projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: Fix sending Device Removed when clearing all parameters
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
4bc58f51 32#include <net/bluetooth/l2cap.h>
0381101f 33#include <net/bluetooth/mgmt.h>
ac4b7236
MH		 34
35#include "smp.h"
0381101f 36
2da9c55c 37#define MGMT_VERSION 1
730f091b 38#define MGMT_REVISION 7
02d98129 39
e70bb2e8
JH		 40static const u16 mgmt_commands[] = {
41 MGMT_OP_READ_INDEX_LIST,
42 MGMT_OP_READ_INFO,
43 MGMT_OP_SET_POWERED,
44 MGMT_OP_SET_DISCOVERABLE,
45 MGMT_OP_SET_CONNECTABLE,
46 MGMT_OP_SET_FAST_CONNECTABLE,
47 MGMT_OP_SET_PAIRABLE,
48 MGMT_OP_SET_LINK_SECURITY,
49 MGMT_OP_SET_SSP,
50 MGMT_OP_SET_HS,
51 MGMT_OP_SET_LE,
52 MGMT_OP_SET_DEV_CLASS,
53 MGMT_OP_SET_LOCAL_NAME,
54 MGMT_OP_ADD_UUID,
55 MGMT_OP_REMOVE_UUID,
56 MGMT_OP_LOAD_LINK_KEYS,
57 MGMT_OP_LOAD_LONG_TERM_KEYS,
58 MGMT_OP_DISCONNECT,
59 MGMT_OP_GET_CONNECTIONS,
60 MGMT_OP_PIN_CODE_REPLY,
61 MGMT_OP_PIN_CODE_NEG_REPLY,
62 MGMT_OP_SET_IO_CAPABILITY,
63 MGMT_OP_PAIR_DEVICE,
64 MGMT_OP_CANCEL_PAIR_DEVICE,
65 MGMT_OP_UNPAIR_DEVICE,
66 MGMT_OP_USER_CONFIRM_REPLY,
67 MGMT_OP_USER_CONFIRM_NEG_REPLY,
68 MGMT_OP_USER_PASSKEY_REPLY,
69 MGMT_OP_USER_PASSKEY_NEG_REPLY,
70 MGMT_OP_READ_LOCAL_OOB_DATA,
71 MGMT_OP_ADD_REMOTE_OOB_DATA,
72 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
73 MGMT_OP_START_DISCOVERY,
74 MGMT_OP_STOP_DISCOVERY,
75 MGMT_OP_CONFIRM_NAME,
76 MGMT_OP_BLOCK_DEVICE,
77 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 78 MGMT_OP_SET_DEVICE_ID,
4375f103 79 MGMT_OP_SET_ADVERTISING,
0663ca2a 80 MGMT_OP_SET_BREDR,
d13eafce 81 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 82 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 83 MGMT_OP_SET_SECURE_CONN,
4e39ac81 84 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 85 MGMT_OP_SET_PRIVACY,
41edf160 86 MGMT_OP_LOAD_IRKS,
dd983808 87 MGMT_OP_GET_CONN_INFO,
95868426 88 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 89 MGMT_OP_ADD_DEVICE,
90 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 91 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 92 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 93 MGMT_OP_READ_CONFIG_INFO,
dbece37a 94 MGMT_OP_SET_EXTERNAL_CONFIG,
e70bb2e8
JH		 95};
96
97static const u16 mgmt_events[] = {
98 MGMT_EV_CONTROLLER_ERROR,
99 MGMT_EV_INDEX_ADDED,
100 MGMT_EV_INDEX_REMOVED,
101 MGMT_EV_NEW_SETTINGS,
102 MGMT_EV_CLASS_OF_DEV_CHANGED,
103 MGMT_EV_LOCAL_NAME_CHANGED,
104 MGMT_EV_NEW_LINK_KEY,
105 MGMT_EV_NEW_LONG_TERM_KEY,
106 MGMT_EV_DEVICE_CONNECTED,
107 MGMT_EV_DEVICE_DISCONNECTED,
108 MGMT_EV_CONNECT_FAILED,
109 MGMT_EV_PIN_CODE_REQUEST,
110 MGMT_EV_USER_CONFIRM_REQUEST,
111 MGMT_EV_USER_PASSKEY_REQUEST,
112 MGMT_EV_AUTH_FAILED,
113 MGMT_EV_DEVICE_FOUND,
114 MGMT_EV_DISCOVERING,
115 MGMT_EV_DEVICE_BLOCKED,
116 MGMT_EV_DEVICE_UNBLOCKED,
117 MGMT_EV_DEVICE_UNPAIRED,
92a25256 118 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 119 MGMT_EV_NEW_IRK,
7ee4ea36 120 MGMT_EV_NEW_CSRK,
8afef092
MH		 121 MGMT_EV_DEVICE_ADDED,
122 MGMT_EV_DEVICE_REMOVED,
ffb5a827 123 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 124 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 125 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 126 MGMT_EV_NEW_CONFIG_OPTIONS,
e70bb2e8
JH		 127};
128
17b02e62 129#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 130
4b34ee78
JH		 131#define hdev_is_powered(hdev) (test_bit(HCI_UP, &hdev->flags) && \
132 !test_bit(HCI_AUTO_OFF, &hdev->dev_flags))
133
eec8d2bc
JH		 134struct pending_cmd {
135 struct list_head list;
fc2f4b13 136 u16 opcode;
eec8d2bc 137 int index;
c68fb7ff 138 void *param;
eec8d2bc 139 struct sock *sk;
e9a416b5 140 void *user_data;
eec8d2bc
JH		 141};
142
ca69b795
JH		 143/* HCI to MGMT error code conversion table */
144static u8 mgmt_status_table[] = {
145 MGMT_STATUS_SUCCESS,
146 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
147 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
148 MGMT_STATUS_FAILED, /* Hardware Failure */
149 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
150 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 151 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 152 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
153 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
154 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
155 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
156 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
157 MGMT_STATUS_BUSY, /* Command Disallowed */
158 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
159 MGMT_STATUS_REJECTED, /* Rejected Security */
160 MGMT_STATUS_REJECTED, /* Rejected Personal */
161 MGMT_STATUS_TIMEOUT, /* Host Timeout */
162 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
163 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
164 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
165 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
166 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
167 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
168 MGMT_STATUS_BUSY, /* Repeated Attempts */
169 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
170 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
171 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
172 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
173 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
174 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
175 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
176 MGMT_STATUS_FAILED, /* Unspecified Error */
177 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
178 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
179 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
180 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
181 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
182 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
183 MGMT_STATUS_FAILED, /* Unit Link Key Used */
184 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
185 MGMT_STATUS_TIMEOUT, /* Instant Passed */
186 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
187 MGMT_STATUS_FAILED, /* Transaction Collision */
188 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
189 MGMT_STATUS_REJECTED, /* QoS Rejected */
190 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
191 MGMT_STATUS_REJECTED, /* Insufficient Security */
192 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
193 MGMT_STATUS_BUSY, /* Role Switch Pending */
194 MGMT_STATUS_FAILED, /* Slot Violation */
195 MGMT_STATUS_FAILED, /* Role Switch Failed */
196 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
197 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
198 MGMT_STATUS_BUSY, /* Host Busy Pairing */
199 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
200 MGMT_STATUS_BUSY, /* Controller Busy */
201 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
202 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
203 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
204 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
205 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
206};
207
208static u8 mgmt_status(u8 hci_status)
209{
210 if (hci_status < ARRAY_SIZE(mgmt_status_table))
211 return mgmt_status_table[hci_status];
212
213 return MGMT_STATUS_FAILED;
214}
215
04c60f05
MH		 216static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 data_len,
217 struct sock *skip_sk)
218{
219 struct sk_buff *skb;
220 struct mgmt_hdr *hdr;
221
222 skb = alloc_skb(sizeof(*hdr) + data_len, GFP_KERNEL);
223 if (!skb)
224 return -ENOMEM;
225
226 hdr = (void *) skb_put(skb, sizeof(*hdr));
227 hdr->opcode = cpu_to_le16(event);
228 if (hdev)
229 hdr->index = cpu_to_le16(hdev->id);
230 else
231 hdr->index = cpu_to_le16(MGMT_INDEX_NONE);
232 hdr->len = cpu_to_le16(data_len);
233
234 if (data)
235 memcpy(skb_put(skb, data_len), data, data_len);
236
237 /* Time stamp */
238 __net_timestamp(skb);
239
240 hci_send_to_control(skb, skip_sk);
241 kfree_skb(skb);
242
243 return 0;
244}
245
4e51eae9 246static int cmd_status(struct sock *sk, u16 index, u16 cmd, u8 status)
f7b64e69
JH		 247{
248 struct sk_buff *skb;
249 struct mgmt_hdr *hdr;
250 struct mgmt_ev_cmd_status *ev;
56b7d137 251 int err;
f7b64e69 252
34eb525c 253 BT_DBG("sock %p, index %u, cmd %u, status %u", sk, index, cmd, status);
f7b64e69 254
790eff44 255 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev), GFP_KERNEL);
f7b64e69
JH		 256 if (!skb)
257 return -ENOMEM;
258
259 hdr = (void *) skb_put(skb, sizeof(*hdr));
260
dcf4adbf 261 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_STATUS);
4e51eae9 262 hdr->index = cpu_to_le16(index);
f7b64e69
JH		 263 hdr->len = cpu_to_le16(sizeof(*ev));
264
265 ev = (void *) skb_put(skb, sizeof(*ev));
266 ev->status = status;
eb55ef07 267 ev->opcode = cpu_to_le16(cmd);
f7b64e69 268
56b7d137
GP		 269 err = sock_queue_rcv_skb(sk, skb);
270 if (err < 0)
f7b64e69
JH		 271 kfree_skb(skb);
272
56b7d137 273 return err;
f7b64e69
JH		 274}
275
aee9b218 276static int cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status,
04124681 277 void *rp, size_t rp_len)
02d98129
JH		 278{
279 struct sk_buff *skb;
280 struct mgmt_hdr *hdr;
281 struct mgmt_ev_cmd_complete *ev;
56b7d137 282 int err;
02d98129
JH		 283
284 BT_DBG("sock %p", sk);
285
790eff44 286 skb = alloc_skb(sizeof(*hdr) + sizeof(*ev) + rp_len, GFP_KERNEL);
02d98129
JH		 287 if (!skb)
288 return -ENOMEM;
289
290 hdr = (void *) skb_put(skb, sizeof(*hdr));
02d98129 291
dcf4adbf 292 hdr->opcode = cpu_to_le16(MGMT_EV_CMD_COMPLETE);
4e51eae9 293 hdr->index = cpu_to_le16(index);
a38528f1 294 hdr->len = cpu_to_le16(sizeof(*ev) + rp_len);
02d98129 295
a38528f1 296 ev = (void *) skb_put(skb, sizeof(*ev) + rp_len);
eb55ef07 297 ev->opcode = cpu_to_le16(cmd);
aee9b218 298 ev->status = status;
8020c16a
SJ		 299
300 if (rp)
301 memcpy(ev->data, rp, rp_len);
02d98129 302
56b7d137
GP		 303 err = sock_queue_rcv_skb(sk, skb);
304 if (err < 0)
02d98129
JH		 305 kfree_skb(skb);
306
e5f0e151 307 return err;
02d98129
JH		 308}
309
04124681
GP		 310static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
311 u16 data_len)
a38528f1
JH		 312{
313 struct mgmt_rp_read_version rp;
314
315 BT_DBG("sock %p", sk);
316
317 rp.version = MGMT_VERSION;
dcf4adbf 318 rp.revision = cpu_to_le16(MGMT_REVISION);
a38528f1 319
aee9b218 320 return cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0, &rp,
04124681 321 sizeof(rp));
a38528f1
JH		 322}
323
04124681
GP		 324static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
325 u16 data_len)
e70bb2e8
JH		 326{
327 struct mgmt_rp_read_commands *rp;
eb55ef07
MH		 328 const u16 num_commands = ARRAY_SIZE(mgmt_commands);
329 const u16 num_events = ARRAY_SIZE(mgmt_events);
2e3c35ea 330 __le16 *opcode;
e70bb2e8
JH		 331 size_t rp_size;
332 int i, err;
333
334 BT_DBG("sock %p", sk);
335
336 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
337
338 rp = kmalloc(rp_size, GFP_KERNEL);
339 if (!rp)
340 return -ENOMEM;
341
dcf4adbf
JP		 342 rp->num_commands = cpu_to_le16(num_commands);
343 rp->num_events = cpu_to_le16(num_events);
e70bb2e8
JH		 344
345 for (i = 0, opcode = rp->opcodes; i < num_commands; i++, opcode++)
346 put_unaligned_le16(mgmt_commands[i], opcode);
347
348 for (i = 0; i < num_events; i++, opcode++)
349 put_unaligned_le16(mgmt_events[i], opcode);
350
aee9b218 351 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0, rp,
04124681 352 rp_size);
e70bb2e8
JH		 353 kfree(rp);
354
355 return err;
356}
357
04124681
GP		 358static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
359 u16 data_len)
faba42eb 360{
faba42eb 361 struct mgmt_rp_read_index_list *rp;
8035ded4 362 struct hci_dev *d;
a38528f1 363 size_t rp_len;
faba42eb 364 u16 count;
476e44cb 365 int err;
faba42eb
JH		 366
367 BT_DBG("sock %p", sk);
368
369 read_lock(&hci_dev_list_lock);
370
371 count = 0;
bb4b2a9a 372 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 373 if (d->dev_type == HCI_BREDR &&
374 !test_bit(HCI_UNCONFIGURED, &d->dev_flags))
1514b892 375 count++;
faba42eb
JH		 376 }
377
a38528f1
JH		 378 rp_len = sizeof(*rp) + (2 * count);
379 rp = kmalloc(rp_len, GFP_ATOMIC);
380 if (!rp) {
b2c60d42 381 read_unlock(&hci_dev_list_lock);
faba42eb 382 return -ENOMEM;
b2c60d42 383 }
faba42eb 384
476e44cb 385 count = 0;
8035ded4 386 list_for_each_entry(d, &hci_dev_list, list) {
73d1df2a
MH		 387 if (test_bit(HCI_SETUP, &d->dev_flags) ||
388 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
ab81cbf9
JH		 389 continue;
390
73d1df2a
MH		 391 /* Devices marked as raw-only are neither configured
392 * nor unconfigured controllers.
393 */
394 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 395 continue;
396
73d1df2a
MH		 397 if (d->dev_type == HCI_BREDR &&
398 !test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
1514b892
MH		 399 rp->index[count++] = cpu_to_le16(d->id);
400 BT_DBG("Added hci%u", d->id);
401 }
faba42eb
JH		 402 }
403
476e44cb
JH		 404 rp->num_controllers = cpu_to_le16(count);
405 rp_len = sizeof(*rp) + (2 * count);
406
faba42eb
JH		 407 read_unlock(&hci_dev_list_lock);
408
aee9b218 409 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST, 0, rp,
04124681 410 rp_len);
faba42eb 411
a38528f1
JH		 412 kfree(rp);
413
414 return err;
faba42eb
JH		 415}
416
73d1df2a
MH		 417static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
418 void *data, u16 data_len)
419{
420 struct mgmt_rp_read_unconf_index_list *rp;
421 struct hci_dev *d;
422 size_t rp_len;
423 u16 count;
424 int err;
425
426 BT_DBG("sock %p", sk);
427
428 read_lock(&hci_dev_list_lock);
429
430 count = 0;
431 list_for_each_entry(d, &hci_dev_list, list) {
432 if (d->dev_type == HCI_BREDR &&
433 test_bit(HCI_UNCONFIGURED, &d->dev_flags))
434 count++;
435 }
436
437 rp_len = sizeof(*rp) + (2 * count);
438 rp = kmalloc(rp_len, GFP_ATOMIC);
439 if (!rp) {
440 read_unlock(&hci_dev_list_lock);
441 return -ENOMEM;
442 }
443
444 count = 0;
445 list_for_each_entry(d, &hci_dev_list, list) {
446 if (test_bit(HCI_SETUP, &d->dev_flags) ||
447 test_bit(HCI_USER_CHANNEL, &d->dev_flags))
448 continue;
449
450 /* Devices marked as raw-only are neither configured
451 * nor unconfigured controllers.
452 */
453 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
454 continue;
455
456 if (d->dev_type == HCI_BREDR &&
457 test_bit(HCI_UNCONFIGURED, &d->dev_flags)) {
458 rp->index[count++] = cpu_to_le16(d->id);
459 BT_DBG("Added hci%u", d->id);
460 }
461 }
462
463 rp->num_controllers = cpu_to_le16(count);
464 rp_len = sizeof(*rp) + (2 * count);
465
466 read_unlock(&hci_dev_list_lock);
467
468 err = cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_UNCONF_INDEX_LIST,
469 0, rp, rp_len);
470
471 kfree(rp);
472
473 return err;
474}
475
dbece37a
MH		 476static bool is_configured(struct hci_dev *hdev)
477{
478 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
479 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
480 return false;
481
482 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
483 !bacmp(&hdev->public_addr, BDADDR_ANY))
484 return false;
485
486 return true;
487}
488
89bc22d2
MH		 489static __le32 get_missing_options(struct hci_dev *hdev)
490{
491 u32 options = 0;
492
dbece37a
MH		 493 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
494 !test_bit(HCI_EXT_CONFIGURED, &hdev->dev_flags))
eb1904f4
MH		 495 options |= MGMT_OPTION_EXTERNAL_CONFIG;
496
89bc22d2
MH		 497 if (test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) &&
498 !bacmp(&hdev->public_addr, BDADDR_ANY))
499 options |= MGMT_OPTION_PUBLIC_ADDRESS;
500
501 return cpu_to_le32(options);
502}
503
f4537c04
MH		 504static int new_options(struct hci_dev *hdev, struct sock *skip)
505{
506 __le32 options = get_missing_options(hdev);
507
508 return mgmt_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
509 sizeof(options), skip);
510}
511
dbece37a
MH		 512static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
513{
514 __le32 options = get_missing_options(hdev);
515
516 return cmd_complete(sk, hdev->id, opcode, 0, &options,
517 sizeof(options));
518}
519
9fc3bfb6
MH		 520static int read_config_info(struct sock *sk, struct hci_dev *hdev,
521 void *data, u16 data_len)
522{
523 struct mgmt_rp_read_config_info rp;
89bc22d2 524 u32 options = 0;
9fc3bfb6
MH		 525
526 BT_DBG("sock %p %s", sk, hdev->name);
527
528 hci_dev_lock(hdev);
529
530 memset(&rp, 0, sizeof(rp));
531 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 532
eb1904f4
MH		 533 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
534 options |= MGMT_OPTION_EXTERNAL_CONFIG;
535
9fc3bfb6 536 if (hdev->set_bdaddr)
89bc22d2
MH		 537 options |= MGMT_OPTION_PUBLIC_ADDRESS;
538
539 rp.supported_options = cpu_to_le32(options);
540 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 541
542 hci_dev_unlock(hdev);
543
544 return cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0, &rp,
545 sizeof(rp));
546}
547
69ab39ea
JH		 548static u32 get_supported_settings(struct hci_dev *hdev)
549{
550 u32 settings = 0;
551
552 settings |= MGMT_SETTING_POWERED;
69ab39ea 553 settings |= MGMT_SETTING_PAIRABLE;
b1de97d8 554 settings |= MGMT_SETTING_DEBUG_KEYS;
69ab39ea 555
ed3fa31f 556 if (lmp_bredr_capable(hdev)) {
33c525c0 557 settings |= MGMT_SETTING_CONNECTABLE;
1a47aee8
JH		 558 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
559 settings |= MGMT_SETTING_FAST_CONNECTABLE;
33c525c0 560 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea
JH		 561 settings |= MGMT_SETTING_BREDR;
562 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 563
564 if (lmp_ssp_capable(hdev)) {
565 settings |= MGMT_SETTING_SSP;
566 settings |= MGMT_SETTING_HS;
567 }
e98d2ce2 568
5afeac14 569 if (lmp_sc_capable(hdev) ||
111902f7 570 test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
e98d2ce2 571 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 572 }
d7b7e796 573
eeca6f89 574 if (lmp_le_capable(hdev)) {
9d42820f 575 settings |= MGMT_SETTING_LE;
eeca6f89 576 settings |= MGMT_SETTING_ADVERTISING;
0f4bd942 577 settings |= MGMT_SETTING_PRIVACY;
eeca6f89 578 }
69ab39ea 579
eb1904f4
MH		 580 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
581 hdev->set_bdaddr)
9fc3bfb6
MH		 582 settings |= MGMT_SETTING_CONFIGURATION;
583
69ab39ea
JH		 584 return settings;
585}
586
587static u32 get_current_settings(struct hci_dev *hdev)
588{
589 u32 settings = 0;
590
f1f0eb02 591 if (hdev_is_powered(hdev))
f0d4b78a
MH		 592 settings |= MGMT_SETTING_POWERED;
593
5e5282bb 594 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
69ab39ea
JH		 595 settings |= MGMT_SETTING_CONNECTABLE;
596
1a4d3c4b
JH		 597 if (test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
598 settings |= MGMT_SETTING_FAST_CONNECTABLE;
599
5e5282bb 600 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
69ab39ea
JH		 601 settings |= MGMT_SETTING_DISCOVERABLE;
602
a8b2d5c2 603 if (test_bit(HCI_PAIRABLE, &hdev->dev_flags))
69ab39ea
JH		 604 settings |= MGMT_SETTING_PAIRABLE;
605
56f87901 606 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 607 settings |= MGMT_SETTING_BREDR;
608
06199cf8 609 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 610 settings |= MGMT_SETTING_LE;
611
47990ea0 612 if (test_bit(HCI_LINK_SECURITY, &hdev->dev_flags))
69ab39ea
JH		 613 settings |= MGMT_SETTING_LINK_SECURITY;
614
84bde9d6 615 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
69ab39ea
JH		 616 settings |= MGMT_SETTING_SSP;
617
6d80dfd0
JH		 618 if (test_bit(HCI_HS_ENABLED, &hdev->dev_flags))
619 settings |= MGMT_SETTING_HS;
620
f3d3444a 621 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
eeca6f89
JH		 622 settings |= MGMT_SETTING_ADVERTISING;
623
e98d2ce2
MH		 624 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
625 settings |= MGMT_SETTING_SECURE_CONN;
626
0663b297 627 if (test_bit(HCI_KEEP_DEBUG_KEYS, &hdev->dev_flags))
b1de97d8
MH		 628 settings |= MGMT_SETTING_DEBUG_KEYS;
629
0f4bd942
JH		 630 if (test_bit(HCI_PRIVACY, &hdev->dev_flags))
631 settings |= MGMT_SETTING_PRIVACY;
632
69ab39ea
JH		 633 return settings;
634}
635
ef580372
JH		 636#define PNP_INFO_SVCLASS_ID 0x1200
637
213202ed
JH		 638static u8 *create_uuid16_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
639{
640 u8 *ptr = data, *uuids_start = NULL;
641 struct bt_uuid *uuid;
642
643 if (len < 4)
644 return ptr;
645
646 list_for_each_entry(uuid, &hdev->uuids, list) {
647 u16 uuid16;
648
649 if (uuid->size != 16)
650 continue;
651
652 uuid16 = get_unaligned_le16(&uuid->uuid[12]);
653 if (uuid16 < 0x1100)
654 continue;
655
656 if (uuid16 == PNP_INFO_SVCLASS_ID)
657 continue;
658
659 if (!uuids_start) {
660 uuids_start = ptr;
661 uuids_start[0] = 1;
662 uuids_start[1] = EIR_UUID16_ALL;
663 ptr += 2;
664 }
665
666 /* Stop if not enough space to put next UUID */
667 if ((ptr - data) + sizeof(u16) > len) {
668 uuids_start[1] = EIR_UUID16_SOME;
669 break;
670 }
671
672 *ptr++ = (uuid16 & 0x00ff);
673 *ptr++ = (uuid16 & 0xff00) >> 8;
674 uuids_start[0] += sizeof(uuid16);
675 }
676
677 return ptr;
678}
679
cdf1963f
JH		 680static u8 *create_uuid32_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
681{
682 u8 *ptr = data, *uuids_start = NULL;
683 struct bt_uuid *uuid;
684
685 if (len < 6)
686 return ptr;
687
688 list_for_each_entry(uuid, &hdev->uuids, list) {
689 if (uuid->size != 32)
690 continue;
691
692 if (!uuids_start) {
693 uuids_start = ptr;
694 uuids_start[0] = 1;
695 uuids_start[1] = EIR_UUID32_ALL;
696 ptr += 2;
697 }
698
699 /* Stop if not enough space to put next UUID */
700 if ((ptr - data) + sizeof(u32) > len) {
701 uuids_start[1] = EIR_UUID32_SOME;
702 break;
703 }
704
705 memcpy(ptr, &uuid->uuid[12], sizeof(u32));
706 ptr += sizeof(u32);
707 uuids_start[0] += sizeof(u32);
708 }
709
710 return ptr;
711}
712
c00d575b
JH		 713static u8 *create_uuid128_list(struct hci_dev *hdev, u8 *data, ptrdiff_t len)
714{
715 u8 *ptr = data, *uuids_start = NULL;
716 struct bt_uuid *uuid;
717
718 if (len < 18)
719 return ptr;
720
721 list_for_each_entry(uuid, &hdev->uuids, list) {
722 if (uuid->size != 128)
723 continue;
724
725 if (!uuids_start) {
726 uuids_start = ptr;
727 uuids_start[0] = 1;
728 uuids_start[1] = EIR_UUID128_ALL;
729 ptr += 2;
730 }
731
732 /* Stop if not enough space to put next UUID */
733 if ((ptr - data) + 16 > len) {
734 uuids_start[1] = EIR_UUID128_SOME;
735 break;
736 }
737
738 memcpy(ptr, uuid->uuid, 16);
739 ptr += 16;
740 uuids_start[0] += 16;
741 }
742
743 return ptr;
744}
745
eb2a8d20
JH		 746static struct pending_cmd *mgmt_pending_find(u16 opcode, struct hci_dev *hdev)
747{
748 struct pending_cmd *cmd;
749
750 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
751 if (cmd->opcode == opcode)
752 return cmd;
753 }
754
755 return NULL;
756}
757
95868426
JH		 758static struct pending_cmd *mgmt_pending_find_data(u16 opcode,
759 struct hci_dev *hdev,
760 const void *data)
761{
762 struct pending_cmd *cmd;
763
764 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
765 if (cmd->user_data != data)
766 continue;
767 if (cmd->opcode == opcode)
768 return cmd;
769 }
770
771 return NULL;
772}
773
f14d8f64
MH		 774static u8 create_scan_rsp_data(struct hci_dev *hdev, u8 *ptr)
775{
7a5f4990
MH		 776 u8 ad_len = 0;
777 size_t name_len;
778
779 name_len = strlen(hdev->dev_name);
780 if (name_len > 0) {
781 size_t max_len = HCI_MAX_AD_LENGTH - ad_len - 2;
782
783 if (name_len > max_len) {
784 name_len = max_len;
785 ptr[1] = EIR_NAME_SHORT;
786 } else
787 ptr[1] = EIR_NAME_COMPLETE;
788
789 ptr[0] = name_len + 1;
790
791 memcpy(ptr + 2, hdev->dev_name, name_len);
792
793 ad_len += (name_len + 2);
794 ptr += (name_len + 2);
795 }
796
797 return ad_len;
f14d8f64
MH		 798}
799
800static void update_scan_rsp_data(struct hci_request *req)
801{
802 struct hci_dev *hdev = req->hdev;
803 struct hci_cp_le_set_scan_rsp_data cp;
804 u8 len;
805
7751ef1b 806 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
f14d8f64
MH		 807 return;
808
809 memset(&cp, 0, sizeof(cp));
810
811 len = create_scan_rsp_data(hdev, cp.data);
812
eb438b5f
JH		 813 if (hdev->scan_rsp_data_len == len &&
814 memcmp(cp.data, hdev->scan_rsp_data, len) == 0)
f14d8f64
MH		 815 return;
816
eb438b5f
JH		 817 memcpy(hdev->scan_rsp_data, cp.data, sizeof(cp.data));
818 hdev->scan_rsp_data_len = len;
f14d8f64
MH		 819
820 cp.length = len;
821
822 hci_req_add(req, HCI_OP_LE_SET_SCAN_RSP_DATA, sizeof(cp), &cp);
823}
824
9a43e25f
JH		 825static u8 get_adv_discov_flags(struct hci_dev *hdev)
826{
827 struct pending_cmd *cmd;
828
829 /* If there's a pending mgmt command the flags will not yet have
830 * their final values, so check for this first.
