projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hci_qca: Give enough time to ROME controller to bootup.
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
0381101f 39
2da9c55c 40#define MGMT_VERSION 1
3310230c 41#define MGMT_REVISION 14
02d98129 42
e70bb2e8
JH		 43static const u16 mgmt_commands[] = {
44 MGMT_OP_READ_INDEX_LIST,
45 MGMT_OP_READ_INFO,
46 MGMT_OP_SET_POWERED,
47 MGMT_OP_SET_DISCOVERABLE,
48 MGMT_OP_SET_CONNECTABLE,
49 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 50 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 51 MGMT_OP_SET_LINK_SECURITY,
52 MGMT_OP_SET_SSP,
53 MGMT_OP_SET_HS,
54 MGMT_OP_SET_LE,
55 MGMT_OP_SET_DEV_CLASS,
56 MGMT_OP_SET_LOCAL_NAME,
57 MGMT_OP_ADD_UUID,
58 MGMT_OP_REMOVE_UUID,
59 MGMT_OP_LOAD_LINK_KEYS,
60 MGMT_OP_LOAD_LONG_TERM_KEYS,
61 MGMT_OP_DISCONNECT,
62 MGMT_OP_GET_CONNECTIONS,
63 MGMT_OP_PIN_CODE_REPLY,
64 MGMT_OP_PIN_CODE_NEG_REPLY,
65 MGMT_OP_SET_IO_CAPABILITY,
66 MGMT_OP_PAIR_DEVICE,
67 MGMT_OP_CANCEL_PAIR_DEVICE,
68 MGMT_OP_UNPAIR_DEVICE,
69 MGMT_OP_USER_CONFIRM_REPLY,
70 MGMT_OP_USER_CONFIRM_NEG_REPLY,
71 MGMT_OP_USER_PASSKEY_REPLY,
72 MGMT_OP_USER_PASSKEY_NEG_REPLY,
73 MGMT_OP_READ_LOCAL_OOB_DATA,
74 MGMT_OP_ADD_REMOTE_OOB_DATA,
75 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
76 MGMT_OP_START_DISCOVERY,
77 MGMT_OP_STOP_DISCOVERY,
78 MGMT_OP_CONFIRM_NAME,
79 MGMT_OP_BLOCK_DEVICE,
80 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 81 MGMT_OP_SET_DEVICE_ID,
4375f103 82 MGMT_OP_SET_ADVERTISING,
0663ca2a 83 MGMT_OP_SET_BREDR,
d13eafce 84 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 85 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 86 MGMT_OP_SET_SECURE_CONN,
4e39ac81 87 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 88 MGMT_OP_SET_PRIVACY,
41edf160 89 MGMT_OP_LOAD_IRKS,
dd983808 90 MGMT_OP_GET_CONN_INFO,
95868426 91 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 92 MGMT_OP_ADD_DEVICE,
93 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 94 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 95 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 96 MGMT_OP_READ_CONFIG_INFO,
dbece37a 97 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 98 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 99 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 100 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 101 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 102 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 103 MGMT_OP_ADD_ADVERTISING,
da929335 104 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 105 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 106 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 107 MGMT_OP_READ_EXT_INFO,
c4960ecf 108 MGMT_OP_SET_APPEARANCE,
e70bb2e8
JH		 109};
110
111static const u16 mgmt_events[] = {
112 MGMT_EV_CONTROLLER_ERROR,
113 MGMT_EV_INDEX_ADDED,
114 MGMT_EV_INDEX_REMOVED,
115 MGMT_EV_NEW_SETTINGS,
116 MGMT_EV_CLASS_OF_DEV_CHANGED,
117 MGMT_EV_LOCAL_NAME_CHANGED,
118 MGMT_EV_NEW_LINK_KEY,
119 MGMT_EV_NEW_LONG_TERM_KEY,
120 MGMT_EV_DEVICE_CONNECTED,
121 MGMT_EV_DEVICE_DISCONNECTED,
122 MGMT_EV_CONNECT_FAILED,
123 MGMT_EV_PIN_CODE_REQUEST,
124 MGMT_EV_USER_CONFIRM_REQUEST,
125 MGMT_EV_USER_PASSKEY_REQUEST,
126 MGMT_EV_AUTH_FAILED,
127 MGMT_EV_DEVICE_FOUND,
128 MGMT_EV_DISCOVERING,
129 MGMT_EV_DEVICE_BLOCKED,
130 MGMT_EV_DEVICE_UNBLOCKED,
131 MGMT_EV_DEVICE_UNPAIRED,
92a25256 132 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 133 MGMT_EV_NEW_IRK,
7ee4ea36 134 MGMT_EV_NEW_CSRK,
8afef092
MH		 135 MGMT_EV_DEVICE_ADDED,
136 MGMT_EV_DEVICE_REMOVED,
ffb5a827 137 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 138 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 139 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 140 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 141 MGMT_EV_EXT_INDEX_ADDED,
142 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 143 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 144 MGMT_EV_ADVERTISING_ADDED,
145 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 146 MGMT_EV_EXT_INFO_CHANGED,
e70bb2e8
JH		 147};
148
99c679ac
MH		 149static const u16 mgmt_untrusted_commands[] = {
150 MGMT_OP_READ_INDEX_LIST,
151 MGMT_OP_READ_INFO,
152 MGMT_OP_READ_UNCONF_INDEX_LIST,
153 MGMT_OP_READ_CONFIG_INFO,
154 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 155 MGMT_OP_READ_EXT_INFO,
99c679ac
MH		 156};
157
158static const u16 mgmt_untrusted_events[] = {
159 MGMT_EV_INDEX_ADDED,
160 MGMT_EV_INDEX_REMOVED,
161 MGMT_EV_NEW_SETTINGS,
162 MGMT_EV_CLASS_OF_DEV_CHANGED,
163 MGMT_EV_LOCAL_NAME_CHANGED,
164 MGMT_EV_UNCONF_INDEX_ADDED,
165 MGMT_EV_UNCONF_INDEX_REMOVED,
166 MGMT_EV_NEW_CONFIG_OPTIONS,
167 MGMT_EV_EXT_INDEX_ADDED,
168 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 169 MGMT_EV_EXT_INFO_CHANGED,
99c679ac
MH		 170};
171
17b02e62 172#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 173
d25b78e2
JH		 174#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
175 "\x00\x00\x00\x00\x00\x00\x00\x00"
176
ca69b795
JH		 177/* HCI to MGMT error code conversion table */
178static u8 mgmt_status_table[] = {
179 MGMT_STATUS_SUCCESS,
180 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
181 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
182 MGMT_STATUS_FAILED, /* Hardware Failure */
183 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
184 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 185 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 186 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
187 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
188 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
189 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
190 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
191 MGMT_STATUS_BUSY, /* Command Disallowed */
192 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
193 MGMT_STATUS_REJECTED, /* Rejected Security */
194 MGMT_STATUS_REJECTED, /* Rejected Personal */
195 MGMT_STATUS_TIMEOUT, /* Host Timeout */
196 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
197 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
198 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
199 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
200 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
201 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
202 MGMT_STATUS_BUSY, /* Repeated Attempts */
203 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
204 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
205 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
206 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
207 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
208 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
209 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
210 MGMT_STATUS_FAILED, /* Unspecified Error */
211 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
212 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
213 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
214 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
215 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
216 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
217 MGMT_STATUS_FAILED, /* Unit Link Key Used */
218 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
219 MGMT_STATUS_TIMEOUT, /* Instant Passed */
220 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
221 MGMT_STATUS_FAILED, /* Transaction Collision */
222 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
223 MGMT_STATUS_REJECTED, /* QoS Rejected */
224 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
225 MGMT_STATUS_REJECTED, /* Insufficient Security */
226 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
227 MGMT_STATUS_BUSY, /* Role Switch Pending */
228 MGMT_STATUS_FAILED, /* Slot Violation */
229 MGMT_STATUS_FAILED, /* Role Switch Failed */
230 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
231 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
232 MGMT_STATUS_BUSY, /* Host Busy Pairing */
233 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
234 MGMT_STATUS_BUSY, /* Controller Busy */
235 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
236 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
237 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
238 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
239 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
240};
241
242static u8 mgmt_status(u8 hci_status)
243{
244 if (hci_status < ARRAY_SIZE(mgmt_status_table))
245 return mgmt_status_table[hci_status];
246
247 return MGMT_STATUS_FAILED;
248}
249
c08b1a1d
MH		 250static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
251 u16 len, int flag)
f9207338 252{
c08b1a1d
MH		 253 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
254 flag, NULL);
f9207338
MH		 255}
256
72000df2
MH		 257static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
258 u16 len, int flag, struct sock *skip_sk)
259{
260 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
261 flag, skip_sk);
262}
263
7a00ff44
JH		 264static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
265 struct sock *skip_sk)
266{
267 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 268 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 269}
270
85813a7e
JH		 271static u8 le_addr_type(u8 mgmt_addr_type)
272{
273 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
274 return ADDR_LE_DEV_PUBLIC;
275 else
276 return ADDR_LE_DEV_RANDOM;
277}
278
03c979c4
MH		 279void mgmt_fill_version_info(void *ver)
280{
281 struct mgmt_rp_read_version *rp = ver;
282
283 rp->version = MGMT_VERSION;
284 rp->revision = cpu_to_le16(MGMT_REVISION);
285}
286
04124681
GP		 287static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
288 u16 data_len)
a38528f1
JH		 289{
290 struct mgmt_rp_read_version rp;
291
292 BT_DBG("sock %p", sk);
293
03c979c4 294 mgmt_fill_version_info(&rp);
a38528f1 295
2a1afb5a
JH		 296 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
297 &rp, sizeof(rp));
a38528f1
JH		 298}
299
04124681
GP		 300static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
301 u16 data_len)
e70bb2e8
JH		 302{
303 struct mgmt_rp_read_commands *rp;
99c679ac 304 u16 num_commands, num_events;
e70bb2e8
JH		 305 size_t rp_size;
306 int i, err;
307
308 BT_DBG("sock %p", sk);
309
99c679ac
MH		 310 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
311 num_commands = ARRAY_SIZE(mgmt_commands);
312 num_events = ARRAY_SIZE(mgmt_events);
313 } else {
314 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
315 num_events = ARRAY_SIZE(mgmt_untrusted_events);
316 }
317
e70bb2e8
JH		 318 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
319
320 rp = kmalloc(rp_size, GFP_KERNEL);
321 if (!rp)
322 return -ENOMEM;
323
dcf4adbf
JP		 324 rp->num_commands = cpu_to_le16(num_commands);
325 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 326
99c679ac
MH		 327 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
328 __le16 *opcode = rp->opcodes;
329
330 for (i = 0; i < num_commands; i++, opcode++)
331 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 332
99c679ac
MH		 333 for (i = 0; i < num_events; i++, opcode++)
334 put_unaligned_le16(mgmt_events[i], opcode);
335 } else {
336 __le16 *opcode = rp->opcodes;
337
338 for (i = 0; i < num_commands; i++, opcode++)
339 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
340
341 for (i = 0; i < num_events; i++, opcode++)
342 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
343 }
e70bb2e8 344
2a1afb5a
JH		 345 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
346 rp, rp_size);
e70bb2e8
JH		 347 kfree(rp);
348
349 return err;
350}
351
04124681
GP		 352static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
353 u16 data_len)
faba42eb 354{
faba42eb 355 struct mgmt_rp_read_index_list *rp;
8035ded4 356 struct hci_dev *d;
a38528f1 357 size_t rp_len;
faba42eb 358 u16 count;
476e44cb 359 int err;
faba42eb
JH		 360
361 BT_DBG("sock %p", sk);
362
363 read_lock(&hci_dev_list_lock);
364
365 count = 0;
bb4b2a9a 366 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 367 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 368 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 369 count++;
faba42eb
JH		 370 }
371
a38528f1
JH		 372 rp_len = sizeof(*rp) + (2 * count);
373 rp = kmalloc(rp_len, GFP_ATOMIC);
374 if (!rp) {
b2c60d42 375 read_unlock(&hci_dev_list_lock);
faba42eb 376 return -ENOMEM;
b2c60d42 377 }
faba42eb 378
476e44cb 379 count = 0;
8035ded4 380 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 381 if (hci_dev_test_flag(d, HCI_SETUP) ||
382 hci_dev_test_flag(d, HCI_CONFIG) ||
383 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 384 continue;
385
73d1df2a
MH		 386 /* Devices marked as raw-only are neither configured
387 * nor unconfigured controllers.
388 */
389 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 390 continue;
391
ca8bee5d 392 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 393 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892
MH		 394 rp->index[count++] = cpu_to_le16(d->id);
395 BT_DBG("Added hci%u", d->id);
396 }
faba42eb
JH		 397 }
398
476e44cb
JH		 399 rp->num_controllers = cpu_to_le16(count);
400 rp_len = sizeof(*rp) + (2 * count);
401
faba42eb
JH		 402 read_unlock(&hci_dev_list_lock);
403
2a1afb5a
JH		 404 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
405 0, rp, rp_len);
faba42eb 406
a38528f1
JH		 407 kfree(rp);
408
409 return err;
faba42eb
JH		 410}
411
73d1df2a
MH		 412static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
413 void *data, u16 data_len)
414{
415 struct mgmt_rp_read_unconf_index_list *rp;
416 struct hci_dev *d;
417 size_t rp_len;
418 u16 count;
419 int err;
420
421 BT_DBG("sock %p", sk);
422
423 read_lock(&hci_dev_list_lock);
424
425 count = 0;
426 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 427 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 428 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 429 count++;
430 }
431
432 rp_len = sizeof(*rp) + (2 * count);
433 rp = kmalloc(rp_len, GFP_ATOMIC);
434 if (!rp) {
435 read_unlock(&hci_dev_list_lock);
436 return -ENOMEM;
437 }
438
439 count = 0;
440 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 441 if (hci_dev_test_flag(d, HCI_SETUP) ||
442 hci_dev_test_flag(d, HCI_CONFIG) ||
443 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 444 continue;
445
446 /* Devices marked as raw-only are neither configured
447 * nor unconfigured controllers.
448 */
449 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
450 continue;
451
ca8bee5d 452 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 453 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a
MH		 454 rp->index[count++] = cpu_to_le16(d->id);
455 BT_DBG("Added hci%u", d->id);
456 }
457 }
458
459 rp->num_controllers = cpu_to_le16(count);
460 rp_len = sizeof(*rp) + (2 * count);
461
462 read_unlock(&hci_dev_list_lock);
463
2a1afb5a
JH		 464 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
465 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 466
467 kfree(rp);
468
469 return err;
470}
471
96f1474a
MH		 472static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
473 void *data, u16 data_len)
474{
475 struct mgmt_rp_read_ext_index_list *rp;
476 struct hci_dev *d;
96f1474a
MH		 477 u16 count;
478 int err;
479
480 BT_DBG("sock %p", sk);
481
482 read_lock(&hci_dev_list_lock);
483
484 count = 0;
485 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 486 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 487 count++;
488 }
489
4a67e5d4 490 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
96f1474a
MH		 491 if (!rp) {
492 read_unlock(&hci_dev_list_lock);
493 return -ENOMEM;
494 }
495
496 count = 0;
497 list_for_each_entry(d, &hci_dev_list, list) {
498 if (hci_dev_test_flag(d, HCI_SETUP) ||
499 hci_dev_test_flag(d, HCI_CONFIG) ||
500 hci_dev_test_flag(d, HCI_USER_CHANNEL))
501 continue;
502
503 /* Devices marked as raw-only are neither configured
504 * nor unconfigured controllers.
505 */
506 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
507 continue;
508
ca8bee5d 509 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 510 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
511 rp->entry[count].type = 0x01;
512 else
513 rp->entry[count].type = 0x00;
514 } else if (d->dev_type == HCI_AMP) {
515 rp->entry[count].type = 0x02;
516 } else {
517 continue;
518 }
519
520 rp->entry[count].bus = d->bus;
521 rp->entry[count++].index = cpu_to_le16(d->id);
522 BT_DBG("Added hci%u", d->id);
523 }
524
525 rp->num_controllers = cpu_to_le16(count);
96f1474a
MH		 526
527 read_unlock(&hci_dev_list_lock);
528
529 /* If this command is called at least once, then all the
530 * default index and unconfigured index events are disabled
531 * and from now on only extended index events are used.
532 */
533 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
534 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
535 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
536
537 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4a67e5d4
GS		 538 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
539 struct_size(rp, entry, count));
96f1474a
MH		 540
541 kfree(rp);
542
543 return err;
544}
545
dbece37a
MH		 546static bool is_configured(struct hci_dev *hdev)
547{
548 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 549 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 550 return false;
551
7a0e5b15
MK		 552 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
553 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
dbece37a
MH		 554 !bacmp(&hdev->public_addr, BDADDR_ANY))
555 return false;
556
557 return true;
558}
559
89bc22d2
MH		 560static __le32 get_missing_options(struct hci_dev *hdev)
561{
562 u32 options = 0;
563
dbece37a 564 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 565 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 566 options |= MGMT_OPTION_EXTERNAL_CONFIG;
567
7a0e5b15
MK		 568 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
569 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
89bc22d2
MH		 570 !bacmp(&hdev->public_addr, BDADDR_ANY))
571 options |= MGMT_OPTION_PUBLIC_ADDRESS;
572
573 return cpu_to_le32(options);
574}
575
f4537c04
MH		 576static int new_options(struct hci_dev *hdev, struct sock *skip)
577{
578 __le32 options = get_missing_options(hdev);
579
5504c3a3
MH		 580 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
581 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 582}
583
dbece37a
MH		 584static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
585{
586 __le32 options = get_missing_options(hdev);
587
2a1afb5a
JH		 588 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
589 sizeof(options));
dbece37a
MH		 590}
591
9fc3bfb6
MH		 592static int read_config_info(struct sock *sk, struct hci_dev *hdev,
593 void *data, u16 data_len)
594{
595 struct mgmt_rp_read_config_info rp;
89bc22d2 596 u32 options = 0;
9fc3bfb6
MH		 597
598 BT_DBG("sock %p %s", sk, hdev->name);
599
600 hci_dev_lock(hdev);
601
602 memset(&rp, 0, sizeof(rp));
603 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 604
eb1904f4
MH		 605 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
606 options |= MGMT_OPTION_EXTERNAL_CONFIG;
607
9fc3bfb6 608 if (hdev->set_bdaddr)
89bc22d2
MH		 609 options |= MGMT_OPTION_PUBLIC_ADDRESS;
610
611 rp.supported_options = cpu_to_le32(options);
612 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 613
614 hci_dev_unlock(hdev);
615
2a1afb5a
JH		 616 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
617 &rp, sizeof(rp));
9fc3bfb6
MH		 618}
619
6244691f
JK		 620static u32 get_supported_phys(struct hci_dev *hdev)
621{
622 u32 supported_phys = 0;
623
624 if (lmp_bredr_capable(hdev)) {
625 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
626
627 if (hdev->features[0][0] & LMP_3SLOT)
628 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
629
630 if (hdev->features[0][0] & LMP_5SLOT)
631 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
632
633 if (lmp_edr_2m_capable(hdev)) {
634 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
635
636 if (lmp_edr_3slot_capable(hdev))
637 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
638
639 if (lmp_edr_5slot_capable(hdev))
640 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
641
642 if (lmp_edr_3m_capable(hdev)) {
643 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
644
645 if (lmp_edr_3slot_capable(hdev))
646 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
647
648 if (lmp_edr_5slot_capable(hdev))
649 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
650 }
651 }
652 }
653
654 if (lmp_le_capable(hdev)) {
655 supported_phys |= MGMT_PHY_LE_1M_TX;
656 supported_phys |= MGMT_PHY_LE_1M_RX;
657
658 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
659 supported_phys |= MGMT_PHY_LE_2M_TX;
660 supported_phys |= MGMT_PHY_LE_2M_RX;
661 }
662
663 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
664 supported_phys |= MGMT_PHY_LE_CODED_TX;
665 supported_phys |= MGMT_PHY_LE_CODED_RX;
666 }
667 }
668
669 return supported_phys;
670}
671
672static u32 get_selected_phys(struct hci_dev *hdev)
673{
674 u32 selected_phys = 0;
675
676 if (lmp_bredr_capable(hdev)) {
677 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
678
679 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
680 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
681
682 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
683 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
684
685 if (lmp_edr_2m_capable(hdev)) {
686 if (!(hdev->pkt_type & HCI_2DH1))
687 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
688
689 if (lmp_edr_3slot_capable(hdev) &&
690 !(hdev->pkt_type & HCI_2DH3))
691 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
692
693 if (lmp_edr_5slot_capable(hdev) &&
694 !(hdev->pkt_type & HCI_2DH5))
695 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
696
697 if (lmp_edr_3m_capable(hdev)) {
698 if (!(hdev->pkt_type & HCI_3DH1))
699 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
700
701 if (lmp_edr_3slot_capable(hdev) &&
702 !(hdev->pkt_type & HCI_3DH3))
703 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
704
705 if (lmp_edr_5slot_capable(hdev) &&
706 !(hdev->pkt_type & HCI_3DH5))
707 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
708 }
709 }
710 }
711
712 if (lmp_le_capable(hdev)) {
713 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
714 selected_phys |= MGMT_PHY_LE_1M_TX;
715
716 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
717 selected_phys |= MGMT_PHY_LE_1M_RX;
718
719 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
720 selected_phys |= MGMT_PHY_LE_2M_TX;
721
722 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
723 selected_phys |= MGMT_PHY_LE_2M_RX;
724
725 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
726 selected_phys |= MGMT_PHY_LE_CODED_TX;
727
728 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
729 selected_phys |= MGMT_PHY_LE_CODED_RX;
730 }
731
732 return selected_phys;
733}
734
735static u32 get_configurable_phys(struct hci_dev *hdev)
736{
737 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
738 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
739}
740
69ab39ea
JH		 741static u32 get_supported_settings(struct hci_dev *hdev)
742{
743 u32 settings = 0;
744
745 settings |= MGMT_SETTING_POWERED;
b2939475 746 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 747 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 748 settings |= MGMT_SETTING_CONNECTABLE;
749 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 750
ed3fa31f 751 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 752 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
753 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 754 settings |= MGMT_SETTING_BREDR;
755 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 756
757 if (lmp_ssp_capable(hdev)) {
758 settings |= MGMT_SETTING_SSP;
759 settings |= MGMT_SETTING_HS;
760 }
e98d2ce2 761
05b3c3e7 762 if (lmp_sc_capable(hdev))
e98d2ce2 763 settings |= MGMT_SETTING_SECURE_CONN;
848566b3 764 }
d7b7e796 765
eeca6f89 766 if (lmp_le_capable(hdev)) {
9d42820f 767 settings |= MGMT_SETTING_LE;
eeca6f89 768 settings |= MGMT_SETTING_ADVERTISING;
a3209694 769 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 770 settings |= MGMT_SETTING_PRIVACY;
93690c22 771 settings |= MGMT_SETTING_STATIC_ADDRESS;
eeca6f89 772 }
69ab39ea 773
eb1904f4
MH		 774 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
775 hdev->set_bdaddr)
9fc3bfb6
MH		 776 settings |= MGMT_SETTING_CONFIGURATION;
777
6244691f
JK		 778 settings |= MGMT_SETTING_PHY_CONFIGURATION;
779
69ab39ea
JH		 780 return settings;
781}
782
783static u32 get_current_settings(struct hci_dev *hdev)
784{
785 u32 settings = 0;
786
f1f0eb02 787 if (hdev_is_powered(hdev))
f0d4b78a
MH		 788 settings |= MGMT_SETTING_POWERED;
789
d7a5a11d 790 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 791 settings |= MGMT_SETTING_CONNECTABLE;
792
d7a5a11d 793 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 794 settings |= MGMT_SETTING_FAST_CONNECTABLE;
795
d7a5a11d 796 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 797 settings |= MGMT_SETTING_DISCOVERABLE;
798
d7a5a11d 799 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 800 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 801
d7a5a11d 802 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 803 settings |= MGMT_SETTING_BREDR;
804
d7a5a11d 805 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 806 settings |= MGMT_SETTING_LE;
807
d7a5a11d 808 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 809 settings |= MGMT_SETTING_LINK_SECURITY;
810
d7a5a11d 811 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 812 settings |= MGMT_SETTING_SSP;
813
d7a5a11d 814 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 815 settings |= MGMT_SETTING_HS;
816
d7a5a11d 817 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 818 settings |= MGMT_SETTING_ADVERTISING;
819
d7a5a11d 820 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 821 settings |= MGMT_SETTING_SECURE_CONN;
822
d7a5a11d 823 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 824 settings |= MGMT_SETTING_DEBUG_KEYS;
825
d7a5a11d 826 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 827 settings |= MGMT_SETTING_PRIVACY;
828
93690c22
MH		 829 /* The current setting for static address has two purposes. The
830 * first is to indicate if the static address will be used and
831 * the second is to indicate if it is actually set.
832 *
833 * This means if the static address is not configured, this flag
08dc0e98 834 * will never be set. If the address is configured, then if the
93690c22
MH		 835 * address is actually used decides if the flag is set or not.
836 *
837 * For single mode LE only controllers and dual-mode controllers
838 * with BR/EDR disabled, the existence of the static address will
839 * be evaluated.
840 */
b7cb93e5 841 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 842 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 843 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
844 if (bacmp(&hdev->static_addr, BDADDR_ANY))
845 settings |= MGMT_SETTING_STATIC_ADDRESS;
846 }
847
69ab39ea
JH		 848 return settings;
849}
850
333ae95d
JH		 851static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
852{
853 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
854}
855
333ae95d
JH		 856static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
857 struct hci_dev *hdev,
858 const void *data)
859{
860 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
861}
862
f2252570 863u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 864{
3b0602cd 865 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 866
867 /* If there's a pending mgmt command the flags will not yet have
868 * their final values, so check for this first.
869 */
333ae95d 870 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 871 if (cmd) {
872 struct mgmt_mode *cp = cmd->param;
873 if (cp->val == 0x01)
874 return LE_AD_GENERAL;
875 else if (cp->val == 0x02)
876 return LE_AD_LIMITED;
877 } else {
d7a5a11d 878 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 879 return LE_AD_LIMITED;
d7a5a11d 880 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 881 return LE_AD_GENERAL;
882 }
883
884 return 0;
885}
886
f2252570 887bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 888{
889 struct mgmt_pending_cmd *cmd;
441ad2d0 890
fdf51784
AU		 891 /* If there's a pending mgmt command the flag will not yet have
892 * it's final value, so check for this first.
893 */
894 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
895 if (cmd) {
896 struct mgmt_mode *cp = cmd->param;
441ad2d0 897
fdf51784 898 return cp->val;
441ad2d0
MH		 899 }
900
fdf51784
AU		 901 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
902}
441ad2d0 903
7d78525d
JH		 904static void service_cache_off(struct work_struct *work)
905{
906 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 907 service_cache.work);
890ea898 908 struct hci_request req;
7d78525d 909
a69d8927 910 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 911 return;
912
890ea898
JH		 913 hci_req_init(&req, hdev);
914
7d78525d
JH		 915 hci_dev_lock(hdev);
916
b1a8917c 917 __hci_req_update_eir(&req);
14bf5eac 918 __hci_req_update_class(&req);
7d78525d
JH		 919
920 hci_dev_unlock(hdev);
890ea898
JH		 921
922 hci_req_run(&req, NULL);
7d78525d
JH		 923}
924
d6bfd59c
JH		 925static void rpa_expired(struct work_struct *work)
926{
927 struct hci_dev *hdev = container_of(work, struct hci_dev,
928 rpa_expired.work);
929 struct hci_request req;
930
931 BT_DBG("");
932
a1536da2 933 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 934
d7a5a11d 935 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 936 return;
937
938 /* The generation of a new RPA and programming it into the
f2252570
JH		 939 * controller happens in the hci_req_enable_advertising()
940 * function.
d6bfd59c 941 */
d6bfd59c 942 hci_req_init(&req, hdev);
de181e88
JK		 943 if (ext_adv_capable(hdev))
944 __hci_req_start_ext_adv(&req, hdev->cur_adv_instance);
945 else
946 __hci_req_enable_advertising(&req);
d6bfd59c
JH		 947 hci_req_run(&req, NULL);
948}
949
6a919082 950static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 951{
238be788 952 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 953 return;
954
4f87da80 955 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 956 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 957
4f87da80
JH		 958 /* Non-mgmt controlled devices get this bit set
959 * implicitly so that pairing works for them, however
960 * for mgmt we require user-space to explicitly enable
961 * it
962 */
a358dc11 963 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 964}
965
0f4e68cf 966static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 967 void *data, u16 data_len)
0381101f 968{
a38528f1 969 struct mgmt_rp_read_info rp;
f7b64e69 970
bdb6d971 971 BT_DBG("sock %p %s", sk, hdev->name);
f7b64e69 972
09fd0de5 973 hci_dev_lock(hdev);
f7b64e69 974
dc4fe30b
JH		 975 memset(&rp, 0, sizeof(rp));
976
69ab39ea 977 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 978
69ab39ea 979 rp.version = hdev->hci_ver;
eb55ef07 980 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 981
982 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
983 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 984
a38528f1 985 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 986
dc4fe30b 987 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 988 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 989
09fd0de5 990 hci_dev_unlock(hdev);
0381101f 991
2a1afb5a
JH		 992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
993 sizeof(rp));
0381101f
JH		 994}
995
cde7a863
MN		 996static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
997{
998 u16 eir_len = 0;
999 size_t name_len;
1000
1001 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1002 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1003 hdev->dev_class, 3);
1004
6a9e90bf
SJ		 1005 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1006 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1007 hdev->appearance);
1008
cde7a863
MN		 1009 name_len = strlen(hdev->dev_name);
1010 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1011 hdev->dev_name, name_len);
1012
1013 name_len = strlen(hdev->short_name);
1014 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1015 hdev->short_name, name_len);
1016
1017 return eir_len;
1018}
1019
321c6fee
MH		 1020static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1021 void *data, u16 data_len)
1022{
7d5c11da
SJ		 1023 char buf[512];
1024 struct mgmt_rp_read_ext_info *rp = (void *)buf;
cde7a863 1025 u16 eir_len;
321c6fee
MH		 1026
1027 BT_DBG("sock %p %s", sk, hdev->name);
1028
7d5c11da
SJ		 1029 memset(&buf, 0, sizeof(buf));
1030
321c6fee
MH		 1031 hci_dev_lock(hdev);
1032
7d5c11da
SJ		 1033 bacpy(&rp->bdaddr, &hdev->bdaddr);
1034
1035 rp->version = hdev->hci_ver;
1036 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1037
1038 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1039 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1040
321c6fee 1041
cde7a863 1042 eir_len = append_eir_data_to_buf(hdev, rp->eir);
8a0c9f49 1043 rp->eir_len = cpu_to_le16(eir_len);
321c6fee
MH		 1044
1045 hci_dev_unlock(hdev);
1046
1047 /* If this command is called at least once, then the events
1048 * for class of device and local name changes are disabled
1049 * and only the new extended controller information event
1050 * is used.
