projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hci_conn: Consolidate code for aborting connections
[linux-2.6-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
17896406 39#include "mgmt_config.h"
e5e1e7fd 40#include "msft.h"
01ce70b0 41#include "eir.h"
258f56d1 42#include "aosp.h"
0381101f 43
2da9c55c 44#define MGMT_VERSION 1
91cb4c19 45#define MGMT_REVISION 22
02d98129 46
e70bb2e8
JH		 47static const u16 mgmt_commands[] = {
48 MGMT_OP_READ_INDEX_LIST,
49 MGMT_OP_READ_INFO,
50 MGMT_OP_SET_POWERED,
51 MGMT_OP_SET_DISCOVERABLE,
52 MGMT_OP_SET_CONNECTABLE,
53 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 54 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 55 MGMT_OP_SET_LINK_SECURITY,
56 MGMT_OP_SET_SSP,
57 MGMT_OP_SET_HS,
58 MGMT_OP_SET_LE,
59 MGMT_OP_SET_DEV_CLASS,
60 MGMT_OP_SET_LOCAL_NAME,
61 MGMT_OP_ADD_UUID,
62 MGMT_OP_REMOVE_UUID,
63 MGMT_OP_LOAD_LINK_KEYS,
64 MGMT_OP_LOAD_LONG_TERM_KEYS,
65 MGMT_OP_DISCONNECT,
66 MGMT_OP_GET_CONNECTIONS,
67 MGMT_OP_PIN_CODE_REPLY,
68 MGMT_OP_PIN_CODE_NEG_REPLY,
69 MGMT_OP_SET_IO_CAPABILITY,
70 MGMT_OP_PAIR_DEVICE,
71 MGMT_OP_CANCEL_PAIR_DEVICE,
72 MGMT_OP_UNPAIR_DEVICE,
73 MGMT_OP_USER_CONFIRM_REPLY,
74 MGMT_OP_USER_CONFIRM_NEG_REPLY,
75 MGMT_OP_USER_PASSKEY_REPLY,
76 MGMT_OP_USER_PASSKEY_NEG_REPLY,
77 MGMT_OP_READ_LOCAL_OOB_DATA,
78 MGMT_OP_ADD_REMOTE_OOB_DATA,
79 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
80 MGMT_OP_START_DISCOVERY,
81 MGMT_OP_STOP_DISCOVERY,
82 MGMT_OP_CONFIRM_NAME,
83 MGMT_OP_BLOCK_DEVICE,
84 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 85 MGMT_OP_SET_DEVICE_ID,
4375f103 86 MGMT_OP_SET_ADVERTISING,
0663ca2a 87 MGMT_OP_SET_BREDR,
d13eafce 88 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 89 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 90 MGMT_OP_SET_SECURE_CONN,
4e39ac81 91 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 92 MGMT_OP_SET_PRIVACY,
41edf160 93 MGMT_OP_LOAD_IRKS,
dd983808 94 MGMT_OP_GET_CONN_INFO,
95868426 95 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 96 MGMT_OP_ADD_DEVICE,
97 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 98 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 99 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 100 MGMT_OP_READ_CONFIG_INFO,
dbece37a 101 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 102 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 103 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 104 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 105 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 106 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 107 MGMT_OP_ADD_ADVERTISING,
da929335 108 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 109 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 110 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 111 MGMT_OP_READ_EXT_INFO,
c4960ecf 112 MGMT_OP_SET_APPEARANCE,
02431b6c
MH		 113 MGMT_OP_GET_PHY_CONFIGURATION,
114 MGMT_OP_SET_PHY_CONFIGURATION,
600a8749 115 MGMT_OP_SET_BLOCKED_KEYS,
00bce3fb 116 MGMT_OP_SET_WIDEBAND_SPEECH,
4d9b9528 117 MGMT_OP_READ_CONTROLLER_CAP,
a10c907c
MH		 118 MGMT_OP_READ_EXP_FEATURES_INFO,
119 MGMT_OP_SET_EXP_FEATURE,
17896406
AM		 120 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
121 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
aececa64
MH		 122 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
123 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
4c54bf2b
APS		 124 MGMT_OP_GET_DEVICE_FLAGS,
125 MGMT_OP_SET_DEVICE_FLAGS,
e5e1e7fd 126 MGMT_OP_READ_ADV_MONITOR_FEATURES,
b139553d 127 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
bd2fbc6c 128 MGMT_OP_REMOVE_ADV_MONITOR,
12410572
DW		 129 MGMT_OP_ADD_EXT_ADV_PARAMS,
130 MGMT_OP_ADD_EXT_ADV_DATA,
b4a221ea 131 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
b338d917
BG		 132 MGMT_OP_SET_MESH_RECEIVER,
133 MGMT_OP_MESH_READ_FEATURES,
134 MGMT_OP_MESH_SEND,
135 MGMT_OP_MESH_SEND_CANCEL,
e70bb2e8
JH		 136};
137
138static const u16 mgmt_events[] = {
139 MGMT_EV_CONTROLLER_ERROR,
140 MGMT_EV_INDEX_ADDED,
141 MGMT_EV_INDEX_REMOVED,
142 MGMT_EV_NEW_SETTINGS,
143 MGMT_EV_CLASS_OF_DEV_CHANGED,
144 MGMT_EV_LOCAL_NAME_CHANGED,
145 MGMT_EV_NEW_LINK_KEY,
146 MGMT_EV_NEW_LONG_TERM_KEY,
147 MGMT_EV_DEVICE_CONNECTED,
148 MGMT_EV_DEVICE_DISCONNECTED,
149 MGMT_EV_CONNECT_FAILED,
150 MGMT_EV_PIN_CODE_REQUEST,
151 MGMT_EV_USER_CONFIRM_REQUEST,
152 MGMT_EV_USER_PASSKEY_REQUEST,
153 MGMT_EV_AUTH_FAILED,
154 MGMT_EV_DEVICE_FOUND,
155 MGMT_EV_DISCOVERING,
156 MGMT_EV_DEVICE_BLOCKED,
157 MGMT_EV_DEVICE_UNBLOCKED,
158 MGMT_EV_DEVICE_UNPAIRED,
92a25256 159 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 160 MGMT_EV_NEW_IRK,
7ee4ea36 161 MGMT_EV_NEW_CSRK,
8afef092
MH		 162 MGMT_EV_DEVICE_ADDED,
163 MGMT_EV_DEVICE_REMOVED,
ffb5a827 164 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 165 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 166 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 167 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 168 MGMT_EV_EXT_INDEX_ADDED,
169 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 170 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 171 MGMT_EV_ADVERTISING_ADDED,
172 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 173 MGMT_EV_EXT_INFO_CHANGED,
5f4b9172 174 MGMT_EV_PHY_CONFIGURATION_CHANGED,
a10c907c 175 MGMT_EV_EXP_FEATURE_CHANGED,
4c54bf2b 176 MGMT_EV_DEVICE_FLAGS_CHANGED,
3d34a71f
MH		 177 MGMT_EV_ADV_MONITOR_ADDED,
178 MGMT_EV_ADV_MONITOR_REMOVED,
346ce5b7
APS		 179 MGMT_EV_CONTROLLER_SUSPEND,
180 MGMT_EV_CONTROLLER_RESUME,
8d7f1677
MM		 181 MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
182 MGMT_EV_ADV_MONITOR_DEVICE_LOST,
e70bb2e8
JH		 183};
184
99c679ac
MH		 185static const u16 mgmt_untrusted_commands[] = {
186 MGMT_OP_READ_INDEX_LIST,
187 MGMT_OP_READ_INFO,
188 MGMT_OP_READ_UNCONF_INDEX_LIST,
189 MGMT_OP_READ_CONFIG_INFO,
190 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 191 MGMT_OP_READ_EXT_INFO,
4d9b9528 192 MGMT_OP_READ_CONTROLLER_CAP,
a10c907c 193 MGMT_OP_READ_EXP_FEATURES_INFO,
17896406 194 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
aececa64 195 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
99c679ac
MH		 196};
197
198static const u16 mgmt_untrusted_events[] = {
199 MGMT_EV_INDEX_ADDED,
200 MGMT_EV_INDEX_REMOVED,
201 MGMT_EV_NEW_SETTINGS,
202 MGMT_EV_CLASS_OF_DEV_CHANGED,
203 MGMT_EV_LOCAL_NAME_CHANGED,
204 MGMT_EV_UNCONF_INDEX_ADDED,
205 MGMT_EV_UNCONF_INDEX_REMOVED,
206 MGMT_EV_NEW_CONFIG_OPTIONS,
207 MGMT_EV_EXT_INDEX_ADDED,
208 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 209 MGMT_EV_EXT_INFO_CHANGED,
a10c907c 210 MGMT_EV_EXP_FEATURE_CHANGED,
99c679ac
MH		 211};
212
17b02e62 213#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 214
d25b78e2
JH		 215#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
216 "\x00\x00\x00\x00\x00\x00\x00\x00"
217
ca69b795 218/* HCI to MGMT error code conversion table */
bdf2aca7 219static const u8 mgmt_status_table[] = {
ca69b795
JH		 220 MGMT_STATUS_SUCCESS,
221 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
222 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
223 MGMT_STATUS_FAILED, /* Hardware Failure */
224 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
225 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 226 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 227 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
228 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
229 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
230 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
231 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
232 MGMT_STATUS_BUSY, /* Command Disallowed */
233 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
234 MGMT_STATUS_REJECTED, /* Rejected Security */
235 MGMT_STATUS_REJECTED, /* Rejected Personal */
236 MGMT_STATUS_TIMEOUT, /* Host Timeout */
237 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
238 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
239 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
240 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
241 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
242 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
243 MGMT_STATUS_BUSY, /* Repeated Attempts */
244 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
245 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
246 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
247 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
248 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
249 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
250 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
251 MGMT_STATUS_FAILED, /* Unspecified Error */
252 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
253 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
254 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
255 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
256 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
257 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
258 MGMT_STATUS_FAILED, /* Unit Link Key Used */
259 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
260 MGMT_STATUS_TIMEOUT, /* Instant Passed */
261 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
262 MGMT_STATUS_FAILED, /* Transaction Collision */
4ef36a52 263 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795
JH		 264 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
265 MGMT_STATUS_REJECTED, /* QoS Rejected */
266 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
267 MGMT_STATUS_REJECTED, /* Insufficient Security */
268 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
4ef36a52 269 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795 270 MGMT_STATUS_BUSY, /* Role Switch Pending */
4ef36a52 271 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795
JH		 272 MGMT_STATUS_FAILED, /* Slot Violation */
273 MGMT_STATUS_FAILED, /* Role Switch Failed */
274 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
275 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
276 MGMT_STATUS_BUSY, /* Host Busy Pairing */
277 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
278 MGMT_STATUS_BUSY, /* Controller Busy */
279 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
280 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
281 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
282 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
283 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
284};
285
161510cc 286static u8 mgmt_errno_status(int err)
ca69b795 287{
161510cc
LAD		 288 switch (err) {
289 case 0:
290 return MGMT_STATUS_SUCCESS;
291 case -EPERM:
292 return MGMT_STATUS_REJECTED;
293 case -EINVAL:
294 return MGMT_STATUS_INVALID_PARAMS;
295 case -EOPNOTSUPP:
296 return MGMT_STATUS_NOT_SUPPORTED;
297 case -EBUSY:
298 return MGMT_STATUS_BUSY;
299 case -ETIMEDOUT:
300 return MGMT_STATUS_AUTH_FAILED;
301 case -ENOMEM:
302 return MGMT_STATUS_NO_RESOURCES;
303 case -EISCONN:
304 return MGMT_STATUS_ALREADY_CONNECTED;
305 case -ENOTCONN:
306 return MGMT_STATUS_DISCONNECTED;
307 }
308
309 return MGMT_STATUS_FAILED;
310}
311
312static u8 mgmt_status(int err)
313{
314 if (err < 0)
315 return mgmt_errno_status(err);
316
317 if (err < ARRAY_SIZE(mgmt_status_table))
318 return mgmt_status_table[err];
ca69b795
JH		 319
320 return MGMT_STATUS_FAILED;
321}
322
c08b1a1d
MH		 323static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
324 u16 len, int flag)
f9207338 325{
c08b1a1d
MH		 326 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
327 flag, NULL);
f9207338
MH		 328}
329
72000df2
MH		 330static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
331 u16 len, int flag, struct sock *skip_sk)
332{
333 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
334 flag, skip_sk);
335}
336
7a00ff44
JH		 337static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
338 struct sock *skip_sk)
339{
340 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 341 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 342}
343
cf1bce1d
LAD		 344static int mgmt_event_skb(struct sk_buff *skb, struct sock *skip_sk)
345{
346 return mgmt_send_event_skb(HCI_CHANNEL_CONTROL, skb, HCI_SOCK_TRUSTED,
347 skip_sk);
348}
349
85813a7e
JH		 350static u8 le_addr_type(u8 mgmt_addr_type)
351{
352 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
353 return ADDR_LE_DEV_PUBLIC;
354 else
355 return ADDR_LE_DEV_RANDOM;
356}
357
03c979c4
MH		 358void mgmt_fill_version_info(void *ver)
359{
360 struct mgmt_rp_read_version *rp = ver;
361
362 rp->version = MGMT_VERSION;
363 rp->revision = cpu_to_le16(MGMT_REVISION);
364}
365
04124681
GP		 366static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
367 u16 data_len)
a38528f1
JH		 368{
369 struct mgmt_rp_read_version rp;
370
181d6953 371 bt_dev_dbg(hdev, "sock %p", sk);
a38528f1 372
03c979c4 373 mgmt_fill_version_info(&rp);
a38528f1 374
2a1afb5a
JH		 375 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
376 &rp, sizeof(rp));
a38528f1
JH		 377}
378
04124681
GP		 379static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
380 u16 data_len)
e70bb2e8
JH		 381{
382 struct mgmt_rp_read_commands *rp;
99c679ac 383 u16 num_commands, num_events;
e70bb2e8
JH		 384 size_t rp_size;
385 int i, err;
386
181d6953 387 bt_dev_dbg(hdev, "sock %p", sk);
e70bb2e8 388
99c679ac
MH		 389 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
390 num_commands = ARRAY_SIZE(mgmt_commands);
391 num_events = ARRAY_SIZE(mgmt_events);
392 } else {
393 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
394 num_events = ARRAY_SIZE(mgmt_untrusted_events);
395 }
396
e70bb2e8
JH		 397 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
398
399 rp = kmalloc(rp_size, GFP_KERNEL);
400 if (!rp)
401 return -ENOMEM;
402
dcf4adbf
JP		 403 rp->num_commands = cpu_to_le16(num_commands);
404 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 405
99c679ac
MH		 406 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
407 __le16 *opcode = rp->opcodes;
408
409 for (i = 0; i < num_commands; i++, opcode++)
410 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 411
99c679ac
MH		 412 for (i = 0; i < num_events; i++, opcode++)
413 put_unaligned_le16(mgmt_events[i], opcode);
414 } else {
415 __le16 *opcode = rp->opcodes;
416
417 for (i = 0; i < num_commands; i++, opcode++)
418 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
419
420 for (i = 0; i < num_events; i++, opcode++)
421 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
422 }
e70bb2e8 423
2a1afb5a
JH		 424 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
425 rp, rp_size);
e70bb2e8
JH		 426 kfree(rp);
427
428 return err;
429}
430
04124681
GP		 431static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
432 u16 data_len)
faba42eb 433{
faba42eb 434 struct mgmt_rp_read_index_list *rp;
8035ded4 435 struct hci_dev *d;
a38528f1 436 size_t rp_len;
faba42eb 437 u16 count;
476e44cb 438 int err;
faba42eb 439
181d6953 440 bt_dev_dbg(hdev, "sock %p", sk);
faba42eb
JH		 441
442 read_lock(&hci_dev_list_lock);
443
444 count = 0;
bb4b2a9a 445 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 446 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 447 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 448 count++;
faba42eb
JH		 449 }
450
a38528f1
JH		 451 rp_len = sizeof(*rp) + (2 * count);
452 rp = kmalloc(rp_len, GFP_ATOMIC);
453 if (!rp) {
b2c60d42 454 read_unlock(&hci_dev_list_lock);
faba42eb 455 return -ENOMEM;
b2c60d42 456 }
faba42eb 457
476e44cb 458 count = 0;
8035ded4 459 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 460 if (hci_dev_test_flag(d, HCI_SETUP) ||
461 hci_dev_test_flag(d, HCI_CONFIG) ||
462 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 463 continue;
464
73d1df2a
MH		 465 /* Devices marked as raw-only are neither configured
466 * nor unconfigured controllers.
467 */
468 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 469 continue;
470
ca8bee5d 471 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 472 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892 473 rp->index[count++] = cpu_to_le16(d->id);
181d6953 474 bt_dev_dbg(hdev, "Added hci%u", d->id);
1514b892 475 }
faba42eb
JH		 476 }
477
476e44cb
JH		 478 rp->num_controllers = cpu_to_le16(count);
479 rp_len = sizeof(*rp) + (2 * count);
480
faba42eb
JH		 481 read_unlock(&hci_dev_list_lock);
482
2a1afb5a
JH		 483 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
484 0, rp, rp_len);
faba42eb 485
a38528f1
JH		 486 kfree(rp);
487
488 return err;
faba42eb
JH		 489}
490
73d1df2a
MH		 491static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
492 void *data, u16 data_len)
493{
494 struct mgmt_rp_read_unconf_index_list *rp;
495 struct hci_dev *d;
496 size_t rp_len;
497 u16 count;
498 int err;
499
181d6953 500 bt_dev_dbg(hdev, "sock %p", sk);
73d1df2a
MH		 501
502 read_lock(&hci_dev_list_lock);
503
504 count = 0;
505 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 506 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 507 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 508 count++;
509 }
510
511 rp_len = sizeof(*rp) + (2 * count);
512 rp = kmalloc(rp_len, GFP_ATOMIC);
513 if (!rp) {
514 read_unlock(&hci_dev_list_lock);
515 return -ENOMEM;
516 }
517
518 count = 0;
519 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 520 if (hci_dev_test_flag(d, HCI_SETUP) ||
521 hci_dev_test_flag(d, HCI_CONFIG) ||
522 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 523 continue;
524
525 /* Devices marked as raw-only are neither configured
526 * nor unconfigured controllers.
527 */
528 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
529 continue;
530
ca8bee5d 531 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 532 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a 533 rp->index[count++] = cpu_to_le16(d->id);
181d6953 534 bt_dev_dbg(hdev, "Added hci%u", d->id);
73d1df2a
MH		 535 }
536 }
537
538 rp->num_controllers = cpu_to_le16(count);
539 rp_len = sizeof(*rp) + (2 * count);
540
541 read_unlock(&hci_dev_list_lock);
542
2a1afb5a
JH		 543 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
544 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 545
546 kfree(rp);
547
548 return err;
549}
550
96f1474a
MH		 551static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
552 void *data, u16 data_len)
553{
554 struct mgmt_rp_read_ext_index_list *rp;
555 struct hci_dev *d;
96f1474a
MH		 556 u16 count;
557 int err;
558
181d6953 559 bt_dev_dbg(hdev, "sock %p", sk);
96f1474a
MH		 560
561 read_lock(&hci_dev_list_lock);
562
563 count = 0;
564 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 565 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 566 count++;
567 }
568
4a67e5d4 569 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
96f1474a
MH		 570 if (!rp) {
571 read_unlock(&hci_dev_list_lock);
572 return -ENOMEM;
573 }
574
575 count = 0;
576 list_for_each_entry(d, &hci_dev_list, list) {
577 if (hci_dev_test_flag(d, HCI_SETUP) ||
578 hci_dev_test_flag(d, HCI_CONFIG) ||
579 hci_dev_test_flag(d, HCI_USER_CHANNEL))
580 continue;
581
582 /* Devices marked as raw-only are neither configured
583 * nor unconfigured controllers.
584 */
585 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
586 continue;
587
ca8bee5d 588 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 589 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
590 rp->entry[count].type = 0x01;
591 else
592 rp->entry[count].type = 0x00;
593 } else if (d->dev_type == HCI_AMP) {
594 rp->entry[count].type = 0x02;
595 } else {
596 continue;
597 }
598
599 rp->entry[count].bus = d->bus;
600 rp->entry[count++].index = cpu_to_le16(d->id);
181d6953 601 bt_dev_dbg(hdev, "Added hci%u", d->id);
96f1474a
MH		 602 }
603
604 rp->num_controllers = cpu_to_le16(count);
96f1474a
MH		 605
606 read_unlock(&hci_dev_list_lock);
607
608 /* If this command is called at least once, then all the
609 * default index and unconfigured index events are disabled
610 * and from now on only extended index events are used.
611 */
612 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
613 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
614 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
615
616 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4a67e5d4
GS		 617 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
618 struct_size(rp, entry, count));
96f1474a
MH		 619
620 kfree(rp);
621
622 return err;
623}
624
dbece37a
MH		 625static bool is_configured(struct hci_dev *hdev)
626{
627 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 628 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 629 return false;
630
7a0e5b15
MK		 631 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
632 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
dbece37a
MH		 633 !bacmp(&hdev->public_addr, BDADDR_ANY))
634 return false;
635
636 return true;
637}
638
89bc22d2
MH		 639static __le32 get_missing_options(struct hci_dev *hdev)
640{
641 u32 options = 0;
642
dbece37a 643 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 644 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 645 options |= MGMT_OPTION_EXTERNAL_CONFIG;
646
7a0e5b15
MK		 647 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
648 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
89bc22d2
MH		 649 !bacmp(&hdev->public_addr, BDADDR_ANY))
650 options |= MGMT_OPTION_PUBLIC_ADDRESS;
651
652 return cpu_to_le32(options);
653}
654
f4537c04
MH		 655static int new_options(struct hci_dev *hdev, struct sock *skip)
656{
657 __le32 options = get_missing_options(hdev);
658
5504c3a3
MH		 659 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
660 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 661}
662
dbece37a
MH		 663static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
664{
665 __le32 options = get_missing_options(hdev);
666
2a1afb5a
JH		 667 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
668 sizeof(options));
dbece37a
MH		 669}
670
9fc3bfb6
MH		 671static int read_config_info(struct sock *sk, struct hci_dev *hdev,
672 void *data, u16 data_len)
673{
674 struct mgmt_rp_read_config_info rp;
89bc22d2 675 u32 options = 0;
9fc3bfb6 676
181d6953 677 bt_dev_dbg(hdev, "sock %p", sk);
9fc3bfb6
MH		 678
679 hci_dev_lock(hdev);
680
681 memset(&rp, 0, sizeof(rp));
682 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 683
eb1904f4
MH		 684 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
685 options |= MGMT_OPTION_EXTERNAL_CONFIG;
686
9fc3bfb6 687 if (hdev->set_bdaddr)
89bc22d2
MH		 688 options |= MGMT_OPTION_PUBLIC_ADDRESS;
689
690 rp.supported_options = cpu_to_le32(options);
691 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 692
693 hci_dev_unlock(hdev);
694
2a1afb5a
JH		 695 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
696 &rp, sizeof(rp));
9fc3bfb6
MH		 697}
698
6244691f
JK		 699static u32 get_supported_phys(struct hci_dev *hdev)
700{
701 u32 supported_phys = 0;
702
703 if (lmp_bredr_capable(hdev)) {
704 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
705
706 if (hdev->features[0][0] & LMP_3SLOT)
707 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
708
709 if (hdev->features[0][0] & LMP_5SLOT)
710 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
711
712 if (lmp_edr_2m_capable(hdev)) {
713 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
714
715 if (lmp_edr_3slot_capable(hdev))
716 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
717
718 if (lmp_edr_5slot_capable(hdev))
719 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
720
721 if (lmp_edr_3m_capable(hdev)) {
722 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
723
724 if (lmp_edr_3slot_capable(hdev))
725 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
726
727 if (lmp_edr_5slot_capable(hdev))
728 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
729 }
730 }
731 }
732
733 if (lmp_le_capable(hdev)) {
734 supported_phys |= MGMT_PHY_LE_1M_TX;
735 supported_phys |= MGMT_PHY_LE_1M_RX;
736
737 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
738 supported_phys |= MGMT_PHY_LE_2M_TX;
739 supported_phys |= MGMT_PHY_LE_2M_RX;
740 }
741
742 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
743 supported_phys |= MGMT_PHY_LE_CODED_TX;
744 supported_phys |= MGMT_PHY_LE_CODED_RX;
745 }
746 }
747
748 return supported_phys;
749}
750
751static u32 get_selected_phys(struct hci_dev *hdev)
752{
753 u32 selected_phys = 0;
754
755 if (lmp_bredr_capable(hdev)) {
756 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
757
758 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
759 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
760
761 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
762 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
763
764 if (lmp_edr_2m_capable(hdev)) {
765 if (!(hdev->pkt_type & HCI_2DH1))
766 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
767
768 if (lmp_edr_3slot_capable(hdev) &&
769 !(hdev->pkt_type & HCI_2DH3))
770 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
771
772 if (lmp_edr_5slot_capable(hdev) &&
773 !(hdev->pkt_type & HCI_2DH5))
774 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
775
776 if (lmp_edr_3m_capable(hdev)) {
777 if (!(hdev->pkt_type & HCI_3DH1))
778 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
779
780 if (lmp_edr_3slot_capable(hdev) &&
781 !(hdev->pkt_type & HCI_3DH3))
782 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
783
784 if (lmp_edr_5slot_capable(hdev) &&
785 !(hdev->pkt_type & HCI_3DH5))
786 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
787 }
788 }
789 }
790
791 if (lmp_le_capable(hdev)) {
792 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
793 selected_phys |= MGMT_PHY_LE_1M_TX;
794
795 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
796 selected_phys |= MGMT_PHY_LE_1M_RX;
797
798 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
799 selected_phys |= MGMT_PHY_LE_2M_TX;
800
801 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
802 selected_phys |= MGMT_PHY_LE_2M_RX;
803
804 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
805 selected_phys |= MGMT_PHY_LE_CODED_TX;
806
807 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
808 selected_phys |= MGMT_PHY_LE_CODED_RX;
809 }
810
811 return selected_phys;
812}
813
814static u32 get_configurable_phys(struct hci_dev *hdev)
815{
816 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
817 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
818}
819
69ab39ea
JH		 820static u32 get_supported_settings(struct hci_dev *hdev)
821{
822 u32 settings = 0;
823
824 settings |= MGMT_SETTING_POWERED;
b2939475 825 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 826 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 827 settings |= MGMT_SETTING_CONNECTABLE;
828 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 829
ed3fa31f 830 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 831 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
832 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 833 settings |= MGMT_SETTING_BREDR;
834 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 835
836 if (lmp_ssp_capable(hdev)) {
837 settings |= MGMT_SETTING_SSP;
b560a208
LAD		 838 if (IS_ENABLED(CONFIG_BT_HS))
839 settings |= MGMT_SETTING_HS;
a82974c9 840 }
e98d2ce2 841
05b3c3e7 842 if (lmp_sc_capable(hdev))
e98d2ce2 843 settings |= MGMT_SETTING_SECURE_CONN;
4b127bd5 844
00bce3fb 845 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
4b127bd5 846 &hdev->quirks))
00bce3fb 847 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
848566b3 848 }
d7b7e796 849
eeca6f89 850 if (lmp_le_capable(hdev)) {
9d42820f 851 settings |= MGMT_SETTING_LE;
a3209694 852 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 853 settings |= MGMT_SETTING_PRIVACY;
93690c22 854 settings |= MGMT_SETTING_STATIC_ADDRESS;
ad383c2c 855 settings |= MGMT_SETTING_ADVERTISING;
eeca6f89 856 }
69ab39ea 857
eb1904f4
MH		 858 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
859 hdev->set_bdaddr)
9fc3bfb6
MH		 860 settings |= MGMT_SETTING_CONFIGURATION;
861
2394186a
PV		 862 if (cis_central_capable(hdev))
863 settings |= MGMT_SETTING_CIS_CENTRAL;
864
865 if (cis_peripheral_capable(hdev))
866 settings |= MGMT_SETTING_CIS_PERIPHERAL;
867
6244691f
JK		 868 settings |= MGMT_SETTING_PHY_CONFIGURATION;
869
69ab39ea
JH		 870 return settings;
871}
872
873static u32 get_current_settings(struct hci_dev *hdev)
874{
875 u32 settings = 0;
876
f1f0eb02 877 if (hdev_is_powered(hdev))
f0d4b78a
MH		 878 settings |= MGMT_SETTING_POWERED;
879
d7a5a11d 880 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 881 settings |= MGMT_SETTING_CONNECTABLE;
882
d7a5a11d 883 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 884 settings |= MGMT_SETTING_FAST_CONNECTABLE;
885
d7a5a11d 886 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 887 settings |= MGMT_SETTING_DISCOVERABLE;
888
d7a5a11d 889 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 890 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 891
d7a5a11d 892 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 893 settings |= MGMT_SETTING_BREDR;
894
d7a5a11d 895 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 896 settings |= MGMT_SETTING_LE;
897
d7a5a11d 898 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 899 settings |= MGMT_SETTING_LINK_SECURITY;
900
d7a5a11d 901 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 902 settings |= MGMT_SETTING_SSP;
903
d7a5a11d 904 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 905 settings |= MGMT_SETTING_HS;
906
d7a5a11d 907 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 908 settings |= MGMT_SETTING_ADVERTISING;
909
d7a5a11d 910 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 911 settings |= MGMT_SETTING_SECURE_CONN;
912
d7a5a11d 913 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 914 settings |= MGMT_SETTING_DEBUG_KEYS;
915
d7a5a11d 916 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 917 settings |= MGMT_SETTING_PRIVACY;
918
93690c22
MH		 919 /* The current setting for static address has two purposes. The
920 * first is to indicate if the static address will be used and
921 * the second is to indicate if it is actually set.
922 *
923 * This means if the static address is not configured, this flag
08dc0e98 924 * will never be set. If the address is configured, then if the
93690c22
MH		 925 * address is actually used decides if the flag is set or not.
926 *
927 * For single mode LE only controllers and dual-mode controllers
928 * with BR/EDR disabled, the existence of the static address will
929 * be evaluated.
930 */
b7cb93e5 931 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 932 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 933 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
934 if (bacmp(&hdev->static_addr, BDADDR_ANY))
935 settings |= MGMT_SETTING_STATIC_ADDRESS;
936 }
937
00bce3fb
AM		 938 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
939 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
940
2394186a
PV		 941 if (cis_central_capable(hdev))
942 settings |= MGMT_SETTING_CIS_CENTRAL;
943
944 if (cis_peripheral_capable(hdev))
945 settings |= MGMT_SETTING_CIS_PERIPHERAL;
946
ae753361
CD		 947 if (bis_capable(hdev))
948 settings |= MGMT_SETTING_ISO_BROADCASTER;
949
950 if (sync_recv_capable(hdev))
951 settings |= MGMT_SETTING_ISO_SYNC_RECEIVER;
952
69ab39ea
JH		 953 return settings;
954}
955
333ae95d
JH		 956static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
957{
958 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
959}
960
f2252570 961u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 962{
3b0602cd 963 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 964
965 /* If there's a pending mgmt command the flags will not yet have
966 * their final values, so check for this first.
967 */
333ae95d 968 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 969 if (cmd) {
970 struct mgmt_mode *cp = cmd->param;
971 if (cp->val == 0x01)
972 return LE_AD_GENERAL;
973 else if (cp->val == 0x02)
974 return LE_AD_LIMITED;
975 } else {
d7a5a11d 976 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 977 return LE_AD_LIMITED;
d7a5a11d 978 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 979 return LE_AD_GENERAL;
980 }
981
982 return 0;
983}
984
f2252570 985bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 986{
987 struct mgmt_pending_cmd *cmd;
441ad2d0 988
fdf51784
AU		 989 /* If there's a pending mgmt command the flag will not yet have
990 * it's final value, so check for this first.
991 */
992 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
993 if (cmd) {
994 struct mgmt_mode *cp = cmd->param;
441ad2d0 995
fdf51784 996 return cp->val;
441ad2d0
MH		 997 }
998
fdf51784
AU		 999 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
1000}
441ad2d0 1001
161510cc
LAD		 1002static int service_cache_sync(struct hci_dev *hdev, void *data)
1003{
1004 hci_update_eir_sync(hdev);
1005 hci_update_class_sync(hdev);
1006
1007 return 0;
1008}
1009
7d78525d
JH		 1010static void service_cache_off(struct work_struct *work)
1011{
1012 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 1013 service_cache.work);
7d78525d 1014
a69d8927 1015 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 1016 return;
1017
161510cc 1018 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
7d78525d
JH		 1019}
1020
cba6b758
LAD		 1021static int rpa_expired_sync(struct hci_dev *hdev, void *data)
1022{
1023 /* The generation of a new RPA and programming it into the
1024 * controller happens in the hci_req_enable_advertising()
1025 * function.
1026 */
1027 if (ext_adv_capable(hdev))
1028 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1029 else
1030 return hci_enable_advertising_sync(hdev);
1031}
1032
d6bfd59c
JH		 1033static void rpa_expired(struct work_struct *work)
1034{
1035 struct hci_dev *hdev = container_of(work, struct hci_dev,
1036 rpa_expired.work);
d6bfd59c 1037
181d6953 1038 bt_dev_dbg(hdev, "");
d6bfd59c 1039
a1536da2 1040 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1041
d7a5a11d 1042 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1043 return;
1044
cba6b758 1045 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
d6bfd59c
JH		 1046}
1047
0ef08313
BG		 1048static void discov_off(struct work_struct *work)
1049{
1050 struct hci_dev *hdev = container_of(work, struct hci_dev,
1051 discov_off.work);
1052
1053 bt_dev_dbg(hdev, "");
1054
1055 hci_dev_lock(hdev);
1056
1057 /* When discoverable timeout triggers, then just make sure
1058 * the limited discoverable flag is cleared. Even in the case
1059 * of a timeout triggered from general discoverable, it is
1060 * safe to unconditionally clear the flag.
1061 */
1062 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1063 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1064 hdev->discov_timeout = 0;
1065
1066 hci_update_discoverable(hdev);
1067
1068 mgmt_new_settings(hdev);
1069
1070 hci_dev_unlock(hdev);
1071}
1072
b338d917
BG		 1073static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev);
1074
1075static void mesh_send_complete(struct hci_dev *hdev,
1076 struct mgmt_mesh_tx *mesh_tx, bool silent)
1077{
1078 u8 handle = mesh_tx->handle;
1079
1080 if (!silent)
1081 mgmt_event(MGMT_EV_MESH_PACKET_CMPLT, hdev, &handle,
1082 sizeof(handle), NULL);
1083
1084 mgmt_mesh_remove(mesh_tx);
1085}
1086
1087static int mesh_send_done_sync(struct hci_dev *hdev, void *data)
1088{
1089 struct mgmt_mesh_tx *mesh_tx;
1090
1091 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
1092 hci_disable_advertising_sync(hdev);
1093 mesh_tx = mgmt_mesh_next(hdev, NULL);
1094
1095 if (mesh_tx)
1096 mesh_send_complete(hdev, mesh_tx, false);
1097
1098 return 0;
1099}
1100
1101static int mesh_send_sync(struct hci_dev *hdev, void *data);
1102static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err);
1103static void mesh_next(struct hci_dev *hdev, void *data, int err)
1104{
1105 struct mgmt_mesh_tx *mesh_tx = mgmt_mesh_next(hdev, NULL);
1106
1107 if (!mesh_tx)
1108 return;
1109
1110 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
1111 mesh_send_start_complete);
1112
1113 if (err < 0)
1114 mesh_send_complete(hdev, mesh_tx, false);
1115 else
1116 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
1117}
1118
1119static void mesh_send_done(struct work_struct *work)
1120{
1121 struct hci_dev *hdev = container_of(work, struct hci_dev,
1122 mesh_send_done.work);
1123
1124 if (!hci_dev_test_flag(hdev, HCI_MESH_SENDING))
1125 return;
1126
1127 hci_cmd_sync_queue(hdev, mesh_send_done_sync, NULL, mesh_next);
1128}
1129
6a919082 1130static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1131{
f74ca25d 1132 if (hci_dev_test_flag(hdev, HCI_MGMT))
6a919082
JH		 1133 return;
1134
0ef08313
BG		 1135 BT_INFO("MGMT ver %d.%d", MGMT_VERSION, MGMT_REVISION);
1136
1137 INIT_DELAYED_WORK(&hdev->discov_off, discov_off);
4f87da80 1138 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1139 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
b338d917 1140 INIT_DELAYED_WORK(&hdev->mesh_send_done, mesh_send_done);
7d78525d 1141
4f87da80
JH		 1142 /* Non-mgmt controlled devices get this bit set
1143 * implicitly so that pairing works for them, however
1144 * for mgmt we require user-space to explicitly enable
1145 * it
1146 */
a358dc11 1147 hci_dev_clear_flag(hdev, HCI_BONDABLE);
f74ca25d
TH		 1148
1149 hci_dev_set_flag(hdev, HCI_MGMT);
7d78525d
JH		 1150}
1151
0f4e68cf 1152static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1153 void *data, u16 data_len)
0381101f 1154{
a38528f1 1155 struct mgmt_rp_read_info rp;
f7b64e69 1156
181d6953 1157 bt_dev_dbg(hdev, "sock %p", sk);
f7b64e69 1158
09fd0de5 1159 hci_dev_lock(hdev);
f7b64e69 1160
dc4fe30b
JH		 1161 memset(&rp, 0, sizeof(rp));
1162
69ab39ea 1163 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1164
69ab39ea 1165 rp.version = hdev->hci_ver;
eb55ef07 1166 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1167
1168 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1169 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1170
a38528f1 1171 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1172
dc4fe30b 1173 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1174 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1175
09fd0de5 1176 hci_dev_unlock(hdev);
0381101f 1177
2a1afb5a
JH		 1178 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1179 sizeof(rp));
0381101f
JH		 1180}
1181
cde7a863
MN		 1182static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1183{
1184 u16 eir_len = 0;
1185 size_t name_len;
1186
1187 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1188 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1189 hdev->dev_class, 3);
1190
6a9e90bf
SJ		 1191 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1192 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1193 hdev->appearance);
1194
dd7b8cdd 1195 name_len = strnlen(hdev->dev_name, sizeof(hdev->dev_name));
cde7a863
MN		 1196 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1197 hdev->dev_name, name_len);
1198
dd7b8cdd 1199 name_len = strnlen(hdev->short_name, sizeof(hdev->short_name));
cde7a863
MN		 1200 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1201 hdev->short_name, name_len);
1202
1203 return eir_len;
1204}
1205
321c6fee
MH		 1206static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1207 void *data, u16 data_len)
1208{
7d5c11da
SJ		 1209 char buf[512];
1210 struct mgmt_rp_read_ext_info *rp = (void *)buf;
cde7a863 1211 u16 eir_len;
321c6fee 1212
181d6953 1213 bt_dev_dbg(hdev, "sock %p", sk);
321c6fee 1214
7d5c11da
SJ		 1215 memset(&buf, 0, sizeof(buf));
1216
321c6fee
MH		 1217 hci_dev_lock(hdev);
1218
7d5c11da
SJ		 1219 bacpy(&rp->bdaddr, &hdev->bdaddr);
1220
1221 rp->version = hdev->hci_ver;
1222 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1223
1224 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1225 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1226
321c6fee 1227
cde7a863 1228 eir_len = append_eir_data_to_buf(hdev, rp->eir);
8a0c9f49 1229 rp->eir_len = cpu_to_le16(eir_len);
321c6fee
MH		 1230
1231 hci_dev_unlock(hdev);
1232
1233 /* If this command is called at least once, then the events
1234 * for class of device and local name changes are disabled
1235 * and only the new extended controller information event
1236 * is used.
1237 */
1238 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1239 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1240 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1241
8a0c9f49
MN		 1242 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1243 sizeof(*rp) + eir_len);
321c6fee
MH		 1244}
1245
1246static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1247{
5e9fae48
MN		 1248 char buf[512];
1249 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1250 u16 eir_len;
1251
1252 memset(buf, 0, sizeof(buf));
321c6fee 1253
5e9fae48
MN		 1254 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1255 ev->eir_len = cpu_to_le16(eir_len);
321c6fee 1256
5e9fae48
MN		 1257 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1258 sizeof(*ev) + eir_len,
1259 HCI_MGMT_EXT_INFO_EVENTS, skip);
321c6fee
MH		 1260}
1261
69ab39ea 1262static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1263{
69ab39ea 1264 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1265
2a1afb5a
JH		 1266 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1267 sizeof(settings));
8680570b
JH		 1268}
1269
f2252570 1270void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1271{
1272 struct mgmt_ev_advertising_added ev;
1273
1274 ev.instance = instance;
1275
1276 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1277}
1278
f2252570
JH		 1279void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1280 u8 instance)
912098a6
AU		 1281{
1282 struct mgmt_ev_advertising_removed ev;
1283
1284 ev.instance = instance;
1285
1286 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1287}
1288
7816b820
FG		 1289static void cancel_adv_timeout(struct hci_dev *hdev)
1290{
1291 if (hdev->adv_instance_timeout) {
1292 hdev->adv_instance_timeout = 0;
1293 cancel_delayed_work(&hdev->adv_instance_expire);
1294 }
1295}
1296
cf75ad8b
LAD		 1297/* This function requires the caller holds hdev->lock */
1298static void restart_le_actions(struct hci_dev *hdev)
8b064a3a 1299{
cf75ad8b 1300 struct hci_conn_params *p;
8b064a3a 1301
cf75ad8b
LAD		 1302 list_for_each_entry(p, &hdev->le_conn_params, list) {
1303 /* Needed for AUTO_OFF case where might not "really"
1304 * have been powered off.
1305 */
195ef75e 1306 hci_pend_le_list_del_init(p);
8b064a3a 1307
cf75ad8b
LAD		 1308 switch (p->auto_connect) {
1309 case HCI_AUTO_CONN_DIRECT:
1310 case HCI_AUTO_CONN_ALWAYS:
195ef75e 1311 hci_pend_le_list_add(p, &hdev->pend_le_conns);
cf75ad8b
LAD		 1312 break;
1313 case HCI_AUTO_CONN_REPORT:
195ef75e 1314 hci_pend_le_list_add(p, &hdev->pend_le_reports);
cf75ad8b
LAD		 1315 break;
1316 default:
1317 break;
1318 }
8b064a3a 1319 }
cf75ad8b 1320}
8b064a3a 1321
cf75ad8b
LAD		 1322static int new_settings(struct hci_dev *hdev, struct sock *skip)
1323{
1324 __le32 ev = cpu_to_le32(get_current_settings(hdev));
912098a6 1325
cf75ad8b
LAD		 1326 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1327 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1328}
8b064a3a 1329
cf75ad8b
LAD		 1330static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1331{
1332 struct mgmt_pending_cmd *cmd = data;
275f3f64
BG		 1333 struct mgmt_mode *cp;
1334
1335 /* Make sure cmd still outstanding. */
1336 if (cmd != pending_find(MGMT_OP_SET_POWERED, hdev))
1337 return;
1338
1339 cp = cmd->param;
cf75ad8b
LAD		 1340
1341 bt_dev_dbg(hdev, "err %d", err);
1342
1343 if (!err) {
1344 if (cp->val) {
1345 hci_dev_lock(hdev);
1346 restart_le_actions(hdev);
1347 hci_update_passive_scan(hdev);
1348 hci_dev_unlock(hdev);
1349 }
8b064a3a 1350
cf75ad8b
LAD		 1351 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1352
1353 /* Only call new_setting for power on as power off is deferred
1354 * to hdev->power_off work which does call hci_dev_do_close.
