572
2573 list_del(&match->list);
482049f7 2574 kfree(match);
2aeb9a1a
JH		 2575 found++;
2576 }
2577
2578 if (found == 0) {
a69e8375
JH		 2579 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2580 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2581 goto unlock;
2582 }
2583
9246a869 2584update_class:
890ea898 2585 hci_req_init(&req, hdev);
1aff6f09 2586
890ea898
JH		 2587 update_class(&req);
2588 update_eir(&req);
2589
92da6097
JH		 2590 err = hci_req_run(&req, remove_uuid_complete);
2591 if (err < 0) {
2592 if (err != -ENODATA)
2593 goto unlock;
80a1e1db 2594
2a1afb5a
JH		 2595 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2596 hdev->dev_class, 3);
90e70454
JH		 2597 goto unlock;
2598 }
2599
2600 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2601 if (!cmd) {
90e70454 2602 err = -ENOMEM;
890ea898
JH		 2603 goto unlock;
2604 }
2605
2606 err = 0;
2aeb9a1a
JH		 2607
2608unlock:
09fd0de5 2609 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2610 return err;
2611}
2612
1904a853 2613static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2614{
2615 BT_DBG("status 0x%02x", status);
2616
2617 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2618}
2619
bdb6d971 2620static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2621 u16 len)
1aff6f09 2622{
650f726d 2623 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2624 struct mgmt_pending_cmd *cmd;
890ea898 2625 struct hci_request req;
1aff6f09
JH		 2626 int err;
2627
bdb6d971 2628 BT_DBG("request for %s", hdev->name);
1aff6f09 2629
6203fc98 2630 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2632 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2633
0cab9c80 2634 hci_dev_lock(hdev);
ee98f473 2635
0cab9c80 2636 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2637 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2638 MGMT_STATUS_BUSY);
0cab9c80
JH		 2639 goto unlock;
2640 }
c95f0ba7 2641
0cab9c80 2642 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2643 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2644 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2645 goto unlock;
2646 }
575b3a02 2647
932f5ff5
JH		 2648 hdev->major_class = cp->major;
2649 hdev->minor_class = cp->minor;
2650
b5235a65 2651 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2652 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2653 hdev->dev_class, 3);
b5235a65
JH		 2654 goto unlock;
2655 }
2656
890ea898
JH		 2657 hci_req_init(&req, hdev);
2658
a69d8927 2659 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2660 hci_dev_unlock(hdev);
2661 cancel_delayed_work_sync(&hdev->service_cache);
2662 hci_dev_lock(hdev);
890ea898 2663 update_eir(&req);
7d78525d 2664 }
14c0b608 2665
890ea898
JH		 2666 update_class(&req);
2667
92da6097
JH		 2668 err = hci_req_run(&req, set_class_complete);
2669 if (err < 0) {
2670 if (err != -ENODATA)
2671 goto unlock;
1aff6f09 2672
2a1afb5a
JH		 2673 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2674 hdev->dev_class, 3);
90e70454
JH		 2675 goto unlock;
2676 }
2677
2678 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2679 if (!cmd) {
90e70454 2680 err = -ENOMEM;
890ea898
JH		 2681 goto unlock;
2682 }
2683
2684 err = 0;
1aff6f09 2685
b5235a65 2686unlock:
09fd0de5 2687 hci_dev_unlock(hdev);
1aff6f09
JH		 2688 return err;
2689}
2690
bdb6d971 2691static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2692 u16 len)
55ed8ca1 2693{
650f726d 2694 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2695 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2696 sizeof(struct mgmt_link_key_info));
4e51eae9 2697 u16 key_count, expected_len;
b1de97d8 2698 bool changed;
a492cd52 2699 int i;
55ed8ca1 2700
9060d5cf
MH		 2701 BT_DBG("request for %s", hdev->name);
2702
2703 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2704 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2705 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2706
1f350c87 2707 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2708 if (key_count > max_key_count) {
2709 BT_ERR("load_link_keys: too big key_count value %u",
2710 key_count);
a69e8375
JH		 2711 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2712 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2713 }
55ed8ca1 2714
86742e1e
JH		 2715 expected_len = sizeof(*cp) + key_count *
2716 sizeof(struct mgmt_link_key_info);
a492cd52 2717 if (expected_len != len) {
86742e1e 2718 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2719 expected_len, len);
a69e8375
JH		 2720 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2721 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2722 }
2723
4ae14301 2724 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2725 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2726 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2727
bdb6d971 2728 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2729 key_count);
55ed8ca1 2730
4ee71b20
JH		 2731 for (i = 0; i < key_count; i++) {
2732 struct mgmt_link_key_info *key = &cp->keys[i];
2733
8e991132 2734 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2735 return mgmt_cmd_status(sk, hdev->id,
2736 MGMT_OP_LOAD_LINK_KEYS,
2737 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2738 }
2739
09fd0de5 2740 hci_dev_lock(hdev);
55ed8ca1
JH		 2741
2742 hci_link_keys_clear(hdev);
2743
55ed8ca1 2744 if (cp->debug_keys)
238be788 2745 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2746 else
a69d8927
MH		 2747 changed = hci_dev_test_and_clear_flag(hdev,
2748 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2749
2750 if (changed)
2751 new_settings(hdev, NULL);
55ed8ca1 2752
a492cd52 2753 for (i = 0; i < key_count; i++) {
86742e1e 2754 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2755
58e9293c
JH		 2756 /* Always ignore debug keys and require a new pairing if
2757 * the user wants to use them.
2758 */
2759 if (key->type == HCI_LK_DEBUG_COMBINATION)
2760 continue;
2761
7652ff6a
JH		 2762 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2763 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2764 }
2765
2a1afb5a 2766 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2767
09fd0de5 2768 hci_dev_unlock(hdev);
55ed8ca1 2769
a492cd52 2770 return 0;
55ed8ca1
JH		 2771}
2772
b1078ad0 2773static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2774 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2775{
2776 struct mgmt_ev_device_unpaired ev;
2777
2778 bacpy(&ev.addr.bdaddr, bdaddr);
2779 ev.addr.type = addr_type;
2780
2781 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2782 skip_sk);
b1078ad0
JH		 2783}
2784
bdb6d971 2785static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2786 u16 len)
55ed8ca1 2787{
124f6e35
JH		 2788 struct mgmt_cp_unpair_device *cp = data;
2789 struct mgmt_rp_unpair_device rp;
a8a1d19e 2790 struct hci_cp_disconnect dc;
3b0602cd 2791 struct mgmt_pending_cmd *cmd;
55ed8ca1 2792 struct hci_conn *conn;
55ed8ca1
JH		 2793 int err;
2794
a8a1d19e 2795 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2796 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2797 rp.addr.type = cp->addr.type;
a8a1d19e 2798
4ee71b20 2799 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2800 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2801 MGMT_STATUS_INVALID_PARAMS,
2802 &rp, sizeof(rp));
4ee71b20 2803
118da70b 2804 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2805 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2806 MGMT_STATUS_INVALID_PARAMS,
2807 &rp, sizeof(rp));
118da70b 2808
4ee71b20
JH		 2809 hci_dev_lock(hdev);
2810
86a8cfc6 2811 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2812 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2813 MGMT_STATUS_NOT_POWERED, &rp,
2814 sizeof(rp));
86a8cfc6
JH		 2815 goto unlock;
2816 }
2817
e0b2b27e 2818 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2819 /* If disconnection is requested, then look up the
2820 * connection. If the remote device is connected, it
2821 * will be later used to terminate the link.
2822 *
2823 * Setting it to NULL explicitly will cause no
2824 * termination of the link.
2825 */
2826 if (cp->disconnect)
2827 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2828 &cp->addr.bdaddr);
2829 else
2830 conn = NULL;
2831
124f6e35 2832 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2833 } else {
2834 u8 addr_type;
2835
89cbb063
AA		 2836 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
2837 &cp->addr.bdaddr);
2838 if (conn) {
2839 /* Defer clearing up the connection parameters
2840 * until closing to give a chance of keeping
2841 * them if a repairing happens.
2842 */
2843 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2844
2845 /* If disconnection is not requested, then
2846 * clear the connection variable so that the
2847 * link is not terminated.
2848 */
2849 if (!cp->disconnect)
2850 conn = NULL;
2851 }
2852
e0b2b27e
JH		 2853 if (cp->addr.type == BDADDR_LE_PUBLIC)
2854 addr_type = ADDR_LE_DEV_PUBLIC;
2855 else
2856 addr_type = ADDR_LE_DEV_RANDOM;
2857
a7ec7338
JH		 2858 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2859
e0b2b27e
JH		 2860 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2861 }
b0dbfb46 2862
55ed8ca1 2863 if (err < 0) {
2a1afb5a
JH		 2864 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2865 MGMT_STATUS_NOT_PAIRED, &rp,
2866 sizeof(rp));
55ed8ca1
JH		 2867 goto unlock;
2868 }
2869
89cbb063
AA		 2870 /* If the connection variable is set, then termination of the
2871 * link is requested.
2872 */
a8a1d19e 2873 if (!conn) {
2a1afb5a
JH		 2874 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2875 &rp, sizeof(rp));
b1078ad0 2876 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2877 goto unlock;
2878 }
55ed8ca1 2879
124f6e35 2880 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2881 sizeof(*cp));
a8a1d19e
JH		 2882 if (!cmd) {
2883 err = -ENOMEM;
2884 goto unlock;
55ed8ca1
JH		 2885 }
2886
d8b7b1e4
JH		 2887 cmd->cmd_complete = addr_cmd_complete;
2888
eb55ef07 2889 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2890 dc.reason = 0x13; /* Remote User Terminated Connection */
2891 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2892 if (err < 0)
2893 mgmt_pending_remove(cmd);
2894
55ed8ca1 2895unlock:
09fd0de5 2896 hci_dev_unlock(hdev);
55ed8ca1
JH		 2897 return err;
2898}
2899
bdb6d971 2900static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2901 u16 len)
8962ee74 2902{
650f726d 2903 struct mgmt_cp_disconnect *cp = data;
06a63b19 2904 struct mgmt_rp_disconnect rp;
3b0602cd 2905 struct mgmt_pending_cmd *cmd;
8962ee74 2906 struct hci_conn *conn;
8962ee74
JH		 2907 int err;
2908
2909 BT_DBG("");
2910
06a63b19
JH		 2911 memset(&rp, 0, sizeof(rp));
2912 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2913 rp.addr.type = cp->addr.type;
2914
4ee71b20 2915 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2916 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2917 MGMT_STATUS_INVALID_PARAMS,
2918 &rp, sizeof(rp));
4ee71b20 2919
09fd0de5 2920 hci_dev_lock(hdev);
8962ee74
JH		 2921
2922 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2923 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2924 MGMT_STATUS_NOT_POWERED, &rp,
2925 sizeof(rp));
8962ee74
JH		 2926 goto failed;
2927 }
2928
2e58ef3e 2929 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2930 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2931 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2932 goto failed;
2933 }
2934
591f47f3 2935 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2936 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2937 &cp->addr.bdaddr);
88c3df13
JH		 2938 else
2939 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2940
f960727e 2941 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2942 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2943 MGMT_STATUS_NOT_CONNECTED, &rp,
2944 sizeof(rp));
8962ee74
JH		 2945 goto failed;
2946 }
2947
2e58ef3e 2948 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2949 if (!cmd) {
2950 err = -ENOMEM;
8962ee74 2951 goto failed;
366a0336 2952 }
8962ee74 2953
f5818c22
JH		 2954 cmd->cmd_complete = generic_cmd_complete;
2955
e3f2f92a 2956 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2957 if (err < 0)
a664b5bc 2958 mgmt_pending_remove(cmd);
8962ee74
JH		 2959
2960failed:
09fd0de5 2961 hci_dev_unlock(hdev);
8962ee74
JH		 2962 return err;
2963}
2964
57c1477c 2965static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2966{
2967 switch (link_type) {
2968 case LE_LINK:
48264f06
JH		 2969 switch (addr_type) {
2970 case ADDR_LE_DEV_PUBLIC:
591f47f3 2971 return BDADDR_LE_PUBLIC;
0ed09148 2972
48264f06 2973 default:
0ed09148 2974 /* Fallback to LE Random address type */
591f47f3 2975 return BDADDR_LE_RANDOM;
48264f06 2976 }
0ed09148 2977
4c659c39 2978 default:
0ed09148 2979 /* Fallback to BR/EDR type */
591f47f3 2980 return BDADDR_BREDR;
4c659c39
JH		 2981 }
2982}
2983
04124681
GP		 2984static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2985 u16 data_len)
2784eb41 2986{
2784eb41 2987 struct mgmt_rp_get_connections *rp;
8035ded4 2988 struct hci_conn *c;
a38528f1 2989 size_t rp_len;
60fc5fb6
JH		 2990 int err;
2991 u16 i;
2784eb41
JH		 2992
2993 BT_DBG("");
2994
09fd0de5 2995 hci_dev_lock(hdev);
2784eb41 2996
5f97c1df 2997 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2998 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2999 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3000 goto unlock;
3001 }
3002
60fc5fb6 3003 i = 0;
b644ba33
JH		 3004 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3005 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3006 i++;
2784eb41
JH		 3007 }
3008
60fc5fb6 3009 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 3010 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 3011 if (!rp) {
2784eb41
JH		 3012 err = -ENOMEM;
3013 goto unlock;
3014 }
3015
2784eb41 3016 i = 0;
4c659c39 3017 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3018 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3019 continue;
4c659c39 3020 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3021 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3022 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3023 continue;
3024 i++;
3025 }
3026
eb55ef07 3027 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3028
4c659c39
JH		 3029 /* Recalculate length in case of filtered SCO connections, etc */
3030 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 3031
2a1afb5a
JH		 3032 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
3033 rp_len);
2784eb41 3034
a38528f1 3035 kfree(rp);
5f97c1df
JH		 3036
3037unlock:
09fd0de5 3038 hci_dev_unlock(hdev);
2784eb41
JH		 3039 return err;
3040}
3041
bdb6d971 3042static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3043 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3044{
3b0602cd 3045 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3046 int err;
3047
2e58ef3e 3048 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3049 sizeof(*cp));
96d97a67
WR		 3050 if (!cmd)
3051 return -ENOMEM;
3052
d8457698 3053 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3054 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3055 if (err < 0)
3056 mgmt_pending_remove(cmd);
3057
3058 return err;
3059}
3060
bdb6d971 3061static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3062 u16 len)
980e1a53 3063{
96d97a67 3064 struct hci_conn *conn;
650f726d 3065 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3066 struct hci_cp_pin_code_reply reply;
3b0602cd 3067 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3068 int err;
3069
3070 BT_DBG("");
3071
09fd0de5 3072 hci_dev_lock(hdev);
980e1a53 3073
4b34ee78 3074 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3075 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3076 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3077 goto failed;
3078 }
3079
d8457698 3080 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3081 if (!conn) {
a69e8375
JH		 3082 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3083 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3084 goto failed;
3085 }
3086
3087 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3088 struct mgmt_cp_pin_code_neg_reply ncp;
3089
3090 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 3091
3092 BT_ERR("PIN code is not 16 bytes long");
3093
bdb6d971 3094 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3095 if (err >= 0)
a69e8375
JH		 3096 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3097 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3098
3099 goto failed;
3100 }
3101
00abfe44 3102 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3103 if (!cmd) {
3104 err = -ENOMEM;
980e1a53 3105 goto failed;
366a0336 3106 }
980e1a53 3107
7776d1d8
JH		 3108 cmd->cmd_complete = addr_cmd_complete;
3109
d8457698 3110 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3111 reply.pin_len = cp->pin_len;
24718ca5 3112 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3113
3114 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3115 if (err < 0)
a664b5bc 3116 mgmt_pending_remove(cmd);
980e1a53
JH		 3117
3118failed:
09fd0de5 3119 hci_dev_unlock(hdev);
980e1a53
JH		 3120 return err;
3121}
3122
04124681
GP		 3123static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3124 u16 len)
17fa4b9d 3125{
650f726d 3126 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 3127
3128 BT_DBG("");
3129
4ec86d4c 3130 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3131 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3132 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
4ec86d4c 3133
09fd0de5 3134 hci_dev_lock(hdev);
17fa4b9d
JH		 3135
3136 hdev->io_capability = cp->io_capability;
3137
3138 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 3139 hdev->io_capability);
17fa4b9d 3140
09fd0de5 3141 hci_dev_unlock(hdev);
17fa4b9d 3142
2a1afb5a
JH		 3143 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3144 NULL, 0);
17fa4b9d
JH		 3145}
3146
3b0602cd 3147static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3148{
3149 struct hci_dev *hdev = conn->hdev;
3b0602cd 3150 struct mgmt_pending_cmd *cmd;
e9a416b5 3151
2e58ef3e 3152 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3153 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3154 continue;
3155
e9a416b5
JH		 3156 if (cmd->user_data != conn)
3157 continue;
3158
3159 return cmd;
3160 }
3161
3162 return NULL;
3163}
3164
3b0602cd 3165static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3166{
3167 struct mgmt_rp_pair_device rp;
3168 struct hci_conn *conn = cmd->user_data;
9df74653 3169 int err;
e9a416b5 3170
61b1a7fb
JH		 3171 bacpy(&rp.addr.bdaddr, &conn->dst);
3172 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3173
2a1afb5a
JH		 3174 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3175 status, &rp, sizeof(rp));
e9a416b5
JH		 3176
3177 /* So we don't get further callbacks for this connection */
3178 conn->connect_cfm_cb = NULL;
3179 conn->security_cfm_cb = NULL;
3180 conn->disconn_cfm_cb = NULL;
3181
76a68ba0 3182 hci_conn_drop(conn);
89cbb063
AA		 3183
3184 /* The device is paired so there is no need to remove
3185 * its connection parameters anymore.
