projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 86
[linux-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
3310230c 41#define MGMT_REVISION 14
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 106 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 107 MGMT_OP_READ_EXT_INFO,
c4960ecf 108 MGMT_OP_SET_APPEARANCE,
e70bb2e8
JH		 109};
110
111static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
92a25256 132 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 133 MGMT_EV_NEW_IRK,
7ee4ea36 134 MGMT_EV_NEW_CSRK,
8afef092
MH		 135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
ffb5a827 137 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 138 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 139 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 140 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 146 MGMT_EV_EXT_INFO_CHANGED,
e70bb2e8
JH		 147};
148
99c679ac
MH		 149static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 155 MGMT_OP_READ_EXT_INFO,
99c679ac
MH		 156};
157
158static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 169 MGMT_EV_EXT_INFO_CHANGED,
99c679ac
MH		 170};
171
17b02e62 172#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 173
d25b78e2
JH		 174#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
ca69b795
JH		 177/* HCI to MGMT error code conversion table */
178static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
240};
241
242static u8 mgmt_status(u8 hci_status)
243{
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248}
249
c08b1a1d
MH		 250static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
f9207338 252{
c08b1a1d
MH		 253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
f9207338
MH		 255}
256
72000df2
MH		 257static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262}
263
7a00ff44
JH		 264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 268 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 269}
270
85813a7e
JH		 271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
03c979c4
MH		 279void mgmt_fill_version_info(void *ver)
280{
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285}
286
04124681
GP		 287static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
a38528f1
JH		 289{
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
03c979c4 294 mgmt_fill_version_info(&rp);
a38528f1 295
2a1afb5a
JH		 296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
a38528f1
JH		 298}
299
04124681
GP		 300static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
e70bb2e8
JH		 302{
303 struct mgmt_rp_read_commands *rp;
99c679ac 304 u16 num_commands, num_events;
e70bb2e8
JH		 305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
99c679ac
MH		 310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
e70bb2e8
JH		 318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
dcf4adbf
JP		 324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 326
99c679ac
MH		 327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 332
99c679ac
MH		 333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
e70bb2e8 344
2a1afb5a
JH		 345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
e70bb2e8
JH		 347 kfree(rp);
348
349 return err;
350}
351
04124681
GP		 352static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
faba42eb 354{
faba42eb 355 struct mgmt_rp_read_index_list *rp;
8035ded4 356 struct hci_dev *d;
a38528f1 357 size_t rp_len;
faba42eb 358 u16 count;
476e44cb 359 int err;
faba42eb
JH		 360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
bb4b2a9a 366 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 367 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 369 count++;
faba42eb
JH		 370 }
371
a38528f1
JH		 372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
b2c60d42 375 read_unlock(&hci_dev_list_lock);
faba42eb 376 return -ENOMEM;
b2c60d42 377 }
faba42eb 378
476e44cb 379 count = 0;
8035ded4 380 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 384 continue;
385
73d1df2a
MH		 386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
388 */
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 390 continue;
391
ca8bee5d 392 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
faba42eb
JH		 397 }
398
476e44cb
JH		 399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
faba42eb
JH		 402 read_unlock(&hci_dev_list_lock);
403
2a1afb5a
JH		 404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
faba42eb 406
a38528f1
JH		 407 kfree(rp);
408
409 return err;
faba42eb
JH		 410}
411
73d1df2a
MH		 412static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414{
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 427 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 444 continue;
445
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
448 */
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
ca8bee5d 452 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
2a1afb5a
JH		 464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 466
467 kfree(rp);
468
469 return err;
470}
471
96f1474a
MH		 472static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474{
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
96f1474a
MH		 477 u16 count;
478 int err;
479
480 BT_DBG("sock %p", sk);
481
482 read_lock(&hci_dev_list_lock);
483
484 count = 0;
485 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 486 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 487 count++;
488 }
489
4a67e5d4 490 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
96f1474a
MH		 491 if (!rp) {
492 read_unlock(&hci_dev_list_lock);
493 return -ENOMEM;
494 }
495
496 count = 0;
497 list_for_each_entry(d, &hci_dev_list, list) {
498 if (hci_dev_test_flag(d, HCI_SETUP) ||
499 hci_dev_test_flag(d, HCI_CONFIG) ||
500 hci_dev_test_flag(d, HCI_USER_CHANNEL))
501 continue;
502
503 /* Devices marked as raw-only are neither configured
504 * nor unconfigured controllers.
505 */
506 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
507 continue;
508
ca8bee5d 509 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 510 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
511 rp->entry[count].type = 0x01;
512 else
513 rp->entry[count].type = 0x00;
514 } else if (d->dev_type == HCI_AMP) {
515 rp->entry[count].type = 0x02;
516 } else {
517 continue;
518 }
519
520 rp->entry[count].bus = d->bus;
521 rp->entry[count++].index = cpu_to_le16(d->id);
522 BT_DBG("Added hci%u", d->id);
523 }
524
525 rp->num_controllers = cpu_to_le16(count);
96f1474a
MH		 526
527 read_unlock(&hci_dev_list_lock);
528
529 /* If this command is called at least once, then all the
530 * default index and unconfigured index events are disabled
531 * and from now on only extended index events are used.
532 */
533 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
534 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
535 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
536
537 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4a67e5d4
GS		 538 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
539 struct_size(rp, entry, count));
96f1474a
MH		 540
541 kfree(rp);
542
543 return err;
544}
545
dbece37a
MH		 546static bool is_configured(struct hci_dev *hdev)
547{
548 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 549 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 550 return false;
551
7a0e5b15
MK		 552 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
553 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
dbece37a
MH		 554 !bacmp(&hdev->public_addr, BDADDR_ANY))
555 return false;
556
557 return true;
558}
559
89bc22d2
MH		 560static __le32 get_missing_options(struct hci_dev *hdev)
561{
562 u32 options = 0;
563
dbece37a 564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 565 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 566 options |= MGMT_OPTION_EXTERNAL_CONFIG;
567
7a0e5b15
MK		 568 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
569 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
89bc22d2
MH		 570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574}
575
f4537c04
MH		 576static int new_options(struct hci_dev *hdev, struct sock *skip)
577{
578 __le32 options = get_missing_options(hdev);
579
5504c3a3
MH		 580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 582}
583
dbece37a
MH		 584static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585{
586 __le32 options = get_missing_options(hdev);
587
2a1afb5a
JH		 588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
dbece37a
MH		 590}
591
9fc3bfb6
MH		 592static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594{
595 struct mgmt_rp_read_config_info rp;
89bc22d2 596 u32 options = 0;
9fc3bfb6
MH		 597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 604
eb1904f4
MH		 605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
9fc3bfb6 608 if (hdev->set_bdaddr)
89bc22d2
MH		 609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 613
614 hci_dev_unlock(hdev);
615
2a1afb5a
JH		 616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
9fc3bfb6
MH		 618}
619
6244691f
JK		 620static u32 get_supported_phys(struct hci_dev *hdev)
621{
622 u32 supported_phys = 0;
623
624 if (lmp_bredr_capable(hdev)) {
625 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
626
627 if (hdev->features[0][0] & LMP_3SLOT)
628 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
629
630 if (hdev->features[0][0] & LMP_5SLOT)
631 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
632
633 if (lmp_edr_2m_capable(hdev)) {
634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
635
636 if (lmp_edr_3slot_capable(hdev))
637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
638
639 if (lmp_edr_5slot_capable(hdev))
640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
641
642 if (lmp_edr_3m_capable(hdev)) {
643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
644
645 if (lmp_edr_3slot_capable(hdev))
646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
647
648 if (lmp_edr_5slot_capable(hdev))
649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
650 }
651 }
652 }
653
654 if (lmp_le_capable(hdev)) {
655 supported_phys |= MGMT_PHY_LE_1M_TX;
656 supported_phys |= MGMT_PHY_LE_1M_RX;
657
658 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
659 supported_phys |= MGMT_PHY_LE_2M_TX;
660 supported_phys |= MGMT_PHY_LE_2M_RX;
661 }
662
663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
664 supported_phys |= MGMT_PHY_LE_CODED_TX;
665 supported_phys |= MGMT_PHY_LE_CODED_RX;
666 }
667 }
668
669 return supported_phys;
670}
671
672static u32 get_selected_phys(struct hci_dev *hdev)
673{
674 u32 selected_phys = 0;
675
676 if (lmp_bredr_capable(hdev)) {
677 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
678
679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
680 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
681
682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
683 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
684
685 if (lmp_edr_2m_capable(hdev)) {
686 if (!(hdev->pkt_type & HCI_2DH1))
687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
688
689 if (lmp_edr_3slot_capable(hdev) &&
690 !(hdev->pkt_type & HCI_2DH3))
691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
692
693 if (lmp_edr_5slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH5))
695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
696
697 if (lmp_edr_3m_capable(hdev)) {
698 if (!(hdev->pkt_type & HCI_3DH1))
699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
700
701 if (lmp_edr_3slot_capable(hdev) &&
702 !(hdev->pkt_type & HCI_3DH3))
703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
704
705 if (lmp_edr_5slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH5))
707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
708 }
709 }
710 }
711
712 if (lmp_le_capable(hdev)) {
713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
714 selected_phys |= MGMT_PHY_LE_1M_TX;
715
716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
717 selected_phys |= MGMT_PHY_LE_1M_RX;
718
719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
720 selected_phys |= MGMT_PHY_LE_2M_TX;
721
722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
723 selected_phys |= MGMT_PHY_LE_2M_RX;
724
725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
726 selected_phys |= MGMT_PHY_LE_CODED_TX;
727
728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
729 selected_phys |= MGMT_PHY_LE_CODED_RX;
730 }
731
732 return selected_phys;
733}
734
735static u32 get_configurable_phys(struct hci_dev *hdev)
736{
737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
739}
740
69ab39ea
JH		 741static u32 get_supported_settings(struct hci_dev *hdev)
742{
743 u32 settings = 0;
744
745 settings |= MGMT_SETTING_POWERED;
b2939475 746 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 747 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 748 settings |= MGMT_SETTING_CONNECTABLE;
749 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 750
ed3fa31f 751 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
753 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 754 settings |= MGMT_SETTING_BREDR;
755 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 756
757 if (lmp_ssp_capable(hdev)) {
758 settings |= MGMT_SETTING_SSP;
759 settings |= MGMT_SETTING_HS;
760 }
e98d2ce2 761
05b3c3e7 762 if (lmp_sc_capable(hdev))
e98d2ce2 763 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 764 }
d7b7e796 765
eeca6f89 766 if (lmp_le_capable(hdev)) {
9d42820f 767 settings |= MGMT_SETTING_LE;
eeca6f89 768 settings |= MGMT_SETTING_ADVERTISING;
a3209694 769 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 770 settings |= MGMT_SETTING_PRIVACY;
93690c22 771 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 772 }
69ab39ea 773
eb1904f4
MH		 774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
775 hdev->set_bdaddr)
9fc3bfb6
MH		 776 settings |= MGMT_SETTING_CONFIGURATION;
777
6244691f
JK		 778 settings |= MGMT_SETTING_PHY_CONFIGURATION;
779
69ab39ea
JH		 780 return settings;
781}
782
783static u32 get_current_settings(struct hci_dev *hdev)
784{
785 u32 settings = 0;
786
f1f0eb02 787 if (hdev_is_powered(hdev))
f0d4b78a
MH		 788 settings |= MGMT_SETTING_POWERED;
789
d7a5a11d 790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 791 settings |= MGMT_SETTING_CONNECTABLE;
792
d7a5a11d 793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 794 settings |= MGMT_SETTING_FAST_CONNECTABLE;
795
d7a5a11d 796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 797 settings |= MGMT_SETTING_DISCOVERABLE;
798
d7a5a11d 799 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 800 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 801
d7a5a11d 802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 803 settings |= MGMT_SETTING_BREDR;
804
d7a5a11d 805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 806 settings |= MGMT_SETTING_LE;
807
d7a5a11d 808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 809 settings |= MGMT_SETTING_LINK_SECURITY;
810
d7a5a11d 811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 812 settings |= MGMT_SETTING_SSP;
813
d7a5a11d 814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 815 settings |= MGMT_SETTING_HS;
816
d7a5a11d 817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 818 settings |= MGMT_SETTING_ADVERTISING;
819
d7a5a11d 820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 821 settings |= MGMT_SETTING_SECURE_CONN;
822
d7a5a11d 823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 824 settings |= MGMT_SETTING_DEBUG_KEYS;
825
d7a5a11d 826 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 827 settings |= MGMT_SETTING_PRIVACY;
828
93690c22
MH		 829 /* The current setting for static address has two purposes. The
830 * first is to indicate if the static address will be used and
831 * the second is to indicate if it is actually set.
832 *
833 * This means if the static address is not configured, this flag
08dc0e98 834 * will never be set. If the address is configured, then if the
93690c22
MH		 835 * address is actually used decides if the flag is set or not.
836 *
837 * For single mode LE only controllers and dual-mode controllers
838 * with BR/EDR disabled, the existence of the static address will
839 * be evaluated.
840 */
b7cb93e5 841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
844 if (bacmp(&hdev->static_addr, BDADDR_ANY))
845 settings |= MGMT_SETTING_STATIC_ADDRESS;
846 }
847
69ab39ea
JH		 848 return settings;
849}
850
333ae95d
JH		 851static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
852{
853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
854}
855
333ae95d
JH		 856static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
857 struct hci_dev *hdev,
858 const void *data)
859{
860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
861}
862
f2252570 863u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 864{
3b0602cd 865 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 866
867 /* If there's a pending mgmt command the flags will not yet have
868 * their final values, so check for this first.
869 */
333ae95d 870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 871 if (cmd) {
872 struct mgmt_mode *cp = cmd->param;
873 if (cp->val == 0x01)
874 return LE_AD_GENERAL;
875 else if (cp->val == 0x02)
876 return LE_AD_LIMITED;
877 } else {
d7a5a11d 878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 879 return LE_AD_LIMITED;
d7a5a11d 880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 881 return LE_AD_GENERAL;
882 }
883
884 return 0;
885}
886
f2252570 887bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 888{
889 struct mgmt_pending_cmd *cmd;
441ad2d0 890
fdf51784
AU		 891 /* If there's a pending mgmt command the flag will not yet have
892 * it's final value, so check for this first.
893 */
894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
895 if (cmd) {
896 struct mgmt_mode *cp = cmd->param;
441ad2d0 897
fdf51784 898 return cp->val;
441ad2d0
MH		 899 }
900
fdf51784
AU		 901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
902}
441ad2d0 903
7d78525d
JH		 904static void service_cache_off(struct work_struct *work)
905{
906 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 907 service_cache.work);
890ea898 908 struct hci_request req;
7d78525d 909
a69d8927 910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 911 return;
912
890ea898
JH		 913 hci_req_init(&req, hdev);
914
7d78525d
JH		 915 hci_dev_lock(hdev);
916
b1a8917c 917 __hci_req_update_eir(&req);
14bf5eac 918 __hci_req_update_class(&req);
7d78525d
JH		 919
920 hci_dev_unlock(hdev);
890ea898
JH		 921
922 hci_req_run(&req, NULL);
7d78525d
JH		 923}
924
d6bfd59c
JH		 925static void rpa_expired(struct work_struct *work)
926{
927 struct hci_dev *hdev = container_of(work, struct hci_dev,
928 rpa_expired.work);
929 struct hci_request req;
930
931 BT_DBG("");
932
a1536da2 933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 934
d7a5a11d 935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 936 return;
937
938 /* The generation of a new RPA and programming it into the
f2252570
JH		 939 * controller happens in the hci_req_enable_advertising()
940 * function.
d6bfd59c 941 */
d6bfd59c 942 hci_req_init(&req, hdev);
de181e88
JK		 943 if (ext_adv_capable(hdev))
944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
945 else
946 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 947 hci_req_run(&req, NULL);
948}
949
6a919082 950static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 951{
238be788 952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 953 return;
954
4f87da80 955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 957
4f87da80
JH		 958 /* Non-mgmt controlled devices get this bit set
959 * implicitly so that pairing works for them, however
960 * for mgmt we require user-space to explicitly enable
961 * it
962 */
a358dc11 963 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 964}
965
0f4e68cf 966static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 967 void *data, u16 data_len)
0381101f 968{
a38528f1 969 struct mgmt_rp_read_info rp;
f7b64e69 970
bdb6d971 971 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 972
09fd0de5 973 hci_dev_lock(hdev);
f7b64e69 974
dc4fe30b
JH		 975 memset(&rp, 0, sizeof(rp));
976
69ab39ea 977 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 978
69ab39ea 979 rp.version = hdev->hci_ver;
eb55ef07 980 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 981
982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
983 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 984
a38528f1 985 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 986
dc4fe30b 987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 989
09fd0de5 990 hci_dev_unlock(hdev);
0381101f 991
2a1afb5a
JH		 992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
993 sizeof(rp));
0381101f
JH		 994}
995
cde7a863
MN		 996static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
997{
998 u16 eir_len = 0;
999 size_t name_len;
1000
1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1003 hdev->dev_class, 3);
1004
6a9e90bf
SJ		 1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1007 hdev->appearance);
1008
cde7a863
MN		 1009 name_len = strlen(hdev->dev_name);
1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1011 hdev->dev_name, name_len);
1012
1013 name_len = strlen(hdev->short_name);
1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1015 hdev->short_name, name_len);
1016
1017 return eir_len;
1018}
1019
321c6fee
MH		 1020static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1021 void *data, u16 data_len)
1022{
7d5c11da
SJ		 1023 char buf[512];
1024 struct mgmt_rp_read_ext_info *rp = (void *)buf;
cde7a863 1025 u16 eir_len;
321c6fee
MH		 1026
1027 BT_DBG("sock %p %s", sk, hdev->name);
1028
7d5c11da
SJ		 1029 memset(&buf, 0, sizeof(buf));
1030
321c6fee
MH		 1031 hci_dev_lock(hdev);
1032
7d5c11da
SJ		 1033 bacpy(&rp->bdaddr, &hdev->bdaddr);
1034
1035 rp->version = hdev->hci_ver;
1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1037
1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1040
321c6fee 1041
cde7a863 1042 eir_len = append_eir_data_to_buf(hdev, rp->eir);
8a0c9f49 1043 rp->eir_len = cpu_to_le16(eir_len);
321c6fee
MH		 1044
1045 hci_dev_unlock(hdev);
1046
1047 /* If this command is called at least once, then the events
1048 * for class of device and local name changes are disabled
1049 * and only the new extended controller information event
1050 * is used.
1051 */
1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1055
8a0c9f49
MN		 1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1057 sizeof(*rp) + eir_len);
321c6fee
MH		 1058}
1059
1060static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1061{
5e9fae48
MN		 1062 char buf[512];
1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1064 u16 eir_len;
1065
1066 memset(buf, 0, sizeof(buf));
321c6fee 1067
5e9fae48
MN		 1068 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1069 ev->eir_len = cpu_to_le16(eir_len);
321c6fee 1070
5e9fae48
MN		 1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1072 sizeof(*ev) + eir_len,
1073 HCI_MGMT_EXT_INFO_EVENTS, skip);
321c6fee
MH		 1074}
1075
69ab39ea 1076static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1077{
69ab39ea 1078 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1079
2a1afb5a
JH		 1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1081 sizeof(settings));
8680570b
JH		 1082}
1083
1904a853 1084static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1085{
1086 BT_DBG("%s status 0x%02x", hdev->name, status);
1087
a3172b7e
JH		 1088 if (hci_conn_count(hdev) == 0) {
1089 cancel_delayed_work(&hdev->power_off);
8b064a3a 1090 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1091 }
8b064a3a
JH		 1092}
1093
f2252570 1094void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1095{
1096 struct mgmt_ev_advertising_added ev;
1097
1098 ev.instance = instance;
1099
1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1101}
1102
f2252570
JH		 1103void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1104 u8 instance)
912098a6
AU		 1105{
1106 struct mgmt_ev_advertising_removed ev;
1107
1108 ev.instance = instance;
1109
1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1111}
1112
7816b820
FG		 1113static void cancel_adv_timeout(struct hci_dev *hdev)
1114{
1115 if (hdev->adv_instance_timeout) {
1116 hdev->adv_instance_timeout = 0;
1117 cancel_delayed_work(&hdev->adv_instance_expire);
1118 }
1119}
1120
8b064a3a
JH		 1121static int clean_up_hci_state(struct hci_dev *hdev)
1122{
1123 struct hci_request req;
1124 struct hci_conn *conn;
23a48093
JH		 1125 bool discov_stopped;
1126 int err;
8b064a3a
JH		 1127
1128 hci_req_init(&req, hdev);
1129
1130 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1131 test_bit(HCI_PSCAN, &hdev->flags)) {
1132 u8 scan = 0x00;
1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1134 }
1135
37d3a1fa 1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
912098a6 1137
d7a5a11d 1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1139 __hci_req_disable_advertising(&req);
8b064a3a 1140
2154d3f4 1141 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1142
1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1144 /* 0x15 == Terminated due to Power Off */
1145 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1146 }
1147
23a48093
JH		 1148 err = hci_req_run(&req, clean_up_hci_complete);
1149 if (!err && discov_stopped)
1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1151
1152 return err;
8b064a3a
JH		 1153}
1154
bdb6d971 1155static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1156 u16 len)
eec8d2bc 1157{
650f726d 1158 struct mgmt_mode *cp = data;
3b0602cd 1159 struct mgmt_pending_cmd *cmd;
4b34ee78 1160 int err;
eec8d2bc 1161
bdb6d971 1162 BT_DBG("request for %s", hdev->name);
eec8d2bc 1163
a7e80f25 1164 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1166 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1167
09fd0de5 1168 hci_dev_lock(hdev);
eec8d2bc 1169
333ae95d 1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1172 MGMT_STATUS_BUSY);
87b95ba6
JH		 1173 goto failed;
1174 }
1175
4b34ee78 1176 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1178 goto failed;
1179 }
1180
2e58ef3e 1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1182 if (!cmd) {
1183 err = -ENOMEM;
eec8d2bc 1184 goto failed;
366a0336 1185 }
eec8d2bc 1186
8b064a3a 1187 if (cp->val) {
19202573 1188 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1189 err = 0;
1190 } else {
1191 /* Disconnect connections, stop scans, etc */
1192 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1193 if (!err)
1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1195 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1196
8b064a3a
JH		 1197 /* ENODATA means there were no HCI commands queued */
1198 if (err == -ENODATA) {
a3172b7e 1199 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1200 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1201 err = 0;
1202 }
1203 }
eec8d2bc
JH		 1204
1205failed:
09fd0de5 1206 hci_dev_unlock(hdev);
366a0336 1207 return err;
eec8d2bc
JH		 1208}
1209
beadb2bd
JH		 1210static int new_settings(struct hci_dev *hdev, struct sock *skip)
1211{
f6b7712e 1212 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1213
5504c3a3
MH		 1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
beadb2bd
JH		 1216}
1217
91a668b0
JH		 1218int mgmt_new_settings(struct hci_dev *hdev)
1219{
1220 return new_settings(hdev, NULL);
1221}
1222
bd99abdd
JH		 1223struct cmd_lookup {
1224 struct sock *sk;
1225 struct hci_dev *hdev;
1226 u8 mgmt_status;
1227};
1228
3b0602cd 1229static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1230{
1231 struct cmd_lookup *match = data;
1232
1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1234
1235 list_del(&cmd->list);
1236
1237 if (match->sk == NULL) {
1238 match->sk = cmd->sk;
1239 sock_hold(match->sk);
1240 }
1241
1242 mgmt_pending_free(cmd);
1243}
1244
3b0602cd 1245static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1246{
1247 u8 *status = data;
1248
a69e8375 1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1250 mgmt_pending_remove(cmd);
1251}
1252
3b0602cd 1253static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1254{
1255 if (cmd->cmd_complete) {
1256 u8 *status = data;
1257
1258 cmd->cmd_complete(cmd, *status);
1259 mgmt_pending_remove(cmd);
1260
1261 return;
1262 }
1263
1264 cmd_status_rsp(cmd, data);
1265}
1266
3b0602cd 1267static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1268{
2a1afb5a
JH		 1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1270 cmd->param, cmd->param_len);
f5818c22
JH		 1271}
1272
3b0602cd 1273static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1274{
2a1afb5a
JH		 1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1276 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1277}
1278
e6fe7986
JH		 1279static u8 mgmt_bredr_support(struct hci_dev *hdev)
1280{
1281 if (!lmp_bredr_capable(hdev))
1282 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1284 return MGMT_STATUS_REJECTED;
1285 else
1286 return MGMT_STATUS_SUCCESS;
1287}
1288
1289static u8 mgmt_le_support(struct hci_dev *hdev)
1290{
1291 if (!lmp_le_capable(hdev))
1292 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1294 return MGMT_STATUS_REJECTED;
1295 else
1296 return MGMT_STATUS_SUCCESS;
1297}
1298
aed1a885 1299void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1300{
3b0602cd 1301 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1302
1303 BT_DBG("status 0x%02x", status);
1304
1305 hci_dev_lock(hdev);
1306
333ae95d 1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1308 if (!cmd)
1309 goto unlock;
1310
1311 if (status) {
1312 u8 mgmt_err = mgmt_status(status);
a69e8375 1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1315 goto remove_cmd;
1316 }
1317
aed1a885
JH		 1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1319 hdev->discov_timeout > 0) {
1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1322 }
bfaf8c9f
JH		 1323
1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1325 new_settings(hdev, cmd->sk);
970ba524 1326
bfaf8c9f
JH		 1327remove_cmd:
1328 mgmt_pending_remove(cmd);
1329
1330unlock:
1331 hci_dev_unlock(hdev);
1332}
1333
bdb6d971 1334static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1335 u16 len)
73f22f62 1336{
650f726d 1337 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1338 struct mgmt_pending_cmd *cmd;
5e5282bb 1339 u16 timeout;
73f22f62
JH		 1340 int err;
1341
bdb6d971 1342 BT_DBG("request for %s", hdev->name);
73f22f62 1343
d7a5a11d
MH		 1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1347 MGMT_STATUS_REJECTED);
33c525c0 1348
310a3d48 1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1352
1f350c87 1353 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1354
1355 /* Disabling discoverable requires that no timeout is set,
1356 * and enabling limited discoverable requires a timeout.
1357 */
1358 if ((cp->val == 0x00 && timeout > 0) ||
1359 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1361 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1362
09fd0de5 1363 hci_dev_lock(hdev);
73f22f62 1364
5e5282bb 1365 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1367 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1368 goto failed;
1369 }
1370
333ae95d
JH		 1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1374 MGMT_STATUS_BUSY);
73f22f62
JH		 1375 goto failed;
1376 }
1377
d7a5a11d 1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1380 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1381 goto failed;
1382 }
1383
1384 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1385 bool changed = false;
1386
310a3d48
MH		 1387 /* Setting limited discoverable when powered off is
1388 * not a valid operation since it requires a timeout
1389 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1390 */
d7a5a11d 1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1393 changed = true;
1394 }
1395
5e5282bb 1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1397 if (err < 0)
1398 goto failed;
1399
1400 if (changed)
1401 err = new_settings(hdev, sk);
1402
5e5282bb
JH		 1403 goto failed;
1404 }
1405
310a3d48
MH		 1406 /* If the current mode is the same, then just update the timeout
1407 * value with the new value. And if only the timeout gets updated,
1408 * then no need for any HCI transactions.
