projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bluetooth: hci_sync: Convert MGMT_OP_START_DISCOVERY
[linux-block.git] / net / bluetooth / mgmt.c
CommitLineData
0381101f
JH		 1/*
2 BlueZ - Bluetooth protocol stack for Linux
ea585ab5 3
0381101f 4 Copyright (C) 2010 Nokia Corporation
ea585ab5 5 Copyright (C) 2011-2012 Intel Corporation
0381101f
JH		 6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License version 2 as
9 published by the Free Software Foundation;
10
11 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
12 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
14 IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
15 CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
16 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19
20 ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
21 COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
22 SOFTWARE IS DISCLAIMED.
23*/
24
25/* Bluetooth HCI Management interface */
26
3a9a231d 27#include <linux/module.h>
0381101f
JH		 28#include <asm/unaligned.h>
29
30#include <net/bluetooth/bluetooth.h>
31#include <net/bluetooth/hci_core.h>
7129069e 32#include <net/bluetooth/hci_sock.h>
4bc58f51 33#include <net/bluetooth/l2cap.h>
0381101f 34#include <net/bluetooth/mgmt.h>
ac4b7236 35
0857dd3b 36#include "hci_request.h"
ac4b7236 37#include "smp.h"
a380b6cf 38#include "mgmt_util.h"
17896406 39#include "mgmt_config.h"
e5e1e7fd 40#include "msft.h"
01ce70b0 41#include "eir.h"
0381101f 42
2da9c55c 43#define MGMT_VERSION 1
43e59cb7 44#define MGMT_REVISION 21
02d98129 45
e70bb2e8
JH		 46static const u16 mgmt_commands[] = {
47 MGMT_OP_READ_INDEX_LIST,
48 MGMT_OP_READ_INFO,
49 MGMT_OP_SET_POWERED,
50 MGMT_OP_SET_DISCOVERABLE,
51 MGMT_OP_SET_CONNECTABLE,
52 MGMT_OP_SET_FAST_CONNECTABLE,
b2939475 53 MGMT_OP_SET_BONDABLE,
e70bb2e8
JH		 54 MGMT_OP_SET_LINK_SECURITY,
55 MGMT_OP_SET_SSP,
56 MGMT_OP_SET_HS,
57 MGMT_OP_SET_LE,
58 MGMT_OP_SET_DEV_CLASS,
59 MGMT_OP_SET_LOCAL_NAME,
60 MGMT_OP_ADD_UUID,
61 MGMT_OP_REMOVE_UUID,
62 MGMT_OP_LOAD_LINK_KEYS,
63 MGMT_OP_LOAD_LONG_TERM_KEYS,
64 MGMT_OP_DISCONNECT,
65 MGMT_OP_GET_CONNECTIONS,
66 MGMT_OP_PIN_CODE_REPLY,
67 MGMT_OP_PIN_CODE_NEG_REPLY,
68 MGMT_OP_SET_IO_CAPABILITY,
69 MGMT_OP_PAIR_DEVICE,
70 MGMT_OP_CANCEL_PAIR_DEVICE,
71 MGMT_OP_UNPAIR_DEVICE,
72 MGMT_OP_USER_CONFIRM_REPLY,
73 MGMT_OP_USER_CONFIRM_NEG_REPLY,
74 MGMT_OP_USER_PASSKEY_REPLY,
75 MGMT_OP_USER_PASSKEY_NEG_REPLY,
76 MGMT_OP_READ_LOCAL_OOB_DATA,
77 MGMT_OP_ADD_REMOTE_OOB_DATA,
78 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
79 MGMT_OP_START_DISCOVERY,
80 MGMT_OP_STOP_DISCOVERY,
81 MGMT_OP_CONFIRM_NAME,
82 MGMT_OP_BLOCK_DEVICE,
83 MGMT_OP_UNBLOCK_DEVICE,
cdbaccca 84 MGMT_OP_SET_DEVICE_ID,
4375f103 85 MGMT_OP_SET_ADVERTISING,
0663ca2a 86 MGMT_OP_SET_BREDR,
d13eafce 87 MGMT_OP_SET_STATIC_ADDRESS,
7f72134e 88 MGMT_OP_SET_SCAN_PARAMS,
e98d2ce2 89 MGMT_OP_SET_SECURE_CONN,
4e39ac81 90 MGMT_OP_SET_DEBUG_KEYS,
62b04cd1 91 MGMT_OP_SET_PRIVACY,
41edf160 92 MGMT_OP_LOAD_IRKS,
dd983808 93 MGMT_OP_GET_CONN_INFO,
95868426 94 MGMT_OP_GET_CLOCK_INFO,
2faade53
MH		 95 MGMT_OP_ADD_DEVICE,
96 MGMT_OP_REMOVE_DEVICE,
a26f3dcf 97 MGMT_OP_LOAD_CONN_PARAM,
73d1df2a 98 MGMT_OP_READ_UNCONF_INDEX_LIST,
9fc3bfb6 99 MGMT_OP_READ_CONFIG_INFO,
dbece37a 100 MGMT_OP_SET_EXTERNAL_CONFIG,
9713c17b 101 MGMT_OP_SET_PUBLIC_ADDRESS,
66ea9427 102 MGMT_OP_START_SERVICE_DISCOVERY,
4f0f155c 103 MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
96f1474a 104 MGMT_OP_READ_EXT_INDEX_LIST,
d3d5305b 105 MGMT_OP_READ_ADV_FEATURES,
24b4f38f 106 MGMT_OP_ADD_ADVERTISING,
da929335 107 MGMT_OP_REMOVE_ADVERTISING,
40b25fe5 108 MGMT_OP_GET_ADV_SIZE_INFO,
78b781ca 109 MGMT_OP_START_LIMITED_DISCOVERY,
321c6fee 110 MGMT_OP_READ_EXT_INFO,
c4960ecf 111 MGMT_OP_SET_APPEARANCE,
02431b6c
MH		 112 MGMT_OP_GET_PHY_CONFIGURATION,
113 MGMT_OP_SET_PHY_CONFIGURATION,
600a8749 114 MGMT_OP_SET_BLOCKED_KEYS,
00bce3fb 115 MGMT_OP_SET_WIDEBAND_SPEECH,
4d9b9528 116 MGMT_OP_READ_CONTROLLER_CAP,
a10c907c
MH		 117 MGMT_OP_READ_EXP_FEATURES_INFO,
118 MGMT_OP_SET_EXP_FEATURE,
17896406
AM		 119 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
120 MGMT_OP_SET_DEF_SYSTEM_CONFIG,
aececa64
MH		 121 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
122 MGMT_OP_SET_DEF_RUNTIME_CONFIG,
4c54bf2b
APS		 123 MGMT_OP_GET_DEVICE_FLAGS,
124 MGMT_OP_SET_DEVICE_FLAGS,
e5e1e7fd 125 MGMT_OP_READ_ADV_MONITOR_FEATURES,
b139553d 126 MGMT_OP_ADD_ADV_PATTERNS_MONITOR,
bd2fbc6c 127 MGMT_OP_REMOVE_ADV_MONITOR,
12410572
DW		 128 MGMT_OP_ADD_EXT_ADV_PARAMS,
129 MGMT_OP_ADD_EXT_ADV_DATA,
b4a221ea 130 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI,
e70bb2e8
JH		 131};
132
133static const u16 mgmt_events[] = {
134 MGMT_EV_CONTROLLER_ERROR,
135 MGMT_EV_INDEX_ADDED,
136 MGMT_EV_INDEX_REMOVED,
137 MGMT_EV_NEW_SETTINGS,
138 MGMT_EV_CLASS_OF_DEV_CHANGED,
139 MGMT_EV_LOCAL_NAME_CHANGED,
140 MGMT_EV_NEW_LINK_KEY,
141 MGMT_EV_NEW_LONG_TERM_KEY,
142 MGMT_EV_DEVICE_CONNECTED,
143 MGMT_EV_DEVICE_DISCONNECTED,
144 MGMT_EV_CONNECT_FAILED,
145 MGMT_EV_PIN_CODE_REQUEST,
146 MGMT_EV_USER_CONFIRM_REQUEST,
147 MGMT_EV_USER_PASSKEY_REQUEST,
148 MGMT_EV_AUTH_FAILED,
149 MGMT_EV_DEVICE_FOUND,
150 MGMT_EV_DISCOVERING,
151 MGMT_EV_DEVICE_BLOCKED,
152 MGMT_EV_DEVICE_UNBLOCKED,
153 MGMT_EV_DEVICE_UNPAIRED,
92a25256 154 MGMT_EV_PASSKEY_NOTIFY,
1b60ef21 155 MGMT_EV_NEW_IRK,
7ee4ea36 156 MGMT_EV_NEW_CSRK,
8afef092
MH		 157 MGMT_EV_DEVICE_ADDED,
158 MGMT_EV_DEVICE_REMOVED,
ffb5a827 159 MGMT_EV_NEW_CONN_PARAM,
0602a8ad 160 MGMT_EV_UNCONF_INDEX_ADDED,
edd3896b 161 MGMT_EV_UNCONF_INDEX_REMOVED,
f4537c04 162 MGMT_EV_NEW_CONFIG_OPTIONS,
ced85549
MH		 163 MGMT_EV_EXT_INDEX_ADDED,
164 MGMT_EV_EXT_INDEX_REMOVED,
72000df2 165 MGMT_EV_LOCAL_OOB_DATA_UPDATED,
24b4f38f
AU		 166 MGMT_EV_ADVERTISING_ADDED,
167 MGMT_EV_ADVERTISING_REMOVED,
321c6fee 168 MGMT_EV_EXT_INFO_CHANGED,
5f4b9172 169 MGMT_EV_PHY_CONFIGURATION_CHANGED,
a10c907c 170 MGMT_EV_EXP_FEATURE_CHANGED,
4c54bf2b 171 MGMT_EV_DEVICE_FLAGS_CHANGED,
3d34a71f
MH		 172 MGMT_EV_ADV_MONITOR_ADDED,
173 MGMT_EV_ADV_MONITOR_REMOVED,
346ce5b7
APS		 174 MGMT_EV_CONTROLLER_SUSPEND,
175 MGMT_EV_CONTROLLER_RESUME,
e70bb2e8
JH		 176};
177
99c679ac
MH		 178static const u16 mgmt_untrusted_commands[] = {
179 MGMT_OP_READ_INDEX_LIST,
180 MGMT_OP_READ_INFO,
181 MGMT_OP_READ_UNCONF_INDEX_LIST,
182 MGMT_OP_READ_CONFIG_INFO,
183 MGMT_OP_READ_EXT_INDEX_LIST,
321c6fee 184 MGMT_OP_READ_EXT_INFO,
4d9b9528 185 MGMT_OP_READ_CONTROLLER_CAP,
a10c907c 186 MGMT_OP_READ_EXP_FEATURES_INFO,
17896406 187 MGMT_OP_READ_DEF_SYSTEM_CONFIG,
aececa64 188 MGMT_OP_READ_DEF_RUNTIME_CONFIG,
99c679ac
MH		 189};
190
191static const u16 mgmt_untrusted_events[] = {
192 MGMT_EV_INDEX_ADDED,
193 MGMT_EV_INDEX_REMOVED,
194 MGMT_EV_NEW_SETTINGS,
195 MGMT_EV_CLASS_OF_DEV_CHANGED,
196 MGMT_EV_LOCAL_NAME_CHANGED,
197 MGMT_EV_UNCONF_INDEX_ADDED,
198 MGMT_EV_UNCONF_INDEX_REMOVED,
199 MGMT_EV_NEW_CONFIG_OPTIONS,
200 MGMT_EV_EXT_INDEX_ADDED,
201 MGMT_EV_EXT_INDEX_REMOVED,
321c6fee 202 MGMT_EV_EXT_INFO_CHANGED,
a10c907c 203 MGMT_EV_EXP_FEATURE_CHANGED,
99c679ac
MH		 204};
205
17b02e62 206#define CACHE_TIMEOUT msecs_to_jiffies(2 * 1000)
7d78525d 207
d25b78e2
JH		 208#define ZERO_KEY "\x00\x00\x00\x00\x00\x00\x00\x00" \
209 "\x00\x00\x00\x00\x00\x00\x00\x00"
210
ca69b795 211/* HCI to MGMT error code conversion table */
bdf2aca7 212static const u8 mgmt_status_table[] = {
ca69b795
JH		 213 MGMT_STATUS_SUCCESS,
214 MGMT_STATUS_UNKNOWN_COMMAND, /* Unknown Command */
215 MGMT_STATUS_NOT_CONNECTED, /* No Connection */
216 MGMT_STATUS_FAILED, /* Hardware Failure */
217 MGMT_STATUS_CONNECT_FAILED, /* Page Timeout */
218 MGMT_STATUS_AUTH_FAILED, /* Authentication Failed */
eadd663a 219 MGMT_STATUS_AUTH_FAILED, /* PIN or Key Missing */
ca69b795
JH		 220 MGMT_STATUS_NO_RESOURCES, /* Memory Full */
221 MGMT_STATUS_TIMEOUT, /* Connection Timeout */
222 MGMT_STATUS_NO_RESOURCES, /* Max Number of Connections */
223 MGMT_STATUS_NO_RESOURCES, /* Max Number of SCO Connections */
224 MGMT_STATUS_ALREADY_CONNECTED, /* ACL Connection Exists */
225 MGMT_STATUS_BUSY, /* Command Disallowed */
226 MGMT_STATUS_NO_RESOURCES, /* Rejected Limited Resources */
227 MGMT_STATUS_REJECTED, /* Rejected Security */
228 MGMT_STATUS_REJECTED, /* Rejected Personal */
229 MGMT_STATUS_TIMEOUT, /* Host Timeout */
230 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Feature */
231 MGMT_STATUS_INVALID_PARAMS, /* Invalid Parameters */
232 MGMT_STATUS_DISCONNECTED, /* OE User Ended Connection */
233 MGMT_STATUS_NO_RESOURCES, /* OE Low Resources */
234 MGMT_STATUS_DISCONNECTED, /* OE Power Off */
235 MGMT_STATUS_DISCONNECTED, /* Connection Terminated */
236 MGMT_STATUS_BUSY, /* Repeated Attempts */
237 MGMT_STATUS_REJECTED, /* Pairing Not Allowed */
238 MGMT_STATUS_FAILED, /* Unknown LMP PDU */
239 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported Remote Feature */
240 MGMT_STATUS_REJECTED, /* SCO Offset Rejected */
241 MGMT_STATUS_REJECTED, /* SCO Interval Rejected */
242 MGMT_STATUS_REJECTED, /* Air Mode Rejected */
243 MGMT_STATUS_INVALID_PARAMS, /* Invalid LMP Parameters */
244 MGMT_STATUS_FAILED, /* Unspecified Error */
245 MGMT_STATUS_NOT_SUPPORTED, /* Unsupported LMP Parameter Value */
246 MGMT_STATUS_FAILED, /* Role Change Not Allowed */
247 MGMT_STATUS_TIMEOUT, /* LMP Response Timeout */
248 MGMT_STATUS_FAILED, /* LMP Error Transaction Collision */
249 MGMT_STATUS_FAILED, /* LMP PDU Not Allowed */
250 MGMT_STATUS_REJECTED, /* Encryption Mode Not Accepted */
251 MGMT_STATUS_FAILED, /* Unit Link Key Used */
252 MGMT_STATUS_NOT_SUPPORTED, /* QoS Not Supported */
253 MGMT_STATUS_TIMEOUT, /* Instant Passed */
254 MGMT_STATUS_NOT_SUPPORTED, /* Pairing Not Supported */
255 MGMT_STATUS_FAILED, /* Transaction Collision */
4ef36a52 256 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795
JH		 257 MGMT_STATUS_INVALID_PARAMS, /* Unacceptable Parameter */
258 MGMT_STATUS_REJECTED, /* QoS Rejected */
259 MGMT_STATUS_NOT_SUPPORTED, /* Classification Not Supported */
260 MGMT_STATUS_REJECTED, /* Insufficient Security */
261 MGMT_STATUS_INVALID_PARAMS, /* Parameter Out Of Range */
4ef36a52 262 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795 263 MGMT_STATUS_BUSY, /* Role Switch Pending */
4ef36a52 264 MGMT_STATUS_FAILED, /* Reserved for future use */
ca69b795
JH		 265 MGMT_STATUS_FAILED, /* Slot Violation */
266 MGMT_STATUS_FAILED, /* Role Switch Failed */
267 MGMT_STATUS_INVALID_PARAMS, /* EIR Too Large */
268 MGMT_STATUS_NOT_SUPPORTED, /* Simple Pairing Not Supported */
269 MGMT_STATUS_BUSY, /* Host Busy Pairing */
270 MGMT_STATUS_REJECTED, /* Rejected, No Suitable Channel */
271 MGMT_STATUS_BUSY, /* Controller Busy */
272 MGMT_STATUS_INVALID_PARAMS, /* Unsuitable Connection Interval */
273 MGMT_STATUS_TIMEOUT, /* Directed Advertising Timeout */
274 MGMT_STATUS_AUTH_FAILED, /* Terminated Due to MIC Failure */
275 MGMT_STATUS_CONNECT_FAILED, /* Connection Establishment Failed */
276 MGMT_STATUS_CONNECT_FAILED, /* MAC Connection Failed */
277};
278
161510cc 279static u8 mgmt_errno_status(int err)
ca69b795 280{
161510cc
LAD		 281 switch (err) {
282 case 0:
283 return MGMT_STATUS_SUCCESS;
284 case -EPERM:
285 return MGMT_STATUS_REJECTED;
286 case -EINVAL:
287 return MGMT_STATUS_INVALID_PARAMS;
288 case -EOPNOTSUPP:
289 return MGMT_STATUS_NOT_SUPPORTED;
290 case -EBUSY:
291 return MGMT_STATUS_BUSY;
292 case -ETIMEDOUT:
293 return MGMT_STATUS_AUTH_FAILED;
294 case -ENOMEM:
295 return MGMT_STATUS_NO_RESOURCES;
296 case -EISCONN:
297 return MGMT_STATUS_ALREADY_CONNECTED;
298 case -ENOTCONN:
299 return MGMT_STATUS_DISCONNECTED;
300 }
301
302 return MGMT_STATUS_FAILED;
303}
304
305static u8 mgmt_status(int err)
306{
307 if (err < 0)
308 return mgmt_errno_status(err);
309
310 if (err < ARRAY_SIZE(mgmt_status_table))
311 return mgmt_status_table[err];
ca69b795
JH		 312
313 return MGMT_STATUS_FAILED;
314}
315
c08b1a1d
MH		 316static int mgmt_index_event(u16 event, struct hci_dev *hdev, void *data,
317 u16 len, int flag)
f9207338 318{
c08b1a1d
MH		 319 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
320 flag, NULL);
f9207338
MH		 321}
322
72000df2
MH		 323static int mgmt_limited_event(u16 event, struct hci_dev *hdev, void *data,
324 u16 len, int flag, struct sock *skip_sk)
325{
326 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
327 flag, skip_sk);
328}
329
7a00ff44
JH		 330static int mgmt_event(u16 event, struct hci_dev *hdev, void *data, u16 len,
331 struct sock *skip_sk)
332{
333 return mgmt_send_event(event, hdev, HCI_CHANNEL_CONTROL, data, len,
c08b1a1d 334 HCI_SOCK_TRUSTED, skip_sk);
7a00ff44
JH		 335}
336
85813a7e
JH		 337static u8 le_addr_type(u8 mgmt_addr_type)
338{
339 if (mgmt_addr_type == BDADDR_LE_PUBLIC)
340 return ADDR_LE_DEV_PUBLIC;
341 else
342 return ADDR_LE_DEV_RANDOM;
343}
344
03c979c4
MH		 345void mgmt_fill_version_info(void *ver)
346{
347 struct mgmt_rp_read_version *rp = ver;
348
349 rp->version = MGMT_VERSION;
350 rp->revision = cpu_to_le16(MGMT_REVISION);
351}
352
04124681
GP		 353static int read_version(struct sock *sk, struct hci_dev *hdev, void *data,
354 u16 data_len)
a38528f1
JH		 355{
356 struct mgmt_rp_read_version rp;
357
181d6953 358 bt_dev_dbg(hdev, "sock %p", sk);
a38528f1 359
03c979c4 360 mgmt_fill_version_info(&rp);
a38528f1 361
2a1afb5a
JH		 362 return mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_VERSION, 0,
363 &rp, sizeof(rp));
a38528f1
JH		 364}
365
04124681
GP		 366static int read_commands(struct sock *sk, struct hci_dev *hdev, void *data,
367 u16 data_len)
e70bb2e8
JH		 368{
369 struct mgmt_rp_read_commands *rp;
99c679ac 370 u16 num_commands, num_events;
e70bb2e8
JH		 371 size_t rp_size;
372 int i, err;
373
181d6953 374 bt_dev_dbg(hdev, "sock %p", sk);
e70bb2e8 375
99c679ac
MH		 376 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
377 num_commands = ARRAY_SIZE(mgmt_commands);
378 num_events = ARRAY_SIZE(mgmt_events);
379 } else {
380 num_commands = ARRAY_SIZE(mgmt_untrusted_commands);
381 num_events = ARRAY_SIZE(mgmt_untrusted_events);
382 }
383
e70bb2e8
JH		 384 rp_size = sizeof(*rp) + ((num_commands + num_events) * sizeof(u16));
385
386 rp = kmalloc(rp_size, GFP_KERNEL);
387 if (!rp)
388 return -ENOMEM;
389
dcf4adbf
JP		 390 rp->num_commands = cpu_to_le16(num_commands);
391 rp->num_events = cpu_to_le16(num_events);
e70bb2e8 392
99c679ac
MH		 393 if (hci_sock_test_flag(sk, HCI_SOCK_TRUSTED)) {
394 __le16 *opcode = rp->opcodes;
395
396 for (i = 0; i < num_commands; i++, opcode++)
397 put_unaligned_le16(mgmt_commands[i], opcode);
e70bb2e8 398
99c679ac
MH		 399 for (i = 0; i < num_events; i++, opcode++)
400 put_unaligned_le16(mgmt_events[i], opcode);
401 } else {
402 __le16 *opcode = rp->opcodes;
403
404 for (i = 0; i < num_commands; i++, opcode++)
405 put_unaligned_le16(mgmt_untrusted_commands[i], opcode);
406
407 for (i = 0; i < num_events; i++, opcode++)
408 put_unaligned_le16(mgmt_untrusted_events[i], opcode);
409 }
e70bb2e8 410
2a1afb5a
JH		 411 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_COMMANDS, 0,
412 rp, rp_size);
e70bb2e8
JH		 413 kfree(rp);
414
415 return err;
416}
417
04124681
GP		 418static int read_index_list(struct sock *sk, struct hci_dev *hdev, void *data,
419 u16 data_len)
faba42eb 420{
faba42eb 421 struct mgmt_rp_read_index_list *rp;
8035ded4 422 struct hci_dev *d;
a38528f1 423 size_t rp_len;
faba42eb 424 u16 count;
476e44cb 425 int err;
faba42eb 426
181d6953 427 bt_dev_dbg(hdev, "sock %p", sk);
faba42eb
JH		 428
429 read_lock(&hci_dev_list_lock);
430
431 count = 0;
bb4b2a9a 432 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 433 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 434 !hci_dev_test_flag(d, HCI_UNCONFIGURED))
1514b892 435 count++;
faba42eb
JH		 436 }
437
a38528f1
JH		 438 rp_len = sizeof(*rp) + (2 * count);
439 rp = kmalloc(rp_len, GFP_ATOMIC);
440 if (!rp) {
b2c60d42 441 read_unlock(&hci_dev_list_lock);
faba42eb 442 return -ENOMEM;
b2c60d42 443 }
faba42eb 444
476e44cb 445 count = 0;
8035ded4 446 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 447 if (hci_dev_test_flag(d, HCI_SETUP) ||
448 hci_dev_test_flag(d, HCI_CONFIG) ||
449 hci_dev_test_flag(d, HCI_USER_CHANNEL))
ab81cbf9
JH		 450 continue;
451
73d1df2a
MH		 452 /* Devices marked as raw-only are neither configured
453 * nor unconfigured controllers.
454 */
455 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
fee746b0
MH		 456 continue;
457
ca8bee5d 458 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 459 !hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
1514b892 460 rp->index[count++] = cpu_to_le16(d->id);
181d6953 461 bt_dev_dbg(hdev, "Added hci%u", d->id);
1514b892 462 }
faba42eb
JH		 463 }
464
476e44cb
JH		 465 rp->num_controllers = cpu_to_le16(count);
466 rp_len = sizeof(*rp) + (2 * count);
467
faba42eb
JH		 468 read_unlock(&hci_dev_list_lock);
469
2a1afb5a
JH		 470 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE, MGMT_OP_READ_INDEX_LIST,
471 0, rp, rp_len);
faba42eb 472
a38528f1
JH		 473 kfree(rp);
474
475 return err;
faba42eb
JH		 476}
477
73d1df2a
MH		 478static int read_unconf_index_list(struct sock *sk, struct hci_dev *hdev,
479 void *data, u16 data_len)
480{
481 struct mgmt_rp_read_unconf_index_list *rp;
482 struct hci_dev *d;
483 size_t rp_len;
484 u16 count;
485 int err;
486
181d6953 487 bt_dev_dbg(hdev, "sock %p", sk);
73d1df2a
MH		 488
489 read_lock(&hci_dev_list_lock);
490
491 count = 0;
492 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 493 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 494 hci_dev_test_flag(d, HCI_UNCONFIGURED))
73d1df2a
MH		 495 count++;
496 }
497
498 rp_len = sizeof(*rp) + (2 * count);
499 rp = kmalloc(rp_len, GFP_ATOMIC);
500 if (!rp) {
501 read_unlock(&hci_dev_list_lock);
502 return -ENOMEM;
503 }
504
505 count = 0;
506 list_for_each_entry(d, &hci_dev_list, list) {
d7a5a11d
MH		 507 if (hci_dev_test_flag(d, HCI_SETUP) ||
508 hci_dev_test_flag(d, HCI_CONFIG) ||
509 hci_dev_test_flag(d, HCI_USER_CHANNEL))
73d1df2a
MH		 510 continue;
511
512 /* Devices marked as raw-only are neither configured
513 * nor unconfigured controllers.
514 */
515 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
516 continue;
517
ca8bee5d 518 if (d->dev_type == HCI_PRIMARY &&
d7a5a11d 519 hci_dev_test_flag(d, HCI_UNCONFIGURED)) {
73d1df2a 520 rp->index[count++] = cpu_to_le16(d->id);
181d6953 521 bt_dev_dbg(hdev, "Added hci%u", d->id);
73d1df2a
MH		 522 }
523 }
524
525 rp->num_controllers = cpu_to_le16(count);
526 rp_len = sizeof(*rp) + (2 * count);
527
528 read_unlock(&hci_dev_list_lock);
529
2a1afb5a
JH		 530 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
531 MGMT_OP_READ_UNCONF_INDEX_LIST, 0, rp, rp_len);
73d1df2a
MH		 532
533 kfree(rp);
534
535 return err;
536}
537
96f1474a
MH		 538static int read_ext_index_list(struct sock *sk, struct hci_dev *hdev,
539 void *data, u16 data_len)
540{
541 struct mgmt_rp_read_ext_index_list *rp;
542 struct hci_dev *d;
96f1474a
MH		 543 u16 count;
544 int err;
545
181d6953 546 bt_dev_dbg(hdev, "sock %p", sk);
96f1474a
MH		 547
548 read_lock(&hci_dev_list_lock);
549
550 count = 0;
551 list_for_each_entry(d, &hci_dev_list, list) {
ca8bee5d 552 if (d->dev_type == HCI_PRIMARY || d->dev_type == HCI_AMP)
96f1474a
MH		 553 count++;
554 }
555
4a67e5d4 556 rp = kmalloc(struct_size(rp, entry, count), GFP_ATOMIC);
96f1474a
MH		 557 if (!rp) {
558 read_unlock(&hci_dev_list_lock);
559 return -ENOMEM;
560 }
561
562 count = 0;
563 list_for_each_entry(d, &hci_dev_list, list) {
564 if (hci_dev_test_flag(d, HCI_SETUP) ||
565 hci_dev_test_flag(d, HCI_CONFIG) ||
566 hci_dev_test_flag(d, HCI_USER_CHANNEL))
567 continue;
568
569 /* Devices marked as raw-only are neither configured
570 * nor unconfigured controllers.
571 */
572 if (test_bit(HCI_QUIRK_RAW_DEVICE, &d->quirks))
573 continue;
574
ca8bee5d 575 if (d->dev_type == HCI_PRIMARY) {
96f1474a
MH		 576 if (hci_dev_test_flag(d, HCI_UNCONFIGURED))
577 rp->entry[count].type = 0x01;
578 else
579 rp->entry[count].type = 0x00;
580 } else if (d->dev_type == HCI_AMP) {
581 rp->entry[count].type = 0x02;
582 } else {
583 continue;
584 }
585
586 rp->entry[count].bus = d->bus;
587 rp->entry[count++].index = cpu_to_le16(d->id);
181d6953 588 bt_dev_dbg(hdev, "Added hci%u", d->id);
96f1474a
MH		 589 }
590
591 rp->num_controllers = cpu_to_le16(count);
96f1474a
MH		 592
593 read_unlock(&hci_dev_list_lock);
594
595 /* If this command is called at least once, then all the
596 * default index and unconfigured index events are disabled
597 * and from now on only extended index events are used.
598 */
599 hci_sock_set_flag(sk, HCI_MGMT_EXT_INDEX_EVENTS);
600 hci_sock_clear_flag(sk, HCI_MGMT_INDEX_EVENTS);
601 hci_sock_clear_flag(sk, HCI_MGMT_UNCONF_INDEX_EVENTS);
602
603 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4a67e5d4
GS		 604 MGMT_OP_READ_EXT_INDEX_LIST, 0, rp,
605 struct_size(rp, entry, count));
96f1474a
MH		 606
607 kfree(rp);
608
609 return err;
610}
611
dbece37a
MH		 612static bool is_configured(struct hci_dev *hdev)
613{
614 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 615 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
dbece37a
MH		 616 return false;
617
7a0e5b15
MK		 618 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
619 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
dbece37a
MH		 620 !bacmp(&hdev->public_addr, BDADDR_ANY))
621 return false;
622
623 return true;
624}
625
89bc22d2
MH		 626static __le32 get_missing_options(struct hci_dev *hdev)
627{
628 u32 options = 0;
629
dbece37a 630 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) &&
d7a5a11d 631 !hci_dev_test_flag(hdev, HCI_EXT_CONFIGURED))
eb1904f4
MH		 632 options |= MGMT_OPTION_EXTERNAL_CONFIG;
633
7a0e5b15
MK		 634 if ((test_bit(HCI_QUIRK_INVALID_BDADDR, &hdev->quirks) ||
635 test_bit(HCI_QUIRK_USE_BDADDR_PROPERTY, &hdev->quirks)) &&
89bc22d2
MH		 636 !bacmp(&hdev->public_addr, BDADDR_ANY))
637 options |= MGMT_OPTION_PUBLIC_ADDRESS;
638
639 return cpu_to_le32(options);
640}
641
f4537c04
MH		 642static int new_options(struct hci_dev *hdev, struct sock *skip)
643{
644 __le32 options = get_missing_options(hdev);
645
5504c3a3
MH		 646 return mgmt_limited_event(MGMT_EV_NEW_CONFIG_OPTIONS, hdev, &options,
647 sizeof(options), HCI_MGMT_OPTION_EVENTS, skip);
f4537c04
MH		 648}
649
dbece37a
MH		 650static int send_options_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
651{
652 __le32 options = get_missing_options(hdev);
653
2a1afb5a
JH		 654 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &options,
655 sizeof(options));
dbece37a
MH		 656}
657
9fc3bfb6
MH		 658static int read_config_info(struct sock *sk, struct hci_dev *hdev,
659 void *data, u16 data_len)
660{
661 struct mgmt_rp_read_config_info rp;
89bc22d2 662 u32 options = 0;
9fc3bfb6 663
181d6953 664 bt_dev_dbg(hdev, "sock %p", sk);
9fc3bfb6
MH		 665
666 hci_dev_lock(hdev);
667
668 memset(&rp, 0, sizeof(rp));
669 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
89bc22d2 670
eb1904f4
MH		 671 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
672 options |= MGMT_OPTION_EXTERNAL_CONFIG;
673
9fc3bfb6 674 if (hdev->set_bdaddr)
89bc22d2
MH		 675 options |= MGMT_OPTION_PUBLIC_ADDRESS;
676
677 rp.supported_options = cpu_to_le32(options);
678 rp.missing_options = get_missing_options(hdev);
9fc3bfb6
MH		 679
680 hci_dev_unlock(hdev);
681
2a1afb5a
JH		 682 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONFIG_INFO, 0,
683 &rp, sizeof(rp));
9fc3bfb6
MH		 684}
685
6244691f
JK		 686static u32 get_supported_phys(struct hci_dev *hdev)
687{
688 u32 supported_phys = 0;
689
690 if (lmp_bredr_capable(hdev)) {
691 supported_phys |= MGMT_PHY_BR_1M_1SLOT;
692
693 if (hdev->features[0][0] & LMP_3SLOT)
694 supported_phys |= MGMT_PHY_BR_1M_3SLOT;
695
696 if (hdev->features[0][0] & LMP_5SLOT)
697 supported_phys |= MGMT_PHY_BR_1M_5SLOT;
698
699 if (lmp_edr_2m_capable(hdev)) {
700 supported_phys |= MGMT_PHY_EDR_2M_1SLOT;
701
702 if (lmp_edr_3slot_capable(hdev))
703 supported_phys |= MGMT_PHY_EDR_2M_3SLOT;
704
705 if (lmp_edr_5slot_capable(hdev))
706 supported_phys |= MGMT_PHY_EDR_2M_5SLOT;
707
708 if (lmp_edr_3m_capable(hdev)) {
709 supported_phys |= MGMT_PHY_EDR_3M_1SLOT;
710
711 if (lmp_edr_3slot_capable(hdev))
712 supported_phys |= MGMT_PHY_EDR_3M_3SLOT;
713
714 if (lmp_edr_5slot_capable(hdev))
715 supported_phys |= MGMT_PHY_EDR_3M_5SLOT;
716 }
717 }
718 }
719
720 if (lmp_le_capable(hdev)) {
721 supported_phys |= MGMT_PHY_LE_1M_TX;
722 supported_phys |= MGMT_PHY_LE_1M_RX;
723
724 if (hdev->le_features[1] & HCI_LE_PHY_2M) {
725 supported_phys |= MGMT_PHY_LE_2M_TX;
726 supported_phys |= MGMT_PHY_LE_2M_RX;
727 }
728
729 if (hdev->le_features[1] & HCI_LE_PHY_CODED) {
730 supported_phys |= MGMT_PHY_LE_CODED_TX;
731 supported_phys |= MGMT_PHY_LE_CODED_RX;
732 }
733 }
734
735 return supported_phys;
736}
737
738static u32 get_selected_phys(struct hci_dev *hdev)
739{
740 u32 selected_phys = 0;
741
742 if (lmp_bredr_capable(hdev)) {
743 selected_phys |= MGMT_PHY_BR_1M_1SLOT;
744
745 if (hdev->pkt_type & (HCI_DM3 | HCI_DH3))
746 selected_phys |= MGMT_PHY_BR_1M_3SLOT;
747
748 if (hdev->pkt_type & (HCI_DM5 | HCI_DH5))
749 selected_phys |= MGMT_PHY_BR_1M_5SLOT;
750
751 if (lmp_edr_2m_capable(hdev)) {
752 if (!(hdev->pkt_type & HCI_2DH1))
753 selected_phys |= MGMT_PHY_EDR_2M_1SLOT;
754
755 if (lmp_edr_3slot_capable(hdev) &&
756 !(hdev->pkt_type & HCI_2DH3))
757 selected_phys |= MGMT_PHY_EDR_2M_3SLOT;
758
759 if (lmp_edr_5slot_capable(hdev) &&
760 !(hdev->pkt_type & HCI_2DH5))
761 selected_phys |= MGMT_PHY_EDR_2M_5SLOT;
762
763 if (lmp_edr_3m_capable(hdev)) {
764 if (!(hdev->pkt_type & HCI_3DH1))
765 selected_phys |= MGMT_PHY_EDR_3M_1SLOT;
766
767 if (lmp_edr_3slot_capable(hdev) &&
768 !(hdev->pkt_type & HCI_3DH3))
769 selected_phys |= MGMT_PHY_EDR_3M_3SLOT;
770
771 if (lmp_edr_5slot_capable(hdev) &&
772 !(hdev->pkt_type & HCI_3DH5))
773 selected_phys |= MGMT_PHY_EDR_3M_5SLOT;
774 }
775 }
776 }
777
778 if (lmp_le_capable(hdev)) {
779 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_1M)
780 selected_phys |= MGMT_PHY_LE_1M_TX;
781
782 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_1M)
783 selected_phys |= MGMT_PHY_LE_1M_RX;
784
785 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_2M)
786 selected_phys |= MGMT_PHY_LE_2M_TX;
787
788 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_2M)
789 selected_phys |= MGMT_PHY_LE_2M_RX;
790
791 if (hdev->le_tx_def_phys & HCI_LE_SET_PHY_CODED)
792 selected_phys |= MGMT_PHY_LE_CODED_TX;
793
794 if (hdev->le_rx_def_phys & HCI_LE_SET_PHY_CODED)
795 selected_phys |= MGMT_PHY_LE_CODED_RX;
796 }
797
798 return selected_phys;
799}
800
801static u32 get_configurable_phys(struct hci_dev *hdev)
802{
803 return (get_supported_phys(hdev) & ~MGMT_PHY_BR_1M_1SLOT &
804 ~MGMT_PHY_LE_1M_TX & ~MGMT_PHY_LE_1M_RX);
805}
806
69ab39ea
JH		 807static u32 get_supported_settings(struct hci_dev *hdev)
808{
809 u32 settings = 0;
810
811 settings |= MGMT_SETTING_POWERED;
b2939475 812 settings |= MGMT_SETTING_BONDABLE;
b1de97d8 813 settings |= MGMT_SETTING_DEBUG_KEYS;
3742abfc
JH		 814 settings |= MGMT_SETTING_CONNECTABLE;
815 settings |= MGMT_SETTING_DISCOVERABLE;
69ab39ea 816
ed3fa31f 817 if (lmp_bredr_capable(hdev)) {
1a47aee8
JH		 818 if (hdev->hci_ver >= BLUETOOTH_VER_1_2)
819 settings |= MGMT_SETTING_FAST_CONNECTABLE;
69ab39ea
JH		 820 settings |= MGMT_SETTING_BREDR;
821 settings |= MGMT_SETTING_LINK_SECURITY;
a82974c9
MH		 822
823 if (lmp_ssp_capable(hdev)) {
824 settings |= MGMT_SETTING_SSP;
b560a208
LAD		 825 if (IS_ENABLED(CONFIG_BT_HS))
826 settings |= MGMT_SETTING_HS;
a82974c9 827 }
e98d2ce2 828
05b3c3e7 829 if (lmp_sc_capable(hdev))
e98d2ce2 830 settings |= MGMT_SETTING_SECURE_CONN;
4b127bd5 831
00bce3fb 832 if (test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED,
4b127bd5 833 &hdev->quirks))
00bce3fb 834 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
848566b3 835 }
d7b7e796 836
eeca6f89 837 if (lmp_le_capable(hdev)) {
9d42820f 838 settings |= MGMT_SETTING_LE;
a3209694 839 settings |= MGMT_SETTING_SECURE_CONN;
0f4bd942 840 settings |= MGMT_SETTING_PRIVACY;
93690c22 841 settings |= MGMT_SETTING_STATIC_ADDRESS;
ad383c2c 842 settings |= MGMT_SETTING_ADVERTISING;
eeca6f89 843 }
69ab39ea 844
eb1904f4
MH		 845 if (test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks) ||
846 hdev->set_bdaddr)
9fc3bfb6
MH		 847 settings |= MGMT_SETTING_CONFIGURATION;
848
6244691f
JK		 849 settings |= MGMT_SETTING_PHY_CONFIGURATION;
850
69ab39ea
JH		 851 return settings;
852}
853
854static u32 get_current_settings(struct hci_dev *hdev)
855{
856 u32 settings = 0;
857
f1f0eb02 858 if (hdev_is_powered(hdev))
f0d4b78a
MH		 859 settings |= MGMT_SETTING_POWERED;
860
d7a5a11d 861 if (hci_dev_test_flag(hdev, HCI_CONNECTABLE))
69ab39ea
JH		 862 settings |= MGMT_SETTING_CONNECTABLE;
863
d7a5a11d 864 if (hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE))
1a4d3c4b
JH		 865 settings |= MGMT_SETTING_FAST_CONNECTABLE;
866
d7a5a11d 867 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
69ab39ea
JH		 868 settings |= MGMT_SETTING_DISCOVERABLE;
869
d7a5a11d 870 if (hci_dev_test_flag(hdev, HCI_BONDABLE))
b2939475 871 settings |= MGMT_SETTING_BONDABLE;
69ab39ea 872
d7a5a11d 873 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
69ab39ea
JH		 874 settings |= MGMT_SETTING_BREDR;
875
d7a5a11d 876 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
69ab39ea
JH		 877 settings |= MGMT_SETTING_LE;
878
d7a5a11d 879 if (hci_dev_test_flag(hdev, HCI_LINK_SECURITY))
69ab39ea
JH		 880 settings |= MGMT_SETTING_LINK_SECURITY;
881
d7a5a11d 882 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
69ab39ea
JH		 883 settings |= MGMT_SETTING_SSP;
884
d7a5a11d 885 if (hci_dev_test_flag(hdev, HCI_HS_ENABLED))
6d80dfd0
JH		 886 settings |= MGMT_SETTING_HS;
887
d7a5a11d 888 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
eeca6f89
JH		 889 settings |= MGMT_SETTING_ADVERTISING;
890
d7a5a11d 891 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED))
e98d2ce2
MH		 892 settings |= MGMT_SETTING_SECURE_CONN;
893
d7a5a11d 894 if (hci_dev_test_flag(hdev, HCI_KEEP_DEBUG_KEYS))
b1de97d8
MH		 895 settings |= MGMT_SETTING_DEBUG_KEYS;
896
d7a5a11d 897 if (hci_dev_test_flag(hdev, HCI_PRIVACY))
0f4bd942
JH		 898 settings |= MGMT_SETTING_PRIVACY;
899
93690c22
MH		 900 /* The current setting for static address has two purposes. The
901 * first is to indicate if the static address will be used and
902 * the second is to indicate if it is actually set.
903 *
904 * This means if the static address is not configured, this flag
08dc0e98 905 * will never be set. If the address is configured, then if the
93690c22
MH		 906 * address is actually used decides if the flag is set or not.
907 *
908 * For single mode LE only controllers and dual-mode controllers
909 * with BR/EDR disabled, the existence of the static address will
910 * be evaluated.
911 */
b7cb93e5 912 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
d7a5a11d 913 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
93690c22
MH		 914 !bacmp(&hdev->bdaddr, BDADDR_ANY)) {
915 if (bacmp(&hdev->static_addr, BDADDR_ANY))
916 settings |= MGMT_SETTING_STATIC_ADDRESS;
917 }
918
00bce3fb
AM		 919 if (hci_dev_test_flag(hdev, HCI_WIDEBAND_SPEECH_ENABLED))
920 settings |= MGMT_SETTING_WIDEBAND_SPEECH;
921
69ab39ea
JH		 922 return settings;
923}
924
333ae95d
JH		 925static struct mgmt_pending_cmd *pending_find(u16 opcode, struct hci_dev *hdev)
926{
927 return mgmt_pending_find(HCI_CHANNEL_CONTROL, opcode, hdev);
928}
929
333ae95d
JH		 930static struct mgmt_pending_cmd *pending_find_data(u16 opcode,
931 struct hci_dev *hdev,
932 const void *data)
933{
934 return mgmt_pending_find_data(HCI_CHANNEL_CONTROL, opcode, hdev, data);
935}
936
f2252570 937u8 mgmt_get_adv_discov_flags(struct hci_dev *hdev)
9a43e25f 938{
3b0602cd 939 struct mgmt_pending_cmd *cmd;
9a43e25f
JH		 940
941 /* If there's a pending mgmt command the flags will not yet have
942 * their final values, so check for this first.
943 */
333ae95d 944 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
9a43e25f
JH		 945 if (cmd) {
946 struct mgmt_mode *cp = cmd->param;
947 if (cp->val == 0x01)
948 return LE_AD_GENERAL;
949 else if (cp->val == 0x02)
950 return LE_AD_LIMITED;
951 } else {
d7a5a11d 952 if (hci_dev_test_flag(hdev, HCI_LIMITED_DISCOVERABLE))
9a43e25f 953 return LE_AD_LIMITED;
d7a5a11d 954 else if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE))
9a43e25f
JH		 955 return LE_AD_GENERAL;
956 }
957
958 return 0;
959}
960
f2252570 961bool mgmt_get_connectable(struct hci_dev *hdev)
fdf51784
AU		 962{
963 struct mgmt_pending_cmd *cmd;
441ad2d0 964
fdf51784
AU		 965 /* If there's a pending mgmt command the flag will not yet have
966 * it's final value, so check for this first.
967 */
968 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
969 if (cmd) {
970 struct mgmt_mode *cp = cmd->param;
441ad2d0 971
fdf51784 972 return cp->val;
441ad2d0
MH		 973 }
974
fdf51784
AU		 975 return hci_dev_test_flag(hdev, HCI_CONNECTABLE);
976}
441ad2d0 977
161510cc
LAD		 978static int service_cache_sync(struct hci_dev *hdev, void *data)
979{
980 hci_update_eir_sync(hdev);
981 hci_update_class_sync(hdev);
982
983 return 0;
984}
985
7d78525d
JH		 986static void service_cache_off(struct work_struct *work)
987{
988 struct hci_dev *hdev = container_of(work, struct hci_dev,
04124681 989 service_cache.work);
7d78525d 990
a69d8927 991 if (!hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE))
7d78525d
JH		 992 return;
993
161510cc 994 hci_cmd_sync_queue(hdev, service_cache_sync, NULL, NULL);
7d78525d
JH		 995}
996
cba6b758
LAD		 997static int rpa_expired_sync(struct hci_dev *hdev, void *data)
998{
999 /* The generation of a new RPA and programming it into the
1000 * controller happens in the hci_req_enable_advertising()
1001 * function.
1002 */
1003 if (ext_adv_capable(hdev))
1004 return hci_start_ext_adv_sync(hdev, hdev->cur_adv_instance);
1005 else
1006 return hci_enable_advertising_sync(hdev);
1007}
1008
d6bfd59c
JH		 1009static void rpa_expired(struct work_struct *work)
1010{
1011 struct hci_dev *hdev = container_of(work, struct hci_dev,
1012 rpa_expired.work);
d6bfd59c 1013
181d6953 1014 bt_dev_dbg(hdev, "");
d6bfd59c 1015
a1536da2 1016 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
d6bfd59c 1017
d7a5a11d 1018 if (!hci_dev_test_flag(hdev, HCI_ADVERTISING))
d6bfd59c
JH		 1019 return;
1020
cba6b758 1021 hci_cmd_sync_queue(hdev, rpa_expired_sync, NULL, NULL);
d6bfd59c
JH		 1022}
1023
6a919082 1024static void mgmt_init_hdev(struct sock *sk, struct hci_dev *hdev)
7d78525d 1025{
238be788 1026 if (hci_dev_test_and_set_flag(hdev, HCI_MGMT))
6a919082
JH		 1027 return;
1028
4f87da80 1029 INIT_DELAYED_WORK(&hdev->service_cache, service_cache_off);
d6bfd59c 1030 INIT_DELAYED_WORK(&hdev->rpa_expired, rpa_expired);
7d78525d 1031
4f87da80
JH		 1032 /* Non-mgmt controlled devices get this bit set
1033 * implicitly so that pairing works for them, however
1034 * for mgmt we require user-space to explicitly enable
1035 * it
1036 */
a358dc11 1037 hci_dev_clear_flag(hdev, HCI_BONDABLE);
7d78525d
JH		 1038}
1039
0f4e68cf 1040static int read_controller_info(struct sock *sk, struct hci_dev *hdev,
04124681 1041 void *data, u16 data_len)
0381101f 1042{
a38528f1 1043 struct mgmt_rp_read_info rp;
f7b64e69 1044
181d6953 1045 bt_dev_dbg(hdev, "sock %p", sk);
f7b64e69 1046
09fd0de5 1047 hci_dev_lock(hdev);
f7b64e69 1048
dc4fe30b
JH		 1049 memset(&rp, 0, sizeof(rp));
1050
69ab39ea 1051 bacpy(&rp.bdaddr, &hdev->bdaddr);
f7b64e69 1052
69ab39ea 1053 rp.version = hdev->hci_ver;
eb55ef07 1054 rp.manufacturer = cpu_to_le16(hdev->manufacturer);
69ab39ea
JH		 1055
1056 rp.supported_settings = cpu_to_le32(get_supported_settings(hdev));
1057 rp.current_settings = cpu_to_le32(get_current_settings(hdev));
f7b64e69 1058
a38528f1 1059 memcpy(rp.dev_class, hdev->dev_class, 3);
f7b64e69 1060
dc4fe30b 1061 memcpy(rp.name, hdev->dev_name, sizeof(hdev->dev_name));
27fcc362 1062 memcpy(rp.short_name, hdev->short_name, sizeof(hdev->short_name));
dc4fe30b 1063
09fd0de5 1064 hci_dev_unlock(hdev);
0381101f 1065
2a1afb5a
JH		 1066 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_INFO, 0, &rp,
1067 sizeof(rp));
0381101f
JH		 1068}
1069
cde7a863
MN		 1070static u16 append_eir_data_to_buf(struct hci_dev *hdev, u8 *eir)
1071{
1072 u16 eir_len = 0;
1073 size_t name_len;
1074
1075 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
1076 eir_len = eir_append_data(eir, eir_len, EIR_CLASS_OF_DEV,
1077 hdev->dev_class, 3);
1078
6a9e90bf
SJ		 1079 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED))
1080 eir_len = eir_append_le16(eir, eir_len, EIR_APPEARANCE,
1081 hdev->appearance);
1082
cde7a863
MN		 1083 name_len = strlen(hdev->dev_name);
1084 eir_len = eir_append_data(eir, eir_len, EIR_NAME_COMPLETE,
1085 hdev->dev_name, name_len);
1086
1087 name_len = strlen(hdev->short_name);
1088 eir_len = eir_append_data(eir, eir_len, EIR_NAME_SHORT,
1089 hdev->short_name, name_len);
1090
1091 return eir_len;
1092}
1093
321c6fee
MH		 1094static int read_ext_controller_info(struct sock *sk, struct hci_dev *hdev,
1095 void *data, u16 data_len)
1096{
7d5c11da
SJ		 1097 char buf[512];
1098 struct mgmt_rp_read_ext_info *rp = (void *)buf;
cde7a863 1099 u16 eir_len;
321c6fee 1100
181d6953 1101 bt_dev_dbg(hdev, "sock %p", sk);
321c6fee 1102
7d5c11da
SJ		 1103 memset(&buf, 0, sizeof(buf));
1104
321c6fee
MH		 1105 hci_dev_lock(hdev);
1106
7d5c11da
SJ		 1107 bacpy(&rp->bdaddr, &hdev->bdaddr);
1108
1109 rp->version = hdev->hci_ver;
1110 rp->manufacturer = cpu_to_le16(hdev->manufacturer);
1111
1112 rp->supported_settings = cpu_to_le32(get_supported_settings(hdev));
1113 rp->current_settings = cpu_to_le32(get_current_settings(hdev));
1114
321c6fee 1115
cde7a863 1116 eir_len = append_eir_data_to_buf(hdev, rp->eir);
8a0c9f49 1117 rp->eir_len = cpu_to_le16(eir_len);
321c6fee
MH		 1118
1119 hci_dev_unlock(hdev);
1120
1121 /* If this command is called at least once, then the events
1122 * for class of device and local name changes are disabled
1123 * and only the new extended controller information event
1124 * is used.