3186 */
3187 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3188
3189 hci_conn_put(conn);
9df74653
JH		 3190
3191 return err;
e9a416b5
JH		 3192}
3193
f4a407be
JH		 3194void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3195{
3196 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3197 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3198
3199 cmd = find_pairing(conn);
a511b35b 3200 if (cmd) {
04ab2749 3201 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3202 mgmt_pending_remove(cmd);
3203 }
f4a407be
JH		 3204}
3205
e9a416b5
JH		 3206static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3207{
3b0602cd 3208 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3209
3210 BT_DBG("status %u", status);
3211
3212 cmd = find_pairing(conn);
a511b35b 3213 if (!cmd) {
e9a416b5 3214 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3215 return;
3216 }
3217
3218 cmd->cmd_complete(cmd, mgmt_status(status));
3219 mgmt_pending_remove(cmd);
e9a416b5
JH		 3220}
3221
f4a407be 3222static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3223{
3b0602cd 3224 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3225
3226 BT_DBG("status %u", status);
3227
3228 if (!status)
3229 return;
3230
3231 cmd = find_pairing(conn);
a511b35b 3232 if (!cmd) {
4c47d739 3233 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3234 return;
3235 }
3236
3237 cmd->cmd_complete(cmd, mgmt_status(status));
3238 mgmt_pending_remove(cmd);
4c47d739
VA		 3239}
3240
bdb6d971 3241static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3242 u16 len)
e9a416b5 3243{
650f726d 3244 struct mgmt_cp_pair_device *cp = data;
1425acb7 3245 struct mgmt_rp_pair_device rp;
3b0602cd 3246 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3247 u8 sec_level, auth_type;
3248 struct hci_conn *conn;
e9a416b5
JH		 3249 int err;
3250
3251 BT_DBG("");
3252
f950a30e
SJ		 3253 memset(&rp, 0, sizeof(rp));
3254 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3255 rp.addr.type = cp->addr.type;
3256
4ee71b20 3257 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3258 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3259 MGMT_STATUS_INVALID_PARAMS,
3260 &rp, sizeof(rp));
4ee71b20 3261
4ec86d4c 3262 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3263 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3264 MGMT_STATUS_INVALID_PARAMS,
3265 &rp, sizeof(rp));
4ec86d4c 3266
09fd0de5 3267 hci_dev_lock(hdev);
e9a416b5 3268
5f97c1df 3269 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3270 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3271 MGMT_STATUS_NOT_POWERED, &rp,
3272 sizeof(rp));
5f97c1df
JH		 3273 goto unlock;
3274 }
3275
55e76b38
JH		 3276 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3277 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3278 MGMT_STATUS_ALREADY_PAIRED, &rp,
3279 sizeof(rp));
3280 goto unlock;
3281 }
3282
c908df36 3283 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3284 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3285
6f77d8c7 3286 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3287 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3288 auth_type);
6f77d8c7
AG		 3289 } else {
3290 u8 addr_type;
3291
3292 /* Convert from L2CAP channel address type to HCI address type
3293 */
3294 if (cp->addr.type == BDADDR_LE_PUBLIC)
3295 addr_type = ADDR_LE_DEV_PUBLIC;
3296 else
3297 addr_type = ADDR_LE_DEV_RANDOM;
3298
7c264b10
MH		 3299 /* When pairing a new device, it is expected to remember
3300 * this device for future connections. Adding the connection
3301 * parameter information ahead of time allows tracking
3302 * of the slave preferred values and will speed up any
3303 * further connection establishment.
3304 *
3305 * If connection parameters already exist, then they
3306 * will be kept and this function does nothing.
3307 */
3308 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3309
6f77d8c7 3310 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
e804d25d
JH		 3311 sec_level, HCI_LE_CONN_TIMEOUT,
3312 HCI_ROLE_MASTER);
6f77d8c7 3313 }
7a512d01 3314
30e76272 3315 if (IS_ERR(conn)) {
489dc48e
AK		 3316 int status;
3317
3318 if (PTR_ERR(conn) == -EBUSY)
3319 status = MGMT_STATUS_BUSY;
faa81030
LR		 3320 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3321 status = MGMT_STATUS_NOT_SUPPORTED;
3322 else if (PTR_ERR(conn) == -ECONNREFUSED)
3323 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3324 else
3325 status = MGMT_STATUS_CONNECT_FAILED;
3326
2a1afb5a
JH		 3327 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3328 status, &rp, sizeof(rp));
e9a416b5
JH		 3329 goto unlock;
3330 }
3331
3332 if (conn->connect_cfm_cb) {
76a68ba0 3333 hci_conn_drop(conn);
2a1afb5a
JH		 3334 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3335 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3336 goto unlock;
3337 }
3338
2e58ef3e 3339 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3340 if (!cmd) {
3341 err = -ENOMEM;
76a68ba0 3342 hci_conn_drop(conn);
e9a416b5
JH		 3343 goto unlock;
3344 }
3345
04ab2749
JH		 3346 cmd->cmd_complete = pairing_complete;
3347
7a512d01 3348 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3349 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3350 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3351 conn->security_cfm_cb = pairing_complete_cb;
3352 conn->disconn_cfm_cb = pairing_complete_cb;
3353 } else {
3354 conn->connect_cfm_cb = le_pairing_complete_cb;
3355 conn->security_cfm_cb = le_pairing_complete_cb;
3356 conn->disconn_cfm_cb = le_pairing_complete_cb;
3357 }
7a512d01 3358
e9a416b5 3359 conn->io_capability = cp->io_cap;
f8aaf9b6 3360 cmd->user_data = hci_conn_get(conn);
e9a416b5 3361
6f78fd4b 3362 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3363 hci_conn_security(conn, sec_level, auth_type, true)) {
3364 cmd->cmd_complete(cmd, 0);
3365 mgmt_pending_remove(cmd);
3366 }
e9a416b5
JH		 3367
3368 err = 0;
3369
3370unlock:
09fd0de5 3371 hci_dev_unlock(hdev);
e9a416b5
JH		 3372 return err;
3373}
3374
04124681
GP		 3375static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3376 u16 len)
28424707 3377{
0f4e68cf 3378 struct mgmt_addr_info *addr = data;
3b0602cd 3379 struct mgmt_pending_cmd *cmd;
28424707
JH		 3380 struct hci_conn *conn;
3381 int err;
3382
3383 BT_DBG("");
3384
28424707
JH		 3385 hci_dev_lock(hdev);
3386
5f97c1df 3387 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3388 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3389 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3390 goto unlock;
3391 }
3392
28424707
JH		 3393 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3394 if (!cmd) {
a69e8375
JH		 3395 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3396 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3397 goto unlock;
3398 }
3399
3400 conn = cmd->user_data;
3401
3402 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3403 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3404 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3405 goto unlock;
3406 }
3407
a511b35b
JH		 3408 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3409 mgmt_pending_remove(cmd);
28424707 3410
2a1afb5a
JH		 3411 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3412 addr, sizeof(*addr));
28424707
JH		 3413unlock:
3414 hci_dev_unlock(hdev);
28424707
JH		 3415 return err;
3416}
3417
bdb6d971 3418static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3419 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3420 u16 hci_op, __le32 passkey)
a5c29683 3421{
3b0602cd 3422 struct mgmt_pending_cmd *cmd;
0df4c185 3423 struct hci_conn *conn;
a5c29683
JH		 3424 int err;
3425
09fd0de5 3426 hci_dev_lock(hdev);
08ba5382 3427
4b34ee78 3428 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3429 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3430 MGMT_STATUS_NOT_POWERED, addr,
3431 sizeof(*addr));
0df4c185 3432 goto done;
a5c29683
JH		 3433 }
3434
1707c60e
JH		 3435 if (addr->type == BDADDR_BREDR)
3436 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3437 else
1707c60e 3438 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3439
3440 if (!conn) {
2a1afb5a
JH		 3441 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3442 MGMT_STATUS_NOT_CONNECTED, addr,
3443 sizeof(*addr));
272d90df
JH		 3444 goto done;
3445 }
47c15e2b 3446
1707c60e 3447 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3448 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3449 if (!err)
2a1afb5a
JH		 3450 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3451 MGMT_STATUS_SUCCESS, addr,
3452 sizeof(*addr));
5fe57d9e 3453 else
2a1afb5a
JH		 3454 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3455 MGMT_STATUS_FAILED, addr,
3456 sizeof(*addr));
47c15e2b 3457
47c15e2b
BG		 3458 goto done;
3459 }
3460
1707c60e 3461 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3462 if (!cmd) {
3463 err = -ENOMEM;
0df4c185 3464 goto done;
a5c29683
JH		 3465 }
3466
7776d1d8
JH		 3467 cmd->cmd_complete = addr_cmd_complete;
3468
0df4c185 3469 /* Continue with pairing via HCI */
604086b7
BG		 3470 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3471 struct hci_cp_user_passkey_reply cp;
3472
1707c60e 3473 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3474 cp.passkey = passkey;
3475 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3476 } else
1707c60e
JH		 3477 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3478 &addr->bdaddr);
604086b7 3479
a664b5bc
JH		 3480 if (err < 0)
3481 mgmt_pending_remove(cmd);
a5c29683 3482
0df4c185 3483done:
09fd0de5 3484 hci_dev_unlock(hdev);
a5c29683
JH		 3485 return err;
3486}
3487
afeb019d
JK		 3488static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3489 void *data, u16 len)
3490{
3491 struct mgmt_cp_pin_code_neg_reply *cp = data;
3492
3493 BT_DBG("");
3494
1707c60e 3495 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3496 MGMT_OP_PIN_CODE_NEG_REPLY,
3497 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3498}
3499
04124681
GP		 3500static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3501 u16 len)
0df4c185 3502{
650f726d 3503 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3504
3505 BT_DBG("");
3506
3507 if (len != sizeof(*cp))
a69e8375
JH		 3508 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3509 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3510
1707c60e 3511 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3512 MGMT_OP_USER_CONFIRM_REPLY,
3513 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3514}
3515
bdb6d971 3516static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3517 void *data, u16 len)
0df4c185 3518{
c9c2659f 3519 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3520
3521 BT_DBG("");
3522
1707c60e 3523 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3524 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3525 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3526}
3527
04124681
GP		 3528static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3529 u16 len)
604086b7 3530{
650f726d 3531 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3532
3533 BT_DBG("");
3534
1707c60e 3535 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3536 MGMT_OP_USER_PASSKEY_REPLY,
3537 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3538}
3539
bdb6d971 3540static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3541 void *data, u16 len)
604086b7 3542{
650f726d 3543 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3544
3545 BT_DBG("");
3546
1707c60e 3547 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3548 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3549 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3550}
3551
13928971 3552static void update_name(struct hci_request *req)
2b4bf397 3553{
13928971 3554 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3555 struct hci_cp_write_local_name cp;
3556
13928971 3557 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3558
890ea898 3559 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3560}
3561
1904a853 3562static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3563{
3564 struct mgmt_cp_set_local_name *cp;
3b0602cd 3565 struct mgmt_pending_cmd *cmd;
13928971
JH		 3566
3567 BT_DBG("status 0x%02x", status);
3568
3569 hci_dev_lock(hdev);
3570
3571 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3572 if (!cmd)
3573 goto unlock;
3574
3575 cp = cmd->param;
3576
3577 if (status)
a69e8375
JH		 3578 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3579 mgmt_status(status));
13928971 3580 else
2a1afb5a
JH		 3581 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3582 cp, sizeof(*cp));
13928971
JH		 3583
3584 mgmt_pending_remove(cmd);
3585
3586unlock:
3587 hci_dev_unlock(hdev);
3588}
3589
bdb6d971 3590static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3591 u16 len)
b312b161 3592{
2b4bf397 3593 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3594 struct mgmt_pending_cmd *cmd;
890ea898 3595 struct hci_request req;
b312b161
JH		 3596 int err;
3597
3598 BT_DBG("");
3599
09fd0de5 3600 hci_dev_lock(hdev);
b312b161 3601
b3f2ca94
JH		 3602 /* If the old values are the same as the new ones just return a
3603 * direct command complete event.
3604 */
3605 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3606 !memcmp(hdev->short_name, cp->short_name,
3607 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3608 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3609 data, len);
b3f2ca94
JH		 3610 goto failed;
3611 }
3612
2b4bf397 3613 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3614
b5235a65 3615 if (!hdev_is_powered(hdev)) {
2b4bf397 3616 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3617
2a1afb5a
JH		 3618 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3619 data, len);
28cc7bde
JH		 3620 if (err < 0)
3621 goto failed;
3622
3623 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3624 sk);
28cc7bde 3625
b5235a65
JH		 3626 goto failed;
3627 }
3628
28cc7bde 3629 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3630 if (!cmd) {
3631 err = -ENOMEM;
3632 goto failed;
3633 }
3634
13928971
JH		 3635 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3636
890ea898 3637 hci_req_init(&req, hdev);
3f985050
JH		 3638
3639 if (lmp_bredr_capable(hdev)) {
3640 update_name(&req);
3641 update_eir(&req);
3642 }
3643
7a5f4990
MH		 3644 /* The name is stored in the scan response data and so
3645 * no need to udpate the advertising data here.
3646 */
3f985050 3647 if (lmp_le_capable(hdev))
7a5f4990 3648 update_scan_rsp_data(&req);
3f985050 3649
13928971 3650 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3651 if (err < 0)
3652 mgmt_pending_remove(cmd);
3653
3654failed:
09fd0de5 3655 hci_dev_unlock(hdev);
b312b161
JH		 3656 return err;
3657}
3658
0f4e68cf 3659static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3660 void *data, u16 data_len)
c35938b2 3661{
3b0602cd 3662 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 3663 int err;
3664
bdb6d971 3665 BT_DBG("%s", hdev->name);
c35938b2 3666
09fd0de5 3667 hci_dev_lock(hdev);
c35938b2 3668
4b34ee78 3669 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3670 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3671 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3672 goto unlock;
3673 }
3674
9a1a1996 3675 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3676 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3677 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3678 goto unlock;
3679 }
3680
2e58ef3e 3681 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3682 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3683 MGMT_STATUS_BUSY);
c35938b2
SJ		 3684 goto unlock;
3685 }
3686
2e58ef3e 3687 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3688 if (!cmd) {
3689 err = -ENOMEM;
3690 goto unlock;
3691 }
3692
710f11c0 3693 if (bredr_sc_enabled(hdev))
4d2d2796
MH		 3694 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3695 0, NULL);
3696 else
3697 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3698
c35938b2
SJ		 3699 if (err < 0)
3700 mgmt_pending_remove(cmd);
3701
3702unlock:
09fd0de5 3703 hci_dev_unlock(hdev);
c35938b2
SJ		 3704 return err;
3705}
3706
bdb6d971 3707static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3708 void *data, u16 len)
2763eda6 3709{
5d57e796 3710 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3711 int err;
3712
bdb6d971 3713 BT_DBG("%s ", hdev->name);
2763eda6 3714
5d57e796 3715 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3716 return mgmt_cmd_complete(sk, hdev->id,
3717 MGMT_OP_ADD_REMOTE_OOB_DATA,
3718 MGMT_STATUS_INVALID_PARAMS,
3719 addr, sizeof(*addr));
5d57e796 3720
09fd0de5 3721 hci_dev_lock(hdev);
2763eda6 3722
ec109113
MH		 3723 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3724 struct mgmt_cp_add_remote_oob_data *cp = data;
3725 u8 status;
bf1e3541 3726
c19a495c 3727 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3728 err = mgmt_cmd_complete(sk, hdev->id,
3729 MGMT_OP_ADD_REMOTE_OOB_DATA,
3730 MGMT_STATUS_INVALID_PARAMS,
3731 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3732 goto unlock;
3733 }
3734
ec109113 3735 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3736 cp->addr.type, cp->hash,
3737 cp->rand, NULL, NULL);
ec109113
MH		 3738 if (err < 0)
3739 status = MGMT_STATUS_FAILED;
3740 else
3741 status = MGMT_STATUS_SUCCESS;
3742
2a1afb5a
JH		 3743 err = mgmt_cmd_complete(sk, hdev->id,
3744 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3745 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3746 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3747 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3748 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3749 u8 status;
3750
86df9200 3751 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3752 /* Enforce zero-valued 192-bit parameters as
3753 * long as legacy SMP OOB isn't implemented.
3754 */
3755 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3756 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3757 err = mgmt_cmd_complete(sk, hdev->id,
3758 MGMT_OP_ADD_REMOTE_OOB_DATA,
3759 MGMT_STATUS_INVALID_PARAMS,
3760 addr, sizeof(*addr));
d25b78e2
JH		 3761 goto unlock;
3762 }
3763
86df9200
JH		 3764 rand192 = NULL;
3765 hash192 = NULL;
3766 } else {
41bcfd50
MH		 3767 /* In case one of the P-192 values is set to zero,
3768 * then just disable OOB data for P-192.
3769 */
3770 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3771 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3772 rand192 = NULL;
3773 hash192 = NULL;
3774 } else {
3775 rand192 = cp->rand192;
3776 hash192 = cp->hash192;
3777 }
3778 }
3779
3780 /* In case one of the P-256 values is set to zero, then just
3781 * disable OOB data for P-256.
3782 */
3783 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3784 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3785 rand256 = NULL;
3786 hash256 = NULL;
3787 } else {
3788 rand256 = cp->rand256;
3789 hash256 = cp->hash256;
86df9200
JH		 3790 }
3791
81328d5c 3792 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3793 cp->addr.type, hash192, rand192,
41bcfd50 3794 hash256, rand256);
ec109113
MH		 3795 if (err < 0)
3796 status = MGMT_STATUS_FAILED;
3797 else
3798 status = MGMT_STATUS_SUCCESS;
3799
2a1afb5a
JH		 3800 err = mgmt_cmd_complete(sk, hdev->id,
3801 MGMT_OP_ADD_REMOTE_OOB_DATA,
3802 status, &cp->addr, sizeof(cp->addr));
ec109113
MH		 3803 } else {
3804 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
a69e8375
JH		 3805 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3806 MGMT_STATUS_INVALID_PARAMS);
ec109113 3807 }
2763eda6 3808
c19a495c 3809unlock:
09fd0de5 3810 hci_dev_unlock(hdev);
2763eda6
SJ		 3811 return err;
3812}
3813
bdb6d971 3814static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3815 void *data, u16 len)
2763eda6 3816{
650f726d 3817 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3818 u8 status;
2763eda6
SJ		 3819 int err;
3820
bdb6d971 3821 BT_DBG("%s", hdev->name);
2763eda6 3822
c19a495c 3823 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3824 return mgmt_cmd_complete(sk, hdev->id,
3825 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3826 MGMT_STATUS_INVALID_PARAMS,
3827 &cp->addr, sizeof(cp->addr));
c19a495c 3828
09fd0de5 3829 hci_dev_lock(hdev);
2763eda6 3830
eedbd581
JH		 3831 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3832 hci_remote_oob_data_clear(hdev);
3833 status = MGMT_STATUS_SUCCESS;
3834 goto done;
3835 }
3836
6928a924 3837 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3838 if (err < 0)
bf1e3541 3839 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3840 else
a6785be2 3841 status = MGMT_STATUS_SUCCESS;
bf1e3541 3842
eedbd581 3843done:
2a1afb5a
JH		 3844 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3845 status, &cp->addr, sizeof(cp->addr));
2763eda6 3846
09fd0de5 3847 hci_dev_unlock(hdev);
2763eda6
SJ		 3848 return err;
3849}
3850
8019044d 3851static bool trigger_discovery(struct hci_request *req, u8 *status)
41dc2bd6 3852{
8019044d
MH		 3853 struct hci_dev *hdev = req->hdev;
3854 struct hci_cp_le_set_scan_param param_cp;
3855 struct hci_cp_le_set_scan_enable enable_cp;
3856 struct hci_cp_inquiry inq_cp;
3857 /* General inquiry access code (GIAC) */
3858 u8 lap[3] = { 0x33, 0x8b, 0x9e };
3859 u8 own_addr_type;
41dc2bd6
AG		 3860 int err;
3861
8019044d
MH		 3862 switch (hdev->discovery.type) {
3863 case DISCOV_TYPE_BREDR:
3864 *status = mgmt_bredr_support(hdev);
3865 if (*status)
3866 return false;
41dc2bd6 3867
8019044d
MH		 3868 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3869 *status = MGMT_STATUS_BUSY;
3870 return false;
3871 }
41dc2bd6 3872
8019044d 3873 hci_inquiry_cache_flush(hdev);
41dc2bd6 3874
8019044d
MH		 3875 memset(&inq_cp, 0, sizeof(inq_cp));
3876 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
3877 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
3878 hci_req_add(req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
3879 break;
41dc2bd6 3880
8019044d
MH		 3881 case DISCOV_TYPE_LE:
3882 case DISCOV_TYPE_INTERLEAVED:
3883 *status = mgmt_le_support(hdev);
3884 if (*status)
3885 return false;
3886
3887 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
d7a5a11d 3888 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
8019044d
MH		 3889 *status = MGMT_STATUS_NOT_SUPPORTED;
3890 return false;
3891 }
3892
d7a5a11d 3893 if (hci_dev_test_flag(hdev, HCI_LE_ADV)) {
8019044d
MH		 3894 /* Don't let discovery abort an outgoing
3895 * connection attempt that's using directed
3896 * advertising.