1409 */
d7a5a11d
MH		 1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1411 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1412 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1413 cancel_delayed_work(&hdev->discov_off);
1414 hdev->discov_timeout = timeout;
955638ec 1415
36261547
MH		 1416 if (cp->val && hdev->discov_timeout > 0) {
1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1418 queue_delayed_work(hdev->req_workqueue,
1419 &hdev->discov_off, to);
955638ec
MH		 1420 }
1421
69ab39ea 1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1423 goto failed;
1424 }
1425
2e58ef3e 1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1427 if (!cmd) {
1428 err = -ENOMEM;
73f22f62 1429 goto failed;
366a0336 1430 }
73f22f62 1431
310a3d48
MH		 1432 /* Cancel any potential discoverable timeout that might be
1433 * still active and store new timeout value. The arming of
1434 * the timeout happens in the complete handler.
1435 */
1436 cancel_delayed_work(&hdev->discov_off);
1437 hdev->discov_timeout = timeout;
1438
aed1a885
JH		 1439 if (cp->val)
1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1441 else
1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1443
b456f87c
JH		 1444 /* Limited discoverable mode */
1445 if (cp->val == 0x02)
a1536da2 1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1447 else
a358dc11 1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1449
aed1a885
JH		 1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1451 err = 0;
73f22f62
JH		 1452
1453failed:
09fd0de5 1454 hci_dev_unlock(hdev);
73f22f62
JH		 1455 return err;
1456}
1457
53c0ba74 1458void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1459{
3b0602cd 1460 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1461
1462 BT_DBG("status 0x%02x", status);
1463
1464 hci_dev_lock(hdev);
1465
333ae95d 1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1467 if (!cmd)
1468 goto unlock;
1469
37438c1f
JH		 1470 if (status) {
1471 u8 mgmt_err = mgmt_status(status);
a69e8375 1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1473 goto remove_cmd;
1474 }
1475
2b76f453 1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1477 new_settings(hdev, cmd->sk);
d7b856f9 1478
37438c1f 1479remove_cmd:
2b76f453
JH		 1480 mgmt_pending_remove(cmd);
1481
1482unlock:
1483 hci_dev_unlock(hdev);
1484}
1485
e8ba3a1f
JH		 1486static int set_connectable_update_settings(struct hci_dev *hdev,
1487 struct sock *sk, u8 val)
1488{
1489 bool changed = false;
1490 int err;
1491
d7a5a11d 1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1493 changed = true;
1494
1495 if (val) {
a1536da2 1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1497 } else {
a358dc11
MH		 1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1500 }
1501
1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1503 if (err < 0)
1504 return err;
1505
562064e6 1506 if (changed) {
01b1cb87 1507 hci_req_update_scan(hdev);
562064e6 1508 hci_update_background_scan(hdev);
e8ba3a1f 1509 return new_settings(hdev, sk);
562064e6 1510 }
e8ba3a1f
JH		 1511
1512 return 0;
1513}
1514
bdb6d971 1515static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1516 u16 len)
9fbcbb45 1517{
650f726d 1518 struct mgmt_mode *cp = data;
3b0602cd 1519 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1520 int err;
1521
bdb6d971 1522 BT_DBG("request for %s", hdev->name);
9fbcbb45 1523
d7a5a11d
MH		 1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1527 MGMT_STATUS_REJECTED);
33c525c0 1528
a7e80f25 1529 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1531 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1532
09fd0de5 1533 hci_dev_lock(hdev);
9fbcbb45 1534
4b34ee78 1535 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1536 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1537 goto failed;
1538 }
1539
333ae95d
JH		 1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1543 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1544 goto failed;
1545 }
1546
2e58ef3e 1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1548 if (!cmd) {
1549 err = -ENOMEM;
9fbcbb45 1550 goto failed;
366a0336 1551 }
9fbcbb45 1552
53c0ba74
JH		 1553 if (cp->val) {
1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1555 } else {
1556 if (hdev->discov_timeout > 0)
1557 cancel_delayed_work(&hdev->discov_off);
2b76f453 1558
53c0ba74
JH		 1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1562 }
2b76f453 1563
53c0ba74
JH		 1564 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1565 err = 0;
9fbcbb45
JH		 1566
1567failed:
09fd0de5 1568 hci_dev_unlock(hdev);
9fbcbb45
JH		 1569 return err;
1570}
1571
b2939475 1572static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1573 u16 len)
c542a06c 1574{
650f726d 1575 struct mgmt_mode *cp = data;
55594356 1576 bool changed;
c542a06c
JH		 1577 int err;
1578
bdb6d971 1579 BT_DBG("request for %s", hdev->name);
c542a06c 1580
a7e80f25 1581 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1584
09fd0de5 1585 hci_dev_lock(hdev);
c542a06c
JH		 1586
1587 if (cp->val)
238be788 1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1589 else
a69d8927 1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1591
b2939475 1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1593 if (err < 0)
55594356 1594 goto unlock;
c542a06c 1595
82a37ade
JH		 1596 if (changed) {
1597 /* In limited privacy mode the change of bondable mode
1598 * may affect the local advertising address.
1599 */
1600 if (hdev_is_powered(hdev) &&
1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1604 queue_work(hdev->req_workqueue,
1605 &hdev->discoverable_update);
1606
55594356 1607 err = new_settings(hdev, sk);
82a37ade 1608 }
c542a06c 1609
55594356 1610unlock:
09fd0de5 1611 hci_dev_unlock(hdev);
c542a06c
JH		 1612 return err;
1613}
1614
04124681
GP		 1615static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1616 u16 len)
33ef95ed
JH		 1617{
1618 struct mgmt_mode *cp = data;
3b0602cd 1619 struct mgmt_pending_cmd *cmd;
e6fe7986 1620 u8 val, status;
33ef95ed
JH		 1621 int err;
1622
bdb6d971 1623 BT_DBG("request for %s", hdev->name);
33ef95ed 1624
e6fe7986
JH		 1625 status = mgmt_bredr_support(hdev);
1626 if (status)
a69e8375
JH		 1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1628 status);
33c525c0 1629
a7e80f25 1630 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1632 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1633
33ef95ed
JH		 1634 hci_dev_lock(hdev);
1635
4b34ee78 1636 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1637 bool changed = false;
1638
d7a5a11d 1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1641 changed = true;
1642 }
1643
1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1645 if (err < 0)
1646 goto failed;
1647
1648 if (changed)
1649 err = new_settings(hdev, sk);
1650
33ef95ed
JH		 1651 goto failed;
1652 }
1653
333ae95d 1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1656 MGMT_STATUS_BUSY);
33ef95ed
JH		 1657 goto failed;
1658 }
1659
1660 val = !!cp->val;
1661
1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1664 goto failed;
1665 }
1666
1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1668 if (!cmd) {
1669 err = -ENOMEM;
1670 goto failed;
1671 }
1672
1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1674 if (err < 0) {
1675 mgmt_pending_remove(cmd);
1676 goto failed;
1677 }
1678
1679failed:
1680 hci_dev_unlock(hdev);
33ef95ed
JH		 1681 return err;
1682}
1683
bdb6d971 1684static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1685{
1686 struct mgmt_mode *cp = data;
3b0602cd 1687 struct mgmt_pending_cmd *cmd;
72ef0c1a 1688 u8 status;
ed2c4ee3
JH		 1689 int err;
1690
bdb6d971 1691 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1692
cdba5281
MH		 1693 status = mgmt_bredr_support(hdev);
1694 if (status)
a69e8375 1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1696
13ecd8b6 1697 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1699 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1700
a7e80f25 1701 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1704
13ecd8b6 1705 hci_dev_lock(hdev);
6c8f12c1 1706
4b34ee78 1707 if (!hdev_is_powered(hdev)) {
9ecb3e24 1708 bool changed;
c0ecddc2 1709
9ecb3e24 1710 if (cp->val) {
238be788
MH		 1711 changed = !hci_dev_test_and_set_flag(hdev,
1712 HCI_SSP_ENABLED);
9ecb3e24 1713 } else {
a69d8927
MH		 1714 changed = hci_dev_test_and_clear_flag(hdev,
1715 HCI_SSP_ENABLED);
9ecb3e24 1716 if (!changed)
a69d8927
MH		 1717 changed = hci_dev_test_and_clear_flag(hdev,
1718 HCI_HS_ENABLED);
9ecb3e24 1719 else
a358dc11 1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1721 }
1722
1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1724 if (err < 0)
1725 goto failed;
1726
1727 if (changed)
1728 err = new_settings(hdev, sk);
1729
ed2c4ee3
JH		 1730 goto failed;
1731 }
1732
333ae95d 1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1735 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1736 goto failed;
1737 }
1738
d7a5a11d 1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1741 goto failed;
1742 }
1743
1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1745 if (!cmd) {
1746 err = -ENOMEM;
1747 goto failed;
1748 }
1749
d7a5a11d 1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1752 sizeof(cp->val), &cp->val);
1753
72ef0c1a 1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1755 if (err < 0) {
1756 mgmt_pending_remove(cmd);
1757 goto failed;
1758 }
1759
1760failed:
1761 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1762 return err;
1763}
1764
bdb6d971 1765static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1766{
1767 struct mgmt_mode *cp = data;
ee392693 1768 bool changed;
e6fe7986 1769 u8 status;
ee392693 1770 int err;
6d80dfd0 1771
bdb6d971 1772 BT_DBG("request for %s", hdev->name);
6d80dfd0 1773
e6fe7986
JH		 1774 status = mgmt_bredr_support(hdev);
1775 if (status)
a69e8375 1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1777
9ecb3e24 1778 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1780 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1781
d7a5a11d 1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_REJECTED);
9ecb3e24 1785
a7e80f25 1786 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1789
ee392693
MH		 1790 hci_dev_lock(hdev);
1791
333ae95d 1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1794 MGMT_STATUS_BUSY);
a2cb01de
JH		 1795 goto unlock;
1796 }
1797
a0cdf960 1798 if (cp->val) {
238be788 1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1800 } else {
1801 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1803 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1804 goto unlock;
1805 }
1806
a69d8927 1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1808 }
ee392693
MH		 1809
1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1811 if (err < 0)
1812 goto unlock;
1813
1814 if (changed)
1815 err = new_settings(hdev, sk);
6d80dfd0 1816
ee392693
MH		 1817unlock:
1818 hci_dev_unlock(hdev);
1819 return err;
6d80dfd0
JH		 1820}
1821
1904a853 1822static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1823{
1824 struct cmd_lookup match = { NULL, hdev };
1825
3ad67582
JK		 1826 hci_dev_lock(hdev);
1827
416a4ae5
JH		 1828 if (status) {
1829 u8 mgmt_err = mgmt_status(status);
1830
1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1832 &mgmt_err);
3ad67582 1833 goto unlock;
416a4ae5
JH		 1834 }
1835
1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1837
1838 new_settings(hdev, match.sk);
1839
1840 if (match.sk)
1841 sock_put(match.sk);
441ad2d0
MH		 1842
1843 /* Make sure the controller has a good default for
1844 * advertising data. Restrict the update to when LE
1845 * has actually been enabled. During power on, the
1846 * update in powered_update_hci will take care of it.
1847 */
d7a5a11d 1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0 1849 struct hci_request req;
441ad2d0 1850 hci_req_init(&req, hdev);
a0fb3726
JK		 1851 if (ext_adv_capable(hdev)) {
1852 int err;
1853
1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1855 if (!err)
1856 __hci_req_update_scan_rsp_data(&req, 0x00);
1857 } else {
1858 __hci_req_update_adv_data(&req, 0x00);
1859 __hci_req_update_scan_rsp_data(&req, 0x00);
1860 }
441ad2d0 1861 hci_req_run(&req, NULL);
2e93e53b 1862 hci_update_background_scan(hdev);
441ad2d0 1863 }
3ad67582
JK		 1864
1865unlock:
1866 hci_dev_unlock(hdev);
416a4ae5
JH		 1867}
1868
bdb6d971 1869static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1870{
1871 struct mgmt_mode *cp = data;
1872 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1873 struct mgmt_pending_cmd *cmd;
416a4ae5 1874 struct hci_request req;
06199cf8 1875 int err;
0b60eba1 1876 u8 val, enabled;
06199cf8 1877
bdb6d971 1878 BT_DBG("request for %s", hdev->name);
06199cf8 1879
13ecd8b6 1880 if (!lmp_le_capable(hdev))
a69e8375
JH		 1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1882 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1883
a7e80f25 1884 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1886 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1887
e7844ee5
MH		 1888 /* Bluetooth single mode LE only controllers or dual-mode
1889 * controllers configured as LE only devices, do not allow
1890 * switching LE off. These have either LE enabled explicitly
1891 * or BR/EDR has been previously switched off.
1892 *
1893 * When trying to enable an already enabled LE, then gracefully
1894 * send a positive response. Trying to disable it however will
1895 * result into rejection.
1896 */
1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1898 if (cp->val == 0x01)
1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1900
a69e8375
JH		 1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1902 MGMT_STATUS_REJECTED);
e7844ee5 1903 }
c73eee91 1904
13ecd8b6 1905 hci_dev_lock(hdev);
06199cf8
JH		 1906
1907 val = !!cp->val;
ffa88e02 1908 enabled = lmp_host_le_capable(hdev);
06199cf8 1909
847818d9 1910 if (!val)
37d3a1fa 1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
847818d9 1912
0b60eba1 1913 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1914 bool changed = false;
1915
d7a5a11d 1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1918 changed = true;
1919 }
1920
d7a5a11d 1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1923 changed = true;
1924 }
1925
06199cf8
JH		 1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1927 if (err < 0)
1de028ce 1928 goto unlock;
06199cf8
JH		 1929
1930 if (changed)
1931 err = new_settings(hdev, sk);
1932
1de028ce 1933 goto unlock;
06199cf8
JH		 1934 }
1935
333ae95d
JH		 1936 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1939 MGMT_STATUS_BUSY);
1de028ce 1940 goto unlock;
06199cf8
JH		 1941 }
1942
1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1944 if (!cmd) {
1945 err = -ENOMEM;
1de028ce 1946 goto unlock;
06199cf8
JH		 1947 }
1948
441ad2d0
MH		 1949 hci_req_init(&req, hdev);
1950
06199cf8
JH		 1951 memset(&hci_cp, 0, sizeof(hci_cp));
1952
1953 if (val) {
1954 hci_cp.le = val;
32226e4f 1955 hci_cp.simul = 0x00;
441ad2d0 1956 } else {
d7a5a11d 1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1958 __hci_req_disable_advertising(&req);
45b7749f
JK		 1959
1960 if (ext_adv_capable(hdev))
1961 __hci_req_clear_ext_adv_sets(&req);
06199cf8
JH		 1962 }
1963
416a4ae5
JH		 1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1965 &hci_cp);
1966
1967 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1968 if (err < 0)
06199cf8 1969 mgmt_pending_remove(cmd);
06199cf8 1970
1de028ce
JH		 1971unlock:
1972 hci_dev_unlock(hdev);
06199cf8
JH		 1973 return err;
1974}
1975
0cab9c80
JH		 1976/* This is a helper function to test for pending mgmt commands that can
1977 * cause CoD or EIR HCI commands. We can only allow one such pending
1978 * mgmt command at a time since otherwise we cannot easily track what
1979 * the current values are, will be, and based on that calculate if a new
1980 * HCI command needs to be sent and if yes with what value.
1981 */
1982static bool pending_eir_or_class(struct hci_dev *hdev)
1983{
3b0602cd 1984 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1985
1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1987 switch (cmd->opcode) {
1988 case MGMT_OP_ADD_UUID:
1989 case MGMT_OP_REMOVE_UUID:
1990 case MGMT_OP_SET_DEV_CLASS:
1991 case MGMT_OP_SET_POWERED:
1992 return true;
1993 }
1994 }
1995
1996 return false;
1997}
1998
83be8eca
JH		 1999static const u8 bluetooth_base_uuid[] = {
2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2002};
2003
2004static u8 get_uuid_size(const u8 *uuid)
2005{
2006 u32 val;
2007
2008 if (memcmp(uuid, bluetooth_base_uuid, 12))
2009 return 128;
2010
2011 val = get_unaligned_le32(&uuid[12]);
2012 if (val > 0xffff)
2013 return 32;
2014
2015 return 16;
2016}
2017
92da6097
JH		 2018static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2019{
3b0602cd 2020 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2021
2022 hci_dev_lock(hdev);
2023
333ae95d 2024 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2025 if (!cmd)
2026 goto unlock;
2027
2a1afb5a
JH		 2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2029 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2030
2031 mgmt_pending_remove(cmd);
2032
2033unlock:
2034 hci_dev_unlock(hdev);
2035}
2036
1904a853 2037static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2038{
2039 BT_DBG("status 0x%02x", status);
2040
2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2042}
2043
bdb6d971 2044static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2045{
650f726d 2046 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2047 struct mgmt_pending_cmd *cmd;
890ea898 2048 struct hci_request req;
2aeb9a1a 2049 struct bt_uuid *uuid;
2aeb9a1a
JH		 2050 int err;
2051
bdb6d971 2052 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2053
09fd0de5 2054 hci_dev_lock(hdev);
2aeb9a1a 2055
0cab9c80 2056 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2058 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2059 goto failed;
2060 }
2061
92c4c204 2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2063 if (!uuid) {
2064 err = -ENOMEM;
2065 goto failed;
2066 }
2067
2068 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2069 uuid->svc_hint = cp->svc_hint;
83be8eca 2070 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2071
de66aa63 2072 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2073
890ea898 2074 hci_req_init(&req, hdev);
1aff6f09 2075
14bf5eac 2076 __hci_req_update_class(&req);
b1a8917c 2077 __hci_req_update_eir(&req);
890ea898 2078
92da6097
JH		 2079 err = hci_req_run(&req, add_uuid_complete);
2080 if (err < 0) {
2081 if (err != -ENODATA)
2082 goto failed;
80a1e1db 2083
2a1afb5a
JH		 2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2085 hdev->dev_class, 3);
90e70454
JH		 2086 goto failed;
2087 }
2088
2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2090 if (!cmd) {
90e70454 2091 err = -ENOMEM;
890ea898
JH		 2092 goto failed;
2093 }
2094
2095 err = 0;
2aeb9a1a
JH		 2096
2097failed:
09fd0de5 2098 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2099 return err;
2100}
2101
24b78d0f
JH		 2102static bool enable_service_cache(struct hci_dev *hdev)
2103{
2104 if (!hdev_is_powered(hdev))
2105 return false;
2106
238be788 2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2109 CACHE_TIMEOUT);
24b78d0f
JH		 2110 return true;
2111 }
2112
2113 return false;
2114}
2115
1904a853 2116static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2117{
2118 BT_DBG("status 0x%02x", status);
2119
2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2121}
2122
bdb6d971 2123static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2124 u16 len)
2aeb9a1a 2125{
650f726d 2126 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2127 struct mgmt_pending_cmd *cmd;
056341c8 2128 struct bt_uuid *match, *tmp;
2aeb9a1a 2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2130 struct hci_request req;
2aeb9a1a
JH		 2131 int err, found;
2132
bdb6d971 2133 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2134
09fd0de5 2135 hci_dev_lock(hdev);
2aeb9a1a 2136
0cab9c80 2137 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2139 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2140 goto unlock;
2141 }
2142
2aeb9a1a 2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2144 hci_uuids_clear(hdev);
4004b6d9 2145
24b78d0f 2146 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2147 err = mgmt_cmd_complete(sk, hdev->id,
2148 MGMT_OP_REMOVE_UUID,
2149 0, hdev->dev_class, 3);
24b78d0f
JH		 2150 goto unlock;
2151 }
4004b6d9 2152
9246a869 2153 goto update_class;
2aeb9a1a
JH		 2154 }
2155
2156 found = 0;
2157
056341c8 2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2159 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2160 continue;
2161
2162 list_del(&match->list);
482049f7 2163 kfree(match);
2aeb9a1a
JH		 2164 found++;
2165 }
2166
2167 if (found == 0) {
a69e8375
JH		 2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2169 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2170 goto unlock;
2171 }
2172
9246a869 2173update_class:
890ea898 2174 hci_req_init(&req, hdev);
1aff6f09 2175
14bf5eac 2176 __hci_req_update_class(&req);
b1a8917c 2177 __hci_req_update_eir(&req);
890ea898 2178
92da6097
JH		 2179 err = hci_req_run(&req, remove_uuid_complete);
2180 if (err < 0) {
2181 if (err != -ENODATA)
2182 goto unlock;
80a1e1db 2183
2a1afb5a
JH		 2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2185 hdev->dev_class, 3);
90e70454
JH		 2186 goto unlock;
2187 }
2188
2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2190 if (!cmd) {
90e70454 2191 err = -ENOMEM;
890ea898
JH		 2192 goto unlock;
2193 }
2194
2195 err = 0;
2aeb9a1a
JH		 2196
2197unlock:
09fd0de5 2198 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2199 return err;
2200}
2201
1904a853 2202static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2203{
2204 BT_DBG("status 0x%02x", status);
2205
2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2207}
2208
bdb6d971 2209static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2210 u16 len)
1aff6f09 2211{
650f726d 2212 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2213 struct mgmt_pending_cmd *cmd;
890ea898 2214 struct hci_request req;
1aff6f09
JH		 2215 int err;
2216
bdb6d971 2217 BT_DBG("request for %s", hdev->name);
1aff6f09 2218
6203fc98 2219 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2221 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2222
0cab9c80 2223 hci_dev_lock(hdev);
ee98f473 2224
0cab9c80 2225 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2227 MGMT_STATUS_BUSY);
0cab9c80
JH		 2228 goto unlock;
2229 }
c95f0ba7 2230
0cab9c80 2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2233 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2234 goto unlock;
2235 }
575b3a02 2236
932f5ff5
JH		 2237 hdev->major_class = cp->major;
2238 hdev->minor_class = cp->minor;
2239
b5235a65 2240 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2242 hdev->dev_class, 3);
b5235a65
JH		 2243 goto unlock;
2244 }
2245
890ea898
JH		 2246 hci_req_init(&req, hdev);
2247
a69d8927 2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2249 hci_dev_unlock(hdev);
2250 cancel_delayed_work_sync(&hdev->service_cache);
2251 hci_dev_lock(hdev);
b1a8917c 2252 __hci_req_update_eir(&req);
7d78525d 2253 }
14c0b608 2254
14bf5eac 2255 __hci_req_update_class(&req);
890ea898 2256
92da6097
JH		 2257 err = hci_req_run(&req, set_class_complete);
2258 if (err < 0) {
2259 if (err != -ENODATA)
2260 goto unlock;
1aff6f09 2261
2a1afb5a
JH		 2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2263 hdev->dev_class, 3);
90e70454
JH		 2264 goto unlock;
2265 }
2266
2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2268 if (!cmd) {
90e70454 2269 err = -ENOMEM;
890ea898
JH		 2270 goto unlock;
2271 }
2272
2273 err = 0;
1aff6f09 2274
b5235a65 2275unlock:
09fd0de5 2276 hci_dev_unlock(hdev);
1aff6f09
JH		 2277 return err;
2278}
2279
bdb6d971 2280static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2281 u16 len)
55ed8ca1 2282{
650f726d 2283 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2285 sizeof(struct mgmt_link_key_info));
4e51eae9 2286 u16 key_count, expected_len;
b1de97d8 2287 bool changed;
a492cd52 2288 int i;
55ed8ca1 2289
9060d5cf
MH		 2290 BT_DBG("request for %s", hdev->name);
2291
2292 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2294 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2295
1f350c87 2296 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 2297 if (key_count > max_key_count) {
2064ee33
MH		 2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2299 key_count);
a69e8375
JH		 2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2301 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2302 }
55ed8ca1 2303
5bec1fb8 2304 expected_len = struct_size(cp, keys, key_count);
a492cd52 2305 if (expected_len != len) {
2064ee33
MH		 2306 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2307 expected_len, len);
a69e8375
JH		 2308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2309 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2310 }
2311
4ae14301 2312 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2314 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2315
bdb6d971 2316 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2317 key_count);
55ed8ca1 2318
4ee71b20
JH		 2319 for (i = 0; i < key_count; i++) {
2320 struct mgmt_link_key_info *key = &cp->keys[i];
2321
8e991132 2322 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2323 return mgmt_cmd_status(sk, hdev->id,
2324 MGMT_OP_LOAD_LINK_KEYS,
2325 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2326 }
2327
09fd0de5 2328 hci_dev_lock(hdev);
55ed8ca1
JH		 2329
2330 hci_link_keys_clear(hdev);
2331
55ed8ca1 2332 if (cp->debug_keys)
238be788 2333 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2334 else
a69d8927
MH		 2335 changed = hci_dev_test_and_clear_flag(hdev,
2336 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2337
2338 if (changed)
2339 new_settings(hdev, NULL);
55ed8ca1 2340
a492cd52 2341 for (i = 0; i < key_count; i++) {
86742e1e 2342 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2343
58e9293c
JH		 2344 /* Always ignore debug keys and require a new pairing if
2345 * the user wants to use them.
2346 */
2347 if (key->type == HCI_LK_DEBUG_COMBINATION)
2348 continue;
2349
7652ff6a
JH		 2350 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2351 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2352 }
2353
2a1afb5a 2354 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2355
09fd0de5 2356 hci_dev_unlock(hdev);
55ed8ca1 2357
a492cd52 2358 return 0;
55ed8ca1
JH		 2359}
2360
b1078ad0 2361static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2362 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2363{
2364 struct mgmt_ev_device_unpaired ev;
2365
2366 bacpy(&ev.addr.bdaddr, bdaddr);
2367 ev.addr.type = addr_type;
2368
2369 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2370 skip_sk);
b1078ad0
JH		 2371}
2372
bdb6d971 2373static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2374 u16 len)
55ed8ca1 2375{
124f6e35
JH		 2376 struct mgmt_cp_unpair_device *cp = data;
2377 struct mgmt_rp_unpair_device rp;
fc64361a 2378 struct hci_conn_params *params;
3b0602cd 2379 struct mgmt_pending_cmd *cmd;
55ed8ca1 2380 struct hci_conn *conn;
ec182f03 2381 u8 addr_type;
55ed8ca1
JH		 2382 int err;
2383
a8a1d19e 2384 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2385 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2386 rp.addr.type = cp->addr.type;
a8a1d19e 2387
4ee71b20 2388 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2389 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2390 MGMT_STATUS_INVALID_PARAMS,
2391 &rp, sizeof(rp));
4ee71b20 2392
118da70b 2393 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2394 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2395 MGMT_STATUS_INVALID_PARAMS,
2396 &rp, sizeof(rp));
118da70b 2397
4ee71b20
JH		 2398 hci_dev_lock(hdev);
2399
86a8cfc6 2400 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2401 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2402 MGMT_STATUS_NOT_POWERED, &rp,
2403 sizeof(rp));
86a8cfc6
JH		 2404 goto unlock;
2405 }
2406
e0b2b27e 2407 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2408 /* If disconnection is requested, then look up the
2409 * connection. If the remote device is connected, it
2410 * will be later used to terminate the link.