1355 */
1356 if (cp->val)
1357 new_settings(hdev, cmd->sk);
1358 } else {
1359 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1360 mgmt_status(err));
8b064a3a
JH		 1361 }
1362
275f3f64 1363 mgmt_pending_remove(cmd);
cf75ad8b 1364}
23a48093 1365
cf75ad8b
LAD		 1366static int set_powered_sync(struct hci_dev *hdev, void *data)
1367{
1368 struct mgmt_pending_cmd *cmd = data;
1369 struct mgmt_mode *cp = cmd->param;
1370
1371 BT_DBG("%s", hdev->name);
1372
1373 return hci_set_powered_sync(hdev, cp->val);
8b064a3a
JH		 1374}
1375
bdb6d971 1376static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1377 u16 len)
eec8d2bc 1378{
650f726d 1379 struct mgmt_mode *cp = data;
3b0602cd 1380 struct mgmt_pending_cmd *cmd;
4b34ee78 1381 int err;
eec8d2bc 1382
181d6953 1383 bt_dev_dbg(hdev, "sock %p", sk);
eec8d2bc 1384
a7e80f25 1385 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1386 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1387 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1388
09fd0de5 1389 hci_dev_lock(hdev);
eec8d2bc 1390
333ae95d 1391 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1392 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1393 MGMT_STATUS_BUSY);
87b95ba6
JH		 1394 goto failed;
1395 }
1396
4b34ee78 1397 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1398 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1399 goto failed;
1400 }
1401
275f3f64 1402 cmd = mgmt_pending_add(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1403 if (!cmd) {
1404 err = -ENOMEM;
eec8d2bc 1405 goto failed;
366a0336 1406 }
eec8d2bc 1407
f4198635 1408 /* Cancel potentially blocking sync operation before power off */
d883a466 1409 if (cp->val == 0x00) {
f4198635 1410 __hci_cmd_sync_cancel(hdev, -EHOSTDOWN);
d883a466
LAD		 1411 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1412 mgmt_set_powered_complete);
1413 } else {
1414 /* Use hci_cmd_sync_submit since hdev might not be running */
1415 err = hci_cmd_sync_submit(hdev, set_powered_sync, cmd,
1416 mgmt_set_powered_complete);
1417 }
eec8d2bc 1418
275f3f64
BG		 1419 if (err < 0)
1420 mgmt_pending_remove(cmd);
1421
eec8d2bc 1422failed:
09fd0de5 1423 hci_dev_unlock(hdev);
366a0336 1424 return err;
eec8d2bc
JH		 1425}
1426
91a668b0
JH		 1427int mgmt_new_settings(struct hci_dev *hdev)
1428{
1429 return new_settings(hdev, NULL);
1430}
1431
bd99abdd
JH		 1432struct cmd_lookup {
1433 struct sock *sk;
1434 struct hci_dev *hdev;
1435 u8 mgmt_status;
1436};
1437
3b0602cd 1438static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1439{
1440 struct cmd_lookup *match = data;
1441
1442 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1443
1444 list_del(&cmd->list);
1445
1446 if (match->sk == NULL) {
1447 match->sk = cmd->sk;
1448 sock_hold(match->sk);
1449 }
1450
1451 mgmt_pending_free(cmd);
1452}
1453
3b0602cd 1454static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1455{
1456 u8 *status = data;
1457
a69e8375 1458 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1459 mgmt_pending_remove(cmd);
1460}
1461
3b0602cd 1462static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1463{
1464 if (cmd->cmd_complete) {
1465 u8 *status = data;
1466
1467 cmd->cmd_complete(cmd, *status);
1468 mgmt_pending_remove(cmd);
1469
1470 return;
1471 }
1472
1473 cmd_status_rsp(cmd, data);
1474}
1475
3b0602cd 1476static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1477{
2a1afb5a
JH		 1478 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1479 cmd->param, cmd->param_len);
f5818c22
JH		 1480}
1481
3b0602cd 1482static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1483{
2a1afb5a
JH		 1484 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1485 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1486}
1487
e6fe7986
JH		 1488static u8 mgmt_bredr_support(struct hci_dev *hdev)
1489{
1490 if (!lmp_bredr_capable(hdev))
1491 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1492 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1493 return MGMT_STATUS_REJECTED;
1494 else
1495 return MGMT_STATUS_SUCCESS;
1496}
1497
1498static u8 mgmt_le_support(struct hci_dev *hdev)
1499{
1500 if (!lmp_le_capable(hdev))
1501 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1502 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1503 return MGMT_STATUS_REJECTED;
1504 else
1505 return MGMT_STATUS_SUCCESS;
1506}
1507
2bd1b237
LAD		 1508static void mgmt_set_discoverable_complete(struct hci_dev *hdev, void *data,
1509 int err)
bfaf8c9f 1510{
2bd1b237 1511 struct mgmt_pending_cmd *cmd = data;
bfaf8c9f 1512
2bd1b237 1513 bt_dev_dbg(hdev, "err %d", err);
bfaf8c9f 1514
275f3f64
BG		 1515 /* Make sure cmd still outstanding. */
1516 if (cmd != pending_find(MGMT_OP_SET_DISCOVERABLE, hdev))
1517 return;
1518
bfaf8c9f
JH		 1519 hci_dev_lock(hdev);
1520
2bd1b237
LAD		 1521 if (err) {
1522 u8 mgmt_err = mgmt_status(err);
a69e8375 1523 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1524 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
2bd1b237 1525 goto done;
bfaf8c9f
JH		 1526 }
1527
aed1a885
JH		 1528 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1529 hdev->discov_timeout > 0) {
1530 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1531 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1532 }
bfaf8c9f
JH		 1533
1534 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1535 new_settings(hdev, cmd->sk);
970ba524 1536
2bd1b237 1537done:
275f3f64 1538 mgmt_pending_remove(cmd);
bfaf8c9f
JH		 1539 hci_dev_unlock(hdev);
1540}
1541
2bd1b237
LAD		 1542static int set_discoverable_sync(struct hci_dev *hdev, void *data)
1543{
1544 BT_DBG("%s", hdev->name);
1545
1546 return hci_update_discoverable_sync(hdev);
1547}
1548
bdb6d971 1549static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1550 u16 len)
73f22f62 1551{
650f726d 1552 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1553 struct mgmt_pending_cmd *cmd;
5e5282bb 1554 u16 timeout;
73f22f62
JH		 1555 int err;
1556
181d6953 1557 bt_dev_dbg(hdev, "sock %p", sk);
73f22f62 1558
d7a5a11d
MH		 1559 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1560 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1561 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1562 MGMT_STATUS_REJECTED);
33c525c0 1563
310a3d48 1564 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1566 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1567
1f350c87 1568 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1569
1570 /* Disabling discoverable requires that no timeout is set,
1571 * and enabling limited discoverable requires a timeout.
1572 */
1573 if ((cp->val == 0x00 && timeout > 0) ||
1574 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1575 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1576 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1577
09fd0de5 1578 hci_dev_lock(hdev);
73f22f62 1579
5e5282bb 1580 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1581 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1582 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1583 goto failed;
1584 }
1585
333ae95d
JH		 1586 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1587 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1588 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1589 MGMT_STATUS_BUSY);
73f22f62
JH		 1590 goto failed;
1591 }
1592
d7a5a11d 1593 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1594 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1595 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1596 goto failed;
1597 }
1598
4867bd00
APS		 1599 if (hdev->advertising_paused) {
1600 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1601 MGMT_STATUS_BUSY);
1602 goto failed;
1603 }
1604
5e5282bb 1605 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1606 bool changed = false;
1607
310a3d48
MH		 1608 /* Setting limited discoverable when powered off is
1609 * not a valid operation since it requires a timeout
1610 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1611 */
d7a5a11d 1612 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1613 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1614 changed = true;
1615 }
1616
5e5282bb 1617 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1618 if (err < 0)
1619 goto failed;
1620
1621 if (changed)
1622 err = new_settings(hdev, sk);
1623
5e5282bb
JH		 1624 goto failed;
1625 }
1626
310a3d48
MH		 1627 /* If the current mode is the same, then just update the timeout
1628 * value with the new value. And if only the timeout gets updated,
1629 * then no need for any HCI transactions.
1630 */
d7a5a11d
MH		 1631 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1632 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1633 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1634 cancel_delayed_work(&hdev->discov_off);
1635 hdev->discov_timeout = timeout;
955638ec 1636
36261547
MH		 1637 if (cp->val && hdev->discov_timeout > 0) {
1638 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1639 queue_delayed_work(hdev->req_workqueue,
1640 &hdev->discov_off, to);
955638ec
MH		 1641 }
1642
69ab39ea 1643 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1644 goto failed;
1645 }
1646
275f3f64 1647 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1648 if (!cmd) {
1649 err = -ENOMEM;
73f22f62 1650 goto failed;
366a0336 1651 }
73f22f62 1652
310a3d48
MH		 1653 /* Cancel any potential discoverable timeout that might be
1654 * still active and store new timeout value. The arming of
1655 * the timeout happens in the complete handler.
1656 */
1657 cancel_delayed_work(&hdev->discov_off);
1658 hdev->discov_timeout = timeout;
1659
aed1a885
JH		 1660 if (cp->val)
1661 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1662 else
1663 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1664
b456f87c
JH		 1665 /* Limited discoverable mode */
1666 if (cp->val == 0x02)
a1536da2 1667 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1668 else
a358dc11 1669 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1670
2bd1b237
LAD		 1671 err = hci_cmd_sync_queue(hdev, set_discoverable_sync, cmd,
1672 mgmt_set_discoverable_complete);
73f22f62 1673
275f3f64
BG		 1674 if (err < 0)
1675 mgmt_pending_remove(cmd);
1676
73f22f62 1677failed:
09fd0de5 1678 hci_dev_unlock(hdev);
73f22f62
JH		 1679 return err;
1680}
1681
f056a657
LAD		 1682static void mgmt_set_connectable_complete(struct hci_dev *hdev, void *data,
1683 int err)
2b76f453 1684{
f056a657 1685 struct mgmt_pending_cmd *cmd = data;
2b76f453 1686
f056a657 1687 bt_dev_dbg(hdev, "err %d", err);
2b76f453 1688
275f3f64
BG		 1689 /* Make sure cmd still outstanding. */
1690 if (cmd != pending_find(MGMT_OP_SET_CONNECTABLE, hdev))
1691 return;
1692
2b76f453
JH		 1693 hci_dev_lock(hdev);
1694
f056a657
LAD		 1695 if (err) {
1696 u8 mgmt_err = mgmt_status(err);
a69e8375 1697 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
f056a657 1698 goto done;
37438c1f
JH		 1699 }
1700
2b76f453 1701 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1702 new_settings(hdev, cmd->sk);
d7b856f9 1703
f056a657 1704done:
275f3f64
BG		 1705 if (cmd)
1706 mgmt_pending_remove(cmd);
1707
2b76f453
JH		 1708 hci_dev_unlock(hdev);
1709}
1710
e8ba3a1f
JH		 1711static int set_connectable_update_settings(struct hci_dev *hdev,
1712 struct sock *sk, u8 val)
1713{
1714 bool changed = false;
1715 int err;
1716
d7a5a11d 1717 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1718 changed = true;
1719
1720 if (val) {
a1536da2 1721 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1722 } else {
a358dc11
MH		 1723 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1724 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1725 }
1726
1727 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1728 if (err < 0)
1729 return err;
1730
562064e6 1731 if (changed) {
bb876725 1732 hci_update_scan(hdev);
5bee2fd6 1733 hci_update_passive_scan(hdev);
e8ba3a1f 1734 return new_settings(hdev, sk);
562064e6 1735 }
e8ba3a1f
JH		 1736
1737 return 0;
1738}
1739
f056a657
LAD		 1740static int set_connectable_sync(struct hci_dev *hdev, void *data)
1741{
1742 BT_DBG("%s", hdev->name);
1743
1744 return hci_update_connectable_sync(hdev);
1745}
1746
bdb6d971 1747static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1748 u16 len)
9fbcbb45 1749{
650f726d 1750 struct mgmt_mode *cp = data;
3b0602cd 1751 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1752 int err;
1753
181d6953 1754 bt_dev_dbg(hdev, "sock %p", sk);
9fbcbb45 1755
d7a5a11d
MH		 1756 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1757 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1758 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1759 MGMT_STATUS_REJECTED);
33c525c0 1760
a7e80f25 1761 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1762 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1763 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1764
09fd0de5 1765 hci_dev_lock(hdev);
9fbcbb45 1766
4b34ee78 1767 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1768 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1769 goto failed;
1770 }
1771
333ae95d
JH		 1772 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1773 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1774 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1775 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1776 goto failed;
1777 }
1778
275f3f64 1779 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1780 if (!cmd) {
1781 err = -ENOMEM;
9fbcbb45 1782 goto failed;
366a0336 1783 }
9fbcbb45 1784
53c0ba74
JH		 1785 if (cp->val) {
1786 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1787 } else {
1788 if (hdev->discov_timeout > 0)
1789 cancel_delayed_work(&hdev->discov_off);
2b76f453 1790
53c0ba74
JH		 1791 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1792 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1793 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1794 }
2b76f453 1795
f056a657
LAD		 1796 err = hci_cmd_sync_queue(hdev, set_connectable_sync, cmd,
1797 mgmt_set_connectable_complete);
9fbcbb45 1798
275f3f64
BG		 1799 if (err < 0)
1800 mgmt_pending_remove(cmd);
1801
9fbcbb45 1802failed:
09fd0de5 1803 hci_dev_unlock(hdev);
9fbcbb45
JH		 1804 return err;
1805}
1806
b2939475 1807static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1808 u16 len)
c542a06c 1809{
650f726d 1810 struct mgmt_mode *cp = data;
55594356 1811 bool changed;
c542a06c
JH		 1812 int err;
1813
181d6953 1814 bt_dev_dbg(hdev, "sock %p", sk);
c542a06c 1815
a7e80f25 1816 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1817 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1818 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1819
09fd0de5 1820 hci_dev_lock(hdev);
c542a06c
JH		 1821
1822 if (cp->val)
238be788 1823 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1824 else
a69d8927 1825 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1826
b2939475 1827 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1828 if (err < 0)
55594356 1829 goto unlock;
c542a06c 1830
82a37ade
JH		 1831 if (changed) {
1832 /* In limited privacy mode the change of bondable mode
1833 * may affect the local advertising address.
1834 */
2bd1b237 1835 hci_update_discoverable(hdev);
82a37ade 1836
55594356 1837 err = new_settings(hdev, sk);
82a37ade 1838 }
c542a06c 1839
55594356 1840unlock:
09fd0de5 1841 hci_dev_unlock(hdev);
c542a06c
JH		 1842 return err;
1843}
1844
04124681
GP		 1845static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1846 u16 len)
33ef95ed
JH		 1847{
1848 struct mgmt_mode *cp = data;
3b0602cd 1849 struct mgmt_pending_cmd *cmd;
e6fe7986 1850 u8 val, status;
33ef95ed
JH		 1851 int err;
1852
181d6953 1853 bt_dev_dbg(hdev, "sock %p", sk);
33ef95ed 1854
e6fe7986
JH		 1855 status = mgmt_bredr_support(hdev);
1856 if (status)
a69e8375
JH		 1857 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1858 status);
33c525c0 1859
a7e80f25 1860 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1862 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1863
33ef95ed
JH		 1864 hci_dev_lock(hdev);
1865
4b34ee78 1866 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1867 bool changed = false;
1868
d7a5a11d 1869 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1870 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1871 changed = true;
1872 }
1873
1874 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1875 if (err < 0)
1876 goto failed;
1877
1878 if (changed)
1879 err = new_settings(hdev, sk);
1880
33ef95ed
JH		 1881 goto failed;
1882 }
1883
333ae95d 1884 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1885 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1886 MGMT_STATUS_BUSY);
33ef95ed
JH		 1887 goto failed;
1888 }
1889
1890 val = !!cp->val;
1891
1892 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1893 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1894 goto failed;
1895 }
1896
1897 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1898 if (!cmd) {
1899 err = -ENOMEM;
1900 goto failed;
1901 }
1902
1903 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1904 if (err < 0) {
1905 mgmt_pending_remove(cmd);
1906 goto failed;
1907 }
1908
1909failed:
1910 hci_dev_unlock(hdev);
33ef95ed
JH		 1911 return err;
1912}
1913
3244845c
BG		 1914static void set_ssp_complete(struct hci_dev *hdev, void *data, int err)
1915{
1916 struct cmd_lookup match = { NULL, hdev };
1917 struct mgmt_pending_cmd *cmd = data;
1918 struct mgmt_mode *cp = cmd->param;
1919 u8 enable = cp->val;
1920 bool changed;
1921
275f3f64
BG		 1922 /* Make sure cmd still outstanding. */
1923 if (cmd != pending_find(MGMT_OP_SET_SSP, hdev))
1924 return;
1925
3244845c
BG		 1926 if (err) {
1927 u8 mgmt_err = mgmt_status(err);
1928
1929 if (enable && hci_dev_test_and_clear_flag(hdev,
1930 HCI_SSP_ENABLED)) {
1931 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1932 new_settings(hdev, NULL);
1933 }
1934
1935 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
1936 &mgmt_err);
1937 return;
1938 }
1939
1940 if (enable) {
1941 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1942 } else {
1943 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
1944
1945 if (!changed)
1946 changed = hci_dev_test_and_clear_flag(hdev,
1947 HCI_HS_ENABLED);
1948 else
1949 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
1950 }
1951
1952 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
1953
1954 if (changed)
1955 new_settings(hdev, match.sk);
1956
1957 if (match.sk)
1958 sock_put(match.sk);
1959
1960 hci_update_eir_sync(hdev);
1961}
1962
1963static int set_ssp_sync(struct hci_dev *hdev, void *data)
1964{
1965 struct mgmt_pending_cmd *cmd = data;
1966 struct mgmt_mode *cp = cmd->param;
1967 bool changed = false;
1968 int err;
1969
1970 if (cp->val)
1971 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
1972
1973 err = hci_write_ssp_mode_sync(hdev, cp->val);
1974
1975 if (!err && changed)
1976 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
1977
1978 return err;
1979}
1980
bdb6d971 1981static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1982{
1983 struct mgmt_mode *cp = data;
3b0602cd 1984 struct mgmt_pending_cmd *cmd;
72ef0c1a 1985 u8 status;
ed2c4ee3
JH		 1986 int err;
1987
181d6953 1988 bt_dev_dbg(hdev, "sock %p", sk);
ed2c4ee3 1989
cdba5281
MH		 1990 status = mgmt_bredr_support(hdev);
1991 if (status)
a69e8375 1992 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1993
13ecd8b6 1994 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1995 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1996 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1997
a7e80f25 1998 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1999 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2000 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2001
13ecd8b6 2002 hci_dev_lock(hdev);
6c8f12c1 2003
4b34ee78 2004 if (!hdev_is_powered(hdev)) {
9ecb3e24 2005 bool changed;
c0ecddc2 2006
9ecb3e24 2007 if (cp->val) {
238be788
MH		 2008 changed = !hci_dev_test_and_set_flag(hdev,
2009 HCI_SSP_ENABLED);
9ecb3e24 2010 } else {
a69d8927
MH		 2011 changed = hci_dev_test_and_clear_flag(hdev,
2012 HCI_SSP_ENABLED);
9ecb3e24 2013 if (!changed)
a69d8927
MH		 2014 changed = hci_dev_test_and_clear_flag(hdev,
2015 HCI_HS_ENABLED);
9ecb3e24 2016 else
a358dc11 2017 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 2018 }
2019
2020 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2021 if (err < 0)
2022 goto failed;
2023
2024 if (changed)
2025 err = new_settings(hdev, sk);
2026
ed2c4ee3
JH		 2027 goto failed;
2028 }
2029
333ae95d 2030 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2031 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2032 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 2033 goto failed;
2034 }
2035
d7a5a11d 2036 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 2037 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
2038 goto failed;
2039 }
2040
2041 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
3244845c 2042 if (!cmd)
ed2c4ee3 2043 err = -ENOMEM;
3244845c
BG		 2044 else
2045 err = hci_cmd_sync_queue(hdev, set_ssp_sync, cmd,
2046 set_ssp_complete);
3769972b 2047
ed2c4ee3 2048 if (err < 0) {
3244845c
BG		 2049 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
2050 MGMT_STATUS_FAILED);
2051
2052 if (cmd)
2053 mgmt_pending_remove(cmd);
ed2c4ee3
JH		 2054 }
2055
2056failed:
2057 hci_dev_unlock(hdev);
ed2c4ee3
JH		 2058 return err;
2059}
2060
bdb6d971 2061static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 2062{
2063 struct mgmt_mode *cp = data;
ee392693 2064 bool changed;
e6fe7986 2065 u8 status;
ee392693 2066 int err;
6d80dfd0 2067
181d6953 2068 bt_dev_dbg(hdev, "sock %p", sk);
6d80dfd0 2069
b560a208
LAD		 2070 if (!IS_ENABLED(CONFIG_BT_HS))
2071 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2072 MGMT_STATUS_NOT_SUPPORTED);
2073
e6fe7986
JH		 2074 status = mgmt_bredr_support(hdev);
2075 if (status)
a69e8375 2076 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 2077
9ecb3e24 2078 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 2079 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2080 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 2081
d7a5a11d 2082 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 2083 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2084 MGMT_STATUS_REJECTED);
9ecb3e24 2085
a7e80f25 2086 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2087 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2088 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2089
ee392693
MH		 2090 hci_dev_lock(hdev);
2091
333ae95d 2092 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 2093 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2094 MGMT_STATUS_BUSY);
a2cb01de
JH		 2095 goto unlock;
2096 }
2097
a0cdf960 2098 if (cp->val) {
238be788 2099 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 2100 } else {
2101 if (hdev_is_powered(hdev)) {
a69e8375
JH		 2102 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
2103 MGMT_STATUS_REJECTED);
a0cdf960
MH		 2104 goto unlock;
2105 }
2106
a69d8927 2107 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 2108 }
ee392693
MH		 2109
2110 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
2111 if (err < 0)
2112 goto unlock;
2113
2114 if (changed)
2115 err = new_settings(hdev, sk);
6d80dfd0 2116
ee392693
MH		 2117unlock:
2118 hci_dev_unlock(hdev);
2119 return err;
6d80dfd0
JH		 2120}
2121
d81a494c 2122static void set_le_complete(struct hci_dev *hdev, void *data, int err)
416a4ae5
JH		 2123{
2124 struct cmd_lookup match = { NULL, hdev };
d81a494c 2125 u8 status = mgmt_status(err);
416a4ae5 2126
d81a494c 2127 bt_dev_dbg(hdev, "err %d", err);
3ad67582 2128
416a4ae5 2129 if (status) {
416a4ae5 2130 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
d81a494c
BG		 2131 &status);
2132 return;
416a4ae5
JH		 2133 }
2134
2135 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
2136
2137 new_settings(hdev, match.sk);
2138
2139 if (match.sk)
2140 sock_put(match.sk);
d81a494c
BG		 2141}
2142
2143static int set_le_sync(struct hci_dev *hdev, void *data)
2144{
2145 struct mgmt_pending_cmd *cmd = data;
2146 struct mgmt_mode *cp = cmd->param;
2147 u8 val = !!cp->val;
2148 int err;
2149
2150 if (!val) {
c249ea9b
BG		 2151 hci_clear_adv_instance_sync(hdev, NULL, 0x00, true);
2152
d81a494c
BG		 2153 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
2154 hci_disable_advertising_sync(hdev);
2155
2156 if (ext_adv_capable(hdev))
2157 hci_remove_ext_adv_instance_sync(hdev, 0, cmd->sk);
2158 } else {
2159 hci_dev_set_flag(hdev, HCI_LE_ENABLED);
2160 }
2161
2162 err = hci_write_le_host_supported_sync(hdev, val, 0);
441ad2d0
MH		 2163
2164 /* Make sure the controller has a good default for
2165 * advertising data. Restrict the update to when LE
2166 * has actually been enabled. During power on, the
2167 * update in powered_update_hci will take care of it.
2168 */
d81a494c 2169 if (!err && hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
a0fb3726 2170 if (ext_adv_capable(hdev)) {
d81a494c 2171 int status;
a0fb3726 2172
d81a494c
BG		 2173 status = hci_setup_ext_adv_instance_sync(hdev, 0x00);
2174 if (!status)
2175 hci_update_scan_rsp_data_sync(hdev, 0x00);
a0fb3726 2176 } else {
d81a494c
BG		 2177 hci_update_adv_data_sync(hdev, 0x00);
2178 hci_update_scan_rsp_data_sync(hdev, 0x00);
a0fb3726 2179 }
d81a494c 2180
5bee2fd6 2181 hci_update_passive_scan(hdev);
441ad2d0 2182 }
3ad67582 2183
d81a494c 2184 return err;
416a4ae5
JH		 2185}
2186
b338d917
BG		 2187static void set_mesh_complete(struct hci_dev *hdev, void *data, int err)
2188{
2189 struct mgmt_pending_cmd *cmd = data;
2190 u8 status = mgmt_status(err);
2191 struct sock *sk = cmd->sk;
2192
2193 if (status) {
2194 mgmt_pending_foreach(MGMT_OP_SET_MESH_RECEIVER, hdev,
2195 cmd_status_rsp, &status);
2196 return;
2197 }
2198
2199 mgmt_pending_remove(cmd);
2200 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER, 0, NULL, 0);
2201}
2202
2203static int set_mesh_sync(struct hci_dev *hdev, void *data)
2204{
2205 struct mgmt_pending_cmd *cmd = data;
2206 struct mgmt_cp_set_mesh *cp = cmd->param;
2207 size_t len = cmd->param_len;
2208
2209 memset(hdev->mesh_ad_types, 0, sizeof(hdev->mesh_ad_types));
2210
2211 if (cp->enable)
2212 hci_dev_set_flag(hdev, HCI_MESH);
2213 else
2214 hci_dev_clear_flag(hdev, HCI_MESH);
2215
2216 len -= sizeof(*cp);
2217
2218 /* If filters don't fit, forward all adv pkts */
2219 if (len <= sizeof(hdev->mesh_ad_types))
2220 memcpy(hdev->mesh_ad_types, cp->ad_types, len);
2221
2222 hci_update_passive_scan_sync(hdev);
2223 return 0;
2224}
2225
2226static int set_mesh(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2227{
2228 struct mgmt_cp_set_mesh *cp = data;
2229 struct mgmt_pending_cmd *cmd;
2230 int err = 0;
2231
2232 bt_dev_dbg(hdev, "sock %p", sk);
2233
af6bcc19
BG		 2234 if (!lmp_le_capable(hdev) ||
2235 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
b338d917
BG		 2236 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2237 MGMT_STATUS_NOT_SUPPORTED);
2238
2239 if (cp->enable != 0x00 && cp->enable != 0x01)
2240 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2241 MGMT_STATUS_INVALID_PARAMS);
2242
2243 hci_dev_lock(hdev);
2244
2245 cmd = mgmt_pending_add(sk, MGMT_OP_SET_MESH_RECEIVER, hdev, data, len);
2246 if (!cmd)
2247 err = -ENOMEM;
2248 else
2249 err = hci_cmd_sync_queue(hdev, set_mesh_sync, cmd,
2250 set_mesh_complete);
2251
2252 if (err < 0) {
2253 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_MESH_RECEIVER,
2254 MGMT_STATUS_FAILED);
2255
2256 if (cmd)
2257 mgmt_pending_remove(cmd);
2258 }
2259
2260 hci_dev_unlock(hdev);
2261 return err;
2262}
2263
2264static void mesh_send_start_complete(struct hci_dev *hdev, void *data, int err)
2265{
2266 struct mgmt_mesh_tx *mesh_tx = data;
2267 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2268 unsigned long mesh_send_interval;
2269 u8 mgmt_err = mgmt_status(err);
2270
2271 /* Report any errors here, but don't report completion */
2272
2273 if (mgmt_err) {
2274 hci_dev_clear_flag(hdev, HCI_MESH_SENDING);
2275 /* Send Complete Error Code for handle */
2276 mesh_send_complete(hdev, mesh_tx, false);
2277 return;
2278 }
2279
2280 mesh_send_interval = msecs_to_jiffies((send->cnt) * 25);
2281 queue_delayed_work(hdev->req_workqueue, &hdev->mesh_send_done,
2282 mesh_send_interval);
2283}
2284
2285static int mesh_send_sync(struct hci_dev *hdev, void *data)
2286{
2287 struct mgmt_mesh_tx *mesh_tx = data;
2288 struct mgmt_cp_mesh_send *send = (void *)mesh_tx->param;
2289 struct adv_info *adv, *next_instance;
2290 u8 instance = hdev->le_num_of_adv_sets + 1;
2291 u16 timeout, duration;
2292 int err = 0;
2293
2294 if (hdev->le_num_of_adv_sets <= hdev->adv_instance_cnt)
2295 return MGMT_STATUS_BUSY;
2296
2297 timeout = 1000;
2298 duration = send->cnt * INTERVAL_TO_MS(hdev->le_adv_max_interval);
2299 adv = hci_add_adv_instance(hdev, instance, 0,
2300 send->adv_data_len, send->adv_data,
2301 0, NULL,
2302 timeout, duration,
2303 HCI_ADV_TX_POWER_NO_PREFERENCE,
2304 hdev->le_adv_min_interval,
2305 hdev->le_adv_max_interval,
2306 mesh_tx->handle);
2307
2308 if (!IS_ERR(adv))
2309 mesh_tx->instance = instance;
2310 else
2311 err = PTR_ERR(adv);
2312
2313 if (hdev->cur_adv_instance == instance) {
2314 /* If the currently advertised instance is being changed then
2315 * cancel the current advertising and schedule the next
2316 * instance. If there is only one instance then the overridden
2317 * advertising data will be visible right away.
2318 */
2319 cancel_adv_timeout(hdev);
2320
2321 next_instance = hci_get_next_instance(hdev, instance);
2322 if (next_instance)
2323 instance = next_instance->instance;
2324 else
2325 instance = 0;
2326 } else if (hdev->adv_instance_timeout) {
2327 /* Immediately advertise the new instance if no other, or
2328 * let it go naturally from queue if ADV is already happening
2329 */
2330 instance = 0;
2331 }
2332
2333 if (instance)
2334 return hci_schedule_adv_instance_sync(hdev, instance, true);
2335
2336 return err;
2337}
2338
2339static void send_count(struct mgmt_mesh_tx *mesh_tx, void *data)
2340{
2341 struct mgmt_rp_mesh_read_features *rp = data;
2342
2343 if (rp->used_handles >= rp->max_handles)
2344 return;
2345
2346 rp->handles[rp->used_handles++] = mesh_tx->handle;
2347}
2348
2349static int mesh_features(struct sock *sk, struct hci_dev *hdev,
2350 void *data, u16 len)
2351{
2352 struct mgmt_rp_mesh_read_features rp;
2353
af6bcc19
BG		 2354 if (!lmp_le_capable(hdev) ||
2355 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
b338d917
BG		 2356 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES,
2357 MGMT_STATUS_NOT_SUPPORTED);
2358
2359 memset(&rp, 0, sizeof(rp));
2360 rp.index = cpu_to_le16(hdev->id);
2361 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2362 rp.max_handles = MESH_HANDLES_MAX;
2363
2364 hci_dev_lock(hdev);
2365
2366 if (rp.max_handles)
2367 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2368
2369 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_READ_FEATURES, 0, &rp,
2370 rp.used_handles + sizeof(rp) - MESH_HANDLES_MAX);
2371
2372 hci_dev_unlock(hdev);
2373 return 0;
2374}
2375
2376static int send_cancel(struct hci_dev *hdev, void *data)
2377{
2378 struct mgmt_pending_cmd *cmd = data;
2379 struct mgmt_cp_mesh_send_cancel *cancel = (void *)cmd->param;
2380 struct mgmt_mesh_tx *mesh_tx;
2381
2382 if (!cancel->handle) {
2383 do {
2384 mesh_tx = mgmt_mesh_next(hdev, cmd->sk);
2385
2386 if (mesh_tx)
2387 mesh_send_complete(hdev, mesh_tx, false);
2388 } while (mesh_tx);
2389 } else {
2390 mesh_tx = mgmt_mesh_find(hdev, cancel->handle);
2391
2392 if (mesh_tx && mesh_tx->sk == cmd->sk)
2393 mesh_send_complete(hdev, mesh_tx, false);
2394 }
2395
2396 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2397 0, NULL, 0);
2398 mgmt_pending_free(cmd);
2399
2400 return 0;
2401}
2402
2403static int mesh_send_cancel(struct sock *sk, struct hci_dev *hdev,
2404 void *data, u16 len)
2405{
2406 struct mgmt_pending_cmd *cmd;
2407 int err;
2408
af6bcc19
BG		 2409 if (!lmp_le_capable(hdev) ||
2410 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2411 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2412 MGMT_STATUS_NOT_SUPPORTED);
2413
b338d917
BG		 2414 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
2415 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2416 MGMT_STATUS_REJECTED);
2417
2418 hci_dev_lock(hdev);
2419 cmd = mgmt_pending_new(sk, MGMT_OP_MESH_SEND_CANCEL, hdev, data, len);
2420 if (!cmd)
2421 err = -ENOMEM;
2422 else
2423 err = hci_cmd_sync_queue(hdev, send_cancel, cmd, NULL);
2424
2425 if (err < 0) {
2426 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND_CANCEL,
2427 MGMT_STATUS_FAILED);
2428
2429 if (cmd)
2430 mgmt_pending_free(cmd);
2431 }
2432
2433 hci_dev_unlock(hdev);
2434 return err;
2435}
2436
2437static int mesh_send(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2438{
2439 struct mgmt_mesh_tx *mesh_tx;
2440 struct mgmt_cp_mesh_send *send = data;
2441 struct mgmt_rp_mesh_read_features rp;
2442 bool sending;
2443 int err = 0;
2444
af6bcc19
BG		 2445 if (!lmp_le_capable(hdev) ||
2446 !hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
2447 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2448 MGMT_STATUS_NOT_SUPPORTED);
b338d917
BG		 2449 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) ||
2450 len <= MGMT_MESH_SEND_SIZE ||
2451 len > (MGMT_MESH_SEND_SIZE + 31))
2452 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2453 MGMT_STATUS_REJECTED);
2454
2455 hci_dev_lock(hdev);
2456
2457 memset(&rp, 0, sizeof(rp));
2458 rp.max_handles = MESH_HANDLES_MAX;
2459
2460 mgmt_mesh_foreach(hdev, send_count, &rp, sk);
2461
2462 if (rp.max_handles <= rp.used_handles) {
2463 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2464 MGMT_STATUS_BUSY);
2465 goto done;
2466 }
2467
2468 sending = hci_dev_test_flag(hdev, HCI_MESH_SENDING);
2469 mesh_tx = mgmt_mesh_add(sk, hdev, send, len);
2470
2471 if (!mesh_tx)
2472 err = -ENOMEM;
2473 else if (!sending)
2474 err = hci_cmd_sync_queue(hdev, mesh_send_sync, mesh_tx,
2475 mesh_send_start_complete);
2476
2477 if (err < 0) {
2478 bt_dev_err(hdev, "Send Mesh Failed %d", err);
2479 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_MESH_SEND,
2480 MGMT_STATUS_FAILED);
2481
2482 if (mesh_tx) {
2483 if (sending)
2484 mgmt_mesh_remove(mesh_tx);
2485 }
2486 } else {
2487 hci_dev_set_flag(hdev, HCI_MESH_SENDING);
2488
2489 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_MESH_SEND, 0,
2490 &mesh_tx->handle, 1);
2491 }
2492
2493done:
2494 hci_dev_unlock(hdev);
2495 return err;
2496}
2497
bdb6d971 2498static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 2499{
2500 struct mgmt_mode *cp = data;
3b0602cd 2501 struct mgmt_pending_cmd *cmd;
06199cf8 2502 int err;
0b60eba1 2503 u8 val, enabled;
06199cf8 2504
181d6953 2505 bt_dev_dbg(hdev, "sock %p", sk);
06199cf8 2506
13ecd8b6 2507 if (!lmp_le_capable(hdev))
a69e8375
JH		 2508 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2509 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 2510
a7e80f25 2511 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 2512 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2513 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 2514
e7844ee5
MH		 2515 /* Bluetooth single mode LE only controllers or dual-mode
2516 * controllers configured as LE only devices, do not allow
2517 * switching LE off. These have either LE enabled explicitly
2518 * or BR/EDR has been previously switched off.
2519 *
2520 * When trying to enable an already enabled LE, then gracefully
2521 * send a positive response. Trying to disable it however will
2522 * result into rejection.
2523 */
2524 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
2525 if (cp->val == 0x01)
2526 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2527
a69e8375
JH		 2528 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2529 MGMT_STATUS_REJECTED);
e7844ee5 2530 }
c73eee91 2531
13ecd8b6 2532 hci_dev_lock(hdev);
06199cf8
JH		 2533
2534 val = !!cp->val;
ffa88e02 2535 enabled = lmp_host_le_capable(hdev);
06199cf8 2536
0b60eba1 2537 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2538 bool changed = false;
2539
d7a5a11d 2540 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2541 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2542 changed = true;
2543 }
2544
d7a5a11d 2545 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2546 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2547 changed = true;
2548 }
2549
06199cf8
JH		 2550 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2551 if (err < 0)
1de028ce 2552 goto unlock;
06199cf8
JH		 2553
2554 if (changed)
2555 err = new_settings(hdev, sk);
2556
1de028ce 2557 goto unlock;
06199cf8
JH		 2558 }
2559
333ae95d
JH		 2560 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2561 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2562 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2563 MGMT_STATUS_BUSY);
1de028ce 2564 goto unlock;
06199cf8
JH		 2565 }
2566
2567 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
d81a494c 2568 if (!cmd)
06199cf8 2569 err = -ENOMEM;
d81a494c
BG		 2570 else
2571 err = hci_cmd_sync_queue(hdev, set_le_sync, cmd,
2572 set_le_complete);
06199cf8 2573
d81a494c
BG		 2574 if (err < 0) {
2575 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2576 MGMT_STATUS_FAILED);
45b7749f 2577
d81a494c
BG		 2578 if (cmd)
2579 mgmt_pending_remove(cmd);
06199cf8
JH		 2580 }
2581
1de028ce
JH		 2582unlock:
2583 hci_dev_unlock(hdev);
06199cf8
JH		 2584 return err;
2585}
2586
0cab9c80
JH		 2587/* This is a helper function to test for pending mgmt commands that can
2588 * cause CoD or EIR HCI commands. We can only allow one such pending
2589 * mgmt command at a time since otherwise we cannot easily track what
2590 * the current values are, will be, and based on that calculate if a new
2591 * HCI command needs to be sent and if yes with what value.