1125 */
1126 hci_sock_set_flag(sk, HCI_MGMT_EXT_INFO_EVENTS);
1127 hci_sock_clear_flag(sk, HCI_MGMT_DEV_CLASS_EVENTS);
1128 hci_sock_clear_flag(sk, HCI_MGMT_LOCAL_NAME_EVENTS);
1129
8a0c9f49
MN		 1130 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_EXT_INFO, 0, rp,
1131 sizeof(*rp) + eir_len);
321c6fee
MH		 1132}
1133
1134static int ext_info_changed(struct hci_dev *hdev, struct sock *skip)
1135{
5e9fae48
MN		 1136 char buf[512];
1137 struct mgmt_ev_ext_info_changed *ev = (void *)buf;
1138 u16 eir_len;
1139
1140 memset(buf, 0, sizeof(buf));
321c6fee 1141
5e9fae48
MN		 1142 eir_len = append_eir_data_to_buf(hdev, ev->eir);
1143 ev->eir_len = cpu_to_le16(eir_len);
321c6fee 1144
5e9fae48
MN		 1145 return mgmt_limited_event(MGMT_EV_EXT_INFO_CHANGED, hdev, ev,
1146 sizeof(*ev) + eir_len,
1147 HCI_MGMT_EXT_INFO_EVENTS, skip);
321c6fee
MH		 1148}
1149
69ab39ea 1150static int send_settings_rsp(struct sock *sk, u16 opcode, struct hci_dev *hdev)
8680570b 1151{
69ab39ea 1152 __le32 settings = cpu_to_le32(get_current_settings(hdev));
8680570b 1153
2a1afb5a
JH		 1154 return mgmt_cmd_complete(sk, hdev->id, opcode, 0, &settings,
1155 sizeof(settings));
8680570b
JH		 1156}
1157
f2252570 1158void mgmt_advertising_added(struct sock *sk, struct hci_dev *hdev, u8 instance)
912098a6
AU		 1159{
1160 struct mgmt_ev_advertising_added ev;
1161
1162 ev.instance = instance;
1163
1164 mgmt_event(MGMT_EV_ADVERTISING_ADDED, hdev, &ev, sizeof(ev), sk);
1165}
1166
f2252570
JH		 1167void mgmt_advertising_removed(struct sock *sk, struct hci_dev *hdev,
1168 u8 instance)
912098a6
AU		 1169{
1170 struct mgmt_ev_advertising_removed ev;
1171
1172 ev.instance = instance;
1173
1174 mgmt_event(MGMT_EV_ADVERTISING_REMOVED, hdev, &ev, sizeof(ev), sk);
1175}
1176
7816b820
FG		 1177static void cancel_adv_timeout(struct hci_dev *hdev)
1178{
1179 if (hdev->adv_instance_timeout) {
1180 hdev->adv_instance_timeout = 0;
1181 cancel_delayed_work(&hdev->adv_instance_expire);
1182 }
1183}
1184
cf75ad8b
LAD		 1185/* This function requires the caller holds hdev->lock */
1186static void restart_le_actions(struct hci_dev *hdev)
8b064a3a 1187{
cf75ad8b 1188 struct hci_conn_params *p;
8b064a3a 1189
cf75ad8b
LAD		 1190 list_for_each_entry(p, &hdev->le_conn_params, list) {
1191 /* Needed for AUTO_OFF case where might not "really"
1192 * have been powered off.
1193 */
1194 list_del_init(&p->action);
8b064a3a 1195
cf75ad8b
LAD		 1196 switch (p->auto_connect) {
1197 case HCI_AUTO_CONN_DIRECT:
1198 case HCI_AUTO_CONN_ALWAYS:
1199 list_add(&p->action, &hdev->pend_le_conns);
1200 break;
1201 case HCI_AUTO_CONN_REPORT:
1202 list_add(&p->action, &hdev->pend_le_reports);
1203 break;
1204 default:
1205 break;
1206 }
8b064a3a 1207 }
cf75ad8b 1208}
8b064a3a 1209
cf75ad8b
LAD		 1210static int new_settings(struct hci_dev *hdev, struct sock *skip)
1211{
1212 __le32 ev = cpu_to_le32(get_current_settings(hdev));
912098a6 1213
cf75ad8b
LAD		 1214 return mgmt_limited_event(MGMT_EV_NEW_SETTINGS, hdev, &ev,
1215 sizeof(ev), HCI_MGMT_SETTING_EVENTS, skip);
1216}
8b064a3a 1217
cf75ad8b
LAD		 1218static void mgmt_set_powered_complete(struct hci_dev *hdev, void *data, int err)
1219{
1220 struct mgmt_pending_cmd *cmd = data;
1221 struct mgmt_mode *cp = cmd->param;
1222
1223 bt_dev_dbg(hdev, "err %d", err);
1224
1225 if (!err) {
1226 if (cp->val) {
1227 hci_dev_lock(hdev);
1228 restart_le_actions(hdev);
1229 hci_update_passive_scan(hdev);
1230 hci_dev_unlock(hdev);
1231 }
8b064a3a 1232
cf75ad8b
LAD		 1233 send_settings_rsp(cmd->sk, cmd->opcode, hdev);
1234
1235 /* Only call new_setting for power on as power off is deferred
1236 * to hdev->power_off work which does call hci_dev_do_close.
1237 */
1238 if (cp->val)
1239 new_settings(hdev, cmd->sk);
1240 } else {
1241 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED,
1242 mgmt_status(err));
8b064a3a
JH		 1243 }
1244
cf75ad8b
LAD		 1245 mgmt_pending_free(cmd);
1246}
23a48093 1247
cf75ad8b
LAD		 1248static int set_powered_sync(struct hci_dev *hdev, void *data)
1249{
1250 struct mgmt_pending_cmd *cmd = data;
1251 struct mgmt_mode *cp = cmd->param;
1252
1253 BT_DBG("%s", hdev->name);
1254
1255 return hci_set_powered_sync(hdev, cp->val);
8b064a3a
JH		 1256}
1257
bdb6d971 1258static int set_powered(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1259 u16 len)
eec8d2bc 1260{
650f726d 1261 struct mgmt_mode *cp = data;
3b0602cd 1262 struct mgmt_pending_cmd *cmd;
4b34ee78 1263 int err;
eec8d2bc 1264
181d6953 1265 bt_dev_dbg(hdev, "sock %p", sk);
eec8d2bc 1266
a7e80f25 1267 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1268 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1269 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1270
09fd0de5 1271 hci_dev_lock(hdev);
eec8d2bc 1272
333ae95d 1273 if (pending_find(MGMT_OP_SET_POWERED, hdev)) {
a69e8375
JH		 1274 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_POWERED,
1275 MGMT_STATUS_BUSY);
87b95ba6
JH		 1276 goto failed;
1277 }
1278
4b34ee78 1279 if (!!cp->val == hdev_is_powered(hdev)) {
69ab39ea 1280 err = send_settings_rsp(sk, MGMT_OP_SET_POWERED, hdev);
eec8d2bc
JH		 1281 goto failed;
1282 }
1283
cf75ad8b 1284 cmd = mgmt_pending_new(sk, MGMT_OP_SET_POWERED, hdev, data, len);
366a0336
JH		 1285 if (!cmd) {
1286 err = -ENOMEM;
eec8d2bc 1287 goto failed;
366a0336 1288 }
eec8d2bc 1289
cf75ad8b
LAD		 1290 err = hci_cmd_sync_queue(hdev, set_powered_sync, cmd,
1291 mgmt_set_powered_complete);
eec8d2bc
JH		 1292
1293failed:
09fd0de5 1294 hci_dev_unlock(hdev);
366a0336 1295 return err;
eec8d2bc
JH		 1296}
1297
91a668b0
JH		 1298int mgmt_new_settings(struct hci_dev *hdev)
1299{
1300 return new_settings(hdev, NULL);
1301}
1302
bd99abdd
JH		 1303struct cmd_lookup {
1304 struct sock *sk;
1305 struct hci_dev *hdev;
1306 u8 mgmt_status;
1307};
1308
3b0602cd 1309static void settings_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1310{
1311 struct cmd_lookup *match = data;
1312
1313 send_settings_rsp(cmd->sk, cmd->opcode, match->hdev);
1314
1315 list_del(&cmd->list);
1316
1317 if (match->sk == NULL) {
1318 match->sk = cmd->sk;
1319 sock_hold(match->sk);
1320 }
1321
1322 mgmt_pending_free(cmd);
1323}
1324
3b0602cd 1325static void cmd_status_rsp(struct mgmt_pending_cmd *cmd, void *data)
bd99abdd
JH		 1326{
1327 u8 *status = data;
1328
a69e8375 1329 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, *status);
bd99abdd
JH		 1330 mgmt_pending_remove(cmd);
1331}
1332
3b0602cd 1333static void cmd_complete_rsp(struct mgmt_pending_cmd *cmd, void *data)
1b9b5ee5
JH		 1334{
1335 if (cmd->cmd_complete) {
1336 u8 *status = data;
1337
1338 cmd->cmd_complete(cmd, *status);
1339 mgmt_pending_remove(cmd);
1340
1341 return;
1342 }
1343
1344 cmd_status_rsp(cmd, data);
1345}
1346
3b0602cd 1347static int generic_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
f5818c22 1348{
2a1afb5a
JH		 1349 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1350 cmd->param, cmd->param_len);
f5818c22
JH		 1351}
1352
3b0602cd 1353static int addr_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
7776d1d8 1354{
2a1afb5a
JH		 1355 return mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status,
1356 cmd->param, sizeof(struct mgmt_addr_info));
7776d1d8
JH		 1357}
1358
e6fe7986
JH		 1359static u8 mgmt_bredr_support(struct hci_dev *hdev)
1360{
1361 if (!lmp_bredr_capable(hdev))
1362 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1363 else if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
e6fe7986
JH		 1364 return MGMT_STATUS_REJECTED;
1365 else
1366 return MGMT_STATUS_SUCCESS;
1367}
1368
1369static u8 mgmt_le_support(struct hci_dev *hdev)
1370{
1371 if (!lmp_le_capable(hdev))
1372 return MGMT_STATUS_NOT_SUPPORTED;
d7a5a11d 1373 else if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
e6fe7986
JH		 1374 return MGMT_STATUS_REJECTED;
1375 else
1376 return MGMT_STATUS_SUCCESS;
1377}
1378
aed1a885 1379void mgmt_set_discoverable_complete(struct hci_dev *hdev, u8 status)
bfaf8c9f 1380{
3b0602cd 1381 struct mgmt_pending_cmd *cmd;
bfaf8c9f 1382
181d6953 1383 bt_dev_dbg(hdev, "status 0x%02x", status);
bfaf8c9f
JH		 1384
1385 hci_dev_lock(hdev);
1386
333ae95d 1387 cmd = pending_find(MGMT_OP_SET_DISCOVERABLE, hdev);
bfaf8c9f
JH		 1388 if (!cmd)
1389 goto unlock;
1390
1391 if (status) {
1392 u8 mgmt_err = mgmt_status(status);
a69e8375 1393 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
a358dc11 1394 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
bfaf8c9f
JH		 1395 goto remove_cmd;
1396 }
1397
aed1a885
JH		 1398 if (hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1399 hdev->discov_timeout > 0) {
1400 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
1401 queue_delayed_work(hdev->req_workqueue, &hdev->discov_off, to);
d4462a07 1402 }
bfaf8c9f
JH		 1403
1404 send_settings_rsp(cmd->sk, MGMT_OP_SET_DISCOVERABLE, hdev);
aed1a885 1405 new_settings(hdev, cmd->sk);
970ba524 1406
bfaf8c9f
JH		 1407remove_cmd:
1408 mgmt_pending_remove(cmd);
1409
1410unlock:
1411 hci_dev_unlock(hdev);
1412}
1413
bdb6d971 1414static int set_discoverable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1415 u16 len)
73f22f62 1416{
650f726d 1417 struct mgmt_cp_set_discoverable *cp = data;
3b0602cd 1418 struct mgmt_pending_cmd *cmd;
5e5282bb 1419 u16 timeout;
73f22f62
JH		 1420 int err;
1421
181d6953 1422 bt_dev_dbg(hdev, "sock %p", sk);
73f22f62 1423
d7a5a11d
MH		 1424 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1425 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1426 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1427 MGMT_STATUS_REJECTED);
33c525c0 1428
310a3d48 1429 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 1430 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1431 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1432
1f350c87 1433 timeout = __le16_to_cpu(cp->timeout);
310a3d48
MH		 1434
1435 /* Disabling discoverable requires that no timeout is set,
1436 * and enabling limited discoverable requires a timeout.
1437 */
1438 if ((cp->val == 0x00 && timeout > 0) ||
1439 (cp->val == 0x02 && timeout == 0))
a69e8375
JH		 1440 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1441 MGMT_STATUS_INVALID_PARAMS);
73f22f62 1442
09fd0de5 1443 hci_dev_lock(hdev);
73f22f62 1444
5e5282bb 1445 if (!hdev_is_powered(hdev) && timeout > 0) {
a69e8375
JH		 1446 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1447 MGMT_STATUS_NOT_POWERED);
73f22f62
JH		 1448 goto failed;
1449 }
1450
333ae95d
JH		 1451 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1452 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1453 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1454 MGMT_STATUS_BUSY);
73f22f62
JH		 1455 goto failed;
1456 }
1457
d7a5a11d 1458 if (!hci_dev_test_flag(hdev, HCI_CONNECTABLE)) {
a69e8375
JH		 1459 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1460 MGMT_STATUS_REJECTED);
5e5282bb
JH		 1461 goto failed;
1462 }
1463
4867bd00
APS		 1464 if (hdev->advertising_paused) {
1465 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DISCOVERABLE,
1466 MGMT_STATUS_BUSY);
1467 goto failed;
1468 }
1469
5e5282bb 1470 if (!hdev_is_powered(hdev)) {
0224d2fa
JH		 1471 bool changed = false;
1472
310a3d48
MH		 1473 /* Setting limited discoverable when powered off is
1474 * not a valid operation since it requires a timeout
1475 * and so no need to check HCI_LIMITED_DISCOVERABLE.
1476 */
d7a5a11d 1477 if (!!cp->val != hci_dev_test_flag(hdev, HCI_DISCOVERABLE)) {
ce05d603 1478 hci_dev_change_flag(hdev, HCI_DISCOVERABLE);
0224d2fa
JH		 1479 changed = true;
1480 }
1481
5e5282bb 1482 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
0224d2fa
JH		 1483 if (err < 0)
1484 goto failed;
1485
1486 if (changed)
1487 err = new_settings(hdev, sk);
1488
5e5282bb
JH		 1489 goto failed;
1490 }
1491
310a3d48
MH		 1492 /* If the current mode is the same, then just update the timeout
1493 * value with the new value. And if only the timeout gets updated,
1494 * then no need for any HCI transactions.
1495 */
d7a5a11d
MH		 1496 if (!!cp->val == hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1497 (cp->val == 0x02) == hci_dev_test_flag(hdev,
1498 HCI_LIMITED_DISCOVERABLE)) {
36261547
MH		 1499 cancel_delayed_work(&hdev->discov_off);
1500 hdev->discov_timeout = timeout;
955638ec 1501
36261547
MH		 1502 if (cp->val && hdev->discov_timeout > 0) {
1503 int to = msecs_to_jiffies(hdev->discov_timeout * 1000);
c366f555
JH		 1504 queue_delayed_work(hdev->req_workqueue,
1505 &hdev->discov_off, to);
955638ec
MH		 1506 }
1507
69ab39ea 1508 err = send_settings_rsp(sk, MGMT_OP_SET_DISCOVERABLE, hdev);
73f22f62
JH		 1509 goto failed;
1510 }
1511
2e58ef3e 1512 cmd = mgmt_pending_add(sk, MGMT_OP_SET_DISCOVERABLE, hdev, data, len);
366a0336
JH		 1513 if (!cmd) {
1514 err = -ENOMEM;
73f22f62 1515 goto failed;
366a0336 1516 }
73f22f62 1517
310a3d48
MH		 1518 /* Cancel any potential discoverable timeout that might be
1519 * still active and store new timeout value. The arming of
1520 * the timeout happens in the complete handler.
1521 */
1522 cancel_delayed_work(&hdev->discov_off);
1523 hdev->discov_timeout = timeout;
1524
aed1a885
JH		 1525 if (cp->val)
1526 hci_dev_set_flag(hdev, HCI_DISCOVERABLE);
1527 else
1528 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1529
b456f87c
JH		 1530 /* Limited discoverable mode */
1531 if (cp->val == 0x02)
a1536da2 1532 hci_dev_set_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1533 else
a358dc11 1534 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
b456f87c 1535
aed1a885
JH		 1536 queue_work(hdev->req_workqueue, &hdev->discoverable_update);
1537 err = 0;
73f22f62
JH		 1538
1539failed:
09fd0de5 1540 hci_dev_unlock(hdev);
73f22f62
JH		 1541 return err;
1542}
1543
53c0ba74 1544void mgmt_set_connectable_complete(struct hci_dev *hdev, u8 status)
2b76f453 1545{
3b0602cd 1546 struct mgmt_pending_cmd *cmd;
2b76f453 1547
181d6953 1548 bt_dev_dbg(hdev, "status 0x%02x", status);
2b76f453
JH		 1549
1550 hci_dev_lock(hdev);
1551
333ae95d 1552 cmd = pending_find(MGMT_OP_SET_CONNECTABLE, hdev);
2b76f453
JH		 1553 if (!cmd)
1554 goto unlock;
1555
37438c1f
JH		 1556 if (status) {
1557 u8 mgmt_err = mgmt_status(status);
a69e8375 1558 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
37438c1f
JH		 1559 goto remove_cmd;
1560 }
1561
2b76f453 1562 send_settings_rsp(cmd->sk, MGMT_OP_SET_CONNECTABLE, hdev);
53c0ba74 1563 new_settings(hdev, cmd->sk);
d7b856f9 1564
37438c1f 1565remove_cmd:
2b76f453
JH		 1566 mgmt_pending_remove(cmd);
1567
1568unlock:
1569 hci_dev_unlock(hdev);
1570}
1571
e8ba3a1f
JH		 1572static int set_connectable_update_settings(struct hci_dev *hdev,
1573 struct sock *sk, u8 val)
1574{
1575 bool changed = false;
1576 int err;
1577
d7a5a11d 1578 if (!!val != hci_dev_test_flag(hdev, HCI_CONNECTABLE))
e8ba3a1f
JH		 1579 changed = true;
1580
1581 if (val) {
a1536da2 1582 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
e8ba3a1f 1583 } else {
a358dc11
MH		 1584 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
1585 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
e8ba3a1f
JH		 1586 }
1587
1588 err = send_settings_rsp(sk, MGMT_OP_SET_CONNECTABLE, hdev);
1589 if (err < 0)
1590 return err;
1591
562064e6 1592 if (changed) {
01b1cb87 1593 hci_req_update_scan(hdev);
5bee2fd6 1594 hci_update_passive_scan(hdev);
e8ba3a1f 1595 return new_settings(hdev, sk);
562064e6 1596 }
e8ba3a1f
JH		 1597
1598 return 0;
1599}
1600
bdb6d971 1601static int set_connectable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1602 u16 len)
9fbcbb45 1603{
650f726d 1604 struct mgmt_mode *cp = data;
3b0602cd 1605 struct mgmt_pending_cmd *cmd;
9fbcbb45
JH		 1606 int err;
1607
181d6953 1608 bt_dev_dbg(hdev, "sock %p", sk);
9fbcbb45 1609
d7a5a11d
MH		 1610 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED) &&
1611 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
a69e8375
JH		 1612 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1613 MGMT_STATUS_REJECTED);
33c525c0 1614
a7e80f25 1615 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1616 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1617 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1618
09fd0de5 1619 hci_dev_lock(hdev);
9fbcbb45 1620
4b34ee78 1621 if (!hdev_is_powered(hdev)) {
e8ba3a1f 1622 err = set_connectable_update_settings(hdev, sk, cp->val);
9fbcbb45
JH		 1623 goto failed;
1624 }
1625
333ae95d
JH		 1626 if (pending_find(MGMT_OP_SET_DISCOVERABLE, hdev) ||
1627 pending_find(MGMT_OP_SET_CONNECTABLE, hdev)) {
a69e8375
JH		 1628 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_CONNECTABLE,
1629 MGMT_STATUS_BUSY);
9fbcbb45
JH		 1630 goto failed;
1631 }
1632
2e58ef3e 1633 cmd = mgmt_pending_add(sk, MGMT_OP_SET_CONNECTABLE, hdev, data, len);
366a0336
JH		 1634 if (!cmd) {
1635 err = -ENOMEM;
9fbcbb45 1636 goto failed;
366a0336 1637 }
9fbcbb45 1638
53c0ba74
JH		 1639 if (cp->val) {
1640 hci_dev_set_flag(hdev, HCI_CONNECTABLE);
1641 } else {
1642 if (hdev->discov_timeout > 0)
1643 cancel_delayed_work(&hdev->discov_off);
2b76f453 1644
53c0ba74
JH		 1645 hci_dev_clear_flag(hdev, HCI_LIMITED_DISCOVERABLE);
1646 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
1647 hci_dev_clear_flag(hdev, HCI_CONNECTABLE);
9b74246f 1648 }
2b76f453 1649
53c0ba74
JH		 1650 queue_work(hdev->req_workqueue, &hdev->connectable_update);
1651 err = 0;
9fbcbb45
JH		 1652
1653failed:
09fd0de5 1654 hci_dev_unlock(hdev);
9fbcbb45
JH		 1655 return err;
1656}
1657
b2939475 1658static int set_bondable(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 1659 u16 len)
c542a06c 1660{
650f726d 1661 struct mgmt_mode *cp = data;
55594356 1662 bool changed;
c542a06c
JH		 1663 int err;
1664
181d6953 1665 bt_dev_dbg(hdev, "sock %p", sk);
c542a06c 1666
a7e80f25 1667 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1668 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BONDABLE,
1669 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1670
09fd0de5 1671 hci_dev_lock(hdev);
c542a06c
JH		 1672
1673 if (cp->val)
238be788 1674 changed = !hci_dev_test_and_set_flag(hdev, HCI_BONDABLE);
c542a06c 1675 else
a69d8927 1676 changed = hci_dev_test_and_clear_flag(hdev, HCI_BONDABLE);
c542a06c 1677
b2939475 1678 err = send_settings_rsp(sk, MGMT_OP_SET_BONDABLE, hdev);
c542a06c 1679 if (err < 0)
55594356 1680 goto unlock;
c542a06c 1681
82a37ade
JH		 1682 if (changed) {
1683 /* In limited privacy mode the change of bondable mode
1684 * may affect the local advertising address.
1685 */
1686 if (hdev_is_powered(hdev) &&
1687 hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
1688 hci_dev_test_flag(hdev, HCI_DISCOVERABLE) &&
1689 hci_dev_test_flag(hdev, HCI_LIMITED_PRIVACY))
1690 queue_work(hdev->req_workqueue,
1691 &hdev->discoverable_update);
1692
55594356 1693 err = new_settings(hdev, sk);
82a37ade 1694 }
c542a06c 1695
55594356 1696unlock:
09fd0de5 1697 hci_dev_unlock(hdev);
c542a06c
JH		 1698 return err;
1699}
1700
04124681
GP		 1701static int set_link_security(struct sock *sk, struct hci_dev *hdev, void *data,
1702 u16 len)
33ef95ed
JH		 1703{
1704 struct mgmt_mode *cp = data;
3b0602cd 1705 struct mgmt_pending_cmd *cmd;
e6fe7986 1706 u8 val, status;
33ef95ed
JH		 1707 int err;
1708
181d6953 1709 bt_dev_dbg(hdev, "sock %p", sk);
33ef95ed 1710
e6fe7986
JH		 1711 status = mgmt_bredr_support(hdev);
1712 if (status)
a69e8375
JH		 1713 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1714 status);
33c525c0 1715
a7e80f25 1716 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1717 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1718 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1719
33ef95ed
JH		 1720 hci_dev_lock(hdev);
1721
4b34ee78 1722 if (!hdev_is_powered(hdev)) {
47990ea0
JH		 1723 bool changed = false;
1724
d7a5a11d 1725 if (!!cp->val != hci_dev_test_flag(hdev, HCI_LINK_SECURITY)) {
ce05d603 1726 hci_dev_change_flag(hdev, HCI_LINK_SECURITY);
47990ea0
JH		 1727 changed = true;
1728 }
1729
1730 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1731 if (err < 0)
1732 goto failed;
1733
1734 if (changed)
1735 err = new_settings(hdev, sk);
1736
33ef95ed
JH		 1737 goto failed;
1738 }
1739
333ae95d 1740 if (pending_find(MGMT_OP_SET_LINK_SECURITY, hdev)) {
a69e8375
JH		 1741 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LINK_SECURITY,
1742 MGMT_STATUS_BUSY);
33ef95ed
JH		 1743 goto failed;
1744 }
1745
1746 val = !!cp->val;
1747
1748 if (test_bit(HCI_AUTH, &hdev->flags) == val) {
1749 err = send_settings_rsp(sk, MGMT_OP_SET_LINK_SECURITY, hdev);
1750 goto failed;
1751 }
1752
1753 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LINK_SECURITY, hdev, data, len);
1754 if (!cmd) {
1755 err = -ENOMEM;
1756 goto failed;
1757 }
1758
1759 err = hci_send_cmd(hdev, HCI_OP_WRITE_AUTH_ENABLE, sizeof(val), &val);
1760 if (err < 0) {
1761 mgmt_pending_remove(cmd);
1762 goto failed;
1763 }
1764
1765failed:
1766 hci_dev_unlock(hdev);
33ef95ed
JH		 1767 return err;
1768}
1769
bdb6d971 1770static int set_ssp(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
ed2c4ee3
JH		 1771{
1772 struct mgmt_mode *cp = data;
3b0602cd 1773 struct mgmt_pending_cmd *cmd;
72ef0c1a 1774 u8 status;
ed2c4ee3
JH		 1775 int err;
1776
181d6953 1777 bt_dev_dbg(hdev, "sock %p", sk);
ed2c4ee3 1778
cdba5281
MH		 1779 status = mgmt_bredr_support(hdev);
1780 if (status)
a69e8375 1781 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP, status);
cdba5281 1782
13ecd8b6 1783 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1784 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1785 MGMT_STATUS_NOT_SUPPORTED);
ed2c4ee3 1786
a7e80f25 1787 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1788 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1789 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1790
13ecd8b6 1791 hci_dev_lock(hdev);
6c8f12c1 1792
4b34ee78 1793 if (!hdev_is_powered(hdev)) {
9ecb3e24 1794 bool changed;
c0ecddc2 1795
9ecb3e24 1796 if (cp->val) {
238be788
MH		 1797 changed = !hci_dev_test_and_set_flag(hdev,
1798 HCI_SSP_ENABLED);
9ecb3e24 1799 } else {
a69d8927
MH		 1800 changed = hci_dev_test_and_clear_flag(hdev,
1801 HCI_SSP_ENABLED);
9ecb3e24 1802 if (!changed)
a69d8927
MH		 1803 changed = hci_dev_test_and_clear_flag(hdev,
1804 HCI_HS_ENABLED);
9ecb3e24 1805 else
a358dc11 1806 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
c0ecddc2
JH		 1807 }
1808
1809 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1810 if (err < 0)
1811 goto failed;
1812
1813 if (changed)
1814 err = new_settings(hdev, sk);
1815
ed2c4ee3
JH		 1816 goto failed;
1817 }
1818
333ae95d 1819 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1820 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SSP,
1821 MGMT_STATUS_BUSY);
ed2c4ee3
JH		 1822 goto failed;
1823 }
1824
d7a5a11d 1825 if (!!cp->val == hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
ed2c4ee3
JH		 1826 err = send_settings_rsp(sk, MGMT_OP_SET_SSP, hdev);
1827 goto failed;
1828 }
1829
1830 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SSP, hdev, data, len);
1831 if (!cmd) {
1832 err = -ENOMEM;
1833 goto failed;
1834 }
1835
d7a5a11d 1836 if (!cp->val && hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 1837 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
1838 sizeof(cp->val), &cp->val);
1839
72ef0c1a 1840 err = hci_send_cmd(hdev, HCI_OP_WRITE_SSP_MODE, 1, &cp->val);
ed2c4ee3
JH		 1841 if (err < 0) {
1842 mgmt_pending_remove(cmd);
1843 goto failed;
1844 }
1845
1846failed:
1847 hci_dev_unlock(hdev);
ed2c4ee3
JH		 1848 return err;
1849}
1850
bdb6d971 1851static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
6d80dfd0
JH		 1852{
1853 struct mgmt_mode *cp = data;
ee392693 1854 bool changed;
e6fe7986 1855 u8 status;
ee392693 1856 int err;
6d80dfd0 1857
181d6953 1858 bt_dev_dbg(hdev, "sock %p", sk);
6d80dfd0 1859
b560a208
LAD		 1860 if (!IS_ENABLED(CONFIG_BT_HS))
1861 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1862 MGMT_STATUS_NOT_SUPPORTED);
1863
e6fe7986
JH		 1864 status = mgmt_bredr_support(hdev);
1865 if (status)
a69e8375 1866 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);
6d80dfd0 1867
9ecb3e24 1868 if (!lmp_ssp_capable(hdev))
a69e8375
JH		 1869 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1870 MGMT_STATUS_NOT_SUPPORTED);
9ecb3e24 1871
d7a5a11d 1872 if (!hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 1873 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1874 MGMT_STATUS_REJECTED);
9ecb3e24 1875
a7e80f25 1876 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1877 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1878 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1879
ee392693
MH		 1880 hci_dev_lock(hdev);
1881
333ae95d 1882 if (pending_find(MGMT_OP_SET_SSP, hdev)) {
a69e8375
JH		 1883 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1884 MGMT_STATUS_BUSY);
a2cb01de
JH		 1885 goto unlock;
1886 }
1887
a0cdf960 1888 if (cp->val) {
238be788 1889 changed = !hci_dev_test_and_set_flag(hdev, HCI_HS_ENABLED);
a0cdf960
MH		 1890 } else {
1891 if (hdev_is_powered(hdev)) {
a69e8375
JH		 1892 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
1893 MGMT_STATUS_REJECTED);
a0cdf960
MH		 1894 goto unlock;
1895 }
1896
a69d8927 1897 changed = hci_dev_test_and_clear_flag(hdev, HCI_HS_ENABLED);
a0cdf960 1898 }
ee392693
MH		 1899
1900 err = send_settings_rsp(sk, MGMT_OP_SET_HS, hdev);
1901 if (err < 0)
1902 goto unlock;
1903
1904 if (changed)
1905 err = new_settings(hdev, sk);
6d80dfd0 1906
ee392693
MH		 1907unlock:
1908 hci_dev_unlock(hdev);
1909 return err;
6d80dfd0
JH		 1910}
1911
1904a853 1912static void le_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
416a4ae5
JH		 1913{
1914 struct cmd_lookup match = { NULL, hdev };
1915
3ad67582
JK		 1916 hci_dev_lock(hdev);
1917
416a4ae5
JH		 1918 if (status) {
1919 u8 mgmt_err = mgmt_status(status);
1920
1921 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, cmd_status_rsp,
1922 &mgmt_err);
3ad67582 1923 goto unlock;
416a4ae5
JH		 1924 }
1925
1926 mgmt_pending_foreach(MGMT_OP_SET_LE, hdev, settings_rsp, &match);
1927
1928 new_settings(hdev, match.sk);
1929
1930 if (match.sk)
1931 sock_put(match.sk);
441ad2d0
MH		 1932
1933 /* Make sure the controller has a good default for
1934 * advertising data. Restrict the update to when LE
1935 * has actually been enabled. During power on, the
1936 * update in powered_update_hci will take care of it.
1937 */
d7a5a11d 1938 if (hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
441ad2d0 1939 struct hci_request req;
441ad2d0 1940 hci_req_init(&req, hdev);
a0fb3726
JK		 1941 if (ext_adv_capable(hdev)) {
1942 int err;
1943
1944 err = __hci_req_setup_ext_adv_instance(&req, 0x00);
1945 if (!err)
1946 __hci_req_update_scan_rsp_data(&req, 0x00);
1947 } else {
1948 __hci_req_update_adv_data(&req, 0x00);
1949 __hci_req_update_scan_rsp_data(&req, 0x00);
1950 }
441ad2d0 1951 hci_req_run(&req, NULL);
5bee2fd6 1952 hci_update_passive_scan(hdev);
441ad2d0 1953 }
3ad67582
JK		 1954
1955unlock:
1956 hci_dev_unlock(hdev);
416a4ae5
JH		 1957}
1958
bdb6d971 1959static int set_le(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
06199cf8
JH		 1960{
1961 struct mgmt_mode *cp = data;
1962 struct hci_cp_write_le_host_supported hci_cp;
3b0602cd 1963 struct mgmt_pending_cmd *cmd;
416a4ae5 1964 struct hci_request req;
06199cf8 1965 int err;
0b60eba1 1966 u8 val, enabled;
06199cf8 1967
181d6953 1968 bt_dev_dbg(hdev, "sock %p", sk);
06199cf8 1969
13ecd8b6 1970 if (!lmp_le_capable(hdev))
a69e8375
JH		 1971 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1972 MGMT_STATUS_NOT_SUPPORTED);
1de028ce 1973
a7e80f25 1974 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 1975 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1976 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 1977
e7844ee5
MH		 1978 /* Bluetooth single mode LE only controllers or dual-mode
1979 * controllers configured as LE only devices, do not allow
1980 * switching LE off. These have either LE enabled explicitly
1981 * or BR/EDR has been previously switched off.
1982 *
1983 * When trying to enable an already enabled LE, then gracefully
1984 * send a positive response. Trying to disable it however will
1985 * result into rejection.
1986 */
1987 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
1988 if (cp->val == 0x01)
1989 return send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
1990
a69e8375
JH		 1991 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
1992 MGMT_STATUS_REJECTED);
e7844ee5 1993 }
c73eee91 1994
13ecd8b6 1995 hci_dev_lock(hdev);
06199cf8
JH		 1996
1997 val = !!cp->val;
ffa88e02 1998 enabled = lmp_host_le_capable(hdev);
06199cf8 1999
847818d9 2000 if (!val)
37d3a1fa 2001 hci_req_clear_adv_instance(hdev, NULL, NULL, 0x00, true);
847818d9 2002
0b60eba1 2003 if (!hdev_is_powered(hdev) || val == enabled) {
06199cf8
JH		 2004 bool changed = false;
2005
d7a5a11d 2006 if (val != hci_dev_test_flag(hdev, HCI_LE_ENABLED)) {
ce05d603 2007 hci_dev_change_flag(hdev, HCI_LE_ENABLED);
06199cf8
JH		 2008 changed = true;
2009 }
2010
d7a5a11d 2011 if (!val && hci_dev_test_flag(hdev, HCI_ADVERTISING)) {
a358dc11 2012 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
eeca6f89
JH		 2013 changed = true;
2014 }
2015
06199cf8
JH		 2016 err = send_settings_rsp(sk, MGMT_OP_SET_LE, hdev);
2017 if (err < 0)
1de028ce 2018 goto unlock;
06199cf8
JH		 2019
2020 if (changed)
2021 err = new_settings(hdev, sk);
2022
1de028ce 2023 goto unlock;
06199cf8
JH		 2024 }
2025
333ae95d
JH		 2026 if (pending_find(MGMT_OP_SET_LE, hdev) ||
2027 pending_find(MGMT_OP_SET_ADVERTISING, hdev)) {
a69e8375
JH		 2028 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_LE,
2029 MGMT_STATUS_BUSY);
1de028ce 2030 goto unlock;
06199cf8
JH		 2031 }
2032
2033 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LE, hdev, data, len);
2034 if (!cmd) {
2035 err = -ENOMEM;
1de028ce 2036 goto unlock;
06199cf8
JH		 2037 }
2038
441ad2d0
MH		 2039 hci_req_init(&req, hdev);
2040
06199cf8
JH		 2041 memset(&hci_cp, 0, sizeof(hci_cp));
2042
2043 if (val) {
2044 hci_cp.le = val;
32226e4f 2045 hci_cp.simul = 0x00;
441ad2d0 2046 } else {
d7a5a11d 2047 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
f2252570 2048 __hci_req_disable_advertising(&req);
45b7749f
JK		 2049
2050 if (ext_adv_capable(hdev))
2051 __hci_req_clear_ext_adv_sets(&req);
06199cf8
JH		 2052 }
2053
416a4ae5
JH		 2054 hci_req_add(&req, HCI_OP_WRITE_LE_HOST_SUPPORTED, sizeof(hci_cp),
2055 &hci_cp);
2056
2057 err = hci_req_run(&req, le_enable_complete);
0c01bc48 2058 if (err < 0)
06199cf8 2059 mgmt_pending_remove(cmd);
06199cf8 2060
1de028ce
JH		 2061unlock:
2062 hci_dev_unlock(hdev);
06199cf8
JH		 2063 return err;
2064}
2065
0cab9c80
JH		 2066/* This is a helper function to test for pending mgmt commands that can
2067 * cause CoD or EIR HCI commands. We can only allow one such pending
2068 * mgmt command at a time since otherwise we cannot easily track what
2069 * the current values are, will be, and based on that calculate if a new
2070 * HCI command needs to be sent and if yes with what value.
2071 */
2072static bool pending_eir_or_class(struct hci_dev *hdev)
2073{
3b0602cd 2074 struct mgmt_pending_cmd *cmd;
0cab9c80
JH		 2075
2076 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
2077 switch (cmd->opcode) {
2078 case MGMT_OP_ADD_UUID:
2079 case MGMT_OP_REMOVE_UUID:
2080 case MGMT_OP_SET_DEV_CLASS:
2081 case MGMT_OP_SET_POWERED:
2082 return true;
2083 }
2084 }
2085
2086 return false;
2087}
2088
83be8eca
JH		 2089static const u8 bluetooth_base_uuid[] = {
2090 0xfb, 0x34, 0x9b, 0x5f, 0x80, 0x00, 0x00, 0x80,
2091 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
2092};
2093
2094static u8 get_uuid_size(const u8 *uuid)
2095{
2096 u32 val;
2097
2098 if (memcmp(uuid, bluetooth_base_uuid, 12))
2099 return 128;
2100
2101 val = get_unaligned_le32(&uuid[12]);
2102 if (val > 0xffff)
2103 return 32;
2104
2105 return 16;
2106}
2107
161510cc 2108static void mgmt_class_complete(struct hci_dev *hdev, void *data, int err)
92da6097 2109{
161510cc 2110 struct mgmt_pending_cmd *cmd = data;
92da6097 2111
161510cc 2112 bt_dev_dbg(hdev, "err %d", err);
92da6097 2113
2a1afb5a 2114 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
161510cc 2115 mgmt_status(err), hdev->dev_class, 3);
92da6097 2116
161510cc 2117 mgmt_pending_free(cmd);
92da6097
JH		 2118}
2119
161510cc 2120static int add_uuid_sync(struct hci_dev *hdev, void *data)
92da6097 2121{
161510cc 2122 int err;
92da6097 2123
161510cc
LAD		 2124 err = hci_update_class_sync(hdev);
2125 if (err)
2126 return err;
2127
2128 return hci_update_eir_sync(hdev);
92da6097
JH		 2129}
2130
bdb6d971 2131static int add_uuid(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
2aeb9a1a 2132{
650f726d 2133 struct mgmt_cp_add_uuid *cp = data;
3b0602cd 2134 struct mgmt_pending_cmd *cmd;
2aeb9a1a 2135 struct bt_uuid *uuid;
2aeb9a1a
JH		 2136 int err;
2137
181d6953 2138 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2139
09fd0de5 2140 hci_dev_lock(hdev);
2aeb9a1a 2141
0cab9c80 2142 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2143 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_UUID,
2144 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2145 goto failed;
2146 }
2147
92c4c204 2148 uuid = kmalloc(sizeof(*uuid), GFP_KERNEL);
2aeb9a1a
JH		 2149 if (!uuid) {
2150 err = -ENOMEM;
2151 goto failed;
2152 }
2153
2154 memcpy(uuid->uuid, cp->uuid, 16);
1aff6f09 2155 uuid->svc_hint = cp->svc_hint;
83be8eca 2156 uuid->size = get_uuid_size(cp->uuid);
2aeb9a1a 2157
de66aa63 2158 list_add_tail(&uuid->list, &hdev->uuids);
2aeb9a1a 2159
161510cc 2160 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_UUID, hdev, data, len);
890ea898 2161 if (!cmd) {
90e70454 2162 err = -ENOMEM;
890ea898
JH		 2163 goto failed;
2164 }
2165
161510cc
LAD		 2166 err = hci_cmd_sync_queue(hdev, add_uuid_sync, cmd, mgmt_class_complete);
2167 if (err < 0) {
2168 mgmt_pending_free(cmd);
2169 goto failed;
2170 }
2aeb9a1a
JH		 2171
2172failed:
09fd0de5 2173 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2174 return err;
2175}
2176
24b78d0f
JH		 2177static bool enable_service_cache(struct hci_dev *hdev)
2178{
2179 if (!hdev_is_powered(hdev))
2180 return false;
2181
238be788 2182 if (!hci_dev_test_and_set_flag(hdev, HCI_SERVICE_CACHE)) {
46818ed5
JH		 2183 queue_delayed_work(hdev->workqueue, &hdev->service_cache,
2184 CACHE_TIMEOUT);
24b78d0f
JH		 2185 return true;
2186 }
2187
2188 return false;
2189}
2190
161510cc 2191static int remove_uuid_sync(struct hci_dev *hdev, void *data)
92da6097 2192{
161510cc 2193 int err;
92da6097 2194
161510cc
LAD		 2195 err = hci_update_class_sync(hdev);
2196 if (err)
2197 return err;
2198
2199 return hci_update_eir_sync(hdev);
92da6097
JH		 2200}
2201
bdb6d971 2202static int remove_uuid(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2203 u16 len)
2aeb9a1a 2204{
650f726d 2205 struct mgmt_cp_remove_uuid *cp = data;
3b0602cd 2206 struct mgmt_pending_cmd *cmd;
056341c8 2207 struct bt_uuid *match, *tmp;
2aeb9a1a 2208 u8 bt_uuid_any[] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
2aeb9a1a
JH		 2209 int err, found;
2210
181d6953 2211 bt_dev_dbg(hdev, "sock %p", sk);
2aeb9a1a 2212
09fd0de5 2213 hci_dev_lock(hdev);
2aeb9a1a 2214
0cab9c80 2215 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2216 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2217 MGMT_STATUS_BUSY);
c95f0ba7
JH		 2218 goto unlock;
2219 }
2220
2aeb9a1a 2221 if (memcmp(cp->uuid, bt_uuid_any, 16) == 0) {
35f7498a 2222 hci_uuids_clear(hdev);
4004b6d9 2223
24b78d0f 2224 if (enable_service_cache(hdev)) {
2a1afb5a
JH		 2225 err = mgmt_cmd_complete(sk, hdev->id,
2226 MGMT_OP_REMOVE_UUID,
2227 0, hdev->dev_class, 3);
24b78d0f
JH		 2228 goto unlock;
2229 }
4004b6d9 2230
9246a869 2231 goto update_class;
2aeb9a1a
JH		 2232 }
2233
2234 found = 0;
2235
056341c8 2236 list_for_each_entry_safe(match, tmp, &hdev->uuids, list) {
2aeb9a1a
JH		 2237 if (memcmp(match->uuid, cp->uuid, 16) != 0)
2238 continue;
2239
2240 list_del(&match->list);
482049f7 2241 kfree(match);
2aeb9a1a
JH		 2242 found++;
2243 }
2244
2245 if (found == 0) {
a69e8375
JH		 2246 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_UUID,
2247 MGMT_STATUS_INVALID_PARAMS);
2aeb9a1a
JH		 2248 goto unlock;
2249 }
2250
9246a869 2251update_class:
161510cc 2252 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_UUID, hdev, data, len);
890ea898 2253 if (!cmd) {
90e70454 2254 err = -ENOMEM;
890ea898
JH		 2255 goto unlock;
2256 }
2257
161510cc
LAD		 2258 err = hci_cmd_sync_queue(hdev, remove_uuid_sync, cmd,
2259 mgmt_class_complete);
2260 if (err < 0)
2261 mgmt_pending_free(cmd);
2aeb9a1a
JH		 2262
2263unlock:
09fd0de5 2264 hci_dev_unlock(hdev);
2aeb9a1a
JH		 2265 return err;
2266}
2267
161510cc 2268static int set_class_sync(struct hci_dev *hdev, void *data)
92da6097 2269{
161510cc
LAD		 2270 int err = 0;
2271
2272 if (hci_dev_test_and_clear_flag(hdev, HCI_SERVICE_CACHE)) {
2273 cancel_delayed_work_sync(&hdev->service_cache);
2274 err = hci_update_eir_sync(hdev);
2275 }
2276
2277 if (err)
2278 return err;
92da6097 2279
161510cc 2280 return hci_update_class_sync(hdev);
92da6097
JH		 2281}
2282
bdb6d971 2283static int set_dev_class(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2284 u16 len)
1aff6f09 2285{
650f726d 2286 struct mgmt_cp_set_dev_class *cp = data;
3b0602cd 2287 struct mgmt_pending_cmd *cmd;
1aff6f09
JH		 2288 int err;
2289
181d6953 2290 bt_dev_dbg(hdev, "sock %p", sk);
1aff6f09 2291
6203fc98 2292 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2293 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2294 MGMT_STATUS_NOT_SUPPORTED);
1aff6f09 2295
0cab9c80 2296 hci_dev_lock(hdev);
ee98f473 2297
0cab9c80 2298 if (pending_eir_or_class(hdev)) {
a69e8375
JH		 2299 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2300 MGMT_STATUS_BUSY);
0cab9c80
JH		 2301 goto unlock;
2302 }
c95f0ba7 2303
0cab9c80 2304 if ((cp->minor & 0x03) != 0 || (cp->major & 0xe0) != 0) {
a69e8375
JH		 2305 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEV_CLASS,
2306 MGMT_STATUS_INVALID_PARAMS);
0cab9c80
JH		 2307 goto unlock;
2308 }
575b3a02 2309
932f5ff5
JH		 2310 hdev->major_class = cp->major;
2311 hdev->minor_class = cp->minor;
2312
b5235a65 2313 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2314 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEV_CLASS, 0,
2315 hdev->dev_class, 3);
b5235a65
JH		 2316 goto unlock;
2317 }
2318
161510cc 2319 cmd = mgmt_pending_new(sk, MGMT_OP_SET_DEV_CLASS, hdev, data, len);
890ea898 2320 if (!cmd) {
90e70454 2321 err = -ENOMEM;
890ea898
JH		 2322 goto unlock;
2323 }
2324
161510cc
LAD		 2325 err = hci_cmd_sync_queue(hdev, set_class_sync, cmd,
2326 mgmt_class_complete);
2327 if (err < 0)
2328 mgmt_pending_free(cmd);
1aff6f09 2329
b5235a65 2330unlock:
09fd0de5 2331 hci_dev_unlock(hdev);
1aff6f09
JH		 2332 return err;
2333}
2334
bdb6d971 2335static int load_link_keys(struct sock *sk, struct hci_dev *hdev, void *data,
8ce8e2b5 2336 u16 len)
55ed8ca1 2337{
650f726d 2338 struct mgmt_cp_load_link_keys *cp = data;
ba1d6936
JH		 2339 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
2340 sizeof(struct mgmt_link_key_info));
4e51eae9 2341 u16 key_count, expected_len;
b1de97d8 2342 bool changed;
a492cd52 2343 int i;
55ed8ca1 2344
181d6953 2345 bt_dev_dbg(hdev, "sock %p", sk);
9060d5cf
MH		 2346
2347 if (!lmp_bredr_capable(hdev))
a69e8375
JH		 2348 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2349 MGMT_STATUS_NOT_SUPPORTED);
9060d5cf 2350
1f350c87 2351 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 2352 if (key_count > max_key_count) {
2064ee33
MH		 2353 bt_dev_err(hdev, "load_link_keys: too big key_count value %u",
2354 key_count);
a69e8375
JH		 2355 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2356 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 2357 }
55ed8ca1 2358
5bec1fb8 2359 expected_len = struct_size(cp, keys, key_count);
a492cd52 2360 if (expected_len != len) {
2064ee33
MH		 2361 bt_dev_err(hdev, "load_link_keys: expected %u bytes, got %u bytes",
2362 expected_len, len);
a69e8375
JH		 2363 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2364 MGMT_STATUS_INVALID_PARAMS);
55ed8ca1
JH		 2365 }
2366
4ae14301 2367 if (cp->debug_keys != 0x00 && cp->debug_keys != 0x01)
a69e8375
JH		 2368 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS,
2369 MGMT_STATUS_INVALID_PARAMS);
4ae14301 2370
181d6953
MH		 2371 bt_dev_dbg(hdev, "debug_keys %u key_count %u", cp->debug_keys,
2372 key_count);
55ed8ca1 2373
4ee71b20
JH		 2374 for (i = 0; i < key_count; i++) {
2375 struct mgmt_link_key_info *key = &cp->keys[i];
2376
8e991132 2377 if (key->addr.type != BDADDR_BREDR || key->type > 0x08)
a69e8375
JH		 2378 return mgmt_cmd_status(sk, hdev->id,
2379 MGMT_OP_LOAD_LINK_KEYS,
2380 MGMT_STATUS_INVALID_PARAMS);
4ee71b20
JH		 2381 }
2382
09fd0de5 2383 hci_dev_lock(hdev);
55ed8ca1
JH		 2384
2385 hci_link_keys_clear(hdev);
2386
55ed8ca1 2387 if (cp->debug_keys)
238be788 2388 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
55ed8ca1 2389 else
a69d8927
MH		 2390 changed = hci_dev_test_and_clear_flag(hdev,
2391 HCI_KEEP_DEBUG_KEYS);
b1de97d8
MH		 2392
2393 if (changed)
2394 new_settings(hdev, NULL);
55ed8ca1 2395
a492cd52 2396 for (i = 0; i < key_count; i++) {
86742e1e 2397 struct mgmt_link_key_info *key = &cp->keys[i];
55ed8ca1 2398
600a8749
AM		 2399 if (hci_is_blocked_key(hdev,
2400 HCI_BLOCKED_KEY_TYPE_LINKKEY,
2401 key->val)) {
2402 bt_dev_warn(hdev, "Skipping blocked link key for %pMR",
2403 &key->addr.bdaddr);
2404 continue;
2405 }
2406
58e9293c
JH		 2407 /* Always ignore debug keys and require a new pairing if
2408 * the user wants to use them.
2409 */
2410 if (key->type == HCI_LK_DEBUG_COMBINATION)
2411 continue;
2412
7652ff6a
JH		 2413 hci_add_link_key(hdev, NULL, &key->addr.bdaddr, key->val,
2414 key->type, key->pin_len, NULL);
55ed8ca1
JH		 2415 }
2416
2a1afb5a 2417 mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LINK_KEYS, 0, NULL, 0);
0e5f875a 2418
09fd0de5 2419 hci_dev_unlock(hdev);
55ed8ca1 2420
a492cd52 2421 return 0;
55ed8ca1
JH		 2422}
2423
b1078ad0 2424static int device_unpaired(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 2425 u8 addr_type, struct sock *skip_sk)
b1078ad0
JH		 2426{
2427 struct mgmt_ev_device_unpaired ev;
2428
2429 bacpy(&ev.addr.bdaddr, bdaddr);
2430 ev.addr.type = addr_type;
2431
2432 return mgmt_event(MGMT_EV_DEVICE_UNPAIRED, hdev, &ev, sizeof(ev),
04124681 2433 skip_sk);
b1078ad0
JH		 2434}
2435
bdb6d971 2436static int unpair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2437 u16 len)
55ed8ca1 2438{
124f6e35
JH		 2439 struct mgmt_cp_unpair_device *cp = data;
2440 struct mgmt_rp_unpair_device rp;
fc64361a 2441 struct hci_conn_params *params;
3b0602cd 2442 struct mgmt_pending_cmd *cmd;
55ed8ca1 2443 struct hci_conn *conn;
ec182f03 2444 u8 addr_type;
55ed8ca1
JH		 2445 int err;
2446
a8a1d19e 2447 memset(&rp, 0, sizeof(rp));
124f6e35
JH		 2448 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2449 rp.addr.type = cp->addr.type;
a8a1d19e 2450
4ee71b20 2451 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2452 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2453 MGMT_STATUS_INVALID_PARAMS,
2454 &rp, sizeof(rp));
4ee71b20 2455
118da70b 2456 if (cp->disconnect != 0x00 && cp->disconnect != 0x01)
2a1afb5a
JH		 2457 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2458 MGMT_STATUS_INVALID_PARAMS,
2459 &rp, sizeof(rp));
118da70b 2460
4ee71b20
JH		 2461 hci_dev_lock(hdev);
2462
86a8cfc6 2463 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2464 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2465 MGMT_STATUS_NOT_POWERED, &rp,
2466 sizeof(rp));
86a8cfc6
JH		 2467 goto unlock;
2468 }
2469
e0b2b27e 2470 if (cp->addr.type == BDADDR_BREDR) {
89cbb063
AA		 2471 /* If disconnection is requested, then look up the
2472 * connection. If the remote device is connected, it
2473 * will be later used to terminate the link.