3897 */
3898 if (hci_conn_hash_lookup_state(hdev, LE_LINK,
3899 BT_CONNECT)) {
3900 *status = MGMT_STATUS_REJECTED;
3901 return false;
3902 }
3903
3904 disable_advertising(req);
3905 }
3906
3907 /* If controller is scanning, it means the background scanning
3908 * is running. Thus, we should temporarily stop it in order to
3909 * set the discovery scanning parameters.
3910 */
d7a5a11d 3911 if (hci_dev_test_flag(hdev, HCI_LE_SCAN))
8019044d
MH		 3912 hci_req_add_le_scan_disable(req);
3913
3914 memset(&param_cp, 0, sizeof(param_cp));
3915
3916 /* All active scans will be done with either a resolvable
3917 * private address (when privacy feature has been enabled)
9437d2ed 3918 * or non-resolvable private address.
8019044d
MH		 3919 */
3920 err = hci_update_random_address(req, true, &own_addr_type);
3921 if (err < 0) {
3922 *status = MGMT_STATUS_FAILED;
3923 return false;
3924 }
3925
3926 param_cp.type = LE_SCAN_ACTIVE;
3927 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3928 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
3929 param_cp.own_address_type = own_addr_type;
3930 hci_req_add(req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3931 &param_cp);
3932
3933 memset(&enable_cp, 0, sizeof(enable_cp));
3934 enable_cp.enable = LE_SCAN_ENABLE;
3935 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3936 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3937 &enable_cp);
3938 break;
3939
3940 default:
3941 *status = MGMT_STATUS_INVALID_PARAMS;
3942 return false;
3943 }
3944
3945 return true;
41dc2bd6
AG		 3946}
3947
1904a853
MH		 3948static void start_discovery_complete(struct hci_dev *hdev, u8 status,
3949 u16 opcode)
7c307720 3950{
3b0602cd 3951 struct mgmt_pending_cmd *cmd;
11e6e25d 3952 unsigned long timeout;
ae55f598 3953
7c307720
AG		 3954 BT_DBG("status %d", status);
3955
11e6e25d 3956 hci_dev_lock(hdev);
41dc2bd6 3957
11e6e25d 3958 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427
JP		 3959 if (!cmd)
3960 cmd = mgmt_pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
3961
11e6e25d 3962 if (cmd) {
2922a94f 3963 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3964 mgmt_pending_remove(cmd);
3965 }
7c307720
AG		 3966
3967 if (status) {
11e6e25d
MH		 3968 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3969 goto unlock;
7c307720
AG		 3970 }
3971
7c307720 3972 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
7c307720 3973
2d28cfe7
JP		 3974 /* If the scan involves LE scan, pick proper timeout to schedule
3975 * hdev->le_scan_disable that will stop it.
3976 */
7c307720
AG		 3977 switch (hdev->discovery.type) {
3978 case DISCOV_TYPE_LE:
3d5a76f0 3979 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720 3980 break;
7c307720 3981 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3982 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720 3983 break;
7c307720 3984 case DISCOV_TYPE_BREDR:
11e6e25d 3985 timeout = 0;
7c307720 3986 break;
7c307720
AG		 3987 default:
3988 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
11e6e25d
MH		 3989 timeout = 0;
3990 break;
7c307720 3991 }
ae55f598 3992
2d28cfe7
JP		 3993 if (timeout) {
3994 /* When service discovery is used and the controller has
3995 * a strict duplicate filter, it is important to remember
3996 * the start and duration of the scan. This is required
3997 * for restarting scanning during the discovery phase.
3998 */
3999 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER,
4000 &hdev->quirks) &&
82f8b651 4001 hdev->discovery.result_filtering) {
2d28cfe7
JP		 4002 hdev->discovery.scan_start = jiffies;
4003 hdev->discovery.scan_duration = timeout;
4004 }
4005
11e6e25d
MH		 4006 queue_delayed_work(hdev->workqueue,
4007 &hdev->le_scan_disable, timeout);
2d28cfe7 4008 }
ae55f598 4009
11e6e25d
MH		 4010unlock:
4011 hci_dev_unlock(hdev);
7c307720
AG		 4012}
4013
bdb6d971 4014static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 4015 void *data, u16 len)
14a53664 4016{
650f726d 4017 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 4018 struct mgmt_pending_cmd *cmd;
7c307720 4019 struct hci_request req;
8019044d 4020 u8 status;
14a53664
JH		 4021 int err;
4022
bdb6d971 4023 BT_DBG("%s", hdev->name);
14a53664 4024
09fd0de5 4025 hci_dev_lock(hdev);
14a53664 4026
4b34ee78 4027 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4028 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4029 MGMT_STATUS_NOT_POWERED,
4030 &cp->type, sizeof(cp->type));
bd2d1334
JH		 4031 goto failed;
4032 }
4033
f5a969f2 4034 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4035 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4036 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4037 MGMT_STATUS_BUSY, &cp->type,
4038 sizeof(cp->type));
642be6c7
AG		 4039 goto failed;
4040 }
4041
2922a94f 4042 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, data, len);
14a53664
JH		 4043 if (!cmd) {
4044 err = -ENOMEM;
4045 goto failed;
4046 }
4047
2922a94f
JH		 4048 cmd->cmd_complete = generic_cmd_complete;
4049
22078800
MH		 4050 /* Clear the discovery filter first to free any previously
4051 * allocated memory for the UUID list.
4052 */
4053 hci_discovery_filter_clear(hdev);
4054
4aab14e5 4055 hdev->discovery.type = cp->type;
da25cf6a 4056 hdev->discovery.report_invalid_rssi = false;
4aab14e5 4057
7c307720
AG		 4058 hci_req_init(&req, hdev);
4059
8019044d 4060 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4061 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_START_DISCOVERY,
4062 status, &cp->type, sizeof(cp->type));
04106755
JH		 4063 mgmt_pending_remove(cmd);
4064 goto failed;
f39799f5 4065 }
04106755 4066
7c307720 4067 err = hci_req_run(&req, start_discovery_complete);
f5a969f2 4068 if (err < 0) {
14a53664 4069 mgmt_pending_remove(cmd);
f5a969f2
MH		 4070 goto failed;
4071 }
7c307720 4072
f5a969f2 4073 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 4074
14a53664 4075failed:
09fd0de5 4076 hci_dev_unlock(hdev);
14a53664
JH		 4077 return err;
4078}
f39799f5 4079
3b0602cd
JH		 4080static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
4081 u8 status)
2922a94f 4082{
2a1afb5a
JH		 4083 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
4084 cmd->param, 1);
2922a94f 4085}
04106755 4086
66ea9427
JP		 4087static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
4088 void *data, u16 len)
4089{
4090 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 4091 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 4092 struct hci_request req;
4093 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
4094 u16 uuid_count, expected_len;
4095 u8 status;
4096 int err;
04106755 4097
66ea9427 4098 BT_DBG("%s", hdev->name);
e8bb6b97 4099
66ea9427 4100 hci_dev_lock(hdev);
7c307720 4101
66ea9427 4102 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 4103 err = mgmt_cmd_complete(sk, hdev->id,
4104 MGMT_OP_START_SERVICE_DISCOVERY,
4105 MGMT_STATUS_NOT_POWERED,
4106 &cp->type, sizeof(cp->type));
66ea9427
JP		 4107 goto failed;
4108 }
7c307720 4109
66ea9427 4110 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 4111 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 4112 err = mgmt_cmd_complete(sk, hdev->id,
4113 MGMT_OP_START_SERVICE_DISCOVERY,
4114 MGMT_STATUS_BUSY, &cp->type,
4115 sizeof(cp->type));
66ea9427
JP		 4116 goto failed;
4117 }
d9483943 4118
66ea9427
JP		 4119 uuid_count = __le16_to_cpu(cp->uuid_count);
4120 if (uuid_count > max_uuid_count) {
4121 BT_ERR("service_discovery: too big uuid_count value %u",
4122 uuid_count);
2a1afb5a
JH		 4123 err = mgmt_cmd_complete(sk, hdev->id,
4124 MGMT_OP_START_SERVICE_DISCOVERY,
4125 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4126 sizeof(cp->type));
66ea9427
JP		 4127 goto failed;
4128 }
4129
4130 expected_len = sizeof(*cp) + uuid_count * 16;
4131 if (expected_len != len) {
4132 BT_ERR("service_discovery: expected %u bytes, got %u bytes",
4133 expected_len, len);
2a1afb5a
JH		 4134 err = mgmt_cmd_complete(sk, hdev->id,
4135 MGMT_OP_START_SERVICE_DISCOVERY,
4136 MGMT_STATUS_INVALID_PARAMS, &cp->type,
4137 sizeof(cp->type));
66ea9427
JP		 4138 goto failed;
4139 }
4140
4141 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 4142 hdev, data, len);
66ea9427
JP		 4143 if (!cmd) {
4144 err = -ENOMEM;
4145 goto failed;
4146 }
4147
2922a94f
JH		 4148 cmd->cmd_complete = service_discovery_cmd_complete;
4149
22078800
MH		 4150 /* Clear the discovery filter first to free any previously
4151 * allocated memory for the UUID list.
4152 */
4153 hci_discovery_filter_clear(hdev);
4154
82f8b651 4155 hdev->discovery.result_filtering = true;
66ea9427
JP		 4156 hdev->discovery.type = cp->type;
4157 hdev->discovery.rssi = cp->rssi;
4158 hdev->discovery.uuid_count = uuid_count;
4159
4160 if (uuid_count > 0) {
4161 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4162 GFP_KERNEL);
4163 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4164 err = mgmt_cmd_complete(sk, hdev->id,
4165 MGMT_OP_START_SERVICE_DISCOVERY,
4166 MGMT_STATUS_FAILED,
4167 &cp->type, sizeof(cp->type));
d9483943
JH		 4168 mgmt_pending_remove(cmd);
4169 goto failed;
4170 }
66ea9427 4171 }
d9483943 4172
66ea9427 4173 hci_req_init(&req, hdev);
5e0452c0 4174
66ea9427 4175 if (!trigger_discovery(&req, &status)) {
2a1afb5a
JH		 4176 err = mgmt_cmd_complete(sk, hdev->id,
4177 MGMT_OP_START_SERVICE_DISCOVERY,
4178 status, &cp->type, sizeof(cp->type));
04106755
JH		 4179 mgmt_pending_remove(cmd);
4180 goto failed;
f39799f5 4181 }
3fd24153 4182
7c307720 4183 err = hci_req_run(&req, start_discovery_complete);
66ea9427 4184 if (err < 0) {
14a53664 4185 mgmt_pending_remove(cmd);
66ea9427
JP		 4186 goto failed;
4187 }
4188
4189 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 4190
4191failed:
09fd0de5 4192 hci_dev_unlock(hdev);
14a53664
JH		 4193 return err;
4194}
4195
1904a853 4196static void stop_discovery_complete(struct hci_dev *hdev, u8 status, u16 opcode)
1183fdca 4197{
3b0602cd 4198 struct mgmt_pending_cmd *cmd;
1183fdca 4199
0e05bba6
AG		 4200 BT_DBG("status %d", status);
4201
4202 hci_dev_lock(hdev);
4203
11e6e25d
MH		 4204 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
4205 if (cmd) {
2922a94f 4206 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4207 mgmt_pending_remove(cmd);
0e05bba6
AG		 4208 }
4209
11e6e25d
MH		 4210 if (!status)
4211 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
0e05bba6 4212
0e05bba6
AG		 4213 hci_dev_unlock(hdev);
4214}
4215
bdb6d971 4216static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4217 u16 len)
14a53664 4218{
d930650b 4219 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4220 struct mgmt_pending_cmd *cmd;
0e05bba6 4221 struct hci_request req;
14a53664
JH		 4222 int err;
4223
bdb6d971 4224 BT_DBG("%s", hdev->name);
14a53664 4225
09fd0de5 4226 hci_dev_lock(hdev);
14a53664 4227
30dc78e1 4228 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4229 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4230 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4231 sizeof(mgmt_cp->type));
d930650b
JH		 4232 goto unlock;
4233 }
4234
4235 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4236 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4237 MGMT_STATUS_INVALID_PARAMS,
4238 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4239 goto unlock;
ff9ef578
JH		 4240 }
4241
2922a94f 4242 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4243 if (!cmd) {
4244 err = -ENOMEM;
30dc78e1
JH		 4245 goto unlock;
4246 }
4247
2922a94f
JH		 4248 cmd->cmd_complete = generic_cmd_complete;
4249
0e05bba6
AG		 4250 hci_req_init(&req, hdev);
4251
21a60d30 4252 hci_stop_discovery(&req);
e0d9727e 4253
21a60d30
JH		 4254 err = hci_req_run(&req, stop_discovery_complete);
4255 if (!err) {
4256 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 4257 goto unlock;
14a53664
JH		 4258 }
4259
21a60d30
JH		 4260 mgmt_pending_remove(cmd);
4261
4262 /* If no HCI commands were sent we're done */
4263 if (err == -ENODATA) {
2a1afb5a
JH		 4264 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
4265 &mgmt_cp->type, sizeof(mgmt_cp->type));
21a60d30
JH		 4266 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
4267 }
14a53664 4268
30dc78e1 4269unlock:
09fd0de5 4270 hci_dev_unlock(hdev);
14a53664
JH		 4271 return err;
4272}
4273
bdb6d971 4274static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4275 u16 len)
561aafbc 4276{
650f726d 4277 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4278 struct inquiry_entry *e;
561aafbc
JH		 4279 int err;
4280
bdb6d971 4281 BT_DBG("%s", hdev->name);
561aafbc 4282
561aafbc
JH		 4283 hci_dev_lock(hdev);
4284
30dc78e1 4285 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4286 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4287 MGMT_STATUS_FAILED, &cp->addr,
4288 sizeof(cp->addr));
30dc78e1
JH		 4289 goto failed;
4290 }
4291
a198e7b1 4292 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4293 if (!e) {
2a1afb5a
JH		 4294 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4295 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4296 sizeof(cp->addr));
561aafbc
JH		 4297 goto failed;
4298 }
4299
4300 if (cp->name_known) {
4301 e->name_state = NAME_KNOWN;
4302 list_del(&e->list);
4303 } else {
4304 e->name_state = NAME_NEEDED;
a3d4e20a 4305 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4306 }
4307
2a1afb5a
JH		 4308 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4309 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4310
4311failed:
4312 hci_dev_unlock(hdev);
561aafbc
JH		 4313 return err;
4314}
4315
bdb6d971 4316static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4317 u16 len)
7fbec224 4318{
650f726d 4319 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4320 u8 status;
7fbec224
AJ		 4321 int err;
4322
bdb6d971 4323 BT_DBG("%s", hdev->name);
7fbec224 4324
4ee71b20 4325 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4326 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4327 MGMT_STATUS_INVALID_PARAMS,
4328 &cp->addr, sizeof(cp->addr));
4ee71b20 4329
09fd0de5 4330 hci_dev_lock(hdev);
5e762444 4331
dcc36c16
JH		 4332 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4333 cp->addr.type);
2a8357f2 4334 if (err < 0) {
f0eeea8b 4335 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4336 goto done;
4337 }
4338
4339 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4340 sk);
4341 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4342
2a8357f2 4343done:
2a1afb5a
JH		 4344 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4345 &cp->addr, sizeof(cp->addr));
5e762444 4346
09fd0de5 4347 hci_dev_unlock(hdev);
7fbec224
AJ		 4348
4349 return err;
4350}
4351
bdb6d971 4352static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4353 u16 len)
7fbec224 4354{
650f726d 4355 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4356 u8 status;
7fbec224
AJ		 4357 int err;
4358
bdb6d971 4359 BT_DBG("%s", hdev->name);
7fbec224 4360
4ee71b20 4361 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4362 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4363 MGMT_STATUS_INVALID_PARAMS,
4364 &cp->addr, sizeof(cp->addr));
4ee71b20 4365
09fd0de5 4366 hci_dev_lock(hdev);
5e762444 4367
dcc36c16
JH		 4368 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4369 cp->addr.type);
2a8357f2 4370 if (err < 0) {
f0eeea8b 4371 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4372 goto done;
4373 }
4374
4375 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4376 sk);
4377 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4378
2a8357f2 4379done:
2a1afb5a
JH		 4380 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4381 &cp->addr, sizeof(cp->addr));
5e762444 4382
09fd0de5 4383 hci_dev_unlock(hdev);
7fbec224
AJ		 4384
4385 return err;
4386}
4387
cdbaccca
MH		 4388static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4389 u16 len)
4390{
4391 struct mgmt_cp_set_device_id *cp = data;
890ea898 4392 struct hci_request req;
cdbaccca 4393 int err;
c72d4b8a 4394 __u16 source;
cdbaccca
MH		 4395
4396 BT_DBG("%s", hdev->name);
4397
c72d4b8a
SJ		 4398 source = __le16_to_cpu(cp->source);
4399
4400 if (source > 0x0002)
a69e8375
JH		 4401 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4402 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4403
cdbaccca
MH		 4404 hci_dev_lock(hdev);
4405
c72d4b8a 4406 hdev->devid_source = source;
cdbaccca
MH		 4407 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4408 hdev->devid_product = __le16_to_cpu(cp->product);
4409 hdev->devid_version = __le16_to_cpu(cp->version);
4410
2a1afb5a
JH		 4411 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4412 NULL, 0);
cdbaccca 4413
890ea898
JH		 4414 hci_req_init(&req, hdev);
4415 update_eir(&req);
4416 hci_req_run(&req, NULL);
cdbaccca
MH		 4417
4418 hci_dev_unlock(hdev);
4419
4420 return err;
4421}
4422
1904a853
MH		 4423static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4424 u16 opcode)
4375f103
JH		 4425{
4426 struct cmd_lookup match = { NULL, hdev };
4427
3ad67582
JK		 4428 hci_dev_lock(hdev);
4429
4375f103
JH		 4430 if (status) {
4431 u8 mgmt_err = mgmt_status(status);
4432
4433 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4434 cmd_status_rsp, &mgmt_err);
3ad67582 4435 goto unlock;
4375f103
JH		 4436 }
4437
d7a5a11d 4438 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4439 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4440 else
a358dc11 4441 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4442
4375f103
JH		 4443 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4444 &match);
4445
4446 new_settings(hdev, match.sk);
4447
4448 if (match.sk)
4449 sock_put(match.sk);
3ad67582
JK		 4450
4451unlock:
4452 hci_dev_unlock(hdev);
4375f103
JH		 4453}
4454
21b5187f
MH		 4455static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4456 u16 len)
4375f103
JH		 4457{
4458 struct mgmt_mode *cp = data;
3b0602cd 4459 struct mgmt_pending_cmd *cmd;
4375f103 4460 struct hci_request req;
cc91cb04 4461 u8 val, status;
4375f103
JH		 4462 int err;
4463
4464 BT_DBG("request for %s", hdev->name);
4465
e6fe7986
JH		 4466 status = mgmt_le_support(hdev);
4467 if (status)
a69e8375
JH		 4468 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4469 status);
4375f103 4470
cc91cb04 4471 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4473 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4474
4475 hci_dev_lock(hdev);
4476
4477 val = !!cp->val;
4375f103 4478
f74ca9b8
JH		 4479 /* The following conditions are ones which mean that we should
4480 * not do any HCI communication but directly send a mgmt
4481 * response to user space (after toggling the flag if
4482 * necessary).