2592 */
2593static bool pending_eir_or_class(struct hci_dev *hdev)
2594{
3b0602cd 2595 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2596
2597 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2598 switch (cmd->opcode) {
2599 case MGMT_OP_ADD_UUID:
2600 case MGMT_OP_REMOVE_UUID:
2601 case MGMT_OP_SET_DEV_CLASS:
2602 case MGMT_OP_SET_POWERED:
2603 return true;
2604 }
2605 }
2606
2607 return false;
2608}
2609
83be8eca
JH		 2610static const u8 bluetooth_base_uuid[] = {
2611 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2612 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2613};
2614
2615static u8 get_uuid_size(const u8 *uuid)
2616{
2617 u32 val;
2618
2619 if (memcmp(uuid, bluetooth_base_uuid, 12))
2620 return 128;
2621
2622 val = get_unaligned_le32(&uuid[12]);
2623 if (val > 0xffff)
2624 return 32;
2625
2626 return 16;
2627}
2628
161510cc 2629static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
92da6097 2630{
161510cc 2631 struct mgmt_pending_cmd *cmd = data;
92da6097 2632
161510cc 2633 bt_dev_dbg(hdev, "err %d", err);
92da6097 2634
2a1afb5a 2635 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
161510cc 2636 mgmt_status(err), hdev->dev_class, 3);
92da6097 2637
161510cc 2638 mgmt_pending_free(cmd);
92da6097
JH		 2639}
2640
161510cc 2641static int add_uuid_sync(struct hci_dev *hdev, void *data)
92da6097 2642{
161510cc 2643 int err;
92da6097 2644
161510cc
LAD		 2645 err = hci_update_class_sync(hdev);
2646 if (err)
2647 return err;
2648
2649 return hci_update_eir_sync(hdev);
92da6097
JH		 2650}
2651
bdb6d971 2652static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2653{
650f726d 2654 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2655 struct mgmt_pending_cmd *cmd;
2aeb9a1a 2656 struct bt_uuid *uuid;
2aeb9a1a
JH		 2657 int err;
2658
181d6953 2659 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2660
09fd0de5 2661 hci_dev_lock(hdev);
2aeb9a1a 2662
0cab9c80 2663 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2664 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2665 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2666 goto failed;
2667 }
2668
92c4c204 2669 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2670 if (!uuid) {
2671 err = -ENOMEM;
2672 goto failed;
2673 }
2674
2675 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2676 uuid->svc_hint = cp->svc_hint;
83be8eca 2677 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2678
de66aa63 2679 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2680
161510cc 2681 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2682 if (!cmd) {
90e70454 2683 err = -ENOMEM;
890ea898
JH		 2684 goto failed;
2685 }
2686
161510cc
LAD		 2687 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2688 if (err < 0) {
2689 mgmt_pending_free(cmd);
2690 goto failed;
2691 }
2aeb9a1a
JH		 2692
2693failed:
09fd0de5 2694 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2695 return err;
2696}
2697
24b78d0f
JH		 2698static bool enable_service_cache(struct hci_dev *hdev)
2699{
2700 if (!hdev_is_powered(hdev))
2701 return false;
2702
238be788 2703 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2704 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2705 CACHE_TIMEOUT);
24b78d0f
JH		 2706 return true;
2707 }
2708
2709 return false;
2710}
2711
161510cc 2712static int remove_uuid_sync(struct hci_dev *hdev, void *data)
92da6097 2713{
161510cc 2714 int err;
92da6097 2715
161510cc
LAD		 2716 err = hci_update_class_sync(hdev);
2717 if (err)
2718 return err;
2719
2720 return hci_update_eir_sync(hdev);
92da6097
JH		 2721}
2722
bdb6d971 2723static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2724 u16 len)
2aeb9a1a 2725{
650f726d 2726 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2727 struct mgmt_pending_cmd *cmd;
056341c8 2728 struct bt_uuid *match, *tmp;
e616fec6
CIK		 2729 static const u8 bt_uuid_any[] = {
2730 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
2731 };
2aeb9a1a
JH		 2732 int err, found;
2733
181d6953 2734 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2735
09fd0de5 2736 hci_dev_lock(hdev);
2aeb9a1a 2737
0cab9c80 2738 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2739 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2740 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2741 goto unlock;
2742 }
2743
2aeb9a1a 2744 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2745 hci_uuids_clear(hdev);
4004b6d9 2746
24b78d0f 2747 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2748 err = mgmt_cmd_complete(sk, hdev->id,
2749 MGMT_OP_REMOVE_UUID,
2750 0, hdev->dev_class, 3);
24b78d0f
JH		 2751 goto unlock;
2752 }
4004b6d9 2753
9246a869 2754 goto update_class;
2aeb9a1a
JH		 2755 }
2756
2757 found = 0;
2758
056341c8 2759 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2760 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2761 continue;
2762
2763 list_del(&match->list);
482049f7 2764 kfree(match);
2aeb9a1a
JH		 2765 found++;
2766 }
2767
2768 if (found == 0) {
a69e8375
JH		 2769 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2770 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2771 goto unlock;
2772 }
2773
9246a869 2774update_class:
161510cc 2775 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2776 if (!cmd) {
90e70454 2777 err = -ENOMEM;
890ea898
JH		 2778 goto unlock;
2779 }
2780
161510cc
LAD		 2781 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2782 mgmt_class_complete);
2783 if (err < 0)
2784 mgmt_pending_free(cmd);
2aeb9a1a
JH		 2785
2786unlock:
09fd0de5 2787 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2788 return err;
2789}
2790
161510cc 2791static int set_class_sync(struct hci_dev *hdev, void *data)
92da6097 2792{
161510cc
LAD		 2793 int err = 0;
2794
2795 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2796 cancel_delayed_work_sync(&hdev->service_cache);
2797 err = hci_update_eir_sync(hdev);
2798 }
2799
2800 if (err)
2801 return err;
92da6097 2802
161510cc 2803 return hci_update_class_sync(hdev);
92da6097
JH		 2804}
2805
bdb6d971 2806static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2807 u16 len)
1aff6f09 2808{
650f726d 2809 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2810 struct mgmt_pending_cmd *cmd;
1aff6f09
JH		 2811 int err;
2812
181d6953 2813 bt_dev_dbg(hdev, "sock %p", sk);
1aff6f09 2814
6203fc98 2815 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2816 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2817 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2818
0cab9c80 2819 hci_dev_lock(hdev);
ee98f473 2820
0cab9c80 2821 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2822 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2823 MGMT_STATUS_BUSY);
0cab9c80
JH		 2824 goto unlock;
2825 }
c95f0ba7 2826
0cab9c80 2827 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2828 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2829 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2830 goto unlock;
2831 }
575b3a02 2832
932f5ff5
JH		 2833 hdev->major_class = cp->major;
2834 hdev->minor_class = cp->minor;
2835
b5235a65 2836 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2837 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2838 hdev->dev_class, 3);
b5235a65
JH		 2839 goto unlock;
2840 }
2841
161510cc 2842 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2843 if (!cmd) {
90e70454 2844 err = -ENOMEM;
890ea898
JH		 2845 goto unlock;
2846 }
2847
161510cc
LAD		 2848 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2849 mgmt_class_complete);
2850 if (err < 0)
2851 mgmt_pending_free(cmd);
1aff6f09 2852
b5235a65 2853unlock:
09fd0de5 2854 hci_dev_unlock(hdev);
1aff6f09
JH		 2855 return err;
2856}
2857
bdb6d971 2858static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2859 u16 len)
55ed8ca1 2860{
650f726d 2861 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2862 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2863 sizeof(struct mgmt_link_key_info));
4e51eae9 2864 u16 key_count, expected_len;
b1de97d8 2865 bool changed;
a492cd52 2866 int i;
55ed8ca1 2867
181d6953 2868 bt_dev_dbg(hdev, "sock %p", sk);
9060d5cf
MH		 2869
2870 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2871 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2872 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2873
1f350c87 2874 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 2875 if (key_count > max_key_count) {
2064ee33
MH		 2876 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2877 key_count);
a69e8375
JH		 2878 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2879 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2880 }
55ed8ca1 2881
5bec1fb8 2882 expected_len = struct_size(cp, keys, key_count);
a492cd52 2883 if (expected_len != len) {
2064ee33
MH		 2884 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2885 expected_len, len);
a69e8375
JH		 2886 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2887 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2888 }
2889
4ae14301 2890 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2891 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2892 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2893
181d6953
MH		 2894 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2895 key_count);
55ed8ca1 2896
4ee71b20
JH		 2897 for (i = 0; i < key_count; i++) {
2898 struct mgmt_link_key_info *key = &cp->keys[i];
2899
8e991132 2900 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2901 return mgmt_cmd_status(sk, hdev->id,
2902 MGMT_OP_LOAD_LINK_KEYS,
2903 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2904 }
2905
09fd0de5 2906 hci_dev_lock(hdev);
55ed8ca1
JH		 2907
2908 hci_link_keys_clear(hdev);
2909
55ed8ca1 2910 if (cp->debug_keys)
238be788 2911 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2912 else
a69d8927
MH		 2913 changed = hci_dev_test_and_clear_flag(hdev,
2914 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2915
2916 if (changed)
2917 new_settings(hdev, NULL);
55ed8ca1 2918
a492cd52 2919 for (i = 0; i < key_count; i++) {
86742e1e 2920 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2921
600a8749
AM		 2922 if (hci_is_blocked_key(hdev,
2923 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2924 key->val)) {
2925 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2926 &key->addr.bdaddr);
2927 continue;
2928 }
2929
58e9293c
JH		 2930 /* Always ignore debug keys and require a new pairing if
2931 * the user wants to use them.
2932 */
2933 if (key->type == HCI_LK_DEBUG_COMBINATION)
2934 continue;
2935
7652ff6a
JH		 2936 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2937 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2938 }
2939
2a1afb5a 2940 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2941
09fd0de5 2942 hci_dev_unlock(hdev);
55ed8ca1 2943
a492cd52 2944 return 0;
55ed8ca1
JH		 2945}
2946
b1078ad0 2947static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2948 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2949{
2950 struct mgmt_ev_device_unpaired ev;
2951
2952 bacpy(&ev.addr.bdaddr, bdaddr);
2953 ev.addr.type = addr_type;
2954
2955 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2956 skip_sk);
b1078ad0
JH		 2957}
2958
1f7435c8
LAD		 2959static void unpair_device_complete(struct hci_dev *hdev, void *data, int err)
2960{
2961 struct mgmt_pending_cmd *cmd = data;
2962 struct mgmt_cp_unpair_device *cp = cmd->param;
2963
2964 if (!err)
2965 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
2966
2967 cmd->cmd_complete(cmd, err);
2968 mgmt_pending_free(cmd);
2969}
2970
2971static int unpair_device_sync(struct hci_dev *hdev, void *data)
2972{
2973 struct mgmt_pending_cmd *cmd = data;
2974 struct mgmt_cp_unpair_device *cp = cmd->param;
2975 struct hci_conn *conn;
2976
2977 if (cp->addr.type == BDADDR_BREDR)
2978 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2979 &cp->addr.bdaddr);
2980 else
2981 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2982 le_addr_type(cp->addr.type));
2983
2984 if (!conn)
2985 return 0;
2986
2987 return hci_abort_conn_sync(hdev, conn, HCI_ERROR_REMOTE_USER_TERM);
2988}
2989
bdb6d971 2990static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2991 u16 len)
55ed8ca1 2992{
124f6e35
JH		 2993 struct mgmt_cp_unpair_device *cp = data;
2994 struct mgmt_rp_unpair_device rp;
fc64361a 2995 struct hci_conn_params *params;
3b0602cd 2996 struct mgmt_pending_cmd *cmd;
55ed8ca1 2997 struct hci_conn *conn;
ec182f03 2998 u8 addr_type;
55ed8ca1
JH		 2999 int err;
3000
a8a1d19e 3001 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 3002 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3003 rp.addr.type = cp->addr.type;
a8a1d19e 3004
4ee71b20 3005 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3006 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3007 MGMT_STATUS_INVALID_PARAMS,
3008 &rp, sizeof(rp));
4ee71b20 3009
118da70b 3010 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 3011 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3012 MGMT_STATUS_INVALID_PARAMS,
3013 &rp, sizeof(rp));
118da70b 3014
4ee71b20
JH		 3015 hci_dev_lock(hdev);
3016
86a8cfc6 3017 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3018 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3019 MGMT_STATUS_NOT_POWERED, &rp,
3020 sizeof(rp));
86a8cfc6
JH		 3021 goto unlock;
3022 }
3023
e0b2b27e 3024 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 3025 /* If disconnection is requested, then look up the
3026 * connection. If the remote device is connected, it
3027 * will be later used to terminate the link.
3028 *
3029 * Setting it to NULL explicitly will cause no
3030 * termination of the link.
3031 */
3032 if (cp->disconnect)
3033 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3034 &cp->addr.bdaddr);
3035 else
3036 conn = NULL;
3037
124f6e35 3038 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 3039 if (err < 0) {
3040 err = mgmt_cmd_complete(sk, hdev->id,
3041 MGMT_OP_UNPAIR_DEVICE,
3042 MGMT_STATUS_NOT_PAIRED, &rp,
3043 sizeof(rp));
3044 goto unlock;
89cbb063
AA		 3045 }
3046
ec182f03 3047 goto done;
e0b2b27e 3048 }
b0dbfb46 3049
ec182f03
JH		 3050 /* LE address type */
3051 addr_type = le_addr_type(cp->addr.type);
3052
cb28c306
MK		 3053 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
3054 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 3055 if (err < 0) {
2a1afb5a
JH		 3056 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
3057 MGMT_STATUS_NOT_PAIRED, &rp,
3058 sizeof(rp));
55ed8ca1
JH		 3059 goto unlock;
3060 }
3061
ec182f03
JH		 3062 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
3063 if (!conn) {
3064 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
3065 goto done;
3066 }
3067
c81d555a 3068
ec182f03
JH		 3069 /* Defer clearing up the connection parameters until closing to
3070 * give a chance of keeping them if a repairing happens.
3071 */
3072 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
3073
fc64361a
JH		 3074 /* Disable auto-connection parameters if present */
3075 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
3076 if (params) {
3077 if (params->explicit_connect)
3078 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
3079 else
3080 params->auto_connect = HCI_AUTO_CONN_DISABLED;
3081 }
3082
ec182f03
JH		 3083 /* If disconnection is not requested, then clear the connection
3084 * variable so that the link is not terminated.
3085 */
3086 if (!cp->disconnect)
3087 conn = NULL;
3088
3089done:
89cbb063
AA		 3090 /* If the connection variable is set, then termination of the
3091 * link is requested.
3092 */
a8a1d19e 3093 if (!conn) {
2a1afb5a
JH		 3094 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
3095 &rp, sizeof(rp));
b1078ad0 3096 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 3097 goto unlock;
3098 }
55ed8ca1 3099
1f7435c8 3100 cmd = mgmt_pending_new(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 3101 sizeof(*cp));
a8a1d19e
JH		 3102 if (!cmd) {
3103 err = -ENOMEM;
3104 goto unlock;
55ed8ca1
JH		 3105 }
3106
d8b7b1e4
JH		 3107 cmd->cmd_complete = addr_cmd_complete;
3108
1f7435c8
LAD		 3109 err = hci_cmd_sync_queue(hdev, unpair_device_sync, cmd,
3110 unpair_device_complete);
a8a1d19e 3111 if (err < 0)
1f7435c8 3112 mgmt_pending_free(cmd);
a8a1d19e 3113
55ed8ca1 3114unlock:
09fd0de5 3115 hci_dev_unlock(hdev);
55ed8ca1
JH		 3116 return err;
3117}
3118
bdb6d971 3119static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3120 u16 len)
8962ee74 3121{
650f726d 3122 struct mgmt_cp_disconnect *cp = data;
06a63b19 3123 struct mgmt_rp_disconnect rp;
3b0602cd 3124 struct mgmt_pending_cmd *cmd;
8962ee74 3125 struct hci_conn *conn;
8962ee74
JH		 3126 int err;
3127
181d6953 3128 bt_dev_dbg(hdev, "sock %p", sk);
8962ee74 3129
06a63b19
JH		 3130 memset(&rp, 0, sizeof(rp));
3131 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3132 rp.addr.type = cp->addr.type;
3133
4ee71b20 3134 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3135 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3136 MGMT_STATUS_INVALID_PARAMS,
3137 &rp, sizeof(rp));
4ee71b20 3138
09fd0de5 3139 hci_dev_lock(hdev);
8962ee74
JH		 3140
3141 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 3142 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3143 MGMT_STATUS_NOT_POWERED, &rp,
3144 sizeof(rp));
8962ee74
JH		 3145 goto failed;
3146 }
3147
333ae95d 3148 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 3149 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3150 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 3151 goto failed;
3152 }
3153
591f47f3 3154 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 3155 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
3156 &cp->addr.bdaddr);
88c3df13 3157 else
9d4c1cc1
JH		 3158 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
3159 le_addr_type(cp->addr.type));
365227e5 3160
f960727e 3161 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 3162 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
3163 MGMT_STATUS_NOT_CONNECTED, &rp,
3164 sizeof(rp));
8962ee74
JH		 3165 goto failed;
3166 }
3167
2e58ef3e 3168 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 3169 if (!cmd) {
3170 err = -ENOMEM;
8962ee74 3171 goto failed;
366a0336 3172 }
8962ee74 3173
f5818c22
JH		 3174 cmd->cmd_complete = generic_cmd_complete;
3175
e3f2f92a 3176 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 3177 if (err < 0)
a664b5bc 3178 mgmt_pending_remove(cmd);
8962ee74
JH		 3179
3180failed:
09fd0de5 3181 hci_dev_unlock(hdev);
8962ee74
JH		 3182 return err;
3183}
3184
57c1477c 3185static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 3186{
3187 switch (link_type) {
3188 case LE_LINK:
48264f06
JH		 3189 switch (addr_type) {
3190 case ADDR_LE_DEV_PUBLIC:
591f47f3 3191 return BDADDR_LE_PUBLIC;
0ed09148 3192
48264f06 3193 default:
0ed09148 3194 /* Fallback to LE Random address type */
591f47f3 3195 return BDADDR_LE_RANDOM;
48264f06 3196 }
0ed09148 3197
4c659c39 3198 default:
0ed09148 3199 /* Fallback to BR/EDR type */
591f47f3 3200 return BDADDR_BREDR;
4c659c39
JH		 3201 }
3202}
3203
04124681
GP		 3204static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
3205 u16 data_len)
2784eb41 3206{
2784eb41 3207 struct mgmt_rp_get_connections *rp;
8035ded4 3208 struct hci_conn *c;
60fc5fb6
JH		 3209 int err;
3210 u16 i;
2784eb41 3211
181d6953 3212 bt_dev_dbg(hdev, "sock %p", sk);
2784eb41 3213
09fd0de5 3214 hci_dev_lock(hdev);
2784eb41 3215
5f97c1df 3216 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3217 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
3218 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3219 goto unlock;
3220 }
3221
60fc5fb6 3222 i = 0;
b644ba33
JH		 3223 list_for_each_entry(c, &hdev->conn_hash.list, list) {
3224 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 3225 i++;
2784eb41
JH		 3226 }
3227
72bb169e 3228 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
a38528f1 3229 if (!rp) {
2784eb41
JH		 3230 err = -ENOMEM;
3231 goto unlock;
3232 }
3233
2784eb41 3234 i = 0;
4c659c39 3235 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 3236 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
3237 continue;
4c659c39 3238 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 3239 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 3240 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 3241 continue;
3242 i++;
3243 }
3244
eb55ef07 3245 rp->conn_count = cpu_to_le16(i);
60fc5fb6 3246
4c659c39 3247 /* Recalculate length in case of filtered SCO connections, etc */
2a1afb5a 3248 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
72bb169e 3249 struct_size(rp, addr, i));
2784eb41 3250
a38528f1 3251 kfree(rp);
5f97c1df
JH		 3252
3253unlock:
09fd0de5 3254 hci_dev_unlock(hdev);
2784eb41
JH		 3255 return err;
3256}
3257
bdb6d971 3258static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3259 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 3260{
3b0602cd 3261 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 3262 int err;
3263
2e58ef3e 3264 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 3265 sizeof(*cp));
96d97a67
WR		 3266 if (!cmd)
3267 return -ENOMEM;
3268
dd7e39bb
AL		 3269 cmd->cmd_complete = addr_cmd_complete;
3270
d8457698 3271 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 3272 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 3273 if (err < 0)
3274 mgmt_pending_remove(cmd);
3275
3276 return err;
3277}
3278
bdb6d971 3279static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3280 u16 len)
980e1a53 3281{
96d97a67 3282 struct hci_conn *conn;
650f726d 3283 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 3284 struct hci_cp_pin_code_reply reply;
3b0602cd 3285 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 3286 int err;
3287
181d6953 3288 bt_dev_dbg(hdev, "sock %p", sk);
980e1a53 3289
09fd0de5 3290 hci_dev_lock(hdev);
980e1a53 3291
4b34ee78 3292 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3293 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3294 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 3295 goto failed;
3296 }
3297
d8457698 3298 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 3299 if (!conn) {
a69e8375
JH		 3300 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3301 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 3302 goto failed;
3303 }
3304
3305 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 3306 struct mgmt_cp_pin_code_neg_reply ncp;
3307
3308 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67 3309
2064ee33 3310 bt_dev_err(hdev, "PIN code is not 16 bytes long");
96d97a67 3311
bdb6d971 3312 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 3313 if (err >= 0)
a69e8375
JH		 3314 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
3315 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 3316
3317 goto failed;
3318 }
3319
00abfe44 3320 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 3321 if (!cmd) {
3322 err = -ENOMEM;
980e1a53 3323 goto failed;
366a0336 3324 }
980e1a53 3325
7776d1d8
JH		 3326 cmd->cmd_complete = addr_cmd_complete;
3327
d8457698 3328 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 3329 reply.pin_len = cp->pin_len;
24718ca5 3330 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 3331
3332 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
3333 if (err < 0)
a664b5bc 3334 mgmt_pending_remove(cmd);
980e1a53
JH		 3335
3336failed:
09fd0de5 3337 hci_dev_unlock(hdev);
980e1a53
JH		 3338 return err;
3339}
3340
04124681
GP		 3341static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
3342 u16 len)
17fa4b9d 3343{
650f726d 3344 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d 3345
181d6953 3346 bt_dev_dbg(hdev, "sock %p", sk);
17fa4b9d 3347
4ec86d4c 3348 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 3349 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
3350 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 3351
09fd0de5 3352 hci_dev_lock(hdev);
17fa4b9d
JH		 3353
3354 hdev->io_capability = cp->io_capability;
3355
181d6953 3356 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
17fa4b9d 3357
09fd0de5 3358 hci_dev_unlock(hdev);
17fa4b9d 3359
2a1afb5a
JH		 3360 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
3361 NULL, 0);
17fa4b9d
JH		 3362}
3363
3b0602cd 3364static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 3365{
3366 struct hci_dev *hdev = conn->hdev;
3b0602cd 3367 struct mgmt_pending_cmd *cmd;
e9a416b5 3368
2e58ef3e 3369 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 3370 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
3371 continue;
3372
e9a416b5
JH		 3373 if (cmd->user_data != conn)
3374 continue;
3375
3376 return cmd;
3377 }
3378
3379 return NULL;
3380}
3381
3b0602cd 3382static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 3383{
3384 struct mgmt_rp_pair_device rp;
3385 struct hci_conn *conn = cmd->user_data;
9df74653 3386 int err;
e9a416b5 3387
61b1a7fb
JH		 3388 bacpy(&rp.addr.bdaddr, &conn->dst);
3389 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 3390
2a1afb5a
JH		 3391 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
3392 status, &rp, sizeof(rp));
e9a416b5
JH		 3393
3394 /* So we don't get further callbacks for this connection */
3395 conn->connect_cfm_cb = NULL;
3396 conn->security_cfm_cb = NULL;
3397 conn->disconn_cfm_cb = NULL;
3398
76a68ba0 3399 hci_conn_drop(conn);
89cbb063
AA		 3400
3401 /* The device is paired so there is no need to remove
3402 * its connection parameters anymore.
3403 */
3404 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 3405
3406 hci_conn_put(conn);
9df74653
JH		 3407
3408 return err;
e9a416b5
JH		 3409}
3410
f4a407be
JH		 3411void mgmt_smp_complete(struct hci_conn *conn, bool complete)
3412{
3413 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 3414 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 3415
3416 cmd = find_pairing(conn);
a511b35b 3417 if (cmd) {
04ab2749 3418 cmd->cmd_complete(cmd, status);
a511b35b
JH		 3419 mgmt_pending_remove(cmd);
3420 }
f4a407be
JH		 3421}
3422
e9a416b5
JH		 3423static void pairing_complete_cb(struct hci_conn *conn, u8 status)
3424{
3b0602cd 3425 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3426
3427 BT_DBG("status %u", status);
3428
3429 cmd = find_pairing(conn);
a511b35b 3430 if (!cmd) {
e9a416b5 3431 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3432 return;
3433 }
3434
3435 cmd->cmd_complete(cmd, mgmt_status(status));
3436 mgmt_pending_remove(cmd);
e9a416b5
JH		 3437}
3438
f4a407be 3439static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 3440{
3b0602cd 3441 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 3442
3443 BT_DBG("status %u", status);
3444
3445 if (!status)
3446 return;
3447
3448 cmd = find_pairing(conn);
a511b35b 3449 if (!cmd) {
4c47d739 3450 BT_DBG("Unable to find a pending command");
a511b35b
JH		 3451 return;
3452 }
3453
3454 cmd->cmd_complete(cmd, mgmt_status(status));
3455 mgmt_pending_remove(cmd);
4c47d739
VA		 3456}
3457
bdb6d971 3458static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3459 u16 len)
e9a416b5 3460{
650f726d 3461 struct mgmt_cp_pair_device *cp = data;
1425acb7 3462 struct mgmt_rp_pair_device rp;
3b0602cd 3463 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 3464 u8 sec_level, auth_type;
3465 struct hci_conn *conn;
e9a416b5
JH		 3466 int err;
3467
181d6953 3468 bt_dev_dbg(hdev, "sock %p", sk);
e9a416b5 3469
f950a30e
SJ		 3470 memset(&rp, 0, sizeof(rp));
3471 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
3472 rp.addr.type = cp->addr.type;
3473
4ee71b20 3474 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 3475 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3476 MGMT_STATUS_INVALID_PARAMS,
3477 &rp, sizeof(rp));
4ee71b20 3478
4ec86d4c 3479 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 3480 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3481 MGMT_STATUS_INVALID_PARAMS,
3482 &rp, sizeof(rp));
4ec86d4c 3483
09fd0de5 3484 hci_dev_lock(hdev);
e9a416b5 3485
5f97c1df 3486 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3487 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3488 MGMT_STATUS_NOT_POWERED, &rp,
3489 sizeof(rp));
5f97c1df
JH		 3490 goto unlock;
3491 }
3492
55e76b38
JH		 3493 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
3494 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3495 MGMT_STATUS_ALREADY_PAIRED, &rp,
3496 sizeof(rp));
3497 goto unlock;
3498 }
3499
c908df36 3500 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 3501 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 3502
6f77d8c7 3503 if (cp->addr.type == BDADDR_BREDR) {
04a6c589 3504 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
76b13996 3505 auth_type, CONN_REASON_PAIR_DEVICE);
6f77d8c7 3506 } else {
85813a7e 3507 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 3508 struct hci_conn_params *p;
6f77d8c7 3509
7c264b10
MH		 3510 /* When pairing a new device, it is expected to remember
3511 * this device for future connections. Adding the connection
3512 * parameter information ahead of time allows tracking
67ffb185 3513 * of the peripheral preferred values and will speed up any
7c264b10
MH		 3514 * further connection establishment.
3515 *
3516 * If connection parameters already exist, then they
3517 * will be kept and this function does nothing.
3518 */
5157b8a5
JP		 3519 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
3520
3521 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
3522 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 3523
76b13996
MM		 3524 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
3525 sec_level, HCI_LE_CONN_TIMEOUT,
3526 CONN_REASON_PAIR_DEVICE);
6f77d8c7 3527 }
7a512d01 3528
30e76272 3529 if (IS_ERR(conn)) {
489dc48e
AK		 3530 int status;
3531
3532 if (PTR_ERR(conn) == -EBUSY)
3533 status = MGMT_STATUS_BUSY;
faa81030
LR		 3534 else if (PTR_ERR(conn) == -EOPNOTSUPP)
3535 status = MGMT_STATUS_NOT_SUPPORTED;
3536 else if (PTR_ERR(conn) == -ECONNREFUSED)
3537 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 3538 else
3539 status = MGMT_STATUS_CONNECT_FAILED;
3540
2a1afb5a
JH		 3541 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3542 status, &rp, sizeof(rp));
e9a416b5
JH		 3543 goto unlock;
3544 }
3545
3546 if (conn->connect_cfm_cb) {
76a68ba0 3547 hci_conn_drop(conn);
2a1afb5a
JH		 3548 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
3549 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 3550 goto unlock;
3551 }
3552
2e58ef3e 3553 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 3554 if (!cmd) {
3555 err = -ENOMEM;
76a68ba0 3556 hci_conn_drop(conn);
e9a416b5
JH		 3557 goto unlock;
3558 }
3559
04ab2749
JH		 3560 cmd->cmd_complete = pairing_complete;
3561
7a512d01 3562 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3563 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3564 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3565 conn->security_cfm_cb = pairing_complete_cb;
3566 conn->disconn_cfm_cb = pairing_complete_cb;
3567 } else {
3568 conn->connect_cfm_cb = le_pairing_complete_cb;
3569 conn->security_cfm_cb = le_pairing_complete_cb;
3570 conn->disconn_cfm_cb = le_pairing_complete_cb;
3571 }
7a512d01 3572
e9a416b5 3573 conn->io_capability = cp->io_cap;
f8aaf9b6 3574 cmd->user_data = hci_conn_get(conn);
e9a416b5 3575
6f78fd4b 3576 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3577 hci_conn_security(conn, sec_level, auth_type, true)) {
3578 cmd->cmd_complete(cmd, 0);
3579 mgmt_pending_remove(cmd);
3580 }
e9a416b5
JH		 3581
3582 err = 0;
3583
3584unlock:
09fd0de5 3585 hci_dev_unlock(hdev);
e9a416b5
JH		 3586 return err;
3587}
3588
04124681
GP		 3589static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3590 u16 len)
28424707 3591{
0f4e68cf 3592 struct mgmt_addr_info *addr = data;
3b0602cd 3593 struct mgmt_pending_cmd *cmd;
28424707
JH		 3594 struct hci_conn *conn;
3595 int err;
3596
181d6953 3597 bt_dev_dbg(hdev, "sock %p", sk);
28424707 3598
28424707
JH		 3599 hci_dev_lock(hdev);
3600
5f97c1df 3601 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3602 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3603 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3604 goto unlock;
3605 }
3606
333ae95d 3607 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3608 if (!cmd) {
a69e8375
JH		 3609 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3610 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3611 goto unlock;
3612 }
3613
3614 conn = cmd->user_data;
3615
3616 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3617 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3618 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3619 goto unlock;
3620 }
3621
a511b35b
JH		 3622 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3623 mgmt_pending_remove(cmd);
28424707 3624
2a1afb5a
JH		 3625 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3626 addr, sizeof(*addr));
76b13996
MM		 3627
3628 /* Since user doesn't want to proceed with the connection, abort any
3629 * ongoing pairing and then terminate the link if it was created
3630 * because of the pair device action.
3631 */
3632 if (addr->type == BDADDR_BREDR)
3633 hci_remove_link_key(hdev, &addr->bdaddr);
3634 else
3635 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3636 le_addr_type(addr->type));
3637
3638 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
a13f316e 3639 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
76b13996 3640
28424707
JH		 3641unlock:
3642 hci_dev_unlock(hdev);
28424707
JH		 3643 return err;
3644}
3645
bdb6d971 3646static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3647 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3648 u16 hci_op, __le32 passkey)
a5c29683 3649{
3b0602cd 3650 struct mgmt_pending_cmd *cmd;
0df4c185 3651 struct hci_conn *conn;
a5c29683
JH		 3652 int err;
3653
09fd0de5 3654 hci_dev_lock(hdev);
08ba5382 3655
4b34ee78 3656 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3657 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3658 MGMT_STATUS_NOT_POWERED, addr,
3659 sizeof(*addr));
0df4c185 3660 goto done;
a5c29683
JH		 3661 }
3662
1707c60e
JH		 3663 if (addr->type == BDADDR_BREDR)
3664 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3665 else
9d4c1cc1
JH		 3666 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3667 le_addr_type(addr->type));
272d90df
JH		 3668
3669 if (!conn) {
2a1afb5a
JH		 3670 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3671 MGMT_STATUS_NOT_CONNECTED, addr,
3672 sizeof(*addr));
272d90df
JH		 3673 goto done;
3674 }
47c15e2b 3675
1707c60e 3676 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3677 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3678 if (!err)
2a1afb5a
JH		 3679 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3680 MGMT_STATUS_SUCCESS, addr,
3681 sizeof(*addr));
5fe57d9e 3682 else
2a1afb5a
JH		 3683 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3684 MGMT_STATUS_FAILED, addr,
3685 sizeof(*addr));
47c15e2b 3686
47c15e2b
BG		 3687 goto done;
3688 }
3689
1707c60e 3690 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3691 if (!cmd) {
3692 err = -ENOMEM;
0df4c185 3693 goto done;
a5c29683
JH		 3694 }
3695
7776d1d8
JH		 3696 cmd->cmd_complete = addr_cmd_complete;
3697
0df4c185 3698 /* Continue with pairing via HCI */
604086b7
BG		 3699 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3700 struct hci_cp_user_passkey_reply cp;
3701
1707c60e 3702 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3703 cp.passkey = passkey;
3704 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3705 } else
1707c60e
JH		 3706 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3707 &addr->bdaddr);
604086b7 3708
a664b5bc
JH		 3709 if (err < 0)
3710 mgmt_pending_remove(cmd);
a5c29683 3711
0df4c185 3712done:
09fd0de5 3713 hci_dev_unlock(hdev);
a5c29683
JH		 3714 return err;
3715}
3716
afeb019d
JK		 3717static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3718 void *data, u16 len)
3719{
3720 struct mgmt_cp_pin_code_neg_reply *cp = data;
3721
181d6953 3722 bt_dev_dbg(hdev, "sock %p", sk);
afeb019d 3723
1707c60e 3724 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3725 MGMT_OP_PIN_CODE_NEG_REPLY,
3726 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3727}
3728
04124681
GP		 3729static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3730 u16 len)
0df4c185 3731{
650f726d 3732 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185 3733
181d6953 3734 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185
BG		 3735
3736 if (len != sizeof(*cp))
a69e8375
JH		 3737 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3738 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3739
1707c60e 3740 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3741 MGMT_OP_USER_CONFIRM_REPLY,
3742 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3743}
3744
bdb6d971 3745static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3746 void *data, u16 len)
0df4c185 3747{
c9c2659f 3748 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185 3749
181d6953 3750 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185 3751
1707c60e 3752 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3753 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3754 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3755}
3756
04124681
GP		 3757static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3758 u16 len)
604086b7 3759{
650f726d 3760 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7 3761
181d6953 3762 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3763
1707c60e 3764 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3765 MGMT_OP_USER_PASSKEY_REPLY,
3766 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3767}
3768
bdb6d971 3769static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3770 void *data, u16 len)
604086b7 3771{
650f726d 3772 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7 3773
181d6953 3774 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3775
1707c60e 3776 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3777 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3778 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3779}
3780
5e233ed5 3781static int adv_expire_sync(struct hci_dev *hdev, u32 flags)
7c295c48
MN		 3782{
3783 struct adv_info *adv_instance;
7c295c48
MN		 3784
3785 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3786 if (!adv_instance)
5e233ed5 3787 return 0;
7c295c48
MN		 3788
3789 /* stop if current instance doesn't need to be changed */
3790 if (!(adv_instance->flags & flags))
5e233ed5 3791 return 0;
7c295c48
MN		 3792
3793 cancel_adv_timeout(hdev);
3794
3795 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3796 if (!adv_instance)
5e233ed5 3797 return 0;
7c295c48 3798
5e233ed5 3799 hci_schedule_adv_instance_sync(hdev, adv_instance->instance, true);
7c295c48 3800
5e233ed5
BG		 3801 return 0;
3802}
3803
3804static int name_changed_sync(struct hci_dev *hdev, void *data)
3805{
3806 return adv_expire_sync(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
7c295c48
MN		 3807}
3808
6f6ff38a 3809static void set_name_complete(struct hci_dev *hdev, void *data, int err)
13928971 3810{
6f6ff38a
BG		 3811 struct mgmt_pending_cmd *cmd = data;
3812 struct mgmt_cp_set_local_name *cp = cmd->param;
3813 u8 status = mgmt_status(err);
13928971 3814
6f6ff38a 3815 bt_dev_dbg(hdev, "err %d", err);
13928971 3816
275f3f64
BG		 3817 if (cmd != pending_find(MGMT_OP_SET_LOCAL_NAME, hdev))
3818 return;
3819
7c295c48 3820 if (status) {
a69e8375 3821 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
6f6ff38a 3822 status);
7c295c48 3823 } else {
2a1afb5a
JH		 3824 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3825 cp, sizeof(*cp));
13928971 3826
7c295c48 3827 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5e233ed5 3828 hci_cmd_sync_queue(hdev, name_changed_sync, NULL, NULL);
7c295c48
MN		 3829 }
3830
13928971 3831 mgmt_pending_remove(cmd);
6f6ff38a 3832}
13928971 3833
6f6ff38a
BG		 3834static int set_name_sync(struct hci_dev *hdev, void *data)
3835{
3836 if (lmp_bredr_capable(hdev)) {
3837 hci_update_name_sync(hdev);
3838 hci_update_eir_sync(hdev);
3839 }
3840
3841 /* The name is stored in the scan response data and so
3842 * no need to update the advertising data here.
3843 */
3844 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
3845 hci_update_scan_rsp_data_sync(hdev, hdev->cur_adv_instance);
3846
3847 return 0;
13928971
JH		 3848}
3849
bdb6d971 3850static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3851 u16 len)
b312b161 3852{
2b4bf397 3853 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3854 struct mgmt_pending_cmd *cmd;
b312b161
JH		 3855 int err;
3856
181d6953 3857 bt_dev_dbg(hdev, "sock %p", sk);
b312b161 3858
09fd0de5 3859 hci_dev_lock(hdev);
b312b161 3860
b3f2ca94
JH		 3861 /* If the old values are the same as the new ones just return a
3862 * direct command complete event.
3863 */
3864 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3865 !memcmp(hdev->short_name, cp->short_name,
3866 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3867 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3868 data, len);
b3f2ca94
JH		 3869 goto failed;
3870 }
3871
2b4bf397 3872 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3873
b5235a65 3874 if (!hdev_is_powered(hdev)) {
2b4bf397 3875 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3876
2a1afb5a
JH		 3877 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3878 data, len);
28cc7bde
JH		 3879 if (err < 0)
3880 goto failed;
3881
5504c3a3
MH		 3882 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3883 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3884 ext_info_changed(hdev, sk);
28cc7bde 3885
b5235a65
JH		 3886 goto failed;
3887 }
3888
28cc7bde 3889 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
6f6ff38a 3890 if (!cmd)
b312b161 3891 err = -ENOMEM;
6f6ff38a
BG		 3892 else
3893 err = hci_cmd_sync_queue(hdev, set_name_sync, cmd,
3894 set_name_complete);
b312b161 3895
6f6ff38a
BG		 3896 if (err < 0) {
3897 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3898 MGMT_STATUS_FAILED);
13928971 3899
6f6ff38a
BG		 3900 if (cmd)
3901 mgmt_pending_remove(cmd);
3f985050 3902
6f6ff38a 3903 goto failed;
3f985050
JH		 3904 }
3905
6f6ff38a 3906 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
b312b161
JH		 3907
3908failed:
09fd0de5 3909 hci_dev_unlock(hdev);
b312b161
JH		 3910 return err;
3911}
3912
5e233ed5
BG		 3913static int appearance_changed_sync(struct hci_dev *hdev, void *data)
3914{
3915 return adv_expire_sync(hdev, MGMT_ADV_FLAG_APPEARANCE);
3916}
3917
c4960ecf
MN		 3918static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3919 u16 len)
3920{
3921 struct mgmt_cp_set_appearance *cp = data;
6613baba 3922 u16 appearance;
c4960ecf
MN		 3923 int err;
3924
181d6953 3925 bt_dev_dbg(hdev, "sock %p", sk);
c4960ecf 3926
af4168c5
MN		 3927 if (!lmp_le_capable(hdev))
3928 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3929 MGMT_STATUS_NOT_SUPPORTED);
3930
6613baba 3931 appearance = le16_to_cpu(cp->appearance);
c4960ecf
MN		 3932
3933 hci_dev_lock(hdev);
3934
6613baba
AM		 3935 if (hdev->appearance != appearance) {
3936 hdev->appearance = appearance;
c4960ecf
MN		 3937
3938 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
5e233ed5
BG		 3939 hci_cmd_sync_queue(hdev, appearance_changed_sync, NULL,
3940 NULL);
e74317f4
MN		 3941
3942 ext_info_changed(hdev, sk);
c4960ecf
MN		 3943 }
3944
3945 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3946 0);
3947
3948 hci_dev_unlock(hdev);
3949
3950 return err;
3951}
3952
6244691f
JK		 3953static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3954 void *data, u16 len)
3955{
35302158 3956 struct mgmt_rp_get_phy_configuration rp;
6244691f 3957
181d6953 3958 bt_dev_dbg(hdev, "sock %p", sk);
6244691f
JK		 3959
3960 hci_dev_lock(hdev);
3961
3962 memset(&rp, 0, sizeof(rp));
3963
3964 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3965 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3966 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3967
3968 hci_dev_unlock(hdev);
3969
3970 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3971 &rp, sizeof(rp));
3972}
3973
b7c23df8
JK		 3974int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3975{
3976 struct mgmt_ev_phy_configuration_changed ev;
3977
3978 memset(&ev, 0, sizeof(ev));
3979
3980 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3981
3982 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3983 sizeof(ev), skip);
3984}
3985
71efbb08 3986static void set_default_phy_complete(struct hci_dev *hdev, void *data, int err)
0314f286 3987{
71efbb08
BG		 3988 struct mgmt_pending_cmd *cmd = data;
3989 struct sk_buff *skb = cmd->skb;
3990 u8 status = mgmt_status(err);
0314f286 3991
275f3f64
BG		 3992 if (cmd != pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev))
3993 return;
3994
71efbb08
BG		 3995 if (!status) {
3996 if (!skb)
3997 status = MGMT_STATUS_FAILED;
3998 else if (IS_ERR(skb))
3999 status = mgmt_status(PTR_ERR(skb));
4000 else
4001 status = mgmt_status(skb->data[0]);
4002 }
0314f286 4003
71efbb08 4004 bt_dev_dbg(hdev, "status %d", status);
0314f286 4005
0314f286
JK		 4006 if (status) {
4007 mgmt_cmd_status(cmd->sk, hdev->id,
71efbb08 4008 MGMT_OP_SET_PHY_CONFIGURATION, status);
0314f286
JK		 4009 } else {
4010 mgmt_cmd_complete(cmd->sk, hdev->id,
4011 MGMT_OP_SET_PHY_CONFIGURATION, 0,
4012 NULL, 0);
b7c23df8
JK		 4013
4014 mgmt_phy_configuration_changed(hdev, cmd->sk);
0314f286
JK		 4015 }
4016
71efbb08
BG		 4017 if (skb && !IS_ERR(skb))
4018 kfree_skb(skb);
4019
0314f286 4020 mgmt_pending_remove(cmd);
71efbb08 4021}
0314f286 4022
71efbb08
BG		 4023static int set_default_phy_sync(struct hci_dev *hdev, void *data)
4024{
4025 struct mgmt_pending_cmd *cmd = data;
4026 struct mgmt_cp_set_phy_configuration *cp = cmd->param;
4027 struct hci_cp_le_set_default_phy cp_phy;
4028 u32 selected_phys = __le32_to_cpu(cp->selected_phys);
4029
4030 memset(&cp_phy, 0, sizeof(cp_phy));
4031
4032 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
4033 cp_phy.all_phys |= 0x01;
4034
4035 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
4036 cp_phy.all_phys |= 0x02;
4037
4038 if (selected_phys & MGMT_PHY_LE_1M_TX)
4039 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
4040
4041 if (selected_phys & MGMT_PHY_LE_2M_TX)
4042 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
4043
4044 if (selected_phys & MGMT_PHY_LE_CODED_TX)
4045 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
4046
4047 if (selected_phys & MGMT_PHY_LE_1M_RX)
4048 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
4049
4050 if (selected_phys & MGMT_PHY_LE_2M_RX)
4051 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
4052
4053 if (selected_phys & MGMT_PHY_LE_CODED_RX)
4054 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
4055
4056 cmd->skb = __hci_cmd_sync(hdev, HCI_OP_LE_SET_DEFAULT_PHY,
4057 sizeof(cp_phy), &cp_phy, HCI_CMD_TIMEOUT);
4058
4059 return 0;
0314f286
JK		 4060}
4061
4062static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
4063 void *data, u16 len)
4064{
35302158 4065 struct mgmt_cp_set_phy_configuration *cp = data;
0314f286 4066 struct mgmt_pending_cmd *cmd;
0314f286
JK		 4067 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
4068 u16 pkt_type = (HCI_DH1 | HCI_DM1);
b7c23df8 4069 bool changed = false;
0314f286
JK		 4070 int err;
4071
181d6953 4072 bt_dev_dbg(hdev, "sock %p", sk);
0314f286
JK		 4073
4074 configurable_phys = get_configurable_phys(hdev);
4075 supported_phys = get_supported_phys(hdev);
4076 selected_phys = __le32_to_cpu(cp->selected_phys);
4077
4078 if (selected_phys & ~supported_phys)
4079 return mgmt_cmd_status(sk, hdev->id,
4080 MGMT_OP_SET_PHY_CONFIGURATION,
4081 MGMT_STATUS_INVALID_PARAMS);
4082
4083 unconfigure_phys = supported_phys & ~configurable_phys;
4084
4085 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
4086 return mgmt_cmd_status(sk, hdev->id,
4087 MGMT_OP_SET_PHY_CONFIGURATION,
4088 MGMT_STATUS_INVALID_PARAMS);
4089
4090 if (selected_phys == get_selected_phys(hdev))
4091 return mgmt_cmd_complete(sk, hdev->id,
4092 MGMT_OP_SET_PHY_CONFIGURATION,
4093 0, NULL, 0);
4094
4095 hci_dev_lock(hdev);
4096
4097 if (!hdev_is_powered(hdev)) {
4098 err = mgmt_cmd_status(sk, hdev->id,
4099 MGMT_OP_SET_PHY_CONFIGURATION,
4100 MGMT_STATUS_REJECTED);
4101 goto unlock;
4102 }
4103
4104 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
4105 err = mgmt_cmd_status(sk, hdev->id,
4106 MGMT_OP_SET_PHY_CONFIGURATION,
4107 MGMT_STATUS_BUSY);
4108 goto unlock;
4109 }
4110
4111 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
4112 pkt_type |= (HCI_DH3 | HCI_DM3);
4113 else
4114 pkt_type &= ~(HCI_DH3 | HCI_DM3);
4115
4116 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
4117 pkt_type |= (HCI_DH5 | HCI_DM5);
4118 else
4119 pkt_type &= ~(HCI_DH5 | HCI_DM5);
4120
4121 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
4122 pkt_type &= ~HCI_2DH1;
4123 else
4124 pkt_type |= HCI_2DH1;
4125
4126 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
4127 pkt_type &= ~HCI_2DH3;
4128 else
4129 pkt_type |= HCI_2DH3;
4130
4131 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
4132 pkt_type &= ~HCI_2DH5;
4133 else
4134 pkt_type |= HCI_2DH5;
4135
4136 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
4137 pkt_type &= ~HCI_3DH1;
4138 else
4139 pkt_type |= HCI_3DH1;
4140
4141 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
4142 pkt_type &= ~HCI_3DH3;
4143 else
4144 pkt_type |= HCI_3DH3;
4145
4146 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
4147 pkt_type &= ~HCI_3DH5;
4148 else
4149 pkt_type |= HCI_3DH5;
4150
b7c23df8 4151 if (pkt_type != hdev->pkt_type) {
0314f286 4152 hdev->pkt_type = pkt_type;
b7c23df8
JK		 4153 changed = true;
4154 }
0314f286
JK		 4155
4156 if ((selected_phys & MGMT_PHY_LE_MASK) ==
4157 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
b7c23df8
JK		 4158 if (changed)
4159 mgmt_phy_configuration_changed(hdev, sk);
4160
0314f286
JK		 4161 err = mgmt_cmd_complete(sk, hdev->id,
4162 MGMT_OP_SET_PHY_CONFIGURATION,
4163 0, NULL, 0);
4164
4165 goto unlock;
4166 }
4167
4168 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
4169 len);
71efbb08 4170 if (!cmd)
0314f286 4171 err = -ENOMEM;
71efbb08
BG		 4172 else
4173 err = hci_cmd_sync_queue(hdev, set_default_phy_sync, cmd,
4174 set_default_phy_complete);
0314f286 4175
71efbb08
BG		 4176 if (err < 0) {
4177 err = mgmt_cmd_status(sk, hdev->id,
4178 MGMT_OP_SET_PHY_CONFIGURATION,
4179 MGMT_STATUS_FAILED);
0314f286 4180
71efbb08
BG		 4181 if (cmd)
4182 mgmt_pending_remove(cmd);
4183 }
0314f286
JK		 4184
4185unlock:
4186 hci_dev_unlock(hdev);
4187
4188 return err;
4189}
4190
600a8749
AM		 4191static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
4192 u16 len)
4193{
4194 int err = MGMT_STATUS_SUCCESS;
4195 struct mgmt_cp_set_blocked_keys *keys = data;
4196 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
4197 sizeof(struct mgmt_blocked_key_info));
4198 u16 key_count, expected_len;
4199 int i;
4200
181d6953 4201 bt_dev_dbg(hdev, "sock %p", sk);
600a8749
AM		 4202
4203 key_count = __le16_to_cpu(keys->key_count);
4204 if (key_count > max_key_count) {
4205 bt_dev_err(hdev, "too big key_count value %u", key_count);
4206 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4207 MGMT_STATUS_INVALID_PARAMS);
4208 }
4209
4210 expected_len = struct_size(keys, keys, key_count);
4211 if (expected_len != len) {
4212 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
4213 expected_len, len);
4214 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4215 MGMT_STATUS_INVALID_PARAMS);
4216 }
4217
4218 hci_dev_lock(hdev);
4219
4220 hci_blocked_keys_clear(hdev);
4221
0c793758 4222 for (i = 0; i < key_count; ++i) {
600a8749
AM		 4223 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
4224
4225 if (!b) {
4226 err = MGMT_STATUS_NO_RESOURCES;
4227 break;
4228 }
4229
4230 b->type = keys->keys[i].type;
4231 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
4232 list_add_rcu(&b->list, &hdev->blocked_keys);
4233 }
4234 hci_dev_unlock(hdev);
4235
4236 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
4237 err, NULL, 0);
4238}
4239
00bce3fb
AM		 4240static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
4241 void *data, u16 len)
4242{
4243 struct mgmt_mode *cp = data;
4244 int err;
4245 bool changed = false;
4246
181d6953 4247 bt_dev_dbg(hdev, "sock %p", sk);
00bce3fb
AM		 4248
4249 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
4250 return mgmt_cmd_status(sk, hdev->id,
4251 MGMT_OP_SET_WIDEBAND_SPEECH,
4252 MGMT_STATUS_NOT_SUPPORTED);
4253
4254 if (cp->val != 0x00 && cp->val != 0x01)
4255 return mgmt_cmd_status(sk, hdev->id,
4256 MGMT_OP_SET_WIDEBAND_SPEECH,
4257 MGMT_STATUS_INVALID_PARAMS);
4258
4259 hci_dev_lock(hdev);
4260
00bce3fb
AM		 4261 if (hdev_is_powered(hdev) &&
4262 !!cp->val != hci_dev_test_flag(hdev,
4263 HCI_WIDEBAND_SPEECH_ENABLED)) {
4264 err = mgmt_cmd_status(sk, hdev->id,
4265 MGMT_OP_SET_WIDEBAND_SPEECH,
4266 MGMT_STATUS_REJECTED);
4267 goto unlock;
4268 }
4269
4270 if (cp->val)
4271 changed = !hci_dev_test_and_set_flag(hdev,
4272 HCI_WIDEBAND_SPEECH_ENABLED);
4273 else
4274 changed = hci_dev_test_and_clear_flag(hdev,
4275 HCI_WIDEBAND_SPEECH_ENABLED);
4276
4277 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
4278 if (err < 0)
4279 goto unlock;
4280
4281 if (changed)
4282 err = new_settings(hdev, sk);
4283
4284unlock:
4285 hci_dev_unlock(hdev);
4286 return err;
4287}
4288
4d9b9528
DW		 4289static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
4290 void *data, u16 data_len)
bc292258 4291{
4d9b9528
DW		 4292 char buf[20];
4293 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
4294 u16 cap_len = 0;
bc292258 4295 u8 flags = 0;
4d9b9528 4296 u8 tx_power_range[2];
bc292258
MH		 4297
4298 bt_dev_dbg(hdev, "sock %p", sk);
4299
4300 memset(&buf, 0, sizeof(buf));
4301
4302 hci_dev_lock(hdev);
4303
4304 /* When the Read Simple Pairing Options command is supported, then
4305 * the remote public key validation is supported.
a61d6718
MH		 4306 *
4307 * Alternatively, when Microsoft extensions are available, they can
4308 * indicate support for public key validation as well.
bc292258 4309 */
a61d6718 4310 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
bc292258
MH		 4311 flags |= 0x01; /* Remote public key validation (BR/EDR) */
4312
4313 flags |= 0x02; /* Remote public key validation (LE) */
4314
4315 /* When the Read Encryption Key Size command is supported, then the
4316 * encryption key size is enforced.