2474 *
2475 * Setting it to NULL explicitly will cause no
2476 * termination of the link.
2477 */
2478 if (cp->disconnect)
2479 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2480 &cp->addr.bdaddr);
2481 else
2482 conn = NULL;
2483
124f6e35 2484 err = hci_remove_link_key(hdev, &cp->addr.bdaddr);
ec182f03
JH		 2485 if (err < 0) {
2486 err = mgmt_cmd_complete(sk, hdev->id,
2487 MGMT_OP_UNPAIR_DEVICE,
2488 MGMT_STATUS_NOT_PAIRED, &rp,
2489 sizeof(rp));
2490 goto unlock;
89cbb063
AA		 2491 }
2492
ec182f03 2493 goto done;
e0b2b27e 2494 }
b0dbfb46 2495
ec182f03
JH		 2496 /* LE address type */
2497 addr_type = le_addr_type(cp->addr.type);
2498
cb28c306
MK		 2499 /* Abort any ongoing SMP pairing. Removes ltk and irk if they exist. */
2500 err = smp_cancel_and_remove_pairing(hdev, &cp->addr.bdaddr, addr_type);
55ed8ca1 2501 if (err < 0) {
2a1afb5a
JH		 2502 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE,
2503 MGMT_STATUS_NOT_PAIRED, &rp,
2504 sizeof(rp));
55ed8ca1
JH		 2505 goto unlock;
2506 }
2507
ec182f03
JH		 2508 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr, addr_type);
2509 if (!conn) {
2510 hci_conn_params_del(hdev, &cp->addr.bdaddr, addr_type);
2511 goto done;
2512 }
2513
c81d555a 2514
ec182f03
JH		 2515 /* Defer clearing up the connection parameters until closing to
2516 * give a chance of keeping them if a repairing happens.
2517 */
2518 set_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
2519
fc64361a
JH		 2520 /* Disable auto-connection parameters if present */
2521 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, addr_type);
2522 if (params) {
2523 if (params->explicit_connect)
2524 params->auto_connect = HCI_AUTO_CONN_EXPLICIT;
2525 else
2526 params->auto_connect = HCI_AUTO_CONN_DISABLED;
2527 }
2528
ec182f03
JH		 2529 /* If disconnection is not requested, then clear the connection
2530 * variable so that the link is not terminated.
2531 */
2532 if (!cp->disconnect)
2533 conn = NULL;
2534
2535done:
89cbb063
AA		 2536 /* If the connection variable is set, then termination of the
2537 * link is requested.
2538 */
a8a1d19e 2539 if (!conn) {
2a1afb5a
JH		 2540 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNPAIR_DEVICE, 0,
2541 &rp, sizeof(rp));
b1078ad0 2542 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, sk);
a8a1d19e
JH		 2543 goto unlock;
2544 }
55ed8ca1 2545
124f6e35 2546 cmd = mgmt_pending_add(sk, MGMT_OP_UNPAIR_DEVICE, hdev, cp,
04124681 2547 sizeof(*cp));
a8a1d19e
JH		 2548 if (!cmd) {
2549 err = -ENOMEM;
2550 goto unlock;
55ed8ca1
JH		 2551 }
2552
d8b7b1e4
JH		 2553 cmd->cmd_complete = addr_cmd_complete;
2554
89e0ccc8 2555 err = hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
a8a1d19e
JH		 2556 if (err < 0)
2557 mgmt_pending_remove(cmd);
2558
55ed8ca1 2559unlock:
09fd0de5 2560 hci_dev_unlock(hdev);
55ed8ca1
JH		 2561 return err;
2562}
2563
bdb6d971 2564static int disconnect(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2565 u16 len)
8962ee74 2566{
650f726d 2567 struct mgmt_cp_disconnect *cp = data;
06a63b19 2568 struct mgmt_rp_disconnect rp;
3b0602cd 2569 struct mgmt_pending_cmd *cmd;
8962ee74 2570 struct hci_conn *conn;
8962ee74
JH		 2571 int err;
2572
181d6953 2573 bt_dev_dbg(hdev, "sock %p", sk);
8962ee74 2574
06a63b19
JH		 2575 memset(&rp, 0, sizeof(rp));
2576 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2577 rp.addr.type = cp->addr.type;
2578
4ee71b20 2579 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2580 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2581 MGMT_STATUS_INVALID_PARAMS,
2582 &rp, sizeof(rp));
4ee71b20 2583
09fd0de5 2584 hci_dev_lock(hdev);
8962ee74
JH		 2585
2586 if (!test_bit(HCI_UP, &hdev->flags)) {
2a1afb5a
JH		 2587 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2588 MGMT_STATUS_NOT_POWERED, &rp,
2589 sizeof(rp));
8962ee74
JH		 2590 goto failed;
2591 }
2592
333ae95d 2593 if (pending_find(MGMT_OP_DISCONNECT, hdev)) {
2a1afb5a
JH		 2594 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2595 MGMT_STATUS_BUSY, &rp, sizeof(rp));
8962ee74
JH		 2596 goto failed;
2597 }
2598
591f47f3 2599 if (cp->addr.type == BDADDR_BREDR)
8fc9ced3
GP		 2600 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
2601 &cp->addr.bdaddr);
88c3df13 2602 else
9d4c1cc1
JH		 2603 conn = hci_conn_hash_lookup_le(hdev, &cp->addr.bdaddr,
2604 le_addr_type(cp->addr.type));
365227e5 2605
f960727e 2606 if (!conn || conn->state == BT_OPEN || conn->state == BT_CLOSED) {
2a1afb5a
JH		 2607 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_DISCONNECT,
2608 MGMT_STATUS_NOT_CONNECTED, &rp,
2609 sizeof(rp));
8962ee74
JH		 2610 goto failed;
2611 }
2612
2e58ef3e 2613 cmd = mgmt_pending_add(sk, MGMT_OP_DISCONNECT, hdev, data, len);
366a0336
JH		 2614 if (!cmd) {
2615 err = -ENOMEM;
8962ee74 2616 goto failed;
366a0336 2617 }
8962ee74 2618
f5818c22
JH		 2619 cmd->cmd_complete = generic_cmd_complete;
2620
e3f2f92a 2621 err = hci_disconnect(conn, HCI_ERROR_REMOTE_USER_TERM);
8962ee74 2622 if (err < 0)
a664b5bc 2623 mgmt_pending_remove(cmd);
8962ee74
JH		 2624
2625failed:
09fd0de5 2626 hci_dev_unlock(hdev);
8962ee74
JH		 2627 return err;
2628}
2629
57c1477c 2630static u8 link_to_bdaddr(u8 link_type, u8 addr_type)
4c659c39
JH		 2631{
2632 switch (link_type) {
2633 case LE_LINK:
48264f06
JH		 2634 switch (addr_type) {
2635 case ADDR_LE_DEV_PUBLIC:
591f47f3 2636 return BDADDR_LE_PUBLIC;
0ed09148 2637
48264f06 2638 default:
0ed09148 2639 /* Fallback to LE Random address type */
591f47f3 2640 return BDADDR_LE_RANDOM;
48264f06 2641 }
0ed09148 2642
4c659c39 2643 default:
0ed09148 2644 /* Fallback to BR/EDR type */
591f47f3 2645 return BDADDR_BREDR;
4c659c39
JH		 2646 }
2647}
2648
04124681
GP		 2649static int get_connections(struct sock *sk, struct hci_dev *hdev, void *data,
2650 u16 data_len)
2784eb41 2651{
2784eb41 2652 struct mgmt_rp_get_connections *rp;
8035ded4 2653 struct hci_conn *c;
60fc5fb6
JH		 2654 int err;
2655 u16 i;
2784eb41 2656
181d6953 2657 bt_dev_dbg(hdev, "sock %p", sk);
2784eb41 2658
09fd0de5 2659 hci_dev_lock(hdev);
2784eb41 2660
5f97c1df 2661 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2662 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_CONNECTIONS,
2663 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 2664 goto unlock;
2665 }
2666
60fc5fb6 2667 i = 0;
b644ba33
JH		 2668 list_for_each_entry(c, &hdev->conn_hash.list, list) {
2669 if (test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
60fc5fb6 2670 i++;
2784eb41
JH		 2671 }
2672
72bb169e 2673 rp = kmalloc(struct_size(rp, addr, i), GFP_KERNEL);
a38528f1 2674 if (!rp) {
2784eb41
JH		 2675 err = -ENOMEM;
2676 goto unlock;
2677 }
2678
2784eb41 2679 i = 0;
4c659c39 2680 list_for_each_entry(c, &hdev->conn_hash.list, list) {
b644ba33
JH		 2681 if (!test_bit(HCI_CONN_MGMT_CONNECTED, &c->flags))
2682 continue;
4c659c39 2683 bacpy(&rp->addr[i].bdaddr, &c->dst);
57c1477c 2684 rp->addr[i].type = link_to_bdaddr(c->type, c->dst_type);
0ed09148 2685 if (c->type == SCO_LINK || c->type == ESCO_LINK)
4c659c39
JH		 2686 continue;
2687 i++;
2688 }
2689
eb55ef07 2690 rp->conn_count = cpu_to_le16(i);
60fc5fb6 2691
4c659c39 2692 /* Recalculate length in case of filtered SCO connections, etc */
2a1afb5a 2693 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONNECTIONS, 0, rp,
72bb169e 2694 struct_size(rp, addr, i));
2784eb41 2695
a38528f1 2696 kfree(rp);
5f97c1df
JH		 2697
2698unlock:
09fd0de5 2699 hci_dev_unlock(hdev);
2784eb41
JH		 2700 return err;
2701}
2702
bdb6d971 2703static int send_pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 2704 struct mgmt_cp_pin_code_neg_reply *cp)
96d97a67 2705{
3b0602cd 2706 struct mgmt_pending_cmd *cmd;
96d97a67
WR		 2707 int err;
2708
2e58ef3e 2709 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_NEG_REPLY, hdev, cp,
04124681 2710 sizeof(*cp));
96d97a67
WR		 2711 if (!cmd)
2712 return -ENOMEM;
2713
dd7e39bb
AL		 2714 cmd->cmd_complete = addr_cmd_complete;
2715
d8457698 2716 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_NEG_REPLY,
04124681 2717 sizeof(cp->addr.bdaddr), &cp->addr.bdaddr);
96d97a67
WR		 2718 if (err < 0)
2719 mgmt_pending_remove(cmd);
2720
2721 return err;
2722}
2723
bdb6d971 2724static int pin_code_reply(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2725 u16 len)
980e1a53 2726{
96d97a67 2727 struct hci_conn *conn;
650f726d 2728 struct mgmt_cp_pin_code_reply *cp = data;
980e1a53 2729 struct hci_cp_pin_code_reply reply;
3b0602cd 2730 struct mgmt_pending_cmd *cmd;
980e1a53
JH		 2731 int err;
2732
181d6953 2733 bt_dev_dbg(hdev, "sock %p", sk);
980e1a53 2734
09fd0de5 2735 hci_dev_lock(hdev);
980e1a53 2736
4b34ee78 2737 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 2738 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2739 MGMT_STATUS_NOT_POWERED);
980e1a53
JH		 2740 goto failed;
2741 }
2742
d8457698 2743 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &cp->addr.bdaddr);
96d97a67 2744 if (!conn) {
a69e8375
JH		 2745 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2746 MGMT_STATUS_NOT_CONNECTED);
96d97a67
WR		 2747 goto failed;
2748 }
2749
2750 if (conn->pending_sec_level == BT_SECURITY_HIGH && cp->pin_len != 16) {
d8457698
JH		 2751 struct mgmt_cp_pin_code_neg_reply ncp;
2752
2753 memcpy(&ncp.addr, &cp->addr, sizeof(ncp.addr));
96d97a67 2754
2064ee33 2755 bt_dev_err(hdev, "PIN code is not 16 bytes long");
96d97a67 2756
bdb6d971 2757 err = send_pin_code_neg_reply(sk, hdev, &ncp);
96d97a67 2758 if (err >= 0)
a69e8375
JH		 2759 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_PIN_CODE_REPLY,
2760 MGMT_STATUS_INVALID_PARAMS);
96d97a67
WR		 2761
2762 goto failed;
2763 }
2764
00abfe44 2765 cmd = mgmt_pending_add(sk, MGMT_OP_PIN_CODE_REPLY, hdev, data, len);
366a0336
JH		 2766 if (!cmd) {
2767 err = -ENOMEM;
980e1a53 2768 goto failed;
366a0336 2769 }
980e1a53 2770
7776d1d8
JH		 2771 cmd->cmd_complete = addr_cmd_complete;
2772
d8457698 2773 bacpy(&reply.bdaddr, &cp->addr.bdaddr);
980e1a53 2774 reply.pin_len = cp->pin_len;
24718ca5 2775 memcpy(reply.pin_code, cp->pin_code, sizeof(reply.pin_code));
980e1a53
JH		 2776
2777 err = hci_send_cmd(hdev, HCI_OP_PIN_CODE_REPLY, sizeof(reply), &reply);
2778 if (err < 0)
a664b5bc 2779 mgmt_pending_remove(cmd);
980e1a53
JH		 2780
2781failed:
09fd0de5 2782 hci_dev_unlock(hdev);
980e1a53
JH		 2783 return err;
2784}
2785
04124681
GP		 2786static int set_io_capability(struct sock *sk, struct hci_dev *hdev, void *data,
2787 u16 len)
17fa4b9d 2788{
650f726d 2789 struct mgmt_cp_set_io_capability *cp = data;
17fa4b9d 2790
181d6953 2791 bt_dev_dbg(hdev, "sock %p", sk);
17fa4b9d 2792
4ec86d4c 2793 if (cp->io_capability > SMP_IO_KEYBOARD_DISPLAY)
9db5c629
MH		 2794 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY,
2795 MGMT_STATUS_INVALID_PARAMS);
4ec86d4c 2796
09fd0de5 2797 hci_dev_lock(hdev);
17fa4b9d
JH		 2798
2799 hdev->io_capability = cp->io_capability;
2800
181d6953 2801 bt_dev_dbg(hdev, "IO capability set to 0x%02x", hdev->io_capability);
17fa4b9d 2802
09fd0de5 2803 hci_dev_unlock(hdev);
17fa4b9d 2804
2a1afb5a
JH		 2805 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_IO_CAPABILITY, 0,
2806 NULL, 0);
17fa4b9d
JH		 2807}
2808
3b0602cd 2809static struct mgmt_pending_cmd *find_pairing(struct hci_conn *conn)
e9a416b5
JH		 2810{
2811 struct hci_dev *hdev = conn->hdev;
3b0602cd 2812 struct mgmt_pending_cmd *cmd;
e9a416b5 2813
2e58ef3e 2814 list_for_each_entry(cmd, &hdev->mgmt_pending, list) {
e9a416b5
JH		 2815 if (cmd->opcode != MGMT_OP_PAIR_DEVICE)
2816 continue;
2817
e9a416b5
JH		 2818 if (cmd->user_data != conn)
2819 continue;
2820
2821 return cmd;
2822 }
2823
2824 return NULL;
2825}
2826
3b0602cd 2827static int pairing_complete(struct mgmt_pending_cmd *cmd, u8 status)
e9a416b5
JH		 2828{
2829 struct mgmt_rp_pair_device rp;
2830 struct hci_conn *conn = cmd->user_data;
9df74653 2831 int err;
e9a416b5 2832
61b1a7fb
JH		 2833 bacpy(&rp.addr.bdaddr, &conn->dst);
2834 rp.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
e9a416b5 2835
2a1afb5a
JH		 2836 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_PAIR_DEVICE,
2837 status, &rp, sizeof(rp));
e9a416b5
JH		 2838
2839 /* So we don't get further callbacks for this connection */
2840 conn->connect_cfm_cb = NULL;
2841 conn->security_cfm_cb = NULL;
2842 conn->disconn_cfm_cb = NULL;
2843
76a68ba0 2844 hci_conn_drop(conn);
89cbb063
AA		 2845
2846 /* The device is paired so there is no need to remove
2847 * its connection parameters anymore.
2848 */
2849 clear_bit(HCI_CONN_PARAM_REMOVAL_PEND, &conn->flags);
15013aeb
JH		 2850
2851 hci_conn_put(conn);
9df74653
JH		 2852
2853 return err;
e9a416b5
JH		 2854}
2855
f4a407be
JH		 2856void mgmt_smp_complete(struct hci_conn *conn, bool complete)
2857{
2858 u8 status = complete ? MGMT_STATUS_SUCCESS : MGMT_STATUS_FAILED;
3b0602cd 2859 struct mgmt_pending_cmd *cmd;
f4a407be
JH		 2860
2861 cmd = find_pairing(conn);
a511b35b 2862 if (cmd) {
04ab2749 2863 cmd->cmd_complete(cmd, status);
a511b35b
JH		 2864 mgmt_pending_remove(cmd);
2865 }
f4a407be
JH		 2866}
2867
e9a416b5
JH		 2868static void pairing_complete_cb(struct hci_conn *conn, u8 status)
2869{
3b0602cd 2870 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2871
2872 BT_DBG("status %u", status);
2873
2874 cmd = find_pairing(conn);
a511b35b 2875 if (!cmd) {
e9a416b5 2876 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2877 return;
2878 }
2879
2880 cmd->cmd_complete(cmd, mgmt_status(status));
2881 mgmt_pending_remove(cmd);
e9a416b5
JH		 2882}
2883
f4a407be 2884static void le_pairing_complete_cb(struct hci_conn *conn, u8 status)
4c47d739 2885{
3b0602cd 2886 struct mgmt_pending_cmd *cmd;
4c47d739
VA		 2887
2888 BT_DBG("status %u", status);
2889
2890 if (!status)
2891 return;
2892
2893 cmd = find_pairing(conn);
a511b35b 2894 if (!cmd) {
4c47d739 2895 BT_DBG("Unable to find a pending command");
a511b35b
JH		 2896 return;
2897 }
2898
2899 cmd->cmd_complete(cmd, mgmt_status(status));
2900 mgmt_pending_remove(cmd);
4c47d739
VA		 2901}
2902
bdb6d971 2903static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 2904 u16 len)
e9a416b5 2905{
650f726d 2906 struct mgmt_cp_pair_device *cp = data;
1425acb7 2907 struct mgmt_rp_pair_device rp;
3b0602cd 2908 struct mgmt_pending_cmd *cmd;
e9a416b5
JH		 2909 u8 sec_level, auth_type;
2910 struct hci_conn *conn;
e9a416b5
JH		 2911 int err;
2912
181d6953 2913 bt_dev_dbg(hdev, "sock %p", sk);
e9a416b5 2914
f950a30e
SJ		 2915 memset(&rp, 0, sizeof(rp));
2916 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
2917 rp.addr.type = cp->addr.type;
2918
4ee71b20 2919 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 2920 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2921 MGMT_STATUS_INVALID_PARAMS,
2922 &rp, sizeof(rp));
4ee71b20 2923
4ec86d4c 2924 if (cp->io_cap > SMP_IO_KEYBOARD_DISPLAY)
2a1afb5a
JH		 2925 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2926 MGMT_STATUS_INVALID_PARAMS,
2927 &rp, sizeof(rp));
4ec86d4c 2928
09fd0de5 2929 hci_dev_lock(hdev);
e9a416b5 2930
5f97c1df 2931 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 2932 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2933 MGMT_STATUS_NOT_POWERED, &rp,
2934 sizeof(rp));
5f97c1df
JH		 2935 goto unlock;
2936 }
2937
55e76b38
JH		 2938 if (hci_bdaddr_is_paired(hdev, &cp->addr.bdaddr, cp->addr.type)) {
2939 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2940 MGMT_STATUS_ALREADY_PAIRED, &rp,
2941 sizeof(rp));
2942 goto unlock;
2943 }
2944
c908df36 2945 sec_level = BT_SECURITY_MEDIUM;
6fd6b915 2946 auth_type = HCI_AT_DEDICATED_BONDING;
e9a416b5 2947
6f77d8c7 2948 if (cp->addr.type == BDADDR_BREDR) {
04a6c589 2949 conn = hci_connect_acl(hdev, &cp->addr.bdaddr, sec_level,
76b13996 2950 auth_type, CONN_REASON_PAIR_DEVICE);
6f77d8c7 2951 } else {
85813a7e 2952 u8 addr_type = le_addr_type(cp->addr.type);
5157b8a5 2953 struct hci_conn_params *p;
6f77d8c7 2954
7c264b10
MH		 2955 /* When pairing a new device, it is expected to remember
2956 * this device for future connections. Adding the connection
2957 * parameter information ahead of time allows tracking
67ffb185 2958 * of the peripheral preferred values and will speed up any
7c264b10
MH		 2959 * further connection establishment.
2960 *
2961 * If connection parameters already exist, then they
2962 * will be kept and this function does nothing.
2963 */
5157b8a5
JP		 2964 p = hci_conn_params_add(hdev, &cp->addr.bdaddr, addr_type);
2965
2966 if (p->auto_connect == HCI_AUTO_CONN_EXPLICIT)
2967 p->auto_connect = HCI_AUTO_CONN_DISABLED;
7c264b10 2968
76b13996
MM		 2969 conn = hci_connect_le_scan(hdev, &cp->addr.bdaddr, addr_type,
2970 sec_level, HCI_LE_CONN_TIMEOUT,
2971 CONN_REASON_PAIR_DEVICE);
6f77d8c7 2972 }
7a512d01 2973
30e76272 2974 if (IS_ERR(conn)) {
489dc48e
AK		 2975 int status;
2976
2977 if (PTR_ERR(conn) == -EBUSY)
2978 status = MGMT_STATUS_BUSY;
faa81030
LR		 2979 else if (PTR_ERR(conn) == -EOPNOTSUPP)
2980 status = MGMT_STATUS_NOT_SUPPORTED;
2981 else if (PTR_ERR(conn) == -ECONNREFUSED)
2982 status = MGMT_STATUS_REJECTED;
489dc48e
AK		 2983 else
2984 status = MGMT_STATUS_CONNECT_FAILED;
2985
2a1afb5a
JH		 2986 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2987 status, &rp, sizeof(rp));
e9a416b5
JH		 2988 goto unlock;
2989 }
2990
2991 if (conn->connect_cfm_cb) {
76a68ba0 2992 hci_conn_drop(conn);
2a1afb5a
JH		 2993 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2994 MGMT_STATUS_BUSY, &rp, sizeof(rp));
e9a416b5
JH		 2995 goto unlock;
2996 }
2997
2e58ef3e 2998 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
e9a416b5
JH		 2999 if (!cmd) {
3000 err = -ENOMEM;
76a68ba0 3001 hci_conn_drop(conn);
e9a416b5
JH		 3002 goto unlock;
3003 }
3004
04ab2749
JH		 3005 cmd->cmd_complete = pairing_complete;
3006
7a512d01 3007 /* For LE, just connecting isn't a proof that the pairing finished */
f4a407be 3008 if (cp->addr.type == BDADDR_BREDR) {
7a512d01 3009 conn->connect_cfm_cb = pairing_complete_cb;
f4a407be
JH		 3010 conn->security_cfm_cb = pairing_complete_cb;
3011 conn->disconn_cfm_cb = pairing_complete_cb;
3012 } else {
3013 conn->connect_cfm_cb = le_pairing_complete_cb;
3014 conn->security_cfm_cb = le_pairing_complete_cb;
3015 conn->disconn_cfm_cb = le_pairing_complete_cb;
3016 }
7a512d01 3017
e9a416b5 3018 conn->io_capability = cp->io_cap;
f8aaf9b6 3019 cmd->user_data = hci_conn_get(conn);
e9a416b5 3020
6f78fd4b 3021 if ((conn->state == BT_CONNECTED || conn->state == BT_CONFIG) &&
a511b35b
JH		 3022 hci_conn_security(conn, sec_level, auth_type, true)) {
3023 cmd->cmd_complete(cmd, 0);
3024 mgmt_pending_remove(cmd);
3025 }
e9a416b5
JH		 3026
3027 err = 0;
3028
3029unlock:
09fd0de5 3030 hci_dev_unlock(hdev);
e9a416b5
JH		 3031 return err;
3032}
3033
04124681
GP		 3034static int cancel_pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
3035 u16 len)
28424707 3036{
0f4e68cf 3037 struct mgmt_addr_info *addr = data;
3b0602cd 3038 struct mgmt_pending_cmd *cmd;
28424707
JH		 3039 struct hci_conn *conn;
3040 int err;
3041
181d6953 3042 bt_dev_dbg(hdev, "sock %p", sk);
28424707 3043
28424707
JH		 3044 hci_dev_lock(hdev);
3045
5f97c1df 3046 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 3047 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3048 MGMT_STATUS_NOT_POWERED);
5f97c1df
JH		 3049 goto unlock;
3050 }
3051
333ae95d 3052 cmd = pending_find(MGMT_OP_PAIR_DEVICE, hdev);
28424707 3053 if (!cmd) {
a69e8375
JH		 3054 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3055 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3056 goto unlock;
3057 }
3058
3059 conn = cmd->user_data;
3060
3061 if (bacmp(&addr->bdaddr, &conn->dst) != 0) {
a69e8375
JH		 3062 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE,
3063 MGMT_STATUS_INVALID_PARAMS);
28424707
JH		 3064 goto unlock;
3065 }
3066
a511b35b
JH		 3067 cmd->cmd_complete(cmd, MGMT_STATUS_CANCELLED);
3068 mgmt_pending_remove(cmd);
28424707 3069
2a1afb5a
JH		 3070 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CANCEL_PAIR_DEVICE, 0,
3071 addr, sizeof(*addr));
76b13996
MM		 3072
3073 /* Since user doesn't want to proceed with the connection, abort any
3074 * ongoing pairing and then terminate the link if it was created
3075 * because of the pair device action.
3076 */
3077 if (addr->type == BDADDR_BREDR)
3078 hci_remove_link_key(hdev, &addr->bdaddr);
3079 else
3080 smp_cancel_and_remove_pairing(hdev, &addr->bdaddr,
3081 le_addr_type(addr->type));
3082
3083 if (conn->conn_reason == CONN_REASON_PAIR_DEVICE)
3084 hci_abort_conn(conn, HCI_ERROR_REMOTE_USER_TERM);
3085
28424707
JH		 3086unlock:
3087 hci_dev_unlock(hdev);
28424707
JH		 3088 return err;
3089}
3090
bdb6d971 3091static int user_pairing_resp(struct sock *sk, struct hci_dev *hdev,
1707c60e 3092 struct mgmt_addr_info *addr, u16 mgmt_op,
04124681 3093 u16 hci_op, __le32 passkey)
a5c29683 3094{
3b0602cd 3095 struct mgmt_pending_cmd *cmd;
0df4c185 3096 struct hci_conn *conn;
a5c29683
JH		 3097 int err;
3098
09fd0de5 3099 hci_dev_lock(hdev);
08ba5382 3100
4b34ee78 3101 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 3102 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3103 MGMT_STATUS_NOT_POWERED, addr,
3104 sizeof(*addr));
0df4c185 3105 goto done;
a5c29683
JH		 3106 }
3107
1707c60e
JH		 3108 if (addr->type == BDADDR_BREDR)
3109 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &addr->bdaddr);
272d90df 3110 else
9d4c1cc1
JH		 3111 conn = hci_conn_hash_lookup_le(hdev, &addr->bdaddr,
3112 le_addr_type(addr->type));
272d90df
JH		 3113
3114 if (!conn) {
2a1afb5a
JH		 3115 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3116 MGMT_STATUS_NOT_CONNECTED, addr,
3117 sizeof(*addr));
272d90df
JH		 3118 goto done;
3119 }
47c15e2b 3120
1707c60e 3121 if (addr->type == BDADDR_LE_PUBLIC || addr->type == BDADDR_LE_RANDOM) {
5fe57d9e 3122 err = smp_user_confirm_reply(conn, mgmt_op, passkey);
5fe57d9e 3123 if (!err)
2a1afb5a
JH		 3124 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3125 MGMT_STATUS_SUCCESS, addr,
3126 sizeof(*addr));
5fe57d9e 3127 else
2a1afb5a
JH		 3128 err = mgmt_cmd_complete(sk, hdev->id, mgmt_op,
3129 MGMT_STATUS_FAILED, addr,
3130 sizeof(*addr));
47c15e2b 3131
47c15e2b
BG		 3132 goto done;
3133 }
3134
1707c60e 3135 cmd = mgmt_pending_add(sk, mgmt_op, hdev, addr, sizeof(*addr));
a5c29683
JH		 3136 if (!cmd) {
3137 err = -ENOMEM;
0df4c185 3138 goto done;
a5c29683
JH		 3139 }
3140
7776d1d8
JH		 3141 cmd->cmd_complete = addr_cmd_complete;
3142
0df4c185 3143 /* Continue with pairing via HCI */
604086b7
BG		 3144 if (hci_op == HCI_OP_USER_PASSKEY_REPLY) {
3145 struct hci_cp_user_passkey_reply cp;
3146
1707c60e 3147 bacpy(&cp.bdaddr, &addr->bdaddr);
604086b7
BG		 3148 cp.passkey = passkey;
3149 err = hci_send_cmd(hdev, hci_op, sizeof(cp), &cp);
3150 } else
1707c60e
JH		 3151 err = hci_send_cmd(hdev, hci_op, sizeof(addr->bdaddr),
3152 &addr->bdaddr);
604086b7 3153
a664b5bc
JH		 3154 if (err < 0)
3155 mgmt_pending_remove(cmd);
a5c29683 3156
0df4c185 3157done:
09fd0de5 3158 hci_dev_unlock(hdev);
a5c29683
JH		 3159 return err;
3160}
3161
afeb019d
JK		 3162static int pin_code_neg_reply(struct sock *sk, struct hci_dev *hdev,
3163 void *data, u16 len)
3164{
3165 struct mgmt_cp_pin_code_neg_reply *cp = data;
3166
181d6953 3167 bt_dev_dbg(hdev, "sock %p", sk);
afeb019d 3168
1707c60e 3169 return user_pairing_resp(sk, hdev, &cp->addr,
afeb019d
JK		 3170 MGMT_OP_PIN_CODE_NEG_REPLY,
3171 HCI_OP_PIN_CODE_NEG_REPLY, 0);
3172}
3173
04124681
GP		 3174static int user_confirm_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3175 u16 len)
0df4c185 3176{
650f726d 3177 struct mgmt_cp_user_confirm_reply *cp = data;
0df4c185 3178
181d6953 3179 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185
BG		 3180
3181 if (len != sizeof(*cp))
a69e8375
JH		 3182 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_USER_CONFIRM_REPLY,
3183 MGMT_STATUS_INVALID_PARAMS);
0df4c185 3184
1707c60e 3185 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3186 MGMT_OP_USER_CONFIRM_REPLY,
3187 HCI_OP_USER_CONFIRM_REPLY, 0);
0df4c185
BG		 3188}
3189
bdb6d971 3190static int user_confirm_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3191 void *data, u16 len)
0df4c185 3192{
c9c2659f 3193 struct mgmt_cp_user_confirm_neg_reply *cp = data;
0df4c185 3194
181d6953 3195 bt_dev_dbg(hdev, "sock %p", sk);
0df4c185 3196
1707c60e 3197 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3198 MGMT_OP_USER_CONFIRM_NEG_REPLY,
3199 HCI_OP_USER_CONFIRM_NEG_REPLY, 0);
0df4c185
BG		 3200}
3201
04124681
GP		 3202static int user_passkey_reply(struct sock *sk, struct hci_dev *hdev, void *data,
3203 u16 len)
604086b7 3204{
650f726d 3205 struct mgmt_cp_user_passkey_reply *cp = data;
604086b7 3206
181d6953 3207 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3208
1707c60e 3209 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3210 MGMT_OP_USER_PASSKEY_REPLY,
3211 HCI_OP_USER_PASSKEY_REPLY, cp->passkey);
604086b7
BG		 3212}
3213
bdb6d971 3214static int user_passkey_neg_reply(struct sock *sk, struct hci_dev *hdev,
04124681 3215 void *data, u16 len)
604086b7 3216{
650f726d 3217 struct mgmt_cp_user_passkey_neg_reply *cp = data;
604086b7 3218
181d6953 3219 bt_dev_dbg(hdev, "sock %p", sk);
604086b7 3220
1707c60e 3221 return user_pairing_resp(sk, hdev, &cp->addr,
04124681
GP		 3222 MGMT_OP_USER_PASSKEY_NEG_REPLY,
3223 HCI_OP_USER_PASSKEY_NEG_REPLY, 0);
604086b7
BG		 3224}
3225
7c295c48
MN		 3226static void adv_expire(struct hci_dev *hdev, u32 flags)
3227{
3228 struct adv_info *adv_instance;
3229 struct hci_request req;
3230 int err;
3231
3232 adv_instance = hci_find_adv_instance(hdev, hdev->cur_adv_instance);
3233 if (!adv_instance)
3234 return;
3235
3236 /* stop if current instance doesn't need to be changed */
3237 if (!(adv_instance->flags & flags))
3238 return;
3239
3240 cancel_adv_timeout(hdev);
3241
3242 adv_instance = hci_get_next_instance(hdev, adv_instance->instance);
3243 if (!adv_instance)
3244 return;
3245
3246 hci_req_init(&req, hdev);
3247 err = __hci_req_schedule_adv_instance(&req, adv_instance->instance,
3248 true);
3249 if (err)
3250 return;
3251
3252 hci_req_run(&req, NULL);
3253}
3254
1904a853 3255static void set_name_complete(struct hci_dev *hdev, u8 status, u16 opcode)
13928971
JH		 3256{
3257 struct mgmt_cp_set_local_name *cp;
3b0602cd 3258 struct mgmt_pending_cmd *cmd;
13928971 3259
181d6953 3260 bt_dev_dbg(hdev, "status 0x%02x", status);
13928971
JH		 3261
3262 hci_dev_lock(hdev);
3263
333ae95d 3264 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 3265 if (!cmd)
3266 goto unlock;
3267
3268 cp = cmd->param;
3269
7c295c48 3270 if (status) {
a69e8375
JH		 3271 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME,
3272 mgmt_status(status));
7c295c48 3273 } else {
2a1afb5a
JH		 3274 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3275 cp, sizeof(*cp));
13928971 3276
7c295c48
MN		 3277 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3278 adv_expire(hdev, MGMT_ADV_FLAG_LOCAL_NAME);
3279 }
3280
13928971
JH		 3281 mgmt_pending_remove(cmd);
3282
3283unlock:
3284 hci_dev_unlock(hdev);
3285}
3286
bdb6d971 3287static int set_local_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 3288 u16 len)
b312b161 3289{
2b4bf397 3290 struct mgmt_cp_set_local_name *cp = data;
3b0602cd 3291 struct mgmt_pending_cmd *cmd;
890ea898 3292 struct hci_request req;
b312b161
JH		 3293 int err;
3294
181d6953 3295 bt_dev_dbg(hdev, "sock %p", sk);
b312b161 3296
09fd0de5 3297 hci_dev_lock(hdev);
b312b161 3298
b3f2ca94
JH		 3299 /* If the old values are the same as the new ones just return a
3300 * direct command complete event.
3301 */
3302 if (!memcmp(hdev->dev_name, cp->name, sizeof(hdev->dev_name)) &&
3303 !memcmp(hdev->short_name, cp->short_name,
3304 sizeof(hdev->short_name))) {
2a1afb5a
JH		 3305 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3306 data, len);
b3f2ca94
JH		 3307 goto failed;
3308 }
3309
2b4bf397 3310 memcpy(hdev->short_name, cp->short_name, sizeof(hdev->short_name));
28cc7bde 3311
b5235a65 3312 if (!hdev_is_powered(hdev)) {
2b4bf397 3313 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
28cc7bde 3314
2a1afb5a
JH		 3315 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_LOCAL_NAME, 0,
3316 data, len);
28cc7bde
JH		 3317 if (err < 0)
3318 goto failed;
3319
5504c3a3
MH		 3320 err = mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, data,
3321 len, HCI_MGMT_LOCAL_NAME_EVENTS, sk);
321c6fee 3322 ext_info_changed(hdev, sk);
28cc7bde 3323
b5235a65
JH		 3324 goto failed;
3325 }
3326
28cc7bde 3327 cmd = mgmt_pending_add(sk, MGMT_OP_SET_LOCAL_NAME, hdev, data, len);
b312b161
JH		 3328 if (!cmd) {
3329 err = -ENOMEM;
3330 goto failed;
3331 }
3332
13928971
JH		 3333 memcpy(hdev->dev_name, cp->name, sizeof(hdev->dev_name));
3334
890ea898 3335 hci_req_init(&req, hdev);
3f985050
JH		 3336
3337 if (lmp_bredr_capable(hdev)) {
00cf5040 3338 __hci_req_update_name(&req);
b1a8917c 3339 __hci_req_update_eir(&req);
3f985050
JH		 3340 }
3341
7a5f4990 3342 /* The name is stored in the scan response data and so
91641b79 3343 * no need to update the advertising data here.
7a5f4990 3344 */
7dc6f16c 3345 if (lmp_le_capable(hdev) && hci_dev_test_flag(hdev, HCI_ADVERTISING))
cab054ab 3346 __hci_req_update_scan_rsp_data(&req, hdev->cur_adv_instance);
3f985050 3347
13928971 3348 err = hci_req_run(&req, set_name_complete);
b312b161
JH		 3349 if (err < 0)
3350 mgmt_pending_remove(cmd);
3351
3352failed:
09fd0de5 3353 hci_dev_unlock(hdev);
b312b161
JH		 3354 return err;
3355}
3356
c4960ecf
MN		 3357static int set_appearance(struct sock *sk, struct hci_dev *hdev, void *data,
3358 u16 len)
3359{
3360 struct mgmt_cp_set_appearance *cp = data;
6613baba 3361 u16 appearance;
c4960ecf
MN		 3362 int err;
3363
181d6953 3364 bt_dev_dbg(hdev, "sock %p", sk);
c4960ecf 3365
af4168c5
MN		 3366 if (!lmp_le_capable(hdev))
3367 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_APPEARANCE,
3368 MGMT_STATUS_NOT_SUPPORTED);
3369
6613baba 3370 appearance = le16_to_cpu(cp->appearance);
c4960ecf
MN		 3371
3372 hci_dev_lock(hdev);
3373
6613baba
AM		 3374 if (hdev->appearance != appearance) {
3375 hdev->appearance = appearance;
c4960ecf
MN		 3376
3377 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
3378 adv_expire(hdev, MGMT_ADV_FLAG_APPEARANCE);
e74317f4
MN		 3379
3380 ext_info_changed(hdev, sk);
c4960ecf
MN		 3381 }
3382
3383 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_APPEARANCE, 0, NULL,
3384 0);
3385
3386 hci_dev_unlock(hdev);
3387
3388 return err;
3389}
3390
6244691f
JK		 3391static int get_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3392 void *data, u16 len)
3393{
35302158 3394 struct mgmt_rp_get_phy_configuration rp;
6244691f 3395
181d6953 3396 bt_dev_dbg(hdev, "sock %p", sk);
6244691f
JK		 3397
3398 hci_dev_lock(hdev);
3399
3400 memset(&rp, 0, sizeof(rp));
3401
3402 rp.supported_phys = cpu_to_le32(get_supported_phys(hdev));
3403 rp.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3404 rp.configurable_phys = cpu_to_le32(get_configurable_phys(hdev));
3405
3406 hci_dev_unlock(hdev);
3407
3408 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_PHY_CONFIGURATION, 0,
3409 &rp, sizeof(rp));
3410}
3411
b7c23df8
JK		 3412int mgmt_phy_configuration_changed(struct hci_dev *hdev, struct sock *skip)
3413{
3414 struct mgmt_ev_phy_configuration_changed ev;
3415
3416 memset(&ev, 0, sizeof(ev));
3417
3418 ev.selected_phys = cpu_to_le32(get_selected_phys(hdev));
3419
3420 return mgmt_event(MGMT_EV_PHY_CONFIGURATION_CHANGED, hdev, &ev,
3421 sizeof(ev), skip);
3422}
3423
0314f286
JK		 3424static void set_default_phy_complete(struct hci_dev *hdev, u8 status,
3425 u16 opcode, struct sk_buff *skb)
3426{
0314f286
JK		 3427 struct mgmt_pending_cmd *cmd;
3428
181d6953 3429 bt_dev_dbg(hdev, "status 0x%02x", status);
0314f286
JK		 3430
3431 hci_dev_lock(hdev);
3432
3433 cmd = pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev);
3434 if (!cmd)
3435 goto unlock;
3436
0314f286
JK		 3437 if (status) {
3438 mgmt_cmd_status(cmd->sk, hdev->id,
3439 MGMT_OP_SET_PHY_CONFIGURATION,
3440 mgmt_status(status));
3441 } else {
3442 mgmt_cmd_complete(cmd->sk, hdev->id,
3443 MGMT_OP_SET_PHY_CONFIGURATION, 0,
3444 NULL, 0);
b7c23df8
JK		 3445
3446 mgmt_phy_configuration_changed(hdev, cmd->sk);
0314f286
JK		 3447 }
3448
3449 mgmt_pending_remove(cmd);
3450
3451unlock:
3452 hci_dev_unlock(hdev);
3453}
3454
3455static int set_phy_configuration(struct sock *sk, struct hci_dev *hdev,
3456 void *data, u16 len)
3457{
35302158 3458 struct mgmt_cp_set_phy_configuration *cp = data;
0314f286
JK		 3459 struct hci_cp_le_set_default_phy cp_phy;
3460 struct mgmt_pending_cmd *cmd;
3461 struct hci_request req;
3462 u32 selected_phys, configurable_phys, supported_phys, unconfigure_phys;
3463 u16 pkt_type = (HCI_DH1 | HCI_DM1);
b7c23df8 3464 bool changed = false;
0314f286
JK		 3465 int err;
3466
181d6953 3467 bt_dev_dbg(hdev, "sock %p", sk);
0314f286
JK		 3468
3469 configurable_phys = get_configurable_phys(hdev);
3470 supported_phys = get_supported_phys(hdev);
3471 selected_phys = __le32_to_cpu(cp->selected_phys);
3472
3473 if (selected_phys & ~supported_phys)
3474 return mgmt_cmd_status(sk, hdev->id,
3475 MGMT_OP_SET_PHY_CONFIGURATION,
3476 MGMT_STATUS_INVALID_PARAMS);
3477
3478 unconfigure_phys = supported_phys & ~configurable_phys;
3479
3480 if ((selected_phys & unconfigure_phys) != unconfigure_phys)
3481 return mgmt_cmd_status(sk, hdev->id,
3482 MGMT_OP_SET_PHY_CONFIGURATION,
3483 MGMT_STATUS_INVALID_PARAMS);
3484
3485 if (selected_phys == get_selected_phys(hdev))
3486 return mgmt_cmd_complete(sk, hdev->id,
3487 MGMT_OP_SET_PHY_CONFIGURATION,
3488 0, NULL, 0);
3489
3490 hci_dev_lock(hdev);
3491
3492 if (!hdev_is_powered(hdev)) {
3493 err = mgmt_cmd_status(sk, hdev->id,
3494 MGMT_OP_SET_PHY_CONFIGURATION,
3495 MGMT_STATUS_REJECTED);
3496 goto unlock;
3497 }
3498
3499 if (pending_find(MGMT_OP_SET_PHY_CONFIGURATION, hdev)) {
3500 err = mgmt_cmd_status(sk, hdev->id,
3501 MGMT_OP_SET_PHY_CONFIGURATION,
3502 MGMT_STATUS_BUSY);
3503 goto unlock;
3504 }
3505
3506 if (selected_phys & MGMT_PHY_BR_1M_3SLOT)
3507 pkt_type |= (HCI_DH3 | HCI_DM3);
3508 else
3509 pkt_type &= ~(HCI_DH3 | HCI_DM3);
3510
3511 if (selected_phys & MGMT_PHY_BR_1M_5SLOT)
3512 pkt_type |= (HCI_DH5 | HCI_DM5);
3513 else
3514 pkt_type &= ~(HCI_DH5 | HCI_DM5);
3515
3516 if (selected_phys & MGMT_PHY_EDR_2M_1SLOT)
3517 pkt_type &= ~HCI_2DH1;
3518 else
3519 pkt_type |= HCI_2DH1;
3520
3521 if (selected_phys & MGMT_PHY_EDR_2M_3SLOT)
3522 pkt_type &= ~HCI_2DH3;
3523 else
3524 pkt_type |= HCI_2DH3;
3525
3526 if (selected_phys & MGMT_PHY_EDR_2M_5SLOT)
3527 pkt_type &= ~HCI_2DH5;
3528 else
3529 pkt_type |= HCI_2DH5;
3530
3531 if (selected_phys & MGMT_PHY_EDR_3M_1SLOT)
3532 pkt_type &= ~HCI_3DH1;
3533 else
3534 pkt_type |= HCI_3DH1;
3535
3536 if (selected_phys & MGMT_PHY_EDR_3M_3SLOT)
3537 pkt_type &= ~HCI_3DH3;
3538 else
3539 pkt_type |= HCI_3DH3;
3540
3541 if (selected_phys & MGMT_PHY_EDR_3M_5SLOT)
3542 pkt_type &= ~HCI_3DH5;
3543 else
3544 pkt_type |= HCI_3DH5;
3545
b7c23df8 3546 if (pkt_type != hdev->pkt_type) {
0314f286 3547 hdev->pkt_type = pkt_type;
b7c23df8
JK		 3548 changed = true;
3549 }
0314f286
JK		 3550
3551 if ((selected_phys & MGMT_PHY_LE_MASK) ==
3552 (get_selected_phys(hdev) & MGMT_PHY_LE_MASK)) {
b7c23df8
JK		 3553 if (changed)
3554 mgmt_phy_configuration_changed(hdev, sk);
3555
0314f286
JK		 3556 err = mgmt_cmd_complete(sk, hdev->id,
3557 MGMT_OP_SET_PHY_CONFIGURATION,
3558 0, NULL, 0);
3559
3560 goto unlock;
3561 }
3562
3563 cmd = mgmt_pending_add(sk, MGMT_OP_SET_PHY_CONFIGURATION, hdev, data,
3564 len);
3565 if (!cmd) {
3566 err = -ENOMEM;
3567 goto unlock;
3568 }
3569
3570 hci_req_init(&req, hdev);
3571
3572 memset(&cp_phy, 0, sizeof(cp_phy));
3573
3574 if (!(selected_phys & MGMT_PHY_LE_TX_MASK))
3575 cp_phy.all_phys |= 0x01;
3576
3577 if (!(selected_phys & MGMT_PHY_LE_RX_MASK))
3578 cp_phy.all_phys |= 0x02;
3579
3580 if (selected_phys & MGMT_PHY_LE_1M_TX)
3581 cp_phy.tx_phys |= HCI_LE_SET_PHY_1M;
3582
3583 if (selected_phys & MGMT_PHY_LE_2M_TX)
3584 cp_phy.tx_phys |= HCI_LE_SET_PHY_2M;
3585
3586 if (selected_phys & MGMT_PHY_LE_CODED_TX)
3587 cp_phy.tx_phys |= HCI_LE_SET_PHY_CODED;
3588
3589 if (selected_phys & MGMT_PHY_LE_1M_RX)
3590 cp_phy.rx_phys |= HCI_LE_SET_PHY_1M;
3591
3592 if (selected_phys & MGMT_PHY_LE_2M_RX)
3593 cp_phy.rx_phys |= HCI_LE_SET_PHY_2M;
3594
3595 if (selected_phys & MGMT_PHY_LE_CODED_RX)
3596 cp_phy.rx_phys |= HCI_LE_SET_PHY_CODED;
3597
3598 hci_req_add(&req, HCI_OP_LE_SET_DEFAULT_PHY, sizeof(cp_phy), &cp_phy);
3599
3600 err = hci_req_run_skb(&req, set_default_phy_complete);
3601 if (err < 0)
3602 mgmt_pending_remove(cmd);
3603
3604unlock:
3605 hci_dev_unlock(hdev);
3606
3607 return err;
3608}
3609
600a8749
AM		 3610static int set_blocked_keys(struct sock *sk, struct hci_dev *hdev, void *data,
3611 u16 len)
3612{
3613 int err = MGMT_STATUS_SUCCESS;
3614 struct mgmt_cp_set_blocked_keys *keys = data;
3615 const u16 max_key_count = ((U16_MAX - sizeof(*keys)) /
3616 sizeof(struct mgmt_blocked_key_info));
3617 u16 key_count, expected_len;
3618 int i;
3619
181d6953 3620 bt_dev_dbg(hdev, "sock %p", sk);
600a8749
AM		 3621
3622 key_count = __le16_to_cpu(keys->key_count);
3623 if (key_count > max_key_count) {
3624 bt_dev_err(hdev, "too big key_count value %u", key_count);
3625 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3626 MGMT_STATUS_INVALID_PARAMS);
3627 }
3628
3629 expected_len = struct_size(keys, keys, key_count);
3630 if (expected_len != len) {
3631 bt_dev_err(hdev, "expected %u bytes, got %u bytes",
3632 expected_len, len);
3633 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3634 MGMT_STATUS_INVALID_PARAMS);
3635 }
3636
3637 hci_dev_lock(hdev);
3638
3639 hci_blocked_keys_clear(hdev);
3640
3641 for (i = 0; i < keys->key_count; ++i) {
3642 struct blocked_key *b = kzalloc(sizeof(*b), GFP_KERNEL);
3643
3644 if (!b) {
3645 err = MGMT_STATUS_NO_RESOURCES;
3646 break;
3647 }
3648
3649 b->type = keys->keys[i].type;
3650 memcpy(b->val, keys->keys[i].val, sizeof(b->val));
3651 list_add_rcu(&b->list, &hdev->blocked_keys);
3652 }
3653 hci_dev_unlock(hdev);
3654
3655 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_BLOCKED_KEYS,
3656 err, NULL, 0);
3657}
3658
00bce3fb
AM		 3659static int set_wideband_speech(struct sock *sk, struct hci_dev *hdev,
3660 void *data, u16 len)
3661{
3662 struct mgmt_mode *cp = data;
3663 int err;
3664 bool changed = false;
3665
181d6953 3666 bt_dev_dbg(hdev, "sock %p", sk);
00bce3fb
AM		 3667
3668 if (!test_bit(HCI_QUIRK_WIDEBAND_SPEECH_SUPPORTED, &hdev->quirks))
3669 return mgmt_cmd_status(sk, hdev->id,
3670 MGMT_OP_SET_WIDEBAND_SPEECH,
3671 MGMT_STATUS_NOT_SUPPORTED);
3672
3673 if (cp->val != 0x00 && cp->val != 0x01)
3674 return mgmt_cmd_status(sk, hdev->id,
3675 MGMT_OP_SET_WIDEBAND_SPEECH,
3676 MGMT_STATUS_INVALID_PARAMS);
3677
3678 hci_dev_lock(hdev);
3679
3680 if (pending_find(MGMT_OP_SET_WIDEBAND_SPEECH, hdev)) {
3681 err = mgmt_cmd_status(sk, hdev->id,
3682 MGMT_OP_SET_WIDEBAND_SPEECH,
3683 MGMT_STATUS_BUSY);
3684 goto unlock;
3685 }
3686
3687 if (hdev_is_powered(hdev) &&
3688 !!cp->val != hci_dev_test_flag(hdev,
3689 HCI_WIDEBAND_SPEECH_ENABLED)) {
3690 err = mgmt_cmd_status(sk, hdev->id,
3691 MGMT_OP_SET_WIDEBAND_SPEECH,
3692 MGMT_STATUS_REJECTED);
3693 goto unlock;
3694 }
3695
3696 if (cp->val)
3697 changed = !hci_dev_test_and_set_flag(hdev,
3698 HCI_WIDEBAND_SPEECH_ENABLED);
3699 else
3700 changed = hci_dev_test_and_clear_flag(hdev,
3701 HCI_WIDEBAND_SPEECH_ENABLED);
3702
3703 err = send_settings_rsp(sk, MGMT_OP_SET_WIDEBAND_SPEECH, hdev);
3704 if (err < 0)
3705 goto unlock;
3706
3707 if (changed)
3708 err = new_settings(hdev, sk);
3709
3710unlock:
3711 hci_dev_unlock(hdev);
3712 return err;
3713}
3714
4d9b9528
DW		 3715static int read_controller_cap(struct sock *sk, struct hci_dev *hdev,
3716 void *data, u16 data_len)
bc292258 3717{
4d9b9528
DW		 3718 char buf[20];
3719 struct mgmt_rp_read_controller_cap *rp = (void *)buf;
3720 u16 cap_len = 0;
bc292258 3721 u8 flags = 0;
4d9b9528 3722 u8 tx_power_range[2];
bc292258
MH		 3723
3724 bt_dev_dbg(hdev, "sock %p", sk);
3725
3726 memset(&buf, 0, sizeof(buf));
3727
3728 hci_dev_lock(hdev);
3729
3730 /* When the Read Simple Pairing Options command is supported, then
3731 * the remote public key validation is supported.
a61d6718
MH		 3732 *
3733 * Alternatively, when Microsoft extensions are available, they can
3734 * indicate support for public key validation as well.
bc292258 3735 */
a61d6718 3736 if ((hdev->commands[41] & 0x08) || msft_curve_validity(hdev))
bc292258
MH		 3737 flags |= 0x01; /* Remote public key validation (BR/EDR) */
3738
3739 flags |= 0x02; /* Remote public key validation (LE) */
3740
3741 /* When the Read Encryption Key Size command is supported, then the
3742 * encryption key size is enforced.