2411 *
2412 * Setting it to NULL explicitly will cause no
2413 * termination of the link.
2414 */
2415 if (cp->disconnect)
2416 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2417 &cp->addr.bdaddr);
2418 else
2419 conn = NULL;
2420
124f6e35 2421 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2422 if (err < 0) {
2423 err = mgmt_cmd_complete(sk, hdev->id,
2424 MGMT_OP_UNPAIR_DEVICE,
2425 MGMT_STATUS_NOT_PAIRED, &rp,
2426 sizeof(rp));
2427 goto unlock;
89cbb063
AA		 2428 }
2429
ec182f03 2430 goto done;
e0b2b27e 2431 }
b0dbfb46 2432
ec182f03
JH		 2433 /* LE address type */
2434 addr_type = le_addr_type(cp->addr.type);
2435
cb28c306
MK		 2436 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2437 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2438 if (err < 0) {
2a1afb5a
JH		 2439 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2440 MGMT_STATUS_NOT_PAIRED, &rp,
2441 sizeof(rp));
55ed8ca1
JH		 2442 goto unlock;
2443 }
2444
ec182f03
JH		 2445 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2446 if (!conn) {
2447 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2448 goto done;
2449 }
2450
c81d555a 2451
ec182f03
JH		 2452 /* Defer clearing up the connection parameters until closing to
2453 * give a chance of keeping them if a repairing happens.
2454 */
2455 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2456
fc64361a
JH		 2457 /* Disable auto-connection parameters if present */
2458 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2459 if (params) {
2460 if (params->explicit_connect)
2461 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2462 else
2463 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2464 }
2465
ec182f03
JH		 2466 /* If disconnection is not requested, then clear the connection
2467 * variable so that the link is not terminated.
2468 */
2469 if (!cp->disconnect)
2470 conn = NULL;
2471
2472done:
89cbb063
AA		 2473 /* If the connection variable is set, then termination of the
2474 * link is requested.
2475 */
a8a1d19e 2476 if (!conn) {
2a1afb5a
JH		 2477 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2478 &rp, sizeof(rp));
b1078ad0 2479 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2480 goto unlock;
2481 }
55ed8ca1 2482
124f6e35 2483 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2484 sizeof(*cp));
a8a1d19e
JH		 2485 if (!cmd) {
2486 err = -ENOMEM;
2487 goto unlock;
55ed8ca1
JH		 2488 }
2489
d8b7b1e4
JH		 2490 cmd->cmd_complete = addr_cmd_complete;
2491
89e0ccc8 2492 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2493 if (err < 0)
2494 mgmt_pending_remove(cmd);
2495
55ed8ca1 2496unlock:
09fd0de5 2497 hci_dev_unlock(hdev);
55ed8ca1
JH		 2498 return err;
2499}
2500
bdb6d971 2501static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2502 u16 len)
8962ee74 2503{
650f726d 2504 struct mgmt_cp_disconnect *cp = data;
06a63b19 2505 struct mgmt_rp_disconnect rp;
3b0602cd 2506 struct mgmt_pending_cmd *cmd;
8962ee74 2507 struct hci_conn *conn;
8962ee74
JH		 2508 int err;
2509
2510 BT_DBG("");
2511
06a63b19
JH		 2512 memset(&rp, 0, sizeof(rp));
2513 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2514 rp.addr.type = cp->addr.type;
2515
4ee71b20 2516 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2517 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2518 MGMT_STATUS_INVALID_PARAMS,
2519 &rp, sizeof(rp));
4ee71b20 2520
09fd0de5 2521 hci_dev_lock(hdev);
8962ee74
JH		 2522
2523 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2524 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2525 MGMT_STATUS_NOT_POWERED, &rp,
2526 sizeof(rp));
8962ee74
JH		 2527 goto failed;
2528 }
2529
333ae95d 2530 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2531 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2532 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2533 goto failed;
2534 }
2535
591f47f3 2536 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2537 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2538 &cp->addr.bdaddr);
88c3df13 2539 else
9d4c1cc1
JH		 2540 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2541 le_addr_type(cp->addr.type));
365227e5 2542
f960727e 2543 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2544 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2545 MGMT_STATUS_NOT_CONNECTED, &rp,
2546 sizeof(rp));
8962ee74
JH		 2547 goto failed;
2548 }
2549
2e58ef3e 2550 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2551 if (!cmd) {
2552 err = -ENOMEM;
8962ee74 2553 goto failed;
366a0336 2554 }
8962ee74 2555
f5818c22
JH		 2556 cmd->cmd_complete = generic_cmd_complete;
2557
e3f2f92a 2558 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2559 if (err < 0)
a664b5bc 2560 mgmt_pending_remove(cmd);
8962ee74
JH		 2561
2562failed:
09fd0de5 2563 hci_dev_unlock(hdev);
8962ee74
JH		 2564 return err;
2565}
2566
57c1477c 2567static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2568{
2569 switch (link_type) {
2570 case LE_LINK:
48264f06
JH		 2571 switch (addr_type) {
2572 case ADDR_LE_DEV_PUBLIC:
591f47f3 2573 return BDADDR_LE_PUBLIC;
0ed09148 2574
48264f06 2575 default:
0ed09148 2576 /* Fallback to LE Random address type */
591f47f3 2577 return BDADDR_LE_RANDOM;
48264f06 2578 }
0ed09148 2579
4c659c39 2580 default:
0ed09148 2581 /* Fallback to BR/EDR type */
591f47f3 2582 return BDADDR_BREDR;
4c659c39
JH		 2583 }
2584}
2585
04124681
GP		 2586static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2587 u16 data_len)
2784eb41 2588{
2784eb41 2589 struct mgmt_rp_get_connections *rp;
8035ded4 2590 struct hci_conn *c;
a38528f1 2591 size_t rp_len;
60fc5fb6
JH		 2592 int err;
2593 u16 i;
2784eb41
JH		 2594
2595 BT_DBG("");
2596
09fd0de5 2597 hci_dev_lock(hdev);
2784eb41 2598
5f97c1df 2599 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2600 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2601 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2602 goto unlock;
2603 }
2604
60fc5fb6 2605 i = 0;
b644ba33
JH		 2606 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2607 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2608 i++;
2784eb41
JH		 2609 }
2610
60fc5fb6 2611 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2612 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2613 if (!rp) {
2784eb41
JH		 2614 err = -ENOMEM;
2615 goto unlock;
2616 }
2617
2784eb41 2618 i = 0;
4c659c39 2619 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2620 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2621 continue;
4c659c39 2622 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2623 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2624 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2625 continue;
2626 i++;
2627 }
2628
eb55ef07 2629 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2630
4c659c39
JH		 2631 /* Recalculate length in case of filtered SCO connections, etc */
2632 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2633
2a1afb5a
JH		 2634 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2635 rp_len);
2784eb41 2636
a38528f1 2637 kfree(rp);
5f97c1df
JH		 2638
2639unlock:
09fd0de5 2640 hci_dev_unlock(hdev);
2784eb41
JH		 2641 return err;
2642}
2643
bdb6d971 2644static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2645 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2646{
3b0602cd 2647 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2648 int err;
2649
2e58ef3e 2650 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2651 sizeof(*cp));
96d97a67
WR		 2652 if (!cmd)
2653 return -ENOMEM;
2654
dd7e39bb
AL		 2655 cmd->cmd_complete = addr_cmd_complete;
2656
d8457698 2657 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2658 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2659 if (err < 0)
2660 mgmt_pending_remove(cmd);
2661
2662 return err;
2663}
2664
bdb6d971 2665static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2666 u16 len)
980e1a53 2667{
96d97a67 2668 struct hci_conn *conn;
650f726d 2669 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2670 struct hci_cp_pin_code_reply reply;
3b0602cd 2671 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2672 int err;
2673
2674 BT_DBG("");
2675
09fd0de5 2676 hci_dev_lock(hdev);
980e1a53 2677
4b34ee78 2678 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2679 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2680 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2681 goto failed;
2682 }
2683
d8457698 2684 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2685 if (!conn) {
a69e8375
JH		 2686 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2687 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2688 goto failed;
2689 }
2690
2691 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2692 struct mgmt_cp_pin_code_neg_reply ncp;
2693
2694 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67 2695
2064ee33 2696 bt_dev_err(hdev, "PIN code is not 16 bytes long");
96d97a67 2697
bdb6d971 2698 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2699 if (err >= 0)
a69e8375
JH		 2700 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2701 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2702
2703 goto failed;
2704 }
2705
00abfe44 2706 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2707 if (!cmd) {
2708 err = -ENOMEM;
980e1a53 2709 goto failed;
366a0336 2710 }
980e1a53 2711
7776d1d8
JH		 2712 cmd->cmd_complete = addr_cmd_complete;
2713
d8457698 2714 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2715 reply.pin_len = cp->pin_len;
24718ca5 2716 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2717
2718 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2719 if (err < 0)
a664b5bc 2720 mgmt_pending_remove(cmd);
980e1a53
JH		 2721
2722failed:
09fd0de5 2723 hci_dev_unlock(hdev);
980e1a53
JH		 2724 return err;
2725}
2726
04124681
GP		 2727static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2728 u16 len)
17fa4b9d 2729{
650f726d 2730 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2731
2732 BT_DBG("");
2733
4ec86d4c 2734 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 2735 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2736 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 2737
09fd0de5 2738 hci_dev_lock(hdev);
17fa4b9d
JH		 2739
2740 hdev->io_capability = cp->io_capability;
2741
2742 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2743 hdev->io_capability);
17fa4b9d 2744
09fd0de5 2745 hci_dev_unlock(hdev);
17fa4b9d 2746
2a1afb5a
JH		 2747 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2748 NULL, 0);
17fa4b9d
JH		 2749}
2750
3b0602cd 2751static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2752{
2753 struct hci_dev *hdev = conn->hdev;
3b0602cd 2754 struct mgmt_pending_cmd *cmd;
e9a416b5 2755
2e58ef3e 2756 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2757 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2758 continue;
2759
e9a416b5
JH		 2760 if (cmd->user_data != conn)
2761 continue;
2762
2763 return cmd;
2764 }
2765
2766 return NULL;
2767}
2768
3b0602cd 2769static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2770{
2771 struct mgmt_rp_pair_device rp;
2772 struct hci_conn *conn = cmd->user_data;
9df74653 2773 int err;
e9a416b5 2774
61b1a7fb
JH		 2775 bacpy(&rp.addr.bdaddr, &conn->dst);
2776 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2777
2a1afb5a
JH		 2778 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2779 status, &rp, sizeof(rp));
e9a416b5
JH		 2780
2781 /* So we don't get further callbacks for this connection */
2782 conn->connect_cfm_cb = NULL;
2783 conn->security_cfm_cb = NULL;
2784 conn->disconn_cfm_cb = NULL;
2785
76a68ba0 2786 hci_conn_drop(conn);
89cbb063
AA		 2787
2788 /* The device is paired so there is no need to remove
2789 * its connection parameters anymore.
2790 */
2791 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2792
2793 hci_conn_put(conn);
9df74653
JH		 2794
2795 return err;
e9a416b5
JH		 2796}
2797
f4a407be
JH		 2798void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2799{
2800 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2801 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2802
2803 cmd = find_pairing(conn);
a511b35b 2804 if (cmd) {
04ab2749 2805 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2806 mgmt_pending_remove(cmd);
2807 }
f4a407be
JH		 2808}
2809
e9a416b5
JH		 2810static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2811{
3b0602cd 2812 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2813
2814 BT_DBG("status %u", status);
2815
2816 cmd = find_pairing(conn);
a511b35b 2817 if (!cmd) {
e9a416b5 2818 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2819 return;
2820 }
2821
2822 cmd->cmd_complete(cmd, mgmt_status(status));
2823 mgmt_pending_remove(cmd);
e9a416b5
JH		 2824}
2825
f4a407be 2826static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2827{
3b0602cd 2828 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2829
2830 BT_DBG("status %u", status);
2831
2832 if (!status)
2833 return;
2834
2835 cmd = find_pairing(conn);
a511b35b 2836 if (!cmd) {
4c47d739 2837 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2838 return;
2839 }
2840
2841 cmd->cmd_complete(cmd, mgmt_status(status));
2842 mgmt_pending_remove(cmd);
4c47d739
VA		 2843}
2844
bdb6d971 2845static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2846 u16 len)
e9a416b5 2847{
650f726d 2848 struct mgmt_cp_pair_device *cp = data;
1425acb7 2849 struct mgmt_rp_pair_device rp;
3b0602cd 2850 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2851 u8 sec_level, auth_type;
2852 struct hci_conn *conn;
e9a416b5
JH		 2853 int err;
2854
2855 BT_DBG("");
2856
f950a30e
SJ		 2857 memset(&rp, 0, sizeof(rp));
2858 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2859 rp.addr.type = cp->addr.type;
2860
4ee71b20 2861 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2862 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2863 MGMT_STATUS_INVALID_PARAMS,
2864 &rp, sizeof(rp));
4ee71b20 2865
4ec86d4c 2866 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2867 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2868 MGMT_STATUS_INVALID_PARAMS,
2869 &rp, sizeof(rp));
4ec86d4c 2870
09fd0de5 2871 hci_dev_lock(hdev);
e9a416b5 2872
5f97c1df 2873 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2874 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2875 MGMT_STATUS_NOT_POWERED, &rp,
2876 sizeof(rp));
5f97c1df
JH		 2877 goto unlock;
2878 }
2879
55e76b38
JH		 2880 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2881 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2882 MGMT_STATUS_ALREADY_PAIRED, &rp,
2883 sizeof(rp));
2884 goto unlock;
2885 }
2886
c908df36 2887 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2888 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2889
6f77d8c7 2890 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2891 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2892 auth_type);
6f77d8c7 2893 } else {
85813a7e 2894 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2895 struct hci_conn_params *p;
6f77d8c7 2896
7c264b10
MH		 2897 /* When pairing a new device, it is expected to remember
2898 * this device for future connections. Adding the connection
2899 * parameter information ahead of time allows tracking
2900 * of the slave preferred values and will speed up any
2901 * further connection establishment.
2902 *
2903 * If connection parameters already exist, then they
2904 * will be kept and this function does nothing.
2905 */
5157b8a5
JP		 2906 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2907
2908 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2909 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2910
fa142220
JP		 2911 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2912 addr_type, sec_level,
0ad06aa6 2913 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2914 }
7a512d01 2915
30e76272 2916 if (IS_ERR(conn)) {
489dc48e
AK		 2917 int status;
2918
2919 if (PTR_ERR(conn) == -EBUSY)
2920 status = MGMT_STATUS_BUSY;
faa81030
LR		 2921 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2922 status = MGMT_STATUS_NOT_SUPPORTED;
2923 else if (PTR_ERR(conn) == -ECONNREFUSED)
2924 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2925 else
2926 status = MGMT_STATUS_CONNECT_FAILED;
2927
2a1afb5a
JH		 2928 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2929 status, &rp, sizeof(rp));
e9a416b5
JH		 2930 goto unlock;
2931 }
2932
2933 if (conn->connect_cfm_cb) {
76a68ba0 2934 hci_conn_drop(conn);
2a1afb5a
JH		 2935 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2936 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2937 goto unlock;
2938 }
2939
2e58ef3e 2940 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2941 if (!cmd) {
2942 err = -ENOMEM;
76a68ba0 2943 hci_conn_drop(conn);
e9a416b5
JH		 2944 goto unlock;
2945 }
2946
04ab2749
JH		 2947 cmd->cmd_complete = pairing_complete;
2948
7a512d01 2949 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2950 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2951 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2952 conn->security_cfm_cb = pairing_complete_cb;
2953 conn->disconn_cfm_cb = pairing_complete_cb;
2954 } else {
2955 conn->connect_cfm_cb = le_pairing_complete_cb;
2956 conn->security_cfm_cb = le_pairing_complete_cb;
2957 conn->disconn_cfm_cb = le_pairing_complete_cb;
2958 }
7a512d01 2959
e9a416b5 2960 conn->io_capability = cp->io_cap;
f8aaf9b6 2961 cmd->user_data = hci_conn_get(conn);
e9a416b5 2962
6f78fd4b 2963 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2964 hci_conn_security(conn, sec_level, auth_type, true)) {
2965 cmd->cmd_complete(cmd, 0);
2966 mgmt_pending_remove(cmd);
2967 }
e9a416b5
JH		 2968
2969 err = 0;
2970
2971unlock:
09fd0de5 2972 hci_dev_unlock(hdev);
e9a416b5
JH		 2973 return err;
2974}
2975
04124681
GP		 2976static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2977 u16 len)
28424707 2978{
0f4e68cf 2979 struct mgmt_addr_info *addr = data;
3b0602cd 2980 struct mgmt_pending_cmd *cmd;
28424707
JH		 2981 struct hci_conn *conn;
2982 int err;
2983
2984 BT_DBG("");
2985
28424707
JH		 2986 hci_dev_lock(hdev);
2987
5f97c1df 2988 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2989 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2990 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2991 goto unlock;
2992 }
2993
333ae95d 2994 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2995 if (!cmd) {
a69e8375
JH		 2996 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2997 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2998 goto unlock;
2999 }
3000
3001 conn = cmd->user_data;
3002
3003 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3004 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3005 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3006 goto unlock;
3007 }
3008
a511b35b
JH		 3009 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3010 mgmt_pending_remove(cmd);
28424707 3011
2a1afb5a
JH		 3012 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3013 addr, sizeof(*addr));
28424707
JH		 3014unlock:
3015 hci_dev_unlock(hdev);
28424707
JH		 3016 return err;
3017}
3018
bdb6d971 3019static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3020 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3021 u16 hci_op, __le32 passkey)
a5c29683 3022{
3b0602cd 3023 struct mgmt_pending_cmd *cmd;
0df4c185 3024 struct hci_conn *conn;
a5c29683
JH		 3025 int err;
3026
09fd0de5 3027 hci_dev_lock(hdev);
08ba5382 3028
4b34ee78 3029 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3030 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3031 MGMT_STATUS_NOT_POWERED, addr,
3032 sizeof(*addr));
0df4c185 3033 goto done;
a5c29683
JH		 3034 }
3035
1707c60e
JH		 3036 if (addr->type == BDADDR_BREDR)
3037 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3038 else
9d4c1cc1
JH		 3039 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3040 le_addr_type(addr->type));
272d90df
JH		 3041
3042 if (!conn) {
2a1afb5a
JH		 3043 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3044 MGMT_STATUS_NOT_CONNECTED, addr,
3045 sizeof(*addr));
272d90df
JH		 3046 goto done;
3047 }
47c15e2b 3048
1707c60e 3049 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3050 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3051 if (!err)
2a1afb5a
JH		 3052 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3053 MGMT_STATUS_SUCCESS, addr,
3054 sizeof(*addr));
5fe57d9e 3055 else
2a1afb5a
JH		 3056 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3057 MGMT_STATUS_FAILED, addr,
3058 sizeof(*addr));
47c15e2b 3059
47c15e2b
BG		 3060 goto done;
3061 }
3062
1707c60e 3063 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3064 if (!cmd) {
3065 err = -ENOMEM;
0df4c185 3066 goto done;
a5c29683
JH		 3067 }
3068
7776d1d8
JH		 3069 cmd->cmd_complete = addr_cmd_complete;
3070
0df4c185 3071 /* Continue with pairing via HCI */
604086b7
BG		 3072 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3073 struct hci_cp_user_passkey_reply cp;
3074
1707c60e 3075 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3076 cp.passkey = passkey;
3077 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3078 } else
1707c60e
JH		 3079 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3080 &addr->bdaddr);
604086b7 3081
a664b5bc
JH		 3082 if (err < 0)
3083 mgmt_pending_remove(cmd);
a5c29683 3084
0df4c185 3085done:
09fd0de5 3086 hci_dev_unlock(hdev);
a5c29683
JH		 3087 return err;
3088}
3089
afeb019d
JK		 3090static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3091 void *data, u16 len)
3092{
3093 struct mgmt_cp_pin_code_neg_reply *cp = data;
3094
3095 BT_DBG("");
3096
1707c60e 3097 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3098 MGMT_OP_PIN_CODE_NEG_REPLY,
3099 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3100}
3101
04124681
GP		 3102static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3103 u16 len)
0df4c185 3104{
650f726d 3105 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3106
3107 BT_DBG("");
3108
3109 if (len != sizeof(*cp))
a69e8375
JH		 3110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3111 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3112
1707c60e 3113 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3114 MGMT_OP_USER_CONFIRM_REPLY,
3115 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3116}
3117
bdb6d971 3118static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3119 void *data, u16 len)
0df4c185 3120{
c9c2659f 3121 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3122
3123 BT_DBG("");
3124
1707c60e 3125 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3126 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3127 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3128}
3129
04124681
GP		 3130static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3131 u16 len)
604086b7 3132{
650f726d 3133 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3134
3135 BT_DBG("");
3136
1707c60e 3137 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3138 MGMT_OP_USER_PASSKEY_REPLY,
3139 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3140}
3141
bdb6d971 3142static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3143 void *data, u16 len)
604086b7 3144{
650f726d 3145 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3146
3147 BT_DBG("");
3148
1707c60e 3149 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3150 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3151 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3152}
3153
7c295c48
MN		 3154static void adv_expire(struct hci_dev *hdev, u32 flags)
3155{
3156 struct adv_info *adv_instance;
3157 struct hci_request req;
3158 int err;
3159
3160 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3161 if (!adv_instance)
3162 return;
3163
3164 /* stop if current instance doesn't need to be changed */
3165 if (!(adv_instance->flags & flags))
3166 return;
3167
3168 cancel_adv_timeout(hdev);
3169
3170 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3171 if (!adv_instance)
3172 return;
3173
3174 hci_req_init(&req, hdev);
3175 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3176 true);
3177 if (err)
3178 return;
3179
3180 hci_req_run(&req, NULL);
3181}
3182
1904a853 3183static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3184{
3185 struct mgmt_cp_set_local_name *cp;
3b0602cd 3186 struct mgmt_pending_cmd *cmd;
13928971
JH		 3187
3188 BT_DBG("status 0x%02x", status);
3189
3190 hci_dev_lock(hdev);
3191
333ae95d 3192 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3193 if (!cmd)
3194 goto unlock;
3195
3196 cp = cmd->param;
3197
7c295c48 3198 if (status) {
a69e8375
JH		 3199 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3200 mgmt_status(status));
7c295c48 3201 } else {
2a1afb5a
JH		 3202 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3203 cp, sizeof(*cp));
13928971 3204
7c295c48
MN		 3205 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3206 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3207 }
3208
13928971
JH		 3209 mgmt_pending_remove(cmd);
3210
3211unlock:
3212 hci_dev_unlock(hdev);
3213}
3214
bdb6d971 3215static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3216 u16 len)
b312b161 3217{
2b4bf397 3218 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3219 struct mgmt_pending_cmd *cmd;
890ea898 3220 struct hci_request req;
b312b161
JH		 3221 int err;
3222
3223 BT_DBG("");
3224
09fd0de5 3225 hci_dev_lock(hdev);
b312b161 3226
b3f2ca94
JH		 3227 /* If the old values are the same as the new ones just return a
3228 * direct command complete event.
3229 */
3230 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3231 !memcmp(hdev->short_name, cp->short_name,
3232 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3233 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3234 data, len);
b3f2ca94
JH		 3235 goto failed;
3236 }
3237
2b4bf397 3238 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3239
b5235a65 3240 if (!hdev_is_powered(hdev)) {
2b4bf397 3241 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3242
2a1afb5a
JH		 3243 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3244 data, len);
28cc7bde
JH		 3245 if (err < 0)
3246 goto failed;
3247
5504c3a3
MH		 3248 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3249 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3250 ext_info_changed(hdev, sk);
28cc7bde 3251
b5235a65
JH		 3252 goto failed;
3253 }
3254
28cc7bde 3255 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3256 if (!cmd) {
3257 err = -ENOMEM;
3258 goto failed;
3259 }
3260
13928971
JH		 3261 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3262
890ea898 3263 hci_req_init(&req, hdev);
3f985050
JH		 3264
3265 if (lmp_bredr_capable(hdev)) {
00cf5040 3266 __hci_req_update_name(&req);
b1a8917c 3267 __hci_req_update_eir(&req);
3f985050
JH		 3268 }
3269
7a5f4990
MH		 3270 /* The name is stored in the scan response data and so
3271 * no need to udpate the advertising data here.