831 */
832 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
833 if (cmd) {
834 struct mgmt_mode *cp = cmd->param;
835 if (cp->val == 0x01)
836 return LE_AD_GENERAL;
837 else if (cp->val == 0x02)
838 return LE_AD_LIMITED;
839 } else {
840 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
841 return LE_AD_LIMITED;
842 else if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
843 return LE_AD_GENERAL;
844 }
845
846 return 0;
847}
848
46cad2ed 849static u8 create_adv_data(struct hci_dev *hdev, u8 *ptr)
441ad2d0
MH		 850{
851 u8 ad_len = 0, flags = 0;
441ad2d0 852
9a43e25f 853 flags |= get_adv_discov_flags(hdev);
441ad2d0 854
e834004b 855 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
441ad2d0 856 flags |= LE_AD_NO_BREDR;
441ad2d0
MH		 857
858 if (flags) {
859 BT_DBG("adv flags 0x%02x", flags);
860
861 ptr[0] = 2;
862 ptr[1] = EIR_FLAGS;
863 ptr[2] = flags;
864
865 ad_len += 3;
866 ptr += 3;
867 }
868
869 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID) {
870 ptr[0] = 2;
871 ptr[1] = EIR_TX_POWER;
872 ptr[2] = (u8) hdev->adv_tx_power;
873
874 ad_len += 3;
875 ptr += 3;
876 }
877
441ad2d0
MH		 878 return ad_len;
879}
880
5947f4bc 881static void update_adv_data(struct hci_request *req)
441ad2d0
MH		 882{
883 struct hci_dev *hdev = req->hdev;
884 struct hci_cp_le_set_adv_data cp;
885 u8 len;
886
10994ce6 887 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
441ad2d0
MH		 888 return;
889
890 memset(&cp, 0, sizeof(cp));
891
46cad2ed 892 len = create_adv_data(hdev, cp.data);
441ad2d0
MH		 893
894 if (hdev->adv_data_len == len &&
895 memcmp(cp.data, hdev->adv_data, len) == 0)
896 return;
897
898 memcpy(hdev->adv_data, cp.data, sizeof(cp.data));
899 hdev->adv_data_len = len;
900
901 cp.length = len;
902
903 hci_req_add(req, HCI_OP_LE_SET_ADV_DATA, sizeof(cp), &cp);
904}
905
ef580372
JH		 906static void create_eir(struct hci_dev *hdev, u8 *data)
907{
908 u8 *ptr = data;
ef580372
JH		 909 size_t name_len;
910
911 name_len = strlen(hdev->dev_name);
912
913 if (name_len > 0) {
914 /* EIR Data type */
915 if (name_len > 48) {
916 name_len = 48;
917 ptr[1] = EIR_NAME_SHORT;
918 } else
919 ptr[1] = EIR_NAME_COMPLETE;
920
921 /* EIR Data length */
922 ptr[0] = name_len + 1;
923
924 memcpy(ptr + 2, hdev->dev_name, name_len);
925
ef580372
JH		 926 ptr += (name_len + 2);
927 }
928
bbaf444a 929 if (hdev->inq_tx_power != HCI_TX_POWER_INVALID) {
91c4e9b1
MH		 930 ptr[0] = 2;
931 ptr[1] = EIR_TX_POWER;
932 ptr[2] = (u8) hdev->inq_tx_power;
933
91c4e9b1
MH		 934 ptr += 3;
935 }
936
2b9be137
MH		 937 if (hdev->devid_source > 0) {
938 ptr[0] = 9;
939 ptr[1] = EIR_DEVICE_ID;
940
941 put_unaligned_le16(hdev->devid_source, ptr + 2);
942 put_unaligned_le16(hdev->devid_vendor, ptr + 4);
943 put_unaligned_le16(hdev->devid_product, ptr + 6);
944 put_unaligned_le16(hdev->devid_version, ptr + 8);
945
2b9be137
MH		 946 ptr += 10;
947 }
948
213202ed 949 ptr = create_uuid16_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
cdf1963f 950 ptr = create_uuid32_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
c00d575b 951 ptr = create_uuid128_list(hdev, ptr, HCI_MAX_EIR_LENGTH - (ptr - data));
ef580372
JH		 952}
953
890ea898 954static void update_eir(struct hci_request *req)
ef580372 955{
890ea898 956 struct hci_dev *hdev = req->hdev;
ef580372
JH		 957 struct hci_cp_write_eir cp;
958
504c8dcd 959 if (!hdev_is_powered(hdev))
890ea898 960 return;
7770c4aa 961
976eb20e 962 if (!lmp_ext_inq_capable(hdev))
890ea898 963 return;
ef580372 964
84bde9d6 965 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
890ea898 966 return;
ef580372 967
a8b2d5c2 968 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 969 return;
ef580372
JH		 970
971 memset(&cp, 0, sizeof(cp));
972
973 create_eir(hdev, cp.data);
974
975 if (memcmp(cp.data, hdev->eir, sizeof(cp.data)) == 0)
890ea898 976 return;
ef580372
JH		 977
978 memcpy(hdev->eir, cp.data, sizeof(cp.data));
979
890ea898 980 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
ef580372
JH		 981}
982
983static u8 get_service_classes(struct hci_dev *hdev)
984{
985 struct bt_uuid *uuid;
986 u8 val = 0;
987
988 list_for_each_entry(uuid, &hdev->uuids, list)
989 val |= uuid->svc_hint;
990
991 return val;
992}
993
890ea898 994static void update_class(struct hci_request *req)
ef580372 995{
890ea898 996 struct hci_dev *hdev = req->hdev;
ef580372
JH		 997 u8 cod[3];
998
999 BT_DBG("%s", hdev->name);
1000
504c8dcd 1001 if (!hdev_is_powered(hdev))
890ea898 1002 return;
7770c4aa 1003
f87ea1da
JH		 1004 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1005 return;
1006
a8b2d5c2 1007 if (test_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
890ea898 1008 return;
ef580372
JH		 1009
1010 cod[0] = hdev->minor_class;
1011 cod[1] = hdev->major_class;
1012 cod[2] = get_service_classes(hdev);
1013
6acd7db4
MH		 1014 if (test_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags))
1015 cod[1] |= 0x20;
1016
ef580372 1017 if (memcmp(cod, hdev->dev_class, 3) == 0)
890ea898 1018 return;
ef580372 1019
890ea898 1020 hci_req_add(req, HCI_OP_WRITE_CLASS_OF_DEV, sizeof(cod), cod);
ef580372
JH		 1021}
1022
a4858cb9 1023static bool get_connectable(struct hci_dev *hdev)
199a2fb1
JH		 1024{
1025 struct pending_cmd *cmd;
199a2fb1
JH		 1026
1027 /* If there's a pending mgmt command the flag will not yet have
1028 * it's final value, so check for this first.
1029 */
1030 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1031 if (cmd) {
1032 struct mgmt_mode *cp = cmd->param;
a4858cb9 1033 return cp->val;
199a2fb1
JH		 1034 }
1035
a4858cb9 1036 return test_bit(HCI_CONNECTABLE, &hdev->dev_flags);
199a2fb1
JH		 1037}
1038
1039static void enable_advertising(struct hci_request *req)
1040{
1041 struct hci_dev *hdev = req->hdev;
1042 struct hci_cp_le_set_adv_param cp;
8f2a0601 1043 u8 own_addr_type, enable = 0x01;
a4858cb9 1044 bool connectable;
199a2fb1 1045
8d97250e
JH		 1046 /* Clear the HCI_ADVERTISING bit temporarily so that the
1047 * hci_update_random_address knows that it's safe to go ahead
1048 * and write a new random address. The flag will be set back on
1049 * as soon as the SET_ADV_ENABLE HCI command completes.
1050 */
1051 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
1052
a4858cb9 1053 connectable = get_connectable(hdev);
8f2a0601 1054
a4858cb9
JH		 1055 /* Set require_privacy to true only when non-connectable
1056 * advertising is used. In that case it is fine to use a
1057 * non-resolvable private address.
1058 */
1059 if (hci_update_random_address(req, !connectable, &own_addr_type) < 0)
8f2a0601
JH		 1060 return;
1061
41c90c18 1062 memset(&cp, 0, sizeof(cp));
dcf4adbf
JP		 1063 cp.min_interval = cpu_to_le16(0x0800);
1064 cp.max_interval = cpu_to_le16(0x0800);
a4858cb9 1065 cp.type = connectable ? LE_ADV_IND : LE_ADV_NONCONN_IND;
8f2a0601 1066 cp.own_address_type = own_addr_type;
199a2fb1
JH		 1067 cp.channel_map = hdev->le_adv_channel_map;
1068
1069 hci_req_add(req, HCI_OP_LE_SET_ADV_PARAM, sizeof(cp), &cp);
1070
1071 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1072}
1073
1074static void disable_advertising(struct hci_request *req)
1075{
1076 u8 enable = 0x00;
1077
1078 hci_req_add(req, HCI_OP_LE_SET_ADV_ENABLE, sizeof(enable), &enable);
1079}
1080
7d78525d
JH		 1081static void service_cache_off(struct work_struct *work)
1082{
1083 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1084 service_cache.work);
890ea898 1085 struct hci_request req;
7d78525d 1086
a8b2d5c2 1087 if (!test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags))
7d78525d
JH		 1088 return;
1089
890ea898
JH		 1090 hci_req_init(&req, hdev);
1091
7d78525d
JH		 1092 hci_dev_lock(hdev);
1093
890ea898
JH		 1094 update_eir(&req);
1095 update_class(&req);
7d78525d
JH		 1096
1097 hci_dev_unlock(hdev);
890ea898
JH		 1098
1099 hci_req_run(&req, NULL);
7d78525d
JH		 1100}
1101
d6bfd59c
JH		 1102static void rpa_expired(struct work_struct *work)
1103{
1104 struct hci_dev *hdev = container_of(work, struct hci_dev,
1105 rpa_expired.work);
1106 struct hci_request req;
1107
1108 BT_DBG("");
1109
1110 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
1111
1112 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags) ||
1113 hci_conn_num(hdev, LE_LINK) > 0)
1114 return;
1115
1116 /* The generation of a new RPA and programming it into the
1117 * controller happens in the enable_advertising() function.
1118 */
1119
1120 hci_req_init(&req, hdev);
1121
1122 disable_advertising(&req);
1123 enable_advertising(&req);
1124
1125 hci_req_run(&req, NULL);
1126}
1127
6a919082 1128static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1129{
4f87da80 1130 if (test_and_set_bit(HCI_MGMT, &hdev->dev_flags))
6a919082
JH		 1131 return;
1132
4f87da80 1133 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1134 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1135
4f87da80
JH		 1136 /* Non-mgmt controlled devices get this bit set
1137 * implicitly so that pairing works for them, however
1138 * for mgmt we require user-space to explicitly enable
1139 * it
1140 */
1141 clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
7d78525d
JH		 1142}
1143
0f4e68cf 1144static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1145 void *data, u16 data_len)
0381101f 1146{
a38528f1 1147 struct mgmt_rp_read_info rp;
f7b64e69 1148
bdb6d971 1149 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 1150
09fd0de5 1151 hci_dev_lock(hdev);
f7b64e69 1152
dc4fe30b
JH		 1153 memset(&rp, 0, sizeof(rp));
1154
69ab39ea 1155 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1156
69ab39ea 1157 rp.version = hdev->hci_ver;
eb55ef07 1158 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1159
1160 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1161 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1162
a38528f1 1163 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1164
dc4fe30b 1165 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1166 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1167
09fd0de5 1168 hci_dev_unlock(hdev);
0381101f 1169
bdb6d971 1170 return cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
04124681 1171 sizeof(rp));
0381101f
JH		 1172}
1173
eec8d2bc
JH		 1174static void mgmt_pending_free(struct pending_cmd *cmd)
1175{
1176 sock_put(cmd->sk);
c68fb7ff 1177 kfree(cmd->param);
eec8d2bc
JH		 1178 kfree(cmd);
1179}
1180
366a0336 1181static struct pending_cmd *mgmt_pending_add(struct sock *sk, u16 opcode,
04124681
GP		 1182 struct hci_dev *hdev, void *data,
1183 u16 len)
eec8d2bc
JH		 1184{
1185 struct pending_cmd *cmd;
1186
fca20018 1187 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
eec8d2bc 1188 if (!cmd)
366a0336 1189 return NULL;
eec8d2bc
JH		 1190
1191 cmd->opcode = opcode;
2e58ef3e 1192 cmd->index = hdev->id;
eec8d2bc 1193
12b94565 1194 cmd->param = kmalloc(len, GFP_KERNEL);
c68fb7ff 1195 if (!cmd->param) {
eec8d2bc 1196 kfree(cmd);
366a0336 1197 return NULL;
eec8d2bc
JH		 1198 }
1199
8fce6357
SJ		 1200 if (data)
1201 memcpy(cmd->param, data, len);
eec8d2bc
JH		 1202
1203 cmd->sk = sk;
1204 sock_hold(sk);
1205
2e58ef3e 1206 list_add(&cmd->list, &hdev->mgmt_pending);
eec8d2bc 1207
366a0336 1208 return cmd;
eec8d2bc
JH		 1209}
1210
744cf19e 1211static void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev,
8fc9ced3
GP		 1212 void (*cb)(struct pending_cmd *cmd,
1213 void *data),
04124681 1214 void *data)
eec8d2bc 1215{
a3d09356 1216 struct pending_cmd *cmd, *tmp;
eec8d2bc 1217
a3d09356 1218 list_for_each_entry_safe(cmd, tmp, &hdev->mgmt_pending, list) {
b24752fe 1219 if (opcode > 0 && cmd->opcode != opcode)
eec8d2bc
JH		 1220 continue;
1221
eec8d2bc
JH		 1222 cb(cmd, data);
1223 }
1224}
1225
a664b5bc 1226static void mgmt_pending_remove(struct pending_cmd *cmd)
73f22f62 1227{
73f22f62
JH		 1228 list_del(&cmd->list);
1229 mgmt_pending_free(cmd);
1230}
1231
69ab39ea 1232static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1233{
69ab39ea 1234 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1235
aee9b218 1236 return cmd_complete(sk, hdev->id, opcode, 0, &settings,
04124681 1237 sizeof(settings));
8680570b
JH		 1238}
1239
8b064a3a
JH		 1240static void clean_up_hci_complete(struct hci_dev *hdev, u8 status)
1241{
1242 BT_DBG("%s status 0x%02x", hdev->name, status);
1243
a3172b7e
JH		 1244 if (hci_conn_count(hdev) == 0) {
1245 cancel_delayed_work(&hdev->power_off);
8b064a3a 1246 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1247 }
8b064a3a
JH		 1248}
1249
21a60d30
JH		 1250static void hci_stop_discovery(struct hci_request *req)
1251{
1252 struct hci_dev *hdev = req->hdev;
1253 struct hci_cp_remote_name_req_cancel cp;
1254 struct inquiry_entry *e;
1255
1256 switch (hdev->discovery.state) {
1257 case DISCOVERY_FINDING:
1258 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
1259 hci_req_add(req, HCI_OP_INQUIRY_CANCEL, 0, NULL);
1260 } else {
1261 cancel_delayed_work(&hdev->le_scan_disable);
1262 hci_req_add_le_scan_disable(req);
1263 }
1264
1265 break;
1266
1267 case DISCOVERY_RESOLVING:
1268 e = hci_inquiry_cache_lookup_resolve(hdev, BDADDR_ANY,
1269 NAME_PENDING);
1270 if (!e)
1271 return;
1272
1273 bacpy(&cp.bdaddr, &e->data.bdaddr);
1274 hci_req_add(req, HCI_OP_REMOTE_NAME_REQ_CANCEL, sizeof(cp),
1275 &cp);
1276
1277 break;
1278
1279 default:
1280 /* Passive scanning */
1281 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
1282 hci_req_add_le_scan_disable(req);
1283 break;
1284 }
1285}
1286
8b064a3a
JH		 1287static int clean_up_hci_state(struct hci_dev *hdev)
1288{
1289 struct hci_request req;
1290 struct hci_conn *conn;
1291
1292 hci_req_init(&req, hdev);
1293
1294 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1295 test_bit(HCI_PSCAN, &hdev->flags)) {
1296 u8 scan = 0x00;
1297 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1298 }
1299
1300 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
1301 disable_advertising(&req);
1302
f8680f12 1303 hci_stop_discovery(&req);
8b064a3a
JH		 1304
1305 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
1306 struct hci_cp_disconnect dc;
c9910d0f
JH		 1307 struct hci_cp_reject_conn_req rej;
1308
1309 switch (conn->state) {
1310 case BT_CONNECTED:
1311 case BT_CONFIG:
1312 dc.handle = cpu_to_le16(conn->handle);
1313 dc.reason = 0x15; /* Terminated due to Power Off */
1314 hci_req_add(&req, HCI_OP_DISCONNECT, sizeof(dc), &dc);
1315 break;
1316 case BT_CONNECT:
1317 if (conn->type == LE_LINK)
1318 hci_req_add(&req, HCI_OP_LE_CREATE_CONN_CANCEL,
1319 0, NULL);
1320 else if (conn->type == ACL_LINK)
1321 hci_req_add(&req, HCI_OP_CREATE_CONN_CANCEL,
1322 6, &conn->dst);
1323 break;
1324 case BT_CONNECT2:
1325 bacpy(&rej.bdaddr, &conn->dst);
1326 rej.reason = 0x15; /* Terminated due to Power Off */
1327 if (conn->type == ACL_LINK)
1328 hci_req_add(&req, HCI_OP_REJECT_CONN_REQ,
1329 sizeof(rej), &rej);
1330 else if (conn->type == SCO_LINK)
1331 hci_req_add(&req, HCI_OP_REJECT_SYNC_CONN_REQ,
1332 sizeof(rej), &rej);
1333 break;
1334 }
8b064a3a
JH		 1335 }
1336
1337 return hci_req_run(&req, clean_up_hci_complete);
1338}
1339
bdb6d971 1340static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1341 u16 len)
eec8d2bc 1342{
650f726d 1343 struct mgmt_mode *cp = data;
366a0336 1344 struct pending_cmd *cmd;
4b34ee78 1345 int err;
eec8d2bc 1346
bdb6d971 1347 BT_DBG("request for %s", hdev->name);
eec8d2bc 1348
a7e80f25
JH		 1349 if (cp->val != 0x00 && cp->val != 0x01)
1350 return cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1351 MGMT_STATUS_INVALID_PARAMS);
1352
09fd0de5 1353 hci_dev_lock(hdev);
eec8d2bc 1354
87b95ba6
JH		 1355 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev)) {
1356 err = cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1357 MGMT_STATUS_BUSY);
1358 goto failed;
1359 }
1360
f0d4b78a
MH		 1361 if (test_and_clear_bit(HCI_AUTO_OFF, &hdev->dev_flags)) {
1362 cancel_delayed_work(&hdev->power_off);
1363
1364 if (cp->val) {
a1d70450
JH		 1365 mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev,
1366 data, len);
1367 err = mgmt_powered(hdev, 1);
f0d4b78a
MH		 1368 goto failed;
1369 }
1370 }
1371
4b34ee78 1372 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1373 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1374 goto failed;
1375 }
1376
2e58ef3e 1377 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1378 if (!cmd) {
1379 err = -ENOMEM;
eec8d2bc 1380 goto failed;
366a0336 1381 }
eec8d2bc 1382
8b064a3a 1383 if (cp->val) {
19202573 1384 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1385 err = 0;
1386 } else {
1387 /* Disconnect connections, stop scans, etc */
1388 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1389 if (!err)
1390 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1391 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1392
8b064a3a
JH		 1393 /* ENODATA means there were no HCI commands queued */
1394 if (err == -ENODATA) {
a3172b7e 1395 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1396 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1397 err = 0;
1398 }
1399 }
eec8d2bc
JH		 1400
1401failed:
09fd0de5 1402 hci_dev_unlock(hdev);
366a0336 1403 return err;
eec8d2bc
JH		 1404}
1405
beadb2bd
JH		 1406static int new_settings(struct hci_dev *hdev, struct sock *skip)
1407{
1408 __le32 ev;
1409
1410 ev = cpu_to_le32(get_current_settings(hdev));
1411
1412 return mgmt_event(MGMT_EV_NEW_SETTINGS, hdev, &ev, sizeof(ev), skip);
1413}
1414
bd99abdd
JH		 1415struct cmd_lookup {
1416 struct sock *sk;
1417 struct hci_dev *hdev;
1418 u8 mgmt_status;
1419};
1420
1421static void settings_rsp(struct pending_cmd *cmd, void *data)
1422{
1423 struct cmd_lookup *match = data;
1424
1425 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1426
1427 list_del(&cmd->list);
1428
1429 if (match->sk == NULL) {
1430 match->sk = cmd->sk;
1431 sock_hold(match->sk);
1432 }
1433
1434 mgmt_pending_free(cmd);
1435}
1436
1437static void cmd_status_rsp(struct pending_cmd *cmd, void *data)
1438{
1439 u8 *status = data;
1440
1441 cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
1442 mgmt_pending_remove(cmd);
1443}
1444
e6fe7986
JH		 1445static u8 mgmt_bredr_support(struct hci_dev *hdev)
1446{
1447 if (!lmp_bredr_capable(hdev))
1448 return MGMT_STATUS_NOT_SUPPORTED;
1449 else if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1450 return MGMT_STATUS_REJECTED;
1451 else
1452 return MGMT_STATUS_SUCCESS;
1453}
1454
1455static u8 mgmt_le_support(struct hci_dev *hdev)
1456{
1457 if (!lmp_le_capable(hdev))
1458 return MGMT_STATUS_NOT_SUPPORTED;
1459 else if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
1460 return MGMT_STATUS_REJECTED;
1461 else
1462 return MGMT_STATUS_SUCCESS;
1463}
1464
bfaf8c9f
JH		 1465static void set_discoverable_complete(struct hci_dev *hdev, u8 status)
1466{
1467 struct pending_cmd *cmd;
1468 struct mgmt_mode *cp;
970ba524 1469 struct hci_request req;
bfaf8c9f
JH		 1470 bool changed;
1471
1472 BT_DBG("status 0x%02x", status);
1473
1474 hci_dev_lock(hdev);
1475
1476 cmd = mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
1477 if (!cmd)
1478 goto unlock;
1479
1480 if (status) {
1481 u8 mgmt_err = mgmt_status(status);
1482 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
310a3d48 1483 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
bfaf8c9f
JH		 1484 goto remove_cmd;
1485 }
1486
1487 cp = cmd->param;
d4462a07 1488 if (cp->val) {
bfaf8c9f
JH		 1489 changed = !test_and_set_bit(HCI_DISCOVERABLE,
1490 &hdev->dev_flags);
d4462a07
MH		 1491
1492 if (hdev->discov_timeout > 0) {
1493 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1494 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
1495 to);
1496 }
1497 } else {
bfaf8c9f
JH		 1498 changed = test_and_clear_bit(HCI_DISCOVERABLE,
1499 &hdev->dev_flags);
d4462a07 1500 }
bfaf8c9f
JH		 1501
1502 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
1503
1504 if (changed)
1505 new_settings(hdev, cmd->sk);
1506
970ba524
MH		 1507 /* When the discoverable mode gets changed, make sure
1508 * that class of device has the limited discoverable
1509 * bit correctly set.
1510 */
1511 hci_req_init(&req, hdev);
1512 update_class(&req);
1513 hci_req_run(&req, NULL);
1514
bfaf8c9f
JH		 1515remove_cmd:
1516 mgmt_pending_remove(cmd);
1517
1518unlock:
1519 hci_dev_unlock(hdev);
1520}
1521
bdb6d971 1522static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1523 u16 len)
73f22f62 1524{
650f726d 1525 struct mgmt_cp_set_discoverable *cp = data;
366a0336 1526 struct pending_cmd *cmd;
bfaf8c9f 1527 struct hci_request req;
5e5282bb 1528 u16 timeout;
9a43e25f 1529 u8 scan;
73f22f62
JH		 1530 int err;
1531
bdb6d971 1532 BT_DBG("request for %s", hdev->name);
73f22f62 1533
9a43e25f
JH		 1534 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1535 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1536 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
9a43e25f 1537 MGMT_STATUS_REJECTED);
33c525c0 1538
310a3d48 1539 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a7e80f25
JH		 1540 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1541 MGMT_STATUS_INVALID_PARAMS);
1542
1f350c87 1543 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1544
1545 /* Disabling discoverable requires that no timeout is set,
1546 * and enabling limited discoverable requires a timeout.
1547 */
1548 if ((cp->val == 0x00 && timeout > 0) ||
1549 (cp->val == 0x02 && timeout == 0))
bdb6d971 1550 return cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1551 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1552
09fd0de5 1553 hci_dev_lock(hdev);
73f22f62 1554
5e5282bb 1555 if (!hdev_is_powered(hdev) && timeout > 0) {
bdb6d971 1556 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1557 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1558 goto failed;
1559 }
1560
2e58ef3e 1561 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1562 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1563 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1564 MGMT_STATUS_BUSY);
73f22f62
JH		 1565 goto failed;
1566 }
1567
5e5282bb 1568 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags)) {
bdb6d971 1569 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
04124681 1570 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1571 goto failed;
1572 }
1573
1574 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1575 bool changed = false;
1576
310a3d48
MH		 1577 /* Setting limited discoverable when powered off is
1578 * not a valid operation since it requires a timeout
1579 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1580 */
0224d2fa
JH		 1581 if (!!cp->val != test_bit(HCI_DISCOVERABLE, &hdev->dev_flags)) {
1582 change_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1583 changed = true;
1584 }
1585
5e5282bb 1586 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1587 if (err < 0)
1588 goto failed;
1589
1590 if (changed)
1591 err = new_settings(hdev, sk);
1592
5e5282bb
JH		 1593 goto failed;
1594 }
1595
310a3d48
MH		 1596 /* If the current mode is the same, then just update the timeout
1597 * value with the new value. And if only the timeout gets updated,
1598 * then no need for any HCI transactions.
1599 */
1600 if (!!cp->val == test_bit(HCI_DISCOVERABLE, &hdev->dev_flags) &&
1601 (cp->val == 0x02) == test_bit(HCI_LIMITED_DISCOVERABLE,
1602 &hdev->dev_flags)) {
36261547
MH		 1603 cancel_delayed_work(&hdev->discov_off);
1604 hdev->discov_timeout = timeout;
955638ec 1605
36261547
MH		 1606 if (cp->val && hdev->discov_timeout > 0) {
1607 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
955638ec 1608 queue_delayed_work(hdev->workqueue, &hdev->discov_off,
36261547 1609 to);
955638ec
MH		 1610 }
1611
69ab39ea 1612 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1613 goto failed;
1614 }
1615
2e58ef3e 1616 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1617 if (!cmd) {
1618 err = -ENOMEM;
73f22f62 1619 goto failed;
366a0336 1620 }
73f22f62 1621
310a3d48
MH		 1622 /* Cancel any potential discoverable timeout that might be
1623 * still active and store new timeout value. The arming of
1624 * the timeout happens in the complete handler.
1625 */
1626 cancel_delayed_work(&hdev->discov_off);
1627 hdev->discov_timeout = timeout;
1628
b456f87c
JH		 1629 /* Limited discoverable mode */
1630 if (cp->val == 0x02)
1631 set_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1632 else
1633 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1634
bfaf8c9f
JH		 1635 hci_req_init(&req, hdev);
1636
9a43e25f
JH		 1637 /* The procedure for LE-only controllers is much simpler - just
1638 * update the advertising data.