3743 */
3744 if (hdev->commands[20] & 0x10)
3745 flags |= 0x04; /* Encryption key size enforcement (BR/EDR) */
3746
3747 flags |= 0x08; /* Encryption key size enforcement (LE) */
3748
4d9b9528
DW		 3749 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_SEC_FLAGS,
3750 &flags, 1);
bc292258
MH		 3751
3752 /* When the Read Simple Pairing Options command is supported, then
3753 * also max encryption key size information is provided.
3754 */
3755 if (hdev->commands[41] & 0x08)
4d9b9528
DW		 3756 cap_len = eir_append_le16(rp->cap, cap_len,
3757 MGMT_CAP_MAX_ENC_KEY_SIZE,
bc292258
MH		 3758 hdev->max_enc_key_size);
3759
4d9b9528
DW		 3760 cap_len = eir_append_le16(rp->cap, cap_len,
3761 MGMT_CAP_SMP_MAX_ENC_KEY_SIZE,
3762 SMP_MAX_ENC_KEY_SIZE);
3763
3764 /* Append the min/max LE tx power parameters if we were able to fetch
3765 * it from the controller
3766 */
3767 if (hdev->commands[38] & 0x80) {
3768 memcpy(&tx_power_range[0], &hdev->min_le_tx_power, 1);
3769 memcpy(&tx_power_range[1], &hdev->max_le_tx_power, 1);
3770 cap_len = eir_append_data(rp->cap, cap_len, MGMT_CAP_LE_TX_PWR,
3771 tx_power_range, 2);
3772 }
bc292258 3773
4d9b9528 3774 rp->cap_len = cpu_to_le16(cap_len);
bc292258
MH		 3775
3776 hci_dev_unlock(hdev);
3777
4d9b9528
DW		 3778 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_CONTROLLER_CAP, 0,
3779 rp, sizeof(*rp) + cap_len);
bc292258
MH		 3780}
3781
e625e50c
MH		 3782#ifdef CONFIG_BT_FEATURE_DEBUG
3783/* d4992530-b9ec-469f-ab01-6c481c47da1c */
3784static const u8 debug_uuid[16] = {
3785 0x1c, 0xda, 0x47, 0x1c, 0x48, 0x6c, 0x01, 0xab,
3786 0x9f, 0x46, 0xec, 0xb9, 0x30, 0x25, 0x99, 0xd4,
3787};
3788#endif
3789
ae7d925b
JH		 3790/* 330859bc-7506-492d-9370-9a6f0614037f */
3791static const u8 quality_report_uuid[16] = {
3792 0x7f, 0x03, 0x14, 0x06, 0x6f, 0x9a, 0x70, 0x93,
3793 0x2d, 0x49, 0x06, 0x75, 0xbc, 0x59, 0x08, 0x33,
3794};
3795
ad933151
K		 3796/* a6695ace-ee7f-4fb9-881a-5fac66c629af */
3797static const u8 offload_codecs_uuid[16] = {
3798 0xaf, 0x29, 0xc6, 0x66, 0xac, 0x5f, 0x1a, 0x88,
3799 0xb9, 0x4f, 0x7f, 0xee, 0xce, 0x5a, 0x69, 0xa6,
3800};
3801
15d8ce05
AM		 3802/* 671b10b5-42c0-4696-9227-eb28d1b049d6 */
3803static const u8 simult_central_periph_uuid[16] = {
3804 0xd6, 0x49, 0xb0, 0xd1, 0x28, 0xeb, 0x27, 0x92,
3805 0x96, 0x46, 0xc0, 0x42, 0xb5, 0x10, 0x1b, 0x67,
3806};
3807
cbbdfa6f
SN		 3808/* 15c0a148-c273-11ea-b3de-0242ac130004 */
3809static const u8 rpa_resolution_uuid[16] = {
3810 0x04, 0x00, 0x13, 0xac, 0x42, 0x02, 0xde, 0xb3,
3811 0xea, 0x11, 0x73, 0xc2, 0x48, 0xa1, 0xc0, 0x15,
3812};
3813
a10c907c
MH		 3814static int read_exp_features_info(struct sock *sk, struct hci_dev *hdev,
3815 void *data, u16 data_len)
3816{
ad933151 3817 char buf[102]; /* Enough space for 5 features: 2 + 20 * 5 */
a10c907c
MH		 3818 struct mgmt_rp_read_exp_features_info *rp = (void *)buf;
3819 u16 idx = 0;
15d8ce05 3820 u32 flags;
a10c907c
MH		 3821
3822 bt_dev_dbg(hdev, "sock %p", sk);
3823
3824 memset(&buf, 0, sizeof(buf));
3825
e625e50c
MH		 3826#ifdef CONFIG_BT_FEATURE_DEBUG
3827 if (!hdev) {
15d8ce05 3828 flags = bt_dbg_get() ? BIT(0) : 0;
e625e50c
MH		 3829
3830 memcpy(rp->features[idx].uuid, debug_uuid, 16);
3831 rp->features[idx].flags = cpu_to_le32(flags);
3832 idx++;
3833 }
3834#endif
3835
15d8ce05
AM		 3836 if (hdev) {
3837 if (test_bit(HCI_QUIRK_VALID_LE_STATES, &hdev->quirks) &&
3838 (hdev->le_states[4] & 0x08) && /* Central */
3839 (hdev->le_states[4] & 0x40) && /* Peripheral */
3840 (hdev->le_states[3] & 0x10)) /* Simultaneous */
3841 flags = BIT(0);
3842 else
3843 flags = 0;
3844
3845 memcpy(rp->features[idx].uuid, simult_central_periph_uuid, 16);
3846 rp->features[idx].flags = cpu_to_le32(flags);
3847 idx++;
3848 }
3849
ad383c2c 3850 if (hdev && ll_privacy_capable(hdev)) {
cbbdfa6f
SN		 3851 if (hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY))
3852 flags = BIT(0) | BIT(1);
3853 else
3854 flags = BIT(1);
3855
3856 memcpy(rp->features[idx].uuid, rpa_resolution_uuid, 16);
3857 rp->features[idx].flags = cpu_to_le32(flags);
3858 idx++;
3859 }
3860
823f3bc4
MH		 3861 if (hdev && hdev->set_quality_report) {
3862 if (hci_dev_test_flag(hdev, HCI_QUALITY_REPORT))
ae7d925b 3863 flags = BIT(0);
823f3bc4 3864 else
ae7d925b 3865 flags = 0;
823f3bc4 3866
ae7d925b
JH		 3867 memcpy(rp->features[idx].uuid, quality_report_uuid, 16);
3868 rp->features[idx].flags = cpu_to_le32(flags);
3869 idx++;
3870 }
3871
7f7fd17e
MH		 3872 if (hdev && hdev->get_data_path_id) {
3873 if (hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED))
ad933151 3874 flags = BIT(0);
7f7fd17e 3875 else
ad933151 3876 flags = 0;
7f7fd17e 3877
ad933151
K		 3878 memcpy(rp->features[idx].uuid, offload_codecs_uuid, 16);
3879 rp->features[idx].flags = cpu_to_le32(flags);
3880 idx++;
3881 }
3882
a10c907c
MH		 3883 rp->feature_count = cpu_to_le16(idx);
3884
3885 /* After reading the experimental features information, enable
3886 * the events to update client on any future change.
3887 */
3888 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
3889
3890 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3891 MGMT_OP_READ_EXP_FEATURES_INFO,
3892 0, rp, sizeof(*rp) + (20 * idx));
3893}
3894
cbbdfa6f
SN		 3895static int exp_ll_privacy_feature_changed(bool enabled, struct hci_dev *hdev,
3896 struct sock *skip)
3897{
3898 struct mgmt_ev_exp_feature_changed ev;
3899
3900 memset(&ev, 0, sizeof(ev));
3901 memcpy(ev.uuid, rpa_resolution_uuid, 16);
3902 ev.flags = cpu_to_le32((enabled ? BIT(0) : 0) | BIT(1));
3903
3904 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
3905 &ev, sizeof(ev),
3906 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3907
3908}
3909
e625e50c
MH		 3910#ifdef CONFIG_BT_FEATURE_DEBUG
3911static int exp_debug_feature_changed(bool enabled, struct sock *skip)
3912{
3913 struct mgmt_ev_exp_feature_changed ev;
3914
3915 memset(&ev, 0, sizeof(ev));
3916 memcpy(ev.uuid, debug_uuid, 16);
3917 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3918
3919 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, NULL,
3920 &ev, sizeof(ev),
3921 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3922}
3923#endif
3924
b15bfa4d
THJA		 3925static int exp_quality_report_feature_changed(bool enabled,
3926 struct hci_dev *hdev,
3927 struct sock *skip)
ae7d925b
JH		 3928{
3929 struct mgmt_ev_exp_feature_changed ev;
3930
3931 memset(&ev, 0, sizeof(ev));
3932 memcpy(ev.uuid, quality_report_uuid, 16);
3933 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
3934
b15bfa4d 3935 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
ae7d925b
JH		 3936 &ev, sizeof(ev),
3937 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
3938}
3939
93fb70bc
JH		 3940#define EXP_FEAT(_uuid, _set_func) \
3941{ \
3942 .uuid = _uuid, \
3943 .set_func = _set_func, \
3944}
3945
3946/* The zero key uuid is special. Multiple exp features are set through it. */
3947static int set_zero_key_func(struct sock *sk, struct hci_dev *hdev,
3948 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
a10c907c 3949{
a10c907c
MH		 3950 struct mgmt_rp_set_exp_feature rp;
3951
93fb70bc
JH		 3952 memset(rp.uuid, 0, 16);
3953 rp.flags = cpu_to_le32(0);
a10c907c 3954
e625e50c 3955#ifdef CONFIG_BT_FEATURE_DEBUG
93fb70bc
JH		 3956 if (!hdev) {
3957 bool changed = bt_dbg_get();
e625e50c 3958
93fb70bc 3959 bt_dbg_set(false);
e625e50c 3960
93fb70bc
JH		 3961 if (changed)
3962 exp_debug_feature_changed(false, sk);
3963 }
e625e50c
MH		 3964#endif
3965
93fb70bc
JH		 3966 if (hdev && use_ll_privacy(hdev) && !hdev_is_powered(hdev)) {
3967 bool changed = hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY);
cbbdfa6f 3968
93fb70bc 3969 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
cbbdfa6f 3970
93fb70bc
JH		 3971 if (changed)
3972 exp_ll_privacy_feature_changed(false, hdev, sk);
3973 }
cbbdfa6f 3974
93fb70bc 3975 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
a10c907c 3976
93fb70bc
JH		 3977 return mgmt_cmd_complete(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
3978 MGMT_OP_SET_EXP_FEATURE, 0,
3979 &rp, sizeof(rp));
3980}
a10c907c 3981
e625e50c 3982#ifdef CONFIG_BT_FEATURE_DEBUG
93fb70bc
JH		 3983static int set_debug_func(struct sock *sk, struct hci_dev *hdev,
3984 struct mgmt_cp_set_exp_feature *cp, u16 data_len)
3985{
3986 struct mgmt_rp_set_exp_feature rp;
e625e50c 3987
93fb70bc
JH		 3988 bool val, changed;
3989 int err;
e625e50c 3990
93fb70bc
JH		 3991 /* Command requires to use the non-controller index */
3992 if (hdev)
3993 return mgmt_cmd_status(sk, hdev->id,
3994 MGMT_OP_SET_EXP_FEATURE,
3995 MGMT_STATUS_INVALID_INDEX);
e625e50c 3996
93fb70bc
JH		 3997 /* Parameters are limited to a single octet */
3998 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
3999 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4000 MGMT_OP_SET_EXP_FEATURE,
4001 MGMT_STATUS_INVALID_PARAMS);
e625e50c 4002
93fb70bc
JH		 4003 /* Only boolean on/off is supported */
4004 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4005 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4006 MGMT_OP_SET_EXP_FEATURE,
4007 MGMT_STATUS_INVALID_PARAMS);
e625e50c 4008
93fb70bc
JH		 4009 val = !!cp->param[0];
4010 changed = val ? !bt_dbg_get() : bt_dbg_get();
4011 bt_dbg_set(val);
e625e50c 4012
93fb70bc
JH		 4013 memcpy(rp.uuid, debug_uuid, 16);
4014 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
e625e50c 4015
93fb70bc 4016 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
e625e50c 4017
93fb70bc
JH		 4018 err = mgmt_cmd_complete(sk, MGMT_INDEX_NONE,
4019 MGMT_OP_SET_EXP_FEATURE, 0,
4020 &rp, sizeof(rp));
e625e50c 4021
93fb70bc
JH		 4022 if (changed)
4023 exp_debug_feature_changed(val, sk);
4024
4025 return err;
4026}
e625e50c
MH		 4027#endif
4028
93fb70bc
JH		 4029static int set_rpa_resolution_func(struct sock *sk, struct hci_dev *hdev,
4030 struct mgmt_cp_set_exp_feature *cp,
4031 u16 data_len)
4032{
4033 struct mgmt_rp_set_exp_feature rp;
4034 bool val, changed;
4035 int err;
4036 u32 flags;
4037
4038 /* Command requires to use the controller index */
4039 if (!hdev)
4040 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4041 MGMT_OP_SET_EXP_FEATURE,
4042 MGMT_STATUS_INVALID_INDEX);
cbbdfa6f 4043
93fb70bc
JH		 4044 /* Changes can only be made when controller is powered down */
4045 if (hdev_is_powered(hdev))
4046 return mgmt_cmd_status(sk, hdev->id,
4047 MGMT_OP_SET_EXP_FEATURE,
4048 MGMT_STATUS_REJECTED);
cbbdfa6f 4049
93fb70bc
JH		 4050 /* Parameters are limited to a single octet */
4051 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4052 return mgmt_cmd_status(sk, hdev->id,
4053 MGMT_OP_SET_EXP_FEATURE,
4054 MGMT_STATUS_INVALID_PARAMS);
cbbdfa6f 4055
93fb70bc
JH		 4056 /* Only boolean on/off is supported */
4057 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4058 return mgmt_cmd_status(sk, hdev->id,
4059 MGMT_OP_SET_EXP_FEATURE,
4060 MGMT_STATUS_INVALID_PARAMS);
cbbdfa6f 4061
93fb70bc 4062 val = !!cp->param[0];
cbbdfa6f 4063
93fb70bc
JH		 4064 if (val) {
4065 changed = !hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4066 hci_dev_set_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4067 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
cbbdfa6f 4068
93fb70bc
JH		 4069 /* Enable LL privacy + supported settings changed */
4070 flags = BIT(0) | BIT(1);
4071 } else {
4072 changed = hci_dev_test_flag(hdev, HCI_ENABLE_LL_PRIVACY);
4073 hci_dev_clear_flag(hdev, HCI_ENABLE_LL_PRIVACY);
cbbdfa6f 4074
93fb70bc
JH		 4075 /* Disable LL privacy + supported settings changed */
4076 flags = BIT(1);
4077 }
cbbdfa6f 4078
93fb70bc
JH		 4079 memcpy(rp.uuid, rpa_resolution_uuid, 16);
4080 rp.flags = cpu_to_le32(flags);
cbbdfa6f 4081
93fb70bc 4082 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
cbbdfa6f 4083
93fb70bc
JH		 4084 err = mgmt_cmd_complete(sk, hdev->id,
4085 MGMT_OP_SET_EXP_FEATURE, 0,
4086 &rp, sizeof(rp));
cbbdfa6f 4087
93fb70bc
JH		 4088 if (changed)
4089 exp_ll_privacy_feature_changed(val, hdev, sk);
cbbdfa6f 4090
93fb70bc
JH		 4091 return err;
4092}
cbbdfa6f 4093
ae7d925b
JH		 4094static int set_quality_report_func(struct sock *sk, struct hci_dev *hdev,
4095 struct mgmt_cp_set_exp_feature *cp,
4096 u16 data_len)
4097{
4098 struct mgmt_rp_set_exp_feature rp;
4099 bool val, changed;
4100 int err;
4101
4102 /* Command requires to use a valid controller index */
4103 if (!hdev)
4104 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4105 MGMT_OP_SET_EXP_FEATURE,
4106 MGMT_STATUS_INVALID_INDEX);
4107
4108 /* Parameters are limited to a single octet */
4109 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4110 return mgmt_cmd_status(sk, hdev->id,
4111 MGMT_OP_SET_EXP_FEATURE,
4112 MGMT_STATUS_INVALID_PARAMS);
4113
4114 /* Only boolean on/off is supported */
4115 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4116 return mgmt_cmd_status(sk, hdev->id,
4117 MGMT_OP_SET_EXP_FEATURE,
4118 MGMT_STATUS_INVALID_PARAMS);
4119
4120 hci_req_sync_lock(hdev);
4121
4122 val = !!cp->param[0];
4123 changed = (val != hci_dev_test_flag(hdev, HCI_QUALITY_REPORT));
4124
4125 if (!hdev->set_quality_report) {
4126 err = mgmt_cmd_status(sk, hdev->id,
4127 MGMT_OP_SET_EXP_FEATURE,
4128 MGMT_STATUS_NOT_SUPPORTED);
4129 goto unlock_quality_report;
4130 }
4131
4132 if (changed) {
4133 err = hdev->set_quality_report(hdev, val);
4134 if (err) {
4135 err = mgmt_cmd_status(sk, hdev->id,
4136 MGMT_OP_SET_EXP_FEATURE,
4137 MGMT_STATUS_FAILED);
4138 goto unlock_quality_report;
4139 }
4140 if (val)
4141 hci_dev_set_flag(hdev, HCI_QUALITY_REPORT);
4142 else
4143 hci_dev_clear_flag(hdev, HCI_QUALITY_REPORT);
4144 }
4145
4146 bt_dev_dbg(hdev, "quality report enable %d changed %d", val, changed);
4147
4148 memcpy(rp.uuid, quality_report_uuid, 16);
4149 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4150 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4151 err = mgmt_cmd_complete(sk, hdev->id,
4152 MGMT_OP_SET_EXP_FEATURE, 0,
4153 &rp, sizeof(rp));
4154
4155 if (changed)
b15bfa4d 4156 exp_quality_report_feature_changed(val, hdev, sk);
ae7d925b
JH		 4157
4158unlock_quality_report:
4159 hci_req_sync_unlock(hdev);
4160 return err;
4161}
4162
b15bfa4d
THJA		 4163static int exp_offload_codec_feature_changed(bool enabled, struct hci_dev *hdev,
4164 struct sock *skip)
ad933151
K		 4165{
4166 struct mgmt_ev_exp_feature_changed ev;
4167
4168 memset(&ev, 0, sizeof(ev));
4169 memcpy(ev.uuid, offload_codecs_uuid, 16);
4170 ev.flags = cpu_to_le32(enabled ? BIT(0) : 0);
4171
b15bfa4d 4172 return mgmt_limited_event(MGMT_EV_EXP_FEATURE_CHANGED, hdev,
ad933151
K		 4173 &ev, sizeof(ev),
4174 HCI_MGMT_EXP_FEATURE_EVENTS, skip);
4175}
4176
4177static int set_offload_codec_func(struct sock *sk, struct hci_dev *hdev,
4178 struct mgmt_cp_set_exp_feature *cp,
4179 u16 data_len)
4180{
4181 bool val, changed;
4182 int err;
4183 struct mgmt_rp_set_exp_feature rp;
4184
4185 /* Command requires to use a valid controller index */
4186 if (!hdev)
4187 return mgmt_cmd_status(sk, MGMT_INDEX_NONE,
4188 MGMT_OP_SET_EXP_FEATURE,
4189 MGMT_STATUS_INVALID_INDEX);
4190
4191 /* Parameters are limited to a single octet */
4192 if (data_len != MGMT_SET_EXP_FEATURE_SIZE + 1)
4193 return mgmt_cmd_status(sk, hdev->id,
4194 MGMT_OP_SET_EXP_FEATURE,
4195 MGMT_STATUS_INVALID_PARAMS);
4196
4197 /* Only boolean on/off is supported */
4198 if (cp->param[0] != 0x00 && cp->param[0] != 0x01)
4199 return mgmt_cmd_status(sk, hdev->id,
4200 MGMT_OP_SET_EXP_FEATURE,
4201 MGMT_STATUS_INVALID_PARAMS);
4202
4203 val = !!cp->param[0];
4204 changed = (val != hci_dev_test_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED));
4205
4206 if (!hdev->get_data_path_id) {
4207 return mgmt_cmd_status(sk, hdev->id,
4208 MGMT_OP_SET_EXP_FEATURE,
4209 MGMT_STATUS_NOT_SUPPORTED);
4210 }
4211
4212 if (changed) {
4213 if (val)
4214 hci_dev_set_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4215 else
4216 hci_dev_clear_flag(hdev, HCI_OFFLOAD_CODECS_ENABLED);
4217 }
4218
4219 bt_dev_info(hdev, "offload codecs enable %d changed %d",
4220 val, changed);
4221
4222 memcpy(rp.uuid, offload_codecs_uuid, 16);
4223 rp.flags = cpu_to_le32(val ? BIT(0) : 0);
4224 hci_sock_set_flag(sk, HCI_MGMT_EXP_FEATURE_EVENTS);
4225 err = mgmt_cmd_complete(sk, hdev->id,
4226 MGMT_OP_SET_EXP_FEATURE, 0,
4227 &rp, sizeof(rp));
4228
4229 if (changed)
b15bfa4d 4230 exp_offload_codec_feature_changed(val, hdev, sk);
ad933151
K		 4231
4232 return err;
4233}
4234
93fb70bc
JH		 4235static const struct mgmt_exp_feature {
4236 const u8 *uuid;
4237 int (*set_func)(struct sock *sk, struct hci_dev *hdev,
4238 struct mgmt_cp_set_exp_feature *cp, u16 data_len);
4239} exp_features[] = {
4240 EXP_FEAT(ZERO_KEY, set_zero_key_func),
4241#ifdef CONFIG_BT_FEATURE_DEBUG
4242 EXP_FEAT(debug_uuid, set_debug_func),
4243#endif
4244 EXP_FEAT(rpa_resolution_uuid, set_rpa_resolution_func),
ae7d925b 4245 EXP_FEAT(quality_report_uuid, set_quality_report_func),
ad933151 4246 EXP_FEAT(offload_codecs_uuid, set_offload_codec_func),
93fb70bc
JH		 4247
4248 /* end with a null feature */
4249 EXP_FEAT(NULL, NULL)
4250};
4251
4252static int set_exp_feature(struct sock *sk, struct hci_dev *hdev,
4253 void *data, u16 data_len)
4254{
4255 struct mgmt_cp_set_exp_feature *cp = data;
4256 size_t i = 0;
4257
4258 bt_dev_dbg(hdev, "sock %p", sk);
4259
4260 for (i = 0; exp_features[i].uuid; i++) {
4261 if (!memcmp(cp->uuid, exp_features[i].uuid, 16))
4262 return exp_features[i].set_func(sk, hdev, cp, data_len);
cbbdfa6f
SN		 4263 }
4264
a10c907c
MH		 4265 return mgmt_cmd_status(sk, hdev ? hdev->id : MGMT_INDEX_NONE,
4266 MGMT_OP_SET_EXP_FEATURE,
4267 MGMT_STATUS_NOT_SUPPORTED);
4268}
4269
4c54bf2b
APS		 4270#define SUPPORTED_DEVICE_FLAGS() ((1U << HCI_CONN_FLAG_MAX) - 1)
4271
4272static int get_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4273 u16 data_len)
4274{
4275 struct mgmt_cp_get_device_flags *cp = data;
4276 struct mgmt_rp_get_device_flags rp;
4277 struct bdaddr_list_with_flags *br_params;
4278 struct hci_conn_params *params;
4279 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4280 u32 current_flags = 0;
4281 u8 status = MGMT_STATUS_INVALID_PARAMS;
4282
4283 bt_dev_dbg(hdev, "Get device flags %pMR (type 0x%x)\n",
4284 &cp->addr.bdaddr, cp->addr.type);
4285
3ca33e3f
APS		 4286 hci_dev_lock(hdev);
4287
02ce2c2c
THJA		 4288 memset(&rp, 0, sizeof(rp));
4289
4c54bf2b 4290 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 4291 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4c54bf2b
APS		 4292 &cp->addr.bdaddr,
4293 cp->addr.type);
4294 if (!br_params)
4295 goto done;
4296
4297 current_flags = br_params->current_flags;
4298 } else {
4299 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4300 le_addr_type(cp->addr.type));
4301
4302 if (!params)
4303 goto done;
4304
4305 current_flags = params->current_flags;
4306 }
4307
4308 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
4309 rp.addr.type = cp->addr.type;
4310 rp.supported_flags = cpu_to_le32(supported_flags);
4311 rp.current_flags = cpu_to_le32(current_flags);
4312
4313 status = MGMT_STATUS_SUCCESS;
4314
4315done:
3ca33e3f
APS		 4316 hci_dev_unlock(hdev);
4317
4c54bf2b
APS		 4318 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_DEVICE_FLAGS, status,
4319 &rp, sizeof(rp));
4320}
4321
4322static void device_flags_changed(struct sock *sk, struct hci_dev *hdev,
4323 bdaddr_t *bdaddr, u8 bdaddr_type,
4324 u32 supported_flags, u32 current_flags)
4325{
4326 struct mgmt_ev_device_flags_changed ev;
4327
4328 bacpy(&ev.addr.bdaddr, bdaddr);
4329 ev.addr.type = bdaddr_type;
4330 ev.supported_flags = cpu_to_le32(supported_flags);
4331 ev.current_flags = cpu_to_le32(current_flags);
4332
4333 mgmt_event(MGMT_EV_DEVICE_FLAGS_CHANGED, hdev, &ev, sizeof(ev), sk);
4334}
4335
4336static int set_device_flags(struct sock *sk, struct hci_dev *hdev, void *data,
4337 u16 len)
4338{
4339 struct mgmt_cp_set_device_flags *cp = data;
4340 struct bdaddr_list_with_flags *br_params;
4341 struct hci_conn_params *params;
4342 u8 status = MGMT_STATUS_INVALID_PARAMS;
4343 u32 supported_flags = SUPPORTED_DEVICE_FLAGS();
4344 u32 current_flags = __le32_to_cpu(cp->current_flags);
4345
4346 bt_dev_dbg(hdev, "Set device flags %pMR (type 0x%x) = 0x%x",
4347 &cp->addr.bdaddr, cp->addr.type,
4348 __le32_to_cpu(current_flags));
4349
4350 if ((supported_flags | current_flags) != supported_flags) {
4351 bt_dev_warn(hdev, "Bad flag given (0x%x) vs supported (0x%0x)",
4352 current_flags, supported_flags);
4353 goto done;
4354 }
4355
3ca33e3f
APS		 4356 hci_dev_lock(hdev);
4357
4c54bf2b 4358 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 4359 br_params = hci_bdaddr_list_lookup_with_flags(&hdev->accept_list,
4c54bf2b
APS		 4360 &cp->addr.bdaddr,
4361 cp->addr.type);
4362
4363 if (br_params) {
4364 br_params->current_flags = current_flags;
4365 status = MGMT_STATUS_SUCCESS;
4366 } else {
4367 bt_dev_warn(hdev, "No such BR/EDR device %pMR (0x%x)",
4368 &cp->addr.bdaddr, cp->addr.type);
4369 }
4370 } else {
4371 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
4372 le_addr_type(cp->addr.type));
4373 if (params) {
4374 params->current_flags = current_flags;
4375 status = MGMT_STATUS_SUCCESS;
4376 } else {
4377 bt_dev_warn(hdev, "No such LE device %pMR (0x%x)",
4378 &cp->addr.bdaddr,
4379 le_addr_type(cp->addr.type));
4380 }
4381 }
4382
4383done:
3ca33e3f
APS		 4384 hci_dev_unlock(hdev);
4385
4c54bf2b
APS		 4386 if (status == MGMT_STATUS_SUCCESS)
4387 device_flags_changed(sk, hdev, &cp->addr.bdaddr, cp->addr.type,
4388 supported_flags, current_flags);
4389
4390 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_FLAGS, status,
4391 &cp->addr, sizeof(cp->addr));
4392}
4393
b52729f2
MC		 4394static void mgmt_adv_monitor_added(struct sock *sk, struct hci_dev *hdev,
4395 u16 handle)
4396{
4397 struct mgmt_ev_adv_monitor_added ev;
4398
4399 ev.monitor_handle = cpu_to_le16(handle);
4400
4401 mgmt_event(MGMT_EV_ADV_MONITOR_ADDED, hdev, &ev, sizeof(ev), sk);
4402}
4403
66bd095a 4404void mgmt_adv_monitor_removed(struct hci_dev *hdev, u16 handle)
cdde92e2 4405{
66bd095a
AP		 4406 struct mgmt_ev_adv_monitor_removed ev;
4407 struct mgmt_pending_cmd *cmd;
4408 struct sock *sk_skip = NULL;
4409 struct mgmt_cp_remove_adv_monitor *cp;
4410
4411 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4412 if (cmd) {
4413 cp = cmd->param;
4414
4415 if (cp->monitor_handle)
4416 sk_skip = cmd->sk;
4417 }
cdde92e2
MC		 4418
4419 ev.monitor_handle = cpu_to_le16(handle);
4420
66bd095a 4421 mgmt_event(MGMT_EV_ADV_MONITOR_REMOVED, hdev, &ev, sizeof(ev), sk_skip);
cdde92e2
MC		 4422}
4423
e5e1e7fd
MC		 4424static int read_adv_mon_features(struct sock *sk, struct hci_dev *hdev,
4425 void *data, u16 len)
4426{
4427 struct adv_monitor *monitor = NULL;
4428 struct mgmt_rp_read_adv_monitor_features *rp = NULL;
cafd472a 4429 int handle, err;
e5e1e7fd
MC		 4430 size_t rp_size = 0;
4431 __u32 supported = 0;
a2a4dedf 4432 __u32 enabled = 0;
e5e1e7fd
MC		 4433 __u16 num_handles = 0;
4434 __u16 handles[HCI_MAX_ADV_MONITOR_NUM_HANDLES];
4435
4436 BT_DBG("request for %s", hdev->name);
4437
4438 hci_dev_lock(hdev);
4439
a2a4dedf 4440 if (msft_monitor_supported(hdev))
e5e1e7fd
MC		 4441 supported |= MGMT_ADV_MONITOR_FEATURE_MASK_OR_PATTERNS;
4442
a2a4dedf 4443 idr_for_each_entry(&hdev->adv_monitors_idr, monitor, handle)
e5e1e7fd 4444 handles[num_handles++] = monitor->handle;
e5e1e7fd
MC		 4445
4446 hci_dev_unlock(hdev);
4447
4448 rp_size = sizeof(*rp) + (num_handles * sizeof(u16));
4449 rp = kmalloc(rp_size, GFP_KERNEL);
4450 if (!rp)
4451 return -ENOMEM;
4452
a2a4dedf
AP		 4453 /* All supported features are currently enabled */
4454 enabled = supported;
4455
e5e1e7fd 4456 rp->supported_features = cpu_to_le32(supported);
a2a4dedf 4457 rp->enabled_features = cpu_to_le32(enabled);
e5e1e7fd
MC		 4458 rp->max_num_handles = cpu_to_le16(HCI_MAX_ADV_MONITOR_NUM_HANDLES);
4459 rp->max_num_patterns = HCI_MAX_ADV_MONITOR_NUM_PATTERNS;
4460 rp->num_handles = cpu_to_le16(num_handles);
4461 if (num_handles)
4462 memcpy(&rp->handles, &handles, (num_handles * sizeof(u16)));
4463
cafd472a
PY		 4464 err = mgmt_cmd_complete(sk, hdev->id,
4465 MGMT_OP_READ_ADV_MONITOR_FEATURES,
4466 MGMT_STATUS_SUCCESS, rp, rp_size);
4467
4468 kfree(rp);
4469
4470 return err;
e5e1e7fd
MC		 4471}
4472
a2a4dedf
AP		 4473int mgmt_add_adv_patterns_monitor_complete(struct hci_dev *hdev, u8 status)
4474{
4475 struct mgmt_rp_add_adv_patterns_monitor rp;
4476 struct mgmt_pending_cmd *cmd;
4477 struct adv_monitor *monitor;
4478 int err = 0;
4479
4480 hci_dev_lock(hdev);
4481
4482 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev);
4483 if (!cmd) {
4484 cmd = pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev);
4485 if (!cmd)
4486 goto done;
4487 }
4488
4489 monitor = cmd->user_data;
4490 rp.monitor_handle = cpu_to_le16(monitor->handle);
4491
4492 if (!status) {
4493 mgmt_adv_monitor_added(cmd->sk, hdev, monitor->handle);
4494 hdev->adv_monitors_cnt++;
4495 if (monitor->state == ADV_MONITOR_STATE_NOT_REGISTERED)
4496 monitor->state = ADV_MONITOR_STATE_REGISTERED;
5bee2fd6 4497 hci_update_passive_scan(hdev);
a2a4dedf
AP		 4498 }
4499
4500 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4501 mgmt_status(status), &rp, sizeof(rp));
4502 mgmt_pending_remove(cmd);
4503
4504done:
4505 hci_dev_unlock(hdev);
85d67284 4506 bt_dev_dbg(hdev, "add monitor %d complete, status %u",
a2a4dedf
AP		 4507 rp.monitor_handle, status);
4508
4509 return err;
4510}
4511
b4a221ea 4512static int __add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
a2a4dedf
AP		 4513 struct adv_monitor *m, u8 status,
4514 void *data, u16 len, u16 op)
b139553d 4515{
b139553d 4516 struct mgmt_rp_add_adv_patterns_monitor rp;
a2a4dedf 4517 struct mgmt_pending_cmd *cmd;
b4a221ea 4518 int err;
a2a4dedf
AP		 4519 bool pending;
4520
4521 hci_dev_lock(hdev);
b139553d 4522
b4a221ea 4523 if (status)
a2a4dedf 4524 goto unlock;
b139553d 4525
a2a4dedf
AP		 4526 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4527 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4528 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev) ||
4529 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev)) {
4530 status = MGMT_STATUS_BUSY;
4531 goto unlock;
4532 }
b139553d 4533
a2a4dedf
AP		 4534 cmd = mgmt_pending_add(sk, op, hdev, data, len);
4535 if (!cmd) {
4536 status = MGMT_STATUS_NO_RESOURCES;
4537 goto unlock;
4538 }
b52729f2 4539
b1810feb 4540 cmd->user_data = m;
a2a4dedf 4541 pending = hci_add_adv_monitor(hdev, m, &err);
b139553d 4542 if (err) {
a2a4dedf 4543 if (err == -ENOSPC || err == -ENOMEM)
b4a221ea 4544 status = MGMT_STATUS_NO_RESOURCES;
a2a4dedf
AP		 4545 else if (err == -EINVAL)
4546 status = MGMT_STATUS_INVALID_PARAMS;
b4a221ea
AP		 4547 else
4548 status = MGMT_STATUS_FAILED;
4549
a2a4dedf 4550 mgmt_pending_remove(cmd);
b139553d
MC		 4551 goto unlock;
4552 }
4553
a2a4dedf
AP		 4554 if (!pending) {
4555 mgmt_pending_remove(cmd);
4556 rp.monitor_handle = cpu_to_le16(m->handle);
b52729f2 4557 mgmt_adv_monitor_added(sk, hdev, m->handle);
a2a4dedf
AP		 4558 m->state = ADV_MONITOR_STATE_REGISTERED;
4559 hdev->adv_monitors_cnt++;
b52729f2 4560
a2a4dedf
AP		 4561 hci_dev_unlock(hdev);
4562 return mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_SUCCESS,
4563 &rp, sizeof(rp));
4564 }
b139553d 4565
a2a4dedf 4566 hci_dev_unlock(hdev);
b139553d 4567
a2a4dedf 4568 return 0;
b139553d
MC		 4569
4570unlock:
66bd095a 4571 hci_free_adv_monitor(hdev, m);
b139553d 4572 hci_dev_unlock(hdev);
b4a221ea
AP		 4573 return mgmt_cmd_status(sk, hdev->id, op, status);
4574}
4575
4576static void parse_adv_monitor_rssi(struct adv_monitor *m,
4577 struct mgmt_adv_rssi_thresholds *rssi)
4578{
4579 if (rssi) {
4580 m->rssi.low_threshold = rssi->low_threshold;
4581 m->rssi.low_threshold_timeout =
4582 __le16_to_cpu(rssi->low_threshold_timeout);
4583 m->rssi.high_threshold = rssi->high_threshold;
4584 m->rssi.high_threshold_timeout =
4585 __le16_to_cpu(rssi->high_threshold_timeout);
4586 m->rssi.sampling_period = rssi->sampling_period;
4587 } else {
4588 /* Default values. These numbers are the least constricting
4589 * parameters for MSFT API to work, so it behaves as if there
4590 * are no rssi parameter to consider. May need to be changed
4591 * if other API are to be supported.
4592 */
4593 m->rssi.low_threshold = -127;
4594 m->rssi.low_threshold_timeout = 60;
4595 m->rssi.high_threshold = -127;
4596 m->rssi.high_threshold_timeout = 0;
4597 m->rssi.sampling_period = 0;
4598 }
4599}
4600
4601static u8 parse_adv_monitor_pattern(struct adv_monitor *m, u8 pattern_count,
4602 struct mgmt_adv_pattern *patterns)
4603{
4604 u8 offset = 0, length = 0;
4605 struct adv_pattern *p = NULL;
b4a221ea
AP		 4606 int i;
4607
4608 for (i = 0; i < pattern_count; i++) {
b4a221ea
AP		 4609 offset = patterns[i].offset;
4610 length = patterns[i].length;
4611 if (offset >= HCI_MAX_AD_LENGTH ||
4612 length > HCI_MAX_AD_LENGTH ||
4613 (offset + length) > HCI_MAX_AD_LENGTH)
4614 return MGMT_STATUS_INVALID_PARAMS;
4615
4616 p = kmalloc(sizeof(*p), GFP_KERNEL);
4617 if (!p)
4618 return MGMT_STATUS_NO_RESOURCES;
4619
4620 p->ad_type = patterns[i].ad_type;
4621 p->offset = patterns[i].offset;
4622 p->length = patterns[i].length;
4623 memcpy(p->value, patterns[i].value, p->length);
4624
4625 INIT_LIST_HEAD(&p->list);
4626 list_add(&p->list, &m->patterns);
4627 }
4628
b4a221ea
AP		 4629 return MGMT_STATUS_SUCCESS;
4630}
4631
4632static int add_adv_patterns_monitor(struct sock *sk, struct hci_dev *hdev,
4633 void *data, u16 len)
4634{
4635 struct mgmt_cp_add_adv_patterns_monitor *cp = data;
4636 struct adv_monitor *m = NULL;
4637 u8 status = MGMT_STATUS_SUCCESS;
4638 size_t expected_size = sizeof(*cp);
4639
4640 BT_DBG("request for %s", hdev->name);
4641
4642 if (len <= sizeof(*cp)) {
4643 status = MGMT_STATUS_INVALID_PARAMS;
4644 goto done;
4645 }
4646
4647 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4648 if (len != expected_size) {
4649 status = MGMT_STATUS_INVALID_PARAMS;
4650 goto done;
4651 }
4652
4653 m = kzalloc(sizeof(*m), GFP_KERNEL);
4654 if (!m) {
4655 status = MGMT_STATUS_NO_RESOURCES;
4656 goto done;
4657 }
4658
4659 INIT_LIST_HEAD(&m->patterns);
4660
4661 parse_adv_monitor_rssi(m, NULL);
4662 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4663
4664done:
a2a4dedf 4665 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
b4a221ea
AP		 4666 MGMT_OP_ADD_ADV_PATTERNS_MONITOR);
4667}
4668
4669static int add_adv_patterns_monitor_rssi(struct sock *sk, struct hci_dev *hdev,
4670 void *data, u16 len)
4671{
4672 struct mgmt_cp_add_adv_patterns_monitor_rssi *cp = data;
4673 struct adv_monitor *m = NULL;
4674 u8 status = MGMT_STATUS_SUCCESS;
4675 size_t expected_size = sizeof(*cp);
4676
4677 BT_DBG("request for %s", hdev->name);
4678
4679 if (len <= sizeof(*cp)) {
4680 status = MGMT_STATUS_INVALID_PARAMS;
4681 goto done;
4682 }
4683
4684 expected_size += cp->pattern_count * sizeof(struct mgmt_adv_pattern);
4685 if (len != expected_size) {
4686 status = MGMT_STATUS_INVALID_PARAMS;
4687 goto done;
4688 }
4689
4690 m = kzalloc(sizeof(*m), GFP_KERNEL);
4691 if (!m) {
4692 status = MGMT_STATUS_NO_RESOURCES;
4693 goto done;
4694 }
4695
4696 INIT_LIST_HEAD(&m->patterns);
4697
4698 parse_adv_monitor_rssi(m, &cp->rssi);
4699 status = parse_adv_monitor_pattern(m, cp->pattern_count, cp->patterns);
4700
4701done:
a2a4dedf 4702 return __add_adv_patterns_monitor(sk, hdev, m, status, data, len,
b4a221ea 4703 MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI);
b139553d
MC		 4704}
4705
66bd095a
AP		 4706int mgmt_remove_adv_monitor_complete(struct hci_dev *hdev, u8 status)
4707{
4708 struct mgmt_rp_remove_adv_monitor rp;
4709 struct mgmt_cp_remove_adv_monitor *cp;
4710 struct mgmt_pending_cmd *cmd;
4711 int err = 0;
4712
4713 hci_dev_lock(hdev);
4714
4715 cmd = pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev);
4716 if (!cmd)
4717 goto done;
4718
4719 cp = cmd->param;
4720 rp.monitor_handle = cp->monitor_handle;
4721
4722 if (!status)
5bee2fd6 4723 hci_update_passive_scan(hdev);
66bd095a
AP		 4724
4725 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
4726 mgmt_status(status), &rp, sizeof(rp));
4727 mgmt_pending_remove(cmd);
4728
4729done:
4730 hci_dev_unlock(hdev);
85d67284 4731 bt_dev_dbg(hdev, "remove monitor %d complete, status %u",
66bd095a
AP		 4732 rp.monitor_handle, status);
4733
4734 return err;
4735}
4736
bd2fbc6c
MC		 4737static int remove_adv_monitor(struct sock *sk, struct hci_dev *hdev,
4738 void *data, u16 len)
4739{
4740 struct mgmt_cp_remove_adv_monitor *cp = data;
4741 struct mgmt_rp_remove_adv_monitor rp;
66bd095a
AP		 4742 struct mgmt_pending_cmd *cmd;
4743 u16 handle = __le16_to_cpu(cp->monitor_handle);
4744 int err, status;
4745 bool pending;
bd2fbc6c
MC		 4746
4747 BT_DBG("request for %s", hdev->name);
66bd095a 4748 rp.monitor_handle = cp->monitor_handle;
bd2fbc6c
MC		 4749
4750 hci_dev_lock(hdev);
4751
66bd095a
AP		 4752 if (pending_find(MGMT_OP_SET_LE, hdev) ||
4753 pending_find(MGMT_OP_REMOVE_ADV_MONITOR, hdev) ||
4754 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR, hdev) ||
4755 pending_find(MGMT_OP_ADD_ADV_PATTERNS_MONITOR_RSSI, hdev)) {
4756 status = MGMT_STATUS_BUSY;
4757 goto unlock;
4758 }
bd2fbc6c 4759
66bd095a
AP		 4760 cmd = mgmt_pending_add(sk, MGMT_OP_REMOVE_ADV_MONITOR, hdev, data, len);
4761 if (!cmd) {
4762 status = MGMT_STATUS_NO_RESOURCES;
bd2fbc6c
MC		 4763 goto unlock;
4764 }
4765
66bd095a
AP		 4766 if (handle)
4767 pending = hci_remove_single_adv_monitor(hdev, handle, &err);
4768 else
4769 pending = hci_remove_all_adv_monitor(hdev, &err);
cdde92e2 4770
66bd095a
AP		 4771 if (err) {
4772 mgmt_pending_remove(cmd);
bd2fbc6c 4773
66bd095a
AP		 4774 if (err == -ENOENT)
4775 status = MGMT_STATUS_INVALID_INDEX;
4776 else
4777 status = MGMT_STATUS_FAILED;
4778
4779 goto unlock;
4780 }
4781
4782 /* monitor can be removed without forwarding request to controller */
4783 if (!pending) {
4784 mgmt_pending_remove(cmd);
4785 hci_dev_unlock(hdev);
4786
4787 return mgmt_cmd_complete(sk, hdev->id,
4788 MGMT_OP_REMOVE_ADV_MONITOR,
4789 MGMT_STATUS_SUCCESS,
4790 &rp, sizeof(rp));
4791 }
bd2fbc6c 4792
66bd095a
AP		 4793 hci_dev_unlock(hdev);
4794 return 0;
bd2fbc6c
MC		 4795
4796unlock:
4797 hci_dev_unlock(hdev);
66bd095a
AP		 4798 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADV_MONITOR,
4799 status);
bd2fbc6c
MC		 4800}
4801
1b9441f8
JH		 4802static void read_local_oob_data_complete(struct hci_dev *hdev, u8 status,
4803 u16 opcode, struct sk_buff *skb)
4804{
4805 struct mgmt_rp_read_local_oob_data mgmt_rp;
4806 size_t rp_size = sizeof(mgmt_rp);
4807 struct mgmt_pending_cmd *cmd;
4808
181d6953 4809 bt_dev_dbg(hdev, "status %u", status);
1b9441f8
JH		 4810
4811 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev);
4812 if (!cmd)
4813 return;
4814
4815 if (status || !skb) {
4816 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4817 status ? mgmt_status(status) : MGMT_STATUS_FAILED);
4818 goto remove;
4819 }
4820
4821 memset(&mgmt_rp, 0, sizeof(mgmt_rp));
4822
4823 if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
4824 struct hci_rp_read_local_oob_data *rp = (void *) skb->data;
4825
4826 if (skb->len < sizeof(*rp)) {
4827 mgmt_cmd_status(cmd->sk, hdev->id,
4828 MGMT_OP_READ_LOCAL_OOB_DATA,
4829 MGMT_STATUS_FAILED);
4830 goto remove;
4831 }
4832
4833 memcpy(mgmt_rp.hash192, rp->hash, sizeof(rp->hash));
4834 memcpy(mgmt_rp.rand192, rp->rand, sizeof(rp->rand));
4835
4836 rp_size -= sizeof(mgmt_rp.hash256) + sizeof(mgmt_rp.rand256);
4837 } else {
4838 struct hci_rp_read_local_oob_ext_data *rp = (void *) skb->data;
4839
4840 if (skb->len < sizeof(*rp)) {
4841 mgmt_cmd_status(cmd->sk, hdev->id,
4842 MGMT_OP_READ_LOCAL_OOB_DATA,
4843 MGMT_STATUS_FAILED);
4844 goto remove;
4845 }
4846
4847 memcpy(mgmt_rp.hash192, rp->hash192, sizeof(rp->hash192));
4848 memcpy(mgmt_rp.rand192, rp->rand192, sizeof(rp->rand192));
4849
4850 memcpy(mgmt_rp.hash256, rp->hash256, sizeof(rp->hash256));
4851 memcpy(mgmt_rp.rand256, rp->rand256, sizeof(rp->rand256));
4852 }
4853
4854 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4855 MGMT_STATUS_SUCCESS, &mgmt_rp, rp_size);
4856
4857remove:
4858 mgmt_pending_remove(cmd);
4859}
4860
0f4e68cf 4861static int read_local_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 4862 void *data, u16 data_len)
c35938b2 4863{
3b0602cd 4864 struct mgmt_pending_cmd *cmd;
1b9441f8 4865 struct hci_request req;
c35938b2
SJ		 4866 int err;
4867
181d6953 4868 bt_dev_dbg(hdev, "sock %p", sk);
c35938b2 4869
09fd0de5 4870 hci_dev_lock(hdev);
c35938b2 4871
4b34ee78 4872 if (!hdev_is_powered(hdev)) {
a69e8375
JH		 4873 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4874 MGMT_STATUS_NOT_POWERED);
c35938b2
SJ		 4875 goto unlock;
4876 }
4877
9a1a1996 4878 if (!lmp_ssp_capable(hdev)) {
a69e8375
JH		 4879 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4880 MGMT_STATUS_NOT_SUPPORTED);
c35938b2
SJ		 4881 goto unlock;
4882 }
4883
333ae95d 4884 if (pending_find(MGMT_OP_READ_LOCAL_OOB_DATA, hdev)) {
a69e8375
JH		 4885 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_DATA,
4886 MGMT_STATUS_BUSY);
c35938b2
SJ		 4887 goto unlock;
4888 }
4889
2e58ef3e 4890 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_DATA, hdev, NULL, 0);
c35938b2
SJ		 4891 if (!cmd) {
4892 err = -ENOMEM;
4893 goto unlock;
4894 }
4895
1b9441f8
JH		 4896 hci_req_init(&req, hdev);
4897
710f11c0 4898 if (bredr_sc_enabled(hdev))
1b9441f8 4899 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
4d2d2796 4900 else
1b9441f8 4901 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
4d2d2796 4902
1b9441f8 4903 err = hci_req_run_skb(&req, read_local_oob_data_complete);
c35938b2
SJ		 4904 if (err < 0)
4905 mgmt_pending_remove(cmd);
4906
4907unlock:
09fd0de5 4908 hci_dev_unlock(hdev);
c35938b2
SJ		 4909 return err;
4910}
4911
bdb6d971 4912static int add_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
04124681 4913 void *data, u16 len)
2763eda6 4914{
5d57e796 4915 struct mgmt_addr_info *addr = data;
2763eda6
SJ		 4916 int err;
4917
181d6953 4918 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 4919
5d57e796 4920 if (!bdaddr_type_is_valid(addr->type))
2a1afb5a
JH		 4921 return mgmt_cmd_complete(sk, hdev->id,
4922 MGMT_OP_ADD_REMOTE_OOB_DATA,
4923 MGMT_STATUS_INVALID_PARAMS,
4924 addr, sizeof(*addr));
5d57e796 4925
09fd0de5 4926 hci_dev_lock(hdev);
2763eda6 4927
ec109113
MH		 4928 if (len == MGMT_ADD_REMOTE_OOB_DATA_SIZE) {
4929 struct mgmt_cp_add_remote_oob_data *cp = data;
4930 u8 status;
bf1e3541 4931
c19a495c 4932 if (cp->addr.type != BDADDR_BREDR) {
2a1afb5a
JH		 4933 err = mgmt_cmd_complete(sk, hdev->id,
4934 MGMT_OP_ADD_REMOTE_OOB_DATA,
4935 MGMT_STATUS_INVALID_PARAMS,
4936 &cp->addr, sizeof(cp->addr));
c19a495c
JH		 4937 goto unlock;
4938 }
4939
ec109113 4940 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
6928a924
JH		 4941 cp->addr.type, cp->hash,
4942 cp->rand, NULL, NULL);
ec109113
MH		 4943 if (err < 0)
4944 status = MGMT_STATUS_FAILED;
4945 else
4946 status = MGMT_STATUS_SUCCESS;
4947
2a1afb5a
JH		 4948 err = mgmt_cmd_complete(sk, hdev->id,
4949 MGMT_OP_ADD_REMOTE_OOB_DATA, status,
4950 &cp->addr, sizeof(cp->addr));
ec109113
MH		 4951 } else if (len == MGMT_ADD_REMOTE_OOB_EXT_DATA_SIZE) {
4952 struct mgmt_cp_add_remote_oob_ext_data *cp = data;
41bcfd50 4953 u8 *rand192, *hash192, *rand256, *hash256;
ec109113
MH		 4954 u8 status;
4955
86df9200 4956 if (bdaddr_type_is_le(cp->addr.type)) {
d25b78e2
JH		 4957 /* Enforce zero-valued 192-bit parameters as
4958 * long as legacy SMP OOB isn't implemented.