4483 */
cc91cb04 4484 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4485 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4486 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4487 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4488 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4489 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4490 bool changed;
4375f103 4491
cc91cb04 4492 if (cp->val) {
238be788 4493 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4494 if (cp->val == 0x02)
a1536da2 4495 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4496 else
a358dc11 4497 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4498 } else {
a69d8927 4499 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4500 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4501 }
4502
4503 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4504 if (err < 0)
4505 goto unlock;
4506
4507 if (changed)
4508 err = new_settings(hdev, sk);
4509
4510 goto unlock;
4511 }
4512
4513 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4514 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4515 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4516 MGMT_STATUS_BUSY);
4375f103
JH		 4517 goto unlock;
4518 }
4519
4520 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4521 if (!cmd) {
4522 err = -ENOMEM;
4523 goto unlock;
4524 }
4525
4526 hci_req_init(&req, hdev);
4527
cc91cb04 4528 if (cp->val == 0x02)
a1536da2 4529 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4530 else
a358dc11 4531 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4532
bba3aa55
MH		 4533 if (val)
4534 enable_advertising(&req);
4535 else
4536 disable_advertising(&req);
4375f103
JH		 4537
4538 err = hci_req_run(&req, set_advertising_complete);
4539 if (err < 0)
4540 mgmt_pending_remove(cmd);
4541
4542unlock:
4543 hci_dev_unlock(hdev);
4544 return err;
4545}
4546
d13eafce
MH		 4547static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4548 void *data, u16 len)
4549{
4550 struct mgmt_cp_set_static_address *cp = data;
4551 int err;
4552
4553 BT_DBG("%s", hdev->name);
4554
62af4443 4555 if (!lmp_le_capable(hdev))
a69e8375
JH		 4556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4557 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4558
4559 if (hdev_is_powered(hdev))
a69e8375
JH		 4560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4561 MGMT_STATUS_REJECTED);
d13eafce
MH		 4562
4563 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4564 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4565 return mgmt_cmd_status(sk, hdev->id,
4566 MGMT_OP_SET_STATIC_ADDRESS,
4567 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4568
4569 /* Two most significant bits shall be set */
4570 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4571 return mgmt_cmd_status(sk, hdev->id,
4572 MGMT_OP_SET_STATIC_ADDRESS,
4573 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4574 }
4575
4576 hci_dev_lock(hdev);
4577
4578 bacpy(&hdev->static_addr, &cp->bdaddr);
4579
93690c22
MH		 4580 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4581 if (err < 0)
4582 goto unlock;
4583
4584 err = new_settings(hdev, sk);
d13eafce 4585
93690c22 4586unlock:
d13eafce 4587 hci_dev_unlock(hdev);
d13eafce
MH		 4588 return err;
4589}
4590
14b49b9a
MH		 4591static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4592 void *data, u16 len)
4593{
4594 struct mgmt_cp_set_scan_params *cp = data;
4595 __u16 interval, window;
4596 int err;
4597
4598 BT_DBG("%s", hdev->name);
4599
4600 if (!lmp_le_capable(hdev))
a69e8375
JH		 4601 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4602 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4603
4604 interval = __le16_to_cpu(cp->interval);
4605
4606 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4607 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4608 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4609
4610 window = __le16_to_cpu(cp->window);
4611
4612 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4613 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4614 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4615
899e1075 4616 if (window > interval)
a69e8375
JH		 4617 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4618 MGMT_STATUS_INVALID_PARAMS);
899e1075 4619
14b49b9a
MH		 4620 hci_dev_lock(hdev);
4621
4622 hdev->le_scan_interval = interval;
4623 hdev->le_scan_window = window;
4624
2a1afb5a
JH		 4625 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4626 NULL, 0);
14b49b9a 4627
dd2ef8e2
AG		 4628 /* If background scan is running, restart it so new parameters are
4629 * loaded.
4630 */
d7a5a11d 4631 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4632 hdev->discovery.state == DISCOVERY_STOPPED) {
4633 struct hci_request req;
4634
4635 hci_req_init(&req, hdev);
4636
4637 hci_req_add_le_scan_disable(&req);
4638 hci_req_add_le_passive_scan(&req);
4639
4640 hci_req_run(&req, NULL);
4641 }
4642
14b49b9a
MH		 4643 hci_dev_unlock(hdev);
4644
4645 return err;
4646}
4647
1904a853
MH		 4648static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4649 u16 opcode)
33e38b3e 4650{
3b0602cd 4651 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4652
4653 BT_DBG("status 0x%02x", status);
4654
4655 hci_dev_lock(hdev);
4656
4657 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4658 if (!cmd)
4659 goto unlock;
4660
4661 if (status) {
a69e8375
JH		 4662 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4663 mgmt_status(status));
33e38b3e 4664 } else {
1a4d3c4b
JH		 4665 struct mgmt_mode *cp = cmd->param;
4666
4667 if (cp->val)
a1536da2 4668 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4669 else
a358dc11 4670 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4671
33e38b3e
JH		 4672 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4673 new_settings(hdev, cmd->sk);
4674 }
4675
4676 mgmt_pending_remove(cmd);
4677
4678unlock:
4679 hci_dev_unlock(hdev);
4680}
4681
bdb6d971 4682static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4683 void *data, u16 len)
f6422ec6 4684{
650f726d 4685 struct mgmt_mode *cp = data;
3b0602cd 4686 struct mgmt_pending_cmd *cmd;
33e38b3e 4687 struct hci_request req;
f6422ec6
AJ		 4688 int err;
4689
bdb6d971 4690 BT_DBG("%s", hdev->name);
f6422ec6 4691
d7a5a11d 4692 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4693 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4694 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4695 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4696
a7e80f25 4697 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4699 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4700
f6422ec6
AJ		 4701 hci_dev_lock(hdev);
4702
05cbf29f 4703 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4704 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4705 MGMT_STATUS_BUSY);
05cbf29f
JH		 4706 goto unlock;
4707 }
4708
d7a5a11d 4709 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4710 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4711 hdev);
4712 goto unlock;
4713 }
4714
406ef2a6 4715 if (!hdev_is_powered(hdev)) {
ce05d603 4716 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4717 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4718 hdev);
4719 new_settings(hdev, sk);
4720 goto unlock;
4721 }
4722
33e38b3e
JH		 4723 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4724 data, len);
4725 if (!cmd) {
4726 err = -ENOMEM;
4727 goto unlock;
f6422ec6
AJ		 4728 }
4729
33e38b3e
JH		 4730 hci_req_init(&req, hdev);
4731
406d7804 4732 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4733
4734 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4735 if (err < 0) {
a69e8375
JH		 4736 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4737 MGMT_STATUS_FAILED);
33e38b3e 4738 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4739 }
4740
33e38b3e 4741unlock:
f6422ec6 4742 hci_dev_unlock(hdev);
33e38b3e 4743
f6422ec6
AJ		 4744 return err;
4745}
4746
1904a853 4747static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4748{
3b0602cd 4749 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4750
4751 BT_DBG("status 0x%02x", status);
4752
4753 hci_dev_lock(hdev);
4754
4755 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4756 if (!cmd)
4757 goto unlock;
4758
4759 if (status) {
4760 u8 mgmt_err = mgmt_status(status);
4761
4762 /* We need to restore the flag if related HCI commands
4763 * failed.
4764 */
a358dc11 4765 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4766
a69e8375 4767 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4768 } else {
4769 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4770 new_settings(hdev, cmd->sk);
4771 }
4772
4773 mgmt_pending_remove(cmd);
4774
4775unlock:
4776 hci_dev_unlock(hdev);
4777}
4778
4779static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4780{
4781 struct mgmt_mode *cp = data;
3b0602cd 4782 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4783 struct hci_request req;
4784 int err;
4785
4786 BT_DBG("request for %s", hdev->name);
4787
4788 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4789 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4790 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4791
d7a5a11d 4792 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4793 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4794 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4795
4796 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4797 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4798 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4799
4800 hci_dev_lock(hdev);
4801
d7a5a11d 4802 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4803 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4804 goto unlock;
4805 }
4806
4807 if (!hdev_is_powered(hdev)) {
4808 if (!cp->val) {
a358dc11
MH		 4809 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4810 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4811 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4812 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4813 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4814 }
4815
ce05d603 4816 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4817
4818 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4819 if (err < 0)
4820 goto unlock;
4821
4822 err = new_settings(hdev, sk);
4823 goto unlock;
4824 }
4825
4826 /* Reject disabling when powered on */
4827 if (!cp->val) {
a69e8375
JH		 4828 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4829 MGMT_STATUS_REJECTED);
0663ca2a 4830 goto unlock;
111e4bcc
MH		 4831 } else {
4832 /* When configuring a dual-mode controller to operate
4833 * with LE only and using a static address, then switching
4834 * BR/EDR back on is not allowed.
4835 *
4836 * Dual-mode controllers shall operate with the public
4837 * address as its identity address for BR/EDR and LE. So
4838 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4839 *
4840 * The same restrictions applies when secure connections
4841 * has been enabled. For BR/EDR this is a controller feature
4842 * while for LE it is a host stack feature. This means that
4843 * switching BR/EDR back on when secure connections has been
4844 * enabled is not a supported transaction.
111e4bcc 4845 */
d7a5a11d 4846 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4847 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4848 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4849 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4850 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4851 goto unlock;
4852 }
0663ca2a
JH		 4853 }
4854
4855 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4856 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4857 MGMT_STATUS_BUSY);
0663ca2a
JH		 4858 goto unlock;
4859 }
4860
4861 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4862 if (!cmd) {
4863 err = -ENOMEM;
4864 goto unlock;
4865 }
4866
5947f4bc 4867 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4868 * generates the correct flags.
4869 */
a1536da2 4870 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4871
4872 hci_req_init(&req, hdev);
aa8af46e 4873
432df05e 4874 write_fast_connectable(&req, false);
1d2dc5b7 4875 __hci_update_page_scan(&req);
aa8af46e 4876
f14d8f64
MH		 4877 /* Since only the advertising data flags will change, there
4878 * is no need to update the scan response data.
4879 */
5947f4bc 4880 update_adv_data(&req);
aa8af46e 4881
0663ca2a
JH		 4882 err = hci_req_run(&req, set_bredr_complete);
4883 if (err < 0)
4884 mgmt_pending_remove(cmd);
4885
4886unlock:
4887 hci_dev_unlock(hdev);
4888 return err;
4889}
4890
a1443f5a
JH		 4891static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4892{
3b0602cd 4893 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4894 struct mgmt_mode *cp;
4895
4896 BT_DBG("%s status %u", hdev->name, status);
4897
4898 hci_dev_lock(hdev);
4899
4900 cmd = mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
4901 if (!cmd)
4902 goto unlock;
4903
4904 if (status) {
a69e8375
JH		 4905 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4906 mgmt_status(status));
a1443f5a
JH		 4907 goto remove;
4908 }
4909
4910 cp = cmd->param;
4911
4912 switch (cp->val) {
4913 case 0x00:
a358dc11
MH		 4914 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4915 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4916 break;
4917 case 0x01:
a1536da2 4918 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4919 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4920 break;
4921 case 0x02:
a1536da2
MH		 4922 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4923 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4924 break;
4925 }
4926
4927 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4928 new_settings(hdev, cmd->sk);
4929
4930remove:
4931 mgmt_pending_remove(cmd);
4932unlock:
4933 hci_dev_unlock(hdev);
4934}
4935
eac83dc6
MH		 4936static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4937 void *data, u16 len)
4938{
4939 struct mgmt_mode *cp = data;
3b0602cd 4940 struct mgmt_pending_cmd *cmd;
a1443f5a 4941 struct hci_request req;
a3209694 4942 u8 val;
eac83dc6
MH		 4943 int err;
4944
4945 BT_DBG("request for %s", hdev->name);
4946
05b3c3e7 4947 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4948 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4949 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4950 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4951
d7a5a11d 4952 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4953 lmp_sc_capable(hdev) &&
d7a5a11d 4954 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4955 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4956 MGMT_STATUS_REJECTED);
ed93ec69 4957
0ab04a9c 4958 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4959 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4960 MGMT_STATUS_INVALID_PARAMS);
4961
4962 hci_dev_lock(hdev);
4963
05b3c3e7 4964 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4965 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4966 bool changed;
4967
0ab04a9c 4968 if (cp->val) {
238be788
MH		 4969 changed = !hci_dev_test_and_set_flag(hdev,
4970 HCI_SC_ENABLED);
0ab04a9c 4971 if (cp->val == 0x02)
a1536da2 4972 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4973 else
a358dc11 4974 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4975 } else {
a69d8927
MH		 4976 changed = hci_dev_test_and_clear_flag(hdev,
4977 HCI_SC_ENABLED);
a358dc11 4978 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4979 }
eac83dc6
MH		 4980
4981 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4982 if (err < 0)
4983 goto failed;
4984
4985 if (changed)
4986 err = new_settings(hdev, sk);
4987
4988 goto failed;
4989 }
4990
4991 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4992 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4993 MGMT_STATUS_BUSY);
eac83dc6
MH		 4994 goto failed;
4995 }
4996
0ab04a9c
MH		 4997 val = !!cp->val;
4998
d7a5a11d
MH		 4999 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
5000 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 5001 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
5002 goto failed;
5003 }
5004
5005 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
5006 if (!cmd) {
5007 err = -ENOMEM;
5008 goto failed;
5009 }
5010
a1443f5a
JH		 5011 hci_req_init(&req, hdev);
5012 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
5013 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 5014 if (err < 0) {
5015 mgmt_pending_remove(cmd);
5016 goto failed;
5017 }
5018
5019failed:
5020 hci_dev_unlock(hdev);
5021 return err;
5022}
5023
4e39ac81
MH		 5024static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
5025 void *data, u16 len)
5026{
5027 struct mgmt_mode *cp = data;
b9710979 5028 bool changed, use_changed;
4e39ac81
MH		 5029 int err;
5030
5031 BT_DBG("request for %s", hdev->name);
5032
b9710979 5033 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5034 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
5035 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 5036
5037 hci_dev_lock(hdev);
5038
5039 if (cp->val)
238be788 5040 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 5041 else
a69d8927
MH		 5042 changed = hci_dev_test_and_clear_flag(hdev,
5043 HCI_KEEP_DEBUG_KEYS);
4e39ac81 5044
b9710979 5045 if (cp->val == 0x02)
238be788
MH		 5046 use_changed = !hci_dev_test_and_set_flag(hdev,
5047 HCI_USE_DEBUG_KEYS);
b9710979 5048 else
a69d8927
MH		 5049 use_changed = hci_dev_test_and_clear_flag(hdev,
5050 HCI_USE_DEBUG_KEYS);
b9710979
JH		 5051
5052 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 5053 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 5054 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
5055 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
5056 sizeof(mode), &mode);
5057 }
5058
4e39ac81
MH		 5059 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
5060 if (err < 0)
5061 goto unlock;
5062
5063 if (changed)
5064 err = new_settings(hdev, sk);
5065
5066unlock:
5067 hci_dev_unlock(hdev);
5068 return err;
5069}
5070
62b04cd1
JH		 5071static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5072 u16 len)
5073{
5074 struct mgmt_cp_set_privacy *cp = cp_data;
5075 bool changed;
5076 int err;
5077
5078 BT_DBG("request for %s", hdev->name);
5079
5080 if (!lmp_le_capable(hdev))
a69e8375
JH		 5081 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5082 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1
JH		 5083
5084 if (cp->privacy != 0x00 && cp->privacy != 0x01)
a69e8375
JH		 5085 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5086 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 5087
5088 if (hdev_is_powered(hdev))
a69e8375
JH		 5089 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
5090 MGMT_STATUS_REJECTED);
62b04cd1
JH		 5091
5092 hci_dev_lock(hdev);
5093
c21c0ea0
JH		 5094 /* If user space supports this command it is also expected to
5095 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
5096 */
a1536da2 5097 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 5098
62b04cd1 5099 if (cp->privacy) {
238be788 5100 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 5101 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 5102 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1 5103 } else {
a69d8927 5104 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 5105 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 5106 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
62b04cd1
JH		 5107 }
5108
5109 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
5110 if (err < 0)
5111 goto unlock;
5112
5113 if (changed)
5114 err = new_settings(hdev, sk);
5115
5116unlock:
5117 hci_dev_unlock(hdev);
5118 return err;
5119}
5120
41edf160
JH		 5121static bool irk_is_valid(struct mgmt_irk_info *irk)
5122{
5123 switch (irk->addr.type) {
5124 case BDADDR_LE_PUBLIC:
5125 return true;
5126
5127 case BDADDR_LE_RANDOM:
5128 /* Two most significant bits shall be set */
5129 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5130 return false;
5131 return true;
5132 }
5133
5134 return false;
5135}
5136
5137static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5138 u16 len)
5139{
5140 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5141 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5142 sizeof(struct mgmt_irk_info));
41edf160
JH		 5143 u16 irk_count, expected_len;
5144 int i, err;
5145
5146 BT_DBG("request for %s", hdev->name);
5147
5148 if (!lmp_le_capable(hdev))
a69e8375
JH		 5149 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5150 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5151
5152 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 5153 if (irk_count > max_irk_count) {
5154 BT_ERR("load_irks: too big irk_count value %u", irk_count);
a69e8375
JH		 5155 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5156 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5157 }
41edf160
JH		 5158
5159 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5160 if (expected_len != len) {
5161 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 5162 expected_len, len);
a69e8375
JH		 5163 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5164 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5165 }
5166
5167 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5168
5169 for (i = 0; i < irk_count; i++) {
5170 struct mgmt_irk_info *key = &cp->irks[i];
5171
5172 if (!irk_is_valid(key))
a69e8375
JH		 5173 return mgmt_cmd_status(sk, hdev->id,
5174 MGMT_OP_LOAD_IRKS,
5175 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5176 }
5177
5178 hci_dev_lock(hdev);
5179
5180 hci_smp_irks_clear(hdev);
5181
5182 for (i = 0; i < irk_count; i++) {
5183 struct mgmt_irk_info *irk = &cp->irks[i];
5184 u8 addr_type;
5185
5186 if (irk->addr.type == BDADDR_LE_PUBLIC)
5187 addr_type = ADDR_LE_DEV_PUBLIC;
5188 else
5189 addr_type = ADDR_LE_DEV_RANDOM;
5190
5191 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
5192 BDADDR_ANY);
5193 }
5194
a1536da2 5195 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5196
2a1afb5a 5197 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5198
5199 hci_dev_unlock(hdev);
5200
5201 return err;
5202}
5203
3f706b72
JH		 5204static bool ltk_is_valid(struct mgmt_ltk_info *key)
5205{
5206 if (key->master != 0x00 && key->master != 0x01)
5207 return false;
490cb0b3
MH		 5208
5209 switch (key->addr.type) {
5210 case BDADDR_LE_PUBLIC:
5211 return true;
5212
5213 case BDADDR_LE_RANDOM:
5214 /* Two most significant bits shall be set */
5215 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5216 return false;
5217 return true;
5218 }
5219
5220 return false;
3f706b72
JH		 5221}
5222
bdb6d971 5223static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5224 void *cp_data, u16 len)
346af67b 5225{
346af67b 5226 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5227 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5228 sizeof(struct mgmt_ltk_info));
346af67b 5229 u16 key_count, expected_len;
715a5bf2 5230 int i, err;
346af67b 5231
cf99ba13
MH		 5232 BT_DBG("request for %s", hdev->name);
5233
5234 if (!lmp_le_capable(hdev))
a69e8375
JH		 5235 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5236 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5237
1f350c87 5238 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 5239 if (key_count > max_key_count) {
5240 BT_ERR("load_ltks: too big key_count value %u", key_count);
a69e8375
JH		 5241 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5242 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5243 }
346af67b
VCG		 5244
5245 expected_len = sizeof(*cp) + key_count *
5246 sizeof(struct mgmt_ltk_info);
5247 if (expected_len != len) {
5248 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 5249 expected_len, len);
a69e8375
JH		 5250 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5251 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5252 }
5253
bdb6d971 5254 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5255
54ad6d8a
JH		 5256 for (i = 0; i < key_count; i++) {
5257 struct mgmt_ltk_info *key = &cp->keys[i];
5258
3f706b72 5259 if (!ltk_is_valid(key))
a69e8375
JH		 5260 return mgmt_cmd_status(sk, hdev->id,
5261 MGMT_OP_LOAD_LONG_TERM_KEYS,
5262 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5263 }
5264
346af67b
VCG		 5265 hci_dev_lock(hdev);
5266
5267 hci_smp_ltks_clear(hdev);
5268
5269 for (i = 0; i < key_count; i++) {
5270 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 5271 u8 type, addr_type, authenticated;
79d95a19
MH		 5272
5273 if (key->addr.type == BDADDR_LE_PUBLIC)
5274 addr_type = ADDR_LE_DEV_PUBLIC;
5275 else
5276 addr_type = ADDR_LE_DEV_RANDOM;
346af67b 5277
61b43357
JH		 5278 switch (key->type) {
5279 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5280 authenticated = 0x00;
23fb8de3 5281 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5282 break;
5283 case MGMT_LTK_AUTHENTICATED:
d7b25450 5284 authenticated = 0x01;
23fb8de3
JH		 5285 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5286 break;
5287 case MGMT_LTK_P256_UNAUTH:
5288 authenticated = 0x00;
5289 type = SMP_LTK_P256;
61b43357 5290 break;
23fb8de3
JH		 5291 case MGMT_LTK_P256_AUTH:
5292 authenticated = 0x01;
5293 type = SMP_LTK_P256;
61b43357 5294 break;
23fb8de3
JH		 5295 case MGMT_LTK_P256_DEBUG:
5296 authenticated = 0x00;
5297 type = SMP_LTK_P256_DEBUG;
61b43357
JH		 5298 default:
5299 continue;
5300 }
d7b25450 5301
35d70271 5302 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 5303 authenticated, key->val, key->enc_size, key->ediv,
35d70271 5304 key->rand);
346af67b
VCG		 5305 }
5306
2a1afb5a 5307 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5308 NULL, 0);
5309
346af67b 5310 hci_dev_unlock(hdev);
346af67b 5311
715a5bf2 5312 return err;
346af67b
VCG		 5313}
5314
3b0602cd 5315static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5316{
dd983808 5317 struct hci_conn *conn = cmd->user_data;
9981bdb0 5318 struct mgmt_rp_get_conn_info rp;
9df74653 5319 int err;
dd983808 5320
9981bdb0 5321 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5322
9981bdb0 5323 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5324 rp.rssi = conn->rssi;
9981bdb0
JH		 5325 rp.tx_power = conn->tx_power;
5326 rp.max_tx_power = conn->max_tx_power;
5327 } else {
5328 rp.rssi = HCI_RSSI_INVALID;
5329 rp.tx_power = HCI_TX_POWER_INVALID;
5330 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5331 }
5332
2a1afb5a
JH		 5333 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5334 status, &rp, sizeof(rp));
dd983808
AK		 5335
5336 hci_conn_drop(conn);
f8aaf9b6 5337 hci_conn_put(conn);
9df74653
JH		 5338
5339 return err;
dd983808
AK		 5340}
5341
1904a853
MH		 5342static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5343 u16 opcode)
dd983808
AK		 5344{
5345 struct hci_cp_read_rssi *cp;
3b0602cd 5346 struct mgmt_pending_cmd *cmd;
dd983808 5347 struct hci_conn *conn;
dd983808 5348 u16 handle;
9981bdb0 5349 u8 status;
dd983808 5350
9981bdb0 5351 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5352
5353 hci_dev_lock(hdev);
5354
dd983808
AK		 5355 /* Commands sent in request are either Read RSSI or Read Transmit Power
5356 * Level so we check which one was last sent to retrieve connection
5357 * handle. Both commands have handle as first parameter so it's safe to
5358 * cast data on the same command struct.