1051 */
1052 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1053 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1054 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1055
8a0c9f49
MN		 1056 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1057 sizeof(*rp) + eir_len);
321c6fee
MH		 1058}
1059
1060static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1061{
5e9fae48
MN		 1062 char buf[512];
1063 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1064 u16 eir_len;
1065
1066 memset(buf, 0, sizeof(buf));
321c6fee 1067
5e9fae48
MN		 1068 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1069 ev->eir_len = cpu_to_le16(eir_len);
321c6fee 1070
5e9fae48
MN		 1071 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1072 sizeof(*ev) + eir_len,
1073 HCI_MGMT_EXT_INFO_EVENTS, skip);
321c6fee
MH		 1074}
1075
69ab39ea 1076static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1077{
69ab39ea 1078 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1079
2a1afb5a
JH		 1080 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1081 sizeof(settings));
8680570b
JH		 1082}
1083
1904a853 1084static void clean_up_hci_complete(struct hci_dev *hdev, u8 status, u16 opcode)
8b064a3a
JH		 1085{
1086 BT_DBG("%s status 0x%02x", hdev->name, status);
1087
a3172b7e
JH		 1088 if (hci_conn_count(hdev) == 0) {
1089 cancel_delayed_work(&hdev->power_off);
8b064a3a 1090 queue_work(hdev->req_workqueue, &hdev->power_off.work);
a3172b7e 1091 }
8b064a3a
JH		 1092}
1093
f2252570 1094void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1095{
1096 struct mgmt_ev_advertising_added ev;
1097
1098 ev.instance = instance;
1099
1100 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1101}
1102
f2252570
JH		 1103void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1104 u8 instance)
912098a6
AU		 1105{
1106 struct mgmt_ev_advertising_removed ev;
1107
1108 ev.instance = instance;
1109
1110 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1111}
1112
7816b820
FG		 1113static void cancel_adv_timeout(struct hci_dev *hdev)
1114{
1115 if (hdev->adv_instance_timeout) {
1116 hdev->adv_instance_timeout = 0;
1117 cancel_delayed_work(&hdev->adv_instance_expire);
1118 }
1119}
1120
8b064a3a
JH		 1121static int clean_up_hci_state(struct hci_dev *hdev)
1122{
1123 struct hci_request req;
1124 struct hci_conn *conn;
23a48093
JH		 1125 bool discov_stopped;
1126 int err;
8b064a3a
JH		 1127
1128 hci_req_init(&req, hdev);
1129
1130 if (test_bit(HCI_ISCAN, &hdev->flags) ||
1131 test_bit(HCI_PSCAN, &hdev->flags)) {
1132 u8 scan = 0x00;
1133 hci_req_add(&req, HCI_OP_WRITE_SCAN_ENABLE, 1, &scan);
1134 }
1135
37d3a1fa 1136 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, false);
912098a6 1137
d7a5a11d 1138 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1139 __hci_req_disable_advertising(&req);
8b064a3a 1140
2154d3f4 1141 discov_stopped = hci_req_stop_discovery(&req);
8b064a3a
JH		 1142
1143 list_for_each_entry(conn, &hdev->conn_hash.list, list) {
89e0ccc8
JH		 1144 /* 0x15 == Terminated due to Power Off */
1145 __hci_abort_conn(&req, conn, 0x15);
8b064a3a
JH		 1146 }
1147
23a48093
JH		 1148 err = hci_req_run(&req, clean_up_hci_complete);
1149 if (!err && discov_stopped)
1150 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
1151
1152 return err;
8b064a3a
JH		 1153}
1154
bdb6d971 1155static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1156 u16 len)
eec8d2bc 1157{
650f726d 1158 struct mgmt_mode *cp = data;
3b0602cd 1159 struct mgmt_pending_cmd *cmd;
4b34ee78 1160 int err;
eec8d2bc 1161
bdb6d971 1162 BT_DBG("request for %s", hdev->name);
eec8d2bc 1163
a7e80f25 1164 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1165 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1166 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1167
09fd0de5 1168 hci_dev_lock(hdev);
eec8d2bc 1169
333ae95d 1170 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1171 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1172 MGMT_STATUS_BUSY);
87b95ba6
JH		 1173 goto failed;
1174 }
1175
4b34ee78 1176 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1177 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1178 goto failed;
1179 }
1180
2e58ef3e 1181 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1182 if (!cmd) {
1183 err = -ENOMEM;
eec8d2bc 1184 goto failed;
366a0336 1185 }
eec8d2bc 1186
8b064a3a 1187 if (cp->val) {
19202573 1188 queue_work(hdev->req_workqueue, &hdev->power_on);
8b064a3a
JH		 1189 err = 0;
1190 } else {
1191 /* Disconnect connections, stop scans, etc */
1192 err = clean_up_hci_state(hdev);
a3172b7e
JH		 1193 if (!err)
1194 queue_delayed_work(hdev->req_workqueue, &hdev->power_off,
1195 HCI_POWER_OFF_TIMEOUT);
eec8d2bc 1196
8b064a3a
JH		 1197 /* ENODATA means there were no HCI commands queued */
1198 if (err == -ENODATA) {
a3172b7e 1199 cancel_delayed_work(&hdev->power_off);
8b064a3a
JH		 1200 queue_work(hdev->req_workqueue, &hdev->power_off.work);
1201 err = 0;
1202 }
1203 }
eec8d2bc
JH		 1204
1205failed:
09fd0de5 1206 hci_dev_unlock(hdev);
366a0336 1207 return err;
eec8d2bc
JH		 1208}
1209
beadb2bd
JH		 1210static int new_settings(struct hci_dev *hdev, struct sock *skip)
1211{
f6b7712e 1212 __le32 ev = cpu_to_le32(get_current_settings(hdev));
beadb2bd 1213
5504c3a3
MH		 1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
beadb2bd
JH		 1216}
1217
91a668b0
JH		 1218int mgmt_new_settings(struct hci_dev *hdev)
1219{
1220 return new_settings(hdev, NULL);
1221}
1222
bd99abdd
JH		 1223struct cmd_lookup {
1224 struct sock *sk;
1225 struct hci_dev *hdev;
1226 u8 mgmt_status;
1227};
1228
3b0602cd 1229static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1230{
1231 struct cmd_lookup *match = data;
1232
1233 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1234
1235 list_del(&cmd->list);
1236
1237 if (match->sk == NULL) {
1238 match->sk = cmd->sk;
1239 sock_hold(match->sk);
1240 }
1241
1242 mgmt_pending_free(cmd);
1243}
1244
3b0602cd 1245static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1246{
1247 u8 *status = data;
1248
a69e8375 1249 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1250 mgmt_pending_remove(cmd);
1251}
1252
3b0602cd 1253static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1254{
1255 if (cmd->cmd_complete) {
1256 u8 *status = data;
1257
1258 cmd->cmd_complete(cmd, *status);
1259 mgmt_pending_remove(cmd);
1260
1261 return;
1262 }
1263
1264 cmd_status_rsp(cmd, data);
1265}
1266
3b0602cd 1267static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1268{
2a1afb5a
JH		 1269 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1270 cmd->param, cmd->param_len);
f5818c22
JH		 1271}
1272
3b0602cd 1273static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1274{
2a1afb5a
JH		 1275 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1276 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1277}
1278
e6fe7986
JH		 1279static u8 mgmt_bredr_support(struct hci_dev *hdev)
1280{
1281 if (!lmp_bredr_capable(hdev))
1282 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1283 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1284 return MGMT_STATUS_REJECTED;
1285 else
1286 return MGMT_STATUS_SUCCESS;
1287}
1288
1289static u8 mgmt_le_support(struct hci_dev *hdev)
1290{
1291 if (!lmp_le_capable(hdev))
1292 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1293 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1294 return MGMT_STATUS_REJECTED;
1295 else
1296 return MGMT_STATUS_SUCCESS;
1297}
1298
aed1a885 1299void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1300{
3b0602cd 1301 struct mgmt_pending_cmd *cmd;
bfaf8c9f
JH		 1302
1303 BT_DBG("status 0x%02x", status);
1304
1305 hci_dev_lock(hdev);
1306
333ae95d 1307 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1308 if (!cmd)
1309 goto unlock;
1310
1311 if (status) {
1312 u8 mgmt_err = mgmt_status(status);
a69e8375 1313 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1314 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1315 goto remove_cmd;
1316 }
1317
aed1a885
JH		 1318 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1319 hdev->discov_timeout > 0) {
1320 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1321 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1322 }
bfaf8c9f
JH		 1323
1324 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1325 new_settings(hdev, cmd->sk);
970ba524 1326
bfaf8c9f
JH		 1327remove_cmd:
1328 mgmt_pending_remove(cmd);
1329
1330unlock:
1331 hci_dev_unlock(hdev);
1332}
1333
bdb6d971 1334static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1335 u16 len)
73f22f62 1336{
650f726d 1337 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1338 struct mgmt_pending_cmd *cmd;
5e5282bb 1339 u16 timeout;
73f22f62
JH		 1340 int err;
1341
bdb6d971 1342 BT_DBG("request for %s", hdev->name);
73f22f62 1343
d7a5a11d
MH		 1344 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1345 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1346 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1347 MGMT_STATUS_REJECTED);
33c525c0 1348
310a3d48 1349 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1350 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1351 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1352
1f350c87 1353 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1354
1355 /* Disabling discoverable requires that no timeout is set,
1356 * and enabling limited discoverable requires a timeout.
1357 */
1358 if ((cp->val == 0x00 && timeout > 0) ||
1359 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1360 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1361 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1362
09fd0de5 1363 hci_dev_lock(hdev);
73f22f62 1364
5e5282bb 1365 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1367 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1368 goto failed;
1369 }
1370
333ae95d
JH		 1371 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1372 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1373 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1374 MGMT_STATUS_BUSY);
73f22f62
JH		 1375 goto failed;
1376 }
1377
d7a5a11d 1378 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1379 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1380 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1381 goto failed;
1382 }
1383
1384 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1385 bool changed = false;
1386
310a3d48
MH		 1387 /* Setting limited discoverable when powered off is
1388 * not a valid operation since it requires a timeout
1389 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1390 */
d7a5a11d 1391 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1392 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1393 changed = true;
1394 }
1395
5e5282bb 1396 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1397 if (err < 0)
1398 goto failed;
1399
1400 if (changed)
1401 err = new_settings(hdev, sk);
1402
5e5282bb
JH		 1403 goto failed;
1404 }
1405
310a3d48
MH		 1406 /* If the current mode is the same, then just update the timeout
1407 * value with the new value. And if only the timeout gets updated,
1408 * then no need for any HCI transactions.
1409 */
d7a5a11d
MH		 1410 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1411 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1412 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1413 cancel_delayed_work(&hdev->discov_off);
1414 hdev->discov_timeout = timeout;
955638ec 1415
36261547
MH		 1416 if (cp->val && hdev->discov_timeout > 0) {
1417 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1418 queue_delayed_work(hdev->req_workqueue,
1419 &hdev->discov_off, to);
955638ec
MH		 1420 }
1421
69ab39ea 1422 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1423 goto failed;
1424 }
1425
2e58ef3e 1426 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1427 if (!cmd) {
1428 err = -ENOMEM;
73f22f62 1429 goto failed;
366a0336 1430 }
73f22f62 1431
310a3d48
MH		 1432 /* Cancel any potential discoverable timeout that might be
1433 * still active and store new timeout value. The arming of
1434 * the timeout happens in the complete handler.
1435 */
1436 cancel_delayed_work(&hdev->discov_off);
1437 hdev->discov_timeout = timeout;
1438
aed1a885
JH		 1439 if (cp->val)
1440 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1441 else
1442 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1443
b456f87c
JH		 1444 /* Limited discoverable mode */
1445 if (cp->val == 0x02)
a1536da2 1446 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1447 else
a358dc11 1448 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1449
aed1a885
JH		 1450 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1451 err = 0;
73f22f62
JH		 1452
1453failed:
09fd0de5 1454 hci_dev_unlock(hdev);
73f22f62
JH		 1455 return err;
1456}
1457
53c0ba74 1458void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1459{
3b0602cd 1460 struct mgmt_pending_cmd *cmd;
2b76f453
JH		 1461
1462 BT_DBG("status 0x%02x", status);
1463
1464 hci_dev_lock(hdev);
1465
333ae95d 1466 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1467 if (!cmd)
1468 goto unlock;
1469
37438c1f
JH		 1470 if (status) {
1471 u8 mgmt_err = mgmt_status(status);
a69e8375 1472 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1473 goto remove_cmd;
1474 }
1475
2b76f453 1476 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1477 new_settings(hdev, cmd->sk);
d7b856f9 1478
37438c1f 1479remove_cmd:
2b76f453
JH		 1480 mgmt_pending_remove(cmd);
1481
1482unlock:
1483 hci_dev_unlock(hdev);
1484}
1485
e8ba3a1f
JH		 1486static int set_connectable_update_settings(struct hci_dev *hdev,
1487 struct sock *sk, u8 val)
1488{
1489 bool changed = false;
1490 int err;
1491
d7a5a11d 1492 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1493 changed = true;
1494
1495 if (val) {
a1536da2 1496 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1497 } else {
a358dc11
MH		 1498 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1499 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1500 }
1501
1502 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1503 if (err < 0)
1504 return err;
1505
562064e6 1506 if (changed) {
01b1cb87 1507 hci_req_update_scan(hdev);
562064e6 1508 hci_update_background_scan(hdev);
e8ba3a1f 1509 return new_settings(hdev, sk);
562064e6 1510 }
e8ba3a1f
JH		 1511
1512 return 0;
1513}
1514
bdb6d971 1515static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1516 u16 len)
9fbcbb45 1517{
650f726d 1518 struct mgmt_mode *cp = data;
3b0602cd 1519 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1520 int err;
1521
bdb6d971 1522 BT_DBG("request for %s", hdev->name);
9fbcbb45 1523
d7a5a11d
MH		 1524 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1525 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1526 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1527 MGMT_STATUS_REJECTED);
33c525c0 1528
a7e80f25 1529 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1530 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1531 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1532
09fd0de5 1533 hci_dev_lock(hdev);
9fbcbb45 1534
4b34ee78 1535 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1536 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1537 goto failed;
1538 }
1539
333ae95d
JH		 1540 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1541 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1542 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1543 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1544 goto failed;
1545 }
1546
2e58ef3e 1547 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1548 if (!cmd) {
1549 err = -ENOMEM;
9fbcbb45 1550 goto failed;
366a0336 1551 }
9fbcbb45 1552
53c0ba74
JH		 1553 if (cp->val) {
1554 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1555 } else {
1556 if (hdev->discov_timeout > 0)
1557 cancel_delayed_work(&hdev->discov_off);
2b76f453 1558
53c0ba74
JH		 1559 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1560 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1561 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1562 }
2b76f453 1563
53c0ba74
JH		 1564 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1565 err = 0;
9fbcbb45
JH		 1566
1567failed:
09fd0de5 1568 hci_dev_unlock(hdev);
9fbcbb45
JH		 1569 return err;
1570}
1571
b2939475 1572static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1573 u16 len)
c542a06c 1574{
650f726d 1575 struct mgmt_mode *cp = data;
55594356 1576 bool changed;
c542a06c
JH		 1577 int err;
1578
bdb6d971 1579 BT_DBG("request for %s", hdev->name);
c542a06c 1580
a7e80f25 1581 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1582 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1583 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1584
09fd0de5 1585 hci_dev_lock(hdev);
c542a06c
JH		 1586
1587 if (cp->val)
238be788 1588 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1589 else
a69d8927 1590 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1591
b2939475 1592 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1593 if (err < 0)
55594356 1594 goto unlock;
c542a06c 1595
82a37ade
JH		 1596 if (changed) {
1597 /* In limited privacy mode the change of bondable mode
1598 * may affect the local advertising address.
1599 */
1600 if (hdev_is_powered(hdev) &&
1601 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1602 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1603 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1604 queue_work(hdev->req_workqueue,
1605 &hdev->discoverable_update);
1606
55594356 1607 err = new_settings(hdev, sk);
82a37ade 1608 }
c542a06c 1609
55594356 1610unlock:
09fd0de5 1611 hci_dev_unlock(hdev);
c542a06c
JH		 1612 return err;
1613}
1614
04124681
GP		 1615static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1616 u16 len)
33ef95ed
JH		 1617{
1618 struct mgmt_mode *cp = data;
3b0602cd 1619 struct mgmt_pending_cmd *cmd;
e6fe7986 1620 u8 val, status;
33ef95ed
JH		 1621 int err;
1622
bdb6d971 1623 BT_DBG("request for %s", hdev->name);
33ef95ed 1624
e6fe7986
JH		 1625 status = mgmt_bredr_support(hdev);
1626 if (status)
a69e8375
JH		 1627 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1628 status);
33c525c0 1629
a7e80f25 1630 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1631 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1632 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1633
33ef95ed
JH		 1634 hci_dev_lock(hdev);
1635
4b34ee78 1636 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1637 bool changed = false;
1638
d7a5a11d 1639 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1640 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1641 changed = true;
1642 }
1643
1644 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1645 if (err < 0)
1646 goto failed;
1647
1648 if (changed)
1649 err = new_settings(hdev, sk);
1650
33ef95ed
JH		 1651 goto failed;
1652 }
1653
333ae95d 1654 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1655 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1656 MGMT_STATUS_BUSY);
33ef95ed
JH		 1657 goto failed;
1658 }
1659
1660 val = !!cp->val;
1661
1662 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1663 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1664 goto failed;
1665 }
1666
1667 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1668 if (!cmd) {
1669 err = -ENOMEM;
1670 goto failed;
1671 }
1672
1673 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1674 if (err < 0) {
1675 mgmt_pending_remove(cmd);
1676 goto failed;
1677 }
1678
1679failed:
1680 hci_dev_unlock(hdev);
33ef95ed
JH		 1681 return err;
1682}
1683
bdb6d971 1684static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1685{
1686 struct mgmt_mode *cp = data;
3b0602cd 1687 struct mgmt_pending_cmd *cmd;
72ef0c1a 1688 u8 status;
ed2c4ee3
JH		 1689 int err;
1690
bdb6d971 1691 BT_DBG("request for %s", hdev->name);
ed2c4ee3 1692
cdba5281
MH		 1693 status = mgmt_bredr_support(hdev);
1694 if (status)
a69e8375 1695 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1696
13ecd8b6 1697 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1698 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1699 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1700
a7e80f25 1701 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1702 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1703 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1704
13ecd8b6 1705 hci_dev_lock(hdev);
6c8f12c1 1706
4b34ee78 1707 if (!hdev_is_powered(hdev)) {
9ecb3e24 1708 bool changed;
c0ecddc2 1709
9ecb3e24 1710 if (cp->val) {
238be788
MH		 1711 changed = !hci_dev_test_and_set_flag(hdev,
1712 HCI_SSP_ENABLED);
9ecb3e24 1713 } else {
a69d8927
MH		 1714 changed = hci_dev_test_and_clear_flag(hdev,
1715 HCI_SSP_ENABLED);
9ecb3e24 1716 if (!changed)
a69d8927
MH		 1717 changed = hci_dev_test_and_clear_flag(hdev,
1718 HCI_HS_ENABLED);
9ecb3e24 1719 else
a358dc11 1720 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1721 }
1722
1723 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1724 if (err < 0)
1725 goto failed;
1726
1727 if (changed)
1728 err = new_settings(hdev, sk);
1729
ed2c4ee3
JH		 1730 goto failed;
1731 }
1732
333ae95d 1733 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1734 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1735 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1736 goto failed;
1737 }
1738
d7a5a11d 1739 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1740 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1741 goto failed;
1742 }
1743
1744 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1745 if (!cmd) {
1746 err = -ENOMEM;
1747 goto failed;
1748 }
1749
d7a5a11d 1750 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1751 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1752 sizeof(cp->val), &cp->val);
1753
72ef0c1a 1754 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1755 if (err < 0) {
1756 mgmt_pending_remove(cmd);
1757 goto failed;
1758 }
1759
1760failed:
1761 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1762 return err;
1763}
1764
bdb6d971 1765static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1766{
1767 struct mgmt_mode *cp = data;
ee392693 1768 bool changed;
e6fe7986 1769 u8 status;
ee392693 1770 int err;
6d80dfd0 1771
bdb6d971 1772 BT_DBG("request for %s", hdev->name);
6d80dfd0 1773
e6fe7986
JH		 1774 status = mgmt_bredr_support(hdev);
1775 if (status)
a69e8375 1776 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1777
9ecb3e24 1778 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1779 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1780 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1781
d7a5a11d 1782 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1784 MGMT_STATUS_REJECTED);
9ecb3e24 1785
a7e80f25 1786 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1788 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1789
ee392693
MH		 1790 hci_dev_lock(hdev);
1791
333ae95d 1792 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1793 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1794 MGMT_STATUS_BUSY);
a2cb01de
JH		 1795 goto unlock;
1796 }
1797
a0cdf960 1798 if (cp->val) {
238be788 1799 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1800 } else {
1801 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1803 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1804 goto unlock;
1805 }
1806
a69d8927 1807 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1808 }
ee392693
MH		 1809
1810 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1811 if (err < 0)
1812 goto unlock;
1813
1814 if (changed)
1815 err = new_settings(hdev, sk);
6d80dfd0 1816
ee392693
MH		 1817unlock:
1818 hci_dev_unlock(hdev);
1819 return err;
6d80dfd0
JH		 1820}
1821
1904a853 1822static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1823{
1824 struct cmd_lookup match = { NULL, hdev };
1825
3ad67582
JK		 1826 hci_dev_lock(hdev);
1827
416a4ae5
JH		 1828 if (status) {
1829 u8 mgmt_err = mgmt_status(status);
1830
1831 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1832 &mgmt_err);
3ad67582 1833 goto unlock;
416a4ae5
JH		 1834 }
1835
1836 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1837
1838 new_settings(hdev, match.sk);
1839
1840 if (match.sk)
1841 sock_put(match.sk);
441ad2d0
MH		 1842
1843 /* Make sure the controller has a good default for
1844 * advertising data. Restrict the update to when LE
1845 * has actually been enabled. During power on, the
1846 * update in powered_update_hci will take care of it.
1847 */
d7a5a11d 1848 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0 1849 struct hci_request req;
441ad2d0 1850 hci_req_init(&req, hdev);
a0fb3726
JK		 1851 if (ext_adv_capable(hdev)) {
1852 int err;
1853
1854 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1855 if (!err)
1856 __hci_req_update_scan_rsp_data(&req, 0x00);
1857 } else {
1858 __hci_req_update_adv_data(&req, 0x00);
1859 __hci_req_update_scan_rsp_data(&req, 0x00);
1860 }
441ad2d0 1861 hci_req_run(&req, NULL);
2e93e53b 1862 hci_update_background_scan(hdev);
441ad2d0 1863 }
3ad67582
JK		 1864
1865unlock:
1866 hci_dev_unlock(hdev);
416a4ae5
JH		 1867}
1868
bdb6d971 1869static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1870{
1871 struct mgmt_mode *cp = data;
1872 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1873 struct mgmt_pending_cmd *cmd;
416a4ae5 1874 struct hci_request req;
06199cf8 1875 int err;
0b60eba1 1876 u8 val, enabled;
06199cf8 1877
bdb6d971 1878 BT_DBG("request for %s", hdev->name);
06199cf8 1879
13ecd8b6 1880 if (!lmp_le_capable(hdev))
a69e8375
JH		 1881 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1882 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1883
a7e80f25 1884 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1885 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1886 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1887
e7844ee5
MH		 1888 /* Bluetooth single mode LE only controllers or dual-mode
1889 * controllers configured as LE only devices, do not allow
1890 * switching LE off. These have either LE enabled explicitly
1891 * or BR/EDR has been previously switched off.
1892 *
1893 * When trying to enable an already enabled LE, then gracefully
1894 * send a positive response. Trying to disable it however will
1895 * result into rejection.
1896 */
1897 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1898 if (cp->val == 0x01)
1899 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1900
a69e8375
JH		 1901 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1902 MGMT_STATUS_REJECTED);
e7844ee5 1903 }
c73eee91 1904
13ecd8b6 1905 hci_dev_lock(hdev);
06199cf8
JH		 1906
1907 val = !!cp->val;
ffa88e02 1908 enabled = lmp_host_le_capable(hdev);
06199cf8 1909
847818d9 1910 if (!val)
37d3a1fa 1911 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
847818d9 1912
0b60eba1 1913 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 1914 bool changed = false;
1915
d7a5a11d 1916 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 1917 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 1918 changed = true;
1919 }
1920
d7a5a11d 1921 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 1922 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 1923 changed = true;
1924 }
1925
06199cf8
JH		 1926 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1927 if (err < 0)
1de028ce 1928 goto unlock;
06199cf8
JH		 1929
1930 if (changed)
1931 err = new_settings(hdev, sk);
1932
1de028ce 1933 goto unlock;
06199cf8
JH		 1934 }
1935
333ae95d
JH		 1936 if (pending_find(MGMT_OP_SET_LE, hdev) ||
1937 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 1938 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1939 MGMT_STATUS_BUSY);
1de028ce 1940 goto unlock;
06199cf8
JH		 1941 }
1942
1943 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
1944 if (!cmd) {
1945 err = -ENOMEM;
1de028ce 1946 goto unlock;
06199cf8
JH		 1947 }
1948
441ad2d0
MH		 1949 hci_req_init(&req, hdev);
1950
06199cf8
JH		 1951 memset(&hci_cp, 0, sizeof(hci_cp));
1952
1953 if (val) {
1954 hci_cp.le = val;
32226e4f 1955 hci_cp.simul = 0x00;
441ad2d0 1956 } else {
d7a5a11d 1957 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 1958 __hci_req_disable_advertising(&req);
45b7749f
JK		 1959
1960 if (ext_adv_capable(hdev))
1961 __hci_req_clear_ext_adv_sets(&req);
06199cf8
JH		 1962 }
1963
416a4ae5
JH		 1964 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
1965 &hci_cp);
1966
1967 err = hci_req_run(&req, le_enable_complete);
0c01bc48 1968 if (err < 0)
06199cf8 1969 mgmt_pending_remove(cmd);
06199cf8 1970
1de028ce
JH		 1971unlock:
1972 hci_dev_unlock(hdev);
06199cf8
JH		 1973 return err;
1974}
1975
0cab9c80
JH		 1976/* This is a helper function to test for pending mgmt commands that can
1977 * cause CoD or EIR HCI commands. We can only allow one such pending
1978 * mgmt command at a time since otherwise we cannot easily track what
1979 * the current values are, will be, and based on that calculate if a new
1980 * HCI command needs to be sent and if yes with what value.