1639 */
1640 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1641 goto update_ad;
1642
73f22f62
JH		 1643 scan = SCAN_PAGE;
1644
310a3d48
MH		 1645 if (cp->val) {
1646 struct hci_cp_write_current_iac_lap hci_cp;
1647
1648 if (cp->val == 0x02) {
1649 /* Limited discoverable mode */
33337dcb 1650 hci_cp.num_iac = min_t(u8, hdev->num_iac, 2);
310a3d48
MH		 1651 hci_cp.iac_lap[0] = 0x00; /* LIAC */
1652 hci_cp.iac_lap[1] = 0x8b;
1653 hci_cp.iac_lap[2] = 0x9e;
1654 hci_cp.iac_lap[3] = 0x33; /* GIAC */
1655 hci_cp.iac_lap[4] = 0x8b;
1656 hci_cp.iac_lap[5] = 0x9e;
1657 } else {
1658 /* General discoverable mode */
310a3d48
MH		 1659 hci_cp.num_iac = 1;
1660 hci_cp.iac_lap[0] = 0x33; /* GIAC */
1661 hci_cp.iac_lap[1] = 0x8b;
1662 hci_cp.iac_lap[2] = 0x9e;
1663 }
1664
1665 hci_req_add(&req, HCI_OP_WRITE_CURRENT_IAC_LAP,
1666 (hci_cp.num_iac * 3) + 1, &hci_cp);
1667
73f22f62 1668 scan |= SCAN_INQUIRY;
310a3d48
MH		 1669 } else {
1670 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1671 }
73f22f62 1672
310a3d48 1673 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, sizeof(scan), &scan);
bfaf8c9f 1674
9a43e25f
JH		 1675update_ad:
1676 update_adv_data(&req);
1677
bfaf8c9f 1678 err = hci_req_run(&req, set_discoverable_complete);
73f22f62 1679 if (err < 0)
a664b5bc 1680 mgmt_pending_remove(cmd);
73f22f62
JH		 1681
1682failed:
09fd0de5 1683 hci_dev_unlock(hdev);
73f22f62
JH		 1684 return err;
1685}
1686
406d7804
JH		 1687static void write_fast_connectable(struct hci_request *req, bool enable)
1688{
bd98b996 1689 struct hci_dev *hdev = req->hdev;
406d7804
JH		 1690 struct hci_cp_write_page_scan_activity acp;
1691 u8 type;
1692
547003b1
JH		 1693 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
1694 return;
1695
4c01f8b8
JH		 1696 if (hdev->hci_ver < BLUETOOTH_VER_1_2)
1697 return;
1698
406d7804
JH		 1699 if (enable) {
1700 type = PAGE_SCAN_TYPE_INTERLACED;
1701
1702 /* 160 msec page scan interval */
dcf4adbf 1703 acp.interval = cpu_to_le16(0x0100);
406d7804
JH		 1704 } else {
1705 type = PAGE_SCAN_TYPE_STANDARD; /* default */
1706
1707 /* default 1.28 sec page scan */
dcf4adbf 1708 acp.interval = cpu_to_le16(0x0800);
406d7804
JH		 1709 }
1710
dcf4adbf 1711 acp.window = cpu_to_le16(0x0012);
406d7804 1712
bd98b996
JH		 1713 if (__cpu_to_le16(hdev->page_scan_interval) != acp.interval ||
1714 __cpu_to_le16(hdev->page_scan_window) != acp.window)
1715 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_ACTIVITY,
1716 sizeof(acp), &acp);
1717
1718 if (hdev->page_scan_type != type)
1719 hci_req_add(req, HCI_OP_WRITE_PAGE_SCAN_TYPE, 1, &type);
406d7804
JH		 1720}
1721
2b76f453
JH		 1722static void set_connectable_complete(struct hci_dev *hdev, u8 status)
1723{
1724 struct pending_cmd *cmd;
d7b856f9
JH		 1725 struct mgmt_mode *cp;
1726 bool changed;
2b76f453
JH		 1727
1728 BT_DBG("status 0x%02x", status);
1729
1730 hci_dev_lock(hdev);
1731
1732 cmd = mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
1733 if (!cmd)
1734 goto unlock;
1735
37438c1f
JH		 1736 if (status) {
1737 u8 mgmt_err = mgmt_status(status);
1738 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
1739 goto remove_cmd;
1740 }
1741
d7b856f9
JH		 1742 cp = cmd->param;
1743 if (cp->val)
1744 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1745 else
1746 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1747
2b76f453
JH		 1748 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
1749
d7b856f9
JH		 1750 if (changed)
1751 new_settings(hdev, cmd->sk);
1752
37438c1f 1753remove_cmd:
2b76f453
JH		 1754 mgmt_pending_remove(cmd);
1755
1756unlock:
1757 hci_dev_unlock(hdev);
1758}
1759
e8ba3a1f
JH		 1760static int set_connectable_update_settings(struct hci_dev *hdev,
1761 struct sock *sk, u8 val)
1762{
1763 bool changed = false;
1764 int err;
1765
1766 if (!!val != test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
1767 changed = true;
1768
1769 if (val) {
1770 set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1771 } else {
1772 clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
1773 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1774 }
1775
1776 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1777 if (err < 0)
1778 return err;
1779
1780 if (changed)
1781 return new_settings(hdev, sk);
1782
1783 return 0;
1784}
1785
bdb6d971 1786static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1787 u16 len)
9fbcbb45 1788{
650f726d 1789 struct mgmt_mode *cp = data;
366a0336 1790 struct pending_cmd *cmd;
2b76f453 1791 struct hci_request req;
1987fdc7 1792 u8 scan;
9fbcbb45
JH		 1793 int err;
1794
bdb6d971 1795 BT_DBG("request for %s", hdev->name);
9fbcbb45 1796
1987fdc7
JH		 1797 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
1798 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
33c525c0 1799 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1987fdc7 1800 MGMT_STATUS_REJECTED);
33c525c0 1801
a7e80f25
JH		 1802 if (cp->val != 0x00 && cp->val != 0x01)
1803 return cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1804 MGMT_STATUS_INVALID_PARAMS);
1805
09fd0de5 1806 hci_dev_lock(hdev);
9fbcbb45 1807
4b34ee78 1808 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1809 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1810 goto failed;
1811 }
1812
2e58ef3e 1813 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
8ce8e2b5 1814 mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
bdb6d971 1815 err = cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
04124681 1816 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1817 goto failed;
1818 }
1819
2e58ef3e 1820 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1821 if (!cmd) {
1822 err = -ENOMEM;
9fbcbb45 1823 goto failed;
366a0336 1824 }
9fbcbb45 1825
9b74246f 1826 hci_req_init(&req, hdev);
9fbcbb45 1827
9a43e25f
JH		 1828 /* If BR/EDR is not enabled and we disable advertising as a
1829 * by-product of disabling connectable, we need to update the
1830 * advertising flags.
1831 */
1832 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
1833 if (!cp->val) {
1834 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
1835 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
1836 }
1837 update_adv_data(&req);
1838 } else if (cp->val != test_bit(HCI_PSCAN, &hdev->flags)) {
9b74246f
JH		 1839 if (cp->val) {
1840 scan = SCAN_PAGE;
1841 } else {
1842 scan = 0;
1843
1844 if (test_bit(HCI_ISCAN, &hdev->flags) &&
8d6083fe 1845 hdev->discov_timeout > 0)
9b74246f
JH		 1846 cancel_delayed_work(&hdev->discov_off);
1847 }
2b76f453 1848
9b74246f
JH		 1849 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1850 }
2b76f453 1851
4c01f8b8
JH		 1852 /* If we're going from non-connectable to connectable or
1853 * vice-versa when fast connectable is enabled ensure that fast
1854 * connectable gets disabled. write_fast_connectable won't do
1855 * anything if the page scan parameters are already what they
1856 * should be.
1857 */
1858 if (cp->val || test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags))
e36a3769
JH		 1859 write_fast_connectable(&req, false);
1860
1987fdc7
JH		 1861 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags) &&
1862 hci_conn_num(hdev, LE_LINK) == 0) {
1863 disable_advertising(&req);
1864 enable_advertising(&req);
1865 }
1866
2b76f453 1867 err = hci_req_run(&req, set_connectable_complete);
9b74246f 1868 if (err < 0) {
a664b5bc 1869 mgmt_pending_remove(cmd);
9b74246f 1870 if (err == -ENODATA)
a81070ba
JH		 1871 err = set_connectable_update_settings(hdev, sk,
1872 cp->val);
9b74246f
JH		 1873 goto failed;
1874 }
9fbcbb45
JH		 1875
1876failed:
09fd0de5 1877 hci_dev_unlock(hdev);
9fbcbb45
JH		 1878 return err;
1879}
1880
bdb6d971 1881static int set_pairable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1882 u16 len)
c542a06c 1883{
650f726d 1884 struct mgmt_mode *cp = data;
55594356 1885 bool changed;
c542a06c
JH		 1886 int err;
1887
bdb6d971 1888 BT_DBG("request for %s", hdev->name);
c542a06c 1889
a7e80f25
JH		 1890 if (cp->val != 0x00 && cp->val != 0x01)
1891 return cmd_status(sk, hdev->id, MGMT_OP_SET_PAIRABLE,
1892 MGMT_STATUS_INVALID_PARAMS);
1893
09fd0de5 1894 hci_dev_lock(hdev);
c542a06c
JH		 1895
1896 if (cp->val)
55594356 1897 changed = !test_and_set_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1898 else
55594356 1899 changed = test_and_clear_bit(HCI_PAIRABLE, &hdev->dev_flags);
c542a06c 1900
69ab39ea 1901 err = send_settings_rsp(sk, MGMT_OP_SET_PAIRABLE, hdev);
c542a06c 1902 if (err < 0)
55594356 1903 goto unlock;
c542a06c 1904
55594356
MH		 1905 if (changed)
1906 err = new_settings(hdev, sk);
c542a06c 1907
55594356 1908unlock:
09fd0de5 1909 hci_dev_unlock(hdev);
c542a06c
JH		 1910 return err;
1911}
1912
04124681
GP		 1913static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1914 u16 len)
33ef95ed
JH		 1915{
1916 struct mgmt_mode *cp = data;
1917 struct pending_cmd *cmd;
e6fe7986 1918 u8 val, status;
33ef95ed
JH		 1919 int err;
1920
bdb6d971 1921 BT_DBG("request for %s", hdev->name);
33ef95ed 1922
e6fe7986
JH		 1923 status = mgmt_bredr_support(hdev);
1924 if (status)
33c525c0 1925 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
e6fe7986 1926 status);
33c525c0 1927
a7e80f25
JH		 1928 if (cp->val != 0x00 && cp->val != 0x01)
1929 return cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1930 MGMT_STATUS_INVALID_PARAMS);
1931
33ef95ed
JH		 1932 hci_dev_lock(hdev);
1933
4b34ee78 1934 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1935 bool changed = false;
1936
1937 if (!!cp->val != test_bit(HCI_LINK_SECURITY,
8ce8e2b5 1938 &hdev->dev_flags)) {
47990ea0
JH		 1939 change_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
1940 changed = true;
1941 }
1942
1943 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1944 if (err < 0)
1945 goto failed;
1946
1947 if (changed)
1948 err = new_settings(hdev, sk);
1949
33ef95ed
JH		 1950 goto failed;
1951 }
1952
1953 if (mgmt_pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
bdb6d971 1954 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
04124681 1955 MGMT_STATUS_BUSY);
33ef95ed
JH		 1956 goto failed;
1957 }
1958
1959 val = !!cp->val;
1960
1961 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1962 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1963 goto failed;
1964 }
1965
1966 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1967 if (!cmd) {
1968 err = -ENOMEM;
1969 goto failed;
1970 }
1971
1972 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1973 if (err < 0) {
1974 mgmt_pending_remove(cmd);
1975 goto failed;
1976 }
1977
1978failed:
1979 hci_dev_unlock(hdev);
33ef95ed
JH		 1980 return err;
1981}
1982
bdb6d971 1983static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1984{
1985 struct mgmt_mode *cp = data;
1986 struct pending_cmd *cmd;
72ef0c1a 1987 u8 status;
ed2c4ee3
JH		 1988 int err;
1989
bdb6d971 1990 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1991
cdba5281
MH		 1992 status = mgmt_bredr_support(hdev);
1993 if (status)
1994 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
1995
13ecd8b6
JH		 1996 if (!lmp_ssp_capable(hdev))
1997 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1998 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1999
a7e80f25
JH		 2000 if (cp->val != 0x00 && cp->val != 0x01)
2001 return cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2002 MGMT_STATUS_INVALID_PARAMS);
2003
13ecd8b6 2004 hci_dev_lock(hdev);
6c8f12c1 2005
4b34ee78 2006 if (!hdev_is_powered(hdev)) {
9ecb3e24 2007 bool changed;
c0ecddc2 2008
9ecb3e24
MH		 2009 if (cp->val) {
2010 changed = !test_and_set_bit(HCI_SSP_ENABLED,
2011 &hdev->dev_flags);
2012 } else {
2013 changed = test_and_clear_bit(HCI_SSP_ENABLED,
2014 &hdev->dev_flags);
2015 if (!changed)
2016 changed = test_and_clear_bit(HCI_HS_ENABLED,
2017 &hdev->dev_flags);
2018 else
2019 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
c0ecddc2
JH		 2020 }
2021
2022 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2023 if (err < 0)
2024 goto failed;
2025
2026 if (changed)
2027 err = new_settings(hdev, sk);
2028
ed2c4ee3
JH		 2029 goto failed;
2030 }
2031
9ecb3e24
MH		 2032 if (mgmt_pending_find(MGMT_OP_SET_SSP, hdev) ||
2033 mgmt_pending_find(MGMT_OP_SET_HS, hdev)) {
d97dcb66
SJ		 2034 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2035 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2036 goto failed;
2037 }
2038
72ef0c1a 2039 if (!!cp->val == test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
ed2c4ee3
JH		 2040 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2041 goto failed;
2042 }
2043
2044 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
2045 if (!cmd) {
2046 err = -ENOMEM;
2047 goto failed;
2048 }
2049
3769972b
JH		 2050 if (!cp->val && test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
2051 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
2052 sizeof(cp->val), &cp->val);
2053
72ef0c1a 2054 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 2055 if (err < 0) {
2056 mgmt_pending_remove(cmd);
2057 goto failed;
2058 }
2059
2060failed:
2061 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2062 return err;
2063}
2064
bdb6d971 2065static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2066{
2067 struct mgmt_mode *cp = data;
ee392693 2068 bool changed;
e6fe7986 2069 u8 status;
ee392693 2070 int err;
6d80dfd0 2071
bdb6d971 2072 BT_DBG("request for %s", hdev->name);
6d80dfd0 2073
e6fe7986
JH		 2074 status = mgmt_bredr_support(hdev);
2075 if (status)
2076 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2077
9ecb3e24
MH		 2078 if (!lmp_ssp_capable(hdev))
2079 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2080 MGMT_STATUS_NOT_SUPPORTED);
2081
2082 if (!test_bit(HCI_SSP_ENABLED, &hdev->dev_flags))
2083 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2084 MGMT_STATUS_REJECTED);
2085
a7e80f25
JH		 2086 if (cp->val != 0x00 && cp->val != 0x01)
2087 return cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2088 MGMT_STATUS_INVALID_PARAMS);
2089
ee392693
MH		 2090 hci_dev_lock(hdev);
2091
a0cdf960 2092 if (cp->val) {
ee392693 2093 changed = !test_and_set_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960
MH		 2094 } else {
2095 if (hdev_is_powered(hdev)) {
2096 err = cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2097 MGMT_STATUS_REJECTED);
2098 goto unlock;
2099 }
2100
ee392693 2101 changed = test_and_clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
a0cdf960 2102 }
ee392693
MH		 2103
2104 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2105 if (err < 0)
2106 goto unlock;
2107
2108 if (changed)
2109 err = new_settings(hdev, sk);
6d80dfd0 2110
ee392693
MH		 2111unlock:
2112 hci_dev_unlock(hdev);
2113 return err;
6d80dfd0
JH		 2114}
2115
416a4ae5
JH		 2116static void le_enable_complete(struct hci_dev *hdev, u8 status)
2117{
2118 struct cmd_lookup match = { NULL, hdev };
2119
2120 if (status) {
2121 u8 mgmt_err = mgmt_status(status);
2122
2123 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
2124 &mgmt_err);
2125 return;
2126 }
2127
2128 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2129
2130 new_settings(hdev, match.sk);
2131
2132 if (match.sk)
2133 sock_put(match.sk);
441ad2d0
MH		 2134
2135 /* Make sure the controller has a good default for
2136 * advertising data. Restrict the update to when LE
2137 * has actually been enabled. During power on, the
2138 * update in powered_update_hci will take care of it.
2139 */
2140 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2141 struct hci_request req;
2142
2143 hci_dev_lock(hdev);
2144
2145 hci_req_init(&req, hdev);
5947f4bc 2146 update_adv_data(&req);
f14d8f64 2147 update_scan_rsp_data(&req);
441ad2d0
MH		 2148 hci_req_run(&req, NULL);
2149
2150 hci_dev_unlock(hdev);
2151 }
416a4ae5
JH		 2152}
2153
bdb6d971 2154static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2155{
2156 struct mgmt_mode *cp = data;
2157 struct hci_cp_write_le_host_supported hci_cp;
2158 struct pending_cmd *cmd;
416a4ae5 2159 struct hci_request req;
06199cf8 2160 int err;
0b60eba1 2161 u8 val, enabled;
06199cf8 2162
bdb6d971 2163 BT_DBG("request for %s", hdev->name);
06199cf8 2164
13ecd8b6
JH		 2165 if (!lmp_le_capable(hdev))
2166 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2167 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2168
a7e80f25
JH		 2169 if (cp->val != 0x00 && cp->val != 0x01)
2170 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2171 MGMT_STATUS_INVALID_PARAMS);
2172
c73eee91 2173 /* LE-only devices do not allow toggling LE on/off */
56f87901 2174 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
c73eee91
JH		 2175 return cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2176 MGMT_STATUS_REJECTED);
2177
13ecd8b6 2178 hci_dev_lock(hdev);
06199cf8
JH		 2179
2180 val = !!cp->val;
ffa88e02 2181 enabled = lmp_host_le_capable(hdev);
06199cf8 2182
0b60eba1 2183 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2184 bool changed = false;
2185
2186 if (val != test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
2187 change_bit(HCI_LE_ENABLED, &hdev->dev_flags);
2188 changed = true;
2189 }
2190
f3d3444a
JH		 2191 if (!val && test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
2192 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
eeca6f89
JH		 2193 changed = true;
2194 }
2195
06199cf8
JH		 2196 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2197 if (err < 0)
1de028ce 2198 goto unlock;
06199cf8
JH		 2199
2200 if (changed)
2201 err = new_settings(hdev, sk);
2202
1de028ce 2203 goto unlock;
06199cf8
JH		 2204 }
2205
4375f103
JH		 2206 if (mgmt_pending_find(MGMT_OP_SET_LE, hdev) ||
2207 mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
bdb6d971 2208 err = cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
04124681 2209 MGMT_STATUS_BUSY);
1de028ce 2210 goto unlock;
06199cf8
JH		 2211 }
2212
2213 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2214 if (!cmd) {
2215 err = -ENOMEM;
1de028ce 2216 goto unlock;
06199cf8
JH		 2217 }
2218
441ad2d0
MH		 2219 hci_req_init(&req, hdev);
2220
06199cf8
JH		 2221 memset(&hci_cp, 0, sizeof(hci_cp));
2222
2223 if (val) {
2224 hci_cp.le = val;
ffa88e02 2225 hci_cp.simul = lmp_le_br_capable(hdev);
441ad2d0
MH		 2226 } else {
2227 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
2228 disable_advertising(&req);
06199cf8
JH		 2229 }
2230
416a4ae5
JH		 2231 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2232 &hci_cp);
2233
2234 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2235 if (err < 0)
06199cf8 2236 mgmt_pending_remove(cmd);
06199cf8 2237
1de028ce
JH		 2238unlock:
2239 hci_dev_unlock(hdev);
06199cf8
JH		 2240 return err;
2241}
2242
0cab9c80
JH		 2243/* This is a helper function to test for pending mgmt commands that can
2244 * cause CoD or EIR HCI commands. We can only allow one such pending
2245 * mgmt command at a time since otherwise we cannot easily track what
2246 * the current values are, will be, and based on that calculate if a new
2247 * HCI command needs to be sent and if yes with what value.
2248 */
2249static bool pending_eir_or_class(struct hci_dev *hdev)
2250{
2251 struct pending_cmd *cmd;
2252
2253 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2254 switch (cmd->opcode) {
2255 case MGMT_OP_ADD_UUID:
2256 case MGMT_OP_REMOVE_UUID:
2257 case MGMT_OP_SET_DEV_CLASS:
2258 case MGMT_OP_SET_POWERED:
2259 return true;
2260 }
2261 }
2262
2263 return false;
2264}
2265
83be8eca
JH		 2266static const u8 bluetooth_base_uuid[] = {
2267 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2268 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2269};
2270
2271static u8 get_uuid_size(const u8 *uuid)
2272{
2273 u32 val;
2274
2275 if (memcmp(uuid, bluetooth_base_uuid, 12))
2276 return 128;
2277
2278 val = get_unaligned_le32(&uuid[12]);
2279 if (val > 0xffff)
2280 return 32;
2281
2282 return 16;
2283}
2284
92da6097
JH		 2285static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2286{
2287 struct pending_cmd *cmd;
2288
2289 hci_dev_lock(hdev);
2290
2291 cmd = mgmt_pending_find(mgmt_op, hdev);
2292 if (!cmd)
2293 goto unlock;
2294
2295 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
2296 hdev->dev_class, 3);
2297
2298 mgmt_pending_remove(cmd);
2299
2300unlock:
2301 hci_dev_unlock(hdev);
2302}
2303
2304static void add_uuid_complete(struct hci_dev *hdev, u8 status)
2305{
2306 BT_DBG("status 0x%02x", status);
2307
2308 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2309}
2310
bdb6d971 2311static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2312{
650f726d 2313 struct mgmt_cp_add_uuid *cp = data;
90e70454 2314 struct pending_cmd *cmd;
890ea898 2315 struct hci_request req;
2aeb9a1a 2316 struct bt_uuid *uuid;
2aeb9a1a
JH		 2317 int err;
2318
bdb6d971 2319 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2320
09fd0de5 2321 hci_dev_lock(hdev);
2aeb9a1a 2322
0cab9c80 2323 if (pending_eir_or_class(hdev)) {
bdb6d971 2324 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
04124681 2325 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2326 goto failed;
2327 }
2328
92c4c204 2329 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2330 if (!uuid) {
2331 err = -ENOMEM;
2332 goto failed;
2333 }
2334
2335 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2336 uuid->svc_hint = cp->svc_hint;
83be8eca 2337 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2338
de66aa63 2339 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2340
890ea898 2341 hci_req_init(&req, hdev);
1aff6f09 2342
890ea898
JH		 2343 update_class(&req);
2344 update_eir(&req);
2345
92da6097
JH		 2346 err = hci_req_run(&req, add_uuid_complete);
2347 if (err < 0) {
2348 if (err != -ENODATA)
2349 goto failed;
80a1e1db 2350
bdb6d971 2351 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
04124681 2352 hdev->dev_class, 3);
90e70454
JH		 2353 goto failed;
2354 }
2355
2356 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2357 if (!cmd) {
90e70454 2358 err = -ENOMEM;
890ea898
JH		 2359 goto failed;
2360 }
2361
2362 err = 0;
2aeb9a1a
JH		 2363
2364failed:
09fd0de5 2365 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2366 return err;
2367}
2368
24b78d0f
JH		 2369static bool enable_service_cache(struct hci_dev *hdev)
2370{
2371 if (!hdev_is_powered(hdev))
2372 return false;
2373
2374 if (!test_and_set_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
46818ed5
JH		 2375 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2376 CACHE_TIMEOUT);
24b78d0f
JH		 2377 return true;
2378 }
2379
2380 return false;
2381}
2382
92da6097
JH		 2383static void remove_uuid_complete(struct hci_dev *hdev, u8 status)
2384{
2385 BT_DBG("status 0x%02x", status);
2386
2387 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2388}
2389
bdb6d971 2390static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2391 u16 len)
2aeb9a1a 2392{
650f726d 2393 struct mgmt_cp_remove_uuid *cp = data;
90e70454 2394 struct pending_cmd *cmd;
056341c8 2395 struct bt_uuid *match, *tmp;
2aeb9a1a 2396 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2397 struct hci_request req;
2aeb9a1a
JH		 2398 int err, found;
2399
bdb6d971 2400 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2401
09fd0de5 2402 hci_dev_lock(hdev);
2aeb9a1a 2403
0cab9c80 2404 if (pending_eir_or_class(hdev)) {
bdb6d971 2405 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2406 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2407 goto unlock;
2408 }
2409
2aeb9a1a 2410 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2411 hci_uuids_clear(hdev);
4004b6d9 2412
24b78d0f 2413 if (enable_service_cache(hdev)) {
bdb6d971 2414 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2415 0, hdev->dev_class, 3);
24b78d0f
JH		 2416 goto unlock;
2417 }
4004b6d9 2418
9246a869 2419 goto update_class;
2aeb9a1a
JH		 2420 }
2421
2422 found = 0;
2423
056341c8 2424 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2425 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2426 continue;
2427
2428 list_del(&match->list);
482049f7 2429 kfree(match);
2aeb9a1a
JH		 2430 found++;
2431 }
2432
2433 if (found == 0) {
bdb6d971 2434 err = cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
04124681 2435 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2436 goto unlock;
2437 }
2438
9246a869 2439update_class:
890ea898 2440 hci_req_init(&req, hdev);
1aff6f09 2441
890ea898
JH		 2442 update_class(&req);
2443 update_eir(&req);
2444
92da6097
JH		 2445 err = hci_req_run(&req, remove_uuid_complete);
2446 if (err < 0) {
2447 if (err != -ENODATA)
2448 goto unlock;
80a1e1db 2449
bdb6d971 2450 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
04124681 2451 hdev->dev_class, 3);
90e70454
JH		 2452 goto unlock;
2453 }
2454
2455 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2456 if (!cmd) {
90e70454 2457 err = -ENOMEM;
890ea898
JH		 2458 goto unlock;
2459 }
2460
2461 err = 0;
2aeb9a1a
JH		 2462
2463unlock:
09fd0de5 2464 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2465 return err;
2466}
2467
92da6097
JH		 2468static void set_class_complete(struct hci_dev *hdev, u8 status)
2469{
2470 BT_DBG("status 0x%02x", status);
2471
2472 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2473}
2474
bdb6d971 2475static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2476 u16 len)
1aff6f09 2477{
650f726d 2478 struct mgmt_cp_set_dev_class *cp = data;
90e70454 2479 struct pending_cmd *cmd;
890ea898 2480 struct hci_request req;
1aff6f09
JH		 2481 int err;
2482
bdb6d971 2483 BT_DBG("request for %s", hdev->name);
1aff6f09 2484
6203fc98 2485 if (!lmp_bredr_capable(hdev))
13ecd8b6
JH		 2486 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2487 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2488
0cab9c80 2489 hci_dev_lock(hdev);
ee98f473 2490
0cab9c80
JH		 2491 if (pending_eir_or_class(hdev)) {
2492 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2493 MGMT_STATUS_BUSY);
2494 goto unlock;
2495 }
c95f0ba7 2496
0cab9c80
JH		 2497 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
2498 err = cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2499 MGMT_STATUS_INVALID_PARAMS);
2500 goto unlock;
2501 }
575b3a02 2502
932f5ff5
JH		 2503 hdev->major_class = cp->major;
2504 hdev->minor_class = cp->minor;
2505
b5235a65 2506 if (!hdev_is_powered(hdev)) {
bdb6d971 2507 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2508 hdev->dev_class, 3);
b5235a65
JH		 2509 goto unlock;
2510 }
2511
890ea898
JH		 2512 hci_req_init(&req, hdev);
2513
a8b2d5c2 2514 if (test_and_clear_bit(HCI_SERVICE_CACHE, &hdev->dev_flags)) {
7d78525d
JH		 2515 hci_dev_unlock(hdev);
2516 cancel_delayed_work_sync(&hdev->service_cache);
2517 hci_dev_lock(hdev);
890ea898 2518 update_eir(&req);
7d78525d 2519 }
14c0b608 2520
890ea898
JH		 2521 update_class(&req);
2522
92da6097
JH		 2523 err = hci_req_run(&req, set_class_complete);
2524 if (err < 0) {
2525 if (err != -ENODATA)
2526 goto unlock;
1aff6f09 2527
bdb6d971 2528 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
04124681 2529 hdev->dev_class, 3);
90e70454
JH		 2530 goto unlock;
2531 }
2532
2533 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2534 if (!cmd) {
90e70454 2535 err = -ENOMEM;
890ea898
JH		 2536 goto unlock;
2537 }
2538
2539 err = 0;
1aff6f09 2540
b5235a65 2541unlock:
09fd0de5 2542 hci_dev_unlock(hdev);
1aff6f09
JH		 2543 return err;
2544}
2545
bdb6d971 2546static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2547 u16 len)
55ed8ca1 2548{
650f726d 2549 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2550 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2551 sizeof(struct mgmt_link_key_info));
4e51eae9 2552 u16 key_count, expected_len;
b1de97d8 2553 bool changed;
a492cd52 2554 int i;
55ed8ca1 2555
9060d5cf
MH		 2556 BT_DBG("request for %s", hdev->name);
2557
2558 if (!lmp_bredr_capable(hdev))
2559 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2560 MGMT_STATUS_NOT_SUPPORTED);
2561
1f350c87 2562 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 2563 if (key_count > max_key_count) {
2564 BT_ERR("load_link_keys: too big key_count value %u",
2565 key_count);
2566 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2567 MGMT_STATUS_INVALID_PARAMS);
2568 }
55ed8ca1 2569
86742e1e
JH		 2570 expected_len = sizeof(*cp) + key_count *
2571 sizeof(struct mgmt_link_key_info);
a492cd52 2572 if (expected_len != len) {
86742e1e 2573 BT_ERR("load_link_keys: expected %u bytes, got %u bytes",
2606ecbc 2574 expected_len, len);
bdb6d971 2575 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
04124681 2576 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2577 }
2578
4ae14301
JH		 2579 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
2580 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2581 MGMT_STATUS_INVALID_PARAMS);
2582
bdb6d971 2583 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2584 key_count);
55ed8ca1 2585
4ee71b20
JH		 2586 for (i = 0; i < key_count; i++) {
2587 struct mgmt_link_key_info *key = &cp->keys[i];
2588
8e991132 2589 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
4ee71b20
JH		 2590 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2591 MGMT_STATUS_INVALID_PARAMS);
2592 }
2593
09fd0de5 2594 hci_dev_lock(hdev);
55ed8ca1
JH		 2595
2596 hci_link_keys_clear(hdev);
2597
55ed8ca1 2598 if (cp->debug_keys)
0663b297
JH		 2599 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
2600 &hdev->dev_flags);
55ed8ca1 2601 else
0663b297
JH		 2602 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
2603 &hdev->dev_flags);
b1de97d8
MH		 2604
2605 if (changed)
2606 new_settings(hdev, NULL);
55ed8ca1 2607
a492cd52 2608 for (i = 0; i < key_count; i++) {
86742e1e 2609 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2610
58e9293c
JH		 2611 /* Always ignore debug keys and require a new pairing if
2612 * the user wants to use them.