4959 */
4960 if (memcmp(cp->rand192, ZERO_KEY, 16) ||
4961 memcmp(cp->hash192, ZERO_KEY, 16)) {
2a1afb5a
JH		 4962 err = mgmt_cmd_complete(sk, hdev->id,
4963 MGMT_OP_ADD_REMOTE_OOB_DATA,
4964 MGMT_STATUS_INVALID_PARAMS,
4965 addr, sizeof(*addr));
d25b78e2
JH		 4966 goto unlock;
4967 }
4968
86df9200
JH		 4969 rand192 = NULL;
4970 hash192 = NULL;
4971 } else {
41bcfd50
MH		 4972 /* In case one of the P-192 values is set to zero,
4973 * then just disable OOB data for P-192.
4974 */
4975 if (!memcmp(cp->rand192, ZERO_KEY, 16) ||
4976 !memcmp(cp->hash192, ZERO_KEY, 16)) {
4977 rand192 = NULL;
4978 hash192 = NULL;
4979 } else {
4980 rand192 = cp->rand192;
4981 hash192 = cp->hash192;
4982 }
4983 }
4984
4985 /* In case one of the P-256 values is set to zero, then just
4986 * disable OOB data for P-256.
4987 */
4988 if (!memcmp(cp->rand256, ZERO_KEY, 16) ||
4989 !memcmp(cp->hash256, ZERO_KEY, 16)) {
4990 rand256 = NULL;
4991 hash256 = NULL;
4992 } else {
4993 rand256 = cp->rand256;
4994 hash256 = cp->hash256;
86df9200
JH		 4995 }
4996
81328d5c 4997 err = hci_add_remote_oob_data(hdev, &cp->addr.bdaddr,
86df9200 4998 cp->addr.type, hash192, rand192,
41bcfd50 4999 hash256, rand256);
ec109113
MH		 5000 if (err < 0)
5001 status = MGMT_STATUS_FAILED;
5002 else
5003 status = MGMT_STATUS_SUCCESS;
5004
2a1afb5a
JH		 5005 err = mgmt_cmd_complete(sk, hdev->id,
5006 MGMT_OP_ADD_REMOTE_OOB_DATA,
5007 status, &cp->addr, sizeof(cp->addr));
ec109113 5008 } else {
2064ee33
MH		 5009 bt_dev_err(hdev, "add_remote_oob_data: invalid len of %u bytes",
5010 len);
a69e8375
JH		 5011 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_REMOTE_OOB_DATA,
5012 MGMT_STATUS_INVALID_PARAMS);
ec109113 5013 }
2763eda6 5014
c19a495c 5015unlock:
09fd0de5 5016 hci_dev_unlock(hdev);
2763eda6
SJ		 5017 return err;
5018}
5019
bdb6d971 5020static int remove_remote_oob_data(struct sock *sk, struct hci_dev *hdev,
8ce8e2b5 5021 void *data, u16 len)
2763eda6 5022{
650f726d 5023 struct mgmt_cp_remove_remote_oob_data *cp = data;
bf1e3541 5024 u8 status;
2763eda6
SJ		 5025 int err;
5026
181d6953 5027 bt_dev_dbg(hdev, "sock %p", sk);
2763eda6 5028
c19a495c 5029 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 5030 return mgmt_cmd_complete(sk, hdev->id,
5031 MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5032 MGMT_STATUS_INVALID_PARAMS,
5033 &cp->addr, sizeof(cp->addr));
c19a495c 5034
09fd0de5 5035 hci_dev_lock(hdev);
2763eda6 5036
eedbd581
JH		 5037 if (!bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
5038 hci_remote_oob_data_clear(hdev);
5039 status = MGMT_STATUS_SUCCESS;
5040 goto done;
5041 }
5042
6928a924 5043 err = hci_remove_remote_oob_data(hdev, &cp->addr.bdaddr, cp->addr.type);
2763eda6 5044 if (err < 0)
bf1e3541 5045 status = MGMT_STATUS_INVALID_PARAMS;
2763eda6 5046 else
a6785be2 5047 status = MGMT_STATUS_SUCCESS;
bf1e3541 5048
eedbd581 5049done:
2a1afb5a
JH		 5050 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_REMOTE_OOB_DATA,
5051 status, &cp->addr, sizeof(cp->addr));
2763eda6 5052
09fd0de5 5053 hci_dev_unlock(hdev);
2763eda6
SJ		 5054 return err;
5055}
5056
e68f072b 5057void mgmt_start_discovery_complete(struct hci_dev *hdev, u8 status)
7c307720 5058{
3b0602cd 5059 struct mgmt_pending_cmd *cmd;
ae55f598 5060
85d67284 5061 bt_dev_dbg(hdev, "status %u", status);
7c307720 5062
11e6e25d 5063 hci_dev_lock(hdev);
41dc2bd6 5064
333ae95d 5065 cmd = pending_find(MGMT_OP_START_DISCOVERY, hdev);
66ea9427 5066 if (!cmd)
333ae95d 5067 cmd = pending_find(MGMT_OP_START_SERVICE_DISCOVERY, hdev);
66ea9427 5068
78b781ca
JH		 5069 if (!cmd)
5070 cmd = pending_find(MGMT_OP_START_LIMITED_DISCOVERY, hdev);
5071
11e6e25d 5072 if (cmd) {
2922a94f 5073 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d
MH		 5074 mgmt_pending_remove(cmd);
5075 }
7c307720 5076
11e6e25d 5077 hci_dev_unlock(hdev);
4867bd00
APS		 5078
5079 /* Handle suspend notifier */
5080 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
5081 hdev->suspend_tasks)) {
5082 bt_dev_dbg(hdev, "Unpaused discovery");
5083 wake_up(&hdev->suspend_wait_q);
5084 }
7c307720
AG		 5085}
5086
591752af
JH		 5087static bool discovery_type_is_valid(struct hci_dev *hdev, uint8_t type,
5088 uint8_t *mgmt_status)
5089{
5090 switch (type) {
5091 case DISCOV_TYPE_LE:
5092 *mgmt_status = mgmt_le_support(hdev);
5093 if (*mgmt_status)
5094 return false;
5095 break;
5096 case DISCOV_TYPE_INTERLEAVED:
5097 *mgmt_status = mgmt_le_support(hdev);
5098 if (*mgmt_status)
5099 return false;
19186c7b 5100 fallthrough;
591752af
JH		 5101 case DISCOV_TYPE_BREDR:
5102 *mgmt_status = mgmt_bredr_support(hdev);
5103 if (*mgmt_status)
5104 return false;
5105 break;
5106 default:
5107 *mgmt_status = MGMT_STATUS_INVALID_PARAMS;
5108 return false;
5109 }
5110
5111 return true;
5112}
5113
abfeea47
LAD		 5114static void start_discovery_complete(struct hci_dev *hdev, void *data, int err)
5115{
5116 struct mgmt_pending_cmd *cmd = data;
5117
5118 bt_dev_dbg(hdev, "err %d", err);
5119
5120 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5121 cmd->param, 1);
5122 mgmt_pending_free(cmd);
5123
5124 /* Handle suspend notifier */
5125 if (test_and_clear_bit(SUSPEND_UNPAUSE_DISCOVERY,
5126 hdev->suspend_tasks)) {
5127 bt_dev_dbg(hdev, "Unpaused discovery");
5128 wake_up(&hdev->suspend_wait_q);
5129 }
5130
5131 hci_discovery_set_state(hdev, err ? DISCOVERY_STOPPED :
5132 DISCOVERY_FINDING);
5133}
5134
5135static int start_discovery_sync(struct hci_dev *hdev, void *data)
5136{
5137 return hci_start_discovery_sync(hdev);
5138}
5139
78b781ca
JH		 5140static int start_discovery_internal(struct sock *sk, struct hci_dev *hdev,
5141 u16 op, void *data, u16 len)
14a53664 5142{
650f726d 5143 struct mgmt_cp_start_discovery *cp = data;
3b0602cd 5144 struct mgmt_pending_cmd *cmd;
8019044d 5145 u8 status;
14a53664
JH		 5146 int err;
5147
181d6953 5148 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 5149
09fd0de5 5150 hci_dev_lock(hdev);
14a53664 5151
4b34ee78 5152 if (!hdev_is_powered(hdev)) {
78b781ca 5153 err = mgmt_cmd_complete(sk, hdev->id, op,
2a1afb5a
JH		 5154 MGMT_STATUS_NOT_POWERED,
5155 &cp->type, sizeof(cp->type));
bd2d1334
JH		 5156 goto failed;
5157 }
5158
f5a969f2 5159 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 5160 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
78b781ca
JH		 5161 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5162 &cp->type, sizeof(cp->type));
642be6c7
AG		 5163 goto failed;
5164 }
5165
591752af 5166 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
78b781ca
JH		 5167 err = mgmt_cmd_complete(sk, hdev->id, op, status,
5168 &cp->type, sizeof(cp->type));
591752af
JH		 5169 goto failed;
5170 }
5171
4867bd00
APS		 5172 /* Can't start discovery when it is paused */
5173 if (hdev->discovery_paused) {
5174 err = mgmt_cmd_complete(sk, hdev->id, op, MGMT_STATUS_BUSY,
5175 &cp->type, sizeof(cp->type));
5176 goto failed;
5177 }
5178
22078800
MH		 5179 /* Clear the discovery filter first to free any previously
5180 * allocated memory for the UUID list.
5181 */
5182 hci_discovery_filter_clear(hdev);
5183
4aab14e5 5184 hdev->discovery.type = cp->type;
da25cf6a 5185 hdev->discovery.report_invalid_rssi = false;
78b781ca
JH		 5186 if (op == MGMT_OP_START_LIMITED_DISCOVERY)
5187 hdev->discovery.limited = true;
5188 else
5189 hdev->discovery.limited = false;
4aab14e5 5190
abfeea47 5191 cmd = mgmt_pending_new(sk, op, hdev, data, len);
e68f072b
JH		 5192 if (!cmd) {
5193 err = -ENOMEM;
04106755 5194 goto failed;
f39799f5 5195 }
04106755 5196
abfeea47
LAD		 5197 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5198 start_discovery_complete);
5199 if (err < 0) {
5200 mgmt_pending_free(cmd);
5201 goto failed;
5202 }
7c307720 5203
f5a969f2 5204 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
7c307720 5205
14a53664 5206failed:
09fd0de5 5207 hci_dev_unlock(hdev);
14a53664
JH		 5208 return err;
5209}
f39799f5 5210
78b781ca
JH		 5211static int start_discovery(struct sock *sk, struct hci_dev *hdev,
5212 void *data, u16 len)
5213{
5214 return start_discovery_internal(sk, hdev, MGMT_OP_START_DISCOVERY,
5215 data, len);
5216}
5217
5218static int start_limited_discovery(struct sock *sk, struct hci_dev *hdev,
5219 void *data, u16 len)
5220{
5221 return start_discovery_internal(sk, hdev,
5222 MGMT_OP_START_LIMITED_DISCOVERY,
5223 data, len);
5224}
5225
66ea9427
JP		 5226static int start_service_discovery(struct sock *sk, struct hci_dev *hdev,
5227 void *data, u16 len)
5228{
5229 struct mgmt_cp_start_service_discovery *cp = data;
3b0602cd 5230 struct mgmt_pending_cmd *cmd;
66ea9427
JP		 5231 const u16 max_uuid_count = ((U16_MAX - sizeof(*cp)) / 16);
5232 u16 uuid_count, expected_len;
5233 u8 status;
5234 int err;
04106755 5235
181d6953 5236 bt_dev_dbg(hdev, "sock %p", sk);
e8bb6b97 5237
66ea9427 5238 hci_dev_lock(hdev);
7c307720 5239
66ea9427 5240 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 5241 err = mgmt_cmd_complete(sk, hdev->id,
5242 MGMT_OP_START_SERVICE_DISCOVERY,
5243 MGMT_STATUS_NOT_POWERED,
5244 &cp->type, sizeof(cp->type));
66ea9427
JP		 5245 goto failed;
5246 }
7c307720 5247
66ea9427 5248 if (hdev->discovery.state != DISCOVERY_STOPPED ||
d7a5a11d 5249 hci_dev_test_flag(hdev, HCI_PERIODIC_INQ)) {
36211f7f
APS		 5250 err = mgmt_cmd_complete(sk, hdev->id,
5251 MGMT_OP_START_SERVICE_DISCOVERY,
5252 MGMT_STATUS_BUSY, &cp->type,
5253 sizeof(cp->type));
5254 goto failed;
5255 }
5256
5257 if (hdev->discovery_paused) {
2a1afb5a
JH		 5258 err = mgmt_cmd_complete(sk, hdev->id,
5259 MGMT_OP_START_SERVICE_DISCOVERY,
5260 MGMT_STATUS_BUSY, &cp->type,
5261 sizeof(cp->type));
66ea9427
JP		 5262 goto failed;
5263 }
d9483943 5264
66ea9427
JP		 5265 uuid_count = __le16_to_cpu(cp->uuid_count);
5266 if (uuid_count > max_uuid_count) {
2064ee33
MH		 5267 bt_dev_err(hdev, "service_discovery: too big uuid_count value %u",
5268 uuid_count);
2a1afb5a
JH		 5269 err = mgmt_cmd_complete(sk, hdev->id,
5270 MGMT_OP_START_SERVICE_DISCOVERY,
5271 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5272 sizeof(cp->type));
66ea9427
JP		 5273 goto failed;
5274 }
5275
5276 expected_len = sizeof(*cp) + uuid_count * 16;
5277 if (expected_len != len) {
2064ee33
MH		 5278 bt_dev_err(hdev, "service_discovery: expected %u bytes, got %u bytes",
5279 expected_len, len);
2a1afb5a
JH		 5280 err = mgmt_cmd_complete(sk, hdev->id,
5281 MGMT_OP_START_SERVICE_DISCOVERY,
5282 MGMT_STATUS_INVALID_PARAMS, &cp->type,
5283 sizeof(cp->type));
66ea9427
JP		 5284 goto failed;
5285 }
5286
591752af
JH		 5287 if (!discovery_type_is_valid(hdev, cp->type, &status)) {
5288 err = mgmt_cmd_complete(sk, hdev->id,
5289 MGMT_OP_START_SERVICE_DISCOVERY,
5290 status, &cp->type, sizeof(cp->type));
5291 goto failed;
5292 }
5293
abfeea47 5294 cmd = mgmt_pending_new(sk, MGMT_OP_START_SERVICE_DISCOVERY,
2922a94f 5295 hdev, data, len);
66ea9427
JP		 5296 if (!cmd) {
5297 err = -ENOMEM;
5298 goto failed;
5299 }
5300
22078800
MH		 5301 /* Clear the discovery filter first to free any previously
5302 * allocated memory for the UUID list.
5303 */
5304 hci_discovery_filter_clear(hdev);
5305
82f8b651 5306 hdev->discovery.result_filtering = true;
66ea9427
JP		 5307 hdev->discovery.type = cp->type;
5308 hdev->discovery.rssi = cp->rssi;
5309 hdev->discovery.uuid_count = uuid_count;
5310
5311 if (uuid_count > 0) {
5312 hdev->discovery.uuids = kmemdup(cp->uuids, uuid_count * 16,
5313 GFP_KERNEL);
5314 if (!hdev->discovery.uuids) {
2a1afb5a
JH		 5315 err = mgmt_cmd_complete(sk, hdev->id,
5316 MGMT_OP_START_SERVICE_DISCOVERY,
5317 MGMT_STATUS_FAILED,
5318 &cp->type, sizeof(cp->type));
d9483943
JH		 5319 mgmt_pending_remove(cmd);
5320 goto failed;
5321 }
66ea9427 5322 }
d9483943 5323
abfeea47
LAD		 5324 err = hci_cmd_sync_queue(hdev, start_discovery_sync, cmd,
5325 start_discovery_complete);
5326 if (err < 0) {
5327 mgmt_pending_free(cmd);
5328 goto failed;
5329 }
5330
66ea9427 5331 hci_discovery_set_state(hdev, DISCOVERY_STARTING);
14a53664
JH		 5332
5333failed:
09fd0de5 5334 hci_dev_unlock(hdev);
14a53664
JH		 5335 return err;
5336}
5337
2154d3f4 5338void mgmt_stop_discovery_complete(struct hci_dev *hdev, u8 status)
1183fdca 5339{
3b0602cd 5340 struct mgmt_pending_cmd *cmd;
1183fdca 5341
85d67284 5342 bt_dev_dbg(hdev, "status %u", status);
0e05bba6
AG		 5343
5344 hci_dev_lock(hdev);
5345
333ae95d 5346 cmd = pending_find(MGMT_OP_STOP_DISCOVERY, hdev);
11e6e25d 5347 if (cmd) {
2922a94f 5348 cmd->cmd_complete(cmd, mgmt_status(status));
11e6e25d 5349 mgmt_pending_remove(cmd);
0e05bba6
AG		 5350 }
5351
0e05bba6 5352 hci_dev_unlock(hdev);
4867bd00
APS		 5353
5354 /* Handle suspend notifier */
5355 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
5356 bt_dev_dbg(hdev, "Paused discovery");
5357 wake_up(&hdev->suspend_wait_q);
5358 }
0e05bba6
AG		 5359}
5360
abfeea47
LAD		 5361static void stop_discovery_complete(struct hci_dev *hdev, void *data, int err)
5362{
5363 struct mgmt_pending_cmd *cmd = data;
5364
5365 bt_dev_dbg(hdev, "err %d", err);
5366
5367 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, mgmt_status(err),
5368 cmd->param, 1);
5369 mgmt_pending_free(cmd);
5370
5371 /* Handle suspend notifier */
5372 if (test_and_clear_bit(SUSPEND_PAUSE_DISCOVERY, hdev->suspend_tasks)) {
5373 bt_dev_dbg(hdev, "Paused discovery");
5374 wake_up(&hdev->suspend_wait_q);
5375 }
5376
5377 if (!err)
5378 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
5379}
5380
5381static int stop_discovery_sync(struct hci_dev *hdev, void *data)
5382{
5383 return hci_stop_discovery_sync(hdev);
5384}
5385
bdb6d971 5386static int stop_discovery(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 5387 u16 len)
14a53664 5388{
d930650b 5389 struct mgmt_cp_stop_discovery *mgmt_cp = data;
3b0602cd 5390 struct mgmt_pending_cmd *cmd;
14a53664
JH		 5391 int err;
5392
181d6953 5393 bt_dev_dbg(hdev, "sock %p", sk);
14a53664 5394
09fd0de5 5395 hci_dev_lock(hdev);
14a53664 5396
30dc78e1 5397 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 5398 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5399 MGMT_STATUS_REJECTED, &mgmt_cp->type,
5400 sizeof(mgmt_cp->type));
d930650b
JH		 5401 goto unlock;
5402 }
5403
5404 if (hdev->discovery.type != mgmt_cp->type) {
2a1afb5a
JH		 5405 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_STOP_DISCOVERY,
5406 MGMT_STATUS_INVALID_PARAMS,
5407 &mgmt_cp->type, sizeof(mgmt_cp->type));
30dc78e1 5408 goto unlock;
ff9ef578
JH		 5409 }
5410
abfeea47 5411 cmd = mgmt_pending_new(sk, MGMT_OP_STOP_DISCOVERY, hdev, data, len);
14a53664
JH		 5412 if (!cmd) {
5413 err = -ENOMEM;
30dc78e1
JH		 5414 goto unlock;
5415 }
5416
abfeea47
LAD		 5417 err = hci_cmd_sync_queue(hdev, stop_discovery_sync, cmd,
5418 stop_discovery_complete);
5419 if (err < 0) {
5420 mgmt_pending_free(cmd);
5421 goto unlock;
5422 }
2922a94f 5423
2154d3f4 5424 hci_discovery_set_state(hdev, DISCOVERY_STOPPING);
14a53664 5425
30dc78e1 5426unlock:
09fd0de5 5427 hci_dev_unlock(hdev);
14a53664
JH		 5428 return err;
5429}
5430
bdb6d971 5431static int confirm_name(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 5432 u16 len)
561aafbc 5433{
650f726d 5434 struct mgmt_cp_confirm_name *cp = data;
561aafbc 5435 struct inquiry_entry *e;
561aafbc
JH		 5436 int err;
5437
181d6953 5438 bt_dev_dbg(hdev, "sock %p", sk);
561aafbc 5439
561aafbc
JH		 5440 hci_dev_lock(hdev);
5441
30dc78e1 5442 if (!hci_discovery_active(hdev)) {
2a1afb5a
JH		 5443 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5444 MGMT_STATUS_FAILED, &cp->addr,
5445 sizeof(cp->addr));
30dc78e1
JH		 5446 goto failed;
5447 }
5448
a198e7b1 5449 e = hci_inquiry_cache_lookup_unknown(hdev, &cp->addr.bdaddr);
561aafbc 5450 if (!e) {
2a1afb5a
JH		 5451 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME,
5452 MGMT_STATUS_INVALID_PARAMS, &cp->addr,
5453 sizeof(cp->addr));
561aafbc
JH		 5454 goto failed;
5455 }
5456
5457 if (cp->name_known) {
5458 e->name_state = NAME_KNOWN;
5459 list_del(&e->list);
5460 } else {
5461 e->name_state = NAME_NEEDED;
a3d4e20a 5462 hci_inquiry_cache_update_resolve(hdev, e);
561aafbc
JH		 5463 }
5464
2a1afb5a
JH		 5465 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_CONFIRM_NAME, 0,
5466 &cp->addr, sizeof(cp->addr));
561aafbc
JH		 5467
5468failed:
5469 hci_dev_unlock(hdev);
561aafbc
JH		 5470 return err;
5471}
5472
bdb6d971 5473static int block_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 5474 u16 len)
7fbec224 5475{
650f726d 5476 struct mgmt_cp_block_device *cp = data;
f0eeea8b 5477 u8 status;
7fbec224
AJ		 5478 int err;
5479
181d6953 5480 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 5481
4ee71b20 5482 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5483 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE,
5484 MGMT_STATUS_INVALID_PARAMS,
5485 &cp->addr, sizeof(cp->addr));
4ee71b20 5486
09fd0de5 5487 hci_dev_lock(hdev);
5e762444 5488
3d4f9c00 5489 err = hci_bdaddr_list_add(&hdev->reject_list, &cp->addr.bdaddr,
dcc36c16 5490 cp->addr.type);
2a8357f2 5491 if (err < 0) {
f0eeea8b 5492 status = MGMT_STATUS_FAILED;
2a8357f2
JH		 5493 goto done;
5494 }
5495
5496 mgmt_event(MGMT_EV_DEVICE_BLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5497 sk);
5498 status = MGMT_STATUS_SUCCESS;
f0eeea8b 5499
2a8357f2 5500done:
2a1afb5a
JH		 5501 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_BLOCK_DEVICE, status,
5502 &cp->addr, sizeof(cp->addr));
5e762444 5503
09fd0de5 5504 hci_dev_unlock(hdev);
7fbec224
AJ		 5505
5506 return err;
5507}
5508
bdb6d971 5509static int unblock_device(struct sock *sk, struct hci_dev *hdev, void *data,
04124681 5510 u16 len)
7fbec224 5511{
650f726d 5512 struct mgmt_cp_unblock_device *cp = data;
f0eeea8b 5513 u8 status;
7fbec224
AJ		 5514 int err;
5515
181d6953 5516 bt_dev_dbg(hdev, "sock %p", sk);
7fbec224 5517
4ee71b20 5518 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 5519 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE,
5520 MGMT_STATUS_INVALID_PARAMS,
5521 &cp->addr, sizeof(cp->addr));
4ee71b20 5522
09fd0de5 5523 hci_dev_lock(hdev);
5e762444 5524
3d4f9c00 5525 err = hci_bdaddr_list_del(&hdev->reject_list, &cp->addr.bdaddr,
dcc36c16 5526 cp->addr.type);
2a8357f2 5527 if (err < 0) {
f0eeea8b 5528 status = MGMT_STATUS_INVALID_PARAMS;
2a8357f2
JH		 5529 goto done;
5530 }
5531
5532 mgmt_event(MGMT_EV_DEVICE_UNBLOCKED, hdev, &cp->addr, sizeof(cp->addr),
5533 sk);
5534 status = MGMT_STATUS_SUCCESS;
f0eeea8b 5535
2a8357f2 5536done:
2a1afb5a
JH		 5537 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_UNBLOCK_DEVICE, status,
5538 &cp->addr, sizeof(cp->addr));
5e762444 5539
09fd0de5 5540 hci_dev_unlock(hdev);
7fbec224
AJ		 5541
5542 return err;
5543}
5544
161510cc
LAD		 5545static int set_device_id_sync(struct hci_dev *hdev, void *data)
5546{
5547 return hci_update_eir_sync(hdev);
5548}
5549
cdbaccca
MH		 5550static int set_device_id(struct sock *sk, struct hci_dev *hdev, void *data,
5551 u16 len)
5552{
5553 struct mgmt_cp_set_device_id *cp = data;
5554 int err;
c72d4b8a 5555 __u16 source;
cdbaccca 5556
181d6953 5557 bt_dev_dbg(hdev, "sock %p", sk);
cdbaccca 5558
c72d4b8a
SJ		 5559 source = __le16_to_cpu(cp->source);
5560
5561 if (source > 0x0002)
a69e8375
JH		 5562 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEVICE_ID,
5563 MGMT_STATUS_INVALID_PARAMS);
c72d4b8a 5564
cdbaccca
MH		 5565 hci_dev_lock(hdev);
5566
c72d4b8a 5567 hdev->devid_source = source;
cdbaccca
MH		 5568 hdev->devid_vendor = __le16_to_cpu(cp->vendor);
5569 hdev->devid_product = __le16_to_cpu(cp->product);
5570 hdev->devid_version = __le16_to_cpu(cp->version);
5571
2a1afb5a
JH		 5572 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_DEVICE_ID, 0,
5573 NULL, 0);
cdbaccca 5574
161510cc 5575 hci_cmd_sync_queue(hdev, set_device_id_sync, NULL, NULL);
cdbaccca
MH		 5576
5577 hci_dev_unlock(hdev);
5578
5579 return err;
5580}
5581
24b4f38f
AU		 5582static void enable_advertising_instance(struct hci_dev *hdev, u8 status,
5583 u16 opcode)
5584{
85d67284 5585 bt_dev_dbg(hdev, "status %u", status);
24b4f38f
AU		 5586}
5587
1904a853
MH		 5588static void set_advertising_complete(struct hci_dev *hdev, u8 status,
5589 u16 opcode)
4375f103
JH		 5590{
5591 struct cmd_lookup match = { NULL, hdev };
24b4f38f 5592 struct hci_request req;
7816b820
FG		 5593 u8 instance;
5594 struct adv_info *adv_instance;
5595 int err;
4375f103 5596
3ad67582
JK		 5597 hci_dev_lock(hdev);
5598
4375f103
JH		 5599 if (status) {
5600 u8 mgmt_err = mgmt_status(status);
5601
5602 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev,
5603 cmd_status_rsp, &mgmt_err);
3ad67582 5604 goto unlock;
4375f103
JH		 5605 }
5606
d7a5a11d 5607 if (hci_dev_test_flag(hdev, HCI_LE_ADV))
a1536da2 5608 hci_dev_set_flag(hdev, HCI_ADVERTISING);
c93bd150 5609 else
a358dc11 5610 hci_dev_clear_flag(hdev, HCI_ADVERTISING);
c93bd150 5611
4375f103
JH		 5612 mgmt_pending_foreach(MGMT_OP_SET_ADVERTISING, hdev, settings_rsp,
5613 &match);
5614
5615 new_settings(hdev, match.sk);
5616
5617 if (match.sk)
5618 sock_put(match.sk);
3ad67582 5619
4867bd00
APS		 5620 /* Handle suspend notifier */
5621 if (test_and_clear_bit(SUSPEND_PAUSE_ADVERTISING,
5622 hdev->suspend_tasks)) {
5623 bt_dev_dbg(hdev, "Paused advertising");
5624 wake_up(&hdev->suspend_wait_q);
5625 } else if (test_and_clear_bit(SUSPEND_UNPAUSE_ADVERTISING,
5626 hdev->suspend_tasks)) {
5627 bt_dev_dbg(hdev, "Unpaused advertising");
5628 wake_up(&hdev->suspend_wait_q);
5629 }
5630
24b4f38f 5631 /* If "Set Advertising" was just disabled and instance advertising was
7816b820 5632 * set up earlier, then re-enable multi-instance advertising.
24b4f38f
AU		 5633 */
5634 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
7816b820 5635 list_empty(&hdev->adv_instances))
24b4f38f
AU		 5636 goto unlock;
5637
7816b820
FG		 5638 instance = hdev->cur_adv_instance;
5639 if (!instance) {
5640 adv_instance = list_first_entry_or_null(&hdev->adv_instances,
5641 struct adv_info, list);
5642 if (!adv_instance)
5643 goto unlock;
5644
5645 instance = adv_instance->instance;
5646 }
5647
24b4f38f
AU		 5648 hci_req_init(&req, hdev);
5649
f2252570 5650 err = __hci_req_schedule_adv_instance(&req, instance, true);
7816b820
FG		 5651
5652 if (!err)
5653 err = hci_req_run(&req, enable_advertising_instance);
24b4f38f 5654
7816b820 5655 if (err)
2064ee33 5656 bt_dev_err(hdev, "failed to re-configure advertising");
24b4f38f 5657
3ad67582
JK		 5658unlock:
5659 hci_dev_unlock(hdev);
4375f103
JH		 5660}
5661
21b5187f
MH		 5662static int set_advertising(struct sock *sk, struct hci_dev *hdev, void *data,
5663 u16 len)
4375f103
JH		 5664{
5665 struct mgmt_mode *cp = data;
3b0602cd 5666 struct mgmt_pending_cmd *cmd;
4375f103 5667 struct hci_request req;
cc91cb04 5668 u8 val, status;
4375f103
JH		 5669 int err;
5670
181d6953 5671 bt_dev_dbg(hdev, "sock %p", sk);
4375f103 5672
e6fe7986
JH		 5673 status = mgmt_le_support(hdev);
5674 if (status)
a69e8375
JH		 5675 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5676 status);
4375f103 5677
cc91cb04 5678 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 5679 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5680 MGMT_STATUS_INVALID_PARAMS);
4375f103 5681
4867bd00
APS		 5682 if (hdev->advertising_paused)
5683 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5684 MGMT_STATUS_BUSY);
5685
4375f103
JH		 5686 hci_dev_lock(hdev);
5687
5688 val = !!cp->val;
4375f103 5689
f74ca9b8
JH		 5690 /* The following conditions are ones which mean that we should
5691 * not do any HCI communication but directly send a mgmt
5692 * response to user space (after toggling the flag if
5693 * necessary).
5694 */
cc91cb04 5695 if (!hdev_is_powered(hdev) ||
d7a5a11d
MH		 5696 (val == hci_dev_test_flag(hdev, HCI_ADVERTISING) &&
5697 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_ADVERTISING_CONNECTABLE)) ||
e8bb6b97 5698 hci_conn_num(hdev, LE_LINK) > 0 ||
d7a5a11d 5699 (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
e8bb6b97 5700 hdev->le_scan_type == LE_SCAN_ACTIVE)) {
cc91cb04 5701 bool changed;
4375f103 5702
cc91cb04 5703 if (cp->val) {
cab054ab 5704 hdev->cur_adv_instance = 0x00;
238be788 5705 changed = !hci_dev_test_and_set_flag(hdev, HCI_ADVERTISING);
cc91cb04 5706 if (cp->val == 0x02)
a1536da2 5707 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5708 else
a358dc11 5709 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5710 } else {
a69d8927 5711 changed = hci_dev_test_and_clear_flag(hdev, HCI_ADVERTISING);
a358dc11 5712 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
4375f103
JH		 5713 }
5714
5715 err = send_settings_rsp(sk, MGMT_OP_SET_ADVERTISING, hdev);
5716 if (err < 0)
5717 goto unlock;
5718
5719 if (changed)
5720 err = new_settings(hdev, sk);
5721
5722 goto unlock;
5723 }
5724
333ae95d
JH		 5725 if (pending_find(MGMT_OP_SET_ADVERTISING, hdev) ||
5726 pending_find(MGMT_OP_SET_LE, hdev)) {
a69e8375
JH		 5727 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_ADVERTISING,
5728 MGMT_STATUS_BUSY);
4375f103
JH		 5729 goto unlock;
5730 }
5731
5732 cmd = mgmt_pending_add(sk, MGMT_OP_SET_ADVERTISING, hdev, data, len);
5733 if (!cmd) {
5734 err = -ENOMEM;
5735 goto unlock;
5736 }
5737
5738 hci_req_init(&req, hdev);
5739
cc91cb04 5740 if (cp->val == 0x02)
a1536da2 5741 hci_dev_set_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5742 else
a358dc11 5743 hci_dev_clear_flag(hdev, HCI_ADVERTISING_CONNECTABLE);
cc91cb04 5744
7816b820
FG		 5745 cancel_adv_timeout(hdev);
5746
24b4f38f 5747 if (val) {
7816b820
FG		 5748 /* Switch to instance "0" for the Set Advertising setting.
5749 * We cannot use update_[adv|scan_rsp]_data() here as the
5750 * HCI_ADVERTISING flag is not yet set.
5751 */
cab054ab 5752 hdev->cur_adv_instance = 0x00;
de181e88
JK		 5753
5754 if (ext_adv_capable(hdev)) {
5755 __hci_req_start_ext_adv(&req, 0x00);
5756 } else {
5757 __hci_req_update_adv_data(&req, 0x00);
5758 __hci_req_update_scan_rsp_data(&req, 0x00);
5759 __hci_req_enable_advertising(&req);
5760 }
24b4f38f 5761 } else {
f2252570 5762 __hci_req_disable_advertising(&req);
24b4f38f 5763 }
4375f103
JH		 5764
5765 err = hci_req_run(&req, set_advertising_complete);
5766 if (err < 0)
5767 mgmt_pending_remove(cmd);
5768
5769unlock:
5770 hci_dev_unlock(hdev);
5771 return err;
5772}
5773
d13eafce
MH		 5774static int set_static_address(struct sock *sk, struct hci_dev *hdev,
5775 void *data, u16 len)
5776{
5777 struct mgmt_cp_set_static_address *cp = data;
5778 int err;
5779
181d6953 5780 bt_dev_dbg(hdev, "sock %p", sk);
d13eafce 5781
62af4443 5782 if (!lmp_le_capable(hdev))
a69e8375
JH		 5783 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5784 MGMT_STATUS_NOT_SUPPORTED);
d13eafce
MH		 5785
5786 if (hdev_is_powered(hdev))
a69e8375
JH		 5787 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_STATIC_ADDRESS,
5788 MGMT_STATUS_REJECTED);
d13eafce
MH		 5789
5790 if (bacmp(&cp->bdaddr, BDADDR_ANY)) {
5791 if (!bacmp(&cp->bdaddr, BDADDR_NONE))
a69e8375
JH		 5792 return mgmt_cmd_status(sk, hdev->id,
5793 MGMT_OP_SET_STATIC_ADDRESS,
5794 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 5795
5796 /* Two most significant bits shall be set */
5797 if ((cp->bdaddr.b[5] & 0xc0) != 0xc0)
a69e8375
JH		 5798 return mgmt_cmd_status(sk, hdev->id,
5799 MGMT_OP_SET_STATIC_ADDRESS,
5800 MGMT_STATUS_INVALID_PARAMS);
d13eafce
MH		 5801 }
5802
5803 hci_dev_lock(hdev);
5804
5805 bacpy(&hdev->static_addr, &cp->bdaddr);
5806
93690c22
MH		 5807 err = send_settings_rsp(sk, MGMT_OP_SET_STATIC_ADDRESS, hdev);
5808 if (err < 0)
5809 goto unlock;
5810
5811 err = new_settings(hdev, sk);
d13eafce 5812
93690c22 5813unlock:
d13eafce 5814 hci_dev_unlock(hdev);
d13eafce
MH		 5815 return err;
5816}
5817
14b49b9a
MH		 5818static int set_scan_params(struct sock *sk, struct hci_dev *hdev,
5819 void *data, u16 len)
5820{
5821 struct mgmt_cp_set_scan_params *cp = data;
5822 __u16 interval, window;
5823 int err;
5824
181d6953 5825 bt_dev_dbg(hdev, "sock %p", sk);
14b49b9a
MH		 5826
5827 if (!lmp_le_capable(hdev))
a69e8375
JH		 5828 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5829 MGMT_STATUS_NOT_SUPPORTED);
14b49b9a
MH		 5830
5831 interval = __le16_to_cpu(cp->interval);
5832
5833 if (interval < 0x0004 || interval > 0x4000)
a69e8375
JH		 5834 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5835 MGMT_STATUS_INVALID_PARAMS);
14b49b9a
MH		 5836
5837 window = __le16_to_cpu(cp->window);
5838
5839 if (window < 0x0004 || window > 0x4000)
a69e8375
JH		 5840 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5841 MGMT_STATUS_INVALID_PARAMS);
14b49b9a 5842
899e1075 5843 if (window > interval)
a69e8375
JH		 5844 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS,
5845 MGMT_STATUS_INVALID_PARAMS);
899e1075 5846
14b49b9a
MH		 5847 hci_dev_lock(hdev);
5848
5849 hdev->le_scan_interval = interval;
5850 hdev->le_scan_window = window;
5851
2a1afb5a
JH		 5852 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_SET_SCAN_PARAMS, 0,
5853 NULL, 0);
14b49b9a 5854
dd2ef8e2
AG		 5855 /* If background scan is running, restart it so new parameters are
5856 * loaded.
5857 */
d7a5a11d 5858 if (hci_dev_test_flag(hdev, HCI_LE_SCAN) &&
abfeea47
LAD		 5859 hdev->discovery.state == DISCOVERY_STOPPED)
5860 hci_update_passive_scan(hdev);
dd2ef8e2 5861
14b49b9a
MH		 5862 hci_dev_unlock(hdev);
5863
5864 return err;
5865}
5866
1904a853
MH		 5867static void fast_connectable_complete(struct hci_dev *hdev, u8 status,
5868 u16 opcode)
33e38b3e 5869{
3b0602cd 5870 struct mgmt_pending_cmd *cmd;
33e38b3e 5871
181d6953 5872 bt_dev_dbg(hdev, "status 0x%02x", status);
33e38b3e
JH		 5873
5874 hci_dev_lock(hdev);
5875
333ae95d 5876 cmd = pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev);
33e38b3e
JH		 5877 if (!cmd)
5878 goto unlock;
5879
5880 if (status) {
a69e8375
JH		 5881 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5882 mgmt_status(status));
33e38b3e 5883 } else {
1a4d3c4b
JH		 5884 struct mgmt_mode *cp = cmd->param;
5885
5886 if (cp->val)
a1536da2 5887 hci_dev_set_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 5888 else
a358dc11 5889 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
1a4d3c4b 5890
33e38b3e
JH		 5891 send_settings_rsp(cmd->sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev);
5892 new_settings(hdev, cmd->sk);
5893 }
5894
5895 mgmt_pending_remove(cmd);
5896
5897unlock:
5898 hci_dev_unlock(hdev);
5899}
5900
bdb6d971 5901static int set_fast_connectable(struct sock *sk, struct hci_dev *hdev,
04124681 5902 void *data, u16 len)
f6422ec6 5903{
650f726d 5904 struct mgmt_mode *cp = data;
3b0602cd 5905 struct mgmt_pending_cmd *cmd;
33e38b3e 5906 struct hci_request req;
f6422ec6
AJ		 5907 int err;
5908
181d6953 5909 bt_dev_dbg(hdev, "sock %p", sk);
f6422ec6 5910
d7a5a11d 5911 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) ||
56f87901 5912 hdev->hci_ver < BLUETOOTH_VER_1_2)
a69e8375
JH		 5913 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5914 MGMT_STATUS_NOT_SUPPORTED);
33c525c0 5915
a7e80f25 5916 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 5917 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5918 MGMT_STATUS_INVALID_PARAMS);
a7e80f25 5919
f6422ec6
AJ		 5920 hci_dev_lock(hdev);
5921
333ae95d 5922 if (pending_find(MGMT_OP_SET_FAST_CONNECTABLE, hdev)) {
a69e8375
JH		 5923 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5924 MGMT_STATUS_BUSY);
05cbf29f
JH		 5925 goto unlock;
5926 }
5927
d7a5a11d 5928 if (!!cp->val == hci_dev_test_flag(hdev, HCI_FAST_CONNECTABLE)) {
1a4d3c4b
JH		 5929 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5930 hdev);
5931 goto unlock;
5932 }
5933
406ef2a6 5934 if (!hdev_is_powered(hdev)) {
ce05d603 5935 hci_dev_change_flag(hdev, HCI_FAST_CONNECTABLE);
406ef2a6
JH		 5936 err = send_settings_rsp(sk, MGMT_OP_SET_FAST_CONNECTABLE,
5937 hdev);
5938 new_settings(hdev, sk);
5939 goto unlock;
5940 }
5941
33e38b3e
JH		 5942 cmd = mgmt_pending_add(sk, MGMT_OP_SET_FAST_CONNECTABLE, hdev,
5943 data, len);
5944 if (!cmd) {
5945 err = -ENOMEM;
5946 goto unlock;
f6422ec6
AJ		 5947 }
5948
33e38b3e
JH		 5949 hci_req_init(&req, hdev);
5950
bf943cbf 5951 __hci_req_write_fast_connectable(&req, cp->val);
33e38b3e
JH		 5952
5953 err = hci_req_run(&req, fast_connectable_complete);
f6422ec6 5954 if (err < 0) {
a69e8375
JH		 5955 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_FAST_CONNECTABLE,
5956 MGMT_STATUS_FAILED);
33e38b3e 5957 mgmt_pending_remove(cmd);
f6422ec6
AJ		 5958 }
5959
33e38b3e 5960unlock:
f6422ec6 5961 hci_dev_unlock(hdev);
33e38b3e 5962
f6422ec6
AJ		 5963 return err;
5964}
5965
1904a853 5966static void set_bredr_complete(struct hci_dev *hdev, u8 status, u16 opcode)
0663ca2a 5967{
3b0602cd 5968 struct mgmt_pending_cmd *cmd;
0663ca2a 5969
181d6953 5970 bt_dev_dbg(hdev, "status 0x%02x", status);
0663ca2a
JH		 5971
5972 hci_dev_lock(hdev);
5973
333ae95d 5974 cmd = pending_find(MGMT_OP_SET_BREDR, hdev);
0663ca2a
JH		 5975 if (!cmd)
5976 goto unlock;
5977
5978 if (status) {
5979 u8 mgmt_err = mgmt_status(status);
5980
5981 /* We need to restore the flag if related HCI commands
5982 * failed.
5983 */
a358dc11 5984 hci_dev_clear_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a 5985
a69e8375 5986 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode, mgmt_err);
0663ca2a
JH		 5987 } else {
5988 send_settings_rsp(cmd->sk, MGMT_OP_SET_BREDR, hdev);
5989 new_settings(hdev, cmd->sk);
5990 }
5991
5992 mgmt_pending_remove(cmd);
5993
5994unlock:
5995 hci_dev_unlock(hdev);
5996}
5997
5998static int set_bredr(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
5999{
6000 struct mgmt_mode *cp = data;
3b0602cd 6001 struct mgmt_pending_cmd *cmd;
0663ca2a
JH		 6002 struct hci_request req;
6003 int err;
6004
181d6953 6005 bt_dev_dbg(hdev, "sock %p", sk);
0663ca2a
JH		 6006
6007 if (!lmp_bredr_capable(hdev) || !lmp_le_capable(hdev))
a69e8375
JH		 6008 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6009 MGMT_STATUS_NOT_SUPPORTED);
0663ca2a 6010
d7a5a11d 6011 if (!hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 6012 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6013 MGMT_STATUS_REJECTED);
0663ca2a
JH		 6014
6015 if (cp->val != 0x00 && cp->val != 0x01)
a69e8375
JH		 6016 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6017 MGMT_STATUS_INVALID_PARAMS);
0663ca2a
JH		 6018
6019 hci_dev_lock(hdev);
6020
d7a5a11d 6021 if (cp->val == hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
0663ca2a
JH		 6022 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6023 goto unlock;
6024 }
6025
6026 if (!hdev_is_powered(hdev)) {
6027 if (!cp->val) {
a358dc11
MH		 6028 hci_dev_clear_flag(hdev, HCI_DISCOVERABLE);
6029 hci_dev_clear_flag(hdev, HCI_SSP_ENABLED);
6030 hci_dev_clear_flag(hdev, HCI_LINK_SECURITY);
6031 hci_dev_clear_flag(hdev, HCI_FAST_CONNECTABLE);
6032 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
0663ca2a
JH		 6033 }
6034
ce05d603 6035 hci_dev_change_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 6036
6037 err = send_settings_rsp(sk, MGMT_OP_SET_BREDR, hdev);
6038 if (err < 0)
6039 goto unlock;
6040
6041 err = new_settings(hdev, sk);
6042 goto unlock;
6043 }
6044
6045 /* Reject disabling when powered on */
6046 if (!cp->val) {
a69e8375
JH		 6047 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6048 MGMT_STATUS_REJECTED);
0663ca2a 6049 goto unlock;
111e4bcc
MH		 6050 } else {
6051 /* When configuring a dual-mode controller to operate
6052 * with LE only and using a static address, then switching
6053 * BR/EDR back on is not allowed.
6054 *
6055 * Dual-mode controllers shall operate with the public
6056 * address as its identity address for BR/EDR and LE. So
6057 * reject the attempt to create an invalid configuration.
3a5486e1
MH		 6058 *
6059 * The same restrictions applies when secure connections
6060 * has been enabled. For BR/EDR this is a controller feature
6061 * while for LE it is a host stack feature. This means that
6062 * switching BR/EDR back on when secure connections has been
6063 * enabled is not a supported transaction.
111e4bcc 6064 */
d7a5a11d 6065 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
3a5486e1 6066 (bacmp(&hdev->static_addr, BDADDR_ANY) ||
d7a5a11d 6067 hci_dev_test_flag(hdev, HCI_SC_ENABLED))) {
a69e8375
JH		 6068 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6069 MGMT_STATUS_REJECTED);
111e4bcc
MH		 6070 goto unlock;
6071 }
0663ca2a
JH		 6072 }
6073
333ae95d 6074 if (pending_find(MGMT_OP_SET_BREDR, hdev)) {
a69e8375
JH		 6075 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_BREDR,
6076 MGMT_STATUS_BUSY);
0663ca2a
JH		 6077 goto unlock;
6078 }
6079
6080 cmd = mgmt_pending_add(sk, MGMT_OP_SET_BREDR, hdev, data, len);
6081 if (!cmd) {
6082 err = -ENOMEM;
6083 goto unlock;
6084 }
6085
f2252570
JH		 6086 /* We need to flip the bit already here so that
6087 * hci_req_update_adv_data generates the correct flags.
0663ca2a 6088 */
a1536da2 6089 hci_dev_set_flag(hdev, HCI_BREDR_ENABLED);
0663ca2a
JH		 6090
6091 hci_req_init(&req, hdev);
aa8af46e 6092
bf943cbf 6093 __hci_req_write_fast_connectable(&req, false);
01b1cb87 6094 __hci_req_update_scan(&req);
aa8af46e 6095
f14d8f64
MH		 6096 /* Since only the advertising data flags will change, there
6097 * is no need to update the scan response data.