1981 */
1982static bool pending_eir_or_class(struct hci_dev *hdev)
1983{
3b0602cd 1984 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 1985
1986 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
1987 switch (cmd->opcode) {
1988 case MGMT_OP_ADD_UUID:
1989 case MGMT_OP_REMOVE_UUID:
1990 case MGMT_OP_SET_DEV_CLASS:
1991 case MGMT_OP_SET_POWERED:
1992 return true;
1993 }
1994 }
1995
1996 return false;
1997}
1998
83be8eca
JH		 1999static const u8 bluetooth_base_uuid[] = {
2000 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2001 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2002};
2003
2004static u8 get_uuid_size(const u8 *uuid)
2005{
2006 u32 val;
2007
2008 if (memcmp(uuid, bluetooth_base_uuid, 12))
2009 return 128;
2010
2011 val = get_unaligned_le32(&uuid[12]);
2012 if (val > 0xffff)
2013 return 32;
2014
2015 return 16;
2016}
2017
92da6097
JH		 2018static void mgmt_class_complete(struct hci_dev *hdev, u16 mgmt_op, u8 status)
2019{
3b0602cd 2020 struct mgmt_pending_cmd *cmd;
92da6097
JH		 2021
2022 hci_dev_lock(hdev);
2023
333ae95d 2024 cmd = pending_find(mgmt_op, hdev);
92da6097
JH		 2025 if (!cmd)
2026 goto unlock;
2027
2a1afb5a
JH		 2028 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
2029 mgmt_status(status), hdev->dev_class, 3);
92da6097
JH		 2030
2031 mgmt_pending_remove(cmd);
2032
2033unlock:
2034 hci_dev_unlock(hdev);
2035}
2036
1904a853 2037static void add_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2038{
2039 BT_DBG("status 0x%02x", status);
2040
2041 mgmt_class_complete(hdev, MGMT_OP_ADD_UUID, status);
2042}
2043
bdb6d971 2044static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2045{
650f726d 2046 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2047 struct mgmt_pending_cmd *cmd;
890ea898 2048 struct hci_request req;
2aeb9a1a 2049 struct bt_uuid *uuid;
2aeb9a1a
JH		 2050 int err;
2051
bdb6d971 2052 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2053
09fd0de5 2054 hci_dev_lock(hdev);
2aeb9a1a 2055
0cab9c80 2056 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2057 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2058 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2059 goto failed;
2060 }
2061
92c4c204 2062 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2063 if (!uuid) {
2064 err = -ENOMEM;
2065 goto failed;
2066 }
2067
2068 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2069 uuid->svc_hint = cp->svc_hint;
83be8eca 2070 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2071
de66aa63 2072 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2073
890ea898 2074 hci_req_init(&req, hdev);
1aff6f09 2075
14bf5eac 2076 __hci_req_update_class(&req);
b1a8917c 2077 __hci_req_update_eir(&req);
890ea898 2078
92da6097
JH		 2079 err = hci_req_run(&req, add_uuid_complete);
2080 if (err < 0) {
2081 if (err != -ENODATA)
2082 goto failed;
80a1e1db 2083
2a1afb5a
JH		 2084 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_UUID, 0,
2085 hdev->dev_class, 3);
90e70454
JH		 2086 goto failed;
2087 }
2088
2089 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2090 if (!cmd) {
90e70454 2091 err = -ENOMEM;
890ea898
JH		 2092 goto failed;
2093 }
2094
2095 err = 0;
2aeb9a1a
JH		 2096
2097failed:
09fd0de5 2098 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2099 return err;
2100}
2101
24b78d0f
JH		 2102static bool enable_service_cache(struct hci_dev *hdev)
2103{
2104 if (!hdev_is_powered(hdev))
2105 return false;
2106
238be788 2107 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2108 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2109 CACHE_TIMEOUT);
24b78d0f
JH		 2110 return true;
2111 }
2112
2113 return false;
2114}
2115
1904a853 2116static void remove_uuid_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2117{
2118 BT_DBG("status 0x%02x", status);
2119
2120 mgmt_class_complete(hdev, MGMT_OP_REMOVE_UUID, status);
2121}
2122
bdb6d971 2123static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2124 u16 len)
2aeb9a1a 2125{
650f726d 2126 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2127 struct mgmt_pending_cmd *cmd;
056341c8 2128 struct bt_uuid *match, *tmp;
2aeb9a1a 2129 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
890ea898 2130 struct hci_request req;
2aeb9a1a
JH		 2131 int err, found;
2132
bdb6d971 2133 BT_DBG("request for %s", hdev->name);
2aeb9a1a 2134
09fd0de5 2135 hci_dev_lock(hdev);
2aeb9a1a 2136
0cab9c80 2137 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2138 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2139 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2140 goto unlock;
2141 }
2142
2aeb9a1a 2143 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2144 hci_uuids_clear(hdev);
4004b6d9 2145
24b78d0f 2146 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2147 err = mgmt_cmd_complete(sk, hdev->id,
2148 MGMT_OP_REMOVE_UUID,
2149 0, hdev->dev_class, 3);
24b78d0f
JH		 2150 goto unlock;
2151 }
4004b6d9 2152
9246a869 2153 goto update_class;
2aeb9a1a
JH		 2154 }
2155
2156 found = 0;
2157
056341c8 2158 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2159 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2160 continue;
2161
2162 list_del(&match->list);
482049f7 2163 kfree(match);
2aeb9a1a
JH		 2164 found++;
2165 }
2166
2167 if (found == 0) {
a69e8375
JH		 2168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2169 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2170 goto unlock;
2171 }
2172
9246a869 2173update_class:
890ea898 2174 hci_req_init(&req, hdev);
1aff6f09 2175
14bf5eac 2176 __hci_req_update_class(&req);
b1a8917c 2177 __hci_req_update_eir(&req);
890ea898 2178
92da6097
JH		 2179 err = hci_req_run(&req, remove_uuid_complete);
2180 if (err < 0) {
2181 if (err != -ENODATA)
2182 goto unlock;
80a1e1db 2183
2a1afb5a
JH		 2184 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_UUID, 0,
2185 hdev->dev_class, 3);
90e70454
JH		 2186 goto unlock;
2187 }
2188
2189 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2190 if (!cmd) {
90e70454 2191 err = -ENOMEM;
890ea898
JH		 2192 goto unlock;
2193 }
2194
2195 err = 0;
2aeb9a1a
JH		 2196
2197unlock:
09fd0de5 2198 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2199 return err;
2200}
2201
1904a853 2202static void set_class_complete(struct hci_dev *hdev, u8 status, u16 opcode)
92da6097
JH		 2203{
2204 BT_DBG("status 0x%02x", status);
2205
2206 mgmt_class_complete(hdev, MGMT_OP_SET_DEV_CLASS, status);
2207}
2208
bdb6d971 2209static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2210 u16 len)
1aff6f09 2211{
650f726d 2212 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2213 struct mgmt_pending_cmd *cmd;
890ea898 2214 struct hci_request req;
1aff6f09
JH		 2215 int err;
2216
bdb6d971 2217 BT_DBG("request for %s", hdev->name);
1aff6f09 2218
6203fc98 2219 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2220 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2221 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2222
0cab9c80 2223 hci_dev_lock(hdev);
ee98f473 2224
0cab9c80 2225 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2226 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2227 MGMT_STATUS_BUSY);
0cab9c80
JH		 2228 goto unlock;
2229 }
c95f0ba7 2230
0cab9c80 2231 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2232 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2233 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2234 goto unlock;
2235 }
575b3a02 2236
932f5ff5
JH		 2237 hdev->major_class = cp->major;
2238 hdev->minor_class = cp->minor;
2239
b5235a65 2240 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2241 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2242 hdev->dev_class, 3);
b5235a65
JH		 2243 goto unlock;
2244 }
2245
890ea898
JH		 2246 hci_req_init(&req, hdev);
2247
a69d8927 2248 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
7d78525d
JH		 2249 hci_dev_unlock(hdev);
2250 cancel_delayed_work_sync(&hdev->service_cache);
2251 hci_dev_lock(hdev);
b1a8917c 2252 __hci_req_update_eir(&req);
7d78525d 2253 }
14c0b608 2254
14bf5eac 2255 __hci_req_update_class(&req);
890ea898 2256
92da6097
JH		 2257 err = hci_req_run(&req, set_class_complete);
2258 if (err < 0) {
2259 if (err != -ENODATA)
2260 goto unlock;
1aff6f09 2261
2a1afb5a
JH		 2262 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2263 hdev->dev_class, 3);
90e70454
JH		 2264 goto unlock;
2265 }
2266
2267 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2268 if (!cmd) {
90e70454 2269 err = -ENOMEM;
890ea898
JH		 2270 goto unlock;
2271 }
2272
2273 err = 0;
1aff6f09 2274
b5235a65 2275unlock:
09fd0de5 2276 hci_dev_unlock(hdev);
1aff6f09
JH		 2277 return err;
2278}
2279
bdb6d971 2280static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2281 u16 len)
55ed8ca1 2282{
650f726d 2283 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2284 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2285 sizeof(struct mgmt_link_key_info));
4e51eae9 2286 u16 key_count, expected_len;
b1de97d8 2287 bool changed;
a492cd52 2288 int i;
55ed8ca1 2289
9060d5cf
MH		 2290 BT_DBG("request for %s", hdev->name);
2291
2292 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2294 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2295
1f350c87 2296 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 2297 if (key_count > max_key_count) {
2064ee33
MH		 2298 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2299 key_count);
a69e8375
JH		 2300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2301 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2302 }
55ed8ca1 2303
86742e1e
JH		 2304 expected_len = sizeof(*cp) + key_count *
2305 sizeof(struct mgmt_link_key_info);
a492cd52 2306 if (expected_len != len) {
2064ee33
MH		 2307 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2308 expected_len, len);
a69e8375
JH		 2309 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2310 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2311 }
2312
4ae14301 2313 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2314 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2315 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2316
bdb6d971 2317 BT_DBG("%s debug_keys %u key_count %u", hdev->name, cp->debug_keys,
8ce8e2b5 2318 key_count);
55ed8ca1 2319
4ee71b20
JH		 2320 for (i = 0; i < key_count; i++) {
2321 struct mgmt_link_key_info *key = &cp->keys[i];
2322
8e991132 2323 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2324 return mgmt_cmd_status(sk, hdev->id,
2325 MGMT_OP_LOAD_LINK_KEYS,
2326 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2327 }
2328
09fd0de5 2329 hci_dev_lock(hdev);
55ed8ca1
JH		 2330
2331 hci_link_keys_clear(hdev);
2332
55ed8ca1 2333 if (cp->debug_keys)
238be788 2334 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2335 else
a69d8927
MH		 2336 changed = hci_dev_test_and_clear_flag(hdev,
2337 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2338
2339 if (changed)
2340 new_settings(hdev, NULL);
55ed8ca1 2341
a492cd52 2342 for (i = 0; i < key_count; i++) {
86742e1e 2343 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2344
58e9293c
JH		 2345 /* Always ignore debug keys and require a new pairing if
2346 * the user wants to use them.
2347 */
2348 if (key->type == HCI_LK_DEBUG_COMBINATION)
2349 continue;
2350
7652ff6a
JH		 2351 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2352 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2353 }
2354
2a1afb5a 2355 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2356
09fd0de5 2357 hci_dev_unlock(hdev);
55ed8ca1 2358
a492cd52 2359 return 0;
55ed8ca1
JH		 2360}
2361
b1078ad0 2362static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2363 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2364{
2365 struct mgmt_ev_device_unpaired ev;
2366
2367 bacpy(&ev.addr.bdaddr, bdaddr);
2368 ev.addr.type = addr_type;
2369
2370 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2371 skip_sk);
b1078ad0
JH		 2372}
2373
bdb6d971 2374static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2375 u16 len)
55ed8ca1 2376{
124f6e35
JH		 2377 struct mgmt_cp_unpair_device *cp = data;
2378 struct mgmt_rp_unpair_device rp;
fc64361a 2379 struct hci_conn_params *params;
3b0602cd 2380 struct mgmt_pending_cmd *cmd;
55ed8ca1 2381 struct hci_conn *conn;
ec182f03 2382 u8 addr_type;
55ed8ca1
JH		 2383 int err;
2384
a8a1d19e 2385 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2386 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2387 rp.addr.type = cp->addr.type;
a8a1d19e 2388
4ee71b20 2389 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2391 MGMT_STATUS_INVALID_PARAMS,
2392 &rp, sizeof(rp));
4ee71b20 2393
118da70b 2394 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2395 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2396 MGMT_STATUS_INVALID_PARAMS,
2397 &rp, sizeof(rp));
118da70b 2398
4ee71b20
JH		 2399 hci_dev_lock(hdev);
2400
86a8cfc6 2401 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2402 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2403 MGMT_STATUS_NOT_POWERED, &rp,
2404 sizeof(rp));
86a8cfc6
JH		 2405 goto unlock;
2406 }
2407
e0b2b27e 2408 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2409 /* If disconnection is requested, then look up the
2410 * connection. If the remote device is connected, it
2411 * will be later used to terminate the link.
2412 *
2413 * Setting it to NULL explicitly will cause no
2414 * termination of the link.
2415 */
2416 if (cp->disconnect)
2417 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2418 &cp->addr.bdaddr);
2419 else
2420 conn = NULL;
2421
124f6e35 2422 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2423 if (err < 0) {
2424 err = mgmt_cmd_complete(sk, hdev->id,
2425 MGMT_OP_UNPAIR_DEVICE,
2426 MGMT_STATUS_NOT_PAIRED, &rp,
2427 sizeof(rp));
2428 goto unlock;
89cbb063
AA		 2429 }
2430
ec182f03 2431 goto done;
e0b2b27e 2432 }
b0dbfb46 2433
ec182f03
JH		 2434 /* LE address type */
2435 addr_type = le_addr_type(cp->addr.type);
2436
cb28c306
MK		 2437 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2438 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2439 if (err < 0) {
2a1afb5a
JH		 2440 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2441 MGMT_STATUS_NOT_PAIRED, &rp,
2442 sizeof(rp));
55ed8ca1
JH		 2443 goto unlock;
2444 }
2445
ec182f03
JH		 2446 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2447 if (!conn) {
2448 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2449 goto done;
2450 }
2451
c81d555a 2452
ec182f03
JH		 2453 /* Defer clearing up the connection parameters until closing to
2454 * give a chance of keeping them if a repairing happens.
2455 */
2456 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2457
fc64361a
JH		 2458 /* Disable auto-connection parameters if present */
2459 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2460 if (params) {
2461 if (params->explicit_connect)
2462 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2463 else
2464 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2465 }
2466
ec182f03
JH		 2467 /* If disconnection is not requested, then clear the connection
2468 * variable so that the link is not terminated.
2469 */
2470 if (!cp->disconnect)
2471 conn = NULL;
2472
2473done:
89cbb063
AA		 2474 /* If the connection variable is set, then termination of the
2475 * link is requested.
2476 */
a8a1d19e 2477 if (!conn) {
2a1afb5a
JH		 2478 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2479 &rp, sizeof(rp));
b1078ad0 2480 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2481 goto unlock;
2482 }
55ed8ca1 2483
124f6e35 2484 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2485 sizeof(*cp));
a8a1d19e
JH		 2486 if (!cmd) {
2487 err = -ENOMEM;
2488 goto unlock;
55ed8ca1
JH		 2489 }
2490
d8b7b1e4
JH		 2491 cmd->cmd_complete = addr_cmd_complete;
2492
89e0ccc8 2493 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2494 if (err < 0)
2495 mgmt_pending_remove(cmd);
2496
55ed8ca1 2497unlock:
09fd0de5 2498 hci_dev_unlock(hdev);
55ed8ca1
JH		 2499 return err;
2500}
2501
bdb6d971 2502static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2503 u16 len)
8962ee74 2504{
650f726d 2505 struct mgmt_cp_disconnect *cp = data;
06a63b19 2506 struct mgmt_rp_disconnect rp;
3b0602cd 2507 struct mgmt_pending_cmd *cmd;
8962ee74 2508 struct hci_conn *conn;
8962ee74
JH		 2509 int err;
2510
2511 BT_DBG("");
2512
06a63b19
JH		 2513 memset(&rp, 0, sizeof(rp));
2514 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2515 rp.addr.type = cp->addr.type;
2516
4ee71b20 2517 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2518 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2519 MGMT_STATUS_INVALID_PARAMS,
2520 &rp, sizeof(rp));
4ee71b20 2521
09fd0de5 2522 hci_dev_lock(hdev);
8962ee74
JH		 2523
2524 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2525 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2526 MGMT_STATUS_NOT_POWERED, &rp,
2527 sizeof(rp));
8962ee74
JH		 2528 goto failed;
2529 }
2530
333ae95d 2531 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2532 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2533 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2534 goto failed;
2535 }
2536
591f47f3 2537 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2538 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2539 &cp->addr.bdaddr);
88c3df13 2540 else
9d4c1cc1
JH		 2541 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2542 le_addr_type(cp->addr.type));
365227e5 2543
f960727e 2544 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2545 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2546 MGMT_STATUS_NOT_CONNECTED, &rp,
2547 sizeof(rp));
8962ee74
JH		 2548 goto failed;
2549 }
2550
2e58ef3e 2551 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2552 if (!cmd) {
2553 err = -ENOMEM;
8962ee74 2554 goto failed;
366a0336 2555 }
8962ee74 2556
f5818c22
JH		 2557 cmd->cmd_complete = generic_cmd_complete;
2558
e3f2f92a 2559 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2560 if (err < 0)
a664b5bc 2561 mgmt_pending_remove(cmd);
8962ee74
JH		 2562
2563failed:
09fd0de5 2564 hci_dev_unlock(hdev);
8962ee74
JH		 2565 return err;
2566}
2567
57c1477c 2568static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2569{
2570 switch (link_type) {
2571 case LE_LINK:
48264f06
JH		 2572 switch (addr_type) {
2573 case ADDR_LE_DEV_PUBLIC:
591f47f3 2574 return BDADDR_LE_PUBLIC;
0ed09148 2575
48264f06 2576 default:
0ed09148 2577 /* Fallback to LE Random address type */
591f47f3 2578 return BDADDR_LE_RANDOM;
48264f06 2579 }
0ed09148 2580
4c659c39 2581 default:
0ed09148 2582 /* Fallback to BR/EDR type */
591f47f3 2583 return BDADDR_BREDR;
4c659c39
JH		 2584 }
2585}
2586
04124681
GP		 2587static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2588 u16 data_len)
2784eb41 2589{
2784eb41 2590 struct mgmt_rp_get_connections *rp;
8035ded4 2591 struct hci_conn *c;
a38528f1 2592 size_t rp_len;
60fc5fb6
JH		 2593 int err;
2594 u16 i;
2784eb41
JH		 2595
2596 BT_DBG("");
2597
09fd0de5 2598 hci_dev_lock(hdev);
2784eb41 2599
5f97c1df 2600 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2602 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2603 goto unlock;
2604 }
2605
60fc5fb6 2606 i = 0;
b644ba33
JH		 2607 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2608 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2609 i++;
2784eb41
JH		 2610 }
2611
60fc5fb6 2612 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
92c4c204 2613 rp = kmalloc(rp_len, GFP_KERNEL);
a38528f1 2614 if (!rp) {
2784eb41
JH		 2615 err = -ENOMEM;
2616 goto unlock;
2617 }
2618
2784eb41 2619 i = 0;
4c659c39 2620 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2621 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2622 continue;
4c659c39 2623 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2624 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2625 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2626 continue;
2627 i++;
2628 }
2629
eb55ef07 2630 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2631
4c659c39
JH		 2632 /* Recalculate length in case of filtered SCO connections, etc */
2633 rp_len = sizeof(*rp) + (i * sizeof(struct mgmt_addr_info));
2784eb41 2634
2a1afb5a
JH		 2635 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
2636 rp_len);
2784eb41 2637
a38528f1 2638 kfree(rp);
5f97c1df
JH		 2639
2640unlock:
09fd0de5 2641 hci_dev_unlock(hdev);
2784eb41
JH		 2642 return err;
2643}
2644
bdb6d971 2645static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2646 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2647{
3b0602cd 2648 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2649 int err;
2650
2e58ef3e 2651 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2652 sizeof(*cp));
96d97a67
WR		 2653 if (!cmd)
2654 return -ENOMEM;
2655
dd7e39bb
AL		 2656 cmd->cmd_complete = addr_cmd_complete;
2657
d8457698 2658 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2659 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2660 if (err < 0)
2661 mgmt_pending_remove(cmd);
2662
2663 return err;
2664}
2665
bdb6d971 2666static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2667 u16 len)
980e1a53 2668{
96d97a67 2669 struct hci_conn *conn;
650f726d 2670 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2671 struct hci_cp_pin_code_reply reply;
3b0602cd 2672 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2673 int err;
2674
2675 BT_DBG("");
2676
09fd0de5 2677 hci_dev_lock(hdev);
980e1a53 2678
4b34ee78 2679 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2680 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2681 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2682 goto failed;
2683 }
2684
d8457698 2685 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2686 if (!conn) {
a69e8375
JH		 2687 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2688 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2689 goto failed;
2690 }
2691
2692 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2693 struct mgmt_cp_pin_code_neg_reply ncp;
2694
2695 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67 2696
2064ee33 2697 bt_dev_err(hdev, "PIN code is not 16 bytes long");
96d97a67 2698
bdb6d971 2699 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2700 if (err >= 0)
a69e8375
JH		 2701 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2702 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2703
2704 goto failed;
2705 }
2706
00abfe44 2707 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2708 if (!cmd) {
2709 err = -ENOMEM;
980e1a53 2710 goto failed;
366a0336 2711 }
980e1a53 2712
7776d1d8
JH		 2713 cmd->cmd_complete = addr_cmd_complete;
2714
d8457698 2715 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2716 reply.pin_len = cp->pin_len;
24718ca5 2717 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2718
2719 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2720 if (err < 0)
a664b5bc 2721 mgmt_pending_remove(cmd);
980e1a53
JH		 2722
2723failed:
09fd0de5 2724 hci_dev_unlock(hdev);
980e1a53
JH		 2725 return err;
2726}
2727
04124681
GP		 2728static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2729 u16 len)
17fa4b9d 2730{
650f726d 2731 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d
JH		 2732
2733 BT_DBG("");
2734
4ec86d4c 2735 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 2736 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2737 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 2738
09fd0de5 2739 hci_dev_lock(hdev);
17fa4b9d
JH		 2740
2741 hdev->io_capability = cp->io_capability;
2742
2743 BT_DBG("%s IO capability set to 0x%02x", hdev->name,
8ce8e2b5 2744 hdev->io_capability);
17fa4b9d 2745
09fd0de5 2746 hci_dev_unlock(hdev);
17fa4b9d 2747
2a1afb5a
JH		 2748 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2749 NULL, 0);
17fa4b9d
JH		 2750}
2751
3b0602cd 2752static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2753{
2754 struct hci_dev *hdev = conn->hdev;
3b0602cd 2755 struct mgmt_pending_cmd *cmd;
e9a416b5 2756
2e58ef3e 2757 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2758 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2759 continue;
2760
e9a416b5
JH		 2761 if (cmd->user_data != conn)
2762 continue;
2763
2764 return cmd;
2765 }
2766
2767 return NULL;
2768}
2769
3b0602cd 2770static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2771{
2772 struct mgmt_rp_pair_device rp;
2773 struct hci_conn *conn = cmd->user_data;
9df74653 2774 int err;
e9a416b5 2775
61b1a7fb
JH		 2776 bacpy(&rp.addr.bdaddr, &conn->dst);
2777 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2778
2a1afb5a
JH		 2779 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2780 status, &rp, sizeof(rp));
e9a416b5
JH		 2781
2782 /* So we don't get further callbacks for this connection */
2783 conn->connect_cfm_cb = NULL;
2784 conn->security_cfm_cb = NULL;
2785 conn->disconn_cfm_cb = NULL;
2786
76a68ba0 2787 hci_conn_drop(conn);
89cbb063
AA		 2788
2789 /* The device is paired so there is no need to remove
2790 * its connection parameters anymore.
2791 */
2792 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2793
2794 hci_conn_put(conn);
9df74653
JH		 2795
2796 return err;
e9a416b5
JH		 2797}
2798
f4a407be
JH		 2799void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2800{
2801 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2802 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2803
2804 cmd = find_pairing(conn);
a511b35b 2805 if (cmd) {
04ab2749 2806 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2807 mgmt_pending_remove(cmd);
2808 }
f4a407be
JH		 2809}
2810
e9a416b5
JH		 2811static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2812{
3b0602cd 2813 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2814
2815 BT_DBG("status %u", status);
2816
2817 cmd = find_pairing(conn);
a511b35b 2818 if (!cmd) {
e9a416b5 2819 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2820 return;
2821 }
2822
2823 cmd->cmd_complete(cmd, mgmt_status(status));
2824 mgmt_pending_remove(cmd);
e9a416b5
JH		 2825}
2826
f4a407be 2827static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2828{
3b0602cd 2829 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2830
2831 BT_DBG("status %u", status);
2832
2833 if (!status)
2834 return;
2835
2836 cmd = find_pairing(conn);
a511b35b 2837 if (!cmd) {
4c47d739 2838 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2839 return;
2840 }
2841
2842 cmd->cmd_complete(cmd, mgmt_status(status));
2843 mgmt_pending_remove(cmd);
4c47d739
VA		 2844}
2845
bdb6d971 2846static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2847 u16 len)
e9a416b5 2848{
650f726d 2849 struct mgmt_cp_pair_device *cp = data;
1425acb7 2850 struct mgmt_rp_pair_device rp;
3b0602cd 2851 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2852 u8 sec_level, auth_type;
2853 struct hci_conn *conn;
e9a416b5
JH		 2854 int err;
2855
2856 BT_DBG("");
2857
f950a30e
SJ		 2858 memset(&rp, 0, sizeof(rp));
2859 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2860 rp.addr.type = cp->addr.type;
2861
4ee71b20 2862 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2863 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2864 MGMT_STATUS_INVALID_PARAMS,
2865 &rp, sizeof(rp));
4ee71b20 2866
4ec86d4c 2867 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2868 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2869 MGMT_STATUS_INVALID_PARAMS,
2870 &rp, sizeof(rp));
4ec86d4c 2871
09fd0de5 2872 hci_dev_lock(hdev);
e9a416b5 2873
5f97c1df 2874 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2875 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2876 MGMT_STATUS_NOT_POWERED, &rp,
2877 sizeof(rp));
5f97c1df
JH		 2878 goto unlock;
2879 }
2880
55e76b38
JH		 2881 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2882 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2883 MGMT_STATUS_ALREADY_PAIRED, &rp,
2884 sizeof(rp));
2885 goto unlock;
2886 }
2887
c908df36 2888 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2889 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2890
6f77d8c7 2891 if (cp->addr.type == BDADDR_BREDR) {
04a6c589
AG		 2892 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
2893 auth_type);
6f77d8c7 2894 } else {
85813a7e 2895 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2896 struct hci_conn_params *p;
6f77d8c7 2897
7c264b10
MH		 2898 /* When pairing a new device, it is expected to remember
2899 * this device for future connections. Adding the connection
2900 * parameter information ahead of time allows tracking
2901 * of the slave preferred values and will speed up any
2902 * further connection establishment.
2903 *
2904 * If connection parameters already exist, then they
2905 * will be kept and this function does nothing.
2906 */
5157b8a5
JP		 2907 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2908
2909 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2910 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2911
fa142220
JP		 2912 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr,
2913 addr_type, sec_level,
0ad06aa6 2914 HCI_LE_CONN_TIMEOUT);
6f77d8c7 2915 }
7a512d01 2916
30e76272 2917 if (IS_ERR(conn)) {
489dc48e
AK		 2918 int status;
2919
2920 if (PTR_ERR(conn) == -EBUSY)
2921 status = MGMT_STATUS_BUSY;
faa81030
LR		 2922 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2923 status = MGMT_STATUS_NOT_SUPPORTED;
2924 else if (PTR_ERR(conn) == -ECONNREFUSED)
2925 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2926 else
2927 status = MGMT_STATUS_CONNECT_FAILED;
2928
2a1afb5a
JH		 2929 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2930 status, &rp, sizeof(rp));
e9a416b5
JH		 2931 goto unlock;
2932 }
2933
2934 if (conn->connect_cfm_cb) {
76a68ba0 2935 hci_conn_drop(conn);
2a1afb5a
JH		 2936 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2937 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2938 goto unlock;
2939 }
2940
2e58ef3e 2941 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2942 if (!cmd) {
2943 err = -ENOMEM;
76a68ba0 2944 hci_conn_drop(conn);
e9a416b5
JH		 2945 goto unlock;
2946 }
2947
04ab2749
JH		 2948 cmd->cmd_complete = pairing_complete;
2949
7a512d01 2950 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 2951 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 2952 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 2953 conn->security_cfm_cb = pairing_complete_cb;
2954 conn->disconn_cfm_cb = pairing_complete_cb;
2955 } else {
2956 conn->connect_cfm_cb = le_pairing_complete_cb;
2957 conn->security_cfm_cb = le_pairing_complete_cb;
2958 conn->disconn_cfm_cb = le_pairing_complete_cb;
2959 }
7a512d01 2960
e9a416b5 2961 conn->io_capability = cp->io_cap;
f8aaf9b6 2962 cmd->user_data = hci_conn_get(conn);
e9a416b5 2963
6f78fd4b 2964 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 2965 hci_conn_security(conn, sec_level, auth_type, true)) {
2966 cmd->cmd_complete(cmd, 0);
2967 mgmt_pending_remove(cmd);
2968 }
e9a416b5
JH		 2969
2970 err = 0;
2971
2972unlock:
09fd0de5 2973 hci_dev_unlock(hdev);
e9a416b5
JH		 2974 return err;
2975}
2976
04124681
GP		 2977static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2978 u16 len)
28424707 2979{
0f4e68cf 2980 struct mgmt_addr_info *addr = data;
3b0602cd 2981 struct mgmt_pending_cmd *cmd;
28424707
JH		 2982 struct hci_conn *conn;
2983 int err;
2984
2985 BT_DBG("");
2986
28424707
JH		 2987 hci_dev_lock(hdev);
2988
5f97c1df 2989 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2990 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2991 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2992 goto unlock;
2993 }
2994
333ae95d 2995 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 2996 if (!cmd) {
a69e8375
JH		 2997 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
2998 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 2999 goto unlock;
3000 }
3001
3002 conn = cmd->user_data;
3003
3004 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3005 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3006 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3007 goto unlock;
3008 }
3009
a511b35b
JH		 3010 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3011 mgmt_pending_remove(cmd);
28424707 3012
2a1afb5a
JH		 3013 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3014 addr, sizeof(*addr));
28424707
JH		 3015unlock:
3016 hci_dev_unlock(hdev);
28424707
JH		 3017 return err;
3018}
3019
bdb6d971 3020static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3021 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3022 u16 hci_op, __le32 passkey)
a5c29683 3023{
3b0602cd 3024 struct mgmt_pending_cmd *cmd;
0df4c185 3025 struct hci_conn *conn;
a5c29683
JH		 3026 int err;
3027
09fd0de5 3028 hci_dev_lock(hdev);
08ba5382 3029
4b34ee78 3030 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3031 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3032 MGMT_STATUS_NOT_POWERED, addr,
3033 sizeof(*addr));
0df4c185 3034 goto done;
a5c29683
JH		 3035 }
3036
1707c60e
JH		 3037 if (addr->type == BDADDR_BREDR)
3038 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3039 else
9d4c1cc1
JH		 3040 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3041 le_addr_type(addr->type));
272d90df
JH		 3042
3043 if (!conn) {
2a1afb5a
JH		 3044 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3045 MGMT_STATUS_NOT_CONNECTED, addr,
3046 sizeof(*addr));
272d90df
JH		 3047 goto done;
3048 }
47c15e2b 3049
1707c60e 3050 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3051 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3052 if (!err)
2a1afb5a
JH		 3053 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3054 MGMT_STATUS_SUCCESS, addr,
3055 sizeof(*addr));
5fe57d9e 3056 else
2a1afb5a
JH		 3057 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3058 MGMT_STATUS_FAILED, addr,
3059 sizeof(*addr));
47c15e2b 3060
47c15e2b
BG		 3061 goto done;
3062 }
3063
1707c60e 3064 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3065 if (!cmd) {
3066 err = -ENOMEM;
0df4c185 3067 goto done;
a5c29683
JH		 3068 }
3069
7776d1d8
JH		 3070 cmd->cmd_complete = addr_cmd_complete;
3071
0df4c185 3072 /* Continue with pairing via HCI */
604086b7
BG		 3073 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3074 struct hci_cp_user_passkey_reply cp;
3075
1707c60e 3076 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3077 cp.passkey = passkey;
3078 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3079 } else
1707c60e
JH		 3080 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3081 &addr->bdaddr);
604086b7 3082
a664b5bc
JH		 3083 if (err < 0)
3084 mgmt_pending_remove(cmd);
a5c29683 3085
0df4c185 3086done:
09fd0de5 3087 hci_dev_unlock(hdev);
a5c29683
JH		 3088 return err;
3089}
3090
afeb019d
JK		 3091static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3092 void *data, u16 len)
3093{
3094 struct mgmt_cp_pin_code_neg_reply *cp = data;
3095
3096 BT_DBG("");
3097
1707c60e 3098 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3099 MGMT_OP_PIN_CODE_NEG_REPLY,
3100 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3101}
3102
04124681
GP		 3103static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3104 u16 len)
0df4c185 3105{
650f726d 3106 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185
BG		 3107
3108 BT_DBG("");
3109
3110 if (len != sizeof(*cp))
a69e8375
JH		 3111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3112 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3113
1707c60e 3114 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3115 MGMT_OP_USER_CONFIRM_REPLY,
3116 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3117}
3118
bdb6d971 3119static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3120 void *data, u16 len)
0df4c185 3121{
c9c2659f 3122 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185
BG		 3123
3124 BT_DBG("");
3125
1707c60e 3126 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3127 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3128 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3129}
3130
04124681
GP		 3131static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3132 u16 len)
604086b7 3133{
650f726d 3134 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7
BG		 3135
3136 BT_DBG("");
3137
1707c60e 3138 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3139 MGMT_OP_USER_PASSKEY_REPLY,
3140 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3141}
3142
bdb6d971 3143static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3144 void *data, u16 len)
604086b7 3145{
650f726d 3146 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7
BG		 3147
3148 BT_DBG("");
3149
1707c60e 3150 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3151 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3152 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3153}
3154
7c295c48
MN		 3155static void adv_expire(struct hci_dev *hdev, u32 flags)
3156{
3157 struct adv_info *adv_instance;
3158 struct hci_request req;
3159 int err;
3160
3161 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3162 if (!adv_instance)
3163 return;
3164
3165 /* stop if current instance doesn't need to be changed */
3166 if (!(adv_instance->flags & flags))
3167 return;
3168
3169 cancel_adv_timeout(hdev);
3170
3171 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3172 if (!adv_instance)
3173 return;
3174
3175 hci_req_init(&req, hdev);
3176 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3177 true);
3178 if (err)
3179 return;
3180
3181 hci_req_run(&req, NULL);
3182}
3183
1904a853 3184static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3185{
3186 struct mgmt_cp_set_local_name *cp;
3b0602cd 3187 struct mgmt_pending_cmd *cmd;
13928971
JH		 3188
3189 BT_DBG("status 0x%02x", status);
3190
3191 hci_dev_lock(hdev);
3192
333ae95d 3193 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3194 if (!cmd)
3195 goto unlock;
3196
3197 cp = cmd->param;
3198
7c295c48 3199 if (status) {
a69e8375
JH		 3200 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3201 mgmt_status(status));
7c295c48 3202 } else {
2a1afb5a
JH		 3203 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3204 cp, sizeof(*cp));
13928971 3205
7c295c48
MN		 3206 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3207 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3208 }
3209
13928971
JH		 3210 mgmt_pending_remove(cmd);
3211
3212unlock:
3213 hci_dev_unlock(hdev);
3214}
3215
bdb6d971 3216static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3217 u16 len)
b312b161 3218{
2b4bf397 3219 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3220 struct mgmt_pending_cmd *cmd;
890ea898 3221 struct hci_request req;
b312b161
JH		 3222 int err;
3223
3224 BT_DBG("");
3225
09fd0de5 3226 hci_dev_lock(hdev);
b312b161 3227
b3f2ca94
JH		 3228 /* If the old values are the same as the new ones just return a
3229 * direct command complete event.