2613 */
2614 if (key->type == HCI_LK_DEBUG_COMBINATION)
2615 continue;
2616
7652ff6a
JH		 2617 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2618 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2619 }
2620
bdb6d971 2621 cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2622
09fd0de5 2623 hci_dev_unlock(hdev);
55ed8ca1 2624
a492cd52 2625 return 0;
55ed8ca1
JH		 2626}
2627
b1078ad0 2628static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2629 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2630{
2631 struct mgmt_ev_device_unpaired ev;
2632
2633 bacpy(&ev.addr.bdaddr, bdaddr);
2634 ev.addr.type = addr_type;
2635
2636 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2637 skip_sk);
b1078ad0
JH		 2638}
2639
bdb6d971 2640static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2641 u16 len)
55ed8ca1 2642{
124f6e35
JH		 2643 struct mgmt_cp_unpair_device *cp = data;
2644 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 2645 struct hci_cp_disconnect dc;
2646 struct pending_cmd *cmd;
55ed8ca1 2647 struct hci_conn *conn;
55ed8ca1
JH		 2648 int err;
2649
a8a1d19e 2650 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2651 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2652 rp.addr.type = cp->addr.type;
a8a1d19e 2653
4ee71b20
JH		 2654 if (!bdaddr_type_is_valid(cp->addr.type))
2655 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2656 MGMT_STATUS_INVALID_PARAMS,
2657 &rp, sizeof(rp));
2658
118da70b
JH		 2659 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2660 return cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2661 MGMT_STATUS_INVALID_PARAMS,
2662 &rp, sizeof(rp));
2663
4ee71b20
JH		 2664 hci_dev_lock(hdev);
2665
86a8cfc6 2666 if (!hdev_is_powered(hdev)) {
bdb6d971 2667 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2668 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
86a8cfc6
JH		 2669 goto unlock;
2670 }
2671
e0b2b27e 2672 if (cp->addr.type == BDADDR_BREDR) {
124f6e35 2673 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
e0b2b27e
JH		 2674 } else {
2675 u8 addr_type;
2676
2677 if (cp->addr.type == BDADDR_LE_PUBLIC)
2678 addr_type = ADDR_LE_DEV_PUBLIC;
2679 else
2680 addr_type = ADDR_LE_DEV_RANDOM;
2681
a7ec7338
JH		 2682 hci_remove_irk(hdev, &cp->addr.bdaddr, addr_type);
2683
a9b0a04c
AG		 2684 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2685
e0b2b27e
JH		 2686 err = hci_remove_ltk(hdev, &cp->addr.bdaddr, addr_type);
2687 }
b0dbfb46 2688
55ed8ca1 2689 if (err < 0) {
bdb6d971 2690 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
04124681 2691 MGMT_STATUS_NOT_PAIRED, &rp, sizeof(rp));
55ed8ca1
JH		 2692 goto unlock;
2693 }
2694
86a8cfc6 2695 if (cp->disconnect) {
591f47f3 2696 if (cp->addr.type == BDADDR_BREDR)
86a8cfc6 2697 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
8ce8e2b5 2698 &cp->addr.bdaddr);
86a8cfc6
JH		 2699 else
2700 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK,
8ce8e2b5 2701 &cp->addr.bdaddr);
86a8cfc6
JH		 2702 } else {
2703 conn = NULL;
2704 }
124f6e35 2705
a8a1d19e 2706 if (!conn) {
bdb6d971 2707 err = cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
04124681 2708 &rp, sizeof(rp));
b1078ad0 2709 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2710 goto unlock;
2711 }
55ed8ca1 2712
124f6e35 2713 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2714 sizeof(*cp));
a8a1d19e
JH		 2715 if (!cmd) {
2716 err = -ENOMEM;
2717 goto unlock;
55ed8ca1
JH		 2718 }
2719
eb55ef07 2720 dc.handle = cpu_to_le16(conn->handle);
a8a1d19e
JH		 2721 dc.reason = 0x13; /* Remote User Terminated Connection */
2722 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2723 if (err < 0)
2724 mgmt_pending_remove(cmd);
2725
55ed8ca1 2726unlock:
09fd0de5 2727 hci_dev_unlock(hdev);
55ed8ca1
JH		 2728 return err;
2729}
2730
bdb6d971 2731static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2732 u16 len)
8962ee74 2733{
650f726d 2734 struct mgmt_cp_disconnect *cp = data;
06a63b19 2735 struct mgmt_rp_disconnect rp;
8962ee74 2736 struct hci_cp_disconnect dc;
366a0336 2737 struct pending_cmd *cmd;
8962ee74 2738 struct hci_conn *conn;
8962ee74
JH		 2739 int err;
2740
2741 BT_DBG("");
2742
06a63b19
JH		 2743 memset(&rp, 0, sizeof(rp));
2744 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2745 rp.addr.type = cp->addr.type;
2746
4ee71b20 2747 if (!bdaddr_type_is_valid(cp->addr.type))
06a63b19
JH		 2748 return cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2749 MGMT_STATUS_INVALID_PARAMS,
2750 &rp, sizeof(rp));
4ee71b20 2751
09fd0de5 2752 hci_dev_lock(hdev);
8962ee74
JH		 2753
2754 if (!test_bit(HCI_UP, &hdev->flags)) {
06a63b19
JH		 2755 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2756 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
8962ee74
JH		 2757 goto failed;
2758 }
2759
2e58ef3e 2760 if (mgmt_pending_find(MGMT_OP_DISCONNECT, hdev)) {
06a63b19
JH		 2761 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2762 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2763 goto failed;
2764 }
2765
591f47f3 2766 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2767 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2768 &cp->addr.bdaddr);
88c3df13
JH		 2769 else
2770 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
365227e5 2771
f960727e 2772 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
06a63b19
JH		 2773 err = cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2774 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
8962ee74
JH		 2775 goto failed;
2776 }
2777
2e58ef3e 2778 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2779 if (!cmd) {
2780 err = -ENOMEM;
8962ee74 2781 goto failed;
366a0336 2782 }
8962ee74 2783
eb55ef07 2784 dc.handle = cpu_to_le16(conn->handle);
3701f944 2785 dc.reason = HCI_ERROR_REMOTE_USER_TERM;
8962ee74
JH		 2786
2787 err = hci_send_cmd(hdev, HCI_OP_DISCONNECT, sizeof(dc), &dc);
2788 if (err < 0)
a664b5bc 2789 mgmt_pending_remove(cmd);
8962ee74
JH		 2790
2791failed:
09fd0de5 2792 hci_dev_unlock(hdev);
8962ee74
JH		 2793 return err;
2794}
2795
57c1477c 2796static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2797{
2798 switch (link_type) {
2799 case LE_LINK:
48264f06
JH		 2800 switch (addr_type) {
2801 case ADDR_LE_DEV_PUBLIC:
591f47f3 2802 return BDADDR_LE_PUBLIC;
0ed09148 2803
48264f06 2804 default:
0ed09148 2805 /* Fallback to LE Random address type */
591f47f3 2806 return BDADDR_LE_RANDOM;
48264f06 2807 }
0ed09148 2808
4c659c39 2809 default:
0ed09148 2810 /* Fallback to BR/EDR type */
591f47f3 2811 return BDADDR_BREDR;
4c659c39
JH		 2812 }
2813}
2814
04124681
GP		 2815static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2816 u16 data_len)
2784eb41 2817{
2784eb41 2818 struct mgmt_rp_get_connections *rp;
8035ded4 2819 struct hci_conn *c;
a38528f1 2820 size_t rp_len;
60fc5fb6
JH		 2821 int err;
2822 u16 i;
2784eb41
JH		 2823
2824 BT_DBG("");
2825
09fd0de5 2826 hci_dev_lock(hdev);
2784eb41 2827
5f97c1df 2828 if (!hdev_is_powered(hdev)) {
bdb6d971 2829 err = cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
04124681 2830 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2831 goto unlock;
2832 }
2833
60fc5fb6 2834 i = 0;
b644ba33
JH		 2835 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2836 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2837 i++;
2784eb41
JH		 2838 }
2839
60fc5fb6 2840 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2841 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2842 if (!rp) {
2784eb41
JH		 2843 err = -ENOMEM;
2844 goto unlock;
2845 }
2846
2784eb41 2847 i = 0;
4c659c39 2848 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2849 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2850 continue;
4c659c39 2851 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2852 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2853 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2854 continue;
2855 i++;
2856 }
2857
eb55ef07 2858 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2859
4c659c39
JH		 2860 /* Recalculate length in case of filtered SCO connections, etc */
2861 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2862
bdb6d971 2863 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
04124681 2864 rp_len);
2784eb41 2865
a38528f1 2866 kfree(rp);
5f97c1df
JH		 2867
2868unlock:
09fd0de5 2869 hci_dev_unlock(hdev);
2784eb41
JH		 2870 return err;
2871}
2872
bdb6d971 2873static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2874 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67
WR		 2875{
2876 struct pending_cmd *cmd;
2877 int err;
2878
2e58ef3e 2879 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2880 sizeof(*cp));
96d97a67
WR		 2881 if (!cmd)
2882 return -ENOMEM;
2883
d8457698 2884 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2885 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2886 if (err < 0)
2887 mgmt_pending_remove(cmd);
2888
2889 return err;
2890}
2891
bdb6d971 2892static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2893 u16 len)
980e1a53 2894{
96d97a67 2895 struct hci_conn *conn;
650f726d 2896 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2897 struct hci_cp_pin_code_reply reply;
366a0336 2898 struct pending_cmd *cmd;
980e1a53
JH		 2899 int err;
2900
2901 BT_DBG("");
2902
09fd0de5 2903 hci_dev_lock(hdev);
980e1a53 2904
4b34ee78 2905 if (!hdev_is_powered(hdev)) {
bdb6d971 2906 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2907 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2908 goto failed;
2909 }
2910
d8457698 2911 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2912 if (!conn) {
bdb6d971 2913 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2914 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2915 goto failed;
2916 }
2917
2918 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2919 struct mgmt_cp_pin_code_neg_reply ncp;
2920
2921 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67
WR		 2922
2923 BT_ERR("PIN code is not 16 bytes long");
2924
bdb6d971 2925 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2926 if (err >= 0)
bdb6d971 2927 err = cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
04124681 2928 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2929
2930 goto failed;
2931 }
2932
00abfe44 2933 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2934 if (!cmd) {
2935 err = -ENOMEM;
980e1a53 2936 goto failed;
366a0336 2937 }
980e1a53 2938
d8457698 2939 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2940 reply.pin_len = cp->pin_len;
24718ca5 2941 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2942
2943 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2944 if (err < 0)
a664b5bc 2945 mgmt_pending_remove(cmd);
980e1a53
JH		 2946
2947failed:
09fd0de5 2948 hci_dev_unlock(hdev);
980e1a53
JH		 2949 return err;
2950}
2951
04124681
GP		 2952static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2953 u16 len)
17fa4b9d 2954{
650f726d 2955 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2956
2957 BT_DBG("");
2958
4ec86d4c
JH		 2959 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
2960 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2961 MGMT_STATUS_INVALID_PARAMS, NULL, 0);
2962
09fd0de5 2963 hci_dev_lock(hdev);
17fa4b9d
JH		 2964
2965 hdev->io_capability = cp->io_capability;
2966
2967 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2968 hdev->io_capability);
17fa4b9d 2969
09fd0de5 2970 hci_dev_unlock(hdev);
17fa4b9d 2971
04124681
GP		 2972 return cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0, NULL,
2973 0);
17fa4b9d
JH		 2974}
2975
6039aa73 2976static struct pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2977{
2978 struct hci_dev *hdev = conn->hdev;
8035ded4 2979 struct pending_cmd *cmd;
e9a416b5 2980
2e58ef3e 2981 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2982 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2983 continue;
2984
e9a416b5
JH		 2985 if (cmd->user_data != conn)
2986 continue;
2987
2988 return cmd;
2989 }
2990
2991 return NULL;
2992}
2993
2994static void pairing_complete(struct pending_cmd *cmd, u8 status)
2995{
2996 struct mgmt_rp_pair_device rp;
2997 struct hci_conn *conn = cmd->user_data;
2998
61b1a7fb
JH		 2999 bacpy(&rp.addr.bdaddr, &conn->dst);
3000 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3001
aee9b218 3002 cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE, status,
04124681 3003 &rp, sizeof(rp));
e9a416b5
JH		 3004
3005 /* So we don't get further callbacks for this connection */
3006 conn->connect_cfm_cb = NULL;
3007 conn->security_cfm_cb = NULL;
3008 conn->disconn_cfm_cb = NULL;
3009
76a68ba0 3010 hci_conn_drop(conn);
e9a416b5 3011
a664b5bc 3012 mgmt_pending_remove(cmd);
e9a416b5
JH		 3013}
3014
f4a407be
JH		 3015void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3016{
3017 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3018 struct pending_cmd *cmd;
3019
3020 cmd = find_pairing(conn);
3021 if (cmd)
3022 pairing_complete(cmd, status);
3023}
3024
e9a416b5
JH		 3025static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3026{
3027 struct pending_cmd *cmd;
3028
3029 BT_DBG("status %u", status);
3030
3031 cmd = find_pairing(conn);
56e5cb86 3032 if (!cmd)
e9a416b5 3033 BT_DBG("Unable to find a pending command");
56e5cb86 3034 else
e211326c 3035 pairing_complete(cmd, mgmt_status(status));
e9a416b5
JH		 3036}
3037
f4a407be 3038static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739
VA		 3039{
3040 struct pending_cmd *cmd;
3041
3042 BT_DBG("status %u", status);
3043
3044 if (!status)
3045 return;
3046
3047 cmd = find_pairing(conn);
3048 if (!cmd)
3049 BT_DBG("Unable to find a pending command");
3050 else
3051 pairing_complete(cmd, mgmt_status(status));
3052}
3053
bdb6d971 3054static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3055 u16 len)
e9a416b5 3056{
650f726d 3057 struct mgmt_cp_pair_device *cp = data;
1425acb7 3058 struct mgmt_rp_pair_device rp;
e9a416b5
JH		 3059 struct pending_cmd *cmd;
3060 u8 sec_level, auth_type;
3061 struct hci_conn *conn;
e9a416b5
JH		 3062 int err;
3063
3064 BT_DBG("");
3065
f950a30e
SJ		 3066 memset(&rp, 0, sizeof(rp));
3067 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3068 rp.addr.type = cp->addr.type;
3069
4ee71b20
JH		 3070 if (!bdaddr_type_is_valid(cp->addr.type))
3071 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3072 MGMT_STATUS_INVALID_PARAMS,
3073 &rp, sizeof(rp));
3074
4ec86d4c
JH		 3075 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
3076 return cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3077 MGMT_STATUS_INVALID_PARAMS,
3078 &rp, sizeof(rp));
3079
09fd0de5 3080 hci_dev_lock(hdev);
e9a416b5 3081
5f97c1df 3082 if (!hdev_is_powered(hdev)) {
f950a30e
SJ		 3083 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3084 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5f97c1df
JH		 3085 goto unlock;
3086 }
3087
c908df36 3088 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3089 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3090
6f77d8c7 3091 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 3092 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
3093 auth_type);
6f77d8c7
AG		 3094 } else {
3095 u8 addr_type;
3096
3097 /* Convert from L2CAP channel address type to HCI address type
3098 */
3099 if (cp->addr.type == BDADDR_LE_PUBLIC)
3100 addr_type = ADDR_LE_DEV_PUBLIC;
3101 else
3102 addr_type = ADDR_LE_DEV_RANDOM;
3103
7c264b10
MH		 3104 /* When pairing a new device, it is expected to remember
3105 * this device for future connections. Adding the connection
3106 * parameter information ahead of time allows tracking
3107 * of the slave preferred values and will speed up any
3108 * further connection establishment.
3109 *
3110 * If connection parameters already exist, then they
3111 * will be kept and this function does nothing.
3112 */
3113 hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3114
6f77d8c7 3115 conn = hci_connect_le(hdev, &cp->addr.bdaddr, addr_type,
04a6c589 3116 sec_level, auth_type);
6f77d8c7 3117 }
7a512d01 3118
30e76272 3119 if (IS_ERR(conn)) {
489dc48e
AK		 3120 int status;
3121
3122 if (PTR_ERR(conn) == -EBUSY)
3123 status = MGMT_STATUS_BUSY;
3124 else
3125 status = MGMT_STATUS_CONNECT_FAILED;
3126
bdb6d971 3127 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
489dc48e 3128 status, &rp,
04124681 3129 sizeof(rp));
e9a416b5
JH		 3130 goto unlock;
3131 }
3132
3133 if (conn->connect_cfm_cb) {
76a68ba0 3134 hci_conn_drop(conn);
bdb6d971 3135 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
04124681 3136 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3137 goto unlock;
3138 }
3139
2e58ef3e 3140 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3141 if (!cmd) {
3142 err = -ENOMEM;
76a68ba0 3143 hci_conn_drop(conn);
e9a416b5
JH		 3144 goto unlock;
3145 }
3146
7a512d01 3147 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3148 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3149 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3150 conn->security_cfm_cb = pairing_complete_cb;
3151 conn->disconn_cfm_cb = pairing_complete_cb;
3152 } else {
3153 conn->connect_cfm_cb = le_pairing_complete_cb;
3154 conn->security_cfm_cb = le_pairing_complete_cb;
3155 conn->disconn_cfm_cb = le_pairing_complete_cb;
3156 }
7a512d01 3157
e9a416b5
JH		 3158 conn->io_capability = cp->io_cap;
3159 cmd->user_data = conn;
3160
3161 if (conn->state == BT_CONNECTED &&
8ce8e2b5 3162 hci_conn_security(conn, sec_level, auth_type))
e9a416b5
JH		 3163 pairing_complete(cmd, 0);
3164
3165 err = 0;
3166
3167unlock:
09fd0de5 3168 hci_dev_unlock(hdev);
e9a416b5
JH		 3169 return err;
3170}
3171
04124681
GP		 3172static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3173 u16 len)
28424707 3174{
0f4e68cf 3175 struct mgmt_addr_info *addr = data;
28424707
JH		 3176 struct pending_cmd *cmd;
3177 struct hci_conn *conn;
3178 int err;
3179
3180 BT_DBG("");
3181
28424707
JH		 3182 hci_dev_lock(hdev);
3183
5f97c1df 3184 if (!hdev_is_powered(hdev)) {
bdb6d971 3185 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3186 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3187 goto unlock;
3188 }
3189
28424707
JH		 3190 cmd = mgmt_pending_find(MGMT_OP_PAIR_DEVICE, hdev);
3191 if (!cmd) {
bdb6d971 3192 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3193 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3194 goto unlock;
3195 }
3196
3197 conn = cmd->user_data;
3198
3199 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
bdb6d971 3200 err = cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
04124681 3201 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3202 goto unlock;
3203 }
3204
3205 pairing_complete(cmd, MGMT_STATUS_CANCELLED);
3206
bdb6d971 3207 err = cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
04124681 3208 addr, sizeof(*addr));
28424707
JH		 3209unlock:
3210 hci_dev_unlock(hdev);
28424707
JH		 3211 return err;
3212}
3213
bdb6d971 3214static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3215 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3216 u16 hci_op, __le32 passkey)
a5c29683 3217{
a5c29683 3218 struct pending_cmd *cmd;
0df4c185 3219 struct hci_conn *conn;
a5c29683
JH		 3220 int err;
3221
09fd0de5 3222 hci_dev_lock(hdev);
08ba5382 3223
4b34ee78 3224 if (!hdev_is_powered(hdev)) {
feb94d3d
JH		 3225 err = cmd_complete(sk, hdev->id, mgmt_op,
3226 MGMT_STATUS_NOT_POWERED, addr,
3227 sizeof(*addr));
0df4c185 3228 goto done;
a5c29683
JH		 3229 }
3230
1707c60e
JH		 3231 if (addr->type == BDADDR_BREDR)
3232 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3233 else
1707c60e 3234 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &addr->bdaddr);
272d90df
JH		 3235
3236 if (!conn) {
feb94d3d
JH		 3237 err = cmd_complete(sk, hdev->id, mgmt_op,
3238 MGMT_STATUS_NOT_CONNECTED, addr,
3239 sizeof(*addr));
272d90df
JH		 3240 goto done;
3241 }
47c15e2b 3242
1707c60e 3243 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3244 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3245 if (!err)
feb94d3d
JH		 3246 err = cmd_complete(sk, hdev->id, mgmt_op,
3247 MGMT_STATUS_SUCCESS, addr,
3248 sizeof(*addr));
5fe57d9e 3249 else
feb94d3d
JH		 3250 err = cmd_complete(sk, hdev->id, mgmt_op,
3251 MGMT_STATUS_FAILED, addr,
3252 sizeof(*addr));
47c15e2b 3253
47c15e2b
BG		 3254 goto done;
3255 }
3256
1707c60e 3257 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3258 if (!cmd) {
3259 err = -ENOMEM;
0df4c185 3260 goto done;
a5c29683
JH		 3261 }
3262
0df4c185 3263 /* Continue with pairing via HCI */
604086b7
BG		 3264 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3265 struct hci_cp_user_passkey_reply cp;
3266
1707c60e 3267 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3268 cp.passkey = passkey;
3269 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3270 } else
1707c60e
JH		 3271 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3272 &addr->bdaddr);
604086b7 3273
a664b5bc
JH		 3274 if (err < 0)
3275 mgmt_pending_remove(cmd);
a5c29683 3276
0df4c185 3277done:
09fd0de5 3278 hci_dev_unlock(hdev);
a5c29683
JH		 3279 return err;
3280}
3281
afeb019d
JK		 3282static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3283 void *data, u16 len)
3284{
3285 struct mgmt_cp_pin_code_neg_reply *cp = data;
3286
3287 BT_DBG("");
3288
1707c60e 3289 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3290 MGMT_OP_PIN_CODE_NEG_REPLY,
3291 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3292}
3293
04124681
GP		 3294static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3295 u16 len)
0df4c185 3296{
650f726d 3297 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3298
3299 BT_DBG("");
3300
3301 if (len != sizeof(*cp))
bdb6d971 3302 return cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
04124681 3303 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3304
1707c60e 3305 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3306 MGMT_OP_USER_CONFIRM_REPLY,
3307 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3308}
3309
bdb6d971 3310static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3311 void *data, u16 len)
0df4c185 3312{
c9c2659f 3313 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3314
3315 BT_DBG("");
3316
1707c60e 3317 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3318 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3319 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3320}
3321
04124681
GP		 3322static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3323 u16 len)
604086b7 3324{
650f726d 3325 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3326
3327 BT_DBG("");
3328
1707c60e 3329 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3330 MGMT_OP_USER_PASSKEY_REPLY,
3331 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3332}
3333
bdb6d971 3334static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3335 void *data, u16 len)
604086b7 3336{
650f726d 3337 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3338
3339 BT_DBG("");
3340
1707c60e 3341 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3342 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3343 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3344}
3345
13928971 3346static void update_name(struct hci_request *req)
2b4bf397 3347{
13928971 3348 struct hci_dev *hdev = req->hdev;
2b4bf397
JH		 3349 struct hci_cp_write_local_name cp;
3350
13928971 3351 memcpy(cp.name, hdev->dev_name, sizeof(cp.name));
2b4bf397 3352
890ea898 3353 hci_req_add(req, HCI_OP_WRITE_LOCAL_NAME, sizeof(cp), &cp);
2b4bf397
JH		 3354}
3355
13928971
JH		 3356static void set_name_complete(struct hci_dev *hdev, u8 status)
3357{
3358 struct mgmt_cp_set_local_name *cp;
3359 struct pending_cmd *cmd;
3360
3361 BT_DBG("status 0x%02x", status);
3362
3363 hci_dev_lock(hdev);
3364
3365 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
3366 if (!cmd)
3367 goto unlock;
3368
3369 cp = cmd->param;
3370
3371 if (status)
3372 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3373 mgmt_status(status));
3374 else
3375 cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3376 cp, sizeof(*cp));
3377
3378 mgmt_pending_remove(cmd);
3379
3380unlock:
3381 hci_dev_unlock(hdev);
3382}
3383
bdb6d971 3384static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3385 u16 len)
b312b161 3386{
2b4bf397 3387 struct mgmt_cp_set_local_name *cp = data;
b312b161 3388 struct pending_cmd *cmd;
890ea898 3389 struct hci_request req;
b312b161
JH		 3390 int err;
3391
3392 BT_DBG("");
3393
09fd0de5 3394 hci_dev_lock(hdev);
b312b161 3395
b3f2ca94
JH		 3396 /* If the old values are the same as the new ones just return a
3397 * direct command complete event.
3398 */
3399 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3400 !memcmp(hdev->short_name, cp->short_name,
3401 sizeof(hdev->short_name))) {
3402 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3403 data, len);
3404 goto failed;
3405 }
3406
2b4bf397 3407 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3408
b5235a65 3409 if (!hdev_is_powered(hdev)) {
2b4bf397 3410 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde
JH		 3411
3412 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
04124681 3413 data, len);
28cc7bde
JH		 3414 if (err < 0)
3415 goto failed;
3416
3417 err = mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data, len,
04124681 3418 sk);
28cc7bde 3419
b5235a65
JH		 3420 goto failed;
3421 }
3422
28cc7bde 3423 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3424 if (!cmd) {
3425 err = -ENOMEM;
3426 goto failed;
3427 }
3428
13928971
JH		 3429 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3430
890ea898 3431 hci_req_init(&req, hdev);
3f985050
JH		 3432
3433 if (lmp_bredr_capable(hdev)) {
3434 update_name(&req);
3435 update_eir(&req);
3436 }
3437
7a5f4990
MH		 3438 /* The name is stored in the scan response data and so
3439 * no need to udpate the advertising data here.