5359 *
5360 * First command sent is always Read RSSI and we fail only if it fails.
5361 * In other case we simply override error to indicate success as we
5362 * already remembered if TX power value is actually valid.
5363 */
5364 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5365 if (!cp) {
5366 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5367 status = MGMT_STATUS_SUCCESS;
5368 } else {
5369 status = mgmt_status(hci_status);
dd983808
AK		 5370 }
5371
5372 if (!cp) {
9981bdb0 5373 BT_ERR("invalid sent_cmd in conn_info response");
dd983808
AK		 5374 goto unlock;
5375 }
5376
5377 handle = __le16_to_cpu(cp->handle);
5378 conn = hci_conn_hash_lookup_handle(hdev, handle);
5379 if (!conn) {
9981bdb0 5380 BT_ERR("unknown handle (%d) in conn_info response", handle);
dd983808
AK		 5381 goto unlock;
5382 }
5383
9981bdb0
JH		 5384 cmd = mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
5385 if (!cmd)
5386 goto unlock;
dd983808 5387
9981bdb0
JH		 5388 cmd->cmd_complete(cmd, status);
5389 mgmt_pending_remove(cmd);
dd983808
AK		 5390
5391unlock:
5392 hci_dev_unlock(hdev);
5393}
5394
5395static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5396 u16 len)
5397{
5398 struct mgmt_cp_get_conn_info *cp = data;
5399 struct mgmt_rp_get_conn_info rp;
5400 struct hci_conn *conn;
5401 unsigned long conn_info_age;
5402 int err = 0;
5403
5404 BT_DBG("%s", hdev->name);
5405
5406 memset(&rp, 0, sizeof(rp));
5407 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5408 rp.addr.type = cp->addr.type;
5409
5410 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5411 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5412 MGMT_STATUS_INVALID_PARAMS,
5413 &rp, sizeof(rp));
dd983808
AK		 5414
5415 hci_dev_lock(hdev);
5416
5417 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5418 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5419 MGMT_STATUS_NOT_POWERED, &rp,
5420 sizeof(rp));
dd983808
AK		 5421 goto unlock;
5422 }
5423
5424 if (cp->addr.type == BDADDR_BREDR)
5425 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5426 &cp->addr.bdaddr);
5427 else
5428 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5429
5430 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5431 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5432 MGMT_STATUS_NOT_CONNECTED, &rp,
5433 sizeof(rp));
dd983808
AK		 5434 goto unlock;
5435 }
5436
9981bdb0 5437 if (mgmt_pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5438 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5439 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5440 goto unlock;
5441 }
5442
dd983808
AK		 5443 /* To avoid client trying to guess when to poll again for information we
5444 * calculate conn info age as random value between min/max set in hdev.
5445 */
5446 conn_info_age = hdev->conn_info_min_age +
5447 prandom_u32_max(hdev->conn_info_max_age -
5448 hdev->conn_info_min_age);
5449
5450 /* Query controller to refresh cached values if they are too old or were
5451 * never read.
5452 */
f4e2dd53
AK		 5453 if (time_after(jiffies, conn->conn_info_timestamp +
5454 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5455 !conn->conn_info_timestamp) {
5456 struct hci_request req;
5457 struct hci_cp_read_tx_power req_txp_cp;
5458 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5459 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5460
5461 hci_req_init(&req, hdev);
5462 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5463 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5464 &req_rssi_cp);
5465
f7faab0c
AK		 5466 /* For LE links TX power does not change thus we don't need to
5467 * query for it once value is known.
5468 */
5469 if (!bdaddr_type_is_le(cp->addr.type) ||
5470 conn->tx_power == HCI_TX_POWER_INVALID) {
5471 req_txp_cp.handle = cpu_to_le16(conn->handle);
5472 req_txp_cp.type = 0x00;
5473 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5474 sizeof(req_txp_cp), &req_txp_cp);
5475 }
dd983808 5476
eed5daf3
AK		 5477 /* Max TX power needs to be read only once per connection */
5478 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5479 req_txp_cp.handle = cpu_to_le16(conn->handle);
5480 req_txp_cp.type = 0x01;
5481 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5482 sizeof(req_txp_cp), &req_txp_cp);
5483 }
5484
dd983808
AK		 5485 err = hci_req_run(&req, conn_info_refresh_complete);
5486 if (err < 0)
5487 goto unlock;
5488
5489 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5490 data, len);
5491 if (!cmd) {
5492 err = -ENOMEM;
5493 goto unlock;
5494 }
5495
5496 hci_conn_hold(conn);
f8aaf9b6 5497 cmd->user_data = hci_conn_get(conn);
9981bdb0 5498 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5499
5500 conn->conn_info_timestamp = jiffies;
5501 } else {
5502 /* Cache is valid, just reply with values cached in hci_conn */
5503 rp.rssi = conn->rssi;
5504 rp.tx_power = conn->tx_power;
eed5daf3 5505 rp.max_tx_power = conn->max_tx_power;
dd983808 5506
2a1afb5a
JH		 5507 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5508 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5509 }
5510
5511unlock:
5512 hci_dev_unlock(hdev);
5513 return err;
5514}
5515
3b0602cd 5516static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5517{
69487371 5518 struct hci_conn *conn = cmd->user_data;
95868426 5519 struct mgmt_rp_get_clock_info rp;
69487371 5520 struct hci_dev *hdev;
9df74653 5521 int err;
69487371
JH		 5522
5523 memset(&rp, 0, sizeof(rp));
5524 memcpy(&rp.addr, &cmd->param, sizeof(rp.addr));
5525
5526 if (status)
5527 goto complete;
5528
5529 hdev = hci_dev_get(cmd->index);
5530 if (hdev) {
5531 rp.local_clock = cpu_to_le32(hdev->clock);
5532 hci_dev_put(hdev);
5533 }
5534
5535 if (conn) {
5536 rp.piconet_clock = cpu_to_le32(conn->clock);
5537 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5538 }
5539
5540complete:
2a1afb5a
JH		 5541 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5542 sizeof(rp));
69487371
JH		 5543
5544 if (conn) {
5545 hci_conn_drop(conn);
5546 hci_conn_put(conn);
5547 }
9df74653
JH		 5548
5549 return err;
69487371
JH		 5550}
5551
1904a853 5552static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5553{
95868426 5554 struct hci_cp_read_clock *hci_cp;
3b0602cd 5555 struct mgmt_pending_cmd *cmd;
95868426
JH		 5556 struct hci_conn *conn;
5557
5558 BT_DBG("%s status %u", hdev->name, status);
5559
5560 hci_dev_lock(hdev);
5561
5562 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5563 if (!hci_cp)
5564 goto unlock;
5565
5566 if (hci_cp->which) {
5567 u16 handle = __le16_to_cpu(hci_cp->handle);
5568 conn = hci_conn_hash_lookup_handle(hdev, handle);
5569 } else {
5570 conn = NULL;
5571 }
5572
5573 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5574 if (!cmd)
5575 goto unlock;
5576
69487371 5577 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5578 mgmt_pending_remove(cmd);
95868426
JH		 5579
5580unlock:
5581 hci_dev_unlock(hdev);
5582}
5583
5584static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5585 u16 len)
5586{
5587 struct mgmt_cp_get_clock_info *cp = data;
5588 struct mgmt_rp_get_clock_info rp;
5589 struct hci_cp_read_clock hci_cp;
3b0602cd 5590 struct mgmt_pending_cmd *cmd;
95868426
JH		 5591 struct hci_request req;
5592 struct hci_conn *conn;
5593 int err;
5594
5595 BT_DBG("%s", hdev->name);
5596
5597 memset(&rp, 0, sizeof(rp));
5598 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5599 rp.addr.type = cp->addr.type;
5600
5601 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5602 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5603 MGMT_STATUS_INVALID_PARAMS,
5604 &rp, sizeof(rp));
95868426
JH		 5605
5606 hci_dev_lock(hdev);
5607
5608 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5609 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5610 MGMT_STATUS_NOT_POWERED, &rp,
5611 sizeof(rp));
95868426
JH		 5612 goto unlock;
5613 }
5614
5615 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5616 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5617 &cp->addr.bdaddr);
5618 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5619 err = mgmt_cmd_complete(sk, hdev->id,
5620 MGMT_OP_GET_CLOCK_INFO,
5621 MGMT_STATUS_NOT_CONNECTED,
5622 &rp, sizeof(rp));
95868426
JH		 5623 goto unlock;
5624 }
5625 } else {
5626 conn = NULL;
5627 }
5628
5629 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5630 if (!cmd) {
5631 err = -ENOMEM;
5632 goto unlock;
5633 }
5634
69487371
JH		 5635 cmd->cmd_complete = clock_info_cmd_complete;
5636
95868426
JH		 5637 hci_req_init(&req, hdev);
5638
5639 memset(&hci_cp, 0, sizeof(hci_cp));
5640 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5641
5642 if (conn) {
5643 hci_conn_hold(conn);
f8aaf9b6 5644 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5645
5646 hci_cp.handle = cpu_to_le16(conn->handle);
5647 hci_cp.which = 0x01; /* Piconet clock */
5648 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5649 }
5650
5651 err = hci_req_run(&req, get_clock_info_complete);
5652 if (err < 0)
5653 mgmt_pending_remove(cmd);
5654
5655unlock:
5656 hci_dev_unlock(hdev);
5657 return err;
5658}
5659
5a154e6f
JH		 5660static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5661{
5662 struct hci_conn *conn;
5663
5664 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5665 if (!conn)
5666 return false;
5667
5668 if (conn->dst_type != type)
5669 return false;
5670
5671 if (conn->state != BT_CONNECTED)
5672 return false;
5673
5674 return true;
5675}
5676
5677/* This function requires the caller holds hdev->lock */
5678static int hci_conn_params_set(struct hci_request *req, bdaddr_t *addr,
5679 u8 addr_type, u8 auto_connect)
5680{
5681 struct hci_dev *hdev = req->hdev;
5682 struct hci_conn_params *params;
5683
5684 params = hci_conn_params_add(hdev, addr, addr_type);
5685 if (!params)
5686 return -EIO;
5687
5688 if (params->auto_connect == auto_connect)
5689 return 0;
5690
5691 list_del_init(&params->action);
5692
5693 switch (auto_connect) {
5694 case HCI_AUTO_CONN_DISABLED:
5695 case HCI_AUTO_CONN_LINK_LOSS:
5696 __hci_update_background_scan(req);
5697 break;
5698 case HCI_AUTO_CONN_REPORT:
5699 list_add(&params->action, &hdev->pend_le_reports);
5700 __hci_update_background_scan(req);
5701 break;
5702 case HCI_AUTO_CONN_DIRECT:
5703 case HCI_AUTO_CONN_ALWAYS:
5704 if (!is_connected(hdev, addr, addr_type)) {
5705 list_add(&params->action, &hdev->pend_le_conns);
5706 __hci_update_background_scan(req);
5707 }
5708 break;
5709 }
5710
5711 params->auto_connect = auto_connect;
5712
5713 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5714 auto_connect);
5715
5716 return 0;
5717}
5718
8afef092
MH		 5719static void device_added(struct sock *sk, struct hci_dev *hdev,
5720 bdaddr_t *bdaddr, u8 type, u8 action)
5721{
5722 struct mgmt_ev_device_added ev;
5723
5724 bacpy(&ev.addr.bdaddr, bdaddr);
5725 ev.addr.type = type;
5726 ev.action = action;
5727
5728 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5729}
5730
1904a853 5731static void add_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5a154e6f 5732{
3b0602cd 5733 struct mgmt_pending_cmd *cmd;
5a154e6f
JH		 5734
5735 BT_DBG("status 0x%02x", status);
5736
5737 hci_dev_lock(hdev);
5738
5739 cmd = mgmt_pending_find(MGMT_OP_ADD_DEVICE, hdev);
5740 if (!cmd)
5741 goto unlock;
5742
5743 cmd->cmd_complete(cmd, mgmt_status(status));
5744 mgmt_pending_remove(cmd);
5745
5746unlock:
5747 hci_dev_unlock(hdev);
5748}
5749
2faade53
MH		 5750static int add_device(struct sock *sk, struct hci_dev *hdev,
5751 void *data, u16 len)
5752{
5753 struct mgmt_cp_add_device *cp = data;
3b0602cd 5754 struct mgmt_pending_cmd *cmd;
5a154e6f 5755 struct hci_request req;
2faade53
MH		 5756 u8 auto_conn, addr_type;
5757 int err;
5758
5759 BT_DBG("%s", hdev->name);
5760
6659358e 5761 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5762 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5763 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5764 MGMT_STATUS_INVALID_PARAMS,
5765 &cp->addr, sizeof(cp->addr));
2faade53 5766
4b9e7e75 5767 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5768 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5769 MGMT_STATUS_INVALID_PARAMS,
5770 &cp->addr, sizeof(cp->addr));
2faade53 5771
5a154e6f
JH		 5772 hci_req_init(&req, hdev);
5773
2faade53
MH		 5774 hci_dev_lock(hdev);
5775
5a154e6f
JH		 5776 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_DEVICE, hdev, data, len);
5777 if (!cmd) {
5778 err = -ENOMEM;
5779 goto unlock;
5780 }
5781
5782 cmd->cmd_complete = addr_cmd_complete;
5783
6659358e 5784 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5785 /* Only incoming connections action is supported for now */
6659358e 5786 if (cp->action != 0x01) {
9df74653
JH		 5787 err = cmd->cmd_complete(cmd,
5788 MGMT_STATUS_INVALID_PARAMS);
5a154e6f 5789 mgmt_pending_remove(cmd);
6659358e
JH		 5790 goto unlock;
5791 }
5792
5793 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5794 cp->addr.type);
5795 if (err)
5796 goto unlock;
a397407f 5797
5a154e6f 5798 __hci_update_page_scan(&req);
a397407f 5799
6659358e
JH		 5800 goto added;
5801 }
5802
2faade53
MH		 5803 if (cp->addr.type == BDADDR_LE_PUBLIC)
5804 addr_type = ADDR_LE_DEV_PUBLIC;
5805 else
5806 addr_type = ADDR_LE_DEV_RANDOM;
5807
4b9e7e75 5808 if (cp->action == 0x02)
2faade53 5809 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5810 else if (cp->action == 0x01)
5811 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5812 else
a3451d27 5813 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5814
bf5b3c8b
MH		 5815 /* If the connection parameters don't exist for this device,
5816 * they will be created and configured with defaults.