3272 */
7dc6f16c 3273 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
cab054ab 3274 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3f985050 3275
13928971 3276 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3277 if (err < 0)
3278 mgmt_pending_remove(cmd);
3279
3280failed:
09fd0de5 3281 hci_dev_unlock(hdev);
b312b161
JH		 3282 return err;
3283}
3284
c4960ecf
MN		 3285static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3286 u16 len)
3287{
3288 struct mgmt_cp_set_appearance *cp = data;
3289 u16 apperance;
3290 int err;
3291
3292 BT_DBG("");
3293
af4168c5
MN		 3294 if (!lmp_le_capable(hdev))
3295 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3296 MGMT_STATUS_NOT_SUPPORTED);
3297
c4960ecf
MN		 3298 apperance = le16_to_cpu(cp->appearance);
3299
3300 hci_dev_lock(hdev);
3301
3302 if (hdev->appearance != apperance) {
3303 hdev->appearance = apperance;
3304
3305 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3306 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
e74317f4
MN		 3307
3308 ext_info_changed(hdev, sk);
c4960ecf
MN		 3309 }
3310
3311 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3312 0);
3313
3314 hci_dev_unlock(hdev);
3315
3316 return err;
3317}
3318
6244691f
JK		 3319static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3320 void *data, u16 len)
3321{
3322 struct mgmt_rp_get_phy_confguration rp;
3323
3324 BT_DBG("sock %p %s", sk, hdev->name);
3325
3326 hci_dev_lock(hdev);
3327
3328 memset(&rp, 0, sizeof(rp));
3329
3330 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3331 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3332 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3333
3334 hci_dev_unlock(hdev);
3335
3336 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3337 &rp, sizeof(rp));
3338}
3339
b7c23df8
JK		 3340int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3341{
3342 struct mgmt_ev_phy_configuration_changed ev;
3343
3344 memset(&ev, 0, sizeof(ev));
3345
3346 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3347
3348 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3349 sizeof(ev), skip);
3350}
3351
0314f286
JK		 3352static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3353 u16 opcode, struct sk_buff *skb)
3354{
0314f286
JK		 3355 struct mgmt_pending_cmd *cmd;
3356
3357 BT_DBG("status 0x%02x", status);
3358
3359 hci_dev_lock(hdev);
3360
3361 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3362 if (!cmd)
3363 goto unlock;
3364
0314f286
JK		 3365 if (status) {
3366 mgmt_cmd_status(cmd->sk, hdev->id,
3367 MGMT_OP_SET_PHY_CONFIGURATION,
3368 mgmt_status(status));
3369 } else {
3370 mgmt_cmd_complete(cmd->sk, hdev->id,
3371 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3372 NULL, 0);
b7c23df8
JK		 3373
3374 mgmt_phy_configuration_changed(hdev, cmd->sk);
0314f286
JK		 3375 }
3376
3377 mgmt_pending_remove(cmd);
3378
3379unlock:
3380 hci_dev_unlock(hdev);
3381}
3382
3383static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3384 void *data, u16 len)
3385{
3386 struct mgmt_cp_set_phy_confguration *cp = data;
3387 struct hci_cp_le_set_default_phy cp_phy;
3388 struct mgmt_pending_cmd *cmd;
3389 struct hci_request req;
3390 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3391 u16 pkt_type = (HCI_DH1 | HCI_DM1);
b7c23df8 3392 bool changed = false;
0314f286
JK		 3393 int err;
3394
3395 BT_DBG("sock %p %s", sk, hdev->name);
3396
3397 configurable_phys = get_configurable_phys(hdev);
3398 supported_phys = get_supported_phys(hdev);
3399 selected_phys = __le32_to_cpu(cp->selected_phys);
3400
3401 if (selected_phys & ~supported_phys)
3402 return mgmt_cmd_status(sk, hdev->id,
3403 MGMT_OP_SET_PHY_CONFIGURATION,
3404 MGMT_STATUS_INVALID_PARAMS);
3405
3406 unconfigure_phys = supported_phys & ~configurable_phys;
3407
3408 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3409 return mgmt_cmd_status(sk, hdev->id,
3410 MGMT_OP_SET_PHY_CONFIGURATION,
3411 MGMT_STATUS_INVALID_PARAMS);
3412
3413 if (selected_phys == get_selected_phys(hdev))
3414 return mgmt_cmd_complete(sk, hdev->id,
3415 MGMT_OP_SET_PHY_CONFIGURATION,
3416 0, NULL, 0);
3417
3418 hci_dev_lock(hdev);
3419
3420 if (!hdev_is_powered(hdev)) {
3421 err = mgmt_cmd_status(sk, hdev->id,
3422 MGMT_OP_SET_PHY_CONFIGURATION,
3423 MGMT_STATUS_REJECTED);
3424 goto unlock;
3425 }
3426
3427 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3428 err = mgmt_cmd_status(sk, hdev->id,
3429 MGMT_OP_SET_PHY_CONFIGURATION,
3430 MGMT_STATUS_BUSY);
3431 goto unlock;
3432 }
3433
3434 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3435 pkt_type |= (HCI_DH3 | HCI_DM3);
3436 else
3437 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3438
3439 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3440 pkt_type |= (HCI_DH5 | HCI_DM5);
3441 else
3442 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3443
3444 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3445 pkt_type &= ~HCI_2DH1;
3446 else
3447 pkt_type |= HCI_2DH1;
3448
3449 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3450 pkt_type &= ~HCI_2DH3;
3451 else
3452 pkt_type |= HCI_2DH3;
3453
3454 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3455 pkt_type &= ~HCI_2DH5;
3456 else
3457 pkt_type |= HCI_2DH5;
3458
3459 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3460 pkt_type &= ~HCI_3DH1;
3461 else
3462 pkt_type |= HCI_3DH1;
3463
3464 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3465 pkt_type &= ~HCI_3DH3;
3466 else
3467 pkt_type |= HCI_3DH3;
3468
3469 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3470 pkt_type &= ~HCI_3DH5;
3471 else
3472 pkt_type |= HCI_3DH5;
3473
b7c23df8 3474 if (pkt_type != hdev->pkt_type) {
0314f286 3475 hdev->pkt_type = pkt_type;
b7c23df8
JK		 3476 changed = true;
3477 }
0314f286
JK		 3478
3479 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3480 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
b7c23df8
JK		 3481 if (changed)
3482 mgmt_phy_configuration_changed(hdev, sk);
3483
0314f286
JK		 3484 err = mgmt_cmd_complete(sk, hdev->id,
3485 MGMT_OP_SET_PHY_CONFIGURATION,
3486 0, NULL, 0);
3487
3488 goto unlock;
3489 }
3490
3491 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3492 len);
3493 if (!cmd) {
3494 err = -ENOMEM;
3495 goto unlock;
3496 }
3497
3498 hci_req_init(&req, hdev);
3499
3500 memset(&cp_phy, 0, sizeof(cp_phy));
3501
3502 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3503 cp_phy.all_phys |= 0x01;
3504
3505 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3506 cp_phy.all_phys |= 0x02;
3507
3508 if (selected_phys & MGMT_PHY_LE_1M_TX)
3509 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3510
3511 if (selected_phys & MGMT_PHY_LE_2M_TX)
3512 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3513
3514 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3515 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3516
3517 if (selected_phys & MGMT_PHY_LE_1M_RX)
3518 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3519
3520 if (selected_phys & MGMT_PHY_LE_2M_RX)
3521 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3522
3523 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3524 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3525
3526 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3527
3528 err = hci_req_run_skb(&req, set_default_phy_complete);
3529 if (err < 0)
3530 mgmt_pending_remove(cmd);
3531
3532unlock:
3533 hci_dev_unlock(hdev);
3534
3535 return err;
3536}
3537
1b9441f8
JH		 3538static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3539 u16 opcode, struct sk_buff *skb)
3540{
3541 struct mgmt_rp_read_local_oob_data mgmt_rp;
3542 size_t rp_size = sizeof(mgmt_rp);
3543 struct mgmt_pending_cmd *cmd;
3544
3545 BT_DBG("%s status %u", hdev->name, status);
3546
3547 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3548 if (!cmd)
3549 return;
3550
3551 if (status || !skb) {
3552 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3553 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3554 goto remove;
3555 }
3556
3557 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3558
3559 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3560 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3561
3562 if (skb->len < sizeof(*rp)) {
3563 mgmt_cmd_status(cmd->sk, hdev->id,
3564 MGMT_OP_READ_LOCAL_OOB_DATA,
3565 MGMT_STATUS_FAILED);
3566 goto remove;
3567 }
3568
3569 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3570 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3571
3572 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3573 } else {
3574 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3575
3576 if (skb->len < sizeof(*rp)) {
3577 mgmt_cmd_status(cmd->sk, hdev->id,
3578 MGMT_OP_READ_LOCAL_OOB_DATA,
3579 MGMT_STATUS_FAILED);
3580 goto remove;
3581 }
3582
3583 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3584 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3585
3586 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3587 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3588 }
3589
3590 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3591 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3592
3593remove:
3594 mgmt_pending_remove(cmd);
3595}
3596
0f4e68cf 3597static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3598 void *data, u16 data_len)
c35938b2 3599{
3b0602cd 3600 struct mgmt_pending_cmd *cmd;
1b9441f8 3601 struct hci_request req;
c35938b2
SJ		 3602 int err;
3603
bdb6d971 3604 BT_DBG("%s", hdev->name);
c35938b2 3605
09fd0de5 3606 hci_dev_lock(hdev);
c35938b2 3607
4b34ee78 3608 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3610 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3611 goto unlock;
3612 }
3613
9a1a1996 3614 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3615 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3616 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3617 goto unlock;
3618 }
3619
333ae95d 3620 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3621 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3622 MGMT_STATUS_BUSY);
c35938b2
SJ		 3623 goto unlock;
3624 }
3625
2e58ef3e 3626 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3627 if (!cmd) {
3628 err = -ENOMEM;
3629 goto unlock;
3630 }
3631
1b9441f8
JH		 3632 hci_req_init(&req, hdev);
3633
710f11c0 3634 if (bredr_sc_enabled(hdev))
1b9441f8 3635 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3636 else
1b9441f8 3637 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3638
1b9441f8 3639 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3640 if (err < 0)
3641 mgmt_pending_remove(cmd);
3642
3643unlock:
09fd0de5 3644 hci_dev_unlock(hdev);
c35938b2
SJ		 3645 return err;
3646}
3647
bdb6d971 3648static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3649 void *data, u16 len)
2763eda6 3650{
5d57e796 3651 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3652 int err;
3653
bdb6d971 3654 BT_DBG("%s ", hdev->name);
2763eda6 3655
5d57e796 3656 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3657 return mgmt_cmd_complete(sk, hdev->id,
3658 MGMT_OP_ADD_REMOTE_OOB_DATA,
3659 MGMT_STATUS_INVALID_PARAMS,
3660 addr, sizeof(*addr));
5d57e796 3661
09fd0de5 3662 hci_dev_lock(hdev);
2763eda6 3663
ec109113
MH		 3664 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3665 struct mgmt_cp_add_remote_oob_data *cp = data;
3666 u8 status;
bf1e3541 3667
c19a495c 3668 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3669 err = mgmt_cmd_complete(sk, hdev->id,
3670 MGMT_OP_ADD_REMOTE_OOB_DATA,
3671 MGMT_STATUS_INVALID_PARAMS,
3672 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3673 goto unlock;
3674 }
3675
ec109113 3676 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3677 cp->addr.type, cp->hash,
3678 cp->rand, NULL, NULL);
ec109113
MH		 3679 if (err < 0)
3680 status = MGMT_STATUS_FAILED;
3681 else
3682 status = MGMT_STATUS_SUCCESS;
3683
2a1afb5a
JH		 3684 err = mgmt_cmd_complete(sk, hdev->id,
3685 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3686 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3687 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3688 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3689 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3690 u8 status;
3691
86df9200 3692 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3693 /* Enforce zero-valued 192-bit parameters as
3694 * long as legacy SMP OOB isn't implemented.
3695 */
3696 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3697 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3698 err = mgmt_cmd_complete(sk, hdev->id,
3699 MGMT_OP_ADD_REMOTE_OOB_DATA,
3700 MGMT_STATUS_INVALID_PARAMS,
3701 addr, sizeof(*addr));
d25b78e2
JH		 3702 goto unlock;
3703 }
3704
86df9200
JH		 3705 rand192 = NULL;
3706 hash192 = NULL;
3707 } else {
41bcfd50
MH		 3708 /* In case one of the P-192 values is set to zero,
3709 * then just disable OOB data for P-192.
3710 */
3711 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3712 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3713 rand192 = NULL;
3714 hash192 = NULL;
3715 } else {
3716 rand192 = cp->rand192;
3717 hash192 = cp->hash192;
3718 }
3719 }
3720
3721 /* In case one of the P-256 values is set to zero, then just
3722 * disable OOB data for P-256.
3723 */
3724 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3725 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3726 rand256 = NULL;
3727 hash256 = NULL;
3728 } else {
3729 rand256 = cp->rand256;
3730 hash256 = cp->hash256;
86df9200
JH		 3731 }
3732
81328d5c 3733 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3734 cp->addr.type, hash192, rand192,
41bcfd50 3735 hash256, rand256);
ec109113
MH		 3736 if (err < 0)
3737 status = MGMT_STATUS_FAILED;
3738 else
3739 status = MGMT_STATUS_SUCCESS;
3740
2a1afb5a
JH		 3741 err = mgmt_cmd_complete(sk, hdev->id,
3742 MGMT_OP_ADD_REMOTE_OOB_DATA,
3743 status, &cp->addr, sizeof(cp->addr));
ec109113 3744 } else {
2064ee33
MH		 3745 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3746 len);
a69e8375
JH		 3747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3748 MGMT_STATUS_INVALID_PARAMS);
ec109113 3749 }
2763eda6 3750
c19a495c 3751unlock:
09fd0de5 3752 hci_dev_unlock(hdev);
2763eda6
SJ		 3753 return err;
3754}
3755
bdb6d971 3756static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3757 void *data, u16 len)
2763eda6 3758{
650f726d 3759 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3760 u8 status;
2763eda6
SJ		 3761 int err;
3762
bdb6d971 3763 BT_DBG("%s", hdev->name);
2763eda6 3764
c19a495c 3765 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3766 return mgmt_cmd_complete(sk, hdev->id,
3767 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3768 MGMT_STATUS_INVALID_PARAMS,
3769 &cp->addr, sizeof(cp->addr));
c19a495c 3770
09fd0de5 3771 hci_dev_lock(hdev);
2763eda6 3772
eedbd581
JH		 3773 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3774 hci_remote_oob_data_clear(hdev);
3775 status = MGMT_STATUS_SUCCESS;
3776 goto done;
3777 }
3778
6928a924 3779 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3780 if (err < 0)
bf1e3541 3781 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3782 else
a6785be2 3783 status = MGMT_STATUS_SUCCESS;
bf1e3541 3784
eedbd581 3785done:
2a1afb5a
JH		 3786 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3787 status, &cp->addr, sizeof(cp->addr));
2763eda6 3788
09fd0de5 3789 hci_dev_unlock(hdev);
2763eda6
SJ		 3790 return err;
3791}
3792
e68f072b 3793void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3794{
3b0602cd 3795 struct mgmt_pending_cmd *cmd;
ae55f598 3796
7c307720
AG		 3797 BT_DBG("status %d", status);
3798
11e6e25d 3799 hci_dev_lock(hdev);
41dc2bd6 3800
333ae95d 3801 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3802 if (!cmd)
333ae95d 3803 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3804
78b781ca
JH		 3805 if (!cmd)
3806 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3807
11e6e25d 3808 if (cmd) {
2922a94f 3809 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3810 mgmt_pending_remove(cmd);
3811 }
7c307720 3812
11e6e25d 3813 hci_dev_unlock(hdev);
7c307720
AG		 3814}
3815
591752af
JH		 3816static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3817 uint8_t *mgmt_status)
3818{
3819 switch (type) {
3820 case DISCOV_TYPE_LE:
3821 *mgmt_status = mgmt_le_support(hdev);
3822 if (*mgmt_status)
3823 return false;
3824 break;
3825 case DISCOV_TYPE_INTERLEAVED:
3826 *mgmt_status = mgmt_le_support(hdev);
3827 if (*mgmt_status)
3828 return false;
3829 /* Intentional fall-through */
3830 case DISCOV_TYPE_BREDR:
3831 *mgmt_status = mgmt_bredr_support(hdev);
3832 if (*mgmt_status)
3833 return false;
3834 break;
3835 default:
3836 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3837 return false;
3838 }
3839
3840 return true;
3841}
3842
78b781ca
JH		 3843static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3844 u16 op, void *data, u16 len)
14a53664 3845{
650f726d 3846 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3847 struct mgmt_pending_cmd *cmd;
8019044d 3848 u8 status;
14a53664
JH		 3849 int err;
3850
bdb6d971 3851 BT_DBG("%s", hdev->name);
14a53664 3852
09fd0de5 3853 hci_dev_lock(hdev);
14a53664 3854
4b34ee78 3855 if (!hdev_is_powered(hdev)) {
78b781ca 3856 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 3857 MGMT_STATUS_NOT_POWERED,
3858 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3859 goto failed;
3860 }
3861
f5a969f2 3862 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3863 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 3864 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3865 &cp->type, sizeof(cp->type));
642be6c7
AG		 3866 goto failed;
3867 }
3868
591752af 3869 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 3870 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3871 &cp->type, sizeof(cp->type));
591752af
JH		 3872 goto failed;
3873 }
3874
22078800
MH		 3875 /* Clear the discovery filter first to free any previously
3876 * allocated memory for the UUID list.
3877 */
3878 hci_discovery_filter_clear(hdev);
3879
4aab14e5 3880 hdev->discovery.type = cp->type;
da25cf6a 3881 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 3882 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3883 hdev->discovery.limited = true;
3884 else
3885 hdev->discovery.limited = false;
4aab14e5 3886
78b781ca 3887 cmd = mgmt_pending_add(sk, op, hdev, data, len);
e68f072b
JH		 3888 if (!cmd) {
3889 err = -ENOMEM;
04106755 3890 goto failed;
f39799f5 3891 }
04106755 3892
e68f072b 3893 cmd->cmd_complete = generic_cmd_complete;
7c307720 3894
f5a969f2 3895 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3896 queue_work(hdev->req_workqueue, &hdev->discov_update);
3897 err = 0;
7c307720 3898
14a53664 3899failed:
09fd0de5 3900 hci_dev_unlock(hdev);
14a53664
JH		 3901 return err;
3902}
f39799f5 3903
78b781ca
JH		 3904static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3905 void *data, u16 len)
3906{
3907 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3908 data, len);
3909}
3910
3911static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3912 void *data, u16 len)
3913{
3914 return start_discovery_internal(sk, hdev,
3915 MGMT_OP_START_LIMITED_DISCOVERY,
3916 data, len);
3917}
3918
3b0602cd
JH		 3919static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3920 u8 status)
2922a94f 3921{
2a1afb5a
JH		 3922 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3923 cmd->param, 1);
2922a94f 3924}
04106755 3925
66ea9427
JP		 3926static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3927 void *data, u16 len)
3928{
3929 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3930 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3931 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3932 u16 uuid_count, expected_len;
3933 u8 status;
3934 int err;
04106755 3935
66ea9427 3936 BT_DBG("%s", hdev->name);
e8bb6b97 3937
66ea9427 3938 hci_dev_lock(hdev);
7c307720 3939
66ea9427 3940 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3941 err = mgmt_cmd_complete(sk, hdev->id,
3942 MGMT_OP_START_SERVICE_DISCOVERY,
3943 MGMT_STATUS_NOT_POWERED,
3944 &cp->type, sizeof(cp->type));
66ea9427
JP		 3945 goto failed;
3946 }
7c307720 3947
66ea9427 3948 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3949 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3950 err = mgmt_cmd_complete(sk, hdev->id,
3951 MGMT_OP_START_SERVICE_DISCOVERY,
3952 MGMT_STATUS_BUSY, &cp->type,
3953 sizeof(cp->type));
66ea9427
JP		 3954 goto failed;
3955 }
d9483943 3956
66ea9427
JP		 3957 uuid_count = __le16_to_cpu(cp->uuid_count);
3958 if (uuid_count > max_uuid_count) {
2064ee33
MH		 3959 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3960 uuid_count);
2a1afb5a
JH		 3961 err = mgmt_cmd_complete(sk, hdev->id,
3962 MGMT_OP_START_SERVICE_DISCOVERY,
3963 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3964 sizeof(cp->type));
66ea9427
JP		 3965 goto failed;
3966 }
3967
3968 expected_len = sizeof(*cp) + uuid_count * 16;
3969 if (expected_len != len) {
2064ee33
MH		 3970 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3971 expected_len, len);
2a1afb5a
JH		 3972 err = mgmt_cmd_complete(sk, hdev->id,
3973 MGMT_OP_START_SERVICE_DISCOVERY,
3974 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3975 sizeof(cp->type));
66ea9427
JP		 3976 goto failed;
3977 }
3978
591752af
JH		 3979 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3980 err = mgmt_cmd_complete(sk, hdev->id,
3981 MGMT_OP_START_SERVICE_DISCOVERY,
3982 status, &cp->type, sizeof(cp->type));
3983 goto failed;
3984 }
3985
66ea9427 3986 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3987 hdev, data, len);
66ea9427
JP		 3988 if (!cmd) {
3989 err = -ENOMEM;
3990 goto failed;
3991 }
3992
2922a94f
JH		 3993 cmd->cmd_complete = service_discovery_cmd_complete;
3994
22078800
MH		 3995 /* Clear the discovery filter first to free any previously
3996 * allocated memory for the UUID list.
3997 */
3998 hci_discovery_filter_clear(hdev);
3999
82f8b651 4000 hdev->discovery.result_filtering = true;
66ea9427
JP		 4001 hdev->discovery.type = cp->type;
4002 hdev->discovery.rssi = cp->rssi;
4003 hdev->discovery.uuid_count = uuid_count;
4004
4005 if (uuid_count > 0) {
4006 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4007 GFP_KERNEL);
4008 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4009 err = mgmt_cmd_complete(sk, hdev->id,
4010 MGMT_OP_START_SERVICE_DISCOVERY,
4011 MGMT_STATUS_FAILED,
4012 &cp->type, sizeof(cp->type));
d9483943
JH		 4013 mgmt_pending_remove(cmd);
4014 goto failed;
4015 }
66ea9427 4016 }
d9483943 4017
66ea9427 4018 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4019 queue_work(hdev->req_workqueue, &hdev->discov_update);
4020 err = 0;
14a53664
JH		 4021
4022failed:
09fd0de5 4023 hci_dev_unlock(hdev);
14a53664
JH		 4024 return err;
4025}
4026
2154d3f4 4027void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 4028{
3b0602cd 4029 struct mgmt_pending_cmd *cmd;
1183fdca 4030
0e05bba6
AG		 4031 BT_DBG("status %d", status);
4032
4033 hci_dev_lock(hdev);
4034
333ae95d 4035 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4036 if (cmd) {
2922a94f 4037 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4038 mgmt_pending_remove(cmd);
0e05bba6
AG		 4039 }
4040
0e05bba6
AG		 4041 hci_dev_unlock(hdev);
4042}
4043
bdb6d971 4044static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4045 u16 len)
14a53664 4046{
d930650b 4047 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4048 struct mgmt_pending_cmd *cmd;
14a53664
JH		 4049 int err;
4050
bdb6d971 4051 BT_DBG("%s", hdev->name);
14a53664 4052
09fd0de5 4053 hci_dev_lock(hdev);
14a53664 4054
30dc78e1 4055 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4057 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4058 sizeof(mgmt_cp->type));
d930650b
JH		 4059 goto unlock;
4060 }
4061
4062 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4063 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4064 MGMT_STATUS_INVALID_PARAMS,
4065 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4066 goto unlock;
ff9ef578
JH		 4067 }
4068
2922a94f 4069 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4070 if (!cmd) {
4071 err = -ENOMEM;
30dc78e1
JH		 4072 goto unlock;
4073 }
4074
2922a94f
JH		 4075 cmd->cmd_complete = generic_cmd_complete;
4076
2154d3f4
JH		 4077 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4078 queue_work(hdev->req_workqueue, &hdev->discov_update);
4079 err = 0;
14a53664 4080
30dc78e1 4081unlock:
09fd0de5 4082 hci_dev_unlock(hdev);
14a53664
JH		 4083 return err;
4084}
4085
bdb6d971 4086static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4087 u16 len)
561aafbc 4088{
650f726d 4089 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4090 struct inquiry_entry *e;
561aafbc
JH		 4091 int err;
4092
bdb6d971 4093 BT_DBG("%s", hdev->name);
561aafbc 4094
561aafbc
JH		 4095 hci_dev_lock(hdev);
4096
30dc78e1 4097 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4098 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4099 MGMT_STATUS_FAILED, &cp->addr,
4100 sizeof(cp->addr));
30dc78e1
JH		 4101 goto failed;
4102 }
4103
a198e7b1 4104 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4105 if (!e) {
2a1afb5a
JH		 4106 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4107 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4108 sizeof(cp->addr));
561aafbc
JH		 4109 goto failed;
4110 }
4111
4112 if (cp->name_known) {
4113 e->name_state = NAME_KNOWN;
4114 list_del(&e->list);
4115 } else {
4116 e->name_state = NAME_NEEDED;
a3d4e20a 4117 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4118 }
4119
2a1afb5a
JH		 4120 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4121 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4122
4123failed:
4124 hci_dev_unlock(hdev);
561aafbc
JH		 4125 return err;
4126}
4127
bdb6d971 4128static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4129 u16 len)
7fbec224 4130{
650f726d 4131 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4132 u8 status;
7fbec224
AJ		 4133 int err;
4134
bdb6d971 4135 BT_DBG("%s", hdev->name);
7fbec224 4136
4ee71b20 4137 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4138 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4139 MGMT_STATUS_INVALID_PARAMS,
4140 &cp->addr, sizeof(cp->addr));
4ee71b20 4141
09fd0de5 4142 hci_dev_lock(hdev);
5e762444 4143
dcc36c16
JH		 4144 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4145 cp->addr.type);
2a8357f2 4146 if (err < 0) {
f0eeea8b 4147 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4148 goto done;
4149 }
4150
4151 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4152 sk);
4153 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4154
2a8357f2 4155done:
2a1afb5a
JH		 4156 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4157 &cp->addr, sizeof(cp->addr));
5e762444 4158
09fd0de5 4159 hci_dev_unlock(hdev);
7fbec224
AJ		 4160
4161 return err;
4162}
4163
bdb6d971 4164static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4165 u16 len)
7fbec224 4166{
650f726d 4167 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4168 u8 status;
7fbec224
AJ		 4169 int err;
4170
bdb6d971 4171 BT_DBG("%s", hdev->name);
7fbec224 4172
4ee71b20 4173 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4174 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4175 MGMT_STATUS_INVALID_PARAMS,
4176 &cp->addr, sizeof(cp->addr));
4ee71b20 4177
09fd0de5 4178 hci_dev_lock(hdev);
5e762444 4179
dcc36c16
JH		 4180 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4181 cp->addr.type);
2a8357f2 4182 if (err < 0) {
f0eeea8b 4183 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4184 goto done;
4185 }
4186
4187 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4188 sk);
4189 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4190
2a8357f2 4191done:
2a1afb5a
JH		 4192 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4193 &cp->addr, sizeof(cp->addr));
5e762444 4194
09fd0de5 4195 hci_dev_unlock(hdev);
7fbec224
AJ		 4196
4197 return err;
4198}
4199
cdbaccca
MH		 4200static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4201 u16 len)
4202{
4203 struct mgmt_cp_set_device_id *cp = data;
890ea898 4204 struct hci_request req;
cdbaccca 4205 int err;
c72d4b8a 4206 __u16 source;
cdbaccca
MH		 4207
4208 BT_DBG("%s", hdev->name);
4209
c72d4b8a
SJ		 4210 source = __le16_to_cpu(cp->source);
4211
4212 if (source > 0x0002)
a69e8375
JH		 4213 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4214 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4215
cdbaccca
MH		 4216 hci_dev_lock(hdev);
4217
c72d4b8a 4218 hdev->devid_source = source;
cdbaccca
MH		 4219 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4220 hdev->devid_product = __le16_to_cpu(cp->product);
4221 hdev->devid_version = __le16_to_cpu(cp->version);
4222
2a1afb5a
JH		 4223 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4224 NULL, 0);
cdbaccca 4225
890ea898 4226 hci_req_init(&req, hdev);
b1a8917c 4227 __hci_req_update_eir(&req);
890ea898 4228 hci_req_run(&req, NULL);
cdbaccca
MH		 4229
4230 hci_dev_unlock(hdev);
4231
4232 return err;
4233}
4234
24b4f38f
AU		 4235static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4236 u16 opcode)
4237{
4238 BT_DBG("status %d", status);
4239}
4240
1904a853
MH		 4241static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4242 u16 opcode)
4375f103
JH		 4243{
4244 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4245 struct hci_request req;
7816b820
FG		 4246 u8 instance;
4247 struct adv_info *adv_instance;
4248 int err;
4375f103 4249
3ad67582
JK		 4250 hci_dev_lock(hdev);
4251
4375f103
JH		 4252 if (status) {
4253 u8 mgmt_err = mgmt_status(status);
4254
4255 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4256 cmd_status_rsp, &mgmt_err);
3ad67582 4257 goto unlock;
4375f103
JH		 4258 }
4259
d7a5a11d 4260 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4261 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4262 else
a358dc11 4263 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4264
4375f103
JH		 4265 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4266 &match);
4267
4268 new_settings(hdev, match.sk);
4269
4270 if (match.sk)
4271 sock_put(match.sk);
3ad67582 4272
24b4f38f 4273 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 4274 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 4275 */
4276 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 4277 list_empty(&hdev->adv_instances))
24b4f38f
AU		 4278 goto unlock;
4279
7816b820
FG		 4280 instance = hdev->cur_adv_instance;
4281 if (!instance) {
4282 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4283 struct adv_info, list);
4284 if (!adv_instance)
4285 goto unlock;
4286
4287 instance = adv_instance->instance;
4288 }
4289
24b4f38f
AU		 4290 hci_req_init(&req, hdev);
4291
f2252570 4292 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 4293
4294 if (!err)
4295 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 4296
7816b820 4297 if (err)
2064ee33 4298 bt_dev_err(hdev, "failed to re-configure advertising");
24b4f38f 4299
3ad67582
JK		 4300unlock:
4301 hci_dev_unlock(hdev);
4375f103
JH		 4302}
4303
21b5187f
MH		 4304static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4305 u16 len)
4375f103
JH		 4306{
4307 struct mgmt_mode *cp = data;
3b0602cd 4308 struct mgmt_pending_cmd *cmd;
4375f103 4309 struct hci_request req;
cc91cb04 4310 u8 val, status;
4375f103
JH		 4311 int err;
4312
4313 BT_DBG("request for %s", hdev->name);
4314
e6fe7986
JH		 4315 status = mgmt_le_support(hdev);
4316 if (status)
a69e8375
JH		 4317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4318 status);
4375f103 4319
cc91cb04 4320 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4322 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4323
4324 hci_dev_lock(hdev);
4325
4326 val = !!cp->val;
4375f103 4327
f74ca9b8
JH		 4328 /* The following conditions are ones which mean that we should
4329 * not do any HCI communication but directly send a mgmt
4330 * response to user space (after toggling the flag if
4331 * necessary).