3440 */
3f985050 3441 if (lmp_le_capable(hdev))
7a5f4990 3442 update_scan_rsp_data(&req);
3f985050 3443
13928971 3444 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3445 if (err < 0)
3446 mgmt_pending_remove(cmd);
3447
3448failed:
09fd0de5 3449 hci_dev_unlock(hdev);
b312b161
JH		 3450 return err;
3451}
3452
0f4e68cf 3453static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3454 void *data, u16 data_len)
c35938b2 3455{
c35938b2
SJ		 3456 struct pending_cmd *cmd;
3457 int err;
3458
bdb6d971 3459 BT_DBG("%s", hdev->name);
c35938b2 3460
09fd0de5 3461 hci_dev_lock(hdev);
c35938b2 3462
4b34ee78 3463 if (!hdev_is_powered(hdev)) {
bdb6d971 3464 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3465 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3466 goto unlock;
3467 }
3468
9a1a1996 3469 if (!lmp_ssp_capable(hdev)) {
bdb6d971 3470 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3471 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3472 goto unlock;
3473 }
3474
2e58ef3e 3475 if (mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
bdb6d971 3476 err = cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
04124681 3477 MGMT_STATUS_BUSY);
c35938b2
SJ		 3478 goto unlock;
3479 }
3480
2e58ef3e 3481 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3482 if (!cmd) {
3483 err = -ENOMEM;
3484 goto unlock;
3485 }
3486
4d2d2796
MH		 3487 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags))
3488 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_EXT_DATA,
3489 0, NULL);
3490 else
3491 err = hci_send_cmd(hdev, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
3492
c35938b2
SJ		 3493 if (err < 0)
3494 mgmt_pending_remove(cmd);
3495
3496unlock:
09fd0de5 3497 hci_dev_unlock(hdev);
c35938b2
SJ		 3498 return err;
3499}
3500
bdb6d971 3501static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3502 void *data, u16 len)
2763eda6 3503{
2763eda6
SJ		 3504 int err;
3505
bdb6d971 3506 BT_DBG("%s ", hdev->name);
2763eda6 3507
09fd0de5 3508 hci_dev_lock(hdev);
2763eda6 3509
ec109113
MH		 3510 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3511 struct mgmt_cp_add_remote_oob_data *cp = data;
3512 u8 status;
bf1e3541 3513
ec109113
MH		 3514 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
3515 cp->hash, cp->randomizer);
3516 if (err < 0)
3517 status = MGMT_STATUS_FAILED;
3518 else
3519 status = MGMT_STATUS_SUCCESS;
3520
3521 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3522 status, &cp->addr, sizeof(cp->addr));
3523 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3524 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
3525 u8 status;
3526
3527 err = hci_add_remote_oob_ext_data(hdev, &cp->addr.bdaddr,
3528 cp->hash192,
3529 cp->randomizer192,
3530 cp->hash256,
3531 cp->randomizer256);
3532 if (err < 0)
3533 status = MGMT_STATUS_FAILED;
3534 else
3535 status = MGMT_STATUS_SUCCESS;
3536
3537 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3538 status, &cp->addr, sizeof(cp->addr));
3539 } else {
3540 BT_ERR("add_remote_oob_data: invalid length of %u bytes", len);
3541 err = cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3542 MGMT_STATUS_INVALID_PARAMS);
3543 }
2763eda6 3544
09fd0de5 3545 hci_dev_unlock(hdev);
2763eda6
SJ		 3546 return err;
3547}
3548
bdb6d971 3549static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3550 void *data, u16 len)
2763eda6 3551{
650f726d 3552 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3553 u8 status;
2763eda6
SJ		 3554 int err;
3555
bdb6d971 3556 BT_DBG("%s", hdev->name);
2763eda6 3557
09fd0de5 3558 hci_dev_lock(hdev);
2763eda6 3559
664ce4cc 3560 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr);
2763eda6 3561 if (err < 0)
bf1e3541 3562 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3563 else
a6785be2 3564 status = MGMT_STATUS_SUCCESS;
bf1e3541 3565
bdb6d971 3566 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
04124681 3567 status, &cp->addr, sizeof(cp->addr));
2763eda6 3568
09fd0de5 3569 hci_dev_unlock(hdev);
2763eda6
SJ		 3570 return err;
3571}
3572
41dc2bd6
AG		 3573static int mgmt_start_discovery_failed(struct hci_dev *hdev, u8 status)
3574{
3575 struct pending_cmd *cmd;
3576 u8 type;
3577 int err;
3578
3579 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3580
3581 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
3582 if (!cmd)
3583 return -ENOENT;
3584
3585 type = hdev->discovery.type;
3586
3587 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3588 &type, sizeof(type));
3589 mgmt_pending_remove(cmd);
3590
3591 return err;
3592}
3593
7c307720
AG		 3594static void start_discovery_complete(struct hci_dev *hdev, u8 status)
3595{
ae55f598
LR		 3596 unsigned long timeout = 0;
3597
7c307720
AG		 3598 BT_DBG("status %d", status);
3599
3600 if (status) {
3601 hci_dev_lock(hdev);
3602 mgmt_start_discovery_failed(hdev, status);
3603 hci_dev_unlock(hdev);
3604 return;
3605 }
3606
3607 hci_dev_lock(hdev);
3608 hci_discovery_set_state(hdev, DISCOVERY_FINDING);
3609 hci_dev_unlock(hdev);
3610
3611 switch (hdev->discovery.type) {
3612 case DISCOV_TYPE_LE:
3d5a76f0 3613 timeout = msecs_to_jiffies(DISCOV_LE_TIMEOUT);
7c307720
AG		 3614 break;
3615
3616 case DISCOV_TYPE_INTERLEAVED:
b9a7a61e 3617 timeout = msecs_to_jiffies(hdev->discov_interleaved_timeout);
7c307720
AG		 3618 break;
3619
3620 case DISCOV_TYPE_BREDR:
3621 break;
3622
3623 default:
3624 BT_ERR("Invalid discovery type %d", hdev->discovery.type);
3625 }
ae55f598
LR		 3626
3627 if (!timeout)
3628 return;
3629
3630 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, timeout);
7c307720
AG		 3631}
3632
bdb6d971 3633static int start_discovery(struct sock *sk, struct hci_dev *hdev,
04124681 3634 void *data, u16 len)
14a53664 3635{
650f726d 3636 struct mgmt_cp_start_discovery *cp = data;
14a53664 3637 struct pending_cmd *cmd;
7c307720
AG		 3638 struct hci_cp_le_set_scan_param param_cp;
3639 struct hci_cp_le_set_scan_enable enable_cp;
3640 struct hci_cp_inquiry inq_cp;
3641 struct hci_request req;
3642 /* General inquiry access code (GIAC) */
3643 u8 lap[3] = { 0x33, 0x8b, 0x9e };
d9483943 3644 u8 status, own_addr_type;
14a53664
JH		 3645 int err;
3646
bdb6d971 3647 BT_DBG("%s", hdev->name);
14a53664 3648
09fd0de5 3649 hci_dev_lock(hdev);
14a53664 3650
4b34ee78 3651 if (!hdev_is_powered(hdev)) {
bdb6d971 3652 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3653 MGMT_STATUS_NOT_POWERED);
bd2d1334
JH		 3654 goto failed;
3655 }
3656
642be6c7
AG		 3657 if (test_bit(HCI_PERIODIC_INQ, &hdev->dev_flags)) {
3658 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3659 MGMT_STATUS_BUSY);
3660 goto failed;
3661 }
3662
ff9ef578 3663 if (hdev->discovery.state != DISCOVERY_STOPPED) {
bdb6d971 3664 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
04124681 3665 MGMT_STATUS_BUSY);
ff9ef578
JH		 3666 goto failed;
3667 }
3668
2e58ef3e 3669 cmd = mgmt_pending_add(sk, MGMT_OP_START_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3670 if (!cmd) {
3671 err = -ENOMEM;
3672 goto failed;
3673 }
3674
4aab14e5
AG		 3675 hdev->discovery.type = cp->type;
3676
7c307720
AG		 3677 hci_req_init(&req, hdev);
3678
4aab14e5 3679 switch (hdev->discovery.type) {
f39799f5 3680 case DISCOV_TYPE_BREDR:
e6fe7986
JH		 3681 status = mgmt_bredr_support(hdev);
3682 if (status) {
04106755 3683 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3684 status);
04106755
JH		 3685 mgmt_pending_remove(cmd);
3686 goto failed;
3687 }
3688
7c307720
AG		 3689 if (test_bit(HCI_INQUIRY, &hdev->flags)) {
3690 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3691 MGMT_STATUS_BUSY);
3692 mgmt_pending_remove(cmd);
3693 goto failed;
3694 }
3695
3696 hci_inquiry_cache_flush(hdev);
3697
3698 memset(&inq_cp, 0, sizeof(inq_cp));
3699 memcpy(&inq_cp.lap, lap, sizeof(inq_cp.lap));
0d8cc935 3700 inq_cp.length = DISCOV_BREDR_INQUIRY_LEN;
7c307720 3701 hci_req_add(&req, HCI_OP_INQUIRY, sizeof(inq_cp), &inq_cp);
f39799f5
AG		 3702 break;
3703
3704 case DISCOV_TYPE_LE:
7c307720 3705 case DISCOV_TYPE_INTERLEAVED:
e6fe7986
JH		 3706 status = mgmt_le_support(hdev);
3707 if (status) {
04106755 3708 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
e6fe7986 3709 status);
04106755
JH		 3710 mgmt_pending_remove(cmd);
3711 goto failed;
3712 }
3713
7c307720 3714 if (hdev->discovery.type == DISCOV_TYPE_INTERLEAVED &&
56f87901 3715 !test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
04106755
JH		 3716 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3717 MGMT_STATUS_NOT_SUPPORTED);
3718 mgmt_pending_remove(cmd);
3719 goto failed;
3720 }
3721
f3d3444a 3722 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
7c307720
AG		 3723 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3724 MGMT_STATUS_REJECTED);
3725 mgmt_pending_remove(cmd);
3726 goto failed;
3727 }
3728
c54c3860
AG		 3729 /* If controller is scanning, it means the background scanning
3730 * is running. Thus, we should temporarily stop it in order to
3731 * set the discovery scanning parameters.
3732 */
3733 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags))
3734 hci_req_add_le_scan_disable(&req);
7c307720
AG		 3735
3736 memset(&param_cp, 0, sizeof(param_cp));
d9483943 3737
94b1fc92
MH		 3738 /* All active scans will be done with either a resolvable
3739 * private address (when privacy feature has been enabled)
3740 * or unresolvable private address.
3741 */
3742 err = hci_update_random_address(&req, true, &own_addr_type);
d9483943
JH		 3743 if (err < 0) {
3744 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3745 MGMT_STATUS_FAILED);
3746 mgmt_pending_remove(cmd);
3747 goto failed;
3748 }
3749
7c307720 3750 param_cp.type = LE_SCAN_ACTIVE;
0d8cc935
AG		 3751 param_cp.interval = cpu_to_le16(DISCOV_LE_SCAN_INT);
3752 param_cp.window = cpu_to_le16(DISCOV_LE_SCAN_WIN);
d9483943 3753 param_cp.own_address_type = own_addr_type;
7c307720
AG		 3754 hci_req_add(&req, HCI_OP_LE_SET_SCAN_PARAM, sizeof(param_cp),
3755 &param_cp);
3756
3757 memset(&enable_cp, 0, sizeof(enable_cp));
3758 enable_cp.enable = LE_SCAN_ENABLE;
3759 enable_cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
3760 hci_req_add(&req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(enable_cp),
3761 &enable_cp);
5e0452c0
AG		 3762 break;
3763
f39799f5 3764 default:
04106755
JH		 3765 err = cmd_status(sk, hdev->id, MGMT_OP_START_DISCOVERY,
3766 MGMT_STATUS_INVALID_PARAMS);
3767 mgmt_pending_remove(cmd);
3768 goto failed;
f39799f5 3769 }
3fd24153 3770
7c307720 3771 err = hci_req_run(&req, start_discovery_complete);
14a53664
JH		 3772 if (err < 0)
3773 mgmt_pending_remove(cmd);
ff9ef578
JH		 3774 else
3775 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 3776
3777failed:
09fd0de5 3778 hci_dev_unlock(hdev);
14a53664
JH		 3779 return err;
3780}
3781
1183fdca
AG		 3782static int mgmt_stop_discovery_failed(struct hci_dev *hdev, u8 status)
3783{
3784 struct pending_cmd *cmd;
3785 int err;
3786
3787 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
3788 if (!cmd)
3789 return -ENOENT;
3790
3791 err = cmd_complete(cmd->sk, hdev->id, cmd->opcode, mgmt_status(status),
3792 &hdev->discovery.type, sizeof(hdev->discovery.type));
3793 mgmt_pending_remove(cmd);
3794
3795 return err;
3796}
3797
0e05bba6
AG		 3798static void stop_discovery_complete(struct hci_dev *hdev, u8 status)
3799{
3800 BT_DBG("status %d", status);
3801
3802 hci_dev_lock(hdev);
3803
3804 if (status) {
3805 mgmt_stop_discovery_failed(hdev, status);
3806 goto unlock;
3807 }
3808
3809 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3810
3811unlock:
3812 hci_dev_unlock(hdev);
3813}
3814
bdb6d971 3815static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3816 u16 len)
14a53664 3817{
d930650b 3818 struct mgmt_cp_stop_discovery *mgmt_cp = data;
14a53664 3819 struct pending_cmd *cmd;
0e05bba6 3820 struct hci_request req;
14a53664
JH		 3821 int err;
3822
bdb6d971 3823 BT_DBG("%s", hdev->name);
14a53664 3824
09fd0de5 3825 hci_dev_lock(hdev);
14a53664 3826
30dc78e1 3827 if (!hci_discovery_active(hdev)) {
bdb6d971 3828 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3829 MGMT_STATUS_REJECTED, &mgmt_cp->type,
3830 sizeof(mgmt_cp->type));
d930650b
JH		 3831 goto unlock;
3832 }
3833
3834 if (hdev->discovery.type != mgmt_cp->type) {
bdb6d971 3835 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
04124681
GP		 3836 MGMT_STATUS_INVALID_PARAMS, &mgmt_cp->type,
3837 sizeof(mgmt_cp->type));
30dc78e1 3838 goto unlock;
ff9ef578
JH		 3839 }
3840
2e58ef3e 3841 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, NULL, 0);
14a53664
JH		 3842 if (!cmd) {
3843 err = -ENOMEM;
30dc78e1
JH		 3844 goto unlock;
3845 }
3846
0e05bba6
AG		 3847 hci_req_init(&req, hdev);
3848
21a60d30 3849 hci_stop_discovery(&req);
e0d9727e 3850
21a60d30
JH		 3851 err = hci_req_run(&req, stop_discovery_complete);
3852 if (!err) {
3853 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
0e05bba6 3854 goto unlock;
14a53664
JH		 3855 }
3856
21a60d30
JH		 3857 mgmt_pending_remove(cmd);
3858
3859 /* If no HCI commands were sent we're done */
3860 if (err == -ENODATA) {
3861 err = cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY, 0,
3862 &mgmt_cp->type, sizeof(mgmt_cp->type));
3863 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
3864 }
14a53664 3865
30dc78e1 3866unlock:
09fd0de5 3867 hci_dev_unlock(hdev);
14a53664
JH		 3868 return err;
3869}
3870
bdb6d971 3871static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3872 u16 len)
561aafbc 3873{
650f726d 3874 struct mgmt_cp_confirm_name *cp = data;
561aafbc 3875 struct inquiry_entry *e;
561aafbc
JH		 3876 int err;
3877
bdb6d971 3878 BT_DBG("%s", hdev->name);
561aafbc 3879
561aafbc
JH		 3880 hci_dev_lock(hdev);
3881
30dc78e1 3882 if (!hci_discovery_active(hdev)) {
d3a2541d
LR		 3883 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3884 MGMT_STATUS_FAILED, &cp->addr,
3885 sizeof(cp->addr));
30dc78e1
JH		 3886 goto failed;
3887 }
3888
a198e7b1 3889 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 3890 if (!e) {
d3a2541d
LR		 3891 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
3892 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
3893 sizeof(cp->addr));
561aafbc
JH		 3894 goto failed;
3895 }
3896
3897 if (cp->name_known) {
3898 e->name_state = NAME_KNOWN;
3899 list_del(&e->list);
3900 } else {
3901 e->name_state = NAME_NEEDED;
a3d4e20a 3902 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 3903 }
3904
e384662b
JH		 3905 err = cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0, &cp->addr,
3906 sizeof(cp->addr));
561aafbc
JH		 3907
3908failed:
3909 hci_dev_unlock(hdev);
561aafbc
JH		 3910 return err;
3911}
3912
bdb6d971 3913static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3914 u16 len)
7fbec224 3915{
650f726d 3916 struct mgmt_cp_block_device *cp = data;
f0eeea8b 3917 u8 status;
7fbec224
AJ		 3918 int err;
3919
bdb6d971 3920 BT_DBG("%s", hdev->name);
7fbec224 3921
4ee71b20 3922 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3923 return cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
3924 MGMT_STATUS_INVALID_PARAMS,
3925 &cp->addr, sizeof(cp->addr));
4ee71b20 3926
09fd0de5 3927 hci_dev_lock(hdev);
5e762444 3928
88c1fe4b 3929 err = hci_blacklist_add(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3930 if (err < 0) {
f0eeea8b 3931 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 3932 goto done;
3933 }
3934
3935 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3936 sk);
3937 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3938
2a8357f2 3939done:
bdb6d971 3940 err = cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
04124681 3941 &cp->addr, sizeof(cp->addr));
5e762444 3942
09fd0de5 3943 hci_dev_unlock(hdev);
7fbec224
AJ		 3944
3945 return err;
3946}
3947
bdb6d971 3948static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3949 u16 len)
7fbec224 3950{
650f726d 3951 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 3952 u8 status;
7fbec224
AJ		 3953 int err;
3954
bdb6d971 3955 BT_DBG("%s", hdev->name);
7fbec224 3956
4ee71b20 3957 if (!bdaddr_type_is_valid(cp->addr.type))
5d0846d4
JH		 3958 return cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
3959 MGMT_STATUS_INVALID_PARAMS,
3960 &cp->addr, sizeof(cp->addr));
4ee71b20 3961
09fd0de5 3962 hci_dev_lock(hdev);
5e762444 3963
88c1fe4b 3964 err = hci_blacklist_del(hdev, &cp->addr.bdaddr, cp->addr.type);
2a8357f2 3965 if (err < 0) {
f0eeea8b 3966 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 3967 goto done;
3968 }
3969
3970 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
3971 sk);
3972 status = MGMT_STATUS_SUCCESS;
f0eeea8b 3973
2a8357f2 3974done:
bdb6d971 3975 err = cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
04124681 3976 &cp->addr, sizeof(cp->addr));
5e762444 3977
09fd0de5 3978 hci_dev_unlock(hdev);
7fbec224
AJ		 3979
3980 return err;
3981}
3982
cdbaccca
MH		 3983static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
3984 u16 len)
3985{
3986 struct mgmt_cp_set_device_id *cp = data;
890ea898 3987 struct hci_request req;
cdbaccca 3988 int err;
c72d4b8a 3989 __u16 source;
cdbaccca
MH		 3990
3991 BT_DBG("%s", hdev->name);
3992
c72d4b8a
SJ		 3993 source = __le16_to_cpu(cp->source);
3994
3995 if (source > 0x0002)
3996 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
3997 MGMT_STATUS_INVALID_PARAMS);
3998
cdbaccca
MH		 3999 hci_dev_lock(hdev);
4000
c72d4b8a 4001 hdev->devid_source = source;
cdbaccca
MH		 4002 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4003 hdev->devid_product = __le16_to_cpu(cp->product);
4004 hdev->devid_version = __le16_to_cpu(cp->version);
4005
4006 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0, NULL, 0);
4007
890ea898
JH		 4008 hci_req_init(&req, hdev);
4009 update_eir(&req);
4010 hci_req_run(&req, NULL);
cdbaccca
MH		 4011
4012 hci_dev_unlock(hdev);
4013
4014 return err;
4015}
4016
4375f103
JH		 4017static void set_advertising_complete(struct hci_dev *hdev, u8 status)
4018{
4019 struct cmd_lookup match = { NULL, hdev };
4020
4021 if (status) {
4022 u8 mgmt_err = mgmt_status(status);
4023
4024 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4025 cmd_status_rsp, &mgmt_err);
4026 return;
4027 }
4028
4029 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4030 &match);
4031
4032 new_settings(hdev, match.sk);
4033
4034 if (match.sk)
4035 sock_put(match.sk);
4036}
4037
21b5187f
MH		 4038static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4039 u16 len)
4375f103
JH		 4040{
4041 struct mgmt_mode *cp = data;
4042 struct pending_cmd *cmd;
4043 struct hci_request req;
e6fe7986 4044 u8 val, enabled, status;
4375f103
JH		 4045 int err;
4046
4047 BT_DBG("request for %s", hdev->name);
4048
e6fe7986
JH		 4049 status = mgmt_le_support(hdev);
4050 if (status)
4375f103 4051 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
e6fe7986 4052 status);
4375f103
JH		 4053
4054 if (cp->val != 0x00 && cp->val != 0x01)
4055 return cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4056 MGMT_STATUS_INVALID_PARAMS);
4057
4058 hci_dev_lock(hdev);
4059
4060 val = !!cp->val;
f3d3444a 4061 enabled = test_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103 4062
f74ca9b8
JH		 4063 /* The following conditions are ones which mean that we should
4064 * not do any HCI communication but directly send a mgmt
4065 * response to user space (after toggling the flag if
4066 * necessary).
4067 */
4068 if (!hdev_is_powered(hdev) || val == enabled ||
b145edcd 4069 hci_conn_num(hdev, LE_LINK) > 0) {
4375f103
JH		 4070 bool changed = false;
4071
f3d3444a
JH		 4072 if (val != test_bit(HCI_ADVERTISING, &hdev->dev_flags)) {
4073 change_bit(HCI_ADVERTISING, &hdev->dev_flags);
4375f103
JH		 4074 changed = true;
4075 }
4076
4077 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4078 if (err < 0)
4079 goto unlock;
4080
4081 if (changed)
4082 err = new_settings(hdev, sk);
4083
4084 goto unlock;
4085 }
4086
4087 if (mgmt_pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4088 mgmt_pending_find(MGMT_OP_SET_LE, hdev)) {
4089 err = cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4090 MGMT_STATUS_BUSY);
4091 goto unlock;
4092 }
4093
4094 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4095 if (!cmd) {
4096 err = -ENOMEM;
4097 goto unlock;
4098 }
4099
4100 hci_req_init(&req, hdev);
4101
bba3aa55
MH		 4102 if (val)
4103 enable_advertising(&req);
4104 else
4105 disable_advertising(&req);
4375f103
JH		 4106
4107 err = hci_req_run(&req, set_advertising_complete);
4108 if (err < 0)
4109 mgmt_pending_remove(cmd);
4110
4111unlock:
4112 hci_dev_unlock(hdev);
4113 return err;
4114}
4115
d13eafce
MH		 4116static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4117 void *data, u16 len)
4118{
4119 struct mgmt_cp_set_static_address *cp = data;
4120 int err;
4121
4122 BT_DBG("%s", hdev->name);
4123
62af4443 4124 if (!lmp_le_capable(hdev))
d13eafce 4125 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
62af4443 4126 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4127
4128 if (hdev_is_powered(hdev))
4129 return cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4130 MGMT_STATUS_REJECTED);
4131
4132 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4133 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
4134 return cmd_status(sk, hdev->id,
4135 MGMT_OP_SET_STATIC_ADDRESS,
4136 MGMT_STATUS_INVALID_PARAMS);
4137
4138 /* Two most significant bits shall be set */
4139 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
4140 return cmd_status(sk, hdev->id,
4141 MGMT_OP_SET_STATIC_ADDRESS,
4142 MGMT_STATUS_INVALID_PARAMS);
4143 }
4144
4145 hci_dev_lock(hdev);
4146
4147 bacpy(&hdev->static_addr, &cp->bdaddr);
4148
4149 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS, 0, NULL, 0);
4150
4151 hci_dev_unlock(hdev);
4152
4153 return err;
4154}
4155
14b49b9a
MH		 4156static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4157 void *data, u16 len)
4158{
4159 struct mgmt_cp_set_scan_params *cp = data;
4160 __u16 interval, window;
4161 int err;
4162
4163 BT_DBG("%s", hdev->name);
4164
4165 if (!lmp_le_capable(hdev))
4166 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4167 MGMT_STATUS_NOT_SUPPORTED);
4168
4169 interval = __le16_to_cpu(cp->interval);
4170
4171 if (interval < 0x0004 || interval > 0x4000)
4172 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4173 MGMT_STATUS_INVALID_PARAMS);
4174
4175 window = __le16_to_cpu(cp->window);
4176
4177 if (window < 0x0004 || window > 0x4000)
4178 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4179 MGMT_STATUS_INVALID_PARAMS);
4180
899e1075
MH		 4181 if (window > interval)
4182 return cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4183 MGMT_STATUS_INVALID_PARAMS);
4184
14b49b9a
MH		 4185 hci_dev_lock(hdev);
4186
4187 hdev->le_scan_interval = interval;
4188 hdev->le_scan_window = window;
4189
4190 err = cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0, NULL, 0);
4191
dd2ef8e2
AG		 4192 /* If background scan is running, restart it so new parameters are
4193 * loaded.
4194 */
4195 if (test_bit(HCI_LE_SCAN, &hdev->dev_flags) &&
4196 hdev->discovery.state == DISCOVERY_STOPPED) {
4197 struct hci_request req;
4198
4199 hci_req_init(&req, hdev);
4200
4201 hci_req_add_le_scan_disable(&req);
4202 hci_req_add_le_passive_scan(&req);
4203
4204 hci_req_run(&req, NULL);
4205 }
4206
14b49b9a
MH		 4207 hci_dev_unlock(hdev);
4208
4209 return err;
4210}
4211
33e38b3e
JH		 4212static void fast_connectable_complete(struct hci_dev *hdev, u8 status)
4213{
4214 struct pending_cmd *cmd;
4215
4216 BT_DBG("status 0x%02x", status);
4217
4218 hci_dev_lock(hdev);
4219
4220 cmd = mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4221 if (!cmd)
4222 goto unlock;
4223
4224 if (status) {
4225 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4226 mgmt_status(status));
4227 } else {
1a4d3c4b
JH		 4228 struct mgmt_mode *cp = cmd->param;
4229
4230 if (cp->val)
4231 set_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4232 else
4233 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4234
33e38b3e
JH		 4235 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4236 new_settings(hdev, cmd->sk);
4237 }
4238
4239 mgmt_pending_remove(cmd);
4240
4241unlock:
4242 hci_dev_unlock(hdev);
4243}
4244
bdb6d971 4245static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4246 void *data, u16 len)
f6422ec6 4247{
650f726d 4248 struct mgmt_mode *cp = data;
33e38b3e
JH		 4249 struct pending_cmd *cmd;
4250 struct hci_request req;
f6422ec6
AJ		 4251 int err;
4252
bdb6d971 4253 BT_DBG("%s", hdev->name);
f6422ec6 4254
56f87901
JH		 4255 if (!test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags) ||
4256 hdev->hci_ver < BLUETOOTH_VER_1_2)
33c525c0
JH		 4257 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4258 MGMT_STATUS_NOT_SUPPORTED);
4259
a7e80f25
JH		 4260 if (cp->val != 0x00 && cp->val != 0x01)
4261 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4262 MGMT_STATUS_INVALID_PARAMS);
4263
5400c044 4264 if (!hdev_is_powered(hdev))
bdb6d971 4265 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4266 MGMT_STATUS_NOT_POWERED);
5400c044
JH		 4267
4268 if (!test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
bdb6d971 4269 return cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4270 MGMT_STATUS_REJECTED);
f6422ec6
AJ		 4271
4272 hci_dev_lock(hdev);
4273
05cbf29f
JH		 4274 if (mgmt_pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
4275 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4276 MGMT_STATUS_BUSY);
4277 goto unlock;
4278 }
4279
1a4d3c4b
JH		 4280 if (!!cp->val == test_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags)) {
4281 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4282 hdev);
4283 goto unlock;
4284 }
4285
33e38b3e
JH		 4286 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4287 data, len);
4288 if (!cmd) {
4289 err = -ENOMEM;
4290 goto unlock;
f6422ec6
AJ		 4291 }
4292
33e38b3e
JH		 4293 hci_req_init(&req, hdev);
4294
406d7804 4295 write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4296
4297 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4298 if (err < 0) {
bdb6d971 4299 err = cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
04124681 4300 MGMT_STATUS_FAILED);
33e38b3e 4301 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4302 }
4303
33e38b3e 4304unlock:
f6422ec6 4305 hci_dev_unlock(hdev);
33e38b3e 4306
f6422ec6
AJ		 4307 return err;
4308}
4309
67e5a7a3
JH		 4310static void set_bredr_scan(struct hci_request *req)
4311{
4312 struct hci_dev *hdev = req->hdev;
4313 u8 scan = 0;
4314
4315 /* Ensure that fast connectable is disabled. This function will
4316 * not do anything if the page scan parameters are already what
4317 * they should be.
4318 */
4319 write_fast_connectable(req, false);
4320
4321 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4322 scan |= SCAN_PAGE;
4323 if (test_bit(HCI_DISCOVERABLE, &hdev->dev_flags))
4324 scan |= SCAN_INQUIRY;
4325
4326 if (scan)
4327 hci_req_add(req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
4328}
4329
0663ca2a
JH		 4330static void set_bredr_complete(struct hci_dev *hdev, u8 status)
4331{
4332 struct pending_cmd *cmd;
4333
4334 BT_DBG("status 0x%02x", status);
4335
4336 hci_dev_lock(hdev);
4337
4338 cmd = mgmt_pending_find(MGMT_OP_SET_BREDR, hdev);
4339 if (!cmd)
4340 goto unlock;
4341
4342 if (status) {
4343 u8 mgmt_err = mgmt_status(status);
4344
4345 /* We need to restore the flag if related HCI commands
4346 * failed.