5817 */
5a154e6f 5818 if (hci_conn_params_set(&req, &cp->addr.bdaddr, addr_type,
d06b50ce 5819 auto_conn) < 0) {
9df74653 5820 err = cmd->cmd_complete(cmd, MGMT_STATUS_FAILED);
5a154e6f 5821 mgmt_pending_remove(cmd);
2faade53
MH		 5822 goto unlock;
5823 }
5824
6659358e 5825added:
8afef092
MH		 5826 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5827
5a154e6f
JH		 5828 err = hci_req_run(&req, add_device_complete);
5829 if (err < 0) {
5830 /* ENODATA means no HCI commands were needed (e.g. if
5831 * the adapter is powered off).
5832 */
9df74653
JH		 5833 if (err == -ENODATA)
5834 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
5a154e6f
JH		 5835 mgmt_pending_remove(cmd);
5836 }
2faade53
MH		 5837
5838unlock:
5839 hci_dev_unlock(hdev);
5840 return err;
5841}
5842
8afef092
MH		 5843static void device_removed(struct sock *sk, struct hci_dev *hdev,
5844 bdaddr_t *bdaddr, u8 type)
5845{
5846 struct mgmt_ev_device_removed ev;
5847
5848 bacpy(&ev.addr.bdaddr, bdaddr);
5849 ev.addr.type = type;
5850
5851 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5852}
5853
1904a853 5854static void remove_device_complete(struct hci_dev *hdev, u8 status, u16 opcode)
51ef3ebe 5855{
3b0602cd 5856 struct mgmt_pending_cmd *cmd;
51ef3ebe
JH		 5857
5858 BT_DBG("status 0x%02x", status);
5859
5860 hci_dev_lock(hdev);
5861
5862 cmd = mgmt_pending_find(MGMT_OP_REMOVE_DEVICE, hdev);
5863 if (!cmd)
5864 goto unlock;
5865
5866 cmd->cmd_complete(cmd, mgmt_status(status));
5867 mgmt_pending_remove(cmd);
5868
5869unlock:
5870 hci_dev_unlock(hdev);
5871}
5872
2faade53
MH		 5873static int remove_device(struct sock *sk, struct hci_dev *hdev,
5874 void *data, u16 len)
5875{
5876 struct mgmt_cp_remove_device *cp = data;
3b0602cd 5877 struct mgmt_pending_cmd *cmd;
51ef3ebe 5878 struct hci_request req;
2faade53
MH		 5879 int err;
5880
5881 BT_DBG("%s", hdev->name);
5882
51ef3ebe
JH		 5883 hci_req_init(&req, hdev);
5884
2faade53
MH		 5885 hci_dev_lock(hdev);
5886
51ef3ebe
JH		 5887 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_DEVICE, hdev, data, len);
5888 if (!cmd) {
5889 err = -ENOMEM;
5890 goto unlock;
5891 }
5892
5893 cmd->cmd_complete = addr_cmd_complete;
5894
2faade53 5895 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5896 struct hci_conn_params *params;
2faade53
MH		 5897 u8 addr_type;
5898
6659358e 5899 if (!bdaddr_type_is_valid(cp->addr.type)) {
9df74653
JH		 5900 err = cmd->cmd_complete(cmd,
5901 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5902 mgmt_pending_remove(cmd);
2faade53
MH		 5903 goto unlock;
5904 }
5905
6659358e
JH		 5906 if (cp->addr.type == BDADDR_BREDR) {
5907 err = hci_bdaddr_list_del(&hdev->whitelist,
5908 &cp->addr.bdaddr,
5909 cp->addr.type);
5910 if (err) {
9df74653
JH		 5911 err = cmd->cmd_complete(cmd,
5912 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5913 mgmt_pending_remove(cmd);
6659358e
JH		 5914 goto unlock;
5915 }
5916
51ef3ebe 5917 __hci_update_page_scan(&req);
a397407f 5918
6659358e
JH		 5919 device_removed(sk, hdev, &cp->addr.bdaddr,
5920 cp->addr.type);
5921 goto complete;
5922 }
5923
2faade53
MH		 5924 if (cp->addr.type == BDADDR_LE_PUBLIC)
5925 addr_type = ADDR_LE_DEV_PUBLIC;
5926 else
5927 addr_type = ADDR_LE_DEV_RANDOM;
5928
c71593dd
JH		 5929 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5930 addr_type);
5931 if (!params) {
9df74653
JH		 5932 err = cmd->cmd_complete(cmd,
5933 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5934 mgmt_pending_remove(cmd);
c71593dd
JH		 5935 goto unlock;
5936 }
5937
5938 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
9df74653
JH		 5939 err = cmd->cmd_complete(cmd,
5940 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5941 mgmt_pending_remove(cmd);
c71593dd
JH		 5942 goto unlock;
5943 }
5944
d1dbf12e 5945 list_del(&params->action);
c71593dd
JH		 5946 list_del(&params->list);
5947 kfree(params);
51ef3ebe 5948 __hci_update_background_scan(&req);
8afef092
MH		 5949
5950 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5951 } else {
19de0825 5952 struct hci_conn_params *p, *tmp;
6659358e 5953 struct bdaddr_list *b, *btmp;
19de0825 5954
2faade53 5955 if (cp->addr.type) {
9df74653
JH		 5956 err = cmd->cmd_complete(cmd,
5957 MGMT_STATUS_INVALID_PARAMS);
51ef3ebe 5958 mgmt_pending_remove(cmd);
2faade53
MH		 5959 goto unlock;
5960 }
5961
6659358e
JH		 5962 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5963 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5964 list_del(&b->list);
5965 kfree(b);
5966 }
5967
51ef3ebe 5968 __hci_update_page_scan(&req);
a397407f 5969
19de0825
JH		 5970 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5971 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5972 continue;
5973 device_removed(sk, hdev, &p->addr, p->addr_type);
5974 list_del(&p->action);
5975 list_del(&p->list);
5976 kfree(p);
5977 }
5978
5979 BT_DBG("All LE connection parameters were removed");
5980
51ef3ebe 5981 __hci_update_background_scan(&req);
2faade53
MH		 5982 }
5983
6659358e 5984complete:
51ef3ebe
JH		 5985 err = hci_req_run(&req, remove_device_complete);
5986 if (err < 0) {
5987 /* ENODATA means no HCI commands were needed (e.g. if
5988 * the adapter is powered off).
5989 */
9df74653
JH		 5990 if (err == -ENODATA)
5991 err = cmd->cmd_complete(cmd, MGMT_STATUS_SUCCESS);
51ef3ebe
JH		 5992 mgmt_pending_remove(cmd);
5993 }
2faade53
MH		 5994
5995unlock:
5996 hci_dev_unlock(hdev);
5997 return err;
5998}
5999
a26f3dcf
JH		 6000static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
6001 u16 len)
6002{
6003 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 6004 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
6005 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 6006 u16 param_count, expected_len;
6007 int i;
6008
6009 if (!lmp_le_capable(hdev))
a69e8375
JH		 6010 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6011 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 6012
6013 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 6014 if (param_count > max_param_count) {
6015 BT_ERR("load_conn_param: too big param_count value %u",
6016 param_count);
a69e8375
JH		 6017 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6018 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6019 }
a26f3dcf
JH		 6020
6021 expected_len = sizeof(*cp) + param_count *
6022 sizeof(struct mgmt_conn_param);
6023 if (expected_len != len) {
6024 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
6025 expected_len, len);
a69e8375
JH		 6026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
6027 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 6028 }
6029
6030 BT_DBG("%s param_count %u", hdev->name, param_count);
6031
6032 hci_dev_lock(hdev);
6033
6034 hci_conn_params_clear_disabled(hdev);
6035
6036 for (i = 0; i < param_count; i++) {
6037 struct mgmt_conn_param *param = &cp->params[i];
6038 struct hci_conn_params *hci_param;
6039 u16 min, max, latency, timeout;
6040 u8 addr_type;
6041
6042 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
6043 param->addr.type);
6044
6045 if (param->addr.type == BDADDR_LE_PUBLIC) {
6046 addr_type = ADDR_LE_DEV_PUBLIC;
6047 } else if (param->addr.type == BDADDR_LE_RANDOM) {
6048 addr_type = ADDR_LE_DEV_RANDOM;
6049 } else {
6050 BT_ERR("Ignoring invalid connection parameters");
6051 continue;
6052 }
6053
6054 min = le16_to_cpu(param->min_interval);
6055 max = le16_to_cpu(param->max_interval);
6056 latency = le16_to_cpu(param->latency);
6057 timeout = le16_to_cpu(param->timeout);
6058
6059 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
6060 min, max, latency, timeout);
6061
6062 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
6063 BT_ERR("Ignoring invalid connection parameters");
6064 continue;
6065 }
6066
6067 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
6068 addr_type);
6069 if (!hci_param) {
6070 BT_ERR("Failed to add connection parameters");
6071 continue;
6072 }
6073
6074 hci_param->conn_min_interval = min;
6075 hci_param->conn_max_interval = max;
6076 hci_param->conn_latency = latency;
6077 hci_param->supervision_timeout = timeout;
6078 }
6079
6080 hci_dev_unlock(hdev);
6081
2a1afb5a
JH		 6082 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
6083 NULL, 0);
a26f3dcf
JH		 6084}
6085
dbece37a
MH		 6086static int set_external_config(struct sock *sk, struct hci_dev *hdev,
6087 void *data, u16 len)
6088{
6089 struct mgmt_cp_set_external_config *cp = data;
6090 bool changed;
6091 int err;
6092
6093 BT_DBG("%s", hdev->name);
6094
6095 if (hdev_is_powered(hdev))
a69e8375
JH		 6096 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6097 MGMT_STATUS_REJECTED);
dbece37a
MH		 6098
6099 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 6100 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6101 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 6102
6103 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 6104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
6105 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 6106
6107 hci_dev_lock(hdev);
6108
6109 if (cp->config)
238be788 6110 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 6111 else
a69d8927 6112 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 6113
6114 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
6115 if (err < 0)
6116 goto unlock;
6117
6118 if (!changed)
6119 goto unlock;
6120
f4537c04
MH		 6121 err = new_options(hdev, sk);
6122
d7a5a11d 6123 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 6124 mgmt_index_removed(hdev);
d603b76b 6125
516018a9 6126 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 6127 hci_dev_set_flag(hdev, HCI_CONFIG);
6128 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 6129
6130 queue_work(hdev->req_workqueue, &hdev->power_on);
6131 } else {
5ea234d3 6132 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 6133 mgmt_index_added(hdev);
6134 }
dbece37a
MH		 6135 }
6136
6137unlock:
6138 hci_dev_unlock(hdev);
6139 return err;
6140}
6141
9713c17b
MH		 6142static int set_public_address(struct sock *sk, struct hci_dev *hdev,
6143 void *data, u16 len)
6144{
6145 struct mgmt_cp_set_public_address *cp = data;
6146 bool changed;
6147 int err;
6148
6149 BT_DBG("%s", hdev->name);
6150
6151 if (hdev_is_powered(hdev))
a69e8375
JH		 6152 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6153 MGMT_STATUS_REJECTED);
9713c17b
MH		 6154
6155 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 6156 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6157 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 6158
6159 if (!hdev->set_bdaddr)
a69e8375
JH		 6160 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
6161 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 6162
6163 hci_dev_lock(hdev);
6164
6165 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
6166 bacpy(&hdev->public_addr, &cp->bdaddr);
6167
6168 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
6169 if (err < 0)
6170 goto unlock;
6171
6172 if (!changed)
6173 goto unlock;
6174
d7a5a11d 6175 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6176 err = new_options(hdev, sk);
6177
6178 if (is_configured(hdev)) {
6179 mgmt_index_removed(hdev);
6180
a358dc11 6181 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6182
a1536da2
MH		 6183 hci_dev_set_flag(hdev, HCI_CONFIG);
6184 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6185
6186 queue_work(hdev->req_workqueue, &hdev->power_on);
6187 }
6188
6189unlock:
6190 hci_dev_unlock(hdev);
6191 return err;
6192}
6193
6d785aa3 6194static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6195 { NULL }, /* 0x0000 (no command) */
b9a245fb
JH		 6196 { read_version, MGMT_READ_VERSION_SIZE,
6197 HCI_MGMT_NO_HDEV },
6198 { read_commands, MGMT_READ_COMMANDS_SIZE,
6199 HCI_MGMT_NO_HDEV },
6200 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
6201 HCI_MGMT_NO_HDEV },
6202 { read_controller_info, MGMT_READ_INFO_SIZE, 0 },
6203 { set_powered, MGMT_SETTING_SIZE, 0 },
6204 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE, 0 },
6205 { set_connectable, MGMT_SETTING_SIZE, 0 },
6206 { set_fast_connectable, MGMT_SETTING_SIZE, 0 },
6207 { set_bondable, MGMT_SETTING_SIZE, 0 },
6208 { set_link_security, MGMT_SETTING_SIZE, 0 },
6209 { set_ssp, MGMT_SETTING_SIZE, 0 },
6210 { set_hs, MGMT_SETTING_SIZE, 0 },
6211 { set_le, MGMT_SETTING_SIZE, 0 },
6212 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE, 0 },
6213 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE, 0 },
6214 { add_uuid, MGMT_ADD_UUID_SIZE, 0 },
6215 { remove_uuid, MGMT_REMOVE_UUID_SIZE, 0 },
6216 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6217 HCI_MGMT_VAR_LEN },
6218 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6219 HCI_MGMT_VAR_LEN },
6220 { disconnect, MGMT_DISCONNECT_SIZE, 0 },
6221 { get_connections, MGMT_GET_CONNECTIONS_SIZE, 0 },
6222 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE, 0 },
6223 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE, 0 },
6224 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE, 0 },
6225 { pair_device, MGMT_PAIR_DEVICE_SIZE, 0 },
6226 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE, 0 },
6227 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE, 0 },
6228 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE, 0 },
6229 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE, 0 },
6230 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE, 0 },
6231 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE, 0 },
6232 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6233 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6234 HCI_MGMT_VAR_LEN },
6235 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE, 0 },
6236 { start_discovery, MGMT_START_DISCOVERY_SIZE, 0 },
6237 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE, 0 },
6238 { confirm_name, MGMT_CONFIRM_NAME_SIZE, 0 },
6239 { block_device, MGMT_BLOCK_DEVICE_SIZE, 0 },
6240 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE, 0 },
6241 { set_device_id, MGMT_SET_DEVICE_ID_SIZE, 0 },
6242 { set_advertising, MGMT_SETTING_SIZE, 0 },
6243 { set_bredr, MGMT_SETTING_SIZE, 0 },
6244 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE, 0 },
6245 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE, 0 },
6246 { set_secure_conn, MGMT_SETTING_SIZE, 0 },
6247 { set_debug_keys, MGMT_SETTING_SIZE, 0 },
6248 { set_privacy, MGMT_SET_PRIVACY_SIZE, 0 },
6249 { load_irks, MGMT_LOAD_IRKS_SIZE,
6250 HCI_MGMT_VAR_LEN },
6251 { get_conn_info, MGMT_GET_CONN_INFO_SIZE, 0 },
6252 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE, 0 },
6253 { add_device, MGMT_ADD_DEVICE_SIZE, 0 },
6254 { remove_device, MGMT_REMOVE_DEVICE_SIZE, 0 },
6255 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6256 HCI_MGMT_VAR_LEN },
6257 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
6258 HCI_MGMT_NO_HDEV },
6259 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
6260 HCI_MGMT_UNCONFIGURED },
6261 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6262 HCI_MGMT_UNCONFIGURED },
6263 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6264 HCI_MGMT_UNCONFIGURED },
6265 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6266 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 6267};
6268
6d785aa3
JH		 6269int mgmt_control(struct hci_mgmt_chan *chan, struct sock *sk,
6270 struct msghdr *msg, size_t msglen)
0381101f 6271{
650f726d
VCG		 6272 void *buf;
6273 u8 *cp;
0381101f 6274 struct mgmt_hdr *hdr;
4e51eae9 6275 u16 opcode, index, len;
bdb6d971 6276 struct hci_dev *hdev = NULL;
6d785aa3 6277 const struct hci_mgmt_handler *handler;
b9a245fb 6278 bool var_len, no_hdev;
0381101f
JH		 6279 int err;
6280
6281 BT_DBG("got %zu bytes", msglen);
6282
6283 if (msglen < sizeof(*hdr))
6284 return -EINVAL;
6285
e63a15ec 6286 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 6287 if (!buf)
6288 return -ENOMEM;
6289
6ce8e9ce 6290 if (memcpy_from_msg(buf, msg, msglen)) {
0381101f
JH		 6291 err = -EFAULT;
6292 goto done;
6293 }
6294
650f726d 6295 hdr = buf;
1f350c87
MH		 6296 opcode = __le16_to_cpu(hdr->opcode);
6297 index = __le16_to_cpu(hdr->index);
6298 len = __le16_to_cpu(hdr->len);
0381101f
JH		 6299
6300 if (len != msglen - sizeof(*hdr)) {
6301 err = -EINVAL;
6302 goto done;
6303 }
6304
b9a245fb
JH		 6305 if (opcode >= chan->handler_count ||
6306 chan->handlers[opcode].func == NULL) {
6307 BT_DBG("Unknown op %u", opcode);
a69e8375
JH		 6308 err = mgmt_cmd_status(sk, index, opcode,
6309 MGMT_STATUS_UNKNOWN_COMMAND);
b9a245fb
JH		 6310 goto done;
6311 }
6312
6313 handler = &chan->handlers[opcode];
6314
0f4e68cf 6315 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 6316 hdev = hci_dev_get(index);
6317 if (!hdev) {
a69e8375
JH		 6318 err = mgmt_cmd_status(sk, index, opcode,
6319 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 6320 goto done;
6321 }
0736cfa8 6322
d7a5a11d
MH		 6323 if (hci_dev_test_flag(hdev, HCI_SETUP) ||
6324 hci_dev_test_flag(hdev, HCI_CONFIG) ||
6325 hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) {
a69e8375
JH		 6326 err = mgmt_cmd_status(sk, index, opcode,
6327 MGMT_STATUS_INVALID_INDEX);
0736cfa8
MH		 6328 goto done;
6329 }
42a9bc14 6330
d7a5a11d 6331 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) &&
b9a245fb 6332 !(handler->flags & HCI_MGMT_UNCONFIGURED)) {
a69e8375
JH		 6333 err = mgmt_cmd_status(sk, index, opcode,
6334 MGMT_STATUS_INVALID_INDEX);
42a9bc14
MH		 6335 goto done;
6336 }
bdb6d971
JH		 6337 }
6338
b9a245fb
JH		 6339 no_hdev = (handler->flags & HCI_MGMT_NO_HDEV);
6340 if (no_hdev != !hdev) {
a69e8375
JH		 6341 err = mgmt_cmd_status(sk, index, opcode,
6342 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 6343 goto done;
0381101f
JH		 6344 }
6345
b9a245fb
JH		 6346 var_len = (handler->flags & HCI_MGMT_VAR_LEN);
6347 if ((var_len && len < handler->data_len) ||
6348 (!var_len && len != handler->data_len)) {
a69e8375
JH		 6349 err = mgmt_cmd_status(sk, index, opcode,
6350 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 6351 goto done;
6352 }
6353
0f4e68cf
JH		 6354 if (hdev)
6355 mgmt_init_hdev(sk, hdev);
6356
6357 cp = buf + sizeof(*hdr);
6358
be22b54e 6359 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 6360 if (err < 0)
6361 goto done;
6362
0381101f
JH		 6363 err = msglen;
6364
6365done:
bdb6d971
JH		 6366 if (hdev)
6367 hci_dev_put(hdev);
6368
0381101f
JH		 6369 kfree(buf);
6370 return err;
6371}
c71e97bf 6372
bf6b56db 6373void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6374{
ced85549 6375 struct mgmt_ev_ext_index ev;
bb4b2a9a 6376
0602a8ad
MH		 6377 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6378 return;
6379
f9207338
MH		 6380 switch (hdev->dev_type) {
6381 case HCI_BREDR:
6382 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6383 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6384 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6385 ev.type = 0x01;
f9207338
MH		 6386 } else {
6387 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6388 HCI_MGMT_INDEX_EVENTS);
ced85549 6389 ev.type = 0x00;
f9207338
MH		 6390 }
6391 break;
ced85549
MH		 6392 case HCI_AMP:
6393 ev.type = 0x02;
6394 break;
6395 default:
6396 return;
f9207338 6397 }
ced85549
MH		 6398
6399 ev.bus = hdev->bus;
6400
6401 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6402 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6403}
6404
bf6b56db 6405void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6406{
ced85549 6407 struct mgmt_ev_ext_index ev;
5f159032 6408 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6409
0602a8ad
MH		 6410 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6411 return;
6412
f9207338
MH		 6413 switch (hdev->dev_type) {
6414 case HCI_BREDR:
6415 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6416
f9207338
MH		 6417 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6418 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6419 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6420 ev.type = 0x01;
f9207338
MH		 6421 } else {
6422 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6423 HCI_MGMT_INDEX_EVENTS);
ced85549 6424 ev.type = 0x00;
f9207338
MH		 6425 }
6426 break;
ced85549
MH		 6427 case HCI_AMP:
6428 ev.type = 0x02;
6429 break;
6430 default:
6431 return;
f9207338 6432 }
ced85549
MH		 6433
6434 ev.bus = hdev->bus;
6435
6436 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6437 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6438}
6439
6046dc3e 6440/* This function requires the caller holds hdev->lock */
2cf22218 6441static void restart_le_actions(struct hci_request *req)
6046dc3e 6442{
2cf22218 6443 struct hci_dev *hdev = req->hdev;
6046dc3e
AG		 6444 struct hci_conn_params *p;
6445
6446 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6447 /* Needed for AUTO_OFF case where might not "really"
6448 * have been powered off.