4332 */
cc91cb04 4333 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4334 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4335 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4336 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4337 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4338 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4339 bool changed;
4375f103 4340
cc91cb04 4341 if (cp->val) {
cab054ab 4342 hdev->cur_adv_instance = 0x00;
238be788 4343 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4344 if (cp->val == 0x02)
a1536da2 4345 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4346 else
a358dc11 4347 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4348 } else {
a69d8927 4349 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4350 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4351 }
4352
4353 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4354 if (err < 0)
4355 goto unlock;
4356
4357 if (changed)
4358 err = new_settings(hdev, sk);
4359
4360 goto unlock;
4361 }
4362
333ae95d
JH		 4363 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4364 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4365 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4366 MGMT_STATUS_BUSY);
4375f103
JH		 4367 goto unlock;
4368 }
4369
4370 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4371 if (!cmd) {
4372 err = -ENOMEM;
4373 goto unlock;
4374 }
4375
4376 hci_req_init(&req, hdev);
4377
cc91cb04 4378 if (cp->val == 0x02)
a1536da2 4379 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4380 else
a358dc11 4381 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4382
7816b820
FG		 4383 cancel_adv_timeout(hdev);
4384
24b4f38f 4385 if (val) {
7816b820
FG		 4386 /* Switch to instance "0" for the Set Advertising setting.
4387 * We cannot use update_[adv|scan_rsp]_data() here as the
4388 * HCI_ADVERTISING flag is not yet set.
4389 */
cab054ab 4390 hdev->cur_adv_instance = 0x00;
de181e88
JK		 4391
4392 if (ext_adv_capable(hdev)) {
4393 __hci_req_start_ext_adv(&req, 0x00);
4394 } else {
4395 __hci_req_update_adv_data(&req, 0x00);
4396 __hci_req_update_scan_rsp_data(&req, 0x00);
4397 __hci_req_enable_advertising(&req);
4398 }
24b4f38f 4399 } else {
f2252570 4400 __hci_req_disable_advertising(&req);
24b4f38f 4401 }
4375f103
JH		 4402
4403 err = hci_req_run(&req, set_advertising_complete);
4404 if (err < 0)
4405 mgmt_pending_remove(cmd);
4406
4407unlock:
4408 hci_dev_unlock(hdev);
4409 return err;
4410}
4411
d13eafce
MH		 4412static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4413 void *data, u16 len)
4414{
4415 struct mgmt_cp_set_static_address *cp = data;
4416 int err;
4417
4418 BT_DBG("%s", hdev->name);
4419
62af4443 4420 if (!lmp_le_capable(hdev))
a69e8375
JH		 4421 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4422 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4423
4424 if (hdev_is_powered(hdev))
a69e8375
JH		 4425 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4426 MGMT_STATUS_REJECTED);
d13eafce
MH		 4427
4428 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4429 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4430 return mgmt_cmd_status(sk, hdev->id,
4431 MGMT_OP_SET_STATIC_ADDRESS,
4432 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4433
4434 /* Two most significant bits shall be set */
4435 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4436 return mgmt_cmd_status(sk, hdev->id,
4437 MGMT_OP_SET_STATIC_ADDRESS,
4438 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4439 }
4440
4441 hci_dev_lock(hdev);
4442
4443 bacpy(&hdev->static_addr, &cp->bdaddr);
4444
93690c22
MH		 4445 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4446 if (err < 0)
4447 goto unlock;
4448
4449 err = new_settings(hdev, sk);
d13eafce 4450
93690c22 4451unlock:
d13eafce 4452 hci_dev_unlock(hdev);
d13eafce
MH		 4453 return err;
4454}
4455
14b49b9a
MH		 4456static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4457 void *data, u16 len)
4458{
4459 struct mgmt_cp_set_scan_params *cp = data;
4460 __u16 interval, window;
4461 int err;
4462
4463 BT_DBG("%s", hdev->name);
4464
4465 if (!lmp_le_capable(hdev))
a69e8375
JH		 4466 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4467 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4468
4469 interval = __le16_to_cpu(cp->interval);
4470
4471 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4473 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4474
4475 window = __le16_to_cpu(cp->window);
4476
4477 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4478 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4479 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4480
899e1075 4481 if (window > interval)
a69e8375
JH		 4482 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4483 MGMT_STATUS_INVALID_PARAMS);
899e1075 4484
14b49b9a
MH		 4485 hci_dev_lock(hdev);
4486
4487 hdev->le_scan_interval = interval;
4488 hdev->le_scan_window = window;
4489
2a1afb5a
JH		 4490 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4491 NULL, 0);
14b49b9a 4492
dd2ef8e2
AG		 4493 /* If background scan is running, restart it so new parameters are
4494 * loaded.
4495 */
d7a5a11d 4496 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4497 hdev->discovery.state == DISCOVERY_STOPPED) {
4498 struct hci_request req;
4499
4500 hci_req_init(&req, hdev);
4501
4502 hci_req_add_le_scan_disable(&req);
4503 hci_req_add_le_passive_scan(&req);
4504
4505 hci_req_run(&req, NULL);
4506 }
4507
14b49b9a
MH		 4508 hci_dev_unlock(hdev);
4509
4510 return err;
4511}
4512
1904a853
MH		 4513static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4514 u16 opcode)
33e38b3e 4515{
3b0602cd 4516 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4517
4518 BT_DBG("status 0x%02x", status);
4519
4520 hci_dev_lock(hdev);
4521
333ae95d 4522 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4523 if (!cmd)
4524 goto unlock;
4525
4526 if (status) {
a69e8375
JH		 4527 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4528 mgmt_status(status));
33e38b3e 4529 } else {
1a4d3c4b
JH		 4530 struct mgmt_mode *cp = cmd->param;
4531
4532 if (cp->val)
a1536da2 4533 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4534 else
a358dc11 4535 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4536
33e38b3e
JH		 4537 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4538 new_settings(hdev, cmd->sk);
4539 }
4540
4541 mgmt_pending_remove(cmd);
4542
4543unlock:
4544 hci_dev_unlock(hdev);
4545}
4546
bdb6d971 4547static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4548 void *data, u16 len)
f6422ec6 4549{
650f726d 4550 struct mgmt_mode *cp = data;
3b0602cd 4551 struct mgmt_pending_cmd *cmd;
33e38b3e 4552 struct hci_request req;
f6422ec6
AJ		 4553 int err;
4554
bdb6d971 4555 BT_DBG("%s", hdev->name);
f6422ec6 4556
d7a5a11d 4557 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4558 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4559 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4560 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4561
a7e80f25 4562 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4563 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4564 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4565
f6422ec6
AJ		 4566 hci_dev_lock(hdev);
4567
333ae95d 4568 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4569 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4570 MGMT_STATUS_BUSY);
05cbf29f
JH		 4571 goto unlock;
4572 }
4573
d7a5a11d 4574 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4575 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4576 hdev);
4577 goto unlock;
4578 }
4579
406ef2a6 4580 if (!hdev_is_powered(hdev)) {
ce05d603 4581 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4582 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4583 hdev);
4584 new_settings(hdev, sk);
4585 goto unlock;
4586 }
4587
33e38b3e
JH		 4588 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4589 data, len);
4590 if (!cmd) {
4591 err = -ENOMEM;
4592 goto unlock;
f6422ec6
AJ		 4593 }
4594
33e38b3e
JH		 4595 hci_req_init(&req, hdev);
4596
bf943cbf 4597 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4598
4599 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4600 if (err < 0) {
a69e8375
JH		 4601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4602 MGMT_STATUS_FAILED);
33e38b3e 4603 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4604 }
4605
33e38b3e 4606unlock:
f6422ec6 4607 hci_dev_unlock(hdev);
33e38b3e 4608
f6422ec6
AJ		 4609 return err;
4610}
4611
1904a853 4612static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4613{
3b0602cd 4614 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4615
4616 BT_DBG("status 0x%02x", status);
4617
4618 hci_dev_lock(hdev);
4619
333ae95d 4620 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4621 if (!cmd)
4622 goto unlock;
4623
4624 if (status) {
4625 u8 mgmt_err = mgmt_status(status);
4626
4627 /* We need to restore the flag if related HCI commands
4628 * failed.
4629 */
a358dc11 4630 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4631
a69e8375 4632 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4633 } else {
4634 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4635 new_settings(hdev, cmd->sk);
4636 }
4637
4638 mgmt_pending_remove(cmd);
4639
4640unlock:
4641 hci_dev_unlock(hdev);
4642}
4643
4644static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4645{
4646 struct mgmt_mode *cp = data;
3b0602cd 4647 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4648 struct hci_request req;
4649 int err;
4650
4651 BT_DBG("request for %s", hdev->name);
4652
4653 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4654 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4655 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4656
d7a5a11d 4657 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4658 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4659 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4660
4661 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4662 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4663 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4664
4665 hci_dev_lock(hdev);
4666
d7a5a11d 4667 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4668 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4669 goto unlock;
4670 }
4671
4672 if (!hdev_is_powered(hdev)) {
4673 if (!cp->val) {
a358dc11
MH		 4674 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4675 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4676 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4677 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4678 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4679 }
4680
ce05d603 4681 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4682
4683 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4684 if (err < 0)
4685 goto unlock;
4686
4687 err = new_settings(hdev, sk);
4688 goto unlock;
4689 }
4690
4691 /* Reject disabling when powered on */
4692 if (!cp->val) {
a69e8375
JH		 4693 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4694 MGMT_STATUS_REJECTED);
0663ca2a 4695 goto unlock;
111e4bcc
MH		 4696 } else {
4697 /* When configuring a dual-mode controller to operate
4698 * with LE only and using a static address, then switching
4699 * BR/EDR back on is not allowed.
4700 *
4701 * Dual-mode controllers shall operate with the public
4702 * address as its identity address for BR/EDR and LE. So
4703 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4704 *
4705 * The same restrictions applies when secure connections
4706 * has been enabled. For BR/EDR this is a controller feature
4707 * while for LE it is a host stack feature. This means that
4708 * switching BR/EDR back on when secure connections has been
4709 * enabled is not a supported transaction.
111e4bcc 4710 */
d7a5a11d 4711 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4712 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4713 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4714 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4715 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4716 goto unlock;
4717 }
0663ca2a
JH		 4718 }
4719
333ae95d 4720 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4721 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4722 MGMT_STATUS_BUSY);
0663ca2a
JH		 4723 goto unlock;
4724 }
4725
4726 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4727 if (!cmd) {
4728 err = -ENOMEM;
4729 goto unlock;
4730 }
4731
f2252570
JH		 4732 /* We need to flip the bit already here so that
4733 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4734 */
a1536da2 4735 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4736
4737 hci_req_init(&req, hdev);
aa8af46e 4738
bf943cbf 4739 __hci_req_write_fast_connectable(&req, false);
01b1cb87 4740 __hci_req_update_scan(&req);
aa8af46e 4741
f14d8f64
MH		 4742 /* Since only the advertising data flags will change, there
4743 * is no need to update the scan response data.
4744 */
cab054ab 4745 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
aa8af46e 4746
0663ca2a
JH		 4747 err = hci_req_run(&req, set_bredr_complete);
4748 if (err < 0)
4749 mgmt_pending_remove(cmd);
4750
4751unlock:
4752 hci_dev_unlock(hdev);
4753 return err;
4754}
4755
a1443f5a
JH		 4756static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4757{
3b0602cd 4758 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4759 struct mgmt_mode *cp;
4760
4761 BT_DBG("%s status %u", hdev->name, status);
4762
4763 hci_dev_lock(hdev);
4764
333ae95d 4765 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4766 if (!cmd)
4767 goto unlock;
4768
4769 if (status) {
a69e8375
JH		 4770 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4771 mgmt_status(status));
a1443f5a
JH		 4772 goto remove;
4773 }
4774
4775 cp = cmd->param;
4776
4777 switch (cp->val) {
4778 case 0x00:
a358dc11
MH		 4779 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4780 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4781 break;
4782 case 0x01:
a1536da2 4783 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4784 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4785 break;
4786 case 0x02:
a1536da2
MH		 4787 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4788 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4789 break;
4790 }
4791
4792 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4793 new_settings(hdev, cmd->sk);
4794
4795remove:
4796 mgmt_pending_remove(cmd);
4797unlock:
4798 hci_dev_unlock(hdev);
4799}
4800
eac83dc6
MH		 4801static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4802 void *data, u16 len)
4803{
4804 struct mgmt_mode *cp = data;
3b0602cd 4805 struct mgmt_pending_cmd *cmd;
a1443f5a 4806 struct hci_request req;
a3209694 4807 u8 val;
eac83dc6
MH		 4808 int err;
4809
4810 BT_DBG("request for %s", hdev->name);
4811
05b3c3e7 4812 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4813 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4814 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4815 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4816
d7a5a11d 4817 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4818 lmp_sc_capable(hdev) &&
d7a5a11d 4819 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4820 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4821 MGMT_STATUS_REJECTED);
ed93ec69 4822
0ab04a9c 4823 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4824 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4825 MGMT_STATUS_INVALID_PARAMS);
4826
4827 hci_dev_lock(hdev);
4828
05b3c3e7 4829 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4830 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4831 bool changed;
4832
0ab04a9c 4833 if (cp->val) {
238be788
MH		 4834 changed = !hci_dev_test_and_set_flag(hdev,
4835 HCI_SC_ENABLED);
0ab04a9c 4836 if (cp->val == 0x02)
a1536da2 4837 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4838 else
a358dc11 4839 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4840 } else {
a69d8927
MH		 4841 changed = hci_dev_test_and_clear_flag(hdev,
4842 HCI_SC_ENABLED);
a358dc11 4843 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4844 }
eac83dc6
MH		 4845
4846 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4847 if (err < 0)
4848 goto failed;
4849
4850 if (changed)
4851 err = new_settings(hdev, sk);
4852
4853 goto failed;
4854 }
4855
333ae95d 4856 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4857 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4858 MGMT_STATUS_BUSY);
eac83dc6
MH		 4859 goto failed;
4860 }
4861
0ab04a9c
MH		 4862 val = !!cp->val;
4863
d7a5a11d
MH		 4864 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4865 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4866 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4867 goto failed;
4868 }
4869
4870 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4871 if (!cmd) {
4872 err = -ENOMEM;
4873 goto failed;
4874 }
4875
a1443f5a
JH		 4876 hci_req_init(&req, hdev);
4877 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4878 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4879 if (err < 0) {
4880 mgmt_pending_remove(cmd);
4881 goto failed;
4882 }
4883
4884failed:
4885 hci_dev_unlock(hdev);
4886 return err;
4887}
4888
4e39ac81
MH		 4889static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4890 void *data, u16 len)
4891{
4892 struct mgmt_mode *cp = data;
b9710979 4893 bool changed, use_changed;
4e39ac81
MH		 4894 int err;
4895
4896 BT_DBG("request for %s", hdev->name);
4897
b9710979 4898 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4899 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4900 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4901
4902 hci_dev_lock(hdev);
4903
4904 if (cp->val)
238be788 4905 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4906 else
a69d8927
MH		 4907 changed = hci_dev_test_and_clear_flag(hdev,
4908 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4909
b9710979 4910 if (cp->val == 0x02)
238be788
MH		 4911 use_changed = !hci_dev_test_and_set_flag(hdev,
4912 HCI_USE_DEBUG_KEYS);
b9710979 4913 else
a69d8927
MH		 4914 use_changed = hci_dev_test_and_clear_flag(hdev,
4915 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4916
4917 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4918 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4919 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4920 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4921 sizeof(mode), &mode);
4922 }
4923
4e39ac81
MH		 4924 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4925 if (err < 0)
4926 goto unlock;
4927
4928 if (changed)
4929 err = new_settings(hdev, sk);
4930
4931unlock:
4932 hci_dev_unlock(hdev);
4933 return err;
4934}
4935
62b04cd1
JH		 4936static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4937 u16 len)
4938{
4939 struct mgmt_cp_set_privacy *cp = cp_data;
4940 bool changed;
4941 int err;
4942
4943 BT_DBG("request for %s", hdev->name);
4944
4945 if (!lmp_le_capable(hdev))
a69e8375
JH		 4946 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4947 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 4948
82a37ade 4949 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 4950 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4951 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4952
4953 if (hdev_is_powered(hdev))
a69e8375
JH		 4954 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4955 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4956
4957 hci_dev_lock(hdev);
4958
c21c0ea0
JH		 4959 /* If user space supports this command it is also expected to
4960 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4961 */
a1536da2 4962 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4963
62b04cd1 4964 if (cp->privacy) {
238be788 4965 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4966 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4967 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 4968 hci_adv_instances_set_rpa_expired(hdev, true);
82a37ade
JH		 4969 if (cp->privacy == 0x02)
4970 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4971 else
4972 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 4973 } else {
a69d8927 4974 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4975 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4976 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 4977 hci_adv_instances_set_rpa_expired(hdev, false);
82a37ade 4978 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 4979 }
4980
4981 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4982 if (err < 0)
4983 goto unlock;
4984
4985 if (changed)
4986 err = new_settings(hdev, sk);
4987
4988unlock:
4989 hci_dev_unlock(hdev);
4990 return err;
4991}
4992
41edf160
JH		 4993static bool irk_is_valid(struct mgmt_irk_info *irk)
4994{
4995 switch (irk->addr.type) {
4996 case BDADDR_LE_PUBLIC:
4997 return true;
4998
4999 case BDADDR_LE_RANDOM:
5000 /* Two most significant bits shall be set */
5001 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5002 return false;
5003 return true;
5004 }
5005
5006 return false;
5007}
5008
5009static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5010 u16 len)
5011{
5012 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5013 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5014 sizeof(struct mgmt_irk_info));
41edf160
JH		 5015 u16 irk_count, expected_len;
5016 int i, err;
5017
5018 BT_DBG("request for %s", hdev->name);
5019
5020 if (!lmp_le_capable(hdev))
a69e8375
JH		 5021 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5022 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5023
5024 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936 5025 if (irk_count > max_irk_count) {
2064ee33
MH		 5026 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5027 irk_count);
a69e8375
JH		 5028 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5029 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5030 }
41edf160 5031
5bec1fb8 5032 expected_len = struct_size(cp, irks, irk_count);
41edf160 5033 if (expected_len != len) {
2064ee33
MH		 5034 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5035 expected_len, len);
a69e8375
JH		 5036 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5037 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5038 }
5039
5040 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5041
5042 for (i = 0; i < irk_count; i++) {
5043 struct mgmt_irk_info *key = &cp->irks[i];
5044
5045 if (!irk_is_valid(key))
a69e8375
JH		 5046 return mgmt_cmd_status(sk, hdev->id,
5047 MGMT_OP_LOAD_IRKS,
5048 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5049 }
5050
5051 hci_dev_lock(hdev);
5052
5053 hci_smp_irks_clear(hdev);
5054
5055 for (i = 0; i < irk_count; i++) {
5056 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 5057
85813a7e
JH		 5058 hci_add_irk(hdev, &irk->addr.bdaddr,
5059 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 5060 BDADDR_ANY);
5061 }
5062
a1536da2 5063 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5064
2a1afb5a 5065 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5066
5067 hci_dev_unlock(hdev);
5068
5069 return err;
5070}
5071
3f706b72
JH		 5072static bool ltk_is_valid(struct mgmt_ltk_info *key)
5073{
5074 if (key->master != 0x00 && key->master != 0x01)
5075 return false;
490cb0b3
MH		 5076
5077 switch (key->addr.type) {
5078 case BDADDR_LE_PUBLIC:
5079 return true;
5080
5081 case BDADDR_LE_RANDOM:
5082 /* Two most significant bits shall be set */
5083 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5084 return false;
5085 return true;
5086 }
5087
5088 return false;
3f706b72
JH		 5089}
5090
bdb6d971 5091static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5092 void *cp_data, u16 len)
346af67b 5093{
346af67b 5094 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5095 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5096 sizeof(struct mgmt_ltk_info));
346af67b 5097 u16 key_count, expected_len;
715a5bf2 5098 int i, err;
346af67b 5099
cf99ba13
MH		 5100 BT_DBG("request for %s", hdev->name);
5101
5102 if (!lmp_le_capable(hdev))
a69e8375
JH		 5103 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5104 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5105
1f350c87 5106 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 5107 if (key_count > max_key_count) {
2064ee33
MH		 5108 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5109 key_count);
a69e8375
JH		 5110 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5111 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5112 }
346af67b 5113
5bec1fb8 5114 expected_len = struct_size(cp, keys, key_count);
346af67b 5115 if (expected_len != len) {
2064ee33
MH		 5116 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5117 expected_len, len);
a69e8375
JH		 5118 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5119 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5120 }
5121
bdb6d971 5122 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5123
54ad6d8a
JH		 5124 for (i = 0; i < key_count; i++) {
5125 struct mgmt_ltk_info *key = &cp->keys[i];
5126
3f706b72 5127 if (!ltk_is_valid(key))
a69e8375
JH		 5128 return mgmt_cmd_status(sk, hdev->id,
5129 MGMT_OP_LOAD_LONG_TERM_KEYS,
5130 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5131 }
5132
346af67b
VCG		 5133 hci_dev_lock(hdev);
5134
5135 hci_smp_ltks_clear(hdev);
5136
5137 for (i = 0; i < key_count; i++) {
5138 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 5139 u8 type, authenticated;
346af67b 5140
61b43357
JH		 5141 switch (key->type) {
5142 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5143 authenticated = 0x00;
23fb8de3 5144 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5145 break;
5146 case MGMT_LTK_AUTHENTICATED:
d7b25450 5147 authenticated = 0x01;
23fb8de3
JH		 5148 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5149 break;
5150 case MGMT_LTK_P256_UNAUTH:
5151 authenticated = 0x00;
5152 type = SMP_LTK_P256;
61b43357 5153 break;
23fb8de3
JH		 5154 case MGMT_LTK_P256_AUTH:
5155 authenticated = 0x01;
5156 type = SMP_LTK_P256;
61b43357 5157 break;
23fb8de3
JH		 5158 case MGMT_LTK_P256_DEBUG:
5159 authenticated = 0x00;
5160 type = SMP_LTK_P256_DEBUG;
9ea47132 5161 /* fall through */
61b43357
JH		 5162 default:
5163 continue;
5164 }
d7b25450 5165
85813a7e
JH		 5166 hci_add_ltk(hdev, &key->addr.bdaddr,
5167 le_addr_type(key->addr.type), type, authenticated,
5168 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 5169 }
5170
2a1afb5a 5171 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5172 NULL, 0);
5173
346af67b 5174 hci_dev_unlock(hdev);
346af67b 5175
715a5bf2 5176 return err;
346af67b
VCG		 5177}
5178
3b0602cd 5179static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5180{
dd983808 5181 struct hci_conn *conn = cmd->user_data;
9981bdb0 5182 struct mgmt_rp_get_conn_info rp;
9df74653 5183 int err;
dd983808 5184
9981bdb0 5185 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5186
9981bdb0 5187 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5188 rp.rssi = conn->rssi;
9981bdb0
JH		 5189 rp.tx_power = conn->tx_power;
5190 rp.max_tx_power = conn->max_tx_power;
5191 } else {
5192 rp.rssi = HCI_RSSI_INVALID;
5193 rp.tx_power = HCI_TX_POWER_INVALID;
5194 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5195 }
5196
2a1afb5a
JH		 5197 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5198 status, &rp, sizeof(rp));
dd983808
AK		 5199
5200 hci_conn_drop(conn);
f8aaf9b6 5201 hci_conn_put(conn);
9df74653
JH		 5202
5203 return err;
dd983808
AK		 5204}
5205
1904a853
MH		 5206static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5207 u16 opcode)
dd983808
AK		 5208{
5209 struct hci_cp_read_rssi *cp;
3b0602cd 5210 struct mgmt_pending_cmd *cmd;
dd983808 5211 struct hci_conn *conn;
dd983808 5212 u16 handle;
9981bdb0 5213 u8 status;
dd983808 5214
9981bdb0 5215 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5216
5217 hci_dev_lock(hdev);
5218
dd983808
AK		 5219 /* Commands sent in request are either Read RSSI or Read Transmit Power
5220 * Level so we check which one was last sent to retrieve connection
5221 * handle. Both commands have handle as first parameter so it's safe to
5222 * cast data on the same command struct.