6098 */
cab054ab 6099 __hci_req_update_adv_data(&req, hdev->cur_adv_instance);
aa8af46e 6100
0663ca2a
JH		 6101 err = hci_req_run(&req, set_bredr_complete);
6102 if (err < 0)
6103 mgmt_pending_remove(cmd);
6104
6105unlock:
6106 hci_dev_unlock(hdev);
6107 return err;
6108}
6109
a1443f5a
JH		 6110static void sc_enable_complete(struct hci_dev *hdev, u8 status, u16 opcode)
6111{
3b0602cd 6112 struct mgmt_pending_cmd *cmd;
a1443f5a
JH		 6113 struct mgmt_mode *cp;
6114
181d6953 6115 bt_dev_dbg(hdev, "status %u", status);
a1443f5a
JH		 6116
6117 hci_dev_lock(hdev);
6118
333ae95d 6119 cmd = pending_find(MGMT_OP_SET_SECURE_CONN, hdev);
a1443f5a
JH		 6120 if (!cmd)
6121 goto unlock;
6122
6123 if (status) {
a69e8375
JH		 6124 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
6125 mgmt_status(status));
a1443f5a
JH		 6126 goto remove;
6127 }
6128
6129 cp = cmd->param;
6130
6131 switch (cp->val) {
6132 case 0x00:
a358dc11
MH		 6133 hci_dev_clear_flag(hdev, HCI_SC_ENABLED);
6134 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6135 break;
6136 case 0x01:
a1536da2 6137 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
a358dc11 6138 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6139 break;
6140 case 0x02:
a1536da2
MH		 6141 hci_dev_set_flag(hdev, HCI_SC_ENABLED);
6142 hci_dev_set_flag(hdev, HCI_SC_ONLY);
a1443f5a
JH		 6143 break;
6144 }
6145
6146 send_settings_rsp(cmd->sk, MGMT_OP_SET_SECURE_CONN, hdev);
6147 new_settings(hdev, cmd->sk);
6148
6149remove:
6150 mgmt_pending_remove(cmd);
6151unlock:
6152 hci_dev_unlock(hdev);
6153}
6154
eac83dc6
MH		 6155static int set_secure_conn(struct sock *sk, struct hci_dev *hdev,
6156 void *data, u16 len)
6157{
6158 struct mgmt_mode *cp = data;
3b0602cd 6159 struct mgmt_pending_cmd *cmd;
a1443f5a 6160 struct hci_request req;
a3209694 6161 u8 val;
eac83dc6
MH		 6162 int err;
6163
181d6953 6164 bt_dev_dbg(hdev, "sock %p", sk);
eac83dc6 6165
05b3c3e7 6166 if (!lmp_sc_capable(hdev) &&
d7a5a11d 6167 !hci_dev_test_flag(hdev, HCI_LE_ENABLED))
a69e8375
JH		 6168 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6169 MGMT_STATUS_NOT_SUPPORTED);
eac83dc6 6170
d7a5a11d 6171 if (hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
59200286 6172 lmp_sc_capable(hdev) &&
d7a5a11d 6173 !hci_dev_test_flag(hdev, HCI_SSP_ENABLED))
a69e8375
JH		 6174 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6175 MGMT_STATUS_REJECTED);
ed93ec69 6176
0ab04a9c 6177 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375 6178 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
eac83dc6
MH		 6179 MGMT_STATUS_INVALID_PARAMS);
6180
6181 hci_dev_lock(hdev);
6182
05b3c3e7 6183 if (!hdev_is_powered(hdev) || !lmp_sc_capable(hdev) ||
d7a5a11d 6184 !hci_dev_test_flag(hdev, HCI_BREDR_ENABLED)) {
eac83dc6
MH		 6185 bool changed;
6186
0ab04a9c 6187 if (cp->val) {
238be788
MH		 6188 changed = !hci_dev_test_and_set_flag(hdev,
6189 HCI_SC_ENABLED);
0ab04a9c 6190 if (cp->val == 0x02)
a1536da2 6191 hci_dev_set_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6192 else
a358dc11 6193 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6194 } else {
a69d8927
MH		 6195 changed = hci_dev_test_and_clear_flag(hdev,
6196 HCI_SC_ENABLED);
a358dc11 6197 hci_dev_clear_flag(hdev, HCI_SC_ONLY);
0ab04a9c 6198 }
eac83dc6
MH		 6199
6200 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6201 if (err < 0)
6202 goto failed;
6203
6204 if (changed)
6205 err = new_settings(hdev, sk);
6206
6207 goto failed;
6208 }
6209
333ae95d 6210 if (pending_find(MGMT_OP_SET_SECURE_CONN, hdev)) {
a69e8375
JH		 6211 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_SECURE_CONN,
6212 MGMT_STATUS_BUSY);
eac83dc6
MH		 6213 goto failed;
6214 }
6215
0ab04a9c
MH		 6216 val = !!cp->val;
6217
d7a5a11d
MH		 6218 if (val == hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
6219 (cp->val == 0x02) == hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
eac83dc6
MH		 6220 err = send_settings_rsp(sk, MGMT_OP_SET_SECURE_CONN, hdev);
6221 goto failed;
6222 }
6223
6224 cmd = mgmt_pending_add(sk, MGMT_OP_SET_SECURE_CONN, hdev, data, len);
6225 if (!cmd) {
6226 err = -ENOMEM;
6227 goto failed;
6228 }
6229
a1443f5a
JH		 6230 hci_req_init(&req, hdev);
6231 hci_req_add(&req, HCI_OP_WRITE_SC_SUPPORT, 1, &val);
6232 err = hci_req_run(&req, sc_enable_complete);
eac83dc6
MH		 6233 if (err < 0) {
6234 mgmt_pending_remove(cmd);
6235 goto failed;
6236 }
6237
6238failed:
6239 hci_dev_unlock(hdev);
6240 return err;
6241}
6242
4e39ac81
MH		 6243static int set_debug_keys(struct sock *sk, struct hci_dev *hdev,
6244 void *data, u16 len)
6245{
6246 struct mgmt_mode *cp = data;
b9710979 6247 bool changed, use_changed;
4e39ac81
MH		 6248 int err;
6249
181d6953 6250 bt_dev_dbg(hdev, "sock %p", sk);
4e39ac81 6251
b9710979 6252 if (cp->val != 0x00 && cp->val != 0x01 && cp->val != 0x02)
a69e8375
JH		 6253 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_DEBUG_KEYS,
6254 MGMT_STATUS_INVALID_PARAMS);
4e39ac81
MH		 6255
6256 hci_dev_lock(hdev);
6257
6258 if (cp->val)
238be788 6259 changed = !hci_dev_test_and_set_flag(hdev, HCI_KEEP_DEBUG_KEYS);
4e39ac81 6260 else
a69d8927
MH		 6261 changed = hci_dev_test_and_clear_flag(hdev,
6262 HCI_KEEP_DEBUG_KEYS);
4e39ac81 6263
b9710979 6264 if (cp->val == 0x02)
238be788
MH		 6265 use_changed = !hci_dev_test_and_set_flag(hdev,
6266 HCI_USE_DEBUG_KEYS);
b9710979 6267 else
a69d8927
MH		 6268 use_changed = hci_dev_test_and_clear_flag(hdev,
6269 HCI_USE_DEBUG_KEYS);
b9710979
JH		 6270
6271 if (hdev_is_powered(hdev) && use_changed &&
d7a5a11d 6272 hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
b9710979
JH		 6273 u8 mode = (cp->val == 0x02) ? 0x01 : 0x00;
6274 hci_send_cmd(hdev, HCI_OP_WRITE_SSP_DEBUG_MODE,
6275 sizeof(mode), &mode);
6276 }
6277
4e39ac81
MH		 6278 err = send_settings_rsp(sk, MGMT_OP_SET_DEBUG_KEYS, hdev);
6279 if (err < 0)
6280 goto unlock;
6281
6282 if (changed)
6283 err = new_settings(hdev, sk);
6284
6285unlock:
6286 hci_dev_unlock(hdev);
6287 return err;
6288}
6289
62b04cd1
JH		 6290static int set_privacy(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6291 u16 len)
6292{
6293 struct mgmt_cp_set_privacy *cp = cp_data;
6294 bool changed;
6295 int err;
6296
181d6953 6297 bt_dev_dbg(hdev, "sock %p", sk);
62b04cd1
JH		 6298
6299 if (!lmp_le_capable(hdev))
a69e8375
JH		 6300 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6301 MGMT_STATUS_NOT_SUPPORTED);
62b04cd1 6302
82a37ade 6303 if (cp->privacy != 0x00 && cp->privacy != 0x01 && cp->privacy != 0x02)
a69e8375
JH		 6304 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6305 MGMT_STATUS_INVALID_PARAMS);
62b04cd1
JH		 6306
6307 if (hdev_is_powered(hdev))
a69e8375
JH		 6308 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PRIVACY,
6309 MGMT_STATUS_REJECTED);
62b04cd1
JH		 6310
6311 hci_dev_lock(hdev);
6312
c21c0ea0
JH		 6313 /* If user space supports this command it is also expected to
6314 * handle IRKs. Therefore, set the HCI_RPA_RESOLVING flag.
6315 */
a1536da2 6316 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
c21c0ea0 6317
62b04cd1 6318 if (cp->privacy) {
238be788 6319 changed = !hci_dev_test_and_set_flag(hdev, HCI_PRIVACY);
62b04cd1 6320 memcpy(hdev->irk, cp->irk, sizeof(hdev->irk));
a1536da2 6321 hci_dev_set_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 6322 hci_adv_instances_set_rpa_expired(hdev, true);
82a37ade
JH		 6323 if (cp->privacy == 0x02)
6324 hci_dev_set_flag(hdev, HCI_LIMITED_PRIVACY);
6325 else
6326 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1 6327 } else {
a69d8927 6328 changed = hci_dev_test_and_clear_flag(hdev, HCI_PRIVACY);
62b04cd1 6329 memset(hdev->irk, 0, sizeof(hdev->irk));
a358dc11 6330 hci_dev_clear_flag(hdev, HCI_RPA_EXPIRED);
a73c046a 6331 hci_adv_instances_set_rpa_expired(hdev, false);
82a37ade 6332 hci_dev_clear_flag(hdev, HCI_LIMITED_PRIVACY);
62b04cd1
JH		 6333 }
6334
6335 err = send_settings_rsp(sk, MGMT_OP_SET_PRIVACY, hdev);
6336 if (err < 0)
6337 goto unlock;
6338
6339 if (changed)
6340 err = new_settings(hdev, sk);
6341
6342unlock:
6343 hci_dev_unlock(hdev);
6344 return err;
6345}
6346
41edf160
JH		 6347static bool irk_is_valid(struct mgmt_irk_info *irk)
6348{
6349 switch (irk->addr.type) {
6350 case BDADDR_LE_PUBLIC:
6351 return true;
6352
6353 case BDADDR_LE_RANDOM:
6354 /* Two most significant bits shall be set */
6355 if ((irk->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6356 return false;
6357 return true;
6358 }
6359
6360 return false;
6361}
6362
6363static int load_irks(struct sock *sk, struct hci_dev *hdev, void *cp_data,
6364 u16 len)
6365{
6366 struct mgmt_cp_load_irks *cp = cp_data;
ba1d6936
JH		 6367 const u16 max_irk_count = ((U16_MAX - sizeof(*cp)) /
6368 sizeof(struct mgmt_irk_info));
41edf160
JH		 6369 u16 irk_count, expected_len;
6370 int i, err;
6371
181d6953 6372 bt_dev_dbg(hdev, "sock %p", sk);
41edf160
JH		 6373
6374 if (!lmp_le_capable(hdev))
a69e8375
JH		 6375 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6376 MGMT_STATUS_NOT_SUPPORTED);
41edf160
JH		 6377
6378 irk_count = __le16_to_cpu(cp->irk_count);
ba1d6936 6379 if (irk_count > max_irk_count) {
2064ee33
MH		 6380 bt_dev_err(hdev, "load_irks: too big irk_count value %u",
6381 irk_count);
a69e8375
JH		 6382 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6383 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6384 }
41edf160 6385
5bec1fb8 6386 expected_len = struct_size(cp, irks, irk_count);
41edf160 6387 if (expected_len != len) {
2064ee33
MH		 6388 bt_dev_err(hdev, "load_irks: expected %u bytes, got %u bytes",
6389 expected_len, len);
a69e8375
JH		 6390 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_IRKS,
6391 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 6392 }
6393
181d6953 6394 bt_dev_dbg(hdev, "irk_count %u", irk_count);
41edf160
JH		 6395
6396 for (i = 0; i < irk_count; i++) {
6397 struct mgmt_irk_info *key = &cp->irks[i];
6398
6399 if (!irk_is_valid(key))
a69e8375
JH		 6400 return mgmt_cmd_status(sk, hdev->id,
6401 MGMT_OP_LOAD_IRKS,
6402 MGMT_STATUS_INVALID_PARAMS);
41edf160
JH		 6403 }
6404
6405 hci_dev_lock(hdev);
6406
6407 hci_smp_irks_clear(hdev);
6408
6409 for (i = 0; i < irk_count; i++) {
6410 struct mgmt_irk_info *irk = &cp->irks[i];
41edf160 6411
600a8749
AM		 6412 if (hci_is_blocked_key(hdev,
6413 HCI_BLOCKED_KEY_TYPE_IRK,
6414 irk->val)) {
6415 bt_dev_warn(hdev, "Skipping blocked IRK for %pMR",
6416 &irk->addr.bdaddr);
6417 continue;
6418 }
6419
85813a7e
JH		 6420 hci_add_irk(hdev, &irk->addr.bdaddr,
6421 le_addr_type(irk->addr.type), irk->val,
41edf160
JH		 6422 BDADDR_ANY);
6423 }
6424
a1536da2 6425 hci_dev_set_flag(hdev, HCI_RPA_RESOLVING);
41edf160 6426
2a1afb5a 6427 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_IRKS, 0, NULL, 0);
41edf160
JH		 6428
6429 hci_dev_unlock(hdev);
6430
6431 return err;
6432}
6433
3f706b72
JH		 6434static bool ltk_is_valid(struct mgmt_ltk_info *key)
6435{
fad646e1 6436 if (key->initiator != 0x00 && key->initiator != 0x01)
3f706b72 6437 return false;
490cb0b3
MH		 6438
6439 switch (key->addr.type) {
6440 case BDADDR_LE_PUBLIC:
6441 return true;
6442
6443 case BDADDR_LE_RANDOM:
6444 /* Two most significant bits shall be set */
6445 if ((key->addr.bdaddr.b[5] & 0xc0) != 0xc0)
6446 return false;
6447 return true;
6448 }
6449
6450 return false;
3f706b72
JH		 6451}
6452
bdb6d971 6453static int load_long_term_keys(struct sock *sk, struct hci_dev *hdev,
04124681 6454 void *cp_data, u16 len)
346af67b 6455{
346af67b 6456 struct mgmt_cp_load_long_term_keys *cp = cp_data;
ba1d6936
JH		 6457 const u16 max_key_count = ((U16_MAX - sizeof(*cp)) /
6458 sizeof(struct mgmt_ltk_info));
346af67b 6459 u16 key_count, expected_len;
715a5bf2 6460 int i, err;
346af67b 6461
181d6953 6462 bt_dev_dbg(hdev, "sock %p", sk);
cf99ba13
MH		 6463
6464 if (!lmp_le_capable(hdev))
a69e8375
JH		 6465 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6466 MGMT_STATUS_NOT_SUPPORTED);
cf99ba13 6467
1f350c87 6468 key_count = __le16_to_cpu(cp->key_count);
ba1d6936 6469 if (key_count > max_key_count) {
2064ee33
MH		 6470 bt_dev_err(hdev, "load_ltks: too big key_count value %u",
6471 key_count);
a69e8375
JH		 6472 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6473 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 6474 }
346af67b 6475
5bec1fb8 6476 expected_len = struct_size(cp, keys, key_count);
346af67b 6477 if (expected_len != len) {
2064ee33
MH		 6478 bt_dev_err(hdev, "load_keys: expected %u bytes, got %u bytes",
6479 expected_len, len);
a69e8375
JH		 6480 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS,
6481 MGMT_STATUS_INVALID_PARAMS);
346af67b
VCG		 6482 }
6483
181d6953 6484 bt_dev_dbg(hdev, "key_count %u", key_count);
346af67b 6485
54ad6d8a
JH		 6486 for (i = 0; i < key_count; i++) {
6487 struct mgmt_ltk_info *key = &cp->keys[i];
6488
3f706b72 6489 if (!ltk_is_valid(key))
a69e8375
JH		 6490 return mgmt_cmd_status(sk, hdev->id,
6491 MGMT_OP_LOAD_LONG_TERM_KEYS,
6492 MGMT_STATUS_INVALID_PARAMS);
54ad6d8a
JH		 6493 }
6494
346af67b
VCG		 6495 hci_dev_lock(hdev);
6496
6497 hci_smp_ltks_clear(hdev);
6498
6499 for (i = 0; i < key_count; i++) {
6500 struct mgmt_ltk_info *key = &cp->keys[i];
85813a7e 6501 u8 type, authenticated;
346af67b 6502
600a8749
AM		 6503 if (hci_is_blocked_key(hdev,
6504 HCI_BLOCKED_KEY_TYPE_LTK,
6505 key->val)) {
6506 bt_dev_warn(hdev, "Skipping blocked LTK for %pMR",
6507 &key->addr.bdaddr);
6508 continue;
6509 }
6510
61b43357
JH		 6511 switch (key->type) {
6512 case MGMT_LTK_UNAUTHENTICATED:
d7b25450 6513 authenticated = 0x00;
fad646e1 6514 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
61b43357
JH		 6515 break;
6516 case MGMT_LTK_AUTHENTICATED:
d7b25450 6517 authenticated = 0x01;
fad646e1 6518 type = key->initiator ? SMP_LTK : SMP_LTK_RESPONDER;
23fb8de3
JH		 6519 break;
6520 case MGMT_LTK_P256_UNAUTH:
6521 authenticated = 0x00;
6522 type = SMP_LTK_P256;
61b43357 6523 break;
23fb8de3
JH		 6524 case MGMT_LTK_P256_AUTH:
6525 authenticated = 0x01;
6526 type = SMP_LTK_P256;
61b43357 6527 break;
23fb8de3
JH		 6528 case MGMT_LTK_P256_DEBUG:
6529 authenticated = 0x00;
6530 type = SMP_LTK_P256_DEBUG;
19186c7b 6531 fallthrough;
61b43357
JH		 6532 default:
6533 continue;
6534 }
d7b25450 6535
85813a7e
JH		 6536 hci_add_ltk(hdev, &key->addr.bdaddr,
6537 le_addr_type(key->addr.type), type, authenticated,
6538 key->val, key->enc_size, key->ediv, key->rand);
346af67b
VCG		 6539 }
6540
2a1afb5a 6541 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_LONG_TERM_KEYS, 0,
715a5bf2
JH		 6542 NULL, 0);
6543
346af67b 6544 hci_dev_unlock(hdev);
346af67b 6545
715a5bf2 6546 return err;
346af67b
VCG		 6547}
6548
3b0602cd 6549static int conn_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
dd983808 6550{
dd983808 6551 struct hci_conn *conn = cmd->user_data;
9981bdb0 6552 struct mgmt_rp_get_conn_info rp;
9df74653 6553 int err;
dd983808 6554
9981bdb0 6555 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
dd983808 6556
9981bdb0 6557 if (status == MGMT_STATUS_SUCCESS) {
dd983808 6558 rp.rssi = conn->rssi;
9981bdb0
JH		 6559 rp.tx_power = conn->tx_power;
6560 rp.max_tx_power = conn->max_tx_power;
6561 } else {
6562 rp.rssi = HCI_RSSI_INVALID;
6563 rp.tx_power = HCI_TX_POWER_INVALID;
6564 rp.max_tx_power = HCI_TX_POWER_INVALID;
dd983808
AK		 6565 }
6566
2a1afb5a
JH		 6567 err = mgmt_cmd_complete(cmd->sk, cmd->index, MGMT_OP_GET_CONN_INFO,
6568 status, &rp, sizeof(rp));
dd983808
AK		 6569
6570 hci_conn_drop(conn);
f8aaf9b6 6571 hci_conn_put(conn);
9df74653
JH		 6572
6573 return err;
dd983808
AK		 6574}
6575
1904a853
MH		 6576static void conn_info_refresh_complete(struct hci_dev *hdev, u8 hci_status,
6577 u16 opcode)
dd983808
AK		 6578{
6579 struct hci_cp_read_rssi *cp;
3b0602cd 6580 struct mgmt_pending_cmd *cmd;
dd983808 6581 struct hci_conn *conn;
dd983808 6582 u16 handle;
9981bdb0 6583 u8 status;
dd983808 6584
181d6953 6585 bt_dev_dbg(hdev, "status 0x%02x", hci_status);
dd983808
AK		 6586
6587 hci_dev_lock(hdev);
6588
dd983808
AK		 6589 /* Commands sent in request are either Read RSSI or Read Transmit Power
6590 * Level so we check which one was last sent to retrieve connection
6591 * handle. Both commands have handle as first parameter so it's safe to
6592 * cast data on the same command struct.
6593 *
6594 * First command sent is always Read RSSI and we fail only if it fails.
6595 * In other case we simply override error to indicate success as we
6596 * already remembered if TX power value is actually valid.
6597 */
6598 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_RSSI);
6599 if (!cp) {
6600 cp = hci_sent_cmd_data(hdev, HCI_OP_READ_TX_POWER);
9981bdb0
JH		 6601 status = MGMT_STATUS_SUCCESS;
6602 } else {
6603 status = mgmt_status(hci_status);
dd983808
AK		 6604 }
6605
6606 if (!cp) {
2064ee33 6607 bt_dev_err(hdev, "invalid sent_cmd in conn_info response");
dd983808
AK		 6608 goto unlock;
6609 }
6610
6611 handle = __le16_to_cpu(cp->handle);
6612 conn = hci_conn_hash_lookup_handle(hdev, handle);
6613 if (!conn) {
85d67284 6614 bt_dev_err(hdev, "unknown handle (%u) in conn_info response",
2064ee33 6615 handle);
dd983808
AK		 6616 goto unlock;
6617 }
6618
333ae95d 6619 cmd = pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn);
9981bdb0
JH		 6620 if (!cmd)
6621 goto unlock;
dd983808 6622
9981bdb0
JH		 6623 cmd->cmd_complete(cmd, status);
6624 mgmt_pending_remove(cmd);
dd983808
AK		 6625
6626unlock:
6627 hci_dev_unlock(hdev);
6628}
6629
6630static int get_conn_info(struct sock *sk, struct hci_dev *hdev, void *data,
6631 u16 len)
6632{
6633 struct mgmt_cp_get_conn_info *cp = data;
6634 struct mgmt_rp_get_conn_info rp;
6635 struct hci_conn *conn;
6636 unsigned long conn_info_age;
6637 int err = 0;
6638
181d6953 6639 bt_dev_dbg(hdev, "sock %p", sk);
dd983808
AK		 6640
6641 memset(&rp, 0, sizeof(rp));
6642 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6643 rp.addr.type = cp->addr.type;
6644
6645 if (!bdaddr_type_is_valid(cp->addr.type))
2a1afb5a
JH		 6646 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6647 MGMT_STATUS_INVALID_PARAMS,
6648 &rp, sizeof(rp));
dd983808
AK		 6649
6650 hci_dev_lock(hdev);
6651
6652 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 6653 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6654 MGMT_STATUS_NOT_POWERED, &rp,
6655 sizeof(rp));
dd983808
AK		 6656 goto unlock;
6657 }
6658
6659 if (cp->addr.type == BDADDR_BREDR)
6660 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6661 &cp->addr.bdaddr);
6662 else
6663 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, &cp->addr.bdaddr);
6664
6665 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 6666 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6667 MGMT_STATUS_NOT_CONNECTED, &rp,
6668 sizeof(rp));
dd983808
AK		 6669 goto unlock;
6670 }
6671
333ae95d 6672 if (pending_find_data(MGMT_OP_GET_CONN_INFO, hdev, conn)) {
2a1afb5a
JH		 6673 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6674 MGMT_STATUS_BUSY, &rp, sizeof(rp));
9981bdb0
JH		 6675 goto unlock;
6676 }
6677
dd983808
AK		 6678 /* To avoid client trying to guess when to poll again for information we
6679 * calculate conn info age as random value between min/max set in hdev.
6680 */
6681 conn_info_age = hdev->conn_info_min_age +
6682 prandom_u32_max(hdev->conn_info_max_age -
6683 hdev->conn_info_min_age);
6684
6685 /* Query controller to refresh cached values if they are too old or were
6686 * never read.
6687 */
f4e2dd53
AK		 6688 if (time_after(jiffies, conn->conn_info_timestamp +
6689 msecs_to_jiffies(conn_info_age)) ||
dd983808
AK		 6690 !conn->conn_info_timestamp) {
6691 struct hci_request req;
6692 struct hci_cp_read_tx_power req_txp_cp;
6693 struct hci_cp_read_rssi req_rssi_cp;
3b0602cd 6694 struct mgmt_pending_cmd *cmd;
dd983808
AK		 6695
6696 hci_req_init(&req, hdev);
6697 req_rssi_cp.handle = cpu_to_le16(conn->handle);
6698 hci_req_add(&req, HCI_OP_READ_RSSI, sizeof(req_rssi_cp),
6699 &req_rssi_cp);
6700
f7faab0c
AK		 6701 /* For LE links TX power does not change thus we don't need to
6702 * query for it once value is known.
6703 */
6704 if (!bdaddr_type_is_le(cp->addr.type) ||
6705 conn->tx_power == HCI_TX_POWER_INVALID) {
6706 req_txp_cp.handle = cpu_to_le16(conn->handle);
6707 req_txp_cp.type = 0x00;
6708 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6709 sizeof(req_txp_cp), &req_txp_cp);
6710 }
dd983808 6711
eed5daf3
AK		 6712 /* Max TX power needs to be read only once per connection */
6713 if (conn->max_tx_power == HCI_TX_POWER_INVALID) {
6714 req_txp_cp.handle = cpu_to_le16(conn->handle);
6715 req_txp_cp.type = 0x01;
6716 hci_req_add(&req, HCI_OP_READ_TX_POWER,
6717 sizeof(req_txp_cp), &req_txp_cp);
6718 }
6719
dd983808
AK		 6720 err = hci_req_run(&req, conn_info_refresh_complete);
6721 if (err < 0)
6722 goto unlock;
6723
6724 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CONN_INFO, hdev,
6725 data, len);
6726 if (!cmd) {
6727 err = -ENOMEM;
6728 goto unlock;
6729 }
6730
6731 hci_conn_hold(conn);
f8aaf9b6 6732 cmd->user_data = hci_conn_get(conn);
9981bdb0 6733 cmd->cmd_complete = conn_info_cmd_complete;
dd983808
AK		 6734
6735 conn->conn_info_timestamp = jiffies;
6736 } else {
6737 /* Cache is valid, just reply with values cached in hci_conn */
6738 rp.rssi = conn->rssi;
6739 rp.tx_power = conn->tx_power;
eed5daf3 6740 rp.max_tx_power = conn->max_tx_power;
dd983808 6741
2a1afb5a
JH		 6742 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CONN_INFO,
6743 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
dd983808
AK		 6744 }
6745
6746unlock:
6747 hci_dev_unlock(hdev);
6748 return err;
6749}
6750
3b0602cd 6751static int clock_info_cmd_complete(struct mgmt_pending_cmd *cmd, u8 status)
95868426 6752{
69487371 6753 struct hci_conn *conn = cmd->user_data;
95868426 6754 struct mgmt_rp_get_clock_info rp;
69487371 6755 struct hci_dev *hdev;
9df74653 6756 int err;
69487371
JH		 6757
6758 memset(&rp, 0, sizeof(rp));
56f787c5 6759 memcpy(&rp.addr, cmd->param, sizeof(rp.addr));
69487371
JH		 6760
6761 if (status)
6762 goto complete;
6763
6764 hdev = hci_dev_get(cmd->index);
6765 if (hdev) {
6766 rp.local_clock = cpu_to_le32(hdev->clock);
6767 hci_dev_put(hdev);
6768 }
6769
6770 if (conn) {
6771 rp.piconet_clock = cpu_to_le32(conn->clock);
6772 rp.accuracy = cpu_to_le16(conn->clock_accuracy);
6773 }
6774
6775complete:
2a1afb5a
JH		 6776 err = mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode, status, &rp,
6777 sizeof(rp));
69487371
JH		 6778
6779 if (conn) {
6780 hci_conn_drop(conn);
6781 hci_conn_put(conn);
6782 }
9df74653
JH		 6783
6784 return err;
69487371
JH		 6785}
6786
1904a853 6787static void get_clock_info_complete(struct hci_dev *hdev, u8 status, u16 opcode)
69487371 6788{
95868426 6789 struct hci_cp_read_clock *hci_cp;
3b0602cd 6790 struct mgmt_pending_cmd *cmd;
95868426
JH		 6791 struct hci_conn *conn;
6792
181d6953 6793 bt_dev_dbg(hdev, "status %u", status);
95868426
JH		 6794
6795 hci_dev_lock(hdev);
6796
6797 hci_cp = hci_sent_cmd_data(hdev, HCI_OP_READ_CLOCK);
6798 if (!hci_cp)
6799 goto unlock;
6800
6801 if (hci_cp->which) {
6802 u16 handle = __le16_to_cpu(hci_cp->handle);
6803 conn = hci_conn_hash_lookup_handle(hdev, handle);
6804 } else {
6805 conn = NULL;
6806 }
6807
333ae95d 6808 cmd = pending_find_data(MGMT_OP_GET_CLOCK_INFO, hdev, conn);
95868426
JH		 6809 if (!cmd)
6810 goto unlock;
6811
69487371 6812 cmd->cmd_complete(cmd, mgmt_status(status));
95868426 6813 mgmt_pending_remove(cmd);
95868426
JH		 6814
6815unlock:
6816 hci_dev_unlock(hdev);
6817}
6818
6819static int get_clock_info(struct sock *sk, struct hci_dev *hdev, void *data,
6820 u16 len)
6821{
6822 struct mgmt_cp_get_clock_info *cp = data;
6823 struct mgmt_rp_get_clock_info rp;
6824 struct hci_cp_read_clock hci_cp;
3b0602cd 6825 struct mgmt_pending_cmd *cmd;
95868426
JH		 6826 struct hci_request req;
6827 struct hci_conn *conn;
6828 int err;
6829
181d6953 6830 bt_dev_dbg(hdev, "sock %p", sk);
95868426
JH		 6831
6832 memset(&rp, 0, sizeof(rp));
6833 bacpy(&rp.addr.bdaddr, &cp->addr.bdaddr);
6834 rp.addr.type = cp->addr.type;
6835
6836 if (cp->addr.type != BDADDR_BREDR)
2a1afb5a
JH		 6837 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6838 MGMT_STATUS_INVALID_PARAMS,
6839 &rp, sizeof(rp));
95868426
JH		 6840
6841 hci_dev_lock(hdev);
6842
6843 if (!hdev_is_powered(hdev)) {
2a1afb5a
JH		 6844 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_CLOCK_INFO,
6845 MGMT_STATUS_NOT_POWERED, &rp,
6846 sizeof(rp));
95868426
JH		 6847 goto unlock;
6848 }
6849
6850 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
6851 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK,
6852 &cp->addr.bdaddr);
6853 if (!conn || conn->state != BT_CONNECTED) {
2a1afb5a
JH		 6854 err = mgmt_cmd_complete(sk, hdev->id,
6855 MGMT_OP_GET_CLOCK_INFO,
6856 MGMT_STATUS_NOT_CONNECTED,
6857 &rp, sizeof(rp));
95868426
JH		 6858 goto unlock;
6859 }
6860 } else {
6861 conn = NULL;
6862 }
6863
6864 cmd = mgmt_pending_add(sk, MGMT_OP_GET_CLOCK_INFO, hdev, data, len);
6865 if (!cmd) {
6866 err = -ENOMEM;
6867 goto unlock;
6868 }
6869
69487371
JH		 6870 cmd->cmd_complete = clock_info_cmd_complete;
6871
95868426
JH		 6872 hci_req_init(&req, hdev);
6873
6874 memset(&hci_cp, 0, sizeof(hci_cp));
6875 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6876
6877 if (conn) {
6878 hci_conn_hold(conn);
f8aaf9b6 6879 cmd->user_data = hci_conn_get(conn);
95868426
JH		 6880
6881 hci_cp.handle = cpu_to_le16(conn->handle);
6882 hci_cp.which = 0x01; /* Piconet clock */
6883 hci_req_add(&req, HCI_OP_READ_CLOCK, sizeof(hci_cp), &hci_cp);
6884 }
6885
6886 err = hci_req_run(&req, get_clock_info_complete);
6887 if (err < 0)
6888 mgmt_pending_remove(cmd);
6889
6890unlock:
6891 hci_dev_unlock(hdev);
6892 return err;
6893}
6894
5a154e6f
JH		 6895static bool is_connected(struct hci_dev *hdev, bdaddr_t *addr, u8 type)
6896{
6897 struct hci_conn *conn;
6898
6899 conn = hci_conn_hash_lookup_ba(hdev, LE_LINK, addr);
6900 if (!conn)
6901 return false;
6902
6903 if (conn->dst_type != type)
6904 return false;
6905
6906 if (conn->state != BT_CONNECTED)
6907 return false;
6908
6909 return true;
6910}
6911
6912/* This function requires the caller holds hdev->lock */
51d7a94d 6913static int hci_conn_params_set(struct hci_dev *hdev, bdaddr_t *addr,
5a154e6f
JH		 6914 u8 addr_type, u8 auto_connect)
6915{
5a154e6f
JH		 6916 struct hci_conn_params *params;
6917
6918 params = hci_conn_params_add(hdev, addr, addr_type);
6919 if (!params)
6920 return -EIO;
6921
6922 if (params->auto_connect == auto_connect)
6923 return 0;
6924
6925 list_del_init(&params->action);
6926
6927 switch (auto_connect) {
6928 case HCI_AUTO_CONN_DISABLED:
6929 case HCI_AUTO_CONN_LINK_LOSS:
28a667c9
JP		 6930 /* If auto connect is being disabled when we're trying to
6931 * connect to device, keep connecting.
6932 */
6933 if (params->explicit_connect)
6934 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 6935 break;
6936 case HCI_AUTO_CONN_REPORT:
49c50922
JH		 6937 if (params->explicit_connect)
6938 list_add(&params->action, &hdev->pend_le_conns);
6939 else
6940 list_add(&params->action, &hdev->pend_le_reports);
5a154e6f
JH		 6941 break;
6942 case HCI_AUTO_CONN_DIRECT:
6943 case HCI_AUTO_CONN_ALWAYS:
51d7a94d 6944 if (!is_connected(hdev, addr, addr_type))
5a154e6f 6945 list_add(&params->action, &hdev->pend_le_conns);
5a154e6f
JH		 6946 break;
6947 }
6948
6949 params->auto_connect = auto_connect;
6950
181d6953
MH		 6951 bt_dev_dbg(hdev, "addr %pMR (type %u) auto_connect %u",
6952 addr, addr_type, auto_connect);
5a154e6f
JH		 6953
6954 return 0;
6955}
6956
8afef092
MH		 6957static void device_added(struct sock *sk, struct hci_dev *hdev,
6958 bdaddr_t *bdaddr, u8 type, u8 action)
6959{
6960 struct mgmt_ev_device_added ev;
6961
6962 bacpy(&ev.addr.bdaddr, bdaddr);
6963 ev.addr.type = type;
6964 ev.action = action;
6965
6966 mgmt_event(MGMT_EV_DEVICE_ADDED, hdev, &ev, sizeof(ev), sk);
6967}
6968
e8907f76
LAD		 6969static int add_device_sync(struct hci_dev *hdev, void *data)
6970{
6971 return hci_update_passive_scan_sync(hdev);
6972}
6973
2faade53
MH		 6974static int add_device(struct sock *sk, struct hci_dev *hdev,
6975 void *data, u16 len)
6976{
6977 struct mgmt_cp_add_device *cp = data;
6978 u8 auto_conn, addr_type;
4c54bf2b 6979 struct hci_conn_params *params;
2faade53 6980 int err;
4c54bf2b 6981 u32 current_flags = 0;
2faade53 6982
181d6953 6983 bt_dev_dbg(hdev, "sock %p", sk);
2faade53 6984
6659358e 6985 if (!bdaddr_type_is_valid(cp->addr.type) ||
2faade53 6986 !bacmp(&cp->addr.bdaddr, BDADDR_ANY))
2a1afb5a
JH		 6987 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6988 MGMT_STATUS_INVALID_PARAMS,
6989 &cp->addr, sizeof(cp->addr));
2faade53 6990
4b9e7e75 6991 if (cp->action != 0x00 && cp->action != 0x01 && cp->action != 0x02)
2a1afb5a
JH		 6992 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
6993 MGMT_STATUS_INVALID_PARAMS,
6994 &cp->addr, sizeof(cp->addr));
2faade53
MH		 6995
6996 hci_dev_lock(hdev);
6997
6659358e 6998 if (cp->addr.type == BDADDR_BREDR) {
4b9e7e75 6999 /* Only incoming connections action is supported for now */
6659358e 7000 if (cp->action != 0x01) {
51d7a94d
JH		 7001 err = mgmt_cmd_complete(sk, hdev->id,
7002 MGMT_OP_ADD_DEVICE,
7003 MGMT_STATUS_INVALID_PARAMS,
7004 &cp->addr, sizeof(cp->addr));
6659358e
JH		 7005 goto unlock;
7006 }
7007
3d4f9c00 7008 err = hci_bdaddr_list_add_with_flags(&hdev->accept_list,
8baaa403
APS		 7009 &cp->addr.bdaddr,
7010 cp->addr.type, 0);
6659358e
JH		 7011 if (err)
7012 goto unlock;
a397407f 7013
01b1cb87 7014 hci_req_update_scan(hdev);
a397407f 7015
6659358e
JH		 7016 goto added;
7017 }
7018
85813a7e 7019 addr_type = le_addr_type(cp->addr.type);
2faade53 7020
4b9e7e75 7021 if (cp->action == 0x02)
2faade53 7022 auto_conn = HCI_AUTO_CONN_ALWAYS;
4b9e7e75
MH		 7023 else if (cp->action == 0x01)
7024 auto_conn = HCI_AUTO_CONN_DIRECT;
2faade53 7025 else
a3451d27 7026 auto_conn = HCI_AUTO_CONN_REPORT;
2faade53 7027
9a0a8a8e
JP		 7028 /* Kernel internally uses conn_params with resolvable private
7029 * address, but Add Device allows only identity addresses.
7030 * Make sure it is enforced before calling
7031 * hci_conn_params_lookup.
7032 */
7033 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 7034 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7035 MGMT_STATUS_INVALID_PARAMS,
7036 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 7037 goto unlock;
7038 }
7039
bf5b3c8b
MH		 7040 /* If the connection parameters don't exist for this device,
7041 * they will be created and configured with defaults.
7042 */
51d7a94d 7043 if (hci_conn_params_set(hdev, &cp->addr.bdaddr, addr_type,
d06b50ce 7044 auto_conn) < 0) {
51d7a94d
JH		 7045 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7046 MGMT_STATUS_FAILED, &cp->addr,
7047 sizeof(cp->addr));
2faade53 7048 goto unlock;
4c54bf2b
APS		 7049 } else {
7050 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7051 addr_type);
7052 if (params)
7053 current_flags = params->current_flags;
2faade53
MH		 7054 }
7055
e8907f76
LAD		 7056 err = hci_cmd_sync_queue(hdev, add_device_sync, NULL, NULL);
7057 if (err < 0)
7058 goto unlock;
51d7a94d 7059
6659358e 7060added:
8afef092 7061 device_added(sk, hdev, &cp->addr.bdaddr, cp->addr.type, cp->action);
4c54bf2b
APS		 7062 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, cp->addr.type,
7063 SUPPORTED_DEVICE_FLAGS(), current_flags);
8afef092 7064
51d7a94d
JH		 7065 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_DEVICE,
7066 MGMT_STATUS_SUCCESS, &cp->addr,
7067 sizeof(cp->addr));
2faade53
MH		 7068
7069unlock:
7070 hci_dev_unlock(hdev);
7071 return err;
7072}
7073
8afef092
MH		 7074static void device_removed(struct sock *sk, struct hci_dev *hdev,
7075 bdaddr_t *bdaddr, u8 type)
7076{
7077 struct mgmt_ev_device_removed ev;
7078
7079 bacpy(&ev.addr.bdaddr, bdaddr);
7080 ev.addr.type = type;
7081
7082 mgmt_event(MGMT_EV_DEVICE_REMOVED, hdev, &ev, sizeof(ev), sk);
7083}
7084
e8907f76
LAD		 7085static int remove_device_sync(struct hci_dev *hdev, void *data)
7086{
7087 return hci_update_passive_scan_sync(hdev);
7088}
7089
2faade53
MH		 7090static int remove_device(struct sock *sk, struct hci_dev *hdev,
7091 void *data, u16 len)
7092{
7093 struct mgmt_cp_remove_device *cp = data;
7094 int err;
7095
181d6953 7096 bt_dev_dbg(hdev, "sock %p", sk);
2faade53
MH		 7097
7098 hci_dev_lock(hdev);
7099
7100 if (bacmp(&cp->addr.bdaddr, BDADDR_ANY)) {
c71593dd 7101 struct hci_conn_params *params;
2faade53
MH		 7102 u8 addr_type;
7103
6659358e 7104 if (!bdaddr_type_is_valid(cp->addr.type)) {
51d7a94d
JH		 7105 err = mgmt_cmd_complete(sk, hdev->id,
7106 MGMT_OP_REMOVE_DEVICE,
7107 MGMT_STATUS_INVALID_PARAMS,
7108 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7109 goto unlock;
7110 }
7111
6659358e 7112 if (cp->addr.type == BDADDR_BREDR) {
3d4f9c00 7113 err = hci_bdaddr_list_del(&hdev->accept_list,
6659358e
JH		 7114 &cp->addr.bdaddr,
7115 cp->addr.type);
7116 if (err) {
51d7a94d
JH		 7117 err = mgmt_cmd_complete(sk, hdev->id,
7118 MGMT_OP_REMOVE_DEVICE,
7119 MGMT_STATUS_INVALID_PARAMS,
7120 &cp->addr,
7121 sizeof(cp->addr));
6659358e
JH		 7122 goto unlock;
7123 }
7124
01b1cb87 7125 hci_req_update_scan(hdev);
a397407f 7126
6659358e
JH		 7127 device_removed(sk, hdev, &cp->addr.bdaddr,
7128 cp->addr.type);
7129 goto complete;
7130 }
7131
85813a7e 7132 addr_type = le_addr_type(cp->addr.type);
2faade53 7133
9a0a8a8e
JP		 7134 /* Kernel internally uses conn_params with resolvable private
7135 * address, but Remove Device allows only identity addresses.
7136 * Make sure it is enforced before calling
7137 * hci_conn_params_lookup.
7138 */
7139 if (!hci_is_identity_address(&cp->addr.bdaddr, addr_type)) {
51d7a94d
JH		 7140 err = mgmt_cmd_complete(sk, hdev->id,
7141 MGMT_OP_REMOVE_DEVICE,
7142 MGMT_STATUS_INVALID_PARAMS,
7143 &cp->addr, sizeof(cp->addr));
9a0a8a8e
JP		 7144 goto unlock;
7145 }
7146
c71593dd
JH		 7147 params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr,
7148 addr_type);
7149 if (!params) {
51d7a94d
JH		 7150 err = mgmt_cmd_complete(sk, hdev->id,
7151 MGMT_OP_REMOVE_DEVICE,
7152 MGMT_STATUS_INVALID_PARAMS,
7153 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 7154 goto unlock;
7155 }
7156
679d2b6f
JH		 7157 if (params->auto_connect == HCI_AUTO_CONN_DISABLED ||
7158 params->auto_connect == HCI_AUTO_CONN_EXPLICIT) {
51d7a94d
JH		 7159 err = mgmt_cmd_complete(sk, hdev->id,
7160 MGMT_OP_REMOVE_DEVICE,
7161 MGMT_STATUS_INVALID_PARAMS,
7162 &cp->addr, sizeof(cp->addr));
c71593dd
JH		 7163 goto unlock;
7164 }
7165
d1dbf12e 7166 list_del(&params->action);
c71593dd
JH		 7167 list_del(&params->list);
7168 kfree(params);
8afef092
MH		 7169
7170 device_removed(sk, hdev, &cp->addr.bdaddr, cp->addr.type);
2faade53 7171 } else {
19de0825 7172 struct hci_conn_params *p, *tmp;
6659358e 7173 struct bdaddr_list *b, *btmp;
19de0825 7174
2faade53 7175 if (cp->addr.type) {
51d7a94d
JH		 7176 err = mgmt_cmd_complete(sk, hdev->id,
7177 MGMT_OP_REMOVE_DEVICE,
7178 MGMT_STATUS_INVALID_PARAMS,
7179 &cp->addr, sizeof(cp->addr));
2faade53
MH		 7180 goto unlock;
7181 }
7182
3d4f9c00 7183 list_for_each_entry_safe(b, btmp, &hdev->accept_list, list) {
6659358e
JH		 7184 device_removed(sk, hdev, &b->bdaddr, b->bdaddr_type);
7185 list_del(&b->list);
7186 kfree(b);
7187 }
7188
01b1cb87 7189 hci_req_update_scan(hdev);
a397407f 7190
19de0825
JH		 7191 list_for_each_entry_safe(p, tmp, &hdev->le_conn_params, list) {
7192 if (p->auto_connect == HCI_AUTO_CONN_DISABLED)
7193 continue;
7194 device_removed(sk, hdev, &p->addr, p->addr_type);
679d2b6f
JH		 7195 if (p->explicit_connect) {
7196 p->auto_connect = HCI_AUTO_CONN_EXPLICIT;
7197 continue;
7198 }
19de0825
JH		 7199 list_del(&p->action);
7200 list_del(&p->list);
7201 kfree(p);
7202 }
7203
181d6953 7204 bt_dev_dbg(hdev, "All LE connection parameters were removed");
2faade53
MH		 7205 }
7206
e8907f76
LAD		 7207 hci_cmd_sync_queue(hdev, remove_device_sync, NULL, NULL);
7208
6659358e 7209complete:
51d7a94d
JH		 7210 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_REMOVE_DEVICE,
7211 MGMT_STATUS_SUCCESS, &cp->addr,
7212 sizeof(cp->addr));
2faade53
MH		 7213unlock:
7214 hci_dev_unlock(hdev);
7215 return err;
7216}
7217
a26f3dcf
JH		 7218static int load_conn_param(struct sock *sk, struct hci_dev *hdev, void *data,
7219 u16 len)
7220{
7221 struct mgmt_cp_load_conn_param *cp = data;
ba1d6936
JH		 7222 const u16 max_param_count = ((U16_MAX - sizeof(*cp)) /
7223 sizeof(struct mgmt_conn_param));
a26f3dcf
JH		 7224 u16 param_count, expected_len;
7225 int i;
7226
7227 if (!lmp_le_capable(hdev))
a69e8375
JH		 7228 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7229 MGMT_STATUS_NOT_SUPPORTED);
a26f3dcf
JH		 7230
7231 param_count = __le16_to_cpu(cp->param_count);
ba1d6936 7232 if (param_count > max_param_count) {
2064ee33
MH		 7233 bt_dev_err(hdev, "load_conn_param: too big param_count value %u",
7234 param_count);
a69e8375
JH		 7235 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7236 MGMT_STATUS_INVALID_PARAMS);
ba1d6936 7237 }
a26f3dcf 7238
5bec1fb8 7239 expected_len = struct_size(cp, params, param_count);
a26f3dcf 7240 if (expected_len != len) {
2064ee33
MH		 7241 bt_dev_err(hdev, "load_conn_param: expected %u bytes, got %u bytes",
7242 expected_len, len);
a69e8375
JH		 7243 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM,
7244 MGMT_STATUS_INVALID_PARAMS);
a26f3dcf
JH		 7245 }
7246
181d6953 7247 bt_dev_dbg(hdev, "param_count %u", param_count);
a26f3dcf
JH		 7248
7249 hci_dev_lock(hdev);
7250
7251 hci_conn_params_clear_disabled(hdev);
7252
7253 for (i = 0; i < param_count; i++) {
7254 struct mgmt_conn_param *param = &cp->params[i];
7255 struct hci_conn_params *hci_param;
7256 u16 min, max, latency, timeout;
7257 u8 addr_type;
7258
181d6953
MH		 7259 bt_dev_dbg(hdev, "Adding %pMR (type %u)", &param->addr.bdaddr,
7260 param->addr.type);
a26f3dcf
JH		 7261
7262 if (param->addr.type == BDADDR_LE_PUBLIC) {
7263 addr_type = ADDR_LE_DEV_PUBLIC;
7264 } else if (param->addr.type == BDADDR_LE_RANDOM) {
7265 addr_type = ADDR_LE_DEV_RANDOM;
7266 } else {
2064ee33 7267 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 7268 continue;
7269 }
7270
7271 min = le16_to_cpu(param->min_interval);
7272 max = le16_to_cpu(param->max_interval);
7273 latency = le16_to_cpu(param->latency);
7274 timeout = le16_to_cpu(param->timeout);
7275
181d6953
MH		 7276 bt_dev_dbg(hdev, "min 0x%04x max 0x%04x latency 0x%04x timeout 0x%04x",
7277 min, max, latency, timeout);
a26f3dcf
JH		 7278
7279 if (hci_check_conn_params(min, max, latency, timeout) < 0) {
2064ee33 7280 bt_dev_err(hdev, "ignoring invalid connection parameters");
a26f3dcf
JH		 7281 continue;
7282 }
7283
7284 hci_param = hci_conn_params_add(hdev, &param->addr.bdaddr,
7285 addr_type);
7286 if (!hci_param) {
2064ee33 7287 bt_dev_err(hdev, "failed to add connection parameters");
a26f3dcf
JH		 7288 continue;
7289 }
7290
7291 hci_param->conn_min_interval = min;
7292 hci_param->conn_max_interval = max;
7293 hci_param->conn_latency = latency;
7294 hci_param->supervision_timeout = timeout;
7295 }
7296
7297 hci_dev_unlock(hdev);
7298
2a1afb5a
JH		 7299 return mgmt_cmd_complete(sk, hdev->id, MGMT_OP_LOAD_CONN_PARAM, 0,
7300 NULL, 0);
a26f3dcf
JH		 7301}
7302
dbece37a
MH		 7303static int set_external_config(struct sock *sk, struct hci_dev *hdev,
7304 void *data, u16 len)
7305{
7306 struct mgmt_cp_set_external_config *cp = data;
7307 bool changed;
7308 int err;
7309
181d6953 7310 bt_dev_dbg(hdev, "sock %p", sk);
dbece37a
MH		 7311
7312 if (hdev_is_powered(hdev))
a69e8375
JH		 7313 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7314 MGMT_STATUS_REJECTED);
dbece37a
MH		 7315
7316 if (cp->config != 0x00 && cp->config != 0x01)
a69e8375
JH		 7317 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7318 MGMT_STATUS_INVALID_PARAMS);
dbece37a
MH		 7319
7320 if (!test_bit(HCI_QUIRK_EXTERNAL_CONFIG, &hdev->quirks))
a69e8375
JH		 7321 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_EXTERNAL_CONFIG,
7322 MGMT_STATUS_NOT_SUPPORTED);
dbece37a
MH		 7323
7324 hci_dev_lock(hdev);
7325
7326 if (cp->config)
238be788 7327 changed = !hci_dev_test_and_set_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a 7328 else
a69d8927 7329 changed = hci_dev_test_and_clear_flag(hdev, HCI_EXT_CONFIGURED);
dbece37a
MH		 7330
7331 err = send_options_rsp(sk, MGMT_OP_SET_EXTERNAL_CONFIG, hdev);
7332 if (err < 0)
7333 goto unlock;
7334
7335 if (!changed)
7336 goto unlock;
7337
f4537c04
MH		 7338 err = new_options(hdev, sk);
7339
d7a5a11d 7340 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED) == is_configured(hdev)) {
dbece37a 7341 mgmt_index_removed(hdev);
d603b76b 7342
516018a9 7343 if (hci_dev_test_and_change_flag(hdev, HCI_UNCONFIGURED)) {
a1536da2
MH		 7344 hci_dev_set_flag(hdev, HCI_CONFIG);
7345 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
d603b76b
MH		 7346
7347 queue_work(hdev->req_workqueue, &hdev->power_on);
7348 } else {
5ea234d3 7349 set_bit(HCI_RAW, &hdev->flags);
d603b76b
MH		 7350 mgmt_index_added(hdev);
7351 }
dbece37a
MH		 7352 }
7353
7354unlock:
7355 hci_dev_unlock(hdev);
7356 return err;
7357}
7358
9713c17b
MH		 7359static int set_public_address(struct sock *sk, struct hci_dev *hdev,
7360 void *data, u16 len)
7361{
7362 struct mgmt_cp_set_public_address *cp = data;
7363 bool changed;
7364 int err;
7365
181d6953 7366 bt_dev_dbg(hdev, "sock %p", sk);
9713c17b
MH		 7367
7368 if (hdev_is_powered(hdev))
a69e8375
JH		 7369 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7370 MGMT_STATUS_REJECTED);
9713c17b
MH		 7371
7372 if (!bacmp(&cp->bdaddr, BDADDR_ANY))
a69e8375
JH		 7373 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7374 MGMT_STATUS_INVALID_PARAMS);
9713c17b
MH		 7375
7376 if (!hdev->set_bdaddr)
a69e8375
JH		 7377 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_PUBLIC_ADDRESS,
7378 MGMT_STATUS_NOT_SUPPORTED);
9713c17b
MH		 7379
7380 hci_dev_lock(hdev);
7381
7382 changed = !!bacmp(&hdev->public_addr, &cp->bdaddr);
7383 bacpy(&hdev->public_addr, &cp->bdaddr);
7384
7385 err = send_options_rsp(sk, MGMT_OP_SET_PUBLIC_ADDRESS, hdev);
7386 if (err < 0)
7387 goto unlock;
7388
7389 if (!changed)
7390 goto unlock;
7391
d7a5a11d 7392 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED))
9713c17b
MH		 7393 err = new_options(hdev, sk);
7394
7395 if (is_configured(hdev)) {
7396 mgmt_index_removed(hdev);
7397
a358dc11 7398 hci_dev_clear_flag(hdev, HCI_UNCONFIGURED);
9713c17b 7399
a1536da2
MH		 7400 hci_dev_set_flag(hdev, HCI_CONFIG);
7401 hci_dev_set_flag(hdev, HCI_AUTO_OFF);
9713c17b
MH		 7402
7403 queue_work(hdev->req_workqueue, &hdev->power_on);
7404 }
7405
7406unlock:
7407 hci_dev_unlock(hdev);
7408 return err;
7409}
7410
40f66c05
JH		 7411static void read_local_oob_ext_data_complete(struct hci_dev *hdev, u8 status,
7412 u16 opcode, struct sk_buff *skb)
7413{
7414 const struct mgmt_cp_read_local_oob_ext_data *mgmt_cp;
7415 struct mgmt_rp_read_local_oob_ext_data *mgmt_rp;
7416 u8 *h192, *r192, *h256, *r256;
7417 struct mgmt_pending_cmd *cmd;
7418 u16 eir_len;
7419 int err;
7420
181d6953 7421 bt_dev_dbg(hdev, "status %u", status);
40f66c05
JH		 7422
7423 cmd = pending_find(MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev);
7424 if (!cmd)
7425 return;
7426
7427 mgmt_cp = cmd->param;
7428
7429 if (status) {
7430 status = mgmt_status(status);
7431 eir_len = 0;
7432
7433 h192 = NULL;
7434 r192 = NULL;
7435 h256 = NULL;
7436 r256 = NULL;
7437 } else if (opcode == HCI_OP_READ_LOCAL_OOB_DATA) {
7438 struct hci_rp_read_local_oob_data *rp;
7439
7440 if (skb->len != sizeof(*rp)) {
7441 status = MGMT_STATUS_FAILED;
7442 eir_len = 0;
7443 } else {
7444 status = MGMT_STATUS_SUCCESS;
7445 rp = (void *)skb->data;
7446
7447 eir_len = 5 + 18 + 18;
7448 h192 = rp->hash;
7449 r192 = rp->rand;
7450 h256 = NULL;
7451 r256 = NULL;
7452 }
7453 } else {
7454 struct hci_rp_read_local_oob_ext_data *rp;
7455
7456 if (skb->len != sizeof(*rp)) {
7457 status = MGMT_STATUS_FAILED;
7458 eir_len = 0;
7459 } else {
7460 status = MGMT_STATUS_SUCCESS;
7461 rp = (void *)skb->data;
7462
7463 if (hci_dev_test_flag(hdev, HCI_SC_ONLY)) {
7464 eir_len = 5 + 18 + 18;
7465 h192 = NULL;
7466 r192 = NULL;
7467 } else {
7468 eir_len = 5 + 18 + 18 + 18 + 18;
7469 h192 = rp->hash192;
7470 r192 = rp->rand192;
7471 }
7472
7473 h256 = rp->hash256;
7474 r256 = rp->rand256;
7475 }
7476 }
7477
7478 mgmt_rp = kmalloc(sizeof(*mgmt_rp) + eir_len, GFP_KERNEL);
7479 if (!mgmt_rp)
7480 goto done;
7481
a31e5a41 7482 if (eir_len == 0)
40f66c05
JH		 7483 goto send_rsp;
7484
7485 eir_len = eir_append_data(mgmt_rp->eir, 0, EIR_CLASS_OF_DEV,
7486 hdev->dev_class, 3);
7487
7488 if (h192 && r192) {
7489 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7490 EIR_SSP_HASH_C192, h192, 16);
7491 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7492 EIR_SSP_RAND_R192, r192, 16);
7493 }
7494
7495 if (h256 && r256) {
7496 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7497 EIR_SSP_HASH_C256, h256, 16);
7498 eir_len = eir_append_data(mgmt_rp->eir, eir_len,
7499 EIR_SSP_RAND_R256, r256, 16);
7500 }
7501
7502send_rsp:
7503 mgmt_rp->type = mgmt_cp->type;
7504 mgmt_rp->eir_len = cpu_to_le16(eir_len);
7505
7506 err = mgmt_cmd_complete(cmd->sk, hdev->id,
7507 MGMT_OP_READ_LOCAL_OOB_EXT_DATA, status,
7508 mgmt_rp, sizeof(*mgmt_rp) + eir_len);
7509 if (err < 0 || status)
7510 goto done;
7511
7512 hci_sock_set_flag(cmd->sk, HCI_MGMT_OOB_DATA_EVENTS);
7513
7514 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7515 mgmt_rp, sizeof(*mgmt_rp) + eir_len,
7516 HCI_MGMT_OOB_DATA_EVENTS, cmd->sk);
7517done:
7518 kfree(mgmt_rp);
7519 mgmt_pending_remove(cmd);
7520}
7521
7522static int read_local_ssp_oob_req(struct hci_dev *hdev, struct sock *sk,
7523 struct mgmt_cp_read_local_oob_ext_data *cp)
7524{
7525 struct mgmt_pending_cmd *cmd;
7526 struct hci_request req;
7527 int err;
7528
7529 cmd = mgmt_pending_add(sk, MGMT_OP_READ_LOCAL_OOB_EXT_DATA, hdev,
7530 cp, sizeof(*cp));
7531 if (!cmd)
7532 return -ENOMEM;
7533
7534 hci_req_init(&req, hdev);
7535
7536 if (bredr_sc_enabled(hdev))
7537 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_EXT_DATA, 0, NULL);
7538 else
7539 hci_req_add(&req, HCI_OP_READ_LOCAL_OOB_DATA, 0, NULL);
7540
7541 err = hci_req_run_skb(&req, read_local_oob_ext_data_complete);
7542 if (err < 0) {
7543 mgmt_pending_remove(cmd);
7544 return err;
7545 }
7546
7547 return 0;
7548}
7549
4f0f155c
MH		 7550static int read_local_oob_ext_data(struct sock *sk, struct hci_dev *hdev,
7551 void *data, u16 data_len)
7552{
7553 struct mgmt_cp_read_local_oob_ext_data *cp = data;
7554 struct mgmt_rp_read_local_oob_ext_data *rp;
7555 size_t rp_len;
7556 u16 eir_len;
0821a2c5 7557 u8 status, flags, role, addr[7], hash[16], rand[16];
4f0f155c
MH		 7558 int err;
7559
181d6953 7560 bt_dev_dbg(hdev, "sock %p", sk);
4f0f155c 7561
57b0d3e8
MH		 7562 if (hdev_is_powered(hdev)) {
7563 switch (cp->type) {
7564 case BIT(BDADDR_BREDR):
7565 status = mgmt_bredr_support(hdev);
7566 if (status)
7567 eir_len = 0;
7568 else
7569 eir_len = 5;
7570 break;
7571 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
7572 status = mgmt_le_support(hdev);
7573 if (status)
7574 eir_len = 0;
7575 else
7576 eir_len = 9 + 3 + 18 + 18 + 3;
7577 break;
7578 default:
7579 status = MGMT_STATUS_INVALID_PARAMS;
7580 eir_len = 0;
7581 break;
7582 }
7583 } else {
7584 status = MGMT_STATUS_NOT_POWERED;
7585 eir_len = 0;
4f0f155c
MH		 7586 }
7587
4f0f155c
MH		 7588 rp_len = sizeof(*rp) + eir_len;
7589 rp = kmalloc(rp_len, GFP_ATOMIC);
efcd8c98 7590 if (!rp)
4f0f155c 7591 return -ENOMEM;
efcd8c98 7592
81218cbe
BG		 7593 if (!status && !lmp_ssp_capable(hdev)) {
7594 status = MGMT_STATUS_NOT_SUPPORTED;
7595 eir_len = 0;
7596 }
7597
57b0d3e8
MH		 7598 if (status)
7599 goto complete;
7600
efcd8c98 7601 hci_dev_lock(hdev);
4f0f155c
MH		 7602
7603 eir_len = 0;
7604 switch (cp->type) {
7605 case BIT(BDADDR_BREDR):
40f66c05
JH		 7606 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
7607 err = read_local_ssp_oob_req(hdev, sk, cp);
7608 hci_dev_unlock(hdev);
7609 if (!err)
7610 goto done;
7611
7612 status = MGMT_STATUS_FAILED;
7613 goto complete;
7614 } else {
7615 eir_len = eir_append_data(rp->eir, eir_len,
7616 EIR_CLASS_OF_DEV,
7617 hdev->dev_class, 3);
7618 }
4f0f155c
MH		 7619 break;
7620 case (BIT(BDADDR_LE_PUBLIC) | BIT(BDADDR_LE_RANDOM)):
5082a599
MH		 7621 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED) &&
7622 smp_generate_oob(hdev, hash, rand) < 0) {
0821a2c5 7623 hci_dev_unlock(hdev);
57b0d3e8
MH		 7624 status = MGMT_STATUS_FAILED;
7625 goto complete;
0821a2c5
MH		 7626 }
7627
e213568a
MH		 7628 /* This should return the active RPA, but since the RPA
7629 * is only programmed on demand, it is really hard to fill
7630 * this in at the moment. For now disallow retrieving
7631 * local out-of-band data when privacy is in use.