6449 */
6450 list_del_init(&p->action);
6451
6452 switch (p->auto_connect) {
4b9e7e75 6453 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 6454 case HCI_AUTO_CONN_ALWAYS:
6455 list_add(&p->action, &hdev->pend_le_conns);
6456 break;
6457 case HCI_AUTO_CONN_REPORT:
6458 list_add(&p->action, &hdev->pend_le_reports);
6459 break;
6460 default:
6461 break;
c83ed19d 6462 }
6046dc3e 6463 }
c83ed19d 6464
2cf22218 6465 __hci_update_background_scan(req);
6046dc3e
AG		 6466}
6467
1904a853 6468static void powered_complete(struct hci_dev *hdev, u8 status, u16 opcode)
229ab39c
JH		 6469{
6470 struct cmd_lookup match = { NULL, hdev };
6471
6472 BT_DBG("status 0x%02x", status);
6473
162a3bac
MH		 6474 if (!status) {
6475 /* Register the available SMP channels (BR/EDR and LE) only
6476 * when successfully powering on the controller. This late
6477 * registration is required so that LE SMP can clearly
6478 * decide if the public address or static address is used.
6479 */
6480 smp_register(hdev);
6481 }
6482
229ab39c
JH		 6483 hci_dev_lock(hdev);
6484
6485 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
6486
6487 new_settings(hdev, match.sk);
6488
6489 hci_dev_unlock(hdev);
6490
6491 if (match.sk)
6492 sock_put(match.sk);
6493}
6494
70da6243 6495static int powered_update_hci(struct hci_dev *hdev)
5add6af8 6496{
890ea898 6497 struct hci_request req;
70da6243 6498 u8 link_sec;
5add6af8 6499
890ea898
JH		 6500 hci_req_init(&req, hdev);
6501
d7a5a11d 6502 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED) &&
70da6243 6503 !lmp_host_ssp_capable(hdev)) {
574ea3c7 6504 u8 mode = 0x01;
5e5282bb 6505
574ea3c7
MH		 6506 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, sizeof(mode), &mode);
6507
6508 if (bredr_sc_enabled(hdev) && !lmp_host_sc_capable(hdev)) {
6509 u8 support = 0x01;
5add6af8 6510
574ea3c7
MH		 6511 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT,
6512 sizeof(support), &support);
6513 }
ec6f99b8
JH		 6514 }
6515
d7a5a11d 6516 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
c73eee91 6517 lmp_bredr_capable(hdev)) {
70da6243 6518 struct hci_cp_write_le_host_supported cp;
f0ff92fb 6519
32226e4f
MH		 6520 cp.le = 0x01;
6521 cp.simul = 0x00;
3d1cbdd6 6522
70da6243
JH		 6523 /* Check first if we already have the right
6524 * host state (host features set)
6525 */
6526 if (cp.le != lmp_host_le_capable(hdev) ||
6527 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 6528 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
6529 sizeof(cp), &cp);
70da6243 6530 }
3d1cbdd6 6531
d13eafce 6532 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 6533 /* Make sure the controller has a good default for
6534 * advertising data. This also applies to the case
6535 * where BR/EDR was toggled during the AUTO_OFF phase.
6536 */
d7a5a11d 6537 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
5947f4bc 6538 update_adv_data(&req);
f14d8f64
MH		 6539 update_scan_rsp_data(&req);
6540 }
441ad2d0 6541
d7a5a11d 6542 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
bba3aa55 6543 enable_advertising(&req);
2cf22218
JH		 6544
6545 restart_le_actions(&req);
eeca6f89
JH		 6546 }
6547
d7a5a11d 6548 link_sec = hci_dev_test_flag(hdev, HCI_LINK_SECURITY);
70da6243 6549 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 6550 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
6551 sizeof(link_sec), &link_sec);
562fcc24 6552
70da6243 6553 if (lmp_bredr_capable(hdev)) {
d7a5a11d 6554 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
406ef2a6
JH		 6555 write_fast_connectable(&req, true);
6556 else
6557 write_fast_connectable(&req, false);
1d2dc5b7 6558 __hci_update_page_scan(&req);
890ea898 6559 update_class(&req);
13928971 6560 update_name(&req);
890ea898 6561 update_eir(&req);
70da6243 6562 }
562fcc24 6563
229ab39c 6564 return hci_req_run(&req, powered_complete);
70da6243 6565}
562fcc24 6566
70da6243
JH		 6567int mgmt_powered(struct hci_dev *hdev, u8 powered)
6568{
6569 struct cmd_lookup match = { NULL, hdev };
9845904f 6570 u8 status, zero_cod[] = { 0, 0, 0 };
70da6243 6571 int err;
f0ff92fb 6572
d7a5a11d 6573 if (!hci_dev_test_flag(hdev, HCI_MGMT))
70da6243
JH		 6574 return 0;
6575
70da6243 6576 if (powered) {
229ab39c
JH		 6577 if (powered_update_hci(hdev) == 0)
6578 return 0;
fe038884 6579
229ab39c
JH		 6580 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
6581 &match);
6582 goto new_settings;
b24752fe
JH		 6583 }
6584
229ab39c 6585 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 6586
6587 /* If the power off is because of hdev unregistration let
6588 * use the appropriate INVALID_INDEX status. Otherwise use
6589 * NOT_POWERED. We cover both scenarios here since later in
6590 * mgmt_index_removed() any hci_conn callbacks will have already
6591 * been triggered, potentially causing misleading DISCONNECTED
6592 * status responses.
6593 */
d7a5a11d 6594 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 6595 status = MGMT_STATUS_INVALID_INDEX;
6596 else
6597 status = MGMT_STATUS_NOT_POWERED;
6598
6599 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c
JH		 6600
6601 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
6602 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
6603 zero_cod, sizeof(zero_cod), NULL);
6604
6605new_settings:
beadb2bd 6606 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 6607
6608 if (match.sk)
6609 sock_put(match.sk);
6610
7bb895d6 6611 return err;
5add6af8 6612}
73f22f62 6613
3eec705e 6614void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 6615{
3b0602cd 6616 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 6617 u8 status;
6618
6619 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6620 if (!cmd)
3eec705e 6621 return;
96570ffc
JH		 6622
6623 if (err == -ERFKILL)
6624 status = MGMT_STATUS_RFKILLED;
6625 else
6626 status = MGMT_STATUS_FAILED;
6627
a69e8375 6628 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 6629
6630 mgmt_pending_remove(cmd);
96570ffc
JH		 6631}
6632
d1967ff8
MH		 6633void mgmt_discoverable_timeout(struct hci_dev *hdev)
6634{
6635 struct hci_request req;
d1967ff8
MH		 6636
6637 hci_dev_lock(hdev);
6638
6639 /* When discoverable timeout triggers, then just make sure
6640 * the limited discoverable flag is cleared. Even in the case
6641 * of a timeout triggered from general discoverable, it is
6642 * safe to unconditionally clear the flag.
6643 */
a358dc11
MH		 6644 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
6645 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
d1967ff8
MH		 6646
6647 hci_req_init(&req, hdev);
d7a5a11d 6648 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
4b580614
JH		 6649 u8 scan = SCAN_PAGE;
6650 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
6651 sizeof(scan), &scan);
6652 }
d1967ff8 6653 update_class(&req);
9a43e25f 6654 update_adv_data(&req);
d1967ff8
MH		 6655 hci_req_run(&req, NULL);
6656
6657 hdev->discov_timeout = 0;
6658
9a43e25f
JH		 6659 new_settings(hdev, NULL);
6660
d1967ff8
MH		 6661 hci_dev_unlock(hdev);
6662}
6663
dc4a5ee2
MH		 6664void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
6665 bool persistent)
55ed8ca1 6666{
86742e1e 6667 struct mgmt_ev_new_link_key ev;
55ed8ca1 6668
a492cd52 6669 memset(&ev, 0, sizeof(ev));
55ed8ca1 6670
a492cd52 6671 ev.store_hint = persistent;
d753fdc4 6672 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 6673 ev.key.addr.type = BDADDR_BREDR;
a492cd52 6674 ev.key.type = key->type;
9b3b4460 6675 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 6676 ev.key.pin_len = key->pin_len;
55ed8ca1 6677
dc4a5ee2 6678 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 6679}
f7520543 6680
d7b25450
JH		 6681static u8 mgmt_ltk_type(struct smp_ltk *ltk)
6682{
23fb8de3
JH		 6683 switch (ltk->type) {
6684 case SMP_LTK:
6685 case SMP_LTK_SLAVE:
6686 if (ltk->authenticated)
6687 return MGMT_LTK_AUTHENTICATED;
6688 return MGMT_LTK_UNAUTHENTICATED;
6689 case SMP_LTK_P256:
6690 if (ltk->authenticated)
6691 return MGMT_LTK_P256_AUTH;
6692 return MGMT_LTK_P256_UNAUTH;
6693 case SMP_LTK_P256_DEBUG:
6694 return MGMT_LTK_P256_DEBUG;
6695 }
d7b25450
JH		 6696
6697 return MGMT_LTK_UNAUTHENTICATED;
6698}
6699
53ac6ab6 6700void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 6701{
6702 struct mgmt_ev_new_long_term_key ev;
6703
6704 memset(&ev, 0, sizeof(ev));
6705
5192d301
MH		 6706 /* Devices using resolvable or non-resolvable random addresses
6707 * without providing an indentity resolving key don't require
6708 * to store long term keys. Their addresses will change the
6709 * next time around.
6710 *
6711 * Only when a remote device provides an identity address
6712 * make sure the long term key is stored. If the remote
6713 * identity is known, the long term keys are internally
6714 * mapped to the identity address. So allow static random
6715 * and public addresses here.
6716 */
ba74b666
JH		 6717 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6718 (key->bdaddr.b[5] & 0xc0) != 0xc0)
6719 ev.store_hint = 0x00;
6720 else
53ac6ab6 6721 ev.store_hint = persistent;
ba74b666 6722
346af67b 6723 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 6724 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 6725 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 6726 ev.key.enc_size = key->enc_size;
6727 ev.key.ediv = key->ediv;
fe39c7b2 6728 ev.key.rand = key->rand;
346af67b 6729
2ceba539 6730 if (key->type == SMP_LTK)
346af67b
VCG		 6731 ev.key.master = 1;
6732
346af67b
VCG		 6733 memcpy(ev.key.val, key->val, sizeof(key->val));
6734
083368f7 6735 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 6736}
6737
95fbac8a
JH		 6738void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
6739{
6740 struct mgmt_ev_new_irk ev;
6741
6742 memset(&ev, 0, sizeof(ev));
6743
bab6d1e5
MH		 6744 /* For identity resolving keys from devices that are already
6745 * using a public address or static random address, do not
6746 * ask for storing this key. The identity resolving key really
6747 * is only mandatory for devices using resovlable random
6748 * addresses.
6749 *
6750 * Storing all identity resolving keys has the downside that
6751 * they will be also loaded on next boot of they system. More
6752 * identity resolving keys, means more time during scanning is
6753 * needed to actually resolve these addresses.
6754 */
6755 if (bacmp(&irk->rpa, BDADDR_ANY))
6756 ev.store_hint = 0x01;
6757 else
6758 ev.store_hint = 0x00;
6759
95fbac8a
JH		 6760 bacpy(&ev.rpa, &irk->rpa);
6761 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6762 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6763 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6764
6765 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6766}
6767
53ac6ab6
MH		 6768void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6769 bool persistent)
7ee4ea36
MH		 6770{
6771 struct mgmt_ev_new_csrk ev;
6772
6773 memset(&ev, 0, sizeof(ev));
6774
6775 /* Devices using resolvable or non-resolvable random addresses
6776 * without providing an indentity resolving key don't require
6777 * to store signature resolving keys. Their addresses will change
6778 * the next time around.
6779 *
6780 * Only when a remote device provides an identity address
6781 * make sure the signature resolving key is stored. So allow
6782 * static random and public addresses here.
6783 */
6784 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6785 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6786 ev.store_hint = 0x00;
6787 else
53ac6ab6 6788 ev.store_hint = persistent;
7ee4ea36
MH		 6789
6790 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6791 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 6792 ev.key.type = csrk->type;
7ee4ea36
MH		 6793 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6794
6795 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6796}
6797
ffb5a827 6798void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6799 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6800 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6801{
6802 struct mgmt_ev_new_conn_param ev;
6803
c103aea6
JH		 6804 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6805 return;
6806
ffb5a827
AG		 6807 memset(&ev, 0, sizeof(ev));
6808 bacpy(&ev.addr.bdaddr, bdaddr);
6809 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6810 ev.store_hint = store_hint;
ffb5a827
AG		 6811 ev.min_interval = cpu_to_le16(min_interval);
6812 ev.max_interval = cpu_to_le16(max_interval);
6813 ev.latency = cpu_to_le16(latency);
6814 ev.timeout = cpu_to_le16(timeout);
6815
6816 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6817}
6818
94933991
MH		 6819static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6820 u8 data_len)
6821{
6822 eir[eir_len++] = sizeof(type) + data_len;
6823 eir[eir_len++] = type;
6824 memcpy(&eir[eir_len], data, data_len);
6825 eir_len += data_len;
6826
6827 return eir_len;
6828}
6829
48ec92fa
AA		 6830void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
6831 u32 flags, u8 *name, u8 name_len)
f7520543 6832{
b644ba33
JH		 6833 char buf[512];
6834 struct mgmt_ev_device_connected *ev = (void *) buf;
6835 u16 eir_len = 0;
f7520543 6836
48ec92fa
AA		 6837 bacpy(&ev->addr.bdaddr, &conn->dst);
6838 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 6839
c95f0ba7 6840 ev->flags = __cpu_to_le32(flags);
08c79b61 6841
fd45ada9
AA		 6842 /* We must ensure that the EIR Data fields are ordered and
6843 * unique. Keep it simple for now and avoid the problem by not
6844 * adding any BR/EDR data to the LE adv.
6845 */
6846 if (conn->le_adv_data_len > 0) {
6847 memcpy(&ev->eir[eir_len],
6848 conn->le_adv_data, conn->le_adv_data_len);
6849 eir_len = conn->le_adv_data_len;
6850 } else {
6851 if (name_len > 0)
6852 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
6853 name, name_len);
b644ba33 6854
ddbea5cf 6855 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 6856 eir_len = eir_append_data(ev->eir, eir_len,
6857 EIR_CLASS_OF_DEV,
6858 conn->dev_class, 3);
6859 }
b644ba33 6860
eb55ef07 6861 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6862
ecd90ae7
MH		 6863 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6864 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6865}
6866
3b0602cd 6867static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 6868{
8962ee74 6869 struct sock **sk = data;
8962ee74 6870
f5818c22 6871 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 6872
6873 *sk = cmd->sk;
6874 sock_hold(*sk);
6875
a664b5bc 6876 mgmt_pending_remove(cmd);
8962ee74
JH		 6877}
6878
3b0602cd 6879static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 6880{
b1078ad0 6881 struct hci_dev *hdev = data;
124f6e35 6882 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 6883
b1078ad0
JH		 6884 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6885
d8b7b1e4 6886 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 6887 mgmt_pending_remove(cmd);
6888}
6889
84c61d92
JH		 6890bool mgmt_powering_down(struct hci_dev *hdev)
6891{
3b0602cd 6892 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 6893 struct mgmt_mode *cp;
6894
6895 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6896 if (!cmd)
6897 return false;
6898
6899 cp = cmd->param;
6900 if (!cp->val)
6901 return true;
6902
6903 return false;
6904}
6905
9b80ec5e 6906void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6907 u8 link_type, u8 addr_type, u8 reason,
6908 bool mgmt_connected)
f7520543 6909{
f0d6a0ea 6910 struct mgmt_ev_device_disconnected ev;
8962ee74 6911 struct sock *sk = NULL;
8962ee74 6912
84c61d92
JH		 6913 /* The connection is still in hci_conn_hash so test for 1
6914 * instead of 0 to know if this is the last one.