5223 *
5224 * First command sent is always Read RSSI and we fail only if it fails.
5225 * In other case we simply override error to indicate success as we
5226 * already remembered if TX power value is actually valid.
5227 */
5228 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5229 if (!cp) {
5230 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5231 status = MGMT_STATUS_SUCCESS;
5232 } else {
5233 status = mgmt_status(hci_status);
dd983808
AK		 5234 }
5235
5236 if (!cp) {
2064ee33 5237 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
dd983808
AK		 5238 goto unlock;
5239 }
5240
5241 handle = __le16_to_cpu(cp->handle);
5242 conn = hci_conn_hash_lookup_handle(hdev, handle);
5243 if (!conn) {
2064ee33
MH		 5244 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5245 handle);
dd983808
AK		 5246 goto unlock;
5247 }
5248
333ae95d 5249 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5250 if (!cmd)
5251 goto unlock;
dd983808 5252
9981bdb0
JH		 5253 cmd->cmd_complete(cmd, status);
5254 mgmt_pending_remove(cmd);
dd983808
AK		 5255
5256unlock:
5257 hci_dev_unlock(hdev);
5258}
5259
5260static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5261 u16 len)
5262{
5263 struct mgmt_cp_get_conn_info *cp = data;
5264 struct mgmt_rp_get_conn_info rp;
5265 struct hci_conn *conn;
5266 unsigned long conn_info_age;
5267 int err = 0;
5268
5269 BT_DBG("%s", hdev->name);
5270
5271 memset(&rp, 0, sizeof(rp));
5272 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5273 rp.addr.type = cp->addr.type;
5274
5275 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5276 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5277 MGMT_STATUS_INVALID_PARAMS,
5278 &rp, sizeof(rp));
dd983808
AK		 5279
5280 hci_dev_lock(hdev);
5281
5282 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5283 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5284 MGMT_STATUS_NOT_POWERED, &rp,
5285 sizeof(rp));
dd983808
AK		 5286 goto unlock;
5287 }
5288
5289 if (cp->addr.type == BDADDR_BREDR)
5290 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5291 &cp->addr.bdaddr);
5292 else
5293 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5294
5295 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5296 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5297 MGMT_STATUS_NOT_CONNECTED, &rp,
5298 sizeof(rp));
dd983808
AK		 5299 goto unlock;
5300 }
5301
333ae95d 5302 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5303 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5304 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5305 goto unlock;
5306 }
5307
dd983808
AK		 5308 /* To avoid client trying to guess when to poll again for information we
5309 * calculate conn info age as random value between min/max set in hdev.
5310 */
5311 conn_info_age = hdev->conn_info_min_age +
5312 prandom_u32_max(hdev->conn_info_max_age -
5313 hdev->conn_info_min_age);
5314
5315 /* Query controller to refresh cached values if they are too old or were
5316 * never read.
5317 */
f4e2dd53
AK		 5318 if (time_after(jiffies, conn->conn_info_timestamp +
5319 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5320 !conn->conn_info_timestamp) {
5321 struct hci_request req;
5322 struct hci_cp_read_tx_power req_txp_cp;
5323 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5324 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5325
5326 hci_req_init(&req, hdev);
5327 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5328 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5329 &req_rssi_cp);
5330
f7faab0c
AK		 5331 /* For LE links TX power does not change thus we don't need to
5332 * query for it once value is known.
5333 */
5334 if (!bdaddr_type_is_le(cp->addr.type) ||
5335 conn->tx_power == HCI_TX_POWER_INVALID) {
5336 req_txp_cp.handle = cpu_to_le16(conn->handle);
5337 req_txp_cp.type = 0x00;
5338 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5339 sizeof(req_txp_cp), &req_txp_cp);
5340 }
dd983808 5341
eed5daf3
AK		 5342 /* Max TX power needs to be read only once per connection */
5343 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5344 req_txp_cp.handle = cpu_to_le16(conn->handle);
5345 req_txp_cp.type = 0x01;
5346 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5347 sizeof(req_txp_cp), &req_txp_cp);
5348 }
5349
dd983808
AK		 5350 err = hci_req_run(&req, conn_info_refresh_complete);
5351 if (err < 0)
5352 goto unlock;
5353
5354 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5355 data, len);
5356 if (!cmd) {
5357 err = -ENOMEM;
5358 goto unlock;
5359 }
5360
5361 hci_conn_hold(conn);
f8aaf9b6 5362 cmd->user_data = hci_conn_get(conn);
9981bdb0 5363 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5364
5365 conn->conn_info_timestamp = jiffies;
5366 } else {
5367 /* Cache is valid, just reply with values cached in hci_conn */
5368 rp.rssi = conn->rssi;
5369 rp.tx_power = conn->tx_power;
eed5daf3 5370 rp.max_tx_power = conn->max_tx_power;
dd983808 5371
2a1afb5a
JH		 5372 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5373 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5374 }
5375
5376unlock:
5377 hci_dev_unlock(hdev);
5378 return err;
5379}
5380
3b0602cd 5381static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5382{
69487371 5383 struct hci_conn *conn = cmd->user_data;
95868426 5384 struct mgmt_rp_get_clock_info rp;
69487371 5385 struct hci_dev *hdev;
9df74653 5386 int err;
69487371
JH		 5387
5388 memset(&rp, 0, sizeof(rp));
56f787c5 5389 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
69487371
JH		 5390
5391 if (status)
5392 goto complete;
5393
5394 hdev = hci_dev_get(cmd->index);
5395 if (hdev) {
5396 rp.local_clock = cpu_to_le32(hdev->clock);
5397 hci_dev_put(hdev);
5398 }
5399
5400 if (conn) {
5401 rp.piconet_clock = cpu_to_le32(conn->clock);
5402 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5403 }
5404
5405complete:
2a1afb5a
JH		 5406 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5407 sizeof(rp));
69487371
JH		 5408
5409 if (conn) {
5410 hci_conn_drop(conn);
5411 hci_conn_put(conn);
5412 }
9df74653
JH		 5413
5414 return err;
69487371
JH		 5415}
5416
1904a853 5417static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5418{
95868426 5419 struct hci_cp_read_clock *hci_cp;
3b0602cd 5420 struct mgmt_pending_cmd *cmd;
95868426
JH		 5421 struct hci_conn *conn;
5422
5423 BT_DBG("%s status %u", hdev->name, status);
5424
5425 hci_dev_lock(hdev);
5426
5427 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5428 if (!hci_cp)
5429 goto unlock;
5430
5431 if (hci_cp->which) {
5432 u16 handle = __le16_to_cpu(hci_cp->handle);
5433 conn = hci_conn_hash_lookup_handle(hdev, handle);
5434 } else {
5435 conn = NULL;
5436 }
5437
333ae95d 5438 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5439 if (!cmd)
5440 goto unlock;
5441
69487371 5442 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5443 mgmt_pending_remove(cmd);
95868426
JH		 5444
5445unlock:
5446 hci_dev_unlock(hdev);
5447}
5448
5449static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5450 u16 len)
5451{
5452 struct mgmt_cp_get_clock_info *cp = data;
5453 struct mgmt_rp_get_clock_info rp;
5454 struct hci_cp_read_clock hci_cp;
3b0602cd 5455 struct mgmt_pending_cmd *cmd;
95868426
JH		 5456 struct hci_request req;
5457 struct hci_conn *conn;
5458 int err;
5459
5460 BT_DBG("%s", hdev->name);
5461
5462 memset(&rp, 0, sizeof(rp));
5463 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5464 rp.addr.type = cp->addr.type;
5465
5466 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5467 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5468 MGMT_STATUS_INVALID_PARAMS,
5469 &rp, sizeof(rp));
95868426
JH		 5470
5471 hci_dev_lock(hdev);
5472
5473 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5474 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5475 MGMT_STATUS_NOT_POWERED, &rp,
5476 sizeof(rp));
95868426
JH		 5477 goto unlock;
5478 }
5479
5480 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5481 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5482 &cp->addr.bdaddr);
5483 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5484 err = mgmt_cmd_complete(sk, hdev->id,
5485 MGMT_OP_GET_CLOCK_INFO,
5486 MGMT_STATUS_NOT_CONNECTED,
5487 &rp, sizeof(rp));
95868426
JH		 5488 goto unlock;
5489 }
5490 } else {
5491 conn = NULL;
5492 }
5493
5494 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5495 if (!cmd) {
5496 err = -ENOMEM;
5497 goto unlock;
5498 }
5499
69487371
JH		 5500 cmd->cmd_complete = clock_info_cmd_complete;
5501
95868426
JH		 5502 hci_req_init(&req, hdev);
5503
5504 memset(&hci_cp, 0, sizeof(hci_cp));
5505 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5506
5507 if (conn) {
5508 hci_conn_hold(conn);
f8aaf9b6 5509 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5510
5511 hci_cp.handle = cpu_to_le16(conn->handle);
5512 hci_cp.which = 0x01; /* Piconet clock */
5513 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5514 }
5515
5516 err = hci_req_run(&req, get_clock_info_complete);
5517 if (err < 0)
5518 mgmt_pending_remove(cmd);
5519
5520unlock:
5521 hci_dev_unlock(hdev);
5522 return err;
5523}
5524
5a154e6f
JH		 5525static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5526{
5527 struct hci_conn *conn;
5528
5529 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5530 if (!conn)
5531 return false;
5532
5533 if (conn->dst_type != type)
5534 return false;
5535
5536 if (conn->state != BT_CONNECTED)
5537 return false;
5538
5539 return true;
5540}
5541
5542/* This function requires the caller holds hdev->lock */
51d7a94d 5543static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5544 u8 addr_type, u8 auto_connect)
5545{
5a154e6f
JH		 5546 struct hci_conn_params *params;
5547
5548 params = hci_conn_params_add(hdev, addr, addr_type);
5549 if (!params)
5550 return -EIO;
5551
5552 if (params->auto_connect == auto_connect)
5553 return 0;
5554
5555 list_del_init(&params->action);
5556
5557 switch (auto_connect) {
5558 case HCI_AUTO_CONN_DISABLED:
5559 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5560 /* If auto connect is being disabled when we're trying to
5561 * connect to device, keep connecting.
5562 */
5563 if (params->explicit_connect)
5564 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5565 break;
5566 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5567 if (params->explicit_connect)
5568 list_add(&params->action, &hdev->pend_le_conns);
5569 else
5570 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5571 break;
5572 case HCI_AUTO_CONN_DIRECT:
5573 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5574 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5575 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5576 break;
5577 }
5578
5579 params->auto_connect = auto_connect;
5580
5581 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5582 auto_connect);
5583
5584 return 0;
5585}
5586
8afef092
MH		 5587static void device_added(struct sock *sk, struct hci_dev *hdev,
5588 bdaddr_t *bdaddr, u8 type, u8 action)
5589{
5590 struct mgmt_ev_device_added ev;
5591
5592 bacpy(&ev.addr.bdaddr, bdaddr);
5593 ev.addr.type = type;
5594 ev.action = action;
5595
5596 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5597}
5598
2faade53
MH		 5599static int add_device(struct sock *sk, struct hci_dev *hdev,
5600 void *data, u16 len)
5601{
5602 struct mgmt_cp_add_device *cp = data;
5603 u8 auto_conn, addr_type;
5604 int err;
5605
5606 BT_DBG("%s", hdev->name);
5607
6659358e 5608 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5609 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5610 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5611 MGMT_STATUS_INVALID_PARAMS,
5612 &cp->addr, sizeof(cp->addr));
2faade53 5613
4b9e7e75 5614 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5615 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5616 MGMT_STATUS_INVALID_PARAMS,
5617 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5618
5619 hci_dev_lock(hdev);
5620
6659358e 5621 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5622 /* Only incoming connections action is supported for now */
6659358e 5623 if (cp->action != 0x01) {
51d7a94d
JH		 5624 err = mgmt_cmd_complete(sk, hdev->id,
5625 MGMT_OP_ADD_DEVICE,
5626 MGMT_STATUS_INVALID_PARAMS,
5627 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5628 goto unlock;
5629 }
5630
5631 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5632 cp->addr.type);
5633 if (err)
5634 goto unlock;
a397407f 5635
01b1cb87 5636 hci_req_update_scan(hdev);
a397407f 5637
6659358e
JH		 5638 goto added;
5639 }
5640
85813a7e 5641 addr_type = le_addr_type(cp->addr.type);
2faade53 5642
4b9e7e75 5643 if (cp->action == 0x02)
2faade53 5644 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5645 else if (cp->action == 0x01)
5646 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5647 else
a3451d27 5648 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5649
9a0a8a8e
JP		 5650 /* Kernel internally uses conn_params with resolvable private
5651 * address, but Add Device allows only identity addresses.
5652 * Make sure it is enforced before calling
5653 * hci_conn_params_lookup.
5654 */
5655 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5656 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5657 MGMT_STATUS_INVALID_PARAMS,
5658 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5659 goto unlock;
5660 }
5661
bf5b3c8b
MH		 5662 /* If the connection parameters don't exist for this device,
5663 * they will be created and configured with defaults.
5664 */
51d7a94d 5665 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5666 auto_conn) < 0) {
51d7a94d
JH		 5667 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5668 MGMT_STATUS_FAILED, &cp->addr,
5669 sizeof(cp->addr));
2faade53
MH		 5670 goto unlock;
5671 }
5672
51d7a94d
JH		 5673 hci_update_background_scan(hdev);
5674
6659358e 5675added:
8afef092
MH		 5676 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5677
51d7a94d
JH		 5678 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5679 MGMT_STATUS_SUCCESS, &cp->addr,
5680 sizeof(cp->addr));
2faade53
MH		 5681
5682unlock:
5683 hci_dev_unlock(hdev);
5684 return err;
5685}
5686
8afef092
MH		 5687static void device_removed(struct sock *sk, struct hci_dev *hdev,
5688 bdaddr_t *bdaddr, u8 type)
5689{
5690 struct mgmt_ev_device_removed ev;
5691
5692 bacpy(&ev.addr.bdaddr, bdaddr);
5693 ev.addr.type = type;
5694
5695 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5696}
5697
2faade53
MH		 5698static int remove_device(struct sock *sk, struct hci_dev *hdev,
5699 void *data, u16 len)
5700{
5701 struct mgmt_cp_remove_device *cp = data;
5702 int err;
5703
5704 BT_DBG("%s", hdev->name);
5705
5706 hci_dev_lock(hdev);
5707
5708 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5709 struct hci_conn_params *params;
2faade53
MH		 5710 u8 addr_type;
5711
6659358e 5712 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5713 err = mgmt_cmd_complete(sk, hdev->id,
5714 MGMT_OP_REMOVE_DEVICE,
5715 MGMT_STATUS_INVALID_PARAMS,
5716 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5717 goto unlock;
5718 }
5719
6659358e
JH		 5720 if (cp->addr.type == BDADDR_BREDR) {
5721 err = hci_bdaddr_list_del(&hdev->whitelist,
5722 &cp->addr.bdaddr,
5723 cp->addr.type);
5724 if (err) {
51d7a94d
JH		 5725 err = mgmt_cmd_complete(sk, hdev->id,
5726 MGMT_OP_REMOVE_DEVICE,
5727 MGMT_STATUS_INVALID_PARAMS,
5728 &cp->addr,
5729 sizeof(cp->addr));
6659358e
JH		 5730 goto unlock;
5731 }
5732
01b1cb87 5733 hci_req_update_scan(hdev);
a397407f 5734
6659358e
JH		 5735 device_removed(sk, hdev, &cp->addr.bdaddr,
5736 cp->addr.type);
5737 goto complete;
5738 }
5739
85813a7e 5740 addr_type = le_addr_type(cp->addr.type);
2faade53 5741
9a0a8a8e
JP		 5742 /* Kernel internally uses conn_params with resolvable private
5743 * address, but Remove Device allows only identity addresses.
5744 * Make sure it is enforced before calling
5745 * hci_conn_params_lookup.
5746 */
5747 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5748 err = mgmt_cmd_complete(sk, hdev->id,
5749 MGMT_OP_REMOVE_DEVICE,
5750 MGMT_STATUS_INVALID_PARAMS,
5751 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5752 goto unlock;
5753 }
5754
c71593dd
JH		 5755 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5756 addr_type);
5757 if (!params) {
51d7a94d
JH		 5758 err = mgmt_cmd_complete(sk, hdev->id,
5759 MGMT_OP_REMOVE_DEVICE,
5760 MGMT_STATUS_INVALID_PARAMS,
5761 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5762 goto unlock;
5763 }
5764
679d2b6f
JH		 5765 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5766 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5767 err = mgmt_cmd_complete(sk, hdev->id,
5768 MGMT_OP_REMOVE_DEVICE,
5769 MGMT_STATUS_INVALID_PARAMS,
5770 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5771 goto unlock;
5772 }
5773
d1dbf12e 5774 list_del(&params->action);
c71593dd
JH		 5775 list_del(&params->list);
5776 kfree(params);
51d7a94d 5777 hci_update_background_scan(hdev);
8afef092
MH		 5778
5779 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5780 } else {
19de0825 5781 struct hci_conn_params *p, *tmp;
6659358e 5782 struct bdaddr_list *b, *btmp;
19de0825 5783
2faade53 5784 if (cp->addr.type) {
51d7a94d
JH		 5785 err = mgmt_cmd_complete(sk, hdev->id,
5786 MGMT_OP_REMOVE_DEVICE,
5787 MGMT_STATUS_INVALID_PARAMS,
5788 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5789 goto unlock;
5790 }
5791
6659358e
JH		 5792 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5793 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5794 list_del(&b->list);
5795 kfree(b);
5796 }
5797
01b1cb87 5798 hci_req_update_scan(hdev);
a397407f 5799
19de0825
JH		 5800 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5801 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5802 continue;
5803 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5804 if (p->explicit_connect) {
5805 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5806 continue;
5807 }
19de0825
JH		 5808 list_del(&p->action);
5809 list_del(&p->list);
5810 kfree(p);
5811 }
5812
5813 BT_DBG("All LE connection parameters were removed");
5814
51d7a94d 5815 hci_update_background_scan(hdev);
2faade53
MH		 5816 }
5817
6659358e 5818complete:
51d7a94d
JH		 5819 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5820 MGMT_STATUS_SUCCESS, &cp->addr,
5821 sizeof(cp->addr));
2faade53
MH		 5822unlock:
5823 hci_dev_unlock(hdev);
5824 return err;
5825}
5826
a26f3dcf
JH		 5827static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5828 u16 len)
5829{
5830 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5831 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5832 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5833 u16 param_count, expected_len;
5834 int i;
5835
5836 if (!lmp_le_capable(hdev))
a69e8375
JH		 5837 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5838 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5839
5840 param_count = __le16_to_cpu(cp->param_count);
ba1d6936 5841 if (param_count > max_param_count) {
2064ee33
MH		 5842 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5843 param_count);
a69e8375
JH		 5844 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5845 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5846 }
a26f3dcf 5847
5bec1fb8 5848 expected_len = struct_size(cp, params, param_count);
a26f3dcf 5849 if (expected_len != len) {
2064ee33
MH		 5850 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5851 expected_len, len);
a69e8375
JH		 5852 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5853 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5854 }
5855
5856 BT_DBG("%s param_count %u", hdev->name, param_count);
5857
5858 hci_dev_lock(hdev);
5859
5860 hci_conn_params_clear_disabled(hdev);
5861
5862 for (i = 0; i < param_count; i++) {
5863 struct mgmt_conn_param *param = &cp->params[i];
5864 struct hci_conn_params *hci_param;
5865 u16 min, max, latency, timeout;
5866 u8 addr_type;
5867
5868 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5869 param->addr.type);
5870
5871 if (param->addr.type == BDADDR_LE_PUBLIC) {
5872 addr_type = ADDR_LE_DEV_PUBLIC;
5873 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5874 addr_type = ADDR_LE_DEV_RANDOM;
5875 } else {
2064ee33 5876 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 5877 continue;
5878 }
5879
5880 min = le16_to_cpu(param->min_interval);
5881 max = le16_to_cpu(param->max_interval);
5882 latency = le16_to_cpu(param->latency);
5883 timeout = le16_to_cpu(param->timeout);
5884
5885 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5886 min, max, latency, timeout);
5887
5888 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
2064ee33 5889 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 5890 continue;
5891 }
5892
5893 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5894 addr_type);
5895 if (!hci_param) {
2064ee33 5896 bt_dev_err(hdev, "failed to add connection parameters");
a26f3dcf
JH		 5897 continue;
5898 }
5899
5900 hci_param->conn_min_interval = min;
5901 hci_param->conn_max_interval = max;
5902 hci_param->conn_latency = latency;
5903 hci_param->supervision_timeout = timeout;
5904 }
5905
5906 hci_dev_unlock(hdev);
5907
2a1afb5a
JH		 5908 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5909 NULL, 0);
a26f3dcf
JH		 5910}
5911
dbece37a
MH		 5912static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5913 void *data, u16 len)
5914{
5915 struct mgmt_cp_set_external_config *cp = data;
5916 bool changed;
5917 int err;
5918
5919 BT_DBG("%s", hdev->name);
5920
5921 if (hdev_is_powered(hdev))
a69e8375
JH		 5922 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5923 MGMT_STATUS_REJECTED);
dbece37a
MH		 5924
5925 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5926 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5927 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5928
5929 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5930 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5931 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5932
5933 hci_dev_lock(hdev);
5934
5935 if (cp->config)
238be788 5936 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5937 else
a69d8927 5938 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5939
5940 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5941 if (err < 0)
5942 goto unlock;
5943
5944 if (!changed)
5945 goto unlock;
5946
f4537c04
MH		 5947 err = new_options(hdev, sk);
5948
d7a5a11d 5949 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5950 mgmt_index_removed(hdev);
d603b76b 5951
516018a9 5952 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5953 hci_dev_set_flag(hdev, HCI_CONFIG);
5954 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5955
5956 queue_work(hdev->req_workqueue, &hdev->power_on);
5957 } else {
5ea234d3 5958 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5959 mgmt_index_added(hdev);
5960 }
dbece37a
MH		 5961 }
5962
5963unlock:
5964 hci_dev_unlock(hdev);
5965 return err;
5966}
5967
9713c17b
MH		 5968static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5969 void *data, u16 len)
5970{
5971 struct mgmt_cp_set_public_address *cp = data;
5972 bool changed;
5973 int err;
5974
5975 BT_DBG("%s", hdev->name);
5976
5977 if (hdev_is_powered(hdev))
a69e8375
JH		 5978 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5979 MGMT_STATUS_REJECTED);
9713c17b
MH		 5980
5981 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5982 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5983 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5984
5985 if (!hdev->set_bdaddr)
a69e8375
JH		 5986 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5987 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5988
5989 hci_dev_lock(hdev);
5990
5991 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5992 bacpy(&hdev->public_addr, &cp->bdaddr);
5993
5994 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5995 if (err < 0)
5996 goto unlock;
5997
5998 if (!changed)
5999 goto unlock;
6000
d7a5a11d 6001 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6002 err = new_options(hdev, sk);
6003
6004 if (is_configured(hdev)) {
6005 mgmt_index_removed(hdev);
6006
a358dc11 6007 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6008
a1536da2
MH		 6009 hci_dev_set_flag(hdev, HCI_CONFIG);
6010 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6011
6012 queue_work(hdev->req_workqueue, &hdev->power_on);
6013 }
6014
6015unlock:
6016 hci_dev_unlock(hdev);
6017 return err;
6018}
6019
40f66c05
JH		 6020static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6021 u16 opcode, struct sk_buff *skb)
6022{
6023 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6024 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6025 u8 *h192, *r192, *h256, *r256;
6026 struct mgmt_pending_cmd *cmd;
6027 u16 eir_len;
6028 int err;
6029
6030 BT_DBG("%s status %u", hdev->name, status);
6031
6032 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6033 if (!cmd)
6034 return;
6035
6036 mgmt_cp = cmd->param;
6037
6038 if (status) {
6039 status = mgmt_status(status);
6040 eir_len = 0;
6041
6042 h192 = NULL;
6043 r192 = NULL;
6044 h256 = NULL;
6045 r256 = NULL;
6046 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6047 struct hci_rp_read_local_oob_data *rp;
6048
6049 if (skb->len != sizeof(*rp)) {
6050 status = MGMT_STATUS_FAILED;
6051 eir_len = 0;
6052 } else {
6053 status = MGMT_STATUS_SUCCESS;
6054 rp = (void *)skb->data;
6055
6056 eir_len = 5 + 18 + 18;
6057 h192 = rp->hash;
6058 r192 = rp->rand;
6059 h256 = NULL;
6060 r256 = NULL;
6061 }
6062 } else {
6063 struct hci_rp_read_local_oob_ext_data *rp;
6064
6065 if (skb->len != sizeof(*rp)) {
6066 status = MGMT_STATUS_FAILED;
6067 eir_len = 0;
6068 } else {
6069 status = MGMT_STATUS_SUCCESS;
6070 rp = (void *)skb->data;
6071
6072 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6073 eir_len = 5 + 18 + 18;
6074 h192 = NULL;
6075 r192 = NULL;
6076 } else {
6077 eir_len = 5 + 18 + 18 + 18 + 18;
6078 h192 = rp->hash192;
6079 r192 = rp->rand192;
6080 }
6081
6082 h256 = rp->hash256;
6083 r256 = rp->rand256;
6084 }
6085 }
6086
6087 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6088 if (!mgmt_rp)
6089 goto done;
6090
6091 if (status)
6092 goto send_rsp;
6093
6094 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6095 hdev->dev_class, 3);
6096
6097 if (h192 && r192) {
6098 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6099 EIR_SSP_HASH_C192, h192, 16);
6100 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6101 EIR_SSP_RAND_R192, r192, 16);
6102 }
6103
6104 if (h256 && r256) {
6105 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6106 EIR_SSP_HASH_C256, h256, 16);
6107 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6108 EIR_SSP_RAND_R256, r256, 16);
6109 }
6110
6111send_rsp:
6112 mgmt_rp->type = mgmt_cp->type;
6113 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6114
6115 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6116 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6117 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6118 if (err < 0 || status)
6119 goto done;
6120
6121 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6122
6123 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6124 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6125 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6126done:
6127 kfree(mgmt_rp);
6128 mgmt_pending_remove(cmd);
6129}
6130
6131static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6132 struct mgmt_cp_read_local_oob_ext_data *cp)
6133{
6134 struct mgmt_pending_cmd *cmd;
6135 struct hci_request req;
6136 int err;
6137
6138 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6139 cp, sizeof(*cp));
6140 if (!cmd)
6141 return -ENOMEM;
6142
6143 hci_req_init(&req, hdev);
6144
6145 if (bredr_sc_enabled(hdev))
6146 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6147 else
6148 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6149
6150 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6151 if (err < 0) {
6152 mgmt_pending_remove(cmd);
6153 return err;
6154 }
6155
6156 return 0;
6157}
6158
4f0f155c
MH		 6159static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6160 void *data, u16 data_len)
6161{
6162 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6163 struct mgmt_rp_read_local_oob_ext_data *rp;
6164 size_t rp_len;
6165 u16 eir_len;
0821a2c5 6166 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6167 int err;
6168
6169 BT_DBG("%s", hdev->name);
6170
57b0d3e8
MH		 6171 if (hdev_is_powered(hdev)) {
6172 switch (cp->type) {
6173 case BIT(BDADDR_BREDR):
6174 status = mgmt_bredr_support(hdev);
6175 if (status)
6176 eir_len = 0;
6177 else
6178 eir_len = 5;
6179 break;
6180 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6181 status = mgmt_le_support(hdev);
6182 if (status)
6183 eir_len = 0;
6184 else
6185 eir_len = 9 + 3 + 18 + 18 + 3;
6186 break;
6187 default:
6188 status = MGMT_STATUS_INVALID_PARAMS;
6189 eir_len = 0;
6190 break;
6191 }
6192 } else {
6193 status = MGMT_STATUS_NOT_POWERED;
6194 eir_len = 0;
4f0f155c
MH		 6195 }
6196
4f0f155c
MH		 6197 rp_len = sizeof(*rp) + eir_len;
6198 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 6199 if (!rp)
4f0f155c 6200 return -ENOMEM;
efcd8c98 6201
57b0d3e8
MH		 6202 if (status)
6203 goto complete;
6204
efcd8c98 6205 hci_dev_lock(hdev);
4f0f155c
MH		 6206
6207 eir_len = 0;
6208 switch (cp->type) {
6209 case BIT(BDADDR_BREDR):
40f66c05
JH		 6210 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6211 err = read_local_ssp_oob_req(hdev, sk, cp);
6212 hci_dev_unlock(hdev);
6213 if (!err)
6214 goto done;
6215
6216 status = MGMT_STATUS_FAILED;
6217 goto complete;
6218 } else {
6219 eir_len = eir_append_data(rp->eir, eir_len,
6220 EIR_CLASS_OF_DEV,
6221 hdev->dev_class, 3);
6222 }
4f0f155c
MH		 6223 break;
6224 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6225 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6226 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 6227 hci_dev_unlock(hdev);
57b0d3e8
MH		 6228 status = MGMT_STATUS_FAILED;
6229 goto complete;
0821a2c5
MH		 6230 }
6231
e213568a
MH		 6232 /* This should return the active RPA, but since the RPA
6233 * is only programmed on demand, it is really hard to fill
6234 * this in at the moment. For now disallow retrieving
6235 * local out-of-band data when privacy is in use.