4347 */
4348 clear_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4349
4350 cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
4351 } else {
4352 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4353 new_settings(hdev, cmd->sk);
4354 }
4355
4356 mgmt_pending_remove(cmd);
4357
4358unlock:
4359 hci_dev_unlock(hdev);
4360}
4361
4362static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4363{
4364 struct mgmt_mode *cp = data;
4365 struct pending_cmd *cmd;
4366 struct hci_request req;
4367 int err;
4368
4369 BT_DBG("request for %s", hdev->name);
4370
4371 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
4372 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4373 MGMT_STATUS_NOT_SUPPORTED);
4374
4375 if (!test_bit(HCI_LE_ENABLED, &hdev->dev_flags))
4376 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4377 MGMT_STATUS_REJECTED);
4378
4379 if (cp->val != 0x00 && cp->val != 0x01)
4380 return cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4381 MGMT_STATUS_INVALID_PARAMS);
4382
4383 hci_dev_lock(hdev);
4384
4385 if (cp->val == test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
4386 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4387 goto unlock;
4388 }
4389
4390 if (!hdev_is_powered(hdev)) {
4391 if (!cp->val) {
0663ca2a
JH		 4392 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
4393 clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
4394 clear_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
4395 clear_bit(HCI_FAST_CONNECTABLE, &hdev->dev_flags);
4396 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
4397 }
4398
4399 change_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4400
4401 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4402 if (err < 0)
4403 goto unlock;
4404
4405 err = new_settings(hdev, sk);
4406 goto unlock;
4407 }
4408
4409 /* Reject disabling when powered on */
4410 if (!cp->val) {
4411 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4412 MGMT_STATUS_REJECTED);
4413 goto unlock;
4414 }
4415
4416 if (mgmt_pending_find(MGMT_OP_SET_BREDR, hdev)) {
4417 err = cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4418 MGMT_STATUS_BUSY);
4419 goto unlock;
4420 }
4421
4422 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4423 if (!cmd) {
4424 err = -ENOMEM;
4425 goto unlock;
4426 }
4427
5947f4bc 4428 /* We need to flip the bit already here so that update_adv_data
0663ca2a
JH		 4429 * generates the correct flags.
4430 */
4431 set_bit(HCI_BREDR_ENABLED, &hdev->dev_flags);
4432
4433 hci_req_init(&req, hdev);
aa8af46e
JH		 4434
4435 if (test_bit(HCI_CONNECTABLE, &hdev->dev_flags))
4436 set_bredr_scan(&req);
4437
f14d8f64
MH		 4438 /* Since only the advertising data flags will change, there
4439 * is no need to update the scan response data.
4440 */
5947f4bc 4441 update_adv_data(&req);
aa8af46e 4442
0663ca2a
JH		 4443 err = hci_req_run(&req, set_bredr_complete);
4444 if (err < 0)
4445 mgmt_pending_remove(cmd);
4446
4447unlock:
4448 hci_dev_unlock(hdev);
4449 return err;
4450}
4451
eac83dc6
MH		 4452static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4453 void *data, u16 len)
4454{
4455 struct mgmt_mode *cp = data;
4456 struct pending_cmd *cmd;
0ab04a9c 4457 u8 val, status;
eac83dc6
MH		 4458 int err;
4459
4460 BT_DBG("request for %s", hdev->name);
4461
4462 status = mgmt_bredr_support(hdev);
4463 if (status)
4464 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4465 status);
4466
5afeac14 4467 if (!lmp_sc_capable(hdev) &&
111902f7 4468 !test_bit(HCI_FORCE_SC, &hdev->dbg_flags))
eac83dc6
MH		 4469 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4470 MGMT_STATUS_NOT_SUPPORTED);
4471
0ab04a9c 4472 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
eac83dc6
MH		 4473 return cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4474 MGMT_STATUS_INVALID_PARAMS);
4475
4476 hci_dev_lock(hdev);
4477
4478 if (!hdev_is_powered(hdev)) {
4479 bool changed;
4480
0ab04a9c 4481 if (cp->val) {
eac83dc6
MH		 4482 changed = !test_and_set_bit(HCI_SC_ENABLED,
4483 &hdev->dev_flags);
0ab04a9c
MH		 4484 if (cp->val == 0x02)
4485 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4486 else
4487 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4488 } else {
eac83dc6
MH		 4489 changed = test_and_clear_bit(HCI_SC_ENABLED,
4490 &hdev->dev_flags);
0ab04a9c
MH		 4491 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4492 }
eac83dc6
MH		 4493
4494 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4495 if (err < 0)
4496 goto failed;
4497
4498 if (changed)
4499 err = new_settings(hdev, sk);
4500
4501 goto failed;
4502 }
4503
4504 if (mgmt_pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
4505 err = cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4506 MGMT_STATUS_BUSY);
4507 goto failed;
4508 }
4509
0ab04a9c
MH		 4510 val = !!cp->val;
4511
4512 if (val == test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
4513 (cp->val == 0x02) == test_bit(HCI_SC_ONLY, &hdev->dev_flags)) {
eac83dc6
MH		 4514 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4515 goto failed;
4516 }
4517
4518 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4519 if (!cmd) {
4520 err = -ENOMEM;
4521 goto failed;
4522 }
4523
0ab04a9c 4524 err = hci_send_cmd(hdev, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
eac83dc6
MH		 4525 if (err < 0) {
4526 mgmt_pending_remove(cmd);
4527 goto failed;
4528 }
4529
0ab04a9c
MH		 4530 if (cp->val == 0x02)
4531 set_bit(HCI_SC_ONLY, &hdev->dev_flags);
4532 else
4533 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
4534
eac83dc6
MH		 4535failed:
4536 hci_dev_unlock(hdev);
4537 return err;
4538}
4539
4e39ac81
MH		 4540static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4541 void *data, u16 len)
4542{
4543 struct mgmt_mode *cp = data;
b9710979 4544 bool changed, use_changed;
4e39ac81
MH		 4545 int err;
4546
4547 BT_DBG("request for %s", hdev->name);
4548
b9710979 4549 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
4e39ac81
MH		 4550 return cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4551 MGMT_STATUS_INVALID_PARAMS);
4552
4553 hci_dev_lock(hdev);
4554
4555 if (cp->val)
0663b297
JH		 4556 changed = !test_and_set_bit(HCI_KEEP_DEBUG_KEYS,
4557 &hdev->dev_flags);
4e39ac81 4558 else
0663b297
JH		 4559 changed = test_and_clear_bit(HCI_KEEP_DEBUG_KEYS,
4560 &hdev->dev_flags);
4e39ac81 4561
b9710979
JH		 4562 if (cp->val == 0x02)
4563 use_changed = !test_and_set_bit(HCI_USE_DEBUG_KEYS,
4564 &hdev->dev_flags);
4565 else
4566 use_changed = test_and_clear_bit(HCI_USE_DEBUG_KEYS,
4567 &hdev->dev_flags);
4568
4569 if (hdev_is_powered(hdev) && use_changed &&
4570 test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
4571 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4572 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4573 sizeof(mode), &mode);
4574 }
4575
4e39ac81
MH		 4576 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4577 if (err < 0)
4578 goto unlock;
4579
4580 if (changed)
4581 err = new_settings(hdev, sk);
4582
4583unlock:
4584 hci_dev_unlock(hdev);
4585 return err;
4586}
4587
62b04cd1
JH		 4588static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4589 u16 len)
4590{
4591 struct mgmt_cp_set_privacy *cp = cp_data;
4592 bool changed;
4593 int err;
4594
4595 BT_DBG("request for %s", hdev->name);
4596
4597 if (!lmp_le_capable(hdev))
4598 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4599 MGMT_STATUS_NOT_SUPPORTED);
4600
4601 if (cp->privacy != 0x00 && cp->privacy != 0x01)
4602 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4603 MGMT_STATUS_INVALID_PARAMS);
4604
4605 if (hdev_is_powered(hdev))
4606 return cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4607 MGMT_STATUS_REJECTED);
4608
4609 hci_dev_lock(hdev);
4610
c21c0ea0
JH		 4611 /* If user space supports this command it is also expected to
4612 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4613 */
4614 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4615
62b04cd1
JH		 4616 if (cp->privacy) {
4617 changed = !test_and_set_bit(HCI_PRIVACY, &hdev->dev_flags);
4618 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
4619 set_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4620 } else {
4621 changed = test_and_clear_bit(HCI_PRIVACY, &hdev->dev_flags);
4622 memset(hdev->irk, 0, sizeof(hdev->irk));
4623 clear_bit(HCI_RPA_EXPIRED, &hdev->dev_flags);
4624 }
4625
4626 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4627 if (err < 0)
4628 goto unlock;
4629
4630 if (changed)
4631 err = new_settings(hdev, sk);
4632
4633unlock:
4634 hci_dev_unlock(hdev);
4635 return err;
4636}
4637
41edf160
JH		 4638static bool irk_is_valid(struct mgmt_irk_info *irk)
4639{
4640 switch (irk->addr.type) {
4641 case BDADDR_LE_PUBLIC:
4642 return true;
4643
4644 case BDADDR_LE_RANDOM:
4645 /* Two most significant bits shall be set */
4646 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4647 return false;
4648 return true;
4649 }
4650
4651 return false;
4652}
4653
4654static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4655 u16 len)
4656{
4657 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 4658 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
4659 sizeof(struct mgmt_irk_info));
41edf160
JH		 4660 u16 irk_count, expected_len;
4661 int i, err;
4662
4663 BT_DBG("request for %s", hdev->name);
4664
4665 if (!lmp_le_capable(hdev))
4666 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4667 MGMT_STATUS_NOT_SUPPORTED);
4668
4669 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936
JH		 4670 if (irk_count > max_irk_count) {
4671 BT_ERR("load_irks: too big irk_count value %u", irk_count);
4672 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4673 MGMT_STATUS_INVALID_PARAMS);
4674 }
41edf160
JH		 4675
4676 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
4677 if (expected_len != len) {
4678 BT_ERR("load_irks: expected %u bytes, got %u bytes",
2606ecbc 4679 expected_len, len);
41edf160
JH		 4680 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
4681 MGMT_STATUS_INVALID_PARAMS);
4682 }
4683
4684 BT_DBG("%s irk_count %u", hdev->name, irk_count);
4685
4686 for (i = 0; i < irk_count; i++) {
4687 struct mgmt_irk_info *key = &cp->irks[i];
4688
4689 if (!irk_is_valid(key))
4690 return cmd_status(sk, hdev->id,
4691 MGMT_OP_LOAD_IRKS,
4692 MGMT_STATUS_INVALID_PARAMS);
4693 }
4694
4695 hci_dev_lock(hdev);
4696
4697 hci_smp_irks_clear(hdev);
4698
4699 for (i = 0; i < irk_count; i++) {
4700 struct mgmt_irk_info *irk = &cp->irks[i];
4701 u8 addr_type;
4702
4703 if (irk->addr.type == BDADDR_LE_PUBLIC)
4704 addr_type = ADDR_LE_DEV_PUBLIC;
4705 else
4706 addr_type = ADDR_LE_DEV_RANDOM;
4707
4708 hci_add_irk(hdev, &irk->addr.bdaddr, addr_type, irk->val,
4709 BDADDR_ANY);
4710 }
4711
4712 set_bit(HCI_RPA_RESOLVING, &hdev->dev_flags);
4713
4714 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
4715
4716 hci_dev_unlock(hdev);
4717
4718 return err;
4719}
4720
3f706b72
JH		 4721static bool ltk_is_valid(struct mgmt_ltk_info *key)
4722{
4723 if (key->master != 0x00 && key->master != 0x01)
4724 return false;
490cb0b3
MH		 4725
4726 switch (key->addr.type) {
4727 case BDADDR_LE_PUBLIC:
4728 return true;
4729
4730 case BDADDR_LE_RANDOM:
4731 /* Two most significant bits shall be set */
4732 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
4733 return false;
4734 return true;
4735 }
4736
4737 return false;
3f706b72
JH		 4738}
4739
bdb6d971 4740static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 4741 void *cp_data, u16 len)
346af67b 4742{
346af67b 4743 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 4744 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
4745 sizeof(struct mgmt_ltk_info));
346af67b 4746 u16 key_count, expected_len;
715a5bf2 4747 int i, err;
346af67b 4748
cf99ba13
MH		 4749 BT_DBG("request for %s", hdev->name);
4750
4751 if (!lmp_le_capable(hdev))
4752 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4753 MGMT_STATUS_NOT_SUPPORTED);
4754
1f350c87 4755 key_count = __le16_to_cpu(cp->key_count);
ba1d6936
JH		 4756 if (key_count > max_key_count) {
4757 BT_ERR("load_ltks: too big key_count value %u", key_count);
4758 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
4759 MGMT_STATUS_INVALID_PARAMS);
4760 }
346af67b
VCG		 4761
4762 expected_len = sizeof(*cp) + key_count *
4763 sizeof(struct mgmt_ltk_info);
4764 if (expected_len != len) {
4765 BT_ERR("load_keys: expected %u bytes, got %u bytes",
2606ecbc 4766 expected_len, len);
bdb6d971 4767 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
e57e619f 4768 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 4769 }
4770
bdb6d971 4771 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 4772
54ad6d8a
JH		 4773 for (i = 0; i < key_count; i++) {
4774 struct mgmt_ltk_info *key = &cp->keys[i];
4775
3f706b72 4776 if (!ltk_is_valid(key))
54ad6d8a
JH		 4777 return cmd_status(sk, hdev->id,
4778 MGMT_OP_LOAD_LONG_TERM_KEYS,
4779 MGMT_STATUS_INVALID_PARAMS);
4780 }
4781
346af67b
VCG		 4782 hci_dev_lock(hdev);
4783
4784 hci_smp_ltks_clear(hdev);
4785
4786 for (i = 0; i < key_count; i++) {
4787 struct mgmt_ltk_info *key = &cp->keys[i];
d7b25450 4788 u8 type, addr_type, authenticated;
79d95a19
MH		 4789
4790 if (key->addr.type == BDADDR_LE_PUBLIC)
4791 addr_type = ADDR_LE_DEV_PUBLIC;
4792 else
4793 addr_type = ADDR_LE_DEV_RANDOM;
346af67b
VCG		 4794
4795 if (key->master)
2ceba539 4796 type = SMP_LTK;
346af67b 4797 else
2ceba539 4798 type = SMP_LTK_SLAVE;
346af67b 4799
61b43357
JH		 4800 switch (key->type) {
4801 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 4802 authenticated = 0x00;
61b43357
JH		 4803 break;
4804 case MGMT_LTK_AUTHENTICATED:
d7b25450 4805 authenticated = 0x01;
61b43357
JH		 4806 break;
4807 default:
4808 continue;
4809 }
d7b25450 4810
35d70271 4811 hci_add_ltk(hdev, &key->addr.bdaddr, addr_type, type,
d7b25450 4812 authenticated, key->val, key->enc_size, key->ediv,
35d70271 4813 key->rand);
346af67b
VCG		 4814 }
4815
715a5bf2
JH		 4816 err = cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
4817 NULL, 0);
4818
346af67b 4819 hci_dev_unlock(hdev);
346af67b 4820
715a5bf2 4821 return err;
346af67b
VCG		 4822}
4823
dd983808
AK		 4824struct cmd_conn_lookup {
4825 struct hci_conn *conn;
4826 bool valid_tx_power;
4827 u8 mgmt_status;
4828};
4829
4830static void get_conn_info_complete(struct pending_cmd *cmd, void *data)
4831{
4832 struct cmd_conn_lookup *match = data;
4833 struct mgmt_cp_get_conn_info *cp;
4834 struct mgmt_rp_get_conn_info rp;
4835 struct hci_conn *conn = cmd->user_data;
4836
4837 if (conn != match->conn)
4838 return;
4839
4840 cp = (struct mgmt_cp_get_conn_info *) cmd->param;
4841
4842 memset(&rp, 0, sizeof(rp));
4843 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4844 rp.addr.type = cp->addr.type;
4845
4846 if (!match->mgmt_status) {
4847 rp.rssi = conn->rssi;
4848
eed5daf3 4849 if (match->valid_tx_power) {
dd983808 4850 rp.tx_power = conn->tx_power;
eed5daf3
AK		 4851 rp.max_tx_power = conn->max_tx_power;
4852 } else {
dd983808 4853 rp.tx_power = HCI_TX_POWER_INVALID;
eed5daf3
AK		 4854 rp.max_tx_power = HCI_TX_POWER_INVALID;
4855 }
dd983808
AK		 4856 }
4857
4858 cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
4859 match->mgmt_status, &rp, sizeof(rp));
4860
4861 hci_conn_drop(conn);
4862
4863 mgmt_pending_remove(cmd);
4864}
4865
4866static void conn_info_refresh_complete(struct hci_dev *hdev, u8 status)
4867{
4868 struct hci_cp_read_rssi *cp;
4869 struct hci_conn *conn;
4870 struct cmd_conn_lookup match;
4871 u16 handle;
4872
4873 BT_DBG("status 0x%02x", status);
4874
4875 hci_dev_lock(hdev);
4876
4877 /* TX power data is valid in case request completed successfully,
eed5daf3
AK		 4878 * otherwise we assume it's not valid. At the moment we assume that
4879 * either both or none of current and max values are valid to keep code
4880 * simple.
dd983808
AK		 4881 */
4882 match.valid_tx_power = !status;
4883
4884 /* Commands sent in request are either Read RSSI or Read Transmit Power
4885 * Level so we check which one was last sent to retrieve connection
4886 * handle. Both commands have handle as first parameter so it's safe to
4887 * cast data on the same command struct.
4888 *
4889 * First command sent is always Read RSSI and we fail only if it fails.
4890 * In other case we simply override error to indicate success as we
4891 * already remembered if TX power value is actually valid.
4892 */
4893 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
4894 if (!cp) {
4895 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
4896 status = 0;
4897 }
4898
4899 if (!cp) {
4900 BT_ERR("invalid sent_cmd in response");
4901 goto unlock;
4902 }
4903
4904 handle = __le16_to_cpu(cp->handle);
4905 conn = hci_conn_hash_lookup_handle(hdev, handle);
4906 if (!conn) {
4907 BT_ERR("unknown handle (%d) in response", handle);
4908 goto unlock;
4909 }
4910
4911 match.conn = conn;
4912 match.mgmt_status = mgmt_status(status);
4913
4914 /* Cache refresh is complete, now reply for mgmt request for given
4915 * connection only.
4916 */
4917 mgmt_pending_foreach(MGMT_OP_GET_CONN_INFO, hdev,
4918 get_conn_info_complete, &match);
4919
4920unlock:
4921 hci_dev_unlock(hdev);
4922}
4923
4924static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
4925 u16 len)
4926{
4927 struct mgmt_cp_get_conn_info *cp = data;
4928 struct mgmt_rp_get_conn_info rp;
4929 struct hci_conn *conn;
4930 unsigned long conn_info_age;
4931 int err = 0;
4932
4933 BT_DBG("%s", hdev->name);
4934
4935 memset(&rp, 0, sizeof(rp));
4936 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4937 rp.addr.type = cp->addr.type;
4938
4939 if (!bdaddr_type_is_valid(cp->addr.type))
4940 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4941 MGMT_STATUS_INVALID_PARAMS,
4942 &rp, sizeof(rp));
4943
4944 hci_dev_lock(hdev);
4945
4946 if (!hdev_is_powered(hdev)) {
4947 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4948 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
4949 goto unlock;
4950 }
4951
4952 if (cp->addr.type == BDADDR_BREDR)
4953 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
4954 &cp->addr.bdaddr);
4955 else
4956 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
4957
4958 if (!conn || conn->state != BT_CONNECTED) {
4959 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
4960 MGMT_STATUS_NOT_CONNECTED, &rp, sizeof(rp));
4961 goto unlock;
4962 }
4963
4964 /* To avoid client trying to guess when to poll again for information we
4965 * calculate conn info age as random value between min/max set in hdev.
4966 */
4967 conn_info_age = hdev->conn_info_min_age +
4968 prandom_u32_max(hdev->conn_info_max_age -
4969 hdev->conn_info_min_age);
4970
4971 /* Query controller to refresh cached values if they are too old or were
4972 * never read.
4973 */
f4e2dd53
AK		 4974 if (time_after(jiffies, conn->conn_info_timestamp +
4975 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 4976 !conn->conn_info_timestamp) {
4977 struct hci_request req;
4978 struct hci_cp_read_tx_power req_txp_cp;
4979 struct hci_cp_read_rssi req_rssi_cp;
4980 struct pending_cmd *cmd;
4981
4982 hci_req_init(&req, hdev);
4983 req_rssi_cp.handle = cpu_to_le16(conn->handle);
4984 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
4985 &req_rssi_cp);
4986
f7faab0c
AK		 4987 /* For LE links TX power does not change thus we don't need to
4988 * query for it once value is known.
4989 */
4990 if (!bdaddr_type_is_le(cp->addr.type) ||
4991 conn->tx_power == HCI_TX_POWER_INVALID) {
4992 req_txp_cp.handle = cpu_to_le16(conn->handle);
4993 req_txp_cp.type = 0x00;
4994 hci_req_add(&req, HCI_OP_READ_TX_POWER,
4995 sizeof(req_txp_cp), &req_txp_cp);
4996 }
dd983808 4997
eed5daf3
AK		 4998 /* Max TX power needs to be read only once per connection */
4999 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5000 req_txp_cp.handle = cpu_to_le16(conn->handle);
5001 req_txp_cp.type = 0x01;
5002 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5003 sizeof(req_txp_cp), &req_txp_cp);
5004 }
5005
dd983808
AK		 5006 err = hci_req_run(&req, conn_info_refresh_complete);
5007 if (err < 0)
5008 goto unlock;
5009
5010 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5011 data, len);
5012 if (!cmd) {
5013 err = -ENOMEM;
5014 goto unlock;
5015 }
5016
5017 hci_conn_hold(conn);
5018 cmd->user_data = conn;
5019
5020 conn->conn_info_timestamp = jiffies;
5021 } else {
5022 /* Cache is valid, just reply with values cached in hci_conn */
5023 rp.rssi = conn->rssi;
5024 rp.tx_power = conn->tx_power;
eed5daf3 5025 rp.max_tx_power = conn->max_tx_power;
dd983808
AK		 5026
5027 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5028 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
5029 }
5030
5031unlock:
5032 hci_dev_unlock(hdev);
5033 return err;
5034}
5035
95868426
JH		 5036static void get_clock_info_complete(struct hci_dev *hdev, u8 status)
5037{
5038 struct mgmt_cp_get_clock_info *cp;
5039 struct mgmt_rp_get_clock_info rp;
5040 struct hci_cp_read_clock *hci_cp;
5041 struct pending_cmd *cmd;
5042 struct hci_conn *conn;
5043
5044 BT_DBG("%s status %u", hdev->name, status);
5045
5046 hci_dev_lock(hdev);
5047
5048 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5049 if (!hci_cp)
5050 goto unlock;
5051
5052 if (hci_cp->which) {
5053 u16 handle = __le16_to_cpu(hci_cp->handle);
5054 conn = hci_conn_hash_lookup_handle(hdev, handle);
5055 } else {
5056 conn = NULL;
5057 }
5058
5059 cmd = mgmt_pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
5060 if (!cmd)
5061 goto unlock;
5062
5063 cp = cmd->param;
5064
5065 memset(&rp, 0, sizeof(rp));
5066 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
5067
5068 if (status)
5069 goto send_rsp;
5070
5071 rp.local_clock = cpu_to_le32(hdev->clock);
5072
5073 if (conn) {
5074 rp.piconet_clock = cpu_to_le32(conn->clock);
5075 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5076 }
5077
5078send_rsp:
5079 cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(status),
5080 &rp, sizeof(rp));
5081 mgmt_pending_remove(cmd);
5082 if (conn)
5083 hci_conn_drop(conn);
5084
5085unlock:
5086 hci_dev_unlock(hdev);
5087}
5088
5089static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5090 u16 len)
5091{
5092 struct mgmt_cp_get_clock_info *cp = data;
5093 struct mgmt_rp_get_clock_info rp;
5094 struct hci_cp_read_clock hci_cp;
5095 struct pending_cmd *cmd;
5096 struct hci_request req;
5097 struct hci_conn *conn;
5098 int err;
5099
5100 BT_DBG("%s", hdev->name);
5101
5102 memset(&rp, 0, sizeof(rp));
5103 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5104 rp.addr.type = cp->addr.type;
5105
5106 if (cp->addr.type != BDADDR_BREDR)
5107 return cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5108 MGMT_STATUS_INVALID_PARAMS,
5109 &rp, sizeof(rp));
5110
5111 hci_dev_lock(hdev);
5112
5113 if (!hdev_is_powered(hdev)) {
5114 err = cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5115 MGMT_STATUS_NOT_POWERED, &rp, sizeof(rp));
5116 goto unlock;
5117 }
5118
5119 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5120 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5121 &cp->addr.bdaddr);
5122 if (!conn || conn->state != BT_CONNECTED) {
5123 err = cmd_complete(sk, hdev->id,
5124 MGMT_OP_GET_CLOCK_INFO,
5125 MGMT_STATUS_NOT_CONNECTED,
5126 &rp, sizeof(rp));
5127 goto unlock;
5128 }
5129 } else {
5130 conn = NULL;
5131 }
5132
5133 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5134 if (!cmd) {
5135 err = -ENOMEM;
5136 goto unlock;
5137 }
5138
5139 hci_req_init(&req, hdev);
5140
5141 memset(&hci_cp, 0, sizeof(hci_cp));
5142 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5143
5144 if (conn) {
5145 hci_conn_hold(conn);
5146 cmd->user_data = conn;
5147
5148 hci_cp.handle = cpu_to_le16(conn->handle);
5149 hci_cp.which = 0x01; /* Piconet clock */
5150 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5151 }
5152
5153 err = hci_req_run(&req, get_clock_info_complete);
5154 if (err < 0)
5155 mgmt_pending_remove(cmd);
5156
5157unlock:
5158 hci_dev_unlock(hdev);
5159 return err;
5160}
5161
8afef092
MH		 5162static void device_added(struct sock *sk, struct hci_dev *hdev,
5163 bdaddr_t *bdaddr, u8 type, u8 action)
5164{
5165 struct mgmt_ev_device_added ev;
5166
5167 bacpy(&ev.addr.bdaddr, bdaddr);
5168 ev.addr.type = type;
5169 ev.action = action;
5170
5171 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5172}
5173
2faade53
MH		 5174static int add_device(struct sock *sk, struct hci_dev *hdev,
5175 void *data, u16 len)
5176{
5177 struct mgmt_cp_add_device *cp = data;
5178 u8 auto_conn, addr_type;
5179 int err;
5180
5181 BT_DBG("%s", hdev->name);
5182
5183 if (!bdaddr_type_is_le(cp->addr.type) ||
5184 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
5185 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5186 MGMT_STATUS_INVALID_PARAMS,
5187 &cp->addr, sizeof(cp->addr));
5188
5189 if (cp->action != 0x00 && cp->action != 0x01)
5190 return cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5191 MGMT_STATUS_INVALID_PARAMS,
5192 &cp->addr, sizeof(cp->addr));
5193
5194 hci_dev_lock(hdev);
5195
5196 if (cp->addr.type == BDADDR_LE_PUBLIC)
5197 addr_type = ADDR_LE_DEV_PUBLIC;
5198 else
5199 addr_type = ADDR_LE_DEV_RANDOM;
5200
5201 if (cp->action)
5202 auto_conn = HCI_AUTO_CONN_ALWAYS;
5203 else
a3451d27 5204 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5205
bf5b3c8b
MH		 5206 /* If the connection parameters don't exist for this device,
5207 * they will be created and configured with defaults.