7632 *
7633 * Returning the identity address will not help here since
7634 * pairing happens before the identity resolving key is
7635 * known and thus the connection establishment happens
7636 * based on the RPA and not the identity address.
7637 */
4f0f155c 7638 if (hci_dev_test_flag(hdev, HCI_PRIVACY)) {
e213568a
MH		 7639 hci_dev_unlock(hdev);
7640 status = MGMT_STATUS_REJECTED;
7641 goto complete;
7642 }
7643
7644 if (hci_dev_test_flag(hdev, HCI_FORCE_STATIC_ADDR) ||
7645 !bacmp(&hdev->bdaddr, BDADDR_ANY) ||
7646 (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED) &&
7647 bacmp(&hdev->static_addr, BDADDR_ANY))) {
4f0f155c
MH		 7648 memcpy(addr, &hdev->static_addr, 6);
7649 addr[6] = 0x01;
7650 } else {
7651 memcpy(addr, &hdev->bdaddr, 6);
7652 addr[6] = 0x00;
7653 }
7654
7655 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_BDADDR,
7656 addr, sizeof(addr));
7657
7658 if (hci_dev_test_flag(hdev, HCI_ADVERTISING))
7659 role = 0x02;
7660 else
7661 role = 0x01;
7662
7663 eir_len = eir_append_data(rp->eir, eir_len, EIR_LE_ROLE,
7664 &role, sizeof(role));
7665
5082a599
MH		 7666 if (hci_dev_test_flag(hdev, HCI_SC_ENABLED)) {
7667 eir_len = eir_append_data(rp->eir, eir_len,
7668 EIR_LE_SC_CONFIRM,
7669 hash, sizeof(hash));
0821a2c5 7670
5082a599
MH		 7671 eir_len = eir_append_data(rp->eir, eir_len,
7672 EIR_LE_SC_RANDOM,
7673 rand, sizeof(rand));
7674 }
0821a2c5 7675
f2252570 7676 flags = mgmt_get_adv_discov_flags(hdev);
4f0f155c
MH		 7677
7678 if (!hci_dev_test_flag(hdev, HCI_BREDR_ENABLED))
7679 flags |= LE_AD_NO_BREDR;
7680
7681 eir_len = eir_append_data(rp->eir, eir_len, EIR_FLAGS,
7682 &flags, sizeof(flags));
7683 break;
7684 }
7685
4f0f155c
MH		 7686 hci_dev_unlock(hdev);
7687
72000df2
MH		 7688 hci_sock_set_flag(sk, HCI_MGMT_OOB_DATA_EVENTS);
7689
57b0d3e8
MH		 7690 status = MGMT_STATUS_SUCCESS;
7691
7692complete:
efcd8c98
MH		 7693 rp->type = cp->type;
7694 rp->eir_len = cpu_to_le16(eir_len);
7695
4f0f155c 7696 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_LOCAL_OOB_EXT_DATA,
57b0d3e8
MH		 7697 status, rp, sizeof(*rp) + eir_len);
7698 if (err < 0 || status)
72000df2
MH		 7699 goto done;
7700
7701 err = mgmt_limited_event(MGMT_EV_LOCAL_OOB_DATA_UPDATED, hdev,
7702 rp, sizeof(*rp) + eir_len,
7703 HCI_MGMT_OOB_DATA_EVENTS, sk);
4f0f155c 7704
0821a2c5 7705done:
4f0f155c
MH		 7706 kfree(rp);
7707
7708 return err;
7709}
7710
089fa8c0
AU		 7711static u32 get_supported_adv_flags(struct hci_dev *hdev)
7712{
7713 u32 flags = 0;
7714
7715 flags |= MGMT_ADV_FLAG_CONNECTABLE;
7716 flags |= MGMT_ADV_FLAG_DISCOV;
7717 flags |= MGMT_ADV_FLAG_LIMITED_DISCOV;
7718 flags |= MGMT_ADV_FLAG_MANAGED_FLAGS;
c4960ecf 7719 flags |= MGMT_ADV_FLAG_APPEARANCE;
7c295c48 7720 flags |= MGMT_ADV_FLAG_LOCAL_NAME;
12410572
DW		 7721 flags |= MGMT_ADV_PARAM_DURATION;
7722 flags |= MGMT_ADV_PARAM_TIMEOUT;
7723 flags |= MGMT_ADV_PARAM_INTERVALS;
7724 flags |= MGMT_ADV_PARAM_TX_POWER;
ff02db13 7725 flags |= MGMT_ADV_PARAM_SCAN_RSP;
089fa8c0 7726
de181e88
JK		 7727 /* In extended adv TX_POWER returned from Set Adv Param
7728 * will be always valid.
7729 */
7730 if ((hdev->adv_tx_power != HCI_TX_POWER_INVALID) ||
7731 ext_adv_capable(hdev))
089fa8c0
AU		 7732 flags |= MGMT_ADV_FLAG_TX_POWER;
7733
85a721a8
JK		 7734 if (ext_adv_capable(hdev)) {
7735 flags |= MGMT_ADV_FLAG_SEC_1M;
d5ea32da
DW		 7736 flags |= MGMT_ADV_FLAG_HW_OFFLOAD;
7737 flags |= MGMT_ADV_FLAG_CAN_SET_TX_POWER;
85a721a8
JK		 7738
7739 if (hdev->le_features[1] & HCI_LE_PHY_2M)
7740 flags |= MGMT_ADV_FLAG_SEC_2M;
7741
7742 if (hdev->le_features[1] & HCI_LE_PHY_CODED)
7743 flags |= MGMT_ADV_FLAG_SEC_CODED;
7744 }
7745
089fa8c0
AU		 7746 return flags;
7747}
7748
d3d5305b
MH		 7749static int read_adv_features(struct sock *sk, struct hci_dev *hdev,
7750 void *data, u16 data_len)
7751{
7752 struct mgmt_rp_read_adv_features *rp;
7753 size_t rp_len;
02c04afe 7754 int err;
286e0c83 7755 struct adv_info *adv_instance;
089fa8c0 7756 u32 supported_flags;
02c04afe 7757 u8 *instance;
d3d5305b 7758
181d6953 7759 bt_dev_dbg(hdev, "sock %p", sk);
d3d5305b 7760
089fa8c0
AU		 7761 if (!lmp_le_capable(hdev))
7762 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7763 MGMT_STATUS_REJECTED);
7764
d3d5305b
MH		 7765 hci_dev_lock(hdev);
7766
02c04afe 7767 rp_len = sizeof(*rp) + hdev->adv_instance_cnt;
d3d5305b
MH		 7768 rp = kmalloc(rp_len, GFP_ATOMIC);
7769 if (!rp) {
7770 hci_dev_unlock(hdev);
7771 return -ENOMEM;
7772 }
7773
089fa8c0
AU		 7774 supported_flags = get_supported_adv_flags(hdev);
7775
7776 rp->supported_flags = cpu_to_le32(supported_flags);
dc5d82a9
MH		 7777 rp->max_adv_data_len = HCI_MAX_AD_LENGTH;
7778 rp->max_scan_rsp_len = HCI_MAX_AD_LENGTH;
87597482 7779 rp->max_instances = hdev->le_num_of_adv_sets;
02c04afe 7780 rp->num_instances = hdev->adv_instance_cnt;
24b4f38f 7781
02c04afe
JH		 7782 instance = rp->instance;
7783 list_for_each_entry(adv_instance, &hdev->adv_instances, list) {
7784 *instance = adv_instance->instance;
7785 instance++;
24b4f38f 7786 }
d3d5305b
MH		 7787
7788 hci_dev_unlock(hdev);
7789
7790 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_READ_ADV_FEATURES,
7791 MGMT_STATUS_SUCCESS, rp, rp_len);
7792
7793 kfree(rp);
7794
7795 return err;
7796}
7797
f61851f6
MN		 7798static u8 calculate_name_len(struct hci_dev *hdev)
7799{
7800 u8 buf[HCI_MAX_SHORT_NAME_LENGTH + 3];
7801
01ce70b0 7802 return eir_append_local_name(hdev, buf, 0);
f61851f6
MN		 7803}
7804
7805static u8 tlv_data_max_len(struct hci_dev *hdev, u32 adv_flags,
7806 bool is_adv_data)
24b4f38f 7807{
4117ed70 7808 u8 max_len = HCI_MAX_AD_LENGTH;
24b4f38f 7809
31a3248d
MH		 7810 if (is_adv_data) {
7811 if (adv_flags & (MGMT_ADV_FLAG_DISCOV |
7812 MGMT_ADV_FLAG_LIMITED_DISCOV |
2bb36870 7813 MGMT_ADV_FLAG_MANAGED_FLAGS))
31a3248d 7814 max_len -= 3;
24b4f38f 7815
2bb36870 7816 if (adv_flags & MGMT_ADV_FLAG_TX_POWER)
31a3248d 7817 max_len -= 3;
7c295c48 7818 } else {
7c295c48 7819 if (adv_flags & MGMT_ADV_FLAG_LOCAL_NAME)
f61851f6 7820 max_len -= calculate_name_len(hdev);
c4960ecf 7821
2bb36870 7822 if (adv_flags & (MGMT_ADV_FLAG_APPEARANCE))
c4960ecf 7823 max_len -= 4;
5507e358
AU		 7824 }
7825
2bb36870
SJ		 7826 return max_len;
7827}
7828
7829static bool flags_managed(u32 adv_flags)
7830{
7831 return adv_flags & (MGMT_ADV_FLAG_DISCOV |
7832 MGMT_ADV_FLAG_LIMITED_DISCOV |
7833 MGMT_ADV_FLAG_MANAGED_FLAGS);
7834}
7835
7836static bool tx_power_managed(u32 adv_flags)
7837{
7838 return adv_flags & MGMT_ADV_FLAG_TX_POWER;
7839}
7840
7841static bool name_managed(u32 adv_flags)
7842{
7843 return adv_flags & MGMT_ADV_FLAG_LOCAL_NAME;
7844}
7845
7846static bool appearance_managed(u32 adv_flags)
7847{
7848 return adv_flags & MGMT_ADV_FLAG_APPEARANCE;
7849}
7850
f61851f6
MN		 7851static bool tlv_data_is_valid(struct hci_dev *hdev, u32 adv_flags, u8 *data,
7852 u8 len, bool is_adv_data)
2bb36870
SJ		 7853{
7854 int i, cur_len;
7855 u8 max_len;
7856
f61851f6 7857 max_len = tlv_data_max_len(hdev, adv_flags, is_adv_data);
2bb36870 7858
4117ed70 7859 if (len > max_len)
24b4f38f
AU		 7860 return false;
7861
4117ed70
AU		 7862 /* Make sure that the data is correctly formatted. */
7863 for (i = 0, cur_len = 0; i < len; i += (cur_len + 1)) {
7864 cur_len = data[i];
24b4f38f 7865
799acb93
LAD		 7866 if (!cur_len)
7867 continue;
7868
9c9db78d
SJ		 7869 if (data[i + 1] == EIR_FLAGS &&
7870 (!is_adv_data || flags_managed(adv_flags)))
2bb36870
SJ		 7871 return false;
7872
7873 if (data[i + 1] == EIR_TX_POWER && tx_power_managed(adv_flags))
7874 return false;
7875
7876 if (data[i + 1] == EIR_NAME_COMPLETE && name_managed(adv_flags))
7877 return false;
7878
7879 if (data[i + 1] == EIR_NAME_SHORT && name_managed(adv_flags))
b44133ff
AU		 7880 return false;
7881
2bb36870
SJ		 7882 if (data[i + 1] == EIR_APPEARANCE &&
7883 appearance_managed(adv_flags))
5507e358
AU		 7884 return false;
7885
24b4f38f
AU		 7886 /* If the current field length would exceed the total data
7887 * length, then it's invalid.
7888 */
4117ed70 7889 if (i + cur_len >= len)
24b4f38f
AU		 7890 return false;
7891 }
7892
7893 return true;
7894}
7895
12410572
DW		 7896static bool requested_adv_flags_are_valid(struct hci_dev *hdev, u32 adv_flags)
7897{
7898 u32 supported_flags, phy_flags;
7899
7900 /* The current implementation only supports a subset of the specified
7901 * flags. Also need to check mutual exclusiveness of sec flags.
7902 */
7903 supported_flags = get_supported_adv_flags(hdev);
7904 phy_flags = adv_flags & MGMT_ADV_FLAG_SEC_MASK;
7905 if (adv_flags & ~supported_flags ||
7906 ((phy_flags && (phy_flags ^ (phy_flags & -phy_flags)))))
7907 return false;
7908
7909 return true;
7910}
7911
7912static bool adv_busy(struct hci_dev *hdev)
7913{
7914 return (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
7915 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
7916 pending_find(MGMT_OP_SET_LE, hdev) ||
7917 pending_find(MGMT_OP_ADD_EXT_ADV_PARAMS, hdev) ||
7918 pending_find(MGMT_OP_ADD_EXT_ADV_DATA, hdev));
7919}
7920
cba6b758
LAD		 7921static void add_adv_complete(struct hci_dev *hdev, struct sock *sk, u8 instance,
7922 int err)
24b4f38f 7923{
cba6b758 7924 struct adv_info *adv, *n;
24b4f38f 7925
cba6b758 7926 bt_dev_dbg(hdev, "err %d", err);
24b4f38f
AU		 7927
7928 hci_dev_lock(hdev);
7929
cba6b758
LAD		 7930 list_for_each_entry_safe(adv, n, &hdev->adv_instances, list) {
7931 u8 instance;
24b4f38f 7932
cba6b758 7933 if (!adv->pending)
fffd38bc
FG		 7934 continue;
7935
cba6b758
LAD		 7936 if (!err) {
7937 adv->pending = false;
fffd38bc
FG		 7938 continue;
7939 }
7940
cba6b758 7941 instance = adv->instance;
fffd38bc
FG		 7942
7943 if (hdev->cur_adv_instance == instance)
7944 cancel_adv_timeout(hdev);
7945
7946 hci_remove_adv_instance(hdev, instance);
cba6b758 7947 mgmt_advertising_removed(sk, hdev, instance);
24b4f38f
AU		 7948 }
7949
cba6b758
LAD		 7950 hci_dev_unlock(hdev);
7951}
7952
7953static void add_advertising_complete(struct hci_dev *hdev, void *data, int err)
7954{
7955 struct mgmt_pending_cmd *cmd = data;
7956 struct mgmt_cp_add_advertising *cp = cmd->param;
7957 struct mgmt_rp_add_advertising rp;
7958
7959 memset(&rp, 0, sizeof(rp));
24b4f38f 7960
fffd38bc 7961 rp.instance = cp->instance;
24b4f38f 7962
cba6b758 7963 if (err)
24b4f38f 7964 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
cba6b758 7965 mgmt_status(err));
24b4f38f
AU		 7966 else
7967 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
cba6b758 7968 mgmt_status(err), &rp, sizeof(rp));
24b4f38f 7969
cba6b758 7970 add_adv_complete(hdev, cmd->sk, cp->instance, err);
24b4f38f 7971
cba6b758
LAD		 7972 mgmt_pending_free(cmd);
7973}
7974
7975static int add_advertising_sync(struct hci_dev *hdev, void *data)
7976{
7977 struct mgmt_pending_cmd *cmd = data;
7978 struct mgmt_cp_add_advertising *cp = cmd->param;
7979
7980 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
24b4f38f
AU		 7981}
7982
7983static int add_advertising(struct sock *sk, struct hci_dev *hdev,
7984 void *data, u16 data_len)
7985{
7986 struct mgmt_cp_add_advertising *cp = data;
7987 struct mgmt_rp_add_advertising rp;
7988 u32 flags;
7989 u8 status;
fffd38bc
FG		 7990 u16 timeout, duration;
7991 unsigned int prev_instance_cnt = hdev->adv_instance_cnt;
7992 u8 schedule_instance = 0;
7993 struct adv_info *next_instance;
24b4f38f
AU		 7994 int err;
7995 struct mgmt_pending_cmd *cmd;
24b4f38f 7996
181d6953 7997 bt_dev_dbg(hdev, "sock %p", sk);
24b4f38f
AU		 7998
7999 status = mgmt_le_support(hdev);
8000 if (status)
8001 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8002 status);
8003
87597482 8004 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
6a0e7807
JH		 8005 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8006 MGMT_STATUS_INVALID_PARAMS);
8007
8008 if (data_len != sizeof(*cp) + cp->adv_data_len + cp->scan_rsp_len)
ceff86af
MH		 8009 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8010 MGMT_STATUS_INVALID_PARAMS);
8011
24b4f38f 8012 flags = __le32_to_cpu(cp->flags);
912098a6 8013 timeout = __le16_to_cpu(cp->timeout);
fffd38bc 8014 duration = __le16_to_cpu(cp->duration);
24b4f38f 8015
12410572 8016 if (!requested_adv_flags_are_valid(hdev, flags))
24b4f38f
AU		 8017 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8018 MGMT_STATUS_INVALID_PARAMS);
8019
8020 hci_dev_lock(hdev);
8021
912098a6
AU		 8022 if (timeout && !hdev_is_powered(hdev)) {
8023 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8024 MGMT_STATUS_REJECTED);
8025 goto unlock;
8026 }
8027
12410572 8028 if (adv_busy(hdev)) {
24b4f38f
AU		 8029 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8030 MGMT_STATUS_BUSY);
8031 goto unlock;
8032 }
8033
f61851f6
MN		 8034 if (!tlv_data_is_valid(hdev, flags, cp->data, cp->adv_data_len, true) ||
8035 !tlv_data_is_valid(hdev, flags, cp->data + cp->adv_data_len,
b44133ff 8036 cp->scan_rsp_len, false)) {
24b4f38f
AU		 8037 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8038 MGMT_STATUS_INVALID_PARAMS);
8039 goto unlock;
8040 }
8041
fffd38bc
FG		 8042 err = hci_add_adv_instance(hdev, cp->instance, flags,
8043 cp->adv_data_len, cp->data,
8044 cp->scan_rsp_len,
8045 cp->data + cp->adv_data_len,
9bf9f4b6
DW		 8046 timeout, duration,
8047 HCI_ADV_TX_POWER_NO_PREFERENCE,
8048 hdev->le_adv_min_interval,
8049 hdev->le_adv_max_interval);
fffd38bc
FG		 8050 if (err < 0) {
8051 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8052 MGMT_STATUS_FAILED);
8053 goto unlock;
8054 }
24b4f38f 8055
fffd38bc
FG		 8056 /* Only trigger an advertising added event if a new instance was
8057 * actually added.
8058 */
8059 if (hdev->adv_instance_cnt > prev_instance_cnt)
f2252570 8060 mgmt_advertising_added(sk, hdev, cp->instance);
912098a6 8061
fffd38bc
FG		 8062 if (hdev->cur_adv_instance == cp->instance) {
8063 /* If the currently advertised instance is being changed then
8064 * cancel the current advertising and schedule the next
8065 * instance. If there is only one instance then the overridden
8066 * advertising data will be visible right away.
8067 */
8068 cancel_adv_timeout(hdev);
912098a6 8069
fffd38bc
FG		 8070 next_instance = hci_get_next_instance(hdev, cp->instance);
8071 if (next_instance)
8072 schedule_instance = next_instance->instance;
8073 } else if (!hdev->adv_instance_timeout) {
8074 /* Immediately advertise the new instance if no other
8075 * instance is currently being advertised.
8076 */
8077 schedule_instance = cp->instance;
8078 }
24b4f38f 8079
fffd38bc
FG		 8080 /* If the HCI_ADVERTISING flag is set or the device isn't powered or
8081 * there is no instance to be advertised then we have no HCI
8082 * communication to make. Simply return.
24b4f38f
AU		 8083 */
8084 if (!hdev_is_powered(hdev) ||
fffd38bc
FG		 8085 hci_dev_test_flag(hdev, HCI_ADVERTISING) ||
8086 !schedule_instance) {
8087 rp.instance = cp->instance;
24b4f38f
AU		 8088 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8089 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8090 goto unlock;
8091 }
8092
8093 /* We're good to go, update advertising data, parameters, and start
8094 * advertising.
8095 */
cba6b758 8096 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_ADVERTISING, hdev, data,
24b4f38f
AU		 8097 data_len);
8098 if (!cmd) {
8099 err = -ENOMEM;
8100 goto unlock;
8101 }
8102
cba6b758 8103 cp->instance = schedule_instance;
24b4f38f 8104
cba6b758
LAD		 8105 err = hci_cmd_sync_queue(hdev, add_advertising_sync, cmd,
8106 add_advertising_complete);
8107 if (err < 0)
8108 mgmt_pending_free(cmd);
24b4f38f
AU		 8109
8110unlock:
8111 hci_dev_unlock(hdev);
8112
8113 return err;
8114}
8115
cba6b758
LAD		 8116static void add_ext_adv_params_complete(struct hci_dev *hdev, void *data,
8117 int err)
12410572 8118{
cba6b758
LAD		 8119 struct mgmt_pending_cmd *cmd = data;
8120 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
12410572 8121 struct mgmt_rp_add_ext_adv_params rp;
cba6b758 8122 struct adv_info *adv;
12410572
DW		 8123 u32 flags;
8124
8125 BT_DBG("%s", hdev->name);
8126
8127 hci_dev_lock(hdev);
8128
cba6b758
LAD		 8129 adv = hci_find_adv_instance(hdev, cp->instance);
8130 if (!adv)
12410572
DW		 8131 goto unlock;
8132
8133 rp.instance = cp->instance;
cba6b758 8134 rp.tx_power = adv->tx_power;
12410572
DW		 8135
8136 /* While we're at it, inform userspace of the available space for this
8137 * advertisement, given the flags that will be used.
8138 */
8139 flags = __le32_to_cpu(cp->flags);
8140 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8141 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8142
cba6b758 8143 if (err) {
12410572
DW		 8144 /* If this advertisement was previously advertising and we
8145 * failed to update it, we signal that it has been removed and
8146 * delete its structure
8147 */
cba6b758 8148 if (!adv->pending)
12410572
DW		 8149 mgmt_advertising_removed(cmd->sk, hdev, cp->instance);
8150
8151 hci_remove_adv_instance(hdev, cp->instance);
8152
8153 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8154 mgmt_status(err));
12410572
DW		 8155 } else {
8156 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
cba6b758 8157 mgmt_status(err), &rp, sizeof(rp));
12410572
DW		 8158 }
8159
8160unlock:
8161 if (cmd)
cba6b758 8162 mgmt_pending_free(cmd);
12410572
DW		 8163
8164 hci_dev_unlock(hdev);
8165}
8166
cba6b758
LAD		 8167static int add_ext_adv_params_sync(struct hci_dev *hdev, void *data)
8168{
8169 struct mgmt_pending_cmd *cmd = data;
8170 struct mgmt_cp_add_ext_adv_params *cp = cmd->param;
8171
8172 return hci_setup_ext_adv_instance_sync(hdev, cp->instance);
8173}
8174
12410572
DW		 8175static int add_ext_adv_params(struct sock *sk, struct hci_dev *hdev,
8176 void *data, u16 data_len)
8177{
8178 struct mgmt_cp_add_ext_adv_params *cp = data;
8179 struct mgmt_rp_add_ext_adv_params rp;
8180 struct mgmt_pending_cmd *cmd = NULL;
12410572
DW		 8181 u32 flags, min_interval, max_interval;
8182 u16 timeout, duration;
8183 u8 status;
8184 s8 tx_power;
8185 int err;
8186
8187 BT_DBG("%s", hdev->name);
8188
8189 status = mgmt_le_support(hdev);
8190 if (status)
8191 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8192 status);
8193
8194 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
8195 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8196 MGMT_STATUS_INVALID_PARAMS);
8197
8198 /* The purpose of breaking add_advertising into two separate MGMT calls
8199 * for params and data is to allow more parameters to be added to this
8200 * structure in the future. For this reason, we verify that we have the
8201 * bare minimum structure we know of when the interface was defined. Any
8202 * extra parameters we don't know about will be ignored in this request.
8203 */
8204 if (data_len < MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE)
8205 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_ADVERTISING,
8206 MGMT_STATUS_INVALID_PARAMS);
8207
8208 flags = __le32_to_cpu(cp->flags);
8209
8210 if (!requested_adv_flags_are_valid(hdev, flags))
8211 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8212 MGMT_STATUS_INVALID_PARAMS);
8213
8214 hci_dev_lock(hdev);
8215
8216 /* In new interface, we require that we are powered to register */
8217 if (!hdev_is_powered(hdev)) {
8218 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8219 MGMT_STATUS_REJECTED);
8220 goto unlock;
8221 }
8222
8223 if (adv_busy(hdev)) {
8224 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8225 MGMT_STATUS_BUSY);
8226 goto unlock;
8227 }
8228
8229 /* Parse defined parameters from request, use defaults otherwise */
8230 timeout = (flags & MGMT_ADV_PARAM_TIMEOUT) ?
8231 __le16_to_cpu(cp->timeout) : 0;
8232
8233 duration = (flags & MGMT_ADV_PARAM_DURATION) ?
8234 __le16_to_cpu(cp->duration) :
8235 hdev->def_multi_adv_rotation_duration;
8236
8237 min_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8238 __le32_to_cpu(cp->min_interval) :
8239 hdev->le_adv_min_interval;
8240
8241 max_interval = (flags & MGMT_ADV_PARAM_INTERVALS) ?
8242 __le32_to_cpu(cp->max_interval) :
8243 hdev->le_adv_max_interval;
8244
8245 tx_power = (flags & MGMT_ADV_PARAM_TX_POWER) ?
8246 cp->tx_power :
8247 HCI_ADV_TX_POWER_NO_PREFERENCE;
8248
8249 /* Create advertising instance with no advertising or response data */
8250 err = hci_add_adv_instance(hdev, cp->instance, flags,
9bf9f4b6
DW		 8251 0, NULL, 0, NULL, timeout, duration,
8252 tx_power, min_interval, max_interval);
12410572
DW		 8253
8254 if (err < 0) {
8255 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_PARAMS,
8256 MGMT_STATUS_FAILED);
8257 goto unlock;
8258 }
8259
12410572
DW		 8260 /* Submit request for advertising params if ext adv available */
8261 if (ext_adv_capable(hdev)) {
cba6b758
LAD		 8262 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_PARAMS, hdev,
8263 data, data_len);
12410572
DW		 8264 if (!cmd) {
8265 err = -ENOMEM;
8266 hci_remove_adv_instance(hdev, cp->instance);
8267 goto unlock;
8268 }
8269
cba6b758
LAD		 8270 err = hci_cmd_sync_queue(hdev, add_ext_adv_params_sync, cmd,
8271 add_ext_adv_params_complete);
8272 if (err < 0)
8273 mgmt_pending_free(cmd);
12410572
DW		 8274 } else {
8275 rp.instance = cp->instance;
8276 rp.tx_power = HCI_ADV_TX_POWER_NO_PREFERENCE;
8277 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8278 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
8279 err = mgmt_cmd_complete(sk, hdev->id,
8280 MGMT_OP_ADD_EXT_ADV_PARAMS,
8281 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8282 }
8283
8284unlock:
8285 hci_dev_unlock(hdev);
8286
8287 return err;
8288}
8289
cba6b758
LAD		 8290static void add_ext_adv_data_complete(struct hci_dev *hdev, void *data, int err)
8291{
8292 struct mgmt_pending_cmd *cmd = data;
8293 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8294 struct mgmt_rp_add_advertising rp;
8295
8296 add_adv_complete(hdev, cmd->sk, cp->instance, err);
8297
8298 memset(&rp, 0, sizeof(rp));
8299
8300 rp.instance = cp->instance;
8301
8302 if (err)
8303 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8304 mgmt_status(err));
8305 else
8306 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8307 mgmt_status(err), &rp, sizeof(rp));
8308
8309 mgmt_pending_free(cmd);
8310}
8311
8312static int add_ext_adv_data_sync(struct hci_dev *hdev, void *data)
8313{
8314 struct mgmt_pending_cmd *cmd = data;
8315 struct mgmt_cp_add_ext_adv_data *cp = cmd->param;
8316 int err;
8317
8318 if (ext_adv_capable(hdev)) {
8319 err = hci_update_adv_data_sync(hdev, cp->instance);
8320 if (err)
8321 return err;
8322
8323 err = hci_update_scan_rsp_data_sync(hdev, cp->instance);
8324 if (err)
8325 return err;
8326
8327 return hci_enable_ext_advertising_sync(hdev, cp->instance);
8328 }
8329
8330 return hci_schedule_adv_instance_sync(hdev, cp->instance, true);
8331}
8332
12410572
DW		 8333static int add_ext_adv_data(struct sock *sk, struct hci_dev *hdev, void *data,
8334 u16 data_len)
8335{
8336 struct mgmt_cp_add_ext_adv_data *cp = data;
8337 struct mgmt_rp_add_ext_adv_data rp;
8338 u8 schedule_instance = 0;
8339 struct adv_info *next_instance;
8340 struct adv_info *adv_instance;
8341 int err = 0;
8342 struct mgmt_pending_cmd *cmd;
12410572
DW		 8343
8344 BT_DBG("%s", hdev->name);
8345
8346 hci_dev_lock(hdev);
8347
8348 adv_instance = hci_find_adv_instance(hdev, cp->instance);
8349
8350 if (!adv_instance) {
8351 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8352 MGMT_STATUS_INVALID_PARAMS);
8353 goto unlock;
8354 }
8355
8356 /* In new interface, we require that we are powered to register */
8357 if (!hdev_is_powered(hdev)) {
8358 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8359 MGMT_STATUS_REJECTED);
8360 goto clear_new_instance;
8361 }
8362
8363 if (adv_busy(hdev)) {
8364 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8365 MGMT_STATUS_BUSY);
8366 goto clear_new_instance;
8367 }
8368
8369 /* Validate new data */
8370 if (!tlv_data_is_valid(hdev, adv_instance->flags, cp->data,
8371 cp->adv_data_len, true) ||
8372 !tlv_data_is_valid(hdev, adv_instance->flags, cp->data +
8373 cp->adv_data_len, cp->scan_rsp_len, false)) {
8374 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8375 MGMT_STATUS_INVALID_PARAMS);
8376 goto clear_new_instance;
8377 }
8378
8379 /* Set the data in the advertising instance */
8380 hci_set_adv_instance_data(hdev, cp->instance, cp->adv_data_len,
8381 cp->data, cp->scan_rsp_len,
8382 cp->data + cp->adv_data_len);
8383
cba6b758
LAD		 8384 /* If using software rotation, determine next instance to use */
8385 if (hdev->cur_adv_instance == cp->instance) {
8386 /* If the currently advertised instance is being changed
8387 * then cancel the current advertising and schedule the
8388 * next instance. If there is only one instance then the
8389 * overridden advertising data will be visible right
8390 * away
8391 */
8392 cancel_adv_timeout(hdev);
12410572 8393
cba6b758
LAD		 8394 next_instance = hci_get_next_instance(hdev, cp->instance);
8395 if (next_instance)
8396 schedule_instance = next_instance->instance;
8397 } else if (!hdev->adv_instance_timeout) {
8398 /* Immediately advertise the new instance if no other
8399 * instance is currently being advertised.
12410572 8400 */
cba6b758
LAD		 8401 schedule_instance = cp->instance;
8402 }
12410572 8403
cba6b758
LAD		 8404 /* If the HCI_ADVERTISING flag is set or there is no instance to
8405 * be advertised then we have no HCI communication to make.
8406 * Simply return.
8407 */
8408 if (hci_dev_test_flag(hdev, HCI_ADVERTISING) || !schedule_instance) {
8409 if (adv_instance->pending) {
8410 mgmt_advertising_added(sk, hdev, cp->instance);
8411 adv_instance->pending = false;
8412 }
8413 rp.instance = cp->instance;
8414 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_ADD_EXT_ADV_DATA,
8415 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8416 goto unlock;
12410572
DW		 8417 }
8418
cba6b758 8419 cmd = mgmt_pending_new(sk, MGMT_OP_ADD_EXT_ADV_DATA, hdev, data,
12410572
DW		 8420 data_len);
8421 if (!cmd) {
8422 err = -ENOMEM;
8423 goto clear_new_instance;
8424 }
8425
cba6b758
LAD		 8426 err = hci_cmd_sync_queue(hdev, add_ext_adv_data_sync, cmd,
8427 add_ext_adv_data_complete);
12410572 8428 if (err < 0) {
cba6b758 8429 mgmt_pending_free(cmd);
12410572
DW		 8430 goto clear_new_instance;
8431 }
8432
8433 /* We were successful in updating data, so trigger advertising_added
8434 * event if this is an instance that wasn't previously advertising. If
8435 * a failure occurs in the requests we initiated, we will remove the
8436 * instance again in add_advertising_complete
8437 */
8438 if (adv_instance->pending)
8439 mgmt_advertising_added(sk, hdev, cp->instance);
8440
8441 goto unlock;
8442
8443clear_new_instance:
8444 hci_remove_adv_instance(hdev, cp->instance);
8445
8446unlock:
8447 hci_dev_unlock(hdev);
8448
8449 return err;
8450}
8451
cba6b758
LAD		 8452static void remove_advertising_complete(struct hci_dev *hdev, void *data,
8453 int err)
da929335 8454{
cba6b758
LAD		 8455 struct mgmt_pending_cmd *cmd = data;
8456 struct mgmt_cp_remove_advertising *cp = cmd->param;
da929335
AU		 8457 struct mgmt_rp_remove_advertising rp;
8458
cba6b758 8459 bt_dev_dbg(hdev, "err %d", err);
da929335 8460
cba6b758
LAD		 8461 memset(&rp, 0, sizeof(rp));
8462 rp.instance = cp->instance;
da929335 8463
cba6b758
LAD		 8464 if (err)
8465 mgmt_cmd_status(cmd->sk, cmd->index, cmd->opcode,
8466 mgmt_status(err));
8467 else
8468 mgmt_cmd_complete(cmd->sk, cmd->index, cmd->opcode,
8469 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
da929335 8470
cba6b758
LAD		 8471 mgmt_pending_free(cmd);
8472}
da929335 8473
cba6b758
LAD		 8474static int remove_advertising_sync(struct hci_dev *hdev, void *data)
8475{
8476 struct mgmt_pending_cmd *cmd = data;
8477 struct mgmt_cp_remove_advertising *cp = cmd->param;
8478 int err;
da929335 8479
cba6b758
LAD		 8480 err = hci_remove_advertising_sync(hdev, cmd->sk, cp->instance, true);
8481 if (err)
8482 return err;
8483
8484 if (list_empty(&hdev->adv_instances))
8485 err = hci_disable_advertising_sync(hdev);
8486
8487 return err;
da929335
AU		 8488}
8489
8490static int remove_advertising(struct sock *sk, struct hci_dev *hdev,
8491 void *data, u16 data_len)
8492{
8493 struct mgmt_cp_remove_advertising *cp = data;
da929335 8494 struct mgmt_pending_cmd *cmd;
952497b1 8495 int err;
da929335 8496
181d6953 8497 bt_dev_dbg(hdev, "sock %p", sk);
da929335 8498
da929335
AU		 8499 hci_dev_lock(hdev);
8500
952497b1 8501 if (cp->instance && !hci_find_adv_instance(hdev, cp->instance)) {
01948331
FG		 8502 err = mgmt_cmd_status(sk, hdev->id,
8503 MGMT_OP_REMOVE_ADVERTISING,
8504 MGMT_STATUS_INVALID_PARAMS);
8505 goto unlock;
8506 }
8507
da929335
AU		 8508 if (pending_find(MGMT_OP_ADD_ADVERTISING, hdev) ||
8509 pending_find(MGMT_OP_REMOVE_ADVERTISING, hdev) ||
8510 pending_find(MGMT_OP_SET_LE, hdev)) {
8511 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8512 MGMT_STATUS_BUSY);
8513 goto unlock;
8514 }
8515
17fd08ff 8516 if (list_empty(&hdev->adv_instances)) {
da929335
AU		 8517 err = mgmt_cmd_status(sk, hdev->id, MGMT_OP_REMOVE_ADVERTISING,
8518 MGMT_STATUS_INVALID_PARAMS);
8519 goto unlock;
8520 }
8521
cba6b758 8522 cmd = mgmt_pending_new(sk, MGMT_OP_REMOVE_ADVERTISING, hdev, data,
da929335
AU		 8523 data_len);
8524 if (!cmd) {
8525 err = -ENOMEM;
8526 goto unlock;
8527 }
8528
cba6b758
LAD		 8529 err = hci_cmd_sync_queue(hdev, remove_advertising_sync, cmd,
8530 remove_advertising_complete);
da929335 8531 if (err < 0)
cba6b758 8532 mgmt_pending_free(cmd);
da929335
AU		 8533
8534unlock:
8535 hci_dev_unlock(hdev);
8536
8537 return err;
8538}
8539
40b25fe5
MH		 8540static int get_adv_size_info(struct sock *sk, struct hci_dev *hdev,
8541 void *data, u16 data_len)
8542{
8543 struct mgmt_cp_get_adv_size_info *cp = data;
8544 struct mgmt_rp_get_adv_size_info rp;
8545 u32 flags, supported_flags;
8546 int err;
8547
181d6953 8548 bt_dev_dbg(hdev, "sock %p", sk);
40b25fe5
MH		 8549
8550 if (!lmp_le_capable(hdev))
8551 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8552 MGMT_STATUS_REJECTED);
8553
87597482 8554 if (cp->instance < 1 || cp->instance > hdev->le_num_of_adv_sets)
40b25fe5
MH		 8555 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8556 MGMT_STATUS_INVALID_PARAMS);
8557
8558 flags = __le32_to_cpu(cp->flags);
8559
8560 /* The current implementation only supports a subset of the specified
8561 * flags.