6236 *
6237 * Returning the identity address will not help here since
6238 * pairing happens before the identity resolving key is
6239 * known and thus the connection establishment happens
6240 * based on the RPA and not the identity address.
6241 */
4f0f155c 6242 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 6243 hci_dev_unlock(hdev);
6244 status = MGMT_STATUS_REJECTED;
6245 goto complete;
6246 }
6247
6248 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6249 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6250 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6251 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 6252 memcpy(addr, &hdev->static_addr, 6);
6253 addr[6] = 0x01;
6254 } else {
6255 memcpy(addr, &hdev->bdaddr, 6);
6256 addr[6] = 0x00;
6257 }
6258
6259 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6260 addr, sizeof(addr));
6261
6262 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6263 role = 0x02;
6264 else
6265 role = 0x01;
6266
6267 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6268 &role, sizeof(role));
6269
5082a599
MH		 6270 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6271 eir_len = eir_append_data(rp->eir, eir_len,
6272 EIR_LE_SC_CONFIRM,
6273 hash, sizeof(hash));
0821a2c5 6274
5082a599
MH		 6275 eir_len = eir_append_data(rp->eir, eir_len,
6276 EIR_LE_SC_RANDOM,
6277 rand, sizeof(rand));
6278 }
0821a2c5 6279
f2252570 6280 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 6281
6282 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6283 flags |= LE_AD_NO_BREDR;
6284
6285 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6286 &flags, sizeof(flags));
6287 break;
6288 }
6289
4f0f155c
MH		 6290 hci_dev_unlock(hdev);
6291
72000df2
MH		 6292 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6293
57b0d3e8
MH		 6294 status = MGMT_STATUS_SUCCESS;
6295
6296complete:
efcd8c98
MH		 6297 rp->type = cp->type;
6298 rp->eir_len = cpu_to_le16(eir_len);
6299
4f0f155c 6300 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6301 status, rp, sizeof(*rp) + eir_len);
6302 if (err < 0 || status)
72000df2
MH		 6303 goto done;
6304
6305 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6306 rp, sizeof(*rp) + eir_len,
6307 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6308
0821a2c5 6309done:
4f0f155c
MH		 6310 kfree(rp);
6311
6312 return err;
6313}
6314
089fa8c0
AU		 6315static u32 get_supported_adv_flags(struct hci_dev *hdev)
6316{
6317 u32 flags = 0;
6318
6319 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6320 flags |= MGMT_ADV_FLAG_DISCOV;
6321 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6322 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
c4960ecf 6323 flags |= MGMT_ADV_FLAG_APPEARANCE;
7c295c48 6324 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
089fa8c0 6325
de181e88
JK		 6326 /* In extended adv TX_POWER returned from Set Adv Param
6327 * will be always valid.
6328 */
6329 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6330 ext_adv_capable(hdev))
089fa8c0
AU		 6331 flags |= MGMT_ADV_FLAG_TX_POWER;
6332
85a721a8
JK		 6333 if (ext_adv_capable(hdev)) {
6334 flags |= MGMT_ADV_FLAG_SEC_1M;
6335
6336 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6337 flags |= MGMT_ADV_FLAG_SEC_2M;
6338
6339 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6340 flags |= MGMT_ADV_FLAG_SEC_CODED;
6341 }
6342
089fa8c0
AU		 6343 return flags;
6344}
6345
d3d5305b
MH		 6346static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6347 void *data, u16 data_len)
6348{
6349 struct mgmt_rp_read_adv_features *rp;
6350 size_t rp_len;
02c04afe 6351 int err;
286e0c83 6352 struct adv_info *adv_instance;
089fa8c0 6353 u32 supported_flags;
02c04afe 6354 u8 *instance;
d3d5305b
MH		 6355
6356 BT_DBG("%s", hdev->name);
6357
089fa8c0
AU		 6358 if (!lmp_le_capable(hdev))
6359 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6360 MGMT_STATUS_REJECTED);
6361
d3d5305b
MH		 6362 hci_dev_lock(hdev);
6363
02c04afe 6364 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 6365 rp = kmalloc(rp_len, GFP_ATOMIC);
6366 if (!rp) {
6367 hci_dev_unlock(hdev);
6368 return -ENOMEM;
6369 }
6370
089fa8c0
AU		 6371 supported_flags = get_supported_adv_flags(hdev);
6372
6373 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6374 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6375 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6376 rp->max_instances = HCI_MAX_ADV_INSTANCES;
02c04afe 6377 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 6378
02c04afe
JH		 6379 instance = rp->instance;
6380 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6381 *instance = adv_instance->instance;
6382 instance++;
24b4f38f 6383 }
d3d5305b
MH		 6384
6385 hci_dev_unlock(hdev);
6386
6387 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6388 MGMT_STATUS_SUCCESS, rp, rp_len);
6389
6390 kfree(rp);
6391
6392 return err;
6393}
6394
f61851f6
MN		 6395static u8 calculate_name_len(struct hci_dev *hdev)
6396{
6397 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6398
6399 return append_local_name(hdev, buf, 0);
6400}
6401
6402static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6403 bool is_adv_data)
24b4f38f 6404{
4117ed70 6405 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6406
31a3248d
MH		 6407 if (is_adv_data) {
6408 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6409 MGMT_ADV_FLAG_LIMITED_DISCOV |
2bb36870 6410 MGMT_ADV_FLAG_MANAGED_FLAGS))
31a3248d 6411 max_len -= 3;
24b4f38f 6412
2bb36870 6413 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
31a3248d 6414 max_len -= 3;
7c295c48 6415 } else {
7c295c48 6416 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
f61851f6 6417 max_len -= calculate_name_len(hdev);
c4960ecf 6418
2bb36870 6419 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
c4960ecf 6420 max_len -= 4;
5507e358
AU		 6421 }
6422
2bb36870
SJ		 6423 return max_len;
6424}
6425
6426static bool flags_managed(u32 adv_flags)
6427{
6428 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6429 MGMT_ADV_FLAG_LIMITED_DISCOV |
6430 MGMT_ADV_FLAG_MANAGED_FLAGS);
6431}
6432
6433static bool tx_power_managed(u32 adv_flags)
6434{
6435 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6436}
6437
6438static bool name_managed(u32 adv_flags)
6439{
6440 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6441}
6442
6443static bool appearance_managed(u32 adv_flags)
6444{
6445 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6446}
6447
f61851f6
MN		 6448static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6449 u8 len, bool is_adv_data)
2bb36870
SJ		 6450{
6451 int i, cur_len;
6452 u8 max_len;
6453
f61851f6 6454 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
2bb36870 6455
4117ed70 6456 if (len > max_len)
24b4f38f
AU		 6457 return false;
6458
4117ed70
AU		 6459 /* Make sure that the data is correctly formatted. */
6460 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6461 cur_len = data[i];
24b4f38f 6462
9c9db78d
SJ		 6463 if (data[i + 1] == EIR_FLAGS &&
6464 (!is_adv_data || flags_managed(adv_flags)))
2bb36870
SJ		 6465 return false;
6466
6467 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6468 return false;
6469
6470 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6471 return false;
6472
6473 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
b44133ff
AU		 6474 return false;
6475
2bb36870
SJ		 6476 if (data[i + 1] == EIR_APPEARANCE &&
6477 appearance_managed(adv_flags))
5507e358
AU		 6478 return false;
6479
24b4f38f
AU		 6480 /* If the current field length would exceed the total data
6481 * length, then it's invalid.
6482 */
4117ed70 6483 if (i + cur_len >= len)
24b4f38f
AU		 6484 return false;
6485 }
6486
6487 return true;
6488}
6489
24b4f38f
AU		 6490static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6491 u16 opcode)
6492{
6493 struct mgmt_pending_cmd *cmd;
fffd38bc 6494 struct mgmt_cp_add_advertising *cp;
24b4f38f 6495 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6496 struct adv_info *adv_instance, *n;
6497 u8 instance;
24b4f38f
AU		 6498
6499 BT_DBG("status %d", status);
6500
6501 hci_dev_lock(hdev);
6502
6503 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6504
fffd38bc
FG		 6505 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6506 if (!adv_instance->pending)
6507 continue;
6508
6509 if (!status) {
6510 adv_instance->pending = false;
6511 continue;
6512 }
6513
6514 instance = adv_instance->instance;
6515
6516 if (hdev->cur_adv_instance == instance)
6517 cancel_adv_timeout(hdev);
6518
6519 hci_remove_adv_instance(hdev, instance);
f2252570 6520 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6521 }
6522
6523 if (!cmd)
6524 goto unlock;
6525
fffd38bc
FG		 6526 cp = cmd->param;
6527 rp.instance = cp->instance;
24b4f38f
AU		 6528
6529 if (status)
6530 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6531 mgmt_status(status));
6532 else
6533 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6534 mgmt_status(status), &rp, sizeof(rp));
6535
6536 mgmt_pending_remove(cmd);
6537
6538unlock:
6539 hci_dev_unlock(hdev);
6540}
6541
6542static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6543 void *data, u16 data_len)
6544{
6545 struct mgmt_cp_add_advertising *cp = data;
6546 struct mgmt_rp_add_advertising rp;
6547 u32 flags;
85a721a8 6548 u32 supported_flags, phy_flags;
24b4f38f 6549 u8 status;
fffd38bc
FG		 6550 u16 timeout, duration;
6551 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6552 u8 schedule_instance = 0;
6553 struct adv_info *next_instance;
24b4f38f
AU		 6554 int err;
6555 struct mgmt_pending_cmd *cmd;
6556 struct hci_request req;
6557
6558 BT_DBG("%s", hdev->name);
6559
6560 status = mgmt_le_support(hdev);
6561 if (status)
6562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6563 status);
6564
ceff86af 6565 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6a0e7807
JH		 6566 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6567 MGMT_STATUS_INVALID_PARAMS);
6568
6569 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 6570 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6571 MGMT_STATUS_INVALID_PARAMS);
6572
24b4f38f 6573 flags = __le32_to_cpu(cp->flags);
912098a6 6574 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6575 duration = __le16_to_cpu(cp->duration);
24b4f38f 6576
fffd38bc 6577 /* The current implementation only supports a subset of the specified
85a721a8 6578 * flags. Also need to check mutual exclusiveness of sec flags.
089fa8c0
AU		 6579 */
6580 supported_flags = get_supported_adv_flags(hdev);
85a721a8
JK		 6581 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6582 if (flags & ~supported_flags ||
6583 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
24b4f38f
AU		 6584 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6585 MGMT_STATUS_INVALID_PARAMS);
6586
6587 hci_dev_lock(hdev);
6588
912098a6
AU		 6589 if (timeout && !hdev_is_powered(hdev)) {
6590 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6591 MGMT_STATUS_REJECTED);
6592 goto unlock;
6593 }
6594
24b4f38f 6595 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6596 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6597 pending_find(MGMT_OP_SET_LE, hdev)) {
6598 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6599 MGMT_STATUS_BUSY);
6600 goto unlock;
6601 }
6602
f61851f6
MN		 6603 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6604 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6605 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6606 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6607 MGMT_STATUS_INVALID_PARAMS);
6608 goto unlock;
6609 }
6610
fffd38bc
FG		 6611 err = hci_add_adv_instance(hdev, cp->instance, flags,
6612 cp->adv_data_len, cp->data,
6613 cp->scan_rsp_len,
6614 cp->data + cp->adv_data_len,
6615 timeout, duration);
6616 if (err < 0) {
6617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6618 MGMT_STATUS_FAILED);
6619 goto unlock;
6620 }
24b4f38f 6621
fffd38bc
FG		 6622 /* Only trigger an advertising added event if a new instance was
6623 * actually added.
6624 */
6625 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6626 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6627
fffd38bc
FG		 6628 if (hdev->cur_adv_instance == cp->instance) {
6629 /* If the currently advertised instance is being changed then
6630 * cancel the current advertising and schedule the next
6631 * instance. If there is only one instance then the overridden
6632 * advertising data will be visible right away.
6633 */
6634 cancel_adv_timeout(hdev);
912098a6 6635
fffd38bc
FG		 6636 next_instance = hci_get_next_instance(hdev, cp->instance);
6637 if (next_instance)
6638 schedule_instance = next_instance->instance;
6639 } else if (!hdev->adv_instance_timeout) {
6640 /* Immediately advertise the new instance if no other
6641 * instance is currently being advertised.
6642 */
6643 schedule_instance = cp->instance;
6644 }
24b4f38f 6645
fffd38bc
FG		 6646 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6647 * there is no instance to be advertised then we have no HCI
6648 * communication to make. Simply return.
24b4f38f
AU		 6649 */
6650 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6651 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6652 !schedule_instance) {
6653 rp.instance = cp->instance;
24b4f38f
AU		 6654 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6655 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6656 goto unlock;
6657 }
6658
6659 /* We're good to go, update advertising data, parameters, and start
6660 * advertising.
6661 */
6662 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6663 data_len);
6664 if (!cmd) {
6665 err = -ENOMEM;
6666 goto unlock;
6667 }
6668
6669 hci_req_init(&req, hdev);
6670
f2252570 6671 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6672
6673 if (!err)
6674 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6675
24b4f38f
AU		 6676 if (err < 0)
6677 mgmt_pending_remove(cmd);
6678
6679unlock:
6680 hci_dev_unlock(hdev);
6681
6682 return err;
6683}
6684
da929335
AU		 6685static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6686 u16 opcode)
6687{
6688 struct mgmt_pending_cmd *cmd;
01948331 6689 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6690 struct mgmt_rp_remove_advertising rp;
6691
6692 BT_DBG("status %d", status);
6693
6694 hci_dev_lock(hdev);
6695
6696 /* A failure status here only means that we failed to disable
6697 * advertising. Otherwise, the advertising instance has been removed,
6698 * so report success.
6699 */
6700 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6701 if (!cmd)
6702 goto unlock;
6703
01948331
FG		 6704 cp = cmd->param;
6705 rp.instance = cp->instance;
da929335
AU		 6706
6707 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6708 &rp, sizeof(rp));
6709 mgmt_pending_remove(cmd);
6710
6711unlock:
6712 hci_dev_unlock(hdev);
6713}
6714
6715static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6716 void *data, u16 data_len)
6717{
6718 struct mgmt_cp_remove_advertising *cp = data;
6719 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6720 struct mgmt_pending_cmd *cmd;
6721 struct hci_request req;
952497b1 6722 int err;
da929335
AU		 6723
6724 BT_DBG("%s", hdev->name);
6725
da929335
AU		 6726 hci_dev_lock(hdev);
6727
952497b1 6728 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6729 err = mgmt_cmd_status(sk, hdev->id,
6730 MGMT_OP_REMOVE_ADVERTISING,
6731 MGMT_STATUS_INVALID_PARAMS);
6732 goto unlock;
6733 }
6734
da929335
AU		 6735 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6736 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6737 pending_find(MGMT_OP_SET_LE, hdev)) {
6738 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6739 MGMT_STATUS_BUSY);
6740 goto unlock;
6741 }
6742
17fd08ff 6743 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 6744 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6745 MGMT_STATUS_INVALID_PARAMS);
6746 goto unlock;
6747 }
6748
01948331 6749 hci_req_init(&req, hdev);
da929335 6750
37d3a1fa 6751 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
da929335 6752
01948331 6753 if (list_empty(&hdev->adv_instances))
f2252570 6754 __hci_req_disable_advertising(&req);
da929335 6755
01948331
FG		 6756 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6757 * flag is set or the device isn't powered then we have no HCI
6758 * communication to make. Simply return.
da929335 6759 */
01948331
FG		 6760 if (skb_queue_empty(&req.cmd_q) ||
6761 !hdev_is_powered(hdev) ||
da929335 6762 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
f17d858e 6763 hci_req_purge(&req);
01948331 6764 rp.instance = cp->instance;
da929335
AU		 6765 err = mgmt_cmd_complete(sk, hdev->id,
6766 MGMT_OP_REMOVE_ADVERTISING,
6767 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6768 goto unlock;
6769 }
6770
6771 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6772 data_len);
6773 if (!cmd) {
6774 err = -ENOMEM;
6775 goto unlock;
6776 }
6777
da929335
AU		 6778 err = hci_req_run(&req, remove_advertising_complete);
6779 if (err < 0)
6780 mgmt_pending_remove(cmd);
6781
6782unlock:
6783 hci_dev_unlock(hdev);
6784
6785 return err;
6786}
6787
40b25fe5
MH		 6788static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6789 void *data, u16 data_len)
6790{
6791 struct mgmt_cp_get_adv_size_info *cp = data;
6792 struct mgmt_rp_get_adv_size_info rp;
6793 u32 flags, supported_flags;
6794 int err;
6795
6796 BT_DBG("%s", hdev->name);
6797
6798 if (!lmp_le_capable(hdev))
6799 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6800 MGMT_STATUS_REJECTED);
6801
6802 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6803 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6804 MGMT_STATUS_INVALID_PARAMS);
6805
6806 flags = __le32_to_cpu(cp->flags);
6807
6808 /* The current implementation only supports a subset of the specified
6809 * flags.
6810 */
6811 supported_flags = get_supported_adv_flags(hdev);
6812 if (flags & ~supported_flags)
6813 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6814 MGMT_STATUS_INVALID_PARAMS);
6815
6816 rp.instance = cp->instance;
6817 rp.flags = cp->flags;
f61851f6
MN		 6818 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6819 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
40b25fe5
MH		 6820
6821 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6822 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6823
6824 return err;
6825}
6826
6d785aa3 6827static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6828 { NULL }, /* 0x0000 (no command) */
b9a245fb 6829 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6830 HCI_MGMT_NO_HDEV |
6831 HCI_MGMT_UNTRUSTED },
b9a245fb 6832 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6833 HCI_MGMT_NO_HDEV |
6834 HCI_MGMT_UNTRUSTED },
b9a245fb 6835 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6836 HCI_MGMT_NO_HDEV |
6837 HCI_MGMT_UNTRUSTED },
6838 { read_controller_info, MGMT_READ_INFO_SIZE,
6839 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6840 { set_powered, MGMT_SETTING_SIZE },
6841 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6842 { set_connectable, MGMT_SETTING_SIZE },
6843 { set_fast_connectable, MGMT_SETTING_SIZE },
6844 { set_bondable, MGMT_SETTING_SIZE },
6845 { set_link_security, MGMT_SETTING_SIZE },
6846 { set_ssp, MGMT_SETTING_SIZE },
6847 { set_hs, MGMT_SETTING_SIZE },
6848 { set_le, MGMT_SETTING_SIZE },
6849 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6850 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6851 { add_uuid, MGMT_ADD_UUID_SIZE },
6852 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6853 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6854 HCI_MGMT_VAR_LEN },
6855 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6856 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6857 { disconnect, MGMT_DISCONNECT_SIZE },
6858 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6859 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6860 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6861 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6862 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6863 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6864 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6865 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6866 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6867 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6868 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6869 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6870 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6871 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6872 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6873 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6874 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6875 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6876 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6877 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6878 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6879 { set_advertising, MGMT_SETTING_SIZE },
6880 { set_bredr, MGMT_SETTING_SIZE },
6881 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6882 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6883 { set_secure_conn, MGMT_SETTING_SIZE },
6884 { set_debug_keys, MGMT_SETTING_SIZE },
6885 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6886 { load_irks, MGMT_LOAD_IRKS_SIZE,
6887 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6888 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6889 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6890 { add_device, MGMT_ADD_DEVICE_SIZE },
6891 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6892 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6893 HCI_MGMT_VAR_LEN },
6894 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6895 HCI_MGMT_NO_HDEV |
6896 HCI_MGMT_UNTRUSTED },
b9a245fb 6897 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6898 HCI_MGMT_UNCONFIGURED |
6899 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6900 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6901 HCI_MGMT_UNCONFIGURED },
6902 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6903 HCI_MGMT_UNCONFIGURED },
6904 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6905 HCI_MGMT_VAR_LEN },
4f0f155c 6906 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6907 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6908 HCI_MGMT_NO_HDEV |
6909 HCI_MGMT_UNTRUSTED },
d3d5305b 6910 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6911 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6912 HCI_MGMT_VAR_LEN },
da929335 6913 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6914 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 6915 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 6916 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6917 HCI_MGMT_UNTRUSTED },
c4960ecf 6918 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6244691f 6919 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
0314f286 6920 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
0f4e68cf
JH		 6921};
6922
bf6b56db 6923void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6924{
ced85549 6925 struct mgmt_ev_ext_index ev;
bb4b2a9a 6926
0602a8ad
MH		 6927 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6928 return;
6929
f9207338 6930 switch (hdev->dev_type) {
ca8bee5d 6931 case HCI_PRIMARY:
f9207338
MH		 6932 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6933 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6934 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6935 ev.type = 0x01;
f9207338
MH		 6936 } else {
6937 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6938 HCI_MGMT_INDEX_EVENTS);
ced85549 6939 ev.type = 0x00;
f9207338
MH		 6940 }
6941 break;
ced85549
MH		 6942 case HCI_AMP:
6943 ev.type = 0x02;
6944 break;
6945 default:
6946 return;
f9207338 6947 }
ced85549
MH		 6948
6949 ev.bus = hdev->bus;
6950
6951 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6952 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6953}
6954
bf6b56db 6955void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6956{
ced85549 6957 struct mgmt_ev_ext_index ev;
5f159032 6958 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6959
0602a8ad
MH		 6960 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6961 return;
6962
f9207338 6963 switch (hdev->dev_type) {
ca8bee5d 6964 case HCI_PRIMARY:
f9207338 6965 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6966
f9207338
MH		 6967 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6968 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6969 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6970 ev.type = 0x01;
f9207338
MH		 6971 } else {
6972 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6973 HCI_MGMT_INDEX_EVENTS);
ced85549 6974 ev.type = 0x00;
f9207338
MH		 6975 }
6976 break;
ced85549
MH		 6977 case HCI_AMP:
6978 ev.type = 0x02;
6979 break;
6980 default:
6981 return;
f9207338 6982 }
ced85549
MH		 6983
6984 ev.bus = hdev->bus;
6985
6986 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6987 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6988}
6989
6046dc3e 6990/* This function requires the caller holds hdev->lock */
af02dd44 6991static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6992{
6993 struct hci_conn_params *p;
6994
6995 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6996 /* Needed for AUTO_OFF case where might not "really"
6997 * have been powered off.
6998 */
6999 list_del_init(&p->action);
7000
7001 switch (p->auto_connect) {
4b9e7e75 7002 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7003 case HCI_AUTO_CONN_ALWAYS:
7004 list_add(&p->action, &hdev->pend_le_conns);
7005 break;
7006 case HCI_AUTO_CONN_REPORT:
7007 list_add(&p->action, &hdev->pend_le_reports);
7008 break;
7009 default:
7010 break;
c83ed19d 7011 }
6046dc3e
AG		 7012 }
7013}
7014
2ff13894 7015void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 7016{
7017 struct cmd_lookup match = { NULL, hdev };
7018
2ff13894 7019 BT_DBG("err %d", err);
229ab39c 7020
2ff13894
JH		 7021 hci_dev_lock(hdev);
7022
7023 if (!err) {
af02dd44
JH		 7024 restart_le_actions(hdev);
7025 hci_update_background_scan(hdev);
162a3bac
MH		 7026 }
7027
229ab39c
JH		 7028 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7029
7030 new_settings(hdev, match.sk);
7031
229ab39c
JH		 7032 if (match.sk)
7033 sock_put(match.sk);
229ab39c 7034
2ff13894 7035 hci_dev_unlock(hdev);
70da6243 7036}
562fcc24 7037
2ff13894 7038void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 7039{
7040 struct cmd_lookup match = { NULL, hdev };
9845904f 7041 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 7042
229ab39c 7043 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7044
7045 /* If the power off is because of hdev unregistration let
7046 * use the appropriate INVALID_INDEX status. Otherwise use
7047 * NOT_POWERED. We cover both scenarios here since later in
7048 * mgmt_index_removed() any hci_conn callbacks will have already
7049 * been triggered, potentially causing misleading DISCONNECTED
7050 * status responses.