5208 */
d06b50ce
MH		 5209 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
5210 auto_conn) < 0) {
2faade53
MH		 5211 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5212 MGMT_STATUS_FAILED,
5213 &cp->addr, sizeof(cp->addr));
5214 goto unlock;
5215 }
5216
8afef092
MH		 5217 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5218
2faade53
MH		 5219 err = cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5220 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5221
5222unlock:
5223 hci_dev_unlock(hdev);
5224 return err;
5225}
5226
8afef092
MH		 5227static void device_removed(struct sock *sk, struct hci_dev *hdev,
5228 bdaddr_t *bdaddr, u8 type)
5229{
5230 struct mgmt_ev_device_removed ev;
5231
5232 bacpy(&ev.addr.bdaddr, bdaddr);
5233 ev.addr.type = type;
5234
5235 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5236}
5237
2faade53
MH		 5238static int remove_device(struct sock *sk, struct hci_dev *hdev,
5239 void *data, u16 len)
5240{
5241 struct mgmt_cp_remove_device *cp = data;
5242 int err;
5243
5244 BT_DBG("%s", hdev->name);
5245
5246 hci_dev_lock(hdev);
5247
5248 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5249 struct hci_conn_params *params;
2faade53
MH		 5250 u8 addr_type;
5251
5252 if (!bdaddr_type_is_le(cp->addr.type)) {
5253 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5254 MGMT_STATUS_INVALID_PARAMS,
5255 &cp->addr, sizeof(cp->addr));
5256 goto unlock;
5257 }
5258
5259 if (cp->addr.type == BDADDR_LE_PUBLIC)
5260 addr_type = ADDR_LE_DEV_PUBLIC;
5261 else
5262 addr_type = ADDR_LE_DEV_RANDOM;
5263
c71593dd
JH		 5264 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5265 addr_type);
5266 if (!params) {
5267 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5268 MGMT_STATUS_INVALID_PARAMS,
5269 &cp->addr, sizeof(cp->addr));
5270 goto unlock;
5271 }
5272
5273 if (params->auto_connect == HCI_AUTO_CONN_DISABLED) {
5274 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5275 MGMT_STATUS_INVALID_PARAMS,
5276 &cp->addr, sizeof(cp->addr));
5277 goto unlock;
5278 }
5279
d1dbf12e 5280 list_del(&params->action);
c71593dd
JH		 5281 list_del(&params->list);
5282 kfree(params);
95305baa 5283 hci_update_background_scan(hdev);
8afef092
MH		 5284
5285 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5286 } else {
19de0825
JH		 5287 struct hci_conn_params *p, *tmp;
5288
2faade53
MH		 5289 if (cp->addr.type) {
5290 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5291 MGMT_STATUS_INVALID_PARAMS,
5292 &cp->addr, sizeof(cp->addr));
5293 goto unlock;
5294 }
5295
19de0825
JH		 5296 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5297 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5298 continue;
5299 device_removed(sk, hdev, &p->addr, p->addr_type);
5300 list_del(&p->action);
5301 list_del(&p->list);
5302 kfree(p);
5303 }
5304
5305 BT_DBG("All LE connection parameters were removed");
5306
5307 hci_update_background_scan(hdev);
2faade53
MH		 5308 }
5309
5310 err = cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5311 MGMT_STATUS_SUCCESS, &cp->addr, sizeof(cp->addr));
5312
5313unlock:
5314 hci_dev_unlock(hdev);
5315 return err;
5316}
5317
a26f3dcf
JH		 5318static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5319 u16 len)
5320{
5321 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5322 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5323 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5324 u16 param_count, expected_len;
5325 int i;
5326
5327 if (!lmp_le_capable(hdev))
5328 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5329 MGMT_STATUS_NOT_SUPPORTED);
5330
5331 param_count = __le16_to_cpu(cp->param_count);
ba1d6936
JH		 5332 if (param_count > max_param_count) {
5333 BT_ERR("load_conn_param: too big param_count value %u",
5334 param_count);
5335 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5336 MGMT_STATUS_INVALID_PARAMS);
5337 }
a26f3dcf
JH		 5338
5339 expected_len = sizeof(*cp) + param_count *
5340 sizeof(struct mgmt_conn_param);
5341 if (expected_len != len) {
5342 BT_ERR("load_conn_param: expected %u bytes, got %u bytes",
5343 expected_len, len);
5344 return cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5345 MGMT_STATUS_INVALID_PARAMS);
5346 }
5347
5348 BT_DBG("%s param_count %u", hdev->name, param_count);
5349
5350 hci_dev_lock(hdev);
5351
5352 hci_conn_params_clear_disabled(hdev);
5353
5354 for (i = 0; i < param_count; i++) {
5355 struct mgmt_conn_param *param = &cp->params[i];
5356 struct hci_conn_params *hci_param;
5357 u16 min, max, latency, timeout;
5358 u8 addr_type;
5359
5360 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5361 param->addr.type);
5362
5363 if (param->addr.type == BDADDR_LE_PUBLIC) {
5364 addr_type = ADDR_LE_DEV_PUBLIC;
5365 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5366 addr_type = ADDR_LE_DEV_RANDOM;
5367 } else {
5368 BT_ERR("Ignoring invalid connection parameters");
5369 continue;
5370 }
5371
5372 min = le16_to_cpu(param->min_interval);
5373 max = le16_to_cpu(param->max_interval);
5374 latency = le16_to_cpu(param->latency);
5375 timeout = le16_to_cpu(param->timeout);
5376
5377 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5378 min, max, latency, timeout);
5379
5380 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
5381 BT_ERR("Ignoring invalid connection parameters");
5382 continue;
5383 }
5384
5385 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5386 addr_type);
5387 if (!hci_param) {
5388 BT_ERR("Failed to add connection parameters");
5389 continue;
5390 }
5391
5392 hci_param->conn_min_interval = min;
5393 hci_param->conn_max_interval = max;
5394 hci_param->conn_latency = latency;
5395 hci_param->supervision_timeout = timeout;
5396 }
5397
5398 hci_dev_unlock(hdev);
5399
5400 return cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0, NULL, 0);
5401}
5402
dbece37a
MH		 5403static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5404 void *data, u16 len)
5405{
5406 struct mgmt_cp_set_external_config *cp = data;
5407 bool changed;
5408 int err;
5409
5410 BT_DBG("%s", hdev->name);
5411
5412 if (hdev_is_powered(hdev))
5413 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5414 MGMT_STATUS_REJECTED);
5415
5416 if (cp->config != 0x00 && cp->config != 0x01)
5417 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5418 MGMT_STATUS_INVALID_PARAMS);
5419
5420 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
5421 return cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5422 MGMT_STATUS_NOT_SUPPORTED);
5423
5424 hci_dev_lock(hdev);
5425
5426 if (cp->config)
5427 changed = !test_and_set_bit(HCI_EXT_CONFIGURED,
5428 &hdev->dev_flags);
5429 else
5430 changed = test_and_clear_bit(HCI_EXT_CONFIGURED,
5431 &hdev->dev_flags);
5432
5433 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5434 if (err < 0)
5435 goto unlock;
5436
5437 if (!changed)
5438 goto unlock;
5439
f4537c04
MH		 5440 err = new_options(hdev, sk);
5441
dbece37a
MH		 5442 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) == is_configured(hdev)) {
5443 mgmt_index_removed(hdev);
5444 change_bit(HCI_UNCONFIGURED, &hdev->dev_flags);
5445 mgmt_index_added(hdev);
5446 }
5447
5448unlock:
5449 hci_dev_unlock(hdev);
5450 return err;
5451}
5452
2e3c35ea 5453static const struct mgmt_handler {
04124681
GP		 5454 int (*func) (struct sock *sk, struct hci_dev *hdev, void *data,
5455 u16 data_len);
be22b54e
JH		 5456 bool var_len;
5457 size_t data_len;
0f4e68cf
JH		 5458} mgmt_handlers[] = {
5459 { NULL }, /* 0x0000 (no command) */
be22b54e
JH		 5460 { read_version, false, MGMT_READ_VERSION_SIZE },
5461 { read_commands, false, MGMT_READ_COMMANDS_SIZE },
5462 { read_index_list, false, MGMT_READ_INDEX_LIST_SIZE },
5463 { read_controller_info, false, MGMT_READ_INFO_SIZE },
5464 { set_powered, false, MGMT_SETTING_SIZE },
5465 { set_discoverable, false, MGMT_SET_DISCOVERABLE_SIZE },
5466 { set_connectable, false, MGMT_SETTING_SIZE },
5467 { set_fast_connectable, false, MGMT_SETTING_SIZE },
5468 { set_pairable, false, MGMT_SETTING_SIZE },
5469 { set_link_security, false, MGMT_SETTING_SIZE },
5470 { set_ssp, false, MGMT_SETTING_SIZE },
5471 { set_hs, false, MGMT_SETTING_SIZE },
5472 { set_le, false, MGMT_SETTING_SIZE },
5473 { set_dev_class, false, MGMT_SET_DEV_CLASS_SIZE },
5474 { set_local_name, false, MGMT_SET_LOCAL_NAME_SIZE },
5475 { add_uuid, false, MGMT_ADD_UUID_SIZE },
5476 { remove_uuid, false, MGMT_REMOVE_UUID_SIZE },
5477 { load_link_keys, true, MGMT_LOAD_LINK_KEYS_SIZE },
5478 { load_long_term_keys, true, MGMT_LOAD_LONG_TERM_KEYS_SIZE },
5479 { disconnect, false, MGMT_DISCONNECT_SIZE },
5480 { get_connections, false, MGMT_GET_CONNECTIONS_SIZE },
5481 { pin_code_reply, false, MGMT_PIN_CODE_REPLY_SIZE },
5482 { pin_code_neg_reply, false, MGMT_PIN_CODE_NEG_REPLY_SIZE },
5483 { set_io_capability, false, MGMT_SET_IO_CAPABILITY_SIZE },
5484 { pair_device, false, MGMT_PAIR_DEVICE_SIZE },
5485 { cancel_pair_device, false, MGMT_CANCEL_PAIR_DEVICE_SIZE },
5486 { unpair_device, false, MGMT_UNPAIR_DEVICE_SIZE },
5487 { user_confirm_reply, false, MGMT_USER_CONFIRM_REPLY_SIZE },
5488 { user_confirm_neg_reply, false, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
5489 { user_passkey_reply, false, MGMT_USER_PASSKEY_REPLY_SIZE },
5490 { user_passkey_neg_reply, false, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
5491 { read_local_oob_data, false, MGMT_READ_LOCAL_OOB_DATA_SIZE },
ec109113 5492 { add_remote_oob_data, true, MGMT_ADD_REMOTE_OOB_DATA_SIZE },
be22b54e
JH		 5493 { remove_remote_oob_data, false, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
5494 { start_discovery, false, MGMT_START_DISCOVERY_SIZE },
5495 { stop_discovery, false, MGMT_STOP_DISCOVERY_SIZE },
5496 { confirm_name, false, MGMT_CONFIRM_NAME_SIZE },
5497 { block_device, false, MGMT_BLOCK_DEVICE_SIZE },
5498 { unblock_device, false, MGMT_UNBLOCK_DEVICE_SIZE },
cdbaccca 5499 { set_device_id, false, MGMT_SET_DEVICE_ID_SIZE },
4375f103 5500 { set_advertising, false, MGMT_SETTING_SIZE },
0663ca2a 5501 { set_bredr, false, MGMT_SETTING_SIZE },
d13eafce 5502 { set_static_address, false, MGMT_SET_STATIC_ADDRESS_SIZE },
14b49b9a 5503 { set_scan_params, false, MGMT_SET_SCAN_PARAMS_SIZE },
eac83dc6 5504 { set_secure_conn, false, MGMT_SETTING_SIZE },
4e39ac81 5505 { set_debug_keys, false, MGMT_SETTING_SIZE },
62b04cd1 5506 { set_privacy, false, MGMT_SET_PRIVACY_SIZE },
41edf160 5507 { load_irks, true, MGMT_LOAD_IRKS_SIZE },
dd983808 5508 { get_conn_info, false, MGMT_GET_CONN_INFO_SIZE },
95868426 5509 { get_clock_info, false, MGMT_GET_CLOCK_INFO_SIZE },
2faade53
MH		 5510 { add_device, false, MGMT_ADD_DEVICE_SIZE },
5511 { remove_device, false, MGMT_REMOVE_DEVICE_SIZE },
73d1df2a
MH		 5512 { load_conn_param, true, MGMT_LOAD_CONN_PARAM_SIZE },
5513 { read_unconf_index_list, false, MGMT_READ_UNCONF_INDEX_LIST_SIZE },
9fc3bfb6 5514 { read_config_info, false, MGMT_READ_CONFIG_INFO_SIZE },
dbece37a 5515 { set_external_config, false, MGMT_SET_EXTERNAL_CONFIG_SIZE },
0f4e68cf
JH		 5516};
5517
0381101f
JH		 5518int mgmt_control(struct sock *sk, struct msghdr *msg, size_t msglen)
5519{
650f726d
VCG		 5520 void *buf;
5521 u8 *cp;
0381101f 5522 struct mgmt_hdr *hdr;
4e51eae9 5523 u16 opcode, index, len;
bdb6d971 5524 struct hci_dev *hdev = NULL;
2e3c35ea 5525 const struct mgmt_handler *handler;
0381101f
JH		 5526 int err;
5527
5528 BT_DBG("got %zu bytes", msglen);
5529
5530 if (msglen < sizeof(*hdr))
5531 return -EINVAL;
5532
e63a15ec 5533 buf = kmalloc(msglen, GFP_KERNEL);
0381101f
JH		 5534 if (!buf)
5535 return -ENOMEM;
5536
5537 if (memcpy_fromiovec(buf, msg->msg_iov, msglen)) {
5538 err = -EFAULT;
5539 goto done;
5540 }
5541
650f726d 5542 hdr = buf;
1f350c87
MH		 5543 opcode = __le16_to_cpu(hdr->opcode);
5544 index = __le16_to_cpu(hdr->index);
5545 len = __le16_to_cpu(hdr->len);
0381101f
JH		 5546
5547 if (len != msglen - sizeof(*hdr)) {
5548 err = -EINVAL;
5549 goto done;
5550 }
5551
0f4e68cf 5552 if (index != MGMT_INDEX_NONE) {
bdb6d971
JH		 5553 hdev = hci_dev_get(index);
5554 if (!hdev) {
5555 err = cmd_status(sk, index, opcode,
04124681 5556 MGMT_STATUS_INVALID_INDEX);
bdb6d971
JH		 5557 goto done;
5558 }
0736cfa8 5559
cebf4cfd 5560 if (test_bit(HCI_SETUP, &hdev->dev_flags) ||
4a964404 5561 test_bit(HCI_USER_CHANNEL, &hdev->dev_flags)) {
0736cfa8
MH		 5562 err = cmd_status(sk, index, opcode,
5563 MGMT_STATUS_INVALID_INDEX);
5564 goto done;
5565 }
42a9bc14
MH		 5566
5567 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags) &&
dbece37a
MH		 5568 opcode != MGMT_OP_READ_CONFIG_INFO &&
5569 opcode != MGMT_OP_SET_EXTERNAL_CONFIG) {
42a9bc14
MH		 5570 err = cmd_status(sk, index, opcode,
5571 MGMT_STATUS_INVALID_INDEX);
5572 goto done;
5573 }
bdb6d971
JH		 5574 }
5575
0f4e68cf 5576 if (opcode >= ARRAY_SIZE(mgmt_handlers) ||
8ce8e2b5 5577 mgmt_handlers[opcode].func == NULL) {
0381101f 5578 BT_DBG("Unknown op %u", opcode);
ca69b795 5579 err = cmd_status(sk, index, opcode,
04124681 5580 MGMT_STATUS_UNKNOWN_COMMAND);
0f4e68cf
JH		 5581 goto done;
5582 }
5583
73d1df2a
MH		 5584 if (hdev && (opcode <= MGMT_OP_READ_INDEX_LIST ||
5585 opcode == MGMT_OP_READ_UNCONF_INDEX_LIST)) {
5586 err = cmd_status(sk, index, opcode,
5587 MGMT_STATUS_INVALID_INDEX);
5588 goto done;
5589 }
5590
5591 if (!hdev && (opcode > MGMT_OP_READ_INDEX_LIST &&
5592 opcode != MGMT_OP_READ_UNCONF_INDEX_LIST)) {
0f4e68cf 5593 err = cmd_status(sk, index, opcode,
04124681 5594 MGMT_STATUS_INVALID_INDEX);
0f4e68cf 5595 goto done;
0381101f
JH		 5596 }
5597
be22b54e
JH		 5598 handler = &mgmt_handlers[opcode];
5599
5600 if ((handler->var_len && len < handler->data_len) ||
8ce8e2b5 5601 (!handler->var_len && len != handler->data_len)) {
be22b54e 5602 err = cmd_status(sk, index, opcode,
04124681 5603 MGMT_STATUS_INVALID_PARAMS);
be22b54e
JH		 5604 goto done;
5605 }
5606
0f4e68cf
JH		 5607 if (hdev)
5608 mgmt_init_hdev(sk, hdev);
5609
5610 cp = buf + sizeof(*hdr);
5611
be22b54e 5612 err = handler->func(sk, hdev, cp, len);
e41d8b4e
JH		 5613 if (err < 0)
5614 goto done;
5615
0381101f
JH		 5616 err = msglen;
5617
5618done:
bdb6d971
JH		 5619 if (hdev)
5620 hci_dev_put(hdev);
5621
0381101f
JH		 5622 kfree(buf);
5623 return err;
5624}
c71e97bf 5625
bf6b56db 5626void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 5627{
1514b892 5628 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5629 return;
bb4b2a9a 5630
0602a8ad
MH		 5631 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5632 return;
5633
5634 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5635 mgmt_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev, NULL, 0, NULL);
5636 else
5637 mgmt_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0, NULL);
c71e97bf
JH		 5638}
5639
bf6b56db 5640void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 5641{
5f159032 5642 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 5643
1514b892 5644 if (hdev->dev_type != HCI_BREDR)
bf6b56db 5645 return;
bb4b2a9a 5646
0602a8ad
MH		 5647 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
5648 return;
5649
744cf19e 5650 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status);
b24752fe 5651
edd3896b
MH		 5652 if (test_bit(HCI_UNCONFIGURED, &hdev->dev_flags))
5653 mgmt_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev, NULL, 0, NULL);
5654 else
5655 mgmt_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0, NULL);
eec8d2bc
JH		 5656}
5657
6046dc3e 5658/* This function requires the caller holds hdev->lock */
d7347f3c 5659static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 5660{
5661 struct hci_conn_params *p;
5662
5663 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 5664 /* Needed for AUTO_OFF case where might not "really"
5665 * have been powered off.
5666 */
5667 list_del_init(&p->action);
5668
5669 switch (p->auto_connect) {
5670 case HCI_AUTO_CONN_ALWAYS:
5671 list_add(&p->action, &hdev->pend_le_conns);
5672 break;
5673 case HCI_AUTO_CONN_REPORT:
5674 list_add(&p->action, &hdev->pend_le_reports);
5675 break;
5676 default:
5677 break;
c83ed19d 5678 }
6046dc3e 5679 }
c83ed19d 5680
c83ed19d 5681 hci_update_background_scan(hdev);
6046dc3e
AG		 5682}
5683
229ab39c
JH		 5684static void powered_complete(struct hci_dev *hdev, u8 status)
5685{
5686 struct cmd_lookup match = { NULL, hdev };
5687
5688 BT_DBG("status 0x%02x", status);
5689
5690 hci_dev_lock(hdev);
5691
d7347f3c 5692 restart_le_actions(hdev);
6046dc3e 5693
229ab39c
JH		 5694 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5695
5696 new_settings(hdev, match.sk);
5697
5698 hci_dev_unlock(hdev);
5699
5700 if (match.sk)
5701 sock_put(match.sk);
5702}
5703
70da6243 5704static int powered_update_hci(struct hci_dev *hdev)
5add6af8 5705{
890ea898 5706 struct hci_request req;
70da6243 5707 u8 link_sec;
5add6af8 5708
890ea898
JH		 5709 hci_req_init(&req, hdev);
5710
70da6243
JH		 5711 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags) &&
5712 !lmp_host_ssp_capable(hdev)) {
5713 u8 ssp = 1;
5e5282bb 5714
890ea898 5715 hci_req_add(&req, HCI_OP_WRITE_SSP_MODE, 1, &ssp);
70da6243 5716 }
5add6af8 5717
c73eee91
JH		 5718 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags) &&
5719 lmp_bredr_capable(hdev)) {
70da6243 5720 struct hci_cp_write_le_host_supported cp;
f0ff92fb 5721
70da6243
JH		 5722 cp.le = 1;
5723 cp.simul = lmp_le_br_capable(hdev);
3d1cbdd6 5724
70da6243
JH		 5725 /* Check first if we already have the right
5726 * host state (host features set)
5727 */
5728 if (cp.le != lmp_host_le_capable(hdev) ||
5729 cp.simul != lmp_host_le_br_capable(hdev))
890ea898
JH		 5730 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED,
5731 sizeof(cp), &cp);
70da6243 5732 }
3d1cbdd6 5733
d13eafce 5734 if (lmp_le_capable(hdev)) {
441ad2d0
MH		 5735 /* Make sure the controller has a good default for
5736 * advertising data. This also applies to the case
5737 * where BR/EDR was toggled during the AUTO_OFF phase.
5738 */
f14d8f64 5739 if (test_bit(HCI_LE_ENABLED, &hdev->dev_flags)) {
5947f4bc 5740 update_adv_data(&req);
f14d8f64
MH		 5741 update_scan_rsp_data(&req);
5742 }
441ad2d0 5743
bba3aa55
MH		 5744 if (test_bit(HCI_ADVERTISING, &hdev->dev_flags))
5745 enable_advertising(&req);
eeca6f89
JH		 5746 }
5747
70da6243
JH		 5748 link_sec = test_bit(HCI_LINK_SECURITY, &hdev->dev_flags);
5749 if (link_sec != test_bit(HCI_AUTH, &hdev->flags))
890ea898
JH		 5750 hci_req_add(&req, HCI_OP_WRITE_AUTH_ENABLE,
5751 sizeof(link_sec), &link_sec);
562fcc24 5752
70da6243 5753 if (lmp_bredr_capable(hdev)) {
56f87901
JH		 5754 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags))
5755 set_bredr_scan(&req);
890ea898 5756 update_class(&req);
13928971 5757 update_name(&req);
890ea898 5758 update_eir(&req);
70da6243 5759 }
562fcc24 5760
229ab39c 5761 return hci_req_run(&req, powered_complete);
70da6243 5762}
562fcc24 5763
70da6243
JH		 5764int mgmt_powered(struct hci_dev *hdev, u8 powered)
5765{
5766 struct cmd_lookup match = { NULL, hdev };
229ab39c
JH		 5767 u8 status_not_powered = MGMT_STATUS_NOT_POWERED;
5768 u8 zero_cod[] = { 0, 0, 0 };
70da6243 5769 int err;
f0ff92fb 5770
70da6243
JH		 5771 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
5772 return 0;
5773
70da6243 5774 if (powered) {
229ab39c
JH		 5775 if (powered_update_hci(hdev) == 0)
5776 return 0;
fe038884 5777
229ab39c
JH		 5778 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp,
5779 &match);
5780 goto new_settings;
b24752fe
JH		 5781 }
5782
229ab39c
JH		 5783 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
5784 mgmt_pending_foreach(0, hdev, cmd_status_rsp, &status_not_powered);
5785
5786 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0)
5787 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
5788 zero_cod, sizeof(zero_cod), NULL);
5789
5790new_settings:
beadb2bd 5791 err = new_settings(hdev, match.sk);
eec8d2bc
JH		 5792
5793 if (match.sk)
5794 sock_put(match.sk);
5795
7bb895d6 5796 return err;
5add6af8 5797}
73f22f62 5798
3eec705e 5799void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc
JH		 5800{
5801 struct pending_cmd *cmd;
5802 u8 status;
5803
5804 cmd = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
5805 if (!cmd)
3eec705e 5806 return;
96570ffc
JH		 5807
5808 if (err == -ERFKILL)
5809 status = MGMT_STATUS_RFKILLED;
5810 else
5811 status = MGMT_STATUS_FAILED;
5812
3eec705e 5813 cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 5814
5815 mgmt_pending_remove(cmd);
96570ffc
JH		 5816}
5817
d1967ff8
MH		 5818void mgmt_discoverable_timeout(struct hci_dev *hdev)
5819{
5820 struct hci_request req;
d1967ff8
MH		 5821
5822 hci_dev_lock(hdev);
5823
5824 /* When discoverable timeout triggers, then just make sure
5825 * the limited discoverable flag is cleared. Even in the case
5826 * of a timeout triggered from general discoverable, it is
5827 * safe to unconditionally clear the flag.
5828 */
5829 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
9a43e25f 5830 clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
d1967ff8
MH		 5831
5832 hci_req_init(&req, hdev);
4b580614
JH		 5833 if (test_bit(HCI_BREDR_ENABLED, &hdev->dev_flags)) {
5834 u8 scan = SCAN_PAGE;
5835 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE,
5836 sizeof(scan), &scan);
5837 }
d1967ff8 5838 update_class(&req);
9a43e25f 5839 update_adv_data(&req);
d1967ff8
MH		 5840 hci_req_run(&req, NULL);
5841
5842 hdev->discov_timeout = 0;
5843
9a43e25f
JH		 5844 new_settings(hdev, NULL);
5845
d1967ff8
MH		 5846 hci_dev_unlock(hdev);
5847}
5848
86a75645 5849void mgmt_discoverable(struct hci_dev *hdev, u8 discoverable)
73f22f62 5850{
86a75645 5851 bool changed;
73f22f62 5852
bfaf8c9f
JH		 5853 /* Nothing needed here if there's a pending command since that
5854 * commands request completion callback takes care of everything
5855 * necessary.
5856 */
5857 if (mgmt_pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
86a75645 5858 return;
bfaf8c9f 5859
bd107999
JH		 5860 /* Powering off may clear the scan mode - don't let that interfere */
5861 if (!discoverable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5862 return;
5863
9a43e25f 5864 if (discoverable) {
86a75645 5865 changed = !test_and_set_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5866 } else {
5867 clear_bit(HCI_LIMITED_DISCOVERABLE, &hdev->dev_flags);
86a75645 5868 changed = test_and_clear_bit(HCI_DISCOVERABLE, &hdev->dev_flags);
9a43e25f
JH		 5869 }
5870
5871 if (changed) {
5872 struct hci_request req;
5873
5874 /* In case this change in discoverable was triggered by
5875 * a disabling of connectable there could be a need to
5876 * update the advertising flags.
5877 */
5878 hci_req_init(&req, hdev);
5879 update_adv_data(&req);
5880 hci_req_run(&req, NULL);
73f22f62 5881
86a75645 5882 new_settings(hdev, NULL);
9a43e25f 5883 }
73f22f62 5884}
9fbcbb45 5885
a330916c 5886void mgmt_connectable(struct hci_dev *hdev, u8 connectable)
9fbcbb45 5887{
a330916c 5888 bool changed;
9fbcbb45 5889
d7b856f9
JH		 5890 /* Nothing needed here if there's a pending command since that
5891 * commands request completion callback takes care of everything
5892 * necessary.
5893 */
5894 if (mgmt_pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
a330916c 5895 return;
d7b856f9 5896
ce3f24cf
JH		 5897 /* Powering off may clear the scan mode - don't let that interfere */
5898 if (!connectable && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5899 return;
5900
a330916c
MH		 5901 if (connectable)
5902 changed = !test_and_set_bit(HCI_CONNECTABLE, &hdev->dev_flags);
5903 else
5904 changed = test_and_clear_bit(HCI_CONNECTABLE, &hdev->dev_flags);
9fbcbb45 5905
beadb2bd 5906 if (changed)
a330916c 5907 new_settings(hdev, NULL);
9fbcbb45 5908}
55ed8ca1 5909
778b235a
JH		 5910void mgmt_advertising(struct hci_dev *hdev, u8 advertising)
5911{
7c4cfab8
JH		 5912 /* Powering off may stop advertising - don't let that interfere */
5913 if (!advertising && mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
5914 return;
5915
778b235a
JH		 5916 if (advertising)
5917 set_bit(HCI_ADVERTISING, &hdev->dev_flags);
5918 else
5919 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
5920}
5921
4796e8af 5922void mgmt_write_scan_failed(struct hci_dev *hdev, u8 scan, u8 status)
2d7cee58 5923{
ca69b795
JH		 5924 u8 mgmt_err = mgmt_status(status);
5925
2d7cee58 5926 if (scan & SCAN_PAGE)
744cf19e 5927 mgmt_pending_foreach(MGMT_OP_SET_CONNECTABLE, hdev,
04124681 5928 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5929
5930 if (scan & SCAN_INQUIRY)
744cf19e 5931 mgmt_pending_foreach(MGMT_OP_SET_DISCOVERABLE, hdev,
04124681 5932 cmd_status_rsp, &mgmt_err);
2d7cee58
JH		 5933}
5934
dc4a5ee2
MH		 5935void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
5936 bool persistent)
55ed8ca1 5937{
86742e1e 5938 struct mgmt_ev_new_link_key ev;
55ed8ca1 5939
a492cd52 5940 memset(&ev, 0, sizeof(ev));
55ed8ca1 5941
a492cd52 5942 ev.store_hint = persistent;
d753fdc4 5943 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 5944 ev.key.addr.type = BDADDR_BREDR;
a492cd52 5945 ev.key.type = key->type;
9b3b4460 5946 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 5947 ev.key.pin_len = key->pin_len;
55ed8ca1 5948
dc4a5ee2 5949 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 5950}
f7520543 5951
d7b25450
JH		 5952static u8 mgmt_ltk_type(struct smp_ltk *ltk)
5953{
5954 if (ltk->authenticated)
5955 return MGMT_LTK_AUTHENTICATED;
5956
5957 return MGMT_LTK_UNAUTHENTICATED;
5958}
5959
53ac6ab6 5960void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 5961{
5962 struct mgmt_ev_new_long_term_key ev;
5963
5964 memset(&ev, 0, sizeof(ev));
5965
5192d301
MH		 5966 /* Devices using resolvable or non-resolvable random addresses
5967 * without providing an indentity resolving key don't require
5968 * to store long term keys. Their addresses will change the
5969 * next time around.
5970 *
5971 * Only when a remote device provides an identity address
5972 * make sure the long term key is stored. If the remote
5973 * identity is known, the long term keys are internally
5974 * mapped to the identity address. So allow static random
5975 * and public addresses here.