3230 */
3231 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3232 !memcmp(hdev->short_name, cp->short_name,
3233 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3234 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3235 data, len);
b3f2ca94
JH		 3236 goto failed;
3237 }
3238
2b4bf397 3239 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3240
b5235a65 3241 if (!hdev_is_powered(hdev)) {
2b4bf397 3242 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3243
2a1afb5a
JH		 3244 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3245 data, len);
28cc7bde
JH		 3246 if (err < 0)
3247 goto failed;
3248
5504c3a3
MH		 3249 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3250 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3251 ext_info_changed(hdev, sk);
28cc7bde 3252
b5235a65
JH		 3253 goto failed;
3254 }
3255
28cc7bde 3256 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3257 if (!cmd) {
3258 err = -ENOMEM;
3259 goto failed;
3260 }
3261
13928971
JH		 3262 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3263
890ea898 3264 hci_req_init(&req, hdev);
3f985050
JH		 3265
3266 if (lmp_bredr_capable(hdev)) {
00cf5040 3267 __hci_req_update_name(&req);
b1a8917c 3268 __hci_req_update_eir(&req);
3f985050
JH		 3269 }
3270
7a5f4990
MH		 3271 /* The name is stored in the scan response data and so
3272 * no need to udpate the advertising data here.
3273 */
7dc6f16c 3274 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
cab054ab 3275 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3f985050 3276
13928971 3277 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3278 if (err < 0)
3279 mgmt_pending_remove(cmd);
3280
3281failed:
09fd0de5 3282 hci_dev_unlock(hdev);
b312b161
JH		 3283 return err;
3284}
3285
c4960ecf
MN		 3286static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3287 u16 len)
3288{
3289 struct mgmt_cp_set_appearance *cp = data;
3290 u16 apperance;
3291 int err;
3292
3293 BT_DBG("");
3294
af4168c5
MN		 3295 if (!lmp_le_capable(hdev))
3296 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3297 MGMT_STATUS_NOT_SUPPORTED);
3298
c4960ecf
MN		 3299 apperance = le16_to_cpu(cp->appearance);
3300
3301 hci_dev_lock(hdev);
3302
3303 if (hdev->appearance != apperance) {
3304 hdev->appearance = apperance;
3305
3306 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3307 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
e74317f4
MN		 3308
3309 ext_info_changed(hdev, sk);
c4960ecf
MN		 3310 }
3311
3312 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3313 0);
3314
3315 hci_dev_unlock(hdev);
3316
3317 return err;
3318}
3319
6244691f
JK		 3320static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3321 void *data, u16 len)
3322{
3323 struct mgmt_rp_get_phy_confguration rp;
3324
3325 BT_DBG("sock %p %s", sk, hdev->name);
3326
3327 hci_dev_lock(hdev);
3328
3329 memset(&rp, 0, sizeof(rp));
3330
3331 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3332 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3333 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3334
3335 hci_dev_unlock(hdev);
3336
3337 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3338 &rp, sizeof(rp));
3339}
3340
b7c23df8
JK		 3341int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3342{
3343 struct mgmt_ev_phy_configuration_changed ev;
3344
3345 memset(&ev, 0, sizeof(ev));
3346
3347 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3348
3349 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3350 sizeof(ev), skip);
3351}
3352
0314f286
JK		 3353static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3354 u16 opcode, struct sk_buff *skb)
3355{
0314f286
JK		 3356 struct mgmt_pending_cmd *cmd;
3357
3358 BT_DBG("status 0x%02x", status);
3359
3360 hci_dev_lock(hdev);
3361
3362 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3363 if (!cmd)
3364 goto unlock;
3365
0314f286
JK		 3366 if (status) {
3367 mgmt_cmd_status(cmd->sk, hdev->id,
3368 MGMT_OP_SET_PHY_CONFIGURATION,
3369 mgmt_status(status));
3370 } else {
3371 mgmt_cmd_complete(cmd->sk, hdev->id,
3372 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3373 NULL, 0);
b7c23df8
JK		 3374
3375 mgmt_phy_configuration_changed(hdev, cmd->sk);
0314f286
JK		 3376 }
3377
3378 mgmt_pending_remove(cmd);
3379
3380unlock:
3381 hci_dev_unlock(hdev);
3382}
3383
3384static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3385 void *data, u16 len)
3386{
3387 struct mgmt_cp_set_phy_confguration *cp = data;
3388 struct hci_cp_le_set_default_phy cp_phy;
3389 struct mgmt_pending_cmd *cmd;
3390 struct hci_request req;
3391 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3392 u16 pkt_type = (HCI_DH1 | HCI_DM1);
b7c23df8 3393 bool changed = false;
0314f286
JK		 3394 int err;
3395
3396 BT_DBG("sock %p %s", sk, hdev->name);
3397
3398 configurable_phys = get_configurable_phys(hdev);
3399 supported_phys = get_supported_phys(hdev);
3400 selected_phys = __le32_to_cpu(cp->selected_phys);
3401
3402 if (selected_phys & ~supported_phys)
3403 return mgmt_cmd_status(sk, hdev->id,
3404 MGMT_OP_SET_PHY_CONFIGURATION,
3405 MGMT_STATUS_INVALID_PARAMS);
3406
3407 unconfigure_phys = supported_phys & ~configurable_phys;
3408
3409 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3410 return mgmt_cmd_status(sk, hdev->id,
3411 MGMT_OP_SET_PHY_CONFIGURATION,
3412 MGMT_STATUS_INVALID_PARAMS);
3413
3414 if (selected_phys == get_selected_phys(hdev))
3415 return mgmt_cmd_complete(sk, hdev->id,
3416 MGMT_OP_SET_PHY_CONFIGURATION,
3417 0, NULL, 0);
3418
3419 hci_dev_lock(hdev);
3420
3421 if (!hdev_is_powered(hdev)) {
3422 err = mgmt_cmd_status(sk, hdev->id,
3423 MGMT_OP_SET_PHY_CONFIGURATION,
3424 MGMT_STATUS_REJECTED);
3425 goto unlock;
3426 }
3427
3428 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3429 err = mgmt_cmd_status(sk, hdev->id,
3430 MGMT_OP_SET_PHY_CONFIGURATION,
3431 MGMT_STATUS_BUSY);
3432 goto unlock;
3433 }
3434
3435 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3436 pkt_type |= (HCI_DH3 | HCI_DM3);
3437 else
3438 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3439
3440 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3441 pkt_type |= (HCI_DH5 | HCI_DM5);
3442 else
3443 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3444
3445 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3446 pkt_type &= ~HCI_2DH1;
3447 else
3448 pkt_type |= HCI_2DH1;
3449
3450 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3451 pkt_type &= ~HCI_2DH3;
3452 else
3453 pkt_type |= HCI_2DH3;
3454
3455 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3456 pkt_type &= ~HCI_2DH5;
3457 else
3458 pkt_type |= HCI_2DH5;
3459
3460 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3461 pkt_type &= ~HCI_3DH1;
3462 else
3463 pkt_type |= HCI_3DH1;
3464
3465 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3466 pkt_type &= ~HCI_3DH3;
3467 else
3468 pkt_type |= HCI_3DH3;
3469
3470 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3471 pkt_type &= ~HCI_3DH5;
3472 else
3473 pkt_type |= HCI_3DH5;
3474
b7c23df8 3475 if (pkt_type != hdev->pkt_type) {
0314f286 3476 hdev->pkt_type = pkt_type;
b7c23df8
JK		 3477 changed = true;
3478 }
0314f286
JK		 3479
3480 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3481 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
b7c23df8
JK		 3482 if (changed)
3483 mgmt_phy_configuration_changed(hdev, sk);
3484
0314f286
JK		 3485 err = mgmt_cmd_complete(sk, hdev->id,
3486 MGMT_OP_SET_PHY_CONFIGURATION,
3487 0, NULL, 0);
3488
3489 goto unlock;
3490 }
3491
3492 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3493 len);
3494 if (!cmd) {
3495 err = -ENOMEM;
3496 goto unlock;
3497 }
3498
3499 hci_req_init(&req, hdev);
3500
3501 memset(&cp_phy, 0, sizeof(cp_phy));
3502
3503 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3504 cp_phy.all_phys |= 0x01;
3505
3506 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3507 cp_phy.all_phys |= 0x02;
3508
3509 if (selected_phys & MGMT_PHY_LE_1M_TX)
3510 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3511
3512 if (selected_phys & MGMT_PHY_LE_2M_TX)
3513 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3514
3515 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3516 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3517
3518 if (selected_phys & MGMT_PHY_LE_1M_RX)
3519 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3520
3521 if (selected_phys & MGMT_PHY_LE_2M_RX)
3522 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3523
3524 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3525 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3526
3527 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3528
3529 err = hci_req_run_skb(&req, set_default_phy_complete);
3530 if (err < 0)
3531 mgmt_pending_remove(cmd);
3532
3533unlock:
3534 hci_dev_unlock(hdev);
3535
3536 return err;
3537}
3538
1b9441f8
JH		 3539static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
3540 u16 opcode, struct sk_buff *skb)
3541{
3542 struct mgmt_rp_read_local_oob_data mgmt_rp;
3543 size_t rp_size = sizeof(mgmt_rp);
3544 struct mgmt_pending_cmd *cmd;
3545
3546 BT_DBG("%s status %u", hdev->name, status);
3547
3548 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
3549 if (!cmd)
3550 return;
3551
3552 if (status || !skb) {
3553 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3554 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
3555 goto remove;
3556 }
3557
3558 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
3559
3560 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
3561 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
3562
3563 if (skb->len < sizeof(*rp)) {
3564 mgmt_cmd_status(cmd->sk, hdev->id,
3565 MGMT_OP_READ_LOCAL_OOB_DATA,
3566 MGMT_STATUS_FAILED);
3567 goto remove;
3568 }
3569
3570 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
3571 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
3572
3573 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
3574 } else {
3575 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
3576
3577 if (skb->len < sizeof(*rp)) {
3578 mgmt_cmd_status(cmd->sk, hdev->id,
3579 MGMT_OP_READ_LOCAL_OOB_DATA,
3580 MGMT_STATUS_FAILED);
3581 goto remove;
3582 }
3583
3584 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
3585 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
3586
3587 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
3588 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
3589 }
3590
3591 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3592 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
3593
3594remove:
3595 mgmt_pending_remove(cmd);
3596}
3597
0f4e68cf 3598static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3599 void *data, u16 data_len)
c35938b2 3600{
3b0602cd 3601 struct mgmt_pending_cmd *cmd;
1b9441f8 3602 struct hci_request req;
c35938b2
SJ		 3603 int err;
3604
bdb6d971 3605 BT_DBG("%s", hdev->name);
c35938b2 3606
09fd0de5 3607 hci_dev_lock(hdev);
c35938b2 3608
4b34ee78 3609 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3610 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3611 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 3612 goto unlock;
3613 }
3614
9a1a1996 3615 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 3616 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3617 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 3618 goto unlock;
3619 }
3620
333ae95d 3621 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 3622 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
3623 MGMT_STATUS_BUSY);
c35938b2
SJ		 3624 goto unlock;
3625 }
3626
2e58ef3e 3627 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 3628 if (!cmd) {
3629 err = -ENOMEM;
3630 goto unlock;
3631 }
3632
1b9441f8
JH		 3633 hci_req_init(&req, hdev);
3634
710f11c0 3635 if (bredr_sc_enabled(hdev))
1b9441f8 3636 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 3637 else
1b9441f8 3638 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 3639
1b9441f8 3640 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 3641 if (err < 0)
3642 mgmt_pending_remove(cmd);
3643
3644unlock:
09fd0de5 3645 hci_dev_unlock(hdev);
c35938b2
SJ		 3646 return err;
3647}
3648
bdb6d971 3649static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 3650 void *data, u16 len)
2763eda6 3651{
5d57e796 3652 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 3653 int err;
3654
bdb6d971 3655 BT_DBG("%s ", hdev->name);
2763eda6 3656
5d57e796 3657 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 3658 return mgmt_cmd_complete(sk, hdev->id,
3659 MGMT_OP_ADD_REMOTE_OOB_DATA,
3660 MGMT_STATUS_INVALID_PARAMS,
3661 addr, sizeof(*addr));
5d57e796 3662
09fd0de5 3663 hci_dev_lock(hdev);
2763eda6 3664
ec109113
MH		 3665 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
3666 struct mgmt_cp_add_remote_oob_data *cp = data;
3667 u8 status;
bf1e3541 3668
c19a495c 3669 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 3670 err = mgmt_cmd_complete(sk, hdev->id,
3671 MGMT_OP_ADD_REMOTE_OOB_DATA,
3672 MGMT_STATUS_INVALID_PARAMS,
3673 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 3674 goto unlock;
3675 }
3676
ec109113 3677 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 3678 cp->addr.type, cp->hash,
3679 cp->rand, NULL, NULL);
ec109113
MH		 3680 if (err < 0)
3681 status = MGMT_STATUS_FAILED;
3682 else
3683 status = MGMT_STATUS_SUCCESS;
3684
2a1afb5a
JH		 3685 err = mgmt_cmd_complete(sk, hdev->id,
3686 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
3687 &cp->addr, sizeof(cp->addr));
ec109113
MH		 3688 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
3689 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 3690 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 3691 u8 status;
3692
86df9200 3693 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 3694 /* Enforce zero-valued 192-bit parameters as
3695 * long as legacy SMP OOB isn't implemented.
3696 */
3697 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
3698 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 3699 err = mgmt_cmd_complete(sk, hdev->id,
3700 MGMT_OP_ADD_REMOTE_OOB_DATA,
3701 MGMT_STATUS_INVALID_PARAMS,
3702 addr, sizeof(*addr));
d25b78e2
JH		 3703 goto unlock;
3704 }
3705
86df9200
JH		 3706 rand192 = NULL;
3707 hash192 = NULL;
3708 } else {
41bcfd50
MH		 3709 /* In case one of the P-192 values is set to zero,
3710 * then just disable OOB data for P-192.
3711 */
3712 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
3713 !memcmp(cp->hash192, ZERO_KEY, 16)) {
3714 rand192 = NULL;
3715 hash192 = NULL;
3716 } else {
3717 rand192 = cp->rand192;
3718 hash192 = cp->hash192;
3719 }
3720 }
3721
3722 /* In case one of the P-256 values is set to zero, then just
3723 * disable OOB data for P-256.
3724 */
3725 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
3726 !memcmp(cp->hash256, ZERO_KEY, 16)) {
3727 rand256 = NULL;
3728 hash256 = NULL;
3729 } else {
3730 rand256 = cp->rand256;
3731 hash256 = cp->hash256;
86df9200
JH		 3732 }
3733
81328d5c 3734 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 3735 cp->addr.type, hash192, rand192,
41bcfd50 3736 hash256, rand256);
ec109113
MH		 3737 if (err < 0)
3738 status = MGMT_STATUS_FAILED;
3739 else
3740 status = MGMT_STATUS_SUCCESS;
3741
2a1afb5a
JH		 3742 err = mgmt_cmd_complete(sk, hdev->id,
3743 MGMT_OP_ADD_REMOTE_OOB_DATA,
3744 status, &cp->addr, sizeof(cp->addr));
ec109113 3745 } else {
2064ee33
MH		 3746 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
3747 len);
a69e8375
JH		 3748 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
3749 MGMT_STATUS_INVALID_PARAMS);
ec109113 3750 }
2763eda6 3751
c19a495c 3752unlock:
09fd0de5 3753 hci_dev_unlock(hdev);
2763eda6
SJ		 3754 return err;
3755}
3756
bdb6d971 3757static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 3758 void *data, u16 len)
2763eda6 3759{
650f726d 3760 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 3761 u8 status;
2763eda6
SJ		 3762 int err;
3763
bdb6d971 3764 BT_DBG("%s", hdev->name);
2763eda6 3765
c19a495c 3766 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 3767 return mgmt_cmd_complete(sk, hdev->id,
3768 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3769 MGMT_STATUS_INVALID_PARAMS,
3770 &cp->addr, sizeof(cp->addr));
c19a495c 3771
09fd0de5 3772 hci_dev_lock(hdev);
2763eda6 3773
eedbd581
JH		 3774 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
3775 hci_remote_oob_data_clear(hdev);
3776 status = MGMT_STATUS_SUCCESS;
3777 goto done;
3778 }
3779
6928a924 3780 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 3781 if (err < 0)
bf1e3541 3782 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 3783 else
a6785be2 3784 status = MGMT_STATUS_SUCCESS;
bf1e3541 3785
eedbd581 3786done:
2a1afb5a
JH		 3787 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
3788 status, &cp->addr, sizeof(cp->addr));
2763eda6 3789
09fd0de5 3790 hci_dev_unlock(hdev);
2763eda6
SJ		 3791 return err;
3792}
3793
e68f072b 3794void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 3795{
3b0602cd 3796 struct mgmt_pending_cmd *cmd;
ae55f598 3797
7c307720
AG		 3798 BT_DBG("status %d", status);
3799
11e6e25d 3800 hci_dev_lock(hdev);
41dc2bd6 3801
333ae95d 3802 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 3803 if (!cmd)
333ae95d 3804 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 3805
78b781ca
JH		 3806 if (!cmd)
3807 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
3808
11e6e25d 3809 if (cmd) {
2922a94f 3810 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 3811 mgmt_pending_remove(cmd);
3812 }
7c307720 3813
11e6e25d 3814 hci_dev_unlock(hdev);
7c307720
AG		 3815}
3816
591752af
JH		 3817static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
3818 uint8_t *mgmt_status)
3819{
3820 switch (type) {
3821 case DISCOV_TYPE_LE:
3822 *mgmt_status = mgmt_le_support(hdev);
3823 if (*mgmt_status)
3824 return false;
3825 break;
3826 case DISCOV_TYPE_INTERLEAVED:
3827 *mgmt_status = mgmt_le_support(hdev);
3828 if (*mgmt_status)
3829 return false;
3830 /* Intentional fall-through */
3831 case DISCOV_TYPE_BREDR:
3832 *mgmt_status = mgmt_bredr_support(hdev);
3833 if (*mgmt_status)
3834 return false;
3835 break;
3836 default:
3837 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
3838 return false;
3839 }
3840
3841 return true;
3842}
3843
78b781ca
JH		 3844static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
3845 u16 op, void *data, u16 len)
14a53664 3846{
650f726d 3847 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 3848 struct mgmt_pending_cmd *cmd;
8019044d 3849 u8 status;
14a53664
JH		 3850 int err;
3851
bdb6d971 3852 BT_DBG("%s", hdev->name);
14a53664 3853
09fd0de5 3854 hci_dev_lock(hdev);
14a53664 3855
4b34ee78 3856 if (!hdev_is_powered(hdev)) {
78b781ca 3857 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 3858 MGMT_STATUS_NOT_POWERED,
3859 &cp->type, sizeof(cp->type));
bd2d1334
JH		 3860 goto failed;
3861 }
3862
f5a969f2 3863 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3864 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 3865 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
3866 &cp->type, sizeof(cp->type));
642be6c7
AG		 3867 goto failed;
3868 }
3869
591752af 3870 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 3871 err = mgmt_cmd_complete(sk, hdev->id, op, status,
3872 &cp->type, sizeof(cp->type));
591752af
JH		 3873 goto failed;
3874 }
3875
22078800
MH		 3876 /* Clear the discovery filter first to free any previously
3877 * allocated memory for the UUID list.
3878 */
3879 hci_discovery_filter_clear(hdev);
3880
4aab14e5 3881 hdev->discovery.type = cp->type;
da25cf6a 3882 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 3883 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
3884 hdev->discovery.limited = true;
3885 else
3886 hdev->discovery.limited = false;
4aab14e5 3887
78b781ca 3888 cmd = mgmt_pending_add(sk, op, hdev, data, len);
e68f072b
JH		 3889 if (!cmd) {
3890 err = -ENOMEM;
04106755 3891 goto failed;
f39799f5 3892 }
04106755 3893
e68f072b 3894 cmd->cmd_complete = generic_cmd_complete;
7c307720 3895
f5a969f2 3896 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 3897 queue_work(hdev->req_workqueue, &hdev->discov_update);
3898 err = 0;
7c307720 3899
14a53664 3900failed:
09fd0de5 3901 hci_dev_unlock(hdev);
14a53664
JH		 3902 return err;
3903}
f39799f5 3904
78b781ca
JH		 3905static int start_discovery(struct sock *sk, struct hci_dev *hdev,
3906 void *data, u16 len)
3907{
3908 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
3909 data, len);
3910}
3911
3912static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
3913 void *data, u16 len)
3914{
3915 return start_discovery_internal(sk, hdev,
3916 MGMT_OP_START_LIMITED_DISCOVERY,
3917 data, len);
3918}
3919
3b0602cd
JH		 3920static int service_discovery_cmd_complete(struct mgmt_pending_cmd *cmd,
3921 u8 status)
2922a94f 3922{
2a1afb5a
JH		 3923 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
3924 cmd->param, 1);
2922a94f 3925}
04106755 3926
66ea9427
JP		 3927static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
3928 void *data, u16 len)
3929{
3930 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 3931 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 3932 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
3933 u16 uuid_count, expected_len;
3934 u8 status;
3935 int err;
04106755 3936
66ea9427 3937 BT_DBG("%s", hdev->name);
e8bb6b97 3938
66ea9427 3939 hci_dev_lock(hdev);
7c307720 3940
66ea9427 3941 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3942 err = mgmt_cmd_complete(sk, hdev->id,
3943 MGMT_OP_START_SERVICE_DISCOVERY,
3944 MGMT_STATUS_NOT_POWERED,
3945 &cp->type, sizeof(cp->type));
66ea9427
JP		 3946 goto failed;
3947 }
7c307720 3948
66ea9427 3949 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 3950 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
2a1afb5a
JH		 3951 err = mgmt_cmd_complete(sk, hdev->id,
3952 MGMT_OP_START_SERVICE_DISCOVERY,
3953 MGMT_STATUS_BUSY, &cp->type,
3954 sizeof(cp->type));
66ea9427
JP		 3955 goto failed;
3956 }
d9483943 3957
66ea9427
JP		 3958 uuid_count = __le16_to_cpu(cp->uuid_count);
3959 if (uuid_count > max_uuid_count) {
2064ee33
MH		 3960 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
3961 uuid_count);
2a1afb5a
JH		 3962 err = mgmt_cmd_complete(sk, hdev->id,
3963 MGMT_OP_START_SERVICE_DISCOVERY,
3964 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3965 sizeof(cp->type));
66ea9427
JP		 3966 goto failed;
3967 }
3968
3969 expected_len = sizeof(*cp) + uuid_count * 16;
3970 if (expected_len != len) {
2064ee33
MH		 3971 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
3972 expected_len, len);
2a1afb5a
JH		 3973 err = mgmt_cmd_complete(sk, hdev->id,
3974 MGMT_OP_START_SERVICE_DISCOVERY,
3975 MGMT_STATUS_INVALID_PARAMS, &cp->type,
3976 sizeof(cp->type));
66ea9427
JP		 3977 goto failed;
3978 }
3979
591752af
JH		 3980 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
3981 err = mgmt_cmd_complete(sk, hdev->id,
3982 MGMT_OP_START_SERVICE_DISCOVERY,
3983 status, &cp->type, sizeof(cp->type));
3984 goto failed;
3985 }
3986
66ea9427 3987 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 3988 hdev, data, len);
66ea9427
JP		 3989 if (!cmd) {
3990 err = -ENOMEM;
3991 goto failed;
3992 }
3993
2922a94f
JH		 3994 cmd->cmd_complete = service_discovery_cmd_complete;
3995
22078800
MH		 3996 /* Clear the discovery filter first to free any previously
3997 * allocated memory for the UUID list.