4317 */
4318 if (hdev->commands[20] & 0x10)
4319 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
4320
4321 flags |= 0x08; /* Encryption key size enforcement (LE) */
4322
4d9b9528
DW		 4323 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
4324 &flags, 1);
bc292258
MH		 4325
4326 /* When the Read Simple Pairing Options command is supported, then
4327 * also max encryption key size information is provided.
4328 */
4329 if (hdev->commands[41] & 0x08)
4d9b9528
DW		 4330 cap_len = eir_append_le16(rp->cap, cap_len,
4331 MGMT_CAP_MAX_ENC_KEY_SIZE,
bc292258
MH		 4332 hdev->max_enc_key_size);
4333
4d9b9528
DW		 4334 cap_len = eir_append_le16(rp->cap, cap_len,
4335 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
4336 SMP_MAX_ENC_KEY_SIZE);
4337
4338 /* Append the min/max LE tx power parameters if we were able to fetch
4339 * it from the controller
4340 */
4341 if (hdev->commands[38] & 0x80) {
4342 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
4343 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
4344 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
4345 tx_power_range, 2);
4346 }
bc292258 4347
4d9b9528 4348 rp->cap_len = cpu_to_le16(cap_len);
bc292258
MH		 4349
4350 hci_dev_unlock(hdev);
4351
4d9b9528
DW		 4352 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
4353 rp, sizeof(*rp) + cap_len);
bc292258
MH		 4354}
4355
e625e50c
MH		 4356#ifdef CONFIG_BT_FEATURE_DEBUG
4357/* d4992530-b9ec-469f-ab01-6c481c47da1c */
4358static const u8 debug_uuid[16] = {
4359 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
4360 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
4361};
4362#endif
4363
ae7d925b
JH		 4364/* 330859bc-7506-492d-9370-9a6f0614037f */
4365static const u8 quality_report_uuid[16] = {
4366 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
4367 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
4368};
4369
ad933151
K		 4370/* a6695ace-ee7f-4fb9-881a-5fac66c629af */
4371static const u8 offload_codecs_uuid[16] = {
4372 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
4373 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
4374};
4375
15d8ce05 4376/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
76d0685b 4377static const u8 le_simultaneous_roles_uuid[16] = {
15d8ce05
AM		 4378 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
4379 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
4380};
4381
cbbdfa6f
SN		 4382/* 15c0a148-c273-11ea-b3de-0242ac130004 */
4383static const u8 rpa_resolution_uuid[16] = {
4384 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
4385 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
4386};
4387
ccf74f23
LAD		 4388/* 6fbaf188-05e0-496a-9885-d6ddfdb4e03e */
4389static const u8 iso_socket_uuid[16] = {
4390 0x3e, 0xe0, 0xb4, 0xfd, 0xdd, 0xd6, 0x85, 0x98,
4391 0x6a, 0x49, 0xe0, 0x05, 0x88, 0xf1, 0xba, 0x6f,
4392};
4393
af6bcc19
BG		 4394/* 2ce463d7-7a03-4d8d-bf05-5f24e8f36e76 */
4395static const u8 mgmt_mesh_uuid[16] = {
4396 0x76, 0x6e, 0xf3, 0xe8, 0x24, 0x5f, 0x05, 0xbf,
4397 0x8d, 0x4d, 0x03, 0x7a, 0xd7, 0x63, 0xe4, 0x2c,
4398};
4399
a10c907c
MH		 4400static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
4401 void *data, u16 data_len)
4402{
af6bcc19
BG		 4403 struct mgmt_rp_read_exp_features_info *rp;
4404 size_t len;
a10c907c 4405 u16 idx = 0;
15d8ce05 4406 u32 flags;
af6bcc19 4407 int status;
a10c907c
MH		 4408
4409 bt_dev_dbg(hdev, "sock %p", sk);
4410
af6bcc19
BG		 4411 /* Enough space for 7 features */
4412 len = sizeof(*rp) + (sizeof(rp->features[0]) * 7);
bb20da18 4413 rp = kzalloc(len, GFP_KERNEL);
af6bcc19
BG		 4414 if (!rp)
4415 return -ENOMEM;
4416
e625e50c
MH		 4417#ifdef CONFIG_BT_FEATURE_DEBUG
4418 if (!hdev) {
15d8ce05 4419 flags = bt_dbg_get() ? BIT(0) : 0;
e625e50c
MH		 4420
4421 memcpy(rp->features[idx].uuid, debug_uuid, 16);
4422 rp->features[idx].flags = cpu_to_le32(flags);
4423 idx++;
4424 }
4425#endif
4426
76d0685b
LAD		 4427 if (hdev && hci_dev_le_state_simultaneous(hdev)) {
4428 if (hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES))
15d8ce05
AM		 4429 flags = BIT(0);
4430 else
4431 flags = 0;
4432
76d0685b 4433 memcpy(rp->features[idx].uuid, le_simultaneous_roles_uuid, 16);
15d8ce05
AM		 4434 rp->features[idx].flags = cpu_to_le32(flags);
4435 idx++;
4436 }
4437
ad383c2c 4438 if (hdev && ll_privacy_capable(hdev)) {
cbbdfa6f
SN		 4439 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
4440 flags = BIT(0) | BIT(1);
4441 else
4442 flags = BIT(1);
4443
4444 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
4445 rp->features[idx].flags = cpu_to_le32(flags);
4446 idx++;
4447 }
4448
258f56d1
JH		 4449 if (hdev && (aosp_has_quality_report(hdev) ||
4450 hdev->set_quality_report)) {
823f3bc4 4451 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
ae7d925b 4452 flags = BIT(0);
823f3bc4 4453 else
ae7d925b 4454 flags = 0;
823f3bc4 4455
ae7d925b
JH		 4456 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
4457 rp->features[idx].flags = cpu_to_le32(flags);
4458 idx++;
4459 }
4460
7f7fd17e
MH		 4461 if (hdev && hdev->get_data_path_id) {
4462 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
ad933151 4463 flags = BIT(0);
7f7fd17e 4464 else
ad933151 4465 flags = 0;
7f7fd17e 4466
ad933151
K		 4467 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
4468 rp->features[idx].flags = cpu_to_le32(flags);
4469 idx++;
4470 }
4471
ccf74f23
LAD		 4472 if (IS_ENABLED(CONFIG_BT_LE)) {
4473 flags = iso_enabled() ? BIT(0) : 0;
4474 memcpy(rp->features[idx].uuid, iso_socket_uuid, 16);
4475 rp->features[idx].flags = cpu_to_le32(flags);
4476 idx++;
4477 }
4478
af6bcc19
BG		 4479 if (hdev && lmp_le_capable(hdev)) {
4480 if (hci_dev_test_flag(hdev, HCI_MESH_EXPERIMENTAL))
4481 flags = BIT(0);
4482 else
4483 flags = 0;
4484
4485 memcpy(rp->features[idx].uuid, mgmt_mesh_uuid, 16);
4486 rp->features[idx].flags = cpu_to_le32(flags);
4487 idx++;
4488 }
4489
a10c907c
MH		 4490 rp->feature_count = cpu_to_le16(idx);
4491
4492 /* After reading the experimental features information, enable
4493 * the events to update client on any future change.
4494 */
4495 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4496
af6bcc19
BG		 4497 status = mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4498 MGMT_OP_READ_EXP_FEATURES_INFO,
4499 0, rp, sizeof(*rp) + (20 * idx));
4500
4501 kfree(rp);
4502 return status;
a10c907c
MH		 4503}
4504
cbbdfa6f
SN		 4505static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
4506 struct sock *skip)
4507{
4508 struct mgmt_ev_exp_feature_changed ev;
4509
4510 memset(&ev, 0, sizeof(ev));
4511 memcpy(ev.uuid, rpa_resolution_uuid, 16);
4512 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
4513
e1cff700 4514 // Do we need to be atomic with the conn_flags?
6126ffab 4515 if (enabled && privacy_mode_capable(hdev))
e1cff700 4516 hdev->conn_flags |= HCI_CONN_FLAG_DEVICE_PRIVACY;
6126ffab 4517 else
e1cff700 4518 hdev->conn_flags &= ~HCI_CONN_FLAG_DEVICE_PRIVACY;
6126ffab 4519
cbbdfa6f
SN		 4520 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
4521 &ev, sizeof(ev),
4522 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4523
4524}
4525
76d0685b
LAD		 4526static int exp_feature_changed(struct hci_dev *hdev, const u8 *uuid,
4527 bool enabled, struct sock *skip)
ae7d925b
JH		 4528{
4529 struct mgmt_ev_exp_feature_changed ev;
4530
4531 memset(&ev, 0, sizeof(ev));
76d0685b 4532 memcpy(ev.uuid, uuid, 16);
ae7d925b
JH		 4533 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4534
b15bfa4d 4535 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
ae7d925b
JH		 4536 &ev, sizeof(ev),
4537 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4538}
4539
93fb70bc
JH		 4540#define EXP_FEAT(_uuid, _set_func) \
4541{ \
4542 .uuid = _uuid, \
4543 .set_func = _set_func, \
4544}
4545
4546/* The zero key uuid is special. Multiple exp features are set through it. */
4547static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
4548 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
a10c907c 4549{
a10c907c
MH		 4550 struct mgmt_rp_set_exp_feature rp;
4551
93fb70bc
JH		 4552 memset(rp.uuid, 0, 16);
4553 rp.flags = cpu_to_le32(0);
a10c907c 4554
e625e50c 4555#ifdef CONFIG_BT_FEATURE_DEBUG
93fb70bc
JH		 4556 if (!hdev) {
4557 bool changed = bt_dbg_get();
e625e50c 4558
93fb70bc 4559 bt_dbg_set(false);
e625e50c 4560
93fb70bc 4561 if (changed)
76d0685b 4562 exp_feature_changed(NULL, ZERO_KEY, false, sk);
93fb70bc 4563 }
e625e50c
MH		 4564#endif
4565
93fb70bc 4566 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
6f59f991 4567 bool changed;
cbbdfa6f 4568
6f59f991
LAD		 4569 changed = hci_dev_test_and_clear_flag(hdev,
4570 HCI_ENABLE_LL_PRIVACY);
93fb70bc 4571 if (changed)
76d0685b
LAD		 4572 exp_feature_changed(hdev, rpa_resolution_uuid, false,
4573 sk);
93fb70bc 4574 }
cbbdfa6f 4575
93fb70bc 4576 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
a10c907c 4577
93fb70bc
JH		 4578 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4579 MGMT_OP_SET_EXP_FEATURE, 0,
4580 &rp, sizeof(rp));
4581}
a10c907c 4582
e625e50c 4583#ifdef CONFIG_BT_FEATURE_DEBUG
93fb70bc
JH		 4584static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
4585 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4586{
4587 struct mgmt_rp_set_exp_feature rp;
e625e50c 4588
93fb70bc
JH		 4589 bool val, changed;
4590 int err;
e625e50c 4591
93fb70bc
JH		 4592 /* Command requires to use the non-controller index */
4593 if (hdev)
4594 return mgmt_cmd_status(sk, hdev->id,
4595 MGMT_OP_SET_EXP_FEATURE,
4596 MGMT_STATUS_INVALID_INDEX);
e625e50c 4597
93fb70bc
JH		 4598 /* Parameters are limited to a single octet */
4599 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4600 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4601 MGMT_OP_SET_EXP_FEATURE,
4602 MGMT_STATUS_INVALID_PARAMS);
e625e50c 4603
93fb70bc
JH		 4604 /* Only boolean on/off is supported */
4605 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4606 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4607 MGMT_OP_SET_EXP_FEATURE,
4608 MGMT_STATUS_INVALID_PARAMS);
e625e50c 4609
93fb70bc
JH		 4610 val = !!cp->param[0];
4611 changed = val ? !bt_dbg_get() : bt_dbg_get();
4612 bt_dbg_set(val);
e625e50c 4613
93fb70bc
JH		 4614 memcpy(rp.uuid, debug_uuid, 16);
4615 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
e625e50c 4616
93fb70bc 4617 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
e625e50c 4618
93fb70bc
JH		 4619 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4620 MGMT_OP_SET_EXP_FEATURE, 0,
4621 &rp, sizeof(rp));
e625e50c 4622
93fb70bc 4623 if (changed)
76d0685b 4624 exp_feature_changed(hdev, debug_uuid, val, sk);
93fb70bc
JH		 4625
4626 return err;
4627}
e625e50c
MH		 4628#endif
4629
af6bcc19
BG		 4630static int set_mgmt_mesh_func(struct sock *sk, struct hci_dev *hdev,
4631 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4632{
4633 struct mgmt_rp_set_exp_feature rp;
4634 bool val, changed;
4635 int err;
4636
4637 /* Command requires to use the controller index */
4638 if (!hdev)
4639 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4640 MGMT_OP_SET_EXP_FEATURE,
4641 MGMT_STATUS_INVALID_INDEX);
4642
af6bcc19
BG		 4643 /* Parameters are limited to a single octet */
4644 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4645 return mgmt_cmd_status(sk, hdev->id,
4646 MGMT_OP_SET_EXP_FEATURE,
4647 MGMT_STATUS_INVALID_PARAMS);
4648
4649 /* Only boolean on/off is supported */
4650 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4651 return mgmt_cmd_status(sk, hdev->id,
4652 MGMT_OP_SET_EXP_FEATURE,
4653 MGMT_STATUS_INVALID_PARAMS);
4654
4655 val = !!cp->param[0];
4656
4657 if (val) {
4658 changed = !hci_dev_test_and_set_flag(hdev,
4659 HCI_MESH_EXPERIMENTAL);
4660 } else {
4661 hci_dev_clear_flag(hdev, HCI_MESH);
4662 changed = hci_dev_test_and_clear_flag(hdev,
4663 HCI_MESH_EXPERIMENTAL);
4664 }
4665
4666 memcpy(rp.uuid, mgmt_mesh_uuid, 16);
4667 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4668
4669 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4670
4671 err = mgmt_cmd_complete(sk, hdev->id,
4672 MGMT_OP_SET_EXP_FEATURE, 0,
4673 &rp, sizeof(rp));
4674
4675 if (changed)
4676 exp_feature_changed(hdev, mgmt_mesh_uuid, val, sk);
4677
4678 return err;
4679}
4680
93fb70bc
JH		 4681static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4682 struct mgmt_cp_set_exp_feature *cp,
4683 u16 data_len)
4684{
4685 struct mgmt_rp_set_exp_feature rp;
4686 bool val, changed;
4687 int err;
4688 u32 flags;
4689
4690 /* Command requires to use the controller index */
4691 if (!hdev)
4692 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4693 MGMT_OP_SET_EXP_FEATURE,
4694 MGMT_STATUS_INVALID_INDEX);
cbbdfa6f 4695
93fb70bc
JH		 4696 /* Changes can only be made when controller is powered down */
4697 if (hdev_is_powered(hdev))
4698 return mgmt_cmd_status(sk, hdev->id,
4699 MGMT_OP_SET_EXP_FEATURE,
4700 MGMT_STATUS_REJECTED);
cbbdfa6f 4701
93fb70bc
JH		 4702 /* Parameters are limited to a single octet */
4703 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4704 return mgmt_cmd_status(sk, hdev->id,
4705 MGMT_OP_SET_EXP_FEATURE,
4706 MGMT_STATUS_INVALID_PARAMS);
cbbdfa6f 4707
93fb70bc
JH		 4708 /* Only boolean on/off is supported */
4709 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4710 return mgmt_cmd_status(sk, hdev->id,
4711 MGMT_OP_SET_EXP_FEATURE,
4712 MGMT_STATUS_INVALID_PARAMS);
cbbdfa6f 4713
93fb70bc 4714 val = !!cp->param[0];
cbbdfa6f 4715
93fb70bc 4716 if (val) {
6f59f991
LAD		 4717 changed = !hci_dev_test_and_set_flag(hdev,
4718 HCI_ENABLE_LL_PRIVACY);
93fb70bc 4719 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
cbbdfa6f 4720
93fb70bc
JH		 4721 /* Enable LL privacy + supported settings changed */
4722 flags = BIT(0) | BIT(1);
4723 } else {
6f59f991
LAD		 4724 changed = hci_dev_test_and_clear_flag(hdev,
4725 HCI_ENABLE_LL_PRIVACY);
cbbdfa6f 4726
93fb70bc
JH		 4727 /* Disable LL privacy + supported settings changed */
4728 flags = BIT(1);
4729 }
cbbdfa6f 4730
93fb70bc
JH		 4731 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4732 rp.flags = cpu_to_le32(flags);
cbbdfa6f 4733
93fb70bc 4734 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
cbbdfa6f 4735
93fb70bc
JH		 4736 err = mgmt_cmd_complete(sk, hdev->id,
4737 MGMT_OP_SET_EXP_FEATURE, 0,
4738 &rp, sizeof(rp));
cbbdfa6f 4739
93fb70bc
JH		 4740 if (changed)
4741 exp_ll_privacy_feature_changed(val, hdev, sk);
cbbdfa6f 4742
93fb70bc
JH		 4743 return err;
4744}
cbbdfa6f 4745
ae7d925b
JH		 4746static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4747 struct mgmt_cp_set_exp_feature *cp,
4748 u16 data_len)
4749{
4750 struct mgmt_rp_set_exp_feature rp;
4751 bool val, changed;
4752 int err;
4753
4754 /* Command requires to use a valid controller index */
4755 if (!hdev)
4756 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4757 MGMT_OP_SET_EXP_FEATURE,
4758 MGMT_STATUS_INVALID_INDEX);
4759
4760 /* Parameters are limited to a single octet */
4761 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4762 return mgmt_cmd_status(sk, hdev->id,
4763 MGMT_OP_SET_EXP_FEATURE,
4764 MGMT_STATUS_INVALID_PARAMS);
4765
4766 /* Only boolean on/off is supported */
4767 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4768 return mgmt_cmd_status(sk, hdev->id,
4769 MGMT_OP_SET_EXP_FEATURE,
4770 MGMT_STATUS_INVALID_PARAMS);
4771
4772 hci_req_sync_lock(hdev);
4773
4774 val = !!cp->param[0];
4775 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4776
258f56d1 4777 if (!aosp_has_quality_report(hdev) && !hdev->set_quality_report) {
ae7d925b
JH		 4778 err = mgmt_cmd_status(sk, hdev->id,
4779 MGMT_OP_SET_EXP_FEATURE,
4780 MGMT_STATUS_NOT_SUPPORTED);
4781 goto unlock_quality_report;
4782 }
4783
4784 if (changed) {
258f56d1
JH		 4785 if (hdev->set_quality_report)
4786 err = hdev->set_quality_report(hdev, val);
4787 else
4788 err = aosp_set_quality_report(hdev, val);
4789
ae7d925b
JH		 4790 if (err) {
4791 err = mgmt_cmd_status(sk, hdev->id,
4792 MGMT_OP_SET_EXP_FEATURE,
4793 MGMT_STATUS_FAILED);
4794 goto unlock_quality_report;
4795 }
258f56d1 4796
ae7d925b
JH		 4797 if (val)
4798 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4799 else
4800 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4801 }
4802
4803 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4804
4805 memcpy(rp.uuid, quality_report_uuid, 16);
4806 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4807 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
258f56d1
JH		 4808
4809 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_EXP_FEATURE, 0,
ae7d925b
JH		 4810 &rp, sizeof(rp));
4811
4812 if (changed)
76d0685b 4813 exp_feature_changed(hdev, quality_report_uuid, val, sk);
ae7d925b
JH		 4814
4815unlock_quality_report:
4816 hci_req_sync_unlock(hdev);
4817 return err;
4818}
4819
ad933151
K		 4820static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4821 struct mgmt_cp_set_exp_feature *cp,
4822 u16 data_len)
4823{
4824 bool val, changed;
4825 int err;
4826 struct mgmt_rp_set_exp_feature rp;
4827
4828 /* Command requires to use a valid controller index */
4829 if (!hdev)
4830 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4831 MGMT_OP_SET_EXP_FEATURE,
4832 MGMT_STATUS_INVALID_INDEX);
4833
4834 /* Parameters are limited to a single octet */
4835 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4836 return mgmt_cmd_status(sk, hdev->id,
4837 MGMT_OP_SET_EXP_FEATURE,
4838 MGMT_STATUS_INVALID_PARAMS);
4839
4840 /* Only boolean on/off is supported */
4841 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4842 return mgmt_cmd_status(sk, hdev->id,
4843 MGMT_OP_SET_EXP_FEATURE,
4844 MGMT_STATUS_INVALID_PARAMS);
4845
4846 val = !!cp->param[0];
4847 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4848
4849 if (!hdev->get_data_path_id) {
4850 return mgmt_cmd_status(sk, hdev->id,
4851 MGMT_OP_SET_EXP_FEATURE,
4852 MGMT_STATUS_NOT_SUPPORTED);
4853 }
4854
4855 if (changed) {
4856 if (val)
4857 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4858 else
4859 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4860 }
4861
4862 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4863 val, changed);
4864
4865 memcpy(rp.uuid, offload_codecs_uuid, 16);
4866 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4867 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4868 err = mgmt_cmd_complete(sk, hdev->id,
4869 MGMT_OP_SET_EXP_FEATURE, 0,
4870 &rp, sizeof(rp));
4871
4872 if (changed)
76d0685b
LAD		 4873 exp_feature_changed(hdev, offload_codecs_uuid, val, sk);
4874
4875 return err;
4876}
4877
4878static int set_le_simultaneous_roles_func(struct sock *sk, struct hci_dev *hdev,
4879 struct mgmt_cp_set_exp_feature *cp,
4880 u16 data_len)
4881{
4882 bool val, changed;
4883 int err;
4884 struct mgmt_rp_set_exp_feature rp;
4885
4886 /* Command requires to use a valid controller index */
4887 if (!hdev)
4888 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4889 MGMT_OP_SET_EXP_FEATURE,
4890 MGMT_STATUS_INVALID_INDEX);
4891
4892 /* Parameters are limited to a single octet */
4893 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4894 return mgmt_cmd_status(sk, hdev->id,
4895 MGMT_OP_SET_EXP_FEATURE,
4896 MGMT_STATUS_INVALID_PARAMS);
4897
4898 /* Only boolean on/off is supported */
4899 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4900 return mgmt_cmd_status(sk, hdev->id,
4901 MGMT_OP_SET_EXP_FEATURE,
4902 MGMT_STATUS_INVALID_PARAMS);
4903
4904 val = !!cp->param[0];
4905 changed = (val != hci_dev_test_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES));
4906
4907 if (!hci_dev_le_state_simultaneous(hdev)) {
4908 return mgmt_cmd_status(sk, hdev->id,
4909 MGMT_OP_SET_EXP_FEATURE,
4910 MGMT_STATUS_NOT_SUPPORTED);
4911 }
4912
4913 if (changed) {
4914 if (val)
4915 hci_dev_set_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4916 else
4917 hci_dev_clear_flag(hdev, HCI_LE_SIMULTANEOUS_ROLES);
4918 }
4919
5d1dd2e5 4920 bt_dev_info(hdev, "LE simultaneous roles enable %d changed %d",
76d0685b
LAD		 4921 val, changed);
4922
4923 memcpy(rp.uuid, le_simultaneous_roles_uuid, 16);
4924 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4925 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4926 err = mgmt_cmd_complete(sk, hdev->id,
4927 MGMT_OP_SET_EXP_FEATURE, 0,
4928 &rp, sizeof(rp));
4929
4930 if (changed)
4931 exp_feature_changed(hdev, le_simultaneous_roles_uuid, val, sk);
ad933151
K		 4932
4933 return err;
4934}
4935
ccf74f23
LAD		 4936#ifdef CONFIG_BT_LE
4937static int set_iso_socket_func(struct sock *sk, struct hci_dev *hdev,
4938 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
4939{
4940 struct mgmt_rp_set_exp_feature rp;
4941 bool val, changed = false;
4942 int err;
4943
4944 /* Command requires to use the non-controller index */
4945 if (hdev)
4946 return mgmt_cmd_status(sk, hdev->id,
4947 MGMT_OP_SET_EXP_FEATURE,
4948 MGMT_STATUS_INVALID_INDEX);
4949
4950 /* Parameters are limited to a single octet */
4951 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4952 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4953 MGMT_OP_SET_EXP_FEATURE,
4954 MGMT_STATUS_INVALID_PARAMS);
4955
4956 /* Only boolean on/off is supported */
4957 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4958 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4959 MGMT_OP_SET_EXP_FEATURE,
4960 MGMT_STATUS_INVALID_PARAMS);
4961
4962 val = cp->param[0] ? true : false;
4963 if (val)
4964 err = iso_init();
4965 else
4966 err = iso_exit();
4967
4968 if (!err)
4969 changed = true;
4970
4971 memcpy(rp.uuid, iso_socket_uuid, 16);
4972 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4973
4974 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4975
4976 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4977 MGMT_OP_SET_EXP_FEATURE, 0,
4978 &rp, sizeof(rp));
4979
4980 if (changed)
4981 exp_feature_changed(hdev, iso_socket_uuid, val, sk);
4982
4983 return err;
4984}
4985#endif
4986
93fb70bc
JH		 4987static const struct mgmt_exp_feature {
4988 const u8 *uuid;
4989 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4990 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4991} exp_features[] = {
4992 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4993#ifdef CONFIG_BT_FEATURE_DEBUG
4994 EXP_FEAT(debug_uuid, set_debug_func),
4995#endif
af6bcc19 4996 EXP_FEAT(mgmt_mesh_uuid, set_mgmt_mesh_func),
93fb70bc 4997 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
ae7d925b 4998 EXP_FEAT(quality_report_uuid, set_quality_report_func),
ad933151 4999 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
76d0685b 5000 EXP_FEAT(le_simultaneous_roles_uuid, set_le_simultaneous_roles_func),
ccf74f23
LAD		 5001#ifdef CONFIG_BT_LE
5002 EXP_FEAT(iso_socket_uuid, set_iso_socket_func),
5003#endif
93fb70bc
JH		 5004
5005 /* end with a null feature */
5006 EXP_FEAT(NULL, NULL)
5007};
5008
5009static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
5010 void *data, u16 data_len)
5011{
5012 struct mgmt_cp_set_exp_feature *cp = data;
5013 size_t i = 0;
5014
5015 bt_dev_dbg(hdev, "sock %p", sk);
5016
5017 for (i = 0; exp_features[i].uuid; i++) {
5018 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
5019 return exp_features[i].set_func(sk, hdev, cp, data_len);
cbbdfa6f
SN		 5020 }
5021
a10c907c
MH		 5022 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
5023 MGMT_OP_SET_EXP_FEATURE,
5024 MGMT_STATUS_NOT_SUPPORTED);
5025}
5026
529d4492
LAD		 5027static u32 get_params_flags(struct hci_dev *hdev,
5028 struct hci_conn_params *params)
5029{
5030 u32 flags = hdev->conn_flags;
5031
5032 /* Devices using RPAs can only be programmed in the acceptlist if
5033 * LL Privacy has been enable otherwise they cannot mark
5034 * HCI_CONN_FLAG_REMOTE_WAKEUP.
5035 */
5036 if ((flags & HCI_CONN_FLAG_REMOTE_WAKEUP) && !use_ll_privacy(hdev) &&
5037 hci_find_irk_by_addr(hdev, &params->addr, params->addr_type))
5038 flags &= ~HCI_CONN_FLAG_REMOTE_WAKEUP;
5039
5040 return flags;
5041}
5042
4c54bf2b
APS		 5043static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5044 u16 data_len)
5045{
5046 struct mgmt_cp_get_device_flags *cp = data;
5047 struct mgmt_rp_get_device_flags rp;
5048 struct bdaddr_list_with_flags *br_params;
5049 struct hci_conn_params *params;
fe92ee64 5050 u32 supported_flags;
4c54bf2b
APS		 5051 u32 current_flags = 0;
5052 u8 status = MGMT_STATUS_INVALID_PARAMS;
5053
5054 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
5055 &cp->addr.bdaddr, cp->addr.type);
5056
3ca33e3f
APS		 5057 hci_dev_lock(hdev);
5058
e1cff700 5059 supported_flags = hdev->conn_flags;
fe92ee64 5060
02ce2c2c
THJA		 5061 memset(&rp, 0, sizeof(rp));
5062
4c54bf2b 5063 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 5064 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4c54bf2b
APS		 5065 &cp->addr.bdaddr,
5066 cp->addr.type);
5067 if (!br_params)
5068 goto done;
5069
e1cff700 5070 current_flags = br_params->flags;
4c54bf2b
APS		 5071 } else {
5072 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5073 le_addr_type(cp->addr.type));
4c54bf2b
APS		 5074 if (!params)
5075 goto done;
5076
529d4492 5077 supported_flags = get_params_flags(hdev, params);
e1cff700 5078 current_flags = params->flags;
4c54bf2b
APS		 5079 }
5080
5081 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
5082 rp.addr.type = cp->addr.type;
5083 rp.supported_flags = cpu_to_le32(supported_flags);
5084 rp.current_flags = cpu_to_le32(current_flags);
5085
5086 status = MGMT_STATUS_SUCCESS;
5087
5088done:
3ca33e3f
APS		 5089 hci_dev_unlock(hdev);
5090
4c54bf2b
APS		 5091 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
5092 &rp, sizeof(rp));
5093}
5094
5095static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
5096 bdaddr_t *bdaddr, u8 bdaddr_type,
5097 u32 supported_flags, u32 current_flags)
5098{
5099 struct mgmt_ev_device_flags_changed ev;
5100
5101 bacpy(&ev.addr.bdaddr, bdaddr);
5102 ev.addr.type = bdaddr_type;
5103 ev.supported_flags = cpu_to_le32(supported_flags);
5104 ev.current_flags = cpu_to_le32(current_flags);
5105
5106 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
5107}
5108
5109static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
5110 u16 len)
5111{
5112 struct mgmt_cp_set_device_flags *cp = data;
5113 struct bdaddr_list_with_flags *br_params;
5114 struct hci_conn_params *params;
5115 u8 status = MGMT_STATUS_INVALID_PARAMS;
fe92ee64 5116 u32 supported_flags;
4c54bf2b
APS		 5117 u32 current_flags = __le32_to_cpu(cp->current_flags);
5118
5119 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
0c793758 5120 &cp->addr.bdaddr, cp->addr.type, current_flags);
4c54bf2b 5121
e1cff700
LT		 5122 // We should take hci_dev_lock() early, I think.. conn_flags can change
5123 supported_flags = hdev->conn_flags;
fe92ee64 5124
4c54bf2b
APS		 5125 if ((supported_flags | current_flags) != supported_flags) {
5126 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5127 current_flags, supported_flags);
5128 goto done;
5129 }
5130
3ca33e3f
APS		 5131 hci_dev_lock(hdev);
5132
4c54bf2b 5133 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 5134 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4c54bf2b
APS		 5135 &cp->addr.bdaddr,
5136 cp->addr.type);
5137
5138 if (br_params) {
e1cff700 5139 br_params->flags = current_flags;
4c54bf2b
APS		 5140 status = MGMT_STATUS_SUCCESS;
5141 } else {
5142 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
5143 &cp->addr.bdaddr, cp->addr.type);
5144 }
a9a34765 5145
529d4492
LAD		 5146 goto unlock;
5147 }
6126ffab 5148
529d4492
LAD		 5149 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
5150 le_addr_type(cp->addr.type));
5151 if (!params) {
5152 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
5153 &cp->addr.bdaddr, le_addr_type(cp->addr.type));
5154 goto unlock;
5155 }
5156
5157 supported_flags = get_params_flags(hdev, params);
5158
5159 if ((supported_flags | current_flags) != supported_flags) {
5160 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
5161 current_flags, supported_flags);
5162 goto unlock;
4c54bf2b
APS		 5163 }
5164
195ef75e 5165 WRITE_ONCE(params->flags, current_flags);
529d4492
LAD		 5166 status = MGMT_STATUS_SUCCESS;
5167
5168 /* Update passive scan if HCI_CONN_FLAG_DEVICE_PRIVACY
5169 * has been set.
5170 */
5171 if (params->flags & HCI_CONN_FLAG_DEVICE_PRIVACY)
5172 hci_update_passive_scan(hdev);
5173
a9a34765 5174unlock:
3ca33e3f
APS		 5175 hci_dev_unlock(hdev);
5176
815d5121 5177done:
4c54bf2b
APS		 5178 if (status == MGMT_STATUS_SUCCESS)
5179 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
5180 supported_flags, current_flags);
5181
5182 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
5183 &cp->addr, sizeof(cp->addr));
5184}
5185
b52729f2
MC		 5186static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
5187 u16 handle)
5188{
5189 struct mgmt_ev_adv_monitor_added ev;
5190
5191 ev.monitor_handle = cpu_to_le16(handle);
5192
5193 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
5194}
5195
66bd095a 5196void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
cdde92e2 5197{
66bd095a
AP		 5198 struct mgmt_ev_adv_monitor_removed ev;
5199 struct mgmt_pending_cmd *cmd;
5200 struct sock *sk_skip = NULL;
5201 struct mgmt_cp_remove_adv_monitor *cp;
5202
5203 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
5204 if (cmd) {
5205 cp = cmd->param;
5206
5207 if (cp->monitor_handle)
5208 sk_skip = cmd->sk;
5209 }
cdde92e2
MC		 5210
5211 ev.monitor_handle = cpu_to_le16(handle);
5212
66bd095a 5213 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
cdde92e2
MC		 5214}
5215
e5e1e7fd
MC		 5216static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
5217 void *data, u16 len)
5218{
5219 struct adv_monitor *monitor = NULL;
5220 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
cafd472a 5221 int handle, err;
e5e1e7fd
MC		 5222 size_t rp_size = 0;
5223 __u32 supported = 0;
a2a4dedf 5224 __u32 enabled = 0;
e5e1e7fd
MC		 5225 __u16 num_handles = 0;
5226 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
5227
5228 BT_DBG("request for %s", hdev->name);
5229
5230 hci_dev_lock(hdev);
5231
a2a4dedf 5232 if (msft_monitor_supported(hdev))
e5e1e7fd
MC		 5233 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
5234
a2a4dedf 5235 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
e5e1e7fd 5236 handles[num_handles++] = monitor->handle;
e5e1e7fd
MC		 5237
5238 hci_dev_unlock(hdev);
5239
5240 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
5241 rp = kmalloc(rp_size, GFP_KERNEL);
5242 if (!rp)
5243 return -ENOMEM;
5244
a2a4dedf
AP		 5245 /* All supported features are currently enabled */
5246 enabled = supported;
5247
e5e1e7fd 5248 rp->supported_features = cpu_to_le32(supported);
a2a4dedf 5249 rp->enabled_features = cpu_to_le32(enabled);
e5e1e7fd
MC		 5250 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
5251 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
5252 rp->num_handles = cpu_to_le16(num_handles);
5253 if (num_handles)
5254 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
5255
cafd472a
PY		 5256 err = mgmt_cmd_complete(sk, hdev->id,
5257 MGMT_OP_READ_ADV_MONITOR_FEATURES,
5258 MGMT_STATUS_SUCCESS, rp, rp_size);
5259
5260 kfree(rp);
5261
5262 return err;
e5e1e7fd
MC		 5263}
5264
b747a836
MM		 5265static void mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev,
5266 void *data, int status)
a2a4dedf
AP		 5267{
5268 struct mgmt_rp_add_adv_patterns_monitor rp;
b747a836
MM		 5269 struct mgmt_pending_cmd *cmd = data;
5270 struct adv_monitor *monitor = cmd->user_data;
a2a4dedf
AP		 5271
5272 hci_dev_lock(hdev);
5273
a2a4dedf
AP		 5274 rp.monitor_handle = cpu_to_le16(monitor->handle);
5275
5276 if (!status) {
5277 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
5278 hdev->adv_monitors_cnt++;
5279 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
5280 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5bee2fd6 5281 hci_update_passive_scan(hdev);
a2a4dedf
AP		 5282 }
5283
b747a836
MM		 5284 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5285 mgmt_status(status), &rp, sizeof(rp));
a2a4dedf
AP		 5286 mgmt_pending_remove(cmd);
5287
a2a4dedf 5288 hci_dev_unlock(hdev);
b747a836 5289 bt_dev_dbg(hdev, "add monitor %d complete, status %d",
a2a4dedf 5290 rp.monitor_handle, status);
b747a836 5291}
a2a4dedf 5292
b747a836
MM		 5293static int mgmt_add_adv_patterns_monitor_sync(struct hci_dev *hdev, void *data)
5294{
5295 struct mgmt_pending_cmd *cmd = data;
5296 struct adv_monitor *monitor = cmd->user_data;
5297
5298 return hci_add_adv_monitor(hdev, monitor);
a2a4dedf
AP		 5299}
5300
b4a221ea 5301static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
a2a4dedf
AP		 5302 struct adv_monitor *m, u8 status,
5303 void *data, u16 len, u16 op)
b139553d 5304{
a2a4dedf 5305 struct mgmt_pending_cmd *cmd;
b4a221ea 5306 int err;
a2a4dedf
AP		 5307
5308 hci_dev_lock(hdev);
b139553d 5309
b4a221ea 5310 if (status)
a2a4dedf 5311 goto unlock;
b139553d 5312
a2a4dedf
AP		 5313 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5314 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5315 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
5316 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
5317 status = MGMT_STATUS_BUSY;
5318 goto unlock;
5319 }
b139553d 5320
a2a4dedf
AP		 5321 cmd = mgmt_pending_add(sk, op, hdev, data, len);
5322 if (!cmd) {
5323 status = MGMT_STATUS_NO_RESOURCES;
5324 goto unlock;
5325 }
b52729f2 5326
b1810feb 5327 cmd->user_data = m;
b747a836
MM		 5328 err = hci_cmd_sync_queue(hdev, mgmt_add_adv_patterns_monitor_sync, cmd,
5329 mgmt_add_adv_patterns_monitor_complete);
b139553d 5330 if (err) {
b747a836 5331 if (err == -ENOMEM)
b4a221ea
AP		 5332 status = MGMT_STATUS_NO_RESOURCES;
5333 else
5334 status = MGMT_STATUS_FAILED;
5335
b139553d
MC		 5336 goto unlock;
5337 }
5338
a2a4dedf 5339 hci_dev_unlock(hdev);
b139553d 5340
a2a4dedf 5341 return 0;
b139553d
MC		 5342
5343unlock:
66bd095a 5344 hci_free_adv_monitor(hdev, m);
b139553d 5345 hci_dev_unlock(hdev);
b4a221ea
AP		 5346 return mgmt_cmd_status(sk, hdev->id, op, status);
5347}
5348
5349static void parse_adv_monitor_rssi(struct adv_monitor *m,
5350 struct mgmt_adv_rssi_thresholds *rssi)
5351{
5352 if (rssi) {
5353 m->rssi.low_threshold = rssi->low_threshold;
5354 m->rssi.low_threshold_timeout =
5355 __le16_to_cpu(rssi->low_threshold_timeout);
5356 m->rssi.high_threshold = rssi->high_threshold;
5357 m->rssi.high_threshold_timeout =
5358 __le16_to_cpu(rssi->high_threshold_timeout);
5359 m->rssi.sampling_period = rssi->sampling_period;
5360 } else {
5361 /* Default values. These numbers are the least constricting
5362 * parameters for MSFT API to work, so it behaves as if there
5363 * are no rssi parameter to consider. May need to be changed
5364 * if other API are to be supported.