7051 */
d7a5a11d 7052 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7053 status = MGMT_STATUS_INVALID_INDEX;
7054 else
7055 status = MGMT_STATUS_NOT_POWERED;
7056
7057 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 7058
321c6fee 7059 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 7060 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7061 zero_cod, sizeof(zero_cod),
7062 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 7063 ext_info_changed(hdev, NULL);
7064 }
229ab39c 7065
2ff13894 7066 new_settings(hdev, match.sk);
eec8d2bc
JH		 7067
7068 if (match.sk)
7069 sock_put(match.sk);
5add6af8 7070}
73f22f62 7071
3eec705e 7072void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7073{
3b0602cd 7074 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7075 u8 status;
7076
333ae95d 7077 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7078 if (!cmd)
3eec705e 7079 return;
96570ffc
JH		 7080
7081 if (err == -ERFKILL)
7082 status = MGMT_STATUS_RFKILLED;
7083 else
7084 status = MGMT_STATUS_FAILED;
7085
a69e8375 7086 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7087
7088 mgmt_pending_remove(cmd);
96570ffc
JH		 7089}
7090
dc4a5ee2
MH		 7091void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7092 bool persistent)
55ed8ca1 7093{
86742e1e 7094 struct mgmt_ev_new_link_key ev;
55ed8ca1 7095
a492cd52 7096 memset(&ev, 0, sizeof(ev));
55ed8ca1 7097
a492cd52 7098 ev.store_hint = persistent;
d753fdc4 7099 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7100 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7101 ev.key.type = key->type;
9b3b4460 7102 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7103 ev.key.pin_len = key->pin_len;
55ed8ca1 7104
dc4a5ee2 7105 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7106}
f7520543 7107
d7b25450
JH		 7108static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7109{
23fb8de3
JH		 7110 switch (ltk->type) {
7111 case SMP_LTK:
7112 case SMP_LTK_SLAVE:
7113 if (ltk->authenticated)
7114 return MGMT_LTK_AUTHENTICATED;
7115 return MGMT_LTK_UNAUTHENTICATED;
7116 case SMP_LTK_P256:
7117 if (ltk->authenticated)
7118 return MGMT_LTK_P256_AUTH;
7119 return MGMT_LTK_P256_UNAUTH;
7120 case SMP_LTK_P256_DEBUG:
7121 return MGMT_LTK_P256_DEBUG;
7122 }
d7b25450
JH		 7123
7124 return MGMT_LTK_UNAUTHENTICATED;
7125}
7126
53ac6ab6 7127void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7128{
7129 struct mgmt_ev_new_long_term_key ev;
7130
7131 memset(&ev, 0, sizeof(ev));
7132
5192d301 7133 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7134 * without providing an identity resolving key don't require
5192d301
MH		 7135 * to store long term keys. Their addresses will change the
7136 * next time around.
7137 *
7138 * Only when a remote device provides an identity address
7139 * make sure the long term key is stored. If the remote
7140 * identity is known, the long term keys are internally
7141 * mapped to the identity address. So allow static random
7142 * and public addresses here.
7143 */
ba74b666
JH		 7144 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7145 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7146 ev.store_hint = 0x00;
7147 else
53ac6ab6 7148 ev.store_hint = persistent;
ba74b666 7149
346af67b 7150 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7151 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7152 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7153 ev.key.enc_size = key->enc_size;
7154 ev.key.ediv = key->ediv;
fe39c7b2 7155 ev.key.rand = key->rand;
346af67b 7156
2ceba539 7157 if (key->type == SMP_LTK)
346af67b
VCG		 7158 ev.key.master = 1;
7159
1fc62c52
JH		 7160 /* Make sure we copy only the significant bytes based on the
7161 * encryption key size, and set the rest of the value to zeroes.
7162 */
cb92205b 7163 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 7164 memset(ev.key.val + key->enc_size, 0,
7165 sizeof(ev.key.val) - key->enc_size);
346af67b 7166
083368f7 7167 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7168}
7169
cad20c27 7170void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 7171{
7172 struct mgmt_ev_new_irk ev;
7173
7174 memset(&ev, 0, sizeof(ev));
7175
cad20c27 7176 ev.store_hint = persistent;
bab6d1e5 7177
95fbac8a
JH		 7178 bacpy(&ev.rpa, &irk->rpa);
7179 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7180 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7181 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7182
7183 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7184}
7185
53ac6ab6
MH		 7186void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7187 bool persistent)
7ee4ea36
MH		 7188{
7189 struct mgmt_ev_new_csrk ev;
7190
7191 memset(&ev, 0, sizeof(ev));
7192
7193 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7194 * without providing an identity resolving key don't require
7ee4ea36
MH		 7195 * to store signature resolving keys. Their addresses will change
7196 * the next time around.
7197 *
7198 * Only when a remote device provides an identity address
7199 * make sure the signature resolving key is stored. So allow
7200 * static random and public addresses here.
7201 */
7202 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7203 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7204 ev.store_hint = 0x00;
7205 else
53ac6ab6 7206 ev.store_hint = persistent;
7ee4ea36
MH		 7207
7208 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7209 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7210 ev.key.type = csrk->type;
7ee4ea36
MH		 7211 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7212
7213 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7214}
7215
ffb5a827 7216void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7217 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7218 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7219{
7220 struct mgmt_ev_new_conn_param ev;
7221
c103aea6
JH		 7222 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7223 return;
7224
ffb5a827
AG		 7225 memset(&ev, 0, sizeof(ev));
7226 bacpy(&ev.addr.bdaddr, bdaddr);
7227 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7228 ev.store_hint = store_hint;
ffb5a827
AG		 7229 ev.min_interval = cpu_to_le16(min_interval);
7230 ev.max_interval = cpu_to_le16(max_interval);
7231 ev.latency = cpu_to_le16(latency);
7232 ev.timeout = cpu_to_le16(timeout);
7233
7234 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7235}
7236
48ec92fa
AA		 7237void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7238 u32 flags, u8 *name, u8 name_len)
f7520543 7239{
b644ba33
JH		 7240 char buf[512];
7241 struct mgmt_ev_device_connected *ev = (void *) buf;
7242 u16 eir_len = 0;
f7520543 7243
48ec92fa
AA		 7244 bacpy(&ev->addr.bdaddr, &conn->dst);
7245 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7246
c95f0ba7 7247 ev->flags = __cpu_to_le32(flags);
08c79b61 7248
fd45ada9
AA		 7249 /* We must ensure that the EIR Data fields are ordered and
7250 * unique. Keep it simple for now and avoid the problem by not
7251 * adding any BR/EDR data to the LE adv.
7252 */
7253 if (conn->le_adv_data_len > 0) {
7254 memcpy(&ev->eir[eir_len],
7255 conn->le_adv_data, conn->le_adv_data_len);
7256 eir_len = conn->le_adv_data_len;
7257 } else {
7258 if (name_len > 0)
7259 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7260 name, name_len);
b644ba33 7261
ddbea5cf 7262 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7263 eir_len = eir_append_data(ev->eir, eir_len,
7264 EIR_CLASS_OF_DEV,
7265 conn->dev_class, 3);
7266 }
b644ba33 7267
eb55ef07 7268 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7269
ecd90ae7
MH		 7270 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7271 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7272}
7273
3b0602cd 7274static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7275{
8962ee74 7276 struct sock **sk = data;
8962ee74 7277
f5818c22 7278 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7279
7280 *sk = cmd->sk;
7281 sock_hold(*sk);
7282
a664b5bc 7283 mgmt_pending_remove(cmd);
8962ee74
JH		 7284}
7285
3b0602cd 7286static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7287{
b1078ad0 7288 struct hci_dev *hdev = data;
124f6e35 7289 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7290
b1078ad0
JH		 7291 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7292
d8b7b1e4 7293 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7294 mgmt_pending_remove(cmd);
7295}
7296
84c61d92
JH		 7297bool mgmt_powering_down(struct hci_dev *hdev)
7298{
3b0602cd 7299 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7300 struct mgmt_mode *cp;
7301
333ae95d 7302 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7303 if (!cmd)
7304 return false;
7305
7306 cp = cmd->param;
7307 if (!cp->val)
7308 return true;
7309
7310 return false;
7311}
7312
9b80ec5e 7313void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7314 u8 link_type, u8 addr_type, u8 reason,
7315 bool mgmt_connected)
f7520543 7316{
f0d6a0ea 7317 struct mgmt_ev_device_disconnected ev;
8962ee74 7318 struct sock *sk = NULL;
8962ee74 7319
84c61d92
JH		 7320 /* The connection is still in hci_conn_hash so test for 1
7321 * instead of 0 to know if this is the last one.
7322 */
7323 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7324 cancel_delayed_work(&hdev->power_off);
7325 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7326 }
7327
12d4a3b2
JH		 7328 if (!mgmt_connected)
7329 return;
7330
57eb776f
AG		 7331 if (link_type != ACL_LINK && link_type != LE_LINK)
7332 return;
7333
744cf19e 7334 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7335
f0d6a0ea
MA		 7336 bacpy(&ev.addr.bdaddr, bdaddr);
7337 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7338 ev.reason = reason;
f7520543 7339
9b80ec5e 7340 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7341
7342 if (sk)
d97dcb66 7343 sock_put(sk);
8962ee74 7344
124f6e35 7345 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7346 hdev);
8962ee74
JH		 7347}
7348
7892924c
MH		 7349void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7350 u8 link_type, u8 addr_type, u8 status)
8962ee74 7351{
3655bba8
AG		 7352 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7353 struct mgmt_cp_disconnect *cp;
3b0602cd 7354 struct mgmt_pending_cmd *cmd;
8962ee74 7355
36a75f1b
JD		 7356 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7357 hdev);
7358
333ae95d 7359 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7360 if (!cmd)
7892924c 7361 return;
8962ee74 7362
3655bba8
AG		 7363 cp = cmd->param;
7364
7365 if (bacmp(bdaddr, &cp->addr.bdaddr))
7366 return;
7367
7368 if (cp->addr.type != bdaddr_type)
7369 return;
7370
f5818c22 7371 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7372 mgmt_pending_remove(cmd);
f7520543 7373}
17d5c04c 7374
445608d0
MH		 7375void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7376 u8 addr_type, u8 status)
17d5c04c
JH		 7377{
7378 struct mgmt_ev_connect_failed ev;
c9910d0f 7379
84c61d92
JH		 7380 /* The connection is still in hci_conn_hash so test for 1
7381 * instead of 0 to know if this is the last one.
7382 */
7383 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7384 cancel_delayed_work(&hdev->power_off);
7385 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7386 }
17d5c04c 7387
4c659c39 7388 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7389 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7390 ev.status = mgmt_status(status);
17d5c04c 7391
445608d0 7392 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7393}
980e1a53 7394
ce0e4a0d 7395void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7396{
7397 struct mgmt_ev_pin_code_request ev;
7398
d8457698 7399 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7400 ev.addr.type = BDADDR_BREDR;
a770bb5a 7401 ev.secure = secure;
980e1a53 7402
ce0e4a0d 7403 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7404}
7405
e669cf80
MH		 7406void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7407 u8 status)
980e1a53 7408{
3b0602cd 7409 struct mgmt_pending_cmd *cmd;
980e1a53 7410
333ae95d 7411 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7412 if (!cmd)
e669cf80 7413 return;
980e1a53 7414
7776d1d8 7415 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7416 mgmt_pending_remove(cmd);
980e1a53
JH		 7417}
7418
3eb38528
MH		 7419void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7420 u8 status)
980e1a53 7421{
3b0602cd 7422 struct mgmt_pending_cmd *cmd;
980e1a53 7423
333ae95d 7424 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7425 if (!cmd)
3eb38528 7426 return;
980e1a53 7427
7776d1d8 7428 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7429 mgmt_pending_remove(cmd);
980e1a53 7430}
a5c29683 7431
744cf19e 7432int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7433 u8 link_type, u8 addr_type, u32 value,
04124681 7434 u8 confirm_hint)
a5c29683
JH		 7435{
7436 struct mgmt_ev_user_confirm_request ev;
7437
744cf19e 7438 BT_DBG("%s", hdev->name);
a5c29683 7439
272d90df 7440 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7441 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7442 ev.confirm_hint = confirm_hint;
39adbffe 7443 ev.value = cpu_to_le32(value);
a5c29683 7444
744cf19e 7445 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7446 NULL);
a5c29683
JH		 7447}
7448
272d90df 7449int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7450 u8 link_type, u8 addr_type)
604086b7
BG		 7451{
7452 struct mgmt_ev_user_passkey_request ev;
7453
7454 BT_DBG("%s", hdev->name);
7455
272d90df 7456 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7457 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7458
7459 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7460 NULL);
604086b7
BG		 7461}
7462
0df4c185 7463static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7464 u8 link_type, u8 addr_type, u8 status,
7465 u8 opcode)
a5c29683 7466{
3b0602cd 7467 struct mgmt_pending_cmd *cmd;
a5c29683 7468
333ae95d 7469 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7470 if (!cmd)
7471 return -ENOENT;
7472
7776d1d8 7473 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7474 mgmt_pending_remove(cmd);
a5c29683 7475
7776d1d8 7476 return 0;
a5c29683
JH		 7477}
7478
744cf19e 7479int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7480 u8 link_type, u8 addr_type, u8 status)
a5c29683 7481{
272d90df 7482 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7483 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7484}
7485
272d90df 7486int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7487 u8 link_type, u8 addr_type, u8 status)
a5c29683 7488{
272d90df 7489 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7490 status,
7491 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7492}
2a611692 7493
604086b7 7494int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7495 u8 link_type, u8 addr_type, u8 status)
604086b7 7496{
272d90df 7497 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7498 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7499}
7500
272d90df 7501int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7502 u8 link_type, u8 addr_type, u8 status)
604086b7 7503{
272d90df 7504 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7505 status,
7506 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7507}
7508
92a25256
JH		 7509int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7510 u8 link_type, u8 addr_type, u32 passkey,
7511 u8 entered)
7512{
7513 struct mgmt_ev_passkey_notify ev;
7514
7515 BT_DBG("%s", hdev->name);
7516
7517 bacpy(&ev.addr.bdaddr, bdaddr);
7518 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7519 ev.passkey = __cpu_to_le32(passkey);
7520 ev.entered = entered;
7521
7522 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7523}
7524
e1e930f5 7525void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7526{
7527 struct mgmt_ev_auth_failed ev;
3b0602cd 7528 struct mgmt_pending_cmd *cmd;
e1e930f5 7529 u8 status = mgmt_status(hci_status);
2a611692 7530
e1e930f5
JH		 7531 bacpy(&ev.addr.bdaddr, &conn->dst);
7532 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7533 ev.status = status;
2a611692 7534
e1e930f5
JH		 7535 cmd = find_pairing(conn);
7536
7537 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7538 cmd ? cmd->sk : NULL);
7539
a511b35b
JH		 7540 if (cmd) {
7541 cmd->cmd_complete(cmd, status);
7542 mgmt_pending_remove(cmd);
7543 }
2a611692 7544}
b312b161 7545
464996ae 7546void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7547{
7548 struct cmd_lookup match = { NULL, hdev };
464996ae 7549 bool changed;
33ef95ed
JH		 7550
7551 if (status) {
7552 u8 mgmt_err = mgmt_status(status);
7553 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7554 cmd_status_rsp, &mgmt_err);
464996ae 7555 return;
33ef95ed
JH		 7556 }
7557
464996ae 7558 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7559 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7560 else
a69d8927 7561 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7562
33ef95ed 7563 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7564 &match);
33ef95ed 7565
47990ea0 7566 if (changed)
464996ae 7567 new_settings(hdev, match.sk);
33ef95ed
JH		 7568
7569 if (match.sk)
7570 sock_put(match.sk);
33ef95ed
JH		 7571}
7572
890ea898 7573static void clear_eir(struct hci_request *req)
cacaf52f 7574{
890ea898 7575 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7576 struct hci_cp_write_eir cp;
7577
976eb20e 7578 if (!lmp_ext_inq_capable(hdev))
890ea898 7579 return;
cacaf52f 7580
c80da27e
JH		 7581 memset(hdev->eir, 0, sizeof(hdev->eir));
7582
cacaf52f
JH		 7583 memset(&cp, 0, sizeof(cp));
7584
890ea898 7585 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7586}
7587
3e248560 7588void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7589{
7590 struct cmd_lookup match = { NULL, hdev };
890ea898 7591 struct hci_request req;
c0ecddc2 7592 bool changed = false;
ed2c4ee3
JH		 7593
7594 if (status) {
7595 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7596
a69d8927
MH		 7597 if (enable && hci_dev_test_and_clear_flag(hdev,
7598 HCI_SSP_ENABLED)) {
a358dc11 7599 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7600 new_settings(hdev, NULL);
9ecb3e24 7601 }
c0ecddc2 7602
04124681
GP		 7603 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7604 &mgmt_err);
3e248560 7605 return;
c0ecddc2
JH		 7606 }
7607
7608 if (enable) {
238be788 7609 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7610 } else {
a69d8927 7611 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7612 if (!changed)
a69d8927
MH		 7613 changed = hci_dev_test_and_clear_flag(hdev,
7614 HCI_HS_ENABLED);
9ecb3e24 7615 else
a358dc11 7616 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7617 }
7618
7619 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7620
c0ecddc2 7621 if (changed)
3e248560 7622 new_settings(hdev, match.sk);
ed2c4ee3 7623
5fc6ebb1 7624 if (match.sk)
ed2c4ee3
JH		 7625 sock_put(match.sk);
7626
890ea898
JH		 7627 hci_req_init(&req, hdev);
7628
d7a5a11d
MH		 7629 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7630 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7631 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7632 sizeof(enable), &enable);
b1a8917c 7633 __hci_req_update_eir(&req);
3769972b 7634 } else {
890ea898 7635 clear_eir(&req);
3769972b 7636 }
890ea898
JH		 7637
7638 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7639}
7640
3b0602cd 7641static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7642{
7643 struct cmd_lookup *match = data;
7644
90e70454
JH		 7645 if (match->sk == NULL) {
7646 match->sk = cmd->sk;
7647 sock_hold(match->sk);
7648 }
90e70454
JH		 7649}
7650
4e1b0245
MH		 7651void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7652 u8 status)
7f9a903c 7653{
90e70454 7654 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7655
92da6097
JH		 7656 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7657 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7658 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 7659
321c6fee 7660 if (!status) {
5504c3a3
MH		 7661 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7662 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 7663 ext_info_changed(hdev, NULL);
7664 }
90e70454
JH		 7665
7666 if (match.sk)
7667 sock_put(match.sk);
7f9a903c
MH		 7668}
7669
7667da34 7670void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7671{
b312b161 7672 struct mgmt_cp_set_local_name ev;
3b0602cd 7673 struct mgmt_pending_cmd *cmd;
28cc7bde 7674
13928971 7675 if (status)
7667da34 7676 return;
b312b161
JH		 7677
7678 memset(&ev, 0, sizeof(ev));
7679 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7680 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7681
333ae95d 7682 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7683 if (!cmd) {
7684 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7685
13928971
JH		 7686 /* If this is a HCI command related to powering on the
7687 * HCI dev don't send any mgmt signals.
7688 */
333ae95d 7689 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7690 return;
890ea898 7691 }
b312b161 7692
5504c3a3
MH		 7693 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7694 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 7695 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 7696}
c35938b2 7697
799ce93d
JP		 7698static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7699{
7700 int i;
7701
7702 for (i = 0; i < uuid_count; i++) {
7703 if (!memcmp(uuid, uuids[i], 16))
7704 return true;
7705 }
7706
7707 return false;
7708}
7709
b487b9ce
MH		 7710static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7711{
799ce93d
JP		 7712 u16 parsed = 0;
7713
7714 while (parsed < eir_len) {
7715 u8 field_len = eir[0];
7716 u8 uuid[16];
7717 int i;
7718
7719 if (field_len == 0)
7720 break;
7721
7722 if (eir_len - parsed < field_len + 1)
7723 break;
7724
7725 switch (eir[1]) {
7726 case EIR_UUID16_ALL:
7727 case EIR_UUID16_SOME:
7728 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7729 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7730 uuid[13] = eir[i + 3];
7731 uuid[12] = eir[i + 2];
7732 if (has_uuid(uuid, uuid_count, uuids))
7733 return true;
7734 }
7735 break;
7736 case EIR_UUID32_ALL:
7737 case EIR_UUID32_SOME:
7738 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7739 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7740 uuid[15] = eir[i + 5];
7741 uuid[14] = eir[i + 4];
7742 uuid[13] = eir[i + 3];
7743 uuid[12] = eir[i + 2];
7744 if (has_uuid(uuid, uuid_count, uuids))
7745 return true;
7746 }
7747 break;
7748 case EIR_UUID128_ALL:
7749 case EIR_UUID128_SOME:
7750 for (i = 0; i + 17 <= field_len; i += 16) {
7751 memcpy(uuid, eir + i + 2, 16);
7752 if (has_uuid(uuid, uuid_count, uuids))
7753 return true;
7754 }
7755 break;
7756 }
7757
7758 parsed += field_len + 1;
7759 eir += field_len + 1;
7760 }
7761
b487b9ce
MH		 7762 return false;
7763}
7764
4b0e0ced
JP		 7765static void restart_le_scan(struct hci_dev *hdev)
7766{
7767 /* If controller is not scanning we are done. */
d7a5a11d 7768 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7769 return;
7770
7771 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7772 hdev->discovery.scan_start +
7773 hdev->discovery.scan_duration))
7774 return;
7775
7c1fbed2 7776 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7777 DISCOV_LE_RESTART_DELAY);
7778}
7779
48f86b7f
JP		 7780static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7781 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7782{
48f86b7f
JP		 7783 /* If a RSSI threshold has been specified, and
7784 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7785 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7786 * is set, let it through for further processing, as we might need to
7787 * restart the scan.
efb2513f
MH		 7788 *
7789 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7790 * the results are also dropped.
bda157a4
MH		 7791 */
7792 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7793 (rssi == HCI_RSSI_INVALID ||
7794 (rssi < hdev->discovery.rssi &&
7795 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7796 return false;
efb2513f 7797
2976cdeb
JP		 7798 if (hdev->discovery.uuid_count != 0) {
7799 /* If a list of UUIDs is provided in filter, results with no
7800 * matching UUID should be dropped.
b487b9ce 7801 */
2976cdeb
JP		 7802 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7803 hdev->discovery.uuids) &&
7804 !eir_has_uuids(scan_rsp, scan_rsp_len,
7805 hdev->discovery.uuid_count,
7806 hdev->discovery.uuids))
7807 return false;
b487b9ce 7808 }
5d2e9fad 7809
2976cdeb
JP		 7810 /* If duplicate filtering does not report RSSI changes, then restart
7811 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7812 */
2976cdeb
JP		 7813 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7814 restart_le_scan(hdev);
7815
7816 /* Validate RSSI value against the RSSI threshold once more. */
7817 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7818 rssi < hdev->discovery.rssi)
7819 return false;
7820 }
48f86b7f
JP		 7821
7822 return true;
7823}
7824
7825void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7826 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7827 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7828{
7829 char buf[512];
7830 struct mgmt_ev_device_found *ev = (void *)buf;
7831 size_t ev_size;
7832
7833 /* Don't send events for a non-kernel initiated discovery. With
7834 * LE one exception is if we have pend_le_reports > 0 in which
7835 * case we're doing passive scanning and want these events.
7836 */
7837 if (!hci_discovery_active(hdev)) {
7838 if (link_type == ACL_LINK)
7839 return;
7840 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7841 return;
7842 }
7843
82f8b651 7844 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7845 /* We are using service discovery */
7846 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7847 scan_rsp_len))
7848 return;
7849 }
7850
78b781ca
JH		 7851 if (hdev->discovery.limited) {
7852 /* Check for limited discoverable bit */
7853 if (dev_class) {
7854 if (!(dev_class[1] & 0x20))
7855 return;
7856 } else {
7857 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7858 if (!flags || !(flags[0] & LE_AD_LIMITED))
7859 return;
7860 }
7861 }
7862
48f86b7f
JP		 7863 /* Make sure that the buffer is big enough. The 5 extra bytes
7864 * are for the potential CoD field.
7865 */
7866 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7867 return;
7868
48f86b7f
JP		 7869 memset(buf, 0, sizeof(buf));
7870
7871 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7872 * RSSI value was reported as 0 when not available. This behavior
7873 * is kept when using device discovery. This is required for full
7874 * backwards compatibility with the API.
7875 *
7876 * However when using service discovery, the value 127 will be
7877 * returned when the RSSI is not available.
7878 */
7879 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7880 link_type == ACL_LINK)
7881 rssi = 0;
7882
7883 bacpy(&ev->addr.bdaddr, bdaddr);
7884 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7885 ev->rssi = rssi;
7886 ev->flags = cpu_to_le32(flags);
7887
7888 if (eir_len > 0)
7889 /* Copy EIR or advertising data into event */
7890 memcpy(ev->eir, eir, eir_len);
7891
0d3b7f64
JH		 7892 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7893 NULL))
48f86b7f
JP		 7894 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7895 dev_class, 3);
7896
7897 if (scan_rsp_len > 0)
7898 /* Append scan response data to event */
7899 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7900
5d2e9fad
JH		 7901 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7902 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7903
901801b9 7904 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7905}
a88a9652 7906
9cf12aee
MH		 7907void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7908 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7909{
b644ba33
JH		 7910 struct mgmt_ev_device_found *ev;
7911 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7912 u16 eir_len;
a88a9652 7913
b644ba33 7914 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7915
b644ba33
JH		 7916 memset(buf, 0, sizeof(buf));
7917
7918 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7919 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7920 ev->rssi = rssi;
7921
7922 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7923 name_len);
b644ba33 7924
eb55ef07 7925 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7926
9cf12aee 7927 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7928}
314b2381 7929
2f1e063b 7930void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7931{
f963e8e9 7932 struct mgmt_ev_discovering ev;
164a6e78 7933
343fb145
AG		 7934 BT_DBG("%s discovering %u", hdev->name, discovering);
7935
f963e8e9
JH		 7936 memset(&ev, 0, sizeof(ev));
7937 ev.type = hdev->discovery.type;
7938 ev.discovering = discovering;
7939
2f1e063b 7940 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7941}
5e762444 7942
6d785aa3
JH		 7943static struct hci_mgmt_chan chan = {
7944 .channel = HCI_CHANNEL_CONTROL,
7945 .handler_count = ARRAY_SIZE(mgmt_handlers),
7946 .handlers = mgmt_handlers,
88b94ce9 7947 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7948};
7949
7950int mgmt_init(void)
7951{
7952 return hci_mgmt_chan_register(&chan);
7953}
7954
7955void mgmt_exit(void)
7956{
7957 hci_mgmt_chan_unregister(&chan);
7958}
Linux 6.x block layer and io_uring tree(s)