3998 */
3999 hci_discovery_filter_clear(hdev);
4000
82f8b651 4001 hdev->discovery.result_filtering = true;
66ea9427
JP		 4002 hdev->discovery.type = cp->type;
4003 hdev->discovery.rssi = cp->rssi;
4004 hdev->discovery.uuid_count = uuid_count;
4005
4006 if (uuid_count > 0) {
4007 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
4008 GFP_KERNEL);
4009 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 4010 err = mgmt_cmd_complete(sk, hdev->id,
4011 MGMT_OP_START_SERVICE_DISCOVERY,
4012 MGMT_STATUS_FAILED,
4013 &cp->type, sizeof(cp->type));
d9483943
JH		 4014 mgmt_pending_remove(cmd);
4015 goto failed;
4016 }
66ea9427 4017 }
d9483943 4018
66ea9427 4019 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
e68f072b
JH		 4020 queue_work(hdev->req_workqueue, &hdev->discov_update);
4021 err = 0;
14a53664
JH		 4022
4023failed:
09fd0de5 4024 hci_dev_unlock(hdev);
14a53664
JH		 4025 return err;
4026}
4027
2154d3f4 4028void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 4029{
3b0602cd 4030 struct mgmt_pending_cmd *cmd;
1183fdca 4031
0e05bba6
AG		 4032 BT_DBG("status %d", status);
4033
4034 hci_dev_lock(hdev);
4035
333ae95d 4036 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 4037 if (cmd) {
2922a94f 4038 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 4039 mgmt_pending_remove(cmd);
0e05bba6
AG		 4040 }
4041
0e05bba6
AG		 4042 hci_dev_unlock(hdev);
4043}
4044
bdb6d971 4045static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4046 u16 len)
14a53664 4047{
d930650b 4048 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 4049 struct mgmt_pending_cmd *cmd;
14a53664
JH		 4050 int err;
4051
bdb6d971 4052 BT_DBG("%s", hdev->name);
14a53664 4053
09fd0de5 4054 hci_dev_lock(hdev);
14a53664 4055
30dc78e1 4056 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4057 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4058 MGMT_STATUS_REJECTED, &mgmt_cp->type,
4059 sizeof(mgmt_cp->type));
d930650b
JH		 4060 goto unlock;
4061 }
4062
4063 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 4064 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
4065 MGMT_STATUS_INVALID_PARAMS,
4066 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 4067 goto unlock;
ff9ef578
JH		 4068 }
4069
2922a94f 4070 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 4071 if (!cmd) {
4072 err = -ENOMEM;
30dc78e1
JH		 4073 goto unlock;
4074 }
4075
2922a94f
JH		 4076 cmd->cmd_complete = generic_cmd_complete;
4077
2154d3f4
JH		 4078 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
4079 queue_work(hdev->req_workqueue, &hdev->discov_update);
4080 err = 0;
14a53664 4081
30dc78e1 4082unlock:
09fd0de5 4083 hci_dev_unlock(hdev);
14a53664
JH		 4084 return err;
4085}
4086
bdb6d971 4087static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4088 u16 len)
561aafbc 4089{
650f726d 4090 struct mgmt_cp_confirm_name *cp = data;
561aafbc 4091 struct inquiry_entry *e;
561aafbc
JH		 4092 int err;
4093
bdb6d971 4094 BT_DBG("%s", hdev->name);
561aafbc 4095
561aafbc
JH		 4096 hci_dev_lock(hdev);
4097
30dc78e1 4098 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 4099 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4100 MGMT_STATUS_FAILED, &cp->addr,
4101 sizeof(cp->addr));
30dc78e1
JH		 4102 goto failed;
4103 }
4104
a198e7b1 4105 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 4106 if (!e) {
2a1afb5a
JH		 4107 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
4108 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
4109 sizeof(cp->addr));
561aafbc
JH		 4110 goto failed;
4111 }
4112
4113 if (cp->name_known) {
4114 e->name_state = NAME_KNOWN;
4115 list_del(&e->list);
4116 } else {
4117 e->name_state = NAME_NEEDED;
a3d4e20a 4118 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 4119 }
4120
2a1afb5a
JH		 4121 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
4122 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 4123
4124failed:
4125 hci_dev_unlock(hdev);
561aafbc
JH		 4126 return err;
4127}
4128
bdb6d971 4129static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4130 u16 len)
7fbec224 4131{
650f726d 4132 struct mgmt_cp_block_device *cp = data;
f0eeea8b 4133 u8 status;
7fbec224
AJ		 4134 int err;
4135
bdb6d971 4136 BT_DBG("%s", hdev->name);
7fbec224 4137
4ee71b20 4138 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4139 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
4140 MGMT_STATUS_INVALID_PARAMS,
4141 &cp->addr, sizeof(cp->addr));
4ee71b20 4142
09fd0de5 4143 hci_dev_lock(hdev);
5e762444 4144
dcc36c16
JH		 4145 err = hci_bdaddr_list_add(&hdev->blacklist, &cp->addr.bdaddr,
4146 cp->addr.type);
2a8357f2 4147 if (err < 0) {
f0eeea8b 4148 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 4149 goto done;
4150 }
4151
4152 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4153 sk);
4154 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4155
2a8357f2 4156done:
2a1afb5a
JH		 4157 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
4158 &cp->addr, sizeof(cp->addr));
5e762444 4159
09fd0de5 4160 hci_dev_unlock(hdev);
7fbec224
AJ		 4161
4162 return err;
4163}
4164
bdb6d971 4165static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 4166 u16 len)
7fbec224 4167{
650f726d 4168 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 4169 u8 status;
7fbec224
AJ		 4170 int err;
4171
bdb6d971 4172 BT_DBG("%s", hdev->name);
7fbec224 4173
4ee71b20 4174 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 4175 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
4176 MGMT_STATUS_INVALID_PARAMS,
4177 &cp->addr, sizeof(cp->addr));
4ee71b20 4178
09fd0de5 4179 hci_dev_lock(hdev);
5e762444 4180
dcc36c16
JH		 4181 err = hci_bdaddr_list_del(&hdev->blacklist, &cp->addr.bdaddr,
4182 cp->addr.type);
2a8357f2 4183 if (err < 0) {
f0eeea8b 4184 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 4185 goto done;
4186 }
4187
4188 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
4189 sk);
4190 status = MGMT_STATUS_SUCCESS;
f0eeea8b 4191
2a8357f2 4192done:
2a1afb5a
JH		 4193 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
4194 &cp->addr, sizeof(cp->addr));
5e762444 4195
09fd0de5 4196 hci_dev_unlock(hdev);
7fbec224
AJ		 4197
4198 return err;
4199}
4200
cdbaccca
MH		 4201static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
4202 u16 len)
4203{
4204 struct mgmt_cp_set_device_id *cp = data;
890ea898 4205 struct hci_request req;
cdbaccca 4206 int err;
c72d4b8a 4207 __u16 source;
cdbaccca
MH		 4208
4209 BT_DBG("%s", hdev->name);
4210
c72d4b8a
SJ		 4211 source = __le16_to_cpu(cp->source);
4212
4213 if (source > 0x0002)
a69e8375
JH		 4214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
4215 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 4216
cdbaccca
MH		 4217 hci_dev_lock(hdev);
4218
c72d4b8a 4219 hdev->devid_source = source;
cdbaccca
MH		 4220 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
4221 hdev->devid_product = __le16_to_cpu(cp->product);
4222 hdev->devid_version = __le16_to_cpu(cp->version);
4223
2a1afb5a
JH		 4224 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
4225 NULL, 0);
cdbaccca 4226
890ea898 4227 hci_req_init(&req, hdev);
b1a8917c 4228 __hci_req_update_eir(&req);
890ea898 4229 hci_req_run(&req, NULL);
cdbaccca
MH		 4230
4231 hci_dev_unlock(hdev);
4232
4233 return err;
4234}
4235
24b4f38f
AU		 4236static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
4237 u16 opcode)
4238{
4239 BT_DBG("status %d", status);
4240}
4241
1904a853
MH		 4242static void set_advertising_complete(struct hci_dev *hdev, u8 status,
4243 u16 opcode)
4375f103
JH		 4244{
4245 struct cmd_lookup match = { NULL, hdev };
24b4f38f 4246 struct hci_request req;
7816b820
FG		 4247 u8 instance;
4248 struct adv_info *adv_instance;
4249 int err;
4375f103 4250
3ad67582
JK		 4251 hci_dev_lock(hdev);
4252
4375f103
JH		 4253 if (status) {
4254 u8 mgmt_err = mgmt_status(status);
4255
4256 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
4257 cmd_status_rsp, &mgmt_err);
3ad67582 4258 goto unlock;
4375f103
JH		 4259 }
4260
d7a5a11d 4261 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 4262 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 4263 else
a358dc11 4264 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 4265
4375f103
JH		 4266 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
4267 &match);
4268
4269 new_settings(hdev, match.sk);
4270
4271 if (match.sk)
4272 sock_put(match.sk);
3ad67582 4273
24b4f38f 4274 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 4275 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 4276 */
4277 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 4278 list_empty(&hdev->adv_instances))
24b4f38f
AU		 4279 goto unlock;
4280
7816b820
FG		 4281 instance = hdev->cur_adv_instance;
4282 if (!instance) {
4283 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
4284 struct adv_info, list);
4285 if (!adv_instance)
4286 goto unlock;
4287
4288 instance = adv_instance->instance;
4289 }
4290
24b4f38f
AU		 4291 hci_req_init(&req, hdev);
4292
f2252570 4293 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 4294
4295 if (!err)
4296 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 4297
7816b820 4298 if (err)
2064ee33 4299 bt_dev_err(hdev, "failed to re-configure advertising");
24b4f38f 4300
3ad67582
JK		 4301unlock:
4302 hci_dev_unlock(hdev);
4375f103
JH		 4303}
4304
21b5187f
MH		 4305static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
4306 u16 len)
4375f103
JH		 4307{
4308 struct mgmt_mode *cp = data;
3b0602cd 4309 struct mgmt_pending_cmd *cmd;
4375f103 4310 struct hci_request req;
cc91cb04 4311 u8 val, status;
4375f103
JH		 4312 int err;
4313
4314 BT_DBG("request for %s", hdev->name);
4315
e6fe7986
JH		 4316 status = mgmt_le_support(hdev);
4317 if (status)
a69e8375
JH		 4318 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4319 status);
4375f103 4320
cc91cb04 4321 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4322 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4323 MGMT_STATUS_INVALID_PARAMS);
4375f103
JH		 4324
4325 hci_dev_lock(hdev);
4326
4327 val = !!cp->val;
4375f103 4328
f74ca9b8
JH		 4329 /* The following conditions are ones which mean that we should
4330 * not do any HCI communication but directly send a mgmt
4331 * response to user space (after toggling the flag if
4332 * necessary).
4333 */
cc91cb04 4334 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 4335 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
4336 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 4337 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 4338 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 4339 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 4340 bool changed;
4375f103 4341
cc91cb04 4342 if (cp->val) {
cab054ab 4343 hdev->cur_adv_instance = 0x00;
238be788 4344 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 4345 if (cp->val == 0x02)
a1536da2 4346 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4347 else
a358dc11 4348 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4349 } else {
a69d8927 4350 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 4351 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 4352 }
4353
4354 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
4355 if (err < 0)
4356 goto unlock;
4357
4358 if (changed)
4359 err = new_settings(hdev, sk);
4360
4361 goto unlock;
4362 }
4363
333ae95d
JH		 4364 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
4365 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 4366 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
4367 MGMT_STATUS_BUSY);
4375f103
JH		 4368 goto unlock;
4369 }
4370
4371 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
4372 if (!cmd) {
4373 err = -ENOMEM;
4374 goto unlock;
4375 }
4376
4377 hci_req_init(&req, hdev);
4378
cc91cb04 4379 if (cp->val == 0x02)
a1536da2 4380 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4381 else
a358dc11 4382 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 4383
7816b820
FG		 4384 cancel_adv_timeout(hdev);
4385
24b4f38f 4386 if (val) {
7816b820
FG		 4387 /* Switch to instance "0" for the Set Advertising setting.
4388 * We cannot use update_[adv|scan_rsp]_data() here as the
4389 * HCI_ADVERTISING flag is not yet set.
4390 */
cab054ab 4391 hdev->cur_adv_instance = 0x00;
de181e88
JK		 4392
4393 if (ext_adv_capable(hdev)) {
4394 __hci_req_start_ext_adv(&req, 0x00);
4395 } else {
4396 __hci_req_update_adv_data(&req, 0x00);
4397 __hci_req_update_scan_rsp_data(&req, 0x00);
4398 __hci_req_enable_advertising(&req);
4399 }
24b4f38f 4400 } else {
f2252570 4401 __hci_req_disable_advertising(&req);
24b4f38f 4402 }
4375f103
JH		 4403
4404 err = hci_req_run(&req, set_advertising_complete);
4405 if (err < 0)
4406 mgmt_pending_remove(cmd);
4407
4408unlock:
4409 hci_dev_unlock(hdev);
4410 return err;
4411}
4412
d13eafce
MH		 4413static int set_static_address(struct sock *sk, struct hci_dev *hdev,
4414 void *data, u16 len)
4415{
4416 struct mgmt_cp_set_static_address *cp = data;
4417 int err;
4418
4419 BT_DBG("%s", hdev->name);
4420
62af4443 4421 if (!lmp_le_capable(hdev))
a69e8375
JH		 4422 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4423 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 4424
4425 if (hdev_is_powered(hdev))
a69e8375
JH		 4426 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
4427 MGMT_STATUS_REJECTED);
d13eafce
MH		 4428
4429 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
4430 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 4431 return mgmt_cmd_status(sk, hdev->id,
4432 MGMT_OP_SET_STATIC_ADDRESS,
4433 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4434
4435 /* Two most significant bits shall be set */
4436 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 4437 return mgmt_cmd_status(sk, hdev->id,
4438 MGMT_OP_SET_STATIC_ADDRESS,
4439 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 4440 }
4441
4442 hci_dev_lock(hdev);
4443
4444 bacpy(&hdev->static_addr, &cp->bdaddr);
4445
93690c22
MH		 4446 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
4447 if (err < 0)
4448 goto unlock;
4449
4450 err = new_settings(hdev, sk);
d13eafce 4451
93690c22 4452unlock:
d13eafce 4453 hci_dev_unlock(hdev);
d13eafce
MH		 4454 return err;
4455}
4456
14b49b9a
MH		 4457static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
4458 void *data, u16 len)
4459{
4460 struct mgmt_cp_set_scan_params *cp = data;
4461 __u16 interval, window;
4462 int err;
4463
4464 BT_DBG("%s", hdev->name);
4465
4466 if (!lmp_le_capable(hdev))
a69e8375
JH		 4467 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4468 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 4469
4470 interval = __le16_to_cpu(cp->interval);
4471
4472 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 4473 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4474 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 4475
4476 window = __le16_to_cpu(cp->window);
4477
4478 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 4479 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4480 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 4481
899e1075 4482 if (window > interval)
a69e8375
JH		 4483 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
4484 MGMT_STATUS_INVALID_PARAMS);
899e1075 4485
14b49b9a
MH		 4486 hci_dev_lock(hdev);
4487
4488 hdev->le_scan_interval = interval;
4489 hdev->le_scan_window = window;
4490
2a1afb5a
JH		 4491 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
4492 NULL, 0);
14b49b9a 4493
dd2ef8e2
AG		 4494 /* If background scan is running, restart it so new parameters are
4495 * loaded.
4496 */
d7a5a11d 4497 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
dd2ef8e2
AG		 4498 hdev->discovery.state == DISCOVERY_STOPPED) {
4499 struct hci_request req;
4500
4501 hci_req_init(&req, hdev);
4502
4503 hci_req_add_le_scan_disable(&req);
4504 hci_req_add_le_passive_scan(&req);
4505
4506 hci_req_run(&req, NULL);
4507 }
4508
14b49b9a
MH		 4509 hci_dev_unlock(hdev);
4510
4511 return err;
4512}
4513
1904a853
MH		 4514static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
4515 u16 opcode)
33e38b3e 4516{
3b0602cd 4517 struct mgmt_pending_cmd *cmd;
33e38b3e
JH		 4518
4519 BT_DBG("status 0x%02x", status);
4520
4521 hci_dev_lock(hdev);
4522
333ae95d 4523 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 4524 if (!cmd)
4525 goto unlock;
4526
4527 if (status) {
a69e8375
JH		 4528 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4529 mgmt_status(status));
33e38b3e 4530 } else {
1a4d3c4b
JH		 4531 struct mgmt_mode *cp = cmd->param;
4532
4533 if (cp->val)
a1536da2 4534 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4535 else
a358dc11 4536 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 4537
33e38b3e
JH		 4538 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
4539 new_settings(hdev, cmd->sk);
4540 }
4541
4542 mgmt_pending_remove(cmd);
4543
4544unlock:
4545 hci_dev_unlock(hdev);
4546}
4547
bdb6d971 4548static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 4549 void *data, u16 len)
f6422ec6 4550{
650f726d 4551 struct mgmt_mode *cp = data;
3b0602cd 4552 struct mgmt_pending_cmd *cmd;
33e38b3e 4553 struct hci_request req;
f6422ec6
AJ		 4554 int err;
4555
bdb6d971 4556 BT_DBG("%s", hdev->name);
f6422ec6 4557
d7a5a11d 4558 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 4559 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 4560 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4561 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 4562
a7e80f25 4563 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4564 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4565 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 4566
f6422ec6
AJ		 4567 hci_dev_lock(hdev);
4568
333ae95d 4569 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 4570 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4571 MGMT_STATUS_BUSY);
05cbf29f
JH		 4572 goto unlock;
4573 }
4574
d7a5a11d 4575 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 4576 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4577 hdev);
4578 goto unlock;
4579 }
4580
406ef2a6 4581 if (!hdev_is_powered(hdev)) {
ce05d603 4582 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 4583 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
4584 hdev);
4585 new_settings(hdev, sk);
4586 goto unlock;
4587 }
4588
33e38b3e
JH		 4589 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
4590 data, len);
4591 if (!cmd) {
4592 err = -ENOMEM;
4593 goto unlock;
f6422ec6
AJ		 4594 }
4595
33e38b3e
JH		 4596 hci_req_init(&req, hdev);
4597
bf943cbf 4598 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 4599
4600 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 4601 if (err < 0) {
a69e8375
JH		 4602 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
4603 MGMT_STATUS_FAILED);
33e38b3e 4604 mgmt_pending_remove(cmd);
f6422ec6
AJ		 4605 }
4606
33e38b3e 4607unlock:
f6422ec6 4608 hci_dev_unlock(hdev);
33e38b3e 4609
f6422ec6
AJ		 4610 return err;
4611}
4612
1904a853 4613static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 4614{
3b0602cd 4615 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4616
4617 BT_DBG("status 0x%02x", status);
4618
4619 hci_dev_lock(hdev);
4620
333ae95d 4621 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 4622 if (!cmd)
4623 goto unlock;
4624
4625 if (status) {
4626 u8 mgmt_err = mgmt_status(status);
4627
4628 /* We need to restore the flag if related HCI commands
4629 * failed.
4630 */
a358dc11 4631 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 4632
a69e8375 4633 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 4634 } else {
4635 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
4636 new_settings(hdev, cmd->sk);
4637 }
4638
4639 mgmt_pending_remove(cmd);
4640
4641unlock:
4642 hci_dev_unlock(hdev);
4643}
4644
4645static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
4646{
4647 struct mgmt_mode *cp = data;
3b0602cd 4648 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 4649 struct hci_request req;
4650 int err;
4651
4652 BT_DBG("request for %s", hdev->name);
4653
4654 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 4655 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4656 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 4657
d7a5a11d 4658 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4659 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4660 MGMT_STATUS_REJECTED);
0663ca2a
JH		 4661
4662 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 4663 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4664 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 4665
4666 hci_dev_lock(hdev);
4667
d7a5a11d 4668 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 4669 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4670 goto unlock;
4671 }
4672
4673 if (!hdev_is_powered(hdev)) {
4674 if (!cp->val) {
a358dc11
MH		 4675 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
4676 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
4677 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
4678 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
4679 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 4680 }
4681
ce05d603 4682 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4683
4684 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
4685 if (err < 0)
4686 goto unlock;
4687
4688 err = new_settings(hdev, sk);
4689 goto unlock;
4690 }
4691
4692 /* Reject disabling when powered on */
4693 if (!cp->val) {
a69e8375
JH		 4694 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4695 MGMT_STATUS_REJECTED);
0663ca2a 4696 goto unlock;
111e4bcc
MH		 4697 } else {
4698 /* When configuring a dual-mode controller to operate
4699 * with LE only and using a static address, then switching
4700 * BR/EDR back on is not allowed.
4701 *
4702 * Dual-mode controllers shall operate with the public
4703 * address as its identity address for BR/EDR and LE. So
4704 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 4705 *
4706 * The same restrictions applies when secure connections
4707 * has been enabled. For BR/EDR this is a controller feature
4708 * while for LE it is a host stack feature. This means that
4709 * switching BR/EDR back on when secure connections has been
4710 * enabled is not a supported transaction.
111e4bcc 4711 */
d7a5a11d 4712 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 4713 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 4714 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 4715 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4716 MGMT_STATUS_REJECTED);
111e4bcc
MH		 4717 goto unlock;
4718 }
0663ca2a
JH		 4719 }
4720
333ae95d 4721 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 4722 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
4723 MGMT_STATUS_BUSY);
0663ca2a
JH		 4724 goto unlock;
4725 }
4726
4727 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
4728 if (!cmd) {
4729 err = -ENOMEM;
4730 goto unlock;
4731 }
4732
f2252570
JH		 4733 /* We need to flip the bit already here so that
4734 * hci_req_update_adv_data generates the correct flags.
0663ca2a 4735 */
a1536da2 4736 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 4737
4738 hci_req_init(&req, hdev);
aa8af46e 4739
bf943cbf 4740 __hci_req_write_fast_connectable(&req, false);
01b1cb87 4741 __hci_req_update_scan(&req);
aa8af46e 4742
f14d8f64
MH		 4743 /* Since only the advertising data flags will change, there
4744 * is no need to update the scan response data.
4745 */
cab054ab 4746 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
aa8af46e 4747
0663ca2a
JH		 4748 err = hci_req_run(&req, set_bredr_complete);
4749 if (err < 0)
4750 mgmt_pending_remove(cmd);
4751
4752unlock:
4753 hci_dev_unlock(hdev);
4754 return err;
4755}
4756
a1443f5a
JH		 4757static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
4758{
3b0602cd 4759 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 4760 struct mgmt_mode *cp;
4761
4762 BT_DBG("%s status %u", hdev->name, status);
4763
4764 hci_dev_lock(hdev);
4765
333ae95d 4766 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 4767 if (!cmd)
4768 goto unlock;
4769
4770 if (status) {
a69e8375
JH		 4771 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
4772 mgmt_status(status));
a1443f5a
JH		 4773 goto remove;
4774 }
4775
4776 cp = cmd->param;
4777
4778 switch (cp->val) {
4779 case 0x00:
a358dc11
MH		 4780 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
4781 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4782 break;
4783 case 0x01:
a1536da2 4784 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 4785 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4786 break;
4787 case 0x02:
a1536da2
MH		 4788 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
4789 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 4790 break;
4791 }
4792
4793 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
4794 new_settings(hdev, cmd->sk);
4795
4796remove:
4797 mgmt_pending_remove(cmd);
4798unlock:
4799 hci_dev_unlock(hdev);
4800}
4801
eac83dc6
MH		 4802static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
4803 void *data, u16 len)
4804{
4805 struct mgmt_mode *cp = data;
3b0602cd 4806 struct mgmt_pending_cmd *cmd;
a1443f5a 4807 struct hci_request req;
a3209694 4808 u8 val;
eac83dc6
MH		 4809 int err;
4810
4811 BT_DBG("request for %s", hdev->name);
4812
05b3c3e7 4813 if (!lmp_sc_capable(hdev) &&
d7a5a11d 4814 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 4815 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4816 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 4817
d7a5a11d 4818 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 4819 lmp_sc_capable(hdev) &&
d7a5a11d 4820 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 4821 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4822 MGMT_STATUS_REJECTED);
ed93ec69 4823
0ab04a9c 4824 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 4825 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 4826 MGMT_STATUS_INVALID_PARAMS);
4827
4828 hci_dev_lock(hdev);
4829
05b3c3e7 4830 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 4831 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 4832 bool changed;
4833
0ab04a9c 4834 if (cp->val) {
238be788
MH		 4835 changed = !hci_dev_test_and_set_flag(hdev,
4836 HCI_SC_ENABLED);
0ab04a9c 4837 if (cp->val == 0x02)
a1536da2 4838 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4839 else
a358dc11 4840 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4841 } else {
a69d8927
MH		 4842 changed = hci_dev_test_and_clear_flag(hdev,
4843 HCI_SC_ENABLED);
a358dc11 4844 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 4845 }
eac83dc6
MH		 4846
4847 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4848 if (err < 0)
4849 goto failed;
4850
4851 if (changed)
4852 err = new_settings(hdev, sk);
4853
4854 goto failed;
4855 }
4856
333ae95d 4857 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 4858 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
4859 MGMT_STATUS_BUSY);
eac83dc6
MH		 4860 goto failed;
4861 }
4862
0ab04a9c
MH		 4863 val = !!cp->val;
4864
d7a5a11d
MH		 4865 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
4866 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 4867 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
4868 goto failed;
4869 }
4870
4871 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
4872 if (!cmd) {
4873 err = -ENOMEM;
4874 goto failed;
4875 }
4876
a1443f5a
JH		 4877 hci_req_init(&req, hdev);
4878 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
4879 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 4880 if (err < 0) {
4881 mgmt_pending_remove(cmd);
4882 goto failed;
4883 }
4884
4885failed:
4886 hci_dev_unlock(hdev);
4887 return err;
4888}
4889
4e39ac81
MH		 4890static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
4891 void *data, u16 len)
4892{
4893 struct mgmt_mode *cp = data;
b9710979 4894 bool changed, use_changed;
4e39ac81
MH		 4895 int err;
4896
4897 BT_DBG("request for %s", hdev->name);
4898
b9710979 4899 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 4900 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
4901 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 4902
4903 hci_dev_lock(hdev);
4904
4905 if (cp->val)
238be788 4906 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 4907 else
a69d8927
MH		 4908 changed = hci_dev_test_and_clear_flag(hdev,
4909 HCI_KEEP_DEBUG_KEYS);
4e39ac81 4910
b9710979 4911 if (cp->val == 0x02)
238be788
MH		 4912 use_changed = !hci_dev_test_and_set_flag(hdev,
4913 HCI_USE_DEBUG_KEYS);
b9710979 4914 else
a69d8927
MH		 4915 use_changed = hci_dev_test_and_clear_flag(hdev,
4916 HCI_USE_DEBUG_KEYS);
b9710979
JH		 4917
4918 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 4919 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 4920 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
4921 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
4922 sizeof(mode), &mode);
4923 }
4924
4e39ac81
MH		 4925 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
4926 if (err < 0)
4927 goto unlock;
4928
4929 if (changed)
4930 err = new_settings(hdev, sk);
4931
4932unlock:
4933 hci_dev_unlock(hdev);
4934 return err;
4935}
4936
62b04cd1
JH		 4937static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
4938 u16 len)
4939{
4940 struct mgmt_cp_set_privacy *cp = cp_data;
4941 bool changed;
4942 int err;
4943
4944 BT_DBG("request for %s", hdev->name);
4945
4946 if (!lmp_le_capable(hdev))
a69e8375
JH		 4947 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4948 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 4949
82a37ade 4950 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 4951 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4952 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 4953
4954 if (hdev_is_powered(hdev))
a69e8375
JH		 4955 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
4956 MGMT_STATUS_REJECTED);
62b04cd1
JH		 4957
4958 hci_dev_lock(hdev);
4959
c21c0ea0
JH		 4960 /* If user space supports this command it is also expected to
4961 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
4962 */
a1536da2 4963 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 4964
62b04cd1 4965 if (cp->privacy) {
238be788 4966 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 4967 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 4968 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 4969 hci_adv_instances_set_rpa_expired(hdev, true);
82a37ade
JH		 4970 if (cp->privacy == 0x02)
4971 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
4972 else
4973 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 4974 } else {
a69d8927 4975 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 4976 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 4977 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 4978 hci_adv_instances_set_rpa_expired(hdev, false);
82a37ade 4979 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 4980 }
4981
4982 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
4983 if (err < 0)
4984 goto unlock;
4985
4986 if (changed)
4987 err = new_settings(hdev, sk);
4988
4989unlock:
4990 hci_dev_unlock(hdev);
4991 return err;
4992}
4993
41edf160
JH		 4994static bool irk_is_valid(struct mgmt_irk_info *irk)
4995{
4996 switch (irk->addr.type) {
4997 case BDADDR_LE_PUBLIC:
4998 return true;
4999
5000 case BDADDR_LE_RANDOM:
5001 /* Two most significant bits shall be set */
5002 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5003 return false;
5004 return true;
5005 }
5006
5007 return false;
5008}
5009
5010static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
5011 u16 len)
5012{
5013 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 5014 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
5015 sizeof(struct mgmt_irk_info));
41edf160
JH		 5016 u16 irk_count, expected_len;
5017 int i, err;
5018
5019 BT_DBG("request for %s", hdev->name);
5020
5021 if (!lmp_le_capable(hdev))
a69e8375
JH		 5022 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5023 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 5024
5025 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936 5026 if (irk_count > max_irk_count) {
2064ee33
MH		 5027 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
5028 irk_count);
a69e8375
JH		 5029 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5030 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5031 }
41edf160
JH		 5032
5033 expected_len = sizeof(*cp) + irk_count * sizeof(struct mgmt_irk_info);
5034 if (expected_len != len) {
2064ee33
MH		 5035 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
5036 expected_len, len);
a69e8375
JH		 5037 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
5038 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5039 }
5040
5041 BT_DBG("%s irk_count %u", hdev->name, irk_count);
5042
5043 for (i = 0; i < irk_count; i++) {
5044 struct mgmt_irk_info *key = &cp->irks[i];
5045
5046 if (!irk_is_valid(key))
a69e8375
JH		 5047 return mgmt_cmd_status(sk, hdev->id,
5048 MGMT_OP_LOAD_IRKS,
5049 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 5050 }
5051
5052 hci_dev_lock(hdev);
5053
5054 hci_smp_irks_clear(hdev);
5055
5056 for (i = 0; i < irk_count; i++) {
5057 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 5058
85813a7e
JH		 5059 hci_add_irk(hdev, &irk->addr.bdaddr,
5060 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 5061 BDADDR_ANY);
5062 }
5063
a1536da2 5064 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 5065
2a1afb5a 5066 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 5067
5068 hci_dev_unlock(hdev);
5069
5070 return err;
5071}
5072
3f706b72
JH		 5073static bool ltk_is_valid(struct mgmt_ltk_info *key)
5074{
5075 if (key->master != 0x00 && key->master != 0x01)
5076 return false;
490cb0b3
MH		 5077
5078 switch (key->addr.type) {
5079 case BDADDR_LE_PUBLIC:
5080 return true;
5081
5082 case BDADDR_LE_RANDOM:
5083 /* Two most significant bits shall be set */
5084 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
5085 return false;
5086 return true;
5087 }
5088
5089 return false;
3f706b72
JH		 5090}
5091
bdb6d971 5092static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 5093 void *cp_data, u16 len)
346af67b 5094{
346af67b 5095 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 5096 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
5097 sizeof(struct mgmt_ltk_info));
346af67b 5098 u16 key_count, expected_len;
715a5bf2 5099 int i, err;
346af67b 5100
cf99ba13
MH		 5101 BT_DBG("request for %s", hdev->name);
5102
5103 if (!lmp_le_capable(hdev))
a69e8375
JH		 5104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5105 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 5106
1f350c87 5107 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 5108 if (key_count > max_key_count) {
2064ee33
MH		 5109 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
5110 key_count);
a69e8375
JH		 5111 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5112 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5113 }
346af67b
VCG		 5114
5115 expected_len = sizeof(*cp) + key_count *
5116 sizeof(struct mgmt_ltk_info);
5117 if (expected_len != len) {
2064ee33
MH		 5118 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
5119 expected_len, len);
a69e8375
JH		 5120 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
5121 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 5122 }
5123
bdb6d971 5124 BT_DBG("%s key_count %u", hdev->name, key_count);
346af67b 5125
54ad6d8a
JH		 5126 for (i = 0; i < key_count; i++) {
5127 struct mgmt_ltk_info *key = &cp->keys[i];
5128
3f706b72 5129 if (!ltk_is_valid(key))
a69e8375
JH		 5130 return mgmt_cmd_status(sk, hdev->id,
5131 MGMT_OP_LOAD_LONG_TERM_KEYS,
5132 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 5133 }
5134
346af67b
VCG		 5135 hci_dev_lock(hdev);
5136
5137 hci_smp_ltks_clear(hdev);
5138
5139 for (i = 0; i < key_count; i++) {
5140 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 5141 u8 type, authenticated;
346af67b 5142
61b43357
JH		 5143 switch (key->type) {
5144 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 5145 authenticated = 0x00;
23fb8de3 5146 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
61b43357
JH		 5147 break;
5148 case MGMT_LTK_AUTHENTICATED:
d7b25450 5149 authenticated = 0x01;
23fb8de3
JH		 5150 type = key->master ? SMP_LTK : SMP_LTK_SLAVE;
5151 break;
5152 case MGMT_LTK_P256_UNAUTH:
5153 authenticated = 0x00;
5154 type = SMP_LTK_P256;
61b43357 5155 break;
23fb8de3
JH		 5156 case MGMT_LTK_P256_AUTH:
5157 authenticated = 0x01;
5158 type = SMP_LTK_P256;
61b43357 5159 break;
23fb8de3
JH		 5160 case MGMT_LTK_P256_DEBUG:
5161 authenticated = 0x00;
5162 type = SMP_LTK_P256_DEBUG;
9ea47132 5163 /* fall through */
61b43357
JH		 5164 default:
5165 continue;
5166 }
d7b25450 5167
85813a7e
JH		 5168 hci_add_ltk(hdev, &key->addr.bdaddr,
5169 le_addr_type(key->addr.type), type, authenticated,
5170 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 5171 }
5172
2a1afb5a 5173 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 5174 NULL, 0);
5175
346af67b 5176 hci_dev_unlock(hdev);
346af67b 5177
715a5bf2 5178 return err;
346af67b
VCG		 5179}
5180
3b0602cd 5181static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 5182{
dd983808 5183 struct hci_conn *conn = cmd->user_data;
9981bdb0 5184 struct mgmt_rp_get_conn_info rp;
9df74653 5185 int err;
dd983808 5186
9981bdb0 5187 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 5188
9981bdb0 5189 if (status == MGMT_STATUS_SUCCESS) {
dd983808 5190 rp.rssi = conn->rssi;
9981bdb0
JH		 5191 rp.tx_power = conn->tx_power;
5192 rp.max_tx_power = conn->max_tx_power;
5193 } else {
5194 rp.rssi = HCI_RSSI_INVALID;
5195 rp.tx_power = HCI_TX_POWER_INVALID;
5196 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 5197 }
5198
2a1afb5a
JH		 5199 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
5200 status, &rp, sizeof(rp));
dd983808
AK		 5201
5202 hci_conn_drop(conn);
f8aaf9b6 5203 hci_conn_put(conn);
9df74653
JH		 5204
5205 return err;
dd983808
AK		 5206}
5207
1904a853
MH		 5208static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
5209 u16 opcode)
dd983808
AK		 5210{
5211 struct hci_cp_read_rssi *cp;
3b0602cd 5212 struct mgmt_pending_cmd *cmd;
dd983808 5213 struct hci_conn *conn;
dd983808 5214 u16 handle;
9981bdb0 5215 u8 status;
dd983808 5216
9981bdb0 5217 BT_DBG("status 0x%02x", hci_status);
dd983808
AK		 5218
5219 hci_dev_lock(hdev);
5220
dd983808
AK		 5221 /* Commands sent in request are either Read RSSI or Read Transmit Power
5222 * Level so we check which one was last sent to retrieve connection
5223 * handle. Both commands have handle as first parameter so it's safe to
5224 * cast data on the same command struct.