5365 */
5366 m->rssi.low_threshold = -127;
5367 m->rssi.low_threshold_timeout = 60;
5368 m->rssi.high_threshold = -127;
5369 m->rssi.high_threshold_timeout = 0;
5370 m->rssi.sampling_period = 0;
5371 }
5372}
5373
5374static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
5375 struct mgmt_adv_pattern *patterns)
5376{
5377 u8 offset = 0, length = 0;
5378 struct adv_pattern *p = NULL;
b4a221ea
AP		 5379 int i;
5380
5381 for (i = 0; i < pattern_count; i++) {
b4a221ea
AP		 5382 offset = patterns[i].offset;
5383 length = patterns[i].length;
5384 if (offset >= HCI_MAX_AD_LENGTH ||
5385 length > HCI_MAX_AD_LENGTH ||
5386 (offset + length) > HCI_MAX_AD_LENGTH)
5387 return MGMT_STATUS_INVALID_PARAMS;
5388
5389 p = kmalloc(sizeof(*p), GFP_KERNEL);
5390 if (!p)
5391 return MGMT_STATUS_NO_RESOURCES;
5392
5393 p->ad_type = patterns[i].ad_type;
5394 p->offset = patterns[i].offset;
5395 p->length = patterns[i].length;
5396 memcpy(p->value, patterns[i].value, p->length);
5397
5398 INIT_LIST_HEAD(&p->list);
5399 list_add(&p->list, &m->patterns);
5400 }
5401
b4a221ea
AP		 5402 return MGMT_STATUS_SUCCESS;
5403}
5404
5405static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
5406 void *data, u16 len)
5407{
5408 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
5409 struct adv_monitor *m = NULL;
5410 u8 status = MGMT_STATUS_SUCCESS;
5411 size_t expected_size = sizeof(*cp);
5412
5413 BT_DBG("request for %s", hdev->name);
5414
5415 if (len <= sizeof(*cp)) {
5416 status = MGMT_STATUS_INVALID_PARAMS;
5417 goto done;
5418 }
5419
5420 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5421 if (len != expected_size) {
5422 status = MGMT_STATUS_INVALID_PARAMS;
5423 goto done;
5424 }
5425
5426 m = kzalloc(sizeof(*m), GFP_KERNEL);
5427 if (!m) {
5428 status = MGMT_STATUS_NO_RESOURCES;
5429 goto done;
5430 }
5431
5432 INIT_LIST_HEAD(&m->patterns);
5433
5434 parse_adv_monitor_rssi(m, NULL);
5435 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5436
5437done:
a2a4dedf 5438 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
b4a221ea
AP		 5439 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
5440}
5441
5442static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
5443 void *data, u16 len)
5444{
5445 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
5446 struct adv_monitor *m = NULL;
5447 u8 status = MGMT_STATUS_SUCCESS;
5448 size_t expected_size = sizeof(*cp);
5449
5450 BT_DBG("request for %s", hdev->name);
5451
5452 if (len <= sizeof(*cp)) {
5453 status = MGMT_STATUS_INVALID_PARAMS;
5454 goto done;
5455 }
5456
5457 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
5458 if (len != expected_size) {
5459 status = MGMT_STATUS_INVALID_PARAMS;
5460 goto done;
5461 }
5462
5463 m = kzalloc(sizeof(*m), GFP_KERNEL);
5464 if (!m) {
5465 status = MGMT_STATUS_NO_RESOURCES;
5466 goto done;
5467 }
5468
5469 INIT_LIST_HEAD(&m->patterns);
5470
5471 parse_adv_monitor_rssi(m, &cp->rssi);
5472 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
5473
5474done:
a2a4dedf 5475 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
b4a221ea 5476 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
b139553d
MC		 5477}
5478
7cf5c297
MM		 5479static void mgmt_remove_adv_monitor_complete(struct hci_dev *hdev,
5480 void *data, int status)
66bd095a
AP		 5481{
5482 struct mgmt_rp_remove_adv_monitor rp;
7cf5c297
MM		 5483 struct mgmt_pending_cmd *cmd = data;
5484 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
66bd095a
AP		 5485
5486 hci_dev_lock(hdev);
5487
66bd095a
AP		 5488 rp.monitor_handle = cp->monitor_handle;
5489
5490 if (!status)
5bee2fd6 5491 hci_update_passive_scan(hdev);
66bd095a 5492
7cf5c297
MM		 5493 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
5494 mgmt_status(status), &rp, sizeof(rp));
66bd095a
AP		 5495 mgmt_pending_remove(cmd);
5496
66bd095a 5497 hci_dev_unlock(hdev);
7cf5c297 5498 bt_dev_dbg(hdev, "remove monitor %d complete, status %d",
66bd095a 5499 rp.monitor_handle, status);
7cf5c297 5500}
66bd095a 5501
7cf5c297
MM		 5502static int mgmt_remove_adv_monitor_sync(struct hci_dev *hdev, void *data)
5503{
5504 struct mgmt_pending_cmd *cmd = data;
5505 struct mgmt_cp_remove_adv_monitor *cp = cmd->param;
5506 u16 handle = __le16_to_cpu(cp->monitor_handle);
5507
5508 if (!handle)
5509 return hci_remove_all_adv_monitor(hdev);
5510
5511 return hci_remove_single_adv_monitor(hdev, handle);
66bd095a
AP		 5512}
5513
bd2fbc6c
MC		 5514static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
5515 void *data, u16 len)
5516{
66bd095a 5517 struct mgmt_pending_cmd *cmd;
66bd095a 5518 int err, status;
bd2fbc6c
MC		 5519
5520 hci_dev_lock(hdev);
5521
66bd095a
AP		 5522 if (pending_find(MGMT_OP_SET_LE, hdev) ||
5523 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
5524 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
5525 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
5526 status = MGMT_STATUS_BUSY;
5527 goto unlock;
5528 }
bd2fbc6c 5529
66bd095a
AP		 5530 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
5531 if (!cmd) {
5532 status = MGMT_STATUS_NO_RESOURCES;
bd2fbc6c
MC		 5533 goto unlock;
5534 }
5535
7cf5c297
MM		 5536 err = hci_cmd_sync_queue(hdev, mgmt_remove_adv_monitor_sync, cmd,
5537 mgmt_remove_adv_monitor_complete);
cdde92e2 5538
66bd095a
AP		 5539 if (err) {
5540 mgmt_pending_remove(cmd);
bd2fbc6c 5541
7cf5c297
MM		 5542 if (err == -ENOMEM)
5543 status = MGMT_STATUS_NO_RESOURCES;
66bd095a
AP		 5544 else
5545 status = MGMT_STATUS_FAILED;
5546
7cf5c297 5547 goto unlock;
66bd095a 5548 }
bd2fbc6c 5549
66bd095a 5550 hci_dev_unlock(hdev);
7cf5c297 5551
66bd095a 5552 return 0;
bd2fbc6c
MC		 5553
5554unlock:
5555 hci_dev_unlock(hdev);
66bd095a
AP		 5556 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
5557 status);
bd2fbc6c
MC		 5558}
5559
f892244b 5560static void read_local_oob_data_complete(struct hci_dev *hdev, void *data, int err)
1b9441f8
JH		 5561{
5562 struct mgmt_rp_read_local_oob_data mgmt_rp;
5563 size_t rp_size = sizeof(mgmt_rp);
f892244b
BG		 5564 struct mgmt_pending_cmd *cmd = data;
5565 struct sk_buff *skb = cmd->skb;
5566 u8 status = mgmt_status(err);
1b9441f8 5567
f892244b
BG		 5568 if (!status) {
5569 if (!skb)
5570 status = MGMT_STATUS_FAILED;
5571 else if (IS_ERR(skb))
5572 status = mgmt_status(PTR_ERR(skb));
5573 else
5574 status = mgmt_status(skb->data[0]);
5575 }
1b9441f8 5576
f892244b 5577 bt_dev_dbg(hdev, "status %d", status);
1b9441f8 5578
f892244b
BG		 5579 if (status) {
5580 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA, status);
1b9441f8
JH		 5581 goto remove;
5582 }
5583
5584 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
5585
f892244b 5586 if (!bredr_sc_enabled(hdev)) {
1b9441f8
JH		 5587 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
5588
5589 if (skb->len < sizeof(*rp)) {
5590 mgmt_cmd_status(cmd->sk, hdev->id,
5591 MGMT_OP_READ_LOCAL_OOB_DATA,
5592 MGMT_STATUS_FAILED);
5593 goto remove;
5594 }
5595
5596 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
5597 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
5598
5599 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
5600 } else {
5601 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
5602
5603 if (skb->len < sizeof(*rp)) {
5604 mgmt_cmd_status(cmd->sk, hdev->id,
5605 MGMT_OP_READ_LOCAL_OOB_DATA,
5606 MGMT_STATUS_FAILED);
5607 goto remove;
5608 }
5609
5610 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
5611 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
5612
5613 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
5614 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
5615 }
5616
5617 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5618 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
5619
5620remove:
f892244b
BG		 5621 if (skb && !IS_ERR(skb))
5622 kfree_skb(skb);
5623
5624 mgmt_pending_free(cmd);
5625}
5626
5627static int read_local_oob_data_sync(struct hci_dev *hdev, void *data)
5628{
5629 struct mgmt_pending_cmd *cmd = data;
5630
5631 if (bredr_sc_enabled(hdev))
5632 cmd->skb = hci_read_local_oob_data_sync(hdev, true, cmd->sk);
5633 else
5634 cmd->skb = hci_read_local_oob_data_sync(hdev, false, cmd->sk);
5635
5636 if (IS_ERR(cmd->skb))
5637 return PTR_ERR(cmd->skb);
5638 else
5639 return 0;
1b9441f8
JH		 5640}
5641
0f4e68cf 5642static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 5643 void *data, u16 data_len)
c35938b2 5644{
3b0602cd 5645 struct mgmt_pending_cmd *cmd;
c35938b2
SJ		 5646 int err;
5647
181d6953 5648 bt_dev_dbg(hdev, "sock %p", sk);
c35938b2 5649
09fd0de5 5650 hci_dev_lock(hdev);
c35938b2 5651
4b34ee78 5652 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 5653 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5654 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 5655 goto unlock;
5656 }
5657
9a1a1996 5658 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 5659 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5660 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 5661 goto unlock;
5662 }
5663
f892244b
BG		 5664 cmd = mgmt_pending_new(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
5665 if (!cmd)
c35938b2 5666 err = -ENOMEM;
4d2d2796 5667 else
f892244b
BG		 5668 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
5669 read_local_oob_data_complete);
4d2d2796 5670
f892244b
BG		 5671 if (err < 0) {
5672 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
5673 MGMT_STATUS_FAILED);
5674
5675 if (cmd)
5676 mgmt_pending_free(cmd);
5677 }
c35938b2
SJ		 5678
5679unlock:
09fd0de5 5680 hci_dev_unlock(hdev);
c35938b2
SJ		 5681 return err;
5682}
5683
bdb6d971 5684static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 5685 void *data, u16 len)
2763eda6 5686{
5d57e796 5687 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 5688 int err;
5689
181d6953 5690 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 5691
5d57e796 5692 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 5693 return mgmt_cmd_complete(sk, hdev->id,
5694 MGMT_OP_ADD_REMOTE_OOB_DATA,
5695 MGMT_STATUS_INVALID_PARAMS,
5696 addr, sizeof(*addr));
5d57e796 5697
09fd0de5 5698 hci_dev_lock(hdev);
2763eda6 5699
ec109113
MH		 5700 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
5701 struct mgmt_cp_add_remote_oob_data *cp = data;
5702 u8 status;
bf1e3541 5703
c19a495c 5704 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 5705 err = mgmt_cmd_complete(sk, hdev->id,
5706 MGMT_OP_ADD_REMOTE_OOB_DATA,
5707 MGMT_STATUS_INVALID_PARAMS,
5708 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 5709 goto unlock;
5710 }
5711
ec109113 5712 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 5713 cp->addr.type, cp->hash,
5714 cp->rand, NULL, NULL);
ec109113
MH		 5715 if (err < 0)
5716 status = MGMT_STATUS_FAILED;
5717 else
5718 status = MGMT_STATUS_SUCCESS;
5719
2a1afb5a
JH		 5720 err = mgmt_cmd_complete(sk, hdev->id,
5721 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
5722 &cp->addr, sizeof(cp->addr));
ec109113
MH		 5723 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
5724 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 5725 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 5726 u8 status;
5727
86df9200 5728 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 5729 /* Enforce zero-valued 192-bit parameters as
5730 * long as legacy SMP OOB isn't implemented.
5731 */
5732 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
5733 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 5734 err = mgmt_cmd_complete(sk, hdev->id,
5735 MGMT_OP_ADD_REMOTE_OOB_DATA,
5736 MGMT_STATUS_INVALID_PARAMS,
5737 addr, sizeof(*addr));
d25b78e2
JH		 5738 goto unlock;
5739 }
5740
86df9200
JH		 5741 rand192 = NULL;
5742 hash192 = NULL;
5743 } else {
41bcfd50
MH		 5744 /* In case one of the P-192 values is set to zero,
5745 * then just disable OOB data for P-192.
5746 */
5747 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
5748 !memcmp(cp->hash192, ZERO_KEY, 16)) {
5749 rand192 = NULL;
5750 hash192 = NULL;
5751 } else {
5752 rand192 = cp->rand192;
5753 hash192 = cp->hash192;
5754 }
5755 }
5756
5757 /* In case one of the P-256 values is set to zero, then just
5758 * disable OOB data for P-256.
5759 */
5760 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
5761 !memcmp(cp->hash256, ZERO_KEY, 16)) {
5762 rand256 = NULL;
5763 hash256 = NULL;
5764 } else {
5765 rand256 = cp->rand256;
5766 hash256 = cp->hash256;
86df9200
JH		 5767 }
5768
81328d5c 5769 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 5770 cp->addr.type, hash192, rand192,
41bcfd50 5771 hash256, rand256);
ec109113
MH		 5772 if (err < 0)
5773 status = MGMT_STATUS_FAILED;
5774 else
5775 status = MGMT_STATUS_SUCCESS;
5776
2a1afb5a
JH		 5777 err = mgmt_cmd_complete(sk, hdev->id,
5778 MGMT_OP_ADD_REMOTE_OOB_DATA,
5779 status, &cp->addr, sizeof(cp->addr));
ec109113 5780 } else {
2064ee33
MH		 5781 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5782 len);
a69e8375
JH		 5783 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5784 MGMT_STATUS_INVALID_PARAMS);
ec109113 5785 }
2763eda6 5786
c19a495c 5787unlock:
09fd0de5 5788 hci_dev_unlock(hdev);
2763eda6
SJ		 5789 return err;
5790}
5791
bdb6d971 5792static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 5793 void *data, u16 len)
2763eda6 5794{
650f726d 5795 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 5796 u8 status;
2763eda6
SJ		 5797 int err;
5798
181d6953 5799 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 5800
c19a495c 5801 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5802 return mgmt_cmd_complete(sk, hdev->id,
5803 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5804 MGMT_STATUS_INVALID_PARAMS,
5805 &cp->addr, sizeof(cp->addr));
c19a495c 5806
09fd0de5 5807 hci_dev_lock(hdev);
2763eda6 5808
eedbd581
JH		 5809 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5810 hci_remote_oob_data_clear(hdev);
5811 status = MGMT_STATUS_SUCCESS;
5812 goto done;
5813 }
5814
6928a924 5815 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 5816 if (err < 0)
bf1e3541 5817 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 5818 else
a6785be2 5819 status = MGMT_STATUS_SUCCESS;
bf1e3541 5820
eedbd581 5821done:
2a1afb5a
JH		 5822 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5823 status, &cp->addr, sizeof(cp->addr));
2763eda6 5824
09fd0de5 5825 hci_dev_unlock(hdev);
2763eda6
SJ		 5826 return err;
5827}
5828
e68f072b 5829void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 5830{
3b0602cd 5831 struct mgmt_pending_cmd *cmd;
ae55f598 5832
85d67284 5833 bt_dev_dbg(hdev, "status %u", status);
7c307720 5834
11e6e25d 5835 hci_dev_lock(hdev);
41dc2bd6 5836
333ae95d 5837 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 5838 if (!cmd)
333ae95d 5839 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 5840
78b781ca
JH		 5841 if (!cmd)
5842 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5843
11e6e25d 5844 if (cmd) {
2922a94f 5845 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 5846 mgmt_pending_remove(cmd);
5847 }
7c307720 5848
11e6e25d 5849 hci_dev_unlock(hdev);
7c307720
AG		 5850}
5851
591752af
JH		 5852static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5853 uint8_t *mgmt_status)
5854{
5855 switch (type) {
5856 case DISCOV_TYPE_LE:
5857 *mgmt_status = mgmt_le_support(hdev);
5858 if (*mgmt_status)
5859 return false;
5860 break;
5861 case DISCOV_TYPE_INTERLEAVED:
5862 *mgmt_status = mgmt_le_support(hdev);
5863 if (*mgmt_status)
5864 return false;
19186c7b 5865 fallthrough;
591752af
JH		 5866 case DISCOV_TYPE_BREDR:
5867 *mgmt_status = mgmt_bredr_support(hdev);
5868 if (*mgmt_status)
5869 return false;
5870 break;
5871 default:
5872 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5873 return false;
5874 }
5875
5876 return true;
5877}
5878
abfeea47
LAD		 5879static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5880{
5881 struct mgmt_pending_cmd *cmd = data;
5882
275f3f64
BG		 5883 if (cmd != pending_find(MGMT_OP_START_DISCOVERY, hdev) &&
5884 cmd != pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev) &&
5885 cmd != pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev))
5886 return;
5887
abfeea47
LAD		 5888 bt_dev_dbg(hdev, "err %d", err);
5889
5890 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5891 cmd->param, 1);
275f3f64 5892 mgmt_pending_remove(cmd);
abfeea47 5893
182ee45d 5894 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED:
abfeea47
LAD		 5895 DISCOVERY_FINDING);
5896}
5897
5898static int start_discovery_sync(struct hci_dev *hdev, void *data)
5899{
5900 return hci_start_discovery_sync(hdev);
5901}
5902
78b781ca
JH		 5903static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5904 u16 op, void *data, u16 len)
14a53664 5905{
650f726d 5906 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 5907 struct mgmt_pending_cmd *cmd;
8019044d 5908 u8 status;
14a53664
JH		 5909 int err;
5910
181d6953 5911 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 5912
09fd0de5 5913 hci_dev_lock(hdev);
14a53664 5914
4b34ee78 5915 if (!hdev_is_powered(hdev)) {
78b781ca 5916 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 5917 MGMT_STATUS_NOT_POWERED,
5918 &cp->type, sizeof(cp->type));
bd2d1334
JH		 5919 goto failed;
5920 }
5921
f5a969f2 5922 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 5923 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 5924 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5925 &cp->type, sizeof(cp->type));
642be6c7
AG		 5926 goto failed;
5927 }
5928
591752af 5929 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 5930 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5931 &cp->type, sizeof(cp->type));
591752af
JH		 5932 goto failed;
5933 }
5934
4867bd00
APS		 5935 /* Can't start discovery when it is paused */
5936 if (hdev->discovery_paused) {
5937 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5938 &cp->type, sizeof(cp->type));
5939 goto failed;
5940 }
5941
22078800
MH		 5942 /* Clear the discovery filter first to free any previously
5943 * allocated memory for the UUID list.
5944 */
5945 hci_discovery_filter_clear(hdev);
5946
4aab14e5 5947 hdev->discovery.type = cp->type;
da25cf6a 5948 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 5949 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5950 hdev->discovery.limited = true;
5951 else
5952 hdev->discovery.limited = false;
4aab14e5 5953
275f3f64 5954 cmd = mgmt_pending_add(sk, op, hdev, data, len);
e68f072b
JH		 5955 if (!cmd) {
5956 err = -ENOMEM;
04106755 5957 goto failed;
f39799f5 5958 }
04106755 5959
abfeea47
LAD		 5960 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5961 start_discovery_complete);
5962 if (err < 0) {
275f3f64 5963 mgmt_pending_remove(cmd);
abfeea47
LAD		 5964 goto failed;
5965 }
7c307720 5966
f5a969f2 5967 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 5968
14a53664 5969failed:
09fd0de5 5970 hci_dev_unlock(hdev);
14a53664
JH		 5971 return err;
5972}
f39799f5 5973
78b781ca
JH		 5974static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5975 void *data, u16 len)
5976{
5977 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5978 data, len);
5979}
5980
5981static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5982 void *data, u16 len)
5983{
5984 return start_discovery_internal(sk, hdev,
5985 MGMT_OP_START_LIMITED_DISCOVERY,
5986 data, len);
5987}
5988
66ea9427
JP		 5989static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5990 void *data, u16 len)
5991{
5992 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 5993 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 5994 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5995 u16 uuid_count, expected_len;
5996 u8 status;
5997 int err;
04106755 5998
181d6953 5999 bt_dev_dbg(hdev, "sock %p", sk);
e8bb6b97 6000
66ea9427 6001 hci_dev_lock(hdev);
7c307720 6002
66ea9427 6003 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 6004 err = mgmt_cmd_complete(sk, hdev->id,
6005 MGMT_OP_START_SERVICE_DISCOVERY,
6006 MGMT_STATUS_NOT_POWERED,
6007 &cp->type, sizeof(cp->type));
66ea9427
JP		 6008 goto failed;
6009 }
7c307720 6010
66ea9427 6011 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 6012 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
36211f7f
APS		 6013 err = mgmt_cmd_complete(sk, hdev->id,
6014 MGMT_OP_START_SERVICE_DISCOVERY,
6015 MGMT_STATUS_BUSY, &cp->type,
6016 sizeof(cp->type));
6017 goto failed;
6018 }
6019
6020 if (hdev->discovery_paused) {
2a1afb5a
JH		 6021 err = mgmt_cmd_complete(sk, hdev->id,
6022 MGMT_OP_START_SERVICE_DISCOVERY,
6023 MGMT_STATUS_BUSY, &cp->type,
6024 sizeof(cp->type));
66ea9427
JP		 6025 goto failed;
6026 }
d9483943 6027
66ea9427
JP		 6028 uuid_count = __le16_to_cpu(cp->uuid_count);
6029 if (uuid_count > max_uuid_count) {
2064ee33
MH		 6030 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
6031 uuid_count);
2a1afb5a
JH		 6032 err = mgmt_cmd_complete(sk, hdev->id,
6033 MGMT_OP_START_SERVICE_DISCOVERY,
6034 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6035 sizeof(cp->type));
66ea9427
JP		 6036 goto failed;
6037 }
6038
6039 expected_len = sizeof(*cp) + uuid_count * 16;
6040 if (expected_len != len) {
2064ee33
MH		 6041 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
6042 expected_len, len);
2a1afb5a
JH		 6043 err = mgmt_cmd_complete(sk, hdev->id,
6044 MGMT_OP_START_SERVICE_DISCOVERY,
6045 MGMT_STATUS_INVALID_PARAMS, &cp->type,
6046 sizeof(cp->type));
66ea9427
JP		 6047 goto failed;
6048 }
6049
591752af
JH		 6050 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
6051 err = mgmt_cmd_complete(sk, hdev->id,
6052 MGMT_OP_START_SERVICE_DISCOVERY,
6053 status, &cp->type, sizeof(cp->type));
6054 goto failed;
6055 }
6056
275f3f64 6057 cmd = mgmt_pending_add(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 6058 hdev, data, len);
66ea9427
JP		 6059 if (!cmd) {
6060 err = -ENOMEM;
6061 goto failed;
6062 }
6063
22078800
MH		 6064 /* Clear the discovery filter first to free any previously
6065 * allocated memory for the UUID list.
6066 */
6067 hci_discovery_filter_clear(hdev);
6068
82f8b651 6069 hdev->discovery.result_filtering = true;
66ea9427
JP		 6070 hdev->discovery.type = cp->type;
6071 hdev->discovery.rssi = cp->rssi;
6072 hdev->discovery.uuid_count = uuid_count;
6073
6074 if (uuid_count > 0) {
6075 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
6076 GFP_KERNEL);
6077 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 6078 err = mgmt_cmd_complete(sk, hdev->id,
6079 MGMT_OP_START_SERVICE_DISCOVERY,
6080 MGMT_STATUS_FAILED,
6081 &cp->type, sizeof(cp->type));
d9483943
JH		 6082 mgmt_pending_remove(cmd);
6083 goto failed;
6084 }
66ea9427 6085 }
d9483943 6086
abfeea47
LAD		 6087 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
6088 start_discovery_complete);
6089 if (err < 0) {
275f3f64 6090 mgmt_pending_remove(cmd);
abfeea47
LAD		 6091 goto failed;
6092 }
6093
66ea9427 6094 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 6095
6096failed:
09fd0de5 6097 hci_dev_unlock(hdev);
14a53664
JH		 6098 return err;
6099}
6100
2154d3f4 6101void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 6102{
3b0602cd 6103 struct mgmt_pending_cmd *cmd;
1183fdca 6104
85d67284 6105 bt_dev_dbg(hdev, "status %u", status);
0e05bba6
AG		 6106
6107 hci_dev_lock(hdev);
6108
333ae95d 6109 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 6110 if (cmd) {
2922a94f 6111 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 6112 mgmt_pending_remove(cmd);
0e05bba6
AG		 6113 }
6114
0e05bba6
AG		 6115 hci_dev_unlock(hdev);
6116}
6117
abfeea47
LAD		 6118static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
6119{
6120 struct mgmt_pending_cmd *cmd = data;
6121
275f3f64
BG		 6122 if (cmd != pending_find(MGMT_OP_STOP_DISCOVERY, hdev))
6123 return;
6124
abfeea47
LAD		 6125 bt_dev_dbg(hdev, "err %d", err);
6126
6127 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
6128 cmd->param, 1);
275f3f64 6129 mgmt_pending_remove(cmd);
abfeea47 6130
abfeea47
LAD		 6131 if (!err)
6132 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
6133}
6134
6135static int stop_discovery_sync(struct hci_dev *hdev, void *data)
6136{
6137 return hci_stop_discovery_sync(hdev);
6138}
6139
bdb6d971 6140static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 6141 u16 len)
14a53664 6142{
d930650b 6143 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 6144 struct mgmt_pending_cmd *cmd;
14a53664
JH		 6145 int err;
6146
181d6953 6147 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 6148
09fd0de5 6149 hci_dev_lock(hdev);
14a53664 6150
30dc78e1 6151 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 6152 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6153 MGMT_STATUS_REJECTED, &mgmt_cp->type,
6154 sizeof(mgmt_cp->type));
d930650b
JH		 6155 goto unlock;
6156 }
6157
6158 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 6159 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
6160 MGMT_STATUS_INVALID_PARAMS,
6161 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 6162 goto unlock;
ff9ef578
JH		 6163 }
6164
275f3f64 6165 cmd = mgmt_pending_add(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 6166 if (!cmd) {
6167 err = -ENOMEM;
30dc78e1
JH		 6168 goto unlock;
6169 }
6170
abfeea47
LAD		 6171 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
6172 stop_discovery_complete);
6173 if (err < 0) {
275f3f64 6174 mgmt_pending_remove(cmd);
abfeea47
LAD		 6175 goto unlock;
6176 }
2922a94f 6177
2154d3f4 6178 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 6179
30dc78e1 6180unlock:
09fd0de5 6181 hci_dev_unlock(hdev);
14a53664
JH		 6182 return err;
6183}
6184
bdb6d971 6185static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 6186 u16 len)
561aafbc 6187{
650f726d 6188 struct mgmt_cp_confirm_name *cp = data;
561aafbc 6189 struct inquiry_entry *e;
561aafbc
JH		 6190 int err;
6191
181d6953 6192 bt_dev_dbg(hdev, "sock %p", sk);
561aafbc 6193
561aafbc
JH		 6194 hci_dev_lock(hdev);
6195
30dc78e1 6196 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 6197 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6198 MGMT_STATUS_FAILED, &cp->addr,
6199 sizeof(cp->addr));
30dc78e1
JH		 6200 goto failed;
6201 }
6202
a198e7b1 6203 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 6204 if (!e) {
2a1afb5a
JH		 6205 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
6206 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
6207 sizeof(cp->addr));
561aafbc
JH		 6208 goto failed;
6209 }
6210
6211 if (cp->name_known) {
6212 e->name_state = NAME_KNOWN;
6213 list_del(&e->list);
6214 } else {
6215 e->name_state = NAME_NEEDED;
a3d4e20a 6216 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 6217 }
6218
2a1afb5a
JH		 6219 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
6220 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 6221
6222failed:
6223 hci_dev_unlock(hdev);
561aafbc
JH		 6224 return err;
6225}
6226
bdb6d971 6227static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 6228 u16 len)
7fbec224 6229{
650f726d 6230 struct mgmt_cp_block_device *cp = data;
f0eeea8b 6231 u8 status;
7fbec224
AJ		 6232 int err;
6233
181d6953 6234 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 6235
4ee71b20 6236 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 6237 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
6238 MGMT_STATUS_INVALID_PARAMS,
6239 &cp->addr, sizeof(cp->addr));
4ee71b20 6240
09fd0de5 6241 hci_dev_lock(hdev);
5e762444 6242
3d4f9c00 6243 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
dcc36c16 6244 cp->addr.type);
2a8357f2 6245 if (err < 0) {
f0eeea8b 6246 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 6247 goto done;
6248 }
6249
6250 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6251 sk);
6252 status = MGMT_STATUS_SUCCESS;
f0eeea8b 6253
2a8357f2 6254done:
2a1afb5a
JH		 6255 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
6256 &cp->addr, sizeof(cp->addr));
5e762444 6257
09fd0de5 6258 hci_dev_unlock(hdev);
7fbec224
AJ		 6259
6260 return err;
6261}
6262
bdb6d971 6263static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 6264 u16 len)
7fbec224 6265{
650f726d 6266 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 6267 u8 status;
7fbec224
AJ		 6268 int err;
6269
181d6953 6270 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 6271
4ee71b20 6272 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 6273 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
6274 MGMT_STATUS_INVALID_PARAMS,
6275 &cp->addr, sizeof(cp->addr));
4ee71b20 6276
09fd0de5 6277 hci_dev_lock(hdev);
5e762444 6278
3d4f9c00 6279 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
dcc36c16 6280 cp->addr.type);
2a8357f2 6281 if (err < 0) {
f0eeea8b 6282 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 6283 goto done;
6284 }
6285
6286 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
6287 sk);
6288 status = MGMT_STATUS_SUCCESS;
f0eeea8b 6289
2a8357f2 6290done:
2a1afb5a
JH		 6291 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
6292 &cp->addr, sizeof(cp->addr));
5e762444 6293
09fd0de5 6294 hci_dev_unlock(hdev);
7fbec224
AJ		 6295
6296 return err;
6297}
6298
161510cc
LAD		 6299static int set_device_id_sync(struct hci_dev *hdev, void *data)
6300{
6301 return hci_update_eir_sync(hdev);
6302}
6303
cdbaccca
MH		 6304static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
6305 u16 len)
6306{
6307 struct mgmt_cp_set_device_id *cp = data;
6308 int err;
c72d4b8a 6309 __u16 source;
cdbaccca 6310
181d6953 6311 bt_dev_dbg(hdev, "sock %p", sk);
cdbaccca 6312
c72d4b8a
SJ		 6313 source = __le16_to_cpu(cp->source);
6314
6315 if (source > 0x0002)
a69e8375
JH		 6316 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
6317 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 6318
cdbaccca
MH		 6319 hci_dev_lock(hdev);
6320
c72d4b8a 6321 hdev->devid_source = source;
cdbaccca
MH		 6322 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
6323 hdev->devid_product = __le16_to_cpu(cp->product);
6324 hdev->devid_version = __le16_to_cpu(cp->version);
6325
2a1afb5a
JH		 6326 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
6327 NULL, 0);
cdbaccca 6328
161510cc 6329 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
cdbaccca
MH		 6330
6331 hci_dev_unlock(hdev);
6332
6333 return err;
6334}
6335
26ac4c56 6336static void enable_advertising_instance(struct hci_dev *hdev, int err)
24b4f38f 6337{
26ac4c56
BG		 6338 if (err)
6339 bt_dev_err(hdev, "failed to re-configure advertising %d", err);
6340 else
6341 bt_dev_dbg(hdev, "status %d", err);
24b4f38f
AU		 6342}
6343
26ac4c56 6344static void set_advertising_complete(struct hci_dev *hdev, void *data, int err)
4375f103
JH		 6345{
6346 struct cmd_lookup match = { NULL, hdev };
7816b820
FG		 6347 u8 instance;
6348 struct adv_info *adv_instance;
26ac4c56 6349 u8 status = mgmt_status(err);
3ad67582 6350
4375f103 6351 if (status) {
4375f103 6352 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
26ac4c56
BG		 6353 cmd_status_rsp, &status);
6354 return;
4375f103
JH		 6355 }
6356
d7a5a11d 6357 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 6358 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 6359 else
a358dc11 6360 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 6361
4375f103
JH		 6362 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
6363 &match);
6364
6365 new_settings(hdev, match.sk);
6366
6367 if (match.sk)
6368 sock_put(match.sk);
3ad67582 6369
24b4f38f 6370 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 6371 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 6372 */
6373 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 6374 list_empty(&hdev->adv_instances))
26ac4c56 6375 return;
24b4f38f 6376
7816b820
FG		 6377 instance = hdev->cur_adv_instance;
6378 if (!instance) {
6379 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
6380 struct adv_info, list);
6381 if (!adv_instance)
26ac4c56 6382 return;
7816b820
FG		 6383
6384 instance = adv_instance->instance;
6385 }
6386
26ac4c56 6387 err = hci_schedule_adv_instance_sync(hdev, instance, true);
24b4f38f 6388
26ac4c56
BG		 6389 enable_advertising_instance(hdev, err);
6390}
7816b820 6391
26ac4c56
BG		 6392static int set_adv_sync(struct hci_dev *hdev, void *data)
6393{
6394 struct mgmt_pending_cmd *cmd = data;
6395 struct mgmt_mode *cp = cmd->param;
6396 u8 val = !!cp->val;
24b4f38f 6397
26ac4c56
BG		 6398 if (cp->val == 0x02)
6399 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
6400 else
6401 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
24b4f38f 6402
26ac4c56
BG		 6403 cancel_adv_timeout(hdev);
6404
6405 if (val) {
6406 /* Switch to instance "0" for the Set Advertising setting.
6407 * We cannot use update_[adv|scan_rsp]_data() here as the
6408 * HCI_ADVERTISING flag is not yet set.
6409 */
6410 hdev->cur_adv_instance = 0x00;
6411
6412 if (ext_adv_capable(hdev)) {
6413 hci_start_ext_adv_sync(hdev, 0x00);
6414 } else {
6415 hci_update_adv_data_sync(hdev, 0x00);
6416 hci_update_scan_rsp_data_sync(hdev, 0x00);
6417 hci_enable_advertising_sync(hdev);
6418 }
6419 } else {
6420 hci_disable_advertising_sync(hdev);
6421 }
6422
6423 return 0;
4375f103
JH		 6424}
6425
21b5187f
MH		 6426static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
6427 u16 len)
4375f103
JH		 6428{
6429 struct mgmt_mode *cp = data;
3b0602cd 6430 struct mgmt_pending_cmd *cmd;
cc91cb04 6431 u8 val, status;
4375f103
JH		 6432 int err;
6433
181d6953 6434 bt_dev_dbg(hdev, "sock %p", sk);
4375f103 6435
e6fe7986
JH		 6436 status = mgmt_le_support(hdev);
6437 if (status)
a69e8375
JH		 6438 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6439 status);
4375f103 6440
cc91cb04 6441 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 6442 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6443 MGMT_STATUS_INVALID_PARAMS);
4375f103 6444
4867bd00
APS		 6445 if (hdev->advertising_paused)
6446 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6447 MGMT_STATUS_BUSY);
6448
4375f103
JH		 6449 hci_dev_lock(hdev);
6450
6451 val = !!cp->val;
4375f103 6452
f74ca9b8
JH		 6453 /* The following conditions are ones which mean that we should
6454 * not do any HCI communication but directly send a mgmt
6455 * response to user space (after toggling the flag if
6456 * necessary).
6457 */
cc91cb04 6458 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 6459 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
6460 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
b338d917 6461 hci_dev_test_flag(hdev, HCI_MESH) ||
e8bb6b97 6462 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 6463 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 6464 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 6465 bool changed;
4375f103 6466
cc91cb04 6467 if (cp->val) {
cab054ab 6468 hdev->cur_adv_instance = 0x00;
238be788 6469 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 6470 if (cp->val == 0x02)
a1536da2 6471 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 6472 else
a358dc11 6473 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 6474 } else {
a69d8927 6475 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 6476 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 6477 }
6478
6479 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
6480 if (err < 0)
6481 goto unlock;
6482
6483 if (changed)
6484 err = new_settings(hdev, sk);
6485
6486 goto unlock;
6487 }
6488
333ae95d
JH		 6489 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
6490 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 6491 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
6492 MGMT_STATUS_BUSY);
4375f103
JH		 6493 goto unlock;
6494 }
6495
6496 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
26ac4c56 6497 if (!cmd)
4375f103 6498 err = -ENOMEM;
cc91cb04 6499 else
26ac4c56
BG		 6500 err = hci_cmd_sync_queue(hdev, set_adv_sync, cmd,
6501 set_advertising_complete);
de181e88 6502
26ac4c56 6503 if (err < 0 && cmd)
4375f103
JH		 6504 mgmt_pending_remove(cmd);
6505
6506unlock:
6507 hci_dev_unlock(hdev);
6508 return err;
6509}
6510
d13eafce
MH		 6511static int set_static_address(struct sock *sk, struct hci_dev *hdev,
6512 void *data, u16 len)
6513{
6514 struct mgmt_cp_set_static_address *cp = data;
6515 int err;
6516
181d6953 6517 bt_dev_dbg(hdev, "sock %p", sk);
d13eafce 6518
62af4443 6519 if (!lmp_le_capable(hdev))
a69e8375
JH		 6520 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6521 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 6522
6523 if (hdev_is_powered(hdev))
a69e8375
JH		 6524 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
6525 MGMT_STATUS_REJECTED);
d13eafce
MH		 6526
6527 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
6528 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 6529 return mgmt_cmd_status(sk, hdev->id,
6530 MGMT_OP_SET_STATIC_ADDRESS,
6531 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 6532
6533 /* Two most significant bits shall be set */
6534 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 6535 return mgmt_cmd_status(sk, hdev->id,
6536 MGMT_OP_SET_STATIC_ADDRESS,
6537 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 6538 }
6539
6540 hci_dev_lock(hdev);
6541
6542 bacpy(&hdev->static_addr, &cp->bdaddr);
6543
93690c22
MH		 6544 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
6545 if (err < 0)
6546 goto unlock;
6547
6548 err = new_settings(hdev, sk);
d13eafce 6549
93690c22 6550unlock:
d13eafce 6551 hci_dev_unlock(hdev);
d13eafce
MH		 6552 return err;
6553}
6554
14b49b9a
MH		 6555static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
6556 void *data, u16 len)
6557{
6558 struct mgmt_cp_set_scan_params *cp = data;
6559 __u16 interval, window;
6560 int err;
6561
181d6953 6562 bt_dev_dbg(hdev, "sock %p", sk);
14b49b9a
MH		 6563
6564 if (!lmp_le_capable(hdev))
a69e8375
JH		 6565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6566 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 6567
6568 interval = __le16_to_cpu(cp->interval);
6569
6570 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 6571 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6572 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 6573
6574 window = __le16_to_cpu(cp->window);
6575
6576 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 6577 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6578 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 6579
899e1075 6580 if (window > interval)
a69e8375
JH		 6581 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
6582 MGMT_STATUS_INVALID_PARAMS);
899e1075 6583
14b49b9a
MH		 6584 hci_dev_lock(hdev);
6585
6586 hdev->le_scan_interval = interval;
6587 hdev->le_scan_window = window;
6588
2a1afb5a
JH		 6589 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
6590 NULL, 0);
14b49b9a 6591
dd2ef8e2
AG		 6592 /* If background scan is running, restart it so new parameters are
6593 * loaded.