6915 */
6916 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6917 cancel_delayed_work(&hdev->power_off);
6918 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 6919 }
6920
12d4a3b2
JH		 6921 if (!mgmt_connected)
6922 return;
6923
57eb776f
AG		 6924 if (link_type != ACL_LINK && link_type != LE_LINK)
6925 return;
6926
744cf19e 6927 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6928
f0d6a0ea
MA		 6929 bacpy(&ev.addr.bdaddr, bdaddr);
6930 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6931 ev.reason = reason;
f7520543 6932
9b80ec5e 6933 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6934
6935 if (sk)
d97dcb66 6936 sock_put(sk);
8962ee74 6937
124f6e35 6938 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6939 hdev);
8962ee74
JH		 6940}
6941
7892924c
MH		 6942void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6943 u8 link_type, u8 addr_type, u8 status)
8962ee74 6944{
3655bba8
AG		 6945 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6946 struct mgmt_cp_disconnect *cp;
3b0602cd 6947 struct mgmt_pending_cmd *cmd;
8962ee74 6948
36a75f1b
JD		 6949 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6950 hdev);
6951
2e58ef3e 6952 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6953 if (!cmd)
7892924c 6954 return;
8962ee74 6955
3655bba8
AG		 6956 cp = cmd->param;
6957
6958 if (bacmp(bdaddr, &cp->addr.bdaddr))
6959 return;
6960
6961 if (cp->addr.type != bdaddr_type)
6962 return;
6963
f5818c22 6964 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 6965 mgmt_pending_remove(cmd);
f7520543 6966}
17d5c04c 6967
445608d0
MH		 6968void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6969 u8 addr_type, u8 status)
17d5c04c
JH		 6970{
6971 struct mgmt_ev_connect_failed ev;
c9910d0f 6972
84c61d92
JH		 6973 /* The connection is still in hci_conn_hash so test for 1
6974 * instead of 0 to know if this is the last one.
6975 */
6976 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
6977 cancel_delayed_work(&hdev->power_off);
6978 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 6979 }
17d5c04c 6980
4c659c39 6981 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6982 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6983 ev.status = mgmt_status(status);
17d5c04c 6984
445608d0 6985 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6986}
980e1a53 6987
ce0e4a0d 6988void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6989{
6990 struct mgmt_ev_pin_code_request ev;
6991
d8457698 6992 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6993 ev.addr.type = BDADDR_BREDR;
a770bb5a 6994 ev.secure = secure;
980e1a53 6995
ce0e4a0d 6996 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6997}
6998
e669cf80
MH		 6999void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7000 u8 status)
980e1a53 7001{
3b0602cd 7002 struct mgmt_pending_cmd *cmd;
980e1a53 7003
2e58ef3e 7004 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7005 if (!cmd)
e669cf80 7006 return;
980e1a53 7007
7776d1d8 7008 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7009 mgmt_pending_remove(cmd);
980e1a53
JH		 7010}
7011
3eb38528
MH		 7012void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7013 u8 status)
980e1a53 7014{
3b0602cd 7015 struct mgmt_pending_cmd *cmd;
980e1a53 7016
2e58ef3e 7017 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7018 if (!cmd)
3eb38528 7019 return;
980e1a53 7020
7776d1d8 7021 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7022 mgmt_pending_remove(cmd);
980e1a53 7023}
a5c29683 7024
744cf19e 7025int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7026 u8 link_type, u8 addr_type, u32 value,
04124681 7027 u8 confirm_hint)
a5c29683
JH		 7028{
7029 struct mgmt_ev_user_confirm_request ev;
7030
744cf19e 7031 BT_DBG("%s", hdev->name);
a5c29683 7032
272d90df 7033 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7034 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7035 ev.confirm_hint = confirm_hint;
39adbffe 7036 ev.value = cpu_to_le32(value);
a5c29683 7037
744cf19e 7038 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7039 NULL);
a5c29683
JH		 7040}
7041
272d90df 7042int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7043 u8 link_type, u8 addr_type)
604086b7
BG		 7044{
7045 struct mgmt_ev_user_passkey_request ev;
7046
7047 BT_DBG("%s", hdev->name);
7048
272d90df 7049 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7050 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7051
7052 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7053 NULL);
604086b7
BG		 7054}
7055
0df4c185 7056static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7057 u8 link_type, u8 addr_type, u8 status,
7058 u8 opcode)
a5c29683 7059{
3b0602cd 7060 struct mgmt_pending_cmd *cmd;
a5c29683 7061
2e58ef3e 7062 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 7063 if (!cmd)
7064 return -ENOENT;
7065
7776d1d8 7066 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7067 mgmt_pending_remove(cmd);
a5c29683 7068
7776d1d8 7069 return 0;
a5c29683
JH		 7070}
7071
744cf19e 7072int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7073 u8 link_type, u8 addr_type, u8 status)
a5c29683 7074{
272d90df 7075 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7076 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7077}
7078
272d90df 7079int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7080 u8 link_type, u8 addr_type, u8 status)
a5c29683 7081{
272d90df 7082 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7083 status,
7084 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7085}
2a611692 7086
604086b7 7087int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7088 u8 link_type, u8 addr_type, u8 status)
604086b7 7089{
272d90df 7090 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7091 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7092}
7093
272d90df 7094int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7095 u8 link_type, u8 addr_type, u8 status)
604086b7 7096{
272d90df 7097 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7098 status,
7099 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7100}
7101
92a25256
JH		 7102int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7103 u8 link_type, u8 addr_type, u32 passkey,
7104 u8 entered)
7105{
7106 struct mgmt_ev_passkey_notify ev;
7107
7108 BT_DBG("%s", hdev->name);
7109
7110 bacpy(&ev.addr.bdaddr, bdaddr);
7111 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7112 ev.passkey = __cpu_to_le32(passkey);
7113 ev.entered = entered;
7114
7115 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7116}
7117
e1e930f5 7118void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7119{
7120 struct mgmt_ev_auth_failed ev;
3b0602cd 7121 struct mgmt_pending_cmd *cmd;
e1e930f5 7122 u8 status = mgmt_status(hci_status);
2a611692 7123
e1e930f5
JH		 7124 bacpy(&ev.addr.bdaddr, &conn->dst);
7125 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7126 ev.status = status;
2a611692 7127
e1e930f5
JH		 7128 cmd = find_pairing(conn);
7129
7130 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7131 cmd ? cmd->sk : NULL);
7132
a511b35b
JH		 7133 if (cmd) {
7134 cmd->cmd_complete(cmd, status);
7135 mgmt_pending_remove(cmd);
7136 }
2a611692 7137}
b312b161 7138
464996ae 7139void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7140{
7141 struct cmd_lookup match = { NULL, hdev };
464996ae 7142 bool changed;
33ef95ed
JH		 7143
7144 if (status) {
7145 u8 mgmt_err = mgmt_status(status);
7146 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7147 cmd_status_rsp, &mgmt_err);
464996ae 7148 return;
33ef95ed
JH		 7149 }
7150
464996ae 7151 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7152 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7153 else
a69d8927 7154 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7155
33ef95ed 7156 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7157 &match);
33ef95ed 7158
47990ea0 7159 if (changed)
464996ae 7160 new_settings(hdev, match.sk);
33ef95ed
JH		 7161
7162 if (match.sk)
7163 sock_put(match.sk);
33ef95ed
JH		 7164}
7165
890ea898 7166static void clear_eir(struct hci_request *req)
cacaf52f 7167{
890ea898 7168 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7169 struct hci_cp_write_eir cp;
7170
976eb20e 7171 if (!lmp_ext_inq_capable(hdev))
890ea898 7172 return;
cacaf52f 7173
c80da27e
JH		 7174 memset(hdev->eir, 0, sizeof(hdev->eir));
7175
cacaf52f
JH		 7176 memset(&cp, 0, sizeof(cp));
7177
890ea898 7178 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7179}
7180
3e248560 7181void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7182{
7183 struct cmd_lookup match = { NULL, hdev };
890ea898 7184 struct hci_request req;
c0ecddc2 7185 bool changed = false;
ed2c4ee3
JH		 7186
7187 if (status) {
7188 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7189
a69d8927
MH		 7190 if (enable && hci_dev_test_and_clear_flag(hdev,
7191 HCI_SSP_ENABLED)) {
a358dc11 7192 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7193 new_settings(hdev, NULL);
9ecb3e24 7194 }
c0ecddc2 7195
04124681
GP		 7196 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7197 &mgmt_err);
3e248560 7198 return;
c0ecddc2
JH		 7199 }
7200
7201 if (enable) {
238be788 7202 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7203 } else {
a69d8927 7204 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7205 if (!changed)
a69d8927
MH		 7206 changed = hci_dev_test_and_clear_flag(hdev,
7207 HCI_HS_ENABLED);
9ecb3e24 7208 else
a358dc11 7209 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7210 }
7211
7212 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7213
c0ecddc2 7214 if (changed)
3e248560 7215 new_settings(hdev, match.sk);
ed2c4ee3 7216
5fc6ebb1 7217 if (match.sk)
ed2c4ee3
JH		 7218 sock_put(match.sk);
7219
890ea898
JH		 7220 hci_req_init(&req, hdev);
7221
d7a5a11d
MH		 7222 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7223 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7224 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7225 sizeof(enable), &enable);
890ea898 7226 update_eir(&req);
3769972b 7227 } else {
890ea898 7228 clear_eir(&req);
3769972b 7229 }
890ea898
JH		 7230
7231 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7232}
7233
3b0602cd 7234static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7235{
7236 struct cmd_lookup *match = data;
7237
90e70454
JH		 7238 if (match->sk == NULL) {
7239 match->sk = cmd->sk;
7240 sock_hold(match->sk);
7241 }
90e70454
JH		 7242}
7243
4e1b0245
MH		 7244void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7245 u8 status)
7f9a903c 7246{
90e70454 7247 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7248
92da6097
JH		 7249 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7250 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7251 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 7252
7253 if (!status)
4e1b0245
MH		 7254 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
7255 NULL);
90e70454
JH		 7256
7257 if (match.sk)
7258 sock_put(match.sk);
7f9a903c
MH		 7259}
7260
7667da34 7261void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7262{
b312b161 7263 struct mgmt_cp_set_local_name ev;
3b0602cd 7264 struct mgmt_pending_cmd *cmd;
28cc7bde 7265
13928971 7266 if (status)
7667da34 7267 return;
b312b161
JH		 7268
7269 memset(&ev, 0, sizeof(ev));
7270 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7271 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7272
2e58ef3e 7273 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7274 if (!cmd) {
7275 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7276
13928971
JH		 7277 /* If this is a HCI command related to powering on the
7278 * HCI dev don't send any mgmt signals.
7279 */
7280 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7281 return;
890ea898 7282 }
b312b161 7283
7667da34
MH		 7284 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7285 cmd ? cmd->sk : NULL);
b312b161 7286}
c35938b2 7287
4d2d2796 7288void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
38da1703
JH		 7289 u8 *rand192, u8 *hash256, u8 *rand256,
7290 u8 status)
c35938b2 7291{
3b0602cd 7292 struct mgmt_pending_cmd *cmd;
c35938b2 7293
744cf19e 7294 BT_DBG("%s status %u", hdev->name, status);
c35938b2 7295
2e58ef3e 7296 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 7297 if (!cmd)
3edaf092 7298 return;
c35938b2
SJ		 7299
7300 if (status) {
a69e8375
JH		 7301 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
7302 mgmt_status(status));
c35938b2 7303 } else {
66f096f7
JH		 7304 struct mgmt_rp_read_local_oob_data rp;
7305 size_t rp_size = sizeof(rp);
4d2d2796 7306
66f096f7
JH		 7307 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
7308 memcpy(rp.rand192, rand192, sizeof(rp.rand192));
c35938b2 7309
66f096f7 7310 if (bredr_sc_enabled(hdev) && hash256 && rand256) {
4d2d2796 7311 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
38da1703 7312 memcpy(rp.rand256, rand256, sizeof(rp.rand256));
4d2d2796 7313 } else {
66f096f7 7314 rp_size -= sizeof(rp.hash256) + sizeof(rp.rand256);
4d2d2796 7315 }
66f096f7 7316
2a1afb5a
JH		 7317 mgmt_cmd_complete(cmd->sk, hdev->id,
7318 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
7319 &rp, rp_size);
c35938b2
SJ		 7320 }
7321
7322 mgmt_pending_remove(cmd);
c35938b2 7323}
e17acd40 7324
799ce93d
JP		 7325static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7326{
7327 int i;
7328
7329 for (i = 0; i < uuid_count; i++) {
7330 if (!memcmp(uuid, uuids[i], 16))
7331 return true;
7332 }
7333
7334 return false;
7335}
7336
b487b9ce
MH		 7337static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7338{
799ce93d
JP		 7339 u16 parsed = 0;
7340
7341 while (parsed < eir_len) {
7342 u8 field_len = eir[0];
7343 u8 uuid[16];
7344 int i;
7345
7346 if (field_len == 0)
7347 break;
7348
7349 if (eir_len - parsed < field_len + 1)
7350 break;
7351
7352 switch (eir[1]) {
7353 case EIR_UUID16_ALL:
7354 case EIR_UUID16_SOME:
7355 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7356 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7357 uuid[13] = eir[i + 3];
7358 uuid[12] = eir[i + 2];
7359 if (has_uuid(uuid, uuid_count, uuids))
7360 return true;
7361 }
7362 break;
7363 case EIR_UUID32_ALL:
7364 case EIR_UUID32_SOME:
7365 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7366 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7367 uuid[15] = eir[i + 5];
7368 uuid[14] = eir[i + 4];
7369 uuid[13] = eir[i + 3];
7370 uuid[12] = eir[i + 2];
7371 if (has_uuid(uuid, uuid_count, uuids))
7372 return true;
7373 }
7374 break;
7375 case EIR_UUID128_ALL:
7376 case EIR_UUID128_SOME:
7377 for (i = 0; i + 17 <= field_len; i += 16) {
7378 memcpy(uuid, eir + i + 2, 16);
7379 if (has_uuid(uuid, uuid_count, uuids))
7380 return true;
7381 }
7382 break;
7383 }
7384
7385 parsed += field_len + 1;
7386 eir += field_len + 1;
7387 }
7388
b487b9ce
MH		 7389 return false;
7390}
7391
4b0e0ced
JP		 7392static void restart_le_scan(struct hci_dev *hdev)
7393{
7394 /* If controller is not scanning we are done. */
d7a5a11d 7395 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7396 return;
7397
7398 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7399 hdev->discovery.scan_start +
7400 hdev->discovery.scan_duration))
7401 return;
7402
7403 queue_delayed_work(hdev->workqueue, &hdev->le_scan_restart,
7404 DISCOV_LE_RESTART_DELAY);
7405}
7406
48f86b7f
JP		 7407static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7408 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7409{
48f86b7f
JP		 7410 /* If a RSSI threshold has been specified, and
7411 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7412 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7413 * is set, let it through for further processing, as we might need to
7414 * restart the scan.
efb2513f
MH		 7415 *
7416 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7417 * the results are also dropped.
bda157a4
MH		 7418 */
7419 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7420 (rssi == HCI_RSSI_INVALID ||
7421 (rssi < hdev->discovery.rssi &&
7422 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7423 return false;
efb2513f 7424
2976cdeb
JP		 7425 if (hdev->discovery.uuid_count != 0) {
7426 /* If a list of UUIDs is provided in filter, results with no
7427 * matching UUID should be dropped.
b487b9ce 7428 */
2976cdeb
JP		 7429 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7430 hdev->discovery.uuids) &&
7431 !eir_has_uuids(scan_rsp, scan_rsp_len,
7432 hdev->discovery.uuid_count,
7433 hdev->discovery.uuids))
7434 return false;
b487b9ce 7435 }
5d2e9fad 7436
2976cdeb
JP		 7437 /* If duplicate filtering does not report RSSI changes, then restart
7438 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7439 */
2976cdeb
JP		 7440 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7441 restart_le_scan(hdev);
7442
7443 /* Validate RSSI value against the RSSI threshold once more. */
7444 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7445 rssi < hdev->discovery.rssi)
7446 return false;
7447 }
48f86b7f
JP		 7448
7449 return true;
7450}
7451
7452void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7453 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7454 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7455{
7456 char buf[512];
7457 struct mgmt_ev_device_found *ev = (void *)buf;
7458 size_t ev_size;
7459
7460 /* Don't send events for a non-kernel initiated discovery. With
7461 * LE one exception is if we have pend_le_reports > 0 in which
7462 * case we're doing passive scanning and want these events.
7463 */
7464 if (!hci_discovery_active(hdev)) {
7465 if (link_type == ACL_LINK)
7466 return;
7467 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7468 return;
7469 }
7470
82f8b651 7471 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7472 /* We are using service discovery */
7473 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7474 scan_rsp_len))
7475 return;
7476 }
7477
7478 /* Make sure that the buffer is big enough. The 5 extra bytes
7479 * are for the potential CoD field.
7480 */
7481 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7482 return;
7483
48f86b7f
JP		 7484 memset(buf, 0, sizeof(buf));
7485
7486 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7487 * RSSI value was reported as 0 when not available. This behavior
7488 * is kept when using device discovery. This is required for full
7489 * backwards compatibility with the API.
7490 *
7491 * However when using service discovery, the value 127 will be
7492 * returned when the RSSI is not available.
7493 */
7494 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7495 link_type == ACL_LINK)
7496 rssi = 0;
7497
7498 bacpy(&ev->addr.bdaddr, bdaddr);
7499 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7500 ev->rssi = rssi;
7501 ev->flags = cpu_to_le32(flags);
7502
7503 if (eir_len > 0)
7504 /* Copy EIR or advertising data into event */
7505 memcpy(ev->eir, eir, eir_len);
7506
7507 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
7508 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7509 dev_class, 3);
7510
7511 if (scan_rsp_len > 0)
7512 /* Append scan response data to event */
7513 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7514
5d2e9fad
JH		 7515 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7516 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7517
901801b9 7518 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7519}
a88a9652 7520
9cf12aee
MH		 7521void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7522 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7523{
b644ba33
JH		 7524 struct mgmt_ev_device_found *ev;
7525 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7526 u16 eir_len;
a88a9652 7527
b644ba33 7528 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7529
b644ba33
JH		 7530 memset(buf, 0, sizeof(buf));
7531
7532 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7533 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7534 ev->rssi = rssi;
7535
7536 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7537 name_len);
b644ba33 7538
eb55ef07 7539 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7540
9cf12aee 7541 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7542}
314b2381 7543
2f1e063b 7544void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7545{
f963e8e9 7546 struct mgmt_ev_discovering ev;
164a6e78 7547
343fb145
AG		 7548 BT_DBG("%s discovering %u", hdev->name, discovering);
7549
f963e8e9
JH		 7550 memset(&ev, 0, sizeof(ev));
7551 ev.type = hdev->discovery.type;
7552 ev.discovering = discovering;
7553
2f1e063b 7554 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7555}
5e762444 7556
1904a853 7557static void adv_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
5976e608
MH		 7558{
7559 BT_DBG("%s status %u", hdev->name, status);
5976e608
MH		 7560}
7561
7562void mgmt_reenable_advertising(struct hci_dev *hdev)
7563{
7564 struct hci_request req;
7565
d7a5a11d 7566 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
5976e608
MH		 7567 return;
7568
7569 hci_req_init(&req, hdev);
7570 enable_advertising(&req);
0ec5ae84 7571 hci_req_run(&req, adv_enable_complete);
5976e608 7572}
6d785aa3
JH		 7573
7574static struct hci_mgmt_chan chan = {
7575 .channel = HCI_CHANNEL_CONTROL,
7576 .handler_count = ARRAY_SIZE(mgmt_handlers),
7577 .handlers = mgmt_handlers,
7578};
7579
7580int mgmt_init(void)
7581{
7582 return hci_mgmt_chan_register(&chan);
7583}
7584
7585void mgmt_exit(void)
7586{
7587 hci_mgmt_chan_unregister(&chan);
7588}
Empty description
This page took 1.897485 seconds and 4 git commands to generate.