5225 *
5226 * First command sent is always Read RSSI and we fail only if it fails.
5227 * In other case we simply override error to indicate success as we
5228 * already remembered if TX power value is actually valid.
5229 */
5230 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
5231 if (!cp) {
5232 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 5233 status = MGMT_STATUS_SUCCESS;
5234 } else {
5235 status = mgmt_status(hci_status);
dd983808
AK		 5236 }
5237
5238 if (!cp) {
2064ee33 5239 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
dd983808
AK		 5240 goto unlock;
5241 }
5242
5243 handle = __le16_to_cpu(cp->handle);
5244 conn = hci_conn_hash_lookup_handle(hdev, handle);
5245 if (!conn) {
2064ee33
MH		 5246 bt_dev_err(hdev, "unknown handle (%d) in conn_info response",
5247 handle);
dd983808
AK		 5248 goto unlock;
5249 }
5250
333ae95d 5251 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 5252 if (!cmd)
5253 goto unlock;
dd983808 5254
9981bdb0
JH		 5255 cmd->cmd_complete(cmd, status);
5256 mgmt_pending_remove(cmd);
dd983808
AK		 5257
5258unlock:
5259 hci_dev_unlock(hdev);
5260}
5261
5262static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
5263 u16 len)
5264{
5265 struct mgmt_cp_get_conn_info *cp = data;
5266 struct mgmt_rp_get_conn_info rp;
5267 struct hci_conn *conn;
5268 unsigned long conn_info_age;
5269 int err = 0;
5270
5271 BT_DBG("%s", hdev->name);
5272
5273 memset(&rp, 0, sizeof(rp));
5274 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5275 rp.addr.type = cp->addr.type;
5276
5277 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5278 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5279 MGMT_STATUS_INVALID_PARAMS,
5280 &rp, sizeof(rp));
dd983808
AK		 5281
5282 hci_dev_lock(hdev);
5283
5284 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5285 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5286 MGMT_STATUS_NOT_POWERED, &rp,
5287 sizeof(rp));
dd983808
AK		 5288 goto unlock;
5289 }
5290
5291 if (cp->addr.type == BDADDR_BREDR)
5292 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5293 &cp->addr.bdaddr);
5294 else
5295 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
5296
5297 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5298 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5299 MGMT_STATUS_NOT_CONNECTED, &rp,
5300 sizeof(rp));
dd983808
AK		 5301 goto unlock;
5302 }
5303
333ae95d 5304 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 5305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5306 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 5307 goto unlock;
5308 }
5309
dd983808
AK		 5310 /* To avoid client trying to guess when to poll again for information we
5311 * calculate conn info age as random value between min/max set in hdev.
5312 */
5313 conn_info_age = hdev->conn_info_min_age +
5314 prandom_u32_max(hdev->conn_info_max_age -
5315 hdev->conn_info_min_age);
5316
5317 /* Query controller to refresh cached values if they are too old or were
5318 * never read.
5319 */
f4e2dd53
AK		 5320 if (time_after(jiffies, conn->conn_info_timestamp +
5321 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 5322 !conn->conn_info_timestamp) {
5323 struct hci_request req;
5324 struct hci_cp_read_tx_power req_txp_cp;
5325 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 5326 struct mgmt_pending_cmd *cmd;
dd983808
AK		 5327
5328 hci_req_init(&req, hdev);
5329 req_rssi_cp.handle = cpu_to_le16(conn->handle);
5330 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
5331 &req_rssi_cp);
5332
f7faab0c
AK		 5333 /* For LE links TX power does not change thus we don't need to
5334 * query for it once value is known.
5335 */
5336 if (!bdaddr_type_is_le(cp->addr.type) ||
5337 conn->tx_power == HCI_TX_POWER_INVALID) {
5338 req_txp_cp.handle = cpu_to_le16(conn->handle);
5339 req_txp_cp.type = 0x00;
5340 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5341 sizeof(req_txp_cp), &req_txp_cp);
5342 }
dd983808 5343
eed5daf3
AK		 5344 /* Max TX power needs to be read only once per connection */
5345 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
5346 req_txp_cp.handle = cpu_to_le16(conn->handle);
5347 req_txp_cp.type = 0x01;
5348 hci_req_add(&req, HCI_OP_READ_TX_POWER,
5349 sizeof(req_txp_cp), &req_txp_cp);
5350 }
5351
dd983808
AK		 5352 err = hci_req_run(&req, conn_info_refresh_complete);
5353 if (err < 0)
5354 goto unlock;
5355
5356 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
5357 data, len);
5358 if (!cmd) {
5359 err = -ENOMEM;
5360 goto unlock;
5361 }
5362
5363 hci_conn_hold(conn);
f8aaf9b6 5364 cmd->user_data = hci_conn_get(conn);
9981bdb0 5365 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 5366
5367 conn->conn_info_timestamp = jiffies;
5368 } else {
5369 /* Cache is valid, just reply with values cached in hci_conn */
5370 rp.rssi = conn->rssi;
5371 rp.tx_power = conn->tx_power;
eed5daf3 5372 rp.max_tx_power = conn->max_tx_power;
dd983808 5373
2a1afb5a
JH		 5374 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
5375 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 5376 }
5377
5378unlock:
5379 hci_dev_unlock(hdev);
5380 return err;
5381}
5382
3b0602cd 5383static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 5384{
69487371 5385 struct hci_conn *conn = cmd->user_data;
95868426 5386 struct mgmt_rp_get_clock_info rp;
69487371 5387 struct hci_dev *hdev;
9df74653 5388 int err;
69487371
JH		 5389
5390 memset(&rp, 0, sizeof(rp));
56f787c5 5391 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
69487371
JH		 5392
5393 if (status)
5394 goto complete;
5395
5396 hdev = hci_dev_get(cmd->index);
5397 if (hdev) {
5398 rp.local_clock = cpu_to_le32(hdev->clock);
5399 hci_dev_put(hdev);
5400 }
5401
5402 if (conn) {
5403 rp.piconet_clock = cpu_to_le32(conn->clock);
5404 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
5405 }
5406
5407complete:
2a1afb5a
JH		 5408 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
5409 sizeof(rp));
69487371
JH		 5410
5411 if (conn) {
5412 hci_conn_drop(conn);
5413 hci_conn_put(conn);
5414 }
9df74653
JH		 5415
5416 return err;
69487371
JH		 5417}
5418
1904a853 5419static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 5420{
95868426 5421 struct hci_cp_read_clock *hci_cp;
3b0602cd 5422 struct mgmt_pending_cmd *cmd;
95868426
JH		 5423 struct hci_conn *conn;
5424
5425 BT_DBG("%s status %u", hdev->name, status);
5426
5427 hci_dev_lock(hdev);
5428
5429 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
5430 if (!hci_cp)
5431 goto unlock;
5432
5433 if (hci_cp->which) {
5434 u16 handle = __le16_to_cpu(hci_cp->handle);
5435 conn = hci_conn_hash_lookup_handle(hdev, handle);
5436 } else {
5437 conn = NULL;
5438 }
5439
333ae95d 5440 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 5441 if (!cmd)
5442 goto unlock;
5443
69487371 5444 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 5445 mgmt_pending_remove(cmd);
95868426
JH		 5446
5447unlock:
5448 hci_dev_unlock(hdev);
5449}
5450
5451static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5452 u16 len)
5453{
5454 struct mgmt_cp_get_clock_info *cp = data;
5455 struct mgmt_rp_get_clock_info rp;
5456 struct hci_cp_read_clock hci_cp;
3b0602cd 5457 struct mgmt_pending_cmd *cmd;
95868426
JH		 5458 struct hci_request req;
5459 struct hci_conn *conn;
5460 int err;
5461
5462 BT_DBG("%s", hdev->name);
5463
5464 memset(&rp, 0, sizeof(rp));
5465 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5466 rp.addr.type = cp->addr.type;
5467
5468 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5469 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5470 MGMT_STATUS_INVALID_PARAMS,
5471 &rp, sizeof(rp));
95868426
JH		 5472
5473 hci_dev_lock(hdev);
5474
5475 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5476 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
5477 MGMT_STATUS_NOT_POWERED, &rp,
5478 sizeof(rp));
95868426
JH		 5479 goto unlock;
5480 }
5481
5482 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5483 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
5484 &cp->addr.bdaddr);
5485 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 5486 err = mgmt_cmd_complete(sk, hdev->id,
5487 MGMT_OP_GET_CLOCK_INFO,
5488 MGMT_STATUS_NOT_CONNECTED,
5489 &rp, sizeof(rp));
95868426
JH		 5490 goto unlock;
5491 }
5492 } else {
5493 conn = NULL;
5494 }
5495
5496 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
5497 if (!cmd) {
5498 err = -ENOMEM;
5499 goto unlock;
5500 }
5501
69487371
JH		 5502 cmd->cmd_complete = clock_info_cmd_complete;
5503
95868426
JH		 5504 hci_req_init(&req, hdev);
5505
5506 memset(&hci_cp, 0, sizeof(hci_cp));
5507 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5508
5509 if (conn) {
5510 hci_conn_hold(conn);
f8aaf9b6 5511 cmd->user_data = hci_conn_get(conn);
95868426
JH		 5512
5513 hci_cp.handle = cpu_to_le16(conn->handle);
5514 hci_cp.which = 0x01; /* Piconet clock */
5515 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
5516 }
5517
5518 err = hci_req_run(&req, get_clock_info_complete);
5519 if (err < 0)
5520 mgmt_pending_remove(cmd);
5521
5522unlock:
5523 hci_dev_unlock(hdev);
5524 return err;
5525}
5526
5a154e6f
JH		 5527static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
5528{
5529 struct hci_conn *conn;
5530
5531 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
5532 if (!conn)
5533 return false;
5534
5535 if (conn->dst_type != type)
5536 return false;
5537
5538 if (conn->state != BT_CONNECTED)
5539 return false;
5540
5541 return true;
5542}
5543
5544/* This function requires the caller holds hdev->lock */
51d7a94d 5545static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 5546 u8 addr_type, u8 auto_connect)
5547{
5a154e6f
JH		 5548 struct hci_conn_params *params;
5549
5550 params = hci_conn_params_add(hdev, addr, addr_type);
5551 if (!params)
5552 return -EIO;
5553
5554 if (params->auto_connect == auto_connect)
5555 return 0;
5556
5557 list_del_init(&params->action);
5558
5559 switch (auto_connect) {
5560 case HCI_AUTO_CONN_DISABLED:
5561 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 5562 /* If auto connect is being disabled when we're trying to
5563 * connect to device, keep connecting.
5564 */
5565 if (params->explicit_connect)
5566 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5567 break;
5568 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 5569 if (params->explicit_connect)
5570 list_add(&params->action, &hdev->pend_le_conns);
5571 else
5572 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 5573 break;
5574 case HCI_AUTO_CONN_DIRECT:
5575 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 5576 if (!is_connected(hdev, addr, addr_type))
5a154e6f 5577 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 5578 break;
5579 }
5580
5581 params->auto_connect = auto_connect;
5582
5583 BT_DBG("addr %pMR (type %u) auto_connect %u", addr, addr_type,
5584 auto_connect);
5585
5586 return 0;
5587}
5588
8afef092
MH		 5589static void device_added(struct sock *sk, struct hci_dev *hdev,
5590 bdaddr_t *bdaddr, u8 type, u8 action)
5591{
5592 struct mgmt_ev_device_added ev;
5593
5594 bacpy(&ev.addr.bdaddr, bdaddr);
5595 ev.addr.type = type;
5596 ev.action = action;
5597
5598 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
5599}
5600
2faade53
MH		 5601static int add_device(struct sock *sk, struct hci_dev *hdev,
5602 void *data, u16 len)
5603{
5604 struct mgmt_cp_add_device *cp = data;
5605 u8 auto_conn, addr_type;
5606 int err;
5607
5608 BT_DBG("%s", hdev->name);
5609
6659358e 5610 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 5611 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 5612 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5613 MGMT_STATUS_INVALID_PARAMS,
5614 &cp->addr, sizeof(cp->addr));
2faade53 5615
4b9e7e75 5616 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 5617 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5618 MGMT_STATUS_INVALID_PARAMS,
5619 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5620
5621 hci_dev_lock(hdev);
5622
6659358e 5623 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 5624 /* Only incoming connections action is supported for now */
6659358e 5625 if (cp->action != 0x01) {
51d7a94d
JH		 5626 err = mgmt_cmd_complete(sk, hdev->id,
5627 MGMT_OP_ADD_DEVICE,
5628 MGMT_STATUS_INVALID_PARAMS,
5629 &cp->addr, sizeof(cp->addr));
6659358e
JH		 5630 goto unlock;
5631 }
5632
5633 err = hci_bdaddr_list_add(&hdev->whitelist, &cp->addr.bdaddr,
5634 cp->addr.type);
5635 if (err)
5636 goto unlock;
a397407f 5637
01b1cb87 5638 hci_req_update_scan(hdev);
a397407f 5639
6659358e
JH		 5640 goto added;
5641 }
5642
85813a7e 5643 addr_type = le_addr_type(cp->addr.type);
2faade53 5644
4b9e7e75 5645 if (cp->action == 0x02)
2faade53 5646 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 5647 else if (cp->action == 0x01)
5648 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 5649 else
a3451d27 5650 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 5651
9a0a8a8e
JP		 5652 /* Kernel internally uses conn_params with resolvable private
5653 * address, but Add Device allows only identity addresses.
5654 * Make sure it is enforced before calling
5655 * hci_conn_params_lookup.
5656 */
5657 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5658 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5659 MGMT_STATUS_INVALID_PARAMS,
5660 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5661 goto unlock;
5662 }
5663
bf5b3c8b
MH		 5664 /* If the connection parameters don't exist for this device,
5665 * they will be created and configured with defaults.
5666 */
51d7a94d 5667 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 5668 auto_conn) < 0) {
51d7a94d
JH		 5669 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5670 MGMT_STATUS_FAILED, &cp->addr,
5671 sizeof(cp->addr));
2faade53
MH		 5672 goto unlock;
5673 }
5674
51d7a94d
JH		 5675 hci_update_background_scan(hdev);
5676
6659358e 5677added:
8afef092
MH		 5678 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
5679
51d7a94d
JH		 5680 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
5681 MGMT_STATUS_SUCCESS, &cp->addr,
5682 sizeof(cp->addr));
2faade53
MH		 5683
5684unlock:
5685 hci_dev_unlock(hdev);
5686 return err;
5687}
5688
8afef092
MH		 5689static void device_removed(struct sock *sk, struct hci_dev *hdev,
5690 bdaddr_t *bdaddr, u8 type)
5691{
5692 struct mgmt_ev_device_removed ev;
5693
5694 bacpy(&ev.addr.bdaddr, bdaddr);
5695 ev.addr.type = type;
5696
5697 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
5698}
5699
2faade53
MH		 5700static int remove_device(struct sock *sk, struct hci_dev *hdev,
5701 void *data, u16 len)
5702{
5703 struct mgmt_cp_remove_device *cp = data;
5704 int err;
5705
5706 BT_DBG("%s", hdev->name);
5707
5708 hci_dev_lock(hdev);
5709
5710 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 5711 struct hci_conn_params *params;
2faade53
MH		 5712 u8 addr_type;
5713
6659358e 5714 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 5715 err = mgmt_cmd_complete(sk, hdev->id,
5716 MGMT_OP_REMOVE_DEVICE,
5717 MGMT_STATUS_INVALID_PARAMS,
5718 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5719 goto unlock;
5720 }
5721
6659358e
JH		 5722 if (cp->addr.type == BDADDR_BREDR) {
5723 err = hci_bdaddr_list_del(&hdev->whitelist,
5724 &cp->addr.bdaddr,
5725 cp->addr.type);
5726 if (err) {
51d7a94d
JH		 5727 err = mgmt_cmd_complete(sk, hdev->id,
5728 MGMT_OP_REMOVE_DEVICE,
5729 MGMT_STATUS_INVALID_PARAMS,
5730 &cp->addr,
5731 sizeof(cp->addr));
6659358e
JH		 5732 goto unlock;
5733 }
5734
01b1cb87 5735 hci_req_update_scan(hdev);
a397407f 5736
6659358e
JH		 5737 device_removed(sk, hdev, &cp->addr.bdaddr,
5738 cp->addr.type);
5739 goto complete;
5740 }
5741
85813a7e 5742 addr_type = le_addr_type(cp->addr.type);
2faade53 5743
9a0a8a8e
JP		 5744 /* Kernel internally uses conn_params with resolvable private
5745 * address, but Remove Device allows only identity addresses.
5746 * Make sure it is enforced before calling
5747 * hci_conn_params_lookup.
5748 */
5749 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 5750 err = mgmt_cmd_complete(sk, hdev->id,
5751 MGMT_OP_REMOVE_DEVICE,
5752 MGMT_STATUS_INVALID_PARAMS,
5753 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 5754 goto unlock;
5755 }
5756
c71593dd
JH		 5757 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5758 addr_type);
5759 if (!params) {
51d7a94d
JH		 5760 err = mgmt_cmd_complete(sk, hdev->id,
5761 MGMT_OP_REMOVE_DEVICE,
5762 MGMT_STATUS_INVALID_PARAMS,
5763 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5764 goto unlock;
5765 }
5766
679d2b6f
JH		 5767 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
5768 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 5769 err = mgmt_cmd_complete(sk, hdev->id,
5770 MGMT_OP_REMOVE_DEVICE,
5771 MGMT_STATUS_INVALID_PARAMS,
5772 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 5773 goto unlock;
5774 }
5775
d1dbf12e 5776 list_del(&params->action);
c71593dd
JH		 5777 list_del(&params->list);
5778 kfree(params);
51d7a94d 5779 hci_update_background_scan(hdev);
8afef092
MH		 5780
5781 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 5782 } else {
19de0825 5783 struct hci_conn_params *p, *tmp;
6659358e 5784 struct bdaddr_list *b, *btmp;
19de0825 5785
2faade53 5786 if (cp->addr.type) {
51d7a94d
JH		 5787 err = mgmt_cmd_complete(sk, hdev->id,
5788 MGMT_OP_REMOVE_DEVICE,
5789 MGMT_STATUS_INVALID_PARAMS,
5790 &cp->addr, sizeof(cp->addr));
2faade53
MH		 5791 goto unlock;
5792 }
5793
6659358e
JH		 5794 list_for_each_entry_safe(b, btmp, &hdev->whitelist, list) {
5795 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
5796 list_del(&b->list);
5797 kfree(b);
5798 }
5799
01b1cb87 5800 hci_req_update_scan(hdev);
a397407f 5801
19de0825
JH		 5802 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
5803 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
5804 continue;
5805 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 5806 if (p->explicit_connect) {
5807 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
5808 continue;
5809 }
19de0825
JH		 5810 list_del(&p->action);
5811 list_del(&p->list);
5812 kfree(p);
5813 }
5814
5815 BT_DBG("All LE connection parameters were removed");
5816
51d7a94d 5817 hci_update_background_scan(hdev);
2faade53
MH		 5818 }
5819
6659358e 5820complete:
51d7a94d
JH		 5821 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
5822 MGMT_STATUS_SUCCESS, &cp->addr,
5823 sizeof(cp->addr));
2faade53
MH		 5824unlock:
5825 hci_dev_unlock(hdev);
5826 return err;
5827}
5828
a26f3dcf
JH		 5829static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
5830 u16 len)
5831{
5832 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 5833 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
5834 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 5835 u16 param_count, expected_len;
5836 int i;
5837
5838 if (!lmp_le_capable(hdev))
a69e8375
JH		 5839 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5840 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 5841
5842 param_count = __le16_to_cpu(cp->param_count);
ba1d6936 5843 if (param_count > max_param_count) {
2064ee33
MH		 5844 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
5845 param_count);
a69e8375
JH		 5846 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5847 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 5848 }
a26f3dcf
JH		 5849
5850 expected_len = sizeof(*cp) + param_count *
5851 sizeof(struct mgmt_conn_param);
5852 if (expected_len != len) {
2064ee33
MH		 5853 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
5854 expected_len, len);
a69e8375
JH		 5855 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
5856 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 5857 }
5858
5859 BT_DBG("%s param_count %u", hdev->name, param_count);
5860
5861 hci_dev_lock(hdev);
5862
5863 hci_conn_params_clear_disabled(hdev);
5864
5865 for (i = 0; i < param_count; i++) {
5866 struct mgmt_conn_param *param = &cp->params[i];
5867 struct hci_conn_params *hci_param;
5868 u16 min, max, latency, timeout;
5869 u8 addr_type;
5870
5871 BT_DBG("Adding %pMR (type %u)", &param->addr.bdaddr,
5872 param->addr.type);
5873
5874 if (param->addr.type == BDADDR_LE_PUBLIC) {
5875 addr_type = ADDR_LE_DEV_PUBLIC;
5876 } else if (param->addr.type == BDADDR_LE_RANDOM) {
5877 addr_type = ADDR_LE_DEV_RANDOM;
5878 } else {
2064ee33 5879 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 5880 continue;
5881 }
5882
5883 min = le16_to_cpu(param->min_interval);
5884 max = le16_to_cpu(param->max_interval);
5885 latency = le16_to_cpu(param->latency);
5886 timeout = le16_to_cpu(param->timeout);
5887
5888 BT_DBG("min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
5889 min, max, latency, timeout);
5890
5891 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
2064ee33 5892 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 5893 continue;
5894 }
5895
5896 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
5897 addr_type);
5898 if (!hci_param) {
2064ee33 5899 bt_dev_err(hdev, "failed to add connection parameters");
a26f3dcf
JH		 5900 continue;
5901 }
5902
5903 hci_param->conn_min_interval = min;
5904 hci_param->conn_max_interval = max;
5905 hci_param->conn_latency = latency;
5906 hci_param->supervision_timeout = timeout;
5907 }
5908
5909 hci_dev_unlock(hdev);
5910
2a1afb5a
JH		 5911 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
5912 NULL, 0);
a26f3dcf
JH		 5913}
5914
dbece37a
MH		 5915static int set_external_config(struct sock *sk, struct hci_dev *hdev,
5916 void *data, u16 len)
5917{
5918 struct mgmt_cp_set_external_config *cp = data;
5919 bool changed;
5920 int err;
5921
5922 BT_DBG("%s", hdev->name);
5923
5924 if (hdev_is_powered(hdev))
a69e8375
JH		 5925 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5926 MGMT_STATUS_REJECTED);
dbece37a
MH		 5927
5928 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 5929 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5930 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 5931
5932 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 5933 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
5934 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 5935
5936 hci_dev_lock(hdev);
5937
5938 if (cp->config)
238be788 5939 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 5940 else
a69d8927 5941 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 5942
5943 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
5944 if (err < 0)
5945 goto unlock;
5946
5947 if (!changed)
5948 goto unlock;
5949
f4537c04
MH		 5950 err = new_options(hdev, sk);
5951
d7a5a11d 5952 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 5953 mgmt_index_removed(hdev);
d603b76b 5954
516018a9 5955 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 5956 hci_dev_set_flag(hdev, HCI_CONFIG);
5957 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 5958
5959 queue_work(hdev->req_workqueue, &hdev->power_on);
5960 } else {
5ea234d3 5961 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 5962 mgmt_index_added(hdev);
5963 }
dbece37a
MH		 5964 }
5965
5966unlock:
5967 hci_dev_unlock(hdev);
5968 return err;
5969}
5970
9713c17b
MH		 5971static int set_public_address(struct sock *sk, struct hci_dev *hdev,
5972 void *data, u16 len)
5973{
5974 struct mgmt_cp_set_public_address *cp = data;
5975 bool changed;
5976 int err;
5977
5978 BT_DBG("%s", hdev->name);
5979
5980 if (hdev_is_powered(hdev))
a69e8375
JH		 5981 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5982 MGMT_STATUS_REJECTED);
9713c17b
MH		 5983
5984 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 5985 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5986 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 5987
5988 if (!hdev->set_bdaddr)
a69e8375
JH		 5989 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
5990 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 5991
5992 hci_dev_lock(hdev);
5993
5994 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
5995 bacpy(&hdev->public_addr, &cp->bdaddr);
5996
5997 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
5998 if (err < 0)
5999 goto unlock;
6000
6001 if (!changed)
6002 goto unlock;
6003
d7a5a11d 6004 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 6005 err = new_options(hdev, sk);
6006
6007 if (is_configured(hdev)) {
6008 mgmt_index_removed(hdev);
6009
a358dc11 6010 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 6011
a1536da2
MH		 6012 hci_dev_set_flag(hdev, HCI_CONFIG);
6013 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 6014
6015 queue_work(hdev->req_workqueue, &hdev->power_on);
6016 }
6017
6018unlock:
6019 hci_dev_unlock(hdev);
6020 return err;
6021}
6022
40f66c05
JH		 6023static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
6024 u16 opcode, struct sk_buff *skb)
6025{
6026 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
6027 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
6028 u8 *h192, *r192, *h256, *r256;
6029 struct mgmt_pending_cmd *cmd;
6030 u16 eir_len;
6031 int err;
6032
6033 BT_DBG("%s status %u", hdev->name, status);
6034
6035 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
6036 if (!cmd)
6037 return;
6038
6039 mgmt_cp = cmd->param;
6040
6041 if (status) {
6042 status = mgmt_status(status);
6043 eir_len = 0;
6044
6045 h192 = NULL;
6046 r192 = NULL;
6047 h256 = NULL;
6048 r256 = NULL;
6049 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
6050 struct hci_rp_read_local_oob_data *rp;
6051
6052 if (skb->len != sizeof(*rp)) {
6053 status = MGMT_STATUS_FAILED;
6054 eir_len = 0;
6055 } else {
6056 status = MGMT_STATUS_SUCCESS;
6057 rp = (void *)skb->data;
6058
6059 eir_len = 5 + 18 + 18;
6060 h192 = rp->hash;
6061 r192 = rp->rand;
6062 h256 = NULL;
6063 r256 = NULL;
6064 }
6065 } else {
6066 struct hci_rp_read_local_oob_ext_data *rp;
6067
6068 if (skb->len != sizeof(*rp)) {
6069 status = MGMT_STATUS_FAILED;
6070 eir_len = 0;
6071 } else {
6072 status = MGMT_STATUS_SUCCESS;
6073 rp = (void *)skb->data;
6074
6075 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
6076 eir_len = 5 + 18 + 18;
6077 h192 = NULL;
6078 r192 = NULL;
6079 } else {
6080 eir_len = 5 + 18 + 18 + 18 + 18;
6081 h192 = rp->hash192;
6082 r192 = rp->rand192;
6083 }
6084
6085 h256 = rp->hash256;
6086 r256 = rp->rand256;
6087 }
6088 }
6089
6090 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
6091 if (!mgmt_rp)
6092 goto done;
6093
6094 if (status)
6095 goto send_rsp;
6096
6097 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
6098 hdev->dev_class, 3);
6099
6100 if (h192 && r192) {
6101 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6102 EIR_SSP_HASH_C192, h192, 16);
6103 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6104 EIR_SSP_RAND_R192, r192, 16);
6105 }
6106
6107 if (h256 && r256) {
6108 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6109 EIR_SSP_HASH_C256, h256, 16);
6110 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
6111 EIR_SSP_RAND_R256, r256, 16);
6112 }
6113
6114send_rsp:
6115 mgmt_rp->type = mgmt_cp->type;
6116 mgmt_rp->eir_len = cpu_to_le16(eir_len);
6117
6118 err = mgmt_cmd_complete(cmd->sk, hdev->id,
6119 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
6120 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
6121 if (err < 0 || status)
6122 goto done;
6123
6124 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
6125
6126 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6127 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
6128 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
6129done:
6130 kfree(mgmt_rp);
6131 mgmt_pending_remove(cmd);
6132}
6133
6134static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
6135 struct mgmt_cp_read_local_oob_ext_data *cp)
6136{
6137 struct mgmt_pending_cmd *cmd;
6138 struct hci_request req;
6139 int err;
6140
6141 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
6142 cp, sizeof(*cp));
6143 if (!cmd)
6144 return -ENOMEM;
6145
6146 hci_req_init(&req, hdev);
6147
6148 if (bredr_sc_enabled(hdev))
6149 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
6150 else
6151 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
6152
6153 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
6154 if (err < 0) {
6155 mgmt_pending_remove(cmd);
6156 return err;
6157 }
6158
6159 return 0;
6160}
6161
4f0f155c
MH		 6162static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
6163 void *data, u16 data_len)
6164{
6165 struct mgmt_cp_read_local_oob_ext_data *cp = data;
6166 struct mgmt_rp_read_local_oob_ext_data *rp;
6167 size_t rp_len;
6168 u16 eir_len;
0821a2c5 6169 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 6170 int err;
6171
6172 BT_DBG("%s", hdev->name);
6173
57b0d3e8
MH		 6174 if (hdev_is_powered(hdev)) {
6175 switch (cp->type) {
6176 case BIT(BDADDR_BREDR):
6177 status = mgmt_bredr_support(hdev);
6178 if (status)
6179 eir_len = 0;
6180 else
6181 eir_len = 5;
6182 break;
6183 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
6184 status = mgmt_le_support(hdev);
6185 if (status)
6186 eir_len = 0;
6187 else
6188 eir_len = 9 + 3 + 18 + 18 + 3;
6189 break;
6190 default:
6191 status = MGMT_STATUS_INVALID_PARAMS;
6192 eir_len = 0;
6193 break;
6194 }
6195 } else {
6196 status = MGMT_STATUS_NOT_POWERED;
6197 eir_len = 0;
4f0f155c
MH		 6198 }
6199
4f0f155c
MH		 6200 rp_len = sizeof(*rp) + eir_len;
6201 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 6202 if (!rp)
4f0f155c 6203 return -ENOMEM;
efcd8c98 6204
57b0d3e8
MH		 6205 if (status)
6206 goto complete;
6207
efcd8c98 6208 hci_dev_lock(hdev);
4f0f155c
MH		 6209
6210 eir_len = 0;
6211 switch (cp->type) {
6212 case BIT(BDADDR_BREDR):
40f66c05
JH		 6213 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
6214 err = read_local_ssp_oob_req(hdev, sk, cp);
6215 hci_dev_unlock(hdev);
6216 if (!err)
6217 goto done;
6218
6219 status = MGMT_STATUS_FAILED;
6220 goto complete;
6221 } else {
6222 eir_len = eir_append_data(rp->eir, eir_len,
6223 EIR_CLASS_OF_DEV,
6224 hdev->dev_class, 3);
6225 }
4f0f155c
MH		 6226 break;
6227 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 6228 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6229 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 6230 hci_dev_unlock(hdev);
57b0d3e8
MH		 6231 status = MGMT_STATUS_FAILED;
6232 goto complete;
0821a2c5
MH		 6233 }
6234
e213568a
MH		 6235 /* This should return the active RPA, but since the RPA
6236 * is only programmed on demand, it is really hard to fill
6237 * this in at the moment. For now disallow retrieving
6238 * local out-of-band data when privacy is in use.