6594 */
d7a5a11d 6595 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
abfeea47
LAD		 6596 hdev->discovery.state == DISCOVERY_STOPPED)
6597 hci_update_passive_scan(hdev);
dd2ef8e2 6598
14b49b9a
MH		 6599 hci_dev_unlock(hdev);
6600
6601 return err;
6602}
6603
353a0249 6604static void fast_connectable_complete(struct hci_dev *hdev, void *data, int err)
33e38b3e 6605{
353a0249 6606 struct mgmt_pending_cmd *cmd = data;
33e38b3e 6607
353a0249 6608 bt_dev_dbg(hdev, "err %d", err);
33e38b3e 6609
353a0249 6610 if (err) {
a69e8375 6611 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
353a0249 6612 mgmt_status(err));
33e38b3e 6613 } else {
1a4d3c4b
JH		 6614 struct mgmt_mode *cp = cmd->param;
6615
6616 if (cp->val)
a1536da2 6617 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 6618 else
a358dc11 6619 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 6620
33e38b3e
JH		 6621 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
6622 new_settings(hdev, cmd->sk);
6623 }
6624
353a0249
BG		 6625 mgmt_pending_free(cmd);
6626}
33e38b3e 6627
353a0249
BG		 6628static int write_fast_connectable_sync(struct hci_dev *hdev, void *data)
6629{
6630 struct mgmt_pending_cmd *cmd = data;
6631 struct mgmt_mode *cp = cmd->param;
6632
6633 return hci_write_fast_connectable_sync(hdev, cp->val);
33e38b3e
JH		 6634}
6635
bdb6d971 6636static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 6637 void *data, u16 len)
f6422ec6 6638{
650f726d 6639 struct mgmt_mode *cp = data;
3b0602cd 6640 struct mgmt_pending_cmd *cmd;
f6422ec6
AJ		 6641 int err;
6642
181d6953 6643 bt_dev_dbg(hdev, "sock %p", sk);
f6422ec6 6644
d7a5a11d 6645 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 6646 hdev->hci_ver < BLUETOOTH_VER_1_2)
353a0249
BG		 6647 return mgmt_cmd_status(sk, hdev->id,
6648 MGMT_OP_SET_FAST_CONNECTABLE,
a69e8375 6649 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 6650
a7e80f25 6651 if (cp->val != 0x00 && cp->val != 0x01)
353a0249
BG		 6652 return mgmt_cmd_status(sk, hdev->id,
6653 MGMT_OP_SET_FAST_CONNECTABLE,
a69e8375 6654 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 6655
f6422ec6
AJ		 6656 hci_dev_lock(hdev);
6657
d7a5a11d 6658 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
353a0249 6659 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
1a4d3c4b
JH		 6660 goto unlock;
6661 }
6662
406ef2a6 6663 if (!hdev_is_powered(hdev)) {
ce05d603 6664 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
353a0249 6665 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
406ef2a6
JH		 6666 new_settings(hdev, sk);
6667 goto unlock;
6668 }
6669
353a0249
BG		 6670 cmd = mgmt_pending_new(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev, data,
6671 len);
6672 if (!cmd)
33e38b3e 6673 err = -ENOMEM;
353a0249
BG		 6674 else
6675 err = hci_cmd_sync_queue(hdev, write_fast_connectable_sync, cmd,
6676 fast_connectable_complete);
f6422ec6 6677
353a0249
BG		 6678 if (err < 0) {
6679 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
6680 MGMT_STATUS_FAILED);
33e38b3e 6681
353a0249
BG		 6682 if (cmd)
6683 mgmt_pending_free(cmd);
f6422ec6
AJ		 6684 }
6685
33e38b3e 6686unlock:
f6422ec6 6687 hci_dev_unlock(hdev);
33e38b3e 6688
f6422ec6
AJ		 6689 return err;
6690}
6691
451d95a9 6692static void set_bredr_complete(struct hci_dev *hdev, void *data, int err)
0663ca2a 6693{
451d95a9 6694 struct mgmt_pending_cmd *cmd = data;
0663ca2a 6695
451d95a9 6696 bt_dev_dbg(hdev, "err %d", err);
0663ca2a 6697
451d95a9
BG		 6698 if (err) {
6699 u8 mgmt_err = mgmt_status(err);
0663ca2a
JH		 6700
6701 /* We need to restore the flag if related HCI commands
6702 * failed.
6703 */
a358dc11 6704 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 6705
a69e8375 6706 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 6707 } else {
6708 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
6709 new_settings(hdev, cmd->sk);
6710 }
6711
451d95a9
BG		 6712 mgmt_pending_free(cmd);
6713}
0663ca2a 6714
451d95a9
BG		 6715static int set_bredr_sync(struct hci_dev *hdev, void *data)
6716{
6717 int status;
6718
6719 status = hci_write_fast_connectable_sync(hdev, false);
6720
6721 if (!status)
6722 status = hci_update_scan_sync(hdev);
6723
6724 /* Since only the advertising data flags will change, there
6725 * is no need to update the scan response data.
6726 */
6727 if (!status)
6728 status = hci_update_adv_data_sync(hdev, hdev->cur_adv_instance);
6729
6730 return status;
0663ca2a
JH		 6731}
6732
6733static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6734{
6735 struct mgmt_mode *cp = data;
3b0602cd 6736 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 6737 int err;
6738
181d6953 6739 bt_dev_dbg(hdev, "sock %p", sk);
0663ca2a
JH		 6740
6741 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 6742 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6743 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 6744
d7a5a11d 6745 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 6746 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6747 MGMT_STATUS_REJECTED);
0663ca2a
JH		 6748
6749 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 6750 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6751 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 6752
6753 hci_dev_lock(hdev);
6754
d7a5a11d 6755 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 6756 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6757 goto unlock;
6758 }
6759
6760 if (!hdev_is_powered(hdev)) {
6761 if (!cp->val) {
a358dc11
MH		 6762 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6763 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6764 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6765 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6766 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 6767 }
6768
ce05d603 6769 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 6770
6771 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6772 if (err < 0)
6773 goto unlock;
6774
6775 err = new_settings(hdev, sk);
6776 goto unlock;
6777 }
6778
6779 /* Reject disabling when powered on */
6780 if (!cp->val) {
a69e8375
JH		 6781 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6782 MGMT_STATUS_REJECTED);
0663ca2a 6783 goto unlock;
111e4bcc
MH		 6784 } else {
6785 /* When configuring a dual-mode controller to operate
6786 * with LE only and using a static address, then switching
6787 * BR/EDR back on is not allowed.
6788 *
6789 * Dual-mode controllers shall operate with the public
6790 * address as its identity address for BR/EDR and LE. So
6791 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 6792 *
6793 * The same restrictions applies when secure connections
6794 * has been enabled. For BR/EDR this is a controller feature
6795 * while for LE it is a host stack feature. This means that
6796 * switching BR/EDR back on when secure connections has been
6797 * enabled is not a supported transaction.
111e4bcc 6798 */
d7a5a11d 6799 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 6800 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 6801 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 6802 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6803 MGMT_STATUS_REJECTED);
111e4bcc
MH		 6804 goto unlock;
6805 }
0663ca2a
JH		 6806 }
6807
451d95a9
BG		 6808 cmd = mgmt_pending_new(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6809 if (!cmd)
0663ca2a 6810 err = -ENOMEM;
451d95a9
BG		 6811 else
6812 err = hci_cmd_sync_queue(hdev, set_bredr_sync, cmd,
6813 set_bredr_complete);
6814
6815 if (err < 0) {
6816 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6817 MGMT_STATUS_FAILED);
6818 if (cmd)
6819 mgmt_pending_free(cmd);
6820
0663ca2a
JH		 6821 goto unlock;
6822 }
6823
f2252570
JH		 6824 /* We need to flip the bit already here so that
6825 * hci_req_update_adv_data generates the correct flags.
0663ca2a 6826 */
a1536da2 6827 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 6828
0663ca2a
JH		 6829unlock:
6830 hci_dev_unlock(hdev);
6831 return err;
6832}
6833
2f2eb0c9 6834static void set_secure_conn_complete(struct hci_dev *hdev, void *data, int err)
a1443f5a 6835{
2f2eb0c9 6836 struct mgmt_pending_cmd *cmd = data;
a1443f5a
JH		 6837 struct mgmt_mode *cp;
6838
2f2eb0c9 6839 bt_dev_dbg(hdev, "err %d", err);
a1443f5a 6840
2f2eb0c9
BG		 6841 if (err) {
6842 u8 mgmt_err = mgmt_status(err);
a1443f5a 6843
2f2eb0c9
BG		 6844 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
6845 goto done;
a1443f5a
JH		 6846 }
6847
6848 cp = cmd->param;
6849
6850 switch (cp->val) {
6851 case 0x00:
a358dc11
MH		 6852 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6853 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6854 break;
6855 case 0x01:
a1536da2 6856 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 6857 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6858 break;
6859 case 0x02:
a1536da2
MH		 6860 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6861 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6862 break;
6863 }
6864
2f2eb0c9 6865 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
a1443f5a
JH		 6866 new_settings(hdev, cmd->sk);
6867
2f2eb0c9
BG		 6868done:
6869 mgmt_pending_free(cmd);
6870}
6871
6872static int set_secure_conn_sync(struct hci_dev *hdev, void *data)
6873{
6874 struct mgmt_pending_cmd *cmd = data;
6875 struct mgmt_mode *cp = cmd->param;
6876 u8 val = !!cp->val;
6877
6878 /* Force write of val */
6879 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6880
6881 return hci_write_sc_support_sync(hdev, val);
a1443f5a
JH		 6882}
6883
eac83dc6
MH		 6884static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6885 void *data, u16 len)
6886{
6887 struct mgmt_mode *cp = data;
3b0602cd 6888 struct mgmt_pending_cmd *cmd;
a3209694 6889 u8 val;
eac83dc6
MH		 6890 int err;
6891
181d6953 6892 bt_dev_dbg(hdev, "sock %p", sk);
eac83dc6 6893
05b3c3e7 6894 if (!lmp_sc_capable(hdev) &&
d7a5a11d 6895 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 6896 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6897 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 6898
d7a5a11d 6899 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 6900 lmp_sc_capable(hdev) &&
d7a5a11d 6901 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 6902 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6903 MGMT_STATUS_REJECTED);
ed93ec69 6904
0ab04a9c 6905 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 6906 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
2f2eb0c9 6907 MGMT_STATUS_INVALID_PARAMS);
eac83dc6
MH		 6908
6909 hci_dev_lock(hdev);
6910
05b3c3e7 6911 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 6912 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 6913 bool changed;
6914
0ab04a9c 6915 if (cp->val) {
238be788
MH		 6916 changed = !hci_dev_test_and_set_flag(hdev,
6917 HCI_SC_ENABLED);
0ab04a9c 6918 if (cp->val == 0x02)
a1536da2 6919 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6920 else
a358dc11 6921 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6922 } else {
a69d8927
MH		 6923 changed = hci_dev_test_and_clear_flag(hdev,
6924 HCI_SC_ENABLED);
a358dc11 6925 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6926 }
eac83dc6
MH		 6927
6928 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6929 if (err < 0)
6930 goto failed;
6931
6932 if (changed)
6933 err = new_settings(hdev, sk);
6934
6935 goto failed;
6936 }
6937
0ab04a9c
MH		 6938 val = !!cp->val;
6939
d7a5a11d
MH		 6940 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6941 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 6942 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6943 goto failed;
6944 }
6945
2f2eb0c9
BG		 6946 cmd = mgmt_pending_new(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6947 if (!cmd)
eac83dc6 6948 err = -ENOMEM;
2f2eb0c9
BG		 6949 else
6950 err = hci_cmd_sync_queue(hdev, set_secure_conn_sync, cmd,
6951 set_secure_conn_complete);
eac83dc6 6952
eac83dc6 6953 if (err < 0) {
2f2eb0c9
BG		 6954 mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6955 MGMT_STATUS_FAILED);
6956 if (cmd)
6957 mgmt_pending_free(cmd);
eac83dc6
MH		 6958 }
6959
6960failed:
6961 hci_dev_unlock(hdev);
6962 return err;
6963}
6964
4e39ac81
MH		 6965static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6966 void *data, u16 len)
6967{
6968 struct mgmt_mode *cp = data;
b9710979 6969 bool changed, use_changed;
4e39ac81
MH		 6970 int err;
6971
181d6953 6972 bt_dev_dbg(hdev, "sock %p", sk);
4e39ac81 6973
b9710979 6974 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 6975 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6976 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 6977
6978 hci_dev_lock(hdev);
6979
6980 if (cp->val)
238be788 6981 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 6982 else
a69d8927
MH		 6983 changed = hci_dev_test_and_clear_flag(hdev,
6984 HCI_KEEP_DEBUG_KEYS);
4e39ac81 6985
b9710979 6986 if (cp->val == 0x02)
238be788
MH		 6987 use_changed = !hci_dev_test_and_set_flag(hdev,
6988 HCI_USE_DEBUG_KEYS);
b9710979 6989 else
a69d8927
MH		 6990 use_changed = hci_dev_test_and_clear_flag(hdev,
6991 HCI_USE_DEBUG_KEYS);
b9710979
JH		 6992
6993 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 6994 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 6995 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6996 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6997 sizeof(mode), &mode);
6998 }
6999
4e39ac81
MH		 7000 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
7001 if (err < 0)
7002 goto unlock;
7003
7004 if (changed)
7005 err = new_settings(hdev, sk);
7006
7007unlock:
7008 hci_dev_unlock(hdev);
7009 return err;
7010}
7011
62b04cd1
JH		 7012static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7013 u16 len)
7014{
7015 struct mgmt_cp_set_privacy *cp = cp_data;
7016 bool changed;
7017 int err;
7018
181d6953 7019 bt_dev_dbg(hdev, "sock %p", sk);
62b04cd1
JH		 7020
7021 if (!lmp_le_capable(hdev))
a69e8375
JH		 7022 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7023 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 7024
82a37ade 7025 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 7026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7027 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 7028
7029 if (hdev_is_powered(hdev))
a69e8375
JH		 7030 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
7031 MGMT_STATUS_REJECTED);
62b04cd1
JH		 7032
7033 hci_dev_lock(hdev);
7034
c21c0ea0
JH		 7035 /* If user space supports this command it is also expected to
7036 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
7037 */
a1536da2 7038 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 7039
62b04cd1 7040 if (cp->privacy) {
238be788 7041 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 7042 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 7043 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 7044 hci_adv_instances_set_rpa_expired(hdev, true);
82a37ade
JH		 7045 if (cp->privacy == 0x02)
7046 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
7047 else
7048 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 7049 } else {
a69d8927 7050 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 7051 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 7052 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 7053 hci_adv_instances_set_rpa_expired(hdev, false);
82a37ade 7054 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 7055 }
7056
7057 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
7058 if (err < 0)
7059 goto unlock;
7060
7061 if (changed)
7062 err = new_settings(hdev, sk);
7063
7064unlock:
7065 hci_dev_unlock(hdev);
7066 return err;
7067}
7068
41edf160
JH		 7069static bool irk_is_valid(struct mgmt_irk_info *irk)
7070{
7071 switch (irk->addr.type) {
7072 case BDADDR_LE_PUBLIC:
7073 return true;
7074
7075 case BDADDR_LE_RANDOM:
7076 /* Two most significant bits shall be set */
7077 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7078 return false;
7079 return true;
7080 }
7081
7082 return false;
7083}
7084
7085static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
7086 u16 len)
7087{
7088 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 7089 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
7090 sizeof(struct mgmt_irk_info));
41edf160
JH		 7091 u16 irk_count, expected_len;
7092 int i, err;
7093
181d6953 7094 bt_dev_dbg(hdev, "sock %p", sk);
41edf160
JH		 7095
7096 if (!lmp_le_capable(hdev))
a69e8375
JH		 7097 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7098 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 7099
7100 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936 7101 if (irk_count > max_irk_count) {
2064ee33
MH		 7102 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
7103 irk_count);
a69e8375
JH		 7104 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7105 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 7106 }
41edf160 7107
5bec1fb8 7108 expected_len = struct_size(cp, irks, irk_count);
41edf160 7109 if (expected_len != len) {
2064ee33
MH		 7110 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
7111 expected_len, len);
a69e8375
JH		 7112 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
7113 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 7114 }
7115
181d6953 7116 bt_dev_dbg(hdev, "irk_count %u", irk_count);
41edf160
JH		 7117
7118 for (i = 0; i < irk_count; i++) {
7119 struct mgmt_irk_info *key = &cp->irks[i];
7120
7121 if (!irk_is_valid(key))
a69e8375
JH		 7122 return mgmt_cmd_status(sk, hdev->id,
7123 MGMT_OP_LOAD_IRKS,
7124 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 7125 }
7126
7127 hci_dev_lock(hdev);
7128
7129 hci_smp_irks_clear(hdev);
7130
7131 for (i = 0; i < irk_count; i++) {
7132 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 7133
600a8749
AM		 7134 if (hci_is_blocked_key(hdev,
7135 HCI_BLOCKED_KEY_TYPE_IRK,
7136 irk->val)) {
7137 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
7138 &irk->addr.bdaddr);
7139 continue;
7140 }
7141
85813a7e
JH		 7142 hci_add_irk(hdev, &irk->addr.bdaddr,
7143 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 7144 BDADDR_ANY);
7145 }
7146
a1536da2 7147 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 7148
2a1afb5a 7149 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 7150
7151 hci_dev_unlock(hdev);
7152
7153 return err;
7154}
7155
3f706b72
JH		 7156static bool ltk_is_valid(struct mgmt_ltk_info *key)
7157{
fad646e1 7158 if (key->initiator != 0x00 && key->initiator != 0x01)
3f706b72 7159 return false;
490cb0b3
MH		 7160
7161 switch (key->addr.type) {
7162 case BDADDR_LE_PUBLIC:
7163 return true;
7164
7165 case BDADDR_LE_RANDOM:
7166 /* Two most significant bits shall be set */
7167 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
7168 return false;
7169 return true;
7170 }
7171
7172 return false;
3f706b72
JH		 7173}
7174
bdb6d971 7175static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 7176 void *cp_data, u16 len)
346af67b 7177{
346af67b 7178 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 7179 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
7180 sizeof(struct mgmt_ltk_info));
346af67b 7181 u16 key_count, expected_len;
715a5bf2 7182 int i, err;
346af67b 7183
181d6953 7184 bt_dev_dbg(hdev, "sock %p", sk);
cf99ba13
MH		 7185
7186 if (!lmp_le_capable(hdev))
a69e8375
JH		 7187 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7188 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 7189
1f350c87 7190 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 7191 if (key_count > max_key_count) {
2064ee33
MH		 7192 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
7193 key_count);
a69e8375
JH		 7194 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7195 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 7196 }
346af67b 7197
5bec1fb8 7198 expected_len = struct_size(cp, keys, key_count);
346af67b 7199 if (expected_len != len) {
2064ee33
MH		 7200 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
7201 expected_len, len);
a69e8375
JH		 7202 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
7203 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 7204 }
7205
181d6953 7206 bt_dev_dbg(hdev, "key_count %u", key_count);
346af67b 7207
54ad6d8a
JH		 7208 for (i = 0; i < key_count; i++) {
7209 struct mgmt_ltk_info *key = &cp->keys[i];
7210
3f706b72 7211 if (!ltk_is_valid(key))
a69e8375
JH		 7212 return mgmt_cmd_status(sk, hdev->id,
7213 MGMT_OP_LOAD_LONG_TERM_KEYS,
7214 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 7215 }
7216
346af67b
VCG		 7217 hci_dev_lock(hdev);
7218
7219 hci_smp_ltks_clear(hdev);
7220
7221 for (i = 0; i < key_count; i++) {
7222 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 7223 u8 type, authenticated;
346af67b 7224
600a8749
AM		 7225 if (hci_is_blocked_key(hdev,
7226 HCI_BLOCKED_KEY_TYPE_LTK,
7227 key->val)) {
7228 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
7229 &key->addr.bdaddr);
7230 continue;
7231 }
7232
61b43357
JH		 7233 switch (key->type) {
7234 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 7235 authenticated = 0x00;
fad646e1 7236 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
61b43357
JH		 7237 break;
7238 case MGMT_LTK_AUTHENTICATED:
d7b25450 7239 authenticated = 0x01;
fad646e1 7240 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
23fb8de3
JH		 7241 break;
7242 case MGMT_LTK_P256_UNAUTH:
7243 authenticated = 0x00;
7244 type = SMP_LTK_P256;
61b43357 7245 break;
23fb8de3
JH		 7246 case MGMT_LTK_P256_AUTH:
7247 authenticated = 0x01;
7248 type = SMP_LTK_P256;
61b43357 7249 break;
23fb8de3
JH		 7250 case MGMT_LTK_P256_DEBUG:
7251 authenticated = 0x00;
7252 type = SMP_LTK_P256_DEBUG;
19186c7b 7253 fallthrough;
61b43357
JH		 7254 default:
7255 continue;
7256 }
d7b25450 7257
85813a7e
JH		 7258 hci_add_ltk(hdev, &key->addr.bdaddr,
7259 le_addr_type(key->addr.type), type, authenticated,
7260 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 7261 }
7262
2a1afb5a 7263 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 7264 NULL, 0);
7265
346af67b 7266 hci_dev_unlock(hdev);
346af67b 7267
715a5bf2 7268 return err;
346af67b
VCG		 7269}
7270
47db6b42 7271static void get_conn_info_complete(struct hci_dev *hdev, void *data, int err)
dd983808 7272{
47db6b42 7273 struct mgmt_pending_cmd *cmd = data;
dd983808 7274 struct hci_conn *conn = cmd->user_data;
47db6b42 7275 struct mgmt_cp_get_conn_info *cp = cmd->param;
9981bdb0 7276 struct mgmt_rp_get_conn_info rp;
47db6b42 7277 u8 status;
dd983808 7278
47db6b42
BG		 7279 bt_dev_dbg(hdev, "err %d", err);
7280
d1f0a981 7281 memcpy(&rp.addr, &cp->addr, sizeof(rp.addr));
dd983808 7282
47db6b42 7283 status = mgmt_status(err);
9981bdb0 7284 if (status == MGMT_STATUS_SUCCESS) {
dd983808 7285 rp.rssi = conn->rssi;
9981bdb0
JH		 7286 rp.tx_power = conn->tx_power;
7287 rp.max_tx_power = conn->max_tx_power;
7288 } else {
7289 rp.rssi = HCI_RSSI_INVALID;
7290 rp.tx_power = HCI_TX_POWER_INVALID;
7291 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 7292 }
7293
47db6b42
BG		 7294 mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO, status,
7295 &rp, sizeof(rp));
dd983808 7296
47db6b42 7297 mgmt_pending_free(cmd);
dd983808
AK		 7298}
7299
47db6b42 7300static int get_conn_info_sync(struct hci_dev *hdev, void *data)
dd983808 7301{
47db6b42
BG		 7302 struct mgmt_pending_cmd *cmd = data;
7303 struct mgmt_cp_get_conn_info *cp = cmd->param;
dd983808 7304 struct hci_conn *conn;
47db6b42
BG		 7305 int err;
7306 __le16 handle;
dd983808 7307
47db6b42
BG		 7308 /* Make sure we are still connected */
7309 if (cp->addr.type == BDADDR_BREDR)
7310 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7311 &cp->addr.bdaddr);
7312 else
7313 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
dd983808 7314
7b445e22 7315 if (!conn || conn->state != BT_CONNECTED)
47db6b42 7316 return MGMT_STATUS_NOT_CONNECTED;
dd983808 7317
7b445e22 7318 cmd->user_data = conn;
47db6b42 7319 handle = cpu_to_le16(conn->handle);
dd983808 7320
47db6b42
BG		 7321 /* Refresh RSSI each time */
7322 err = hci_read_rssi_sync(hdev, handle);
dd983808 7323
47db6b42
BG		 7324 /* For LE links TX power does not change thus we don't need to
7325 * query for it once value is known.
7326 */
7327 if (!err && (!bdaddr_type_is_le(cp->addr.type) ||
7328 conn->tx_power == HCI_TX_POWER_INVALID))
7329 err = hci_read_tx_power_sync(hdev, handle, 0x00);
dd983808 7330
47db6b42
BG		 7331 /* Max TX power needs to be read only once per connection */
7332 if (!err && conn->max_tx_power == HCI_TX_POWER_INVALID)
7333 err = hci_read_tx_power_sync(hdev, handle, 0x01);
dd983808 7334
47db6b42 7335 return err;
dd983808
AK		 7336}
7337
7338static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
7339 u16 len)
7340{
7341 struct mgmt_cp_get_conn_info *cp = data;
7342 struct mgmt_rp_get_conn_info rp;
7343 struct hci_conn *conn;
7344 unsigned long conn_info_age;
7345 int err = 0;
7346
181d6953 7347 bt_dev_dbg(hdev, "sock %p", sk);
dd983808
AK		 7348
7349 memset(&rp, 0, sizeof(rp));
7350 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7351 rp.addr.type = cp->addr.type;
7352
7353 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 7354 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7355 MGMT_STATUS_INVALID_PARAMS,
7356 &rp, sizeof(rp));
dd983808
AK		 7357
7358 hci_dev_lock(hdev);
7359
7360 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 7361 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7362 MGMT_STATUS_NOT_POWERED, &rp,
7363 sizeof(rp));
dd983808
AK		 7364 goto unlock;
7365 }
7366
7367 if (cp->addr.type == BDADDR_BREDR)
7368 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7369 &cp->addr.bdaddr);
7370 else
7371 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
7372
7373 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 7374 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7375 MGMT_STATUS_NOT_CONNECTED, &rp,
7376 sizeof(rp));
dd983808
AK		 7377 goto unlock;
7378 }
7379
7380 /* To avoid client trying to guess when to poll again for information we
7381 * calculate conn info age as random value between min/max set in hdev.
7382 */
e8a533cb
JD		 7383 conn_info_age = get_random_u32_inclusive(hdev->conn_info_min_age,
7384 hdev->conn_info_max_age - 1);
dd983808
AK		 7385
7386 /* Query controller to refresh cached values if they are too old or were
7387 * never read.
7388 */
f4e2dd53
AK		 7389 if (time_after(jiffies, conn->conn_info_timestamp +
7390 msecs_to_jiffies(conn_info_age)) ||
dd983808 7391 !conn->conn_info_timestamp) {
3b0602cd 7392 struct mgmt_pending_cmd *cmd;
dd983808 7393
47db6b42
BG		 7394 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CONN_INFO, hdev, data,
7395 len);
d7b2fdfb 7396 if (!cmd) {
47db6b42 7397 err = -ENOMEM;
d7b2fdfb 7398 } else {
47db6b42
BG		 7399 err = hci_cmd_sync_queue(hdev, get_conn_info_sync,
7400 cmd, get_conn_info_complete);
d7b2fdfb 7401 }
dd983808 7402
47db6b42
BG		 7403 if (err < 0) {
7404 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7405 MGMT_STATUS_FAILED, &rp, sizeof(rp));
eed5daf3 7406
47db6b42
BG		 7407 if (cmd)
7408 mgmt_pending_free(cmd);
dd983808 7409
dd983808
AK		 7410 goto unlock;
7411 }
7412
dd983808
AK		 7413 conn->conn_info_timestamp = jiffies;
7414 } else {
7415 /* Cache is valid, just reply with values cached in hci_conn */
7416 rp.rssi = conn->rssi;
7417 rp.tx_power = conn->tx_power;
eed5daf3 7418 rp.max_tx_power = conn->max_tx_power;
dd983808 7419
2a1afb5a
JH		 7420 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
7421 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 7422 }
7423
7424unlock:
7425 hci_dev_unlock(hdev);
7426 return err;
7427}
7428
5a750137 7429static void get_clock_info_complete(struct hci_dev *hdev, void *data, int err)
95868426 7430{
5a750137
BG		 7431 struct mgmt_pending_cmd *cmd = data;
7432 struct mgmt_cp_get_clock_info *cp = cmd->param;
95868426 7433 struct mgmt_rp_get_clock_info rp;
5a750137
BG		 7434 struct hci_conn *conn = cmd->user_data;
7435 u8 status = mgmt_status(err);
7436
7437 bt_dev_dbg(hdev, "err %d", err);
69487371
JH		 7438
7439 memset(&rp, 0, sizeof(rp));
5a750137
BG		 7440 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7441 rp.addr.type = cp->addr.type;
69487371 7442
5a750137 7443 if (err)
69487371
JH		 7444 goto complete;
7445
5a750137 7446 rp.local_clock = cpu_to_le32(hdev->clock);
69487371
JH		 7447
7448 if (conn) {
7449 rp.piconet_clock = cpu_to_le32(conn->clock);
7450 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
69487371 7451 }
9df74653 7452
5a750137
BG		 7453complete:
7454 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
7455 sizeof(rp));
7456
7457 mgmt_pending_free(cmd);
69487371
JH		 7458}
7459
5a750137 7460static int get_clock_info_sync(struct hci_dev *hdev, void *data)
69487371 7461{
5a750137
BG		 7462 struct mgmt_pending_cmd *cmd = data;
7463 struct mgmt_cp_get_clock_info *cp = cmd->param;
7464 struct hci_cp_read_clock hci_cp;
7b445e22 7465 struct hci_conn *conn;
95868426 7466
5a750137 7467 memset(&hci_cp, 0, sizeof(hci_cp));
7b445e22 7468 hci_read_clock_sync(hdev, &hci_cp);
95868426 7469
7b445e22
LAD		 7470 /* Make sure connection still exists */
7471 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
7472 if (!conn || conn->state != BT_CONNECTED)
7473 return MGMT_STATUS_NOT_CONNECTED;
95868426 7474
7b445e22
LAD		 7475 cmd->user_data = conn;
7476 hci_cp.handle = cpu_to_le16(conn->handle);
7477 hci_cp.which = 0x01; /* Piconet clock */
95868426 7478
7b445e22 7479 return hci_read_clock_sync(hdev, &hci_cp);
95868426
JH		 7480}
7481
7482static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
5a750137 7483 u16 len)
95868426
JH		 7484{
7485 struct mgmt_cp_get_clock_info *cp = data;
7486 struct mgmt_rp_get_clock_info rp;
3b0602cd 7487 struct mgmt_pending_cmd *cmd;
95868426
JH		 7488 struct hci_conn *conn;
7489 int err;
7490
181d6953 7491 bt_dev_dbg(hdev, "sock %p", sk);
95868426
JH		 7492
7493 memset(&rp, 0, sizeof(rp));
7494 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
7495 rp.addr.type = cp->addr.type;
7496
7497 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 7498 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7499 MGMT_STATUS_INVALID_PARAMS,
7500 &rp, sizeof(rp));
95868426
JH		 7501
7502 hci_dev_lock(hdev);
7503
7504 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 7505 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7506 MGMT_STATUS_NOT_POWERED, &rp,
7507 sizeof(rp));
95868426
JH		 7508 goto unlock;
7509 }
7510
7511 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
7512 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
7513 &cp->addr.bdaddr);
7514 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 7515 err = mgmt_cmd_complete(sk, hdev->id,
7516 MGMT_OP_GET_CLOCK_INFO,
7517 MGMT_STATUS_NOT_CONNECTED,
7518 &rp, sizeof(rp));
95868426
JH		 7519 goto unlock;
7520 }
7521 } else {
7522 conn = NULL;
7523 }
7524
5a750137
BG		 7525 cmd = mgmt_pending_new(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
7526 if (!cmd)
95868426 7527 err = -ENOMEM;
5a750137
BG		 7528 else
7529 err = hci_cmd_sync_queue(hdev, get_clock_info_sync, cmd,
7530 get_clock_info_complete);
69487371 7531
5a750137
BG		 7532 if (err < 0) {
7533 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
7534 MGMT_STATUS_FAILED, &rp, sizeof(rp));
95868426 7535
5a750137
BG		 7536 if (cmd)
7537 mgmt_pending_free(cmd);
95868426
JH		 7538 }
7539
95868426
JH		 7540
7541unlock:
7542 hci_dev_unlock(hdev);
7543 return err;
7544}
7545
5a154e6f
JH		 7546static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
7547{
7548 struct hci_conn *conn;
7549
7550 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
7551 if (!conn)
7552 return false;
7553
7554 if (conn->dst_type != type)
7555 return false;
7556
7557 if (conn->state != BT_CONNECTED)
7558 return false;
7559
7560 return true;
7561}
7562
7563/* This function requires the caller holds hdev->lock */
51d7a94d 7564static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 7565 u8 addr_type, u8 auto_connect)
7566{
5a154e6f
JH		 7567 struct hci_conn_params *params;
7568
7569 params = hci_conn_params_add(hdev, addr, addr_type);
7570 if (!params)
7571 return -EIO;
7572
7573 if (params->auto_connect == auto_connect)
7574 return 0;
7575
195ef75e 7576 hci_pend_le_list_del_init(params);
5a154e6f
JH		 7577
7578 switch (auto_connect) {
7579 case HCI_AUTO_CONN_DISABLED:
7580 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 7581 /* If auto connect is being disabled when we're trying to
7582 * connect to device, keep connecting.
7583 */
7584 if (params->explicit_connect)
195ef75e 7585 hci_pend_le_list_add(params, &hdev->pend_le_conns);
5a154e6f
JH		 7586 break;
7587 case HCI_AUTO_CONN_REPORT:
49c50922 7588 if (params->explicit_connect)
195ef75e 7589 hci_pend_le_list_add(params, &hdev->pend_le_conns);
49c50922 7590 else
195ef75e 7591 hci_pend_le_list_add(params, &hdev->pend_le_reports);
5a154e6f
JH		 7592 break;
7593 case HCI_AUTO_CONN_DIRECT:
7594 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 7595 if (!is_connected(hdev, addr, addr_type))
195ef75e 7596 hci_pend_le_list_add(params, &hdev->pend_le_conns);
5a154e6f
JH		 7597 break;
7598 }
7599
7600 params->auto_connect = auto_connect;
7601
181d6953
MH		 7602 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
7603 addr, addr_type, auto_connect);
5a154e6f
JH		 7604
7605 return 0;
7606}
7607
8afef092
MH		 7608static void device_added(struct sock *sk, struct hci_dev *hdev,
7609 bdaddr_t *bdaddr, u8 type, u8 action)
7610{
7611 struct mgmt_ev_device_added ev;
7612
7613 bacpy(&ev.addr.bdaddr, bdaddr);
7614 ev.addr.type = type;
7615 ev.action = action;
7616
7617 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
7618}
7619
e8907f76
LAD		 7620static int add_device_sync(struct hci_dev *hdev, void *data)
7621{
7622 return hci_update_passive_scan_sync(hdev);
7623}
7624
2faade53
MH		 7625static int add_device(struct sock *sk, struct hci_dev *hdev,
7626 void *data, u16 len)
7627{
7628 struct mgmt_cp_add_device *cp = data;
7629 u8 auto_conn, addr_type;
4c54bf2b 7630 struct hci_conn_params *params;
2faade53 7631 int err;
4c54bf2b 7632 u32 current_flags = 0;
fe92ee64 7633 u32 supported_flags;
2faade53 7634
181d6953 7635 bt_dev_dbg(hdev, "sock %p", sk);
2faade53 7636
6659358e 7637 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 7638 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 7639 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7640 MGMT_STATUS_INVALID_PARAMS,
7641 &cp->addr, sizeof(cp->addr));
2faade53 7642
4b9e7e75 7643 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 7644 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7645 MGMT_STATUS_INVALID_PARAMS,
7646 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7647
7648 hci_dev_lock(hdev);
7649
6659358e 7650 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 7651 /* Only incoming connections action is supported for now */
6659358e 7652 if (cp->action != 0x01) {
51d7a94d
JH		 7653 err = mgmt_cmd_complete(sk, hdev->id,
7654 MGMT_OP_ADD_DEVICE,
7655 MGMT_STATUS_INVALID_PARAMS,
7656 &cp->addr, sizeof(cp->addr));
6659358e
JH		 7657 goto unlock;
7658 }
7659
3d4f9c00 7660 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
8baaa403
APS		 7661 &cp->addr.bdaddr,
7662 cp->addr.type, 0);
6659358e
JH		 7663 if (err)
7664 goto unlock;
a397407f 7665
bb876725 7666 hci_update_scan(hdev);
a397407f 7667
6659358e
JH		 7668 goto added;
7669 }
7670
85813a7e 7671 addr_type = le_addr_type(cp->addr.type);
2faade53 7672
4b9e7e75 7673 if (cp->action == 0x02)
2faade53 7674 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 7675 else if (cp->action == 0x01)
7676 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 7677 else
a3451d27 7678 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 7679
9a0a8a8e
JP		 7680 /* Kernel internally uses conn_params with resolvable private
7681 * address, but Add Device allows only identity addresses.
7682 * Make sure it is enforced before calling
7683 * hci_conn_params_lookup.
7684 */
7685 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 7686 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7687 MGMT_STATUS_INVALID_PARAMS,
7688 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 7689 goto unlock;
7690 }
7691
bf5b3c8b
MH		 7692 /* If the connection parameters don't exist for this device,
7693 * they will be created and configured with defaults.
7694 */
51d7a94d 7695 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 7696 auto_conn) < 0) {
51d7a94d
JH		 7697 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7698 MGMT_STATUS_FAILED, &cp->addr,
7699 sizeof(cp->addr));
2faade53 7700 goto unlock;
4c54bf2b
APS		 7701 } else {
7702 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7703 addr_type);
7704 if (params)
e1cff700 7705 current_flags = params->flags;
2faade53
MH		 7706 }
7707
e8907f76
LAD		 7708 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
7709 if (err < 0)
7710 goto unlock;
51d7a94d 7711
6659358e 7712added:
8afef092 7713 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
e1cff700 7714 supported_flags = hdev->conn_flags;
4c54bf2b 7715 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
fe92ee64 7716 supported_flags, current_flags);
8afef092 7717
51d7a94d
JH		 7718 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7719 MGMT_STATUS_SUCCESS, &cp->addr,
7720 sizeof(cp->addr));
2faade53
MH		 7721
7722unlock:
7723 hci_dev_unlock(hdev);
7724 return err;
7725}
7726
8afef092
MH		 7727static void device_removed(struct sock *sk, struct hci_dev *hdev,
7728 bdaddr_t *bdaddr, u8 type)
7729{
7730 struct mgmt_ev_device_removed ev;
7731
7732 bacpy(&ev.addr.bdaddr, bdaddr);
7733 ev.addr.type = type;
7734
7735 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7736}
7737
e8907f76
LAD		 7738static int remove_device_sync(struct hci_dev *hdev, void *data)
7739{
7740 return hci_update_passive_scan_sync(hdev);
7741}
7742
2faade53
MH		 7743static int remove_device(struct sock *sk, struct hci_dev *hdev,
7744 void *data, u16 len)
7745{
7746 struct mgmt_cp_remove_device *cp = data;
7747 int err;
7748
181d6953 7749 bt_dev_dbg(hdev, "sock %p", sk);
2faade53
MH		 7750
7751 hci_dev_lock(hdev);
7752
7753 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 7754 struct hci_conn_params *params;
2faade53
MH		 7755 u8 addr_type;
7756
6659358e 7757 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 7758 err = mgmt_cmd_complete(sk, hdev->id,
7759 MGMT_OP_REMOVE_DEVICE,
7760 MGMT_STATUS_INVALID_PARAMS,
7761 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7762 goto unlock;
7763 }
7764
6659358e 7765 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 7766 err = hci_bdaddr_list_del(&hdev->accept_list,
6659358e
JH		 7767 &cp->addr.bdaddr,
7768 cp->addr.type);
7769 if (err) {
51d7a94d
JH		 7770 err = mgmt_cmd_complete(sk, hdev->id,
7771 MGMT_OP_REMOVE_DEVICE,
7772 MGMT_STATUS_INVALID_PARAMS,
7773 &cp->addr,
7774 sizeof(cp->addr));
6659358e
JH		 7775 goto unlock;
7776 }
7777
bb876725 7778 hci_update_scan(hdev);
a397407f 7779
6659358e
JH		 7780 device_removed(sk, hdev, &cp->addr.bdaddr,
7781 cp->addr.type);
7782 goto complete;
7783 }
7784
85813a7e 7785 addr_type = le_addr_type(cp->addr.type);
2faade53 7786
9a0a8a8e
JP		 7787 /* Kernel internally uses conn_params with resolvable private
7788 * address, but Remove Device allows only identity addresses.
7789 * Make sure it is enforced before calling
7790 * hci_conn_params_lookup.