5976 */
ba74b666
JH		 5977 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
5978 (key->bdaddr.b[5] & 0xc0) != 0xc0)
5979 ev.store_hint = 0x00;
5980 else
53ac6ab6 5981 ev.store_hint = persistent;
ba74b666 5982
346af67b 5983 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 5984 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 5985 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 5986 ev.key.enc_size = key->enc_size;
5987 ev.key.ediv = key->ediv;
fe39c7b2 5988 ev.key.rand = key->rand;
346af67b 5989
2ceba539 5990 if (key->type == SMP_LTK)
346af67b
VCG		 5991 ev.key.master = 1;
5992
346af67b
VCG		 5993 memcpy(ev.key.val, key->val, sizeof(key->val));
5994
083368f7 5995 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 5996}
5997
95fbac8a
JH		 5998void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk)
5999{
6000 struct mgmt_ev_new_irk ev;
6001
6002 memset(&ev, 0, sizeof(ev));
6003
bab6d1e5
MH		 6004 /* For identity resolving keys from devices that are already
6005 * using a public address or static random address, do not
6006 * ask for storing this key. The identity resolving key really
6007 * is only mandatory for devices using resovlable random
6008 * addresses.
6009 *
6010 * Storing all identity resolving keys has the downside that
6011 * they will be also loaded on next boot of they system. More
6012 * identity resolving keys, means more time during scanning is
6013 * needed to actually resolve these addresses.
6014 */
6015 if (bacmp(&irk->rpa, BDADDR_ANY))
6016 ev.store_hint = 0x01;
6017 else
6018 ev.store_hint = 0x00;
6019
95fbac8a
JH		 6020 bacpy(&ev.rpa, &irk->rpa);
6021 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
6022 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
6023 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
6024
6025 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
6026}
6027
53ac6ab6
MH		 6028void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
6029 bool persistent)
7ee4ea36
MH		 6030{
6031 struct mgmt_ev_new_csrk ev;
6032
6033 memset(&ev, 0, sizeof(ev));
6034
6035 /* Devices using resolvable or non-resolvable random addresses
6036 * without providing an indentity resolving key don't require
6037 * to store signature resolving keys. Their addresses will change
6038 * the next time around.
6039 *
6040 * Only when a remote device provides an identity address
6041 * make sure the signature resolving key is stored. So allow
6042 * static random and public addresses here.
6043 */
6044 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
6045 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
6046 ev.store_hint = 0x00;
6047 else
53ac6ab6 6048 ev.store_hint = persistent;
7ee4ea36
MH		 6049
6050 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
6051 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
6052 ev.key.master = csrk->master;
6053 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
6054
6055 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
6056}
6057
ffb5a827 6058void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 6059 u8 bdaddr_type, u8 store_hint, u16 min_interval,
6060 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 6061{
6062 struct mgmt_ev_new_conn_param ev;
6063
c103aea6
JH		 6064 if (!hci_is_identity_address(bdaddr, bdaddr_type))
6065 return;
6066
ffb5a827
AG		 6067 memset(&ev, 0, sizeof(ev));
6068 bacpy(&ev.addr.bdaddr, bdaddr);
6069 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 6070 ev.store_hint = store_hint;
ffb5a827
AG		 6071 ev.min_interval = cpu_to_le16(min_interval);
6072 ev.max_interval = cpu_to_le16(max_interval);
6073 ev.latency = cpu_to_le16(latency);
6074 ev.timeout = cpu_to_le16(timeout);
6075
6076 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
6077}
6078
94933991
MH		 6079static inline u16 eir_append_data(u8 *eir, u16 eir_len, u8 type, u8 *data,
6080 u8 data_len)
6081{
6082 eir[eir_len++] = sizeof(type) + data_len;
6083 eir[eir_len++] = type;
6084 memcpy(&eir[eir_len], data, data_len);
6085 eir_len += data_len;
6086
6087 return eir_len;
6088}
6089
ecd90ae7
MH		 6090void mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6091 u8 addr_type, u32 flags, u8 *name, u8 name_len,
6092 u8 *dev_class)
f7520543 6093{
b644ba33
JH		 6094 char buf[512];
6095 struct mgmt_ev_device_connected *ev = (void *) buf;
6096 u16 eir_len = 0;
f7520543 6097
b644ba33 6098 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6099 ev->addr.type = link_to_bdaddr(link_type, addr_type);
f7520543 6100
c95f0ba7 6101 ev->flags = __cpu_to_le32(flags);
08c79b61 6102
b644ba33
JH		 6103 if (name_len > 0)
6104 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
04124681 6105 name, name_len);
b644ba33
JH		 6106
6107 if (dev_class && memcmp(dev_class, "\0\0\0", 3) != 0)
53156385 6108 eir_len = eir_append_data(ev->eir, eir_len,
04124681 6109 EIR_CLASS_OF_DEV, dev_class, 3);
b644ba33 6110
eb55ef07 6111 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 6112
ecd90ae7
MH		 6113 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
6114 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 6115}
6116
8962ee74
JH		 6117static void disconnect_rsp(struct pending_cmd *cmd, void *data)
6118{
c68fb7ff 6119 struct mgmt_cp_disconnect *cp = cmd->param;
8962ee74 6120 struct sock **sk = data;
a38528f1 6121 struct mgmt_rp_disconnect rp;
8962ee74 6122
88c3df13
JH		 6123 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6124 rp.addr.type = cp->addr.type;
8962ee74 6125
aee9b218 6126 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT, 0, &rp,
04124681 6127 sizeof(rp));
8962ee74
JH		 6128
6129 *sk = cmd->sk;
6130 sock_hold(*sk);
6131
a664b5bc 6132 mgmt_pending_remove(cmd);
8962ee74
JH		 6133}
6134
124f6e35 6135static void unpair_device_rsp(struct pending_cmd *cmd, void *data)
a8a1d19e 6136{
b1078ad0 6137 struct hci_dev *hdev = data;
124f6e35
JH		 6138 struct mgmt_cp_unpair_device *cp = cmd->param;
6139 struct mgmt_rp_unpair_device rp;
a8a1d19e
JH		 6140
6141 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 6142 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6143 rp.addr.type = cp->addr.type;
a8a1d19e 6144
b1078ad0
JH		 6145 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
6146
aee9b218 6147 cmd_complete(cmd->sk, cmd->index, cmd->opcode, 0, &rp, sizeof(rp));
a8a1d19e
JH		 6148
6149 mgmt_pending_remove(cmd);
6150}
6151
9b80ec5e 6152void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 6153 u8 link_type, u8 addr_type, u8 reason,
6154 bool mgmt_connected)
f7520543 6155{
f0d6a0ea 6156 struct mgmt_ev_device_disconnected ev;
8b064a3a 6157 struct pending_cmd *power_off;
8962ee74 6158 struct sock *sk = NULL;
8962ee74 6159
8b064a3a
JH		 6160 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6161 if (power_off) {
6162 struct mgmt_mode *cp = power_off->param;
6163
6164 /* The connection is still in hci_conn_hash so test for 1
6165 * instead of 0 to know if this is the last one.
6166 */
a3172b7e
JH		 6167 if (!cp->val && hci_conn_count(hdev) == 1) {
6168 cancel_delayed_work(&hdev->power_off);
8b064a3a 6169 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6170 }
8b064a3a
JH		 6171 }
6172
12d4a3b2
JH		 6173 if (!mgmt_connected)
6174 return;
6175
57eb776f
AG		 6176 if (link_type != ACL_LINK && link_type != LE_LINK)
6177 return;
6178
744cf19e 6179 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 6180
f0d6a0ea
MA		 6181 bacpy(&ev.addr.bdaddr, bdaddr);
6182 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6183 ev.reason = reason;
f7520543 6184
9b80ec5e 6185 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 6186
6187 if (sk)
d97dcb66 6188 sock_put(sk);
8962ee74 6189
124f6e35 6190 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 6191 hdev);
8962ee74
JH		 6192}
6193
7892924c
MH		 6194void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
6195 u8 link_type, u8 addr_type, u8 status)
8962ee74 6196{
3655bba8
AG		 6197 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
6198 struct mgmt_cp_disconnect *cp;
88c3df13 6199 struct mgmt_rp_disconnect rp;
8962ee74 6200 struct pending_cmd *cmd;
8962ee74 6201
36a75f1b
JD		 6202 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
6203 hdev);
6204
2e58ef3e 6205 cmd = mgmt_pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 6206 if (!cmd)
7892924c 6207 return;
8962ee74 6208
3655bba8
AG		 6209 cp = cmd->param;
6210
6211 if (bacmp(bdaddr, &cp->addr.bdaddr))
6212 return;
6213
6214 if (cp->addr.type != bdaddr_type)
6215 return;
6216
88c3df13 6217 bacpy(&rp.addr.bdaddr, bdaddr);
3655bba8 6218 rp.addr.type = bdaddr_type;
37d9ef76 6219
7892924c
MH		 6220 cmd_complete(cmd->sk, cmd->index, MGMT_OP_DISCONNECT,
6221 mgmt_status(status), &rp, sizeof(rp));
8962ee74 6222
a664b5bc 6223 mgmt_pending_remove(cmd);
f7520543 6224}
17d5c04c 6225
445608d0
MH		 6226void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6227 u8 addr_type, u8 status)
17d5c04c
JH		 6228{
6229 struct mgmt_ev_connect_failed ev;
c9910d0f
JH		 6230 struct pending_cmd *power_off;
6231
6232 power_off = mgmt_pending_find(MGMT_OP_SET_POWERED, hdev);
6233 if (power_off) {
6234 struct mgmt_mode *cp = power_off->param;
6235
6236 /* The connection is still in hci_conn_hash so test for 1
6237 * instead of 0 to know if this is the last one.
6238 */
a3172b7e
JH		 6239 if (!cp->val && hci_conn_count(hdev) == 1) {
6240 cancel_delayed_work(&hdev->power_off);
c9910d0f 6241 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 6242 }
c9910d0f 6243 }
17d5c04c 6244
4c659c39 6245 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6246 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6247 ev.status = mgmt_status(status);
17d5c04c 6248
445608d0 6249 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 6250}
980e1a53 6251
ce0e4a0d 6252void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 6253{
6254 struct mgmt_ev_pin_code_request ev;
6255
d8457698 6256 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 6257 ev.addr.type = BDADDR_BREDR;
a770bb5a 6258 ev.secure = secure;
980e1a53 6259
ce0e4a0d 6260 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 6261}
6262
e669cf80
MH		 6263void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6264 u8 status)
980e1a53
JH		 6265{
6266 struct pending_cmd *cmd;
ac56fb13 6267 struct mgmt_rp_pin_code_reply rp;
980e1a53 6268
2e58ef3e 6269 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 6270 if (!cmd)
e669cf80 6271 return;
980e1a53 6272
d8457698 6273 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6274 rp.addr.type = BDADDR_BREDR;
ac56fb13 6275
e669cf80
MH		 6276 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
6277 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6278
a664b5bc 6279 mgmt_pending_remove(cmd);
980e1a53
JH		 6280}
6281
3eb38528
MH		 6282void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
6283 u8 status)
980e1a53
JH		 6284{
6285 struct pending_cmd *cmd;
ac56fb13 6286 struct mgmt_rp_pin_code_reply rp;
980e1a53 6287
2e58ef3e 6288 cmd = mgmt_pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 6289 if (!cmd)
3eb38528 6290 return;
980e1a53 6291
d8457698 6292 bacpy(&rp.addr.bdaddr, bdaddr);
591f47f3 6293 rp.addr.type = BDADDR_BREDR;
ac56fb13 6294
3eb38528
MH		 6295 cmd_complete(cmd->sk, hdev->id, MGMT_OP_PIN_CODE_NEG_REPLY,
6296 mgmt_status(status), &rp, sizeof(rp));
980e1a53 6297
a664b5bc 6298 mgmt_pending_remove(cmd);
980e1a53 6299}
a5c29683 6300
744cf19e 6301int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 6302 u8 link_type, u8 addr_type, u32 value,
04124681 6303 u8 confirm_hint)
a5c29683
JH		 6304{
6305 struct mgmt_ev_user_confirm_request ev;
6306
744cf19e 6307 BT_DBG("%s", hdev->name);
a5c29683 6308
272d90df 6309 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6310 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 6311 ev.confirm_hint = confirm_hint;
39adbffe 6312 ev.value = cpu_to_le32(value);
a5c29683 6313
744cf19e 6314 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 6315 NULL);
a5c29683
JH		 6316}
6317
272d90df 6318int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 6319 u8 link_type, u8 addr_type)
604086b7
BG		 6320{
6321 struct mgmt_ev_user_passkey_request ev;
6322
6323 BT_DBG("%s", hdev->name);
6324
272d90df 6325 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6326 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 6327
6328 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 6329 NULL);
604086b7
BG		 6330}
6331
0df4c185 6332static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 6333 u8 link_type, u8 addr_type, u8 status,
6334 u8 opcode)
a5c29683
JH		 6335{
6336 struct pending_cmd *cmd;
6337 struct mgmt_rp_user_confirm_reply rp;
6338 int err;
6339
2e58ef3e 6340 cmd = mgmt_pending_find(opcode, hdev);
a5c29683
JH		 6341 if (!cmd)
6342 return -ENOENT;
6343
272d90df 6344 bacpy(&rp.addr.bdaddr, bdaddr);
57c1477c 6345 rp.addr.type = link_to_bdaddr(link_type, addr_type);
aee9b218 6346 err = cmd_complete(cmd->sk, hdev->id, opcode, mgmt_status(status),
04124681 6347 &rp, sizeof(rp));
a5c29683 6348
a664b5bc 6349 mgmt_pending_remove(cmd);
a5c29683
JH		 6350
6351 return err;
6352}
6353
744cf19e 6354int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6355 u8 link_type, u8 addr_type, u8 status)
a5c29683 6356{
272d90df 6357 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6358 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 6359}
6360
272d90df 6361int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6362 u8 link_type, u8 addr_type, u8 status)
a5c29683 6363{
272d90df 6364 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6365 status,
6366 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 6367}
2a611692 6368
604086b7 6369int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6370 u8 link_type, u8 addr_type, u8 status)
604086b7 6371{
272d90df 6372 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 6373 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 6374}
6375
272d90df 6376int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 6377 u8 link_type, u8 addr_type, u8 status)
604086b7 6378{
272d90df 6379 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 6380 status,
6381 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 6382}
6383
92a25256
JH		 6384int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
6385 u8 link_type, u8 addr_type, u32 passkey,
6386 u8 entered)
6387{
6388 struct mgmt_ev_passkey_notify ev;
6389
6390 BT_DBG("%s", hdev->name);
6391
6392 bacpy(&ev.addr.bdaddr, bdaddr);
6393 ev.addr.type = link_to_bdaddr(link_type, addr_type);
6394 ev.passkey = __cpu_to_le32(passkey);
6395 ev.entered = entered;
6396
6397 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
6398}
6399
e546099c
MH		 6400void mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6401 u8 addr_type, u8 status)
2a611692
JH		 6402{
6403 struct mgmt_ev_auth_failed ev;
6404
bab73cb6 6405 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 6406 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 6407 ev.status = mgmt_status(status);
2a611692 6408
e546099c 6409 mgmt_event(MGMT_EV_AUTH_FAILED, hdev, &ev, sizeof(ev), NULL);
2a611692 6410}
b312b161 6411
464996ae 6412void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 6413{
6414 struct cmd_lookup match = { NULL, hdev };
464996ae 6415 bool changed;
33ef95ed
JH		 6416
6417 if (status) {
6418 u8 mgmt_err = mgmt_status(status);
6419 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 6420 cmd_status_rsp, &mgmt_err);
464996ae 6421 return;
33ef95ed
JH		 6422 }
6423
464996ae
MH		 6424 if (test_bit(HCI_AUTH, &hdev->flags))
6425 changed = !test_and_set_bit(HCI_LINK_SECURITY,
6426 &hdev->dev_flags);
6427 else
6428 changed = test_and_clear_bit(HCI_LINK_SECURITY,
6429 &hdev->dev_flags);
47990ea0 6430
33ef95ed 6431 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 6432 &match);
33ef95ed 6433
47990ea0 6434 if (changed)
464996ae 6435 new_settings(hdev, match.sk);
33ef95ed
JH		 6436
6437 if (match.sk)
6438 sock_put(match.sk);
33ef95ed
JH		 6439}
6440
890ea898 6441static void clear_eir(struct hci_request *req)
cacaf52f 6442{
890ea898 6443 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 6444 struct hci_cp_write_eir cp;
6445
976eb20e 6446 if (!lmp_ext_inq_capable(hdev))
890ea898 6447 return;
cacaf52f 6448
c80da27e
JH		 6449 memset(hdev->eir, 0, sizeof(hdev->eir));
6450
cacaf52f
JH		 6451 memset(&cp, 0, sizeof(cp));
6452
890ea898 6453 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 6454}
6455
3e248560 6456void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 6457{
6458 struct cmd_lookup match = { NULL, hdev };
890ea898 6459 struct hci_request req;
c0ecddc2 6460 bool changed = false;
ed2c4ee3
JH		 6461
6462 if (status) {
6463 u8 mgmt_err = mgmt_status(status);
c0ecddc2
JH		 6464
6465 if (enable && test_and_clear_bit(HCI_SSP_ENABLED,
9ecb3e24
MH		 6466 &hdev->dev_flags)) {
6467 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
3e248560 6468 new_settings(hdev, NULL);
9ecb3e24 6469 }
c0ecddc2 6470
04124681
GP		 6471 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
6472 &mgmt_err);
3e248560 6473 return;
c0ecddc2
JH		 6474 }
6475
6476 if (enable) {
9ecb3e24 6477 changed = !test_and_set_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
c0ecddc2 6478 } else {
9ecb3e24
MH		 6479 changed = test_and_clear_bit(HCI_SSP_ENABLED, &hdev->dev_flags);
6480 if (!changed)
6481 changed = test_and_clear_bit(HCI_HS_ENABLED,
6482 &hdev->dev_flags);
6483 else
6484 clear_bit(HCI_HS_ENABLED, &hdev->dev_flags);
ed2c4ee3
JH		 6485 }
6486
6487 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
6488
c0ecddc2 6489 if (changed)
3e248560 6490 new_settings(hdev, match.sk);
ed2c4ee3 6491
5fc6ebb1 6492 if (match.sk)
ed2c4ee3
JH		 6493 sock_put(match.sk);
6494
890ea898
JH		 6495 hci_req_init(&req, hdev);
6496
3769972b
JH		 6497 if (test_bit(HCI_SSP_ENABLED, &hdev->dev_flags)) {
6498 if (test_bit(HCI_USE_DEBUG_KEYS, &hdev->dev_flags))
6499 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
6500 sizeof(enable), &enable);
890ea898 6501 update_eir(&req);
3769972b 6502 } else {
890ea898 6503 clear_eir(&req);
3769972b 6504 }
890ea898
JH		 6505
6506 hci_req_run(&req, NULL);
ed2c4ee3
JH		 6507}
6508
eac83dc6
MH		 6509void mgmt_sc_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
6510{
6511 struct cmd_lookup match = { NULL, hdev };
6512 bool changed = false;
6513
6514 if (status) {
6515 u8 mgmt_err = mgmt_status(status);
6516
0ab04a9c
MH		 6517 if (enable) {
6518 if (test_and_clear_bit(HCI_SC_ENABLED,
6519 &hdev->dev_flags))
6520 new_settings(hdev, NULL);
6521 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6522 }
eac83dc6
MH		 6523
6524 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6525 cmd_status_rsp, &mgmt_err);
6526 return;
6527 }
6528
0ab04a9c 6529 if (enable) {
eac83dc6 6530 changed = !test_and_set_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c 6531 } else {
eac83dc6 6532 changed = test_and_clear_bit(HCI_SC_ENABLED, &hdev->dev_flags);
0ab04a9c
MH		 6533 clear_bit(HCI_SC_ONLY, &hdev->dev_flags);
6534 }
eac83dc6
MH		 6535
6536 mgmt_pending_foreach(MGMT_OP_SET_SECURE_CONN, hdev,
6537 settings_rsp, &match);
6538
6539 if (changed)
6540 new_settings(hdev, match.sk);
6541
6542 if (match.sk)
6543 sock_put(match.sk);
6544}
6545
92da6097 6546static void sk_lookup(struct pending_cmd *cmd, void *data)
90e70454
JH		 6547{
6548 struct cmd_lookup *match = data;
6549
90e70454
JH		 6550 if (match->sk == NULL) {
6551 match->sk = cmd->sk;
6552 sock_hold(match->sk);
6553 }
90e70454
JH		 6554}
6555
4e1b0245
MH		 6556void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
6557 u8 status)
7f9a903c 6558{
90e70454 6559 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 6560
92da6097
JH		 6561 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
6562 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
6563 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454
JH		 6564
6565 if (!status)
4e1b0245
MH		 6566 mgmt_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class, 3,
6567 NULL);
90e70454
JH		 6568
6569 if (match.sk)
6570 sock_put(match.sk);
7f9a903c
MH		 6571}
6572
7667da34 6573void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 6574{
b312b161 6575 struct mgmt_cp_set_local_name ev;
13928971 6576 struct pending_cmd *cmd;
28cc7bde 6577
13928971 6578 if (status)
7667da34 6579 return;
b312b161
JH		 6580
6581 memset(&ev, 0, sizeof(ev));
6582 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 6583 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 6584
2e58ef3e 6585 cmd = mgmt_pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 6586 if (!cmd) {
6587 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 6588
13928971
JH		 6589 /* If this is a HCI command related to powering on the
6590 * HCI dev don't send any mgmt signals.
6591 */
6592 if (mgmt_pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 6593 return;
890ea898 6594 }
b312b161 6595
7667da34
MH		 6596 mgmt_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
6597 cmd ? cmd->sk : NULL);
b312b161 6598}
c35938b2 6599
4d2d2796
MH		 6600void mgmt_read_local_oob_data_complete(struct hci_dev *hdev, u8 *hash192,
6601 u8 *randomizer192, u8 *hash256,
6602 u8 *randomizer256, u8 status)
c35938b2
SJ		 6603{
6604 struct pending_cmd *cmd;
c35938b2 6605
744cf19e 6606 BT_DBG("%s status %u", hdev->name, status);
c35938b2 6607
2e58ef3e 6608 cmd = mgmt_pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
c35938b2 6609 if (!cmd)
3edaf092 6610 return;
c35938b2
SJ		 6611
6612 if (status) {
3edaf092
MH		 6613 cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
6614 mgmt_status(status));
c35938b2 6615 } else {
4d2d2796
MH		 6616 if (test_bit(HCI_SC_ENABLED, &hdev->dev_flags) &&
6617 hash256 && randomizer256) {
6618 struct mgmt_rp_read_local_oob_ext_data rp;
6619
6620 memcpy(rp.hash192, hash192, sizeof(rp.hash192));
6621 memcpy(rp.randomizer192, randomizer192,
6622 sizeof(rp.randomizer192));
c35938b2 6623
4d2d2796
MH		 6624 memcpy(rp.hash256, hash256, sizeof(rp.hash256));
6625 memcpy(rp.randomizer256, randomizer256,
6626 sizeof(rp.randomizer256));
c35938b2 6627
4d2d2796
MH		 6628 cmd_complete(cmd->sk, hdev->id,
6629 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6630 &rp, sizeof(rp));
6631 } else {
6632 struct mgmt_rp_read_local_oob_data rp;
6633
6634 memcpy(rp.hash, hash192, sizeof(rp.hash));
6635 memcpy(rp.randomizer, randomizer192,
6636 sizeof(rp.randomizer));
6637
6638 cmd_complete(cmd->sk, hdev->id,
6639 MGMT_OP_READ_LOCAL_OOB_DATA, 0,
6640 &rp, sizeof(rp));
6641 }
c35938b2
SJ		 6642 }
6643
6644 mgmt_pending_remove(cmd);
c35938b2 6645}
e17acd40 6646
901801b9 6647void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
af58925c
MH		 6648 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
6649 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 6650{
e319d2e7
JH		 6651 char buf[512];
6652 struct mgmt_ev_device_found *ev = (void *) buf;
5cedbb8d 6653 struct smp_irk *irk;
1dc06093 6654 size_t ev_size;
e17acd40 6655
75ce208c
JH		 6656 /* Don't send events for a non-kernel initiated discovery. With
6657 * LE one exception is if we have pend_le_reports > 0 in which
6658 * case we're doing passive scanning and want these events.
6659 */
6660 if (!hci_discovery_active(hdev)) {
6661 if (link_type == ACL_LINK)
6662 return;
66f8455a 6663 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
75ce208c
JH		 6664 return;
6665 }
12602d0c 6666
5d2e9fad
JH		 6667 /* Make sure that the buffer is big enough. The 5 extra bytes
6668 * are for the potential CoD field.
6669 */
6670 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
901801b9 6671 return;
7d262f86 6672
1dc06093
JH		 6673 memset(buf, 0, sizeof(buf));
6674
5cedbb8d
JH		 6675 irk = hci_get_irk(hdev, bdaddr, addr_type);
6676 if (irk) {
6677 bacpy(&ev->addr.bdaddr, &irk->bdaddr);
6678 ev->addr.type = link_to_bdaddr(link_type, irk->addr_type);
6679 } else {
6680 bacpy(&ev->addr.bdaddr, bdaddr);
6681 ev->addr.type = link_to_bdaddr(link_type, addr_type);
6682 }
6683
e319d2e7 6684 ev->rssi = rssi;
af58925c 6685 ev->flags = cpu_to_le32(flags);
e17acd40 6686
1dc06093 6687 if (eir_len > 0)
e319d2e7 6688 memcpy(ev->eir, eir, eir_len);
e17acd40 6689
1dc06093
JH		 6690 if (dev_class && !eir_has_data_type(ev->eir, eir_len, EIR_CLASS_OF_DEV))
6691 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
04124681 6692 dev_class, 3);
1dc06093 6693
5d2e9fad
JH		 6694 if (scan_rsp_len > 0)
6695 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
6696
6697 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
6698 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 6699
901801b9 6700 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 6701}
a88a9652 6702
9cf12aee
MH		 6703void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
6704 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 6705{
b644ba33
JH		 6706 struct mgmt_ev_device_found *ev;
6707 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
6708 u16 eir_len;
a88a9652 6709
b644ba33 6710 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 6711
b644ba33
JH		 6712 memset(buf, 0, sizeof(buf));
6713
6714 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 6715 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 6716 ev->rssi = rssi;
6717
6718 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 6719 name_len);
b644ba33 6720
eb55ef07 6721 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 6722
9cf12aee 6723 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 6724}
314b2381 6725
2f1e063b 6726void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 6727{
f963e8e9 6728 struct mgmt_ev_discovering ev;
164a6e78
JH		 6729 struct pending_cmd *cmd;
6730
343fb145
AG		 6731 BT_DBG("%s discovering %u", hdev->name, discovering);
6732
164a6e78 6733 if (discovering)
2e58ef3e 6734 cmd = mgmt_pending_find(MGMT_OP_START_DISCOVERY, hdev);
164a6e78 6735 else
2e58ef3e 6736 cmd = mgmt_pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
164a6e78
JH		 6737
6738 if (cmd != NULL) {
f808e166
JH		 6739 u8 type = hdev->discovery.type;
6740
04124681
GP		 6741 cmd_complete(cmd->sk, hdev->id, cmd->opcode, 0, &type,
6742 sizeof(type));
164a6e78
JH		 6743 mgmt_pending_remove(cmd);
6744 }
6745
f963e8e9
JH		 6746 memset(&ev, 0, sizeof(ev));
6747 ev.type = hdev->discovery.type;
6748 ev.discovering = discovering;
6749
2f1e063b 6750 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 6751}
5e762444 6752
5976e608
MH		 6753static void adv_enable_complete(struct hci_dev *hdev, u8 status)
6754{
6755 BT_DBG("%s status %u", hdev->name, status);
6756
6757 /* Clear the advertising mgmt setting if we failed to re-enable it */
6758 if (status) {
6759 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6760 new_settings(hdev, NULL);
5976e608
MH		 6761 }
6762}
6763
6764void mgmt_reenable_advertising(struct hci_dev *hdev)
6765{
6766 struct hci_request req;
6767
b145edcd 6768 if (hci_conn_num(hdev, LE_LINK) > 0)
5976e608
MH		 6769 return;
6770
6771 if (!test_bit(HCI_ADVERTISING, &hdev->dev_flags))
6772 return;
6773
6774 hci_req_init(&req, hdev);
6775 enable_advertising(&req);
6776
6777 /* If this fails we have no option but to let user space know
6778 * that we've disabled advertising.
6779 */
6780 if (hci_req_run(&req, adv_enable_complete) < 0) {
6781 clear_bit(HCI_ADVERTISING, &hdev->dev_flags);
a6d811ed 6782 new_settings(hdev, NULL);
5976e608
MH		 6783 }
6784}
Linux 6.x block layer and io_uring tree(s)