6239 *
6240 * Returning the identity address will not help here since
6241 * pairing happens before the identity resolving key is
6242 * known and thus the connection establishment happens
6243 * based on the RPA and not the identity address.
6244 */
4f0f155c 6245 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 6246 hci_dev_unlock(hdev);
6247 status = MGMT_STATUS_REJECTED;
6248 goto complete;
6249 }
6250
6251 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
6252 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
6253 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
6254 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 6255 memcpy(addr, &hdev->static_addr, 6);
6256 addr[6] = 0x01;
6257 } else {
6258 memcpy(addr, &hdev->bdaddr, 6);
6259 addr[6] = 0x00;
6260 }
6261
6262 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
6263 addr, sizeof(addr));
6264
6265 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
6266 role = 0x02;
6267 else
6268 role = 0x01;
6269
6270 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
6271 &role, sizeof(role));
6272
5082a599
MH		 6273 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
6274 eir_len = eir_append_data(rp->eir, eir_len,
6275 EIR_LE_SC_CONFIRM,
6276 hash, sizeof(hash));
0821a2c5 6277
5082a599
MH		 6278 eir_len = eir_append_data(rp->eir, eir_len,
6279 EIR_LE_SC_RANDOM,
6280 rand, sizeof(rand));
6281 }
0821a2c5 6282
f2252570 6283 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 6284
6285 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
6286 flags |= LE_AD_NO_BREDR;
6287
6288 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
6289 &flags, sizeof(flags));
6290 break;
6291 }
6292
4f0f155c
MH		 6293 hci_dev_unlock(hdev);
6294
72000df2
MH		 6295 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
6296
57b0d3e8
MH		 6297 status = MGMT_STATUS_SUCCESS;
6298
6299complete:
efcd8c98
MH		 6300 rp->type = cp->type;
6301 rp->eir_len = cpu_to_le16(eir_len);
6302
4f0f155c 6303 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 6304 status, rp, sizeof(*rp) + eir_len);
6305 if (err < 0 || status)
72000df2
MH		 6306 goto done;
6307
6308 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
6309 rp, sizeof(*rp) + eir_len,
6310 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 6311
0821a2c5 6312done:
4f0f155c
MH		 6313 kfree(rp);
6314
6315 return err;
6316}
6317
089fa8c0
AU		 6318static u32 get_supported_adv_flags(struct hci_dev *hdev)
6319{
6320 u32 flags = 0;
6321
6322 flags |= MGMT_ADV_FLAG_CONNECTABLE;
6323 flags |= MGMT_ADV_FLAG_DISCOV;
6324 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
6325 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
c4960ecf 6326 flags |= MGMT_ADV_FLAG_APPEARANCE;
7c295c48 6327 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
089fa8c0 6328
de181e88
JK		 6329 /* In extended adv TX_POWER returned from Set Adv Param
6330 * will be always valid.
6331 */
6332 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
6333 ext_adv_capable(hdev))
089fa8c0
AU		 6334 flags |= MGMT_ADV_FLAG_TX_POWER;
6335
85a721a8
JK		 6336 if (ext_adv_capable(hdev)) {
6337 flags |= MGMT_ADV_FLAG_SEC_1M;
6338
6339 if (hdev->le_features[1] & HCI_LE_PHY_2M)
6340 flags |= MGMT_ADV_FLAG_SEC_2M;
6341
6342 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
6343 flags |= MGMT_ADV_FLAG_SEC_CODED;
6344 }
6345
089fa8c0
AU		 6346 return flags;
6347}
6348
d3d5305b
MH		 6349static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
6350 void *data, u16 data_len)
6351{
6352 struct mgmt_rp_read_adv_features *rp;
6353 size_t rp_len;
02c04afe 6354 int err;
286e0c83 6355 struct adv_info *adv_instance;
089fa8c0 6356 u32 supported_flags;
02c04afe 6357 u8 *instance;
d3d5305b
MH		 6358
6359 BT_DBG("%s", hdev->name);
6360
089fa8c0
AU		 6361 if (!lmp_le_capable(hdev))
6362 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6363 MGMT_STATUS_REJECTED);
6364
d3d5305b
MH		 6365 hci_dev_lock(hdev);
6366
02c04afe 6367 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 6368 rp = kmalloc(rp_len, GFP_ATOMIC);
6369 if (!rp) {
6370 hci_dev_unlock(hdev);
6371 return -ENOMEM;
6372 }
6373
089fa8c0
AU		 6374 supported_flags = get_supported_adv_flags(hdev);
6375
6376 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 6377 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
6378 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
d2609b34 6379 rp->max_instances = HCI_MAX_ADV_INSTANCES;
02c04afe 6380 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 6381
02c04afe
JH		 6382 instance = rp->instance;
6383 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
6384 *instance = adv_instance->instance;
6385 instance++;
24b4f38f 6386 }
d3d5305b
MH		 6387
6388 hci_dev_unlock(hdev);
6389
6390 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
6391 MGMT_STATUS_SUCCESS, rp, rp_len);
6392
6393 kfree(rp);
6394
6395 return err;
6396}
6397
f61851f6
MN		 6398static u8 calculate_name_len(struct hci_dev *hdev)
6399{
6400 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
6401
6402 return append_local_name(hdev, buf, 0);
6403}
6404
6405static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
6406 bool is_adv_data)
24b4f38f 6407{
4117ed70 6408 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 6409
31a3248d
MH		 6410 if (is_adv_data) {
6411 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
6412 MGMT_ADV_FLAG_LIMITED_DISCOV |
2bb36870 6413 MGMT_ADV_FLAG_MANAGED_FLAGS))
31a3248d 6414 max_len -= 3;
24b4f38f 6415
2bb36870 6416 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
31a3248d 6417 max_len -= 3;
7c295c48 6418 } else {
7c295c48 6419 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
f61851f6 6420 max_len -= calculate_name_len(hdev);
c4960ecf 6421
2bb36870 6422 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
c4960ecf 6423 max_len -= 4;
5507e358
AU		 6424 }
6425
2bb36870
SJ		 6426 return max_len;
6427}
6428
6429static bool flags_managed(u32 adv_flags)
6430{
6431 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
6432 MGMT_ADV_FLAG_LIMITED_DISCOV |
6433 MGMT_ADV_FLAG_MANAGED_FLAGS);
6434}
6435
6436static bool tx_power_managed(u32 adv_flags)
6437{
6438 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
6439}
6440
6441static bool name_managed(u32 adv_flags)
6442{
6443 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
6444}
6445
6446static bool appearance_managed(u32 adv_flags)
6447{
6448 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
6449}
6450
f61851f6
MN		 6451static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
6452 u8 len, bool is_adv_data)
2bb36870
SJ		 6453{
6454 int i, cur_len;
6455 u8 max_len;
6456
f61851f6 6457 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
2bb36870 6458
4117ed70 6459 if (len > max_len)
24b4f38f
AU		 6460 return false;
6461
4117ed70
AU		 6462 /* Make sure that the data is correctly formatted. */
6463 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
6464 cur_len = data[i];
24b4f38f 6465
9c9db78d
SJ		 6466 if (data[i + 1] == EIR_FLAGS &&
6467 (!is_adv_data || flags_managed(adv_flags)))
2bb36870
SJ		 6468 return false;
6469
6470 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
6471 return false;
6472
6473 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
6474 return false;
6475
6476 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
b44133ff
AU		 6477 return false;
6478
2bb36870
SJ		 6479 if (data[i + 1] == EIR_APPEARANCE &&
6480 appearance_managed(adv_flags))
5507e358
AU		 6481 return false;
6482
24b4f38f
AU		 6483 /* If the current field length would exceed the total data
6484 * length, then it's invalid.
6485 */
4117ed70 6486 if (i + cur_len >= len)
24b4f38f
AU		 6487 return false;
6488 }
6489
6490 return true;
6491}
6492
24b4f38f
AU		 6493static void add_advertising_complete(struct hci_dev *hdev, u8 status,
6494 u16 opcode)
6495{
6496 struct mgmt_pending_cmd *cmd;
fffd38bc 6497 struct mgmt_cp_add_advertising *cp;
24b4f38f 6498 struct mgmt_rp_add_advertising rp;
fffd38bc
FG		 6499 struct adv_info *adv_instance, *n;
6500 u8 instance;
24b4f38f
AU		 6501
6502 BT_DBG("status %d", status);
6503
6504 hci_dev_lock(hdev);
6505
6506 cmd = pending_find(MGMT_OP_ADD_ADVERTISING, hdev);
6507
fffd38bc
FG		 6508 list_for_each_entry_safe(adv_instance, n, &hdev->adv_instances, list) {
6509 if (!adv_instance->pending)
6510 continue;
6511
6512 if (!status) {
6513 adv_instance->pending = false;
6514 continue;
6515 }
6516
6517 instance = adv_instance->instance;
6518
6519 if (hdev->cur_adv_instance == instance)
6520 cancel_adv_timeout(hdev);
6521
6522 hci_remove_adv_instance(hdev, instance);
f2252570 6523 mgmt_advertising_removed(cmd ? cmd->sk : NULL, hdev, instance);
24b4f38f
AU		 6524 }
6525
6526 if (!cmd)
6527 goto unlock;
6528
fffd38bc
FG		 6529 cp = cmd->param;
6530 rp.instance = cp->instance;
24b4f38f
AU		 6531
6532 if (status)
6533 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6534 mgmt_status(status));
6535 else
6536 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
6537 mgmt_status(status), &rp, sizeof(rp));
6538
6539 mgmt_pending_remove(cmd);
6540
6541unlock:
6542 hci_dev_unlock(hdev);
6543}
6544
6545static int add_advertising(struct sock *sk, struct hci_dev *hdev,
6546 void *data, u16 data_len)
6547{
6548 struct mgmt_cp_add_advertising *cp = data;
6549 struct mgmt_rp_add_advertising rp;
6550 u32 flags;
85a721a8 6551 u32 supported_flags, phy_flags;
24b4f38f 6552 u8 status;
fffd38bc
FG		 6553 u16 timeout, duration;
6554 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
6555 u8 schedule_instance = 0;
6556 struct adv_info *next_instance;
24b4f38f
AU		 6557 int err;
6558 struct mgmt_pending_cmd *cmd;
6559 struct hci_request req;
6560
6561 BT_DBG("%s", hdev->name);
6562
6563 status = mgmt_le_support(hdev);
6564 if (status)
6565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6566 status);
6567
ceff86af 6568 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6a0e7807
JH		 6569 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6570 MGMT_STATUS_INVALID_PARAMS);
6571
6572 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 6573 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6574 MGMT_STATUS_INVALID_PARAMS);
6575
24b4f38f 6576 flags = __le32_to_cpu(cp->flags);
912098a6 6577 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 6578 duration = __le16_to_cpu(cp->duration);
24b4f38f 6579
fffd38bc 6580 /* The current implementation only supports a subset of the specified
85a721a8 6581 * flags. Also need to check mutual exclusiveness of sec flags.
089fa8c0
AU		 6582 */
6583 supported_flags = get_supported_adv_flags(hdev);
85a721a8
JK		 6584 phy_flags = flags & MGMT_ADV_FLAG_SEC_MASK;
6585 if (flags & ~supported_flags ||
6586 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
24b4f38f
AU		 6587 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6588 MGMT_STATUS_INVALID_PARAMS);
6589
6590 hci_dev_lock(hdev);
6591
912098a6
AU		 6592 if (timeout && !hdev_is_powered(hdev)) {
6593 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6594 MGMT_STATUS_REJECTED);
6595 goto unlock;
6596 }
6597
24b4f38f 6598 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
da929335 6599 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
24b4f38f
AU		 6600 pending_find(MGMT_OP_SET_LE, hdev)) {
6601 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6602 MGMT_STATUS_BUSY);
6603 goto unlock;
6604 }
6605
f61851f6
MN		 6606 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
6607 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 6608 cp->scan_rsp_len, false)) {
24b4f38f
AU		 6609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6610 MGMT_STATUS_INVALID_PARAMS);
6611 goto unlock;
6612 }
6613
fffd38bc
FG		 6614 err = hci_add_adv_instance(hdev, cp->instance, flags,
6615 cp->adv_data_len, cp->data,
6616 cp->scan_rsp_len,
6617 cp->data + cp->adv_data_len,
6618 timeout, duration);
6619 if (err < 0) {
6620 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6621 MGMT_STATUS_FAILED);
6622 goto unlock;
6623 }
24b4f38f 6624
fffd38bc
FG		 6625 /* Only trigger an advertising added event if a new instance was
6626 * actually added.
6627 */
6628 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 6629 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 6630
fffd38bc
FG		 6631 if (hdev->cur_adv_instance == cp->instance) {
6632 /* If the currently advertised instance is being changed then
6633 * cancel the current advertising and schedule the next
6634 * instance. If there is only one instance then the overridden
6635 * advertising data will be visible right away.
6636 */
6637 cancel_adv_timeout(hdev);
912098a6 6638
fffd38bc
FG		 6639 next_instance = hci_get_next_instance(hdev, cp->instance);
6640 if (next_instance)
6641 schedule_instance = next_instance->instance;
6642 } else if (!hdev->adv_instance_timeout) {
6643 /* Immediately advertise the new instance if no other
6644 * instance is currently being advertised.
6645 */
6646 schedule_instance = cp->instance;
6647 }
24b4f38f 6648
fffd38bc
FG		 6649 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
6650 * there is no instance to be advertised then we have no HCI
6651 * communication to make. Simply return.
24b4f38f
AU		 6652 */
6653 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 6654 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
6655 !schedule_instance) {
6656 rp.instance = cp->instance;
24b4f38f
AU		 6657 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
6658 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6659 goto unlock;
6660 }
6661
6662 /* We're good to go, update advertising data, parameters, and start
6663 * advertising.
6664 */
6665 cmd = mgmt_pending_add(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
6666 data_len);
6667 if (!cmd) {
6668 err = -ENOMEM;
6669 goto unlock;
6670 }
6671
6672 hci_req_init(&req, hdev);
6673
f2252570 6674 err = __hci_req_schedule_adv_instance(&req, schedule_instance, true);
fffd38bc
FG		 6675
6676 if (!err)
6677 err = hci_req_run(&req, add_advertising_complete);
24b4f38f 6678
24b4f38f
AU		 6679 if (err < 0)
6680 mgmt_pending_remove(cmd);
6681
6682unlock:
6683 hci_dev_unlock(hdev);
6684
6685 return err;
6686}
6687
da929335
AU		 6688static void remove_advertising_complete(struct hci_dev *hdev, u8 status,
6689 u16 opcode)
6690{
6691 struct mgmt_pending_cmd *cmd;
01948331 6692 struct mgmt_cp_remove_advertising *cp;
da929335
AU		 6693 struct mgmt_rp_remove_advertising rp;
6694
6695 BT_DBG("status %d", status);
6696
6697 hci_dev_lock(hdev);
6698
6699 /* A failure status here only means that we failed to disable
6700 * advertising. Otherwise, the advertising instance has been removed,
6701 * so report success.
6702 */
6703 cmd = pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev);
6704 if (!cmd)
6705 goto unlock;
6706
01948331
FG		 6707 cp = cmd->param;
6708 rp.instance = cp->instance;
da929335
AU		 6709
6710 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, MGMT_STATUS_SUCCESS,
6711 &rp, sizeof(rp));
6712 mgmt_pending_remove(cmd);
6713
6714unlock:
6715 hci_dev_unlock(hdev);
6716}
6717
6718static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
6719 void *data, u16 data_len)
6720{
6721 struct mgmt_cp_remove_advertising *cp = data;
6722 struct mgmt_rp_remove_advertising rp;
da929335
AU		 6723 struct mgmt_pending_cmd *cmd;
6724 struct hci_request req;
952497b1 6725 int err;
da929335
AU		 6726
6727 BT_DBG("%s", hdev->name);
6728
da929335
AU		 6729 hci_dev_lock(hdev);
6730
952497b1 6731 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 6732 err = mgmt_cmd_status(sk, hdev->id,
6733 MGMT_OP_REMOVE_ADVERTISING,
6734 MGMT_STATUS_INVALID_PARAMS);
6735 goto unlock;
6736 }
6737
da929335
AU		 6738 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
6739 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
6740 pending_find(MGMT_OP_SET_LE, hdev)) {
6741 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6742 MGMT_STATUS_BUSY);
6743 goto unlock;
6744 }
6745
17fd08ff 6746 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 6747 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
6748 MGMT_STATUS_INVALID_PARAMS);
6749 goto unlock;
6750 }
6751
01948331 6752 hci_req_init(&req, hdev);
da929335 6753
37d3a1fa 6754 hci_req_clear_adv_instance(hdev, sk, &req, cp->instance, true);
da929335 6755
01948331 6756 if (list_empty(&hdev->adv_instances))
f2252570 6757 __hci_req_disable_advertising(&req);
da929335 6758
01948331
FG		 6759 /* If no HCI commands have been collected so far or the HCI_ADVERTISING
6760 * flag is set or the device isn't powered then we have no HCI
6761 * communication to make. Simply return.
da929335 6762 */
01948331
FG		 6763 if (skb_queue_empty(&req.cmd_q) ||
6764 !hdev_is_powered(hdev) ||
da929335 6765 hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
f17d858e 6766 hci_req_purge(&req);
01948331 6767 rp.instance = cp->instance;
da929335
AU		 6768 err = mgmt_cmd_complete(sk, hdev->id,
6769 MGMT_OP_REMOVE_ADVERTISING,
6770 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6771 goto unlock;
6772 }
6773
6774 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
6775 data_len);
6776 if (!cmd) {
6777 err = -ENOMEM;
6778 goto unlock;
6779 }
6780
da929335
AU		 6781 err = hci_req_run(&req, remove_advertising_complete);
6782 if (err < 0)
6783 mgmt_pending_remove(cmd);
6784
6785unlock:
6786 hci_dev_unlock(hdev);
6787
6788 return err;
6789}
6790
40b25fe5
MH		 6791static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
6792 void *data, u16 data_len)
6793{
6794 struct mgmt_cp_get_adv_size_info *cp = data;
6795 struct mgmt_rp_get_adv_size_info rp;
6796 u32 flags, supported_flags;
6797 int err;
6798
6799 BT_DBG("%s", hdev->name);
6800
6801 if (!lmp_le_capable(hdev))
6802 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6803 MGMT_STATUS_REJECTED);
6804
6805 if (cp->instance < 1 || cp->instance > HCI_MAX_ADV_INSTANCES)
6806 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6807 MGMT_STATUS_INVALID_PARAMS);
6808
6809 flags = __le32_to_cpu(cp->flags);
6810
6811 /* The current implementation only supports a subset of the specified
6812 * flags.
6813 */
6814 supported_flags = get_supported_adv_flags(hdev);
6815 if (flags & ~supported_flags)
6816 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6817 MGMT_STATUS_INVALID_PARAMS);
6818
6819 rp.instance = cp->instance;
6820 rp.flags = cp->flags;
f61851f6
MN		 6821 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
6822 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
40b25fe5
MH		 6823
6824 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
6825 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
6826
6827 return err;
6828}
6829
6d785aa3 6830static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 6831 { NULL }, /* 0x0000 (no command) */
b9a245fb 6832 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 6833 HCI_MGMT_NO_HDEV |
6834 HCI_MGMT_UNTRUSTED },
b9a245fb 6835 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 6836 HCI_MGMT_NO_HDEV |
6837 HCI_MGMT_UNTRUSTED },
b9a245fb 6838 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 6839 HCI_MGMT_NO_HDEV |
6840 HCI_MGMT_UNTRUSTED },
6841 { read_controller_info, MGMT_READ_INFO_SIZE,
6842 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 6843 { set_powered, MGMT_SETTING_SIZE },
6844 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
6845 { set_connectable, MGMT_SETTING_SIZE },
6846 { set_fast_connectable, MGMT_SETTING_SIZE },
6847 { set_bondable, MGMT_SETTING_SIZE },
6848 { set_link_security, MGMT_SETTING_SIZE },
6849 { set_ssp, MGMT_SETTING_SIZE },
6850 { set_hs, MGMT_SETTING_SIZE },
6851 { set_le, MGMT_SETTING_SIZE },
6852 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
6853 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
6854 { add_uuid, MGMT_ADD_UUID_SIZE },
6855 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 6856 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
6857 HCI_MGMT_VAR_LEN },
6858 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
6859 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6860 { disconnect, MGMT_DISCONNECT_SIZE },
6861 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
6862 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
6863 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
6864 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
6865 { pair_device, MGMT_PAIR_DEVICE_SIZE },
6866 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
6867 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
6868 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
6869 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
6870 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
6871 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 6872 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
6873 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
6874 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6875 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
6876 { start_discovery, MGMT_START_DISCOVERY_SIZE },
6877 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
6878 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
6879 { block_device, MGMT_BLOCK_DEVICE_SIZE },
6880 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
6881 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
6882 { set_advertising, MGMT_SETTING_SIZE },
6883 { set_bredr, MGMT_SETTING_SIZE },
6884 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
6885 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
6886 { set_secure_conn, MGMT_SETTING_SIZE },
6887 { set_debug_keys, MGMT_SETTING_SIZE },
6888 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 6889 { load_irks, MGMT_LOAD_IRKS_SIZE,
6890 HCI_MGMT_VAR_LEN },
7aea8616
MH		 6891 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
6892 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
6893 { add_device, MGMT_ADD_DEVICE_SIZE },
6894 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 6895 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
6896 HCI_MGMT_VAR_LEN },
6897 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 6898 HCI_MGMT_NO_HDEV |
6899 HCI_MGMT_UNTRUSTED },
b9a245fb 6900 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 6901 HCI_MGMT_UNCONFIGURED |
6902 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 6903 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
6904 HCI_MGMT_UNCONFIGURED },
6905 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
6906 HCI_MGMT_UNCONFIGURED },
6907 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
6908 HCI_MGMT_VAR_LEN },
4f0f155c 6909 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 6910 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 6911 HCI_MGMT_NO_HDEV |
6912 HCI_MGMT_UNTRUSTED },
d3d5305b 6913 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 6914 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
6915 HCI_MGMT_VAR_LEN },
da929335 6916 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 6917 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 6918 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 6919 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
6920 HCI_MGMT_UNTRUSTED },
c4960ecf 6921 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6244691f 6922 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
0314f286 6923 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
0f4e68cf
JH		 6924};
6925
bf6b56db 6926void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 6927{
ced85549 6928 struct mgmt_ev_ext_index ev;
bb4b2a9a 6929
0602a8ad
MH		 6930 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6931 return;
6932
f9207338 6933 switch (hdev->dev_type) {
ca8bee5d 6934 case HCI_PRIMARY:
f9207338
MH		 6935 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6936 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
6937 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6938 ev.type = 0x01;
f9207338
MH		 6939 } else {
6940 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
6941 HCI_MGMT_INDEX_EVENTS);
ced85549 6942 ev.type = 0x00;
f9207338
MH		 6943 }
6944 break;
ced85549
MH		 6945 case HCI_AMP:
6946 ev.type = 0x02;
6947 break;
6948 default:
6949 return;
f9207338 6950 }
ced85549
MH		 6951
6952 ev.bus = hdev->bus;
6953
6954 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
6955 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 6956}
6957
bf6b56db 6958void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 6959{
ced85549 6960 struct mgmt_ev_ext_index ev;
5f159032 6961 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 6962
0602a8ad
MH		 6963 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
6964 return;
6965
f9207338 6966 switch (hdev->dev_type) {
ca8bee5d 6967 case HCI_PRIMARY:
f9207338 6968 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 6969
f9207338
MH		 6970 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
6971 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
6972 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 6973 ev.type = 0x01;
f9207338
MH		 6974 } else {
6975 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
6976 HCI_MGMT_INDEX_EVENTS);
ced85549 6977 ev.type = 0x00;
f9207338
MH		 6978 }
6979 break;
ced85549
MH		 6980 case HCI_AMP:
6981 ev.type = 0x02;
6982 break;
6983 default:
6984 return;
f9207338 6985 }
ced85549
MH		 6986
6987 ev.bus = hdev->bus;
6988
6989 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
6990 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 6991}
6992
6046dc3e 6993/* This function requires the caller holds hdev->lock */
af02dd44 6994static void restart_le_actions(struct hci_dev *hdev)
6046dc3e
AG		 6995{
6996 struct hci_conn_params *p;
6997
6998 list_for_each_entry(p, &hdev->le_conn_params, list) {
d7347f3c
JH		 6999 /* Needed for AUTO_OFF case where might not "really"
7000 * have been powered off.