7791 */
7792 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 7793 err = mgmt_cmd_complete(sk, hdev->id,
7794 MGMT_OP_REMOVE_DEVICE,
7795 MGMT_STATUS_INVALID_PARAMS,
7796 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 7797 goto unlock;
7798 }
7799
c71593dd
JH		 7800 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7801 addr_type);
7802 if (!params) {
51d7a94d
JH		 7803 err = mgmt_cmd_complete(sk, hdev->id,
7804 MGMT_OP_REMOVE_DEVICE,
7805 MGMT_STATUS_INVALID_PARAMS,
7806 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 7807 goto unlock;
7808 }
7809
679d2b6f
JH		 7810 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
7811 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 7812 err = mgmt_cmd_complete(sk, hdev->id,
7813 MGMT_OP_REMOVE_DEVICE,
7814 MGMT_STATUS_INVALID_PARAMS,
7815 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 7816 goto unlock;
7817 }
7818
195ef75e 7819 hci_conn_params_free(params);
8afef092
MH		 7820
7821 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 7822 } else {
19de0825 7823 struct hci_conn_params *p, *tmp;
6659358e 7824 struct bdaddr_list *b, *btmp;
19de0825 7825
2faade53 7826 if (cp->addr.type) {
51d7a94d
JH		 7827 err = mgmt_cmd_complete(sk, hdev->id,
7828 MGMT_OP_REMOVE_DEVICE,
7829 MGMT_STATUS_INVALID_PARAMS,
7830 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7831 goto unlock;
7832 }
7833
3d4f9c00 7834 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
6659358e
JH		 7835 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7836 list_del(&b->list);
7837 kfree(b);
7838 }
7839
bb876725 7840 hci_update_scan(hdev);
a397407f 7841
19de0825
JH		 7842 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7843 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7844 continue;
7845 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 7846 if (p->explicit_connect) {
7847 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
7848 continue;
7849 }
195ef75e 7850 hci_conn_params_free(p);
19de0825
JH		 7851 }
7852
181d6953 7853 bt_dev_dbg(hdev, "All LE connection parameters were removed");
2faade53
MH		 7854 }
7855
e8907f76
LAD		 7856 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
7857
6659358e 7858complete:
51d7a94d
JH		 7859 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
7860 MGMT_STATUS_SUCCESS, &cp->addr,
7861 sizeof(cp->addr));
2faade53
MH		 7862unlock:
7863 hci_dev_unlock(hdev);
7864 return err;
7865}
7866
a26f3dcf
JH		 7867static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7868 u16 len)
7869{
7870 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 7871 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7872 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 7873 u16 param_count, expected_len;
7874 int i;
7875
7876 if (!lmp_le_capable(hdev))
a69e8375
JH		 7877 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7878 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 7879
7880 param_count = __le16_to_cpu(cp->param_count);
ba1d6936 7881 if (param_count > max_param_count) {
2064ee33
MH		 7882 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
7883 param_count);
a69e8375
JH		 7884 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7885 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 7886 }
a26f3dcf 7887
5bec1fb8 7888 expected_len = struct_size(cp, params, param_count);
a26f3dcf 7889 if (expected_len != len) {
2064ee33
MH		 7890 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
7891 expected_len, len);
a69e8375
JH		 7892 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7893 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 7894 }
7895
181d6953 7896 bt_dev_dbg(hdev, "param_count %u", param_count);
a26f3dcf
JH		 7897
7898 hci_dev_lock(hdev);
7899
7900 hci_conn_params_clear_disabled(hdev);
7901
7902 for (i = 0; i < param_count; i++) {
7903 struct mgmt_conn_param *param = &cp->params[i];
7904 struct hci_conn_params *hci_param;
7905 u16 min, max, latency, timeout;
7906 u8 addr_type;
7907
181d6953
MH		 7908 bt_dev_dbg(hdev, "Adding %pMR (type %u)", &param->addr.bdaddr,
7909 param->addr.type);
a26f3dcf
JH		 7910
7911 if (param->addr.type == BDADDR_LE_PUBLIC) {
7912 addr_type = ADDR_LE_DEV_PUBLIC;
7913 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7914 addr_type = ADDR_LE_DEV_RANDOM;
7915 } else {
2064ee33 7916 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 7917 continue;
7918 }
7919
7920 min = le16_to_cpu(param->min_interval);
7921 max = le16_to_cpu(param->max_interval);
7922 latency = le16_to_cpu(param->latency);
7923 timeout = le16_to_cpu(param->timeout);
7924
181d6953
MH		 7925 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7926 min, max, latency, timeout);
a26f3dcf
JH		 7927
7928 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
2064ee33 7929 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 7930 continue;
7931 }
7932
7933 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
7934 addr_type);
7935 if (!hci_param) {
2064ee33 7936 bt_dev_err(hdev, "failed to add connection parameters");
a26f3dcf
JH		 7937 continue;
7938 }
7939
7940 hci_param->conn_min_interval = min;
7941 hci_param->conn_max_interval = max;
7942 hci_param->conn_latency = latency;
7943 hci_param->supervision_timeout = timeout;
7944 }
7945
7946 hci_dev_unlock(hdev);
7947
2a1afb5a
JH		 7948 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7949 NULL, 0);
a26f3dcf
JH		 7950}
7951
dbece37a
MH		 7952static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7953 void *data, u16 len)
7954{
7955 struct mgmt_cp_set_external_config *cp = data;
7956 bool changed;
7957 int err;
7958
181d6953 7959 bt_dev_dbg(hdev, "sock %p", sk);
dbece37a
MH		 7960
7961 if (hdev_is_powered(hdev))
a69e8375
JH		 7962 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7963 MGMT_STATUS_REJECTED);
dbece37a
MH		 7964
7965 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 7966 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7967 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 7968
7969 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 7970 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7971 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 7972
7973 hci_dev_lock(hdev);
7974
7975 if (cp->config)
238be788 7976 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 7977 else
a69d8927 7978 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 7979
7980 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7981 if (err < 0)
7982 goto unlock;
7983
7984 if (!changed)
7985 goto unlock;
7986
f4537c04
MH		 7987 err = new_options(hdev, sk);
7988
d7a5a11d 7989 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 7990 mgmt_index_removed(hdev);
d603b76b 7991
516018a9 7992 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 7993 hci_dev_set_flag(hdev, HCI_CONFIG);
7994 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 7995
7996 queue_work(hdev->req_workqueue, &hdev->power_on);
7997 } else {
5ea234d3 7998 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 7999 mgmt_index_added(hdev);
8000 }
dbece37a
MH		 8001 }
8002
8003unlock:
8004 hci_dev_unlock(hdev);
8005 return err;
8006}
8007
9713c17b
MH		 8008static int set_public_address(struct sock *sk, struct hci_dev *hdev,
8009 void *data, u16 len)
8010{
8011 struct mgmt_cp_set_public_address *cp = data;
8012 bool changed;
8013 int err;
8014
181d6953 8015 bt_dev_dbg(hdev, "sock %p", sk);
9713c17b
MH		 8016
8017 if (hdev_is_powered(hdev))
a69e8375
JH		 8018 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8019 MGMT_STATUS_REJECTED);
9713c17b
MH		 8020
8021 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 8022 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8023 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 8024
8025 if (!hdev->set_bdaddr)
a69e8375
JH		 8026 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
8027 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 8028
8029 hci_dev_lock(hdev);
8030
8031 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
8032 bacpy(&hdev->public_addr, &cp->bdaddr);
8033
8034 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
8035 if (err < 0)
8036 goto unlock;
8037
8038 if (!changed)
8039 goto unlock;
8040
d7a5a11d 8041 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 8042 err = new_options(hdev, sk);
8043
8044 if (is_configured(hdev)) {
8045 mgmt_index_removed(hdev);
8046
a358dc11 8047 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 8048
a1536da2
MH		 8049 hci_dev_set_flag(hdev, HCI_CONFIG);
8050 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 8051
8052 queue_work(hdev->req_workqueue, &hdev->power_on);
8053 }
8054
8055unlock:
8056 hci_dev_unlock(hdev);
8057 return err;
8058}
8059
177e77a3
BG		 8060static void read_local_oob_ext_data_complete(struct hci_dev *hdev, void *data,
8061 int err)
40f66c05
JH		 8062{
8063 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
8064 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
8065 u8 *h192, *r192, *h256, *r256;
177e77a3
BG		 8066 struct mgmt_pending_cmd *cmd = data;
8067 struct sk_buff *skb = cmd->skb;
8068 u8 status = mgmt_status(err);
40f66c05 8069 u16 eir_len;
40f66c05 8070
275f3f64
BG		 8071 if (cmd != pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev))
8072 return;
8073
177e77a3
BG		 8074 if (!status) {
8075 if (!skb)
8076 status = MGMT_STATUS_FAILED;
8077 else if (IS_ERR(skb))
8078 status = mgmt_status(PTR_ERR(skb));
8079 else
8080 status = mgmt_status(skb->data[0]);
8081 }
40f66c05 8082
177e77a3 8083 bt_dev_dbg(hdev, "status %u", status);
40f66c05
JH		 8084
8085 mgmt_cp = cmd->param;
8086
8087 if (status) {
8088 status = mgmt_status(status);
8089 eir_len = 0;
8090
8091 h192 = NULL;
8092 r192 = NULL;
8093 h256 = NULL;
8094 r256 = NULL;
177e77a3 8095 } else if (!bredr_sc_enabled(hdev)) {
40f66c05
JH		 8096 struct hci_rp_read_local_oob_data *rp;
8097
8098 if (skb->len != sizeof(*rp)) {
8099 status = MGMT_STATUS_FAILED;
8100 eir_len = 0;
8101 } else {
8102 status = MGMT_STATUS_SUCCESS;
8103 rp = (void *)skb->data;
8104
8105 eir_len = 5 + 18 + 18;
8106 h192 = rp->hash;
8107 r192 = rp->rand;
8108 h256 = NULL;
8109 r256 = NULL;
8110 }
8111 } else {
8112 struct hci_rp_read_local_oob_ext_data *rp;
8113
8114 if (skb->len != sizeof(*rp)) {
8115 status = MGMT_STATUS_FAILED;
8116 eir_len = 0;
8117 } else {
8118 status = MGMT_STATUS_SUCCESS;
8119 rp = (void *)skb->data;
8120
8121 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
8122 eir_len = 5 + 18 + 18;
8123 h192 = NULL;
8124 r192 = NULL;
8125 } else {
8126 eir_len = 5 + 18 + 18 + 18 + 18;
8127 h192 = rp->hash192;
8128 r192 = rp->rand192;
8129 }
8130
8131 h256 = rp->hash256;
8132 r256 = rp->rand256;
8133 }
8134 }
8135
8136 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
8137 if (!mgmt_rp)
8138 goto done;
8139
a31e5a41 8140 if (eir_len == 0)
40f66c05
JH		 8141 goto send_rsp;
8142
8143 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
8144 hdev->dev_class, 3);
8145
8146 if (h192 && r192) {
8147 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8148 EIR_SSP_HASH_C192, h192, 16);
8149 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8150 EIR_SSP_RAND_R192, r192, 16);
8151 }
8152
8153 if (h256 && r256) {
8154 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8155 EIR_SSP_HASH_C256, h256, 16);
8156 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
8157 EIR_SSP_RAND_R256, r256, 16);
8158 }
8159
8160send_rsp:
8161 mgmt_rp->type = mgmt_cp->type;
8162 mgmt_rp->eir_len = cpu_to_le16(eir_len);
8163
8164 err = mgmt_cmd_complete(cmd->sk, hdev->id,
8165 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
8166 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
8167 if (err < 0 || status)
8168 goto done;
8169
8170 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
8171
8172 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
8173 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
8174 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
8175done:
177e77a3
BG		 8176 if (skb && !IS_ERR(skb))
8177 kfree_skb(skb);
8178
40f66c05
JH		 8179 kfree(mgmt_rp);
8180 mgmt_pending_remove(cmd);
8181}
8182
8183static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
8184 struct mgmt_cp_read_local_oob_ext_data *cp)
8185{
8186 struct mgmt_pending_cmd *cmd;
40f66c05
JH		 8187 int err;
8188
8189 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
8190 cp, sizeof(*cp));
8191 if (!cmd)
8192 return -ENOMEM;
8193
177e77a3
BG		 8194 err = hci_cmd_sync_queue(hdev, read_local_oob_data_sync, cmd,
8195 read_local_oob_ext_data_complete);
40f66c05 8196
40f66c05
JH		 8197 if (err < 0) {
8198 mgmt_pending_remove(cmd);
8199 return err;
8200 }
8201
8202 return 0;
8203}
8204
4f0f155c
MH		 8205static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
8206 void *data, u16 data_len)
8207{
8208 struct mgmt_cp_read_local_oob_ext_data *cp = data;
8209 struct mgmt_rp_read_local_oob_ext_data *rp;
8210 size_t rp_len;
8211 u16 eir_len;
0821a2c5 8212 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 8213 int err;
8214
181d6953 8215 bt_dev_dbg(hdev, "sock %p", sk);
4f0f155c 8216
57b0d3e8
MH		 8217 if (hdev_is_powered(hdev)) {
8218 switch (cp->type) {
8219 case BIT(BDADDR_BREDR):
8220 status = mgmt_bredr_support(hdev);
8221 if (status)
8222 eir_len = 0;
8223 else
8224 eir_len = 5;
8225 break;
8226 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
8227 status = mgmt_le_support(hdev);
8228 if (status)
8229 eir_len = 0;
8230 else
8231 eir_len = 9 + 3 + 18 + 18 + 3;
8232 break;
8233 default:
8234 status = MGMT_STATUS_INVALID_PARAMS;
8235 eir_len = 0;
8236 break;
8237 }
8238 } else {
8239 status = MGMT_STATUS_NOT_POWERED;
8240 eir_len = 0;
4f0f155c
MH		 8241 }
8242
4f0f155c
MH		 8243 rp_len = sizeof(*rp) + eir_len;
8244 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 8245 if (!rp)
4f0f155c 8246 return -ENOMEM;
efcd8c98 8247
81218cbe
BG		 8248 if (!status && !lmp_ssp_capable(hdev)) {
8249 status = MGMT_STATUS_NOT_SUPPORTED;
8250 eir_len = 0;
8251 }
8252
57b0d3e8
MH		 8253 if (status)
8254 goto complete;
8255
efcd8c98 8256 hci_dev_lock(hdev);
4f0f155c
MH		 8257
8258 eir_len = 0;
8259 switch (cp->type) {
8260 case BIT(BDADDR_BREDR):
40f66c05
JH		 8261 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
8262 err = read_local_ssp_oob_req(hdev, sk, cp);
8263 hci_dev_unlock(hdev);
8264 if (!err)
8265 goto done;
8266
8267 status = MGMT_STATUS_FAILED;
8268 goto complete;
8269 } else {
8270 eir_len = eir_append_data(rp->eir, eir_len,
8271 EIR_CLASS_OF_DEV,
8272 hdev->dev_class, 3);
8273 }
4f0f155c
MH		 8274 break;
8275 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 8276 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
8277 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 8278 hci_dev_unlock(hdev);
57b0d3e8
MH		 8279 status = MGMT_STATUS_FAILED;
8280 goto complete;
0821a2c5
MH		 8281 }
8282
e213568a
MH		 8283 /* This should return the active RPA, but since the RPA
8284 * is only programmed on demand, it is really hard to fill
8285 * this in at the moment. For now disallow retrieving
8286 * local out-of-band data when privacy is in use.
8287 *
8288 * Returning the identity address will not help here since
8289 * pairing happens before the identity resolving key is
8290 * known and thus the connection establishment happens
8291 * based on the RPA and not the identity address.
8292 */
4f0f155c 8293 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 8294 hci_dev_unlock(hdev);
8295 status = MGMT_STATUS_REJECTED;
8296 goto complete;
8297 }
8298
8299 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
8300 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
8301 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
8302 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 8303 memcpy(addr, &hdev->static_addr, 6);
8304 addr[6] = 0x01;
8305 } else {
8306 memcpy(addr, &hdev->bdaddr, 6);
8307 addr[6] = 0x00;
8308 }
8309
8310 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
8311 addr, sizeof(addr));
8312
8313 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
8314 role = 0x02;
8315 else
8316 role = 0x01;
8317
8318 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
8319 &role, sizeof(role));
8320
5082a599
MH		 8321 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
8322 eir_len = eir_append_data(rp->eir, eir_len,
8323 EIR_LE_SC_CONFIRM,
8324 hash, sizeof(hash));
0821a2c5 8325
5082a599
MH		 8326 eir_len = eir_append_data(rp->eir, eir_len,
8327 EIR_LE_SC_RANDOM,
8328 rand, sizeof(rand));
8329 }
0821a2c5 8330
f2252570 8331 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 8332
8333 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
8334 flags |= LE_AD_NO_BREDR;
8335
8336 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
8337 &flags, sizeof(flags));
8338 break;
8339 }
8340
4f0f155c
MH		 8341 hci_dev_unlock(hdev);
8342
72000df2
MH		 8343 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
8344
57b0d3e8
MH		 8345 status = MGMT_STATUS_SUCCESS;
8346
8347complete:
efcd8c98
MH		 8348 rp->type = cp->type;
8349 rp->eir_len = cpu_to_le16(eir_len);
8350
4f0f155c 8351 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 8352 status, rp, sizeof(*rp) + eir_len);
8353 if (err < 0 || status)
72000df2
MH		 8354 goto done;
8355
8356 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
8357 rp, sizeof(*rp) + eir_len,
8358 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 8359
0821a2c5 8360done:
4f0f155c
MH		 8361 kfree(rp);
8362
8363 return err;
8364}
8365
089fa8c0
AU		 8366static u32 get_supported_adv_flags(struct hci_dev *hdev)
8367{
8368 u32 flags = 0;
8369
8370 flags |= MGMT_ADV_FLAG_CONNECTABLE;
8371 flags |= MGMT_ADV_FLAG_DISCOV;
8372 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
8373 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
c4960ecf 8374 flags |= MGMT_ADV_FLAG_APPEARANCE;
7c295c48 8375 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
12410572
DW		 8376 flags |= MGMT_ADV_PARAM_DURATION;
8377 flags |= MGMT_ADV_PARAM_TIMEOUT;
8378 flags |= MGMT_ADV_PARAM_INTERVALS;
8379 flags |= MGMT_ADV_PARAM_TX_POWER;
ff02db13 8380 flags |= MGMT_ADV_PARAM_SCAN_RSP;
089fa8c0 8381
de181e88
JK		 8382 /* In extended adv TX_POWER returned from Set Adv Param
8383 * will be always valid.
8384 */
b338d917 8385 if (hdev->adv_tx_power != HCI_TX_POWER_INVALID || ext_adv_capable(hdev))
089fa8c0
AU		 8386 flags |= MGMT_ADV_FLAG_TX_POWER;
8387
85a721a8
JK		 8388 if (ext_adv_capable(hdev)) {
8389 flags |= MGMT_ADV_FLAG_SEC_1M;
d5ea32da
DW		 8390 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
8391 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
85a721a8 8392
288c9022 8393 if (le_2m_capable(hdev))
85a721a8
JK		 8394 flags |= MGMT_ADV_FLAG_SEC_2M;
8395
288c9022 8396 if (le_coded_capable(hdev))
85a721a8
JK		 8397 flags |= MGMT_ADV_FLAG_SEC_CODED;
8398 }
8399
089fa8c0
AU		 8400 return flags;
8401}
8402
d3d5305b
MH		 8403static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
8404 void *data, u16 data_len)
8405{
8406 struct mgmt_rp_read_adv_features *rp;
8407 size_t rp_len;
02c04afe 8408 int err;
286e0c83 8409 struct adv_info *adv_instance;
089fa8c0 8410 u32 supported_flags;
02c04afe 8411 u8 *instance;
d3d5305b 8412
181d6953 8413 bt_dev_dbg(hdev, "sock %p", sk);
d3d5305b 8414
089fa8c0
AU		 8415 if (!lmp_le_capable(hdev))
8416 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
8417 MGMT_STATUS_REJECTED);
8418
d3d5305b
MH		 8419 hci_dev_lock(hdev);
8420
02c04afe 8421 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 8422 rp = kmalloc(rp_len, GFP_ATOMIC);
8423 if (!rp) {
8424 hci_dev_unlock(hdev);
8425 return -ENOMEM;
8426 }
8427
089fa8c0
AU		 8428 supported_flags = get_supported_adv_flags(hdev);
8429
8430 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 8431 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
8432 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
87597482 8433 rp->max_instances = hdev->le_num_of_adv_sets;
02c04afe 8434 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 8435
02c04afe
JH		 8436 instance = rp->instance;
8437 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
b338d917
BG		 8438 /* Only instances 1-le_num_of_adv_sets are externally visible */
8439 if (adv_instance->instance <= hdev->adv_instance_cnt) {
8440 *instance = adv_instance->instance;
8441 instance++;
8442 } else {
8443 rp->num_instances--;
8444 rp_len--;
8445 }
24b4f38f 8446 }
d3d5305b
MH		 8447
8448 hci_dev_unlock(hdev);
8449
8450 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
8451 MGMT_STATUS_SUCCESS, rp, rp_len);
8452
8453 kfree(rp);
8454
8455 return err;
8456}
8457
f61851f6
MN		 8458static u8 calculate_name_len(struct hci_dev *hdev)
8459{
8460 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
8461
01ce70b0 8462 return eir_append_local_name(hdev, buf, 0);
f61851f6
MN		 8463}
8464
8465static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
8466 bool is_adv_data)
24b4f38f 8467{
4117ed70 8468 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 8469
31a3248d
MH		 8470 if (is_adv_data) {
8471 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
8472 MGMT_ADV_FLAG_LIMITED_DISCOV |
2bb36870 8473 MGMT_ADV_FLAG_MANAGED_FLAGS))
31a3248d 8474 max_len -= 3;
24b4f38f 8475
2bb36870 8476 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
31a3248d 8477 max_len -= 3;
7c295c48 8478 } else {
7c295c48 8479 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
f61851f6 8480 max_len -= calculate_name_len(hdev);
c4960ecf 8481
2bb36870 8482 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
c4960ecf 8483 max_len -= 4;
5507e358
AU		 8484 }
8485
2bb36870
SJ		 8486 return max_len;
8487}
8488
8489static bool flags_managed(u32 adv_flags)
8490{
8491 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
8492 MGMT_ADV_FLAG_LIMITED_DISCOV |
8493 MGMT_ADV_FLAG_MANAGED_FLAGS);
8494}
8495
8496static bool tx_power_managed(u32 adv_flags)
8497{
8498 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
8499}
8500
8501static bool name_managed(u32 adv_flags)
8502{
8503 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
8504}
8505
8506static bool appearance_managed(u32 adv_flags)
8507{
8508 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
8509}
8510
f61851f6
MN		 8511static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
8512 u8 len, bool is_adv_data)
2bb36870
SJ		 8513{
8514 int i, cur_len;
8515 u8 max_len;
8516
f61851f6 8517 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
2bb36870 8518
4117ed70 8519 if (len > max_len)
24b4f38f
AU		 8520 return false;
8521
4117ed70 8522 /* Make sure that the data is correctly formatted. */
0ca8794a 8523 for (i = 0; i < len; i += (cur_len + 1)) {
4117ed70 8524 cur_len = data[i];
24b4f38f 8525
799acb93
LAD		 8526 if (!cur_len)
8527 continue;
8528
9c9db78d
SJ		 8529 if (data[i + 1] == EIR_FLAGS &&
8530 (!is_adv_data || flags_managed(adv_flags)))
2bb36870
SJ		 8531 return false;
8532
8533 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
8534 return false;
8535
8536 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
8537 return false;
8538
8539 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
b44133ff
AU		 8540 return false;
8541
2bb36870
SJ		 8542 if (data[i + 1] == EIR_APPEARANCE &&
8543 appearance_managed(adv_flags))
5507e358
AU		 8544 return false;
8545
24b4f38f
AU		 8546 /* If the current field length would exceed the total data
8547 * length, then it's invalid.
8548 */
4117ed70 8549 if (i + cur_len >= len)
24b4f38f
AU		 8550 return false;
8551 }
8552
8553 return true;
8554}
8555
12410572
DW		 8556static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
8557{
8558 u32 supported_flags, phy_flags;
8559
8560 /* The current implementation only supports a subset of the specified
8561 * flags. Also need to check mutual exclusiveness of sec flags.
8562 */
8563 supported_flags = get_supported_adv_flags(hdev);
8564 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
8565 if (adv_flags & ~supported_flags ||
8566 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
8567 return false;
8568
8569 return true;
8570}
8571
8572static bool adv_busy(struct hci_dev *hdev)
8573{
275f3f64 8574 return pending_find(MGMT_OP_SET_LE, hdev);
12410572
DW		 8575}
8576
cba6b758
LAD		 8577static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
8578 int err)
24b4f38f 8579{
cba6b758 8580 struct adv_info *adv, *n;
24b4f38f 8581
cba6b758 8582 bt_dev_dbg(hdev, "err %d", err);
24b4f38f
AU		 8583
8584 hci_dev_lock(hdev);
8585
cba6b758
LAD		 8586 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
8587 u8 instance;
24b4f38f 8588
cba6b758 8589 if (!adv->pending)
fffd38bc
FG		 8590 continue;
8591
cba6b758
LAD		 8592 if (!err) {
8593 adv->pending = false;
fffd38bc
FG		 8594 continue;
8595 }
8596
cba6b758 8597 instance = adv->instance;
fffd38bc
FG		 8598
8599 if (hdev->cur_adv_instance == instance)
8600 cancel_adv_timeout(hdev);
8601
8602 hci_remove_adv_instance(hdev, instance);
cba6b758 8603 mgmt_advertising_removed(sk, hdev, instance);
24b4f38f
AU		 8604 }
8605
cba6b758
LAD		 8606 hci_dev_unlock(hdev);
8607}
8608
8609static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
8610{
8611 struct mgmt_pending_cmd *cmd = data;
8612 struct mgmt_cp_add_advertising *cp = cmd->param;
8613 struct mgmt_rp_add_advertising rp;
8614
8615 memset(&rp, 0, sizeof(rp));
24b4f38f 8616
fffd38bc 8617 rp.instance = cp->instance;
24b4f38f 8618
cba6b758 8619 if (err)
24b4f38f 8620 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8621 mgmt_status(err));
24b4f38f
AU		 8622 else
8623 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8624 mgmt_status(err), &rp, sizeof(rp));
24b4f38f 8625
cba6b758 8626 add_adv_complete(hdev, cmd->sk, cp->instance, err);
24b4f38f 8627
cba6b758
LAD		 8628 mgmt_pending_free(cmd);
8629}
8630
8631static int add_advertising_sync(struct hci_dev *hdev, void *data)
8632{
8633 struct mgmt_pending_cmd *cmd = data;
8634 struct mgmt_cp_add_advertising *cp = cmd->param;
8635
8636 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
24b4f38f
AU		 8637}
8638
8639static int add_advertising(struct sock *sk, struct hci_dev *hdev,
8640 void *data, u16 data_len)
8641{
8642 struct mgmt_cp_add_advertising *cp = data;
8643 struct mgmt_rp_add_advertising rp;
8644 u32 flags;
8645 u8 status;
fffd38bc 8646 u16 timeout, duration;
4bd80d7a 8647 unsigned int prev_instance_cnt;
fffd38bc 8648 u8 schedule_instance = 0;
eca0ae4a 8649 struct adv_info *adv, *next_instance;
24b4f38f
AU		 8650 int err;
8651 struct mgmt_pending_cmd *cmd;
24b4f38f 8652
181d6953 8653 bt_dev_dbg(hdev, "sock %p", sk);
24b4f38f
AU		 8654
8655 status = mgmt_le_support(hdev);
8656 if (status)
8657 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8658 status);
8659
87597482 8660 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
6a0e7807
JH		 8661 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8662 MGMT_STATUS_INVALID_PARAMS);
8663
8664 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 8665 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8666 MGMT_STATUS_INVALID_PARAMS);
8667
24b4f38f 8668 flags = __le32_to_cpu(cp->flags);
912098a6 8669 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 8670 duration = __le16_to_cpu(cp->duration);
24b4f38f 8671
12410572 8672 if (!requested_adv_flags_are_valid(hdev, flags))
24b4f38f
AU		 8673 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8674 MGMT_STATUS_INVALID_PARAMS);
8675
8676 hci_dev_lock(hdev);
8677
912098a6
AU		 8678 if (timeout && !hdev_is_powered(hdev)) {
8679 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8680 MGMT_STATUS_REJECTED);
8681 goto unlock;
8682 }
8683
12410572 8684 if (adv_busy(hdev)) {
24b4f38f
AU		 8685 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8686 MGMT_STATUS_BUSY);
8687 goto unlock;
8688 }
8689
f61851f6
MN		 8690 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
8691 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 8692 cp->scan_rsp_len, false)) {
24b4f38f
AU		 8693 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8694 MGMT_STATUS_INVALID_PARAMS);
8695 goto unlock;
8696 }
8697
4bd80d7a
ND		 8698 prev_instance_cnt = hdev->adv_instance_cnt;
8699
eca0ae4a 8700 adv = hci_add_adv_instance(hdev, cp->instance, flags,
fffd38bc
FG		 8701 cp->adv_data_len, cp->data,
8702 cp->scan_rsp_len,
8703 cp->data + cp->adv_data_len,
9bf9f4b6
DW		 8704 timeout, duration,
8705 HCI_ADV_TX_POWER_NO_PREFERENCE,
8706 hdev->le_adv_min_interval,
b338d917 8707 hdev->le_adv_max_interval, 0);
eca0ae4a 8708 if (IS_ERR(adv)) {
fffd38bc
FG		 8709 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8710 MGMT_STATUS_FAILED);
8711 goto unlock;
8712 }
24b4f38f 8713
fffd38bc
FG		 8714 /* Only trigger an advertising added event if a new instance was
8715 * actually added.
8716 */
8717 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 8718 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 8719
fffd38bc
FG		 8720 if (hdev->cur_adv_instance == cp->instance) {
8721 /* If the currently advertised instance is being changed then
8722 * cancel the current advertising and schedule the next
8723 * instance. If there is only one instance then the overridden
8724 * advertising data will be visible right away.
8725 */
8726 cancel_adv_timeout(hdev);
912098a6 8727
fffd38bc
FG		 8728 next_instance = hci_get_next_instance(hdev, cp->instance);
8729 if (next_instance)
8730 schedule_instance = next_instance->instance;
8731 } else if (!hdev->adv_instance_timeout) {
8732 /* Immediately advertise the new instance if no other
8733 * instance is currently being advertised.
8734 */
8735 schedule_instance = cp->instance;
8736 }
24b4f38f 8737
fffd38bc
FG		 8738 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
8739 * there is no instance to be advertised then we have no HCI
8740 * communication to make. Simply return.
24b4f38f
AU		 8741 */
8742 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 8743 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8744 !schedule_instance) {
8745 rp.instance = cp->instance;
24b4f38f
AU		 8746 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8747 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8748 goto unlock;
8749 }
8750
8751 /* We're good to go, update advertising data, parameters, and start
8752 * advertising.
8753 */
cba6b758 8754 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
24b4f38f
AU		 8755 data_len);
8756 if (!cmd) {
8757 err = -ENOMEM;
8758 goto unlock;
8759 }
8760
cba6b758 8761 cp->instance = schedule_instance;
24b4f38f 8762
cba6b758
LAD		 8763 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
8764 add_advertising_complete);
8765 if (err < 0)
8766 mgmt_pending_free(cmd);
24b4f38f
AU		 8767
8768unlock:
8769 hci_dev_unlock(hdev);
8770
8771 return err;
8772}
8773
cba6b758
LAD		 8774static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
8775 int err)
12410572 8776{
cba6b758
LAD		 8777 struct mgmt_pending_cmd *cmd = data;
8778 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
12410572 8779 struct mgmt_rp_add_ext_adv_params rp;
cba6b758 8780 struct adv_info *adv;
12410572
DW		 8781 u32 flags;
8782
8783 BT_DBG("%s", hdev->name);
8784
8785 hci_dev_lock(hdev);
8786
cba6b758
LAD		 8787 adv = hci_find_adv_instance(hdev, cp->instance);
8788 if (!adv)
12410572
DW		 8789 goto unlock;
8790
8791 rp.instance = cp->instance;
cba6b758 8792 rp.tx_power = adv->tx_power;
12410572
DW		 8793
8794 /* While we're at it, inform userspace of the available space for this
8795 * advertisement, given the flags that will be used.
8796 */
8797 flags = __le32_to_cpu(cp->flags);
8798 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8799 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8800
cba6b758 8801 if (err) {
12410572
DW		 8802 /* If this advertisement was previously advertising and we
8803 * failed to update it, we signal that it has been removed and
8804 * delete its structure
8805 */
cba6b758 8806 if (!adv->pending)
12410572
DW		 8807 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
8808
8809 hci_remove_adv_instance(hdev, cp->instance);
8810
8811 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8812 mgmt_status(err));
12410572
DW		 8813 } else {
8814 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8815 mgmt_status(err), &rp, sizeof(rp));
12410572
DW		 8816 }
8817
8818unlock:
8819 if (cmd)
cba6b758 8820 mgmt_pending_free(cmd);
12410572
DW		 8821
8822 hci_dev_unlock(hdev);
8823}
8824
cba6b758
LAD		 8825static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
8826{
8827 struct mgmt_pending_cmd *cmd = data;
8828 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
8829
8830 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
8831}
8832
12410572
DW		 8833static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
8834 void *data, u16 data_len)
8835{
8836 struct mgmt_cp_add_ext_adv_params *cp = data;
8837 struct mgmt_rp_add_ext_adv_params rp;
8838 struct mgmt_pending_cmd *cmd = NULL;
eca0ae4a 8839 struct adv_info *adv;
12410572
DW		 8840 u32 flags, min_interval, max_interval;
8841 u16 timeout, duration;
8842 u8 status;
8843 s8 tx_power;
8844 int err;
8845
8846 BT_DBG("%s", hdev->name);
8847
8848 status = mgmt_le_support(hdev);
8849 if (status)
8850 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8851 status);
8852
8853 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8854 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8855 MGMT_STATUS_INVALID_PARAMS);
8856
8857 /* The purpose of breaking add_advertising into two separate MGMT calls
8858 * for params and data is to allow more parameters to be added to this
8859 * structure in the future. For this reason, we verify that we have the
8860 * bare minimum structure we know of when the interface was defined. Any
8861 * extra parameters we don't know about will be ignored in this request.
8862 */
8863 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
3b1c7c00 8864 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
12410572
DW		 8865 MGMT_STATUS_INVALID_PARAMS);
8866
8867 flags = __le32_to_cpu(cp->flags);
8868
8869 if (!requested_adv_flags_are_valid(hdev, flags))
8870 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8871 MGMT_STATUS_INVALID_PARAMS);
8872
8873 hci_dev_lock(hdev);
8874
8875 /* In new interface, we require that we are powered to register */
8876 if (!hdev_is_powered(hdev)) {
8877 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8878 MGMT_STATUS_REJECTED);
8879 goto unlock;
8880 }
8881
8882 if (adv_busy(hdev)) {
8883 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8884 MGMT_STATUS_BUSY);
8885 goto unlock;
8886 }
8887
8888 /* Parse defined parameters from request, use defaults otherwise */
8889 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
8890 __le16_to_cpu(cp->timeout) : 0;
8891
8892 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
8893 __le16_to_cpu(cp->duration) :
8894 hdev->def_multi_adv_rotation_duration;
8895
8896 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8897 __le32_to_cpu(cp->min_interval) :
8898 hdev->le_adv_min_interval;
8899
8900 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8901 __le32_to_cpu(cp->max_interval) :
8902 hdev->le_adv_max_interval;
8903
8904 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
8905 cp->tx_power :
8906 HCI_ADV_TX_POWER_NO_PREFERENCE;
8907
8908 /* Create advertising instance with no advertising or response data */
eca0ae4a
LAD		 8909 adv = hci_add_adv_instance(hdev, cp->instance, flags, 0, NULL, 0, NULL,
8910 timeout, duration, tx_power, min_interval,
b338d917 8911 max_interval, 0);
12410572 8912
eca0ae4a 8913 if (IS_ERR(adv)) {
12410572
DW		 8914 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8915 MGMT_STATUS_FAILED);
8916 goto unlock;
8917 }
8918
12410572
DW		 8919 /* Submit request for advertising params if ext adv available */
8920 if (ext_adv_capable(hdev)) {
cba6b758
LAD		 8921 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
8922 data, data_len);
12410572
DW		 8923 if (!cmd) {
8924 err = -ENOMEM;
8925 hci_remove_adv_instance(hdev, cp->instance);
8926 goto unlock;
8927 }
8928
cba6b758
LAD		 8929 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
8930 add_ext_adv_params_complete);
8931 if (err < 0)
8932 mgmt_pending_free(cmd);
12410572
DW		 8933 } else {
8934 rp.instance = cp->instance;
8935 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8936 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8937 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8938 err = mgmt_cmd_complete(sk, hdev->id,
8939 MGMT_OP_ADD_EXT_ADV_PARAMS,
8940 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8941 }
8942
8943unlock:
8944 hci_dev_unlock(hdev);
8945
8946 return err;
8947}
8948
cba6b758
LAD		 8949static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
8950{
8951 struct mgmt_pending_cmd *cmd = data;
8952 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8953 struct mgmt_rp_add_advertising rp;
8954
8955 add_adv_complete(hdev, cmd->sk, cp->instance, err);
8956
8957 memset(&rp, 0, sizeof(rp));
8958
8959 rp.instance = cp->instance;
8960
8961 if (err)
8962 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8963 mgmt_status(err));
8964 else
8965 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8966 mgmt_status(err), &rp, sizeof(rp));
8967
8968 mgmt_pending_free(cmd);
8969}
8970
8971static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
8972{
8973 struct mgmt_pending_cmd *cmd = data;
8974 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8975 int err;
8976
8977 if (ext_adv_capable(hdev)) {
8978 err = hci_update_adv_data_sync(hdev, cp->instance);
8979 if (err)
8980 return err;
8981
8982 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
8983 if (err)
8984 return err;
8985
8986 return hci_enable_ext_advertising_sync(hdev, cp->instance);
8987 }
8988
8989 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
8990}
8991
12410572
DW		 8992static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
8993 u16 data_len)
8994{
8995 struct mgmt_cp_add_ext_adv_data *cp = data;
8996 struct mgmt_rp_add_ext_adv_data rp;
8997 u8 schedule_instance = 0;
8998 struct adv_info *next_instance;
8999 struct adv_info *adv_instance;
9000 int err = 0;
9001 struct mgmt_pending_cmd *cmd;
12410572
DW		 9002
9003 BT_DBG("%s", hdev->name);
9004
9005 hci_dev_lock(hdev);
9006
9007 adv_instance = hci_find_adv_instance(hdev, cp->instance);
9008
9009 if (!adv_instance) {
9010 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9011 MGMT_STATUS_INVALID_PARAMS);
9012 goto unlock;
9013 }
9014
9015 /* In new interface, we require that we are powered to register */
9016 if (!hdev_is_powered(hdev)) {
9017 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9018 MGMT_STATUS_REJECTED);
9019 goto clear_new_instance;
9020 }
9021
9022 if (adv_busy(hdev)) {
9023 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9024 MGMT_STATUS_BUSY);
9025 goto clear_new_instance;
9026 }
9027
9028 /* Validate new data */
9029 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
9030 cp->adv_data_len, true) ||
9031 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
9032 cp->adv_data_len, cp->scan_rsp_len, false)) {
9033 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9034 MGMT_STATUS_INVALID_PARAMS);
9035 goto clear_new_instance;
9036 }
9037
9038 /* Set the data in the advertising instance */
9039 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
9040 cp->data, cp->scan_rsp_len,
9041 cp->data + cp->adv_data_len);
9042
cba6b758
LAD		 9043 /* If using software rotation, determine next instance to use */
9044 if (hdev->cur_adv_instance == cp->instance) {
9045 /* If the currently advertised instance is being changed
9046 * then cancel the current advertising and schedule the
9047 * next instance. If there is only one instance then the
9048 * overridden advertising data will be visible right
9049 * away
9050 */
9051 cancel_adv_timeout(hdev);
12410572 9052
cba6b758
LAD		 9053 next_instance = hci_get_next_instance(hdev, cp->instance);
9054 if (next_instance)
9055 schedule_instance = next_instance->instance;
9056 } else if (!hdev->adv_instance_timeout) {
9057 /* Immediately advertise the new instance if no other
9058 * instance is currently being advertised.
12410572 9059 */
cba6b758
LAD		 9060 schedule_instance = cp->instance;
9061 }
12410572 9062
cba6b758
LAD		 9063 /* If the HCI_ADVERTISING flag is set or there is no instance to
9064 * be advertised then we have no HCI communication to make.
9065 * Simply return.
9066 */
9067 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
9068 if (adv_instance->pending) {
9069 mgmt_advertising_added(sk, hdev, cp->instance);
9070 adv_instance->pending = false;
9071 }
9072 rp.instance = cp->instance;
9073 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
9074 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
9075 goto unlock;
12410572
DW		 9076 }
9077
cba6b758 9078 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
12410572
DW		 9079 data_len);
9080 if (!cmd) {
9081 err = -ENOMEM;
9082 goto clear_new_instance;
9083 }
9084
cba6b758
LAD		 9085 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
9086 add_ext_adv_data_complete);
12410572 9087 if (err < 0) {
cba6b758 9088 mgmt_pending_free(cmd);
12410572
DW		 9089 goto clear_new_instance;
9090 }
9091
9092 /* We were successful in updating data, so trigger advertising_added
9093 * event if this is an instance that wasn't previously advertising. If
9094 * a failure occurs in the requests we initiated, we will remove the
9095 * instance again in add_advertising_complete
9096 */
9097 if (adv_instance->pending)
9098 mgmt_advertising_added(sk, hdev, cp->instance);
9099
9100 goto unlock;
9101
9102clear_new_instance:
9103 hci_remove_adv_instance(hdev, cp->instance);
9104
9105unlock:
9106 hci_dev_unlock(hdev);
9107
9108 return err;
9109}
9110
cba6b758
LAD		 9111static void remove_advertising_complete(struct hci_dev *hdev, void *data,
9112 int err)
da929335 9113{
cba6b758
LAD		 9114 struct mgmt_pending_cmd *cmd = data;
9115 struct mgmt_cp_remove_advertising *cp = cmd->param;
da929335
AU		 9116 struct mgmt_rp_remove_advertising rp;
9117
cba6b758 9118 bt_dev_dbg(hdev, "err %d", err);
da929335 9119
cba6b758
LAD		 9120 memset(&rp, 0, sizeof(rp));
9121 rp.instance = cp->instance;
da929335 9122
cba6b758
LAD		 9123 if (err)
9124 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
9125 mgmt_status(err));
9126 else
9127 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
9128 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
da929335 9129
cba6b758
LAD		 9130 mgmt_pending_free(cmd);
9131}
da929335 9132
cba6b758
LAD		 9133static int remove_advertising_sync(struct hci_dev *hdev, void *data)
9134{
9135 struct mgmt_pending_cmd *cmd = data;
9136 struct mgmt_cp_remove_advertising *cp = cmd->param;
9137 int err;
da929335 9138
cba6b758
LAD		 9139 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
9140 if (err)
9141 return err;
9142
9143 if (list_empty(&hdev->adv_instances))
9144 err = hci_disable_advertising_sync(hdev);
9145
9146 return err;
da929335
AU		 9147}
9148
9149static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
9150 void *data, u16 data_len)
9151{
9152 struct mgmt_cp_remove_advertising *cp = data;
da929335 9153 struct mgmt_pending_cmd *cmd;
952497b1 9154 int err;
da929335 9155
181d6953 9156 bt_dev_dbg(hdev, "sock %p", sk);
da929335 9157
da929335
AU		 9158 hci_dev_lock(hdev);
9159
952497b1 9160 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 9161 err = mgmt_cmd_status(sk, hdev->id,
9162 MGMT_OP_REMOVE_ADVERTISING,
9163 MGMT_STATUS_INVALID_PARAMS);
9164 goto unlock;
9165 }
9166
275f3f64 9167 if (pending_find(MGMT_OP_SET_LE, hdev)) {
da929335
AU		 9168 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
9169 MGMT_STATUS_BUSY);
9170 goto unlock;
9171 }
9172
17fd08ff 9173 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 9174 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
9175 MGMT_STATUS_INVALID_PARAMS);
9176 goto unlock;
9177 }
9178
cba6b758 9179 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
da929335
AU		 9180 data_len);
9181 if (!cmd) {
9182 err = -ENOMEM;
9183 goto unlock;
9184 }
9185
cba6b758
LAD		 9186 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
9187 remove_advertising_complete);
da929335 9188 if (err < 0)
cba6b758 9189 mgmt_pending_free(cmd);
da929335
AU		 9190
9191unlock:
9192 hci_dev_unlock(hdev);
9193
9194 return err;
9195}
9196
40b25fe5
MH		 9197static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
9198 void *data, u16 data_len)
9199{
9200 struct mgmt_cp_get_adv_size_info *cp = data;
9201 struct mgmt_rp_get_adv_size_info rp;
9202 u32 flags, supported_flags;
40b25fe5 9203
181d6953 9204 bt_dev_dbg(hdev, "sock %p", sk);
40b25fe5
MH		 9205
9206 if (!lmp_le_capable(hdev))
9207 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9208 MGMT_STATUS_REJECTED);
9209
87597482 9210 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
40b25fe5
MH		 9211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9212 MGMT_STATUS_INVALID_PARAMS);
9213
9214 flags = __le32_to_cpu(cp->flags);
9215
9216 /* The current implementation only supports a subset of the specified
9217 * flags.