8562 */
8563 supported_flags = get_supported_adv_flags(hdev);
8564 if (flags & ~supported_flags)
8565 return mgmt_cmd_status(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8566 MGMT_STATUS_INVALID_PARAMS);
8567
8568 rp.instance = cp->instance;
8569 rp.flags = cp->flags;
f61851f6
MN		 8570 rp.max_adv_data_len = tlv_data_max_len(hdev, flags, true);
8571 rp.max_scan_rsp_len = tlv_data_max_len(hdev, flags, false);
40b25fe5
MH		 8572
8573 err = mgmt_cmd_complete(sk, hdev->id, MGMT_OP_GET_ADV_SIZE_INFO,
8574 MGMT_STATUS_SUCCESS, &rp, sizeof(rp));
8575
8576 return err;
8577}
8578
6d785aa3 8579static const struct hci_mgmt_handler mgmt_handlers[] = {
0f4e68cf 8580 { NULL }, /* 0x0000 (no command) */
b9a245fb 8581 { read_version, MGMT_READ_VERSION_SIZE,
c91041dc
MH		 8582 HCI_MGMT_NO_HDEV |
8583 HCI_MGMT_UNTRUSTED },
b9a245fb 8584 { read_commands, MGMT_READ_COMMANDS_SIZE,
c91041dc
MH		 8585 HCI_MGMT_NO_HDEV |
8586 HCI_MGMT_UNTRUSTED },
b9a245fb 8587 { read_index_list, MGMT_READ_INDEX_LIST_SIZE,
c91041dc
MH		 8588 HCI_MGMT_NO_HDEV |
8589 HCI_MGMT_UNTRUSTED },
8590 { read_controller_info, MGMT_READ_INFO_SIZE,
8591 HCI_MGMT_UNTRUSTED },
7aea8616
MH		 8592 { set_powered, MGMT_SETTING_SIZE },
8593 { set_discoverable, MGMT_SET_DISCOVERABLE_SIZE },
8594 { set_connectable, MGMT_SETTING_SIZE },
8595 { set_fast_connectable, MGMT_SETTING_SIZE },
8596 { set_bondable, MGMT_SETTING_SIZE },
8597 { set_link_security, MGMT_SETTING_SIZE },
8598 { set_ssp, MGMT_SETTING_SIZE },
8599 { set_hs, MGMT_SETTING_SIZE },
8600 { set_le, MGMT_SETTING_SIZE },
8601 { set_dev_class, MGMT_SET_DEV_CLASS_SIZE },
8602 { set_local_name, MGMT_SET_LOCAL_NAME_SIZE },
8603 { add_uuid, MGMT_ADD_UUID_SIZE },
8604 { remove_uuid, MGMT_REMOVE_UUID_SIZE },
b9a245fb
JH		 8605 { load_link_keys, MGMT_LOAD_LINK_KEYS_SIZE,
8606 HCI_MGMT_VAR_LEN },
8607 { load_long_term_keys, MGMT_LOAD_LONG_TERM_KEYS_SIZE,
8608 HCI_MGMT_VAR_LEN },
7aea8616
MH		 8609 { disconnect, MGMT_DISCONNECT_SIZE },
8610 { get_connections, MGMT_GET_CONNECTIONS_SIZE },
8611 { pin_code_reply, MGMT_PIN_CODE_REPLY_SIZE },
8612 { pin_code_neg_reply, MGMT_PIN_CODE_NEG_REPLY_SIZE },
8613 { set_io_capability, MGMT_SET_IO_CAPABILITY_SIZE },
8614 { pair_device, MGMT_PAIR_DEVICE_SIZE },
8615 { cancel_pair_device, MGMT_CANCEL_PAIR_DEVICE_SIZE },
8616 { unpair_device, MGMT_UNPAIR_DEVICE_SIZE },
8617 { user_confirm_reply, MGMT_USER_CONFIRM_REPLY_SIZE },
8618 { user_confirm_neg_reply, MGMT_USER_CONFIRM_NEG_REPLY_SIZE },
8619 { user_passkey_reply, MGMT_USER_PASSKEY_REPLY_SIZE },
8620 { user_passkey_neg_reply, MGMT_USER_PASSKEY_NEG_REPLY_SIZE },
b9a245fb
JH		 8621 { read_local_oob_data, MGMT_READ_LOCAL_OOB_DATA_SIZE },
8622 { add_remote_oob_data, MGMT_ADD_REMOTE_OOB_DATA_SIZE,
8623 HCI_MGMT_VAR_LEN },
7aea8616
MH		 8624 { remove_remote_oob_data, MGMT_REMOVE_REMOTE_OOB_DATA_SIZE },
8625 { start_discovery, MGMT_START_DISCOVERY_SIZE },
8626 { stop_discovery, MGMT_STOP_DISCOVERY_SIZE },
8627 { confirm_name, MGMT_CONFIRM_NAME_SIZE },
8628 { block_device, MGMT_BLOCK_DEVICE_SIZE },
8629 { unblock_device, MGMT_UNBLOCK_DEVICE_SIZE },
8630 { set_device_id, MGMT_SET_DEVICE_ID_SIZE },
8631 { set_advertising, MGMT_SETTING_SIZE },
8632 { set_bredr, MGMT_SETTING_SIZE },
8633 { set_static_address, MGMT_SET_STATIC_ADDRESS_SIZE },
8634 { set_scan_params, MGMT_SET_SCAN_PARAMS_SIZE },
8635 { set_secure_conn, MGMT_SETTING_SIZE },
8636 { set_debug_keys, MGMT_SETTING_SIZE },
8637 { set_privacy, MGMT_SET_PRIVACY_SIZE },
b9a245fb
JH		 8638 { load_irks, MGMT_LOAD_IRKS_SIZE,
8639 HCI_MGMT_VAR_LEN },
7aea8616
MH		 8640 { get_conn_info, MGMT_GET_CONN_INFO_SIZE },
8641 { get_clock_info, MGMT_GET_CLOCK_INFO_SIZE },
8642 { add_device, MGMT_ADD_DEVICE_SIZE },
8643 { remove_device, MGMT_REMOVE_DEVICE_SIZE },
b9a245fb
JH		 8644 { load_conn_param, MGMT_LOAD_CONN_PARAM_SIZE,
8645 HCI_MGMT_VAR_LEN },
8646 { read_unconf_index_list, MGMT_READ_UNCONF_INDEX_LIST_SIZE,
c91041dc
MH		 8647 HCI_MGMT_NO_HDEV |
8648 HCI_MGMT_UNTRUSTED },
b9a245fb 8649 { read_config_info, MGMT_READ_CONFIG_INFO_SIZE,
c91041dc
MH		 8650 HCI_MGMT_UNCONFIGURED |
8651 HCI_MGMT_UNTRUSTED },
b9a245fb
JH		 8652 { set_external_config, MGMT_SET_EXTERNAL_CONFIG_SIZE,
8653 HCI_MGMT_UNCONFIGURED },
8654 { set_public_address, MGMT_SET_PUBLIC_ADDRESS_SIZE,
8655 HCI_MGMT_UNCONFIGURED },
8656 { start_service_discovery, MGMT_START_SERVICE_DISCOVERY_SIZE,
8657 HCI_MGMT_VAR_LEN },
4f0f155c 8658 { read_local_oob_ext_data, MGMT_READ_LOCAL_OOB_EXT_DATA_SIZE },
96f1474a 8659 { read_ext_index_list, MGMT_READ_EXT_INDEX_LIST_SIZE,
c91041dc
MH		 8660 HCI_MGMT_NO_HDEV |
8661 HCI_MGMT_UNTRUSTED },
d3d5305b 8662 { read_adv_features, MGMT_READ_ADV_FEATURES_SIZE },
24b4f38f
AU		 8663 { add_advertising, MGMT_ADD_ADVERTISING_SIZE,
8664 HCI_MGMT_VAR_LEN },
da929335 8665 { remove_advertising, MGMT_REMOVE_ADVERTISING_SIZE },
40b25fe5 8666 { get_adv_size_info, MGMT_GET_ADV_SIZE_INFO_SIZE },
78b781ca 8667 { start_limited_discovery, MGMT_START_DISCOVERY_SIZE },
321c6fee
MH		 8668 { read_ext_controller_info,MGMT_READ_EXT_INFO_SIZE,
8669 HCI_MGMT_UNTRUSTED },
c4960ecf 8670 { set_appearance, MGMT_SET_APPEARANCE_SIZE },
6244691f 8671 { get_phy_configuration, MGMT_GET_PHY_CONFIGURATION_SIZE },
0314f286 8672 { set_phy_configuration, MGMT_SET_PHY_CONFIGURATION_SIZE },
600a8749
AM		 8673 { set_blocked_keys, MGMT_OP_SET_BLOCKED_KEYS_SIZE,
8674 HCI_MGMT_VAR_LEN },
00bce3fb 8675 { set_wideband_speech, MGMT_SETTING_SIZE },
4d9b9528 8676 { read_controller_cap, MGMT_READ_CONTROLLER_CAP_SIZE,
bc292258 8677 HCI_MGMT_UNTRUSTED },
a10c907c
MH		 8678 { read_exp_features_info, MGMT_READ_EXP_FEATURES_INFO_SIZE,
8679 HCI_MGMT_UNTRUSTED |
8680 HCI_MGMT_HDEV_OPTIONAL },
8681 { set_exp_feature, MGMT_SET_EXP_FEATURE_SIZE,
8682 HCI_MGMT_VAR_LEN |
8683 HCI_MGMT_HDEV_OPTIONAL },
17896406
AM		 8684 { read_def_system_config, MGMT_READ_DEF_SYSTEM_CONFIG_SIZE,
8685 HCI_MGMT_UNTRUSTED },
8686 { set_def_system_config, MGMT_SET_DEF_SYSTEM_CONFIG_SIZE,
8687 HCI_MGMT_VAR_LEN },
aececa64
MH		 8688 { read_def_runtime_config, MGMT_READ_DEF_RUNTIME_CONFIG_SIZE,
8689 HCI_MGMT_UNTRUSTED },
8690 { set_def_runtime_config, MGMT_SET_DEF_RUNTIME_CONFIG_SIZE,
8691 HCI_MGMT_VAR_LEN },
4c54bf2b
APS		 8692 { get_device_flags, MGMT_GET_DEVICE_FLAGS_SIZE },
8693 { set_device_flags, MGMT_SET_DEVICE_FLAGS_SIZE },
e5e1e7fd 8694 { read_adv_mon_features, MGMT_READ_ADV_MONITOR_FEATURES_SIZE },
b139553d
MC		 8695 { add_adv_patterns_monitor,MGMT_ADD_ADV_PATTERNS_MONITOR_SIZE,
8696 HCI_MGMT_VAR_LEN },
bd2fbc6c 8697 { remove_adv_monitor, MGMT_REMOVE_ADV_MONITOR_SIZE },
12410572
DW		 8698 { add_ext_adv_params, MGMT_ADD_EXT_ADV_PARAMS_MIN_SIZE,
8699 HCI_MGMT_VAR_LEN },
8700 { add_ext_adv_data, MGMT_ADD_EXT_ADV_DATA_SIZE,
8701 HCI_MGMT_VAR_LEN },
b4a221ea
AP		 8702 { add_adv_patterns_monitor_rssi,
8703 MGMT_ADD_ADV_PATTERNS_MONITOR_RSSI_SIZE,
8704 HCI_MGMT_VAR_LEN },
0f4e68cf
JH		 8705};
8706
bf6b56db 8707void mgmt_index_added(struct hci_dev *hdev)
c71e97bf 8708{
ced85549 8709 struct mgmt_ev_ext_index ev;
bb4b2a9a 8710
0602a8ad
MH		 8711 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8712 return;
8713
f9207338 8714 switch (hdev->dev_type) {
ca8bee5d 8715 case HCI_PRIMARY:
f9207338
MH		 8716 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8717 mgmt_index_event(MGMT_EV_UNCONF_INDEX_ADDED, hdev,
8718 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 8719 ev.type = 0x01;
f9207338
MH		 8720 } else {
8721 mgmt_index_event(MGMT_EV_INDEX_ADDED, hdev, NULL, 0,
8722 HCI_MGMT_INDEX_EVENTS);
ced85549 8723 ev.type = 0x00;
f9207338
MH		 8724 }
8725 break;
ced85549
MH		 8726 case HCI_AMP:
8727 ev.type = 0x02;
8728 break;
8729 default:
8730 return;
f9207338 8731 }
ced85549
MH		 8732
8733 ev.bus = hdev->bus;
8734
8735 mgmt_index_event(MGMT_EV_EXT_INDEX_ADDED, hdev, &ev, sizeof(ev),
8736 HCI_MGMT_EXT_INDEX_EVENTS);
c71e97bf
JH		 8737}
8738
bf6b56db 8739void mgmt_index_removed(struct hci_dev *hdev)
c71e97bf 8740{
ced85549 8741 struct mgmt_ev_ext_index ev;
5f159032 8742 u8 status = MGMT_STATUS_INVALID_INDEX;
b24752fe 8743
0602a8ad
MH		 8744 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
8745 return;
8746
f9207338 8747 switch (hdev->dev_type) {
ca8bee5d 8748 case HCI_PRIMARY:
f9207338 8749 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
b24752fe 8750
f9207338
MH		 8751 if (hci_dev_test_flag(hdev, HCI_UNCONFIGURED)) {
8752 mgmt_index_event(MGMT_EV_UNCONF_INDEX_REMOVED, hdev,
8753 NULL, 0, HCI_MGMT_UNCONF_INDEX_EVENTS);
ced85549 8754 ev.type = 0x01;
f9207338
MH		 8755 } else {
8756 mgmt_index_event(MGMT_EV_INDEX_REMOVED, hdev, NULL, 0,
8757 HCI_MGMT_INDEX_EVENTS);
ced85549 8758 ev.type = 0x00;
f9207338
MH		 8759 }
8760 break;
ced85549
MH		 8761 case HCI_AMP:
8762 ev.type = 0x02;
8763 break;
8764 default:
8765 return;
f9207338 8766 }
ced85549
MH		 8767
8768 ev.bus = hdev->bus;
8769
8770 mgmt_index_event(MGMT_EV_EXT_INDEX_REMOVED, hdev, &ev, sizeof(ev),
8771 HCI_MGMT_EXT_INDEX_EVENTS);
eec8d2bc
JH		 8772}
8773
2ff13894 8774void mgmt_power_on(struct hci_dev *hdev, int err)
229ab39c
JH		 8775{
8776 struct cmd_lookup match = { NULL, hdev };
8777
181d6953 8778 bt_dev_dbg(hdev, "err %d", err);
229ab39c 8779
2ff13894
JH		 8780 hci_dev_lock(hdev);
8781
8782 if (!err) {
af02dd44 8783 restart_le_actions(hdev);
ad383c2c 8784 hci_update_passive_scan(hdev);
162a3bac
MH		 8785 }
8786
229ab39c
JH		 8787 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
8788
8789 new_settings(hdev, match.sk);
8790
229ab39c
JH		 8791 if (match.sk)
8792 sock_put(match.sk);
229ab39c 8793
2ff13894 8794 hci_dev_unlock(hdev);
70da6243 8795}
562fcc24 8796
2ff13894 8797void __mgmt_power_off(struct hci_dev *hdev)
70da6243
JH		 8798{
8799 struct cmd_lookup match = { NULL, hdev };
9845904f 8800 u8 status, zero_cod[] = { 0, 0, 0 };
b24752fe 8801
229ab39c 8802 mgmt_pending_foreach(MGMT_OP_SET_POWERED, hdev, settings_rsp, &match);
9845904f
JH		 8803
8804 /* If the power off is because of hdev unregistration let
8805 * use the appropriate INVALID_INDEX status. Otherwise use
8806 * NOT_POWERED. We cover both scenarios here since later in
8807 * mgmt_index_removed() any hci_conn callbacks will have already
8808 * been triggered, potentially causing misleading DISCONNECTED
8809 * status responses.
8810 */
d7a5a11d 8811 if (hci_dev_test_flag(hdev, HCI_UNREGISTER))
9845904f
JH		 8812 status = MGMT_STATUS_INVALID_INDEX;
8813 else
8814 status = MGMT_STATUS_NOT_POWERED;
8815
8816 mgmt_pending_foreach(0, hdev, cmd_complete_rsp, &status);
229ab39c 8817
321c6fee 8818 if (memcmp(hdev->dev_class, zero_cod, sizeof(zero_cod)) != 0) {
5504c3a3
MH		 8819 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev,
8820 zero_cod, sizeof(zero_cod),
8821 HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 8822 ext_info_changed(hdev, NULL);
8823 }
229ab39c 8824
2ff13894 8825 new_settings(hdev, match.sk);
eec8d2bc
JH		 8826
8827 if (match.sk)
8828 sock_put(match.sk);
5add6af8 8829}
73f22f62 8830
3eec705e 8831void mgmt_set_powered_failed(struct hci_dev *hdev, int err)
96570ffc 8832{
3b0602cd 8833 struct mgmt_pending_cmd *cmd;
96570ffc
JH		 8834 u8 status;
8835
333ae95d 8836 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
96570ffc 8837 if (!cmd)
3eec705e 8838 return;
96570ffc
JH		 8839
8840 if (err == -ERFKILL)
8841 status = MGMT_STATUS_RFKILLED;
8842 else
8843 status = MGMT_STATUS_FAILED;
8844
a69e8375 8845 mgmt_cmd_status(cmd->sk, hdev->id, MGMT_OP_SET_POWERED, status);
96570ffc
JH		 8846
8847 mgmt_pending_remove(cmd);
96570ffc
JH		 8848}
8849
dc4a5ee2
MH		 8850void mgmt_new_link_key(struct hci_dev *hdev, struct link_key *key,
8851 bool persistent)
55ed8ca1 8852{
86742e1e 8853 struct mgmt_ev_new_link_key ev;
55ed8ca1 8854
a492cd52 8855 memset(&ev, 0, sizeof(ev));
55ed8ca1 8856
a492cd52 8857 ev.store_hint = persistent;
d753fdc4 8858 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
591f47f3 8859 ev.key.addr.type = BDADDR_BREDR;
a492cd52 8860 ev.key.type = key->type;
9b3b4460 8861 memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE);
a492cd52 8862 ev.key.pin_len = key->pin_len;
55ed8ca1 8863
dc4a5ee2 8864 mgmt_event(MGMT_EV_NEW_LINK_KEY, hdev, &ev, sizeof(ev), NULL);
55ed8ca1 8865}
f7520543 8866
d7b25450
JH		 8867static u8 mgmt_ltk_type(struct smp_ltk *ltk)
8868{
23fb8de3
JH		 8869 switch (ltk->type) {
8870 case SMP_LTK:
fad646e1 8871 case SMP_LTK_RESPONDER:
23fb8de3
JH		 8872 if (ltk->authenticated)
8873 return MGMT_LTK_AUTHENTICATED;
8874 return MGMT_LTK_UNAUTHENTICATED;
8875 case SMP_LTK_P256:
8876 if (ltk->authenticated)
8877 return MGMT_LTK_P256_AUTH;
8878 return MGMT_LTK_P256_UNAUTH;
8879 case SMP_LTK_P256_DEBUG:
8880 return MGMT_LTK_P256_DEBUG;
8881 }
d7b25450
JH		 8882
8883 return MGMT_LTK_UNAUTHENTICATED;
8884}
8885
53ac6ab6 8886void mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, bool persistent)
346af67b
VCG		 8887{
8888 struct mgmt_ev_new_long_term_key ev;
8889
8890 memset(&ev, 0, sizeof(ev));
8891
5192d301 8892 /* Devices using resolvable or non-resolvable random addresses
f72186d2 8893 * without providing an identity resolving key don't require
5192d301
MH		 8894 * to store long term keys. Their addresses will change the
8895 * next time around.
8896 *
8897 * Only when a remote device provides an identity address
8898 * make sure the long term key is stored. If the remote
8899 * identity is known, the long term keys are internally
8900 * mapped to the identity address. So allow static random
8901 * and public addresses here.
8902 */
ba74b666
JH		 8903 if (key->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8904 (key->bdaddr.b[5] & 0xc0) != 0xc0)
8905 ev.store_hint = 0x00;
8906 else
53ac6ab6 8907 ev.store_hint = persistent;
ba74b666 8908
346af67b 8909 bacpy(&ev.key.addr.bdaddr, &key->bdaddr);
57c1477c 8910 ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type);
d7b25450 8911 ev.key.type = mgmt_ltk_type(key);
346af67b
VCG		 8912 ev.key.enc_size = key->enc_size;
8913 ev.key.ediv = key->ediv;
fe39c7b2 8914 ev.key.rand = key->rand;
346af67b 8915
2ceba539 8916 if (key->type == SMP_LTK)
fad646e1 8917 ev.key.initiator = 1;
346af67b 8918
1fc62c52
JH		 8919 /* Make sure we copy only the significant bytes based on the
8920 * encryption key size, and set the rest of the value to zeroes.
8921 */
cb92205b 8922 memcpy(ev.key.val, key->val, key->enc_size);
1fc62c52
JH		 8923 memset(ev.key.val + key->enc_size, 0,
8924 sizeof(ev.key.val) - key->enc_size);
346af67b 8925
083368f7 8926 mgmt_event(MGMT_EV_NEW_LONG_TERM_KEY, hdev, &ev, sizeof(ev), NULL);
346af67b
VCG		 8927}
8928
cad20c27 8929void mgmt_new_irk(struct hci_dev *hdev, struct smp_irk *irk, bool persistent)
95fbac8a
JH		 8930{
8931 struct mgmt_ev_new_irk ev;
8932
8933 memset(&ev, 0, sizeof(ev));
8934
cad20c27 8935 ev.store_hint = persistent;
bab6d1e5 8936
95fbac8a
JH		 8937 bacpy(&ev.rpa, &irk->rpa);
8938 bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr);
8939 ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type);
8940 memcpy(ev.irk.val, irk->val, sizeof(irk->val));
8941
8942 mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL);
8943}
8944
53ac6ab6
MH		 8945void mgmt_new_csrk(struct hci_dev *hdev, struct smp_csrk *csrk,
8946 bool persistent)
7ee4ea36
MH		 8947{
8948 struct mgmt_ev_new_csrk ev;
8949
8950 memset(&ev, 0, sizeof(ev));
8951
8952 /* Devices using resolvable or non-resolvable random addresses
f72186d2 8953 * without providing an identity resolving key don't require
7ee4ea36
MH		 8954 * to store signature resolving keys. Their addresses will change
8955 * the next time around.
8956 *
8957 * Only when a remote device provides an identity address
8958 * make sure the signature resolving key is stored. So allow
8959 * static random and public addresses here.
8960 */
8961 if (csrk->bdaddr_type == ADDR_LE_DEV_RANDOM &&
8962 (csrk->bdaddr.b[5] & 0xc0) != 0xc0)
8963 ev.store_hint = 0x00;
8964 else
53ac6ab6 8965 ev.store_hint = persistent;
7ee4ea36
MH		 8966
8967 bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr);
8968 ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type);
4cd3928a 8969 ev.key.type = csrk->type;
7ee4ea36
MH		 8970 memcpy(ev.key.val, csrk->val, sizeof(csrk->val));
8971
8972 mgmt_event(MGMT_EV_NEW_CSRK, hdev, &ev, sizeof(ev), NULL);
8973}
8974
ffb5a827 8975void mgmt_new_conn_param(struct hci_dev *hdev, bdaddr_t *bdaddr,
f4869e2a
JH		 8976 u8 bdaddr_type, u8 store_hint, u16 min_interval,
8977 u16 max_interval, u16 latency, u16 timeout)
ffb5a827
AG		 8978{
8979 struct mgmt_ev_new_conn_param ev;
8980
c103aea6
JH		 8981 if (!hci_is_identity_address(bdaddr, bdaddr_type))
8982 return;
8983
ffb5a827
AG		 8984 memset(&ev, 0, sizeof(ev));
8985 bacpy(&ev.addr.bdaddr, bdaddr);
8986 ev.addr.type = link_to_bdaddr(LE_LINK, bdaddr_type);
f4869e2a 8987 ev.store_hint = store_hint;
ffb5a827
AG		 8988 ev.min_interval = cpu_to_le16(min_interval);
8989 ev.max_interval = cpu_to_le16(max_interval);
8990 ev.latency = cpu_to_le16(latency);
8991 ev.timeout = cpu_to_le16(timeout);
8992
8993 mgmt_event(MGMT_EV_NEW_CONN_PARAM, hdev, &ev, sizeof(ev), NULL);
8994}
8995
48ec92fa 8996void mgmt_device_connected(struct hci_dev *hdev, struct hci_conn *conn,
1c6ed31b 8997 u8 *name, u8 name_len)
f7520543 8998{
b644ba33
JH		 8999 char buf[512];
9000 struct mgmt_ev_device_connected *ev = (void *) buf;
9001 u16 eir_len = 0;
1c6ed31b 9002 u32 flags = 0;
f7520543 9003
48ec92fa
AA		 9004 bacpy(&ev->addr.bdaddr, &conn->dst);
9005 ev->addr.type = link_to_bdaddr(conn->type, conn->dst_type);
f7520543 9006
1c6ed31b
YL		 9007 if (conn->out)
9008 flags |= MGMT_DEV_FOUND_INITIATED_CONN;
9009
c95f0ba7 9010 ev->flags = __cpu_to_le32(flags);
08c79b61 9011
fd45ada9
AA		 9012 /* We must ensure that the EIR Data fields are ordered and
9013 * unique. Keep it simple for now and avoid the problem by not
9014 * adding any BR/EDR data to the LE adv.
9015 */
9016 if (conn->le_adv_data_len > 0) {
9017 memcpy(&ev->eir[eir_len],
9018 conn->le_adv_data, conn->le_adv_data_len);
9019 eir_len = conn->le_adv_data_len;
9020 } else {
9021 if (name_len > 0)
9022 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE,
9023 name, name_len);
b644ba33 9024
ddbea5cf 9025 if (memcmp(conn->dev_class, "\0\0\0", 3) != 0)
fd45ada9
AA		 9026 eir_len = eir_append_data(ev->eir, eir_len,
9027 EIR_CLASS_OF_DEV,
9028 conn->dev_class, 3);
9029 }
b644ba33 9030
eb55ef07 9031 ev->eir_len = cpu_to_le16(eir_len);
b644ba33 9032
ecd90ae7
MH		 9033 mgmt_event(MGMT_EV_DEVICE_CONNECTED, hdev, buf,
9034 sizeof(*ev) + eir_len, NULL);
f7520543
JH		 9035}
9036
3b0602cd 9037static void disconnect_rsp(struct mgmt_pending_cmd *cmd, void *data)
8962ee74 9038{
8962ee74 9039 struct sock **sk = data;
8962ee74 9040
f5818c22 9041 cmd->cmd_complete(cmd, 0);
8962ee74
JH		 9042
9043 *sk = cmd->sk;
9044 sock_hold(*sk);
9045
a664b5bc 9046 mgmt_pending_remove(cmd);
8962ee74
JH		 9047}
9048
3b0602cd 9049static void unpair_device_rsp(struct mgmt_pending_cmd *cmd, void *data)
a8a1d19e 9050{
b1078ad0 9051 struct hci_dev *hdev = data;
124f6e35 9052 struct mgmt_cp_unpair_device *cp = cmd->param;
a8a1d19e 9053
b1078ad0
JH		 9054 device_unpaired(hdev, &cp->addr.bdaddr, cp->addr.type, cmd->sk);
9055
d8b7b1e4 9056 cmd->cmd_complete(cmd, 0);
a8a1d19e
JH		 9057 mgmt_pending_remove(cmd);
9058}
9059
84c61d92
JH		 9060bool mgmt_powering_down(struct hci_dev *hdev)
9061{
3b0602cd 9062 struct mgmt_pending_cmd *cmd;
84c61d92
JH		 9063 struct mgmt_mode *cp;
9064
333ae95d 9065 cmd = pending_find(MGMT_OP_SET_POWERED, hdev);
84c61d92
JH		 9066 if (!cmd)
9067 return false;
9068
9069 cp = cmd->param;
9070 if (!cp->val)
9071 return true;
9072
9073 return false;
9074}
9075
9b80ec5e 9076void mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
12d4a3b2
JH		 9077 u8 link_type, u8 addr_type, u8 reason,
9078 bool mgmt_connected)
f7520543 9079{
f0d6a0ea 9080 struct mgmt_ev_device_disconnected ev;
8962ee74 9081 struct sock *sk = NULL;
8962ee74 9082
84c61d92
JH		 9083 /* The connection is still in hci_conn_hash so test for 1
9084 * instead of 0 to know if this is the last one.
9085 */
9086 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9087 cancel_delayed_work(&hdev->power_off);
9088 queue_work(hdev->req_workqueue, &hdev->power_off.work);
8b064a3a
JH		 9089 }
9090
12d4a3b2
JH		 9091 if (!mgmt_connected)
9092 return;
9093
57eb776f
AG		 9094 if (link_type != ACL_LINK && link_type != LE_LINK)
9095 return;
9096
744cf19e 9097 mgmt_pending_foreach(MGMT_OP_DISCONNECT, hdev, disconnect_rsp, &sk);
f7520543 9098
f0d6a0ea
MA		 9099 bacpy(&ev.addr.bdaddr, bdaddr);
9100 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9101 ev.reason = reason;
f7520543 9102
f0cfc486
APS		 9103 /* Report disconnects due to suspend */
9104 if (hdev->suspended)
9105 ev.reason = MGMT_DEV_DISCONN_LOCAL_HOST_SUSPEND;
9106
9b80ec5e 9107 mgmt_event(MGMT_EV_DEVICE_DISCONNECTED, hdev, &ev, sizeof(ev), sk);
8962ee74
JH		 9108
9109 if (sk)
d97dcb66 9110 sock_put(sk);
8962ee74 9111
124f6e35 9112 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
04124681 9113 hdev);
8962ee74
JH		 9114}
9115
7892924c
MH		 9116void mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
9117 u8 link_type, u8 addr_type, u8 status)
8962ee74 9118{
3655bba8
AG		 9119 u8 bdaddr_type = link_to_bdaddr(link_type, addr_type);
9120 struct mgmt_cp_disconnect *cp;
3b0602cd 9121 struct mgmt_pending_cmd *cmd;
8962ee74 9122
36a75f1b
JD		 9123 mgmt_pending_foreach(MGMT_OP_UNPAIR_DEVICE, hdev, unpair_device_rsp,
9124 hdev);
9125
333ae95d 9126 cmd = pending_find(MGMT_OP_DISCONNECT, hdev);
8962ee74 9127 if (!cmd)
7892924c 9128 return;
8962ee74 9129
3655bba8
AG		 9130 cp = cmd->param;
9131
9132 if (bacmp(bdaddr, &cp->addr.bdaddr))
9133 return;
9134
9135 if (cp->addr.type != bdaddr_type)
9136 return;
9137
f5818c22 9138 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9139 mgmt_pending_remove(cmd);
f7520543 9140}
17d5c04c 9141
445608d0
MH		 9142void mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9143 u8 addr_type, u8 status)
17d5c04c
JH		 9144{
9145 struct mgmt_ev_connect_failed ev;
c9910d0f 9146
84c61d92
JH		 9147 /* The connection is still in hci_conn_hash so test for 1
9148 * instead of 0 to know if this is the last one.
9149 */
9150 if (mgmt_powering_down(hdev) && hci_conn_count(hdev) == 1) {
9151 cancel_delayed_work(&hdev->power_off);
9152 queue_work(hdev->req_workqueue, &hdev->power_off.work);
c9910d0f 9153 }
17d5c04c 9154
4c659c39 9155 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9156 ev.addr.type = link_to_bdaddr(link_type, addr_type);
ca69b795 9157 ev.status = mgmt_status(status);
17d5c04c 9158
445608d0 9159 mgmt_event(MGMT_EV_CONNECT_FAILED, hdev, &ev, sizeof(ev), NULL);
17d5c04c 9160}
980e1a53 9161
ce0e4a0d 9162void mgmt_pin_code_request(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 secure)
980e1a53
JH		 9163{
9164 struct mgmt_ev_pin_code_request ev;
9165
d8457698 9166 bacpy(&ev.addr.bdaddr, bdaddr);
591f47f3 9167 ev.addr.type = BDADDR_BREDR;
a770bb5a 9168 ev.secure = secure;
980e1a53 9169
ce0e4a0d 9170 mgmt_event(MGMT_EV_PIN_CODE_REQUEST, hdev, &ev, sizeof(ev), NULL);
980e1a53
JH		 9171}
9172
e669cf80
MH		 9173void mgmt_pin_code_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9174 u8 status)
980e1a53 9175{
3b0602cd 9176 struct mgmt_pending_cmd *cmd;
980e1a53 9177
333ae95d 9178 cmd = pending_find(MGMT_OP_PIN_CODE_REPLY, hdev);
980e1a53 9179 if (!cmd)
e669cf80 9180 return;
980e1a53 9181
7776d1d8 9182 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9183 mgmt_pending_remove(cmd);
980e1a53
JH		 9184}
9185
3eb38528
MH		 9186void mgmt_pin_code_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
9187 u8 status)
980e1a53 9188{
3b0602cd 9189 struct mgmt_pending_cmd *cmd;
980e1a53 9190
333ae95d 9191 cmd = pending_find(MGMT_OP_PIN_CODE_NEG_REPLY, hdev);
980e1a53 9192 if (!cmd)
3eb38528 9193 return;
980e1a53 9194
7776d1d8 9195 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9196 mgmt_pending_remove(cmd);
980e1a53 9197}
a5c29683 9198
744cf19e 9199int mgmt_user_confirm_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
39adbffe 9200 u8 link_type, u8 addr_type, u32 value,
04124681 9201 u8 confirm_hint)
a5c29683
JH		 9202{
9203 struct mgmt_ev_user_confirm_request ev;
9204
181d6953 9205 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
a5c29683 9206
272d90df 9207 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9208 ev.addr.type = link_to_bdaddr(link_type, addr_type);
55bc1a37 9209 ev.confirm_hint = confirm_hint;
39adbffe 9210 ev.value = cpu_to_le32(value);
a5c29683 9211
744cf19e 9212 return mgmt_event(MGMT_EV_USER_CONFIRM_REQUEST, hdev, &ev, sizeof(ev),
04124681 9213 NULL);
a5c29683
JH		 9214}
9215
272d90df 9216int mgmt_user_passkey_request(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5 9217 u8 link_type, u8 addr_type)
604086b7
BG		 9218{
9219 struct mgmt_ev_user_passkey_request ev;
9220
181d6953 9221 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
604086b7 9222
272d90df 9223 bacpy(&ev.addr.bdaddr, bdaddr);
57c1477c 9224 ev.addr.type = link_to_bdaddr(link_type, addr_type);
604086b7
BG		 9225
9226 return mgmt_event(MGMT_EV_USER_PASSKEY_REQUEST, hdev, &ev, sizeof(ev),
04124681 9227 NULL);
604086b7
BG		 9228}
9229
0df4c185 9230static int user_pairing_resp_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
8ce8e2b5
GP		 9231 u8 link_type, u8 addr_type, u8 status,
9232 u8 opcode)
a5c29683 9233{
3b0602cd 9234 struct mgmt_pending_cmd *cmd;
a5c29683 9235
333ae95d 9236 cmd = pending_find(opcode, hdev);
a5c29683
JH		 9237 if (!cmd)
9238 return -ENOENT;
9239
7776d1d8 9240 cmd->cmd_complete(cmd, mgmt_status(status));
a664b5bc 9241 mgmt_pending_remove(cmd);
a5c29683 9242
7776d1d8 9243 return 0;
a5c29683
JH		 9244}
9245
744cf19e 9246int mgmt_user_confirm_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9247 u8 link_type, u8 addr_type, u8 status)
a5c29683 9248{
272d90df 9249 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 9250 status, MGMT_OP_USER_CONFIRM_REPLY);
a5c29683
JH		 9251}
9252
272d90df 9253int mgmt_user_confirm_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9254 u8 link_type, u8 addr_type, u8 status)
a5c29683 9255{
272d90df 9256 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 9257 status,
9258 MGMT_OP_USER_CONFIRM_NEG_REPLY);
a5c29683 9259}
2a611692 9260
604086b7 9261int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9262 u8 link_type, u8 addr_type, u8 status)
604086b7 9263{
272d90df 9264 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
04124681 9265 status, MGMT_OP_USER_PASSKEY_REPLY);
604086b7
BG		 9266}
9267
272d90df 9268int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
04124681 9269 u8 link_type, u8 addr_type, u8 status)
604086b7 9270{
272d90df 9271 return user_pairing_resp_complete(hdev, bdaddr, link_type, addr_type,
8fc9ced3
GP		 9272 status,
9273 MGMT_OP_USER_PASSKEY_NEG_REPLY);
604086b7
BG		 9274}
9275
92a25256
JH		 9276int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
9277 u8 link_type, u8 addr_type, u32 passkey,
9278 u8 entered)
9279{
9280 struct mgmt_ev_passkey_notify ev;
9281
181d6953 9282 bt_dev_dbg(hdev, "bdaddr %pMR", bdaddr);
92a25256
JH		 9283
9284 bacpy(&ev.addr.bdaddr, bdaddr);
9285 ev.addr.type = link_to_bdaddr(link_type, addr_type);
9286 ev.passkey = __cpu_to_le32(passkey);
9287 ev.entered = entered;
9288
9289 return mgmt_event(MGMT_EV_PASSKEY_NOTIFY, hdev, &ev, sizeof(ev), NULL);
9290}
9291
e1e930f5 9292void mgmt_auth_failed(struct hci_conn *conn, u8 hci_status)
2a611692
JH		 9293{
9294 struct mgmt_ev_auth_failed ev;
3b0602cd 9295 struct mgmt_pending_cmd *cmd;
e1e930f5 9296 u8 status = mgmt_status(hci_status);
2a611692 9297
e1e930f5
JH		 9298 bacpy(&ev.addr.bdaddr, &conn->dst);
9299 ev.addr.type = link_to_bdaddr(conn->type, conn->dst_type);
9300 ev.status = status;
2a611692 9301
e1e930f5
JH		 9302 cmd = find_pairing(conn);
9303
9304 mgmt_event(MGMT_EV_AUTH_FAILED, conn->hdev, &ev, sizeof(ev),
9305 cmd ? cmd->sk : NULL);
9306
a511b35b
JH		 9307 if (cmd) {
9308 cmd->cmd_complete(cmd, status);
9309 mgmt_pending_remove(cmd);
9310 }
2a611692 9311}
b312b161 9312
464996ae 9313void mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status)
33ef95ed
JH		 9314{
9315 struct cmd_lookup match = { NULL, hdev };
464996ae 9316 bool changed;
33ef95ed
JH		 9317
9318 if (status) {
9319 u8 mgmt_err = mgmt_status(status);
9320 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev,
04124681 9321 cmd_status_rsp, &mgmt_err);
464996ae 9322 return;
33ef95ed
JH		 9323 }
9324
464996ae 9325 if (test_bit(HCI_AUTH, &hdev->flags))
238be788 9326 changed = !hci_dev_test_and_set_flag(hdev, HCI_LINK_SECURITY);
464996ae 9327 else
a69d8927 9328 changed = hci_dev_test_and_clear_flag(hdev, HCI_LINK_SECURITY);
47990ea0 9329
33ef95ed 9330 mgmt_pending_foreach(MGMT_OP_SET_LINK_SECURITY, hdev, settings_rsp,
04124681 9331 &match);
33ef95ed 9332
47990ea0 9333 if (changed)
464996ae 9334 new_settings(hdev, match.sk);
33ef95ed
JH		 9335
9336 if (match.sk)
9337 sock_put(match.sk);
33ef95ed
JH		 9338}
9339
890ea898 9340static void clear_eir(struct hci_request *req)
cacaf52f 9341{
890ea898 9342 struct hci_dev *hdev = req->hdev;
cacaf52f
JH		 9343 struct hci_cp_write_eir cp;
9344
976eb20e 9345 if (!lmp_ext_inq_capable(hdev))
890ea898 9346 return;
cacaf52f 9347
c80da27e
JH		 9348 memset(hdev->eir, 0, sizeof(hdev->eir));
9349
cacaf52f
JH		 9350 memset(&cp, 0, sizeof(cp));
9351
890ea898 9352 hci_req_add(req, HCI_OP_WRITE_EIR, sizeof(cp), &cp);
cacaf52f
JH		 9353}
9354
3e248560 9355void mgmt_ssp_enable_complete(struct hci_dev *hdev, u8 enable, u8 status)
ed2c4ee3
JH		 9356{
9357 struct cmd_lookup match = { NULL, hdev };
890ea898 9358 struct hci_request req;
c0ecddc2 9359 bool changed = false;
ed2c4ee3
JH		 9360
9361 if (status) {
9362 u8 mgmt_err = mgmt_status(status);
c0ecddc2 9363
a69d8927
MH		 9364 if (enable && hci_dev_test_and_clear_flag(hdev,
9365 HCI_SSP_ENABLED)) {
a358dc11 9366 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
3e248560 9367 new_settings(hdev, NULL);
9ecb3e24 9368 }
c0ecddc2 9369
04124681
GP		 9370 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, cmd_status_rsp,
9371 &mgmt_err);
3e248560 9372 return;
c0ecddc2
JH		 9373 }
9374
9375 if (enable) {
238be788 9376 changed = !hci_dev_test_and_set_flag(hdev, HCI_SSP_ENABLED);
c0ecddc2 9377 } else {
a69d8927 9378 changed = hci_dev_test_and_clear_flag(hdev, HCI_SSP_ENABLED);
9ecb3e24 9379 if (!changed)
a69d8927
MH		 9380 changed = hci_dev_test_and_clear_flag(hdev,
9381 HCI_HS_ENABLED);
9ecb3e24 9382 else
a358dc11 9383 hci_dev_clear_flag(hdev, HCI_HS_ENABLED);
ed2c4ee3
JH		 9384 }
9385
9386 mgmt_pending_foreach(MGMT_OP_SET_SSP, hdev, settings_rsp, &match);
9387
c0ecddc2 9388 if (changed)
3e248560 9389 new_settings(hdev, match.sk);
ed2c4ee3 9390
5fc6ebb1 9391 if (match.sk)
ed2c4ee3
JH		 9392 sock_put(match.sk);
9393
890ea898
JH		 9394 hci_req_init(&req, hdev);
9395
d7a5a11d
MH		 9396 if (hci_dev_test_flag(hdev, HCI_SSP_ENABLED)) {
9397 if (hci_dev_test_flag(hdev, HCI_USE_DEBUG_KEYS))
3769972b
JH		 9398 hci_req_add(&req, HCI_OP_WRITE_SSP_DEBUG_MODE,
9399 sizeof(enable), &enable);
b1a8917c 9400 __hci_req_update_eir(&req);
3769972b 9401 } else {
890ea898 9402 clear_eir(&req);
3769972b 9403 }
890ea898
JH		 9404
9405 hci_req_run(&req, NULL);
ed2c4ee3
JH		 9406}
9407
3b0602cd 9408static void sk_lookup(struct mgmt_pending_cmd *cmd, void *data)
90e70454
JH		 9409{
9410 struct cmd_lookup *match = data;
9411
90e70454
JH		 9412 if (match->sk == NULL) {
9413 match->sk = cmd->sk;
9414 sock_hold(match->sk);
9415 }
90e70454
JH		 9416}
9417
4e1b0245
MH		 9418void mgmt_set_class_of_dev_complete(struct hci_dev *hdev, u8 *dev_class,
9419 u8 status)
7f9a903c 9420{
90e70454 9421 struct cmd_lookup match = { NULL, hdev, mgmt_status(status) };
7f9a903c 9422
92da6097
JH		 9423 mgmt_pending_foreach(MGMT_OP_SET_DEV_CLASS, hdev, sk_lookup, &match);
9424 mgmt_pending_foreach(MGMT_OP_ADD_UUID, hdev, sk_lookup, &match);
9425 mgmt_pending_foreach(MGMT_OP_REMOVE_UUID, hdev, sk_lookup, &match);
90e70454 9426
321c6fee 9427 if (!status) {
5504c3a3
MH		 9428 mgmt_limited_event(MGMT_EV_CLASS_OF_DEV_CHANGED, hdev, dev_class,
9429 3, HCI_MGMT_DEV_CLASS_EVENTS, NULL);
321c6fee
MH		 9430 ext_info_changed(hdev, NULL);
9431 }
90e70454
JH		 9432
9433 if (match.sk)
9434 sock_put(match.sk);
7f9a903c
MH		 9435}
9436
7667da34 9437void mgmt_set_local_name_complete(struct hci_dev *hdev, u8 *name, u8 status)
b312b161 9438{
b312b161 9439 struct mgmt_cp_set_local_name ev;
3b0602cd 9440 struct mgmt_pending_cmd *cmd;
28cc7bde 9441
13928971 9442 if (status)
7667da34 9443 return;
b312b161
JH		 9444
9445 memset(&ev, 0, sizeof(ev));
9446 memcpy(ev.name, name, HCI_MAX_NAME_LENGTH);
28cc7bde 9447 memcpy(ev.short_name, hdev->short_name, HCI_MAX_SHORT_NAME_LENGTH);
b312b161 9448
333ae95d 9449 cmd = pending_find(MGMT_OP_SET_LOCAL_NAME, hdev);
13928971
JH		 9450 if (!cmd) {
9451 memcpy(hdev->dev_name, name, sizeof(hdev->dev_name));
28cc7bde 9452
13928971
JH		 9453 /* If this is a HCI command related to powering on the
9454 * HCI dev don't send any mgmt signals.
9455 */
333ae95d 9456 if (pending_find(MGMT_OP_SET_POWERED, hdev))
7667da34 9457 return;
890ea898 9458 }
b312b161 9459
5504c3a3
MH		 9460 mgmt_limited_event(MGMT_EV_LOCAL_NAME_CHANGED, hdev, &ev, sizeof(ev),
9461 HCI_MGMT_LOCAL_NAME_EVENTS, cmd ? cmd->sk : NULL);
321c6fee 9462 ext_info_changed(hdev, cmd ? cmd->sk : NULL);
b312b161 9463}
c35938b2 9464
799ce93d
JP		 9465static inline bool has_uuid(u8 *uuid, u16 uuid_count, u8 (*uuids)[16])
9466{
9467 int i;
9468
9469 for (i = 0; i < uuid_count; i++) {
9470 if (!memcmp(uuid, uuids[i], 16))
9471 return true;
9472 }
9473
9474 return false;
9475}
9476
b487b9ce
MH		 9477static bool eir_has_uuids(u8 *eir, u16 eir_len, u16 uuid_count, u8 (*uuids)[16])
9478{
799ce93d
JP		 9479 u16 parsed = 0;
9480
9481 while (parsed < eir_len) {
9482 u8 field_len = eir[0];
9483 u8 uuid[16];
9484 int i;
9485
9486 if (field_len == 0)
9487 break;
9488
9489 if (eir_len - parsed < field_len + 1)
9490 break;
9491
9492 switch (eir[1]) {
9493 case EIR_UUID16_ALL:
9494 case EIR_UUID16_SOME:
9495 for (i = 0; i + 3 <= field_len; i += 2) {
189f6ad2 9496 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 9497 uuid[13] = eir[i + 3];
9498 uuid[12] = eir[i + 2];
9499 if (has_uuid(uuid, uuid_count, uuids))
9500 return true;
9501 }
9502 break;
9503 case EIR_UUID32_ALL:
9504 case EIR_UUID32_SOME:
9505 for (i = 0; i + 5 <= field_len; i += 4) {
189f6ad2 9506 memcpy(uuid, bluetooth_base_uuid, 16);
799ce93d
JP		 9507 uuid[15] = eir[i + 5];
9508 uuid[14] = eir[i + 4];
9509 uuid[13] = eir[i + 3];
9510 uuid[12] = eir[i + 2];
9511 if (has_uuid(uuid, uuid_count, uuids))
9512 return true;
9513 }
9514 break;
9515 case EIR_UUID128_ALL:
9516 case EIR_UUID128_SOME:
9517 for (i = 0; i + 17 <= field_len; i += 16) {
9518 memcpy(uuid, eir + i + 2, 16);
9519 if (has_uuid(uuid, uuid_count, uuids))
9520 return true;
9521 }
9522 break;
9523 }
9524
9525 parsed += field_len + 1;
9526 eir += field_len + 1;
9527 }
9528
b487b9ce
MH		 9529 return false;
9530}
9531
4b0e0ced
JP		 9532static void restart_le_scan(struct hci_dev *hdev)
9533{
9534 /* If controller is not scanning we are done. */
d7a5a11d 9535 if (!hci_dev_test_flag(hdev, HCI_LE_SCAN))
4b0e0ced
JP		 9536 return;
9537
9538 if (time_after(jiffies + DISCOV_LE_RESTART_DELAY,
9539 hdev->discovery.scan_start +
9540 hdev->discovery.scan_duration))
9541 return;
9542
7c1fbed2 9543 queue_delayed_work(hdev->req_workqueue, &hdev->le_scan_restart,
4b0e0ced
JP		 9544 DISCOV_LE_RESTART_DELAY);
9545}
9546
48f86b7f
JP		 9547static bool is_filter_match(struct hci_dev *hdev, s8 rssi, u8 *eir,
9548 u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
e17acd40 9549{
48f86b7f
JP		 9550 /* If a RSSI threshold has been specified, and
9551 * HCI_QUIRK_STRICT_DUPLICATE_FILTER is not set, then all results with
9552 * a RSSI smaller than the RSSI threshold will be dropped. If the quirk
9553 * is set, let it through for further processing, as we might need to
9554 * restart the scan.
efb2513f
MH		 9555 *
9556 * For BR/EDR devices (pre 1.2) providing no RSSI during inquiry,
9557 * the results are also dropped.
bda157a4
MH		 9558 */
9559 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
4b0e0ced
JP		 9560 (rssi == HCI_RSSI_INVALID ||
9561 (rssi < hdev->discovery.rssi &&
9562 !test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks))))
48f86b7f 9563 return false;
efb2513f 9564
2976cdeb
JP		 9565 if (hdev->discovery.uuid_count != 0) {
9566 /* If a list of UUIDs is provided in filter, results with no
9567 * matching UUID should be dropped.
b487b9ce 9568 */
2976cdeb
JP		 9569 if (!eir_has_uuids(eir, eir_len, hdev->discovery.uuid_count,
9570 hdev->discovery.uuids) &&
9571 !eir_has_uuids(scan_rsp, scan_rsp_len,
9572 hdev->discovery.uuid_count,
9573 hdev->discovery.uuids))
9574 return false;
b487b9ce 9575 }
5d2e9fad 9576
2976cdeb
JP		 9577 /* If duplicate filtering does not report RSSI changes, then restart
9578 * scanning to ensure updated result with updated RSSI values.
4b0e0ced 9579 */
2976cdeb
JP		 9580 if (test_bit(HCI_QUIRK_STRICT_DUPLICATE_FILTER, &hdev->quirks)) {
9581 restart_le_scan(hdev);
9582
9583 /* Validate RSSI value against the RSSI threshold once more. */
9584 if (hdev->discovery.rssi != HCI_RSSI_INVALID &&
9585 rssi < hdev->discovery.rssi)
9586 return false;
9587 }
48f86b7f
JP		 9588
9589 return true;
9590}
9591
9592void mgmt_device_found(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9593 u8 addr_type, u8 *dev_class, s8 rssi, u32 flags,
9594 u8 *eir, u16 eir_len, u8 *scan_rsp, u8 scan_rsp_len)
9595{
9596 char buf[512];
9597 struct mgmt_ev_device_found *ev = (void *)buf;
9598 size_t ev_size;
9599
9600 /* Don't send events for a non-kernel initiated discovery. With
9601 * LE one exception is if we have pend_le_reports > 0 in which
9602 * case we're doing passive scanning and want these events.
9603 */
9604 if (!hci_discovery_active(hdev)) {
9605 if (link_type == ACL_LINK)
9606 return;
8208f5a9
MC		 9607 if (link_type == LE_LINK &&
9608 list_empty(&hdev->pend_le_reports) &&
9609 !hci_is_adv_monitoring(hdev)) {
48f86b7f 9610 return;
8208f5a9 9611 }
48f86b7f
JP		 9612 }
9613
82f8b651 9614 if (hdev->discovery.result_filtering) {
48f86b7f
JP		 9615 /* We are using service discovery */
9616 if (!is_filter_match(hdev, rssi, eir, eir_len, scan_rsp,
9617 scan_rsp_len))
9618 return;
9619 }
9620
78b781ca
JH		 9621 if (hdev->discovery.limited) {
9622 /* Check for limited discoverable bit */
9623 if (dev_class) {
9624 if (!(dev_class[1] & 0x20))
9625 return;
9626 } else {
9627 u8 *flags = eir_get_data(eir, eir_len, EIR_FLAGS, NULL);
9628 if (!flags || !(flags[0] & LE_AD_LIMITED))
9629 return;
9630 }
9631 }
9632
48f86b7f
JP		 9633 /* Make sure that the buffer is big enough. The 5 extra bytes
9634 * are for the potential CoD field.
9635 */
9636 if (sizeof(*ev) + eir_len + scan_rsp_len + 5 > sizeof(buf))
4b0e0ced
JP		 9637 return;
9638
48f86b7f
JP		 9639 memset(buf, 0, sizeof(buf));
9640
9641 /* In case of device discovery with BR/EDR devices (pre 1.2), the
9642 * RSSI value was reported as 0 when not available. This behavior
9643 * is kept when using device discovery. This is required for full
9644 * backwards compatibility with the API.
9645 *
9646 * However when using service discovery, the value 127 will be
9647 * returned when the RSSI is not available.
9648 */
9649 if (rssi == HCI_RSSI_INVALID && !hdev->discovery.report_invalid_rssi &&
9650 link_type == ACL_LINK)
9651 rssi = 0;
9652
9653 bacpy(&ev->addr.bdaddr, bdaddr);
9654 ev->addr.type = link_to_bdaddr(link_type, addr_type);
9655 ev->rssi = rssi;
9656 ev->flags = cpu_to_le32(flags);
9657
9658 if (eir_len > 0)
9659 /* Copy EIR or advertising data into event */
9660 memcpy(ev->eir, eir, eir_len);
9661
0d3b7f64
JH		 9662 if (dev_class && !eir_get_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9663 NULL))
48f86b7f
JP		 9664 eir_len = eir_append_data(ev->eir, eir_len, EIR_CLASS_OF_DEV,
9665 dev_class, 3);
9666
9667 if (scan_rsp_len > 0)
9668 /* Append scan response data to event */
9669 memcpy(ev->eir + eir_len, scan_rsp, scan_rsp_len);
9670
5d2e9fad
JH		 9671 ev->eir_len = cpu_to_le16(eir_len + scan_rsp_len);
9672 ev_size = sizeof(*ev) + eir_len + scan_rsp_len;
f8523598 9673
901801b9 9674 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, ev_size, NULL);
e17acd40 9675}
a88a9652 9676
9cf12aee
MH		 9677void mgmt_remote_name(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
9678 u8 addr_type, s8 rssi, u8 *name, u8 name_len)
a88a9652 9679{
b644ba33
JH		 9680 struct mgmt_ev_device_found *ev;
9681 char buf[sizeof(*ev) + HCI_MAX_NAME_LENGTH + 2];
9682 u16 eir_len;
a88a9652 9683
b644ba33 9684 ev = (struct mgmt_ev_device_found *) buf;
a88a9652 9685
b644ba33
JH		 9686 memset(buf, 0, sizeof(buf));
9687
9688 bacpy(&ev->addr.bdaddr, bdaddr);
57c1477c 9689 ev->addr.type = link_to_bdaddr(link_type, addr_type);
b644ba33
JH		 9690 ev->rssi = rssi;
9691
9692 eir_len = eir_append_data(ev->eir, 0, EIR_NAME_COMPLETE, name,
04124681 9693 name_len);
b644ba33 9694
eb55ef07 9695 ev->eir_len = cpu_to_le16(eir_len);
a88a9652 9696
9cf12aee 9697 mgmt_event(MGMT_EV_DEVICE_FOUND, hdev, ev, sizeof(*ev) + eir_len, NULL);
a88a9652 9698}
314b2381 9699
2f1e063b 9700void mgmt_discovering(struct hci_dev *hdev, u8 discovering)
314b2381 9701{
f963e8e9 9702 struct mgmt_ev_discovering ev;
164a6e78 9703
181d6953 9704 bt_dev_dbg(hdev, "discovering %u", discovering);
343fb145 9705
f963e8e9
JH		 9706 memset(&ev, 0, sizeof(ev));
9707 ev.type = hdev->discovery.type;
9708 ev.discovering = discovering;
9709
2f1e063b 9710 mgmt_event(MGMT_EV_DISCOVERING, hdev, &ev, sizeof(ev), NULL);
314b2381 9711}
5e762444 9712
346ce5b7
APS		 9713void mgmt_suspending(struct hci_dev *hdev, u8 state)
9714{
9715 struct mgmt_ev_controller_suspend ev;
9716
9717 ev.suspend_state = state;
9718 mgmt_event(MGMT_EV_CONTROLLER_SUSPEND, hdev, &ev, sizeof(ev), NULL);
9719}
9720
9721void mgmt_resuming(struct hci_dev *hdev, u8 reason, bdaddr_t *bdaddr,
9722 u8 addr_type)
9723{
9724 struct mgmt_ev_controller_resume ev;
9725
9726 ev.wake_reason = reason;
9727 if (bdaddr) {
9728 bacpy(&ev.addr.bdaddr, bdaddr);
9729 ev.addr.type = addr_type;
9730 } else {
9731 memset(&ev.addr, 0, sizeof(ev.addr));
9732 }
9733
9734 mgmt_event(MGMT_EV_CONTROLLER_RESUME, hdev, &ev, sizeof(ev), NULL);
9735}
9736
6d785aa3
JH		 9737static struct hci_mgmt_chan chan = {
9738 .channel = HCI_CHANNEL_CONTROL,
9739 .handler_count = ARRAY_SIZE(mgmt_handlers),
9740 .handlers = mgmt_handlers,
88b94ce9 9741 .hdev_init = mgmt_init_hdev,
6d785aa3
JH		 9742};
9743
9744int mgmt_init(void)
9745{
9746 return hci_mgmt_chan_register(&chan);
9747}
9748
9749void mgmt_exit(void)
9750{
9751 hci_mgmt_chan_unregister(&chan);
9752}
Linux 6.x block layer and io_uring tree(s)