7001 */
7002 list_del_init(&p->action);
7003
7004 switch (p->auto_connect) {
4b9e7e75 7005 case HCI_AUTO_CONN_DIRECT:
d7347f3c
JH		 7006 case HCI_AUTO_CONN_ALWAYS:
7007 list_add(&p->action, &hdev->pend_le_conns);
7008 break;
7009 case HCI_AUTO_CONN_REPORT:
7010 list_add(&p->action, &hdev->pend_le_reports);
7011 break;
7012 default:
7013 break;
c83ed19d 7014 }
6046dc3e
AG		 7015 }
7016}
7017
2ff13894 7018void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 7019{
7020 struct cmd_lookup match = { NULL, hdev };
7021
2ff13894 7022 BT_DBG("err %d", err);
229ab39c 7023
2ff13894
JH		 7024 hci_dev_lock(hdev);
7025
7026 if (!err) {
af02dd44
JH		 7027 restart_le_actions(hdev);
7028 hci_update_background_scan(hdev);
162a3bac
MH		 7029 }
7030
229ab39c
JH		 7031 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
7032
7033 new_settings(hdev, match.sk);
7034
229ab39c
JH		 7035 if (match.sk)
7036 sock_put(match.sk);
229ab39c 7037
2ff13894 7038 hci_dev_unlock(hdev);
70da6243 7039}
562fcc24 7040
2ff13894 7041void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 7042{
7043 struct cmd_lookup match = { NULL, hdev };
9845904f 7044 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 7045
229ab39c 7046 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 7047
7048 /* If the power off is because of hdev unregistration let
7049 * use the appropriate INVALID_INDEX status. Otherwise use
7050 * NOT_POWERED. We cover both scenarios here since later in
7051 * mgmt_index_removed() any hci_conn callbacks will have already
7052 * been triggered, potentially causing misleading DISCONNECTED
7053 * status responses.
7054 */
d7a5a11d 7055 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 7056 status = MGMT_STATUS_INVALID_INDEX;
7057 else
7058 status = MGMT_STATUS_NOT_POWERED;
7059
7060 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 7061
321c6fee 7062 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 7063 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
7064 zero_cod, sizeof(zero_cod),
7065 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 7066 ext_info_changed(hdev, NULL);
7067 }
229ab39c 7068
2ff13894 7069 new_settings(hdev, match.sk);
eec8d2bc
JH		 7070
7071 if (match.sk)
7072 sock_put(match.sk);
5add6af8 7073}
73f22f62 7074
3eec705e 7075void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 7076{
3b0602cd 7077 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 7078 u8 status;
7079
333ae95d 7080 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 7081 if (!cmd)
3eec705e 7082 return;
96570ffc
JH		 7083
7084 if (err == -ERFKILL)
7085 status = MGMT_STATUS_RFKILLED;
7086 else
7087 status = MGMT_STATUS_FAILED;
7088
a69e8375 7089 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 7090
7091 mgmt_pending_remove(cmd);
96570ffc
JH		 7092}
7093
dc4a5ee2
MH		 7094void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
7095 bool persistent)
55ed8ca1 7096{
86742e1e 7097 struct mgmt_ev_new_link_key ev;
55ed8ca1 7098
a492cd52 7099 memset(&ev, 0, sizeof(ev));
55ed8ca1 7100
a492cd52 7101 ev.store_hint = persistent;
d753fdc4 7102 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 7103 ev.key.addr.type = BDADDR_BREDR;
a492cd52 7104 ev.key.type = key->type;
9b3b4460 7105 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 7106 ev.key.pin_len = key->pin_len;
55ed8ca1 7107
dc4a5ee2 7108 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 7109}
f7520543 7110
d7b25450
JH		 7111static u8 mgmt_ltk_type(struct smp_ltk *ltk)
7112{
23fb8de3
JH		 7113 switch (ltk->type) {
7114 case SMP_LTK:
7115 case SMP_LTK_SLAVE:
7116 if (ltk->authenticated)
7117 return MGMT_LTK_AUTHENTICATED;
7118 return MGMT_LTK_UNAUTHENTICATED;
7119 case SMP_LTK_P256:
7120 if (ltk->authenticated)
7121 return MGMT_LTK_P256_AUTH;
7122 return MGMT_LTK_P256_UNAUTH;
7123 case SMP_LTK_P256_DEBUG:
7124 return MGMT_LTK_P256_DEBUG;
7125 }
d7b25450
JH		 7126
7127 return MGMT_LTK_UNAUTHENTICATED;
7128}
7129
53ac6ab6 7130void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 7131{
7132 struct mgmt_ev_new_long_term_key ev;
7133
7134 memset(&ev, 0, sizeof(ev));
7135
5192d301 7136 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7137 * without providing an identity resolving key don't require
5192d301
MH		 7138 * to store long term keys. Their addresses will change the
7139 * next time around.
7140 *
7141 * Only when a remote device provides an identity address
7142 * make sure the long term key is stored. If the remote
7143 * identity is known, the long term keys are internally
7144 * mapped to the identity address. So allow static random
7145 * and public addresses here.
7146 */
ba74b666
JH		 7147 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7148 (key->bdaddr.b[5] & 0xc0) != 0xc0)
7149 ev.store_hint = 0x00;
7150 else
53ac6ab6 7151 ev.store_hint = persistent;
ba74b666 7152
346af67b 7153 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 7154 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 7155 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 7156 ev.key.enc_size = key->enc_size;
7157 ev.key.ediv = key->ediv;
fe39c7b2 7158 ev.key.rand = key->rand;
346af67b 7159
2ceba539 7160 if (key->type == SMP_LTK)
346af67b
VCG		 7161 ev.key.master = 1;
7162
1fc62c52
JH		 7163 /* Make sure we copy only the significant bytes based on the
7164 * encryption key size, and set the rest of the value to zeroes.
7165 */
cb92205b 7166 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 7167 memset(ev.key.val + key->enc_size, 0,
7168 sizeof(ev.key.val) - key->enc_size);
346af67b 7169
083368f7 7170 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 7171}
7172
cad20c27 7173void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 7174{
7175 struct mgmt_ev_new_irk ev;
7176
7177 memset(&ev, 0, sizeof(ev));
7178
cad20c27 7179 ev.store_hint = persistent;
bab6d1e5 7180
95fbac8a
JH		 7181 bacpy(&ev.rpa, &irk->rpa);
7182 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
7183 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
7184 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
7185
7186 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
7187}
7188
53ac6ab6
MH		 7189void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
7190 bool persistent)
7ee4ea36
MH		 7191{
7192 struct mgmt_ev_new_csrk ev;
7193
7194 memset(&ev, 0, sizeof(ev));
7195
7196 /* Devices using resolvable or non-resolvable random addresses
f72186d2 7197 * without providing an identity resolving key don't require
7ee4ea36
MH		 7198 * to store signature resolving keys. Their addresses will change
7199 * the next time around.
7200 *
7201 * Only when a remote device provides an identity address
7202 * make sure the signature resolving key is stored. So allow
7203 * static random and public addresses here.
7204 */
7205 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
7206 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
7207 ev.store_hint = 0x00;
7208 else
53ac6ab6 7209 ev.store_hint = persistent;
7ee4ea36
MH		 7210
7211 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
7212 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 7213 ev.key.type = csrk->type;
7ee4ea36
MH		 7214 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
7215
7216 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
7217}
7218
ffb5a827 7219void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 7220 u8 bdaddr_type, u8 store_hint, u16 min_interval,
7221 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 7222{
7223 struct mgmt_ev_new_conn_param ev;
7224
c103aea6
JH		 7225 if (!hci_is_identity_address(bdaddr, bdaddr_type))
7226 return;
7227
ffb5a827
AG		 7228 memset(&ev, 0, sizeof(ev));
7229 bacpy(&ev.addr.bdaddr, bdaddr);
7230 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 7231 ev.store_hint = store_hint;
ffb5a827
AG		 7232 ev.min_interval = cpu_to_le16(min_interval);
7233 ev.max_interval = cpu_to_le16(max_interval);
7234 ev.latency = cpu_to_le16(latency);
7235 ev.timeout = cpu_to_le16(timeout);
7236
7237 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
7238}
7239
48ec92fa
AA		 7240void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
7241 u32 flags, u8 *name, u8 name_len)
f7520543 7242{
b644ba33
JH		 7243 char buf[512];
7244 struct mgmt_ev_device_connected *ev = (void *) buf;
7245 u16 eir_len = 0;
f7520543 7246
48ec92fa
AA		 7247 bacpy(&ev->addr.bdaddr, &conn->dst);
7248 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 7249
c95f0ba7 7250 ev->flags = __cpu_to_le32(flags);
08c79b61 7251
fd45ada9
AA		 7252 /* We must ensure that the EIR Data fields are ordered and
7253 * unique. Keep it simple for now and avoid the problem by not
7254 * adding any BR/EDR data to the LE adv.
7255 */
7256 if (conn->le_adv_data_len > 0) {
7257 memcpy(&ev->eir[eir_len],
7258 conn->le_adv_data, conn->le_adv_data_len);
7259 eir_len = conn->le_adv_data_len;
7260 } else {
7261 if (name_len > 0)
7262 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
7263 name, name_len);
b644ba33 7264
ddbea5cf 7265 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 7266 eir_len = eir_append_data(ev->eir, eir_len,
7267 EIR_CLASS_OF_DEV,
7268 conn->dev_class, 3);
7269 }
b644ba33 7270
eb55ef07 7271 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 7272
ecd90ae7
MH		 7273 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
7274 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 7275}
7276
3b0602cd 7277static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 7278{
8962ee74 7279 struct sock **sk = data;
8962ee74 7280
f5818c22 7281 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 7282
7283 *sk = cmd->sk;
7284 sock_hold(*sk);
7285
a664b5bc 7286 mgmt_pending_remove(cmd);
8962ee74
JH		 7287}
7288
3b0602cd 7289static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 7290{
b1078ad0 7291 struct hci_dev *hdev = data;
124f6e35 7292 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 7293
b1078ad0
JH		 7294 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
7295
d8b7b1e4 7296 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 7297 mgmt_pending_remove(cmd);
7298}
7299
84c61d92
JH		 7300bool mgmt_powering_down(struct hci_dev *hdev)
7301{
3b0602cd 7302 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 7303 struct mgmt_mode *cp;
7304
333ae95d 7305 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 7306 if (!cmd)
7307 return false;
7308
7309 cp = cmd->param;
7310 if (!cp->val)
7311 return true;
7312
7313 return false;
7314}
7315
9b80ec5e 7316void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 7317 u8 link_type, u8 addr_type, u8 reason,
7318 bool mgmt_connected)
f7520543 7319{
f0d6a0ea 7320 struct mgmt_ev_device_disconnected ev;
8962ee74 7321 struct sock *sk = NULL;
8962ee74 7322
84c61d92
JH		 7323 /* The connection is still in hci_conn_hash so test for 1
7324 * instead of 0 to know if this is the last one.
7325 */
7326 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7327 cancel_delayed_work(&hdev->power_off);
7328 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 7329 }
7330
12d4a3b2
JH		 7331 if (!mgmt_connected)
7332 return;
7333
57eb776f
AG		 7334 if (link_type != ACL_LINK && link_type != LE_LINK)
7335 return;
7336
744cf19e 7337 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 7338
f0d6a0ea
MA		 7339 bacpy(&ev.addr.bdaddr, bdaddr);
7340 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7341 ev.reason = reason;
f7520543 7342
9b80ec5e 7343 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 7344
7345 if (sk)
d97dcb66 7346 sock_put(sk);
8962ee74 7347
124f6e35 7348 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 7349 hdev);
8962ee74
JH		 7350}
7351
7892924c
MH		 7352void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
7353 u8 link_type, u8 addr_type, u8 status)
8962ee74 7354{
3655bba8
AG		 7355 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
7356 struct mgmt_cp_disconnect *cp;
3b0602cd 7357 struct mgmt_pending_cmd *cmd;
8962ee74 7358
36a75f1b
JD		 7359 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
7360 hdev);
7361
333ae95d 7362 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 7363 if (!cmd)
7892924c 7364 return;
8962ee74 7365
3655bba8
AG		 7366 cp = cmd->param;
7367
7368 if (bacmp(bdaddr, &cp->addr.bdaddr))
7369 return;
7370
7371 if (cp->addr.type != bdaddr_type)
7372 return;
7373
f5818c22 7374 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7375 mgmt_pending_remove(cmd);
f7520543 7376}
17d5c04c 7377
445608d0
MH		 7378void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7379 u8 addr_type, u8 status)
17d5c04c
JH		 7380{
7381 struct mgmt_ev_connect_failed ev;
c9910d0f 7382
84c61d92
JH		 7383 /* The connection is still in hci_conn_hash so test for 1
7384 * instead of 0 to know if this is the last one.
7385 */
7386 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
7387 cancel_delayed_work(&hdev->power_off);
7388 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 7389 }
17d5c04c 7390
4c659c39 7391 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7392 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 7393 ev.status = mgmt_status(status);
17d5c04c 7394
445608d0 7395 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 7396}
980e1a53 7397
ce0e4a0d 7398void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 7399{
7400 struct mgmt_ev_pin_code_request ev;
7401
d8457698 7402 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 7403 ev.addr.type = BDADDR_BREDR;
a770bb5a 7404 ev.secure = secure;
980e1a53 7405
ce0e4a0d 7406 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 7407}
7408
e669cf80
MH		 7409void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7410 u8 status)
980e1a53 7411{
3b0602cd 7412 struct mgmt_pending_cmd *cmd;
980e1a53 7413
333ae95d 7414 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 7415 if (!cmd)
e669cf80 7416 return;
980e1a53 7417
7776d1d8 7418 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7419 mgmt_pending_remove(cmd);
980e1a53
JH		 7420}
7421
3eb38528
MH		 7422void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
7423 u8 status)
980e1a53 7424{
3b0602cd 7425 struct mgmt_pending_cmd *cmd;
980e1a53 7426
333ae95d 7427 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 7428 if (!cmd)
3eb38528 7429 return;
980e1a53 7430
7776d1d8 7431 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7432 mgmt_pending_remove(cmd);
980e1a53 7433}
a5c29683 7434
744cf19e 7435int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 7436 u8 link_type, u8 addr_type, u32 value,
04124681 7437 u8 confirm_hint)
a5c29683
JH		 7438{
7439 struct mgmt_ev_user_confirm_request ev;
7440
744cf19e 7441 BT_DBG("%s", hdev->name);
a5c29683 7442
272d90df 7443 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7444 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 7445 ev.confirm_hint = confirm_hint;
39adbffe 7446 ev.value = cpu_to_le32(value);
a5c29683 7447
744cf19e 7448 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 7449 NULL);
a5c29683
JH		 7450}
7451
272d90df 7452int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 7453 u8 link_type, u8 addr_type)
604086b7
BG		 7454{
7455 struct mgmt_ev_user_passkey_request ev;
7456
7457 BT_DBG("%s", hdev->name);
7458
272d90df 7459 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 7460 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 7461
7462 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 7463 NULL);
604086b7
BG		 7464}
7465
0df4c185 7466static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 7467 u8 link_type, u8 addr_type, u8 status,
7468 u8 opcode)
a5c29683 7469{
3b0602cd 7470 struct mgmt_pending_cmd *cmd;
a5c29683 7471
333ae95d 7472 cmd = pending_find(opcode, hdev);
a5c29683
JH		 7473 if (!cmd)
7474 return -ENOENT;
7475
7776d1d8 7476 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 7477 mgmt_pending_remove(cmd);
a5c29683 7478
7776d1d8 7479 return 0;
a5c29683
JH		 7480}
7481
744cf19e 7482int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7483 u8 link_type, u8 addr_type, u8 status)
a5c29683 7484{
272d90df 7485 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7486 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 7487}
7488
272d90df 7489int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7490 u8 link_type, u8 addr_type, u8 status)
a5c29683 7491{
272d90df 7492 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7493 status,
7494 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 7495}
2a611692 7496
604086b7 7497int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7498 u8 link_type, u8 addr_type, u8 status)
604086b7 7499{
272d90df 7500 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 7501 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 7502}
7503
272d90df 7504int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 7505 u8 link_type, u8 addr_type, u8 status)
604086b7 7506{
272d90df 7507 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 7508 status,
7509 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 7510}
7511
92a25256
JH		 7512int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
7513 u8 link_type, u8 addr_type, u32 passkey,
7514 u8 entered)
7515{
7516 struct mgmt_ev_passkey_notify ev;
7517
7518 BT_DBG("%s", hdev->name);
7519
7520 bacpy(&ev.addr.bdaddr, bdaddr);
7521 ev.addr.type = link_to_bdaddr(link_type, addr_type);
7522 ev.passkey = __cpu_to_le32(passkey);
7523 ev.entered = entered;
7524
7525 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
7526}
7527
e1e930f5 7528void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 7529{
7530 struct mgmt_ev_auth_failed ev;
3b0602cd 7531 struct mgmt_pending_cmd *cmd;
e1e930f5 7532 u8 status = mgmt_status(hci_status);
2a611692 7533
e1e930f5
JH		 7534 bacpy(&ev.addr.bdaddr, &conn->dst);
7535 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
7536 ev.status = status;
2a611692 7537
e1e930f5
JH		 7538 cmd = find_pairing(conn);
7539
7540 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
7541 cmd ? cmd->sk : NULL);
7542
a511b35b
JH		 7543 if (cmd) {
7544 cmd->cmd_complete(cmd, status);
7545 mgmt_pending_remove(cmd);
7546 }
2a611692 7547}
b312b161 7548
464996ae 7549void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 7550{
7551 struct cmd_lookup match = { NULL, hdev };
464996ae 7552 bool changed;
33ef95ed
JH		 7553
7554 if (status) {
7555 u8 mgmt_err = mgmt_status(status);
7556 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 7557 cmd_status_rsp, &mgmt_err);
464996ae 7558 return;
33ef95ed
JH		 7559 }
7560
464996ae 7561 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 7562 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 7563 else
a69d8927 7564 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 7565
33ef95ed 7566 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 7567 &match);
33ef95ed 7568
47990ea0 7569 if (changed)
464996ae 7570 new_settings(hdev, match.sk);
33ef95ed
JH		 7571
7572 if (match.sk)
7573 sock_put(match.sk);
33ef95ed
JH		 7574}
7575
890ea898 7576static void clear_eir(struct hci_request *req)
cacaf52f 7577{
890ea898 7578 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 7579 struct hci_cp_write_eir cp;
7580
976eb20e 7581 if (!lmp_ext_inq_capable(hdev))
890ea898 7582 return;
cacaf52f 7583
c80da27e
JH		 7584 memset(hdev->eir, 0, sizeof(hdev->eir));
7585
cacaf52f
JH		 7586 memset(&cp, 0, sizeof(cp));
7587
890ea898 7588 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 7589}
7590
3e248560 7591void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 7592{
7593 struct cmd_lookup match = { NULL, hdev };
890ea898 7594 struct hci_request req;
c0ecddc2 7595 bool changed = false;
ed2c4ee3
JH		 7596
7597 if (status) {
7598 u8 mgmt_err = mgmt_status(status);
c0ecddc2 7599
a69d8927
MH		 7600 if (enable && hci_dev_test_and_clear_flag(hdev,
7601 HCI_SSP_ENABLED)) {
a358dc11 7602 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 7603 new_settings(hdev, NULL);
9ecb3e24 7604 }
c0ecddc2 7605
04124681
GP		 7606 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
7607 &mgmt_err);
3e248560 7608 return;
c0ecddc2
JH		 7609 }
7610
7611 if (enable) {
238be788 7612 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 7613 } else {
a69d8927 7614 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 7615 if (!changed)
a69d8927
MH		 7616 changed = hci_dev_test_and_clear_flag(hdev,
7617 HCI_HS_ENABLED);
9ecb3e24 7618 else
a358dc11 7619 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 7620 }
7621
7622 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
7623
c0ecddc2 7624 if (changed)
3e248560 7625 new_settings(hdev, match.sk);
ed2c4ee3 7626
5fc6ebb1 7627 if (match.sk)
ed2c4ee3
JH		 7628 sock_put(match.sk);
7629
890ea898
JH		 7630 hci_req_init(&req, hdev);
7631
d7a5a11d
MH		 7632 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7633 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 7634 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
7635 sizeof(enable), &enable);
b1a8917c 7636 __hci_req_update_eir(&req);
3769972b 7637 } else {
890ea898 7638 clear_eir(&req);
3769972b 7639 }
890ea898
JH		 7640
7641 hci_req_run(&req, NULL);
ed2c4ee3
JH		 7642}
7643
3b0602cd 7644static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 7645{
7646 struct cmd_lookup *match = data;
7647
90e70454
JH		 7648 if (match->sk == NULL) {
7649 match->sk = cmd->sk;
7650 sock_hold(match->sk);
7651 }
90e70454
JH		 7652}
7653
4e1b0245
MH		 7654void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
7655 u8 status)
7f9a903c 7656{
90e70454 7657 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 7658
92da6097
JH		 7659 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
7660 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
7661 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 7662
321c6fee 7663 if (!status) {
5504c3a3
MH		 7664 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
7665 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 7666 ext_info_changed(hdev, NULL);
7667 }
90e70454
JH		 7668
7669 if (match.sk)
7670 sock_put(match.sk);
7f9a903c
MH		 7671}
7672
7667da34 7673void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 7674{
b312b161 7675 struct mgmt_cp_set_local_name ev;
3b0602cd 7676 struct mgmt_pending_cmd *cmd;
28cc7bde 7677
13928971 7678 if (status)
7667da34 7679 return;
b312b161
JH		 7680
7681 memset(&ev, 0, sizeof(ev));
7682 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 7683 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 7684
333ae95d 7685 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 7686 if (!cmd) {
7687 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 7688
13928971
JH		 7689 /* If this is a HCI command related to powering on the
7690 * HCI dev don't send any mgmt signals.
7691 */
333ae95d 7692 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 7693 return;
890ea898 7694 }
b312b161 7695
5504c3a3
MH		 7696 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
7697 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 7698 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 7699}
c35938b2 7700
799ce93d
JP		 7701static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
7702{
7703 int i;
7704
7705 for (i = 0; i < uuid_count; i++) {
7706 if (!memcmp(uuid, uuids[i], 16))
7707 return true;
7708 }
7709
7710 return false;
7711}
7712
b487b9ce
MH		 7713static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
7714{
799ce93d
JP		 7715 u16 parsed = 0;
7716
7717 while (parsed < eir_len) {
7718 u8 field_len = eir[0];
7719 u8 uuid[16];
7720 int i;
7721
7722 if (field_len == 0)
7723 break;
7724
7725 if (eir_len - parsed < field_len + 1)
7726 break;
7727
7728 switch (eir[1]) {
7729 case EIR_UUID16_ALL:
7730 case EIR_UUID16_SOME:
7731 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 7732 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7733 uuid[13] = eir[i + 3];
7734 uuid[12] = eir[i + 2];
7735 if (has_uuid(uuid, uuid_count, uuids))
7736 return true;
7737 }
7738 break;
7739 case EIR_UUID32_ALL:
7740 case EIR_UUID32_SOME:
7741 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 7742 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 7743 uuid[15] = eir[i + 5];
7744 uuid[14] = eir[i + 4];
7745 uuid[13] = eir[i + 3];
7746 uuid[12] = eir[i + 2];
7747 if (has_uuid(uuid, uuid_count, uuids))
7748 return true;
7749 }
7750 break;
7751 case EIR_UUID128_ALL:
7752 case EIR_UUID128_SOME:
7753 for (i = 0; i + 17 <= field_len; i += 16) {
7754 memcpy(uuid, eir + i + 2, 16);
7755 if (has_uuid(uuid, uuid_count, uuids))
7756 return true;
7757 }
7758 break;
7759 }
7760
7761 parsed += field_len + 1;
7762 eir += field_len + 1;
7763 }
7764
b487b9ce
MH		 7765 return false;
7766}
7767
4b0e0ced
JP		 7768static void restart_le_scan(struct hci_dev *hdev)
7769{
7770 /* If controller is not scanning we are done. */
d7a5a11d 7771 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 7772 return;
7773
7774 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
7775 hdev->discovery.scan_start +
7776 hdev->discovery.scan_duration))
7777 return;
7778
7c1fbed2 7779 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 7780 DISCOV_LE_RESTART_DELAY);
7781}
7782
48f86b7f
JP		 7783static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
7784 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 7785{
48f86b7f
JP		 7786 /* If a RSSI threshold has been specified, and
7787 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
7788 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
7789 * is set, let it through for further processing, as we might need to
7790 * restart the scan.
efb2513f
MH		 7791 *
7792 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
7793 * the results are also dropped.
bda157a4
MH		 7794 */
7795 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 7796 (rssi == HCI_RSSI_INVALID ||
7797 (rssi < hdev->discovery.rssi &&
7798 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 7799 return false;
efb2513f 7800
2976cdeb
JP		 7801 if (hdev->discovery.uuid_count != 0) {
7802 /* If a list of UUIDs is provided in filter, results with no
7803 * matching UUID should be dropped.
b487b9ce 7804 */
2976cdeb
JP		 7805 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
7806 hdev->discovery.uuids) &&
7807 !eir_has_uuids(scan_rsp, scan_rsp_len,
7808 hdev->discovery.uuid_count,
7809 hdev->discovery.uuids))
7810 return false;
b487b9ce 7811 }
5d2e9fad 7812
2976cdeb
JP		 7813 /* If duplicate filtering does not report RSSI changes, then restart
7814 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 7815 */
2976cdeb
JP		 7816 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
7817 restart_le_scan(hdev);
7818
7819 /* Validate RSSI value against the RSSI threshold once more. */
7820 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
7821 rssi < hdev->discovery.rssi)
7822 return false;
7823 }
48f86b7f
JP		 7824
7825 return true;
7826}
7827
7828void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7829 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
7830 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
7831{
7832 char buf[512];
7833 struct mgmt_ev_device_found *ev = (void *)buf;
7834 size_t ev_size;
7835
7836 /* Don't send events for a non-kernel initiated discovery. With
7837 * LE one exception is if we have pend_le_reports > 0 in which
7838 * case we're doing passive scanning and want these events.
7839 */
7840 if (!hci_discovery_active(hdev)) {
7841 if (link_type == ACL_LINK)
7842 return;
7843 if (link_type == LE_LINK && list_empty(&hdev->pend_le_reports))
7844 return;
7845 }
7846
82f8b651 7847 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 7848 /* We are using service discovery */
7849 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
7850 scan_rsp_len))
7851 return;
7852 }
7853
78b781ca
JH		 7854 if (hdev->discovery.limited) {
7855 /* Check for limited discoverable bit */
7856 if (dev_class) {
7857 if (!(dev_class[1] & 0x20))
7858 return;
7859 } else {
7860 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
7861 if (!flags || !(flags[0] & LE_AD_LIMITED))
7862 return;
7863 }
7864 }
7865
48f86b7f
JP		 7866 /* Make sure that the buffer is big enough. The 5 extra bytes
7867 * are for the potential CoD field.
7868 */
7869 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 7870 return;
7871
48f86b7f
JP		 7872 memset(buf, 0, sizeof(buf));
7873
7874 /* In case of device discovery with BR/EDR devices (pre 1.2), the
7875 * RSSI value was reported as 0 when not available. This behavior
7876 * is kept when using device discovery. This is required for full
7877 * backwards compatibility with the API.
7878 *
7879 * However when using service discovery, the value 127 will be
7880 * returned when the RSSI is not available.
7881 */
7882 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
7883 link_type == ACL_LINK)
7884 rssi = 0;
7885
7886 bacpy(&ev->addr.bdaddr, bdaddr);
7887 ev->addr.type = link_to_bdaddr(link_type, addr_type);
7888 ev->rssi = rssi;
7889 ev->flags = cpu_to_le32(flags);
7890
7891 if (eir_len > 0)
7892 /* Copy EIR or advertising data into event */
7893 memcpy(ev->eir, eir, eir_len);
7894
0d3b7f64
JH		 7895 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7896 NULL))
48f86b7f
JP		 7897 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
7898 dev_class, 3);
7899
7900 if (scan_rsp_len > 0)
7901 /* Append scan response data to event */
7902 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
7903
5d2e9fad
JH		 7904 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
7905 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 7906
901801b9 7907 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 7908}
a88a9652 7909
9cf12aee
MH		 7910void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
7911 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 7912{
b644ba33
JH		 7913 struct mgmt_ev_device_found *ev;
7914 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
7915 u16 eir_len;
a88a9652 7916
b644ba33 7917 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 7918
b644ba33
JH		 7919 memset(buf, 0, sizeof(buf));
7920
7921 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 7922 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 7923 ev->rssi = rssi;
7924
7925 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 7926 name_len);
b644ba33 7927
eb55ef07 7928 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 7929
9cf12aee 7930 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 7931}
314b2381 7932
2f1e063b 7933void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 7934{
f963e8e9 7935 struct mgmt_ev_discovering ev;
164a6e78 7936
343fb145
AG		 7937 BT_DBG("%s discovering %u", hdev->name, discovering);
7938
f963e8e9
JH		 7939 memset(&ev, 0, sizeof(ev));
7940 ev.type = hdev->discovery.type;
7941 ev.discovering = discovering;
7942
2f1e063b 7943 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 7944}
5e762444 7945
6d785aa3
JH		 7946static struct hci_mgmt_chan chan = {
7947 .channel = HCI_CHANNEL_CONTROL,
7948 .handler_count = ARRAY_SIZE(mgmt_handlers),
7949 .handlers = mgmt_handlers,
88b94ce9 7950 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 7951};
7952
7953int mgmt_init(void)
7954{
7955 return hci_mgmt_chan_register(&chan);
7956}
7957
7958void mgmt_exit(void)
7959{
7960 hci_mgmt_chan_unregister(&chan);
7961}
Linux 6.x block layer and io_uring tree(s)