9218 */
9219 supported_flags = get_supported_adv_flags(hdev);
9220 if (flags & ~supported_flags)
9221 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9222 MGMT_STATUS_INVALID_PARAMS);
9223
9224 rp.instance = cp->instance;
9225 rp.flags = cp->flags;
f61851f6
MN		 9226 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
9227 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
40b25fe5 9228
a6fbb2bf
MC		 9229 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
9230 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
40b25fe5
MH		 9231}
9232
6d785aa3 9233static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 9234 { NULL }, /* 0x0000 (no command) */
b9a245fb 9235 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 9236 HCI_MGMT_NO_HDEV |
9237 HCI_MGMT_UNTRUSTED },
b9a245fb 9238 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 9239 HCI_MGMT_NO_HDEV |
9240 HCI_MGMT_UNTRUSTED },
b9a245fb 9241 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 9242 HCI_MGMT_NO_HDEV |
9243 HCI_MGMT_UNTRUSTED },
9244 { read_controller_info, MGMT_READ_INFO_SIZE,
9245 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 9246 { set_powered, MGMT_SETTING_SIZE },
9247 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
9248 { set_connectable, MGMT_SETTING_SIZE },
9249 { set_fast_connectable, MGMT_SETTING_SIZE },
9250 { set_bondable, MGMT_SETTING_SIZE },
9251 { set_link_security, MGMT_SETTING_SIZE },
9252 { set_ssp, MGMT_SETTING_SIZE },
9253 { set_hs, MGMT_SETTING_SIZE },
9254 { set_le, MGMT_SETTING_SIZE },
9255 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
9256 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
9257 { add_uuid, MGMT_ADD_UUID_SIZE },
9258 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 9259 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
9260 HCI_MGMT_VAR_LEN },
9261 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
9262 HCI_MGMT_VAR_LEN },
7aea8616
MH		 9263 { disconnect, MGMT_DISCONNECT_SIZE },
9264 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
9265 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
9266 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
9267 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
9268 { pair_device, MGMT_PAIR_DEVICE_SIZE },
9269 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
9270 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
9271 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
9272 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
9273 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
9274 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 9275 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
9276 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
9277 HCI_MGMT_VAR_LEN },
7aea8616
MH		 9278 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
9279 { start_discovery, MGMT_START_DISCOVERY_SIZE },
9280 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
9281 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
9282 { block_device, MGMT_BLOCK_DEVICE_SIZE },
9283 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
9284 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
9285 { set_advertising, MGMT_SETTING_SIZE },
9286 { set_bredr, MGMT_SETTING_SIZE },
9287 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
9288 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
9289 { set_secure_conn, MGMT_SETTING_SIZE },
9290 { set_debug_keys, MGMT_SETTING_SIZE },
9291 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 9292 { load_irks, MGMT_LOAD_IRKS_SIZE,
9293 HCI_MGMT_VAR_LEN },
7aea8616
MH		 9294 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
9295 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
9296 { add_device, MGMT_ADD_DEVICE_SIZE },
9297 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 9298 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
9299 HCI_MGMT_VAR_LEN },
9300 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 9301 HCI_MGMT_NO_HDEV |
9302 HCI_MGMT_UNTRUSTED },
b9a245fb 9303 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 9304 HCI_MGMT_UNCONFIGURED |
9305 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 9306 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
9307 HCI_MGMT_UNCONFIGURED },
9308 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
9309 HCI_MGMT_UNCONFIGURED },
9310 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
9311 HCI_MGMT_VAR_LEN },
4f0f155c 9312 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 9313 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 9314 HCI_MGMT_NO_HDEV |
9315 HCI_MGMT_UNTRUSTED },
d3d5305b 9316 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 9317 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
9318 HCI_MGMT_VAR_LEN },
da929335 9319 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 9320 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 9321 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 9322 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
9323 HCI_MGMT_UNTRUSTED },
c4960ecf 9324 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6244691f 9325 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
0314f286 9326 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
600a8749
AM		 9327 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
9328 HCI_MGMT_VAR_LEN },
00bce3fb 9329 { set_wideband_speech, MGMT_SETTING_SIZE },
4d9b9528 9330 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
bc292258 9331 HCI_MGMT_UNTRUSTED },
a10c907c
MH		 9332 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
9333 HCI_MGMT_UNTRUSTED |
9334 HCI_MGMT_HDEV_OPTIONAL },
9335 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
9336 HCI_MGMT_VAR_LEN |
9337 HCI_MGMT_HDEV_OPTIONAL },
17896406
AM		 9338 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
9339 HCI_MGMT_UNTRUSTED },
9340 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
9341 HCI_MGMT_VAR_LEN },
aececa64
MH		 9342 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
9343 HCI_MGMT_UNTRUSTED },
9344 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
9345 HCI_MGMT_VAR_LEN },
4c54bf2b
APS		 9346 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
9347 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
e5e1e7fd 9348 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
b139553d
MC		 9349 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
9350 HCI_MGMT_VAR_LEN },
bd2fbc6c 9351 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
12410572
DW		 9352 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
9353 HCI_MGMT_VAR_LEN },
9354 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
9355 HCI_MGMT_VAR_LEN },
b4a221ea 9356 { add_adv_patterns_monitor_rssi,
1a0291f8
HC		 9357 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
9358 HCI_MGMT_VAR_LEN },
b338d917 9359 { set_mesh, MGMT_SET_MESH_RECEIVER_SIZE,
b4a221ea 9360 HCI_MGMT_VAR_LEN },
b338d917
BG		 9361 { mesh_features, MGMT_MESH_READ_FEATURES_SIZE },
9362 { mesh_send, MGMT_MESH_SEND_SIZE,
9363 HCI_MGMT_VAR_LEN },
9364 { mesh_send_cancel, MGMT_MESH_SEND_CANCEL_SIZE },
0f4e68cf
JH		 9365};
9366
bf6b56db 9367void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 9368{
ced85549 9369 struct mgmt_ev_ext_index ev;
bb4b2a9a 9370
0602a8ad
MH		 9371 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
9372 return;
9373
f9207338 9374 switch (hdev->dev_type) {
ca8bee5d 9375 case HCI_PRIMARY:
f9207338
MH		 9376 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
9377 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
9378 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 9379 ev.type = 0x01;
f9207338
MH		 9380 } else {
9381 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
9382 HCI_MGMT_INDEX_EVENTS);
ced85549 9383 ev.type = 0x00;
f9207338
MH		 9384 }
9385 break;
ced85549
MH		 9386 case HCI_AMP:
9387 ev.type = 0x02;
9388 break;
9389 default:
9390 return;
f9207338 9391 }
ced85549
MH		 9392
9393 ev.bus = hdev->bus;
9394
9395 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
9396 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 9397}
9398
bf6b56db 9399void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 9400{
ced85549 9401 struct mgmt_ev_ext_index ev;
5f159032 9402 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 9403
0602a8ad
MH		 9404 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
9405 return;
9406
f9207338 9407 switch (hdev->dev_type) {
ca8bee5d 9408 case HCI_PRIMARY:
f9207338 9409 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 9410
f9207338
MH		 9411 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
9412 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
9413 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 9414 ev.type = 0x01;
f9207338
MH		 9415 } else {
9416 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
9417 HCI_MGMT_INDEX_EVENTS);
ced85549 9418 ev.type = 0x00;
f9207338
MH		 9419 }
9420 break;
ced85549
MH		 9421 case HCI_AMP:
9422 ev.type = 0x02;
9423 break;
9424 default:
9425 return;
f9207338 9426 }
ced85549
MH		 9427
9428 ev.bus = hdev->bus;
9429
9430 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
9431 HCI_MGMT_EXT_INDEX_EVENTS);
0ef08313
BG		 9432
9433 /* Cancel any remaining timed work */
3f2893d3
TH		 9434 if (!hci_dev_test_flag(hdev, HCI_MGMT))
9435 return;
0ef08313
BG		 9436 cancel_delayed_work_sync(&hdev->discov_off);
9437 cancel_delayed_work_sync(&hdev->service_cache);
9438 cancel_delayed_work_sync(&hdev->rpa_expired);
eec8d2bc
JH		 9439}
9440
2ff13894 9441void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 9442{
9443 struct cmd_lookup match = { NULL, hdev };
9444
181d6953 9445 bt_dev_dbg(hdev, "err %d", err);
229ab39c 9446
2ff13894
JH		 9447 hci_dev_lock(hdev);
9448
9449 if (!err) {
af02dd44 9450 restart_le_actions(hdev);
ad383c2c 9451 hci_update_passive_scan(hdev);
162a3bac
MH		 9452 }
9453
229ab39c
JH		 9454 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9455
9456 new_settings(hdev, match.sk);
9457
229ab39c
JH		 9458 if (match.sk)
9459 sock_put(match.sk);
229ab39c 9460
2ff13894 9461 hci_dev_unlock(hdev);
70da6243 9462}
562fcc24 9463
2ff13894 9464void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 9465{
9466 struct cmd_lookup match = { NULL, hdev };
9845904f 9467 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 9468
229ab39c 9469 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 9470
9471 /* If the power off is because of hdev unregistration let
9472 * use the appropriate INVALID_INDEX status. Otherwise use
9473 * NOT_POWERED. We cover both scenarios here since later in
9474 * mgmt_index_removed() any hci_conn callbacks will have already
9475 * been triggered, potentially causing misleading DISCONNECTED
9476 * status responses.
9477 */
d7a5a11d 9478 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 9479 status = MGMT_STATUS_INVALID_INDEX;
9480 else
9481 status = MGMT_STATUS_NOT_POWERED;
9482
9483 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 9484
321c6fee 9485 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 9486 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
9487 zero_cod, sizeof(zero_cod),
9488 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 9489 ext_info_changed(hdev, NULL);
9490 }
229ab39c 9491
2ff13894 9492 new_settings(hdev, match.sk);
eec8d2bc
JH		 9493
9494 if (match.sk)
9495 sock_put(match.sk);
5add6af8 9496}
73f22f62 9497
3eec705e 9498void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 9499{
3b0602cd 9500 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 9501 u8 status;
9502
333ae95d 9503 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 9504 if (!cmd)
3eec705e 9505 return;
96570ffc
JH		 9506
9507 if (err == -ERFKILL)
9508 status = MGMT_STATUS_RFKILLED;
9509 else
9510 status = MGMT_STATUS_FAILED;
9511
a69e8375 9512 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 9513
9514 mgmt_pending_remove(cmd);
96570ffc
JH		 9515}
9516
dc4a5ee2
MH		 9517void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
9518 bool persistent)
55ed8ca1 9519{
86742e1e 9520 struct mgmt_ev_new_link_key ev;
55ed8ca1 9521
a492cd52 9522 memset(&ev, 0, sizeof(ev));
55ed8ca1 9523
a492cd52 9524 ev.store_hint = persistent;
d753fdc4 9525 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 9526 ev.key.addr.type = BDADDR_BREDR;
a492cd52 9527 ev.key.type = key->type;
9b3b4460 9528 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 9529 ev.key.pin_len = key->pin_len;
55ed8ca1 9530
dc4a5ee2 9531 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 9532}
f7520543 9533
d7b25450
JH		 9534static u8 mgmt_ltk_type(struct smp_ltk *ltk)
9535{
23fb8de3
JH		 9536 switch (ltk->type) {
9537 case SMP_LTK:
fad646e1 9538 case SMP_LTK_RESPONDER:
23fb8de3
JH		 9539 if (ltk->authenticated)
9540 return MGMT_LTK_AUTHENTICATED;
9541 return MGMT_LTK_UNAUTHENTICATED;
9542 case SMP_LTK_P256:
9543 if (ltk->authenticated)
9544 return MGMT_LTK_P256_AUTH;
9545 return MGMT_LTK_P256_UNAUTH;
9546 case SMP_LTK_P256_DEBUG:
9547 return MGMT_LTK_P256_DEBUG;
9548 }
d7b25450
JH		 9549
9550 return MGMT_LTK_UNAUTHENTICATED;
9551}
9552
53ac6ab6 9553void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 9554{
9555 struct mgmt_ev_new_long_term_key ev;
9556
9557 memset(&ev, 0, sizeof(ev));
9558
5192d301 9559 /* Devices using resolvable or non-resolvable random addresses
f72186d2 9560 * without providing an identity resolving key don't require
5192d301
MH		 9561 * to store long term keys. Their addresses will change the
9562 * next time around.
9563 *
9564 * Only when a remote device provides an identity address
9565 * make sure the long term key is stored. If the remote
9566 * identity is known, the long term keys are internally
9567 * mapped to the identity address. So allow static random
9568 * and public addresses here.
9569 */
ba74b666
JH		 9570 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
9571 (key->bdaddr.b[5] & 0xc0) != 0xc0)
9572 ev.store_hint = 0x00;
9573 else
53ac6ab6 9574 ev.store_hint = persistent;
ba74b666 9575
346af67b 9576 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 9577 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 9578 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 9579 ev.key.enc_size = key->enc_size;
9580 ev.key.ediv = key->ediv;
fe39c7b2 9581 ev.key.rand = key->rand;
346af67b 9582
2ceba539 9583 if (key->type == SMP_LTK)
fad646e1 9584 ev.key.initiator = 1;
346af67b 9585
1fc62c52
JH		 9586 /* Make sure we copy only the significant bytes based on the
9587 * encryption key size, and set the rest of the value to zeroes.
9588 */
cb92205b 9589 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 9590 memset(ev.key.val + key->enc_size, 0,
9591 sizeof(ev.key.val) - key->enc_size);
346af67b 9592
083368f7 9593 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 9594}
9595
cad20c27 9596void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 9597{
9598 struct mgmt_ev_new_irk ev;
9599
9600 memset(&ev, 0, sizeof(ev));
9601
cad20c27 9602 ev.store_hint = persistent;
bab6d1e5 9603
95fbac8a
JH		 9604 bacpy(&ev.rpa, &irk->rpa);
9605 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
9606 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
9607 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
9608
9609 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
9610}
9611
53ac6ab6
MH		 9612void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
9613 bool persistent)
7ee4ea36
MH		 9614{
9615 struct mgmt_ev_new_csrk ev;
9616
9617 memset(&ev, 0, sizeof(ev));
9618
9619 /* Devices using resolvable or non-resolvable random addresses
f72186d2 9620 * without providing an identity resolving key don't require
7ee4ea36
MH		 9621 * to store signature resolving keys. Their addresses will change
9622 * the next time around.
9623 *
9624 * Only when a remote device provides an identity address
9625 * make sure the signature resolving key is stored. So allow
9626 * static random and public addresses here.
9627 */
9628 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
9629 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
9630 ev.store_hint = 0x00;
9631 else
53ac6ab6 9632 ev.store_hint = persistent;
7ee4ea36
MH		 9633
9634 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
9635 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 9636 ev.key.type = csrk->type;
7ee4ea36
MH		 9637 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
9638
9639 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
9640}
9641
ffb5a827 9642void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 9643 u8 bdaddr_type, u8 store_hint, u16 min_interval,
9644 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 9645{
9646 struct mgmt_ev_new_conn_param ev;
9647
c103aea6
JH		 9648 if (!hci_is_identity_address(bdaddr, bdaddr_type))
9649 return;
9650
ffb5a827
AG		 9651 memset(&ev, 0, sizeof(ev));
9652 bacpy(&ev.addr.bdaddr, bdaddr);
9653 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 9654 ev.store_hint = store_hint;
ffb5a827
AG		 9655 ev.min_interval = cpu_to_le16(min_interval);
9656 ev.max_interval = cpu_to_le16(max_interval);
9657 ev.latency = cpu_to_le16(latency);
9658 ev.timeout = cpu_to_le16(timeout);
9659
9660 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
9661}
9662
48ec92fa 9663void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
1c6ed31b 9664 u8 *name, u8 name_len)
f7520543 9665{
e9674143
LAD		 9666 struct sk_buff *skb;
9667 struct mgmt_ev_device_connected *ev;
b644ba33 9668 u16 eir_len = 0;
1c6ed31b 9669 u32 flags = 0;
f7520543 9670
ba17bb62 9671 /* allocate buff for LE or BR/EDR adv */
e9674143
LAD		 9672 if (conn->le_adv_data_len > 0)
9673 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
ba17bb62 9674 sizeof(*ev) + conn->le_adv_data_len);
e9674143
LAD		 9675 else
9676 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_CONNECTED,
ba17bb62
RB		 9677 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0) +
9678 eir_precalc_len(sizeof(conn->dev_class)));
e9674143
LAD		 9679
9680 ev = skb_put(skb, sizeof(*ev));
48ec92fa
AA		 9681 bacpy(&ev->addr.bdaddr, &conn->dst);
9682 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 9683
1c6ed31b
YL		 9684 if (conn->out)
9685 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
9686
c95f0ba7 9687 ev->flags = __cpu_to_le32(flags);
08c79b61 9688
fd45ada9
AA		 9689 /* We must ensure that the EIR Data fields are ordered and
9690 * unique. Keep it simple for now and avoid the problem by not
9691 * adding any BR/EDR data to the LE adv.
9692 */
9693 if (conn->le_adv_data_len > 0) {
e9674143 9694 skb_put_data(skb, conn->le_adv_data, conn->le_adv_data_len);
fd45ada9
AA		 9695 eir_len = conn->le_adv_data_len;
9696 } else {
c2b2a1a7
RB		 9697 if (name)
9698 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
b644ba33 9699
c2b2a1a7
RB		 9700 if (memcmp(conn->dev_class, "\0\0\0", sizeof(conn->dev_class)))
9701 eir_len += eir_skb_put_data(skb, EIR_CLASS_OF_DEV,
9702 conn->dev_class, sizeof(conn->dev_class));
fd45ada9 9703 }
b644ba33 9704
eb55ef07 9705 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 9706
e9674143 9707 mgmt_event_skb(skb, NULL);
f7520543
JH		 9708}
9709
3b0602cd 9710static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 9711{
8962ee74 9712 struct sock **sk = data;
8962ee74 9713
f5818c22 9714 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 9715
9716 *sk = cmd->sk;
9717 sock_hold(*sk);
9718
a664b5bc 9719 mgmt_pending_remove(cmd);
8962ee74
JH		 9720}
9721
3b0602cd 9722static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 9723{
b1078ad0 9724 struct hci_dev *hdev = data;
124f6e35 9725 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 9726
b1078ad0
JH		 9727 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
9728
d8b7b1e4 9729 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 9730 mgmt_pending_remove(cmd);
9731}
9732
84c61d92
JH		 9733bool mgmt_powering_down(struct hci_dev *hdev)
9734{
3b0602cd 9735 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 9736 struct mgmt_mode *cp;
9737
333ae95d 9738 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 9739 if (!cmd)
9740 return false;
9741
9742 cp = cmd->param;
9743 if (!cp->val)
9744 return true;
9745
9746 return false;
9747}
9748
9b80ec5e 9749void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 9750 u8 link_type, u8 addr_type, u8 reason,
9751 bool mgmt_connected)
f7520543 9752{
f0d6a0ea 9753 struct mgmt_ev_device_disconnected ev;
8962ee74 9754 struct sock *sk = NULL;
8962ee74 9755
84c61d92
JH		 9756 /* The connection is still in hci_conn_hash so test for 1
9757 * instead of 0 to know if this is the last one.
9758 */
9759 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9760 cancel_delayed_work(&hdev->power_off);
9761 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 9762 }
9763
12d4a3b2
JH		 9764 if (!mgmt_connected)
9765 return;
9766
57eb776f
AG		 9767 if (link_type != ACL_LINK && link_type != LE_LINK)
9768 return;
9769
744cf19e 9770 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 9771
f0d6a0ea
MA		 9772 bacpy(&ev.addr.bdaddr, bdaddr);
9773 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9774 ev.reason = reason;
f7520543 9775
f0cfc486
APS		 9776 /* Report disconnects due to suspend */
9777 if (hdev->suspended)
9778 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
9779
9b80ec5e 9780 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 9781
9782 if (sk)
d97dcb66 9783 sock_put(sk);
8962ee74 9784
124f6e35 9785 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 9786 hdev);
8962ee74
JH		 9787}
9788
7892924c
MH		 9789void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
9790 u8 link_type, u8 addr_type, u8 status)
8962ee74 9791{
3655bba8
AG		 9792 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
9793 struct mgmt_cp_disconnect *cp;
3b0602cd 9794 struct mgmt_pending_cmd *cmd;
8962ee74 9795
36a75f1b
JD		 9796 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
9797 hdev);
9798
333ae95d 9799 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 9800 if (!cmd)
7892924c 9801 return;
8962ee74 9802
3655bba8
AG		 9803 cp = cmd->param;
9804
9805 if (bacmp(bdaddr, &cp->addr.bdaddr))
9806 return;
9807
9808 if (cp->addr.type != bdaddr_type)
9809 return;
9810
f5818c22 9811 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9812 mgmt_pending_remove(cmd);
f7520543 9813}
17d5c04c 9814
445608d0
MH		 9815void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9816 u8 addr_type, u8 status)
17d5c04c
JH		 9817{
9818 struct mgmt_ev_connect_failed ev;
c9910d0f 9819
84c61d92
JH		 9820 /* The connection is still in hci_conn_hash so test for 1
9821 * instead of 0 to know if this is the last one.
9822 */
9823 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9824 cancel_delayed_work(&hdev->power_off);
9825 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 9826 }
17d5c04c 9827
4c659c39 9828 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9829 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 9830 ev.status = mgmt_status(status);
17d5c04c 9831
445608d0 9832 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 9833}
980e1a53 9834
ce0e4a0d 9835void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 9836{
9837 struct mgmt_ev_pin_code_request ev;
9838
d8457698 9839 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 9840 ev.addr.type = BDADDR_BREDR;
a770bb5a 9841 ev.secure = secure;
980e1a53 9842
ce0e4a0d 9843 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 9844}
9845
e669cf80
MH		 9846void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9847 u8 status)
980e1a53 9848{
3b0602cd 9849 struct mgmt_pending_cmd *cmd;
980e1a53 9850
333ae95d 9851 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 9852 if (!cmd)
e669cf80 9853 return;
980e1a53 9854
7776d1d8 9855 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9856 mgmt_pending_remove(cmd);
980e1a53
JH		 9857}
9858
3eb38528
MH		 9859void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9860 u8 status)
980e1a53 9861{
3b0602cd 9862 struct mgmt_pending_cmd *cmd;
980e1a53 9863
333ae95d 9864 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 9865 if (!cmd)
3eb38528 9866 return;
980e1a53 9867
7776d1d8 9868 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9869 mgmt_pending_remove(cmd);
980e1a53 9870}
a5c29683 9871
744cf19e 9872int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 9873 u8 link_type, u8 addr_type, u32 value,
04124681 9874 u8 confirm_hint)
a5c29683
JH		 9875{
9876 struct mgmt_ev_user_confirm_request ev;
9877
181d6953 9878 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
a5c29683 9879
272d90df 9880 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9881 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 9882 ev.confirm_hint = confirm_hint;
39adbffe 9883 ev.value = cpu_to_le32(value);
a5c29683 9884
744cf19e 9885 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 9886 NULL);
a5c29683
JH		 9887}
9888
272d90df 9889int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 9890 u8 link_type, u8 addr_type)
604086b7
BG		 9891{
9892 struct mgmt_ev_user_passkey_request ev;
9893
181d6953 9894 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
604086b7 9895
272d90df 9896 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9897 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 9898
9899 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 9900 NULL);
604086b7
BG		 9901}
9902
0df4c185 9903static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 9904 u8 link_type, u8 addr_type, u8 status,
9905 u8 opcode)
a5c29683 9906{
3b0602cd 9907 struct mgmt_pending_cmd *cmd;
a5c29683 9908
333ae95d 9909 cmd = pending_find(opcode, hdev);
a5c29683
JH		 9910 if (!cmd)
9911 return -ENOENT;
9912
7776d1d8 9913 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9914 mgmt_pending_remove(cmd);
a5c29683 9915
7776d1d8 9916 return 0;
a5c29683
JH		 9917}
9918
744cf19e 9919int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9920 u8 link_type, u8 addr_type, u8 status)
a5c29683 9921{
272d90df 9922 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 9923 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 9924}
9925
272d90df 9926int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9927 u8 link_type, u8 addr_type, u8 status)
a5c29683 9928{
272d90df 9929 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 9930 status,
9931 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 9932}
2a611692 9933
604086b7 9934int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9935 u8 link_type, u8 addr_type, u8 status)
604086b7 9936{
272d90df 9937 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 9938 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 9939}
9940
272d90df 9941int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9942 u8 link_type, u8 addr_type, u8 status)
604086b7 9943{
272d90df 9944 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 9945 status,
9946 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 9947}
9948
92a25256
JH		 9949int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9950 u8 link_type, u8 addr_type, u32 passkey,
9951 u8 entered)
9952{
9953 struct mgmt_ev_passkey_notify ev;
9954
181d6953 9955 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
92a25256
JH		 9956
9957 bacpy(&ev.addr.bdaddr, bdaddr);
9958 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9959 ev.passkey = __cpu_to_le32(passkey);
9960 ev.entered = entered;
9961
9962 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9963}
9964
e1e930f5 9965void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 9966{
9967 struct mgmt_ev_auth_failed ev;
3b0602cd 9968 struct mgmt_pending_cmd *cmd;
e1e930f5 9969 u8 status = mgmt_status(hci_status);
2a611692 9970
e1e930f5
JH		 9971 bacpy(&ev.addr.bdaddr, &conn->dst);
9972 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9973 ev.status = status;
2a611692 9974
e1e930f5
JH		 9975 cmd = find_pairing(conn);
9976
9977 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9978 cmd ? cmd->sk : NULL);
9979
a511b35b
JH		 9980 if (cmd) {
9981 cmd->cmd_complete(cmd, status);
9982 mgmt_pending_remove(cmd);
9983 }
2a611692 9984}
b312b161 9985
464996ae 9986void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 9987{
9988 struct cmd_lookup match = { NULL, hdev };
464996ae 9989 bool changed;
33ef95ed
JH		 9990
9991 if (status) {
9992 u8 mgmt_err = mgmt_status(status);
9993 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 9994 cmd_status_rsp, &mgmt_err);
464996ae 9995 return;
33ef95ed
JH		 9996 }
9997
464996ae 9998 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 9999 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 10000 else
a69d8927 10001 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 10002
33ef95ed 10003 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 10004 &match);
33ef95ed 10005
47990ea0 10006 if (changed)
464996ae 10007 new_settings(hdev, match.sk);
33ef95ed
JH		 10008
10009 if (match.sk)
10010 sock_put(match.sk);
33ef95ed
JH		 10011}
10012
3b0602cd 10013static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 10014{
10015 struct cmd_lookup *match = data;
10016
90e70454
JH		 10017 if (match->sk == NULL) {
10018 match->sk = cmd->sk;
10019 sock_hold(match->sk);
10020 }
90e70454
JH		 10021}
10022
4e1b0245
MH		 10023void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
10024 u8 status)
7f9a903c 10025{
90e70454 10026 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 10027
92da6097
JH		 10028 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
10029 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
10030 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 10031
321c6fee 10032 if (!status) {
5504c3a3
MH		 10033 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
10034 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 10035 ext_info_changed(hdev, NULL);
10036 }
90e70454
JH		 10037
10038 if (match.sk)
10039 sock_put(match.sk);
7f9a903c
MH		 10040}
10041
7667da34 10042void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 10043{
b312b161 10044 struct mgmt_cp_set_local_name ev;
3b0602cd 10045 struct mgmt_pending_cmd *cmd;
28cc7bde 10046
13928971 10047 if (status)
7667da34 10048 return;
b312b161
JH		 10049
10050 memset(&ev, 0, sizeof(ev));
10051 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 10052 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 10053
333ae95d 10054 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 10055 if (!cmd) {
10056 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 10057
13928971
JH		 10058 /* If this is a HCI command related to powering on the
10059 * HCI dev don't send any mgmt signals.
10060 */
333ae95d 10061 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 10062 return;
890ea898 10063 }
b312b161 10064
5504c3a3
MH		 10065 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
10066 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 10067 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 10068}
c35938b2 10069
799ce93d
JP		 10070static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
10071{
10072 int i;
10073
10074 for (i = 0; i < uuid_count; i++) {
10075 if (!memcmp(uuid, uuids[i], 16))
10076 return true;
10077 }
10078
10079 return false;
10080}
10081
b487b9ce
MH		 10082static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
10083{
799ce93d
JP		 10084 u16 parsed = 0;
10085
10086 while (parsed < eir_len) {
10087 u8 field_len = eir[0];
10088 u8 uuid[16];
10089 int i;
10090
10091 if (field_len == 0)
10092 break;
10093
10094 if (eir_len - parsed < field_len + 1)
10095 break;
10096
10097 switch (eir[1]) {
10098 case EIR_UUID16_ALL:
10099 case EIR_UUID16_SOME:
10100 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 10101 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 10102 uuid[13] = eir[i + 3];
10103 uuid[12] = eir[i + 2];
10104 if (has_uuid(uuid, uuid_count, uuids))
10105 return true;
10106 }
10107 break;
10108 case EIR_UUID32_ALL:
10109 case EIR_UUID32_SOME:
10110 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 10111 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 10112 uuid[15] = eir[i + 5];
10113 uuid[14] = eir[i + 4];
10114 uuid[13] = eir[i + 3];
10115 uuid[12] = eir[i + 2];
10116 if (has_uuid(uuid, uuid_count, uuids))
10117 return true;
10118 }
10119 break;
10120 case EIR_UUID128_ALL:
10121 case EIR_UUID128_SOME:
10122 for (i = 0; i + 17 <= field_len; i += 16) {
10123 memcpy(uuid, eir + i + 2, 16);
10124 if (has_uuid(uuid, uuid_count, uuids))
10125 return true;
10126 }
10127 break;
10128 }
10129
10130 parsed += field_len + 1;
10131 eir += field_len + 1;
10132 }
10133
b487b9ce
MH		 10134 return false;
10135}
10136
4b0e0ced
JP		 10137static void restart_le_scan(struct hci_dev *hdev)
10138{
10139 /* If controller is not scanning we are done. */
d7a5a11d 10140 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 10141 return;
10142
10143 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
10144 hdev->discovery.scan_start +
10145 hdev->discovery.scan_duration))
10146 return;
10147
7c1fbed2 10148 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 10149 DISCOV_LE_RESTART_DELAY);
10150}
10151
48f86b7f
JP		 10152static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
10153 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 10154{
48f86b7f
JP		 10155 /* If a RSSI threshold has been specified, and
10156 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
10157 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
10158 * is set, let it through for further processing, as we might need to
10159 * restart the scan.
efb2513f
MH		 10160 *
10161 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
10162 * the results are also dropped.
bda157a4
MH		 10163 */
10164 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 10165 (rssi == HCI_RSSI_INVALID ||
10166 (rssi < hdev->discovery.rssi &&
10167 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 10168 return false;
efb2513f 10169
2976cdeb
JP		 10170 if (hdev->discovery.uuid_count != 0) {
10171 /* If a list of UUIDs is provided in filter, results with no
10172 * matching UUID should be dropped.
b487b9ce 10173 */
2976cdeb
JP		 10174 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
10175 hdev->discovery.uuids) &&
10176 !eir_has_uuids(scan_rsp, scan_rsp_len,
10177 hdev->discovery.uuid_count,
10178 hdev->discovery.uuids))
10179 return false;
b487b9ce 10180 }
5d2e9fad 10181
2976cdeb
JP		 10182 /* If duplicate filtering does not report RSSI changes, then restart
10183 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 10184 */
2976cdeb
JP		 10185 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
10186 restart_le_scan(hdev);
10187
10188 /* Validate RSSI value against the RSSI threshold once more. */
10189 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
10190 rssi < hdev->discovery.rssi)
10191 return false;
10192 }
48f86b7f
JP		 10193
10194 return true;
10195}
10196
8d7f1677
MM		 10197void mgmt_adv_monitor_device_lost(struct hci_dev *hdev, u16 handle,
10198 bdaddr_t *bdaddr, u8 addr_type)
10199{
10200 struct mgmt_ev_adv_monitor_device_lost ev;
10201
10202 ev.monitor_handle = cpu_to_le16(handle);
10203 bacpy(&ev.addr.bdaddr, bdaddr);
10204 ev.addr.type = addr_type;
10205
10206 mgmt_event(MGMT_EV_ADV_MONITOR_DEVICE_LOST, hdev, &ev, sizeof(ev),
10207 NULL);
10208}
10209
ff39fc1b
MM		 10210static void mgmt_send_adv_monitor_device_found(struct hci_dev *hdev,
10211 struct sk_buff *skb,
10212 struct sock *skip_sk,
10213 u16 handle)
10214{
10215 struct sk_buff *advmon_skb;
10216 size_t advmon_skb_len;
10217 __le16 *monitor_handle;
10218
10219 if (!skb)
10220 return;
10221
10222 advmon_skb_len = (sizeof(struct mgmt_ev_adv_monitor_device_found) -
10223 sizeof(struct mgmt_ev_device_found)) + skb->len;
10224 advmon_skb = mgmt_alloc_skb(hdev, MGMT_EV_ADV_MONITOR_DEVICE_FOUND,
10225 advmon_skb_len);
10226 if (!advmon_skb)
10227 return;
10228
10229 /* ADV_MONITOR_DEVICE_FOUND is similar to DEVICE_FOUND event except
10230 * that it also has 'monitor_handle'. Make a copy of DEVICE_FOUND and
10231 * store monitor_handle of the matched monitor.
10232 */
10233 monitor_handle = skb_put(advmon_skb, sizeof(*monitor_handle));
10234 *monitor_handle = cpu_to_le16(handle);
10235 skb_put_data(advmon_skb, skb->data, skb->len);
10236
10237 mgmt_event_skb(advmon_skb, skip_sk);
10238}
10239
8d7f1677
MM		 10240static void mgmt_adv_monitor_device_found(struct hci_dev *hdev,
10241 bdaddr_t *bdaddr, bool report_device,
10242 struct sk_buff *skb,
10243 struct sock *skip_sk)
10244{
8d7f1677
MM		 10245 struct monitored_device *dev, *tmp;
10246 bool matched = false;
ff39fc1b 10247 bool notified = false;
8d7f1677
MM		 10248
10249 /* We have received the Advertisement Report because:
10250 * 1. the kernel has initiated active discovery
10251 * 2. if not, we have pend_le_reports > 0 in which case we are doing
10252 * passive scanning
10253 * 3. if none of the above is true, we have one or more active
10254 * Advertisement Monitor
10255 *
10256 * For case 1 and 2, report all advertisements via MGMT_EV_DEVICE_FOUND
10257 * and report ONLY one advertisement per device for the matched Monitor
10258 * via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
10259 *
10260 * For case 3, since we are not active scanning and all advertisements
10261 * received are due to a matched Advertisement Monitor, report all
10262 * advertisements ONLY via MGMT_EV_ADV_MONITOR_DEVICE_FOUND event.
10263 */
10264 if (report_device && !hdev->advmon_pend_notify) {
10265 mgmt_event_skb(skb, skip_sk);
10266 return;
10267 }
10268
8d7f1677
MM		 10269 hdev->advmon_pend_notify = false;
10270
10271 list_for_each_entry_safe(dev, tmp, &hdev->monitored_devices, list) {
10272 if (!bacmp(&dev->bdaddr, bdaddr)) {
10273 matched = true;
10274
10275 if (!dev->notified) {
ff39fc1b
MM		 10276 mgmt_send_adv_monitor_device_found(hdev, skb,
10277 skip_sk,
10278 dev->handle);
10279 notified = true;
8d7f1677
MM		 10280 dev->notified = true;
10281 }
10282 }
10283
10284 if (!dev->notified)
10285 hdev->advmon_pend_notify = true;
10286 }
10287
10288 if (!report_device &&
ff39fc1b 10289 ((matched && !notified) || !msft_monitor_supported(hdev))) {
8d7f1677
MM		 10290 /* Handle 0 indicates that we are not active scanning and this
10291 * is a subsequent advertisement report for an already matched
10292 * Advertisement Monitor or the controller offloading support
10293 * is not available.
10294 */
ff39fc1b 10295 mgmt_send_adv_monitor_device_found(hdev, skb, skip_sk, 0);
8d7f1677
MM		 10296 }
10297
10298 if (report_device)
10299 mgmt_event_skb(skb, skip_sk);
10300 else
10301 kfree_skb(skb);
8d7f1677
MM		 10302}
10303
b338d917
BG		 10304static void mesh_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr,
10305 u8 addr_type, s8 rssi, u32 flags, u8 *eir,
10306 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
10307 u64 instant)
10308{
10309 struct sk_buff *skb;
10310 struct mgmt_ev_mesh_device_found *ev;
10311 int i, j;
10312
10313 if (!hdev->mesh_ad_types[0])
10314 goto accepted;
10315
10316 /* Scan for requested AD types */
10317 if (eir_len > 0) {
10318 for (i = 0; i + 1 < eir_len; i += eir[i] + 1) {
10319 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
10320 if (!hdev->mesh_ad_types[j])
10321 break;
10322
10323 if (hdev->mesh_ad_types[j] == eir[i + 1])
10324 goto accepted;
10325 }
10326 }
10327 }
10328
10329 if (scan_rsp_len > 0) {
10330 for (i = 0; i + 1 < scan_rsp_len; i += scan_rsp[i] + 1) {
10331 for (j = 0; j < sizeof(hdev->mesh_ad_types); j++) {
10332 if (!hdev->mesh_ad_types[j])
10333 break;
10334
10335 if (hdev->mesh_ad_types[j] == scan_rsp[i + 1])
10336 goto accepted;
10337 }
10338 }
10339 }
10340
10341 return;
10342
10343accepted:
10344 skb = mgmt_alloc_skb(hdev, MGMT_EV_MESH_DEVICE_FOUND,
10345 sizeof(*ev) + eir_len + scan_rsp_len);
10346 if (!skb)
10347 return;
10348
10349 ev = skb_put(skb, sizeof(*ev));
10350
10351 bacpy(&ev->addr.bdaddr, bdaddr);
10352 ev->addr.type = link_to_bdaddr(LE_LINK, addr_type);
10353 ev->rssi = rssi;
10354 ev->flags = cpu_to_le32(flags);
10355 ev->instant = cpu_to_le64(instant);
10356
10357 if (eir_len > 0)
10358 /* Copy EIR or advertising data into event */
10359 skb_put_data(skb, eir, eir_len);
10360
10361 if (scan_rsp_len > 0)
10362 /* Append scan response data to event */
10363 skb_put_data(skb, scan_rsp, scan_rsp_len);
10364
10365 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
10366
10367 mgmt_event_skb(skb, NULL);
10368}
10369
48f86b7f
JP		 10370void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
10371 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
b338d917
BG		 10372 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len,
10373 u64 instant)
48f86b7f 10374{
cf1bce1d
LAD		 10375 struct sk_buff *skb;
10376 struct mgmt_ev_device_found *ev;
8d7f1677 10377 bool report_device = hci_discovery_active(hdev);
48f86b7f 10378
b338d917
BG		 10379 if (hci_dev_test_flag(hdev, HCI_MESH) && link_type == LE_LINK)
10380 mesh_device_found(hdev, bdaddr, addr_type, rssi, flags,
10381 eir, eir_len, scan_rsp, scan_rsp_len,
10382 instant);
10383
48f86b7f
JP		 10384 /* Don't send events for a non-kernel initiated discovery. With
10385 * LE one exception is if we have pend_le_reports > 0 in which
10386 * case we're doing passive scanning and want these events.
10387 */
10388 if (!hci_discovery_active(hdev)) {
10389 if (link_type == ACL_LINK)
10390 return;
8d7f1677
MM		 10391 if (link_type == LE_LINK && !list_empty(&hdev->pend_le_reports))
10392 report_device = true;
10393 else if (!hci_is_adv_monitoring(hdev))
48f86b7f
JP		 10394 return;
10395 }
10396
82f8b651 10397 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 10398 /* We are using service discovery */
10399 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
10400 scan_rsp_len))
10401 return;
10402 }
10403
78b781ca
JH		 10404 if (hdev->discovery.limited) {
10405 /* Check for limited discoverable bit */
10406 if (dev_class) {
10407 if (!(dev_class[1] & 0x20))
10408 return;
10409 } else {
10410 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
10411 if (!flags || !(flags[0] & LE_AD_LIMITED))
10412 return;
10413 }
10414 }
10415
cf1bce1d
LAD		 10416 /* Allocate skb. The 5 extra bytes are for the potential CoD field */
10417 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
10418 sizeof(*ev) + eir_len + scan_rsp_len + 5);
10419 if (!skb)
4b0e0ced
JP		 10420 return;
10421
cf1bce1d 10422 ev = skb_put(skb, sizeof(*ev));
48f86b7f
JP		 10423
10424 /* In case of device discovery with BR/EDR devices (pre 1.2), the
10425 * RSSI value was reported as 0 when not available. This behavior
10426 * is kept when using device discovery. This is required for full
10427 * backwards compatibility with the API.
10428 *
10429 * However when using service discovery, the value 127 will be
10430 * returned when the RSSI is not available.
10431 */
10432 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
10433 link_type == ACL_LINK)
10434 rssi = 0;
10435
10436 bacpy(&ev->addr.bdaddr, bdaddr);
10437 ev->addr.type = link_to_bdaddr(link_type, addr_type);
10438 ev->rssi = rssi;
10439 ev->flags = cpu_to_le32(flags);
10440
10441 if (eir_len > 0)
10442 /* Copy EIR or advertising data into event */
cf1bce1d
LAD		 10443 skb_put_data(skb, eir, eir_len);
10444
10445 if (dev_class && !eir_get_data(eir, eir_len, EIR_CLASS_OF_DEV, NULL)) {
10446 u8 eir_cod[5];
48f86b7f 10447
cf1bce1d
LAD		 10448 eir_len += eir_append_data(eir_cod, 0, EIR_CLASS_OF_DEV,
10449 dev_class, 3);
10450 skb_put_data(skb, eir_cod, sizeof(eir_cod));
10451 }
48f86b7f
JP		 10452
10453 if (scan_rsp_len > 0)
10454 /* Append scan response data to event */
cf1bce1d 10455 skb_put_data(skb, scan_rsp, scan_rsp_len);
48f86b7f 10456
5d2e9fad 10457 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
f8523598 10458
8d7f1677 10459 mgmt_adv_monitor_device_found(hdev, bdaddr, report_device, skb, NULL);
e17acd40 10460}
a88a9652 10461
9cf12aee
MH		 10462void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
10463 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 10464{
cf1bce1d 10465 struct sk_buff *skb;
b644ba33 10466 struct mgmt_ev_device_found *ev;
ba17bb62
RB		 10467 u16 eir_len = 0;
10468 u32 flags = 0;
a88a9652 10469
ba17bb62
RB		 10470 skb = mgmt_alloc_skb(hdev, MGMT_EV_DEVICE_FOUND,
10471 sizeof(*ev) + (name ? eir_precalc_len(name_len) : 0));
b644ba33 10472
cf1bce1d 10473 ev = skb_put(skb, sizeof(*ev));
b644ba33 10474 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 10475 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 10476 ev->rssi = rssi;
10477
c2b2a1a7
RB		 10478 if (name)
10479 eir_len += eir_skb_put_data(skb, EIR_NAME_COMPLETE, name, name_len);
10480 else
ea13aed5 10481 flags = MGMT_DEV_FOUND_NAME_REQUEST_FAILED;
b644ba33 10482
eb55ef07 10483 ev->eir_len = cpu_to_le16(eir_len);
ea13aed5 10484 ev->flags = cpu_to_le32(flags);
a88a9652 10485
cf1bce1d 10486 mgmt_event_skb(skb, NULL);
a88a9652 10487}
314b2381 10488
2f1e063b 10489void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 10490{
f963e8e9 10491 struct mgmt_ev_discovering ev;
164a6e78 10492
181d6953 10493 bt_dev_dbg(hdev, "discovering %u", discovering);
343fb145 10494
f963e8e9
JH		 10495 memset(&ev, 0, sizeof(ev));
10496 ev.type = hdev->discovery.type;
10497 ev.discovering = discovering;
10498
2f1e063b 10499 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 10500}
5e762444 10501
346ce5b7
APS		 10502void mgmt_suspending(struct hci_dev *hdev, u8 state)
10503{
10504 struct mgmt_ev_controller_suspend ev;
10505
10506 ev.suspend_state = state;
10507 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
10508}
10509
10510void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
10511 u8 addr_type)
10512{
10513 struct mgmt_ev_controller_resume ev;
10514
10515 ev.wake_reason = reason;
10516 if (bdaddr) {
10517 bacpy(&ev.addr.bdaddr, bdaddr);
10518 ev.addr.type = addr_type;
10519 } else {
10520 memset(&ev.addr, 0, sizeof(ev.addr));
10521 }
10522
10523 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
10524}
10525
6d785aa3
JH		 10526static struct hci_mgmt_chan chan = {
10527 .channel = HCI_CHANNEL_CONTROL,
10528 .handler_count = ARRAY_SIZE(mgmt_handlers),
10529 .handlers = mgmt_handlers,
88b94ce9 10530 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 10531};
10532
10533int mgmt_init(void)
10534{
10535 return hci_mgmt_chan_register(&chan);
10536}
10537
10538void mgmt_exit(void)
10539{
10540 hci_mgmt_chan_unregister(&chan);
10541}
b338d917
BG		 10542
10543void mgmt_cleanup(struct sock *sk)
10544{
10545 struct mgmt_mesh_tx *mesh_tx;
10546 struct hci_dev *hdev;
10547
10548 read_lock(&hci_dev_list_lock);
10549
10550 list_for_each_entry(hdev, &hci_dev_list, list) {
10551 do {
10552 mesh_tx = mgmt_mesh_next(hdev, sk);
10553
10554 if (mesh_tx)
10555 mesh_send_complete(hdev, mesh_tx, true);
10556 } while (mesh_tx);
10557 }
10558
10559 read_unlock(&hci_dev_list_lock);
10560}
Linux 6.x block layer and io_uring tree(s)